[unit-tests][build-system][docs] remove references to ZRTP.
EndProject\r
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_gsmopen", "src\mod\endpoints\mod_gsmopen\mod_gsmopen.2017.vcxproj", "{74B120FF-6935-4DFE-A142-CDB6BEA99C90}"\r
EndProject\r
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libzrtp", "libs\libzrtp\projects\win\libzrtp.2017.vcxproj", "{C13CC324-0032-4492-9A30-310A6BD64FF5}"\r
-EndProject\r
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_redis", "src\mod\applications\mod_redis\mod_redis.2017.vcxproj", "{886B5E9D-F2C2-4AF2-98C8-EF98C4C770E6}"\r
EndProject\r
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libjpeg", "libs\win32\libjpeg\libjpeg.2017.vcxproj", "{019DBD2A-273D-4BA4-BF86-B5EFE2ED76B1}"\r
{74B120FF-6935-4DFE-A142-CDB6BEA99C90}.Release|Win32.Build.0 = Release|Win32\r
{74B120FF-6935-4DFE-A142-CDB6BEA99C90}.Release|x64.ActiveCfg = Release|x64\r
{74B120FF-6935-4DFE-A142-CDB6BEA99C90}.Release|x64.Build.0 = Release|x64\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.All|Win32.ActiveCfg = Release|Win32\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.All|Win32.Build.0 = Release|Win32\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.All|x64.ActiveCfg = Release|Win32\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Debug|Win32.ActiveCfg = Debug|Win32\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Debug|Win32.Build.0 = Debug|Win32\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Debug|x64.ActiveCfg = Debug|x64\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Debug|x64.Build.0 = Debug|x64\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Release|Win32.ActiveCfg = Release|Win32\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Release|Win32.Build.0 = Release|Win32\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Release|x64.ActiveCfg = Release|x64\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5}.Release|x64.Build.0 = Release|x64\r
{886B5E9D-F2C2-4AF2-98C8-EF98C4C770E6}.All|Win32.ActiveCfg = Release|x64\r
{886B5E9D-F2C2-4AF2-98C8-EF98C4C770E6}.All|x64.ActiveCfg = Release|x64\r
{886B5E9D-F2C2-4AF2-98C8-EF98C4C770E6}.All|x64.Build.0 = Release|x64\r
{9DE35039-A8F6-4FBF-B1B6-EB527F802411} = {EB910B0D-F27D-4B62-B67B-DE834C99AC5B}\r
{26C82FCE-E0CF-4D10-A00C-D8E582FFEB53} = {EB910B0D-F27D-4B62-B67B-DE834C99AC5B}\r
{74B120FF-6935-4DFE-A142-CDB6BEA99C90} = {9460B5F1-0A95-41C4-BEB7-9C2C96459A7C}\r
- {C13CC324-0032-4492-9A30-310A6BD64FF5} = {EB910B0D-F27D-4B62-B67B-DE834C99AC5B}\r
{886B5E9D-F2C2-4AF2-98C8-EF98C4C770E6} = {E72B5BCB-6462-4D23-B419-3AF1A4AC3D78}\r
{019DBD2A-273D-4BA4-BF86-B5EFE2ED76B1} = {EB910B0D-F27D-4B62-B67B-DE834C99AC5B}\r
{D2396DD7-7D38-473A-ABB7-6F96D65AE1B9} = {9DE35039-A8F6-4FBF-B1B6-EB527F802411}\r
Files: libs/broadvoice/autogen.sh
License: GPL-2
-Files: libs/libzrtp/*
-Copyright: 2006-2012 Philip R. Zimmermann.
- 1993-2005 Colin Plumb
- 1998-2006, Dr Brian Gladman, Worcester, UK.
- 2002, Bryce "Zooko" Wilcox-O'Hearn
- 2010 Soft Industry
-License: AGPL-3 or MPL-1.1
-
-Files: libs/libzrtp/test/cmockery/cmockery.c
-Copyright: 2008 Google Inc
-License: Apache-2.0
-
-Files: libs/libzrtp/third_party/bnlib/legal.c
- libs/libzrtp/third_party/bnlib/*
-Copyright: 1993-2005 Colin Plumb
-License: GPL-2 or GPL-3 or MPL-1.1
-
-Files: libs/libzrtp/third_party/bnlib/test/md5.c
-Copyright: 1995 Abandoned Colin Plumb
-License: public-domain
-
Files: libs/win32/sqlite/sqlite3.[ch]
libs/win32/sqlite/parse.c
Copyright: 2006 Abandoned D. Richard Hipp <drh@hwaci.com>
libfreeswitch_la_LDFLAGS += $(ODBC_LIB_FLAGS)
endif
-if ENABLE_ZRTP
-CORE_CFLAGS += -I$(switch_srcdir)/libs/libzrtp/third_party/bgaes
-CORE_CFLAGS += -I$(switch_srcdir)/libs/libzrtp/third_party/bnlib
-CORE_CFLAGS += -isystem $(switch_srcdir)/libs/libzrtp/include
-ZRTP_LDFLAGS = -L$(switch_srcdir)/libs/libzrtp/third_party/bnlib
-ZRTP_LDFLAGS += -L$(switch_srcdir)/libs/libzrtp
-ZRTP_LIBS = -lbn -lzrtp
-libfreeswitch_la_LDFLAGS += $(ZRTP_LDFLAGS)
-libfreeswitch_la_LIBADD += $(ZRTP_LIBS)
-CORE_LIBS += libs/libzrtp/libzrtp.a
-LIBS += libs/libzrtp/third_party/bnlib/libbn.a
-endif
-
library_includetestdir = $(includedir)/test
library_includetest_HEADERS = \
src/include/test/switch_fct.h \
libs/libedit/src/.libs/libedit.a:
cd libs/libedit && $(MAKE)
-libs/libzrtp/libzrtp.a:
- cd libs/libzrtp && $(MAKE)
-
libs/libvpx/Makefile: libs/libvpx/.update
cd libs/libvpx && CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS) $(VISIBILITY_FLAG)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --size-limit=16384x16384
VERBOSE=false
BASEDIR=`pwd`;
LIBDIR=${BASEDIR}/libs;
-SUBDIRS="apr libzrtp iksemel srtp fs";
+SUBDIRS="apr iksemel srtp fs";
while getopts 'jhd:v' o; do
case "$o" in
}
-bootstrap_libzrtp() {
- (cd ${LIBDIR}/libzrtp && ./bootstrap.sh)
-}
-
# Libs automake automation function
libbootstrap() {
i=$1
bootstrap_libs() {
for i in ${SUBDIRS}; do
case "$i" in
- apr|fs|libzrtp)
+ apr|fs)
${BGJOB} && wait
bootstrap_$i
continue
+++ /dev/null
-#!/bin/sh
-tar zxf libzrtp-0.81.514.tar.gz
-cd libzrtp-0.81.514
-patch -p1 < ../patches/zrtp_bnlib_pic.diff
-cd projects/gnu/
-./configure CFLAGS="-fPIC"
-make
-make install
<param name="auth-calls" value="false"/>
<param name="rtp-timeout-sec" value="1800"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<!-- <param name="rtp-start-port" value="16384"/> -->
<!-- <param name="rtp-end-port" value="32768"/> -->
- <param name="rtp-enable-zrtp" value="true"/>
-
<!--
Native PostgreSQL support was removed from the FreeSWITCH Core!
=================================
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="$${external_auth_calls}"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
<X-PRE-PROCESS cmd="set" data="use_profile=external"/>
- <!--
- Enable ZRTP globally you can override this on a per channel basis
-
- http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
- -->
- <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
-
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=PCMU,PCMA"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMU,PCMA"/>
<param name="auth-calls" value="false"/>
<param name="rtp-timeout-sec" value="1800"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<!-- Test each port to make sure it is not in use by some other process before allocating it to RTP -->
<!-- <param name="rtp-port-usage-robustness" value="true"/> -->
- <param name="rtp-enable-zrtp" value="true"/>
-
<!--
Native PostgreSQL support was removed from the FreeSWITCH Core!
=================================
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
<X-PRE-PROCESS cmd="set" data="use_profile=external"/>
<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
- <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,G722,PCMU,PCMA,VP8,H264,H263,H263-1998,G7221@32000h"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,G722,PCMU,PCMA,VP8,H264,H263,H263-1998,G7221@32000h"/>
<X-PRE-PROCESS cmd="set" data="outbound_caller_name=FreeSWITCH"/>
<!-- Test each port to make sure it is not in use by some other process before allocating it to RTP -->
<!-- <param name="rtp-port-usage-robustness" value="true"/> -->
- <param name="rtp-enable-zrtp" value="false"/>
-
<!--
Store encryption keys for secure media in channel variables and call CDRs. Default: false.
WARNING: If true, anyone with CDR access can decrypt secure media!
This will take the SAS from the b-leg and send it to the display on the a-leg phone.
Known working with Polycom and Snom maybe others.
-->
- <!--
- <action application="set" data="exec_after_bridge_app=${sched_api(+4 zrtp expand uuid_display ${uuid} \${uuid_getvar(\${uuid_getvar(${uuid} signal_bond)} zrtp_sas1_string )} \${uuid_getvar(\${uuid_getvar(${uuid} signal_bond)} zrtp_sas2_string )} )}"/>
- <action application="export" data="nolocal:zrtp_secure_media=true"/>
- -->
<action application="bridge" data="sofia/${use_profile}/$1@conference.freeswitch.org"/>
</condition>
</extension>
</condition>
</extension>
- <!-- install zrtp_agent.lua into scripts (ZRTP == 9787) -->
- <extension name="zrtp_enrollement">
- <condition field="destination_number" expression="^9787$">
- <action application="lua" data="zrtp_agent.lua"/>
- </condition>
- </extension>
-
<!--
You will no longer hear the bong tone. The wav file is playing stating the call is secure.
The file will not play unless you have both TLS and SRTP active.
<action application="answer"/>
<action application="execute_extension" data="is_secure XML features"/>
<action application="playback" data="$${hold_music}"/>
- <anti-action application="set" data="zrtp_secure_media=true"/>
<anti-action application="answer"/>
<anti-action application="playback" data="silence_stream://2000"/>
- <anti-action application="execute_extension" data="is_zrtp_secure XML features"/>
<anti-action application="playback" data="$${hold_music}"/>
</condition>
</extension>
<action application="transfer" data="$1 XML default"/>
</condition>
</extension>
-
- <extension name="is_zrtp_secure" continue="true">
- <condition field="${zrtp_secure_media_confirmed}" expression="^true$">
- <action application="sleep" data="1000"/>
- <action application="playback" data="misc/call_secured.wav"/>
- <anti-action application="eval" data="not_secure"/>
- </condition>
- </extension>
-
+
<extension name="is_secure" continue="true">
<!-- Only Truly consider it secure if its TLS and SRTP -->
<condition field="${sip_via_protocol}" expression="tls"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2 lines for call authentication -->
<!-- <param name="accept-blind-reg" value="true"/> -->
storage_dir
cache_dir
core_uuid
- zrtp_enabled
nat_public_addr
nat_private_addr
nat_type
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
<X-PRE-PROCESS cmd="set" data="use_profile=external"/>
<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
- <!--
- Enable ZRTP globally you can override this on a per channel basis
-
- http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
- -->
- <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
<!--
NOTICE: When using SRTP it's critical that you do not offer or accept
variable bit rate codecs, doing so would leak information and possibly
AC_CHECK_LIB(openal, alcLoopbackOpenDeviceSOFT, [have_openal="yes"])
AM_CONDITIONAL([HAVE_OPENAL],[test "${have_openal}" = "yes"])
-AC_ARG_ENABLE(zrtp,
- [AS_HELP_STRING([--enable-zrtp], [Compile with zrtp Support])],,[enable_zrtp="no"])
-if test "x$enable_zrtp" = "xyes" ; then
- LIBS="-lpthread $LIBS"
- APR_ADDTO(SWITCH_AM_CFLAGS, -DENABLE_ZRTP)
-fi
-
PA_LIBS=
PKG_CHECK_MODULES(JACK, jack, have_jack=yes, have_jack=no)
AC_SUBST(PA_LIBS)
-AM_CONDITIONAL([ENABLE_ZRTP],[test "x$enable_zrtp" != "xno"])
-
AM_CONDITIONAL([WANT_DEBUG],[test "${enable_debug}" = "yes"])
AC_ARG_ENABLE(core-odbc-support,
AC_CONFIG_SUBDIRS([libs/apr])
fi
AC_CONFIG_SUBDIRS([libs/iksemel])
-if test "x${enable_zrtp}" = "xyes"; then
- AC_CONFIG_SUBDIRS([libs/libzrtp])
-fi
case $host in
*-openbsd*|*-netbsd*)
Files: libs/broadvoice/autogen.sh
License: GPL-2
-Files: libs/libzrtp/*
-Copyright: 2006-2012 Philip R. Zimmermann.
- 1993-2005 Colin Plumb
- 1998-2006, Dr Brian Gladman, Worcester, UK.
- 2002, Bryce "Zooko" Wilcox-O'Hearn
- 2010 Soft Industry
-License: AGPL-3 or MPL-1.1
-
-Files: libs/libzrtp/test/cmockery/cmockery.c
-Copyright: 2008 Google Inc
-License: Apache-2.0
-
-Files: libs/libzrtp/third_party/bnlib/legal.c
- libs/libzrtp/third_party/bnlib/*
-Copyright: 1993-2005 Colin Plumb
-License: GPL-2 or GPL-3 or MPL-1.1
-
-Files: libs/libzrtp/third_party/bnlib/test/md5.c
-Copyright: 1995 Abandoned Colin Plumb
-License: public-domain
-
Files: libs/win32/sqlite/sqlite3.[ch]
libs/win32/sqlite/parse.c
Copyright: 2006 Abandoned D. Richard Hipp <drh@hwaci.com>
-
Glob: libs/srtp/update.sh
Copyright: Ingate Systems AB
- -
- Glob: libs/libzrtp/third_party/bnlib/test/md5.c
- Matches: This\scode\sis\sin\sthe\spublic\sdomain;\sdo\swith\sit\swhat\syou\swish.
- Copyright: 1995 Abandoned Colin Plumb
- License: public-domain
-
Glob: src/g711.c
Matches: Copyright\s\(C\)\s2006\sSteve\sUnderwood
Glob: src/include/switch_cpp.h
Matches: Author[:]\sYossi\sNeiman\s<freeswitch@cartissolutions.com>,\s\(C\)\s2007////\sCopyright[:]
Copyright: 2007 Yossi Neiman <freeswitch@cartissolutions.com>
- -
- Glob: libs/libzrtp/*
- Matches: For\slicensing\sand\sother\slegal\sdetails,\ssee\sthe\sfile\szrtp_legal.c.
- License: AGPL-3 or MPL-1.1
- -
- Glob: libs/libzrtp/third_party/bnlib/*
- Matches: For\slicensing\sand\sother\slegal\sdetails,\ssee\sthe\sfile\slegal.c.
- License: GPL-2 or GPL-3 or MPL-1.1
- -
- Glob: libs/libzrtp/src/zrtp_legal.c
- Matches: As\sa\sspecial\sexception,\syou\smay\scombine\sthis\slibrary\swith\sthe\scode
- Matches: License\sVersion\s1.1\s\(MPLv1.1\).
- License: AGPL-3 or MPL-1.1
- -
- Glob: libs/libzrtp/third_party/bnlib/legal.c
- Matches: As\sa\sspecial\sexception,\syou\smay\scombine\sthis\slibrary\swith\sthe\scode
- Matches: License\sVersion\s1.1\s\(MPLv1.1\).
- License: GPL-2 or GPL-3 or MPL-1.1
- -
- Glob: libs/libzrtp/projects/symbian/DelayRuner.h
- Matches: Copyright\s+:\sCopyright\s\(c\)\s2010\sSoft\sIndustry
- Copyright: 2010 Soft Industry
-
Glob: libs/win32/sqlite/*.[ch]
Matches: The\sauthor\sdisclaims\scopyright\sto\sthis\ssource\scode.
--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
--prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-gnu-ld --with-python --with-python3 --with-erlang --with-openssl \
- --enable-core-odbc-support --enable-zrtp
+ --enable-core-odbc-support
touch $@
override_dh_auto_configure: .stamp-configure
<prompt phrase="Das ist eine ungültige Durchwahl." filename="invalid_extension.wav"/>
<prompt phrase="Englisch." filename="en.wav"/>
</misc>
- <zrtp>
- <!-- Event prompts -->
- <prompt phrase="Willkommen bei der Anmeldung zum Z R T P Sicherheits-System." filename="zrtp-enroll_welcome.wav"/>
- <prompt phrase="Sie müssen den Authentisierungs-String mit Ihrem Gesprächspartner vergleichen. Wenn er nicht übereinstimmt, ist dies ein Hinweis darauf, dass das Gespräch abgehört wird." filename="zrtp-check_sas.wav"/>
- <prompt phrase="Nur authentisierte Telefone können so konfiguriert werden, dass sie diesem System vertrauen bezüglich der Vermittlung von Verbindungen die mit Z R T P gesichert sind. Ihr Telefon ist nicht authentisiert, daher wird dieser Anruf nicht vermittelt." filename="zrtp-enroll_not_sip_registered.wav"/>
- <prompt phrase="Ihr Telefon signalisiert, dass es diesem System bereits vertraut bezüglich der Vermittlung von Verbindungen die mit Z R T P gesichert sind. Sie müssen deshalb nichts weiter tun." filename="zrtp-enroll_already_enrolled.wav"/>
- <prompt phrase="Nur Telefone, die das Z R T P Protokoll unterstützen, können diese Nebenstelle Nutzen. Ihr Telefon unterstützt Z R T P nicht, daher wird dieser Anruf nicht vermittelt." filename="zrtp-enroll_notzrtp.wav"/>
- <prompt phrase="Dieses System ist für die Verarbeitung von mit Z R T P verschlüsselten Telefonanrufen ausgestattet. Sie müssen entscheiden, ob Sie zulassen möchten, dass dieses System Ihre sicheren Telefonanrufe abfangen und möglicherweise überwachen kann. Sie können auflegen, nachdem Sie dies getan haben." filename="zrtp-enroll_confirmed.wav"/>
- <prompt phrase="Vergleichen Sie diesen Authentifizierungscode mit Ihrem Gesprächspartner, indem Sie sich diesen Code vorlesen." filename="zrtp-is_secure.wav"/>
- <prompt phrase="Der Authentifizierungscode ist derzeit nicht überprüft." filename="zrtp-is_unverified.wav"/>
- <prompt phrase="Der Authentifizierungscode ist jetzt überprüft." filename="zrtp-is_verified.wav"/>
- <prompt phrase="Vielen Dank für Ihren Anruf. Auf Wiedersehen." filename="zrtp-thankyou_goodbye.wav"/>
- <prompt phrase="Etwas stimmt nicht." filename="zrtp-somethings_wrong.wav"/>
- <prompt phrase="Fehler." filename="zrtp-status_error.wav"/>
- <prompt phrase="Verbindung ist nicht sicher." filename="zrtp-status_notsecure.wav"/>
- <prompt phrase="Verbindung ist sicher." filename="zrtp-status_secure.wav"/>
- <prompt phrase="Sichere die Verbindung." filename="zrtp-status_securing.wav"/>
- </zrtp>
</de>
</language>
<!--
<prompt phrase="woodlark" filename="woodlark.wav"/>
<prompt phrase="yesteryear" filename="yesteryear.wav"/>
</base256>
- <zrtp>
- <!-- Event prompts -->
- <prompt phrase="Welcome to the ZRTP security enrollment agent." filename="zrtp-enroll_welcome.wav"/>
- <prompt phrase="You must check the authentication string with your partner. If it doesn't match, it indicates the presence of a wire tapper." filename="zrtp-check_sas.wav"/>
- <prompt phrase="Only phones that are authenticated can be configured to trust this system to relay ZRTP secured calls. Your phone is not authenticated with this system, so this call will have no effect." filename="zrtp-enroll_not_sip_registered.wav"/>
- <prompt phrase="Your phone indicates that it already trusts this system to relay ZRTP secured calls, so you do not need to do anything more." filename="zrtp-enroll_already_enrolled.wav"/>
- <prompt phrase="Only phones equipped with the ZRTP protocol can use this extension. Your phone is not a ZRTP-enable phone, so this call will have no effect." filename="zrtp-enroll_notzrtp.wav"/>
- <prompt phrase="This system is equipped to handle ZRTP encrypted phone calls. You must decide if you want to allow this system to be in a position to intercept and possibly monitor your secure phone calls. You may hang up after you've done this." filename="zrtp-enroll_confirmed.wav"/>
- <prompt phrase="Verbally compare this authentication code with your partner." filename="zrtp-is_secure.wav"/>
- <prompt phrase="Authentication code is now unverified." filename="zrtp-is_unverified.wav"/>
- <prompt phrase="Authentication code is now verified." filename="zrtp-is_verified.wav"/>
- <prompt phrase="Thank you for calling. Goodbye." filename="zrtp-thankyou_goodbye.wav"/>
- <prompt phrase="Something's wrong" filename="zrtp-somethings_wrong.wav"/>
- <prompt phrase="Error." filename="zrtp-status_error.wav"/>
- <prompt phrase="Call is not secure." filename="zrtp-status_notsecure.wav"/>
- <prompt phrase="Call is secure." filename="zrtp-status_secure.wav"/>
- <prompt phrase="Securing call." filename="zrtp-status_securing.wav"/>
- </zrtp>
</en>
</language>
<!--
<prompt phrase="woodlark" filename="woodlark.wav"/>
<prompt phrase="yesteryear" filename="yesteryear.wav"/>
</base256>
- <zrtp>
- <!-- Event prompts -->
- <prompt phrase="Bienvenidos al servicio de inscripción ZRTP." filename="zrtp-enroll_welcome.wav"/>
- <prompt phrase="Usted debe verificar la cadena de caracteres con su destino. Si no coincide, indica la presencia de una escucha telefónica." filename="zrtp-check_sas.wav"/>
- <prompt phrase="Solo teléfonos autenticados pueden confiar en llamadas securizadas con ZRTP. Su teléfono no está autenticado con este sistema, por lo que esta llamada no estará securizada." filename="zrtp-enroll_not_sip_registered.wav"/>
- <prompt phrase="Su teléfono indica que confía en este sistema para realizar llamadas seguras con ZRTP, no necesita hacer nada más." filename="zrtp-enroll_already_enrolled.wav"/>
- <prompt phrase="Solo teléfonos soportando el protocolo ZRTP pueden usar esta extensión. Su teléfono no tiene ZRTP habilitado, por lo que esta llamada no estará securizada." filename="zrtp-enroll_notzrtp.wav"/>
- <prompt phrase="Este sistema está configurado para manejar llamadas cifradas con ZRTP. Decida si permite al sistema tener la posibilidad de interceptar o monitorizar su llamada. Puede colgar una vez confirmado." filename="zrtp-enroll_confirmed.wav"/>
- <prompt phrase="Compara verbalmente este código de autenticación con su destino." filename="zrtp-is_secure.wav"/>
- <prompt phrase="El código de autenticación no está verificado." filename="zrtp-is_unverified.wav"/>
- <prompt phrase="El código de autenticación está verificado." filename="zrtp-is_verified.wav"/>
- <prompt phrase="Gracias por llamar. Adiós." filename="zrtp-thankyou_goodbye.wav"/>
- <prompt phrase="Algún error ha ocurrido." filename="zrtp-somethings_wrong.wav"/>
- <prompt phrase="Error." filename="zrtp-status_error.wav"/>
- <prompt phrase="Esta llamada no está protegida." filename="zrtp-status_notsecure.wav"/>
- <prompt phrase="Esta llamada está protegida." filename="zrtp-status_secure.wav"/>
- <prompt phrase="Securizando su llamada." filename="zrtp-status_securing.wav"/>
- </zrtp>
</es_ES>
</language>
<prompt phrase="woodlark" filename="woodlark.wav"/>
<prompt phrase="yesteryear" filename="yesteryear.wav"/>
</base256>
- <zrtp>
- <!-- Event prompts -->
- <prompt phrase="Bienvenidos al servicio de inscripción ZRTP." filename="zrtp-enroll_welcome.wav"/>
- <prompt phrase="Usted debe verificar la cadena de caracteres con su destino. Si no coincide, indica la presencia de una escucha telefónica." filename="zrtp-check_sas.wav"/>
- <prompt phrase="Solo teléfonos autenticados pueden confiar en llamadas seguras con ZRTP. Su teléfono no está autenticado con este sistema, su llamada no estará securizada." filename="zrtp-enroll_not_sip_registered.wav"/>
- <prompt phrase="Su teléfono indica que confía en este sistema para realizar llamadas seguras con ZRTP, no necesita hacer nada más." filename="zrtp-enroll_already_enrolled.wav"/>
- <prompt phrase="Solo teléfonos soportando el protocolo ZRTP pueden usar esta extensión. Su teléfono no tiene ZRTP habilitado, y está llamada no será securizada." filename="zrtp-enroll_notzrtp.wav"/>
- <prompt phrase="Este sistema está configurado para manejar llamadas cifradas con ZRTP. Decida si permite al sistema tener la posibilidad de interceptar o monitorizar su llamada. Puede colgar una vez confirmado." filename="zrtp-enroll_confirmed.wav"/>
- <prompt phrase="Compara verbalmente este código de autenticación con su destino." filename="zrtp-is_secure.wav"/>
- <prompt phrase="El código de autenticación no está verificado." filename="zrtp-is_unverified.wav"/>
- <prompt phrase="El código de autenticación está verificado." filename="zrtp-is_verified.wav"/>
- <prompt phrase="Gracias por llamar. Adiós." filename="zrtp-thankyou_goodbye.wav"/>
- <prompt phrase="Algún error ha ocurrido." filename="zrtp-somethings_wrong.wav"/>
- <prompt phrase="Error." filename="zrtp-status_error.wav"/>
- <prompt phrase="Esta llamada no está protegida." filename="zrtp-status_notsecure.wav"/>
- <prompt phrase="Esta llamada está protegida." filename="zrtp-status_secure.wav"/>
- <prompt phrase="Securizando su llamada." filename="zrtp-status_securing.wav"/>
- </zrtp>
</es_MX>
</language>
<prompt phrase="woodlark" filename="woodlark.wav"/>
<prompt phrase="yesteryear" filename="yesteryear.wav"/>
</base256>
- <zrtp>
- <!-- Event prompts -->
- <prompt phrase="Bem-vindo ao agente de registro de segurança ZRTP." filename="zrtp-enroll_welcome.wav"/>
- <prompt phrase="Você deve verificar a autentificação com o seu destinatário. Se não coincidir, isso indica presença de um dispositivo de escuta telefonica." filename="zrtp-check_sas.wav"/>
- <prompt phrase="Somente aqueles telefones que estão autentificados podem ser configurados de maneira segura neste sistema para retransmitir as ligações em ZRTP. O seu telefone não está autentificado com este sistema, esta ligação não será realizada." filename="zrtp-enroll_not_sip_registered.wav"/>
- <prompt phrase="O seu telefone indica que é seguro este sistema para realizar ligações seguras em ZRTP, você não precisa fazer nada mais." filename="zrtp-enroll_already_enrolled.wav"/>
- <prompt phrase="Somente os telefones equipados com protocolo ZRTP podem usar este ramal. O seu telefone não esta configurado para ZRTP, esta ligação não sera completada." filename="zrtp-enroll_notzrtp.wav"/>
- <prompt phrase="Este sistema está configurado para realizar ligações telefónicas encriptadas em ZRTP. Você deve decidir se permitira que este sistema possa interceptar e monitorizar as suas ligações telefónicas seguras. Pode finalizar a ligação depois disso." filename="zrtp-enroll_confirmed.wav"/>
- <prompt phrase="Compare verbalmente este código de autentificação com o seu destinatário." filename="zrtp-is_secure.wav"/>
- <prompt phrase="O código de autentificação não foi verificado." filename="zrtp-is_unverified.wav"/>
- <prompt phrase="O código de autentificação foi verificado." filename="zrtp-is_verified.wav"/>
- <prompt phrase="Obrigado pela sua ligação. Até logo." filename="zrtp-thankyou_goodbye.wav"/>
- <prompt phrase="Algo falha." filename="zrtp-somethings_wrong.wav"/>
- <prompt phrase="Erro." filename="zrtp-status_error.wav"/>
- <prompt phrase="A ligação não e segura." filename="zrtp-status_notsecure.wav"/>
- <prompt phrase="A ligação é segura." filename="zrtp-status_secure.wav"/>
- <prompt phrase="Securizando a ligação." filename="zrtp-status_securing.wav"/>
- </zrtp>
</pt_BR>
</language>
<prompt phrase="woodlark" filename="woodlark.wav"/>
<prompt phrase="yesteryear" filename="yesteryear.wav"/>
</base256>
- <zrtp>
- <!-- Event prompts -->
- <prompt phrase="Bem-vindo ao agente de registo ZRTP." filename="zrtp-enroll_welcome.wav"/>
- <prompt phrase="Deve verificar a chave de autenticação com destinatário. Se não for igual, indica a presença de uma escuta." filename="zrtp-check_sas.wav"/>
- <prompt phrase="Apenas telefones que estão autenticados podem ser configurados para usarem este sistema de retransmissão ZRTP para chamadas com modo de segurança activo. Se o seu telefone não está autenticado com o sistema, esta chamada não terá qualquer efeito." filename="zrtp-enroll_not_sip_registered.wav"/>
- <prompt phrase="O seu telefone indica que já confia neste sistema de retransmissão ZRTP para chamadas com o modo de segurança activo, portanto você já não precisa de fazer mais nada." filename="zrtp-enroll_already_enrolled.wav"/>
- <prompt phrase="Apenas telefones equipados com o protocolo ZRTP podem usar esta extensão. O seu telefone não suporta ZRTP, portanto esta chamada não terá qualquer efeito." filename="zrtp-enroll_notzrtp.wav"/>
- <prompt phrase="Este sistema está preparado para suportar chamadas telefónicas encriptadas em ZRTP. Você deve determinar se deseja permitir que o sistema possa interceptar ou gravar as suas chamadas telefónicas com o modo de segurança activado. Você pode desligar após confirmar este comportamento." filename="zrtp-enroll_confirmed.wav"/>
- <prompt phrase="Comparando verbalmente o código desta autenticação com o destinatário." filename="zrtp-is_secure.wav"/>
- <prompt phrase="O código de autenticação não foi verificado." filename="zrtp-is_unverified.wav"/>
- <prompt phrase="O código de autenticação foi verificado." filename="zrtp-is_verified.wav"/>
- <prompt phrase="Obrigado por telefonar. Até breve." filename="zrtp-thankyou_goodbye.wav"/>
- <prompt phrase="Algo está errado" filename="zrtp-somethings_wrong.wav"/>
- <prompt phrase="Erro." filename="zrtp-status_error.wav"/>
- <prompt phrase="O modo de segurança não está activo na chamada." filename="zrtp-status_notsecure.wav"/>
- <prompt phrase="O modo de segurança está activo na chamada." filename="zrtp-status_secure.wav"/>
- <prompt phrase="Activando o modo de segurança na chamada." filename="zrtp-status_securing.wav"/>
- </zrtp>
</pt_PT>
</language>
<prompt phrase="woodlark" filename="woodlark.wav"/>\r
<prompt phrase="yesteryear" filename="yesteryear.wav"/>\r
</base256>
- <zrtp>
- <!-- Event prompts -->\r
- <prompt phrase="Добро пожаловать в агента регистрации шифрования ZRTP" filename="zrtp-enroll_welcome.wav"/>\r
- <!-- Welcome to the ZRTP security enrollment agent. -->
- <prompt phrase="Вы должны выбрать строку аутентификации с партнером по разговору, Если она не совпадет, система сообщит Вам разрывом линии." filename="zrtp-check_sas.wav"/>\r
- <!-- You must check the authentication string with your partner. If it doesn't match, it indicates the presence of a wire tapper. -->
- <prompt phrase="Только телефоны, прошедшие аутентификацию, могут быть сконфигурированы для доверия системе для обеспечения ZRTP шифрованных звонков, так что такой звонок не даст эффекта." filename="zrtp-enroll_not_sip_registered.wav"/>\r
- <!-- Only phones that are authenticated can be configured to trust this system to relay ZRTP secured calls. Your phone is not authenticated with this system, so this call will have no effect. -->
- <prompt phrase="Ваш телефон сообщит, что он уже доверяет системе для перенаправления ZRTP шифрованных звонков, так что больше делать ничего не нужно будет" filename="zrtp-enroll_already_enrolled.wav"/>\r
- <!-- Your phone indicates that it already trusts this system to relay ZRTP secured calls, so you do not need to do anything more. -->
- <prompt phrase="Только телефоны, с поддержкой протокола ZRTP могут использовать такую функцию. Ваш телефон не поддерживает ZRTP протокол и звонок не даст эффекта ZRTP защиты." filename="zrtp-enroll_notzrtp.wav"/>\r
- <!-- Only phones equipped with the ZRTP protocol can use this extension. Your phone is not a ZRTP-enable phone, so this call will have no effect.-->
- <prompt phrase="Система оборудована для проведения шифрованных ZRTP звонков. Вы должны решить, если вы хотите чтобы система была задействована для приема и возможно мониторинга Ваших защищенных звонков. Вы можете повесить трубку после окончания разговора." filename="zrtp-enroll_confirmed.wav"/>\r
- <!-- This system is equipped to handle ZRTP encrypted phone calls. You must decide if you want to allow this system to be in a position to intercept and possibly monitor your secure phone calls. You may hang up after you've done this. -->
- <prompt phrase="Договоритесь с партнером по разговору о парольной фразе." filename="zrtp-is_secure.wav"/>\r
- <!-- Verbally compare this authentication code with your partner. -->
- <prompt phrase="Парольная фраза на данный момент не проверена" filename="zrtp-is_unverified.wav"/>\r
- <!-- Authentication code is now unverified. -->
- <prompt phrase="Парольная фраза проверена." filename="zrtp-is_verified.wav"/>\r
- <!-- Authentication code is now verified. -->
- <prompt phrase="Спасибо за звонок. До свидания." filename="zrtp-thankyou_goodbye.wav"/>\r
- <!-- Thank you for calling. Goodbye. -->
- <prompt phrase="Что-то происходит не так." filename="zrtp-somethings_wrong.wav"/>\r
- <!-- Something's wrong -->
- <prompt phrase="Ошибка." filename="zrtp-status_error.wav"/>\r
- <!-- Error. -->
- <prompt phrase="Ваш разговор не шифруется" filename="zrtp-status_notsecure.wav"/>\r
- <!-- Call is not secure. -->
- <prompt phrase="Ваш разговор шифруется." filename="zrtp-status_secure.wav"/>\r
- <!-- Call is secure. -->
- <prompt phrase="Шифрованный вызов." filename="zrtp-status_securing.wav"/>\r
- <!-- Securing call. -->
- </zrtp>\r
<users>
<prompt phrase="Для отправки факса" filename="to_send_a_fax.wav"/>
<prompt phrase="Абонент с номером ... не отвечает, пожалуйста..." filename="no_answer_please.wav"/>
--with-odbc \
--with-erlang \
--with-openssl \
---enable-zrtp \
%{?configure_options}
unset MODULES
+++ /dev/null
-# -*- mode:conf -*-
-/*.a
-/*.dat
-/*.o
-/.cproject
-/.deps
-/.project
-/.stamp-doc
-/Makefile
-/Makefile.in
-/_configs.sed
-/aclocal.m4
-/autom4te.cache/*
-/cache_test
-/config.*
-/config/*
-/configure
-/doc/Doxyfile
-/doc/out
-/include/zrtp_config_unix.h
-!/build/Makefile.am
-!/build/test/Makefile.am
+++ /dev/null
-#
-# Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-# For licensing and other legal details, see the file zrtp_legal.c.
-#
-# Viktor Krikun <v.krikun at zfoneproject.com>
-
-Created by Phil Zimmermann.
-
-Developers:
- Viktor Krikun
- Nikolay Popok
- Vitaly Rozhkov
- Andrey Rozinko
- Bryce Wilcox-O'Hearn
-
-Thanks to:
- Alan Johnston
- Jon Callas
- Hal Finney
- Colin Plumb
- Sagar Pai
- Werner Dittmann
- Travis Cross
- L. Amber Wilcox-O'Hearn
- Ariel Boston
- Donovan Preston
-
-Portions of this software are available under open source licenses from other authors.
-Notably, Brian Gladman's AES implementation, and David McGrew's libSRTP package.
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- */
-
\ No newline at end of file
+++ /dev/null
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
-
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-SINCE LIBZRTP v0.80 CHANGELOG IS A PART OF HTML DOCUMENTATION.
-Check generated html or doc/manuals/changelog.dox doxygen sources
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
-
-libzrtp 0.7.1 18.11.2008
---------------------------------------------------------------------------------
-1. Fixed bug with hardcoded AES128 cipher for generating SRTP keys. In this
- version is selected according to ZRTP discovery.
-
-2. Added initialization/deinitalization functions to zrtp helper functions.
-
-libzrtp 0.7.0 04.11.2008
---------------------------------------------------------------------------------
-1. Changes in libzrtp sources tree.
-
-2. Improvements in libzrtp initialization routine:
- - all global zrtp options were combined in zrtp_config_t structure;
- - zrtp_init() allocates memory for zrtp global context;
- - zrtp_config_defaults()
-
-3. Improvements for Passive/Active mode support.
- a) A passive endpoint never sends a commit message, period. Also, it
- declares itself as a passive endpoint by setting the P flag it its own
- Hello message;
- b) A active endpoint does not send a commit to a passive endpoint, which it
- recognizes by detecting the P flag;
- c) A passive phone, if acting as a SIP initiator (meaning it initiated the
- call), rejects all commit packets from everyone;
- d) A passive phone rejects all commit messages from a PBX, which is easily
- recognized by the M flag.
- Passive mode support is built into the library logic and will be used
- automatically if the developer specifies signaling role by setting
- is_initiator flag in zrtp_init_session_ctx().
-
-4. Improvements in ZRTP feedback interface and system-dependent functions.
- There are two types of interface functions in libzrtp: system dependent API
- and realization of helper functions and events. System dependent API in
- defined in zrtp_iface_system.h as set of extern functions. System
- functions are already implemented for several basic platforms in
- zrtp_iface.sys.c libzrtp feedback and helper functions were re-factored
- and implemented as set of callbacks. If the developer doesn't want to
- handle one or another event it may just leave necessary pointer empty.
- See zrtp_init() and zrtp_callback_t, zrtp_iface.h for more details.
-
-5. ZRTP configuration approach was improved: zrtp_config_xxx.h contains
- adjustments for necessary target platform. libzrtp contains default
- configs for Linux, OS X, Windows, Window CE and Symbian platforms.
- All ZRTP protocol and behavior related adjustments are collected in
- zrtp_config_user.h. Edit this file to configure libzrtp for your
- needs.
-
-6. Implemented new functions in protocol according to the Internet Draft v 10.
-
-7. Improved realization of built-in libzrtp scheduler. Fixed bug with crashing
- on performing delay call when zrtp session have been already deleted.
-
-8. Logging function was improved. Use ZRTP_LOG macro to print log messages. See
- zrtp_log.h for more information.
-
-
-libzrtp 0.6.8 03.09.2008
---------------------------------------------------------------------------------
-ZRTP
-1. Fixed bug with incorrect maximum value for T1 retry interval timer which
- increased delay between LOOKING_FOR_ZRTP and NO_ZRTP_SUPPORT states.
- Internal fix, no API changes required;
-2. Implemented version negotiation according to the latest specification.
- libzrtp v 0.6.8 supports ZRTP v0.90 only. No changes required in
- applications that use the SDK.
-3. Compilation flag WITH_ZFONE was removed. The developer, who wants to use
- built-in ZRTP cache, has to set name of the ZRTP cache explicitly,
- implementing zrtp_get_cache_path() function.
-4. New libzrtp licensing scheme was implemented. It allows the licensing policy
- to be changed at run time. See zrtp_license_mode_t doc. for more details.
- Affected API - zrtp_init().
-5. ZRTP Protocol version was changed to 0.90 according to ZRTP Internet Draft.
-6. Some changes in Linux config files: surplus configuration flags were removed
- from ./cfg.XXX templates.
-7. Added experimental ZRTP messages retries scheduler for slow channels. As
- ex ample for GSM CSD channel with average bandwidth 6Kb/s. To use this
- option build library with BUILD_FOR_CSD flag.
-
-
-libzrtp 0.6.6 27.06.2008
---------------------------------------------------------------------------------
-ZRTP
-1. Small bug was fixed in S0 calculation: when RS1 is corrupted the library uses
- RS2 instead;
-2. Some changes in Makefile and building process: unused header were eliminated
- from the installation process.
-3. -DBUILD_WITH_ZRTP_MUTEXES was replaced with --enable_mutexes option passed to
- ./configure script. This change allows not to specify any libzrtp compilation
- flags during user application compilation. --enable-mutexes adds
- BUILD_ZRTP_MUTEXES definition to the ./config/zrtp_unix_config.h so if you
- build libzrtp on other platforms - define this flag manually (windows
- configuration file already includes this option).
-4. Clean-up in .h and .c comments was made.
-
-
-libzrtp 0.6.5 04.06.2008
---------------------------------------------------------------------------------
-ZRTP
-1. New names for: other_secret - pbxs; srtps - auxs. In bits and secrets storages;
-2. RS2 secret was eliminated form DH s0 calculation;
-3. Protocol version number was increased to 0.85
-
-
-libzrtp 0.6.4 19.05.2008
---------------------------------------------------------------------------------
-ZRTP
-1. According to the new version of the Internet Draft Signaling shared secret was
- removed from the protocol and from the sources. It was not used by interface
- functions and developers may change nothing in libzrtp based applications.
-
-2. DH4K Key echange was eleminated from the specification and from the sources.
- Now ECDH is used for all larger AES key sizes.
-
-
-libzrtp 0.6.2 04.02.2008
---------------------------------------------------------------------------------
-ZRTP
-1. New behaviour for Secure --> Clear --> Secure scenario was implemnted. According
- to ZRTP ID 06 section 5.7.2.1 new value of ZRTPSess computed as hash(ZRTPSess).
-
-DOC:
- Libzrtp documentation was updated up to version 0.6.2.
-
-
-libzrtp 0.6.1 03.14.2008
---------------------------------------------------------------------------------
-ZRTP
-1. Multistream mode was implemented according to ZRTP Internet Draft 05.n:
- - new stream mode zrtp_stream_mode_t:: ZRTP_STREAM_MODE_MULT;
- - Multistream key exchange component was added with ID zrtp_pktype_id_t::
- ZRTP_PKTYPE_MULT and symbolic name ZRTP_MULT. To allow libzrtp use Multistream
- mode - ZRTP_PKTYPE_MULT have to be added to the stream profile in the first
- position;
- - According to the new draft SAS and ZRTPSess key are Session option and
- were moved to the zrtp_conn_ctx_t structure. New specification defines
- single SAS values for all streams within the session;
- - ZRTP state-machine was changed to handle Multistream mode. In .Fast. mode
- DH exchange is omitted and stream skips ZRTP_STATE_WAIT_CONFIRM1 and
- ZRTP_STATE_PENDINGSECURE for the Initiator and Responder state-machines,
- respectively;
-
-2. Hash preimages were added to prevent DOS attacks. See ZRTP ID sec 9.0 for detail
- information. This option is available using zrtp_set_signaling_hash() and
- zrtp_get_signaling_hash() functions.
-
-3. Hmac values were added to every packet to allow eliminate SAS validation
- if SIP is protected;
-
-4. Autosave. of the default realization of the ZRTP cache to the hard drive was
- implemented;
-
-5. Lot of other internal changes and improvements according to the latest ZRTP
- specification v06.
-
-
-libzrtp 0.4.5-6
---------------------------------------------------------------------------------
- 1. Full PBX support. Tested on GS-Labs Asterisk
- API:
- DOC:
-
- 2. Resolved problem with BG ciphers compilation: initialization of AES hash tables.
-
- 3. Fixed bug in SRTP replay protection. (Undeleted nodes for mulsy-stream encryption)
- (May resulted in a error zrtp_protocol_error_t::zrtp_status_rp_fail)
-
- 4. Vrification is a session option. Input parameter of zrtp_set_verified() was
- changed from stream to ZRTP session structure.
-
- 5. Fixed bug with malformed ZRTP Hello packet.
-
- 5. fast video
-
-libzrtp 0.4.4 31.07.2007
---------------------------------------------------------------------------------
- 1. New extra error code for replay protection was added.
- See zrtp_status_t::zrtp_status_rp_fail.
-
- 2. Fixed bug which may resulted in a dammage with decrypt failed 7 error. It
- was happen when libzrtp passed RTP alerts packet to the replay protection
- engine and ROC was broken.
-
- 3. Fixed RTCP encryption/decryption.
-
- 4. Fixed bug with RS1 and RS2 swapping when one of the sides lost RS1.
- (May resulted in a error zrtp_protocol_error_t::zrtp_error_auth_decrypt )
-
-
-libzrtp 0.4.3 06.07.2007
---------------------------------------------------------------------------------
- 1. Beta version of API for PBX support according to the latest ZRTP draft.
- Not tested. For internal development only. Follow // PBX comments;
- - secret's cache format was changed.
-
- 2. S0 calculation according to NIST recommendations; Internal change
- - ZRTP protocol version was increased to 0.07.
-
- 3. All libzrtp sources was audited with coverity code analyzer. http://coverity.com/
-
-libzrtp (0.3.9 - 0.4.2) 27.06.2008
---------------------------------------------------------------------------------
- 1. Changes according to new draft 04a. All changes are internal.
- a) new DH packets: pvi/pvr, nonce field is at the end of the DH packet.
- In "Preshared" mode both DH packets contain nonce value instead of pvi/r;
- b) new hvi value the same for all modes (DH and Preshared)
- hvi = hash(initiator's DHPart2 message | responder's Hello message);
- c) new algorithm of SAS computing: sasvalue = HMAC(hmackeyi,"SAS");
-
- 2. New GUI based test-unite forSymbian platform
-
- 3. Default implementation of the packet retries unite for Symbian was added
- to the libzrtp package. Except besides scheduler, libzrtp includes
- realization of some synchronization and threading routines. These
- components written in C++ and can't be linked with the library. One should
- add them to own Symbian project project.
-
- 4. Compilation of default realization of ZRTP mutexes was separated from
- the other system interfaces. To build library with default mutexes
- BUILD_ZRTP_MUTEXES flag should be used;
-
- 5. New clearing logic. Goals:
- API:
- - state-machine states were changed
- - goclear reason was eliminated. Now we can switch to CLEAR just on
- user action.
- - ZRTP_EVENT_IS_INITIATINGCLEAR was removed as a uperfluous event. As a
- result all event codes were changed.
- - new clear_hmac = HMAC(hmakkeyi/r, "Clear Hmac")
- 6. New Errors handling logic. See updated state-macine diagram and "developers
- guide".
- API:
- - ZRTP_STATE_ERROR was added to handle error requests. Libzrtp switches
- to this state after the Error exchange. From ZRTP_STATE_ERROR stream
- cxan be started again or destroyed, depending on application strategy.
- - ZRTP_ERRORACK and ZRTP_ERROR packets were added
- - new event ZRTP_ENEVT_NO_ZRTP inform's user that other side doesn't
- support ZRTP encryption.
-
- 7. -D WITH_STACK_MINIM compilation flag allows to minimize coasts for the
- system stack. In the most critical places dynamic allocation will be used
- instead of static variables. This option can be useful on mobile platforms
- in kernel mode, etc.
-
- 8. Several bug fixes in scheduler. Improved built-in realization of Symbian
- platform. If you use our default realization on Symbian - please update.
-
- 9. David A. McGrew's srtp was replaced with our own. We did it to get control
- over all crypto functions, generalize interface of crypto component. It
- allows us to port libsrtp to any platforms more smoothly. We have one
- configuration file, all platform-dependent function and definitions are
- concentrated at one place. We eliminated superfluous functionality from
- libsrtp, made it crossplatform and thread-safe. In SRTP engine we use our
- own crypto-components based on by Dr. Brian Gladman's sources. Each component
- has strong self-test function allows it to be tested on any platform and
- in any environment.
- - project structure was changed;
- - bgaes folder includes AES and SHA routines by Dr. Brian Gladman. For details
- see dgaes/howto and bg2zrtp.h files;
- - libzrtp supports external realizations of SRTP (Use zrtp_srtp.h API and flag
- -D WITHOUT_BUILTIN_SRTP );
-
- 10. Header files were refactored: one can add just single zrtp.h include to use
- any libzrtp function or data type;
-
- 11. Solved problem with deadlock during Video conferences. (One side starts
- negotioation with Video and another one with Audio stream)
-
- 12. Some changes in test-unite:
- - test vectores and test-cases for all cryptio components are available;
- - zrtp_system_test.h checks environment and compilation flags
- - use ZRTP_ENABLE_TEST flag to build library with all tests
- 13. Full documentation review and updating.
-
- 14. Sources clean up and some refactoring;
-
- 15. Fixing in "break the tie" logic. See diagrams and zrtp_preparse_commit(),
- zrtp_preparse_init_commit();
-
- 16. Some changes according to the lates ZRTP specification:
- - sasvalue was trancated to 32 bits and used mostleft parts of the hashvalue.
-
- 17. Small bug fixes (zrtp_can_start_dh and zrtp_can_start_preshared() mixed into
- zrtp_can_start_stream);
-
- 18. New key derivation mechanism according to NIST standarts. See ZRTP Draft
- 5.4.4 and 5.5.4.
-
-libzrtp (0.3.7)
---------------------------------------------------------------------------------
- 1. New, more clear and useful test-unite
- 2. Eliminated zrtp_stop_protocol(). Now zrtp_done_session_ctx() includes
- protocol stopping.
- 3. Some simplifications in project structure: removed zrtp_inet.h and bnase32.h,
- zrtp_iface.c was removed to src\iface folder;
- 4. ZSTR_GET_VALUE should be used to convert zrtp_stringxx_t to zrtp_stringn_t;
- 5. Some changes for windows CE;
- 6. Changed default options: SAS base256 enabled by defauld and "staysecure" is on.
-
-libzrtp (0.3.6)
---------------------------------------------------------------------------------
- FIXES:
- a) CRC now covers the whole ZRTP packet, not just a body
- b) improved names of some crypto-components in HELLO/COMMIT packets
- c) improved messages hash: hash function covers all ZRTP message with
- magic number and length fields;
- d) fixed DHPart1 and DHPart2 packets format according to last version
- of ZRTP Internet draft.
- e) fixed retain secrets sorting algorithm according to the last version
- of the internet draft.
-
- 1. Windows CE support. Now library is fully compatible with Windows CE.
- - .\libzrtp\projects\libzrtp_wince_vc8.sln project file for MS VS 2005
- - .\libzrtp\test\WinCE contains sources of simple test-unite ( We have
- just started working in this direction and more intelligent test unite
- will be available soon. Tested on HTC S620 with Windows CE 2005 )
-
- 2. Added previous state field to ZRTP stream structure. It can be used to
- analyze conditions of switching from one state to another. (For libzrtp
- developers only)
- API:
- - zrtp_stream_ctx_t#_prev_state was added
- - _zrtp_change_state() MUST be used to switch from one state to another
-
- 3. Some changes in PENDING_CLEAR state handler. In case of error during
- transition from CLEAR to SECURE state-machine will switch back to CLEAR
- without the confirmation by user.
-
-
-libzrtp (0.3.5)
---------------------------------------------------------------------------------
- Full description is in progress
-
- 1. Support of all crypto futures according to the new ZRTP draft v 0.3. Lots
- of internal changes were provided in ZRTP kernel.
-
- 2. Symbian support. Now you can build libzrtp and test unites on Symbian
- platforms. There are .inf and .mmp files in corresponded directories.
- (Symbian project files are a little bit row and we will appreciate any
- suggestions and advices.)
-
- 3. ZRTP stream became more independent. You can use different configurations
- for different streams. So
- ZRTP profile: profile;
- "staysecure" flag: staysecure;
- SAS values: sas_values;
- cache TTL: cache_ttl;
- and all used crypto components were removed from session context
- (zrtp_conn_ctx_t) to stream context (zrtp_stream_ctx_t).
- API:
- - you should configure every stream in the same way as the whole session in
- previous version has been done. See zrtp_init_session_ctx()
- and zrtp_attach_stream()
-
- 4. "Multistream" mode was replaced by "Preshared" (based on retain secrets
- from previous call. See http://zfoneproject.com/docs/ietf/draft-zimmermann-avt-zrtp-03.html#anchor19 .
- Preshared mode is available as a normal ZRTP crypto component e.g."DH3K"
- or "DH4K". If you enable Preshared mode in profile and libzrtp finds
- secrets in your cache - "Preshared" mode will be used for all next calls
- API:
- - the choice of stream mode was removed from zrtp_start_stream() and
- from zrtp_secure_stream().
-
- 5. Integer enumerations for all crypto components e.g. Hash type, cipher type
- etc. You should use these values instead of character values for optional
- profile configuration. (as an example for enabling "preshared" mode)
- API:
- - enumerations types zrtp_hash_id, zrtp_cipher_idzrtp_atl_id,
- zrtp_pktype_id, zrtp_sas_id in zrtp_crypto.h
- - all crypto components structures now have id field and libzrtp
- operates with this field to find, register or delete crypto
- components.
- - ZRTP profile: zrtp_profile_t uses this integer values too. (list of
- crypto-components is a zero terminated array of values of necessary
- type)
- - zrtp_find_in_profile() and zrtp_find_comp() operate with component
- integer identifiers
- - there are two special functions to convert component ID to ZRTP
- character name: zrtp_comp_id2type(), zrtp_comp_type2id.
-
- 6. Integer error codes were provided instead of 4-character values. One should
- use them to analyze zrtp_stream_ctx_t#last_error value in your ZRTP
- errors handlers.
- API:
- - zrtp_protocol_error_t was added to zrtp_error.h.
- - zrtp_stream_ctx_t#last_error now is an integer value from
- zrtp_protocol_error_t space.
-
- 7. Special function for verification of SAS value was added. One should use
- this function to set/unset SAS verification flag from his own
- application.
- API:
- - zrtp_set_verified() was added to zrtp.h
-
- 8. Some optimization of types was provided. Here are some possible changes which you
- need to make in your product:
- - libzrtp uses it own strings (zrtp_stringXX_t group) to operate with
- binary and character strings. In this version we made attempt to
- minimize memory coasts and replaced zrtp_string_t with zrtp_stringXX_t
- group, where XX - maximum length in bytes. zrtp_stringxx_t contains
- its length and as a result all functions for work with strings are
- type independent. So one should use one of these types to store binary
- strings and zrtp_stringn_t as a type of operand in all global functions.
- - all retain secrets holders and flags were removed to zrtp_secrets
- structure in zrtp_conn_ctx_t#secrets.
- - zrtp_packet_string4_t was replaced by zrtp_ucharXX_t group where XX -
- type length in bytes. These types are used in library for packets
- construction instead of char arrays.
-
- 9. Packets retries synchronization was added. zrtp_retry_task_t structure
- from zrtp_types_t is used for all operations with scheduler. One should
- use #callback and #timeout fields from this structure.
- API:
- - zrtp_send_packet_later(), zrtp_cancel_send_packet_later()
-
-libzrtp (0.3.4)
---------------------------------------------------------------------------------
- 1. ZRTP state-macine was fully refactored. All transitions between states
- are absolutely identical to diagram attached to documentation.
- DOC:
- - See doc/img/png/state_mach_ext.png
-
- 2. ZRTP uses new packets format according to draft-zimmermann-avt-zrtp-03i
-
- 3. Improved some mistakes in libbn make-files for windows. Unused
- functions were omitted.
-
- 4. Provided types optimization to decrease RAM memory costs.
-
- 5. Packets retries were synchronized.
-
- 6. zrtp_voip_proto_t was removed from the library
- API:
- - if you need this enumeration see zfone_types.h in zfone project
-
- 7. "GoClear reasons" support
-
- 8. Some internal changes according to draft-zimmermann-avt-zrtp-03i
- a) Commit hash covers the whole Hello body
- b) GoClear hmac includes "Reason string"
- c) Confirm body encrypted by AES CDB cipher
- d) Confirm hmac covers whole encrypted part of the packet
-
- 9. Use BUILD_ZRTP_DEBUG_LOG flag instead of BUILD_DEBUG_LOG to build the
- library with debug logs.
-
-libzrtp (0.3.3) 21.02.2007
---------------------------------------------------------------------------------
- 1. libzrtp test application refactored for better performance and usability.
- For addition information see test application README file and
- "libzrtp test suite" chapter in main documentation page.
-
- 2. Some changes in documentation for better English
-
- 3. Use microseconds in zrtp_time_t instead of milliseconds.
- API changes:
- - change zrtp_get_time() function realization if needed
-
- 4. Fixed several small mistakes
-
-
-libzrtp (0.3.2) 09.02.2007
---------------------------------------------------------------------------------
- 1. Global context allocation removed to user space.
- This was made to able RNG using before library initialization.
- API changes:
- - zrtp_init(), zrtp_down()
- - zrtp_randstr(), zrtp_add_system_state()
-
- 2. Fixed bug in srtp SHA1 calculation for Windows.
-
- 3. Confirm and GoClear HMAC was truncated to 64 bits.
-
- 4. Calls stack minimized for library using in kernel mode
-
- 5. Default realization of secrets' cache is available. Cache was implemented
- as a simple binary file and can be built using -DBUILD_DEFAULT_CACHE file.
- API:
- - realization at src\iface\zrtp_cache.c
- DOC:
- - 1.4 libZRTP setup and building
- - 2.2 System-dependent functions
-
- 6. Default cross-platform realization of time-out sending unite is available.
- This unite is available for Linux, MacOS and Windows. It can be built using
- -DBUILD_DEFAULT_TIMER flag.
- API:
- - realization at src\iface\zrtp_scheduler.c
- DOC:
- - 1.4 libZRTP setup and building
- - 2.2 System-dependent functions
-
- 7. "HOWTO libzrtp" was added to the library documentation
-
-libzrtp (0.3.1) 06.12.2006
---------------------------------------------------------------------------------
- 1. Global variables were removed from c-files. Added global context
- zrtp_global_ctx_t for necessary data storing. This was made to allow
- to build library in some special environment as Symbian OS ed2.
- DOC changes:
- - 2.1.2 data structure
- API changes:
- - zrtp_global_ctx_t added
- - zrtp_init(), zrtp_down(), zrtp_init_session(), zrtp_down_session()
-
- 2. Added multithreading support. Now libzrtp is thread-safe. About all
- conditions of usage in multithreading application and synchronization
- schemes see section "2.3.3 Multithreading and concurrent streams" in
- developers guide.
- DOC changes:
- - 2.2.3 Multithreading and concurrent streams
- API changes:
- - mutex were added to main data structures
- - mutex interface section at zrtp_iface.c, default realization at
- zrtp_iface.c
-
- 3. Session configuration routine was simplified. ZRTP profile is applied on
- session initialization. Some configuration functions were removed and
- changed.
- DOC changes:
- - 2.3.1 Setup, initialization and deinitialization
- API:
- - zrtp_profile_autoload() removed
- - zrtp_init_session(), zrtp_check_profile()
-
- 4. Default realizations of system interfaces was added (for Windows, Linux
- and MacOS).
- API:
- - zrtp_iface.c added
-
- 5. Test suit developed.
- Simple test-unite created. It runs several ZRTP sessions, enters SECURE
- mode, shows statistics and is closed. To build test-suite on Unix - use C
- flags -DBUILD_DEBUG_LOG -DBUILD_WITH_CFUNC -DBUILD_EMPTY_CACHE
- -DBUILD_EMPTY_TIMER and configure param. --enable-test. To run tests:
- make check. To build test-suite on Windows use necessary project files.
- DOC changes:
- - 1.4 libZRTP setup and building
- API:
- - Sources can be found at /test directory
-
- 6. Some changes in project structure, configuration and make files according
- to new functionality.
- DOC changes:
- - 1.4 libZRTP setup and building
-
\ No newline at end of file
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-Basic Installation
-================================================================================
-
- To start playing with Zfone and libzrtp you should install few developers
-packages on your machine: gcc and g++ compilers, automake and autoconf tools.
-
- To install library as a Zfone component for Linux the following flags
-should be used: BUILD_DEBUG_LOG, BUILD_WITH_CFUNC, BUILD_DEFAULT_CACHE,
-BUILD_DEFAULT_TIMER and WITH_ZFONE.
- The following instructions are for experienced users and developers only.
-If you just want to install Zfone use the command as follows:
-./configure CFLAGS="-O0 -g3 -W -Wall -DBUILD_DEBUG_LOG -DBUILD_WITH_CFUNC
--DBUILD_DEFAULT_CACHE -DBUILD_DEFAULT_TIMER -DWITH_ZFONE"
-
-Library distribution contains installation and configuration files, project files
-for several Operation Systems. To install Library on Unix-like systems the
-autotools tool set is used. To install on Windows - Microsoft Visual Studio.
-Except standard for your system compile flags the following are available for
-your system:
--# -DBUILD_DEBUG_LOG - enables debug and logging information
- This flag is recommended to be used at design stages for testing. Logs make
- debug process much easier and are to be included into bugreport.
--# -DBUILD_WITH_CFUNC - assign to the library to gather standard for this
- platform system interface functions realizations. This option simplifies the
- library use and make code more compact. You can have a look at realizations
- in src/zrtp-iface.c. file. And if they suit you use this flag.
--# -DBUILD_EMPTY_CACHE this flag assigns to the library to use empty stubs
- instead of operations with cache. This checkbox may be used in test
- applications or in systems where cache secrets storing is impossible. Be
- careful with this flag! Use it if it is really necessary.
--# -DBUILD_EMPTY_TIMER this flag assigns to the library to use empty stubs
- instead of delayed tasks processing. This checkbox may be used in test
- applications or in systems with the reliable communication channel (the
- package loss is impossible). Be careful with this flag! Use it if it is
- really necessary.
-
-Except library itself, the set of utilities for the all components workability
-check on the basis of a certain platform is provided. libzrtp test creates
-several parallel ZRTP sessions, initiates transfer to the protected mode,
-displays statistics, after which the application is stopped. If application test
-was completed successfully the library is configured correctly, all components
-work correctly. Note! Installation of test application is carried out with
--DBUILD_EMPTY_CACHE -DBUILD_EMPTY_TIMER flags. After fulfilling tests reinstall
-library without use of these flags.
-
-Further instructions must be followed in order to build and set up the library in
-any Unix-like operation system (Linux, FreeBSD, MacOS):
- -# Download source codes from zfoneproject.com
- -# Decompress the archive libzrtp-0.3.X.tzr.gz : tar -zxf ./libzrtp-0.3.X.tzr.gz
- and open cd libzrtp-0.3.X directory
- -# Configure the library: ./configure (use necessary compollation flags)
- -# Build the library: make
- -# If you get the errors during, please send a full log of configuration
- and building process to zfone-bugs@philzimmermann.com. Please specify
- the operation system, hardware platform, compiler version and other
- environmental parameters. Any proposals will be taken into account when
- developing new versions.
- -# After te library successful building, run setup (installation): ./make install
- -# to build test unites run ./configure with CFLAGS="-DBUILD_DEBUG_LOG
- -DBUILD_WITH_CFUNC -DBUILD_EMPTY_CACHE -DBUILD_EMPTY_TIMER and parameter
- --enable-test. After successful configuration start test: "make check".
- This command will build and run all test (bnlib test, srtp tests and
- libzrtp tests) Don't forget to rebuild library without -DBUILD_EMPTY_CACHE
- -DBUILD_EMPTY_TIMER.
-
-For library configuration and installation on Windows platform the followinf
-files should be used:
- -# For installation with the Microsoft Visual Studio v6 use:
- - libzrtp.dsw
- - libzrtp.dsp
- - test\libzrtp_test.dsp
- -# For installation with the Microsoft Visual Studio v7 use:
- - libzrtp.sln
- - libzrtp.vcproj
- - test\libzrtp_test.vcproj
- -# If you want to build libzrtp in Windows kernel mode you mast use MAKEFILE.WIN32
-
-For 32-bit machines bnlib contains assemble file lbn80386.asm. The assembler is
-needed to install it. The compiler ml is in the stracture of VS7, if you use VS6
-you can use Microsoft Macro Assembler (http://www.masm32.com/masmdl.htm). To
-compile this file you have define in properties: <c>Commands: <dir>\ml /c /Cx
-/coff /Fo $(TargetDir)\$(InputName).obj $(InputPath) Outputs: $(TargetDir)\$(InputName).obj
-</c> where <dir> is a complete path to the compiler.
-
-Possible problems and methods of the solution:
- -# Some environment problems with automatic definition of architecture
- and byte-order are possible at library building. We recommend before building
- of libZRTP on a new program or hardware platform uncomment the test-unite at
- the end of the file \c zrtp_syste.h. If there is a mistakes in definition of
- architecture or byte-order use zrtp_system.h manual configuration following
- the comments.
-
-Please take into account the fact that libzrtp developers are not responsible for
-external modules of the library. In other words, the functionality of the library
-was tested under majority of widespread Linux and Windows systems, but warnings
-can still occur during these modules compilation.
-
-If you have faced with some problems during configuration or installing of the
-library - send a report to the Support Service. If you installed library on the
-platform not described here, please contact the Support Service. We are
-interested very much to get know the results of testing on new platforms. We
-will carefully examine all proposals and will do our best to realize them in new
-library versions.
-
-
-Compilers and Options
-=================
-
- Some systems require unusual options for compilation or linking that
-the `configure' script does not know about. You can give `configure'
-initial values for variables by setting them in the environment. Using
-a Bourne-compatible shell, you can do that on the command line like
-this:
- CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
-
-Or on systems that have the `env' program, you can do it like this:
- env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
-
-Compiling For Multiple Architectures
-=================
-
- You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory. To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'. `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script. `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
- If you have to use a `make' that does not supports the `VPATH'
-variable, you have to compile the package for one architecture at a time
-in the source code directory. After you have installed the package for
-one architecture, use `make distclean' before reconfiguring for another
-architecture.
-
-Installation Names
-==================
-
- By default, `make install' will install the package's files in
-`/usr/local/include', `/usr/local/lib', etc. You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
-
- You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files. If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
-
- If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
- Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System). The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
- For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
- There may be some features `configure' can not figure out
-automatically, but needs to determine by the type of host the package
-will run on. Usually `configure' can figure that out, but if it prints
-a message saying it can not guess the host type, give it the
-`--host=TYPE' option. TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name with three fields:
- CPU-COMPANY-SYSTEM
-
-See the file `config.sub' for the possible values of each field. If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the host type.
-
- If you are building compiler tools for cross-compiling, you can also
-use the `--target=TYPE' option to select the type of system they will
-produce code for and the `--build=TYPE' option to select the type of
-system on which you are compiling the package.
-
-Sharing Defaults
-================
-
- If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists. Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
- Variables not defined in a site shell script can be set in the
-environment passed to `configure'. However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost. In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'. For example:
-
- ./configure CC=/usr/local2/bin/gcc
-
-will cause the specified gcc to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-Operation Controls
-==================
-
- `configure' recognizes the following options to control how it
-operates.
-
-`--version'
-`-V'
- Print the version of Autoconf used to generate the `configure'
- script, and exit.
-
-`--cache-file=FILE'
- Use and save the results of the tests in FILE instead of
- `./config.cache'. Set FILE to `/dev/null' to disable caching, for
- debugging `configure'.
-
-`--help'
- Print a summary of the options to `configure', and exit.
-
-`--quiet'
-`--silent'
-`-q'
- Do not print messages saying which checks are being made.
-
-`--srcdir=DIR'
- Look for the package's source code in directory DIR. Usually
- `configure' can determine that directory automatically.
-
-`--version'
- Print the version of Autoconf used to generate the `configure'
- script, and exit.
-
-`configure' also accepts some other, not widely useful, options.
+++ /dev/null
-#
-# Copyright (c) 2006-2007 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-#
-# Viktor Krikun <v.krikun@soft-industry.com> <v.krikun@gmail.com>
-#
-
-libzrtp_includedir=$(includedir)/libzrtp
-libzrtp_include_HEADERS = \
- $(top_srcdir)/include/zrtp.h \
- $(top_srcdir)/include/zrtp_base.h \
- $(top_srcdir)/include/zrtp_config.h \
- $(top_srcdir)/include/zrtp_config_user.h \
- $(top_srcdir)/include/zrtp_config_unix.h \
- $(top_srcdir)/include/zrtp_crypto.h \
- $(top_srcdir)/include/zrtp_ec.h \
- $(top_srcdir)/include/zrtp_engine.h \
- $(top_srcdir)/include/zrtp_error.h \
- $(top_srcdir)/include/zrtp_iface.h \
- $(top_srcdir)/include/zrtp_iface_scheduler.h \
- $(top_srcdir)/include/zrtp_iface_cache.h \
- $(top_srcdir)/include/zrtp_iface_system.h \
- $(top_srcdir)/include/zrtp_legal.h \
- $(top_srcdir)/include/zrtp_list.h \
- $(top_srcdir)/include/zrtp_log.h \
- $(top_srcdir)/include/zrtp_pbx.h \
- $(top_srcdir)/include/zrtp_protocol.h \
- $(top_srcdir)/include/zrtp_srtp.h \
- $(top_srcdir)/include/zrtp_srtp_builtin.h \
- $(top_srcdir)/include/zrtp_string.h \
- $(top_srcdir)/include/zrtp_types.h \
- $(top_srcdir)/include/zrtp_version.h \
- \
- $(top_srcdir)/third_party/bnlib/bn.h \
- \
- $(top_srcdir)/third_party/bgaes/aes.h \
- $(top_srcdir)/third_party/bgaes/aesopt.h \
- $(top_srcdir)/third_party/bgaes/aestab.h \
- $(top_srcdir)/third_party/bgaes/bg2zrtp.h \
- $(top_srcdir)/third_party/bgaes/brg_types.h \
- $(top_srcdir)/third_party/bgaes/sha1.h \
- $(top_srcdir)/third_party/bgaes/sha2.h
-
-lib_LIBRARIES = libzrtp.a
-
-libzrtp_a_CPPFLAGS = \
- -I$(top_srcdir)/include \
- -I$(top_srcdir)/. \
- -I$(top_srcdir)/third_party/bgaes \
- -I$(top_srcdir)/third_party/bnlib
-
-libzrtp_a_LIBADD = $(top_srcdir)/third_party/bnlib/libbn.a
-
-libzrtp_a_SOURCES = $(top_srcdir)/src/zrtp.c \
- $(top_srcdir)/src/zrtp_crc.c \
- $(top_srcdir)/src/zrtp_crypto_aes.c \
- $(top_srcdir)/src/zrtp_crypto_atl.c \
- $(top_srcdir)/src/zrtp_crypto_ec.c \
- $(top_srcdir)/src/zrtp_crypto_ecdh.c \
- $(top_srcdir)/src/zrtp_crypto_hash.c \
- $(top_srcdir)/src/zrtp_crypto_pk.c \
- $(top_srcdir)/src/zrtp_crypto_sas.c \
- $(top_srcdir)/src/zrtp_datatypes.c \
- $(top_srcdir)/src/zrtp_engine.c \
- $(top_srcdir)/src/zrtp_iface_scheduler.c \
- $(top_srcdir)/src/zrtp_iface_sys.c \
- $(top_srcdir)/src/zrtp_initiator.c \
- $(top_srcdir)/src/zrtp_legal.c \
- $(top_srcdir)/src/zrtp_list.c \
- $(top_srcdir)/src/zrtp_log.c \
- $(top_srcdir)/src/zrtp_pbx.c \
- $(top_srcdir)/src/zrtp_protocol.c \
- $(top_srcdir)/src/zrtp_responder.c \
- $(top_srcdir)/src/zrtp_rng.c \
- $(top_srcdir)/src/zrtp_srtp_builtin.c \
- $(top_srcdir)/src/zrtp_string.c \
- $(top_srcdir)/src/zrtp_utils.c \
- $(top_srcdir)/src/zrtp_utils_proto.c \
- \
- $(top_srcdir)/third_party/bgaes/aes_modes.c \
- $(top_srcdir)/third_party/bgaes/aescrypt.c \
- $(top_srcdir)/third_party/bgaes/aeskey.c \
- $(top_srcdir)/third_party/bgaes/aestab.c \
- $(top_srcdir)/third_party/bgaes/sha1.c \
- $(top_srcdir)/third_party/bgaes/sha2.c\
- \
- $(top_srcdir)/src/zrtp_iface_cache.c
- $(top_srcdir)/src/zrtp_engine_driven.c
-
-check_PROGRAMS = cache_test
-
-cache_test_CPPFLAGS = -I$(top_srcdir)/include \
- -I$(top_srcdir)/. \
- -I$(top_srcdir)/test \
- -I$(top_srcdir)/test/cmockery \
- -I$(top_srcdir)/third_party/bgaes \
- -I$(top_srcdir)/third_party/bnlib
-
-cache_test_SOURCES = $(top_srcdir)/test/cmockery/cmockery.c \
- $(top_srcdir)/test/cache_test.c
-cache_test_LDADD = libzrtp.a $(top_srcdir)/third_party/bnlib/libbn.a -lpthread
-
-SUBDIRS = third_party/bnlib
-
-if HAVE_DOXYGEN
-doc: .stamp-doc
-.stamp-doc:
- (cd doc && $(DOXYGEN) Doxyfile)
- touch $@
-endif
-
-uninstall:
- rm -rf $(prefix)/include/libzrtp
- rm -f $(prefix)/lib/libzrtp.a
-
+++ /dev/null
-#
-# libZRTP SDK library, implements the ZRTP secure VoIP protocol.
-# Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-# For licensing and other legal details, see the file zrtp_legal.c.
-#
-
-- Check HTML Documentation ./doc
-- Visit the Zfone Project Home Page http://zfoneproject.com/
-- Report bugs via the Zfone Bugs Page http://zfoneproject.com/bugs.html
+++ /dev/null
-AC_DEFUN([AX_PREFIX_CONFIG_H],[dnl
-AC_BEFORE([AC_CONFIG_HEADERS],[$0])dnl
-AC_CONFIG_COMMANDS([ifelse($1,,$PACKAGE-config.h,$1)],[dnl
-AS_VAR_PUSHDEF([_OUT],[ac_prefix_conf_OUT])dnl
-AS_VAR_PUSHDEF([_DEF],[ac_prefix_conf_DEF])dnl
-AS_VAR_PUSHDEF([_PKG],[ac_prefix_conf_PKG])dnl
-AS_VAR_PUSHDEF([_LOW],[ac_prefix_conf_LOW])dnl
-AS_VAR_PUSHDEF([_UPP],[ac_prefix_conf_UPP])dnl
-AS_VAR_PUSHDEF([_INP],[ac_prefix_conf_INP])dnl
-m4_pushdef([_script],[conftest.prefix])dnl
-m4_pushdef([_symbol],[m4_cr_Letters[]m4_cr_digits[]_])dnl
-_OUT=`echo ifelse($1, , $PACKAGE-config.h, $1)`
-_DEF=`echo _$_OUT | sed -e "y:m4_cr_letters:m4_cr_LETTERS[]:" -e "s/@<:@^m4_cr_Letters@:>@/_/g"`
-_PKG=`echo ifelse($2, , $PACKAGE, $2)`
-_LOW=`echo _$_PKG | sed -e "y:m4_cr_LETTERS-:m4_cr_letters[]_:"`
-_UPP=`echo $_PKG | sed -e "y:m4_cr_letters-:m4_cr_LETTERS[]_:" -e "/^@<:@m4_cr_digits@:>@/s/^/_/"`
-_INP=`echo "ifelse($3,,,$3)" | sed -e 's/ *//'`
-if test ".$_INP" = "."; then
- for ac_file in : $CONFIG_HEADERS; do test "_$ac_file" = _: && continue
- case "$ac_file" in
- *.h) _INP=$ac_file ;;
- *)
- esac
- test ".$_INP" != "." && break
- done
-fi
-if test ".$_INP" = "."; then
- case "$_OUT" in
- */*) _INP=`basename "$_OUT"`
- ;;
- *-*) _INP=`echo "$_OUT" | sed -e "s/@<:@_symbol@:>@*-//"`
- ;;
- *) _INP=config.h
- ;;
- esac
-fi
-if test -z "$_PKG" ; then
- AC_MSG_ERROR([no prefix for _PREFIX_PKG_CONFIG_H])
-else
- if test ! -f "$_INP" ; then if test -f "$srcdir/$_INP" ; then
- _INP="$srcdir/$_INP"
- fi fi
- AC_MSG_NOTICE(creating $_OUT - prefix $_UPP for $_INP defines)
- if test -f $_INP ; then
- echo "s/^@%:@undef *\\(@<:@m4_cr_LETTERS[]_@:>@\\)/@%:@undef $_UPP""_\\1/" > _script
- echo "s/^@%:@undef *\\(@<:@m4_cr_letters@:>@\\)/@%:@undef $_LOW""_\\1/" >> _script
- echo "s/^@%:@def[]ine *\\(@<:@m4_cr_LETTERS[]_@:>@@<:@_symbol@:>@*\\)\\(.*\\)/@%:@ifndef $_UPP""_\\1 \\" >> _script
- echo "@%:@def[]ine $_UPP""_\\1 \\2 \\" >> _script
- echo "@%:@endif/" >>_script
- echo "s/^@%:@def[]ine *\\(@<:@m4_cr_letters@:>@@<:@_symbol@:>@*\\)\\(.*\\)/@%:@ifndef $_LOW""_\\1 \\" >> _script
- echo "@%:@define $_LOW""_\\1 \\2 \\" >> _script
- echo "@%:@endif/" >> _script
- # now executing _script on _DEF input to create _OUT output file
- echo "@%:@ifndef $_DEF" >$tmp/pconfig.h
- echo "@%:@def[]ine $_DEF 1" >>$tmp/pconfig.h
- echo ' ' >>$tmp/pconfig.h
- echo /'*' $_OUT. Generated automatically at end of configure. '*'/ >>$tmp/pconfig.h
-
- sed -f _script $_INP >>$tmp/pconfig.h
- echo ' ' >>$tmp/pconfig.h
- echo '/* once:' $_DEF '*/' >>$tmp/pconfig.h
- echo "@%:@endif" >>$tmp/pconfig.h
- if cmp -s $_OUT $tmp/pconfig.h 2>/dev/null; then
- AC_MSG_NOTICE([$_OUT is unchanged])
- else
- ac_dir=`AS_DIRNAME(["$_OUT"])`
- AS_MKDIR_P(["$ac_dir"])
- rm -f "$_OUT"
- mv $tmp/pconfig.h "$_OUT"
- fi
- cp _script _configs.sed
- else
- AC_MSG_ERROR([input file $_INP does not exist - skip generating $_OUT])
- fi
- rm -f conftest.*
-fi
-m4_popdef([_symbol])dnl
-m4_popdef([_script])dnl
-AS_VAR_POPDEF([_INP])dnl
-AS_VAR_POPDEF([_UPP])dnl
-AS_VAR_POPDEF([_LOW])dnl
-AS_VAR_POPDEF([_PKG])dnl
-AS_VAR_POPDEF([_DEF])dnl
-AS_VAR_POPDEF([_OUT])dnl
-],[PACKAGE="$PACKAGE"])])
-
-dnl implementation note: a bug report (31.5.2005) from Marten Svantesson points
-dnl out a problem where `echo "\1"` results in a Control-A. The unix standard
-dnl http://www.opengroup.org/onlinepubs/000095399/utilities/echo.html
-dnl defines all backslash-sequences to be inherently non-portable asking
-dnl for replacement mit printf. Some old systems had problems with that
-dnl one either. However, the latest libtool (!) release does export an $ECHO
-dnl (and $echo) that does the right thing - just one question is left: what
-dnl was the first version to have it? Is it greater 2.58 ?
+++ /dev/null
-#!/bin/sh
-
-reconf () {
- aclocal
- mkdir -p config
- libtoolize --copy --automake
- autoconf
- autoheader
- automake --no-force --add-missing --copy
-}
-
-(cd third_party/bnlib && ./bootstrap.sh)
-reconf
-
+++ /dev/null
-#
-# Copyright (c) 2006-2011 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-# For licensing and other legal details, see the file zrtp_legal.c.
-#
-# Viktor Krikun <v.krikun at zfoneproject.com>
-#
-
-AC_INIT([libzrtp], [1.2.0])
-
-AC_CONFIG_AUX_DIR(config)
-AC_CONFIG_HEADER(config/config.h)
-
-# Checks for target OS
-AC_CANONICAL_TARGET
-
-case $target_os in
- aix*) ;;
- *mingw* | *cygw* | *win32* | *w32* )
- echo "------- START libzrtp configuration for Windows platform ------------"
- ;;
- *darwin*)
- echo "------- START libzrtp configuration for Darwin platform ------------"
- ;;
- *freebsd2* | *freebsd* | *netbsd* | *openbsd* | *osf[12]*)
- echo "------- START libzrtp configuration for BSD platform ------------"
- ;;
- hpux* | irix* | linuxaout* | linux* | osf* | solaris2* | sunos4*)
- echo "------- START libzrtp configuration for Linux platform ------------"
- ;;
-esac
-
-
-AM_INIT_AUTOMAKE
-AX_PREFIX_CONFIG_H(include/zrtp_config_unix.h,ZRTP,config/config.h)
-
-CFLAGS="$CFLAGS -std=c99 -O2 -g3 -Wall -Wextra -Wno-unused-parameter -fno-strict-aliasing -fPIC -DZRTP_AUTOMAKE=1"
-
-# Configuring external libraries
-echo "========================= configuring bnlib =============================="
-cd third_party/bnlib
-./configure CFLAGS="$CFLAGS"
-cd ../..
-echo "================================ done ==================================="
-
-# Checks for programs.
-AC_PROG_CC
-AC_PROG_CXX
-AC_PROG_RANLIB
-AM_PROG_CC_C_O
-
-# Checks for header files.
-AC_HEADER_STDC
-AC_CHECK_HEADERS([linux/version.h endian.h])
-AC_CHECK_HEADERS([errno.h])
-AC_CHECK_HEADERS([asm/types.h])
-AC_CHECK_HEADERS([stdlib.h stdint.h stdarg.h])
-AC_CHECK_HEADERS([string.h strings.h])
-AC_CHECK_HEADERS([stdio.h unistd.h])
-AC_CHECK_HEADERS([inttypes.h sys/inttypes.h sys/types.h machine/types.h])
-AC_CHECK_HEADERS([pthread.h semaphore.h sys/time.h fcntl.h])
-
-AC_CHECK_TYPES([int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,uint64_t,int64_t])
-
-# Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-
-# Checks for library functions.
-AC_CHECK_FUNCS([memset memcpy malloc free])
-AC_CHECK_FUNCS([usleep nanosleep])
-AC_CHECK_FUNCS([fopen fread])
-AC_CHECK_FUNCS([pthread_mutex_lock pthread_mutex_unlock pthread_mutex_init pthread_mutex_destroy])
-AC_CHECK_FUNCS([pthread_attr_init pthread_attr_setdetachstate pthread_create])
-AC_CHECK_FUNCS([sem_wait sem_trywait sem_post sem_unlink sem_destroy sem_open sem_init])
-
-AC_CHECK_LIB([pthread], [main], [LIBS="-lpthread $LIBS"], [echo " Couldn't find library pthread";])
-
-# Other
-AC_DEFINE(PRAGMA_PACK_PUSH,[#pragma pack(push, 1)],[Define pragma pack(push) for your platform])
-AC_DEFINE(PRAGMA_PACK_POP,[#pragma pack(pop)],[Define pragma pack(pop) for your platform])
-AC_DEFINE(INLINE,[static inline],[Define inline construction for your platform])
-
-#
-# Documentation
-#
-AM_CONDITIONAL([HAVE_DOXYGEN], [false])
-AC_CHECK_PROGS([DOXYGEN], [doxygen])
-if test -z "$DOXYGEN"; then
- AC_MSG_WARN([Doxygen not found - continuing without Doxygen support])
-else
- AM_CONDITIONAL([HAVE_DOXYGEN], [true])
- AC_CONFIG_FILES([doc/Doxyfile])
-fi
-
-#
-# Generate Makefiles
-AC_OUTPUT([Makefile])
+++ /dev/null
-cd ../../doc
-rm -f docs.tar.gz
-rm -rf libzrtp-doc
-echo "=================> start doxygen."
-doxygen > /dev/null 2>&1
-mkdir libzrtp-doc
-cp -Rf ./out/html/* ./libzrtp-doc
-tar -zcvf ./libzrtp-doc.tar.gz ./libzrtp-doc >> /dev/null
-rm -rf libzrtp-doc
+++ /dev/null
-#!/usr/bin/perl
-
-use Getopt::Std;
-
-getopts("l:ehs", \%args);
-
-if ($args{h})
-{
- print "Usage: create_pack.pl [OPTION]...\n\n";
- print " -l file write down list of files\n";
- print " -e enterprise version\n";
- print " -s dont add version suffix to package name\n";
- print " -h this help\n\n";
- exit 1;
-}
-
-#to create list of files:
-if ($args{l})
-{
- create_files_list($args{l});
- exit 1;
-}
-
-$enterprise = 0;
-if ($args{e})
-{
- $enterprise = 1;
-}
-
-if ($args{s})
-{
- $packdir="libzrtp";
-}
-else
-{
- $LIBZRTP_VERSION=`cat ../../include/zrtp_version.h | grep 'LIBZRTP_VERSION_STR' | awk '{print \$3, \$4}' | sed 's/"v\\(.*\\) \\(.*\\)"/\\1.\\2/'`;
- chomp($LIBZRTP_VERSION);
- $packdir="libzrtp-$LIBZRTP_VERSION";
-}
-
-if (-d $packdir)
-{
- `rm -rf $packdir`
-}
-
-mkdir $packdir;
-create_array();
-
-foreach $file(@array)
-{
- if (!$enterprise &&
- (($file =~ m/\/enterprise/i) ||
- ($file =~ m/_ec.*(proj|sln)/i) ||
- ($file =~ m/_EC.*(WIN)/i) ||
- ($file =~ m/\/xcode/i)))
- {
- print "$file skipped\n";
- next;
- }
-
- $path = "../../" . $file;
- if (!-e $path)
- {
- print "[ERROR]: file $file doesn't exist!\n";
- `rm -rf $packdir`;
- exit -1;
- }
- if (-d $path)
- {
- mkdir "$packdir/$file";
- }
- else
- {
-# print "copying $path file\n";
- `cp $path $packdir/$file`
- }
-}
-
-if (!$enterprise)
-{
- `cp -f ../../projects/win/libzrtp_not_ec.vcproj $packdir/projects/win/libzrtp.vcproj`;
- `cp -f ../../projects/win_ce/libzrtp_wince_not_ec.vcproj $packdir/projects/win_ce/libzrtp_wince.vcproj`;
- `cp -f ../../projects/win_kernel/MAKEFILE_NOT_EC.WIN64 $packdir/projects/win_kernel/MAKEFILE.WIN64`;
- `cp -f ../../projects/win_kernel/MAKEFILE_NOT_EC.WIN32 $packdir/projects/win_kernel/MAKEFILE.WIN32`;
-
- `rm $packdir/include/zrtp_ec.h`;
-# `rm $packdir/include/zrtp_iface_cache.h`;
- `rm $packdir/src/zrtp_crypto_ecdsa.c`;
- `rm $packdir/src/zrtp_crypto_ec.c`;
-# `rm $packdir/src/zrtp_engine_driven.c`;
- `rm $packdir/src/zrtp_crypto_ecdh.c`;
-# `rm $packdir/src/zrtp_iface_cache.c`;
-}
-
-
-`find $packdir -name "._*" -delete`;
-
-$pack_name = $packdir;
-if ($enterprise)
-{
- $pack_name = $pack_name . "-ec";
-}
-
-$system = `uname -a`;
-if ($system =~ m/darwin/i)
-{
- `rm -rf $pack_name.zip`;
- `zip -r $pack_name.zip $packdir`;
-}
-else
-{
- `rm -rf $pack_name.tar.gz`;
- `tar -zcvf $pack_name.tar.gz $packdir`;
-}
-`rm -rf $packdir`;
-print "package was created\n";
-
-#for item in $array; do
-# echo "item:"$'\t'"$item"
-
-sub create_files_list()
-{
- $path = `pwd`;
- chop($path);
- `cd ../..;find . -not -path *svn* -print | awk '{printf \"\\t\\t\\"%s\\",\\n\", \$1} ' > $path/$_[0];cd $path`;
-}
-
-
-sub create_array()
-{
- @array =
- (
- "./ChangeLog",
- "./README",
- "./AUTHORS",
- "./projects",
- "./projects/gnu",
- "./projects/gnu/Makefile.am",
- "./projects/gnu/Makefile.in",
- "./projects/gnu/COPYING",
- "./projects/gnu/aclocal.m4",
- "./projects/gnu/configure",
- "./projects/gnu/README",
- "./projects/gnu/AUTHORS",
- "./projects/gnu/configure.in",
- "./projects/gnu/INSTALL",
- "./projects/gnu/autoreconf.sh",
- "./projects/gnu/config",
- "./projects/gnu/config/config.guess",
- "./projects/gnu/config/config.sub",
- "./projects/gnu/config/config.h.in",
- "./projects/gnu/config/install-sh",
- "./projects/gnu/config/missing",
- "./projects/gnu/config/prefix_config.m4",
- "./projects/gnu/config/depcomp",
- "./projects/gnu/NEWS",
- "./projects/gnu/Makefile.in",
- "./projects/gnu/build",
- "./projects/gnu/build/Makefile.am",
- "./projects/gnu/build/Makefile.in",
- "./projects/gnu/build/test",
- "./projects/gnu/build/test/Makefile.am",
- "./projects/gnu/build/test/Makefile.in",
- "./projects/gnu/ChangeLog",
- "./projects/xcode",
- "./projects/xcode/libzrtp.xcodeproj",
- "./projects/xcode/libzrtp.xcodeproj/project.pbxproj",
- "./projects/xcode/libzrtp_test.xcodeproj",
- "./projects/xcode/libzrtp_test.xcodeproj/project.pbxproj",
- "./projects/win_kernel",
- "./projects/win_kernel/MAKEFILE.WIN64",
- "./projects/win_kernel/MAKEFILE.WIN32",
- "./projects/win",
- "./projects/win/libzrtp.vcproj",
- "./projects/win/libzrtp.sln",
- "./projects/win/libzrtp_test.vcproj",
- "./projects/win_ce",
- "./projects/win_ce/libzrtp_test_wince.vcproj",
- "./projects/win_ce/libzrtp_wince.sln",
- "./projects/win_ce/libzrtp_wince.vcproj",
- "./projects/symbian",
- "./projects/symbian/bld.bat",
- "./projects/symbian/bld.inf",
- "./projects/symbian/bldgcce.bat",
- "./projects/symbian/libzrtp.mmp",
- "./projects/symbian/zrtp_iface_symb.cpp",
- "./src",
- "./src/zrtp.c",
- "./src/zrtp_crc.c",
- "./src/zrtp_crypto_aes.c",
- "./src/zrtp_crypto_atl.c",
- "./src/zrtp_crypto_hash.c",
- "./src/zrtp_crypto_pk.c",
- "./src/zrtp_crypto_sas.c",
- "./src/zrtp_datatypes.c",
- "./src/zrtp_engine.c",
- "./src/zrtp_iface_scheduler.c",
- "./src/zrtp_iface_sys.c",
- "./src/zrtp_initiator.c",
- "./src/zrtp_legal.c",
- "./src/zrtp_list.c",
- "./src/zrtp_log.c",
- "./src/zrtp_pbx.c",
- "./src/zrtp_protocol.c",
- "./src/zrtp_responder.c",
- "./src/zrtp_rng.c",
- "./src/zrtp_srtp_builtin.c",
- "./src/zrtp_srtp_dm.c",
- "./src/zrtp_string.c",
- "./src/zrtp_utils.c",
- "./src/zrtp_utils_proto.c",
- "./src/zrtp_crypto_ecdsa.c",
- "./src/zrtp_crypto_ec.c",
- "./src/zrtp_engine_driven.c",
- "./src/zrtp_crypto_ecdh.c",
- "./src/zrtp_iface_cache.c",
- "./doc",
- "./include",
- "./include/zrtp.h",
- "./include/zrtp_base.h",
- "./include/zrtp_config.h",
- "./include/zrtp_config_user.h",
- "./include/zrtp_config_win.h",
- "./include/zrtp_config_symbian.h",
- "./include/zrtp_crypto.h",
- "./include/zrtp_engine.h",
- "./include/zrtp_error.h",
- "./include/zrtp_ec.h",
- "./include/zrtp_iface.h",
- "./include/zrtp_iface_cache.h",
- "./include/zrtp_iface_system.h",
- "./include/zrtp_iface_scheduler.h",
- "./include/zrtp_legal.h",
- "./include/zrtp_list.h",
- "./include/zrtp_log.h",
- "./include/zrtp_pbx.h",
- "./include/zrtp_protocol.h",
- "./include/zrtp_srtp.h",
- "./include/zrtp_srtp_builtin.h",
- "./include/zrtp_string.h",
- "./include/zrtp_types.h",
- "./include/zrtp_version.h",
- "./third_party",
- "./third_party/bnlib",
- "./third_party/bnlib/lbnmem.c",
- "./third_party/bnlib/lbn00.c",
- "./third_party/bnlib/bn16.c",
- "./third_party/bnlib/bn32.c",
- "./third_party/bnlib/bn.c",
- "./third_party/bnlib/lbnppc.h",
- "./third_party/bnlib/bnsize00.h",
- "./third_party/bnlib/lbn32.h",
- "./third_party/bnlib/lbn80386.h",
- "./third_party/bnlib/lbn68020.h",
- "./third_party/bnlib/germtest",
- "./third_party/bnlib/jacobi.h",
- "./third_party/bnlib/bn00.c",
- "./third_party/bnlib/bnconfig.h",
- "./third_party/bnlib/lbn8086.h",
- "./third_party/bnlib/bntest00.c",
- "./third_party/bnlib/germain.c",
- "./third_party/bnlib/lbn960jx.h",
- "./third_party/bnlib/sizetest.c",
- "./third_party/bnlib/config.cache",
- "./third_party/bnlib/bn68000.c",
- "./third_party/bnlib/lbnalpha.h",
- "./third_party/bnlib/cputime.h",
- "./third_party/bnlib/legal.c",
- "./third_party/bnlib/configure.lineno",
- "./third_party/bnlib/configure",
- "./third_party/bnlib/bnprint.c",
- "./third_party/bnlib/bn8086.c",
- "./third_party/bnlib/lbn68020.c",
- "./third_party/bnlib/README.bntest",
- "./third_party/bnlib/lbn8086.asm",
- "./third_party/bnlib/lbn16.c",
- "./third_party/bnlib/lbn32.c",
- "./third_party/bnlib/legal.h",
- "./third_party/bnlib/configure.in",
- "./third_party/bnlib/lbn960jx.s",
- "./third_party/bnlib/prime.h",
- "./third_party/bnlib/bninit16.c",
- "./third_party/bnlib/bninit32.c",
- "./third_party/bnlib/files",
- "./third_party/bnlib/ppcasm.h",
- "./third_party/bnlib/lbn.h",
- "./third_party/bnlib/README.bn",
- "./third_party/bnlib/bnintern.doc",
- "./third_party/bnlib/sieve.c",
- "./third_party/bnlib/bn16.h",
- "./third_party/bnlib/bn32.h",
- "./third_party/bnlib/bnprint.h",
- "./third_party/bnlib/sieve.h",
- "./third_party/bnlib/cfg",
- "./third_party/bnlib/lbn68000.h",
- "./third_party/bnlib/lbnalpha.s",
- "./third_party/bnlib/bntest16.c",
- "./third_party/bnlib/bntest32.c",
- "./third_party/bnlib/cfg.debug",
- "./third_party/bnlib/lbnmem.h",
- "./third_party/bnlib/germtest.c",
- "./third_party/bnlib/prime.c",
- "./third_party/bnlib/lbn68000.c",
- "./third_party/bnlib/config.log",
- "./third_party/bnlib/germain.h",
- "./third_party/bnlib/kludge.h",
- "./third_party/bnlib/Makefile.in",
- "./third_party/bnlib/test",
- "./third_party/bnlib/test/primetest.c",
- "./third_party/bnlib/test/rsaglue.h",
- "./third_party/bnlib/test/randpool.c",
- "./third_party/bnlib/test/keys.c",
- "./third_party/bnlib/test/primes.doc",
- "./third_party/bnlib/test/rsatest.c",
- "./third_party/bnlib/test/posix.h",
- "./third_party/bnlib/test/legal.c",
- "./third_party/bnlib/test/README.rsatest",
- "./third_party/bnlib/test/rsaglue.c",
- "./third_party/bnlib/test/kbmsdos.c",
- "./third_party/bnlib/test/keygen.c",
- "./third_party/bnlib/test/README.dsatest",
- "./third_party/bnlib/test/types.h",
- "./third_party/bnlib/test/random.c",
- "./third_party/bnlib/test/md5.c",
- "./third_party/bnlib/test/userio.h",
- "./third_party/bnlib/test/md5.h",
- "./third_party/bnlib/test/dsatest.c",
- "./third_party/bnlib/test/pt.c",
- "./third_party/bnlib/test/dhtest.c",
- "./third_party/bnlib/test/sha.h",
- "./third_party/bnlib/test/keygen.h",
- "./third_party/bnlib/test/noise.h",
- "./third_party/bnlib/test/first.h",
- "./third_party/bnlib/test/README.dhtest",
- "./third_party/bnlib/test/randtest.c",
- "./third_party/bnlib/test/randpool.h",
- "./third_party/bnlib/test/random.h",
- "./third_party/bnlib/test/sha.c",
- "./third_party/bnlib/test/noise.c",
- "./third_party/bnlib/test/kbunix.c",
- "./third_party/bnlib/test/kludge.h",
- "./third_party/bnlib/test/keys.h",
- "./third_party/bnlib/test/usuals.h",
- "./third_party/bnlib/test/kb.h",
- "./third_party/bnlib/CHANGES",
- "./third_party/bnlib/bnconfig.hin",
- "./third_party/bnlib/lbn80386.asm",
- "./third_party/bnlib/jacobi.c",
- "./third_party/bnlib/config.status",
- "./third_party/bnlib/lbn16.h",
- "./third_party/bnlib/lbn80386.s",
- "./third_party/bnlib/lbn68360.s",
- "./third_party/bnlib/bignum-ARM",
- "./third_party/bnlib/bignum-ARM/lbnmem.c",
- "./third_party/bnlib/bignum-ARM/sha256_core.s",
- "./third_party/bnlib/bignum-ARM/lbnarm.h",
- "./third_party/bnlib/bignum-ARM/config.h",
- "./third_party/bnlib/bignum-ARM/cputime.h",
- "./third_party/bnlib/bignum-ARM/lbn16.c",
- "./third_party/bnlib/bignum-ARM/lbnarm.s",
- "./third_party/bnlib/bignum-ARM/README-small-memory",
- "./third_party/bnlib/bignum-ARM/sha256_arm.c",
- "./third_party/bnlib/bignum-ARM/lbn.h",
- "./third_party/bnlib/bignum-ARM/bntest16.c",
- "./third_party/bnlib/bignum-ARM/lbnmem.h",
- "./third_party/bnlib/bignum-ARM/kludge.h",
- "./third_party/bnlib/bignum-ARM/lbn16.h",
- "./third_party/bnlib/bn.doc",
- "./third_party/bnlib/lbnppc.c",
- "./third_party/bnlib/bn.h",
- "./third_party/bgaes",
- "./third_party/bgaes/sha1.h",
- "./third_party/bgaes/sha1.c",
- "./third_party/bgaes/brg_types.h",
- "./third_party/bgaes/aestab.c",
- "./third_party/bgaes/aestab.h",
- "./third_party/bgaes/sha2.h",
- "./third_party/bgaes/aes_modes.c",
- "./third_party/bgaes/aescrypt.c",
- "./third_party/bgaes/bg2zrtp.h",
- "./third_party/bgaes/aeskey.c",
- "./third_party/bgaes/sha2.c",
- "./third_party/bgaes/aes.h",
- "./third_party/bgaes/aesopt.h",
- "./test",
- "./test/README",
- "./test/pc",
- "./test/pc/zrtp_test_core.c",
- "./test/pc/zrtp_test_core.h",
- "./test/pc/zrtp_test_crypto.c",
- "./test/pc/zrtp_test_queue.c",
- "./test/pc/zrtp_test_queue.h",
- "./test/pc/zrtp_test_ui.c",
- "./test/win_ce",
- "./test/win_ce/libzrtp_test_GUI.cpp",
- "./test/win_ce/libzrtp_test_GUI.h",
- "./test/win_ce/libzrtp_test_GUI.ico",
- "./test/win_ce/libzrtp_test_GUIppc.rc",
- "./test/win_ce/libzrtp_test_GUIppc.rc2",
- "./test/win_ce/libzrtp_test_GUIsp.rc",
- "./test/win_ce/libzrtp_test_GUIsp.rc2",
- "./test/win_ce/ReadMe.txt",
- "./test/win_ce/resourceppc.h",
- "./test/win_ce/resourcesp.h",
- "./test/win_ce/stdafx.cpp",
- "./test/win_ce/stdafx.h",
- "./doc",
- "./doc/img",
- "./doc/manuals",
- "./doc/manuals/howto.dox",
- "./doc/manuals/main.dox",
- "./doc/manuals/rng.dox",
- "./doc/out",
- "./doc/out/html",
- "./doc/out/html/zfone.jpg",
- "./doc/Doxyfile",
- "./doc/doxygen.css",
- "./doc/footer.html",
- "./doc/header.html"
- )
-}
+++ /dev/null
-# Doxyfile 1.8.0
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project.
-#
-# All text after a hash (#) is considered a comment and will be ignored.
-# The format is:
-# TAG = value [value, ...]
-# For lists items can also be appended using:
-# TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ").
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# This tag specifies the encoding used for all characters in the config file
-# that follow. The default is UTF-8 which is also the encoding used for all
-# text before the first occurrence of this tag. Doxygen uses libiconv (or the
-# iconv built into libc) for the transcoding. See
-# http://www.gnu.org/software/libiconv for the list of possible encodings.
-
-DOXYFILE_ENCODING = UTF-8
-
-# The PROJECT_NAME tag is a single word (or sequence of words) that should
-# identify the project. Note that if you do not use Doxywizard you need
-# to put quotes around the project name if it contains spaces.
-
-PROJECT_NAME = @PACKAGE_NAME@
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER = @PACKAGE_VERSION@
-
-# Using the PROJECT_BRIEF tag one can provide an optional one line description
-# for a project that appears at the top of each page and should give viewer
-# a quick idea about the purpose of the project. Keep the description short.
-
-PROJECT_BRIEF = "ZRTP VoIP security"
-
-# With the PROJECT_LOGO tag one can specify an logo or icon that is
-# included in the documentation. The maximum height of the logo should not
-# exceed 55 pixels and the maximum width should not exceed 200 pixels.
-# Doxygen will copy the logo to the output directory.
-
-PROJECT_LOGO =
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY = @top_srcdir@/doc/out
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
-# 4096 sub-directories (in 2 levels) under the output directory of each output
-# format and will distribute the generated files over these directories.
-# Enabling this option can be useful when feeding doxygen a huge amount of
-# source files, where putting all generated files in the same directory would
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
-# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German,
-# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English
-# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian,
-# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak,
-# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
-
-OUTPUT_LANGUAGE = English
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF = YES
-
-# This tag implements a quasi-intelligent brief description abbreviator
-# that is used to form the text in various listings. Each string
-# in this list, if found as the leading text of the brief description, will be
-# stripped from the text and the result after processing the whole list, is
-# used as the annotated text. Otherwise, the brief description is used as-is.
-# If left blank, the following values are used ("$name" is automatically
-# replaced with the name of the entity): "The $name class" "The $name widget"
-# "The $name file" "is" "provides" "specifies" "contains"
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF =
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
-# inherited members of a class in the documentation of that class as if those
-# members were ordinary class members. Constructors, destructors and assignment
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES = YES
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user-defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. The tag can be used to show relative paths in the file list.
-# If left blank the directory from which doxygen is run is used as the
-# path to strip.
-
-STRIP_FROM_PATH =
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
-# the path mentioned in the documentation of a class, which tells
-# the reader which header file to include in order to use a class.
-# If left blank only the name of the header file containing the class
-# definition is used. Otherwise one should specify the include paths that
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH =
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful if your file system
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like regular Qt-style comments
-# (thus requiring an explicit @brief command for a brief description.)
-
-JAVADOC_AUTOBRIEF = NO
-
-# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
-# interpret the first line (until the first dot) of a Qt-style
-# comment as the brief description. If set to NO, the comments
-# will behave just like regular Qt-style comments (thus requiring
-# an explicit \brief command for a brief description.)
-
-QT_AUTOBRIEF = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# re-implements.
-
-INHERIT_DOCS = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
-# a new page for each member. If set to NO, the documentation of a member will
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE = 4
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user-defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES =
-
-# This tag can be used to specify a number of word-keyword mappings (TCL only).
-# A mapping has the form "name=value". For example adding
-# "class=itcl::class" will allow you to use the command class in the
-# itcl::class meaning.
-
-TCL_SUBST =
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
-# sources only. Doxygen will then generate output that is more tailored for C.
-# For instance, some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
-# sources only. Doxygen will then generate output that is more tailored for
-# Java. For instance, namespaces will be presented as packages, qualified
-# scopes will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA = NO
-
-# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
-# sources only. Doxygen will then generate output that is more tailored for
-# Fortran.
-
-OPTIMIZE_FOR_FORTRAN = NO
-
-# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
-# sources. Doxygen will then generate output that is tailored for
-# VHDL.
-
-OPTIMIZE_OUTPUT_VHDL = NO
-
-# Doxygen selects the parser to use depending on the extension of the files it
-# parses. With this tag you can assign which parser to use for a given extension.
-# Doxygen has a built-in mapping, but you can override or extend it using this
-# tag. The format is ext=language, where ext is a file extension, and language
-# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C,
-# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make
-# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C
-# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions
-# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen.
-
-EXTENSION_MAPPING =
-
-# If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all
-# comments according to the Markdown format, which allows for more readable
-# documentation. See http://daringfireball.net/projects/markdown/ for details.
-# The output of markdown processing is further processed by doxygen, so you
-# can mix doxygen, HTML, and XML commands with Markdown formatting.
-# Disable only in case of backward compatibilities issues.
-
-MARKDOWN_SUPPORT = YES
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
-# to include (a tag file for) the STL sources as input, then you should
-# set this tag to YES in order to let doxygen match functions declarations and
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
-# func(std::string) {}). This also makes the inheritance and collaboration
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT = NO
-
-# If you use Microsoft's C++/CLI language, you should set this option to YES to
-# enable parsing support.
-
-CPP_CLI_SUPPORT = NO
-
-# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
-# Doxygen will parse them like normal C++ but will assume all classes use public
-# instead of private inheritance when no explicit protection keyword is present.
-
-SIP_SUPPORT = NO
-
-# For Microsoft's IDL there are propget and propput attributes to indicate getter
-# and setter methods for a property. Setting this option to YES (the default)
-# will make doxygen replace the get and set methods by a property in the
-# documentation. This will only work if the methods are indeed getting or
-# setting a simple type. If this is not the case, or you want to show the
-# methods anyway, you should set this option to NO.
-
-IDL_PROPERTY_SUPPORT = YES
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
-# the same type (for instance a group of public functions) to be put as a
-# subgroup of that type (e.g. under the Public Functions section). Set it to
-# NO to prevent subgrouping. Alternatively, this can be done per class using
-# the \nosubgrouping command.
-
-SUBGROUPING = YES
-
-# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and
-# unions are shown inside the group in which they are included (e.g. using
-# @ingroup) instead of on a separate page (for HTML and Man pages) or
-# section (for LaTeX and RTF).
-
-INLINE_GROUPED_CLASSES = NO
-
-# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and
-# unions with only public data fields will be shown inline in the documentation
-# of the scope in which they are defined (i.e. file, namespace, or group
-# documentation), provided this scope is documented. If set to NO (the default),
-# structs, classes, and unions are shown on a separate page (for HTML and Man
-# pages) or section (for LaTeX and RTF).
-
-INLINE_SIMPLE_STRUCTS = NO
-
-# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
-# is documented as struct, union, or enum with the name of the typedef. So
-# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
-# with name TypeT. When disabled the typedef will appear as a member of a file,
-# namespace, or class. And the struct will be named TypeS. This can typically
-# be useful for C code in case the coding convention dictates that all compound
-# types are typedef'ed and only the typedef is referenced, never the tag name.
-
-TYPEDEF_HIDES_STRUCT = NO
-
-# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to
-# determine which symbols to keep in memory and which to flush to disk.
-# When the cache is full, less often used symbols will be written to disk.
-# For small to medium size projects (<1000 input files) the default value is
-# probably good enough. For larger projects a too small cache size can cause
-# doxygen to be busy swapping symbols to and from disk most of the time
-# causing a significant performance penalty.
-# If the system has enough physical memory increasing the cache will improve the
-# performance by keeping more symbols in memory. Note that the value works on
-# a logarithmic scale so increasing the size by one will roughly double the
-# memory usage. The cache size is given by this formula:
-# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
-# corresponding to a cache size of 2^16 = 65536 symbols.
-
-SYMBOL_CACHE_SIZE = 0
-
-# Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be
-# set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given
-# their name and scope. Since this can be an expensive process and often the
-# same symbol appear multiple times in the code, doxygen keeps a cache of
-# pre-resolved symbols. If the cache is too small doxygen will become slower.
-# If the cache is too large, memory is wasted. The cache size is given by this
-# formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0,
-# corresponding to a cache size of 2^16 = 65536 symbols.
-
-LOOKUP_CACHE_SIZE = 0
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL = NO
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
-EXTRACT_PRIVATE = NO
-
-# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal scope will be included in the documentation.
-
-EXTRACT_PACKAGE = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
-EXTRACT_STATIC = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES = YES
-
-# This flag is only useful for Objective-C code. When set to YES local
-# methods, which are defined in the implementation section but not in
-# the interface are included in the documentation.
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS = NO
-
-# If this flag is set to YES, the members of anonymous namespaces will be
-# extracted and appear in the documentation as a namespace called
-# 'anonymous_namespace{file}', where file will be replaced with the base
-# name of the file that contains the anonymous namespace. By default
-# anonymous namespaces are hidden.
-
-EXTRACT_ANON_NSPACES = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these classes will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
-# documentation blocks found inside the body of a function.
-# If set to NO (the default) these blocks will be appended to the
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS = NO
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower-case letters. If set to YES upper-case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# and Mac users are advised to set this option to NO.
-
-CASE_SENSE_NAMES = NO
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put a list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES = YES
-
-# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen
-# will list include files with double quotes in the documentation
-# rather than with sharp brackets.
-
-FORCE_LOCAL_INCLUDES = NO
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS = YES
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
-# brief documentation of file, namespace and class members alphabetically
-# by member name. If set to NO (the default) the members will appear in
-# declaration order.
-
-SORT_BRIEF_DOCS = NO
-
-# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen
-# will sort the (brief and detailed) documentation of class members so that
-# constructors and destructors are listed first. If set to NO (the default)
-# the constructors will appear in the respective orders defined by
-# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS.
-# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO
-# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
-
-SORT_MEMBERS_CTORS_1ST = NO
-
-# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
-# hierarchy of group names into alphabetical order. If set to NO (the default)
-# the group names will appear in their defined order.
-
-SORT_GROUP_NAMES = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
-# sorted by fully-qualified names, including namespaces. If set to
-# NO (the default), the class list will be sorted only by class name,
-# not including the namespace part.
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME = NO
-
-# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to
-# do proper type resolution of all parameters of a function it will reject a
-# match between the prototype and the implementation of a member function even
-# if there is only one candidate or it is obvious which candidate to choose
-# by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen
-# will still accept a match between prototype and implementation in such cases.
-
-STRICT_PROTO_MATCHING = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or macro consists of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and macros in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES = YES
-
-# If the sources in your project are distributed over multiple directories
-# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
-# in the documentation. The default is NO.
-
-SHOW_DIRECTORIES = NO
-
-# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
-# This will remove the Files entry from the Quick Index and from the
-# Folder Tree View (if specified). The default is YES.
-
-SHOW_FILES = YES
-
-# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
-# Namespaces page.
-# This will remove the Namespaces entry from the Quick Index
-# and from the Folder Tree View (if specified). The default is YES.
-
-SHOW_NAMESPACES = YES
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that
-# doxygen should invoke to get the current version for each file (typically from
-# the version control system). Doxygen will invoke the program by executing (via
-# popen()) the command <command> <input-file>, where <command> is the value of
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
-# provided by doxygen. Whatever the program writes to standard output
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER =
-
-# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed
-# by doxygen. The layout file controls the global structure of the generated
-# output files in an output format independent way. The create the layout file
-# that represents doxygen's defaults, run doxygen with the -l option.
-# You can optionally specify a file name after the option, if omitted
-# DoxygenLayout.xml will be used as the name of the layout file.
-
-LAYOUT_FILE =
-
-# The CITE_BIB_FILES tag can be used to specify one or more bib files
-# containing the references data. This must be a list of .bib files. The
-# .bib extension is automatically appended if omitted. Using this command
-# requires the bibtex tool to be installed. See also
-# http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style
-# of the bibliography can be controlled using LATEX_BIB_STYLE. To use this
-# feature you need bibtex and perl available in the search path.
-
-CITE_BIB_FILES =
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
-# potential errors in the documentation, such as not documenting some
-# parameters in a documented function, or documenting parameters that
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR = YES
-
-# The WARN_NO_PARAMDOC option can be enabled to get warnings for
-# functions that are documented, but have no documentation for their parameters
-# or return value. If set to NO (the default) doxygen will only warn about
-# wrong or incomplete parameter documentation, but not about the absence of
-# documentation.
-
-WARN_NO_PARAMDOC = NO
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text. Optionally the format may contain
-# $version, which will be replaced by the version of the file (if it could
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
-INPUT = @top_srcdir@
-INPUT = @top_srcdir@/doc/manuals/main.dox \
- @top_srcdir@/doc/manuals/howto.dox \
- @top_srcdir@/doc/manuals/changelog.dox \
- @top_srcdir@/doc/manuals/rng.dox \
- @top_srcdir@/include/zrtp_config_user.h \
- @top_srcdir@/include/zrtp.h \
- @top_srcdir@/include/zrtp_iface_system.h \
- @top_srcdir@/include/zrtp_iface.h \
- @top_srcdir@/include/zrtp_error.h \
- @top_srcdir@/include/zrtp_types.h \
- @top_srcdir@/include/zrtp_string.h \
- @top_srcdir@/include/zrtp_pbx.h
-
-
-# This tag can be used to specify the character encoding of the source files
-# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
-# also the default input encoding. Doxygen uses libiconv (or the iconv built
-# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
-# the list of possible encodings.
-
-INPUT_ENCODING = UTF-8
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh
-# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py
-# *.f90 *.f *.for *.vhd *.vhdl
-
-FILE_PATTERNS =
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
-RECURSIVE = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should be
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-# Note that relative paths are relative to the directory from which doxygen is
-# run.
-
-EXCLUDE =
-
-# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
-# directories that are symbolic links (a Unix file system feature) are excluded
-# from the input.
-
-EXCLUDE_SYMLINKS = NO
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories. Note that the wildcards are matched
-# against the file with absolute path, so to exclude all test directories
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS =
-
-# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
-# (namespaces, classes, functions, etc.) that should be excluded from the
-# output. The symbol name can be a fully qualified name, a word, or if the
-# wildcard * is used, a substring. Examples: ANamespace, AClass,
-# AClass::ANamespace, ANamespace::*Test
-
-EXCLUDE_SYMBOLS =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS =
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH =
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command <filter> <input-file>, where <filter>
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output.
-# If FILTER_PATTERNS is specified, this tag will be
-# ignored.
-
-INPUT_FILTER =
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
-# basis.
-# Doxygen will compare the file name with each pattern and apply the
-# filter if there is a match.
-# The filters are a list of the form:
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
-# info on how filters are used. If FILTER_PATTERNS is empty or if
-# non of the patterns match the file name, INPUT_FILTER is applied.
-
-FILTER_PATTERNS =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES = NO
-
-# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file
-# pattern. A pattern will override the setting for FILTER_PATTERN (if any)
-# and it is also possible to disable source filtering for a specific pattern
-# using *.ext= (so without naming a filter). This option only has effect when
-# FILTER_SOURCE_FILES is enabled.
-
-FILTER_SOURCE_PATTERNS =
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-# Note: To get rid of all source code in the generated output, make sure also
-# VERBATIM_HEADERS is set to NO.
-
-SOURCE_BROWSER = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES
-# then for each documented function all documented
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = NO
-
-# If the REFERENCES_RELATION tag is set to YES
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
-REFERENCES_RELATION = NO
-
-# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
-# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
-# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
-# link to the source code.
-# Otherwise they will link to the documentation.
-
-REFERENCES_LINK_SOURCE = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code
-# will point to the HTML generated by the htags(1) tool instead of doxygen
-# built-in source browser. The htags tool is part of GNU's global source
-# tagging system (see http://www.gnu.org/software/global/global.html). You
-# will need version 4.8.6 or higher.
-
-USE_HTAGS = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX = YES
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX = 5
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header. Note that when using a custom header you are responsible
-# for the proper inclusion of any scripts and style sheets that doxygen
-# needs, which is dependent on the configuration options used.
-# It is advised to generate a default header using "doxygen -w html
-# header.html footer.html stylesheet.css YourConfigFile" and then modify
-# that header. Note that the header is subject to change so you typically
-# have to redo this when upgrading to a newer version of doxygen or when
-# changing the value of configuration settings such as GENERATE_TREEVIEW!
-
-HTML_HEADER =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER =
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If the tag is left blank doxygen
-# will generate a default style sheet. Note that doxygen will try to copy
-# the style sheet file to the HTML output directory, so don't put your own
-# style sheet in the HTML output directory as well, or it will be erased!
-
-HTML_STYLESHEET =
-
-# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or
-# other source files which should be copied to the HTML output directory. Note
-# that these files will be copied to the base HTML output directory. Use the
-# $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these
-# files. In the HTML_STYLESHEET file, use the file name only. Also note that
-# the files will be copied as-is; there are no commands or markers available.
-
-HTML_EXTRA_FILES =
-
-# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output.
-# Doxygen will adjust the colors in the style sheet and background images
-# according to this color. Hue is specified as an angle on a colorwheel,
-# see http://en.wikipedia.org/wiki/Hue for more information.
-# For instance the value 0 represents red, 60 is yellow, 120 is green,
-# 180 is cyan, 240 is blue, 300 purple, and 360 is red again.
-# The allowed range is 0 to 359.
-
-HTML_COLORSTYLE_HUE = 220
-
-# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of
-# the colors in the HTML output. For a value of 0 the output will use
-# grayscales only. A value of 255 will produce the most vivid colors.
-
-HTML_COLORSTYLE_SAT = 100
-
-# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to
-# the luminance component of the colors in the HTML output. Values below
-# 100 gradually make the output lighter, whereas values above 100 make
-# the output darker. The value divided by 100 is the actual gamma applied,
-# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2,
-# and 100 does not change the gamma.
-
-HTML_COLORSTYLE_GAMMA = 80
-
-# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
-# page will contain the date and time when the page was generated. Setting
-# this to NO can help when comparing the output of multiple runs.
-
-HTML_TIMESTAMP = YES
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
-# files or namespaces will be aligned in HTML using tables. If set to
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS = YES
-
-# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
-# documentation will contain sections that can be hidden and shown after the
-# page has loaded. For this to work a browser that supports
-# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
-# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
-
-HTML_DYNAMIC_SECTIONS = NO
-
-# If the GENERATE_DOCSET tag is set to YES, additional index files
-# will be generated that can be used as input for Apple's Xcode 3
-# integrated development environment, introduced with OSX 10.5 (Leopard).
-# To create a documentation set, doxygen will generate a Makefile in the
-# HTML output directory. Running make will produce the docset in that
-# directory and running "make install" will install the docset in
-# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
-# it at startup.
-# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
-# for more information.
-
-GENERATE_DOCSET = NO
-
-# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
-# feed. A documentation feed provides an umbrella under which multiple
-# documentation sets from a single provider (such as a company or product suite)
-# can be grouped.
-
-DOCSET_FEEDNAME = "Doxygen generated docs"
-
-# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
-# should uniquely identify the documentation set bundle. This should be a
-# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
-# will append .docset to the name.
-
-DOCSET_BUNDLE_ID = org.doxygen.Project
-
-# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify
-# the documentation publisher. This should be a reverse domain-name style
-# string, e.g. com.mycompany.MyDocSet.documentation.
-
-DOCSET_PUBLISHER_ID = org.doxygen.Publisher
-
-# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher.
-
-DOCSET_PUBLISHER_NAME = Publisher
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output directory.
-
-CHM_FILE =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
-# is used to encode HtmlHelp index (hhk), content (hhc) and project file
-# content.
-
-CHM_INDEX_ENCODING =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND = NO
-
-# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
-# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated
-# that can be used as input for Qt's qhelpgenerator to generate a
-# Qt Compressed Help (.qch) of the generated HTML documentation.
-
-GENERATE_QHP = NO
-
-# If the QHG_LOCATION tag is specified, the QCH_FILE tag can
-# be used to specify the file name of the resulting .qch file.
-# The path specified is relative to the HTML output folder.
-
-QCH_FILE =
-
-# The QHP_NAMESPACE tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#namespace
-
-QHP_NAMESPACE = org.doxygen.Project
-
-# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#virtual-folders
-
-QHP_VIRTUAL_FOLDER = doc
-
-# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to
-# add. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#custom-filters
-
-QHP_CUST_FILTER_NAME =
-
-# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the
-# custom filter to add. For more information please see
-# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">
-# Qt Help Project / Custom Filters</a>.
-
-QHP_CUST_FILTER_ATTRS =
-
-# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
-# project's
-# filter section matches.
-# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">
-# Qt Help Project / Filter Attributes</a>.
-
-QHP_SECT_FILTER_ATTRS =
-
-# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can
-# be used to specify the location of Qt's qhelpgenerator.
-# If non-empty doxygen will try to run qhelpgenerator on the generated
-# .qhp file.
-
-QHG_LOCATION =
-
-# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files
-# will be generated, which together with the HTML files, form an Eclipse help
-# plugin. To install this plugin and make it available under the help contents
-# menu in Eclipse, the contents of the directory containing the HTML and XML
-# files needs to be copied into the plugins directory of eclipse. The name of
-# the directory within the plugins directory should be the same as
-# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before
-# the help appears.
-
-GENERATE_ECLIPSEHELP = NO
-
-# A unique identifier for the eclipse help plugin. When installing the plugin
-# the directory name containing the HTML and XML files should also have
-# this name.
-
-ECLIPSE_DOC_ID = org.doxygen.Project
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs)
-# at top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it. Since the tabs have the same information as the
-# navigation tree you can set this option to NO if you already set
-# GENERATE_TREEVIEW to YES.
-
-DISABLE_INDEX = NO
-
-# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
-# structure should be generated to display hierarchical information.
-# If the tag value is set to YES, a side panel will be generated
-# containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
-# Windows users are probably better off using the HTML help feature.
-# Since the tree basically has the same information as the tab index you
-# could consider to set DISABLE_INDEX to NO when enabling this option.
-
-GENERATE_TREEVIEW = NO
-
-# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values
-# (range [0,1..20]) that doxygen will group on one line in the generated HTML
-# documentation. Note that a value of 0 will completely suppress the enum
-# values from appearing in the overview section.
-
-ENUM_VALUES_PER_LINE = 4
-
-# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories,
-# and Class Hierarchy pages using a tree view instead of an ordered list.
-
-USE_INLINE_TREES = NO
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH = 250
-
-# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open
-# links to external symbols imported via tag files in a separate window.
-
-EXT_LINKS_IN_WINDOW = NO
-
-# Use this tag to change the font size of Latex formulas included
-# as images in the HTML documentation. The default is 10. Note that
-# when you change the font size after a successful doxygen run you need
-# to manually remove any form_*.png images from the HTML output directory
-# to force them to be regenerated.
-
-FORMULA_FONTSIZE = 10
-
-# Use the FORMULA_TRANPARENT tag to determine whether or not the images
-# generated for formulas are transparent PNGs. Transparent PNGs are
-# not supported properly for IE 6.0, but are supported on all modern browsers.
-# Note that when changing this option you need to delete any form_*.png files
-# in the HTML output before the changes have effect.
-
-FORMULA_TRANSPARENT = YES
-
-# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax
-# (see http://www.mathjax.org) which uses client side Javascript for the
-# rendering instead of using prerendered bitmaps. Use this if you do not
-# have LaTeX installed or if you want to formulas look prettier in the HTML
-# output. When enabled you may also need to install MathJax separately and
-# configure the path to it using the MATHJAX_RELPATH option.
-
-USE_MATHJAX = NO
-
-# When MathJax is enabled you need to specify the location relative to the
-# HTML output directory using the MATHJAX_RELPATH option. The destination
-# directory should contain the MathJax.js script. For instance, if the mathjax
-# directory is located at the same level as the HTML output directory, then
-# MATHJAX_RELPATH should be ../mathjax. The default value points to
-# the MathJax Content Delivery Network so you can quickly see the result without
-# installing MathJax.
-# However, it is strongly recommended to install a local
-# copy of MathJax from http://www.mathjax.org before deployment.
-
-MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest
-
-# The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension
-# names that should be enabled during MathJax rendering.
-
-MATHJAX_EXTENSIONS =
-
-# When the SEARCHENGINE tag is enabled doxygen will generate a search box
-# for the HTML output. The underlying search engine uses javascript
-# and DHTML and should work on any modern browser. Note that when using
-# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets
-# (GENERATE_DOCSET) there is already a search function so this one should
-# typically be disabled. For large projects the javascript based search engine
-# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution.
-
-SEARCHENGINE = YES
-
-# When the SERVER_BASED_SEARCH tag is enabled the search engine will be
-# implemented using a PHP enabled web server instead of at the web client
-# using Javascript. Doxygen will generate the search PHP script and index
-# file to put on the web server. The advantage of the server
-# based approach is that it scales better to large projects and allows
-# full text search. The disadvantages are that it is more difficult to setup
-# and does not have live searching capabilities.
-
-SERVER_BASED_SEARCH = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
-GENERATE_LATEX = NO
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
-# invoked. If left blank `latex' will be used as the default command name.
-# Note that when enabling USE_PDFLATEX this option is only used for
-# generating bitmaps for formulas in the HTML output, but not in the
-# Makefile that is written to the output directory.
-
-LATEX_CMD_NAME = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, letter, legal and
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE = a4
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER =
-
-# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for
-# the generated latex document. The footer should contain everything after
-# the last chapter. If it is left blank doxygen will generate a
-# standard footer. Notice: only use this tag if you know what you are doing!
-
-LATEX_FOOTER =
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS = YES
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX = YES
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not
-# include the index chapters (such as File Index, Compound Index, etc.)
-# in the output.
-
-LATEX_HIDE_INDICES = NO
-
-# If LATEX_SOURCE_CODE is set to YES then doxygen will include
-# source code with syntax highlighting in the LaTeX output.
-# Note that which sources are shown also depends on other settings
-# such as SOURCE_BROWSER.
-
-LATEX_SOURCE_CODE = NO
-
-# The LATEX_BIB_STYLE tag can be used to specify the style to use for the
-# bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See
-# http://en.wikipedia.org/wiki/BibTeX for more info.
-
-LATEX_BIB_STYLE = plain
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimized for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS = NO
-
-# Load style sheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assignments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN = YES
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation.
-
-GENERATE_XML = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_SCHEMA =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_DTD =
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
-# dump the program listings (including syntax highlighting
-# and cross-referencing information) to the XML output. Note that
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING = YES
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will
-# generate a Perl module file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_PERLMOD = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
-# nicely formatted so it can be parsed by a human reader.
-# This is useful
-# if you want to understand what is going on.
-# On the other hand, if this
-# tag is set to NO the size of the Perl module output will be much smaller
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY = YES
-
-# The names of the make variables in the generated doxyrules.make file
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
-# This is useful so different doxyrules.make files included by the same
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX =
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
-EXPAND_ONLY_PREDEF = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# pointed to by INCLUDE_PATH will be searched when a #include is found.
-
-SEARCH_INCLUDES = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
-INCLUDE_PATH =
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed. To prevent a macro definition from being
-# undefined via #undef or recursively expanded use the := operator
-# instead of the = operator.
-
-PREDEFINED =
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition that
-# overrules the definition found in the source code.
-
-EXPAND_AS_DEFINED =
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all references to function-like macros
-# that are alone on a line, have an all uppercase name, and do not end with a
-# semicolon, because these will confuse the parser if not removed.
-
-SKIP_FUNCTION_MACROS = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles. For each
-# tag file the location of the external documentation should be added. The
-# format of a tag file without this location is as follows:
-#
-# TAGFILES = file1 file2 ...
-# Adding location for the tag files is done as follows:
-#
-# TAGFILES = file1=loc1 "file2 = loc2" ...
-# where "loc1" and "loc2" can be relative or absolute paths
-# or URLs. Note that each tag file must have a unique name (where the name does
-# NOT include the path). If a tag file is not located in the directory in which
-# doxygen is run, you must also specify the path to the tagfile here.
-
-TAGFILES =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
-# or super classes. Setting the tag to NO turns the diagrams off. Note that
-# this option also works with HAVE_DOT disabled, but it is recommended to
-# install and use dot, since it yields more powerful graphs.
-
-CLASS_DIAGRAMS = YES
-
-# You can define message sequence charts within doxygen comments using the \msc
-# command. Doxygen will then run the mscgen tool (see
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
-# documentation. The MSCGEN_PATH tag allows you to specify the directory where
-# the mscgen tool resides. If left empty the tool is assumed to be found in the
-# default search path.
-
-MSCGEN_PATH =
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT = NO
-
-# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is
-# allowed to run in parallel. When set to 0 (the default) doxygen will
-# base this on the number of processors available in the system. You can set it
-# explicitly to a value larger than 0 to get control over the balance
-# between CPU load and processing speed.
-
-DOT_NUM_THREADS = 0
-
-# By default doxygen will use the Helvetica font for all dot files that
-# doxygen generates. When you want a differently looking font you can specify
-# the font name using DOT_FONTNAME. You need to make sure dot is able to find
-# the font, which can be done by putting it in a standard location or by setting
-# the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the
-# directory containing the font.
-
-DOT_FONTNAME = Helvetica
-
-# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
-# The default size is 10pt.
-
-DOT_FONTSIZE = 10
-
-# By default doxygen will tell dot to use the Helvetica font.
-# If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to
-# set the path where dot can find it.
-
-DOT_FONTPATH =
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH = YES
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS = YES
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
-# collaboration diagrams in a style similar to the OMG's Unified Modeling
-# Language.
-
-UML_LOOK = NO
-
-# If the UML_LOOK tag is enabled, the fields and methods are shown inside
-# the class node. If there are many fields or methods and many nodes the
-# graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS
-# threshold limits the number of items for each type to make the size more
-# managable. Set this to 0 for no limit. Note that the threshold may be
-# exceeded by 50% before the limit is enforced.
-
-UML_LIMIT_NUM_FIELDS = 10
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH = YES
-
-# If the CALL_GRAPH and HAVE_DOT options are set to YES then
-# doxygen will generate a call dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable call graphs
-# for selected functions only using the \callgraph command.
-
-CALL_GRAPH = NO
-
-# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
-# doxygen will generate a caller dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable caller
-# graphs for selected functions only using the \callergraph command.
-
-CALLER_GRAPH = NO
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will generate a graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY = YES
-
-# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
-# then doxygen will show the dependencies a directory has on other directories
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are svg, png, jpg, or gif.
-# If left blank png will be used. If you choose svg you need to set
-# HTML_FILE_EXTENSION to xhtml in order to make the SVG files
-# visible in IE 9+ (other browsers do not have this requirement).
-
-DOT_IMAGE_FORMAT = png
-
-# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to
-# enable generation of interactive SVG images that allow zooming and panning.
-# Note that this requires a modern browser other than Internet Explorer.
-# Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you
-# need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files
-# visible. Older versions of IE do not have SVG support.
-
-INTERACTIVE_SVG = NO
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS =
-
-# The MSCFILE_DIRS tag can be used to specify one or more directories that
-# contain msc files that are included in the documentation (see the
-# \mscfile command).
-
-MSCFILE_DIRS =
-
-# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
-# nodes that will be shown in the graph. If the number of nodes in a graph
-# becomes larger than this value, doxygen will truncate the graph, which is
-# visualized by representing a node as a red box. Note that doxygen if the
-# number of direct children of the root node in a graph is already larger than
-# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
-# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
-
-DOT_GRAPH_MAX_NODES = 50
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
-# graphs generated by dot. A depth value of 3 means that only nodes reachable
-# from the root by following a path via at most 3 edges will be shown. Nodes
-# that lay further from the root node will be omitted. Note that setting this
-# option to 1 or 2 may greatly reduce the computation time needed for large
-# code bases. Also note that the size of a graph can be further restricted by
-# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
-
-MAX_DOT_GRAPH_DEPTH = 0
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
-# background. This is disabled by default, because dot on Windows does not
-# seem to support this out of the box. Warning: Depending on the platform used,
-# enabling this option may lead to badly anti-aliased labels on the edges of
-# a graph (i.e. they become hard to read).
-
-DOT_TRANSPARENT = NO
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
-# files in one run (i.e. multiple -o and -T options on the command line). This
-# makes dot run faster, but since only newer versions of dot (>1.8.10)
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS = NO
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermediate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP = YES
+++ /dev/null
-#
-# Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-# For licensing and other legal details, see the file zrtp_legal.c.
-#
-# Viktor Krykun <v.krikun at zfoneproject.com>
-
-/**
- * \file changelog.dox
- * \brief libzrtp ChangeLog
- */
-
-/*!
-\page changelog ChangeLog
-
-****************************************************************************************************
-\section v120 libzrtp v1.20 build XXX (ZRTP RFC 6189, protocol 1.1)
-****************************************************************************************************
-
-<b>This release is focused</b> on better ZRTP cache management.
-
-***\subsection v120_changes API changes and Upgrade Instructions:
- *- Starting from v120 libzrtp uses global ZID for all outgoing connections. Local ZID should be
- specified in zrtp_global_t#zid and provided to zrtp_init(). App doesn't need to pass local ZID
- each time it creates new session via zrtp_session_init().
- *- Added zrtp_randstr2() which allow to generate random string before libzrtp being initialized.
- Can be handy to generate initial ZID. In normal circumstances, use zrtp_randstr() whenever possible.
- *- ZRTP cache API was completely redesigned. Look at zrtp_cache.h for more details.
-
-
-***\subsection v120_feature New features and improvements.
- *- new better cache management API.
-
-***\subsection v120_bugs Bug fixes
- *- fixed bug when ZRTP forces enrolled endpoints to re-render SAS when sashash is empty.
- *- other minor bug fixes and improvements
- *- fixed bug when zrtp_signaling_hash_set() silently not accepted imported zrtp-hash-value with
- "buffer too small" debug output.
-
-
-****************************************************************************************************
-\section v091 DEVELOPERS BUILD Release Notes - libzrtp - Version 0.91 build XXX (ZRTP ID v16x, protocol 1.X)
-****************************************************************************************************
-\note To build Libzrtp Enterprise with Elliptic Cure Diffie-Hellman support on Unix platform, use
- <c>"./configure --enable-enterprise".</c> By default libzrtp will be build with no ECDH support.
-
-<HR>
-***\subsection v091_feature New features and improvements.
-
-***\subsection v091_bugs Bug fixes
- *- [LZRTP-179] Fixed bug in build scripts when commercial version of libzrtp v0.90 was built
- with ZRTP_ENABLE_EC set to 1 by default.
- *- [LZRTP-181] Fixed zrtp_init() crash on Mac OSX 10.6
- *- [LZRTP-182] Fixed libzrtp build issue on Free-BSD
-
-
-****************************************************************************************************
-\section v090 Release Notes - libzrtp - Version 0.90 build 577 (ZRTP ID v15x, protocol 1.1)
-****************************************************************************************************
-<HR>
-***\subsection v090_feature New features and improvements.
- *- [LZRTP-178] After the cache mismatch don't update the cache automatically, wait for the SAS verification. More details at this feature could be found in ZRTP ID section 4.6.1.1
- *- [LZRTP-151] Add secrets flags to \ref zrtp_info_t to allow user monitor secrets state
- *- [LZRTP-169] Check and optimize build process on Windows mingw and msys.
-
-***\subsection v090_bugs Bug fixes
- *- [LZRTP-176] Added -fPIC flag to Linux and Mac builds to be able to link the library into 64bit applications.
- *- [LZRTP-175] Change SHA1 definition name to SRTP_SHA1 and move to private part of the API to eliminate ambiguity.
- *- [LZRTP-155] Session info should display current, updated value of the TTL, not the old one from previous negotiation.
- *- [LZRTP-177] Diffie-Hellman secret exponent for DH2K should be 256bits instead of 128.
-
-
-****************************************************************************************************
-\section v082 Release Notes - libzrtp - Version 0.82 build 540 (ZRTP ID v15, protocol 1.1)
-****************************************************************************************************
-<HR>
-Minor improvements. Zfone and libZRTP projects moved to public bug-tracking and wiki system.
-
-***\subsection v082_feature New features and improvements.
- *- Improved libzrtp resistance to long delays during DH calculations on slow hardware.
- *- Structures Members alignment in Microsoft Visual Studio projects was changed from 1 byte to "Default".
- *- Implemented entropy collection from dropped RTP messages. Don't forget to store RNG seed when you done with libzrtp and upload it agan on next session.
- *- Implement default entropy collector for Win32 platform. RtlGenRandom() system call is used. Together with the entropy collection from dropped RTP message, it should guaranty good enough entropy.
- *- zrtp_def_cache_reset_since() was implemented as call-back, similar to the rest of ZRTP cache interfaces.
- *- Eliminated secure logs from the public build.
- *- Public bug-tracker and wiki launched (in addition to our internal tools)
- *- libzrtp API documentation is available at developers.zfoneproject.com
-
-
-****************************************************************************************************
-\section v081 Release Notes - libzrtp - Version 0.81 build 514 (ZRTP ID v15, protocol 1.1)
-****************************************************************************************************
-<HR>
-***\subsection v081_bugs Bug
- *- [LZRTP-161] <b>Improvement in ZRTP state-machine</b>\n
- libzrtp state-machine didn't process incoming Hello message in StartInitiatingSecure state.
- In some situations this issue could cause libzrtp not responding on incoming HELLO messages and freeze the protocol.
-
- *- [LZRTP-166] <b>Fixed "Secure Since" logic.</b>\n
- Previous version of libzrtp computed secure since in a wrong way. libzrtp 0.81 remembers secure since date when new RS1 secret is generated and keep it unchanged while RS secrets are matched for all next calls.
- \n
- Use zrtp_def_cache_get_since() to get secure since for the particular pair of ZIDs.
- \warning Secure since function is available for the build-in implementation of ZRTP cache.
-
-***\subsection v081_feature New Feature
- *- [LZRTP-157] <b>Implement algorithms negotiation according to ZRTP ID v15 section 4.1.2</b>\n
- This method is provided to allow the two parties to mutually and deterministically choose the same DH key size and algorithm before a Commit message is sent. No API changes required.
-
- *- [LZRTP-158] <b>Zfone Ping response implemented.</b>\n
- New Zfone3 software uses specific VoIp calls detection algorithms and uses ZRTP Ping to discover the call topology. Each ZRTP endpoint may response with PingAck to be compatible with Zfone3. libzrtp based products don't need to do anything more to support Zfone3. The library handles this automatically. Ping-Response doesn't affect res of ZRTP logic.
- \n
- \sa Check ZRTP RFC sec 5.16 for more information.
-
-***\subsection v081_improv Improvement
- *- [LZRTP-164] <b>New ZRTP security event was added.</b>\n
- Libzrtp rises special event when after switching to secure state, the secrets are not expired, cached, but don't match. In other words: it is typical condition for the MitM attacks. Developer should use this event to notify user about the situation. Check zrtp_security_event_t#ZRTP_EVENT_MITM_WARNING for more detail information.
-
- *- [LZRTP-153] <b>New Project files to build libzrtp on Windows CE.</b>\n
- Check ./projects/win_ce directory to find appropriate Microsoft Visual Studio projects.
-
-
-
-****************************************************************************************************
-\section v080 Release Notes - libzrtp - Version 0.80
-****************************************************************************************************
-<HR>
-***\subsection v080_bugs Bug
- - [LZRTP-97] <b>zrtp_hex2str and zrtp_st2hex don't work correct.</b>\n
- Fixed bug in str2hex() providing wrong converting. Previous versions of libzrtp were affect,
- but str2hex wasn't used in crypto logic and there was no security weakness.
- - [LZRTP-154] zrtp_register_with_trusted_mitm() on storing MiTM secret didn't set the "matches" flag for ZRTP_BIT_PBX. In result, zrtp_is_user_enrolled() returned false right after ZRTP_STATE_SECURE event. This issue affected ZRTP MitM endpoints only and for the very first enrollment stream with the endpoint. In all next calls with the endpoint zrtp_is_user_enrolled() worked correct.
-
-***\subsection v080_improv Improvement
- *- [LZRTP-26] <b>Refactoring in the test-unite</b>\n
- Test-unite was redesigned: platform independent test-core and UI parts, specific for every
- target platform. test-core has cleaner API and internal structure. UI part allow to simplify
- application and separate business logic from UI routine.
-
- *- [LZRTP-46] <b>Change zrtp_time_t to literal integer type.</b>\n
- zrtp_tim_now() just returns current time in milliseconds instead of zrtp_time_t structure.
-
- *- [LZRTP-83] <b>Refactoring in libzrtp debug logging.</b>\n
- Made logs easy to read and analyze. Used indention.
-
- *- [LZRTP-84] <b>Refactoring in libzrtp terms.</b>\n
- Following changes in functions names and data structures were made:
- zrtp_stream_ctx_t - zrtp_stream_t\n
- zrtp_conn_ctx_t - zrtp_session_t\n
- zrtp_global_ctx_t - zrtp_global_t\n
- (in zrtp.h more explicitly reflect meaning of data types)\n
- \n
- ZSTR_GET_VALUE/P - ZRTP_GV/P\n
- SET_EMPTY_ZRTP_STRING - ZSTR_SET_EMPTY\n
- (in zrtp_string.h just cleaner and shorter names)\n
- \n
- zrtp_init() (Allocates memory)\n
- zrtp_init_session_ctx() - zrtp_session_init(). (Allocates memory)\n
- zrtp_add_entropy() - zrtp_entropy_add() \n
- zrtp_secure_stream() - zrtp_stream_secure()\n
- zrtp_clear_stream() - zrtp_stream_clear()\n
- zrtp_done_session_ctx - zrtp_session_down()\n
- zrtp_attach_stream - zrtp_stream_attach()\n
- zrtp_start_stream() - zrtp_stream_start()\n
- zrtp_stop_stream() - zrtp_stream_stop()\n
- zrtp_set_verified - zrtp_verified_set()\n
- zrtp_check_profile - zrtp_profile_check()\n
- (in zrtp.h used following approach: zrtp prefix; module name; action name)
-
- *- [LZRTP-85] <b>Hide private fields in zrtp_session_ctx and zrtp_stream_ctx.</b>\n
- zrtp_stream_t and zrtp_session_t structures were hidden inside libzrtp internal data-types. General libzrtp-based application shouldn't use these structures directly. zrtp_stream_info_t and zrtp_session_info_t structures should be used instead. To implement data encapsulation, libzrtp provides following functions:
- zrtp_stream_get(), zrtp_session_get()\n
- zrtp_stream_set_userdata(), zrtp_stream_get_userdata()\n
- zrtp_session_set_userdata(), zrtp_session_get_userdata()\n
- \n
- Advanced zrtp products may access zrtp_stream_t and zrtp_session_t directly but implementer can avoid this in most of the cases.
-
- *- [LZRTP-88] <b>Create a macro for UNALIGNED constructions on mobile platforms.</b>\n
-
- *- [LZRTP-89] <b>Code style for crypto components sources.</b>\n
- Public API not affected. Internal changes:
- - more compact code because fo using more general crypto functions
- - code stayle and comments
- - test-vectors were moved inside c-files fof appropriate crypto components.
-
- *- [LZRTP-99] <b>zrtp_session_init should allocate memory for zrtp_session_t.</b>\n
-
- *- [LZRTP-112] <b>Modify zrtp logger to be able write \\n and NON \\n logs.</b>\n
- ZRTP_LOG by default doesn't add \\n at the end of the log string. ZRTP_LOGC print plain log message without header and any formatting.
-
- *- [LZRTP-116] <b>Review synchronization objects in libzrtp.</b>\n
- - zrtp_global_t#comp_protector was removed. This mutex protected crypto components list. Since v0.80 libzrtp doesn't allow users to manage list of crypto components. libzrtp loads all available components at zrtp_init() and destroys them on zrtp_down(). Any modification with the list performed between these two call - don't need mutex.
- - zrtp_secrets_t#protector was removed, just unused in the code
- - zrtp_global_t#cache_protector was removed. Third-party ZRTP cache implementation should be thread-safe. It was made because it is simpler and more flexible solution.
-
- *- [LZRTP-120] <b>Add file with version number to identify builds.</b>\n
- zrtp_version.h have been added to the project.
-
- *- [LZRTP-128] <b>Eliminate Sound event from libzrtp.</b>\n
- zrtp_callback_misc_t::on_sound_event() was eliminated. This message was originally deigned for early versions of ZFone project. Event is supernumerary and duplicated other protocol and security events. Users, who need such event may perform the same actions using zrtp_callback_event_t events.
-
- *- [LZRTP-133] <b>Move ssrc parameter from stream_create() to stream_start()</b>\n
- SSRC parameter was moved from zrtp_stream_attach() to zrtp_stream_start(). Such improvement should allow users to create zrtp streams before media starts and ssrc is unknown. It may be useful for proxy products: ZFone, UM-Lab software and other.
-
- *- [LZRTP-143] <b>Speedup DH key exchange procedure.</b>\n
- DH crypto context data was moved directly to zrtp_stream_t and statically allocated. On creating protocol routine, libzrtp checks is DH context have been already initialized with the same type of key exchange scheme. If so - new DH value will not be recalculated.
-
-***\subsection v080_feature New Feature
- - [LZRTP-14] <b>Add DH2K public key exchange scheme</b>\n
- DH2K public key exchange scheme was implemented and available for developers the same way as rest of crypto components.
-
-***\subsection v080_tasks Task
- *- [LZRTP-24] <b>Implement Self-tests for DH and ECDH components.</b>\n
- Test cases for DH components were implemented and added to the libzrtp test-unite routine. DH checks algorithm correctness and performance as well. Besides test-vectors, it emulates DH exchange computing public and secret values for both endpoints.
-
- *- [LZRTP-122] <b>Print out all zrtp configuration settings and adjustments on initialization.</b>
-
- *- [LZRTP-123] <b>Create standard error codes and error text descriptions.</b>\n
- New functions zrtp_log_error2str() and zrtp_log_status2str() were added to convert status codes to text description. Some clean-up in zrtp_status_t was made, removed unused or ambiguous status codes.
-
- *- [LZRTP-132] <b>Replace HMAC with KDF function call.</b>\n
- Since ZRTP draft 12b defines ZRTP KDF to be in compliance with the recommendations in NIST SP 800-108. KDF function implemented as _zrtp_kdf() in zrtp_utils_proto.c. All KDF operations were replaced with from hmac to kdf function.
-
-*/
+++ /dev/null
-#
-# Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-# For licensing and other legal details, see the file zrtp_legal.c.
-#
-# Viktor Krykun <v.krikun at zfoneproject.com>
-
-
-/**
- * \file howto.dox
- * \brief How to Get Up and Running Quickly with libZRTP
- */
-
-/**
-\page howto How to Get Up and Running Quickly with libZRTP
-
-****************************************************************************************************
-\section howto_about 1. About
-****************************************************************************************************
-<HR>
-The libzrtp library is a cross-platform implementation of ZRTP, a VoIP encryption protocol developed by Phil Zimmermann. libzrtp is suitable for inclusion in software VoIP clients, firmware for hardware VoIP phones, VoIP PBX servers, mobile VoIP clients, and SIP border control servers, enabling a VoIP application to interoperate and make secure calls with the rest of the ZRTP
-community.
-
-The libzrtp library consists of three main components: the protocol module responsible for the safe connection of a call, the encryption module, and a set of interfaces. ZRTP works by assuming control of the VoIP traffic and initiating an encrypted connection between two ZRTP endpoints after a safe mode is achieved. To integrate the library, please review our documentation on the
-ZRTP interfaces, connections management, and integration plan.
-
-
-****************************************************************************************************
-\section howto_quick 2. Quick Info
-****************************************************************************************************
-<HR>
- ***<H3>Building with GNU tools (Linux, *BSD, MacOS X, mingw, etc.)</H3>
-
- Generally these should be all that are needed to build the libraries, applications, and samples:
- -# go to ./projects/gnu and run
-\code
-$ ./configure
-$ make clean && make
-\endcode
-
- **<H3>Building Win32 Target with Microsoft Visual Studio</H3>
- Generally we can just do these steps:
- -# Visual Studio 8: open projects/win/libzrtp_vc8.sln solution,
- -# build the libzrtp_test application.
-
- **<H3>Building for Windows Mobile</H3>
- Generally these are all that are needed:
- -# Visual Studio 8: open projects/win/libzrtp_wince_vc8.sln solution,
- -# build the libzrtp_test application.
-
- **<H3>Locating Output Binaries/Libraries</H3>
- For GNU targets, library files will be placed to <c>./projects/gnu/build</c> and <c>./third_party/bnlib</c>.
-
- **<H3>Running the Applications</H3>
- After successful build, you can try running libzrtp_test application on projects/gnu/build/test directory.
-
-****************************************************************************************************
-\section howto_getting_source 3. Getting the Source Distribution
-****************************************************************************************************
-<HR>
-***\subsection howto_getting_source_tar 3.1 Getting the Release tarball
-
- Getting the released tarball is the best way to obtain stable version of libzrtp. The tarball may not contain the latest features or bug-fixes, but normally it is considered more stable, tested and well documented.
-
- The latest released tarball can be downloaded from the http://zfoneproject.com/prod_sdk.html
-
-***\subsection howto_getting_source_svn 3.2 Getting from Subversion trunk
- At the moment, SVN repository is available for libzrtp developers only. It will be opened for public soon.
-
-***\subsection howto_getting_source_layout 3.3 Source Directories Layout
-
- The top-level directories (denoted as $TOP here) in the source distribution contains the following sub-directories:
-
- \c $TOP/doc - documentation folder;
-
- \c $TOP/include - header files:
- - \c zrtp_config_user.h - user defined ZRTP configuration options;
- - \c zrtp_config_win.h - Windows related configuration options;
- - \c zrtp_config.h - libzrtp automatic configuration routine.
- - \c zrtp_crypto.h - contains definitions of the data types and functions necessary to
- strengthen the crypto-segment of the library. These functions are used only by libzrtp
- developers only. Typical projects based on libzrtp do not use these functions;
- - \c zrtp_engine.h - contains types and functions needed by the ZRTP state-machine For
- internal use only;
- - \c zrtp_error.h - contains error codes returned by the libzrtp functions;
- - \c zrtp_iface_system.h - contains a set of OS-related interface functions which must be
- implemented in order to use the library;
- - \c zrtp_iface.h - contains a set of ZRTP utility interface functions which must be
- implemented in order to use the library;
- - \c zrtp_legal.h - libzrtp license agreement;
- - \c zrtp_list.h - contains functions and macros for safe operations with linked lists. All
- lists in libzrtp are based on these functions. They can be used to avoid mistakes in list operations;
- - \c zrtp_log.h - contains functions to track bugs and store the error log.;
- - \c zrtp_pbx.h - conatins declarations of the main PBX related functions. Use this header if you are the implementor of some VoIP-server solutions;
- - \c zrtp_srtp.h - SRTP crypto types and interfaces. Used to integrate libzrtp with third
- party SRTP implementations;
- - \c zrtp_srtp_builtin.h - data structures for built-in realization of SRTP.
- - \c zrtp_string.h - contains functions for the use of the special, safe strings,
- zrtp_stringn_t, used by libzrtp.
- - \c zrtp_types.h - contains the definitions of the internal data types which are used by
- libzrtp developers and experienced users.
- - \c zrtp.h - conatins declarations of the main dataypes and function
- functions necessary to operate libzrtp. This file header is only must to
- be included in each module using the libzrt functions;
-
- \c $TOP/projects
- - \c gnu - make files for Unix-like systems using autotools;
- - \c symbian - configuration and make files for Symbian platform;
- - \c win - Set of Microsoft Visual Studio project files for Windows and Windows CE.
- - \c win_kernel - makefiles for Windows Kernel mode.
- - \c xcode - project files for Apple Xcode.
-
- \c $TOP/src - libzrtp source files;\n
-
- \c $TOP/test - test suite for libZRTP kernel logic. Includes versions for Unix, Windows,
- Windows CE and Symbian.
-
- \c $TOP/third_party
- - \c bnlib - libbn files which are not intended for external use;
- - \c bgaes - AES encryption library and hash functions by Brian Gladman;
-
-
-****************************************************************************************************
-\section howto_praparations 4. Build Preparation
-****************************************************************************************************
-<HR>
-***\subsection howto_praparations_config 4.1 zrtp_cinfig_user.h
-
- Before building libzrtp, some adjustments may be performed according to developers needs. In order to do this, \c include/zrtp_cinfig_user.h should be used. Most of configuration parameters are optional and libzrtp can be build without any modifications.
-
- Check \ref zrtp_config for more information.
-
-***\subsection howto_praparations_iface 4.2 libzrtp platform-dependent interfaces
-
- The library requires external implementation of some system-dependent functions to enable cross-platform operation. The libzrtp distribution contains almost all interface implementations for the following platforms: Windows, Linux, Mac OSX, Symbian, Windows CE. The Quick Start allows a fast integration of the library. Built-in implementations are used by default and developer don't need to anything more.
-
- In order to start using libzrtp, developer should implement just few feedback interfaces. Libzrtp uses callbacks to notify application about some events in ZRTP protocol, such as:
- - zrtp_callback_event_t#on_zrtp_secure - notify user about switching to secure;
- - zrtp_callback_event_t#on_zrtp_not_secure - notify about ZRTP security issues.
-
- Another callback which must be implemented - transport routine:
- - zrtp_callback_misc_t#on_send_packet - libzrtp uses this function to deliver ZRTP protocol message to the remote party.
-
- These only two callbacks which must be implemented to start using libzrtp. Example can be found at the end of this article.
-
- For more detail information about libzrtp platform-dependent interfaces check \ref XXX.
-
-****************************************************************************************************
-\section howto_unix 5. Building Linux, *nix, *BSD, and MacOS X Targets with GNU Build Systems
-****************************************************************************************************
-<HR>
-***\subsection howto_unix_targets Supported Targets
-
- The new, autoconf based GNU build system can be used to build the libraries/applications for the following targets:
- - Linux (i386, Opteron, Itanium, MIPS, PowerPC, etc.),
- - MacOS X (Intel, PowerPC),
- - mingw (i386),
- - FreeBSD (i386, Opteron, etc.),
- - etc.
-
-***\subsection howto_unix_requir 5.1 Requirements
-
- In order to use libzrtp's GNU build system, these typical GNU tools are needed:
- - GNU make,
- - GNU binutils for the target, and
- - GNU gcc for the target.
-
- In addition, the appropriate libraries must be installed for platform-dependent interfaces implementation. This could just be a libc and the appropriate system abstraction library such as Posix.
-
- The build system is known to work on the following hosts:
- - Linux, many types of distributions.
- - MacOS X 10.4 and higher
-
-***\subsection howto_unix_build 5.2 Running configure and make
-
- Run "./configure" without any options to let the script detect the appropriate settings for the host:
-\code
- $ cd libzrtp
- $ ./configure
- ...
-\endcode
-
- Once the configure script completes successfully, libzrtp is ready to be built. Use following commands:
-\code
- $ cd libzrtp
- $ make clean
- $ make
-\endcode
-
- Description of all make targets supported by the Makefile's:
- - \c all. The default (or first) target to build the library binary;
- - \c clean. Clean the object files and libzrtp binary;
- - \c check. Build test cases and start libzrtp_test application;
- - \c distclean. Remove all generated files (object, libraries, binaries, and
- dependency files).
- - \c install. Make install of libzrtp headers and binaries;
- - \c uninstall. Remove installed headers and binaries.
-
-****************************************************************************************************
-\section howto_osx 6. Building MacOS X Targets with Xcode
-****************************************************************************************************
-<HR>
-***\subsection howto_osx_requir 6.1 Requirements
-
- To build libzrtp on OS X using Xcode you need following:
- - Mac OSX 10.4 or later.
- - Apple developers Tools installed.
- - Xcode 3.1 or higher.
-
-***\subsection howto_osx_build 6.2 Building the Projects
-
- Follow the steps below to build libzrtp using Apple Xcode:
- -# For Apple Xcode: open \c projects/xcode/libzrtp.xcodeproj project file.
- -# Set "libzrtp" or "libzrtp_ec" as Active Target.
- -# Select Debug or Release build as appropriate.
- -# Build "configure" target.
- -# Build the project. This will build libzrtp with all dependencies.
- -# After successful build, libzrtp will be placed in \c projects/xcode/build/Debug or Release.
-
- Use \c projects/xcode/libzrtp_test.xcodeproj by analogy to build the test application.
-
-****************************************************************************************************
-\section howto_win 7. Building for Windows Targets with Microsoft Visual Studio
-****************************************************************************************************
-<HR>
-***\subsection howto_win_requir 7.1 Requirements
-
- The Microsoft Visual Studio based project files can be used with one of the following:
- - Microsoft Visual C++ 2005 (including Express edition),
-
- For the host platform, the following are required:
- - Windows NT, 2000, XP, 2003, or later ,
- - Sufficient amount of RAM for the build process (at least 256MB).
-
-***\subsection howto_win_build 7.2 Building the Projects
-
- Follow the steps below to build libzrtp using Visual Studio:
- -# For Visual Studio 8 (VS 2005): open libzrtp_vs8.sln solution file.
- -# Set "libzrtp" or "libzrtp_ec" as StartUp Project.
- -# Select Debug or Release build as appropriate.
- -# Build the project. This will build libzrtp and all dependencies.
- -# After successful build, libzrtp will be placed in \c projects/win/Debug or Release.
-
- To build libzrtp test-cases use "libzrtp_test" as StartUp Project and perform steps listed above.
-
-****************************************************************************************************
-\section howto_wince 8. Building for Windows Mobile Targets (Windows CE/WinCE/PDA/SmartPhone)
-****************************************************************************************************
-<HR>
-***\subsection howto_wince_requir 8.1 Requirements
-
- The Microsoft Visual Studio based project files can be used with one of the following:
- - Microsoft Visual C++ 2005
-
- For the host platform, the following are required:
- - Windows NT, 2000, XP, 2003, or later ,
- - Sufficient amount of RAM for the build process (at least 256MB).
-
-***\subsection howto_wince_build 8.2 Building the Projects
-
- Follow the steps below to build libzrtp using Visual Studio:
- -# For Visual Studio 8 (VS 2005): open libzrtp_wince_vs8.sln solution file.
- -# Set "libzrtp" or "libzrtp_ec" as StartUp Project.
- -# Select Debug or Release build as appropriate.
- -# Build the project. This will build libzrtp and all dependencies.
- -# After successful build, libzrtp will be placed in \c projects/win/Debug or Release.
-
-\note
- The Test Application is not available for Windows Mobile platform at the moment. We will fix this in next version of libzrtp.
-
-****************************************************************************************************
-\section howto_symbian 9. Building for Symbian
-****************************************************************************************************
-<HR>
-
-****************************************************************************************************
-\section howto_using 10. Using libzrtp with Applications
-****************************************************************************************************
-<HR>
- Regardless of the build system being used, the following tasks are normally needed to be done in order to build application to use libzrtp:
- -# Add following include directories in the include search path:
- - \c libzrtp/include
- - \c libzrtp/include/enterprise (if you are using Enterprise version of libzrtp)
- - \c libzrtp/third_party/bgaes
- - \c libzrtp/third_party/bnlib
- - \c libzrtp/projects/gnu/config (for GNU Autoconf targets)
- -# Put these library directories in the library search path:
- - \c libzrtp/third_party/bnlib
- - \c libzrtp/projects/gnu/build (for GNU Autoconf targets)
- - \c libzrtp/projects/xcode/build/Release (when building with Xcode)
- - \c libzrtp/projects/win/Release (when building with Visual Studio)
- -# Include \c libzrtp.h header file to the application.
- -# Link with \c libzrtp and \c bnlib.
- -# Link with system spesific libraries:
- - Windows: Add (among other things): ws2_32.lib.
- - Linux, *nix, *BSD: Add (among other things): '-lpthread'.
- - MacOS X: Add (among other things): '-lpthread'.
-
-****************************************************************************************************
-\section howto_example 11. Quick Start Example
-****************************************************************************************************
-<HR>
-
-An overview for creating an encrypted channel using libzrtp:
-
-*** \subsection howto_example_init 11.1 Initialization
-
- The library supports profiling and dictating different channel parameters, though the initialization can be performed by one function call with default parameters.
-
-\code
-typedef struct testcon_t
-{
- zrtp_session_t *zrtp_session; // ZRTP Session structure
- zrtp_stream_t *zrtp_audio; // ZRTP stream for voice encryption
- zrtp_stream__t *zrtp_video; // ZRTP stream for video encryption
-} testcon_t;
-
-testcon_t safe_connection; // Secure channel instance
-zrtp_global_t zrtp_global; // Persistent storage for libzrtp data
-\endcode
-
-\code
-zrtp_status_t s = zrtp_status_ok;
-zrtp_config_t zrtp_config;
-
-// Initialize zrtp config with default values
-zrtp_config_defaults(&zrtp_config);
-
-// Make some adjustments:
-// - Set Client ID to identify ourself
-// - Set appropriate license mode
-// - We going to use default zrtp cache implementation, so let's specify cache file path
-strcpy(zrtp_config.client_id, TEST_CLIENT_ID);
-zrtp_config.lic_mode = ZRTP_LICENSE_MODE_ACTIVE;
-zrtp_zstrcpyc( ZSTR_GV(zrtp_config.def_cache_path), TEST_CACHE_PATH);
-
-// Define interface callback functions
-zrtp_config.cb.misc_cb.on_send_packet = on_send_packet;
-zrtp_config.cb.event_cb.on_zrtp_secure = on_zrtp_secure;
-zrtp_config.cb.event_cb.on_zrtp_security_event = on_zrtp_event;
-
-// Everything is ready - initialize libzrtp.
-s = zrtp_init(&zrtp_config, &zrtp_global);
-if (zrtp_status_ok != s) {
- // Check error code and debug logs
-}
-
-// The library has been initialized and is ready to use
-. . .
-\endcode
-
-*** \subsection howto_example_sessions 11.2 Sessions/Streams
-
- The library operates with the ZRTP streams concept, where each packet is encrypted within this stream. The streams are created before the start of the encryption process.
-
-\code
-//
-// Allocate zrtp session with default parameters
-//
-z = zrtp_session_init( zrtp_global,
- NULL,
- zid,
- is_initator,
- &safe_connection->zrtp_session);
-if (zrtp_status_ok != s) {
- // Check error code and debug logs
-}
-
-// Set call-back pointer to our parent structure
-zrtp_session_set_userdata(safe_connection->zrtp_session, &safe_connection);
-
-//
-// Attach Audio and Video Streams
-//
-s = zrtp_stream_attach(safe_connection->zrtp_session, &safe_connection->zrtp_audio);
-if (zrtp_status_ok != s) {
- // Check error code and debug logs
-}
-zrtp_stream_set_userdata(safe_connection->zrtp_audio, &safe_connection);
-
-s = zrtp_stream_attach(safe_connection->zrtp_session, &safe_connection->zrtp_video);
-if (zrtp_status_ok != s) {
- // Check error code and debug logs
-}
-zrtp_stream_set_userdata(safe_connection->zrtp_video, &safe_connection);
-\endcode
-
-
-*** \subsection howto_example_protocol 11.3 Protocol Handling
-
- To create an encrypted channel, run the ZRTP engine for each stream added to the session. In our case we have two streams. The library will notify when achieving safe mode through the feedback path interface.
-
-\code
-//
-// Streams are ready - initiate ZRTP protocol
-//
-zrtp_stream_start(safe_connection->zrtp_audio, assrc);
-zrtp_stream_start(safe_connection->zrtp_video, vssrc);
-\endcode
-
-The three steps above create the encrypted channel. After entering the "Secure" state, you provide a plain packet to the library and receive an encrypted packet ready to be sent. Decryption works in the analogous way.
-
-\code
-zrtp_status_t s = zrtp_status_fail;
-char packet[MAX_RTP_SIZE];
-int size = 0;
-
-// Some abstract function for packets receiving
-size = get_packet(packet);
-
- //
- // Processing incoming packets.
- // You must determine media type and choose corresponding ZRTP stream
- //
-s = zrtp_process_srtp(safe_connection->zrtp_audio, packet, &size);
-switch (s) {
- case zrtp_status_ok:
- //
- // Packet was successfully decrypted. Dont forget that packet
- // size was changed during decryption. New size now in size
- //
-
- case zrtp_status_drop:
- //
- // This is a protocol ZRTP packet or masked RTP media.
- // In either case the packet must be dropped to protect your
- // private data and media codec
-
- case zrtp_status_fail:
- //
- // This is some kind of error - see logs for more information.
- // Don't put such packet to the network. It is not secure.
- //
-}
-\endcode
-
-*** \subsection howto_example_callbacks 11.4 Callbacks
-
- libzrtp informs the user application about all changes in protocol state through a system of callback functions. The developer's guide considers this question in detail in \ref XXX. In most cases we need to display the SAS string and some other stream options after switching to the Secure state. An example of doing this is follow:
-
-\code
-static void on_zrtp_secure(zrtp_stream_t *stream, unsigned event)
-{
- test_options_t* info; // some user-defined stream options
-
- switch (event) {
- case ZRTP_EVENT_IS_SECURE:
- {
- safe_connection_t* safe_connection = zrtp_stream_get_userdata(stream);
- zrtp_session_info_t zrtp_session_info;
-
- zrtp_session_get(safe_connection->zrtp_session, &zrtp_session_info);
- //
- // Print out SAS there.
- //
- } break;
-
- // ...
- // handle other events there
-
- default:
- break;
- }
-}
-\endcode
-
-An overview for closing an secure channel using libzrtp:
-
-*** \subsection howto_example_utilization 11.5 Utilization
-
- The uninstall session permits libzrtp to dispose of all engaged resources and release memory for session context storage. ZRTP streams will be also released, so you don't need to call separate functions.
-
-\code
-zrtp_session_down(safe_connection->zrtp_session);
-\endcode
-
- When you no longer need the library, dispose of all resources allocated before the beginning of the operation.
-
-\code
-zrtp_down(&zrtp_global);
-\endcode
-
-****************************************************************************************************
-\section howto_summary 12. Summary
-****************************************************************************************************
-<HR>
-Integration of libzrtp requires familiarity with the protocol and the library operation features. While the encryption of VoIP is not a trivial task, we have attempted to simplify as much as possible the work required to integrate libzrtp.
-
-*/
+++ /dev/null
-#
-# Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-# For licensing and other legal details, see the file zrtp_legal.c.
-#
-# Viktor Krykun <v.krikun at zfoneproject.com>
-
-/**
-\mainpage ZRTP VoIP security
-
-****************************************************************************************************
-\section intro Intro
-****************************************************************************************************
-
- ZRTP Protocol finally goes RFC and we going to stabilize SDK as well. Libzrtp series 0.9X builds
- will contain bug-fixes, performance and stability improvements only.
-
- So, please, be a patient with new API changes. We hope you will find them useful.
-
-****************************************************************************************************
-\section aboutdoc About this Documentation
-****************************************************************************************************
-
- Libzrtp, since v0.80 includes new, documentation. We have updated "How to Get Up and Running Quickly with libZRTP" and Public API documentation.
-
- We working on new "Libzrtp Developers Guide" which will give more detail information about ZRTP protocol and libzrtp architecture. This document will be available in next versions of libzrtp. But even now, libzrtp contains enough documentation to start using it comfortable.
-
- \note
- libzrtp private API may have outdated information from previous version (links like this: \ref XXX). We working hard on that part of the documentation and it will be published in next versions of libzrtp.
-
-****************************************************************************************************
-\section zrtp Libzrtp Documents
-****************************************************************************************************
--# \ref changelog
--# \ref howto
--# \ref rng
-
-*/
+++ /dev/null
-#
-# Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
-# Contact: http://philzimmermann.com
-# For licensing and other legal details, see the file zrtp_legal.c.
-#
-# Viktor Krykun <v.krikun at zfoneproject.com>
-
-
-/**
- * \file rng.dox
- * \brief Random Number Generation in libzrtp
- */
-
-/**
-\page rng Random Number Generation in libzrtp
-
-\section rng Random number generation
-
- The generation of cryptographic key material is a highly sensitive process. To do this, you need high entropy random numbers that an attacker cannot predict. This section discusses the random number generator used by libzrtp, and how suitable entropy can be collected on different hardware platforms.
-
- Failure to use true entropy from the physical environment as a basis for generating random cryptographic key material would lead to a disastrous loss of security.
-
-****************************************************************************************************
-\subsection rng_algorithm Deterministic Random Bit Generator
-****************************************************************************************************
-<HR>
- Libzrtp uses a cryptographically strong Deterministic Random Bit Generator (DRBG), based on running the AES-256 block cipher in counter mode. The output of this DRBG is used for key material by libzrtp for the Diffie-Hellman private keys, and other random protocol components such as nonces. The 256-bit AES key and 128-bit initialization vector for the DRBG are drawn from an entropy pool
- created by a SHA-512 hash of raw entropy sources. These raw entropy sources are highly platform dependent and thus are not included in libzrtp. The library provides only a set of interfaces for adding the entropy to the entropy pool. We will discuss the entropy collection in the next section.
-
- When a random number is required by the ZRTP protocol, the library kernel calls the Deterministic Random Bit Generator interface function zrtp_randstr(). That function requires the existance of an entropy pool that has already been seeded with sufficient entropy. This entropy pool must be seeded by calling zrtp_entropy_add().
-
- The zrtp_entropy_add() function takes a buffer of raw unprocessed entropy provided by the caller and adds it to the entropy pool via the SHA-512 hash function.
-
-****************************************************************************************************
-\subsection rng_accumulation Entropy accumulation
-****************************************************************************************************
-<HR>
- Random numbers for cryptographic key material must be derived from a physical entropy source, such as RF noise, acoustic noise, thermal noise, high resolution timings of environmental events, or other unpredictable physical sources of entropy. For a detailed explanation of cryptographic grade random numbers and guidance for collecting suitable entropy, see <A
- HREF="http://tools.ietf.org/html/rfc4086">RFC 4086</A> and Chapter 10 of "Practical Cryptography" by Ferguson and Schneier. The raw entropy must be distilled and processed through a Deterministic Random Bit Generator (DRBG). We supply a suitable DRBG in libzrtp, which is accessed through the zrtp_randstr() function.
-
- To add entropy to the entropy pool maintained by the libzrtp random number generator, the application calls the zrtp_entropy_add() function. This entropy accumulation function may be called whenever new entropy becomes available.
-
- \warning
- The entropy pool builds up more precious entropy each time you call zrtp_entropy_add(). Once in a while, it is a good idea to save the entropy in nonvolatile storage, by calling zrtp_randstr() and writing the output to a file, or to flash memory, or to some nonvolatile system storage area. This can be done whenever the VoIP application shuts down, or perhaps at the end of each secure VoIP call. A minimum of 512 bits (64 bytes) of output from zrtp_randstr() should be stored this way, but there is no need to store more than 256 bytes. When the VoIP application starts back up again, the contents of this nonvolatile entropy file should be added back into the active entropy pool by passing it to the zrtp_entropy_add() function.
-
-****************************************************************************************************
-\subsection rng_default Libzrtp built-in entropy sources
-****************************************************************************************************
-<HR>
- The SDK library provides a default implementation of entropy accumulation for <b>Windows Kernel</b> and <b>Unix based</b> platforms.
-
- For the Windows kernel mode it gathers current system state information as an entropy source. Among them are the performance counter, the current value of the system interrupt-time count, the count of the interval timer interrupts, and the values of some CPU registers.
-
- For Unix platforms, libzrtp calls \c /dev/urandom.
-
- If you are running libzrtp on a Windows Kernel or a full-blown desktop *nix-like system - you need not do anything more to implement the RNG. If you are using some other platform - carefully read the next section.
-
-****************************************************************************************************
-\subsection rng_guidelines Entropy sources for your platform.
-****************************************************************************************************
-<HR>
- On a desktop or laptop PC running Linux, FreeBSD, NetBSD, or OpenBSD, a good source of entropy may be found by reading from \c /dev/random or \c /dev/urandom. This is because \c /dev/random is seeded by entropy from keyboard timings, mouse movements, disk latency measurements, or other physical noise sources, some of them involving unpredictable human interaction.
-
- However, some low cost embedded Linux systems have no keyboard, no mouse or trackpad, no disk drive, and are starving for high quality entropy. There are some low cost Asterisk PBX boxes that are built this way. Or hardware Analog Telephone Adapters. Or low cost consumer routers. Many of them have no \c /dev/random implemented, or worse, have only a stub for /dev/random that does not actually collect any environmental entropy. This creates a dangerous illusion that entropy is available, because \c /dev/urandom appears to work, but is not backed by true entropy. This is bad, and not only for ZRTP. Platforms like these might not be able to generate strong cryptographic key material for SSH or SSL.
-
- If you are an OEM that builds hardware like this, and you wish to implement the ZRTP protocol with our libzrtp SDK, you really should provide a properly implemented \c /dev/random and \c /dev/urandom, properly supplied with true environmental entropy. If you are building a telephone, you can easily collect entropy from raw audio samples from the microphone. If the phone includes a video camera, you can collect entropy by sampling a few raw uncompressed video frames. If it's a mobile phone or a cordless phone, you can collect entropy from the RF noise in your wireless circuitry. If it's an embedded box like a router or low cost PBX, you can do high resolution timings of packet arrivals and use the timer readings as entropy sources. A PBX might include an analog interface to PSTN phone lines, and those interfaces usually include registers that measure analog voltage levels, which can serve as a source of entropy. The entropy sources do not need to produce much entropy, just a few bits at a time, but it can build up slowly until you have accumulated a few hundred bits of entropy. That's enough to generate cryptographically useful keys. Even if it takes some seconds or even minutes to accumulate this much entropy the first time your product is activated, it can be stored in nonvolatile storage so that it will be ready to reseed the entropy pool instantly the next time your product is powered up.
-
- In the ideal case, if you are designing the embedded hardware yourself, you could provide a good source of entropy by including a simple <A HREF="http://en.wikipedia.org/wiki/Ring_oscillator">ring oscillator</A> in the hardware. A ring oscillator is a circular chain (a ring) of NOT gates, and has nothing whatsoever to do with a telephone ring generator. The oscillation frequency drifts from thermal noise, and sampling the output at some low sampling rate is a good way to get some entropy. However, most designers have to work with existing hardware designs, and don't have the luxury of adding special hardware to generate entropy, which means you have to improvise with whatever you can collect from the environment, using any of the methods described above.
-
- If the library is used on another platform, the potential entropy sources should be thoroughly analyzed and a custom implementation must be developed for that platform. You can get your entropy collection ideas by looking at the default implementation of \c zrtp_add_system_state() provided in \c zrtp_rng.c. Again, microphone noise can be a good entropy source for VoIP clients. Raw, uncompressed, unfiltered audio samples should be used.
-
- If you have entropy gathering schemes for platforms not already supported in libzrtp, or if you doubt the correctness of your entropy collection approach, contact us to discuss how it may be done. We will do our best to provide you with technical assistance.
-
-*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-/**
- * \file zrtp.h
- * \brief Defines basic libzrtp functions and data types
- */
-
-#ifndef __ZRTP_H__
-#define __ZRTP_H__
-
-#include "zrtp_config.h"
-#include "zrtp_base.h"
-#include "zrtp_error.h"
-#include "zrtp_types.h"
-#include "zrtp_protocol.h"
-#include "zrtp_engine.h"
-#include "zrtp_crypto.h"
-#include "zrtp_iface.h"
-#include "zrtp_iface_system.h"
-#include "zrtp_iface_scheduler.h"
-#include "zrtp_list.h"
-#include "zrtp_legal.h"
-#include "zrtp_log.h"
-#include "zrtp_srtp.h"
-#include "zrtp_srtp_builtin.h"
-#include "zrtp_string.h"
-#include "zrtp_pbx.h"
-#include "zrtp_legal.h"
-#include "zrtp_version.h"
-#include "zrtp_iface_cache.h"
-#include "zrtp_ec.h"
-
-
-
-/**
- * \defgroup zrtp_api API
- *
- * In this section the basic functions for using the library are defined. They include
- * initialization and deinitialization functions, functions for session and stream management and
- * functions for RTP traffic management.
- *
- * In most cases this section is all you need to start working with libzrtp. The typical simplified
- * order of operations in using libzrtp is the following:
- * -# library configuration
- * -# library initialization;
- * -# ZRTP session creation and configuration;
- * -# ZRTP stream attaching and Protocol initiation;
- * -# RTP stream processing;
- * -# ZRTP protocol stopping and releasing resources.
- * For each of these actions there is a set of corresponding functions.
- * \sa
- * - \ref howto
- * - \ref XXX_GUIDE
- */
-
-
-
-/*======================================================================*/
-/* Public ZRTP libzrtp datatypes */
-/*======================================================================*/
-
-
-/**
- * \defgroup zrtp_types Types and Definitions
- * \ingroup zrtp_api
- * The data types used in libzrtp are defined in this section
- * \{
- *
- */
-/**
- * \typedef typedef uint32_t zrtp_id_t;
- * \brief libzrtp general identifier used to debug connections management.
- * \ingroup zrtp_main_init
- */
-
-/** Length of "zrtp-hash-value", RFC 6189 sec 8. @sa zrtp_signaling_hash_get(); */
-#define ZRTP_SIGN_ZRTP_HASH_LENGTH (ZRTP_MESSAGE_HASH_SIZE*2)
-
-/**
- * \brief Enumeration for ZRTP Licensing modes
- * \ingroup zrtp_main_init
- *
- * A ZRTP endpoint that is Passive will never send a Commit message, which means that it cannot be
- * the initiator in the ZRTP exchange. Since at least one of the two parties must be the initiator,
- * two Passive endpoints cannot make a secure connection. However, a non-Passive ZRTP endpoint can
- * send a Commit message, enabling it to act as the initiator in a ZRTP exchange. This allows it to
- * make a secure connection to a Passive endpoint, or to another non-Passive endpoint.
- *
- * In addition, a Passive ZRTP endpoint declares that it is Passive by setting the passive flag in
- * the Hello message, which means the other party will recognize it as Passive. This allows for a
- * Passive mode and two forms of Active mode-- Active, or Unlimited. These three possible behaviors
- * for a ZRTP endpoint are defined as:
- * - \b Passive: Never send a Commit message, and thus can never be the initiator.
- * - \b Active: Will send a Commit message, but only to non-Passive ZRTP partners.
- * - \b Unlimited: Will send a Commit message to any ZRTP partner, Passive or non-Passive.
- *
- * This can be used to provide three classes of service, which can be licensed t different price
- * points. Passive can be used in freeware for widest possible deployment, Active can be used in
- * discount products that can only talk to non-freeware, and Unlimited can be used in full-price
- * products that will benefit from the network effect of widely deployed Passive freeware.
- */
-typedef enum zrtp_license_mode_t
-{
- /** @brief Never send a Commit message, and thus can never be the initiator. */
- ZRTP_LICENSE_MODE_PASSIVE = 0,
- /** @brief Will initiate ZRTP exchange, but only to non-Passive ZRTP partners. */
- ZRTP_LICENSE_MODE_ACTIVE,
- /** @brief Will send a Commit message to any ZRTP partner, Passive or non-Passive. */
- ZRTP_LICENSE_MODE_UNLIMITED
-} zrtp_license_mode_t;
-
-/**
- * @brief Enumeration to define Signaling initiator/responder roles.
- *
- * Used by libzrtp to optimize some internal processes and protocol handshake.
- *
- * @sas zrtp_stream_start().
- */
-typedef enum zrtp_signaling_role_t
-{
- /** @brief Unknown Signaling role, should be used when the app can't determine the role. */
- ZRTP_SIGNALING_ROLE_UNKNOWN = 0,
- /** @brief Signaling Initiator. */
- ZRTP_SIGNALING_ROLE_INITIATOR,
- /** @brief Signaling Responder. */
- ZRTP_SIGNALING_ROLE_RESPONDER,
- ZRTP_SIGNALING_ROLE_COUNT
-} zrtp_signaling_role_t;
-
-
-/** @brief 12-byte ZID for unique ZRTP endpoint identification. */
-typedef unsigned char zrtp_zid_t[12];
-
-/** \brief 16-byte ID for ZRTP endpoint's software identification. */
-typedef char zrtp_client_id_t[16];
-
-/**
- * @brief ZRTP global configuration options
- * @ingroup zrtp_main_init
- * @warning Use \ref zrtp_config_defaults() before start configuring this structure.
- */
-typedef struct zrtp_config_t
-{
- /** @brief Symbolic client identifier */
- zrtp_client_id_t client_id;
-
- /** @brief libzrtp license mode defined protocol behavior */
- zrtp_license_mode_t lic_mode;
-
- /** @brief Set this flag to 1 if you product is MiTM box */
- uint8_t is_mitm;
-
- /** @brief Set of interfaces required to operate with libzrtp */
- zrtp_callback_t cb;
-
- /** @brief Path to zrtp cache file (set if you use built-in realization) */
- zrtp_string256_t def_cache_path;
-
- /**
- * @brief Flush the cache automatically
- * Set to 1 if you want libzrtp to flush the cache to the persistent storage
- * right after it is modified. If cache_auto_store is 0, libzrtp will flush
- * the cache on going down only and the app is responsible for storing the
- * cache in unexpected situations. Enabled by default.
- *
- * @sa zrtp_def_cache_store()
- */
- unsigned cache_auto_store;
-} zrtp_config_t;
-
-/**
- * \brief zrtp stream information structure
- * \ingroup zrtp_main_management
- *
- * libzrtp, since v0.80 takes data encapsulating approach and hides all private data inside
- * zrtp_stream_t structure. Developers shouldn't access them directly. \ref zrtp_stream_get() should
- * be used instead to fill zrtp_stream_info_t structure. zrtp_stream_info_t contains all needed
- * information in safe and easy to use form.
- */
-struct zrtp_stream_info_t
-{
- /** \brief Stream unique identifier for debug purposes */
- zrtp_id_t id;
-
- /** \brief Pointer to the parent zrtp session */
- zrtp_session_t* session;
-
- /** \brief Stream mode. Defines libzrtp behavior related to specified contexts. */
- zrtp_stream_mode_t mode;
-
- /** \brief Defines ZRTP Trusted mitm mode for the current session. */
- zrtp_mitm_mode_t mitm_mode;
-
- /** \brief Reflects current state of ZRTP protocol */
- zrtp_state_t state;
-
- /**
- * \brief Last protocol error code
- *
- * Available for reading in ERROR state on zrtp_security_event_t#ZRTP_EVENT_PROTOCOL_ERROR.
- */
- zrtp_protocol_error_t last_error;
-
- /**
- * \brief Remote passive flag
- *
- * This flag shows when remote side is "passive" (has license mode PASSIVE) available in CLEAR
- * state and later.
- */
- uint8_t peer_passive;
-
- /**
- * \brief Allowclear flag.
- *
- * Current value of "allowclear" option exchanged during ZRTP negotiation. Available in SECURE
- * state.
- */
- uint8_t res_allowclear;
-
- /**
- * \brief Peer disclose bit flag
- *
- * Indicates the ability of the remote side to disclose its session key. Specifies that the
- * remote side allows call monitoring. If this flag is set, the end user must be informed. It
- * can be read in the SECURE state.
- */
- uint8_t peer_disclose;
-
- /**
- * \brief Defines that remote party is ZRTP MiTM endpoint
- *
- * Enabled by (Asterisk PBX, UMLab SIP Firewall or etc.) Available for reading in CLEAR state
- * ande later.
- */
- uint8_t peer_mitm;
-};
-
-/**
- * \brief zrtp session information structure
- * \ingroup zrtp_main_management
- * libzrtp, since v0.80 takes data incapsulating approach and hides all private date inside
- * zrtp_session_t structure. Developers shouldn't access them directly. \ref zrtp_session_get()
- * should be used instead to fill zrtp_session_info_t structure. zrtp_session_info_t contains all
- * needed information in safe and easy to use form.
- */
-struct zrtp_session_info_t
-{
- /** \brief Session unique identifier for debug purposes */
- zrtp_id_t id;
-
- /**
- * \brief Local ZID
- *
- The unique 12-characters string that identifies the local ZRTP endpoint.This ID allows remote
- * peers to recognize this ZRTP endpoint.
- */
- zrtp_string16_t zid;
-
- /**
- * \brief Remote ZID
- *
- * Extracted from the Hello packet of the very first ZRTP stream. Uniquely identifies the remote
- * ZRTP peer.
- */
- zrtp_string16_t peer_zid;
-
- /** \brief Character name identified remote ZRTP endpoint.*/
- zrtp_string16_t peer_clientid;
-
- /** \brief ZRTP Protocol version supported by the remote endpoint. */
- zrtp_string16_t peer_version;
-
- /**
- * \brief Indicates that SAS related data is available for reading.
- * \note
- * As SAS is computed in SECURE state only, it may contain unknown values in other states. Check
- * sas_is_ready before displaying SAS to the user.
- */
- uint8_t sas_is_ready;
-
- /** \brief First Short Authentication String */
- zrtp_string16_t sas1;
-
- /**
- * \brief Second Short Authentication string.
- * \note
- * Second SAS is available for \c base256 authentication only (\c sas_is_base256 is set). In
- * other case, \c sas1 contains \c base32 value and \c sas2 is empty.
- */
- zrtp_string16_t sas2;
-
- /** \brief Binary SAS digest (ZRTP_SAS_DIGEST_LENGTH bytes) */
- zrtp_string32_t sasbin;
-
- /**
- * \brief Bit-map to summarize shared secrets "Cached" flags.
- *
- * 1 at appropriate bit means that the secrets was found in the cache and restored successfully.
- * Value equal to 0 indicates that secret for the remote endpoint was not found in the cache
- * and was generated randomly.
- * Use ZRTP_BIT_RS1, ZRTP_BIT_RS2, ZRTP_BIT_AUX and ZRTP_BIT_PBX bit-masks to get "cached" value
- * for the appropriate secret.
- */
- uint32_t cached_flags;
-
- /**
- * \brief Bit-map to summarize shared secrets "Matched" flags.
- *
- * 1 at appropriate bit means that the secret, locally computed by your ZRTP endpoint is equal
- * to the secret, received from the remote endpoint. Secrets may not match if one of the
- * endpoints doesn't use cache of the shared secrets, if the cache was deleted or in case of
- * an attack.
- * Use ZRTP_BIT_RS1, ZRTP_BIT_RS2, ZRTP_BIT_AUX and ZRTP_BIT_PBX bit-masks to get "cached" value
- * for the appropriate secret.
- */
- uint32_t matches_flags;
-
- /**
- * \brief Bit-map to summarize shared secrets "Wrong" flags.
- *
- * 1 at appropriate bit means that the secret was restored from the cache, but doesn't match
- * to the remote endpoint's secret. Such situation may happen if the remote endpoint lost cache
- * or in case of attach.
- * Use ZRTP_BIT_RS1, ZRTP_BIT_RS2, ZRTP_BIT_AUX and ZRTP_BIT_PBX bit-masks to get "cached" value
- * for the appropriate secret.
- */
- uint32_t wrongs_flags;
-
- /**
- * \brief SAS Verification flag.
- *
- * The SAS Verified flag (V) is set based on the user indicating that SAS comparison has been
- * successfully performed. Each party sends the SAS Verified flag from the previous session in
- * the Confirm message of the current session.
- * \sa
- * - ZRTP RFC section. "7.1. SAS Verified Flag" for more information about Verification Flag.
- * - zrtp_verified_set()
- */
- uint32_t sas_is_verified;
-
- /** \brief Indicates base256 SAS encoding */
- uint8_t sas_is_base256;
-
- /**
- * \brief actual lifetime of the secrets
- *
- * This variable contains the interval for retaining secrets within an established session. In
- * accordance with ZRTP RFC this value is calculated as the minimal of local and remote TTLs
- * after confirmation. Value is given in seconds and can be read in the SECURE state.
- */
- uint32_t secrets_ttl;
-
- /** \brief Hash crypto component name used in ZRTP calculations. */
- zrtp_string32_t hash_name;
-
- /** \brief Cipher crypto component name used in ZRTP encryption. */
- zrtp_string32_t cipher_name;
-
- /** \brief SRTP Authentication crypto component name used in ZRTP exchange. */
- zrtp_string32_t auth_name;
-
- /** \brief SAS scheme crypto component name used in ZRTP exchange. */
- zrtp_string32_t sas_name;
-
- /** \brief Publik Key Exchange name used in ZRTP exchange. */
- zrtp_string32_t pk_name;
-};
-
-/* \} */
-
-
-/*======================================================================*/
-/* libzrtp Public API: Streams management */
-/*======================================================================*/
-
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/**
- * \defgroup zrtp_main_init Initalization and Configuration
- * \ingroup zrtp_api
- * \{
- */
-
-/**
- * \brief Initializes libzrtp global config
- *
- * zrtp_config_defaults() prepares all fields of zrtp_config_t for further usage in zrtp_init().
- * This function allocates all necessary resources and initialize zrtp_config_t#cb with default
- * implementations.
- *
- * \param config - libzrtp config for initialization.
- * \warning this function must be used before start operating with the config.
- */
-void zrtp_config_defaults(zrtp_config_t* config);
-
-/**
- * \brief Initializing libzrtp
- *
- * This function initializes the library and all its components. zrtp_init() initialize global data
- * for all sessions and streams. Fields of the global zrtp context are initialized automatically and
- * shouldn't be modified. For correct memory management, global context should be released by
- * calling zrtp_down().
- *
- * \param config - libzrtp inital parameters
- * \param zrtp - out parameter, pointer to allocated zrtp global context structure;
- * \warning this function \b must be called before any operation with libzrtp.
- * \return
- * - zrtp_status_ok in successfully initialized or one of zrtp status errors in other case.
- * \sa zrtp_down()
-*/
-zrtp_status_t zrtp_init(zrtp_config_t* config, zrtp_global_t** zrtp);
-
-/*!
- * \brief Shutting down the library
- *
- * Frees all allocated structures and resources. This function \b must be called at the end of use
- * to stop libzrtp correctly. zrtp_down() doesn't stop in-progress ZRTP streams. To avoid mistakes,
- * close all sessions before library deinitialization.
- *
- * \param zrtp - global ZRTP context previously allocated by zrtp_init();
- * \return
- * - zrtp_status_ok if successfully shut down;
- * - zrtp_status_fail if an error occurred.
- * \sa zrtp_init()
- */
-zrtp_status_t zrtp_down(zrtp_global_t* zrtp);
-
-/* \} */
-
-/**
- * \defgroup zrtp_main_management ZRTP Connections
- * \ingroup zrtp_api
- * \{
- */
-
-/**
- * \brief ZRTP Session Initialization.
- *
- * This function allocates and initializes the internal session context data. The given context is
- * associated with the specified ZRTP identifier. Only after initialization does the session contain
- * ZRTP_MAX_STREAMS_PER_SESSION streams ready to be used.
- *
- * After successfully initialization, configuration will be done according to the relevant profile
- * \c profile. Profile will be applyed to every stream allocated within this session. Before using
- * the profile, call zrtp_profile_check() function to make sure that the profile you are applying
- * is correct.
- *
- * \warning Don't call zrtp_session_init() in parallel with other operations on this session.
- * \param zrtp - global libzrtp context;
- * \param profile - the session configuration profile. If value of this parameter is NULL, default
- * profile will be used. NULL profile usage is equivalent to calling zrtp_profile_defaults().
- * \param zid - ZRTP peer identificator.
- * \param role - identifies if the endpoint was the signaling initiator of the call. Used to
- * provide Passive Mode options to the developer. If your application doesn't control signaling
- * or you don't want to support Passive Mode features - set it to ZRTP_SIGNALING_ROLE_UNKNOWN.
- * \param session - allocated session structure.
- * \return
- * - zrtp_status_ok if initialization is successful;
- * - zrtp_status_fail if an error occurs.
- * \sa zrtp_session_down()
- */
-zrtp_status_t zrtp_session_init( zrtp_global_t* zrtp,
- zrtp_profile_t* profile,
- zrtp_zid_t zid,
- zrtp_signaling_role_t role,
- zrtp_session_t **session);
-/**
- * \brief ZRTP Session context deinitialization
- *
- * This function releases all resources allocated for internal context operations by zrtp_init().
- *
- * \warning Don't call zrtp_session_init() in parallel with other operations on this session.
- * \param session - session for deinitialization.
- * \sa zrtp_session_init()
- */
-void zrtp_session_down(zrtp_session_t *session);
-
-
-/**
- * \brief Obtain information about ZRTP session
- *
- * Function initialize and fills all fields of zrtp_session_info_t structure according to
- * the current state of ZRTP session.
- *
- * \param session - zrtp session which parameters should be extracted;
- * \param info - out structure to be initialized.
- * \return
- * - zrtp_status_ok in case of success.
- * - zrtp_status_fail if an error occurs.
- */
-zrtp_status_t zrtp_session_get(zrtp_session_t *session, zrtp_session_info_t *info);
-
-/**
- * \brief Allow user to associate some data with current zrtp session.
- * \param session - zrtp session to attach data to.
- * \param udata - pointer to the user-data context.
- * \sa zrtp_session_get_userdata()
- */
-void zrtp_session_set_userdata(zrtp_session_t *session, void* udata);
-
-/**
- * \brief Return user data associated with the zrtp session
- * \param session - zrtp session to extract user data.
- * \return
- * - pointer to the user-data context previously set by zrtp_session_set_userdata().
- * - NULL if the user data unavailable.
- * \sa zrtp_session_set_userdata()
- */
-void* zrtp_session_get_userdata(zrtp_session_t *session);
-
-/**
- * \brief Attaching a new stream to the session
- *
- * This function call initializes a ZRTP stream and prepares it for use within the specified
- * session. The maximum number of streams for one session is defined by the
- * ZRTP_MAX_STREAMS_PER_SESSION variable. All newly created streams are equivalent and have
- * ZRTP_STREAM_MODE_CLEAR mode and ZRTP_ACTIVE state. Only after attaching a stream, ZRTP protocol
- * can be initiated.
- *
- * \param session - the ZRTP session within which a new stream is to be
- * \param stream - out parameter, attached stream will be stored there
- * \return
- * - zrtp_status_ok if stream was attached successfully
- * - one of zrtp_status_t errors in case of failure
- * \sa zrtp_stream_start() zrtp_stream_stop()
- */
-zrtp_status_t zrtp_stream_attach(zrtp_session_t *session, zrtp_stream_t** stream);
-
-/**
- * \brief Starting a ZRTP stream
- *
- * ZRTP stream setup is initiated by calling this function. Exchange of command packets begins
- * immediately according to protocol. If the option "autosecure" is on, calling this function is the
- * only requirement for setting up the ZRTP connection within a stream. If "autosecure" mode is not
- * available, calling this function activates only connection within a ZRTP stream. A connection can
- * be established manually later by calling zrtp_stream_secure().
- *
- * Setup of the stream/connection takes a certain interval of time. This function just initiates
- * this process. The system of callbacks informs the user about the progress of libzrtp protocol.
- *
- * \param stream - ZRTP stream to be started.
- * \param ssrc - ssrc which will be used in ZRTP protocol messages. It should match with ssrc of
- * appropriate RTP stream which will be encrypted by this ZRTP stream.
- * \return
- * - zrtp_status_ok in case of success;
- * - one of zrtp_status_t errors in case of failure
- * \sa
- * - \ref XXX_GUIDE_CB \ref XXX_GUIDE_MANAGEMENT
- * - zrtp_stream_stop() zrtp_stream_secure() zrtp_stream_clear()
- */
-zrtp_status_t zrtp_stream_start(zrtp_stream_t* stream,
- uint32_t ssrc);
-
-/**
- * \brief ZRTP protocol stopping
- *
- * This function stops all protocol operations for the specified stream, releases resources
- * allocated on the zrtp_stream_start() and prepares the stream structure for the next use.
- *
- * This function will stop the protocol at any stage: all delayed tasks are canceled, and the
- * protocol packet exchange and encryption is stopped. After this function call it is necessary to
- * stop processing traffic using the zrtp_process_xxx() function.
- *
- * \param stream - the stream being shutdown.
- * \return
- * - zrtp_status_ok in case of success;
- * - one of zrtp_status_t errors in case of failure
- * \sa
- * - \ref XXX_GUIDE_CB \ref XXX_GUIDE_MANAGEMENT
- * - zrtp_stream_start() zrtp_stream_secure() zrtp_stream_clear()
- */
-zrtp_status_t zrtp_stream_stop(zrtp_stream_t* stream);
-
-/*!
- * \brief Initiating an interruption of the secure connection
- *
- * This function initiates the shutting down of the ZRTP connection within a stream. In other words,
- * after successfully switching to secure mode (\ref XXX SECURE state, fig. 1.5), calling this
- * function begins the exchange of packets switching back to insecure (CLEAR) mode.
- *
- * This function can only be implemented from the SECURE state. Attempt to call this function from
- * any other state will end in failure. The client application is informed about protocol
- * progress through a system of callbacks.
- *
- * \param stream - ZRTP stream .
- * \return
- * - zrtp_status_ok - if shutting down the connection is started successfully.
- * - zrtp_status_fail - if shutting down the connection is initiated from an incorrect state.
- * \sa
- * - \ref XXX_GUIDE_CB \ref XXX_GUIDE_MANAGEMENT
- * - zrtp_stream_start() zrtp_stream_secure() zrtp_stream_clear()
- */
-zrtp_status_t zrtp_stream_clear(zrtp_stream_t *stream);
-
-/**
- * \brief Initiating a secure connection setup
- *
- * The function initiates a ZRTP connection setup within a stream. In other words, after the
- * protocol has started and Discovery phase have been successfully accomplished, calling this
- * function will begin the exchange of packets for switching to SECURE mode.
- *
- * This function can be successfully performed only from the CLEAR state (\ref XXX Figure 1.6).
- * Attempting to call this function from any other state will result in failure. The client
- * application is informed about protocol progress through a system of callbacks.
- *
- * \param stream - ZRTP stream to be secured.
- * \return
- * - zrtp_status_ok - if switching to secure mode started successfully.
- * - zrtp_status_fail - if switching to secure mode is initiated from a state other than CLEAR.
- * \sa
- * - \ref XXX_GUIDE_CB \ref XXX_GUIDE_MANAGEMENT.
- * - zrtp_stream_start() zrtp_stream_clear().
- */
-zrtp_status_t zrtp_stream_secure(zrtp_stream_t *stream);
-
-/**
- * \brief Obtain information about zrtp stream
- *
- * Function initialize and fills all fields of zrtp_stream_info_t structure accordint to
- * current state of zrtp stream.
- *
- * \param stream - zrtp stream which parameters should be extracted
- * \param info - out structure to be initialized
- * \return
- * - zrtp_status_ok in case of success.
- * - zrtp_status_fail if an error occurs.
- */
-zrtp_status_t zrtp_stream_get(zrtp_stream_t *stream, zrtp_stream_info_t *info);
-
-/**
- * @brief Allow user to associate some data with zrtp stream.
- * @param stream - zrtp stream to attach data to.
- * @param udata - pointer to the user-data context.
- * @sa zrtp_stream_get_userdata()
- */
-void zrtp_stream_set_userdata(zrtp_stream_t *stream, void* udata);
-
-/**
- * \brief Return user data associated with the zrtp stream
- * \return
- * - pointer to the user-data context previously set by zrtp_stream_set_userdata()
- * - NULL if user data unavailable;
- * \sa zrtp_stream_set_userdata()
- */
-void* zrtp_stream_get_userdata(const zrtp_stream_t *stream);
-
-/* \} */
-
-/*======================================================================*/
-/* libzrtp Public API: Encryption */
-/*======================================================================*/
-
-/**
- * \defgroup zrtp_main_proto Traffic Processing
- * \ingroup zrtp_api
- * \{
- */
-
-/**
- * \brief Processing outgoing RTP packets
- *
- * This is the main function for processing outgoing RTP packets. As soon as the protocol is
- * started, each outgoing RTP packet (not encrypted) has to go through this function.
- *
- * It performs different actions depending on the connection state and packet type:
- * - In setup ZRTP connection mode, it encrypts outgoing RTP packets. The packet is encrypted right
- * in the transferred buffer;
- * - Protects codec and data privacy by deleting certain packets from the stream. In this case the
- * body and the length of the packet remain unchanged.
- *
- * \param stream - ZRTP stream to process RTP packet;
- * \param packet - buffer storing the RTP packet for encryption. After processing, the encrypted
- * packet is stored in the same buffer.
- * \param length - the length of the buffered packet. After processing, the length of encrypted
- * packet is stored here.
- * \warning During encryption, the data length increases in comparison to the source data. Because
- * the function uses the same buffer both for incoming and resulting values, the length of the
- * buffer must be larger than size of source packet.
- * \return
- * - zrtp_status_ok if encryption is successful. The packet should be sent to the recipient.
- * - zrtp_status_fail if there was an error during encryption. The packet should be rejected.
- * - zrtp_status_drop if there was interference in the VoIP client codec protection mechanism. The
- * packet should be rejected.
- * \sa zrtp_process_srtp() zrtp_process_rtcp() zrtp_process_srtcp()
- */
-zrtp_status_t zrtp_process_rtp( zrtp_stream_t *stream,
- char* packet,
- unsigned int* length);
-
-/**
- * \brief Processing incoming RTP packets
- *
- * This is the main function for incoming RTP packets processing. It is an analogue of
- * zrtp_process_rtp() but for an incoming stream. After the protocol is started, each (encrypted)
- * incoming RTP packet has to go through this function.
- *
- * It performs different actions depending on the connection state and packet type:
- * - during setup/interruption of ZRTP connection, processes incoming protocol packets. The body
- * and length of the packet remain unchanged;
- * - in setup ZRTP connection mode, decrypts incoming RTP packet. The packet is decrypted right in
- * the transferred buffer;
- * - protects codec and data privacy by deleting certain packets from the stream. In this case the
- * body and the length of the packet remain unchanged.
- *
- * \param stream - ZRTP stream for processing
- * \param packet - buffer storing the packet for decrypting. After processing, the decrypted packet
- * is stored in the same buffer;
- * \param length - the length of the buffered packet. After processing, the length of decrypted
- * packet is stored here;
- * \return
- * - zrtp_status_ok if decrypting is successful. Such a packet should be sent to the recipient;
- * - zrtp_status_fail if an error occurred during decrypting or command packet processing. The
- * packet should be rejected;
- * - zrtp_status_drop if the command packet processing is successful or if there was interference
- * in the VoIP client codec protection mechanism. The packet should be rejected in either case;
- * \sa zrtp_process_rtp() zrtp_process_rtcp() zrtp_process_srtcp()
- */
-zrtp_status_t zrtp_process_srtp( zrtp_stream_t *stream,
- char* packet,
- unsigned int* length);
-
-/*!
- * \brief Processing outgoing RTCP packets
- *
- * This is the main function for processing outgoing RTCP packets. The function behavior is similar
- * to that of zrtp_process_rtp():
- * - In SECURE mode, encrypts outgoing RTCP packets. The packet is encrypted right in the
- * transferred buffer. The length of encrypted packet is returned in the \c length variable;
- * - protects codec and data privacy by deleting certain packets from the stream. In this case the
- * body and the length of the packet remain unchanged.
- *
- * \param stream - ZRTP session for processing;
- * \param packet - buffer storing RTCP packet;
- * \param length - length of the buffered packet.
- * \return
- * - zrtp_status_ok if encryption is successful. The packet should be sent to the recipient.
- * - zrtp_status_fail if there was an error during encryption. The packet should be rejected.
- * - zrtp_status_drop if there was interference in the VoIP client codec protection mechanism. The
- * packet should be rejected.
- * \sa zrtp_process_srtp() zrtp_process_rtp() zrtp_process_srtcp()
- */
-zrtp_status_t zrtp_process_rtcp( zrtp_stream_t *stream,
- char* packet,
- unsigned int* length);
-
-/**
- * \brief Processing incoming RTCP packets
- *
- * This is the main function for processing incoming RTCP packets. The function behavior is similar
- * to that of zrtp_process_srtp():
- * - In SECURE mode, decrypts incoming RTCP packets. The packet is decrypted right in the
- * transferred buffer. The length of the encrypted packet is returned in the \c length variable;
- * - In transition states, drops all incoming RTCP traffic. In this case the body and the length of
- * the packet remain unchanged.
- *
- * \param stream - ZRTP stream for processing;
- * \param packet - buffer storing the RTCP packet;
- * \param length - length of the buffered packet.
- * \return
- * - zrtp_status_ok if decrypting is successful. Such a packet should be sent to the recipient;
- * - zrtp_status_drop if the command packet processing is successful or if there was interference
- * in the VoIP client codec protection mechanism. The packet should be rejected in either case;
- * - zrtp_status_fail if there was an error during encryption. The packet should be rejected.
- * \sa zrtp_process_srtp() zrtp_process_rtp() zrtp_process_rtcp()
- */
-zrtp_status_t zrtp_process_srtcp( zrtp_stream_t *stream,
- char* packet,
- unsigned int* length);
-
-/* \} */
-
-/**
- * \defgroup zrtp_main_utils Utilities
- * \ingroup zrtp_api
- * \{
- */
-
-/**
- * \brief Specifies the hash of the peer Hello message for verification.
- *
- * In accordance with the ZRTP RFC sec. 9, this protocol can prevent DOS attacks by verification of
- * the Hello message hash sent through the signaling protocol.
- *
- * This function allows the user to specify the Hello hash for verification. If after the
- * discovering phase the Hello hashes don't match, libzrtp raises the
- * zrtp_event_t#ZRTP_EVENT_WRONG_SIGNALING_HASH event. This function should only be called before
- * starting the protocol from the ZRTP_STATE_ACTIVE state.
- *
- * \param stream - stream for operating with;
- * \param hash_buff - signaling hash buffer. Function accepts string, not a binary value!;
- * \param hash_buff_length - signaling hash length in bytes, must be ZRTP_SIGN_ZRTP_HASH_LENGTH bytes;
- * \return:
- * - zrtp_status_ok if the operation finished successfully
- * - one of the errors otherwise
- * \sa
- * - ZRTP RFC. sec 8;
- * - zrtp_signaling_hash_get()
- */
-zrtp_status_t zrtp_signaling_hash_set( zrtp_stream_t* stream,
- const char *hash_buff,
- uint32_t hash_buff_length);
-
-/**
- * \brief Returns the hash of the Hello message to be transferred in signaling.
- *
- * To prevent DOS attacks, the hash of the Hello message may be sent through signaling.
- * zrtp_signaling_hash_get() may be called after attaching the stream to receive the value of this
- * hash.
- *
- * \param stream - stream for operating with
- * \param hash_buff - buffer for storing signaling hash. Function returns already parsed hex string.
- * String is null-terminated. Buffer must be at least ZRTP_SIGN_ZRTP_HASH_LENGTH bytes length.
- * \param hash_buff_length - buffer length in bytes, non less than ZRTP_SIGN_ZRTP_HASH_LENGTH bytes.
- * \return:
- * - zrtp_status_ok if the operation finished successfully
- * - one of the errors otherwise
- * \sa
- * - ZRTP RFC. sec 8;
- * - zrtp_signaling_hash_set()
- */
-zrtp_status_t zrtp_signaling_hash_get(zrtp_stream_t* stream,
- char* hash_buff,
- uint32_t hash_buff_length);
-
-/**
- * \brief Changing the value of the secret's verification flag
- *
- * This function is used to change (set, unset) the secret's verification flag. zrtp_verified_set()
- * changes the relevant internal data and stores a flag in the cache.
- * \note
- * Special synchronization mechanisms are provided to protect the cache from race conditions. Don't
- * change the verified flag directly in the cache - use this function.
- *
- * \param zrtp - zrtp global data;
- * \param zid1 - ZID of the first party;
- * \param zid2 - ZID of the second party;
- * \param verified - Boolean value of the verified flag.
- * \return
- * - zrtp_status_ok - if successful;
- * - one of zrtp_status_t errors if fails.
- */
-zrtp_status_t zrtp_verified_set( zrtp_global_t *zrtp,
- zrtp_string16_t *zid1,
- zrtp_string16_t *zid2,
- uint8_t verified);
-
-/**
- * \brief Verifying the ZRTP profile
- *
- * zrtp_profile_check() checks the correctness of the values in the profile. The following checks
- * are performed:
- * - the number of components in each group does not exceed ZRTP_MAX_COMP_COUNT;
- * - the components declared are supported by the library kernel.
- * - presence of the set of obligatory components defined by ZRTP RFC.
- *
- * \param profile - ZRTP profile for validation;
- * \param zrtp - global ZRTP context.
- * \return
- * - zrtp_status_ok - if profile passed all available tests;
- * - one of ZRTP errors - if there are mistakes in the profile. See debug logging for additional
- * information.
- */
-zrtp_status_t zrtp_profile_check(const zrtp_profile_t* profile, zrtp_global_t* zrtp);
-
-/**
- * \brief Configure the default ZRTP profile
- *
- * These options are used:
- * \code
- * "active" is enabled;
- * "allowclear" is disabled by default and enabled for Zfone only;
- * "autosecure" is enabled;
- * "disclose_bit" is disabled;
- * cache_ttl = ZRTP_CACHE_DEFAULT_TTL defined by ZRTP RFC;
- *
- * [sas_schemes] = ZRTP_SAS_BASE256, ZRTP_SAS_BASE32;
- * [cipher_types] = ZRTP_CIPHER_AES128;
- * [pk_schemes] = ZRTP_PKTYPE_DH3072;
- * [auth_tag_lens] = ZRTP_ATL_HS32;
- * [hash_schemes] = ZRTP_HASH_SHA256;
- * \endcode
- *
- * \param profile - ZRTP stream profile for filling;
- * \param zrtp - libzrtp global context.
- */
-void zrtp_profile_defaults(zrtp_profile_t* profile, zrtp_global_t* zrtp);
-
-/**
- * \brief Search for a component in the profile by ID
- *
- * The utility function returning the position of an element of the specified type in the profile.
- * Used by libZRTP kernel and for external use.
- *
- * \param profile - ZRTP profile;
- * \param type - sought component type;
- * \param id - sought component ID.
- * \return
- * - component position - if component was found;
- * -1 - if the component with the specified ID can't be found in profile.
- */
-int zrtp_profile_find(const zrtp_profile_t* profile, zrtp_crypto_comp_t type, uint8_t id);
-
-/* \} */
-
-/**
- * \defgroup zrtp_main_rng Random Number Generation
- * \ingroup zrtp_api
- * \{
- * The generation of cryptographic key material is a highly sensitive process. To do this, you need
- * high entropy random numbers that an attacker cannot predict. This section \ref rng gives basic
- * knowliges andbot the RNG and it's implementation in libzrtp.
- * \warning
- * \ref rng \c MUST be read by every developer using libzrtp.
- */
-
-/**
- * \brief Entropy accumulation routine
- *
- * The random number generation scheme is described in detail in chapter \ref XXX. This function
- * gets \c length bytes of entropy from \c buffer and hashes it into the special storage. This
- * function should be called periodically from the user's space to increase entropy quality.
- * \warning
- * RNG is a very important and sensitive component of the crypto-system. Please, pay attention to
- * \ref rng.
- * \param zrtp - libzrtp global context;
- * \param buffer - pointer to the buffer with entropy for accumulating;
- * \param length - entropy size in bytes.
- * \return: number of hashed bytes.
- */
-int zrtp_entropy_add(zrtp_global_t* zrtp, const unsigned char *buffer, uint32_t length);
-
-/**
- * \brief Random string generation
- *
- * zrtp_randstr() generates \c length bytes of "random" data. We say "random" because the
- * "randomness" of the generated sequence depends on the quality of the entropy passed to
- * zrtp_entropy_add(). If the user provides "good" entropy, zrtp_randstr() generates sufficiently
- * "random" data.
- *
- * \param zrtp - libzrtp global context;
- * \param buffer - buffer into which random data will be generated;
- * \param length - length of required sequence in bytes.
- * \return
- * - length of generated sequence in bytes or -1 in case of error
- * \sa \ref rng
- */
-int zrtp_randstr(zrtp_global_t* zrtp, unsigned char *buffer, uint32_t length);
-
-int zrtp_randstr2(unsigned char *buffer, uint32_t length);
-
-/* \} */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* __ZRTP_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_BASE_H__
-#define __ZRTP_BASE_H__
-
-#include "zrtp_config.h"
-
-typedef double uint64_t_;
-
-typedef uint8_t zrtp_uchar4_t[4];
-typedef uint8_t zrtp_uchar8_t[8];
-typedef uint8_t zrtp_uchar12_t[12];
-typedef uint8_t zrtp_uchar16_t[16];
-typedef uint8_t zrtp_uchar32_t[32];
-typedef uint8_t zrtp_uchar64_t[64];
-typedef uint8_t zrtp_uchar128_t[128];
-typedef uint8_t zrtp_uchar256_t[256];
-typedef uint8_t zrtp_uchar1024_t[1024];
-
-typedef uint32_t zrtp_id_t;
-
-typedef struct zrtp_profile_t zrtp_profile_t;
-typedef struct zrtp_stream_t zrtp_stream_t;
-typedef struct zrtp_session_t zrtp_session_t;
-typedef struct zrtp_global_t zrtp_global_t;
-
-typedef struct zrtp_protocol_t zrtp_protocol_t;
-typedef struct zrtp_srtp_ctx_t zrtp_srtp_ctx_t;
-typedef struct zrtp_shared_secret_t zrtp_shared_secret_t;
-typedef struct zrtp_retry_task_t zrtp_retry_task_t;
-
-typedef struct zrtp_hash_t zrtp_hash_t;
-typedef struct zrtp_cipher_t zrtp_cipher_t;
-typedef struct zrtp_auth_tag_length_t zrtp_auth_tag_length_t;
-typedef struct zrtp_pk_scheme_t zrtp_pk_scheme_t;
-typedef struct zrtp_sas_scheme_t zrtp_sas_scheme_t;
-typedef struct zrtp_sig_scheme_t zrtp_sig_scheme_t;
-
-typedef struct zrtp_mutex_t zrtp_mutex_t;
-typedef struct zrtp_sem_t zrtp_sem_t;
-
-typedef struct zrtp_stream_info_t zrtp_stream_info_t;
-typedef struct zrtp_session_info_t zrtp_session_info_t;
-
-#include "sha2.h"
-#define MD_CTX sha512_ctx
-#define MD_Update(a,b,c) sha512_hash((const unsigned char *)(b),c,a)
-
-
-/**
- * \brief Function computing minimum value
- *
- * This macro returns the lesser of two values. If the numbers are equal, either of them is returned.
- *
- * \param left - first value for comparison;
- * \param right - second value for comparison.
- * \return
- * - lesser of compared numbers.
- */
-#define ZRTP_MIN(left, right) ((left < right) ? left : right)
-
-
-/*!
- * \brief zrtp_htonXX, zrtp_ntohXX - convert values between host and network
- * byte order
- *
- * To avoid ambiguities and difficulties with compilation on various platforms,
- * we designed our own swap functions. Byte order detection is based on zrtp_system.h.
- *
- * On the i80x86 the host byte order is little-endian (least significant byte
- * first), whereas the network byte order, as used on the Internet, is
- * big-endian (most significant byte first).
- */
-
-uint16_t zrtp_swap16(uint16_t x);
-uint32_t zrtp_swap32(uint32_t x);
-uint64_t zrtp_swap64(uint64_t x);
-
-#if ZRTP_BYTE_ORDER == ZBO_BIG_ENDIAN
-/*! Converts 16 bit unsigned integer to network byte order */
-#define zrtp_hton16(x) (x)
-/*! Converts 32 bit unsigned integer to network byte order */
-#define zrtp_hton32(x) (x)
-/*! Converts 64 bit unsigned integer to network byte order */
-#define zrtp_hton64(x) (x)
-
-/*! Converts 16 bit unsigned integer to host byte order */
-#define zrtp_ntoh16(x) (x)
-/*! Converts 32 bit unsigned integer to host byte order */
-#define zrtp_ntoh32(x) (x)
-/*! Converts 64 bit unsigned integer to host byte order */
-#define zrtp_ntoh64(x) (x)
-#else /* ZBO_BIG_ENDIAN */
-/*! Converts 16 bit unsigned integer to network byte order */
-#define zrtp_hton16(x) (zrtp_swap16(x))
-/*! Converts 32 bit unsigned integer to network byte order */
-#define zrtp_hton32(x) (zrtp_swap32(x))
-/*! Converts 64 bit unsigned integer to network byte order */
-#define zrtp_hton64(x) (zrtp_swap64(x))
-
-/*! Converts 16 bit unsigned integer to host byte order */
-#define zrtp_ntoh16(x) (zrtp_swap16(x))
-/*! Converts 32 bit unsigned integer to host byte order */
-#define zrtp_ntoh32(x) (zrtp_swap32(x))
-/*! Converts 64 bit unsigned integer to host byte order */
-#define zrtp_ntoh64(x) (zrtp_swap64(x))
-#endif
-
-
-/*
- * 128 and 256-bit structures used in Ciphers and SRTP module
- */
-typedef union
- {
- uint8_t v8[16];
- uint16_t v16[8];
- uint32_t v32[4];
- uint64_t v64[2];
- } zrtp_v128_t;
-
-typedef union
- {
- uint8_t v8[32];
- uint16_t v16[16];
- uint32_t v32[8];
- uint64_t v64[4];
- } zrtp_v256_t;
-
-/*
- * The following macros define the data manipulation functions.
- *
- * If DATATYPES_USE_MACROS is defined, then these macros are used directly (and
- * function-call overhead is avoided). Otherwise, the macros are used through
- * the functions defined in datatypes.c (and the compiler provides better
- * warnings).
- */
-
-#define _zrtp_v128_xor(z, x, y) \
-( \
-(z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \
-(z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \
-(z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \
-(z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \
-)
-
-#define _zrtp_v128_get_bit(x, bit) \
-( \
-( (((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \
-)
-
-#define zrtp_bitmap_get_bit(x, bit) \
-( \
-( (((x)[(bit) >> 3]) >> ((bit) & 7) ) & 1) \
-)
-
-#define zrtp_bitmap_set_bit(x, bit) \
-( \
-( (((x)[(bit) >> 3])) |= ((uint8_t)1 << ((bit) & 7)) ) \
-)
-
-#define zrtp_bitmap_clear_bit(x, bit) \
-( \
-( (((x)[(bit) >> 3])) &= ~((uint8_t)1 << ((bit) & 7)) ) \
-)
-
-void zrtp_bitmap_left_shift(uint8_t *x, int width_bytes, int index);
-
-void zrtp_v128_xor(zrtp_v128_t *z, zrtp_v128_t *x, zrtp_v128_t *y);
-
-
-
-//WIN64 {
-#if (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
-
-#ifdef WIN64 // For 64-bit apps
-
-unsigned __int64 __rdtsc(void);
-#pragma intrinsic(__rdtsc)
-#define _RDTSC __rdtsc
-
-#else // For 32-bit apps
-
-#define _RDTSC_STACK(ts) \
-__asm rdtsc \
-__asm mov DWORD PTR [ts], eax \
-__asm mov DWORD PTR [ts+4], edx
-
-__inline unsigned __int64 _inl_rdtsc32() {
- unsigned __int64 t;
- _RDTSC_STACK(t);
- return t;
-}
-#define _RDTSC _inl_rdtsc32
-
-#endif
-
-#endif
-//WIN64 }
-
-
-#endif /*__ZRTP_BASE_H__*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_CONFIG_H__
-#define __ZRTP_CONFIG_H__
-
-#include "zrtp_config_user.h"
-
-/*
- * ZRTP PLATFORM DETECTION
- * If platworm is not specified manually in zrtp_config_user.h - try to detect it aytomatically
- */
-#if !defined(ZRTP_PLATFORM)
-# if defined(ANDROID_NDK)
-# define ZRTP_PLATFORM ZP_ANDROID
-# elif defined(__FreeBSD__)
-# define ZRTP_PLATFORM ZP_BSD
-# elif defined(linux) || defined(__linux__) || defined(__linux)
-# include <linux/version.h>
-# define ZRTP_PLATFORM ZP_LINUX
-# elif defined(__MACOSX__) || defined (__APPLE__) || defined (__MACH__)
-# define ZRTP_PLATFORM ZP_DARWIN
-# elif defined(_WIN32_WCE) || defined(UNDER_CE)
-# include <windef.h>
-# define ZRTP_PLATFORM ZP_WINCE
-# elif defined(__SYMBIAN32__)
-# define ZRTP_PLATFORM ZP_SYMBIAN
-# elif defined(_WIN32) || defined(__WIN32__) || defined(_WIN64) || defined(WIN32) || defined(__TOS_WIN__)
-# if defined(__BUILDMACHINE__) && (__BUILDMACHINE__ == WinDDK)
-# define ZRTP_PLATFORM ZP_WIN32_KERNEL
-# elif defined(_WIN64)
-# define ZRTP_PLATFORM ZP_WIN32
-# else
-# define ZRTP_PLATFORM ZP_WIN32
-# endif
-# endif
-#endif
-
-#if ZRTP_PLATFORM == ZP_ANDROID
-# include "zrtp_config_android.h"
-#elif (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_BSD) || defined(ZRTP_AUTOMAKE)
-# include "zrtp_config_unix.h"
-#elif (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN32_KERNEL) || (ZRTP_PLATFORM == ZP_WINCE)
-# include "zrtp_config_win.h"
-#elif (ZRTP_PLATFORM == ZP_SYMBIAN)
-# include "zrtp_config_symbian.h"
-#endif
-
-#if !defined(ZRTP_PLATFORM)
-# error "Libzrtp can't detect software platform: use manual setup in zrtp_config_user.h"
-#endif
-
-#if ZRTP_HAVE_LINUX_VERSION_H == 1
-#include <linux/version.h>
-#endif
-#if ZRTP_HAVE_ASM_TYPES_H == 1
-#include <asm/types.h>
-#endif
-
-/*
- * ZRTP BYTEORDER DETECTION
- * If the byte order is not specified manually in zrtp_config_user.h - try to detect it automatically
- */
-#if !defined(ZRTP_BYTE_ORDER)
-
-#if defined(_i386_) || defined(i_386_) || defined(_X86_) || defined(x86) || defined(__i386__) || \
- defined(__i386) || defined(_M_IX86) || defined(__I86__)
-/*
- * Generic i386 processor family, little-endian
- */
-#define ZRTP_BYTE_ORDER ZBO_LITTLE_ENDIAN
-
-#elif defined(__amd64__) || defined(__amd64) || defined(__x86_64__) || defined(__x86_64) || defined(_AMD64_)
-/*
- * AMD 64bit processor, little endian
- */
-#define ZRTP_BYTE_ORDER ZBO_LITTLE_ENDIAN
-
-#elif defined( __sparc__) || defined(__sparc)
-/*
- * Sun Sparc, big endian
- */
-#define ZRTP_BYTE_ORDER ZBO_BIG_ENDIAN
-
-#elif defined(__AARCH64EB__)
-/*
- * aarch64, big endian
- */
-#define ZRTP_BYTE_ORDER ZBO_BIG_ENDIAN
-
-#elif defined(ARM) || defined(_ARM_) || defined(ARMV4) || defined(__arm__) || defined(__AARCH64EL__)
-/*
- * ARM, default to little endian
- */
-#define ZRTP_BYTE_ORDER ZBO_LITTLE_ENDIAN
-
-#elif defined(__powerpc) || defined(__powerpc__) || defined(__POWERPC__) || defined(__ppc__) || \
- defined(_M_PPC) || defined(_ARCH_PPC)
-/*
- * PowerPC, big endian
- */
-#define ZRTP_BYTE_ORDER ZBO_BIG_ENDIAN
-
-#elif defined(__MIPSEB__)
-/*
- * mips, big endian
- */
-#define ZRTP_BYTE_ORDER ZBO_BIG_ENDIAN
-
-#elif defined(__MIPSEL__)
-/*
- * mips, little endian
- */
-#define ZRTP_BYTE_ORDER ZBO_LITTLE_ENDIAN
-
-#elif defined(__e2k__)
-/*
- * Elbrus, little endian
- */
-#define ZRTP_BYTE_ORDER ZBO_LITTLE_ENDIAN
-
-#endif /* Automatic byte order detection */
-
-#endif
-
-#if !defined(ZRTP_BYTE_ORDER)
-# error "Libzrtp can't detect byte order: use manual setup in zrtp_config_user.h"
-#endif
-
-
-/*
- * Define Unaligned structure for target platform
- */
-#if (ZRTP_PLATFORM == ZP_WINCE)
-# define ZRTP_UNALIGNED(type) UNALIGNED type
-#else
-# define ZRTP_UNALIGNED(type) type
-#endif
-
-
-/*
- * Define basic literal types for libzrtp
- * We use this definitions in SRTP, AES and Hash implementation
- */
-#if (ZRTP_PLATFORM != ZP_WIN32_KERNEL)
-# if ZRTP_HAVE_STDLIB_H == 1
-# include <stdlib.h>
-# endif
-# if ZRTP_HAVE_STDINT_H == 1
-# include <stdint.h>
-# endif
-# if ZRTP_HAVE_INTTYPES_H == 1
-# include <inttypes.h>
-# endif
-# if ZRTP_HAVE_SYS_TYPES_H == 1
-# include <sys/types.h>
-# endif
-# if ZRTP_HAVE_SYS_INT_TYPES_H == 1
-# include <sys/int_types.h>
-# endif
-# if ZRTP_HAVE_MACHINE_TYPES_H == 1
-# include <machine/types.h>
-# endif
-#endif
-
-#if (ZRTP_PLATFORM == ZP_WINCE) || (ZRTP_PLATFORM == ZP_SYMBIAN) || (ZRTP_PLATFORM == ZP_ANDROID)
-# define ALIGNMENT_32BIT_REQUIRED
-#endif
-
-#ifdef ZRTP_HAVE_UINT64_T
-# if ZRTP_HAVE_UINT64_T == 0
-# if defined(WIN32) || defined(WIN64)
-# if defined(_MSC_VER) && (_MSC_VER < 1310)
- typedef __int64 uint64_t;
-# else
- typedef unsigned long long uint64_t;
-# endif
-# else
-# if SIZEOF_UNSIGNED_LONG == 8
- typedef unsigned long uint64_t;
-# elif SIZEOF_UNSIGNED_LONG_LONG == 8
- typedef unsigned long long uint64_t;
-# else
-# define ZRTP_NO_64BIT_MATH 1
-# endif
-# endif /* WIN32 */
-# endif
-#endif
-
-#ifdef ZRTP_HAVE_INT64_T
-# if ZRTP_HAVE_INT64_T == 0
-# if defined(WIN32) || defined(WIN64)
-# if defined(_MSC_VER) && (_MSC_VER < 1310)
- typedef __int64 int64_t;
-# else
- typedef long long int64_t;
-# endif
-# else
-# if SIZEOF_UNSIGNED_LONG == 8
- typedef long int64_t;
-# elif SIZEOF_UNSIGNED_LONG_LONG == 8
- typedef long long int64_t;
-# else
-# define ZRTP_NO_64BIT_MATH 1
-# endif
-# endif /* WIN32 */
-# endif
-#endif
-
-#define SIZEOF_UNSIGNED_LONG_LONG 8
-
-#if defined(WIN32) || defined(WIN64)
-# if defined(_MSC_VER) && (_MSC_VER < 1310)
-# define li_64(h) 0x##h##ui64
-# else
-# define li_64(h) 0x##h##ull
-# endif
-#else
-# if SIZEOF_UNSIGNED_LONG == 8
-# define li_64(h) 0x##h##ul
-# elif SIZEOF_UNSIGNED_LONG_LONG == 8
-# define li_64(h) 0x##h##ull
-# else
-# define ZRTP_NO_64BIT_MATH 1
-# endif
-#endif /* WIN32 */
-
-
-#ifdef ZRTP_HAVE_UINT8_T
-# if ZRTP_HAVE_UINT8_T == 0
- typedef unsigned char uint8_t;
-# endif
-#endif
-
-#ifdef ZRTP_HAVE_UINT16_T
-# if ZRTP_HAVE_UINT16_T == 0
- typedef unsigned short int uint16_t;
-# endif
-#endif
-
-#ifdef ZRTP_HAVE_UINT32_T
-# if ZRTP_HAVE_UINT32_T == 0
- typedef unsigned int uint32_t;
-# endif
-#endif
-
-#ifdef ZRTP_HAVE_INT8_T
-# if ZRTP_HAVE_INT8_T == 0
- typedef char int8_t;
-# endif
-#endif
-
-#ifdef ZRTP_HAVE_INT16_T
-# if ZRTP_HAVE_INT16_T == 0
- typedef short int int16_t;
-# endif
-#endif
-
-#ifdef ZRTP_HAVE_INT32_T
-# if ZRTP_HAVE_INT32_T == 0
- typedef int int32_t;
-# endif
-#endif
-
-#endif /*__ZRTP_CONFIG_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef ZRTP_SYMB_CONFIG_H__
-#define ZRTP_SYMB_CONFIG_H__
-
-#ifndef ZRTP_HAVE_STDIO_H
-# define ZRTP_HAVE_STDIO_H 1
-#endif
-
-#ifndef ZRTP_HAVE_STDARG_H
-# define ZRTP_HAVE_STDARG_H 1
-#endif
-
-
-#ifndef NO_ASSERT_H
-# define NO_ASSERT_H 1
-#endif
-
-#ifndef NO_STDLIB_H
-# define NO_STDLIB_H 0
-#endif
-//#define ZRTP_HAVE_INTTYPES_H 1
-#ifndef ZRTP_HAVE_UNISTD_H
-# define ZRTP_HAVE_UNISTD_H 1
-#endif
-
-#ifndef ZRTP_HAVE_PTHREAD_H
-# define ZRTP_HAVE_PTHREAD_H 1
-#endif
-
-#ifndef ZRTP_HAVE_SEMAPHORE_H
-#define ZRTP_HAVE_SEMAPHORE_H 1
-#endif
-
-#ifndef ZRTP_HAVE_ERRNO_H
-#define ZRTP_HAVE_ERRNO_H 1
-#endif
-
-#ifndef ZRTP_HAVE_FCNTL_H
-#define ZRTP_HAVE_FCNTL_H 1
-#endif
-
-#ifndef ZRTP_HAVE_SYS_TIME_H
-# define ZRTP_HAVE_SYS_TIME_H 1
-#endif
-
-
-#ifndef ZRTP_HAVE_SYS_TYPES_H
-# define ZRTP_HAVE_SYS_TYPES_H 1
-#endif
-
-
-#ifndef ZRTP_HAVE_INTTYPES_H
-# define ZRTP_HAVE_INTTYPES_H 1
-#endif
-
-#ifndef ZRTP_HAVE_STDINT_H
-# define ZRTP_HAVE_STDINT_H 1
-#endif
-
-#ifndef ZRTP_HAVE_LINUX_VERSION_H
-# define ZRTP_HAVE_LINUX_VERSION_H 0
-#endif
-
-
-// (ZRTP_PLATFORM == ZP_ANDROID)
-
-
-#define ZRTP_HAVE_INT64_T 1
-#define ZRTP_HAVE_INT32_T 1
-#define ZRTP_HAVE_INT16_T 1
-#define ZRTP_HAVE_INT8_T 1
-
-#define ZRTP_HAVE_UINT64_T 1
-#define ZRTP_HAVE_UINT32_T 1
-#define ZRTP_HAVE_UINT16_T 1
-#define ZRTP_HAVE_UINT8_T 1
-
-#define ZRTP_BYTE_ORDER ZBO_LITTLE_ENDIAN
-
-#define SIZEOF_UNSIGNED_LONG 4
-#define SIZEOF_UNSIGNED_LONG_LONG 8
-
-#define ZRTP_INLINE inline
-
-#define ZRTP_USE_BUILTIN_CACHE 1
-#define ZRTP_USE_BUILTIN_SCEHDULER 1
-#undef ZRTP_USE_STACK_MINIM
-#define ZRTP_USE_STACK_MINIM 1
-#define ALIGNMENT_32BIT_REQUIRED
-
-#endif /* ZRTP_WIN_CONFIG_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef ZRTP_SYMB_CONFIG_H__
-#define ZRTP_SYMB_CONFIG_H__
-
-
-/*
- * Used to map system integer types to zrtp integer definitions.
- * Define to 1 if you have the <inttypes.h> header file.
- */
-#undef ZRTP_HAVE_INTTYPES_H
-
-/*
- * This header is needed for operations with binary file in deefault realization
- * of the secrets' cache. Can be eliminated if default cache isn't used.
- * Define to 1 if you have the <stdio.h> header file.
- */
-#ifndef ZRTP_HAVE_STDIO_H
-# define ZRTP_HAVE_STDIO_H 1
-#endif
-
-#ifndef ZRTP_HAVE_STDARG_H
-# define ZRTP_HAVE_STDARG_H 1
-#endif
-
-/*
- * Used by bnlib, but we don't need this on Symbian platform.
- */
-#ifndef NO_ASSERT_H
-# define NO_ASSERT_H 1
-#endif
-
-/*
- * Used by bnlib. We have stdlib in Symbian platform - set it to 1.
- */
-#ifndef NO_STDLIB_H
-# define NO_STDLIB_H 0
-#endif
-
-#ifndef ZRTP_HAVE_SYS_TIME_H
-# define ZRTP_HAVE_SYS_TIME_H 1
-#endif
-
-
-#define ZRTP_HAVE_INT64_T 0
-#define ZRTP_HAVE_INT32_T 0
-#define ZRTP_HAVE_INT16_T 0
-#define ZRTP_HAVE_INT8_T 0
-
-#define ZRTP_HAVE_UINT64_T 0
-#define ZRTP_HAVE_UINT32_T 0
-#define ZRTP_HAVE_UINT16_T 0
-#define ZRTP_HAVE_UINT8_T 0
-
-#define ZRTP_BYTE_ORDER ZBO_BIG_ENDIAN
-
-#define SIZEOF_UNSIGNED_LONG 4
-#define SIZEOF_UNSIGNED_LONG_LONG 8
-
-#define ZRTP_INLINE static __inline
-
-#endif /* ZRTP_WIN_CONFIG_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-/**
- * @file zrtp_config_user.h
- * @brief libzrtp user configuration routine
- */
-
-#ifndef __ZRTP_CONFIG_USER_H__
-#define __ZRTP_CONFIG_USER_H__
-
-/**
- * \defgroup zrtp_config Build Configuration
- * \{
- *
- * As libzrtp based on few OS dependent components, target platform and byte-order must be defined
- * on compilation level. libzrtp provides automatic platform and byte-order detection. Developer
- * needs to define these parameters manually in very specific cases only.
- *
- * libzrtp originaly supports folowwing platforms:
- * - 32/64-bit Windows platform;
- * - Windows kernel mode;
- * - Apple Mac OS X and iPhone;
- * - Linux and *nix platforms;
- * - Symbian OS.
- *
- * In order to specify platform manually, developer should define ZRTP_PLATFORM value. If
- * ZRTP_PLATFORM is not defined - libzrtp will try to detect it automatically (see zrtp_config.h).
- *
- * In order to specify platform byte-order manually, developer should define ZRTP_BYTE_ORDER value.
- * If ZRTP_BYTE_ORDER is not defined - libzrtp will try to detect it automatically.
- */
-
-/** \brief Constant to define ZRTP Windows 32-bit platform */
-#define ZP_WIN32 100
-/** \brief Constant to define ZRTP Windows 64-bit platform */
-#define ZP_WIN64 106
-/** \brief Constant to define ZRTP Windows Kernel mode */
-#define ZP_WIN32_KERNEL 101
-/** \brief Constant to define ZRTP Windows CE platform */
-#define ZP_WINCE 102
-/** \brief Constant to define Linux and *nux platforms */
-#define ZP_LINUX 103
-/** \brief Constant to define Mac OS X Platform */
-#define ZP_DARWIN 104
-/** \brief Constant to define Symbian OS */
-#define ZP_SYMBIAN 105
-/** \brief Constant to define ZRTP BSD platform */
-#define ZP_BSD 107
-/** \brief Constant to define ZRTP Android platform */
-#define ZP_ANDROID 108
-
-/** \brief Define Platform manually there */
-//#undefine ZRTP_PLATFORM
-
-
-/** \brief Constant to define Big Endian Platform */
-#define ZBO_BIG_ENDIAN 0x4321
-/** \brief Constant to define Little Endian Platform */
-#define ZBO_LITTLE_ENDIAN 0x1234
-
-/** \brief Define Platform Byte Order manually there */
-//#define ZRTP_BYTE_ORDER
-
-/** \brief Defines the max length in bytes of a binary SAS digest */
-#ifndef ZRTP_SAS_DIGEST_LENGTH
-#define ZRTP_SAS_DIGEST_LENGTH 32
-#endif
-
-/** \brief Defines maximum number of ZRTP streams within one session */
-#ifndef ZRTP_MAX_STREAMS_PER_SESSION
-#define ZRTP_MAX_STREAMS_PER_SESSION 2
-#endif
-
-/**
- * \brief Allows to build libzrtp against external srtp encryption library
- *
- * The latest version of libzrtp, starting with 0.3.9, supplies a built-in mechanism for SRTP
- * encryption. However, if for some reason during development it is neccesary to use an external
- * library, this flag must be set.
- */
-#ifndef ZRTP_USE_EXTERN_SRTP
-#define ZRTP_USE_EXTERN_SRTP 0
-#endif
-
-/**
- * \brief Build libzrtp with minimum stack usage
- *
- * Set to 1 you build libzrtp in environment with strong limitation of stack size (Mobile platforms
- * or in kernel mode). When this flag is set, some static data allocation will be changed to
- * dynamic. The size of these data doesn't matter in "regular" PC applications, but on mobile
- * platforms and in kernel mode, where the stack size is critical, libzrtp must work with optimized
- * data.
- */
-#ifndef ZRTP_USE_STACK_MINIM
-#define ZRTP_USE_STACK_MINIM 0
-#endif
-
-#ifndef ZRTP_USE_BUILTIN
-#define ZRTP_USE_BUILTIN 1
-#endif
-
-#ifndef ZRTP_USE_BUILTIN_SCEHDULER
-#define ZRTP_USE_BUILTIN_SCEHDULER 1
-#endif
-
-#ifndef ZRTP_USE_BUILTIN_CACHE
-# if defined(_WIN32) || defined(__WIN32__) || defined(_WIN64) || defined(WIN32) || defined(__TOS_WIN__)
-# if defined(__BUILDMACHINE__) && (__BUILDMACHINE__ == WinDDK)
-# define ZRTP_USE_BUILTIN_CACHE 1
-# else
-# define ZRTP_USE_BUILTIN_CACHE 0
-# endif
-# else
-# define ZRTP_USE_BUILTIN_CACHE 1
-# endif
-#endif
-
-#ifndef ZRTP_DEBUG_WITH_PJSIP
-#define ZRTP_DEBUG_WITH_PJSIP 0
-#endif
-
-/**
- * \brief Set to 1 if you build libzrtp against libzrtp-s.
- *
- * CSD-mode was implemented to support new ZRTP/S protocol designed by KHAMSA SA, Via Giacometti 1,
- * CH-6900, Lugano - info@khamsa.ch. and Phil Zimmermann. ZRTP/S allows to make secure ZRTP calls
- * over CSD channels. This option affect enterprise version of the library only.
- */
-#ifndef ZRTP_BUILD_FOR_CSD
-#define ZRTP_BUILD_FOR_CSD 0
-#endif
-
-/**
- * \brief Maximum number of Preshared exchanges allowed since last retain secret update
- *
- * Preshared key exchange mode has lot of weaknesses comparing to DH. And one of them - lack of key
- * continuity. Preshared mode is not recommended unless there is a strong necessity in using it
- * (slow CPU device, low-latency channel).
- *
- * To minimize risk of using Preshared exchanges, libzrtp automatically limits number for preshared
- * connection available for the same instance of RS value. In other words, libzrtp forces DH exchange
- * every \c ZRTP_PRESHARED_MAX_ALLOWED calls.
- */
-#define ZRTP_PRESHARED_MAX_ALLOWED 20
-
-/**
- * \brief Defines libzrtp log-level
- *
- * Defines maximum log level for libzrtp: log-level 3 contains debug messages, 2 - warnings and
- * software errors, 1 - security issues. If you set this option to 0 - libzrtp will not debug
- * output and will not even make a log function calls.
- */
-#ifndef ZRTP_LOG_MAX_LEVEL
-#define ZRTP_LOG_MAX_LEVEL 3
-#endif
-
-/**
- * \brief Enables SRTP debug output
- *
- * \warning! ZRTP crypto debug logs may include security sensitive information and cause security
- * weakness in the system. Enable SRTP debug logging only when it necessary.
- */
-#ifndef ZRTP_DEBUG_SRTP_KEYS
-#define ZRTP_DEBUG_SRTP_KEYS 0
-#endif
-
-/**
- * \brief Enables ZRTP Crypto debug logging.
- *
- * \warning! ZRTP crypto debug logs may include security sensitive information and cause security
- * weakness in the system. Enable ZRTP Protocol debug logging only when it necessary.
- */
-#ifndef ZRTP_DEBUG_ZRTP_KEYS
-#define ZRTP_DEBUG_ZRTP_KEYS 0
-#endif
-
-
-/* \} */
-
-#endif /*__ZRTP_CONFIG_USER_H__*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef ZRTP_WIN_CONFIG_H__
-#define ZRTP_WIN_CONFIG_H__
-
-#define _CRT_SECURE_NO_WARNINGS 1
-#pragma warning(disable: 4068)
-
-#if !(defined(__BUILDMACHINE__) && __BUILDMACHINE__ == WinDDK)
-#include <Windows.h>
-#endif
-
-/*
- * Used to map system integer types to zrtp integer definitions.
- * Define to 1 if you have the <inttypes.h> header file.
- */
-#undef ZRTP_HAVE_INTTYPES_H
-
-#define ZRTP_HAVE_STRING_H 1
-
-/*
- * This header is needed for operations with binary file in deefault realization
- * of the secrets' cache. Can be eliminated if default cache isn't used.
- * Define to 1 if you have the <stdio.h> header file.
- */
-#ifndef ZRTP_HAVE_STDIO_H
-# define ZRTP_HAVE_STDIO_H 1
-#endif
-
-#ifndef ZRTP_HAVE_STDARG_H
-# define ZRTP_HAVE_STDARG_H 1
-#endif
-
-/*
- * Used by bnlib, but we don't need this on Windows platform.
- */
-#ifndef NO_ASSERT_H
- #define NO_ASSERT_H 1
-#endif
-
-/*
- * Used by bnlib. We have stdlib in any Windows platform - set it to 1.
- */
-#ifndef NO_STDLIB_H
- #define NO_STDLIB_H 0
-#endif
-
-
-#define ZRTP_HAVE_INT64_T 0
-#define ZRTP_HAVE_INT32_T 0
-#define ZRTP_HAVE_INT16_T 0
-#define ZRTP_HAVE_INT8_T 0
-
-#define ZRTP_HAVE_UINT64_T 0
-#define ZRTP_HAVE_UINT32_T 0
-#define ZRTP_HAVE_UINT16_T 0
-#define ZRTP_HAVE_UINT8_T 0
-
-#define SIZEOF_UNSIGNED_LONG 4
-#define SIZEOF_UNSIGNED_LONG_LONG 8
-
-#define ZRTP_INLINE static __inline
-
-#define ZRTP_VERSION "0.90"
-
-
-#endif /* ZRTP_WIN_CONFIG_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_CRYPTO_H__
-#define __ZRTP_CRYPTO_H__
-
-#include "bn.h"
-#include "zrtp_types.h"
-#include "zrtp_error.h"
-#include "zrtp_engine.h"
-#include "zrtp_config_user.h"
-#include "zrtp_ec.h"
-
-
-
-/*!
- * \defgroup crypto Library crypto-components
- * \ingroup zrtp_dev
- *
- * This section describes functions and data types for managing crypto-components.
- * All these functions and structures are used by the libZRTP kernel for the
- * built-in crypt-components management. The developer has the option of
- * implementing and integrating her own components into the library. This is not
- * a full manual on creating crypto-components. Its purpose is only to elucidate
- * the library functionality.
- *
- * The concept behind crypto components is similar to that of classes in object
- * oriented programming. The components are defined as structures and
- * manipulated by functions. Component attributes are stored in 'contexts', and
- * are defined during initialization. Resources allocated at initialization are
- * freed with the 'free' function.
- *
- * Components are divided into 5 functional groups (component types):
- * - ciphers;
- * - hash/hmac components;
- * - public key exchange schemes;
- * - components defined SRTP authentication scheme;
- * - SAS calculation schemes.
- * Within a group, components are distinguished by integer identifiers and by
- * their defined functionality. So to fully identify a component, you need to
- * know its type and its identifier. (For example an AES cipher with a 128 bit
- * key is defined as: ZRTP_CC_CIPHER, zrtp_cipher_id_t::ZRTP_CIPHER_AES128).
- * The high number of components means that every component must have a minimal
- * set of attributes and functions: type identifier, and function initialization
- * and deinitialization. The base type of all components is zrtp_comp_t. Every
- * new component MUST start with definitions of this structure strictly in the
- * given order.
- * \warning
- * Every crypto-component included in libZRTP was developed and tested by
- * professionals. Its presence is functionally based. Using only the built-in
- * components gives you 100% crypto-strength and the guarantee of the fully
- * tested code. Never use your own components without strong reasons. If you
- * have noticed the absence of any important component in the library, contact
- * the developers. Reasonable offers will be considered for implementation in
- * the following versions.
- * \{
- */
-
-
-/*============================================================================*/
-/* Types of libZRTP crypto-components definitions */
-/*============================================================================*/
-
-/*!
- * \brief Enumeration for crypto-components types definition
- */
-typedef enum zrtp_crypto_comp_t
-{
- ZRTP_CC_HASH = 1, /*!< hash calculation schemes */
- ZRTP_CC_SAS = 2, /*!< short autentification scheme components */
- ZRTP_CC_CIPHER = 3, /*!< ciphers */
- ZRTP_CC_PKT = 4, /*!< public key exchange scheme */
- ZRTP_CC_ATL = 5,
-}zrtp_crypto_comp_t;
-
-
-/*!
- * This ID with code 0 is used as an error signal by all crypto-components
- * groups to indicate a wrongly defined component identifier.
- */
-#define ZRTP_COMP_UNKN 0
-
-/*! Defines types of hash functions */
-typedef enum zrtp_hash_id_t
-{
- ZRTP_HASH_SHA256 = 1,
- ZRTP_HASH_SHA384 = 2
-} zrtp_hash_id_t;
-
-/*! Defines types of ciphers */
-typedef enum zrtp_cipher_id_t
-{
- ZRTP_CIPHER_AES128 = 1,
- ZRTP_CIPHER_AES256 = 2
-} zrtp_cipher_id_t;
-
-/*! Defines SRTP authentication schemes */
-typedef enum zrtp_atl_id_t
-{
- ZRTP_ATL_HS32 = 1,
- ZRTP_ATL_HS80 = 2
-} zrtp_atl_id_t;
-
-/*! Defines public key exchange schemes */
-/* WARNING! don't change order of the PK components definitions! */
-typedef enum zrtp_pktype_id_t
-{
- ZRTP_PKTYPE_PRESH = 1,
- ZRTP_PKTYPE_MULT = 2,
- ZRTP_PKTYPE_DH2048 = 3,
- ZRTP_PKTYPE_EC256P = 4,
- ZRTP_PKTYPE_DH3072 = 5,
- ZRTP_PKTYPE_EC384P = 6,
- ZRTP_PKTYPE_EC521P = 7,
- ZRTP_PKTYPE_DH4096 = 8
-} zrtp_pktype_id_t;
-
-/*! Defines modes of short authentication scheme calculation */
-typedef enum zrtp_sas_id
-{
- ZRTP_SAS_BASE32 = 1,
- ZRTP_SAS_BASE256 = 2
-} zrtp_sas_id_t;
-
-
-/*!
- * \brief Global structure for all crypto-component types.
- * \warning All developed components must have these 4 fields at the beginning.
- */
-typedef struct zrtp_comp_t
-{
- zrtp_uchar4_t type; /*!< 4-character symbolic name defined by ZRTP Draft */
- uint8_t id; /*!< Integer component identifier */
- zrtp_global_t* zrtp;/*!< ZRTP global context */
-
- /*!
- * \brief Component initiation function.
- * This function body is for holding component initialization code. libzrtp
- * calls the function before using a component, at its registration. If the
- * component does not require additional actions for initialization, the
- * value of this field can be NULL.
- * \param self - self-pointer for fast access to structure data.
- * \return
- * - zrtp_status_ok - if initialized successfully;
- * - one of \ref zrtp_status_t errors - if initialization failed.
- */
- zrtp_status_t (*init)(void* self);
-
- /*!
- * \brief Component deinitializtion function.
- * This function body is for holding component deinitialization code and
- * all code for releasing allocated resources. libzrtp calls the function
- * at the end of component use, at context deinitialization. If the component
- * does not require additional actions for deinitialization, the value of
- * this field can be NULL.
- * \param self - pointer to component structure for deinitialization.
- * \return
- * - zrtp_status_ok - if deinitialized successfully;
- * - one of \ref zrtp_status_t errors - if deinitialization failed.
- */
- zrtp_status_t (*free)(void* self);
-} zrtp_comp_t;
-
-
-/*!
- * \brief Structure for defining the hash-value computing scheme
- * The ZRTP context field zrtp_stream#_hash is initialized by the given type
- * value and used for all hash calculations within the ZRTP sessions. Having
- * implemented a structure of this type, it is possible to integrate new hash
- * calculation schemes into libzrtp.
- */
-struct zrtp_hash_t
-{
- zrtp_comp_t base;
-
- /*!
- * \brief Begin hash computation with update support.
- * The following set of functions ( zrtp_hash#hash_begin, zrtp_hash#hash_update,
- * zrtp_hash#hash_end) implements a standard hash calculation scheme with
- * accumulation. The functions perform the required actions to start
- * calculations and to allocate hash-contexts for preserving intermediate
- * results and other required information. The allocated context will be
- * passed-to by the subsequent calls zrtp_hash#hash_update and zrtp_hash#hash_end.
- * \param self - self-pointer for fast access to structure data
- * \return
- * - pointer to allocated hash-context if successful;
- * - NULL if error.
- */
- void* (*hash_begin)(zrtp_hash_t *self);
-
- /*!
- * \brief Process more input data for hash calculation
- * This function is called in the hash-building chain to obtain additional
- * data that it then processes and recalculates intermediate values.
- * \param self - self-pointer for fast access to structure data;
- * \param ctx - hash-context for current hash-value calculation;
- * \param msg - additional source data for processing;
- * \param length - length of additional data in bytes.
- * \return
- * - zrtp_status_ok - if successfully processed;
- * - one of \ref zrtp_status_t errors - if error.
- */
- zrtp_status_t (*hash_update)( zrtp_hash_t *self,
- void *ctx,
- const int8_t*msg,
- uint32_t length );
-
- /*!
- * \brief Completes the computation of the current hash-value
- * This function completes the computation of the hash-value with accumul.
- * After completion, the hash-context previously allocated by the call to
- * zrtp_hash#hash_begin, must be destroyed. The size of the calculated
- * value must be kept in the parameter digest field zrtp_string#length.
- * \param self - self-pointer for fast access to structure data;
- * \param ctx - hash-context for current hash-value calculation;
- * \param digest - buffer for storing result.
- * \return
- * - zrtp_status_ok - if computing finished successfully;
- * - one of \ref zrtp_status_t errors - if error.
- */
- zrtp_status_t (*hash_end)( zrtp_hash_t *self,
- void *ctx,
- zrtp_stringn_t *digest );
-
- /*!
- * \brief Calculate hash-value for current message
- * This function implicitly calls the previous 3 functions. The only
- * difference is that initial data for hash value construction is gathered
- * in a single buffer and is passed to the function in the \c msg argument.
- * The calculated value size must be stored in the digest zrtp_string#length
- * parameter
- * \param self - self-pointer for fast access to structure data;
- * \param msg - source data buffer for hash computing;
- * \param digest - buffer for storing result.
- * \return
- * - zrtp_status_ok - if computing finished successfully;
- * - one of \ref zrtp_status_t errors - if error.
- */
- zrtp_status_t (*hash)( zrtp_hash_t *self,
- const zrtp_stringn_t *msg,
- zrtp_stringn_t *digest );
-
- /*! \brief Analogue of zrtp_hash::hash for C-string */
- zrtp_status_t (*hash_c)( zrtp_hash_t *self,
- const char* msg,
- uint32_t msg_len,
- zrtp_stringn_t *digest );
-
- /*!
- * \brief HASH self-test.
- * This function implements hmac self-tests using pre-defined test vectors.
- * \param self - self-pointer for fast access to structure data;
- * \return
- * - zrtp_status_ok - if tests have been passed successfully;
- * - one of \ref zrtp_status_t errors - if one or more tests have
- * failed.
- */
- zrtp_status_t (*hash_self_test)(zrtp_hash_t *self);
-
-
- /*!
- * \brief Begin HMAC computation with update support.
- * The zrtp_hash#hmac_begin, zrtp_hash#hmac_update and zrtp_hash#hmac_end
- * functions implement the HMAC calculation scheme with accumulation. The
- * function performs all actions required before beginning the calculation
- * and allocates a hash-context to store intermediate values. The allocated
- * hash-context will be passed to successive hash_update and hash_end calls
- * \param self - self-pointer for fast access to structure data;
- * \param key - secret key for hmac-value protection.
- * \return
- * - pointer to allocated hmac-context if successful;
- * - NULL - if error.
- */
- void* (*hmac_begin)(zrtp_hash_t *self, const zrtp_stringn_t *key);
-
- /*! \brief Analogue of zrtp_hash::hmac_begin for C-string */
- void* (*hmac_begin_c)(zrtp_hash_t *self, const char *key, uint32_t length);
-
- /*!
- * \brief Process more input data for HMAC calculation
- * This function is called to transfer additional data to the HMAC hash-
- * calculation. Processes new data and recalculates intermediate values.
- * \param self - self-pointer for fast access to structure data;
- * \param ctx - hmac-context for current hmac-value calculation;
- * \param msg - additional source data for processing;
- * \param length - additional data length in bytes.
- * \return
- * - zrtp_status_ok - if successfully processed;
- * - one of \ref zrtp_status_t errors - if error.
- */
- zrtp_status_t (*hmac_update)( zrtp_hash_t *self,
- void *ctx,
- const char *msg,
- uint32_t length );
-
- /*!
- * \brief Complete current HMAC-value computation
- * This function completes the hmac calculation. After the final iteration
- * \a the hash_context allocated by zrtp_hash#hmac_begin is destroyed. The
- * argument \c len holds the HMAC size. If the buffer contains more than \c
- * length characters then only the first \c length are copied to \c digest.
- * The calculated value size is stored in the digest parameter length.
- * \param self - self-pointer for fast access to structure data;
- * \param ctx - hmac-context for current hmac-value calculation;
- * \param digest - buffer for storing result;
- * \param len - required hmac-value size.
- * \return
- * - zrtp_status_ok - if computing finished successfully;
- * - one of \ref zrtp_status_t errors - if error.
- */
- zrtp_status_t (*hmac_end)( zrtp_hash_t *self,
- void *ctx,
- zrtp_stringn_t *digest,
- uint32_t len);
-
- /*!
- * \brief Calculate hmac-value for current message
- * The function implicitly calls the previous 3 functions
- * (zrtp_hash#hmac_begin, zrtp_hash#hmac_update and zrtp_hash#hmac_end). The
- * difference is that the initial data for hash value construction is
- * gathered in a single buffer and is passed to the function in the \a msg
- * argument. The calculated value size must be stored in the \a digest
- * zrtp_string#length parameter
- * \param self - self-pointer for fast access to structure data;
- * \param key - key for protecting hmac;
- * \param msg - source data buffer for hash computing;
- * \param digest - buffer for storing result.
- * \return
- * - zrtp_status_ok - if computing finished successfully;
- * - one of \ref zrtp_status_t errors - if error.
- */
- zrtp_status_t (*hmac)( zrtp_hash_t *self,
- const zrtp_stringn_t *key,
- const zrtp_stringn_t *msg,
- zrtp_stringn_t *digest );
-
- /*! \brief Analogue of zrtp_hash::hmac for C-string */
- zrtp_status_t (*hmac_c)( zrtp_hash_t *self,
- const char *key,
- const uint32_t key_len,
- const char *msg,
- const uint32_t msg_len,
- zrtp_stringn_t *digest );
-
- /*!
- * \brief Truncated Hmac-calculation version
- * This function acts just like the previous \a hmac except it returns the
- * first \a length bytes of the calculated value in the digest.
- * \param self - self-pointer for fast access to structure data;
- * \param key - key for hmac protection;
- * \param msg - source data buffer for hash computing;
- * \param digest - buffer for storing result;
- * \param len - required hmac-value size.
- * \return
- * - zrtp_status_ok - if computed successfully;
- * - one of \ref zrtp_status_t errors - if error.
- */
- zrtp_status_t (*hmac_truncated)( zrtp_hash_t *self,
- const zrtp_stringn_t *key,
- const zrtp_stringn_t *msg,
- uint32_t len,
- zrtp_stringn_t *digest );
-
- /*! \brief Analogue of zrtp_hash::hmac_truncated for C-string */
- zrtp_status_t (*hmac_truncated_c)( zrtp_hash_t *self,
- const char *key,
- const uint32_t key_len,
- const char *msg,
- const uint32_t msg_len,
- uint32_t necessary_len,
- zrtp_stringn_t *digest );
-
- /*!
- * \brief HMAC self-test.
- * This function implements the hmac self-tests using pre-defined test vectors.
- * \param self - self-pointer for fast access to structure data; .
- * \return
- * - zrtp_status_ok - if tests have passed successfully;
- * - one of \ref zrtp_status_t errors - if one or more tests have failed.
- */
- zrtp_status_t (*hmac_self_test)( zrtp_hash_t *self);
-
- uint32_t digest_length;
- uint32_t block_length;
- mlist_t mlist;
-};
-
-
-/*!
- * \brief Structure for defining the SRTP authentication scheme
- * The ZRTP context field zrtp_stream#_authtaglength is initialized by the
- * given type value and used for SRTP encryption configuration.
- */
-struct zrtp_auth_tag_length_t
-{
- zrtp_comp_t base;
- uint32_t tag_length;
- mlist_t mlist;
-};
-
-
-/**
- * @brief Structure for describing the public key scheme
- * The ZRTP context field zrtp_stream#_pubkeyscheme is initialized by the given
- * type value and used by libzrtp in public key exchange.
- */
-struct zrtp_pk_scheme_t
-{
- zrtp_comp_t base;
-
- /** Generate Diffie-Hellman secret value and Calculate public value */
- zrtp_status_t (*initialize)( zrtp_pk_scheme_t *self,
- zrtp_dh_crypto_context_t *dh_cc );
-
- /** Calculate Diffie-Hellman result (ZRTP Internet Draft) */
- zrtp_status_t (*compute)( zrtp_pk_scheme_t *self,
- zrtp_dh_crypto_context_t *dh_cc,
- struct BigNum *dhresult,
- struct BigNum *pv);
-
- /** Validate Diffie-Hellman public value */
- zrtp_status_t (*validate)(zrtp_pk_scheme_t *self, struct BigNum *pv);
-
- /** Diffie-Hellman self-test routine. */
- zrtp_status_t (*self_test)(zrtp_pk_scheme_t *self);
-
- /** Diffie-Hellman secret value size in bytes */
- uint32_t sv_length;
-
- /** Diffie-Hellman public value size in bytes */
- uint32_t pv_length;
-
- mlist_t mlist;
-};
-
-
-/*!
- * \brief Structure for defining SAS generation scheme
- * The type of the ZRTP context's field zrtp_stream#_sasscheme. It is used
- * to generate short authentication strings. LibZRTP functionality can be augmented
- * with a new SAS scheme by supplying your own instance of zrtp_sas_scheme.
- */
-struct zrtp_sas_scheme_t
-{
- zrtp_comp_t base;
-
- /*!
- * \brief Generate short authentication strings
- * This function computes SAS values according to the specified scheme. It
- * can use base32 or base256 algorithms. It stores the generated SAS values
- * as a zrtp_sas_values_t structure (string and binary representation).
- * \param self - self-pointer for fast access to structure data;
- * \param session - ZRTP session context for additional data;
- * \param hash - hmac component to be used for SAS calculation;
- * \param is_transferred - if this flag is equal to 1 new SAS value should
- * not be computed. It is already in sas->bin buffer and rendering only
- * is required.
- * \return
- * - zrtp_status_ok - if generation successful;
- * - one of zrtp_status_t errors - if generation failed.
- */
- zrtp_status_t (*compute)( zrtp_sas_scheme_t *self,
- zrtp_stream_t *stream,
- zrtp_hash_t *hash,
- uint8_t is_transferred );
-
- mlist_t mlist;
-};
-
-
-#include "aes.h"
-
-/*! Defines block cipher modes. */
-typedef enum zrtp_cipher_mode_values_t
-{
- ZRTP_CIPHER_MODE_CTR = 1,
- ZRTP_CIPHER_MODE_CFB = 2
-} zrtp_cipher_mode_values_t;
-
-typedef struct zrtp_cipher_mode_t
-{
- uint8_t mode;
-} zrtp_cipher_mode_t;
-
-
-/* \brief Structure for cipher definition */
-struct zrtp_cipher_t
-{
- zrtp_comp_t base;
-
- /*!
- * \brief Start cipher.
- * This function performs all actions necessary to allocate the cipher context
- * for holding intermediate results and other required information. The allocated
- * context should be related to the given key. It will be passed to the
- * zrtp_cipher#set_iv, zrtp_cipher#encrypt and zrtp_cipher#decrypt functions.
- * \param self - self-pointer for fast access to structure data;
- * \param key - cipher key;
- * \param extra_data - additional data necessary for cipher initialization;
- * \param mode - cipher mode (one of \ref zrtp_cipher_mode_values_t values).
- * \return
- * - pointer to allocated cipher context;
- * - NULL if error.
- */
- void* (*start)( zrtp_cipher_t *self,
- void *key,
- void *extra_data, uint8_t mode );
-
- /*!
- * \brief Set Initialization Vector.
- * Function resets the previous state of the cipher context and sets the new IV.
- * \param self - self-pointer for fast access to structure data;
- * \param cipher_ctx - cipher context for current key value;
- * \param iv - new initialization vector value.
- * \return
- * - zrtp_status_ok - if vector has been set successfully;
- * - one of \ref zrtp_status_t errors - if operation failed.
- */
- zrtp_status_t (*set_iv)( zrtp_cipher_t *self,
- void *cipher_ctx,
- zrtp_v128_t *iv );
-
- /*!
- * \brief Encrypt data.
- * Implements the encryption engine.
- * \param self - self-pointer for fast access to structure data;
- * \param cipher_ctx - cipher context for current key value;
- * \param buf - buffer with data for encryption. If successful this
- * buffer contains the resulting encrypted text;
- * \param len - length of plain/encrypted data.
- * \return
- * - zrtp_status_ok - if data has been encrypted successfully;
- * - one of \ref zrtp_status_t errors - if encryption failed.
- */
- zrtp_status_t (*encrypt)( zrtp_cipher_t *self,
- void *cipher_ctx,
- unsigned char *buf,
- int len );
-
- /*!
- * \brief Decrypt data.
- * Implements the decryption engine.
- * \param self - self-pointer for fast access to structure data;
- * \param cipher_ctx - cipher context for current key value;
- * \param buf - buffer with data for decryption. If successful this buffer
- * contains the resulting plain text;
- * \param len - length of encrypted/plain data.
- * \return
- * - zrtp_status_ok - if data has been decrypted successfully;
- * - one of \ref zrtp_status_t errors - if decryption failed.
- */
- zrtp_status_t (*decrypt)( zrtp_cipher_t *self,
- void *cipher_ctx,
- unsigned char *buf,
- int len );
-
- /*!
- * \brief Cipher self-test.
- * Implements cipher self-tests using pre-defined test vectors.
- * \param self - self-pointer for fast access to structure data;
- * \param mode - cipher mode (one of \ref zrtp_cipher_mode_values_t values).
- * \return
- * - zrtp_status_ok - if tests have passed successfully;
- * - one of \ref zrtp_status_t errors - if one or more tests have failed.
- */
- zrtp_status_t (*self_test)(zrtp_cipher_t *self, uint8_t mode);
-
- /*!
- * \brief Destroy cipher context.
- * Deallocs the cipher context previously allocated by a call to zrtp_cipher#start.
- * \param self - self-pointer for fast access to structure data;
- * \param cipher_ctx - cipher context for current key value.
- * \return
- * - zrtp_status_ok - if the context has been deallocated
- * successfully;
- * - one of \ref zrtp_status_t errors - if deallocation failed.
- */
- zrtp_status_t (*stop)(zrtp_cipher_t *self, void* cipher_ctx);
-
- mlist_t mlist;
-};
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-
-/*============================================================================*/
-/* Crypto-components management Private part */
-/*============================================================================*/
-
-
-/*!
- * \brief Destroy components buffer
- * This function clears the list of components of the specified type, destroys
- * all components and releases all allocated resources. It is used on libzrtp
- * down. zrtp_comp_done calls zrtp_comp_t#free() if it isn't NULL.
- * \param zrtp - the ZRTP global context where components are stored;
- * \param type - specifies the component pool type for destroying.
- * \return
- * - zrtp_status_ok - if clearing successful;
- * - zrtp_status_fail - if error.
- */
-zrtp_status_t zrtp_comp_done(zrtp_crypto_comp_t type, zrtp_global_t* zrtp);
-
-/*!
- * \brief Registering a new crypto-component
- * Correctness of values in the necessary structure is the developer's
- * responsibility. zrtp_comp_register calls zrtp_comp_t#init() if it isn't NULL.
- * \param type - type of registred component;
- * \param comp - registered crypto-component;
- * \param zrtp - the ZRTP global context where components are stored.
- * \return
- * - zrtp_status_ok if registration successful;
- * - zrtp_status_fail if error (conflicts with other components).
- */
-zrtp_status_t zrtp_comp_register( zrtp_crypto_comp_t type,
- void *comp,
- zrtp_global_t* zrtp);
-
-/*!
- * \brief Search component by ID
- * \param type - type of sought component;
- * \param zrtp - the ZRTP global context where components are stored;
- * \param id - integer identifier of the necessary element.
- * \return
- * - the found structure if successful;
- * - NULL if the element with the specified ID can't be found or
- * other error.
- */
-void* zrtp_comp_find( zrtp_crypto_comp_t type,
- uint8_t id,
- zrtp_global_t* zrtp);
-
-
-/*! Converts a component's integer ID to a symbolic ZRTP name */
-char* zrtp_comp_id2type(zrtp_crypto_comp_t type, uint8_t id);
-
-/*! Converts a component's ZRTP symbolic name to an integer ID */
-uint8_t zrtp_comp_type2id(zrtp_crypto_comp_t type, char* name);
-
-
-/*! \} */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /*__ZRTP_CRYPTO_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- */
-
-#ifndef __ZRTP_CRYPTO_EC_H__
-#define __ZRTP_CRYPTO_EC_H__
-
-#include "bn.h"
-
-#include "zrtp_config.h"
-#include "zrtp_types.h"
-#include "zrtp_error.h"
-
-#define ZRTP_MAXECBITS 521
-#define ZRTP_MAXECWORDS ((ZRTP_MAXECBITS+7)/8)
-
-typedef struct zrtp_ec_params
-{
- unsigned ec_bits; /* # EC bits: 256, 384, 521 */
- uint8_t P_data[ZRTP_MAXECWORDS]; /* curve field prime */
- uint8_t n_data[ZRTP_MAXECWORDS]; /* curve order (# points) */
- uint8_t b_data[ZRTP_MAXECWORDS]; /* curve param, y^3 = x^2 -3x + b */
- uint8_t Gx_data[ZRTP_MAXECWORDS]; /* curve point, x coordinate */
- uint8_t Gy_data[ZRTP_MAXECWORDS]; /* curve point, y coordinate */
-} zrtp_ec_params_t;
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/*============================================================================*/
-/* Elliptic Curve library */
-/*============================================================================*/
-
-int zrtp_ecAdd ( struct BigNum *rsltx,
- struct BigNum *rslty,
- struct BigNum *p1x,
- struct BigNum *p1y,
- struct BigNum *p2x,
- struct BigNum *p2y,
- struct BigNum *mod);
-
-int zrtp_ecMul ( struct BigNum *rsltx,
- struct BigNum *rslty,
- struct BigNum *mult,
- struct BigNum *basex,
- struct BigNum *basey,
- struct BigNum *mod);
-
-zrtp_status_t zrtp_ec_random_point( zrtp_global_t *zrtp,
- struct BigNum *P,
- struct BigNum *n,
- struct BigNum *Gx,
- struct BigNum *Gy,
- struct BigNum *pkx,
- struct BigNum *pky,
- struct BigNum *sv,
- uint8_t *test_sv_data,
- size_t test_sv_data_len);
-
-extern zrtp_status_t zrtp_ec_init_params(struct zrtp_ec_params *params, uint32_t bits );
-
-
-/* Useful bignum utility functions not defined in bignum library */
-int bnAddMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *mod);
-int bnAddQMod_ (struct BigNum *rslt, unsigned n1, struct BigNum *mod);
-int bnSubMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *mod);
-int bnSubQMod_ (struct BigNum *rslt, unsigned n1, struct BigNum *mod);
-int bnMulMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *n2, struct BigNum *mod);
-int bnMulQMod_ (struct BigNum *rslt, struct BigNum *n1, unsigned n2, struct BigNum *mod);
-int bnSquareMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *mod);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* __ZRTP_CRYPTO_EC_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-#ifndef __ZRTP_ENGINE_H__
-#define __ZRTP_ENGINE_H__
-
-#include "zrtp_config.h"
-#include "zrtp_types.h"
-#include "zrtp_crypto.h"
-
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/**
- * @defgroup engine_dev ZRTP Engine related types and functions
- * @ingroup zrtp_dev
- * \{
- */
-
-#define ZRTP_IS_STREAM_DH(stream) \
-(stream->mode == ZRTP_STREAM_MODE_DH)
-
-#define ZRTP_IS_STREAM_FAST(stream) \
-(stream->mode != ZRTP_STREAM_MODE_DH)
-
-#define ZRTP_IS_STREAM_MULT(stream) \
-(stream->mode == ZRTP_STREAM_MODE_MULT)
-
-#define ZRTP_IS_STREAM_PRESH(stream) \
-(stream->mode == ZRTP_STREAM_MODE_PRESHARED)
-
-
-/**
- * @brief Test Passive Rule N1
- * A passive endpoint never sends a Commit message. Semi-active endpoint does
- * not send a commit to a passive endpoint.
- * Return 1 if the tast have been passed successfully and 0 in other case.
- */
-#define ZRTP_PASSIVE1_TEST(stream) \
-( (ZRTP_LICENSE_MODE_UNLIMITED == stream->zrtp->lic_mode) || \
- ((ZRTP_LICENSE_MODE_ACTIVE == stream->zrtp->lic_mode) && (!stream->messages.peer_hello.pasive)) )
-
-/**
- * @brief Test Passive Rule N2
- * A passive phone, if acting as a SIP initiator (meaning it initiated the call),
- * rejects all commit packets from everyone.
- * Return 1 if the tast have been passed successfully and 0 in other case
- */
-#define ZRTP_PASSIVE2_TEST(stream) \
-( !((ZRTP_LICENSE_MODE_PASSIVE == stream->zrtp->lic_mode) && \
- (stream->session->signaling_role == ZRTP_SIGNALING_ROLE_INITIATOR)) )
-
-/**
- * @brief Test Passive Rule N3
- * A passive phone rejects all commit messages from a PBX.
- * Return 1 if the tast have been passed successfully and 0 in other case
- */
-#define ZRTP_PASSIVE3_TEST(stream) \
-( !(!stream->zrtp->is_mitm && stream->peer_mitm_flag && \
- (ZRTP_LICENSE_MODE_PASSIVE == stream->zrtp->lic_mode)) )
-
-
-/*===========================================================================*/
-/* PROTOCOL Logic */
-/*===========================================================================*/
-
-/**
- * @brief Allocate ZRTP protocol structure
- * Allocates and initializes all necessary data according to the protocol mode.
- * Initializes required DH crypto context info and generates secret IDs.
- * @param stream - stream context in which protocol should be allocated;
- * @param is_initiator - defines protocol type (1 - initiator, 0 - responder).
- * @exception SOFTWARE exceptions.
- */
-zrtp_status_t _zrtp_protocol_init( zrtp_stream_t *stream,
- uint8_t is_initiator,
- zrtp_protocol_t **proto);
-
-/**
- * @brief Release protocol structure
- * Stops all replay tasks, clears all crypto sources and SRTP engine, and
- * releases memory. The protocol should be destroyed on: stream closing, or
- * switching to CLEAR or ERROR states.
- */
-void _zrtp_protocol_destroy(zrtp_protocol_t *proto);
-
-/**
- * @brief Encrypts RTP/RTCP media
- * After switching to Secure, the protocol structure is able to encrypt
- * media using the SRTP crypto-engine.
- * @param self - self-pointer to protocol instance;
- * @param packet - media packet for encryption;
- * @param is_rtp - defines type of media for encryption; value equal to 1
- * means RTP packet, 0 - RTCP.
- * @return
- * - zrtp_status_ok - if successfully encrypted;
- * - one of zrtp_status_t errors otherwise.
- */
-zrtp_status_t _zrtp_protocol_encrypt( zrtp_protocol_t *proto,
- zrtp_rtp_info_t *packet,
- uint8_t is_rtp);
-
-/**
- * @brief Decrypts RTP/RTCP media
- * After switching to Secure, the protocol structure is able to decrypt
- * media using the SRTP crypto-engine.
- * @param self - self-pointer to protocol instance;
- * @param packet - media packet for decryption;
- * @param is_rtp - defines type of media for decryption; value equal to 1
- * means RTP packet, 0 - RTCP.
- * @return
- * - zrtp_status_ok - if successfully decrypted;
- * - one of zrtp_status_t errors otherwise.
- */
-zrtp_status_t _zrtp_protocol_decrypt( zrtp_protocol_t *self,
- zrtp_rtp_info_t *packet,
- uint8_t is_rtp);
-
-
-/*===========================================================================*/
-/* CRTPTO Utilities */
-/*===========================================================================*/
-
-/**
- * ZRTP KDF function.
- * KDF(KI, Label, Context, L) = HMAC(KI, i | Label | 0x00 | Context | L). See
- * Section "4.5.1. The ZRTP Key Derivation Function" in ZRTP RFC for more info.
- * @param stream - used to obtain negotiated HMAC function and other parameters;
- * @param ki- secret key derivation key that is unknown to the wiretapper
- * (for example, s0);
- * @param label - string of nonzero octets that identifies the purpose for the
- * derived keying material;
- * @param context - includes ZIDi, ZIDr, and some optional nonce material;
- * @param length - needed digest length. (The output of the KDF is truncated to
- * the leftmost length bits);
- * @param digest - destination buffer.
- */
-zrtp_status_t _zrtp_kdf( zrtp_stream_t* stream,
- zrtp_stringn_t* ki,
- zrtp_stringn_t* label,
- zrtp_stringn_t* context,
- uint32_t length,
- zrtp_stringn_t* digest);
-
-/*!
- * \brief Allocate shared secret structure
- * This function allocates memory for a zrtp_shared_secret_t and initializes
- * the secret value using a zrtp_fill_shared_secret() function call. Used in
- * protocol allocating.
- * \param session - ZRTP session for access to global data.
- * \return
- * - allocated secrets - on success;
- * - NULL - if allocation fails.
- */
-zrtp_shared_secret_t *_zrtp_alloc_shared_secret(zrtp_session_t* session);
-
-/*!
- * \brief Restores secrets from the cache
- * Uploads retained secrets from the cache and initializes secret flags. If
- * the secret has expired (is_expired flag is set), its value will be randomly
- * regenerated. _zrtp_prepare_secrets() is called after the discovery phase on
- * the setting up the very first stream. After secrets are uploaded the
- * zrtp_secrets_t#_is_ready flag is enabled to prevent secrets from reinitialization
- * on setting up the next stream.
- * \param session - ZRTP session in which secrets should be restored.
- * - zrtp_status_ok - if secrets were restored successfully;
- * - one of zrtp_status_t errors in case of failure.
- */
-zrtp_status_t _zrtp_prepare_secrets(zrtp_session_t* session);
-
-/**
- * @brief Validate confirm chmac message.
- * In case of chmac failure it switches to Initiating Error state and generate
- * ZRTP_EVENT_WRONG_MESSAGE_HMAC security event.
- * @return
- * -1 - in case of error and 0 - on success.
- */
-int _zrtp_validate_message_hmac(zrtp_stream_t *stream, zrtp_msg_hdr_t* msg2check, char* hmackey);
-
-/**
- * @brief Computes preshared key using available secrets.
- * hash(len(rs1) | rs1 | len(auxsecret) | auxsecret | len(pbxsecret) | pbxsecret)
- * Result key stored in key variable, if key_id not NULL - hmac
- * of the preshared_key will be stored.
- * return
- * - zrtp_status_ok on success and one of libzrtp errors in case of failure
- */
-zrtp_status_t _zrtp_compute_preshared_key( zrtp_session_t *session,
- zrtp_stringn_t* rs1,
- zrtp_stringn_t* auxs,
- zrtp_stringn_t* pbxs,
- zrtp_stringn_t* key,
- zrtp_stringn_t* key_id);
-
-/** @brief Perform Key generation according to ZRTp RFC sec. 5.6 */
-zrtp_status_t _zrtp_set_public_value(zrtp_stream_t *stream, int is_initiator);
-
-
-/*===========================================================================*/
-/* PROTOCOL Utilites */
-/*===========================================================================*/
-
-/*!
- * \brief Check availability to start stream (DH or Preshared)
- * The ZRTP specification says that only one DH stream can be run at a time between
- * two ZRTP endpoints. So _zrtp_can_start_stream(DH) looks over all sessions
- * between two ZIDs and if any other stream is running it denies the start of
- * another DH stream in parallel. Although the ZRTP standard says that Preshared
- * or Multistream stream can't be run in parallel with DH streams between two
- * ZRTP endpoints. So _zrtp_can_start_stream(PRESH) looks over all sessions between
- * two ZIDs and if any other DH stream is running it denies the start of
- * Preshared/Multistream stream in parallel. All operations with sessions and
- * streams are protected by mutexes. Call this function every time before starting
- * "initiating secure" process. For internal use only.
- * \sa "break the tie schemes" internal document.
- * \param stream - ZRTP stream which going to be started;
- * \param conc - in this variable _zrtp_can_start_stream() returns pointer to the
- * concurrent DH stream if it's in progress. It's used in "breaking the tie"
- * scheme.
- * \param mode - stream mode.
- * \return
- * - 1 if stream can be started;
- * - 0 - if stream can't be started and should wait for concurrent stream
- * establishment.
- */
-int _zrtp_can_start_stream( zrtp_stream_t* stream,
- zrtp_stream_t** conc,
- zrtp_stream_mode_t mode);
-
-/** Return ZRTP Stream mode which should be used for current stream. */
-zrtp_stream_mode_t _zrtp_define_stream_mode(zrtp_stream_t* stream);
-
-/*!
- * \brief Chooses the best crypto component of the given type
- * Selects the crypto component according to the local initiator's profile and
- * the remote responder's Hello.
- * \param profile - local profile;
- * \param peer_hello - Hello packet, received from the remote peer;
- * \param type - type of the crypto component to be chosen.
- * \return:
- * - identifier of the chosen component (according to type);
- * - ZRTP_COMP_UNKN in case of error.
- */
-uint8_t _zrtp_choose_best_comp( zrtp_profile_t* profile,
- zrtp_packet_Hello_t* peer_hello,
- zrtp_crypto_comp_t type);
-
-/*!
- * \brief Computes replay timeouts
- * This function computes messages replays schedule. There are some recommended
- * values by ZRTP specification, but in some network environments values may be
- * sligh different
- */
-uint32_t _zrtp_get_timeout(uint32_t curr_timeout, zrtp_msg_type_t msg);
-
-
-/*!
- * \brief Terminates retransmission task
- * This function is a wrapper around zrtp_cancele_send_packet_later() which
- * unsets the zrtp_retry_task_t#_is_enabled flag to prevent the scheduler from
- * re-adding tasks after their termination.
- */
-void _zrtp_cancel_send_packet_later( zrtp_stream_t* stream,
- zrtp_msg_type_t type);
-
-/*!
- * \brief state switcher
- * This function changes stream state to \c state, makes a backup of the previous
- * state at zrtp_stream_t#_prev_state and prints debug information.
- * \warning Don't change the stream state directly. Use this function.
- * \param stream - ZRTP stream to be changed;
- * \param state - new state.
- */
-void _zrtp_change_state( zrtp_stream_t* stream, zrtp_state_t state);
-
-
-/*===========================================================================*/
-/* Shared STATE-MACHINE Routine */
-/*===========================================================================*/
-
-// TODO: clean this up
-zrtp_status_t _zrtp_machine_enter_pendingsecure(zrtp_stream_t* stream, zrtp_rtp_info_t* commit);
-zrtp_status_t _zrtp_machine_enter_initiatingsecure(zrtp_stream_t* stream);
-zrtp_status_t _zrtp_machine_enter_secure(zrtp_stream_t* stream);
-zrtp_status_t _zrtp_machine_enter_pendingclear(zrtp_stream_t* stream);
-zrtp_status_t _zrtp_machine_enter_initiatingerror( zrtp_stream_t *stream,
- zrtp_protocol_error_t code,
- uint8_t notif);
-
-zrtp_status_t _zrtp_machine_create_confirm(zrtp_stream_t *stream, zrtp_packet_Confirm_t* confirm);
-zrtp_status_t _zrtp_machine_process_confirm(zrtp_stream_t *stream, zrtp_packet_Confirm_t *confirm);
-zrtp_status_t _zrtp_machine_process_goclear(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-
-zrtp_status_t _zrtp_machine_start_initiating_secure(zrtp_stream_t *stream);
-zrtp_statemachine_type_t _zrtp_machine_preparse_commit(zrtp_stream_t *stream, zrtp_rtp_info_t* packet);
-
-
-/*===========================================================================*/
-/* PARSERS */
-/*===========================================================================*/
-
-/*!
- * \brief Prepare RTP/ZRTP media packet for the further processing.
- * This function defines the packet type, parses SSRC and makes the sequence
- * number implicit. If it is a ZRTP message, packet length correctness and CRC
- * are checked as well.
- * \param stream - ZRTP stream associated with this packet;
- * \param packet - packet for preparing;
- * \param length - packet length;
- * \param info - resulting packet structure;
- * \param is_input - 1 - assumes incoming and 0 - outgoing packet direction.
- */
-zrtp_status_t _zrtp_packet_preparse( zrtp_stream_t* stream,
- char* packet,
- uint32_t *length,
- zrtp_rtp_info_t* info,
- uint8_t is_input);
-
-/*!
- * \brief Fills ZRTP message header and computes messages HMAC
- * _zrtp_packet_fill_msg_hdr() prepares a ZRTP message header for sending. It calculates
- * the total message length in 4-byte words and fills the message type block.
- * \param stream - stream within in the operation will be performed
- * \param type - ZRTP message type;
- * \param body_length - message body length (without header);
- * \param hdr - message ZRTP header
- * \return
- * - zrtp_status_ok - if success;
- * - zrtp_status_bad_param - if message \c type is unknown.
- */
-zrtp_status_t _zrtp_packet_fill_msg_hdr( zrtp_stream_t *stream,
- zrtp_msg_type_t type,
- uint16_t body_length,
- zrtp_msg_hdr_t *hdr);
-
-/**
- * @brief Sends ZRTP message onto the network
- * _zrtp_packet_send_message constructs a ZRTP header and prepares packet for sending,
- * computes CRC and injects the packet into the network using the interface
- * function zrtp_send_rtp().
- * @param ctx - ZRTP stream context;
- * @param type - packet type to construct primitive ZRTP messages;
- * @param message - ZRTP message for sending.
- * @return
- * - 0 - if sent successfully;
- * - -1 - if error.
- */
-int _zrtp_packet_send_message( zrtp_stream_t *stream,
- zrtp_msg_type_t type,
- const void *message);
-
-/** @brief Returns ZRTP message type by symbolic name in header. */
-zrtp_msg_type_t _zrtp_packet_get_type(ZRTP_UNALIGNED(zrtp_rtp_hdr_t)*hdr, uint32_t length);
-
-/**
- * @brief Insert CRC32 to ZRTP packets
- * This function computes the 32 bit ZRTP packet checksum according to RFC 3309.
- * As specified at ZRTP RFC, CRC32 is appended to the end of the extension for every ZRTP packet.
- * @param packet - zrtp packet wrapper structure.
- */
-void _zrtp_packet_insert_crc(char* packet, uint32_t length);
-
-/**
- * @brief Validate ZRTP packet CRC
- * @return
- * - 0 if correct CRC;
- * - -1 if CRC validation failed.
- */
-int8_t _zrtp_packet_validate_crc(const char* packet, uint32_t length);
-
-/* \} */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* __ZRTP_ENGINE_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-/**
- * \file zrtp_error.h
- * \brief libzrtp errors definitions
- */
-
-#ifndef __ZRTP_ERROR_H__
-#define __ZRTP_ERROR_H__
-
-#include "zrtp_config.h"
-
-/**
- * \defgroup zrtp_errors Libzrtp Error Definitions
- *
- * In this section the ZRTP protocol error codes and the library internal errors are defined.
- *
- * When ZRTP Protocl error detected, zrtp_callback_event_t#on_zrtp_security_event is called and
- * zrtp_session_info_t#last_error contains error code.
- * \{
- */
-
-/**
- * \brief Define protocol error codes according to ZRTP RFC sec. 5.9
- */
-typedef enum zrtp_protocol_error_t
-{
- zrtp_error_unknown = 0,
- zrtp_error_timeout = 1,
-
- zrtp_error_invalid_packet = 0x10, /** Malformed packet (CRC OK, but wrong structure) */
- zrtp_error_software = 0x20, /** Critical software error */
- zrtp_error_version = 0x30, /** Unsupported ZRTP version */
- zrtp_error_hello_mistmatch = 0x40, /** Hello components mismatch */
-
- zrtp_error_hash_unsp = 0x51, /** Hash type not supported */
- zrtp_error_cipher_unsp = 0x52, /** Cipher type not supported */
- zrtp_error_pktype_unsp = 0x53, /** Public key exchange not supported */
- zrtp_error_auth_unsp = 0x54, /** SRTP auth. tag not supported */
- zrtp_error_sas_unsp = 0x55, /** SAS scheme not supported */
- zrtp_error_no_secret = 0x56, /** No shared secret available, Preshared mode required */
-
- zrtp_error_possible_mitm1 = 0x61, /** DH Error: bad pvi or pvr ( == 1, 0, or p-1) */
- zrtp_error_possible_mitm2 = 0x62, /** DH Error: hvi != hashed data */
- zrtp_error_possible_mitm3 = 0x63, /** Received relayed SAS from untrusted MiTM */
-
- zrtp_error_auth_decrypt = 0x70, /** Auth. Error: Bad Confirm pkt HMAC */
- zrtp_error_nonse_reuse = 0x80, /** Nonce reuse */
- zrtp_error_equal_zid = 0x90, /** Equal ZIDs in Hello */
- zrtp_error_service_unavail = 0xA0, /** Service unavailable */
- zrtp_error_goclear_unsp = 0x100,/** GoClear packet received, but not allowed */
-
- zrtp_error_wrong_zid = 0x202, /** ZID received in new Hello doesn't equal to ZID from the previous stream */
- zrtp_error_wrong_meshmac = 0x203, /** Message HMAC doesn't match with pre-received one */
- zrtp_error_count
-} zrtp_protocol_error_t;
-
-/**
- * \brief libzrtp functions statuses.
- *
- * Note that the value of zrtp_status_ok is equal to zero. This can simplify error checking
- * somewhat.
- */
-typedef enum zrtp_status_t
-{
- zrtp_status_ok = 0, /** OK status */
- zrtp_status_fail = 1, /** General, unspecified failure */
- zrtp_status_bad_param = 2, /** Wrong, unsupported parameter */
- zrtp_status_alloc_fail = 3, /** Fail allocate memory */
- zrtp_status_auth_fail = 4, /** SRTP authentication failure */
- zrtp_status_cipher_fail = 5, /** Cipher failure on RTP encrypt/decrypt */
- zrtp_status_algo_fail = 6, /** General Crypto Algorithm failure */
- zrtp_status_key_expired = 7, /** SRTP can't use key any longer */
- zrtp_status_buffer_size = 8, /** Input buffer too small */
- zrtp_status_drop = 9, /** Packet process DROP status */
- zrtp_status_open_fail = 10, /** Failed to open file/device */
- zrtp_status_read_fail = 11, /** Unable to read data from the file/stream */
- zrtp_status_write_fail = 12, /** Unable to write to the file/stream */
- zrtp_status_old_pkt = 13, /** SRTP packet is out of sliding window */
- zrtp_status_rp_fail = 14, /** RTP replay protection failed */
- zrtp_status_zrp_fail = 15, /** ZRTP replay protection failed */
- zrtp_status_crc_fail = 16, /** ZRTP packet CRC is wrong */
- zrtp_status_rng_fail = 17, /** Can't generate random value */
- zrtp_status_wrong_state = 18, /** Illegal operation in current state */
- zrtp_status_attack = 19, /** Attack detected */
- zrtp_status_notavailable = 20, /** Function is not available in current configuration */
- zrtp_status_count = 21
-} zrtp_status_t;
-
-/** \} */
-
-/** \manonly */
-
-#define ZRTP_MIM2_WARNING_STR \
- "Possible Man-In-The-Middle-Attack! Switching to state Error\n"\
- "because a packet arrived that was ZRTP_DHPART2, but contained\n"\
- "a g^y that didn't match the previous ZRTP_COMMIT.\n"
-
-#define ZRTP_MITM1_WARNING_STR "DH validating failed. (pvi is 1 or p-1), aborted\n"
-
-#define ZRTP_VERIFIED_INIT_WARNING_STR \
- "Falling back to cleartext because a packet arrived that was\n"\
- "ZRTP_CONFIRM1, but which couldn't be verified - the sender must have a different\n"\
- "shared secret than we have.\n"
-
-#define ZRTP_VERIFIED_RESP_WARNING_STR \
- "Falling back to cleartext because a packet arrived that was ZRTP_CONFIRM2,\n"\
- " but which couldn't be verified - the sender must have a different shared secret than we have.\n"
-
-#define ZRTP_EQUAL_ZID_WARNING_STR \
- "Received a ZRTP_HELLO packet with the same ZRTP ID that we have.\n"\
- " This is likely due to a bug in the software. Ignoring the ZRTP_HELLO\n"\
- " packet, therefore this call cannot be encrypted.\n"
-
-#define ZRTP_UNSUPPORTED_COMP_WARNING_STR \
- " Received ZRTP_HELLO packet with an algorithms field which had a\n"\
- " list of hashes that didn't include any of our supported hashes. Ignoring\n"\
- " the ZRTP_HELLO packet, therefore this call cannot be encrypted.\n"
-
-#define ZRTP_NOT_UNIQUE_NONCE_WARNING_STR \
- " Received COMMIT with hash value already used in another stream within this ZRTP session\n"
-
-#define ZRTP_RELAYED_SAS_FROM_NONMITM_STR \
-" Received SAS Relaying message from endpoint which haven't introduced as MiTM.\n"
-
-/** \endmanonly */
-
-#endif /* __ZRTP_ERROR_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-
-/**
- * \file zrtp_iface.h
- * \brief libzrtp product-dependent functions
- */
-
-#ifndef __ZRTP_IFACE_H__
-#define __ZRTP_IFACE_H__
-
-#include "zrtp_config.h"
-#include "zrtp_base.h"
-#include "zrtp_string.h"
-#include "zrtp_error.h"
-#include "zrtp_iface_system.h"
-
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/*======================================================================*/
-/* libzrtp interface: Cache */
-/*======================================================================*/
-
-/*!
- * \defgroup zrtp_iface_cache ZRTP Cache
- * \ingroup zrtp_iface
- *
- * The secret cache implementation should have a two-layer structure: each pair of ZIDs should have
- * a relevant pair of secrets (current and previous). In addition to the value of the secret, the
- * cache should contain: verification flag, last usage time-stamp and cache TTL value.
- *
- * The simplest secret cache scheme implementation is:
- * \code
- * [local_ZID][remote_ZID][curr_cache][prev_cache][verified][used at][cache ttl]
- * \endcode
- * \warning
- * Libzrtp doen't provide synchronization for cache read/write operation. Cache is not thread safe
- * by default. Implementor must take care of synchronization inside his implementation.
- *
- * For more information see corresponding section \ref XXX. Samples can be found at \ref XXX
- * (\c zrtp_iface_builtin.h, \c zrtp_iface_cache.c)
- * \{
- */
-
-/**
- * @brief Data types and functions related to shared secrets.
- */
-typedef struct zrtp_callback_cache_t
-{
- /**
- * \brief Cache initialization.
- *
- * libzrtp calls this function before start using cache routine at zrtp_init().
- *
- * \param zrtp - libzrtp global context;
- * \sa zrtp_callback_cache_t#on_down()
- */
- zrtp_status_t (*on_init)(zrtp_global_t* zrtp);
-
- /**
- * \brief Cache deinitialization.
- *
- * libzrtp calls this function when zrtp cache is no longer needed at zrtp_down().
- * \sa zrtp_callback_cache_t#on_init()
- */
- void (*on_down)();
-
- /**
- * \brief Add/Update cache value
- *
- * Interface function for entering the retained secret to the cache. This function should
- * guarantee permanent storage in the cache. The implementation algorithm is the following:
- * - if the entry associated with a given pair of ZIDs does not exist, the value should be
- * stored in cache.
- * - if the entry already exists, the current secret value becomes stored as the previous one.
- * The new value becomes stored as the current one. Besides rss->value a timestamp
- * (rss->lastused_at) and cache TTL(rss->ttl) should be updated.
- *
- * \param one_zid - ZID of one side;
- * \param another_zid - ZID of the other side;
- * \param rss - a structure storing the value of the secret that needs to be saved.
- * \return
- * - zrtp_status_ok if operation is successful;
- * - some error code from \ref zrtp_status_t in case of error.
- * \sa zrtp_callback_cache_t#on_get
- */
- zrtp_status_t (*on_put)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss);
-
- /**
- * \brief Return secret cache associated with specified pair of ZIDs.
- *
- * This function should return the secret associated with the specified pair of ZIDs. In
- * addition to the secret value, TTL (rss->ttl) and cache timestamp (rss->lastused_at) value
- * should be also returned.
- *
- * \param one_zid - one side's ZID;
- * \param another_zid - the other side's ZID;
- * \param prev_requested - if this parameter value is 1, the function should return the previous
- * secret's value. If this parameter value is 0, the function should return the current
- * secret's value;
- * \param rss - structure that needs to be filled in.
- * \return
- * - zrtp_status_ok - if operation is successful;
- * - zrtp_status_fail - if the secret cannot be found;
- * - some error code from zrtp_status_t if an error occurred.
- * \sa zrtp_callback_cache_t#on_put
- */
- zrtp_status_t (*on_get)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss,
- int prev_requested);
-
- /**
- * \brief Set/clear cache verification flag
- *
- * This function should set the secret verification flag associated with a pair of ZIDs.
- * \warning
- * For internal use only. To change the verification flag from the user space use the
- * zrtp_verified_set() function.
- *
- * \param one_zid - first ZID for cache identification;
- * \param another_zid - second ZID for cache identification;
- * \param verified - verification flag (value can be 0 or 1).
- * \return
- * - zrtp_status_ok if flag is successfully modified;
- * - zrtp_status_fail if the secret cannot be found;
- * - some other error code from \ref zrtp_status_t if another error occurred.
- */
- zrtp_status_t (*on_set_verified)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t verified);
-
- /**
- * \brief Return cache verification flag
- *
- * This function return the secret verification flag associated with a pair of ZIDs.
- *
- * \param one_zid - first ZID for cache identification;
- * \param another_zid - second ZID for cache identification;
- * \param verified - verification flag to be filled in
- * \return
- * - zrtp_status_ok if flag is successfully returned;
- * - zrtp_status_fail if the secret cannot be found;
- * - some other error code from \ref zrtp_status_t if another error occurred.
- */
- zrtp_status_t (*on_get_verified)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t* verified);
-
- /**
- * \brief Should set Secure Since cache aparemeter to current date and time
- *
- * This function is optional and may be ommited.
- *
- * \param one_zid - first ZID for cache identification;
- * \param another_zid - second ZID for cache identification;
- * \return
- * - zrtp_status_ok if the oprtation finished sucessfully.
- * - some other error code from \ref zrtp_status_t if another error occurred.
- */
- zrtp_status_t (*on_reset_since)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid);
-
- /**
- * \brief Add/Update cache value for MiTM endpoint
- *
- * This function is analogy to zrtp_callback_cache_t#on_put but for MiTM endpoint.
- * \todo Add more detail description
- * \sa zrtp_callback_cache_t#on_put zrtp_callback_cache_t#on_get_mitm
- */
- zrtp_status_t (*on_put_mitm)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss);
-
- /**
- * \brief Return secret cache for MiTM endpoint
- *
- * This function is analogy to zrtp_callback_cache_t#on_get but for MiTM endpoint.
- * \todo Add more detail description
- * \sa zrtp_callback_cache_t#on_get zrtp_callback_cache_t#on_put_mitm
- */
- zrtp_status_t (*on_get_mitm)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss);
-
- /**
- * \brief Return Preshared calls counter
- *
- * This function should return the preshared calls counter associated with a pair of ZIDs.
- *
- * \param one_zid - first ZID for cache identification;
- * \param another_zid - second ZID for cache identification;
- * \param counter - preshared calls counter to be filled in
- * \return
- * - zrtp_status_ok if counter is successfully returned;
- * - zrtp_status_fail if the secret cannot be found;
- * - some other error code from \ref zrtp_status_t if another error occurred.
- */
- zrtp_status_t (*on_presh_counter_get)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t* counter);
-
- /**
- * \brief Increase/reset Preshared streams counter made between two endpoints (ZIDs)
- *
- * This function should set the preshared calls counter associated with a pair of ZIDs.
- * Function is optional and should be implemented if your prodict uses Preshared keys exchange.
- *
- * \param one_zid - first ZID for;
- * \param another_zid - second ZID;
- * \param counter - Preshared calls counter.
- * \return
- * - zrtp_status_ok if the counter is successfully modified;
- * - zrtp_status_fail if the secret cannot be found;
- * - some other error code from \ref zrtp_status_t if another error occurred.
- */
- zrtp_status_t (*on_presh_counter_set)( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t counter);
-} zrtp_callback_cache_t;
-
-
-/** \} */
-
-/*======================================================================*/
-/* libzrtp interface: Scheduler */
-/*======================================================================*/
-
-/**
- * \defgroup zrtp_iface_scheduler ZRTP Delay Calls
- * \ingroup zrtp_iface
- *
- * Algorithm used in the scheduled call module is described in detail in section \ref XXX of the
- * developer's guide documentation. Technical details of this function's implementation follows.
- *
- * For more information see corresponding section \ref XXX. Samples can be found at \ref XXX
- * (\c zrtp_iface_builtin.h, \c zrtp_iface_scheduler.c)
- * \{
- */
-
-/** \brief ZRTP Delays Calls signature. */
-typedef void (*zrtp_call_callback_t)(zrtp_stream_t*, zrtp_retry_task_t*);
-
-/**
- * @brief Delay Call wrapper
- */
-struct zrtp_retry_task_t
-{
- /** \brief Task action callback */
- zrtp_call_callback_t callback;
-
- /** \brief Timeout before call in milliseconds */
- zrtp_time_t timeout;
-
- /**
- * \brief User data pointer.
- *
- * Pointer to the user data. This pointer can be used for fast access to some additional data
- * attached to this task by the user application.
- */
- void* usr_data;
-
-
- // TODO: hide these elements
- /**
- * \brief Task activity flag.
- *
- * Libzrtp unsets this flag on task canceling. It prevents the scheduler engine from re-adding
- * an already canceled task. Callback handlers skip passive tasks.
- * \note
- * For internal use only. Don't' modify this field in implementation.
- */
- uint8_t _is_enabled;
-
- /**
- * \brief Number of task retries.
- *
- * Every handler that attempts the task increases it by one. When the limit is reached the
- * scheduler should stop retries and performs a specified action - generally raises an error.
- * \note
- * For internal use only. Don't' modify this field in implementation.
- */
- uint32_t _retrys;
-
- /**
- * \brief Task Busy flag.
- *
- * Built-in cache implementation uses this flag to protect task from being removed during the
- * callback.
- *
- * Default cache implementation "locks" this flag before call zrtp_retry_task#callback
- * and "unlocks" when the call is performed. zrtp_callback_scheduler_t#on_wait_call_later exits
- * when there are no callbacks in progress - no tasks with \c _is_busy enabled.
- */
- uint8_t _is_busy;
-};
-
-/**
- * @brief Delay Calls callbacks
- */
-typedef struct zrtp_callback_scheduler_t
-{
- /**
- * \brief Delay Calls initialization.
- *
- * libzrtp calls this function before start using scheduler routine at zrtp_init().
- *
- * \param zrtp - libzrtp global context;
- * \sa zrtp_callback_scheduler_t#on_down()
- */
- zrtp_status_t (*on_init)(zrtp_global_t* zrtp);
-
- /**
- * \brief Delay Calls deinitialization.
- *
- * libzrtp calls this function when zrtp scheduler is no longer needed at zrtp_down().
- * \sa zrtp_callback_scheduler_t#on_init()
- */
- void (*on_down)();
-
- /**
- * \brief Interface for performing delay call
- *
- * This function should add delay call request (\c task) to the processing queue. When the
- * zrtp_retry_task_t#timeout is expired, scheduler should call zrtp_retry_task_t#callback and
- * remove tasks from the processing queue.
- *
- * \param stream - stream context for processing the callback function;
- * \param task - task structure that should be processed.
- * \sa zrtp_callback_scheduler_t#on_cancel_call_later
- */
- void (*on_call_later)(zrtp_stream_t *stream, zrtp_retry_task_t* task);
-
- /**
- * \brief Interface for canceling a delay calls
- *
- * This function cancels delay call if it still in the processing queue. The algorithm is the
- * following:
- * - If there is a specified task for a specified stream, this task should be deleted.
- * - If the \c task parameter is equal to NULL - ALL tasks for the specified stream must be
- * terminated and removed from the queue.
- *
- * \param ctx - stream context for the operation;
- * \param task - delayed call wrapper structure.
- * \sa zrtp_callback_scheduler_t#on_call_later
- */
- void (*on_cancel_call_later)(zrtp_stream_t* ctx, zrtp_retry_task_t* task);
-
- /**
- * \brief Interface for waiting for scheduling tasks is finished
- *
- * This function is called by libzrtp when the state-mamchine is in a position to destroy ZRTP
- * session and all incapsulated streams. Allocated for the stream memory may be cleared and
- * released. If after this operation, scheduler perform time-out call it will bring system to
- * crash.
- *
- * The scheduler implementation must guarantee that any delay call for the \c stream will not be
- * performed after on_wait_call_later().
- *
- * \param stream - stream context for the operation;
- * \sa zrtp_callback_scheduler_t#on_call_later.
- */
- void (*on_wait_call_later)(zrtp_stream_t* stream);
-} zrtp_callback_scheduler_t;
-
-/** \} */
-
-/*======================================================================*/
-/* libzrtp interface: Protocol */
-/*======================================================================*/
-
-/**
- * \defgroup zrtp_iface_proto ZRTP Protocol Feedback
- * \ingroup zrtp_iface
- *
- * This section defines ZRTP protcol events. Detail description of ZRTP state-machine is defined in
- * \ref XXX.
- * \{
- */
-
-/**
- * \brief ZRTP Protocol events
- *
- * For additional information see \ref XXX
- */
-typedef enum zrtp_protocol_event_t
-{
- /** \brief Just a stub for error detection. */
- ZRTP_EVENT_UNSUPPORTED = 0,
-
- /** \brief Switching to CLEAR state */
- ZRTP_EVENT_IS_CLEAR,
-
- /** \brief Switching to INITIATING_SECURE state */
- ZRTP_EVENT_IS_INITIATINGSECURE,
-
- /** \brief Switching to PENDING_SECURE state */
- ZRTP_EVENT_IS_PENDINGSECURE,
-
- /** \brief Switching to PENDING_CLEAR state */
- ZRTP_EVENT_IS_PENDINGCLEAR,
-
- /**
- * \brief Switching to NO_ZRTP state.
- *
- * Hello packet undelivered - no ZRTP endpoint and other end
- */
- ZRTP_EVENT_NO_ZRTP,
-
- /**
- * \brief First N Hello packet undelivered - probably, no ZRTP endpoint and other end
- *
- * Libzrtp raises this event after few Hello have been send without receiving response from the
- * remote endpoint. User application may use this event to stop Securing ritual if connection
- * lag is important.
- *
- * Developer should take into account that delays in Hello receiving may be conditioned by
- * interruptions in media channel
- *
- * \warning Don't handle this event unless necessary
- */
- ZRTP_EVENT_NO_ZRTP_QUICK,
-
- /**
- * \brief MiTM Enrollment with MiTM endpoint
- *
- * Informs the Client-side endpoint of receiving a registration invitation from the MiTM.
- * Libzrtp raises this event after switching to the Secure state (ZRTP_EVENT_IS_SECURE). The
- * user may accept the invitation using a zrtp_register_with_trusted_mitm() call.
- */
- ZRTP_EVENT_IS_CLIENT_ENROLLMENT,
-
- /**
- * \brief New user has registered to the MitM
- *
- * Informs MitM of the registration of a new user. Libzrtp raises this event when a user calls
- * the special registration number and has switched to the secure state.
- */
- ZRTP_EVENT_NEW_USER_ENROLLED,
-
- /**
- * \brief New user has already registered with the MiTM
- *
- * Notifies the MiTM of an attempt to register from a user that is already registered. In this
- * case a new MiTM secret will not be generated and the user may be informed by voice prompt.
- * Libzrtp raises this event from the SECURE state.
- */
- ZRTP_EVENT_USER_ALREADY_ENROLLED,
-
- /**
- * \brief User has cancelled registration
- *
- * Libzrtp may raise this event during regular calls when it discovers that the user has removed
- * its MiTM secret. This event informs the MiTM that the SAS can no longer be transferred to
- * this user.
- */
- ZRTP_EVENT_USER_UNENROLLED,
-
- /**
- * \brief SAS value and/or rendering scheme was updated
- *
- * LibZRTP raises this event when the SAS value is transferred from the trusted MiTM. The value
- * is rendered automatically according to the rendering scheme specified by the trusted MiTM.
- * (it may be different than that of the previous one).
- *
- * On receiving this event, the Client application should replace the old SAS with the new one
- * and ask the user to verify it. This event is called from the Secure state only.
- */
- ZRTP_EVENT_LOCAL_SAS_UPDATED,
-
- /**
- * \brief SAS transfer was accepted by the remote side
- *
- * Libzrtp raises this event to inform the Server-side about accepting the change of SAS value
- * and/or rendering scheme by the remote client. This event is called from the Secure state
- * only.
- */
- ZRTP_EVENT_REMOTE_SAS_UPDATED,
-
- /**
- * \brief Swishing to SECURE state
- *
- * Duplicates zrtp_callback_event_t#on_zrtp_secure for more thin adjustments.
- */
- ZRTP_EVENT_IS_SECURE,
-
- /**
- * \brief Swishing to SECURE state is finished.
- *
- * Equal to ZRTP_EVENT_IS_SECURE but called when the Securing process is completely finished:
- * new RS secret is generate, cache flags updated and etc. Can be used in extended application
- * for more thin adjustments.
- */
- ZRTP_EVENT_IS_SECURE_DONE,
-
- /**
- * \brief Indicates DRM restriction. Stream can't go Secure.
- *
- * Libzrtp generate this event if DRM rules don't allow to switch to Secure mode:
- * - A passive endpoint never sends a Commit message. Semi-active endpoint does not send a
- * Commit to a passive endpoint
- * - A passive phone, if acting as a SIP initiator r ejects all commit packets from everyone.
- * - A passive phone rejects all commit messages from a PBX.
- */
- ZRTP_EVENT_IS_PASSIVE_RESTRICTION,
-
- ZRTP_EVENT_COUNT
-
-} zrtp_protocol_event_t;
-
-/**
- * \brief ZRTP Protocol Errors and Warnings
- *
- * For additional information see \ref XXX
- */
-typedef enum zrtp_security_event_t
-{
- /**
- * \brief Switching to ERROR state
- *
- * The exact error code can be found at zrtp_stream_info_t#last_error. Use zrtp_log_error2str()
- * to get error description in text mode.
- */
- ZRTP_EVENT_PROTOCOL_ERROR = ZRTP_EVENT_COUNT,
-
- /**
- * \brief Hello Hash is different from that received in signaling.
- *
- * In accordance with sec. 8.1 of the ZRTP RFC, libzrtp provides the ability to prevent DOS
- * attacks. libzrtp can detect an attack in which the hash of the remote Hello was received
- * through signaling and added to the ZRTP context (zrtp_signaling_hash_set()).
- *
- * When the hash of the incoming Hello doesn't match the hash from signaling, the
- * ZRTP_EVENT_WRONG_SIGNALING_HASH event is raised and the connection MAY be terminated
- * manually.
- */
- ZRTP_EVENT_WRONG_SIGNALING_HASH,
-
- /**
- * \brief Hmac of the received packet is different from the hmac value earlier received.
- *
- * If the Hello hash is sent through protected signaling, libzrtp provides the ability to
- * prevent protocol packets from modification and even eliminates comparing the SAS. To do this,
- * libzrtp compares the message Hmac with the Hmac received in the previous message.
- *
- * If the Hmacs don't match, the ZRTP_EVENT_WRONG_MESSAGE_HMAC event is raised and the
- * connection MAY be terminated manually.
- */
- ZRTP_EVENT_WRONG_MESSAGE_HMAC,
-
- /**
- * \brief Retain secret was found in the cache but it doesn't match with the remote one
- *
- * The library rises this event when non-expired secret have been found in the cache but
- * value of the secret doesn't match with the remote side secret. Such situation may happen
- * in case of MiTM attack or when remote side lost it's cache.
- *
- * Recommended behavior: the application should notify user about the situation and ask him to
- * verify the SAS. If SAS is different - it indicates the attack.
- */
- ZRTP_EVENT_MITM_WARNING
-} zrtp_security_event_t;
-
-/**
- * \brief Callbacks definitions
- *
- * This section lists callback functions informing the user about the protocol status. These
- * callbacks must be defined in the user application.
- */
-typedef struct zrtp_callback_event_t
-{
- /**
- * \brief ZRTP Protocol events notification.
- *
- * Informs about switching between the protocol states and other events. Provides more flexible
- * control over the protocol then on_zrtp_secure and on_zrtp_not_secure.
- *
- * \param event - type of event;
- * \param stream - ZRTP stream context.
- */
- void (*on_zrtp_protocol_event)(zrtp_stream_t *stream, zrtp_protocol_event_t event);
-
- /**
- * \brief ZRTP Security events notification
- *
- * Informs about ZRTP security events: MiTM attacks, cache desynchronization and
- * others.
- * \warning MUST be handled in the target application to provide high security level.
- *
- * \param event - type of event;
- * \param stream - ZRTP stream context.
- */
- void (*on_zrtp_security_event)(zrtp_stream_t *stream, zrtp_security_event_t event);
-
- /**
- * \brief Indicates switching to SECURE state.
- *
- * Pair of events: \c on_zrtp_secure and \c on_zrtp_not_secure represent simplified event
- * handling mechanism comparing to \c on_zrtp_protocol_event. libzrtp calls this event when the
- * call is SECURE and media is encrypted.
- *
- * SAS Verification is required on this event.
- *
- * \param stream - ZRTP stream context.
- */
- void (*on_zrtp_secure)(zrtp_stream_t *stream);
-
- /**
- * \brief Indicates switching to NOT SECURE state.
- *
- * This event duplicates some protocol and security events to simplify libzrtp usage. It may be
- * used in applications which don't require detail information about ZRTP protocol.
- *
- * If Error appeared - the exact error code can be found at zrtp_stream_info_t#last_error. Use
- * zrtp_log_error2str() to get error description in text mode.
- *
- * \param stream - ZRTP stream context.
- */
- void (*on_zrtp_not_secure)(zrtp_stream_t *stream);
-} zrtp_callback_event_t;
-
-/** \} */
-
-/*======================================================================*/
-/* libzrtp interface: Misc */
-/*======================================================================*/
-
-/**
- * \defgroup zrtp_iface_misc Miscellaneous functions
- * \ingroup zrtp_iface
- * \{
- */
-
-/**
- * \brief Miscellaneous Functions
- */
-typedef struct zrtp_callback_misc_t
-{
- /**
- * \brief RTP packet sending function
- *
- * This function pushes an outgoing ZRTP packet to the network. Correct building of IP and UPD
- * headers is the developer's responsibility.
- *
- * \param stream - ZRTP stream context;
- * \param packet - buffer storing the ZRTP packet to send;
- * \param length - size of the ZRTP packet.
- * \return
- * - number of bytes sent if successful;
- * - -1 if error occurred.
- */
- int (*on_send_packet)(const zrtp_stream_t* stream, char* packet, unsigned int length);
-} zrtp_callback_misc_t;
-
-/** \} */
-
-/**
- * \brief ZRTP feedback interface and application dependent routine
- * \ingroup zrtp_iface
- */
-typedef struct zrtp_callback_t
-{
- /** \brief ZRTP Protocol Feedback */
- zrtp_callback_event_t event_cb;
- /** \brief ZRTP Delay Calls routine */
- zrtp_callback_scheduler_t sched_cb;
- /** \brief ZRTP Cache */
- zrtp_callback_cache_t cache_cb;
- /** \brief Miscellaneous functions */
- zrtp_callback_misc_t misc_cb;
-} zrtp_callback_t;
-
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /*__ZRTP_IFACE_H__*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_IFACE_CACHE_H__
-#define __ZRTP_IFACE_CACHE_H__
-
-#include "zrtp_config.h"
-#include "zrtp_base.h"
-#include "zrtp_string.h"
-#include "zrtp_error.h"
-#include "zrtp_iface.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#if defined(ZRTP_USE_BUILTIN_CACHE) && (ZRTP_USE_BUILTIN_CACHE == 1)
-
-#define ZRTP_DEF_CACHE_VERSION_STR "libZRTP cache version="
-#define ZRTP_DEF_CACHE_VERSION_VAL "1.0"
-
-/**
- * @brief Cache element identifier type
- * Elements of this type link cache data with a pair of ZIDs.
- * (constructed as: [ZID1][ZID2], where ZID1 - ZID with greater binary value)
- * This type is used to identify cache elements in the built-in implementation.
- */
-typedef uint8_t zrtp_cache_id_t[24];
-
-#define ZRTP_MITMCACHE_ELEM_LENGTH ( sizeof(zrtp_cache_id_t) + sizeof(zrtp_string64_t) )
-#define ZRTP_CACHE_ELEM_LENGTH ( sizeof(zrtp_cache_elem_t) - sizeof(mlist_t) - (sizeof(uint32_t)*2) )
-#define ZFONE_CACHE_NAME_LENGTH 256
-
-/**
- * @brief Secret cache element structure
- * This structure is used to store cache data in the built-in implementation
- * of the caching system.
- */
-typedef struct zrtp_cache_elem
-{
- zrtp_cache_id_t id; /** Cache element identifier */
- zrtp_string64_t curr_cache; /** Current cache value */
- zrtp_string64_t prev_cache; /** Prev cache value */
- uint32_t verified; /** Verified flag for the cache value */
- uint32_t lastused_at; /** Last usage time-stamp in seconds */
- uint32_t ttl; /** Cache TTL since lastused_at in seconds */
- uint32_t secure_since; /** Secure since date in seconds. Utility field. Don't required by libzrtp. */
- char name[ZFONE_CACHE_NAME_LENGTH]; /** name of the user associated with this cache entry */
- uint32_t name_length; /** cache name lengths */
- uint32_t presh_counter; /** number of Preshared streams made since last DH exchange */
- uint32_t _index; /** cache element index in the cache file */
- uint32_t _is_dirty; /** dirty flag means the entry has unsaved changes */
- mlist_t _mlist;
-} zrtp_cache_elem_t;
-
-#endif /* ZRTP_USE_BUILTIN_CACHE */
-
-zrtp_status_t zrtp_def_cache_init(zrtp_global_t* zrtp);
-
-void zrtp_def_cache_down();
-
-zrtp_status_t zrtp_def_cache_set_verified( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t verified);
-
-zrtp_status_t zrtp_def_cache_get_verified( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t* verified);
-
-
-zrtp_status_t zrtp_def_cache_put( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss);
-
-zrtp_status_t zrtp_def_cache_put_mitm( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss);
-
-zrtp_status_t zrtp_def_cache_get( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss,
- int prev_requested);
-
-zrtp_status_t zrtp_def_cache_get_mitm( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_shared_secret_t *rss);
-
-zrtp_status_t zrtp_def_cache_set_presh_counter( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t counter);
-
-zrtp_status_t zrtp_def_cache_get_presh_counter( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t* counter);
-
-#if defined(ZRTP_USE_BUILTIN_CACHE) && (ZRTP_USE_BUILTIN_CACHE == 1)
-/**
- * @brief Cache iterator
- * zrtp_def_cache_foreach() calls this function for every cache entry.
- * @param elem - cache element;
- * @param is_mitm - is 1 when callback was called for MiTM for each.
- * @param del - callback may return 1 to this to remove cache entry from the list.
- * @param data - pointer to some user data from zrtp_def_cache_foreach();
- * @return
- * - 0 - if element was requested for reading only and wasn't changed;
- * - 1 - if element was modified and cache should be updated.
- */
-typedef int (*zrtp_cache_callback_t)(zrtp_cache_elem_t* elem, int is_mitm, void* data, int* del);
-
-/**
- * @brief Iterate over all cache entries.
- * Can be used for searching and modifying cache entries. Protected by mutex.
- * Can be called in parallel with other cache operations when protocol is
- * running.
- * @param global - libzrtp global context;
- * @param is_mitm - if value of this flag is 1 - fore_each will be applied for MiTM secrets;
- * @param callback - function to be called for every cache entry;
- * @param data - this pointer will be passed to every \c callback call.
- */
-void zrtp_def_cache_foreach( zrtp_global_t *global,
- int is_mitm,
- zrtp_cache_callback_t callback,
- void *data);
-
-#endif /* ZRTP_USE_BUILTIN_CACHE */
-
-/**
- * @brief Store shared secrets cache to the persistent storage
- * May be used in server solutions for periodically flushing the cache to prevent data loss.
- *
- * @return
- * - zrtp_status_ok - if operation completed successfully;
- * - zrtp_status_wrong_state - if a call is performed from a routine which
- * doesn't use the default cache.
- */
-zrtp_status_t zrtp_def_cache_store(zrtp_global_t *global);
-
-zrtp_status_t zrtp_def_cache_reset_since( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid);
-
-zrtp_status_t zrtp_def_cache_get_since( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t* since);
-
-zrtp_status_t zrtp_def_cache_get_name( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_stringn_t* name);
-
-zrtp_status_t zrtp_def_cache_put_name( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- const zrtp_stringn_t* name);
-
-#if defined(ZRTP_USE_BUILTIN_CACHE) && (ZRTP_USE_BUILTIN_CACHE == 1)
-zrtp_cache_elem_t* zrtp_def_cache_get2(const zrtp_cache_id_t id, int is_mitm);
-#endif /* ZRTP_USE_BUILTIN_CACHE */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /*__ZRTP_IFACE_CACHE_H__*/
-
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-#ifndef __ZRTP_IFACE_SCHEDULER_H__
-#define __ZRTP_IFACE_SCHEDULER_H__
-
-#include "zrtp_config.h"
-#include "zrtp_base.h"
-#include "zrtp_string.h"
-#include "zrtp_error.h"
-#include "zrtp_iface.h"
-
-#if defined(ZRTP_USE_BUILTIN_SCEHDULER) && (ZRTP_USE_BUILTIN_SCEHDULER == 1)
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-
-/**
- * In order to use default secheduler libzrtp one should define tow extra interfaces:
- * sleep and threads riutine.
- */
-
-/**
- * \brief Suspend thread execution for an interval measured in miliseconds
- * \param msec - number of miliseconds
- * \return: 0 if successful and -1 in case of errors.
- */
-
-#if ZRTP_PLATFORM != ZP_WIN32_KERNEL
-
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WINCE)
-#include <windows.h>
- typedef LPTHREAD_START_ROUTINE zrtp_thread_routine_t;
-#elif (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_BSD) || (ZRTP_PLATFORM == ZP_ANDROID)
- typedef void *(*zrtp_thread_routine_t)(void*);
-#elif (ZRTP_PLATFORM == ZP_SYMBIAN)
- typedef int(*zrtp_thread_routine_t)(void*);
-#endif
-
-/**
- * \brief Function is used to create a new thread, within a process.
- *
- * Thread should be created with default attributes. Upon its creation, the thread executes
- * \c start_routine, with \c arg as its sole argument.
- * \param start_routine - thread start routine.
- * \param arg - start routine arguments.
- * \return 0 if successful and -1 in case of errors.
- */
-
-
-extern int zrtp_thread_create(zrtp_thread_routine_t start_routine, void *arg);
-extern int zrtp_sleep(unsigned int msec);
-
-#endif
-
-void zrtp_def_scheduler_down();
-
-zrtp_status_t zrtp_def_scheduler_init(zrtp_global_t* zrtp);
-
-void zrtp_def_scheduler_call_later(zrtp_stream_t *ctx, zrtp_retry_task_t* ztask);
-
-void zrtp_def_scheduler_cancel_call_later(zrtp_stream_t* ctx, zrtp_retry_task_t* ztask);
-
-void zrtp_def_scheduler_wait_call_later(zrtp_stream_t* ctx);
-
-
-zrtp_status_t zrtp_sem_init(zrtp_sem_t** sem, uint32_t value, uint32_t limit);
-zrtp_status_t zrtp_sem_destroy(zrtp_sem_t* sem);
-zrtp_status_t zrtp_sem_wait(zrtp_sem_t* sem);
-zrtp_status_t zrtp_sem_trtwait(zrtp_sem_t* sem);
-zrtp_status_t zrtp_sem_post(zrtp_sem_t* sem);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* ZRTP_USE_BUILTIN_SCEHDULER */
-
-#endif /*__ZRTP_IFACE_SCHEDULER_H__*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-/**
- * \file zrtp_iface_system.h
- * \brief libzrtp platform-dependent routine
- */
-
-#ifndef __ZRTP_IFACE_SYSTEM_H__
-#define __ZRTP_IFACE_SYSTEM_H__
-
-#include "zrtp_config.h"
-#include "zrtp_types.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-
-/*============================================================================*/
-/* System wide functions */
-/*============================================================================*/
-
-/**
- * \defgroup zrtp_iface Library Interfaces Overview
- *
- * This section describes the requirements for the implementation of each interface function.
- * Descriptions are divided into groups by function
- */
-
-/**
- * \defgroup zrtp_iface_base Basic platform-dependent routine
- * \ingroup zrtp_iface
- * \{
- */
-
-/**
- * \brief Time in miliseconds
- *
- * libzrtp uses a unix-like time calculation scheme: time since 1/1/1970.
- */
-typedef uint64_t zrtp_time_t;
-
-
-/**
- * \brief Allocates memory of a defined size
- *
- * Allocates \c size bytes and returns a pointer to the allocated memory Allocated memory is not
- * cleared.
- *
- * \param size - number of bytes for allocation
- * \return
- * - pointer to the allocated memory if successful.
- * - NULL if the memory allocation failed.
- */
-extern void* zrtp_sys_alloc(unsigned int size);
-
-/**
- * \brief release memory
- *
- * Release the memory space pointed to by \c obj, which was returned by a previous zrtp_sys_alloc()
- * call. If \c obj is NULL, no operation is performed.
- *
- * \param obj - pointer to the released memory
- */
-extern void zrtp_sys_free(void* obj);
-
-/**
- * \brief Memory copying function.
- *
- * This function copies \c length bytes from memory area \c src to memory area \c dest. The memory
- * areas should not overlap.
- *
- * \param dest - pointer to the destination buffer
- * \param src - pointer to the source buffer;
- * \param length - number of bytes to be copied.
- * \return
- * - pointer to the destination buffer (dest)
- */
-extern void* zrtp_memcpy(void* dest, const void* src, unsigned int length);
-
-/**
- * \brief Write a byte to a byte string
- *
- * The zrtp_memset() function writes \c n bytes of value \c c (converted to an unsigned char) to the
- * string \c s.
- * \return
- * - first argument
- */
-extern void *zrtp_memset(void *s, int c, unsigned int n);
-
-/**
- * \brief Returns current date and time
- *
- * This function should return current unix-like date and time: number of microseconds since
- * 1.1.1970.
- */
-extern zrtp_time_t zrtp_time_now();
-
-/** \} */
-
-/*============================================================================*/
-/* Mutex related interfaces */
-/*============================================================================*/
-
-/**
- * \defgroup zrtp_iface_mutex Synchronization related functions
- * \ingroup zrtp_iface
- * \{
- */
-
-/**
- * \brief Initializing the mutex structure
- *
- * This function allocates and initializes the mutex referenced by \c mutex with default attributes.
- * Upon successful initialization, the state of the mutex becomes initialized and unlocked. This
- * function should create a NON RECURSIVE mutex. (Attempting to relock the mutex causes deadlock)
- *
- * \param mutex - out parameter, mutex structure for allocation and initialization
- * \return:
- * - zrtp_status_ok if initialization successful;
- * - zrtp_status_fail if an error occurred.
- * \sa zrtp_mutex_destroy()
- */
-extern zrtp_status_t zrtp_mutex_init(zrtp_mutex_t** mutex);
-
-/**
- * \brief Deinitializing the mutex structure
- *
- * This function destroys the mutex object previously allocated by zrtp_mutex_init().
- *
- * \param mutex - mutex structure for deinitialization.
- * \return:
- * - zrtp_status_ok if deinitialization successful;
- * - zrtp_status_fail if an error occurred.
- * \sa zrtp_mutex_init()
- */
- extern zrtp_status_t zrtp_mutex_destroy(zrtp_mutex_t* mutex);
-
-/**
- * \brief Mutex locking
- *
- * This function locks the mutex object referenced by \c mutex. If the mutex is already locked, the
- * thread that called it is blocked until the mutex becomes available. This operation returns the
- * mutex object referenced by the mutex in the locked state with the calling thread as its owner.
- *
- * \param mutex - mutex for locking;
- * \return:
- * - zrtp_status_ok if successful;
- * - zrtp_status_fail if an error occurred.
- */
-extern zrtp_status_t zrtp_mutex_lock(zrtp_mutex_t* mutex);
-
-/**
- * \brief Mutex releasing
- *
- * This function releases the mutex object referenced by mutex. The way a mutex is released depends
- * on the mutex's type attribute. If there are threads blocked on the mutex object referenced by
- * mutex when zrtp_mutex_unlock() is called and the mutex becomes available, the scheduling policy
- * determines which thread acquires the mutex.
- *
- * \param mutex - mutex to release
- * \return:
- * - zrtp_status_ok if successful;
- * - zrtp_status_fail if an error occurred.
- */
-extern zrtp_status_t zrtp_mutex_unlock(zrtp_mutex_t* mutex);
-
-/*! \} */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* __ZRTP_IFACE_SYSTEM_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_LEGAL_H__
-#define __ZRTP_LEGAL_H__
-
-
-/*
- * We want the copyright string accessable to the unix strings command in
- * the linked binary, and don't want the linker to remove it if it's not
- * referenced, thus the volatile qualifier.
- *
- * ANSI C standard, section 3.5.3: "An object that has volatile-qualified
- * type may be modified in ways unknown to the implementation or have
- * other unknown side effects."
- */
-extern volatile const char zrtpCopyright[];
-
-#endif /*__ZRTP_LEGAL_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-#ifndef __ZRTP_LIST_H__
-#define __ZRTP_LIST_H__
-
-#include "zrtp_config.h"
-
-typedef struct mlist mlist_t;
-struct mlist
-{
- mlist_t *next;
- mlist_t *prev;
-};
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/*
- * \warning
- * We cast pointer to integer. There is bad thing for 64 bit platforms but
- * calculated offset couldn't be bigger then 2x32 and it will be casted
- * to integer correctly.
- */
-#define mlist_list_offset(type, list_name) ((size_t)&(((type*)0)->list_name))
-
-#define mlist_get_struct(type, list_name, list_ptr) \
- ((type*)(((char*)(list_ptr)) - mlist_list_offset(type,list_name)))
-
-#define mlist_for_each(pos, head) \
- for (pos = (head)->next; pos != (head); pos = pos->next)
-
-#define mlist_for_each_safe(pos, n, head) \
- for (pos = (head)->next, n = pos->next; pos != (head); \
- pos = n, n = pos->next)
-
-void init_mlist(mlist_t* head);
-
-void mlist_add(mlist_t* head, mlist_t* node);
-void mlist_add_tail(mlist_t *head, mlist_t *node);
-
-void mlist_insert(mlist_t *prev, mlist_t *node);
-
-void mlist_del(mlist_t *node);
-void mlist_del_tail(mlist_t *node);
-
-mlist_t* mlist_get(mlist_t *head);
-mlist_t* mlist_get_tail(mlist_t *head);
-
-int mlist_isempty(mlist_t *head);
-
-#if defined(__cplusplus)
-}
-#endif
-
-
-#endif /*__ZRTP_LIST_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_LOG_H__
-#define __ZRTP_LOG_H__
-
-#include "zrtp_config.h"
-#include "zrtp_types.h"
-#include "zrtp_base.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define ZRTP_LOG_SENDER_MAX_LEN 12
-#define ZRTP_LOG_BUFFER_SIZE 512
-
-
-/*!
- * \defgroup iface_log Functions for debug and information logging
- * \ingroup interfaces
- * \{
- */
-
-/**
- * @brief Write log message.
- * This is the main macro used to write text to the logging backend.
- * @param level The logging verbosity level. Lower number indicates higher
- * importance, with level zero indicates fatal error. Only
- * numeral argument is permitted (e.g. not variable).
- * @param arg Enclosed 'printf' like arguments, with the first
- * argument is the sender, the second argument is format
- * string and the following arguments are variable number of
- * arguments suitable for the format string.
- *
- * Sample:
- * @code
- * ZRTP_LOG(2, (__UNITE__, "Some log message with id %d", id));
- * @endcode
- */
-
-#define ZRTP_LOG(level,arg) do { \
-zrtp_log_wrapper_##level(arg); \
-} while (0)
-
-#define ZRTP_LOGC(level,arg) do { \
-zrtp_log_wrapperc_##level(arg); \
-} while (0)
-
-
-/**
- * @brief Signature for function to be registered to the logging subsystem to
- * write the actual log message to some output device.
- *
- * @param level Log level.
- * @param data Log message, which will be NULL terminated.
- * @param len Message length. (prefix + text)
- * @param offset Log message prefix length
- */
-typedef void zrtp_log_engine(int level, char *data, int len, int offset);
-
-
-#if ZRTP_LOG_MAX_LEVEL >= 1
-
-/**
- * @brief Changes default log writer function.
- * This function may be used to implement log writer in a way native for target
- * OS or product. By default libzrtp uses console output.
- * @param engine - log writer.
- */
-void zrtp_log_set_log_engine(zrtp_log_engine *engine);
-
-/**
- * @brief Changes Log-Level in run-time mode
- * Libzrtp uses 3 log levels:
- * - 1 - system related errors;
- * - 2 - security, ZRTP protocol related errors and warnings;
- * - 3 - debug logging.
- * By default, libzrtp uses debug logging - level 3.
- * @param level - log level.
- */
-void zrtp_log_set_level(uint32_t level);
-
-/* \} */
-
-#else /* If logger is enabled */
-
-# define zrtp_log_set_log_engine(engine)
-# define zrtp_log_set_level(level)
-
-#endif /* If logger is enabled */
-
-
-#if ZRTP_LOG_MAX_LEVEL >= 1
-# define zrtp_log_wrapper_1(arg) zrtp_log_1 arg
- void zrtp_log_1(const char *src, const char *format, ...);
-# define zrtp_log_wrapperc_1(arg) zrtp_logc_1 arg
- void zrtp_logc_1(const char *format, ...);
-#else
-# define zrtp_log_wrapper_1(arg)
-# define zrtp_log_wrapperc_1(arg)
-#endif
-
-#if ZRTP_LOG_MAX_LEVEL >= 2
-# define zrtp_log_wrapper_2(arg) zrtp_log_2 arg
- void zrtp_log_2(const char *src, const char *format, ...);
-# define zrtp_log_wrapperc_2(arg) zrtp_logc_2 arg
- void zrtp_logc_2(const char *format, ...);
-#else
-#define zrtp_log_wrapper_2(arg)
-#define zrtp_log_wrapperc_2(arg)
-#endif
-
-#if ZRTP_LOG_MAX_LEVEL >= 3
-# define zrtp_log_wrapper_3(arg) zrtp_log_3 arg
- void zrtp_log_3(const char *src, const char *format, ...);
-# define zrtp_log_wrapperc_3(arg) zrtp_logc_3 arg
- void zrtp_logc_3(const char *format, ...);
-
-#else
-# define zrtp_log_wrapper_3(arg)
-# define zrtp_log_wrapperc_3(arg)
-#endif
-
-const char* zrtp_log_error2str(zrtp_protocol_error_t error);
-const char* zrtp_log_status2str(zrtp_status_t error);
-
-/** Returns symbolical name of ZRTP protocol state for the current stream. */
-const char* zrtp_log_state2str(zrtp_state_t state);
-
-/** Returns symbolical name of ZXRTP protocol packet by it's code. */
-const char* zrtp_log_pkt2str(zrtp_msg_type_t type);
-
-/** Returns symbolical name of the PK Exchange mode for the current stream. */
-const char* zrtp_log_mode2str(zrtp_stream_mode_t mode);
-
-/** Returns symbolical name of the protocol and security events. */
-const char* zrtp_log_event2str(uint8_t event);
-
-/**
- * Returns character name of the Signaling role.
- *
- * @param role One of zrtp_signaling_role_t values.
- * @return character name of the \c role.
- */
-const char* zrtp_log_sign_role2str(unsigned role);
-
-
-/** Print out ZRTP environment configuration setting to log level 3. */
-void zrtp_print_env_settings();
-
-/** Print out ZRTP stream info strxucture. (use ZRTP log-level 3). */
-void zrtp_log_print_streaminfo(zrtp_stream_info_t* info);
-
-/** Print out ZRTP session info structure. (use ZRTP log-level 3). */
-void zrtp_log_print_sessioninfo(zrtp_session_info_t* info);
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* __ZRTP_LOG_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-/**
- * \file zrtp_pbx.h
- * \brief Defines basic Functions to work with MiTM endpoints
- */
-
-#ifndef __ZRTP_PBX_H__
-#define __ZRTP_PBX_H__
-
-#include "zrtp_config.h"
-#include "zrtp_types.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/**
- * \defgroup zrtp_api_mitm PBX related functions and data types
- * \ingroup zrtp_api
- *
- * In this section the basic functions for using the library in MiTM mode
- * environment. Asterisk PBX, for example.
- * \{
- */
-
-/**
- * \brief Start ZRTP enrollment ritual on Server side
- *
- * This is the equivalent of zrtp_stream_start() but for MiTM endpoints. By calling
- * zrtp_stream_registration_start() libzrtp prepares to engage in the enrollment ritual: send
- * special flag in Confirm packet and prepare for generating the MiTM secret.
- * \return
- * - zrtp_status_ok - if operation started successfully;
- * - one of zrtp_status_t errorrs in other case.
- * \sa zrtp_callback_event_t#on_zrtp_protocol_event
- * \sa zrtp_event_t (PBX related definitions)
- */
-zrtp_status_t zrtp_stream_registration_start(zrtp_stream_t* stream, uint32_t ssrc);
-
-/**
- * \brief Continue ZRTP enrollment ritual (from CLEAR state) on Server side.
- *
- * This is equivalent to zrtp_stream_secure() but with enrollment ritual. Use this function instead
- * of zrtp_stream_registration_start() in case when "autosecure" option is disabled for some reason.
- * \return
- * - zrtp_status_ok - if operation started successfully;
- * - one of zrtp_status_t errorrs in other case.
- */
-zrtp_status_t zrtp_stream_registration_secure(zrtp_stream_t* stream);
-
-/**
- * \brief Confirms enrollment ritual on Client side
- *
- * Invocation of this function by event zrtp_protocol_event_t#ZRTP_EVENT_IS_CLIENT_ENROLLMENT
- * confirms enrollment process; libzrtp generates special secret which will be used to "Sign" all
- * further calls with the trusted MiTM.
- * \return
- * - zrtp_status_ok - in case when enrollment was completed successfully;
- * - zrtp_status_fail - in case of error: wrong protocol state or system error.
- */
-zrtp_status_t zrtp_register_with_trusted_mitm(zrtp_stream_t* stream);
-
-/**
- * \brief Automatically handle ZRTP call in PBX environment
- *
- * This function may be called to handle ZRTP call between two ZRTP endpoints through PBX. As
- * described in ID sec 8.3., there are several problems with ZRTP in PBX environment.
- * zrtp_resolve_mitm_call() implements several steps to resolve such problems:
- * - detect enrolled and non enrolled endpoint. If both sides are enrolled - one side for the SAS
- * transfer will be chousen automatically;
- * - start SAS transfer with the enrolled endpoint;
- * - update flags and SAS rendering scheme if necessary.
- * In other words: After switching to SECURE state, this is the one function which ZRTP MiTM
- * endpoint should call to handle ZRTP call correctly. If you want to have more flexability in MiTM
- * mode - resolve ambiguity manually using functions listed below.
- * \param stream1 - one party of ZRTP call (must be in secure state already);
- * \param stream2 - other party of ZRTP call (must be in secure state already).
- * \return
- * - zrtp_status_ok - if operation started successfully;
- * - one of zrtp_status_t errors in other case.
- * \ref XXX_DRAFT, XXX_GUIDE
- */
-zrtp_status_t zrtp_resolve_mitm_call(zrtp_stream_t* stream1, zrtp_stream_t* stream2);
-
-/**
- * @brief Links two lags of Trusted ZRTP MiTM call together.
- *
- * This function allows libzrtp2 to optimize protocol behavior of one leg depending on the state and
- * parameters of the other lag. MitM boxes should use this API whenever possible.
- *
- * @param stream1 - one leg of the trusted MiTM call;
- * @param stream2 - another leg of the trusted MiTM call.
- *
- * @return zrtp_status_ok in case of success.
- */
-zrtp_status_t zrtp_link_mitm_calls(zrtp_stream_t* stream1, zrtp_stream_t* stream2);
-
-/**
- * \brief Updates remote-side SAS value and rendering scheme
- *
- * zrtp_update_remote_sas() initiates process of "SAS transferring" between trusted MiTM and user.
- * It allows to change as SAS rendering scheme as a SAS value and related flags as well. It the MiTM
- * needs to update just one of the parameters - the other one should be set to NULL. libzrtp informs
- * about status of the SAS updating through zrtp_protocol_event_t::ZRTP_EVENT_REMOTE_SAS_UPDATED.
- * Call this function in SECURE state only.
- * \param stream - zrtp endpoint stream to update;
- * \param transf_sas_scheme - chosen SAS rendering scheme;
- * \param transf_sas_value - relaying SAS value (full sas hash);
- * \param transf_ac_flag - relaying "allowclear" flag;
- * \param transf_d_flag - relaying "disclose" flag.
- * \return
- * - zrtp_status_ok - if operation started successfully;
- * - one of zrtp_status_t errors in other case.
- */
-zrtp_status_t zrtp_update_remote_options( zrtp_stream_t* stream,
- zrtp_sas_id_t transf_sas_scheme,
- zrtp_string32_t* transf_sas_value,
- uint8_t transf_ac_flag,
- uint8_t transf_d_flag );
-
-/**
- * \brief Check if user at the end of the stream \c stream is enrolled
- * \param stream - stream for examining.
- * \return: 1 if user is enrolled and 0 in other case
- */
-uint8_t zrtp_is_user_enrolled(zrtp_stream_t* stream);
-
-/**
- * \brief Choose single enrolled stream from two enrolled
- *
- * This function may be used to resolve ambiguity with call transferring between two enrolled users.
- * \return stream which shuld be used for SAS transferring
- */
-zrtp_stream_t* zrtp_choose_one_enrolled(zrtp_stream_t* stream1, zrtp_stream_t* stream2);
-
-/* \} */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_PROTOCOL_H__
-#define __ZRTP_PROTOCOL_H__
-
-#include "zrtp_config.h"
-#include "zrtp_types.h"
-#include "zrtp_error.h"
-
-#if defined(_MSC_VER)
-#pragma warning(disable:4214)
-#endif
-
-/*!
- * \defgroup dev_protocol Protocol related data types and definitions
- * \ingroup zrtp_dev
- * \{
- */
-
-/*! ZRTP Protocol version, retransmitted in HELLO packets */
-#define ZRTP_PROTOCOL_VERSION "1.10"
-#define ZRTP_PROTOCOL_VERSION_VALUE 110
-
-#define ZRTP_ZFONE_PROTOCOL_VERSION "0.10"
-#define ZRTP_ZFONE_PROTOCOL_VERSION_VALUE 10
-
-/*
- * Protocol constants and definitions. All these values are defined by the ZRTP
- * specification <A HREF="http://zfoneproject.com/zrtp_ietf.html">"ZRTP Internet Draft"</A>.
- * Don't change them!
- */
-#define ZRTP_S384 "S384"
-#define ZRTP_S256 "S256"
-#define ZRTP_S160 "S160"
-#define ZRTP_AES1 "AES1"
-#define ZRTP_AES3 "AES3"
-#define ZRTP_HS32 "HS32"
-#define ZRTP_HS80 "HS80"
-#define ZRTP_DH2K "DH2k"
-#define ZRTP_DH3K "DH3k"
-#define ZRTP_EC256P "EC25"
-#define ZRTP_EC384P "EC38"
-#define ZRTP_EC521P "EC52"
-#define ZRTP_MULT "Mult"
-#define ZRTP_PRESHARED "Prsh"
-#define ZRTP_B32 "B32 "
-#define ZRTP_B256 "B256"
-
-#define ZRTP_ROLE_INITIATOR "Initiator"
-#define ZRTP_ROLE_RESPONDER "Responder"
-#define ZRTP_INITIATOR_HMAKKEY_STR "Initiator HMAC key"
-#define ZRTP_RESPONDER_HMAKKEY_STR "Responder HMAC key"
-#define ZRTP_GOCLEAR_STR "GoClear"
-#define ZRTP_INITIATOR_KEY_STR "Initiator SRTP master key"
-#define ZRTP_INITIATOR_SALT_STR "Initiator SRTP master salt"
-#define ZRTP_RESPONDER_KEY_STR "Responder SRTP master key"
-#define ZRTP_RESPONDER_SALT_STR "Responder SRTP master salt"
-#define ZRTP_SKEY_STR "ZRTP Session Key"
-#define ZRTP_SAS_STR "SAS"
-#define ZRTP_RS_STR "retained secret"
-#define ZRTP_INITIATOR_ZRTPKEY_STR "Initiator ZRTP key"
-#define ZRTP_RESPONDER_ZRTPKEY_STR "Responder ZRTP key"
-#define ZRTP_CLEAR_HMAC_STR "GoClear"
-#define ZRTP_KDF_STR "ZRTP-HMAC-KDF"
-#define ZRTP_SESS_STR "ZRTP Session Key"
-#define ZRTP_MULTI_STR "ZRTP MSK"
-#define ZRTP_PRESH_STR "ZRTP PSK"
-#define ZRTP_TRUSTMITMKEY_STR "Trusted MiTM key"
-#define ZRTP_COMMIT_HV_KEY_STR "Prsh"
-
-#define ZRTP_CACHE_DEFAULT_TTL (30*24*60*60)
-
-/** ZRTP Message magic Cookie */
-#define ZRTP_PACKETS_MAGIC 0x5a525450L
-/** Defines ZRTP extension type for RTP protocol */
-#define ZRTP_MESSAGE_MAGIC 0x505a
-
-
-/**
- * @brief Retransmission timer T1 in milliseconds
- * T1 is used for the retransmission of Hello messages. The HELLO timeout is
- * doubled each time a resend occurs. The gain (max timeout value) is limited
- * by @ref ZRTP_T1_CAPPING. After reaching \c ZRTP_T1_CAPPING, the state machine
- * keeps resending HELLO packets until the resend count is less than \ref
- * ZRTP_T1_MAX_COUNT
- * @sa ZRTP_T1_MAX_COUNT ZRTP_T1_CAPPING
- */
-
-#define ZRTP_T1 50
-
-/*!
- * \brief Max resends count value for T1 timer
- * This is the threshold value for HELLO replays. See \ref ZRTP_T1 ZRTP_T1 for
- * details. If the resend count exceeds the value of ZRTP_T1_MAX_COUNT then
- * the state machine calls _zrtp_machine_enter_initiatingerror() with error code \ref
- * zrtp_protocol_error_t#zrtp_error_timeout and ZRTP session establishment is
- * failed.
- */
-#define ZRTP_T1_MAX_COUNT 20
-
-/*!
- * \brief Max resends count value for T1 timer for cases when local side have
- * received remote Hello. Libzrtp uses this extended number of retries when there
- * is an evidence, that remote side supports ZRTP protocol (remote Hello received).
- * This approach allows to eliminate problem when ZRTP state-machine switches to
- * NO_ZRTP state while remote side is computing his initial DH value. (especially
- * important for slow devices)
- */
-#define ZRTP_T1_MAX_COUNT_EXT 60
-
-/*! Hello retries counter for ZRTP_EVENT_NO_ZRTP_QUICK event */
-#define ZRTP_NO_ZRTP_FAST_COUNT 5
-
-/*!
- * \brief Max T1 timeout
- * ZRTP_T1_MAX_COUNT is the threshold for the growth of the timeout value of
- * HELLO resends. See \ref ZRTP_T1 for details.
- */
-#define ZRTP_T1_CAPPING 200
-
-/*!
- * \brief ZRTP stream initiation period in milliseconds
- * If for some reason the initiation of a secure ZRTP stream can't be performed
- * at a given time (there are no retained secrets for the session, or the
- * concurrent stream is being processed in "DH" mode) the next attempt will be
- * done in ZRTP_PROCESS_T1 milliseconds. If at the end of ZRTP_PROCESS_T1_MAX_COUNT
- * attempts the necessary conditions haven't been reached, the task is canceled.
- * The mechanism of delayed execution is the same as the mechanism of delayed
- * packet sending. \sa ZRTP_PROCESS_T1_MAX_COUNT
- */
-#define ZRTP_PROCESS_T1 50
-
-/*!
- * \brief Max recall count value
- * This is the threshold value for ZRTP stream initiation tries. See \ref
- * ZRTP_PROCESS_T1 for details.
-*/
-#define ZRTP_PROCESS_T1_MAX_COUNT 20000
-
-/*!
- * \brief Retransmission timer T2 in milliseconds
- * T2 is used for the retransmission of all ZRTP messages except HELLO. The
- * timeout value is doubled after every retransmission. The gain (max timeout's
- * value) is limited by \ref ZRTP_T2_CAPPING. \ref ZRTP_T2_MAX_COUNT is the limit
- * for packets resent as for \ref ZRTP_T1.
- */
-#define ZRTP_T2 150
-
-/*!
- * \brief Max retransmissions for non-HELLO packets
- * ZRTP_T2_MAX_COUNT limits number of resends for the non-HELLO/GOCLEAR packets.
- * When exceeded, call_is_on_error() is called and the error code is set to
- * \ref zrtp_protocol_error_t#zrtp_error_timeout
- */
-#define ZRTP_T2_MAX_COUNT 10
-
-
-/*!
- * \brief Max timeout value for protocol packets (except HELLO and GOCLEAR)
- * The resend timeout value grows until it reaches ZRTP_T2_CAPPING. After that
- * the state machine keeps resending until the resend count hits the limit of
- * \ref ZRTP_T2_MAX_COUNT
- */
-#define ZRTP_T2_CAPPING 1200
-
-/*!
- * \brief Retransmission timer for GoClear resending in milliseconds.
- * To prevent pinholes from closing or NAT bindings from expiring, the GoClear
- * message should be resent every N seconds while waiting for confirmation from
- * the user. GoClear replays are endless.
- */
-#define ZRTP_T3 300
-
-/*!
- * \brief Set of timeouts for Error packet replays.
- * The meaning of these fields are the same as in the T1 group but for
- * Error/ErrorAck packets. The values of these options are not strongly
- * defined by the draft. We use empirical values.
- */
-#define ZRTP_ET 150
-#define ZRTP_ETI_MAX_COUNT 10
-#define ZRTP_ETR_MAX_COUNT 3
-
-/* ZRTP Retries schedule for slow CSD channel */
-#define ZRTP_CSD_T4PROC 2000
-
-#define ZRTP_CSD_T1 400 + ZRTP_CSD_T4PROC
-#define ZRTP_CSD_T2 900 + ZRTP_CSD_T4PROC
-#define ZRTP_CSD_T3 900 + ZRTP_CSD_T4PROC
-#define ZRTP_CSD_T4 200 + ZRTP_CSD_T4PROC
-#define ZRTP_CSD_ET 200 + ZRTP_CSD_T4PROC
-
-
-/*! Defines the max component number which can be used in a HELLO agreement */
-#define ZRTP_MAX_COMP_COUNT 7
-
-
-/*
- * Some definitions of protocol structure sizes. To simplify sizeof() constructions
- */
-#define ZRTP_VERSION_SIZE 4
-#define ZRTP_ZID_SIZE 12
-#define ZRTP_CLIENTID_SIZE 16
-#define ZRTP_COMP_TYPE_SIZE 4
-#define ZRTP_RS_SIZE 32
-#define ZRTP_RSID_SIZE 8
-#define ZRTP_PACKET_TYPE_SIZE 8
-#define RTP_V2_HDR_SIZE 12
-#define RTP_HDR_SIZE RTP_V2_HDR_SIZE
-#define RTCP_HDR_SIZE 8
-#define ZRTP_HV_SIZE 32
-#define ZRTP_HV_NONCE_SIZE 16
-#define ZRTP_HV_KEY_SIZE 8
-#define ZRTP_HMAC_SIZE 8
-#define ZRTP_CFBIV_SIZE 16
-#define ZRTP_MITM_SAS_SIZE 4
-#define ZRTP_MESSAGE_HASH_SIZE 32
-#define ZRTP_HASH_SIZE 32
-
-/* Without header and HMAC: <verison> + <client ID> + <hash> + <ZID> + <components length> */
-#define ZRTP_HELLO_STATIC_SIZE (ZRTP_VERSION_SIZE + ZRTP_CLIENTID_SIZE + 32 + ZRTP_ZID_SIZE + 4)
-
-/* Without header and HMAC: <hash> + <secrets IDs> */
-#define ZRTP_DH_STATIC_SIZE (32 + 4*8)
-
-/* Without header and HMAC: <hash> + <ZID> + <components definitions> */
-#define ZRTP_COMMIT_STATIC_SIZE (32 + ZRTP_ZID_SIZE + 4*5)
-
-/* <RTP> + <ext. header> + <ZRTP message type> + CRC32 */
-#define ZRTP_MIN_PACKET_LENGTH (RTP_HDR_SIZE + 4 + 8 + 4)
-
-
-#if ( ZRTP_PLATFORM != ZP_SYMBIAN )
- #pragma pack(push,1)
-#endif
-
-
-
-/** Base ZRTP messages header */
-typedef struct zrtp_msg_hdr
-{
- /** ZRTP magic cookie */
- uint16_t magic;
-
- /** ZRTP message length in 4-byte words */
- uint16_t length;
-
- /** ZRTP message type */
- zrtp_uchar8_t type;
-} zrtp_msg_hdr_t;
-
-/*!
- * \brief ZRTP HELLO packet data
- * Contains fields needed to construct/store a ZRTP HELLO packet
- */
-typedef struct zrtp_packet_Hello
-{
- zrtp_msg_hdr_t hdr;
- /** ZRTP protocol version */
- zrtp_uchar4_t version;
-
- /** ZRTP client ID */
- zrtp_uchar16_t cliend_id;
-
- /*!< Hash to prevent DOS attacks */
- zrtp_uchar32_t hash;
-
- /** Endpoint unique ID */
- zrtp_uchar12_t zid;
-#if ZRTP_BYTE_ORDER == ZBO_LITTLE_ENDIAN
- uint8_t padding2:4;
-
- /** Passive flag */
- uint8_t pasive:1;
-
- /** M flag */
- uint8_t mitmflag:1;
-
- /** Signature support flag */
- uint8_t sigflag:1;
-
- uint8_t uflag:1;
-
- /** Hash scheme count */
- uint8_t hc:4;
- uint8_t padding3:4;
-
- /** Cipher count */
- uint8_t ac:4;
-
- /** Hash scheme count */
- uint8_t cc:4;
-
- /** SAS scheme count */
- uint8_t sc:4;
-
- /** PK Type count */
- uint8_t kc:4;
-#elif ZRTP_BYTE_ORDER == ZBO_BIG_ENDIAN
- uint8_t uflag:1;
- uint8_t sigflag:1;
- uint8_t mitmflag:1;
- uint8_t pasive:1;
- uint8_t padding2:4;
- uint8_t padding3:4;
- uint8_t hc:4;
- uint8_t cc:4;
- uint8_t ac:4;
- uint8_t kc:4;
- uint8_t sc:4;
-#endif
-
- zrtp_uchar4_t comp[ZRTP_MAX_COMP_COUNT*5];
- zrtp_uchar8_t hmac;
-} zrtp_packet_Hello_t;
-
-
-/**
- * @brief ZRTP COMMIT packet data
- * Contains information to build/store a ZRTP commit packet.
- */
-typedef struct zrtp_packet_Commit
-{
- zrtp_msg_hdr_t hdr;
-
- /** Hash to prevent DOS attacks */
- zrtp_uchar32_t hash;
-
- /** ZRTP endpoint unique ID */
- zrtp_uchar12_t zid;
-
- /** hash calculations schemes selected by ZRTP endpoint */
- zrtp_uchar4_t hash_type;
-
- /** cipher types selected by ZRTP endpoint */
- zrtp_uchar4_t cipher_type;
-
- /** SRTP auth tag lengths selected by ZRTP endpoint */
- zrtp_uchar4_t auth_tag_length;
-
- /** session key exchange schemes selected by endpoints */
- zrtp_uchar4_t public_key_type;
-
- /** SAS calculation schemes selected by endpoint*/
- zrtp_uchar4_t sas_type;
- /** hvi. See <A HREF="http://zfoneproject.com/zrtp_ietf.html">"ZRTP Internet Draft"</A> */
- zrtp_uchar32_t hv;
- zrtp_uchar8_t hmac;
-} zrtp_packet_Commit_t;
-
-
-/**
- * @brief ZRTP DH1/2 packets data
- * Contains fields needed to constructing/storing ZRTP DH1/2 packet.
- */
-typedef struct zrtp_packet_DHPart
-{
- zrtp_msg_hdr_t hdr;
-
- /** Hash to prevent DOS attacks */
- zrtp_uchar32_t hash;
-
- /** hash of retained shared secret 1 */
- zrtp_uchar8_t rs1ID;
-
- /** hash of retained shared secret 2 */
- zrtp_uchar8_t rs2ID;
-
- /** hash of user-defined secret */
- zrtp_uchar8_t auxsID;
-
- /** hash of PBX secret */
- zrtp_uchar8_t pbxsID;
-
- /** pvi/pvr or nonce field depends on stream mode */
- zrtp_uchar1024_t pv;
- zrtp_uchar8_t hmac;
-} zrtp_packet_DHPart_t;
-
-
-/**
- * @brief ZRTP Confirm1/Confirm2 packets data
- */
-typedef struct zrtp_packet_Confirm
-{
- zrtp_msg_hdr_t hdr;
-
- /** HMAC of preceding parameters */
- zrtp_uchar8_t hmac;
-
- /** The CFB Initialization Vector is a 128 bit random nonce */
- zrtp_uchar16_t iv;
-
- /** Hash to prevent DOS attacks */
- zrtp_uchar32_t hash;
-
- /** Unused (Set to zero and ignored) */
- uint8_t pad[2];
-
- /** Length of optional signature field */
- uint8_t sig_length;
-
- /** boolean flags for allowclear, SAS verified and disclose */
- uint8_t flags;
-
- /** how long (seconds) to cache shared secret */
- uint32_t expired_interval;
-} zrtp_packet_Confirm_t;
-
-
-/**
- * @brief ZRTP Confirm1/Confirm2 packets data
- */
-typedef struct zrtp_packet_SASRelay
-{
- zrtp_msg_hdr_t hdr;
-
- /** HMAC of preceding parameters */
- zrtp_uchar8_t hmac;
-
- /** The CFB Initialization Vector is a 128 bit random nonce */
- zrtp_uchar16_t iv;
-
- /** Unused (Set to zero and ignored) */
- uint8_t pad[2];
-
- /** Length of optionas signature field */
- uint8_t sig_length;
-
- /** boolean flags for allowclear, SAS verified and disclose */
- uint8_t flags;
-
- /** Rendering scheme of relayed sasvalue (for trusted MitMs) */
- zrtp_uchar4_t sas_scheme;
-
- /** Trusted MITM relayed sashash */
- uint8_t sashash[32];
-} zrtp_packet_SASRelay_t;
-
-
-/**
- * @brief GoClear packet structure according to ZRTP specification
- */
-typedef struct zrtp_packet_GoClear
-{
- zrtp_msg_hdr_t hdr;
-
- /** Clear HMAC to protect SRTP session from accidental termination */
- zrtp_uchar8_t clear_hmac;
-} zrtp_packet_GoClear_t;
-
-
-/**
- * @brief Error packet structure in accordance with ZRTP specification
- */
-typedef struct zrtp_packet_Error
-{
- zrtp_msg_hdr_t hdr;
-
- /** ZRTP error code defined by draft and \ref zrtp_protocol_error_t */
- uint32_t code;
-} zrtp_packet_Error_t;
-
-/** ZFone Ping Message. Similar to ZRTP protocol packet format */
-typedef struct
-{
- zrtp_msg_hdr_t hdr;
- zrtp_uchar4_t version; /** Zfone discovery protocol version */
- zrtp_uchar8_t endpointhash; /** Zfone endpoint unique identifier */
-} zrtp_packet_zfoneping_t;
-
-/** ZFone Ping MessageAck. Similar to ZRTP protocol packet format */
-typedef struct
-{
- zrtp_msg_hdr_t hdr;
- zrtp_uchar4_t version; /** Zfone discovery protocol version */
- zrtp_uchar8_t endpointhash; /** Zfone endpoint unique identifier */
- zrtp_uchar8_t peerendpointhash; /** EndpointHash copied from Ping message */
- uint32_t peerssrc;
-} zrtp_packet_zfonepingack_t;
-
-/*! \} */
-
-#if ( ZRTP_PLATFORM != ZP_SYMBIAN )
- #pragma pack(pop)
-#endif
-
-#endif /*__ZRTP_PROTOCOL_H__*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Vitaly Rozhkov <v.rozhkov at soft-industry.com>
- */
-
-#ifndef __ZRTP_SRTP_H__
-#define __ZRTP_SRTP_H__
-
-#include "zrtp_config.h"
-#include "zrtp_error.h"
-#include "zrtp_types.h"
-#include "zrtp_crypto.h"
-
-
-/* in host order, so outside the #if */
-#define ZRTP_RTCP_E_BIT 0x80000000
-/* for byte-access */
-#define ZRTP_RTCP_E_BYTE_BIT 0x80
-#define ZRTP_RTCP_INDEX_MASK 0x7fffffff
-
-
-/*!
- * \defgroup srtp SRTP encryption interface
- * \ingroup zrtp_dev
- * \{
- */
-
-/* Special types and definitions for the embedded implementation */
-#if (!defined(ZRTP_USE_EXTERN_SRTP) || (ZRTP_USE_EXTERN_SRTP == 0))
-#include "zrtp_srtp_builtin.h"
-
-/*!
- * \brief Structure describing an SRTP session.
- * An instance of this structure is created by calling zrtp_srtp_create()
- * and destroyed by calling zrtp_srtp_destroy(). It is used for
- * protecting and unprotecting included streams.
- */
-struct zrtp_srtp_ctx_t
-{
- zrtp_srtp_stream_ctx_t *outgoing_srtp; /*!< pointer to outgoing SRTP stream context */
- zrtp_srtp_stream_ctx_t *incoming_srtp; /*!< pointer to incoming SRTP stream context */
-};
-
-/*!
- * \brief Global context of an internal SRTP implementation.
- * It is created by calling zrtp_srtp_init() and destroyed by calling zrtp_srtp_down().
- * This context is used for holding replay protection mechanism data.
- */
-typedef struct
-{
- zrtp_rp_ctx_t *rp_ctx; /*!< pointer to replay protection context. */
-} zrtp_srtp_global_t;
-
-#else
-typedef void zrtp_srtp_global_t;
-#endif /* BUILDIN SRTP */
-
-/*! Defines types of SRTP hmac functions */
-typedef enum zrtp_srtp_hash_id_t
-{
- /*!
- * @warning SHA1 hash algorithm is for internal use only! It used for srtp authentication and does
- * not used in ZRTP protocol itself. Don't use it in \ref zrtp_profile_t#hash_schemes configuration.
- */
- ZRTP_SRTP_HASH_HMAC_SHA1 = 10
-} zrtp_srtp_hash_id_t;
-
-
-/*!
- * \brief Structure describing SRTP/SRTCP stream parameters.
- */
-typedef struct
-{
- /*!< Cipher used to encrypt packets */
- zrtp_cipher_t *cipher;
- /*!
- * \brief Cipher key length in bytes (not including salt length).
- * Used for cipher key derivation on stream initialization
- * by calling \ref zrtp_srtp_create().
- */
- uint32_t cipher_key_len;
-
- /*!< Hash used for packets authentication */
- zrtp_hash_t *hash;
-
- /*!
- * \brief Key length in bytes for HMAC generation.
- * Used for auth key derivation on stream initialization by calling \ref
- * zrtp_srtp_create() and for filling the key buffer with zeros on
- * stream deinitialization by calling \ref zrtp_srtp_destroy().
- */
- uint32_t auth_key_len;
-
- /*!< Structure describing SRTP authentication scheme */
- zrtp_auth_tag_length_t *auth_tag_len;
-} zrtp_srtp_policy_t;
-
-
-/*!
- * \brief Structure describing SRTP stream parameters.
- * Variables of this type should be mapped into the SRTP stream context when
- * a new stream is created.
- */
-typedef struct
-{
- zrtp_srtp_policy_t rtp_policy; /*!< crypto policy for RTP stream */
- zrtp_srtp_policy_t rtcp_policy; /*!< crypto policy for RTCP stream */
-
- zrtp_cipher_t *dk_cipher; /*!< cipher for the key derivation mechanism */
-
- /*!< Master key for key derivation. (holds the key value only, without the salt) */
- zrtp_string64_t key;
- /*!< Master salt for key derivation. (salt should be 14 bytes length) */
- zrtp_string64_t salt;
-
- uint16_t ssrc;
-} zrtp_srtp_profile_t;
-
-
-/*!
- * \brief Initialize SRTP engine and allocate global SRTP context.
- * Contains global data for all sessions and streams. For correct memory
- * management, the global SRTP context should be released by calling \ref
- * zrtp_srtp_destroy(). A pointer to the allocated SRTP global should be saved
- * at zrtp->srtp_global.
- * \warning this function \b must be called before any operation with the SRTP
- * engine.
- * \param zrtp - pointer to libzrtp global context
- * \return
- * - zrtp_status_ok if success
- * - zrtp_status_fail if error.
- */
-zrtp_status_t zrtp_srtp_init(zrtp_global_t *zrtp);
-
-/*!
- * \brief Free all allocated resources that were allocated by initialization
- * This function \b must be called at the end of SRTP engine use.
- * A pointer to deallocated SRTP global context (zrtp->srtp_global)
- * should be cleared ( set to NULL).
- * \param zrtp - pointer to libzrtp global context;
- * \return
- * - zrtp_status_ok - if SRTP engine has been deinitialized successfully;
- * - one of \ref zrtp_status_t errors - if deinitialization failed.
- */
-zrtp_status_t zrtp_srtp_down( zrtp_global_t *zrtp);
-
-/*!
- * \brief Creates SRTP context based on given incoming and outgoing profiles.
- * \param srtp_global - pointer to SRTP engine global context;
- * \param inc_profile - profile for incoming stream configuration;
- * \param out_profile - profile for outgoing stream configuration.
- * \return
- * - pointer to allocated and initialized SRTP session;
- * - NULL if error.
- */
-zrtp_srtp_ctx_t * zrtp_srtp_create( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_profile_t *inc_profile,
- zrtp_srtp_profile_t *out_profile );
-
-/*!
- * \brief Destroys SRTP context that was allocated by \ref zrtp_srtp_create()
- * \param srtp_global - pointer to SRTP engine global context;
- * \param srtp_ctx - pointer to SRTP context.
- * \return
- * - zrtp_status_ok - if SRTP context has been destroyed successfully;
- * - one of \ref zrtp_status_t errors if error.
- */
-zrtp_status_t zrtp_srtp_destroy( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t * srtp_ctx );
-
-
-/*!
- * \brief Function applies SRTP protection to the RTP packet.
- * If zrtp_status_ok is returned, then packet points to the resulting SRTP
- * packet; otherwise, no assumptions should be made about the value of either
- * data elements.
- * \note This function assumes that it can write the authentication tag
- * directly into the packet buffer, right after the the RTP payload. 32-bit
- * boundary alignment of the packet is assumed as well.
- * \param srtp_global - global SRTP context;
- * \param srtp_ctx - SRTP context to use in processing the packet;
- * \param packet - pointer to the packet to be protected.
- * \return
- * - zrtp_status_ok - if packet has been protected successfully;
- * - one of \ref zrtp_status_t errors - if protection failed.
- */
-zrtp_status_t zrtp_srtp_protect( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet );
-
-/*!
- * \brief Decrypts SRTP packet.
- * If zrtp_status_ok is returned, then packet points to the resulting plain RTP
- * packet; otherwise, no assumptions should be made about the value of either
- * data elements.
- * \warning This function assumes that the SRTP packet is aligned on
- * a 32-bit boundary.
- * \param srtp_global - global SRTP context;
- * \param srtp_ctx - SRTP context to use in processing the packet;
- * \param packet - pointer to the packet to be unprotected.
- * \return
- * - zrtp_status_ok - if packet has been unprotected successfully
- * - one of \ref zrtp_status_t errors - if decryption failed
- */
-zrtp_status_t zrtp_srtp_unprotect( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet );
-
-/*!
- * \brief Function applies SRTCP protection to the RTCP packet.
- * If zrtp_status_ok is returned, then packet points to the result in SRTCP
- * packet; otherwise, no assumptions should be made about the value of either
- * data elements.
- * \note This function assumes that it can write the authentication tag
- * directly into the packet buffer, right after the the RTP payload. 32-bit
- * boundary alignment of the packet is also assumed.
- * \param srtp_global - global SRTP context;
- * \param srtp_ctx - SRTP context to use in processing the packet;
- * \param packet - pointer to the packet to be protected.
- * \return
- * - zrtp_status_ok - if packet has been protected successfully;
- * - one of \ref zrtp_status_t errors - if protection failed.
- */
-zrtp_status_t zrtp_srtp_protect_rtcp( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet );
-
-/*!
- * \brief Decrypts SRTCP packet.
- * If zrtp_status_ok is returned, then packet points to the resulting RTCP
- * packet; otherwise, no assumptions should be made about the value of either
- * data elements.
- * \warning This function assumes that the SRTP packet is aligned on
- * a 32-bit boundary.
- * \param srtp_global - global SRTP context;
- * \param srtp_ctx - SRTP context to use in processing the packet;
- * \param packet - pointer to the packet to be unprotected.
- * \return
- * - zrtp_status_ok - if packet has been unprotected successfully;
- * - one of \ref zrtp_status_t errors - if decryption failed.
-*/
-zrtp_status_t zrtp_srtp_unprotect_rtcp( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet );
-
-/* \} */
-
-#endif /*__ZRTP_SRTP_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- * Vitaly Rozhkov <v.rozhkov at soft-industry.com>
- */
-
-#ifndef __ZRTP_SRTP_BUILTIN_H__
-#define __ZRTP_SRTP_BUILTIN_H__
-
-#include "zrtp_config.h"
-#include "zrtp_error.h"
-#include "zrtp_types.h"
-#include "zrtp_crypto.h"
-
-/*!
- * \defgroup dev_srtp Built in SRTP realization
- * \ingroup zrtp_dev
- * \{
- */
-
-/*!
- * \brief Sliding window width in bits.
- * This window is used by the replay protection mechanism. As stated in the
- * RFC3711, '3.3.2., the replay protection sliding window width MUST be at least
- * 64, but MAY be set to a higher value.
- */
-#if (ZRTP_PLATFORM == ZP_SYMBIAN)
-# define ZRTP_SRTP_WINDOW_WIDTH 16
-#else
-# define ZRTP_SRTP_WINDOW_WIDTH 128
-#endif
-
-#if ZRTP_SRTP_WINDOW_WIDTH % 8
-/*!
- * \brief Sliding window width in bytes if padding is needed.
- * This is used for allocating a window as a uint8_t array.
- */
-#define ZRTP_SRTP_WINDOW_WIDTH_BYTES ZRTP_SRTP_WINDOW_WIDTH/8+1
-#else
-/*!
- * \brief Sliding window width in bytes if padding isn't needed.
- * This is used for allocating a window as a uint8_t array.
- */
-#define ZRTP_SRTP_WINDOW_WIDTH_BYTES ZRTP_SRTP_WINDOW_WIDTH/8
-#endif
-
-#define RP_INCOMING_DIRECTION 1
-#define RP_OUTGOING_DIRECTION 2
-
-
-/*! \brief Structure describing replay protection engine data */
-typedef struct
-{
- uint32_t seq; /*!< sequence number of packet on the top of sliding window */
- uint8_t window[ZRTP_SRTP_WINDOW_WIDTH_BYTES]; /*!< sliding window buffer */
-} zrtp_srtp_rp_t;
-
-
-/*! \brief Structure describing cipher wrapper */
-typedef struct
-{
- /*!< cipher that will be used for packet encryption */
- zrtp_cipher_t *cipher;
-
- /*!< pointer to cipher's context */
- void *ctx;
-} zrtp_srtp_cipher_t;
-
-
-/*! \brief Structure describing authentication wrapper */
-typedef struct
-{
- zrtp_hash_t *hash; /*!< hash component for authentication tag generation */
- uint8_t *key; /*!< key buffer for HMAC generation */
- uint32_t key_len; /*!< key length in bytes. Used for zeroes filling of buffer with key */
- zrtp_auth_tag_length_t *tag_len; /*!< SRTP authentication scheme component */
-} zrtp_srtp_auth_t;
-
-
-/*! \brief Structure for SRTP stream context description. */
-typedef struct
-{
- /*!< wrapper for cipher component and holding its auxiliary data. Used for RTP encryption */
- zrtp_srtp_cipher_t rtp_cipher;
- /*!< wrapper for hash component and holding its auxiliary data. Used for RTP authentication */
- zrtp_srtp_auth_t rtp_auth;
-
- /*!< wrapper for cipher component and holding its auxiliary data. Used for RTCP encryption */
- zrtp_srtp_cipher_t rtcp_cipher;
- /*!< wrapper for hash component and holding its auxiliary data. Used for RTCP authentication */
- zrtp_srtp_auth_t rtcp_auth;
-} zrtp_srtp_stream_ctx_t;
-
-
-/*!
- * \brief Enumeration of labels used in key derivation for various purposes.
- * See RFC3711, "4.3. Key Derivation" for more details
- */
-typedef enum
-{
- label_rtp_encryption = 0x00, /*!< for RTP cipher's key derivation */
- label_rtp_msg_auth = 0x01, /*!< for RTP packets authentication mechanism's key derivation */
- label_rtp_salt = 0x02, /*!< for RTP cipher's salt derivation */
-
- label_rtcp_encryption = 0x03, /*!< used for RTCP cipher's key derivation */
- label_rtcp_msg_auth = 0x04, /*!< for RTCP packets authentication mechanism key derivation */
- label_rtcp_salt = 0x05 /*!< for RTCP cipher's salt derivation */
-} zrtp_srtp_prf_label;
-
-typedef zrtp_srtp_cipher_t zrtp_dk_ctx;
-
-
-/*!
- * \brief Structure describing a protection node.
- * Each node keeps data for protecting RTP and RTCP packets against replays
- * within streams with a given SSRC. There are two replay protection nodes for
- * each SSRC value in the two lists. One is used for incoming packets and
- * the other for outgoing packets.
-*/
-typedef struct
-{
- zrtp_srtp_rp_t rtp_rp; /*!< RTP replay protection data */
- zrtp_srtp_rp_t rtcp_rp; /*!< RTCP replay protection data */
- uint32_t ssrc; /*!< RTP media SSRC for nodes searching in the linked list */
- zrtp_srtp_ctx_t *srtp_ctx; /*!< SRTP context related with current node*/
- mlist_t mlist;
-} zrtp_rp_node_t;
-
-
-/*!
-* \brief Structure describing replay protection context.
-* This structure holds two linked list's heads and two mutexes for
-* synchronization access to appropriate lists.
-*/
-typedef struct
-{
- zrtp_rp_node_t inc_head; /*!< head of replay protection nodes list for incoming packets */
- zrtp_mutex_t* inc_sync; /*!< mutex for incoming list access synchronization */
- zrtp_rp_node_t out_head; /*!< head of replay protection nodes list for outgoing packets */
- zrtp_mutex_t* out_sync; /*!< mutex for outgoing list access synchronization */
-} zrtp_rp_ctx_t;
-
-/* \} */
-
-#endif /* __ZRTP_SRTP_BUILTIN_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_STRING_H__
-#define __ZRTP_STRING_H__
-
-#include "zrtp_config.h"
-
-/**
- * \file zrtp_strings.h
- * \brief libzrtp safe strings
- */
-
-/*============================================================================*/
-/* Libzrtp Strings */
-/*============================================================================*/
-
-#define ZRTP_STRING8 12
-#define ZRTP_STRING16 20
-#define ZRTP_STRING32 36
-#define ZRTP_STRING64 68
-#define ZRTP_STRING128 132
-#define ZRTP_STRING256 260
-#define ZRTP_STRING1024 1028
-
-
-#if ( ZRTP_PLATFORM != ZP_SYMBIAN )
-#pragma pack(push, 1)
-#endif
-
-typedef struct zrtp_stringn
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[0];
-} zrtp_stringn_t;
-
-typedef struct zrtp_string8
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[ZRTP_STRING8];
-} zrtp_string8_t;
-
-
-typedef struct zrtp_string16
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[ZRTP_STRING16];
-} zrtp_string16_t;
-
-typedef struct zrtp_string32
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[ZRTP_STRING32];
-} zrtp_string32_t;
-
-typedef struct zrtp_string64
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[ZRTP_STRING64];
-} zrtp_string64_t;
-
-typedef struct zrtp_string128
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[ZRTP_STRING128];
-} zrtp_string128_t;
-
-typedef struct zrtp_string256
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[ZRTP_STRING256];
-} zrtp_string256_t;
-
-typedef struct zrtp_string1024
-{
- uint16_t length;
- uint16_t max_length;
- char buffer[ZRTP_STRING1024];
-} zrtp_string1024_t;
-
-#if ( ZRTP_PLATFORM != ZP_SYMBIAN )
-#pragma pack(pop)
-#endif
-
-
-/**
- * \defgroup zrtp_strings Libzrtp Safe Strings
- *
- * Using standard C-like strings is potentially dangerous in any program. All standard functions for
- * working with c-strings rely on zero-termination, since c-strings don't contain a representation
- * of their length. This can cause many mistakes. Moreover, it is impossible to use these strings
- * for storing binary data.
- *
- * To solve these problems libzrtp uses zstrings instead of normal c-strings. A zstring is just a
- * wrapped c-string that stores its own length. Use the following data types, macros and utility
- * functions for working with zstrings in your applications.
- *
- * zstrings are easy to use, and at the same time light-weight and flexible.
- * We use two groups of zstring types:
- * \li zrtp_stringn_t - base type for all operations with zstrings;
- * \li zrtp_stringXX_t group - storage types.
- *
- * One can use any zrtp_stringXX_t type (big enough to store necessary data) esired and operate with
- * it using global zstring functions. To cast zrtp_stringXX_t to zrtp_stringn_t, the \ref ZSTR_GV
- * and \ref ZSTR_GVP macros can be used.
- *
- * The main principle of running zstrings is storing its current data size. So to avoid mistakes and
- * mess it is advised to use preestablished initialization macros. The description of each follows.
- * \{
- */
-
-
-/**
- * \brief Casts zrtp_stringXX_t to a pointer to zrtp_stringn_t.
- *
- * This macro prevents static casts caused by using zstring functions. Prevents mistakes and makes
- * zstrings safer to use.
- * \sa ZSTR_GVP
- */
-#define ZSTR_GV(pstr) \
-(zrtp_stringn_t*)((char*)pstr.buffer - sizeof(pstr.max_length) - sizeof(pstr.length))
-
-/**
- * \brief Casts zrtp_stringXX_t* to a pointer to zrtp_stringn_t.
- *
- * This macro prevents static casts from using zstring functions.
- * \sa ZSTR_GV
- */
-#define ZSTR_GVP(pstr) \
-(zrtp_stringn_t*)((char*)pstr->buffer - sizeof(pstr->max_length) - sizeof(pstr->length))
-
-/**
- * \brief Macro for empty zstring initialization
- * \warning Use this macro on every zrtp_string structure allocation.
- * usage: \code zrtp_string_t zstr = ZSTR_INIT_EMPTY(zstr); \endcode
- */
-#define ZSTR_INIT_EMPTY(a) { 0, sizeof(a.buffer) - 1, { 0 }}
-
-/**
- * \brief Macro for zstring initialization from a constant C-string
- * usage: \code zrtp_string_t zstr = ZSTR_INIT_WITH_CONST_CSTRING("zstring use example"); \endcode
- */
-#define ZSTR_INIT_WITH_CONST_CSTRING(s) {sizeof(s) - 1, 0, s}
-
-/**
- * \brief Macro for zstring clearing
- *
- * Use this macro for initializing already created zstrings
- * usage: \code ZSTR_SET_EMPTY(zstr); \endcode
- */
-#define ZSTR_SET_EMPTY(a)\
-{ a.length = 0; a.max_length = sizeof(a.buffer) - 1; a.buffer[0] = 0; }
-
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/**
- * \brief compare two zstrings
- *
- * Function compares the two strings left and right.
- * \param left - one string for comparing;
- * \param right - the other string for comparing.
- * \return
- * - -1 if left string less than right;
- * - 0 if left string is equal to right;
- * - 1 if left string greater than right.
- */
-int zrtp_zstrcmp(const zrtp_stringn_t *left, const zrtp_stringn_t *right);
-
-/**
- * \brief Copy a zstring
- *
- * The zrtp_zstrcpy function copies the string pointed by src to the structure pointed to by dst.
- * \param src source string;
- * \param dst destination string.
- */
-void zrtp_zstrcpy(zrtp_stringn_t *dst, const zrtp_stringn_t *src);
-
-/**
- * \brief Copy first N bytes of zstring
- *
- * The zrtp_zstrncpy function copies the first N bytes from the string pointed to by src to the
- * structure pointed by dst.
- * \param src - source string;
- * \param dst - destination string;
- * \param size - nuber of bytes to copy.
- */
-void zrtp_zstrncpy(zrtp_stringn_t *dst, const zrtp_stringn_t *src, uint16_t size);
-
-/**
- * @brief Copy a c-string into a z-string
- * \param dst - destination zsyring
- * \param src - source c-string to be copied.
- */
-void zrtp_zstrcpyc(zrtp_stringn_t *dst, const char *src);
-
-
-/**
- * \brief Copy first N bytes of a c-string into a z-string
- * \param dst - destination zsyring
- * \param src - source c-string to be copied.
- * \param size - number of bytes to be copied from \c src to \c dst
- */
-void zrtp_zstrncpyc(zrtp_stringn_t *dst, const char *src, uint16_t size);
-
-/**
- * \brief Concatenate two strings
- *
- * The zrtp_zstrcat function appends the src string to the dst string. If dst string doesn't have
- * enough space it will be truncated.
- * \param src source string;
- * \param dst destination string.
- */
-void zrtp_zstrcat(zrtp_stringn_t *dst, const zrtp_stringn_t *src);
-
-/**
- * \brief Clear a zstring
- * \param zstr - string for clearing;
- */
-void zrtp_wipe_zstring(zrtp_stringn_t *zstr);
-
-/**
- * \brief Compare two binary strings
- *
- * This function is used to prevent errors caused by other, non byte-to-byte comparison
- * implementations. The secret sorting function is sensitive to such things.
- *
- * \param s1 - first string for comparison
- * \param s2 - second string for comparison
- * \param n - number of bytes to be compared
- * \return - an integer less than, equal to, or greater than zero, if the first n bytes of s1
- * is found, respectively, to be less than, to match, or to be greater than the first n bytes of s2.
- */
-int zrtp_memcmp(const void* s1, const void* s2, uint32_t n);
-
-/**
- * \brief Converts binary data to the hex string representation
- *
- * \param bin - pointer to the binary buffer for converting;
- * \param bin_size - binary data size;
- * \param buff - destination buffer;
- * \param buff_size - destination buffer size.
- * \return
- * - pointer to the buff with converted data;
- * - "Buffer too small" in case of error.
- */
-const char* hex2str(const char* bin, int bin_size, char* buff, int buff_size);
-
-/**
- * \brief Converts hex string to the binary representation
- *
- * \param buff - source buffer for converting;
- * \param buff_size - source buffer size;
- * \param bin - pointer to the destination binary buffer;
- * \param bin_size - binary data size;
- * \return
- * - pointer to the buff with converted data, or NULL in case of error.
- */
-char *str2hex(const char* buff, int buff_size, char* bin, int bin_size);
-
-#if defined(__cplusplus)
-}
-#endif
-
-/** \} */
-
-#endif /* __ZRTP_STRING_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-
-#ifndef __ZRTP_TYPES_H__
-#define __ZRTP_TYPES_H__
-
-#include "zrtp_config.h"
-#include "bn.h"
-#include "zrtp_base.h"
-#include "zrtp_iface.h"
-#include "zrtp_list.h"
-#include "zrtp_legal.h"
-#include "zrtp_string.h"
-#include "zrtp_protocol.h"
-
-
-/**
- * \brief Defines ZRTP state-machine states
- * \ingroup zrtp_types
- *
- * The conditions for switching from one state to another, and libzrtp behavior in every state is
- * described in detail in \ref XXX and depicted in diagram XXX and XXX.
- *
- * The current stream state is stored in the zrtp_stream_info_t#state variable and available for
- * reading at any time.
- */
-typedef enum zrtp_state_t
-{
- ZRTP_STATE_NONE = 0,
- ZRTP_STATE_ACTIVE, /** Just right stream attaching, before protocol start */
- ZRTP_STATE_START, /** Protocol initiated, Discovery haven't started yet */
- ZRTP_STATE_WAIT_HELLOACK, /** Hello sending, waiting for HelloAck */
- ZRTP_STATE_WAIT_HELLO, /** HelloAck received, Waiting for peer Hello */
- ZRTP_STATE_CLEAR, /** CLEAR state */
- ZRTP_STATE_START_INITIATINGSECURE, /** Starting Initiator state-machine */
- ZRTP_STATE_INITIATINGSECURE, /** Commit retries, waiting for DH1 */
- ZRTP_STATE_WAIT_CONFIRM1, /** DH2 retries, waiting for Confirm1 */
- ZRTP_STATE_WAIT_CONFIRMACK, /** Confirm2 retries, waiting for ConfirmAck */
- ZRTP_STATE_PENDINGSECURE, /** Responder state-machine, waiting for DH2 */
- ZRTP_STATE_WAIT_CONFIRM2, /** Waiting for Confirm2 to finalize ZRTP exchange */
- ZRTP_STATE_SECURE, /** SECURE state, call is encrypted */
- ZRTP_STATE_SASRELAYING, /** SAS transferring to the remote peer (for MiTM only) */
- ZRTP_STATE_INITIATINGCLEAR, /** Switching to CLEAR initated by the local endpoint */
- ZRTP_STATE_PENDINGCLEAR, /** CLEAR request have been received */
- ZRTP_STATE_INITIATINGERROR, /** Protocol ERROR detected on local side */
- ZRTP_STATE_PENDINGERROR, /** Protocol ERROR received from the remote peer */
- ZRTP_STATE_ERROR, /** Protocol ERROR state. Check zrtp_stream_info#last_error*/
-#if (defined(ZRTP_BUILD_FOR_CSD) && (ZRTP_BUILD_FOR_CSD == 1))
- ZRTP_STATE_DRIVEN_INITIATOR,
- ZRTP_STATE_DRIVEN_RESPONDER,
- ZRTP_STATE_DRIVEN_PENDING,
-#endif
- ZRTP_STATE_NO_ZRTP, /** Discovery phase failed. Remote peer doesn't support ZRTP */
- ZRTP_STATE_COUNT
-} zrtp_state_t;
-
-/**
- * \brief Enumeration for ZRTP stream mode definition
- * \ingroup zrtp_types
- */
-typedef enum zrtp_stream_mode_t
-{
- ZRTP_STREAM_MODE_UNKN = 0, /** Unused stream - unknown mode */
- ZRTP_STREAM_MODE_CLEAR = 1, /** Just after stream attaching - mode is undefined */
- ZRTP_STREAM_MODE_DH = 2, /** FULL DH ZRTP stream mode */
- ZRTP_STREAM_MODE_PRESHARED = 3, /** Preshared ZRTP stream mode */
- ZRTP_STREAM_MODE_MULT = 4, /** Multistream ZRTP stream mode */
- ZRTP_STREAM_MODE_COUNT = 5
-} zrtp_stream_mode_t;
-
-/**
- * \brief ZRTP session profile
- * \ingroup zrtp_types
- * \ingroup zrtp_main_init
- *
- * ZRTP Sessions are configured with a profile scheme. Each profile is defined by a structure of the
- * given type. zrtp_profile_t contains a set of preferences for crypto components and other
- * protocol parameters.
- *
- * The Crypto component choosing mechanism is as follows: both sides communicated their supported
- * components during the "discovery phase". After that the initiator chooses the optimal
- * intersection of components.
- *
- * For components identification the numerical values of the following types are used:
- * zrtp_hash_id_t, zrtp_cipher_id_t, zrtp_atl_id_t, and zrtp_sas_id_t. The profile field responsible
- * for components of a particular type setting is an integer-valued array where component
- * identifiers should be placed in order of priority. 0-element is of the first priority. The list
- * should end with ZRTP_COMP_UNKN=0.
- *
- * The values in the profile may be filled either by libzrtp zrtp_profile_defaults() or by the user
- * manually.
- *
- * The profile is applied to the stream context on allocation by zrtp_session_init().
- *
- * \sa XXX
- */
-struct zrtp_profile_t
-{
- /**
- * \brief Allowclear mode flag
- *
- * This option means that the ZRTP peer allows SRTP termination. If allowclear is disabled, the
- * ZRTP peer must stay in protected mode until the moment the ZRTP stream is shut down. When not
- * in "allowclear" mode, libzrtp will reject all incoming GoClear packages and will not generate
- * its own.
- *
- * Setting the value equal to 1 turns "allowclear" on, and 0 turns "allowclear" off. If
- * "allowclear" is disabled zrtp_stream_clear() returns zrtp_status_fail.
- */
- uint8_t allowclear;
-
- /**
- * \brief ZRTP "autosecure" mode flag
- *
- * In "autosecure" mode, a protected connection will be initiated automatically just after
- * stream start-up. If the option "autosecure" is switched off, then a secure connection can be
- *initialized only by calling zrtp_stream_secure().
- */
- uint8_t autosecure;
-
- /**
- * \brief Disclose bit.
- *
- * This field MUST be set by user application if it's going to disclose stream keys.
- */
- uint8_t disclose_bit;
-
- /**
- * \brief Enabled Discovery Optimization
- *
- * ZRTP protocol specification allows to speed-up the discovery process by sending Commit
- * instead of HelloAck. This is the default behavior for most of ZRTP endpoints. It allows to
- * eliminate one unnecessary exchange.
- *
- * At other hand, this optimization may cose some problems on slow devices: using this option,
- * the endpoint starts to compute DH value right after receiving remote Hello. It may take
- * seginificent amount of time on slow device (of is the device is busy on other calculations).
- * As all libzrtp messages are processed in single thread, while local endpoint computing DH
- * it be unable to response on remote Hello-s and remote side may switch to NO_ZRTP state.
- *
- * Not use this option is you running libzrtp on slow device or your software supports HQ video
- * conferences. Enabled by default.
- */
- uint8_t discovery_optimization;
-
- /**
- * \brief Cache time-to-live
- *
- * The time interval libzrtp should retain secrets. This parameter sets the secret's time to
- * live in seconds. This option is global for all connections processed by the library. It is
- * used together with zrtp_session_info_t#cache_ttl.
- *
- * ZRTP_CACHE_DEFAULT_TTL value is used by default.
- */
- uint32_t cache_ttl;
-
- /** \brief SAS calculation scheme preferences */
- uint8_t sas_schemes[ZRTP_MAX_COMP_COUNT+1];
-
- /** \brief Cipher type preferences */
- uint8_t cipher_types[ZRTP_MAX_COMP_COUNT+1];
-
- /** \brief Public key exchange scheme preferences */
- uint8_t pk_schemes[ZRTP_MAX_COMP_COUNT+1];
-
- /** \brief Auth tag length preferences */
- uint8_t auth_tag_lens[ZRTP_MAX_COMP_COUNT+1];
-
- /**
- * \brief Hash calculation scheme preferences
- * \note ZRTP_HASH_SHA256 is only one hash algorithm supported by current version of libzrtp.
- */
- uint8_t hash_schemes[ZRTP_MAX_COMP_COUNT+1];
-};
-
-/**
- * \brief Shared secret structure
- * \ingroup zrtp_iface_cache
- *
- * This structure stores ZRTP shared secret values used in the protocol.
- */
-struct zrtp_shared_secret_t
-{
- /** \brief ZRTP secret value */
- zrtp_string64_t value;
-
- /**
- * \brief last usage time-stamp in seconds.
- *
- * Library updates this value on generation of the new value based on previous one.
- */
- uint32_t lastused_at;
-
- /**
- * \brief TTL value in seconds.
- *
- * Available for reading after the Hello exchange. Updated on switching to Secure state.
- */
- uint32_t ttl;
-
- /**
- * \brief Loaded secret flag.
- *
- * When the flag is set (= 1), the secret has been loaded from the cache. Otherwise the secret
- * has been generated.
- * \warning For internal use only. Don't modify this flag in the application.
- */
- uint8_t _cachedflag;
-};
-
-/**
- * \brief Lists MitM roles on PBX call transferring
- *
- * Enumeration type for the ZRTP modes based on the role of the MitM.
- */
-typedef enum zrtp_mitm_mode_t
-{
- /** MitM is not supported or not activated. */
- ZRTP_MITM_MODE_UNKN = 0,
-
- /**
- * \brief Client-side mode called to the PBX in ZRTP trusted MiTM mode.
- *
- * Libzrtp activates this state on receiving an Hello, indicating that remote side is trusted
- * MiTM.
- */
- ZRTP_MITM_MODE_CLIENT,
-
- /**
- * \brief Server-side mode to transfer SAS to the registrant.
- *
- * Libzrtp switches to this state on starting zrtp_update_remote_options().
- */
- ZRTP_MITM_MODE_RECONFIRM_SERVER,
- /**
- * \brief Client-side mode accepted SAS transfer from the trusted MiTM.
- *
- * Libzrtp activates this state on receiving an SASRELAY from a trusted MiTM endpoint.
- */
- ZRTP_MITM_MODE_RECONFIRM_CLIENT,
- /**
- * \brief Server-side mode to accept the user's registration requests.
- *
- * Libzrtp switches to this state on starting a registration stream by
- * zrtp_stream_registration_start() or zrtp_stream_registration_secure().
- */
- ZRTP_MITM_MODE_REG_SERVER,
- /**
- * \brief User-side mode to confirm the registration ritual.
- *
- * The library enables this state when a remote party invites it to the registration ritual
- * by a special flag in the Confirm packet.
- */
- ZRTP_MITM_MODE_REG_CLIENT
-} zrtp_mitm_mode_t;
-
-
-/** \manonly */
-
-
-/*======================================================================*/
-/* Internal ZRTP libzrtp datatypes */
-/*======================================================================*/
-
-/**
- * @defgroup types_dev libzrtp types for developers
- * The data types used in inside libzrte. This section is for libzrtp developers
- * @ingroup zrtp_dev
- * \{
- */
-
-
-/**
- * @brief Enumeration for ZRTP protocol packets type definition
- * @warning! Don't change order of these definition without synchronizing with
- * print* functions (see zrtp_log.h)
- */
-typedef enum
-{
- ZRTP_UNPARSED = -1, /** Unparsed packet */
- ZRTP_NONE = 0, /** Not ZRTP packet */
- ZRTP_HELLO = 1, /** ZRTP protocol HELLO packet */
- ZRTP_HELLOACK = 2, /** ZRTP protocol HELLOACK packet */
- ZRTP_COMMIT = 3, /** ZRTP protocol COMMIT packet */
- ZRTP_DHPART1 = 4, /** ZRTP protocol DHPART1 packet */
- ZRTP_DHPART2 = 5, /** ZRTP protocol DHPART2 packet */
- ZRTP_CONFIRM1 = 6, /** ZRTP protocol CONFIRM1 packet */
- ZRTP_CONFIRM2 = 7, /** ZRTP protocol CONFIRM2 packet */
- ZRTP_CONFIRM2ACK = 8, /** ZRTP protocol CONFIRM2ACK packet */
- ZRTP_GOCLEAR = 9, /** ZRTP protocol GOCLEAR packet */
- ZRTP_GOCLEARACK = 10, /** ZRTP protocol GOCLEARACK packet */
- ZRTP_ERROR = 11, /** ZRTP protocol ERROR packet */
- ZRTP_ERRORACK = 12, /** ZRTP protocol ERRORACK packet */
- ZRTP_PROCESS = 13, /** This is not a packet type but type of task for scheduler */
- ZRTP_SASRELAY = 14, /** ZRTP protocol SASRELAY packet */
- ZRTP_RELAYACK = 15, /** ZRTP protocol RELAYACK packet */
- ZRTP_ZFONEPING = 16, /** Zfone3 Ping packet */
- ZRTP_ZFONEPINGACK = 17, /** Zfone3 PingAck packet */
- ZRTP_MSG_TYPE_COUNT = 18
-} zrtp_msg_type_t;
-
-
-/**
- * @brief enumeration for protocol state-machine roles
- * Protocol role fully defines it's behavior. ZRTP peer chooses a role according
- * to specification. For details see internal developers documentation
- */
-typedef enum zrtp_statemachine_type_t
-{
- ZRTP_STATEMACHINE_NONE = 0, /** Unknown type. Used as error value */
- ZRTP_STATEMACHINE_INITIATOR = 1, /** Defines initiator's protocol logic */
- ZRTP_STATEMACHINE_RESPONDER = 2 /** Defines responder's protocol logic */
-} zrtp_statemachine_type_t;
-
-#define ZRTP_BIT_RS1 0x02
-#define ZRTP_BIT_RS2 0x04
-#define ZRTP_BIT_AUX 0x10
-#define ZRTP_BIT_PBX 0x20
-
-/**
- * @brief Library global context
- * Compilers and linkers on some operating systems don't support the declaration
- * of global variables in c files. Storing a context allows us to solve this
- * problem in a way that unifies component use. The context is created by calling
- * zrtp_init(), and is destroyed with zrtp_down(). It contains data necessary
- * for crypto-component algorithms, including hash schemes, cipher types, SAS
- * schemes etc. Context data can be divided into three groups:
- * - ID of client ZRTP peer;
- * - RNG related fields (hash context for entropy computing);
- * - DH scheme related fields(internal data used for DH exchange);
- * - headers of the lists of every crypto-component type used for component
- * management.
- * All of this data, except for "RNG related fields", is for internal use only
- * and set automatically. All that is needed is to link every created session
- * to global context.
- * @sa zrtp_init() zrtp_down() zrtp_session_init()
- */
-struct zrtp_global_t
-{
- uint32_t lic_mode; /** ZRTP license mode. */
- zrtp_string16_t client_id; /** Local ZRTP client ID. */
- uint8_t is_mitm; /** Flags defines that the local endpoint acts as ZRTP MiTM. */
- MD_CTX rand_ctx; /** Hash context for entropy accumulation for the RNG unit. */
- uint8_t rand_initialized; /** RNG unit initialization flag. */
- zrtp_string256_t def_cache_path; /** Full path to ZRTP cache file. */
- unsigned cache_auto_store; /** Set when user wants libzrtp to flush the cache once it changed */
- zrtp_mutex_t* rng_protector; /** This object is used to protect the shared RNG hash zrtp#rand_ctx */
- struct BigNum one; /** This section provides static data for DH3K and DH4K components */
- struct BigNum G;
- struct BigNum P_2048;
- struct BigNum P_2048_1;
- struct BigNum P_3072;
- struct BigNum P_3072_1;
- uint8_t P_2048_data[256];
- uint8_t P_3072_data[384];
- mlist_t hash_head; /** Head of hash components list */
- mlist_t cipher_head; /** Head of ciphers list */
- mlist_t atl_head; /** Head of ATL components list */
- mlist_t pktype_head; /** Head of public key exchange schemes list */
- mlist_t sas_head; /** SAS schemes list */
- void* srtp_global; /** Storage for some SRTP global data */
- mlist_t sessions_head; /** Head of ZRTP sessions list */
- uint32_t sessions_count; /** Global sessions count used to create ZRTP session IDs. For debug purposes mostly. */
- uint32_t streams_count; /** Global streams count used to create ZRTP session IDs. For debug purposes mostly. */
- zrtp_mutex_t* sessions_protector; /** This object is used to synchronize sessions list operations */
- zrtp_callback_t cb; /** Set of feedback callbacks used by libzrtp to interact with the user-space.*/
-};
-
-
-/**
- * @brief RTP packet structure used in libzrtp
- * Used for conveniently working with RTP/ZRTP packets. A binary RTP/ZRTP
- * packet is converted into a zrtp_rtp_info_t structure before processing by
- * _zrtp_packet_preparse()
- */
-typedef struct zrtp_rtp_info_t
-{
- /** Packet length in bytes */
- uint32_t *length;
-
- /** Pointer to the RTP/ZRTP packet body */
- char *packet;
-
- /** Pointer to ZRTP Message part (skip ZRTP transport header part) */
- void *message;
-
- /** ZRTP packet type (ZRTP_NONE in case of non command packet) */
- zrtp_msg_type_t type;
-
- /** Straightened RTP/ZRTP sequence number in host mode */
- uint32_t seq;
-
- /** RTP SSRC/ZRTP in network mode */
- uint32_t ssrc;
-} zrtp_rtp_info_t;
-
-
-/**
- * @brief Retained secrets container
- * Contains the session's shared secret values and related flags restored from
- * the cache. Every subsequent stream within a session uses these values
- * through @ref zrtp_proto_secret_t pointers. By definition, different ZRTP
- * streams can't change secret values. Secret flags are protected against race
- * conditions by the mutex \c _protector. For internal use only.
- */
-typedef struct zrtp_secrets_t
-{
- /** First retained secret RS1. */
- zrtp_shared_secret_t *rs1;
-
- /** Second retained secret RS1. */
- zrtp_shared_secret_t *rs2;
-
- /** User-defined secret. */
- zrtp_shared_secret_t *auxs;
-
- /** PBX Secret for trusted MiTMs. */
- zrtp_shared_secret_t *pbxs;
-
- /** Bit-map to summarize shared secrets "Cached" flags. */
- uint32_t cached;
- uint32_t cached_curr;
-
- /** Bit-map to summarize shared secrets "Matches" flags. */
- uint32_t matches;
- uint32_t matches_curr;
-
- /** Bit-map to summarize shared secrets "Wrongs" flags. */
- uint32_t wrongs;
- uint32_t wrongs_curr;
-
- /** This flag equals one if the secrets have been uploaded from the cache. */
- uint8_t is_ready;
-} zrtp_secrets_t;
-
-
-/**
- * @brief Protocol shared secret
- * Wrapper around the session shared secrets \ref zrtp_shared_secret. Used
- * for ID storing and secret sorting according to ZRTP ID sec. 5.4.4.
- */
-typedef struct zrtp_proto_secret_t
-{
- /** Local-side secret ID */
- zrtp_string8_t id;
-
- /** Remote-side secret ID */
- zrtp_string8_t peer_id;
-
- /** Pointer to the binary value and set of related flags */
- zrtp_shared_secret_t *secret;
-} zrtp_proto_secret_t;
-
-
-/**
- * @brief ZRTP messages cache
- * This structure contains ZRTP messages prepared for sending or received from
- * the other side. This scheme allows speed-ups the resending of packets and
- * computing message hashes, and makes resending thread-safe. Besides packets,
- * tasks retries are stored as well.
- */
-typedef struct zrtp_stream_mescache_t
-{
- zrtp_packet_Hello_t peer_hello;
- zrtp_packet_Hello_t hello;
- zrtp_packet_GoClear_t goclear;
- zrtp_packet_Commit_t peer_commit;
- zrtp_packet_Commit_t commit;
- zrtp_packet_DHPart_t peer_dhpart;
- zrtp_packet_DHPart_t dhpart;
- zrtp_packet_Confirm_t confirm;
- zrtp_string32_t h0;
- zrtp_packet_Confirm_t peer_confirm;
- zrtp_packet_Error_t error;
- zrtp_packet_SASRelay_t sasrelay;
-
- zrtp_retry_task_t hello_task;
- zrtp_retry_task_t goclear_task;
- zrtp_retry_task_t dh_task;
- zrtp_retry_task_t commit_task;
- zrtp_retry_task_t dhpart_task;
- zrtp_retry_task_t confirm_task;
- zrtp_retry_task_t error_task;
- zrtp_retry_task_t errorack_task;
- zrtp_retry_task_t sasrelay_task;
-
- /*!
- * Hash pre-image of the remote party Hello retrieved from Signaling. When
- * user calls zrtp_signaling_hash_set() libzrtp stores hash value in this
- * variable and checks all incoming Hello-s to prevent DOS attacks.
- */
- zrtp_string64_t signaling_hash;
-} zrtp_stream_mescache_t;
-
-
-/**
- * @brief Crypto context for Diffie-Hellman calculations
- * Used only by DH streams to store Diffie-Hellman calculations. Allocated on
- * protocol initialization and released on switching to SECURE mode.
- */
-typedef struct zrtp_dh_crypto_context_t
-{
- /** DH secret value */
- struct BigNum sv;
-
- /** DH public value */
- struct BigNum pv;
-
- /** DH public value recalculated for remote side */
- struct BigNum peer_pv;
-
- /** DH shared secret. DHSS = hash(DHResult) */
- zrtp_string64_t dhss;
-
- unsigned int initialized_with;
-} zrtp_dh_crypto_context_t;
-
-
-/*!
- * \brief Crypto context for ECDSA calculations
- * Used to store ECDSA keys and calculations. Allocated on
- * protocol initialization and released on switching to SECURE mode.
- */
-typedef struct zrtp_dsa_crypto_context_t
-{
- struct BigNum sv; /*!< DSA secret value */
- struct BigNum pv; /*!< DSA public value */
- struct BigNum peer_pv;/*!< DSA public value for some remote side */
-} zrtp_dsa_crypto_context_t;
-
-
-/**
- * @brief Protocol crypto context
- * Used as temporary storage for ZRTP crypto data during protocol running.
- * Unlike \ref zrtp_stream_crypto_t this context is needed only during key
- * negotiation and destroyed on switching to SECURE state.
- */
-typedef struct zrtp_proto_crypto_t
-{
- /** ZRTP */
- zrtp_string128_t kdf_context;
-
- /** ZRTP stream key */
- zrtp_string64_t s0;
-
- /** Local hvi value for the hash commitment: hvi or nonce for Multistream. */
- zrtp_string64_t hv;
-
- /** Remove hvi value for the hash commitment: hvi or nonce for Multistream. */
- zrtp_string64_t peer_hv;
-
- /** Total messages hash. See ZRTP ID 5.4.4/5.5.4 */
- zrtp_string64_t mes_hash;
-
- /** RS1 */
- zrtp_proto_secret_t rs1;
-
- /** RS2 */
- zrtp_proto_secret_t rs2;
-
- /** User-Defined secret */
- zrtp_proto_secret_t auxs;
-
- /** PBX secret */
- zrtp_proto_secret_t pbxs;
-} zrtp_proto_crypto_t;
-
-/*!
- * \brief ZRTP protocol structure
- * Protocol structure is responsible for ZRTP protocol logic (CLEAR-SECURE
- * switching) and RTP media encrypting/decrypting. The protocol is created
- * right after the discovery phase and destroyed on stream closing.
- */
-struct zrtp_protocol_t
-{
- /** Protocol mode: responder or initiator. */
- zrtp_statemachine_type_t type;
-
- /** Context for storing protocol crypto data. */
- zrtp_proto_crypto_t* cc;
-
- /** SRTP crypto engine */
- zrtp_srtp_ctx_t* _srtp;
-
- /** Back-pointer to ZRTP stream context. */
- zrtp_stream_t *context;
-};
-
-/**
- * @brief Stream-persistent crypto options.
- * Unlike \ref zrtp_proto_crypto_t these data are kept after switching to Secure
- * state or stopping the protocol; used to sign/verify Confirm and GoClear packets.
- */
-typedef struct zrtp_stream_crypto_t
-{
- /** Local side hmackey value. */
- zrtp_string64_t hmackey;
-
- /** Remote side hmackey value. */
- zrtp_string64_t peer_hmackey;
-
- /** Local side ZRTP key for Confirms protection. */
- zrtp_string64_t zrtp_key;
-
- /** Remote side ZRTP key for Confirms verification. */
- zrtp_string64_t peer_zrtp_key;
-} zrtp_stream_crypto_t;
-
-
-/**
- * @brief stream media context. Contains all RTP media-related information.
- */
-typedef struct zrtp_media_context_t
-{
- /** The highest ZRTP message sequence number received. */
- uint32_t high_in_zrtp_seq;
-
- /** The last ZRTP message sequence number sent. */
- uint32_t high_out_zrtp_seq;
-
- /** The highest RTP media sequence number received; used by SRTP. */
- uint32_t high_in_media_seq;
-
- /** The highest RTP media sequence number sent; used by SRTP. */
- uint32_t high_out_media_seq;
-
- /** SSRC of the RTP media stream associated with the current ZRTP stream. */
- uint32_t ssrc;
-} zrtp_media_context_t;
-
-/*!
- * \brief ZRTP stream context
- * \warning Fields with prefix "_" are for internal use only.
- */
-struct zrtp_stream_t
-{
- /*! Stream unique identifier for debug purposes */
- zrtp_id_t id;
-
- /*!
- * \brief Stream mode
- * This field defines libzrtp behavior related to specified contexts. See
- * <A HREF="http://zfoneproject.com/zrtp_ietf.html">"ZRTP Internet Draft"</A>
- * and \ref usage for additional information about stream types and their
- * processing logic.
- */
- zrtp_stream_mode_t mode;
-
- /*!
- * \brief Defines ZRTP role in trusted MitM scheme.
- * The value of this mode determines the behavior of the ZRTP machine
- * according to it's role in the MitM scheme. Initially the mode is
- * ZRTP_MITM_MODE_UNKN and then changes on protocol running.
- */
- zrtp_mitm_mode_t mitm_mode;
-
- /*!
- * \brief Previous ZRTP protocol states
- * Used in analysis to determine the reason for a switch from one state to
- * another. Enabled by _zrtp_change_state(.
- */
- zrtp_state_t prev_state;
-
- /** 1 means that peer Hello have been raceived within current ZRTP session */
- uint8_t is_hello_received;
-
- /*!< Reflects current state of ZRTP protocol */
- zrtp_state_t state;
-
- /**
- * @brief Persistent stream crypto options.
- * Stores persistent crypto data needed after Confirmation. This data can be
- * cleared only when the stream is destroyed.
- */
- zrtp_stream_crypto_t cc;
-
- /** DH crypto context used in PK calculations */
- zrtp_dh_crypto_context_t dh_cc;
-
- /*!
- * \brief Pointer to the ZRTP protocol implementation
- * The protocol structure stores all crypto data during the securing
- * procedure. After switching to SECURE state the protocol clears all
- * crypto sources and performs traffic encryption/decryption.
- */
- zrtp_protocol_t *protocol;
-
- /*!< Holder for RTP/ZRTP media stream options. */
- zrtp_media_context_t media_ctx;
-
- /*!< ZRTP messages and task retries cache */
- zrtp_stream_mescache_t messages;
-
- /*!
- * Current value of "allowclear" option exchanged during ZRTP negotiation.
- * Available for reading in SECURE state.
- */
- uint8_t allowclear;
-
- /*!
- * This flag shows when remote side is "passive" (has license mode PASSIVE)
- * Available for reading in CLEAR state.
- */
- uint8_t peer_passive;
-
- /*!
- * \brief actual lifetime of stream secrets
- * This variable contains the interval for retaining secrets within an
- * established stream. In accordance with <A
- * HREF="http://zfoneproject.com/zrtp_ietf.html">"ZRTP Internet Draft"</A>
- * this value is calculated as the minimal of local and remote TTLs after
- * confirmation. Value is given in seconds and can be read in the SECURE
- * state. It may be used in displaying session parameters.
- */
- uint32_t cache_ttl;
-
- /*!
- * \brief Peer disclose bit Indicates the ability of the remote side to
- * disclose its session key. Specifies that the remote side allows call
- * monitoring. If this flag is set, the end user must be informed. It can
- * be read in the SECURE state.
- */
- uint8_t peer_disclose_bit;
-
- /*!
- * \brief Last protocol error code
- * If there is a mistake in running the protocol, zrtp_event_callback()
- * will be called and the required error code will be set to this field.
- * An error code is the numeric representation of ZRTP errors defined in
- * the draft. All error codes are defined by \ref zrtp_protocol_error_t.
- */
- zrtp_protocol_error_t last_error;
-
- /**
- * Duplicates MiTM flag from peer Hello message
- */
- uint8_t peer_mitm_flag;
-
- /**
- * Duplicates U flag from peer Hello message
- */
- uint8_t peer_super_flag;
-
- /*!
- * \brief Pointer to the concurrent DH stream
- * If Commit messages are sent by both ZRTP endpoints at the same time, but
- * are received in different media streams, "tie-breaking" rules apply - the
- * Commit message with the lowest hvi value is discarded and the other side
- * becomes the initiator. The media stream in which the Commit was sent will
- * proceed through the ZRTP exchange while the media stream with the discarded
- * Commit must wait for the completion of the other ZRTP exchange. A pointer
- * to that "waiting" stream is stored in \c _concurrent. When the running
- * stream is switched to "Initiating Secure" the concurrent stream is resumed.
- */
- zrtp_stream_t *concurrent;
-
- /** Back-pointer to the ZRTP global data */
- zrtp_global_t *zrtp;
-
- /** Pointer to parent session context. Used for back capability */
- zrtp_session_t *session;
-
- /*!< Public key exchange component used within current stream */
- zrtp_pk_scheme_t *pubkeyscheme;
-
- /*!
- * Pointer to the user data. This pointer can be used for fast access to
- * some additional data attached to this ZRTP stream by the user application
- */
- void *usr_data;
-
- /*!
- * Pointer to the peer stream during a trusted MiTM call.
- * @sa zrtp_link_mitm_calls()
- */
- zrtp_stream_t *linked_mitm;
-
- /*!
- * \brief Stream data protector
- * A mutex is used to avoid race conditions during asynchronous calls
- * (zrtp_stream_secure(), zrtp_stream_clear() etc.) in parallel to the main
- * processing loop zrtp_process_rtp/srtp().
- */
- zrtp_mutex_t* stream_protector;
-};
-
-
-/*!
- * \brief ZRTP session context
- * Describes the state of the ZRTP session. Stores data necessary and sufficient
- * for processing ZRTP sessions. Encapsulates ZRTP streams and all crypto-data.
- */
-struct zrtp_session_t
-{
- /*! Session unique identifier for debug purposes */
- zrtp_id_t id;
-
- /*!
- * \brief Local-side ZID
- * The unique 12-characters string that identifies the local ZRTP endpoint.
- * It must be generated by the user application on installation and used
- * permanently for every ZRTP session. This ID allows remote peers to
- * recognize this ZRTP endpoint.
- */
- zrtp_string16_t zid;
-
- /*!
- * \brief Remote-side ZID
- * Extracted from the Hello packet of the very first ZRTP stream. Uniquely
- * identifies the remote ZRTP peer. Used in combination with the local zid
- * to restore secrets and other data from the previous call. Available for
- * reading after the discovering phase.
- */
- zrtp_string16_t peer_zid;
-
- /*!< ZRTP profile, defined crypto options and behavior for every stream within current session */
- zrtp_profile_t profile;
-
- /*
- * Signaling Role which protocol was started with, one of zrtp_signaling_role_t values.
- */
- unsigned signaling_role;
-
- /*!
- * \brief Set of retained secrets and flags for the current ZRTP session.
- * libzrtp uploads secrets and flags from the cache on the very first
- * stream within every ZRTP session.
- */
- zrtp_secrets_t secrets;
-
- /*!< ZRTP session key used to extend ZRTP session without additional DH exchange */
- zrtp_string64_t zrtpsess;
-
- /** First SAS base32/256 string */
- zrtp_string16_t sas1;
-
- /** Second SAS 256 string */
- zrtp_string16_t sas2;
-
- /** Binary SAS digest (ZRTP_SAS_DIGEST_LENGTH bytes) */
- zrtp_string32_t sasbin;
-
- /*!< Back-pointer to the ZRTP global data */
- zrtp_global_t *zrtp;
-
- /*!< Back-pointer to user data associated with this session context. */
- void *usr_data;
-
- /** Hash component used within current session */
- zrtp_hash_t *hash;
-
- /** Cipher component used within current session */
- zrtp_cipher_t *blockcipher;
-
- /** SRTP authentication component used within current session */
- zrtp_auth_tag_length_t *authtaglength;
-
- /** SAS scheme component used within current session */
- zrtp_sas_scheme_t *sasscheme;
-
- /** List of ZRTP streams attached to the session. */
- zrtp_stream_t streams[ZRTP_MAX_STREAMS_PER_SESSION];
-
- /** This object is used to synchronize all stream list operations */
- zrtp_mutex_t* streams_protector;
-
- /** Prevents race conditions if streams start simultaneously. */
- zrtp_mutex_t* init_protector;
-
- /**
- * This flag indicates that possible MiTM attach was detected during the protocol exchange.
- */
- uint8_t mitm_alert_detected;
-
- mlist_t _mlist;
-};
-
-/*! \} */
-
-
-/*===========================================================================*/
-/* Data types and definitions for SRTP */
-/*===========================================================================*/
-
-#if ZRTP_BYTE_ORDER == ZBO_LITTLE_ENDIAN
-
-/**
- * RTP header structure
- * @ingroup dev_srtp
- */
-typedef struct
-{
- uint16_t cc:4; /** CSRC count */
- uint16_t x:1; /** header extension flag */
- uint16_t p:1; /** padding flag */
- uint16_t version:2; /** protocol version */
- uint16_t pt:7; /** payload type */
- uint16_t m:1; /** marker bit */
- uint16_t seq; /** sequence number */
- uint32_t ts; /** timestamp */
- uint32_t ssrc; /** synchronization source */
-} zrtp_rtp_hdr_t;
-
-/**
- * RTCP header structure
- * @ingroup dev_srtp
- */
-typedef struct
-{
- unsigned char rc:5; /** reception report count */
- unsigned char p:1; /** padding flag */
- unsigned char version:2; /** protocol version */
- unsigned char pt:8; /** payload type */
- uint16_t len; /** length */
- uint32_t ssrc; /** synchronization source */
-} zrtp_rtcp_hdr_t;
-
-typedef struct
-{
- unsigned int index:31; /** srtcp packet index in network order! */
- unsigned int e:1; /** encrypted? 1=yes */
- /** optional mikey/etc go here */
- /** and then the variable-length auth tag */
-} zrtp_rtcp_trailer_t;
-
-#else
-
-/**
- * RTP header structure
- * @ingroup dev_srtp
- */
-typedef struct
-{
- uint16_t version:2; /** protocol version */
- uint16_t p:1; /** padding flag */
- uint16_t x:1; /** header extension flag */
- uint16_t cc:4; /** CSRC count */
- uint16_t m:1; /** marker bit */
- uint16_t pt:7; /** payload type */
- uint16_t seq; /** sequence number */
- uint32_t ts; /** timestamp */
- uint32_t ssrc; /** synchronization source */
-} zrtp_rtp_hdr_t;
-
-/**
- * RTCP header structure
- * @ingroup dev_srtp
- */
-typedef struct
-{
- unsigned char version:2; /** protocol version */
- unsigned char p:1; /** padding flag */
- unsigned char rc:5; /** reception report count */
- unsigned char pt:8; /** payload type */
- uint16_t len; /** length */
- uint32_t ssrc; /** synchronization source */
-} zrtp_rtcp_hdr_t;
-
-typedef struct
-{
- unsigned int e:1; /** encrypted? 1=yes */
- unsigned int index:31; /** srtcp packet index */
-} zrtp_rtcp_trailer_t;
-
-#endif
-
-/**
- * RTP header extension structure
- * @ingroup dev_srtp
- */
-typedef struct
-{
- uint16_t profile_specific; /** profile-specific info */
- uint16_t length; /** number of 32-bit words in extension */
-} zrtp_rtp_hdr_xtnd_t;
-
-
-/** \endmanonly */
-
-#endif /* __ZRTP_TYPES_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_VERSION_H__
-#define __ZRTP_VERSION_H__
-
-#define LIBZRTP_VERSION_MAJOR 1
-
-#define LIBZRTP_VERSION_MINOR 20
-#define LIBZRTP_VERSION_BUILD 616
-#define LIBZRTP_VERSION_STR "v1.20 616"
-
-#endif /*__ZRTP_VERSION_H__*/
+++ /dev/null
-LOCAL_PATH := $(call my-dir)/../../..
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := libzrtp
-MY_SRC_PATH := src
-
-MY_SRC_FILES := $(MY_SRC_PATH)/zrtp.c \
- $(MY_SRC_PATH)/zrtp_crc.c \
- $(MY_SRC_PATH)/zrtp_crypto_aes.c \
- $(MY_SRC_PATH)/zrtp_crypto_atl.c \
- $(MY_SRC_PATH)/zrtp_crypto_hash.c \
- $(MY_SRC_PATH)/zrtp_crypto_pk.c \
- $(MY_SRC_PATH)/zrtp_crypto_sas.c \
- $(MY_SRC_PATH)/zrtp_datatypes.c \
- $(MY_SRC_PATH)/zrtp_engine.c \
- $(MY_SRC_PATH)/zrtp_engine_driven.c \
- $(MY_SRC_PATH)/zrtp_iface_cache.c \
- $(MY_SRC_PATH)/zrtp_iface_scheduler.c \
- $(MY_SRC_PATH)/zrtp_iface_sys.c \
- $(MY_SRC_PATH)/zrtp_initiator.c \
- $(MY_SRC_PATH)/zrtp_legal.c \
- $(MY_SRC_PATH)/zrtp_list.c \
- $(MY_SRC_PATH)/zrtp_log.c \
- $(MY_SRC_PATH)/zrtp_pbx.c \
- $(MY_SRC_PATH)/zrtp_protocol.c \
- $(MY_SRC_PATH)/zrtp_responder.c \
- $(MY_SRC_PATH)/zrtp_rng.c \
- $(MY_SRC_PATH)/zrtp_srtp_builtin.c \
- $(MY_SRC_PATH)/zrtp_srtp_dm.c \
- $(MY_SRC_PATH)/zrtp_string.c \
- $(MY_SRC_PATH)/zrtp_utils.c \
- $(MY_SRC_PATH)/zrtp_utils_proto.c
-
-MY_SRC_FILES += third_party/bgaes/aes_modes.c \
- third_party/bgaes/sha2.c \
- third_party/bgaes/sha1.c \
- third_party/bgaes/aestab.c \
- third_party/bgaes/aeskey.c \
- third_party/bgaes/aescrypt.c
-
-MY_SRC_FILES += third_party/bnlib/bn.c \
- third_party/bnlib/bn32.c \
- third_party/bnlib/bninit32.c \
- third_party/bnlib/lbn32.c \
- third_party/bnlib/lbnmem.c \
- third_party/bnlib/legal.c
-
-LOCAL_SRC_FILES := $(MY_SRC_FILES)
-
-LOCAL_EXPORT_C_INCLUDES := $(LOCAL_PATH)/include
-
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-LOCAL_C_INCLUDES += $(LOCAL_PATH)/third_party/bnlib
-LOCAL_C_INCLUDES += $(LOCAL_PATH)/third_party/bgaes
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -DANDROID_NDK=5
-
-#include $(BUILD_STATIC_LIBRARY)
-include $(BUILD_SHARED_LIBRARY)
-
-#
-# Dummy shared library to build libzrtp.a
-#
-
-# include $(CLEAR_VARS)
-#
-# LOCAL_MODULE := libzrtp-dummy
-# LOCAL_STATIC_LIBRARIES := libzrtp
-#
-# include $(BUILD_SHARED_LIBRARY)
+++ /dev/null
-/*
- ============================================================================
- Name : CDelayRuner.cpp
- Author : R. Drutsky
- Version : 1.0
- Copyright : Copyright (c) 2010 Soft Industry
- Description : CCDelayRuner implementation
- ============================================================================
- */
-
-#include "DelayRuner.h"
-#include "zrtp_iface_system.h"
-
-void zrtp_internal_delete_task_from_list(zrtp_stream_t* ctx, zrtp_retry_task_t* ztask);
-
-CDelayRuner::CDelayRuner() :
- CActive(EPriorityLow) // Standard priority
- {
- }
-
-CDelayRuner* CDelayRuner::NewLC()
- {
- CDelayRuner* self = new (ELeave) CDelayRuner();
- CleanupStack::PushL(self);
- self->ConstructL();
- return self;
- }
-
-CDelayRuner* CDelayRuner::NewL()
- {
- CDelayRuner* self = CDelayRuner::NewLC();
- CleanupStack::Pop(); // self;
- return self;
- }
-
-void CDelayRuner::ConstructL()
- {
- User::LeaveIfError(iTimer.CreateLocal()); // Initialize timer
- CActiveScheduler::Add(this); // Add to scheduler
- }
-
-CDelayRuner::~CDelayRuner()
- {
- Cancel(); // Cancel any request, if outstanding
- iTimer.Close(); // Destroy the RTimer object
- // Delete instance variables if any
- }
-
-void CDelayRuner::DoCancel()
- {
- iTimer.Cancel();
- }
-
-void CDelayRuner::StartL(zrtp_stream_t *ctx, zrtp_retry_task_t* ztask)
- {
- Cancel(); // Cancel any request, just to be sure
- //iState = EUninitialized;
- iCtx = ctx;
- iZTask = ztask;
- iTimer.After(iStatus, ztask->timeout * 1000); // Set for later
- SetActive(); // Tell scheduler a request is active
- }
-
-void CDelayRuner::RunL()
- {
- if (iStatus == KErrNone)
- {
- // Do something useful
- iZTask->_is_busy = 1 ; // may be we don't need this
- (iZTask->callback)(iCtx,iZTask);
- iZTask->_is_busy = 0 ; // may be we don't need this
- }
- zrtp_internal_delete_task_from_list(iCtx,iZTask);
- }
-
-TInt CDelayRuner::RunError(TInt aError)
- {
- return aError;
- }
+++ /dev/null
-/*
- ============================================================================
- Name : CDelayRuner.h
- Author : R. Drutsky
- Version : 1.0
- Copyright : Copyright (c) 2010 Soft Industry
- Description : CDelayRuner declaration
- ============================================================================
- */
-
-#ifndef DELAYRUNER_H
-#define DELAYRUNER_H
-
-#include <e32base.h> // For CActive, link against: euser.lib
-#include <e32std.h> // For RTimer, link against: euser.lib
-
-#include <zrtp.h>
-class CDelayRuner : public CActive
- {
-public:
- // Cancel and destroy
- ~CDelayRuner();
-
- // Two-phased constructor.
- static CDelayRuner* NewL();
-
- // Two-phased constructor.
- static CDelayRuner* NewLC();
-
-public:
- // New functions
- // Function for making the initial request
- void StartL(zrtp_stream_t *ctx, zrtp_retry_task_t* ztask);
-
-private:
- // C++ constructor
- CDelayRuner();
-
- // Second-phase constructor
- void ConstructL();
-
-private:
- // From CActive
- // Handle completion
- void RunL();
-
- // How to cancel me
- void DoCancel();
-
- // Override to handle leaves from RunL(). Default implementation causes
- // the active scheduler to panic.
- TInt RunError(TInt aError);
-
-private:
- enum TCDelayRunerState
- {
- EUninitialized, // Uninitialized
- EInitialized, // Initalized
- EError
- // Error condition
- };
-
-private:
- TInt iState; // State of the active object
- RTimer iTimer; // Provides async timing service
-
- zrtp_stream_t *iCtx;
- zrtp_retry_task_t * iZTask;
-
- };
-
-#endif // CDELAYRUNER_H
+++ /dev/null
-bldmake bldfiles
\ No newline at end of file
+++ /dev/null
-/*\r
- * Copyright (c) 2006-2007 Philip R. Zimmermann. All rights reserved.\r
- * Contact: http://philzimmermann.com\r
- * \r
- * Nikolay Popok mailto: <chaser@soft-industry.com>\r
- *\r
- */\r
-\r
-PRJ_MMPFILES\r
-libzrtp.mmp\r
-\r
-PRJ_PLATFORMS\r
-WINSCW GCCE WINC\r
+++ /dev/null
-abld build gcce urel\r
-pause
\ No newline at end of file
+++ /dev/null
-/*\r
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.\r
- * Contact: http://philzimmermann.com\r
- * For licensing and other legal details, see the file zrtp_legal.c.\r
- */\r
-\r
-TARGET libzrtp.lib\r
-TARGETTYPE lib\r
-UID 0x0FFFFFF0\r
- \r
-VENDORID 0\r
-\r
-//OPTION GCC +Wno-ctor-dtor-privacy\r
-MACRO ZRTP_USE_STACK_MINIM\r
-\r
-USERINCLUDE .\r
-\r
-SOURCEPATH .\r
-SOURCE DelayRuner.cpp\r
-SOURCE zrtp_iface_symb.cpp\r
-\r
-SOURCEPATH ..\..\third_party\bnlib\r
-SOURCE bn.c\r
-SOURCE bn32.c\r
-SOURCE bninit32.c\r
-SOURCE lbn32.c\r
-SOURCE lbnmem.c\r
-SOURCE legal.c\r
-\r
-SOURCEPATH ..\..\src\r
-SOURCE zrtp_crc.c\r
-SOURCE zrtp_crypto_aes.c\r
-SOURCE zrtp_crypto_atl.c\r
-SOURCE zrtp_crypto_hash.c\r
-SOURCE zrtp_crypto_pk.c\r
-SOURCE zrtp_crypto_sas.c\r
-SOURCE zrtp_datatypes.c\r
-SOURCE zrtp_engine.c\r
-SOURCE zrtp_iface_cache.c\r
-SOURCE zrtp_iface_scheduler.c\r
-SOURCE zrtp_iface_sys.c\r
-SOURCE zrtp_initiator.c\r
-SOURCE zrtp_list.c\r
-SOURCE zrtp_log.c\r
-SOURCE zrtp_pbx.c\r
-SOURCE zrtp_protocol.c\r
-SOURCE zrtp_responder.c\r
-SOURCE zrtp_rng.c\r
-SOURCE zrtp_srtp_builtin.c\r
-SOURCE zrtp_string.c\r
-SOURCE zrtp_utils.c\r
-SOURCE zrtp_utils_proto.c\r
-SOURCE zrtp.c\r
-\r
-SOURCEPATH ..\..\third_party\bgaes\r
-SOURCE aes_modes.c\r
-SOURCE aescrypt.c\r
-SOURCE aeskey.c\r
-SOURCE aestab.c\r
-SOURCE sha1.c\r
-SOURCE sha2.c\r
-\r
-SYSTEMINCLUDE ..\..\.\r
-SYSTEMINCLUDE ..\..\include\r
-SYSTEMINCLUDE ..\..\third_party\bnlib\r
-SYSTEMINCLUDE ..\..\third_party\bgaes\r
-\r
-SYSTEMINCLUDE \epoc32\include\r
-SYSTEMINCLUDE \epoc32\include\libc\r
-\r
-LIBRARY euser.lib \r
-\r
-SOURCEPATH ..\..\src\r
-SOURCE zrtp_crypto_ec.c zrtp_crypto_ecdh.c zrtp_crypto_ecdsa.c zrtp_engine_driven.c zrtp_legal.c zrtp_srtp_dm.c\r
+++ /dev/null
-/*
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- */
-
-#include <charconv.h>
-#include <stdarg.h>
-#include <sys/time.h>
-
-#include <e32msgqueue.h>
-
-#include <UNISTD.H>
-#include <e32base.h>
-#include <e32math.h>
-
-#include <zrtp.h>
-
-extern "C"
-{
-/**
- * @brief Get kernel-generated random number
- * @bug seems not work
- * @return 32 random bits
- */
-uint32_t zrtp_symbian_kernel_random();
-
-/**
- * @brief Pseudo random number: sum of pid's shifted and xored by number of precceses
- * @return
- */
-uint32_t zrtp_sum_of_pid_and_number_of_poccesses();
-
-/**
- * @brief Number of milisecond past from particular date and time
- * @return
- */
-uint64_t zrtp_get_system_time_crazy();
-
-/**
- * @brief Current procces PID
- * @return PID
- */
-unsigned int zrtp_get_pid();
-
-/**
- * @brief Availible memory
- * @return memory availible on heap
- */
-uint32_t zrtp_get_availible_heap();
-
-}
-
-
-
-//-----------------------------------------------------------------------------
-zrtp_status_t zrtp_mutex_init(zrtp_mutex_t **mutex) {
- RMutex *rmutex = new RMutex();
- //rmutex->CreateLocal(); was before
- rmutex->CreateGlobal(KNullDesC);
- *mutex = (zrtp_mutex_t*) rmutex;
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_lock(zrtp_mutex_t* mutex) {
- RMutex *rmutex = (RMutex *) mutex;
- rmutex->Wait();
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_unlock(zrtp_mutex_t* mutex) {
- RMutex *rmutex = (RMutex *) mutex;
- rmutex->Signal();
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_destroy(zrtp_mutex_t* mutex) {
- RMutex *rmutex = (RMutex *) mutex;
- if (rmutex) {
- rmutex->Close();
- delete rmutex;
- }
- return zrtp_status_ok;
-}
-
-//-----------------------------------------------------------------------------
-zrtp_status_t zrtp_sem_init(zrtp_sem_t** sem, uint32_t value, uint32_t limit) {
- RSemaphore *rsem = new RSemaphore();
- //rsem->CreateLocal(value);
- rsem->CreateGlobal(KNullDesC,value);
- *sem = (zrtp_sem_t*) rsem;
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_destroy(zrtp_sem_t* sem) {
- RSemaphore *rsem = (RSemaphore *) sem;
- if (rsem) {
- rsem->Close();
- delete rsem;
- }
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_wait(zrtp_sem_t* sem) {
- RSemaphore *rsem = (RSemaphore *) sem;
- rsem->Wait();
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_trtwait(zrtp_sem_t* sem) {
- RSemaphore *rsem = (RSemaphore *) sem;
- rsem->Wait(1000);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_post(zrtp_sem_t* sem) {
- RSemaphore *rsem = (RSemaphore *) sem;
- rsem->Signal();
- return zrtp_status_ok;
-}
-
-//-----------------------------------------------------------------------------
-int zrtp_sleep(unsigned int msec) {
- TTimeIntervalMicroSeconds32 i(msec *1000);
- User::After(i);
- return 0;
-}
-
-int zrtp_thread_create(zrtp_thread_routine_t start_routine, void *arg) {
- RThread h;
- TBuf<64> thName=_L("zrtp_thread");
-
- h.Create(thName, start_routine, KDefaultStackSize*2, NULL, arg) ;
- h.Resume();
- h.Close();
-
- return NULL;
-}
-//-----------------------------------------------------------------------------
-// For Scheduler
-#if (defined(ZRTP_USE_BUILTIN_SCEHDULER) && (ZRTP_USE_BUILTIN_SCEHDULER ==1))
-
-#include "DelayRuner.h"
-#include "zrtp_error.h"
-mlist_t tasks_head_s;
-static uint8_t inited = 0 ;
-static uint8_t is_running = 0;
-
-typedef struct {
- zrtp_stream_t *ctx; /** ZRTP stream context associated with the task */
- zrtp_retry_task_t *ztask; /** ZRTP stream associated with the task */
- mlist_t _mlist;
- CDelayRuner* ao; // Active object
-} zrtp_sched_task_s_t;
-
-zrtp_status_t zrtp_def_scheduler_init(zrtp_global_t* zrtp)
-{
- zrtp_status_t status = zrtp_status_ok;
- ZRTP_LOG(3,("symbian","Init start"));
- if (inited) {
- return zrtp_status_ok;
- }
-
- do {
- init_mlist(&tasks_head_s);
- is_running = 1;
- inited = 1;
- } while (0);
-
- ZRTP_LOG(3,("symbian","Init end"));
- return status;
-}
-
-void zrtp_def_scheduler_down()
-{
- ZRTP_LOG(3,("symbian","Down start"));
- mlist_t *node = 0, *tmp = 0;
-
- if (!inited) {
- return;
- }
-
- /* Stop main thread */
- is_running = 0;
-// zrtp_sem_post(count);
-
- /* Then destroy tasks queue and realease all other resources */
- //zrtp_mutex_lock(protector);
-
- mlist_for_each_safe(node, tmp, &tasks_head_s) {
- zrtp_sched_task_s_t* task = mlist_get_struct(zrtp_sched_task_s_t, _mlist, node);
- if (task->ao!=NULL)
- {
- delete task->ao;
- }
- zrtp_sys_free(task);
- }
- init_mlist(&tasks_head_s);
-
-// zrtp_mutex_unlock(protector);
-
-// zrtp_mutex_destroy(protector);
-// zrtp_sem_destroy(count);
-
- ZRTP_LOG(3,("symbian","Down end"));
- inited = 0;
-}
-
-
-void zrtp_def_scheduler_call_later(zrtp_stream_t *ctx, zrtp_retry_task_t* ztask)
-{
-// ZRTP_LOG(3,("symbian","CallLater start"));
- //mlist_t *node=0, *tmp=0;
- mlist_t* last = &tasks_head_s;
-
- //zrtp_mutex_lock(protector);
-
- if (!ztask->_is_enabled) {
- //zrtp_mutex_unlock(protector);
- return;
- }
-
- do {
- zrtp_sched_task_s_t* new_task = (zrtp_sched_task_s_t*)zrtp_sys_alloc(sizeof(zrtp_sched_task_s_t));
- if (!new_task) {
- break;
- }
-
- new_task->ctx = ctx;
- new_task->ztask = ztask;
- new_task->ao = CDelayRuner::NewL();
-
- mlist_insert(last, &new_task->_mlist);
-
- new_task->ao->StartL(ctx,ztask);
- //zrtp_sem_post(count);
- } while (0);
-
- //ZRTP_LOG(3,("symbian","CallLater end"));
- //zrtp_mutex_unlock(protector);
-}
-
-void zrtp_def_scheduler_cancel_call_later(zrtp_stream_t* ctx, zrtp_retry_task_t* ztask)
-{
- mlist_t *node=0, *tmp=0;
- ZRTP_LOG(3,("symbian","CancelcallLater start"));
-// zrtp_mutex_lock(protector);
-
- mlist_for_each_safe(node, tmp, &tasks_head_s) {
- zrtp_sched_task_s_t* task = mlist_get_struct(zrtp_sched_task_s_t, _mlist, node);
- if ((task->ctx == ctx) && ((task->ztask == ztask) || !ztask)) {
- task->ao->Cancel();
- delete task->ao; // Cancel and delete task
- mlist_del(&task->_mlist);
- zrtp_sys_free(task);
- //zrtp_sem_trtwait(count);
- if (ztask) {
- break;
- }
- }
- }
- ZRTP_LOG(3,("symbian","CancelCallLater done"));
-// zrtp_mutex_unlock(protector);
-}
-
-void zrtp_internal_delete_task_from_list(zrtp_stream_t* ctx, zrtp_retry_task_t* ztask)
- {
- mlist_t *node=0, *tmp=0;
- ZRTP_LOG(3,("symbian","DelTask begin"));
- mlist_for_each_safe(node, tmp, &tasks_head_s)
- {
- zrtp_sched_task_s_t* task = mlist_get_struct(zrtp_sched_task_s_t, _mlist, node);
- if ((task->ctx == ctx) && ((task->ztask == ztask) || !ztask))
- {
- delete task->ao; // Cancel and delete task
- mlist_del(&task->_mlist);
- zrtp_sys_free(task);
- ZRTP_LOG(3,("symbian","DelTask Del"));
- //zrtp_sem_trtwait(count);
- if (ztask)
- {
- break;
- }
- }
- }
- ZRTP_LOG(3,("symbian","DelTask end"));
- }
-
-void zrtp_def_scheduler_wait_call_later(zrtp_stream_t* ctx)
-{
-}
-#endif // ZRTP_USE_BUILTIN_SCEHDULER
-//-----------------------------------------------------------------------------
-
-unsigned int zrtp_get_pid()
- {
- return getpid();
- }
-
-uint64_t zrtp_get_system_time_crazy()
- {
- TTime time;
-
- return time.MicroSecondsFrom(TTime(TDateTime (491,EAugust,7,3,37,17,347))).Int64();
- }
-
-uint32_t zrtp_sum_of_pid_and_number_of_poccesses()
- {
- TFindProcess fp;
- RProcess procces;
- TFullName proccesName;
- uint_32t idsum=1;
- uint_32t proccesCount=0;
- fp.Find(KNullDesC);
- while (fp.Next(proccesName)==KErrNone)
- {
- if (procces.Open(proccesName,EOwnerProcess)==KErrNone)
- {
- idsum+=procces.Id();
- proccesCount++;
- procces.Close();
- }
- }
- idsum = (idsum << 3) xor proccesCount;
- return idsum;
- }
-
-uint32_t zrtp_get_availible_heap()
- {
- return User::Heap().MaxLength();
- }
-
-uint32_t zrtp_symbian_kernel_random()
- {
- return Math::Random();
- }
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
- <ItemGroup>\r
- <Filter Include="include">\r
- <UniqueIdentifier>{c0e76076-0032-445d-8c07-32b6c762622b}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="src">\r
- <UniqueIdentifier>{a03c0d83-0032-4848-9704-22cdce5ab144}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="bnlib">\r
- <UniqueIdentifier>{dbe8a34e-0032-495e-8df7-e82218921e60}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="bgaes">\r
- <UniqueIdentifier>{96d1a5c9-0032-4230-a764-a0ed11f434a7}</UniqueIdentifier>\r
- </Filter>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClInclude Include="..\..\include\zrtp.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_base.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config_user.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config_win.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_crypto.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_ec.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_engine.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_error.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_builtin.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_cache.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_system.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_legal.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_list.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_log.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_pbx.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_protocol.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_srtp.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_srtp_builtin.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_string.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_types.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_utils.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_version.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bn.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bn32.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bnsize00.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\kludge.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbn.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbn32.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbnmem.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\legal.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aes.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aesopt.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aestab.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\bg2zrtp.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\brg_types.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\sha1.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\sha2.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClCompile Include="..\..\src\zrtp.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crc.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_aes.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_atl.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_hash.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_pk.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_sas.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_datatypes.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_engine.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_engine_driven.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_cache.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_scheduler.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_sys.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_initiator.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_legal.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_list.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_log.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_pbx.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_protocol.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_responder.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_rng.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_srtp_builtin.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_string.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_utils.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_utils_proto.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bn.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bn32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bninit32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bntest00.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\lbn32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\lbnmem.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\legal.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aes_modes.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aescrypt.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aeskey.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aestab.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\sha1.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\sha2.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_ec.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_ecdh.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <None Include="..\..\ChangeLog" />\r
- <None Include="..\..\News" />\r
- </ItemGroup>\r
-</Project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
- <ItemGroup Label="ProjectConfigurations">
- <ProjectConfiguration Include="Debug|Win32">
- <Configuration>Debug</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Debug|x64">
- <Configuration>Debug</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|Win32">
- <Configuration>Release</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
- <ProjectConfiguration Include="Release|x64">
- <Configuration>Release</Configuration>
- <Platform>x64</Platform>
- </ProjectConfiguration>
- </ItemGroup>
- <PropertyGroup Label="Globals">
- <ProjectGuid>{C13CC324-0032-4492-9A30-310A6BD64FF5}</ProjectGuid>
- <RootNamespace>libzrtp.x32</RootNamespace>
- <Keyword>Win32Proj</Keyword>
- <ProjectName>libzrtp</ProjectName>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
- <ConfigurationType>StaticLibrary</ConfigurationType>
- <CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
- <ConfigurationType>StaticLibrary</ConfigurationType>
- <CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
- <ConfigurationType>StaticLibrary</ConfigurationType>
- <CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
- </PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
- <ConfigurationType>StaticLibrary</ConfigurationType>
- <CharacterSet>Unicode</CharacterSet>
- <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
- </PropertyGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
- <ImportGroup Label="ExtensionSettings">
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
- <Import Project="..\..\..\..\w32\extlib.props" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
- <Import Project="..\..\..\..\w32\extlib.props" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
- <Import Project="..\..\..\..\w32\extlib.props" />
- </ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
- <Import Project="..\..\..\..\w32\extlib.props" />
- </ImportGroup>
- <PropertyGroup Label="UserMacros" />
- <PropertyGroup>
- <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
- </PropertyGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
- <ClCompile>
- <Optimization>Disabled</Optimization>
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;../../test/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=0;ZRTP_USE_BUILTIN_CACHE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <MinimalRebuild>true</MinimalRebuild>
- <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
- <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
- <StructMemberAlignment>Default</StructMemberAlignment>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
- <CompileAs>CompileAsC</CompileAs>
- <DisableSpecificWarnings>4267;%(DisableSpecificWarnings)</DisableSpecificWarnings>
- </ClCompile>
- <Lib />
- <PreBuildEvent>
- <Command>if not exist "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h" copy "$(ProjectDir)..\..\third_party\bnlib\bnconfig.win" "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h"</Command>
- </PreBuildEvent>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <ClCompile>
- <Optimization>Disabled</Optimization>
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;../../test/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=0;ZRTP_USE_BUILTIN_CACHE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
- <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
- <StructMemberAlignment>Default</StructMemberAlignment>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
- <CompileAs>CompileAsC</CompileAs>
- <DisableSpecificWarnings>4267;%(DisableSpecificWarnings)</DisableSpecificWarnings>
- </ClCompile>
- <Lib />
- <PreBuildEvent>
- <Command>if not exist "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h" copy "$(ProjectDir)..\..\third_party\bnlib\bnconfig.win" "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h"</Command>
- </PreBuildEvent>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
- <ClCompile>
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=0;ZRTP_USE_BUILTIN_CACHE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <ExceptionHandling>
- </ExceptionHandling>
- <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
- <StructMemberAlignment>Default</StructMemberAlignment>
- <BufferSecurityCheck>false</BufferSecurityCheck>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
- <CompileAs>CompileAsC</CompileAs>
- <DisableSpecificWarnings>4267;%(DisableSpecificWarnings)</DisableSpecificWarnings>
- </ClCompile>
- <Lib />
- <PreBuildEvent>
- <Command>if not exist "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h" copy "$(ProjectDir)..\..\third_party\bnlib\bnconfig.win" "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h"</Command>
- </PreBuildEvent>
- </ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
- <ClCompile>
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
- <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=0;ZRTP_USE_BUILTIN_CACHE=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <ExceptionHandling>
- </ExceptionHandling>
- <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
- <StructMemberAlignment>Default</StructMemberAlignment>
- <BufferSecurityCheck>false</BufferSecurityCheck>
- <PrecompiledHeader>
- </PrecompiledHeader>
- <WarningLevel>Level3</WarningLevel>
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
- <CompileAs>CompileAsC</CompileAs>
- <DisableSpecificWarnings>4267;%(DisableSpecificWarnings)</DisableSpecificWarnings>
- </ClCompile>
- <Lib />
- <PreBuildEvent>
- <Command>if not exist "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h" copy "$(ProjectDir)..\..\third_party\bnlib\bnconfig.win" "$(ProjectDir)..\..\third_party\bnlib\bnconfig.h"</Command>
- </PreBuildEvent>
- </ItemDefinitionGroup>
- <ItemGroup>
- <ClInclude Include="..\..\include\zrtp.h" />
- <ClInclude Include="..\..\include\zrtp_base.h" />
- <ClInclude Include="..\..\include\zrtp_config.h" />
- <ClInclude Include="..\..\include\zrtp_config_user.h" />
- <ClInclude Include="..\..\include\zrtp_config_win.h" />
- <ClInclude Include="..\..\include\zrtp_crypto.h" />
- <ClInclude Include="..\..\include\zrtp_ec.h" />
- <ClInclude Include="..\..\include\zrtp_engine.h" />
- <ClInclude Include="..\..\include\zrtp_error.h" />
- <ClInclude Include="..\..\include\zrtp_iface.h" />
- <ClInclude Include="..\..\include\zrtp_iface_cache.h" />
- <ClInclude Include="..\..\include\zrtp_iface_system.h" />
- <ClInclude Include="..\..\include\zrtp_legal.h" />
- <ClInclude Include="..\..\include\zrtp_list.h" />
- <ClInclude Include="..\..\include\zrtp_log.h" />
- <ClInclude Include="..\..\include\zrtp_pbx.h" />
- <ClInclude Include="..\..\include\zrtp_protocol.h" />
- <ClInclude Include="..\..\include\zrtp_srtp.h" />
- <ClInclude Include="..\..\include\zrtp_srtp_builtin.h" />
- <ClInclude Include="..\..\include\zrtp_string.h" />
- <ClInclude Include="..\..\include\zrtp_types.h" />
- <ClInclude Include="..\..\include\zrtp_version.h" />
- <ClInclude Include="..\..\third_party\bnlib\bn.h" />
- <ClInclude Include="..\..\third_party\bnlib\bn32.h" />
- <ClInclude Include="..\..\third_party\bnlib\bnsize00.h" />
- <ClInclude Include="..\..\third_party\bnlib\kludge.h" />
- <ClInclude Include="..\..\third_party\bnlib\lbn.h" />
- <ClInclude Include="..\..\third_party\bnlib\lbn32.h" />
- <ClInclude Include="..\..\third_party\bnlib\lbnmem.h" />
- <ClInclude Include="..\..\third_party\bnlib\legal.h" />
- <ClInclude Include="..\..\third_party\bgaes\aes.h" />
- <ClInclude Include="..\..\third_party\bgaes\aesopt.h" />
- <ClInclude Include="..\..\third_party\bgaes\aestab.h" />
- <ClInclude Include="..\..\third_party\bgaes\bg2zrtp.h" />
- <ClInclude Include="..\..\third_party\bgaes\brg_types.h" />
- <ClInclude Include="..\..\third_party\bgaes\sha1.h" />
- <ClInclude Include="..\..\third_party\bgaes\sha2.h" />
- </ItemGroup>
- <ItemGroup>
- <ClCompile Include="..\..\src\zrtp.c" />
- <ClCompile Include="..\..\src\zrtp_crc.c" />
- <ClCompile Include="..\..\src\zrtp_crypto_aes.c" />
- <ClCompile Include="..\..\src\zrtp_crypto_atl.c" />
- <ClCompile Include="..\..\src\zrtp_crypto_ec.c" />
- <ClCompile Include="..\..\src\zrtp_crypto_ecdh.c" />
- <ClCompile Include="..\..\src\zrtp_crypto_hash.c" />
- <ClCompile Include="..\..\src\zrtp_crypto_pk.c" />
- <ClCompile Include="..\..\src\zrtp_crypto_sas.c" />
- <ClCompile Include="..\..\src\zrtp_datatypes.c" />
- <ClCompile Include="..\..\src\zrtp_engine.c" />
- <ClCompile Include="..\..\src\zrtp_engine_driven.c" />
- <ClCompile Include="..\..\src\zrtp_iface_cache.c" />
- <ClCompile Include="..\..\src\zrtp_iface_scheduler.c" />
- <ClCompile Include="..\..\src\zrtp_iface_sys.c" />
- <ClCompile Include="..\..\src\zrtp_initiator.c" />
- <ClCompile Include="..\..\src\zrtp_legal.c" />
- <ClCompile Include="..\..\src\zrtp_list.c" />
- <ClCompile Include="..\..\src\zrtp_log.c" />
- <ClCompile Include="..\..\src\zrtp_pbx.c" />
- <ClCompile Include="..\..\src\zrtp_protocol.c" />
- <ClCompile Include="..\..\src\zrtp_responder.c" />
- <ClCompile Include="..\..\src\zrtp_rng.c" />
- <ClCompile Include="..\..\src\zrtp_srtp_builtin.c" />
- <ClCompile Include="..\..\src\zrtp_string.c" />
- <ClCompile Include="..\..\src\zrtp_utils.c" />
- <ClCompile Include="..\..\src\zrtp_utils_proto.c" />
- <ClCompile Include="..\..\third_party\bnlib\bn.c" />
- <ClCompile Include="..\..\third_party\bnlib\bn32.c" />
- <ClCompile Include="..\..\third_party\bnlib\bninit32.c" />
- <ClCompile Include="..\..\third_party\bnlib\bntest00.c" />
- <ClCompile Include="..\..\third_party\bnlib\lbn32.c" />
- <ClCompile Include="..\..\third_party\bnlib\lbnmem.c" />
- <ClCompile Include="..\..\third_party\bnlib\legal.c" />
- <ClCompile Include="..\..\third_party\bgaes\aes_modes.c" />
- <ClCompile Include="..\..\third_party\bgaes\aescrypt.c" />
- <ClCompile Include="..\..\third_party\bgaes\aeskey.c" />
- <ClCompile Include="..\..\third_party\bgaes\aestab.c" />
- <ClCompile Include="..\..\third_party\bgaes\sha1.c" />
- <ClCompile Include="..\..\third_party\bgaes\sha2.c" />
- </ItemGroup>
- <ItemGroup>
- <None Include="..\..\ChangeLog" />
- <None Include="..\..\News" />
- </ItemGroup>
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
- <ImportGroup Label="ExtensionTargets">
- </ImportGroup>
-</Project>
\ No newline at end of file
+++ /dev/null
-Microsoft Visual Studio Solution File, Format Version 10.00\r
-# Visual Studio 2008\r
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libzrtp_test", "libzrtp_test.vcproj", "{BA35741B-8C8E-4A39-9CA1-0CE032D6E4ED}"\r
- ProjectSection(ProjectDependencies) = postProject\r
- {C13CC324-E0CA-4492-9A30-310A6BD64FF5} = {C13CC324-E0CA-4492-9A30-310A6BD64FF5}\r
- EndProjectSection\r
-EndProject\r
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libzrtp", "libzrtp.vcproj", "{C13CC324-E0CA-4492-9A30-310A6BD64FF5}"\r
-EndProject\r
-Global\r
- GlobalSection(SolutionConfigurationPlatforms) = preSolution\r
- Debug|Win32 = Debug|Win32\r
- Release|Win32 = Release|Win32\r
- EndGlobalSection\r
- GlobalSection(ProjectConfigurationPlatforms) = postSolution\r
- {BA35741B-8C8E-4A39-9CA1-0CE032D6E4ED}.Debug|Win32.ActiveCfg = Debug|Win32\r
- {BA35741B-8C8E-4A39-9CA1-0CE032D6E4ED}.Debug|Win32.Build.0 = Debug|Win32\r
- {BA35741B-8C8E-4A39-9CA1-0CE032D6E4ED}.Release|Win32.ActiveCfg = Release|Win32\r
- {BA35741B-8C8E-4A39-9CA1-0CE032D6E4ED}.Release|Win32.Build.0 = Release|Win32\r
- {C13CC324-E0CA-4492-9A30-310A6BD64FF5}.Debug|Win32.ActiveCfg = Debug|Win32\r
- {C13CC324-E0CA-4492-9A30-310A6BD64FF5}.Debug|Win32.Build.0 = Debug|Win32\r
- {C13CC324-E0CA-4492-9A30-310A6BD64FF5}.Release|Win32.ActiveCfg = Release|Win32\r
- {C13CC324-E0CA-4492-9A30-310A6BD64FF5}.Release|Win32.Build.0 = Release|Win32\r
- EndGlobalSection\r
- GlobalSection(SolutionProperties) = preSolution\r
- HideSolutionNode = FALSE\r
- EndGlobalSection\r
-EndGlobal\r
+++ /dev/null
-<?xml version="1.0" encoding="windows-1251"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="9,00"\r
- Name="libzrtp"\r
- ProjectGUID="{C13CC324-E0CA-4492-9A30-310A6BD64FF5}"\r
- RootNamespace="libzrtp"\r
- Keyword="Win32Proj"\r
- TargetFrameworkVersion="131072"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Win32"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"\r
- CharacterSet="2"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="../../include;../../third_party/bnlib;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=1"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="1"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="3"\r
- CompileAs="1"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- OutputFile="$(OutDir)/libzrtp.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"\r
- CharacterSet="2"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="../../include;../../third_party/bnlib;../../third_party/bgaes"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=1"\r
- ExceptionHandling="0"\r
- RuntimeLibrary="0"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="3"\r
- CompileAs="1"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- OutputFile="$(OutDir)/libzrtp.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="include"\r
- >\r
- <File\r
- RelativePath="..\..\include\zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_base.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_user.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_win.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_crypto.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_ec.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_engine.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_error.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_builtin.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_cache.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_system.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_legal.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_list.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_log.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_pbx.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_protocol.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp_builtin.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_string.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_utils.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_version.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="src"\r
- >\r
- <File\r
- RelativePath="..\..\src\zrtp.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_aes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_atl.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_ec.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_ecdh.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_hash.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_pk.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_sas.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_datatypes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_engine.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_engine_driven.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_cache.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_scheduler.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_sys.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_initiator.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_legal.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_list.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_log.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_pbx.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_protocol.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_responder.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_rng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_srtp_builtin.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_string.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils_proto.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bnlib"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bninit32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bnsize00.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bntest00.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\kludge.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bgaes"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes_modes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aescrypt.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aeskey.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aesopt.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\bg2zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\brg_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.h"\r
- >\r
- </File>\r
- </Filter>\r
- <File\r
- RelativePath="..\..\ChangeLog"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\News"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
- <ItemGroup Label="ProjectConfigurations">\r
- <ProjectConfiguration Include="Debug|Win32">\r
- <Configuration>Debug</Configuration>\r
- <Platform>Win32</Platform>\r
- </ProjectConfiguration>\r
- <ProjectConfiguration Include="Release|Win32">\r
- <Configuration>Release</Configuration>\r
- <Platform>Win32</Platform>\r
- </ProjectConfiguration>\r
- </ItemGroup>\r
- <PropertyGroup Label="Globals">\r
- <ProjectGuid>{C13CC324-0032-4492-9A30-310A6BD64FF5}</ProjectGuid>\r
- <RootNamespace>libzrtp.x32</RootNamespace>\r
- <Keyword>Win32Proj</Keyword>\r
- </PropertyGroup>\r
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />\r
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">\r
- <ConfigurationType>StaticLibrary</ConfigurationType>\r
- <CharacterSet>MultiByte</CharacterSet>\r
- </PropertyGroup>\r
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">\r
- <ConfigurationType>StaticLibrary</ConfigurationType>\r
- <CharacterSet>MultiByte</CharacterSet>\r
- </PropertyGroup>\r
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />\r
- <ImportGroup Label="ExtensionSettings">\r
- </ImportGroup>\r
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">\r
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />\r
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />\r
- </ImportGroup>\r
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">\r
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />\r
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />\r
- </ImportGroup>\r
- <PropertyGroup Label="UserMacros" />\r
- <PropertyGroup>\r
- <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>\r
- <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>\r
- <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(Configuration).x32\</IntDir>\r
- <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>\r
- <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(Configuration).x32\</IntDir>\r
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>\r
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />\r
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" />\r
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">AllRules.ruleset</CodeAnalysisRuleSet>\r
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />\r
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" />\r
- </PropertyGroup>\r
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">\r
- <ClCompile>\r
- <Optimization>Disabled</Optimization>\r
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;../../test/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
- <MinimalRebuild>true</MinimalRebuild>\r
- <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>\r
- <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>\r
- <StructMemberAlignment>Default</StructMemberAlignment>\r
- <PrecompiledHeader>\r
- </PrecompiledHeader>\r
- <WarningLevel>Level3</WarningLevel>\r
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>\r
- <CompileAs>CompileAsC</CompileAs>\r
- </ClCompile>\r
- <Lib>\r
- <OutputFile>$(OutDir)libzrtp.x32.lib</OutputFile>\r
- </Lib>\r
- </ItemDefinitionGroup>\r
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">\r
- <ClCompile>\r
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
- <ExceptionHandling>\r
- </ExceptionHandling>\r
- <RuntimeLibrary>MultiThreaded</RuntimeLibrary>\r
- <StructMemberAlignment>Default</StructMemberAlignment>\r
- <BufferSecurityCheck>false</BufferSecurityCheck>\r
- <PrecompiledHeader>\r
- </PrecompiledHeader>\r
- <WarningLevel>Level3</WarningLevel>\r
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>\r
- <CompileAs>CompileAsC</CompileAs>\r
- </ClCompile>\r
- <Lib>\r
- <OutputFile>$(OutDir)libzrtp.x32.lib</OutputFile>\r
- </Lib>\r
- </ItemDefinitionGroup>\r
- <ItemGroup>\r
- <ClInclude Include="..\..\include\zrtp.h" />\r
- <ClInclude Include="..\..\include\zrtp_base.h" />\r
- <ClInclude Include="..\..\include\zrtp_config.h" />\r
- <ClInclude Include="..\..\include\zrtp_config_user.h" />\r
- <ClInclude Include="..\..\include\zrtp_config_win.h" />\r
- <ClInclude Include="..\..\include\zrtp_crypto.h" />\r
- <ClInclude Include="..\..\include\zrtp_ec.h" />\r
- <ClInclude Include="..\..\include\zrtp_engine.h" />\r
- <ClInclude Include="..\..\include\zrtp_error.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface_builtin.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface_cache.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface_system.h" />\r
- <ClInclude Include="..\..\include\zrtp_legal.h" />\r
- <ClInclude Include="..\..\include\zrtp_list.h" />\r
- <ClInclude Include="..\..\include\zrtp_log.h" />\r
- <ClInclude Include="..\..\include\zrtp_pbx.h" />\r
- <ClInclude Include="..\..\include\zrtp_protocol.h" />\r
- <ClInclude Include="..\..\include\zrtp_srtp.h" />\r
- <ClInclude Include="..\..\include\zrtp_srtp_builtin.h" />\r
- <ClInclude Include="..\..\include\zrtp_string.h" />\r
- <ClInclude Include="..\..\include\zrtp_types.h" />\r
- <ClInclude Include="..\..\include\zrtp_utils.h" />\r
- <ClInclude Include="..\..\include\zrtp_version.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\bn.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\bn32.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\bnsize00.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\kludge.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\lbn.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\lbn32.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\lbnmem.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\legal.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\aes.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\aesopt.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\aestab.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\bg2zrtp.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\brg_types.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\sha1.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\sha2.h" />\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClCompile Include="..\..\src\zrtp.c" />\r
- <ClCompile Include="..\..\src\zrtp_crc.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_aes.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_atl.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_ec.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_ecdh.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_hash.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_pk.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_sas.c" />\r
- <ClCompile Include="..\..\src\zrtp_datatypes.c" />\r
- <ClCompile Include="..\..\src\zrtp_engine.c" />\r
- <ClCompile Include="..\..\src\zrtp_engine_driven.c" />\r
- <ClCompile Include="..\..\src\zrtp_iface_cache.c" />\r
- <ClCompile Include="..\..\src\zrtp_iface_scheduler.c" />\r
- <ClCompile Include="..\..\src\zrtp_iface_sys.c" />\r
- <ClCompile Include="..\..\src\zrtp_initiator.c" />\r
- <ClCompile Include="..\..\src\zrtp_legal.c" />\r
- <ClCompile Include="..\..\src\zrtp_list.c" />\r
- <ClCompile Include="..\..\src\zrtp_log.c" />\r
- <ClCompile Include="..\..\src\zrtp_pbx.c" />\r
- <ClCompile Include="..\..\src\zrtp_protocol.c" />\r
- <ClCompile Include="..\..\src\zrtp_responder.c" />\r
- <ClCompile Include="..\..\src\zrtp_rng.c" />\r
- <ClCompile Include="..\..\src\zrtp_srtp_builtin.c" />\r
- <ClCompile Include="..\..\src\zrtp_string.c" />\r
- <ClCompile Include="..\..\src\zrtp_utils.c" />\r
- <ClCompile Include="..\..\src\zrtp_utils_proto.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bn.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bn32.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bninit32.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bntest00.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\lbn32.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\lbnmem.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\legal.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aes_modes.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aescrypt.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aeskey.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aestab.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\sha1.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\sha2.c" />\r
- </ItemGroup>\r
- <ItemGroup>\r
- <None Include="..\..\ChangeLog" />\r
- <None Include="..\..\News" />\r
- </ItemGroup>\r
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
- <ImportGroup Label="ExtensionTargets">\r
- </ImportGroup>\r
-</Project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
- <ItemGroup>\r
- <Filter Include="include">\r
- <UniqueIdentifier>{c0e76076-0032-445d-8c07-32b6c762622b}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="src">\r
- <UniqueIdentifier>{a03c0d83-0032-4848-9704-22cdce5ab144}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="bnlib">\r
- <UniqueIdentifier>{dbe8a34e-0032-495e-8df7-e82218921e60}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="bgaes">\r
- <UniqueIdentifier>{96d1a5c9-0032-4230-a764-a0ed11f434a7}</UniqueIdentifier>\r
- </Filter>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClInclude Include="..\..\include\zrtp.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_base.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config_user.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config_win.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_crypto.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_ec.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_engine.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_error.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_builtin.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_cache.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_system.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_legal.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_list.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_log.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_pbx.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_protocol.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_srtp.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_srtp_builtin.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_string.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_types.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_utils.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_version.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bn.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bn32.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bnsize00.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\kludge.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbn.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbn32.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbnmem.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\legal.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aes.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aesopt.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aestab.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\bg2zrtp.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\brg_types.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\sha1.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\sha2.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClCompile Include="..\..\src\zrtp.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crc.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_aes.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_atl.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_ec.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_ecdh.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_hash.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_pk.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_sas.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_datatypes.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_engine.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_engine_driven.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_cache.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_scheduler.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_sys.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_initiator.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_legal.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_list.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_log.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_pbx.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_protocol.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_responder.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_rng.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_srtp_builtin.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_string.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_utils.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_utils_proto.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bn.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bn32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bninit32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bntest00.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\lbn32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\lbnmem.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\legal.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aes_modes.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aescrypt.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aeskey.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aestab.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\sha1.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\sha2.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <None Include="..\..\ChangeLog" />\r
- <None Include="..\..\News" />\r
- </ItemGroup>\r
-</Project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
- <ItemGroup Label="ProjectConfigurations">\r
- <ProjectConfiguration Include="Debug|x64">\r
- <Configuration>Debug</Configuration>\r
- <Platform>x64</Platform>\r
- </ProjectConfiguration>\r
- <ProjectConfiguration Include="Release|x64">\r
- <Configuration>Release</Configuration>\r
- <Platform>x64</Platform>\r
- </ProjectConfiguration>\r
- </ItemGroup>\r
- <PropertyGroup Label="Globals">\r
- <ProjectGuid>{C13CC324-0064-4492-9A30-310A6BD64FF5}</ProjectGuid>\r
- <RootNamespace>libzrtp.x64</RootNamespace>\r
- <Keyword>Win32Proj</Keyword>\r
- </PropertyGroup>\r
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />\r
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">\r
- <ConfigurationType>StaticLibrary</ConfigurationType>\r
- <CharacterSet>MultiByte</CharacterSet>\r
- </PropertyGroup>\r
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">\r
- <ConfigurationType>StaticLibrary</ConfigurationType>\r
- <CharacterSet>MultiByte</CharacterSet>\r
- </PropertyGroup>\r
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />\r
- <ImportGroup Label="ExtensionSettings">\r
- </ImportGroup>\r
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">\r
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />\r
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />\r
- </ImportGroup>\r
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">\r
- <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />\r
- <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />\r
- </ImportGroup>\r
- <PropertyGroup Label="UserMacros" />\r
- <PropertyGroup>\r
- <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>\r
- <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>\r
- <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(Configuration).x64\</IntDir>\r
- <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>\r
- <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(Configuration).x64\</IntDir>\r
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">AllRules.ruleset</CodeAnalysisRuleSet>\r
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />\r
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />\r
- <CodeAnalysisRuleSet Condition="'$(Configuration)|$(Platform)'=='Release|x64'">AllRules.ruleset</CodeAnalysisRuleSet>\r
- <CodeAnalysisRules Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />\r
- <CodeAnalysisRuleAssemblies Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />\r
- </PropertyGroup>\r
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">\r
- <ClCompile>\r
- <Optimization>Disabled</Optimization>\r
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;../../test/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>_WIN64;_DEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
- <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>\r
- <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>\r
- <StructMemberAlignment>Default</StructMemberAlignment>\r
- <PrecompiledHeader>\r
- </PrecompiledHeader>\r
- <WarningLevel>Level3</WarningLevel>\r
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>\r
- <CompileAs>CompileAsC</CompileAs>\r
- </ClCompile>\r
- <Lib>\r
- <OutputFile>$(OutDir)libzrtp.x64.lib</OutputFile>\r
- </Lib>\r
- </ItemDefinitionGroup>\r
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">\r
- <ClCompile>\r
- <AdditionalIncludeDirectories>../../include;../../third_party/bnlib;../../third_party/bgaes;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>_WIN64;NDEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
- <ExceptionHandling>\r
- </ExceptionHandling>\r
- <RuntimeLibrary>MultiThreaded</RuntimeLibrary>\r
- <StructMemberAlignment>Default</StructMemberAlignment>\r
- <BufferSecurityCheck>false</BufferSecurityCheck>\r
- <PrecompiledHeader>\r
- </PrecompiledHeader>\r
- <WarningLevel>Level3</WarningLevel>\r
- <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>\r
- <CompileAs>CompileAsC</CompileAs>\r
- </ClCompile>\r
- <Lib>\r
- <OutputFile>$(OutDir)libzrtp.x64.lib</OutputFile>\r
- </Lib>\r
- </ItemDefinitionGroup>\r
- <ItemGroup>\r
- <ClInclude Include="..\..\include\zrtp.h" />\r
- <ClInclude Include="..\..\include\zrtp_base.h" />\r
- <ClInclude Include="..\..\include\zrtp_config.h" />\r
- <ClInclude Include="..\..\include\zrtp_config_user.h" />\r
- <ClInclude Include="..\..\include\zrtp_config_win.h" />\r
- <ClInclude Include="..\..\include\zrtp_crypto.h" />\r
- <ClInclude Include="..\..\include\zrtp_ec.h" />\r
- <ClInclude Include="..\..\include\zrtp_engine.h" />\r
- <ClInclude Include="..\..\include\zrtp_error.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface_builtin.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface_cache.h" />\r
- <ClInclude Include="..\..\include\zrtp_iface_system.h" />\r
- <ClInclude Include="..\..\include\zrtp_legal.h" />\r
- <ClInclude Include="..\..\include\zrtp_list.h" />\r
- <ClInclude Include="..\..\include\zrtp_log.h" />\r
- <ClInclude Include="..\..\include\zrtp_pbx.h" />\r
- <ClInclude Include="..\..\include\zrtp_protocol.h" />\r
- <ClInclude Include="..\..\include\zrtp_srtp.h" />\r
- <ClInclude Include="..\..\include\zrtp_srtp_builtin.h" />\r
- <ClInclude Include="..\..\include\zrtp_string.h" />\r
- <ClInclude Include="..\..\include\zrtp_types.h" />\r
- <ClInclude Include="..\..\include\zrtp_utils.h" />\r
- <ClInclude Include="..\..\include\zrtp_version.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\bn.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\bn32.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\bnsize00.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\kludge.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\lbn.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\lbn32.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\lbnmem.h" />\r
- <ClInclude Include="..\..\third_party\bnlib\legal.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\aes.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\aesopt.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\aestab.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\bg2zrtp.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\brg_types.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\sha1.h" />\r
- <ClInclude Include="..\..\third_party\bgaes\sha2.h" />\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClCompile Include="..\..\src\zrtp.c" />\r
- <ClCompile Include="..\..\src\zrtp_crc.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_aes.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_atl.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_ec.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_ecdh.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_hash.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_pk.c" />\r
- <ClCompile Include="..\..\src\zrtp_crypto_sas.c" />\r
- <ClCompile Include="..\..\src\zrtp_datatypes.c" />\r
- <ClCompile Include="..\..\src\zrtp_engine.c" />\r
- <ClCompile Include="..\..\src\zrtp_engine_driven.c" />\r
- <ClCompile Include="..\..\src\zrtp_iface_cache.c" />\r
- <ClCompile Include="..\..\src\zrtp_iface_scheduler.c" />\r
- <ClCompile Include="..\..\src\zrtp_iface_sys.c" />\r
- <ClCompile Include="..\..\src\zrtp_initiator.c" />\r
- <ClCompile Include="..\..\src\zrtp_legal.c" />\r
- <ClCompile Include="..\..\src\zrtp_list.c" />\r
- <ClCompile Include="..\..\src\zrtp_log.c" />\r
- <ClCompile Include="..\..\src\zrtp_pbx.c" />\r
- <ClCompile Include="..\..\src\zrtp_protocol.c" />\r
- <ClCompile Include="..\..\src\zrtp_responder.c" />\r
- <ClCompile Include="..\..\src\zrtp_rng.c" />\r
- <ClCompile Include="..\..\src\zrtp_srtp_builtin.c" />\r
- <ClCompile Include="..\..\src\zrtp_string.c" />\r
- <ClCompile Include="..\..\src\zrtp_utils.c" />\r
- <ClCompile Include="..\..\src\zrtp_utils_proto.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bn.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bn32.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bninit32.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\bntest00.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\lbn32.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\lbnmem.c" />\r
- <ClCompile Include="..\..\third_party\bnlib\legal.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aes_modes.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aescrypt.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aeskey.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\aestab.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\sha1.c" />\r
- <ClCompile Include="..\..\third_party\bgaes\sha2.c" />\r
- </ItemGroup>\r
- <ItemGroup>\r
- <None Include="..\..\ChangeLog" />\r
- <None Include="..\..\News" />\r
- </ItemGroup>\r
- <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
- <ImportGroup Label="ExtensionTargets">\r
- </ImportGroup>\r
-</Project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
- <ItemGroup>\r
- <Filter Include="include">\r
- <UniqueIdentifier>{c0e76076-0064-445d-8c07-32b6c762622b}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="src">\r
- <UniqueIdentifier>{a03c0d83-0064-4848-9704-22cdce5ab144}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="bnlib">\r
- <UniqueIdentifier>{dbe8a34e-0064-495e-8df7-e82218921e60}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="bgaes">\r
- <UniqueIdentifier>{96d1a5c9-0064-4230-a764-a0ed11f434a7}</UniqueIdentifier>\r
- </Filter>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClInclude Include="..\..\include\zrtp.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_base.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config_user.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_config_win.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_crypto.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_ec.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_engine.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_error.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_builtin.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_cache.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_iface_system.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_legal.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_list.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_log.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_pbx.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_protocol.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_srtp.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_srtp_builtin.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_string.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_types.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_utils.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\include\zrtp_version.h">\r
- <Filter>include</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bn.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bn32.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\bnsize00.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\kludge.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbn.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbn32.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\lbnmem.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bnlib\legal.h">\r
- <Filter>bnlib</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aes.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aesopt.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\aestab.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\bg2zrtp.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\brg_types.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\sha1.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- <ClInclude Include="..\..\third_party\bgaes\sha2.h">\r
- <Filter>bgaes</Filter>\r
- </ClInclude>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClCompile Include="..\..\src\zrtp.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crc.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_aes.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_atl.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_ec.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_ecdh.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_hash.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_pk.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_crypto_sas.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_datatypes.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_engine.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_engine_driven.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_cache.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_scheduler.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_iface_sys.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_initiator.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_legal.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_list.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_log.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_pbx.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_protocol.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_responder.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_rng.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_srtp_builtin.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_string.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_utils.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\src\zrtp_utils_proto.c">\r
- <Filter>src</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bn.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bn32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bninit32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\bntest00.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\lbn32.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\lbnmem.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bnlib\legal.c">\r
- <Filter>bnlib</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aes_modes.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aescrypt.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aeskey.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\aestab.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\sha1.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="..\..\third_party\bgaes\sha2.c">\r
- <Filter>bgaes</Filter>\r
- </ClCompile>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <None Include="..\..\ChangeLog" />\r
- <None Include="..\..\News" />\r
- </ItemGroup>\r
-</Project>
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="windows-1251"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="9,00"\r
- Name="libzrtp"\r
- ProjectGUID="{C13CC324-E0CA-4492-9A30-310A6BD64FF5}"\r
- RootNamespace="libzrtp"\r
- Keyword="Win32Proj"\r
- TargetFrameworkVersion="131072"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Win32"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"\r
- CharacterSet="2"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="../../include;../../third_party/bnlib;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H=1;ZRTP_ENABLE_EC=0"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="1"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="3"\r
- CompileAs="1"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- OutputFile="$(OutDir)/libzrtp.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"\r
- CharacterSet="2"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="../../include;../../third_party/bnlib;../../third_party/bgaes"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H=1; ZRTP_ENABLE_EC=0"\r
- ExceptionHandling="0"\r
- RuntimeLibrary="0"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="3"\r
- CompileAs="1"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- OutputFile="$(OutDir)/libzrtp.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="include"\r
- >\r
- <File\r
- RelativePath="..\..\include\zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_base.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_user.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_win.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_crypto.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_engine.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_error.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_builtin.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_cache.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_system.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_legal.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_list.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_log.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_pbx.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_protocol.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp_builtin.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_string.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_utils.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="src"\r
- >\r
- <File\r
- RelativePath="..\..\src\zrtp.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_aes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_atl.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_hash.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_pk.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_sas.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_datatypes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_engine.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_engine_driven.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_cache.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_scheduler.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_sys.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_initiator.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_legal.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_list.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_log.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_pbx.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_protocol.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_responder.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_rng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_srtp_builtin.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_string.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils_proto.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bnlib"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bninit32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bnsize00.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bntest00.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\kludge.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bgaes"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes_modes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aescrypt.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aeskey.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aesopt.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\bg2zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\brg_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.h"\r
- >\r
- </File>\r
- </Filter>\r
- <File\r
- RelativePath="..\..\ChangeLog"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\News"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
+++ /dev/null
-<?xml version="1.0" encoding="windows-1251"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="9,00"\r
- Name="libzrtp_test"\r
- ProjectGUID="{BA35741B-8C8E-4A39-9CA1-0CE032D6E4ED}"\r
- RootNamespace="libzrtp_test"\r
- Keyword="Win32Proj"\r
- TargetFrameworkVersion="131072"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Win32"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="1"\r
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"\r
- CharacterSet="2"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="..\..\include;..\..\include\enterprise;..\..\third_party\bgaes;..\..\third_party\bnlib"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="1"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="false"\r
- DebugInformationFormat="4"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalOptions="Ws2_32.lib"\r
- AdditionalDependencies="Debug/libzrtp.lib"\r
- OutputFile="$(OutDir)/libzrtp_test.exe"\r
- LinkIncremental="2"\r
- GenerateDebugInformation="true"\r
- ProgramDatabaseFile="$(OutDir)/libzrtp_test.pdb"\r
- SubSystem="1"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- TargetMachine="1"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="Release"\r
- IntermediateDirectory="Release"\r
- ConfigurationType="1"\r
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"\r
- CharacterSet="2"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="1"\r
- AdditionalIncludeDirectories="..\..\include;..\..\third_party\bgaes;..\..\third_party\bnlib"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE;"\r
- RuntimeLibrary="0"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalOptions="Ws2_32.lib"\r
- AdditionalDependencies="Release/libzrtp.lib"\r
- OutputFile="$(OutDir)/libzrtp_test.exe"\r
- LinkIncremental="1"\r
- GenerateDebugInformation="true"\r
- SubSystem="1"\r
- OptimizeReferences="2"\r
- EnableCOMDATFolding="2"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- TargetMachine="1"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_core.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_core.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_crypto.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_queue.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_queue.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_ui.c"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
+++ /dev/null
-<?xml version="1.0" encoding="windows-1251"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="9,00"\r
- Name="libzrtp_test"\r
- ProjectGUID="{5C082222-FD44-4295-8055-915936F086BE}"\r
- RootNamespace="libzrtp_test_GUI"\r
- Keyword="Win32Proj"\r
- TargetFrameworkVersion="131072"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Pocket PC 2003 (ARMV4)"\r
- />\r
- <Platform\r
- Name="Smartphone 2003 (ARMV4)"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="1"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="..\..\include;..\..\include\enterprise;..\..\third_party\bnlib;..\..\third_party\bgaes;..\..\test\pc"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;DEBUG;_WINDOWS;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;POCKETPC2003_UI_MODEL;POCKETPC2003_UI_MODEL;HAVE_CONFIG_H=1;"\r
- MinimalRebuild="true"\r
- RuntimeLibrary="1"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM /ARMPADCODE
 ws2.lib"\r
- AdditionalDependencies=""$(OutDir)/wince.lib""\r
- OutputFile="$(OutDir)/libzrtp_test_GUI.exe"\r
- LinkIncremental="2"\r
- DelayLoadDLLs="$(NOINHERIT)"\r
- GenerateDebugInformation="true"\r
- ProgramDatabaseFile="$(OutDir)/libzrtp_test_GUI.pdb"\r
- SubSystem="0"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="1"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="..\..\include;..\..\include\enterprise;..\..\third_party\bnlib;..\..\third_party\bgaes;..\..\test\pc"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;DEBUG;_WINDOWS;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;SMARTPHONE2003_UI_MODEL;SMARTPHONE2003_UI_MODEL;BUILD_ZRTP_MUTEXES;ZRTP_ENABLE_TEST;HAVE_CONFIG_H=1;"\r
- MinimalRebuild="true"\r
- RuntimeLibrary="1"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM /ARMPADCODE
ws2.lib"\r
- AdditionalDependencies=""$(OutDir)/wince.lib""\r
- OutputFile="$(OutDir)/libzrtp_test_GUI.exe"\r
- LinkIncremental="2"\r
- DelayLoadDLLs="$(NOINHERIT)"\r
- GenerateDebugInformation="true"\r
- ProgramDatabaseFile="$(OutDir)/libzrtp_test_GUI.pdb"\r
- SubSystem="0"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="1"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="2"\r
- AdditionalIncludeDirectories="..\..\include;..\..\include\enterprise;..\..\third_party\bnlib;..\..\third_party\bgaes;..\..\test\pc"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;_WINDOWS;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;POCKETPC2003_UI_MODEL;POCKETPC2003_UI_MODEL;BUILD_ZRTP_MUTEXES;ZRTP_ENABLE_TEST;HAVE_CONFIG_H=1"\r
- RuntimeLibrary="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM /ARMPADCODE
 ws2.lib"\r
- AdditionalDependencies=""$(OutDir)/wince.lib""\r
- OutputFile="$(OutDir)/libzrtp_test_GUI.exe"\r
- LinkIncremental="1"\r
- DelayLoadDLLs="$(NOINHERIT)"\r
- GenerateDebugInformation="true"\r
- ProgramDatabaseFile="$(OutDir)/libzrtp_test_GUI.pdb"\r
- SubSystem="0"\r
- OptimizeReferences="2"\r
- EnableCOMDATFolding="2"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="1"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="2"\r
- AdditionalIncludeDirectories="..\..\include;..\..\include\enterprise;..\..\third_party\bnlib;..\..\third_party\bgaes;..\..\test\pc"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;_WINDOWS;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;SMARTPHONE2003_UI_MODEL;SMARTPHONE2003_UI_MODEL;BUILD_ZRTP_MUTEXES;ZRTP_ENABLE_TEST;HAVE_CONFIG_H=1"\r
- RuntimeLibrary="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM /ARMPADCODE
ws2.lib "\r
- AdditionalDependencies=""$(OutDir)/wince.lib""\r
- OutputFile="$(OutDir)/libzrtp_test_GUI.exe"\r
- LinkIncremental="1"\r
- DelayLoadDLLs="$(NOINHERIT)"\r
- GenerateDebugInformation="true"\r
- ProgramDatabaseFile="$(OutDir)/libzrtp_test_GUI.pdb"\r
- SubSystem="0"\r
- OptimizeReferences="2"\r
- EnableCOMDATFolding="2"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="Source Files"\r
- Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
- UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
- >\r
- <File\r
- RelativePath="..\..\test\win_ce\libzrtp_test_GUI.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\win_ce\stdafx.cpp"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Header Files"\r
- Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
- UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
- >\r
- <File\r
- RelativePath=".\..\..\test\win_ce\libzrtp_test_GUI.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\..\..\test\win_ce\resourceppc.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\..\..\test\win_ce\resourcesp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\..\..\test\win_ce\stdafx.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Resource Files"\r
- Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
- UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
- >\r
- <File\r
- RelativePath=".\..\..\test\win_ce\libzrtp_test_GUI.ico"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\..\..\test\win_ce\libzrtp_test_GUIppc.rc"\r
- >\r
- <FileConfiguration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- ExcludedFromBuild="true"\r
- >\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- ExcludedFromBuild="true"\r
- >\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath=".\..\..\test\win_ce\libzrtp_test_GUIppc.rc2"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\..\..\test\win_ce\libzrtp_test_GUIsp.rc"\r
- >\r
- <FileConfiguration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- ExcludedFromBuild="true"\r
- >\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- ExcludedFromBuild="true"\r
- >\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath=".\..\..\test\win_ce\libzrtp_test_GUIsp.rc2"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="PC Sources"\r
- >\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_core.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_core.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_crypto.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_queue.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_queue.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\test\pc\zrtp_test_ui.c"\r
- >\r
- </File>\r
- </Filter>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
+++ /dev/null
-\r
-Microsoft Visual Studio Solution File, Format Version 10.00\r
-# Visual Studio 2008\r
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libzrtp", "libzrtp_wince.vcproj", "{53F84E3B-9903-4046-897B-33FEFFED527A}"\r
-EndProject\r
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libzrtp_test", "libzrtp_test_wince.vcproj", "{5C082222-FD44-4295-8055-915936F086BE}"\r
-EndProject\r
-Global\r
- GlobalSection(SolutionConfigurationPlatforms) = preSolution\r
- Debug|Pocket PC 2003 (ARMV4) = Debug|Pocket PC 2003 (ARMV4)\r
- Debug|Smartphone 2003 (ARMV4) = Debug|Smartphone 2003 (ARMV4)\r
- Release|Pocket PC 2003 (ARMV4) = Release|Pocket PC 2003 (ARMV4)\r
- Release|Smartphone 2003 (ARMV4) = Release|Smartphone 2003 (ARMV4)\r
- EndGlobalSection\r
- GlobalSection(ProjectConfigurationPlatforms) = postSolution\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Pocket PC 2003 (ARMV4)\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Debug|Smartphone 2003 (ARMV4).ActiveCfg = Debug|Smartphone 2003 (ARMV4)\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Pocket PC 2003 (ARMV4)\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Release|Pocket PC 2003 (ARMV4).Build.0 = Release|Pocket PC 2003 (ARMV4)\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Release|Pocket PC 2003 (ARMV4).Deploy.0 = Release|Pocket PC 2003 (ARMV4)\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Release|Smartphone 2003 (ARMV4).ActiveCfg = Release|Smartphone 2003 (ARMV4)\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Release|Smartphone 2003 (ARMV4).Build.0 = Release|Smartphone 2003 (ARMV4)\r
- {53F84E3B-9903-4046-897B-33FEFFED527A}.Release|Smartphone 2003 (ARMV4).Deploy.0 = Release|Smartphone 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Pocket PC 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Debug|Pocket PC 2003 (ARMV4).Build.0 = Debug|Pocket PC 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Debug|Pocket PC 2003 (ARMV4).Deploy.0 = Debug|Pocket PC 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Debug|Smartphone 2003 (ARMV4).ActiveCfg = Debug|Smartphone 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Debug|Smartphone 2003 (ARMV4).Build.0 = Debug|Smartphone 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Debug|Smartphone 2003 (ARMV4).Deploy.0 = Debug|Smartphone 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Pocket PC 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Release|Pocket PC 2003 (ARMV4).Build.0 = Release|Pocket PC 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Release|Pocket PC 2003 (ARMV4).Deploy.0 = Release|Pocket PC 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Release|Smartphone 2003 (ARMV4).ActiveCfg = Release|Smartphone 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Release|Smartphone 2003 (ARMV4).Build.0 = Release|Smartphone 2003 (ARMV4)\r
- {5C082222-FD44-4295-8055-915936F086BE}.Release|Smartphone 2003 (ARMV4).Deploy.0 = Release|Smartphone 2003 (ARMV4)\r
- EndGlobalSection\r
- GlobalSection(SolutionProperties) = preSolution\r
- HideSolutionNode = FALSE\r
- EndGlobalSection\r
-EndGlobal\r
+++ /dev/null
-<?xml version="1.0" encoding="windows-1251"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="9,00"\r
- Name="libzrtp"\r
- ProjectGUID="{53F84E3B-9903-4046-897B-33FEFFED527A}"\r
- RootNamespace="wince"\r
- Keyword="Win32Proj"\r
- TargetFrameworkVersion="131072"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Pocket PC 2003 (ARMV4)"\r
- />\r
- <Platform\r
- Name="Smartphone 2003 (ARMV4)"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- <DefaultToolFile\r
- FileName="masm.rules"\r
- />\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;DEBUG;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;ZRTP_ENABLE_EC=1"\r
- MinimalRebuild="true"\r
- RuntimeLibrary="1"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- CompileForArchitecture="2"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;DEBUG;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;ZRTP_ENABLE_EC=1"\r
- MinimalRebuild="true"\r
- RuntimeLibrary="1"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- CompileForArchitecture="0"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="2"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;ZRTP_ENABLE_EC=1"\r
- RuntimeLibrary="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="2"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;ZRTP_ENABLE_EC=1"\r
- RuntimeLibrary="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="include"\r
- >\r
- <File\r
- RelativePath="..\..\include\zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_base.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_user.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_win.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_crypto.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_ec.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_engine.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_error.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_cache.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_system.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_legal.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_list.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_log.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_pbx.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_protocol.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp_builtin.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_string.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_utils.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="src"\r
- >\r
- <File\r
- RelativePath="..\..\src\zrtp.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_aes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_atl.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_ec.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_ecdh.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_ecdsa.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_hash.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_pk.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_sas.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_datatypes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_engine.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_engine_driven.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_cache.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_scheduler.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_sys.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_initiator.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_list.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_log.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_pbx.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_protocol.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_responder.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_rng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_srtp_builtin.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_string.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils_proto.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bgaes"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes_modes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\..\third_party\bgaes\aescrypt.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aeskey.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aesopt.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\bg2zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\brg_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.c"\r
- >\r
- <FileConfiguration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.c"\r
- >\r
- <FileConfiguration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bnlib"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bninit32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bnsize00.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\config\config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\kludge.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn80386.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.h"\r
- >\r
- </File>\r
- </Filter>\r
- <File\r
- RelativePath=".\ReadMe.txt"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\libzrtp_test_GUI\ReadMe.txt"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
+++ /dev/null
-<?xml version="1.0" encoding="windows-1251"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="9,00"\r
- Name="libzrtp"\r
- ProjectGUID="{53F84E3B-9903-4046-897B-33FEFFED527A}"\r
- RootNamespace="wince"\r
- Keyword="Win32Proj"\r
- TargetFrameworkVersion="131072"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Pocket PC 2003 (ARMV4)"\r
- />\r
- <Platform\r
- Name="Smartphone 2003 (ARMV4)"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- <DefaultToolFile\r
- FileName="masm.rules"\r
- />\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;DEBUG;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;ZRTP_ENABLE_EC=0"\r
- MinimalRebuild="true"\r
- RuntimeLibrary="1"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- CompileForArchitecture="2"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;DEBUG;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;ZRTP_ENABLE_EC=0"\r
- MinimalRebuild="true"\r
- RuntimeLibrary="1"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- CompileForArchitecture="0"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="_DEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="2"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;ZRTP_ENABLE_EC=0"\r
- RuntimeLibrary="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- />\r
- <Tool\r
- Name="MASM"\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ExecutionBucket="7"\r
- Optimization="2"\r
- AdditionalIncludeDirectories="../../third_party/bnlib;../../include;../../include/enterprise;../../third_party/bgaes;../../test/include"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES);WINCE;_LIB;$(ARCHFAM);$(_ARCHFAM_);_UNICODE;UNICODE;ZRTP_ENABLE_EC=0"\r
- RuntimeLibrary="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- PreprocessorDefinitions="NDEBUG;_WIN32_WCE=$(CEVER);UNDER_CE;$(PLATFORMDEFINES)"\r
- Culture="1033"\r
- AdditionalIncludeDirectories="$(IntDir)"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- AdditionalOptions=" /subsystem:windowsce,4.20 /machine:ARM"\r
- OutputFile="$(OutDir)/wince.lib"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCCodeSignTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- <DeploymentTool\r
- ForceDirty="-1"\r
- RemoteDirectory=""\r
- RegisterOutput="0"\r
- AdditionalFiles=""\r
- />\r
- <DebuggerTool\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="include"\r
- >\r
- <File\r
- RelativePath="..\..\include\zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_base.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_user.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_config_win.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_crypto.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_engine.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_error.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_cache.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_iface_system.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_legal.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_list.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_log.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_pbx.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_protocol.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_srtp_builtin.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_string.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\include\zrtp_utils.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="src"\r
- >\r
- <File\r
- RelativePath="..\..\src\zrtp.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_aes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_atl.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_hash.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_pk.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_crypto_sas.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_datatypes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_engine.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_cache.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_scheduler.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_iface_sys.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_initiator.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_list.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_log.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_pbx.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_protocol.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_responder.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_rng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_srtp_builtin.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_string.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\src\zrtp_utils_proto.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bgaes"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aes_modes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\..\third_party\bgaes\aescrypt.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aeskey.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aesopt.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\aestab.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\bg2zrtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\brg_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.c"\r
- >\r
- <FileConfiguration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha1.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.c"\r
- >\r
- <FileConfiguration\r
- Name="Debug|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Debug|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Pocket PC 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Release|Smartphone 2003 (ARMV4)"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- ObjectFile="$(IntDir)/$(InputName)1.obj"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bgaes\sha2.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="bnlib"\r
- >\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bninit32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\bnsize00.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\config\config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\kludge.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn32.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbn80386.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\lbnmem.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\..\third_party\bnlib\legal.h"\r
- >\r
- </File>\r
- </Filter>\r
- <File\r
- RelativePath=".\ReadMe.txt"\r
- >\r
- </File>\r
- <File\r
- RelativePath="..\libzrtp_test_GUI\ReadMe.txt"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
+++ /dev/null
-# \r
-# Copyright (c) 2006 Philip R. Zimmermann. All rights reserved.\r
-# Contact: http://philzimmermann.com\r
-# For licensing and other legal details, see the file zrtp_legal.c.\r
-# \r
-# Andrew Rozinko <a.rozinko@soft-industry.com>\r
-\r
-#\r
-# THIS MAKEFILE WORKS WITH MICROSOFT NMAKE ONLY\r
-#\r
-\r
-# change this to point to your DDK\r
-\r
-DDK = ..\..\..\..\winddk\3790\r
-OS = wxp\r
-BASENAME = libzrtp\r
-\r
-#RELEASE = 1\r
-\r
-CC = cl\r
-ASM = ml\r
-LIB = lib\r
-\r
-all: $(BASENAME).lib\r
-\r
-# bnlib (the BigNumber engine)\r
-\r
-bnlib = \\r
- ../../third_party/bnlib/bn.obj \\r
- ../../third_party/bnlib/bn32.obj \\r
- ../../third_party/bnlib/bninit32.obj \\r
- ../../third_party/bnlib/lbn32.obj \\r
- ../../third_party/bnlib/lbnmem.obj \\r
- ../../third_party/bnlib/legal.obj\r
-\r
-protocol = \\r
- ../../src/zrtp.obj \\r
- ../../src/zrtp_crc.obj \\r
- ../../src/zrtp_crypto_aes.obj \\r
- ../../src/zrtp_crypto_atl.obj \\r
- ../../src/zrtp_crypto_hash.obj \\r
- ../../src/zrtp_crypto_pk.obj \\r
- ../../src/zrtp_crypto_sas.obj \\r
- ../../src/zrtp_datatypes.obj \\r
- ../../src/zrtp_engine.obj \\r
- ../../src/enterprise/zrtp_engine_driven.obj \\r
- ../../src/enterprise/zrtp_crypto_ec.obj \\r
- ../../src/enterprise/zrtp_crypto_ecdh.obj \\r
- ../../src/zrtp_iface_sys.obj \\r
- ../../src/zrtp_initiator.obj \\r
- ../../src/zrtp_legal.obj \\r
- ../../src/zrtp_list.obj \\r
- ../../src/zrtp_log.obj \\r
- ../../src/zrtp_pbx.obj \\r
- ../../src/zrtp_protocol.obj \\r
- ../../src/zrtp_responder.obj \\r
- ../../src/zrtp_rng.obj \\r
- ../../src/zrtp_srtp_builtin.obj \\r
- ../../src/zrtp_string.obj \\r
- ../../src/zrtp_utils.obj \\r
- ../../src/zrtp_utils_proto.obj\r
-\r
-bgaes = \\r
- ../../third_party/bgaes/aes_modes.obj \\r
- ../../third_party/bgaes/aescrypt.obj \\r
- ../../third_party/bgaes/aeskey.obj \\r
- ../../third_party/bgaes/aestab.obj \\r
- ../../third_party/bgaes/sha1.obj \\r
- ../../third_party/bgaes/sha2.obj\r
-\r
-OBJECTS = $(bnlib) $(protocol) $(bgaes)\r
-\r
-!IFNDEF RELEASE\r
-\r
-# Debug\r
-\r
-OUT_DIR = debug_ec.km\r
-\r
-DEFINES_D = -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -D_DEBUG -DDEBUG -DDEVL=1 \\r
--DFPO=0 -D_DLL=1 -D_IDWBUILD -DRDRDBG -DSRVDBG -DDBG_MESSAGES=1 \\r
--D_UNICODE -DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=1\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zel -Zp8 -Gy -cbstring -Gz -QIfdiv- -QIf -Gi- -Gm- -GX- \\r
--GR- -GF -FI$(DDK)\inc\$(OS)\warning.h -Z7 -Od -Oi -Oy- -W3\r
-\r
-!ELSE\r
-\r
-# Release\r
-\r
-OUT_DIR = release_ec.km\r
-\r
-DEFINES_D = -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNO_DISK_ACCESS -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 \\r
--DFPO=1 -DNDEBUG -D_DLL=1 -D_IDWBUILD -D_UNICODE \\r
--DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=1\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zel -Zp8 -Gy -cbstring -Gz -QIfdiv- -QIf -Gi- -Gm- -GX- \\r
--GR- -GF -Oxs -Oy -FI$(DDK)\inc\$(OS)\warning.h -W3 -FAcs -Z7\r
-\r
-!ENDIF\r
-\r
-ASM = ml\r
-AFLAGS = /c /Cx /coff /Zi\r
-AINCLUDE = -I. -I$(DDK)\inc\r
-\r
-CFLAGS = $(CFLAGS_D) -nologo -DHAVE_CONFIG_H=1 -DNT_DRIVER -D__BUILDMACHINE__=WinDDK \\r
- -I$(DDK)\inc\$(OS) -I$(DDK)\inc\ddk\$(OS) -I$(DDK)\inc\ddk\wdm\$(OS) \\r
- -I. -Ibnlib -Iinclude \\r
- -I$(DDK)\inc\crt -I..\..\third_party\bnlib\config -I..\..\third_party\bnlib \\r
- -I..\..\third_party\bgaes -I..\..\test\include -I..\..\include -I..\..\include\enterprise\r
-\r
-.c.obj :\r
- @$(CC) -c $(CFLAGS) $< /Fo$(OUT_DIR)/$(<B).obj\r
-\r
-.asm.obj:\r
- $(ASM) $(AINCLUDE) $(AFLAGS) /Fo$(OUT_DIR)/$(<B).obj $<\r
-\r
-$(BASENAME).lib : $(OUT_DIR) $(OBJECTS)\r
- $(LIB) /OUT:"$(OUT_DIR)\$(BASENAME).lib" /NOLOGO $(OUT_DIR)\*.obj\r
-\r
-$(OUT_DIR) :\r
- @mkdir $(OUT_DIR)\r
-\r
-clean:\r
- del "$(OUT_DIR)\*.obj"\r
- del "$(OUT_DIR)\*.res"\r
- del "$(OUT_DIR)\*.map"\r
- del "$(OUT_DIR)\*.pdb"\r
- del "$(OUT_DIR)\$(BASENAME).lib"\r
+++ /dev/null
-# \r
-# Copyright (c) 2006 Philip R. Zimmermann. All rights reserved.\r
-# Contact: http://philzimmermann.com\r
-# For licensing and other legal details, see the file zrtp_legal.c.\r
-# \r
-# Andrew Rozinko <a.rozinko@soft-industry.com>\r
-\r
-#\r
-# THIS MAKEFILE WORKS WITH MICROSOFT NMAKE ONLY\r
-#\r
-\r
-# change this to point to your DDK\r
-\r
-DDK = ..\..\..\..\winddk2003\r
-OS = wnet\r
-BASENAME = libzrtp\r
-BINPATH = $(DDK)\bin\win64\x86\amd64\r
-\r
-#RELEASE = 1\r
-\r
-CC = $(BINPATH)\cl\r
-ASM = $(BINPATH)\ml\r
-LIB = $(BINPATH)\lib\r
-\r
-all: $(BASENAME).lib\r
-\r
-# bnlib (the BigNumber engine)\r
-\r
-bnlib = \\r
- ../../third_party/bnlib/bn.obj \\r
- ../../third_party/bnlib/bn32.obj \\r
- ../../third_party/bnlib/bninit32.obj \\r
- ../../third_party/bnlib/lbn32.obj \\r
- ../../third_party/bnlib/lbnmem.obj \\r
- ../../third_party/bnlib/legal.obj\r
-\r
-protocol = \\r
- ../../src/zrtp.obj \\r
- ../../src/zrtp_crc.obj \\r
- ../../src/zrtp_crypto_aes.obj \\r
- ../../src/zrtp_crypto_atl.obj \\r
- ../../src/zrtp_crypto_hash.obj \\r
- ../../src/zrtp_crypto_pk.obj \\r
- ../../src/zrtp_crypto_sas.obj \\r
- ../../src/zrtp_datatypes.obj \\r
- ../../src/zrtp_engine.obj \\r
- ../../src/enterprise/zrtp_engine_driven.obj \\r
- ../../src/enterprise/zrtp_crypto_ec.obj \\r
- ../../src/enterprise/zrtp_crypto_ecdh.obj \\r
- ../../src/zrtp_iface_sys.obj \\r
- ../../src/zrtp_initiator.obj \\r
- ../../src/zrtp_legal.obj \\r
- ../../src/zrtp_list.obj \\r
- ../../src/zrtp_log.obj \\r
- ../../src/zrtp_pbx.obj \\r
- ../../src/zrtp_protocol.obj \\r
- ../../src/zrtp_responder.obj \\r
- ../../src/zrtp_rng.obj \\r
- ../../src/zrtp_srtp_builtin.obj \\r
- ../../src/zrtp_string.obj \\r
- ../../src/zrtp_utils.obj \\r
- ../../src/zrtp_utils_proto.obj\r
-\r
-bgaes = \\r
- ../../third_party/bgaes/aes_modes.obj \\r
- ../../third_party/bgaes/aescrypt.obj \\r
- ../../third_party/bgaes/aeskey.obj \\r
- ../../third_party/bgaes/aestab.obj \\r
- ../../third_party/bgaes/sha1.obj \\r
- ../../third_party/bgaes/sha2.obj\r
-\r
-OBJECTS = $(bnlib) $(protocol) $(bgaes) \r
-\r
-!IFNDEF RELEASE\r
-\r
-# Debug\r
-\r
-OUT_DIR = debug64_ec.km\r
-\r
-DEFINES_D = -DWIN64=1 -D_WIN64=1 -D_AMD64_=1 -D_M_AMD64 -D_WINDOWS \\r
--DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNT_INST=0 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -D_DEBUG -DDEBUG -DDEVL=1 \\r
--DFPO=0 -D_DLL=1 -D_IDWBUILD -DRDRDBG -DSRVDBG -DDBG_MESSAGES=1 \\r
--D_UNICODE -DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=1\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zp8 -Gy -cbstring -Gz -Gm- -EHs-c- \\r
--GR- -GF -FI$(DDK)\inc\$(OS)\warning.h -Z7 -Od -Oi -Oy- -W3\r
-\r
-!ELSE\r
-\r
-# Release\r
-\r
-OUT_DIR = release64_ec.km\r
-\r
-DEFINES_D = -DWIN64=1 -D_WIN64=1 -D_AMD64_=1 -D_M_AMD64 -D_WINDOWS \\r
--DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNO_DISK_ACCESS -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 \\r
--DFPO=1 -DNDEBUG -D_DLL=1 -D_IDWBUILD -D_UNICODE \\r
--DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=1\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zel -Zp8 -Gy -cbstring -Gz -QIfdiv- -QIf -Gi- -Gm- -GX- \\r
--GR- -GF -Oxs -Oy -FI$(DDK)\inc\$(OS)\warning.h -W3 -FAcs -Z7\r
-\r
-!ENDIF\r
-\r
-ASM = ml\r
-AFLAGS = /c /Cx /coff /Zi\r
-AINCLUDE = -I. -I$(DDK)\inc\r
-\r
-CFLAGS = $(CFLAGS_D) -nologo -DHAVE_CONFIG_H=1 -DNT_DRIVER -D__BUILDMACHINE__=WinDDK \\r
- -I$(DDK)\inc\$(OS) -I$(DDK)\inc\ddk\$(OS) -I$(DDK)\inc\ddk\wdm\$(OS) \\r
- -I$(DDK)\inc\crt -I..\..\third_party\bnlib\config -I..\..\third_party\bnlib \\r
- -I..\..\third_party\bgaes -I..\..\test\include -I..\..\include -I..\..\include\enterprise\r
-\r
-.c.obj :\r
- @$(CC) -c $(CFLAGS) $< /Fo$(OUT_DIR)/$(<B).obj\r
-\r
-.asm.obj:\r
- $(ASM) $(AINCLUDE) $(AFLAGS) /Fo$(OUT_DIR)/$(<B).obj $<\r
-\r
-$(BASENAME).lib : $(OUT_DIR) $(OBJECTS)\r
- $(LIB) /OUT:"$(OUT_DIR)\$(BASENAME).lib" /NOLOGO $(OUT_DIR)\*.obj\r
-\r
-$(OUT_DIR) :\r
- @mkdir $(OUT_DIR)\r
-\r
-clean:\r
- del "$(OUT_DIR)\*.obj"\r
- del "$(OUT_DIR)\*.res"\r
- del "$(OUT_DIR)\*.map"\r
- del "$(OUT_DIR)\*.pdb"\r
- del "$(OUT_DIR)\$(BASENAME).lib"\r
+++ /dev/null
-# \r
-# Copyright (c) 2006 Philip R. Zimmermann. All rights reserved.\r
-# Contact: http://philzimmermann.com\r
-# For licensing and other legal details, see the file zrtp_legal.c.\r
-# \r
-# Andrew Rozinko <a.rozinko@soft-industry.com>\r
-\r
-#\r
-# THIS MAKEFILE WORKS WITH MICROSOFT NMAKE ONLY\r
-#\r
-\r
-# change this to point to your DDK\r
-\r
-DDK = ..\..\..\..\winddk\3790\r
-OS = wxp\r
-BASENAME = libzrtp\r
-\r
-#RELEASE = 1\r
-\r
-CC = cl\r
-ASM = ml\r
-LIB = lib\r
-\r
-all: $(BASENAME).lib\r
-\r
-# bnlib (the BigNumber engine)\r
-\r
-bnlib = \\r
- ../../third_party/bnlib/bn.obj \\r
- ../../third_party/bnlib/bn32.obj \\r
- ../../third_party/bnlib/bninit32.obj \\r
- ../../third_party/bnlib/lbn32.obj \\r
- ../../third_party/bnlib/lbnmem.obj \\r
- ../../third_party/bnlib/legal.obj\r
-\r
-protocol = \\r
- ../../src/zrtp.obj \\r
- ../../src/zrtp_crc.obj \\r
- ../../src/zrtp_crypto_aes.obj \\r
- ../../src/zrtp_crypto_atl.obj \\r
- ../../src/zrtp_crypto_hash.obj \\r
- ../../src/zrtp_crypto_pk.obj \\r
- ../../src/zrtp_crypto_sas.obj \\r
- ../../src/zrtp_datatypes.obj \\r
- ../../src/zrtp_engine.obj \\r
- ../../src/zrtp_iface_sys.obj \\r
- ../../src/zrtp_initiator.obj \\r
- ../../src/zrtp_legal.obj \\r
- ../../src/zrtp_list.obj \\r
- ../../src/zrtp_log.obj \\r
- ../../src/zrtp_pbx.obj \\r
- ../../src/zrtp_protocol.obj \\r
- ../../src/zrtp_responder.obj \\r
- ../../src/zrtp_rng.obj \\r
- ../../src/zrtp_srtp_builtin.obj \\r
- ../../src/zrtp_string.obj \\r
- ../../src/zrtp_utils.obj \\r
- ../../src/zrtp_utils_proto.obj\r
-\r
-bgaes = \\r
- ../../third_party/bgaes/aes_modes.obj \\r
- ../../third_party/bgaes/aescrypt.obj \\r
- ../../third_party/bgaes/aeskey.obj \\r
- ../../third_party/bgaes/aestab.obj \\r
- ../../third_party/bgaes/sha1.obj \\r
- ../../third_party/bgaes/sha2.obj\r
-\r
-OBJECTS = $(bnlib) $(protocol) $(bgaes) \r
-\r
-!IFNDEF RELEASE\r
-\r
-# Debug\r
-\r
-OUT_DIR = debug.km\r
-\r
-DEFINES_D = -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -D_DEBUG -DDEBUG -DDEVL=1 \\r
--DFPO=0 -D_DLL=1 -D_IDWBUILD -DRDRDBG -DSRVDBG -DDBG_MESSAGES=1 \\r
--D_UNICODE -DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=0\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zel -Zp8 -Gy -cbstring -Gz -QIfdiv- -QIf -Gi- -Gm- -GX- \\r
--GR- -GF -FI$(DDK)\inc\$(OS)\warning.h -Z7 -Od -Oi -Oy- -W3\r
-\r
-!ELSE\r
-\r
-# Release\r
-\r
-OUT_DIR = release.km\r
-\r
-DEFINES_D = -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNO_DISK_ACCESS -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 \\r
--DFPO=1 -DNDEBUG -D_DLL=1 -D_IDWBUILD -D_UNICODE \\r
--DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=0\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zel -Zp8 -Gy -cbstring -Gz -QIfdiv- -QIf -Gi- -Gm- -GX- \\r
--GR- -GF -Oxs -Oy -FI$(DDK)\inc\$(OS)\warning.h -W3 -FAcs -Z7\r
-\r
-!ENDIF\r
-\r
-ASM = ml\r
-AFLAGS = /c /Cx /coff /Zi\r
-AINCLUDE = -I. -I$(DDK)\inc\r
-\r
-CFLAGS = $(CFLAGS_D) -nologo -DHAVE_CONFIG_H=1 -DNT_DRIVER -D__BUILDMACHINE__=WinDDK \\r
- -I$(DDK)\inc\$(OS) -I$(DDK)\inc\ddk\$(OS) -I$(DDK)\inc\ddk\wdm\$(OS) \\r
- -I. -Ibnlib -Iinclude \\r
- -I$(DDK)\inc\crt -I..\..\third_party\bnlib\config -I..\..\third_party\bnlib \\r
- -I..\..\third_party\bgaes -I..\..\test\include -I..\..\include -I..\..\include\enterprise\r
-\r
-.c.obj :\r
- @$(CC) -c $(CFLAGS) $< /Fo$(OUT_DIR)/$(<B).obj\r
-\r
-.asm.obj:\r
- $(ASM) $(AINCLUDE) $(AFLAGS) /Fo$(OUT_DIR)/$(<B).obj $<\r
-\r
-$(BASENAME).lib : $(OUT_DIR) $(OBJECTS)\r
- $(LIB) /OUT:"$(OUT_DIR)\$(BASENAME).lib" /NOLOGO $(OUT_DIR)\*.obj\r
-\r
-$(OUT_DIR) :\r
- @mkdir $(OUT_DIR)\r
-\r
-clean:\r
- del "$(OUT_DIR)\*.obj"\r
- del "$(OUT_DIR)\*.res"\r
- del "$(OUT_DIR)\*.map"\r
- del "$(OUT_DIR)\*.pdb"\r
- del "$(OUT_DIR)\$(BASENAME).lib"\r
+++ /dev/null
-# \r
-# Copyright (c) 2006 Philip R. Zimmermann. All rights reserved.\r
-# Contact: http://philzimmermann.com\r
-# For licensing and other legal details, see the file zrtp_legal.c.\r
-# \r
-# Andrew Rozinko <a.rozinko@soft-industry.com>\r
-\r
-#\r
-# THIS MAKEFILE WORKS WITH MICROSOFT NMAKE ONLY\r
-#\r
-\r
-# change this to point to your DDK\r
-\r
-DDK = ..\..\..\..\winddk2003\r
-OS = wnet\r
-BASENAME = libzrtp\r
-BINPATH = $(DDK)\bin\win64\x86\amd64\r
-\r
-#RELEASE = 1\r
-\r
-CC = $(BINPATH)\cl\r
-ASM = $(BINPATH)\ml\r
-LIB = $(BINPATH)\lib\r
-\r
-all: $(BASENAME).lib\r
-\r
-# bnlib (the BigNumber engine)\r
-\r
-bnlib = \\r
- ../../third_party/bnlib/bn.obj \\r
- ../../third_party/bnlib/bn32.obj \\r
- ../../third_party/bnlib/bninit32.obj \\r
- ../../third_party/bnlib/lbn32.obj \\r
- ../../third_party/bnlib/lbnmem.obj \\r
- ../../third_party/bnlib/legal.obj\r
-\r
-protocol = \\r
- ../../src/zrtp.obj \\r
- ../../src/zrtp_crc.obj \\r
- ../../src/zrtp_crypto_aes.obj \\r
- ../../src/zrtp_crypto_atl.obj \\r
- ../../src/zrtp_crypto_hash.obj \\r
- ../../src/zrtp_crypto_pk.obj \\r
- ../../src/zrtp_crypto_sas.obj \\r
- ../../src/zrtp_datatypes.obj \\r
- ../../src/zrtp_engine.obj \\r
- ../../src/zrtp_iface_sys.obj \\r
- ../../src/zrtp_initiator.obj \\r
- ../../src/zrtp_legal.obj \\r
- ../../src/zrtp_list.obj \\r
- ../../src/zrtp_log.obj \\r
- ../../src/zrtp_pbx.obj \\r
- ../../src/zrtp_protocol.obj \\r
- ../../src/zrtp_responder.obj \\r
- ../../src/zrtp_rng.obj \\r
- ../../src/zrtp_srtp_builtin.obj \\r
- ../../src/zrtp_string.obj \\r
- ../../src/zrtp_utils.obj \\r
- ../../src/zrtp_utils_proto.obj\r
-\r
-bgaes = \\r
- ../../third_party/bgaes/aes_modes.obj \\r
- ../../third_party/bgaes/aescrypt.obj \\r
- ../../third_party/bgaes/aeskey.obj \\r
- ../../third_party/bgaes/aestab.obj \\r
- ../../third_party/bgaes/sha1.obj \\r
- ../../third_party/bgaes/sha2.obj\r
-\r
-OBJECTS = $(bnlib) $(protocol) $(bgaes) \r
-\r
-!IFNDEF RELEASE\r
-\r
-# Debug\r
-\r
-OUT_DIR = debug64.km\r
-\r
-DEFINES_D = -DWIN64=1 -D_WIN64=1 -D_AMD64_=1 -D_M_AMD64 -D_WINDOWS \\r
--DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNT_INST=0 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -D_DEBUG -DDEBUG -DDEVL=1 \\r
--DFPO=0 -D_DLL=1 -D_IDWBUILD -DRDRDBG -DSRVDBG -DDBG_MESSAGES=1 \\r
--D_UNICODE -DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=0\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zp8 -Gy -cbstring -Gz -Gm- -EHs-c- \\r
--GR- -GF -FI$(DDK)\inc\$(OS)\warning.h -Z7 -Od -Oi -Oy- -W3\r
-\r
-!ELSE\r
-\r
-# Release\r
-\r
-OUT_DIR = release64.km\r
-\r
-DEFINES_D = -DWIN64=1 -D_WIN64=1 -D_AMD64_=1 -D_M_AMD64 -D_WINDOWS \\r
--DSTD_CALL -DCONDITION_HANDLING=1 \\r
--DNT_UP=1 -DNO_DISK_ACCESS -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 \\r
--DWINNT=1 -D_WIN32_WINNT=0x0500 -DWIN32_LEAN_AND_MEAN=1 -DDEVL=1 \\r
--DFPO=1 -DNDEBUG -D_DLL=1 -D_IDWBUILD -D_UNICODE \\r
--DLITTLE_ENDIAN -DZRTP_USE_ENTERPRISE=0\r
-\r
-CFLAGS_D = $(DEFINES_D) -Zel -Zp8 -Gy -cbstring -Gz -QIfdiv- -QIf -Gi- -Gm- -GX- \\r
--GR- -GF -Oxs -Oy -FI$(DDK)\inc\$(OS)\warning.h -W3 -FAcs -Z7\r
-\r
-!ENDIF\r
-\r
-ASM = ml\r
-AFLAGS = /c /Cx /coff /Zi\r
-AINCLUDE = -I. -I$(DDK)\inc\r
-\r
-CFLAGS = $(CFLAGS_D) -nologo -DHAVE_CONFIG_H=1 -DNT_DRIVER -D__BUILDMACHINE__=WinDDK \\r
- -I$(DDK)\inc\$(OS) -I$(DDK)\inc\ddk\$(OS) -I$(DDK)\inc\ddk\wdm\$(OS) \\r
- -I$(DDK)\inc\crt -I..\..\third_party\bnlib\config -I..\..\third_party\bnlib \\r
- -I..\..\third_party\bgaes -I..\..\test\include -I..\..\include -I..\..\include\enterprise\r
-\r
-.c.obj :\r
- @$(CC) -c $(CFLAGS) $< /Fo$(OUT_DIR)/$(<B).obj\r
-\r
-.asm.obj:\r
- $(ASM) $(AINCLUDE) $(AFLAGS) /Fo$(OUT_DIR)/$(<B).obj $<\r
-\r
-$(BASENAME).lib : $(OUT_DIR) $(OBJECTS)\r
- $(LIB) /OUT:"$(OUT_DIR)\$(BASENAME).lib" /NOLOGO $(OUT_DIR)\*.obj\r
-\r
-$(OUT_DIR) :\r
- @mkdir $(OUT_DIR)\r
-\r
-clean:\r
- del "$(OUT_DIR)\*.obj"\r
- del "$(OUT_DIR)\*.res"\r
- del "$(OUT_DIR)\*.map"\r
- del "$(OUT_DIR)\*.pdb"\r
- del "$(OUT_DIR)\$(BASENAME).lib"\r
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 46;
- objects = {
-
-/* Begin PBXAggregateTarget section */
- 8DF95BE80EC06AAE00832CBC /* configure */ = {
- isa = PBXAggregateTarget;
- buildConfigurationList = 8DF95BEB0EC06ACD00832CBC /* Build configuration list for PBXAggregateTarget "configure" */;
- buildPhases = (
- 8DF95BE70EC06AAE00832CBC /* ShellScript */,
- );
- dependencies = (
- );
- name = configure;
- productName = configure;
- };
-/* End PBXAggregateTarget section */
-
-/* Begin PBXBuildFile section */
- 8996DFEA0EC9CA8C007D7FD5 /* aes.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9A90EACB11400A8A8EA /* aes.h */; };
- 8996DFEB0EC9CA8C007D7FD5 /* aesopt.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9AD0EACB11400A8A8EA /* aesopt.h */; };
- 8996DFEC0EC9CA8C007D7FD5 /* aestab.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9AF0EACB11400A8A8EA /* aestab.h */; };
- 8996DFED0EC9CA8C007D7FD5 /* bg2zrtp.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9B00EACB11400A8A8EA /* bg2zrtp.h */; };
- 8996DFEE0EC9CA8C007D7FD5 /* brg_types.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9B10EACB11400A8A8EA /* brg_types.h */; };
- 8996DFEF0EC9CA8C007D7FD5 /* sha1.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9B30EACB11400A8A8EA /* sha1.h */; };
- 8996DFF00EC9CA8C007D7FD5 /* sha2.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9B50EACB11400A8A8EA /* sha2.h */; };
- 8996DFF10EC9CA8C007D7FD5 /* bn.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9DB0EACB51300A8A8EA /* bn.h */; };
- 8996DFF20EC9CA8C007D7FD5 /* bn32.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9DD0EACB51300A8A8EA /* bn32.h */; };
- 8996DFF30EC9CA8C007D7FD5 /* lbn.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9DF0EACB51300A8A8EA /* lbn.h */; };
- 8996DFF40EC9CA8C007D7FD5 /* lbn16.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9E00EACB51300A8A8EA /* lbn16.h */; };
- 8996DFF50EC9CA8C007D7FD5 /* lbnmem.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9E30EACB51300A8A8EA /* lbnmem.h */; };
- 8996DFF60EC9CA8C007D7FD5 /* legal.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9E50EACB51300A8A8EA /* legal.h */; };
- 8996E0000EC9CA8C007D7FD5 /* zrtp_base.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30AB7B0EADA86000A8A8EA /* zrtp_base.h */; };
- 8996E01C0EC9CA8C007D7FD5 /* aes_modes.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9AA0EACB11400A8A8EA /* aes_modes.c */; };
- 8996E01D0EC9CA8C007D7FD5 /* aescrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9AB0EACB11400A8A8EA /* aescrypt.c */; };
- 8996E01E0EC9CA8C007D7FD5 /* aeskey.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9AC0EACB11400A8A8EA /* aeskey.c */; };
- 8996E01F0EC9CA8C007D7FD5 /* aestab.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9AE0EACB11400A8A8EA /* aestab.c */; };
- 8996E0200EC9CA8C007D7FD5 /* sha1.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9B20EACB11400A8A8EA /* sha1.c */; };
- 8996E0210EC9CA8C007D7FD5 /* sha2.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9B40EACB11400A8A8EA /* sha2.c */; };
- 8996E0220EC9CA8C007D7FD5 /* bn.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9DA0EACB51300A8A8EA /* bn.c */; };
- 8996E0230EC9CA8C007D7FD5 /* bn32.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9DC0EACB51300A8A8EA /* bn32.c */; };
- 8996E0240EC9CA8C007D7FD5 /* bntest32.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9DE0EACB51300A8A8EA /* bntest32.c */; };
- 8996E0250EC9CA8C007D7FD5 /* lbn32.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9E10EACB51300A8A8EA /* lbn32.c */; };
- 8996E0260EC9CA8C007D7FD5 /* lbnmem.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9E20EACB51300A8A8EA /* lbnmem.c */; };
- 8996E0270EC9CA8C007D7FD5 /* legal.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9E40EACB51300A8A8EA /* legal.c */; };
- 8996E0280EC9CA8C007D7FD5 /* zrtp_iface_sys.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30AE120EAE2BAB00A8A8EA /* zrtp_iface_sys.c */; };
- 8996E0290EC9CA8C007D7FD5 /* zrtp_log.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30AFFF0EAF590400A8A8EA /* zrtp_log.c */; };
- 8996E02A0EC9CA8C007D7FD5 /* zrtp_utils_proto.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30B2A60EB0BA2600A8A8EA /* zrtp_utils_proto.c */; };
- 8996E02B0EC9CA8C007D7FD5 /* bninit32.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D4BE7680EC325A5003584D4 /* bninit32.c */; };
- 8D6EEBBF0F01386E00529121 /* zrtp.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9590EACB0D600A8A8EA /* zrtp.c */; };
- 8D6EEBC00F01386E00529121 /* zrtp_crc.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A95B0EACB0D600A8A8EA /* zrtp_crc.c */; };
- 8D6EEBC10F01386E00529121 /* zrtp_crypto_aes.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A95C0EACB0D600A8A8EA /* zrtp_crypto_aes.c */; };
- 8D6EEBC20F01386E00529121 /* zrtp_crypto_atl.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A95D0EACB0D600A8A8EA /* zrtp_crypto_atl.c */; };
- 8D6EEBC30F01386E00529121 /* zrtp_crypto_hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A95E0EACB0D600A8A8EA /* zrtp_crypto_hash.c */; };
- 8D6EEBC40F01386E00529121 /* zrtp_crypto_pk.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A95F0EACB0D600A8A8EA /* zrtp_crypto_pk.c */; };
- 8D6EEBC50F01386E00529121 /* zrtp_crypto_sas.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9600EACB0D600A8A8EA /* zrtp_crypto_sas.c */; };
- 8D6EEBC60F01386E00529121 /* zrtp_datatypes.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9610EACB0D600A8A8EA /* zrtp_datatypes.c */; };
- 8D6EEBC70F01386E00529121 /* zrtp_engine.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9620EACB0D600A8A8EA /* zrtp_engine.c */; };
- 8D6EEBC80F01386E00529121 /* zrtp_initiator.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9640EACB0D600A8A8EA /* zrtp_initiator.c */; };
- 8D6EEBC90F01386E00529121 /* zrtp_responder.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9680EACB0D600A8A8EA /* zrtp_responder.c */; };
- 8D6EEBCA0F01386E00529121 /* zrtp_list.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9650EACB0D600A8A8EA /* zrtp_list.c */; };
- 8D6EEBCB0F01386E00529121 /* zrtp_pbx.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9660EACB0D600A8A8EA /* zrtp_pbx.c */; };
- 8D6EEBCC0F01386E00529121 /* zrtp_protocol.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9670EACB0D600A8A8EA /* zrtp_protocol.c */; };
- 8D6EEBCD0F01386E00529121 /* zrtp_rng.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9690EACB0D600A8A8EA /* zrtp_rng.c */; };
- 8D6EEBCE0F01386E00529121 /* zrtp_srtp_builtin.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A96A0EACB0D600A8A8EA /* zrtp_srtp_builtin.c */; };
- 8D6EEBCF0F01386E00529121 /* zrtp_string.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A96C0EACB0D600A8A8EA /* zrtp_string.c */; };
- 8D6EEBD00F01386E00529121 /* zrtp_utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A96D0EACB0D600A8A8EA /* zrtp_utils.c */; };
- 8D6EEBD10F01386E00529121 /* zrtp_legal.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D4A9EDB0EC9E2E300F07172 /* zrtp_legal.c */; };
- 8D6EEBD30F01386E00529121 /* zrtp_iface_scheduler.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D30A9520EACB0C700A8A8EA /* zrtp_iface_scheduler.c */; };
- 8D6EEBD70F01388C00529121 /* zrtp.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9830EACB0EA00A8A8EA /* zrtp.h */; };
- 8D6EEBD80F01388C00529121 /* zrtp_types.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9940EACB0EA00A8A8EA /* zrtp_types.h */; };
- 8D6EEBDA0F01388C00529121 /* zrtp_error.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9890EACB0EA00A8A8EA /* zrtp_error.h */; };
- 8D6EEBDB0F01388C00529121 /* zrtp_iface.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A98A0EACB0EA00A8A8EA /* zrtp_iface.h */; };
- 8D6EEBDC0F01388C00529121 /* zrtp_iface_system.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A98B0EACB0EA00A8A8EA /* zrtp_iface_system.h */; };
- 8D6EEBDD0F01388C00529121 /* zrtp_legal.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A98C0EACB0EA00A8A8EA /* zrtp_legal.h */; };
- 8D6EEBDE0F01388C00529121 /* zrtp_list.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A98D0EACB0EA00A8A8EA /* zrtp_list.h */; };
- 8D6EEBDF0F01388C00529121 /* zrtp_log.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A98E0EACB0EA00A8A8EA /* zrtp_log.h */; };
- 8D6EEBE00F01388C00529121 /* zrtp_pbx.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A98F0EACB0EA00A8A8EA /* zrtp_pbx.h */; };
- 8D6EEBE10F01388C00529121 /* zrtp_protocol.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9900EACB0EA00A8A8EA /* zrtp_protocol.h */; };
- 8D6EEBE20F01388C00529121 /* zrtp_srtp.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9910EACB0EA00A8A8EA /* zrtp_srtp.h */; };
- 8D6EEBE30F01388C00529121 /* zrtp_srtp_builtin.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9920EACB0EA00A8A8EA /* zrtp_srtp_builtin.h */; };
- 8D6EEBE40F01388C00529121 /* zrtp_string.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9930EACB0EA00A8A8EA /* zrtp_string.h */; };
- 8D6EEBE50F01388C00529121 /* zrtp_crypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9860EACB0EA00A8A8EA /* zrtp_crypto.h */; };
- 8D6EEBE60F01388C00529121 /* zrtp_version.h in Headers */ = {isa = PBXBuildFile; fileRef = 8DBAF5AD0EE91A8C00D34BFB /* zrtp_version.h */; };
- 8D6EEBE70F0138AF00529121 /* zrtp_config.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9840EACB0EA00A8A8EA /* zrtp_config.h */; };
- 8D6EEBE80F0138AF00529121 /* zrtp_config_user.h in Headers */ = {isa = PBXBuildFile; fileRef = 8D30A9850EACB0EA00A8A8EA /* zrtp_config_user.h */; };
- 8DCDA604119850ED006B39ED /* zrtp_engine.h in Headers */ = {isa = PBXBuildFile; fileRef = 8DCDA603119850ED006B39ED /* zrtp_engine.h */; };
- 8DD1C11E0F36D4A500903190 /* zrtp_config_unix.h in Headers */ = {isa = PBXBuildFile; fileRef = 8DD1C11C0F36D4A500903190 /* zrtp_config_unix.h */; };
- 8DEE0799102FF96100B585AD /* zrtp_ec.h in Headers */ = {isa = PBXBuildFile; fileRef = 8DEE0793102FF96100B585AD /* zrtp_ec.h */; };
- 8DEE079A102FF96100B585AD /* zrtp_iface_cache.h in Headers */ = {isa = PBXBuildFile; fileRef = 8DEE0794102FF96100B585AD /* zrtp_iface_cache.h */; };
- 8DEE079B102FF96100B585AD /* zrtp_iface_scheduler.h in Headers */ = {isa = PBXBuildFile; fileRef = 8DEE0795102FF96100B585AD /* zrtp_iface_scheduler.h */; };
- 8DEE07B2102FF9BD00B585AD /* zrtp_crypto_ec.c in Sources */ = {isa = PBXBuildFile; fileRef = 8DEE07AC102FF9BD00B585AD /* zrtp_crypto_ec.c */; };
- 8DEE07B3102FF9BD00B585AD /* zrtp_crypto_ecdh.c in Sources */ = {isa = PBXBuildFile; fileRef = 8DEE07AD102FF9BD00B585AD /* zrtp_crypto_ecdh.c */; };
- 8DEE07B5102FF9BD00B585AD /* zrtp_engine_driven.c in Sources */ = {isa = PBXBuildFile; fileRef = 8DEE07AF102FF9BD00B585AD /* zrtp_engine_driven.c */; };
- 8DEE07B6102FF9BD00B585AD /* zrtp_iface_cache.c in Sources */ = {isa = PBXBuildFile; fileRef = 8DEE07B0102FF9BD00B585AD /* zrtp_iface_cache.c */; };
- 8DEE07B7102FF9BD00B585AD /* zrtp_srtp_dm.c in Sources */ = {isa = PBXBuildFile; fileRef = 8DEE07B1102FF9BD00B585AD /* zrtp_srtp_dm.c */; };
-/* End PBXBuildFile section */
-
-/* Begin PBXFileReference section */
- 8996E0300EC9CA8C007D7FD5 /* libzrtp.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libzrtp.a; sourceTree = BUILT_PRODUCTS_DIR; };
- 8D30A9520EACB0C700A8A8EA /* zrtp_iface_scheduler.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_iface_scheduler.c; path = ../../src/zrtp_iface_scheduler.c; sourceTree = SOURCE_ROOT; };
- 8D30A9590EACB0D600A8A8EA /* zrtp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp.c; path = ../../src/zrtp.c; sourceTree = SOURCE_ROOT; };
- 8D30A95B0EACB0D600A8A8EA /* zrtp_crc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crc.c; path = ../../src/zrtp_crc.c; sourceTree = SOURCE_ROOT; };
- 8D30A95C0EACB0D600A8A8EA /* zrtp_crypto_aes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crypto_aes.c; path = ../../src/zrtp_crypto_aes.c; sourceTree = SOURCE_ROOT; };
- 8D30A95D0EACB0D600A8A8EA /* zrtp_crypto_atl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crypto_atl.c; path = ../../src/zrtp_crypto_atl.c; sourceTree = SOURCE_ROOT; };
- 8D30A95E0EACB0D600A8A8EA /* zrtp_crypto_hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crypto_hash.c; path = ../../src/zrtp_crypto_hash.c; sourceTree = SOURCE_ROOT; };
- 8D30A95F0EACB0D600A8A8EA /* zrtp_crypto_pk.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crypto_pk.c; path = ../../src/zrtp_crypto_pk.c; sourceTree = SOURCE_ROOT; };
- 8D30A9600EACB0D600A8A8EA /* zrtp_crypto_sas.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crypto_sas.c; path = ../../src/zrtp_crypto_sas.c; sourceTree = SOURCE_ROOT; };
- 8D30A9610EACB0D600A8A8EA /* zrtp_datatypes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_datatypes.c; path = ../../src/zrtp_datatypes.c; sourceTree = SOURCE_ROOT; };
- 8D30A9620EACB0D600A8A8EA /* zrtp_engine.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_engine.c; path = ../../src/zrtp_engine.c; sourceTree = SOURCE_ROOT; };
- 8D30A9640EACB0D600A8A8EA /* zrtp_initiator.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_initiator.c; path = ../../src/zrtp_initiator.c; sourceTree = SOURCE_ROOT; };
- 8D30A9650EACB0D600A8A8EA /* zrtp_list.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_list.c; path = ../../src/zrtp_list.c; sourceTree = SOURCE_ROOT; };
- 8D30A9660EACB0D600A8A8EA /* zrtp_pbx.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_pbx.c; path = ../../src/zrtp_pbx.c; sourceTree = SOURCE_ROOT; };
- 8D30A9670EACB0D600A8A8EA /* zrtp_protocol.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_protocol.c; path = ../../src/zrtp_protocol.c; sourceTree = SOURCE_ROOT; };
- 8D30A9680EACB0D600A8A8EA /* zrtp_responder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_responder.c; path = ../../src/zrtp_responder.c; sourceTree = SOURCE_ROOT; };
- 8D30A9690EACB0D600A8A8EA /* zrtp_rng.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_rng.c; path = ../../src/zrtp_rng.c; sourceTree = SOURCE_ROOT; };
- 8D30A96A0EACB0D600A8A8EA /* zrtp_srtp_builtin.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_srtp_builtin.c; path = ../../src/zrtp_srtp_builtin.c; sourceTree = SOURCE_ROOT; };
- 8D30A96C0EACB0D600A8A8EA /* zrtp_string.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_string.c; path = ../../src/zrtp_string.c; sourceTree = SOURCE_ROOT; };
- 8D30A96D0EACB0D600A8A8EA /* zrtp_utils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_utils.c; path = ../../src/zrtp_utils.c; sourceTree = SOURCE_ROOT; };
- 8D30A9830EACB0EA00A8A8EA /* zrtp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp.h; path = ../../include/zrtp.h; sourceTree = SOURCE_ROOT; };
- 8D30A9840EACB0EA00A8A8EA /* zrtp_config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_config.h; path = ../../include/zrtp_config.h; sourceTree = SOURCE_ROOT; };
- 8D30A9850EACB0EA00A8A8EA /* zrtp_config_user.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_config_user.h; path = ../../include/zrtp_config_user.h; sourceTree = SOURCE_ROOT; };
- 8D30A9860EACB0EA00A8A8EA /* zrtp_crypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_crypto.h; path = ../../include/zrtp_crypto.h; sourceTree = SOURCE_ROOT; };
- 8D30A9890EACB0EA00A8A8EA /* zrtp_error.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_error.h; path = ../../include/zrtp_error.h; sourceTree = SOURCE_ROOT; };
- 8D30A98A0EACB0EA00A8A8EA /* zrtp_iface.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_iface.h; path = ../../include/zrtp_iface.h; sourceTree = SOURCE_ROOT; };
- 8D30A98B0EACB0EA00A8A8EA /* zrtp_iface_system.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_iface_system.h; path = ../../include/zrtp_iface_system.h; sourceTree = SOURCE_ROOT; };
- 8D30A98C0EACB0EA00A8A8EA /* zrtp_legal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_legal.h; path = ../../include/zrtp_legal.h; sourceTree = SOURCE_ROOT; };
- 8D30A98D0EACB0EA00A8A8EA /* zrtp_list.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_list.h; path = ../../include/zrtp_list.h; sourceTree = SOURCE_ROOT; };
- 8D30A98E0EACB0EA00A8A8EA /* zrtp_log.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_log.h; path = ../../include/zrtp_log.h; sourceTree = SOURCE_ROOT; };
- 8D30A98F0EACB0EA00A8A8EA /* zrtp_pbx.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_pbx.h; path = ../../include/zrtp_pbx.h; sourceTree = SOURCE_ROOT; };
- 8D30A9900EACB0EA00A8A8EA /* zrtp_protocol.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_protocol.h; path = ../../include/zrtp_protocol.h; sourceTree = SOURCE_ROOT; };
- 8D30A9910EACB0EA00A8A8EA /* zrtp_srtp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_srtp.h; path = ../../include/zrtp_srtp.h; sourceTree = SOURCE_ROOT; };
- 8D30A9920EACB0EA00A8A8EA /* zrtp_srtp_builtin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_srtp_builtin.h; path = ../../include/zrtp_srtp_builtin.h; sourceTree = SOURCE_ROOT; };
- 8D30A9930EACB0EA00A8A8EA /* zrtp_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_string.h; path = ../../include/zrtp_string.h; sourceTree = SOURCE_ROOT; };
- 8D30A9940EACB0EA00A8A8EA /* zrtp_types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_types.h; path = ../../include/zrtp_types.h; sourceTree = SOURCE_ROOT; };
- 8D30A9A90EACB11400A8A8EA /* aes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = aes.h; path = ../../third_party/bgaes/aes.h; sourceTree = SOURCE_ROOT; };
- 8D30A9AA0EACB11400A8A8EA /* aes_modes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = aes_modes.c; path = ../../third_party/bgaes/aes_modes.c; sourceTree = SOURCE_ROOT; };
- 8D30A9AB0EACB11400A8A8EA /* aescrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = aescrypt.c; path = ../../third_party/bgaes/aescrypt.c; sourceTree = SOURCE_ROOT; };
- 8D30A9AC0EACB11400A8A8EA /* aeskey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = aeskey.c; path = ../../third_party/bgaes/aeskey.c; sourceTree = SOURCE_ROOT; };
- 8D30A9AD0EACB11400A8A8EA /* aesopt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = aesopt.h; path = ../../third_party/bgaes/aesopt.h; sourceTree = SOURCE_ROOT; };
- 8D30A9AE0EACB11400A8A8EA /* aestab.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = aestab.c; path = ../../third_party/bgaes/aestab.c; sourceTree = SOURCE_ROOT; };
- 8D30A9AF0EACB11400A8A8EA /* aestab.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = aestab.h; path = ../../third_party/bgaes/aestab.h; sourceTree = SOURCE_ROOT; };
- 8D30A9B00EACB11400A8A8EA /* bg2zrtp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = bg2zrtp.h; path = ../../third_party/bgaes/bg2zrtp.h; sourceTree = SOURCE_ROOT; };
- 8D30A9B10EACB11400A8A8EA /* brg_types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = brg_types.h; path = ../../third_party/bgaes/brg_types.h; sourceTree = SOURCE_ROOT; };
- 8D30A9B20EACB11400A8A8EA /* sha1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha1.c; path = ../../third_party/bgaes/sha1.c; sourceTree = SOURCE_ROOT; };
- 8D30A9B30EACB11400A8A8EA /* sha1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sha1.h; path = ../../third_party/bgaes/sha1.h; sourceTree = SOURCE_ROOT; };
- 8D30A9B40EACB11400A8A8EA /* sha2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha2.c; path = ../../third_party/bgaes/sha2.c; sourceTree = SOURCE_ROOT; };
- 8D30A9B50EACB11400A8A8EA /* sha2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sha2.h; path = ../../third_party/bgaes/sha2.h; sourceTree = SOURCE_ROOT; };
- 8D30A9DA0EACB51300A8A8EA /* bn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = bn.c; path = ../../third_party/bnlib/bn.c; sourceTree = SOURCE_ROOT; };
- 8D30A9DB0EACB51300A8A8EA /* bn.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = bn.h; path = ../../third_party/bnlib/bn.h; sourceTree = SOURCE_ROOT; };
- 8D30A9DC0EACB51300A8A8EA /* bn32.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = bn32.c; path = ../../third_party/bnlib/bn32.c; sourceTree = SOURCE_ROOT; };
- 8D30A9DD0EACB51300A8A8EA /* bn32.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = bn32.h; path = ../../third_party/bnlib/bn32.h; sourceTree = SOURCE_ROOT; };
- 8D30A9DE0EACB51300A8A8EA /* bntest32.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = bntest32.c; path = ../../third_party/bnlib/bntest32.c; sourceTree = SOURCE_ROOT; };
- 8D30A9DF0EACB51300A8A8EA /* lbn.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = lbn.h; path = ../../third_party/bnlib/lbn.h; sourceTree = SOURCE_ROOT; };
- 8D30A9E00EACB51300A8A8EA /* lbn16.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = lbn16.h; path = ../../third_party/bnlib/lbn16.h; sourceTree = SOURCE_ROOT; };
- 8D30A9E10EACB51300A8A8EA /* lbn32.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = lbn32.c; path = ../../third_party/bnlib/lbn32.c; sourceTree = SOURCE_ROOT; };
- 8D30A9E20EACB51300A8A8EA /* lbnmem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = lbnmem.c; path = ../../third_party/bnlib/lbnmem.c; sourceTree = SOURCE_ROOT; };
- 8D30A9E30EACB51300A8A8EA /* lbnmem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = lbnmem.h; path = ../../third_party/bnlib/lbnmem.h; sourceTree = SOURCE_ROOT; };
- 8D30A9E40EACB51300A8A8EA /* legal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = legal.c; path = ../../third_party/bnlib/legal.c; sourceTree = SOURCE_ROOT; };
- 8D30A9E50EACB51300A8A8EA /* legal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = legal.h; path = ../../third_party/bnlib/legal.h; sourceTree = SOURCE_ROOT; };
- 8D30AB7B0EADA86000A8A8EA /* zrtp_base.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_base.h; path = ../../include/zrtp_base.h; sourceTree = SOURCE_ROOT; };
- 8D30AE120EAE2BAB00A8A8EA /* zrtp_iface_sys.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_iface_sys.c; path = ../../src/zrtp_iface_sys.c; sourceTree = SOURCE_ROOT; };
- 8D30AFFF0EAF590400A8A8EA /* zrtp_log.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_log.c; path = ../../src/zrtp_log.c; sourceTree = SOURCE_ROOT; };
- 8D30B2A60EB0BA2600A8A8EA /* zrtp_utils_proto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_utils_proto.c; path = ../../src/zrtp_utils_proto.c; sourceTree = SOURCE_ROOT; };
- 8D4A9EDB0EC9E2E300F07172 /* zrtp_legal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_legal.c; path = ../../src/zrtp_legal.c; sourceTree = SOURCE_ROOT; };
- 8D4BE7680EC325A5003584D4 /* bninit32.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = bninit32.c; path = ../../third_party/bnlib/bninit32.c; sourceTree = SOURCE_ROOT; };
- 8DBAF5AD0EE91A8C00D34BFB /* zrtp_version.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_version.h; path = ../../include/zrtp_version.h; sourceTree = SOURCE_ROOT; };
- 8DCDA603119850ED006B39ED /* zrtp_engine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_engine.h; path = ../../include/zrtp_engine.h; sourceTree = SOURCE_ROOT; };
- 8DD1C11C0F36D4A500903190 /* zrtp_config_unix.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_config_unix.h; path = ../../include/zrtp_config_unix.h; sourceTree = SOURCE_ROOT; };
- 8DEE0793102FF96100B585AD /* zrtp_ec.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_ec.h; path = ../../include/zrtp_ec.h; sourceTree = SOURCE_ROOT; };
- 8DEE0794102FF96100B585AD /* zrtp_iface_cache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_iface_cache.h; path = ../../include/zrtp_iface_cache.h; sourceTree = SOURCE_ROOT; };
- 8DEE0795102FF96100B585AD /* zrtp_iface_scheduler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_iface_scheduler.h; path = ../../include/zrtp_iface_scheduler.h; sourceTree = SOURCE_ROOT; };
- 8DEE07AC102FF9BD00B585AD /* zrtp_crypto_ec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crypto_ec.c; path = ../../src/zrtp_crypto_ec.c; sourceTree = SOURCE_ROOT; };
- 8DEE07AD102FF9BD00B585AD /* zrtp_crypto_ecdh.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_crypto_ecdh.c; path = ../../src/zrtp_crypto_ecdh.c; sourceTree = SOURCE_ROOT; };
- 8DEE07AF102FF9BD00B585AD /* zrtp_engine_driven.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_engine_driven.c; path = ../../src/zrtp_engine_driven.c; sourceTree = SOURCE_ROOT; };
- 8DEE07B0102FF9BD00B585AD /* zrtp_iface_cache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_iface_cache.c; path = ../../src/zrtp_iface_cache.c; sourceTree = SOURCE_ROOT; };
- 8DEE07B1102FF9BD00B585AD /* zrtp_srtp_dm.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_srtp_dm.c; path = ../../src/zrtp_srtp_dm.c; sourceTree = SOURCE_ROOT; };
-/* End PBXFileReference section */
-
-/* Begin PBXFrameworksBuildPhase section */
- 8996E02C0EC9CA8C007D7FD5 /* Frameworks */ = {
- isa = PBXFrameworksBuildPhase;
- buildActionMask = 2147483647;
- files = (
- );
- runOnlyForDeploymentPostprocessing = 0;
- };
-/* End PBXFrameworksBuildPhase section */
-
-/* Begin PBXGroup section */
- 08FB7794FE84155DC02AAC07 /* libzrtp */ = {
- isa = PBXGroup;
- children = (
- 08FB7795FE84155DC02AAC07 /* Source */,
- C6A0FF2B0290797F04C91782 /* Documentation */,
- 1AB674ADFE9D54B511CA2CBB /* Products */,
- );
- name = libzrtp;
- sourceTree = "<group>";
- };
- 08FB7795FE84155DC02AAC07 /* Source */ = {
- isa = PBXGroup;
- children = (
- 8D30A9480EACB07700A8A8EA /* include */,
- 8D30A9490EACB08100A8A8EA /* src */,
- 8D30A94B0EACB09000A8A8EA /* bgaes */,
- 8D30A94A0EACB08600A8A8EA /* bnlib */,
- );
- name = Source;
- sourceTree = "<group>";
- };
- 1AB674ADFE9D54B511CA2CBB /* Products */ = {
- isa = PBXGroup;
- children = (
- 8996E0300EC9CA8C007D7FD5 /* libzrtp.a */,
- );
- name = Products;
- sourceTree = "<group>";
- };
- 8D30A9480EACB07700A8A8EA /* include */ = {
- isa = PBXGroup;
- children = (
- 8D30A9F60EACB53700A8A8EA /* config */,
- 8D30A9830EACB0EA00A8A8EA /* zrtp.h */,
- 8D30AB7B0EADA86000A8A8EA /* zrtp_base.h */,
- 8D30A9940EACB0EA00A8A8EA /* zrtp_types.h */,
- 8D30A9890EACB0EA00A8A8EA /* zrtp_error.h */,
- 8D30A98A0EACB0EA00A8A8EA /* zrtp_iface.h */,
- 8DCDA603119850ED006B39ED /* zrtp_engine.h */,
- 8DEE0794102FF96100B585AD /* zrtp_iface_cache.h */,
- 8DEE0795102FF96100B585AD /* zrtp_iface_scheduler.h */,
- 8D30A98B0EACB0EA00A8A8EA /* zrtp_iface_system.h */,
- 8D30A98C0EACB0EA00A8A8EA /* zrtp_legal.h */,
- 8D30A98D0EACB0EA00A8A8EA /* zrtp_list.h */,
- 8D30A98E0EACB0EA00A8A8EA /* zrtp_log.h */,
- 8D30A98F0EACB0EA00A8A8EA /* zrtp_pbx.h */,
- 8D30A9900EACB0EA00A8A8EA /* zrtp_protocol.h */,
- 8D30A9910EACB0EA00A8A8EA /* zrtp_srtp.h */,
- 8D30A9920EACB0EA00A8A8EA /* zrtp_srtp_builtin.h */,
- 8D30A9930EACB0EA00A8A8EA /* zrtp_string.h */,
- 8D30A9860EACB0EA00A8A8EA /* zrtp_crypto.h */,
- 8DEE0793102FF96100B585AD /* zrtp_ec.h */,
- 8DBAF5AD0EE91A8C00D34BFB /* zrtp_version.h */,
- );
- name = include;
- sourceTree = "<group>";
- };
- 8D30A9490EACB08100A8A8EA /* src */ = {
- isa = PBXGroup;
- children = (
- 8D30A9590EACB0D600A8A8EA /* zrtp.c */,
- 8D30A95B0EACB0D600A8A8EA /* zrtp_crc.c */,
- 8D30A95C0EACB0D600A8A8EA /* zrtp_crypto_aes.c */,
- 8D30A95D0EACB0D600A8A8EA /* zrtp_crypto_atl.c */,
- 8D30A95E0EACB0D600A8A8EA /* zrtp_crypto_hash.c */,
- 8D30A95F0EACB0D600A8A8EA /* zrtp_crypto_pk.c */,
- 8D30A9600EACB0D600A8A8EA /* zrtp_crypto_sas.c */,
- 8DEE07AC102FF9BD00B585AD /* zrtp_crypto_ec.c */,
- 8DEE07AD102FF9BD00B585AD /* zrtp_crypto_ecdh.c */,
- 8D30A9610EACB0D600A8A8EA /* zrtp_datatypes.c */,
- 8D30A9620EACB0D600A8A8EA /* zrtp_engine.c */,
- 8DEE07AF102FF9BD00B585AD /* zrtp_engine_driven.c */,
- 8D30A9640EACB0D600A8A8EA /* zrtp_initiator.c */,
- 8D30A9680EACB0D600A8A8EA /* zrtp_responder.c */,
- 8D30A9650EACB0D600A8A8EA /* zrtp_list.c */,
- 8D30AFFF0EAF590400A8A8EA /* zrtp_log.c */,
- 8D30A9660EACB0D600A8A8EA /* zrtp_pbx.c */,
- 8D30A9670EACB0D600A8A8EA /* zrtp_protocol.c */,
- 8D30A9690EACB0D600A8A8EA /* zrtp_rng.c */,
- 8D30A96A0EACB0D600A8A8EA /* zrtp_srtp_builtin.c */,
- 8DEE07B1102FF9BD00B585AD /* zrtp_srtp_dm.c */,
- 8D30A96C0EACB0D600A8A8EA /* zrtp_string.c */,
- 8D30A96D0EACB0D600A8A8EA /* zrtp_utils.c */,
- 8D30B2A60EB0BA2600A8A8EA /* zrtp_utils_proto.c */,
- 8D4A9EDB0EC9E2E300F07172 /* zrtp_legal.c */,
- 8D30AE120EAE2BAB00A8A8EA /* zrtp_iface_sys.c */,
- 8D30A9520EACB0C700A8A8EA /* zrtp_iface_scheduler.c */,
- 8DEE07B0102FF9BD00B585AD /* zrtp_iface_cache.c */,
- );
- name = src;
- sourceTree = "<group>";
- };
- 8D30A94A0EACB08600A8A8EA /* bnlib */ = {
- isa = PBXGroup;
- children = (
- 8D4BE7680EC325A5003584D4 /* bninit32.c */,
- 8D30A9DA0EACB51300A8A8EA /* bn.c */,
- 8D30A9DB0EACB51300A8A8EA /* bn.h */,
- 8D30A9DC0EACB51300A8A8EA /* bn32.c */,
- 8D30A9DD0EACB51300A8A8EA /* bn32.h */,
- 8D30A9DE0EACB51300A8A8EA /* bntest32.c */,
- 8D30A9DF0EACB51300A8A8EA /* lbn.h */,
- 8D30A9E00EACB51300A8A8EA /* lbn16.h */,
- 8D30A9E10EACB51300A8A8EA /* lbn32.c */,
- 8D30A9E20EACB51300A8A8EA /* lbnmem.c */,
- 8D30A9E30EACB51300A8A8EA /* lbnmem.h */,
- 8D30A9E40EACB51300A8A8EA /* legal.c */,
- 8D30A9E50EACB51300A8A8EA /* legal.h */,
- );
- name = bnlib;
- sourceTree = "<group>";
- };
- 8D30A94B0EACB09000A8A8EA /* bgaes */ = {
- isa = PBXGroup;
- children = (
- 8D30A9A90EACB11400A8A8EA /* aes.h */,
- 8D30A9AA0EACB11400A8A8EA /* aes_modes.c */,
- 8D30A9AB0EACB11400A8A8EA /* aescrypt.c */,
- 8D30A9AC0EACB11400A8A8EA /* aeskey.c */,
- 8D30A9AD0EACB11400A8A8EA /* aesopt.h */,
- 8D30A9AE0EACB11400A8A8EA /* aestab.c */,
- 8D30A9AF0EACB11400A8A8EA /* aestab.h */,
- 8D30A9B00EACB11400A8A8EA /* bg2zrtp.h */,
- 8D30A9B10EACB11400A8A8EA /* brg_types.h */,
- 8D30A9B20EACB11400A8A8EA /* sha1.c */,
- 8D30A9B30EACB11400A8A8EA /* sha1.h */,
- 8D30A9B40EACB11400A8A8EA /* sha2.c */,
- 8D30A9B50EACB11400A8A8EA /* sha2.h */,
- );
- name = bgaes;
- sourceTree = "<group>";
- };
- 8D30A9F60EACB53700A8A8EA /* config */ = {
- isa = PBXGroup;
- children = (
- 8D30A9840EACB0EA00A8A8EA /* zrtp_config.h */,
- 8D30A9850EACB0EA00A8A8EA /* zrtp_config_user.h */,
- 8DD1C11C0F36D4A500903190 /* zrtp_config_unix.h */,
- );
- name = config;
- sourceTree = "<group>";
- };
- C6A0FF2B0290797F04C91782 /* Documentation */ = {
- isa = PBXGroup;
- children = (
- );
- name = Documentation;
- sourceTree = "<group>";
- };
-/* End PBXGroup section */
-
-/* Begin PBXHeadersBuildPhase section */
- 8996DFD80EC9CA8C007D7FD5 /* Headers */ = {
- isa = PBXHeadersBuildPhase;
- buildActionMask = 2147483647;
- files = (
- 8D6EEBE70F0138AF00529121 /* zrtp_config.h in Headers */,
- 8D6EEBE80F0138AF00529121 /* zrtp_config_user.h in Headers */,
- 8D6EEBD70F01388C00529121 /* zrtp.h in Headers */,
- 8996E0000EC9CA8C007D7FD5 /* zrtp_base.h in Headers */,
- 8D6EEBD80F01388C00529121 /* zrtp_types.h in Headers */,
- 8D6EEBDA0F01388C00529121 /* zrtp_error.h in Headers */,
- 8D6EEBDB0F01388C00529121 /* zrtp_iface.h in Headers */,
- 8D6EEBDC0F01388C00529121 /* zrtp_iface_system.h in Headers */,
- 8D6EEBDD0F01388C00529121 /* zrtp_legal.h in Headers */,
- 8D6EEBDE0F01388C00529121 /* zrtp_list.h in Headers */,
- 8D6EEBDF0F01388C00529121 /* zrtp_log.h in Headers */,
- 8D6EEBE00F01388C00529121 /* zrtp_pbx.h in Headers */,
- 8D6EEBE10F01388C00529121 /* zrtp_protocol.h in Headers */,
- 8D6EEBE20F01388C00529121 /* zrtp_srtp.h in Headers */,
- 8D6EEBE30F01388C00529121 /* zrtp_srtp_builtin.h in Headers */,
- 8D6EEBE40F01388C00529121 /* zrtp_string.h in Headers */,
- 8D6EEBE50F01388C00529121 /* zrtp_crypto.h in Headers */,
- 8D6EEBE60F01388C00529121 /* zrtp_version.h in Headers */,
- 8996DFEA0EC9CA8C007D7FD5 /* aes.h in Headers */,
- 8996DFEB0EC9CA8C007D7FD5 /* aesopt.h in Headers */,
- 8996DFEC0EC9CA8C007D7FD5 /* aestab.h in Headers */,
- 8996DFED0EC9CA8C007D7FD5 /* bg2zrtp.h in Headers */,
- 8996DFEE0EC9CA8C007D7FD5 /* brg_types.h in Headers */,
- 8996DFEF0EC9CA8C007D7FD5 /* sha1.h in Headers */,
- 8996DFF00EC9CA8C007D7FD5 /* sha2.h in Headers */,
- 8996DFF10EC9CA8C007D7FD5 /* bn.h in Headers */,
- 8996DFF20EC9CA8C007D7FD5 /* bn32.h in Headers */,
- 8996DFF30EC9CA8C007D7FD5 /* lbn.h in Headers */,
- 8996DFF40EC9CA8C007D7FD5 /* lbn16.h in Headers */,
- 8996DFF50EC9CA8C007D7FD5 /* lbnmem.h in Headers */,
- 8996DFF60EC9CA8C007D7FD5 /* legal.h in Headers */,
- 8DD1C11E0F36D4A500903190 /* zrtp_config_unix.h in Headers */,
- 8DEE0799102FF96100B585AD /* zrtp_ec.h in Headers */,
- 8DEE079A102FF96100B585AD /* zrtp_iface_cache.h in Headers */,
- 8DEE079B102FF96100B585AD /* zrtp_iface_scheduler.h in Headers */,
- 8DCDA604119850ED006B39ED /* zrtp_engine.h in Headers */,
- );
- runOnlyForDeploymentPostprocessing = 0;
- };
-/* End PBXHeadersBuildPhase section */
-
-/* Begin PBXNativeTarget section */
- 8996DFD70EC9CA8C007D7FD5 /* libzrtp */ = {
- isa = PBXNativeTarget;
- buildConfigurationList = 8996E02D0EC9CA8C007D7FD5 /* Build configuration list for PBXNativeTarget "libzrtp" */;
- buildPhases = (
- 8996DFD80EC9CA8C007D7FD5 /* Headers */,
- 8996E0030EC9CA8C007D7FD5 /* Sources */,
- 8996E02C0EC9CA8C007D7FD5 /* Frameworks */,
- );
- buildRules = (
- );
- dependencies = (
- );
- name = libzrtp;
- productName = libzrtp;
- productReference = 8996E0300EC9CA8C007D7FD5 /* libzrtp.a */;
- productType = "com.apple.product-type.library.static";
- };
-/* End PBXNativeTarget section */
-
-/* Begin PBXProject section */
- 08FB7793FE84155DC02AAC07 /* Project object */ = {
- isa = PBXProject;
- attributes = {
- LastUpgradeCheck = 0420;
- };
- buildConfigurationList = 1DEB91EF08733DB70010E9CD /* Build configuration list for PBXProject "libzrtp" */;
- compatibilityVersion = "Xcode 3.2";
- developmentRegion = English;
- hasScannedForEncodings = 1;
- knownRegions = (
- en,
- );
- mainGroup = 08FB7794FE84155DC02AAC07 /* libzrtp */;
- projectDirPath = "";
- projectRoot = "";
- targets = (
- 8DF95BE80EC06AAE00832CBC /* configure */,
- 8996DFD70EC9CA8C007D7FD5 /* libzrtp */,
- );
- };
-/* End PBXProject section */
-
-/* Begin PBXShellScriptBuildPhase section */
- 8DF95BE70EC06AAE00832CBC /* ShellScript */ = {
- isa = PBXShellScriptBuildPhase;
- buildActionMask = 2147483647;
- files = (
- );
- inputPaths = (
- );
- outputPaths = (
- );
- runOnlyForDeploymentPostprocessing = 0;
- shellPath = /bin/sh;
- shellScript = "cd ../../projects/gnu\n./configure\nexit 0";
- };
-/* End PBXShellScriptBuildPhase section */
-
-/* Begin PBXSourcesBuildPhase section */
- 8996E0030EC9CA8C007D7FD5 /* Sources */ = {
- isa = PBXSourcesBuildPhase;
- buildActionMask = 2147483647;
- files = (
- 8D6EEBBF0F01386E00529121 /* zrtp.c in Sources */,
- 8D6EEBC00F01386E00529121 /* zrtp_crc.c in Sources */,
- 8D6EEBC10F01386E00529121 /* zrtp_crypto_aes.c in Sources */,
- 8D6EEBC20F01386E00529121 /* zrtp_crypto_atl.c in Sources */,
- 8D6EEBC30F01386E00529121 /* zrtp_crypto_hash.c in Sources */,
- 8D6EEBC40F01386E00529121 /* zrtp_crypto_pk.c in Sources */,
- 8D6EEBC50F01386E00529121 /* zrtp_crypto_sas.c in Sources */,
- 8D6EEBC60F01386E00529121 /* zrtp_datatypes.c in Sources */,
- 8D6EEBC70F01386E00529121 /* zrtp_engine.c in Sources */,
- 8D6EEBC80F01386E00529121 /* zrtp_initiator.c in Sources */,
- 8D6EEBC90F01386E00529121 /* zrtp_responder.c in Sources */,
- 8D6EEBCA0F01386E00529121 /* zrtp_list.c in Sources */,
- 8996E0290EC9CA8C007D7FD5 /* zrtp_log.c in Sources */,
- 8D6EEBCB0F01386E00529121 /* zrtp_pbx.c in Sources */,
- 8D6EEBCC0F01386E00529121 /* zrtp_protocol.c in Sources */,
- 8D6EEBCD0F01386E00529121 /* zrtp_rng.c in Sources */,
- 8D6EEBCE0F01386E00529121 /* zrtp_srtp_builtin.c in Sources */,
- 8D6EEBCF0F01386E00529121 /* zrtp_string.c in Sources */,
- 8D6EEBD00F01386E00529121 /* zrtp_utils.c in Sources */,
- 8996E02A0EC9CA8C007D7FD5 /* zrtp_utils_proto.c in Sources */,
- 8D6EEBD10F01386E00529121 /* zrtp_legal.c in Sources */,
- 8996E01C0EC9CA8C007D7FD5 /* aes_modes.c in Sources */,
- 8996E01D0EC9CA8C007D7FD5 /* aescrypt.c in Sources */,
- 8D6EEBD30F01386E00529121 /* zrtp_iface_scheduler.c in Sources */,
- 8996E0280EC9CA8C007D7FD5 /* zrtp_iface_sys.c in Sources */,
- 8996E01E0EC9CA8C007D7FD5 /* aeskey.c in Sources */,
- 8996E01F0EC9CA8C007D7FD5 /* aestab.c in Sources */,
- 8996E0200EC9CA8C007D7FD5 /* sha1.c in Sources */,
- 8996E0210EC9CA8C007D7FD5 /* sha2.c in Sources */,
- 8996E0220EC9CA8C007D7FD5 /* bn.c in Sources */,
- 8996E0230EC9CA8C007D7FD5 /* bn32.c in Sources */,
- 8996E0240EC9CA8C007D7FD5 /* bntest32.c in Sources */,
- 8996E0250EC9CA8C007D7FD5 /* lbn32.c in Sources */,
- 8996E0260EC9CA8C007D7FD5 /* lbnmem.c in Sources */,
- 8996E0270EC9CA8C007D7FD5 /* legal.c in Sources */,
- 8996E02B0EC9CA8C007D7FD5 /* bninit32.c in Sources */,
- 8DEE07B2102FF9BD00B585AD /* zrtp_crypto_ec.c in Sources */,
- 8DEE07B3102FF9BD00B585AD /* zrtp_crypto_ecdh.c in Sources */,
- 8DEE07B5102FF9BD00B585AD /* zrtp_engine_driven.c in Sources */,
- 8DEE07B6102FF9BD00B585AD /* zrtp_iface_cache.c in Sources */,
- 8DEE07B7102FF9BD00B585AD /* zrtp_srtp_dm.c in Sources */,
- );
- runOnlyForDeploymentPostprocessing = 0;
- };
-/* End PBXSourcesBuildPhase section */
-
-/* Begin XCBuildConfiguration section */
- 1DEB91F008733DB70010E9CD /* Debug */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
- GCC_C_LANGUAGE_STANDARD = c99;
- GCC_OPTIMIZATION_LEVEL = 0;
- GCC_WARN_ABOUT_RETURN_TYPE = YES;
- GCC_WARN_UNUSED_VARIABLE = YES;
- ONLY_ACTIVE_ARCH = NO;
- SDKROOT = macosx;
- VALID_ARCHS = "i386 x86_64 ppc";
- };
- name = Debug;
- };
- 1DEB91F108733DB70010E9CD /* Release */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
- GCC_C_LANGUAGE_STANDARD = c99;
- GCC_WARN_ABOUT_RETURN_TYPE = YES;
- GCC_WARN_UNUSED_VARIABLE = YES;
- SDKROOT = macosx;
- VALID_ARCHS = "i386 x86_64 ppc";
- };
- name = Release;
- };
- 8996E02E0EC9CA8C007D7FD5 /* Debug */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
- ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
- COPY_PHASE_STRIP = NO;
- GCC_DYNAMIC_NO_PIC = NO;
- GCC_MODEL_TUNING = G5;
- GCC_OPTIMIZATION_LEVEL = 0;
- HEADER_SEARCH_PATHS = (
- "..\\..\\include\\bgaes",
- "..\\..\\third_party\\bnlib",
- "..\\..\\include",
- );
- INSTALL_PATH = /usr/local/lib;
- ONLY_ACTIVE_ARCH = NO;
- OTHER_CFLAGS = "";
- PRODUCT_NAME = zrtp;
- SDKROOT = macosx;
- SYMROOT = build;
- VALID_ARCHS = "i386 ppc x86_64";
- };
- name = Debug;
- };
- 8996E02F0EC9CA8C007D7FD5 /* Release */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
- ARCHS = "$(ARCHS_STANDARD_32_64_BIT)";
- DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
- GCC_MODEL_TUNING = G5;
- HEADER_SEARCH_PATHS = (
- "..\\..\\include\\bgaes",
- "..\\..\\third_party\\bnlib",
- "..\\..\\include",
- );
- INSTALL_PATH = /usr/local/lib;
- OTHER_CFLAGS = "-DZRTP_USE_ENTERPRISE=1";
- PRODUCT_NAME = zrtp;
- SDKROOT = macosx;
- VALID_ARCHS = "i386 ppc x86_64";
- };
- name = Release;
- };
- 8DF95BE90EC06AAF00832CBC /* Debug */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- COPY_PHASE_STRIP = NO;
- GCC_DYNAMIC_NO_PIC = NO;
- GCC_OPTIMIZATION_LEVEL = 0;
- PRODUCT_NAME = configure;
- };
- name = Debug;
- };
- 8DF95BEA0EC06AAF00832CBC /* Release */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- COPY_PHASE_STRIP = YES;
- DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
- PRODUCT_NAME = configure;
- ZERO_LINK = NO;
- };
- name = Release;
- };
-/* End XCBuildConfiguration section */
-
-/* Begin XCConfigurationList section */
- 1DEB91EF08733DB70010E9CD /* Build configuration list for PBXProject "libzrtp" */ = {
- isa = XCConfigurationList;
- buildConfigurations = (
- 1DEB91F008733DB70010E9CD /* Debug */,
- 1DEB91F108733DB70010E9CD /* Release */,
- );
- defaultConfigurationIsVisible = 0;
- defaultConfigurationName = Release;
- };
- 8996E02D0EC9CA8C007D7FD5 /* Build configuration list for PBXNativeTarget "libzrtp" */ = {
- isa = XCConfigurationList;
- buildConfigurations = (
- 8996E02E0EC9CA8C007D7FD5 /* Debug */,
- 8996E02F0EC9CA8C007D7FD5 /* Release */,
- );
- defaultConfigurationIsVisible = 0;
- defaultConfigurationName = Release;
- };
- 8DF95BEB0EC06ACD00832CBC /* Build configuration list for PBXAggregateTarget "configure" */ = {
- isa = XCConfigurationList;
- buildConfigurations = (
- 8DF95BE90EC06AAF00832CBC /* Debug */,
- 8DF95BEA0EC06AAF00832CBC /* Release */,
- );
- defaultConfigurationIsVisible = 0;
- defaultConfigurationName = Release;
- };
-/* End XCConfigurationList section */
- };
- rootObject = 08FB7793FE84155DC02AAC07 /* Project object */;
-}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<Workspace
- version = "1.0">
- <FileRef
- location = "self:libzrtp.xcodeproj">
- </FileRef>
-</Workspace>
+++ /dev/null
-// !$*UTF8*$!
-{
- archiveVersion = 1;
- classes = {
- };
- objectVersion = 46;
- objects = {
-
-/* Begin PBXBuildFile section */
- 8D6EECFF0F01458D00529121 /* zrtp_test_core.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D6EECF70F01458D00529121 /* zrtp_test_core.c */; };
- 8D6EED000F01458D00529121 /* zrtp_test_crypto.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D6EECF80F01458D00529121 /* zrtp_test_crypto.c */; };
- 8D6EED010F01458D00529121 /* zrtp_test_queue.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D6EECF90F01458D00529121 /* zrtp_test_queue.c */; };
- 8D6EED020F01458D00529121 /* zrtp_test_ui.c in Sources */ = {isa = PBXBuildFile; fileRef = 8D6EECFA0F01458D00529121 /* zrtp_test_ui.c */; };
- 8D6EED110F0145BF00529121 /* libzrtp.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 8D6EED0F0F0145AA00529121 /* libzrtp.a */; };
-/* End PBXBuildFile section */
-
-/* Begin PBXContainerItemProxy section */
- 8D6EED0E0F0145AA00529121 /* PBXContainerItemProxy */ = {
- isa = PBXContainerItemProxy;
- containerPortal = 8D6EED030F0145AA00529121 /* libzrtp.xcodeproj */;
- proxyType = 2;
- remoteGlobalIDString = 8996E0300EC9CA8C007D7FD5;
- remoteInfo = libzrtp_ec;
- };
- 8D6EED490F01487C00529121 /* PBXContainerItemProxy */ = {
- isa = PBXContainerItemProxy;
- containerPortal = 8D6EED030F0145AA00529121 /* libzrtp.xcodeproj */;
- proxyType = 1;
- remoteGlobalIDString = 8996DFD70EC9CA8C007D7FD5;
- remoteInfo = libzrtp_ec;
- };
-/* End PBXContainerItemProxy section */
-
-/* Begin PBXFileReference section */
- 8D6EEC500F013D2A00529121 /* libzrtp_test_ec */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = libzrtp_test_ec; sourceTree = BUILT_PRODUCTS_DIR; };
- 8D6EECF50F01450800529121 /* zrtp_test_core.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_test_core.h; path = ../../test/pc/zrtp_test_core.h; sourceTree = SOURCE_ROOT; };
- 8D6EECF60F01450800529121 /* zrtp_test_queue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = zrtp_test_queue.h; path = ../../test/pc/zrtp_test_queue.h; sourceTree = SOURCE_ROOT; };
- 8D6EECF70F01458D00529121 /* zrtp_test_core.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_test_core.c; path = ../../test/pc/zrtp_test_core.c; sourceTree = SOURCE_ROOT; };
- 8D6EECF80F01458D00529121 /* zrtp_test_crypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_test_crypto.c; path = ../../test/pc/zrtp_test_crypto.c; sourceTree = SOURCE_ROOT; };
- 8D6EECF90F01458D00529121 /* zrtp_test_queue.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_test_queue.c; path = ../../test/pc/zrtp_test_queue.c; sourceTree = SOURCE_ROOT; };
- 8D6EECFA0F01458D00529121 /* zrtp_test_ui.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = zrtp_test_ui.c; path = ../../test/pc/zrtp_test_ui.c; sourceTree = SOURCE_ROOT; };
- 8D6EED030F0145AA00529121 /* libzrtp.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; path = libzrtp.xcodeproj; sourceTree = "<group>"; };
-/* End PBXFileReference section */
-
-/* Begin PBXFrameworksBuildPhase section */
- 8D6EEC4E0F013D2A00529121 /* Frameworks */ = {
- isa = PBXFrameworksBuildPhase;
- buildActionMask = 2147483647;
- files = (
- 8D6EED110F0145BF00529121 /* libzrtp.a in Frameworks */,
- );
- runOnlyForDeploymentPostprocessing = 0;
- };
-/* End PBXFrameworksBuildPhase section */
-
-/* Begin PBXGroup section */
- 08FB7794FE84155DC02AAC07 /* libzrtp_test */ = {
- isa = PBXGroup;
- children = (
- 8D6EED030F0145AA00529121 /* libzrtp.xcodeproj */,
- 08FB7795FE84155DC02AAC07 /* Source */,
- 1AB674ADFE9D54B511CA2CBB /* Products */,
- );
- name = libzrtp_test;
- sourceTree = "<group>";
- };
- 08FB7795FE84155DC02AAC07 /* Source */ = {
- isa = PBXGroup;
- children = (
- 8DFEC0890F0125D3004540A4 /* include */,
- 8DFEC08A0F0125DE004540A4 /* src */,
- );
- name = Source;
- sourceTree = "<group>";
- };
- 1AB674ADFE9D54B511CA2CBB /* Products */ = {
- isa = PBXGroup;
- children = (
- 8D6EEC500F013D2A00529121 /* libzrtp_test_ec */,
- );
- name = Products;
- sourceTree = "<group>";
- };
- 8D6EED040F0145AA00529121 /* Products */ = {
- isa = PBXGroup;
- children = (
- 8D6EED0F0F0145AA00529121 /* libzrtp.a */,
- );
- name = Products;
- sourceTree = "<group>";
- };
- 8DFEC0890F0125D3004540A4 /* include */ = {
- isa = PBXGroup;
- children = (
- 8D6EECF50F01450800529121 /* zrtp_test_core.h */,
- 8D6EECF60F01450800529121 /* zrtp_test_queue.h */,
- );
- name = include;
- sourceTree = "<group>";
- };
- 8DFEC08A0F0125DE004540A4 /* src */ = {
- isa = PBXGroup;
- children = (
- 8D6EECF70F01458D00529121 /* zrtp_test_core.c */,
- 8D6EECF80F01458D00529121 /* zrtp_test_crypto.c */,
- 8D6EECF90F01458D00529121 /* zrtp_test_queue.c */,
- 8D6EECFA0F01458D00529121 /* zrtp_test_ui.c */,
- );
- name = src;
- sourceTree = "<group>";
- };
-/* End PBXGroup section */
-
-/* Begin PBXNativeTarget section */
- 8D6EEC4F0F013D2A00529121 /* libzrtp_test_ec */ = {
- isa = PBXNativeTarget;
- buildConfigurationList = 8D6EEC5D0F013D3E00529121 /* Build configuration list for PBXNativeTarget "libzrtp_test_ec" */;
- buildPhases = (
- 8D6EEC4D0F013D2A00529121 /* Sources */,
- 8D6EEC4E0F013D2A00529121 /* Frameworks */,
- );
- buildRules = (
- );
- dependencies = (
- 8D6EED4A0F01487C00529121 /* PBXTargetDependency */,
- );
- name = libzrtp_test_ec;
- productName = libzrtp_test_ec;
- productReference = 8D6EEC500F013D2A00529121 /* libzrtp_test_ec */;
- productType = "com.apple.product-type.tool";
- };
-/* End PBXNativeTarget section */
-
-/* Begin PBXProject section */
- 08FB7793FE84155DC02AAC07 /* Project object */ = {
- isa = PBXProject;
- attributes = {
- LastUpgradeCheck = 0410;
- };
- buildConfigurationList = 1DEB928908733DD80010E9CD /* Build configuration list for PBXProject "libzrtp_test" */;
- compatibilityVersion = "Xcode 3.2";
- developmentRegion = English;
- hasScannedForEncodings = 1;
- knownRegions = (
- en,
- );
- mainGroup = 08FB7794FE84155DC02AAC07 /* libzrtp_test */;
- projectDirPath = "";
- projectReferences = (
- {
- ProductGroup = 8D6EED040F0145AA00529121 /* Products */;
- ProjectRef = 8D6EED030F0145AA00529121 /* libzrtp.xcodeproj */;
- },
- );
- projectRoot = "";
- targets = (
- 8D6EEC4F0F013D2A00529121 /* libzrtp_test_ec */,
- );
- };
-/* End PBXProject section */
-
-/* Begin PBXReferenceProxy section */
- 8D6EED0F0F0145AA00529121 /* libzrtp.a */ = {
- isa = PBXReferenceProxy;
- fileType = archive.ar;
- path = libzrtp.a;
- remoteRef = 8D6EED0E0F0145AA00529121 /* PBXContainerItemProxy */;
- sourceTree = BUILT_PRODUCTS_DIR;
- };
-/* End PBXReferenceProxy section */
-
-/* Begin PBXSourcesBuildPhase section */
- 8D6EEC4D0F013D2A00529121 /* Sources */ = {
- isa = PBXSourcesBuildPhase;
- buildActionMask = 2147483647;
- files = (
- 8D6EECFF0F01458D00529121 /* zrtp_test_core.c in Sources */,
- 8D6EED000F01458D00529121 /* zrtp_test_crypto.c in Sources */,
- 8D6EED010F01458D00529121 /* zrtp_test_queue.c in Sources */,
- 8D6EED020F01458D00529121 /* zrtp_test_ui.c in Sources */,
- );
- runOnlyForDeploymentPostprocessing = 0;
- };
-/* End PBXSourcesBuildPhase section */
-
-/* Begin PBXTargetDependency section */
- 8D6EED4A0F01487C00529121 /* PBXTargetDependency */ = {
- isa = PBXTargetDependency;
- name = libzrtp_ec;
- targetProxy = 8D6EED490F01487C00529121 /* PBXContainerItemProxy */;
- };
-/* End PBXTargetDependency section */
-
-/* Begin XCBuildConfiguration section */
- 1DEB928A08733DD80010E9CD /* Debug */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ARCHS = "$(ARCHS_STANDARD_32_BIT)";
- GCC_C_LANGUAGE_STANDARD = c99;
- GCC_OPTIMIZATION_LEVEL = 0;
- GCC_WARN_ABOUT_RETURN_TYPE = YES;
- GCC_WARN_UNUSED_VARIABLE = YES;
- ONLY_ACTIVE_ARCH = YES;
- SDKROOT = macosx;
- };
- name = Debug;
- };
- 1DEB928B08733DD80010E9CD /* Release */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ARCHS = "$(ARCHS_STANDARD_32_BIT)";
- GCC_C_LANGUAGE_STANDARD = c99;
- GCC_WARN_ABOUT_RETURN_TYPE = YES;
- GCC_WARN_UNUSED_VARIABLE = YES;
- SDKROOT = macosx;
- };
- name = Release;
- };
- 8D6EEC520F013D2B00529121 /* Debug */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
- COPY_PHASE_STRIP = NO;
- GCC_DYNAMIC_NO_PIC = NO;
- GCC_MODEL_TUNING = G5;
- GCC_OPTIMIZATION_LEVEL = 0;
- HEADER_SEARCH_PATHS = (
- ../../third_party/bnlib,
- ../../third_party/bgaes,
- ../../projects/gnu/config,
- ../../include/enterprise,
- ../../include,
- );
- INSTALL_PATH = /usr/local/bin;
- LIBRARY_SEARCH_PATHS = (
- ../../third_party/bnlib,
- "\"$(SRCROOT)/../../../third_party/bnlib\"",
- );
- OTHER_CFLAGS = "";
- PRODUCT_NAME = libzrtp_test_ec;
- SYMROOT = build_test;
- };
- name = Debug;
- };
- 8D6EEC530F013D2B00529121 /* Release */ = {
- isa = XCBuildConfiguration;
- buildSettings = {
- ALWAYS_SEARCH_USER_PATHS = NO;
- COPY_PHASE_STRIP = YES;
- DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
- GCC_MODEL_TUNING = G5;
- HEADER_SEARCH_PATHS = (
- ../../third_party/bnlib,
- ../../third_party/bgaes,
- ../../projects/gnu/config,
- ../../include/enterprise,
- ../../include,
- );
- INSTALL_PATH = /usr/local/bin;
- LIBRARY_SEARCH_PATHS = (
- ../../include/third_party/bnlib,
- "\"$(SRCROOT)/../../../third_party/bnlib\"",
- );
- OTHER_CFLAGS = "-DZRTP_USE_ENTERPRISE=1";
- PRODUCT_NAME = libzrtp_test_ec;
- SYMROOT = build_test;
- ZERO_LINK = NO;
- };
- name = Release;
- };
-/* End XCBuildConfiguration section */
-
-/* Begin XCConfigurationList section */
- 1DEB928908733DD80010E9CD /* Build configuration list for PBXProject "libzrtp_test" */ = {
- isa = XCConfigurationList;
- buildConfigurations = (
- 1DEB928A08733DD80010E9CD /* Debug */,
- 1DEB928B08733DD80010E9CD /* Release */,
- );
- defaultConfigurationIsVisible = 0;
- defaultConfigurationName = Release;
- };
- 8D6EEC5D0F013D3E00529121 /* Build configuration list for PBXNativeTarget "libzrtp_test_ec" */ = {
- isa = XCConfigurationList;
- buildConfigurations = (
- 8D6EEC520F013D2B00529121 /* Debug */,
- 8D6EEC530F013D2B00529121 /* Release */,
- );
- defaultConfigurationIsVisible = 0;
- defaultConfigurationName = Release;
- };
-/* End XCConfigurationList section */
- };
- rootObject = 08FB7793FE84155DC02AAC07 /* Project object */;
-}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<Workspace
- version = "1.0">
- <FileRef
- location = "self:libzrtp_test.xcodeproj">
- </FileRef>
-</Workspace>
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp main"
-
-/*----------------------------------------------------------------------------*/
-extern zrtp_status_t zrtp_init_rng(zrtp_global_t* zrtp);
-extern void zrtp_down_rng(zrtp_global_t* zrtp);
-
-extern zrtp_status_t zrtp_defaults_sas(zrtp_global_t* global_ctx);
-extern zrtp_status_t zrtp_defaults_pkt(zrtp_global_t* global_ctx);
-extern zrtp_status_t zrtp_defaults_atl(zrtp_global_t* global_ctx);
-extern zrtp_status_t zrtp_defaults_aes_cipher(zrtp_global_t* global_ctx);
-extern zrtp_status_t zrtp_defaults_hash(zrtp_global_t* global_ctx);
-extern zrtp_status_t zrtp_prepare_pkt();
-extern zrtp_status_t zrtp_done_pkt();
-
-
-void zrtp_config_defaults(zrtp_config_t* config)
-{
- zrtp_memset(config, 0, sizeof(zrtp_config_t));
-
- zrtp_memcpy(config->client_id, "ZRTP def. peer", 15);
- config->lic_mode = ZRTP_LICENSE_MODE_PASSIVE;
-
- ZSTR_SET_EMPTY(config->def_cache_path);
- zrtp_zstrncpyc(ZSTR_GV(config->def_cache_path), "./zrtp_def_cache_path.dat", 25);
-
- config->cache_auto_store = 1; /* cache auto flushing should be enabled by default */
-
-#if (defined(ZRTP_USE_BUILTIN_CACHE) && (ZRTP_USE_BUILTIN_CACHE == 1))
- config->cb.cache_cb.on_init = zrtp_def_cache_init;
- config->cb.cache_cb.on_down = zrtp_def_cache_down;
- config->cb.cache_cb.on_put = zrtp_def_cache_put;
- config->cb.cache_cb.on_put_mitm = zrtp_def_cache_put_mitm;
- config->cb.cache_cb.on_get = zrtp_def_cache_get;
- config->cb.cache_cb.on_get_mitm = zrtp_def_cache_get_mitm;
- config->cb.cache_cb.on_set_verified = zrtp_def_cache_set_verified;
- config->cb.cache_cb.on_get_verified = zrtp_def_cache_get_verified;
- config->cb.cache_cb.on_reset_since = zrtp_def_cache_reset_since;
- config->cb.cache_cb.on_presh_counter_set = zrtp_def_cache_set_presh_counter;
- config->cb.cache_cb.on_presh_counter_get = zrtp_def_cache_get_presh_counter;
-#endif
-
-#if (defined(ZRTP_USE_BUILTIN_SCEHDULER) && (ZRTP_USE_BUILTIN_SCEHDULER == 1))
- config->cb.sched_cb.on_init = zrtp_def_scheduler_init;
- config->cb.sched_cb.on_down = zrtp_def_scheduler_down;
- config->cb.sched_cb.on_call_later = zrtp_def_scheduler_call_later;
- config->cb.sched_cb.on_cancel_call_later = zrtp_def_scheduler_cancel_call_later;
- config->cb.sched_cb.on_wait_call_later = zrtp_def_scheduler_wait_call_later;
-#endif
-}
-
-zrtp_status_t zrtp_init(zrtp_config_t* config, zrtp_global_t** zrtp)
-{
- zrtp_global_t* new_zrtp;
- zrtp_status_t s = zrtp_status_ok;
-
- ZRTP_LOG(3, (_ZTU_,"INITIALIZING LIBZRTP...\n"));
-
- /* Print out configuration setting */
- zrtp_print_env_settings(config);
-
- new_zrtp = zrtp_sys_alloc(sizeof(zrtp_global_t));
- if (!new_zrtp) {
- return zrtp_status_alloc_fail;
- }
- zrtp_memset(new_zrtp, 0, sizeof(zrtp_global_t));
-
- /*
- * Apply configuration according to the config
- */
- new_zrtp->lic_mode = config->lic_mode;
- new_zrtp->is_mitm = config->is_mitm;
- ZSTR_SET_EMPTY(new_zrtp->def_cache_path);
- zrtp_zstrcpy(ZSTR_GV(new_zrtp->def_cache_path), ZSTR_GV(config->def_cache_path));
- zrtp_memcpy(&new_zrtp->cb, &config->cb, sizeof(zrtp_callback_t));
- new_zrtp->cache_auto_store = config->cache_auto_store;
-
- ZSTR_SET_EMPTY(new_zrtp->client_id);
- zrtp_memset(new_zrtp->client_id.buffer, ' ', sizeof(zrtp_client_id_t));
- zrtp_zstrncpyc( ZSTR_GV(new_zrtp->client_id),
- (const char*)config->client_id,
- sizeof(zrtp_client_id_t));
-
- /*
- * General Initialization
- */
- init_mlist(&new_zrtp->sessions_head);
-
- zrtp_mutex_init(&new_zrtp->sessions_protector);
-
- init_mlist(&new_zrtp->hash_head);
- init_mlist(&new_zrtp->cipher_head);
- init_mlist(&new_zrtp->atl_head);
- init_mlist(&new_zrtp->pktype_head);
- init_mlist(&new_zrtp->sas_head);
-
- /* Init RNG context */
- s = zrtp_init_rng(new_zrtp);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! zrtp_init_rng() failed:%s.\n", zrtp_log_status2str(s)));
- return zrtp_status_rng_fail;
- }
-
- /* Initialize SRTP engine */
- s = zrtp_srtp_init(new_zrtp);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! zrtp_srtp_init() failed:<%s>\n", zrtp_log_status2str(s)));
- return zrtp_status_fail;
- }
-
- if (new_zrtp->cb.cache_cb.on_init) {
- s = new_zrtp->cb.cache_cb.on_init(new_zrtp);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! cache on_init() callback failed <%s>\n", zrtp_log_status2str(s)));
- zrtp_srtp_down(new_zrtp);
- return zrtp_status_fail;
- }
- }
-
- if (new_zrtp->cb.sched_cb.on_init) {
- s = new_zrtp->cb.sched_cb.on_init(new_zrtp);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! scheduler on_init() callback failed <%s>\n", zrtp_log_status2str(s)));
- zrtp_srtp_down(new_zrtp);
- return zrtp_status_fail;
- }
- }
-
- /* Load default crypto-components */
- zrtp_prepare_pkt(new_zrtp);
- zrtp_defaults_sas(new_zrtp);
- zrtp_defaults_pkt(new_zrtp);
- zrtp_defaults_atl(new_zrtp);
- zrtp_defaults_aes_cipher(new_zrtp);
- zrtp_defaults_hash(new_zrtp);
-
- *zrtp = new_zrtp;
-
- ZRTP_LOG(3, (_ZTU_,"INITIALIZING LIBZRTP - DONE\n"));
- return s;
-}
-
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_down(zrtp_global_t* zrtp)
-{
- ZRTP_LOG(3, (_ZTU_,"DESTROYING LIBZRTP...\n"));
-
- if (!zrtp) {
- return zrtp_status_bad_param;
- }
-
- zrtp_comp_done(ZRTP_CC_HASH, zrtp);
- zrtp_comp_done(ZRTP_CC_SAS, zrtp);
- zrtp_comp_done(ZRTP_CC_CIPHER, zrtp);
- zrtp_comp_done(ZRTP_CC_PKT, zrtp);
- zrtp_comp_done(ZRTP_CC_ATL, zrtp);
- zrtp_done_pkt(zrtp);
-
- zrtp_mutex_destroy(zrtp->sessions_protector);
-
- zrtp_srtp_down(zrtp);
-
- if (zrtp->cb.cache_cb.on_down) {
- zrtp->cb.cache_cb.on_down();
- }
- if (zrtp->cb.sched_cb.on_down) {
- zrtp->cb.sched_cb.on_down();
- }
-
- zrtp_down_rng(zrtp);
-
- zrtp_sys_free(zrtp);
-
- ZRTP_LOG(3, (_ZTU_,"DESTROYING LIBZRTP - DONE\n"));
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_session_init( zrtp_global_t* zrtp,
- zrtp_profile_t* profile,
- zrtp_zid_t zid,
- zrtp_signaling_role_t role,
- zrtp_session_t **session)
-{
- uint32_t i = 0;
- zrtp_status_t s = zrtp_status_fail;
- zrtp_session_t* new_session = NULL;
-
- if (!zrtp) {
- return zrtp_status_bad_param;
- }
-
- new_session = zrtp_sys_alloc(sizeof(zrtp_session_t));
- if (!new_session) {
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(new_session, 0, sizeof(zrtp_session_t));
- new_session->id = zrtp->sessions_count++;
-
- {
- zrtp_uchar32_t buff;
- ZRTP_LOG(3, (_ZTU_,"START SESSION INITIALIZATION. sID=%u.\n", new_session->id));
- ZRTP_LOG(3, (_ZTU_,"ZID=%s.\n", hex2str((const char*)zid, sizeof(zrtp_uchar12_t), (char*)buff, sizeof(buff)) ));
- }
-
- do {
- /*
- * Apply profile for the stream context: set flags and prepare Hello packet.
- * If profile structure isn't provided, generate default.
- */
- if (!profile) {
- ZRTP_LOG(1, (_ZTU_,"Profile in NULL - loading default one.\n"));
- zrtp_profile_defaults(&new_session->profile, zrtp);
- } else {
- ZRTP_LOG(1, (_ZTU_,"Loading User's profile:\n"));
- if (zrtp_status_ok != zrtp_profile_check(profile, zrtp)) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! Can't apply wrong profile to the session sID=%u.\n", new_session->id));
- break;
- }
-
- /* Adjust user's settings: force SHA-384 hash for ECDH-384P */
- if (zrtp_profile_find(profile, ZRTP_CC_PKT, ZRTP_PKTYPE_EC384P) > 0) {
- ZRTP_LOG(3, (_ZTU_,"User wants ECDH384 - auto-adjust profile to use SHA-384.\n"));
- profile->hash_schemes[0] = ZRTP_HASH_SHA384;
- profile->hash_schemes[1] = ZRTP_HASH_SHA256;
- profile->hash_schemes[2] = 0;
- }
-
- zrtp_memcpy(&new_session->profile, profile, sizeof(zrtp_profile_t));
-
- {
- int i;
- ZRTP_LOG(3, (_ZTU_," allowclear: %s\n", profile->allowclear?"ON":"OFF"));
- ZRTP_LOG(3, (_ZTU_," autosecure: %s\n", profile->autosecure?"ON":"OFF"));
- ZRTP_LOG(3, (_ZTU_," disclose_bit: %s\n", profile->disclose_bit?"ON":"OFF"));
- ZRTP_LOG(3, (_ZTU_," signal. role: %s\n", zrtp_log_sign_role2str(role)));
- ZRTP_LOG(3, (_ZTU_," TTL: %u\n", profile->cache_ttl));
-
- ZRTP_LOG(3, (_ZTU_," SAS schemes: "));
- i=0;
- while (profile->sas_schemes[i]) {
- ZRTP_LOGC(3, ("%.4s ", zrtp_comp_id2type(ZRTP_CC_SAS, profile->sas_schemes[i++])));
- }
- ZRTP_LOGC(3, ("\n")); ZRTP_LOG(1, (_ZTU_," Ciphers: "));
- i=0;
- while (profile->cipher_types[i]) {
- ZRTP_LOGC(3, ("%.4s ", zrtp_comp_id2type(ZRTP_CC_CIPHER, profile->cipher_types[i++])));
- }
- ZRTP_LOGC(3, ("\n")); ZRTP_LOG(1, (_ZTU_," PK schemes: "));
- i=0;
- while (profile->pk_schemes[i]) {
- ZRTP_LOGC(3, ("%.4s ", zrtp_comp_id2type(ZRTP_CC_PKT, profile->pk_schemes[i++])));
- }
- ZRTP_LOGC(3, ("\n")); ZRTP_LOG(1, (_ZTU_," ATL: "));
- i=0;
- while (profile->auth_tag_lens[i]) {
- ZRTP_LOGC(3, ("%.4s ", zrtp_comp_id2type(ZRTP_CC_ATL, profile->auth_tag_lens[i++])));
- }
- ZRTP_LOGC(3, ("\n")); ZRTP_LOG(1, (_ZTU_," Hashes: "));
- i=0;
- while (profile->hash_schemes[i]) {
- ZRTP_LOGC(3, ("%.4s ", zrtp_comp_id2type(ZRTP_CC_HASH, profile->hash_schemes[i++])));
- }
- ZRTP_LOGC(3, ("\n"));
- }
- }
-
- /* Set ZIDs */
- ZSTR_SET_EMPTY(new_session->zid);
- ZSTR_SET_EMPTY(new_session->peer_zid);
- zrtp_zstrncpyc(ZSTR_GV(new_session->zid), (const char*)zid, sizeof(zrtp_zid_t));
-
- new_session->zrtp = zrtp;
- new_session->signaling_role = role;
- new_session->mitm_alert_detected = 0;
-
- /*
- * Allocate memory for holding secrets and initialize with random values.
- * Actual values will be written from the cache at the beginning of the protocol.
- */
- new_session->secrets.rs1 = _zrtp_alloc_shared_secret(new_session);
- new_session->secrets.rs2 = _zrtp_alloc_shared_secret(new_session);
- new_session->secrets.auxs = _zrtp_alloc_shared_secret(new_session);
- new_session->secrets.pbxs = _zrtp_alloc_shared_secret(new_session);
-
- if ( !new_session->secrets.rs1 || !new_session->secrets.rs2 ||
- !new_session->secrets.auxs || !new_session->secrets.pbxs) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! Can't allocate shared secrets sID=%u\n.", new_session->id));
- s = zrtp_status_alloc_fail;
- break;
- }
-
- /* Initialize SAS values */
- ZSTR_SET_EMPTY(new_session->sas1);
- ZSTR_SET_EMPTY(new_session->sas2);
- ZSTR_SET_EMPTY(new_session->sasbin);
- ZSTR_SET_EMPTY(new_session->zrtpsess);
-
- /* Clear all stream structures */
- for (i=0; i<ZRTP_MAX_STREAMS_PER_SESSION ; i++) {
- new_session->streams[i].state = ZRTP_STATE_NONE;
- new_session->streams[i].prev_state = ZRTP_STATE_NONE;
- new_session->streams[i].mode = ZRTP_STREAM_MODE_UNKN;
- }
-
- /* Initialize synchronization objects */
- s = zrtp_mutex_init(&new_session->streams_protector);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! can't initialize Stream protector. sID=%u.\n", new_session->id));
- break;
- }
- s = zrtp_mutex_init(&new_session->init_protector);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1, (_ZTU_,"ERROR! can't initialize Init protector. sID=%u.\n", new_session->id));
- break;
- }
-
- s = zrtp_status_ok;
- } while (0);
-
- if (zrtp_status_ok != s) {
- zrtp_sys_free(new_session);
- return s;
- }
-
- /* Add new session to the global list */
- zrtp_mutex_lock(zrtp->sessions_protector);
- mlist_add(&zrtp->sessions_head, &new_session->_mlist);
- zrtp_mutex_unlock(zrtp->sessions_protector);
-
- *session = new_session;
-
- ZRTP_LOG(3, (_ZTU_,"Session initialization - DONE. sID=%u.\n\n", new_session->id));
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-void zrtp_session_down(zrtp_session_t *session)
-{
- int i =0;
-
- if (!session) {
- return;
- }
-
- /* Stop ZRTP engine and clear all crypto sources for every stream in the session. */
- zrtp_mutex_lock(session->streams_protector);
- for(i=0; i<ZRTP_MAX_STREAMS_PER_SESSION; i++) {
- zrtp_stream_t *the_stream = &session->streams[i];
- zrtp_stream_stop(the_stream);
- }
- zrtp_mutex_unlock(session->streams_protector);
-
- /* Release memory allocated on initialization */
- if (session->secrets.rs1) {
- zrtp_sys_free(session->secrets.rs1);
- }
- if (session->secrets.rs2) {
- zrtp_sys_free(session->secrets.rs2);
- }
- if (session->secrets.auxs) {
- zrtp_sys_free(session->secrets.auxs);
- }
- if (session->secrets.pbxs) {
- zrtp_sys_free(session->secrets.pbxs);
- }
-
- /* We don't need the session key anymore - clear it */
- zrtp_wipe_zstring(ZSTR_GV(session->zrtpsess));
-
- /* Removing session from the global list */
- zrtp_mutex_lock(session->zrtp->sessions_protector);
- mlist_del(&session->_mlist);
- zrtp_mutex_unlock(session->zrtp->sessions_protector);
-
- zrtp_mutex_destroy(session->streams_protector);
- zrtp_mutex_destroy(session->init_protector);
-
- zrtp_sys_free(session);
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_stream_attach(zrtp_session_t *session, zrtp_stream_t** stream)
-{
- uint32_t i = 0;
- zrtp_status_t s = zrtp_status_fail;
- zrtp_stream_t* new_stream = NULL;
-
- ZRTP_LOG(3, (_ZTU_,"ATTACH NEW STREAM to sID=%d:\n", session->id));
-
- /*
- * Initialize first unused stream. If there are no available streams return error.
- */
- zrtp_mutex_lock(session->streams_protector);
- for (i=0; i<ZRTP_MAX_STREAMS_PER_SESSION; i++) {
- if (ZRTP_STATE_NONE == session->streams[i].state) {
- new_stream = &session->streams[i];
- zrtp_memset(new_stream, 0, sizeof(zrtp_stream_t));
- break;
- }
- }
- zrtp_mutex_unlock(session->streams_protector);
-
- if (!new_stream) {
- ZRTP_LOG(1, (_ZTU_,"\tWARNING! Can't attach one more stream. Limit is reached."
- " Use #ZRTP_MAX_STREAMS_PER_SESSION. sID=%u\n", session->id));
- return zrtp_status_alloc_fail;
- }
-
- /*
- * Initialize the private data stream with default initial values
- */
- zrtp_mutex_init(&new_stream->stream_protector);
- _zrtp_change_state(new_stream, ZRTP_STATE_ACTIVE);
- new_stream->mode = ZRTP_STREAM_MODE_CLEAR;
- new_stream->id = session->zrtp->streams_count++;
- new_stream->session = session;
- new_stream->zrtp = session->zrtp;
- new_stream->mitm_mode = ZRTP_MITM_MODE_UNKN;
- new_stream->is_hello_received = 0;
-
- ZSTR_SET_EMPTY(new_stream->cc.hmackey);
- ZSTR_SET_EMPTY(new_stream->cc.peer_hmackey);
- ZSTR_SET_EMPTY(new_stream->cc.zrtp_key);
- ZSTR_SET_EMPTY(new_stream->cc.peer_zrtp_key);
-
- new_stream->dh_cc.initialized_with = ZRTP_COMP_UNKN;
- bnBegin(&new_stream->dh_cc.peer_pv);
- ZSTR_SET_EMPTY(new_stream->dh_cc.dhss);
-
- ZRTP_LOG(3, (_ZTU_,"\tEmpty slot was found - initializing new stream with ID=%u.\n", new_stream->id));
-
- do {
- zrtp_string32_t hash_buff = ZSTR_INIT_EMPTY(hash_buff);
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, new_stream->zrtp);
- s = zrtp_status_algo_fail;
-
- if (sizeof(uint16_t) != zrtp_randstr( new_stream->zrtp,
- (uint8_t*)&new_stream->media_ctx.high_out_zrtp_seq,
- sizeof(uint16_t))) {
- break;
- }
-
- /*
- * Compute and store message hashes to prevent DoS attacks.
- * Generate H0 as a random nonce and compute H1, H2 and H3
- * using the leftmost 128 bits from every hash.
- * Then insert these directly into the message structures.
- */
-
- zrtp_memset(&new_stream->messages, 0, sizeof(new_stream->messages));
- ZSTR_SET_EMPTY(new_stream->messages.h0);
- ZSTR_SET_EMPTY(new_stream->messages.signaling_hash);
-
- /* Generate Random nonce, compute H1 and store in the DH packet */
- new_stream->messages.h0.length = (uint16_t)zrtp_randstr( new_stream->zrtp,
- (unsigned char*)new_stream->messages.h0.buffer,
- ZRTP_MESSAGE_HASH_SIZE);
- if (ZRTP_MESSAGE_HASH_SIZE != new_stream->messages.h0.length) {
- break;
- }
-
- s = hash->hash(hash, ZSTR_GV(new_stream->messages.h0), ZSTR_GV(hash_buff));
- if (zrtp_status_ok != s) {
- break;
- }
- zrtp_memcpy(new_stream->messages.dhpart.hash, hash_buff.buffer, ZRTP_MESSAGE_HASH_SIZE);
-
- /* Compute H2 for the Commit */
- s = hash->hash_c(hash, (char*)new_stream->messages.dhpart.hash, ZRTP_MESSAGE_HASH_SIZE, ZSTR_GV(hash_buff));
- if (zrtp_status_ok != s) {
- break;
- }
- zrtp_memcpy(new_stream->messages.commit.hash, hash_buff.buffer, ZRTP_MESSAGE_HASH_SIZE);
-
- /* Compute H3 for the Hello message */
- s = hash->hash_c(hash, (char*)new_stream->messages.commit.hash, ZRTP_MESSAGE_HASH_SIZE, ZSTR_GV(hash_buff));
- if (zrtp_status_ok != s) {
- break;
- }
- zrtp_memcpy(new_stream->messages.hello.hash, hash_buff.buffer, ZRTP_MESSAGE_HASH_SIZE);
-
- s = zrtp_status_ok;
- } while (0);
-
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1, (_ZTU_,"\tERROR! Fail to compute messages hashes <%s>.\n", zrtp_log_status2str(s)));
- return s;
- }
-
- /*
- * Preparing HELLO based on user's profile
- */
- ZRTP_LOG(3, (_ZTU_,"\tPreparing ZRTP Hello according to the Session profile.\n"));
- {
- zrtp_packet_Hello_t* hello = &new_stream->messages.hello;
- uint8_t i = 0;
- int8_t* comp_ptr = NULL;
-
- /* Set Protocol Version and ClientID */
- zrtp_memcpy(hello->version, ZRTP_PROTOCOL_VERSION, ZRTP_VERSION_SIZE);
- zrtp_memcpy(hello->cliend_id, session->zrtp->client_id.buffer, session->zrtp->client_id.length);
-
- /* Set flags. */
- hello->pasive = (ZRTP_LICENSE_MODE_PASSIVE == session->zrtp->lic_mode) ? 1 : 0;
- hello->uflag = (ZRTP_LICENSE_MODE_UNLIMITED == session->zrtp->lic_mode) ? 1 : 0;
- hello->mitmflag = session->zrtp->is_mitm;
- hello->sigflag = 0;
-
- zrtp_memcpy(hello->zid, session->zid.buffer, session->zid.length);
-
- comp_ptr = (int8_t*)hello->comp;
- i = 0;
- while ( session->profile.hash_schemes[i]) {
- zrtp_memcpy( comp_ptr,
- zrtp_comp_id2type(ZRTP_CC_HASH, session->profile.hash_schemes[i++]),
- ZRTP_COMP_TYPE_SIZE );
- comp_ptr += ZRTP_COMP_TYPE_SIZE;
- }
- hello->hc = i;
-
- i = 0;
- while (session->profile.cipher_types[i]) {
- zrtp_memcpy( comp_ptr,
- zrtp_comp_id2type(ZRTP_CC_CIPHER, session->profile.cipher_types[i++]),
- ZRTP_COMP_TYPE_SIZE );
- comp_ptr += ZRTP_COMP_TYPE_SIZE;
- }
- hello->cc = i;
-
- i = 0;
- while (session->profile.auth_tag_lens[i] ) {
- zrtp_memcpy( comp_ptr,
- zrtp_comp_id2type(ZRTP_CC_ATL, session->profile.auth_tag_lens[i++]),
- ZRTP_COMP_TYPE_SIZE );
- comp_ptr += ZRTP_COMP_TYPE_SIZE;
- }
- hello->ac = i;
-
- i = 0;
- while (session->profile.pk_schemes[i] ) {
- zrtp_memcpy( comp_ptr,
- zrtp_comp_id2type(ZRTP_CC_PKT, session->profile.pk_schemes[i++]),
- ZRTP_COMP_TYPE_SIZE );
- comp_ptr += ZRTP_COMP_TYPE_SIZE;
- }
- hello->kc = i;
-
- i = 0;
- while (session->profile.sas_schemes[i]) {
- zrtp_memcpy( comp_ptr,
- zrtp_comp_id2type(ZRTP_CC_SAS, session->profile.sas_schemes[i++]),
- ZRTP_COMP_TYPE_SIZE );
- comp_ptr += ZRTP_COMP_TYPE_SIZE;
- }
- hello->sc = i;
-
- /*
- * Hmac will appear at the end of the message, after the dynamic portion.
- * i is the length of the dynamic part.
- */
- i = (hello->hc + hello->cc + hello->ac + hello->kc + hello->sc) * ZRTP_COMP_TYPE_SIZE;
- _zrtp_packet_fill_msg_hdr( new_stream,
- ZRTP_HELLO,
- ZRTP_HELLO_STATIC_SIZE + i + ZRTP_HMAC_SIZE,
- &hello->hdr);
- }
-
- *stream = new_stream;
-
- ZRTP_LOG(3, (_ZTU_,"ATTACH NEW STREAM - DONE.\n"));
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_signaling_hash_get( zrtp_stream_t* stream,
- char *hash_buff,
- uint32_t hash_buff_length)
-{
- zrtp_string32_t hash_str = ZSTR_INIT_EMPTY(hash_str);
- zrtp_hash_t *hash = NULL;
-
- if (!stream || !hash_buff) {
- return zrtp_status_bad_param;
- }
-
- if (ZRTP_SIGN_ZRTP_HASH_LENGTH > hash_buff_length) {
- return zrtp_status_buffer_size;
- }
-
- if (stream->state < ZRTP_STATE_ACTIVE) {
- return zrtp_status_wrong_state;
- }
-
- hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, stream->zrtp);
- hash->hash_c( hash,
- (const char*)&stream->messages.hello.hdr,
- zrtp_ntoh16(stream->messages.hello.hdr.length) * 4,
- ZSTR_GV(hash_str) );
-
- hex2str(hash_str.buffer, ZRTP_MESSAGE_HASH_SIZE, hash_buff, hash_buff_length);
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_signaling_hash_set( zrtp_stream_t* ctx,
- const char *hash_buff,
- uint32_t hash_buff_length)
-{
- if (!ctx || !hash_buff) {
- return zrtp_status_bad_param;
- }
-
- if (ZRTP_SIGN_ZRTP_HASH_LENGTH > hash_buff_length) {
- return zrtp_status_buffer_size;
- }
-
- if (ctx->state != ZRTP_STATE_ACTIVE) {
- return zrtp_status_wrong_state;
- }
-
- str2hex(hash_buff,
- ZRTP_SIGN_ZRTP_HASH_LENGTH,
- ctx->messages.signaling_hash.buffer,
- ctx->messages.signaling_hash.max_length);
- ctx->messages.signaling_hash.length = ZRTP_MESSAGE_HASH_SIZE;
-
- ZRTP_LOG(3, (_ZTU_,"SIGNALLING HAS was ADDED for the comparison. ID=%u\n", ctx->id));
- ZRTP_LOG(3, (_ZTU_,"Hash=%.*s.\n", ZRTP_SIGN_ZRTP_HASH_LENGTH, hash_buff));
-
- return zrtp_status_ok;
-}
-
-
-/*----------------------------------------------------------------------------*/
-static const char* zrtp_pkt2str[] = {
- "Preshared",
- "Multistream",
- "DH-2048",
- "ECDH-256",
- "DH-3072",
- "ECDH-384",
- "ECDH-521",
- "DH-4096"
-};
-
-static const char* zrtp_hash2str[] = {
- "SHA-256",
- "SHA1",
- "SHA-384"
-};
-
-static const char* zrtp_cipher2str[] = {
- "AES-128",
- "AES-256"
-};
-
-static const char* zrtp_atl2str[] = {
- "HMAC-SHA1 32 bit",
- "HMAC-SHA1 80 bit"
-};
-
-static const char* zrtp_sas2str[] = {
- "Base-32",
- "Base-256"
-};
-
-zrtp_status_t zrtp_session_get(zrtp_session_t *session, zrtp_session_info_t *info)
-{
- int i=0;
- if (!session || !info) {
- return zrtp_status_bad_param;
- }
-
- zrtp_memset(info, 0, sizeof(zrtp_session_info_t));
-
- ZSTR_SET_EMPTY(info->peer_clientid);
- ZSTR_SET_EMPTY(info->peer_version);
- ZSTR_SET_EMPTY(info->zid);
- ZSTR_SET_EMPTY(info->peer_zid);
- ZSTR_SET_EMPTY(info->sas1);
- ZSTR_SET_EMPTY(info->sasbin);
- ZSTR_SET_EMPTY(info->sas2);
- ZSTR_SET_EMPTY(info->auth_name);
- ZSTR_SET_EMPTY(info->cipher_name);
- ZSTR_SET_EMPTY(info->hash_name);
- ZSTR_SET_EMPTY(info->sas_name);
- ZSTR_SET_EMPTY(info->pk_name);
-
- info->id = session->id;
- zrtp_zstrcpy(ZSTR_GV(info->zid), ZSTR_GV(session->zid));
- zrtp_zstrcpy(ZSTR_GV(info->peer_zid), ZSTR_GV(session->peer_zid));
-
- for (i=0; i<ZRTP_MAX_STREAMS_PER_SESSION; i++) {
- zrtp_stream_t* full_stream = &session->streams[i];
- if ((full_stream->state > ZRTP_STATE_ACTIVE) && !ZRTP_IS_STREAM_FAST(full_stream))
- {
- zrtp_zstrcpyc(ZSTR_GV(info->pk_name), zrtp_pkt2str[full_stream->pubkeyscheme->base.id-1]);
-
- zrtp_zstrncpyc( ZSTR_GV(info->peer_clientid),
- (const char*)full_stream->messages.peer_hello.cliend_id, 16);
- zrtp_zstrncpyc( ZSTR_GV(info->peer_version),
- (const char*)full_stream->messages.peer_hello.version, 4);
-
- info->secrets_ttl = full_stream->cache_ttl;
- }
- }
-
- info->sas_is_ready = (session->zrtpsess.length > 0) ? 1 : 0;
- if (info->sas_is_ready) {
- zrtp_zstrcpy(ZSTR_GV(info->sas1), ZSTR_GV(session->sas1));
- zrtp_zstrcpy(ZSTR_GV(info->sas2), ZSTR_GV(session->sas2));
- zrtp_zstrcpy(ZSTR_GV(info->sasbin), ZSTR_GV(session->sasbin));
- info->sas_is_base256 = (ZRTP_SAS_BASE256 == session->sasscheme->base.id);
-
- info->sas_is_verified = 0;
- if (session->zrtp->cb.cache_cb.on_get_verified) {
- session->zrtp->cb.cache_cb.on_get_verified( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- &info->sas_is_verified);
- }
-
- zrtp_zstrcpyc(ZSTR_GV(info->hash_name), zrtp_hash2str[session->hash->base.id-1]);
- zrtp_zstrcpyc(ZSTR_GV(info->cipher_name), zrtp_cipher2str[session->blockcipher->base.id-1]);
- zrtp_zstrcpyc(ZSTR_GV(info->auth_name), zrtp_atl2str[session->authtaglength->base.id-1]);
- zrtp_zstrcpyc(ZSTR_GV(info->sas_name), zrtp_sas2str[session->sasscheme->base.id-1]);
-
- info->cached_flags = session->secrets.cached_curr;
- info->matches_flags= session->secrets.matches_curr;
- info->wrongs_flags = session->secrets.wrongs_curr;
- }
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_stream_get(zrtp_stream_t *stream, zrtp_stream_info_t *info)
-{
- if (!stream || !info) {
- return zrtp_status_bad_param;
- }
-
- zrtp_memset(info, 0, sizeof(zrtp_stream_info_t));
-
- info->id = stream->id;
- info->state = stream->state;
- info->mode = stream->mode;
- info->mitm_mode = stream->mitm_mode;
-
- if (stream->state > ZRTP_STATE_ACTIVE) {
- info->last_error = stream->last_error;
- info->peer_passive = stream->peer_passive;
- info->res_allowclear= stream->allowclear;
- info->peer_disclose = stream->peer_disclose_bit;
- info->peer_mitm = stream->peer_mitm_flag;
- }
-
- return zrtp_status_ok;
-}
-
-void zrtp_session_set_userdata(zrtp_session_t *session, void* udata) {
- session->usr_data = udata;
-}
-void* zrtp_session_get_userdata(zrtp_session_t *session) {
- return session->usr_data;
-}
-
-void zrtp_stream_set_userdata(zrtp_stream_t *stream, void* udata) {
- stream->usr_data = udata;
-}
-void* zrtp_stream_get_userdata(const zrtp_stream_t *stream) {
- return stream->usr_data;
-}
-
-/*----------------------------------------------------------------------------*/
-void zrtp_profile_defaults(zrtp_profile_t* profile, zrtp_global_t* zrtp)
-{
- zrtp_memset(profile, 0, sizeof(zrtp_profile_t));
-
- profile->autosecure = 1;
- profile->allowclear = 0;
- profile->discovery_optimization = 1;
- profile->cache_ttl = ZRTP_CACHE_DEFAULT_TTL;
-
- profile->sas_schemes[0] = ZRTP_SAS_BASE256;
- profile->sas_schemes[1] = ZRTP_SAS_BASE32;
- profile->cipher_types[0] = ZRTP_CIPHER_AES256;
- profile->cipher_types[1] = ZRTP_CIPHER_AES128;
- profile->auth_tag_lens[0] = ZRTP_ATL_HS32;
- profile->auth_tag_lens[1] = ZRTP_ATL_HS80;
- profile->hash_schemes[0] = ZRTP_HASH_SHA256;
-
- if (zrtp && (ZRTP_LICENSE_MODE_PASSIVE == zrtp->lic_mode)) {
- profile->pk_schemes[0] = ZRTP_PKTYPE_DH2048;
- profile->pk_schemes[1] = ZRTP_PKTYPE_EC256P;
- profile->pk_schemes[2] = ZRTP_PKTYPE_DH3072;
- } else {
- profile->pk_schemes[0] = ZRTP_PKTYPE_EC256P;
- profile->pk_schemes[1] = ZRTP_PKTYPE_DH3072;
- profile->pk_schemes[2] = ZRTP_PKTYPE_DH2048;
- }
- profile->pk_schemes[3] = ZRTP_PKTYPE_MULT;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_profile_check(const zrtp_profile_t* profile, zrtp_global_t* zrtp)
-{
- uint8_t i = 0;
-
- if (!profile || !zrtp) {
- return zrtp_status_bad_param;
- }
-
- /*
- * Fail if the required base components are not present in the profile.
- */
- if (0 > zrtp_profile_find(profile, ZRTP_CC_HASH, ZRTP_HASH_SHA256)) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't find 'SHA256 ' in profile.\n"));
- return zrtp_status_fail;
- }
-
- if (0 > zrtp_profile_find(profile, ZRTP_CC_SAS, ZRTP_SAS_BASE32)) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't find 'base32' in profile.\n"));
- return zrtp_status_fail;
- }
-
- if (0 > zrtp_profile_find(profile, ZRTP_CC_CIPHER, ZRTP_CIPHER_AES128)) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't find 'AES1287 ' in profile.\n"));
- return zrtp_status_fail;
- }
-
- if (0 > zrtp_profile_find(profile, ZRTP_CC_PKT, ZRTP_PKTYPE_DH3072)) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't find 'DH3K' in profile.\n"));
- return zrtp_status_fail;
- }
-
- if (0 > zrtp_profile_find(profile, ZRTP_CC_PKT, ZRTP_PKTYPE_MULT)) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't find 'Mult' in profile.\n"));
- return zrtp_status_fail;
- }
-
- if (0 > zrtp_profile_find(profile, ZRTP_CC_ATL, ZRTP_ATL_HS32)) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't find '32 ' in profile.\n"));
- return zrtp_status_fail;
- }
-
- if (0 > zrtp_profile_find(profile, ZRTP_CC_ATL, ZRTP_ATL_HS80)) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't find '80 ' in profile.\n"));
- return zrtp_status_fail;
- }
-
- /*
- * Check that each component in the profile is in the global set of components.
- */
- i = 0;
- while (profile->sas_schemes[i]) {
- if (!zrtp_comp_find(ZRTP_CC_SAS, profile->sas_schemes[i++], zrtp)) {
- return zrtp_status_fail;
- }
- }
-
- i = 0;
- while (profile->cipher_types[i]) {
- if (!zrtp_comp_find( ZRTP_CC_CIPHER, profile->cipher_types[i++], zrtp)) {
- return zrtp_status_fail;
- }
- }
-
- i = 0;
- while (profile->pk_schemes[i]) {
- if (!zrtp_comp_find(ZRTP_CC_PKT, profile->pk_schemes[i++], zrtp)) {
- return zrtp_status_fail;
- }
- }
-
- i = 0;
- while (profile->auth_tag_lens[i]) {
- if (!zrtp_comp_find(ZRTP_CC_ATL, profile->auth_tag_lens[i++], zrtp)) {
- return zrtp_status_fail;
- }
- }
-
- i = 0;
- while (profile->hash_schemes[i]) {
- if (!zrtp_comp_find(ZRTP_CC_HASH, profile->hash_schemes[i++], zrtp)) {
- return zrtp_status_fail;
- }
- }
-
- /* Can't use Preshared with No cahce */
- if (NULL == zrtp->cb.cache_cb.on_get) {
- i = 0;
- while (profile->pk_schemes[i]) {
- if (ZRTP_PKTYPE_PRESH == profile->pk_schemes[i++]) {
- ZRTP_LOG(1, (_ZTU_,"WARNING! can't use Preshared PK with no cache.\n"));
- return zrtp_status_fail;
- }
- }
- }
-
- return zrtp_status_ok;
-}
-
-
-/*----------------------------------------------------------------------------*/
-int zrtp_profile_find(const zrtp_profile_t* profile, zrtp_crypto_comp_t type, uint8_t id)
-
-{
- uint8_t* prof_elem = NULL;
- unsigned int i = 0;
-
- if (!profile || !id) {
- return -1;
- }
-
- switch (type)
- {
- case ZRTP_CC_HASH:
- prof_elem = (uint8_t*)profile->hash_schemes;
- break;
- case ZRTP_CC_SAS:
- prof_elem = (uint8_t*)profile->sas_schemes;
- break;
- case ZRTP_CC_CIPHER:
- prof_elem = (uint8_t*)profile->cipher_types;
- break;
- case ZRTP_CC_PKT:
- prof_elem = (uint8_t*)profile->pk_schemes;
- break;
- case ZRTP_CC_ATL:
- prof_elem = (uint8_t*)profile->auth_tag_lens;
- break;
- default:
- return -1;
- }
-
-
- i = 0;
- while ( prof_elem[i] ) {
- if (id == prof_elem[i++]) return i;
- }
-
- return -1;
-}
-
-
-/*============================================================================*/
-/* ZRTP components management part */
-/*============================================================================*/
-
-
-/*----------------------------------------------------------------------------*/
-#define DESTROY_COMP(mac_node, mac_tmp, mac_type, mac_head, mac_comp)\
-{ \
- mac_node = mac_tmp = NULL;\
- mac_comp = NULL;\
- mlist_for_each_safe(mac_node, mac_tmp, mac_head) \
- {\
- mac_comp = (zrtp_comp_t*) mlist_get_struct(mac_type, mlist, mac_node); \
- if (mac_comp->free)\
- mac_comp->free((mac_type*)mac_comp);\
- mlist_del(mac_node);\
- zrtp_sys_free(mac_comp);\
- } \
-}break
-
-zrtp_status_t zrtp_comp_done(zrtp_crypto_comp_t type, zrtp_global_t* zrtp)
-{
- mlist_t* node = NULL;
- mlist_t* tmp = NULL;
- zrtp_comp_t* comp = NULL;
-
- switch (type)
- {
- case ZRTP_CC_HASH:
- DESTROY_COMP(node, tmp, zrtp_hash_t, &zrtp->hash_head, comp);
- case ZRTP_CC_SAS:
- DESTROY_COMP(node, tmp, zrtp_sas_scheme_t, &zrtp->sas_head, comp);
- case ZRTP_CC_CIPHER:
- DESTROY_COMP(node, tmp, zrtp_cipher_t, &zrtp->cipher_head, comp);
- case ZRTP_CC_PKT:
- DESTROY_COMP(node, tmp, zrtp_pk_scheme_t, &zrtp->pktype_head, comp);
- case ZRTP_CC_ATL:
- DESTROY_COMP(node, tmp, zrtp_auth_tag_length_t, &zrtp->atl_head, comp);
- default:
- break;
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-#define ZRTP_COMP_INIT(mac_type, mac_head, mac_elem)\
-{\
- mac_type* mac_e = (mac_type*)mac_elem; \
- mlist_add_tail(mac_head, &mac_e->mlist);\
- if (mac_e->base.init)\
- mac_e->base.init((mac_type*)mac_e);\
-} break;\
-
-zrtp_status_t zrtp_comp_register( zrtp_crypto_comp_t type,
- void *comp,
- zrtp_global_t* zrtp )
-{
- switch (type)
- {
- case ZRTP_CC_HASH:
- ZRTP_COMP_INIT(zrtp_hash_t, &zrtp->hash_head, comp);
- case ZRTP_CC_SAS:
- ZRTP_COMP_INIT(zrtp_sas_scheme_t, &zrtp->sas_head, comp);
- case ZRTP_CC_CIPHER:
- ZRTP_COMP_INIT(zrtp_cipher_t, &zrtp->cipher_head, comp);
- case ZRTP_CC_ATL:
- ZRTP_COMP_INIT(zrtp_auth_tag_length_t, &zrtp->atl_head, comp);
- case ZRTP_CC_PKT:
- ZRTP_COMP_INIT(zrtp_pk_scheme_t, &zrtp->pktype_head, comp);
- default:
- break;
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-#define ZRTP_COMP_FIND(mac_head, mac_id, mac_type, res)\
-{\
- mlist_t* mac_node = NULL;\
- mlist_for_each(mac_node, mac_head)\
- {\
- zrtp_comp_t* mac_e = (zrtp_comp_t*) mlist_get_struct(mac_type, mlist, mac_node);\
- if ( mac_id == mac_e->id )\
- {\
- res = (mac_type*)mac_e;\
- break;\
- }\
- }\
-} break;
-
-void* zrtp_comp_find(zrtp_crypto_comp_t type, uint8_t id, zrtp_global_t* zrtp)
-{
- void* res = NULL;
-
- switch (type)
- {
- case ZRTP_CC_HASH:
- ZRTP_COMP_FIND(&zrtp->hash_head, id, zrtp_hash_t, res);
- case ZRTP_CC_SAS:
- ZRTP_COMP_FIND(&zrtp->sas_head, id, zrtp_sas_scheme_t, res);
- case ZRTP_CC_CIPHER:
- ZRTP_COMP_FIND(&zrtp->cipher_head, id, zrtp_cipher_t, res);
- case ZRTP_CC_PKT:
- ZRTP_COMP_FIND(&zrtp->pktype_head, id, zrtp_pk_scheme_t, res);
- case ZRTP_CC_ATL:
- ZRTP_COMP_FIND(&zrtp->atl_head, id, zrtp_auth_tag_length_t, res);
- default:
- break;
- }
-
- return res ;
-}
-
-/*----------------------------------------------------------------------------*/
-char* zrtp_comp_id2type(zrtp_crypto_comp_t type, uint8_t id)
-{
- if (ZRTP_COMP_UNKN == id)
- return "Unkn";
-
- switch (type)
- {
- case ZRTP_CC_HASH:
- switch (id)
- {
- case ZRTP_HASH_SHA256: return ZRTP_S256;
- case ZRTP_HASH_SHA384: return ZRTP_S384;
- default: return "Unkn";
- }
- break;
-
- case ZRTP_CC_SAS:
- switch (id)
- {
- case ZRTP_SAS_BASE32: return ZRTP_B32;
- case ZRTP_SAS_BASE256: return ZRTP_B256;
- default: return "Unkn";
- }
- break;
-
- case ZRTP_CC_CIPHER:
- switch (id)
- {
- case ZRTP_CIPHER_AES128: return ZRTP_AES1;
- case ZRTP_CIPHER_AES256: return ZRTP_AES3;
- default: return "Unkn";
- }
- break;
-
- case ZRTP_CC_PKT:
- switch (id)
- {
- case ZRTP_PKTYPE_PRESH: return ZRTP_PRESHARED;
- case ZRTP_PKTYPE_MULT: return ZRTP_MULT;
- case ZRTP_PKTYPE_DH2048: return ZRTP_DH2K;
- case ZRTP_PKTYPE_DH3072: return ZRTP_DH3K;
- case ZRTP_PKTYPE_EC256P: return ZRTP_EC256P;
- case ZRTP_PKTYPE_EC384P: return ZRTP_EC384P;
- case ZRTP_PKTYPE_EC521P: return ZRTP_EC521P;
- default: return "Unkn";
- }
- break;
-
- case ZRTP_CC_ATL:
- switch (id)
- {
- case ZRTP_ATL_HS32: return ZRTP_HS32;
- case ZRTP_ATL_HS80: return ZRTP_HS80;
- default: return "Unkn";
- }
- break;
-
- default:
- return "Unkn";
- }
-}
-
-/*----------------------------------------------------------------------------*/
-uint8_t zrtp_comp_type2id(zrtp_crypto_comp_t type, char* name)
-{
- switch (type)
- {
- case ZRTP_CC_HASH:
- if (!zrtp_memcmp(ZRTP_S256, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_HASH_SHA256;
- }
- if (!zrtp_memcmp(ZRTP_S384, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_HASH_SHA384;
- }
- break;
-
- case ZRTP_CC_SAS:
- if (!zrtp_memcmp(ZRTP_B32, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_SAS_BASE32;
- }
- if (!zrtp_memcmp(ZRTP_B256, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_SAS_BASE256;
- }
- break;
-
- case ZRTP_CC_CIPHER:
- if (!zrtp_memcmp(ZRTP_AES1, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_CIPHER_AES128;
- }
- if (!zrtp_memcmp(ZRTP_AES3, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_CIPHER_AES256;
- }
- break;
-
- case ZRTP_CC_PKT:
- if (!zrtp_memcmp(ZRTP_PRESHARED, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_PKTYPE_PRESH;
- }
- if (!zrtp_memcmp(ZRTP_MULT, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_PKTYPE_MULT;
- }
- if (!zrtp_memcmp(ZRTP_DH3K, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_PKTYPE_DH3072;
- }
- if (!zrtp_memcmp(ZRTP_DH2K, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_PKTYPE_DH2048;
- }
- if (!zrtp_memcmp(ZRTP_EC256P, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_PKTYPE_EC256P;
- }
- if (!zrtp_memcmp(ZRTP_EC384P, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_PKTYPE_EC384P;
- }
- if (!zrtp_memcmp(ZRTP_EC521P, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_PKTYPE_EC521P;
- }
- break;
-
- case ZRTP_CC_ATL:
- if ( !zrtp_memcmp(ZRTP_HS32, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_ATL_HS32;
- }
- if (!zrtp_memcmp(ZRTP_HS80, name, ZRTP_COMP_TYPE_SIZE)) {
- return ZRTP_ATL_HS80;
- }
- break;
-
- default:
- return 0;
- }
-
- return 0;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define ZRTP_CRC32C_POLY 0x1EDC6F41
-#define ZRTP_CRC32C(crc_c,c,d) (c=(c>>8)^crc_c[(c^(d))&0xFF])
-
-/*----------------------------------------------------------------------------*/
-uint32_t zrtp_generate_crc(const uint8_t* buff, uint32_t length)
-{
- uint32_t i=0;
- uint32_t crc32 = ~0L;
- uint32_t result;
- uint8_t byte0,byte1,byte2,byte3;
-
- static const uint32_t crc_c[256] =
- {
- 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L,
- 0xC79A971FL, 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL,
- 0x8AD958CFL, 0x78B2DBCCL, 0x6BE22838L, 0x9989AB3BL,
- 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L, 0x5E133C24L,
- 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
- 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L,
- 0x9A879FA0L, 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L,
- 0x5D1D08BFL, 0xAF768BBCL, 0xBC267848L, 0x4E4DFB4BL,
- 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L, 0x33ED7D2AL,
- 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
- 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L,
- 0x6DFE410EL, 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL,
- 0x30E349B1L, 0xC288CAB2L, 0xD1D83946L, 0x23B3BA45L,
- 0xF779DEAEL, 0x05125DADL, 0x1642AE59L, 0xE4292D5AL,
- 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
- 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L,
- 0x417B1DBCL, 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L,
- 0x86E18AA3L, 0x748A09A0L, 0x67DAFA54L, 0x95B17957L,
- 0xCBA24573L, 0x39C9C670L, 0x2A993584L, 0xD8F2B687L,
- 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
- 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L,
- 0x96BF4DCCL, 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L,
- 0xDBFC821CL, 0x2997011FL, 0x3AC7F2EBL, 0xC8AC71E8L,
- 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L, 0x0F36E6F7L,
- 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
- 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L,
- 0xEB1FCBADL, 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L,
- 0x2C855CB2L, 0xDEEEDFB1L, 0xCDBE2C45L, 0x3FD5AF46L,
- 0x7198540DL, 0x83F3D70EL, 0x90A324FAL, 0x62C8A7F9L,
- 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
- 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L,
- 0x3CDB9BDDL, 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L,
- 0x82F63B78L, 0x709DB87BL, 0x63CD4B8FL, 0x91A6C88CL,
- 0x456CAC67L, 0xB7072F64L, 0xA457DC90L, 0x563C5F93L,
- 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
- 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL,
- 0x92A8FC17L, 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L,
- 0x55326B08L, 0xA759E80BL, 0xB4091BFFL, 0x466298FCL,
- 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL, 0x0B21572CL,
- 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
- 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L,
- 0x65D122B9L, 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL,
- 0x2892ED69L, 0xDAF96E6AL, 0xC9A99D9EL, 0x3BC21E9DL,
- 0xEF087A76L, 0x1D63F975L, 0x0E330A81L, 0xFC588982L,
- 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
- 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L,
- 0x38CC2A06L, 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L,
- 0xFF56BD19L, 0x0D3D3E1AL, 0x1E6DCDEEL, 0xEC064EEDL,
- 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L, 0xD0DDD530L,
- 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
- 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL,
- 0x8ECEE914L, 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L,
- 0xD3D3E1ABL, 0x21B862A8L, 0x32E8915CL, 0xC083125FL,
- 0x144976B4L, 0xE622F5B7L, 0xF5720643L, 0x07198540L,
- 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
- 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL,
- 0xE330A81AL, 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL,
- 0x24AA3F05L, 0xD6C1BC06L, 0xC5914FF2L, 0x37FACCF1L,
- 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L, 0x7AB90321L,
- 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
- 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L,
- 0x34F4F86AL, 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL,
- 0x79B737BAL, 0x8BDCB4B9L, 0x988C474DL, 0x6AE7C44EL,
- 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L, 0xAD7D5351L,
- };
-
- for (i=0; i<length; i++) {
- ZRTP_CRC32C(crc_c, crc32, buff[i]);
- }
- result = ~crc32;
-
- /* result now holds the negated polynomial remainder;
- * since the table and algorithm is "reflected" [williams95].
- * That is, result has the same value as if we mapped the message
- * to a polynomial, computed the host-bit-order polynomial
- * remainder, performed final negation, then did an end-for-end
- * bit-reversal.
- * Note that a 32-bit bit-reversal is identical to four inplace
- * 8-bit reversals followed by an end-for-end byteswap.
- * In other words, the bits of each byte are in the right order,
- * but the bytes have been byteswapped. So we now do an explicit
- * byteswap. On a little-endian machine, this byteswap and
- * the final ntohl cancel out and could be elided.
- */
-
- byte0 = result & 0xff;
- byte1 = (result>>8) & 0xff;
- byte2 = (result>>16) & 0xff;
- byte3 = (result>>24) & 0xff;
-
- crc32 = ((byte0 << 24) | (byte1 << 16) | (byte2 << 8) | byte3);
- return ( crc32 );
-}
-
-
-/*----------------------------------------------------------------------------*/
-void _zrtp_packet_insert_crc(char* packet, uint32_t length)
-{
- uint32_t crc32;
- uint32_t* packet_crc = (uint32_t*) (packet + length - 4); /* Last 4 bytes contain CRC */
-
- *packet_crc = 0L;
- crc32 = zrtp_generate_crc((const uint8_t*)packet, length-4);
- *packet_crc = zrtp_hton32(crc32);
-}
-
-
-/*----------------------------------------------------------------------------*/
-int8_t _zrtp_packet_validate_crc(const char* packet, uint32_t length)
-{
- ZRTP_UNALIGNED(uint32_t)*packet_crc = 0;
- uint32_t original_crc32 = 0L;
- uint32_t crc32 = 0L;
-
- packet_crc = (uint32_t*) (packet + length - 4); /* Last 4 bytes contain CRC */
- original_crc32 = zrtp_ntoh32(*packet_crc);
- *packet_crc = 0L;
- crc32 = zrtp_generate_crc((const uint8_t*)packet, length-4);
- *packet_crc = zrtp_hton32(original_crc32);
-
- return !(original_crc32 == crc32);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- * Vitaly Rozhkov <v.rozhkov at soft-industry.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp cipher"
-
-typedef struct zrtp_aes_cfb_ctx {
- uint8_t mode;
- aes_encrypt_ctx aes_ctx[1];
- zrtp_v128_t iv;
-} zrtp_aes_cfb_ctx_t;
-
-typedef struct zrtp_aes_ctr_ctx {
- uint8_t mode;
- aes_encrypt_ctx aes_ctx[1];
- zrtp_v128_t salt;
- zrtp_v128_t counter;
-}zrtp_aes_ctr_ctx_t;
-
-
-/*===========================================================================*/
-/* Global AES functions */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_aes_cfb_stop(zrtp_cipher_t *self, void *cipher_ctx) {
- zrtp_memset(cipher_ctx, 0, sizeof(zrtp_aes_cfb_ctx_t));
- zrtp_sys_free(cipher_ctx);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes_ctr_stop(zrtp_cipher_t *self, void *cipher_ctx) {
- zrtp_memset(cipher_ctx, 0, sizeof(zrtp_aes_ctr_ctx_t));
- zrtp_sys_free(cipher_ctx);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes_stop(zrtp_cipher_t *self, void *cipher_ctx)
-{
- zrtp_status_t res;
- zrtp_cipher_mode_t *mode = (zrtp_cipher_mode_t*)cipher_ctx;
- switch (mode->mode) {
- case ZRTP_CIPHER_MODE_CTR:
- res = zrtp_aes_ctr_stop(self, cipher_ctx);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- res = zrtp_aes_cfb_stop(self, cipher_ctx);
- break;
- default:
- res = zrtp_status_bad_param;
- break;
- }
- return res;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_aes_cfb_set_iv(zrtp_cipher_t *self, void* cipher_ctx, zrtp_v128_t *iv)
-{
- zrtp_aes_cfb_ctx_t* ctx = (zrtp_aes_cfb_ctx_t*)cipher_ctx;
- zrtp_memcpy(&ctx->iv, iv, sizeof(zrtp_v128_t));
-
- /* clear previous context except the first byte (key length) */
- zrtp_bg_aes_mode_reset(ctx->aes_ctx);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes_ctr_set_iv(zrtp_cipher_t *self, void *cipher_ctx, zrtp_v128_t *iv )
-{
- zrtp_aes_ctr_ctx_t* ctx = (zrtp_aes_ctr_ctx_t*)cipher_ctx;
- zrtp_v128_xor(&ctx->counter, &ctx->salt, iv);
-
- /* clear previous context except the first byte (key length) */
- zrtp_bg_aes_mode_reset(ctx->aes_ctx);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes_set_iv(zrtp_cipher_t *self, void *cipher_ctx, zrtp_v128_t *iv )
-{
- zrtp_status_t res;
- zrtp_cipher_mode_t *mode = (zrtp_cipher_mode_t*)cipher_ctx;
-
- switch (mode->mode) {
- case ZRTP_CIPHER_MODE_CTR:
- res = zrtp_aes_ctr_set_iv(self, cipher_ctx, iv);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- res = zrtp_aes_cfb_set_iv(self, cipher_ctx, iv);
- break;
- default:
- res = zrtp_status_bad_param;
- break;
- }
- return res;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_aes_cfb_encrypt( zrtp_cipher_t *self,
- void* cipher_ctx,
- unsigned char *buf,
- int len) {
- zrtp_aes_cfb_ctx_t* ctx = (zrtp_aes_cfb_ctx_t*)cipher_ctx;
- AES_RETURN res = zrtp_bg_aes_cfb_encrypt(buf, buf, len, ctx->iv.v8, ctx->aes_ctx);
-
- return (EXIT_SUCCESS == res) ? zrtp_status_ok : zrtp_status_cipher_fail;
-}
-
-void zrtp_aes_ctr_inc(unsigned char *counter) {
- if(!(++counter[15])) {
- ++counter[14];
- }
-}
-
-zrtp_status_t zrtp_aes_ctr_encrypt( zrtp_cipher_t *self,
- void *cipher_ctx,
- unsigned char *buf,
- int len ) {
- zrtp_aes_ctr_ctx_t* ctx = (zrtp_aes_ctr_ctx_t*)cipher_ctx;
- AES_RETURN res = zrtp_bg_aes_ctr_crypt(buf, buf, len, ctx->counter.v8, zrtp_aes_ctr_inc, ctx->aes_ctx);
-
- return (EXIT_SUCCESS == res) ? zrtp_status_ok : zrtp_status_cipher_fail;
-}
-
-zrtp_status_t zrtp_aes_encrypt( zrtp_cipher_t *self,
- void *cipher_ctx,
- unsigned char *buf,
- int len)
-{
- zrtp_status_t res;
- zrtp_cipher_mode_t* mode = (zrtp_cipher_mode_t*)cipher_ctx;
- switch (mode->mode) {
- case ZRTP_CIPHER_MODE_CTR:
- res = zrtp_aes_ctr_encrypt(self, cipher_ctx, buf, len);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- res = zrtp_aes_cfb_encrypt(self, cipher_ctx, buf, len);
- break;
- default:
- res = zrtp_status_bad_param;
- break;
- }
- return res;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_aes_cfb_decrypt( zrtp_cipher_t *self,
- void* cipher_ctx,
- unsigned char *buf,
- int len) {
- zrtp_aes_cfb_ctx_t* ctx = (zrtp_aes_cfb_ctx_t*)cipher_ctx;
- AES_RETURN res = zrtp_bg_aes_cfb_decrypt(buf, buf, len, ctx->iv.v8, ctx->aes_ctx);
-
- return (EXIT_SUCCESS == res) ? zrtp_status_ok : zrtp_status_cipher_fail;
-}
-
-zrtp_status_t zrtp_aes_ctr_decrypt( zrtp_cipher_t *self,
- void *cipher_ctx,
- unsigned char *buf,
- int len) {
- zrtp_aes_ctr_ctx_t* ctx = (zrtp_aes_ctr_ctx_t*)cipher_ctx;
-
- AES_RETURN res = zrtp_bg_aes_ctr_crypt(buf, buf, len, ctx->counter.v8, zrtp_aes_ctr_inc, ctx->aes_ctx);
- return (EXIT_SUCCESS == res) ? zrtp_status_ok : zrtp_status_cipher_fail;
-}
-
-zrtp_status_t zrtp_aes_decrypt( zrtp_cipher_t *self,
- void *cipher_ctx,
- unsigned char *buf,
- int len)
-{
- zrtp_status_t res;
- zrtp_cipher_mode_t *mode = (zrtp_cipher_mode_t*)cipher_ctx;
-
- switch(mode->mode){
- case ZRTP_CIPHER_MODE_CTR:
- res = zrtp_aes_ctr_decrypt(self, cipher_ctx, buf, len);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- res = zrtp_aes_cfb_decrypt(self, cipher_ctx, buf, len);
- break;
- default:
- res = zrtp_status_bad_param;
- break;
- }
- return res;
-}
-
-
-/*===========================================================================*/
-/* AES 128 implementation */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-void *zrtp_aes_cfb128_start(zrtp_cipher_t *self, void *key, void *extra_data)
-{
- zrtp_aes_cfb_ctx_t *cipher_ctx = zrtp_sys_alloc(sizeof(zrtp_aes_cfb_ctx_t));
- if(NULL == cipher_ctx) {
- return NULL;
- }
- cipher_ctx->mode = ZRTP_CIPHER_MODE_CFB;
- zrtp_bg_aes_encrypt_key128(((zrtp_v128_t*)key)->v8, cipher_ctx->aes_ctx);
-
- return cipher_ctx;
-}
-
-
-void *zrtp_aes_ctr128_start( zrtp_cipher_t *self, void *key, void *extra_data)
-{
- zrtp_aes_ctr_ctx_t *cipher_ctx = zrtp_sys_alloc(sizeof(zrtp_aes_ctr_ctx_t));
- if(NULL == cipher_ctx) {
- return NULL;
- }
-
- cipher_ctx->mode = ZRTP_CIPHER_MODE_CTR;
- zrtp_memcpy(&cipher_ctx->salt, extra_data, sizeof(zrtp_v128_t)-2);
- cipher_ctx->salt.v8[14] = cipher_ctx->salt.v8[15] =0;
-
- zrtp_memset(&cipher_ctx->counter, 0, sizeof(zrtp_v128_t));
- zrtp_bg_aes_encrypt_key128(((zrtp_v128_t*)key)->v8, cipher_ctx->aes_ctx);
-
- return cipher_ctx;
-}
-
-void *zrtp_aes128_start( zrtp_cipher_t *self, void *key, void *extra_data, uint8_t mode)
-{
- void *ctx;
- switch (mode) {
- case ZRTP_CIPHER_MODE_CTR:
- ctx = zrtp_aes_ctr128_start(self, key, extra_data);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- ctx = zrtp_aes_cfb128_start(self, key, extra_data);
- break;
- default:
- ctx = NULL;
- break;
- };
- return ctx;
-}
-
-/*---------------------------------------------------------------------------*/
-/* Global CFB Test-Vectors */
-static uint8_t aes_cfb_test_key[32] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-};
-
-static uint8_t aes_cfb_test_iv[16] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
-};
-
-static uint8_t aes_cfb_test_buf1a[50] = {
- 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
- 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a
-};
-
-static uint8_t aes_cfb_test_buf1b[50];
-//static uint8_t aes_cfb_test_buf1c[50];
-
-static uint8_t aes_cfb_test_buf2a[50] = {
- 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
- 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89
-};
-
-static uint8_t aes_cfb_test_buf2b[50];
-
-static uint8_t aes_cfb_test_key3[32];
-static uint8_t aes_cfb_test_iv3[16];
-static uint8_t aes_cfb_test_buf3a[50];
-
-static uint8_t aes_cfb_test_buf3b[50] = {
- 0x66, 0xe9, 0x4b, 0xd4, 0xef, 0x8a, 0x2c, 0x3b,
- 0x88, 0x4c, 0xfa, 0x59, 0xca, 0x34, 0x2b, 0x2e,
- 0xf7, 0x95, 0xbd, 0x4a, 0x52, 0xe2, 0x9e, 0xd7,
- 0x13, 0xd3, 0x13, 0xfa, 0x20, 0xe9, 0x8d, 0xbc,
- 0xa1, 0x0c, 0xf6, 0x6d, 0x0f, 0xdd, 0xf3, 0x40,
- 0x53, 0x70, 0xb4, 0xbf, 0x8d, 0xf5, 0xbf, 0xb3,
- 0x47, 0xc7
-};
-
-uint8_t aes_cfb_test_buf3c[50] = {
- 0xdc, 0x95, 0xc0, 0x78, 0xa2, 0x40, 0x89, 0x89,
- 0xad, 0x48, 0xa2, 0x14, 0x92, 0x84, 0x20, 0x87,
- 0x08, 0xc3, 0x74, 0x84, 0x8c, 0x22, 0x82, 0x33,
- 0xc2, 0xb3, 0x4f, 0x33, 0x2b, 0xd2, 0xe9, 0xd3,
- 0x8b, 0x70, 0xc5, 0x15, 0xa6, 0x66, 0x3d, 0x38,
- 0xcd, 0xb8, 0xe6, 0x53, 0x2b, 0x26, 0x64, 0x91,
- 0x5d, 0x0d
-};
-
-/* Global CTR Test-Vectors */
-uint8_t aes_ctr_test_nonce[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-/* 258-bit AES CTR Test-Vectors */
-uint8_t aes_ctr_test_key256[48] = {
- 0x00, 0x01, 0x02, 0x03, 0x05, 0x06, 0x07, 0x08,
- 0x0A, 0x0B, 0x0C, 0x0D, 0x0F, 0x10, 0x11, 0x12,
- 0x14, 0x15, 0x16, 0x17, 0x19, 0x1A, 0x1B, 0x1C,
- 0x1E, 0x1F, 0x20, 0x21, 0x23, 0x24, 0x25, 0x26,
- 0x83, 0x4E, 0xAD, 0xFC, 0xCA, 0xC7, 0xE1, 0xB3,
- 0x06, 0x64, 0xB1, 0xAB, 0xA4, 0x48, 0x15, 0xAB
-};
-
-uint8_t aes_ctr_test_plaintext256[16] = {
- 0x83, 0x4E, 0xAD, 0xFC, 0xCA, 0xC7, 0xE1, 0xB3,
- 0x06, 0x64, 0xB1, 0xAB, 0xA4, 0x48, 0x15, 0xAB
-};
-
-uint8_t aes_ctr_test_ciphertext256[16] = {
- 0x5d, 0x8e, 0xfd, 0xe6, 0x69, 0x62, 0xbf, 0x49,
- 0xda, 0xe2, 0xea, 0xcf, 0x0b, 0x69, 0xe4, 0xf6
-};
-
-/* 128-bit AES CFB Test-Vectors */
-uint8_t aes_ctr_test_key128[32] = {
-0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
-0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
-0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0x00, 0x00
-};
-
-uint8_t aes_ctr_test_plaintext128[32] = {
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-
-uint8_t aes_ctr_test_ciphertext128[32] = {
-0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
-0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
-0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
-0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
-};
-
-
-zrtp_status_t zrtp_aes_cfb128_self_test(zrtp_cipher_t *self)
-{
-
- zrtp_status_t err = zrtp_status_fail;
- int i = 0;
- zrtp_v128_t tmp_iv;
- zrtp_aes_cfb_ctx_t *ctx = (zrtp_aes_cfb_ctx_t*)self->start( self,
- aes_cfb_test_key,
- NULL,
- ZRTP_CIPHER_MODE_CFB);
- if(NULL == ctx) {
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3, (_ZTU_,"128 bit AES CFB\n"));
- ZRTP_LOG(3, (_ZTU_,"1st test...\n"));
-
- zrtp_memcpy(aes_cfb_test_buf1b, aes_cfb_test_buf1a, sizeof(aes_cfb_test_buf1a));
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv, sizeof(aes_cfb_test_iv));
- self->set_iv(self, ctx, &tmp_iv);
-
- ZRTP_LOG(3, (_ZTU_,"\tencryption... "));
-
- err = self->encrypt(self, ctx, aes_cfb_test_buf1b, sizeof(aes_cfb_test_buf1b));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CFB encrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<16; i++) {
- if (aes_cfb_test_buf1b[i] != 0x00) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CFB failed on encrypt test"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_,"\tdecryption... "));
-
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv, sizeof(aes_cfb_test_iv));
-
- self->set_iv(self, ctx, &tmp_iv);
- err = self->decrypt(self, ctx, aes_cfb_test_buf1b, sizeof(aes_cfb_test_buf1b));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(3, ("ERROR! 128-bit AES CFB decrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<sizeof(aes_cfb_test_buf1a); i++) {
- if (aes_cfb_test_buf1b[i] != aes_cfb_test_buf1a[i]) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CFB failed on decrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- self->stop(self, ctx);
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_, "2nd test...\n"));
-
- ctx = self->start(self, aes_cfb_test_key3, NULL, ZRTP_CIPHER_MODE_CFB);
- if (NULL == ctx) {
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3, (_ZTU_, "\tencryption... "));
-
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv3, sizeof(tmp_iv));
- self->set_iv(self, ctx, &tmp_iv);
-
- err = self->encrypt(self, ctx, aes_cfb_test_buf3a, sizeof(aes_cfb_test_buf3a));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CFB encrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<sizeof(aes_cfb_test_buf3a); i++) {
- if (aes_cfb_test_buf3a[i] != aes_cfb_test_buf3b[i]) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CFB failed on encrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\tdecryption... "));
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv3, sizeof(tmp_iv));
- self->set_iv(self, ctx, &tmp_iv);
-
- err = self->decrypt(self, ctx, aes_cfb_test_buf3b, sizeof(aes_cfb_test_buf3b));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CFB decrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<sizeof(aes_cfb_test_buf3b); i++) {
- if (aes_cfb_test_buf3b[i] != 0x00) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CFB failed on decrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- ZRTP_LOGC(3, ("OK\n"));
-
- self->stop(self, ctx);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes_ctr128_self_test(zrtp_cipher_t *self)
-{
- uint8_t tmp_buf[32];
- zrtp_status_t err = zrtp_status_fail;
- int i;
-
- zrtp_aes_ctr_ctx_t *ctx = (zrtp_aes_ctr_ctx_t*)self->start( self,
- aes_ctr_test_key128,
- aes_ctr_test_key128+16,
- ZRTP_CIPHER_MODE_CTR);
-
- if (NULL == ctx) {
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3, (_ZTU_,"128 bit AES CTR\n"));
- ZRTP_LOG(3, (_ZTU_, "1st test...\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\tencryption... "));
-
- self->set_iv(self, ctx, (zrtp_v128_t*)aes_ctr_test_nonce);
-
- zrtp_memcpy(tmp_buf, aes_ctr_test_plaintext128, sizeof(tmp_buf));
- err = self->encrypt(self, ctx, tmp_buf, sizeof(tmp_buf));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 128-bit encrypt returns error %d\n", err));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
-
- for (i=0; i<sizeof(aes_ctr_test_ciphertext128); i++) {
- if (tmp_buf[i] != aes_ctr_test_ciphertext128[i]) {
- ZRTP_LOGC(1, ("ERROR! Fail on 128 bit encrypt test. i=%i\n", i));
- self->stop(self, ctx);
- return err;
- }
- }
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\tdecryption..."));
-
- self->set_iv(self, ctx, (zrtp_v128_t*)aes_ctr_test_nonce);
-
- err = self->decrypt(self, ctx, tmp_buf, sizeof(tmp_buf));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CTR decrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<sizeof(aes_ctr_test_plaintext128); i++) {
- if (tmp_buf[i] != aes_ctr_test_plaintext128[i]) {
- ZRTP_LOGC(1, ("ERROR! 128-bit AES CTR failed on decrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- self->stop(self, ctx);
- ZRTP_LOGC(3, ("OK\n"));
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes128_self_test(zrtp_cipher_t *self, uint8_t mode)
-{
- zrtp_status_t res;
- switch(mode){
- case ZRTP_CIPHER_MODE_CTR:
- res = zrtp_aes_ctr128_self_test(self);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- res = zrtp_aes_cfb128_self_test(self);
- break;
- default:
- res = zrtp_status_bad_param;
- break;
- }
- return res;
-}
-
-/*===========================================================================*/
-/* AES 256 implementation */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-void *zrtp_aes_cfb256_start(zrtp_cipher_t *self, void *key, void *extra_data)
-{
- zrtp_aes_cfb_ctx_t *cipher_ctx = zrtp_sys_alloc(sizeof(zrtp_aes_cfb_ctx_t));
- if(NULL == cipher_ctx) {
- return NULL;
- }
-
- cipher_ctx->mode = ZRTP_CIPHER_MODE_CFB;
- zrtp_bg_aes_encrypt_key256(((zrtp_v256_t*)key)->v8, cipher_ctx->aes_ctx);
- return cipher_ctx;
-}
-
-void *zrtp_aes_ctr256_start(zrtp_cipher_t *self, void *key, void *extra_data)
-{
- zrtp_aes_ctr_ctx_t *cipher_ctx = zrtp_sys_alloc(sizeof(zrtp_aes_ctr_ctx_t));
- if(NULL == cipher_ctx) {
- return NULL;
- }
-
- cipher_ctx->mode = ZRTP_CIPHER_MODE_CTR;
- zrtp_memcpy(&cipher_ctx->salt, extra_data, sizeof(zrtp_v128_t)-2);
- cipher_ctx->salt.v8[14] = cipher_ctx->salt.v8[15] =0;
-
- zrtp_memset(&cipher_ctx->counter, 0, sizeof(zrtp_v128_t));
-
- zrtp_bg_aes_encrypt_key256(((zrtp_v256_t*)key)->v8, cipher_ctx->aes_ctx);
-
- return cipher_ctx;
-}
-
-void *zrtp_aes256_start(zrtp_cipher_t *self, void *key, void *extra_data, uint8_t mode)
-{
- void *ctx = NULL;
- switch (mode) {
- case ZRTP_CIPHER_MODE_CTR:
- ctx = zrtp_aes_ctr256_start(self, key, extra_data);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- ctx = zrtp_aes_cfb256_start(self, key, extra_data);
- break;
- default:
- ctx = NULL;
- break;
- }
- return ctx;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_aes_cfb256_self_test(zrtp_cipher_t *self)
-{
- zrtp_status_t err;
- int i;
- zrtp_v128_t tmp_iv;
-
- zrtp_aes_cfb_ctx_t *ctx = (zrtp_aes_cfb_ctx_t*)self->start( self,
- aes_cfb_test_key,
- NULL,
- ZRTP_CIPHER_MODE_CFB);
- if (NULL == ctx) {
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3, (_ZTU_,"256 bit AES CFB\n"));
- ZRTP_LOG(3, (_ZTU_, "1st test...\n"));
-
- zrtp_memcpy(aes_cfb_test_buf2b, aes_cfb_test_buf2a, sizeof(aes_cfb_test_buf2a));
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv, sizeof(tmp_iv));
-
- ZRTP_LOG(3, (_ZTU_, "\tencryption... "));
-
- self->set_iv(self, ctx, &tmp_iv);
- err = self->encrypt(self, ctx, aes_cfb_test_buf2b, sizeof(aes_cfb_test_buf2b));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB encrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<16; i++) {
- if (aes_cfb_test_buf2b[i] != 0x00) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB failed on encrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\tdecryption... "));
-
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv, sizeof(tmp_iv));
- self->set_iv(self, ctx, &tmp_iv);
-
- err = self->decrypt(self, ctx, aes_cfb_test_buf2b, sizeof(aes_cfb_test_buf2b));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB decrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
- for (i=0; i<sizeof(aes_cfb_test_buf2b); i++) {
- if (aes_cfb_test_buf2b[i] != aes_cfb_test_buf2a[i]) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB failed on decrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- self->stop(self, ctx);
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_, "2nd test...\n"));
-
- ctx = self->start(self, aes_cfb_test_key3, NULL, ZRTP_CIPHER_MODE_CFB);
- if(NULL == ctx){
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3, (_ZTU_, "\tencryption..."));
-
- zrtp_memset (aes_cfb_test_buf3a, 0, sizeof(aes_cfb_test_buf3a));
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv3, sizeof(tmp_iv));
-
- self->set_iv(self, ctx, &tmp_iv);
- err = self->encrypt(self, ctx, aes_cfb_test_buf3a, sizeof(aes_cfb_test_buf3a));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB encrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<sizeof(aes_cfb_test_buf3a); i++) {
- if (aes_cfb_test_buf3a[i] != aes_cfb_test_buf3c[i]) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB failed on bit encrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\tdecryption..."));
-
- zrtp_memcpy(&tmp_iv, aes_cfb_test_iv3, sizeof(tmp_iv));
- self->set_iv(self, ctx, &tmp_iv);
-
- err = self->decrypt(self, ctx, aes_cfb_test_buf3c, sizeof(aes_cfb_test_buf3c));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB decrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<sizeof(aes_cfb_test_buf3c); i++) {
- if (aes_cfb_test_buf3c[i] != 0x00) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CFB failed on decrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- self->stop(self, ctx);
- ZRTP_LOGC(3, ("OK\n"));
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes_ctr256_self_test(zrtp_cipher_t *self)
-{
- uint8_t tmp_buf[32];
- zrtp_status_t err = zrtp_status_fail;
- int i;
-
- zrtp_aes_ctr_ctx_t *ctx = (zrtp_aes_ctr_ctx_t*)self->start( self,
- aes_ctr_test_key256,
- aes_ctr_test_key256+32,
- ZRTP_CIPHER_MODE_CTR);
- if (NULL == ctx) {
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3, (_ZTU_,"256 bit AES CTR\n"));
- ZRTP_LOG(3, (_ZTU_, "1st test...\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\tencryption... "));
-
- self->set_iv(self, ctx, (zrtp_v128_t*)aes_ctr_test_nonce);
-
- zrtp_memcpy(tmp_buf, aes_ctr_test_plaintext256, sizeof(aes_ctr_test_plaintext256));
- err = self->encrypt(self, ctx, tmp_buf, sizeof(aes_ctr_test_plaintext256));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 256-bit encrypt returns error %d\n", err));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
-
- for (i=0; i<sizeof(aes_ctr_test_ciphertext256); i++) {
- if (tmp_buf[i] != aes_ctr_test_ciphertext256[i]) {
- ZRTP_LOGC(1, ("ERROR! Fail on 256 bit encrypt test. i=%i\n", i));
- self->stop(self, ctx);
- return err;
- }
- }
-
- ZRTP_LOGC(3, ("OK\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\tdecryption..."));
-
- self->set_iv(self, ctx, (zrtp_v128_t*)aes_ctr_test_nonce);
-
- err = self->decrypt(self, ctx, tmp_buf, sizeof(tmp_buf));
- if (zrtp_status_ok != err) {
- ZRTP_LOGC(1, ("ERROR! 256-bit AES CTR decrypt returns error %d\n", err));
- self->stop(self, ctx);
- return err;
- }
-
- for (i=0; i<sizeof(aes_ctr_test_plaintext256); i++) {
- if (tmp_buf[i] != aes_ctr_test_plaintext256[i]) {
- ZRTP_LOGC(1, (_ZTU_, "ERROR! 256-bit AES CTR failed on decrypt test\n"));
- self->stop(self, ctx);
- return zrtp_status_fail;
- }
- }
- self->stop(self, ctx);
- ZRTP_LOGC(3, ("OK\n"));
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_aes256_self_test(zrtp_cipher_t *self, uint8_t mode)
-{
- zrtp_status_t res;
- switch (mode) {
- case ZRTP_CIPHER_MODE_CTR:
- res = zrtp_aes_ctr256_self_test(self);
- break;
- case ZRTP_CIPHER_MODE_CFB:
- res = zrtp_aes_cfb256_self_test(self);
- break;
- default:
- res = zrtp_status_bad_param;
- break;
- }
- return res;
-}
-
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_defaults_aes_cipher(zrtp_global_t* global_ctx)
-{
- zrtp_cipher_t* cipher_aes128 = zrtp_sys_alloc(sizeof(zrtp_cipher_t));
- zrtp_cipher_t* cipher_aes256 = zrtp_sys_alloc(sizeof(zrtp_cipher_t));
- if (!cipher_aes128 || !cipher_aes256) {
- if (cipher_aes128) {
- zrtp_sys_free(cipher_aes128);
- }
- if (cipher_aes256) {
- zrtp_sys_free(cipher_aes256);
- }
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(cipher_aes128, 0, sizeof(zrtp_cipher_t));
- zrtp_memset(cipher_aes256, 0, sizeof(zrtp_cipher_t));
-
- zrtp_memcpy(cipher_aes128->base.type, ZRTP_AES1, ZRTP_COMP_TYPE_SIZE);
- cipher_aes128->base.id = ZRTP_CIPHER_AES128;
- cipher_aes128->base.zrtp = global_ctx;
- cipher_aes128->start = zrtp_aes128_start;
- cipher_aes128->set_iv = zrtp_aes_set_iv;
- cipher_aes128->encrypt = zrtp_aes_encrypt;
- cipher_aes128->decrypt = zrtp_aes_decrypt;
- cipher_aes128->self_test = zrtp_aes128_self_test;
- cipher_aes128->stop = zrtp_aes_stop;
-
- zrtp_memcpy(cipher_aes256->base.type, ZRTP_AES3, ZRTP_COMP_TYPE_SIZE);
- cipher_aes256->base.id = ZRTP_CIPHER_AES256;
- cipher_aes256->base.zrtp = global_ctx;
- cipher_aes256->start = zrtp_aes256_start;
- cipher_aes256->set_iv = zrtp_aes_set_iv;
- cipher_aes256->encrypt = zrtp_aes_encrypt;
- cipher_aes256->decrypt = zrtp_aes_decrypt;
- cipher_aes256->self_test = zrtp_aes256_self_test;
- cipher_aes256->stop = zrtp_aes_stop;
-
- zrtp_comp_register(ZRTP_CC_CIPHER, cipher_aes128, global_ctx);
- zrtp_comp_register(ZRTP_CC_CIPHER, cipher_aes256, global_ctx);
-
- return zrtp_status_ok;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-
-/*============================================================================*/
-/* SRTP Auth Tag Length support */
-/*============================================================================*/
-
-zrtp_status_t zrtp_defaults_atl(zrtp_global_t* global_ctx)
-{
- zrtp_auth_tag_length_t* atl32 = zrtp_sys_alloc(sizeof(zrtp_auth_tag_length_t));
- zrtp_auth_tag_length_t* atl80 = zrtp_sys_alloc(sizeof(zrtp_auth_tag_length_t));
-
- if (!atl32 || !atl80) {
- if(atl32) zrtp_sys_free(atl32);
- if(atl80) zrtp_sys_free(atl80);
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(atl32, 0, sizeof(zrtp_auth_tag_length_t));
- zrtp_memcpy(atl32->base.type, ZRTP_HS32, ZRTP_COMP_TYPE_SIZE);
- atl32->base.id = ZRTP_ATL_HS32;
- atl32->base.zrtp = global_ctx;
- atl32->tag_length = 4;
-
- zrtp_memset(atl80, 0, sizeof(zrtp_auth_tag_length_t));
- zrtp_memcpy(atl80->base.type, ZRTP_HS80, ZRTP_COMP_TYPE_SIZE);
- atl80->base.id = ZRTP_ATL_HS80;
- atl80->base.zrtp = global_ctx;
- atl80->tag_length = 10;
-
- zrtp_comp_register(ZRTP_CC_ATL, atl32, global_ctx);
- zrtp_comp_register(ZRTP_CC_ATL, atl80, global_ctx);
-
- return zrtp_status_ok;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- */
-
-#include "zrtp.h"
-
-/* Size of extra random data to approximate a uniform distribution mod n */
-#define UNIFORMBYTES 8
-
-
-/*============================================================================*/
-/* Bignum Shorthand Functions */
-/*============================================================================*/
-
-int bnAddMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *mod)
-{
- bnAdd (rslt, n1);
- if (bnCmp (rslt, mod) >= 0) {
- bnSub (rslt, mod);
- }
- return 0;
-}
-
-int bnAddQMod_ (struct BigNum *rslt, unsigned n1, struct BigNum *mod)
-{
- bnAddQ (rslt, n1);
- if (bnCmp (rslt, mod) >= 0) {
- bnSub (rslt, mod);
- }
- return 0;
-}
-
-int bnSubMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *mod)
-{
- if (bnCmp (rslt, n1) < 0) {
- bnAdd (rslt, mod);
- }
- bnSub (rslt, n1);
- return 0;
-}
-
-int bnSubQMod_ (struct BigNum *rslt, unsigned n1, struct BigNum *mod)
-{
- if (bnCmpQ (rslt, n1) < 0) {
- bnAdd (rslt, mod);
- }
- bnSubQ (rslt, n1);
- return 0;
-}
-
-int bnMulMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *n2, struct BigNum *mod)
-{
- bnMul (rslt, n1, n2);
- bnMod (rslt, rslt, mod);
- return 0;
-}
-
-int bnMulQMod_ (struct BigNum *rslt, struct BigNum *n1, unsigned n2, struct BigNum *mod)
-{
- bnMulQ (rslt, n1, n2);
- bnMod (rslt, rslt, mod);
- return 0;
-}
-
-int bnSquareMod_ (struct BigNum *rslt, struct BigNum *n1, struct BigNum *mod)
-{
- bnSquare (rslt, n1);
- bnMod (rslt, rslt, mod);
- return 0;
-}
-
-
-/*============================================================================*/
-/* Elliptic Curve arithmetic */
-/*============================================================================*/
-
-/* Add two elliptic curve points. Any of them may be the same object. */
-int zrtp_ecAdd ( struct BigNum *rsltx, struct BigNum *rslty,
- struct BigNum *p1x, struct BigNum *p1y,
- struct BigNum *p2x, struct BigNum *p2y, struct BigNum *mod)
-{
- struct BigNum trsltx, trslty;
- struct BigNum t1, gam;
- struct BigNum bnzero;
-
- bnBegin (&bnzero);
-
- /* Check for an operand being zero */
- if (bnCmp (p1x, &bnzero) == 0 && bnCmp (p1y, &bnzero) == 0) {
- bnCopy (rsltx, p2x); bnCopy (rslty, p2y);
- bnEnd (&bnzero);
- return 0;
- }
- if (bnCmp (p2x, &bnzero) == 0 && bnCmp (p2y, &bnzero) == 0) {
- bnCopy (rsltx, p1x); bnCopy (rslty, p1y);
- bnEnd (&bnzero);
- return 0;
- }
-
- /* Check if p1 == -p2 and return 0 if so */
- if (bnCmp (p1x, p2x) == 0) {
- struct BigNum tsum;
- bnBegin (&tsum);
- bnCopy (&tsum, p1x);
- bnAddMod_ (&tsum, p2x, mod);
- if (bnCmp (&tsum, &bnzero) == 0) {
- bnSetQ (rsltx, 0); bnSetQ (rslty, 0);
- bnEnd (&tsum);
- bnEnd (&bnzero);
- return 0;
- }
- bnEnd (&tsum);
- }
-
- bnBegin (&t1);
- bnBegin (&gam);
- bnBegin (&trsltx);
- bnBegin (&trslty);
-
- /* Check for doubling, different formula for gamma */
- if (bnCmp (p1x, p2x) == 0 && bnCmp (p1y, p2y) == 0) {
- bnCopy (&t1, p1y);
- bnAddMod_ (&t1, p1y, mod);
- bnInv (&t1, &t1, mod);
- bnSquareMod_ (&gam, p1x, mod);
- bnMulQMod_ (&gam, &gam, 3, mod);
- bnSubQMod_ (&gam, 3, mod);
- bnMulMod_ (&gam, &gam, &t1, mod);
- } else {
- bnCopy (&t1, p2x);
- bnSubMod_ (&t1, p1x, mod);
- bnInv (&t1, &t1, mod);
- bnCopy (&gam, p2y);
- bnSubMod_ (&gam, p1y, mod);
- bnMulMod_ (&gam, &gam, &t1, mod);
- }
-
- bnSquareMod_ (&trsltx, &gam, mod);
- bnSubMod_ (&trsltx, p1x, mod);
- bnSubMod_ (&trsltx, p2x, mod);
-
- bnCopy (&trslty, p1x);
- bnSubMod_ (&trslty, &trsltx, mod);
- bnMulMod_ (&trslty, &trslty, &gam, mod);
- bnSubMod_ (&trslty, p1y, mod);
-
- bnCopy (rsltx, &trsltx);
- bnCopy (rslty, &trslty);
-
- bnEnd (&t1);
- bnEnd (&gam);
- bnEnd (&trsltx);
- bnEnd (&trslty);
- bnEnd (&bnzero);
-
- return 0;
-}
-
-int zrtp_ecMul ( struct BigNum *rsltx, struct BigNum *rslty, struct BigNum *mult,
- struct BigNum *basex, struct BigNum *basey, struct BigNum *mod)
-{
- struct BigNum bnzero;
- struct BigNum tbasex, tbasey;
- struct BigNum trsltx, trslty;
- struct BigNum tmult;
-
- bnBegin (&bnzero);
- bnBegin (&tbasex);
- bnBegin (&tbasey);
- bnBegin (&trsltx);
- bnBegin (&trslty);
- bnBegin (&tmult);
-
- /* Initialize result to 0 before additions */
- bnSetQ (&trsltx, 0);
- bnSetQ (&trslty, 0);
- /* Make copies of base and multiplier */
- bnCopy (&tbasex, basex);
- bnCopy (&tbasey, basey);
- bnCopy (&tmult, mult);
- while (bnCmp (&tmult, &bnzero) > 0) {
- /* Test lsb of mult */
- unsigned lsw = bnLSWord (&tmult);
- if (lsw & 1) {
- /* Add base to result */
- zrtp_ecAdd (&trsltx, &trslty, &trsltx, &trslty, &tbasex, &tbasey, mod);
- }
- /* Double the base */
- zrtp_ecAdd (&tbasex, &tbasey, &tbasex, &tbasey, &tbasex, &tbasey, mod);
- /* Shift multiplier right */
- bnRShift (&tmult, 1);
- }
-
- bnCopy (rsltx, &trsltx);
- bnCopy (rslty, &trslty);
-
- bnEnd (&bnzero);
- bnEnd (&tbasex);
- bnEnd (&tbasey);
- bnEnd (&trsltx);
- bnEnd (&trslty);
- bnEnd (&tmult);
- return 0;
-}
-
-
-
-/*----------------------------------------------------------------------------*/
-/* Choose a random point on the elliptic curve. */
-/* Provision is made to use a given point from test vectors. */
-/* pkx and pky are the output point, sv is output discrete log */
-/* Input base is Gx, Gy; curve field modulus is P; curve order is n. */
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_ec_random_point( zrtp_global_t *zrtp,
- struct BigNum *P,
- struct BigNum *n,
- struct BigNum *Gx,
- struct BigNum *Gy,
- struct BigNum *pkx,
- struct BigNum *pky,
- struct BigNum *sv,
- uint8_t *test_sv_data,
- size_t test_sv_data_len)
-{
- zrtp_status_t s = zrtp_status_fail;
- unsigned char* buffer = zrtp_sys_alloc(sizeof(zrtp_uchar1024_t));
-
- if (!buffer) {
- return zrtp_status_alloc_fail;
- }
- zrtp_memset(buffer, 0, sizeof(zrtp_uchar1024_t));
-
- do
- {
- if (test_sv_data_len != 0) {
- /* Force certain secret value */
- if (bnBytes(P) != test_sv_data_len) {
- break;
- }
- zrtp_memcpy(buffer+UNIFORMBYTES, test_sv_data, test_sv_data_len);
- } else {
- /* Choose random value, larger than needed so it will be uniform */
- if (bnBytes(P)+UNIFORMBYTES != (uint32_t)zrtp_randstr(zrtp, buffer, bnBytes(P)+UNIFORMBYTES)) {
- break; /* if we can't generate random string - fail initialization */
- }
- }
-
- bnInsertBigBytes(sv, (const unsigned char *)buffer, 0, bnBytes(P)+UNIFORMBYTES);
- bnMod(sv, sv, n);
- zrtp_ecMul(pkx, pky, sv, Gx, Gy, P);
-
- s = zrtp_status_ok;
- } while (0);
-
- if (buffer) {
- zrtp_sys_free(buffer);
- }
-
- return s;
-}
-
-
-/*============================================================================*/
-/* Curve parameters */
-/*============================================================================*/
-
-uint8_t P_256_data[] =
-{
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
-};
-
-uint8_t n_256_data[] =
-{
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
- 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
-};
-
-uint8_t b_256_data[] =
-{
- 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
- 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
- 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
- 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
-};
-
-uint8_t Gx_256_data[] =
-{
- 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
- 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
- 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
- 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96
-};
-
-uint8_t Gy_256_data[] =
-{
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
- 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
- 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
- 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
-};
-
-
-
-uint8_t P_384_data[] =
-{
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF
-};
-
-uint8_t n_384_data[] =
-{
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF,
- 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A,
- 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
-};
-
-uint8_t b_384_data[] =
-{
- 0xb3, 0x31, 0x2f, 0xa7, 0xe2, 0x3e, 0xe7, 0xe4,
- 0x98, 0x8e, 0x05, 0x6b, 0xe3, 0xf8, 0x2d, 0x19,
- 0x18, 0x1d, 0x9c, 0x6e, 0xfe, 0x81, 0x41, 0x12,
- 0x03, 0x14, 0x08, 0x8f, 0x50, 0x13, 0x87, 0x5a,
- 0xc6, 0x56, 0x39, 0x8d, 0x8a, 0x2e, 0xd1, 0x9d,
- 0x2a, 0x85, 0xc8, 0xed, 0xd3, 0xec, 0x2a, 0xef
-};
-
-uint8_t Gx_384_data[] =
-{
- 0xaa, 0x87, 0xca, 0x22, 0xbe, 0x8b, 0x05, 0x37,
- 0x8e, 0xb1, 0xc7, 0x1e, 0xf3, 0x20, 0xad, 0x74,
- 0x6e, 0x1d, 0x3b, 0x62, 0x8b, 0xa7, 0x9b, 0x98,
- 0x59, 0xf7, 0x41, 0xe0, 0x82, 0x54, 0x2a, 0x38,
- 0x55, 0x02, 0xf2, 0x5d, 0xbf, 0x55, 0x29, 0x6c,
- 0x3a, 0x54, 0x5e, 0x38, 0x72, 0x76, 0x0a, 0xb7
-};
-
-uint8_t Gy_384_data[] =
-{
- 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f,
- 0x5d, 0x9e, 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29,
- 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
- 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0,
- 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d,
- 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f
-};
-
-
-uint8_t P_521_data[] =
-{
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF
-};
-
-uint8_t n_521_data[] =
-{
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F,
- 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
- 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C,
- 0x47, 0xAE, 0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38,
- 0x64, 0x09
-};
-
-uint8_t b_521_data[] =
-{
- 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c,
- 0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85,
- 0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3,
- 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1,
- 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
- 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1,
- 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c,
- 0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50,
- 0x3f, 0x00
-};
-
-uint8_t Gx_521_data[] =
-{
- 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04,
- 0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95,
- 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
- 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d,
- 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
- 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
- 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a,
- 0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5,
- 0xbd, 0x66
-};
-
-uint8_t Gy_521_data[] =
-{
- 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b,
- 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d,
- 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
- 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e,
- 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
- 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
- 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72,
- 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1,
- 0x66, 0x50
-};
-
-/*----------------------------------------------------------------------------*/
-/* Initialize the curve parameters struct */
-zrtp_status_t zrtp_ec_init_params( struct zrtp_ec_params *params, uint32_t bits )
-{
- unsigned ec_bytes = (bits+7) / 8;
- params->ec_bits = bits;
- switch (bits) {
- case 256:
- zrtp_memcpy (params->P_data, P_256_data, ec_bytes);
- zrtp_memcpy (params->n_data, n_256_data, ec_bytes);
- zrtp_memcpy (params->b_data, b_256_data, ec_bytes);
- zrtp_memcpy (params->Gx_data, Gx_256_data, ec_bytes);
- zrtp_memcpy (params->Gy_data, Gy_256_data, ec_bytes);
- break;
- case 384:
- zrtp_memcpy (params->P_data, P_384_data, ec_bytes);
- zrtp_memcpy (params->n_data, n_384_data, ec_bytes);
- zrtp_memcpy (params->b_data, b_384_data, ec_bytes);
- zrtp_memcpy (params->Gx_data, Gx_384_data, ec_bytes);
- zrtp_memcpy (params->Gy_data, Gy_384_data, ec_bytes);
- break;
- case 521:
- zrtp_memcpy (params->P_data, P_521_data, ec_bytes);
- zrtp_memcpy (params->n_data, n_521_data, ec_bytes);
- zrtp_memcpy (params->b_data, b_521_data, ec_bytes);
- zrtp_memcpy (params->Gx_data, Gx_521_data, ec_bytes);
- zrtp_memcpy (params->Gy_data, Gy_521_data, ec_bytes);
- break;
- default:
- return zrtp_status_bad_param;
- }
-
- return zrtp_status_ok;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- */
-
-#include "zrtp.h"
-
-
-#define _ZTU_ "zrtp ecdh"
-
-static unsigned get_pbits(zrtp_pk_scheme_t *self)
-{
- switch (self->base.id) {
- case ZRTP_PKTYPE_EC256P:
- return 256;
- break;
- case ZRTP_PKTYPE_EC384P:
- return 384;
- break;
- case ZRTP_PKTYPE_EC521P:
- return 521;
- break;
- default:
- return 0;
- }
-}
-
-/*============================================================================*/
-/* Shared Elliptic Curve functions */
-/* */
-/* The Elliptic Curve DH algorithm and key generation is from */
-/* NIST SP 800-56A. The curves used are from NSA Suite B, which */
-/* uses the same curves as ECDSA defined by FIPS 186-3, and are */
-/* also defined in RFC 4753, sections 3.1 through 3.3. */
-/* The validation procedures are from NIST SP 800-56A section 5.6.2.6, */
-/* method 3, ECC Partial Validation. */
-/*============================================================================*/
-
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_ecdh_init(void *s) {
- return zrtp_status_ok;
-}
-
-static zrtp_status_t zrtp_ecdh_free(void *s) {
- return zrtp_status_ok;
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Return dh_cc->pv holding public value and dh_cc->sv holding secret value */
-/* The public value is an elliptic curve point encoded as the x part shifted */
-/* left Pbits bits and or'd with the y part. */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_ecdh_initialize( zrtp_pk_scheme_t *self,
- zrtp_dh_crypto_context_t *dh_cc)
-{
- zrtp_status_t s = zrtp_status_fail;
- struct BigNum P, Gx, Gy, n;
- struct BigNum pkx, pky;
- unsigned ec_bytes = 0;
- unsigned pbits = 0;
- struct zrtp_ec_params ec_params;
- zrtp_time_t start_ts = zrtp_time_now();
-
- if (!self || !dh_cc) {
- return zrtp_status_bad_param;
- }
-
- pbits = get_pbits(self);
- if (!pbits) {
- return zrtp_status_bad_param;
- }
-
- zrtp_ec_init_params(&ec_params, pbits);
-
- ec_bytes = (ec_params.ec_bits+7) / 8;
-
- bnBegin(&P);
- bnInsertBigBytes(&P, ec_params.P_data, 0, ec_bytes );
- bnBegin(&Gx);
- bnInsertBigBytes(&Gx, ec_params.Gx_data, 0, ec_bytes );
- bnBegin(&Gy);
- bnInsertBigBytes(&Gy, ec_params.Gy_data, 0, ec_bytes );
- bnBegin(&n);
- bnInsertBigBytes(&n, ec_params.n_data, 0, ec_bytes );
-
- bnBegin(&pkx);
- bnBegin(&pky);
- bnBegin(&dh_cc->sv);
- s = zrtp_ec_random_point( self->base.zrtp, &P, &n, &Gx, &Gy,
- &pkx, &pky, &dh_cc->sv,
- NULL, 0);
-
- if (zrtp_status_ok == s)
- {
- bnBegin(&dh_cc->pv);
- bnCopy (&dh_cc->pv, &pkx);
- bnLShift (&dh_cc->pv, pbits);
- bnAdd (&dh_cc->pv, &pky);
- }
-
- bnEnd (&pkx);
- bnEnd (&pky);
- bnEnd (&P);
- bnEnd (&Gx);
- bnEnd (&Gy);
- bnEnd (&n);
-
- ZRTP_LOG(1,(_ZTU_,"\tDH TEST: zrtp_ecdh_initialize() for %.4s was executed by %llums.\n", self->base.type, zrtp_time_now()-start_ts));
- return s;
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Compute the shared dhresult as the X coordinate of the EC point. */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_ecdh_compute( zrtp_pk_scheme_t *self,
- zrtp_dh_crypto_context_t *dh_cc,
- struct BigNum *dhresult,
- struct BigNum *pv)
-{
- struct BigNum P;
- struct BigNum pkx, pky, rsltx, rslty;
- unsigned ec_bytes = 0;
- unsigned pbits = 0;
- struct zrtp_ec_params ec_params;
- zrtp_time_t start_ts = zrtp_time_now();
-
- if (!self || !dh_cc || !dhresult || !pv) {
- return zrtp_status_bad_param;
- }
-
- pbits = get_pbits(self);
- if (!pbits) {
- return zrtp_status_bad_param;
- }
-
- zrtp_ec_init_params(&ec_params, pbits);
-
- ec_bytes = (ec_params.ec_bits+7) / 8;
-
- bnBegin(&P);
- bnInsertBigBytes( &P, ec_params.P_data, 0, ec_bytes );
-
- bnBegin (&pkx);
- bnBegin (&pky);
- bnBegin (&rsltx);
- bnBegin (&rslty);
-
- bnSetQ (&pkx, 1);
- bnLShift (&pkx, pbits);
- bnMod (&pky, pv, &pkx);
- bnCopy (&pkx, pv);
- bnRShift (&pkx, pbits);
-
- zrtp_ecMul (&rsltx, &rslty, &dh_cc->sv, &pkx, &pky, &P);
- bnCopy (dhresult, &rsltx);
-
- bnEnd (&pkx);
- bnEnd (&pky);
- bnEnd (&rsltx);
- bnEnd (&rslty);
- bnEnd (&P);
-
- ZRTP_LOG(1,(_ZTU_,"\tDH TEST: zrtp_ecdh_compute() for %.4s was executed by %llums.\n", self->base.type, zrtp_time_now()-start_ts));
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-/* ECC Partial Validation per NIST SP800-56A section 5.6.2.6 */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_ecdh_validate( zrtp_pk_scheme_t *self,
- struct BigNum *pv)
-{
- zrtp_status_t s = zrtp_status_fail;
- struct BigNum P, b;
- struct BigNum t1, t2;
- struct BigNum pkx, pky, bnzero;
- unsigned ec_bytes = 0;
- unsigned pbits = 0;
- struct zrtp_ec_params ec_params;
- zrtp_time_t start_ts = zrtp_time_now();
-
- if (!self || !pv) {
- return zrtp_status_bad_param;
- }
-
- pbits = get_pbits(self);
- if (!pbits) {
- return zrtp_status_bad_param;
- }
-
- zrtp_ec_init_params(&ec_params, pbits);
-
- ec_bytes = (ec_params.ec_bits+7) / 8;
-
- bnBegin(&P);
- bnInsertBigBytes( &P, ec_params.P_data, 0, ec_bytes );
- bnBegin(&b);
- bnInsertBigBytes( &b, ec_params.b_data, 0, ec_bytes );
-
- bnBegin (&t1);
- bnBegin (&t2);
- bnBegin (&pkx);
- bnBegin (&pky);
- bnBegin (&bnzero);
-
- bnSetQ (&pkx, 1);
- bnLShift (&pkx, pbits);
- bnMod (&pky, pv, &pkx);
- bnCopy (&pkx, pv);
- bnRShift (&pkx, pbits);
-
- do{
- /* Represent point at infinity by (0, 0), make sure it's not that */
- if (bnCmp (&pkx, &bnzero) == 0 && bnCmp (&pky, &bnzero) == 0) {
- break;
- }
- /* Check coordinates within range */
- if (bnCmp (&pkx, &bnzero) < 0 || bnCmp (&pkx, &P) >= 0) {
- break;
- }
- if (bnCmp (&pky, &bnzero) < 0 || bnCmp (&pky, &P) >= 0) {
- break;
- }
-
- /* Check that point satisfies EC equation y^2 = x^3 - 3x + b, mod P */
- bnSquareMod_ (&t1, &pky, &P);
- bnSquareMod_ (&t2, &pkx, &P);
- bnSubQMod_ (&t2, 3, &P);
- bnMulMod_ (&t2, &t2, &pkx, &P);
- bnAddMod_ (&t2, &b, &P);
- if (bnCmp (&t1, &t2) != 0) {
- break;
- }
-
- s = zrtp_status_ok;
- } while (0);
-
- bnEnd (&t1);
- bnEnd (&t2);
- bnEnd (&pkx);
- bnEnd (&pky);
- bnEnd (&bnzero);
- bnEnd (&P);
- bnEnd (&b);
-
- ZRTP_LOG(1,(_ZTU_,"\tDH TEST: zrtp_ecdh_validate() for %.4s was executed by %llums.\n", self->base.type, zrtp_time_now()-start_ts));
- return s;
-}
-
-
-/*============================================================================*/
-/* P-256, 384, 521 (FIPS 186-3) support. See RFC 4753 3.1, 3.2, 3.3 */
-/*============================================================================*/
-
-static uint8_t sv256_data[] = {
- 0x81, 0x42, 0x64, 0x14, 0x5F, 0x2F, 0x56, 0xF2,
- 0xE9, 0x6A, 0x8E, 0x33, 0x7A, 0x12, 0x84, 0x99,
- 0x3F, 0xAF, 0x43, 0x2A, 0x5A, 0xBC, 0xE5, 0x9E,
- 0x86, 0x7B, 0x72, 0x91, 0xD5, 0x07, 0xA3, 0xAF
-};
-static uint8_t pvx256_data[] = {
- 0x2A, 0xF5, 0x02, 0xF3, 0xBE, 0x89, 0x52, 0xF2,
- 0xC9, 0xB5, 0xA8, 0xD4, 0x16, 0x0D, 0x09, 0xE9,
- 0x71, 0x65, 0xBE, 0x50, 0xBC, 0x42, 0xAE, 0x4A,
- 0x5E, 0x8D, 0x3B, 0x4B, 0xA8, 0x3A, 0xEB, 0x15
-};
-static uint8_t pvy256_data[] = {
- 0xEB, 0x0F, 0xAF, 0x4C, 0xA9, 0x86, 0xC4, 0xD3,
- 0x86, 0x81, 0xA0, 0xF9, 0x87, 0x2D, 0x79, 0xD5,
- 0x67, 0x95, 0xBD, 0x4B, 0xFF, 0x6E, 0x6D, 0xE3,
- 0xC0, 0xF5, 0x01, 0x5E, 0xCE, 0x5E, 0xFD, 0x85
-};
-
-static uint8_t sv384_data[] = {
- 0xD2, 0x73, 0x35, 0xEA, 0x71, 0x66, 0x4A, 0xF2,
- 0x44, 0xDD, 0x14, 0xE9, 0xFD, 0x12, 0x60, 0x71,
- 0x5D, 0xFD, 0x8A, 0x79, 0x65, 0x57, 0x1C, 0x48,
- 0xD7, 0x09, 0xEE, 0x7A, 0x79, 0x62, 0xA1, 0x56,
- 0xD7, 0x06, 0xA9, 0x0C, 0xBC, 0xB5, 0xDF, 0x29,
- 0x86, 0xF0, 0x5F, 0xEA, 0xDB, 0x93, 0x76, 0xF1
-};
-static uint8_t pvx384_data[] = {
- 0x79, 0x31, 0x48, 0xF1, 0x78, 0x76, 0x34, 0xD5,
- 0xDA, 0x4C, 0x6D, 0x90, 0x74, 0x41, 0x7D, 0x05,
- 0xE0, 0x57, 0xAB, 0x62, 0xF8, 0x20, 0x54, 0xD1,
- 0x0E, 0xE6, 0xB0, 0x40, 0x3D, 0x62, 0x79, 0x54,
- 0x7E, 0x6A, 0x8E, 0xA9, 0xD1, 0xFD, 0x77, 0x42,
- 0x7D, 0x01, 0x6F, 0xE2, 0x7A, 0x8B, 0x8C, 0x66
-};
-static uint8_t pvy384_data[] = {
- 0xC6, 0xC4, 0x12, 0x94, 0x33, 0x1D, 0x23, 0xE6,
- 0xF4, 0x80, 0xF4, 0xFB, 0x4C, 0xD4, 0x05, 0x04,
- 0xC9, 0x47, 0x39, 0x2E, 0x94, 0xF4, 0xC3, 0xF0,
- 0x6B, 0x8F, 0x39, 0x8B, 0xB2, 0x9E, 0x42, 0x36,
- 0x8F, 0x7A, 0x68, 0x59, 0x23, 0xDE, 0x3B, 0x67,
- 0xBA, 0xCE, 0xD2, 0x14, 0xA1, 0xA1, 0xD1, 0x28
-};
-
-static uint8_t sv521_data[] = {
- 0x01, 0x13, 0xF8, 0x2D, 0xA8, 0x25, 0x73, 0x5E,
- 0x3D, 0x97, 0x27, 0x66, 0x83, 0xB2, 0xB7, 0x42,
- 0x77, 0xBA, 0xD2, 0x73, 0x35, 0xEA, 0x71, 0x66,
- 0x4A, 0xF2, 0x43, 0x0C, 0xC4, 0xF3, 0x34, 0x59,
- 0xB9, 0x66, 0x9E, 0xE7, 0x8B, 0x3F, 0xFB, 0x9B,
- 0x86, 0x83, 0x01, 0x5D, 0x34, 0x4D, 0xCB, 0xFE,
- 0xF6, 0xFB, 0x9A, 0xF4, 0xC6, 0xC4, 0x70, 0xBE,
- 0x25, 0x45, 0x16, 0xCD, 0x3C, 0x1A, 0x1F, 0xB4,
- 0x73, 0x62
-};
-static uint8_t pvx521_data[] = {
- 0x01, 0xEB, 0xB3, 0x4D, 0xD7, 0x57, 0x21, 0xAB,
- 0xF8, 0xAD, 0xC9, 0xDB, 0xED, 0x17, 0x88, 0x9C,
- 0xBB, 0x97, 0x65, 0xD9, 0x0A, 0x7C, 0x60, 0xF2,
- 0xCE, 0xF0, 0x07, 0xBB, 0x0F, 0x2B, 0x26, 0xE1,
- 0x48, 0x81, 0xFD, 0x44, 0x42, 0xE6, 0x89, 0xD6,
- 0x1C, 0xB2, 0xDD, 0x04, 0x6E, 0xE3, 0x0E, 0x3F,
- 0xFD, 0x20, 0xF9, 0xA4, 0x5B, 0xBD, 0xF6, 0x41,
- 0x3D, 0x58, 0x3A, 0x2D, 0xBF, 0x59, 0x92, 0x4F,
- 0xD3, 0x5C
-};
-static uint8_t pvy521_data[] = {
- 0x00, 0xF6, 0xB6, 0x32, 0xD1, 0x94, 0xC0, 0x38,
- 0x8E, 0x22, 0xD8, 0x43, 0x7E, 0x55, 0x8C, 0x55,
- 0x2A, 0xE1, 0x95, 0xAD, 0xFD, 0x15, 0x3F, 0x92,
- 0xD7, 0x49, 0x08, 0x35, 0x1B, 0x2F, 0x8C, 0x4E,
- 0xDA, 0x94, 0xED, 0xB0, 0x91, 0x6D, 0x1B, 0x53,
- 0xC0, 0x20, 0xB5, 0xEE, 0xCA, 0xED, 0x1A, 0x5F,
- 0xC3, 0x8A, 0x23, 0x3E, 0x48, 0x30, 0x58, 0x7B,
- 0xB2, 0xEE, 0x34, 0x89, 0xB3, 0xB4, 0x2A, 0x5A,
- 0x86, 0xA4
-};
-
-zrtp_status_t zrtp_ecdh_selftest(zrtp_pk_scheme_t *self)
-{
- zrtp_status_t s = zrtp_status_fail;
- struct BigNum P, Gx, Gy, n, sv;
- struct BigNum pkx, pky;
- unsigned ec_bytes = 0;
- unsigned pbits = 0;
- struct zrtp_ec_params ec_params;
-
- zrtp_time_t start_ts = 0;
-
- uint8_t *sv_data = NULL;
- size_t sv_data_len = 0;
- uint8_t *pvx_data = NULL;
- size_t pvx_data_len = 0;
- uint8_t *pvy_data = NULL;
- size_t pvy_data_len = 0;
-
- if (!self) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(3, (_ZTU_, "PKS %.4s testing... ", self->base.type));
-
- switch (self->base.id) {
- case ZRTP_PKTYPE_EC256P:
- sv_data = sv256_data;
- sv_data_len = sizeof(sv256_data);
- pvx_data = pvx256_data;
- pvx_data_len = sizeof(pvx256_data);
- pvy_data = pvy256_data;
- pvy_data_len = sizeof(pvy256_data);
- break;
- case ZRTP_PKTYPE_EC384P:
- sv_data = sv384_data;
- sv_data_len = sizeof(sv384_data);
- pvx_data = pvx384_data;
- pvx_data_len = sizeof(pvx384_data);
- pvy_data = pvy384_data;
- pvy_data_len = sizeof(pvy384_data);
- break;
- case ZRTP_PKTYPE_EC521P:
- sv_data = sv521_data;
- sv_data_len = sizeof(sv521_data);
- pvx_data = pvx521_data;
- pvx_data_len = sizeof(pvx521_data);
- pvy_data = pvy521_data;
- pvy_data_len = sizeof(pvy521_data);
- break;
- default:
- return 0;
- }
-
- pbits = get_pbits(self);
- if (!pbits) {
- return zrtp_status_bad_param;
- }
-
- zrtp_ec_init_params(&ec_params, pbits);
-
- ec_bytes = (ec_params.ec_bits+7) / 8;
-
- bnBegin(&P);
- bnInsertBigBytes(&P, ec_params.P_data, 0, ec_bytes );
- bnBegin(&Gx);
- bnInsertBigBytes(&Gx, ec_params.Gx_data, 0, ec_bytes );
- bnBegin(&Gy);
- bnInsertBigBytes(&Gy, ec_params.Gy_data, 0, ec_bytes );
- bnBegin(&n);
- bnInsertBigBytes(&n, ec_params.n_data, 0, ec_bytes );
-
- bnBegin(&pkx);
- bnBegin(&pky);
- bnBegin(&sv);
- s = zrtp_ec_random_point( self->base.zrtp, &P, &n, &Gx, &Gy,
- &pkx, &pky, &sv,
- sv_data, sv_data_len);
- if (zrtp_status_ok == s)
- {
- struct BigNum pkx1, pky1;
-
- bnBegin(&pkx1); bnBegin(&pky1);
- bnInsertBigBytes(&pkx1, pvx_data, 0, pvx_data_len);
- bnInsertBigBytes(&pky1, pvy_data, 0, pvy_data_len);
- s = (bnCmp (&pkx1, &pkx) == 0 && bnCmp (&pky1, &pky) == 0) ? zrtp_status_ok : zrtp_status_fail;
- bnEnd(&pkx1);
- bnEnd(&pky1);
- }
-
- bnEnd (&pkx);
- bnEnd (&pky);
- bnEnd (&P);
- bnEnd (&Gx);
- bnEnd (&Gy);
- bnEnd (&n);
- bnEnd (&sv);
-
- if (zrtp_status_ok == s) {
- zrtp_status_t s = zrtp_status_ok;
- zrtp_dh_crypto_context_t alice_cc;
- zrtp_dh_crypto_context_t bob_cc;
- struct BigNum alice_k;
- struct BigNum bob_k;
-
- start_ts = zrtp_time_now();
-
- bnBegin(&alice_k);
- bnBegin(&bob_k);
-
- do {
- /* Both sides initalise DH schemes and compute secret and public values. */
- s = self->initialize(self, &alice_cc);
- if (zrtp_status_ok != s) {
- break;
- }
- s = self->initialize(self, &bob_cc);
- if (zrtp_status_ok != s) {
- break;
- }
-
- /* Both sides validate public values. (to provide exact performance estimation) */
- s = self->validate(self, &bob_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
- s = self->validate(self, &alice_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- /* Compute secret keys and compare them. */
- s = self->compute(self, &alice_cc, &alice_k, &bob_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
- s= self->compute(self, &bob_cc, &bob_k, &alice_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = (0 == bnCmp(&alice_k, &bob_k)) ? zrtp_status_ok : zrtp_status_algo_fail;
- } while (0);
-
- bnEnd(&alice_k);
- bnEnd(&bob_k);
- }
- ZRTP_LOGC(3, ("%s (%llu ms)\n", zrtp_log_status2str(s), (zrtp_time_now()-start_ts)/2));
-
- return s;
-}
-
-
-/*============================================================================*/
-/* Public Key support */
-/*============================================================================*/
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_defaults_ec_pkt(zrtp_global_t* zrtp)
-{
- zrtp_pk_scheme_t* ec256p = zrtp_sys_alloc(sizeof(zrtp_pk_scheme_t));
- zrtp_pk_scheme_t* ec384p = zrtp_sys_alloc(sizeof(zrtp_pk_scheme_t));
- zrtp_pk_scheme_t* ec521p = zrtp_sys_alloc(sizeof(zrtp_pk_scheme_t));
-
- if (!ec256p || !ec384p || !ec521p) {
- if(ec256p) {
- zrtp_sys_free(ec256p);
- }
- if(ec384p) {
- zrtp_sys_free(ec384p);
- }
- if(ec521p) {
- zrtp_sys_free(ec521p);
- }
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(ec256p, 0, sizeof(zrtp_pk_scheme_t));
- zrtp_memcpy(ec256p->base.type, ZRTP_EC256P, ZRTP_COMP_TYPE_SIZE);
- ec256p->base.id = ZRTP_PKTYPE_EC256P;
- ec256p->base.zrtp = zrtp;
- ec256p->sv_length = 256/8;
- ec256p->pv_length = 2*256/8;
- ec256p->base.init = zrtp_ecdh_init;
- ec256p->base.free = zrtp_ecdh_free;
- ec256p->initialize = zrtp_ecdh_initialize;
- ec256p->compute = zrtp_ecdh_compute;
- ec256p->validate = zrtp_ecdh_validate;
- ec256p->self_test = zrtp_ecdh_selftest;
-
- zrtp_memset(ec384p, 0, sizeof(zrtp_pk_scheme_t));
- zrtp_memcpy(ec384p->base.type, ZRTP_EC384P, ZRTP_COMP_TYPE_SIZE);
- ec384p->base.id = ZRTP_PKTYPE_EC384P;
- ec384p->base.zrtp = zrtp;
- ec384p->sv_length = 384/8;
- ec384p->pv_length = 2*384/8;
- ec384p->base.init = zrtp_ecdh_init;
- ec384p->base.free = zrtp_ecdh_free;
- ec384p->initialize = zrtp_ecdh_initialize;
- ec384p->compute = zrtp_ecdh_compute;
- ec384p->validate = zrtp_ecdh_validate;
- ec384p->self_test = zrtp_ecdh_selftest;
-
-
- zrtp_memset(ec521p, 0, sizeof(zrtp_pk_scheme_t));
- zrtp_memcpy(ec521p->base.type, ZRTP_EC521P, ZRTP_COMP_TYPE_SIZE);
- ec521p->base.id = ZRTP_PKTYPE_EC521P;
- ec521p->base.zrtp = zrtp;
- ec521p->sv_length = 528/8;
- ec521p->pv_length = 2*528/8;
- ec521p->base.init = zrtp_ecdh_init;
- ec521p->base.free = zrtp_ecdh_free;
- ec521p->initialize = zrtp_ecdh_initialize;
- ec521p->compute = zrtp_ecdh_compute;
- ec521p->validate = zrtp_ecdh_validate;
- ec521p->self_test = zrtp_ecdh_selftest;
-
- zrtp_comp_register(ZRTP_CC_PKT, ec256p, zrtp);
- zrtp_comp_register(ZRTP_CC_PKT, ec384p, zrtp);
- zrtp_comp_register(ZRTP_CC_PKT, ec521p, zrtp);
-
- return zrtp_status_ok;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- */
-
-#include "zrtp.h"
-
-/* We don't have digital signatures ready yet. */
-#if 0
-
-/* Size of extra random data to approximate a uniform distribution mod n */
-#define UNIFORMBYTES 8
-
-/*============================================================================*/
-/* Shared Elliptic Curve functions */
-/* */
-/* The Elliptic Curve DSA algorithm, key generation, and curves are */
-/* from FIPS 186-3. The curves used are */
-/* also defined in RFC 4753, sections 3.1 through 3.3. */
-/*============================================================================*/
-
-/*----------------------------------------------------------------------------*/
-/* Return dsa_cc->pv holding public value and dsa_cc->sv holding secret value */
-/* The public value is an elliptic curve point encoded as the x part shifted */
-/* left Pbits bits and or'd with the y part. */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t ECDSA_keygen( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- zrtp_ec_params_t *ec_params,
-#ifdef ZRTP_TEST_VECTORS
- uint8_t *sv_data, size_t sv_data_len,
- uint8_t *pvx_data, size_t pvx_data_len,
- uint8_t *pvy_data, size_t pvy_data_len,
-#endif
- unsigned Pbits )
-{
- zrtp_status_t s = zrtp_status_fail;
- struct BigNum P, Gx, Gy, n;
- struct BigNum pkx, pky;
- unsigned ec_bytes;
-
- if (!ec_params)
- return zrtp_status_bad_param;
-
- ec_bytes = (ec_params->ec_bits+7) / 8;
-
- do
- {
- if (!self || !dsa_cc)
- {
- s = zrtp_status_bad_param;
- break;
- }
-
- bnBegin(&P);
- bnInsertBigBytes( &P, ec_params->P_data, 0, ec_bytes );
- bnBegin(&Gx);
- bnInsertBigBytes( &Gx, ec_params->Gx_data, 0, ec_bytes );
- bnBegin(&Gy);
- bnInsertBigBytes( &Gy, ec_params->Gy_data, 0, ec_bytes );
- bnBegin(&n);
- bnInsertBigBytes( &n, ec_params->n_data, 0, ec_bytes );
-
- bnBegin(&pkx);
- bnBegin(&pky);
- bnBegin(&dsa_cc->sv);
- s = zrtp_ec_random_point( self->base.zrtp_global, &P, &n, &Gx, &Gy,
-#ifdef ZRTP_TEST_VECTORS
- sv_data, sv_data_len,
- pvx_data, pvx_data_len,
- pvy_data, pvy_data_len,
-#endif
- &pkx, &pky, &dsa_cc->sv );
- if ( s != zrtp_status_ok )
- break;
- s = zrtp_status_fail;
-
- bnBegin(&dsa_cc->pv);
- bnCopy (&dsa_cc->pv, &pkx);
- bnLShift (&dsa_cc->pv, Pbits);
- bnAdd (&dsa_cc->pv, &pky);
- bnEnd (&pkx);
- bnEnd (&pky);
- bnEnd (&P);
- bnEnd (&Gx);
- bnEnd (&Gy);
- bnEnd (&n);
-
- s = zrtp_status_ok;
- } while (0);
-
- return s;
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Sign the specified hash value - must be size matching the curve */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t ECDSA_sign( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- zrtp_ec_params_t *ec_params,
-#ifdef ZRTP_TEST_VECTORS
- uint8_t *k_data, size_t k_data_len,
- uint8_t *rx_data, size_t rx_data_len,
- uint8_t *ry_data, size_t ry_data_len,
- uint8_t *s_data, size_t s_data_len,
-#endif
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- zrtp_status_t s = zrtp_status_fail;
- struct BigNum P, Gx, Gy, n;
- struct BigNum h, s1, k, rx, ry, kinv, pkx, pky;
- unsigned ec_bytes;
-
- if (!ec_params)
- return zrtp_status_bad_param;
-
- ec_bytes = (ec_params->ec_bits+7) / 8;
-
- do
- {
- if (!self || !dsa_cc)
- {
- s = zrtp_status_bad_param;
- break;
- }
-
- bnBegin(&P);
- bnInsertBigBytes( &P, ec_params->P_data, 0, ec_bytes );
- bnBegin(&Gx);
- bnInsertBigBytes( &Gx, ec_params->Gx_data, 0, ec_bytes );
- bnBegin(&Gy);
- bnInsertBigBytes( &Gy, ec_params->Gy_data, 0, ec_bytes );
- bnBegin(&n);
- bnInsertBigBytes( &n, ec_params->n_data, 0, ec_bytes );
-
- /* Hash to bignum */
- bnBegin(&h);
- bnInsertBigBytes( &h, hash, 0, hash_len );
- bnMod (&h, &h, &P);
-
- /* Unpack signing key */
- bnBegin(&pkx);
- bnBegin(&pky);
- bnSetQ (&pkx, 1);
- bnLShift (&pkx, ec_bytes*8);
- bnMod (&pky, &dsa_cc->pv, &pkx);
- bnCopy (&pkx, &dsa_cc->pv);
- bnRShift (&pkx, ec_bytes*8);
-
- /* Choose signature secret k value */
- bnBegin(&rx);
- bnBegin(&ry);
- bnBegin(&k);
- s = zrtp_ec_random_point( self->base.zrtp_global, &P, &n, &Gx, &Gy,
-#ifdef ZRTP_TEST_VECTORS
- k_data, k_data_len,
- rx_data, rx_data_len,
- ry_data, ry_data_len,
-#endif
- &rx, &ry, &k );
- if ( s != zrtp_status_ok )
- break;
- s = zrtp_status_fail;
-
-#ifndef ZRTP_TEST_VECTORS
- /* For further randomness we are going to add the secret key to k */
- bnAddMod_ (&k, &dsa_cc->sv, &n);
- zrtp_ecAdd (&rx, &ry, &rx, &ry, &pkx, &pky, &P);
-#endif
-
- /* Perform the signature */
- bnBegin (&s1);
- bnMulMod_ (&s1, &rx, &dsa_cc->sv, &n);
- bnAddMod_ (&s1, &h, &n);
- bnBegin (&kinv);
- bnInv (&kinv, &k, &n);
- bnMulMod_ (&s1, &s1, &kinv, &n);
-
-#ifdef ZRTP_TEST_VECTORS
- if (k_data_len != 0)
- {
- /* rx is checked in ec_random_point */
- struct BigNum s2;
- int ok;
- bnBegin(&s2);
- bnInsertBigBytes(&s2, s_data, 0, s_data_len);
- ok = (bnCmp (&s1, &s2) == 0);
- bnEnd(&s2);
- if (!ok)
- break;
- }
-#endif
-
- /* Combine r, s into dsasig */
- bnBegin(dsasig);
- bnCopy (dsasig, &rx);
- bnLShift (dsasig, ec_bytes*8);
- bnAdd (dsasig, &s1);
- bnEnd (&rx);
- bnEnd (&ry);
- bnEnd (&k);
- bnEnd (&kinv);
- bnEnd (&s1);
- bnEnd (&h);
- bnEnd (&pkx);
- bnEnd (&pky);
- bnEnd (&P);
- bnEnd (&Gx);
- bnEnd (&Gy);
- bnEnd (&n);
-
- s = zrtp_status_ok;
- } while (0);
-
- return s;
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Verify a signature value - hash must be size matching the curve */
-/* Signing key should be in peer_pv entry of dsa_cc */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t ECDSA_verify( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- zrtp_ec_params_t *ec_params,
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- zrtp_status_t s = zrtp_status_fail;
- struct BigNum P, Gx, Gy, n;
- struct BigNum rx, ry, pkx, pky, r, s1, sinv, u1, u2, u1x, u2x, u1y, u2y, h;
- unsigned ec_bytes;
-
- if (!ec_params)
- return zrtp_status_bad_param;
-
- ec_bytes = (ec_params->ec_bits+7) / 8;
-
- do
- {
- if (!self || !dsa_cc)
- {
- s = zrtp_status_bad_param;
- break;
- }
-
- bnBegin(&P);
- bnInsertBigBytes( &P, ec_params->P_data, 0, ec_bytes );
- bnBegin(&Gx);
- bnInsertBigBytes( &Gx, ec_params->Gx_data, 0, ec_bytes );
- bnBegin(&Gy);
- bnInsertBigBytes( &Gy, ec_params->Gy_data, 0, ec_bytes );
- bnBegin(&n);
- bnInsertBigBytes( &n, ec_params->n_data, 0, ec_bytes );
-
- /* hash */
- bnBegin(&h);
- bnInsertBigBytes( &h, hash, 0, hash_len );
- bnMod (&h, &h, &P);
-
- /* Unpack sig */
- bnBegin(&r);
- bnBegin(&s1);
- bnSetQ (&r, 1);
- bnLShift (&r, ec_bytes*8);
- bnMod (&s1, dsasig, &r);
- bnCopy (&r, dsasig);
- bnRShift (&r, ec_bytes*8);
-
- /* Unpack signing key */
- bnBegin(&pkx);
- bnBegin(&pky);
- bnSetQ (&pkx, 1);
- bnLShift (&pkx, ec_bytes*8);
- bnMod (&pky, &dsa_cc->peer_pv, &pkx);
- bnCopy (&pkx, &dsa_cc->peer_pv);
- bnRShift (&pkx, ec_bytes*8);
-
- /* Verify signature */
- bnBegin (&sinv);
- bnInv (&sinv, &s1, &n);
- bnBegin (&u1);
- bnBegin (&u2);
- bnMulMod_ (&u1, &sinv, &h, &n);
- bnMulMod_ (&u2, &sinv, &r, &n);
-
- bnBegin (&u1x);
- bnBegin (&u1y);
- bnBegin (&u2x);
- bnBegin (&u2y);
- bnBegin (&rx);
- bnBegin (&ry);
- zrtp_ecMul (&u1x, &u1y, &u1, &Gx, &Gy, &P);
- zrtp_ecMul (&u2x, &u2y, &u2, &pkx, &pky, &P);
- zrtp_ecAdd (&rx, &ry, &u1x, &u1y, &u2x, &u2y, &P);
-
- if (bnCmp (&rx, &r) == 0) {
- s = zrtp_status_ok;
- } else {
- s = zrtp_status_fail;
- }
-
- /* Clean up */
- bnEnd (&rx);
- bnEnd (&ry);
- bnEnd (&r);
- bnEnd (&s1);
- bnEnd (&sinv);
- bnEnd (&u1);
- bnEnd (&u1x);
- bnEnd (&u1y);
- bnEnd (&u2);
- bnEnd (&u2x);
- bnEnd (&u2y);
- bnEnd (&h);
- bnEnd (&pkx);
- bnEnd (&pky);
- bnEnd (&P);
- bnEnd (&Gx);
- bnEnd (&Gy);
- bnEnd (&n);
-
- } while (0);
-
- return s;
-}
-
-
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC_dummy(void *s)
-{
- return zrtp_status_ok;
-}
-
-
-/*============================================================================*/
-/* P-256 (FIPS 186-3) support. See RFC 4753, section 3.1. */
-/*============================================================================*/
-
-/* Test vectors from RFC4754 */
-#ifdef ZRTP_TEST_VECTORS
-static uint8_t sv256_data[] = {
- 0xDC, 0x51, 0xD3, 0x86, 0x6A, 0x15, 0xBA, 0xCD,
- 0xE3, 0x3D, 0x96, 0xF9, 0x92, 0xFC, 0xA9, 0x9D,
- 0xA7, 0xE6, 0xEF, 0x09, 0x34, 0xE7, 0x09, 0x75,
- 0x59, 0xC2, 0x7F, 0x16, 0x14, 0xC8, 0x8A, 0x7F,
-};
-static uint8_t pvx256_data[] = {
- 0x24, 0x42, 0xA5, 0xCC, 0x0E, 0xCD, 0x01, 0x5F,
- 0xA3, 0xCA, 0x31, 0xDC, 0x8E, 0x2B, 0xBC, 0x70,
- 0xBF, 0x42, 0xD6, 0x0C, 0xBC, 0xA2, 0x00, 0x85,
- 0xE0, 0x82, 0x2C, 0xB0, 0x42, 0x35, 0xE9, 0x70,
-};
-static uint8_t pvy256_data[] = {
- 0x6F, 0xC9, 0x8B, 0xD7, 0xE5, 0x02, 0x11, 0xA4,
- 0xA2, 0x71, 0x02, 0xFA, 0x35, 0x49, 0xDF, 0x79,
- 0xEB, 0xCB, 0x4B, 0xF2, 0x46, 0xB8, 0x09, 0x45,
- 0xCD, 0xDF, 0xE7, 0xD5, 0x09, 0xBB, 0xFD, 0x7D,
-};
-
-static uint8_t k256_data[] = {
- 0x9E, 0x56, 0xF5, 0x09, 0x19, 0x67, 0x84, 0xD9,
- 0x63, 0xD1, 0xC0, 0xA4, 0x01, 0x51, 0x0E, 0xE7,
- 0xAD, 0xA3, 0xDC, 0xC5, 0xDE, 0xE0, 0x4B, 0x15,
- 0x4B, 0xF6, 0x1A, 0xF1, 0xD5, 0xA6, 0xDE, 0xCE,
-};
-static uint8_t rx256_data[] = {
- 0xCB, 0x28, 0xE0, 0x99, 0x9B, 0x9C, 0x77, 0x15,
- 0xFD, 0x0A, 0x80, 0xD8, 0xE4, 0x7A, 0x77, 0x07,
- 0x97, 0x16, 0xCB, 0xBF, 0x91, 0x7D, 0xD7, 0x2E,
- 0x97, 0x56, 0x6E, 0xA1, 0xC0, 0x66, 0x95, 0x7C,
-};
-static uint8_t ry256_data[] = {
- 0x2B, 0x57, 0xC0, 0x23, 0x5F, 0xB7, 0x48, 0x97,
- 0x68, 0xD0, 0x58, 0xFF, 0x49, 0x11, 0xC2, 0x0F,
- 0xDB, 0xE7, 0x1E, 0x36, 0x99, 0xD9, 0x13, 0x39,
- 0xAF, 0xBB, 0x90, 0x3E, 0xE1, 0x72, 0x55, 0xDC,
-};
-
-static uint8_t h256_data[] = {
- 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
- 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
- 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
- 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD,
-};
-static uint8_t s256_data[] = {
- 0x86, 0xFA, 0x3B, 0xB4, 0xE2, 0x6C, 0xAD, 0x5B,
- 0xF9, 0x0B, 0x7F, 0x81, 0x89, 0x92, 0x56, 0xCE,
- 0x75, 0x94, 0xBB, 0x1E, 0xA0, 0xC8, 0x92, 0x12,
- 0x74, 0x8B, 0xFF, 0x3B, 0x3D, 0x5B, 0x03, 0x15,
-};
-
-
-#endif
-
-/*----------------------------------------------------------------------------*/
-/* Return dsa_cc->pv holding public value and dsa_cc->sv holding secret value */
-/* The public value is an elliptic curve point encoded as the x part shifted */
-/* left 256 bits and or'd with the y part. */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC256P_keygen( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 256);
- return ECDSA_keygen(self, dsa_cc, ¶ms,
-#ifdef ZRTP_TEST_VECTORS
- sv256_data, sizeof(sv256_data),
- pvx256_data, sizeof(pvx256_data),
- pvy256_data, sizeof(pvy256_data),
-#endif
- 256);
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Sign the specified hash value */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC256P_sign( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 256);
- return ECDSA_sign(self, dsa_cc, ¶ms,
-#ifdef ZRTP_TEST_VECTORS
- k256_data, sizeof(k256_data),
- rx256_data, sizeof(rx256_data),
- ry256_data, sizeof(ry256_data),
- s256_data, sizeof(s256_data),
- h256_data, sizeof(h256_data),
-#else
- hash, hash_len,
-#endif
- dsasig);
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Verify the signature on the hash value */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC256P_verify(struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 256);
- return ECDSA_verify(self, dsa_cc, ¶ms,
-#ifdef ZRTP_TEST_VECTORS
- h256_data, sizeof(h256_data),
-#else
- hash, hash_len,
-#endif
- dsasig);
-}
-
-
-
-/*============================================================================*/
-/* P-384 (FIPS 186-3) support. See RFC 4753, section 3.2. */
-/*============================================================================*/
-
-
-
-/*----------------------------------------------------------------------------*/
-/* Return dsa_cc->pv holding public value and dsa_cc->sv holding secret value */
-/* The public value is an elliptic curve point encoded as the x part shifted */
-/* left 384 bits and or'd with the y part. */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC384P_keygen( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 384);
- return ECDSA_keygen(self, dsa_cc, ¶ms,
-#ifdef ZRTP_TEST_VECTORS
- 0, 0, 0, 0, 0, 0,
-#endif
- 384);
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Sign the specified hash value */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC384P_sign( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 384);
- return ECDSA_sign(self, dsa_cc, ¶ms,
-#ifdef ZRTP_TEST_VECTORS
- 0, 0, 0, 0, 0, 0, 0, 0,
-#endif
- hash, hash_len, dsasig);
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Verify the signature on the hash value */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC384P_verify(struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 384);
- return ECDSA_verify(self, dsa_cc, ¶ms, hash, hash_len, dsasig);
-}
-
-
-
-/*============================================================================*/
-/* P-521 (FIPS 186-3) support. See RFC 4753, section 3.3. */
-/*============================================================================*/
-
-
-/*----------------------------------------------------------------------------*/
-/* Return dsa_cc->pv holding public value and dsa_cc->sv holding secret value */
-/* The public value is an elliptic curve point encoded as the x part shifted */
-/* left 528 bits (note, not 521) and or'd with the y part. */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC521P_keygen( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 521);
- return ECDSA_keygen(self, dsa_cc, ¶ms,
-#ifdef ZRTP_TEST_VECTORS
- 0, 0, 0, 0, 0, 0,
-#endif
- 528);
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Sign the specified hash value */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC521P_sign( struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 521);
- return ECDSA_sign(self, dsa_cc, ¶ms,
-#ifdef ZRTP_TEST_VECTORS
- 0, 0, 0, 0, 0, 0, 0, 0,
-#endif
- hash, hash_len, dsasig);
-}
-
-
-/*----------------------------------------------------------------------------*/
-/* Verify the signature on the hash value */
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t EC521P_verify(struct zrtp_sig_scheme *self,
- zrtp_dsa_crypto_context_t *dsa_cc,
- uint8_t *hash, uint32_t hash_len,
- struct BigNum *dsasig )
-{
- struct zrtp_ec_params params;
- zrtp_ec_init_params(¶ms, 521);
- return ECDSA_verify(self, dsa_cc, ¶ms, hash, hash_len, dsasig);
-}
-
-
-
-/*============================================================================*/
-/* Public Key support */
-/*============================================================================*/
-
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_defaults_sig(zrtp_global_ctx_t* zrtp_global)
-{
- zrtp_sig_scheme_t* ec256p = zrtp_sys_alloc(sizeof(zrtp_sig_scheme_t));
- zrtp_sig_scheme_t* ec384p = zrtp_sys_alloc(sizeof(zrtp_sig_scheme_t));
- zrtp_sig_scheme_t* ec521p = zrtp_sys_alloc(sizeof(zrtp_sig_scheme_t));
-
- if (!ec256p || !ec384p || !ec521p)
- {
- if(ec256p) zrtp_sys_free(ec256p);
- if(ec384p) zrtp_sys_free(ec384p);
- if(ec521p) zrtp_sys_free(ec521p);
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(ec256p, 0, sizeof(zrtp_sig_scheme_t));
- zrtp_memcpy(ec256p->base.type, ZRTP_EC256P, ZRTP_COMP_TYPE_SIZE);
- ec256p->base.id = ZRTP_SIGTYPE_EC256P;
- ec256p->base.zrtp_global = zrtp_global;
- ec256p->sv_length = 256/8;
- ec256p->pv_length = 2*256/8;
- ec256p->base.init = EC_dummy;
- ec256p->base.free = EC_dummy;
- ec256p->generate_key = EC256P_keygen;
- ec256p->sign = EC256P_sign;
- ec256p->verify = EC256P_verify;
-
- zrtp_memset(ec384p, 0, sizeof(zrtp_sig_scheme_t));
- zrtp_memcpy(ec384p->base.type, ZRTP_EC384P, ZRTP_COMP_TYPE_SIZE);
- ec384p->base.id = ZRTP_SIGTYPE_EC384P;
- ec384p->base.zrtp_global = zrtp_global;
- ec384p->sv_length = 384/8;
- ec384p->pv_length = 2*384/8;
- ec384p->base.init = EC_dummy;
- ec384p->base.free = EC_dummy;
- ec384p->generate_key = EC384P_keygen;
- ec384p->sign = EC384P_sign;
- ec384p->verify = EC384P_verify;
-
- zrtp_memset(ec521p, 0, sizeof(zrtp_sig_scheme_t));
- zrtp_memcpy(ec521p->base.type, ZRTP_EC521P, ZRTP_COMP_TYPE_SIZE);
- ec521p->base.id = ZRTP_SIGTYPE_EC521P;
- ec521p->base.zrtp_global = zrtp_global;
- ec521p->sv_length = 528/8;
- ec521p->pv_length = 2*528/8;
- ec521p->base.init = EC_dummy;
- ec521p->base.free = EC_dummy;
- ec521p->generate_key = EC521P_keygen;
- ec521p->sign = EC521P_sign;
- ec521p->verify = EC521P_verify;
-
- zrtp_register_comp(ZRTP_CC_SIG, ec256p, zrtp_global);
- zrtp_register_comp(ZRTP_CC_SIG, ec384p, zrtp_global);
- zrtp_register_comp(ZRTP_CC_SIG, ec521p, zrtp_global);
-
- return zrtp_status_ok;
-}
-
-#endif /* don't have disgital signature ready for the moment*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- * Vitaly Rozhkov <v.rozhkov at soft-industry.com>
- */
-
-#include "sha2.h"
-#include "sha1.h"
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp hash"
-
-
-/*============================================================================*/
-/* HASH function */
-/*============================================================================*/
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_sha_c(zrtp_hash_t *self, const char* msg, uint32_t len, zrtp_stringn_t *dst)
-{
- if (!self || !msg || !dst || !len) {
- return zrtp_status_bad_param;
- }
-
- switch (self->base.id)
- {
- case ZRTP_SRTP_HASH_HMAC_SHA1: {
- sha1_ctx ctx;
- if (dst->max_length < SHA1_DIGEST_SIZE) {
- return zrtp_status_buffer_size;
- }
- sha1_begin(&ctx);
- sha1_hash((const unsigned char*)msg, len, &ctx);
- sha1_end((unsigned char*)dst->buffer, &ctx);
- dst->length = SHA1_DIGEST_SIZE;
- } break;
-
- case ZRTP_HASH_SHA256: {
- sha256_ctx ctx;
- if (dst->max_length < SHA256_DIGEST_SIZE) {
- return zrtp_status_buffer_size;
- }
- sha256_begin(&ctx);
- sha256_hash((const unsigned char*)msg, len, &ctx);
- sha256_end((unsigned char*)dst->buffer, &ctx);
- dst->length = SHA256_DIGEST_SIZE;
- } break;
-
- case ZRTP_HASH_SHA384: {
- sha384_ctx ctx;
- if (dst->max_length < SHA384_DIGEST_SIZE) {
- return zrtp_status_buffer_size;
- }
- sha384_begin(&ctx);
- sha384_hash((const unsigned char*)msg, len, &ctx);
- sha384_end((unsigned char*)dst->buffer, &ctx);
- dst->length = SHA384_DIGEST_SIZE;
- } break;
- }
-
- return zrtp_status_ok;
-}
-
-static zrtp_status_t zrtp_sha(zrtp_hash_t *self, const zrtp_stringn_t *msg, zrtp_stringn_t *dst) {
- if (!self || !msg || !dst) {
- return zrtp_status_bad_param;
- }
- return zrtp_sha_c(self, msg->buffer, msg->length, dst);
-}
-
-/*----------------------------------------------------------------------------*/
-static void* zrtp_sha_begin(zrtp_hash_t *self)
-{
- void *ctx = NULL;
-
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- ctx = zrtp_sys_alloc(sizeof(sha1_ctx));
- if (ctx) {
- sha1_begin(ctx);
- }
- break;
- case ZRTP_HASH_SHA256:
- ctx = zrtp_sys_alloc(sizeof(sha256_ctx));
- if (ctx) {
- sha256_begin(ctx);
- }
- break;
- case ZRTP_HASH_SHA384:
- ctx = zrtp_sys_alloc(sizeof(sha384_ctx));
- if (ctx) {
- sha384_begin(ctx);
- }
- break;
- }
-
- return ctx;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_sha_update( zrtp_hash_t *self,
- void *ctx,
- const int8_t *msg,
- uint32_t length)
-{
- if (!ctx || !msg || !length) {
- return zrtp_status_bad_param;
- }
-
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- sha1_hash((const unsigned char*)msg, length, (sha1_ctx*)ctx);
- break;
- case ZRTP_HASH_SHA256:
- sha256_hash((const unsigned char*)msg, length, (sha256_ctx*)ctx);
- break;
- case ZRTP_HASH_SHA384:
- sha384_hash((const unsigned char*)msg, length, (sha384_ctx*)ctx);
- break;
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_sha_end( zrtp_hash_t *self,
- void *ctx,
- zrtp_stringn_t *digest)
-{
- if (!ctx || !digest) {
- return zrtp_status_bad_param;
- }
-
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- if (digest->max_length < SHA1_DIGEST_SIZE) {
- return zrtp_status_buffer_size;
- }
- sha1_end((unsigned char*)digest->buffer,(sha1_ctx*)ctx);
- digest->length = SHA1_DIGEST_SIZE;
- break;
- case ZRTP_HASH_SHA256:
- if (digest->max_length < SHA256_DIGEST_SIZE) {
- return zrtp_status_buffer_size;
- }
- sha256_end((unsigned char*)digest->buffer,(sha256_ctx*)ctx);
- digest->length = SHA256_DIGEST_SIZE;
- break;
- case ZRTP_HASH_SHA384:
- if (digest->max_length < SHA384_DIGEST_SIZE) {
- return zrtp_status_buffer_size;
- }
- sha384_end((unsigned char*)digest->buffer,(sha384_ctx*)ctx);
- digest->length = SHA384_DIGEST_SIZE;
- break;
- }
-
- zrtp_sys_free(ctx);
- ctx = 0;
-
- return zrtp_status_ok;
-}
-
-
-/*============================================================================*/
-/* HMAC functions */
-/*============================================================================*/
-
-typedef struct
-{
- sha384_ctx context;
- unsigned char k_ipad[128]; /* inner padding - key XORd with ipad */
- unsigned char k_opad[128]; /* outer padding - key XORd with opad */
-} hmac_sha384_context_t;
-
-
-typedef struct
-{
- sha256_ctx context;
- unsigned char k_ipad[64];
- unsigned char k_opad[64];
-} hmac_sha256_context_t;
-
-typedef struct
-{
- sha1_ctx context;
- unsigned char k_ipad[64];
- unsigned char k_opad[64];
-} hmac_sha1_context_t;
-
-
-/*----------------------------------------------------------------------------*/
-static void* zrtp_hmac_sha256_begin_c(zrtp_hash_t *self, const char *key, uint32_t length)
-{
- const char *p_key;
- uint32_t key_length;
- char local_key[SHA256_BLOCK_SIZE];
- int i = 0;
- hmac_sha256_context_t *ctx = zrtp_sys_alloc(sizeof(hmac_sha256_context_t));
- if (!ctx) {
- return NULL;
- }
- zrtp_memset(ctx, 0, sizeof(hmac_sha256_context_t));
-
- if (length > SHA256_BLOCK_SIZE) {
- sha256_begin(&ctx->context);
- sha256_hash((const unsigned char*)key, length, &ctx->context);
- sha256_end((unsigned char*)local_key, &ctx->context);
-
- p_key = local_key;
- key_length = SHA256_BLOCK_SIZE;
- } else {
- p_key = key;
- key_length = length;
- }
-
- /*
- * the HMAC transform looks like:
- *
- * HASH(K XOR opad, HASH(K XOR ipad, text))
- *
- * where K is an n byte key
- * ipad is the byte 0x36 repeated 64 times
- * opad is the byte 0x5c repeated 64 times
- * and text is the data being protected
- */
-
- /* start out by storing key in pads */
- zrtp_memcpy(ctx->k_ipad, p_key, ZRTP_MIN(key_length, 64));
- zrtp_memcpy(ctx->k_opad, p_key, ZRTP_MIN(key_length, 64));
-
- /* XOR key with ipad and opad values */
- for (i=0; i<64; i++) {
- ctx->k_ipad[i] ^= (uint8_t)0x36;
- ctx->k_opad[i] ^= (uint8_t)0x5c;
- }
-
- /* perform inner hash */
- sha256_begin(&ctx->context); /* init context for 1st pass */
- sha256_hash(ctx->k_ipad, 64, &ctx->context); /* start with inner pad */
-
- zrtp_memset(&local_key, 0, sizeof(local_key));
- return ctx;
-}
-static void* zrtp_hmac_sha384_begin_c(zrtp_hash_t *self, const char *key, uint32_t length)
-{
- const char *p_key;
- uint32_t key_length;
- char local_key[SHA384_BLOCK_SIZE];
- int i = 0;
- hmac_sha384_context_t *ctx = zrtp_sys_alloc(sizeof(hmac_sha384_context_t));
- if (!ctx) {
- return NULL;
- }
- zrtp_memset(ctx, 0, sizeof(hmac_sha384_context_t));
-
- if (length > SHA384_BLOCK_SIZE) {
- sha384_begin(&ctx->context);
- sha384_hash((const unsigned char*)key, length, &ctx->context);
- sha384_end((unsigned char*)local_key, &ctx->context);
-
- p_key = local_key;
- key_length = SHA384_BLOCK_SIZE;
- } else {
- p_key = key;
- key_length = length;
- }
-
- zrtp_memcpy(ctx->k_ipad, p_key, ZRTP_MIN(key_length, 128));
- zrtp_memcpy(ctx->k_opad, p_key, ZRTP_MIN(key_length, 128));
-
- for (i=0; i<128; i++) {
- ctx->k_ipad[i] ^= (uint8_t)0x36;
- ctx->k_opad[i] ^= (uint8_t)0x5c;
- }
-
- sha384_begin(&ctx->context);
- sha384_hash(ctx->k_ipad, 128, &ctx->context);
-
- zrtp_memset(&local_key, 0, sizeof(local_key));
- return ctx;
-}
-
-static void* zrtp_hmac_sha1_begin_c( zrtp_hash_t *self,
- const char *key,
- uint32_t length)
-{
- const char *p_key;
- uint32_t key_length;
- char local_key[SHA1_BLOCK_SIZE];
- int i = 0;
- hmac_sha1_context_t *ctx = zrtp_sys_alloc(sizeof(hmac_sha1_context_t));
- if (!ctx) {
- return NULL;
- }
- zrtp_memset(ctx, 0, sizeof(hmac_sha1_context_t));
-
- if (length > SHA1_BLOCK_SIZE) {
- sha1_begin(&ctx->context);
- sha1_hash((const unsigned char*)key, length, &ctx->context);
- sha1_end((unsigned char*)local_key, &ctx->context);
-
- p_key = local_key;
- key_length = SHA1_BLOCK_SIZE;
- } else {
- p_key = key;
- key_length = length;
- }
-
- zrtp_memcpy(ctx->k_ipad, p_key, ZRTP_MIN(key_length, 64));
- zrtp_memcpy(ctx->k_opad, p_key, ZRTP_MIN(key_length, 64));
-
- for (i=0; i<64; i++) {
- ctx->k_ipad[i] ^= (uint8_t)0x36;
- ctx->k_opad[i] ^= (uint8_t)0x5c;
- }
-
- sha1_begin(&ctx->context);
- sha1_hash(ctx->k_ipad, 64, &ctx->context);
-
- zrtp_memset(&local_key, 0, sizeof(local_key));
- return ctx;
-}
-
-static void* zrtp_hmac_begin(zrtp_hash_t *self, const zrtp_stringn_t *key) {
- switch (self->base.id)
- {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- return zrtp_hmac_sha1_begin_c(self, key->buffer, key->length);
- case ZRTP_HASH_SHA256:
- return zrtp_hmac_sha256_begin_c(self, key->buffer, key->length);
- case ZRTP_HASH_SHA384:
- return zrtp_hmac_sha384_begin_c(self, key->buffer, key->length);
- default:
- return NULL;
- }
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_hmac_update(zrtp_hash_t *self, void *ctx, const char *msg, uint32_t length)
-{
- if (!ctx || !msg) {
- return zrtp_status_fail;
- }
-
- if (0 != length) {
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- sha1_hash((const unsigned char*)msg, length, &((hmac_sha1_context_t*)ctx)->context);
- break;
- case ZRTP_HASH_SHA256:
- sha256_hash((const unsigned char*)msg, length, &((hmac_sha256_context_t*)ctx)->context);
- break;
- case ZRTP_HASH_SHA384:
- sha384_hash((const unsigned char*)msg, length, &((hmac_sha384_context_t*)ctx)->context);
- break;
- default:
- return zrtp_status_bad_param;
- }
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_hmac_end( zrtp_hash_t *self,
- void *ctx,
- zrtp_stringn_t *digest,
- uint32_t len)
-{
- zrtp_string128_t dst = ZSTR_INIT_EMPTY(dst);
-
- if (!ctx || !digest) {
- return zrtp_status_fail;
- }
-
- switch (self->base.id)
- {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- /* finish up 1st pass */
- sha1_end((unsigned char*)dst.buffer, &((hmac_sha1_context_t*)ctx)->context);
-
- /* perform outer hash and init context for 2nd pass */
- sha1_begin(&((hmac_sha1_context_t*)ctx)->context);
- /* start with outer pad */
- sha1_hash(((hmac_sha1_context_t*)ctx)->k_opad, 64, &((hmac_sha1_context_t*)ctx)->context);
- /* then results of 1st hash */
- sha1_hash((const unsigned char*)dst.buffer, SHA1_DIGEST_SIZE, &((hmac_sha1_context_t*)ctx)->context);
- /* finish up 2nd pass */
- sha1_end((unsigned char*)dst.buffer, &((hmac_sha1_context_t*)ctx)->context);
-
- len = (0 == len) ? SHA1_DIGEST_SIZE : ZRTP_MIN(len, SHA1_DIGEST_SIZE);
- break;
- case ZRTP_HASH_SHA256:
- sha256_end((unsigned char*)dst.buffer, &((hmac_sha256_context_t*)ctx)->context);
- sha256_begin(&((hmac_sha256_context_t*)ctx)->context);
- sha256_hash(((hmac_sha256_context_t*)ctx)->k_opad, 64, &((hmac_sha256_context_t*)ctx)->context);
- sha256_hash((const unsigned char*)dst.buffer, SHA256_DIGEST_SIZE, &((hmac_sha256_context_t*)ctx)->context);
- sha256_end((unsigned char*)dst.buffer, &((hmac_sha256_context_t*)ctx)->context);
-
- len = (0 == len) ? SHA256_DIGEST_SIZE : ZRTP_MIN(len, SHA256_DIGEST_SIZE);
- break;
- case ZRTP_HASH_SHA384:
- sha384_end((unsigned char*)dst.buffer, &((hmac_sha384_context_t*)ctx)->context);
- sha384_begin(&((hmac_sha384_context_t*)ctx)->context);
- sha384_hash(((hmac_sha384_context_t*)ctx)->k_opad, 128, &((hmac_sha384_context_t*)ctx)->context);
- sha384_hash((const unsigned char*)dst.buffer, SHA384_DIGEST_SIZE, &((hmac_sha384_context_t*)ctx)->context);
- sha384_end((unsigned char*)dst.buffer, &((hmac_sha384_context_t*)ctx)->context);
-
- len = (0 == len) ? SHA384_DIGEST_SIZE : ZRTP_MIN(len, SHA384_DIGEST_SIZE);
- break;
- default:
- return zrtp_status_bad_param;
- }
-
- digest->length = ZRTP_MIN(len, digest->max_length);
- zrtp_memcpy(digest->buffer, dst.buffer, digest->length);
-
- zrtp_sys_free(ctx);
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_hmac_c( zrtp_hash_t *self,
- const char *key,
- const uint32_t key_len,
- const char *msg,
- const uint32_t msg_len,
- zrtp_stringn_t *digest)
-{
- unsigned char *p_key;
- uint32_t l_key_len;
- sha1_ctx context1;
- sha256_ctx context2;
- sha384_ctx context3;
- unsigned char k_ipad[128]; /* inner padding - key XORd with ipad */
- unsigned char k_opad[128]; /* outer padding - key XORd with opad */
- unsigned i;
- unsigned char local_key[SHA384_BLOCK_SIZE];
- uint32_t local_key_len = 0;
-
-
- if (!self || !digest || !key || !msg) {
- return zrtp_status_buffer_size;
- }
-
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- local_key_len = SHA1_BLOCK_SIZE;
- break;
- case ZRTP_HASH_SHA256:
- local_key_len = SHA256_BLOCK_SIZE;
- break;
- case ZRTP_HASH_SHA384:
- local_key_len = SHA384_BLOCK_SIZE;
- break;
- default:
- return zrtp_status_bad_param;
- }
-
- if (digest->max_length < local_key_len) {
- return zrtp_status_buffer_size;
- }
-
- if (key_len > local_key_len) {
- switch (self->base.id)
- {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- sha1_begin(&context1);
- sha1_hash((const unsigned char*)key, key_len, &context1);
- sha1_end(local_key, &context1);
- break;
- case ZRTP_HASH_SHA256:
- sha256_begin(&context2);
- sha256_hash((const unsigned char*)key, key_len, &context2);
- sha256_end(local_key, &context2);
- break;
- case ZRTP_HASH_SHA384:
- sha384_begin(&context3);
- sha384_hash((const unsigned char*)key, key_len, &context3);
- sha384_end(local_key, &context3);
- break;
- }
-
- p_key = local_key;
- l_key_len = local_key_len;
- } else {
- p_key = (unsigned char*)key;
- l_key_len = key_len;
- }
-
- /*
- * the HMAC transform looks like:
- *
- * HASH(K XOR opad, HASH(K XOR ipad, text))
- *
- * where K is an n byte key
- * ipad is the byte 0x36 repeated 64 times
- * opad is the byte 0x5c repeated 64 times
- * and text is the data being protected
- */
-
- /* start out by storing key in pads */
- zrtp_memset(k_ipad, 0, sizeof(k_ipad));
- zrtp_memset(k_opad, 0, sizeof(k_opad));
- zrtp_memcpy(k_ipad, p_key, ZRTP_MIN(l_key_len, local_key_len));
- zrtp_memcpy(k_opad, p_key, ZRTP_MIN(l_key_len, local_key_len));
-
- /* XOR key with ipad and opad values */
- for (i=0; i<local_key_len; i++) {
- k_ipad[i] ^= 0x36;
- k_opad[i] ^= 0x5c;
- }
-
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- /* perform inner hash */
- sha1_begin(&context1); /* init context for 1st pass */
- sha1_hash(k_ipad, local_key_len, &context1);/* start with inner pad */
- sha1_hash((const unsigned char*)msg, msg_len, &context1); /* then text of datagram */
- sha1_end((unsigned char*)digest->buffer, &context1); /* finish up 1st pass */
-
- /* perform outer hash */
- sha1_begin(&context1); /* init context for 2nd pass */
- sha1_hash(k_opad, local_key_len, &context1);/* start with outer pad */
- sha1_hash((const unsigned char*)digest->buffer, SHA1_DIGEST_SIZE, &context1); /* then results of 1st hash */
- sha1_end((unsigned char*)digest->buffer, &context1); /* finish up 2nd pass */
-
- digest->length = SHA1_DIGEST_SIZE;
- break;
- case ZRTP_HASH_SHA256:
- sha256_begin(&context2);
- sha256_hash(k_ipad, local_key_len, &context2);
- sha256_hash((const unsigned char*)msg, msg_len, &context2);
- sha256_end((unsigned char*)digest->buffer, &context2);
-
- sha256_begin(&context2);
- sha256_hash(k_opad, local_key_len, &context2);
- sha256_hash((const unsigned char*)digest->buffer, SHA256_DIGEST_SIZE, &context2);
- sha256_end((unsigned char*)digest->buffer, &context2);
-
- digest->length = SHA256_DIGEST_SIZE;
- break;
- case ZRTP_HASH_SHA384:
- sha384_begin(&context3);
- sha384_hash(k_ipad, local_key_len, &context3);
- sha384_hash((const unsigned char*)msg, msg_len, &context3);
- sha384_end((unsigned char*)digest->buffer, &context3);
-
- sha384_begin(&context3);
- sha384_hash(k_opad, local_key_len, &context3);
- sha384_hash((const unsigned char*)digest->buffer, SHA384_DIGEST_SIZE, &context3);
- sha384_end((unsigned char*)digest->buffer, &context3);
-
- digest->length = SHA384_DIGEST_SIZE;
- break;
- }
-
- return zrtp_status_ok;
-}
-
-static zrtp_status_t zrtp_hmac( zrtp_hash_t *self,
- const zrtp_stringn_t *key,
- const zrtp_stringn_t *msg,
- zrtp_stringn_t *digest) {
- return zrtp_hmac_c(self, key->buffer, key->length, msg->buffer, msg->length, digest);
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_hmac_truncated_c( zrtp_hash_t *self,
- const char *key,
- const uint32_t key_len,
- const char *msg,
- const uint32_t msg_len,
- uint32_t necessary_len,
- zrtp_stringn_t *digest)
-{
- uint32_t necessary_len_max = 0;
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- necessary_len_max = SHA1_DIGEST_SIZE;
- break;
- case ZRTP_HASH_SHA256:
- necessary_len_max = SHA256_DIGEST_SIZE;
- break;
- case ZRTP_HASH_SHA384:
- necessary_len_max = SHA384_DIGEST_SIZE;
- break;
- }
- if (necessary_len > necessary_len_max) {
- return zrtp_status_buffer_size;
- }
-
- if (0 == necessary_len) {
- zrtp_hmac_c(self, key, key_len, msg, msg_len, digest);
- } else {
- zrtp_string128_t dst = ZSTR_INIT_EMPTY(dst);
-
- zrtp_hmac_c(self, key, key_len, msg, msg_len, (zrtp_stringn_t *)&dst);
- switch (self->base.id) {
- case ZRTP_SRTP_HASH_HMAC_SHA1:
- necessary_len = ZRTP_MIN(necessary_len, SHA1_DIGEST_SIZE);
- break;
- case ZRTP_HASH_SHA256:
- necessary_len = ZRTP_MIN(necessary_len, SHA256_DIGEST_SIZE);
- break;
- case ZRTP_HASH_SHA384:
- necessary_len = ZRTP_MIN(necessary_len, SHA384_DIGEST_SIZE);
- break;
- }
- digest->length = ZRTP_MIN(necessary_len, digest->max_length);
- zrtp_memcpy(digest->buffer, dst.buffer, digest->length);
- }
-
- return zrtp_status_ok;
-}
-
-static zrtp_status_t zrtp_hmac_truncated( zrtp_hash_t *self,
- const zrtp_stringn_t *key,
- const zrtp_stringn_t *msg,
- uint32_t len,
- zrtp_stringn_t *digest) {
- return zrtp_hmac_truncated_c(self, key->buffer, key->length, msg->buffer, msg->length, len, digest);
-
-}
-
-
-/*============================================================================*/
-/* SHA and SHMAC test cases */
-/*============================================================================*/
-
-
-/*
- * SHA1 Test Vectors
- */
-
-static uint8_t sha1_msg_8[1] = {
- 0xa8
-};
-
-static uint8_t sha1_MD_8[20] = {
- 0x99, 0xf2, 0xaa, 0x95, 0xe3, 0x6f, 0x95, 0xc2,
- 0xac, 0xb0, 0xea, 0xf2, 0x39, 0x98, 0xf0, 0x30,
- 0x63, 0x8f, 0x3f, 0x15
-};
-
-static uint8_t sha1_msg_128[16] = {
- 0xc5, 0xa2, 0x2d, 0xd6, 0xed, 0xa3, 0xfe, 0x2b,
- 0xdc, 0x4d, 0xdb, 0x3c, 0xe6, 0xb3, 0x5f, 0xd1
-};
-
-static uint8_t sha1_MD_128[20] = {
- 0xfa, 0xc8, 0xab, 0x93, 0xc1, 0xae, 0x6c, 0x16,
- 0xf0, 0x31, 0x18, 0x72, 0xb9, 0x84, 0xf7, 0x29,
- 0xdc, 0x92, 0x8c, 0xcd
-};
-
-static uint8_t sha1_msg_512[64] = {
- 0x7e, 0x3a, 0x4c, 0x32, 0x5c, 0xb9, 0xc5, 0x2b,
- 0x88, 0x38, 0x7f, 0x93, 0xd0, 0x1a, 0xe8, 0x6d,
- 0x42, 0x09, 0x8f, 0x5e, 0xfa, 0x7f, 0x94, 0x57,
- 0x38, 0x8b, 0x5e, 0x74, 0xb6, 0xd2, 0x8b, 0x24,
- 0x38, 0xd4, 0x2d, 0x8b, 0x64, 0x70, 0x33, 0x24,
- 0xd4, 0xaa, 0x25, 0xab, 0x6a, 0xad, 0x15, 0x3a,
- 0xe3, 0x0c, 0xd2, 0xb2, 0xaf, 0x4d, 0x5e, 0x5c,
- 0x00, 0xa8, 0xa2, 0xd0, 0x22, 0x0c, 0x61, 0x16
-};
-
-static uint8_t sha1_MD_512[20] = {
- 0xa3, 0x05, 0x44, 0x27, 0xcd, 0xb1, 0x3f, 0x16,
- 0x4a, 0x61, 0x0b, 0x34, 0x87, 0x02, 0x72, 0x4c,
- 0x80, 0x8a, 0x0d, 0xcc
-};
-
-static uint8_t sha1_msg_2096[262] = {
- 0x5f, 0xc2, 0xc3, 0xf6, 0xa7, 0xe7, 0x9d, 0xc9,
- 0x4b, 0xe5, 0x26, 0xe5, 0x16, 0x6a, 0x23, 0x88,
- 0x99, 0xd5, 0x49, 0x27, 0xce, 0x47, 0x00, 0x18,
- 0xfb, 0xfd, 0x66, 0x8f, 0xd9, 0xdd, 0x97, 0xcb,
- 0xf6, 0x4e, 0x2c, 0x91, 0x58, 0x4d, 0x01, 0xda,
- 0x63, 0xbe, 0x3c, 0xc9, 0xfd, 0xff, 0x8a, 0xdf,
- 0xef, 0xc3, 0xac, 0x72, 0x8e, 0x1e, 0x33, 0x5b,
- 0x9c, 0xdc, 0x87, 0xf0, 0x69, 0x17, 0x2e, 0x32,
- 0x3d, 0x09, 0x4b, 0x47, 0xfa, 0x1e, 0x65, 0x2a,
- 0xfe, 0x4d, 0x6a, 0xa1, 0x47, 0xa9, 0xf4, 0x6f,
- 0xda, 0x33, 0xca, 0xcb, 0x65, 0xf3, 0xaa, 0x12,
- 0x23, 0x47, 0x46, 0xb9, 0x00, 0x7a, 0x8c, 0x85,
- 0xfe, 0x98, 0x2a, 0xfe, 0xd7, 0x81, 0x52, 0x21,
- 0xe4, 0x3d, 0xba, 0x55, 0x3d, 0x8f, 0xe8, 0xa0,
- 0x22, 0xcd, 0xac, 0x1b, 0x99, 0xee, 0xee, 0xa3,
- 0x59, 0xe5, 0xa9, 0xd2, 0xe7, 0x2e, 0x38, 0x2d,
- 0xff, 0xa6, 0xd1, 0x9f, 0x35, 0x9f, 0x4f, 0x27,
- 0xdc, 0x34, 0x34, 0xcd, 0x27, 0xda, 0xee, 0xda,
- 0x8e, 0x38, 0x59, 0x48, 0x73, 0x39, 0x86, 0x78,
- 0x06, 0x5f, 0xbb, 0x23, 0x66, 0x5a, 0xba, 0x93,
- 0x09, 0xd9, 0x46, 0x13, 0x5d, 0xa0, 0xe4, 0xa4,
- 0xaf, 0xda, 0xdf, 0xf1, 0x4d, 0xb1, 0x8e, 0x85,
- 0xe7, 0x1d, 0xd9, 0x3c, 0x3b, 0xf9, 0xfa, 0xf7,
- 0xf2, 0x5c, 0x81, 0x94, 0xc4, 0x26, 0x9b, 0x1e,
- 0xe3, 0xd9, 0x93, 0x40, 0x97, 0xab, 0x99, 0x00,
- 0x25, 0xd9, 0xc3, 0xaa, 0xf6, 0x3d, 0x51, 0x09,
- 0xf5, 0x23, 0x35, 0xdd, 0x39, 0x59, 0xd3, 0x8a,
- 0xe4, 0x85, 0x05, 0x0e, 0x4b, 0xbb, 0x62, 0x35,
- 0x57, 0x4f, 0xc0, 0x10, 0x2b, 0xe8, 0xf7, 0xa3,
- 0x06, 0xd6, 0xe8, 0xde, 0x6b, 0xa6, 0xbe, 0xcf,
- 0x80, 0xf3, 0x74, 0x15, 0xb5, 0x7f, 0x98, 0x98,
- 0xa5, 0x82, 0x4e, 0x77, 0x41, 0x41, 0x97, 0x42,
- 0x2b, 0xe3, 0xd3, 0x6a, 0x60, 0x80
-};
-
-static uint8_t sha1_MD_2096[20] = {
- 0x04, 0x23, 0xdc, 0x76, 0xa8, 0x79, 0x11, 0x07,
- 0xd1, 0x4e, 0x13, 0xf5, 0x26, 0x5b, 0x34, 0x3f,
- 0x24, 0xcc, 0x0f, 0x19
-};
-
-
-
-/*
- * HMAC SHA1 Test Vectors from RFC 2202
- */
-
-static uint8_t test_case1_hmac_sha1_key[20] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
-};
-static uint8_t test_case1_hmac_sha1_data[8] = {
- 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
-};
-static uint8_t test_case1_hmac_sha1_result[20] = {
- 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
- 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
- 0xf1, 0x46, 0xbe, 0x00
-};
-
-
-static uint8_t test_case2_hmac_sha1_key[4] = {
- 0x4a, 0x65, 0x66, 0x65
-};
-static uint8_t test_case2_hmac_sha1_data[28] = {
- 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
- 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,
- 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
- 0x69, 0x6e, 0x67, 0x3f
-};
-static uint8_t test_case2_hmac_sha1_result[20] = {
- 0xef, 0xfc, 0xdf, 0x6a, 0xe5, 0xeb, 0x2f, 0xa2,
- 0xd2, 0x74, 0x16, 0xd5, 0xf1, 0x84, 0xdf, 0x9c,
- 0x25, 0x9a, 0x7c, 0x79
-};
-
-
-static uint8_t test_case3_hmac_sha1_key[20] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa
-};
-static uint8_t test_case3_hmac_sha1_data[50] = {
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd
-};
-static uint8_t test_case3_hmac_sha1_result[20] = {
- 0x12, 0x5d, 0x73, 0x42, 0xb9, 0xac, 0x11, 0xcd,
- 0x91, 0xa3, 0x9a, 0xf4, 0x8a, 0xa1, 0x7b, 0x4f,
- 0x63, 0xf1, 0x75, 0xd3
-};
-
-
-static uint8_t test_case4_hmac_sha1_key[25] = {
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19
-};
-static uint8_t test_case4_hmac_sha1_data[50] = {
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd
-};
-static uint8_t test_case4_hmac_sha1_result[20] = {
- 0x4c, 0x90, 0x07, 0xf4, 0x02, 0x62, 0x50, 0xc6,
- 0xbc, 0x84, 0x14, 0xf9, 0xbf, 0x50, 0xc8, 0x6c,
- 0x2d, 0x72, 0x35, 0xda
-};
-
-
-static uint8_t test_case5_hmac_sha1_key[20] = {
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c
-};
-static uint8_t test_case5_hmac_sha1_data[20] = {
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x57, 0x69, 0x74,
- 0x68, 0x20, 0x54, 0x72, 0x75, 0x6e, 0x63, 0x61,
- 0x74, 0x69, 0x6f, 0x6e
-};
-static uint8_t test_case5_hmac_sha1_result[20] = {
- 0x4c, 0x1a, 0x03, 0x42, 0x4b, 0x55, 0xe0, 0x7f,
- 0xe7, 0xf2, 0x7b, 0xe1, 0xd5, 0x8b, 0xb9, 0x32,
- 0x4a, 0x9a, 0x5a, 0x04
-};
-
-
-static uint8_t test_case6_hmac_sha1_key[80] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
-};
-static uint8_t test_case6_hmac_sha1_data[54] = {
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
- 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
- 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
- 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
- 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
- 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
- 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
-};
-static uint8_t test_case6_hmac_sha1_result[20] = {
- 0xaa, 0x4a, 0xe5, 0xe1, 0x52, 0x72, 0xd0, 0x0e,
- 0x95, 0x70, 0x56, 0x37, 0xce, 0x8a, 0x3b, 0x55,
- 0xed, 0x40, 0x21, 0x12
-};
-
-
-static uint8_t test_case7_hmac_sha1_key[80] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
-};
-static uint8_t test_case7_hmac_sha1_data[73] = {
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
- 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
- 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
- 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
- 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x61, 0x6e,
- 0x64, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65, 0x72,
- 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x4f, 0x6e,
- 0x65, 0x20, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x2d,
- 0x53, 0x69, 0x7a, 0x65, 0x20, 0x44, 0x61, 0x74,
- 0x61
-};
-static uint8_t test_case7_hmac_sha1_result[20] = {
- 0xe8, 0xe9, 0x9d, 0x0f, 0x45, 0x23, 0x7d, 0x78,
- 0x6d, 0x6b, 0xba, 0xa7, 0x96, 0x5c, 0x78, 0x08,
- 0xbb, 0xff, 0x1a, 0x91
-};
-
-
-
-/*
- * SHA256 Test Vectors
- */
-
-static uint8_t sha256_msg_8[1] = {
- 0xbd
-};
-
-static uint8_t sha256_MD_8[32] = {
- 0x68, 0x32, 0x57, 0x20, 0xaa, 0xbd, 0x7c, 0x82,
- 0xf3, 0x0f, 0x55, 0x4b, 0x31, 0x3d, 0x05, 0x70,
- 0xc9, 0x5a, 0xcc, 0xbb, 0x7d, 0xc4, 0xb5, 0xaa,
- 0xe1, 0x12, 0x04, 0xc0, 0x8f, 0xfe, 0x73, 0x2b
-};
-
-static uint8_t sha256_msg_128[16] = {
- 0xfd, 0xf4, 0x70, 0x09, 0x84, 0xee, 0x11, 0xb7,
- 0x0a, 0xf1, 0x88, 0x0d, 0x0e, 0x0f, 0xef, 0xd4
-};
-
-static uint8_t sha256_MD_128[32] = {
- 0xb0, 0x1a, 0xe1, 0x6e, 0xed, 0x3b, 0x4a, 0x77,
- 0x0f, 0x12, 0x7b, 0x98, 0x46, 0x9b, 0xa2, 0x6f,
- 0xe3, 0xd8, 0xe9, 0xf5, 0x9d, 0x8a, 0x29, 0x83,
- 0x21, 0x4a, 0xfe, 0x6c, 0xff, 0x0e, 0x6b, 0x6c
-};
-
-
-static uint8_t sha256_msg_512[64] = {
- 0x35, 0x92, 0xec, 0xfd, 0x1e, 0xac, 0x61, 0x8f,
- 0xd3, 0x90, 0xe7, 0xa9, 0xc2, 0x4b, 0x65, 0x65,
- 0x32, 0x50, 0x93, 0x67, 0xc2, 0x1a, 0x0e, 0xac,
- 0x12, 0x12, 0xac, 0x83, 0xc0, 0xb2, 0x0c, 0xd8,
- 0x96, 0xeb, 0x72, 0xb8, 0x01, 0xc4, 0xd2, 0x12,
- 0xc5, 0x45, 0x2b, 0xbb, 0xf0, 0x93, 0x17, 0xb5,
- 0x0c, 0x5c, 0x9f, 0xb1, 0x99, 0x75, 0x53, 0xd2,
- 0xbb, 0xc2, 0x9b, 0xb4, 0x2f, 0x57, 0x48, 0xad
-};
-
-static uint8_t sha256_MD_512[32] = {
- 0x10, 0x5a, 0x60, 0x86, 0x58, 0x30, 0xac, 0x3a,
- 0x37, 0x1d, 0x38, 0x43, 0x32, 0x4d, 0x4b, 0xb5,
- 0xfa, 0x8e, 0xc0, 0xe0, 0x2d, 0xda, 0xa3, 0x89,
- 0xad, 0x8d, 0xa4, 0xf1, 0x02, 0x15, 0xc4, 0x54
-};
-
-static uint8_t sha256_msg_2096[262] = {
- 0xf6, 0xce, 0x82, 0x21, 0xbf, 0x64, 0x27, 0x3c,
- 0x91, 0xc4, 0xcb, 0x41, 0xeb, 0xba, 0x1b, 0xfc,
- 0xfa, 0x12, 0xc0, 0x43, 0xc7, 0x01, 0x31, 0x7e,
- 0xb0, 0xc0, 0xcb, 0x66, 0x15, 0x7a, 0x23, 0x0c,
- 0x53, 0x68, 0x9b, 0x1d, 0xf6, 0x3b, 0x33, 0x65,
- 0x2a, 0xba, 0xa2, 0x93, 0x73, 0xac, 0xa6, 0x3c,
- 0x9e, 0xf8, 0x98, 0x22, 0xf8, 0x0b, 0x43, 0xb5,
- 0xbd, 0x7a, 0xf6, 0xda, 0xd3, 0xe8, 0xd8, 0xec,
- 0xb8, 0x2b, 0x7c, 0x00, 0xba, 0xaa, 0xb5, 0x6e,
- 0x66, 0x09, 0xac, 0x8d, 0x42, 0x09, 0x2f, 0xbd,
- 0xbf, 0xa9, 0x4c, 0xab, 0x69, 0x92, 0x1f, 0xd0,
- 0x61, 0xb1, 0xe8, 0x3b, 0x0d, 0x26, 0x60, 0x91,
- 0x0e, 0x5d, 0x4e, 0x52, 0x72, 0x7a, 0x55, 0x5d,
- 0x2b, 0xfb, 0x10, 0xb7, 0xc0, 0x98, 0x61, 0x88,
- 0x43, 0x6e, 0x05, 0x66, 0x83, 0x5d, 0x6c, 0xd6,
- 0x82, 0xaf, 0xc8, 0x10, 0x2a, 0xfa, 0x65, 0x03,
- 0x3b, 0x47, 0x38, 0x99, 0x88, 0x73, 0xba, 0x3c,
- 0x63, 0xd6, 0xf7, 0x99, 0x56, 0x23, 0xe1, 0xa4,
- 0x14, 0x8f, 0xeb, 0xdc, 0xae, 0x36, 0xd3, 0xd0,
- 0x0a, 0xba, 0xbf, 0xe2, 0x92, 0x2d, 0x8c, 0x4b,
- 0x29, 0x31, 0x63, 0x5f, 0x63, 0x5d, 0x8d, 0x12,
- 0xf5, 0xe3, 0x88, 0xbc, 0x6a, 0x70, 0x5a, 0x19,
- 0x18, 0x54, 0x25, 0x94, 0x53, 0xe3, 0xfc, 0xc5,
- 0xe0, 0x1b, 0xf5, 0x38, 0xac, 0x87, 0x7f, 0x70,
- 0xbe, 0x62, 0xf6, 0x2b, 0x6b, 0x00, 0x75, 0xe8,
- 0xc9, 0x6a, 0xec, 0xa7, 0x66, 0x49, 0x72, 0xf0,
- 0x39, 0x05, 0xdc, 0x16, 0xd8, 0x2d, 0x8e, 0xbd,
- 0xec, 0x1a, 0x91, 0x9a, 0xe2, 0xcf, 0xe6, 0x7a,
- 0xe4, 0x24, 0x1a, 0x86, 0x08, 0x24, 0x1b, 0xc5,
- 0xc7, 0xb3, 0x4a, 0xe2, 0xb0, 0x74, 0xd1, 0x30,
- 0x5d, 0xe9, 0x37, 0xeb, 0xa7, 0xdc, 0x32, 0xc1,
- 0x16, 0xfe, 0xbc, 0x90, 0x9b, 0xcf, 0x68, 0x72,
- 0x82, 0xbd, 0xf7, 0xf7, 0xa2, 0x90
-};
-
-static uint8_t sha256_MD_2096[32] = {
- 0xef, 0xd3, 0x5c, 0x0d, 0x49, 0xe6, 0xa2, 0x2c,
- 0x2b, 0x54, 0x59, 0x9a, 0xbb, 0x0d, 0xfa, 0x41,
- 0x94, 0x35, 0xa5, 0xb7, 0x49, 0xef, 0x1c, 0x71,
- 0x23, 0xd5, 0x9a, 0x2f, 0xb5, 0xdb, 0x8f, 0x75
-};
-
-
-/*
- * HMAC SHA256 Test Vectors from RFC 4231
- */
-
-static uint8_t test_case1_hmac_sha2_key[20] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
-};
-
-static uint8_t test_case1_hmac_sha2_data[8] = {
- 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65
-};
-static uint8_t test_case1_hmac_sha256_result[32] = {
- 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
- 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
- 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
- 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
-};
-static uint8_t test_case1_hmac_sha384_result[48] = {
- 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
- 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
- 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
- 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
- 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
- 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
-};
-
-
-static uint8_t test_case2_hmac_sha2_key[4] = {
- 0x4a, 0x65, 0x66, 0x65
-};
-static uint8_t test_case2_hmac_sha2_data[28] = {
- 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
- 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,
- 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
- 0x69, 0x6e, 0x67, 0x3f
-};
-static uint8_t test_case2_hmac_sha256_result[32] = {
- 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
- 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
- 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
- 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
-};
-static uint8_t test_case2_hmac_sha384_result[48] = {
- 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
- 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
- 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
- 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
- 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
- 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49
-};
-
-
-static uint8_t test_case3_hmac_sha2_key[20] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa
-};
-static uint8_t test_case3_hmac_sha2_data[50] = {
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
- 0xdd, 0xdd
-};
-static uint8_t test_case3_hmac_sha256_result[32] = {
- 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
- 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
- 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
- 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe
-};
-static uint8_t test_case3_hmac_sha384_result[48] = {
- 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a,
- 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f,
- 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
- 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b,
- 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9,
- 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27
-};
-
-
-static uint8_t test_case4_hmac_sha2_key[25] = {
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19
-};
-static uint8_t test_case4_hmac_sha2_data[50] = {
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
- 0xcd, 0xcd
-};
-static uint8_t test_case4_hmac_sha256_result[32] = {
- 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
- 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
- 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
- 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
-};
-static uint8_t test_case4_hmac_sha384_result[48] = {
- 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85,
- 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7,
- 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
- 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e,
- 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79,
- 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb
-};
-
-
-static uint8_t test_case5_hmac_sha2_key[20] = {
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
- 0x0c, 0x0c, 0x0c, 0x0c
-};
-static uint8_t test_case5_hmac_sha2_data[20] = {
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x57, 0x69, 0x74,
- 0x68, 0x20, 0x54, 0x72, 0x75, 0x6e, 0x63, 0x61,
- 0x74, 0x69, 0x6f, 0x6e
-};
-static uint8_t test_case5_hmac_sha256_result[16] = {
- 0xa3, 0xb6, 0x16, 0x74, 0x73, 0x10, 0x0e, 0xe0,
- 0x6e, 0x0c, 0x79, 0x6c, 0x29, 0x55, 0x55, 0x2b
-};
-static uint8_t test_case5_hmac_sha384_result[16] = {
- 0x3a, 0xbf, 0x34, 0xc3, 0x50, 0x3b, 0x2a, 0x23,
- 0xa4, 0x6e, 0xfc, 0x61, 0x9b, 0xae, 0xf8, 0x97
-};
-
-
-static uint8_t test_case6_hmac_sha2_key[131] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa
-};
-static uint8_t test_case6_hmac_sha2_data[54] = {
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x55, 0x73, 0x69,
- 0x6e, 0x67, 0x20, 0x4c, 0x61, 0x72, 0x67, 0x65,
- 0x72, 0x20, 0x54, 0x68, 0x61, 0x6e, 0x20, 0x42,
- 0x6c, 0x6f, 0x63, 0x6b, 0x2d, 0x53, 0x69, 0x7a,
- 0x65, 0x20, 0x4b, 0x65, 0x79, 0x20, 0x2d, 0x20,
- 0x48, 0x61, 0x73, 0x68, 0x20, 0x4b, 0x65, 0x79,
- 0x20, 0x46, 0x69, 0x72, 0x73, 0x74
-};
-static uint8_t test_case6_hmac_sha256_result[32] = {
- 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
- 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
- 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
- 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54
-};
-static uint8_t test_case6_hmac_sha384_result[48] = {
- 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
- 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
- 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
- 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
- 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
- 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52
-};
-
-
-static uint8_t test_case7_hmac_sha2_key[131] = {
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
- 0xaa, 0xaa, 0xaa
-};
-
-static uint8_t test_case7_hmac_sha2_data[152] = {
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x75,
- 0x73, 0x69, 0x6e, 0x67, 0x20, 0x61, 0x20, 0x6c,
- 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74, 0x68,
- 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b,
- 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6b, 0x65,
- 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x61, 0x20,
- 0x6c, 0x61, 0x72, 0x67, 0x65, 0x72, 0x20, 0x74,
- 0x68, 0x61, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63,
- 0x6b, 0x2d, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x64,
- 0x61, 0x74, 0x61, 0x2e, 0x20, 0x54, 0x68, 0x65,
- 0x20, 0x6b, 0x65, 0x79, 0x20, 0x6e, 0x65, 0x65,
- 0x64, 0x73, 0x20, 0x74, 0x6f, 0x20, 0x62, 0x65,
- 0x20, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x20,
- 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x20, 0x62,
- 0x65, 0x69, 0x6e, 0x67, 0x20, 0x75, 0x73, 0x65,
- 0x64, 0x20, 0x62, 0x79, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x48, 0x4d, 0x41, 0x43, 0x20, 0x61, 0x6c,
- 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x2e
-};
-static uint8_t test_case7_hmac_sha256_result[32] = {
- 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
- 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
- 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
- 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2
-};
-static uint8_t test_case7_hmac_sha384_result[48] = {
- 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
- 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
- 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
- 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
- 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
- 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e
-};
-
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_sha_test( zrtp_hash_t *self,
- const uint8_t *test_vector,
- int vector_length,
- const uint8_t *test_result,
- int test_length)
-{
- zrtp_status_t res;
- zrtp_string256_t hval = ZSTR_INIT_EMPTY(hval);
-
- res = self->hash_c(self, (const char*)test_vector, vector_length, (zrtp_stringn_t*)&hval);
- if (zrtp_status_ok != res) {
- return res;
- }
-
- return (0 == zrtp_memcmp(hval.buffer, test_result, test_length)) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_hmac_test( zrtp_hash_t *self,
- const uint8_t *key,
- uint16_t key_length,
- const uint8_t *test_vector,
- uint16_t vector_length,
- const uint8_t *test_result,
- int test_length)
-{
- zrtp_status_t res;
- zrtp_string256_t hval = ZSTR_INIT_EMPTY(hval);
- zrtp_string256_t zrtp_key = ZSTR_INIT_EMPTY(zrtp_key);
- zrtp_string256_t zrtp_test_vector = ZSTR_INIT_EMPTY(zrtp_test_vector);
-
- zrtp_zstrncpyc(ZSTR_GV(zrtp_key), (const char*)key, key_length);
- zrtp_zstrncpyc(ZSTR_GV(zrtp_test_vector), (const char*)test_vector, vector_length);
-
- res = self->hmac(self, ZSTR_GV(zrtp_key), ZSTR_GV(zrtp_test_vector), ZSTR_GV(hval));
- if (zrtp_status_ok != res) {
- return res;
- }
-
- return (0 == zrtp_memcmp(hval.buffer, test_result, test_length)) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_sha256_self_test(zrtp_hash_t *self)
-{
- zrtp_status_t res;
- ZRTP_LOG(3, (_ZTU_,"SHA256 Testing\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\t8-bit test... "));
- res = zrtp_sha_test(self, sha256_msg_8, sizeof(sha256_msg_8), sha256_MD_8, sizeof(sha256_MD_8));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t128-bit test... "));
- res = zrtp_sha_test(self, sha256_msg_128, sizeof(sha256_msg_128), sha256_MD_128, sizeof(sha256_MD_128));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t512-bit test... "));
- res = zrtp_sha_test(self, sha256_msg_512, sizeof(sha256_msg_512), sha256_MD_512, sizeof(sha256_MD_512));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t2096-bit test... "));
- res = zrtp_sha_test(self, sha256_msg_2096, sizeof(sha256_msg_2096), sha256_MD_2096, sizeof(sha256_MD_2096));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- return res;
-}
-
-zrtp_status_t zrtp_sha384_self_test(zrtp_hash_t *self)
-{
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_hmac_sha256_self_test(zrtp_hash_t *self)
-{
- zrtp_status_t res;
- ZRTP_LOG(3, (_ZTU_,"HMAC SHA256 Testing\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\t1 case test... "));
- res = zrtp_hmac_test( self,
- test_case1_hmac_sha2_key,
- sizeof(test_case1_hmac_sha2_key),
- test_case1_hmac_sha2_data,
- sizeof(test_case1_hmac_sha2_data),
- test_case1_hmac_sha256_result,
- sizeof(test_case1_hmac_sha256_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t2 case test... "));
- res = zrtp_hmac_test( self,
- test_case2_hmac_sha2_key,
- sizeof(test_case2_hmac_sha2_key),
- test_case2_hmac_sha2_data,
- sizeof(test_case2_hmac_sha2_data),
- test_case2_hmac_sha256_result,
- sizeof(test_case2_hmac_sha256_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t3 case test... "));
- res = zrtp_hmac_test( self,
- test_case3_hmac_sha2_key,
- sizeof(test_case3_hmac_sha2_key),
- test_case3_hmac_sha2_data,
- sizeof(test_case3_hmac_sha2_data),
- test_case3_hmac_sha256_result,
- sizeof(test_case3_hmac_sha256_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t4 case test... "));
- res = zrtp_hmac_test(self,
- test_case4_hmac_sha2_key,
- sizeof(test_case4_hmac_sha2_key),
- test_case4_hmac_sha2_data,
- sizeof(test_case4_hmac_sha2_data),
- test_case4_hmac_sha256_result,
- sizeof(test_case4_hmac_sha256_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t5 case test..."));
- res = zrtp_hmac_test(self,
- test_case5_hmac_sha2_key,
- sizeof(test_case5_hmac_sha2_key),
- test_case5_hmac_sha2_data,
- sizeof(test_case5_hmac_sha2_data),
- test_case5_hmac_sha256_result,
- sizeof(test_case5_hmac_sha256_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t6 case test... "));
- res = zrtp_hmac_test(self,
- test_case6_hmac_sha2_key,
- sizeof(test_case6_hmac_sha2_key),
- test_case6_hmac_sha2_data,
- sizeof(test_case6_hmac_sha2_data),
- test_case6_hmac_sha256_result,
- sizeof(test_case6_hmac_sha256_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t7 case test..."));
- res = zrtp_hmac_test(self,
- test_case7_hmac_sha2_key,
- sizeof(test_case7_hmac_sha2_key),
- test_case7_hmac_sha2_data,
- sizeof(test_case7_hmac_sha2_data),
- test_case7_hmac_sha256_result,
- sizeof(test_case7_hmac_sha256_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- return res;
-}
-
-zrtp_status_t zrtp_hmac_sha384_self_test(zrtp_hash_t *self)
-{
- zrtp_status_t res;
- ZRTP_LOG(3, (_ZTU_,"HMAC SHA384 Testing\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\t1 case test... "));
- res = zrtp_hmac_test( self,
- test_case1_hmac_sha2_key,
- sizeof(test_case1_hmac_sha2_key),
- test_case1_hmac_sha2_data,
- sizeof(test_case1_hmac_sha2_data),
- test_case1_hmac_sha384_result,
- sizeof(test_case1_hmac_sha384_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t2 case test... "));
- res = zrtp_hmac_test( self,
- test_case2_hmac_sha2_key,
- sizeof(test_case2_hmac_sha2_key),
- test_case2_hmac_sha2_data,
- sizeof(test_case2_hmac_sha2_data),
- test_case2_hmac_sha384_result,
- sizeof(test_case2_hmac_sha384_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t3 case test... "));
- res = zrtp_hmac_test( self,
- test_case3_hmac_sha2_key,
- sizeof(test_case3_hmac_sha2_key),
- test_case3_hmac_sha2_data,
- sizeof(test_case3_hmac_sha2_data),
- test_case3_hmac_sha384_result,
- sizeof(test_case3_hmac_sha384_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t4 case test... "));
- res = zrtp_hmac_test(self,
- test_case4_hmac_sha2_key,
- sizeof(test_case4_hmac_sha2_key),
- test_case4_hmac_sha2_data,
- sizeof(test_case4_hmac_sha2_data),
- test_case4_hmac_sha384_result,
- sizeof(test_case4_hmac_sha384_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t5 case test..."));
- res = zrtp_hmac_test(self,
- test_case5_hmac_sha2_key,
- sizeof(test_case5_hmac_sha2_key),
- test_case5_hmac_sha2_data,
- sizeof(test_case5_hmac_sha2_data),
- test_case5_hmac_sha384_result,
- sizeof(test_case5_hmac_sha384_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t6 case test... "));
- res = zrtp_hmac_test(self,
- test_case6_hmac_sha2_key,
- sizeof(test_case6_hmac_sha2_key),
- test_case6_hmac_sha2_data,
- sizeof(test_case6_hmac_sha2_data),
- test_case6_hmac_sha384_result,
- sizeof(test_case6_hmac_sha384_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t7 case test..."));
- res = zrtp_hmac_test(self,
- test_case7_hmac_sha2_key,
- sizeof(test_case7_hmac_sha2_key),
- test_case7_hmac_sha2_data,
- sizeof(test_case7_hmac_sha2_data),
- test_case7_hmac_sha384_result,
- sizeof(test_case7_hmac_sha384_result));
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- return res;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_sha1_self_test(zrtp_hash_t *self)
-{
- zrtp_status_t res;
- ZRTP_LOG(3, (_ZTU_,"SHA1 Testing\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\t8-bit test... "));
- res = zrtp_sha_test(self, sha1_msg_8, sizeof(sha1_msg_8), sha1_MD_8, ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t128-bit test... "));
- res = zrtp_sha_test(self, sha1_msg_128, sizeof(sha1_msg_128), sha1_MD_128, ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t512-bit test... "));
- res = zrtp_sha_test(self, sha1_msg_512, sizeof(sha1_msg_512), sha1_MD_512, ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t2096-bit test... "));
- res = zrtp_sha_test(self, sha1_msg_2096, sizeof(sha1_msg_2096), sha1_MD_2096, ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- return res;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_hmac_sha1_self_test(zrtp_hash_t *self)
-{
- zrtp_status_t res;
- ZRTP_LOG(3, (_ZTU_,"HMAC SHA1 Testing\n"));
-
- ZRTP_LOG(3, (_ZTU_, "\t1 case test... "));
- res = zrtp_hmac_test(self,
- test_case1_hmac_sha1_key,
- sizeof(test_case1_hmac_sha1_key),
- test_case1_hmac_sha1_data,
- sizeof(test_case1_hmac_sha1_data),
- test_case1_hmac_sha1_result,
- ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t2 case test... "));
- res = zrtp_hmac_test(self,
- test_case2_hmac_sha1_key,
- sizeof(test_case2_hmac_sha1_key),
- test_case2_hmac_sha1_data,
- sizeof(test_case2_hmac_sha1_data),
- test_case2_hmac_sha1_result,
- ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t3 case test... "));
- res = zrtp_hmac_test(self,
- test_case3_hmac_sha1_key,
- sizeof(test_case3_hmac_sha1_key),
- test_case3_hmac_sha1_data,
- sizeof(test_case3_hmac_sha1_data),
- test_case3_hmac_sha1_result,
- ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t4 case test... "));
- res = zrtp_hmac_test(self,
- test_case4_hmac_sha1_key,
- sizeof(test_case4_hmac_sha1_key),
- test_case4_hmac_sha1_data,
- sizeof(test_case4_hmac_sha1_data),
- test_case4_hmac_sha1_result,
- ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t5 case test... "));
- res = zrtp_hmac_test(self,
- test_case5_hmac_sha1_key,
- sizeof(test_case5_hmac_sha1_key),
- test_case5_hmac_sha1_data,
- sizeof(test_case5_hmac_sha1_data),
- test_case5_hmac_sha1_result,
- ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t6 case test... "));
- res = zrtp_hmac_test(self,
- test_case6_hmac_sha1_key,
- sizeof(test_case6_hmac_sha1_key),
- test_case6_hmac_sha1_data,
- sizeof(test_case6_hmac_sha1_data),
- test_case6_hmac_sha1_result,
- ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- ZRTP_LOG(3, (_ZTU_, "\t7 case test... "));
- res = zrtp_hmac_test(self,
- test_case7_hmac_sha1_key,
- sizeof(test_case7_hmac_sha1_key),
- test_case7_hmac_sha1_data,
- sizeof(test_case7_hmac_sha1_data),
- test_case7_hmac_sha1_result,
- ZRTP_SRTP_HASH_HMAC_SHA1);
- ZRTP_LOGC(3, ("%s\n", zrtp_status_ok == res?"OK":"FALSE"));
-
- return res;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_defaults_hash(zrtp_global_t* global_ctx)
-{
- zrtp_hash_t* hash_sha384 = zrtp_sys_alloc(sizeof(zrtp_hash_t));
- zrtp_hash_t* hash_sha256 = zrtp_sys_alloc(sizeof(zrtp_hash_t));
- zrtp_hash_t* hash_sha1 = zrtp_sys_alloc(sizeof(zrtp_hash_t));
- if (!hash_sha256 || !hash_sha1 || !hash_sha384) {
- if (hash_sha384) {
- zrtp_sys_free(hash_sha384);
- }
- if (hash_sha256) {
- zrtp_sys_free(hash_sha256);
- }
- if (hash_sha1) {
- zrtp_sys_free(hash_sha1);
- }
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(hash_sha384, 0, sizeof(zrtp_hash_t));
- zrtp_memset(hash_sha256, 0, sizeof(zrtp_hash_t));
- zrtp_memset(hash_sha1, 0, sizeof(zrtp_hash_t));
-
- zrtp_memcpy(hash_sha384->base.type, ZRTP_S384, ZRTP_COMP_TYPE_SIZE);
- hash_sha384->base.id = ZRTP_HASH_SHA384;
- hash_sha384->base.zrtp = global_ctx;
- hash_sha384->block_length = SHA384_BLOCK_SIZE;
- hash_sha384->digest_length = SHA384_DIGEST_SIZE;
-
- hash_sha384->hash_begin = zrtp_sha_begin;
- hash_sha384->hash_update = zrtp_sha_update;
- hash_sha384->hash_end = zrtp_sha_end;
- hash_sha384->hash = zrtp_sha;
- hash_sha384->hash_c = zrtp_sha_c;
- hash_sha384->hash_self_test = zrtp_sha384_self_test;
-
- hash_sha384->hmac_begin_c = zrtp_hmac_sha384_begin_c;
- hash_sha384->hmac_begin = zrtp_hmac_begin;
- hash_sha384->hmac_update = zrtp_hmac_update;
- hash_sha384->hmac_end = zrtp_hmac_end;
- hash_sha384->hmac = zrtp_hmac;
- hash_sha384->hmac_c = zrtp_hmac_c;
- hash_sha384->hmac_truncated = zrtp_hmac_truncated;
- hash_sha384->hmac_truncated_c = zrtp_hmac_truncated_c;
- hash_sha384->hmac_self_test = zrtp_hmac_sha384_self_test;
-
- zrtp_memcpy(hash_sha256->base.type, ZRTP_S256, ZRTP_COMP_TYPE_SIZE);
- hash_sha256->base.id = ZRTP_HASH_SHA256;
- hash_sha256->base.zrtp = global_ctx;
- hash_sha256->block_length = SHA256_BLOCK_SIZE;
- hash_sha256->digest_length = SHA256_DIGEST_SIZE;
-
- hash_sha256->hash_begin = zrtp_sha_begin;
- hash_sha256->hash_update = zrtp_sha_update;
- hash_sha256->hash_end = zrtp_sha_end;
- hash_sha256->hash = zrtp_sha;
- hash_sha256->hash_c = zrtp_sha_c;
- hash_sha256->hash_self_test = zrtp_sha256_self_test;
-
- hash_sha256->hmac_begin_c = zrtp_hmac_sha256_begin_c;
- hash_sha256->hmac_begin = zrtp_hmac_begin;
- hash_sha256->hmac_update = zrtp_hmac_update;
- hash_sha256->hmac_end = zrtp_hmac_end;
- hash_sha256->hmac = zrtp_hmac;
- hash_sha256->hmac_c = zrtp_hmac_c;
- hash_sha256->hmac_truncated = zrtp_hmac_truncated;
- hash_sha256->hmac_truncated_c = zrtp_hmac_truncated_c;
- hash_sha256->hmac_self_test = zrtp_hmac_sha256_self_test;
-
-
- zrtp_memcpy(hash_sha1->base.type, ZRTP_S160, ZRTP_COMP_TYPE_SIZE);
- hash_sha1->base.id = ZRTP_SRTP_HASH_HMAC_SHA1;
- hash_sha1->base.zrtp = global_ctx;
- hash_sha1->block_length = SHA1_BLOCK_SIZE;
- hash_sha1->digest_length = SHA1_DIGEST_SIZE;
-
- hash_sha1->hash_begin = zrtp_sha_begin;
- hash_sha1->hash_update = zrtp_sha_update;
- hash_sha1->hash_end = zrtp_sha_end;
- hash_sha1->hash = zrtp_sha;
- hash_sha1->hash_c = zrtp_sha_c;
- hash_sha1->hash_self_test = zrtp_sha1_self_test;
-
- hash_sha1->hmac_begin_c = zrtp_hmac_sha1_begin_c;
- hash_sha1->hmac_begin = zrtp_hmac_begin;
- hash_sha1->hmac_update = zrtp_hmac_update;
- hash_sha1->hmac_end = zrtp_hmac_end;
- hash_sha1->hmac = zrtp_hmac;
- hash_sha1->hmac_c = zrtp_hmac_c;
- hash_sha1->hmac_truncated = zrtp_hmac_truncated;
- hash_sha1->hmac_truncated_c = zrtp_hmac_truncated_c;
- hash_sha1->hmac_self_test = zrtp_hmac_sha1_self_test;
-
- zrtp_comp_register(ZRTP_CC_HASH, hash_sha384, global_ctx);
- zrtp_comp_register(ZRTP_CC_HASH, hash_sha256, global_ctx);
- zrtp_comp_register(ZRTP_CC_HASH, hash_sha1, global_ctx);
-
- return zrtp_status_ok;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp dh"
-
-/*============================================================================*/
-/* Global DH Functions */
-/*============================================================================*/
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_dh_init(void *s)
-{
- struct BigNum* p = NULL;
- struct BigNum* p_1 = NULL;
- uint8_t* p_data = NULL;
- unsigned int p_data_length = 0;
- zrtp_pk_scheme_t *self = (zrtp_pk_scheme_t *) s;
-
- switch (self->base.id) {
- case ZRTP_PKTYPE_DH2048:
- p = &self->base.zrtp->P_2048;
- p_1 = &self->base.zrtp->P_2048_1;
- p_data = self->base.zrtp->P_2048_data;
- p_data_length = sizeof(self->base.zrtp->P_2048_data);
- break;
- case ZRTP_PKTYPE_DH3072:
- p = &self->base.zrtp->P_3072;
- p_1 = &self->base.zrtp->P_3072_1;
- p_data = self->base.zrtp->P_3072_data;
- p_data_length = sizeof(self->base.zrtp->P_3072_data);
- break;
- default:
- return zrtp_status_bad_param;
- }
-
- bnBegin(p);
- bnInsertBigBytes(p, (const unsigned char *)p_data, 0, p_data_length);
-
- bnBegin(p_1);
- bnCopy(p_1, p);
- bnSub(p_1, &self->base.zrtp->one);
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_dh_free(void *s)
-{
- zrtp_pk_scheme_t *self = (zrtp_pk_scheme_t *) s;
- switch (self->base.id) {
- case ZRTP_PKTYPE_DH2048:
- bnEnd(&self->base.zrtp->P_2048);
- bnEnd(&self->base.zrtp->P_2048_1);
- break;
- case ZRTP_PKTYPE_DH3072:
- bnEnd(&self->base.zrtp->P_3072);
- bnEnd(&self->base.zrtp->P_3072_1);
- break;
- default:
- return zrtp_status_bad_param;
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static struct BigNum* _zrtp_get_p(zrtp_pk_scheme_t *self)
-{
- struct BigNum* p = NULL;
- switch (self->base.id) {
- case ZRTP_PKTYPE_DH2048:
- p = &self->base.zrtp->P_2048;
- break;
- case ZRTP_PKTYPE_DH3072:
- p = &self->base.zrtp->P_3072;
- break;
- default:
- break;
- }
-
- return p;
-}
-
-static zrtp_status_t zrtp_dh_initialize( zrtp_pk_scheme_t *self,
- zrtp_dh_crypto_context_t *dh_cc)
-{
- unsigned char* buffer = zrtp_sys_alloc(sizeof(zrtp_uchar128_t));
- struct BigNum* p = _zrtp_get_p(self);
- zrtp_time_t start_ts = zrtp_time_now();
-
- ZRTP_LOG(1,(_ZTU_,"\tDH TEST: %.4s zrtp_dh_initialize() START. now=%llums.\n", self->base.type, start_ts));
-
- if (!buffer) {
- return zrtp_status_alloc_fail;
- }
- if (!p) {
- zrtp_sys_free(buffer);
- return zrtp_status_bad_param;
- }
-
- if (64 != zrtp_randstr(self->base.zrtp, buffer, 64)) {
- zrtp_sys_free(buffer);
- return zrtp_status_rng_fail;
- }
-
- bnBegin(&dh_cc->sv);
- bnInsertBigBytes(&dh_cc->sv, (const unsigned char *)buffer, 0, self->sv_length);
- bnBegin(&dh_cc->pv);
- bnExpMod(&dh_cc->pv, &self->base.zrtp->G, &dh_cc->sv, p);
-
- zrtp_sys_free(buffer);
-
- ZRTP_LOG(1,(_ZTU_,"\tDH TEST: zrtp_dh_initialize() for %.4s was executed ts=%llums d=%llums.\n", self->base.type, zrtp_time_now(), zrtp_time_now()-start_ts));
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_dh_compute( zrtp_pk_scheme_t *self,
- zrtp_dh_crypto_context_t *dh_cc,
- struct BigNum *dhresult,
- struct BigNum *pv)
-{
- struct BigNum* p = _zrtp_get_p(self);
- zrtp_time_t start_ts = zrtp_time_now();
- if (!p) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(1,(_ZTU_,"\tDH TEST: %.4s zrtp_dh_compute() START. now=%llums.\n", self->base.type, start_ts));
-
- bnExpMod(dhresult, pv, &dh_cc->sv, p);
- ZRTP_LOG(1,(_ZTU_,"\tDH TEST: zrtp_dh_compute() for %.4s was executed ts=%llums d=%llums.\n", self->base.type, zrtp_time_now(), zrtp_time_now()-start_ts));
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_dh_validate(zrtp_pk_scheme_t *self, struct BigNum *pv)
-{
- struct BigNum* p = _zrtp_get_p(self);
- if (!p) {
- return zrtp_status_bad_param;
- }
-
- if (!pv || 0 == bnCmp(pv, &self->base.zrtp->one) || 0 == bnCmp(pv, p)) {
- return zrtp_status_fail;
- } else {
- return zrtp_status_ok;
- }
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t zrtp_dh_self_test(zrtp_pk_scheme_t *self)
-{
- zrtp_status_t s = zrtp_status_ok;
- zrtp_dh_crypto_context_t alice_cc;
- zrtp_dh_crypto_context_t bob_cc;
- struct BigNum alice_k;
- struct BigNum bob_k;
- zrtp_time_t start_ts = zrtp_time_now();
-
- ZRTP_LOG(3, (_ZTU_, "PKS %.4s testing... ", self->base.type));
-
- bnBegin(&alice_k);
- bnBegin(&bob_k);
-
- do {
- /* Both sides initalise DH schemes and compute secret and public values. */
- s = self->initialize(self, &alice_cc);
- if (zrtp_status_ok != s) {
- break;
- }
- s = self->initialize(self, &bob_cc);
- if (zrtp_status_ok != s) {
- break;
- }
-
- /* Both sides validate public values. (to provide exact performance estimation) */
- s = self->validate(self, &bob_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
- s = self->validate(self, &alice_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- /* Compute secret keys and compare them. */
- s = self->compute(self, &alice_cc, &alice_k, &bob_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
- s= self->compute(self, &bob_cc, &bob_k, &alice_cc.pv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = (0 == bnCmp(&alice_k, &bob_k)) ? zrtp_status_ok : zrtp_status_algo_fail;
- } while (0);
-
- bnEnd(&alice_k);
- bnEnd(&bob_k);
-
- ZRTP_LOGC(3, ("%s (%llu ms)\n", zrtp_log_status2str(s), (zrtp_time_now()-start_ts)/2));
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-extern zrtp_status_t zrtp_defaults_ec_pkt(zrtp_global_t* zrtp);
-
-zrtp_status_t zrtp_defaults_pkt(zrtp_global_t* zrtp)
-{
- zrtp_pk_scheme_t* presh = zrtp_sys_alloc(sizeof(zrtp_pk_scheme_t));
- zrtp_pk_scheme_t* dh2048 = zrtp_sys_alloc(sizeof(zrtp_pk_scheme_t));
- zrtp_pk_scheme_t* dh3072 = zrtp_sys_alloc(sizeof(zrtp_pk_scheme_t));
- zrtp_pk_scheme_t* multi = zrtp_sys_alloc(sizeof(zrtp_pk_scheme_t));
-
- uint8_t P_2048_data[] =
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
- };
-
- uint8_t P_3072_data[] =
- {
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
- 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
- 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
- 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
- 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
- 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
- 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
- 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
- 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
- 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
- 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
- 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
- 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
- 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
- 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
- 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
- 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
- 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
- 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
- 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
- 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
- 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
- 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
- };
-
- if (!dh2048 || !dh3072 || !presh || !multi) {
- if (presh) {
- zrtp_sys_free(presh);
- }
- if (dh2048) {
- zrtp_sys_free(dh2048);
- }
- if (dh3072) {
- zrtp_sys_free(dh3072);
- }
- if (multi) {
- zrtp_sys_free(multi);
- }
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(dh3072, 0, sizeof(zrtp_pk_scheme_t));
- zrtp_memcpy(dh3072->base.type, ZRTP_DH3K, ZRTP_COMP_TYPE_SIZE);
- dh3072->base.id = ZRTP_PKTYPE_DH3072;
- dh3072->base.zrtp = zrtp;
- dh3072->sv_length = 256/8;
- dh3072->pv_length = 384;
- dh3072->base.init = zrtp_dh_init;
- dh3072->base.free = zrtp_dh_free;
- dh3072->initialize = zrtp_dh_initialize;
- dh3072->compute = zrtp_dh_compute;
- dh3072->validate = zrtp_dh_validate;
- dh3072->self_test = zrtp_dh_self_test;
- zrtp_memcpy(zrtp->P_3072_data, P_3072_data, sizeof(P_3072_data));
- zrtp_comp_register(ZRTP_CC_PKT, dh3072, zrtp);
-
- zrtp_memset(dh2048, 0, sizeof(zrtp_pk_scheme_t));
- zrtp_memcpy(dh2048->base.type, ZRTP_DH2K, ZRTP_COMP_TYPE_SIZE);
- dh2048->base.id = ZRTP_PKTYPE_DH2048;
- dh2048->base.zrtp = zrtp;
- dh2048->sv_length = 256/8;
- dh2048->pv_length = 256;
- dh2048->base.init = zrtp_dh_init;
- dh2048->base.free = zrtp_dh_free;
- dh2048->initialize = zrtp_dh_initialize;
- dh2048->compute = zrtp_dh_compute;
- dh2048->validate = zrtp_dh_validate;
- dh2048->self_test = zrtp_dh_self_test;
- zrtp_memcpy(zrtp->P_2048_data, P_2048_data, sizeof(P_2048_data));
- zrtp_comp_register(ZRTP_CC_PKT, dh2048, zrtp);
-
- zrtp_memset(multi, 0, sizeof(zrtp_pk_scheme_t));
- zrtp_memcpy(multi->base.type, ZRTP_MULT, ZRTP_COMP_TYPE_SIZE);
- multi->base.id = ZRTP_PKTYPE_MULT;
- zrtp_comp_register(ZRTP_CC_PKT, multi, zrtp);
-
- zrtp_memset(presh, 0, sizeof(zrtp_pk_scheme_t));
- zrtp_memcpy(presh->base.type, ZRTP_PRESHARED, ZRTP_COMP_TYPE_SIZE);
- presh->base.id = ZRTP_PKTYPE_PRESH;
- zrtp_comp_register(ZRTP_CC_PKT, presh, zrtp);
-
- return zrtp_defaults_ec_pkt(zrtp);
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_prepare_pkt(zrtp_global_t* zrtp)
-{
- bnInit();
- bnBegin(&zrtp->one);
- bnSetQ(&zrtp->one, 1);
- bnBegin(&zrtp->G);
- bnSetQ(&zrtp->G, 2);
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_done_pkt(zrtp_global_t* zrtp)
-{
- bnEnd(&zrtp->one);
- bnEnd(&zrtp->G);
-
- return zrtp_status_ok;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-/* These 3-syllable words are no longer than 11 characters. */
-extern uint8_t hash_word_list_odd[256][12];
-
-/* These 2-syllable words are no longer than 9 characters. */
-extern uint8_t hash_word_list_even[256][10];
-
-/*----------------------------------------------------------------------------*/
-/*
- * copyright 2002, 2003 Bryce "Zooko" Wilcox-O'Hearn
- * mailto:zooko@zooko.com
- *
- * See the end of this file for the free software, open source license (BSD-style).
- */
-
-/**
- * Copyright (c) 2002 Bryce "Zooko" Wilcox-O'Hearn
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software to deal in this software without restriction, including
- * without limitation the rights to use, copy, modify, merge, publish,
- * distribute, sublicense, and/or sell copies of this software, and to permit
- * persons to whom this software is furnished to do so, subject to the following
- * conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of this software.
- *
- * THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THIS SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THIS SOFTWARE.
- */
-
-zrtp_status_t b2a(zrtp_stringn_t *os, zrtp_stringn_t *result)
-{
- static const char chars[]="ybndrfg8ejkmcpqxot1uwisza345h769";
-
- if (!os || !result) {
- return zrtp_status_bad_param;
- } else {
- /* pointer into the os buffer, initially pointing to the "one-past-the-end" octet */
- const uint8_t* osp = (uint8_t*)os->buffer + os->length;
- /* pointer into the result buffer, initially pointing to the "one-past-the-end" quintet */
- uint8_t* resp;
- /* to hold up to 32 bits worth of the input */
- uint32_t x = 0;
-
- result->length = os->length*8;
- result->length = (result->length % 5) ? ((result->length/5) + 1) : result->length/5;
-
- /* pointer into the result buffer, initially pointing to the "one-past-the-end" quintet */
- resp = (uint8_t*)result->buffer + result->length;
-
- /* Now this is a real live Duff's device. You gotta love it. */
- switch ((osp - (uint8_t*)os->buffer) % 5) {
- case 0:
- do {
- x = *--osp;
- *--resp = chars[x % 32]; /* The least sig 5 bits go into the final quintet. */
- x /= 32; /* ... now we have 3 bits worth in x... */
- case 4:
- x |= ((uint32_t)(*--osp)) << 3; /* ... now we have 11 bits worth in x... */
- *--resp = chars[x % 32];
- x /= 32; /* ... now we have 6 bits worth in x... */
- *--resp = chars[x % 32];
- x /= 32; /* ... now we have 1 bits worth in x... */
- case 3:
- /* The 8 bits from the 2-indexed octet. So now we have 9 bits worth in x... */
- x |= ((uint32_t)(*--osp)) << 1;
- *--resp = chars[x % 32];
- x /= 32; /* ... now we have 4 bits worth in x... */
- case 2:
- /* The 8 bits from the 1-indexed octet. So now we have 12 bits worth in x... */
- x |= ((uint32_t)(*--osp)) << 4;
- *--resp = chars[x%32];
- x /= 32; /* ... now we have 7 bits worth in x... */
- *--resp = chars[x%32];
- x /= 32; /* ... now we have 2 bits worth in x... */
- case 1:
- /* The 8 bits from the 0-indexed octet. So now we have 10 bits worth in x... */
- x |= ((uint32_t)(*--osp)) << 2;
- *--resp = chars[x%32];
- x /= 32; /* ... now we have 5 bits worth in x... */
- *--resp = chars[x];
- } while (osp > (const uint8_t *)os->buffer);
- } /* switch ((osp - os.buf) % 5) */
-
- return zrtp_status_ok;
- }
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t SAS32_compute( zrtp_sas_scheme_t *self,
- zrtp_stream_t *stream,
- zrtp_hash_t *hash,
- uint8_t is_transferred )
-{
- zrtp_session_t *session = stream->session;
- static const zrtp_string16_t sas_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_SAS_STR);
-
- zrtp_string64_t sas_digest = ZSTR_INIT_EMPTY(sas_digest);
- zrtp_string8_t vad = ZSTR_INIT_EMPTY(vad);
-
- ZSTR_SET_EMPTY(session->sas1);
- ZSTR_SET_EMPTY(session->sas2);
-
- if (!is_transferred && !stream->protocol) {
- return zrtp_status_bad_param;
- }
-
- /*
- * Generate SAS source as:
- * sashash = KDF(ZRTPSess, "SAS", (ZIDi | ZIDr), 256)
- */
- if (!is_transferred) {
- _zrtp_kdf( stream,
- ZSTR_GV(stream->protocol->cc->s0),
- ZSTR_GV(sas_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- ZRTP_HASH_SIZE,
- ZSTR_GV(sas_digest));
-
-
- /* Binary sas value is the leftmost ZRTP_SAS_DIGEST_LENGTH bytes */
- zrtp_zstrncpy(ZSTR_GV(session->sasbin), ZSTR_GV(sas_digest), ZRTP_SAS_DIGEST_LENGTH);
- } else {
- zrtp_zstrcpy(ZSTR_GV(sas_digest), ZSTR_GV(session->sasbin));
- }
-
- /* Take the leftmost 20 bits from sas source and render bas32 value */
- sas_digest.length = 3;
- sas_digest.buffer[2] &= 0xF0;
- if (zrtp_status_ok == b2a(ZSTR_GV(sas_digest), ZSTR_GV(vad)) && vad.length >= 4) {
- zrtp_zstrncpy(ZSTR_GV(session->sas1), ZSTR_GV(vad), 4);
- return zrtp_status_ok;
- }
-
- return zrtp_status_fail;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t SAS256_compute( zrtp_sas_scheme_t *self,
- zrtp_stream_t *stream,
- zrtp_hash_t *hash,
- uint8_t is_transferred )
-{
- zrtp_session_t *session = stream->session;
- ZSTR_SET_EMPTY(session->sas1);
- ZSTR_SET_EMPTY(session->sas2);
-
- if (!is_transferred && !stream->protocol) {
- return zrtp_status_bad_param;
- }
-
- /*
- * Generate SAS source as:
- * sashash = KDF(ZRTPSess, "SAS", (ZIDi | ZIDr), 256)
- */
- if (!is_transferred)
- {
- static const zrtp_string16_t sas_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_SAS_STR);
- zrtp_string64_t sas_digest = ZSTR_INIT_EMPTY(sas_digest);
-
- _zrtp_kdf( stream,
- ZSTR_GV(stream->protocol->cc->s0),
- ZSTR_GV(sas_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- ZRTP_HASH_SIZE,
- ZSTR_GV(sas_digest));
-
- /* Binary sas value is last ZRTP_SAS_DIGEST_LENGTH bytes */
- zrtp_zstrncpy(ZSTR_GV(session->sasbin), ZSTR_GV(sas_digest), ZRTP_SAS_DIGEST_LENGTH);
- }
-
- zrtp_zstrcpyc(ZSTR_GV(session->sas1), (const char *)hash_word_list_even[(uint8_t)session->sasbin.buffer[0]]);
- zrtp_zstrcpyc(ZSTR_GV(session->sas2), (const char *)hash_word_list_odd[(uint8_t)session->sasbin.buffer[1]]);
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_defaults_sas(zrtp_global_t* zrtp)
-{
- zrtp_sas_scheme_t* base32 = zrtp_sys_alloc(sizeof(zrtp_sas_scheme_t));
- zrtp_sas_scheme_t* base256 = zrtp_sys_alloc(sizeof(zrtp_sas_scheme_t));
-
- if (!base32 || !base256) {
- if (base32) {
- zrtp_sys_free(base32);
- }
- if (base256) {
- zrtp_sys_free(base256);
- }
- return zrtp_status_alloc_fail;
- }
-
- zrtp_memset(base32, 0, sizeof(zrtp_sas_scheme_t));
- zrtp_memcpy(base32->base.type, ZRTP_B32, ZRTP_COMP_TYPE_SIZE);
- base32->base.id = ZRTP_SAS_BASE32;
- base32->base.zrtp = zrtp;
- base32->compute = SAS32_compute;
-
- zrtp_memset(base256, 0, sizeof(zrtp_sas_scheme_t));
- zrtp_memcpy(base256->base.type, ZRTP_B256, ZRTP_COMP_TYPE_SIZE);
- base256->base.id = ZRTP_SAS_BASE256;
- base256->base.zrtp = zrtp;
- base256->compute = SAS256_compute;
-
- zrtp_comp_register(ZRTP_CC_SAS, base32, zrtp);
- zrtp_comp_register(ZRTP_CC_SAS, base256, zrtp);
-
- return zrtp_status_ok;
-}
-
-
-uint8_t hash_word_list_odd[256][12] = {
- "adroitness",
- "adviser",
- "aftermath",
- "aggregate",
- "alkali",
- "almighty",
- "amulet",
- "amusement",
- "antenna",
- "applicant",
- "Apollo",
- "armistice",
- "article",
- "asteroid",
- "Atlantic",
- "atmosphere",
- "autopsy",
- "Babylon",
- "backwater",
- "barbecue",
- "belowground",
- "bifocals",
- "bodyguard",
- "bookseller",
- "borderline",
- "bottomless",
- "Bradbury",
- "bravado",
- "Brazilian",
- "breakaway",
- "Burlington",
- "businessman",
- "butterfat",
- "Camelot",
- "candidate",
- "cannonball",
- "Capricorn",
- "caravan",
- "caretaker",
- "celebrate",
- "cellulose",
- "certify",
- "chambermaid",
- "Cherokee",
- "Chicago",
- "clergyman",
- "coherence",
- "combustion",
- "commando",
- "company",
- "component",
- "concurrent",
- "confidence",
- "conformist",
- "congregate",
- "consensus",
- "consulting",
- "corporate",
- "corrosion",
- "councilman",
- "crossover",
- "crucifix",
- "cumbersome",
- "customer",
- "Dakota",
- "decadence",
- "December",
- "decimal",
- "designing",
- "detector",
- "detergent",
- "determine",
- "dictator",
- "dinosaur",
- "direction",
- "disable",
- "disbelief",
- "disruptive",
- "distortion",
- "document",
- "embezzle",
- "enchanting",
- "enrollment",
- "enterprise",
- "equation",
- "equipment",
- "escapade",
- "Eskimo",
- "everyday",
- "examine",
- "existence",
- "exodus",
- "fascinate",
- "filament",
- "finicky",
- "forever",
- "fortitude",
- "frequency",
- "gadgetry",
- "Galveston",
- "getaway",
- "glossary",
- "gossamer",
- "graduate",
- "gravity",
- "guitarist",
- "hamburger",
- "Hamilton",
- "handiwork",
- "hazardous",
- "headwaters",
- "hemisphere",
- "hesitate",
- "hideaway",
- "holiness",
- "hurricane",
- "hydraulic",
- "impartial",
- "impetus",
- "inception",
- "indigo",
- "inertia",
- "infancy",
- "inferno",
- "informant",
- "insincere",
- "insurgent",
- "integrate",
- "intention",
- "inventive",
- "Istanbul",
- "Jamaica",
- "Jupiter",
- "leprosy",
- "letterhead",
- "liberty",
- "maritime",
- "matchmaker",
- "maverick",
- "Medusa",
- "megaton",
- "microscope",
- "microwave",
- "midsummer",
- "millionaire",
- "miracle",
- "misnomer",
- "molasses",
- "molecule",
- "Montana",
- "monument",
- "mosquito",
- "narrative",
- "nebula",
- "newsletter",
- "Norwegian",
- "October",
- "Ohio",
- "onlooker",
- "opulent",
- "Orlando",
- "outfielder",
- "Pacific",
- "pandemic",
- "Pandora",
- "paperweight",
- "paragon",
- "paragraph",
- "paramount",
- "passenger",
- "pedigree",
- "Pegasus",
- "penetrate",
- "perceptive",
- "performance",
- "pharmacy",
- "phonetic",
- "photograph",
- "pioneer",
- "pocketful",
- "politeness",
- "positive",
- "potato",
- "processor",
- "provincial",
- "proximate",
- "puberty",
- "publisher",
- "pyramid",
- "quantity",
- "racketeer",
- "rebellion",
- "recipe",
- "recover",
- "repellent",
- "replica",
- "reproduce",
- "resistor",
- "responsive",
- "retraction",
- "retrieval",
- "retrospect",
- "revenue",
- "revival",
- "revolver",
- "sandalwood",
- "sardonic",
- "Saturday",
- "savagery",
- "scavenger",
- "sensation",
- "sociable",
- "souvenir",
- "specialist",
- "speculate",
- "stethoscope",
- "stupendous",
- "supportive",
- "surrender",
- "suspicious",
- "sympathy",
- "tambourine",
- "telephone",
- "therapist",
- "tobacco",
- "tolerance",
- "tomorrow",
- "torpedo",
- "tradition",
- "travesty",
- "trombonist",
- "truncated",
- "typewriter",
- "ultimate",
- "undaunted",
- "underfoot",
- "unicorn",
- "unify",
- "universe",
- "unravel",
- "upcoming",
- "vacancy",
- "vagabond",
- "vertigo",
- "Virginia",
- "visitor",
- "vocalist",
- "voyager",
- "warranty",
- "Waterloo",
- "whimsical",
- "Wichita",
- "Wilmington",
- "Wyoming",
- "yesteryear",
- "Yucatan"
- };
-
-uint8_t hash_word_list_even[256][10] = {
- "aardvark",
- "absurd",
- "accrue",
- "acme",
- "adrift",
- "adult",
- "afflict",
- "ahead",
- "aimless",
- "Algol",
- "allow",
- "alone",
- "ammo",
- "ancient",
- "apple",
- "artist",
- "assume",
- "Athens",
- "atlas",
- "Aztec",
- "baboon",
- "backfield",
- "backward",
- "banjo",
- "beaming",
- "bedlamp",
- "beehive",
- "beeswax",
- "befriend",
- "Belfast",
- "berserk",
- "billiard",
- "bison",
- "blackjack",
- "blockade",
- "blowtorch",
- "bluebird",
- "bombast",
- "bookshelf",
- "brackish",
- "breadline",
- "breakup",
- "brickyard",
- "briefcase",
- "Burbank",
- "button",
- "buzzard",
- "cement",
- "chairlift",
- "chatter",
- "checkup",
- "chisel",
- "choking",
- "chopper",
- "Christmas",
- "clamshell",
- "classic",
- "classroom",
- "cleanup",
- "clockwork",
- "cobra",
- "commence",
- "concert",
- "cowbell",
- "crackdown",
- "cranky",
- "crowfoot",
- "crucial",
- "crumpled",
- "crusade",
- "cubic",
- "dashboard",
- "deadbolt",
- "deckhand",
- "dogsled",
- "dragnet",
- "drainage",
- "dreadful",
- "drifter",
- "dropper",
- "drumbeat",
- "drunken",
- "Dupont",
- "dwelling",
- "eating",
- "edict",
- "egghead",
- "eightball",
- "endorse",
- "endow",
- "enlist",
- "erase",
- "escape",
- "exceed",
- "eyeglass",
- "eyetooth",
- "facial",
- "fallout",
- "flagpole",
- "flatfoot",
- "flytrap",
- "fracture",
- "framework",
- "freedom",
- "frighten",
- "gazelle",
- "Geiger",
- "glitter",
- "glucose",
- "goggles",
- "goldfish",
- "gremlin",
- "guidance",
- "hamlet",
- "highchair",
- "hockey",
- "indoors",
- "indulge",
- "inverse",
- "involve",
- "island",
- "jawbone",
- "keyboard",
- "kickoff",
- "kiwi",
- "klaxon",
- "locale",
- "lockup",
- "merit",
- "minnow",
- "miser",
- "Mohawk",
- "mural",
- "music",
- "necklace",
- "Neptune",
- "newborn",
- "nightbird",
- "Oakland",
- "obtuse",
- "offload",
- "optic",
- "orca",
- "payday",
- "peachy",
- "pheasant",
- "physique",
- "playhouse",
- "Pluto",
- "preclude",
- "prefer",
- "preshrunk",
- "printer",
- "prowler",
- "pupil",
- "puppy",
- "python",
- "quadrant",
- "quiver",
- "quota",
- "ragtime",
- "ratchet",
- "rebirth",
- "reform",
- "regain",
- "reindeer",
- "rematch",
- "repay",
- "retouch",
- "revenge",
- "reward",
- "rhythm",
- "ribcage",
- "ringbolt",
- "robust",
- "rocker",
- "ruffled",
- "sailboat",
- "sawdust",
- "scallion",
- "scenic",
- "scorecard",
- "Scotland",
- "seabird",
- "select",
- "sentence",
- "shadow",
- "shamrock",
- "showgirl",
- "skullcap",
- "skydive",
- "slingshot",
- "slowdown",
- "snapline",
- "snapshot",
- "snowcap",
- "snowslide",
- "solo",
- "southward",
- "soybean",
- "spaniel",
- "spearhead",
- "spellbind",
- "spheroid",
- "spigot",
- "spindle",
- "spyglass",
- "stagehand",
- "stagnate",
- "stairway",
- "standard",
- "stapler",
- "steamship",
- "sterling",
- "stockman",
- "stopwatch",
- "stormy",
- "sugar",
- "surmount",
- "suspense",
- "sweatband",
- "swelter",
- "tactics",
- "talon",
- "tapeworm",
- "tempest",
- "tiger",
- "tissue",
- "tonic",
- "topmost",
- "tracker",
- "transit",
- "trauma",
- "treadmill",
- "Trojan",
- "trouble",
- "tumor",
- "tunnel",
- "tycoon",
- "uncut",
- "unearth",
- "unwind",
- "uproot",
- "upset",
- "upshot",
- "vapor",
- "village",
- "virus",
- "Vulcan",
- "waffle",
- "wallet",
- "watchword",
- "wayside",
- "willow",
- "woodlark",
- "Zulu"
- };
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-/*---------------------------------------------------------------------------*/
-void zrtp_bitmap_right_shift(uint8_t *x, int width_bytes, int index)
-{
- const int base_index = index >> 3;
- const int bit_index = index & 7;
- int i, from;
- uint8_t b;
-
- if (index > width_bytes*8) {
- for(i=0; i < width_bytes; i++) {
- x[i] = 0;
- }
- return;
- }
-
- if (bit_index == 0) {
- /* copy each word from left side to right side */
- x[width_bytes-1] = x[width_bytes-1-base_index];
- for (i=width_bytes-1; i > base_index; i--) {
- x[i-1] = x[i-1-base_index];
- }
- } else {
- /* set each word to the OR of the two bit-shifted words */
- for (i = width_bytes; i > base_index; i--) {
- from = i-1 - base_index;
- b = x[from] << bit_index;
- if (from > 0) {
- b |= x[from-1] >> (8-bit_index);
- }
- x[i-1] = b;
- }
- }
-
- /* now wrap up the final portion */
- for (i=0; i < base_index; i++) {
- x[i] = 0;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-void zrtp_bitmap_left_shift(uint8_t *x, int width_bytes, int index)
-{
- int i;
- const int base_index = index >> 3;
- const int bit_index = index & 7;
-
- if (index > width_bytes*8) {
- for(i=0; i < width_bytes; i++) {
- x[i] = 0;
- }
- return;
- }
-
- if (0 == bit_index) {
- for (i=0; i < width_bytes - base_index; i++) {
- x[i] = x[i+base_index];
- }
- } else {
- for (i=0; i < width_bytes - base_index - 1; i++) {
- x[i] = (x[i+base_index] >> bit_index) ^ (x[i+base_index+1] << (8 - bit_index));
- }
-
- x[width_bytes - base_index-1] = x[width_bytes-1] >> bit_index;
- }
-
- /* now wrap up the final portion */
- for (i = width_bytes - base_index; i < width_bytes; i++) {
- x[i] = 0;
- }
-}
-
-void zrtp_v128_xor(zrtp_v128_t *z, zrtp_v128_t *x, zrtp_v128_t *y)
-{
- _zrtp_v128_xor(z, x, y);
-}
-
-/*---------------------------------------------------------------------------*/
-uint16_t zrtp_swap16(uint16_t x) {
- return (x >> 8 | x << 8);
-}
-
-uint32_t zrtp_swap32(uint32_t x)
-{
- uint32_t res = (x >> 8 & 0x0000ff00) | (x << 8 & 0x00ff0000);
- res |= (x >> 24 ) | (x << 24);
- return res;
-}
-
-#ifdef ZRTP_NO_64BIT_MATH
-uint64_t zrtp_swap64(uint64_t x)
-{
- uint8_t *p = &x;
- uint8_t tmp;
- int i;
-
- for(i=0; i<4; i++) {
- tmp = p[i];
- p[i] = p[7-i];
- p[7-i] = tmp;
- }
- return x;
-}
-#else
-uint64_t zrtp_swap64(uint64_t x)
-{
- uint64_t res;
- res = (x >> 8 & 0x00000000ff000000ll) | (x << 8 & 0x000000ff00000000ll);
- res |= (x >> 24 & 0x0000000000ff0000ll) | (x << 24 & 0x0000ff0000000000ll);
- res |= (x >> 40 & 0x000000000000ff00ll) | (x << 40 & 0x00ff000000000000ll);
- res |= (x >> 56 & 0x00000000000000ffll) | (x << 56 & 0xff00000000000000ll);
- return res;
-}
-#endif /* ZRTP_NO_64BIT_MATH */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp engine"
-
-/*!
- * Data type for state-handlers: every state has a state handler
- * function which is called by zrtp_process_srtp().
- */
-typedef zrtp_status_t state_handler_t( zrtp_stream_t* stream, zrtp_rtp_info_t* packet );
-extern state_handler_t* state_handler[ZRTP_STATE_COUNT];
-
-extern zrtp_status_t _zrtp_machine_process_sasrelay(zrtp_stream_t *stream, zrtp_rtp_info_t *packet);
-
-static void _zrtp_machine_switch_to_error(zrtp_stream_t* stream);
-static zrtp_status_t _zrtp_machine_enter_initiatingclear(zrtp_stream_t* stream);
-static zrtp_status_t _zrtp_machine_enter_clear(zrtp_stream_t* stream);
-static zrtp_status_t _zrtp_machine_enter_pendingerror(zrtp_stream_t *stream, zrtp_protocol_error_t code);
-
-zrtp_status_t _zrtp_machine_process_hello(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-zrtp_status_t _zrtp_machine_process_goclear(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-
-static void _send_helloack(zrtp_stream_t* stream);
-static void _send_goclearack(zrtp_stream_t* stream);
-
-zrtp_status_t _zrtp_machine_start_send_and_resend_hello(zrtp_stream_t* stream);
-static zrtp_status_t _zrtp_machine_start_send_and_resend_goclear(zrtp_stream_t* stream);
-static zrtp_status_t _zrtp_machine_start_send_and_resend_errorack(zrtp_stream_t* stream);
-static zrtp_status_t _zrtp_machine_start_send_and_resend_error(zrtp_stream_t* stream);
-
-void _clear_stream_crypto(zrtp_stream_t* stream);
-
-
-/*===========================================================================*/
-// MARK: ===> Main ZRTP interfaces
-/*===========================================================================*/
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_process_rtcp(zrtp_stream_t *stream, char* packet, unsigned int* length)
-{
-
- /*
- * In transition states, drop outgoing packets. In SECURE state, encrypt
- outgoing packets. In all other states leave them unchanged.
- */
-
- if (stream) {
- switch (stream->state)
- {
- case ZRTP_STATE_START_INITIATINGSECURE:
- case ZRTP_STATE_INITIATINGSECURE:
- case ZRTP_STATE_WAIT_CONFIRM1:
- case ZRTP_STATE_WAIT_CONFIRMACK:
- case ZRTP_STATE_PENDINGSECURE:
- case ZRTP_STATE_WAIT_CONFIRM2:
- case ZRTP_STATE_PENDINGCLEAR:
- return zrtp_status_drop;
-
- case ZRTP_STATE_SASRELAYING:
- case ZRTP_STATE_SECURE:
- {
- zrtp_rtp_info_t info;
-
- if (*length < RTCP_HDR_SIZE) {
- return zrtp_status_fail;
- }
-
- zrtp_memset(&info, 0, sizeof(info));
- info.packet = packet;
- info.length = length;
- info.seq = 0; /*sequence number will be generated in zrtp_srtp_protect_rtcp()*/
- info.ssrc = (uint32_t) *(packet+sizeof(uint32_t));
-
- return _zrtp_protocol_encrypt(stream->protocol, &info, 0);
- }
-
- default:
- return zrtp_status_ok;
- }
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_process_srtcp(zrtp_stream_t *stream, char* packet, unsigned int* length)
-{
-
- /*
- * In transition states, drop incoming packets. In SECURE state, decrypt
- * incoming packets. In all other states leave them unchanged.
- */
-
- if (stream) {
- switch (stream->state)
- {
- case ZRTP_STATE_INITIATINGCLEAR:
- case ZRTP_STATE_PENDINGCLEAR:
- case ZRTP_STATE_INITIATINGSECURE:
- case ZRTP_STATE_PENDINGSECURE:
- return zrtp_status_drop;
-
- case ZRTP_STATE_SECURE:
- case ZRTP_STATE_SASRELAYING:
- {
- zrtp_rtp_info_t info;
-
- if (*length < RTCP_HDR_SIZE) {
- return zrtp_status_fail;
- }
-
- zrtp_memset(&info, 0, sizeof(info));
- info.packet = packet;
- info.length = length;
- info.seq = 0; /*sequence number will be determined from packet in zrtp_srtp_unprotect_rtcp()*/
- info.ssrc = (uint32_t) *(packet+sizeof(uint32_t));
-
- return _zrtp_protocol_decrypt(stream->protocol, &info, 0);
- }
-
- default:
- return zrtp_status_ok;
- }
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_process_rtp(zrtp_stream_t *stream, char* packet, unsigned int* length)
-{
- zrtp_rtp_info_t info;
-
- if (!stream || !packet || !length) {
- return zrtp_status_bad_param;
- }
-
- /* Skip packet processing within uninitiated stream */
- if ((stream->state < ZRTP_STATE_START) || (stream->state > ZRTP_STATE_NO_ZRTP)) {
- return zrtp_status_ok;
- }
-
- /* Prepare RTP packet: detect type and other options */
- if (zrtp_status_ok != _zrtp_packet_preparse(stream, packet, length, &info, 0)) {
- return zrtp_status_fail;
- }
-
- /* Drop packets in transition states and encrypt in SECURE state */
- switch (stream->state)
- {
- case ZRTP_STATE_START_INITIATINGSECURE:
- case ZRTP_STATE_INITIATINGSECURE:
- case ZRTP_STATE_WAIT_CONFIRM1:
- case ZRTP_STATE_WAIT_CONFIRMACK:
- case ZRTP_STATE_PENDINGSECURE:
- case ZRTP_STATE_WAIT_CONFIRM2:
- case ZRTP_STATE_PENDINGCLEAR:
- if (ZRTP_NONE == info.type) {
- /* Add dropped media to the entropy hash */
- ZRTP_LOG(1,(_ZTU_,"Add %d bytes of entropy to the RNG pool.\n", *length));
- zrtp_entropy_add(stream->zrtp, (unsigned char*)packet, *length);
-
- return zrtp_status_drop;
- }
- break;
-
- case ZRTP_STATE_SASRELAYING:
- case ZRTP_STATE_SECURE:
- if (ZRTP_NONE == info.type) {
- return _zrtp_protocol_encrypt(stream->protocol, &info, 1);
- }
- break;
-
- default:
- break;
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-extern int _send_message(zrtp_stream_t* stream, zrtp_msg_type_t type, const void* message, uint32_t ssrc);
-zrtp_status_t zrtp_process_srtp(zrtp_stream_t *stream, char* packet, unsigned int* length)
-{
- zrtp_rtp_info_t info;
- zrtp_status_t s = zrtp_status_ok;
-
- if (!stream || !packet || !length) {
- return zrtp_status_bad_param;
- }
-
- if (*length <= RTP_HDR_SIZE) {
- return zrtp_status_bad_param;
- }
-
- /* Preparse RTP packet: detect type and other options */
- s = _zrtp_packet_preparse(stream, packet, length, &info, 1);
- if (zrtp_status_ok != s) {
- return s;
- }
-
- /*************************************************************************/
- /* For Zfone3 Compatibility */
- if (ZRTP_ZFONEPING == info.type) {
- zrtp_packet_zfoneping_t* ping = (zrtp_packet_zfoneping_t*) info.message;
- zrtp_packet_zfonepingack_t pingack;
-
- zrtp_memcpy(pingack.version, ZRTP_ZFONE_PROTOCOL_VERSION, 4);
- zrtp_memcpy(pingack.endpointhash, stream->session->zid.buffer, sizeof(pingack.endpointhash));
- zrtp_memcpy(pingack.peerendpointhash, ping->endpointhash, sizeof(pingack.endpointhash));
- pingack.peerssrc = info.ssrc;
-
- _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_ZFONEPINGACK,
- sizeof(zrtp_packet_zfonepingack_t) - sizeof(zrtp_msg_hdr_t),
- &pingack.hdr);
-
- _zrtp_packet_send_message(stream, ZRTP_ZFONEPINGACK, &pingack);
- return zrtp_status_drop;
- }
- /*************************************************************************/
-
- /* Skip packet processing within non-started stream */
- if ((stream->state < ZRTP_STATE_START) || (stream->state > ZRTP_STATE_NO_ZRTP)) {
- return (ZRTP_NONE == info.type) ? zrtp_status_ok : zrtp_status_drop;
- }
-
- /*
- * This mutex should protect stream data against asynchr. calls e.g.:
- * zrtp_stream_secure(), zrtp_stream_clear() etc. Media packet handlers
- * don't change any internal data, so this applies only to ZRTP messages.
- */
- if (info.type != ZRTP_NONE) {
- zrtp_mutex_lock(stream->stream_protector);
- }
-
- /* Extra protection. We need protocol to handle ZRTP messages in following states. */
- switch (stream->state)
- {
- case ZRTP_STATE_INITIATINGSECURE:
- case ZRTP_STATE_WAIT_CONFIRM1:
- case ZRTP_STATE_WAIT_CONFIRMACK:
- case ZRTP_STATE_PENDINGSECURE:
- case ZRTP_STATE_WAIT_CONFIRM2:
- case ZRTP_STATE_SECURE:
- case ZRTP_STATE_SASRELAYING:
- if (!stream->protocol) {
- if (info.type != ZRTP_NONE) {
- zrtp_mutex_unlock(stream->stream_protector);
- }
- return zrtp_status_fail;
- }
- default:
- break;
- }
-
- /* Handle Error packet from any state */
- if (ZRTP_ERROR == info.type && stream->state > ZRTP_STATE_START)
- {
- switch (stream->state)
- {
- case ZRTP_STATE_NONE:
- case ZRTP_STATE_ACTIVE:
- case ZRTP_STATE_SECURE:
- case ZRTP_STATE_PENDINGERROR:
- case ZRTP_STATE_INITIATINGERROR:
- case ZRTP_STATE_NO_ZRTP:
- break;
- default:
- {
- zrtp_packet_Error_t* error = (zrtp_packet_Error_t*) info.message;
- _zrtp_machine_enter_pendingerror(stream, zrtp_ntoh32(error->code));
- } break;
- }
- }
-
- /* Process packet by state-machine according to packet type and current protocol state */
- if (state_handler[stream->state]) {
- s = state_handler[stream->state](stream, &info);
- }
-
- /* Unlock stream mutex for a ZRTP message packet. See comments above. */
- if (info.type != ZRTP_NONE) {
- s = zrtp_status_drop;
- zrtp_mutex_unlock(stream->stream_protector);
- }
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_stream_start(zrtp_stream_t* stream, uint32_t ssrc)
-{
- zrtp_status_t s = zrtp_status_ok;
- /*
- * (ZRTP stream starts from START state and HELLO packets resending.
- * Stream can be started from START, ERROR or NOZRTP states only.)
- */
- ZRTP_LOG(3,(_ZTU_,"START STREAM ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- if ( (ZRTP_STATE_ACTIVE != stream->state) &&
- (ZRTP_STATE_ERROR != stream->state) &&
- (ZRTP_STATE_NO_ZRTP != stream->state)) {
- ZRTP_LOG(1,(_ZTU_,"ERROR! Can't start Stream ID=%u from %s state.\n",
- stream->id, zrtp_log_state2str(stream->state)));
- s = zrtp_status_wrong_state;
- } else {
- stream->media_ctx.ssrc = zrtp_hton32(ssrc);
-
- _zrtp_change_state(stream, ZRTP_STATE_START);
- _zrtp_machine_start_send_and_resend_hello(stream);
- }
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_stream_stop(zrtp_stream_t* stream)
-{
- zrtp_status_t s = zrtp_status_ok;
- /*
- * Stop all packet replays, deinitialize crypto data and prepare the stream
- * for the next use. The stream can be terminated from any protocol state.
- */
- ZRTP_LOG(3,(_ZTU_,"STOP STREAM ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- /*
- * Unlink deleted stream for the peer MiTM stream if necessary. It may
- * prevent some recae-conditions as we always test for NULL before
- * accessing linked_mitm.
- */
- if (stream->linked_mitm) {
- stream->linked_mitm->linked_mitm = NULL;
- }
-
- if (stream->state != ZRTP_STATE_NONE) {
- /*
- * This function can be called in parallel to the main processing loop
- * - protect internal stream data.
- */
- zrtp_mutex_lock(stream->stream_protector);
-
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- if (stream->zrtp->cb.sched_cb.on_wait_call_later) {
- stream->zrtp->cb.sched_cb.on_wait_call_later(stream);
- }
-
- _clear_stream_crypto(stream);
-
- zrtp_mutex_unlock(stream->stream_protector);
- zrtp_mutex_destroy(stream->stream_protector);
-
- zrtp_memset(stream, 0, sizeof(zrtp_stream_t));
-
- stream->mode = ZRTP_STREAM_MODE_UNKN;
-
- _zrtp_change_state(stream, ZRTP_STATE_NONE);
- } else {
- s = zrtp_status_wrong_state;
- }
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_stream_clear(zrtp_stream_t *stream)
-{
- /*
- * This function can be called for two reasons: either our user is
- * initiating the go-clear ritual or we accepting that ritual as
- * initiated by the other end of the line. If our user initiates the
- * go-clear process libzrtp switches to INITIATING_CLEAR and runs
- * GoClear replays. The go-clear ritual can be started from SECURE state
- * only. If the other end of the line is initiating and this function is
- * being called to accept the go-clear procedure - protocol transites to
- * CLEAR state imediately. One can accept go-clear from PENDING CLEAR
- * state only. See state-macine diagram for more information.
- */
- zrtp_status_t s = zrtp_status_fail;
-
- /* This function can be called in parallel to the main processing loop - protect stream data. */
- zrtp_mutex_lock(stream->stream_protector);
-
- ZRTP_LOG(3,(_ZTU_,"CLEAR STREAM ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- switch (stream->state)
- {
- case ZRTP_STATE_SECURE:
- /* Clearing ritual can't be started if "allow clear" is disabled */
- if (stream->session->profile.allowclear) {
- s = _zrtp_machine_enter_initiatingclear(stream);
- }
- break;
- case ZRTP_STATE_PENDINGCLEAR:
- s = _zrtp_machine_enter_clear(stream);
- break;
- default:
- break;
- }
-
- zrtp_mutex_unlock(stream->stream_protector);
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-void _initiating_secure(zrtp_stream_t *stream, zrtp_retry_task_t* task)
-{
- /*
- * In accordance with the ZRTP standard, there can be multiple simultaneous
- * DH streams, as well as preshared streams.
- *
- * Before entering the INITIATING_SECURE state, we check several conditions.
- * For details see \doc\img\odg\zrtp_streams.odg and zrtp_statemach.odg)
- */
-
- /* The first call to this function is already protected by a mutex in zrtp_process_srtp() */
- uint8_t use_mutex = (task->_retrys > 0);
-
- if (!task->_is_enabled) {
- return;
- }
-
- if (use_mutex) {
- zrtp_mutex_lock(stream->stream_protector);
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tInitiating Secure iteration... ID=%u.\n", stream->id));
-
- /* Skip the last replay after switching to another state to avoid unwanted replays */
- if (stream->state <= ZRTP_STATE_START_INITIATINGSECURE)
- {
- stream->mode = _zrtp_define_stream_mode(stream);
- ZRTP_LOG(3,(_ZTU_,"\tGot mode=%s. Check approval of starting.\n", zrtp_log_mode2str(stream->mode)));
- if (!_zrtp_can_start_stream(stream, &stream->concurrent, stream->mode))
- {
- if (task->_retrys > ZRTP_PROCESS_T1_MAX_COUNT) {
- ZRTP_LOG(3,(_ZTU_,"\tInitiating Secure. Max retransmissions count reached"
- "for stream ID=%u.\n", stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_timeout, 0);
- } else {
- ZRTP_LOG(3,(_ZTU_,"\tInitiating Secure. stream ID=%u is DH but one more DH"
- " stream is in progress - waiting...\n", stream->id));
-
- task->_retrys++;
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
- }
- else
- {
- ZRTP_LOG(3,(_ZTU_,"\tMode=%s Cccepted. Starting ZRTP Initiator Protocol.\n", zrtp_log_mode2str(stream->mode)));
- _zrtp_cancel_send_packet_later(stream, ZRTP_PROCESS);
- _zrtp_machine_enter_initiatingsecure(stream);
- }
- }
-
- if (use_mutex) {
- zrtp_mutex_unlock(stream->stream_protector);
- }
-}
-
-zrtp_status_t _zrtp_machine_start_initiating_secure(zrtp_stream_t *stream)
-{
- /*
- * This function creates a task to do retries of the first packet in the
- * "Going secure" procedure, and then _initiating_secure() will start
- * protocol.
- */
- zrtp_retry_task_t* task = &stream->messages.dh_task;
- task->_is_enabled = 1;
- task->_retrys = 0;
- task->callback = _initiating_secure;
- task->timeout = ZRTP_PROCESS_T1;
-
- /*
- * Prevent race conditions on starting multiple streams.
- */
- zrtp_mutex_lock(stream->session->init_protector);
-
- _zrtp_change_state(stream, ZRTP_STATE_START_INITIATINGSECURE);
- _initiating_secure(stream, task);
-
- zrtp_mutex_unlock(stream->session->init_protector);
-
- return zrtp_status_ok;
-}
-
-
-zrtp_status_t zrtp_stream_secure(zrtp_stream_t *stream)
-{
- /*
- * Wrapper function for going into secure mode. It can be initiated in
- * parallel to the main processing loop. The internal stream data has to
- * be protected by mutex.
- */
-
- zrtp_status_t s = zrtp_status_fail;
-
- ZRTP_LOG(3,(_ZTU_,"SECURE STREAM ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- zrtp_mutex_lock(stream->stream_protector);
-
- /* Limit ZRTP Session initiation procedure according to the license */
- if ( (stream->state == ZRTP_STATE_CLEAR) && ZRTP_PASSIVE1_TEST(stream)) {
- s = _zrtp_machine_start_initiating_secure(stream);
- } else {
- ZRTP_LOG(1,(_ZTU_,"\tWARNING! Can't Start Stream from %s state and with %d license mode. ID=%u\n",
- zrtp_log_state2str(stream->state), stream->zrtp->lic_mode, stream->id));
-
- if (!ZRTP_PASSIVE1_TEST(stream)) {
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event ) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PASSIVE_RESTRICTION);
- }
- }
- }
-
- zrtp_mutex_unlock(stream->stream_protector);
-
- return s;
-}
-
-
-/*===========================================================================*/
-/* State handlers */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_start( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO:
- s = _zrtp_machine_process_hello(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! _zrtp_machine_process_hello() failed with status=%d. ID=%u\n", s, stream->id));
- break; /* Just stay in START state. */
- }
-
- /* Now we have ZIDs for both sides and can upload secrets from the cache */
- s = _zrtp_prepare_secrets(stream->session);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! _zrtp_prepare_secrets() failed with status=%d. ID=%u\n", s, stream->id));
- break; /* Just stay in START state. */
- }
-
- _send_helloack(stream);
- _zrtp_change_state(stream, ZRTP_STATE_WAIT_HELLOACK);
- break;
-
- case ZRTP_HELLOACK:
- _zrtp_cancel_send_packet_later(stream, ZRTP_HELLO);
- _zrtp_change_state(stream, ZRTP_STATE_WAIT_HELLO);
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_wait4hello( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO:
- s = _zrtp_machine_process_hello(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! _zrtp_machine_process_hello()2 failed with status=%d. ID=%u\n", s, stream->id));
- break; /* Just stay in the current state. */
- }
-
- /* Now we have ZIDs for both sides and can upload secrets from the cache */
- s = _zrtp_prepare_secrets(stream->session);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! _zrtp_prepare_secrets()2 failed with status=%d. ID=%u\n", s, stream->id));
- break; /* Just stay in the current state. */
- }
-
- /* Start initiating the secure state if "autosecure" is enabled */
- if ((stream->session->profile.autosecure) && ZRTP_PASSIVE1_TEST(stream)) {
- if (!stream->session->profile.discovery_optimization) {
- _send_helloack(stream); /* Response with HelloAck before start computing DH value */
- }
- s = _zrtp_machine_start_initiating_secure(stream);
- } else {
- _send_helloack(stream);
-
- if (!ZRTP_PASSIVE1_TEST(stream)) {
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PASSIVE_RESTRICTION);
- }
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Switching to Clear due to Active/Passive restrictions.\n"));
- }
-
- s = _zrtp_machine_enter_clear(stream);
- }
-
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_wait4helloack( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t status = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO:
- _send_helloack(stream);
- break;
-
- case ZRTP_COMMIT:
- {
- /* Passive Initiator can't talk to anyone */
- if (ZRTP_PASSIVE2_TEST(stream))
- {
- zrtp_statemachine_type_t role = _zrtp_machine_preparse_commit(stream, packet);
- if (ZRTP_STATEMACHINE_RESPONDER == role) {
- _zrtp_cancel_send_packet_later(stream, ZRTP_HELLO);
- status = _zrtp_machine_enter_pendingsecure(stream, packet);
- } else if (ZRTP_STATEMACHINE_INITIATOR == role) {
- _zrtp_cancel_send_packet_later(stream, ZRTP_HELLO);
- status = _zrtp_machine_start_initiating_secure(stream);
- } else {
- status = zrtp_status_fail;
- }
- } else {
- ZRTP_LOG(2,(_ZTU_,"\tERROR: The endpoint is in passive mode and Signaling Initiator -"
- " can't handle connections from anyone. ID=%u\n", stream->id));
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PASSIVE_RESTRICTION);
- }
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_service_unavail, 1);
- }
- } break;
-
- case ZRTP_HELLOACK:
- _zrtp_cancel_send_packet_later(stream, ZRTP_HELLO);
-
- /* Start initiating the secure state if "autosecure" is enabled */
- if ((stream->session->profile.autosecure) && ZRTP_PASSIVE1_TEST(stream)) {
- status = _zrtp_machine_start_initiating_secure(stream);
- } else {
- if (!ZRTP_PASSIVE1_TEST(stream)) {
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PASSIVE_RESTRICTION);
- }
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Switching to Clear due to Active/Passive restrictions.\n"));
- }
- status = _zrtp_machine_enter_clear(stream);
- }
-
- break;
-
- default:
- break;
- }
-
- return status;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_clear( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_GOCLEAR:
- _send_goclearack(stream);
- break;
-
- case ZRTP_HELLO:
- _send_helloack(stream);
- break;
-
- case ZRTP_COMMIT:
- {
- zrtp_statemachine_type_t role = _zrtp_machine_preparse_commit(stream, packet);
- if (ZRTP_STATEMACHINE_RESPONDER == role) {
- s = _zrtp_machine_enter_pendingsecure(stream, packet);
- } else if (ZRTP_STATEMACHINE_INITIATOR == role) {
- s = _zrtp_machine_start_initiating_secure(stream);
- } else {
- s = zrtp_status_fail;
- }
- } break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_initiatingclear( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_GOCLEARACK:
- case ZRTP_COMMIT:
- s = _zrtp_machine_enter_clear(stream);
- break;
-
- case ZRTP_NONE:
- s = zrtp_status_drop;
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_pendingclear( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_GOCLEAR:
- _send_goclearack(stream);
- break;
-
- case ZRTP_COMMIT:
- {
- zrtp_statemachine_type_t role = _zrtp_machine_preparse_commit(stream, packet);
- if (ZRTP_STATEMACHINE_RESPONDER == role) {
- s = _zrtp_machine_enter_pendingsecure(stream, packet);
- } else if (ZRTP_STATEMACHINE_INITIATOR == role) {
- s = _zrtp_machine_start_initiating_secure(stream);
- } else {
- s = zrtp_status_fail;
- }
- } break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_start_initiatingsecure( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO:
- _send_helloack(stream);
- break;
-
- case ZRTP_COMMIT:
- {
- zrtp_statemachine_type_t role = _zrtp_machine_preparse_commit(stream, packet);
- if (ZRTP_STATEMACHINE_RESPONDER == role) {
- _zrtp_cancel_send_packet_later(stream, ZRTP_PROCESS);
- s = _zrtp_machine_enter_pendingsecure(stream, packet);
- } else {
- s = zrtp_status_fail;
- }
- } break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_secure( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_CONFIRM2:
- _zrtp_packet_send_message(stream, ZRTP_CONFIRM2ACK, NULL);
- break;
-
- case ZRTP_SASRELAY:
- /*
- * _zrtp_machine_process_sasrelay() updates SAS, sends events and does
- * other things if SAS transferring is allowed
- */
- s = _zrtp_machine_process_sasrelay(stream, packet);
- if (zrtp_status_ok == s) {
- _zrtp_packet_send_message(stream, ZRTP_RELAYACK, NULL);
- }
- break;
-
- case ZRTP_GOCLEAR:
- s = _zrtp_machine_process_goclear(stream, packet);
- if (zrtp_status_ok == s) {
- s = _zrtp_machine_enter_pendingclear(stream);
- _send_goclearack(stream);
- }
- break;
-
- case ZRTP_NONE:
- s = _zrtp_protocol_decrypt(stream->protocol, packet, 1);
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_initiatingerror( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- switch (packet->type)
- {
- case ZRTP_ERROR:
- _zrtp_machine_enter_pendingerror(stream, ((zrtp_packet_Error_t*) packet->message)->code );
- break;
-
- case ZRTP_ERRORACK:
- _zrtp_machine_switch_to_error(stream);
- break;
-
- default:
- break;
- }
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_nozrtp( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO:
- s = _zrtp_machine_process_hello(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! _zrtp_machine_process_hello()3 failed with status=%d ID=%u.\n", s, stream->id));
- break;
- }
-
- _zrtp_change_state(stream, ZRTP_STATE_START);
- _zrtp_machine_start_send_and_resend_hello(stream);
- break;
-
- case ZRTP_COMMIT: /* this logic should be similar to Commit handler in ZRTP_STATE_WAIT_HELLOACK state */
- {
- /* Passive Initiator can't talk to anyone */
- if (ZRTP_PASSIVE2_TEST(stream))
- {
- zrtp_statemachine_type_t role = _zrtp_machine_preparse_commit(stream, packet);
- if (ZRTP_STATEMACHINE_RESPONDER == role) {
- s = _zrtp_machine_enter_pendingsecure(stream, packet);
- } else if (ZRTP_STATEMACHINE_INITIATOR == role) {
- s = _zrtp_machine_start_initiating_secure(stream);
- } else {
- s = zrtp_status_fail;
- }
- } else {
- ZRTP_LOG(2,(_ZTU_,"\tERROR: The endpoint is in passive mode and Signaling Initiator -"
- " can't handle connections from anyone. ID=%u\n", stream->id));
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event ) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PASSIVE_RESTRICTION);
- }
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_service_unavail, 1);
- }
- } break;
-
- default:
- break;
- }
-
- return s;
-}
-
-
-/* Initiator logic */
-extern zrtp_status_t _zrtp_machine_process_while_in_initiatingsecure(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-extern zrtp_status_t _zrtp_machine_process_while_in_waitconfirmack(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-extern zrtp_status_t _zrtp_machine_process_while_in_waitconfirm1(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-
-/* Responder logic */
-extern zrtp_status_t _zrtp_machine_process_while_in_pendingsecure(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-extern zrtp_status_t _zrtp_machine_process_while_in_waitconfirm2(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-
-/* PBX transferring logic */
-extern zrtp_status_t _zrtp_machine_process_while_in_sasrelaying(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-
-#if (defined(ZRTP_BUILD_FOR_CSD) && (ZRTP_BUILD_FOR_CSD == 1))
-/* Driven Discovery state-machine */
-extern zrtp_status_t _zrtp_machine_process_while_in_driven_initiator(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-extern zrtp_status_t _zrtp_machine_process_while_in_driven_responder(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-extern zrtp_status_t _zrtp_machine_process_while_in_driven_pending(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-#endif
-
-state_handler_t* state_handler[ZRTP_STATE_COUNT] =
-{
- NULL,
- NULL,
- _zrtp_machine_process_while_in_start,
- _zrtp_machine_process_while_in_wait4helloack,
- _zrtp_machine_process_while_in_wait4hello,
- _zrtp_machine_process_while_in_clear,
- _zrtp_machine_process_while_in_start_initiatingsecure,
- _zrtp_machine_process_while_in_initiatingsecure,
- _zrtp_machine_process_while_in_waitconfirm1,
- _zrtp_machine_process_while_in_waitconfirmack,
- _zrtp_machine_process_while_in_pendingsecure,
- _zrtp_machine_process_while_in_waitconfirm2,
- _zrtp_machine_process_while_in_secure,
- _zrtp_machine_process_while_in_sasrelaying,
- _zrtp_machine_process_while_in_initiatingclear,
- _zrtp_machine_process_while_in_pendingclear,
- _zrtp_machine_process_while_in_initiatingerror,
- NULL,
- NULL,
-#if (defined(ZRTP_BUILD_FOR_CSD) && (ZRTP_BUILD_FOR_CSD == 1))
- _zrtp_machine_process_while_in_driven_initiator,
- _zrtp_machine_process_while_in_driven_responder,
- _zrtp_machine_process_while_in_driven_pending,
-#endif
- _zrtp_machine_process_while_in_nozrtp
-};
-
-
-/*===========================================================================*/
-/* State switchers */
-/*===========================================================================*/
-
-static void _zrtp_machine_switch_to_error(zrtp_stream_t* stream)
-{
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- _clear_stream_crypto(stream);
-
- _zrtp_change_state(stream, ZRTP_STATE_ERROR);
-
- if (stream->zrtp->cb.event_cb.on_zrtp_security_event) {
- stream->zrtp->cb.event_cb.on_zrtp_security_event(stream, ZRTP_EVENT_PROTOCOL_ERROR);
- }
- if (stream->zrtp->cb.event_cb.on_zrtp_not_secure) {
- stream->zrtp->cb.event_cb.on_zrtp_not_secure(stream);
- }
- stream->last_error = 0;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_enter_pendingclear(zrtp_stream_t* stream)
-{
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- _zrtp_change_state(stream, ZRTP_STATE_PENDINGCLEAR);
-
- /*
- * We have to destroy the ZRTP Session Key because user may not press "clear
- * button", and the remote endpoint may subsequently initiate a new secure
- * session. Other secret values will be destroyed in Clear state or
- * rewritten with new.
- */
- {
- zrtp_string64_t new_zrtpsess = ZSTR_INIT_EMPTY(new_zrtpsess);
- // TODO: hash
- stream->session->hash->hash( stream->session->hash,
- ZSTR_GV(stream->session->zrtpsess),
- ZSTR_GV(new_zrtpsess));
- zrtp_zstrcpy(ZSTR_GV(stream->session->zrtpsess), ZSTR_GV(new_zrtpsess));
- }
-
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PENDINGCLEAR);
- }
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-static zrtp_status_t _zrtp_machine_enter_initiatingclear(zrtp_stream_t* stream)
-{
-
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- _zrtp_change_state(stream, ZRTP_STATE_INITIATINGCLEAR);
-
- {
- zrtp_string64_t new_zrtpsess = ZSTR_INIT_EMPTY(new_zrtpsess);
- // TODO: hash
- stream->session->hash->hash( stream->session->hash,
- ZSTR_GV(stream->session->zrtpsess),
- ZSTR_GV(new_zrtpsess));
- zrtp_zstrcpy(ZSTR_GV(stream->session->zrtpsess), ZSTR_GV(new_zrtpsess));
- }
-
- return _zrtp_machine_start_send_and_resend_goclear(stream);
-}
-
-/*---------------------------------------------------------------------------*/
-static zrtp_status_t _zrtp_machine_enter_clear(zrtp_stream_t* stream)
-{
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- _clear_stream_crypto(stream);
- _zrtp_change_state(stream, ZRTP_STATE_CLEAR);
-
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_CLEAR);
- }
-
- /*
- * Now, let's check if the transition to CLEAR was caused by Active/Passive rules.
- * If local endpoint is a MitM and peer MiTM linked stream is Unlimited, we
- * could break the rules and send commit to Passive endpoint.
- */
- if (stream->zrtp->is_mitm && stream->peer_passive) {
- if (stream->linked_mitm && stream->linked_mitm->peer_super_flag) {
- ZRTP_LOG(2,(_ZTU_,"INFO: Current stream ID=%u was switched to CLEAR-mode due to Active/Passive"
- " restrictions, but we are running in MiTM mode and peer linked stream is"
- " Super-active. Go Secure!\n", stream->id));
-
- /* @note: don't use zrtp_secure_stream() wrapper as it checks for Active/Passive stuff. */
- _zrtp_machine_start_initiating_secure(stream);
- }
- }
-
- return zrtp_status_ok;
-}
-
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_enter_initiatingerror( zrtp_stream_t *stream,
- zrtp_protocol_error_t code,
- uint8_t notif)
-{
- if ( (ZRTP_STATE_ERROR != stream->state) &&
- (ZRTP_STATE_INITIATINGERROR != stream->state) &&
- (ZRTP_STATE_PENDINGERROR != stream->state) )
- {
- stream->last_error = code;
-
- ZRTP_LOG(3,(_ZTU_,"\tEnter InitiatingError State with ERROR:<%s>, notification %s. ID=%u\n",
- zrtp_log_error2str(stream->last_error), (notif?"Enabled":"Disabled"), stream->id));
-
- /* If we can't deliver a ZRTP message, just switch to the ERROR state. */
- if (notif) {
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- _zrtp_change_state(stream, ZRTP_STATE_INITIATINGERROR);
- _zrtp_machine_start_send_and_resend_error(stream);
- } else {
- _zrtp_machine_switch_to_error(stream);
- }
- }
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t _zrtp_machine_enter_pendingerror(zrtp_stream_t *stream, zrtp_protocol_error_t code)
-{
- ZRTP_LOG(3,(_ZTU_,"\tEnter PendingError State with ERROR:<%s>. ID=%u\n",
- zrtp_log_error2str(stream->last_error), stream->id));
-
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- _zrtp_change_state(stream, ZRTP_STATE_PENDINGERROR);
-
- stream->last_error = code;
- _zrtp_machine_start_send_and_resend_errorack(stream);
- return zrtp_status_ok;
-}
-
-
-/*===========================================================================*/
-/* Packet handlers */
-/*===========================================================================*/
-
-zrtp_status_t _zrtp_machine_process_goclear(zrtp_stream_t* stream, zrtp_rtp_info_t* packet)
-{
- zrtp_packet_GoClear_t *goclear = (zrtp_packet_GoClear_t*) packet->message;
- zrtp_string128_t clear_hmac = ZSTR_INIT_EMPTY(clear_hmac);
- static const zrtp_string16_t clear_hmac_str = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_CLEAR_HMAC_STR);
-
- if (!stream->allowclear) {
- ZRTP_LOG(2, (_ZTU_,"\tWARNING! Allowclear is disabled but GoClear was received. ID=%u.\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_goclear_unsp, 1);
- return zrtp_status_fail;
- }
-
- stream->session->hash->hmac( stream->session->hash,
- ZSTR_GV(stream->cc.peer_hmackey),
- ZSTR_GV(clear_hmac_str),
- ZSTR_GV(clear_hmac));
- clear_hmac.length = ZRTP_HMAC_SIZE;
-
- if (0 != zrtp_memcmp(clear_hmac.buffer, goclear->clear_hmac, ZRTP_HMAC_SIZE)) {
- ZRTP_LOG(2, (_ZTU_,"\tWARNING! Wrong GoClear hmac. ID=%u.\n", stream->id));
- return zrtp_status_fail; /* EH: Just ignore malformed packets */
- }
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_hello(zrtp_stream_t* stream, zrtp_rtp_info_t* packet)
-{
- zrtp_session_t* session = stream->session;
- zrtp_packet_Hello_t* peer_hello = NULL;
- uint32_t comp_block_len = 0;
- uint8_t id = 0;
-
- /* Size of HELLO packet must be bigger then <RTP+static HELLO part>. */
- if (*(packet->length) < (ZRTP_MIN_PACKET_LENGTH + ZRTP_HELLO_STATIC_SIZE + ZRTP_HMAC_SIZE)) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Wrong HELLO static size=%d must be=%d. ID=%u\n", *packet->length,
- ZRTP_MIN_PACKET_LENGTH + ZRTP_HELLO_STATIC_SIZE + ZRTP_HMAC_SIZE, stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_invalid_packet, 1);
- return zrtp_status_fail;
- }
-
- peer_hello = (zrtp_packet_Hello_t*) packet->message;
-
- /* Now we can verify packet size according to size of its parts */
- comp_block_len = ( peer_hello->hc + peer_hello->cc +
- peer_hello->ac + peer_hello->kc +
- peer_hello->sc) * ZRTP_COMP_TYPE_SIZE;
-
- if (*packet->length < (ZRTP_MIN_PACKET_LENGTH + ZRTP_HELLO_STATIC_SIZE + comp_block_len + ZRTP_HMAC_SIZE))
- {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Wrong HELLO dynamic size=%d must be=%d. ID=%u\n", *packet->length,
- comp_block_len+ ZRTP_MIN_PACKET_LENGTH + ZRTP_HELLO_STATIC_SIZE + ZRTP_HMAC_SIZE, stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_invalid_packet, 1);
- return zrtp_status_fail;
- }
-
- /* Every component quantity must be less than or equal to 7 */
- if ( (peer_hello->hc > ZRTP_MAX_COMP_COUNT) || (peer_hello->cc > ZRTP_MAX_COMP_COUNT) ||
- (peer_hello->ac > ZRTP_MAX_COMP_COUNT) || (peer_hello->kc > ZRTP_MAX_COMP_COUNT) ||
- (peer_hello->sc > ZRTP_MAX_COMP_COUNT) )
- {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Wrong HELLO packet data. Components count can't be greater"
- " then 7. ID=%u\n", stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_invalid_packet, 1);
- return zrtp_status_fail;
- }
-
- /* Print out ZRTP Hello message for debug purposes */
- {
- char print_buffer[ZRTP_MAX_COMP_COUNT*20];
- zrtp_memcpy(print_buffer, peer_hello->comp, comp_block_len);
- print_buffer[comp_block_len] = 0;
- ZRTP_LOG(3,(_ZTU_,"\tProcessing HELLO from %.16s V=%.4s, P=%d, M=%d.\n",
- peer_hello->cliend_id, peer_hello->version, peer_hello->pasive, peer_hello->mitmflag));
- ZRTP_LOG(3,(_ZTU_,"\t\tac=%d cc=%d sc=%d kc=%d\n",
- peer_hello->ac, peer_hello->cc, peer_hello->sc, peer_hello->kc));
- ZRTP_LOG(3,(_ZTU_,"\t\t%s\n", print_buffer));
- }
-
- /*
- * Check protocol version. Try to resolve versions missmatch according to ZRTP Draft sec. 5.1
- */
- {
- uint32_t peer_version = 0;
- peer_version = (char)((*peer_hello->version) - '0') *10; /* only 3 first octets are significant */
- peer_version += (char)(*(peer_hello->version+2) - '0');
-
- if ((ZRTP_PROTOCOL_VERSION_VALUE/10) == peer_version) {
- ZRTP_LOG(3,(_ZTU_,"\tReceived HELLO had the same protocol V.\n"));
- }
- else if ((ZRTP_PROTOCOL_VERSION_VALUE/10) < peer_version) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Received HELLO greater ZRTP V=%d - wait for other party"
- " to resolve this issue. ID=%u.\n", peer_version, stream->id));
- } else {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Received a ZRTP_HELLO smaller ZRTP V=%d and we don't"
- " support it - terminate session. ID=%u\n", peer_version, stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_version, 1);
- return zrtp_status_fail;
- }
- }
-
- /* Close session if ZID duplication */
- if (!zrtp_memcmp(stream->messages.hello.zid, peer_hello->zid, sizeof(zrtp_zid_t))) {
- ZRTP_LOG(2,(_ZTU_,ZRTP_EQUAL_ZID_WARNING_STR));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_equal_zid, 1);
- return zrtp_status_fail;
- }
-
- /* All streams within a single session MUST have the same ZID */
- if (session->peer_zid.length > 0) {
- if (0 != zrtp_memcmp(session->peer_zid.buffer, peer_hello->zid, sizeof(zrtp_zid_t))) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Received HELLO which had a different ZID from that of the"
- " previous stream within the same session. sID=%u ID=%u\n", session->id, stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_wrong_zid, 1);
- return zrtp_status_fail;
- }
- } else {
- zrtp_zstrncpyc(ZSTR_GV(session->peer_zid), (const char*) peer_hello->zid, sizeof(zrtp_zid_t));
- }
-
- /*
- * Process Remote flags.
- */
- if (peer_hello->pasive && peer_hello->uflag) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Received HELLO which both P and U flags set.\n"));
- return zrtp_status_fail;
- }
-
- stream->peer_passive = peer_hello->pasive;
- stream->peer_super_flag = peer_hello->uflag;
-
- stream->peer_mitm_flag = peer_hello->mitmflag;
- if (stream->peer_mitm_flag) {
- stream->mitm_mode = ZRTP_MITM_MODE_CLIENT;
- }
-
- /* Current version doesn't support Digital Signatures. Ignore peer Hello with S flag enabled. */
- if (peer_hello->sigflag) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Received a ZRTP_HELLO with S flag enabled. We don't support Digital Signatures - ignore message.\n"));
- return zrtp_status_fail;
- }
-
- /* Copy packet for future hashing */
- zrtp_memcpy(&stream->messages.peer_hello, peer_hello, zrtp_ntoh16(peer_hello->hdr.length)*4);
- stream->is_hello_received = 1;
-
- /*
- * Choose PK exchange scheme and PK mode.
- * We do this right after receiving Hello to speedup DH calculations.
- */
- stream->pubkeyscheme = zrtp_comp_find(ZRTP_CC_PKT, ZRTP_PKTYPE_DH3072, session->zrtp);
- id = _zrtp_choose_best_comp(&session->profile, peer_hello, ZRTP_CC_PKT);
- if (id != ZRTP_COMP_UNKN) {
- stream->pubkeyscheme = zrtp_comp_find(ZRTP_CC_PKT, id, session->zrtp);
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tReceived HELLO Accepted\n"));
-
- return zrtp_status_ok;
-}
-
-
-/*===========================================================================*/
-/* Packet senders */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-static void _send_and_resend_hello(zrtp_stream_t* stream, zrtp_retry_task_t* task)
-{
- if ((task->_retrys == ZRTP_NO_ZRTP_FAST_COUNT) && !stream->is_hello_received) {
- ZRTP_LOG(2,(_ZTU_,"WARNING! HELLO have been resent %d times without a response."
- " Raising ZRTP_EVENT_NO_ZRTP_QUICK event. ID=%u\n", task->_retrys, stream->id));
-
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_NO_ZRTP_QUICK);
- }
- }
-
- if (task->_retrys >= (uint32_t)((ZRTP_STATE_WAIT_HELLOACK==stream->state)?ZRTP_T1_MAX_COUNT_EXT:ZRTP_T1_MAX_COUNT)) {
- ZRTP_LOG(2,(_ZTU_,"WARNING! HELLO Max retransmissions count reached (%d retries). ID=%u\n", task->_retrys, stream->id));
-
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
- _clear_stream_crypto(stream);
- _zrtp_change_state(stream, ZRTP_STATE_NO_ZRTP);
-
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_NO_ZRTP);
- }
- } else if (task->_is_enabled) {
- zrtp_status_t s = _zrtp_packet_send_message(stream, ZRTP_HELLO, &stream->messages.hello);
- task->timeout = _zrtp_get_timeout((uint32_t)task->timeout, ZRTP_HELLO);
- if (zrtp_status_ok == s) {
- task->_retrys++;
- }
-
-
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
-}
-
-zrtp_status_t _zrtp_machine_start_send_and_resend_hello(zrtp_stream_t* stream)
-{
- zrtp_retry_task_t* task = &stream->messages.hello_task;
-
- task->_is_enabled = 1;
- task->callback = _send_and_resend_hello;
- task->_retrys = 0;
-
- _send_and_resend_hello(stream, task);
-
- return zrtp_status_ok;
-}
-
-static void _send_helloack(zrtp_stream_t* stream)
-{
- _zrtp_packet_send_message(stream, ZRTP_HELLOACK, NULL);
-}
-
-
-/*---------------------------------------------------------------------------*/
-static void _send_and_resend_goclear(zrtp_stream_t* stream, zrtp_retry_task_t* task)
-{
- if (task->_is_enabled) {
- if (task->_retrys > ZRTP_T2_MAX_COUNT) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING!: GOCLEAR Nax retransmissions count reached. ID=%u\n", stream->id));
- _zrtp_machine_enter_clear(stream);
- } else {
- zrtp_packet_GoClear_t* goclear = (zrtp_packet_GoClear_t*) &stream->messages.goclear;
-
- _zrtp_packet_send_message(stream, ZRTP_GOCLEAR, goclear);
- task->_retrys++;
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
- }
-}
-
-static zrtp_status_t _zrtp_machine_start_send_and_resend_goclear(zrtp_stream_t* stream)
-{
- zrtp_retry_task_t* task = &stream->messages.goclear_task;
- zrtp_string128_t clear_hmac = ZSTR_INIT_EMPTY(clear_hmac);
- static const zrtp_string16_t clear_hmac_str = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_CLEAR_HMAC_STR);
-
- zrtp_memset(&stream->messages.goclear, 0, sizeof(zrtp_packet_GoClear_t));
-
- /* Compute Clear HMAC as: HMAC(hmackey, "Clear hmac") */
- stream->session->hash->hmac( stream->session->hash,
- ZSTR_GV(stream->cc.hmackey),
- ZSTR_GV(clear_hmac_str),
- ZSTR_GV(clear_hmac));
- clear_hmac.length = ZRTP_HMAC_SIZE;
-
- zrtp_memcpy(stream->messages.goclear.clear_hmac, clear_hmac.buffer, clear_hmac.length);
- _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_GOCLEAR,
- sizeof(zrtp_packet_GoClear_t) - sizeof(zrtp_msg_hdr_t),
- &stream->messages.goclear.hdr);
-
- task->_is_enabled = 1;
- task->callback = _send_and_resend_goclear;
- task->timeout = ZRTP_T2;
- task->_retrys = 0;
-
- _send_and_resend_goclear(stream, task);
-
- return zrtp_status_ok;
-}
-
-
-static void _send_goclearack(zrtp_stream_t* stream)
-{
- _zrtp_packet_send_message(stream, ZRTP_GOCLEARACK, NULL);
-}
-
-/*---------------------------------------------------------------------------*/
-static void _send_and_resend_error(zrtp_stream_t* stream, zrtp_retry_task_t* task)
-{
- if (task->_retrys >= ZRTP_ETI_MAX_COUNT) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! ERROR Max retransmissions count reached. ID=%u\n", stream->id));
- _zrtp_machine_switch_to_error(stream);
- } else if (task->_is_enabled) {
- if (zrtp_status_ok == _zrtp_packet_send_message(stream, ZRTP_ERROR, &stream->messages.error)) {
- task->_retrys++;
- }
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
-}
-
-static zrtp_status_t _zrtp_machine_start_send_and_resend_error(zrtp_stream_t* stream)
-{
- zrtp_retry_task_t* task = &stream->messages.error_task;
-
- zrtp_memset(&stream->messages.error, 0, sizeof(zrtp_packet_Error_t));
- stream->messages.error.code = zrtp_hton32(stream->last_error);
-
- _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_ERROR,
- sizeof(zrtp_packet_Error_t) - sizeof(zrtp_msg_hdr_t),
- &stream->messages.error.hdr);
-
- task->_is_enabled = 1;
- task->callback = _send_and_resend_error;
- task->timeout = ZRTP_ET;
- task->_retrys = 0;
-
- _send_and_resend_error(stream, task);
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-static void _send_and_resend_errorack(zrtp_stream_t* stream, zrtp_retry_task_t* task)
-{
- if (task->_retrys >= ZRTP_ETR_MAX_COUNT) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! ERRORACK Max retransmissions count reached. ID=%u\n", stream->id));
- _zrtp_machine_switch_to_error(stream);
- } else if (task->_is_enabled) {
- if (zrtp_status_ok == _zrtp_packet_send_message(stream, ZRTP_ERRORACK, NULL)) {
- task->_retrys++;
- }
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
-}
-
-static zrtp_status_t _zrtp_machine_start_send_and_resend_errorack(zrtp_stream_t* stream)
-{
- zrtp_retry_task_t* task = &stream->messages.errorack_task;
-
- task->_is_enabled = 1;
- task->callback = _send_and_resend_errorack;
- task->timeout = ZRTP_ET;
- task->_retrys = 0;
-
- _send_and_resend_errorack(stream, task);
-
- return zrtp_status_ok;
-}
-
-
-void _clear_stream_crypto(zrtp_stream_t* stream)
-{
- if (stream->protocol) {
- _zrtp_protocol_destroy(stream->protocol);
- stream->protocol = 0;
- }
-
- zrtp_wipe_zstring(ZSTR_GV(stream->cc.hmackey));
- zrtp_wipe_zstring(ZSTR_GV(stream->cc.peer_hmackey));
- zrtp_wipe_zstring(ZSTR_GV(&stream->cc.zrtp_key));
- zrtp_wipe_zstring(ZSTR_GV(stream->cc.peer_zrtp_key));
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp dengine"
-
-
-#if (defined(ZRTP_BUILD_FOR_CSD) && (ZRTP_BUILD_FOR_CSD == 1))
-
-extern zrtp_status_t _zrtp_machine_process_hello(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-extern zrtp_status_t start_send_and_resend_hello(zrtp_stream_t* stream);
-extern zrtp_status_t start_initiating_secure(zrtp_stream_t *stream);
-extern zrtp_status_t _zrtp_machine_start_send_and_resend_hello(zrtp_stream_t* stream);
-
-
-/*----------------------------------------------------------------------------*/
-void zrtp_driven_stream_start(zrtp_stream_t* stream, zrtp_statemachine_type_t role)
-{
-
- ZRTP_LOG(3,(_ZTU_,"START Driven %s Stream ID=%u mode=%s state=%s.",
- (ZRTP_STATEMACHINE_INITIATOR == role)?"INITIATOR":"RESPONDER",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- /* This function can be called in parallel to the main processing loop protect internal stream data. */
- zrtp_mutex_lock(stream->stream_protector);
-
- if ( (ZRTP_STATE_ACTIVE != stream->state) &&
- (ZRTP_STATE_ERROR != stream->state) &&
- (ZRTP_STATE_NO_ZRTP != stream->state))
- {
- ZRTP_LOG(1,(_ZTU_,"ERROR! can't start stream ID=%u from state %d.", stream->id, stream->state));
- }
- else
- {
- if (ZRTP_STATEMACHINE_INITIATOR == role) {
- _zrtp_change_state(stream, ZRTP_STATE_DRIVEN_INITIATOR);
- _zrtp_machine_start_send_and_resend_hello(stream);
- } else if (ZRTP_STATEMACHINE_RESPONDER == role) {
- _zrtp_change_state(stream, ZRTP_STATE_DRIVEN_RESPONDER);
- }
- }
-
- zrtp_mutex_unlock(stream->stream_protector);
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_driven_initiator( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO: {
- s = _zrtp_machine_process_hello(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"ERROR! _zrtp_machine_process_hello()4 failed with status=%d. ID=%u",s, stream->id));
- break; /* Just stay in DRIVEN_INITIATOR state. */
- }
-
- /* Now we have ZIDs for both sides and can upload secrets from the cache */
- s = _zrtp_prepare_secrets(stream->session);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"ERROR! _zrtp_prepare_secrets()3 failed with status=%d. ID=%u",s, stream->id));
- break; /* Just stay in START state. */
- }
-
- // TODO: handle autosecure and licensing modes there
- _zrtp_cancel_send_packet_later(stream, ZRTP_HELLO);
- stream->mode = _zrtp_define_stream_mode(stream);
- s = _zrtp_machine_enter_initiatingsecure(stream);
- } break;
-
- default:
- break;
- }
-
- return s;
-}
-
-zrtp_status_t _zrtp_machine_process_while_in_driven_responder( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO: {
- s = _zrtp_machine_process_hello(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"ERROR! _zrtp_machine_process_hello()5 failed with status=%d. ID=%u", s, stream->id));
- break; /* Just stay in DRIVEN_INITIATOR state. */
- }
-
- /* Now we have ZIDs for both sides and can upload secrets from the cache */
- s = _zrtp_prepare_secrets(stream->session);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"ERROR! _zrtp_prepare_secrets()4 failed with status=%d. ID=%u", s, stream->id));
- break; /* Just stay in START state. */
- }
-
- // TODO: handle autosecure and licensing modes there
- s = _zrtp_packet_send_message(stream, ZRTP_HELLO, &stream->messages.hello);
- if (zrtp_status_ok == s) {
- _zrtp_change_state(stream, ZRTP_STATE_DRIVEN_PENDING);
- }
- } break;
-
- default:
- break;
- }
-
- return s;
-}
-
-zrtp_status_t _zrtp_machine_process_while_in_driven_pending( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_HELLO: {
- s = _zrtp_packet_send_message(stream, ZRTP_HELLO, &stream->messages.hello);
- } break;
-
- case ZRTP_COMMIT: {
- zrtp_statemachine_type_t role = _zrtp_machine_preparse_commit(stream, packet);
- if (ZRTP_STATEMACHINE_RESPONDER == role) {
- s = _zrtp_machine_enter_pendingsecure(stream, packet);
- } else if (ZRTP_STATEMACHINE_INITIATOR == role) {
- s = _zrtp_machine_start_initiating_secure(stream);
- } else {
- s = zrtp_status_fail;
- }
- } break;
-
- default:
- break;
- }
-
- return s;
-}
-
-#endif /* ZRTP_BUILD_FOR_CSD */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2012 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#if defined(ZRTP_USE_BUILTIN_CACHE) && (ZRTP_USE_BUILTIN_CACHE == 1)
-
-#define _ZTU_ "zrtp cache"
-
-
-/* Windows kernel have it's own realization in Windows registry*/
-#if (ZRTP_PLATFORM != ZP_WIN32_KERNEL)
-
-static mlist_t cache_head;
-static uint32_t g_cache_elems_counter = 0;
-static mlist_t mitmcache_head;
-static uint32_t g_mitmcache_elems_counter = 0;
-static uint8_t inited = 0;
-static uint8_t g_needs_rewriting = 0;
-
-static zrtp_global_t* zrtp;
-static zrtp_mutex_t* def_cache_protector = NULL;
-
-
-/* Create cache ID like a pair of ZIDs. ZID with lowest value at the beginning */
-void zrtp_cache_create_id( const zrtp_stringn_t* first_ZID,
- const zrtp_stringn_t* second_ZID,
- zrtp_cache_id_t id);
-
-/* Searching for cache element by cache ID */
-static zrtp_cache_elem_t* get_elem(const zrtp_cache_id_t id, uint8_t is_mitm);
-
-/* Allows use cache on system with different byte-order */
-static void cache_make_cross( zrtp_cache_elem_t* from,
- zrtp_cache_elem_t* to,
- uint8_t is_upload);
-
-static zrtp_status_t zrtp_cache_user_init();
-static zrtp_status_t zrtp_cache_user_down();
-
-
-/*===========================================================================*/
-/* libZRTP interface implementation */
-/*===========================================================================*/
-
-#define ZRTP_CACHE_CHECK_ZID(a,b) \
- if ( (a->length != b->length) || \
- (a->length != sizeof(zrtp_zid_t)) ) \
- { \
- return zrtp_status_bad_param; \
- }
-
-zrtp_status_t zrtp_def_cache_init(zrtp_global_t* a_zrtp)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- if (!inited) {
- zrtp = a_zrtp;
- s = zrtp_mutex_init(&def_cache_protector);
- if (zrtp_status_ok != s) {
- return s;
- }
-
- init_mlist(&cache_head);
- init_mlist(&mitmcache_head);
- s = zrtp_cache_user_init();
-
- inited = 1;
- }
-
- return s;
-}
-
-void zrtp_def_cache_down()
-{
- if (inited) {
- mlist_t *node = NULL, *tmp = NULL;
-
- /* If automatic cache flushing enabled we don't need to store it in a disk as it should be already in sync. */
- if (!zrtp->cache_auto_store)
- zrtp_cache_user_down();
-
- mlist_for_each_safe(node, tmp, &cache_head) {
- zrtp_sys_free(mlist_get_struct(zrtp_cache_elem_t, _mlist, node));
- }
- mlist_for_each_safe(node, tmp, &mitmcache_head) {
- zrtp_sys_free(mlist_get_struct(zrtp_cache_elem_t, _mlist, node));
- }
-
- init_mlist(&cache_head);
- init_mlist(&mitmcache_head);
-
- zrtp_mutex_destroy(def_cache_protector);
-
- inited = 0;
- zrtp = NULL;
- }
-}
-
-
-zrtp_status_t zrtp_def_cache_set_verified( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- uint32_t verified)
-{
- zrtp_cache_id_t id;
- zrtp_cache_elem_t* new_elem = NULL;
-
- ZRTP_CACHE_CHECK_ZID(one_ZID, another_ZID);
- zrtp_cache_create_id(one_ZID, another_ZID, id);
-
- zrtp_mutex_lock(def_cache_protector);
- new_elem = get_elem(id, 0);
- if (new_elem) {
- new_elem->verified = verified;
- }
- zrtp_mutex_unlock(def_cache_protector);
-
- if (zrtp->cache_auto_store) zrtp_def_cache_store(zrtp);
-
- return (new_elem) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_def_cache_get_verified( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- uint32_t* verified)
-
-{
- zrtp_cache_id_t id;
- zrtp_cache_elem_t* elem = NULL;
-
- ZRTP_CACHE_CHECK_ZID(one_ZID, another_ZID);
- zrtp_cache_create_id(one_ZID, another_ZID, id);
-
- zrtp_mutex_lock(def_cache_protector);
- elem = get_elem(id, 0);
- if (elem) {
- *verified = elem->verified;
- }
- zrtp_mutex_unlock(def_cache_protector);
-
- return (elem) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-
-static zrtp_status_t cache_put( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- zrtp_shared_secret_t *rss,
- uint8_t is_mitm )
-{
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_cache_id_t id;
-
- ZRTP_CACHE_CHECK_ZID(one_ZID, another_ZID);
- zrtp_cache_create_id(one_ZID, another_ZID, id);
-
- {
- char zid1str[24+1], zid2str[24+1];
- ZRTP_LOG(3,(_ZTU_,"\tcache_put() zid1=%s, zis2=%s MiTM=%s\n",
- hex2str(one_ZID->buffer, one_ZID->length, zid1str, sizeof(zid1str)),
- hex2str(another_ZID->buffer, another_ZID->length, zid2str, sizeof(zid2str)),
- is_mitm?"YES":"NO"));
- }
-
- zrtp_mutex_lock(def_cache_protector);
- do {
- new_elem = get_elem(id, is_mitm);
- if (!new_elem)
- {
- /* If cache doesn't exist - create new one */
- if (!( new_elem = (zrtp_cache_elem_t*) zrtp_sys_alloc(sizeof(zrtp_cache_elem_t)) )) {
- break;
- }
-
- zrtp_memset(new_elem, 0, sizeof(zrtp_cache_elem_t));
- ZSTR_SET_EMPTY(new_elem->curr_cache);
- ZSTR_SET_EMPTY(new_elem->prev_cache);
-
- new_elem->secure_since = (uint32_t)(zrtp_time_now()/1000);
-
- mlist_add_tail(is_mitm ? &mitmcache_head : &cache_head, &new_elem->_mlist);
- zrtp_memcpy(new_elem->id, id, sizeof(zrtp_cache_id_t));
-
- if (is_mitm) {
- new_elem->_index = g_mitmcache_elems_counter++;
- } else {
- new_elem->_index = g_cache_elems_counter++;
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tcache_put() can't find element in the cache - create a new entry index=%u.\n", new_elem->_index));
- }
- else {
- ZRTP_LOG(3,(_ZTU_,"\tcache_put() Just update existing value.\n"));
- }
-
- /* Save current cache value as previous one and new as a current */
- if (!is_mitm) {
- if (new_elem->curr_cache.length > 0) {
- zrtp_zstrcpy(ZSTR_GV(new_elem->prev_cache), ZSTR_GV(new_elem->curr_cache));
- }
- }
-
- zrtp_zstrcpy(ZSTR_GV(new_elem->curr_cache), ZSTR_GV(rss->value));
- new_elem->lastused_at = rss->lastused_at;
- if (!is_mitm) {
- new_elem->ttl = rss->ttl;
- }
-
- new_elem->_is_dirty = 1;
- } while (0);
- zrtp_mutex_unlock(def_cache_protector);
-
- if (zrtp->cache_auto_store) zrtp_def_cache_store(zrtp);
-
- return (new_elem) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_def_cache_put( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- zrtp_shared_secret_t *rss) {
- return cache_put(one_ZID, another_ZID, rss, 0);
-}
-
-zrtp_status_t zrtp_def_cache_put_mitm( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- zrtp_shared_secret_t *rss) {
- return cache_put(one_ZID, another_ZID, rss, 1);
-}
-
-
-static zrtp_status_t cache_get( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- zrtp_shared_secret_t *rss,
- int prev_requested,
- uint8_t is_mitm)
-{
- zrtp_cache_elem_t* curr = 0;
- zrtp_cache_id_t id;
- zrtp_status_t s = zrtp_status_ok;
-
- {
- char zid1str[24+1], zid2str[24+1];
- ZRTP_LOG(3,(_ZTU_,"\tache_get(): zid1=%s, zis2=%s MiTM=%s\n",
- hex2str(one_ZID->buffer, one_ZID->length, zid1str, sizeof(zid1str)),
- hex2str(another_ZID->buffer, another_ZID->length, zid2str, sizeof(zid2str)),
- is_mitm?"YES":"NO"));
- }
-
- ZRTP_CACHE_CHECK_ZID(one_ZID, another_ZID);
- zrtp_cache_create_id(one_ZID, another_ZID, id);
-
- zrtp_mutex_lock(def_cache_protector);
- do {
- curr = get_elem(id, is_mitm);
- if (!curr || (!curr->prev_cache.length && prev_requested)) {
- s = zrtp_status_fail;
- ZRTP_LOG(3,(_ZTU_,"\tache_get() - not found.\n"));
- break;
- }
-
- zrtp_zstrcpy( ZSTR_GV(rss->value),
- prev_requested ? ZSTR_GV(curr->prev_cache) : ZSTR_GV(curr->curr_cache));
-
- rss->lastused_at = curr->lastused_at;
- if (!is_mitm) {
- rss->ttl = curr->ttl;
- }
- } while (0);
- zrtp_mutex_unlock(def_cache_protector);
-
- return s;
-}
-
-zrtp_status_t zrtp_def_cache_get( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- zrtp_shared_secret_t *rss,
- int prev_requested)
-{
- return cache_get(one_ZID, another_ZID, rss, prev_requested, 0);
-}
-
-zrtp_status_t zrtp_def_cache_get_mitm( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- zrtp_shared_secret_t *rss)
-{
- return cache_get(one_ZID, another_ZID, rss, 0, 1);
-}
-
-zrtp_status_t zrtp_def_cache_set_presh_counter( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t counter)
-{
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_cache_id_t id;
-
- ZRTP_CACHE_CHECK_ZID(one_zid, another_zid);
- zrtp_cache_create_id(one_zid, another_zid, id);
-
- zrtp_mutex_lock(def_cache_protector);
- new_elem = get_elem(id, 0);
- if (new_elem) {
- new_elem->presh_counter = counter;
-
- new_elem->_is_dirty = 1;
- }
- zrtp_mutex_unlock(def_cache_protector);
-
- if (zrtp->cache_auto_store) zrtp_def_cache_store(zrtp);
-
- return (new_elem) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_def_cache_get_presh_counter( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- uint32_t* counter)
-{
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_cache_id_t id;
-
- ZRTP_CACHE_CHECK_ZID(one_zid, another_zid);
- zrtp_cache_create_id(one_zid, another_zid, id);
-
- zrtp_mutex_lock(def_cache_protector);
- new_elem = get_elem(id, 0);
- if (new_elem) {
- *counter = new_elem->presh_counter;
- }
- zrtp_mutex_unlock(def_cache_protector);
-
- return (new_elem) ? zrtp_status_ok : zrtp_status_fail;
-}
-
- void zrtp_cache_create_id( const zrtp_stringn_t* first_ZID,
- const zrtp_stringn_t* second_ZID,
- zrtp_cache_id_t id )
-{
- if (0 < zrtp_memcmp(first_ZID->buffer, second_ZID->buffer, sizeof(zrtp_zid_t))) {
- const zrtp_stringn_t* tmp_ZID = first_ZID;
- first_ZID = second_ZID;
- second_ZID = tmp_ZID;
- }
-
- zrtp_memcpy(id, first_ZID->buffer, sizeof(zrtp_zid_t));
- zrtp_memcpy((char*)id+sizeof(zrtp_zid_t), second_ZID->buffer, sizeof(zrtp_zid_t));
-}
-
-zrtp_cache_elem_t* zrtp_def_cache_get2(const zrtp_cache_id_t id, int is_mitm)
-{
- return get_elem(id, is_mitm);
-}
-
-
-static zrtp_cache_elem_t* get_elem(const zrtp_cache_id_t id, uint8_t is_mitm)
-{
- mlist_t* node = NULL;
- mlist_t* head = is_mitm ? &mitmcache_head : &cache_head;
- mlist_for_each(node, head) {
- zrtp_cache_elem_t* elem = mlist_get_struct(zrtp_cache_elem_t, _mlist, node);
- if (!zrtp_memcmp(elem->id, id, sizeof(zrtp_cache_id_t))) {
- return elem;
- }
- }
-
- return NULL;
-}
-
-static void cache_make_cross(zrtp_cache_elem_t* from, zrtp_cache_elem_t* to, uint8_t is_upload)
-{
- if (!to) {
- return;
- }
-
- if (from) {
- zrtp_memcpy(to, from, sizeof(zrtp_cache_elem_t));
- }
-
- if (is_upload) {
- to->verified = zrtp_ntoh32(to->verified);
- to->secure_since= zrtp_ntoh32(to->secure_since);
- to->lastused_at = zrtp_ntoh32(to->lastused_at);
- to->ttl = zrtp_ntoh32(to->ttl);
- to->name_length = zrtp_ntoh32(to->name_length);
- to->curr_cache.length = zrtp_ntoh16(to->curr_cache.length);
- to->prev_cache.length = zrtp_ntoh16(to->prev_cache.length);
- to->presh_counter = zrtp_ntoh32(to->presh_counter);
- } else {
- to->verified = zrtp_hton32(to->verified);
- to->secure_since= zrtp_hton32(to->secure_since);
- to->lastused_at = zrtp_hton32(to->lastused_at);
- to->ttl = zrtp_hton32(to->ttl);
- to->name_length = zrtp_hton32(to->name_length);
- to->curr_cache.length = zrtp_hton16(to->curr_cache.length);
- to->prev_cache.length = zrtp_hton16(to->prev_cache.length);
- to->presh_counter = zrtp_hton32(to->presh_counter);
- }
-}
-
-
-/*===========================================================================*/
-/* ZRTP cache realization as a simple binary file */
-/*===========================================================================*/
-
-
-#if ZRTP_HAVE_STDIO_H == 1
- #include <stdio.h>
-#endif
-
-#include <string.h>
-
-/*---------------------------------------------------------------------------*/
-#define ZRTP_INT_CACHE_BREAK(s, status) \
-{ \
- if (!s) s = status; \
- break; \
-}\
-
-zrtp_status_t zrtp_cache_user_init()
-{
- FILE* cache_file = 0;
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_status_t s = zrtp_status_ok;
- uint32_t cache_elems_count = 0;
- uint32_t mitmcache_elems_count = 0;
- uint32_t i = 0;
- unsigned is_unsupported = 0;
-
- ZRTP_LOG(3,(_ZTU_,"\tLoad ZRTP cache from <%s>...\n", zrtp->def_cache_path.buffer));
-
- g_mitmcache_elems_counter = 0;
- g_cache_elems_counter = 0;
- g_needs_rewriting = 0;
-
- /* Try to open existing file. If ther is no cache file - start with empty cache */
-#if (ZRTP_PLATFORM == ZP_WIN32)
- if (0 != fopen_s(&cache_file, zrtp->def_cache_path.buffer, "rb")) {
- return zrtp_status_ok;
- }
-#else
- if (0 == (cache_file = fopen(zrtp->def_cache_path.buffer, "rb"))) {
- ZRTP_LOG(3,(_ZTU_,"\tCan't open file for reading.\n"));
- return zrtp_status_ok;
- }
-#endif
- /*
- * Check for the cache file version number. Current version of libzrtp doesn't support
- * backward compatibility in zrtp cache file structure, so we just remove the old cache file.
- *
- * Version field format: $ZRTP_DEF_CACHE_VERSION_STR$ZRTP_DEF_CACHE_VERSION_VAL
- */
- do {
- char version_buff[256];
- memset(version_buff, 0, sizeof(version_buff));
-
- if (fread(version_buff, strlen(ZRTP_DEF_CACHE_VERSION_STR)+strlen(ZRTP_DEF_CACHE_VERSION_VAL), 1, cache_file) <= 0) {
- ZRTP_LOG(3,(_ZTU_,"\tCache Error: Cache file is too small.\n"));
- is_unsupported = 1;
- break;
- }
-
- if (0 != zrtp_memcmp(version_buff, ZRTP_DEF_CACHE_VERSION_STR, strlen(ZRTP_DEF_CACHE_VERSION_STR))) {
- ZRTP_LOG(3,(_ZTU_,"\tCache Error: Can't find ZRTP Version tag in the cache file.\n"));
- is_unsupported = 1;
- break;
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tZRTP cache file has version=%s\n", version_buff+strlen(ZRTP_DEF_CACHE_VERSION_STR)));
-
- if (0 != zrtp_memcmp(version_buff+strlen(ZRTP_DEF_CACHE_VERSION_STR), ZRTP_DEF_CACHE_VERSION_VAL, strlen(ZRTP_DEF_CACHE_VERSION_VAL))) {
- ZRTP_LOG(3,(_ZTU_,"\tCache Error: Unsupported ZRTP cache version.\n"));
- is_unsupported = 1;
- break;
- }
- } while (0);
-
- if (is_unsupported) {
- ZRTP_LOG(3,(_ZTU_,"\tCache Error: Unsupported version of ZRTP cache file detected - white-out the cache.\n"));
- fclose(cache_file);
- return zrtp_status_ok;
- }
-
- /*
- * Load MitM caches: first 32 bits is a MiTM secrets counter. Read it and then
- * upload appropriate number of MitM secrets.
- */
- do {
- cache_elems_count = 0;
- if (fread(&mitmcache_elems_count, 4, 1, cache_file) <= 0) {
- ZRTP_INT_CACHE_BREAK(s, zrtp_status_read_fail);
- }
- mitmcache_elems_count = zrtp_ntoh32(mitmcache_elems_count);
-
- ZRTP_LOG(3,(_ZTU_,"\tZRTP cache file contains %u MiTM secrets.\n", mitmcache_elems_count));
-
- for (i=0; i<mitmcache_elems_count; i++)
- {
- new_elem = (zrtp_cache_elem_t*) zrtp_sys_alloc(sizeof(zrtp_cache_elem_t));
- if (!new_elem) {
- ZRTP_INT_CACHE_BREAK(s, zrtp_status_alloc_fail);
- }
-
- if (fread(new_elem, ZRTP_MITMCACHE_ELEM_LENGTH, 1, cache_file) <= 0) {
- ZRTP_LOG(3,(_ZTU_,"\tERROR! MiTM cache element read fail (id=%u).\n", i));
-
- zrtp_sys_free(new_elem);
- ZRTP_INT_CACHE_BREAK(s, zrtp_status_read_fail);
- }
-
- cache_make_cross(NULL, new_elem, 1);
-
- new_elem->_index = g_mitmcache_elems_counter++;
- new_elem->_is_dirty = 0;
-
- mlist_add_tail(&mitmcache_head, &new_elem->_mlist);
- }
-
- if (i != mitmcache_elems_count)
- ZRTP_INT_CACHE_BREAK(s, zrtp_status_read_fail);
- } while(0);
- if (s != zrtp_status_ok) {
- fclose(cache_file);
- zrtp_def_cache_down();
- return s;
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tAll %u MiTM Cache entries have been uploaded.\n", g_mitmcache_elems_counter));
-
- /*
- * Load regular caches: first 32 bits is a secrets counter. Read it and then
- * upload appropriate number of regular secrets.
- */
- cache_elems_count = 0;
- if (fread(&cache_elems_count, 4, 1, cache_file) <= 0) {
- fclose(cache_file);
- zrtp_def_cache_down();
- return zrtp_status_read_fail;
- }
- cache_elems_count = zrtp_ntoh32(cache_elems_count);
-
- ZRTP_LOG(3,(_ZTU_,"\tZRTP cache file contains %u RS secrets.\n", cache_elems_count));
-
- for (i=0; i<cache_elems_count; i++)
- {
- new_elem = (zrtp_cache_elem_t*) zrtp_sys_alloc(sizeof(zrtp_cache_elem_t));
- if (!new_elem) {
- ZRTP_INT_CACHE_BREAK(s, zrtp_status_alloc_fail);
- }
-
- if (fread(new_elem, ZRTP_CACHE_ELEM_LENGTH, 1, cache_file) <= 0) {
- ZRTP_LOG(3,(_ZTU_,"\tERROR! RS cache element read fail (id=%u).\n", i));
- zrtp_sys_free(new_elem);
- ZRTP_INT_CACHE_BREAK(s, zrtp_status_read_fail);
- }
-
- cache_make_cross(NULL, new_elem, 1);
-
- new_elem->_index = g_cache_elems_counter++;
- new_elem->_is_dirty = 0;
-
- mlist_add_tail(&cache_head, &new_elem->_mlist);
- }
- if (i != cache_elems_count) {
- s = zrtp_status_read_fail;
- }
-
- if (0 != fclose(cache_file)) {
- zrtp_def_cache_down();
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tAll of %u RS Cache entries have been uploaded.\n", g_cache_elems_counter));
-
- return s;
-}
-
-
-#define ZRTP_DOWN_CACHE_RETURN(s, f) \
-{\
- if (zrtp_status_ok != s) { \
- ZRTP_LOG(3,(_ZTU_,"\tERROR! Unable to writing to ZRTP cache file.\n")); \
- } \
- if (f) { \
- fclose(f);\
- } \
- return s;\
-};
-
-static zrtp_status_t flush_elem_(zrtp_cache_elem_t *elem, FILE *cache_file, unsigned is_mitm) {
- zrtp_cache_elem_t tmp_elem;
- uint32_t pos = 0;
-
- /*
- * Let's calculate cache element position in the file
- */
-
-// @note: I'm going to remove unused comments when random-access cache get more stable. (vkrykun, Nov 27, 2011)
-// printf("flush_elem_(): calculate Element offset for %s..\n", is_mitm?"MiTM":"RS");
-
- /* Skip the header */
- pos += strlen(ZRTP_DEF_CACHE_VERSION_STR)+strlen(ZRTP_DEF_CACHE_VERSION_VAL);
-
- pos += sizeof(uint32_t); /* Skip MiTM secretes count. */
-
-// printf("flush_elem_(): \t pos=%u (Header, MiTM Count).\n", pos);
-
- if (is_mitm) {
- /* position within MiTM secrets block. */
- pos += (elem->_index * ZRTP_MITMCACHE_ELEM_LENGTH);
-// printf("flush_elem_(): \t pos=%u (Header, MiTM Count + %u MiTM Secrets).\n", pos, elem->_index);
- } else {
- /* Skip MiTM Secrets block */
- pos += (g_mitmcache_elems_counter * ZRTP_MITMCACHE_ELEM_LENGTH);
-
- pos += sizeof(uint32_t); /* Skip RS elements count. */
-
- pos += (elem->_index * ZRTP_CACHE_ELEM_LENGTH); /* Skip previous RS elements */
-
-// printf("flush_elem_(): \t pos=%u (Header, MiTM Count + ALL %u Secrets, RS counter and %u prev. RS).\n", pos, g_mitmcache_elems_counter, elem->_index);
- }
-
- fseek(cache_file, pos, SEEK_SET);
-
- /* Prepare element for storing, convert all fields to the network byte-order. */
- cache_make_cross(elem, &tmp_elem, 0);
-
-// printf("flush_elem_(): write to offset=%lu\n", ftell(cache_file));
-
- /* Flush the element. */
- if (fwrite(&tmp_elem, (is_mitm ? ZRTP_MITMCACHE_ELEM_LENGTH : ZRTP_CACHE_ELEM_LENGTH), 1, cache_file) != 1) {
-// printf("flush_elem_(): ERROR!!! write failed!\n");
- return zrtp_status_write_fail;
- } else {
- elem->_is_dirty = 0;
-
-// printf("flush_elem_(): OK! %lu bytes were written\n", (is_mitm ? ZRTP_MITMCACHE_ELEM_LENGTH : ZRTP_CACHE_ELEM_LENGTH));
- return zrtp_status_ok;
- }
-}
-
-zrtp_status_t zrtp_cache_user_down()
-{
- FILE* cache_file = 0;
- mlist_t *node = 0;
- uint32_t count = 0, dirty_count=0;
- uint32_t pos = 0;
-
- ZRTP_LOG(3,(_ZTU_,"\tStoring ZRTP cache to <%s>...\n", zrtp->def_cache_path.buffer));
-
- /* Open/create file for writing */
-#if (ZRTP_PLATFORM == ZP_WIN32)
- if (g_needs_rewriting || 0 != fopen_s(&cache_file, zrtp->def_cache_path.buffer, "r+")) {
- if (0 != fopen_s(&cache_file, zrtp->def_cache_path.buffer, "w+")) {
- ZRTP_LOG(2,(_ZTU_,"\tERROR! unable to open ZRTP cache file <%s>.\n", zrtp->def_cache_path.buffer));
- return zrtp_status_open_fail;
- }
- }
-#else
- if (g_needs_rewriting || !(cache_file = fopen(zrtp->def_cache_path.buffer, "r+"))) {
- cache_file = fopen(zrtp->def_cache_path.buffer, "w+");
- if (!cache_file) {
- ZRTP_LOG(2,(_ZTU_,"\tERROR! unable to open ZRTP cache file <%s>.\n", zrtp->def_cache_path.buffer));
- return zrtp_status_open_fail;
- }
- }
-#endif
-
- fseek(cache_file, 0, SEEK_SET);
-
- /* Store version string first. Format: &ZRTP_DEF_CACHE_VERSION_STR&ZRTP_DEF_CACHE_VERSION_VAL */
- if (1 != fwrite(ZRTP_DEF_CACHE_VERSION_STR, strlen(ZRTP_DEF_CACHE_VERSION_STR), 1, cache_file)) {
- ZRTP_LOG(2,(_ZTU_,"\tERROR! unable to write header to the cache file\n"));
- ZRTP_DOWN_CACHE_RETURN(zrtp_status_write_fail, cache_file);
- }
- if (1 != fwrite(ZRTP_DEF_CACHE_VERSION_VAL, strlen(ZRTP_DEF_CACHE_VERSION_VAL), 1, cache_file)) {
- ZRTP_LOG(2,(_ZTU_,"\tERROR! unable to write header to the cache file\n"));
- ZRTP_DOWN_CACHE_RETURN(zrtp_status_write_fail, cache_file);
- }
-
- /*
- * Store PBX secrets first. Format: <secrets count>, <secrets' data>
- *
- * NOTE!!! It's IMPORTANT to store PBX secrets before the Regular secrets!!!
- */
- pos = ftell(cache_file);
-
- count = 0; dirty_count = 0;
- fwrite(&count, sizeof(count), 1, cache_file);
-
- mlist_for_each(node, &mitmcache_head) {
- zrtp_cache_elem_t* elem = mlist_get_struct(zrtp_cache_elem_t, _mlist, node);
- /* Store dirty values only. */
- if (g_needs_rewriting || elem->_is_dirty) {
-// printf("zrtp_cache_user_down: Store MiTM elem index=%u, not modified.\n", elem->_index);
- dirty_count++;
- if (zrtp_status_ok != flush_elem_(elem, cache_file, 1)) {
- ZRTP_DOWN_CACHE_RETURN(zrtp_status_write_fail, cache_file);
- }
- } else {
-// printf("zrtp_cache_user_down: Skip MiTM elem index=%u, not modified.\n", elem->_index);
- }
- }
-
- fseek(cache_file, pos, SEEK_SET);
-
- count = zrtp_hton32(g_mitmcache_elems_counter);
- if (fwrite(&count, sizeof(count), 1, cache_file) != 1) {
- ZRTP_DOWN_CACHE_RETURN(zrtp_status_write_fail, cache_file);
- }
-
- if (dirty_count > 0)
- ZRTP_LOG(3,(_ZTU_,"\t%u out of %u MiTM cache entries have been flushed successfully.\n", dirty_count, zrtp_ntoh32(count)));
-
- /*
- * Store regular secrets. Format: <secrets count>, <secrets' data>
- */
-
- /* Seek to the beginning of the Regular secrets block */
- pos = strlen(ZRTP_DEF_CACHE_VERSION_STR)+strlen(ZRTP_DEF_CACHE_VERSION_VAL);
- pos += sizeof(uint32_t); /* Skip MiTM secrets count. */
- pos += (g_mitmcache_elems_counter * ZRTP_MITMCACHE_ELEM_LENGTH); /* Skip MiTM Secrets block */
-
- fseek(cache_file, pos, SEEK_SET);
-
- count = 0; dirty_count=0;
- fwrite(&count, sizeof(count), 1, cache_file);
-
- mlist_for_each(node, &cache_head) {
- zrtp_cache_elem_t* elem = mlist_get_struct(zrtp_cache_elem_t, _mlist, node);
-
- /* Store dirty values only. */
- if (g_needs_rewriting || elem->_is_dirty) {
-// printf("zrtp_cache_user_down: Store RS elem index=%u, not modified.\n", elem->_index);
- dirty_count++;
- if (zrtp_status_ok != flush_elem_(elem, cache_file, 0)) {
- ZRTP_DOWN_CACHE_RETURN(zrtp_status_write_fail, cache_file);
- }
- }
-// else {
-// printf("zrtp_cache_user_down: Skip RS elem index=%u, not modified.\n", elem->_index);
-// }
- }
-
- fseek(cache_file, pos, SEEK_SET);
-
- count = zrtp_hton32(g_cache_elems_counter);
- if (fwrite(&count, sizeof(count), 1, cache_file) != 1) {
- ZRTP_DOWN_CACHE_RETURN(zrtp_status_write_fail, cache_file);
- }
-
- if (dirty_count > 0)
- ZRTP_LOG(3,(_ZTU_,"\t%u out of %u regular cache entries have been flushed successfully.\n", dirty_count, zrtp_ntoh32(count)));
-
- g_needs_rewriting = 0;
-
- ZRTP_DOWN_CACHE_RETURN(zrtp_status_ok, cache_file);
-}
-
-
-/*==========================================================================*/
-/* Utility functions. */
-/* These functions are example how cache can be used for internal needs */
-/*==========================================================================*/
-
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t put_name( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- const zrtp_stringn_t* name,
- uint8_t is_mitm)
-{
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_cache_id_t id;
- zrtp_status_t s = zrtp_status_ok;
-
- ZRTP_CACHE_CHECK_ZID(one_ZID, another_ZID);
- zrtp_cache_create_id(one_ZID, another_ZID, id);
-
- zrtp_mutex_lock(def_cache_protector);
- do {
- new_elem = get_elem(id, is_mitm);
- if (!new_elem) {
- s = zrtp_status_fail;
- break;
- }
-
- /* Update regular cache name*/
- new_elem->name_length = ZRTP_MIN(name->length, ZFONE_CACHE_NAME_LENGTH-1);
- zrtp_memset(new_elem->name, 0, sizeof(new_elem->name));
- zrtp_memcpy(new_elem->name, name->buffer, new_elem->name_length);
-
- new_elem->_is_dirty = 1;
- } while (0);
- zrtp_mutex_unlock(def_cache_protector);
-
- if (zrtp->cache_auto_store) zrtp_def_cache_store(zrtp);
-
- return s;
-}
-
-
-zrtp_status_t zrtp_def_cache_put_name( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- const zrtp_stringn_t* name)
-{
- return put_name(one_ZID, another_ZID, name, 0);
-}
-
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t get_name( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- zrtp_stringn_t* name,
- uint8_t is_mitm)
-{
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_cache_id_t id;
- zrtp_status_t s = zrtp_status_fail;
-
- ZRTP_CACHE_CHECK_ZID(one_ZID, another_ZID);
- zrtp_cache_create_id(one_ZID, another_ZID, id);
-
- zrtp_mutex_lock(def_cache_protector);
- do {
- new_elem = get_elem(id, is_mitm);
- if (!new_elem) {
- s = zrtp_status_fail;
- break;
- }
-
- name->length = new_elem->name_length;
- zrtp_memcpy(name->buffer, new_elem->name, name->length);
- s = zrtp_status_ok;
- } while (0);
- zrtp_mutex_unlock(def_cache_protector);
-
- return s;
-}
-
-zrtp_status_t zrtp_def_cache_get_name( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid,
- zrtp_stringn_t* name)
-{
- return get_name(one_zid, another_zid, name, 0);
-}
-
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_def_cache_get_since( const zrtp_stringn_t* one_ZID,
- const zrtp_stringn_t* another_ZID,
- uint32_t* since)
-{
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_cache_id_t id;
-
- ZRTP_CACHE_CHECK_ZID(one_ZID, another_ZID);
- zrtp_cache_create_id(one_ZID, another_ZID, id);
-
- zrtp_mutex_lock(def_cache_protector);
- new_elem = get_elem(id, 0);
- if (new_elem) {
- *since = new_elem->secure_since;
- }
- zrtp_mutex_unlock(def_cache_protector);
-
- return (new_elem) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_def_cache_reset_since( const zrtp_stringn_t* one_zid,
- const zrtp_stringn_t* another_zid)
-{
- zrtp_cache_elem_t* new_elem = 0;
- zrtp_cache_id_t id;
-
- ZRTP_CACHE_CHECK_ZID(one_zid, another_zid);
- zrtp_cache_create_id(one_zid, another_zid, id);
-
- zrtp_mutex_lock(def_cache_protector);
- new_elem = get_elem(id, 0);
- if (new_elem) {
- new_elem->secure_since = (uint32_t)(zrtp_time_now()/1000);
-
- new_elem->_is_dirty = 1;
- }
- zrtp_mutex_unlock(def_cache_protector);
-
- if (zrtp->cache_auto_store) zrtp_def_cache_store(zrtp);
-
- return (new_elem) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-
-/*----------------------------------------------------------------------------*/
-void zrtp_def_cache_foreach( zrtp_global_t *global,
- int is_mitm,
- zrtp_cache_callback_t callback,
- void *data)
-{
- int delete, result;
- unsigned index_decrease = 0;
- mlist_t* node = NULL, *tmp_node = NULL;
-
- zrtp_mutex_lock(def_cache_protector);
- mlist_for_each_safe(node, tmp_node, (is_mitm ? &mitmcache_head : &cache_head))
- {
- zrtp_cache_elem_t* elem = mlist_get_struct(zrtp_cache_elem_t, _mlist, node);
-
- /*
- * We are about to delete cache element, in order to keep our
- * random-access file working, we should re-arrange indexes of
- * cache elements go after the deleting one.
- */
- if (index_decrease >0) {
- elem->_index -= index_decrease;
- }
-
- delete = 0;
- result = callback(elem, is_mitm, data, &delete);
- if (delete) {
- {
- char idstr[24*2+1];
- ZRTP_LOG(3,(_ZTU_,"\trtp_def_cache_foreach() Delete element id=%s index=%u\n",
- hex2str((const char*)elem->id, sizeof(elem->id), idstr, sizeof(idstr)),
- elem->_index));
- }
-
- index_decrease++;
-
- mlist_del(&elem->_mlist);
-
- /* Decrement global cache counter. */
- if (is_mitm)
- g_mitmcache_elems_counter--;
- else
- g_cache_elems_counter--;
-
- g_needs_rewriting = 1;
- }
- if (!result) {
- break;
- }
- }
- zrtp_mutex_unlock(def_cache_protector);
-
- return;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_def_cache_store(zrtp_global_t *zrtp)
-{
- zrtp_mutex_lock(def_cache_protector);
- zrtp_cache_user_down();
- zrtp_mutex_unlock(def_cache_protector);
-
- return zrtp_status_ok;
-}
-
-#endif /* ZRTP_PLATFORM != ZP_WIN32_KERNEL */
-
-#endif /* ZRTP_USE_BUILTIN_CACHE */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#define _POSIX_C_SOURCE 199309L /* for struct timespec */
-#include "zrtp.h"
-
-#if (defined(ZRTP_USE_BUILTIN_SCEHDULER) && (ZRTP_USE_BUILTIN_SCEHDULER ==1))
-#if (ZRTP_PLATFORM!=ZP_SYMBIAN)
-
-#if defined (ZRTP_DEBUG_WITH_PJSIP) && (ZRTP_DEBUG_WITH_PJSIP == 1)
-# include <pjlib.h>
-#endif
-
-/* Windows kernel have it's own realization based on kernel timers */
-#if (ZRTP_PLATFORM != ZP_WIN32_KERNEL)
-
-#define ZRTP_SCHED_QUEUE_SIZE ZRTP_MAX_STREAMS_PER_SESSION * 1000
-#define ZRTP_SCHED_LOOP_QVANT 20
-
-#define ZRTP_SCHED_SLEEP(count) zrtp_sleep(ZRTP_SCHED_LOOP_QVANT*count);
-
-
-/** Schedulling tasks structure */
-typedef struct
-{
- zrtp_stream_t *ctx; /** ZRTP stream context associated with the task */
- zrtp_retry_task_t *ztask; /** ZRTP stream associated with the task */
- uint64_t wake_at; /* Wake time in milliseconds */
- mlist_t _mlist;
-} zrtp_sched_task_t;
-
-/** Initiation flag. Protection from reinitialization. (1 if initiated) */
-static uint8_t inited = 0;
-
-/** Sorted by wake time tasks list. First task to do at the begining */
-static mlist_t tasks_head;
-
-/** Tasks queue protector againts race conditions on add/remove tasks */
-static zrtp_mutex_t* protector = NULL;
-
-/** Main queue symaphore */
-static zrtp_sem_t* count = NULL;
-
-static uint8_t is_running = 0;
-#if (ZRTP_PLATFORM == ZP_WIN32 || ZRTP_PLATFORM == ZP_WINCE)
-HANDLE scheduler_thread = NULL;
-#else
-static uint8_t is_working = 0;
-#endif
-
-
-/*==========================================================================*/
-/* Platform Dependent Routine */
-/*==========================================================================*/
-
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WINCE)
-#include <Windows.h>
-
-int zrtp_sleep(unsigned int msec)
-{
- Sleep(msec);
- return 0;
-}
-
-int zrtp_thread_create(zrtp_thread_routine_t start_routine, void *arg)
-{
- DWORD dwThreadId;
-
- scheduler_thread = CreateThread(NULL, 0, start_routine, 0, 0, &dwThreadId);
- if (NULL == scheduler_thread) {
- return -1;
- }
-
- return 0;
-}
-
-#elif (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_BSD) || (ZRTP_PLATFORM == ZP_ANDROID)
-/* POSIX.1-2008 removes usleep, so use nanosleep instead when available */
-#if ZRTP_HAVE_NANOSLEEP
-#include <time.h> /* for nanosleep */
-#elif ZRTP_HAVE_UNISTD_H == 1
-#include <unistd.h>
-#else
-#error "Used environment dosn't have <unistd.h> - zrtp_scheduler can't be build."
-#endif
-
-#if ZRTP_HAVE_PTHREAD_H == 1
-#include <pthread.h>
-#else
-# error "Used environment dosn't have <pthread.h> - zrtp_scheduler can't be build."
-#endif
-
-int zrtp_sleep(unsigned int msec)
-{
-#if ZRTP_HAVE_NANOSLEEP
- struct timespec delay;
- delay.tv_sec = msec / 1000;
- delay.tv_nsec = (msec % 1000) * 1000000;
- while (nanosleep(&delay, &delay));
-#else
- usleep(msec*1000);
-#endif
- return 0;
-}
-
-int zrtp_thread_create(zrtp_thread_routine_t start_routine, void *arg)
-{
- pthread_t thread;
- return pthread_create(&thread, NULL, start_routine, arg);
-}
-#endif
-
-
-/*==========================================================================*/
-/* Scheduler Implementation */
-/*==========================================================================*/
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
-static DWORD WINAPI sched_loop(void* param)
-#elif (ZRTP_PLATFORM == ZP_SYMBIAN)
-static int sched_loop(void* param)
-#else
-static void* sched_loop(void* param)
-#endif
-{
-#if defined (ZRTP_DEBUG_WITH_PJSIP) && (ZRTP_DEBUG_WITH_PJSIP == 1)
- /*
- Register current thread if it was created by
- external system call(not pj_sip call)
- */
- pj_thread_desc desc;
- pj_thread_t *sched_loop_thread;
-
- if (pj_thread_is_registered()==PJ_FALSE){
- pj_thread_register("zrtp_sched_loop_thread", desc, &sched_loop_thread);
- }
-#endif
-
-#if (ZRTP_PLATFORM != ZP_WIN32 && ZRTP_PLATFORM != ZP_WINCE)
- is_working = 1;
-#endif
- while (is_running)
- {
- zrtp_sched_task_t* task = NULL;
- zrtp_sched_task_t task2run;
- int ready_2_run = 0;
- mlist_t* node = 0;
-
- /* Wait for tasks in queue */
- zrtp_sem_wait(count);
-
- zrtp_mutex_lock(protector);
-
- node = mlist_get(&tasks_head);
- if (!node) {
- zrtp_mutex_unlock(protector);
- continue;
- }
-
- task = mlist_get_struct(zrtp_sched_task_t, _mlist, node);
- if (task->wake_at <= zrtp_time_now())
- {
- task2run.ctx = task->ctx;
- task2run.ztask = task->ztask;
- mlist_del(node);
- zrtp_sys_free(task);
- ready_2_run = 1;
- }
-
- zrtp_mutex_unlock(protector);
-
- if (ready_2_run) {
- task2run.ztask->_is_busy = 1;
- task2run.ztask->callback(task2run.ctx, task2run.ztask);
- task2run.ztask->_is_busy = 0;
- } else {
- zrtp_sem_post(count);
- }
-
- ZRTP_SCHED_SLEEP(1);
- }
-
-#if (ZRTP_PLATFORM != ZP_WIN32)&& (ZRTP_PLATFORM != ZP_WINCE)
- is_working = 0;
-#endif
-
-#if (ZRTP_PLATFORM != ZP_WIN32) && (ZRTP_PLATFORM != ZP_WIN64) && (ZRTP_PLATFORM != ZP_WINCE)
- return NULL;
-#else
- return 0;
-#endif
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_def_scheduler_init(zrtp_global_t* zrtp)
-{
- zrtp_status_t status = zrtp_status_ok;
-
- if (inited) {
- return zrtp_status_ok;
- }
-
- do {
- init_mlist(&tasks_head);
-
- if (zrtp_status_ok != (status = zrtp_mutex_init(&protector))) {
- break;
- }
- if (zrtp_status_ok != (status = zrtp_sem_init(&count, 0, ZRTP_SCHED_QUEUE_SIZE))) {
- break;
- }
-
- /* Starting processing loop */
- is_running = 1;
-
- if (0 != zrtp_thread_create(sched_loop, NULL)) {
- zrtp_sem_destroy(count);
- zrtp_mutex_destroy(protector);
-
- status = zrtp_status_fail;
- break;
- }
-
- inited = 1;
- } while (0);
-
- return status;
-}
-
-/*---------------------------------------------------------------------------*/
-void zrtp_def_scheduler_down()
-{
- mlist_t *node = 0, *tmp = 0;
-
- if (!inited) {
- return;
- }
-
- /* Stop main thread */
- is_running = 0;
- zrtp_sem_post(count);
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WINCE)
- if (NULL != scheduler_thread)
- {
- WaitForSingleObject(scheduler_thread, INFINITE);
- CloseHandle(scheduler_thread);
- scheduler_thread = NULL;
- }
-#else
- while (is_working) {
- ZRTP_SCHED_SLEEP(1);
- }
-#endif
-
- /* Then destroy tasks queue and realease all other resources */
- zrtp_mutex_lock(protector);
-
- mlist_for_each_safe(node, tmp, &tasks_head) {
- zrtp_sched_task_t* task = mlist_get_struct(zrtp_sched_task_t, _mlist, node);
- zrtp_sys_free(task);
- }
- init_mlist(&tasks_head);
-
- zrtp_mutex_unlock(protector);
-
- zrtp_mutex_destroy(protector);
- zrtp_sem_destroy(count);
-
- inited = 0;
-}
-
-/*---------------------------------------------------------------------------*/
-void zrtp_def_scheduler_call_later(zrtp_stream_t *ctx, zrtp_retry_task_t* ztask)
-{
- mlist_t *node=0, *tmp=0;
- mlist_t* last = &tasks_head;
-
- zrtp_mutex_lock(protector);
-
- if (!ztask->_is_enabled) {
- zrtp_mutex_unlock(protector);
- return;
- }
-
- do {
- zrtp_sched_task_t* new_task = zrtp_sys_alloc(sizeof(zrtp_sched_task_t));
- if (!new_task) {
- break;
- }
-
- new_task->ctx = ctx;
- new_task->ztask = ztask;
- new_task->wake_at = zrtp_time_now() + ztask->timeout;
-
- /* Try to find element with later wacked time than we have */
- mlist_for_each_safe(node, tmp, &tasks_head) {
- zrtp_sched_task_t* tmp_task = mlist_get_struct(zrtp_sched_task_t, _mlist, node);
- if (tmp_task->wake_at >= new_task->wake_at) {
- last = node;
- break;
- }
- }
-
- /*
- * If packet wasn't inserted (empty queue or all elements are smaller)
- * Put them to the end of the queue.
- */
- mlist_insert(last, &new_task->_mlist);
-
- zrtp_sem_post(count);
- } while (0);
-
- zrtp_mutex_unlock(protector);
-}
-
-/*---------------------------------------------------------------------------*/
-void zrtp_def_scheduler_cancel_call_later(zrtp_stream_t* ctx, zrtp_retry_task_t* ztask)
-{
- mlist_t *node=0, *tmp=0;
-
- zrtp_mutex_lock(protector);
-
- mlist_for_each_safe(node, tmp, &tasks_head) {
- zrtp_sched_task_t* task = mlist_get_struct(zrtp_sched_task_t, _mlist, node);
- if ((task->ctx == ctx) && ((task->ztask == ztask) || !ztask)) {
- mlist_del(&task->_mlist);
- zrtp_sys_free(task);
- zrtp_sem_trtwait(count);
- if (ztask) {
- break;
- }
- }
- }
-
- zrtp_mutex_unlock(protector);
-}
-
-void zrtp_def_scheduler_wait_call_later(zrtp_stream_t* ctx)
-{
- while (ctx->messages.hello_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
- while (ctx->messages.commit_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
- while (ctx->messages.dhpart_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
- while (ctx->messages.confirm_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
- while (ctx->messages.error_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
- while (ctx->messages.errorack_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
- while (ctx->messages.goclear_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
- while (ctx->messages.dh_task._is_busy) {
- ZRTP_SCHED_SLEEP(1);
- }
-}
-
-#endif /* not for windows kernel */
-
-#endif // ZRTP_PLATFORM==ZP_SYMBIAN
-
-#endif /*ZRTP_USE_BUILTIN_SCEHDULER*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#if (defined(ZRTP_USE_BUILTIN) && (ZRTP_USE_BUILTIN == 1))
-
-/*============================================================================*/
-/* Default realization of Mutexes synchronization routine */
-/*============================================================================*/
-
-/*---------------------------------------------------------------------------*/
-#if (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
-#include <Ndis.h>
-
-struct zrtp_mutex_t
-{
- NDIS_SPIN_LOCK mutex;
-};
-
-zrtp_status_t zrtp_mutex_init(zrtp_mutex_t **mutex)
-{
- zrtp_mutex_t* new_mutex = zrtp_sys_alloc(sizeof(zrtp_mutex_t));
- if (!new_mutex)
- return zrtp_status_alloc_fail;
- NdisAllocateSpinLock(&new_mutex->mutex);
- *mutex = new_mutex;
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_destroy(zrtp_mutex_t* mutex)
-{
- NdisFreeSpinLock(&mutex->mutex);
- zrtp_sys_free(mutex);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_lock(zrtp_mutex_t* mutex)
-{
- NdisAcquireSpinLock(&mutex->mutex);
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_unlock(zrtp_mutex_t* mutex)
-{
- NdisReleaseSpinLock(&mutex->mutex);
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-#elif (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
-
-#include <Windows.h>
-
-struct zrtp_mutex_t
-{
- HANDLE mutex;
-};
-
-zrtp_status_t zrtp_mutex_init(zrtp_mutex_t** mutex)
-{
- zrtp_mutex_t* new_mutex = zrtp_sys_alloc(sizeof(zrtp_mutex_t));
- if (!new_mutex)
- return zrtp_status_alloc_fail;
- new_mutex->mutex = CreateMutex(NULL, FALSE, NULL);
- if (!new_mutex->mutex) {
- zrtp_sys_free(new_mutex);
- return zrtp_status_fail;
- }
- *mutex = new_mutex;
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_destroy(zrtp_mutex_t* mutex)
-{
- zrtp_status_t s = (0 == CloseHandle(mutex->mutex)) ? zrtp_status_fail : zrtp_status_ok;
- zrtp_sys_free(mutex);
- return s;
-}
-
-zrtp_status_t zrtp_mutex_lock(zrtp_mutex_t* mutex)
-{
- return (WaitForSingleObject(mutex->mutex, INFINITE) == WAIT_FAILED) ? zrtp_status_fail : zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_mutex_unlock(zrtp_mutex_t* mutex)
-{
- return (0 == ReleaseMutex(mutex->mutex)) ? zrtp_status_fail : zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-#elif (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_BSD) || (ZRTP_PLATFORM == ZP_ANDROID)
-
-#if defined ZRTP_HAVE_PTHREAD_H
-# include <pthread.h>
-#endif
-
-struct zrtp_mutex_t
-{
- pthread_mutex_t mutex;
-};
-
-
-zrtp_status_t zrtp_mutex_init(zrtp_mutex_t** mutex)
-{
- zrtp_mutex_t* new_mutex = zrtp_sys_alloc(sizeof(zrtp_mutex_t));
- if (new_mutex) {
- zrtp_status_t s = pthread_mutex_init(&new_mutex->mutex, NULL) == 0 ? zrtp_status_ok : zrtp_status_fail;
- if (s == zrtp_status_fail)
- zrtp_sys_free(new_mutex);
- else
- *mutex = new_mutex;
- return s;
- }
- return zrtp_status_alloc_fail;
-}
-
-zrtp_status_t zrtp_mutex_destroy(zrtp_mutex_t* mutex)
-{
- zrtp_status_t s = (pthread_mutex_destroy(&mutex->mutex) == 0) ? zrtp_status_ok : zrtp_status_fail;
- zrtp_sys_free(mutex);
- return s;
-}
-
-zrtp_status_t zrtp_mutex_lock(zrtp_mutex_t* mutex)
-{
- return (pthread_mutex_lock(&mutex->mutex) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_mutex_unlock(zrtp_mutex_t* mutex)
-{
- return (pthread_mutex_unlock(&mutex->mutex) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-#endif
-
-
-/*============================================================================*/
-/* Default realization of Semaphores synchronization routine */
-/*============================================================================*/
-
-#if (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
-
-struct zrtp_sem_t
-{
- KSEMAPHORE sem;
-};
-
-zrtp_status_t zrtp_sem_init(zrtp_sem_t** sem, uint32_t val, uint32_t limit)
-{
- zrtp_sem_t *new_sem = zrtp_sys_alloc(sizeof(zrtp_sem_t));
- if (NULL == new_sem) {
- return zrtp_status_alloc_fail;
- }
-
- KeInitializeSemaphore(&new_sem->sem, val, limit);
- *sem = new_sem;
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_destroy(zrtp_sem_t* sem)
-{
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_wait(zrtp_sem_t* sem)
-{
- return KeWaitForSingleObject(&sem->sem, Executive, KernelMode, FALSE, NULL) == STATUS_SUCCESS ?
- zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_sem_trtwait(zrtp_sem_t* sem)
-{
- LARGE_INTEGER timeout;
- timeout.QuadPart = 0;
-
- return KeWaitForSingleObject(&sem->sem, Executive, KernelMode, FALSE, &timeout) == STATUS_SUCCESS ?
- zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_sem_post(zrtp_sem_t* sem)
-{
- KeReleaseSemaphore(&sem->sem, IO_NO_INCREMENT, 1, FALSE);
- return zrtp_status_ok;
-}
-
-
-#elif (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
-
-struct zrtp_sem_t
-{
- HANDLE sem;
-};
-
-zrtp_status_t zrtp_sem_init(zrtp_sem_t** sem, uint32_t val, uint32_t limit)
-{
- zrtp_sem_t *new_sem = zrtp_sys_alloc(sizeof(zrtp_sem_t));
- if (NULL == new_sem) {
- return zrtp_status_alloc_fail;
- }
-
- new_sem->sem = CreateSemaphore(NULL, val, limit, NULL);
- if (!new_sem->sem) {
- zrtp_sys_free(new_sem);
- return zrtp_status_fail;
- }
- *sem = new_sem;
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_destroy(zrtp_sem_t* sem)
-{
- zrtp_status_t s = (0 == CloseHandle(sem->sem)) ? zrtp_status_fail : zrtp_status_ok;
- zrtp_sys_free(sem);
- return s;
-}
-
-zrtp_status_t zrtp_sem_wait(zrtp_sem_t* sem)
-{
- return (WaitForSingleObject(sem->sem, INFINITE) == WAIT_FAILED) ? zrtp_status_fail : zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_trtwait(zrtp_sem_t* sem)
-{
- return (WaitForSingleObject(sem->sem, 0) == WAIT_OBJECT_0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_sem_post(zrtp_sem_t* sem)
-{
- return (0 == ReleaseSemaphore(sem->sem, 1, NULL)) ? zrtp_status_fail : zrtp_status_ok;
-}
-
-#elif (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_BSD) || (ZRTP_PLATFORM == ZP_ANDROID)
-
-#if defined ZRTP_HAVE_STDIO_H
-# include <stdio.h>
-#endif
-#if ZRTP_HAVE_SEMAPHORE_H
-# include <semaphore.h>
-#endif
-#if ZRTP_HAVE_FCNTL_H
-# include <fcntl.h>
-#endif
-#if ZRTP_HAVE_ERRNO_H
-# include <errno.h>
-#endif
-
-
-#if (ZRTP_PLATFORM == ZP_DARWIN)
-
-struct zrtp_sem_t
-{
- sem_t* sem;
-};
-
-zrtp_status_t zrtp_sem_init(zrtp_sem_t** sem, uint32_t value, uint32_t limit)
-{
- zrtp_status_t s = zrtp_status_ok;
- char name_buff[48];
- zrtp_time_t now = zrtp_time_now();
-
- zrtp_sem_t *new_sem = (zrtp_sem_t*)zrtp_sys_alloc(sizeof(zrtp_sem_t));
- if (0 == new_sem) {
- return zrtp_status_alloc_fail;
- }
-
- /*
- * This bogusness is to follow what appears to be the lowest common
- * denominator in Posix semaphore naming:
- * - start with '/'
- * - be at most 15 chars
- * - be unique and not match anything on the filesystem
- * We suppose to generate unique name for every semaphore in the system.
- */
-
- sprintf(name_buff, "/libzrtp.%llxZ%llx", now/1000, now);
- new_sem->sem = sem_open(name_buff, O_CREAT | O_EXCL, S_IRUSR|S_IWUSR, value);
- if ((sem_t *)SEM_FAILED == new_sem->sem) {
- if (errno == ENAMETOOLONG) {
- name_buff[13] = '\0';
- } else if (errno == EEXIST) {
- sprintf(name_buff, "/libzrtp.%llxZ%llx", now, now/1000);
- } else {
- s = zrtp_status_fail;
- }
- new_sem->sem = sem_open(name_buff, O_CREAT | O_EXCL, 0644, value);
- }
-
- if (new_sem->sem == (sem_t *)SEM_FAILED) {
- s = zrtp_status_fail;
- zrtp_sys_free(new_sem);
- } else {
- sem_unlink(name_buff);
- *sem = new_sem;
- }
-
- return s;
-}
-
-zrtp_status_t zrtp_sem_destroy(zrtp_sem_t* sem)
-{
- zrtp_status_t s = sem_close(sem->sem);
- zrtp_sys_free(sem);
- if (0 != s) {
- s = zrtp_status_fail;
- }
-
- return s;
-}
-
-zrtp_status_t zrtp_sem_wait(zrtp_sem_t* sem)
-{
- return (sem_wait(sem->sem) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_sem_trtwait(zrtp_sem_t* sem)
-{
- return (sem_trywait(sem->sem) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_sem_post(zrtp_sem_t* sem)
-{
- return (sem_post(sem->sem) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-#else
-
-struct zrtp_sem_t
-{
- sem_t sem;
-};
-
-
-zrtp_status_t zrtp_sem_init(zrtp_sem_t** sem, uint32_t value, uint32_t limit)
-{
- zrtp_sem_t *new_sem = (zrtp_sem_t*)zrtp_sys_alloc(sizeof(zrtp_sem_t));
- if (NULL == new_sem) {
- return zrtp_status_alloc_fail;
- }
-
- if (sem_init(&new_sem->sem, 0, value) != 0) {
- zrtp_sys_free(new_sem);
- return zrtp_status_fail;
- }
-
- *sem = new_sem;
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_sem_destroy(zrtp_sem_t* sem)
-{
- zrtp_status_t s = sem_destroy(&sem->sem) == 0 ? zrtp_status_ok : zrtp_status_fail;
- zrtp_sys_free(sem);
- return s;
-}
-
-zrtp_status_t zrtp_sem_wait(zrtp_sem_t* sem)
-{
- return (sem_wait(&sem->sem) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_sem_trtwait(zrtp_sem_t* sem)
-{
- return (sem_trywait(&sem->sem) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-zrtp_status_t zrtp_sem_post(zrtp_sem_t* sem)
-{
- return (sem_post(&sem->sem) == 0) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-
-#endif
-
-
-#endif
-
-
-/*============================================================================*/
-/* Default realization of general routine */
-/*============================================================================*/
-
-#if defined ZRTP_HAVE_STRING_H
-# include <string.h> /* for memset() and memcpy() */
-#endif
-
-/*----------------------------------------------------------------------------*/
-#if (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
-
-void* zrtp_sys_alloc(unsigned int size)
-{
- void *VA;
- return (NDIS_STATUS_SUCCESS != NdisAllocateMemoryWithTag(&VA, size, (ULONG)"zrtp")) ? NULL : VA;
-}
-
-void zrtp_sys_free(void* obj)
-{
- /* Length is 0 because memory was allocated with TAG */
- NdisFreeMemory(obj, 0, 0);
-}
-
-void* zrtp_memcpy(void* dest, const void* src, unsigned int length)
-{
- return memcpy(dest,src,length);
-}
-
-void *zrtp_memset(void *s, int c, unsigned int n)
-{
- return memset(s, c, n);
-}
-
-zrtp_time_t zrtp_time_now()
-{
- LARGE_INTEGER ft;
- KeQuerySystemTime(&ft);
-
- ft.QuadPart -= 116444736000000000;
- return (zrtp_time_t)(ft.QuadPart) / 10000;
-}
-#else
-
-/*---------------------------------------------------------------------------*/
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
-
-zrtp_time_t zrtp_time_now()
-{
- LONGLONG ft;
-
-#if ZRTP_PLATFORM != ZP_WINCE
- GetSystemTimeAsFileTime((LPFILETIME)&ft);
-#else
- SYSTEMTIME SystemTime;
- GetSystemTime(&SystemTime);
- SystemTimeToFileTime(&SystemTime, (LPFILETIME)&ft);
-#endif
-
- ft -= 116444736000000000;
- return (zrtp_time_t)(ft) / 10000;
-}
-
-/*---------------------------------------------------------------------------*/
-#elif (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_SYMBIAN) || (ZRTP_PLATFORM == ZP_BSD) || (ZRTP_PLATFORM == ZP_ANDROID)
-
-#if defined ZRTP_HAVE_SYS_TIME_H
-# include <sys/time.h>
-#endif
-
-zrtp_time_t zrtp_time_now()
-{
- struct timeval tv;
- if (0 == gettimeofday(&tv, 0)) {
- return (zrtp_time_t)(tv.tv_sec)*1000 + (zrtp_time_t)(tv.tv_usec)/1000;
- }
- return 0;
-}
-#endif
-
-
-void *zrtp_memset(void *s, int c, unsigned int n)
-{
- memset(s, c, n);
- return s;
-}
-
-void* zrtp_memcpy(void* dest, const void* src, unsigned int length)
-{
- memcpy(dest, src, (size_t)length);
- return dest;
-}
-
-void* zrtp_sys_alloc(unsigned int size)
-{
- return malloc((size_t)size);
-}
-
-void zrtp_sys_free(void* obj)
-{
- free(obj);
-}
-
-#endif /* default platform-dependent components realizations */
-
-#endif /*ZRTP_USE_BUILTIN*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp initiator"
-
-extern zrtp_status_t _zrtp_machine_start_initiating_secure(zrtp_stream_t *stream);
-
-/*! These functions set constructs and start ZRTP messages replays */
-static zrtp_status_t _zrtp_machine_start_send_and_resend_commit(zrtp_stream_t *stream);
-static zrtp_status_t _zrtp_machine_start_send_and_resend_dhpart2(zrtp_stream_t *stream);
-static zrtp_status_t _zrtp_machine_start_send_and_resend_confirm2(zrtp_stream_t *stream);
-
-/*!
- * We need to know the contents of the DH2 packet before we send the Commit to
- * compute the hash value. So, we construct DH packet but don't send it till
- * WAITING_FOR_CONFIRM1 state.
-*/
-static void _prepare_dhpart2(zrtp_stream_t *stream);
-
-/*
- * Parses DH packet: check for MitM1 attack and makes a copy of the packet for
- * later. \exception: Handles all exceptions -- informs user and switches to
- * CLEAR.(MITM attacks)
- */
-static zrtp_status_t _zrtp_machine_process_incoming_dhpart1( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet);
-/*
- * Just a wrapper over the protocol::_zrtp_machine_process_confirm().
- * \exception: Handles all exceptions -- informs user and switches to
- * CLEAR. (SOFTWARE)
- */
-static zrtp_status_t _zrtp_machine_process_incoming_confirm1( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet);
-
-
-/*===========================================================================*/
-/* State handlers */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_initiatingsecure( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_COMMIT:
- if (ZRTP_STATEMACHINE_RESPONDER == _zrtp_machine_preparse_commit(stream, packet)) {
- _zrtp_cancel_send_packet_later(stream, ZRTP_COMMIT);
- s = _zrtp_machine_enter_pendingsecure(stream, packet);
- }
- break;
-
- case ZRTP_DHPART1:
- if (ZRTP_IS_STREAM_DH(stream)) {
- _zrtp_cancel_send_packet_later(stream, ZRTP_COMMIT);
-
- s = _zrtp_machine_process_incoming_dhpart1(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! _zrtp_machine_process_incoming_dhpart1() failed with status=%d ID=%u\n.", s, stream->id));
- break;
- }
-
- _zrtp_machine_start_send_and_resend_dhpart2(stream);
-
- /* Perform Key generation according to draft 5.6 */
- s = _zrtp_set_public_value(stream, 1);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! set_public_value1() failed with status=%d ID=%u.\n", s, stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- break;
- }
-
- _zrtp_change_state(stream, ZRTP_STATE_WAIT_CONFIRM1);
- }
- break;
-
- case ZRTP_CONFIRM1:
- if (ZRTP_IS_STREAM_FAST(stream)) {
- s = _zrtp_set_public_value(stream, 1);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = _zrtp_machine_process_incoming_confirm1(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! process_incoming_confirm1() failed with status=%d ID=%u.\n", s, stream->id));
- break;
- }
-
- _zrtp_cancel_send_packet_later(stream, ZRTP_COMMIT);
- _zrtp_change_state(stream, ZRTP_STATE_WAIT_CONFIRMACK);
- s = _zrtp_machine_start_send_and_resend_confirm2(stream);
- }
- break;
-
- case ZRTP_NONE:
- s = zrtp_status_drop;
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_waitconfirm1( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_CONFIRM1:
- s = _zrtp_machine_process_incoming_confirm1(stream, packet);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! process_incoming_confirm1() failed with status=%d ID=%u.\n", s, stream->id));
- break;
- }
-
- _zrtp_change_state(stream, ZRTP_STATE_WAIT_CONFIRMACK);
- _zrtp_cancel_send_packet_later(stream, ZRTP_DHPART2);
- s = _zrtp_machine_start_send_and_resend_confirm2(stream);
- break;
-
- case ZRTP_NONE:
- s = zrtp_status_drop;
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_waitconfirmack( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_NONE:
- s = _zrtp_protocol_decrypt(stream->protocol, packet, 1);
- if (s == zrtp_status_ok) {
- /*
- * High level functions triggers mutexes for protocol messages only.
- * We have manually protect this transaction triggered by media packet, not protocol packet.
- */
- zrtp_mutex_lock(stream->stream_protector);
-
- ZRTP_LOG(3,(_ZTU_, "Received FIRST VALID SRTP packet - switching to SECURE state. ID=%u\n", stream->id));
- _zrtp_cancel_send_packet_later(stream, ZRTP_CONFIRM2);
- _zrtp_machine_enter_secure(stream);
-
- zrtp_mutex_unlock(stream->stream_protector);
- }
- break;
-
- case ZRTP_CONFIRM2ACK:
- _zrtp_cancel_send_packet_later(stream, ZRTP_CONFIRM2);
- s = _zrtp_machine_enter_secure(stream);
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-
-/*===========================================================================*/
-/* State switchers */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_enter_initiatingsecure(zrtp_stream_t* stream)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- ZRTP_LOG(3,(_ZTU_,"\tENTER STATE INITIATING SECURE for ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- if (!ZRTP_IS_STREAM_MULT(stream)) {
- uint8_t id = ZRTP_COMP_UNKN;
- zrtp_session_t *session = stream->session;
- zrtp_packet_Hello_t *peer_hello = &stream->messages.peer_hello;
-
- /*
- * ZRTP specification provides that default crypto components may be
- * omitted from the Hello message, so we initialize components with
- * default values.
- */
- session->hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, session->zrtp);
- session->blockcipher = zrtp_comp_find(ZRTP_CC_CIPHER, ZRTP_CIPHER_AES128, session->zrtp);
- session->authtaglength = zrtp_comp_find(ZRTP_CC_ATL, ZRTP_ATL_HS32, session->zrtp);
- session->sasscheme = zrtp_comp_find(ZRTP_CC_SAS, ZRTP_SAS_BASE32, session->zrtp);
-
- id = _zrtp_choose_best_comp(&session->profile, peer_hello, ZRTP_CC_HASH);
- if (id != ZRTP_COMP_UNKN) {
- session->hash = zrtp_comp_find(ZRTP_CC_HASH, id, session->zrtp);
- }
- id = _zrtp_choose_best_comp(&session->profile, peer_hello, ZRTP_CC_CIPHER);
- if (id != ZRTP_COMP_UNKN) {
- session->blockcipher = zrtp_comp_find(ZRTP_CC_CIPHER, id, session->zrtp);
- }
- id = _zrtp_choose_best_comp(&session->profile, peer_hello, ZRTP_CC_ATL);
- if (id != ZRTP_COMP_UNKN) {
- session->authtaglength = zrtp_comp_find(ZRTP_CC_ATL, id, session->zrtp);
- }
- id = _zrtp_choose_best_comp(&session->profile, peer_hello, ZRTP_CC_SAS);
- if (id != ZRTP_COMP_UNKN) {
- session->sasscheme = zrtp_comp_find(ZRTP_CC_SAS, id, session->zrtp);
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tInitiator selected following options:\n"));
- ZRTP_LOG(3,(_ZTU_,"\t Hash: %.4s\n", session->hash->base.type));
- ZRTP_LOG(3,(_ZTU_,"\t Cipher: %.4s\n", session->blockcipher->base.type));
- ZRTP_LOG(3,(_ZTU_,"\t ATL: %.4s\n", session->authtaglength->base.type));
- ZRTP_LOG(3,(_ZTU_,"\tVAD scheme: %.4s\n", session->sasscheme->base.type));
- }
-
- do{
- /* Allocate resources for Initiator's state-machine */
- s = _zrtp_protocol_init(stream, 1, &stream->protocol);
- if (zrtp_status_ok != s) {
- break; /* Software error */
- }
-
- _zrtp_change_state(stream, ZRTP_STATE_INITIATINGSECURE);
-
- /* Prepare DHPart2 message to compute hvi. For DH and Preshared streams only*/
- if (ZRTP_IS_STREAM_DH(stream)) {
- _prepare_dhpart2(stream);
- }
-
- s = _zrtp_machine_start_send_and_resend_commit(stream);
- if (zrtp_status_ok != s) {
- break; /* EH: Software error */
- }
-
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_INITIATINGSECURE);
- }
- } while (0);
-
- if (zrtp_status_ok != s) {
- if (stream->protocol) {
- _zrtp_protocol_destroy(stream->protocol);
- stream->protocol = NULL;
- }
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- }
-
- if (ZRTP_IS_STREAM_DH(stream)) {
- /*
- * If stream->concurrent is set this means that we stopped a concurrent
- * DH stream to break a tie. This can happen when Commit messages are
- * sent by both ZRTP endpoints at the same time, but are received in
- * different media streams. Now current stream has finished DH setup and
- * we can resume the other one.
- */
- if (stream->concurrent) {
- zrtp_stream_t* tctx = stream->concurrent;
- stream->concurrent = NULL;
- ZRTP_LOG(3,(_ZTU_,"\tRelease Concurrent Stream ID=%u. ID=%u\n", tctx->id, stream->id));
- _zrtp_machine_start_initiating_secure(tctx);
- }
- }
-
-
- return s;
-}
-
-
-/*===========================================================================*/
-/* Packet handlers */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-static zrtp_status_t _zrtp_machine_process_incoming_dhpart1( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet)
-{
- zrtp_status_t s = zrtp_status_ok;
- zrtp_packet_DHPart_t *dhpart1 = (zrtp_packet_DHPart_t*) packet->message;
-
- /* Validating DH (pvr is 1 or p-1) */
- bnInsertBigBytes(&stream->dh_cc.peer_pv, dhpart1->pv, 0, stream->pubkeyscheme->pv_length);
-
- s = stream->pubkeyscheme->validate(stream->pubkeyscheme, &stream->dh_cc.peer_pv);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(2,(_ZTU_,"\tERROR! " ZRTP_MITM1_WARNING_STR " ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_possible_mitm1, 1);
- return s;
- }
-
- /* Copy DH Part1 packet for further hashing */
- zrtp_memcpy(&stream->messages.peer_dhpart, dhpart1, zrtp_ntoh16(dhpart1->hdr.length)*4);
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t _zrtp_machine_process_incoming_confirm1( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet)
-{
- return _zrtp_machine_process_confirm(stream, (zrtp_packet_Confirm_t*) packet->message);
-}
-
-
-/*===========================================================================*/
-/* Packet senders */
-/*===========================================================================*/
-
-static void _send_and_resend_commit(zrtp_stream_t *stream, zrtp_retry_task_t* task)
-{
- if (task->_retrys >= ZRTP_T2_MAX_COUNT) {
- ZRTP_LOG(2,(_ZTU_,"WARNING! COMMIT Max retransmissions count reached. ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_timeout, 0);
- } else if (task->_is_enabled) {
- zrtp_status_t s = zrtp_status_fail;
- zrtp_packet_Commit_t* commit = (zrtp_packet_Commit_t*) &stream->messages.commit;
-
- s = _zrtp_packet_send_message(stream, ZRTP_COMMIT, commit);
- task->timeout = _zrtp_get_timeout((uint32_t)task->timeout, ZRTP_COMMIT);
- if (s == zrtp_status_ok) {
- task->_retrys++;
- }
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
-}
-
-/*---------------------------------------------------------------------------*/
-static zrtp_status_t _zrtp_machine_start_send_and_resend_commit(zrtp_stream_t *stream)
-{
- zrtp_proto_crypto_t* cc = stream->protocol->cc;
- zrtp_packet_Commit_t* commit = &stream->messages.commit;
- zrtp_retry_task_t* task = &stream->messages.commit_task;
- uint8_t hmac_offset = ZRTP_COMMIT_STATIC_SIZE;
- zrtp_session_t *session = stream->session;
-
- zrtp_memcpy(commit->zid, stream->messages.hello.zid, sizeof(zrtp_zid_t));
-
- zrtp_memcpy(commit->hash_type, session->hash->base.type, ZRTP_COMP_TYPE_SIZE);
- zrtp_memcpy(commit->cipher_type, session->blockcipher->base.type, ZRTP_COMP_TYPE_SIZE);
- zrtp_memcpy(commit->auth_tag_length, session->authtaglength->base.type, ZRTP_COMP_TYPE_SIZE );
- zrtp_memcpy(commit->public_key_type, stream->pubkeyscheme->base.type, ZRTP_COMP_TYPE_SIZE);
- zrtp_memcpy(commit->sas_type, session->sasscheme->base.type, ZRTP_COMP_TYPE_SIZE);
-
- /*
- * According to the last version of the internet draft 08b., hvi should be
- * computed as:
- * a) hvi=hash(initiator's DHPart2 message | responder's Hello message) for DH stream.
- * b) For Multistream it just a 128 bit random nonce.
- * c) For Preshared streams it keyID = HMAC(preshared_key, "Prsh") truncated to 64 bits
- */
- switch (stream->mode)
- {
- case ZRTP_STREAM_MODE_DH:
- {
- void *hash_ctx = session->hash->hash_begin(session->hash);
- if (!hash_ctx) {
- return zrtp_status_alloc_fail;
- }
-
- session->hash->hash_update( session->hash,
- hash_ctx,
- (const int8_t*)&stream->messages.dhpart,
- zrtp_ntoh16(stream->messages.dhpart.hdr.length)*4);
- session->hash->hash_update( session->hash,
- hash_ctx,
- (const int8_t*)&stream->messages.peer_hello,
- zrtp_ntoh16(stream->messages.peer_hello.hdr.length)*4);
-
- session->hash->hash_end(session->hash, hash_ctx, ZSTR_GV(cc->hv));
- zrtp_memcpy(commit->hv, cc->hv.buffer, ZRTP_HV_SIZE);
- hmac_offset += ZRTP_HV_SIZE;
- } break;
-
- case ZRTP_STREAM_MODE_PRESHARED:
- {
- zrtp_string8_t key_id = ZSTR_INIT_EMPTY(key_id);
- zrtp_status_t s = zrtp_status_ok;
-
- /* Generate random 4 word nonce */
- if (ZRTP_HV_NONCE_SIZE != zrtp_randstr(session->zrtp, (unsigned char*)cc->hv.buffer, ZRTP_HV_NONCE_SIZE)) {
- return zrtp_status_rng_fail;
- }
- cc->hv.length = ZRTP_HV_NONCE_SIZE;
-
- /*
- * Generate Preshared_key:
- * hash(len(rs1) | rs1 | len(auxsecret) | auxsecret | len(pbxsecret) | pbxsecret)
- */
- s = _zrtp_compute_preshared_key( session,
- ZSTR_GV(session->secrets.rs1->value),
- (session->secrets.auxs->_cachedflag) ? ZSTR_GV(session->secrets.auxs->value) : NULL,
- (session->secrets.pbxs->_cachedflag) ? ZSTR_GV(session->secrets.pbxs->value) : NULL,
- NULL,
- ZSTR_GV(key_id));
- if (zrtp_status_ok != s) {
- return s;
- }
-
- /* Copy 4 word nonce and add 2 word keyID */
- zrtp_memcpy(commit->hv, cc->hv.buffer, ZRTP_HV_NONCE_SIZE);
- hmac_offset += ZRTP_HV_NONCE_SIZE;
-
- zrtp_memcpy(commit->hv+ZRTP_HV_NONCE_SIZE, key_id.buffer, ZRTP_HV_KEY_SIZE);
- hmac_offset += ZRTP_HV_KEY_SIZE;
- } break;
-
- case ZRTP_STREAM_MODE_MULT:
- {
- if(ZRTP_HV_NONCE_SIZE != zrtp_randstr(session->zrtp, (unsigned char*)cc->hv.buffer, ZRTP_HV_NONCE_SIZE)) {
- return zrtp_status_rng_fail;
- }
-
- cc->hv.length = ZRTP_HV_NONCE_SIZE;
- zrtp_memcpy(commit->hv, cc->hv.buffer, ZRTP_HV_NONCE_SIZE);
- hmac_offset += ZRTP_HV_NONCE_SIZE;
- }break;
- default: break;
- }
-
- _zrtp_packet_fill_msg_hdr(stream, ZRTP_COMMIT, hmac_offset + ZRTP_HMAC_SIZE, &commit->hdr);
-
- {
- char buff[256];
- ZRTP_LOG(3,(_ZTU_,"\tStart Sending COMMIT ID=%u mode=%s state=%s:\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
- ZRTP_LOG(3,(_ZTU_,"\t Hash: %.4s\n", commit->hash_type));
- ZRTP_LOG(3,(_ZTU_,"\t Cipher: %.4s\n", commit->cipher_type));
- ZRTP_LOG(3,(_ZTU_,"\t ATL: %.4s\n", commit->auth_tag_length));
- ZRTP_LOG(3,(_ZTU_,"\t PK scheme: %.4s\n", commit->public_key_type));
- ZRTP_LOG(3,(_ZTU_,"\tVAD scheme: %.4s\n", commit->sas_type));
-
- ZRTP_LOG(3,(_ZTU_,"\t hv: %s\n", hex2str((const char*)commit->hv, ZRTP_HV_SIZE, (char*)buff, sizeof(buff))));
- }
-
- task->_is_enabled = 1;
- task->callback = _send_and_resend_commit;
- task->_retrys = 0;
- _send_and_resend_commit(stream, task);
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static void _send_and_resend_dhpart2(zrtp_stream_t *stream, zrtp_retry_task_t* task)
-{
- if (task->_retrys >= ZRTP_T2_MAX_COUNT)
- {
- ZRTP_LOG(1,(_ZTU_,"WARNING! DH2 Max retransmissions count reached. ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_timeout, 0);
- } else if (task->_is_enabled) {
- zrtp_status_t s = _zrtp_packet_send_message(stream, ZRTP_DHPART2, &stream->messages.dhpart);
- task->timeout = _zrtp_get_timeout((uint32_t)task->timeout, ZRTP_DHPART2);
- if (zrtp_status_ok == s) {
- task->_retrys++;
- }
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
-}
-
-static void _prepare_dhpart2(zrtp_stream_t *stream)
-{
- zrtp_proto_crypto_t* cc = stream->protocol->cc;
- zrtp_packet_DHPart_t *dh2 = &stream->messages.dhpart;
- uint16_t dh_length = (uint16_t)stream->pubkeyscheme->pv_length;
-
- zrtp_memcpy(dh2->rs1ID, cc->rs1.id.buffer, ZRTP_RSID_SIZE);
- zrtp_memcpy(dh2->rs2ID, cc->rs2.id.buffer, ZRTP_RSID_SIZE);
- zrtp_memcpy(dh2->auxsID, cc->auxs.id.buffer, ZRTP_RSID_SIZE);
- zrtp_memcpy(dh2->pbxsID, cc->pbxs.id.buffer, ZRTP_RSID_SIZE);
-
- bnExtractBigBytes(&stream->dh_cc.pv, dh2->pv, 0, dh_length);
-
- _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_DHPART2,
- dh_length + ZRTP_DH_STATIC_SIZE + ZRTP_HMAC_SIZE,
- &dh2->hdr );
-}
-
-static zrtp_status_t _zrtp_machine_start_send_and_resend_dhpart2(zrtp_stream_t *stream)
-{
- zrtp_retry_task_t* task = &stream->messages.dhpart_task;
-
- task->_is_enabled = 1;
- task->callback = _send_and_resend_dhpart2;
- task->_retrys = 0;
- _send_and_resend_dhpart2(stream, task);
-
- return zrtp_status_ok;
-}
-
-
-/*---------------------------------------------------------------------------*/
-static void _send_and_resend_confirm2(zrtp_stream_t *stream, zrtp_retry_task_t* task)
-{
- if (task->_retrys >= ZRTP_T2_MAX_COUNT) {
- ZRTP_LOG(1,(_ZTU_,"WARNING! CONFIRM2 Max retransmissions count reached. ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_timeout, 0);
- } else if (task->_is_enabled) {
- zrtp_status_t s = zrtp_status_ok;
- s = _zrtp_packet_send_message(stream, ZRTP_CONFIRM2, &stream->messages.confirm);
- task->timeout = _zrtp_get_timeout((uint32_t)task->timeout, ZRTP_CONFIRM2);
- if (zrtp_status_ok == s) {
- task->_retrys++;
- }
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
-}
-
-static zrtp_status_t _zrtp_machine_start_send_and_resend_confirm2(zrtp_stream_t *stream)
-{
- zrtp_retry_task_t* task = &stream->messages.confirm_task;
-
- zrtp_status_t s = _zrtp_machine_create_confirm(stream, &stream->messages.confirm);
- if (zrtp_status_ok != s) {
- return s;
- }
-
- s = _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_CONFIRM2,
- sizeof(zrtp_packet_Confirm_t) - sizeof(zrtp_msg_hdr_t),
- &stream->messages.confirm.hdr);
-
- if (zrtp_status_ok == s) {
- task->_is_enabled = 1;
- task->callback = _send_and_resend_confirm2;
- task->_retrys = 0;
- _send_and_resend_confirm2(stream, task);
- }
-
- return s;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2012 Philip R. Zimmermann. All rights reserved.
- *
- * This software development kit (the "program", "library", or "SDK")
- * is licensed under the terms of the GNU Affero General Public
- * License (AGPL) as published by the Free Software Foundation, AGPL
- * version 3 only, except as described below.
- *
- * If by private arrangement with Philip Zimmermann you've received
- * this library under a different license, that license will supersede
- * the terms set out in this document.
- *
- * You may not redistribute or use this library except according to
- * the terms described in this document. Don't be confused by the
- * AGPL. It is not the GPL, LGPL, Apache, MIT, BSD, Creative Commons,
- * WTFPL, or any other license you might imagine. It is the AGPLv3,
- * as included below.
- *
- * The AGPLv3 license places many complex restrictions on the usage
- * and distribution of this library which might make it inconvenient
- * to use in a commercial project or as part of a commercial service.
- * You might be surprised by the extent of the requirements. Many
- * people don't even consider the AGPL a free software license. So be
- * sure to check the exact details of the license before you use this
- * library for anything meaningful. For more information about the
- * AGPLv3, visit: http://www.gnu.org/licenses/agpl-3.0.html
- *
- * To license this library under non-AGPLv3 terms, please contact:
- * Philip Zimmermann <prz@mit.edu> (http://philzimmermann.com).
- *
- * As a special exception, you may combine this library with the code
- * of FreeSWITCH or FreeSWITCH derivatives and modify, redistribute,
- * and use the resulting source code and executable binaries
- * (including modified versions of each) under the Mozilla Public
- * License Version 1.1 (MPLv1.1). For more information about
- * FreeSWITCH, visit: https://freeswitch.org/
- *
- * As a restatement of the above, you may use, modify, and
- * redistribute this library as if it were licensed under the MPLv1.1
- * if and only if it is combined with FreeSWITCH or a derivative work
- * of the FreeSWITCH code. If it is not combined with anything, the
- * terms of the AGPLv3 apply. If it is combined with any other
- * program that is not FreeSWITCH or a derivative work of the
- * FreeSWITCH code but not also combined with FreeSWITCH or a
- * derivative work of the FreeSWITCH code in the same work, the terms
- * of the AGPLv3 apply.
- *
- * I, Phil Zimmermann, would like to make the following non-binding
- * request of any contributors to this library: please make your
- * changes available for me to sublicense. I support myself in part
- * on my ability to license software I've created to producers of
- * proprietary software, and I'd like to include your contributions in
- * the proprietary releases I make. You can allow me to do so either
- * by placing your changes in the public domain (e.g. "I place these
- * changes in the public domain") or by granting me certain rights to
- * your changes (e.g. "I grant to Philip Zimmermann a non-exclusive,
- * irrevocable, world-wide license to distribute, modify, use in any
- * way, and sublicense under any terms my code and changes to
- * libzrtp").
- *
- * This file must be packaged together with the rest of the libZRTP
- * SDK source code. That's why it's in a .c file.
- *
- * This software might be subject to export controls by the US
- * Commerce Department's Bureau of Industry and Security. This
- * software is provided "as is," with no warranty expressed or
- * implied.
- *
- */
-
-/* Force inclusion of this copyright string in the linked binary,
- * accessible to the unix strings command. */
-#include "zrtp_legal.h"
-volatile const char zrtpCopyright[] =
- "\0libZRTP Copyright (c) 2006-2009 Philip R. Zimmermann.";
-
-/****************************************************************************
-
- GNU AFFERO GENERAL PUBLIC LICENSE
- Version 3, 19 November 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
-
- The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
- Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
-
- A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate. Many developers of free software are heartened and
-encouraged by the resulting cooperation. However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
-
- The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community. It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server. Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
-
- An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals. This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- TERMS AND CONDITIONS
-
- 0. Definitions.
-
- "This License" refers to version 3 of the GNU Affero General Public License.
-
- "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
- "The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
- To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy. The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
- A "covered work" means either the unmodified Program or a work based
-on the Program.
-
- To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
- To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
- An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
- 1. Source Code.
-
- The "source code" for a work means the preferred form of the work
-for making modifications to it. "Object code" means any non-source
-form of a work.
-
- A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
- The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
- The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
- The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
- The Corresponding Source for a work in source code form is that
-same work.
-
- 2. Basic Permissions.
-
- All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
- You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force. You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright. Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
- Conveying under any other circumstances is permitted solely under
-the conditions stated below. Sublicensing is not allowed; section 10
-makes it unnecessary.
-
- 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
- No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
- When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
- 4. Conveying Verbatim Copies.
-
- You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
- You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
- 5. Conveying Modified Source Versions.
-
- You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-
- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under section
- 7. This requirement modifies the requirement in section 4 to
- "keep intact all notices".
-
- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-
- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
- A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
- 6. Conveying Non-Source Forms.
-
- You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-
- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the
- Corresponding Source from a network server at no charge.
-
- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-
- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-
- e) Convey the object code using peer-to-peer transmission, provided
- you inform other peers where the object code and Corresponding
- Source of the work are being offered to the general public at no
- charge under subsection 6d.
-
- A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
- A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling. In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage. For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product. A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
- "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source. The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
- If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
- The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed. Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
- Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
- 7. Additional Terms.
-
- "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
- When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
- Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-
- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-
- c) Prohibiting misrepresentation of the origin of that material, or
- requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-
- d) Limiting the use for publicity purposes of names of licensors or
- authors of the material; or
-
- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-
- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions of
- it) with contractual assumptions of liability to the recipient, for
- any liability that these contractual assumptions directly impose on
- those licensors and authors.
-
- All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
- If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
- Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
- 8. Termination.
-
- You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
- However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
- Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
- Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
- 9. Acceptance Not Required for Having Copies.
-
- You are not required to accept this License in order to receive or
-run a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
- 10. Automatic Licensing of Downstream Recipients.
-
- Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
- An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
- You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
- 11. Patents.
-
- A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
- A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
- Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
- In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
- If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
- If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
- A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License. You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
- Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
- 12. No Surrender of Others' Freedom.
-
- If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all. For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
- 13. Remote Network Interaction; Use with the GNU General Public License.
-
- Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software. This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
-
- Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
-
- 14. Revised Versions of this License.
-
- The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time. Such new versions
-will be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
- Each version is given a distinguishing version number. If the
-Program specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
- If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
- Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
- 15. Disclaimer of Warranty.
-
- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. Limitation of Liability.
-
- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
- 17. Interpretation of Sections 15 and 16.
-
- If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
- If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source. For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code. There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
-
- You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
-
-****************************************************************************/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-/*----------------------------------------------------------------------------*/
-void init_mlist(mlist_t* head) {
- head->next = head;
- head->prev = head;
-}
-
-/*----------------------------------------------------------------------------*/
-static void mlist_insert_node(mlist_t* node, mlist_t* prev, mlist_t* next) {
- next->prev = node;
- node->next = next;
- node->prev = prev;
- prev->next = node;
-}
-
-void mlist_insert(mlist_t *prev, mlist_t *node) {
- mlist_insert_node(node, prev->prev, prev);
-}
-
-void mlist_add(mlist_t* head, mlist_t* node) {
- mlist_insert_node(node, head, head->next);
-}
-
-void mlist_add_tail(mlist_t *head, mlist_t *node) {
- mlist_insert_node(node, head->prev, head);
-}
-
-/*----------------------------------------------------------------------------*/
-static void mlist_remove(mlist_t* prev, mlist_t* next) {
- next->prev = prev;
- prev->next = next;
-}
-
-void mlist_del(mlist_t *node) {
- mlist_remove(node->prev, node->next);
- node->next = node->prev = 0;
-}
-
-void mlist_del_tail(mlist_t *node) {
- mlist_remove(node->prev, node->next);
- node->next = node->prev = 0;
-}
-
-/*----------------------------------------------------------------------------*/
-mlist_t* mlist_get(mlist_t *head) {
- return (head->next != head) ? head->next : 0;
-}
-
-mlist_t* mlist_get_tail(mlist_t *head) {
- return (head->prev != head) ? head->prev : 0;
-}
-
-/*----------------------------------------------------------------------------*/
-int mlist_isempty(mlist_t *head) {
- return (head->next == head);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#if (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
-#include <ndis.h>
-#include <ntstrsafe.h>
-#endif
-
-#if ZRTP_LOG_MAX_LEVEL >= 1
-
-/*----------------------------------------------------------------------------*/
-#if defined ZRTP_HAVE_STDIO_H
-# include <stdio.h>
-#endif
-#if defined ZRTP_HAVE_STRING_H
-# include <string.h>
-#endif
-#if defined ZRTP_HAVE_STDARG_H
-# include <stdarg.h>
-#endif
-
-static const char* k_unknown = "UNKNOWN";
-
-#if ZRTP_PLATFORM != ZP_WIN32_KERNEL
-void zrtp_def_log_write(int level, char *buffer, int len, int offset) {
- printf("%s", buffer);
-}
-
-static zrtp_log_engine *log_writer = &zrtp_def_log_write;
-#else
-static zrtp_log_engine *log_writer = NULL;
-#endif
-
-static uint32_t log_max_level = ZRTP_LOG_MAX_LEVEL;
-
-
-/*----------------------------------------------------------------------------*/
-void zrtp_log_set_level(uint32_t level) {
- log_max_level = level;
-}
-
-void zrtp_log_set_log_engine(zrtp_log_engine *engine) {
- log_writer = engine;
-}
-
-/*----------------------------------------------------------------------------*/
-static void zrtp_log(uint8_t is_clean, const char *sender, uint32_t level, const char *format, va_list marker)
-{
-#if (defined(ZRTP_USE_STACK_MINIM) && (ZRTP_USE_STACK_MINIM == 1))
- char *log_buffer = zrtp_sys_alloc(ZRTP_LOG_BUFFER_SIZE);
-#else
- char log_buffer[ZRTP_LOG_BUFFER_SIZE];
-#endif
- char* sline = log_buffer;
- uint32_t offset = 0;
- int len = 0;
-
- if (!sline) {
- return;
- }
-
- if (!is_clean) {
- /* Print sender with left aligment */
- uint32_t sender_len = strlen(sender);
- *sline++ = ' ';
- *sline++ = '[';
- if (sender_len <= ZRTP_LOG_SENDER_MAX_LEN) {
- while (sender_len < ZRTP_LOG_SENDER_MAX_LEN) {
- *sline++ = ' ', ++sender_len;
- }
- while (*sender) {
- *sline++ = *sender++;
- }
- } else {
- int i = 0;
- for (i=0; i<ZRTP_LOG_SENDER_MAX_LEN; ++i) {
- *sline++ = *sender++;
- }
- }
-
- *sline++ = ']';
- *sline++ = ':';
- offset += 3 + ZRTP_LOG_SENDER_MAX_LEN;
-
- *sline++ = ' ';
- offset += 1;
- }
-
- /* Print Message itself */
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
-# if (_MSC_VER >= 1400) && (ZRTP_PLATFORM != ZP_WINCE)
- len = _vsnprintf_s(sline, ZRTP_LOG_BUFFER_SIZE-offset-1, ZRTP_LOG_BUFFER_SIZE-offset-1, format, marker);
-# else
- len = _vsnprintf(sline, ZRTP_LOG_BUFFER_SIZE-offset, format, marker);
-# endif
-#elif (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
- RtlStringCchVPrintfA(sline, ZRTP_LOG_BUFFER_SIZE-offset, format, marker);
-#elif (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_BSD) || (ZRTP_PLATFORM == ZP_ANDROID)
- len = vsnprintf(sline, ZRTP_LOG_BUFFER_SIZE-offset, format, marker);
-#elif (ZRTP_PLATFORM == ZP_SYMBIAN)
- len = vsprintf(sline, format, marker);
-#endif
-
- if ((len > 0) && log_writer) {
- (*log_writer)(level, log_buffer, len+offset, offset);
- }
-
-#if (defined(ZRTP_USE_STACK_MINIM) && (ZRTP_USE_STACK_MINIM == 1))
- zrtp_sys_free(log_buffer);
-#endif
-}
-
-
-#if ZRTP_LOG_MAX_LEVEL >= 1
-void zrtp_log_1(const char *obj, const char *format, ...)
-{
- va_list arg;
- va_start(arg, format);
- zrtp_log(0, obj, 1, format, arg);
- va_end(arg);
-}
-void zrtp_logc_1(const char *format, ...)
-{
- va_list arg;
- va_start(arg, format);
- zrtp_log(1, NULL, 1, format, arg);
- va_end(arg);
-}
-
-#endif
-
-#if ZRTP_LOG_MAX_LEVEL >= 2
-void zrtp_log_2(const char *obj, const char *format, ...)
-{
- va_list arg;
- va_start(arg, format);
- zrtp_log(0, obj, 2, format, arg);
- va_end(arg);
-}
-void zrtp_logc_2(const char *format, ...)
-{
- va_list arg;
- va_start(arg, format);
- zrtp_log(1, NULL, 2, format, arg);
- va_end(arg);
-}
-
-#endif
-
-#if ZRTP_LOG_MAX_LEVEL >= 3
-void zrtp_log_3(const char *obj, const char *format, ...)
-{
- va_list arg;
- va_start(arg, format);
- zrtp_log(0, obj, 3, format, arg);
- va_end(arg);
-}
-void zrtp_logc_3(const char *format, ...)
-{
- va_list arg;
- va_start(arg, format);
- zrtp_log(1, NULL, 3, format, arg);
- va_end(arg);
-}
-
-#endif
-
-#endif
-
-/*---------------------------------------------------------------------------*/
-struct _error_strings_t
-{
- zrtp_protocol_error_t code;
- char* descr;
-};
-
-static const struct _error_strings_t _error_strings[] = {
- {zrtp_error_unknown, "Unknown"},
- {zrtp_error_timeout, "Protocol Packets Retries Timeout"},
- {zrtp_error_invalid_packet, "Malformed packet (CRC OK, but wrong structure)"},
- {zrtp_error_software, "Critical software error: no memory, can't call some system function, etc"},
- {zrtp_error_version, "Unsupported ZRTP version"},
- {zrtp_error_hello_mistmatch,"Hello components mismatch "},
-
- {zrtp_error_hash_unsp, "Hash type not supported"},
- {zrtp_error_cipher_unsp, "Cipher type not supported"},
- {zrtp_error_pktype_unsp, "Public key exchange not supported"},
- {zrtp_error_auth_unsp, "SRTP auth. tag not supported"},
- {zrtp_error_sas_unsp, "SAS scheme not supported"},
- {zrtp_error_no_secret, "No shared secret available, DH mode required"},
-
- {zrtp_error_possible_mitm1, "Attack DH Error: bad pvi or pvr ( == 1, 0, or p-1)"},
- {zrtp_error_possible_mitm2, "Attack DH Error: hvi != hashed data"},
- {zrtp_error_possible_mitm3, "Attack Received relayed SAS from untrusted MiTM"},
-
- {zrtp_error_auth_decrypt, "Auth. Error: Bad Confirm pkt HMAC"},
- {zrtp_error_nonse_reuse, "Nonce reuse"},
- {zrtp_error_equal_zid, "Equal ZIDs in Hello"},
- {zrtp_error_service_unavail,"Service unavailable"},
- {zrtp_error_goclear_unsp, "GoClear packet received, but not allowed"},
-
- {zrtp_error_wrong_zid, "ZID received in new Hello doesn't equal to ZID from the previous stream"},
- {zrtp_error_wrong_meshmac, "Message HMAC doesn't match with pre-received one"}
-};
-
-const char* zrtp_log_error2str(zrtp_protocol_error_t error)
-{
- int i=0;
- for(i=0; i<22; i++) {
- if (error == _error_strings[i].code) {
- return _error_strings[i].descr;
- }
- }
-
- return k_unknown;
-}
-
-/*---------------------------------------------------------------------------*/
-static char* _status_strings[zrtp_status_count] =
-{
- "OK status",
- "General, unspecified failure",
- "Wrong, unsupported parameter",
- "Fail allocate memory",
- "SRTP authentication failure",
- "Cipher failure on RTP encrypt/decrypt",
- "General Crypto Algorithm failure",
- "SRTP can't use key any longer",
- "Input buffer too small",
- "Packet process DROP status",
- "Failed to open file/device",
- "Unable to read data from the file/stream",
- "Unable to write to the file/stream",
- "SRTP packet is out of sliding window",
- "RTP replay protection failed",
- "ZRTP replay protection failed",
- "ZRTP packet CRC is wrong",
- "Can't generate random value",
- "Illegal operation in current state",
- "Attack detected",
- "Function is not available in current configuration"
-};
-
-const char* zrtp_log_status2str(zrtp_status_t error)
-{
- if (zrtp_status_count > error) {
- return _status_strings[error];
- } else {
- return k_unknown;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-static char* _state_names[ZRTP_STATE_COUNT] =
-{
- "NONE",
- "ACTIVE",
- "START",
- "W4HACK",
- "W4HELLO",
- "CLEAR",
- "SINITSEC",
- "INITSEC",
- "WCONFIRM",
- "W4CONFACK",
- "PENDSEC",
- "W4CONF2",
- "SECURE",
- "SASRELAY",
- "INITCLEAR",
- "PENDCLEAR",
- "INITERROR",
- "PENDERROR",
- "ERROR",
- #if (defined(ZRTP_BUILD_FOR_CSD) && (ZRTP_BUILD_FOR_CSD == 1))
- "DRIVINIT",
- "DRIVRESP",
- "DRIVPEND",
- #endif
- "NOZRTP"
-};
-
-const char* zrtp_log_state2str(zrtp_state_t state)
-{
- if (state < ZRTP_STATE_COUNT) {
- return _state_names[state];
- } else {
- return k_unknown;
- }
-};
-
-/*---------------------------------------------------------------------------*/
-static char* _stream_mode_name[ZRTP_STREAM_MODE_COUNT] =
-{
- "UNKNOWN",
- "CLEAR",
- "DH",
- "PRESHARED",
- "MULTI"
-};
-
-const char* zrtp_log_mode2str(zrtp_stream_mode_t mode)
-{
- if (mode < ZRTP_STREAM_MODE_COUNT) {
- return _stream_mode_name[mode];
- } else {
- return k_unknown;
- }
-};
-
-/*---------------------------------------------------------------------------*/
-static char* _msg_type_names[ZRTP_MSG_TYPE_COUNT] =
-{
- "NONE",
- "HELLO",
- "HELLOACK",
- "COMMIT",
- "DH1",
- "DH2",
- "CONFIRM1",
- "CONFIRM2",
- "CONFIRMACK",
- "GOCLEAR",
- "CLEARACKE",
- "ERROR",
- "ERRORACK",
- "PROCESS",
- "SASRELAY",
- "RELAYACK",
- "PING",
- "PINGACK",
-};
-
-const char* zrtp_log_pkt2str(zrtp_msg_type_t type)
-{
- if (type < ZRTP_MSG_TYPE_COUNT) {
- return _msg_type_names[type];
- } else {
- return k_unknown;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-static char* _event_code_name[] =
-{
- "ZRTP_EVENT_UNSUPPORTED",
- "ZRTP_EVENT_IS_CLEAR",
- "ZRTP_EVENT_IS_INITIATINGSECURE",
- "ZRTP_EVENT_IS_PENDINGSECURE",
- "ZRTP_EVENT_IS_PENDINGCLEAR",
- "ZRTP_EVENT_NO_ZRTP",
- "ZRTP_EVENT_NO_ZRTP_QUICK",
- "ZRTP_EVENT_IS_CLIENT_ENROLLMENT",
- "ZRTP_EVENT_NEW_USER_ENROLLED",
- "ZRTP_EVENT_USER_ALREADY_ENROLLED",
- "ZRTP_EVENT_USER_UNENROLLED",
- "ZRTP_EVENT_LOCAL_SAS_UPDATED",
- "ZRTP_EVENT_REMOTE_SAS_UPDATED",
- "ZRTP_EVENT_IS_SECURE",
- "ZRTP_EVENT_IS_SECURE_DONE",
- "ZRTP_EVENT_IS_PASSIVE_RESTRICTION",
- "ZRTP_EVENT_PROTOCOL_ERROR",
- "ZRTP_EVENT_WRONG_SIGNALING_HASH",
- "ZRTP_EVENT_WRONG_MESSAGE_HMAC",
- "ZRTP_EVENT_MITM_WARNING"
-};
-
-const char* zrtp_log_event2str(uint8_t event)
-{
- if (event <= ZRTP_EVENT_WRONG_MESSAGE_HMAC) {
- return _event_code_name[event];
- } else {
- return k_unknown;
- }
-}
-
-static char* _sign_role_name[] =
-{
- "Unknown",
- "Initiator",
- "Responder"
-};
-
-const char* zrtp_log_sign_role2str(unsigned role) {
- if (role < ZRTP_SIGNALING_ROLE_COUNT) {
- return _sign_role_name[role];
- } else {
- return k_unknown;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-typedef struct _zrtp_aling_test
-{
- uint_8t c1;
- uint_8t c2;
- uint_8t c3;
-} _zrtp_aling_test;
-
-void zrtp_print_env_settings(zrtp_config_t* config)
-{
-#if (ZRTP_PLATFORM == ZP_WIN32)
- char* platform = "Windows 32bit";
-#elif (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
- char* platform = "Windows Kernel 32bit";
-#elif (ZRTP_PLATFORM == ZP_WINCE)
- char* platform = "Windows CE";
-#elif (ZRTP_PLATFORM == ZP_DARWIN)
- char* platform = "Darwin OS X";
-#elif (ZRTP_PLATFORM == ZP_BSD)
- char* platform = "BSD";
-#elif (ZRTP_PLATFORM == ZP_LINUX)
- char* platform = "Linux OS";
-#elif (ZRTP_PLATFORM == ZP_SYMBIAN)
- char* platform = "Symbian OS";
-#elif (ZRTP_PLATFORM == ZP_ANDROID)
- char* platform = "Android OS";
-#endif
-
- ZRTP_LOG(3,("zrtp","============================================================\n"));
- ZRTP_LOG(3,("zrtp","ZRTP Configuration Settings\n"));
- ZRTP_LOG(3,("zrtp","============================================================\n"));
- ZRTP_LOG(3,("zrtp"," PLATFORM: %s\n", platform));
-#if (ZRTP_BYTE_ORDER == ZBO_BIG_ENDIAN)
- ZRTP_LOG(3,("zrtp"," BYTE ORDER: BIG ENDIAN\n"));
-#else
- ZRTP_LOG(3,("zrtp"," BYTE ORDER: LITTLE ENDIAN\n"));
-#endif
- ZRTP_LOG(3,("zrtp"," ZRTP_SAS_DIGEST_LENGTH: %d\n", ZRTP_SAS_DIGEST_LENGTH));
- ZRTP_LOG(3,("zrtp"," ZRTP_MAX_STREAMS_PER_SESSION: %d\n", ZRTP_MAX_STREAMS_PER_SESSION));
- ZRTP_LOG(3,("zrtp"," ZRTP_USE_EXTERN_SRTP: %d\n", ZRTP_USE_EXTERN_SRTP));
- ZRTP_LOG(3,("zrtp"," ZRTP_USE_STACK_MINIM: %d\n", ZRTP_USE_STACK_MINIM));
- ZRTP_LOG(3,("zrtp"," ZRTP_BUILD_FOR_CSD: %d\n", ZRTP_BUILD_FOR_CSD));
- ZRTP_LOG(3,("zrtp"," ZRTP_USE_BUILTIN: %d\n", ZRTP_USE_BUILTIN));
- ZRTP_LOG(3,("zrtp"," ZRTP_USE_BUILTIN_SCEHDULER: %d\n", ZRTP_USE_BUILTIN_SCEHDULER));
- ZRTP_LOG(3,("zrtp"," ZRTP_USE_BUILTIN_CACHE: %d\n", ZRTP_USE_BUILTIN_CACHE));
- ZRTP_LOG(3,("zrtp"," ZRTP_LOG_MAX_LEVEL: %d\n", ZRTP_LOG_MAX_LEVEL));
-
- ZRTP_LOG(3,("zrtp"," sizeo of unsigned int: %d\n", sizeof(unsigned int)));
- ZRTP_LOG(3,("zrtp"," size of unsigned long long: %d\n", sizeof(unsigned long long)));
- ZRTP_LOG(3,("zrtp"," sizeo of three chars: %d\n", sizeof(_zrtp_aling_test)));
- ZRTP_LOG(3,("zrtp","\n"));
- ZRTP_LOG(3,("zrtp","ZRTP Initialization Settings\n"));
- ZRTP_LOG(3,("zrtp"," client ID: %s\n", config->client_id));
- ZRTP_LOG(3,("zrtp"," license: %d\n", config->lic_mode));
- ZRTP_LOG(3,("zrtp"," MiTM: %s\n", config->is_mitm?"ENABLED":"DIABLED"));
- ZRTP_LOG(3,("zrtp"," cache path: %s\n", config->def_cache_path.length?config->def_cache_path.buffer:""));
-}
-
-/*---------------------------------------------------------------------------*/
-void zrtp_log_print_streaminfo(zrtp_stream_info_t* info)
-{
- ZRTP_LOG(3,("zrtp"," ZRTP Stream ID=%u\n", info->id));
- ZRTP_LOG(3,("zrtp"," mode: %s\n", zrtp_log_mode2str(info->mode)));
- ZRTP_LOG(3,("zrtp"," state: %s\n", zrtp_log_state2str(info->state)));
- ZRTP_LOG(3,("zrtp"," error: %s\n", zrtp_log_error2str(info->last_error)));
-
- ZRTP_LOG(3,("zrtp"," peer passive: %s\n", info->peer_passive?"ON":"OFF"));
- ZRTP_LOG(3,("zrtp"," peer disclose: %s\n", info->peer_disclose?"ON":"OFF"));
- ZRTP_LOG(3,("zrtp"," peer mitm: %s\n", info->peer_mitm?"ON":"OFF"));
- ZRTP_LOG(3,("zrtp"," res allowclear: %s\n", info->res_allowclear?"ON":"OFF"));
-}
-
-void zrtp_log_print_sessioninfo(zrtp_session_info_t* info)
-{
- char buffer[256];
-
- ZRTP_LOG(3,("zrtp"," ZRTP Session sID=%u is ready=%s\n", info->id, info->sas_is_ready?"YES":"NO"));
- ZRTP_LOG(3,("zrtp"," peer client: <%s> V=<%s>\n", info->peer_clientid.buffer, info->peer_version.buffer));
- hex2str(info->zid.buffer, info->zid.length, buffer, sizeof(buffer));
- ZRTP_LOG(3,("zrtp"," zid: %s\n", buffer));
- hex2str(info->peer_zid.buffer, info->peer_zid.length, buffer, sizeof(buffer));
- ZRTP_LOG(3,("zrtp"," peer zid: %s\n", buffer));
- hex2str(info->zid.buffer, info->zid.length, buffer, sizeof(buffer));
-
- ZRTP_LOG(3,("zrtp"," is base256: %s\n", info->sas_is_base256?"YES":"NO"));
- ZRTP_LOG(3,("zrtp"," SAS1: %s\n", info->sas1.buffer));
- ZRTP_LOG(3,("zrtp"," SAS2: %s\n", info->sas2.buffer));
- hex2str(info->sasbin.buffer, info->sasbin.length, buffer, sizeof(buffer));
- ZRTP_LOG(3,("zrtp"," bin SAS: %s\n", buffer));
- ZRTP_LOG(3,("zrtp"," TTL: %u\n", info->secrets_ttl));
-
- ZRTP_LOG(3,("zrtp"," hash: %s\n", info->hash_name.buffer));
- ZRTP_LOG(3,("zrtp"," cipher: %s\n", info->cipher_name.buffer));
- ZRTP_LOG(3,("zrtp"," auth: %s\n", info->auth_name.buffer));
- ZRTP_LOG(3,("zrtp"," sas: %s\n", info->sas_name.buffer));
- ZRTP_LOG(3,("zrtp"," pks: %s\n", info->pk_name.buffer));
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp mitm"
-
-extern zrtp_status_t _zrtp_machine_process_goclear(zrtp_stream_t* stream, zrtp_rtp_info_t* packet);
-
-
-/*===========================================================================*/
-/* State-Machine related functions */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-static void _send_and_resend_sasrelay(zrtp_stream_t *stream, zrtp_retry_task_t* task)
-{
- if (task->_retrys >= ZRTP_T2_MAX_COUNT) {
- ZRTP_LOG(1,(_ZTU_,"WARNING! SASRELAY Max retransmissions count reached. ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_timeout, 0);
- } else if (task->_is_enabled) {
-
- zrtp_status_t s = _zrtp_packet_send_message(stream, ZRTP_SASRELAY, &stream->messages.sasrelay);
- task->timeout = _zrtp_get_timeout((uint32_t)task->timeout, ZRTP_SASRELAY);
- if (zrtp_status_ok == s) {
- task->_retrys++;
- }
- if (stream->zrtp->cb.sched_cb.on_call_later) {
- stream->zrtp->cb.sched_cb.on_call_later(stream, task);
- }
- }
-}
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t _create_sasrelay( zrtp_stream_t *stream,
- zrtp_sas_id_t transf_sas_scheme,
- zrtp_string32_t* transf_sas_value,
- uint8_t transf_ac_flag,
- uint8_t transf_d_flag,
- zrtp_packet_SASRelay_t* sasrelay )
-{
- zrtp_session_t *session = stream->session;
- zrtp_status_t s = zrtp_status_fail;
- void* cipher_ctx = NULL;
-
- /* (padding + sig_len + flags) + SAS scheme and SASHash */
- const uint8_t encrypted_body_size = (2 + 1 + 1) + 4 + 32;
-
- zrtp_memset(sasrelay, 0, sizeof(zrtp_packet_SASRelay_t));
-
- /* generate a random initialization vector for CFB cipher */
- if (ZRTP_CFBIV_SIZE != zrtp_randstr(session->zrtp, sasrelay->iv, ZRTP_CFBIV_SIZE)) {
- return zrtp_status_rp_fail;
- }
-
- sasrelay->flags |= (session->profile.disclose_bit || transf_d_flag) ? 0x01 : 0x00;
- sasrelay->flags |= (session->profile.allowclear && transf_ac_flag) ? 0x02 : 0x00;
- sasrelay->flags |= 0x04;
-
- zrtp_memcpy( sasrelay->sas_scheme,
- zrtp_comp_id2type(ZRTP_CC_SAS, transf_sas_scheme),
- ZRTP_COMP_TYPE_SIZE );
- if (transf_sas_value)
- zrtp_memcpy(sasrelay->sashash, transf_sas_value->buffer, transf_sas_value->length);
-
- /* Then we need to encrypt Confirm before computing Hmac. Use AES CFB */
- do {
- cipher_ctx = session->blockcipher->start( session->blockcipher,
- (uint8_t*)stream->cc.zrtp_key.buffer,
- NULL,
- ZRTP_CIPHER_MODE_CFB );
- if (!cipher_ctx) {
- break;
- }
-
- s = session->blockcipher->set_iv( session->blockcipher,
- cipher_ctx,
- (zrtp_v128_t*)sasrelay->iv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = session->blockcipher->encrypt( session->blockcipher,
- cipher_ctx,
- (uint8_t*)sasrelay->pad,
- encrypted_body_size );
- } while(0);
- if (cipher_ctx) {
- session->blockcipher->stop(session->blockcipher, cipher_ctx);
- }
-
-
-
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! Failed to encrypt SASRELAY Message status=%d. ID=%u\n", s, stream->id));
- return s;
- }
-
- /* Compute Hmac over encrypted part of Confirm */
- {
- zrtp_string128_t hmac = ZSTR_INIT_EMPTY(hmac);
- s = session->hash->hmac_c( session->hash,
- stream->cc.hmackey.buffer,
- stream->cc.hmackey.length,
- (const char*)&sasrelay->pad,
- encrypted_body_size,
- ZSTR_GV(hmac) );
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! Failed to compute CONFIRM hmac status=%d. ID=%u\n", s, stream->id));
- return s;
- }
- zrtp_memcpy(sasrelay->hmac, hmac.buffer, ZRTP_HMAC_SIZE);
- }
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_sasrelay(zrtp_stream_t *stream, zrtp_rtp_info_t *packet)
-{
- zrtp_session_t *session = stream->session;
- zrtp_packet_SASRelay_t *sasrelay = (zrtp_packet_SASRelay_t*) packet->message;
- void* cipher_ctx = NULL;
- zrtp_sas_id_t rendering_id = ZRTP_COMP_UNKN;
- zrtp_status_t s = zrtp_status_fail;
- zrtp_string128_t hmac = ZSTR_INIT_EMPTY(hmac);
- char zerosashash[32];
- unsigned sas_scheme_did_change = 0;
- unsigned sas_hash_did_change = 0;
-
- /* (padding + sig_len + flags) + SAS scheme and SAS hash */
- const uint8_t encrypted_body_size = (2 + 1 + 1) + 4 + 32;
-
- zrtp_memset(zerosashash, 0, sizeof(zerosashash));
-
- /* Check if the remote endpoint is assigned to relay the SAS values */
- if (!stream->peer_mitm_flag) {
- ZRTP_LOG(2,(_ZTU_, ZRTP_RELAYED_SAS_FROM_NONMITM_STR));
- return zrtp_status_fail;
- }
-
- /* Check the HMAC */
- s = session->hash->hmac_c( session->hash,
- stream->cc.peer_hmackey.buffer,
- stream->cc.peer_hmackey.length,
- (const char*)&sasrelay->pad,
- encrypted_body_size,
- ZSTR_GV(hmac) );
- if (zrtp_status_ok != s ) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! Failed to compute CONFIRM hmac. status=%d ID=%u\n", s, stream->id));
- return zrtp_status_fail;
- }
-
- if (0 != zrtp_memcmp(sasrelay->hmac, hmac.buffer, ZRTP_HMAC_SIZE)) {
- ZRTP_LOG(2,(_ZTU_, ZRTP_VERIFIED_RESP_WARNING_STR));
- return zrtp_status_fail;
- }
-
- ZRTP_LOG(3,(_ZTU_, "\tHMAC value for the SASRELAY is correct - decrypting...\n"));
-
- /* Then we need to decrypt Confirm body */
- do
- {
- cipher_ctx = session->blockcipher->start( session->blockcipher,
- (uint8_t*)stream->cc.peer_zrtp_key.buffer,
- NULL,
- ZRTP_CIPHER_MODE_CFB );
- if (!cipher_ctx) {
- break;
- }
-
- s = session->blockcipher->set_iv(session->blockcipher, cipher_ctx, (zrtp_v128_t*)sasrelay->iv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = session->blockcipher->decrypt( session->blockcipher,
- cipher_ctx,
- (uint8_t*)sasrelay->pad,
- encrypted_body_size);
- } while(0);
- if (cipher_ctx) {
- session->blockcipher->stop(session->blockcipher, cipher_ctx);
- }
-
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! Failed to decrypt Confirm. status=%d ID=%u\n", s, stream->id));
- return s;
- }
-
- ZRTP_LOG(2,(_ZTU_,"\tSasRelay FLAGS old/new A=%d/%d, D=%d/%d.\n",
- stream->allowclear, (uint8_t)(sasrelay->flags & 0x02),
- stream->peer_disclose_bit, (uint8_t)(sasrelay->flags & 0x01)));
-
- /* Set evil bit if other-side disclosed session key */
- stream->peer_disclose_bit = (sasrelay->flags & 0x01);
-
- /* Enable ALLOWCLEAR option only if both sides support it */
- stream->allowclear = (sasrelay->flags & 0x02) && session->profile.allowclear;
-
- /*
- * We don't handle verified flag in SASRelaying because it makes no
- * sense in implementation of the ZRTP Internet Draft.
- */
-
- /*
- * Only enrolled users can do SAS transferring. (Non-enrolled users can
- * only change the SAS rendering scheme).
- */
-
- rendering_id = zrtp_comp_type2id(ZRTP_CC_SAS, (char*)sasrelay->sas_scheme);
- if (-1 == zrtp_profile_find(&session->profile, ZRTP_CC_SAS, rendering_id)) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! PBX Confirm packet with transferred SAS have unknown or"
- " unsupported rendering scheme %.4s.ID=%u\n", sasrelay->sas_scheme, stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_invalid_packet, 1);
- return zrtp_status_fail;
- }
-
- /* Check is SAS rendering did change */
- if (rendering_id != session->sasscheme->base.id) {
- session->sasscheme = zrtp_comp_find(ZRTP_CC_SAS, rendering_id, session->zrtp );
-
- sas_scheme_did_change = 1;
- ZRTP_LOG(3,(_ZTU_,"\tSasrelay: Rendering scheme was updated to %.4s.\n", session->sasscheme->base.type));
- }
-
- if (session->secrets.matches & ZRTP_BIT_PBX) {
- if ( (((uint32_t) *sasrelay->sas_scheme) != (uint32_t)0x0L) &&
- (0 != zrtp_memcmp(sasrelay->sashash, zerosashash, sizeof(sasrelay->sashash))) )
- {
- char buff[256];
- session->sasbin.length = ZRTP_MITM_SAS_SIZE;
- /* First 32 bits if sashash includes sasvalue */
- zrtp_memcpy(session->sasbin.buffer, sasrelay->sashash, session->sasbin.length);
- stream->mitm_mode = ZRTP_MITM_MODE_RECONFIRM_CLIENT;
-
- sas_hash_did_change = 1;
- ZRTP_LOG(3,(_ZTU_,"\tSasRelay: SAS value was updated to bin=%s.\n",
- hex2str(session->sasbin.buffer, session->sasbin.length, buff, sizeof(buff))));
- }
- } else if (0 != zrtp_memcmp(sasrelay->sashash, zerosashash, sizeof(sasrelay->sashash))) {
- ZRTP_LOG(1,(_ZTU_,"\tWARNING! SAS Value was received from NOT Trusted MiTM. ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_possible_mitm3, 1);
- return zrtp_status_fail;
- } else {
- ZRTP_LOG(1,(_ZTU_, "\rERROR! For SasRelay Other secret doesn't match. ID=%u\n", stream->id));
- }
-
-
- /* Generate new SAS if hash or rendering scheme did change.
- * Note: latest libzrtp may send "empty" SasRelay with the same SAS rendering
- * scheme and empty Hello hash for consistency reasons, we should ignore
- * such packets.
- */
- if (sas_scheme_did_change || sas_hash_did_change) {
- s = session->sasscheme->compute(session->sasscheme, stream, session->hash, 1);
- if (zrtp_status_ok != s) {
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- return s;
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tSasRelay: Updated SAS is <%s> <%s>.\n", session->sas1.buffer, session->sas2.buffer));
-
- if (session->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- session->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_LOCAL_SAS_UPDATED);
- }
- }
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_sasrelaying( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_RELAYACK:
- _zrtp_cancel_send_packet_later(stream, ZRTP_SASRELAY);
- _zrtp_change_state(stream, ZRTP_STATE_SECURE);
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_REMOTE_SAS_UPDATED);
- }
- break;
-
- case ZRTP_GOCLEAR:
- s = _zrtp_machine_process_goclear(stream, packet);
- if (zrtp_status_ok == s) {
- s = _zrtp_machine_enter_pendingclear(stream);
- }
- break;
-
- case ZRTP_NONE:
- s = _zrtp_protocol_decrypt(stream->protocol, packet, 1);
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-
-/*===========================================================================*/
-/* ZRTP API for PBX */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_stream_registration_start(zrtp_stream_t* stream, uint32_t ssrc)
-{
- if (!stream) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(3,(_ZTU_,"START REGISTRATION STREAM ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- if (NULL == stream->zrtp->cb.cache_cb.on_get_mitm) {
- ZRTP_LOG(2,(_ZTU_,"WARNING: Can't use MiTM Functions with no ZRTP Cache.\n"));
- return zrtp_status_notavailable;
- }
-
- stream->mitm_mode = ZRTP_MITM_MODE_REG_SERVER;
- return zrtp_stream_start(stream, ssrc);
-}
-
-zrtp_status_t zrtp_stream_registration_secure(zrtp_stream_t* stream)
-{
- if (!stream) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(3,(_ZTU_,"SECURE REGISTRATION STREAM ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- if (NULL == stream->zrtp->cb.cache_cb.on_get_mitm) {
- ZRTP_LOG(2,(_ZTU_,"WARNING: Can't use MiTM Functions with no ZRTP Cache.\n"));
- return zrtp_status_notavailable;
- }
-
- stream->mitm_mode = ZRTP_MITM_MODE_REG_SERVER;
- return zrtp_stream_secure(stream);
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_register_with_trusted_mitm(zrtp_stream_t* stream)
-{
- zrtp_session_t *session = stream->session;
- zrtp_status_t s = zrtp_status_bad_param;
-
- if (!stream) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(3,(_ZTU_,"MARKING this call as REGISTRATION ID=%u\n", stream->id));
-
- if (NULL == stream->zrtp->cb.cache_cb.on_get_mitm) {
- ZRTP_LOG(2,(_ZTU_,"WARNING: Can't use MiTM Functions with no ZRTP Cache.\n"));
- return zrtp_status_notavailable;
- }
-
- if (!stream->protocol) {
- return zrtp_status_bad_param;
- }
-
- /* Passive Client endpoint should NOT generate PBX Secret. */
- if ((stream->mitm_mode == ZRTP_MITM_MODE_REG_CLIENT) &&
- (ZRTP_LICENSE_MODE_PASSIVE == stream->zrtp->lic_mode)) {
- ZRTP_LOG(2,(_ZTU_,"WARNING: Passive Client endpoint should NOT generate PBX Secret.\n"));
- return zrtp_status_bad_param;
- }
-
- /*
- * Generate new MitM cache:
- * pbxsecret = KDF(ZRTPSess, "Trusted MiTM key", (ZIDi | ZIDr), negotiated hash length)
- */
- if ( (stream->state == ZRTP_STATE_SECURE) &&
- ((stream->mitm_mode == ZRTP_MITM_MODE_REG_CLIENT) || (stream->mitm_mode == ZRTP_MITM_MODE_REG_SERVER)) )
- {
- zrtp_string32_t kdf_context = ZSTR_INIT_EMPTY(kdf_context);
- static const zrtp_string32_t trusted_mitm_key_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_TRUSTMITMKEY_STR);
- zrtp_string16_t *zidi, *zidr;
-
- if (stream->protocol->type == ZRTP_STATEMACHINE_INITIATOR) {
- zidi = &session->zid;
- zidr = &session->peer_zid;
- } else {
- zidi = &session->peer_zid;
- zidr = &session->zid;
- }
-
- zrtp_zstrcat(ZSTR_GV(kdf_context), ZSTR_GVP(zidi));
- zrtp_zstrcat(ZSTR_GV(kdf_context), ZSTR_GVP(zidr));
-
- _zrtp_kdf( stream,
- ZSTR_GV(session->zrtpsess),
- ZSTR_GV(trusted_mitm_key_label),
- ZSTR_GV(kdf_context),
- ZRTP_HASH_SIZE,
- ZSTR_GV(session->secrets.pbxs->value));
-
- session->secrets.pbxs->_cachedflag = 1;
- session->secrets.pbxs->lastused_at = (uint32_t)(zrtp_time_now()/1000);
- session->secrets.cached |= ZRTP_BIT_PBX;
- session->secrets.matches |= ZRTP_BIT_PBX;
-
- s = zrtp_status_ok;
- if (session->zrtp->cb.cache_cb.on_put_mitm) {
- s = session->zrtp->cb.cache_cb.on_put_mitm( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- session->secrets.pbxs);
- }
-
- ZRTP_LOG(3,(_ZTU_,"Makring this call as REGISTRATION - DONE\n"));
- }
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_link_mitm_calls(zrtp_stream_t *stream1, zrtp_stream_t *stream2)
-{
- if (!stream1 || !stream2) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(3,(_ZTU_,"Link to MiTM call together stream1=%u stream2=%u.\n", stream1->id, stream2->id));
-
- /* This APi is for MiTM endpoints only. */
- if (stream1->zrtp->is_mitm) {
- return zrtp_status_bad_param;
- }
-
- stream1->linked_mitm = stream2;
- stream2->linked_mitm = stream1;
-
- {
- zrtp_stream_t *passive = NULL;
- zrtp_stream_t *unlimited = NULL;
-
- /* Check if we have at least one Unlimited endpoint. */
- if (stream1->peer_super_flag)
- unlimited = stream1;
- else if (stream2->peer_super_flag)
- unlimited = stream2;
-
- /* Check if the peer stream is Passive */
- if (unlimited) {
- passive = (stream1 == unlimited) ? stream2 : stream1;
- if (!passive->peer_passive)
- passive = NULL;
- }
-
- /* Ok, we haver Unlimited and Passive at two ends, let's make an exception and switch Passive to Secure. */
- if (unlimited && passive) {
- if (passive->state == ZRTP_STATE_CLEAR) {
- ZRTP_LOG(2,(_ZTU_,"INFO: zrtp_link_mitm_calls() stream with id=%u is Unlimited and"
- " Peer stream with id=%u is Passive in CLEAR state, switch the passive one to SECURE.\n"));
-
- /* @note: don't use zrtp_secure_stream() wrapper as it checks for Active/Passive stuff. */
- _zrtp_machine_start_initiating_secure(passive);
- }
- }
- }
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_update_remote_options( zrtp_stream_t* stream,
- zrtp_sas_id_t transf_sas_scheme,
- zrtp_string32_t* transf_sas_value,
- uint8_t transf_ac_flag,
- uint8_t transf_d_flag )
-{
- zrtp_retry_task_t* task = &stream->messages.sasrelay_task;
- zrtp_status_t s = zrtp_status_ok;
- char buff[256];
-
- if (!stream) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(3,(_ZTU_,"UPDATE REMOTE SAS OPTIONS mode. ID=%u\n", stream->id));
- ZRTP_LOG(3,(_ZTU_,"transf_sas=%s scheme=%d.\n", transf_sas_value ?
- hex2str((const char*)transf_sas_value->buffer, transf_sas_value->length, (char*)buff, sizeof(buff)) : "NULL",
- transf_sas_scheme));
-
- if (NULL == stream->zrtp->cb.cache_cb.on_get_mitm) {
- ZRTP_LOG(2,(_ZTU_,"WARNING: Can't use MiTM Functions with no ZRTP Cache.\n"));
- return zrtp_status_notavailable;
- }
-
- /* The TRANSFERRING option is only available from the SECURE state. */
- if (stream->state != ZRTP_STATE_SECURE) {
- return zrtp_status_bad_param;
- }
-
- /* Don't transfer an SAS to a non-enrolled user */
- if (transf_sas_value && !(stream->session->secrets.matches & ZRTP_BIT_PBX)) {
- return zrtp_status_bad_param;
- }
-
- /* Don't allow to transfer the SAS if the library wasn't initialized as MiTM endpoint */
- if (!stream->zrtp->is_mitm) {
- ZRTP_LOG(3,(_ZTU_,"\tERROR! The endpoint can't transfer SAS values to other endpoints"
- " without introducing itself by M-flag in Hello. see zrtp_init().\n"));
- return zrtp_status_wrong_state;
- }
-
- s = _create_sasrelay( stream,
- transf_sas_scheme,
- transf_sas_value,
- transf_ac_flag,
- transf_d_flag,
- &stream->messages.sasrelay);
- if(zrtp_status_ok != s) {
- return s;
- }
-
- s = _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_SASRELAY,
- sizeof(zrtp_packet_SASRelay_t) - sizeof(zrtp_msg_hdr_t),
- &stream->messages.sasrelay.hdr);
- if(zrtp_status_ok != s) {
- return s;
- }
-
- _zrtp_change_state(stream, ZRTP_STATE_SASRELAYING);
-
- task->_is_enabled = 1;
- task->callback = _send_and_resend_sasrelay;
- task->_retrys = 0;
- _send_and_resend_sasrelay(stream, task);
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_resolve_mitm_call( zrtp_stream_t* stream1,
- zrtp_stream_t* stream2)
-{
- zrtp_stream_t* enrolled = NULL;
- zrtp_stream_t* non_enrolled = NULL;
- zrtp_sas_id_t mitm_sas_scheme = ZRTP_COMP_UNKN;
- zrtp_status_t s = zrtp_status_ok;
-
- if (!stream1 || !stream2) {
- return zrtp_status_bad_param;
- }
-
- ZRTP_LOG(3,(_ZTU_,"RESOLVE MITM CALL s1=%u, s2=%u...\n", stream1->id, stream2->id));
-
- if (NULL == stream1->zrtp->cb.cache_cb.on_get_mitm) {
- ZRTP_LOG(2,(_ZTU_,"WARNING: Can't use MiTM Functions with no ZRTP Cache.\n"));
- return zrtp_status_notavailable;
- }
-
- /*
- * Both sides must be in the Secure state and at least one should be
- * enrolled.
- */
- if ((stream1->state != ZRTP_STATE_SECURE) || (stream2->state != ZRTP_STATE_SECURE)) {
- return zrtp_status_bad_param;
- }
-
- /* Check the stream enrollment options and choose one for transferring the call. */
- if (zrtp_is_user_enrolled(stream1)) {
- if (zrtp_is_user_enrolled(stream2)) {
- ZRTP_LOG(3,(_ZTU_,"\tBoth streams are enrolled - choose one with bigger ZID.\n"));
- enrolled = zrtp_choose_one_enrolled(stream1, stream2);
- } else {
- enrolled = stream1;
- }
- } else if (zrtp_is_user_enrolled(stream2)) {
- enrolled = stream2;
- }
-
- if (!enrolled) {
- return zrtp_status_bad_param;
- }
- else {
- non_enrolled = (stream1 == enrolled) ? stream2 : stream1;
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tAfter Resolving: S1 is %s and S2 is %s.\n",
- (stream1 == enrolled) ? "ENROLLED" : "NON-ENROLLED",
- (stream2 == enrolled) ? "ENROLLED" : "NON-ENROLLED"));
-
- /*
- * Choose the best SAS rendering scheme supported by both peers. Find the
- * stream that can change it.
- */
- {
- uint8_t i=0;
-
- zrtp_packet_Hello_t *enhello = &enrolled->messages.peer_hello;
- char *encp = (char*)enhello->comp + (enhello->hc +
- enhello->cc +
- enhello->ac +
- enhello->kc)* ZRTP_COMP_TYPE_SIZE;
-
-
- for (i=0; i<enhello->sc; i++, encp+=ZRTP_COMP_TYPE_SIZE)
- {
- uint8_t j=0;
- zrtp_packet_Hello_t *nonenhello = &non_enrolled->messages.peer_hello;
- char *nonencp = (char*)nonenhello->comp + (nonenhello->hc +
- nonenhello->cc +
- nonenhello->ac +
- nonenhello->kc)* ZRTP_COMP_TYPE_SIZE;
-
- for (j=0; j<nonenhello->sc; j++, nonencp+=ZRTP_COMP_TYPE_SIZE)
- {
- if (0 == zrtp_memcmp(encp, nonencp, ZRTP_COMP_TYPE_SIZE)) {
- mitm_sas_scheme = zrtp_comp_type2id(ZRTP_CC_SAS, encp);
- ZRTP_LOG(3,(_ZTU_,"\tMITM SAS scheme=%.4s was choosen.\n", encp));
- break;
- }
- }
- if (j != nonenhello->sc) {
- break;
- }
- }
- }
- if (ZRTP_COMP_UNKN == mitm_sas_scheme) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! Can't find matched SAS schemes on MiTM Resolving.\n"
- " s1=%u s2=$u", stream1->id, stream2->id));
- return zrtp_status_algo_fail;
- }
-
- s = zrtp_update_remote_options( enrolled,
- mitm_sas_scheme,
- &non_enrolled->session->sasbin,
- non_enrolled->allowclear,
- non_enrolled->peer_disclose_bit );
- if (zrtp_status_ok != s) {
- return s;
- }
-
- /* NOTE: new request from Philip Zimmermann - always send SASRelay to BOTH parties. */
- /* If non-enrolled party has SAS scheme different from chosen one - update */
- /*if (non_enrolled->session->sasscheme->base.id != mitm_sas_scheme) { */
- s = zrtp_update_remote_options( non_enrolled,
- mitm_sas_scheme,
- NULL,
- enrolled->allowclear,
- enrolled->peer_disclose_bit );
- if (zrtp_status_ok != s) {
- return s;
- }
- /*}*/
-
- return s;
-}
-
-/*---------------------------------------------------------------------------*/
-uint8_t zrtp_is_user_enrolled(zrtp_stream_t* stream)
-{
- if (!stream) {
- return zrtp_status_bad_param;
- }
-
- return ( (stream->session->secrets.cached & ZRTP_BIT_PBX) &&
- (stream->session->secrets.matches & ZRTP_BIT_PBX) );
-}
-
-zrtp_stream_t* zrtp_choose_one_enrolled(zrtp_stream_t* stream1, zrtp_stream_t* stream2)
-{
- if (!stream1 || !stream2) {
- return NULL;
- }
-
- if (zrtp_memcmp( stream1->session->zid.buffer,
- stream2->session->zid.buffer,
- stream1->session->zid.length) > 0) {
- return stream1;
- } else {
- return stream2;
- }
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp protocol"
-
-
-/*===========================================================================*/
-/* PROTOCOL Logic */
-/*===========================================================================*/
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t _attach_secret( zrtp_session_t *session,
- zrtp_proto_secret_t* psec,
- zrtp_shared_secret_t* sec,
- uint8_t is_initiator)
-{
- zrtp_uchar32_t buff;
- static const zrtp_string16_t initiator = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_ROLE_INITIATOR);
- static const zrtp_string16_t responder = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_ROLE_RESPONDER);
-
- const zrtp_string16_t* role = is_initiator ? &initiator : &responder;
- const zrtp_string16_t* his_role = is_initiator ? &responder : &initiator;
-
- ZSTR_SET_EMPTY(psec->id);
- ZSTR_SET_EMPTY(psec->peer_id);
- psec->secret = sec;
-
- /*
- * If secret's value is available (from the cache or from SIP) - use hmac;
- * use zero-strings in other case.
- */
- if (psec->secret) {
- session->hash->hmac_truncated( session->hash,
- ZSTR_GV(sec->value),
- ZSTR_GVP(role),
- ZRTP_RSID_SIZE,
- ZSTR_GV(psec->id));
-
- session->hash->hmac_truncated( session->hash,
- ZSTR_GV(sec->value),
- ZSTR_GVP(his_role),
- ZRTP_RSID_SIZE,
- ZSTR_GV(psec->peer_id));
- } else {
- psec->id.length = ZRTP_RSID_SIZE;
- zrtp_memset(psec->id.buffer, 0, psec->id.length);
-
- psec->peer_id.length = ZRTP_RSID_SIZE;
- zrtp_memset(psec->peer_id.buffer, 0, psec->peer_id.length);
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tAttach RS id=%s.\n",
- hex2str((const char*)psec->id.buffer, psec->id.length, (char*)buff, sizeof(buff))));
- ZRTP_LOG(3,(_ZTU_,"\tAttach RS peer_id=%s.\n",
- hex2str((const char*)psec->peer_id.buffer, psec->peer_id.length, (char*)buff, sizeof(buff))));
-
- return zrtp_status_ok;
-}
-
-static zrtp_status_t _attach_auxs_secret(zrtp_stream_t *stream,
- zrtp_proto_secret_t* psec,
- zrtp_shared_secret_t* sec,
- uint8_t is_initiator)
-{
- zrtp_uchar32_t buff;
-
- zrtp_string32_t myH3;
- ZSTR_SET_EMPTY(myH3);
- zrtp_zstrncpyc(ZSTR_GV(myH3), stream->messages.hello.hash, sizeof(stream->messages.hello.hash));
-
- zrtp_string32_t peerH3;
- ZSTR_SET_EMPTY(peerH3);
- zrtp_zstrncpyc(ZSTR_GV(peerH3), stream->messages.peer_hello.hash, sizeof(stream->messages.peer_hello.hash));
-
- ZSTR_SET_EMPTY(psec->id);
- ZSTR_SET_EMPTY(psec->peer_id);
- psec->secret = sec;
-
- if (psec->secret) {
- stream->session->hash->hmac_truncated(stream->session->hash,
- ZSTR_GV(sec->value),
- ZSTR_GV(myH3),
- ZRTP_RSID_SIZE,
- ZSTR_GV(psec->id));
-
- stream->session->hash->hmac_truncated(stream->session->hash,
- ZSTR_GV(sec->value),
- ZSTR_GV(peerH3),
- ZRTP_RSID_SIZE,
- ZSTR_GV(psec->peer_id));
- }
- else {
- psec->id.length = ZRTP_RSID_SIZE;
- zrtp_memset(psec->id.buffer, 0, psec->id.length);
-
- psec->peer_id.length = ZRTP_RSID_SIZE;
- zrtp_memset(psec->peer_id.buffer, 0, psec->peer_id.length);
- }
-
- ZRTP_LOG(3, (_ZTU_, "\tAttach RS/auxs id=%s.\n",
- hex2str((const char*)psec->id.buffer, psec->id.length, (char*)buff, sizeof(buff))));
- ZRTP_LOG(3, (_ZTU_, "\tAttach RS/auxs peer_id=%s.\n",
- hex2str((const char*)psec->peer_id.buffer, psec->peer_id.length, (char*)buff, sizeof(buff))));
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t _zrtp_protocol_init(zrtp_stream_t *stream, uint8_t is_initiator, zrtp_protocol_t **protocol)
-{
- zrtp_protocol_t *new_proto = NULL;
- zrtp_status_t s = zrtp_status_ok;
-
- ZRTP_LOG(3,(_ZTU_,"\tInit %s Protocol ID=%u mode=%s...\n",
- is_initiator ? "INITIATOR's" : "RESPONDER's", stream->id, zrtp_log_mode2str(stream->mode)));
-
- /* Destroy previous protocol structure (Responder or Preshared) */
- if (*protocol) {
- _zrtp_protocol_destroy(*protocol);
- *protocol = NULL;
- }
-
- /* Allocate memory for all branching structures */
- do
- {
- new_proto = zrtp_sys_alloc(sizeof(zrtp_protocol_t));
- if (!new_proto) {
- s = zrtp_status_alloc_fail;
- break;
- }
- zrtp_memset(new_proto, 0, sizeof(zrtp_protocol_t));
-
- new_proto->cc = zrtp_sys_alloc(sizeof(zrtp_proto_crypto_t));
- if (!new_proto->cc) {
- s = zrtp_status_alloc_fail;
- break;
- }
- zrtp_memset(new_proto->cc, 0, sizeof(zrtp_proto_crypto_t));
-
- /* Create and Initialize DH crypto context (for DH streams only) */
- if (ZRTP_IS_STREAM_DH(stream)) {
- if (stream->dh_cc.initialized_with != stream->pubkeyscheme->base.id) {
- stream->pubkeyscheme->initialize(stream->pubkeyscheme, &stream->dh_cc);
- stream->dh_cc.initialized_with = stream->pubkeyscheme->base.id;
- }
- }
-
- /* Initialize main structure at first: functions pointers and generate nonce */
- new_proto->type = is_initiator ? ZRTP_STATEMACHINE_INITIATOR : ZRTP_STATEMACHINE_RESPONDER;
- new_proto->context = stream;
-
- /* Initialize protocol crypto context and prepare it for further usage */
- ZSTR_SET_EMPTY(new_proto->cc->kdf_context);
- ZSTR_SET_EMPTY(new_proto->cc->s0);
- ZSTR_SET_EMPTY(new_proto->cc->mes_hash);
- ZSTR_SET_EMPTY(new_proto->cc->hv);
- ZSTR_SET_EMPTY(new_proto->cc->peer_hv);
-
- if (ZRTP_IS_STREAM_DH(stream)) {
- _attach_secret(stream->session, &new_proto->cc->rs1, stream->session->secrets.rs1, is_initiator);
- _attach_secret(stream->session, &new_proto->cc->rs2, stream->session->secrets.rs2, is_initiator);
- _attach_auxs_secret(stream, &new_proto->cc->auxs, stream->session->secrets.auxs, is_initiator);
- _attach_secret(stream->session, &new_proto->cc->pbxs, stream->session->secrets.pbxs, is_initiator);
- }
-
- s = zrtp_status_ok;
- *protocol = new_proto;
- } while (0);
-
- if (s != zrtp_status_ok) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! _zrtp_protocol_attach() with code %s.\n", zrtp_log_status2str(s)));
- if (new_proto && new_proto->cc) {
- zrtp_sys_free(new_proto->cc);
- }
- if (new_proto) {
- zrtp_sys_free(new_proto);
- }
- *protocol = NULL;
- }
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-static void clear_crypto_sources(zrtp_stream_t* stream)
-{
- zrtp_protocol_t* proto = stream->protocol;
- if (proto && proto->cc) {
- zrtp_memset(proto->cc, 0, sizeof(zrtp_proto_crypto_t));
- zrtp_sys_free(proto->cc);
- proto->cc = 0;
- }
-}
-
-void _zrtp_protocol_destroy(zrtp_protocol_t *proto)
-{
- /* Clear protocol crypto values, destroy SRTP unit, clear and release memory. */
- if (proto) {
- /* if protocol is being destroyed by exception, ->context may be NULL */
- if (proto->context) {
- _zrtp_cancel_send_packet_later(proto->context, ZRTP_NONE);
- if (proto->_srtp) {
- zrtp_srtp_destroy(proto->context->zrtp->srtp_global, proto->_srtp);
- }
- }
-
- clear_crypto_sources(proto->context);
- zrtp_memset(proto, 0, sizeof(zrtp_protocol_t));
- zrtp_sys_free(proto);
- }
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_protocol_encrypt( zrtp_protocol_t *proto,
- zrtp_rtp_info_t *packet,
- uint8_t is_rtp)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- if (is_rtp) {
- s = zrtp_srtp_protect(proto->context->zrtp->srtp_global, proto->_srtp, packet);
- } else {
- s = zrtp_srtp_protect_rtcp(proto->context->zrtp->srtp_global, proto->_srtp, packet);
- }
-
- if (zrtp_status_ok != s) {
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *hdr = (zrtp_rtp_hdr_t*) packet->packet;
-
- ZRTP_LOG(2,(_ZTU_,"ERROR! Encrypt failed. ID=%u:%s s=%s (%s size=%d ssrc=%u seq=%d pt=%d)\n",
- proto->context->id,
- zrtp_log_mode2str(proto->context->mode),
- zrtp_log_status2str(s),
- is_rtp ? "RTP" : "RTCP",
- *packet->length,
- zrtp_ntoh32(hdr->ssrc),
- zrtp_ntoh16(hdr->seq),
- hdr->pt));
- }
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_protocol_decrypt( zrtp_protocol_t *proto,
- zrtp_rtp_info_t *packet,
- uint8_t is_rtp)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- if (is_rtp) {
- s = zrtp_srtp_unprotect(proto->context->zrtp->srtp_global, proto->_srtp, packet);
- } else {
- s = zrtp_srtp_unprotect_rtcp(proto->context->zrtp->srtp_global, proto->_srtp, packet);
- }
-
- if (zrtp_status_ok != s) {
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *hdr = (zrtp_rtp_hdr_t*) packet->packet;
- ZRTP_LOG(2,(_ZTU_,"ERROR! Decrypt failed. ID=%u:%s s=%s (%s size=%d ssrc=%u seq=%u/%u pt=%d)\n",
- proto->context->id,
- zrtp_log_mode2str(proto->context->mode),
- zrtp_log_status2str(s),
- is_rtp ? "RTP" : "RTCP",
- *packet->length,
- zrtp_ntoh32(hdr->ssrc),
- zrtp_ntoh16(hdr->seq),
- packet->seq,
- hdr->pt));
- }
-
- return s;
-}
-
-
-/*===========================================================================*/
-/* CRYPTO Utilites */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-static zrtp_status_t _derive_s0(zrtp_stream_t* stream, int is_initiator)
-{
- static const zrtp_string32_t zrtp_kdf_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_KDF_STR);
- static const zrtp_string32_t zrtp_sess_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_SESS_STR);
- static const zrtp_string32_t zrtp_multi_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_MULTI_STR);
- static const zrtp_string32_t zrtp_presh_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_PRESH_STR);
-
- zrtp_session_t *session = stream->session;
- zrtp_secrets_t* secrets = &session->secrets;
- zrtp_proto_crypto_t* cc = stream->protocol->cc;
- void* hash_ctx = NULL;
- char print_buff[256];
-
- switch (stream->mode)
- {
- /*
- * S0 computing for FULL DH exchange
- * S0 computing. s0 is the master shared secret used for all
- * cryptographic operations. In particular, note the inclusion
- * of "total_hash", a hash of all packets exchanged up to this
- * point. This belatedly detects any tampering with earlier
- * packets, e.g. bid-down attacks.
- *
- * s0 = hash( 1 | DHResult | "ZRTP-HMAC-KDF" | ZIDi | ZIDr |
- * total_hash | len(s1) | s1 | len(s2) | s2 | len(s3) | s3 )
- * The constant 1 and all lengths are 32 bits big-endian values.
- * The fields without length prefixes are fixed-witdh:
- * - DHresult is fixed to the width of the DH prime.
- * - The hash type string and ZIDs are fixed width.
- * - total_hash is fixed by the hash negotiation.
- * The constant 1 is per NIST SP 800-56A section 5.8.1, and is
- * a counter which can be incremented to generate more than 256
- * bits of key material.
- * ========================================================================
- */
- case ZRTP_STREAM_MODE_DH:
- {
- zrtp_proto_secret_t *C[3] = { 0, 0, 0};
- int i = 0;
- uint32_t comp_length = 0;
- zrtp_stringn_t *zidi = NULL, *zidr = NULL;
- struct BigNum dhresult;
-#if (defined(ZRTP_USE_STACK_MINIM) && (ZRTP_USE_STACK_MINIM == 1))
- zrtp_uchar1024_t* buffer = zrtp_sys_alloc( sizeof(zrtp_uchar1024_t) );
- if (!buffer) {
- return zrtp_status_alloc_fail;
- }
-#else
- zrtp_uchar1024_t holder;
- zrtp_uchar1024_t* buffer = &holder;
-#endif
-
- ZRTP_LOG(3,(_ZTU_,"\tDERIVE S0 from DH exchange and RS secrets...\n"));
- ZRTP_LOG(3,(_ZTU_,"\t my rs1ID:%s\n", hex2str(cc->rs1.id.buffer, cc->rs1.id.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t his rs1ID:%s\n", hex2str((const char*)stream->messages.peer_dhpart.rs1ID, ZRTP_RSID_SIZE, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t his rs1ID comp:%s\n", hex2str(cc->rs1.peer_id.buffer, cc->rs1.peer_id.length, print_buff, sizeof(print_buff))));
-
- ZRTP_LOG(3,(_ZTU_,"\t my rs2ID:%s\n", hex2str(cc->rs2.id.buffer, cc->rs2.id.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t his rs2ID:%s\n", hex2str((const char*)stream->messages.peer_dhpart.rs2ID, ZRTP_RSID_SIZE, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t his rs2ID comp:%s\n", hex2str(cc->rs2.peer_id.buffer, cc->rs2.peer_id.length, print_buff, sizeof(print_buff))));
-
- ZRTP_LOG(3,(_ZTU_,"\t my pbxsID:%s\n", hex2str(cc->pbxs.id.buffer, cc->pbxs.id.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t his pbxsID:%s\n", hex2str((const char*)stream->messages.peer_dhpart.pbxsID, ZRTP_RSID_SIZE, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\this pbxsID comp:%s\n", hex2str(cc->pbxs.peer_id.buffer, cc->pbxs.peer_id.length, print_buff, sizeof(print_buff))));
-
- ZRTP_LOG(3, (_ZTU_, "\t my auxsID:%s\n", hex2str(cc->auxs.id.buffer, cc->auxs.id.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3, (_ZTU_, "\t his auxsID:%s\n", hex2str((const char*)stream->messages.peer_dhpart.auxsID, ZRTP_RSID_SIZE, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3, (_ZTU_, "\this auxsID comp:%s\n", hex2str(cc->auxs.peer_id.buffer, cc->auxs.peer_id.length, print_buff, sizeof(print_buff))));
-
- hash_ctx = session->hash->hash_begin(session->hash);
- if (0 == hash_ctx) {
- ZRTP_LOG(1,(_ZTU_, "\tERROR! can't start hash calculation for S0 computing. ID=%u.\n", stream->id));
- return zrtp_status_fail;
- }
-
- /*
- * NIST requires a 32-bit big-endian integer counter to be included
- * in the hash each time the hash is computed, which we have set to
- * the fixed value of 1, because we only compute the hash once.
- */
- comp_length = zrtp_hton32(1L);
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&comp_length, 4);
-
-
- switch (stream->pubkeyscheme->base.id) {
- case ZRTP_PKTYPE_DH2048:
- case ZRTP_PKTYPE_DH3072:
- case ZRTP_PKTYPE_DH4096:
- comp_length = stream->pubkeyscheme->pv_length;
- ZRTP_LOG(3,(_ZTU_,"DH comp_length=%u\n", comp_length));
- break;
- case ZRTP_PKTYPE_EC256P:
- case ZRTP_PKTYPE_EC384P:
- case ZRTP_PKTYPE_EC521P:
- comp_length = stream->pubkeyscheme->pv_length/2;
- ZRTP_LOG(3,(_ZTU_,"ECDH comp_length=%u\n", comp_length));
- break;
- default:
- break;
- }
-
- bnBegin(&dhresult);
- stream->pubkeyscheme->compute(stream->pubkeyscheme,
- &stream->dh_cc,
- &dhresult,
- &stream->dh_cc.peer_pv);
-
- bnExtractBigBytes(&dhresult, (uint8_t *)buffer, 0, comp_length);
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)buffer, comp_length);
- bnEnd(&dhresult);
-
-#if (defined(ZRTP_USE_STACK_MINIM) && (ZRTP_USE_STACK_MINIM == 1))
- zrtp_sys_free(buffer);
-#endif
-
- /* Add "ZRTP-HMAC-KDF" to the S0 hash */
- session->hash->hash_update( session->hash, hash_ctx,
- (const int8_t*)&zrtp_kdf_label.buffer,
- zrtp_kdf_label.length);
-
- /* Then Initiator's and Responder's ZIDs */
- if (stream->protocol->type == ZRTP_STATEMACHINE_INITIATOR) {
- zidi = ZSTR_GV(stream->session->zid);
- zidr = ZSTR_GV(stream->session->peer_zid);
- } else {
- zidr = ZSTR_GV(stream->session->zid);
- zidi = ZSTR_GV(stream->session->peer_zid);
- }
-
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&zidi->buffer, zidi->length);
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&zidr->buffer, zidr->length);
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&cc->mes_hash.buffer, cc->mes_hash.length);
-
- /* If everything is OK - RS1 should much */
- if (!zrtp_memcmp(cc->rs1.peer_id.buffer, stream->messages.peer_dhpart.rs1ID, ZRTP_RSID_SIZE))
- {
- C[0] = &cc->rs1;
- secrets->matches |= ZRTP_BIT_RS1;
- }
- /* If we have lost our RS1 - remote party should use backup (RS2) instead */
- else if (!zrtp_memcmp(cc->rs1.peer_id.buffer, stream->messages.peer_dhpart.rs2ID, ZRTP_RSID_SIZE))
- {
- C[0] = &cc->rs1;
- secrets->matches |= ZRTP_BIT_RS1;
- ZRTP_LOG(2,(_ZTU_,"\tINFO! We have lost our RS1 from previous broken exchange"
- " - remote party will use RS2 backup. ID=%u\n", stream->id));
- }
- /* If remote party lost it's secret - we will use backup */
- else if (!zrtp_memcmp(cc->rs2.peer_id.buffer, stream->messages.peer_dhpart.rs1ID, ZRTP_RSID_SIZE))
- {
- C[0] = &cc->rs2;
- cc->rs1 = cc->rs2;
- secrets->matches |= ZRTP_BIT_RS1;
- secrets->cached |= ZRTP_BIT_RS1;
- ZRTP_LOG(2,(_ZTU_,"\tINFO! Remote party has lost it's RS1 - use RS2 backup. ID=%u\n", stream->id));
- }
- else
- {
- secrets->matches &= ~ZRTP_BIT_RS1;
- if (session->zrtp->cb.cache_cb.on_set_verified) {
- session->zrtp->cb.cache_cb.on_set_verified( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- 0);
- }
-
- if (session->zrtp->cb.cache_cb.on_reset_since) {
- session->zrtp->cb.cache_cb.on_reset_since(ZSTR_GV(session->zid), ZSTR_GV(session->peer_zid));
- }
-
- ZRTP_LOG(2,(_ZTU_,"\tINFO! Our RS1 doesn't equal to other-side's one %s. ID=%u\n",
- cc->rs1.secret->_cachedflag ? " - drop verified!" : "", stream->id));
- }
-
- if (!zrtp_memcmp(cc->rs2.peer_id.buffer, stream->messages.peer_dhpart.rs2ID, ZRTP_RSID_SIZE)) {
- secrets->matches |= ZRTP_BIT_RS2;
- if (0 == C[0]) {
- C[0] = &cc->rs2;
- }
- }
-
-
- if (secrets->auxs &&
- (!zrtp_memcmp(stream->messages.peer_dhpart.auxsID, cc->auxs.peer_id.buffer, ZRTP_RSID_SIZE)) ) {
- C[1] =&cc->auxs;
- secrets->matches |= ZRTP_BIT_AUX;
- }
-
- if ( secrets->pbxs &&
- (!zrtp_memcmp(stream->messages.peer_dhpart.pbxsID, cc->pbxs.peer_id.buffer, ZRTP_RSID_SIZE)) ) {
- C[2] = &cc->pbxs;
- secrets->matches |= ZRTP_BIT_PBX;
- }
-
- /* Finally hashing matched shared secrets */
- for (i=0; i<3; i++) {
- /*
- * Some of the shared secrets s1 through s5 may have lengths of zero
- * if they are null (not shared), and are each preceded by a 4-octet
- * length field. For example, if s4 is null, len(s4) is 00 00 00 00,
- * and s4 itself would be absent from the hash calculation, which
- * means len(s5) would immediately follow len(s4).
- */
- comp_length = C[i] ? zrtp_hton32(ZRTP_RS_SIZE) : 0;
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&comp_length, 4);
- if (C[i]) {
- session->hash->hash_update( session->hash,
- hash_ctx,
- (const int8_t*)C[i]->secret->value.buffer,
- C[i]->secret->value.length );
- ZRTP_LOG(3,(_ZTU_,"\tUse S%d in calculations.\n", i+1));
- }
- }
-
- session->hash->hash_end(session->hash, hash_ctx, ZSTR_GV(cc->s0));
- } break; /* S0 for for DH and Preshared streams */
-
- /*
- * Compute all possible combinations of preshared_key:
- * hash(len(rs1) | rs1 | len(auxsecret) | auxsecret | len(pbxsecret) | pbxsecret)
- * Find matched preshared_key and derive S0 from it:
- * s0 = KDF(preshared_key, "ZRTP Stream Key", KDF_Context, negotiated hash length)
- *
- * INFO: Take into account that RS1 and RS2 may be swapped.
- * If no matched were found - generate DH commit.
- * ========================================================================
- */
- case ZRTP_STREAM_MODE_PRESHARED:
- {
- zrtp_status_t s = zrtp_status_ok;
- zrtp_string32_t presh_key = ZSTR_INIT_EMPTY(presh_key);
-
- ZRTP_LOG(3,(_ZTU_,"\tDERIVE S0 for PRESHARED from cached secret. ID=%u\n", stream->id));
-
- /* Use the same hash as we used for Commitment */
- if (is_initiator)
- {
- s = _zrtp_compute_preshared_key( session,
- ZSTR_GV(session->secrets.rs1->value),
- (session->secrets.auxs->_cachedflag) ? ZSTR_GV(session->secrets.auxs->value) : NULL,
- (session->secrets.pbxs->_cachedflag) ? ZSTR_GV(session->secrets.pbxs->value) : NULL,
- ZSTR_GV(presh_key),
- NULL);
- if (zrtp_status_ok != s) {
- return s;
- }
-
- secrets->matches |= ZRTP_BIT_RS1;
- if (session->secrets.auxs->_cachedflag) {
- secrets->matches |= ZRTP_BIT_AUX;
- }
- if (session->secrets.pbxs->_cachedflag) {
- secrets->matches |= ZRTP_BIT_PBX;
- }
- }
- /*
- * Let's find appropriate hv key for Responder:
- * <RS1, 0, 0>, <RS1, AUX, 0>, <RS1, 0, PBX>, <RS1, AUX, PBX>.
- */
- else
- {
- int res=-1;
- char* peer_key_id = (char*)stream->messages.peer_commit.hv+ZRTP_HV_NONCE_SIZE;
- zrtp_string8_t key_id = ZSTR_INIT_EMPTY(key_id);
-
- do {
- /* RS1 MUST be available at this stage.*/
- s = _zrtp_compute_preshared_key( session,
- ZSTR_GV(secrets->rs1->value),
- NULL,
- NULL,
- ZSTR_GV(presh_key),
- ZSTR_GV(key_id));
- if (zrtp_status_ok == s) {
- res = zrtp_memcmp(peer_key_id, key_id.buffer, ZRTP_HV_KEY_SIZE);
- if (0 == res) {
- secrets->matches |= ZRTP_BIT_RS1;
- break;
- }
- }
-
- if (session->secrets.pbxs->_cachedflag)
- {
- s = _zrtp_compute_preshared_key( session,
- ZSTR_GV(secrets->rs1->value),
- NULL,
- ZSTR_GV(secrets->pbxs->value),
- ZSTR_GV(presh_key),
- ZSTR_GV(key_id));
- if (zrtp_status_ok == s) {
- res = zrtp_memcmp(peer_key_id, key_id.buffer, ZRTP_HV_KEY_SIZE);
- if (0 == res) {
- secrets->matches |= ZRTP_BIT_PBX;
- break;
- }
- }
- }
-
- if (session->secrets.auxs->_cachedflag)
- {
- s = _zrtp_compute_preshared_key( session,
- ZSTR_GV(secrets->rs1->value),
- ZSTR_GV(secrets->auxs->value),
- NULL,
- ZSTR_GV(presh_key),
- ZSTR_GV(key_id));
- if (zrtp_status_ok == s) {
- res = zrtp_memcmp(peer_key_id, key_id.buffer, ZRTP_HV_KEY_SIZE);
- if (0 == res) {
- secrets->matches |= ZRTP_BIT_AUX;
- break;
- }
- }
- }
-
- if ((session->secrets.pbxs->_cachedflag) && (session->secrets.auxs->_cachedflag))
- {
- s = _zrtp_compute_preshared_key( session,
- ZSTR_GV(secrets->rs1->value),
- ZSTR_GV(secrets->auxs->value),
- ZSTR_GV(secrets->pbxs->value),
- ZSTR_GV(presh_key),
- ZSTR_GV(key_id));
- if (zrtp_status_ok == s) {
- res = zrtp_memcmp(peer_key_id, key_id.buffer, ZRTP_HV_KEY_SIZE);
- if (0 == res) {
- secrets->matches |= ZRTP_BIT_AUX;
- secrets->matches |= ZRTP_BIT_PBX;
- break;
- }
- }
- }
-
- } while (0);
-
- if (0 != res) {
- ZRTP_LOG(3,(_ZTU_,"\tINFO! Matched Key wasn't found - initate DH exchange.\n"));
- secrets->cached = 0;
- secrets->rs1->_cachedflag = 0;
-
- _zrtp_machine_start_initiating_secure(stream);
- return zrtp_status_ok;
- }
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tUse RS1, %s, %s in calculations.\n",
- (session->secrets.matches & ZRTP_BIT_AUX) ? "AUX" : "NULL",
- (session->secrets.matches & ZRTP_BIT_PBX) ? "PBX" : "NULL"));
-
- _zrtp_kdf( stream,
- ZSTR_GV(presh_key),
- ZSTR_GV(zrtp_presh_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- session->hash->digest_length,
- ZSTR_GV(cc->s0));
- } break;
-
-
- /*
- * For FAST Multistream:
- * s0n = KDF(ZRTPSess, "ZRTP Multistream Key", KDF_Context, negotiated hash length)
- * ========================================================================
- */
- case ZRTP_STREAM_MODE_MULT:
- {
- ZRTP_LOG(3,(_ZTU_,"\tDERIVE S0 for MULTISTREAM from ZRTP Session key... ID=%u\n", stream->id));
- _zrtp_kdf( stream,
- ZSTR_GV(session->zrtpsess),
- ZSTR_GV(zrtp_multi_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- session->hash->digest_length,
- ZSTR_GV(cc->s0));
- } break;
-
- default: break;
- }
-
-
- /*
- * Compute ZRTP session key for FULL streams only:
- * ZRTPSess = KDF(s0, "ZRTP Session Key", KDF_Context, negotiated hash length)
- */
- if (!ZRTP_IS_STREAM_MULT(stream)) {
- if (session->zrtpsess.length == 0) {
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GV(zrtp_sess_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- session->hash->digest_length,
- ZSTR_GV(session->zrtpsess));
- }
- }
-
- return zrtp_status_ok;
-}
-
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_set_public_value( zrtp_stream_t *stream,
- int is_initiator)
-{
- /*
- * This function performs the following actions according to ZRTP draft 5.6
- * a) Computes total hash;
- * b) Calculates DHResult;
- * c) Computes final stream key S0, based on DHSS and retained secrets;
- * d) Computes HMAC Key and ZRTP key;
- * e) Computes srtp keys and salts and creates srtp session.
- */
-
- zrtp_session_t *session = stream->session;
- zrtp_proto_crypto_t* cc = stream->protocol->cc;
- void* hash_ctx = NULL;
-
- static const zrtp_string32_t hmac_keyi_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_INITIATOR_HMAKKEY_STR);
- static const zrtp_string32_t hmac_keyr_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_RESPONDER_HMAKKEY_STR);
-
- static const zrtp_string32_t srtp_mki_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_INITIATOR_KEY_STR);
- static const zrtp_string32_t srtp_msi_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_INITIATOR_SALT_STR);
- static const zrtp_string32_t srtp_mkr_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_RESPONDER_KEY_STR);
- static const zrtp_string32_t srtp_msr_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_RESPONDER_SALT_STR);
-
- static const zrtp_string32_t zrtp_keyi_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_INITIATOR_ZRTPKEY_STR);
- static const zrtp_string32_t zrtp_keyr_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_RESPONDER_ZRTPKEY_STR);
-
- uint32_t cipher_key_length = (ZRTP_CIPHER_AES128 == session->blockcipher->base.id) ? 16 : 32;
-
- const zrtp_string32_t *output_mk_label;
- const zrtp_string32_t *output_ms_label;
- const zrtp_string32_t *input_mk_label;
- const zrtp_string32_t *input_ms_label;
- const zrtp_string32_t *hmac_key_label;
- const zrtp_string32_t *peer_hmac_key_label;
- const zrtp_string32_t *zrtp_key_label;
- const zrtp_string32_t *peer_zrtp_key_label;
-
- /* Define roles and prepare structures */
- if (is_initiator) {
- output_mk_label = &srtp_mki_label;
- output_ms_label = &srtp_msi_label;
- input_mk_label = &srtp_mkr_label;
- input_ms_label = &srtp_msr_label;
- hmac_key_label = &hmac_keyi_label;
- peer_hmac_key_label = &hmac_keyr_label;
- zrtp_key_label = &zrtp_keyi_label;
- peer_zrtp_key_label = &zrtp_keyr_label;
- } else {
- output_mk_label = &srtp_mkr_label;
- output_ms_label = &srtp_msr_label;
- input_mk_label = &srtp_mki_label;
- input_ms_label = &srtp_msi_label;
- hmac_key_label = &hmac_keyr_label;
- peer_hmac_key_label = &hmac_keyi_label;
- zrtp_key_label = &zrtp_keyr_label;
- peer_zrtp_key_label = &zrtp_keyi_label;
- }
-
- ZRTP_LOG(3, (_ZTU_,"---------------------------------------------------\n"));
- ZRTP_LOG(3,(_ZTU_,"\tSWITCHING TO SRTP. ID=%u\n", zrtp_log_mode2str(stream->mode), stream->id));
- ZRTP_LOG(3,(_ZTU_,"\tI %s\n", is_initiator ? "Initiator" : "Responder"));
-
- /*
- * Compute total messages hash:
- * total_hash = hash(Hello of responder | Commit | DHPart1 | DHPart2) for DH streams
- * total_hash = hash(Hello of responder | Commit ) for Fast modes.
- */
- {
- uint8_t* tok = NULL;
- uint16_t tok_len = 0;
-
- hash_ctx = session->hash->hash_begin(session->hash);
- if (0 == hash_ctx) {
- return zrtp_status_fail;
- }
-
- tok = is_initiator ? (uint8_t*)&stream->messages.peer_hello : (uint8_t*) &stream->messages.hello;
- tok_len = is_initiator ? stream->messages.peer_hello.hdr.length : stream->messages.hello.hdr.length;
- tok_len = zrtp_ntoh16(tok_len)*4;
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)tok, tok_len);
-
- tok = is_initiator ? (uint8_t*)&stream->messages.commit : (uint8_t*)&stream->messages.peer_commit;
- tok_len = is_initiator ? stream->messages.commit.hdr.length : stream->messages.peer_commit.hdr.length;
- tok_len = zrtp_ntoh16(tok_len)*4;
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)tok, tok_len);
-
- if (ZRTP_IS_STREAM_DH(stream))
- {
- tok = (uint8_t*) (is_initiator ? &stream->messages.peer_dhpart : &stream->messages.dhpart);
- tok_len = is_initiator ? stream->messages.peer_dhpart.hdr.length : stream->messages.dhpart.hdr.length;
- tok_len = zrtp_ntoh16(tok_len)*4;
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)tok, tok_len);
-
- tok = (uint8_t*)(is_initiator ? &stream->messages.dhpart : &stream->messages.peer_dhpart);
- tok_len = is_initiator ? stream->messages.dhpart.hdr.length : stream->messages.peer_dhpart.hdr.length;
- tok_len = zrtp_ntoh16(tok_len)*4;
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)tok, tok_len);
- }
-
- session->hash->hash_end(session->hash, hash_ctx, ZSTR_GV(cc->mes_hash));
- hash_ctx = NULL;
- } /* total hash computing */
-
- /* Total Hash is ready and we can create KDF_Context */
- zrtp_zstrcat(ZSTR_GV(cc->kdf_context), is_initiator ? ZSTR_GV(session->zid) : ZSTR_GV(session->peer_zid));
- zrtp_zstrcat(ZSTR_GV(cc->kdf_context), is_initiator ? ZSTR_GV(session->peer_zid) : ZSTR_GV(session->zid));
- zrtp_zstrcat(ZSTR_GV(cc->kdf_context), ZSTR_GV(cc->mes_hash));
-
- /* Derive stream key S0 according to key exchange scheme */
- if (zrtp_status_ok != _derive_s0(stream, is_initiator)) {
- return zrtp_status_fail;
- }
-
- /*
- * Compute HMAC keys. These values will be used after confirmation:
- * hmackeyi = KDF(s0, "Initiator HMAC key", KDF_Context, negotiated hash length)
- * hmackeyr = KDF(s0, "Responder HMAC key", KDF_Context, negotiated hash length)
- */
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(hmac_key_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- session->hash->digest_length,
- ZSTR_GV(stream->cc.hmackey));
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(peer_hmac_key_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- session->hash->digest_length,
- ZSTR_GV(stream->cc.peer_hmackey));
-
- /*
- * Computing ZRTP keys for protection of the Confirm packet:
- * zrtpkeyi = KDF(s0, "Initiator ZRTP key", KDF_Context, negotiated AES key length)
- * zrtpkeyr = KDF(s0, "Responder ZRTP key", KDF_Context, negotiated AES key length)
- */
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(zrtp_key_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- cipher_key_length,
- ZSTR_GV(stream->cc.zrtp_key));
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(peer_zrtp_key_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- cipher_key_length,
- ZSTR_GV(stream->cc.peer_zrtp_key));
-#if (defined(ZRTP_DEBUG_ZRTP_KEYS) && ZRTP_DEBUG_ZRTP_KEYS == 1)
- {
- char print_buff[256];
- ZRTP_LOG(3,(_ZTU_,"\t Messages hash:%s\n", hex2str(cc->mes_hash.buffer, cc->mes_hash.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t S0:%s\n", hex2str(cc->s0.buffer, cc->s0.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t ZRTP Sess:%s\n", hex2str(session->zrtpsess.buffer, session->zrtpsess.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t hmackey:%s\n", hex2str(stream->cc.hmackey.buffer, stream->cc.hmackey.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t peer_hmackeyr:%s\n", hex2str(stream->cc.peer_hmackey.buffer, stream->cc.peer_hmackey.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t ZRTP key:%s\n", hex2str(stream->cc.zrtp_key.buffer, stream->cc.zrtp_key.length, print_buff, sizeof(print_buff))));
- ZRTP_LOG(3,(_ZTU_,"\t Peer ZRTP key:%s\n", hex2str(stream->cc.peer_zrtp_key.buffer, stream->cc.peer_zrtp_key.length, print_buff, sizeof(print_buff))));
- }
-#endif
- /*
- * Preparing SRTP crypto engine:
- * srtpkeyi = KDF(s0, "Initiator SRTP master key", KDF_Context, negotiated AES key length)
- * srtpsalti = KDF(s0, "Initiator SRTP master salt", KDF_Context, 112)
- * srtpkeyr = KDF(s0, "Responder SRTP master key", KDF_Context, negotiated AES key length)
- * srtpsaltr = KDF(s0, "Responder SRTP master salt", KDF_Context, 112)
- */
- {
- zrtp_srtp_profile_t iprof;
- zrtp_srtp_profile_t oprof;
-
- ZSTR_SET_EMPTY(iprof.salt);
- ZSTR_SET_EMPTY(iprof.key);
-
- iprof.rtp_policy.cipher = session->blockcipher;
- iprof.rtp_policy.auth_tag_len = session->authtaglength;
- iprof.rtp_policy.hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_SRTP_HASH_HMAC_SHA1, session->zrtp);
- iprof.rtp_policy.auth_key_len = 20;
- iprof.rtp_policy.cipher_key_len = cipher_key_length;
-
- zrtp_memcpy(&iprof.rtcp_policy, &iprof.rtp_policy, sizeof(iprof.rtcp_policy));
- iprof.dk_cipher = session->blockcipher;
-
- zrtp_memcpy(&oprof, &iprof, sizeof(iprof));
-
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(input_mk_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- cipher_key_length,
- ZSTR_GV(iprof.key));
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(input_ms_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- 14,
- ZSTR_GV(iprof.salt));
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(output_mk_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- cipher_key_length,
- ZSTR_GV(oprof.key));
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GVP(output_ms_label),
- ZSTR_GV(stream->protocol->cc->kdf_context),
- 14,
- ZSTR_GV(oprof.salt));
-
- stream->protocol->_srtp = zrtp_srtp_create(session->zrtp->srtp_global, &iprof, &oprof);
-
- /* Profiles and keys in them are not needed anymore - clear them */
- zrtp_memset(&iprof, 0, sizeof(iprof));
- zrtp_memset(&oprof, 0, sizeof(oprof));
-
- if (!stream->protocol->_srtp) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! Can't initialize SRTP engine. ID=%u\n", stream->id));
- return zrtp_status_fail;
- }
- } /* SRTP initialization */
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_enter_secure(zrtp_stream_t* stream)
-{
- /*
- * When switching to SECURE all ZRTP crypto values were already computed by
- * state-machine. Then we need to have logic to manage SAS value and shared
- * secrets only. So: we compute SAS, refresh secrets flags and save the
- * secrets to the cache after RS2 and RS1 swapping. We don't need any
- * crypto sources any longer - destroy them.
- */
-
- zrtp_status_t s = zrtp_status_ok;
- zrtp_proto_crypto_t* cc = stream->protocol->cc;
- zrtp_session_t *session = stream->session;
- zrtp_secrets_t *secrets = &stream->session->secrets;
- uint8_t was_exp = 0;
- uint64_t exp_date = 0;
-
- ZRTP_LOG(3,(_ZTU_,"\tEnter state SECURE (%s).\n", zrtp_log_mode2str(stream->mode)));
-
- _zrtp_cancel_send_packet_later(stream, ZRTP_NONE);
-
- /*
- * Compute the SAS value if it isn't computed yet. If there are several
- * streams running in parallel - stream with the biggest hvi should
- * generate the SAS.
- */
- if (!session->sas1.length) {
- s = session->sasscheme->compute(session->sasscheme, stream, session->hash, 0);
- if (zrtp_status_ok != s) {
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- return s;
- }
-
-
- ZRTP_LOG(3,(_ZTU_,"\tThis is the very first stream in sID GENERATING SAS value.\n", session->id));
- ZRTP_LOG(3,(_ZTU_,"\tSAS computed: <%.16s> <%.16s>.\n", session->sas1.buffer, session->sas2.buffer));
- }
-
- /*
- * Compute a new value for RS1 and store the prevoious one.
- * Compute result secrets' flags.
- */
- if (ZRTP_IS_STREAM_DH(stream))
- {
- ZRTP_LOG(3,(_ZTU_,"\tCheck expiration interval: last_use=%u ttl=%u new_ttl=%u exp=%u now=%u\n",
- secrets->rs1->lastused_at,
- secrets->rs1->ttl,
- stream->cache_ttl,
- (secrets->rs1->lastused_at + secrets->rs1->ttl),
- zrtp_time_now()/1000));
-
- if (secrets->rs1->ttl != 0xFFFFFFFF) {
- exp_date = secrets->rs1->lastused_at;
- exp_date += secrets->rs1->ttl;
-
- if (ZRTP_IS_STREAM_DH(stream) && (exp_date < zrtp_time_now()/1000)) {
- ZRTP_LOG(3,(_ZTU_,"\tUsing EXPIRED secrets: last_use=%u ttl=%u exp=%u now=%u\n",
- secrets->rs1->lastused_at,
- secrets->rs1->ttl,
- (secrets->rs1->lastused_at + secrets->rs1->ttl),
- zrtp_time_now()/1000));
- was_exp = 1;
- }
- }
-
- if (!was_exp) {
- secrets->wrongs = secrets->matches ^ secrets->cached;
- secrets->wrongs &= ~ZRTP_BIT_RS2;
- secrets->wrongs &= ~ZRTP_BIT_PBX;
- }
- }
-
- /*
- * We going to update RS1 and change appropriate secrets flags. Let's back-up current values.
- * Back-upped values could be used in debug purposes and in the GUI to reflect current state of the call
- */
- if (!ZRTP_IS_STREAM_MULT(stream)) {
- secrets->cached_curr = secrets->cached;
- secrets->matches_curr = secrets->matches;
- secrets->wrongs_curr = secrets->wrongs;
- }
-
-
- ZRTP_LOG(3,(_ZTU_,"\tFlags C=%x M=%x W=%x ID=%u\n",
- secrets->cached, secrets->matches, secrets->wrongs, stream->id));
-
- _zrtp_change_state(stream, ZRTP_STATE_SECURE);
- /*
- * Alarm user if the following condition is TRUE for both RS1 and RS2:
- * "secret is wrong if it has been restored from the cache but hasn't matched
- * with the remote one".
- */
- if (session->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- session->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_SECURE);
- }
- if (session->zrtp->cb.event_cb.on_zrtp_secure) {
- session->zrtp->cb.event_cb.on_zrtp_secure(stream);
- }
-
- /* Alarm user if possible MiTM attack detected */
- if (secrets->wrongs) {
- session->mitm_alert_detected = 1;
-
- if (session->zrtp->cb.event_cb.on_zrtp_security_event) {
- session->zrtp->cb.event_cb.on_zrtp_security_event(stream, ZRTP_EVENT_MITM_WARNING);
- }
- }
-
- /* Check for unenrollemnt first */
- if ((secrets->cached & ZRTP_BIT_PBX) && !(secrets->matches & ZRTP_BIT_PBX)) {
- ZRTP_LOG(2,(_ZTU_,"\tINFO! The user requires new un-enrolment - the nedpint may clear"
- " the cache or perform other action. ID=%u\n", stream->id));
-
- if (session->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- session->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_USER_UNENROLLED);
- }
- }
-
- /*
- * Handle PBX registration, if required: If PBX already had a shared secret
- * for the ZID it leaves the cache entry unmodified. Else, it computes a new
- * one. If the PBX detects cache entry for the static shared secret, but the
- * phone does not have a matching cache entry - the PBX generates a new one.
- */
- if (ZRTP_MITM_MODE_REG_SERVER == stream->mitm_mode)
- {
- if (secrets->matches & ZRTP_BIT_PBX) {
- ZRTP_LOG(2,(_ZTU_,"\tINFO! User have been already registered - skip enrollment ritual. ID=%u\n", stream->id));
- if (session->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- session->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_USER_ALREADY_ENROLLED);
- }
- } else {
- ZRTP_LOG(2,(_ZTU_,"\tINFO! The user requires new enrolment - generate new MiTM secret. ID=%u\n", stream->id));
- zrtp_register_with_trusted_mitm(stream);
- if (session->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_NEW_USER_ENROLLED);
- }
-
- }
- }
- else if (ZRTP_MITM_MODE_REG_CLIENT == stream->mitm_mode)
- {
- if (session->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- session->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_CLIENT_ENROLLMENT);
- }
- }
-
- /*
- * Compute new RS for FULL DH streams only. Don't update RS1 if cache TTL is 0
- */
- if (ZRTP_IS_STREAM_DH(stream))
- {
- static const zrtp_string32_t rss_label = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_RS_STR);
-
- if (stream->cache_ttl > 0) {
- /* Replace RS2 with RS1 */
- zrtp_sys_free(secrets->rs2);
- secrets->rs2 = secrets->rs1;
-
- secrets->rs1 = _zrtp_alloc_shared_secret(session);
- if (!secrets->rs1) {
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- return zrtp_status_fail;
- }
-
- /*
- * Compute new RS1 based on previous one and S0:
- * rs1 = KDF(s0, "retained secret", KDF_Context, negotiated hash length)
- */
- _zrtp_kdf( stream,
- ZSTR_GV(cc->s0),
- ZSTR_GV(rss_label),
- ZSTR_GV(cc->kdf_context),
- ZRTP_HASH_SIZE,
- ZSTR_GV(secrets->rs1->value));
-
- /*
- * Mark secrets as cached: RS1 have been just generated and cached;
- * RS2 is cached if previous secret was cached as well.
- */
- secrets->rs1->_cachedflag = 1;
- secrets->cached |= ZRTP_BIT_RS1;
- secrets->matches |= ZRTP_BIT_RS1;
- if (secrets->rs2->_cachedflag) {
- secrets->cached |= ZRTP_BIT_RS2;
- }
-
- /* Let's update the TTL interval for the new secret */
- secrets->rs1->ttl = stream->cache_ttl;
- secrets->rs1->lastused_at = (uint32_t)(zrtp_time_now()/1000);
-
- /* If possible MiTM attach detected - postpone storing the cache until after the user verify the SAS */
- if (!session->mitm_alert_detected) {
- if (session->zrtp->cb.cache_cb.on_put) {
- session->zrtp->cb.cache_cb.on_put( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- secrets->rs1);
- }
- }
-
- {
- uint32_t verifiedflag = 0;
- char buff[128];
- if (session->zrtp->cb.cache_cb.on_get_verified) {
- session->zrtp->cb.cache_cb.on_get_verified( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- &verifiedflag);
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tNew secret was generated:\n"));
- ZRTP_LOG(3,(_ZTU_,"\t\tRS1 value:<%s>\n",
- hex2str(secrets->rs1->value.buffer, secrets->rs1->value.length, buff, sizeof(buff))));
- ZRTP_LOG(3,(_ZTU_,"\t\tTTL=%u, flags C=%x M=%x W=%x V=%d\n",
- secrets->rs1->ttl, secrets->cached, secrets->matches, secrets->wrongs, verifiedflag));
- }
- } /* for TTL > 0 only */
- else {
- if (session->zrtp->cb.cache_cb.on_put) {
- secrets->rs1->ttl = 0;
- session->zrtp->cb.cache_cb.on_put( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- secrets->rs1);
- }
- }
- } /* For DH mode only */
-
-
- if (session->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- session->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_SECURE_DONE);
- }
-
- /* We have computed all subkeys from S0 and don't need it any longer. */
- zrtp_wipe_zstring(ZSTR_GV(cc->s0));
-
- /* Clear DH crypto context */
- if (ZRTP_IS_STREAM_DH(stream)) {
- bnEnd(&stream->dh_cc.peer_pv);
- bnEnd(&stream->dh_cc.pv);
- bnEnd(&stream->dh_cc.sv);
- zrtp_wipe_zstring(ZSTR_GV(stream->dh_cc.dhss));
- }
-
- /*
- * Now, let's check if the transition to CLEAR was caused by Active/Passive rules.
- * If local endpoint is a MitM and peer MiTM linked stream is Unlimited, we
- * could break the rules and send commit to Passive endpoint.
- */
- if (stream->zrtp->is_mitm && stream->peer_super_flag) {
- if (stream->linked_mitm && stream->linked_mitm->peer_passive) {
- if (stream->linked_mitm->state == ZRTP_STATE_CLEAR) {
- ZRTP_LOG(2,(_ZTU_,"INFO: Linked Peer stream id=%u suspended in CLEAR-state due to"
- " Active/Passive restrictions, but we are running in MiTM mode and "
- "current peer endpoint is Super-Active. Let's Go Secure for the linked stream.\n", stream->id));
-
- /* @note: don't use zrtp_secure_stream() wrapper as it checks for Active/Passive stuff. */
- _zrtp_machine_start_initiating_secure(stream->linked_mitm);
- }
- }
- }
-
- /*
- * Increase calls counter for Preshared mode and reset it on DH
- */
- if (session->zrtp->cb.cache_cb.on_presh_counter_get && session->zrtp->cb.cache_cb.on_presh_counter_set) {
- uint32_t calls_counter = 0;
- session->zrtp->cb.cache_cb.on_presh_counter_get( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- &calls_counter);
- if (ZRTP_IS_STREAM_DH(stream)) {
- session->zrtp->cb.cache_cb.on_presh_counter_set( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- 0);
- } else if ZRTP_IS_STREAM_PRESH(stream) {
- session->zrtp->cb.cache_cb.on_presh_counter_set( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- ++calls_counter);
- }
- }
-
- clear_crypto_sources(stream);
-
- return zrtp_status_ok;
-}
-
-
-/*===========================================================================*/
-/* Shared functions */
-/*===========================================================================*/
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_create_confirm( zrtp_stream_t *stream,
- zrtp_packet_Confirm_t* confirm)
-{
- void* cipher_ctx = NULL;
- zrtp_status_t s = zrtp_status_fail;
- zrtp_session_t *session = stream->session;
- uint32_t verifiedflag = 0;
-
- /* hash + (padding + sig_len + flags) + ttl */
- const uint8_t encrypted_body_size = ZRTP_MESSAGE_HASH_SIZE + (2 + 1 + 1) + 4;
-
- /*
- * Create the Confirm packet according to draft 6.7
- * AES CFB vector at first, SIG length and flags octet and cache TTL at the end
- * This version doesn't support signatures so sig_length=0
- */
- if (ZRTP_CFBIV_SIZE != zrtp_randstr(session->zrtp, confirm->iv, ZRTP_CFBIV_SIZE)) {
- return zrtp_status_fail;
- }
-
- zrtp_memcpy(confirm->hash, stream->messages.h0.buffer, ZRTP_MESSAGE_HASH_SIZE);
-
- if (session->zrtp->cb.cache_cb.on_get_verified) {
- session->zrtp->cb.cache_cb.on_get_verified( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- &verifiedflag);
- }
-
- confirm->expired_interval = zrtp_hton32(session->profile.cache_ttl);
- confirm->flags = 0;
- confirm->flags |= session->profile.disclose_bit ? 0x01 : 0x00;
- confirm->flags |= session->profile.allowclear ? 0x02 : 0x00;
- confirm->flags |= verifiedflag ? 0x04 : 0x00;
- confirm->flags |= (ZRTP_MITM_MODE_REG_SERVER == stream->mitm_mode) ? 0x08 : 0x00;
-
- /* Then we need to encrypt Confirm before Hmac computing. Use AES CFB */
- do
- {
- cipher_ctx = session->blockcipher->start( session->blockcipher,
- (uint8_t*)stream->cc.zrtp_key.buffer,
- NULL,
- ZRTP_CIPHER_MODE_CFB);
- if (!cipher_ctx) {
- break;
- }
-
- s = session->blockcipher->set_iv(session->blockcipher, cipher_ctx, (zrtp_v128_t*)confirm->iv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = session->blockcipher->encrypt( session->blockcipher,
- cipher_ctx,
- (uint8_t*)&confirm->hash,
- encrypted_body_size );
- } while(0);
- if (cipher_ctx) {
- session->blockcipher->stop(session->blockcipher, cipher_ctx);
- }
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"ERROR! failed to encrypt Confirm. s=%d ID=%u\n", s, stream->id));
- return s;
- }
-
- /* Compute Hmac over encrypted part of Confirm */
- {
- zrtp_string128_t hmac = ZSTR_INIT_EMPTY(hmac);
- s = session->hash->hmac_c( session->hash,
- stream->cc.hmackey.buffer,
- stream->cc.hmackey.length,
- (const char*)&confirm->hash,
- encrypted_body_size,
- ZSTR_GV(hmac) );
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"ERROR! failed to compute Confirm hmac. s=%d ID=%u\n", s, stream->id));
- return s;
- }
-
- zrtp_memcpy(confirm->hmac, hmac.buffer, ZRTP_HMAC_SIZE);
-
- {
- char buff[512];
- ZRTP_LOG(3,(_ZTU_,"HMAC TRACE. COMPUTE.\n"));
- ZRTP_LOG(3,(_ZTU_,"\tcipher text:%s. size=%u\n",
- hex2str((const char*)&confirm->hash, encrypted_body_size, buff, sizeof(buff)), encrypted_body_size));
- ZRTP_LOG(3,(_ZTU_,"\t key:%s.\n",
- hex2str(stream->cc.hmackey.buffer, stream->cc.hmackey.length, buff, sizeof(buff))));
- ZRTP_LOG(3,(_ZTU_,"\t comp hmac:%s.\n",
- hex2str(hmac.buffer, hmac.length, buff, sizeof(buff))));
- ZRTP_LOG(3,(_ZTU_,"\t hmac:%s.\n",
- hex2str((const char*)confirm->hmac, ZRTP_HMAC_SIZE, buff, sizeof(buff))));
- }
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_confirm( zrtp_stream_t *stream,
- zrtp_packet_Confirm_t *confirm)
-{
- /* Compute Hmac over encrypted part of Confirm and reject malformed packets */
- void* cipher_ctx = NULL;
- zrtp_status_t s = zrtp_status_fail;
- zrtp_session_t *session = stream->session;
- zrtp_string128_t hmac = ZSTR_INIT_EMPTY(hmac);
-
- /* hash + (padding + sig_len + flags) + ttl */
- const uint8_t encrypted_body_size = ZRTP_MESSAGE_HASH_SIZE + (2 + 1 + 1) + 4;
- s = session->hash->hmac_c( session->hash,
- stream->cc.peer_hmackey.buffer,
- stream->cc.peer_hmackey.length,
- (const char*)&confirm->hash,
- encrypted_body_size,
- ZSTR_GV(hmac) );
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! failed to compute Incoming Confirm hmac. s=%d ID=%u\n", s, stream->id));
- return zrtp_status_fail;
- }
-
-
- // MARK: TRACE CONFIRM HMAC ERROR
-#if 0
- {
- char buff[512];
- ZRTP_LOG(3,(_ZTU_,"HMAC TRACE. VERIFY\n"));
- ZRTP_LOG(3,(_ZTU_,"\tcipher text:%s. size=%u\n",
- hex2str((const char*)&confirm->hash, encrypted_body_size, buff, sizeof(buff)), encrypted_body_size));
- ZRTP_LOG(3,(_ZTU_,"\t key:%s.\n",
- hex2str(stream->cc.peer_hmackey.buffer, stream->cc.peer_hmackey.length, buff, sizeof(buff))));
- ZRTP_LOG(3,(_ZTU_,"\t comp hmac:%s.\n",
- hex2str(hmac.buffer, hmac.length, buff, sizeof(buff))));
- ZRTP_LOG(3,(_ZTU_,"\t hmac:%s.\n",
- hex2str((const char*)confirm->hmac, ZRTP_HMAC_SIZE, buff, sizeof(buff))));
- }
-#endif
-
-
- if (0 != zrtp_memcmp(confirm->hmac, hmac.buffer, ZRTP_HMAC_SIZE)) {
- /*
- * Weird. Perhaps a bug in our code or our peer's code. Or it could be an attacker
- * who doesn't realize that Man-In-The-Middling the Diffie-Hellman key generation
- * but allowing the correct rsIds to pass through accomplishes nothing more than
- * forcing us to fallback to cleartext mode. If this attacker had gone ahead and deleted
- * or replaced the rsIds, then he would have been able to stay in the middle (although
- * he would of course still face the threat of a Voice Authentication Check). On the
- * other hand if this attacker wanted to force us to fallback to cleartext mode, he could
- * have done that more simply, for example by intercepting our ZRTP HELLO packet and
- * replacing it with a normal non-ZRTP comfort noise packet. In any case, we'll do our
- * "switch to cleartext fallback" behavior.
- */
-
- ZRTP_LOG(2,(_ZTU_,"\tWARNING!" ZRTP_VERIFIED_RESP_WARNING_STR "ID=%u\n", stream->id));
-
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_auth_decrypt, 1);
- return zrtp_status_fail;
- }
-
- /* Then we need to decrypt Confirm body */
- do {
- cipher_ctx = session->blockcipher->start( session->blockcipher,
- (uint8_t*)stream->cc.peer_zrtp_key.buffer,
- NULL,
- ZRTP_CIPHER_MODE_CFB);
- if (!cipher_ctx) {
- break;
- }
-
- s = session->blockcipher->set_iv( session->blockcipher,
- cipher_ctx,
- (zrtp_v128_t*)confirm->iv);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = session->blockcipher->decrypt( session->blockcipher,
- cipher_ctx,
- (uint8_t*)&confirm->hash,
- encrypted_body_size);
- } while(0);
- if (cipher_ctx) {
- session->blockcipher->stop(session->blockcipher, cipher_ctx);
- }
- if (zrtp_status_ok != s) {
- ZRTP_LOG(3,(_ZTU_,"\tERROR! failed to decrypt incoming Confirm. s=%d ID=%u\n", s, stream->id));
- return s;
- }
-
- /* We have access to hash field and can check hmac of the previous message */
- {
- zrtp_msg_hdr_t *hdr = NULL;
- char *key=NULL;
- zrtp_string32_t tmphash_str = ZSTR_INIT_EMPTY(tmphash_str);
- zrtp_hash_t *hash = zrtp_comp_find( ZRTP_CC_HASH, ZRTP_HASH_SHA256, stream->zrtp);
-
- if (ZRTP_IS_STREAM_DH(stream)) {
- hdr = &stream->messages.peer_dhpart.hdr;
- key = (char*)confirm->hash;
- } else {
- hash->hash_c(hash, (char*)confirm->hash, ZRTP_MESSAGE_HASH_SIZE, ZSTR_GV(tmphash_str));
-
- if (ZRTP_STATEMACHINE_INITIATOR == stream->protocol->type) {
- hdr = &stream->messages.peer_hello.hdr;
- hash->hash_c( hash,
- tmphash_str.buffer,
- ZRTP_MESSAGE_HASH_SIZE,
- ZSTR_GV(tmphash_str) );
- } else {
- hdr = &stream->messages.peer_commit.hdr;
- }
- key = tmphash_str.buffer;
- }
-
- if (0 != _zrtp_validate_message_hmac(stream, hdr, key)) {
- return zrtp_status_fail;
- }
- }
-
- /* Set evil bit if other-side shared session key */
- stream->peer_disclose_bit = (confirm->flags & 0x01);
-
- /* Enable ALLOWCLEAR option if only both sides support it */
- stream->allowclear = (confirm->flags & 0x02) && session->profile.allowclear;
-
- /* Drop RS1 VERIFIED flag if other side didn't verified key exchange */
- if (0 == (confirm->flags & 0x04)) {
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Other side Confirm V=0 - set verified to 0! ID=%u\n", stream->id));
- zrtp_verified_set(session->zrtp, &session->zid, &session->peer_zid, 0);
- }
-
- /* Look for Enrollment replay flag */
- if (confirm->flags & 0x08)
- {
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Confirm PBX Enrolled flag is set - it is a Registration call! ID=%u\n", stream->id));
-
- if (stream->mitm_mode != ZRTP_MITM_MODE_CLIENT) {
- ZRTP_LOG(2,(_ZTU_,"\tERROR: PBX enrollment flag was received in wrong MiTM mode %s."
- " ID=%u\n", zrtp_log_mode2str(stream->mode), stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_invalid_packet, 1);
- return zrtp_status_fail;
- }
-
- /* Passive endpoint should ignore PBX Enrollment. */
- if (ZRTP_LICENSE_MODE_PASSIVE != stream->zrtp->lic_mode) {
- stream->mitm_mode = ZRTP_MITM_MODE_REG_CLIENT;
- } else {
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Ignore PBX Enrollment flag as we are Passive ID=%u\n", stream->id));
- }
- }
-
- stream->cache_ttl = ZRTP_MIN(session->profile.cache_ttl, zrtp_ntoh32(confirm->expired_interval));
-
- /* Copy packet for future hashing */
- zrtp_memcpy(&stream->messages.peer_confirm, confirm, zrtp_ntoh16(confirm->hdr.length)*4);
-
- return zrtp_status_ok;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp responder"
-
-extern zrtp_status_t _zrtp_machine_start_initiating_secure(zrtp_stream_t *stream);
-
-/* These functions construct packets for further replies. */
-static zrtp_status_t _prepare_dhpart1(zrtp_stream_t *stream);
-static zrtp_status_t _prepare_confirm1(zrtp_stream_t *stream);
-
-/* Functions which are used to answer the Initiator's requests */
-static void _send_dhpart1(zrtp_stream_t *stream);
-static void _send_confirm1(zrtp_stream_t *stream);
-
-/*
- * Parses crypto-components list chosen by the initiator. doesn't perform any
- * tests. Commit was fully checked by previous call of _zrtp_machine_preparse_commit().
- * \exception: Handles all exceptions -- informs user and switches to CLEAR.
- * (zrtp_error_XXX_unsp and zrtp_error_software errors.)
- */
-static zrtp_status_t _zrtp_machine_process_commit( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet);
-
-/*
- * Parses DH packet: check for MitM1, MitM2 attacks and makes a copy of it for further usage.
- * \exception: (MITM attacks, SOFTWARE) Informs user and switches to CLEAR.
- */
-static zrtp_status_t _zrtp_machine_process_dhpart2( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet);
-
-/*
- * Just a wrapper over the protocol::_zrtp_machine_process_confirm().
- * \exception: (AUTH attacks, SOFTWARE) Informs user and switches to CLEAR.
- */
-static zrtp_status_t _zrtp_machine_process_confirm2( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet);
-
-
-/*===========================================================================*/
-/* State handlers */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_pendingsecure( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_COMMIT:
- _send_dhpart1(stream);
- break;
-
- case ZRTP_DHPART2:
- s = _zrtp_machine_process_dhpart2(stream, packet);
- if (zrtp_status_ok != s) {
- break;
- }
-
- /* Perform Keys generation according to draft 5.6 */
- s = _zrtp_set_public_value(stream, 0);
- if (zrtp_status_ok != s) {
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- break;
- }
-
- s = _prepare_confirm1(stream);
- if (zrtp_status_ok != s) {
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- break;
- }
-
- _zrtp_change_state(stream, ZRTP_STATE_WAIT_CONFIRM2);
- _send_confirm1(stream);
- break;
-
- case ZRTP_NONE:
- s = zrtp_status_drop;
- break;
-
- default:
- break;
- }
-
- return s;
-}
-
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_while_in_waitconfirm2( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t status = zrtp_status_ok;
-
- switch (packet->type)
- {
- case ZRTP_DHPART2:
- if (ZRTP_IS_STREAM_DH(stream)) {
- _send_confirm1(stream);
- }
- break;
-
- case ZRTP_COMMIT:
- if (ZRTP_IS_STREAM_FAST(stream)) {
- _send_confirm1(stream);
- }
- break;
-
- case ZRTP_CONFIRM2:
- status = _zrtp_machine_process_confirm2(stream, packet);
- if (zrtp_status_ok == status) {
- _zrtp_packet_send_message(stream, ZRTP_CONFIRM2ACK, NULL);
- status = _zrtp_machine_enter_secure(stream);
- }
- break;
-
- case ZRTP_NONE:
- status = zrtp_status_drop;
- break;
-
- default:
- break;
- }
-
- return status;
-}
-
-
-/*===========================================================================*/
-/* States switchers */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_enter_pendingsecure( zrtp_stream_t* stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_status_t s = zrtp_status_ok;
-
- ZRTP_LOG(3,(_ZTU_,"\tENTER STATE PENDING SECURE for ID=%u mode=%s state=%s.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->state)));
-
- do
- {
- if (!ZRTP_IS_STREAM_MULT(stream)) {
- zrtp_packet_Commit_t *commit = (zrtp_packet_Commit_t*) packet->message;
-
- stream->session->hash = zrtp_comp_find( ZRTP_CC_HASH,
- zrtp_comp_type2id(ZRTP_CC_HASH, (char*)commit->hash_type),
- stream->zrtp);
- stream->session->blockcipher = zrtp_comp_find( ZRTP_CC_CIPHER,
- zrtp_comp_type2id(ZRTP_CC_CIPHER, (char*)commit->cipher_type),
- stream->zrtp);
- stream->session->authtaglength = zrtp_comp_find( ZRTP_CC_ATL,
- zrtp_comp_type2id(ZRTP_CC_ATL, (char*)commit->auth_tag_length),
- stream->zrtp);
- stream->session->sasscheme = zrtp_comp_find( ZRTP_CC_SAS,
- zrtp_comp_type2id(ZRTP_CC_SAS, (char*)commit->sas_type),
- stream->zrtp);
-
- ZRTP_LOG(3,(_ZTU_,"\tRemote COMMIT specified following options:\n"));
- ZRTP_LOG(3,(_ZTU_,"\t Hash: %.4s\n", commit->hash_type));
- ZRTP_LOG(3,(_ZTU_,"\t Cipher: %.4s\n", commit->cipher_type));
- ZRTP_LOG(3,(_ZTU_,"\t ATL: %.4s\n", commit->auth_tag_length));
- ZRTP_LOG(3,(_ZTU_,"\t PK scheme: %.4s\n", commit->public_key_type));
- ZRTP_LOG(3,(_ZTU_,"\tVAD scheme: %.4s\n", commit->sas_type));
- }
-
- if (ZRTP_IS_STREAM_DH(stream)) {
- _zrtp_change_state(stream, ZRTP_STATE_PENDINGSECURE);
-
- /*
- * If stream->concurrent is set this means that we stopped a concurrent
- * DH stream to break a tie. This can happen when Commit messages are
- * sent by both ZRTP endpoints at the same time, but are received in
- * different media streams. Now current stream has finished DH setup and
- * we can resume the other one.
- */
- if (stream->concurrent) {
- zrtp_stream_t* tctx = stream->concurrent;
- stream->concurrent = NULL;
- ZRTP_LOG(3,(_ZTU_,"\tRelease2 Concurrent stream=%u ID=%u\n", tctx->id, stream->id));
- _zrtp_machine_start_initiating_secure(tctx);
- }
-
- s = _zrtp_protocol_init(stream, 0, &stream->protocol);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = _zrtp_machine_process_commit(stream, packet); /* doesn't throw exception */
- if (zrtp_status_ok != s) {
- break; /* Software error */
- }
-
- s = _prepare_dhpart1(stream);
- if (zrtp_status_ok != s) {
- break; /* EH: Always successful */
- }
-
- _zrtp_machine_process_while_in_pendingsecure(stream, packet);
-
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PENDINGSECURE);
- }
- }
- else
- {
- _zrtp_change_state(stream, ZRTP_STATE_WAIT_CONFIRM2);
-
- s = _zrtp_protocol_init(stream, 0, &stream->protocol);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = _zrtp_machine_process_commit(stream, packet); /* doesn't throw exception */
- if (zrtp_status_ok != s) {
- break; /* Software error */
- }
-
- s = _zrtp_set_public_value(stream, 0);
- if (zrtp_status_ok != s) {
- break; /* Software error */
- }
-
- s = _prepare_confirm1(stream);
- if (zrtp_status_ok != s) {
- break; /* Software error */
- }
-
- _send_confirm1(stream);
- }
- } while (0);
-
- if (zrtp_status_ok != s) {
- if (stream->protocol) {
- _zrtp_protocol_destroy(stream->protocol);
- stream->protocol = NULL;
- }
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_software, 1);
- }
-
- return s;
-}
-
-
-/*===========================================================================*/
-/* Packets handlers */
-/*===========================================================================*/
-
-/*---------------------------------------------------------------------------*/
-static zrtp_status_t _check_commit(zrtp_stream_t *stream, zrtp_packet_Commit_t *commit)
-{
- do {
- /* check PUBLIC KEY TYPE */
- if (0 > zrtp_profile_find( &stream->session->profile,
- ZRTP_CC_PKT,
- zrtp_comp_type2id(ZRTP_CC_PKT, (char*)commit->public_key_type)))
- {
- /* Can't talk to them. ZRTP public key type not supported by current profile */
- ZRTP_LOG(2,(_ZTU_,"\tINFO: PKExch %.4s isn't supported by profile. ID=%u\n",
- commit->public_key_type, stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_pktype_unsp, 1);
- break;
- }
-
- /* check HASH scheme */
- if ( 0 > zrtp_profile_find( &stream->session->profile,
- ZRTP_CC_HASH,
- zrtp_comp_type2id(ZRTP_CC_HASH, (char*)commit->hash_type)) )
- {
- /* Can't talk to them. ZRTP hash type not supported by current profile */
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Hash %.4s isn't supported by profile. ID=%u\n",
- commit->hash_type, stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_hash_unsp, 1);
- break;
- }
-
- /* check CIPHER type */
- if ( 0 > zrtp_profile_find( &stream->session->profile,
- ZRTP_CC_CIPHER,
- zrtp_comp_type2id(ZRTP_CC_CIPHER, (char*)commit->cipher_type)) )
- {
- /* Can't talk to them. ZRTP cipher type not supported by current profile */
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Cipher %.4s isn't supported by profile. ID=%u\n",
- commit->cipher_type, stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_cipher_unsp, 1);
- break;
- }
-
- /* check AUTH TAG LENGTH */
- if ( 0 > zrtp_profile_find( &stream->session->profile,
- ZRTP_CC_ATL,
- zrtp_comp_type2id(ZRTP_CC_ATL, (char*)commit->auth_tag_length)) )
- {
- /* Can't talk to them. ZRTP auth tag length not supported by current profile */
- ZRTP_LOG(2,(_ZTU_,"\tINFO: Authtag %.4s isn't supported by profile. ID=%u\n",
- commit->auth_tag_length, stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_auth_unsp, 1);
- break;
- }
-
- /* check SAS scheme */
- if ( 0 > zrtp_profile_find( &stream->session->profile,
- ZRTP_CC_SAS,
- zrtp_comp_type2id(ZRTP_CC_SAS, (char*)commit->sas_type)) )
- {
- /* Can't talk to them. ZRTP SAS scheme not supported by current profile */
- ZRTP_LOG(2,(_ZTU_,"\tINFO: SAS %.4s isn't supported by profile. ID=%u\n",
- commit->sas_type, stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_sas_unsp, 1);
- break;
- }
-
- return zrtp_status_ok;
- } while (0);
-
- return zrtp_status_fail;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_statemachine_type_t _zrtp_machine_preparse_commit( zrtp_stream_t *stream,
- zrtp_rtp_info_t* packet)
-{
- zrtp_packet_Commit_t *commit = (zrtp_packet_Commit_t*) packet->message;
- zrtp_statemachine_type_t res = ZRTP_STATEMACHINE_RESPONDER;
-
- zrtp_pktype_id_t his_pkt = zrtp_comp_type2id(ZRTP_CC_PKT, (char*)commit->public_key_type);
- zrtp_stream_mode_t his_mode = (his_pkt == ZRTP_PKTYPE_PRESH) ? ZRTP_STREAM_MODE_PRESHARED : (his_pkt == ZRTP_PKTYPE_MULT) ? ZRTP_STREAM_MODE_MULT : ZRTP_STREAM_MODE_DH;
-
- ZRTP_LOG(3,(_ZTU_,"\tPreparse incoming COMMIT. Remote peer wants %.4s:%d mode lic=%d peer M=%d.\n",
- commit->public_key_type, his_mode, stream->zrtp->lic_mode, stream->peer_mitm_flag));
-
- /*
- * Checking crypto components chosen by other peer for stream establishment
- */
- if (zrtp_status_ok != _check_commit(stream, commit)) {
- return ZRTP_STATEMACHINE_NONE;
- }
-
- /*
- * Passive ZRTP endpoint can't talk to ZRTP MiTM endpoints.
- */
- if (!ZRTP_PASSIVE3_TEST(stream)) {
- ZRTP_LOG(2,(_ZTU_,"\tERROR: The endpoint is in passive mode and can't handle"
- " connections with MiTM endpoints. ID=%u\n", stream->id));
- if (stream->zrtp->cb.event_cb.on_zrtp_protocol_event ) {
- stream->zrtp->cb.event_cb.on_zrtp_protocol_event(stream, ZRTP_EVENT_IS_PASSIVE_RESTRICTION);
- }
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_service_unavail, 1);
- return ZRTP_STATEMACHINE_NONE;
- }
-
- /*
- * Both sides are in "Initiating" state we need to break the tie:
- * - if both sides wants to use the same scheme - side with lower vh switches to
- * "Responder" state.
- * - if both sides wants to use Preshared scheme and one of the sides are in MiTM mode it
- * should switch to Responder state
- * - if one side wants Preshared and onother one DH - DH should win.
- * - rest of the combinations (DH - Multistream, Preshared - Multistream) are deperecated by the RFC
- */
- if (ZRTP_STATE_INITIATINGSECURE == stream->state)
- {
- zrtp_pktype_id_t my_pkt = stream->pubkeyscheme->base.id;
- zrtp_stream_mode_t my_mode = (my_pkt == ZRTP_PKTYPE_PRESH) ? ZRTP_STREAM_MODE_PRESHARED : (my_pkt == ZRTP_PKTYPE_MULT) ? ZRTP_STREAM_MODE_MULT : ZRTP_STREAM_MODE_DH;
-
- ZRTP_LOG(2,(_ZTU_,"\tBoth sides are in INITIATINGSECURE State - BREACK the TIE. ID=%u\n", stream->id));
-
- if (his_mode == my_mode) {
- if ( (his_mode == ZRTP_STREAM_MODE_PRESHARED) && (stream->peer_mitm_flag || stream->zrtp->is_mitm)) {
- if (stream->peer_mitm_flag) {
- ZRTP_LOG(3,(_ZTU_,"\tWe running in Gneral ZRTP Endpoint mode, but the"
- " remote side is in MiTM - stay Initiating state.\n"));
- res = ZRTP_STATEMACHINE_INITIATOR;
- }
- } else {
- if (zrtp_memcmp( stream->protocol->cc->hv.buffer,
- commit->hv,
- (his_mode == ZRTP_STREAM_MODE_DH) ? ZRTP_HV_SIZE : ZRTP_HV_NONCE_SIZE) > 0) {
- ZRTP_LOG(3,(_ZTU_,"\tWe have Commit with greater HV so stay Initiating state.\n"));
- res = ZRTP_STATEMACHINE_INITIATOR;
- }
- }
- } else {
- if (my_mode == ZRTP_STREAM_MODE_DH) {
- ZRTP_LOG(3,(_ZTU_,"\tOther peer sent Non DH Commit but we want DH - stay Initiating state.\n"));
- res = ZRTP_STATEMACHINE_INITIATOR;
- }
- }
- }
-
- if (res == ZRTP_STATEMACHINE_RESPONDER)
- {
- /*
- * If other peer wants to switch "Preshared" we must be ready for this. Check
- * for secrets availability and if we can't use "Preshared" we should force other
- * peer to switch to "DH" mode. For this purpose we use our own Commit with DHxK
- * in it. Such Commit should win competition in any case.
- */
- if ((his_mode == ZRTP_STREAM_MODE_PRESHARED) && !stream->session->secrets.rs1->_cachedflag) {
- ZRTP_LOG(3,(_ZTU_, "\tOther peer wants Preshared mode but we have no secrets.\n"));
- res = ZRTP_STATEMACHINE_INITIATOR;
- }
-
- /*
- * If other peer wants to switch "Multistream" we must be ready for this. Check
- * for ZRTPSess key availability. If we can't use "Multistream" we should force other
- * peer to switch to "DH" mode. For this purpose we use our own Commit with DHxK
- * in it. Such Commit should win competition in any case.
- */
- if ((his_mode == ZRTP_STREAM_MODE_MULT) && !stream->session->zrtpsess.length) {
- ZRTP_LOG(3,(_ZTU_,"\tOther peer wants Preshared mode but we have no secrets.\n"));
- res = ZRTP_STATEMACHINE_INITIATOR;
- }
-
- /*
- * If other peer wants "Full DH" exchange but ZRTP Session key have been already
- * computed - there is no sense in doing this. What is more, ZRTP Specification
- * doesn't allow doing this.
- */
- if ((his_mode == ZRTP_STREAM_MODE_DH) && (stream->session->zrtpsess.length > 0)) {
- ZRTP_LOG(3,(_ZTU_,"\tOther peer wants DH mode but we have ZRTP session and ready for Multistream.\n"));
- res = ZRTP_STATEMACHINE_NONE;
- }
- }
-
- /*
- * If we decided to use Responder's state-machine - only one DH or Preshared stream
- * can be run at the moment so check states.
- */
- if ((res == ZRTP_STATEMACHINE_RESPONDER) && !_zrtp_can_start_stream(stream, &stream->concurrent, his_mode))
- {
- ZRTP_LOG(3,(_ZTU_,"\tCan't handle COMMIT another DH with ID=%u is in progress.\n", stream->concurrent->id));
-
- if ( (stream->concurrent->state <= ZRTP_STATE_INITIATINGSECURE) &&
- (zrtp_memcmp(stream->concurrent->protocol->cc->hv.buffer, commit->hv, ZRTP_HV_SIZE) < 0) )
- {
- ZRTP_LOG(3,(_ZTU_,"\tPossible DEADLOCK Resolving. STOP CONCURRENT"
- " Stream with ID=%u\n",stream->concurrent->id));
- _zrtp_cancel_send_packet_later(stream->concurrent, ZRTP_NONE);
- } else {
- res = ZRTP_STATEMACHINE_NONE;
- }
- }
-
- if (res == ZRTP_STATEMACHINE_RESPONDER) {
- ZRTP_LOG(3,(_ZTU_,"\tChosen Responder State-Machine. Change Mode to %s,"
- " pkt to %.4s\n", zrtp_log_mode2str(his_mode), commit->public_key_type));
- stream->mode = his_mode;
- stream->pubkeyscheme = zrtp_comp_find(ZRTP_CC_PKT, his_pkt, stream->zrtp);
- } else {
- ZRTP_LOG(3,(_ZTU_,"\tChosen Initiator State-Machine. Stay in current Mode\n"));
- }
-
- return res;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_commit(zrtp_stream_t* stream, zrtp_rtp_info_t* packet)
-{
- zrtp_packet_Commit_t *commit = (zrtp_packet_Commit_t*) packet->message;
-
- switch (stream->mode)
- {
- case ZRTP_STREAM_MODE_DH:
- zrtp_zstrncpyc( ZSTR_GV(stream->protocol->cc->peer_hv),
- (const char*)commit->hv,
- ZRTP_HV_SIZE);
- break;
- case ZRTP_STREAM_MODE_PRESHARED:
- zrtp_zstrncpyc( ZSTR_GV(stream->protocol->cc->peer_hv),
- (const char*)commit->hv + ZRTP_HV_NONCE_SIZE,
- ZRTP_HV_NONCE_SIZE);
- case ZRTP_STREAM_MODE_MULT:
- zrtp_zstrncpyc( ZSTR_GV(stream->protocol->cc->peer_hv),
- (const char*)commit->hv,
- ZRTP_HV_NONCE_SIZE);
- break;
- default: break;
- }
-
- /* Copy Commit packet for further hashing */
- zrtp_memcpy(&stream->messages.peer_commit, commit, zrtp_ntoh16(commit->hdr.length)*4);
-
- return zrtp_status_ok;
-}
-
-
-/*----------------------------------------------------------------------------*/
-static zrtp_status_t _zrtp_machine_process_dhpart2( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet)
-{
- zrtp_status_t s = zrtp_status_ok;
- zrtp_proto_crypto_t* cc = stream->protocol->cc;
- zrtp_packet_DHPart_t *dhpart2 = (zrtp_packet_DHPart_t*) packet->message;
- void *hash_ctx = NULL;
-
- /*
- * Verify hash commitment. (Compare hvi calculated from DH with peer hvi from COMMIT)
- * According to the last version of the internet draft 04a. Hvi should be
- * computed as: hvi=hash(initiator's DHPart2 message | responder's Hello message)
- */
- hash_ctx = stream->session->hash->hash_begin(stream->session->hash);
- if (!hash_ctx) {
- return zrtp_status_fail;
- }
-
- stream->session->hash->hash_update( stream->session->hash,
- hash_ctx,
- (const int8_t*)dhpart2,
- zrtp_ntoh16(dhpart2->hdr.length)*4);
- stream->session->hash->hash_update( stream->session->hash,
- hash_ctx,
- (const int8_t*)&stream->messages.hello,
- zrtp_ntoh16(stream->messages.hello.hdr.length)*4);
- stream->session->hash->hash_end( stream->session->hash,
- hash_ctx,
- ZSTR_GV(cc->hv));
-
- /* Truncate comuted hvi to 256 bit. The same length as transferred in Commit message.*/
- cc->hv.length = ZRTP_HASH_SIZE;
-
- if (0 != zrtp_zstrcmp(ZSTR_GV(cc->hv), ZSTR_GV(cc->peer_hv))) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR!" ZRTP_MIM2_WARNING_STR " ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_possible_mitm2, 1);
- return zrtp_status_fail;
- }
-
- /* Validate DH exchange (pvi is 1 or p-1). For DH streams only */
- bnInsertBigBytes(&stream->dh_cc.peer_pv, dhpart2->pv, 0, stream->pubkeyscheme->pv_length);
-
- s = stream->pubkeyscheme->validate(stream->pubkeyscheme, &stream->dh_cc.peer_pv);
- if (zrtp_status_ok != s) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR!" ZRTP_MITM1_WARNING_STR " ID=%u\n", stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_possible_mitm1, 1);
- return s;
- }
-
- /* Copy DH Part2 packet for future hashing */
- zrtp_memcpy(&stream->messages.peer_dhpart, dhpart2, zrtp_ntoh16(dhpart2->hdr.length)*4);
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_machine_process_confirm2( zrtp_stream_t *stream,
- zrtp_rtp_info_t *packet)
-{
- zrtp_packet_Confirm_t *confirm2 = (zrtp_packet_Confirm_t*) packet->message;
- return _zrtp_machine_process_confirm(stream, confirm2);
-}
-
-
-/*===========================================================================*/
-/* Packets senders */
-/*===========================================================================*/
-
-/*----------------------------------------------------------------------------*/
-static void _send_dhpart1(zrtp_stream_t *stream)
-{
- _zrtp_packet_send_message(stream, ZRTP_DHPART1, &stream->messages.dhpart);
-}
-
-static zrtp_status_t _prepare_dhpart1(zrtp_stream_t *stream)
-{
- zrtp_proto_crypto_t* cc = stream->protocol->cc;
- zrtp_packet_DHPart_t *dh1 = &stream->messages.dhpart;
- uint16_t dh_length = (uint16_t)stream->pubkeyscheme->pv_length;
-
- zrtp_memcpy(dh1->rs1ID, cc->rs1.id.buffer, ZRTP_RSID_SIZE);
- zrtp_memcpy(dh1->rs2ID, cc->rs2.id.buffer, ZRTP_RSID_SIZE);
- zrtp_memcpy(dh1->auxsID, cc->auxs.id.buffer, ZRTP_RSID_SIZE);
- zrtp_memcpy(dh1->pbxsID, cc->pbxs.id.buffer, ZRTP_RSID_SIZE);
-
- bnExtractBigBytes(&stream->dh_cc.pv, dh1->pv, 0, dh_length);
-
- _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_DHPART1,
- dh_length + ZRTP_DH_STATIC_SIZE + ZRTP_HMAC_SIZE,
- &dh1->hdr);
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-static void _send_confirm1(zrtp_stream_t *stream)
-{
- _zrtp_packet_send_message(stream, ZRTP_CONFIRM1, &stream->messages.confirm);
-}
-
-static zrtp_status_t _prepare_confirm1(zrtp_stream_t *stream)
-{
- zrtp_status_t s = _zrtp_machine_create_confirm(stream, &stream->messages.confirm);
- if (zrtp_status_ok == s) {
- s = _zrtp_packet_fill_msg_hdr( stream,
- ZRTP_CONFIRM1,
- sizeof(zrtp_packet_Confirm_t) - sizeof(zrtp_msg_hdr_t),
- &stream->messages.confirm.hdr);
- }
-
- return s;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp rng"
-
-#define MD_DIGEST_LENGTH SHA512_DIGEST_SIZE
-#define MD_CTX_init(a)
-#define MD_Init(a) sha512_begin(a)
-#define MD_Final(a,b) sha512_end(b,a)
-#define MD_Cleanup(a) zrtp_memset(a,0,sizeof(*a));
-
-
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
-
-#include <Wincrypt.h>
-
-HCRYPTPROV g_hCryptProv;
-
-zrtp_status_t NtLmInitializeRNG(VOID)
-{
- BOOL fSuccess;
-
- if (g_hCryptProv != 0) {
- return zrtp_status_ok;
- }
-
- fSuccess = CryptAcquireContext( &g_hCryptProv,
- NULL,
- NULL,
- PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT);
-
- return (TRUE == fSuccess) ? zrtp_status_ok : zrtp_status_fail;
-}
-
-void NtLmCleanupRNG(VOID)
-{
- if (g_hCryptProv) {
- CryptReleaseContext(g_hCryptProv, 0);
- g_hCryptProv = 0;
- }
-}
-
-int zrtp_add_system_state(zrtp_global_t* zrtp, MD_CTX *ctx)
-{
- uint8_t buffer[64];
-
- if(!CryptGenRandom(g_hCryptProv, sizeof(buffer), buffer)) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! Error during CryptGenRandom.\n"));
- return 0;
- }
-
- MD_Update(ctx, buffer, sizeof(buffer));
- ZeroMemory((PVOID)buffer, sizeof(buffer));
-
- return sizeof(buffer);
-}
-
-#elif (ZRTP_PLATFORM == ZP_WIN32_KERNEL)
-
-#include <Ndis.h>
-
-/*----------------------------------------------------------------------------*/
-int zrtp_add_system_state(zrtp_global_t* zrtp, MD_CTX *ctx)
-{
- LARGE_INTEGER li1;
- LARGE_INTEGER li2;
- ULONG ul1;
- ULONG ul2;
- ULONGLONG ull;
- PKTHREAD thread;
- static int tsc_ok = 1;
- /*
- * WARNING!
- * Of course it's not a real size of entropy added to the context. It's very
- * difficult to compute the size of real random data and estimate its quality.
- * This value means: size of maximum possible random data which this function can provide.
- */
- static int entropy_length = sizeof(LARGE_INTEGER)*2 + sizeof(PKTHREAD) +
- sizeof(ULONG)*2 + sizeof(LARGE_INTEGER)*2 + sizeof(ULONG)*2;
-
- li2 = KeQueryPerformanceCounter(&li1);
- MD_Update(ctx, &li1, sizeof(LARGE_INTEGER));
- MD_Update(ctx, &li2, sizeof(LARGE_INTEGER));
-
- ull = KeQueryInterruptTime();
- MD_Update(ctx, &ull, sizeof(ULONGLONG));
-
- thread = KeGetCurrentThread();
- MD_Update(ctx, &thread, sizeof(PKTHREAD));
- ul2 = KeQueryRuntimeThread(thread, &ul1);
- MD_Update(ctx, &ul1, sizeof(ULONG));
- MD_Update(ctx, &ul2, sizeof(ULONG));
-
- KeQuerySystemTime(&li1);
- MD_Update(ctx, &li1, sizeof(LARGE_INTEGER));
-
- KeQueryTickCount(&li1);
- MD_Update(ctx, &li1, sizeof(LARGE_INTEGER));
-
- if (tsc_ok) {
- __try {
- ull = _RDTSC();
- MD_Update(ctx, &ull, sizeof(ULONGLONG));
- } __except(EXCEPTION_EXECUTE_HANDLER) {
- tsc_ok = 0;
- }
- }
-
- return entropy_length;
-}
-
-#elif ((ZRTP_PLATFORM == ZP_SYMBIAN))
-/*
- * WARNING!
- * This is just a stub to let you start with something little bit better then zero.
- * We have no possibility to implement entropy collection in this abstract cross-platform
- * application. This function MUST NOT be used as example in real applications. For more
- * information read \ref RNG in developers guide
- *
- * To add real entropy - capture random data from microphone and camera.
- */
-extern uint32_t zrtp_symbian_kernel_random();
-extern uint32_t zrtp_sum_of_pid_and_number_of_poccesses();
-extern uint64_t zrtp_get_system_time_crazy();
-extern unsigned int zrtp_get_pid();
-extern uint32_t zrtp_get_availible_heap();
-
-
-int zrtp_add_system_state(zrtp_global_t* zrtp, MD_CTX *ctx) {
- uint64_t sysdate;
- unsigned int pid;
- uint32_t crazy_pid_sum;
-
- uint32_t heap_size;
-
- static int entropy_length = sizeof(sysdate) + sizeof(pid)
- + sizeof(crazy_pid_sum) + sizeof(heap_size);
- sysdate = zrtp_get_system_time_crazy();
- MD_Update(ctx,&sysdate,sizeof(sysdate));
-
- pid = zrtp_get_pid();
-
- MD_Update(ctx,&pid,sizeof(pid));
-
- crazy_pid_sum = zrtp_sum_of_pid_and_number_of_poccesses();
- MD_Update(ctx,&crazy_pid_sum,sizeof(crazy_pid_sum));
-
- heap_size = zrtp_get_availible_heap();
- MD_Update(ctx,&heap_size,sizeof(heap_size));
-
- return entropy_length;
-}
-
-#elif ( (ZRTP_PLATFORM == ZP_LINUX) || (ZRTP_PLATFORM == ZP_DARWIN) || (ZRTP_PLATFORM == ZP_BSD) || (ZRTP_PLATFORM == ZP_ANDROID) )
-
-#if ZRTP_HAVE_STDIO_H == 1
-# include <stdio.h>
-#else
-# error "Used environment dosn't have <stdio.h> - zrtp_rng.c can't be build."
-#endif
-
-/*----------------------------------------------------------------------------*/
-int zrtp_add_system_state(zrtp_global_t* zrtp, MD_CTX *ctx)
-{
- uint8_t buffer[64];
- size_t bytes_read = 0;
- static size_t length= sizeof(buffer);
- FILE *fp = NULL;
-
- fp = fopen("/dev/urandom", "rb");
- if (!fp) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! can't get access to /dev/urandom - trying /dev/random.\n"));
- fp = fopen("/dev/random", "rb");
- }
-
- if (fp) {
- int number_of_retries = 1024;
- while ((bytes_read < length) && (number_of_retries-- > 0)) {
- setbuf(fp, NULL); /* Otherwise fread() tries to read() 4096 bytes or other default value */
- bytes_read += fread(buffer+bytes_read, 1, length-bytes_read, fp);
- }
-
- if (0 != fclose(fp)) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! unable to cloas /dev/random\n"));
- }
- } else {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! RNG Can't open /dev/random\n"));
- }
-
- if (bytes_read < length) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! can't read random string! Current session have to be closed.\n"));
- return -1;
- }
-
- MD_Update(ctx, buffer, length);
- zrtp_memset(buffer, 0, sizeof(buffer));
-
- return bytes_read;
-}
-
-#endif
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t zrtp_init_rng(zrtp_global_t* zrtp)
-{
- if (!zrtp->rand_initialized) {
- zrtp_mutex_init(&zrtp->rng_protector);
- MD_Init(&zrtp->rand_ctx);
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
- if (zrtp_status_ok != NtLmInitializeRNG()) {
- ZRTP_LOG(1,(_ZTU_,"\tERROR! during CryptAcquireContext!\n"));
- return zrtp_status_fail;
- }
-#endif
- zrtp->rand_initialized = 1;
- }
-
- return zrtp_status_ok;
-}
-
-void zrtp_down_rng(zrtp_global_t* zrtp)
-{
- if (zrtp->rand_initialized) {
- zrtp_mutex_destroy(zrtp->rng_protector);
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WIN64) || (ZRTP_PLATFORM == ZP_WINCE)
- NtLmCleanupRNG();
-#endif
- zrtp->rand_initialized = 0;
- }
-}
-
-
-/*
- * Call this to add entropy to the system from the given buffer,
- * and also from the system state. It's OK to pass a null buffer
- * with a length of zero, then we will just use the system entropy.
- */
-/*----------------------------------------------------------------------------*/
-int zrtp_entropy_add(zrtp_global_t* zrtp, const unsigned char *buffer, uint32_t length)
-{
- if (buffer && length) {
- MD_Update(&zrtp->rand_ctx, buffer, length);
- }
-
- return zrtp_add_system_state(zrtp, &zrtp->rand_ctx);
-}
-
-
-/*
- * Random bits are produced as follows.
- * First stir new entropy into the random state (zrtp->rand_ctx).
- * Then make a copy of the random context and finalize it.
- * Use the digest to seed an AES-256 context and, if space remains, to
- * initialize a counter.
- * Then encrypt the counter with the AES-256 context, incrementing it
- * per block, until we have produced the desired quantity of data.
- */
-/*----------------------------------------------------------------------------*/
-int zrtp_randstr(zrtp_global_t* zrtp, unsigned char *buffer, uint32_t length)
-{
- //TODO: replace bg_aes_xxx() with our own block cipher component.
- //TODO: Do the same with the hash functions.
-
- aes_encrypt_ctx aes_ctx;
- MD_CTX rand_ctx2;
- unsigned char md[MD_DIGEST_LENGTH];
- unsigned char ctr[AES_BLOCK_SIZE];
- unsigned char rdata[AES_BLOCK_SIZE];
- uint32_t generated = length;
-
- /*
- * In few cases we need to gerate random value before initializing libzrtp engine.
- * Following trick makes it possible.
- */
- if (!zrtp->rand_initialized) {
- if (zrtp_status_ok != zrtp_init_rng(zrtp)) {
- return -1;
- }
- }
-
- zrtp_mutex_lock(zrtp->rng_protector);
-
- /*
- * Add entropy from system state
- * We will include whatever happens to be in the buffer, it can't hurt
- */
- if ( 0 > zrtp_entropy_add(zrtp, buffer, length) ) {
- zrtp_mutex_unlock(zrtp->rng_protector);
- return -1;
- }
-
- /* Copy the zrtp->rand_ctx and finalize it into the md buffer */
- rand_ctx2 = zrtp->rand_ctx;
- MD_Final(&rand_ctx2, md);
-
- zrtp_mutex_unlock(zrtp->rng_protector);
-
- /* Key an AES context from this buffer */
- zrtp_bg_aes_encrypt_key256(md, &aes_ctx);
-
- /* Initialize counter, using excess from md if available */
- zrtp_memset (ctr, 0, sizeof(ctr));
- if (MD_DIGEST_LENGTH > (256/8)) {
- uint32_t ctrbytes = MD_DIGEST_LENGTH - (256/8);
- if (ctrbytes > AES_BLOCK_SIZE)
- ctrbytes = AES_BLOCK_SIZE;
- zrtp_memcpy(ctr + sizeof(ctr) - ctrbytes, md + (256/8), ctrbytes);
- }
-
- /* Encrypt counter, copy to destination buffer, increment counter */
- while (length)
- {
- unsigned char *ctrptr;
- uint32_t copied;
- zrtp_bg_aes_encrypt(ctr, rdata, &aes_ctx);
- copied = (sizeof(rdata) < length) ? sizeof(rdata) : length;
- zrtp_memcpy (buffer, rdata, copied);
- buffer += copied;
- length -= copied;
-
- /* Increment counter */
- ctrptr = ctr + sizeof(ctr) - 1;
- while (ctrptr >= ctr) {
- if ((*ctrptr-- += 1) != 0) {
- break;
- }
- }
- }
-
- /* Done! Cleanup and exit */
- MD_Cleanup (&rand_ctx2);
- MD_Cleanup (md);
- MD_Cleanup (&aes_ctx);
- MD_Cleanup (ctr);
- MD_Cleanup (rdata);
-
- return generated;
-}
-
-int zrtp_randstr2(unsigned char *buffer, uint32_t length) {
- zrtp_global_t zrtp;
- zrtp.rand_initialized = 0;
- return zrtp_randstr(&zrtp, buffer, length);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Vitaly Rozhkov <v.rozhkov at soft-industry.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp srtp"
-
-#if (!defined(ZRTP_USE_EXTERN_SRTP)) || (ZRTP_USE_EXTERN_SRTP == 0)
-
-
-/* constants that are used for packet's parsing */
-#define octets_in_rtp_header 12
-#define uint32s_in_rtp_header 3
-#define octets_in_rtcp_header 8
-#define uint32s_in_rtcp_header 2
-
-
-/*
- defines to make work with cipher component little bit easy
-*/
-#define zrtp_cipher_init(self) \
- ( ((self)->cipher)->init(((self)->cipher)) )
-
-#define zrtp_cipher_start(self, key, extra_data, mode) \
- ( ((self)->cipher)->start(((self)->cipher), (key), (extra_data), (mode)) )
-
-#define zrtp_cipher_set_iv(self, iv) \
- ( ((self)->cipher)->set_iv( ((self)->cipher), ((self)->ctx), (iv)) )
-
-#define zrtp_cipher_encrypt(self, buf, len) \
- ( ((self)->cipher)->encrypt( ((self)->cipher), ((self)->ctx), (buf), (len)) )
-
-#define zrtp_cipher_decrypt(self, buf, len) \
- ( ((self)->cipher)->decrypt( ((self)->cipher), ((self)->ctx), (buf), (len)) )
-
-#define zrtp_cipher_self_test(self) \
- ( ((self)->cipher)->self_test(((self)->cipher)) )
-
-#define zrtp_cipher_stop(self) \
- ( ((self)->cipher)->stop(((self)->cipher), ((self)->ctx)) )
-
-#define zrtp_cipher_free(self) \
- ( ((self)->cipher)->free(((self)->cipher)) )
-
-
-
-
-/*===========================================================================*/
-/* Replay protection serve functions set */
-/*===========================================================================*/
-
-
-/*! \brief Allocates and initializes replay protection context. Initialize
- * mutexes and linked lists.
- * \return
- * - allocated replay protection context
- * - NULL if error
- */
-/*---------------------------------------------------------------------------*/
-zrtp_rp_ctx_t* rp_init()
-{
- zrtp_rp_ctx_t *ctx = zrtp_sys_alloc(sizeof(zrtp_rp_ctx_t));
- if(NULL == ctx){
- return NULL;
- }
-
- if(zrtp_status_ok != zrtp_mutex_init(&ctx->inc_sync)){
- zrtp_sys_free(ctx);
- return NULL;
- }
-
- if(zrtp_status_ok != zrtp_mutex_init(&ctx->out_sync)){
- zrtp_mutex_destroy(ctx->inc_sync);
- zrtp_sys_free(ctx);
- return NULL;
- }
-
- init_mlist(&ctx->inc_head.mlist);
- init_mlist(&ctx->out_head.mlist);
-
- return ctx;
-}
-
-
-/*! \brief Deinitializes and deallocates replay protection context.
- * \param ctx - replay protection context
- * \return
- * - zrtp_status_ok
- */
-/*---------------------------------------------------------------------------*/
-zrtp_status_t rp_destroy(zrtp_rp_ctx_t *ctx)
-{
- mlist_t *pos, *n;
- zrtp_rp_node_t *node = NULL;
-
- /*free all existing replay protection nodes in the incoming list*/
- zrtp_mutex_lock(ctx->inc_sync);
- mlist_for_each_safe(pos, n, &ctx->inc_head.mlist){
- node = mlist_get_struct(zrtp_rp_node_t, mlist, pos);
- mlist_del(&node->mlist);
- zrtp_sys_free(node);
- }
- zrtp_mutex_unlock(ctx->inc_sync);
-
- zrtp_mutex_destroy(ctx->inc_sync);
-
- /*free all existing replay protection nodes in the outgoing list*/
- zrtp_mutex_lock(ctx->out_sync);
- mlist_for_each_safe(pos, n, &ctx->out_head.mlist){
- node = mlist_get_struct(zrtp_rp_node_t, mlist, pos);
- mlist_del(&node->mlist);
- zrtp_sys_free(node);
- }
- zrtp_mutex_unlock(ctx->out_sync);
-
- zrtp_mutex_destroy(ctx->out_sync);
-
- zrtp_sys_free(ctx);
- return zrtp_status_ok;
-}
-
-
-/*! \brief Finds replay protection node by given ssrc. Which linked list to search is
- * determined by the direction param.
- * \warning This function doesn't lock the linked list before search and is for internal usage.
- * To find necessary replay protection node use get_rp_node() function.
- * \param ctx - pointer to replay protection context
- * \param direction - defines what list to search. It may have values:
- * - RP_INCOMING_DIRECTION
- * - RP_OUTGOING_DIRECTION
- * \return
- * - pointer to found replay protection node
- * - NULL if node hasn't been found or if error
- */
-/*---------------------------------------------------------------------------*/
-zrtp_rp_node_t *get_rp_node_non_lock( zrtp_rp_ctx_t *ctx,
- uint8_t direction,
- uint32_t ssrc)
-{
- zrtp_rp_node_t *node = NULL;
- mlist_t *pos;
- mlist_t *head = NULL;
-
- switch(direction){
- case RP_INCOMING_DIRECTION:
- head = &ctx->inc_head.mlist;
- break;
- case RP_OUTGOING_DIRECTION:
- head = &ctx->out_head.mlist;
- break;
- default:
- head = NULL;
- break;
- };
-
- if(NULL != head){
- mlist_for_each(pos, head){
- node = mlist_get_struct(zrtp_rp_node_t, mlist, pos);
- if(ssrc == node->ssrc){
- break;
- }else{
- node = NULL;
- }
- }
- }
-
- return node;
-}
-
-
-///*! \brief Finds replay protection node by given ssrc. Linked list to search is
-// * determined by direction param. This function locks the linked list to
-// * ensure exclusive access.
-// *
-// * \param ctx - pointer to replay protection context
-// * \param direction - defines what list to search. It may have values:
-// * - RP_INCOMING_DIRECTION
-// * - RP_OUTGOING_DIRECTION
-// * \param ssrc - value by which search will be made
-// * \return
-// * - pointer to found replay protection node
-// * - NULL if node hasn't been found or if error
-// */
-///*---------------------------------------------------------------------------*/
-//zrtp_rp_node_t *get_rp_node(zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc)
-//{
-// zrtp_rp_node_t *node = NULL;
-// zrtp_mutex_t *sync = NULL;
-//
-// switch(direction){
-// case RP_INCOMING_DIRECTION:
-// sync = ctx->inc_sync;
-// break;
-// case RP_OUTGOING_DIRECTION:
-// sync = ctx->out_sync;
-// break;
-// default:
-// sync = NULL;
-// break;
-// };
-//
-// if(NULL != sync){
-// zrtp_mutex_lock(sync);
-// node = get_rp_node_non_lock(ctx, direction, ssrc);
-// zrtp_mutex_unlock(sync);
-// }
-//
-// return node;
-//}
-
-/*! \brief Allocates new replay protection node for given direction and ssrc and adds it into
- * appropriate linked list.
- * \warning This function is for internal usage. Use add_rp_node() and add_rp_node_unique().
- * \param srtp_ctx - pointer to SRTP ctx related with created node. Used for removing node on SRTP session destruction.
- * \param ctx - pointer to replay protection context
- * \param direction - defines in which list newly created node will be inserted. It may have values:
- * - RP_INCOMING_DIRECTION
- * - RP_OUTGOING_DIRECTION
- * \param ssrc - newly created replay protection node key value.
- * \param is_unique - defines what should be returned when replay protection node
- * with given direction and ssrc values already exists:
- * - pointer to existing node if is_unique == 0
- * - NULL if is_unique == 1
- * \return
- * - pointer to newly created replay protection node
- * - pointer to existing replay protection node
- * - NULL if is_unique == 1 and needed replay protection node already exists or if error
- */
-/*---------------------------------------------------------------------------*/
-zrtp_rp_node_t *add_rp_node_ex( zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rp_ctx_t *ctx,
- uint8_t direction,
- uint32_t ssrc,
- uint8_t is_unique)
-{
- zrtp_rp_node_t *node = NULL;
- zrtp_mutex_t *sync = NULL;
- mlist_t *head = NULL;
-
- switch(direction){
- case RP_INCOMING_DIRECTION:
- sync = ctx->inc_sync;
- head = &ctx->inc_head.mlist;
- break;
- case RP_OUTGOING_DIRECTION:
- sync = ctx->out_sync;
- head = &ctx->out_head.mlist;
- break;
- default:
- sync = NULL;
- head = NULL;
- break;
- };
-
- if(NULL != sync && NULL != head){
- zrtp_mutex_lock(sync);
- do{
- node = get_rp_node_non_lock(ctx, direction, ssrc);
-
- /*create new node if not found*/
- if(NULL == node){
- node = zrtp_sys_alloc(sizeof(zrtp_rp_node_t));
- if(NULL == node){
- break;
- }
- /*clean sliding window and on-top sequence number value*/
- zrtp_memset(node, 0, sizeof(zrtp_rp_node_t));
- node->ssrc = ssrc;
- node->srtp_ctx = srtp_ctx;
- mlist_add_tail(head, &node->mlist);
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_,"\tadd %s rp node. ssrc[%u] srtp_ctx[0x%08x]",
- direction==RP_INCOMING_DIRECTION?"incoming":"outgoing\n",
- zrtp_ntoh32(node->ssrc), node->srtp_ctx));
-#endif
- }else if(is_unique){
- // ???: why do we need unique mode at all?
- node = NULL;
- }
-
- }while(0);
- zrtp_mutex_unlock(sync);
- }
-
- return node;
-}
-
-/*! \brief Allocates new replay protection node for given direction and ssrc and adds it into
- * appropriate linked list. This function is based on add_rp_node_ex().
- * \param srtp_ctx - pointer to SRTP ctx related with created node. Used for removing node on SRTP session destruction.
- * \param ctx - pointer to replay protection context
- * \param direction - defines in which list newly created node will be inserted. It may have values:
- * - RP_INCOMING_DIRECTION
- * - RP_OUTGOING_DIRECTION
- * \param ssrc - newly created replay protection node key value.
- * \return
- * - pointer to newly created replay protection node
- * - pointer to existing replay protection node
- * - NULL if error
- */
-zrtp_rp_node_t *add_rp_node(zrtp_srtp_ctx_t *srtp_ctx, zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc){
- /*not-unique mode*/
- // ???: why do we need unique mode at all?
- return add_rp_node_ex(srtp_ctx, ctx, direction, ssrc, 0);
-}
-
-///*! \brief Allocates new replay protection node for given direction and ssrc and adds it into
-// * appropriate linked list. This function is based on add_rp_node_ex().
-// * \param srtp_ctx - pointer to SRTP ctx related with created node. Used for removing node on SRTP session destruction.
-// * \param ctx - pointer to replay protection context
-// * \param direction - defines in which list newly created node will be inserted. It may have values:
-// * - RP_INCOMING_DIRECTION
-// * - RP_OUTGOING_DIRECTION
-// * \param ssrc - newly created replay protection node key value.
-// * \return
-// * - pointer to newly created replay protection node
-// * - NULL if error or if needed node already exists
-// */
-//zrtp_rp_node_t *add_rp_node_unique(zrtp_srtp_ctx_t *srtp_ctx, zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc){
-// /*unique mode*/
-// return add_rp_node_ex(srtp_ctx, ctx, direction, ssrc, 1);
-//}
-
-/*! \brief Removes replay protection node with given ssrc from linked list defined by direction value.
- * \param ctx - pointer to replay protection context
- * \param direction - defines from which list replay protection node will be removed. It may have values:
- * - RP_INCOMING_DIRECTION
- * - RP_OUTGOING_DIRECTION
- * \param ssrc - key value of replay protection node to remove
- * \return
- * - zrtp_status_ok if replay protection node has been removed successfully
- * - zrtp_status_fail if node hasn't been found
- */
-/*---------------------------------------------------------------------------*/
-zrtp_status_t remove_rp_node(zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc){
- zrtp_rp_node_t *node = NULL;
- zrtp_mutex_t *sync = NULL;
- zrtp_status_t res = zrtp_status_fail;
-
- switch(direction){
- case RP_INCOMING_DIRECTION:
- sync = ctx->inc_sync;
- break;
- case RP_OUTGOING_DIRECTION:
- sync = ctx->out_sync;
- break;
- default:
- sync = NULL;
- break;
- };
-
- if(NULL != sync){
- zrtp_mutex_lock(sync);
- node = get_rp_node_non_lock(ctx, direction, ssrc);
- if(NULL != node){
- mlist_del(&node->mlist);
- zrtp_sys_free(node);
- res = zrtp_status_ok;
- }
- zrtp_mutex_unlock(sync);
- }
-
- return res;
-}
-
-
-zrtp_status_t remove_rp_nodes_by_srtp_ctx(zrtp_srtp_ctx_t *srtp_ctx, zrtp_rp_ctx_t *ctx){
- zrtp_status_t res = zrtp_status_ok;
- zrtp_rp_node_t *node = NULL;
- mlist_t *pos, *n;
-
- if((NULL == srtp_ctx) || (NULL == ctx)){
- return zrtp_status_bad_param;
- }
-
- /* Walk over incoming nodes list */
- zrtp_mutex_lock(ctx->inc_sync);
- mlist_for_each_safe(pos, n, &ctx->inc_head.mlist){
- node = mlist_get_struct(zrtp_rp_node_t, mlist, pos);
- if((NULL != node->srtp_ctx) && (node->srtp_ctx == srtp_ctx)){
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_,"\tremove incoming rp node. ssrc[%u] srtp_ctx[0x%08x]\n",
- zrtp_ntoh32(node->ssrc), node->srtp_ctx));
-#endif
- mlist_del(&node->mlist);
- zrtp_sys_free(node);
- }
- }
- zrtp_mutex_unlock(ctx->inc_sync);
-
- /* Walk over outgoing nodes list */
- zrtp_mutex_lock(ctx->out_sync);
- mlist_for_each_safe(pos, n, &ctx->out_head.mlist){
- node = mlist_get_struct(zrtp_rp_node_t, mlist, pos);
- if((NULL != node->srtp_ctx) && (node->srtp_ctx == srtp_ctx)){
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_,"\tremove outgoing rp node. ssrc[%u] srtp_ctx[0x%08x]\n",
- zrtp_ntoh32(node->ssrc), node->srtp_ctx));
-#endif
- mlist_del(&node->mlist);
- zrtp_sys_free(node);
- }
- }
- zrtp_mutex_unlock(ctx->out_sync);
-
- return res;
-}
-
-
-/*===========================================================================*/
-/* Replay protection mechanism functions set */
-/*===========================================================================*/
-
-
-/*! \brief This function is used for RTCP replay protection to generate next sequence number
- * of outgoing RTCP packet. If the sequence number is too large it returns zrtp_status_key_expired.
- * See RFC3711 for more details.
- * \param srtp_rp - pointer to replay protection engine data
- * \return
- * - zrtp_status_key_expired if next sequence number is too large
- * - zrtp_status_ok otherwise
- */
-zrtp_status_t zrtp_srtp_rp_increment(zrtp_srtp_rp_t *srtp_rp){
-
- if(srtp_rp->seq++ > 0x7fffffff){
- return zrtp_status_key_expired;
- }else{
- return zrtp_status_ok;
- }
-}
-
-/*! \brief Returns current on-top sequence number. This function is used for RTCP
- * replay protection.
- * \param srtp_rp - pointer to replay protection engine data
- * \return current on-top sequence number
- */
-uint32_t zrtp_srtp_rp_get_value(zrtp_srtp_rp_t *srtp_rp){
- return srtp_rp->seq;
-}
-
-
-/*! \brief This function checks packet sequence number position relative to
- * sliding window current position and makes the decision to accept or discard packet.
- * \param srtp_rp - pointer to replay protection engine data
- * \param packet - pointer to packet structure
- * \return
- * - zrtp_status_ok if packet must be accepted
- * - zrtp_status_old_pkt if packet sequence number is lower than lowest sequence number
- * which can be into the sliding window at the current time. In this case packet must be discarded.
- * - zrtp_status_fail if packet must be discarded
- */
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_rp_check(zrtp_srtp_rp_t *srtp_rp, zrtp_rtp_info_t *packet)
-{
- int32_t delta = packet->seq - srtp_rp->seq;
- if(delta > 0){
- /*if delta is positive, it's good*/
- return zrtp_status_ok;
- }else if(ZRTP_SRTP_WINDOW_WIDTH-1 + delta < 0){
- /*if delta is lower than the bitmask, it's bad*/
- return zrtp_status_old_pkt;
- }else{
- if(1 == zrtp_bitmap_get_bit(srtp_rp->window, ZRTP_SRTP_WINDOW_WIDTH-1 + delta)){
- /*delta is within the window, so check the bitmask*/
- return zrtp_status_fail;
- }
- }
- return zrtp_status_ok;
-}
-
-/*! \brief This function updates the sliding window state by setting appropriate bit and
- * shifting the sliding window if needed.
- * \param srtp_rp - pointer to replay protection engine data
- * \param packet - pointer to packet structure
- * \return
- * - zrtp_status_ok
- */
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_rp_add(zrtp_srtp_rp_t *srtp_rp, zrtp_rtp_info_t *packet)
-{
- int32_t delta = packet->seq - srtp_rp->seq;
- if(delta > 0){
- /* packet sequence nubmer is larger than current on-top sequence number.
- shift the window, set top bit and update on-top sequence number value */
- srtp_rp->seq = packet->seq;
- zrtp_bitmap_left_shift(srtp_rp->window, ZRTP_SRTP_WINDOW_WIDTH_BYTES, delta);
- zrtp_bitmap_set_bit(srtp_rp->window, ZRTP_SRTP_WINDOW_WIDTH-1);
- }else
-
- /* commented by book, 19.07.07:
- we need not consider case when delta == 0
- if(0 == delta){
- zrtp_bitmap_set_bit(srtp_rp->window, ZRTP_SRTP_WINDOW_WIDTH-1);
- }else*/
-
- {
- /*
- packet sequence number is into the sliding window.
- set appropriate bit
- */
- zrtp_bitmap_set_bit(srtp_rp->window, ZRTP_SRTP_WINDOW_WIDTH-1 + delta);
- }
-
- return zrtp_status_ok;
-}
-
-
-/*===========================================================================*/
-/* Key derivation mechanism functions set */
-/*===========================================================================*/
-
-
-/*! \brief This function allocates key derivation context and initializes it with
- * given master key, master salt and cipher.
- * \param cipher - pointer to cipher that is used for key derivation
- * \param key - pointer to master key
- * \param salt - pointer to master salt
- * \return
- * - allocated key derivation context
- * - NULL if error
- */
-/*---------------------------------------------------------------------------*/
-zrtp_dk_ctx *zrtp_dk_init( zrtp_cipher_t *cipher,
- zrtp_stringn_t *key,
- zrtp_stringn_t *salt)
-{
- zrtp_dk_ctx *ctx = NULL;
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_,"\tzrtp_dk_init():\n"));
- ZRTP_LOG(3,(_ZTU_,"\tcipher ID[%i]\n", cipher->base.id));
-#endif
- do{
- ctx = zrtp_sys_alloc(sizeof(zrtp_dk_ctx));
- if(NULL == ctx){
- break;
- }
-
- ctx->ctx = cipher->start(cipher, key->buffer, salt->buffer, ZRTP_CIPHER_MODE_CTR);
- if(NULL == ctx->ctx){
- zrtp_sys_free(ctx);
- ctx = NULL;
- break;
- }
-
- ctx->cipher = cipher;
- }while(0);
-
- return ctx;
-}
-
-/*! \brief This function derives key for different purposes like SRTP encryption,
- * SRTP message authentication, etc. See RFC3711, "4.3. Key Derivation" for more details.
- * \warning This function may change length field value in the result_key variable when
- * length is larger than max_length field value.
- * \param ctx - pointer to key derivation context
- * \param label - defines purpose of key to derive
- * \param result_key - out parameter. It contains derived key on success.
- * \return
- * - actually derived key length
- * - -1 if error
- */
-/*---------------------------------------------------------------------------*/
-uint16_t zrtp_derive_key( zrtp_dk_ctx *ctx,
- zrtp_srtp_prf_label label,
- zrtp_stringn_t *result_key )
-{
- zrtp_v128_t nonce;
- uint16_t length;
-#if ZRTP_DEBUG_SRTP_KEYS
- char buffer[256];
- ZRTP_LOG(3,(_ZTU_,"\tzrtp_derive_key():\n"));
-#endif
-
- /* set eigth octet of nonce to <label>, set the rest of it to zero */
- zrtp_memset(&nonce, 0, sizeof(zrtp_v128_t));
- nonce.v8[7] = label;
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\tcipher IV[%s]\n",
- hex2str((const char*)nonce.v8, sizeof(zrtp_v128_t), (char*)buffer, sizeof(buffer))));
-#endif
- zrtp_cipher_set_iv(ctx, &nonce);
-
- length = (uint16_t) ZRTP_MIN(result_key->length, result_key->max_length);
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\texcepced key length[%i] result key length[%i]\n", result_key->length, length));
-#endif
- zrtp_memset(result_key->buffer, 0, length);
-
- if(zrtp_status_ok == zrtp_cipher_encrypt(ctx, (uint8_t*)result_key->buffer, length)){
- result_key->length = length;
- return length;
- }else{
- return -1;
- }
-}
-
-
-/*! \brief This function deallocates key derivation context allocated by \ref zrtp_dk_init() call.
- * \param ctx - pointer to key derivation context to deallocate
- */
-void zrtp_dk_deinit(zrtp_dk_ctx *ctx)
-{
- zrtp_cipher_stop(ctx);
- zrtp_memset(ctx, 0, sizeof(zrtp_dk_ctx));
- zrtp_sys_free(ctx);
-}
-
-
-/*! \brief This function allocates SRTP session and two stream contexts.
- * \return
- * - pointer to allocated SRTP session structure
- * - NULL if error
- */
-/*---------------------------------------------------------------------------*/
-zrtp_srtp_ctx_t * zrtp_srtp_alloc()
-{
- zrtp_srtp_ctx_t *srtp_ctx = NULL;
-
- do{
- srtp_ctx = zrtp_sys_alloc(sizeof(zrtp_srtp_ctx_t));
- if(NULL == srtp_ctx){
- break;
- }
-
- srtp_ctx->incoming_srtp = zrtp_sys_alloc(sizeof(zrtp_srtp_stream_ctx_t));
- if(NULL == srtp_ctx->incoming_srtp){
- /*deallocate everything previously allocated on failure*/
- zrtp_sys_free(srtp_ctx);
- srtp_ctx = NULL;
- break;
- }
-
- srtp_ctx->outgoing_srtp = zrtp_sys_alloc(sizeof(zrtp_srtp_stream_ctx_t));
- if(NULL == srtp_ctx->outgoing_srtp){
- /*deallocate everything previously allocated on failure*/
- zrtp_sys_free(srtp_ctx->incoming_srtp);
- zrtp_sys_free(srtp_ctx);
- srtp_ctx = NULL;
- break;
- }
-
- }while(0);
-
- return srtp_ctx;
-}
-
-/*! \brief This function deallocates SRTP session structure allocated by zrtp_srtp_alloc() call.
- * \param srtp_ctx - pointer to SRTP session structure.
- */
-void zrtp_srtp_free(zrtp_srtp_ctx_t * srtp_ctx)
-{
- if (srtp_ctx)
- {
- if (srtp_ctx->incoming_srtp)
- zrtp_sys_free(srtp_ctx->incoming_srtp);
- if (srtp_ctx->outgoing_srtp)
- zrtp_sys_free(srtp_ctx->outgoing_srtp);
- zrtp_sys_free(srtp_ctx);
- }
-}
-
-/*! \brief This function initializes stream context based on given profile.
- * \param srtp_global - pointer to SRTP engine global context
- * \param srtp_stream - pointer to stream context to initialize
- * \param profile - pointer to profile for stream initialization
- * \return
- * - zrtp_status_ok if stream has been initialized successfully
- * - one of \ref zrtp_status_t errors - if error
- */
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_stream_init( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_stream_ctx_t *srtp_stream,
- zrtp_srtp_profile_t *profile )
-{
-#if ZRTP_DEBUG_SRTP_KEYS
- char buffer[256];
-#endif
- zrtp_status_t res = zrtp_status_ok;
-
- /*
- TODO: use dynamic buffers for temoprary keys storing
-
- NOTE!: be sure that tmp_key contains enought buffer length to store all
- of derived keys. Authentication keys may be large.
- */
- zrtp_string128_t tmp_key = ZSTR_INIT_EMPTY(tmp_key);
- /*salt length is 16 bytes always*/
- zrtp_string16_t tmp_salt = ZSTR_INIT_EMPTY(tmp_salt);
-
- do{
- zrtp_dk_ctx *dk_ctx = NULL;
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\tzrtp_srtp_stream_init():\n"));
-#endif
- if(NULL == srtp_stream || NULL == profile){
- res = zrtp_status_bad_param;
- break;
- }
-
- dk_ctx = zrtp_dk_init( profile->dk_cipher,
- (zrtp_stringn_t*)&profile->key,
- (zrtp_stringn_t*)&profile->salt );
- if(NULL == dk_ctx)
- {
- res = zrtp_status_fail;
- break;
- }
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\tmaster_key[%s]\n",
- hex2str(profile->key.buffer, profile->key.length, buffer, sizeof(buffer))));
- ZRTP_LOG(3,(_ZTU_, "\t\tmaster_salt[%s]\n",
- hex2str(profile->salt.buffer, profile->salt.length, buffer, sizeof(buffer))));
-#endif
-
- /*------------ init RTP-items ----------------*/
- srtp_stream->rtp_cipher.cipher = profile->rtp_policy.cipher;
-
- tmp_key.length = (uint16_t) profile->rtp_policy.cipher_key_len;
- tmp_salt.length = profile->salt.length;
-
-
- zrtp_derive_key(dk_ctx, label_rtp_encryption, (zrtp_stringn_t*)&tmp_key);
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\tderive RTP encryption key[%s] label:%i\n",
- hex2str(tmp_key.buffer, tmp_key.length, buffer, sizeof(buffer)), label_rtp_encryption));
-
-#endif
- zrtp_derive_key(dk_ctx, label_rtp_salt, (zrtp_stringn_t*)&tmp_salt);
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\tderive RTP encryption salt[%s] label:%i\n",
- hex2str(tmp_salt.buffer, tmp_salt.length, buffer, sizeof(buffer)), label_rtp_salt));
-#endif
- srtp_stream->rtp_cipher.ctx = zrtp_cipher_start(&srtp_stream->rtp_cipher,
- tmp_key.buffer,
- tmp_salt.buffer,
- ZRTP_CIPHER_MODE_CTR );
- if(NULL == srtp_stream->rtp_cipher.ctx){
- zrtp_dk_deinit(dk_ctx);
- res = zrtp_status_fail;
- break;
- }
-
- srtp_stream->rtp_auth.hash = profile->rtp_policy.hash;
- srtp_stream->rtp_auth.key_len = profile->rtp_policy.auth_key_len;
- srtp_stream->rtp_auth.tag_len = profile->rtp_policy.auth_tag_len;
-
- srtp_stream->rtp_auth.key = zrtp_sys_alloc(srtp_stream->rtp_auth.key_len);
- if(NULL == srtp_stream->rtp_auth.key){
- zrtp_dk_deinit(dk_ctx);
- zrtp_cipher_stop(&srtp_stream->rtp_cipher);
- res = zrtp_status_fail;
- break;
- }
-
- tmp_key.length = (uint16_t)srtp_stream->rtp_auth.key_len;
- zrtp_derive_key(dk_ctx, label_rtp_msg_auth, (zrtp_stringn_t*)&tmp_key);
- zrtp_memcpy(srtp_stream->rtp_auth.key, tmp_key.buffer, tmp_key.length);
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\tderive RTP auth key[%s]\n",
- hex2str(tmp_key.buffer, tmp_key.length, buffer, sizeof(buffer))));
-#endif
- /*--------- init RTCP-items ----------------*/
- srtp_stream->rtcp_cipher.cipher = profile->rtcp_policy.cipher;
- tmp_key.length = (uint16_t) profile->rtcp_policy.cipher_key_len;
-
- tmp_salt.length = profile->salt.length;
- zrtp_derive_key(dk_ctx, label_rtcp_encryption, (zrtp_stringn_t*)&tmp_key);
- zrtp_derive_key(dk_ctx, label_rtcp_salt, (zrtp_stringn_t*)&tmp_salt);
-
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\tderive RTCP encryption key[%s]\n",
- hex2str(tmp_key.buffer, tmp_key.length, buffer, sizeof(buffer))));
- ZRTP_LOG(3,(_ZTU_, "\t\tderive RTCP encryption salt[%s]\n",
- hex2str(tmp_salt.buffer, tmp_salt.length, buffer, sizeof(buffer))));
-#endif
- srtp_stream->rtcp_cipher.ctx = zrtp_cipher_start(&srtp_stream->rtcp_cipher,
- tmp_key.buffer,
- tmp_salt.buffer,
- ZRTP_CIPHER_MODE_CTR );
-
- if(NULL == srtp_stream->rtcp_cipher.ctx){
- zrtp_dk_deinit(dk_ctx);
- zrtp_cipher_stop(&srtp_stream->rtp_cipher);
- zrtp_sys_free(srtp_stream->rtp_auth.key);
- res = zrtp_status_fail;
- break;
- }
-
- srtp_stream->rtcp_auth.hash = profile->rtcp_policy.hash;
- srtp_stream->rtcp_auth.key_len = profile->rtcp_policy.auth_key_len;
- srtp_stream->rtcp_auth.tag_len = profile->rtcp_policy.auth_tag_len;
-
- srtp_stream->rtcp_auth.key = zrtp_sys_alloc(srtp_stream->rtcp_auth.key_len);
- if(NULL == srtp_stream->rtcp_auth.key){
- zrtp_dk_deinit(dk_ctx);
- zrtp_cipher_stop(&srtp_stream->rtp_cipher);
- zrtp_sys_free(srtp_stream->rtp_auth.key);
- zrtp_cipher_stop(&srtp_stream->rtcp_cipher);
- res = zrtp_status_fail;
- break;
- }
-
- tmp_key.length = (uint16_t)srtp_stream->rtcp_auth.key_len;
- zrtp_derive_key(dk_ctx, label_rtcp_msg_auth, (zrtp_stringn_t*)&tmp_key);
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\t\tderive RTCP auth key[%s]\n",
- hex2str(tmp_key.buffer, tmp_key.length, buffer, sizeof(buffer))));
-#endif
-
- zrtp_memcpy(srtp_stream->rtcp_auth.key, tmp_key.buffer, tmp_key.length);
- zrtp_dk_deinit(dk_ctx);
-
- zrtp_wipe_zstring(ZSTR_GV(tmp_key));
- zrtp_wipe_zstring(ZSTR_GV(tmp_salt));
-
- }while(0);
- return res;
-}
-
-
-/*! \brief This function deinitializes stream context.
- * \param srtp_global - pointer to SRTP engine global context
- * \param srtp_stream - pointer to steam to deinitialize
- */
-/*---------------------------------------------------------------------------*/
-void zrtp_srtp_stream_deinit( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_stream_ctx_t *srtp_stream )
-{
- zrtp_cipher_stop(&srtp_stream->rtp_cipher);
- zrtp_memset(srtp_stream->rtp_auth.key, 0, srtp_stream->rtp_auth.key_len);
- zrtp_sys_free(srtp_stream->rtp_auth.key);
-
- zrtp_cipher_stop(&srtp_stream->rtcp_cipher);
- zrtp_memset(srtp_stream->rtcp_auth.key, 0, srtp_stream->rtcp_auth.key_len);
- zrtp_sys_free(srtp_stream->rtcp_auth.key);
-}
-
-
-/*! \brief This function initializes SRTP session context.
- * \param srtp_global - pointer to SRTP engine global context
- * \param srtp_ctx - pointer to SRTP session context to initialize
- * \param inc_profile - profile for incoming stream configuration;
- * \param out_profile - profile for outgoing stream configuration.
- * \return
- * - zrtp_status_ok if stream has been initialized successfully
- * - one of \ref zrtp_status_t errors - if error
- */
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_init_ctx( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_srtp_profile_t *inc_profile,
- zrtp_srtp_profile_t *out_profile)
-{
- zrtp_status_t res = zrtp_status_ok;
- do{
- if(NULL == srtp_ctx || NULL == inc_profile || NULL == out_profile){
- res = zrtp_status_bad_param;
- break;
- }
-
- if(zrtp_status_ok != zrtp_srtp_stream_init(srtp_global, srtp_ctx->incoming_srtp, inc_profile)){
- res = zrtp_status_fail;
- break;
- }
-
- if(zrtp_status_ok != zrtp_srtp_stream_init(srtp_global, srtp_ctx->outgoing_srtp, out_profile)){
- zrtp_srtp_stream_deinit(srtp_global, srtp_ctx->incoming_srtp);
- res = zrtp_status_fail;
- break;
- }
-
- }while(0);
- return res;
-}
-
-
-/*===========================================================================*/
-/* Public interface */
-/*===========================================================================*/
-
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_init(zrtp_global_t *zrtp){
-
- zrtp_srtp_global_t *srtp_global;
- zrtp->srtp_global = NULL;
-
- if(EXIT_SUCCESS != zrtp_bg_gen_tabs())
- return zrtp_status_fail;
-
- srtp_global = zrtp_sys_alloc(sizeof(zrtp_srtp_global_t));
- if(NULL == srtp_global){
- return zrtp_status_fail;
- }
- srtp_global->rp_ctx = rp_init();
- if(NULL == srtp_global->rp_ctx){
- zrtp_sys_free(srtp_global);
- return zrtp_status_fail;
- }
-
- zrtp->srtp_global = srtp_global;
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_srtp_down(zrtp_global_t *zrtp){
- zrtp_srtp_global_t *srtp_global = zrtp->srtp_global;
-
- rp_destroy(srtp_global->rp_ctx);
- zrtp_sys_free(srtp_global);
- zrtp->srtp_global = NULL;
- return zrtp_status_ok;
-}
-
-zrtp_srtp_ctx_t * zrtp_srtp_create( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_profile_t *inc_profile,
- zrtp_srtp_profile_t *out_profile)
-{
- zrtp_srtp_ctx_t *srtp_ctx = NULL;
- if(NULL == inc_profile || NULL == out_profile){
- return NULL;
- }
-
- do{
- srtp_ctx = zrtp_srtp_alloc();
- if(NULL == srtp_ctx){
- break;
- }
-
- if(zrtp_status_ok != zrtp_srtp_init_ctx(srtp_global, srtp_ctx, inc_profile, out_profile)){
- zrtp_srtp_free(srtp_ctx);
- srtp_ctx = NULL;
- break;
- }
-
- }while(0);
-
- return srtp_ctx;
-}
-
-zrtp_status_t zrtp_srtp_destroy(zrtp_srtp_global_t *srtp_global, zrtp_srtp_ctx_t * srtp_ctx){
- zrtp_status_t res = zrtp_status_ok;
-
- remove_rp_nodes_by_srtp_ctx(srtp_ctx, srtp_global->rp_ctx);
-
- zrtp_srtp_stream_deinit(srtp_global, srtp_ctx->incoming_srtp);
- zrtp_srtp_stream_deinit(srtp_global, srtp_ctx->outgoing_srtp);
- zrtp_srtp_free(srtp_ctx);
-
- return res;
-}
-
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_protect( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- zrtp_srtp_stream_ctx_t *srtp_stream_ctx = srtp_ctx->outgoing_srtp;
- zrtp_rp_node_t *rp_node;
-
- uint32_t *enc_start; /* pointer to start of encrypted portion */
- uint32_t *auth_start; /* pointer to start of auth. portion */
- unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- zrtp_status_t status;
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *hdr;
-
- zrtp_v128_t iv;
- uint64_t packet_seq = 0;
- zrtp_string64_t auth_tag_str = ZSTR_INIT_EMPTY(auth_tag_str);
- void *hash_ctx = NULL;
-
- /* add new replay protection node or get existing one */
- rp_node = add_rp_node(srtp_ctx, srtp_global->rp_ctx, RP_OUTGOING_DIRECTION, packet->ssrc);
- if(NULL == rp_node){
- return zrtp_status_rp_fail;
- }
-
- /* check the packet length - it must at least contain a full header */
- if (*(packet->length) < octets_in_rtp_header){
- return zrtp_status_bad_param;
- }
-
- hdr = (zrtp_rtp_hdr_t*)(packet->packet);
- enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
- if (1 == hdr->x) {
- zrtp_rtp_hdr_xtnd_t *xtn_hdr = (zrtp_rtp_hdr_xtnd_t *)enc_start;
- enc_start += (zrtp_ntoh16(xtn_hdr->length) + 1);
- }
- //WIN64
- enc_octet_len = *(packet->length) - (uint32_t)((enc_start - (uint32_t *)hdr) << 2);
-
- auth_start = (uint32_t *)hdr;
- auth_tag = (uint8_t *)hdr + *(packet->length);
-
- status = zrtp_srtp_rp_check(&rp_node->rtp_rp, packet);
- if(zrtp_status_ok != status){
- return zrtp_status_rp_fail;
- }
- zrtp_srtp_rp_add(&rp_node->rtp_rp, packet);
-
- iv.v32[0] = 0;
- iv.v32[1] = hdr->ssrc;
-
-#ifdef ZRTP_NO_64BIT_MATH
- iv.v64[1] = zrtp_hton64(make64((packet->seq) >> 16, (packet->seq) << 16));
-#else
- iv.v64[1] = zrtp_hton64(((uint64_t)(packet->seq)) << 16);
-#endif
- status = zrtp_cipher_set_iv(&srtp_stream_ctx->rtp_cipher, &iv);
- if(status){
- return zrtp_status_cipher_fail;
- }
-
- status = zrtp_cipher_encrypt(&srtp_stream_ctx->rtp_cipher, (unsigned char*)enc_start, enc_octet_len);
- if(status){
- return zrtp_status_cipher_fail;
- }
-
-
- /* shift est, put into network byte order */
- packet_seq = packet->seq;
-#ifdef ZRTP_NO_64BIT_MATH
- packet_seq = zrtp_hton64(make64((high32(packet_seq) << 16) |
- (low32(packet_seq) >> 16),
- low32(packet_seq) << 16));
-#else
- packet_seq = zrtp_hton64(packet_seq << 16);
-#endif
-
- hash_ctx = srtp_stream_ctx->rtp_auth.hash->hmac_begin_c( srtp_stream_ctx->rtp_auth.hash,
- (const char*)srtp_stream_ctx->rtp_auth.key,
- srtp_stream_ctx->rtp_auth.key_len );
- if(NULL == hash_ctx)
- {
- return zrtp_status_auth_fail;
- }
- status = srtp_stream_ctx->rtp_auth.hash->hmac_update( srtp_stream_ctx->rtp_auth.hash,
- hash_ctx,
- (const char*)auth_start,
- *packet->length);
- if(status)
- {
- return zrtp_status_auth_fail;
- }
- status = srtp_stream_ctx->rtp_auth.hash->hmac_update( srtp_stream_ctx->rtp_auth.hash,
- hash_ctx,
- (const char*)&packet_seq,
- 4);
- if(status)
- {
- return zrtp_status_auth_fail;
- }
- status = srtp_stream_ctx->rtp_auth.hash->hmac_end( srtp_stream_ctx->rtp_auth.hash,
- hash_ctx,
- (zrtp_stringn_t*) &auth_tag_str,
- srtp_stream_ctx->rtp_auth.tag_len->tag_length);
- if(status)
- {
- return zrtp_status_auth_fail;
- }
-
- /* uncomment this for authentication debug */
-#if ZRTP_DEBUG_SRTP_KEYS
- {
- char buff[256];
- ZRTP_LOG(3,(_ZTU_,
- "\tzrtp_srtp_protect authentication make: npacket_seq[%s] expected auth length[%i] result auth length[%i]\n",
- hex2str((char*)&packet_seq, sizeof(packet_seq), buff, sizeof(buff)),
- srtp_stream_ctx->rtp_auth.tag_len->tag_length,
- auth_tag_str.length));
- ZRTP_LOG(3,(_ZTU_, "\tauth tag[%s]\n",
- hex2str(auth_tag_str.buffer, auth_tag_str.length, buff, sizeof(buff))));
- }
-#endif
- zrtp_memcpy(auth_tag, auth_tag_str.buffer, auth_tag_str.length);
- *packet->length += auth_tag_str.length;
-
- return status;
-}
-
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_unprotect( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- zrtp_srtp_stream_ctx_t *srtp_stream_ctx = srtp_ctx->incoming_srtp;
- zrtp_rp_node_t *rp_node;
-
-
- uint32_t *enc_start; /* pointer to start of encrypted portion */
- uint32_t *auth_start; /* pointer to start of auth. portion */
- unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- zrtp_status_t status;
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *hdr = NULL;
-
-
- void *hash_ctx = NULL;
- zrtp_v128_t iv;
- int tag_len = 0;
-
- /*add new replay protection node or get existing one*/
- rp_node = add_rp_node(srtp_ctx, srtp_global->rp_ctx, RP_INCOMING_DIRECTION, packet->ssrc);
- if(NULL == rp_node){
- return zrtp_status_rp_fail;
- }
-
- /* check the packet length - it must at least contain a full header */
- if (*(packet->length) < octets_in_rtp_header)
- {
- return zrtp_status_bad_param;
- }
-
- hdr = (zrtp_rtp_hdr_t*)(packet->packet);
-
- status = zrtp_srtp_rp_check(&rp_node->rtp_rp, packet);
- if(zrtp_status_ok != status){
- return zrtp_status_rp_fail;
- }
-
- iv.v32[0] = 0;
- iv.v32[1] = hdr->ssrc;
-
-#ifdef ZRTP_NO_64BIT_MATH
- iv.v64[1] = zrtp_hton64(make64((packet->seq) >> 16, (packet->seq) << 16));
-#else
- iv.v64[1] = zrtp_hton64((uint64_t)(packet->seq) << 16);
-#endif
-
- status = zrtp_cipher_set_iv(&srtp_stream_ctx->rtp_cipher, &iv);
- if(status){
- return zrtp_status_cipher_fail;
- }
-
- tag_len = srtp_stream_ctx->rtp_auth.tag_len->tag_length;
- hdr = (zrtp_rtp_hdr_t*)(packet->packet);
-
- enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
- if (1 == hdr->x) {
- zrtp_rtp_hdr_xtnd_t *xtn_hdr = (zrtp_rtp_hdr_xtnd_t *)enc_start;
- enc_start += (zrtp_ntoh16(xtn_hdr->length) + 1);
- }
- //WIN64
- enc_octet_len = *(packet->length) - tag_len - (uint32_t)((enc_start - (uint32_t *)hdr) << 2);
-
-
- auth_start = (uint32_t *)hdr;
- auth_tag = (uint8_t *)hdr + *(packet->length) - tag_len;
-
- if(tag_len>0){
- zrtp_string64_t auth_tag_str = ZSTR_INIT_EMPTY(auth_tag_str);
-
- /* shift est, put into network byte order */
- uint64_t packet_seq = packet->seq;
-#ifdef ZRTP_NO_64BIT_MATH
- packet_seq = zrtp_hton64( make64((high32(packet_seq) << 16) |
- (low32(packet_seq) >> 16),
- low32(packet_seq) << 16));
-#else
- packet_seq = zrtp_hton64(packet_seq << 16);
-#endif
-
- hash_ctx = srtp_stream_ctx->rtp_auth.hash->hmac_begin_c( srtp_stream_ctx->rtp_auth.hash,
- (const char*)srtp_stream_ctx->rtp_auth.key,
- srtp_stream_ctx->rtp_auth.key_len);
- if(NULL == hash_ctx){
- return zrtp_status_auth_fail;
- }
- status = srtp_stream_ctx->rtp_auth.hash->hmac_update( srtp_stream_ctx->rtp_auth.hash,
- hash_ctx,
- (const char*)auth_start,
- *packet->length - tag_len);
- if(status){
- return zrtp_status_auth_fail;
- }
-
- status = srtp_stream_ctx->rtp_auth.hash->hmac_update( srtp_stream_ctx->rtp_auth.hash,
- hash_ctx,
- (const char*)&packet_seq,
- 4);
- if(status){
- return zrtp_status_auth_fail;
- }
-
- status = srtp_stream_ctx->rtp_auth.hash->hmac_end( srtp_stream_ctx->rtp_auth.hash,
- hash_ctx,
- (zrtp_stringn_t*) &auth_tag_str,
- srtp_stream_ctx->rtp_auth.tag_len->tag_length);
-#if ZRTP_DEBUG_SRTP_KEYS
- {
- char buff[256];
- ZRTP_LOG(3,(_ZTU_,
- "\tzrtp_srtp_unprotect authentication check. packet_seq[%s] expected auth length[%i] result auth length[%i]\n",
- hex2str((char*)&packet_seq, sizeof(packet_seq), buff, sizeof(buff)),
- srtp_stream_ctx->rtp_auth.tag_len->tag_length,
- auth_tag_str.length));
- ZRTP_LOG(3,(_ZTU_, "\tauth tag[%s]\n",
- hex2str(auth_tag_str.buffer, auth_tag_str.length, buff, sizeof(buff))));
- }
-#endif
- if(status || tag_len != auth_tag_str.length){
-#if ZRTP_DEBUG_SRTP_KEYS
- ZRTP_LOG(3,(_ZTU_, "\tAuthentication fail1: status[%i] auth_tag_length[%i] result auth_tag_len[%i]\n",
- status, tag_len, auth_tag_str.length));
-#endif
- return zrtp_status_auth_fail;
- }
-
- if(0 != zrtp_memcmp((uint8_t *)auth_tag_str.buffer, (uint8_t *)auth_tag, tag_len)){
-#if ZRTP_DEBUG_SRTP_KEYS
- char buff[256], buff2[256];
- ZRTP_LOG(3,(_ZTU_, "\tAuthentication fail2: tag[%s] computed_tag[%s]\n",
- hex2str((uint8_t *)auth_tag, tag_len, buff, sizeof(buff)),
- hex2str(auth_tag_str.buffer, auth_tag_str.length, buff2, sizeof(buff2))));
-#endif
- return zrtp_status_auth_fail;
- }
- }
-
- status = zrtp_cipher_decrypt(&srtp_stream_ctx->rtp_cipher, (unsigned char*)enc_start, enc_octet_len);
- if(status){
- return zrtp_status_cipher_fail;
- }
-
- zrtp_srtp_rp_add(&rp_node->rtp_rp, packet);
- *packet->length -= tag_len;
-
- return status;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_protect_rtcp( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- zrtp_srtp_stream_ctx_t *srtp_stream_ctx = srtp_ctx->outgoing_srtp;
- zrtp_rp_node_t *rp_node;
-
- uint32_t *enc_start; /* pointer to start of encrypted portion */
- uint32_t *auth_start; /* pointer to start of auth. portion */
- unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- zrtp_status_t status;
- ZRTP_UNALIGNED(zrtp_rtcp_hdr_t) *hdr;
- ZRTP_UNALIGNED(uint32_t) *trailer; /* pointer to start of trailer */
-
- uint32_t seq_num;
-
- zrtp_v128_t iv;
- zrtp_string64_t auth_tag_str = ZSTR_INIT_EMPTY(auth_tag_str);
-
- /*add new replay protection node or get existing one*/
- rp_node = add_rp_node(srtp_ctx, srtp_global->rp_ctx, RP_OUTGOING_DIRECTION, packet->ssrc);
- if(NULL == rp_node){
- return zrtp_status_rp_fail;
- }
-
- /* check the packet length - it must at least contain a full header */
- if (*(packet->length) < octets_in_rtcp_header){
- return zrtp_status_bad_param;
- }
-
- hdr = (zrtp_rtcp_hdr_t*)(packet->packet);
- enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
- enc_octet_len = *(packet->length) - octets_in_rtcp_header;
-
- /* all of the packet, except the header, gets encrypted */
- /* NOTE: hdr->length is not usable - it refers to only the first
- RTCP report in the compound packet! */
- /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
- multiples of 32-bits (RFC 3550 6.1) */
- trailer = (uint32_t *) ((char *)enc_start + enc_octet_len);
-
- /*
- * RFC gives us ability of using non-crypted RTCP packets
- * but we encrypt them anyway. It may be option of stream
- * context in the future.
- * if no encryption is used trailer should contain 0x00000000
- */
- *trailer = zrtp_hton32(ZRTP_RTCP_E_BIT); /* set encrypt bit */
-
- /*
- * set the auth_start and auth_tag pointers to the proper locations
- * (note that srtpc *always* provides authentication, unlike srtp)
- */
- /* Note: This would need to change for optional mikey data */
- auth_start = (uint32_t *)hdr;
- auth_tag = (uint8_t *)hdr + *(packet->length) + sizeof(zrtp_rtcp_trailer_t);
-
- status = zrtp_srtp_rp_increment(&rp_node->rtcp_rp);
- if(zrtp_status_ok != status){
- return zrtp_status_rp_fail;
- }
- seq_num = zrtp_srtp_rp_get_value(&rp_node->rtcp_rp);
- *trailer |= zrtp_hton32(seq_num);
- packet->seq = seq_num;
-
- iv.v32[0] = 0;
- iv.v32[1] = hdr->ssrc;
- iv.v32[2] = zrtp_hton32(seq_num >> 16);
- iv.v32[3] = zrtp_hton32(seq_num << 16);
-
- status = zrtp_cipher_set_iv(&srtp_stream_ctx->rtcp_cipher, &iv);
- if(status){
- return zrtp_status_cipher_fail;
- }
-
- status = zrtp_cipher_encrypt(&srtp_stream_ctx->rtcp_cipher, (unsigned char*)enc_start, enc_octet_len);
- if(status){
- return zrtp_status_cipher_fail;
- }
-
- status = srtp_stream_ctx->rtcp_auth.hash->hmac_truncated_c(srtp_stream_ctx->rtcp_auth.hash,
- (const char*)srtp_stream_ctx->rtcp_auth.key,
- srtp_stream_ctx->rtcp_auth.key_len,
- (const char*)auth_start,
- *packet->length + sizeof(zrtp_rtcp_trailer_t),
- srtp_stream_ctx->rtcp_auth.tag_len->tag_length,
- (zrtp_stringn_t*) &auth_tag_str);
- if(status){
- return zrtp_status_auth_fail;
- }
-
- zrtp_memcpy(auth_tag, auth_tag_str.buffer, auth_tag_str.length);
-
- /* increase the packet length by the length of the auth tag and seq_num*/
- *packet->length += (auth_tag_str.length + sizeof(zrtp_rtcp_trailer_t));
-
-
-
-#if ZRTP_DEBUG_SRTP_KEYS
- {
- char buffer[1000];
- ZRTP_LOG(3,(_ZTU_, "\tpacket: %s\n",
- hex2str(packet->packet, (*packet->length) - (auth_tag_str.length + sizeof(zrtp_rtcp_trailer_t)), buffer, 1000)));
- ZRTP_LOG(3,(_ZTU_, "\ttrailer and auth tag: %s\n",
- hex2str((uint8_t*)packet->packet + ((*packet->length) - (auth_tag_str.length + sizeof(zrtp_rtcp_trailer_t))),
- auth_tag_str.length + sizeof(zrtp_rtcp_trailer_t),
- buffer, 1000)));
- }
-#endif
-
- return status;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_unprotect_rtcp( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- zrtp_srtp_stream_ctx_t *srtp_stream_ctx = srtp_ctx->incoming_srtp;
- zrtp_rp_node_t *rp_node;
-
- uint32_t *enc_start; /* pointer to start of encrypted portion */
- uint32_t *auth_start; /* pointer to start of auth. portion */
- unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
- uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- zrtp_status_t status;
- ZRTP_UNALIGNED(zrtp_rtcp_hdr_t) *hdr;
- ZRTP_UNALIGNED(uint32_t) *trailer; /* pointer to start of trailer */
-
-
- int tag_len = 0;
- zrtp_v128_t iv;
-
- /* add new replay protection node or get existing one */
- rp_node = add_rp_node(srtp_ctx, srtp_global->rp_ctx, RP_INCOMING_DIRECTION, packet->ssrc);
- if(NULL == rp_node){
- return zrtp_status_rp_fail;
- }
-
- /* check the packet length - it must at least contain a full header */
- if (*(packet->length) < octets_in_rtcp_header){
- return zrtp_status_bad_param;
- }
-
- tag_len = srtp_stream_ctx->rtcp_auth.tag_len->tag_length;
- hdr = (zrtp_rtcp_hdr_t*)(packet->packet);
-
- enc_octet_len = *packet->length -
- (octets_in_rtcp_header + tag_len + sizeof(zrtp_rtcp_trailer_t));
-
- /* index & E (encryption) bit follow normal data. hdr->len
- is the number of words (32-bit) in the normal packet minus 1 */
- /* This should point trailer to the word past the end of the
- normal data. */
- /* This would need to be modified for optional mikey data */
- /*
- * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
- * multiples of 32-bits (RFC 3550 6.1)
- */
-
- trailer = (uint32_t *) ((char *) hdr + *packet->length - (tag_len + sizeof(zrtp_rtcp_trailer_t)));
-
- if (*((unsigned char *) trailer) & ZRTP_RTCP_E_BYTE_BIT) {
- enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
- } else {
- enc_octet_len = 0;
- enc_start = NULL; /* this indicates that there's no encryption */
- }
-
- /*
- * set the auth_start and auth_tag pointers to the proper locations
- * (note that srtcp *always* uses authentication, unlike srtp)
- */
- auth_start = (uint32_t *)hdr;
- auth_tag = (uint8_t *)hdr + *packet->length - tag_len;
-
- packet->seq = zrtp_ntoh32(*trailer) & 0x7fffffff;
-
- status = zrtp_srtp_rp_check(&rp_node->rtcp_rp, packet);
- if(zrtp_status_ok != status){
- return zrtp_status_rp_fail;
- }
-
- iv.v32[0] = 0;
- iv.v32[1] = hdr->ssrc; /* still in network order! */
- iv.v32[2] = zrtp_hton32(packet->seq >> 16);
- iv.v32[3] = zrtp_hton32(packet->seq << 16);
-
- status = zrtp_cipher_set_iv(&srtp_stream_ctx->rtcp_cipher, &iv);
- if(status){
- return zrtp_status_cipher_fail;
- }
-
- if(tag_len>0){
- zrtp_string64_t auth_tag_str = ZSTR_INIT_EMPTY(auth_tag_str);
-
- status = srtp_stream_ctx->rtcp_auth.hash->hmac_truncated_c(srtp_stream_ctx->rtcp_auth.hash,
- (const char*)srtp_stream_ctx->rtcp_auth.key,
- srtp_stream_ctx->rtcp_auth.key_len,
- (const char*)auth_start,
- *packet->length - tag_len,
- tag_len,
- (zrtp_stringn_t*) &auth_tag_str);
- if(status || tag_len != auth_tag_str.length){
- return zrtp_status_auth_fail;
- }
-
- if(0 != zrtp_memcmp((uint8_t *)auth_tag_str.buffer, (uint8_t *)auth_tag, tag_len)){
- return zrtp_status_auth_fail;
- }
- }else{
- return zrtp_status_auth_fail;
- }
-
- if(enc_start){
- status = zrtp_cipher_decrypt(&srtp_stream_ctx->rtcp_cipher, (unsigned char*)enc_start, enc_octet_len);
- if(status){
- return zrtp_status_cipher_fail;
- }
- }
-
- zrtp_srtp_rp_add(&rp_node->rtcp_rp, packet);
- *packet->length -= (tag_len + sizeof(zrtp_rtcp_trailer_t));
-
- return status;
-}
-
-#endif /* !ZRTP_USE_EXTERN_SRTP */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#if (defined(ZRTP_USE_EXTERN_SRTP) && (ZRTP_USE_EXTERN_SRTP == 1))
-
-/* exactly in this order (for winsock) */
-#include <srtp.h>
-#include "zrtp.h"
-
-struct zrtp_srtp_ctx
-{
- srtp_t outgoing_srtp;
- srtp_t incoming_srtp;
-};
-
-/*---------------------------------------------------------------------------*/
-void init_policy(crypto_policy_t *sp, zrtp_srtp_policy_t *zp)
-{
- //TODO: make incoming policy crypto algorithm check for David A. McGrew's implementation support
-
- /* there are no another appropriate ciphers in the David A. McGrew's implementation yet */
- sp->cipher_type = AES_128_ICM;
- sp->cipher_key_len = zp->cipher_key_len;
- sp->auth_type = HMAC_SHA1;
- sp->auth_key_len = zp->auth_key_len;
- sp->auth_tag_len = zp->auth_tag_len->tag_length ? zp->auth_tag_len->tag_length : 10;
- sp->sec_serv = sec_serv_conf_and_auth;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t create_srtp_stream( srtp_t *srtp_stream,
- zrtp_srtp_profile_t *profile,
- ssrc_type_t ssrc_type )
-{
- srtp_policy_t policy;
- uint8_t *tmp_key;
-
- init_policy(&policy.rtp, &profile->rtp_policy);
- init_policy(&policy.rtcp, &profile->rtcp_policy);
-
- policy.ssrc.type = ssrc_type;
- policy.ssrc.value = 0;
-
- /* David A. McGrew's implementation uses key and salt as whole buffer, so let's make it */
- tmp_key = (uint8_t*)zrtp_sys_alloc(profile->key.length + profile->salt.length);
- if(NULL == tmp_key){
- return zrtp_status_fail;
- }
- zrtp_memcpy(tmp_key, profile->key.buffer, profile->key.length);
- zrtp_memcpy(tmp_key+profile->key.length, profile->salt.buffer, profile->salt.length);
-
- policy.key = tmp_key;
- policy.next = NULL;
-
- /* add salt length to the key length of each policy */
- policy.rtp.cipher_key_len += 14;
- policy.rtcp.cipher_key_len += 14;
-
- if(err_status_ok != srtp_create(srtp_stream, &policy)){
- zrtp_sys_free(tmp_key);
- return zrtp_status_fail;
- }
-
- zrtp_sys_free(tmp_key);
- return zrtp_status_ok;
-}
-
-
-/*===========================================================================*/
-/* Public interface */
-/*===========================================================================*/
-
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_init(zrtp_global_ctx_t *zrtp_global)
-{
- err_status_t s = srtp_init();
- return (err_status_ok == s) ? zrtp_status_ok : s;
-}
-
-zrtp_status_t zrtp_srtp_down( zrtp_global_ctx_t *zrtp_global )
-{
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_srtp_ctx_t * zrtp_srtp_create( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_profile_t *inc_profile,
- zrtp_srtp_profile_t *out_profile)
-{
- zrtp_status_t res = zrtp_status_ok;
- zrtp_srtp_ctx_t *srtp_ctx = NULL;
-
- if(NULL == inc_profile || NULL == out_profile){
- return NULL;
- }
-
- do{
- srtp_policy_t *policy_head, *policy_next;
-
- srtp_ctx = zrtp_sys_alloc(sizeof(zrtp_srtp_ctx_t));
- if(NULL == srtp_ctx){
- break;
- }
-
- res = create_srtp_stream(&srtp_ctx->incoming_srtp, inc_profile, ssrc_any_inbound);
- if(zrtp_status_ok != res){
- zrtp_sys_free(srtp_ctx);
- srtp_ctx = NULL;
- break;
- }
-
- res = create_srtp_stream(&srtp_ctx->outgoing_srtp, out_profile, ssrc_any_outbound);
- if(zrtp_status_ok != res){
- srtp_dealloc(srtp_ctx->incoming_srtp);
- zrtp_sys_free(srtp_ctx);
- srtp_ctx = NULL;
- break;
- }
-
- }while(0);
-
- return srtp_ctx;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_destroy( zrtp_srtp_global_t *zrtp_srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx )
-{
- srtp_dealloc(srtp_ctx->incoming_srtp);
- srtp_dealloc(srtp_ctx->outgoing_srtp);
- zrtp_sys_free(srtp_ctx);
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_protect( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- err_status_t res;
- res = srtp_protect(srtp_ctx->outgoing_srtp, packet->packet, packet->length);
- if(err_status_ok != res){
- return zrtp_status_fail;
- }else{
- return zrtp_status_ok;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_unprotect( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- err_status_t res;
- res = srtp_unprotect(srtp_ctx->incoming_srtp, packet->packet, packet->length);
- if(err_status_ok != res){
- return zrtp_status_fail;
- }else{
- return zrtp_status_ok;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_protect_rtcp( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- err_status_t res;
- res = srtp_protect_rtcp(srtp_ctx->outgoing_srtp, packet->packet, packet->length);
- if(err_status_ok != res){
- return zrtp_status_fail;
- }else{
- return zrtp_status_ok;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_srtp_unprotect_rtcp( zrtp_srtp_global_t *srtp_global,
- zrtp_srtp_ctx_t *srtp_ctx,
- zrtp_rtp_info_t *packet)
-{
- err_status_t res;
- res = srtp_unprotect_rtcp(srtp_ctx->incoming_srtp, packet->packet, packet->length);
- if(err_status_ok != res){
- return zrtp_status_fail;
- }else{
- return zrtp_status_ok;
- }
-}
-
-/*----------------------------------------------------------------------------*/
-uint64_t make64(uint32_t high, uint32_t low)
-{
- uint64_t_ res;
- uint32_t *p = (uint32_t*)&res;
-
-#if ZRTP_BYTE_ORDER == ZBO_LITTLE_ENDIAN
- *p++ = low;
- *p = high;
-#else
- *p++ = high;
- *p = low;
-#endif
- return res;
-}
-
-uint32_t high32(uint64_t x)
-{
- uint32_t *p = &x;
-#if ZRTP_BYTE_ORDER == ZBO_LITTLE_ENDIAN
- p++;
-#endif
- return *p;
-}
-
-uint32_t low32(uint64_t x)
-{
- uint32_t *p = &x;
-#if ZRTP_BYTE_ORDER == ZBO_BIG_ENDIAN
- p++;
-#endif
- return *p;
-}
-
-#endif /*ZRTP_USE_EXTERN_SRTP*/
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#if ZRTP_HAVE_STRING_H == 1
-# include <string.h>
-#endif
-
-
-/*----------------------------------------------------------------------------*/
-int zrtp_zstrcmp(const zrtp_stringn_t *left, const zrtp_stringn_t *right)
-{
- if (left->length == right->length) {
- return zrtp_memcmp(left->buffer, right->buffer, left->length);
- } else {
- return left->length - right->length;
- }
-}
-
-void zrtp_zstrcpy(zrtp_stringn_t *dst, const zrtp_stringn_t *src)
-{
- dst->length = ZRTP_MIN(dst->max_length, src->length);
- zrtp_memcpy(dst->buffer, src->buffer, dst->length);
- if (dst->length < dst->max_length) {
- dst->buffer[dst->length] = 0;
- }
-}
-
-void zrtp_zstrcpyc(zrtp_stringn_t *dst, const char *src)
-{
- dst->length = ZRTP_MIN(dst->max_length, strlen(src));
- zrtp_memcpy(dst->buffer, src, dst->length);
- if (dst->length < dst->max_length) {
- dst->buffer[dst->length] = 0;
- }
-}
-
-void zrtp_zstrncpy(zrtp_stringn_t *dst, const zrtp_stringn_t *src, uint16_t size)
-{
- dst->length = ZRTP_MIN(dst->max_length, size);
- zrtp_memcpy(dst->buffer, src->buffer, dst->length);
- if (dst->length < dst->max_length) {
- dst->buffer[dst->length] = 0;
- }
-}
-
-void zrtp_zstrncpyc(zrtp_stringn_t *dst, const char *src, uint16_t size)
-{
- dst->length = ZRTP_MIN(dst->max_length, size);
- zrtp_memcpy(dst->buffer, src, dst->length);
- if (dst->length < dst->max_length) {
- dst->buffer[dst->length] = 0;
- }
-}
-
-void zrtp_zstrcat(zrtp_stringn_t *dst, const zrtp_stringn_t *src)
-{
- uint16_t count = ZRTP_MIN((dst->max_length - dst->length), src->length);
- zrtp_memcpy(dst->buffer + dst->length, src->buffer, count);
- dst->length += count;
- if (dst->length < dst->max_length) {
- dst->buffer[dst->length] = 0;
- }
-}
-
-void zrtp_wipe_zstring(zrtp_stringn_t *zstr)
-{
- if (zstr && zstr->length) {
- zrtp_memset(zstr->buffer, 0, zstr->max_length);
- zstr->length = 0;
- }
-}
-
-int zrtp_memcmp(const void* s1, const void* s2, uint32_t n)
-{
- uint32_t i = 0;
- uint8_t* s1uc = (uint8_t*) s1;
- uint8_t* s2uc = (uint8_t*) s2;
-
- for (i=0; i<n; i++) {
- if (s1uc[i] < s2uc[i]) {
- return -1;
- } else if (s1uc[i] > s2uc[i]) {
- return 1;
- }
- }
-
- return 0;
-}
-
-/*----------------------------------------------------------------------------*/
-static char* hex2char(char *dst, unsigned char b)
-{
- unsigned char v = b >> 4;
- *dst++ = (v<=9) ? '0'+v : 'a'+ (v-10);
- v = b & 0x0f;
- *dst++ = (v<=9) ? '0'+v : 'a'+ (v-10);
-
- return dst;
-}
-
-const char* hex2str(const char* bin, int bin_size, char* buff, int buff_size)
-{
- char* nptr = buff;
-
- if (NULL == buff) {
- return "buffer is NULL";
- }
- if (buff_size < bin_size*2) {
- return "buffer too small";
- }
-
- while (bin_size--) {
- nptr = hex2char(nptr, *bin++);
- }
-
- if (buff_size >= bin_size*2+1)
- *nptr = 0;
-
- return buff;
-}
-
-/*----------------------------------------------------------------------------*/
-static int char2hex(char v)
-{
- if (v >= 'a' && v <= 'f') {
- return v - 'a' + 10;
- }
- if (v >= 'A' && v <= 'F') {
- return v - 'A' + 10;
- }
- if (v >= '0' && v <= '9') {
- return v - '0';
- }
- return 0x10;
-}
-
-char *str2hex(const char* buff, int buff_size, char* bin, int bin_size)
-{
- char tmp = 0;
-
- if (NULL == buff || !buff_size) {
- return "buffer is NULL || !buf_size";
- }
- if (buff_size % 2) {
- return "buff_size has to be even";
- }
- if (buff_size > bin_size*2) {
- return "buffer too small";
- }
-
- while (buff_size--)
- {
- int value = char2hex(*buff++);
- if (value > 0x0F) {
- return "wrong symbol in buffer";
- }
- if (buff_size % 2) {
- tmp = (char)value;
- } else {
- value |= (char)(tmp << 4);
- *bin++ = value;
- }
- }
-
- return bin;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp utils"
-
-/*----------------------------------------------------------------------------*/
-static uint32_t _estimate_index(uint32_t seq, uint32_t s_l)
-{
- uint32_t v;
- uint32_t roc = (s_l >> 16) & 0xffff;
-
- /* from RFC 3711, Appendix A */
- if (0 == s_l) {
- return seq;
- }
-
- s_l &= 0xfffful;
- if (s_l < 32768ul) {
- v = (seq < s_l) ? roc : ((seq - s_l > 32768ul) ? (roc ? (roc - 1) : 0) : roc);
- } else {
- v = (s_l - 32768ul > seq) ? (roc + 1) : roc;
- }
-
- return seq | (v << 16);
-}
-
-/**
- * @brief Converts RTP sequence number to implicit representation.
- * @sa section 3.3.1 of RFC 3711
- * @param self - ZRTP stream context associated with the packet;
- * @param packet - RTP packet for converting;
- * @param is_media - 1 - assumes RTP media packet and 0 - ZRTP protocol message;
- * @param is_input - 1 assumes incoming and 0 - outgoing packet direction.
- * @return resulting sequence number.
- */
-static uint32_t _convert_seq_to_implicit_seq( zrtp_stream_t *ctx,
- char *packet,
- uint8_t is_media,
- uint8_t is_input)
-{
- uint32_t header_seq = 0;
- uint32_t ctx_seq = 0;
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *rtp_hdr = (zrtp_rtp_hdr_t*)packet;
-
- if (is_input) {
- ctx_seq = is_media ? ctx->media_ctx.high_in_media_seq : ctx->media_ctx.high_in_zrtp_seq;
- }
- else {
- ctx_seq = is_media ? ctx->media_ctx.high_out_media_seq : ctx->media_ctx.high_out_zrtp_seq;
- }
-
- header_seq = _estimate_index(zrtp_ntoh16(rtp_hdr->seq), ctx_seq);
-
- if (0 == ctx_seq || header_seq > ctx_seq) /* as per section 3.3.1 of RFC 3711 */
- {
- if (is_input) {
- if (is_media) {
- ctx->media_ctx.high_in_media_seq = header_seq;
- } else {
- ctx->media_ctx.high_in_zrtp_seq = header_seq;
- }
- } else {
- if (is_media) {
- ctx->media_ctx.high_out_media_seq = header_seq;
- } else {
- ctx->media_ctx.high_out_zrtp_seq = header_seq;
- }
- }
- }
-
- return header_seq;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_packet_fill_msg_hdr( zrtp_stream_t *stream,
- zrtp_msg_type_t type,
- uint16_t body_length,
- zrtp_msg_hdr_t* hdr)
-{
- char *key = NULL;
-
- switch (type)
- {
- case ZRTP_HELLO:
- zrtp_memcpy(hdr->type, "Hello ", ZRTP_PACKET_TYPE_SIZE);
- key = (char*)stream->messages.commit.hash;
- break;
- case ZRTP_HELLOACK:
- zrtp_memcpy(hdr->type, "HelloACK", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_COMMIT:
- zrtp_memcpy(hdr->type, "Commit ", ZRTP_PACKET_TYPE_SIZE);
- key = (char*)stream->messages.dhpart.hash;
- break;
- case ZRTP_DHPART1:
- zrtp_memcpy(hdr->type, "DHPart1 ", ZRTP_PACKET_TYPE_SIZE);
- key = stream->messages.h0.buffer;
- break;
- case ZRTP_DHPART2:
- zrtp_memcpy(hdr->type, "DHPart2 ", ZRTP_PACKET_TYPE_SIZE);
- key = stream->messages.h0.buffer;
- break;
- case ZRTP_CONFIRM2ACK:
- zrtp_memcpy(hdr->type, "Conf2ACK", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_GOCLEAR:
- zrtp_memcpy(hdr->type, "GoClear ", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_GOCLEARACK:
- zrtp_memcpy(hdr->type, "ClearACK", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_ERROR:
- zrtp_memcpy(hdr->type, "Error ", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_ERRORACK:
- zrtp_memcpy(hdr->type, "ErrorACK", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_CONFIRM1:
- zrtp_memcpy(hdr->type, "Confirm1", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_CONFIRM2:
- zrtp_memcpy(hdr->type, "Confirm2", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_SASRELAY:
- zrtp_memcpy(hdr->type, "SASrelay", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_RELAYACK:
- zrtp_memcpy(hdr->type, "RelayACK", ZRTP_PACKET_TYPE_SIZE);
- break;
- case ZRTP_ZFONEPINGACK:
- zrtp_memcpy(hdr->type, "PingACK ", ZRTP_PACKET_TYPE_SIZE);
- break;
-
- default:
- return zrtp_status_bad_param;
- }
-
-
- hdr->magic = zrtp_hton16(ZRTP_MESSAGE_MAGIC);
- /* message type + length intelf */
- hdr->length = zrtp_hton16((ZRTP_PACKET_TYPE_SIZE + 4 + body_length) / 4);
-
- if (key)
- {
- char *hmac = (char*)hdr + ZRTP_PACKET_TYPE_SIZE + 4 + body_length - ZRTP_HMAC_SIZE;
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, stream->zrtp);
- zrtp_string32_t hmac_buff = ZSTR_INIT_EMPTY(hmac_buff);
-
- hash->hmac_truncated_c( hash,
- (const char*)key,
- ZRTP_MESSAGE_HASH_SIZE,
- (char*)hdr,
- ZRTP_PACKET_TYPE_SIZE + 4 + body_length - ZRTP_HMAC_SIZE,
- ZRTP_HMAC_SIZE,
- ZSTR_GV(hmac_buff) );
- zrtp_memcpy(hmac, hmac_buff.buffer, ZRTP_HMAC_SIZE);
- }
-
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_msg_type_t _zrtp_packet_get_type(ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *hdr, uint32_t length)
-{
- char *type = NULL;
-
- if (ZRTP_PACKETS_MAGIC != zrtp_ntoh32(hdr->ts)) {
- /* This is non ZRTP packet */
- return ZRTP_NONE;
- } else if (length < (ZRTP_MIN_PACKET_LENGTH)) {
- /* Malformed packet: ZRTP MAGIC is present, but size is too small */
- return ZRTP_UNPARSED;
- }
-
- /* Shifting to ZRTP packet type field: <RTP header> + <extension header> */
- type = (char*)(hdr) + sizeof(zrtp_rtp_hdr_t) + 4;
-
- switch (*type++)
- {
- case 'C':
- case 'c':
- if (0 == zrtp_memcmp(type, "ommit ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_COMMIT;
- if (0 == zrtp_memcmp(type, "onf2ACK", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_CONFIRM2ACK;
- if (0 == zrtp_memcmp(type, "onfirm1", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_CONFIRM1;
- if (0 == zrtp_memcmp(type, "onfirm2", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_CONFIRM2;
- if (0 == zrtp_memcmp(type, "learACK", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_GOCLEARACK;
- break;
-
- case 'D':
- case 'd':
- if (0 == zrtp_memcmp(type, "HPart1 ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_DHPART1;
- if (0 == zrtp_memcmp(type, "HPart2 ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_DHPART2;
- break;
-
- case 'E':
- case 'e':
- if (0 == zrtp_memcmp(type, "rror ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_ERROR;
- if (0 == zrtp_memcmp(type, "rrorACK", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_ERRORACK;
- break;
-
- case 'G':
- case 'g':
- if (0 == zrtp_memcmp(type, "oClear ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_GOCLEAR;
- break;
-
- case 'H':
- case 'h':
- if (0 == zrtp_memcmp(type, "ello ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_HELLO;
- if (0 == zrtp_memcmp(type, "elloACK", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_HELLOACK;
- break;
-
- case 'P':
- case 'p':
- if (0 == zrtp_memcmp(type, "ing ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_ZFONEPING;
- if (0 == zrtp_memcmp(type, "ingACK ", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_ZFONEPINGACK;
- break;
-
- case 'R':
- case 'r':
- if (0 == zrtp_memcmp(type, "elayACK", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_RELAYACK;
- break;
-
- case 'S':
- case 's':
- if (0 == zrtp_memcmp(type, "ASrelay", ZRTP_PACKET_TYPE_SIZE-1))
- return ZRTP_SASRELAY;
- break;
- }
-
- return ZRTP_NONE;
-}
-
-/*----------------------------------------------------------------------------*/
-int _zrtp_packet_send_message(zrtp_stream_t* stream, zrtp_msg_type_t type, const void* message)
-{
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *rtp_hdr = NULL;
-
- zrtp_msg_hdr_t* zrtp_hdr = NULL;
- uint32_t packet_length = sizeof(zrtp_rtp_hdr_t);
- zrtp_status_t s = zrtp_status_ok;
-
-#if (defined(ZRTP_USE_STACK_MINIM) && (ZRTP_USE_STACK_MINIM == 1))
- char* buffer = zrtp_sys_alloc(1500);
- if (!buffer) {
- return zrtp_status_alloc_fail;
- }
-#else
- char buffer[1500];
-#endif
-
- rtp_hdr = (zrtp_rtp_hdr_t*)buffer;
-
- /* Fill main RTP packet fields */
- zrtp_memset(rtp_hdr, 0, sizeof(zrtp_rtp_hdr_t));
- rtp_hdr->x = 1;
- rtp_hdr->ssrc = stream->media_ctx.ssrc;
-
- /* Increment ZRTP RTP sequences space */
- rtp_hdr->seq = zrtp_hton16((++stream->media_ctx.high_out_zrtp_seq) & 0xffff);
- if (stream->media_ctx.high_out_zrtp_seq >= 0xffff) {
- stream->media_ctx.high_out_zrtp_seq = 0;
- }
-
- /* Set ZRTP MAGIC instead of timestamp and as a extension type */
- rtp_hdr->ts = zrtp_hton32(ZRTP_PACKETS_MAGIC);
-
- if (message) {
- zrtp_memcpy( buffer + RTP_HDR_SIZE,
- (char*)message,
- zrtp_ntoh16(((zrtp_msg_hdr_t*) message)->length)*4 );
- } else {
- /* May be it's a primitive packet and we should fill ZRTP header there */
- zrtp_hdr = (zrtp_msg_hdr_t*) (buffer + RTP_HDR_SIZE);
- if (zrtp_status_ok != _zrtp_packet_fill_msg_hdr(stream, type, 0, zrtp_hdr)) {
-#if (defined(ZRTP_USE_STACK_MINIM) && (ZRTP_USE_STACK_MINIM == 1))
- zrtp_sys_free(buffer);
-#endif
- return zrtp_status_bad_param;
- }
- }
-
- zrtp_hdr = (zrtp_msg_hdr_t*) (buffer + RTP_HDR_SIZE);
- packet_length += (zrtp_ntoh16(zrtp_hdr->length)*4 + 4); /* add ZRTP message header and CRC */
-
- /*
- * Why do we add our own extra CRC in the ZRTP key agreement packets?
- * If we warn the user of a man-in-the-middle attack, we must be
- * highly confident it's a real attack, not triggered by accidental
- * line noise, or we risk unnecessary user panic and an inappropriate
- * security response. Extra error detection is needed to reliably
- * distinguish between a real attack and line noise, because unlike
- * TCP, UDP does not have enough built-in error detection. It only
- * has a 16 bit checksum, and in some UDP stacks it's not always
- * present.
- */
- _zrtp_packet_insert_crc(buffer, packet_length);
-
- ZRTP_LOG(3,(_ZTU_, "\tSend <%.8s> ssrc=%u seq=%u size=%d. Stream %u:%s:%s\n",
- zrtp_log_pkt2str(type),
- zrtp_ntoh32(rtp_hdr->ssrc),
- zrtp_ntoh16(rtp_hdr->seq),
- packet_length,
- stream->id,
- zrtp_log_mode2str(stream->mode),
- zrtp_log_state2str(stream->state)));
-
- s = stream->zrtp->cb.misc_cb.on_send_packet(stream, buffer, packet_length);
-
-#if (defined(ZRTP_USE_STACK_MINIM) && (ZRTP_USE_STACK_MINIM == 1))
- zrtp_sys_free(buffer);
-#endif
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_packet_preparse( zrtp_stream_t* stream,
- char* packet,
- uint32_t *length,
- zrtp_rtp_info_t* info,
- uint8_t is_input )
-{
- zrtp_status_t s = zrtp_status_fail;
- uint8_t is_correct = 1;
-
- do
- {
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *rtpHdr = NULL;
-
- if (*length < sizeof(zrtp_rtp_hdr_t)) {
- ZRTP_LOG(1,(_ZTU_,"WARNING! Incoming packet is too small %d.ID=%u\n", *length, stream->id));
- s = zrtp_status_bad_param;
- break;
- }
-
- rtpHdr = (zrtp_rtp_hdr_t*) packet;
- info->type = _zrtp_packet_get_type(rtpHdr, *length);
- if (ZRTP_UNPARSED == info->type) {
- ZRTP_LOG(1,(_ZTU_,"WARNING! Can't determinate packet type. ID=%u\n", stream->id));
- s = zrtp_status_bad_param;
- break;
- }
-
- info->packet = packet;
- info->message = packet + RTP_HDR_SIZE;
- info->length = length;
- info->ssrc = rtpHdr->ssrc;
- info->seq = _convert_seq_to_implicit_seq(stream, packet, info->type == ZRTP_NONE, is_input);
-
- /*
- * Check ZRTP message correctness:
- * - CRC
- * - length according to type
- * - hash (DOS attack)
- */
- if (is_input && (info->type != ZRTP_NONE) && (info->type != ZRTP_UNPARSED))
- {
- zrtp_string32_t hash_str = ZSTR_INIT_EMPTY(hash_str);
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, stream->zrtp);
- char *hash2compare = NULL, *rechash = NULL;
- zrtp_string32_t tmp_hash_str = ZSTR_INIT_EMPTY(tmp_hash_str);
-
- ZRTP_LOG(3,(_ZTU_, "Received <%.8s> packet with ssrc=%u seq=%u/%u size=%d. Stream%u:%s:%s.\n",
- packet + sizeof(zrtp_rtp_hdr_t) + 4,
- zrtp_ntoh32(info->ssrc),
- zrtp_ntoh16(rtpHdr->seq),
- info->seq,
- *info->length,
- stream->id,
- zrtp_log_mode2str(stream->mode),
- zrtp_log_state2str(stream->state)));
-
- /*
- * Why do we add our own extra CRC in the ZRTP key agreement packets?
- * If we warn the user of a man-in-the-middle attack, we must be
- * highly confident it's a real attack, not triggered by accidental
- * line noise, or we risk unnecessary user panic and an inappropriate
- * security response. Extra error detection is needed to reliably
- * distinguish between a real attack and line noise, because unlike
- * TCP, UDP does not have enough built-in error detection. It only
- * has a 16 bit checksum, and in some UDP stacks it's not always
- * present.
- */
- if (_zrtp_packet_validate_crc(info->packet, *info->length) != 0) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Incoming ZRTP CRC validation fails. ID=%u\n", stream->id));
- s = zrtp_status_crc_fail;
- break;
- }
-
- /* Check length field correctness */
- if (zrtp_ntoh16(((zrtp_msg_hdr_t*)info->message)->length)*4 != (*length - 4 - RTP_HDR_SIZE))
- {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Wrong length field for Incoming message %d packet=%d. ID=%u\n",
- zrtp_ntoh16(((zrtp_msg_hdr_t*)info->message)->length)*4,
- *length, stream->id));
- s = zrtp_status_bad_param;
- break;
- }
-
- /* Check packet size according to its type */
- switch (info->type)
- {
- case ZRTP_COMMIT:
- {
- switch (stream->mode)
- {
- case ZRTP_STREAM_MODE_DH:
- is_correct = !(*length < (RTP_HDR_SIZE + ZRTP_COMMIT_STATIC_SIZE + ZRTP_HV_SIZE + ZRTP_HMAC_SIZE));
- break;
- case ZRTP_STREAM_MODE_MULT:
- is_correct = !(*length < (RTP_HDR_SIZE + ZRTP_COMMIT_STATIC_SIZE + ZRTP_HV_NONCE_SIZE + ZRTP_HMAC_SIZE));
- break;
- case ZRTP_STREAM_MODE_PRESHARED:
- is_correct = !(*length < (RTP_HDR_SIZE + ZRTP_COMMIT_STATIC_SIZE + ZRTP_HV_NONCE_SIZE + ZRTP_HV_KEY_SIZE + ZRTP_HMAC_SIZE));
- break;
- default:
- break;
- };
- break;
- }
- case ZRTP_DHPART1:
- case ZRTP_DHPART2:
- if (stream->pubkeyscheme) {
- is_correct = (*length == (ZRTP_MIN_PACKET_LENGTH + ZRTP_DH_STATIC_SIZE + stream->pubkeyscheme->pv_length + ZRTP_HMAC_SIZE));
- }
- break;
- case ZRTP_CONFIRM1:
- case ZRTP_CONFIRM2:
- is_correct = !(*length < (RTP_HDR_SIZE + sizeof(zrtp_packet_Confirm_t)));
- break;
- case ZRTP_SASRELAY:
- is_correct = !(*length < (RTP_HDR_SIZE + sizeof(zrtp_packet_SASRelay_t)));
- break;
- case ZRTP_GOCLEAR:
- is_correct = !(*length < (RTP_HDR_SIZE + sizeof(zrtp_packet_GoClear_t)));
- break;
- case ZRTP_ERROR:
- is_correct = !(*length < (RTP_HDR_SIZE + sizeof(zrtp_packet_Error_t)));
- break;
- case ZRTP_ZFONEPING:
- case ZRTP_ZFONEPINGACK:
- is_correct = !(*length < (RTP_HDR_SIZE + sizeof(zrtp_packet_zfoneping_t)));
- break;
- default:
- break;
- }
- /* If CRC have been verified but packet size is wrong - it looks like a stupid attack */
- if (!is_correct) {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! Incoming ZRTP message %d:%d is corrupted. ID=%u\n",
- info->type, *length, stream->id));
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_invalid_packet, 1);
- s = zrtp_status_attack;
- break;
- }
-
- /*
- * Check hash to prevent DOS attacks
- */
- switch (info->type)
- {
- case ZRTP_HELLO:
- if (stream->messages.signaling_hash.length)
- {
- hash->hash_c( hash,
- (const char*) info->message,
- zrtp_ntoh16(((zrtp_packet_Hello_t*) info->message)->hdr.length)*4,
- ZSTR_GV(hash_str) );
- if (zrtp_memcmp(stream->messages.signaling_hash.buffer, hash_str.buffer, ZRTP_MESSAGE_HASH_SIZE)) {
- if (stream->zrtp->cb.event_cb.on_zrtp_security_event) {
- stream->zrtp->cb.event_cb.on_zrtp_security_event(stream, ZRTP_EVENT_WRONG_SIGNALING_HASH);
- }
- }
- } break;
- case ZRTP_COMMIT:
- rechash = (char*)((zrtp_packet_Commit_t*) info->message)->hash;
- hash2compare = (char*)stream->messages.peer_hello.hash;
- break;
- case ZRTP_DHPART1:
- hash->hash_c( hash,
- (const char*)((zrtp_packet_DHPart_t*) info->message)->hash,
- ZRTP_MESSAGE_HASH_SIZE,
- ZSTR_GV(tmp_hash_str) );
- rechash = (char*)tmp_hash_str.buffer;
- hash2compare = (char*)stream->messages.peer_hello.hash;
- break;
- case ZRTP_DHPART2:
- rechash = (char*)((zrtp_packet_DHPart_t*) info->message)->hash;
- hash2compare = (char*)stream->messages.peer_commit.hash;
- break;
- default:
- break;
- }
-
- if (rechash)
- {
- hash->hash_c(hash, rechash, ZRTP_MESSAGE_HASH_SIZE, ZSTR_GV(hash_str));
- is_correct = !zrtp_memcmp(hash2compare, hash_str.buffer, ZRTP_MESSAGE_HASH_SIZE);
- if (!is_correct)
- {
- ZRTP_LOG(2,(_ZTU_,"\tWARNING! ZRTP Message hashes don't mach %s! ID=%u\n",
- zrtp_log_pkt2str(info->type), stream->id));
- s = zrtp_status_attack;
- break;
- } /* hashes check */
- }
-
-
- /*
- * Check messages HMAC
- */
- {
- zrtp_msg_hdr_t *hdr = NULL;
- switch (info->type)
- {
- case ZRTP_COMMIT:
- case ZRTP_DHPART1:
- hdr = &stream->messages.peer_hello.hdr;
- break;
- case ZRTP_DHPART2:
- hdr = &stream->messages.peer_commit.hdr;
- break;
- default:
- break;
- }
- if (hdr)
- if (0 != _zrtp_validate_message_hmac(stream, hdr, rechash)) {
- return zrtp_status_fail;
- }
- }
-
-// TODO: check this replay protection logic!
-// if (info->seq != stream->media_ctx.high_in_zrtp_seq) {
-// s = zrtp_status_zrp_fail;
-// break;
-// }
- } /* for incoming ZRTP messages only only */
-
- s = zrtp_status_ok;
- } while(0);
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-void _zrtp_cancel_send_packet_later( zrtp_stream_t* stream,
- zrtp_msg_type_t type)
-{
- zrtp_retry_task_t* task = NULL;
-
- switch (type)
- {
- case ZRTP_HELLO:
- task = &stream->messages.hello_task;
- break;
- case ZRTP_COMMIT:
- task = &stream->messages.commit_task;
- break;
- case ZRTP_DHPART2:
- task = &stream->messages.dhpart_task;
- break;
- case ZRTP_CONFIRM2:
- task = &stream->messages.confirm_task;
- break;
- case ZRTP_GOCLEAR:
- task = &stream->messages.goclear_task;
- break;
- case ZRTP_ERROR:
- task = &stream->messages.error_task;
- break;
- case ZRTP_PROCESS:
- task = &stream->messages.dh_task;
- break;
- case ZRTP_SASRELAY:
- task = &stream->messages.sasrelay_task;
- break;
-
- case ZRTP_NONE:
- stream->messages.hello_task._is_enabled = 0;
- stream->messages.goclear_task._is_enabled = 0;
- stream->messages.commit_task._is_enabled = 0;
- stream->messages.confirm_task._is_enabled = 0;
- stream->messages.dhpart_task._is_enabled = 0;
- stream->messages.error_task._is_enabled = 0;
- stream->messages.dh_task._is_enabled = 0;
- stream->messages.sasrelay_task._is_enabled = 0;
- break;
-
- default:
- return;
- }
-
- if(task) {
- task->_is_enabled = 0;
- }
-
- if (stream->zrtp->cb.sched_cb.on_cancel_call_later) {
- stream->zrtp->cb.sched_cb.on_cancel_call_later(stream, task);
- }
-}
-
-void _zrtp_change_state( zrtp_stream_t* stream, zrtp_state_t state)
-{
- stream->prev_state = stream->state;
- stream->state = state;
- ZRTP_LOG(3,("zrtp","\tStream ID=%u %s switching <%s> ---> <%s>.\n",
- stream->id, zrtp_log_mode2str(stream->mode), zrtp_log_state2str(stream->prev_state), zrtp_log_state2str(stream->state)));
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-#define _ZTU_ "zrtp utils"
-
-
-/*----------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_prepare_secrets(zrtp_session_t* session)
-{
- zrtp_secrets_t* sec = &session->secrets;
- zrtp_status_t s = zrtp_status_ok;
-
- /* Protect Secrets from race conditions on multistream calls. */
- zrtp_mutex_lock(session->streams_protector);
-
- if (!sec->is_ready) {
- do {
- uint32_t verifiedflag = 0;
-
- session->secrets.rs1->_cachedflag = 0;
- session->secrets.rs2->_cachedflag = 0;
- if (session->zrtp->cb.cache_cb.on_get) {
- s = session->zrtp->cb.cache_cb.on_get( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- session->secrets.rs1,
- 0);
- session->secrets.rs1->_cachedflag = (zrtp_status_ok == s);
-
- s = session->zrtp->cb.cache_cb.on_get( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- session->secrets.rs2,
- 1);
- session->secrets.rs2->_cachedflag = (zrtp_status_ok == s);
- }
-
- if (session->zrtp->cb.cache_cb.on_get_verified) {
- s = session->zrtp->cb.cache_cb.on_get_verified( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- &verifiedflag);
- }
-
- if (session->zrtp->cb.cache_cb.on_get_mitm) {
- s = session->zrtp->cb.cache_cb.on_get_mitm( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- session->secrets.pbxs);
- session->secrets.pbxs->_cachedflag = (zrtp_status_ok == s);
- } else {
- session->secrets.pbxs->_cachedflag = 0;
- }
-
- /* Duplicate all secrets flags to zrtp-context */
- session->secrets.cached |= session->secrets.rs1->_cachedflag ? ZRTP_BIT_RS1 : 0;
- session->secrets.cached |= session->secrets.rs2->_cachedflag ? ZRTP_BIT_RS2 : 0;
- session->secrets.cached |= session->secrets.pbxs->_cachedflag ? ZRTP_BIT_PBX : 0;
-
- {
- char buff[128];
- char buff2[128];
- ZRTP_LOG(3,(_ZTU_,"\tRestoring Secrets: lZID=%s rZID=%s. V=%d sID=%u\n",
- hex2str(session->zid.buffer, session->zid.length, buff, sizeof(buff)),
- hex2str(session->peer_zid.buffer, session->peer_zid.length, buff2, sizeof(buff2)),
- verifiedflag,
- session->id));
- ZRTP_LOG(3,(_ZTU_,"\t\tRS1 <%s>\n",
- session->secrets.rs1->_cachedflag ?
- hex2str( session->secrets.rs1->value.buffer,
- session->secrets.rs1->value.length,
- buff, sizeof(buff) ) : "EMPTY"));
- ZRTP_LOG(3,(_ZTU_,"\t\tRS2 <%s>\n",
- session->secrets.rs2->_cachedflag ?
- hex2str( session->secrets.rs2->value.buffer,
- session->secrets.rs2->value.length,
- buff, sizeof(buff) ) : "EMPTY"));
- ZRTP_LOG(3,(_ZTU_,"\t\tPBX <%s>\n",
- session->secrets.pbxs->_cachedflag ?
- hex2str( session->secrets.pbxs->value.buffer,
- session->secrets.pbxs->value.length,
- buff, sizeof(buff) ) : "EMPTY"));
- }
-
- sec->is_ready = 1;
- s = zrtp_status_ok;
- } while (0);
- }
-
- zrtp_mutex_unlock(session->streams_protector);
-
- return s;
-}
-
-/*----------------------------------------------------------------------------*/
-zrtp_shared_secret_t *_zrtp_alloc_shared_secret(zrtp_session_t* session)
-{
- zrtp_shared_secret_t *ss = zrtp_sys_alloc(sizeof(zrtp_shared_secret_t));
- if (ss) {
- zrtp_memset(ss, 0, sizeof(zrtp_shared_secret_t));
- ZSTR_SET_EMPTY(ss->value);
- ss->value.length = ZRTP_MIN(ss->value.max_length, ZRTP_RS_SIZE);
-
- ss->lastused_at = (uint32_t)(zrtp_time_now()/1000);
- ss->ttl = 0xFFFFFFFF;
- ss->_cachedflag = 0;
- ss->value.length = ZRTP_MIN(ss->value.max_length, ZRTP_RS_SIZE);
-
- if (ss->value.length != zrtp_randstr( session->zrtp,
- (unsigned char*)ss->value.buffer,
- ss->value.length))
- {
- zrtp_sys_free(ss);
- ss = NULL;
- }
- }
-
- return ss;
-}
-
-/*----------------------------------------------------------------------------*/
-int _zrtp_can_start_stream(zrtp_stream_t* stream, zrtp_stream_t **conc, zrtp_stream_mode_t mode)
-{
- uint8_t deny = 0;
- mlist_t* node = NULL;
-
- zrtp_mutex_lock(stream->zrtp->sessions_protector);
-
- mlist_for_each(node, &stream->zrtp->sessions_head)
- {
- zrtp_session_t* tmp_sctx = mlist_get_struct(zrtp_session_t, _mlist, node);
-
- if ( !zrtp_zstrcmp(ZSTR_GV(tmp_sctx->zid), ZSTR_GV(stream->session->zid)) &&
- !zrtp_zstrcmp(ZSTR_GV(tmp_sctx->peer_zid), ZSTR_GV(stream->session->peer_zid)) )
- {
- int i = 0;
-
- zrtp_mutex_lock(tmp_sctx->streams_protector);
-
- for (i=0; i<ZRTP_MAX_STREAMS_PER_SESSION; i++)
- {
- zrtp_stream_t* tmp_stctx = &tmp_sctx->streams[i];
-
- /*
- * We don't need to lock the stream because it have been already locked
- * by high level function: zrtp_process_srtp() or _initiating_secure()
- */
- if ((stream != tmp_stctx) && (tmp_stctx->state != ZRTP_STATE_NONE)) {
- deny = ( (tmp_stctx->state > ZRTP_STATE_START_INITIATINGSECURE) &&
- (tmp_stctx->state < ZRTP_STATE_SECURE) );
-
- if ((mode == ZRTP_STREAM_MODE_MULT) && deny) {
- deny = !(tmp_stctx->mode == ZRTP_STREAM_MODE_MULT);
- }
-
- if (deny) {
- *conc = tmp_stctx;
- break;
- }
- }
- }
-
- zrtp_mutex_unlock(tmp_sctx->streams_protector);
-
- if (deny) {
- break;
- }
- }
- }
-
- zrtp_mutex_unlock(stream->zrtp->sessions_protector);
-
- if (!deny){
- *conc = NULL;
- }
-
- return !deny;
-}
-
-/*----------------------------------------------------------------------------*/
-uint8_t _zrtp_choose_best_comp( zrtp_profile_t *profile,
- zrtp_packet_Hello_t* peer_hello,
- zrtp_crypto_comp_t type )
-{
- uint8_t* prof_elem = NULL;
- int i=0, j=0;
- int offset = 0;
- int count = 0;
-
- switch (type)
- {
- case ZRTP_CC_PKT:
- {
- uint8_t pref_peer_pk = ZRTP_COMP_UNKN;
- uint8_t pref_pk = ZRTP_COMP_UNKN;
- char *cp = NULL;
-
- prof_elem = (uint8_t*)profile->pk_schemes;
- offset = (peer_hello->hc + peer_hello->cc + peer_hello->ac) * ZRTP_COMP_TYPE_SIZE;
- count = peer_hello->kc;
-
- /* Looking for peer preferable DH scheme */
- cp = (char*)peer_hello->comp + offset;
- for (i=0; i<count; i++, cp+=ZRTP_COMP_TYPE_SIZE) {
- uint8_t tmp_pref_peer_pk = zrtp_comp_type2id(type, cp);
- j = 0;
- while (prof_elem[j]) {
- if (prof_elem[j++] == tmp_pref_peer_pk) {
- pref_peer_pk = tmp_pref_peer_pk;
- break;
- }
- }
- if (ZRTP_COMP_UNKN != pref_peer_pk) {
- break;
- }
- }
-
- /* Looking for local preferable DH scheme */
- i=0;
- while (prof_elem[i]) {
- uint8_t tmp_pref_pk = prof_elem[i++];
- cp = (char*)peer_hello->comp + offset;
- for (j=0; j<count; j++, cp+=ZRTP_COMP_TYPE_SIZE) {
- if(tmp_pref_pk == zrtp_comp_type2id(type, cp)) {
- pref_pk = tmp_pref_pk;
- break;
- }
- }
- if (ZRTP_COMP_UNKN != pref_pk) {
- break;
- }
- }
-
- ZRTP_LOG(3,(_ZTU_,"\t_zrtp_choose_best_comp() for PKT. local=%s remote=%s, choosen=%s\n",
- zrtp_comp_id2type(type, pref_pk), zrtp_comp_id2type(type, pref_peer_pk), zrtp_comp_id2type(type, ZRTP_MIN(pref_peer_pk, pref_pk))));
-
- /* Choose the fastest one. */
- return ZRTP_MIN(pref_peer_pk, pref_pk);
- } break;
- case ZRTP_CC_HASH:
- prof_elem = (uint8_t*)&profile->hash_schemes;
- offset = 0;
- count = peer_hello->hc;
- break;
- case ZRTP_CC_SAS:
- prof_elem = (uint8_t*)profile->sas_schemes;
- offset = (peer_hello->hc + peer_hello->cc + peer_hello->ac + peer_hello->kc)* ZRTP_COMP_TYPE_SIZE;
- count = peer_hello->sc;
- break;
- case ZRTP_CC_CIPHER:
- prof_elem = (uint8_t*)profile->cipher_types;
- offset = peer_hello->hc * ZRTP_COMP_TYPE_SIZE;
- count = peer_hello->cc;
- break;
- case ZRTP_CC_ATL:
- prof_elem = (uint8_t*)profile->auth_tag_lens;
- offset = (peer_hello->hc + peer_hello->cc)*ZRTP_COMP_TYPE_SIZE;
- count = peer_hello->ac;
- break;
- default:
- return ZRTP_COMP_UNKN;
- }
-
- while (prof_elem[i])
- {
- char *cp = (char*)peer_hello->comp + offset;
- uint8_t comp_id = prof_elem[i++];
-
- for (j=0; j<count; j++, cp+=ZRTP_COMP_TYPE_SIZE) {
- if (comp_id == zrtp_comp_type2id(type, cp)) {
- return comp_id;
- }
- }
- }
-
- return ZRTP_COMP_UNKN;
-}
-
-/*----------------------------------------------------------------------------*/
-static int _is_presh_in_hello(zrtp_packet_Hello_t* hello)
-{
- int i = 0;
- char* cp = (char*)hello->comp + (hello->hc + hello->cc + hello->ac) * ZRTP_COMP_TYPE_SIZE;
- for (i=0; i < hello->kc; i++, cp+=ZRTP_COMP_TYPE_SIZE) {
- if (!zrtp_memcmp(cp, ZRTP_PRESHARED, ZRTP_COMP_TYPE_SIZE)) {
- return i;
- }
- }
-
- return -1;
-}
-
-int _zrtp_is_dh_in_session(zrtp_stream_t* stream)
-{
- uint8_t i = 0;
- for (i=0; i< ZRTP_MAX_STREAMS_PER_SESSION; i++) {
- zrtp_stream_t *tmp_stream = &stream->session->streams[i];
- if ((tmp_stream != stream) && ZRTP_IS_STREAM_DH(tmp_stream)) {
- return 0;
- }
- }
- return -1;
-}
-
-zrtp_stream_mode_t _zrtp_define_stream_mode(zrtp_stream_t* stream)
-{
- zrtp_session_t* session = stream->session;
-
- /*
- * If ZRTP Session key is available - use Multistream mode.
- * If both sides ready for Preshared and we have RS1 and it has Verified flag - try Preshared.
- * Use DH in other cases
- */
- if (session->zrtpsess.length > 0) {
- stream->pubkeyscheme = zrtp_comp_find(ZRTP_CC_PKT, ZRTP_PKTYPE_MULT, session->zrtp);
- return ZRTP_STREAM_MODE_MULT;
- } else {
- /* If both sides ready for Preshared and we have RSes in our cache - try Preshared. */
- if (ZRTP_PKTYPE_PRESH == stream->pubkeyscheme->base.id)
- {
- do {
- uint32_t verifiedflag = 0;
- uint32_t calls_counter = 0;
-
- if (_is_presh_in_hello(&stream->messages.peer_hello) < 0) {
- break;
- }
-
- if (ZRTP_IS_STREAM_PRESH(stream) && session->zrtp->cb.cache_cb.on_presh_counter_get) {
- session->zrtp->cb.cache_cb.on_presh_counter_get( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- &calls_counter);
- if (calls_counter >= ZRTP_PRESHARED_MAX_ALLOWED) {
- ZRTP_LOG(3,(_ZTU_,"\tDefine stream mode: user wants PRESHARED but Preshared"
- "calls counter reached the maximum value (ID=%u) - Reset to DH.\n", stream->id));
- break;
- }
- }
-
- if (session->zrtp->cb.cache_cb.on_get_verified) {
- session->zrtp->cb.cache_cb.on_get_verified( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- &verifiedflag);
- }
-
- if (!session->secrets.rs1->_cachedflag || !verifiedflag) {
- ZRTP_LOG(3,(_ZTU_,"\tDefine stream mode: user wants PRESHARED but we HAVE "
- "RS1=%d and V=%d. Reset to DH. ID=%u\n", session->secrets.rs1->_cachedflag, verifiedflag, stream->id));
- break;
- }
-
- ZRTP_LOG(3,(_ZTU_,"\tDefine stream mode: user wants PRESHARED and we have RS1,"
- " calls_counter=%d. Use preshared. ID=%u\n", calls_counter, stream->id));
-
- return ZRTP_STREAM_MODE_PRESHARED;
- } while (0);
- }
-
- /* If Preshared not accepted by some reaseon - choose appropriate DH scheme. */
- if ( (ZRTP_PKTYPE_PRESH == stream->pubkeyscheme->base.id) ||
- (ZRTP_PKTYPE_MULT == stream->pubkeyscheme->base.id) )
- {
- int i=0, j=0;
- zrtp_packet_Hello_t* phello = &stream->messages.peer_hello;
- uint8_t comp_id = ZRTP_COMP_UNKN;
-
- while (session->profile.pk_schemes[i])
- {
- char *cp = (char*)phello->comp + (phello->hc + phello->cc + phello->ac) * ZRTP_COMP_TYPE_SIZE;
- comp_id = session->profile.pk_schemes[i++];
- if ((comp_id != ZRTP_PKTYPE_PRESH) && (comp_id != ZRTP_PKTYPE_MULT))
- {
- for (j=0; j<phello->kc; j++, cp+=ZRTP_COMP_TYPE_SIZE) {
- if (comp_id == zrtp_comp_type2id(ZRTP_CC_PKT, cp)) {
- break;
- }
- }
- if (j != phello->kc) {
- break;
- }
- }
- }
-
- stream->pubkeyscheme = zrtp_comp_find(ZRTP_CC_PKT, comp_id, session->zrtp);
- }
-
- return ZRTP_STREAM_MODE_DH;
- }
-}
-
-/*---------------------------------------------------------------------------*/
-int _zrtp_validate_message_hmac( zrtp_stream_t *stream,
- zrtp_msg_hdr_t* msg2check,
- char* hmackey)
-{
- zrtp_string32_t hash_str = ZSTR_INIT_EMPTY(hash_str);
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, stream->session->zrtp);
-
- hash->hmac_truncated_c( hash,
- hmackey,
- ZRTP_MESSAGE_HASH_SIZE,
- (char*)msg2check,
- zrtp_ntoh16(msg2check->length)*4 - ZRTP_HMAC_SIZE,
- ZRTP_HMAC_SIZE,
- ZSTR_GV(hash_str));
-
- if (0 != zrtp_memcmp((char*)msg2check + (zrtp_ntoh16(msg2check->length)*4 - ZRTP_HMAC_SIZE), hash_str.buffer, ZRTP_HMAC_SIZE))
- {
- if (stream->zrtp->cb.event_cb.on_zrtp_security_event) {
- stream->zrtp->cb.event_cb.on_zrtp_security_event(stream, ZRTP_EVENT_WRONG_MESSAGE_HMAC);
- }
- _zrtp_machine_enter_initiatingerror(stream, zrtp_error_wrong_meshmac, 0);
- return -1;
- }
-
- return 0;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_compute_preshared_key( zrtp_session_t *session,
- zrtp_stringn_t* rs1,
- zrtp_stringn_t* auxs,
- zrtp_stringn_t* pbxs,
- zrtp_stringn_t* key,
- zrtp_stringn_t* key_id)
-{
- static const zrtp_string8_t presh_key_str = ZSTR_INIT_WITH_CONST_CSTRING(ZRTP_COMMIT_HV_KEY_STR);
- zrtp_string32_t preshared_key = ZSTR_INIT_EMPTY(preshared_key);
- static uint32_t length_rs = ZRTP_RS_SIZE;
- static const uint32_t length_zero = 0;
-
- void *hash_ctx = session->hash->hash_begin(session->hash);
- if (!hash_ctx) {
- return zrtp_status_alloc_fail;
- }
-
- length_rs = zrtp_hton32(length_rs);
-
- if (rs1) {
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&length_rs, 4);
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)rs1->buffer, ZRTP_RS_SIZE);
- } else {
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&length_zero, 4);
- }
-
- if (auxs) {
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&length_rs, 4);
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)auxs->buffer, ZRTP_RS_SIZE);
- } else {
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&length_zero, 4);
- }
-
- if (pbxs) {
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&length_rs, 4);
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)pbxs->buffer, ZRTP_RS_SIZE);
- } else {
- session->hash->hash_update(session->hash, hash_ctx, (const int8_t*)&length_zero, 4);
- }
-
- session->hash->hash_end(session->hash, hash_ctx, ZSTR_GV(preshared_key));
- if (key) {
- zrtp_zstrcpy(ZSTR_GVP(key), ZSTR_GV(preshared_key));
- }
-
- if (key_id) {
- session->hash->hmac_truncated( session->hash,
- ZSTR_GV(preshared_key),
- ZSTR_GV(presh_key_str),
- ZRTP_HV_KEY_SIZE,
- ZSTR_GVP(key_id));
- }
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t _zrtp_kdf( zrtp_stream_t* stream,
- zrtp_stringn_t* ki,
- zrtp_stringn_t* label,
- zrtp_stringn_t* context,
- uint32_t length,
- zrtp_stringn_t* digest)
-{
- /*KDF(KI, Label, Context, L) = HMAC(KI, i | Label | 0x00 | Context | L) */
- uint32_t i = 1;
- uint8_t o = 0;
- uint32_t L = zrtp_hton32(length*8);
- zrtp_hash_t* hash = stream->session->hash;
- void* ctx = hash->hmac_begin(hash, ki);
- if (!ctx) {
- return zrtp_status_alloc_fail;
- }
-
- i = zrtp_hton32(i);
- hash->hmac_update(hash, ctx, (const char*)&i, sizeof(i));
- hash->hmac_update(hash, ctx, label->buffer, label->length);
- hash->hmac_update(hash, ctx, (const char*)&o, sizeof(o));
- hash->hmac_update(hash, ctx, context->buffer, context->length);
- hash->hmac_update(hash, ctx, (const char*)&L, sizeof(L));
-
- hash->hmac_end(hash, ctx, digest, length);
-
- return zrtp_status_ok;
-}
-
-/*---------------------------------------------------------------------------*/
-zrtp_status_t zrtp_verified_set( zrtp_global_t *zrtp,
- zrtp_string16_t *zid1,
- zrtp_string16_t *zid2,
- uint8_t verified )
-{
- mlist_t *node = NULL;
-
- if (!zrtp) {
- return zrtp_status_bad_param;
- }
-
- zrtp_mutex_lock(zrtp->sessions_protector);
-
- mlist_for_each(node, &zrtp->sessions_head)
- {
- zrtp_session_t *session = mlist_get_struct(zrtp_session_t, _mlist, node);
- if ( ( !zrtp_zstrcmp(ZSTR_GV(session->zid), ZSTR_GVP(zid1)) ||
- !zrtp_zstrcmp(ZSTR_GV(session->zid), ZSTR_GVP(zid2)) ) &&
- ( !zrtp_zstrcmp(ZSTR_GV(session->peer_zid), ZSTR_GVP(zid1)) ||
- !zrtp_zstrcmp(ZSTR_GV(session->peer_zid), ZSTR_GVP(zid2)) ) )
- {
- if (session->zrtp->cb.cache_cb.on_set_verified) {
- session->zrtp->cb.cache_cb.on_set_verified(ZSTR_GVP(zid1), ZSTR_GVP(zid2), verified);
- }
-
- if (session->mitm_alert_detected) {
- session->mitm_alert_detected = 0;
- if (session->zrtp->cb.cache_cb.on_put) {
- session->zrtp->cb.cache_cb.on_put( ZSTR_GV(session->zid),
- ZSTR_GV(session->peer_zid),
- session->secrets.rs1);
- }
- }
- }
- }
-
- zrtp_mutex_unlock(zrtp->sessions_protector);
- return zrtp_status_ok;
-}
-
-/*----------------------------------------------------------------------------*/
-uint32_t _zrtp_get_timeout(uint32_t curr_timeout, zrtp_msg_type_t msg)
-{
- uint32_t timeout = curr_timeout;
- uint32_t base_interval = 0;
- uint32_t capping = 0;
-#if (defined(ZRTP_BUILD_FOR_CSD) && (ZRTP_BUILD_FOR_CSD == 1))
- uint8_t is_lineral = 1;
- capping = 10000;
-#else
- uint8_t is_lineral = 0;
-#endif
- switch (msg)
- {
- case ZRTP_NONE:
- case ZRTP_HELLOACK:
- case ZRTP_DHPART1:
- case ZRTP_CONFIRM1:
- case ZRTP_CONFIRM2ACK:
- case ZRTP_GOCLEARACK:
- case ZRTP_RELAYACK:
- return 0;
-#if (defined(ZRTP_BUILD_FOR_CSD) && (ZRTP_BUILD_FOR_CSD == 1))
- case ZRTP_HELLO:
- base_interval = ZRTP_CSD_T1;
- break;
- case ZRTP_COMMIT:
- base_interval = ZRTP_CSD_T2;
- break;
- case ZRTP_DHPART2:
- base_interval = ZRTP_CSD_T3;
- break;
- case ZRTP_CONFIRM2:
- base_interval = ZRTP_CSD_T4;
- break;
- case ZRTP_GOCLEAR:
- case ZRTP_SASRELAY:
- base_interval = ZRTP_CSD_T2;
- break;
- case ZRTP_ERROR:
- base_interval = ZRTP_CSD_ET;
- break;
-#else
- case ZRTP_HELLO:
- base_interval = ZRTP_T1;
- capping = ZRTP_T1_CAPPING;
- break;
- case ZRTP_COMMIT:
- case ZRTP_DHPART2:
- case ZRTP_CONFIRM2:
- case ZRTP_GOCLEAR:
- case ZRTP_SASRELAY:
- base_interval = ZRTP_T2;
- capping = ZRTP_T2_CAPPING;
- break;
- case ZRTP_ERROR:
- case ZRTP_ERRORACK:
- base_interval = ZRTP_ET;
- capping = ZRTP_T2_CAPPING;
- break;
-#endif
- case ZRTP_PROCESS:
- base_interval = ZRTP_PROCESS_T1;
- break;
- default:
- return 0;
- }
-
- if (0 == timeout) {
- timeout = base_interval;
- } else if (!is_lineral) {
- timeout *= 2;
- } else {
- timeout += base_interval;
- }
-
- if (timeout > capping) {
- return capping;
- } else {
- return timeout;
- }
-}
-
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <stdarg.h>
-#include <stddef.h>
-#include <setjmp.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-#define TEST_CACHE_PATH "./zrtp_cache_test.dat"
-
-static zrtp_global_t g_zrtp_cfg;
-
-static zrtp_string16_t zid_my = ZSTR_INIT_WITH_CONST_CSTRING("000000000_00");
-static zrtp_string16_t zid_a = ZSTR_INIT_WITH_CONST_CSTRING("000000000_02");
-static zrtp_string16_t zid_b = ZSTR_INIT_WITH_CONST_CSTRING("000000000_03");
-static zrtp_string16_t zid_c = ZSTR_INIT_WITH_CONST_CSTRING("000000000_04");
-static zrtp_string16_t zid_mitm1 = ZSTR_INIT_WITH_CONST_CSTRING("000000000_m1");
-static zrtp_string16_t zid_mitm2 = ZSTR_INIT_WITH_CONST_CSTRING("000000000_m2");
-
-static zrtp_shared_secret_t rs_my4a, rs_my4b, rs_my4c, rs_my4mitm1, rs_my4mitm2;
-static zrtp_shared_secret_t rs_my4a_r, rs_my4b_r, rs_my4c_r, rs_my4mitm1_r, rs_my4mitm2_r;
-
-static zrtp_cache_id_t secerets_to_delete[24];
-static unsigned secerets_to_delete_count = 0;
-
-static void init_rs_secret_(zrtp_shared_secret_t *sec, unsigned char val_fill);
-
-extern void zrtp_cache_create_id(const zrtp_stringn_t* first_ZID,
- const zrtp_stringn_t* second_ZID,
- zrtp_cache_id_t id);
-
-
-void cache_setup() {
- zrtp_status_t status;
-
- /* Delete cache file from previous test if it exists. */
- remove(TEST_CACHE_PATH);
-
- secerets_to_delete_count = 0;
-
- ZSTR_SET_EMPTY(g_zrtp_cfg.def_cache_path);
- /* Configure and Initialize ZRTP cache */
- zrtp_zstrcpyc(ZSTR_GV(g_zrtp_cfg.def_cache_path), TEST_CACHE_PATH);
-
- init_rs_secret_(&rs_my4a, 'a'); init_rs_secret_(&rs_my4b, 'b'); init_rs_secret_(&rs_my4c, 'c');
- init_rs_secret_(&rs_my4mitm1, '1'); init_rs_secret_(&rs_my4mitm2, '2');
-
- init_rs_secret_(&rs_my4a_r, 0); init_rs_secret_(&rs_my4b_r, 0); init_rs_secret_(&rs_my4c_r, 0);
- init_rs_secret_(&rs_my4mitm1_r, 0); init_rs_secret_(&rs_my4mitm2_r, 0);
-
- /* It should NOT crash and return OK. */
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Add few values into it */
- printf("==> Add few test entries.\n");
-
- status = zrtp_def_cache_put(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a);
- assert_int_equal(status, zrtp_status_ok);
- status = zrtp_def_cache_put(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b);
- assert_int_equal(status, zrtp_status_ok);
- status = zrtp_def_cache_put(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c);
- assert_int_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_put_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1);
- assert_int_equal(status, zrtp_status_ok);
- status = zrtp_def_cache_put_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2);
- assert_int_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_put(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Close the cache, it should be flushed to the file. */
- printf("==> Close the cache.\n");
-
- zrtp_def_cache_down();
-
- printf("==> Open just prepared cache file.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- printf("==> Ready for the test!.\n");
-}
-
-void cache_teardown() {
- zrtp_def_cache_down();
-}
-
-/*
- * Simply init ZRTP cache with empty or non-existing filer and close it.
- * The app should not crash and trigger no errors.
-*/
-void cache_init_store_empty_test() {
- zrtp_def_cache_down();
-}
-
-/*
- * Add few entries to the empty cache, flush it and then load again. Check if
- * all the entries were restored successfully.
- */
-void cache_add2empty_test() {
- zrtp_status_t status;
- int intres;
-
- /* Now, let's open the cache again and check if all the previously added values were restored successfully */
- printf("==> And open it again, it should contain all the stored values.\n");
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4a_r.value), ZSTR_GV(rs_my4a.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4b_r.value), ZSTR_GV(rs_my4b.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm1_r.value), ZSTR_GV(rs_my4mitm1.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm2_r.value), ZSTR_GV(rs_my4mitm2.value)));
-}
-
-/*
- * Test if cache properly handles Open-Close-Open with now no changes to the cache values.
- */
-void cache_save_unchanged_test() {
- zrtp_status_t status;
-
- /* Now, let's open the cache again and check if all the previously added values were restored successfully */
- printf("==> Now let's Open the cache and Close it right after, make no changes.\n");
-
- zrtp_def_cache_down();
-
- /*
- * TEST: now let's store the cache making no changes to it.
- * After opening it should include all the secrets untouched.
- */
-
- printf("==> And the cache again, it should contain all the stored values.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4a_r.value), ZSTR_GV(rs_my4a.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4b_r.value), ZSTR_GV(rs_my4b.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm1_r.value), ZSTR_GV(rs_my4mitm1.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm2_r.value), ZSTR_GV(rs_my4mitm2.value)));
-}
-
-/*
- * Check how the cache handles flushing of several dirty (modified) values. The cache should
- * flush to the disk modified values only and leave rest of the items untouched.
- */
-void cache_modify_and_save_test() {
- zrtp_status_t status;
- int intres;
-
- printf("==> And open it again, it should contain all the stored values.\n");
-
- /*
- * Now, let's modify just few entries and check of the fill will be stored.
- *
- * We will change RS secrets rs_my4b, rs_my4c and rs_my4mitm1 while leaving
- * rs_my4a and rs_my4mitm2 untouched.
- */
-
- init_rs_secret_(&rs_my4b, 'x'); init_rs_secret_(&rs_my4c, 'y');
- init_rs_secret_(&rs_my4mitm1, 'z');
-
- printf("==> Now we gonna to update few cache entries and flush the cache mack to the file.\n");
-
- status = zrtp_def_cache_put(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b);
- assert_int_equal(status, zrtp_status_ok);
- status = zrtp_def_cache_put(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c);
- assert_int_equal(status, zrtp_status_ok);
- status = zrtp_def_cache_put_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Flush the cache and open it again. */
- zrtp_def_cache_down();
-
- printf("==> Open the cache and make sure all our prev. modifications saved properly.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Let's check if all our modifications are in place. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4a_r.value), ZSTR_GV(rs_my4a.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4b_r.value), ZSTR_GV(rs_my4b.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4c_r.value), ZSTR_GV(rs_my4c.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm1_r.value), ZSTR_GV(rs_my4mitm1.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm2_r.value), ZSTR_GV(rs_my4mitm2.value)));
-}
-
-/*
- * The basic idea of all cache_delete_* tests is to delete few cache entries
- * from preconfigured setup, flush caches, open the cache again and check if
- * non-deleted values are Ok.
- */
-
-static int cache_foreach_del_func(zrtp_cache_elem_t* elem, int is_mitm, void* data, int* del) {
- unsigned c;
-
- //printf("AAAA cache_foreach_del_func(): elem index=%u\n", elem->_index);
-
- for (c=0; c<secerets_to_delete_count; c++) {
- if (!zrtp_memcmp(elem->id, secerets_to_delete[c], sizeof(zrtp_cache_id_t))) {
- printf("\t==> Delete cache element index=%u.\n", elem->_index);
- *del = 1;
- break;
- }
- }
-
- return 1;
-}
-
-void cache_delete_few_rs_test() {
- zrtp_status_t status;
-
- printf("==> Delete few RS secrets and flush the cache.\n");
-
- secerets_to_delete_count = 0;
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_b), secerets_to_delete[secerets_to_delete_count++]);
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_a), secerets_to_delete[secerets_to_delete_count++]);
-
- zrtp_def_cache_foreach(&g_zrtp_cfg, 0, &cache_foreach_del_func, NULL);
-
- /* Flush the cache and open it again. */
- zrtp_def_cache_down();
-
- printf("==> Open the cache and make sure all our prev. Modifications saved properly.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Let's check if all our modifications are in place. */
-
- /* my4a should be deleted. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_not_equal(status, zrtp_status_ok);
-
- /* my4b should be deleted. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_not_equal(status, zrtp_status_ok);
-
- /* The rest of the secrets should be in place. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4c_r.value), ZSTR_GV(rs_my4c.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm1_r.value), ZSTR_GV(rs_my4mitm1.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm2_r.value), ZSTR_GV(rs_my4mitm2.value)));
-}
-
-void cache_delete_few_mitm_test() {
- zrtp_status_t status;
-
- printf("==> Delete few MiTM secrets and flush the cache.\n");
-
- secerets_to_delete_count = 0;
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), secerets_to_delete[secerets_to_delete_count++]);
-
- zrtp_def_cache_foreach(&g_zrtp_cfg, 1, &cache_foreach_del_func, NULL);
-
- /* Flush the cache and open it again. */
- zrtp_def_cache_down();
-
- printf("==> Open the cache and make sure all our prev. Modifications saved properly.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Let's check if all our modifications are in place. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4a_r.value), ZSTR_GV(rs_my4a.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4b_r.value), ZSTR_GV(rs_my4b.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4c_r.value), ZSTR_GV(rs_my4c.value)));
-
- /* Should be deleted */
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_not_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm2_r.value), ZSTR_GV(rs_my4mitm2.value)));
-}
-
-void cache_delete_few_rs_and_mitm_test() {
- zrtp_status_t status;
-
- printf("==> Delete few RS secrets and flush the cache.\n");
-
- secerets_to_delete_count = 0;
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_b), secerets_to_delete[secerets_to_delete_count++]);
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_a), secerets_to_delete[secerets_to_delete_count++]);
-
- zrtp_def_cache_foreach(&g_zrtp_cfg, 0, &cache_foreach_del_func, NULL);
-
- secerets_to_delete_count = 0;
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), secerets_to_delete[secerets_to_delete_count++]);
-
- zrtp_def_cache_foreach(&g_zrtp_cfg, 1, &cache_foreach_del_func, NULL);
-
- /* Flush the cache and open it again. */
- zrtp_def_cache_down();
-
- printf("==> Open the cache and make sure all our prev. Modifications saved properly.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Let's check if all our modifications are in place. */
-
- /* Should be deleted. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_not_equal(status, zrtp_status_ok);
-
- /* Should be deleted. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_not_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4c_r.value), ZSTR_GV(rs_my4c.value)));
-
- /* Should be deleted. */
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_not_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm2_r.value), ZSTR_GV(rs_my4mitm2.value)));
-}
-
-void cache_delete_all_rs_test() {
- zrtp_status_t status;
-
- printf("==> Delete few RS secrets and flush the cache.\n");
-
- secerets_to_delete_count = 0;
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_b), secerets_to_delete[secerets_to_delete_count++]);
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_a), secerets_to_delete[secerets_to_delete_count++]);
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_c), secerets_to_delete[secerets_to_delete_count++]);
-
- zrtp_def_cache_foreach(&g_zrtp_cfg, 0, &cache_foreach_del_func, NULL);
-
- /* Flush the cache and open it again. */
- zrtp_def_cache_down();
-
- printf("==> Open the cache and make sure all our prev. Modifications saved properly.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Let's check if all our modifications are in place. */
-
- /* All RS values should be deleted. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_not_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_not_equal(status, zrtp_status_ok);
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c_r, 0);
- assert_int_not_equal(status, zrtp_status_ok);
-
- /* MiTM secrets should be in place. */
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm1_r.value), ZSTR_GV(rs_my4mitm1.value)));
-
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4mitm2_r.value), ZSTR_GV(rs_my4mitm2.value)));
-}
-
-void cache_delete_all_mitm_test() {
- zrtp_status_t status;
-
- printf("==> Delete few MiTM secrets and flush the cache.\n");
-
- secerets_to_delete_count = 0;
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), secerets_to_delete[secerets_to_delete_count++]);
- zrtp_cache_create_id(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), secerets_to_delete[secerets_to_delete_count++]);
-
- zrtp_def_cache_foreach(&g_zrtp_cfg, 1, &cache_foreach_del_func, NULL);
-
- /* Flush the cache and open it again. */
- zrtp_def_cache_down();
-
- printf("==> Open the cache and make sure all our prev. Modifications saved properly.\n");
-
- status = zrtp_def_cache_init(&g_zrtp_cfg);
- assert_int_equal(status, zrtp_status_ok);
-
- /* Let's check if all our modifications are in place. */
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_a), &rs_my4a_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4a_r.value), ZSTR_GV(rs_my4a.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_b), &rs_my4b_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4b_r.value), ZSTR_GV(rs_my4b.value)));
-
- status = zrtp_def_cache_get(ZSTR_GV(zid_my), ZSTR_GV(zid_c), &rs_my4c_r, 0);
- assert_int_equal(status, zrtp_status_ok);
- assert_false(zrtp_zstrcmp(ZSTR_GV(rs_my4c_r.value), ZSTR_GV(rs_my4c.value)));
-
- /* All MiTM secrets should be deleted. */
- status = zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm1), &rs_my4mitm1_r);
- assert_int_not_equal(status, zrtp_status_ok);
-
- assert_int_not_equal(zrtp_def_cache_get_mitm(ZSTR_GV(zid_my), ZSTR_GV(zid_mitm2), &rs_my4mitm2_r), zrtp_status_ok);
-}
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(cache_init_store_empty_test, cache_setup, cache_teardown),
- unit_test_setup_teardown(cache_add2empty_test, cache_setup, cache_teardown),
- unit_test_setup_teardown(cache_save_unchanged_test, cache_setup, cache_teardown),
- unit_test_setup_teardown(cache_modify_and_save_test, cache_setup, cache_teardown),
-
- unit_test_setup_teardown(cache_delete_few_rs_test, cache_setup, cache_teardown),
- unit_test_setup_teardown(cache_delete_few_mitm_test, cache_setup, cache_teardown),
- unit_test_setup_teardown(cache_delete_few_rs_and_mitm_test, cache_setup, cache_teardown),
- unit_test_setup_teardown(cache_delete_all_mitm_test, cache_setup, cache_teardown),
- };
-
- return run_tests(tests);
-}
-
-
-/******************************************************************************
- * Helpers
- *****************************************************************************/
-
-static void init_rs_secret_(zrtp_shared_secret_t *sec, unsigned char val_fill) {
-
- char val_buff[ZRTP_HASH_SIZE];
- zrtp_memset(val_buff, val_fill, sizeof(val_buff));
-
- ZSTR_SET_EMPTY(sec->value);
- zrtp_zstrcpyc(ZSTR_GV(sec->value), val_buff);
-
- sec->_cachedflag = 0;
- sec->ttl = 0;
- sec->lastused_at = 0;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-zrtp_global_t *zrtp;
-
-void setup() {
- zrtp_status_t s;
- zrtp_config_t zrtp_config;
-
- zrtp_config_defaults(&zrtp_config);
-
- s = zrtp_init(&zrtp_config, &zrtp);
- assert_int_equal(s, zrtp_status_ok);
-}
-
-void teardown() {
- zrtp_down(zrtp);
-}
-
-static void aes128_ctr_test() {
- zrtp_cipher_t *cipher = zrtp_comp_find(ZRTP_CC_CIPHER, ZRTP_CIPHER_AES128, zrtp);
- assert_non_null(cipher);
- cipher->self_test(cipher, ZRTP_CIPHER_MODE_CTR);
-}
-
-static void aes128_cfb_test() {
- zrtp_cipher_t *cipher = zrtp_comp_find(ZRTP_CC_CIPHER, ZRTP_CIPHER_AES128, zrtp);
- assert_non_null(cipher);
- cipher->self_test(cipher, ZRTP_CIPHER_MODE_CFB);
-}
-
-static void aes256_ctr_test() {
- zrtp_cipher_t *cipher = zrtp_comp_find(ZRTP_CC_CIPHER, ZRTP_CIPHER_AES256, zrtp);
- assert_non_null(cipher);
- cipher->self_test(cipher, ZRTP_CIPHER_MODE_CTR);
-}
-
-static void aes256_cfb_test() {
- zrtp_cipher_t *cipher = zrtp_comp_find(ZRTP_CC_CIPHER, ZRTP_CIPHER_AES256, zrtp);
- assert_non_null(cipher);
- cipher->self_test(cipher, ZRTP_CIPHER_MODE_CFB);
-}
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(aes128_ctr_test, setup, teardown),
- unit_test_setup_teardown(aes128_cfb_test, setup, teardown),
- unit_test_setup_teardown(aes256_ctr_test, setup, teardown),
- unit_test_setup_teardown(aes256_cfb_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * Copyright 2008 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#ifdef HAVE_MALLOC_H
-#include <malloc.h>
-#endif
-#include <setjmp.h>
-#ifndef _WIN32
-#include <signal.h>
-#endif // !_WIN32
-#include <stdarg.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef HAVE_INTTYPES_H
-#include <inttypes.h>
-#endif /* HAVE_INTTYPES_H */
-#ifdef _WIN32
-#include <windows.h>
-#endif // _WIN32
-#include <cmockery.h>
-
-#ifdef _WIN32
-#define vsnprintf _vsnprintf
-#endif // _WIN32
-
-/* Backwards compatibility with headers shipped with Visual Studio 2005 and
- * earlier. */
-#ifdef _WIN32
-WINBASEAPI BOOL WINAPI IsDebuggerPresent(VOID);
-#endif // _WIN32
-
-// Size of guard bytes around dynamically allocated blocks.
-#define MALLOC_GUARD_SIZE 16
-// Pattern used to initialize guard blocks.
-#define MALLOC_GUARD_PATTERN 0xEF
-// Pattern used to initialize memory allocated with test_malloc().
-#define MALLOC_ALLOC_PATTERN 0xBA
-#define MALLOC_FREE_PATTERN 0xCD
-// Alignment of allocated blocks. NOTE: This must be base2.
-#define MALLOC_ALIGNMENT sizeof(size_t)
-
-// Printf formatting for source code locations.
-#define SOURCE_LOCATION_FORMAT "%s:%d"
-
-// Calculates the number of elements in an array.
-#define ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0]))
-
-// Declare and initialize the pointer member of ValuePointer variable name
-// with ptr.
-#define declare_initialize_value_pointer_pointer(name, ptr) \
- ValuePointer name ; \
- name.value = 0; \
- name.pointer = (void*)(ptr)
-
-// Declare and initialize the value member of ValuePointer variable name
-// with val.
-#define declare_initialize_value_pointer_value(name, val) \
- ValuePointer name ; \
- name.value = val
-
-// Cast a uintmax_t to pointer_type via a ValuePointer.
-#define cast_largest_integral_type_to_pointer( \
- pointer_type, largest_integral_type) \
- ((pointer_type)((ValuePointer*)&(largest_integral_type))->pointer)
-
-// Used to cast uintmax_t to void* and vice versa.
-typedef union ValuePointer {
- uintmax_t value;
- void *pointer;
-} ValuePointer;
-
-// Doubly linked list node.
-typedef struct ListNode {
- const void *value;
- int refcount;
- struct ListNode *next;
- struct ListNode *prev;
-} ListNode;
-
-// Debug information for malloc().
-typedef struct MallocBlockInfo {
- void* block; // Address of the block returned by malloc().
- size_t allocated_size; // Total size of the allocated block.
- size_t size; // Request block size.
- SourceLocation location; // Where the block was allocated.
- ListNode node; // Node within list of all allocated blocks.
-} MallocBlockInfo;
-
-// State of each test.
-typedef struct TestState {
- const ListNode *check_point; // Check point of the test if there's a
- // setup function.
- void *state; // State associated with the test.
-} TestState;
-
-// Determines whether two values are the same.
-typedef int (*EqualityFunction)(const void *left, const void *right);
-
-// Value of a symbol and the place it was declared.
-typedef struct SymbolValue {
- SourceLocation location;
- uintmax_t value;
-} SymbolValue;
-
-/* Contains a list of values for a symbol.
- * NOTE: Each structure referenced by symbol_values_list_head must have a
- * SourceLocation as its' first member.
- */
-typedef struct SymbolMapValue {
- const char *symbol_name;
- ListNode symbol_values_list_head;
-} SymbolMapValue;
-
-// Used by list_free() to deallocate values referenced by list nodes.
-typedef void (*CleanupListValue)(const void *value, void *cleanup_value_data);
-
-// Structure used to check the range of integer types.
-typedef struct CheckIntegerRange {
- CheckParameterEvent event;
- uintmax_t minimum;
- uintmax_t maximum;
-} CheckIntegerRange;
-
-// Structure used to check whether an integer value is in a set.
-typedef struct CheckIntegerSet {
- CheckParameterEvent event;
- const uintmax_t *set;
- size_t size_of_set;
-} CheckIntegerSet;
-
-/* Used to check whether a parameter matches the area of memory referenced by
- * this structure. */
-typedef struct CheckMemoryData {
- CheckParameterEvent event;
- const void *memory;
- size_t size;
-} CheckMemoryData;
-
-static ListNode* list_initialize(ListNode * const node);
-static ListNode* list_add(ListNode * const head, ListNode *new_node);
-static ListNode* list_add_value(ListNode * const head, const void *value,
- const int count);
-static ListNode* list_remove(
- ListNode * const node, const CleanupListValue cleanup_value,
- void * const cleanup_value_data);
-static void list_remove_free(
- ListNode * const node, const CleanupListValue cleanup_value,
- void * const cleanup_value_data);
-static int list_empty(const ListNode * const head);
-static int list_find(
- ListNode * const head, const void *value,
- const EqualityFunction equal_func, ListNode **output);
-static int list_first(ListNode * const head, ListNode **output);
-static ListNode* list_free(
- ListNode * const head, const CleanupListValue cleanup_value,
- void * const cleanup_value_data);
-
-static void add_symbol_value(
- ListNode * const symbol_map_head, const char * const symbol_names[],
- const size_t number_of_symbol_names, const void* value, const int count);
-static int get_symbol_value(
- ListNode * const symbol_map_head, const char * const symbol_names[],
- const size_t number_of_symbol_names, void **output);
-static void free_value(const void *value, void *cleanup_value_data);
-static void free_symbol_map_value(
- const void *value, void *cleanup_value_data);
-static void remove_always_return_values(ListNode * const map_head,
- const size_t number_of_symbol_names);
-static int check_for_leftover_values(
- const ListNode * const map_head, const char * const error_message,
- const size_t number_of_symbol_names);
-// This must be called at the beginning of a test to initialize some data
-// structures.
-static void initialize_testing(const char *test_name);
-// This must be called at the end of a test to free() allocated structures.
-static void teardown_testing(const char *test_name);
-
-
-// Keeps track of the calling context returned by setenv() so that the fail()
-// method can jump out of a test.
-static jmp_buf global_run_test_env;
-static int global_running_test = 0;
-
-// Keeps track of the calling context returned by setenv() so that
-// mock_assert() can optionally jump back to expect_assert_failure().
-jmp_buf global_expect_assert_env;
-int global_expecting_assert = 0;
-
-// Keeps a map of the values that functions will have to return to provide
-// mocked interfaces.
-static ListNode global_function_result_map_head;
-// Location of the last mock value returned was declared.
-static SourceLocation global_last_mock_value_location;
-
-/* Keeps a map of the values that functions expect as parameters to their
- * mocked interfaces. */
-static ListNode global_function_parameter_map_head;
-// Location of last parameter value checked was declared.
-static SourceLocation global_last_parameter_location;
-
-// List of all currently allocated blocks.
-static ListNode global_allocated_blocks;
-
-#ifndef _WIN32
-// Signals caught by exception_handler().
-static const int exception_signals[] = {
- SIGFPE,
- SIGILL,
- SIGSEGV,
- SIGBUS,
- SIGSYS,
-};
-
-// Default signal functions that should be restored after a test is complete.
-typedef void (*SignalFunction)(int signal);
-static SignalFunction default_signal_functions[
- ARRAY_LENGTH(exception_signals)];
-
-#else // _WIN32
-
-// The default exception filter.
-static LPTOP_LEVEL_EXCEPTION_FILTER previous_exception_filter;
-
-// Fatal exceptions.
-typedef struct ExceptionCodeInfo {
- DWORD code;
- const char* description;
-} ExceptionCodeInfo;
-
-#define EXCEPTION_CODE_INFO(exception_code) {exception_code, #exception_code}
-
-static const ExceptionCodeInfo exception_codes[] = {
- EXCEPTION_CODE_INFO(EXCEPTION_ACCESS_VIOLATION),
- EXCEPTION_CODE_INFO(EXCEPTION_ARRAY_BOUNDS_EXCEEDED),
- EXCEPTION_CODE_INFO(EXCEPTION_DATATYPE_MISALIGNMENT),
- EXCEPTION_CODE_INFO(EXCEPTION_FLT_DENORMAL_OPERAND),
- EXCEPTION_CODE_INFO(EXCEPTION_FLT_DIVIDE_BY_ZERO),
- EXCEPTION_CODE_INFO(EXCEPTION_FLT_INEXACT_RESULT),
- EXCEPTION_CODE_INFO(EXCEPTION_FLT_INVALID_OPERATION),
- EXCEPTION_CODE_INFO(EXCEPTION_FLT_OVERFLOW),
- EXCEPTION_CODE_INFO(EXCEPTION_FLT_STACK_CHECK),
- EXCEPTION_CODE_INFO(EXCEPTION_FLT_UNDERFLOW),
- EXCEPTION_CODE_INFO(EXCEPTION_GUARD_PAGE),
- EXCEPTION_CODE_INFO(EXCEPTION_ILLEGAL_INSTRUCTION),
- EXCEPTION_CODE_INFO(EXCEPTION_INT_DIVIDE_BY_ZERO),
- EXCEPTION_CODE_INFO(EXCEPTION_INT_OVERFLOW),
- EXCEPTION_CODE_INFO(EXCEPTION_INVALID_DISPOSITION),
- EXCEPTION_CODE_INFO(EXCEPTION_INVALID_HANDLE),
- EXCEPTION_CODE_INFO(EXCEPTION_IN_PAGE_ERROR),
- EXCEPTION_CODE_INFO(EXCEPTION_NONCONTINUABLE_EXCEPTION),
- EXCEPTION_CODE_INFO(EXCEPTION_PRIV_INSTRUCTION),
- EXCEPTION_CODE_INFO(EXCEPTION_STACK_OVERFLOW),
-};
-#endif // !_WIN32
-
-
-// Exit the currently executing test.
-static void exit_test(const int quit_application) {
- if (global_running_test) {
- longjmp(global_run_test_env, 1);
- } else if (quit_application) {
- exit(-1);
- }
-}
-
-
-// Initialize a SourceLocation structure.
-static void initialize_source_location(SourceLocation * const location) {
- assert_non_null(location);
- location->file = NULL;
- location->line = 0;
-}
-
-
-// Determine whether a source location is currently set.
-static int source_location_is_set(const SourceLocation * const location) {
- assert_non_null(location);
- return location->file && location->line;
-}
-
-
-// Set a source location.
-static void set_source_location(
- SourceLocation * const location, const char * const file,
- const int line) {
- assert_non_null(location);
- location->file = file;
- location->line = line;
-}
-
-
-// Create function results and expected parameter lists.
-void initialize_testing(const char *test_name) {
- (void)test_name;
- list_initialize(&global_function_result_map_head);
- initialize_source_location(&global_last_mock_value_location);
- list_initialize(&global_function_parameter_map_head);
- initialize_source_location(&global_last_parameter_location);
-}
-
-
-void fail_if_leftover_values(const char *test_name) {
- int error_occurred = 0;
- (void)test_name;
- remove_always_return_values(&global_function_result_map_head, 1);
- if (check_for_leftover_values(
- &global_function_result_map_head,
- "%s() has remaining non-returned values.\n", 1)) {
- error_occurred = 1;
- }
-
- remove_always_return_values(&global_function_parameter_map_head, 2);
- if (check_for_leftover_values(
- &global_function_parameter_map_head,
- "%s parameter still has values that haven't been checked.\n", 2)) {
- error_occurred = 1;
- }
- if (error_occurred) {
- exit_test(1);
- }
-}
-
-
-void teardown_testing(const char *test_name) {
- (void)test_name;
- list_free(&global_function_result_map_head, free_symbol_map_value,
- (void*)0);
- initialize_source_location(&global_last_mock_value_location);
- list_free(&global_function_parameter_map_head, free_symbol_map_value,
- (void*)1);
- initialize_source_location(&global_last_parameter_location);
-}
-
-// Initialize a list node.
-static ListNode* list_initialize(ListNode * const node) {
- node->value = NULL;
- node->next = node;
- node->prev = node;
- node->refcount = 1;
- return node;
-}
-
-
-/* Adds a value at the tail of a given list.
- * The node referencing the value is allocated from the heap. */
-static ListNode* list_add_value(ListNode * const head, const void *value,
- const int refcount) {
- ListNode * const new_node = (ListNode*)malloc(sizeof(ListNode));
- assert_non_null(head);
- assert_non_null(value);
- new_node->value = value;
- new_node->refcount = refcount;
- return list_add(head, new_node);
-}
-
-
-// Add new_node to the end of the list.
-static ListNode* list_add(ListNode * const head, ListNode *new_node) {
- assert_non_null(head);
- assert_non_null(new_node);
- new_node->next = head;
- new_node->prev = head->prev;
- head->prev->next = new_node;
- head->prev = new_node;
- return new_node;
-}
-
-
-// Remove a node from a list.
-static ListNode* list_remove(
- ListNode * const node, const CleanupListValue cleanup_value,
- void * const cleanup_value_data) {
- assert_non_null(node);
- node->prev->next = node->next;
- node->next->prev = node->prev;
- if (cleanup_value) {
- cleanup_value(node->value, cleanup_value_data);
- }
- return node;
-}
-
-
-/* Remove a list node from a list and free the node. */
-static void list_remove_free(
- ListNode * const node, const CleanupListValue cleanup_value,
- void * const cleanup_value_data) {
- assert_non_null(node);
- free(list_remove(node, cleanup_value, cleanup_value_data));
-}
-
-
-/* Frees memory kept by a linked list
- * The cleanup_value function is called for every "value" field of nodes in the
- * list, except for the head. In addition to each list value,
- * cleanup_value_data is passed to each call to cleanup_value. The head
- * of the list is not deallocated.
- */
-static ListNode* list_free(
- ListNode * const head, const CleanupListValue cleanup_value,
- void * const cleanup_value_data) {
- assert_non_null(head);
- while (!list_empty(head)) {
- list_remove_free(head->next, cleanup_value, cleanup_value_data);
- }
- return head;
-}
-
-
-// Determine whether a list is empty.
-static int list_empty(const ListNode * const head) {
- assert_non_null(head);
- return head->next == head;
-}
-
-
-/* Find a value in the list using the equal_func to compare each node with the
- * value.
- */
-static int list_find(ListNode * const head, const void *value,
- const EqualityFunction equal_func, ListNode **output) {
- ListNode *current;
- assert_non_null(head);
- for (current = head->next; current != head; current = current->next) {
- if (equal_func(current->value, value)) {
- *output = current;
- return 1;
- }
- }
- return 0;
-}
-
-// Returns the first node of a list
-static int list_first(ListNode * const head, ListNode **output) {
- ListNode *target_node;
- assert_non_null(head);
- if (list_empty(head)) {
- return 0;
- }
- target_node = head->next;
- *output = target_node;
- return 1;
-}
-
-
-// Deallocate a value referenced by a list.
-static void free_value(const void *value, void *cleanup_value_data) {
- (void)cleanup_value_data;
- assert_non_null(value);
- free((void*)value);
-}
-
-
-// Releases memory associated to a symbol_map_value.
-static void free_symbol_map_value(const void *value,
- void *cleanup_value_data) {
- SymbolMapValue * const map_value = (SymbolMapValue*)value;
- const uintmax_t children = cast_ptr_to_largest_integral_type(cleanup_value_data);
- assert_non_null(value);
- list_free(&map_value->symbol_values_list_head,
- children ? free_symbol_map_value : free_value,
- (void *) ((uintptr_t)children - 1));
- free(map_value);
-}
-
-
-/* Determine whether a symbol name referenced by a symbol_map_value
- * matches the specified function name. */
-static int symbol_names_match(const void *map_value, const void *symbol) {
- return !strcmp(((SymbolMapValue*)map_value)->symbol_name,
- (const char*)symbol);
-}
-
-
-/* Adds a value to the queue of values associated with the given
- * hierarchy of symbols. It's assumed value is allocated from the heap.
- */
-static void add_symbol_value(ListNode * const symbol_map_head,
- const char * const symbol_names[],
- const size_t number_of_symbol_names,
- const void* value, const int refcount) {
- const char* symbol_name;
- ListNode *target_node;
- SymbolMapValue *target_map_value;
- assert_non_null(symbol_map_head);
- assert_non_null(symbol_names);
- assert_true(number_of_symbol_names);
- symbol_name = symbol_names[0];
-
- if (!list_find(symbol_map_head, symbol_name, symbol_names_match,
- &target_node)) {
- SymbolMapValue * const new_symbol_map_value =
- (SymbolMapValue*)malloc(sizeof(*new_symbol_map_value));
- new_symbol_map_value->symbol_name = symbol_name;
- list_initialize(&new_symbol_map_value->symbol_values_list_head);
- target_node = list_add_value(symbol_map_head, new_symbol_map_value,
- 1);
- }
-
- target_map_value = (SymbolMapValue*)target_node->value;
- if (number_of_symbol_names == 1) {
- list_add_value(&target_map_value->symbol_values_list_head,
- value, refcount);
- } else {
- add_symbol_value(&target_map_value->symbol_values_list_head,
- &symbol_names[1], number_of_symbol_names - 1, value,
- refcount);
- }
-}
-
-
-/* Gets the next value associated with the given hierarchy of symbols.
- * The value is returned as an output parameter with the function returning the
- * node's old refcount value if a value is found, 0 otherwise.
- * This means that a return value of 1 indicates the node was just removed from
- * the list.
- */
-static int get_symbol_value(
- ListNode * const head, const char * const symbol_names[],
- const size_t number_of_symbol_names, void **output) {
- const char* symbol_name;
- ListNode *target_node;
- assert_non_null(head);
- assert_non_null(symbol_names);
- assert_true(number_of_symbol_names);
- assert_non_null(output);
- symbol_name = symbol_names[0];
-
- if (list_find(head, symbol_name, symbol_names_match, &target_node)) {
- SymbolMapValue *map_value;
- ListNode *child_list;
- int return_value = 0;
- assert_non_null(target_node);
- assert_non_null(target_node->value);
-
- map_value = (SymbolMapValue*)target_node->value;
- child_list = &map_value->symbol_values_list_head;
-
- if (number_of_symbol_names == 1) {
- ListNode *value_node = NULL;
- return_value = list_first(child_list, &value_node);
- assert_true(return_value);
- *output = (void*) value_node->value;
- return_value = value_node->refcount;
- if (--value_node->refcount == 0) {
- list_remove_free(value_node, NULL, NULL);
- }
- } else {
- return_value = get_symbol_value(
- child_list, &symbol_names[1], number_of_symbol_names - 1,
- output);
- }
- if (list_empty(child_list)) {
- list_remove_free(target_node, free_symbol_map_value, (void*)0);
- }
- return return_value;
- } else {
- print_error("No entries for symbol %s.\n", symbol_name);
- }
- return 0;
-}
-
-
-/* Traverse down a tree of symbol values and remove the first symbol value
- * in each branch that has a refcount < -1 (i.e should always be returned
- * and has been returned at least once).
- */
-static void remove_always_return_values(ListNode * const map_head,
- const size_t number_of_symbol_names) {
- ListNode *current;
- assert_non_null(map_head);
- assert_true(number_of_symbol_names);
- current = map_head->next;
- while (current != map_head) {
- SymbolMapValue * const value = (SymbolMapValue*)current->value;
- ListNode * const next = current->next;
- ListNode *child_list;
- assert_non_null(value);
- child_list = &value->symbol_values_list_head;
-
- if (!list_empty(child_list)) {
- if (number_of_symbol_names == 1) {
- ListNode * const child_node = child_list->next;
- // If this item has been returned more than once, free it.
- if (child_node->refcount < -1) {
- list_remove_free(child_node, free_value, NULL);
- }
- } else {
- remove_always_return_values(child_list,
- number_of_symbol_names - 1);
- }
- }
-
- if (list_empty(child_list)) {
- list_remove_free(current, free_value, NULL);
- }
- current = next;
- }
-}
-
-/* Checks if there are any leftover values set up by the test that were never
- * retrieved through execution, and fail the test if that is the case.
- */
-static int check_for_leftover_values(
- const ListNode * const map_head, const char * const error_message,
- const size_t number_of_symbol_names) {
- const ListNode *current;
- int symbols_with_leftover_values = 0;
- assert_non_null(map_head);
- assert_true(number_of_symbol_names);
-
- for (current = map_head->next; current != map_head;
- current = current->next) {
- const SymbolMapValue * const value =
- (SymbolMapValue*)current->value;
- const ListNode *child_list;
- assert_non_null(value);
- child_list = &value->symbol_values_list_head;
-
- if (!list_empty(child_list)) {
- if (number_of_symbol_names == 1) {
- const ListNode *child_node;
- print_error(error_message, value->symbol_name);
- print_error(" Remaining item(s) declared at...\n");
-
- for (child_node = child_list->next; child_node != child_list;
- child_node = child_node->next) {
- const SourceLocation * const location =
- (const SourceLocation*)child_node->value;
- print_error(" " SOURCE_LOCATION_FORMAT "\n",
- location->file, location->line);
- }
- } else {
- print_error("%s.", value->symbol_name);
- check_for_leftover_values(child_list, error_message,
- number_of_symbol_names - 1);
- }
- symbols_with_leftover_values ++;
- }
- }
- return symbols_with_leftover_values;
-}
-
-
-// Get the next return value for the specified mock function.
-uintmax_t _mock(const char * const function, const char* const file,
- const int line) {
- void *result;
- const int rc = get_symbol_value(&global_function_result_map_head,
- &function, 1, &result);
- if (rc) {
- SymbolValue * const symbol = (SymbolValue*)result;
- const uintmax_t value = symbol->value;
- global_last_mock_value_location = symbol->location;
- if (rc == 1) {
- free(symbol);
- }
- return value;
- } else {
- print_error("ERROR: " SOURCE_LOCATION_FORMAT " - Could not get value "
- "to mock function %s\n", file, line, function);
- if (source_location_is_set(&global_last_mock_value_location)) {
- print_error("Previously returned mock value was declared at "
- SOURCE_LOCATION_FORMAT "\n",
- global_last_mock_value_location.file,
- global_last_mock_value_location.line);
- } else {
- print_error("There were no previously returned mock values for "
- "this test.\n");
- }
- exit_test(1);
- }
- return 0;
-}
-
-
-// Add a return value for the specified mock function name.
-void _will_return(const char * const function_name, const char * const file,
- const int line, const uintmax_t value,
- const int count) {
- SymbolValue * const return_value =
- (SymbolValue*)malloc(sizeof(*return_value));
- assert_true(count > 0 || count == -1);
- return_value->value = value;
- set_source_location(&return_value->location, file, line);
- add_symbol_value(&global_function_result_map_head, &function_name, 1,
- return_value, count);
-}
-
-
-/* Add a custom parameter checking function. If the event parameter is NULL
- * the event structure is allocated internally by this function. If event
- * parameter is provided it must be allocated on the heap and doesn't need to
- * be deallocated by the caller.
- */
-void _expect_check(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const CheckParameterValue check_function,
- const uintmax_t check_data,
- CheckParameterEvent * const event, const int count) {
- CheckParameterEvent * const check =
- event ? event : (CheckParameterEvent*)malloc(sizeof(*check));
- const char* symbols[] = {function, parameter};
- check->parameter_name = parameter;
- check->check_value = check_function;
- check->check_value_data = check_data;
- set_source_location(&check->location, file, line);
- add_symbol_value(&global_function_parameter_map_head, symbols, 2, check,
- count);
-}
-
-
-/* Returns 1 if the specified values are equal. If the values are not equal
- * an error is displayed and 0 is returned. */
-static int values_equal_display_error(const uintmax_t left,
- const uintmax_t right) {
- const int equal = left == right;
- if (!equal) {
- print_error("%" PRIxMAX " != "
- "%" PRIxMAX "\n", left, right);
- }
- return equal;
-}
-
-/* Returns 1 if the specified values are not equal. If the values are equal
- * an error is displayed and 0 is returned. */
-static int values_not_equal_display_error(const uintmax_t left,
- const uintmax_t right) {
- const int not_equal = left != right;
- if (!not_equal) {
- print_error("%" PRIxMAX " == "
- "%" PRIxMAX "\n", left, right);
- }
- return not_equal;
-}
-
-
-/* Determine whether value is contained within check_integer_set.
- * If invert is 0 and the value is in the set 1 is returned, otherwise 0 is
- * returned and an error is displayed. If invert is 1 and the value is not
- * in the set 1 is returned, otherwise 0 is returned and an error is
- * displayed. */
-static int value_in_set_display_error(
- const uintmax_t value,
- const CheckIntegerSet * const check_integer_set, const int invert) {
- int succeeded = invert;
- assert_non_null(check_integer_set);
- {
- const uintmax_t * const set = check_integer_set->set;
- const size_t size_of_set = check_integer_set->size_of_set;
- size_t i;
- for (i = 0; i < size_of_set; i++) {
- if (set[i] == value) {
- // If invert = 0 and item is found, succeeded = 1.
- // If invert = 1 and item is found, succeeded = 0.
- succeeded = !succeeded;
- break;
- }
- }
- if (succeeded) {
- return 1;
- }
- print_error("%" PRIuMAX " is %sin the set (", value, invert ? "" : "not ");
- for (i = 0; i < size_of_set; i++) {
- print_error("%" PRIuMAX ", ", set[i]);
- }
- print_error(")\n");
- }
- return 0;
-}
-
-
-/* Determine whether a value is within the specified range. If the value is
- * within the specified range 1 is returned. If the value isn't within the
- * specified range an error is displayed and 0 is returned. */
-static int integer_in_range_display_error(
- const uintmax_t value, const uintmax_t range_min,
- const uintmax_t range_max) {
- if (value >= range_min && value <= range_max) {
- return 1;
- }
- print_error("%" PRIuMAX " is not within the range %" PRIuMAX "-%" PRIuMAX "\n",
- value, range_min, range_max);
- return 0;
-}
-
-
-/* Determine whether a value is within the specified range. If the value
- * is not within the range 1 is returned. If the value is within the
- * specified range an error is displayed and zero is returned. */
-static int integer_not_in_range_display_error(
- const uintmax_t value, const uintmax_t range_min,
- const uintmax_t range_max) {
- if (value < range_min || value > range_max) {
- return 1;
- }
- print_error("%" PRIuMAX " is within the range %" PRIuMAX "-%" PRIuMAX "\n",
- value, range_min, range_max);
- return 0;
-}
-
-
-/* Determine whether the specified strings are equal. If the strings are equal
- * 1 is returned. If they're not equal an error is displayed and 0 is
- * returned. */
-static int string_equal_display_error(
- const char * const left, const char * const right) {
- if (strcmp(left, right) == 0) {
- return 1;
- }
- print_error("\"%s\" != \"%s\"\n", left, right);
- return 0;
-}
-
-
-/* Determine whether the specified strings are equal. If the strings are not
- * equal 1 is returned. If they're not equal an error is displayed and 0 is
- * returned */
-static int string_not_equal_display_error(
- const char * const left, const char * const right) {
- if (strcmp(left, right) != 0) {
- return 1;
- }
- print_error("\"%s\" == \"%s\"\n", left, right);
- return 0;
-}
-
-
-/* Determine whether the specified areas of memory are equal. If they're equal
- * 1 is returned otherwise an error is displayed and 0 is returned. */
-static int memory_equal_display_error(const char* const a, const char* const b,
- const size_t size) {
- int differences = 0;
- size_t i;
- for (i = 0; i < size; i++) {
- const char l = a[i];
- const char r = b[i];
- if (l != r) {
- print_error("difference at offset %" PRIuMAX " 0x%02x 0x%02x\n",
- cast_to_largest_integral_type(i), l, r);
- differences ++;
- }
- }
- if (differences) {
- print_error("%d bytes of 0x%08" PRIxMAX " and 0x%08" PRIxMAX " differ\n",
- differences,
- cast_ptr_to_largest_integral_type(a),
- cast_ptr_to_largest_integral_type(b));
- return 0;
- }
- return 1;
-}
-
-
-/* Determine whether the specified areas of memory are not equal. If they're
- * not equal 1 is returned otherwise an error is displayed and 0 is
- * returned. */
-static int memory_not_equal_display_error(
- const char* const a, const char* const b, const size_t size) {
- size_t same = 0;
- size_t i;
- for (i = 0; i < size; i++) {
- const char l = a[i];
- const char r = b[i];
- if (l == r) {
- same ++;
- }
- }
- if (same == size) {
- print_error("%" PRIuMAX " bytes of 0x%08" PRIxMAX " and 0x%08" PRIxMAX" the same\n",
- cast_to_largest_integral_type(same),
- cast_ptr_to_largest_integral_type(a),
- cast_ptr_to_largest_integral_type(b));
- return 0;
- }
- return 1;
-}
-
-
-// CheckParameterValue callback to check whether a value is within a set.
-static int check_in_set(const uintmax_t value,
- const uintmax_t check_value_data) {
- return value_in_set_display_error(value,
- cast_largest_integral_type_to_pointer(CheckIntegerSet*,
- check_value_data), 0);
-}
-
-
-// CheckParameterValue callback to check whether a value isn't within a set.
-static int check_not_in_set(const uintmax_t value,
- const uintmax_t check_value_data) {
- return value_in_set_display_error(value,
- cast_largest_integral_type_to_pointer(CheckIntegerSet*,
- check_value_data), 1);
-}
-
-
-/* Create the callback data for check_in_set() or check_not_in_set() and
- * register a check event. */
-static void expect_set(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t values[], const size_t number_of_values,
- const CheckParameterValue check_function, const int count) {
- CheckIntegerSet * const check_integer_set =
- (CheckIntegerSet*)malloc(sizeof(*check_integer_set) +
- (sizeof(values[0]) * number_of_values));
- uintmax_t * const set = (uintmax_t*)(
- check_integer_set + 1);
- declare_initialize_value_pointer_pointer(check_data, check_integer_set);
- assert_non_null(values);
- assert_true(number_of_values);
- memcpy(set, values, number_of_values * sizeof(values[0]));
- check_integer_set->set = set;
- _expect_check(
- function, parameter, file, line, check_function,
- check_data.value, &check_integer_set->event, count);
-}
-
-
-// Add an event to check whether a value is in a set.
-void _expect_in_set(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t values[], const size_t number_of_values,
- const int count) {
- expect_set(function, parameter, file, line, values, number_of_values,
- check_in_set, count);
-}
-
-
-// Add an event to check whether a value isn't in a set.
-void _expect_not_in_set(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t values[], const size_t number_of_values,
- const int count) {
- expect_set(function, parameter, file, line, values, number_of_values,
- check_not_in_set, count);
-}
-
-
-// CheckParameterValue callback to check whether a value is within a range.
-static int check_in_range(const uintmax_t value,
- const uintmax_t check_value_data) {
- CheckIntegerRange * const check_integer_range =
- cast_largest_integral_type_to_pointer(CheckIntegerRange*,
- check_value_data);
- assert_non_null(check_integer_range);
- return integer_in_range_display_error(value, check_integer_range->minimum,
- check_integer_range->maximum);
-}
-
-
-// CheckParameterValue callback to check whether a value is not within a range.
-static int check_not_in_range(const uintmax_t value,
- const uintmax_t check_value_data) {
- CheckIntegerRange * const check_integer_range =
- cast_largest_integral_type_to_pointer(CheckIntegerRange*,
- check_value_data);
- assert_non_null(check_integer_range);
- return integer_not_in_range_display_error(
- value, check_integer_range->minimum, check_integer_range->maximum);
-}
-
-
-/* Create the callback data for check_in_range() or check_not_in_range() and
- * register a check event. */
-static void expect_range(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t minimum, const uintmax_t maximum,
- const CheckParameterValue check_function, const int count) {
- CheckIntegerRange * const check_integer_range =
- (CheckIntegerRange*)malloc(sizeof(*check_integer_range));
- declare_initialize_value_pointer_pointer(check_data, check_integer_range);
- check_integer_range->minimum = minimum;
- check_integer_range->maximum = maximum;
- _expect_check(function, parameter, file, line, check_function,
- check_data.value, &check_integer_range->event, count);
-}
-
-
-// Add an event to determine whether a parameter is within a range.
-void _expect_in_range(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t minimum, const uintmax_t maximum,
- const int count) {
- expect_range(function, parameter, file, line, minimum, maximum,
- check_in_range, count);
-}
-
-
-// Add an event to determine whether a parameter is not within a range.
-void _expect_not_in_range(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t minimum, const uintmax_t maximum,
- const int count) {
- expect_range(function, parameter, file, line, minimum, maximum,
- check_not_in_range, count);
-}
-
-
-/* CheckParameterValue callback to check whether a value is equal to an
- * expected value. */
-static int check_value(const uintmax_t value,
- const uintmax_t check_value_data) {
- return values_equal_display_error(value, check_value_data);
-}
-
-
-// Add an event to check a parameter equals an expected value.
-void _expect_value(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t value, const int count) {
- _expect_check(function, parameter, file, line, check_value, value, NULL,
- count);
-}
-
-
-/* CheckParameterValue callback to check whether a value is not equal to an
- * expected value. */
-static int check_not_value(const uintmax_t value,
- const uintmax_t check_value_data) {
- return values_not_equal_display_error(value, check_value_data);
-}
-
-
-// Add an event to check a parameter is not equal to an expected value.
-void _expect_not_value(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t value, const int count) {
- _expect_check(function, parameter, file, line, check_not_value, value,
- NULL, count);
-}
-
-
-// CheckParameterValue callback to check whether a parameter equals a string.
-static int check_string(const uintmax_t value,
- const uintmax_t check_value_data) {
- return string_equal_display_error(
- cast_largest_integral_type_to_pointer(char*, value),
- cast_largest_integral_type_to_pointer(char*, check_value_data));
-}
-
-
-// Add an event to check whether a parameter is equal to a string.
-void _expect_string(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const char* string,
- const int count) {
- declare_initialize_value_pointer_pointer(string_pointer, (char*)string);
- _expect_check(function, parameter, file, line, check_string,
- string_pointer.value, NULL, count);
-}
-
-
-/* CheckParameterValue callback to check whether a parameter is not equals to
- * a string. */
-static int check_not_string(const uintmax_t value,
- const uintmax_t check_value_data) {
- return string_not_equal_display_error(
- cast_largest_integral_type_to_pointer(char*, value),
- cast_largest_integral_type_to_pointer(char*, check_value_data));
-}
-
-
-// Add an event to check whether a parameter is not equal to a string.
-void _expect_not_string(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const char* string,
- const int count) {
- declare_initialize_value_pointer_pointer(string_pointer, (char*)string);
- _expect_check(function, parameter, file, line, check_not_string,
- string_pointer.value, NULL, count);
-}
-
-/* CheckParameterValue callback to check whether a parameter equals an area of
- * memory. */
-static int check_memory(const uintmax_t value,
- const uintmax_t check_value_data) {
- CheckMemoryData * const check = cast_largest_integral_type_to_pointer(
- CheckMemoryData*, check_value_data);
- assert_non_null(check);
- return memory_equal_display_error(
- cast_largest_integral_type_to_pointer(const char*, value),
- (const char*)check->memory, check->size);
-}
-
-
-/* Create the callback data for check_memory() or check_not_memory() and
- * register a check event. */
-static void expect_memory_setup(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const void * const memory, const size_t size,
- const CheckParameterValue check_function, const int count) {
- CheckMemoryData * const check_data =
- (CheckMemoryData*)malloc(sizeof(*check_data) + size);
- void * const mem = (void*)(check_data + 1);
- declare_initialize_value_pointer_pointer(check_data_pointer, check_data);
- assert_non_null(memory);
- assert_true(size);
- memcpy(mem, memory, size);
- check_data->memory = mem;
- check_data->size = size;
- _expect_check(function, parameter, file, line, check_function,
- check_data_pointer.value, &check_data->event, count);
-}
-
-
-// Add an event to check whether a parameter matches an area of memory.
-void _expect_memory(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const void* const memory,
- const size_t size, const int count) {
- expect_memory_setup(function, parameter, file, line, memory, size,
- check_memory, count);
-}
-
-
-/* CheckParameterValue callback to check whether a parameter is not equal to
- * an area of memory. */
-static int check_not_memory(const uintmax_t value,
- const uintmax_t check_value_data) {
- CheckMemoryData * const check = cast_largest_integral_type_to_pointer(
- CheckMemoryData*, check_value_data);
- assert_non_null(check);
- return memory_not_equal_display_error(
- cast_largest_integral_type_to_pointer(const char*, value),
- (const char*)check->memory,
- check->size);
-}
-
-
-// Add an event to check whether a parameter doesn't match an area of memory.
-void _expect_not_memory(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const void* const memory,
- const size_t size, const int count) {
- expect_memory_setup(function, parameter, file, line, memory, size,
- check_not_memory, count);
-}
-
-
-// CheckParameterValue callback that always returns 1.
-static int check_any(const uintmax_t value,
- const uintmax_t check_value_data) {
- (void)value;
- (void)check_value_data;
- return 1;
-}
-
-
-// Add an event to allow any value for a parameter.
-void _expect_any(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const int count) {
- _expect_check(function, parameter, file, line, check_any, 0, NULL,
- count);
-}
-
-
-void _check_expected(
- const char * const function_name, const char * const parameter_name,
- const char* file, const int line, const uintmax_t value) {
- void *result;
- const char* symbols[] = {function_name, parameter_name};
- const int rc = get_symbol_value(&global_function_parameter_map_head,
- symbols, 2, &result);
- if (rc) {
- CheckParameterEvent * const check = (CheckParameterEvent*)result;
- int check_succeeded;
- global_last_parameter_location = check->location;
- check_succeeded = check->check_value(value, check->check_value_data);
- if (rc == 1) {
- free(check);
- }
- if (!check_succeeded) {
- print_error("ERROR: Check of parameter %s, function %s failed\n"
- "Expected parameter declared at "
- SOURCE_LOCATION_FORMAT "\n",
- parameter_name, function_name,
- global_last_parameter_location.file,
- global_last_parameter_location.line);
- _fail(file, line);
- }
- } else {
- print_error("ERROR: " SOURCE_LOCATION_FORMAT " - Could not get value "
- "to check parameter %s of function %s\n", file, line,
- parameter_name, function_name);
- if (source_location_is_set(&global_last_parameter_location)) {
- print_error("Previously declared parameter value was declared at "
- SOURCE_LOCATION_FORMAT "\n",
- global_last_parameter_location.file,
- global_last_parameter_location.line);
- } else {
- print_error("There were no previously declared parameter values "
- "for this test.\n");
- }
- exit_test(1);
- }
-}
-
-
-// Replacement for assert.
-void mock_assert(const int result, const char* const expression,
- const char* const file, const int line) {
- if (!result) {
- if (global_expecting_assert) {
- longjmp(global_expect_assert_env, (int)expression);
- } else {
- print_error("ASSERT: %s\n", expression);
- _fail(file, line);
- }
- }
-}
-
-
-void _assert_true(const uintmax_t result,
- const char * const expression,
- const char * const file, const int line) {
- if (!result) {
- print_error("%s\n", expression);
- _fail(file, line);
- }
-}
-
-void _assert_int_equal(
- const uintmax_t a, const uintmax_t b,
- const char * const file, const int line) {
- if (!values_equal_display_error(a, b)) {
- _fail(file, line);
- }
-}
-
-
-void _assert_int_not_equal(
- const uintmax_t a, const uintmax_t b,
- const char * const file, const int line) {
- if (!values_not_equal_display_error(a, b)) {
- _fail(file, line);
- }
-}
-
-
-void _assert_string_equal(const char * const a, const char * const b,
- const char * const file, const int line) {
- if (!string_equal_display_error(a, b)) {
- _fail(file, line);
- }
-}
-
-
-void _assert_string_not_equal(const char * const a, const char * const b,
- const char *file, const int line) {
- if (!string_not_equal_display_error(a, b)) {
- _fail(file, line);
- }
-}
-
-
-void _assert_memory_equal(const void * const a, const void * const b,
- const size_t size, const char* const file,
- const int line) {
- if (!memory_equal_display_error((const char*)a, (const char*)b, size)) {
- _fail(file, line);
- }
-}
-
-
-void _assert_memory_not_equal(const void * const a, const void * const b,
- const size_t size, const char* const file,
- const int line) {
- if (!memory_not_equal_display_error((const char*)a, (const char*)b,
- size)) {
- _fail(file, line);
- }
-}
-
-
-void _assert_in_range(
- const uintmax_t value, const uintmax_t minimum,
- const uintmax_t maximum, const char* const file,
- const int line) {
- if (!integer_in_range_display_error(value, minimum, maximum)) {
- _fail(file, line);
- }
-}
-
-void _assert_not_in_range(
- const uintmax_t value, const uintmax_t minimum,
- const uintmax_t maximum, const char* const file,
- const int line) {
- if (!integer_not_in_range_display_error(value, minimum, maximum)) {
- _fail(file, line);
- }
-}
-
-void _assert_in_set(const uintmax_t value,
- const uintmax_t values[],
- const size_t number_of_values, const char* const file,
- const int line) {
- CheckIntegerSet check_integer_set;
- check_integer_set.set = values;
- check_integer_set.size_of_set = number_of_values;
- if (!value_in_set_display_error(value, &check_integer_set, 0)) {
- _fail(file, line);
- }
-}
-
-void _assert_not_in_set(const uintmax_t value,
- const uintmax_t values[],
- const size_t number_of_values, const char* const file,
- const int line) {
- CheckIntegerSet check_integer_set;
- check_integer_set.set = values;
- check_integer_set.size_of_set = number_of_values;
- if (!value_in_set_display_error(value, &check_integer_set, 1)) {
- _fail(file, line);
- }
-}
-
-
-// Get the list of allocated blocks.
-static ListNode* get_allocated_blocks_list() {
- // If it initialized, initialize the list of allocated blocks.
- if (!global_allocated_blocks.value) {
- list_initialize(&global_allocated_blocks);
- global_allocated_blocks.value = (void*)1;
- }
- return &global_allocated_blocks;
-}
-
-// Use the real malloc in this function.
-#undef malloc
-void* _test_malloc(const size_t size, const char* file, const int line) {
- char* ptr;
- MallocBlockInfo *block_info;
- ListNode * const block_list = get_allocated_blocks_list();
- const size_t allocate_size = size + (MALLOC_GUARD_SIZE * 2) +
- sizeof(*block_info) + MALLOC_ALIGNMENT;
- char* const block = (char*)malloc(allocate_size);
- assert_non_null(block);
-
- // Calculate the returned address.
- ptr = (char*)(((size_t)block + MALLOC_GUARD_SIZE + sizeof(*block_info) +
- MALLOC_ALIGNMENT) & ~(MALLOC_ALIGNMENT - 1));
-
- // Initialize the guard blocks.
- memset(ptr - MALLOC_GUARD_SIZE, MALLOC_GUARD_PATTERN, MALLOC_GUARD_SIZE);
- memset(ptr + size, MALLOC_GUARD_PATTERN, MALLOC_GUARD_SIZE);
- memset(ptr, MALLOC_ALLOC_PATTERN, size);
-
- block_info = (MallocBlockInfo*)(ptr - (MALLOC_GUARD_SIZE +
- sizeof(*block_info)));
- set_source_location(&block_info->location, file, line);
- block_info->allocated_size = allocate_size;
- block_info->size = size;
- block_info->block = block;
- block_info->node.value = block_info;
- list_add(block_list, &block_info->node);
- return ptr;
-}
-#define malloc test_malloc
-
-
-void* _test_calloc(const size_t number_of_elements, const size_t size,
- const char* file, const int line) {
- void* const ptr = _test_malloc(number_of_elements * size, file, line);
- if (ptr) {
- memset(ptr, 0, number_of_elements * size);
- }
- return ptr;
-}
-
-
-// Use the real free in this function.
-#undef free
-void _test_free(void* const ptr, const char* file, const int line) {
- unsigned int i;
- char *block = (char*)ptr;
- MallocBlockInfo *block_info;
- _assert_true(cast_ptr_to_largest_integral_type(ptr), "ptr", file, line);
- block_info = (MallocBlockInfo*)(block - (MALLOC_GUARD_SIZE +
- sizeof(*block_info)));
- // Check the guard blocks.
- {
- char *guards[2] = {block - MALLOC_GUARD_SIZE,
- block + block_info->size};
- for (i = 0; i < ARRAY_LENGTH(guards); i++) {
- unsigned int j;
- char * const guard = guards[i];
- for (j = 0; j < MALLOC_GUARD_SIZE; j++) {
- const char diff = guard[j] - MALLOC_GUARD_PATTERN;
- if (diff) {
- print_error(
- "Guard block of 0x%08" PRIxMAX " size=%" PRIuMAX " allocated by "
- SOURCE_LOCATION_FORMAT " at 0x%08" PRIxMAX " is corrupt\n",
- cast_ptr_to_largest_integral_type(ptr),
- cast_to_largest_integral_type(block_info->size),
- block_info->location.file, block_info->location.line,
- cast_ptr_to_largest_integral_type(&guard[j]));
- _fail(file, line);
- }
- }
- }
- }
- list_remove(&block_info->node, NULL, NULL);
-
- block = (char*)block_info->block;
- memset(block, MALLOC_FREE_PATTERN, block_info->allocated_size);
- free(block);
-}
-#define free test_free
-
-
-// Crudely checkpoint the current heap state.
-static const ListNode* check_point_allocated_blocks() {
- return get_allocated_blocks_list()->prev;
-}
-
-
-/* Display the blocks allocated after the specified check point. This
- * function returns the number of blocks displayed. */
-static int display_allocated_blocks(const ListNode * const check_point) {
- const ListNode * const head = get_allocated_blocks_list();
- const ListNode *node;
- int allocated_blocks = 0;
- assert_non_null(check_point);
- assert_non_null(check_point->next);
-
- for (node = check_point->next; node != head; node = node->next) {
- const MallocBlockInfo * const block_info =
- (const MallocBlockInfo*)node->value;
- assert_non_null(block_info);
-
- if (!allocated_blocks) {
- print_error("Blocks allocated...\n");
- }
- print_error(" 0x%08" PRIxMAX " : " SOURCE_LOCATION_FORMAT "\n",
- cast_ptr_to_largest_integral_type(block_info->block),
- block_info->location.file,
- block_info->location.line);
- allocated_blocks ++;
- }
- return allocated_blocks;
-}
-
-
-// Free all blocks allocated after the specified check point.
-static void free_allocated_blocks(const ListNode * const check_point) {
- const ListNode * const head = get_allocated_blocks_list();
- const ListNode *node;
- assert_non_null(check_point);
-
- node = check_point->next;
- assert_non_null(node);
-
- while (node != head) {
- MallocBlockInfo * const block_info = (MallocBlockInfo*)node->value;
- node = node->next;
- free((char*)block_info + sizeof(*block_info) + MALLOC_GUARD_SIZE);
- }
-}
-
-
-// Fail if any any blocks are allocated after the specified check point.
-static void fail_if_blocks_allocated(const ListNode * const check_point,
- const char * const test_name) {
- const int allocated_blocks = display_allocated_blocks(check_point);
- if (allocated_blocks) {
- free_allocated_blocks(check_point);
- print_error("ERROR: %s leaked %d block(s)\n", test_name,
- allocated_blocks);
- exit_test(1);
- }
-}
-
-
-void _fail(const char * const file, const int line) {
- print_error("ERROR: " SOURCE_LOCATION_FORMAT " Failure!\n", file, line);
- exit_test(1);
-}
-
-
-#ifndef _WIN32
-static void exception_handler(int sig) {
-#ifdef _HPUX
- print_error("%d\n", sig);
-#else
- print_error("%s\n", strsignal(sig));
-#endif
- exit_test(1);
-}
-
-#else // _WIN32
-
-static LONG WINAPI exception_filter(EXCEPTION_POINTERS *exception_pointers) {
- EXCEPTION_RECORD * const exception_record =
- exception_pointers->ExceptionRecord;
- const DWORD code = exception_record->ExceptionCode;
- unsigned int i;
- for (i = 0; i < ARRAY_LENGTH(exception_codes); i++) {
- const ExceptionCodeInfo * const code_info = &exception_codes[i];
- if (code == code_info->code) {
- static int shown_debug_message = 0;
- fflush(stdout);
- print_error("%s occurred at 0x%08" PRIxMAX ".\n", code_info->description,
- cast_to_largest_integral_type(exception_record->ExceptionAddress));
- if (!shown_debug_message) {
- print_error(
- "\n"
- "To debug in Visual Studio...\n"
- "1. Select menu item File->Open Project\n"
- "2. Change 'Files of type' to 'Executable Files'\n"
- "3. Open this executable.\n"
- "4. Select menu item Debug->Start\n"
- "\n"
- "Alternatively, set the environment variable \n"
- "UNIT_TESTING_DEBUG to 1 and rebuild this executable, \n"
- "then click 'Debug' in the popup dialog box.\n"
- "\n");
- shown_debug_message = 1;
- }
- exit_test(0);
- return EXCEPTION_EXECUTE_HANDLER;
- }
- }
- return EXCEPTION_CONTINUE_SEARCH;
-}
-#endif // !_WIN32
-
-
-// Standard output and error print methods.
-void vprint_message(const char* const format, va_list args) {
- char buffer[1024];
- vsnprintf(buffer, sizeof(buffer), format, args);
- printf("%s", buffer);
- fflush(stdout);
-#ifdef _WIN32
- OutputDebugString(buffer);
-#endif // _WIN32
-}
-
-
-void vprint_error(const char* const format, va_list args) {
- char buffer[1024];
- vsnprintf(buffer, sizeof(buffer), format, args);
- fprintf(stderr, "%s", buffer);
- fflush(stderr);
-#ifdef _WIN32
- OutputDebugString(buffer);
-#endif // _WIN32
-}
-
-
-void print_message(const char* const format, ...) {
- va_list args;
- va_start(args, format);
- vprint_message(format, args);
- va_end(args);
-}
-
-
-void print_error(const char* const format, ...) {
- va_list args;
- va_start(args, format);
- vprint_error(format, args);
- va_end(args);
-}
-
-
-int _run_test(
- const char * const function_name, const UnitTestFunction Function,
- void ** const volatile state, const UnitTestFunctionType function_type,
- const void* const heap_check_point) {
- const ListNode * const volatile check_point = (const ListNode*)
- (heap_check_point ?
- heap_check_point : check_point_allocated_blocks());
- void *current_state = NULL;
- volatile int rc = 1;
- int handle_exceptions = 1;
-#ifdef _WIN32
- handle_exceptions = !IsDebuggerPresent();
-#endif // _WIN32
-#if UNIT_TESTING_DEBUG
- handle_exceptions = 0;
-#endif // UNIT_TESTING_DEBUG
-
- if (handle_exceptions) {
-#ifndef _WIN32
- unsigned int i;
- for (i = 0; i < ARRAY_LENGTH(exception_signals); i++) {
- default_signal_functions[i] = signal(
- exception_signals[i], exception_handler);
- }
-#else // _WIN32
- previous_exception_filter = SetUnhandledExceptionFilter(
- exception_filter);
-#endif // !_WIN32
- }
-
- if (function_type == UNIT_TEST_FUNCTION_TYPE_TEST) {
- print_message("[ RUN ] %s\n", function_name);
- }
- initialize_testing(function_name);
- global_running_test = 1;
- if (setjmp(global_run_test_env) == 0) {
- Function(state ? state : ¤t_state);
- fail_if_leftover_values(function_name);
-
- /* If this is a setup function then ignore any allocated blocks
- * only ensure they're deallocated on tear down. */
- if (function_type != UNIT_TEST_FUNCTION_TYPE_SETUP) {
- fail_if_blocks_allocated(check_point, function_name);
- }
-
- global_running_test = 0;
-
- if (function_type == UNIT_TEST_FUNCTION_TYPE_TEST) {
- print_message("[ OK ] %s\n", function_name);
- }
- rc = 0;
- } else {
- global_running_test = 0;
- print_message("[ FAILED ] %s\n", function_name);
- }
- teardown_testing(function_name);
-
- if (handle_exceptions) {
-#ifndef _WIN32
- unsigned int i;
- for (i = 0; i < ARRAY_LENGTH(exception_signals); i++) {
- signal(exception_signals[i], default_signal_functions[i]);
- }
-#else // _WIN32
- if (previous_exception_filter) {
- SetUnhandledExceptionFilter(previous_exception_filter);
- previous_exception_filter = NULL;
- }
-#endif // !_WIN32
- }
-
- return rc;
-}
-
-
-int _run_tests(const UnitTest * const tests, const size_t number_of_tests) {
- // Whether to execute the next test.
- int run_next_test = 1;
- // Whether the previous test failed.
- int previous_test_failed = 0;
- // Check point of the heap state.
- const ListNode * const check_point = check_point_allocated_blocks();
- // Current test being executed.
- size_t current_test = 0;
- // Number of tests executed.
- size_t tests_executed = 0;
- // Number of failed tests.
- size_t total_failed = 0;
- // Number of setup functions.
- size_t setups = 0;
- // Number of teardown functions.
- size_t teardowns = 0;
- /* A stack of test states. A state is pushed on the stack
- * when a test setup occurs and popped on tear down. */
- TestState* test_states =
- (TestState*)malloc(number_of_tests * sizeof(*test_states));
- size_t number_of_test_states = 0;
- // Names of the tests that failed.
- const char** failed_names = (const char**)malloc(number_of_tests *
- sizeof(*failed_names));
- void **current_state = NULL;
-
- print_message("[==========] Running %d test(s).\n", number_of_tests);
-
- // Make sure uintmax_t is at least the size of a pointer.
- assert_true(sizeof(uintmax_t) >= sizeof(void*));
-
- while (current_test < number_of_tests) {
- const ListNode *test_check_point = NULL;
- TestState *current_TestState;
- const UnitTest * const test = &tests[current_test++];
- if (!test->function) {
- continue;
- }
-
- switch (test->function_type) {
- case UNIT_TEST_FUNCTION_TYPE_TEST:
- run_next_test = 1;
- break;
- case UNIT_TEST_FUNCTION_TYPE_SETUP: {
- // Checkpoint the heap before the setup.
- current_TestState = &test_states[number_of_test_states++];
- current_TestState->check_point = check_point_allocated_blocks();
- test_check_point = current_TestState->check_point;
- current_state = ¤t_TestState->state;
- *current_state = NULL;
- run_next_test = 1;
- setups ++;
- break;
- }
- case UNIT_TEST_FUNCTION_TYPE_TEARDOWN:
- // Check the heap based on the last setup checkpoint.
- assert_true(number_of_test_states);
- current_TestState = &test_states[--number_of_test_states];
- test_check_point = current_TestState->check_point;
- current_state = ¤t_TestState->state;
- teardowns ++;
- break;
- default:
- print_error("Invalid unit test function type %d\n",
- test->function_type);
- exit_test(1);
- break;
- }
-
- if (run_next_test) {
- int failed = _run_test(test->name, test->function, current_state,
- test->function_type, test_check_point);
- if (failed) {
- failed_names[total_failed] = test->name;
- }
-
- switch (test->function_type) {
- case UNIT_TEST_FUNCTION_TYPE_TEST:
- previous_test_failed = failed;
- total_failed += failed;
- tests_executed ++;
- break;
-
- case UNIT_TEST_FUNCTION_TYPE_SETUP:
- if (failed) {
- total_failed ++;
- tests_executed ++;
- // Skip forward until the next test or setup function.
- run_next_test = 0;
- }
- previous_test_failed = 0;
- break;
-
- case UNIT_TEST_FUNCTION_TYPE_TEARDOWN:
- // If this test failed.
- if (failed && !previous_test_failed) {
- total_failed ++;
- }
- break;
- default:
-#ifndef _HPUX
- assert_null("BUG: shouldn't be here!");
-#endif
- break;
- }
- }
- }
-
- print_message("[==========] %d test(s) run.\n", tests_executed);
- print_error("[ PASSED ] %d test(s).\n", tests_executed - total_failed);
-
- if (total_failed) {
- size_t i;
- print_error("[ FAILED ] %d test(s), listed below:\n", total_failed);
- for (i = 0; i < total_failed; i++) {
- print_error("[ FAILED ] %s\n", failed_names[i]);
- }
- } else {
- print_error("\n %d FAILED TEST(S)\n", total_failed);
- }
-
- if (number_of_test_states) {
- print_error("[ ERROR ] Mismatched number of setup %d and "
- "teardown %d functions\n", setups, teardowns);
- total_failed = (size_t)-1;
- }
-
- free(test_states);
- free((void*)failed_names);
-
- fail_if_blocks_allocated(check_point, "run_tests");
- return (int)total_failed;
-}
+++ /dev/null
-/*
- * Copyright 2008 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef CMOCKERY_H_
-#define CMOCKERY_H_
-#ifdef _WIN32
-#if _MSC_VER < 1500
-#ifdef __cplusplus
-extern "C" {
-#endif // __cplusplus
-int __stdcall IsDebuggerPresent();
-#ifdef __cplusplus
-} /* extern "C" */
-#endif // __cplusplus
-#endif // _MSC_VER < 1500
-#endif // _WIN32
-/*
- * These headers or their equivalents should be included prior to including
- * this header file.
- *
- * #include <stdarg.h>
- * #include <stddef.h>
- * #include <setjmp.h>
- * #include <inttypes.h>
- *
- * This allows test applications to use custom definitions of C standard
- * library functions and types.
- */
-
-// For those who are used to __func__ from gcc.
-#ifndef __func__
-#define __func__ __FUNCTION__
-#endif
-
-/* Largest integral type. This type should be large enough to hold any
- * pointer or integer supported by the compiler. */
-#ifndef _UINTMAX_T
-#define _UINTMAX_T
-typedef unsigned long long uintmax_t;
-#endif /* _UINTMAX_T */
-
-/* Printf formats used to display uintmax_t. */
-#ifdef _WIN32
-
-#ifndef PRIdMAX
-#define PRIdMAX "I64d"
-#endif /* PRIdMAX */
-#ifndef PRIiMAX
-#define PRIiMAX "I64i"
-#endif /* PRIiMAX */
-#ifndef PRIoMAX
-#define PRIoMAX "I64o"
-#endif /* PRIoMAX */
-#ifndef PRIuMAX
-#define PRIuMAX "I64u"
-#endif /* PRIuMAX */
-#ifndef PRIxMAX
-#define PRIxMAX "I64x"
-#endif /* PRIxMAX */
-#ifndef PRIXMAX
-#define PRIXMAX "I64X"
-#endif /* PRIXMAX */
-
-#else /* _WIN32 */
-
-#ifndef PRIdMAX
-#define PRIdMAX "lld"
-#endif /* PRIdMAX */
-#ifndef PRIiMAX
-#define PRIiMAX "lli"
-#endif /* PRIiMAX */
-#ifndef PRIoMAX
-#define PRIoMAX "llo"
-#endif /* PRIoMAX */
-#ifndef PRIuMAX
-#define PRIuMAX "llu"
-#endif /* PRIuMAX */
-#ifndef PRIxMAX
-#define PRIxMAX "llx"
-#endif /* PRIxMAX */
-#ifndef PRIXMAX
-#define PRIXMAX "llX"
-#endif /* PRIXMAX */
-
-#endif /* _WIN32 */
-
-// Perform an unsigned cast to uintmax_t.
-#define cast_to_largest_integral_type(value) \
- ((uintmax_t)(value))
-
-/* Smallest integral type capable of holding a pointer. */
-#ifndef _UINTPTR_T
-#define _UINTPTR_T
-#ifdef _WIN32
-
-/* WIN32 is an ILP32 platform */
-typedef unsigned long uintptr_t;
-
-#else /* _WIN32 */
-
-/* what about 64-bit windows?
- * what's the right preprocessor symbol?
-typedef unsigned long long uintptr_t */
-
-#endif /* _WIN32 */
-#endif /* _UINTPTR_T */
-
-/* Perform an unsigned cast to uintptr_t. */
-#define cast_to_pointer_integral_type(value) \
- ((uintptr_t)(value))
-
-/* Perform a cast of a pointer to uintmax_t */
-#define cast_ptr_to_largest_integral_type(value) \
-cast_to_largest_integral_type(cast_to_pointer_integral_type(value))
-
-// Retrieves a return value for the current function.
-#define mock() _mock(__func__, __FILE__, __LINE__)
-
-/* Stores a value to be returned by the specified function later.
- * The count parameter returns the number of times the value should be returned
- * by mock(). If count is set to -1 the value will always be returned.
- */
-#define will_return(function, value) \
- _will_return(#function, __FILE__, __LINE__, \
- cast_to_largest_integral_type(value), 1)
-#define will_return_count(function, value, count) \
- _will_return(#function, __FILE__, __LINE__, \
- cast_to_largest_integral_type(value), count)
-
-/* Add a custom parameter checking function. If the event parameter is NULL
- * the event structure is allocated internally by this function. If event
- * parameter is provided it must be allocated on the heap and doesn't need to
- * be deallocated by the caller.
- */
-#define expect_check(function, parameter, check_function, check_data) \
- _expect_check(#function, #parameter, __FILE__, __LINE__, check_function, \
- cast_to_largest_integral_type(check_data), NULL, 0)
-
-/* Add an event to check a parameter, using check_expected(), against a set of
- * values. See will_return() for a description of the count parameter.
- */
-#define expect_in_set(function, parameter, value_array) \
- expect_in_set_count(function, parameter, value_array, 1)
-#define expect_in_set_count(function, parameter, value_array, count) \
- _expect_in_set(#function, #parameter, __FILE__, __LINE__, value_array, \
- sizeof(value_array) / sizeof((value_array)[0]), count)
-#define expect_not_in_set(function, parameter, value_array) \
- expect_not_in_set_count(function, parameter, value_array, 1)
-#define expect_not_in_set_count(function, parameter, value_array, count) \
- _expect_not_in_set( \
- #function, #parameter, __FILE__, __LINE__, value_array, \
- sizeof(value_array) / sizeof((value_array)[0]), count)
-
-
-/* Add an event to check a parameter, using check_expected(), against a
- * signed range. Where range is minimum <= value <= maximum.
- * See will_return() for a description of the count parameter.
- */
-#define expect_in_range(function, parameter, minimum, maximum) \
- expect_in_range_count(function, parameter, minimum, maximum, 1)
-#define expect_in_range_count(function, parameter, minimum, maximum, count) \
- _expect_in_range(#function, #parameter, __FILE__, __LINE__, minimum, \
- maximum, count)
-
-/* Add an event to check a parameter, using check_expected(), against a
- * signed range. Where range is value < minimum or value > maximum.
- * See will_return() for a description of the count parameter.
- */
-#define expect_not_in_range(function, parameter, minimum, maximum) \
- expect_not_in_range_count(function, parameter, minimum, maximum, 1)
-#define expect_not_in_range_count(function, parameter, minimum, maximum, \
- count) \
- _expect_not_in_range(#function, #parameter, __FILE__, __LINE__, \
- minimum, maximum, count)
-
-/* Add an event to check whether a parameter, using check_expected(), is or
- * isn't a value. See will_return() for a description of the count parameter.
- */
-#define expect_value(function, parameter, value) \
- expect_value_count(function, parameter, value, 1)
-#define expect_value_count(function, parameter, value, count) \
- _expect_value(#function, #parameter, __FILE__, __LINE__, \
- cast_to_largest_integral_type(value), count)
-#define expect_not_value(function, parameter, value) \
- expect_not_value_count(function, parameter, value, 1)
-#define expect_not_value_count(function, parameter, value, count) \
- _expect_not_value(#function, #parameter, __FILE__, __LINE__, \
- cast_to_largest_integral_type(value), count)
-
-/* Add an event to check whether a parameter, using check_expected(),
- * is or isn't a string. See will_return() for a description of the count
- * parameter.
- */
-#define expect_string(function, parameter, string) \
- expect_string_count(function, parameter, string, 1)
-#define expect_string_count(function, parameter, string, count) \
- _expect_string(#function, #parameter, __FILE__, __LINE__, \
- (const char*)(string), count)
-#define expect_not_string(function, parameter, string) \
- expect_not_string_count(function, parameter, string, 1)
-#define expect_not_string_count(function, parameter, string, count) \
- _expect_not_string(#function, #parameter, __FILE__, __LINE__, \
- (const char*)(string), count)
-
-/* Add an event to check whether a parameter, using check_expected() does or
- * doesn't match an area of memory. See will_return() for a description of
- * the count parameter.
- */
-#define expect_memory(function, parameter, memory, size) \
- expect_memory_count(function, parameter, memory, size, 1)
-#define expect_memory_count(function, parameter, memory, size, count) \
- _expect_memory(#function, #parameter, __FILE__, __LINE__, \
- (const void*)(memory), size, count)
-#define expect_not_memory(function, parameter, memory, size) \
- expect_not_memory_count(function, parameter, memory, size, 1)
-#define expect_not_memory_count(function, parameter, memory, size, count) \
- _expect_not_memory(#function, #parameter, __FILE__, __LINE__, \
- (const void*)(memory), size, count)
-
-
-/* Add an event to allow any value for a parameter checked using
- * check_expected(). See will_return() for a description of the count
- * parameter.
- */
-#define expect_any(function, parameter) \
- expect_any_count(function, parameter, 1)
-#define expect_any_count(function, parameter, count) \
- _expect_any(#function, #parameter, __FILE__, __LINE__, count)
-
-/* Determine whether a function parameter is correct. This ensures the next
- * value queued by one of the expect_*() macros matches the specified variable.
- */
-#define check_expected(parameter) \
- _check_expected(__func__, #parameter, __FILE__, __LINE__, \
- cast_to_largest_integral_type(parameter))
-
-// Assert that the given expression is true.
-#define assert_true(c) _assert_true(cast_to_largest_integral_type(c), #c, \
- __FILE__, __LINE__)
-// Assert that the given expression is false.
-#define assert_false(c) _assert_true(!(cast_to_largest_integral_type(c)), #c, \
- __FILE__, __LINE__)
-
-// Assert that the given pointer is non-NULL.
-#define assert_non_null(c) _assert_true(cast_ptr_to_largest_integral_type(c), #c, \
-__FILE__, __LINE__)
-// Assert that the given pointer is NULL.
-#define assert_null(c) _assert_true(!(cast_ptr_to_largest_integral_type(c)), #c, \
-__FILE__, __LINE__)
-
-// Assert that the two given integers are equal, otherwise fail.
-#define assert_int_equal(a, b) \
- _assert_int_equal(cast_to_largest_integral_type(a), \
- cast_to_largest_integral_type(b), \
- __FILE__, __LINE__)
-// Assert that the two given integers are not equal, otherwise fail.
-#define assert_int_not_equal(a, b) \
- _assert_int_not_equal(cast_to_largest_integral_type(a), \
- cast_to_largest_integral_type(b), \
- __FILE__, __LINE__)
-
-// Assert that the two given strings are equal, otherwise fail.
-#define assert_string_equal(a, b) \
- _assert_string_equal((const char*)(a), (const char*)(b), __FILE__, \
- __LINE__)
-// Assert that the two given strings are not equal, otherwise fail.
-#define assert_string_not_equal(a, b) \
- _assert_string_not_equal((const char*)(a), (const char*)(b), __FILE__, \
- __LINE__)
-
-// Assert that the two given areas of memory are equal, otherwise fail.
-#define assert_memory_equal(a, b, size) \
- _assert_memory_equal((const char*)(a), (const char*)(b), size, __FILE__, \
- __LINE__)
-// Assert that the two given areas of memory are not equal, otherwise fail.
-#define assert_memory_not_equal(a, b, size) \
- _assert_memory_not_equal((const char*)(a), (const char*)(b), size, \
- __FILE__, __LINE__)
-
-// Assert that the specified value is >= minimum and <= maximum.
-#define assert_in_range(value, minimum, maximum) \
- _assert_in_range( \
- cast_to_largest_integral_type(value), \
- cast_to_largest_integral_type(minimum), \
- cast_to_largest_integral_type(maximum), __FILE__, __LINE__)
-
-// Assert that the specified value is < minumum or > maximum
-#define assert_not_in_range(value, minimum, maximum) \
- _assert_not_in_range( \
- cast_to_largest_integral_type(value), \
- cast_to_largest_integral_type(minimum), \
- cast_to_largest_integral_type(maximum), __FILE__, __LINE__)
-
-// Assert that the specified value is within a set.
-#define assert_in_set(value, values, number_of_values) \
- _assert_in_set(value, values, number_of_values, __FILE__, __LINE__)
-// Assert that the specified value is not within a set.
-#define assert_not_in_set(value, values, number_of_values) \
- _assert_not_in_set(value, values, number_of_values, __FILE__, __LINE__)
-
-
-// Forces the test to fail immediately and quit.
-#define fail() _fail(__FILE__, __LINE__)
-
-// Generic method to kick off testing
-#define run_test(f) _run_test(#f, f, NULL, UNIT_TEST_FUNCTION_TYPE_TEST, NULL)
-
-// Initializes a UnitTest structure.
-#define unit_test(f) { #f, f, UNIT_TEST_FUNCTION_TYPE_TEST }
-#define unit_test_setup(test, setup) \
- { #test "_" #setup, setup, UNIT_TEST_FUNCTION_TYPE_SETUP }
-#define unit_test_teardown(test, teardown) \
- { #test "_" #teardown, teardown, UNIT_TEST_FUNCTION_TYPE_TEARDOWN }
-
-/* Initialize an array of UnitTest structures with a setup function for a test
- * and a teardown function. Either setup or teardown can be NULL.
- */
-#define unit_test_setup_teardown(test, setup, teardown) \
- unit_test_setup(test, setup), \
- unit_test(test), \
- unit_test_teardown(test, teardown)
-
-/*
- * Run tests specified by an array of UnitTest structures. The following
- * example illustrates this macro's use with the unit_test macro.
- *
- * void Test0();
- * void Test1();
- *
- * int main(int argc, char* argv[]) {
- * const UnitTest tests[] = {
- * unit_test(Test0);
- * unit_test(Test1);
- * };
- * return run_tests(tests);
- * }
- */
-#define run_tests(tests) _run_tests(tests, sizeof(tests) / sizeof(tests)[0])
-
-// Dynamic allocators
-#define test_malloc(size) _test_malloc(size, __FILE__, __LINE__)
-#define test_calloc(num, size) _test_calloc(num, size, __FILE__, __LINE__)
-#define test_free(ptr) _test_free(ptr, __FILE__, __LINE__)
-
-// Redirect malloc, calloc and free to the unit test allocators.
-#if UNIT_TESTING
-#define malloc test_malloc
-#define calloc test_calloc
-#define free test_free
-#endif // UNIT_TESTING
-
-/*
- * Ensure mock_assert() is called. If mock_assert() is called the assert
- * expression string is returned.
- * For example:
- *
- * #define assert mock_assert
- *
- * void showmessage(const char *message) {
- * assert(message);
- * }
- *
- * int main(int argc, const char* argv[]) {
- * expect_assert_failure(show_message(NULL));
- * printf("succeeded\n");
- * return 0;
- * }
- */
-#define expect_assert_failure(function_call) \
- { \
- const int expression = setjmp(global_expect_assert_env); \
- global_expecting_assert = 1; \
- if (expression) { \
- print_message("Expected assertion %s occurred\n", \
- *((const char**)&expression)); \
- global_expecting_assert = 0; \
- } else { \
- function_call ; \
- global_expecting_assert = 0; \
- print_error("Expected assert in %s\n", #function_call); \
- _fail(__FILE__, __LINE__); \
- } \
- }
-
-// Function prototype for setup, test and teardown functions.
-typedef void (*UnitTestFunction)(void **state);
-
-// Function that determines whether a function parameter value is correct.
-typedef int (*CheckParameterValue)(const uintmax_t value,
- const uintmax_t check_value_data);
-
-// Type of the unit test function.
-typedef enum UnitTestFunctionType {
- UNIT_TEST_FUNCTION_TYPE_TEST = 0,
- UNIT_TEST_FUNCTION_TYPE_SETUP,
- UNIT_TEST_FUNCTION_TYPE_TEARDOWN,
-} UnitTestFunctionType;
-
-/* Stores a unit test function with its name and type.
- * NOTE: Every setup function must be paired with a teardown function. It's
- * possible to specify NULL function pointers.
- */
-typedef struct UnitTest {
- const char* name;
- UnitTestFunction function;
- UnitTestFunctionType function_type;
-} UnitTest;
-
-
-// Location within some source code.
-typedef struct SourceLocation {
- const char* file;
- int line;
-} SourceLocation;
-
-// Event that's called to check a parameter value.
-typedef struct CheckParameterEvent {
- SourceLocation location;
- const char *parameter_name;
- CheckParameterValue check_value;
- uintmax_t check_value_data;
-} CheckParameterEvent;
-
-// Used by expect_assert_failure() and mock_assert().
-extern int global_expecting_assert;
-extern jmp_buf global_expect_assert_env;
-
-// Retrieves a value for the given function, as set by "will_return".
-uintmax_t _mock(const char * const function, const char* const file,
- const int line);
-
-void _expect_check(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const CheckParameterValue check_function,
- const uintmax_t check_data, CheckParameterEvent * const event,
- const int count);
-
-void _expect_in_set(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const uintmax_t values[],
- const size_t number_of_values, const int count);
-void _expect_not_in_set(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const uintmax_t values[],
- const size_t number_of_values, const int count);
-
-void _expect_in_range(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t minimum,
- const uintmax_t maximum, const int count);
-void _expect_not_in_range(
- const char* const function, const char* const parameter,
- const char* const file, const int line,
- const uintmax_t minimum,
- const uintmax_t maximum, const int count);
-
-void _expect_value(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const uintmax_t value,
- const int count);
-void _expect_not_value(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const uintmax_t value,
- const int count);
-
-void _expect_string(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const char* string,
- const int count);
-void _expect_not_string(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const char* string,
- const int count);
-
-void _expect_memory(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const void* const memory,
- const size_t size, const int count);
-void _expect_not_memory(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const void* const memory,
- const size_t size, const int count);
-
-void _expect_any(
- const char* const function, const char* const parameter,
- const char* const file, const int line, const int count);
-
-void _check_expected(
- const char * const function_name, const char * const parameter_name,
- const char* file, const int line, const uintmax_t value);
-
-// Can be used to replace assert in tested code so that in conjuction with
-// check_assert() it's possible to determine whether an assert condition has
-// failed without stopping a test.
-void mock_assert(const int result, const char* const expression,
- const char * const file, const int line);
-
-void _will_return(const char * const function_name, const char * const file,
- const int line, const uintmax_t value,
- const int count);
-void _assert_true(const uintmax_t result,
- const char* const expression,
- const char * const file, const int line);
-void _assert_int_equal(
- const uintmax_t a, const uintmax_t b,
- const char * const file, const int line);
-void _assert_int_not_equal(
- const uintmax_t a, const uintmax_t b,
- const char * const file, const int line);
-void _assert_string_equal(const char * const a, const char * const b,
- const char * const file, const int line);
-void _assert_string_not_equal(const char * const a, const char * const b,
- const char *file, const int line);
-void _assert_memory_equal(const void * const a, const void * const b,
- const size_t size, const char* const file,
- const int line);
-void _assert_memory_not_equal(const void * const a, const void * const b,
- const size_t size, const char* const file,
- const int line);
-void _assert_in_range(
- const uintmax_t value, const uintmax_t minimum,
- const uintmax_t maximum, const char* const file, const int line);
-void _assert_not_in_range(
- const uintmax_t value, const uintmax_t minimum,
- const uintmax_t maximum, const char* const file, const int line);
-void _assert_in_set(
- const uintmax_t value, const uintmax_t values[],
- const size_t number_of_values, const char* const file, const int line);
-void _assert_not_in_set(
- const uintmax_t value, const uintmax_t values[],
- const size_t number_of_values, const char* const file, const int line);
-
-void* _test_malloc(const size_t size, const char* file, const int line);
-void* _test_calloc(const size_t number_of_elements, const size_t size,
- const char* file, const int line);
-void _test_free(void* const ptr, const char* file, const int line);
-
-void _fail(const char * const file, const int line);
-int _run_test(
- const char * const function_name, const UnitTestFunction Function,
- void ** const volatile state, const UnitTestFunctionType function_type,
- const void* const heap_check_point);
-int _run_tests(const UnitTest * const tests, const size_t number_of_tests);
-
-// Standard output and error print methods.
-void print_message(const char* const format, ...);
-void print_error(const char* const format, ...);
-void vprint_message(const char* const format, va_list args);
-void vprint_error(const char* const format, va_list args);
-
-#endif // CMOCKERY_H_
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-zrtp_global_t *zrtp;
-
-void setup() {
- zrtp_status_t s;
- zrtp_config_t zrtp_config;
-
- zrtp_config_defaults(&zrtp_config);
-
- s = zrtp_init(&zrtp_config, &zrtp);
- assert_int_equal(s, zrtp_status_ok);
-}
-
-void teardown() {
- zrtp_down(zrtp);
-}
-
-static void dh2k_test() {
- zrtp_pk_scheme_t *pks = zrtp_comp_find(ZRTP_CC_PKT, ZRTP_PKTYPE_DH2048, zrtp);
- assert_non_null(pks);
- pks->self_test(pks);
-}
-
-static void dh3k_test() {
- zrtp_pk_scheme_t *pks = zrtp_comp_find(ZRTP_CC_PKT, ZRTP_PKTYPE_DH3072, zrtp);
- assert_non_null(pks);
- pks->self_test(pks);
-}
-
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(dh2k_test, setup, teardown),
- unit_test_setup_teardown(dh3k_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-zrtp_global_t *zrtp;
-
-extern zrtp_dk_ctx *zrtp_dk_init(zrtp_cipher_t *cipher, zrtp_stringn_t *key, zrtp_stringn_t *salt);
-extern zrtp_status_t zrtp_derive_key(zrtp_dk_ctx *ctx, zrtp_srtp_prf_label label, zrtp_stringn_t *result_key);
-extern void zrtp_dk_deinit(zrtp_dk_ctx *ctx);
-
-static uint8_t dk_master_key[16] = {
- 0xE1, 0xF9, 0x7A, 0x0D, 0x3E, 0x01, 0x8B, 0xE0,
- 0xD6, 0x4F, 0xA3, 0x2C, 0x06, 0xDE, 0x41, 0x39
-};
-
-static uint8_t dk_master_salt[14] = {
- 0x0E, 0xC6, 0x75, 0xAD, 0x49, 0x8A, 0xFE, 0xEB,
- 0xB6, 0x96, 0x0B, 0x3A, 0xAB, 0xE6
-};
-
-
-static uint8_t dk_cipher_key[16] = {
- 0xC6, 0x1E, 0x7A, 0x93, 0x74, 0x4F, 0x39, 0xEE,
- 0x10, 0x73, 0x4A, 0xFE, 0x3F, 0xF7, 0xA0, 0x87
-};
-
-static uint8_t dk_cipher_salt[14] = {
- 0x30, 0xCB, 0xBC, 0x08, 0x86, 0x3D, 0x8C, 0x85,
- 0xD4, 0x9D, 0xB3, 0x4A, 0x9A, 0xE1
-};
-
-static uint8_t dk_auth_key[94] = {
- 0xCE, 0xBE, 0x32, 0x1F, 0x6F, 0xF7, 0x71, 0x6B,
- 0x6F, 0xD4, 0xAB, 0x49, 0xAF, 0x25, 0x6A, 0x15,
- 0x6D, 0x38, 0xBA, 0xA4, 0x8F, 0x0A, 0x0A, 0xCF,
- 0x3C, 0x34, 0xE2, 0x35, 0x9E, 0x6C, 0xDB, 0xCE,
- 0xE0, 0x49, 0x64, 0x6C, 0x43, 0xD9, 0x32, 0x7A,
- 0xD1, 0x75, 0x57, 0x8E, 0xF7, 0x22, 0x70, 0x98,
- 0x63, 0x71, 0xC1, 0x0C, 0x9A, 0x36, 0x9A, 0xC2,
- 0xF9, 0x4A, 0x8C, 0x5F, 0xBC, 0xDD, 0xDC, 0x25,
- 0x6D, 0x6E, 0x91, 0x9A, 0x48, 0xB6, 0x10, 0xEF,
- 0x17, 0xC2, 0x04, 0x1E, 0x47, 0x40, 0x35, 0x76,
- 0x6B, 0x68, 0x64, 0x2C, 0x59, 0xBB, 0xFC, 0x2F,
- 0x34, 0xDB, 0x60, 0xDB, 0xDF, 0xB2
-};
-
-
-void setup() {
- zrtp_status_t s;
- zrtp_config_t zrtp_config;
-
- zrtp_config_defaults(&zrtp_config);
-
- s = zrtp_init(&zrtp_config, &zrtp);
- assert_int_equal(s, zrtp_status_ok);
-}
-
-void teardown() {
- zrtp_down(zrtp);
-}
-
-zrtp_status_t hex_cmp(uint8_t *a, uint8_t *b, uint32_t len)
-{
- uint32_t i;
- zrtp_status_t res = zrtp_status_ok;
- for (i = 0; i<len; i++) {
- if (a[i] != b[i]) {
- res = zrtp_status_fail;
- break;
- }
- }
- return res;
-}
-
-static void dk_test() {
-
- zrtp_status_t res;
- zrtp_string16_t master_key, master_salt, cipher_key, cipher_salt;
- zrtp_string128_t auth_key;
- zrtp_dk_ctx *ctx;
-
- zrtp_cipher_t *cipher = zrtp_comp_find(ZRTP_CC_CIPHER, ZRTP_CIPHER_AES128, zrtp);
- assert_non_null(cipher);
-
- master_key.length = master_key.max_length = 16;
- zrtp_memcpy(master_key.buffer, dk_master_key, 16);
-
- master_salt.length = 14;
- master_salt.max_length = 16;
- zrtp_memcpy(master_salt.buffer, dk_master_salt, 14);
-
-
- ctx = zrtp_dk_init(cipher, (zrtp_stringn_t*)&master_key, (zrtp_stringn_t*)&master_salt);
- assert_non_null(ctx);
-
- cipher_key.length = 16;
- cipher_key.max_length = 16;
-
- zrtp_derive_key(ctx, label_rtp_encryption, (zrtp_stringn_t*)&cipher_key);
- res = hex_cmp((uint8_t*)cipher_key.buffer, dk_cipher_key, cipher_key.length);
- assert_int_equal(res, zrtp_status_ok);
-
-
- cipher_salt.length = 14;
- cipher_salt.max_length = 16;
-
- zrtp_derive_key(ctx, label_rtp_salt, (zrtp_stringn_t*)&cipher_salt);
- res = hex_cmp((uint8_t*)cipher_salt.buffer, dk_cipher_salt, cipher_salt.length);
- assert_int_equal(res, zrtp_status_ok);
-
-
- auth_key.length = 94;
- auth_key.max_length = 128;
-
- zrtp_derive_key(ctx, label_rtp_msg_auth, (zrtp_stringn_t*)&auth_key);
- res = hex_cmp((uint8_t*)auth_key.buffer, dk_auth_key, auth_key.length);
- assert_int_equal(res, zrtp_status_ok);
-
- zrtp_dk_deinit(ctx);
-}
-
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(dk_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-zrtp_global_t *zrtp;
-
-void setup() {
- zrtp_status_t s;
- zrtp_config_t zrtp_config;
-
- zrtp_config_defaults(&zrtp_config);
-
- s = zrtp_init(&zrtp_config, &zrtp);
- assert_int_equal(s, zrtp_status_ok);
-}
-
-void teardown() {
- zrtp_down(zrtp);
-}
-
-
-static void ecdh256_test() {
- zrtp_pk_scheme_t *pks = zrtp_comp_find(ZRTP_CC_PKT, ZRTP_PKTYPE_EC256P, zrtp);
- assert_non_null(pks);
- pks->self_test(pks);
-}
-
-static void ecdh384_test() {
- zrtp_pk_scheme_t *pks = zrtp_comp_find(ZRTP_CC_PKT, ZRTP_PKTYPE_EC384P, zrtp);
- assert_non_null(pks);
- pks->self_test(pks);
-}
-
-static void ecdh512_test() {
- zrtp_pk_scheme_t *pks = zrtp_comp_find(ZRTP_CC_PKT, ZRTP_PKTYPE_EC521P, zrtp);
- assert_non_null(pks);
- pks->self_test(pks);
-}
-
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(ecdh256_test, setup, teardown),
- unit_test_setup_teardown(ecdh384_test, setup, teardown),
- unit_test_setup_teardown(ecdh512_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h> /*chmockery dependency*/
-#include <stdio.h> /*chmockery dependency*/
-#include <unistd.h> /*for usleep*/
-
-#include "cmockery/cmockery.h"
-#include "test_engine.h"
-
-static zrtp_test_id_t g_alice, g_bob;
-static zrtp_test_id_t g_alice_sid, g_bob_sid;
-static zrtp_test_id_t g_secure_audio_channel;
-
-
-static void prepare_alice_bob() {
- zrtp_status_t s;
-
- zrtp_test_session_cfg_t session_config;
- zrtp_test_session_config_defaults(&session_config);
-
- /*
- * Create two test sessions, one for Alice and one for Bob and link them
- * into test secure channel
- */
- s = zrtp_test_session_create(g_alice, &session_config, &g_alice_sid);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_alice_sid);
-
- s = zrtp_test_session_create(g_bob, &session_config, &g_bob_sid);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_bob_sid);
-
- s = zrtp_test_channel_create2(g_alice_sid, g_bob_sid, 0, &g_secure_audio_channel);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_secure_audio_channel);
-}
-
-static void release_alice_bob() {
- zrtp_test_session_destroy(g_alice_sid);
- zrtp_test_session_destroy(g_bob_sid);
-
- zrtp_test_channel_destroy(g_secure_audio_channel);
-}
-
-static void start_alice_bob_and_wait4secure() {
- zrtp_status_t s;
- zrtp_test_channel_info_t channel_info;
-
- /* Everything is ready. Let's start the stream and give it few seconds to switch secure. */
- s = zrtp_test_channel_start(g_secure_audio_channel);
- assert_int_equal(zrtp_status_ok, s);
-
- unsigned i = 30;
- for (; i>0; i--) {
- usleep(100*1000);
- }
-
- s = zrtp_test_channel_get(g_secure_audio_channel, &channel_info);
- assert_int_equal(zrtp_status_ok, s);
-
- assert_true(channel_info.is_secure);
-}
+++ /dev/null
-
-static zrtp_test_id_t g_alice, g_bob, g_pbx;
-static zrtp_test_id_t g_alice_sid, g_bob_sid, g_pbxa_sid, g_pbxb_sid;
-static zrtp_test_id_t g_alice2pbx_channel, g_bob2pbx_channel;
-
-static void pbx_setup() {
- zrtp_status_t s;
-
- zrtp_test_endpoint_cfg_t endpoint_cfg;
- zrtp_test_endpoint_config_defaults(&endpoint_cfg);
-
- s = zrtp_test_endpoint_create(&endpoint_cfg, "Alice", &g_alice);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_alice);
-
- s = zrtp_test_endpoint_create(&endpoint_cfg, "Bob", &g_bob);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_bob);
-
- endpoint_cfg.zrtp.is_mitm = 1;
- s = zrtp_test_endpoint_create(&endpoint_cfg, "PBX", &g_pbx);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_pbx);
-}
-
-static void pbx_teardown() {
- zrtp_test_endpoint_destroy(g_alice);
- zrtp_test_endpoint_destroy(g_bob);
- zrtp_test_endpoint_destroy(g_pbx);
-}
-
-
-static void prepare_alice_pbx_bob_setup(zrtp_test_session_cfg_t *alice_sconfig,
- zrtp_test_session_cfg_t *bob_sconfig,
- zrtp_test_session_cfg_t *pbxa_sconfig,
- zrtp_test_session_cfg_t *pbxb_sconfig) {
- zrtp_status_t s;
-
- if (alice_sconfig) {
- assert_non_null(pbxa_sconfig);
-
- s = zrtp_test_session_create(g_alice, alice_sconfig, &g_alice_sid);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_alice_sid);
-
- s = zrtp_test_session_create(g_pbx, pbxa_sconfig, &g_pbxa_sid);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_pbxa_sid);
-
- s = zrtp_test_channel_create2(g_alice_sid, g_pbxa_sid, 0, &g_alice2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_alice2pbx_channel);
- }
-
- if (bob_sconfig) {
- assert_non_null(pbxb_sconfig);
-
- s = zrtp_test_session_create(g_bob, bob_sconfig, &g_bob_sid);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_bob_sid);
-
- s = zrtp_test_session_create(g_pbx, pbxb_sconfig, &g_pbxb_sid);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_pbxb_sid);
-
- s = zrtp_test_channel_create2(g_bob_sid, g_pbxb_sid, 0, &g_bob2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_bob2pbx_channel);
- }
-}
-
-static void cleanup_alice_pbx_bob_setup() {
- zrtp_test_session_destroy(g_alice_sid);
- zrtp_test_session_destroy(g_bob_sid);
- zrtp_test_session_destroy(g_pbxa_sid);
- zrtp_test_session_destroy(g_pbxb_sid);
-
- zrtp_test_channel_destroy(g_alice2pbx_channel);
- zrtp_test_channel_destroy(g_bob2pbx_channel);
-}
-
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h> /*chmockery dependency*/
-#include <stdio.h> /*chmockery dependency*/
-#include <unistd.h> /*for usleep*/
-
-#include "cmockery/cmockery.h"
-#include "test_engine.h"
-
-#include "enroll_test_helpers.c"
-
-static void enrollment_test() {
- zrtp_status_t s;
-
- zrtp_test_channel_info_t a2pbx_channel_info;
- zrtp_test_session_cfg_t session_config, session_config_enroll;
- zrtp_test_session_config_defaults(&session_config);
- zrtp_test_session_config_defaults(&session_config_enroll);
-
- session_config_enroll.is_enrollment = 1;
-
- /**************************************************************************
- * Enroll Alice to PBX and check triggered events.
- */
- prepare_alice_pbx_bob_setup(&session_config, NULL, &session_config_enroll, NULL);
-
- /* Everything is ready. Let's start the stream and give it few seconds to switch secure. */
- s = zrtp_test_channel_start(g_alice2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
-
- int i = 30;
- for (; i>0; i--) {
- usleep(100*1000);
- }
-
- s = zrtp_test_channel_get(g_alice2pbx_channel, &a2pbx_channel_info);
- assert_int_equal(zrtp_status_ok, s);
-
- /* Both, Alice and PBX should switch secure */
- assert_true(a2pbx_channel_info.is_secure);
-
- /* Alice should receive Enrollment notification */
- zrtp_test_id_t alice2pbx_stream = zrtp_test_session_get_stream_by_idx(g_alice_sid, 0);
- assert_true(zrtp_stream_did_event_receive(alice2pbx_stream, ZRTP_EVENT_IS_CLIENT_ENROLLMENT));
-
- /* PBX streams should receive incoming enrollment notification */
- zrtp_test_id_t pbx2alice_stream = zrtp_test_session_get_stream_by_idx(g_pbxa_sid, 0);
- assert_true(zrtp_stream_did_event_receive(pbx2alice_stream, ZRTP_EVENT_NEW_USER_ENROLLED));
-
- /* Confirm enrollment at the PBX side */
- s = zrtp_register_with_trusted_mitm(zrtp_stream_for_test_stream(alice2pbx_stream));
- assert_int_equal(zrtp_status_ok, s);
-
- /* Clean-up */
- cleanup_alice_pbx_bob_setup();
-
- /**************************************************************************
- * Try to make one more enrollment call. This time it should say "Already enrolled"
- */
- prepare_alice_pbx_bob_setup(&session_config, NULL, &session_config_enroll, NULL);
-
- /* Everything is ready. Let's start the stream and give it few seconds to switch secure. */
- s = zrtp_test_channel_start(g_alice2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
-
- i = 30;
- for (; i>0; i--) {
- usleep(100*1000);
- }
-
- s = zrtp_test_channel_get(g_alice2pbx_channel, &a2pbx_channel_info);
- assert_int_equal(zrtp_status_ok, s);
-
- assert_true(a2pbx_channel_info.is_secure);
-
- /* Alice should receive Enrollment notification */
- alice2pbx_stream = zrtp_test_session_get_stream_by_idx(g_alice_sid, 0);
- assert_true(zrtp_stream_did_event_receive(alice2pbx_stream, ZRTP_EVENT_IS_CLIENT_ENROLLMENT));
-
- /* PBX streams should receive incoming enrollment notification */
- pbx2alice_stream = zrtp_test_session_get_stream_by_idx(g_pbxa_sid, 0);
- assert_true(zrtp_stream_did_event_receive(pbx2alice_stream, ZRTP_EVENT_USER_ALREADY_ENROLLED));
-
- // TODO: check if we have PBX secret cached
- // TODO: test zrtp_is_user_enrolled()
-}
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(enrollment_test, pbx_setup, pbx_teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "engine_helpers.c"
-
-static void setup() {
- zrtp_status_t s;
-
- zrtp_test_endpoint_cfg_t endpoint_cfg;
- zrtp_test_endpoint_config_defaults(&endpoint_cfg);
-
- s = zrtp_test_endpoint_create(&endpoint_cfg, "Alice", &g_alice);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_alice);
-
- s = zrtp_test_endpoint_create(&endpoint_cfg, "Bob", &g_bob);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_bob);
-}
-
-static void teardown() {
- zrtp_test_endpoint_destroy(g_alice);
- zrtp_test_endpoint_destroy(g_bob);
-}
-
-
-static void go_secure_test() {
- /*
- * Create two test sessions, one for Alice and one for Bob and link them
- * into test secure channel
- */
- prepare_alice_bob();
- start_alice_bob_and_wait4secure();
- release_alice_bob();
-}
-
-static void go_secure_flags_test() {
- zrtp_status_t s;
- zrtp_test_session_info_t alice_ses_info;
-
- prepare_alice_bob();
-
- start_alice_bob_and_wait4secure();
-
- /* All flags should be clear */
- s = zrtp_test_session_get(g_alice_sid, &alice_ses_info);
- assert_int_equal(zrtp_status_ok, s);
-
- assert_int_equal(0, alice_ses_info.zrtp.matches_flags);
- assert_int_equal(0, alice_ses_info.zrtp.cached_flags);
- assert_int_equal(0, alice_ses_info.zrtp.wrongs_flags);
-
- /*
- * Now let's make one more call, RS1 should match and cached
- */
- release_alice_bob();
-
- prepare_alice_bob();
-
- start_alice_bob_and_wait4secure();
-
- s = zrtp_test_session_get(g_alice_sid, &alice_ses_info);
- assert_int_equal(zrtp_status_ok, s);
-
- assert_int_equal((int)ZRTP_BIT_RS1, alice_ses_info.zrtp.matches_flags);
- assert_int_equal((int)ZRTP_BIT_RS1, alice_ses_info.zrtp.cached_flags);
- assert_int_equal(0, alice_ses_info.zrtp.wrongs_flags);
-
- /*
- * And one more time.. both RS1 and RS2 should be cached and should match.
- */
- release_alice_bob();
-
- prepare_alice_bob();
-
- start_alice_bob_and_wait4secure();
-
- s = zrtp_test_session_get(g_alice_sid, &alice_ses_info);
- assert_int_equal(zrtp_status_ok, s);
-
- assert_int_equal((int)(ZRTP_BIT_RS1 | ZRTP_BIT_RS2) , alice_ses_info.zrtp.matches_flags);
- assert_int_equal((int)(ZRTP_BIT_RS1 | ZRTP_BIT_RS2), alice_ses_info.zrtp.cached_flags);
- assert_int_equal(0, alice_ses_info.zrtp.wrongs_flags);
-}
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(go_secure_test, setup, teardown),
- unit_test_setup_teardown(go_secure_flags_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-zrtp_global_t *zrtp;
-
-void setup() {
- zrtp_status_t s;
- zrtp_config_t zrtp_config;
-
- zrtp_config_defaults(&zrtp_config);
-
- s = zrtp_init(&zrtp_config, &zrtp);
- assert_int_equal(s, zrtp_status_ok);
-}
-
-void teardown() {
- zrtp_down(zrtp);
-}
-
-static void sha1_hash_test() {
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_SRTP_HASH_HMAC_SHA1, zrtp);
- assert_non_null(hash);
- hash->hash_self_test(hash);
-}
-
-static void sha1_hmac_test() {
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_SRTP_HASH_HMAC_SHA1, zrtp);
- assert_non_null(hash);
- hash->hmac_self_test(hash);
-}
-
-static void sha256_hash_test() {
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, zrtp);
- assert_non_null(hash);
- hash->hash_self_test(hash);
-}
-
-static void sha256_hmac_test() {
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA256, zrtp);
- assert_non_null(hash);
- hash->hmac_self_test(hash);
-}
-
-static void sha384_hash_test() {
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA384, zrtp);
- assert_non_null(hash);
- hash->hash_self_test(hash);
-}
-
-static void sha384_hmac_test() {
- zrtp_hash_t *hash = zrtp_comp_find(ZRTP_CC_HASH, ZRTP_HASH_SHA384, zrtp);
- assert_non_null(hash);
- hash->hmac_self_test(hash);
-}
-
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(sha1_hash_test, setup, teardown),
- unit_test_setup_teardown(sha1_hmac_test, setup, teardown),
- unit_test_setup_teardown(sha256_hash_test, setup, teardown),
- unit_test_setup_teardown(sha256_hmac_test, setup, teardown),
- unit_test_setup_teardown(sha384_hash_test, setup, teardown),
- unit_test_setup_teardown(sha384_hmac_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-zrtp_global_t *zrtp;
-
-void setup() {
- zrtp_status_t s;
- zrtp_config_t zrtp_config;
-
- zrtp_config_defaults(&zrtp_config);
-
- s = zrtp_init(&zrtp_config, &zrtp);
- assert_int_equal(s, zrtp_status_ok);
-}
-
-void teardown() {
- zrtp_down(zrtp);
-}
-
-
-static void session_init_fails_with_no_dh2k() {
- zrtp_profile_t profile;
- zrtp_status_t s;
-
- zrtp_session_t *new_session;
-
- /* Let's initialize ZRTP session with default profile first */
- zrtp_profile_defaults(&profile, zrtp);
-
- new_session = NULL;
- s = zrtp_session_init(zrtp,
- &profile,
- ZRTP_SIGNALING_ROLE_INITIATOR,
- &new_session);
-
- assert_int_equal(zrtp_status_ok, s);
- assert_non_null(new_session);
-
- /* Then disable DH2K and leave just mandatory parameters */
- profile.pk_schemes[0] = ZRTP_PKTYPE_DH3072;
- profile.pk_schemes[1] = ZRTP_PKTYPE_MULT;
- profile.pk_schemes[2] = 0;
-
- new_session = NULL;
- s = zrtp_session_init(zrtp,
- &profile,
- ZRTP_SIGNALING_ROLE_INITIATOR,
- &new_session);
-
- assert_int_equal(zrtp_status_ok, s);
- assert_non_null(new_session);
-
- /* Let's try to disable Multi key exchange, it should produce an error. */
- profile.pk_schemes[0] = ZRTP_PKTYPE_DH3072;
- profile.pk_schemes[1] = 0;
-
- new_session = NULL;
- s = zrtp_session_init(zrtp,
- &profile,
- ZRTP_SIGNALING_ROLE_INITIATOR,
- &new_session);
-
- assert_int_not_equal(zrtp_status_ok, s);
- assert_null(new_session);
-
- /* Profile checking with one of mandatory components missing should return error too. */
- s = zrtp_profile_check(&profile, zrtp);
- assert_int_not_equal(zrtp_status_ok, s);
-
- /* NOTE: we ignore memory leaks and don't destroy ZRTP sessions to make test sources cleaner */
-}
-
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(session_init_fails_with_no_dh2k, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-#include "queue.h"
-
-struct zrtp_queue {
- zrtp_sem_t* size_sem;
- zrtp_sem_t* main_sem;
- zrtp_mutex_t* mutex;
- mlist_t head;
- uint32_t size;
-};
-
-
-zrtp_status_t zrtp_test_queue_create(zrtp_queue_t** queue) {
-
- zrtp_status_t s = zrtp_status_fail;
- zrtp_queue_t* new_queue = (zrtp_queue_t*) zrtp_sys_alloc(sizeof(zrtp_queue_t));
- if (! new_queue) {
- return zrtp_status_fail;
- }
- zrtp_memset(new_queue, 0, sizeof(zrtp_queue_t));
-
- do {
- s = zrtp_sem_init(&new_queue->size_sem, ZRTP_QUEUE_SIZE, ZRTP_QUEUE_SIZE);
- if (zrtp_status_ok != s) {
- break;
- }
- s = zrtp_sem_init(&new_queue->main_sem, 0, ZRTP_QUEUE_SIZE);
- if (zrtp_status_ok != s) {
- break;
- }
-
- s = zrtp_mutex_init(&new_queue->mutex);
- if (zrtp_status_ok != s) {
- break;
- }
-
- init_mlist(&new_queue->head);
- new_queue->size = 0;
-
- s = zrtp_status_ok;
- } while (0);
-
- if (zrtp_status_ok != s) {
- if (new_queue->size_sem) {
- zrtp_sem_destroy(new_queue->size_sem);
- }
- if (new_queue->main_sem) {
- zrtp_sem_destroy(new_queue->main_sem);
- }
- if (new_queue->mutex) {
- zrtp_mutex_destroy(new_queue->mutex);
- }
- }
-
- *queue = new_queue;
-
- return s;
-}
-
-void zrtp_test_queue_destroy(zrtp_queue_t* queue) {
- if (queue->size_sem) {
- zrtp_sem_destroy(queue->size_sem);
- }
- if (queue->main_sem) {
- zrtp_sem_destroy(queue->main_sem);
- }
- if (queue->mutex) {
- zrtp_mutex_destroy(queue->mutex);
- }
-}
-
-
-void zrtp_test_queue_push(zrtp_queue_t* queue, zrtp_queue_elem_t* elem) {
- zrtp_sem_wait(queue->size_sem);
-
- zrtp_mutex_lock(queue->mutex);
- mlist_add_tail(&queue->head, &elem->_mlist);
- queue->size++;
- zrtp_mutex_unlock(queue->mutex);
-
- zrtp_sem_post(queue->main_sem);
-}
-
-zrtp_queue_elem_t* zrtp_test_queue_pop(zrtp_queue_t* queue) {
- zrtp_queue_elem_t* res = NULL;
- zrtp_sem_wait(queue->main_sem);
-
- zrtp_mutex_lock(queue->mutex);
- if (queue->size) {
- zrtp_queue_elem_t* elem_cover = mlist_get_struct(zrtp_queue_elem_t, _mlist, queue->head.next);
- res = elem_cover;
- mlist_del(queue->head.next);
-
- queue->size--;
- zrtp_sem_post(queue->size_sem);
- } else {
- zrtp_sem_post(queue->main_sem);
- }
- zrtp_mutex_unlock(queue->mutex);
-
- return res;
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#ifndef __ZRTP_TEST_QUEUE_H__
-#define __ZRTP_TEST_QUEUE_H__
-
-#include "zrtp.h"
-
-#define ZRTP_QUEUE_SIZE 2000
-
-typedef struct zrtp_queue_elem {
- char data[1500];
- uint32_t size;
- mlist_t _mlist;
-} zrtp_queue_elem_t;
-typedef struct zrtp_queue zrtp_queue_t;
-
-zrtp_status_t zrtp_test_queue_create(zrtp_queue_t** queue);
-void zrtp_test_queue_destroy(zrtp_queue_t* queue);
-void zrtp_test_queue_push(zrtp_queue_t* queue, zrtp_queue_elem_t* elem);
-zrtp_queue_elem_t* zrtp_test_queue_pop(zrtp_queue_t* queue);
-
-#endif /* __ZRTP_TEST_QUEUE_H__ */
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h> /*chmockery dependency*/
-#include <stdio.h> /*chmockery dependency*/
-#include <unistd.h> /*for usleep*/
-
-#include "cmockery/cmockery.h"
-#include "test_engine.h"
-
-#include "enroll_test_helpers.c"
-
-static void enrollment_test() {
- zrtp_status_t s;
-
- zrtp_test_channel_info_t a2pbx_channel_info, b2pbx_channel_info;
- zrtp_test_session_cfg_t session_config, session_config_enroll;
- zrtp_test_session_config_defaults(&session_config);
- zrtp_test_session_config_defaults(&session_config_enroll);
-
- session_config_enroll.is_enrollment = 1;
-
- /**************************************************************************
- * Enroll both Alice and Bob to PBX
- */
- prepare_alice_pbx_bob_setup(&session_config, &session_config, &session_config_enroll, &session_config_enroll);
-
- /* Everything is ready. Let's start the stream and give it few seconds to switch secure. */
- s = zrtp_test_channel_start(g_alice2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
- s = zrtp_test_channel_start(g_bob2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
-
- int i = 30;
- for (; i>0; i--) {
- usleep(100*1000);
- }
-
- s = zrtp_test_channel_get(g_alice2pbx_channel, &a2pbx_channel_info);
- assert_int_equal(zrtp_status_ok, s);
- s = zrtp_test_channel_get(g_bob2pbx_channel, &b2pbx_channel_info);
- assert_int_equal(zrtp_status_ok, s);
-
- /* Both, Alice and Bob should switch secure and ready for enrollment */
- assert_true(a2pbx_channel_info.is_secure);
- assert_true(b2pbx_channel_info.is_secure);
-
- /* Confirm enrollment for both, Alice and Bob */
- zrtp_test_id_t alice2pbx_stream = zrtp_test_session_get_stream_by_idx(g_alice_sid, 0);
- zrtp_test_id_t bob2pbx_stream = zrtp_test_session_get_stream_by_idx(g_bob_sid, 0);
-
- s = zrtp_register_with_trusted_mitm(zrtp_stream_for_test_stream(alice2pbx_stream));
- assert_int_equal(zrtp_status_ok, s);
- s = zrtp_register_with_trusted_mitm(zrtp_stream_for_test_stream(bob2pbx_stream));
- assert_int_equal(zrtp_status_ok, s);
-
- /* Clean-up */
- cleanup_alice_pbx_bob_setup();
-
- /**************************************************************************
- * Now, when we have two enrolled parties, make one more call and initiate
- * SAS Relay at the PBX side. Both endpoints should received SASRelay, but
- * just one should get ZRTP_EVENT_LOCAL_SAS_UPDATED event.
- */
-
- prepare_alice_pbx_bob_setup(&session_config, &session_config, &session_config, &session_config);
-
- /* Everything is ready. Let's start the stream and give it few seconds to switch secure. */
- s = zrtp_test_channel_start(g_alice2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
- s = zrtp_test_channel_start(g_bob2pbx_channel);
- assert_int_equal(zrtp_status_ok, s);
-
- i = 30;
- for (; i>0; i--) {
- usleep(100*1000);
- }
-
- s = zrtp_test_channel_get(g_alice2pbx_channel, &a2pbx_channel_info);
- assert_int_equal(zrtp_status_ok, s);
- s = zrtp_test_channel_get(g_bob2pbx_channel, &b2pbx_channel_info);
- assert_int_equal(zrtp_status_ok, s);
-
- /* Both, Alice and Bob should switch secure */
- assert_true(a2pbx_channel_info.is_secure);
- assert_true(b2pbx_channel_info.is_secure);
-
- zrtp_test_id_t pbx2alice_stream = zrtp_test_session_get_stream_by_idx(g_pbxa_sid, 0);
- zrtp_test_id_t pbx2bob_stream = zrtp_test_session_get_stream_by_idx(g_pbxb_sid, 0);
- alice2pbx_stream = zrtp_test_session_get_stream_by_idx(g_alice_sid, 0);
- bob2pbx_stream = zrtp_test_session_get_stream_by_idx(g_bob_sid, 0);
-
- /* Resolve MiTM call! */
- s = zrtp_resolve_mitm_call(zrtp_stream_for_test_stream(pbx2alice_stream),
- zrtp_stream_for_test_stream(pbx2bob_stream));
-
- i = 20;
- for (; i>0; i--) {
- usleep(100*1000);
- }
-
- /* Alice and Bob should receive Enrollment notification */
- unsigned sas_update1 = zrtp_stream_did_event_receive(alice2pbx_stream, ZRTP_EVENT_LOCAL_SAS_UPDATED);
- unsigned sas_update2 = zrtp_stream_did_event_receive(bob2pbx_stream, ZRTP_EVENT_LOCAL_SAS_UPDATED);
- assert_true(sas_update1 ^ sas_update2);
-
- /* Clean-up */
- cleanup_alice_pbx_bob_setup();
-}
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(enrollment_test, pbx_setup, pbx_teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <setjmp.h>
-#include <stdio.h>
-
-#include "zrtp.h"
-#include "cmockery/cmockery.h"
-
-#define _ZTU_ "srtp replay test"
-
-zrtp_global_t *zrtp;
-
-#define TEST_MAP_WIDTH 64
-#if TEST_MAP_WIDTH%8
-# define TEST_MAP_WIDTH_BYTES TEST_MAP_WIDTH/8+1
-#else
-# define TEST_MAP_WIDTH_BYTES TEST_MAP_WIDTH/8
-#endif
-
-#define FIRST_TEST_MAP_INIT_WIDTH 24
-
-extern zrtp_rp_node_t *get_rp_node_non_lock(zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc);
-extern zrtp_rp_node_t *add_rp_node(zrtp_srtp_ctx_t *srtp_ctx, zrtp_rp_ctx_t *ctx, uint8_t direction, uint32_t ssrc);
-extern zrtp_status_t zrtp_srtp_rp_check(zrtp_srtp_rp_t *srtp_rp, zrtp_rtp_info_t *packet);
-extern zrtp_status_t zrtp_srtp_rp_add(zrtp_srtp_rp_t *srtp_rp, zrtp_rtp_info_t *packet);
-
-
-void setup() {
- zrtp_status_t s;
- zrtp_config_t zrtp_config;
-
- zrtp_config_defaults(&zrtp_config);
-
- s = zrtp_init(&zrtp_config, &zrtp);
- assert_int_equal(s, zrtp_status_ok);
-}
-
-void teardown() {
- zrtp_down(zrtp);
-}
-
-static void print_map(uint8_t *map, int width_bytes)
-{
- int i;
- for(i=width_bytes-1; i >= 0; i--) {
- ZRTP_LOGC(3, ("%i%i%i%i%i%i%i%i",
- zrtp_bitmap_get_bit(map, 8*i+7),
- zrtp_bitmap_get_bit(map, 8*i+6),
- zrtp_bitmap_get_bit(map, 8*i+5),
- zrtp_bitmap_get_bit(map, 8*i+4),
- zrtp_bitmap_get_bit(map, 8*i+3),
- zrtp_bitmap_get_bit(map, 8*i+2),
- zrtp_bitmap_get_bit(map, 8*i+1),
- zrtp_bitmap_get_bit(map, 8*i+0)));
- }
- ZRTP_LOG(3, (_ZTU_, "\n"));
-}
-
-static void init_random_map(uint8_t *map, int width, zrtp_global_t *zrtp) {
- int i;
- for(i=0; i<width; i++) {
- uint32_t rnd = 0;
- zrtp_randstr(zrtp, (uint8_t*)&rnd, sizeof(rnd));
- if(rnd%10 < 5) {
- zrtp_bitmap_set_bit(map, i);
- } else {
- zrtp_bitmap_clear_bit(map, i);
- }
- }
-}
-
-void inject_from_map( zrtp_srtp_global_t *srtp_global,
- uint32_t ssrc,
- uint8_t *src_map, uint8_t *dst_map, int width) {
- zrtp_rp_node_t *rp_node;
- int i;
- zrtp_rtp_info_t pkt;
-
- rp_node = get_rp_node_non_lock(srtp_global->rp_ctx, RP_INCOMING_DIRECTION, ssrc);
- if (NULL == rp_node) {
- return;
- }
-
- for (i=0; i< width; i++) {
- if (1 == zrtp_bitmap_get_bit(src_map, i)) {
- pkt.seq = i;
- if (zrtp_status_ok == zrtp_srtp_rp_check(&rp_node->rtp_rp, &pkt)) {
- zrtp_bitmap_set_bit(dst_map, i);
- zrtp_srtp_rp_add(&rp_node->rtp_rp, &pkt);
- }
- }
- }
-}
-
-// TODO: split test into several, more atomic tests
-static void srtp_replay_test() {
- int res = 0;
- uint32_t ssrc = 1;
- int i = 0;
- uint8_t test_map[TEST_MAP_WIDTH_BYTES];
- uint8_t result_map[TEST_MAP_WIDTH_BYTES];
- uint8_t tmp_window[ZRTP_SRTP_WINDOW_WIDTH_BYTES];
- uint32_t tmp_seq;
- int delta, shift;
-
- zrtp_rp_node_t *rp_node;
- zrtp_srtp_global_t *srtp = zrtp->srtp_global;
-
- rp_node = add_rp_node(NULL, srtp->rp_ctx, RP_INCOMING_DIRECTION, ssrc);
- assert_non_null(rp_node);
-
- for (i=0; i< TEST_MAP_WIDTH_BYTES; i++) {
- test_map[i] = 0;
- result_map[i] = 0;
- }
- /*
- * 1st test
- * ----------------------------------------------------------------------
- */
- init_random_map(test_map, FIRST_TEST_MAP_INIT_WIDTH, zrtp);
- inject_from_map(srtp, ssrc, test_map, result_map, TEST_MAP_WIDTH);
-
- ZRTP_LOG(3, (_ZTU_,"1st test. Wnd[%i]...\n", ZRTP_SRTP_WINDOW_WIDTH));
-
- tmp_seq = rp_node->rtp_rp.seq;
- for (i=0; i<ZRTP_SRTP_WINDOW_WIDTH_BYTES; i++) {
- tmp_window[i] = rp_node->rtp_rp.window[i];
- }
-
- delta = tmp_seq-ZRTP_SRTP_WINDOW_WIDTH + 1;
- if (delta > 0) {
- ZRTP_LOG(3, (_ZTU_,"after wnd: (%i;0]\n", delta));
- ZRTP_LOG(3, (_ZTU_,"inside wnd: [%i;%i]\n", tmp_seq, delta));
- } else {
- ZRTP_LOG(3, (_ZTU_,"after wnd: (0;0)\n"));
- ZRTP_LOG(3, (_ZTU_,"inside wnd: [%i;0]\n", tmp_seq));
- }
-
- ZRTP_LOG(3, (_ZTU_,"before wnd: [%i;%i)\n", TEST_MAP_WIDTH-1, tmp_seq));
-
- ZRTP_LOG(3, (_ZTU_,"Test map: "));
- print_map(test_map, TEST_MAP_WIDTH_BYTES);
-
- ZRTP_LOG(3, (_ZTU_,"Res map: "));
- print_map(result_map, TEST_MAP_WIDTH_BYTES);
-
- shift = TEST_MAP_WIDTH;
- shift -= rp_node->rtp_rp.seq + 1;
-
- ZRTP_LOG(3, (_ZTU_,"Window : "));
- for(i=shift; i > 0; i--){
- ZRTP_LOGC(3, (" "));
- }
- print_map(rp_node->rtp_rp.window, ZRTP_SRTP_WINDOW_WIDTH_BYTES);
-
- /*
- * 2nd test
- * ----------------------------------------------------------------------
- */
- for(i=0; i< TEST_MAP_WIDTH_BYTES; i++){
- test_map[i] = 0;
- result_map[i] = 0;
- }
-
- init_random_map(test_map, TEST_MAP_WIDTH, zrtp);
- inject_from_map(srtp, ssrc, test_map, result_map, TEST_MAP_WIDTH);
-
- ZRTP_LOG(3, (_ZTU_,"2nd test. Wnd[%i]...\n", ZRTP_SRTP_WINDOW_WIDTH));
- ZRTP_LOG(3, (_ZTU_,"Test map: "));
- print_map(test_map, TEST_MAP_WIDTH_BYTES);
-
- ZRTP_LOG(3, (_ZTU_,"Res map: "));
- print_map(result_map, TEST_MAP_WIDTH_BYTES);
-
- shift = TEST_MAP_WIDTH;
- shift -= rp_node->rtp_rp.seq + 1;
-
- ZRTP_LOG(3, (_ZTU_,"Window : "));
- for (i=shift; i > 0; i--) {
- //zrtp_print_log(ZRTP_LOG_DEBUG, " ");
- }
- print_map(rp_node->rtp_rp.window, ZRTP_SRTP_WINDOW_WIDTH_BYTES);
-
-
- /*
- in result map:
- - after window we should to have all zeroes
- - into the window we should have ones only if window have zero at appropriate position
- - before window we should have equal values of test map and result map bits
- */
- for (i=0; i < TEST_MAP_WIDTH; i++) {
- if (delta > 0 && i < delta) {
- /* After window */
- if (0 != zrtp_bitmap_get_bit(result_map, i)) {
- ZRTP_LOG(3, (_ZTU_,"After window. %i bit should be 0\n", i));
- res = -1;
- }
- } else if (i <= (int)tmp_seq && i >= delta) {
- /* inside window */
-
- /* check window filtering */
- if(1 == zrtp_bitmap_get_bit(result_map, i)) {
- if (1 == zrtp_bitmap_get_bit(tmp_window, i - (tmp_seq-ZRTP_SRTP_WINDOW_WIDTH) - 1)) {
- ZRTP_LOG(3, (_ZTU_,"Inside window. Window filtering fail. %i bit should be 0\n", i));
- res = -1;
- }
- }
- /* check test vs result maps */
- if ( zrtp_bitmap_get_bit(result_map, i) != zrtp_bitmap_get_bit(test_map, i) &&
- !zrtp_bitmap_get_bit(tmp_window, i - (tmp_seq-ZRTP_SRTP_WINDOW_WIDTH) - 1)) {
- ZRTP_LOG(3, (_ZTU_, "Inside window. Test map isn't equal to result at bit %i\n", i));
- res = -1;
- }
-
- } else {
- /* after window */
- if (zrtp_bitmap_get_bit(result_map, i) != zrtp_bitmap_get_bit(test_map, i)) {
- ZRTP_LOG(3, (_ZTU_,"Before window. Test map isn't equal to result at bit %i\n", i));
- res = -1;
- }
- }
- }
-
- assert_int_equal(res, 0);
-}
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(srtp_replay_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include <stdio.h> /* for sprintf(), remove() */
-#include <string.h> /* for string operations */
-
-#include "test_engine.h"
-#include "queue.h"
-
-#define _ZTU_ "test engine"
-
-#define K_ZRTP_TEST_MAX_ENDPOINTS 10
-#define K_ZRTP_TEST_MAX_SESSIONS_PER_ENDPOINT 100
-#define K_ZRTP_TEST_MAX_CHANNELS (K_ZRTP_TEST_MAX_ENDPOINTS * K_ZRTP_TEST_MAX_ENDPOINTS * ZRTP_MAX_STREAMS_PER_SESSION)
-
-#define K_ZRTP_TEST_PROCESSORS_COUNT 2
-#define K_ZRTP_TEST_RTP_RATE 200
-
-extern uint8_t hash_word_list_odd[256][12];
-extern uint8_t hash_word_list_even[256][10];
-
-typedef struct {
- zrtp_test_id_t id;
- zrtp_test_id_t session_id;
- zrtp_test_id_t channel_id;
- zrtp_test_id_t endpoint_id;
- zrtp_stream_t *zrtp;
- uint16_t seq;
- zrtp_queue_t *input;
- zrtp_queue_t *output;
- unsigned zrtp_events_queueu[128];
- unsigned zrtp_events_count;
-} zrtp_test_stream_t;
-
-typedef struct {
- zrtp_test_id_t id;
- zrtp_test_id_t endpoint_id;
- zrtp_test_session_cfg_t cfg;
- zrtp_session_t *zrtp;
- zrtp_test_stream_t streams[ZRTP_MAX_STREAMS_PER_SESSION];
- unsigned streams_count;
-} zrtp_test_session_t;
-
-typedef struct {
- zrtp_test_id_t id;
- char name[ZRTP_TEST_STR_LEN];
- zrtp_zid_t zid;
- zrtp_test_endpoint_cfg_t cfg;
- zrtp_test_session_t sessions[K_ZRTP_TEST_MAX_SESSIONS_PER_ENDPOINT];
- unsigned sessions_count;
- zrtp_global_t *zrtp;
- unsigned is_running;
- zrtp_queue_t *input_queue;
-} zrtp_endpoint_t;
-
-
-typedef struct {
- zrtp_test_id_t id;
- zrtp_test_stream_t *left;
- zrtp_test_stream_t *right;
- unsigned is_attached;
- unsigned is_secure;
-} zrtp_test_channel_t;
-
-typedef struct zrtp_test_packet {
- uint32_t is_rtp; /*! Defines is packet RTP or RTCP */
- uint32_t length; /*! Packet Length in bytes */
- char body[1024]; /*! Packet body */
-} zrtp_test_packet_t;
-
-
-static zrtp_endpoint_t g_test_endpoints[K_ZRTP_TEST_MAX_ENDPOINTS];
-static unsigned g_test_endpoints_count = 0;
-
-static zrtp_test_channel_t g_test_channels[K_ZRTP_TEST_MAX_CHANNELS];
-static unsigned g_test_channels_count = 0;
-
-static int g_endpoints_counter = 7;
-static int g_channels_counter = 7;
-static int g_sessions_counter = 7;
-static int g_streams_counter = 7;
-
-
-zrtp_endpoint_t *zrtp_test_endpoint_by_id(zrtp_test_id_t id);
-zrtp_test_stream_t *zrtp_test_stream_by_id(zrtp_test_id_t id);
-zrtp_test_stream_t *zrtp_test_stream_by_peerid(zrtp_test_id_t id);
-zrtp_test_session_t *zrtp_test_session_by_id(zrtp_test_id_t id);
-zrtp_test_channel_t *zrtp_test_channel_by_id(zrtp_test_id_t id);
-
-
-/******************************************************************************
- * libzrtp interface implementation
- */
-
-static void on_zrtp_event(zrtp_stream_t *ctx, zrtp_protocol_event_t event) {
- zrtp_test_id_t *stream_id = zrtp_stream_get_userdata(ctx);
- zrtp_test_stream_t *stream = zrtp_test_stream_by_id(*stream_id);
-
- stream->zrtp_events_queueu[stream->zrtp_events_count++] = event;
-}
-
-
-static void on_zrtp_secure(zrtp_stream_t *ctx) {
- zrtp_test_id_t *stream_id = zrtp_stream_get_userdata(ctx);
- zrtp_test_stream_t *stream = zrtp_test_stream_by_id(*stream_id);
- zrtp_test_channel_t *channel = zrtp_test_channel_by_id(stream->channel_id);
- zrtp_test_stream_t *remote_stream = (channel->left == stream) ? channel->right : channel->left;
-
- if (stream->zrtp->state == ZRTP_STATE_SECURE &&
- remote_stream->zrtp->state == ZRTP_STATE_SECURE) {
- channel->is_secure = 1;
- }
-
-}
-
-static int on_send_packet(const zrtp_stream_t* ctx, char* message, unsigned int length) {
- zrtp_queue_elem_t* elem = zrtp_sys_alloc(sizeof(zrtp_queue_elem_t));
- if (elem) {
- zrtp_test_packet_t* packet = (zrtp_test_packet_t*) elem->data;
- elem->size = length;
-
- packet->is_rtp = 1;
- packet->length = length;
- zrtp_memcpy(packet->body, message, length);
-
- zrtp_test_id_t *stream_id = zrtp_stream_get_userdata(ctx);
- zrtp_test_stream_t *stream = zrtp_test_stream_by_id(*stream_id);
- if (stream) {
- zrtp_test_queue_push(stream->output, elem);
- return zrtp_status_ok;
- } else {
- return zrtp_status_fail;
- }
- } else {
- return zrtp_status_alloc_fail;
- }
-}
-
-
-/******************************************************************************
- * Processing Loop
- */
-
-static zrtp_test_stream_t *get_stream_to_process_(zrtp_endpoint_t *endpoint) {
- zrtp_test_id_t all_streams[K_ZRTP_TEST_MAX_SESSIONS_PER_ENDPOINT*ZRTP_MAX_STREAMS_PER_SESSION];
- unsigned streams_count = 0;
- unsigned i, j;
-
- for (i=0; i<endpoint->sessions_count; i++) {
- for (j=0; j<endpoint->sessions[i].streams_count; j++) {
- zrtp_test_stream_t *stream = &endpoint->sessions[i].streams[j];
- if (stream->input && stream->output)
- all_streams[streams_count++] = stream->id;
- }
- }
-
- if (0 == streams_count)
- return NULL;
-
- zrtp_randstr(endpoint->zrtp, (unsigned char*)&i, sizeof(i));
- j = (unsigned)i;
- j = j % streams_count;
-
- //printf("trace>>> CHOOSE stream Endpoint=%u IDX=%u ID=%u\n", endpoint->id, j, all_streams[j]);
- return zrtp_test_stream_by_id(all_streams[j]);
-}
-
-
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WINCE)
-DWORD WINAPI process_incoming(void *param)
-#else
-void *process_incoming(void *param)
-#endif
-{
- zrtp_endpoint_t *the_endpoint = (zrtp_endpoint_t *)param;
-
- while (the_endpoint->is_running) {
- zrtp_test_packet_t* packet = NULL;
- zrtp_queue_elem_t* elem = NULL;
- zrtp_status_t s = zrtp_status_fail;
- zrtp_test_stream_t *stream;
- int is_protocol = 0;
-
- // TODO: use peak to not to block processing if queue for this stream is empty
- elem = zrtp_test_queue_pop(the_endpoint->input_queue);
- if (!elem || elem->size <= 0) {
- if (elem) zrtp_sys_free(elem);
- break;
- }
-
- packet = (zrtp_test_packet_t*) elem->data;
- zrtp_test_id_t stream_id;
- {
- if (packet->is_rtp) {
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *rtp_hdr = (zrtp_rtp_hdr_t*)packet->body;
- stream_id = zrtp_ntoh32(rtp_hdr->ssrc); /* remember, we use stream Id as it's RTP SSRC */
- } else {
- ZRTP_UNALIGNED(zrtp_rtcp_hdr_t) *rtcp_hdr = (zrtp_rtcp_hdr_t*)packet->body;
- stream_id = zrtp_ntoh32(rtcp_hdr->ssrc); /* remember, we use stream Id as it's RTP SSRC */
- }
- stream = zrtp_test_stream_by_peerid(stream_id);
- }
-
- /*
- * Process incoming packet by libzrtp. Is this a RTP media packet - copy it to the buffer
- * to print out later.
- */
- if (packet->is_rtp) {
- s = zrtp_process_srtp(stream->zrtp, packet->body, &packet->length);
- } else {
- s = zrtp_process_srtcp(stream->zrtp, packet->body, &packet->length);
- }
-
- if (!is_protocol) {
- char *body;
- if (packet->is_rtp) {
- body = packet->body + sizeof(zrtp_rtp_hdr_t);
- body[packet->length - sizeof(zrtp_rtp_hdr_t)] = 0;
- } else {
- body = packet->body + sizeof(zrtp_rtcp_hdr_t);
- body[packet->length - sizeof(zrtp_rtcp_hdr_t)] = 0;
- }
-
- switch (s)
- {
- case zrtp_status_ok: {
- ZRTP_LOG(1, (_ZTU_,"Incoming: (%s) [%p:ssrc=%u] OK. <%s> decrypted %d bytes.\n",
- zrtp_log_state2str(stream->zrtp->state), stream->zrtp, stream->id, body, packet->length));
- } break;
-
- case zrtp_status_drop: {
- ZRTP_LOG(1, (_ZTU_,"Incoming: (%s) [%p:ssrc=%u] DROPPED. <%s>\n",
- zrtp_log_state2str(stream->zrtp->state), stream->zrtp, stream->id, body));
- } break;
-
- case zrtp_status_fail: {
- ZRTP_LOG(1, (_ZTU_,"Incoming: (%s) [%p:ssrc=%u] DECRYPT FAILED. <%s>\n",
- zrtp_log_state2str(stream->zrtp->state), stream->zrtp, stream->id, body));
- } break;
-
- default:
- break;
- }
- }
-
- zrtp_sys_free(elem);
-
- /*
- * When zrtp_stream is in the pending clear state and other side wants to send plain
- * traffic. We have to call zrtp_clear_stream().
- */
- if (stream->zrtp->state == ZRTP_STATE_PENDINGCLEAR) {
- zrtp_stream_clear(stream->zrtp);
- }
- }
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WINCE)
- return 0;
-#else
- return NULL;
-#endif
-}
-
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WINCE)
-DWORD WINAPI process_outgoing(void *param)
-#else
-void *process_outgoing(void *param)
-#endif
-{
- unsigned packets_counter = 0;
- zrtp_endpoint_t *the_endpoint = (zrtp_endpoint_t *)param;
-
- while (the_endpoint->is_running) {
- zrtp_test_stream_t* stream = NULL;
- unsigned i;
-
- zrtp_status_t s = zrtp_status_fail;
- zrtp_test_packet_t* packet;
- zrtp_queue_elem_t* elem;
- char* word = NULL;
-
- zrtp_sleep(K_ZRTP_TEST_RTP_RATE);
-
- /* Get random channel to operate with and select random peer */
- stream = get_stream_to_process_(the_endpoint);
- if (!stream) {
- continue;
- }
-
- elem = zrtp_sys_alloc(sizeof(zrtp_queue_elem_t));
- if (!elem) {
- break;
- }
- packet = (zrtp_test_packet_t*) elem->data;
- packet->is_rtp = (packets_counter++ % 20); /* Every 20-th packet is RTCP */
-
- /*
- * Construct RTP/RTCP Packet
- */
- if (packet->is_rtp)
- {
- ZRTP_UNALIGNED(zrtp_rtp_hdr_t) *rtp_hdr = (zrtp_rtp_hdr_t*)packet->body;
-
- /* Fill RTP Header according to the specification */
- zrtp_memset(rtp_hdr, 0, sizeof(zrtp_rtp_hdr_t));
- rtp_hdr->version = 2; /* Current RTP version 2 */
- rtp_hdr->pt = 0; /* PCMU padding type */
- rtp_hdr->ssrc = zrtp_hton32(stream->id); /* Use stream Identifier as it's SSRC */
- if (stream->seq >= 0xFFFF) {
- stream->seq = 0;
- }
- rtp_hdr->seq = zrtp_hton16(stream->seq++);
- rtp_hdr->ts = zrtp_hton32((uint32_t)(zrtp_time_now()/1000));
-
- /* Get RTP body from PGP words lists */
- word = (char*)(i ? hash_word_list_odd[packets_counter % 256] : hash_word_list_even[packets_counter % 256]);
-
- zrtp_memcpy(packet->body + sizeof(zrtp_rtp_hdr_t), word, (uint32_t)strlen(word));
- packet->length = sizeof(zrtp_rtp_hdr_t) + (uint32_t)strlen(word);
-
- /* Process RTP media with libzrtp */
- s = zrtp_process_rtp(stream->zrtp, packet->body, &packet->length);
- }
- else {
- ZRTP_UNALIGNED(zrtp_rtcp_hdr_t) *rtcp_hdr = (zrtp_rtcp_hdr_t*)packet->body;
-
- /* Fill RTCP Header according to the specification */
- rtcp_hdr->rc = 0;
- rtcp_hdr->version = 2;
- rtcp_hdr->ssrc = stream->id;
-
- /* Get RTP body from PGP words lists. Put RTCP marker at the beginning */
- zrtp_memcpy(packet->body + sizeof(zrtp_rtcp_hdr_t), "RTCP", 4);
- word = (char*)( i ? hash_word_list_odd[packets_counter % 256] : hash_word_list_even[packets_counter % 256]);
-
- zrtp_memcpy(packet->body + sizeof(zrtp_rtcp_hdr_t) + 4, word, (uint32_t)strlen(word));
- packet->length = sizeof(zrtp_rtcp_hdr_t) + (uint32_t)strlen(word) + 4;
- /* RTCP packets sould be 32 byes aligned */
- packet->length += (packet->length % 4) ? (4 - packet->length % 4) : 0;
-
- /* Process RTCP control with libzrtp */
- s = zrtp_process_rtcp(stream->zrtp, packet->body, &packet->length);
- }
-
- elem->size = packet->length;
-
- /* Handle zrtp_process_xxx() instructions */
- switch (s) {
- /* Put the packet to the queue ==> send packet to the other side pear */
- case zrtp_status_ok: {
- ZRTP_LOG(3, (_ZTU_,"Outgoing: (%s) [%p:ssrc=%u] OK. <%s%s> encrypted %d bytes.\n",
- zrtp_log_state2str(stream->zrtp->state), stream->zrtp, stream->id, packet->is_rtp ? "" : "RTCP", word, packet->length));
- zrtp_test_queue_push(stream->output, elem);
- } break;
-
- case zrtp_status_drop: {
- ZRTP_LOG(1, (_ZTU_,"Outgoing: (%s) [%p:ssrc=%u] DROPPED.\n",
- zrtp_log_state2str(stream->zrtp->state), stream->zrtp, stream->id));
- } break;
-
- case zrtp_status_fail: {
- ZRTP_LOG(1, (_ZTU_,"Outgoing: (%s) [%p:ssrc=%u] ENCRYPT FAILED.\n",
- zrtp_log_state2str(stream->zrtp->state), stream->zrtp, stream->id));
- } break;
-
- default:
- break;
- }
-
- if (zrtp_status_ok != s) {
- zrtp_sys_free(packet);
- }
- }
-#if (ZRTP_PLATFORM == ZP_WIN32) || (ZRTP_PLATFORM == ZP_WINCE)
- return 0;
-#else
- return NULL;
-#endif
-}
-
-
-/******************************************************************************
- * Test Engine Public API
- */
-
-void zrtp_test_endpoint_config_defaults(zrtp_test_endpoint_cfg_t* cfg) {
-
- zrtp_memset(cfg, 0, sizeof(zrtp_test_endpoint_cfg_t));
-
- cfg->generate_traffic = 0;
-
- /* It's always a good idea to start with default values */
- zrtp_config_defaults(&cfg->zrtp);
-
- /* Set ZRTP client id */
- strcpy(cfg->zrtp.client_id, "zrtp-test-engine");
-
- cfg->zrtp.is_mitm = 0;
- cfg->zrtp.lic_mode = ZRTP_LICENSE_MODE_ACTIVE;
-
- cfg->zrtp.cb.event_cb.on_zrtp_secure = &on_zrtp_secure;
- cfg->zrtp.cb.event_cb.on_zrtp_security_event = &on_zrtp_event;
- cfg->zrtp.cb.event_cb.on_zrtp_protocol_event = &on_zrtp_event;
- cfg->zrtp.cb.misc_cb.on_send_packet = &on_send_packet;
-}
-
-zrtp_status_t zrtp_test_endpoint_create(zrtp_test_endpoint_cfg_t* cfg,
- const char *name,
- zrtp_test_id_t* id) {
- zrtp_status_t s;
- unsigned i;
- char cache_file_path[ZRTP_TEST_STR_LEN];
- zrtp_endpoint_t *new_endpoint;
-
- if (g_test_endpoints_count >= K_ZRTP_TEST_MAX_ENDPOINTS)
- return zrtp_status_alloc_fail;
-
- new_endpoint = &g_test_endpoints[g_test_endpoints_count++];
- zrtp_memset(new_endpoint, 0, sizeof(zrtp_endpoint_t));
-
- /* Copy configuration, we will use it later to clean up after ourselves */
- zrtp_memcpy(&new_endpoint->cfg, cfg, sizeof(zrtp_test_endpoint_cfg_t));
-
- /* Remember endpoint name */
- strcpy(new_endpoint->name, name);
-
- new_endpoint->id = g_endpoints_counter++;
-
- /* Adjust cache file path so each endpoint will use it's own file. */
- sprintf(cache_file_path, "./%s_cache.dat", name);
- zrtp_zstrcpyc(ZSTR_GV(new_endpoint->cfg.zrtp.def_cache_path), cache_file_path);
-
- /* Initialize libzrtp engine for this endpoint */
- s = zrtp_init(&new_endpoint->cfg.zrtp, &new_endpoint->zrtp);
- if (zrtp_status_ok == s) {
- *id = new_endpoint->id;
-
- /* Generate random ZID */
- zrtp_randstr(new_endpoint->zrtp, new_endpoint->zid, sizeof(new_endpoint->zid));
- }
-
- /* Create Input queue*/
- s = zrtp_test_queue_create(&new_endpoint->input_queue);
- if (zrtp_status_ok != s) {
- return s;
- }
-
- /* Start processing loop */
- new_endpoint->is_running = 1;
-
- for (i = 0; i<K_ZRTP_TEST_PROCESSORS_COUNT; i++) {
- if (0 != zrtp_thread_create(process_incoming, new_endpoint)) {
- return zrtp_status_fail;
- }
-
- if (cfg->generate_traffic) {
- if (0 != zrtp_thread_create(process_outgoing, new_endpoint)) {
- return zrtp_status_fail;
- }
- }
- }
-
- return s;
-}
-
-zrtp_status_t zrtp_test_endpoint_destroy(zrtp_test_id_t id) {
- unsigned i;
- zrtp_status_t s = zrtp_status_ok;
- zrtp_endpoint_t *endpoint = zrtp_test_endpoint_by_id(id);
-
- endpoint->is_running = 0;
-
- if (endpoint->input_queue) {
- /* Push faked element to the queue to unlock incoming threads */
- for (i=0; i<K_ZRTP_TEST_PROCESSORS_COUNT; i++) {
- zrtp_queue_elem_t *elem = malloc(sizeof(zrtp_queue_elem_t));
- elem->size = 0;
- zrtp_test_queue_push(endpoint->input_queue, elem);
- }
- zrtp_sleep(0.5*1000);
-
- zrtp_test_queue_destroy(endpoint->input_queue);
- }
-
- for (i=0; i<20; i++) zrtp_sleep(100);
-
- if (endpoint) {
- /* Shut down libzrtp */
- if (endpoint->zrtp)
- s = zrtp_down(endpoint->zrtp);
-
- /* Clean-up ZRTP cache after ourselves */
- remove(endpoint->cfg.zrtp.def_cache_path.buffer);
- } else {
- s = zrtp_status_fail;
- }
-
- return s;
-}
-
-zrtp_status_t zrtp_test_stream_get(zrtp_test_id_t id,
- zrtp_test_stream_info_t* info) {
-
- zrtp_test_stream_t *stream = zrtp_test_stream_by_id(id);
- if (stream) {
- zrtp_status_t s;
- zrtp_memset(info, 0, sizeof(zrtp_test_stream_info_t));
-
- zrtp_memcpy(info->zrtp_events_queueu, stream->zrtp_events_queueu, sizeof(info->zrtp_events_queueu));
- info->zrtp_events_count = stream->zrtp_events_count;
-
- s = zrtp_stream_get(stream->zrtp, &info->zrtp);
- return s;
- } else {
- return zrtp_status_bad_param;
- }
-}
-
-void zrtp_test_session_config_defaults(zrtp_test_session_cfg_t* cfg) {
- cfg->streams_count = 1;
- cfg->role = ZRTP_SIGNALING_ROLE_UNKNOWN;
- cfg->is_enrollment = 0;
-
- zrtp_profile_defaults(&cfg->zrtp, NULL);
-}
-
-zrtp_status_t zrtp_test_session_create(zrtp_test_id_t endpoint_id,
- zrtp_test_session_cfg_t* cfg,
- zrtp_test_id_t* id) {
- zrtp_status_t s;
- unsigned i;
- zrtp_test_session_t *the_session;
- zrtp_endpoint_t *the_endpoint = zrtp_test_endpoint_by_id(endpoint_id);
-
- if (!the_endpoint)
- return zrtp_status_fail;
-
- if (the_endpoint->sessions_count >= K_ZRTP_TEST_MAX_SESSIONS_PER_ENDPOINT)
- return zrtp_status_fail;
-
- the_session = &the_endpoint->sessions[the_endpoint->sessions_count++];
-
- zrtp_memset(the_session, 0, sizeof(zrtp_test_session_t));
-
- zrtp_memcpy(&the_session->cfg, cfg, sizeof(zrtp_test_session_cfg_t));
-
- the_session->id = g_sessions_counter++;
- the_session->endpoint_id = endpoint_id;
-
- s = zrtp_session_init(the_endpoint->zrtp,
- &cfg->zrtp,
- the_endpoint->zid,
- cfg->role,
- &the_session->zrtp);
-
- if (zrtp_status_ok == s) {
-
- zrtp_session_set_userdata(the_session->zrtp, &the_session->id);
-
- for (i=0; i<cfg->streams_count; i++) {
- zrtp_test_stream_t *the_stream = &the_session->streams[i];
- zrtp_memset(the_stream, 0, sizeof(zrtp_test_stream_t));
-
- the_stream->id = g_streams_counter++;
- the_stream->session_id = the_session->id;
- the_stream->endpoint_id = endpoint_id;
-
- s = zrtp_stream_attach(the_session->zrtp, &the_stream->zrtp);
- if (zrtp_status_ok == s) {
- zrtp_stream_set_userdata(the_stream->zrtp, &the_stream->id);
- the_session->streams_count++;
- } else {
- break;
- }
- }
- }
-
- if (zrtp_status_ok == s) {
- *id = the_session->id;
- }
-
- return s;
-}
-
-zrtp_status_t zrtp_test_session_destroy(zrtp_test_id_t id) {
- zrtp_test_session_t *session = zrtp_test_session_by_id(id);
- if (session) {
- /* NOTE: we don't release session slots here due to nature of testing
- * engine: test configuration constructed from scratch for every single test.
- */
- zrtp_session_down(session->zrtp);
- }
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_test_session_get(zrtp_test_id_t id, zrtp_test_session_info_t* info) {
- zrtp_status_t s;
- zrtp_test_session_t *session = zrtp_test_session_by_id(id);
- if (session) {
- s = zrtp_session_get(session->zrtp, &info->zrtp);
- if (zrtp_status_ok == s) {
- unsigned i;
- for (i=0; i<session->streams_count; i++) {
- s = zrtp_test_stream_get(session->streams[i].id, &info->streams[i]);
- if (zrtp_status_ok != s)
- break;
- }
- }
-
- return s;
- } else {
- return zrtp_status_bad_param;
- }
-}
-
-zrtp_status_t zrtp_test_channel_create(zrtp_test_id_t left_id, zrtp_test_id_t right_id, zrtp_test_id_t* id) {
- zrtp_test_channel_t *the_channel;
- zrtp_test_stream_t *left = zrtp_test_stream_by_id(left_id);
- zrtp_test_stream_t *right = zrtp_test_stream_by_id(right_id);
-
- if (!left || !right)
- return zrtp_status_bad_param;
-
- if (g_test_channels_count >= K_ZRTP_TEST_MAX_CHANNELS)
- return zrtp_status_bad_param;
-
- zrtp_endpoint_t *left_endpoint = zrtp_test_endpoint_by_id(left->endpoint_id);
- zrtp_endpoint_t *right_endpoint = zrtp_test_endpoint_by_id(right->endpoint_id);
-
- the_channel = &g_test_channels[g_test_channels_count++];
- zrtp_memset(the_channel, 0, sizeof(zrtp_test_channel_t));
-
- the_channel->id = g_channels_counter++;
- the_channel->left = left;
- the_channel->right = right;
-
- left->output = right_endpoint->input_queue;
- left->input = left_endpoint->input_queue;
- right->output = left_endpoint->input_queue;
- right->input = right_endpoint->input_queue;
-
- right->channel_id = the_channel->id;
- left->channel_id = the_channel->id;
-
- the_channel->is_attached = 1;
-
- *id = the_channel->id;
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_test_channel_create2(zrtp_test_id_t left_session,
- zrtp_test_id_t right_session,
- unsigned stream_idx,
- zrtp_test_id_t *id) {
- zrtp_test_session_t *left = zrtp_test_session_by_id(left_session);
- zrtp_test_session_t *right = zrtp_test_session_by_id(right_session);
-
- if (!left || !right)
- return zrtp_status_bad_param;
-
- if (left->streams_count <= stream_idx || right->streams_count <= stream_idx)
- return zrtp_status_bad_param;
-
- return zrtp_test_channel_create(left->streams[stream_idx].id, right->streams[stream_idx].id, id);
-}
-
-zrtp_status_t zrtp_test_channel_destroy(zrtp_test_id_t id) {
- zrtp_test_channel_t *channel = zrtp_test_channel_by_id(id);
- if (!channel)
- return zrtp_status_bad_param;
-
- return zrtp_status_ok;
-}
-
-zrtp_status_t zrtp_test_channel_start(zrtp_test_id_t id) {
- zrtp_status_t s1, s2;
- zrtp_test_channel_t *the_channel = zrtp_test_channel_by_id(id);
- zrtp_test_session_t *the_session;
-
- the_session = zrtp_test_session_by_id(the_channel->left->session_id);
- if (the_session->cfg.is_enrollment)
- s1 = zrtp_stream_registration_start(the_channel->left->zrtp, the_channel->left->id); /* use stream Id as ssrc */
- else
- s1 = zrtp_stream_start(the_channel->left->zrtp, the_channel->left->id); /* use stream Id as ssrc */
- if (s1 == zrtp_status_ok) {
- the_session = zrtp_test_session_by_id(the_channel->right->session_id);
- if (the_session->cfg.is_enrollment)
- s2 = zrtp_stream_registration_start(the_channel->right->zrtp, the_channel->right->id);
- else
- s2 = zrtp_stream_start(the_channel->right->zrtp, the_channel->right->id);
- } else {
- return s1;
- }
-
- return s2;
-}
-
-zrtp_status_t zrtp_test_channel_get(zrtp_test_id_t id,
- zrtp_test_channel_info_t* info) {
-
- zrtp_test_channel_t *channel = zrtp_test_channel_by_id(id);
- if (channel) {
- zrtp_status_t s;
-
- zrtp_memset(info, 0, sizeof(zrtp_test_channel_info_t));
-
- s = zrtp_test_stream_get(channel->left->id, &info->left);
- if (zrtp_status_ok == s) {
- s = zrtp_test_stream_get(channel->right->id, &info->right);
- if (zrtp_status_ok == s) {
- info->is_secure = channel->is_secure;
- }
- }
-
- return s;
- } else {
- return zrtp_status_bad_param;
- }
-}
-
-
-/******************************************************************************
- * Helpers
- */
-
-zrtp_endpoint_t *zrtp_test_endpoint_by_id(zrtp_test_id_t id) {
- int i;
-
- if (ZRTP_TEST_UNKNOWN_ID == id) return NULL;
-
- for (i=0; i<g_test_endpoints_count; i++) {
- if (g_test_endpoints[i].id == id) {
- return &g_test_endpoints[i];
- }
- }
-
- return NULL;
-}
-
-zrtp_test_session_t *zrtp_test_session_by_id(zrtp_test_id_t id) {
- int i, j;
-
- if (ZRTP_TEST_UNKNOWN_ID == id) return NULL;
-
- for (i=0; i<g_test_endpoints_count; i++) {
- zrtp_endpoint_t *endpoint = &g_test_endpoints[i];
- if (endpoint->id == ZRTP_TEST_UNKNOWN_ID)
- continue;
-
- for (j=0; j<endpoint->sessions_count; j++) {
- if (endpoint->sessions[j].id == id) {
- return &endpoint->sessions[j];
- }
- }
- }
-
- return NULL;
-}
-
-zrtp_test_stream_t *zrtp_test_stream_by_id(zrtp_test_id_t id) {
- int i, j, k;
-
- if (ZRTP_TEST_UNKNOWN_ID == id) return NULL;
-
- for (i=0; i<g_test_endpoints_count; i++) {
- zrtp_endpoint_t *endpoint = &g_test_endpoints[i];
- if (endpoint->id == ZRTP_TEST_UNKNOWN_ID)
- continue;
-
- for (j=0; j<endpoint->sessions_count; j++) {
- zrtp_test_session_t *session = &endpoint->sessions[j];
- if (session->id == ZRTP_TEST_UNKNOWN_ID)
- continue;
-
- for (k=0; k<session->streams_count; k++) {
- if (session->streams[k].id == id) {
- return &session->streams[k];
- }
- }
- }
- }
-
- return NULL;
-}
-
-zrtp_test_channel_t *zrtp_test_channel_by_id(zrtp_test_id_t id) {
- int i;
- zrtp_test_channel_t *channel = NULL;
-
- if (ZRTP_TEST_UNKNOWN_ID == id) return NULL;
-
- for (i=0; i<g_test_channels_count; i++) {
- if (g_test_channels[i].id != ZRTP_TEST_UNKNOWN_ID && g_test_channels[i].id == id) {
- channel = &g_test_channels[i];
- break;
- }
- }
-
- return channel;
-}
-
-zrtp_test_stream_t *zrtp_test_stream_by_peerid(zrtp_test_id_t id) {
- int i;
- if (ZRTP_TEST_UNKNOWN_ID == id) return NULL;
-
- for (i=0; i<g_test_channels_count; i++) {
- if (g_test_channels[i].id != ZRTP_TEST_UNKNOWN_ID) {
- if (g_test_channels[i].left->id == id)
- return g_test_channels[i].right;
- else if (g_test_channels[i].right->id == id)
- return g_test_channels[i].left;
- }
- }
-
- return NULL;
-}
-
-zrtp_test_id_t zrtp_test_session_get_stream_by_idx(zrtp_test_id_t session_id, unsigned idx) {
- zrtp_test_session_t *session = zrtp_test_session_by_id(session_id);
- if (session && session->streams_count > idx) {
- return session->streams[idx].id;
- } else {
- return ZRTP_TEST_UNKNOWN_ID;
- }
-}
-
-zrtp_stream_t *zrtp_stream_for_test_stream(zrtp_test_id_t stream_id) {
- zrtp_test_stream_t *stream = zrtp_test_stream_by_id(stream_id);
- if (stream) {
- return stream->zrtp;
- } else {
- return NULL;
- }
-}
-
-unsigned zrtp_stream_did_event_receive(zrtp_test_id_t stream_id, unsigned event) {
- unsigned i;
- zrtp_test_stream_info_t stream_info;
-
- zrtp_test_stream_get(stream_id, &stream_info);
- for (i=0; i<stream_info.zrtp_events_count; i++) {
- if (stream_info.zrtp_events_queueu[i] == event)
- break;
- }
-
- return (i != stream_info.zrtp_events_count);
-}
-
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "zrtp.h"
-
-/** libzrtp test elements identifier */
-typedef uint32_t zrtp_test_id_t;
-
-/** Defines constant for unknown test element identifier */
-#define ZRTP_TEST_UNKNOWN_ID 0
-
-/** Default lengths for libzrtp test string buffers */
-#define ZRTP_TEST_STR_LEN 128
-
-/** libzrtp test endpoint configuration */
-typedef struct {
- zrtp_config_t zrtp; /** libzrtp global configuration parameters */
- unsigned generate_traffic; /** switch On to emulate RTP/RTCP traffic generation. Off by default. */
-} zrtp_test_endpoint_cfg_t;
-
-/** ZRTP test session parameters*/
-typedef struct {
- zrtp_profile_t zrtp; /** libzrtp session parameters */
- unsigned streams_count; /** number of zrtp streams to be attached to the session */
- zrtp_signaling_role_t role; /** signaling role, default is ZRTP_SIGNALING_ROLE_UNKNOWN */
- unsigned is_enrollment; /** true if enrollment session should be created */
-} zrtp_test_session_cfg_t;
-
-/** ZRTP test stream info */
-typedef struct {
- zrtp_stream_info_t zrtp; /** libzrtp stream info */
- unsigned zrtp_events_queueu[128]; /** list of received zrtp events*/
- unsigned zrtp_events_count; /** number of received events */
-} zrtp_test_stream_info_t;
-
-/** ZRTP test session state snapshot */
-typedef struct {
- zrtp_session_info_t zrtp; /** libzrtp session info*/
- zrtp_test_stream_info_t streams[ZRTP_MAX_STREAMS_PER_SESSION]; /** array of attached streams info */
- unsigned streams_count; /** number streams attached to the session */
-} zrtp_test_session_info_t;
-
-/** *ZRTP test channel state */
-typedef struct {
- zrtp_test_stream_info_t left; /** one-leg zrtp stream */
- zrtp_test_stream_info_t right; /** second-leg zrtp stream */
- unsigned char is_secure; /** enabled when both streams in the channel are secure */
-} zrtp_test_channel_info_t;
-
-
-/**
- * Initialize zrtp test endpoint configuration with default values
- * @param cfg - endpoint config to initialize
- */
-void zrtp_test_endpoint_config_defaults(zrtp_test_endpoint_cfg_t *cfg);
-
-/**
- * ZRTP test endpoint constructor
- * One endpoint is created, it starts processing threads and ready to emulate ZRTP exchange.
- *
- * @param cfg - endpoint configuration
- * @param name - endpoint name for debug purposes and cache naming, e.h "Alice", "Bob".
- * @param id - just created endpoint identifier will be placed here
- *
- * @return zrtp_status_ok on success or some of zrtp_status_t error codes on failure
- */
-zrtp_status_t zrtp_test_endpoint_create(zrtp_test_endpoint_cfg_t *cfg,
- const char *name,
- zrtp_test_id_t *id);
-
-/**
- * ZRTP test endpoint destructor
- * zrtp_test_endpoint_destroy() stops processing threads and release all
- * recurses allocated in zrtp_test_endpoint_create().
- *
- * @param id - endpoint identifier
- * @return zrtp_status_ok on success or some of zrtp_status_t error codes on failure
- */
-zrtp_status_t zrtp_test_endpoint_destroy(zrtp_test_id_t id);
-
-/**
- * Enables test session config with default values
- * @param cfg - session config for initialization
- */
-void zrtp_test_session_config_defaults(zrtp_test_session_cfg_t *cfg);
-
-/**
- * Create zrtp test session
- *
- * @param endpoint - test endpoint creating endpoint should belong to
- * @param cfg - session parameters
- * @param id - created session identifier will be placed here
- * @return zrtp_status_ok on success or some of zrtp_status_t error codes on failure
- */
-zrtp_status_t zrtp_test_session_create(zrtp_test_id_t endpoint,
- zrtp_test_session_cfg_t *cfg,
- zrtp_test_id_t *id);
-
-zrtp_status_t zrtp_test_session_destroy(zrtp_test_id_t id);
-
-zrtp_status_t zrtp_test_session_get(zrtp_test_id_t id, zrtp_test_session_info_t *info);
-
-/**
- * Get stream Id by it's index in zrtp session
- *
- * @param session_id - zrtp test session id where needed stream should be taken
- * @param idx - stream index
- * @return found stream id, or ZRTP_TEST_UNKNOWN_ID if idex is out of stream array range
- */
-zrtp_test_id_t zrtp_test_session_get_stream_by_idx(zrtp_test_id_t session_id, unsigned idx);
-
-zrtp_status_t zrtp_test_stream_get(zrtp_test_id_t id, zrtp_test_stream_info_t *info);
-
-zrtp_status_t zrtp_test_channel_create(zrtp_test_id_t left_stream, zrtp_test_id_t right_stream, zrtp_test_id_t *id);
-zrtp_status_t zrtp_test_channel_create2(zrtp_test_id_t left_session, zrtp_test_id_t right_session, unsigned stream_idx, zrtp_test_id_t *id);
-zrtp_status_t zrtp_test_channel_destroy(zrtp_test_id_t id);
-zrtp_status_t zrtp_test_channel_start(zrtp_test_id_t id);
-zrtp_status_t zrtp_test_channel_get(zrtp_test_id_t id, zrtp_test_channel_info_t *info);
-
-zrtp_stream_t *zrtp_stream_for_test_stream(zrtp_test_id_t stream_id);
-
-unsigned zrtp_stream_did_event_receive(zrtp_test_id_t stream_id, unsigned event);
-
-
+++ /dev/null
-/*
- * libZRTP SDK library, implements the ZRTP secure VoIP protocol.
- * Copyright (c) 2006-2009 Philip R. Zimmermann. All rights reserved.
- * Contact: http://philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krykun <v.krikun at zfoneproject.com>
- */
-
-#include "engine_helpers.c"
-
-static void setup() {
- zrtp_status_t s;
-
- zrtp_test_endpoint_cfg_t endpoint_cfg;
- zrtp_test_endpoint_config_defaults(&endpoint_cfg);
-
- s = zrtp_test_endpoint_create(&endpoint_cfg, "Alice", &g_alice);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_alice);
-
- s = zrtp_test_endpoint_create(&endpoint_cfg, "Bob", &g_bob);
- assert_int_equal(zrtp_status_ok, s);
- assert_int_not_equal(ZRTP_TEST_UNKNOWN_ID, g_bob);
-}
-
-static void teardown() {
- zrtp_test_endpoint_destroy(g_alice);
- zrtp_test_endpoint_destroy(g_bob);
-}
-
-
-static void zrtp_hash_export_import_sunny_test() {
- zrtp_status_t s;
- char alice_zrtp_hash[ZRTP_SIGN_ZRTP_HASH_LENGTH];
- char bob_zrtp_hash[ZRTP_SIGN_ZRTP_HASH_LENGTH];
- zrtp_stream_t *alice_zrtp_stream, *bob_zrtp_stream;
-
- /* Create two test sessions, one for Alice and one for Bob and link them into test secure channel */
- prepare_alice_bob();
-
- alice_zrtp_stream = zrtp_stream_for_test_stream(zrtp_test_session_get_stream_by_idx(g_alice_sid, 0));
- bob_zrtp_stream = zrtp_stream_for_test_stream(zrtp_test_session_get_stream_by_idx(g_bob_sid, 0));
- assert_non_null(alice_zrtp_stream); assert_non_null(bob_zrtp_stream);
-
- /* Take Alice's hash and give it to Bob */
- s = zrtp_signaling_hash_get(alice_zrtp_stream, alice_zrtp_hash, sizeof(alice_zrtp_hash));
- assert_int_equal(zrtp_status_ok, s);
-
- s = zrtp_signaling_hash_set(bob_zrtp_stream, alice_zrtp_hash, ZRTP_SIGN_ZRTP_HASH_LENGTH);
- assert_int_equal(zrtp_status_ok, s);
-
- /* Take Bob's hash and give it to Alice */
- s = zrtp_signaling_hash_get(bob_zrtp_stream, bob_zrtp_hash, sizeof(bob_zrtp_hash));
- assert_int_equal(zrtp_status_ok, s);
-
- s = zrtp_signaling_hash_set(alice_zrtp_stream, bob_zrtp_hash, ZRTP_SIGN_ZRTP_HASH_LENGTH);
- assert_int_equal(zrtp_status_ok, s);
-
- /* Start and wait for Secure */
- start_alice_bob_and_wait4secure();
-
- /* Check if ZRTP_EVENT_WRONG_SIGNALING_HASH was not triggered for any of test endpoints */
- assert_false(zrtp_stream_did_event_receive(zrtp_test_session_get_stream_by_idx(g_alice_sid, 0),
- ZRTP_EVENT_WRONG_SIGNALING_HASH));
-
- assert_false(zrtp_stream_did_event_receive(zrtp_test_session_get_stream_by_idx(g_bob_sid, 0),
- ZRTP_EVENT_WRONG_SIGNALING_HASH));
-
- /* Release test setup */
- release_alice_bob();
-}
-
-static void zrtp_hash_import_wrong_test() {
- zrtp_status_t s;
- char wrong_alice_zrtp_hash[ZRTP_SIGN_ZRTP_HASH_LENGTH];
- zrtp_stream_t *bob_zrtp_stream;
-
- /* Create two test sessions, one for Alice and one for Bob and link them into test secure channel */
- prepare_alice_bob();
-
- bob_zrtp_stream = zrtp_stream_for_test_stream(zrtp_test_session_get_stream_by_idx(g_bob_sid, 0));
- assert_non_null(bob_zrtp_stream);
-
- /* Let's provide wrong hash to bob */
- zrtp_memset(wrong_alice_zrtp_hash, 6, ZRTP_SIGN_ZRTP_HASH_LENGTH);
-
- s = zrtp_signaling_hash_set(bob_zrtp_stream, wrong_alice_zrtp_hash, ZRTP_SIGN_ZRTP_HASH_LENGTH);
- assert_int_equal(zrtp_status_ok, s);
-
- /* Start and wait for Secure */
- start_alice_bob_and_wait4secure();
-
- /* Check if Alice don't receive ZRTP_EVENT_WRONG_SIGNALING_HASH, but Bob should get one */
- assert_false(zrtp_stream_did_event_receive(zrtp_test_session_get_stream_by_idx(g_alice_sid, 0),
- ZRTP_EVENT_WRONG_SIGNALING_HASH));
-
- assert_true(zrtp_stream_did_event_receive(zrtp_test_session_get_stream_by_idx(g_bob_sid, 0),
- ZRTP_EVENT_WRONG_SIGNALING_HASH));
-
- /* Release test setup */
- release_alice_bob();
-}
-
-
-int main(void) {
- const UnitTest tests[] = {
- unit_test_setup_teardown(zrtp_hash_export_import_sunny_test, setup, teardown),
- unit_test_setup_teardown(zrtp_hash_import_wrong_test, setup, teardown),
- };
-
- return run_tests(tests);
-}
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-
- This file contains the definitions required to use AES in C. See aesopt.h
- for optimisation details.
-*/
-
-#ifndef __aes_h__
-#define __aes_h__
-
-#include <stdlib.h>
-
-
-//#include "zrtp_types.h"
-
-/* This include is used to find 8 & 32 bit unsigned integer types */
-#include "brg_types.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#ifndef ZRTP_RESTRICT
-#define AES_128 /* define if AES with 128 bit keys is needed */
-#define AES_192 /* define if AES with 192 bit keys is needed */
-#define AES_256 /* define if AES with 256 bit keys is needed */
-#define AES_VAR /* define if a variable key size is needed */
-#define AES_MODES /* define if support is needed for modes */
-#else
-#define AES_128 /* define if AES with 128 bit keys is needed */
-#define AES_256 /* define if AES with 256 bit keys is needed */
-#define AES_MODES /* define if support is needed for modes */
-#endif //ZRTP_RESTRICT
-
-/* The following must also be set in assembler files if being used */
-
-#define AES_ENCRYPT /* if support for encryption is needed */
-
-#ifndef ZRTP_RESTRICT
-#define AES_DECRYPT /* if support for decryption is needed */
-#define AES_ERR_CHK /* for parameter checks & error return codes */
-#define AES_REV_DKS /* define to reverse decryption key schedule */
-#else
-#define AES_DECRYPT /* if support for decryption is needed */
-#define AES_ERR_CHK /* for parameter checks & error return codes */
-#endif //ZRTP_RESTRICT
-
-#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
-#define N_COLS 4 /* the number of columns in the state */
-
-/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */
-/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */
-/* or 44, 52 or 60 32-bit words. */
-
-#if defined( AES_VAR ) || defined( AES_256 )
-#define KS_LENGTH 60
-#elif defined( AES_192 )
-#define KS_LENGTH 52
-#else
-#define KS_LENGTH 44
-#endif
-
-#if defined( AES_ERR_CHK )
-#define AES_RETURN INT_RETURN
-#else
-#define AES_RETURN VOID_RETURN
-#endif
-
-/* the character array 'inf' in the following structures is used */
-/* to hold AES context information. This AES code uses cx->inf.b[0] */
-/* to hold the number of rounds multiplied by 16. The other three */
-/* elements can be used by code that implements additional modes */
-
-typedef union
-{ uint_32t l;
- uint_8t b[4];
-} aes_inf;
-
-typedef struct
-{ uint_32t ks[KS_LENGTH];
- aes_inf inf;
-} aes_encrypt_ctx;
-
-typedef struct
-{ uint_32t ks[KS_LENGTH];
- aes_inf inf;
-} aes_decrypt_ctx;
-
-/* This routine must be called before first use if non-static */
-/* tables are being used */
-
-AES_RETURN zrtp_bg_gen_tabs(void);
-
-/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */
-/* those in the range 128 <= key_len <= 256 are given in bits */
-
-#if defined( AES_ENCRYPT )
-
-#if defined(AES_128) || defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
-#endif
-
-#if defined(AES_192) || defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
-#endif
-
-#if defined(AES_256) || defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
-#endif
-
-#if defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]);
-#endif
-
-AES_RETURN zrtp_bg_aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]);
-
-#endif
-
-#if defined( AES_DECRYPT )
-
-#if defined(AES_128) || defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
-#endif
-
-#if defined(AES_192) || defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
-#endif
-
-#if defined(AES_256) || defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
-#endif
-
-#if defined(AES_VAR)
-AES_RETURN zrtp_bg_aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]);
-#endif
-
-AES_RETURN zrtp_bg_aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]);
-
-#endif
-
-#if defined(AES_MODES)
-
-/* Multiple calls to the following subroutines for multiple block */
-/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */
-/* long messages incremantally provided that the context AND the iv */
-/* are preserved between all such calls. For the ECB and CBC modes */
-/* each individual call within a series of incremental calls must */
-/* process only full blocks (i.e. len must be a multiple of 16) but */
-/* the CFB, OFB and CTR mode calls can handle multiple incremental */
-/* calls of any length. Each mode is reset when a new AES key is */
-/* set but ECB and CBC operations can be reset without setting a */
-/* new key by setting a new IV value. To reset CFB, OFB and CTR */
-/* without setting the key, zrtp_bg_aes_mode_reset() must be called and the */
-/* IV must be set. NOTE: All these calls update the IV on exit so */
-/* this has to be reset if a new operation with the same IV as the */
-/* previous one is required (or decryption follows encryption with */
-/* the same IV array). */
-
-AES_RETURN zrtp_bg_aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, const aes_encrypt_ctx cx[1]);
-
-AES_RETURN zrtp_bg_aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, const aes_decrypt_ctx cx[1]);
-
-#ifndef ZRTP_RESTRICT
-AES_RETURN zrtp_bg_aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);
-
-AES_RETURN zrtp_bg_aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, const aes_decrypt_ctx cx[1]);
-#endif //ZRTP_RESTRICT
-
-AES_RETURN zrtp_bg_aes_mode_reset(aes_encrypt_ctx cx[1]);
-
-AES_RETURN zrtp_bg_aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
-
-AES_RETURN zrtp_bg_aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
-#ifndef ZRTP_RESTRICT
-#define zrtp_bg_aes_ofb_encrypt zrtp_bg_aes_ofb_crypt
-#define zrtp_bg_aes_ofb_decrypt zrtp_bg_aes_ofb_crypt
-
-AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
-#endif //ZRTP_RESTRICT
-
-typedef void cbuf_inc(unsigned char *cbuf);
-
-#define zrtp_bg_aes_ctr_encrypt zrtp_bg_aes_ctr_crypt
-#define zrtp_bg_aes_ctr_decrypt zrtp_bg_aes_ctr_crypt
-
-//[winfix]
-AES_RETURN zrtp_bg_aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]);
-
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-
- These subroutines implement multiple block AES modes for ECB, CBC, CFB,
- OFB and CTR encryption, The code provides support for the VIA Advanced
- Cryptography Engine (ACE).
-
- NOTE: In the following subroutines, the AES contexts (ctx) must be
- 16 byte aligned if VIA ACE is being used
-*/
-
-#include <string.h>
-#include <assert.h>
-
-#include "aesopt.h"
-
-#if defined( AES_MODES )
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
-#pragma intrinsic(memcpy)
-#define in_line __inline
-#else
-#define in_line
-#endif
-
-#define BFR_BLOCKS 8
-
-/* These values are used to detect long word alignment in order to */
-/* speed up some buffer operations. This facility may not work on */
-/* some machines so this define can be commented out if necessary */
-
-#define FAST_BUFFER_OPERATIONS
-
-#define lp32(x) ((uint_32t*)(x))
-
-//[{]
-
-#if defined( _MSC_VER ) && ( _MSC_VER > 1200 )
-# define aligned_uint_8t(n) __declspec(align(n)) uint_8t _zrtp_bg_al_##n
-#elif defined( __GNUC__ ) || (__MWERKS__)
-# define aligned_uint_8t(n) uint_8t _zrtp_bg_al_##n __attribute__ ((aligned(n)))
-#else // disabled for VC6
-# undef FAST_BUFFER_OPERATIONS
-#endif
-
-#ifdef FAST_BUFFER_OPERATIONS
-
-aligned_uint_8t( 4); /* a variable that is 4 byte aligned */
-aligned_uint_8t(16); /* a variable that is 16 byte aligned */
-
-#define addr_offset(x,n) (((uint_8t*)(x) - &_zrtp_bg_al_##n) & ((n) - 1))
-
-#endif
-
-//[}]
-
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
-
-#include "aes_via_ace.h"
-
-#pragma pack(16)
-
-aligned_array(unsigned long, enc_gen_table, 12, 16) = NEH_ENC_GEN_DATA;
-aligned_array(unsigned long, enc_load_table, 12, 16) = NEH_ENC_LOAD_DATA;
-aligned_array(unsigned long, enc_hybrid_table, 12, 16) = NEH_ENC_HYBRID_DATA;
-aligned_array(unsigned long, dec_gen_table, 12, 16) = NEH_DEC_GEN_DATA;
-aligned_array(unsigned long, dec_load_table, 12, 16) = NEH_DEC_LOAD_DATA;
-aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA;
-
-/* NOTE: These control word macros must only be used after */
-/* a key has been set up because they depend on key size */
-
-#if NEH_KEY_TYPE == NEH_LOAD
-#define kd_adr(c) ((uint_8t*)(c)->ks)
-#elif NEH_KEY_TYPE == NEH_GENERATE
-#define kd_adr(c) ((uint_8t*)(c)->ks + (c)->inf.b[0])
-#else
-#define kd_adr(c) ((uint_8t*)(c)->ks + ((c)->inf.b[0] == 160 ? 160 : 0))
-#endif
-
-#else
-
-#define aligned_array(type, name, no, stride) type name[no]
-#define aligned_auto(type, name, no, stride) type name[no]
-
-#endif
-
-#if defined( _MSC_VER ) && _MSC_VER > 1200
-
-#define via_cwd(cwd, ty, dir, len) \
- unsigned long* cwd = (dir##_##ty##_table + ((len - 128) >> 4))
-
-#else
-
-#define via_cwd(cwd, ty, dir, len) \
- aligned_auto(unsigned long, cwd, 4, 16); \
- cwd[1] = cwd[2] = cwd[3] = 0; \
- cwd[0] = neh_##dir##_##ty##_key(len)
-
-#endif
-
-AES_RETURN zrtp_bg_aes_mode_reset(aes_encrypt_ctx ctx[1])
-{
- ctx->inf.b[2] = 0;
- return EXIT_SUCCESS;
-}
-
-AES_RETURN zrtp_bg_aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, const aes_encrypt_ctx ctx[1])
-{ int nb = len >> 4;
-
- if(len & (AES_BLOCK_SIZE - 1))
- return EXIT_FAILURE;
-
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
- if(ctx->inf.b[1] == 0xff)
- { uint_8t *ksp = (uint_8t*)(ctx->ks);
- via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
-
- if(addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-
- if(!addr_offset( ibuf, 16 ) && !addr_offset( obuf, 16 ))
- {
- via_ecb_op5(ksp,cwd,ibuf,obuf,nb);
- }
- else
- { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint_8t *ip, *op;
-
- while(nb)
- {
- int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
-
- ip = (addr_offset( ibuf, 16 ) ? buf : (uint_8t*)ibuf);
- op = (addr_offset( obuf, 16 ) ? buf : obuf);
-
- if(ip != ibuf)
- memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
-
- via_ecb_op5(ksp,cwd,ip,op,m);
-
- if(op != obuf)
- memcpy(obuf, buf, m * AES_BLOCK_SIZE);
-
- ibuf += m * AES_BLOCK_SIZE;
- obuf += m * AES_BLOCK_SIZE;
- nb -= m;
- }
- }
-
- return EXIT_SUCCESS;
- }
-
-#endif
-
-#if !defined( ASSUME_VIA_ACE_PRESENT )
- while(nb--)
- {
- zrtp_bg_aes_encrypt(ibuf, obuf, ctx);
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
-#endif
- return EXIT_SUCCESS;
-}
-
-AES_RETURN zrtp_bg_aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, const aes_decrypt_ctx ctx[1])
-{ int nb = len >> 4;
-
- if(len & (AES_BLOCK_SIZE - 1))
- return EXIT_FAILURE;
-
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
- if(ctx->inf.b[1] == 0xff)
- { uint_8t *ksp = kd_adr(ctx);
- via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
-
- if(addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-
- if(!addr_offset( ibuf, 16 ) && !addr_offset( obuf, 16 ))
- {
- via_ecb_op5(ksp,cwd,ibuf,obuf,nb);
- }
- else
- { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint_8t *ip, *op;
-
- while(nb)
- {
- int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
-
- ip = (addr_offset( ibuf, 16 ) ? buf : (uint_8t*)ibuf);
- op = (addr_offset( obuf, 16 ) ? buf : obuf);
-
- if(ip != ibuf)
- memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
-
- via_ecb_op5(ksp,cwd,ip,op,m);
-
- if(op != obuf)
- memcpy(obuf, buf, m * AES_BLOCK_SIZE);
-
- ibuf += m * AES_BLOCK_SIZE;
- obuf += m * AES_BLOCK_SIZE;
- nb -= m;
- }
- }
-
- return EXIT_SUCCESS;
- }
-
-#endif
-
-#if !defined( ASSUME_VIA_ACE_PRESENT )
- while(nb--)
- {
- zrtp_bg_aes_decrypt(ibuf, obuf, ctx);
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
-#endif
- return EXIT_SUCCESS;
-}
-
-#ifndef ZRTP_RESTRICT
-AES_RETURN zrtp_bg_aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, const aes_encrypt_ctx ctx[1])
-{ int nb = len >> 4;
-
- if(len & (AES_BLOCK_SIZE - 1))
- return EXIT_FAILURE;
-
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
- if(ctx->inf.b[1] == 0xff)
- { uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
- via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
-
- if(addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-
- if(addr_offset( iv, 16 )) /* ensure an aligned iv */
- {
- ivp = liv;
- memcpy(liv, iv, AES_BLOCK_SIZE);
- }
-
- if(!addr_offset( ibuf, 16 ) && !addr_offset( obuf, 16 ) && !addr_offset( iv, 16 ))
- {
- via_cbc_op7(ksp,cwd,ibuf,obuf,nb,ivp,ivp);
- }
- else
- { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint_8t *ip, *op;
-
- while(nb)
- {
- int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
-
- ip = (addr_offset( ibuf, 16 ) ? buf : (uint_8t*)ibuf);
- op = (addr_offset( obuf, 16 ) ? buf : obuf);
-
- if(ip != ibuf)
- memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
-
- via_cbc_op7(ksp,cwd,ip,op,m,ivp,ivp);
-
- if(op != obuf)
- memcpy(obuf, buf, m * AES_BLOCK_SIZE);
-
- ibuf += m * AES_BLOCK_SIZE;
- obuf += m * AES_BLOCK_SIZE;
- nb -= m;
- }
- }
-
- if(iv != ivp)
- memcpy(iv, ivp, AES_BLOCK_SIZE);
-
- return EXIT_SUCCESS;
- }
-
-#endif
-
-#if !defined( ASSUME_VIA_ACE_PRESENT )
-# ifdef FAST_BUFFER_OPERATIONS
- if(!addr_offset( ibuf, 4 ) && !addr_offset( iv, 4 ))
- while(nb--)
- {
- lp32(iv)[0] ^= lp32(ibuf)[0];
- lp32(iv)[1] ^= lp32(ibuf)[1];
- lp32(iv)[2] ^= lp32(ibuf)[2];
- lp32(iv)[3] ^= lp32(ibuf)[3];
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- memcpy(obuf, iv, AES_BLOCK_SIZE);
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
- else
-# endif
- while(nb--)
- {
- iv[ 0] ^= ibuf[ 0]; iv[ 1] ^= ibuf[ 1];
- iv[ 2] ^= ibuf[ 2]; iv[ 3] ^= ibuf[ 3];
- iv[ 4] ^= ibuf[ 4]; iv[ 5] ^= ibuf[ 5];
- iv[ 6] ^= ibuf[ 6]; iv[ 7] ^= ibuf[ 7];
- iv[ 8] ^= ibuf[ 8]; iv[ 9] ^= ibuf[ 9];
- iv[10] ^= ibuf[10]; iv[11] ^= ibuf[11];
- iv[12] ^= ibuf[12]; iv[13] ^= ibuf[13];
- iv[14] ^= ibuf[14]; iv[15] ^= ibuf[15];
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- memcpy(obuf, iv, AES_BLOCK_SIZE);
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
-#endif
- return EXIT_SUCCESS;
-}
-
-AES_RETURN zrtp_bg_aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, const aes_decrypt_ctx ctx[1])
-{ unsigned char tmp[AES_BLOCK_SIZE];
- int nb = len >> 4;
-
- if(len & (AES_BLOCK_SIZE - 1))
- return EXIT_FAILURE;
-
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
- if(ctx->inf.b[1] == 0xff)
- { uint_8t *ksp = kd_adr(ctx), *ivp = iv;
- aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
- via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
-
- if(addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-
- if(addr_offset( iv, 16 )) /* ensure an aligned iv */
- {
- ivp = liv;
- memcpy(liv, iv, AES_BLOCK_SIZE);
- }
-
- if(!addr_offset( ibuf, 16 ) && !addr_offset( obuf, 16 ) && !addr_offset( iv, 16 ))
- {
- via_cbc_op6(ksp,cwd,ibuf,obuf,nb,ivp);
- }
- else
- { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint_8t *ip, *op;
-
- while(nb)
- {
- int m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb);
-
- ip = (addr_offset( ibuf, 16 ) ? buf : (uint_8t*)ibuf);
- op = (addr_offset( obuf, 16 ) ? buf : obuf);
-
- if(ip != ibuf)
- memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
-
- via_cbc_op6(ksp,cwd,ip,op,m,ivp);
-
- if(op != obuf)
- memcpy(obuf, buf, m * AES_BLOCK_SIZE);
-
- ibuf += m * AES_BLOCK_SIZE;
- obuf += m * AES_BLOCK_SIZE;
- nb -= m;
- }
- }
-
- if(iv != ivp)
- memcpy(iv, ivp, AES_BLOCK_SIZE);
-
- return EXIT_SUCCESS;
- }
-#endif
-
-#if !defined( ASSUME_VIA_ACE_PRESENT )
-# ifdef FAST_BUFFER_OPERATIONS
- if(!addr_offset( obuf, 4 ) && !addr_offset( iv, 4 ))
- while(nb--)
- {
- memcpy(tmp, ibuf, AES_BLOCK_SIZE);
- zrtp_bg_aes_decrypt(ibuf, obuf, ctx);
- lp32(obuf)[0] ^= lp32(iv)[0];
- lp32(obuf)[1] ^= lp32(iv)[1];
- lp32(obuf)[2] ^= lp32(iv)[2];
- lp32(obuf)[3] ^= lp32(iv)[3];
- memcpy(iv, tmp, AES_BLOCK_SIZE);
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
- else
-# endif
- while(nb--)
- {
- memcpy(tmp, ibuf, AES_BLOCK_SIZE);
- zrtp_bg_aes_decrypt(ibuf, obuf, ctx);
- obuf[ 0] ^= iv[ 0]; obuf[ 1] ^= iv[ 1];
- obuf[ 2] ^= iv[ 2]; obuf[ 3] ^= iv[ 3];
- obuf[ 4] ^= iv[ 4]; obuf[ 5] ^= iv[ 5];
- obuf[ 6] ^= iv[ 6]; obuf[ 7] ^= iv[ 7];
- obuf[ 8] ^= iv[ 8]; obuf[ 9] ^= iv[ 9];
- obuf[10] ^= iv[10]; obuf[11] ^= iv[11];
- obuf[12] ^= iv[12]; obuf[13] ^= iv[13];
- obuf[14] ^= iv[14]; obuf[15] ^= iv[15];
- memcpy(iv, tmp, AES_BLOCK_SIZE);
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
-#endif
- return EXIT_SUCCESS;
-}
-#endif //ZRTP_RESTRICT
-
-AES_RETURN zrtp_bg_aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
-{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
-
- if(b_pos) /* complete any partial block */
- {
- while(b_pos < AES_BLOCK_SIZE && cnt < len)
- *obuf++ = iv[b_pos++] ^= *ibuf++, cnt++;
-
- b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
- }
-
- if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
- {
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
- if(ctx->inf.b[1] == 0xff)
- { int m;
- uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
- via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
-
- if(addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-
- if(addr_offset( iv, 16 )) /* ensure an aligned iv */
- {
- ivp = liv;
- memcpy(liv, iv, AES_BLOCK_SIZE);
- }
-
- if(!addr_offset( ibuf, 16 ) && !addr_offset( obuf, 16 ))
- {
- via_cfb_op7(ksp, cwd, ibuf, obuf, nb, ivp, ivp);
- ibuf += nb * AES_BLOCK_SIZE;
- obuf += nb * AES_BLOCK_SIZE;
- cnt += nb * AES_BLOCK_SIZE;
- }
- else /* input, output or both are unaligned */
- { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint_8t *ip, *op;
-
- while(nb)
- {
- m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
-
- ip = (addr_offset( ibuf, 16 ) ? buf : (uint_8t*)ibuf);
- op = (addr_offset( obuf, 16 ) ? buf : obuf);
-
- if(ip != ibuf)
- memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
-
- via_cfb_op7(ksp, cwd, ip, op, m, ivp, ivp);
-
- if(op != obuf)
- memcpy(obuf, buf, m * AES_BLOCK_SIZE);
-
- ibuf += m * AES_BLOCK_SIZE;
- obuf += m * AES_BLOCK_SIZE;
- cnt += m * AES_BLOCK_SIZE;
- }
- }
-
- if(ivp != iv)
- memcpy(iv, ivp, AES_BLOCK_SIZE);
- }
-#else
-# ifdef FAST_BUFFER_OPERATIONS
- if(!addr_offset( ibuf, 4 ) && !addr_offset( obuf, 4 ) && !addr_offset( iv, 4 ))
- while(cnt + AES_BLOCK_SIZE <= len)
- {
- assert(b_pos == 0);
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- lp32(obuf)[0] = lp32(iv)[0] ^= lp32(ibuf)[0];
- lp32(obuf)[1] = lp32(iv)[1] ^= lp32(ibuf)[1];
- lp32(obuf)[2] = lp32(iv)[2] ^= lp32(ibuf)[2];
- lp32(obuf)[3] = lp32(iv)[3] ^= lp32(ibuf)[3];
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- cnt += AES_BLOCK_SIZE;
- }
- else
-# endif
- while(cnt + AES_BLOCK_SIZE <= len)
- {
- assert(b_pos == 0);
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- obuf[ 0] = iv[ 0] ^= ibuf[ 0]; obuf[ 1] = iv[ 1] ^= ibuf[ 1];
- obuf[ 2] = iv[ 2] ^= ibuf[ 2]; obuf[ 3] = iv[ 3] ^= ibuf[ 3];
- obuf[ 4] = iv[ 4] ^= ibuf[ 4]; obuf[ 5] = iv[ 5] ^= ibuf[ 5];
- obuf[ 6] = iv[ 6] ^= ibuf[ 6]; obuf[ 7] = iv[ 7] ^= ibuf[ 7];
- obuf[ 8] = iv[ 8] ^= ibuf[ 8]; obuf[ 9] = iv[ 9] ^= ibuf[ 9];
- obuf[10] = iv[10] ^= ibuf[10]; obuf[11] = iv[11] ^= ibuf[11];
- obuf[12] = iv[12] ^= ibuf[12]; obuf[13] = iv[13] ^= ibuf[13];
- obuf[14] = iv[14] ^= ibuf[14]; obuf[15] = iv[15] ^= ibuf[15];
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- cnt += AES_BLOCK_SIZE;
- }
-#endif
- }
-
- while(cnt < len)
- {
- if(!b_pos)
- zrtp_bg_aes_ecb_encrypt(iv, iv, AES_BLOCK_SIZE, ctx);
-
- while(cnt < len && b_pos < AES_BLOCK_SIZE)
- *obuf++ = iv[b_pos++] ^= *ibuf++, cnt++;
-
- b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
- }
-
- ctx->inf.b[2] = (uint_8t)b_pos;
- return EXIT_SUCCESS;
-}
-
-AES_RETURN zrtp_bg_aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
-{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
-
- if(b_pos) /* complete any partial block */
- { uint_8t t;
-
- while(b_pos < AES_BLOCK_SIZE && cnt < len)
- t = *ibuf++, *obuf++ = t ^ iv[b_pos], iv[b_pos++] = t, cnt++;
-
- b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
- }
-
- if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
- {
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
- if(ctx->inf.b[1] == 0xff)
- { int m;
- uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
- via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
-
- if(addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-
- if(addr_offset( iv, 16 )) /* ensure an aligned iv */
- {
- ivp = liv;
- memcpy(liv, iv, AES_BLOCK_SIZE);
- }
-
- if(!addr_offset( ibuf, 16 ) && !addr_offset( obuf, 16 ))
- {
- via_cfb_op6(ksp, cwd, ibuf, obuf, nb, ivp);
- ibuf += nb * AES_BLOCK_SIZE;
- obuf += nb * AES_BLOCK_SIZE;
- cnt += nb * AES_BLOCK_SIZE;
- }
- else /* input, output or both are unaligned */
- { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint_8t *ip, *op;
-
- while(nb)
- {
- m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
-
- ip = (addr_offset( ibuf, 16 ) ? buf : (uint_8t*)ibuf);
- op = (addr_offset( obuf, 16 ) ? buf : op);
-
- if(ip != ibuf)
- memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
-
- via_cfb_op6(ksp, cwd, ip, op, m, ivp);
-
- if(op != obuf)
- memcpy(obuf, buf, m * AES_BLOCK_SIZE);
-
- ibuf += m * AES_BLOCK_SIZE;
- obuf += m * AES_BLOCK_SIZE;
- cnt += m * AES_BLOCK_SIZE;
- }
- }
-
- if(ivp != iv)
- memcpy(iv, ivp, AES_BLOCK_SIZE);
- }
-#else
-# ifdef FAST_BUFFER_OPERATIONS
- if(!addr_offset( ibuf, 4 ) && !addr_offset( obuf, 4 ) &&!addr_offset( iv, 4 ))
- while(cnt + AES_BLOCK_SIZE <= len)
- { uint_32t t;
-
- assert(b_pos == 0);
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- t = lp32(ibuf)[0], lp32(obuf)[0] = t ^ lp32(iv)[0], lp32(iv)[0] = t;
- t = lp32(ibuf)[1], lp32(obuf)[1] = t ^ lp32(iv)[1], lp32(iv)[1] = t;
- t = lp32(ibuf)[2], lp32(obuf)[2] = t ^ lp32(iv)[2], lp32(iv)[2] = t;
- t = lp32(ibuf)[3], lp32(obuf)[3] = t ^ lp32(iv)[3], lp32(iv)[3] = t;
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- cnt += AES_BLOCK_SIZE;
- }
- else
-# endif
- while(cnt + AES_BLOCK_SIZE <= len)
- { uint_8t t;
-
- assert(b_pos == 0);
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- t = ibuf[ 0], obuf[ 0] = t ^ iv[ 0], iv[ 0] = t;
- t = ibuf[ 1], obuf[ 1] = t ^ iv[ 1], iv[ 1] = t;
- t = ibuf[ 2], obuf[ 2] = t ^ iv[ 2], iv[ 2] = t;
- t = ibuf[ 3], obuf[ 3] = t ^ iv[ 3], iv[ 3] = t;
- t = ibuf[ 4], obuf[ 4] = t ^ iv[ 4], iv[ 4] = t;
- t = ibuf[ 5], obuf[ 5] = t ^ iv[ 5], iv[ 5] = t;
- t = ibuf[ 6], obuf[ 6] = t ^ iv[ 6], iv[ 6] = t;
- t = ibuf[ 7], obuf[ 7] = t ^ iv[ 7], iv[ 7] = t;
- t = ibuf[ 8], obuf[ 8] = t ^ iv[ 8], iv[ 8] = t;
- t = ibuf[ 9], obuf[ 9] = t ^ iv[ 9], iv[ 9] = t;
- t = ibuf[10], obuf[10] = t ^ iv[10], iv[10] = t;
- t = ibuf[11], obuf[11] = t ^ iv[11], iv[11] = t;
- t = ibuf[12], obuf[12] = t ^ iv[12], iv[12] = t;
- t = ibuf[13], obuf[13] = t ^ iv[13], iv[13] = t;
- t = ibuf[14], obuf[14] = t ^ iv[14], iv[14] = t;
- t = ibuf[15], obuf[15] = t ^ iv[15], iv[15] = t;
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- cnt += AES_BLOCK_SIZE;
- }
-#endif
- }
-
- while(cnt < len)
- { uint_8t t;
-
- if(!b_pos)
- zrtp_bg_aes_ecb_encrypt(iv, iv, AES_BLOCK_SIZE, ctx);
-
- while(cnt < len && b_pos < AES_BLOCK_SIZE)
- t = *ibuf++, *obuf++ = t ^ iv[b_pos], iv[b_pos++] = t, cnt++;
-
- b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
- }
-
- ctx->inf.b[2] = (uint_8t)b_pos;
- return EXIT_SUCCESS;
-}
-
-#ifndef ZRTP_RESTRICT
-AES_RETURN zrtp_bg_aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *iv, aes_encrypt_ctx ctx[1])
-{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
-
- if(b_pos) /* complete any partial block */
- {
- while(b_pos < AES_BLOCK_SIZE && cnt < len)
- *obuf++ = iv[b_pos++] ^ *ibuf++, cnt++;
-
- b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
- }
-
- if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
- {
-#if defined( USE_VIA_ACE_IF_PRESENT )
-
- if(ctx->inf.b[1] == 0xff)
- { int m;
- uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
- via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
-
- if(addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-
- if(addr_offset( iv, 16 )) /* ensure an aligned iv */
- {
- ivp = liv;
- memcpy(liv, iv, AES_BLOCK_SIZE);
- }
-
- if(!addr_offset( ibuf, 16 ) && !addr_offset( obuf, 16 ))
- {
- via_ofb_op6(ksp, cwd, ibuf, obuf, nb, ivp);
- ibuf += nb * AES_BLOCK_SIZE;
- obuf += nb * AES_BLOCK_SIZE;
- cnt += nb * AES_BLOCK_SIZE;
- }
- else /* input, output or both are unaligned */
- { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint_8t *ip, *op;
-
- while(nb)
- {
- m = (nb > BFR_BLOCKS ? BFR_BLOCKS : nb), nb -= m;
-
- ip = (addr_offset( ibuf, 16 ) ? buf : (uint_8t*)ibuf);
- op = (addr_offset( obuf, 16 ) ? buf : obuf);
-
- if(ip != ibuf)
- memcpy(buf, ibuf, m * AES_BLOCK_SIZE);
-
- via_ofb_op6(ksp, cwd, ip, op, m, ivp);
-
- if(op != obuf)
- memcpy(obuf, buf, m * AES_BLOCK_SIZE);
-
- ibuf += m * AES_BLOCK_SIZE;
- obuf += m * AES_BLOCK_SIZE;
- cnt += m * AES_BLOCK_SIZE;
- }
- }
-
- if(ivp != iv)
- memcpy(iv, ivp, AES_BLOCK_SIZE);
- }
-#else
-# ifdef FAST_BUFFER_OPERATIONS
- if(!addr_offset( ibuf, 4 ) && !addr_offset( obuf, 4 ) && !addr_offset( iv, 4 ))
- while(cnt + AES_BLOCK_SIZE <= len)
- {
- assert(b_pos == 0);
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- lp32(obuf)[0] = lp32(iv)[0] ^ lp32(ibuf)[0];
- lp32(obuf)[1] = lp32(iv)[1] ^ lp32(ibuf)[1];
- lp32(obuf)[2] = lp32(iv)[2] ^ lp32(ibuf)[2];
- lp32(obuf)[3] = lp32(iv)[3] ^ lp32(ibuf)[3];
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- cnt += AES_BLOCK_SIZE;
- }
- else
-# endif
- while(cnt + AES_BLOCK_SIZE <= len)
- {
- assert(b_pos == 0);
- zrtp_bg_aes_encrypt(iv, iv, ctx);
- obuf[ 0] = iv[ 0] ^ ibuf[ 0]; obuf[ 1] = iv[ 1] ^ ibuf[ 1];
- obuf[ 2] = iv[ 2] ^ ibuf[ 2]; obuf[ 3] = iv[ 3] ^ ibuf[ 3];
- obuf[ 4] = iv[ 4] ^ ibuf[ 4]; obuf[ 5] = iv[ 5] ^ ibuf[ 5];
- obuf[ 6] = iv[ 6] ^ ibuf[ 6]; obuf[ 7] = iv[ 7] ^ ibuf[ 7];
- obuf[ 8] = iv[ 8] ^ ibuf[ 8]; obuf[ 9] = iv[ 9] ^ ibuf[ 9];
- obuf[10] = iv[10] ^ ibuf[10]; obuf[11] = iv[11] ^ ibuf[11];
- obuf[12] = iv[12] ^ ibuf[12]; obuf[13] = iv[13] ^ ibuf[13];
- obuf[14] = iv[14] ^ ibuf[14]; obuf[15] = iv[15] ^ ibuf[15];
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- cnt += AES_BLOCK_SIZE;
- }
-#endif
- }
-
- while(cnt < len)
- {
- if(!b_pos)
- zrtp_bg_aes_ecb_encrypt(iv, iv, AES_BLOCK_SIZE, ctx);
-
- while(cnt < len && b_pos < AES_BLOCK_SIZE)
- *obuf++ = iv[b_pos++] ^ *ibuf++, cnt++;
-
- b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
- }
-
- ctx->inf.b[2] = (uint_8t)b_pos;
- return EXIT_SUCCESS;
-}
-#endif //ZRTP_RESTRICT
-
-#define BFR_LENGTH (BFR_BLOCKS * AES_BLOCK_SIZE)
-
-AES_RETURN zrtp_bg_aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
- int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx ctx[1])
-{ uint_8t *ip;
- int i, blen, b_pos = (int)(ctx->inf.b[2]);
-
-#if defined( USE_VIA_ACE_IF_PRESENT )
- aligned_auto(uint_8t, buf, BFR_LENGTH, 16);
- if(ctx->inf.b[1] == 0xff && addr_offset( ctx, 16 ))
- return EXIT_FAILURE;
-#else
- uint_8t buf[BFR_LENGTH];
-#endif
-
- if(b_pos)
- {
- memcpy(buf, cbuf, AES_BLOCK_SIZE);
- zrtp_bg_aes_ecb_encrypt(buf, buf, AES_BLOCK_SIZE, ctx);
- while(b_pos < AES_BLOCK_SIZE && len)
- *obuf++ = *ibuf++ ^ buf[b_pos++], --len;
- if(len)
- ctr_inc(cbuf), b_pos = 0;
- }
-
- while(len)
- {
- blen = (len > BFR_LENGTH ? BFR_LENGTH : len), len -= blen;
-
- for(i = 0, ip = buf; i < (blen >> 4); ++i)
- {
- memcpy(ip, cbuf, AES_BLOCK_SIZE);
- ctr_inc(cbuf);
- ip += AES_BLOCK_SIZE;
- }
-
- if(blen & (AES_BLOCK_SIZE - 1))
- memcpy(ip, cbuf, AES_BLOCK_SIZE), i++;
-
-#if defined( USE_VIA_ACE_IF_PRESENT )
- if(ctx->inf.b[1] == 0xff)
- {
- via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
- via_ecb_op5((ctx->ks),cwd,buf,buf,i);
- }
- else
-#endif
- zrtp_bg_aes_ecb_encrypt(buf, buf, i * AES_BLOCK_SIZE, ctx);
-
- i = 0; ip = buf;
-# ifdef FAST_BUFFER_OPERATIONS
- if(!addr_offset( ibuf, 4 ) && !addr_offset( obuf, 4 ) && !addr_offset( ip, 4 ))
- while(i + AES_BLOCK_SIZE <= blen)
- {
- lp32(obuf)[0] = lp32(ibuf)[0] ^ lp32(ip)[0];
- lp32(obuf)[1] = lp32(ibuf)[1] ^ lp32(ip)[1];
- lp32(obuf)[2] = lp32(ibuf)[2] ^ lp32(ip)[2];
- lp32(obuf)[3] = lp32(ibuf)[3] ^ lp32(ip)[3];
- i += AES_BLOCK_SIZE;
- ip += AES_BLOCK_SIZE;
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
- else
-#endif
- while(i + AES_BLOCK_SIZE <= blen)
- {
- obuf[ 0] = ibuf[ 0] ^ ip[ 0]; obuf[ 1] = ibuf[ 1] ^ ip[ 1];
- obuf[ 2] = ibuf[ 2] ^ ip[ 2]; obuf[ 3] = ibuf[ 3] ^ ip[ 3];
- obuf[ 4] = ibuf[ 4] ^ ip[ 4]; obuf[ 5] = ibuf[ 5] ^ ip[ 5];
- obuf[ 6] = ibuf[ 6] ^ ip[ 6]; obuf[ 7] = ibuf[ 7] ^ ip[ 7];
- obuf[ 8] = ibuf[ 8] ^ ip[ 8]; obuf[ 9] = ibuf[ 9] ^ ip[ 9];
- obuf[10] = ibuf[10] ^ ip[10]; obuf[11] = ibuf[11] ^ ip[11];
- obuf[12] = ibuf[12] ^ ip[12]; obuf[13] = ibuf[13] ^ ip[13];
- obuf[14] = ibuf[14] ^ ip[14]; obuf[15] = ibuf[15] ^ ip[15];
- i += AES_BLOCK_SIZE;
- ip += AES_BLOCK_SIZE;
- ibuf += AES_BLOCK_SIZE;
- obuf += AES_BLOCK_SIZE;
- }
-
- while(i++ < blen)
- *obuf++ = *ibuf++ ^ ip[b_pos++];
- }
-
- ctx->inf.b[2] = (uint_8t)b_pos;
- return EXIT_SUCCESS;
-}
-
-#if defined(__cplusplus)
-}
-#endif
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-*/
-
-#include "aesopt.h"
-#include "aestab.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
-#define so(y,x,c) word_out(y, c, s(x,c))
-
-#if defined(ARRAYS)
-#define locals(y,x) x[4],y[4]
-#else
-#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
-#endif
-
-#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
- s(y,2) = s(x,2); s(y,3) = s(x,3);
-#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
-#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
-#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
-
-#if ( FUNCS_IN_C & ENCRYPTION_IN_C )
-
-/* Visual C++ .Net v7.1 provides the fastest encryption code when using
- Pentium optimiation with small code but this is poor for decryption
- so we need to control this with the following VC++ pragmas
-*/
-
-#if defined( _MSC_VER ) && !defined( _WIN64 )
-#pragma optimize( "s", on )
-#endif
-
-/* Given the column (c) of the output state variable, the following
- macros give the input state variables which are needed in its
- computation for each row (r) of the state. All the alternative
- macros give the same end values but expand into different ways
- of calculating these values. In particular the complex macro
- used for dynamically variable block sizes is designed to expand
- to a compile time constant whenever possible but will expand to
- conditional clauses on some branches (I am grateful to Frank
- Yellin for this construction)
-*/
-
-#define fwd_var(x,r,c)\
- ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
- : r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
- : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
- : ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
-
-#if defined(FT4_SET)
-#undef dec_fmvars
-#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
-#elif defined(FT1_SET)
-#undef dec_fmvars
-#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
-#else
-#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
-#endif
-
-#if defined(FL4_SET)
-#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
-#elif defined(FL1_SET)
-#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
-#else
-#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
-#endif
-
-AES_RETURN zrtp_bg_aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
-{ uint_32t locals(b0, b1);
- const uint_32t *kp;
-#if defined( dec_fmvars )
- dec_fmvars; /* declare variables for fwd_mcol() if needed */
-#endif
-
-#if defined( AES_ERR_CHK )
- if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
- return EXIT_FAILURE;
-#endif
-
- kp = cx->ks;
- state_in(b0, in, kp);
-
-#if (ENC_UNROLL == FULL)
-
- switch(cx->inf.b[0])
- {
- case 14 * 16:
- round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
- round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
- kp += 2 * N_COLS;
- case 12 * 16:
- round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
- round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
- kp += 2 * N_COLS;
- case 10 * 16:
- round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
- round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
- round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
- round(fwd_rnd, b0, b1, kp + 4 * N_COLS);
- round(fwd_rnd, b1, b0, kp + 5 * N_COLS);
- round(fwd_rnd, b0, b1, kp + 6 * N_COLS);
- round(fwd_rnd, b1, b0, kp + 7 * N_COLS);
- round(fwd_rnd, b0, b1, kp + 8 * N_COLS);
- round(fwd_rnd, b1, b0, kp + 9 * N_COLS);
- round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
- }
-
-#else
-
-#if (ENC_UNROLL == PARTIAL)
- { uint_32t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
- {
- kp += N_COLS;
- round(fwd_rnd, b1, b0, kp);
- kp += N_COLS;
- round(fwd_rnd, b0, b1, kp);
- }
- kp += N_COLS;
- round(fwd_rnd, b1, b0, kp);
-#else
- { uint_32t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
- {
- kp += N_COLS;
- round(fwd_rnd, b1, b0, kp);
- l_copy(b0, b1);
- }
-#endif
- kp += N_COLS;
- round(fwd_lrnd, b0, b1, kp);
- }
-#endif
-
- state_out(out, b0);
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if ( FUNCS_IN_C & DECRYPTION_IN_C)
-
-/* Visual C++ .Net v7.1 provides the fastest encryption code when using
- Pentium optimiation with small code but this is poor for decryption
- so we need to control this with the following VC++ pragmas
-*/
-
-#if defined( _MSC_VER ) && !defined( _WIN64 )
-#pragma optimize( "t", on )
-#endif
-
-/* Given the column (c) of the output state variable, the following
- macros give the input state variables which are needed in its
- computation for each row (r) of the state. All the alternative
- macros give the same end values but expand into different ways
- of calculating these values. In particular the complex macro
- used for dynamically variable block sizes is designed to expand
- to a compile time constant whenever possible but will expand to
- conditional clauses on some branches (I am grateful to Frank
- Yellin for this construction)
-*/
-
-#define inv_var(x,r,c)\
- ( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
- : r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
- : r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
- : ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
-
-#if defined(IT4_SET)
-#undef dec_imvars
-#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
-#elif defined(IT1_SET)
-#undef dec_imvars
-#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
-#else
-#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
-#endif
-
-#if defined(IL4_SET)
-#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
-#elif defined(IL1_SET)
-#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
-#else
-#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
-#endif
-
-/* This code can work with the decryption key schedule in the */
-/* order that is used for encrytpion (where the 1st decryption */
-/* round key is at the high end ot the schedule) or with a key */
-/* schedule that has been reversed to put the 1st decryption */
-/* round key at the low end of the schedule in memory (when */
-/* AES_REV_DKS is defined) */
-
-#ifdef AES_REV_DKS
-#define key_ofs 0
-#define rnd_key(n) (kp + n * N_COLS)
-#else
-#define key_ofs 1
-#define rnd_key(n) (kp - n * N_COLS)
-#endif
-
-AES_RETURN zrtp_bg_aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
-{ uint_32t locals(b0, b1);
-#if defined( dec_imvars )
- dec_imvars; /* declare variables for inv_mcol() if needed */
-#endif
- const uint_32t *kp;
-
-#if defined( AES_ERR_CHK )
- if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
- return EXIT_FAILURE;
-#endif
-
- kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
- state_in(b0, in, kp);
-
-#if (DEC_UNROLL == FULL)
-
- kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
- switch(cx->inf.b[0])
- {
- case 14 * 16:
- round(inv_rnd, b1, b0, rnd_key(-13));
- round(inv_rnd, b0, b1, rnd_key(-12));
- case 12 * 16:
- round(inv_rnd, b1, b0, rnd_key(-11));
- round(inv_rnd, b0, b1, rnd_key(-10));
- case 10 * 16:
- round(inv_rnd, b1, b0, rnd_key(-9));
- round(inv_rnd, b0, b1, rnd_key(-8));
- round(inv_rnd, b1, b0, rnd_key(-7));
- round(inv_rnd, b0, b1, rnd_key(-6));
- round(inv_rnd, b1, b0, rnd_key(-5));
- round(inv_rnd, b0, b1, rnd_key(-4));
- round(inv_rnd, b1, b0, rnd_key(-3));
- round(inv_rnd, b0, b1, rnd_key(-2));
- round(inv_rnd, b1, b0, rnd_key(-1));
- round(inv_lrnd, b0, b1, rnd_key( 0));
- }
-
-#else
-
-#if (DEC_UNROLL == PARTIAL)
- { uint_32t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
- {
- kp = rnd_key(1);
- round(inv_rnd, b1, b0, kp);
- kp = rnd_key(1);
- round(inv_rnd, b0, b1, kp);
- }
- kp = rnd_key(1);
- round(inv_rnd, b1, b0, kp);
-#else
- { uint_32t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
- {
- kp = rnd_key(1);
- round(inv_rnd, b1, b0, kp);
- l_copy(b0, b1);
- }
-#endif
- kp = rnd_key(1);
- round(inv_lrnd, b0, b1, kp);
- }
-#endif
-
- state_out(out, b0);
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-*/
-
-#include "aesopt.h"
-#include "aestab.h"
-
-#ifdef USE_VIA_ACE_IF_PRESENT
-# include "aes_via_ace.h"
-#endif
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/* Initialise the key schedule from the user supplied key. The key
- length can be specified in bytes, with legal values of 16, 24
- and 32, or in bits, with legal values of 128, 192 and 256. These
- values correspond with Nk values of 4, 6 and 8 respectively.
-
- The following macros implement a single cycle in the key
- schedule generation process. The number of cycles needed
- for each cx->n_col and nk value is:
-
- nk = 4 5 6 7 8
- ------------------------------
- cx->n_col = 4 10 9 8 7 7
- cx->n_col = 5 14 11 10 9 9
- cx->n_col = 6 19 15 12 11 11
- cx->n_col = 7 21 19 16 13 14
- cx->n_col = 8 29 23 19 17 14
-*/
-
-#if (FUNCS_IN_C & ENC_KEYING_IN_C)
-
-#if defined(AES_128) || defined(AES_VAR)
-
-#define ke4(k,i) \
-{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
- k[4*(i)+5] = ss[1] ^= ss[0]; \
- k[4*(i)+6] = ss[2] ^= ss[1]; \
- k[4*(i)+7] = ss[3] ^= ss[2]; \
-}
-
-AES_RETURN zrtp_bg_aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
-{ uint_32t ss[4];
-
- cx->ks[0] = ss[0] = word_in(key, 0);
- cx->ks[1] = ss[1] = word_in(key, 1);
- cx->ks[2] = ss[2] = word_in(key, 2);
- cx->ks[3] = ss[3] = word_in(key, 3);
-
-#if ENC_UNROLL == NONE
- { uint_32t i;
- for(i = 0; i < 9; ++i)
- ke4(cx->ks, i);
- }
-#else
- ke4(cx->ks, 0); ke4(cx->ks, 1);
- ke4(cx->ks, 2); ke4(cx->ks, 3);
- ke4(cx->ks, 4); ke4(cx->ks, 5);
- ke4(cx->ks, 6); ke4(cx->ks, 7);
- ke4(cx->ks, 8);
-#endif
- ke4(cx->ks, 9);
- cx->inf.l = 0;
- cx->inf.b[0] = 10 * 16;
-
-#ifdef USE_VIA_ACE_IF_PRESENT
- if(VIA_ACE_AVAILABLE)
- cx->inf.b[1] = 0xff;
-#endif
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if defined(AES_192) || defined(AES_VAR)
-
-#define kef6(k,i) \
-{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
- k[6*(i)+ 7] = ss[1] ^= ss[0]; \
- k[6*(i)+ 8] = ss[2] ^= ss[1]; \
- k[6*(i)+ 9] = ss[3] ^= ss[2]; \
-}
-
-#define ke6(k,i) \
-{ kef6(k,i); \
- k[6*(i)+10] = ss[4] ^= ss[3]; \
- k[6*(i)+11] = ss[5] ^= ss[4]; \
-}
-
-AES_RETURN zrtp_bg_aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
-{ uint_32t ss[6];
-
- cx->ks[0] = ss[0] = word_in(key, 0);
- cx->ks[1] = ss[1] = word_in(key, 1);
- cx->ks[2] = ss[2] = word_in(key, 2);
- cx->ks[3] = ss[3] = word_in(key, 3);
- cx->ks[4] = ss[4] = word_in(key, 4);
- cx->ks[5] = ss[5] = word_in(key, 5);
-
-#if ENC_UNROLL == NONE
- { uint_32t i;
- for(i = 0; i < 7; ++i)
- ke6(cx->ks, i);
- }
-#else
- ke6(cx->ks, 0); ke6(cx->ks, 1);
- ke6(cx->ks, 2); ke6(cx->ks, 3);
- ke6(cx->ks, 4); ke6(cx->ks, 5);
- ke6(cx->ks, 6);
-#endif
- kef6(cx->ks, 7);
- cx->inf.l = 0;
- cx->inf.b[0] = 12 * 16;
-
-#ifdef USE_VIA_ACE_IF_PRESENT
- if(VIA_ACE_AVAILABLE)
- cx->inf.b[1] = 0xff;
-#endif
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if defined(AES_256) || defined(AES_VAR)
-
-#define kef8(k,i) \
-{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
- k[8*(i)+ 9] = ss[1] ^= ss[0]; \
- k[8*(i)+10] = ss[2] ^= ss[1]; \
- k[8*(i)+11] = ss[3] ^= ss[2]; \
-}
-
-#define ke8(k,i) \
-{ kef8(k,i); \
- k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); \
- k[8*(i)+13] = ss[5] ^= ss[4]; \
- k[8*(i)+14] = ss[6] ^= ss[5]; \
- k[8*(i)+15] = ss[7] ^= ss[6]; \
-}
-
-AES_RETURN zrtp_bg_aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
-{ uint_32t ss[8];
-
- cx->ks[0] = ss[0] = word_in(key, 0);
- cx->ks[1] = ss[1] = word_in(key, 1);
- cx->ks[2] = ss[2] = word_in(key, 2);
- cx->ks[3] = ss[3] = word_in(key, 3);
- cx->ks[4] = ss[4] = word_in(key, 4);
- cx->ks[5] = ss[5] = word_in(key, 5);
- cx->ks[6] = ss[6] = word_in(key, 6);
- cx->ks[7] = ss[7] = word_in(key, 7);
-
-#if ENC_UNROLL == NONE
- { uint_32t i;
- for(i = 0; i < 6; ++i)
- ke8(cx->ks, i);
- }
-#else
- ke8(cx->ks, 0); ke8(cx->ks, 1);
- ke8(cx->ks, 2); ke8(cx->ks, 3);
- ke8(cx->ks, 4); ke8(cx->ks, 5);
-#endif
- kef8(cx->ks, 6);
- cx->inf.l = 0;
- cx->inf.b[0] = 14 * 16;
-
-#ifdef USE_VIA_ACE_IF_PRESENT
- if(VIA_ACE_AVAILABLE)
- cx->inf.b[1] = 0xff;
-#endif
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if defined(AES_VAR)
-
-AES_RETURN zrtp_bg_aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
-{
- switch(key_len)
- {
-#if defined( AES_ERR_CHK )
- case 16: case 128: return zrtp_bg_aes_encrypt_key128(key, cx);
- case 24: case 192: return zrtp_bg_aes_encrypt_key192(key, cx);
- case 32: case 256: return zrtp_bg_aes_encrypt_key256(key, cx);
- default: return EXIT_FAILURE;
-#else
- case 16: case 128: zrtp_bg_aes_encrypt_key128(key, cx); return;
- case 24: case 192: zrtp_bg_aes_encrypt_key192(key, cx); return;
- case 32: case 256: zrtp_bg_aes_encrypt_key256(key, cx); return;
-#endif
- }
-}
-
-#endif
-
-#endif
-
-#if (FUNCS_IN_C & DEC_KEYING_IN_C)
-
-/* this is used to store the decryption round keys */
-/* in forward or reverse order */
-
-#ifdef AES_REV_DKS
-#define v(n,i) ((n) - (i) + 2 * ((i) & 3))
-#else
-#define v(n,i) (i)
-#endif
-
-#if DEC_ROUND == NO_TABLES
-#define ff(x) (x)
-#else
-#define ff(x) inv_mcol(x)
-#if defined( dec_imvars )
-#define d_vars dec_imvars
-#endif
-#endif
-
-#if defined(AES_128) || defined(AES_VAR)
-
-#define k4e(k,i) \
-{ k[v(40,(4*(i))+4)] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; \
- k[v(40,(4*(i))+5)] = ss[1] ^= ss[0]; \
- k[v(40,(4*(i))+6)] = ss[2] ^= ss[1]; \
- k[v(40,(4*(i))+7)] = ss[3] ^= ss[2]; \
-}
-
-#if 1
-
-#define kdf4(k,i) \
-{ ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; \
- ss[1] = ss[1] ^ ss[3]; \
- ss[2] = ss[2] ^ ss[3]; \
- ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
- ss[i % 4] ^= ss[4]; \
- ss[4] ^= k[v(40,(4*(i)))]; k[v(40,(4*(i))+4)] = ff(ss[4]); \
- ss[4] ^= k[v(40,(4*(i))+1)]; k[v(40,(4*(i))+5)] = ff(ss[4]); \
- ss[4] ^= k[v(40,(4*(i))+2)]; k[v(40,(4*(i))+6)] = ff(ss[4]); \
- ss[4] ^= k[v(40,(4*(i))+3)]; k[v(40,(4*(i))+7)] = ff(ss[4]); \
-}
-
-#define kd4(k,i) \
-{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; \
- ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
- k[v(40,(4*(i))+4)] = ss[4] ^= k[v(40,(4*(i)))]; \
- k[v(40,(4*(i))+5)] = ss[4] ^= k[v(40,(4*(i))+1)]; \
- k[v(40,(4*(i))+6)] = ss[4] ^= k[v(40,(4*(i))+2)]; \
- k[v(40,(4*(i))+7)] = ss[4] ^= k[v(40,(4*(i))+3)]; \
-}
-
-#define kdl4(k,i) \
-{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
- k[v(40,(4*(i))+4)] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; \
- k[v(40,(4*(i))+5)] = ss[1] ^ ss[3]; \
- k[v(40,(4*(i))+6)] = ss[0]; \
- k[v(40,(4*(i))+7)] = ss[1]; \
-}
-
-#else
-
-#define kdf4(k,i) \
-{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ff(ss[0]); \
- ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ff(ss[1]); \
- ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ff(ss[2]); \
- ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ff(ss[3]); \
-}
-
-#define kd4(k,i) \
-{ ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
- ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[v(40,(4*(i))+ 4)] = ss[4] ^= k[v(40,(4*(i)))]; \
- ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[4] ^= k[v(40,(4*(i))+ 1)]; \
- ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[4] ^= k[v(40,(4*(i))+ 2)]; \
- ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[4] ^= k[v(40,(4*(i))+ 3)]; \
-}
-
-#define kdl4(k,i) \
-{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[v(40,(4*(i))+ 4)] = ss[0]; \
- ss[1] ^= ss[0]; k[v(40,(4*(i))+ 5)] = ss[1]; \
- ss[2] ^= ss[1]; k[v(40,(4*(i))+ 6)] = ss[2]; \
- ss[3] ^= ss[2]; k[v(40,(4*(i))+ 7)] = ss[3]; \
-}
-
-#endif
-
-AES_RETURN zrtp_bg_aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
-{ uint_32t ss[5];
-#if defined( d_vars )
- d_vars;
-#endif
- cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
- cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
- cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
- cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
-
-#if DEC_UNROLL == NONE
- { uint_32t i;
- for(i = 0; i < 10; ++i)
- k4e(cx->ks, i);
-#if !(DEC_ROUND == NO_TABLES)
- for(i = N_COLS; i < 10 * N_COLS; ++i)
- cx->ks[i] = inv_mcol(cx->ks[i]);
-#endif
- }
-#else
- kdf4(cx->ks, 0); kd4(cx->ks, 1);
- kd4(cx->ks, 2); kd4(cx->ks, 3);
- kd4(cx->ks, 4); kd4(cx->ks, 5);
- kd4(cx->ks, 6); kd4(cx->ks, 7);
- kd4(cx->ks, 8); kdl4(cx->ks, 9);
-#endif
- cx->inf.l = 0;
- cx->inf.b[0] = 10 * 16;
-
-#ifdef USE_VIA_ACE_IF_PRESENT
- if(VIA_ACE_AVAILABLE)
- cx->inf.b[1] = 0xff;
-#endif
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if defined(AES_192) || defined(AES_VAR)
-
-#define k6ef(k,i) \
-{ k[v(48,(6*(i))+ 6)] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; \
- k[v(48,(6*(i))+ 7)] = ss[1] ^= ss[0]; \
- k[v(48,(6*(i))+ 8)] = ss[2] ^= ss[1]; \
- k[v(48,(6*(i))+ 9)] = ss[3] ^= ss[2]; \
-}
-
-#define k6e(k,i) \
-{ k6ef(k,i); \
- k[v(48,(6*(i))+10)] = ss[4] ^= ss[3]; \
- k[v(48,(6*(i))+11)] = ss[5] ^= ss[4]; \
-}
-
-#define kdf6(k,i) \
-{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ff(ss[0]); \
- ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ff(ss[1]); \
- ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ff(ss[2]); \
- ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ff(ss[3]); \
- ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ff(ss[4]); \
- ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ff(ss[5]); \
-}
-
-#define kd6(k,i) \
-{ ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
- ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[v(48,(6*(i))+ 6)] = ss[6] ^= k[v(48,(6*(i)))]; \
- ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[6] ^= k[v(48,(6*(i))+ 1)]; \
- ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[6] ^= k[v(48,(6*(i))+ 2)]; \
- ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[6] ^= k[v(48,(6*(i))+ 3)]; \
- ss[4] ^= ss[3]; k[v(48,(6*(i))+10)] = ss[6] ^= k[v(48,(6*(i))+ 4)]; \
- ss[5] ^= ss[4]; k[v(48,(6*(i))+11)] = ss[6] ^= k[v(48,(6*(i))+ 5)]; \
-}
-
-#define kdl6(k,i) \
-{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[v(48,(6*(i))+ 6)] = ss[0]; \
- ss[1] ^= ss[0]; k[v(48,(6*(i))+ 7)] = ss[1]; \
- ss[2] ^= ss[1]; k[v(48,(6*(i))+ 8)] = ss[2]; \
- ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
-}
-
-AES_RETURN zrtp_bg_aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
-{ uint_32t ss[7];
-#if defined( d_vars )
- d_vars;
-#endif
- cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
- cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
- cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
- cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
-
-#if DEC_UNROLL == NONE
- cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
- cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
- { uint_32t i;
-
- for(i = 0; i < 7; ++i)
- k6e(cx->ks, i);
- k6ef(cx->ks, 7);
-#if !(DEC_ROUND == NO_TABLES)
- for(i = N_COLS; i < 12 * N_COLS; ++i)
- cx->ks[i] = inv_mcol(cx->ks[i]);
-#endif
- }
-#else
- cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));
- cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));
- kdf6(cx->ks, 0); kd6(cx->ks, 1);
- kd6(cx->ks, 2); kd6(cx->ks, 3);
- kd6(cx->ks, 4); kd6(cx->ks, 5);
- kd6(cx->ks, 6); kdl6(cx->ks, 7);
-#endif
- cx->inf.l = 0;
- cx->inf.b[0] = 12 * 16;
-
-#ifdef USE_VIA_ACE_IF_PRESENT
- if(VIA_ACE_AVAILABLE)
- cx->inf.b[1] = 0xff;
-#endif
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if defined(AES_256) || defined(AES_VAR)
-
-#define k8ef(k,i) \
-{ k[v(56,(8*(i))+ 8)] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; \
- k[v(56,(8*(i))+ 9)] = ss[1] ^= ss[0]; \
- k[v(56,(8*(i))+10)] = ss[2] ^= ss[1]; \
- k[v(56,(8*(i))+11)] = ss[3] ^= ss[2]; \
-}
-
-#define k8e(k,i) \
-{ k8ef(k,i); \
- k[v(56,(8*(i))+12)] = ss[4] ^= ls_box(ss[3],0); \
- k[v(56,(8*(i))+13)] = ss[5] ^= ss[4]; \
- k[v(56,(8*(i))+14)] = ss[6] ^= ss[5]; \
- k[v(56,(8*(i))+15)] = ss[7] ^= ss[6]; \
-}
-
-#define kdf8(k,i) \
-{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ff(ss[0]); \
- ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ff(ss[1]); \
- ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ff(ss[2]); \
- ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ff(ss[3]); \
- ss[4] ^= ls_box(ss[3],0); k[v(56,(8*(i))+12)] = ff(ss[4]); \
- ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ff(ss[5]); \
- ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ff(ss[6]); \
- ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ff(ss[7]); \
-}
-
-#define kd8(k,i) \
-{ ss[8] = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
- ss[0] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+ 8)] = ss[8] ^= k[v(56,(8*(i)))]; \
- ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[8] ^= k[v(56,(8*(i))+ 1)]; \
- ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[8] ^= k[v(56,(8*(i))+ 2)]; \
- ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[8] ^= k[v(56,(8*(i))+ 3)]; \
- ss[8] = ls_box(ss[3],0); \
- ss[4] ^= ss[8]; ss[8] = ff(ss[8]); k[v(56,(8*(i))+12)] = ss[8] ^= k[v(56,(8*(i))+ 4)]; \
- ss[5] ^= ss[4]; k[v(56,(8*(i))+13)] = ss[8] ^= k[v(56,(8*(i))+ 5)]; \
- ss[6] ^= ss[5]; k[v(56,(8*(i))+14)] = ss[8] ^= k[v(56,(8*(i))+ 6)]; \
- ss[7] ^= ss[6]; k[v(56,(8*(i))+15)] = ss[8] ^= k[v(56,(8*(i))+ 7)]; \
-}
-
-#define kdl8(k,i) \
-{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[v(56,(8*(i))+ 8)] = ss[0]; \
- ss[1] ^= ss[0]; k[v(56,(8*(i))+ 9)] = ss[1]; \
- ss[2] ^= ss[1]; k[v(56,(8*(i))+10)] = ss[2]; \
- ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
-}
-
-AES_RETURN zrtp_bg_aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
-{ uint_32t ss[9];
-#if defined( d_vars )
- d_vars;
-#endif
- cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
- cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
- cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
- cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
-
-#if DEC_UNROLL == NONE
- cx->ks[v(56,(4))] = ss[4] = word_in(key, 4);
- cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
- cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
- cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
- { uint_32t i;
-
- for(i = 0; i < 6; ++i)
- k8e(cx->ks, i);
- k8ef(cx->ks, 6);
-#if !(DEC_ROUND == NO_TABLES)
- for(i = N_COLS; i < 14 * N_COLS; ++i)
- cx->ks[i] = inv_mcol(cx->ks[i]);
-
-#endif
- }
-#else
- cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4));
- cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5));
- cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6));
- cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7));
- kdf8(cx->ks, 0); kd8(cx->ks, 1);
- kd8(cx->ks, 2); kd8(cx->ks, 3);
- kd8(cx->ks, 4); kd8(cx->ks, 5);
- kdl8(cx->ks, 6);
-#endif
- cx->inf.l = 0;
- cx->inf.b[0] = 14 * 16;
-
-#ifdef USE_VIA_ACE_IF_PRESENT
- if(VIA_ACE_AVAILABLE)
- cx->inf.b[1] = 0xff;
-#endif
-
-#if defined( AES_ERR_CHK )
- return EXIT_SUCCESS;
-#endif
-}
-
-#endif
-
-#if defined(AES_VAR)
-
-AES_RETURN zrtp_bg_aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
-{
- switch(key_len)
- {
-#if defined( AES_ERR_CHK )
- case 16: case 128: return zrtp_bg_aes_decrypt_key128(key, cx);
- case 24: case 192: return zrtp_bg_aes_decrypt_key192(key, cx);
- case 32: case 256: return zrtp_bg_aes_decrypt_key256(key, cx);
- default: return EXIT_FAILURE;
-#else
- case 16: case 128: zrtp_bg_aes_decrypt_key128(key, cx); return;
- case 24: case 192: zrtp_bg_aes_decrypt_key192(key, cx); return;
- case 32: case 256: zrtp_bg_aes_decrypt_key256(key, cx); return;
-#endif
- }
-}
-
-#endif
-
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-
- This file contains the compilation options for AES (Rijndael) and code
- that is common across encryption, key scheduling and table generation.
-
- OPERATION
-
- These source code files implement the AES algorithm Rijndael designed by
- Joan Daemen and Vincent Rijmen. This version is designed for the standard
- block size of 16 bytes and for key sizes of 128, 192 and 256 bits (16, 24
- and 32 bytes).
-
- This version is designed for flexibility and speed using operations on
- 32-bit words rather than operations on bytes. It can be compiled with
- either big or little endian internal byte order but is faster when the
- native byte order for the processor is used.
-
- THE CIPHER INTERFACE
-
- The cipher interface is implemented as an array of bytes in which lower
- AES bit sequence indexes map to higher numeric significance within bytes.
-
- uint_8t (an unsigned 8-bit type)
- uint_32t (an unsigned 32-bit type)
- struct aes_encrypt_ctx (structure for the cipher encryption context)
- struct aes_decrypt_ctx (structure for the cipher decryption context)
- AES_RETURN the function return type
-
- C subroutine calls:
-
- AES_RETURN zrtp_bg_aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
- AES_RETURN zrtp_bg_aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
- AES_RETURN zrtp_bg_aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
- AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out,
- const aes_encrypt_ctx cx[1]);
-
- AES_RETURN zrtp_bg_aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
- AES_RETURN zrtp_bg_aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
- AES_RETURN zrtp_bg_aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
- AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out,
- const aes_decrypt_ctx cx[1]);
-
- IMPORTANT NOTE: If you are using this C interface with dynamic tables make sure that
- you call zrtp_bg_gen_tabs() before AES is used so that the tables are initialised.
-
- C++ aes class subroutines:
-
- Class AESencrypt for encryption
-
- Construtors:
- AESencrypt(void)
- AESencrypt(const unsigned char *key) - 128 bit key
- Members:
- AES_RETURN key128(const unsigned char *key)
- AES_RETURN key192(const unsigned char *key)
- AES_RETURN key256(const unsigned char *key)
- AES_RETURN encrypt(const unsigned char *in, unsigned char *out) const
-
- Class AESdecrypt for encryption
- Construtors:
- AESdecrypt(void)
- AESdecrypt(const unsigned char *key) - 128 bit key
- Members:
- AES_RETURN key128(const unsigned char *key)
- AES_RETURN key192(const unsigned char *key)
- AES_RETURN key256(const unsigned char *key)
- AES_RETURN decrypt(const unsigned char *in, unsigned char *out) const
-*/
-
-#ifdef _AESOPT_H
- #warning "_AESOPT_H already defined. aesopt.h will not be included"
-#endif
-
-#if !defined( _AESOPT_H )
-#define _AESOPT_H
-
-#if defined( __cplusplus )
-#include "aescpp.h"
-#else
-#include "aes.h"
-#endif
-
-/* PLATFORM SPECIFIC INCLUDES */
-
-//#include "brg_endian.h"
-#include "bg2zrtp.h"
-
-/* CONFIGURATION - THE USE OF DEFINES
-
- Later in this section there are a number of defines that control the
- operation of the code. In each section, the purpose of each define is
- explained so that the relevant form can be included or excluded by
- setting either 1's or 0's respectively on the branches of the related
- #if clauses. The following local defines should not be changed.
-*/
-
-#define ENCRYPTION_IN_C 1
-#define DECRYPTION_IN_C 2
-#define ENC_KEYING_IN_C 4
-#define DEC_KEYING_IN_C 8
-
-#define NO_TABLES 0
-#define ONE_TABLE 1
-#define FOUR_TABLES 4
-#define NONE 0
-#define PARTIAL 1
-#define FULL 2
-
-/* --- START OF USER CONFIGURED OPTIONS --- */
-
-/* 1. BYTE ORDER WITHIN 32 BIT WORDS
-
- The fundamental data processing units in Rijndael are 8-bit bytes. The
- input, output and key input are all enumerated arrays of bytes in which
- bytes are numbered starting at zero and increasing to one less than the
- number of bytes in the array in question. This enumeration is only used
- for naming bytes and does not imply any adjacency or order relationship
- from one byte to another. When these inputs and outputs are considered
- as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
- byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
- In this implementation bits are numbered from 0 to 7 starting at the
- numerically least significant end of each byte (bit n represents 2^n).
-
- However, Rijndael can be implemented more efficiently using 32-bit
- words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
- into word[n]. While in principle these bytes can be assembled into words
- in any positions, this implementation only supports the two formats in
- which bytes in adjacent positions within words also have adjacent byte
- numbers. This order is called big-endian if the lowest numbered bytes
- in words have the highest numeric significance and little-endian if the
- opposite applies.
-
- This code can work in either order irrespective of the order used by the
- machine on which it runs. Normally the internal byte order will be set
- to the order of the processor on which the code is to be run but this
- define can be used to reverse this in special situations
-
- WARNING: Assembler code versions rely on PLATFORM_BYTE_ORDER being set.
- This define will hence be redefined later (in section 4) if necessary
-*/
-
-#if 1
-#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
-#elif 0
-#define ALGORITHM_BYTE_ORDER IS_LITTLE_ENDIAN
-#elif 0
-#define ALGORITHM_BYTE_ORDER IS_BIG_ENDIAN
-#else
-#error The algorithm byte order is not defined
-#endif
-
-/* 2. VIA ACE SUPPORT
-
- Define this option if support for the VIA ACE is required. This uses
- inline assembler instructions and is only implemented for the Microsoft,
- Intel and GCC compilers. If VIA ACE is known to be present, then defining
- ASSUME_VIA_ACE_PRESENT will remove the ordinary encryption/decryption
- code. If USE_VIA_ACE_IF_PRESENT is defined then VIA ACE will be used if
- it is detected (both present and enabled) but the normal AES code will
- also be present.
-
- When VIA ACE is to be used, all AES encryption contexts MUST be 16 byte
- aligned; other input/output buffers do not need to be 16 byte aligned
- but there are very large performance gains if this can be arranged.
- VIA ACE also requires the decryption key schedule to be in reverse
- order (which later checks below ensure).
-*/
-
-#if 0 && !defined( USE_VIA_ACE_IF_PRESENT )
-# define USE_VIA_ACE_IF_PRESENT
-#endif
-
-#if 0 && !defined( ASSUME_VIA_ACE_PRESENT )
-# define ASSUME_VIA_ACE_PRESENT
-# endif
-
-#if defined ( _WIN64 ) || defined( _WIN32_WCE ) || \
- defined( _MSC_VER ) && ( _MSC_VER <= 800 )
-# if defined( USE_VIA_ACE_IF_PRESENT )
-# undef USE_VIA_ACE_IF_PRESENT
-# endif
-# if defined( ASSUME_VIA_ACE_PRESENT )
-# undef ASSUME_VIA_ACE_PRESENT
-# endif
-#endif
-
-/* 3. ASSEMBLER SUPPORT
-
- This define (which can be on the command line) enables the use of the
- assembler code routines for encryption, decryption and key scheduling
- as follows:
-
- ASM_X86_V1C uses the assembler (aes_x86_v1.asm) with large tables for
- encryption and decryption and but with key scheduling in C
- ASM_X86_V2 uses assembler (aes_x86_v2.asm) with compressed tables for
- encryption, decryption and key scheduling
- ASM_X86_V2C uses assembler (aes_x86_v2.asm) with compressed tables for
- encryption and decryption and but with key scheduling in C
- ASM_AMD64_C uses assembler (aes_amd64.asm) with compressed tables for
- encryption and decryption and but with key scheduling in C
-
- Change one 'if 0' below to 'if 1' to select the version or define
- as a compilation option.
-*/
-
-#if 0 && !defined( ASM_X86_V1C )
-# define ASM_X86_V1C
-#elif 0 && !defined( ASM_X86_V2 )
-# define ASM_X86_V2
-#elif 0 && !defined( ASM_X86_V2C )
-# define ASM_X86_V2C
-#elif 0 && !defined( ASM_AMD64_C )
-# define ASM_AMD64_C
-#endif
-
-#if (defined ( ASM_X86_V1C ) || defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )) \
- && !defined( _M_IX86 ) || defined( ASM_AMD64_C ) && !defined( _M_X64 )
-# error Assembler code is only available for x86 and AMD64 systems
-#endif
-
-/* 4. FAST INPUT/OUTPUT OPERATIONS.
-
- On some machines it is possible to improve speed by transferring the
- bytes in the input and output arrays to and from the internal 32-bit
- variables by addressing these arrays as if they are arrays of 32-bit
- words. On some machines this will always be possible but there may
- be a large performance penalty if the byte arrays are not aligned on
- the normal word boundaries. On other machines this technique will
- lead to memory access errors when such 32-bit word accesses are not
- properly aligned. The option SAFE_IO avoids such problems but will
- often be slower on those machines that support misaligned access
- (especially so if care is taken to align the input and output byte
- arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
- assumed that access to byte arrays as if they are arrays of 32-bit
- words will not cause problems when such accesses are misaligned.
-*/
-#if 1 && !defined( _MSC_VER )
-#define SAFE_IO
-#endif
-
-/* 5. LOOP UNROLLING
-
- The code for encryption and decrytpion cycles through a number of rounds
- that can be implemented either in a loop or by expanding the code into a
- long sequence of instructions, the latter producing a larger program but
- one that will often be much faster. The latter is called loop unrolling.
- There are also potential speed advantages in expanding two iterations in
- a loop with half the number of iterations, which is called partial loop
- unrolling. The following options allow partial or full loop unrolling
- to be set independently for encryption and decryption
-*/
-#if 1
-#define ENC_UNROLL FULL
-#elif 0
-#define ENC_UNROLL PARTIAL
-#else
-#define ENC_UNROLL NONE
-#endif
-
-#if 1
-#define DEC_UNROLL FULL
-#elif 0
-#define DEC_UNROLL PARTIAL
-#else
-#define DEC_UNROLL NONE
-#endif
-
-/* 6. FAST FINITE FIELD OPERATIONS
-
- If this section is included, tables are used to provide faster finite
- field arithmetic (this has no effect if FIXED_TABLES is defined).
-*/
-#if 1
-#define FF_TABLES
-#endif
-
-/* 7. INTERNAL STATE VARIABLE FORMAT
-
- The internal state of Rijndael is stored in a number of local 32-bit
- word varaibles which can be defined either as an array or as individual
- names variables. Include this section if you want to store these local
- varaibles in arrays. Otherwise individual local variables will be used.
-*/
-#if 1
-#define ARRAYS
-#endif
-
-/* 8. FIXED OR DYNAMIC TABLES
-
- When this section is included the tables used by the code are compiled
- statically into the binary file. Otherwise the subroutine zrtp_bg_gen_tabs()
- must be called to compute them before the code is first used.
-*/
-#if 1 && !(defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
-#define FIXED_TABLES
-#endif
-
-/* 9. TABLE ALIGNMENT
-
- On some sytsems speed will be improved by aligning the AES large lookup
- tables on particular boundaries. This define should be set to a power of
- two giving the desired alignment. It can be left undefined if alignment
- is not needed. This option is specific to the Microsft VC++ compiler -
- it seems to sometimes cause trouble for the VC++ version 6 compiler.
-*/
-
-#if 1 && defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
-#define TABLE_ALIGN 32
-#endif
-
-/* 10. TABLE OPTIONS
-
- This cipher proceeds by repeating in a number of cycles known as 'rounds'
- which are implemented by a round function which can optionally be speeded
- up using tables. The basic tables are each 256 32-bit words, with either
- one or four tables being required for each round function depending on
- how much speed is required. The encryption and decryption round functions
- are different and the last encryption and decrytpion round functions are
- different again making four different round functions in all.
-
- This means that:
- 1. Normal encryption and decryption rounds can each use either 0, 1
- or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
- 2. The last encryption and decryption rounds can also use either 0, 1
- or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
-
- Include or exclude the appropriate definitions below to set the number
- of tables used by this implementation.
-*/
-
-#if 1 /* set tables for the normal encryption round */
-#define ENC_ROUND FOUR_TABLES
-#elif 0
-#define ENC_ROUND ONE_TABLE
-#else
-#define ENC_ROUND NO_TABLES
-#endif
-
-#if 1 /* set tables for the last encryption round */
-#define LAST_ENC_ROUND FOUR_TABLES
-#elif 0
-#define LAST_ENC_ROUND ONE_TABLE
-#else
-#define LAST_ENC_ROUND NO_TABLES
-#endif
-
-#if 1 /* set tables for the normal decryption round */
-#define DEC_ROUND FOUR_TABLES
-#elif 0
-#define DEC_ROUND ONE_TABLE
-#else
-#define DEC_ROUND NO_TABLES
-#endif
-
-#if 1 /* set tables for the last decryption round */
-#define LAST_DEC_ROUND FOUR_TABLES
-#elif 0
-#define LAST_DEC_ROUND ONE_TABLE
-#else
-#define LAST_DEC_ROUND NO_TABLES
-#endif
-
-/* The decryption key schedule can be speeded up with tables in the same
- way that the round functions can. Include or exclude the following
- defines to set this requirement.
-*/
-#if 1
-#define KEY_SCHED FOUR_TABLES
-#elif 0
-#define KEY_SCHED ONE_TABLE
-#else
-#define KEY_SCHED NO_TABLES
-#endif
-
-/* ---- END OF USER CONFIGURED OPTIONS ---- */
-
-/* VIA ACE support is only available for VC++ and GCC */
-
-#if !defined( _MSC_VER ) && !defined( __GNUC__ )
-# if defined( ASSUME_VIA_ACE_PRESENT )
-# undef ASSUME_VIA_ACE_PRESENT
-# endif
-# if defined( USE_VIA_ACE_IF_PRESENT )
-# undef USE_VIA_ACE_IF_PRESENT
-# endif
-#endif
-
-#if defined( ASSUME_VIA_ACE_PRESENT ) && !defined( USE_VIA_ACE_IF_PRESENT )
-#define USE_VIA_ACE_IF_PRESENT
-#endif
-
-#if defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS )
-#define AES_REV_DKS
-#endif
-
-/* Assembler support requires the use of platform byte order */
-
-#if ( defined( ASM_X86_V1C ) || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) ) \
- && (ALGORITHM_BYTE_ORDER != PLATFORM_BYTE_ORDER)
-#undef ALGORITHM_BYTE_ORDER
-#define ALGORITHM_BYTE_ORDER PLATFORM_BYTE_ORDER
-#endif
-
-/* In this implementation the columns of the state array are each held in
- 32-bit words. The state array can be held in various ways: in an array
- of words, in a number of individual word variables or in a number of
- processor registers. The following define maps a variable name x and
- a column number c to the way the state array variable is to be held.
- The first define below maps the state into an array x[c] whereas the
- second form maps the state into a number of individual variables x0,
- x1, etc. Another form could map individual state colums to machine
- register names.
-*/
-
-#if defined( ARRAYS )
-#define s(x,c) x[c]
-#else
-#define s(x,c) x##c
-#endif
-
-/* This implementation provides subroutines for encryption, decryption
- and for setting the three key lengths (separately) for encryption
- and decryption. Since not all functions are needed, masks are set
- up here to determine which will be implemented in C
-*/
-
-#if !defined( AES_ENCRYPT )
-# define EFUNCS_IN_C 0
-#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \
- || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
-# define EFUNCS_IN_C ENC_KEYING_IN_C
-#elif !defined( ASM_X86_V2 )
-# define EFUNCS_IN_C ( ENCRYPTION_IN_C | ENC_KEYING_IN_C )
-#else
-# define EFUNCS_IN_C 0
-#endif
-
-#if !defined( AES_DECRYPT )
-# define DFUNCS_IN_C 0
-#elif defined( ASSUME_VIA_ACE_PRESENT ) || defined( ASM_X86_V1C ) \
- || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C )
-# define DFUNCS_IN_C DEC_KEYING_IN_C
-#elif !defined( ASM_X86_V2 )
-# define DFUNCS_IN_C ( DECRYPTION_IN_C | DEC_KEYING_IN_C )
-#else
-# define DFUNCS_IN_C 0
-#endif
-
-#define FUNCS_IN_C ( EFUNCS_IN_C | DFUNCS_IN_C )
-
-/* END OF CONFIGURATION OPTIONS */
-
-#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))
-
-/* Disable or report errors on some combinations of options */
-
-#if ENC_ROUND == NO_TABLES && LAST_ENC_ROUND != NO_TABLES
-#undef LAST_ENC_ROUND
-#define LAST_ENC_ROUND NO_TABLES
-#elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
-#undef LAST_ENC_ROUND
-#define LAST_ENC_ROUND ONE_TABLE
-#endif
-
-#if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
-#undef ENC_UNROLL
-#define ENC_UNROLL NONE
-#endif
-
-#if DEC_ROUND == NO_TABLES && LAST_DEC_ROUND != NO_TABLES
-#undef LAST_DEC_ROUND
-#define LAST_DEC_ROUND NO_TABLES
-#elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
-#undef LAST_DEC_ROUND
-#define LAST_DEC_ROUND ONE_TABLE
-#endif
-
-#if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
-#undef DEC_UNROLL
-#define DEC_UNROLL NONE
-#endif
-
-#if defined( bswap32 )
-#define aes_sw32 bswap32
-#elif defined( bswap_32 )
-#define aes_sw32 bswap_32
-#else
-#define brot(x,n) (((uint_32t)(x) << n) | ((uint_32t)(x) >> (32 - n)))
-#define aes_sw32(x) ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00))
-#endif
-
-/* upr(x,n): rotates bytes within words by n positions, moving bytes to
- higher index positions with wrap around into low positions
- ups(x,n): moves bytes by n positions to higher index positions in
- words but without wrap around
- bval(x,n): extracts a byte from a word
-
- WARNING: The definitions given here are intended only for use with
- unsigned variables and with shift counts that are compile
- time constants
-*/
-
-#if ( ALGORITHM_BYTE_ORDER == IS_LITTLE_ENDIAN )
-#define upr(x,n) (((uint_32t)(x) << (8 * (n))) | ((uint_32t)(x) >> (32 - 8 * (n))))
-#define ups(x,n) ((uint_32t) (x) << (8 * (n)))
-#define bval(x,n) ((uint_8t)((x) >> (8 * (n))))
-#define bytes2word(b0, b1, b2, b3) \
- (((uint_32t)(b3) << 24) | ((uint_32t)(b2) << 16) | ((uint_32t)(b1) << 8) | (b0))
-#endif
-
-#if ( ALGORITHM_BYTE_ORDER == IS_BIG_ENDIAN )
-#define upr(x,n) (((uint_32t)(x) >> (8 * (n))) | ((uint_32t)(x) << (32 - 8 * (n))))
-#define ups(x,n) ((uint_32t) (x) >> (8 * (n)))
-#define bval(x,n) ((uint_8t)((x) >> (24 - 8 * (n))))
-#define bytes2word(b0, b1, b2, b3) \
- (((uint_32t)(b0) << 24) | ((uint_32t)(b1) << 16) | ((uint_32t)(b2) << 8) | (b3))
-#endif
-
-#if defined( SAFE_IO )
-
-#define word_in(x,c) bytes2word(((const uint_8t*)(x)+4*c)[0], ((const uint_8t*)(x)+4*c)[1], \
- ((const uint_8t*)(x)+4*c)[2], ((const uint_8t*)(x)+4*c)[3])
-#define word_out(x,c,v) { ((uint_8t*)(x)+4*c)[0] = bval(v,0); ((uint_8t*)(x)+4*c)[1] = bval(v,1); \
- ((uint_8t*)(x)+4*c)[2] = bval(v,2); ((uint_8t*)(x)+4*c)[3] = bval(v,3); }
-
-#elif ( ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER )
-
-#define word_in(x,c) (*((uint_32t*)(x)+(c)))
-#define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = (v))
-
-#else
-
-#define word_in(x,c) aes_sw32(*((uint_32t*)(x)+(c)))
-#define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = aes_sw32(v))
-
-#endif
-
-/* the finite field modular polynomial and elements */
-
-#define WPOLY 0x011b
-#define BPOLY 0x1b
-
-/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
-
-#define m1 0x80808080
-#define m2 0x7f7f7f7f
-#define gf_mulx(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY))
-
-/* The following defines provide alternative definitions of gf_mulx that might
- give improved performance if a fast 32-bit multiply is not available. Note
- that a temporary variable u needs to be defined where gf_mulx is used.
-
-#define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
-#define m4 (0x01010101 * BPOLY)
-#define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
-*/
-
-/* Work out which tables are needed for the different options */
-
-#if defined( ASM_X86_V1C )
-#if defined( ENC_ROUND )
-#undef ENC_ROUND
-#endif
-#define ENC_ROUND FOUR_TABLES
-#if defined( LAST_ENC_ROUND )
-#undef LAST_ENC_ROUND
-#endif
-#define LAST_ENC_ROUND FOUR_TABLES
-#if defined( DEC_ROUND )
-#undef DEC_ROUND
-#endif
-#define DEC_ROUND FOUR_TABLES
-#if defined( LAST_DEC_ROUND )
-#undef LAST_DEC_ROUND
-#endif
-#define LAST_DEC_ROUND FOUR_TABLES
-#if defined( KEY_SCHED )
-#undef KEY_SCHED
-#define KEY_SCHED FOUR_TABLES
-#endif
-#endif
-
-#if ( FUNCS_IN_C & ENCRYPTION_IN_C ) || defined( ASM_X86_V1C )
-#if ENC_ROUND == ONE_TABLE
-#define FT1_SET
-#elif ENC_ROUND == FOUR_TABLES
-#define FT4_SET
-#else
-#define SBX_SET
-#endif
-#if LAST_ENC_ROUND == ONE_TABLE
-#define FL1_SET
-#elif LAST_ENC_ROUND == FOUR_TABLES
-#define FL4_SET
-#elif !defined( SBX_SET )
-#define SBX_SET
-#endif
-#endif
-
-#if ( FUNCS_IN_C & DECRYPTION_IN_C ) || defined( ASM_X86_V1C )
-#if DEC_ROUND == ONE_TABLE
-#define IT1_SET
-#elif DEC_ROUND == FOUR_TABLES
-#define IT4_SET
-#else
-#define ISB_SET
-#endif
-#if LAST_DEC_ROUND == ONE_TABLE
-#define IL1_SET
-#elif LAST_DEC_ROUND == FOUR_TABLES
-#define IL4_SET
-#elif !defined(ISB_SET)
-#define ISB_SET
-#endif
-#endif
-
-#if (FUNCS_IN_C & ENC_KEYING_IN_C) || (FUNCS_IN_C & DEC_KEYING_IN_C)
-#if KEY_SCHED == ONE_TABLE
-#define LS1_SET
-#elif KEY_SCHED == FOUR_TABLES
-#define LS4_SET
-#elif !defined( SBX_SET )
-#define SBX_SET
-#endif
-#endif
-
-#if (FUNCS_IN_C & DEC_KEYING_IN_C)
-#if KEY_SCHED == ONE_TABLE
-#define IM1_SET
-#elif KEY_SCHED == FOUR_TABLES
-#define IM4_SET
-#elif !defined( SBX_SET )
-#define SBX_SET
-#endif
-#endif
-
-/* generic definitions of Rijndael macros that use tables */
-
-#define no_table(x,box,vf,rf,c) bytes2word( \
- box[bval(vf(x,0,c),rf(0,c))], \
- box[bval(vf(x,1,c),rf(1,c))], \
- box[bval(vf(x,2,c),rf(2,c))], \
- box[bval(vf(x,3,c),rf(3,c))])
-
-#define one_table(x,op,tab,vf,rf,c) \
- ( tab[bval(vf(x,0,c),rf(0,c))] \
- ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \
- ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \
- ^ op(tab[bval(vf(x,3,c),rf(3,c))],3))
-
-#define four_tables(x,tab,vf,rf,c) \
- ( tab[0][bval(vf(x,0,c),rf(0,c))] \
- ^ tab[1][bval(vf(x,1,c),rf(1,c))] \
- ^ tab[2][bval(vf(x,2,c),rf(2,c))] \
- ^ tab[3][bval(vf(x,3,c),rf(3,c))])
-
-#define vf1(x,r,c) (x)
-#define rf1(r,c) (r)
-#define rf2(r,c) ((8+r-c)&3)
-
-/* perform forward and inverse column mix operation on four bytes in long word x in */
-/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */
-
-#if defined( FM4_SET ) /* not currently used */
-#define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0)
-#elif defined( FM1_SET ) /* not currently used */
-#define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0)
-#else
-#define dec_fmvars uint_32t g2
-#define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
-#endif
-
-#if defined( IM4_SET )
-#define inv_mcol(x) four_tables(x,t_use(i,m),vf1,rf1,0)
-#elif defined( IM1_SET )
-#define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0)
-#else
-#define dec_imvars uint_32t g2, g4, g9
-#define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
- (x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
-#endif
-
-#if defined( FL4_SET )
-#define ls_box(x,c) four_tables(x,t_use(f,l),vf1,rf2,c)
-#elif defined( LS4_SET )
-#define ls_box(x,c) four_tables(x,t_use(l,s),vf1,rf2,c)
-#elif defined( FL1_SET )
-#define ls_box(x,c) one_table(x,upr,t_use(f,l),vf1,rf2,c)
-#elif defined( LS1_SET )
-#define ls_box(x,c) one_table(x,upr,t_use(l,s),vf1,rf2,c)
-#else
-#define ls_box(x,c) no_table(x,t_use(s,box),vf1,rf2,c)
-#endif
-
-#if defined( ASM_X86_V1C ) && defined( AES_DECRYPT ) && !defined( ISB_SET )
-#define ISB_SET
-#endif
-
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-*/
-
-#define DO_TABLES
-
-#include "aes.h"
-#include "aesopt.h"
-
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-
-//[winfix]
-#if 0
-#if ZRTP_PLATFORM != ZP_WIN32 && ZRTP_PLATFORM != ZP_WIN32_KERNEL
-#ifndef FIXED_TABLES
- #warning "FIXED_TABLES isn't defined. Use dynamic tables."
-#else
- #warning "FIXED_TABLES is defined. Use static tables."
-#endif
-#endif
-#endif
-
-#if defined(FIXED_TABLES)
-
-#define sb_data(w) {\
- w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
- w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
- w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
- w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
- w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
- w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
- w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
- w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
- w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
- w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
- w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
- w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
- w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
- w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
- w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
- w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
- w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
- w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
- w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
- w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
- w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
- w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
- w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
- w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
- w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
- w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
- w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
- w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
- w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
- w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
- w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
- w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
-
-#define isb_data(w) {\
- w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
- w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
- w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
- w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
- w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
- w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
- w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
- w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
- w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
- w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
- w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
- w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
- w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
- w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
- w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
- w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
- w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
- w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
- w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
- w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
- w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
- w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
- w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
- w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
- w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
- w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
- w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
- w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
- w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
- w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
- w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
- w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
-
-#define mm_data(w) {\
- w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
- w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
- w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
- w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
- w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
- w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
- w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
- w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
- w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
- w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
- w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
- w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
- w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
- w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
- w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
- w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
- w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
- w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
- w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
- w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
- w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
- w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
- w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
- w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
- w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
- w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
- w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
- w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
- w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
- w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
- w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
- w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
-
-#define rc_data(w) {\
- w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
- w(0x1b), w(0x36) }
-
-#define h0(x) (x)
-
-#define w0(p) bytes2word(p, 0, 0, 0)
-#define w1(p) bytes2word(0, p, 0, 0)
-#define w2(p) bytes2word(0, 0, p, 0)
-#define w3(p) bytes2word(0, 0, 0, p)
-
-#define u0(p) bytes2word(f2(p), p, p, f3(p))
-#define u1(p) bytes2word(f3(p), f2(p), p, p)
-#define u2(p) bytes2word(p, f3(p), f2(p), p)
-#define u3(p) bytes2word(p, p, f3(p), f2(p))
-
-#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
-#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
-#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
-#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
-
-#endif
-
-#if defined(FIXED_TABLES) || !defined(FF_TABLES)
-
-#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
-#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
-#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
- ^ (((x>>5) & 4) * WPOLY))
-#define f3(x) (f2(x) ^ x)
-#define f9(x) (f8(x) ^ x)
-#define fb(x) (f8(x) ^ f2(x) ^ x)
-#define fd(x) (f8(x) ^ f4(x) ^ x)
-#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
-
-#else
-
-#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
-#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
-#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
-#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
-#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
-#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
-#define fi(x) ((x) ? pow[ 255 - log[x]] : 0)
-
-#endif
-
-#include "aestab.h"
-
-#if defined(FIXED_TABLES)
-
-/* implemented in case of wrong call for fixed tables */
-
-AES_RETURN zrtp_bg_gen_tabs(void)
-{
- return EXIT_SUCCESS;
-}
-
-#else /* dynamic table generation */
-
-#if !defined(FF_TABLES)
-
-/* Generate the tables for the dynamic table option
-
- It will generally be sensible to use tables to compute finite
- field multiplies and inverses but where memory is scarse this
- code might sometimes be better. But it only has effect during
- initialisation so its pretty unimportant in overall terms.
-*/
-
-/* return 2 ^ (n - 1) where n is the bit number of the highest bit
- set in x with x in the range 1 < x < 0x00000200. This form is
- used so that locals within fi can be bytes rather than words
-*/
-
-static uint_8t hibit(const uint_32t x)
-{ uint_8t r = (uint_8t)((x >> 1) | (x >> 2));
-
- r |= (r >> 2);
- r |= (r >> 4);
- return (r + 1) >> 1;
-}
-
-/* return the inverse of the finite field element x */
-
-static uint_8t fi(const uint_8t x)
-{ uint_8t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
-
- if(x < 2) return x;
-
- for(;;)
- {
- if(!n1) return v1;
-
- while(n2 >= n1)
- {
- n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
- }
-
- if(!n2) return v2;
-
- while(n1 >= n2)
- {
- n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
- }
- }
-}
-
-#endif
-
-/* The forward and inverse affine transformations used in the S-box */
-
-#define fwd_affine(x) \
- (w = (uint_32t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(uint_8t)(w^(w>>8)))
-
-#define inv_affine(x) \
- (w = (uint_32t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(uint_8t)(w^(w>>8)))
-
-static int init = 0;
-
-AES_RETURN zrtp_bg_gen_tabs(void)
-{ uint_32t i, w;
-#if defined(FF_TABLES)
-
- uint_8t pow[512], log[256];
-
- if(init)
- return EXIT_SUCCESS;
- /* log and power tables for GF(2^8) finite field with
- WPOLY as modular polynomial - the simplest primitive
- root is 0x03, used here to generate the tables
- */
-
- i = 0; w = 1;
- do
- {
- pow[i] = (uint_8t)w;
- pow[i + 255] = (uint_8t)w;
- log[w] = (uint_8t)i++;
- w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
- }
- while (w != 1);
-
-#else
- if(init)
- return EXIT_SUCCESS;
-#endif
-
- for(i = 0, w = 1; i < RC_LENGTH; ++i)
- {
- t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
- w = f2(w);
- }
-
- for(i = 0; i < 256; ++i)
- { uint_8t b;
-
- b = fwd_affine(fi((uint_8t)i));
- w = bytes2word(f2(b), b, b, f3(b));
-
-#if defined( SBX_SET )
- t_set(s,box)[i] = b;
-#endif
-
-#if defined( FT1_SET ) /* tables for a normal encryption round */
- t_set(f,n)[i] = w;
-#endif
-#if defined( FT4_SET )
- t_set(f,n)[0][i] = w;
- t_set(f,n)[1][i] = upr(w,1);
- t_set(f,n)[2][i] = upr(w,2);
- t_set(f,n)[3][i] = upr(w,3);
-#endif
- w = bytes2word(b, 0, 0, 0);
-
-#if defined( FL1_SET ) /* tables for last encryption round (may also */
- t_set(f,l)[i] = w; /* be used in the key schedule) */
-#endif
-#if defined( FL4_SET )
- t_set(f,l)[0][i] = w;
- t_set(f,l)[1][i] = upr(w,1);
- t_set(f,l)[2][i] = upr(w,2);
- t_set(f,l)[3][i] = upr(w,3);
-#endif
-
-#if defined( LS1_SET ) /* table for key schedule if t_set(f,l) above is */
- t_set(l,s)[i] = w; /* not of the required form */
-#endif
-#if defined( LS4_SET )
- t_set(l,s)[0][i] = w;
- t_set(l,s)[1][i] = upr(w,1);
- t_set(l,s)[2][i] = upr(w,2);
- t_set(l,s)[3][i] = upr(w,3);
-#endif
-
- b = fi(inv_affine((uint_8t)i));
- w = bytes2word(fe(b), f9(b), fd(b), fb(b));
-
-#if defined( IM1_SET ) /* tables for the inverse mix column operation */
- t_set(i,m)[b] = w;
-#endif
-#if defined( IM4_SET )
- t_set(i,m)[0][b] = w;
- t_set(i,m)[1][b] = upr(w,1);
- t_set(i,m)[2][b] = upr(w,2);
- t_set(i,m)[3][b] = upr(w,3);
-#endif
-
-#if defined( ISB_SET )
- t_set(i,box)[i] = b;
-#endif
-#if defined( IT1_SET ) /* tables for a normal decryption round */
- t_set(i,n)[i] = w;
-#endif
-#if defined( IT4_SET )
- t_set(i,n)[0][i] = w;
- t_set(i,n)[1][i] = upr(w,1);
- t_set(i,n)[2][i] = upr(w,2);
- t_set(i,n)[3][i] = upr(w,3);
-#endif
- w = bytes2word(b, 0, 0, 0);
-#if defined( IL1_SET ) /* tables for last decryption round */
- t_set(i,l)[i] = w;
-#endif
-#if defined( IL4_SET )
- t_set(i,l)[0][i] = w;
- t_set(i,l)[1][i] = upr(w,1);
- t_set(i,l)[2][i] = upr(w,2);
- t_set(i,l)[3][i] = upr(w,3);
-#endif
- }
- init = 1;
- return EXIT_SUCCESS;
-}
-
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-
- This file contains the code for declaring the tables needed to implement
- AES. The file aesopt.h is assumed to be included before this header file.
- If there are no global variables, the definitions here can be used to put
- the AES tables in a structure so that a pointer can then be added to the
- AES context to pass them to the AES routines that need them. If this
- facility is used, the calling program has to ensure that this pointer is
- managed appropriately. In particular, the value of the t_dec(in,it) item
- in the table structure must be set to zero in order to ensure that the
- tables are initialised. In practice the three code sequences in aeskey.c
- that control the calls to zrtp_bg_gen_tabs() and the gen_tabs() routine itself will
- have to be changed for a specific implementation. If global variables are
- available it will generally be preferable to use them with the precomputed
- FIXED_TABLES option that uses static global tables.
-
- The following defines can be used to control the way the tables
- are defined, initialised and used in embedded environments that
- require special features for these purposes
-
- the 't_dec' construction is used to declare fixed table arrays
- the 't_set' construction is used to set fixed table values
- the 't_use' construction is used to access fixed table values
-
- 256 byte tables:
-
- t_xxx(s,box) => forward S box
- t_xxx(i,box) => inverse S box
-
- 256 32-bit word OR 4 x 256 32-bit word tables:
-
- t_xxx(f,n) => forward normal round
- t_xxx(f,l) => forward last round
- t_xxx(i,n) => inverse normal round
- t_xxx(i,l) => inverse last round
- t_xxx(l,s) => key schedule table
- t_xxx(i,m) => key schedule table
-
- Other variables and tables:
-
- t_xxx(r,c) => the rcon table
-*/
-
-#if !defined( _AESTAB_H )
-#define _AESTAB_H
-
-#define t_dec(m,n) zrtp_bg_t_##m##n
-#define t_set(m,n) zrtp_bg_t_##m##n
-#define t_use(m,n) zrtp_bg_t_##m##n
-
-#if defined(FIXED_TABLES)
-# if defined( __MSDOS__ ) || defined( __WIN16__ )
-/* make tables far data to avoid using too much DGROUP space (PG) */
-# define CONST const far
-# else
-# define CONST const
-# endif
-#else
-# define CONST
-#endif
-
-#if defined(DO_TABLES)
-#define EXTERN
-#else
-#define EXTERN extern
-#endif
-
-#if defined(_MSC_VER) && defined(TABLE_ALIGN)
-#define ALIGN __declspec(align(TABLE_ALIGN))
-#else
-#define ALIGN
-#endif
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#if defined( __WATCOMC__ ) && ( __WATCOMC__ >= 1100 )
-# define XP_DIR __cdecl
-#else
-# define XP_DIR
-#endif
-
-#if defined(DO_TABLES) && defined(FIXED_TABLES)
-#define d_1(t,n,b,e) ALIGN CONST XP_DIR t n[256] = b(e)
-#define d_4(t,n,b,e,f,g,h) ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) }
-EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
-#else
-#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256]
-#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256]
-EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH];
-#endif
-
-#if defined( SBX_SET )
- d_1(uint_8t, t_dec(s,box), sb_data, h0);
-#endif
-#if defined( ISB_SET )
- d_1(uint_8t, t_dec(i,box), isb_data, h0);
-#endif
-
-#if defined( FT1_SET )
- d_1(uint_32t, t_dec(f,n), sb_data, u0);
-#endif
-#if defined( FT4_SET )
- d_4(uint_32t, t_dec(f,n), sb_data, u0, u1, u2, u3);
-#endif
-
-#if defined( FL1_SET )
- d_1(uint_32t, t_dec(f,l), sb_data, w0);
-#endif
-#if defined( FL4_SET )
- d_4(uint_32t, t_dec(f,l), sb_data, w0, w1, w2, w3);
-#endif
-
-#if defined( IT1_SET )
- d_1(uint_32t, t_dec(i,n), isb_data, v0);
-#endif
-#if defined( IT4_SET )
- d_4(uint_32t, t_dec(i,n), isb_data, v0, v1, v2, v3);
-#endif
-
-#if defined( IL1_SET )
- d_1(uint_32t, t_dec(i,l), isb_data, w0);
-#endif
-#if defined( IL4_SET )
- d_4(uint_32t, t_dec(i,l), isb_data, w0, w1, w2, w3);
-#endif
-
-#if defined( LS1_SET )
-#if defined( FL1_SET )
-#undef LS1_SET
-#else
- d_1(uint_32t, t_dec(l,s), sb_data, w0);
-#endif
-#endif
-
-#if defined( LS4_SET )
-#if defined( FL4_SET )
-#undef LS4_SET
-#else
- d_4(uint_32t, t_dec(l,s), sb_data, w0, w1, w2, w3);
-#endif
-#endif
-
-#if defined( IM1_SET )
- d_1(uint_32t, t_dec(i,m), mm_data, v0);
-#endif
-#if defined( IM4_SET )
- d_4(uint_32t, t_dec(i,m), mm_data, v0, v1, v2, v3);
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2006-2008 Philip R. Zimmermann. All rights reserved.
- * Contact: http://www.philzimmermann.com
- * For licensing and other legal details, see the file zrtp_legal.c.
- *
- * Viktor Krikun <v.krikun@soft-industry.com> <v.krikun@gmail.com>
- */
-
-#ifndef __BG2ZRTP_H__
-#define __BG2ZRTP_H__
-
-/* Define platform byte order for Brian Gladman's AES */
-#include "zrtp_config.h"
-
-#define IS_BIG_ENDIAN 4321
-#define IS_LITTLE_ENDIAN 1234
-
-
-#if ZRTP_BYTE_ORDER == ZBO_LITTLE_ENDIAN
- #define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#elif ZRTP_BYTE_ORDER == ZBO_BIG_ENDIAN
- #define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#else
- #error "Can't define byte order for BG AES. Edit zrtp_system.h"
-#endif
-
-
-/* Define integers for Brian Gladman's AES */
-
-#define BRG_UI8
-typedef uint8_t uint_8t;
-
-#define BRG_UI16
-typedef uint16_t uint_16t;
-
-#define BRG_UI32
-//typedef uint32_t uint_32t;
-typedef unsigned int uint_32t;
-
-#define BRG_UI64
-typedef uint64_t uint_64t;
-
-
-#endif /*__BG2ZRTP_H__*/
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue 09/09/2006
-
- The unsigned integer types defined here are of the form uint_<nn>t where
- <nn> is the length of the type; for example, the unsigned 32-bit type is
- 'uint_32t'. These are NOT the same as the 'C99 integer types' that are
- defined in the inttypes.h and stdint.h headers since attempts to use these
- types have shown that support for them is still highly variable. However,
- since the latter are of the form uint<nn>_t, a regular expression search
- and replace (in VC++ search on 'uint_{:z}t' and replace with 'uint\1_t')
- can be used to convert the types used here to the C99 standard types.
-*/
-
-#ifndef BRG_TYPES_H
-#define BRG_TYPES_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "bg2zrtp.h"
-//#include <limits.h>
-
-
-#ifndef BRG_UI8
-# define BRG_UI8
-# if UCHAR_MAX == 255u
- typedef unsigned char uint_8t;
-# else
-# error Please define uint_8t as an 8-bit unsigned integer type in brg_types.h
-# endif
-#endif
-
-#ifndef BRG_UI16
-# define BRG_UI16
-# if USHRT_MAX == 65535u
- typedef unsigned short uint_16t;
-# else
-# error Please define uint_16t as a 16-bit unsigned short type in brg_types.h
-# endif
-#endif
-
-#ifndef BRG_UI32
-# define BRG_UI32
-# if UINT_MAX == 4294967295u
-# define li_32(h) 0x##h##u
- typedef unsigned int uint_32t;
-# elif ULONG_MAX == 4294967295u
-# define li_32(h) 0x##h##ul
- typedef unsigned long uint_32t;
-# elif defined( _CRAY )
-# error This code needs 32-bit data types, which Cray machines do not provide
-# else
-# error Please define uint_32t as a 32-bit unsigned integer type in brg_types.h
-# endif
-#endif
-
-#ifndef BRG_UI64
-# if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
-# define BRG_UI64
-# define li_64(h) 0x##h##ull
- typedef unsigned __int64 uint_64t;
-# elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */
-# define BRG_UI64
-# define li_64(h) 0x##h##ui64
- typedef unsigned __int64 uint_64t;
-# elif defined( __sun ) && defined(ULONG_MAX) && ULONG_MAX == 0xfffffffful
-# define BRG_UI64
-# define li_64(h) 0x##h##ull
- typedef unsigned long long uint_64t;
-# elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
-# if UINT_MAX == 18446744073709551615u
-# define BRG_UI64
-# define li_64(h) 0x##h##u
- typedef unsigned int uint_64t;
-# endif
-# elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
-# if ULONG_MAX == 18446744073709551615ul
-# define BRG_UI64
-# define li_64(h) 0x##h##ul
- typedef unsigned long uint_64t;
-# endif
-# elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
-# if ULLONG_MAX == 18446744073709551615ull
-# define BRG_UI64
-# define li_64(h) 0x##h##ull
- typedef unsigned long long uint_64t;
-# endif
-# elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
-# if ULONG_LONG_MAX == 18446744073709551615ull
-# define BRG_UI64
-# define li_64(h) 0x##h##ull
- typedef unsigned long long uint_64t;
-# endif
-# endif
-#endif
-
-#if defined( NEED_UINT_64T ) && !defined( BRG_UI64 )
-# error Please define uint_64t as an unsigned 64 bit type in brg_types.h
-#endif
-
-#ifndef RETURN_VALUES
-# define RETURN_VALUES
-# if defined( DLL_EXPORT )
-# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
-# define VOID_RETURN __declspec( dllexport ) void __stdcall
-# define INT_RETURN __declspec( dllexport ) int __stdcall
-# elif defined( __GNUC__ )
-# define VOID_RETURN __declspec( __dllexport__ ) void
-# define INT_RETURN __declspec( __dllexport__ ) int
-# else
-# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
-# endif
-# elif defined( DLL_IMPORT )
-# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
-# define VOID_RETURN __declspec( dllimport ) void __stdcall
-# define INT_RETURN __declspec( dllimport ) int __stdcall
-# elif defined( __GNUC__ )
-# define VOID_RETURN __declspec( __dllimport__ ) void
-# define INT_RETURN __declspec( __dllimport__ ) int
-# else
-# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
-# endif
-# elif defined( __WATCOMC__ )
-# define VOID_RETURN void __cdecl
-# define INT_RETURN int __cdecl
-# else
-# define VOID_RETURN void
-# define INT_RETURN int
-# endif
-#endif
-
-/* These defines are used to declare buffers in a way that allows
- faster operations on longer variables to be used. In all these
- defines 'size' must be a power of 2 and >= 8
-
- dec_unit_type(size,x) declares a variable 'x' of length
- 'size' bits
-
- dec_bufr_type(size,bsize,x) declares a buffer 'x' of length 'bsize'
- bytes defined as an array of variables
- each of 'size' bits (bsize must be a
- multiple of size / 8)
-
- ptr_cast(x,size) casts a pointer to a pointer to a
- varaiable of length 'size' bits
-*/
-
-#define ui_type(size) uint_##size##t
-#define dec_unit_type(size,x) typedef ui_type(size) x
-#define dec_bufr_type(size,bsize,x) typedef ui_type(size) x[bsize / (size >> 3)]
-#define ptr_cast(x,size) ((ui_type(size)*)(x))
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue Date: 01/08/2005
-
- This is a byte oriented version of SHA1 that operates on arrays of bytes
- stored in memory.
-*/
-
-#include <string.h> /* for memcpy() etc. */
-
-#include "sha1.h"
-//#include "brg_endian.h"
-#include "bg2zrtp.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
-#pragma intrinsic(memcpy)
-#endif
-
-#if 0 && defined(_MSC_VER)
-#define rotl32 _lrotl
-#define rotr32 _lrotr
-#else
-#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
-#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
-#endif
-
-#if !defined(bswap_32)
-#define bswap_32(x) ((rotr32((x), 24) & 0x00ff00ff) | (rotr32((x), 8) & 0xff00ff00))
-#endif
-
-#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
-#define SWAP_BYTES
-#else
-#undef SWAP_BYTES
-#endif
-
-#if defined(SWAP_BYTES)
-#define bsw_32(p,n) \
- { int _i = (n); while(_i--) ((uint_32t*)p)[_i] = bswap_32(((uint_32t*)p)[_i]); }
-#else
-#define bsw_32(p,n)
-#endif
-
-#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
-
-#if 0
-
-#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
-#define parity(x,y,z) ((x) ^ (y) ^ (z))
-#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#else /* Discovered by Rich Schroeppel and Colin Plumb */
-
-#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-#define parity(x,y,z) ((x) ^ (y) ^ (z))
-#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
-
-#endif
-
-/* Compile 64 bytes of hash data into SHA1 context. Note */
-/* that this routine assumes that the byte order in the */
-/* ctx->wbuf[] at this point is in such an order that low */
-/* address bytes in the ORIGINAL byte stream will go in */
-/* this buffer to the high end of 32-bit words on BOTH big */
-/* and little endian systems */
-
-#ifdef ARRAY
-#define q(v,n) v[n]
-#else
-#define q(v,n) v##n
-#endif
-
-#define one_cycle(v,a,b,c,d,e,f,k,h) \
- q(v,e) += rotr32(q(v,a),27) + \
- f(q(v,b),q(v,c),q(v,d)) + k + h; \
- q(v,b) = rotr32(q(v,b), 2)
-
-#define five_cycle(v,f,k,i) \
- one_cycle(v, 0,1,2,3,4, f,k,hf(i )); \
- one_cycle(v, 4,0,1,2,3, f,k,hf(i+1)); \
- one_cycle(v, 3,4,0,1,2, f,k,hf(i+2)); \
- one_cycle(v, 2,3,4,0,1, f,k,hf(i+3)); \
- one_cycle(v, 1,2,3,4,0, f,k,hf(i+4))
-
-VOID_RETURN sha1_compile(sha1_ctx ctx[1])
-{ uint_32t *w = ctx->wbuf;
-
-#ifdef ARRAY
- uint_32t v[5];
- memcpy(v, ctx->hash, 5 * sizeof(uint_32t));
-#else
- uint_32t v0, v1, v2, v3, v4;
- v0 = ctx->hash[0]; v1 = ctx->hash[1];
- v2 = ctx->hash[2]; v3 = ctx->hash[3];
- v4 = ctx->hash[4];
-#endif
-
-#define hf(i) w[i]
-
- five_cycle(v, ch, 0x5a827999, 0);
- five_cycle(v, ch, 0x5a827999, 5);
- five_cycle(v, ch, 0x5a827999, 10);
- one_cycle(v,0,1,2,3,4, ch, 0x5a827999, hf(15)); \
-
-#undef hf
-#define hf(i) (w[(i) & 15] = rotl32( \
- w[((i) + 13) & 15] ^ w[((i) + 8) & 15] \
- ^ w[((i) + 2) & 15] ^ w[(i) & 15], 1))
-
- one_cycle(v,4,0,1,2,3, ch, 0x5a827999, hf(16));
- one_cycle(v,3,4,0,1,2, ch, 0x5a827999, hf(17));
- one_cycle(v,2,3,4,0,1, ch, 0x5a827999, hf(18));
- one_cycle(v,1,2,3,4,0, ch, 0x5a827999, hf(19));
-
- five_cycle(v, parity, 0x6ed9eba1, 20);
- five_cycle(v, parity, 0x6ed9eba1, 25);
- five_cycle(v, parity, 0x6ed9eba1, 30);
- five_cycle(v, parity, 0x6ed9eba1, 35);
-
- five_cycle(v, maj, 0x8f1bbcdc, 40);
- five_cycle(v, maj, 0x8f1bbcdc, 45);
- five_cycle(v, maj, 0x8f1bbcdc, 50);
- five_cycle(v, maj, 0x8f1bbcdc, 55);
-
- five_cycle(v, parity, 0xca62c1d6, 60);
- five_cycle(v, parity, 0xca62c1d6, 65);
- five_cycle(v, parity, 0xca62c1d6, 70);
- five_cycle(v, parity, 0xca62c1d6, 75);
-
-#ifdef ARRAY
- ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
- ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
- ctx->hash[4] += v[4];
-#else
- ctx->hash[0] += v0; ctx->hash[1] += v1;
- ctx->hash[2] += v2; ctx->hash[3] += v3;
- ctx->hash[4] += v4;
-#endif
-}
-
-VOID_RETURN sha1_begin(sha1_ctx ctx[1])
-{
- ctx->count[0] = ctx->count[1] = 0;
- ctx->hash[0] = 0x67452301;
- ctx->hash[1] = 0xefcdab89;
- ctx->hash[2] = 0x98badcfe;
- ctx->hash[3] = 0x10325476;
- ctx->hash[4] = 0xc3d2e1f0;
-}
-
-/* SHA1 hash data in an array of bytes into hash buffer and */
-/* call the hash_compile function as required. */
-
-VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1])
-{
- uint_32t pos = (uint_32t)(ctx->count[0] & SHA1_MASK),
- space = SHA1_BLOCK_SIZE - pos;
- const unsigned char *sp = data;
-
- if((ctx->count[0] += len) < len)
- ++(ctx->count[1]);
-
- while(len >= space) /* tranfer whole blocks if possible */
- {
- memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
- sp += space; len -= space; space = SHA1_BLOCK_SIZE; pos = 0;
- bsw_32(ctx->wbuf, SHA1_BLOCK_SIZE >> 2);
- sha1_compile(ctx);
- }
-
- memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
-}
-
-/* SHA1 final padding and digest calculation */
-
-VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1])
-{ uint_32t i = (uint_32t)(ctx->count[0] & SHA1_MASK);
-
- /* put bytes in the buffer in an order in which references to */
- /* 32-bit words will put bytes with lower addresses into the */
- /* top of 32 bit words on BOTH big and little endian machines */
- bsw_32(ctx->wbuf, (i + 3) >> 2);
-
- /* we now need to mask valid bytes and add the padding which is */
- /* a single 1 bit and as many zero bits as necessary. Note that */
- /* we can always add the first padding byte here because the */
- /* buffer always has at least one empty slot */
- ctx->wbuf[i >> 2] &= 0xffffff80 << 8 * (~i & 3);
- ctx->wbuf[i >> 2] |= 0x00000080 << 8 * (~i & 3);
-
- /* we need 9 or more empty positions, one for the padding byte */
- /* (above) and eight for the length count. If there is not */
- /* enough space, pad and empty the buffer */
- if(i > SHA1_BLOCK_SIZE - 9)
- {
- if(i < 60) ctx->wbuf[15] = 0;
- sha1_compile(ctx);
- i = 0;
- }
- else /* compute a word index for the empty buffer positions */
- i = (i >> 2) + 1;
-
- while(i < 14) /* and zero pad all but last two positions */
- ctx->wbuf[i++] = 0;
-
- /* the following 32-bit length fields are assembled in the */
- /* wrong byte order on little endian machines but this is */
- /* corrected later since they are only ever used as 32-bit */
- /* word values. */
- ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
- ctx->wbuf[15] = ctx->count[0] << 3;
- sha1_compile(ctx);
-
- /* extract the hash value as bytes in case the hash buffer is */
- /* misaligned for 32-bit words */
- for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
- hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
-}
-
-VOID_RETURN bg_sha1(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha1_ctx cx[1];
-
- sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
-}
-
-#if defined(__cplusplus)
-}
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue Date: 01/08/2005
-*/
-
-#ifndef _SHA1_H
-#define _SHA1_H
-
-#include <stdlib.h>
-#include "brg_types.h"
-
-#define SHA1_BLOCK_SIZE 64
-#define SHA1_DIGEST_SIZE 20
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/* type to hold the SHA256 context */
-
-typedef struct
-{ uint_32t count[2];
- uint_32t hash[5];
- uint_32t wbuf[16];
-} sha1_ctx;
-
-/* Note that these prototypes are the same for both bit and */
-/* byte oriented implementations. However the length fields */
-/* are in bytes or bits as appropriate for the version used */
-/* and bit sequences are input as arrays of bytes in which */
-/* bit sequences run from the most to the least significant */
-/* end of each byte */
-
-VOID_RETURN sha1_compile(sha1_ctx ctx[1]);
-
-VOID_RETURN sha1_begin(sha1_ctx ctx[1]);
-VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1]);
-VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
-VOID_RETURN sha1(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue Date: 01/08/2005
-
- This is a byte oriented version of SHA2 that operates on arrays of bytes
- stored in memory. This code implements sha256, sha384 and sha512 but the
- latter two functions rely on efficient 64-bit integer operations that
- may not be very efficient on 32-bit machines
-
- The sha256 functions use a type 'sha256_ctx' to hold details of the
- current hash state and uses the following three calls:
-
- void sha256_begin(sha256_ctx ctx[1])
- void sha256_hash(const unsigned char data[],
- unsigned long len, sha256_ctx ctx[1])
- void sha_end1(unsigned char hval[], sha256_ctx ctx[1])
-
- The first subroutine initialises a hash computation by setting up the
- context in the sha256_ctx context. The second subroutine hashes 8-bit
- bytes from array data[] into the hash state withinh sha256_ctx context,
- the number of bytes to be hashed being given by the the unsigned long
- integer len. The third subroutine completes the hash calculation and
- places the resulting digest value in the array of 8-bit bytes hval[].
-
- The sha384 and sha512 functions are similar and use the interfaces:
-
- void sha384_begin(sha384_ctx ctx[1]);
- void sha384_hash(const unsigned char data[],
- unsigned long len, sha384_ctx ctx[1]);
- void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
-
- void sha512_begin(sha512_ctx ctx[1]);
- void sha512_hash(const unsigned char data[],
- unsigned long len, sha512_ctx ctx[1]);
- void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
-
- In addition there is a function sha2 that can be used to call all these
- functions using a call with a hash length parameter as follows:
-
- int sha2_begin(unsigned long len, sha2_ctx ctx[1]);
- void sha2_hash(const unsigned char data[],
- unsigned long len, sha2_ctx ctx[1]);
- void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
-
- My thanks to Erik Andersen <andersen@codepoet.org> for testing this code
- on big-endian systems and for his assistance with corrections
-*/
-
-#if 0
-#define UNROLL_SHA2 /* for SHA2 loop unroll */
-#endif
-
-#include <string.h> /* for memcpy() etc. */
-
-#include "sha2.h"
-
-//#include "brg_endian.h"
-#include "bg2zrtp.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
-#pragma intrinsic(memcpy)
-#endif
-
-#if 0 && defined(_MSC_VER)
-#define rotl32 _lrotl
-#define rotr32 _lrotr
-#else
-#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
-#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
-#endif
-
-#if !defined(bswap_32)
-#define bswap_32(x) ((rotr32((x), 24) & 0x00ff00ff) | (rotr32((x), 8) & 0xff00ff00))
-#endif
-
-#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
-#define SWAP_BYTES
-#else
-#undef SWAP_BYTES
-#endif
-
-#if 0
-
-#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
-#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#else /* Thanks to Rich Schroeppel and Colin Plumb for the following */
-
-#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
-
-#endif
-
-/* round transforms for SHA256 and SHA512 compression functions */
-
-#define vf(n,i) v[(n - i) & 7]
-
-#define hf(i) (p[i & 15] += \
- g_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g_0(p[(i + 1) & 15]))
-
-#define v_cycle(i,j) \
- vf(7,i) += (j ? hf(i) : p[i]) + k_0[i+j] \
- + s_1(vf(4,i)) + ch(vf(4,i),vf(5,i),vf(6,i)); \
- vf(3,i) += vf(7,i); \
- vf(7,i) += s_0(vf(0,i))+ maj(vf(0,i),vf(1,i),vf(2,i))
-
-#if defined(SHA_224) || defined(SHA_256)
-
-#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
-
-#if defined(SWAP_BYTES)
-#define bsw_32(p,n) \
- { int _i = (n); while(_i--) ((uint_32t*)p)[_i] = bswap_32(((uint_32t*)p)[_i]); }
-#else
-#define bsw_32(p,n)
-#endif
-
-#define s_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
-#define s_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
-#define g_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
-#define g_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
-#define k_0 k256
-
-/* rotated SHA256 round definition. Rather than swapping variables as in */
-/* FIPS-180, different variables are 'rotated' on each round, returning */
-/* to their starting positions every eight rounds */
-
-#define q(n) v##n
-
-#define one_cycle(a,b,c,d,e,f,g,h,k,w) \
- q(h) += s_1(q(e)) + ch(q(e), q(f), q(g)) + k + w; \
- q(d) += q(h); q(h) += s_0(q(a)) + maj(q(a), q(b), q(c))
-
-/* SHA256 mixing data */
-
-const uint_32t k256[64] =
-{ 0x428a2f98ul, 0x71374491ul, 0xb5c0fbcful, 0xe9b5dba5ul,
- 0x3956c25bul, 0x59f111f1ul, 0x923f82a4ul, 0xab1c5ed5ul,
- 0xd807aa98ul, 0x12835b01ul, 0x243185beul, 0x550c7dc3ul,
- 0x72be5d74ul, 0x80deb1feul, 0x9bdc06a7ul, 0xc19bf174ul,
- 0xe49b69c1ul, 0xefbe4786ul, 0x0fc19dc6ul, 0x240ca1ccul,
- 0x2de92c6ful, 0x4a7484aaul, 0x5cb0a9dcul, 0x76f988daul,
- 0x983e5152ul, 0xa831c66dul, 0xb00327c8ul, 0xbf597fc7ul,
- 0xc6e00bf3ul, 0xd5a79147ul, 0x06ca6351ul, 0x14292967ul,
- 0x27b70a85ul, 0x2e1b2138ul, 0x4d2c6dfcul, 0x53380d13ul,
- 0x650a7354ul, 0x766a0abbul, 0x81c2c92eul, 0x92722c85ul,
- 0xa2bfe8a1ul, 0xa81a664bul, 0xc24b8b70ul, 0xc76c51a3ul,
- 0xd192e819ul, 0xd6990624ul, 0xf40e3585ul, 0x106aa070ul,
- 0x19a4c116ul, 0x1e376c08ul, 0x2748774cul, 0x34b0bcb5ul,
- 0x391c0cb3ul, 0x4ed8aa4aul, 0x5b9cca4ful, 0x682e6ff3ul,
- 0x748f82eeul, 0x78a5636ful, 0x84c87814ul, 0x8cc70208ul,
- 0x90befffaul, 0xa4506cebul, 0xbef9a3f7ul, 0xc67178f2ul,
-};
-
-/* Compile 64 bytes of hash data into SHA256 digest value */
-/* NOTE: this routine assumes that the byte order in the */
-/* ctx->wbuf[] at this point is such that low address bytes */
-/* in the ORIGINAL byte stream will go into the high end of */
-/* words on BOTH big and little endian systems */
-
-VOID_RETURN sha256_compile(sha256_ctx ctx[1])
-{
-#if !defined(UNROLL_SHA2)
-
- uint_32t j, *p = ctx->wbuf, v[8];
-
- memcpy(v, ctx->hash, 8 * sizeof(uint_32t));
-
- for(j = 0; j < 64; j += 16)
- {
- v_cycle( 0, j); v_cycle( 1, j);
- v_cycle( 2, j); v_cycle( 3, j);
- v_cycle( 4, j); v_cycle( 5, j);
- v_cycle( 6, j); v_cycle( 7, j);
- v_cycle( 8, j); v_cycle( 9, j);
- v_cycle(10, j); v_cycle(11, j);
- v_cycle(12, j); v_cycle(13, j);
- v_cycle(14, j); v_cycle(15, j);
- }
-
- ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
- ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
- ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
- ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
-
-#else
-
- uint_32t *p = ctx->wbuf,v0,v1,v2,v3,v4,v5,v6,v7;
-
- v0 = ctx->hash[0]; v1 = ctx->hash[1];
- v2 = ctx->hash[2]; v3 = ctx->hash[3];
- v4 = ctx->hash[4]; v5 = ctx->hash[5];
- v6 = ctx->hash[6]; v7 = ctx->hash[7];
-
- one_cycle(0,1,2,3,4,5,6,7,k256[ 0],p[ 0]);
- one_cycle(7,0,1,2,3,4,5,6,k256[ 1],p[ 1]);
- one_cycle(6,7,0,1,2,3,4,5,k256[ 2],p[ 2]);
- one_cycle(5,6,7,0,1,2,3,4,k256[ 3],p[ 3]);
- one_cycle(4,5,6,7,0,1,2,3,k256[ 4],p[ 4]);
- one_cycle(3,4,5,6,7,0,1,2,k256[ 5],p[ 5]);
- one_cycle(2,3,4,5,6,7,0,1,k256[ 6],p[ 6]);
- one_cycle(1,2,3,4,5,6,7,0,k256[ 7],p[ 7]);
- one_cycle(0,1,2,3,4,5,6,7,k256[ 8],p[ 8]);
- one_cycle(7,0,1,2,3,4,5,6,k256[ 9],p[ 9]);
- one_cycle(6,7,0,1,2,3,4,5,k256[10],p[10]);
- one_cycle(5,6,7,0,1,2,3,4,k256[11],p[11]);
- one_cycle(4,5,6,7,0,1,2,3,k256[12],p[12]);
- one_cycle(3,4,5,6,7,0,1,2,k256[13],p[13]);
- one_cycle(2,3,4,5,6,7,0,1,k256[14],p[14]);
- one_cycle(1,2,3,4,5,6,7,0,k256[15],p[15]);
-
- one_cycle(0,1,2,3,4,5,6,7,k256[16],hf( 0));
- one_cycle(7,0,1,2,3,4,5,6,k256[17],hf( 1));
- one_cycle(6,7,0,1,2,3,4,5,k256[18],hf( 2));
- one_cycle(5,6,7,0,1,2,3,4,k256[19],hf( 3));
- one_cycle(4,5,6,7,0,1,2,3,k256[20],hf( 4));
- one_cycle(3,4,5,6,7,0,1,2,k256[21],hf( 5));
- one_cycle(2,3,4,5,6,7,0,1,k256[22],hf( 6));
- one_cycle(1,2,3,4,5,6,7,0,k256[23],hf( 7));
- one_cycle(0,1,2,3,4,5,6,7,k256[24],hf( 8));
- one_cycle(7,0,1,2,3,4,5,6,k256[25],hf( 9));
- one_cycle(6,7,0,1,2,3,4,5,k256[26],hf(10));
- one_cycle(5,6,7,0,1,2,3,4,k256[27],hf(11));
- one_cycle(4,5,6,7,0,1,2,3,k256[28],hf(12));
- one_cycle(3,4,5,6,7,0,1,2,k256[29],hf(13));
- one_cycle(2,3,4,5,6,7,0,1,k256[30],hf(14));
- one_cycle(1,2,3,4,5,6,7,0,k256[31],hf(15));
-
- one_cycle(0,1,2,3,4,5,6,7,k256[32],hf( 0));
- one_cycle(7,0,1,2,3,4,5,6,k256[33],hf( 1));
- one_cycle(6,7,0,1,2,3,4,5,k256[34],hf( 2));
- one_cycle(5,6,7,0,1,2,3,4,k256[35],hf( 3));
- one_cycle(4,5,6,7,0,1,2,3,k256[36],hf( 4));
- one_cycle(3,4,5,6,7,0,1,2,k256[37],hf( 5));
- one_cycle(2,3,4,5,6,7,0,1,k256[38],hf( 6));
- one_cycle(1,2,3,4,5,6,7,0,k256[39],hf( 7));
- one_cycle(0,1,2,3,4,5,6,7,k256[40],hf( 8));
- one_cycle(7,0,1,2,3,4,5,6,k256[41],hf( 9));
- one_cycle(6,7,0,1,2,3,4,5,k256[42],hf(10));
- one_cycle(5,6,7,0,1,2,3,4,k256[43],hf(11));
- one_cycle(4,5,6,7,0,1,2,3,k256[44],hf(12));
- one_cycle(3,4,5,6,7,0,1,2,k256[45],hf(13));
- one_cycle(2,3,4,5,6,7,0,1,k256[46],hf(14));
- one_cycle(1,2,3,4,5,6,7,0,k256[47],hf(15));
-
- one_cycle(0,1,2,3,4,5,6,7,k256[48],hf( 0));
- one_cycle(7,0,1,2,3,4,5,6,k256[49],hf( 1));
- one_cycle(6,7,0,1,2,3,4,5,k256[50],hf( 2));
- one_cycle(5,6,7,0,1,2,3,4,k256[51],hf( 3));
- one_cycle(4,5,6,7,0,1,2,3,k256[52],hf( 4));
- one_cycle(3,4,5,6,7,0,1,2,k256[53],hf( 5));
- one_cycle(2,3,4,5,6,7,0,1,k256[54],hf( 6));
- one_cycle(1,2,3,4,5,6,7,0,k256[55],hf( 7));
- one_cycle(0,1,2,3,4,5,6,7,k256[56],hf( 8));
- one_cycle(7,0,1,2,3,4,5,6,k256[57],hf( 9));
- one_cycle(6,7,0,1,2,3,4,5,k256[58],hf(10));
- one_cycle(5,6,7,0,1,2,3,4,k256[59],hf(11));
- one_cycle(4,5,6,7,0,1,2,3,k256[60],hf(12));
- one_cycle(3,4,5,6,7,0,1,2,k256[61],hf(13));
- one_cycle(2,3,4,5,6,7,0,1,k256[62],hf(14));
- one_cycle(1,2,3,4,5,6,7,0,k256[63],hf(15));
-
- ctx->hash[0] += v0; ctx->hash[1] += v1;
- ctx->hash[2] += v2; ctx->hash[3] += v3;
- ctx->hash[4] += v4; ctx->hash[5] += v5;
- ctx->hash[6] += v6; ctx->hash[7] += v7;
-#endif
-}
-
-/* SHA256 hash data in an array of bytes into hash buffer */
-/* and call the hash_compile function as required. */
-
-VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1])
-{ uint_32t pos = (uint_32t)(ctx->count[0] & SHA256_MASK),
- space = SHA256_BLOCK_SIZE - pos;
- const unsigned char *sp = data;
-
- if((ctx->count[0] += len) < len)
- ++(ctx->count[1]);
-
- while(len >= space) /* tranfer whole blocks while possible */
- {
- memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
- sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0;
- bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2)
- sha256_compile(ctx);
- }
-
- memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
-}
-
-/* SHA256 Final padding and digest calculation */
-
-static void sha_end1(unsigned char hval[], sha256_ctx ctx[1], const unsigned int hlen)
-{ uint_32t i = (uint_32t)(ctx->count[0] & SHA256_MASK);
-
- /* put bytes in the buffer in an order in which references to */
- /* 32-bit words will put bytes with lower addresses into the */
- /* top of 32 bit words on BOTH big and little endian machines */
- bsw_32(ctx->wbuf, (i + 3) >> 2)
-
- /* we now need to mask valid bytes and add the padding which is */
- /* a single 1 bit and as many zero bits as necessary. Note that */
- /* we can always add the first padding byte here because the */
- /* buffer always has at least one empty slot */
- ctx->wbuf[i >> 2] &= 0xffffff80 << 8 * (~i & 3);
- ctx->wbuf[i >> 2] |= 0x00000080 << 8 * (~i & 3);
-
- /* we need 9 or more empty positions, one for the padding byte */
- /* (above) and eight for the length count. If there is not */
- /* enough space pad and empty the buffer */
- if(i > SHA256_BLOCK_SIZE - 9)
- {
- if(i < 60) ctx->wbuf[15] = 0;
- sha256_compile(ctx);
- i = 0;
- }
- else /* compute a word index for the empty buffer positions */
- i = (i >> 2) + 1;
-
- while(i < 14) /* and zero pad all but last two positions */
- ctx->wbuf[i++] = 0;
-
- /* the following 32-bit length fields are assembled in the */
- /* wrong byte order on little endian machines but this is */
- /* corrected later since they are only ever used as 32-bit */
- /* word values. */
- ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
- ctx->wbuf[15] = ctx->count[0] << 3;
- sha256_compile(ctx);
-
- /* extract the hash value as bytes in case the hash buffer is */
- /* mislaigned for 32-bit words */
- for(i = 0; i < hlen; ++i)
- hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
-}
-
-#endif
-
-#if defined(SHA_224)
-
-const uint_32t i224[8] =
-{
- 0xc1059ed8ul, 0x367cd507ul, 0x3070dd17ul, 0xf70e5939ul,
- 0xffc00b31ul, 0x68581511ul, 0x64f98fa7ul, 0xbefa4fa4ul
-};
-
-VOID_RETURN sha224_begin(sha224_ctx ctx[1])
-{
- ctx->count[0] = ctx->count[1] = 0;
- memcpy(ctx->hash, i224, 8 * sizeof(uint_32t));
-}
-
-VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1])
-{
- sha_end1(hval, ctx, SHA224_DIGEST_SIZE);
-}
-
-VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha224_ctx cx[1];
-
- sha224_begin(cx);
- sha224_hash(data, len, cx);
- sha_end1(hval, cx, SHA224_DIGEST_SIZE);
-}
-
-#endif
-
-#if defined(SHA_256)
-
-const uint_32t i256[8] =
-{
- 0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul,
- 0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul
-};
-
-VOID_RETURN sha256_begin(sha256_ctx ctx[1])
-{
- ctx->count[0] = ctx->count[1] = 0;
- memcpy(ctx->hash, i256, 8 * sizeof(uint_32t));
-}
-
-VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1])
-{
- sha_end1(hval, ctx, SHA256_DIGEST_SIZE);
-}
-
-VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha256_ctx cx[1];
-
- sha256_begin(cx);
- sha256_hash(data, len, cx);
- sha_end1(hval, cx, SHA256_DIGEST_SIZE);
-}
-
-#endif
-
-#if defined(SHA_384) || defined(SHA_512)
-
-#define SHA512_MASK (SHA512_BLOCK_SIZE - 1)
-
-#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
-
-#if !defined(bswap_64)
-#define bswap_64(x) (((uint_64t)(bswap_32((uint_32t)(x)))) << 32 | bswap_32((uint_32t)((x) >> 32)))
-#endif
-
-#if defined(SWAP_BYTES)
-#define bsw_64(p,n) \
- { int _i = (n); while(_i--) ((uint_64t*)p)[_i] = bswap_64(((uint_64t*)p)[_i]); }
-#else
-#define bsw_64(p,n)
-#endif
-
-/* SHA512 mixing function definitions */
-
-#ifdef s_0
-# undef s_0
-# undef s_1
-# undef g_0
-# undef g_1
-# undef k_0
-#endif
-
-#define s_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39))
-#define s_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41))
-#define g_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7))
-#define g_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6))
-#define k_0 k512
-
-/* SHA384/SHA512 mixing data */
-
-const uint_64t k512[80] =
-{
- li_64(428a2f98d728ae22), li_64(7137449123ef65cd),
- li_64(b5c0fbcfec4d3b2f), li_64(e9b5dba58189dbbc),
- li_64(3956c25bf348b538), li_64(59f111f1b605d019),
- li_64(923f82a4af194f9b), li_64(ab1c5ed5da6d8118),
- li_64(d807aa98a3030242), li_64(12835b0145706fbe),
- li_64(243185be4ee4b28c), li_64(550c7dc3d5ffb4e2),
- li_64(72be5d74f27b896f), li_64(80deb1fe3b1696b1),
- li_64(9bdc06a725c71235), li_64(c19bf174cf692694),
- li_64(e49b69c19ef14ad2), li_64(efbe4786384f25e3),
- li_64(0fc19dc68b8cd5b5), li_64(240ca1cc77ac9c65),
- li_64(2de92c6f592b0275), li_64(4a7484aa6ea6e483),
- li_64(5cb0a9dcbd41fbd4), li_64(76f988da831153b5),
- li_64(983e5152ee66dfab), li_64(a831c66d2db43210),
- li_64(b00327c898fb213f), li_64(bf597fc7beef0ee4),
- li_64(c6e00bf33da88fc2), li_64(d5a79147930aa725),
- li_64(06ca6351e003826f), li_64(142929670a0e6e70),
- li_64(27b70a8546d22ffc), li_64(2e1b21385c26c926),
- li_64(4d2c6dfc5ac42aed), li_64(53380d139d95b3df),
- li_64(650a73548baf63de), li_64(766a0abb3c77b2a8),
- li_64(81c2c92e47edaee6), li_64(92722c851482353b),
- li_64(a2bfe8a14cf10364), li_64(a81a664bbc423001),
- li_64(c24b8b70d0f89791), li_64(c76c51a30654be30),
- li_64(d192e819d6ef5218), li_64(d69906245565a910),
- li_64(f40e35855771202a), li_64(106aa07032bbd1b8),
- li_64(19a4c116b8d2d0c8), li_64(1e376c085141ab53),
- li_64(2748774cdf8eeb99), li_64(34b0bcb5e19b48a8),
- li_64(391c0cb3c5c95a63), li_64(4ed8aa4ae3418acb),
- li_64(5b9cca4f7763e373), li_64(682e6ff3d6b2b8a3),
- li_64(748f82ee5defb2fc), li_64(78a5636f43172f60),
- li_64(84c87814a1f0ab72), li_64(8cc702081a6439ec),
- li_64(90befffa23631e28), li_64(a4506cebde82bde9),
- li_64(bef9a3f7b2c67915), li_64(c67178f2e372532b),
- li_64(ca273eceea26619c), li_64(d186b8c721c0c207),
- li_64(eada7dd6cde0eb1e), li_64(f57d4f7fee6ed178),
- li_64(06f067aa72176fba), li_64(0a637dc5a2c898a6),
- li_64(113f9804bef90dae), li_64(1b710b35131c471b),
- li_64(28db77f523047d84), li_64(32caab7b40c72493),
- li_64(3c9ebe0a15c9bebc), li_64(431d67c49c100d4c),
- li_64(4cc5d4becb3e42b6), li_64(597f299cfc657e2a),
- li_64(5fcb6fab3ad6faec), li_64(6c44198c4a475817)
-};
-
-/* Compile 128 bytes of hash data into SHA384/512 digest */
-/* NOTE: this routine assumes that the byte order in the */
-/* ctx->wbuf[] at this point is such that low address bytes */
-/* in the ORIGINAL byte stream will go into the high end of */
-/* words on BOTH big and little endian systems */
-
-VOID_RETURN sha512_compile(sha512_ctx ctx[1])
-{ uint_64t v[8], *p = ctx->wbuf;
- uint_32t j;
-
- memcpy(v, ctx->hash, 8 * sizeof(uint_64t));
-
- for(j = 0; j < 80; j += 16)
- {
- v_cycle( 0, j); v_cycle( 1, j);
- v_cycle( 2, j); v_cycle( 3, j);
- v_cycle( 4, j); v_cycle( 5, j);
- v_cycle( 6, j); v_cycle( 7, j);
- v_cycle( 8, j); v_cycle( 9, j);
- v_cycle(10, j); v_cycle(11, j);
- v_cycle(12, j); v_cycle(13, j);
- v_cycle(14, j); v_cycle(15, j);
- }
-
- ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
- ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
- ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
- ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
-}
-
-/* Compile 128 bytes of hash data into SHA256 digest value */
-/* NOTE: this routine assumes that the byte order in the */
-/* ctx->wbuf[] at this point is in such an order that low */
-/* address bytes in the ORIGINAL byte stream placed in this */
-/* buffer will now go to the high end of words on BOTH big */
-/* and little endian systems */
-
-VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1])
-{ uint_32t pos = (uint_32t)(ctx->count[0] & SHA512_MASK),
- space = SHA512_BLOCK_SIZE - pos;
- const unsigned char *sp = data;
-
- if((ctx->count[0] += len) < len)
- ++(ctx->count[1]);
-
- while(len >= space) /* tranfer whole blocks while possible */
- {
- memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
- sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0;
- bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3);
- sha512_compile(ctx);
- }
-
- memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
-}
-
-/* SHA384/512 Final padding and digest calculation */
-
-static void sha_end2(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen)
-{ uint_32t i = (uint_32t)(ctx->count[0] & SHA512_MASK);
-
- /* put bytes in the buffer in an order in which references to */
- /* 32-bit words will put bytes with lower addresses into the */
- /* top of 32 bit words on BOTH big and little endian machines */
- bsw_64(ctx->wbuf, (i + 7) >> 3);
-
- /* we now need to mask valid bytes and add the padding which is */
- /* a single 1 bit and as many zero bits as necessary. Note that */
- /* we can always add the first padding byte here because the */
- /* buffer always has at least one empty slot */
- ctx->wbuf[i >> 3] &= li_64(ffffffffffffff00) << 8 * (~i & 7);
- ctx->wbuf[i >> 3] |= li_64(0000000000000080) << 8 * (~i & 7);
-
- /* we need 17 or more empty byte positions, one for the padding */
- /* byte (above) and sixteen for the length count. If there is */
- /* not enough space pad and empty the buffer */
- if(i > SHA512_BLOCK_SIZE - 17)
- {
- if(i < 120) ctx->wbuf[15] = 0;
- sha512_compile(ctx);
- i = 0;
- }
- else
- i = (i >> 3) + 1;
-
- while(i < 14)
- ctx->wbuf[i++] = 0;
-
- /* the following 64-bit length fields are assembled in the */
- /* wrong byte order on little endian machines but this is */
- /* corrected later since they are only ever used as 64-bit */
- /* word values. */
- ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61);
- ctx->wbuf[15] = ctx->count[0] << 3;
- sha512_compile(ctx);
-
- /* extract the hash value as bytes in case the hash buffer is */
- /* misaligned for 32-bit words */
- for(i = 0; i < hlen; ++i)
- hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7)));
-}
-
-#endif
-
-#if defined(SHA_384)
-
-/* SHA384 initialisation data */
-
-const uint_64t i384[80] =
-{
- li_64(cbbb9d5dc1059ed8), li_64(629a292a367cd507),
- li_64(9159015a3070dd17), li_64(152fecd8f70e5939),
- li_64(67332667ffc00b31), li_64(8eb44a8768581511),
- li_64(db0c2e0d64f98fa7), li_64(47b5481dbefa4fa4)
-};
-
-VOID_RETURN sha384_begin(sha384_ctx ctx[1])
-{
- ctx->count[0] = ctx->count[1] = 0;
- memcpy(ctx->hash, i384, 8 * sizeof(uint_64t));
-}
-
-VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1])
-{
- sha_end2(hval, ctx, SHA384_DIGEST_SIZE);
-}
-
-VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha384_ctx cx[1];
-
- sha384_begin(cx);
- sha384_hash(data, len, cx);
- sha_end2(hval, cx, SHA384_DIGEST_SIZE);
-}
-
-#endif
-
-#if defined(SHA_512)
-
-/* SHA512 initialisation data */
-
-const uint_64t i512[80] =
-{
- li_64(6a09e667f3bcc908), li_64(bb67ae8584caa73b),
- li_64(3c6ef372fe94f82b), li_64(a54ff53a5f1d36f1),
- li_64(510e527fade682d1), li_64(9b05688c2b3e6c1f),
- li_64(1f83d9abfb41bd6b), li_64(5be0cd19137e2179)
-};
-
-VOID_RETURN sha512_begin(sha512_ctx ctx[1])
-{
- ctx->count[0] = ctx->count[1] = 0;
- memcpy(ctx->hash, i512, 8 * sizeof(uint_64t));
-}
-
-VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1])
-{
- sha_end2(hval, ctx, SHA512_DIGEST_SIZE);
-}
-
-VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha512_ctx cx[1];
-
- sha512_begin(cx);
- sha512_hash(data, len, cx);
- sha_end2(hval, cx, SHA512_DIGEST_SIZE);
-}
-
-#endif
-
-#if defined(SHA_2)
-
-#define CTX_224(x) ((x)->uu->ctx256)
-#define CTX_256(x) ((x)->uu->ctx256)
-#define CTX_384(x) ((x)->uu->ctx512)
-#define CTX_512(x) ((x)->uu->ctx512)
-
-/* SHA2 initialisation */
-
-INT_RETURN sha2_begin(unsigned long len, sha2_ctx ctx[1])
-{
- switch(len)
- {
-#if defined(SHA_224)
- case 224:
- case 28: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
- memcpy(CTX_256(ctx)->hash, i224, 32);
- ctx->sha2_len = 28; return EXIT_SUCCESS;
-#endif
-#if defined(SHA_256)
- case 256:
- case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
- memcpy(CTX_256(ctx)->hash, i256, 32);
- ctx->sha2_len = 32; return EXIT_SUCCESS;
-#endif
-#if defined(SHA_384)
- case 384:
- case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0;
- memcpy(CTX_384(ctx)->hash, i384, 64);
- ctx->sha2_len = 48; return EXIT_SUCCESS;
-#endif
-#if defined(SHA_512)
- case 512:
- case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0;
- memcpy(CTX_512(ctx)->hash, i512, 64);
- ctx->sha2_len = 64; return EXIT_SUCCESS;
-#endif
- default: return EXIT_FAILURE;
- }
-}
-
-VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1])
-{
- switch(ctx->sha2_len)
- {
-#if defined(SHA_224)
- case 28: sha224_hash(data, len, CTX_224(ctx)); return;
-#endif
-#if defined(SHA_256)
- case 32: sha256_hash(data, len, CTX_256(ctx)); return;
-#endif
-#if defined(SHA_384)
- case 48: sha384_hash(data, len, CTX_384(ctx)); return;
-#endif
-#if defined(SHA_512)
- case 64: sha512_hash(data, len, CTX_512(ctx)); return;
-#endif
- }
-}
-
-VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1])
-{
- switch(ctx->sha2_len)
- {
-#if defined(SHA_224)
- case 28: sha_end1(hval, CTX_224(ctx), SHA224_DIGEST_SIZE); return;
-#endif
-#if defined(SHA_256)
- case 32: sha_end1(hval, CTX_256(ctx), SHA256_DIGEST_SIZE); return;
-#endif
-#if defined(SHA_384)
- case 48: sha_end2(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return;
-#endif
-#if defined(SHA_512)
- case 64: sha_end2(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return;
-#endif
- }
-}
-
-INT_RETURN sha2(unsigned char hval[], unsigned long size,
- const unsigned char data[], unsigned long len)
-{ sha2_ctx cx[1];
-
- if(sha2_begin(size, cx) == EXIT_SUCCESS)
- {
- sha2_hash(data, len, cx); sha2_end(hval, cx); return EXIT_SUCCESS;
- }
- else
- return EXIT_FAILURE;
-}
-
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
+++ /dev/null
-/*
- ---------------------------------------------------------------------------
- Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
-
- LICENSE TERMS
-
- The free distribution and use of this software in both source and binary
- form is allowed (with or without changes) provided that:
-
- 1. distributions of this source code include the above copyright
- notice, this list of conditions and the following disclaimer;
-
- 2. distributions in binary form include the above copyright
- notice, this list of conditions and the following disclaimer
- in the documentation and/or other associated materials;
-
- 3. the copyright holder's name is not used to endorse products
- built using this software without specific written permission.
-
- ALTERNATIVELY, provided that this notice is retained in full, this product
- may be distributed under the terms of the GNU General Public License (GPL),
- in which case the provisions of the GPL apply INSTEAD OF those given above.
-
- DISCLAIMER
-
- This software is provided 'as is' with no explicit or implied warranties
- in respect of its properties, including, but not limited to, correctness
- and/or fitness for purpose.
- ---------------------------------------------------------------------------
- Issue Date: 01/08/2005
-*/
-
-#ifndef _SHA2_H
-#define _SHA2_H
-
-#include <stdlib.h>
-
-#define SHA_64BIT
-
-/* define the hash functions that you need */
-#define SHA_2 /* for dynamic hash length */
-#define SHA_224
-#define SHA_256
-#ifdef SHA_64BIT
-# define SHA_384
-# define SHA_512
-# define NEED_UINT_64T
-#endif
-
-#include "brg_types.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/* Note that the following function prototypes are the same */
-/* for both the bit and byte oriented implementations. But */
-/* the length fields are in bytes or bits as is appropriate */
-/* for the version used. Bit sequences are arrays of bytes */
-/* in which bit sequence indexes increase from the most to */
-/* the least significant end of each byte */
-
-#define SHA224_DIGEST_SIZE 28
-#define SHA224_BLOCK_SIZE 64
-#define SHA256_DIGEST_SIZE 32
-#define SHA256_BLOCK_SIZE 64
-
-/* type to hold the SHA256 (and SHA224) context */
-
-typedef struct
-{ uint_32t count[2];
- uint_32t hash[8];
- uint_32t wbuf[16];
-} sha256_ctx;
-
-typedef sha256_ctx sha224_ctx;
-
-VOID_RETURN sha256_compile(sha256_ctx ctx[1]);
-
-VOID_RETURN sha224_begin(sha224_ctx ctx[1]);
-#define sha224_hash sha256_hash
-VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1]);
-VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha256_begin(sha256_ctx ctx[1]);
-VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
-VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
-VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-#ifndef SHA_64BIT
-
-typedef struct
-{ union
- { sha256_ctx ctx256[1];
- } uu[1];
- uint_32t sha2_len;
-} sha2_ctx;
-
-#define SHA2_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
-
-#else
-
-#define SHA384_DIGEST_SIZE 48
-#define SHA384_BLOCK_SIZE 128
-#define SHA512_DIGEST_SIZE 64
-#define SHA512_BLOCK_SIZE 128
-#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
-
-/* type to hold the SHA384 (and SHA512) context */
-
-typedef struct
-{ uint_64t count[2];
- uint_64t hash[8];
- uint_64t wbuf[16];
-} sha512_ctx;
-
-typedef sha512_ctx sha384_ctx;
-
-typedef struct
-{ union
- { sha256_ctx ctx256[1];
- sha512_ctx ctx512[1];
- } uu[1];
- uint_32t sha2_len;
-} sha2_ctx;
-
-VOID_RETURN sha512_compile(sha512_ctx ctx[1]);
-
-VOID_RETURN sha384_begin(sha384_ctx ctx[1]);
-#define sha384_hash sha512_hash
-VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
-VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha512_begin(sha512_ctx ctx[1]);
-VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
-VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
-VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-INT_RETURN sha2_begin(unsigned long size, sha2_ctx ctx[1]);
-VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
-VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
-INT_RETURN sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
-
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
+++ /dev/null
-# -*- mode:conf -*-
-/*.a
-/*.o
-/Makefile
-/autom4te.cache/*
-/bnconfig.h
-/config.*
-/configure
+++ /dev/null
-1.1.4
-- Added bnBasePrecompCopy, bnDoubleBasePrecompExpMod, and corresponding
- lbn* functions.
-- Fixed some stupid bugs in bnExtractBigBytes and bnExtractLittleBytes
- when asking for more bytes than the numbers have.
-
-1.1.3
-1999-05-09
-- Added bnBasePrecompBegin, bnBasePrecompEnd and bnBasePrecompExpMod,
- and corresponding lbn* functions.
-- Added some rudimentary tests of the above to bntest.
-- Updated dsatest to use the new functions. Speedup on 1024 bits seems
- to be about 3x.
-
-1.1.2:
-1998-06-22
-- Added bnReadBit function
-- Fixed corruption in bnMakeOdd_16
-- Clarified comments in germain.c
-- Fixed nasty bug in lbnModQ_16 in lbn80386.asm
-- renamed rand parameter to randFunc in prime.c to avoid warnings
-
-1.1.1:
-- Cleaned up some test directory code
-
-1.1: Second public release
-
-- Generalized Sophie Germain primes to variable "orders",
- which is the number of 2*p+1 levels that are all prime.
- An order-0 primeis an ordinary prime. An order-1 prime is
- a Sophie Germain prime. An order-3 prime also has 4*p+3 prime.
- (Changed hours before release; I wonder if there are bugs?)
-- Figured out that if p and 2*p+1 are prime, it's p that's called
- a Sophie Germain prime, not 2*p+1. germain.c and germtest.c
- updated accordingly. 2*p+1 is called a "strong prime".
-- Updated to not use 16-bit MSDOS-isms like "cdecl" with GCC under GO32.
-- Fixed a bug in primeGen() that caused it to do strange things
- if the first number in the sieve passed.
-- Fixed a memory leak in lbnExpMod
-- Fixed bug in lbn80386.asm lbnModQ_32 (was a complete mess)
-- Fixed bug in bnDoubleExpMod (one-character change; masked a bug in SKIP!)
-- Fixed a bug in error recovery in lbnInv
-- Added out-of-memory checking to bntest
-- Installation documentation improved, especially for non-Unix platforms.
-- Preprocessor trickery made compatible with some ancient sort-of-ANSI
- compilers. To be precise:
- - Not liking "#if FOO" when FOO is not defined (ANSI says FOO is "0")
- - Not liking long constants without "l" (ANSI says all pp math is long)
-- bnInit() made redundant; now called automatically by bnBegin().
-- bnCmpQ(struct BigNum const *, unsigned) added.
-- Removed copyright disclaimers from some files so as not to confuse lawyers.
-- Spell-checked, corrected and improved comments in lbn16.c. Especially
- added a big description of Montgomery representation.
-- Added parens a few places to shut up compiler warnings.
-- Added 386 support for Unix and some GCC-specific inline assembler tricks.
-- Got rid of some warnings in lbn8086.h.
-- Improved PowerPC inline assembler for CodeWarrior 8.
-
-1.0: Initial release (unnumbered, retroactively named 1.0)
+++ /dev/null
-#
-# This code is pretty well tested, but not optimizing it will have
-# a *major* effect on speed, so its optimzation flags are separate
-# from the rest of the release.
-#
-# For the SPARC v8, at least, gcc produces a *much* faster library than
-# the SunPro C compiler. On a 50 MHz TI TMS390Z50 SuperSPARC:
-# 14.5 vs. 47.2 ms per 256-bit modular exponentiation.
-# 77.4 vs. 317.8 ms per 512-bit modular exponentiation.
-# 249.0 vs. 1031.5 ms per 1024-bit modular exponentiation
-#
-CC=@CC@
-# for libzrtp support
-CFLAGS=@CFLAGS@ @CPPFLAGS@ @WARN@ @TUNE@ @DEFS@ $(DEFINE) -I../../include -I../../include/enterprise -I../../projects/gnu/config -I../../third_party/bgaes
-srcdir=@srcdir@
-VPATH=@srcdir@
-
-# Extra object files (e.g. lbnalpha.o for Alpha assembly routines)
-AUXOBJS=
-# Extra definitions (e.g. -DBNINCLUDE=lbnalpha.h)
-DEFINE=
-
-SHELL = /bin/sh
-.SUFFIXES:
-.SUFFIXES: .c .h .o .s
-
-LD =$(CC)
-LDFLAGS =@LDFLAGS@
-LIBS=@LIBS@
-RANLIB=@RANLIB@
-
-# If you have a machine-specific assembly file, add it to AUXOBJS.
-OBJS = bn00.o lbn00.o bn.o lbnmem.o sieve.o prime.o \
- bnprint.o jacobi.o germain.o $(AUXOBJS)
-
-BNLIB = libbn.a
-
-# for libzrtp support
-all: $(BNLIB) bntest32.c bntest64.c
-# bntest germtest
-
-# for libzrtp support
-install: all
- test -d /usr/local/include/libzrtp || mkdir /usr/local/include/libzrtp
- cp *.h /usr/local/include/libzrtp
- cp 'libbn.a' '/usr/local/lib/libbn.a'
- chmod 644 /usr/local/lib/libbn.a
- chown 0:0 /usr/local/lib/libbn.a
- $(RANLIB) '/usr/local/lib/libbn.a'
-
-# for libzrtp support
-#check: bntest
-# ./bntest
-check:
-
-bntest: bntest00.o $(BNLIB)
- $(LD) $(LDFLAGS) -o $@ bntest00.o $(BNLIB) $(LIBS)
-
-germtest: germtest.o $(BNLIB)
- $(LD) $(LDFLAGS) -o $@ germtest.o $(BNLIB) $(LIBS)
-
-$(BNLIB): $(OBJS)
- $(AR) r $@ $?
- $(RANLIB) $@
-
-# Here we get tricky... if we're compiling with GCC, then GCCMAGIC1 and
-# GCCMAGIC2 are set so that we actually do a link, but with the -r flag
-# (produce relocatable output) and with -lgcc *only*. This is so that
-# the result can be linked cleanly with code compiled with another cc,
-# which doesn't know about -lgcc. Presumably the lbnXX.o file, which
-# has by far the most math in it, will have a call to every interesting
-# support-library function.
-
-lbn00.o: $(srcdir)/lbn00.c $(HDRS) bnconfig.h
- $(CC) $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir) -o $@ @GCCMAGIC1@ lbn00.c @GCCMAGIC2@
-
-lbn16.o: $(srcdir)/lbn16.c $(HDRS) bnconfig.h
- $(CC) $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir) -o $@ @GCCMAGIC1@ lbn16.c @GCCMAGIC2@
-
-lbn32.o: $(srcdir)/lbn32.c $(HDRS) bnconfig.h
- $(CC) $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir) -o $@ @GCCMAGIC1@ lbn32.c @GCCMAGIC2@
-
-lbn64.o: $(srcdir)/lbn64.c $(HDRS) bnconfig.h
- $(CC) $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir) -o $@ @GCCMAGIC1@ lbn64.c @GCCMAGIC2@
-
-# The default .o rule.
-.c.o: bnconfig.h
- $(CC) $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir) -o $@ -c $<
-
-# Extra, non-obvious dependencies. Bnlib can be compiled in three
-# word sizes, and the *00.c files #include the right .c files based
-# on <limits.h>, which means that a single compilation will only use a
-# subset of these files. Duplicated here in case someone regenerates
-# dependencies with cc -M and they get lost.
-
-lbn00.o: lbn16.c lbn32.c lbn64.c lbn16.h lbn32.h lbn64.h
-bn00.o: bn16.c bn32.c bn64.c bn16.h bn32.h bn64.h \
- bninit16.c bninit32.c bninit64.c
-bntest00.o: bntest16.c bntest32.c bntest64.c lbn16.h lbn32.h lbn64.h
-
-# Actual build commented out to prevent confusion by people without autoconf.
-# Do it manually for now.
-configure: configure.in
- @echo "configure script is out of date; run autoconf"
-# autoconf
-
-clean:
- $(RM) -f *.o *32.[ch] *64.[ch]
-
-distclean: clean
- -rm -f Makefile
-
-BNSOURCES = lbn32.c lbn32.h bn32.c bn32.h bninit32.c bntest32.c \
- lbn64.c lbn64.h bn64.c bn64.h bninit64.c bntest64.c
-
-# An explicit target that can be made before distribution for
-# machines that don't have sed.
-bnsources: $(BNSOURCES)
-
-# The 16-bit versions of the code are the master versions; all else is
-# generated from them. This fiddling about makes them unwriteable
-# to discourage improper edits.
-
-# (You didn't know that suffixes for suffix rules didn't have to begin
-# with a period, did you?)
-.SUFFIXES: 16.c 16.h 32.c 32.h 64.c 64.h
-16.c32.c:
- @test ! -f $@ -o -w $@ || chmod u+w $@ && test -w $@ || rm -f $@
- sed -e s/32/64/g -e s/16/32/g $< > $@
- @chmod a-w $@
-
-16.h32.h:
- @test ! -f $@ -o -w $@ || chmod u+w $@ && test -w $@ || rm -f $@
- sed -e s/32/64/g -e s/16/32/g $< > $@
- @chmod a-w $@
-
-16.c64.c:
- @test ! -f $@ -o -w $@ || chmod u+w $@ && test -w $@ || rm -f $@
- sed -e s/32/128/g -e s/16/64/g $< > $@
- @chmod a-w $@
-
-16.h64.h:
- @test ! -f $@ -o -w $@ || chmod u+w $@ && test -w $@ || rm -f $@
- sed -e s/32/128/g -e s/16/64/g $< > $@
- @chmod a-w $@
-
-### Dependencies
-bn.o: bn.c bn.h
-bn00.o: bn00.c bnsize00.h lbn.h bn16.c bn32.c bn64.c lbn16.c lbn32.h \
- lbn64.h lbnmem.h bn16.h bn32.h bn64.h bn.h kludge.h bninit16.c \
- bninit32.c bninit64.c
-bn16.o: bn16.c lbn.h lbn16.h lbnmem.h bn16.h bn.h kludge.h
-bn32.o: bn32.c lbn.h lbn32.h lbnmem.h bn32.h bn.h kludge.h
-bn64.o: bn64.c lbn.h lbn64.h lbnmem.h bn64.h bn.h kludge.h
-bn68000.o: bn68000.c lbn.h lbn68000.h bn16.h bn32.h
-bn8086.o: bn8086.c lbn.h bn64.h lbn8086.h bn32.h
-bninit16.o: bninit16.c bn.h bn16.h
-bninit32.o: bninit32.c bn.h bn32.h
-bninit64.o: bninit64.c bn.h bn64.h
-bnprint.o: bnprint.c bn.h bnprint.h kludge.h
-bntest00.o: bntest00.c bnsize00.h lbn.h bntest16.c bntest32.c \
- bntest64.c cputime.h lbn16.h lbn32.h lbn64.h kludge.h
-bntest16.o: bntest16.c cputime.h lbn16.h lbn.h kludge.h
-bntest32.o: bntest32.c cputime.h lbn32.h lbn.h kludge.h
-bntest64.o: bntest64.c cputime.h lbn64.h lbn.h kludge.h
-germain.o: germain.c bn.h germain.h jacobi.h lbnmem.h sieve.h kludge.h
-germtest.o: germtest.c bn.h germain.h sieve.h cputime.h bnprint.h
-jacobi.o: jacobi.c bn.h jacobi.h
-lbn00.o: lbn00.c bnsize00.h lbn.h lbn16.c lbn16.h lbn32.c lbn32.h \
- lbn64.c lbn64.h lbnmem.h kludge.h
-lbn16.o: lbn16.c lbn.h lbn16.h lbnmem.h kludge.h
-lbn32.o: lbn32.c lbn.h lbn32.h lbnmem.h kludge.h
-lbn64.o: lbn64.c lbn.h lbn64.h lbnmem.h kludge.h
-lbn68000.o: lbn68000.c lbn.h lbn68000.h
-lbn68020.o: lbn68020.c lbn.h lbn68020.h
-lbnmem.o: lbnmem.c lbn.h lbnmem.h kludge.h
-lbnppc.o: lbnppc.c lbnppc.h ppcasm.h
-prime.o: prime.c bn.h lbnmem.h prime.h sieve.h kludge.h
-sieve.o: sieve.c bn.h sieve.h kludge.h
-sizetest.c: bnsize00.h
-
-distdir:
+++ /dev/null
-Welcome to my multiprecision math library! I'm a little bit proud
-of it, particularly its speed. If you have a machine for which
-assembly-language subroutines are available (you can probably guess
-from the filename), it will go even faster. Instructions for
-building the library with assembly subroutines are included later.
-
-Barring that, on many machines using GCC, the GNU C compiler, helps
-the speed significantly, because it not only supports "long long"
-64-bit data types, but it can perform operations on them in line.
-Some other compilers that support "long long" generate inefficient
-code for working with them.
-
-For a description of what the library does, see bn.doc. For a description
-of how it's organized, see bnintern.doc. For the real nitty-gritty,
-read the code. I'm very curious what you all think of it. One thing I
-tried to do was to comment it better than most, although that is more
-apparent in the lower-level parts of the code (the lbn* files) that I
-wrote first rather than the higher levels, when I didn't need comments
-to explain what I was doing to myself.
-
-I can't put a full number theory course in the comments, so there
-are some parts that are just going to be confusing unless you
-have the background. I'd rather not answer questions that elementary.
-But really, I can't stop you from saying whatever you want. If you'd
-like to send some comments, good or bad, send me some mail.
---
- -Colin <colin@nyx.net>
-
-
-** How to build the library
-
-For the full details of how all the bits go together, see bnintern.doc.
-If you're on a Unix machine, run the "configure" script (generated from
-configure.in using GNU autoconf) and it will set up the basic C version
-automatically. Assembly-language support is still configured by hand.
-(Just edit the generated Makefile.) If you're on another machine,
-you'll have to do everything by hand, although it's still not hard.
-
-This library works in three word sizes: 16, 32 and 64 bits. The limiting
-factor is that it needs a double-word multiply, so even a 64-bit SPARC
-must use the 32-bit code, because it only produces a 64-bit multiply
-result. The DEC Alpha, MIPS R4000 (and up) and the upcoming 64-bit
-PowerPC, however, can use the 64-bit version, as they provide access to
-the high 64 bits of an integer multiply result.
-
-Trying to compile the file "sizetest.c" will produce an error telling
-you what word size is needed. In the absence of any assembly-language
-support routines, if your compiler has 64-bit longs or 64-bit long longs,
-you'll get the 32-bit version. Otherwise, you'll get the 16-bit version.
-
-The shipped archive contains only the 16-bit version of six important
-source files: bn16.c, bn16.h, lbn16.c, lbn16.h, bninit16.c and bntest16.c.
-The 32- and 64-bit versions are produced by a trivial replacement process
-from those. They are built automatically on demand by the Unix Makefile;
-other platforms will have to build them by hand if needed.
-
-If you have the Unix stream editor sed, you can do:
- sed -e s/32/64/g -e s/16/32/g bn16.c > bn32.c
- sed -e s/32/64/g -e s/16/32/g bn16.h > bn32.h
- sed -e s/32/64/g -e s/16/32/g lbn16.c > lbn32.c
- sed -e s/32/64/g -e s/16/32/g lbn16.h > lbn32.h
- sed -e s/32/64/g -e s/16/32/g bninit16.c > bninit32.c
- sed -e s/32/64/g -e s/16/32/g bntest16.c > bntest32.c
-
-If you don't, you'll have to use your favourite text editor and manually:
- Copy bn16.c to bn32.c
- Copy bn16.h to bn32.h
- Copy lbn16.c to lbn32.c
- Copy lbn16.h to lbn32.h
- Copy bninit16.c to bninit32.c
- Copy bntest16.c to bntest32.c
- Edit bn32.c, bn32.h, lbn32.c, lbn32.h, bninit32.c and bntest32.c (*32.?)
- Globally replace all "32" by "64"
- Globally replace all "16" by "32"
-
-I don't know of any non-Unix platforms that can use the 64-bit version,
-so you probably won't need it, but the process is siliar, just replace
-every "32" with "128" and every "16" with "64".
-
-Once you have all the word size versions you need you can compile them.
-If you're compiling a pure C version, or even a simple assembly-language
-version, there are some special auto-size-detecting files that will
-figure out (at compile time, using <limits.h> and the C preprocessor)
-the largest size that it can compile and #include it. To compile that
-version, you need to compile the following files:
-
-- bn.c
-- bn00.c
-- lbn00.c
-- lbnmem.c
-- legal.c
-
-The file "bntest00.c" (see README.bntest) is a low-level test program
-that will check the correct operation of the core low-level routines of
-the library. It needs only lbn00.c, lbnmem.c and legal.c.
-
-The file "germtest.c" is a simple program to generate Sophie Germain
-primes which demonstrates the library's use. This uses the full library.
-
-
-** Adding assembly-language support routines
-
-It is possible to include some assembly-language primitives in this.
-For example, for the DEC Alpha primitives, you need to compile everything
-with the -DBNINCLUDE=lbnalpha.h flag (or somehow get the effect of
-"#define BNINCLUDE lbnalpha.h" in all of the code), and assemble and
-link in "lbnalpha.s".
-
-If you want to compile a specific version of the library, say the
-32-bit version, you need to compile together the following files:
-
-- bn.c
-- bn32.c
-- bninit32.c
-- lbn32.c
-- lbnmem.c
-- legal.c
-
-Note the extra "bninit32.c" file. It contains only the function
-"bnInit()" which does nothing but call "bnInit_32()". This is included in
-"bn00.c", but is separated out here so that you can compile the library
-for two word sizes and replace the bnInit() function with one that will
-select a version to initialize at run time! That's described later.
-
-To include assembly-language support routines for a given processor
-(as an example, I'll use the mythical "DLX" processor), compile all the
-C files with -DBNINCLUDE=lbndlx.h and (or somehow get the effect of
-"#define BNINCLUDE lbndlx.h" when compiling all the .c files), and
-assemble and link in the lbndlx.s assembly-language file.
-
-The fun comes when you compile a version of the library for two
-word sizes. This is currently only supported for the 680x0 and 80x86
-processors, which come in 16- and 32-bit versions, but this also makes
-sense on MIPS and PowerPC processors that have 32- and 64-bit versions.
-
-To do this, you need to compile the library in two word sizes and include
-a custom bndlx.c file that defines a smart bnInit() which chooses between
-the two. For the 80x8 family (or the 680x0 family), you want to compile
-the following with -DBNINCLUDE=lbn8086.h (or -DBNINCLUDE=lbn68000.h):
-
-- bn.c
-- bn16.c
-- bn32.c
-- lbn16.c
-- lbn32.c
-- lbnmem.c
-- legal.c
-- lbn8086.asm (or lbn68000.c and lbn68020.c for the 680x0)
-- bn8086.c (or bn68000.c for the 680x0)
-
-The lbn8086.asm file contains the assembly-language subroutines.
-The lbn8086.h file contains declarations for them and the
-necessary information to call them instead of the C versions
-The bn8086.c file contains the single function bnInit(), which
-determines the word size of the processor when called and calls
-bnInit_16() or bnInit_32(), as appropriate.
-
-To summarize:
-
-To build a (not necessarily optimal) version on any machine, do the following,
-or get your favourite make(1)-like utility to do it:
-
-- Compile bn.c, bn00.c, lbn00.c, lbnmem.c and legal.c, with as much
- optimization as possible.
-- Link all of the .o files together
-
-To build an MS-DOS version that will run well on an 8088 and up,
-compile with -DBNINCLUDE=lbn8086.h:
-
-- Compile bn.c, bn16.c, bn32.c, lbn16.c, lbn32.c, lbnmem.c, legal.c and
- bn8086.c, with -DBNINCLUDE=lbn8086.h
-- Assemble lbn8086.asm
-- Link all of the .obj files together
-
-To build an 80x86 WIN16 version (16-bit segmented addressing, 32-bit processor):
-
-- Compile bn.c, bn00.c (or bn32.c and bninit32.c), lbn00.c (or lbn32.c),
- lbnmem.c and legal.c, with -DBNINCLUDE=lbn8086.h
-- Assemble lbn8086.asm
-- Link all of the .obj files together
-
-To build an 80x86 WIN32 version (32-bit flat model),
-
-- Compile bn.c, bn00.c (or bn32.c and bninit32.c), lbn00.c (or lbn32.c),
- lbnmem.c and legal.c, with -DBNINCLUDE=lbn80386.h
-- Assemble lbn80386.asm
-- Link all of the .obj files together
-
-To build a Mac 68K version that will work well on a 68000 and up,
-
-- Compile bn.c, bn16.c, bn32.c, lbn16.c, lbn32.c, lbnmem.c, legal.c and
- bn8086.c, with -DBNINCLUDE=lbn68000.h (On Metrowerks, you may have to
- build your own precompiled header to achieve this effect.)
-- Assemble lbn68000.c and lbn68020.c
-- Link all of the .o files together
-
-To build a Mac 68K version which will only work on a 68020 or better,
-
-- Compile bn.c, bn00.c (or bn32.c and bninit32.c), lbn00.c (or lbn32.c),
- lbnmem.c and legal.c, with -DBNINCLUDE=lbn68020.h (On Metrowerks, you
- may have to build your own precompiled header to achieve this effect.)
-- Assemble lbn68020.c
-- Link all of the .o files together
-
-To build a Mac PowerPC version,
-
-- Compile bn.c, bn00.c (or bn32.c and bninit32.c), lbn00.c (or lbn32.c),
- lbnmem.c and legal.c, with -DBNINCLUDE=lbnppc.h (On Metrowerks, you
- may have to build your own precompiled header to achieve this effect.)
-- Assemble lbnppc.c
-- Link all of the .o files together
-
-To build a Unix 80x86 version (32-bit flat model, AT&T assembler mnemonics),
-
-- Compile bn.c, bn00.c (or bn32.c and bninit32.c), lbn00.c (or lbn32.c),
- lbnmem.c and legal.c, with -DBNINCLUDE=lbn80386.h
-- Assemble lbn80386.s
-- Link all of the .o files together
-
-To build a DEC Alpha version (64-bit math; this *screams*),
-
-- Compile bn.c, bn00.c (or bn64.c and bninit64.c), lbn00.c (or lbn64.c),
- lbnmem.c and legal.c, with -DBNINCLUDE=lbnalpha.h
-- Assemble lbnalpha.s
-- Link all of the .o files together
+++ /dev/null
-Test driver for low-level BigNum library correctness.
-
-In addition to the generic "bntest" program, which picks a size
-at compile time, there are specific test drivers, bntest16,
-bntest32 and bntest64 that you can compile specifically, e.g.
-to test multiple word sizes.
-
-bntest is different from other programs in that it invokes the
-low-level BigNum functions directly. It need only be linked with
-lbnmem.o, lbn32.o and legal.o. This is not normally desirable, but
-it lets this test driver isolate errors better in the bottom-level
-primitives.
-
-It's served very well in tracking down errors. If you write some new
-assembly primitives and it doesn't find a problem with them, you
-can have a good deal of confidence that they're correct.
-
-This program also does timing tests on basic modular exponentiation.
-It is invoked as bntest [modsize [expsize [expsize2]]].
-If modsize is not specified, it only runs consistency checks.
-If expsize is not specified, it defaults to modsize.
-If expsize2 is not specified, it defaults to expsize.
-Invalid arguments produce a usage message.
-
-Example invocation lines:
-bntest
-bntest 512
-bntest 1024 160
+++ /dev/null
-This directory contains a stripped-down version of Colin Plumb's bnlib bignum package for ARM processors in minimal memory environments, such as embedded Wireless USB controllers. All unnecessary functions have been removed, and code has been reorganized for shrinking the memory footprint. These functions duplicate the functionality of similar functions in the main bnlib package, but with smaller memory footprints. Wireless USB only requires Diffie-Hellman, and little else.
-
-For more information, see the documentation in the main bnlib package, which is not in this directory. Or contact:
-
-Philip Zimmermann <prz@mit.edu>
-October 2007
+++ /dev/null
-/*
- * Test driver for low-level bignum library (16-bit version).
- * This access the low-level library directly. It is NOT an example of
- * how to program with the library normally! By accessing the library
- * at a low level, it is possible to exercise the smallest components
- * and thus localize bugs more accurately. This is especially useful
- * when writing assembly-language primitives.
- *
- * This also does timing tests on modular exponentiation. Modular
- * exponentiation is so computationally expensive that the fact that this
- * code omits one level of interface glue has no perceptible effect on
- * the results.
- */
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#include <stdio.h>
-
-#if !NO_STDLIB_H
-#include <stdlib.h> /* For strtol */
-#else
-long strtol(const char *, char **, int);
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "cputime.h"
-#include "lbn16.h"
-
-#include "kludge.h"
-
-#if BNYIELD
-int (*bnYield)(void) = 0;
-#endif
-
-/* Work with up to 2048-bit numbers */
-#define MAXBITS 3072
-#define SIZE (MAXBITS/16 + 1)
-
-/* Additive congruential random number generator, x[i] = x[i-24] + x[i-55] */
-static BNWORD16 randp[55];
-static BNWORD16 *randp1 = randp, *randp2 = randp+24;
-
-static BNWORD16
-rand16(void)
-{
- if (++randp2 == randp+55) {
- randp2 = randp;
- randp1++;
- } else if (++randp1 == randp+55) {
- randp1 = randp;
- }
-
- return *randp1 += *randp2;
-}
-
-/*
- * CRC-3_2: x^3_2+x^26+x^23+x^22+x^1_6+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1
- *
- * The additive congruential RNG is seeded with a single integer,
- * which is shuffled with a CRC polynomial to generate the initial
- * table values. The Polynomial is the same size as the words being
- * used.
- *
- * Thus, in the various versions of this library, we actually use this
- * polynomial as-is, this polynomial mod x^17, and this polynomial with
- * the leading coefficient deleted and replaced with x^6_4. As-is,
- * it's irreducible, so it has a long period. Modulo x^17, it factors as
- * (x^4+x^3+x^2+x+1) * (x^12+x^11+x^8+x^7+x^6+x^5+x^4+x^3+1),
- * which still has a large enough period (4095) for the use it's put to.
- * With the leading coefficient moved up, it factors as
- * (x^50+x^49+x^48+x^47+x^46+x^43+x^41+x^40+x^38+x^37+x^36+x^35+x^34+x^33+
- * x^31+x^30+x^29+x^28+x^27+x^25+x^23+x^18+x^1_6+x^15+x^14+x^13+x^11+x^9+
- * x^8+x^7+x^6+x^5+x^3+x^2+1)*(x^11+x^10+x^9+x^5+x^4+x^3+1)*(x^3+x+1),
- * which definitely has a long enough period to serve for initialization.
- *
- * The effort put into this PRNG is kind of unwarranted given the trivial
- * use it's being put to, but oh, well. It does have the nice advantage
- * of producing numbers that are portable between platforms, so if there's
- * a problem with one platform, you can compare all the intermediate
- * results with another platform.
- */
-#define POLY (BNWORD16)0x04c11db7
-
-static void
-srand16(BNWORD16 seed)
-{
- int i, j;
-
- for (i = 0; i < 55; i++) {
- for (j = 0; j < 16; j++)
- if (seed >> (16-1))
- seed = (seed << 1) ^ POLY;
- else
- seed <<= 1;
- randp[i] = seed;
- }
- for (i = 0; i < 3*55; i ++)
- rand16();
-}
-
-static void
-randnum(BNWORD16 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = rand16();
-}
-
-static void
-bnprint16(BNWORD16 const *num, unsigned len)
-{
- BIGLITTLE(num -= len, num += len);
-
- while (len--)
- printf("%0*lX", 16/4, (unsigned long)BIGLITTLE(*num++,*--num));
-}
-
-static void
-bnput16(char const *prompt, BNWORD16 const *num, unsigned len)
-{
- fputs(prompt, stdout);
- bnprint16(num, len);
- putchar('\n');
-}
-
-/*
- * One of our tests uses a known prime. The following selections were
- * taken from the tables at the end of Hans Reisel's "Prime Numbers and
- * Computer Methods for Factorization", second edition - an excellent book.
- * (ISBN 0-8176-3743-5 ISBN 3-7323-3743-5)
- */
-#if 0
-/* P31=1839605 17620282 38179967 87333633 from the factors of 3^256+2^256 */
-static unsigned char const prime[] = {
- 0x17,0x38,0x15,0xBC,0x8B,0xBB,0xE9,0xEF,0x01,0xA9,0xFD,0x3A,0x01
-};
-#elif 0
-/* P48=40554942 04557502 46193993 36199835 4279613_2 73199617 from the same */
-static unsigned char const prime[] = {
- 0x47,0x09,0x77,0x07,0xCF,0xFD,0xE1,0x54,0x3E,0x24,
- 0xF7,0xF1,0x7A,0x3E,0x91,0x51,0xCC,0xC7,0xD4,0x01
-};
-#elif 0
-/*
- * P75 = 450 55287320 97906895 47687014 5808213_2
- * 05219565 99525911 39967932 66003_258 91979521
- * from the factors of 4^128+3+128
- * (The "026" and "062" are to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0xFF,0x00,0xFF,0x00,0xFF,0x01,0x06,0x4F,0xF8,0xED,
- 0xA3,0x37,0x23,0x2A,0x04,0xEA,0xF9,0x5F,0x30,0x4C,
- 0xAE,0xCD, 026,0x4E, 062,0x10,0x04,0x7D,0x0D,0x79,
- 0x01
-};
-#else
-/*
- * P75 = 632 85659796 45277755 9123_2190 67300940
- * 51844953 78793489 59444670 35675855 57440257
- * from the factors of 5^128+4^128
- * (The "026" is to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0x01,0x78,0x4B,0xA5,0xD3,0x30,0x03,0xEB,0x73,0xE6,
- 0x0F,0x4E,0x31,0x7D,0xBC,0xE2,0xA0,0xD4, 026,0x3F,
- 0x3C,0xEA,0x1B,0x44,0xAD,0x39,0xE7,0xE5,0xAD,0x19,
- 0x67,0x01
-};
-#endif
-
-static int
-usage(char const *name)
-{
- fprintf(stderr, "Usage: %s [modbits [expbits [expbits2]]\n"
-"With no arguments, just runs test suite. If modbits is given, runs\n"
-"quick validation test, then runs timing tests of modular exponentiation.\n"
-"If expbits is given, it is used as an exponent size, otherwise it defaults\n"
-"to the same as modbits. If expbits2 is given it is used as the second\n"
-"exponent size in the double-exponentiation tests, otherwise it defaults\n"
-"to the same as expbits. All are limited to %u bits.\n",
- name, (unsigned)MAXBITS);
- return 1;
-}
-
-/* for libzrtp support */
-int
-bntest_main(int argc, char **argv)
-{
- unsigned i, j, k, l, m;
- int z;
- BNWORD16 t, carry, borrow;
- BNWORD16 a[SIZE], b[SIZE], c[SIZE], d[SIZE];
- BNWORD16 e[SIZE], f[SIZE];
- static BNWORD16 entries[sizeof(prime)*2][(sizeof(prime)-1)/(16/8)+1];
- BNWORD16 *array[sizeof(prime)*2];
- unsigned long modbits = 0, expbits = 0, expbits2 = 0;
- char *p;
-#define A BIGLITTLE((a+SIZE),a)
-#define B BIGLITTLE((b+SIZE),b)
-#define C BIGLITTLE((c+SIZE),c)
-#define D BIGLITTLE((d+SIZE),d)
-#define E BIGLITTLE((e+SIZE),e)
-#define F BIGLITTLE((f+SIZE),f)
- static unsigned const smallprimes[] = {
- 2, 3, 5, 7, 11, 13, 17, 19, 23, 27, 29, 31, 37, 41, 43
- };
-
- /* Set up array for precomputed modexp */
- for (i = 0; i < sizeof(array)/sizeof(*array); i++)
- array[i] = entries[i] BIG(+ SIZE);
-
- srand16(1);
-
- puts(BIGLITTLE("Big-endian machine","Little-endian machine"));
-
- if (argc >= 2) {
- modbits = strtoul(argv[1], &p, 0);
- if (!modbits || *p) {
- fprintf(stderr, "Invalid modbits: %s\n", argv[1]);
- return usage(argv[0]);
- }
- }
- if (argc >= 3) {
- expbits = strtoul(argv[2], &p, 0);
- if (!expbits || *p) {
- fprintf(stderr, "Invalid expbits: %s\n", argv[2]);
- return usage(argv[0]);
- }
- expbits2 = expbits;
- }
- if (argc >= 4) {
- expbits2 = strtoul(argv[3], &p, 0);
- if (!expbits2 || *p) {
- fprintf(stderr, "Invalid expbits2: %s\n", argv[3]);
- return usage(argv[0]);
- }
- }
- if (argc >= 5) {
- fprintf(stderr, "Too many arguments: %s\n", argv[4]);
- return usage(argv[0]);
- }
-
- /* B is a nice not-so-little prime */
- lbnInsertBigBytes_16(B, prime, 0, sizeof(prime));
- ((unsigned char *)c)[0] = 0;
- lbnInsertBigBytes_16(B, (unsigned char *)c, sizeof(prime), 1);
- lbnExtractBigBytes_16(B, (unsigned char *)c, 0, sizeof(prime)+1);
- i = (sizeof(prime)-1)/(16/8)+1; /* Size of array in words */
- if (((unsigned char *)c)[0] ||
- memcmp(prime, (unsigned char *)c+1, sizeof(prime)) != 0)
- {
- printf("Input != output!:\n ");
- for (k = 0; k < sizeof(prime); k++)
- printf("%02X ", prime[k]);
- putchar('\n');
- for (k = 0; k < sizeof(prime)+1; k++)
- printf("%02X ", ((unsigned char *)c)[k]);
- putchar('\n');
- bnput16("p = ", B, i);
-
- }
-
- /* Timing test code - only if requested on the command line */
- if (modbits) {
- timetype start, stop;
- unsigned long cursec, expsec, twoexpsec, dblexpsec;
- unsigned curms, expms, twoexpms, dblexpms;
-
- expsec = twoexpsec = dblexpsec = 0;
- expms = twoexpms = dblexpms = 0;
-
- lbnCopy_16(C,B,i);
- lbnSub1_16(C,i,1); /* C is exponent: p-1 */
-
- puts("Testing modexp with a known prime. "
- "All results should be 1.");
- bnput16("p = ", B, i);
- bnput16("p-1 = ", C, i);
- z = lbnTwoExpMod_16(A, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("2^(p-1) mod p = ", A, i);
- for (j = 0; j < 10; j++) {
- randnum(A,i);
- (void)lbnDiv_16(D,A,i,B,i);
-
- bnput16("a = ", A, i);
- z = lbnExpMod_16(D, A, i, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^(p-1) mod p = ", D, i);
-#if 0
- z = lbnBasePrecompBegin_16(array, (sizeof(prime)*8+4)/5, 5,
- A, i, B, i);
- if (z < 0)
- goto nomem;
- BIGLITTLE(D[-1],D[0]) = -1;
- z = lbnBasePrecompExp_16(D, (BNWORD16 const * const *)array,
- 5, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^(p-1) mod p = ", D, i);
-#endif
- for (k = 0; k < 5; k++) {
- randnum(E,i);
- bnput16("e = ", E, i);
- z = lbnExpMod_16(D, A, i, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^e mod p = ", D, i);
-#if 0
- z = lbnBasePrecompExp_16(D, (BNWORD16 const * const *)array,
- 5, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^e mod p = ", D, i);
-#endif
- }
- }
-
- printf("\n"
- "Timing exponentiations modulo a %d-bit modulus, i.e.\n"
- "2^<%d> mod <%d> bits, <%d>^<%d> mod <%d> bits and\n"
- "<%d>^<%d> * <%d>^<%d> mod <%d> bits\n",
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits, (int)expbits2,
- (int)modbits);
-
- i = ((int)modbits-1)/16+1;
- k = ((int)expbits-1)/16+1;
- l = ((int)expbits2-1)/16+1;
- for (j = 0; j < 25; j++) {
- randnum(A,i); /* Base */
- randnum(B,k); /* Exponent */
- randnum(C,i); /* Modulus */
- randnum(D,i); /* Base2 */
- randnum(E,l); /* Exponent */
- /* Clip bases and mod to appropriate number of bits */
- t = ((BNWORD16)2<<((modbits-1)%16)) - 1;
- *(BIGLITTLE(A-i,A+i-1)) &= t;
- *(BIGLITTLE(C-i,C+i-1)) &= t;
- *(BIGLITTLE(D-i,D+i-1)) &= t;
- /* Make modulus large (msbit set) and odd (lsbit set) */
- *(BIGLITTLE(C-i,C+i-1)) |= (t >> 1) + 1;
- BIGLITTLE(C[-1],C[0]) |= 1;
-
- /* Clip exponent to appropriate number of bits */
- t = ((BNWORD16)2<<((expbits-1)%16)) - 1;
- *(BIGLITTLE(B-k,B+k-1)) &= t;
- /* Make exponent large (msbit set) */
- *(BIGLITTLE(B-k,B+k-1)) |= (t >> 1) + 1;
- /* The same for exponent 2 */
- t = ((BNWORD16)2<<((expbits2-1)%16)) - 1;
- *(BIGLITTLE(E-l,E+l-1)) &= t;
- *(BIGLITTLE(E-l,E+l-1)) |= (t >> 1) + 1;
-
- m = lbnBits_16(A, i);
- if (m > (unsigned)modbits) {
- bnput16("a = ", a, i);
- printf("%u bits, should be <= %d\n",
- m, (int)modbits);
- }
- m = lbnBits_16(B, k);
- if (m != (unsigned)expbits) {
- bnput16("b = ", b, i);
- printf("%u bits, should be %d\n",
- m, (int)expbits);
- }
- m = lbnBits_16(C, i);
- if (m != (unsigned)modbits) {
- bnput16("c = ", c, k);
- printf("%u bits, should be %d\n",
- m, (int)modbits);
- }
- m = lbnBits_16(D, i);
- if (m > (unsigned)modbits) {
- bnput16("d = ", d, i);
- printf("%u bits, should be <= %d\n",
- m, (int)modbits);
- }
- m = lbnBits_16(E, l);
- if (m != (unsigned)expbits2) {
- bnput16("e = ", e, i);
- printf("%u bits, should be %d\n",
- m, (int)expbits2);
- }
- gettime(&start);
- z = lbnTwoExpMod_16(A, B, k, C, i);
- if (z < 0)
- goto nomem;
- gettime(&stop);
- subtime(stop, start);
- twoexpsec += cursec = sec(stop);
- twoexpms += curms = msec(stop);
-
- printf("2^<%d>:%4lu.%03u ", (int)expbits, cursec, curms);
- fflush(stdout);
-
- gettime(&start);
- z = lbnExpMod_16(A, A, i, B, k, C, i);
- if (z < 0)
- goto nomem;
- gettime(&stop);
- subtime(stop, start);
- expsec += cursec = sec(stop);
- expms += curms = msec(stop);
- printf("<%d>^<%d>:%4lu.%03u ",(int)modbits, (int)expbits,
- cursec, curms);
- fflush(stdout);
-
-#if 0
- gettime(&start);
- z = lbnDoubleExpMod_16(D, A, i, B, k, D, i, E, l,C,i);
- if (z < 0)
- goto nomem;
- gettime(&stop);
- subtime(stop, start);
- dblexpsec += cursec = sec(stop);
- dblexpms += curms = msec(stop);
- printf("<%d>^<%d>*<%d>^<%d>:%4lu.%03u\n",
- (int)modbits, (int)expbits,
- (int)modbits, (int)expbits2,
- cursec, curms);
-#else
- putchar('\n');
-#endif
- }
- twoexpms += (twoexpsec % j) * 1000;
- printf("2^<%d> mod <%d> bits AVERAGE: %4lu.%03u s\n",
- (int)expbits, (int)modbits, twoexpsec/j, twoexpms/j);
- expms += (expsec % j) * 1000;
- printf("<%d>^<%d> mod <%d> bits AVERAGE: %4lu.%03u s\n",
- (int)modbits, (int)expbits, (int)modbits, expsec/j, expms/j);
-#if 0
- dblexpms += (dblexpsec % j) * 1000;
- printf("<%d>^<%d> * <%d>^<%d> mod <%d> bits AVERAGE:"
- " %4lu.%03u s\n",
- (int)modbits, (int)expbits, (int)modbits,
- (int)expbits2,
- (int)modbits, dblexpsec/j, dblexpms/j);
-#endif
- putchar('\n');
- }
-
- printf("Beginning 1000 interations of sanity checking.\n");
- printf("Any output indicates a bug. No output is very strong\n");
- printf("evidence that all the important low-level bignum routines\n");
- printf("are working properly.\n");
-
- /*
- * If you change this loop to have an iteration 0, all results
- * are primted on that iteration. Useful to see what's going
- * on in case of major wierdness, but it produces a *lot* of
- * output.
- */
- for (j = 1; j <= 1000; j++) {
- /* Do the tests for lots of different number sizes. */
- for (i = 1; i <= SIZE/2; i++) {
- /* Make a random number i words long */
- do {
- randnum(A,i);
- } while (lbnNorm_16(A,i) < i);
-
- /* Checl lbnCmp - does a == a? */
- if (lbnCmp_16(A,A,i) || !j) {
- bnput16("a = ", A, i);
- printf("(a <=> a) = %d\n", lbnCmp_16(A,A,i));
- }
-
- memcpy(c, a, sizeof(a));
-
- /* Check that the difference, after copy, is good. */
- if (lbnCmp_16(A,C,i) || !j) {
- bnput16("a = ", A, i);
- bnput16("c = ", C, i);
- printf("(a <=> c) = %d\n", lbnCmp_16(A,C,i));
- }
-
- /* Generate a non-zero random t */
- do {
- t = rand16();
- } while (!t);
-
- /*
- * Add t to A. Check that:
- * - lbnCmp works in both directions, and
- * - A + t is greater than A. If there was a carry,
- * the result, less the carry, should be *less*
- * than A.
- */
- carry = lbnAdd1_16(A,i,t);
- if (lbnCmp_16(A,C,i) + lbnCmp_16(C,A,i) != 0 ||
- lbnCmp_16(A,C,i) != (carry ? -1 : 1) || !j)
- {
- bnput16("c = ", C, i);
- printf("t = %lX\n", (unsigned long)t);
- bnput16("a = c+t = ", A, i);
- printf("carry = %lX\n", (unsigned long)carry);
- printf("(a <=> c) = %d\n", lbnCmp_16(A,C,i));
- printf("(c <=> a) = %d\n", lbnCmp_16(C,A,i));
- }
-
- /* Subtract t again */
- memcpy(d, a, sizeof(a));
- borrow = lbnSub1_16(A,i,t);
-
- if (carry != borrow || lbnCmp_16(A,C,i) || !j) {
- bnput16("a = ", C, i);
- printf("t = %lX\n", (unsigned long)t);
- lbnAdd1_16(A,i,t);
- bnput16("a += t = ", A, i);
- printf("Carry = %lX\n", (unsigned long)carry);
- lbnSub1_16(A,i,t);
- bnput16("a -= t = ", A, i);
- printf("Borrow = %lX\n", (unsigned long)borrow);
- printf("(a <=> c) = %d\n", lbnCmp_16(A,C,i));
- }
-
- /* Generate a random B */
- do {
- randnum(B,i);
- } while (lbnNorm_16(B,i) < i);
-
- carry = lbnAddN_16(A,B,i);
- memcpy(d, a, sizeof(a));
- borrow = lbnSubN_16(A,B,i);
-
- if (carry != borrow || lbnCmp_16(A,C,i) || !j) {
- bnput16("a = ", C, i);
- bnput16("b = ", B, i);
- bnput16("a += b = ", D, i);
- printf("Carry = %lX\n", (unsigned long)carry);
- bnput16("a -= b = ", A, i);
- printf("Borrow = %lX\n", (unsigned long)borrow);
- printf("(a <=> c) = %d\n", lbnCmp_16(A,C,i));
- }
-
- /* D = B * t */
- lbnMulN1_16(D, B, i, t);
- memcpy(e, d, sizeof(e));
- /* D = A + B * t, "carry" is overflow */
- borrow = *(BIGLITTLE(D-i-1,D+i)) += lbnAddN_16(D,A,i);
-
- carry = lbnMulAdd1_16(A, B, i, t);
-
- /* Did MulAdd get the same answer as mul then add? */
- if (carry != borrow || lbnCmp_16(A, D, i) || !j) {
- bnput16("a = ", C, i);
- bnput16("b = ", B, i);
- printf("t = %lX\n", (unsigned long)t);
- bnput16("e = b * t = ", E, i+1);
- bnput16(" a + e = ", D, i+1);
- bnput16("a + b * t = ", A, i);
- printf("carry = %lX\n", (unsigned long)carry);
- }
-
- memcpy(d, a, sizeof(a));
- borrow = lbnMulSub1_16(A, B, i, t);
-
- /* Did MulSub perform the inverse of MulAdd */
- if (carry != borrow || lbnCmp_16(A,C,i) || !j) {
- bnput16(" a = ", C, i);
- bnput16(" b = ", B, i);
- bnput16("a += b*t = ", D, i);
- printf("Carry = %lX\n", (unsigned long)carry);
- bnput16("a -= b*t = ", A, i);
- printf("Borrow = %lX\n", (unsigned long)borrow);
- printf("(a <=> c) = %d\n", lbnCmp_16(A,C,i));
- bnput16("b*t = ", E, i+1);
- }
- /* At this point we're done with t, so it's scratch */
-#if 0
-/* Extra debug code */
- lbnMulN1_16(C, A, i, BIGLITTLE(B[-1],B[0]));
- bnput16("a * b[0] = ", C, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_16(BIGLITTLE(C-k,C+k), A, i,
- *(BIGLITTLE(B-1-k,B+k)));
- *(BIGLITTLE(C-i-k,C+i+k)) = carry;
- bnput16("a * b[x] = ", C, i+k+1);
- }
-
- lbnMulN1_16(D, B, i, BIGLITTLE(A[-1],A[0]));
- bnput16("b * a[0] = ", D, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_16(BIGLITTLE(D-k,D+k), B, i,
- *(BIGLITTLE(A-1-k,A+k)));
- *(BIGLITTLE(D-i-k,D+i+k)) = carry;
- bnput16("b * a[x] = ", D, i+k+1);
- }
-#endif
- /* Does Mul work both ways symmetrically */
- lbnMul_16(C,A,i,B,i);
- lbnMul_16(D,B,i,A,i);
- if (lbnCmp_16(C,D,i+i) || !j) {
- bnput16("a = ", A, i);
- bnput16("b = ", B, i);
- bnput16("a * b = ", C, i+i);
- bnput16("b * a = ", D, i+i);
- printf("(a*b <=> b*a) = %d\n",
- lbnCmp_16(C,D,i+i));
- }
- /* Check multiplication modulo some small things */
- /* 30030 = 2*3*5*11*13 */
- k = lbnModQ_16(C, i+i, 30030);
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_16(C, i+i, m);
- carry = lbnModQ_16(A, i, m);
- borrow = lbnModQ_16(B, i, m);
- if (t != (carry * borrow) % m) {
- bnput16("a = ", A, i);
- printf("a mod %u = %u\n", m,
- (unsigned)carry);
- bnput16("b = ", B, i);
- printf("b mod %u = %u\n", m,
- (unsigned)borrow);
- bnput16("a*b = ", C, i+i);
- printf("a*b mod %u = %u\n", m,
- (unsigned)t);
- printf("expected %u\n",
- (unsigned)((carry*borrow)%m));
- }
- /* Verify that (C % 30030) % m == C % m */
- if (m <= 13 && t != k % m) {
- printf("c mod 30030 = %u mod %u= %u\n",
- k, m, k%m);
- printf("c mod %u = %u\n",
- m, (unsigned)t);
- }
- }
-
- /* Generate an F less than A and B */
- do {
- randnum(F,i);
- } while (lbnCmp_16(F,A,i) >= 0 ||
- lbnCmp_16(F,B,i) >= 0);
-
- /* Add F to D (remember, D = A*B) */
- lbnAdd1_16(BIGLITTLE(D-i,D+i), i, lbnAddN_16(D, F, i));
- memcpy(c, d, sizeof(d));
-
- /*
- * Divide by A and check that quotient and remainder
- * match (remainder should be F, quotient should be B)
- */
- t = lbnDiv_16(E,C,i+i,A,i);
- if (t || lbnCmp_16(E,B,i) || lbnCmp_16(C, F, i) || !j) {
- bnput16("a = ", A, i);
- bnput16("b = ", B, i);
- bnput16("f = ", F, i);
- bnput16("a * b + f = ", D, i+i);
- printf("qhigh = %lX\n", (unsigned long)t);
- bnput16("(a*b+f) / a = ", E, i);
- bnput16("(a*b+f) % a = ", C, i);
- }
-
- memcpy(c, d, sizeof(d));
-
- /* Divide by B and check similarly */
- t = lbnDiv_16(E,C,i+i,B,i);
- if (lbnCmp_16(E,A,i) || lbnCmp_16(C, F, i) || !j) {
- bnput16("a = ", A, i);
- bnput16("b = ", B, i);
- bnput16("f = ", F, i);
- bnput16("a * b + f = ", D, i+i);
- printf("qhigh = %lX\n", (unsigned long)t);
- bnput16("(a*b+f) / b = ", E, i);
- bnput16("(a*b+f) % b = ", C, i);
- }
-
- /* Check that A*A == A^2 */
- lbnMul_16(C,A,i,A,i);
- lbnSquare_16(D,A,i);
- if (lbnCmp_16(C,D,i+i) || !j) {
- bnput16("a*a = ", C, i+i);
- bnput16("a^2 = ", D, i+i);
- printf("(a * a == a^2) = %d\n",
- lbnCmp_16(C,D,i+i));
- }
-#if 0
- /* Compute a GCD */
- lbnCopy_16(C,A,i);
- lbnCopy_16(D,B,i);
- z = lbnGcd_16(C, i, D, i, &k);
- if (z < 0)
- goto nomem;
- /* z = 1 if GCD in D; z = 0 if GCD in C */
-
- /* Approximate check that the GCD came out right */
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_16(z ? D : C, k, m);
- carry = lbnModQ_16(A, i, m);
- borrow = lbnModQ_16(B, i, m);
- if (!t != (!carry && !borrow)) {
- bnput16("a = ", A, i);
- printf("a mod %u = %u\n", m,
- (unsigned)carry);
- bnput16("b = ", B, i);
- printf("b mod %u = %u\n", m,
- (unsigned)borrow);
- bnput16("gcd(a,b) = ", z ? D : C, k);
- printf("gcd(a,b) mod %u = %u\n", m,
- (unsigned)t);
- }
- }
-#endif
-
- /*
- * Do some Montgomery operations
- * Start with A > B, and also place a copy of B into C.
- * Then make A odd so it can be a Montgomery modulus.
- */
- if (lbnCmp_16(A, B, i) < 0) {
- memcpy(c, a, sizeof(c));
- memcpy(a, b, sizeof(a));
- memcpy(b, c, sizeof(b));
- } else {
- memcpy(c, b, sizeof(c));
- }
- BIGLITTLE(A[-1],A[0]) |= 1;
-
- /* Convert to and from */
- lbnToMont_16(B, i, A, i);
- lbnFromMont_16(B, A, i);
- if (lbnCmp_16(B, C, i)) {
- memcpy(b, c, sizeof(c));
- bnput16("mod = ", A, i);
- bnput16("input = ", B, i);
- lbnToMont_16(B, i, A, i);
- bnput16("mont = ", B, i);
- lbnFromMont_16(B, A, i);
- bnput16("output = ", B, i);
- }
- /* E = B^5 (mod A), no Montgomery ops */
- lbnSquare_16(E, B, i);
- (void)lbnDiv_16(BIGLITTLE(E-i,E+i),E,i+i,A,i);
- lbnSquare_16(D, E, i);
- (void)lbnDiv_16(BIGLITTLE(D-i,D+i),D,i+i,A,i);
- lbnMul_16(E, D, i, B, i);
- (void)lbnDiv_16(BIGLITTLE(E-i,E+i),E,i+i,A,i);
-
- /* D = B^5, using ExpMod */
- BIGLITTLE(F[-1],F[0]) = 5;
- z = lbnExpMod_16(D, B, i, F, 1, A, i);
- if (z < 0)
- goto nomem;
- if (lbnCmp_16(D, E, i) || !j) {
- bnput16("mod = ", A, i);
- bnput16("input = ", B, i);
- bnput16("input^5 = ", E, i);
- bnput16("input^5 = ", D, i);
- printf("a>b (x <=> y) = %d\n",
- lbnCmp_16(D,E,i));
- }
- /* TODO: Test lbnTwoExpMod, lbnDoubleExpMod */
- } /* for (i) */
- printf("\r%d ", j);
- fflush(stdout);
- } /* for (j) */
- printf("%d iterations of up to %d 16-bit words completed.\n",
- j-1, i-1);
- return 0;
- nomem:
- printf("Out of memory\n");
- return 1;
-}
+++ /dev/null
-/* bnconfig.h. Generated automatically by configure. */
-/*
- * bnconfig.h -- Configuration file for BigNum library.
- *
- * This file is automatically filled in by configure.
- * Everything must start out turned *off*, because configure
- * (or, more properly, config.status) only knows how to turn them
- * *on*.
- */
-#ifndef CONFIG_H
-#define CONFIG_H
-
-/* Define to empty if the compiler does not support 'const' variables. */
-/* #undef const */
-
-/* Define to `unsigned' if <sys/types.h> doesn't define it. */
-/* #undef size_t */
-
-/* Checks for the presence and absence of various header files */
-#define HAVE_ASSERT_H 1
-#define NO_ASSERT_H !HAVE_ASSERT_H
-#define HAVE_LIMITS_H 1
-#define NO_LIMITS_H !HAVE_LIMITS_H
-#define HAVE_STDLIB_H 1
-#define NO_STDLIB_H !HAVE_STDLIB_H
-#define HAVE_STRING_H 1
-#define NO_STRING_H !HAVE_STRING_H
-
-#define HAVE_STRINGS_H 0
-
-/* We go to some trouble to find accurate times... */
-
-/* Define if you have Posix.4 glock_gettime() */
-#define HAVE_CLOCK_GETTIME 0
-/* Define if you have Solaris-style gethrvtime() */
-#define HAVE_GETHRVTIME 0
-/* Define if you have getrusage() */
-#define HAVE_GETRUSAGE 1
-/* Define if you have clock() */
-#define HAVE_CLOCK 1
-/* Define if you have time() */
-#define HAVE_TIME 1
-
-/*
- * Define as 0 if #including <sys/time.h> automatically
- * #includes <time.h>, and doing so explicitly causes an
- * error.
- */
-#define TIME_WITH_SYS_TIME 1
-
-/* Defines for various kinds of library brokenness */
-
-/* If not available, bcopy() is substituted */
-#define HAVE_MEMMOVE 1
-#define NO_MEMMOVE !HAVE_MEMMOVE
-#define HAVE_MEMCPY 1
-#define NO_MEMCPY !HAVE_MEMCPY
-
-#endif /* CONFIG_H */
+++ /dev/null
-#ifndef CPUTIME_H
-#define CPUTIME_H
-
-/*
- * Figure out what clock to use. Each possibility can be specifically
- * enabled or disabled by predefining USE_XXX to 1 or 0. For some,
- * the code attempts to detect availability automatically. If the
- * Symbols HAVE_XXX are defined, they are used. If not, they are
- * set to reasonable default assumptions while further conditions
- * are checked. The choices, and the ways they are auto-detected are:
- * - gethrvtime(), if HAVE_GETHRVTIME is set to 1.
- * - clock_gettime(CLOCK_VIRTUAL,...), if CLOCK_VIRTUAL is defined in <time.h>
- * - getrusage(RUSAGE_SELF,...), if RUSAGE_SELF is defined in <sys/resource.h>
- * - clock(), if CLOCKS_PER_SEC or CLK_TCK are defined in <time.h>
- * - time(), unless specifically disabled.
- *
- * The symbol CLOCK_AVAIL is given a value of 1 if a clock is found.
- * The following are then available:
- * timetype (typedef): the type needed to hold a clock value.
- * gettime(t) (macro): A function that gets passed a timetype *.
- * subtime(d,s) (macro): Sets d -= s, essentially.
- * msec(t) (macro): Given a timetype, return the number of milliseconds
- * in it, as an unsigned integer between 0 and 999.
- * sec(t) (macro): Given a timetype, return the number of seconds in it,
- * as an unsigned long integer.
- */
-
-/* We expect that our caller has already #included "bnconfig.h" if possible. */
-
-#ifndef unix
-#define unix 0
-#endif
-#ifndef __unix
-#define __unix 0
-#endif
-#ifndef __unix__
-#define __unix__ 0
-#endif
-
-#ifdef UNIX
-/* Nothing */
-#elif unix
-#define UNIX 1
-#elif __unix
-#define UNIX 1
-#elif __unix__
-#define UNIX 1
-#endif
-
-#ifndef UNIX
-#define UNIX 0
-#endif
-
-#ifndef TIME_WITH_SYS_TIME
-#define TIME_WITH_SYS_TIME 1 /* Assume true if not told */
-#endif
-#ifndef HAVE_SYS_TIME_H
-#define HAVE_SYS_TIME_H 0 /* Assume true if not told */
-#endif
-
-/*
- * Include <time.h> unless that would prevent us from later including
- * <sys/time.h>, in which case include *that* immediately.
- */
-#if TIME_WITH_SYS_TIME
-#include <time.h>
-#elif HAVE_SYS_TIME_H
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-
-#ifndef USE_GETHRVTIME
-#ifdef HAVE_GETHRVTIME
-#define USE_GETHRVTIME HAVE_GETHRVTIME
-#else
-#define USE_GETHRVTIME 0
-#endif
-#endif
-
-#if USE_GETHRVTIME
-#define CLOCK_AVAIL 1
-typedef hrtime_t timetype;
-#define gettime(t) *(t) = gethrvtime()
-#define subtime(d,s) d -= s
-#define msec(t) (unsigned)((t/1000000)%1000)
-#define sec(t) (unsigned long)(t/1000000000)
-
-#else
-#ifndef USE_CLOCK_GETTIME
-#define USE_CLOCK_GETTIME 0
-#ifndef HAVE_CLOCK_GETTIME
-#define HAVE_CLOCK_GETTIME 1 /* Assume the CLOCK_VIRTUAL test will catch */
-#endif
-/*
- * It turns out to be non-ANSI to use the apparently simpler construct
- * "#define USE_CLOCK_GETTIME defined(CLOCK_VIRTUAL)", since
- * "If the token defined is generated as a result of this replacement
- * process or use of the defined unary operator does not match one
- * of the two specified forms prior ro macro replacement, the behaviour
- * is undefined." (ANSI/ISO 9899-1990 section 6.8.1)
- * In practice, it breaks the DEC Alpha compiler.
- */
-#if HAVE_CLOCK_GETTIME
-#ifdef CLOCK_VIRTUAL
-#ifdef USE_CLOCK_GETTIME
-#undef USE_CLOCK_GETTIME
-#endif
-#define USE_CLOCK_GETTIME 1
-#endif
-#endif
-#endif
-
-#if USE_CLOCK_GETTIME
-#define CLOCK_AVAIL 1
-typedef struct timespec timetype;
-#define gettime(t) clock_gettime(CLOCK_VIRTUAL, t)
-#define subtime(d,s) \
- d.tv_sec -= s.tv_sec + (d.tv_nsec >= s.tv_nsec ? \
- (d.tv_nsec -= s.tv_nsec, 0) : \
- (d.tv_nsec += 1000000000-s.tv_nsec, 1))
-#define msec(t) (unsigned)(t.tv_nsec/1000000)
-#define sec(t) (unsigned long)(t.tv_sec)
-
-#else
-#if UNIX
-#ifndef HAVE_GETRUSAGE
-#define HAVE_GETRUSAGE 1
-#endif
-#endif /* UNIX */
-
-#define USE_GETRUSAGE 0
-
-/* AJR */
-/*#define HAVE_GETRUSAGE 0*/
-
-#include <sys/time.h>
-#if HAVE_GETRUSAGE
-#if TIME_WITH_SYS_TIME
-#ifndef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#elif HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#endif /* TIME_WITH_SYS_TIME */
-#include <sys/resource.h>
-
-#ifdef RUSAGE_SELF
-#undef USE_GETRUSAGE
-#define USE_GETRUSAGE 1
-#endif
-#endif /* HAVE_GETRUSAGE */
-
-#if USE_GETRUSAGE
-#define CLOCK_AVAIL 1
-typedef struct rusage timetype;
-#define gettime(t) getrusage(RUSAGE_SELF, t);
-#define subtime(d, s) \
- d.ru_utime.tv_sec -= s.ru_utime.tv_sec + \
- (d.ru_utime.tv_usec >= s.ru_utime.tv_usec ? \
- (d.ru_utime.tv_usec -= s.ru_utime.tv_usec, 0) : \
- (d.ru_utime.tv_usec += 1000000-s.ru_utime.tv_usec, 1))
-#define msec(t) (unsigned)(t.ru_utime.tv_usec/1000)
-#define sec(t) (unsigned long)(t.ru_utime.tv_sec)
-
-#else
-
-#ifndef HAVE_CLOCK
-#define HAVE_CLOCK 1
-#endif
-
-#define USE_CLOCK 0
-#define USE_TIME 0
-
-#if HAVE_CLOCK
-#ifndef CLOCKS_PER_SEC
-#ifdef CLK_TCK
-#define CLOCKS_PER_SEC CLK_TCK
-#endif
-#endif /* !defined(CLOCKS_PER_SEC) */
-
-#ifndef USE_CLOCK
-#ifdef CLOCKS_PER_SEC
-#define USE_CLOCK 1
-#endif
-#endif /* !defined(USE_CLOCK) */
-#endif /* HAVE_CLOCK */
-
-#if USE_CLOCK
-#define CLOCK_AVAIL 1
-typedef clock_t timetype;
-#define gettime(t) *(t) = clock()
-#define subtime(d, s) d -= s
-/*
- * I don't like having to do floating point math. CLOCKS_PER_SEC is
- * almost always an integer, and the most common non-integral case is
- * the MS-DOS wierdness of 18.2. We have to be a bit careful with the
- * casts, because ANSI C doesn't provide % with non-integral operands,
- * but just to be extra annoying, some implementations define it as an
- * integral-valued float. (E.g. Borland C++ 4.5 with 1000.0)
- */
-/* AJR #if ((unsigned)CLOCKS_PER_SEC == CLOCKS_PER_SEC)*/
-#if 1
- /* Integer CLOCKS_PER_SEC */
-
-#define sec(t) (unsigned long)(t/CLOCKS_PER_SEC)
-#define msec(t) (unsigned)(t % (unsigned)CLOCKS_PER_SEC * 1000 / \
- (unsigned)CLOCKS_PER_SEC)
-/* AJR #elif (CLOCKS_PER_SEC == 18.2)*/
-#elif 0
- /* MS-DOS-ism */
-
-#define sec(t) (unsigned long)(t*5 / 91)
-#define msec(t) (unsigned)(t*5 % 91 * 1000 / 91)
-
-#else /* We are forced to muck with floating point.... */
-
-#include <math.h> /* For floor() */
-#define sec(t) (unsigned long)(t/CLOCKS_PER_SEC)
-#define msec(t) (unsigned)((t - sec(t)*CLOCKS_PER_SEC) * 1000 / CLOCKS_PER_SEC)
-
-#endif
-
-#else
-
-#ifndef HAVE_TIME
-#define HAVE_TIME 1
-#endif
-
-#if HAVE_TIME
-#ifndef USE_TIME
-#define USE_TIME 1
-#endif
-#endif
-
-#if USE_TIME
-#define CLOCK_AVAIL 1
-typedef time_t timetype;
-#define gettime(t) time(t)
-#define subtime(d, s) d -= s
-#define msec(t) (unsigned)0
-#define sec(t) (unsigned long)t
-
-#endif /* USE_TIME */
-#endif /* USE_CLOCK */
-#endif /* USE_GETRUSAGE */
-#endif /* USE_CLOCK_GETTIME */
-#endif /* USE_GETHRVTIME */
-
-#endif /*CPUTIME_H*/
+++ /dev/null
-#ifndef KLUDGE_H
-#define KLUDGE_H
-
-/*
- * Kludges for not-quite-ANSI systems.
- * This should always be the last file included, because it may
- * mess up some system header files.
- */
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-
-#ifndef NO_MEMMOVE
-#define NO_MEMMOVE 0
-#endif
-#if NO_MEMMOVE /* memove() not in libraries */
-#define memmove(dest,src,len) bcopy(src,dest,len)
-#endif
-
-#ifndef NO_MEMCPY
-#define NO_MEMCPY 0
-#endif
-#if NO_MEMCPY /* memcpy() not in libraries */
-#define memcpy(dest,src,len) bcopy(src,dest,len)
-#endif
-
-/*
- * Borland C seems to think that it's a bad idea to decleare a
- * structure tag and not declare the contents. I happen to think
- * it's a *good* idea to use such "opaque" structures wherever
- * possible. So shut up.
- */
-#ifdef __BORLANDC__
-#pragma warn -stu
-#ifndef MSDOS
-#define MSDOS 1
-#endif
-#endif
-
-/* Turn off warning about negation of unsigned values */
-#ifdef _MSC_VER
-#pragma warning(disable:4146)
-#endif
-
-/* Cope with people forgetting to define the OS, if possible... */
-#ifndef MSDOS
-#ifdef __MSDOS
-#define MSDOS 1
-#endif
-#endif
-#ifndef MSDOS
-#ifdef __MSDOS__
-#define MSDOS 1
-#endif
-#endif
-
-/* By MS-DOS, we mean 16-bit brain-dead MS-DOS. Not GCC & GO32 */
-#ifdef __GO32
-#undef MSDOS
-#endif
-#ifdef __GO32__
-#undef MSDOS
-#endif
-
-#endif /* KLUDGE_H */
+++ /dev/null
-/*
- * lbn.h - Low-level bignum header.
- * Defines various word sizes and useful macros.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- */
-#ifndef LBN_H
-#define LBN_H
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_LIMITS_H
-#define NO_LIMITS_H 0
-#endif
-
-/* Make sure we have 8-bit bytes */
-#if !NO_LIMITS_H
-#include <limits.h>
-#if UCHAR_MAX != 0xff || CHAR_BIT != 8
-#error The bignum library requires 8-bit unsigned characters.
-#endif
-#endif /* !NO_LIMITS_H */
-
-#ifdef BNINCLUDE /* If this is defined as, say, foo.h */
-#define STR(x) #x /* STR(BNINCLUDE) -> "BNINCLUDE" */
-#define XSTR(x) STR(x) /* XSTR(BNINCLUDE) -> STR(foo.h) -> "foo.h" */
-#include XSTR(BNINCLUDE) /* #include "foo.h" */
-#undef XSTR
-#undef STR
-#endif
-
-/* Do we want bnYield()? */
-#ifndef BNYIELD
-#define BNYIELD 0
-#endif
-
-/* Figure out the endianness */
-/* Error if more than one is defined */
-#if defined(BN_BIG_ENDIAN) && defined(BN_LITTLE_ENDIAN)
-#error Only one of BN_BIG_ENDIAN or BN_LITTLE_ENDIAN may be defined
-#endif
-
-/*
- * If no preference is stated, little-endian C code is slightly more
- * efficient, so prefer that. (The endianness here does NOT have to
- * match the machine's native byte sex; the library's C code will work
- * either way. The flexibility is allowed for assembly routines
- * that do care.
- */
-#if !defined(BN_BIG_ENDIAN) && !defined(BN_LITTLE_ENDIAN)
-#define BN_LITTLE_ENDIAN 1
-#endif /* !BN_BIG_ENDIAN && !BN_LITTLE_ENDIAN */
-
-/* Macros to choose between big and little endian */
-#if defined(BN_BIG_ENDIAN)
-#define BIG(b) b
-#define LITTLE(l) /*nothing*/
-#define BIGLITTLE(b,l) b
-#elif BN_LITTLE_ENDIAN
-#define BIG(b) /*nothing*/
-#define LITTLE(l) l
-#define BIGLITTLE(b,l) l
-#else
-#error One of BN_BIG_ENDIAN or BN_LITTLE_ENDIAN must be defined as 1
-#endif
-
-
-/*
- * Find a 16-bit unsigned type.
- * Unsigned short is preferred over unsigned int to make the type chosen
- * by this file more stable on platforms (such as many 68000 compilers)
- * which support both 16- and 32-bit ints.
- */
-#ifndef BNWORD16
-#ifndef USHRT_MAX /* No <limits.h> available - guess */
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-#elif USHRT_MAX == 0xffff
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-#elif UINT_MAX == 0xffff
-typedef unsigned bnword16;
-#define BNWORD16 bnword16
-#endif
-#endif /* BNWORD16 */
-
-/*
- * Find a 32-bit unsigned type.
- * Unsigned long is preferred over unsigned int to make the type chosen
- * by this file more stable on platforms (such as many 68000 compilers)
- * which support both 16- and 32-bit ints.
- */
-#ifndef BNWORD32
-#ifndef ULONG_MAX /* No <limits.h> available - guess */
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-#elif ULONG_MAX == 0xfffffffful
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-#elif UINT_MAX == 0xffffffff
-typedef unsigned bnword32;
-#define BNWORD32 bnword32
-#elif USHRT_MAX == 0xffffffff
-typedef unsigned short bnword32;
-#define BNWORD32 bnword32
-#endif
-#endif /* BNWORD16 */
-
-/*
- * Find a 64-bit unsigned type.
- * The conditions here are more complicated to avoid using numbers that
- * will choke lesser preprocessors (like 0xffffffffffffffff) unless
- * we're reasonably certain that they'll be acceptable.
- */
-#if !defined(BNWORD64) && ULONG_MAX > 0xfffffffful
-#if ULONG_MAX == 0xffffffffffffffff
-typedef unsigned long bnword64;
-#define BNWORD64 bnword64
-#endif
-#endif
-
-/*
- * I would test the value of unsigned long long, but some *preprocessors*
- * don't constants that long even if the compiler can accept them, so it
- * doesn't work reliably. So cross our fingers and hope that it's a 64-bit
- * type.
- *
- * GCC uses ULONG_LONG_MAX. Solaris uses ULLONG_MAX. IRIX uses ULONGLONG_MAX.
- * Are there any other names for this?
- */
-#if !defined(BNWORD64) && \
- (defined(ULONG_LONG_MAX) || defined (ULLONG_MAX) || defined(ULONGLONG_MAX))
-typedef unsigned long long bnword64;
-#define BNWORD64 bnword64
-#else
-typedef unsigned long long bnword64;
-#define BNWORD64 bnword64
-#endif
-
-/* We don't even try to find a 128-bit type at the moment */
-
-#endif /* !LBN_H */
+++ /dev/null
-/*
- * lbn16.c - Low-level bignum routines, 16-bit version.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- *
- * NOTE: the magic constants "16" and "32" appear in many places in this
- * file, including inside identifiers. Because it is not possible to
- * ask "#ifdef" of a macro expansion, it is not possible to use the
- * preprocessor to conditionalize these properly. Thus, this file is
- * intended to be edited with textual search and replace to produce
- * alternate word size versions. Any reference to the number of bits
- * in a word must be the string "16", and that string must not appear
- * otherwise. Any reference to twice this number must appear as "32",
- * which likewise must not appear otherwise. Is that clear?
- *
- * Remember, when doubling the bit size replace the larger number (32)
- * first, then the smaller (16). When halving the bit size, do the
- * opposite. Otherwise, things will get wierd. Also, be sure to replace
- * every instance that appears. (:%s/foo/bar/g in vi)
- *
- * These routines work with a pointer to the least-significant end of
- * an array of WORD16s. The BIG(x), LITTLE(y) and BIGLTTLE(x,y) macros
- * defined in lbn.h (which expand to x on a big-edian machine and y on a
- * little-endian machine) are used to conditionalize the code to work
- * either way. If you have no assembly primitives, it doesn't matter.
- * Note that on a big-endian machine, the least-significant-end pointer
- * is ONE PAST THE END. The bytes are ptr[-1] through ptr[-len].
- * On little-endian, they are ptr[0] through ptr[len-1]. This makes
- * perfect sense if you consider pointers to point *between* bytes rather
- * than at them.
- *
- * Because the array index values are unsigned integers, ptr[-i]
- * may not work properly, since the index -i is evaluated as an unsigned,
- * and if pointers are wider, zero-extension will produce a positive
- * number rahter than the needed negative. The expression used in this
- * code, *(ptr-i) will, however, work. (The array syntax is equivalent
- * to *(ptr+-i), which is a pretty subtle difference.)
- *
- * Many of these routines will get very unhappy if fed zero-length inputs.
- * They use assert() to enforce this. An higher layer of code must make
- * sure that these aren't called with zero-length inputs.
- *
- * Any of these routines can be replaced with more efficient versions
- * elsewhere, by just #defining their names. If one of the names
- * is #defined, the C code is not compiled in and no declaration is
- * made. Use the BNINCLUDE file to do that. Typically, you compile
- * asm subroutines with the same name and just, e.g.
- * #define lbnMulAdd1_16 lbnMulAdd1_16
- *
- * If you want to write asm routines, start with lbnMulAdd1_16().
- * This is the workhorse of modular exponentiation. lbnMulN1_16() is
- * also used a fair bit, although not as much and it's defined in terms
- * of lbnMulAdd1_16 if that has a custom version. lbnMulSub1_16 and
- * lbnDiv21_16 are used in the usual division and remainder finding.
- * (Not the Montgomery reduction used in modular exponentiation, though.)
- * Once you have lbnMulAdd1_16 defined, writing the other two should
- * be pretty easy. (Just make sure you get the sign of the subtraction
- * in lbnMulSub1_16 right - it's dest = dest - source * k.)
- *
- * The only definitions that absolutely need a double-word (BNWORD32)
- * type are lbnMulAdd1_16 and lbnMulSub1_16; if those are provided,
- * the rest follows. lbnDiv21_16, however, is a lot slower unless you
- * have them, and lbnModQ_16 takes after it. That one is used quite a
- * bit for prime sieving.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "lbn.h"
-#include "lbn16.h"
-#include "lbnmem.h"
-
-#include "kludge.h"
-
-#ifndef BNWORD16
-#error 16-bit bignum library requires a 16-bit data type
-#endif
-
-/* If this is defined, include bnYield() calls */
-#if BNYIELD
-extern int (*bnYield)(void); /* From bn.c */
-#endif
-
-/*
- * Most of the multiply (and Montgomery reduce) routines use an outer
- * loop that iterates over one of the operands - a so-called operand
- * scanning approach. One big advantage of this is that the assembly
- * support routines are simpler. The loops can be rearranged to have
- * an outer loop that iterates over the product, a so-called product
- * scanning approach. This has the advantage of writing less data
- * and doing fewer adds to memory, so is supposedly faster. Some
- * code has been written using a product-scanning approach, but
- * it appears to be slower, so it is turned off by default. Some
- * experimentation would be appreciated.
- *
- * (The code is also annoying to get right and not very well commented,
- * one of my pet peeves about math libraries. I'm sorry.)
- */
-#ifndef PRODUCT_SCAN
-#define PRODUCT_SCAN 0
-#endif
-
-/*
- * Copy an array of words. <Marvin mode on> Thrilling, isn't it? </Marvin>
- * This is a good example of how the byte offsets and BIGLITTLE() macros work.
- * Another alternative would have been
- * memcpy(dest BIG(-len), src BIG(-len), len*sizeof(BNWORD16)), but I find that
- * putting operators into conditional macros is confusing.
- */
-#ifndef lbnCopy_16
-void
-lbnCopy_16(BNWORD16 *dest, BNWORD16 const *src, unsigned len)
-{
- memcpy(BIGLITTLE(dest-len,dest), BIGLITTLE(src-len,src),
- len * sizeof(*src));
-}
-#endif /* !lbnCopy_16 */
-
-/*
- * Fill n words with zero. This does it manually rather than calling
- * memset because it can assume alignment to make things faster while
- * memset can't. Note how big-endian numbers are naturally addressed
- * using predecrement, while little-endian is postincrement.
- */
-#ifndef lbnZero_16
-void
-lbnZero_16(BNWORD16 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = 0;
-}
-#endif /* !lbnZero_16 */
-
-/*
- * Negate an array of words.
- * Negation is subtraction from zero. Negating low-order words
- * entails doing nothing until a non-zero word is hit. Once that
- * is negated, a borrow is generated and never dies until the end
- * of the number is hit. Negation with borrow, -x-1, is the same as ~x.
- * Repeat that until the end of the number.
- *
- * Doesn't return borrow out because that's pretty useless - it's
- * always set unless the input is 0, which is easy to notice in
- * normalized form.
- */
-#ifndef lbnNeg_16
-void
-lbnNeg_16(BNWORD16 *num, unsigned len)
-{
- assert(len);
-
- /* Skip low-order zero words */
- while (BIGLITTLE(*--num,*num) == 0) {
- if (!--len)
- return;
- LITTLE(num++;)
- }
- /* Negate the lowest-order non-zero word */
- *num = -*num;
- /* Complement all the higher-order words */
- while (--len) {
- BIGLITTLE(--num,++num);
- *num = ~*num;
- }
-}
-#endif /* !lbnNeg_16 */
-
-
-/*
- * lbnAdd1_16: add the single-word "carry" to the given number.
- * Used for minor increments and propagating the carry after
- * adding in a shorter bignum.
- *
- * Technique: If we have a double-width word, presumably the compiler
- * can add using its carry in inline code, so we just use a larger
- * accumulator to compute the carry from the first addition.
- * If not, it's more complex. After adding the first carry, which may
- * be > 1, compare the sum and the carry. If the sum wraps (causing a
- * carry out from the addition), the result will be less than each of the
- * inputs, since the wrap subtracts a number (2^16) which is larger than
- * the other input can possibly be. If the sum is >= the carry input,
- * return success immediately.
- * In either case, if there is a carry, enter a loop incrementing words
- * until one does not wrap. Since we are adding 1 each time, the wrap
- * will be to 0 and we can test for equality.
- */
-#ifndef lbnAdd1_16 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD32
-BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- BNWORD32 t;
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- t = (BNWORD32)BIGLITTLE(*--num,*num) + carry;
- BIGLITTLE(*num,*num++) = (BNWORD16)t;
- if ((t >> 16) == 0)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- if ((BIGLITTLE(*--num,*num++) += carry) >= carry)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif/* !lbnAdd1_16 */
-
-/*
- * lbnSub1_16: subtract the single-word "borrow" from the given number.
- * Used for minor decrements and propagating the borrow after
- * subtracting a shorter bignum.
- *
- * Technique: Similar to the add, above. If there is a double-length type,
- * use that to generate the first borrow.
- * If not, after subtracting the first borrow, which may be > 1, compare
- * the difference and the *negative* of the carry. If the subtract wraps
- * (causing a borrow out from the subtraction), the result will be at least
- * as large as -borrow. If the result < -borrow, then no borrow out has
- * appeared and we may return immediately, except when borrow == 0. To
- * deal with that case, use the identity that -x = ~x+1, and instead of
- * comparing < -borrow, compare for <= ~borrow.
- * Either way, if there is a borrow out, enter a loop decrementing words
- * until a non-zero word is reached.
- *
- * Note the cast of ~borrow to (BNWORD16). If the size of an int is larger
- * than BNWORD16, C rules say the number is expanded for the arithmetic, so
- * the inversion will be done on an int and the value won't be quite what
- * is expected.
- */
-#ifndef lbnSub1_16 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD32
-BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- BNWORD32 t;
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- t = (BNWORD32)BIGLITTLE(*--num,*num) - borrow;
- BIGLITTLE(*num,*num++) = (BNWORD16)t;
- if ((t >> 16) == 0)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- if ((BIGLITTLE(*--num,*num++) -= borrow) <= (BNWORD16)~borrow)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif /* !lbnSub1_16 */
-
-/*
- * lbnAddN_16: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with lbnAdd1, of adding two bignums of
- * differing lengths.
- *
- * Technique: Maintain a word of carry. If there is no double-width type,
- * use the same technique as in lbnAdd1, above, to maintain the carry by
- * comparing the inputs. Adding the carry sources is used as an OR operator;
- * at most one of the two comparisons can possibly be true. The first can
- * only be true if carry == 1 and x, the result, is 0. In that case the
- * second can't possibly be true.
- */
-#ifndef lbnAddN_16
-#ifdef BNWORD32
-BNWORD16
-lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD32 t;
-
- assert(len > 0);
-
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) + BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- while (--len) {
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) +
- (BNWORD32)BIGLITTLE(*--num2,*num2++) + (t >> 16);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- }
-
- return (BNWORD16)(t>>16);
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD16 x, carry = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- carry = (x += carry) < carry;
- carry += (BIGLITTLE(*--num1,*num1++) += x) < x;
- } while (--len);
-
- return carry;
-}
-#endif
-#endif /* !lbnAddN_16 */
-
-/*
- * lbnSubN_16: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with subn1, of subtracting two bignums of
- * differing lengths.
- *
- * Technique: If no double-width type is availble, maintain a word of borrow.
- * First, add the borrow to the subtrahend (did you have to learn all those
- * awful words in elementary school, too?), and if it overflows, set the
- * borrow again. Then subtract the modified subtrahend from the next word
- * of input, using the same technique as in subn1, above.
- * Adding the borrows is used as an OR operator; at most one of the two
- * comparisons can possibly be true. The first can only be true if
- * borrow == 1 and x, the result, is 0. In that case the second can't
- * possibly be true.
- *
- * In the double-word case, (BNWORD16)-(t>>16) is subtracted, rather than
- * adding t>>16, because the shift would need to sign-extend and that's
- * not guaranteed to happen in ANSI C, even with signed types.
- */
-#ifndef lbnSubN_16
-#ifdef BNWORD32
-BNWORD16
-lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD32 t;
-
- assert(len > 0);
-
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) - BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
-
- while (--len) {
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) -
- (BNWORD32)BIGLITTLE(*--num2,*num2++) - (BNWORD16)-(t >> 16);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- }
-
- return -(BNWORD16)(t>>16);
-}
-#else
-BNWORD16
-lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD16 x, borrow = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- borrow = (x += borrow) < borrow;
- borrow += (BIGLITTLE(*--num1,*num1++) -= x) > (BNWORD16)~x;
- } while (--len);
-
- return borrow;
-}
-#endif
-#endif /* !lbnSubN_16 */
-
-#ifndef lbnCmp_16
-/*
- * lbnCmp_16: compare two bignums of equal length, returning the sign of
- * num1 - num2. (-1, 0 or +1).
- *
- * Technique: Change the little-endian pointers to big-endian pointers
- * and compare from the most-significant end until a difference if found.
- * When it is, figure out the sign of the difference and return it.
- */
-int
-lbnCmp_16(BNWORD16 const *num1, BNWORD16 const *num2, unsigned len)
-{
- BIGLITTLE(num1 -= len, num1 += len);
- BIGLITTLE(num2 -= len, num2 += len);
-
- while (len--) {
- if (BIGLITTLE(*num1++ != *num2++, *--num1 != *--num2)) {
- if (BIGLITTLE(num1[-1] < num2[-1], *num1 < *num2))
- return -1;
- else
- return 1;
- }
- }
- return 0;
-}
-#endif /* !lbnCmp_16 */
-
-/*
- * mul16_ppmmaa(ph,pl,x,y,a,b) is an optional routine that
- * computes (ph,pl) = x * y + a + b. mul16_ppmma and mul16_ppmm
- * are simpler versions. If you want to be lazy, all of these
- * can be defined in terms of the others, so here we create any
- * that have not been defined in terms of the ones that have been.
- */
-
-/* Define ones with fewer a's in terms of ones with more a's */
-#if !defined(mul16_ppmma) && defined(mul16_ppmmaa)
-#define mul16_ppmma(ph,pl,x,y,a) mul16_ppmmaa(ph,pl,x,y,a,0)
-#endif
-
-#if !defined(mul16_ppmm) && defined(mul16_ppmma)
-#define mul16_ppmm(ph,pl,x,y) mul16_ppmma(ph,pl,x,y,0)
-#endif
-
-/*
- * Use this definition to test the mul16_ppmm-based operations on machines
- * that do not provide mul16_ppmm. Change the final "0" to a "1" to
- * enable it.
- */
-#if !defined(mul16_ppmm) && defined(BNWORD32) && 0 /* Debugging */
-#define mul16_ppmm(ph,pl,x,y) \
- ({BNWORD32 _ = (BNWORD32)(x)*(y); (pl) = _; (ph) = _>>16;})
-#endif
-
-#if defined(mul16_ppmm) && !defined(mul16_ppmma)
-#define mul16_ppmma(ph,pl,x,y,a) \
- (mul16_ppmm(ph,pl,x,y), (ph) += ((pl) += (a)) < (a))
-#endif
-
-#if defined(mul16_ppmma) && !defined(mul16_ppmmaa)
-#define mul16_ppmmaa(ph,pl,x,y,a,b) \
- (mul16_ppmma(ph,pl,x,y,a), (ph) += ((pl) += (b)) < (b))
-#endif
-
-/*
- * lbnMulN1_16: Multiply an n-word input by a 1-word input and store the
- * n+1-word product. This uses either the mul16_ppmm and mul16_ppmma
- * macros, or C multiplication with the BNWORD32 type. This uses mul16_ppmma
- * if available, assuming you won't bother defining it unless you can do
- * better than the normal multiplication.
- */
-#ifndef lbnMulN1_16
-#ifdef lbnMulAdd1_16 /* If we have this asm primitive, use it. */
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- lbnZero_16(out, len);
- BIGLITTLE(*(out-len),*(out+len)) = lbnMulAdd1_16(out, in, len, k);
-}
-#elif defined(mul16_ppmm)
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- mul16_ppmm(carry, *out, *in, k);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;)
- carryin = carry;
- mul16_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
- }
- BIGLITTLE(*--out,*out) = carry;
-}
-#elif defined(BNWORD32)
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k;
- BIGLITTLE(*--out,*out++) = (BNWORD16)p;
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + (BNWORD16)(p >> 16);
- BIGLITTLE(*--out,*out++) = (BNWORD16)p;
- }
- BIGLITTLE(*--out,*out) = (BNWORD16)(p >> 16);
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* lbnMulN1_16 */
-
-/*
- * lbnMulAdd1_16: Multiply an n-word input by a 1-word input and add the
- * low n words of the product to the destination. *Returns the n+1st word
- * of the product.* (That turns out to be more convenient than adding
- * it into the destination and dealing with a possible unit carry out
- * of *that*.) This uses either the mul16_ppmma and mul16_ppmmaa macros,
- * or C multiplication with the BNWORD32 type.
- *
- * If you're going to write assembly primitives, this is the one to
- * start with. It is by far the most commonly called function.
- */
-#ifndef lbnMulAdd1_16
-#if defined(mul16_ppmm)
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- carryin = *out;
- mul16_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;);
- carryin = carry;
- mul16_ppmmaa(carry, prod, *in, k, carryin, *out);
- *out = prod;
- LITTLE(out++;in++;)
- }
-
- return carry;
-}
-#elif defined(BNWORD32)
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD16)p;
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k +
- (BNWORD16)(p >> 16) + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD16)p;
- }
-
- return (BNWORD16)(p >> 16);
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* lbnMulAdd1_16 */
-
-/*
- * lbnMulSub1_16: Multiply an n-word input by a 1-word input and subtract the
- * n-word product from the destination. Returns the n+1st word of the product.
- * This uses either the mul16_ppmm and mul16_ppmma macros, or
- * C multiplication with the BNWORD32 type.
- *
- * This is rather uglier than adding, but fortunately it's only used in
- * division which is not used too heavily.
- */
-#ifndef lbnMulSub1_16
-#if defined(mul16_ppmm)
-BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--in;)
- mul16_ppmm(carry, prod, *in, k);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD16)~prod;
-
- while (--len) {
- BIG(--in;);
- carryin = carry;
- mul16_ppmma(carry, prod, *in, k, carryin);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD16)~prod;
- }
-
- return carry;
-}
-#elif defined(BNWORD32)
-BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
- BNWORD16 carry, t;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD16)(p>>16) + ((BIGLITTLE(*out,*out++)=t-(BNWORD16)p) > t);
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + carry;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD16)(p>>16) +
- ( (BIGLITTLE(*out,*out++)=t-(BNWORD16)p) > t );
- }
-
- return carry;
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* !lbnMulSub1_16 */
-
-/*
- * Shift n words left "shift" bits. 0 < shift < 16. Returns the
- * carry, any bits shifted off the left-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnLshift_16
-BNWORD16
-lbnLshift_16(BNWORD16 *num, unsigned len, unsigned shift)
-{
- BNWORD16 x, carry;
-
- assert(shift > 0);
- assert(shift < 16);
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<shift) | carry;
- LITTLE(num++;)
- carry = x >> (16-shift);
- }
- return carry;
-}
-#endif /* !lbnLshift_16 */
-
-/*
- * An optimized version of the above, for shifts of 1.
- * Some machines can use add-with-carry tricks for this.
- */
-#ifndef lbnDouble_16
-BNWORD16
-lbnDouble_16(BNWORD16 *num, unsigned len)
-{
- BNWORD16 x, carry;
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<1) | carry;
- LITTLE(num++;)
- carry = x >> (16-1);
- }
- return carry;
-}
-#endif /* !lbnDouble_16 */
-
-/*
- * Shift n words right "shift" bits. 0 < shift < 16. Returns the
- * carry, any bits shifted off the right-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnRshift_16
-BNWORD16
-lbnRshift_16(BNWORD16 *num, unsigned len, unsigned shift)
-{
- BNWORD16 x, carry = 0;
-
- assert(shift > 0);
- assert(shift < 16);
-
- BIGLITTLE(num -= len, num += len);
-
- while (len--) {
- LITTLE(--num;)
- x = *num;
- *num = (x>>shift) | carry;
- BIG(num++;)
- carry = x << (16-shift);
- }
- return carry >> (16-shift);
-}
-#endif /* !lbnRshift_16 */
-
-/*
- * Multiply two numbers of the given lengths. prod and num2 may overlap,
- * provided that the low len1 bits of prod are free. (This corresponds
- * nicely to the place the result is returned from lbnMontReduce_16.)
- *
- * TODO: Use Karatsuba multiply. The overlap constraints may have
- * to get rewhacked.
- */
-#ifndef lbnMul_16
-void
-lbnMul_16(BNWORD16 *prod, BNWORD16 const *num1, unsigned len1,
- BNWORD16 const *num2, unsigned len2)
-{
- /* Special case of zero */
- if (!len1 || !len2) {
- lbnZero_16(prod, len1+len2);
- return;
- }
-
- /* Multiply first word */
- lbnMulN1_16(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
-
- /*
- * Add in subsequent words, storing the most significant word,
- * which is new each time.
- */
- while (--len2) {
- BIGLITTLE(--prod,prod++);
- BIGLITTLE(*(prod-len1-1),*(prod+len1)) =
- lbnMulAdd1_16(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
- }
-}
-#endif /* !lbnMul_16 */
-
-/*
- * lbnMulX_16 is a square multiply - both inputs are the same length.
- * It's normally just a macro wrapper around the general multiply,
- * but might be implementable in assembly more efficiently (such as
- * when product scanning).
- */
-#ifndef lbnMulX_16
-#if defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code to see whether product scanning is any faster. It seems
- * to make the C code slower, so PRODUCT_SCAN is not defined.
- */
-static void
-lbnMulX_16(BNWORD16 *prod, BNWORD16 const *num1, BNWORD16 const *num2,
- unsigned len)
-{
- BNWORD32 x, y;
- BNWORD16 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- x = (BNWORD32)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD16)x;
- x >>= 16;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- for (j = 0; j <= i; j++) {
- BIG(y = (BNWORD32)*--p1 * *p2++;)
- LITTLE(y = (BNWORD32)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- for (j = i; j < len; j++) {
- BIG(y = (BNWORD32)*--p1 * *p2++;)
- LITTLE(y = (BNWORD32)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- BIGLITTLE(*--prod,*prod) = (BNWORD16)x;
-}
-#else /* !defined(BNWORD32) || !PRODUCT_SCAN */
-/* Default trivial macro definition */
-#define lbnMulX_16(prod, num1, num2, len) lbnMul_16(prod, num1, len, num2, len)
-#endif /* !defined(BNWORD32) || !PRODUCT_SCAN */
-#endif /* !lbmMulX_16 */
-
-#if !defined(lbnMontMul_16) && defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code for product-scanning multiply. This seems to slow the C
- * code down rather than speed it up.
- * This does a multiply and Montgomery reduction together, using the
- * same loops. The outer loop scans across the product, twice.
- * The first pass computes the low half of the product and the
- * Montgomery multipliers. These are stored in the product array,
- * which contains no data as of yet. x and carry add up the columns
- * and propagate carries forward.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-static void
-lbnMontMul_16(BNWORD16 *prod, BNWORD16 const *num1, BNWORD16 const *num2,
- BNWORD16 const *mod, unsigned len, BNWORD16 inv)
-{
- BNWORD32 x, y;
- BNWORD16 const *p1, *p2, *pm;
- BNWORD16 *pp;
- BNWORD16 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /*
- * This computes directly into the high half of prod, so just
- * shift the pointer and consider prod only "len" elements long
- * for the rest of the code.
- */
- BIGLITTLE(prod -= len, prod += len);
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- x = (BNWORD32)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(prod[-1], prod[0]) = t = inv * (BNWORD16)x;
- y = (BNWORD32)t * BIGLITTLE(mod[-1],mod[0]);
- x += y;
- /* Note: GCC 2.6.3 has a bug if you try to eliminate "carry" */
- carry = (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- pp = prod;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD32)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD32)BIGLITTLE(*--pp * *pm++, *pp++ * *--pm);
- x += y;
- carry += (x < y);
- }
- y = (BNWORD32)BIGLITTLE(p1[-1] * p2[0], p1[0] * p2[-1]);
- x += y;
- carry += (x < y);
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[-1], pp[0]) = t = inv * (BNWORD16)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD32)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
- }
-
- /* Pass 2 - compute reduced product and store */
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- pm = BIGLITTLE(mod-i,mod+i);
- pp = BIGLITTLE(prod-len,prod+len);
- for (j = i; j < len; j++) {
- y = (BNWORD32)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD32)BIGLITTLE(*--pm * *pp++, *pm++ * *--pp);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-len, pm == mod+len));
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[0],pp[-1]) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Last round of second half, simplified. */
- BIGLITTLE(*(prod-len),*(prod+len-1)) = (BNWORD16)x;
- carry = (x >> 16);
-
- while (carry)
- carry -= lbnSubN_16(prod, mod, len);
- while (lbnCmp_16(prod, mod, len) >= 0)
- (void)lbnSubN_16(prod, mod, len);
-}
-/* Suppress later definition */
-#define lbnMontMul_16 lbnMontMul_16
-#endif
-
-#if !defined(lbnSquare_16) && defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Trial code for product-scanning squaring. This seems to slow the C
- * code down rather than speed it up.
- */
-void
-lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len)
-{
- BNWORD32 x, y, z;
- BNWORD16 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /* Word 0 of product */
- x = (BNWORD32)BIGLITTLE(num[-1] * num[-1], num[0] * num[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD16)x;
- x >>= 16;
-
- /* Words 1 through len-1 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = num;
- p2 = BIGLITTLE(num-i-1,num+i+1);
- for (j = 0; j < (i+1)/2; j++) {
- BIG(z = (BNWORD32)*--p1 * *p2++;)
- LITTLE(z = (BNWORD32)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((i & 1) == 0) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD32)*p2 * *p2;)
- LITTLE(z = (BNWORD32)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
- /* Words len through 2*len-2 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = BIGLITTLE(num-i,num+i);
- p2 = BIGLITTLE(num-len,num+len);
- for (j = 0; j < (len-i)/2; j++) {
- BIG(z = (BNWORD32)*--p1 * *p2++;)
- LITTLE(z = (BNWORD32)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((len-i) & 1) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD32)*p2 * *p2;)
- LITTLE(z = (BNWORD32)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Word 2*len-1 */
- BIGLITTLE(*--prod,*prod) = (BNWORD16)x;
-}
-/* Suppress later definition */
-#define lbnSquare_16 lbnSquare_16
-#endif
-
-/*
- * Square a number, using optimized squaring to reduce the number of
- * primitive multiples that are executed. There may not be any
- * overlap of the input and output.
- *
- * Technique: Consider the partial products in the multiplication
- * of "abcde" by itself:
- *
- * a b c d e
- * * a b c d e
- * ==================
- * ae be ce de ee
- * ad bd cd dd de
- * ac bc cc cd ce
- * ab bb bc bd be
- * aa ab ac ad ae
- *
- * Note that everything above the main diagonal:
- * ae be ce de = (abcd) * e
- * ad bd cd = (abc) * d
- * ac bc = (ab) * c
- * ab = (a) * b
- *
- * is a copy of everything below the main diagonal:
- * de
- * cd ce
- * bc bd be
- * ab ac ad ae
- *
- * Thus, the sum is 2 * (off the diagonal) + diagonal.
- *
- * This is accumulated beginning with the diagonal (which
- * consist of the squares of the digits of the input), which is then
- * divided by two, the off-diagonal added, and multiplied by two
- * again. The low bit is simply a copy of the low bit of the
- * input, so it doesn't need special care.
- *
- * TODO: Merge the shift by 1 with the squaring loop.
- * TODO: Use Karatsuba. (a*W+b)^2 = a^2 * (W^2+W) + b^2 * (W+1) - (a-b)^2 * W.
- */
-#ifndef lbnSquare_16
-void
-lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len)
-{
- BNWORD16 t;
- BNWORD16 *prodx = prod; /* Working copy of the argument */
- BNWORD16 const *numx = num; /* Working copy of the argument */
- unsigned lenx = len; /* Working copy of the argument */
-
- if (!len)
- return;
-
- /* First, store all the squares */
- while (lenx--) {
-#ifdef mul16_ppmm
- BNWORD16 ph, pl;
- t = BIGLITTLE(*--numx,*numx++);
- mul16_ppmm(ph,pl,t,t);
- BIGLITTLE(*--prodx,*prodx++) = pl;
- BIGLITTLE(*--prodx,*prodx++) = ph;
-#elif defined(BNWORD32) /* use BNWORD32 */
- BNWORD32 p;
- t = BIGLITTLE(*--numx,*numx++);
- p = (BNWORD32)t * t;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD16)p;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD16)(p>>16);
-#else /* Use lbnMulN1_16 */
- t = BIGLITTLE(numx[-1],*numx);
- lbnMulN1_16(prodx, numx, 1, t);
- BIGLITTLE(--numx,numx++);
- BIGLITTLE(prodx -= 2, prodx += 2);
-#endif
- }
- /* Then, shift right 1 bit */
- (void)lbnRshift_16(prod, 2*len, 1);
-
- /* Then, add in the off-diagonal sums */
- lenx = len;
- numx = num;
- prodx = prod;
- while (--lenx) {
- t = BIGLITTLE(*--numx,*numx++);
- BIGLITTLE(--prodx,prodx++);
- t = lbnMulAdd1_16(prodx, numx, lenx, t);
- lbnAdd1_16(BIGLITTLE(prodx-lenx,prodx+lenx), lenx+1, t);
- BIGLITTLE(--prodx,prodx++);
- }
-
- /* Shift it back up */
- lbnDouble_16(prod, 2*len);
-
- /* And set the low bit appropriately */
- BIGLITTLE(prod[-1],prod[0]) |= BIGLITTLE(num[-1],num[0]) & 1;
-}
-#endif /* !lbnSquare_16 */
-
-/*
- * lbnNorm_16 - given a number, return a modified length such that the
- * most significant digit is non-zero. Zero-length input is okay.
- */
-#ifndef lbnNorm_16
-unsigned
-lbnNorm_16(BNWORD16 const *num, unsigned len)
-{
- BIGLITTLE(num -= len,num += len);
- while (len && BIGLITTLE(*num++,*--num) == 0)
- --len;
- return len;
-}
-#endif /* lbnNorm_16 */
-
-/*
- * lbnBits_16 - return the number of significant bits in the array.
- * It starts by normalizing the array. Zero-length input is okay.
- * Then assuming there's anything to it, it fetches the high word,
- * generates a bit length by multiplying the word length by 16, and
- * subtracts off 16/2, 16/4, 16/8, ... bits if the high bits are clear.
- */
-#ifndef lbnBits_16
-unsigned
-lbnBits_16(BNWORD16 const *num, unsigned len)
-{
- BNWORD16 t;
- unsigned i;
-
- len = lbnNorm_16(num, len);
- if (len) {
- t = BIGLITTLE(*(num-len),*(num+(len-1)));
- assert(t);
- len *= 16;
- i = 16/2;
- do {
- if (t >> i)
- t >>= i;
- else
- len -= i;
- } while ((i /= 2) != 0);
- }
- return len;
-}
-#endif /* lbnBits_16 */
-
-/*
- * If defined, use hand-rolled divide rather than compiler's native.
- * If the machine doesn't do it in line, the manual code is probably
- * faster, since it can assume normalization and the fact that the
- * quotient will fit into 16 bits, which a general 32-bit divide
- * in a compiler's run-time library can't do.
- */
-#ifndef BN_SLOW_DIVIDE_32
-/* Assume that divisors of more than thirty-two bits are slow */
-#define BN_SLOW_DIVIDE_32 (32 > 0x20)
-#endif
-
-/*
- * Return (nh<<16|nl) % d, and place the quotient digit into *q.
- * It is guaranteed that nh < d, and that d is normalized (with its high
- * bit set). If we have a double-width type, it's easy. If not, ooh,
- * yuk!
- */
-#ifndef lbnDiv21_16
-#if defined(BNWORD32) && !BN_SLOW_DIVIDE_32
-BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- BNWORD32 n = (BNWORD32)nh << 16 | nl;
-
- /* Divisor must be normalized */
- assert(d >> (16-1) == 1);
-
- *q = n / d;
- return n % d;
-}
-#else
-/*
- * This is where it gets ugly.
- *
- * Do the division in two halves, using Algorithm D from section 4.3.1
- * of Knuth. Note Theorem B from that section, that the quotient estimate
- * is never more than the true quotient, and is never more than two
- * too low.
- *
- * The mapping onto conventional long division is (everything a half word):
- * _____________qh___ql_
- * dh dl ) nh.h nh.l nl.h nl.l
- * - (qh * d)
- * -----------
- * rrrr rrrr nl.l
- * - (ql * d)
- * -----------
- * rrrr rrrr
- *
- * The implicit 3/2-digit d*qh and d*ql subtractors are computed this way:
- * First, estimate a q digit so that nh/dh works. Subtracting qh*dh from
- * the (nh.h nh.l) list leaves a 1/2-word remainder r. Then compute the
- * low part of the subtractor, qh * dl. This also needs to be subtracted
- * from (nh.h nh.l nl.h) to get the final remainder. So we take the
- * remainder, which is (nh.h nh.l) - qh*dl, shift it and add in nl.h, and
- * try to subtract qh * dl from that. Since the remainder is 1/2-word
- * long, shifting and adding nl.h results in a single word r.
- * It is possible that the remainder we're working with, r, is less than
- * the product qh * dl, if we estimated qh too high. The estimation
- * technique can produce a qh that is too large (never too small), leading
- * to r which is too small. In that case, decrement the digit qh, add
- * shifted dh to r (to correct for that error), and subtract dl from the
- * product we're comparing r with. That's the "correct" way to do it, but
- * just adding dl to r instead of subtracting it from the product is
- * equivalent and a lot simpler. You just have to watch out for overflow.
- *
- * The process is repeated with (rrrr rrrr nl.l) for the low digit of the
- * quotient ql.
- *
- * The various uses of 16/2 for shifts are because of the note about
- * automatic editing of this file at the very top of the file.
- */
-#define highhalf(x) ( (x) >> 16/2 )
-#define lowhalf(x) ( (x) & (((BNWORD16)1 << 16/2)-1) )
-BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- BNWORD16 dh = highhalf(d), dl = lowhalf(d);
- BNWORD16 qh, ql, prod, r;
-
- /* Divisor must be normalized */
- assert((d >> (16-1)) == 1);
-
- /* Do first half-word of division */
- qh = nh / dh;
- r = nh % dh;
- prod = qh * dl;
-
- /*
- * Add next half-word of numerator to remainder and correct.
- * qh may be up to two too large.
- */
- r = (r << (16/2)) | highhalf(nl);
- if (r < prod) {
- --qh; r += d;
- if (r >= d && r < prod) {
- --qh; r += d;
- }
- }
- r -= prod;
-
- /* Do second half-word of division */
- ql = r / dh;
- r = r % dh;
- prod = ql * dl;
-
- r = (r << (16/2)) | lowhalf(nl);
- if (r < prod) {
- --ql; r += d;
- if (r >= d && r < prod) {
- --ql; r += d;
- }
- }
- r -= prod;
-
- *q = (qh << (16/2)) | ql;
-
- return r;
-}
-#endif
-#endif /* lbnDiv21_16 */
-
-
-/*
- * In the division functions, the dividend and divisor are referred to
- * as "n" and "d", which stand for "numerator" and "denominator".
- *
- * The quotient is (nlen-dlen+1) digits long. It may be overlapped with
- * the high (nlen-dlen) words of the dividend, but one extra word is needed
- * on top to hold the top word.
- */
-
-/*
- * Divide an n-word number by a 1-word number, storing the remainder
- * and n-1 words of the n-word quotient. The high word is returned.
- * It IS legal for rem to point to the same address as n, and for
- * q to point one word higher.
- *
- * TODO: If BN_SLOW_DIVIDE_32, add a divnhalf_16 which uses 16-bit
- * dividends if the divisor is half that long.
- * TODO: Shift the dividend on the fly to avoid the last division and
- * instead have a remainder that needs shifting.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef lbnDiv1_16
-BNWORD16
-lbnDiv1_16(BNWORD16 *q, BNWORD16 *rem, BNWORD16 const *n, unsigned len,
- BNWORD16 d)
-{
- unsigned shift;
- unsigned xlen;
- BNWORD16 r;
- BNWORD16 qhigh;
-
- assert(len > 0);
- assert(d);
-
- if (len == 1) {
- r = *n;
- *rem = r%d;
- return r/d;
- }
-
- shift = 0;
- r = d;
- xlen = 16/2;
- do {
- if (r >> xlen)
- r >>= xlen;
- else
- shift += xlen;
- } while ((xlen /= 2) != 0);
- assert((d >> (16-1-shift)) == 1);
- d <<= shift;
-
- BIGLITTLE(q -= len-1,q += len-1);
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r < d) {
- qhigh = 0;
- } else {
- qhigh = r/d;
- r %= d;
- }
-
- xlen = len;
- while (--xlen)
- r = lbnDiv21_16(BIGLITTLE(q++,--q), r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift) {
- d >>= shift;
- qhigh = (qhigh << shift) | lbnLshift_16(q, len-1, shift);
- BIGLITTLE(q[-1],*q) |= r/d;
- r %= d;
- }
- *rem = r;
-
- return qhigh;
-}
-#endif
-
-/*
- * This function performs a "quick" modulus of a number with a divisor
- * d which is guaranteed to be at most sixteen bits, i.e. less than 65536.
- * This applies regardless of the word size the library is compiled with.
- *
- * This function is important to prime generation, for sieving.
- */
-#ifndef lbnModQ_16
-/* If there's a custom lbnMod21_16, no normalization needed */
-#ifdef lbnMod21_16
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD16 r;
-
- assert(len > 0);
-
- BIGLITTLE(n -= len,n += len);
-
- /* Try using a compare to avoid the first divide */
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
- while (--len)
- r = lbnMod21_16(r, BIGLITTLE(*n++,*--n), d);
-
- return r;
-}
-#elif defined(BNWORD32) && !BN_SLOW_DIVIDE_32
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- BNWORD16 r;
-
- if (!--len)
- return BIGLITTLE(n[-1],n[0]) % d;
-
- BIGLITTLE(n -= len,n += len);
- r = BIGLITTLE(n[-1],n[0]);
-
- do {
- r = (BNWORD16)((((BNWORD32)r<<16) | BIGLITTLE(*n++,*--n)) % d);
- } while (--len);
-
- return r;
-}
-#elif 16 >= 0x20
-/*
- * If the single word size can hold 65535*65536, then this function
- * is avilable.
- */
-#ifndef highhalf
-#define highhalf(x) ( (x) >> 16/2 )
-#define lowhalf(x) ( (x) & ((1 << 16/2)-1) )
-#endif
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- BNWORD16 r, x;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- while (--len) {
- x = BIGLITTLE(*n++,*--n);
- r = (r%d << 16/2) | highhalf(x);
- r = (r%d << 16/2) | lowhalf(x);
- }
-
- return r%d;
-}
-#else
-/* Default case - use lbnDiv21_16 */
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD16 r;
- BNWORD16 q;
-
- assert(len > 0);
-
- shift = 0;
- r = d;
- i = 16;
- while (i /= 2) {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- }
- assert(d >> (16-1-shift) == 1);
- d <<= shift;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
-
- while (--len)
- r = lbnDiv21_16(&q, r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift)
- r %= d >> shift;
-
- return r;
-}
-#endif
-#endif /* lbnModQ_16 */
-
-/*
- * Reduce n mod d and return the quotient. That is, find:
- * q = n / d;
- * n = n % d;
- * d is altered during the execution of this subroutine by normalizing it.
- * It must already have its most significant word non-zero; it is shifted
- * so its most significant bit is non-zero.
- *
- * The quotient q is nlen-dlen+1 words long. To make it possible to
- * overlap the quptient with the input (you can store it in the high dlen
- * words), the high word of the quotient is *not* stored, but is returned.
- * (If all you want is the remainder, you don't care about it, anyway.)
- *
- * This uses algorithm D from Knuth (4.3.1), except that we do binary
- * (shift) normalization of the divisor. WARNING: This is hairy!
- *
- * This function is used for some modular reduction, but it is not used in
- * the modular exponentiation loops; they use Montgomery form and the
- * corresponding, more efficient, Montgomery reduction. This code
- * is needed for the conversion to Montgomery form, however, so it
- * has to be here and it might as well be reasonably efficient.
- *
- * The overall operation is as follows ("top" and "up" refer to the
- * most significant end of the number; "bottom" and "down", the least):
- *
- * - Shift the divisor up until the most significant bit is set.
- * - Shift the dividend up the same amount. This will produce the
- * correct quotient, and the remainder can be recovered by shifting
- * it back down the same number of bits. This may produce an overflow
- * word, but the word is always strictly less than the most significant
- * divisor word.
- * - Estimate the first quotient digit qhat:
- * - First take the top two words (one of which is the overflow) of the
- * dividend and divide by the top word of the divisor:
- * qhat = (nh,nm)/dh. This qhat is >= the correct quotient digit
- * and, since dh is normalized, it is at most two over.
- * - Second, correct by comparing the top three words. If
- * (dh,dl) * qhat > (nh,nm,ml), decrease qhat and try again.
- * The second iteration can be simpler because there can't be a third.
- * The computation can be simplified by subtracting dh*qhat from
- * both sides, suitably shifted. This reduces the left side to
- * dl*qhat. On the right, (nh,nm)-dh*qhat is simply the
- * remainder r from (nh,nm)%dh, so the right is (r,nl).
- * This produces qhat that is almost always correct and at
- * most (prob ~ 2/2^16) one too high.
- * - Subtract qhat times the divisor (suitably shifted) from the dividend.
- * If there is a borrow, qhat was wrong, so decrement it
- * and add the divisor back in (once).
- * - Store the final quotient digit qhat in the quotient array q.
- *
- * Repeat the quotient digit computation for successive digits of the
- * quotient until the whole quotient has been computed. Then shift the
- * divisor and the remainder down to correct for the normalization.
- *
- * TODO: Special case 2-word divisors.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef divn_16
-BNWORD16
-lbnDiv_16(BNWORD16 *q, BNWORD16 *n, unsigned nlen, BNWORD16 *d, unsigned dlen)
-{
- BNWORD16 nh,nm,nl; /* Top three words of the dividend */
- BNWORD16 dh,dl; /* Top two words of the divisor */
- BNWORD16 qhat; /* Extimate of quotient word */
- BNWORD16 r; /* Remainder from quotient estimate division */
- BNWORD16 qhigh; /* High word of quotient */
- unsigned i; /* Temp */
- unsigned shift; /* Bits shifted by normalization */
- unsigned qlen = nlen-dlen; /* Size of quotient (less 1) */
-#ifdef mul16_ppmm
- BNWORD16 t16;
-#elif defined(BNWORD32)
- BNWORD32 t32;
-#else /* use lbnMulN1_16 */
- BNWORD16 t2[2];
-#define t2high BIGLITTLE(t2[0],t2[1])
-#define t2low BIGLITTLE(t2[1],t2[0])
-#endif
-
- assert(dlen);
- assert(nlen >= dlen);
-
- /*
- * Special cases for short divisors. The general case uses the
- * top top 2 digits of the divisor (d) to estimate a quotient digit,
- * so it breaks if there are fewer digits available. Thus, we need
- * special cases for a divisor of length 1. A divisor of length
- * 2 can have a *lot* of administrivia overhead removed removed,
- * so it's probably worth special-casing that case, too.
- */
- if (dlen == 1)
- return lbnDiv1_16(q, BIGLITTLE(n-1,n), n, nlen,
- BIGLITTLE(d[-1],d[0]));
-
-#if 0
- /*
- * @@@ This is not yet written... The general loop will do,
- * albeit less efficiently
- */
- if (dlen == 2) {
- /*
- * divisor two digits long:
- * use the 3/2 technique from Knuth, but we know
- * it's exact.
- */
- dh = BIGLITTLE(d[-1],d[0]);
- dl = BIGLITTLE(d[-2],d[1]);
- shift = 0;
- if ((sh & ((BNWORD16)1 << 16-1-shift)) == 0) {
- do {
- shift++;
- } while (dh & (BNWORD16)1<<16-1-shift) == 0);
- dh = dh << shift | dl >> (16-shift);
- dl <<= shift;
-
-
- }
-
-
- for (shift = 0; (dh & (BNWORD16)1 << 16-1-shift)) == 0; shift++)
- ;
- if (shift) {
- }
- dh = dh << shift | dl >> (16-shift);
- shift = 0;
- while (dh
- }
-#endif
-
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- assert(dh);
-
- /* Normalize the divisor */
- shift = 0;
- r = dh;
- i = 16/2;
- do {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- } while ((i /= 2) != 0);
-
- nh = 0;
- if (shift) {
- lbnLshift_16(d, dlen, shift);
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- nh = lbnLshift_16(n, nlen, shift);
- }
-
- /* Assert that dh is now normalized */
- assert(dh >> (16-1));
-
- /* Also get the second-most significant word of the divisor */
- dl = BIGLITTLE(*(d-(dlen-1)),*(d+(dlen-2)));
-
- /*
- * Adjust pointers: n to point to least significant end of first
- * first subtract, and q to one the most-significant end of the
- * quotient array.
- */
- BIGLITTLE(n -= qlen,n += qlen);
- BIGLITTLE(q -= qlen,q += qlen);
-
- /* Fetch the most significant stored word of the dividend */
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- /*
- * Compute the first digit of the quotient, based on the
- * first two words of the dividend (the most significant of which
- * is the overflow word h).
- */
- if (nh) {
- assert(nh < dh);
- r = lbnDiv21_16(&qhat, nh, nm, dh);
- } else if (nm >= dh) {
- qhat = nm/dh;
- r = nm % dh;
- } else { /* Quotient is zero */
- qhigh = 0;
- goto divloop;
- }
-
- /* Now get the third most significant word of the dividend */
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-
- /*
- * Correct qhat, the estimate of quotient digit.
- * qhat can only be high, and at most two words high,
- * so the loop can be unrolled and abbreviated.
- */
-#ifdef mul16_ppmm
- mul16_ppmm(nm, t16, qhat, dl);
- if (nm > r || (nm == r && t16 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t16 < dl);
- t16 -= dl;
- if (nm > r || (nm == r && t16 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD32)
- t32 = (BNWORD32)qhat * dl;
- if (t32 > ((BNWORD32)r << 16) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) > dh) {
- t32 -= dl;
- if (t32 > ((BNWORD32)r << 16) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_16 */
- lbnMulN1_16(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /* Do the multiply and subtract */
- r = lbnMulSub1_16(n, d, dlen, qhat);
- /* If there was a borrow, add back once. */
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_16(n, d, dlen);
- qhat--;
- }
-
- /* Remember the first quotient digit. */
- qhigh = qhat;
-
- /* Now, the main division loop: */
-divloop:
- while (qlen--) {
-
- /* Advance n */
- nh = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
- BIGLITTLE(++n,--n);
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- if (nh == dh) {
- qhat = ~(BNWORD16)0;
- /* Optimized computation of r = (nh,nm) - qhat * dh */
- r = nh + nm;
- if (r < nh)
- goto subtract;
- } else {
- assert(nh < dh);
- r = lbnDiv21_16(&qhat, nh, nm, dh);
- }
-
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-#ifdef mul16_ppmm
- mul16_ppmm(nm, t16, qhat, dl);
- if (nm > r || (nm == r && t16 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t16 < dl);
- t16 -= dl;
- if (nm > r || (nm == r && t16 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD32)
- t32 = (BNWORD32)qhat * dl;
- if (t32 > ((BNWORD32)r<<16) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t32 -= dl;
- if (t32 > ((BNWORD32)r << 16) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_16 */
- lbnMulN1_16(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /*
- * As a point of interest, note that it is not worth checking
- * for qhat of 0 or 1 and installing special-case code. These
- * occur with probability 2^-16, so spending 1 cycle to check
- * for them is only worth it if we save more than 2^15 cycles,
- * and a multiply-and-subtract for numbers in the 1024-bit
- * range just doesn't take that long.
- */
-subtract:
- /*
- * n points to the least significant end of the substring
- * of n to be subtracted from. qhat is either exact or
- * one too large. If the subtract gets a borrow, it was
- * one too large and the divisor is added back in. It's
- * a dlen+1 word add which is guaranteed to produce a
- * carry out, so it can be done very simply.
- */
- r = lbnMulSub1_16(n, d, dlen, qhat);
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_16(n, d, dlen);
- qhat--;
- }
- /* Store the quotient digit */
- BIGLITTLE(*q++,*--q) = qhat;
- }
- /* Tah dah! */
-
- if (shift) {
- lbnRshift_16(d, dlen, shift);
- lbnRshift_16(n, dlen, shift);
- }
-
- return qhigh;
-}
-#endif
-
-/*
- * Find the negative multiplicative inverse of x (x must be odd!) modulo 2^16.
- *
- * This just performs Newton's iteration until it gets the
- * inverse. The initial estimate is always correct to 3 bits, and
- * sometimes 4. The number of valid bits doubles each iteration.
- * (To prove it, assume x * y == 1 (mod 2^n), and introduce a variable
- * for the error mod 2^2n. x * y == 1 + k*2^n (mod 2^2n) and follow
- * the iteration through.)
- */
-#ifndef lbnMontInv1_16
-BNWORD16
-lbnMontInv1_16(BNWORD16 const x)
-{
- BNWORD16 y = x, z;
-
- assert(x & 1);
-
- while ((z = x*y) != 1)
- y *= 2 - z;
- return -y;
-}
-#endif /* !lbnMontInv1_16 */
-
-#if defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code for product-scanning Montgomery reduction.
- * This seems to slow the C code down rather than speed it up.
- *
- * The first loop computes the Montgomery multipliers, storing them over
- * the low half of the number n.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-void
-lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned mlen, BNWORD16 inv)
-{
- BNWORD32 x, y;
- BNWORD16 const *pm;
- BNWORD16 *pn;
- BNWORD16 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!mlen)
- return;
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- t = BIGLITTLE(n[-1],n[0]);
- x = t;
- t *= inv;
- BIGLITTLE(n[-1], n[0]) = t;
- x += (BNWORD32)t * BIGLITTLE(mod[-1],mod[0]); /* Can't overflow */
- assert((BNWORD16)x == 0);
- x = x >> 16;
-
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pn = n;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD32)BIGLITTLE(*--pn * *pm++, *pn++ * *--pm);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pn == n-i, pn == n+i));
- y = t = BIGLITTLE(pn[-1], pn[0]);
- x += y;
- carry += (x < y);
- BIGLITTLE(pn[-1], pn[0]) = t = inv * (BNWORD16)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD32)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
- }
-
- BIGLITTLE(n -= mlen, n += mlen);
-
- /* Pass 2 - compute upper words and add to n */
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pm = BIGLITTLE(mod-i,mod+i);
- pn = n;
- for (j = i; j < mlen; j++) {
- y = (BNWORD32)BIGLITTLE(*--pm * *pn++, *pm++ * *--pn);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-mlen, pm == mod+mlen));
- assert(BIGLITTLE(pn == n+mlen-i, pn == n-mlen+i));
- y = t = BIGLITTLE(*(n-i),*(n+i-1));
- x += y;
- carry += (x < y);
- BIGLITTLE(*(n-i),*(n+i-1)) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Last round of second half, simplified. */
- t = BIGLITTLE(*(n-mlen),*(n+mlen-1));
- x += t;
- BIGLITTLE(*(n-mlen),*(n+mlen-1)) = (BNWORD16)x;
- carry = (unsigned)(x >> 16);
-
- while (carry)
- carry -= lbnSubN_16(n, mod, mlen);
- while (lbnCmp_16(n, mod, mlen) >= 0)
- (void)lbnSubN_16(n, mod, mlen);
-}
-#define lbnMontReduce_16 lbnMontReduce_16
-#endif
-
-/*
- * Montgomery reduce n, modulo mod. This reduces modulo mod and divides by
- * 2^(16*mlen). Returns the result in the *top* mlen words of the argument n.
- * This is ready for another multiplication using lbnMul_16.
- *
- * Montgomery representation is a very useful way to encode numbers when
- * you're doing lots of modular reduction. What you do is pick a multiplier
- * R which is relatively prime to the modulus and very easy to divide by.
- * Since the modulus is odd, R is closen as a power of 2, so the division
- * is a shift. In fact, it's a shift of an integral number of words,
- * so the shift can be implicit - just drop the low-order words.
- *
- * Now, choose R *larger* than the modulus m, 2^(16*mlen). Then convert
- * all numbers a, b, etc. to Montgomery form M(a), M(b), etc using the
- * relationship M(a) = a*R mod m, M(b) = b*R mod m, etc. Note that:
- * - The Montgomery form of a number depends on the modulus m.
- * A fixed modulus m is assumed throughout this discussion.
- * - Since R is relaitvely prime to m, multiplication by R is invertible;
- * no information about the numbers is lost, they're just scrambled.
- * - Adding (and subtracting) numbers in this form works just as usual.
- * M(a+b) = (a+b)*R mod m = (a*R + b*R) mod m = (M(a) + M(b)) mod m
- * - Multiplying numbers in this form produces a*b*R*R. The problem
- * is to divide out the excess factor of R, modulo m as well as to
- * reduce to the given length mlen. It turns out that this can be
- * done *faster* than a normal divide, which is where the speedup
- * in Montgomery division comes from.
- *
- * Normal reduction chooses a most-significant quotient digit q and then
- * subtracts q*m from the number to be reduced. Choosing q is tricky
- * and involved (just look at lbnDiv_16 to see!) and is usually
- * imperfect, requiring a check for correction after the subtraction.
- *
- * Montgomery reduction *adds* a multiple of m to the *low-order* part
- * of the number to be reduced. This multiple is chosen to make the
- * low-order part of the number come out to zero. This can be done
- * with no trickery or error using a precomputed inverse of the modulus.
- * In this code, the "part" is one word, but any width can be used.
- *
- * Repeating this step sufficiently often results in a value which
- * is a multiple of R (a power of two, remember) but is still (since
- * the additions were to the low-order part and thus did not increase
- * the value of the number being reduced very much) still not much
- * larger than m*R. Then implicitly divide by R and subtract off
- * m until the result is in the correct range.
- *
- * Since the low-order part being cancelled is less than R, the
- * multiple of m added must have a multiplier which is at most R-1.
- * Assuming that the input is at most m*R-1, the final number is
- * at most m*(2*R-1)-1 = 2*m*R - m - 1, so subtracting m once from
- * the high-order part, equivalent to subtracting m*R from the
- * while number, produces a result which is at most m*R - m - 1,
- * which divided by R is at most m-1.
- *
- * To convert *to* Montgomery form, you need a regular remainder
- * routine, although you can just compute R*R (mod m) and do the
- * conversion using Montgomery multiplication. To convert *from*
- * Montgomery form, just Montgomery reduce the number to
- * remove the extra factor of R.
- *
- * TODO: Change to a full inverse and use Karatsuba's multiplication
- * rather than this word-at-a-time.
- */
-#ifndef lbnMontReduce_16
-void
-lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned const mlen,
- BNWORD16 inv)
-{
- BNWORD16 t;
- BNWORD16 c = 0;
- unsigned len = mlen;
-
- /* inv must be the negative inverse of mod's least significant word */
- assert((BNWORD16)(inv * BIGLITTLE(mod[-1],mod[0])) == (BNWORD16)-1);
-
- assert(len);
-
- do {
- t = lbnMulAdd1_16(n, mod, mlen, inv * BIGLITTLE(n[-1],n[0]));
- c += lbnAdd1_16(BIGLITTLE(n-mlen,n+mlen), len, t);
- BIGLITTLE(--n,++n);
- } while (--len);
-
- /*
- * All that adding can cause an overflow past the modulus size,
- * but it's unusual, and never by much, so a subtraction loop
- * is the right way to deal with it.
- * This subtraction happens infrequently - I've only ever seen it
- * invoked once per reduction, and then just under 22.5% of the time.
- */
- while (c)
- c -= lbnSubN_16(n, mod, mlen);
- while (lbnCmp_16(n, mod, mlen) >= 0)
- (void)lbnSubN_16(n, mod, mlen);
-}
-#endif /* !lbnMontReduce_16 */
-
-/*
- * A couple of helpers that you might want to implement atomically
- * in asm sometime.
- */
-#ifndef lbnMontMul_16
-/*
- * Multiply "num1" by "num2", modulo "mod", all of length "len", and
- * place the result in the high half of "prod". "inv" is the inverse
- * of the least-significant word of the modulus, modulo 2^16.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontMul_16(prod, n1, n2, mod, len, inv) \
- (lbnMulX_16(prod, n1, n2, len), lbnMontReduce_16(prod, mod, len, inv))
-#endif /* !lbnMontMul_16 */
-
-#ifndef lbnMontSquare_16
-/*
- * Square "n", modulo "mod", both of length "len", and place the result
- * in the high half of "prod". "inv" is the inverse of the least-significant
- * word of the modulus, modulo 2^16.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontSquare_16(prod, n, mod, len, inv) \
- (lbnSquare_16(prod, n, len), lbnMontReduce_16(prod, mod, len, inv))
-
-#endif /* !lbnMontSquare_16 */
-
-/*
- * Convert a number to Montgomery form - requires mlen + nlen words
- * of memory in "n".
- */
-void
-lbnToMont_16(BNWORD16 *n, unsigned nlen, BNWORD16 *mod, unsigned mlen)
-{
- /* Move n up "mlen" words */
- lbnCopy_16(BIGLITTLE(n-mlen,n+mlen), n, nlen);
- lbnZero_16(n, mlen);
- /* Do the division - dump the quotient in the high-order words */
- (void)lbnDiv_16(BIGLITTLE(n-mlen,n+mlen), n, mlen+nlen, mod, mlen);
-}
-
-/*
- * Convert from Montgomery form. Montgomery reduction is all that is
- * needed.
- */
-void
-lbnFromMont_16(BNWORD16 *n, BNWORD16 *mod, unsigned len)
-{
- /* Zero the high words of n */
- lbnZero_16(BIGLITTLE(n-len,n+len), len);
- lbnMontReduce_16(n, mod, len, lbnMontInv1_16(mod[BIGLITTLE(-1,0)]));
- /* Move n down len words */
- lbnCopy_16(n, BIGLITTLE(n-len,n+len), len);
-}
-
-/*
- * The windowed exponentiation algorithm, precomputes a table of odd
- * powers of n up to 2^k. See the comment in bnExpMod_16 below for
- * an explanation of how it actually works works.
- *
- * It takes 2^(k-1)-1 multiplies to compute the table, and (e-1)/(k+1)
- * multiplies (on average) to perform the exponentiation. To minimize
- * the sum, k must vary with e. The optimal window sizes vary with the
- * exponent length. Here are some selected values and the boundary cases.
- * (An underscore _ has been inserted into some of the numbers to ensure
- * that magic strings like 16 do not appear in this table. It should be
- * ignored.)
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 8 bits, k=2 (3.333333) < k=1 (3.500000)
- * At e = 1_6 bits, k=2 (6.000000) is best
- * At e = 26 bits, k=3 (9.250000) < k=2 (9.333333)
- * At e = 3_2 bits, k=3 (10.750000) is best
- * At e = 6_4 bits, k=3 (18.750000) is best
- * At e = 82 bits, k=4 (23.200000) < k=3 (23.250000)
- * At e = 128 bits, k=4 (3_2.400000) is best
- * At e = 242 bits, k=5 (55.1_66667) < k=4 (55.200000)
- * At e = 256 bits, k=5 (57.500000) is best
- * At e = 512 bits, k=5 (100.1_66667) is best
- * At e = 674 bits, k=6 (127.142857) < k=5 (127.1_66667)
- * At e = 1024 bits, k=6 (177.142857) is best
- * At e = 1794 bits, k=7 (287.125000) < k=6 (287.142857)
- * At e = 2048 bits, k=7 (318.875000) is best
- * At e = 4096 bits, k=7 (574.875000) is best
- *
- * The numbers in parentheses are the expected number of multiplications
- * needed to do the computation. The normal russian-peasant modular
- * exponentiation technique always uses (e-1)/2. For exponents as
- * small as 192 bits (below the range of current factoring algorithms),
- * half of the multiplies are eliminated, 45.2 as opposed to the naive
- * 95.5. Counting the 191 squarings as 3/4 a multiply each (squaring
- * proper is just over half of multiplying, but the Montgomery
- * reduction in each case is also a multiply), that's 143.25
- * multiplies, for totals of 188.45 vs. 238.75 - a 21% savings.
- * For larger exponents (like 512 bits), it's 483.92 vs. 639.25, a
- * 24.3% savings. It asymptotically approaches 25%.
- *
- * Um, actually there's a slightly more accurate way to count, which
- * really is the average number of multiplies required, averaged
- * uniformly over all 2^(e-1) e-bit numbers, from 2^(e-1) to (2^e)-1.
- * It's based on the recurrence that for the last b bits, b <= k, at
- * most one multiply is needed (and none at all 1/2^b of the time),
- * while when b > k, the odds are 1/2 each way that the bit will be
- * 0 (meaning no multiplies to reduce it to the b-1-bit case) and
- * 1/2 that the bit will be 1, starting a k-bit window and requiring
- * 1 multiply beyond the b-k-bit case. Since the most significant
- * bit is always 1, a k-bit window always starts there, and that
- * multiply is by 1, so it isn't a multiply at all. Thus, the
- * number of multiplies is simply that needed for the last e-k bits.
- * This recurrence produces:
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 6 bits, k=2 (2.437500) < k=1 (2.500000)
- * At e = 8 bits, k=2 (3.109375) is best
- * At e = 1_6 bits, k=2 (5.777771) is best
- * At e = 24 bits, k=3 (8.437629) < k=2 (8.444444)
- * At e = 3_2 bits, k=3 (10.437492) is best
- * At e = 6_4 bits, k=3 (18.437500) is best
- * At e = 81 bits, k=4 (22.6_40000) < k=3 (22.687500)
- * At e = 128 bits, k=4 (3_2.040000) is best
- * At e = 241 bits, k=5 (54.611111) < k=4 (54.6_40000)
- * At e = 256 bits, k=5 (57.111111) is best
- * At e = 512 bits, k=5 (99.777778) is best
- * At e = 673 bits, k=6 (126.591837) < k=5 (126.611111)
- * At e = 1024 bits, k=6 (176.734694) is best
- * At e = 1793 bits, k=7 (286.578125) < k=6 (286.591837)
- * At e = 2048 bits, k=7 (318.453125) is best
- * At e = 4096 bits, k=7 (574.453125) is best
- *
- * This has the rollover points at 6, 24, 81, 241, 673 and 1793 instead
- * of 8, 26, 82, 242, 674, and 1794. Not a very big difference.
- * (The numbers past that are k=8 at 4609 and k=9 at 11521,
- * vs. one more in each case for the approximation.)
- *
- * Given that exponents for which k>7 are useful are uncommon,
- * a fixed size table for k <= 7 is used for simplicity.
- *
- * The basic number of squarings needed is e-1, although a k-bit
- * window (for k > 1) can save, on average, k-2 of those, too.
- * That savings currently isn't counted here. It would drive the
- * crossover points slightly lower.
- * (Actually, this win is also reduced in the DoubleExpMod case,
- * meaning we'd have to split the tables. Except for that, the
- * multiplies by powers of the two bases are independent, so
- * the same logic applies to each as the single case.)
- *
- * Table entry i is the largest number of bits in an exponent to
- * process with a window size of i+1. Entry 6 is the largest
- * possible unsigned number, so the window will never be more
- * than 7 bits, requiring 2^6 = 0x40 slots.
- */
-#define BNEXPMOD_MAX_WINDOW 7
-static unsigned const bnExpModThreshTable[BNEXPMOD_MAX_WINDOW] = {
- 5, 23, 80, 240, 672, 1792, (unsigned)-1
-/* 7, 25, 81, 241, 673, 1793, (unsigned)-1 ### The old approximations */
-};
-
-/*
- * Perform modular exponentiation, as fast as possible! This uses
- * Montgomery reduction, optimized squaring, and windowed exponentiation.
- * The modulus "mod" MUST be odd!
- *
- * This returns 0 on success, -1 on out of memory.
- *
- * The window algorithm:
- * The idea is to keep a running product of b1 = n^(high-order bits of exp),
- * and then keep appending exponent bits to it. The following patterns
- * apply to a 3-bit window (k = 3):
- * To append 0: square
- * To append 1: square, multiply by n^1
- * To append 10: square, multiply by n^1, square
- * To append 11: square, square, multiply by n^3
- * To append 100: square, multiply by n^1, square, square
- * To append 101: square, square, square, multiply by n^5
- * To append 110: square, square, multiply by n^3, square
- * To append 111: square, square, square, multiply by n^7
- *
- * Since each pattern involves only one multiply, the longer the pattern
- * the better, except that a 0 (no multiplies) can be appended directly.
- * We precompute a table of odd powers of n, up to 2^k, and can then
- * multiply k bits of exponent at a time. Actually, assuming random
- * exponents, there is on average one zero bit between needs to
- * multiply (1/2 of the time there's none, 1/4 of the time there's 1,
- * 1/8 of the time, there's 2, 1/16 of the time, there's 3, etc.), so
- * you have to do one multiply per k+1 bits of exponent.
- *
- * The loop walks down the exponent, squaring the result buffer as
- * it goes. There is a wbits+1 bit lookahead buffer, buf, that is
- * filled with the upcoming exponent bits. (What is read after the
- * end of the exponent is unimportant, but it is filled with zero here.)
- * When the most-significant bit of this buffer becomes set, i.e.
- * (buf & tblmask) != 0, we have to decide what pattern to multiply
- * by, and when to do it. We decide, remember to do it in future
- * after a suitable number of squarings have passed (e.g. a pattern
- * of "100" in the buffer requires that we multiply by n^1 immediately;
- * a pattern of "110" calls for multiplying by n^3 after one more
- * squaring), clear the buffer, and continue.
- *
- * When we start, there is one more optimization: the result buffer
- * is implcitly one, so squaring it or multiplying by it can be
- * optimized away. Further, if we start with a pattern like "100"
- * in the lookahead window, rather than placing n into the buffer
- * and then starting to square it, we have already computed n^2
- * to compute the odd-powers table, so we can place that into
- * the buffer and save a squaring.
- *
- * This means that if you have a k-bit window, to compute n^z,
- * where z is the high k bits of the exponent, 1/2 of the time
- * it requires no squarings. 1/4 of the time, it requires 1
- * squaring, ... 1/2^(k-1) of the time, it reqires k-2 squarings.
- * And the remaining 1/2^(k-1) of the time, the top k bits are a
- * 1 followed by k-1 0 bits, so it again only requires k-2
- * squarings, not k-1. The average of these is 1. Add that
- * to the one squaring we have to do to compute the table,
- * and you'll see that a k-bit window saves k-2 squarings
- * as well as reducing the multiplies. (It actually doesn't
- * hurt in the case k = 1, either.)
- *
- * n must have mlen words allocated. Although fewer may be in use
- * when n is passed in, all are in use on exit.
- */
-int
-lbnExpMod_16(BNWORD16 *result, BNWORD16 const *n, unsigned nlen,
- BNWORD16 const *e, unsigned elen, BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *table[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n */
- unsigned ebits; /* Exponent bits */
- unsigned wbits; /* Window size */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD16 bitpos; /* Mask of current look-ahead bit */
- unsigned buf; /* Buffer of exponent bits */
- unsigned multpos; /* Where to do pending multiply */
- BNWORD16 const *mult; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD16 *a, *b; /* Working buffers/accumulators */
- BNWORD16 *t; /* Pointer into the working buffers */
- BNWORD16 inv; /* mod^-1 modulo 2^16 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(nlen <= mlen);
-
- /* First, a couple of trivial cases. */
- elen = lbnNorm_16(e, elen);
- if (!elen) {
- /* x ^ 0 == 1 */
- lbnZero_16(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- ebits = lbnBits_16(e, elen);
- if (ebits == 1) {
- /* x ^ 1 == x */
- if (n != result)
- lbnCopy_16(result, n, nlen);
- if (mlen > nlen)
- lbnZero_16(BIGLITTLE(result-nlen,result+nlen),
- mlen-nlen);
- return 0;
- }
-
- /* Okay, now move the exponent pointer to the most-significant word */
- e = BIGLITTLE(e-elen, e+elen-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- wbits = 0;
- while (ebits > bnExpModThreshTable[wbits])
- wbits++;
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD16, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << wbits;
-
- /* We have the result buffer available, so use it. */
- table[0] = result;
-
- /*
- * Okay, we now have a minimal-sized table - expand it.
- * This is allowed to fail! If so, scale back the table size
- * and proceed.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table[i] = t;
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- wbits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask)
- LBNFREE(table[i], mlen);
-
- /* Okay, fill in the table */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n to Montgomery form */
-
- /* Move n up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_16(t, n, nlen);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+nlen, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_16(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_16(a, t, table[i-1], mod, mlen, inv);
- lbnCopy_16(table[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* We might use b = n^2 later... */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD16)1 << ((ebits-1) & (16-1)); /* Initialize mask */
-
- /* This should point to the msbit of e */
- assert((*e & bitpos) != 0);
-
- /*
- * Pre-load the window. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e in here.
- *
- * The read-ahead is controlled by elen and the bitpos mask.
- * Note that this is *ahead* of ebits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two wbits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- */
- buf = 0;
- for (i = 0; i <= wbits; i++) {
- buf = (buf << 1) | ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD16)1 << (16-1);
- elen--;
- }
- }
- assert(buf & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- multpos = ebits; /* A NULL value */
- mult = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- ebits--; /* Start processing the first bit... */
- isone = 1;
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf is set, and
- * - We have the extra value n^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf & tblmask);
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (multpos == ebits)
- isone = 0;
-
- /*
- * At this point, the buffer (which is the high half of b) holds
- * either 1 (implicitly, as the "isone" flag is set), or n^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the window
- * - If the most-significant bit of the window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffer
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- ebits--;
-
- /* Advance the window */
- assert(buf < tblmask);
- buf <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by ebits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (elen) {
- buf |= ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD16)1 << (16-1);
- elen--;
- }
- }
-
- /* Examine the window for pending multiplies */
- if (buf & tblmask) {
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
- }
-
- /* If we have a pending multiply, do it */
- if (ebits == multpos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!ebits)
- break;
-
- /* Square the input */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_16(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_16(b, t, mlen);
- lbnZero_16(t, mlen);
- lbnMontReduce_16(b, mod, mlen, inv);
- lbnCopy_16(result, t, mlen);
- /*
- * Clean up - free intermediate storage.
- * Do NOT free table[0], which is the result
- * buffer.
- */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- while (--tblmask)
- LBNFREE(table[tblmask], mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-#if 0
-/*
- * Compute and return n1^e1 * n2^e2 mod "mod".
- * result may be either input buffer, or something separate.
- * It must be "mlen" words long.
- *
- * There is a current position in the exponents, which is kept in e1bits.
- * (The exponents are swapped if necessary so e1 is the longer of the two.)
- * At any given time, the value in the accumulator is
- * n1^(e1>>e1bits) * n2^(e2>>e1bits) mod "mod".
- * As e1bits is counted down, this is updated, by squaring it and doing
- * any necessary multiplies.
- * To decide on the necessary multiplies, two windows, each w1bits+1 bits
- * wide, are maintained in buf1 and buf2, which read *ahead* of the
- * e1bits position (with appropriate handling of the case when e1bits
- * drops below w1bits+1). When the most-significant bit of either window
- * becomes set, indicating that something needs to be multiplied by
- * the accumulator or it will get out of sync, the window is examined
- * to see which power of n1 or n2 to multiply by, and when (possibly
- * later, if the power is greater than 1) the multiply should take
- * place. Then the multiply and its location are remembered and the
- * window is cleared.
- *
- * If we had every power of n1 in the table, the multiply would always
- * be w1bits steps in the future. But we only keep the odd powers,
- * so instead of waiting w1bits squarings and then multiplying
- * by n1^k, we wait w1bits-k squarings and multiply by n1.
- *
- * Actually, w2bits can be less than w1bits, but the window is the same
- * size, to make it easier to keep track of where we're reading. The
- * appropriate number of low-order bits of the window are just ignored.
- */
-int
-lbnDoubleExpMod_16(BNWORD16 *result,
- BNWORD16 const *n1, unsigned n1len,
- BNWORD16 const *e1, unsigned e1len,
- BNWORD16 const *n2, unsigned n2len,
- BNWORD16 const *e2, unsigned e2len,
- BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *table1[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n1 */
- BNWORD16 *table2[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n2 */
- unsigned e1bits, e2bits; /* Exponent bits */
- unsigned w1bits, w2bits; /* Window sizes */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD16 bitpos; /* Mask of current look-ahead bit */
- unsigned buf1, buf2; /* Buffer of exponent bits */
- unsigned mult1pos, mult2pos; /* Where to do pending multiply */
- BNWORD16 const *mult1, *mult2; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD16 *a, *b; /* Working buffers/accumulators */
- BNWORD16 *t; /* Pointer into the working buffers */
- BNWORD16 inv; /* mod^-1 modulo 2^16 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(n1len <= mlen);
- assert(n2len <= mlen);
-
- /* First, a couple of trivial cases. */
- e1len = lbnNorm_16(e1, e1len);
- e2len = lbnNorm_16(e2, e2len);
-
- /* Ensure that the first exponent is the longer */
- e1bits = lbnBits_16(e1, e1len);
- e2bits = lbnBits_16(e2, e2len);
- if (e1bits < e2bits) {
- i = e1len; e1len = e2len; e2len = i;
- i = e1bits; e1bits = e2bits; e2bits = i;
- t = (BNWORD16 *)n1; n1 = n2; n2 = t;
- t = (BNWORD16 *)e1; e1 = e2; e2 = t;
- }
- assert(e1bits >= e2bits);
-
- /* Handle a trivial case */
- if (!e2len)
- return lbnExpMod_16(result, n1, n1len, e1, e1len, mod, mlen);
- assert(e2bits);
-
- /* The code below fucks up if the exponents aren't at least 2 bits */
- if (e1bits == 1) {
- assert(e2bits == 1);
-
- LBNALLOC(a, BNWORD16, n1len+n2len);
- if (!a)
- return -1;
-
- lbnMul_16(a, n1, n1len, n2, n2len);
- /* Do a direct modular reduction */
- if (n1len + n2len >= mlen)
- (void)lbnDiv_16(a+mlen, a, n1len+n2len, mod, mlen);
- lbnCopy_16(result, a, mlen);
- LBNFREE(a, n1len+n2len);
- return 0;
- }
-
- /* Okay, now move the exponent pointers to the most-significant word */
- e1 = BIGLITTLE(e1-e1len, e1+e1len-1);
- e2 = BIGLITTLE(e2-e2len, e2+e2len-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- w1bits = 0;
- while (e1bits > bnExpModThreshTable[w1bits])
- w1bits++;
- w2bits = 0;
- while (e2bits > bnExpModThreshTable[w2bits])
- w2bits++;
-
- assert(w1bits >= w2bits);
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD16, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << w1bits;
- /* Use buf2 for its size, temporarily */
- buf2 = 1u << w2bits;
-
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) {
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return -1;
- }
- table1[0] = t;
- table2[0] = result;
-
- /*
- * Okay, we now have some minimal-sized tables - expand them.
- * This is allowed to fail! If so, scale back the table sizes
- * and proceed. We allocate both tables at the same time
- * so if it fails partway through, they'll both be a reasonable
- * size rather than one huge and one tiny.
- * When i passes buf2 (the number of entries in the e2 window,
- * which may be less than the number of entries in the e1 window),
- * stop allocating e2 space.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table1[i] = t;
- if (i < buf2) {
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) {
- LBNFREE(table1[i], mlen);
- break;
- }
- table2[i] = t;
- }
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- w1bits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask) {
- if (i < buf2)
- LBNFREE(table2[i], mlen);
- LBNFREE(table1[i], mlen);
- }
- /* And shrink the second window too, if needed */
- if (w2bits > w1bits) {
- w2bits = w1bits;
- buf2 = tblmask;
- }
-
- /*
- * From now on, use the w2bits variable for the difference
- * between w1bits and w2bits.
- */
- w2bits = w1bits-w2bits;
-
- /* Okay, fill in the tables */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n1 to Montgomery form */
-
- /* Move n1 up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_16(t, n1, n1len);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+n1len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table1[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_16(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the first table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_16(a, t, table1[i-1], mod, mlen, inv);
- lbnCopy_16(table1[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* Convert n2 to Montgomery form */
-
- t = BIGLITTLE(a-mlen, a+mlen);
- /* Move n2 up "mlen" words into a */
- lbnCopy_16(t, n2, n2len);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+n2len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table2[0], a, mlen);
-
- /* Square it into a */
- lbnMontSquare_16(a, table2[0], mod, mlen, inv);
- /* Copy to b, low half */
- lbnCopy_16(b, t, mlen);
-
- /* Use b to initialize the second table */
- for (i = 1; i < buf2; i++) {
- lbnMontMul_16(a, b, table2[i-1], mod, mlen, inv);
- lbnCopy_16(table2[i], t, mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /*
- * Okay, a recap: at this point, the low part of b holds
- * n2^2, the high part holds n1^2, and the tables are
- * initialized with the odd powers of n1 and n2 from 1
- * through 2*tblmask-1 and 2*buf2-1.
- *
- * We might use those squares in b later, or we might not.
- */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD16)1 << ((e1bits-1) & (16-1)); /* Initialize mask */
-
- /* This should point to the msbit of e1 */
- assert((*e1 & bitpos) != 0);
-
- /*
- * Pre-load the windows. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e1 in here.
- *
- * The read-ahead is controlled by e1len and the bitpos mask.
- * Note that this is *ahead* of e1bits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two w1bits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- * e2len is not decremented, it is only ever compared with
- * e1len as *that* is decremented.
- */
- buf1 = buf2 = 0;
- for (i = 0; i <= w1bits; i++) {
- buf1 = (buf1 << 1) | ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 = (buf2 << 1) | ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD16)1 << (16-1);
- e1len--;
- }
- }
- assert(buf1 & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- mult1pos = mult2pos = e1bits; /* A NULL value */
- mult1 = mult2 = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- isone = 1; /* Buffer is implicitly 1, so replace * by copy */
- e1bits--; /* Start processing the first bit... */
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf1 is set, and
- * - We have the extra value n1^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n1^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n1^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf1 & tblmask);
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (mult1pos == e1bits)
- isone = 0;
-
- /*
- * The first multiply by a power of n2. Similar, but
- * we might not even want to schedule a multiply if e2 is
- * shorter than e1, and the window might be shorter so
- * we have to leave the low w2bits bits alone.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
-
- if (mult2pos == e1bits) {
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- lbnCopy_16(t, b, mlen); /* Copy low to high */
- isone = 0;
- } else {
- lbnMontMul_16(a, t, b, mod, mlen, inv);
- t = a; a = b; b = t;
- }
- }
- }
-
- /*
- * At this point, the buffer (which is the high half of b)
- * holds either 1 (implicitly, as the "isone" flag is set),
- * n1^2, n2^2 or n1^2 * n2^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the windows
- * - If the most-significant bit of a window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffers
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- e1bits--;
-
- /* Advance the windows */
- assert(buf1 < tblmask);
- buf1 <<= 1;
- assert(buf2 < tblmask);
- buf2 <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by e1bits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (e1len) {
- buf1 |= ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 |= ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD16)1 << (16-1);
- e1len--;
- }
- }
-
- /* Examine the first window for pending multiplies */
- if (buf1 & tblmask) {
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
- }
-
- /*
- * Examine the second window for pending multiplies.
- * Window 2 can be smaller than window 1, but we
- * keep the same number of bits in buf2, so we need
- * to ignore any low-order bits in the buffer when
- * computing what to multiply by, and recompute them
- * later.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
- }
-
-
- /* If we have a pending multiply for e1, do it */
- if (e1bits == mult1pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult1, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult1, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* If we have a pending multiply for e2, do it */
- if (e1bits == mult2pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult2, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult2, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!e1bits)
- break;
-
- /* Square the buffer */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_16(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf1);
- assert(!buf2);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_16(b, t, mlen);
- lbnZero_16(t, mlen);
- lbnMontReduce_16(b, mod, mlen, inv);
- lbnCopy_16(result, t, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- buf2 = tblmask >> w2bits;
- while (--tblmask) {
- if (tblmask < buf2)
- LBNFREE(table2[tblmask], mlen);
- LBNFREE(table1[tblmask], mlen);
- }
- t = table1[0];
- LBNFREE(t, mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-#endif
-
-/*
- * 2^exp (mod mod). This is an optimized version for use in Fermat
- * tests. The input value of n is ignored; it is returned with
- * "mlen" words valid.
- */
-int
-lbnTwoExpMod_16(BNWORD16 *n, BNWORD16 const *exp, unsigned elen,
- BNWORD16 *mod, unsigned mlen)
-{
- unsigned e; /* Copy of high words of the exponent */
- unsigned bits; /* Assorted counter of bits */
- BNWORD16 const *bitptr;
- BNWORD16 bitword, bitpos;
- BNWORD16 *a, *b, *a1;
- BNWORD16 inv;
- int y; /* Result of bnYield() */
-
- assert(mlen);
-
- bitptr = BIGLITTLE(exp-elen, exp+elen-1);
- bitword = *bitptr;
- assert(bitword);
-
- /* Clear n for future use. */
- lbnZero_16(n, mlen);
-
- bits = lbnBits_16(exp, elen);
-
- /* First, a couple of trivial cases. */
- if (bits <= 1) {
- /* 2 ^ 0 == 1, 2 ^ 1 == 2 */
- BIGLITTLE(n[-1],n[0]) = (BNWORD16)1<<elen;
- return 0;
- }
-
- /* Set bitpos to the most significant bit */
- bitpos = (BNWORD16)1 << ((bits-1) & (16-1));
-
- /* Now, count the bits in the modulus. */
- bits = lbnBits_16(mod, mlen);
- assert(bits > 1); /* a 1-bit modulus is just stupid... */
-
- /*
- * We start with 1<<e, where "e" is as many high bits of the
- * exponent as we can manage without going over the modulus.
- * This first loop finds "e".
- */
- e = 1;
- while (elen) {
- /* Consume the first bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break;
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD16)1<<(16-1);
- }
- e = (e << 1) | ((bitpos & bitword) != 0);
- if (e >= bits) { /* Overflow! Back out. */
- e >>= 1;
- break;
- }
- }
- /*
- * The bit in "bitpos" being examined by the bit buffer has NOT
- * been consumed yet. This may be past the end of the exponent,
- * in which case elen == 1.
- */
-
- /* Okay, now, set bit "e" in n. n is already zero. */
- inv = (BNWORD16)1 << (e & (16-1));
- e /= 16;
- BIGLITTLE(n[-e-1],n[e]) = inv;
- /*
- * The effective length of n in words is now "e+1".
- * This is used a little bit later.
- */
-
- if (!elen)
- return 0; /* That was easy! */
-
- /*
- * We have now processed the first few bits. The next step
- * is to convert this to Montgomery form for further squaring.
- */
-
- /* Allocate working storage: two product buffers */
- LBNALLOC(a, BNWORD16, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_16(inv);
- /* Move n (length e+1, remember?) up "mlen" words into b */
- /* Note that we lie about a1 for a bit - it's pointing to b */
- a1 = BIGLITTLE(b-mlen,b+mlen);
- lbnCopy_16(a1, n, e+1);
- lbnZero_16(b, mlen);
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_16(a1, b, mlen+e+1, mod, mlen);
- /*
- * Now do the first squaring and modular reduction to put
- * the number up in a1 where it belongs.
- */
- lbnMontSquare_16(a, b, mod, mlen, inv);
- /* Fix up a1 to point to where it should go. */
- a1 = BIGLITTLE(a-mlen,a+mlen);
-
- /*
- * Okay, now, a1 holds the number being accumulated, and
- * b is a scratch register. Start working:
- */
- for (;;) {
- /*
- * Is the bit set? If so, double a1 as well.
- * A modular doubling like this is very cheap.
- */
- if (bitpos & bitword) {
- /*
- * Double the number. If there was a carry out OR
- * the result is greater than the modulus, subract
- * the modulus.
- */
- if (lbnDouble_16(a1, mlen) ||
- lbnCmp_16(a1, mod, mlen) > 0)
- (void)lbnSubN_16(a1, mod, mlen);
- }
-
- /* Advance to the next exponent bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break; /* Done! */
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD16)1<<(16-1);
- }
-
- /*
- * The elen/bitword/bitpos bit buffer is known to be
- * non-empty, i.e. there is at least one more unconsumed bit.
- * Thus, it's safe to square the number.
- */
- lbnMontSquare_16(b, a1, mod, mlen, inv);
- /* Rename result (in b) back to a (a1, really). */
- a1 = b; b = a; a = a1;
- a1 = BIGLITTLE(a-mlen,a+mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* DONE! Just a little bit of cleanup... */
-
- /*
- * Convert result out of Montgomery form... this is
- * just a Montgomery reduction.
- */
- lbnCopy_16(a, a1, mlen);
- lbnZero_16(a1, mlen);
- lbnMontReduce_16(a, mod, mlen, inv);
- lbnCopy_16(n, a1, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-
-/*
- * Returns a substring of the big-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractBigBytes_16(BNWORD16 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Needed to shut up uninitialized var warnings */
- unsigned shift;
-
- lsbyte += buflen;
-
- shift = (8 * lsbyte) % 16;
- lsbyte /= (16/8); /* Convert to word offset */
- BIGLITTLE(n -= lsbyte, n += lsbyte);
-
- if (shift)
- t = BIGLITTLE(n[-1],n[0]);
-
- while (buflen--) {
- if (!shift) {
- t = BIGLITTLE(*n++,*--n);
- shift = 16;
- }
- shift -= 8;
- *buf++ = (unsigned char)(t>>shift);
- }
-}
-
-/*
- * Merge a big-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its *last* byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertBigBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Shut up uninitialized varibale warnings */
-
- lsbyte += buflen;
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 16;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *buf++;
- if ((--lsbyte % (16/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 16;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD16)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-/*
- * Returns a substring of the little-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractLittleBytes_16(BNWORD16 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Needed to shut up uninitialized var warnings */
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte % (16/8)) * 8 ;
- }
-
- while (buflen--) {
- if ((lsbyte++ % (16/8)) == 0)
- t = BIGLITTLE(*--n,*n++);
- *buf++ = (unsigned char)t;
- t >>= 8;
- }
-}
-
-/*
- * Merge a little-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its first byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertLittleBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Shut up uninitialized varibale warnings */
-
- /* Move to most-significant end */
- lsbyte += buflen;
- buf += buflen;
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 16;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *--buf;
- if ((--lsbyte % (16/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 16;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD16)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-#ifdef DEADCODE /* This was a precursor to the more flexible lbnExtractBytes */
-/*
- * Convert a big-endian array of bytes to a bignum.
- * Returns the number of words in the bignum.
- * Note the expression "16/8" for the number of bytes per word.
- * This is so the word-size adjustment will work.
- */
-unsigned
-lbnFromBytes_16(BNWORD16 *a, unsigned char const *b, unsigned blen)
-{
- BNWORD16 t;
- unsigned alen = (blen + (16/8-1))/(16/8);
- BIGLITTLE(a -= alen, a += alen);
-
- while (blen) {
- t = 0;
- do {
- t = t << 8 | *b++;
- } while (--blen & (16/8-1));
- BIGLITTLE(*a++,*--a) = t;
- }
- return alen;
-}
-#endif
-
-#if 0
-/*
- * Computes the GCD of a and b. Modifies both arguments; when it returns,
- * one of them is the GCD and the other is trash. The return value
- * indicates which: 0 for a, and 1 for b. The length of the retult is
- * returned in rlen. Both inputs must have one extra word of precision.
- * alen must be >= blen.
- *
- * TODO: use the binary algorithm (Knuth section 4.5.2, algorithm B).
- * This is based on taking out common powers of 2, then repeatedly:
- * gcd(2*u,v) = gcd(u,2*v) = gcd(u,v) - isolated powers of 2 can be deleted.
- * gcd(u,v) = gcd(u-v,v) - the numbers can be easily reduced.
- * It gets less reduction per step, but the steps are much faster than
- * the division case.
- */
-int
-lbnGcd_16(BNWORD16 *a, unsigned alen, BNWORD16 *b, unsigned blen,
- unsigned *rlen)
-{
-#if BNYIELD
- int y;
-#endif
- assert(alen >= blen);
-
- while (blen != 0) {
- (void)lbnDiv_16(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- alen = lbnNorm_16(a, blen);
- if (alen == 0) {
- *rlen = blen;
- return 1;
- }
- (void)lbnDiv_16(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- blen = lbnNorm_16(b, alen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- return y;
-#endif
- }
- *rlen = alen;
- return 0;
-}
-
-/*
- * Invert "a" modulo "mod" using the extended Euclidean algorithm.
- * Note that this only computes one of the cosequences, and uses the
- * theorem that the signs flip every step and the absolute value of
- * the cosequence values are always bounded by the modulus to avoid
- * having to work with negative numbers.
- * gcd(a,mod) had better equal 1. Returns 1 if the GCD is NOT 1.
- * a must be one word longer than "mod". It is overwritten with the
- * result.
- * TODO: Use Richard Schroeppel's *much* faster algorithm.
- */
-int
-lbnInv_16(BNWORD16 *a, unsigned alen, BNWORD16 const *mod, unsigned mlen)
-{
- BNWORD16 *b; /* Hold a copy of mod during GCD reduction */
- BNWORD16 *p; /* Temporary for products added to t0 and t1 */
- BNWORD16 *t0, *t1; /* Inverse accumulators */
- BNWORD16 cy;
- unsigned blen, t0len, t1len, plen;
- int y;
-
- alen = lbnNorm_16(a, alen);
- if (!alen)
- return 1; /* No inverse */
-
- mlen = lbnNorm_16(mod, mlen);
-
- assert (alen <= mlen);
-
- /* Inverse of 1 is 1 */
- if (alen == 1 && BIGLITTLE(a[-1],a[0]) == 1) {
- lbnZero_16(BIGLITTLE(a-alen,a+alen), mlen-alen);
- return 0;
- }
-
- /* Allocate a pile of space */
- LBNALLOC(b, BNWORD16, mlen+1);
- if (b) {
- /*
- * Although products are guaranteed to always be less than the
- * modulus, it can involve multiplying two 3-word numbers to
- * get a 5-word result, requiring a 6th word to store a 0
- * temporarily. Thus, mlen + 1.
- */
- LBNALLOC(p, BNWORD16, mlen+1);
- if (p) {
- LBNALLOC(t0, BNWORD16, mlen);
- if (t0) {
- LBNALLOC(t1, BNWORD16, mlen);
- if (t1)
- goto allocated;
- LBNFREE(t0, mlen);
- }
- LBNFREE(p, mlen+1);
- }
- LBNFREE(b, mlen+1);
- }
- return -1;
-
-allocated:
-
- /* Set t0 to 1 */
- t0len = 1;
- BIGLITTLE(t0[-1],t0[0]) = 1;
-
- /* b = mod */
- lbnCopy_16(b, mod, mlen);
- /* blen = mlen (implicitly) */
-
- /* t1 = b / a; b = b % a */
- cy = lbnDiv_16(t1, b, mlen, a, alen);
- *(BIGLITTLE(t1-(mlen-alen)-1,t1+(mlen-alen))) = cy;
- t1len = lbnNorm_16(t1, mlen-alen+1);
- blen = lbnNorm_16(b, alen);
-
- /* while (b > 1) */
- while (blen > 1 || BIGLITTLE(b[-1],b[0]) != (BNWORD16)1) {
- /* q = a / b; a = a % b; */
- if (alen < blen || (alen == blen && lbnCmp_16(a, a, alen) < 0))
- assert(0);
- cy = lbnDiv_16(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- *(BIGLITTLE(a-alen-1,a+alen)) = cy;
- plen = lbnNorm_16(BIGLITTLE(a-blen,a+blen), alen-blen+1);
- assert(plen);
- alen = lbnNorm_16(a, blen);
- if (!alen)
- goto failure; /* GCD not 1 */
-
- /* t0 += q * t1; */
- assert(plen+t1len <= mlen+1);
- lbnMul_16(p, BIGLITTLE(a-blen,a+blen), plen, t1, t1len);
- plen = lbnNorm_16(p, plen + t1len);
- assert(plen <= mlen);
- if (plen > t0len) {
- lbnZero_16(BIGLITTLE(t0-t0len,t0+t0len), plen-t0len);
- t0len = plen;
- }
- cy = lbnAddN_16(t0, p, plen);
- if (cy) {
- if (t0len > plen) {
- cy = lbnAdd1_16(BIGLITTLE(t0-plen,t0+plen),
- t0len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t0[-t0len-1],t0[t0len]) = cy;
- t0len++;
- }
- }
-
- /* if (a <= 1) return a ? t0 : FAIL; */
- if (alen <= 1 && BIGLITTLE(a[-1],a[0]) == (BNWORD16)1) {
- if (alen == 0)
- goto failure; /* FAIL */
- assert(t0len <= mlen);
- lbnCopy_16(a, t0, t0len);
- lbnZero_16(BIGLITTLE(a-t0len, a+t0len), mlen-t0len);
- goto success;
- }
-
- /* q = b / a; b = b % a; */
- if (blen < alen || (blen == alen && lbnCmp_16(b, a, alen) < 0))
- assert(0);
- cy = lbnDiv_16(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- *(BIGLITTLE(b-blen-1,b+blen)) = cy;
- plen = lbnNorm_16(BIGLITTLE(b-alen,b+alen), blen-alen+1);
- assert(plen);
- blen = lbnNorm_16(b, alen);
- if (!blen)
- goto failure; /* GCD not 1 */
-
- /* t1 += q * t0; */
- assert(plen+t0len <= mlen+1);
- lbnMul_16(p, BIGLITTLE(b-alen,b+alen), plen, t0, t0len);
- plen = lbnNorm_16(p, plen + t0len);
- assert(plen <= mlen);
- if (plen > t1len) {
- lbnZero_16(BIGLITTLE(t1-t1len,t1+t1len), plen-t1len);
- t1len = plen;
- }
- cy = lbnAddN_16(t1, p, plen);
- if (cy) {
- if (t1len > plen) {
- cy = lbnAdd1_16(BIGLITTLE(t1-plen,t0+plen),
- t1len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t1[-t1len-1],t1[t1len]) = cy;
- t1len++;
- }
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
-
- if (!blen)
- goto failure; /* gcd(a, mod) != 1 -- FAIL */
-
- /* return mod-t1 */
- lbnCopy_16(a, mod, mlen);
- assert(t1len <= mlen);
- cy = lbnSubN_16(a, t1, t1len);
- if (cy) {
- assert(mlen > t1len);
- cy = lbnSub1_16(BIGLITTLE(a-t1len, a+t1len), mlen-t1len, cy);
- assert(!cy);
- }
-
-success:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 0;
-
-failure: /* GCD is not 1 - no inverse exists! */
- y = 1;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return y;
-}
-
-/*
- * Precompute powers of "a" mod "mod". Compute them every "bits"
- * for "n" steps. This is sufficient to compute powers of g with
- * exponents up to n*bits bits long, i.e. less than 2^(n*bits).
- *
- * This assumes that the caller has already initialized "array" to point
- * to "n" buffers of size "mlen".
- */
-int
-lbnBasePrecompBegin_16(BNWORD16 **array, unsigned n, unsigned bits,
- BNWORD16 const *g, unsigned glen, BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *a, *b; /* Temporary double-width accumulators */
- BNWORD16 *a1; /* Pointer to high half of a*/
- BNWORD16 inv; /* Montgomery inverse of LSW of mod */
- BNWORD16 *t;
- unsigned i;
-
- glen = lbnNorm_16(g, glen);
- assert(glen);
-
- assert (mlen == lbnNorm_16(mod, mlen));
- assert (glen <= mlen);
-
- /* Allocate two temporary buffers, and the array slots */
- LBNALLOC(a, BNWORD16, mlen*2);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, mlen*2);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Okay, all ready */
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_16(inv);
- /* Move g up "mlen" words into a (clearing the low mlen words) */
- a1 = BIGLITTLE(a-mlen,a+mlen);
- lbnCopy_16(a1, g, glen);
- lbnZero_16(a, mlen);
-
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_16(a1, a, mlen+glen, mod, mlen);
-
- /* Copy the first value into the array */
- t = *array;
- lbnCopy_16(t, a, mlen);
- a1 = a; /* This first value is *not* shifted up */
-
- /* Now compute the remaining n-1 array entries */
- assert(bits);
- assert(n);
- while (--n) {
- i = bits;
- do {
- /* Square a1 into b1 */
- lbnMontSquare_16(b, a1, mod, mlen, inv);
- t = b; b = a; a = t;
- a1 = BIGLITTLE(a-mlen, a+mlen);
- } while (--i);
- t = *++array;
- lbnCopy_16(t, a1, mlen);
- }
-
- /* Hooray, we're done. */
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return 0;
-}
-
-/*
- * result = base^exp (mod mod). "array" is a an array of pointers
- * to procomputed powers of base, each 2^bits apart. (I.e. array[i]
- * is base^(2^(i*bits))).
- *
- * The algorithm consists of:
- * a = b = (powers of g to be raised to the power 2^bits-1)
- * a *= b *= (powers of g to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of g to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnBasePrecompExp_16(BNWORD16 *result, BNWORD16 const * const *array,
- unsigned bits, BNWORD16 const *exp, unsigned elen,
- BNWORD16 const *mod, unsigned mlen)
-{
- BNWORD16 *a, *b, *c, *t;
- BNWORD16 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD16 const *eptr; /* Pointer into exp */
- BNWORD16 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD16 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
-
- mlen = lbnNorm_16(mod, mlen);
- assert (mlen);
-
- elen = lbnNorm_16(exp, elen);
- if (!elen) {
- lbnZero_16(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD16, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD16, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD16, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Set up bit buffer for walking the exponent */
- eptr = exp;
- buf = BIGLITTLE(*--eptr, *eptr++);
- ewords = elen-1;
- bufbits = 16;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 16;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD16 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_16(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_16(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_16(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_16(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_16(a, a1, mlen);
- lbnZero_16(a1, mlen);
- lbnMontReduce_16(a, mod, mlen, inv);
- lbnCopy_16(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
-
-/*
- * result = base1^exp1 *base2^exp2 (mod mod). "array1" and "array2" are
- * arrays of pointers to procomputed powers of the corresponding bases,
- * each 2^bits apart. (I.e. array1[i] is base1^(2^(i*bits))).
- *
- * Bits must be the same in both. (It could be made adjustable, but it's
- * a bit of a pain. Just make them both equal to the larger one.)
- *
- * The algorithm consists of:
- * a = b = (powers of base1 and base2 to be raised to the power 2^bits-1)
- * a *= b *= (powers of base1 and base2 to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of base1 and base2 to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnDoubleBasePrecompExp_16(BNWORD16 *result, unsigned bits,
- BNWORD16 const * const *array1, BNWORD16 const *exp1, unsigned elen1,
- BNWORD16 const * const *array2, BNWORD16 const *exp2,
- unsigned elen2, BNWORD16 const *mod, unsigned mlen)
-{
- BNWORD16 *a, *b, *c, *t;
- BNWORD16 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j, k; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD16 const *eptr; /* Pointer into exp */
- BNWORD16 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD16 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
- BNWORD16 const * const *array;
-
- mlen = lbnNorm_16(mod, mlen);
- assert (mlen);
-
- elen1 = lbnNorm_16(exp1, elen1);
- if (!elen1) {
- return lbnBasePrecompExp_16(result, array2, bits, exp2, elen2,
- mod, mlen);
- }
- elen2 = lbnNorm_16(exp2, elen2);
- if (!elen2) {
- return lbnBasePrecompExp_16(result, array1, bits, exp1, elen1,
- mod, mlen);
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen1);
- assert(elen2);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD16, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD16, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD16, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Walk each exponent in turn */
- for (k = 0; k < 2; k++) {
- /* Set up the exponent for walking */
- array = k ? array2 : array1;
- eptr = k ? exp2 : exp1;
- ewords = (k ? elen2 : elen1) - 1;
- /* Set up bit buffer for walking the exponent */
- buf = BIGLITTLE(*--eptr, *eptr++);
- bufbits = 16;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 16;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD16 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_16(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_16(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_16(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_16(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_16(a, a1, mlen);
- lbnZero_16(a1, mlen);
- lbnMontReduce_16(a, mod, mlen, inv);
- lbnCopy_16(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
-#endif
+++ /dev/null
-#ifndef LBN16_H
-#define LBN16_H
-
-#include "lbn.h"
-
-#ifndef BNWORD16
-#error 16-bit bignum library requires a 16-bit data type
-#endif
-
-#ifndef lbnCopy_16
-void lbnCopy_16(BNWORD16 *dest, BNWORD16 const *src, unsigned len);
-#endif
-#ifndef lbnZero_16
-void lbnZero_16(BNWORD16 *num, unsigned len);
-#endif
-#ifndef lbnNeg_16
-void lbnNeg_16(BNWORD16 *num, unsigned len);
-#endif
-
-#ifndef lbnAdd1_16
-BNWORD16 lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry);
-#endif
-#ifndef lbnSub1_16
-BNWORD16 lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow);
-#endif
-
-#ifndef lbnAddN_16
-BNWORD16 lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len);
-#endif
-#ifndef lbnSubN_16
-BNWORD16 lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len);
-#endif
-
-#ifndef lbnCmp_16
-int lbnCmp_16(BNWORD16 const *num1, BNWORD16 const *num2, unsigned len);
-#endif
-
-#ifndef lbnMulN1_16
-void lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-#ifndef lbnMulAdd1_16
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-#ifndef lbnMulSub1_16
-BNWORD16 lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-
-#ifndef lbnLshift_16
-BNWORD16 lbnLshift_16(BNWORD16 *num, unsigned len, unsigned shift);
-#endif
-#ifndef lbnDouble_16
-BNWORD16 lbnDouble_16(BNWORD16 *num, unsigned len);
-#endif
-#ifndef lbnRshift_16
-BNWORD16 lbnRshift_16(BNWORD16 *num, unsigned len, unsigned shift);
-#endif
-
-#ifndef lbnMul_16
-void lbnMul_16(BNWORD16 *prod, BNWORD16 const *num1, unsigned len1,
- BNWORD16 const *num2, unsigned len2);
-#endif
-#ifndef lbnSquare_16
-void lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len);
-#endif
-
-#ifndef lbnNorm_16
-unsigned lbnNorm_16(BNWORD16 const *num, unsigned len);
-#endif
-#ifndef lbnBits_16
-unsigned lbnBits_16(BNWORD16 const *num, unsigned len);
-#endif
-
-#ifndef lbnExtractBigBytes_16
-void lbnExtractBigBytes_16(BNWORD16 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertBigytes_16
-void lbnInsertBigBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnExtractLittleBytes_16
-void lbnExtractLittleBytes_16(BNWORD16 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertLittleBytes_16
-void lbnInsertLittleBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-
-#ifndef lbnDiv21_16
-BNWORD16 lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d);
-#endif
-#ifndef lbnDiv1_16
-BNWORD16 lbnDiv1_16(BNWORD16 *q, BNWORD16 *rem,
- BNWORD16 const *n, unsigned len, BNWORD16 d);
-#endif
-#ifndef lbnModQ_16
-unsigned lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d);
-#endif
-#ifndef lbnDiv_16
-BNWORD16
-lbnDiv_16(BNWORD16 *q, BNWORD16 *n, unsigned nlen, BNWORD16 *d, unsigned dlen);
-#endif
-
-#ifndef lbnMontInv1_16
-BNWORD16 lbnMontInv1_16(BNWORD16 const x);
-#endif
-#ifndef lbnMontReduce_16
-void lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned const mlen,
- BNWORD16 inv);
-#endif
-#ifndef lbnToMont_16
-void lbnToMont_16(BNWORD16 *n, unsigned nlen, BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnFromMont_16
-void lbnFromMont_16(BNWORD16 *n, BNWORD16 *mod, unsigned len);
-#endif
-
-#ifndef lbnExpMod_16
-int lbnExpMod_16(BNWORD16 *result, BNWORD16 const *n, unsigned nlen,
- BNWORD16 const *exp, unsigned elen, BNWORD16 *mod, unsigned mlen);
-#endif
-#if 0
-#ifndef lbnDoubleExpMod_16
-int lbnDoubleExpMod_16(BNWORD16 *result,
- BNWORD16 const *n1, unsigned n1len, BNWORD16 const *e1, unsigned e1len,
- BNWORD16 const *n2, unsigned n2len, BNWORD16 const *e2, unsigned e2len,
- BNWORD16 *mod, unsigned mlen);
-#endif
-#endif
-#ifndef lbnTwoExpMod_16
-int lbnTwoExpMod_16(BNWORD16 *n, BNWORD16 const *exp, unsigned elen,
- BNWORD16 *mod, unsigned mlen);
-#endif
-#if 0
-#ifndef lbnGcd_16
-int lbnGcd_16(BNWORD16 *a, unsigned alen, BNWORD16 *b, unsigned blen,
- unsigned *rlen);
-#endif
-#ifndef lbnInv_16
-int lbnInv_16(BNWORD16 *a, unsigned alen, BNWORD16 const *mod, unsigned mlen);
-#endif
-
-int lbnBasePrecompBegin_16(BNWORD16 **array, unsigned n, unsigned bits,
- BNWORD16 const *g, unsigned glen, BNWORD16 *mod, unsigned mlen);
-int lbnBasePrecompExp_16(BNWORD16 *result, BNWORD16 const * const *array,
- unsigned bits, BNWORD16 const *exp, unsigned elen,
- BNWORD16 const *mod, unsigned mlen);
-int lbnDoubleBasePrecompExp_16(BNWORD16 *result, unsigned bits,
- BNWORD16 const * const *array1, BNWORD16 const *exp1, unsigned elen1,
- BNWORD16 const * const *array2, BNWORD16 const *exp2,
- unsigned elen2, BNWORD16 const *mod, unsigned mlen);
-#endif
-
-#endif /* LBN16_H */
+++ /dev/null
-/*
- * lbnarm.h - This file defines the interfaces to the ARM
- * assembly primitives. It is intended to be included in "lbn.h"
- * via the "#include BNINCLUDE" mechanism.
- */
-
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned bnword32;
-#define BNWORD32 bnword32
-
-/* Function prototypes for the asm routines */
-void
-lbnMulN1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulN1_32 lbnMulN1_32
-
-bnword32
-lbnMulAdd1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-
-/* Not implemented yet */
-bnword32
-lbnMulSub1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-#if __GNUC__ && 0
-/*
- * Use the (massively cool) GNU inline-assembler extension to define
- * inline expansions for various operations.
- *
- * The massively cool part is that the assembler can have inputs
- * and outputs, and you specify the operands and which effective
- * addresses are legal and they get substituted into the code.
- * (For example, some of the code requires a zero. Rather than
- * specify an immediate constant, the expansion specifies an operand
- * of zero which can be in various places. This lets GCC use an
- * immediate zero, or a register which contains zero if it's available.)
- *
- * The syntax is asm("asm_code" : outputs : inputs : trashed)
- * %0, %1 and so on in the asm code are substituted by the operands
- * in left-to-right order (outputs, then inputs).
- * The operands contain constraint strings and values to use.
- * Outputs must be lvalues, inputs may be rvalues. In the constraints:
- * "r" means that the operand may be in a register.
- * "=" means that the operand is assigned to.
- * "%" means that this operand and the following one may be
- * interchanged if desirable.
- * "&" means that this output operand is written before the input operands
- * are read, so it may NOT overlap with any input operands.
- * "0" and "1" mean that this operand may be in the same place as the
- * given operand.
- * Multiple sets of constraints may be listed, separated by commas.
- *
- * Note that ARM multi-precision multiply syntax lists destLo before destHi.
- * Also, the first source (%2) may not be the same as %0 or %1.
- * The second source, however, may be.
- */
-
-/* (ph<<32) + pl = x*y */
-#define mul32_ppmm(ph,pl,x,y) \
- __asm__("umull %1,%0,%2,%3" : "=&r,&r"(ph), "=&r,&r"(pl) \
- : "%r,%r"(x), "r0,r1"(y))
-
-/* (ph<<32) + pl = x*y + a */
-#define mul32_ppmma(ph,pl,x,y,a) \
- __asm__("umlal %1,%0,%2,%3" : "=&r"(ph), "=&r"(pl) \
- : "%r"(x), "r"(y), "0"(0), "1"(a))
-
-/* (ph<<32) + pl = x*y + a + b */
-/* %4 (a) may share a register with %0, but nothing else may. */
-#define mul32_ppmmaa(ph,pl,x,y,a,b) \
- __asm__("adds %1, %4, %5\n\t" \
- "movcc %0, #0\n\t" \
- "movcs %0, #1\n\t" \
- "umlal %1,%0,%2,%3" \
- : "=&r"(ph), "=&r"(pl) \
- : "%r"(x), "r"(y), "%r"(a), "r1"(b))
-
-#endif /* __GNUC__ */
+++ /dev/null
-@ lbnarm.s - 32-bit bignum primitives for ARM processors with 32x32-bit multiply
-@
-@ This uses the standard ARM calling convetion, which is that arguments
-@ are passed, and results returned, in r0..r3. r0..r3, r12 (IP) and r14 (LR)
-@ are volatile across the function; all others are callee-save.
-@ However, note that r14 (LR) is the return address, so it would be
-@ wise to save it somewhere before trashing it. Fortunately, there is
-@ a neat trick possible, in that you can pop LR from the stack straight
-@ into r15 (PC), effecting a return at the same time.
-@
-@ Also, r13 (SP) is probably best left alone, and r15 (PC) is obviously
-@ reserved by hardware. Temps should use lr, then r4..r9 in order.
-
- .text
- .align 2
-
-@ out[0..len] = in[0..len-1] * k
-@ void lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
- .global lbnMulN1_32
- .type lbnMulN1_32, %function
-lbnMulN1_32:
- stmfd sp!, {r4, r5, lr}
- ldr lr, [r1], #4 @ lr = *in++
- umull r5, r4, lr, r3 @ (r4,r5) = lr * r3
- str r5, [r0], #4 @ *out++ = r5
- movs r2, r2, lsr #1
- bcc m32_even
- mov r5, r4 @ Get carry in the right register
- beq m32_done
-m32_loop:
- @ carry is in r5
- ldr lr, [r1], #4 @ lr = *in++
- mov r4, #0
- umlal r5, r4, lr, r3 @ (r4,r5) += lr * r3
- str r5, [r0], #4 @ *out++ = r5
-m32_even:
- @ carry is in r4
- ldr lr, [r1], #4 @ lr = *in++
- mov r5, #0
- umlal r4, r5, lr, r3 @ (r5,r4) += lr * r3
- subs r2, r2, #1
- str r4, [r0], #4 @ *out++ = r4
-
- bne m32_loop
-m32_done:
- str r5, [r0, #0] @ store carry
- ldmfd sp!, {r4, r5, pc}
- .size lbnMulN1_32, .-lbnMulN1_32
-
-@ out[0..len-1] += in[0..len-1] * k, return carry
-@ BNWORD32
-@ lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-
- .global lbnMulAdd1_32
- .type lbnMulAdd1_32, %function
-lbnMulAdd1_32:
- stmfd sp!, {r4, r5, lr}
-
- mov r4, #0
- ldr lr, [r1], #4 @ lr = *in++
- ldr r5, [r0, #0] @ r5 = *out
- mov r4, #0
- umlal r5, r4, lr, r3 @ (r4,r5) += lr * r3
- str r5, [r0], #4 @ *out++ = r5
- movs r2, r2, lsr #1
- bcc ma32_even
- beq ma32_done
-ma32_loop:
- @ carry is in r4
- ldr lr, [r1], #4 @ lr = *in++
- mov r5, #0
- umlal r4, r5, lr, r3 @ (r5,r4) += lr * r3
- ldr lr, [r0, #0] @ lr = *out
- adds lr, lr, r4 @ lr += product.low
- str lr, [r0], #4 @ *out++ = lr
- adc r4, r5, #0 @ Compute carry and move back to r4
-ma32_even:
- @ another unrolled copy
- ldr lr, [r1], #4 @ lr = *in++
- mov r5, #0
- umlal r4, r5, lr, r3 @ (r5,r4) += lr * r3
- ldr lr, [r0, #0] @ lr = *out
- adds lr, lr, r4 @ lr += product.low
- adc r4, r5, #0 @ Compute carry and move back to r4
- str lr, [r0], #4 @ *out++ = lr
- subs r2, r2, #1
-
- bne ma32_loop
-ma32_done:
- mov r0, r4
- ldmfd sp!, {r4, r5, pc}
- .size lbnMulAdd1_32, .-lbnMulAdd1_32
-
-@@@ This is a bit messy... punt for now...
-@ out[0..len-1] -= in[0..len-1] * k, return carry (borrow)
-@ BNWORD32
-@ lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
- .global lbnMulSub1_32
- .type lbnMulSub1_32, %function
-lbnMulSub1_32:
- stmfd sp!, {r4, r5, lr}
-
- mov r4, #0
- mov r5, #0
- ldr lr, [r1], #4 @ lr = *in++
- umull r4, r5, lr, r3 @ (r5,r4) = lr * r3
- ldr lr, [r0, #0] @ lr = *out
- subs lr, lr, r4 @ lr -= product.low
- str lr, [r0], #4 @ *out++ = lr
- addcc r5, r5, #1 @ propagate carry
-
- movs r2, r2, lsr #1
- bcc ms32_even
- mov r4, r5
- beq ms32_done
-ms32_loop:
- @ carry is in r4
- ldr lr, [r1], #4 @ lr = *in++
- mov r5, #0
- umlal r4, r5, lr, r3 @ (r5,r4) += lr * r3
- ldr lr, [r0, #0] @ lr = *out
- subs lr, lr, r4 @ lr -= product.low
- str lr, [r0], #4 @ *out++ = lr
- addcc r5, r5, #1 @ propagate carry
-ms32_even:
- @ carry is in r5
- ldr lr, [r1], #4 @ lr = *in++
- mov r4, #0
- umlal r5, r4, lr, r3 @ (r4,r5) += lr * r3
- ldr lr, [r0, #0] @ lr = *out
- subs lr, lr, r5 @ lr -= product.low
- str lr, [r0], #4 @ *out++ = lr
- addcc r4, r4, #1 @ Propagate carry
-
- subs r2, r2, #1
- bne ms32_loop
-ms32_done:
- mov r0, r4
- ldmfd sp!, {r4, r5, pc}
-
- .size lbnMulSub1_32, .-lbnMulSub1_32
-
-@@
-@@ It's possible to eliminate the store traffic by doing the multiplies
-@@ in a different order, forming all the partial products in one column
-@@ at a time. But it requires 32x32 + 64 -> 65-bit MAC. The
-@@ ARM has the MAC, but no carry out.
-@@
-@@ The question is, is it faster to do the add directly (3 instructions),
-@@ or can we compute the carry out in 1 instruction (+1 to do the add)?
-@@ Well... it takes at least 1 instruction to copy the original accumulator,
-@@ out of the way, and 1 to do a compare, so no.
-@@
-@@ Now, the overall loop... this is an nxn->2n multiply. For i=0..n-1,
-@@ we sum i+1 multiplies in each (plus the carry in from the
-@@ previous one). For i = n..2*n-1 we sum 2*n-1-i, plus the previous
-@@ carry.
-@@
-@@ This "non-square" structure makes things more complicated.
-@@
-@@ void
-@@ lbnMulX_32(BNWORD32 *prod, BNWORD32 const *num1, BNWORD32 const *num2,
-@@ unsigned len)
-@ .global lbnMulX_32
-@ .type lbnMulX_32, %function
-@lbnMulX_32:
-@ stmfd sp!, {r4, r5, r6, r7, lr}
-@
-@ mov r4, #0
-@ mov r5, #0
-@ mov r0, r4
-@ ldmfd sp!, {r4, r5, pc}
-@ .size lbnMulX_32, .-lbnMulX_32
+++ /dev/null
-/*
- * lbnmem.c - low-level bignum memory handling.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- *
- * Note that in all cases, the pointers passed around
- * are pointers to the *least* significant end of the word.
- * On big-endian machines, these are pointers to the *end*
- * of the allocated range.
- *
- * BNSECURE is a simple level of security; for more security
- * change these function to use locked unswappable memory.
- */
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_STDLIB_H
-#include <stdlib.h> /* For malloc() & co. */
-#else
-void *malloc();
-void *realloc();
-void free();
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memset */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#ifndef DBMALLOC
-#define DBMALLOC 0
-#endif
-#if DBMALLOC
-/* Development debugging */
-#include "../dbmalloc/malloc.h"
-#endif
-
-#include "lbn.h"
-#include "lbnmem.h"
-
-#include "kludge.h"
-
-#ifndef lbnMemWipe
-void
-lbnMemWipe(void *ptr, unsigned bytes)
-{
- memset(ptr, 0, bytes);
-}
-#define lbnMemWipe(ptr, bytes) memset(ptr, 0, bytes)
-#endif
-
-#ifndef lbnMemAlloc
-void *
-lbnMemAlloc(unsigned bytes)
-{
- return malloc(bytes);
-}
-#define lbnMemAlloc(bytes) malloc(bytes)
-#endif
-
-#ifndef lbnMemFree
-void
-lbnMemFree(void *ptr, unsigned bytes)
-{
- lbnMemWipe(ptr, bytes);
- free(ptr);
-}
-#endif
-
-#if 0
-#ifndef lbnRealloc
-#if defined(lbnMemRealloc) || !BNSECURE
-void *
-lbnRealloc(void *ptr, unsigned oldbytes, unsigned newbytes)
-{
- if (ptr) {
- BIG(ptr = (char *)ptr - oldbytes;)
- if (newbytes < oldbytes)
- memmove(ptr, (char *)ptr + oldbytes-newbytes, oldbytes);
- }
-#ifdef lbnMemRealloc
- ptr = lbnMemRealloc(ptr, oldbytes, newbytes);
-#else
- ptr = realloc(ptr, newbytes);
-#endif
- if (ptr) {
- if (newbytes > oldbytes)
- memmove((char *)ptr + newbytes-oldbytes, ptr, oldbytes);
- BIG(ptr = (char *)ptr + newbytes;)
- }
-
- return ptr;
-}
-
-#else /* BNSECURE */
-
-void *
-lbnRealloc(void *oldptr, unsigned oldbytes, unsigned newbytes)
-{
- void *newptr = lbnMemAlloc(newbytes);
-
- if (!newptr)
- return newptr;
- if (!oldptr)
- return BIGLITTLE((char *)newptr+newbytes, newptr);
-
- /*
- * The following copies are a bit non-obvious in the big-endian case
- * because one of the pointers points to the *end* of allocated memory.
- */
- if (newbytes > oldbytes) { /* Copy all of old into part of new */
- BIG(newptr = (char *)newptr + newbytes;)
- BIG(oldptr = (char *)oldptr - oldbytes;)
- memcpy(BIGLITTLE((char *)newptr-oldbytes, newptr), oldptr,
- oldbytes);
- } else { /* Copy part of old into all of new */
- memcpy(newptr, BIGLITTLE((char *)oldptr-newbytes, oldptr),
- newbytes);
- BIG(newptr = (char *)newptr + newbytes;)
- BIG(oldptr = (char *)oldptr - oldbytes;)
- }
-
- lbnMemFree(oldptr, oldbytes);
-
- return newptr;
-}
-#endif /* BNSECURE */
-#endif /* !lbnRealloc */
-#endif
+++ /dev/null
-/*
- * Operations on the usual buffers of bytes
- */
-#ifndef BNSECURE
-#define BNSECURE 1
-#endif
-
-/*
- * These operations act on buffers of memory, just like malloc & free.
- * One exception: it is not legal to pass a NULL pointer to lbnMemFree.
- */
-
-#ifndef lbnMemAlloc
-void *lbnMemAlloc(unsigned bytes);
-#endif
-
-#ifndef lbnMemFree
-void lbnMemFree(void *ptr, unsigned bytes);
-#endif
-
-/* This wipes out a buffer of bytes if necessary needed. */
-
-#ifndef lbnMemWipe
-#if BNSECURE
-void lbnMemWipe(void *ptr, unsigned bytes);
-#else
-#define lbnMemWipe(ptr, bytes) (void)(ptr,bytes)
-#endif
-#endif /* !lbnMemWipe */
-
-/*
- * lbnRealloc is NOT like realloc(); it's endian-sensitive!
- * If lbnMemRealloc is #defined, lbnRealloc will be defined in terms of it.
- * It is legal to pass a NULL pointer to lbnRealloc, although oldbytes
- * will always be sero.
- */
-#ifndef lbnRealloc
-void *lbnRealloc(void *ptr, unsigned oldbytes, unsigned newbytes);
-#endif
-
-
-/*
- * These macros are the ones actually used most often in the math library.
- * They take and return pointers to the *end* of the given buffer, and
- * take sizes in terms of words, not bytes.
- *
- * Note that LBNALLOC takes the pointer as an argument instead of returning
- * the value.
- *
- * Note also that these macros are only useable if you have included
- * lbn.h (for the BIG and BIGLITTLE macros), which this file does NOT include.
- */
-
-#define LBNALLOC(p,type,words) BIGLITTLE( \
- if ( ((p) = (type *)lbnMemAlloc((words)*sizeof*(p))) != 0) \
- (p) += (words), \
- (p) = (type *)lbnMemAlloc((words) * sizeof*(p)) \
- )
-#define LBNFREE(p,words) lbnMemFree((p) BIG(-(words)), (words) * sizeof*(p))
-#define LBNREALLOC(p,old,new) \
- lbnRealloc(p, (old) * sizeof*(p), (new) * sizeof*(p))
-#define LBNWIPE(p,words) lbnMemWipe((p) BIG(-(words)), (words) * sizeof*(p))
-
+++ /dev/null
-#include <stdint.h>
-#include <stdio.h>
-#include <string.h>
-#include <assert.h>
-
-#define DEBUG 0
-
-/*
- * For code size reasons, this doesn't even try to support
- * input sizes >= 2^32 bits = 2^29 bytes
- */
-struct sha256_state {
- uint32_t iv[8]; /* a, b, c, d, e, f, g, h */
- uint32_t w[64]; /* Fill in first 16 with ntohl(input) */
- uint32_t bytes;
-};
-
-/* Rotate right macro. GCC can usually get this right. */
-#define ROTR(x,s) ((x)>>(s) | (x)<<(32-(s)))
-
-#if 1
-/*
- * An implementation of SHA-256 for register-starved architectures like
- * x86 or perhaps the MSP430. (Although the latter's lack of a multi-bit
- * shifter will doom its performance no matter what.)
- * This code is also quite small.
- *
- * If you have 12 32-bit registers to work with, loading the 8 state
- * variables into registers is probably faster. If you have 28 registers
- * or so, you can put the input block into registers as well.
- *
- * The key idea is to notice that each round consumes one word from the
- * key schedule w[i], computes a new a, and shifts all the other state
- * variables down one position, discarding the old h.
- *
- * So if we store the state vector in reverse order h..a, immediately
- * before w[i], then a single base pointer can be incremented to advance
- * to the next round.
- */
-void
-sha256_transform(uint32_t p[76])
-{
- static uint32_t const k[64] = {
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b,
- 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01,
- 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
- 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
- 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152,
- 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
- 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc,
- 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819,
- 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08,
- 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f,
- 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
- 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
- };
- /*
- * Look, ma, only 6 local variables including p!
- * Too bad they're so overloaded it's impossible to give them
- * meaningful names.
- */
- register uint32_t const *kp;
- register uint32_t a, s, t, u;
-
- /* Step 1: Expand the 16 words of w[], at p[8..23] into 64 words */
- for (u = 8; u < 8+64-16; u++) {
- /* w[i] = s1(w[i-2]) + w[i-7] + s0(w[i-15]) + w[i-16] */
- /* Form s0(x) = (x >>> 7) ^ (x >>> 18) ^ (x >> 3) */
- s = t = p[u+1];
- s = ROTR(s, 18-7);
- s ^= t;
- s = ROTR(s, 7);
- s ^= t >> 3;
- /* Form s1(x) = (x >>> 17) ^ (x >>> 19) ^ (x >> 10) */
- a = t = p[u+14];
- a = ROTR(a, 19-17);
- a ^= t;
- a = ROTR(a, 17);
- a ^= t >> 10;
-
- p[u+16] = s + a + p[u] + p[u+9];
- }
-
- /* Step 2: Copy the initial values of d, c, b, a out of the way */
- p[72] = p[4];
- p[73] = p[5];
- p[74] = p[6];
- p[75] = a = p[7];
-
- /*
- * Step 3: The big loop.
- * We maintain p[0..7] = h..a, and p[8] is w[i]
- */
- kp = k;
-
- do {
- /* T1 = h + S1(e) + Ch(e,f,g) + k[i] + w[i] */
- /* Form Ch(e,f,g) = g ^ (e & (f ^ g)) */
- s = t = p[1]; /* g */
- s ^= p[2]; /* f ^ g */
- s &= u = p[3]; /* e & (f ^ g) */
- s ^= t;
- /* Form S1(e) = (e >>> 6) ^ (e >>> 11) ^ (e >>> 25) */
- t = u;
- u = ROTR(u, 25-11);
- u ^= t;
- u = ROTR(u, 11-6);
- u ^= t;
- u = ROTR(u, 6);
- s += u;
- /* Now add other things to t1 */
- s += p[0] + p[8] + *kp; /* h + w[i] + kp[i] */
- /* Round function: e = d + T1 */
- p[4] += s;
- /* a = t1 + (t2 = S0(a) + Maj(a,b,c) */
- /* Form S0(a) = (a >>> 2) ^ (a >>> 13) ^ (a >>> 22) */
- t = a;
- t = ROTR(t, 22-13);
- t ^= a;
- t = ROTR(t, 13-2);
- t ^= a;
- t = ROTR(t, 2);
- s += t;
- /* Form Maj(a,b,c) = (a & b) + (c & (a ^ b)) */
- t = a;
- u = p[6]; /* b */
- a ^= u; /* a ^ b */
- u &= t; /* a & b */
- a &= p[5]; /* c & (a + b) */
- s += u;
- a += s; /* Sum final result into a */
-
- /* Now store new a on top of w[i] and shift... */
- p[8] = a;
- p++;
-#if DEBUG
- /* If debugging, print out the state variables each round */
- printf("%2u:", kp-k);
- for (t = 8; t--; )
- printf(" %08x", p[t]);
- putchar('\n');
-#endif
- } while (++kp != k+64);
-
- /* Now, do the final summation. */
- p -= 64;
- /*
- * Now, the final h..a are in p[64..71], and the initial values
- * are in p[0..7]. Except that p[4..7] got trashed in the loop
- * above, so use the copies we made.
- */
- p[0] += p[64];
- p[1] += p[65];
- p[2] += p[66];
- p[3] += p[67];
- p[4] = p[68] + p[72];
- p[5] = p[69] + p[73];
- p[6] = p[70] + p[74];
- p[7] = a + p[75];
-}
-
-#else
-
-/* A space-optimized ARM assembly implementation */
-void sha256_transform(uint32_t p[8+64]);
-
-#endif
-
-/* Initial values H0..H7 for SHA-256, and SHA-224. */
-static uint32_t const sha256_iv[8] = {
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
- 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
-};
-#if 0
-static uint32_t const sha224_iv[8] = {
- 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
- 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
-};
-#endif
-
-void
-sha256_begin(struct sha256_state *s)
-{
- memcpy(s->iv, sha256_iv, sizeof sha256_iv);
- s->bytes = 0;
-}
-
-#include <netinet/in.h> /* For ntohl, htonl */
-
-void
-sha256_hash(unsigned char const *data, size_t len, struct sha256_state *s)
-{
- unsigned space = 64 - (unsigned)s->bytes % 64;
- unsigned i;
-
- s->bytes += len;
-
- while (len >= space) {
- memcpy((unsigned char *)s->w + 64 - space, data, space);
- len -= space;
- space = 64;
- for (i = 0; i < 16; i++)
- s->w[i] = ntohl(s->w[i]);
- sha256_transform(s->iv);
- }
- memcpy((unsigned char *)s->w + 64 - space, data, len);
-}
-
-void
-sha256_end(unsigned char hash[32], struct sha256_state *s)
-{
- static unsigned char const padding[64] = { 0x80, 0, 0 /* ,... */ };
- uint32_t bytes = s->bytes;
- unsigned i;
-
- /* Add trailing bit padding. */
- sha256_hash(padding, 64 - ((bytes+8) & 63), s);
- assert(s->bytes % 64 == 56);
-
- /* Byte-swap and hash final block */
- for (i = 0; i < 14; i++)
- s->w[i] = ntohl(s->w[i]);
- s->w[14] = 0; /* We don't even try */
- s->w[15] = s->bytes << 3;
- sha256_transform(s->iv);
-
- for (i = 0; i < 8; i++)
- s->iv[i] = htonl(s->iv[i]);
- memcpy(hash, s->iv, sizeof s->iv);
- memset(s, 0, sizeof *s); /* Good cryptographic hygiene */
-}
-
-void
-sha256(unsigned char hash[32], const unsigned char *data, size_t len)
-{
- struct sha256_state s;
- sha256_begin(&s);
- sha256_hash(data, len, &s);
- sha256_end(hash, &s);
-}
+++ /dev/null
-@ ARM procedure call convention:
-@ r0..r3, r12 (ip) and r14 (lr) are volatile. Args are passed in r0..r3,
-@ and the return address in r14.
-@
-@ All other registers must be preserved by the callee. r13 (sp) and r15 (pc)
-@ are as expected.
-@
-@ The usual convention is to push all the needed registers, including r14,
-@ on the stack, and the restore them at the end, but to r15 rather than r14.
-@ This, however, WILL NOT WORK for Thumb code. You have to use the "bx"
-@ instruction for that, so you need one more trailing instruction.
-
- .text
- .align 2
- .type k_table, %object
-k_table:
- .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b
- .word 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01
- .word 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7
- .word 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
- .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152
- .word 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147
- .word 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc
- .word 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
- .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819
- .word 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08
- .word 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f
- .word 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
- .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
- .size k_table, .-k_table
-
-@ We use 13 local variables:
-pp .req r0 @ The argument, points to the IV and w[] space
-aa .req r1 @ Working variable.
-bb .req r2
-cc .req r3
-dd .req r4
-ee .req r5
-ff .req r6
-gg .req r7
-hh .req r8
-ii .req r9 @ Loop index
-tt .req r10 @ General purpose temp
-kk .req r11 @ k+64 (k_table+256)
-ww .req r12 @ Actually, w+64 much of the time
-@ We could use r14 as well, but don't need to.
-@ (The names are doubled because a sigle b is "branch"!
-@
-@ This function takes a pointer to an array of 72 32-bit words:
-@ The first 8 are the state vector a..h
-@ The next 16 are the input data words w[0..15], in native byte order.
-@ The next 48 are used to hold the rest of the key schedule w[16..63].
-
- .global sha256_transform
- .type sha256_transform, %function
-sha256_transform:
- stmfd sp!, {r4,r5,r6,r7,r8,r9,r10,r11}
- add ww, pp, #4*(8+16) @ w + 16 = p + 8 + 16
- mov ii, #64-16 @ loop counter
-
- @ Fill in words 16..63 of the w[] array, at p+24..p+71
-1:
- @ ww[i] = w[i-16] + s0(w[i-15]) + w[i-7] + s1(w[i-2])
- ldr aa, [ww, #-64] @ a = w[i-16]
- ldr bb, [ww, #-60] @ b = w[i-15]
- ldr cc, [ww, #-28] @ c = w[i-7]
- add aa, aa, cc @ a += c (= w[i-7])
-
- @ s0(x) = (x >>> 7) ^ (x >>> 18) ^ (x >> 3)
- mov cc, bb, ror #18 @ c = b>>>18
- eor cc, cc, bb, ror #7 @ c ^= b>>>7
- eor cc, cc, bb, lsr #3 @ c ^= b>>3
- ldr bb, [ww, #-8] @ b = w[i-2]
- add aa, aa, cc @ a += c (= s0(w[i-15]))
- @ s1(x) = (x >>> 17) ^ (x >>> 19) ^ (x >> 10)
- mov cc, bb, ror #19 @ c = b>>>19
- eor cc, cc, bb, ror #17 @ c ^= b>>>17
- eor cc, cc, bb, lsr #10 @ c ^= b>>10
- add aa, aa, cc @ a += c (= s1(w[i-2]))
-
- subs ii, ii, #1 @ --i
- str aa, [ww], #4 @ w[i++] = a
- bne 1b
-
-
- @ The main loop. Arrays are indexed with i, which starts at -256
- @ and counts up to 0. In addition to t, we use h as a working
- @ variable for the first part of the loop, until doing the
- @ big register rotation, then a as a temp for the last part.
-
- ldmia pp, {aa,bb,cc,dd,ee,ff,gg,hh} @ Load a..h
- mov ii, #-256 @ i = -64 (*4 strength-reduced)
- adr kk, k_table+256 @ Load up r12 to the END of k
-2:
- @ t = h + S1(e) + Ch(e,f,g) + k[i] + w[i]
- @ Form t = Ch(e,f,g) = (g ^ (e & (f ^ g))
- eor tt, ff, gg @ t = f^g
- and tt, tt, ee @ t &= e
- eor tt, tt, gg @ t ^= g
-
- add tt, tt, hh @ t += h
-
- @ Form t += S1(e) = (e >>> 6) ^ (e >>> 11) ^ (e >>> 25)
- eor hh, ee, ee, ror #25-6 @ h = e ^ e>>>(25-6)
- eor hh, hh, ee, ror #11-6 @ h = h ^ e>>>(11-6)
- add tt, tt, hh, ror #6 @ t += h>>>6
-
- @ Add k[i] and w[i]. Note that -64 <= i < 0.
- ldr hh, [ww, ii] @ h = w[64+i]
- add tt, tt, hh
- ldr hh, [kk, ii] @ h = k[64+i]
- add tt, tt, hh
- adds ii, ii, #4 @ ++i (*4 strength-reduced)
-
- @ Copy (h,g,f,e,d,c,b) = (g,f,e,d+t1,c,b,a)
- @ This could be shrunk with aa big stm/ldm pair, but that
- @ seems terribly wasteful...
- mov hh, gg @ h = g
- mov gg, ff @ g = f
- mov ff, ee @ f = e
- add ee, dd, tt @ e = d + t
- mov dd, cc @ d = c
- mov cc, bb @ c = b
- mov bb, aa @ b = a
-
- @ a = t + S0(b) + Maj(b,c,d)
- @ Form t += S0(b) = (b >>> 2) ^ (b >>> 13) ^ (b >>> 22) */
- eor aa, bb, bb, ror #22-2 @ a = b ^ b>>>(22-2)
- eor aa, aa, bb, ror #13-2 @ a = a ^ b>>>(13-2)
- add tt, tt, aa, ror #2 @ t += a>>>2
-
- @ Form a = t + Maj(b,c,d) = (c & d) + (b & (c ^ d))
- and aa, cc, dd @ a = c & d
- add tt, tt, aa @ t += a
- eor aa, cc, dd @ a = c ^ d
- and aa, aa, bb @ a &= b
- add aa, aa, tt @ a += t
-
- bne 2b @ while (i != 0)
-
- @ Now, the final summation. Minimum code size is tricky...
- ldmia pp!, {ii,tt,kk,ww} @ Load old iv[0..3]
- add aa, aa, ii @ a += iv[0]
- add bb, bb, tt @ b += iv[1]
- add cc, cc, kk @ c += iv[2]
- add dd, dd, ww @ d += iv[3]
- ldmia pp!, {ii,tt,kk,ww} @ Load old iv[4..7]
- add ee, ee, ii @ e += iv[4]
- add ff, ff, tt @ f += iv[5]
- add gg, gg, kk @ g += iv[6]
- add hh, hh, ww @ h += iv[7]
- stmfd pp, {aa,bb,cc,dd,ee,ff,gg,hh} @ Store new iv[0..7]
-
- ldmfd sp!, {r4,r5,r6,r7,r8,r9,r10,r11}
- bx lr
-
- .size sha256_transform, .-sha256_transform
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn.c - the high-level bignum interface
- */
-
-#include "bn.h"
-
-/* Functions */
-void
-bnBegin(struct BigNum *bn)
-{
- static int bninit = 0;
-
- if (!bninit) {
- bnInit();
- bninit = 1;
- }
-
- bn->ptr = 0;
- bn->size = 0;
- bn->allocated = 0;
-}
-
-void
-bnSwap(struct BigNum *a, struct BigNum *b)
-{
- void *p;
- unsigned t;
-
- p = a->ptr;
- a->ptr = b->ptr;
- b->ptr = p;
-
- t = a->size;
- a->size = b->size;
- b->size = t;
-
- t = a->allocated;
- a->allocated = b->allocated;
- b->allocated = t;
-}
-
-int (*bnYield)(void);
-
-void (*bnEnd)(struct BigNum *bn);
-int (*bnPrealloc)(struct BigNum *bn, unsigned bits);
-int (*bnCopy)(struct BigNum *dest, struct BigNum const *src);
-void (*bnNorm)(struct BigNum *bn);
-void (*bnExtractBigBytes)(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len);
-int (*bnInsertBigBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-void (*bnExtractLittleBytes)(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len);
-int (*bnInsertLittleBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-unsigned (*bnLSWord)(struct BigNum const *src);
-int (*bnReadBit)(struct BigNum const *bn, unsigned bit);
-unsigned (*bnBits)(struct BigNum const *src);
-int (*bnAdd)(struct BigNum *dest, struct BigNum const *src);
-int (*bnSub)(struct BigNum *dest, struct BigNum const *src);
-int (*bnCmpQ)(struct BigNum const *a, unsigned b);
-int (*bnSetQ)(struct BigNum *dest, unsigned src);
-int (*bnAddQ)(struct BigNum *dest, unsigned src);
-int (*bnSubQ)(struct BigNum *dest, unsigned src);
-int (*bnCmp)(struct BigNum const *a, struct BigNum const *b);
-int (*bnSquare)(struct BigNum *dest, struct BigNum const *src);
-int (*bnMul)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int (*bnMulQ)(struct BigNum *dest, struct BigNum const *a, unsigned b);
-int (*bnDivMod)(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d);
-int (*bnMod)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-unsigned (*bnModQ)(struct BigNum const *src, unsigned d);
-int (*bnExpMod)(struct BigNum *result, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-int (*bnDoubleExpMod)(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-int (*bnTwoExpMod)(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-int (*bnGcd)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int (*bnInv)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-int (*bnLShift)(struct BigNum *dest, unsigned amt);
-void (*bnRShift)(struct BigNum *dest, unsigned amt);
-unsigned (*bnMakeOdd)(struct BigNum *n);
-int (*bnBasePrecompBegin)(struct BnBasePrecomp *pre, struct BigNum const *base,
- struct BigNum const *mod, unsigned maxebits);
-int (*bnBasePrecompCopy)(struct BnBasePrecomp *dst,
- struct BnBasePrecomp const *src);
-void (*bnBasePrecompEnd)(struct BnBasePrecomp *pre);
-int (*bnBasePrecompExpMod)(struct BigNum *dest,
- struct BnBasePrecomp const *pre, struct BigNum const *exp,
- struct BigNum const *mod);
-int (*bnDoubleBasePrecompExpMod)(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod);
+++ /dev/null
-* The BigNum multi-precision integer math library
-
-This is a multi-precision math library designed to be very portable,
-reasonably clean and easy to use, have very liberal bounds on the sizes
-of numbers that can be represented, but above all to perform extremely
-fast modular exponentiation. It has some limitations, such as
-representing positive numbers only, and supporting only odd moduli,
-which simplify it without impairing this ability.
-
-A second speed goal which has had considerable effort applied to it is
-prime number generation.
-
-Finally, while there is probably a long way to go in this direction,
-some effort has gone into commenting the code a lot more than seems to
-be fashionable among mathematicians.
-
-It is written in C, and should compile on any platform with an ANSI C
-compiler and 16 and 32-bit unsigned data types, but various primitives
-can be replaced with assembly versions in a great variety of ways for
-greater speedup. See "bnintern.doc" for a description.
-
-In case you're wondering, yes C++ would produce a much nicer syntax
-for working with these numbers, but there are a lot of compilers out
-there that actually implement ANSI C, and get it almost right. I have
-a few kludges to deal with some that get little things wrong, but
-overall it's not too difficult to write code that I can be sure
-will work on lots of machines. And porting it to a K&R C compiler,
-if it ever becomes necessary, shouldn't be all *that* difficult.
-
-The C++ compiler world is a less friendly place. First of all, C++
-compilers are still not as common as C compilers, so that hurts
-portability right there, and I don't need the extra power to write my
-code. C++ compilers all seem to have important bugs, and different
-bugs for each compiler. First I have to learn all the foibles of a
-whole lot of C++ compilers, and then I have write code that uses only
-the features that work in all of them. This is a language not a whole
-heck of a lot bigger than C.
-
-(The fact that it drives me *batty* the way that C++ drags *everything*
-into the same name space is also a contributing factor. I *like*
-writing "struct" (or "class") before structure names. I *like* putting
-"this->" in front of member references. It makes it clear to me, when
-reading a single line of code, roughly what is being affected by it and
-where I can find the relevant source code to find out more. I've seen
-people develop complicated naming conventions to make all this clear,
-but the conventions are still very much in flux.)
-
-Anyway...
-
-The main public interface is contained in the file bn.h. This is
-mostly a bunch of pointers to functions which start out uninitialized,
-but are set by bnInit() (which is called by bnBegin()).
-
-All of the public routines have names of the bnFunction variety.
-Some internal routines are lbnFunction, but you should never have to
-worry about those unless you're hacking with the code.
-
-The code uses the assert() macro a lot internally. If you do something
-you're not supposed to, you'll generally notice because an assert()
-will fail. The library does not have special error codes for division
-by zero or the like - it assert fails instead. Just don't do that.
-
-A BigNum is represented by a struct BigNum, which really doesn't
-need to be understood, but it often makes me feel better to understand
-what's going on, so here it is:
-
-#> struct BigNum {
-#> void *ptr;
-#> unsigned size; /* Note: in (variable-sized) words */
-#> unsigned allocated;
-#> };
-
-The pointer points to the least-significant end of an array of words which
-hold the number. The array contains "allocated" words, but only "size"
-of them are actually meaningful. The others may have any value.
-This is all of limited use because the size of a word is not specified.
-In fact, it can change at run time - if you run on an 8086 one day and an
-80386 the next, you may find the word size different.
-
-* Initialization
-
-The user of the library is responsible for allocating and freeing each
-struct BigNum. Usually they're just local variables. All the library
-functions take pointers to them. The first thing you need to do is
-initialize all the fields to empty, a zero-valued BigNum. This is done
-with the function bnBegin:
-#> void bnBegin(struct BigNum *bn);
-
-When you're done with a BigNum, call bnEnd to deallocate the data storage
-in preparation for deallocating the structure:
-#> void bnEnd(struct BigNum *bn);
-
-This resets the number to the 0 state. You can actually start using the
-number right away again, or call bnEnd again, so if you're really
-memory-conscious you might want to use this to free a large
-number you're done with this way before going on to use the buffer
-for smaller things.
-
-A simple assignment can be done with bnCopy.
-#> int bnCopy(struct BigNum *dest, struct BigNum const *src);
-
-This sets dest = src, and returns an error code. Most functions in the
-library do this, and return 0 on success and -1 if they were unable to
-allocate needed memory. If you're lazy and sure you'll never run out
-of memory, you can avoid checking this, but it's better to be
-paranoid. If a function returns -1, the what has happened to the
-destination values is undefined. They're usually unmodified, and
-they're always still valid BigNum numbers, but their values might be
-strange.
-
-In general, anywhere that follows, unless otherwise documented, assume
-that an "int" return value is 0 for success or -1 for error.
-
-A trivial little function which is sometimes handy, and quite cheap to
-execute (it just swaps the pointers) is:
-#> void bnSwap(struct BigNum *a, struct BigNum *b);
-
-* Input and output
-
-For now, the library only works with numbers in binary form - there's
-no way to get decimal numbers into or out of it. But it's pretty
-flexible on how it does that.
-
-The first function just sets a BigNum to have a small value. There are
-several such "quick" forms which work with "small" second operads.
-"Small" is defined as less than 65536, the minimum 16-bit word size
-supported by the library. The limit applies even if unsigned is larger
-or the library is compiled for a larger word size.
-#> int bnSetQ(struct BigNum *dest, unsigned src);
-
-This returns the usual -1 error if it couldn't allocate memory.
-
-There's also a function to determine the size of a BigNum, in bits.
-The size is the number of bits required to represent the number,
-0 if the number is 0, and floor(log2(src)) + 1 otherwise. E.g. 1 is
-the only 1-bit number, 2 and 3 are 2-bit numbers, etc.
-#> unsigned bnBits(struct BigNum const *src);
-
-If bnBits(src) <= 16, you can get the whole number with this function.
-If it's larger, you get the low k bits, where k is at least 16.
-(This doesn't bother masking if it's easy to return more, but you
-shouldn't rely on it.) Even that is useful for many things, like
-deciding if a number is even or odd.
-#> unsigned bnLSWord(struct BigNum const *src);
-
-For larger numbers, the format used by the library is an array of
-unsigned 8-bit bytes. These bytes may be in big-endian or little-endian
-order, and it's possible to examine or change just part of a number.
-The functions are:
-#> void bnExtractBigBytes(struct BigNum const *bn, unsigned char *dest,
-#> unsigned lsbyte, unsigned len);
-#> int bnInsertBigBytes(struct BigNum *bn, unsigned char const *src,
-#> unsigned lsbyte, unsigned len);
-#> void bnExtractLittleBytes(struct BigNum const *bn, unsigned char *dest,
-#> unsigned lsbyte, unsigned len);
-#> int bnInsertLittleBytes(struct BigNum *bn, unsigned char const *src,
-#> unsigned lsbyte, unsigned len);
-
-These move bytes between the BigNum and the buffer of 8-bit bytes. The
-Insert functions can allocate memory, so return an error code. The
-Extract functions always succeed.
-
-The buffer is encoded in base 256, with either the most significant
-byte (the Big functions) or the least significant byte (the Little
-functions) coming first. "len" is the length of the buffer, so the
-buffer always encodes a value between 0 and 256^len. (That's
-"to the power of", not "xor".)
-
-"lsbyte" gives the offset into the BigNum which is being worked with.
-This is usually zero, but you can, for example, read out a large
-BigNum in 32-byte chunks, using a len of 32 and an lsbyte of 0, 32,
-64, 96, etc.
-
-After these complete, the number encoded in the buffer will be
-equal to (bn / 256^lsbyte) % 256^len. The only difference between
-Insert and Extract is which is changed to match the other.
-
-* Simple math
-
-#> int bnAdd(struct BigNum *dest, struct BigNum const *src);
-#> int bnAddQ(struct BigNum *dest, unsigned src);
-
-These add dest += src. In the Q form, as mentioned above with bnSetQ,
-src must be < 65536. In either case, the functions can fail and return
--1, as usual.
-
-#> int bnSub(struct BigNum *dest, struct BigNum const *src);
-#> int bnSubQ(struct BigNum *dest, unsigned src);
-
-These subtract dest -= src. If this would make the result negative,
-dest is set to (src-dest) and a value of 1 is returned, so you can
-keep track of a separate sign if you need to. Otherwise, they return
-0 on success and -1 if they were unable to allocate needed memory.
-
-To make your life simpler if you are error checking, these four functions
-are guaranteed not to allocate memory unnecessarily. So if you know
-that the addition or subtraction you're doing won't produce a result
-larger than the input, and won't underflow either (like subtracting 1
-from an odd number or adding 1 to an even number), you can skip checking
-the error code.
-
-#> extern int (*bnCmp)(struct BigNum const *a, struct BigNum const *b);
-#> extern int (*bnCmpQ)(struct BigNum const *a, unsigned b);
-
-This returns the sign (-1, 0 or +1) of a-b. Another way of saying
-this is that a <=> b is the same as bnCmp(a, b) <=> 0, where "<=>"
-stands for one of <, <=, =, !=, >= or >. The bnCmpQ form is the same,
-but (as in all the Q functions) the second argument is a number < 65536.
-
-#> int bnSquare(struct BigNum *dest, struct BigNum const *src);
-
-This computes dest = src^2, returning an error if it ran out of memory.
-If you care about performance tuning, this slows down when dest and
-src are the same BigNum, since it needs to allocate a temporary buffer
-to do the work in. It does work, however.
-
-#> int bnMul(struct BigNum *dest, struct BigNum const *a,
-#> struct BigNum const *b);
-#> int bnMulQ(struct BigNum *dest, struct BigNum const *a, unsigned b);
-
-These compute dest = a * b, and work in the same way as bnSquare.
-(Including the fact that it's faster if dest is not the same as any of
-the inputs.) bnSquare is faster if a and b are the same. The second
-input operand to bnMulQ must be < 65536, like all the "Q" functions.
-
-#> int bnDivMod(struct BigNum *q, struct BigNum *r,
-#> struct BigNum const *n, struct BigNum const *d);
-
-This computes division with remainder, q = n/d and r = n%d. Don't
-pass in a zero d; it will blow up. In general, all of the values
-must be different (it will blow up if you try), but r and n may be the
-same.
-
-RE-ENTRANCY NOTE: This temporarily modifies the BigNum "d" internally,
-although it restores it before returning. If you're doing something
-multi-threaded, you can't share the d value between threads, even though
-it says "const". That's a safe assumption elsewhere, but this is an
-exception.
-
-That note also means that it's not safe to let n be the same as d,
-although that's such a stupid way to set q to 1 and r to 0 that
-I don't think it's worth worrying about. (I hope you understand that
-this doesn't mean that n and d can't have the same numerical value,
-just that they can't both point to the same struct BigNum.)
-
-#> int bnMod(struct BigNum *dest, struct BigNum const *src,
-#> struct BigNum const *d);
-
-This works just the same as the above, but doesn't bother you with the
-quotient. (No, there's no function that doesn't bother you with the
-remainder.) Again, dest and src may be the same (it's actually
-more efficient if they are), but d may not be the same as either.
-
-#> unsigned int bnModQ(struct BigNum const *src, unsigned d);
-
-This also computes src % d, but does so for small (up to 65535,
-the usual limit on "Q" functions) values of d. It returns the
-remainder. (No error is possible.)
-
-* Advanced math
-
-#> int bnLShift(struct BigNum *dest, unsigned amt);
-#> void bnRShift(struct BigNum *dest, unsigned amt);
-
-These shift the given bignum left or right by "amt" bit positions.
-Left shifts multiply by 2^amt, and may have to allocate memory
-(and thus fail). Right shifts divide by 2^amt, throwing away the
-remainder, and can never fail.
-
-#> unsigned bnMakeOdd(struct BigNum *n);
-
-This right shifts the input number as many places as possible without
-throwing anything away, and returns the number of bits shifted.
-If you see "let n = s * 2^t, where s is odd" in an algorithm,
-this is the function to call. It modifies n in place to produce s
-and returns t.
-
-This returns 0 if you pass it 0.
-
-#> int bnExpMod(struct BigNum *result, struct BigNum const *n,
-#> struct BigNum const *exp, struct BigNum const *mod);
-
-Ah, now we get to the heart of the library - probably the most heavily
-optimized function in it. This computes result = n^exp, modulo "mod".
-result may be the same as n, but not the same as exp or mod. For large
-exponents and moduli, it can try to allocate quite a bit of working
-storage, although it will manage to finish its work (just slower)
-if some of those allocations fail. (Not all, though - the first few
-are essential.)
-
-"mod" must be odd. It will blow up if not. Also, n must be less than
-mod. If you're not sure if it is, use bnMod first. The return value
-is always between 0 and mod-1.
-
-#> int bnTwoExpMod(struct BigNum *result, struct BigNum const *exp,
-#> struct BigNum const *mod);
-
-This computes result = 2^exp, modulo "mod". It's faster than the general
-bnExpMod function, although that function checks to see if n = 2 and calls
-this one internally, so you don't need to check yourself if you're not
-sure. The main reason to mention this is that if you're doing something
-like a pseudoprimality test, using a base of 2 first can save some time.
-
-#> int bnDoubleExpMod(struct BigNum *result,
-#> struct BigNum const *n1, struct BigNum const *e1,
-#> struct BigNum const *n2, struct BigNum const *e2,
-#> struct BigNum const *mod);
-
-This computes dest = n1^e1 * n2^e2, modulo "mod". It does it quite
-a bit faster than doing two separate bnExpMod operations; in fact,
-it's not that much more expensive than one. "result" may be the
-same BigNum as n1 or n2, but it may not be the same as the exponents
-or the modulus. All of the other caveats about bnExpMod apply.
-
-#> int bnGcd(struct BigNum *dest, struct BigNum const *a,
-#> struct BigNum const *b);
-
-This returns dest = gcd(a,b). dest may be the same as either input.
-
-/* dest = src^-1, modulo "mod". dest may be the same as src. */
-#> int bnInv(struct BigNum *dest, struct BigNum const *src,
-#> struct BigNum const *mod);
-
-This requires that gcd(src, mod) = 1, and returns dest = src^-1, modulo
-"mod". That is, 0 < dest < mod and dest*src = 1, modulo "mod".
-dest and src may be the same, but mod must be different.
-
-This will probably get extended at some point to find dest such that
-dest * src = gcd(src, mod), modulo "mod", but that isn't implemented
-yet.
-
-* Auxiliary functions
-
-These mostly-internal functions aren't very useful to call directly,
-and might even get removed, but for now they're there in the unusual
-case where you might want them.
-
-#> void bnInit(void);
-
-This does global library initialization. It is called by the first
-call to bnBegin(), so you shouldn't need to call it explicitly. It is
-idempotent, so you can call it multiple times if you like. The only
-thing it does right now is set up the function pointers to the rest of
-the library. If a program crashes and the debugger tells you that
-it's trying to execute at address 0, bnInit never got called.
-
-#> int bnPrealloc(struct BigNum *bn, unsigned bits);
-
-This preallocates space in bn to make sure that it can hold "bits" bits.
-If the overflow characteristics of various algorithms get documented
-better, this might allow even more error-checking to be avoided, but
-for now it's only to reduce memory fragmentation.
-
-#> void bnNorm(struct BigNum *bn);
-
-This decreases the "size" field of the given bignum until it has no leading
-zero words in its internal representation. Given that almost everything
-in the library does the equivalent of this on input and output, the utility
-of this function is a bit dubious. It's kind of a legacy.
-
-* Extra libraries
-
-There are a number of utilities built on top of the basic library.
-They are built on top of the interfaces just described, and can be used
-if you like.
-
-* jacobi.h
-
-#> int bnJacobiQ(unsigned p, struct BigNum const *bn);
-
-This returns the Jacobi symbol J(p,bn), where p is a small number.
-The Jacobi symbol is always -1, 0, or +1. You'll note that p may
-only be positive, even though the Jacobi symbol is defined for
-negative p. If you want to worry about negative p, do it yourself.
-J(-p,bn) = (bnLSWord(bn) & 2 ? -1 : +1) * bnJacobiQ(p, bn).
-
-A function to compute the Jacobi symbol for large p would be nice.
-
-* prime.h
-
-#> int primeGen(struct BigNum *bn, unsigned (*rand)(unsigned),
-#> int (*f)(void *arg, int c), void *arg, unsigned exponent, ...);
-
-This finds the next prime p >= bn, and sets bn to equal it.
-Well, sort of.
-
-It always leaves bn at least as large as when it started (unless it
-runs out of memory and returns -1), and if you pass a 0 for the rand
-function, it will be the next prime >= bn.
-
-Except:
-- It doesn't bother coping with small primes. If it's divisible by any
-prime up to 65521, it's considered non-prime. Even if the quotient is 0.
-If you pass in "1", expecting to get "2" back, you'll get 65537. Maybe
-it would be nice to fix that.
-- It actually only does a few strong pseudoprimality tests to fixed
-bases to determine if the candidate number is prime. For random input,
-this is fine; the chance of error is so infinitesimal that it is
-absolutely not worth worrying about. But if you give it numbers carefully
-chosen to be strong pseudoprimes, it will think they're primes and not
-complain. For example, 341550071728321 = 10670053 * 32010157 will
-pass the primality test quite handily. So will
-68528663395046912244223605902738356719751082784386681071.
-- If you supply a rand() function, which returns 0 <= rand(n) < n
-(n never gets very large - currently, at most 256), this shuffles the
-candidates before testing and accepting one. If you want a "random"
-prime, this produces a more uniformly distributed prime, while
-retaining all of the speed advantages of a sequential search from a
-random starting point, which would otherwise produce a bias towards
-primes which were not closely preceded by other primes. So, for
-example, the second of a pair of twin primes would be very unlikely to
-be chosen. rand() doesn't totally flatten the distribution, but it
-comes very close.
-
-The "f" function is called periodically during the progress of the
-search (which can take a while) with the supplied argument (for private
-context) and a character c, which sort of tells you what it's doing.
-c is either '.' or '*' (if it's found something and is confirming that
-it's really prime) or '/' (if it's having a really hard time finding
-something). Also, if f returns < 0, primeGen immediately returns that
-value. This can form the basis for a user interface which can show some
-life occasionally and abort the computation if desired.
-
-If you just print these characters to the screen, don't forget to
-fflush() after printing them.
-
-Finally, "exponent, ..." is a zero-terminated list of small numbers
-which must not divide p-1 when the function returns. If the numbers
-are chosen to be the prime factors of n, then gcd(n, p-1) will be
-1, so the map f(x) -> x^n is invertible modulo p.
-
-#> int primeGenStrong(struct BigNum *bn, struct BigNum const *step,
-#> int (*f)(void *arg, int c), void *arg);
-
-This is similar, but searches in steps of "step", rather than 1, from the
-given starting value. The starting value must be odd and the step
-size must be even! If you start with bn == 1 (mod step), and step
-is 2*q, where q is a large prime, then this generates "strong" primes,
-p-1 having a large prime factor q. There are other uses, too.
-
-#ifdef __cplusplus
-}
-#endif
-
-* germain.h
-
-#> int germainPrimeGen(struct BigNum *bn, int (*f)(void *arg, int c),
-#> void *arg);
-
-This increases bn until it is a Sophie Germain prime, that is, a number p
-such that p and (p-1)/2 are both prime. These numbers are rarer than
-ordinary primes and the search takes correspondingly longer.
-
-It omits the randomization portion of primeGen, and the exponent list,
-since the factors of bn-1 are known already. The f function for
-progress is the same, but it is also sometimes passed a '+' or '-'
-character when it's found a (p-1)/2 that's prime. This is just to lend
-some interest to an otherwise very boring row of dots. Finding large
-primes with this function, even though it's pretty optimized, takes a
-*while*, and otherwise once the screen filled with dots (one every few
-seconds) it would be hard to keep track of the scroll.
-
-It varies a lot, depending on luck of the starting value and the speed
-of your machine, but if your starting number is over 1024 bits, plan on
-over an hour of run time, and if it's over 2048 bits, plan on a day.
-At 4096 bits, start thinking about a week.
-
-Past that, supporting checkpoint/restart is a good idea. Every time
-the progress function gets a '/' is probably a good interval, and when
-it happens have f return a distinct error value like -2. When
-germainPrimeGen returns with that value, save the value in bn to a file
-somewhere and call it again with the same bn to continue searching.
-
-* sieve.h
-
-This is the sieving code that the other prime-finding functions call
-to do trial division. You might use it if you are doing some magic
-prime-finding of your own. A sieve is an array of bits, stored
-little-endian in an array of bytes (i.e. the lsb of byte 0 is bit 0).
-Sieves are indexed with the "unsigned" data type, so should not, for
-portability, be larger than 65536/8 = 8192 bytes long.
-
-A 1 bit is considered "in" the sieve, it has passed all the sieving.
-A 0 bit has been removed by some step.
-
-The functions are:
-
-#> void sieveSingle(unsigned char *array, unsigned size, unsigned start,
-#> unsigned step);
-
-This (efficiently) clears the bits at positions start, start+step,
-start+2*step, etc. in the sieve given by array and size. This is the
-elementary sieve-building step. Start with a sieve of all 1s, and
-apply this as required.
-
-#> unsigned sieveSearch(unsigned char const *array, unsigned size,
-#> unsigned start);
-
-This returns the next bit position *greater than* start which is set
-in the indicated sieve, or 0 on failure. NOTE that this means that
-you have to look at the bit at position 0 (array[0] & 1) by yourself
-if you want to pay attention to it, because there's no way to tell
-sieveSearch to start searching at 0 - it starts at start+1.
-
-#> int sieveBuild(unsigned char *array, unsigned size, struct BigNum const *bn,
-#> unsigned step, unsigned dbl);
-
-This initializes a sieve where, if bit i is set, then bn+step*i is not
-divisible by any small primes. (Small is from 2 through 65521, the
-largest prime less that 65536.) If "dbl" is > 0, then bits are also
-cleared if 2*(bn+step*i)+1 is divisible. If dbl > 1, then
-4*(bn+step*i)+3 is also checked, and so on. This feature is used when
-generating Sohpie Germain primes.
-
-Usually, you use a step of 2.
-
-#> int sieveBuildBig(unsigned char *array, unsigned size,
-#> struct BigNum const *bn, struct BigNum const *step, unsigned dbl);
-
-This is just the same, but accepts a BigNum step size, and is correspondingly
-slower.
-
-* bnprint.h
-
-#> int bnPrint(FILE *f, char const *prefix, struct BigNum const *bn,
-#> char const *suffix);
-
-This prints a nicely-formatted BigNum in hexadecimal form to the given
-FILE *. The "prefix" is printed before it, as a prompt, and the
-"suffix" is printed afterwards. The BigNum itself is printed in
-64-character lines, broken with a trailing backslash if necessary.
-Continuation lines are indented by the length of the prefix.
-
-E.g. a 2^512-1, printed with the call bnPrint(stdout, "a = (", bn, ")\n")
-would result in:
-
-a = (FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\
- FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
-
-Hex digits are printed in upper case to facilitate cutting and pasting into
-the Unix "dc" utility.
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn.h - the interface to the bignum routines.
- * All functions which return ints can potentially allocate memory
- * and return -1 if they are unable to. All "const" arguments
- * are unmodified.
- *
- * This is not particularly asymmetric, as some operations are of the
- * form a = b @ c, while others do a @= b. In general, outputs may not
- * point to the same struct BigNums as inputs, except as specified
- * below. This relationship is referred to as "being the same as".
- * This is not numerical equivalence.
- *
- * The "Q" operations take "unsigned" inputs. Higher values of the
- * extra input may work on some implementations, but 65535 is the
- * highest portable value. Just because UNSIGNED_MAX is larger than
- * that, or you know that the word size of the library is larger than that,
- * that, does *not* mean it's allowed.
- */
-#ifndef BN_H
-#define BN_H
-
-struct BigNum {
- void *ptr;
- unsigned size; /* Note: in (variable-sized) words */
- unsigned allocated;
-};
-
-/*
- * User-supplied function: if non-NULL, this is called during long-running
- * computations. You may put Yield() calls in here to give CPU time to
- * other processes. You may also force the computation to be aborted,
- * by returning a value < 0, which will be the return value of the
- * bnXXX call. (You probably want the value to be someting other than
- * -1, to distinguish it from a n out-of-memory error.)
- *
- * The functions that this is called from, and the intervals at which it
- * is called, are not well defined, just "reasonably often". (Currently,
- * once per exponent bit in nodular exponentiation, and once per two
- * divisions in GCD and inverse computation.)
- */
-extern int (*bnYield)(void);
-
-/* Functions */
-
-/*
- * You usually never have to call this function explicitly, as
- * bnBegin() takes care of it. If the program jumps to address 0,
- * this function has bot been called.
- */
-void bnInit(void);
-
-/*
- * This initializes an empty struct BigNum to a zero value.
- * Do not use this on a BigNum which has had a value stored in it!
- */
-void bnBegin(struct BigNum *bn);
-
-/* Swap two BigNums. Cheap. */
-void bnSwap(struct BigNum *a, struct BigNum *b);
-
-/* Reset an initialized bigNum to empty, pending deallocation. */
-extern void (*bnEnd)(struct BigNum *bn);
-
-/*
- * If you know you'll need space in the number soon, you can use this function
- * to ensure that there is room for at least "bits" bits. Optional.
- * Returns <0 on out of memory, but the value is unaffected.
- */
-extern int (*bnPrealloc)(struct BigNum *bn, unsigned bits);
-
-/* Hopefully obvious. dest = src. dest may be the same as src. */
-extern int (*bnCopy)(struct BigNum *dest, struct BigNum const *src);
-
-/*
- * Mostly done automatically, but this removes leading zero words from
- * the internal representation of the BigNum. Use is unclear.
- */
-extern void (*bnNorm)(struct BigNum *bn);
-
-/*
- * Move bytes between the given buffer and the given BigNum encoded in
- * base 256. I.e. after either of these, the buffer will be equal to
- * (bn / 256^lsbyte) % 256^len. The difference is which is altered to
- * match the other!
- */
-extern void (*bnExtractBigBytes)(struct BigNum const *bn,
- unsigned char *dest, unsigned lsbyte, unsigned len);
-extern int (*bnInsertBigBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-
-/* The same, but the buffer is little-endian. */
-extern void (*bnExtractLittleBytes)(struct BigNum const *bn,
- unsigned char *dest, unsigned lsbyte, unsigned len);
-extern int (*bnInsertLittleBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-
-/* Return the least-significant bits (at least 16) of the BigNum */
-extern unsigned (*bnLSWord)(struct BigNum const *src);
-
-/* Return the selected bit of the BigNum (bit 0 is bn mod 2) */
-extern int (*bnReadBit)(struct BigNum const *bn, unsigned bit);
-
-/*
- * Return the number of significant bits in the BigNum.
- * 0 or 1+floor(log2(src))
- */
-extern unsigned (*bnBits)(struct BigNum const *src);
-#define bnBytes(bn) ((bnBits(bn)+7)/8)
-
-/*
- * dest += src. dest and src may be the same. Guaranteed not to
- * allocate memory unnecessarily, so if you're sure bnBits(dest)
- * won't change, you don't need to check the return value.
- */
-extern int (*bnAdd)(struct BigNum *dest, struct BigNum const *src);
-
-/*
- * dest -= src. dest and src may be the same, but bnSetQ(dest, 0) is faster.
- * if dest < src, returns +1 and sets dest = src-dest.
- */
-extern int (*bnSub)(struct BigNum *dest, struct BigNum const *src);
-
-/* Return sign (-1, 0, +1) of a-b. a <=> b --> bnCmpQ(a, b) <=> 0 */
-extern int (*bnCmpQ)(struct BigNum const *a, unsigned b);
-
-/* dest = src, where 0 <= src < 2^16. */
-extern int (*bnSetQ)(struct BigNum *dest, unsigned src);
-
-/* dest += src, where 0 <= src < 2^16 */
-extern int (*bnAddQ)(struct BigNum *dest, unsigned src);
-
-/* dest -= src, where 0 <= src < 2^16 */
-extern int (*bnSubQ)(struct BigNum *dest, unsigned src);
-
-/* Return sign (-1, 0, +1) of a-b. a <=> b --> bnCmp(a, b) <=> 0 */
-extern int (*bnCmp)(struct BigNum const *a, struct BigNum const *b);
-
-/* dest = src^2. dest may be the same as src, but it costs time. */
-extern int (*bnSquare)(struct BigNum *dest, struct BigNum const *src);
-
-/* dest = a * b. dest may be the same as a or b, but it costs time. */
-extern int (*bnMul)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-
-/* dest = a * b, where 0 <= b < 2^16. dest and a may be the same. */
-extern int (*bnMulQ)(struct BigNum *dest, struct BigNum const *a, unsigned b);
-
-/*
- * q = n/d, r = n%d. r may be the same as n, but not d,
- * and q may not be the same as n or d.
- * re-entrancy issue: this temporarily modifies d, but restores
- * it for return.
- */
-extern int (*bnDivMod)(struct BigNum *q, struct BigNum *r,
- struct BigNum const *n, struct BigNum const *d);
-/*
- * dest = src % d. dest and src may be the same, but not dest and d.
- * re-entrancy issue: this temporarily modifies d, but restores
- * it for return.
- */
-extern int (*bnMod)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-
-/* return src % d, where 0 <= d < 2^16. */
-extern unsigned int (*bnModQ)(struct BigNum const *src, unsigned d);
-
-/* n = n^exp, modulo "mod" "mod" *must* be odd */
-extern int (*bnExpMod)(struct BigNum *result, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-
-/*
- * dest = n1^e1 * n2^e2, modulo "mod". "mod" *must* be odd.
- * dest may be the same as n1 or n2.
- */
-extern int (*bnDoubleExpMod)(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-
-/* n = 2^exp, modulo "mod" "mod" *must* be odd */
-extern int (*bnTwoExpMod)(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-
-/* dest = gcd(a, b). The inputs may overlap arbitrarily. */
-extern int (*bnGcd)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-
-/* dest = src^-1, modulo "mod". dest may be the same as src. */
-extern int (*bnInv)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-
-/* Shift dest left "amt" places */
-extern int (*bnLShift)(struct BigNum *dest, unsigned amt);
-/* Shift dest right "amt" places, discarding low-order bits */
-extern void (*bnRShift)(struct BigNum *dest, unsigned amt);
-
-/* For the largest 2^k that divides n, divide n by it and return k. */
-extern unsigned (*bnMakeOdd)(struct BigNum *n);
-
-/*
- * Precomputed data for rapid base^exp (mod mod) computation with fixed
- * base and mod.
- */
-struct BnBasePrecomp {
- void *array; /* Ponter to array of pointers to words */
- unsigned msize; /* Words in modulis (normalized) */
- unsigned bits; /* Bits per array element */
- unsigned maxebits; /* Maximum exponent bits */
- unsigned entries; /* Number of entries */
- unsigned arraysize;
-};
-
-extern int (*bnBasePrecompBegin)(struct BnBasePrecomp *pre,
- struct BigNum const *base, struct BigNum const *mod,
- unsigned maxebits);
-extern void (*bnBasePrecompEnd)(struct BnBasePrecomp *pre);
-extern int (*bnBasePrecompExpMod)(struct BigNum *dest,
- struct BnBasePrecomp const *pre, struct BigNum const *exp,
- struct BigNum const *mod);
-extern int (*bnDoubleBasePrecompExpMod)(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod);
-
-#endif/* !BN_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn00.c - auto-size-detecting bn??.c file.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bnsize00.h"
-
-#if BNSIZE64
-
-/* Include all of the C source file by reference */
-#include "bn64.c"
-#include "bninit64.c"
-
-#elif BNSIZE32
-
-/* Include all of the C source file by reference */
-#include "bn32.c"
-#include "bninit32.c"
-
-#else /* BNSIZE16 */
-
-/* Include all of the C source file by reference */
-#include "bn16.c"
-#include "bninit16.c"
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn16.c - the high-level bignum interface
- *
- * Like lbn16.c, this reserves the string "16" for textual replacement.
- * The string must not appear anywhere unless it is intended to be replaced
- * to generate other bignum interface functions.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* for memmove() in bnMakeOdd */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-/*
- * This was useful during debugging, so it's left in here.
- * You can ignore it. DBMALLOC is generally undefined.
- */
-#ifndef DBMALLOC
-#define DBMALLOC 0
-#endif
-#if DBMALLOC
-#include "../dbmalloc/malloc.h"
-#define MALLOCDB malloc_chain_check(1)
-#else
-#define MALLOCDB (void)0
-#endif
-
-#include "lbn.h"
-#include "lbn16.h"
-#include "lbnmem.h"
-#include "bn16.h"
-#include "bn.h"
-
-/* Work-arounds for some particularly broken systems */
-#include "kludge.h" /* For memmove() */
-
-/* Functions */
-void
-bnInit_16(void)
-{
- bnEnd = bnEnd_16;
- bnPrealloc = bnPrealloc_16;
- bnCopy = bnCopy_16;
- bnNorm = bnNorm_16;
- bnExtractBigBytes = bnExtractBigBytes_16;
- bnInsertBigBytes = bnInsertBigBytes_16;
- bnExtractLittleBytes = bnExtractLittleBytes_16;
- bnInsertLittleBytes = bnInsertLittleBytes_16;
- bnLSWord = bnLSWord_16;
- bnReadBit = bnReadBit_16;
- bnBits = bnBits_16;
- bnAdd = bnAdd_16;
- bnSub = bnSub_16;
- bnCmpQ = bnCmpQ_16;
- bnSetQ = bnSetQ_16;
- bnAddQ = bnAddQ_16;
- bnSubQ = bnSubQ_16;
- bnCmp = bnCmp_16;
- bnSquare = bnSquare_16;
- bnMul = bnMul_16;
- bnMulQ = bnMulQ_16;
- bnDivMod = bnDivMod_16;
- bnMod = bnMod_16;
- bnModQ = bnModQ_16;
- bnExpMod = bnExpMod_16;
- bnDoubleExpMod = bnDoubleExpMod_16;
- bnTwoExpMod = bnTwoExpMod_16;
- bnGcd = bnGcd_16;
- bnInv = bnInv_16;
- bnLShift = bnLShift_16;
- bnRShift = bnRShift_16;
- bnMakeOdd = bnMakeOdd_16;
- bnBasePrecompBegin = bnBasePrecompBegin_16;
- bnBasePrecompEnd = bnBasePrecompEnd_16;
- bnBasePrecompExpMod = bnBasePrecompExpMod_16;
- bnDoubleBasePrecompExpMod = bnDoubleBasePrecompExpMod_16;
-}
-
-void
-bnEnd_16(struct BigNum *bn)
-{
- if (bn->ptr) {
- LBNFREE((BNWORD16 *)bn->ptr, bn->allocated);
- bn->ptr = 0;
- }
- bn->size = 0;
- bn->allocated = 0;
-
- MALLOCDB;
-}
-
-/* Internal function. It operates in words. */
-static int
-bnResize_16(struct BigNum *bn, unsigned len)
-{
- void *p;
-
- /* Round size up: most mallocs impose 8-byte granularity anyway */
- len = (len + (8/sizeof(BNWORD16) - 1)) & ~(8/sizeof(BNWORD16) - 1);
- p = LBNREALLOC((BNWORD16 *)bn->ptr, bn->allocated, len);
- if (!p)
- return -1;
- bn->ptr = p;
- bn->allocated = len;
-
- MALLOCDB;
-
- return 0;
-}
-
-#define bnSizeCheck(bn, size) \
- if (bn->allocated < size && bnResize_16(bn, size) < 0) \
- return -1
-
-/* Preallocate enough space in bn to hold "bits" bits. */
-int
-bnPrealloc_16(struct BigNum *bn, unsigned bits)
-{
- bits = (bits + 16-1)/16;
- bnSizeCheck(bn, bits);
- MALLOCDB;
- return 0;
-}
-
-int
-bnCopy_16(struct BigNum *dest, struct BigNum const *src)
-{
- bnSizeCheck(dest, src->size);
- dest->size = src->size;
- lbnCopy_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, src->size);
- MALLOCDB;
- return 0;
-}
-
-/* Is this ever needed? Normalize the bn by deleting high-order 0 words */
-void
-bnNorm_16(struct BigNum *bn)
-{
- bn->size = lbnNorm_16((BNWORD16 *)bn->ptr, bn->size);
-}
-
-/*
- * Convert a bignum to big-endian bytes. Returns, in big-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (leading) bytes are filled with 0.
- */
-void
-bnExtractBigBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (16 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte + len) {
- *dest++ = 0;
- len--;
- }
-
- if (len)
- lbnExtractBigBytes_16((BNWORD16 *)bn->ptr, dest, lsbyte, len);
- MALLOCDB;
-}
-
-/* The inverse of the above. */
-int
-bnInsertBigBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD16)-1) / sizeof(BNWORD16);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_16((BNWORD16 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertBigBytes_16((BNWORD16 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_16((BNWORD16 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-
-/*
- * Convert a bignum to little-endian bytes. Returns, in little-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (trailing) bytes are filled with 0.
- */
-void
-bnExtractLittleBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (16 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte + len)
- dest[--len] = 0;
-
- if (len)
- lbnExtractLittleBytes_16((BNWORD16 *)bn->ptr, dest,
- lsbyte, len);
- MALLOCDB;
-}
-
-/* The inverse of the above */
-int
-bnInsertLittleBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD16)-1) / sizeof(BNWORD16);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_16((BNWORD16 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertLittleBytes_16((BNWORD16 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_16((BNWORD16 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-/* Return the least-significant word of the input. */
-unsigned
-bnLSWord_16(struct BigNum const *bn)
-{
- return bn->size ? (unsigned)((BNWORD16 *)bn->ptr)[BIGLITTLE(-1,0)]: 0;
-}
-
-/* Return a selected bit of the data */
-int
-bnReadBit_16(struct BigNum const *bn, unsigned bit)
-{
- BNWORD16 word;
- if (bit/16 >= bn->size)
- return 0;
- word = ((BNWORD16 *)bn->ptr)[BIGLITTLE(-1-bit/16,bit/16)];
- return (int)(word >> (bit % 16) & 1);
-}
-
-/* Count the number of significant bits. */
-unsigned
-bnBits_16(struct BigNum const *bn)
-{
- return lbnBits_16((BNWORD16 *)bn->ptr, bn->size);
-}
-
-/* dest += src */
-int
-bnAdd_16(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD16 t;
-
- if (!s)
- return 0;
-
- bnSizeCheck(dest, s);
-
- if (d < s) {
- lbnZero_16((BNWORD16 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- t = lbnAddN_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnAdd1_16((BNWORD16 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- bnSizeCheck(dest, d+1);
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-1-d,d)] = t;
- dest->size = d+1;
- }
- }
- return 0;
-}
-
-/*
- * dest -= src.
- * If dest goes negative, this produces the absolute value of
- * the difference (the negative of the true value) and returns 1.
- * Otherwise, it returls 0.
- */
-int
-bnSub_16(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD16 t;
-
- if (d < s && d < (s = lbnNorm_16((BNWORD16 *)src->ptr, s))) {
- bnSizeCheck(dest, s);
- lbnZero_16((BNWORD16 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- if (!s)
- return 0;
- t = lbnSubN_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnSub1_16((BNWORD16 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- lbnNeg_16((BNWORD16 *)dest->ptr, d);
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr,
- dest->size);
- MALLOCDB;
- return 1;
- }
- }
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, dest->size);
- return 0;
-}
-
-/*
- * Compare the BigNum to the given value, which must be < 65536.
- * Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmpQ(a,b) <=> 0
- */
-int
-bnCmpQ_16(struct BigNum const *a, unsigned b)
-{
- unsigned t;
- BNWORD16 v;
-
- t = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- /* If a is more than one word long or zero, it's easy... */
- if (t != 1)
- return (t > 1) ? 1 : (b ? -1 : 0);
- v = (unsigned)((BNWORD16 *)a->ptr)[BIGLITTLE(-1,0)];
- return (v > b) ? 1 : ((v < b) ? -1 : 0);
-}
-
-/* Set dest to a small value */
-int
-bnSetQ_16(struct BigNum *dest, unsigned src)
-{
- if (src) {
- bnSizeCheck(dest, 1);
-
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-1,0)] = (BNWORD16)src;
- dest->size = 1;
- } else {
- dest->size = 0;
- }
- return 0;
-}
-
-/* dest += src */
-int
-bnAddQ_16(struct BigNum *dest, unsigned src)
-{
- BNWORD16 t;
-
- if (!dest->size)
- return bnSetQ(dest, src);
-
- t = lbnAdd1_16((BNWORD16 *)dest->ptr, dest->size, (BNWORD16)src);
- MALLOCDB;
- if (t) {
- src = dest->size;
- bnSizeCheck(dest, src+1);
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-1-src,src)] = t;
- dest->size = src+1;
- }
- return 0;
-}
-
-/*
- * Return value as for bnSub: 1 if subtract underflowed, in which
- * case the return is the negative of the computed value.
- */
-int
-bnSubQ_16(struct BigNum *dest, unsigned src)
-{
- BNWORD16 t;
-
- if (!dest->size)
- return bnSetQ(dest, src) < 0 ? -1 : (src != 0);
-
- t = lbnSub1_16((BNWORD16 *)dest->ptr, dest->size, src);
- MALLOCDB;
- if (t) {
- /* Underflow. <= 1 word, so do it simply. */
- lbnNeg_16((BNWORD16 *)dest->ptr, 1);
- dest->size = 1;
- return 1;
- }
-/* Try to normalize? Needing this is going to be pretty damn rare. */
-/* dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, dest->size); */
- return 0;
-}
-
-/*
- * Compare two BigNums. Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmp(a,b) <=> 0
- */
-int
-bnCmp_16(struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
-
- s = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- t = lbnNorm_16((BNWORD16 *)b->ptr, b->size);
-
- if (s != t)
- return s > t ? 1 : -1;
- return lbnCmp_16((BNWORD16 *)a->ptr, (BNWORD16 *)b->ptr, s);
-}
-
-/* dest = src*src. This is more efficient than bnMul. */
-int
-bnSquare_16(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s;
- BNWORD16 *srcbuf;
-
- s = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- if (!s) {
- dest->size = 0;
- return 0;
- }
- bnSizeCheck(dest, 2*s);
-
- if (src == dest) {
- LBNALLOC(srcbuf, BNWORD16, s);
- if (!srcbuf)
- return -1;
- lbnCopy_16(srcbuf, (BNWORD16 *)src->ptr, s);
- lbnSquare_16((BNWORD16 *)dest->ptr, (BNWORD16 *)srcbuf, s);
- LBNFREE(srcbuf, s);
- } else {
- lbnSquare_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, s);
- }
-
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, 2*s);
- MALLOCDB;
- return 0;
-}
-
-/* dest = a * b. Any overlap between operands is allowed. */
-int
-bnMul_16(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
- BNWORD16 *srcbuf;
-
- s = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- t = lbnNorm_16((BNWORD16 *)b->ptr, b->size);
-
- if (!s || !t) {
- dest->size = 0;
- return 0;
- }
-
- if (a == b)
- return bnSquare_16(dest, a);
-
- bnSizeCheck(dest, s+t);
-
- if (dest == a) {
- LBNALLOC(srcbuf, BNWORD16, s);
- if (!srcbuf)
- return -1;
- lbnCopy_16(srcbuf, (BNWORD16 *)a->ptr, s);
- lbnMul_16((BNWORD16 *)dest->ptr, srcbuf, s,
- (BNWORD16 *)b->ptr, t);
- LBNFREE(srcbuf, s);
- } else if (dest == b) {
- LBNALLOC(srcbuf, BNWORD16, t);
- if (!srcbuf)
- return -1;
- lbnCopy_16(srcbuf, (BNWORD16 *)b->ptr, t);
- lbnMul_16((BNWORD16 *)dest->ptr, (BNWORD16 *)a->ptr, s,
- srcbuf, t);
- LBNFREE(srcbuf, t);
- } else {
- lbnMul_16((BNWORD16 *)dest->ptr, (BNWORD16 *)a->ptr, s,
- (BNWORD16 *)b->ptr, t);
- }
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, s+t);
- MALLOCDB;
- return 0;
-}
-
-/* dest = a * b */
-int
-bnMulQ_16(struct BigNum *dest, struct BigNum const *a, unsigned b)
-{
- unsigned s;
-
- s = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- if (!s || !b) {
- dest->size = 0;
- return 0;
- }
- if (b == 1)
- return bnCopy_16(dest, a);
- bnSizeCheck(dest, s+1);
- lbnMulN1_16((BNWORD16 *)dest->ptr, (BNWORD16 *)a->ptr, s, b);
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, s+1);
- MALLOCDB;
- return 0;
-}
-
-/* q = n/d, r = n % d */
-int
-bnDivMod_16(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d)
-{
- unsigned dsize, nsize;
- BNWORD16 qhigh;
-
- dsize = lbnNorm_16((BNWORD16 *)d->ptr, d->size);
- nsize = lbnNorm_16((BNWORD16 *)n->ptr, n->size);
-
- if (nsize < dsize) {
- q->size = 0; /* No quotient */
- r->size = nsize;
- return 0; /* Success */
- }
-
- bnSizeCheck(q, nsize-dsize);
-
- if (r != n) { /* You are allowed to reduce in place */
- bnSizeCheck(r, nsize);
- lbnCopy_16((BNWORD16 *)r->ptr, (BNWORD16 *)n->ptr, nsize);
- }
-
- qhigh = lbnDiv_16((BNWORD16 *)q->ptr, (BNWORD16 *)r->ptr, nsize,
- (BNWORD16 *)d->ptr, dsize);
- nsize -= dsize;
- if (qhigh) {
- bnSizeCheck(q, nsize+1);
- *((BNWORD16 *)q->ptr BIGLITTLE(-nsize-1,+nsize)) = qhigh;
- q->size = nsize+1;
- } else {
- q->size = lbnNorm_16((BNWORD16 *)q->ptr, nsize);
- }
- r->size = lbnNorm_16((BNWORD16 *)r->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-/* det = src % d */
-int
-bnMod_16(struct BigNum *dest, struct BigNum const *src, struct BigNum const *d)
-{
- unsigned dsize, nsize;
-
- nsize = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- dsize = lbnNorm_16((BNWORD16 *)d->ptr, d->size);
-
-
- if (dest != src) {
- bnSizeCheck(dest, nsize);
- lbnCopy_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, nsize);
- }
-
- if (nsize < dsize) {
- dest->size = nsize; /* No quotient */
- return 0;
- }
-
- (void)lbnDiv_16((BNWORD16 *)dest->ptr BIGLITTLE(-dsize,+dsize),
- (BNWORD16 *)dest->ptr, nsize,
- (BNWORD16 *)d->ptr, dsize);
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-/* return src % d. */
-unsigned
-bnModQ_16(struct BigNum const *src, unsigned d)
-{
- unsigned s;
-
- s = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- if (!s)
- return 0;
-
- if (d & (d-1)) /* Not a power of 2 */
- d = lbnModQ_16((BNWORD16 *)src->ptr, s, d);
- else
- d = (unsigned)((BNWORD16 *)src->ptr)[BIGLITTLE(-1,0)] & (d-1);
- return d;
-}
-
-/* dest = n^exp (mod mod) */
-int
-bnExpMod_16(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned nsize, esize, msize;
-
- nsize = lbnNorm_16((BNWORD16 *)n->ptr, n->size);
- esize = lbnNorm_16((BNWORD16 *)exp->ptr, exp->size);
- msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- /* Special-case base of 2 */
- if (nsize == 1 && ((BNWORD16 *)n->ptr)[BIGLITTLE(-1,0)] == 2) {
- if (lbnTwoExpMod_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)exp->ptr, esize,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
- } else {
- if (lbnExpMod_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)n->ptr, nsize,
- (BNWORD16 *)exp->ptr, esize,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
- }
-
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/*
- * dest = n1^e1 * n2^e2 (mod mod). This is more efficient than two
- * separate modular exponentiations, and in fact asymptotically approaches
- * the cost of one.
- */
-int
-bnDoubleExpMod_16(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod)
-{
- unsigned n1size, e1size, n2size, e2size, msize;
-
- n1size = lbnNorm_16((BNWORD16 *)n1->ptr, n1->size);
- e1size = lbnNorm_16((BNWORD16 *)e1->ptr, e1->size);
- n2size = lbnNorm_16((BNWORD16 *)n2->ptr, n2->size);
- e2size = lbnNorm_16((BNWORD16 *)e2->ptr, e2->size);
- msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- if (lbnDoubleExpMod_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)n1->ptr, n1size, (BNWORD16 *)e1->ptr, e1size,
- (BNWORD16 *)n2->ptr, n2size, (BNWORD16 *)e2->ptr, e2size,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
-
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/* n = 2^exp (mod mod) */
-int
-bnTwoExpMod_16(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod)
-{
- unsigned esize, msize;
-
- esize = lbnNorm_16((BNWORD16 *)exp->ptr, exp->size);
- msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(n, msize);
-
- if (lbnTwoExpMod_16((BNWORD16 *)n->ptr, (BNWORD16 *)exp->ptr, esize,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
-
- n->size = lbnNorm_16((BNWORD16 *)n->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/* dest = gcd(a, b) */
-int
-bnGcd_16(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- BNWORD16 *tmp;
- unsigned asize, bsize;
- int i;
-
- /* Kind of silly, but we might as well permit it... */
- if (a == b)
- return dest == a ? 0 : bnCopy(dest, a);
-
- /* Ensure a is not the same as "dest" */
- if (a == dest) {
- a = b;
- b = dest;
- }
-
- asize = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- bsize = lbnNorm_16((BNWORD16 *)b->ptr, b->size);
-
- bnSizeCheck(dest, bsize+1);
-
- /* Copy a to tmp */
- LBNALLOC(tmp, BNWORD16, asize+1);
- if (!tmp)
- return -1;
- lbnCopy_16(tmp, (BNWORD16 *)a->ptr, asize);
-
- /* Copy b to dest, if necessary */
- if (dest != b)
- lbnCopy_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)b->ptr, bsize);
- if (bsize > asize || (bsize == asize &&
- lbnCmp_16((BNWORD16 *)b->ptr, (BNWORD16 *)a->ptr, asize) > 0))
- {
- i = lbnGcd_16((BNWORD16 *)dest->ptr, bsize, tmp, asize,
- &dest->size);
- if (i > 0) /* Result in tmp, not dest */
- lbnCopy_16((BNWORD16 *)dest->ptr, tmp, dest->size);
- } else {
- i = lbnGcd_16(tmp, asize, (BNWORD16 *)dest->ptr, bsize,
- &dest->size);
- if (i == 0) /* Result in tmp, not dest */
- lbnCopy_16((BNWORD16 *)dest->ptr, tmp, dest->size);
- }
- LBNFREE(tmp, asize+1);
- MALLOCDB;
- return (i < 0) ? i : 0;
-}
-
-/*
- * dest = 1/src (mod mod). Returns >0 if gcd(src, mod) != 1 (in which case
- * the inverse does not exist).
- */
-int
-bnInv_16(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod)
-{
- unsigned s, m;
- int i;
-
- s = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- m = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- /* lbnInv_16 requires that the input be less than the modulus */
- if (m < s ||
- (m==s && lbnCmp_16((BNWORD16 *)src->ptr, (BNWORD16 *)mod->ptr, s)))
- {
- bnSizeCheck(dest, s + (m==s));
- if (dest != src)
- lbnCopy_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)src->ptr, s);
- /* Pre-reduce modulo the modulus */
- (void)lbnDiv_16((BNWORD16 *)dest->ptr BIGLITTLE(-m,+m),
- (BNWORD16 *)dest->ptr, s,
- (BNWORD16 *)mod->ptr, m);
- s = lbnNorm_16((BNWORD16 *)dest->ptr, m);
- MALLOCDB;
- } else {
- bnSizeCheck(dest, m+1);
- if (dest != src)
- lbnCopy_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)src->ptr, s);
- }
-
- i = lbnInv_16((BNWORD16 *)dest->ptr, s, (BNWORD16 *)mod->ptr, m);
- if (i == 0)
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, m);
-
- MALLOCDB;
- return i;
-}
-
-/*
- * Shift a bignum left the appropriate number of bits,
- * multiplying by 2^amt.
- */
-int
-bnLShift_16(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
- BNWORD16 carry;
-
- if (amt % 16) {
- carry = lbnLshift_16((BNWORD16 *)dest->ptr, s, amt % 16);
- if (carry) {
- s++;
- bnSizeCheck(dest, s);
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-s,s-1)] = carry;
- }
- }
-
- amt /= 16;
- if (amt) {
- bnSizeCheck(dest, s+amt);
- memmove((BNWORD16 *)dest->ptr BIGLITTLE(-s-amt, +amt),
- (BNWORD16 *)dest->ptr BIG(-s),
- s * sizeof(BNWORD16));
- lbnZero_16((BNWORD16 *)dest->ptr, amt);
- s += amt;
- }
- dest->size = s;
- MALLOCDB;
- return 0;
-}
-
-/*
- * Shift a bignum right the appropriate number of bits,
- * dividing by 2^amt.
- */
-void
-bnRShift_16(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
-
- if (amt >= 16) {
- memmove(
- (BNWORD16 *)dest->ptr BIG(-s+amt/16),
- (BNWORD16 *)dest->ptr BIGLITTLE(-s, +amt/16),
- (s-amt/16) * sizeof(BNWORD16));
- s -= amt/16;
- amt %= 16;
- }
-
- if (amt)
- (void)lbnRshift_16((BNWORD16 *)dest->ptr, s, amt);
-
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, s);
- MALLOCDB;
-}
-
-/*
- * Shift a bignum right until it is odd, and return the number of
- * bits shifted. n = d * 2^s. Replaces n with d and returns s.
- * Returns 0 when given 0. (Another valid answer is infinity.)
- */
-unsigned
-bnMakeOdd_16(struct BigNum *n)
-{
- unsigned size;
- unsigned s; /* shift amount */
- BNWORD16 *p;
- BNWORD16 t;
-
- p = (BNWORD16 *)n->ptr;
- size = lbnNorm_16(p, n->size);
- if (!size)
- return 0;
-
- t = BIGLITTLE(p[-1],p[0]);
- s = 0;
-
- /* See how many words we have to shift */
- if (!t) {
- /* Shift by words */
- do {
- s++;
- BIGLITTLE(--p,p++);
- } while ((t = BIGLITTLE(p[-1],p[0])) == 0);
- size -= s;
- s *= 16;
- memmove((BNWORD16 *)n->ptr BIG(-size), p BIG(-size),
- size * sizeof(BNWORD16));
- p = (BNWORD16 *)n->ptr;
- MALLOCDB;
- }
-
- assert(t);
-
- if (!(t & 1)) {
- /* Now count the bits */
- do {
- t >>= 1;
- s++;
- } while ((t & 1) == 0);
-
- /* Shift the bits */
- lbnRshift_16(p, size, s & (16-1));
- /* Renormalize */
- if (BIGLITTLE(*(p-size),*(p+(size-1))) == 0)
- --size;
- }
- n->size = size;
-
- MALLOCDB;
- return s;
-}
-
-/*
- * Do base- and modulus-dependent precomputation for rapid computation of
- * base^exp (mod mod) with various exponents.
- *
- * See lbn16.c for the details on how the algorithm works. Basically,
- * it involves precomputing a table of powers of base, base^(order^k),
- * for a suitable range 0 <= k < n detemined by the maximum exponent size
- * desired. To do eht exponentiation, the exponent is expressed in base
- * "order" (sorry for the confusing terminology) and the precomputed powers
- * are combined.
- *
- * This implementation allows only power-of-2 values for "order". Using
- * other numbers can be more efficient, but it's more work and for the
- * popular exponent size of 160 bits, an order of 8 is optimal, so it
- * hasn't seemed worth it to implement.
- *
- * Here's a table of the optimal power-of-2 order for various exponent
- * sizes and the associated (average) cost for an exponentiation.
- * Note that *higher* orders are more memory-efficient; the number
- * of precomputed values required is ceil(ebits/order). (Ignore the
- * underscores in the middle of numbers; they're harmless.)
- *
- * At 2 bits, order 2 uses 0.000000 multiplies
- * At 4 bits, order 2 uses 1.000000 multiplies
- * At 8 bits, order 2 uses 3.000000 multiplies
- * At 1_6 bits, order 2 uses 7.000000 multiplies
- * At 3_2 bits, order 2 uses 15.000000 multiplies
- * At 34 bits, 15.750000 (order 4) < 1_6.000000 (order 2)
- * At 6_4 bits, order 4 uses 27.000000 multiplies
- * At 99 bits, 39.875000 (order 8) < 40.250000 (order 4)
- * At 128 bits, order 8 uses 48.500000 multiplies
- * At 256 bits, order 8 uses 85.875000 multiplies
- * At 280 bits, 92.625000 (order 1_6) < 92.875000 (order 8)
- * At 512 bits, order 1_6 uses 147.000000 multiplies
- * At 785 bits, 211.093750 (order 3_2) < 211.250000 (order 1_6)
- * At 1024 bits, order 3_2 uses 257.562500 multiplies
- * At 2048 bits, order 3_2 uses 456.093750 multiplies
- * At 2148 bits, 475.406250 (order 6_4) < 475.468750 (order 3_2)
- * At 4096 bits, order 6_4 uses 795.281250 multiplies
- * At 5726 bits, 1062.609375 (order 128) < 1062.843750 (order 6_4)
- * At 8192 bits, order 128 uses 1412.609375 multiplies
- * At 14848 bits, 2355.750000 (order 256) < 2355.929688 (order 128)
- * At 37593 bits, 5187.841797 (order 512) < 5188.144531 (order 256)
- */
-int
-bnBasePrecompBegin_16(struct BnBasePrecomp *pre, struct BigNum const *base,
- struct BigNum const *mod, unsigned maxebits)
-{
- int i;
- BNWORD16 **array; /* Array of precomputed powers of base */
- unsigned n; /* Number of entries in array (needed) */
- unsigned m; /* Number of entries in array (non-NULL) */
- unsigned arraysize; /* Number of entries in array (allocated) */
- unsigned bits; /* log2(order) */
- unsigned msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
- static unsigned const bnBasePrecompThreshTable[] = {
- 33, 98, 279, 784, 2147, 5725, 14847, 37592, (unsigned)-1
- };
-
- /* Clear pre in case of failure */
- pre->array = 0;
- pre->msize = 0;
- pre->bits = 0;
- pre->maxebits = 0;
- pre->arraysize = 0;
- pre->entries = 0;
-
- /* Find the correct bit-window size */
- bits = 0;
- do
- bits++;
- while (maxebits > bnBasePrecompThreshTable[bits]);
-
- /* Now the number of precomputed values we need */
- n = (maxebits+bits-1)/bits;
- assert(n*bits >= maxebits);
-
- arraysize = n+1; /* Add one trailing NULL for safety */
- array = lbnMemAlloc(arraysize * sizeof(*array));
- if (!array)
- return -1; /* Out of memory */
-
- /* Now allocate the entries (precomputed powers of base) */
- for (m = 0; m < n; m++) {
- BNWORD16 *entry;
-
- LBNALLOC(entry, BNWORD16, msize);
- if (!entry)
- break;
- array[m] = entry;
- }
-
- /* "m" is the number of successfully allocated entries */
- if (m < n) {
- /* Ran out of memory; see if we can use a smaller array */
- BNWORD16 **newarray;
-
- if (m < 2) {
- n = 0; /* Forget it */
- } else {
- /* How few bits can we use with what's allocated? */
- bits = (maxebits + m - 1) / m;
-retry:
- n = (maxebits + bits - 1) / bits;
- if (! (n >> bits) )
- n = 0; /* Not enough to amount to anything */
- }
- /* Free excess allocated array entries */
- while (m > n) {
- BNWORD16 *entry = array[--m];
- LBNFREE(entry, msize);
- }
- if (!n) {
- /* Give it up */
- lbnMemFree(array, arraysize * sizeof(*array));
- return -1;
- }
- /*
- * Try to shrink the pointer array. This might fail, but
- * it's not critical. lbnMemRealloc isn't guarnateed to
- * exist, so we may have to allocate, copy, and free.
- */
-#ifdef lbnMemRealloc
- newarray = lbnMemRealloc(array, arraysize * sizeof(*array),
- (n+1) * sizeof(*array));
- if (newarray) {
- array = newarray;
- arraysize = n+1;
- }
-#else
- newarray = lbnMemAlloc((n+1) * sizeof(*array));
- if (newarray) {
- memcpy(newarray, array, n * sizeof(*array));
- lbnMemFree(array, arraysize * sizeof(*array));
- array = newarray;
- arraysize = n+1;
- }
-#endif
- }
-
- /* Pad with null pointers */
- while (m < arraysize)
- array[m++] = 0;
-
- /* Okay, we have our array, now initialize it */
- i = lbnBasePrecompBegin_16(array, n, bits,
- (BNWORD16 *)base->ptr, base->size,
- (BNWORD16 *)mod->ptr, msize);
- if (i < 0) {
- /* Ack, still out of memory */
- bits++;
- m = n;
- goto retry;
- }
- /* Finally, totoal success */
- pre->array = array;
- pre->bits = bits;
- pre->msize = msize;
- pre->maxebits = n * bits;
- pre->arraysize = arraysize;
- pre->entries = n;
- return 0;
-}
-
-/* Free everything preallocated */
-void
-bnBasePrecompEnd_16(struct BnBasePrecomp *pre)
-{
- BNWORD16 **array = pre->array;
-
- if (array) {
- unsigned entries = pre->entries;
- unsigned msize = pre->msize;
- unsigned m;
-
- for (m = 0; m < entries; m++) {
- BNWORD16 *entry = array[m];
- if (entry)
- LBNFREE(entry, msize);
- }
- lbnMemFree(array, pre->arraysize * sizeof(array));
- }
- pre->array = 0;
- pre->bits = 0;
- pre->msize = 0;
- pre->maxebits = 0;
- pre->arraysize = 0;
- pre->entries = 0;
-}
-
-int
-bnBasePrecompExpMod_16(struct BigNum *dest, struct BnBasePrecomp const *pre,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
- unsigned esize = lbnNorm_16((BNWORD16 *)exp->ptr, exp->size);
- BNWORD16 const * const *array = pre->array;
- int i;
-
- assert(msize == pre->msize);
- assert(((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
- assert(lbnBits_16((BNWORD16 *)exp->ptr, esize) <= pre->maxebits);
-
- bnSizeCheck(dest, msize);
-
- i = lbnBasePrecompExp_16(dest->ptr, array, pre->bits,
- exp->ptr, esize, mod->ptr, msize);
- if (i == 0)
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, msize);
- return i;
-}
-
-int
-bnDoubleBasePrecompExpMod_16(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod)
-{
- unsigned msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
- unsigned e1size = lbnNorm_16((BNWORD16 *)exp1->ptr, exp1->size);
- unsigned e2size = lbnNorm_16((BNWORD16 *)exp1->ptr, exp2->size);
- BNWORD16 const * const *array1 = pre1->array;
- BNWORD16 const * const *array2 = pre2->array;
- int i;
-
- assert(msize == pre1->msize);
- assert(msize == pre2->msize);
- assert(((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
- assert(lbnBits_16((BNWORD16 *)exp1->ptr, e1size) <= pre1->maxebits);
- assert(lbnBits_16((BNWORD16 *)exp2->ptr, e2size) <= pre2->maxebits);
- assert(pre1->bits == pre2->bits);
-
- bnSizeCheck(dest, msize);
-
- i = lbnDoubleBasePrecompExp_16(dest->ptr, pre1->bits, array1,
- exp1->ptr, e1size, array2, exp2->ptr, e2size,
- mod->ptr, msize);
- if (i == 0)
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, msize);
- return i;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn16.h - interface to 16-bit bignum routines.
- */
-struct BigNum;
-struct BnBasePrecomp;
-
-void bnInit_16(void);
-void bnEnd_16(struct BigNum *bn);
-int bnPrealloc_16(struct BigNum *bn, unsigned bits);
-int bnCopy_16(struct BigNum *dest, struct BigNum const *src);
-int bnSwap_16(struct BigNum *a, struct BigNum *b);
-void bnNorm_16(struct BigNum *bn);
-void bnExtractBigBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertBigBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-void bnExtractLittleBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertLittleBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-unsigned bnLSWord_16(struct BigNum const *src);
-int bnReadBit_16(struct BigNum const *bn, unsigned bit);
-unsigned bnBits_16(struct BigNum const *src);
-int bnAdd_16(struct BigNum *dest, struct BigNum const *src);
-int bnSub_16(struct BigNum *dest, struct BigNum const *src);
-int bnCmpQ_16(struct BigNum const *a, unsigned b);
-int bnSetQ_16(struct BigNum *dest, unsigned src);
-int bnAddQ_16(struct BigNum *dest, unsigned src);
-int bnSubQ_16(struct BigNum *dest, unsigned src);
-int bnCmp_16(struct BigNum const *a, struct BigNum const *b);
-int bnSquare_16(struct BigNum *dest, struct BigNum const *src);
-int bnMul_16(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnMulQ_16(struct BigNum *dest, struct BigNum const *a, unsigned b);
-int bnDivMod_16(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d);
-int bnMod_16(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-unsigned bnModQ_16(struct BigNum const *src, unsigned d);
-int bnExpMod_16(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleExpMod_16(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-int bnTwoExpMod_16(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-int bnGcd_16(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnInv_16(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-int bnLShift_16(struct BigNum *dest, unsigned amt);
-void bnRShift_16(struct BigNum *dest, unsigned amt);
-unsigned bnMakeOdd_16(struct BigNum *n);
-int bnBasePrecompBegin_16(struct BnBasePrecomp *pre, struct BigNum const *base,
- struct BigNum const *mod, unsigned maxebits);
-void bnBasePrecompEnd_16(struct BnBasePrecomp *pre);
-int bnBasePrecompExpMod_16(struct BigNum *dest, struct BnBasePrecomp const *pre,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleBasePrecompExpMod_16(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn32.c - the high-level bignum interface
- *
- * Like lbn32.c, this reserves the string "32" for textual replacement.
- * The string must not appear anywhere unless it is intended to be replaced
- * to generate other bignum interface functions.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* for memmove() in bnMakeOdd */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-/*
- * This was useful during debugging, so it's left in here.
- * You can ignore it. DBMALLOC is generally undefined.
- */
-#ifndef DBMALLOC
-#define DBMALLOC 0
-#endif
-#if DBMALLOC
-#include "../dbmalloc/malloc.h"
-#define MALLOCDB malloc_chain_check(1)
-#else
-#define MALLOCDB (void)0
-#endif
-
-#include "lbn.h"
-#include "lbn32.h"
-#include "lbnmem.h"
-#include "bn32.h"
-#include "bn.h"
-
-/* Work-arounds for some particularly broken systems */
-#include "kludge.h" /* For memmove() */
-
-/* Functions */
-void
-bnInit_32(void)
-{
- bnEnd = bnEnd_32;
- bnPrealloc = bnPrealloc_32;
- bnCopy = bnCopy_32;
- bnNorm = bnNorm_32;
- bnExtractBigBytes = bnExtractBigBytes_32;
- bnInsertBigBytes = bnInsertBigBytes_32;
- bnExtractLittleBytes = bnExtractLittleBytes_32;
- bnInsertLittleBytes = bnInsertLittleBytes_32;
- bnLSWord = bnLSWord_32;
- bnReadBit = bnReadBit_32;
- bnBits = bnBits_32;
- bnAdd = bnAdd_32;
- bnSub = bnSub_32;
- bnCmpQ = bnCmpQ_32;
- bnSetQ = bnSetQ_32;
- bnAddQ = bnAddQ_32;
- bnSubQ = bnSubQ_32;
- bnCmp = bnCmp_32;
- bnSquare = bnSquare_32;
- bnMul = bnMul_32;
- bnMulQ = bnMulQ_32;
- bnDivMod = bnDivMod_32;
- bnMod = bnMod_32;
- bnModQ = bnModQ_32;
- bnExpMod = bnExpMod_32;
- bnDoubleExpMod = bnDoubleExpMod_32;
- bnTwoExpMod = bnTwoExpMod_32;
- bnGcd = bnGcd_32;
- bnInv = bnInv_32;
- bnLShift = bnLShift_32;
- bnRShift = bnRShift_32;
- bnMakeOdd = bnMakeOdd_32;
- bnBasePrecompBegin = bnBasePrecompBegin_32;
- bnBasePrecompEnd = bnBasePrecompEnd_32;
- bnBasePrecompExpMod = bnBasePrecompExpMod_32;
- bnDoubleBasePrecompExpMod = bnDoubleBasePrecompExpMod_32;
-}
-
-void
-bnEnd_32(struct BigNum *bn)
-{
- if (bn->ptr) {
- LBNFREE((BNWORD32 *)bn->ptr, bn->allocated);
- bn->ptr = 0;
- }
- bn->size = 0;
- bn->allocated = 0;
-
- MALLOCDB;
-}
-
-/* Internal function. It operates in words. */
-static int
-bnResize_32(struct BigNum *bn, unsigned len)
-{
- void *p;
-
- /* Round size up: most mallocs impose 8-byte granularity anyway */
- len = (len + (8/sizeof(BNWORD32) - 1)) & ~(8/sizeof(BNWORD32) - 1);
- p = LBNREALLOC((BNWORD32 *)bn->ptr, bn->allocated, len);
- if (!p)
- return -1;
- bn->ptr = p;
- bn->allocated = len;
-
- MALLOCDB;
-
- return 0;
-}
-
-#define bnSizeCheck(bn, size) \
- if (bn->allocated < size && bnResize_32(bn, size) < 0) \
- return -1
-
-/* Preallocate enough space in bn to hold "bits" bits. */
-int
-bnPrealloc_32(struct BigNum *bn, unsigned bits)
-{
- bits = (bits + 32-1)/32;
- bnSizeCheck(bn, bits);
- MALLOCDB;
- return 0;
-}
-
-int
-bnCopy_32(struct BigNum *dest, struct BigNum const *src)
-{
- bnSizeCheck(dest, src->size);
- dest->size = src->size;
- lbnCopy_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, src->size);
- MALLOCDB;
- return 0;
-}
-
-/* Is this ever needed? Normalize the bn by deleting high-order 0 words */
-void
-bnNorm_32(struct BigNum *bn)
-{
- bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, bn->size);
-}
-
-/*
- * Convert a bignum to big-endian bytes. Returns, in big-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (leading) bytes are filled with 0.
- */
-void
-bnExtractBigBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (32 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte + len) {
- *dest++ = 0;
- len--;
- }
-
- if (len)
- lbnExtractBigBytes_32((BNWORD32 *)bn->ptr, dest, lsbyte, len);
- MALLOCDB;
-}
-
-/* The inverse of the above. */
-int
-bnInsertBigBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD32)-1) / sizeof(BNWORD32);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_32((BNWORD32 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertBigBytes_32((BNWORD32 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-
-/*
- * Convert a bignum to little-endian bytes. Returns, in little-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (trailing) bytes are filled with 0.
- */
-void
-bnExtractLittleBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (32 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte + len)
- dest[--len] = 0;
-
- if (len)
- lbnExtractLittleBytes_32((BNWORD32 *)bn->ptr, dest,
- lsbyte, len);
- MALLOCDB;
-}
-
-/* The inverse of the above */
-int
-bnInsertLittleBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD32)-1) / sizeof(BNWORD32);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_32((BNWORD32 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertLittleBytes_32((BNWORD32 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-/* Return the least-significant word of the input. */
-unsigned
-bnLSWord_32(struct BigNum const *bn)
-{
- return bn->size ? (unsigned)((BNWORD32 *)bn->ptr)[BIGLITTLE(-1,0)]: 0;
-}
-
-/* Return a selected bit of the data */
-int
-bnReadBit_32(struct BigNum const *bn, unsigned bit)
-{
- BNWORD32 word;
- if (bit/32 >= bn->size)
- return 0;
- word = ((BNWORD32 *)bn->ptr)[BIGLITTLE(-1-bit/32,bit/32)];
- return (int)(word >> (bit % 32) & 1);
-}
-
-/* Count the number of significant bits. */
-unsigned
-bnBits_32(struct BigNum const *bn)
-{
- return lbnBits_32((BNWORD32 *)bn->ptr, bn->size);
-}
-
-/* dest += src */
-int
-bnAdd_32(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD32 t;
-
- if (!s)
- return 0;
-
- bnSizeCheck(dest, s);
-
- if (d < s) {
- lbnZero_32((BNWORD32 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- t = lbnAddN_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnAdd1_32((BNWORD32 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- bnSizeCheck(dest, d+1);
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1-d,d)] = t;
- dest->size = d+1;
- }
- }
- return 0;
-}
-
-/*
- * dest -= src.
- * If dest goes negative, this produces the absolute value of
- * the difference (the negative of the true value) and returns 1.
- * Otherwise, it returls 0.
- */
-int
-bnSub_32(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD32 t;
-
- if (d < s && d < (s = lbnNorm_32((BNWORD32 *)src->ptr, s))) {
- bnSizeCheck(dest, s);
- lbnZero_32((BNWORD32 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- if (!s)
- return 0;
- t = lbnSubN_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnSub1_32((BNWORD32 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- lbnNeg_32((BNWORD32 *)dest->ptr, d);
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr,
- dest->size);
- MALLOCDB;
- return 1;
- }
- }
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dest->size);
- return 0;
-}
-
-/*
- * Compare the BigNum to the given value, which must be < 65536.
- * Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmpQ(a,b) <=> 0
- */
-int
-bnCmpQ_32(struct BigNum const *a, unsigned b)
-{
- unsigned t;
- BNWORD32 v;
-
- t = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- /* If a is more than one word long or zero, it's easy... */
- if (t != 1)
- return (t > 1) ? 1 : (b ? -1 : 0);
- v = (unsigned)((BNWORD32 *)a->ptr)[BIGLITTLE(-1,0)];
- return (v > b) ? 1 : ((v < b) ? -1 : 0);
-}
-
-/* Set dest to a small value */
-int
-bnSetQ_32(struct BigNum *dest, unsigned src)
-{
- if (src) {
- bnSizeCheck(dest, 1);
-
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1,0)] = (BNWORD32)src;
- dest->size = 1;
- } else {
- dest->size = 0;
- }
- return 0;
-}
-
-/* dest += src */
-int
-bnAddQ_32(struct BigNum *dest, unsigned src)
-{
- BNWORD32 t;
-
- if (!dest->size)
- return bnSetQ(dest, src);
-
- t = lbnAdd1_32((BNWORD32 *)dest->ptr, dest->size, (BNWORD32)src);
- MALLOCDB;
- if (t) {
- src = dest->size;
- bnSizeCheck(dest, src+1);
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1-src,src)] = t;
- dest->size = src+1;
- }
- return 0;
-}
-
-/*
- * Return value as for bnSub: 1 if subtract underflowed, in which
- * case the return is the negative of the computed value.
- */
-int
-bnSubQ_32(struct BigNum *dest, unsigned src)
-{
- BNWORD32 t;
-
- if (!dest->size)
- return bnSetQ(dest, src) < 0 ? -1 : (src != 0);
-
- t = lbnSub1_32((BNWORD32 *)dest->ptr, dest->size, src);
- MALLOCDB;
- if (t) {
- /* Underflow. <= 1 word, so do it simply. */
- lbnNeg_32((BNWORD32 *)dest->ptr, 1);
- dest->size = 1;
- return 1;
- }
-/* Try to normalize? Needing this is going to be pretty damn rare. */
-/* dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dest->size); */
- return 0;
-}
-
-/*
- * Compare two BigNums. Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmp(a,b) <=> 0
- */
-int
-bnCmp_32(struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
-
- s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- t = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
-
- if (s != t)
- return s > t ? 1 : -1;
- return lbnCmp_32((BNWORD32 *)a->ptr, (BNWORD32 *)b->ptr, s);
-}
-
-/* dest = src*src. This is more efficient than bnMul. */
-int
-bnSquare_32(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s;
- BNWORD32 *srcbuf;
-
- s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- if (!s) {
- dest->size = 0;
- return 0;
- }
- bnSizeCheck(dest, 2*s);
-
- if (src == dest) {
- LBNALLOC(srcbuf, BNWORD32, s);
- if (!srcbuf)
- return -1;
- lbnCopy_32(srcbuf, (BNWORD32 *)src->ptr, s);
- lbnSquare_32((BNWORD32 *)dest->ptr, (BNWORD32 *)srcbuf, s);
- LBNFREE(srcbuf, s);
- } else {
- lbnSquare_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
- }
-
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, 2*s);
- MALLOCDB;
- return 0;
-}
-
-/* dest = a * b. Any overlap between operands is allowed. */
-int
-bnMul_32(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
- BNWORD32 *srcbuf;
-
- s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- t = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
-
- if (!s || !t) {
- dest->size = 0;
- return 0;
- }
-
- if (a == b)
- return bnSquare_32(dest, a);
-
- bnSizeCheck(dest, s+t);
-
- if (dest == a) {
- LBNALLOC(srcbuf, BNWORD32, s);
- if (!srcbuf)
- return -1;
- lbnCopy_32(srcbuf, (BNWORD32 *)a->ptr, s);
- lbnMul_32((BNWORD32 *)dest->ptr, srcbuf, s,
- (BNWORD32 *)b->ptr, t);
- LBNFREE(srcbuf, s);
- } else if (dest == b) {
- LBNALLOC(srcbuf, BNWORD32, t);
- if (!srcbuf)
- return -1;
- lbnCopy_32(srcbuf, (BNWORD32 *)b->ptr, t);
- lbnMul_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s,
- srcbuf, t);
- LBNFREE(srcbuf, t);
- } else {
- lbnMul_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s,
- (BNWORD32 *)b->ptr, t);
- }
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s+t);
- MALLOCDB;
- return 0;
-}
-
-/* dest = a * b */
-int
-bnMulQ_32(struct BigNum *dest, struct BigNum const *a, unsigned b)
-{
- unsigned s;
-
- s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- if (!s || !b) {
- dest->size = 0;
- return 0;
- }
- if (b == 1)
- return bnCopy_32(dest, a);
- bnSizeCheck(dest, s+1);
- lbnMulN1_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s, b);
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s+1);
- MALLOCDB;
- return 0;
-}
-
-/* q = n/d, r = n % d */
-int
-bnDivMod_32(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d)
-{
- unsigned dsize, nsize;
- BNWORD32 qhigh;
-
- dsize = lbnNorm_32((BNWORD32 *)d->ptr, d->size);
- nsize = lbnNorm_32((BNWORD32 *)n->ptr, n->size);
-
- if (nsize < dsize) {
- q->size = 0; /* No quotient */
- r->size = nsize;
- return 0; /* Success */
- }
-
- bnSizeCheck(q, nsize-dsize);
-
- if (r != n) { /* You are allowed to reduce in place */
- bnSizeCheck(r, nsize);
- lbnCopy_32((BNWORD32 *)r->ptr, (BNWORD32 *)n->ptr, nsize);
- }
-
- qhigh = lbnDiv_32((BNWORD32 *)q->ptr, (BNWORD32 *)r->ptr, nsize,
- (BNWORD32 *)d->ptr, dsize);
- nsize -= dsize;
- if (qhigh) {
- bnSizeCheck(q, nsize+1);
- *((BNWORD32 *)q->ptr BIGLITTLE(-nsize-1,+nsize)) = qhigh;
- q->size = nsize+1;
- } else {
- q->size = lbnNorm_32((BNWORD32 *)q->ptr, nsize);
- }
- r->size = lbnNorm_32((BNWORD32 *)r->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-/* det = src % d */
-int
-bnMod_32(struct BigNum *dest, struct BigNum const *src, struct BigNum const *d)
-{
- unsigned dsize, nsize;
-
- nsize = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- dsize = lbnNorm_32((BNWORD32 *)d->ptr, d->size);
-
-
- if (dest != src) {
- bnSizeCheck(dest, nsize);
- lbnCopy_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, nsize);
- }
-
- if (nsize < dsize) {
- dest->size = nsize; /* No quotient */
- return 0;
- }
-
- (void)lbnDiv_32((BNWORD32 *)dest->ptr BIGLITTLE(-dsize,+dsize),
- (BNWORD32 *)dest->ptr, nsize,
- (BNWORD32 *)d->ptr, dsize);
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-/* return src % d. */
-unsigned
-bnModQ_32(struct BigNum const *src, unsigned d)
-{
- unsigned s;
-
- s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- if (!s)
- return 0;
-
- if (d & (d-1)) /* Not a power of 2 */
- d = lbnModQ_32((BNWORD32 *)src->ptr, s, d);
- else
- d = (unsigned)((BNWORD32 *)src->ptr)[BIGLITTLE(-1,0)] & (d-1);
- return d;
-}
-
-/* dest = n^exp (mod mod) */
-int
-bnExpMod_32(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned nsize, esize, msize;
-
- nsize = lbnNorm_32((BNWORD32 *)n->ptr, n->size);
- esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
- msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- /* Special-case base of 2 */
- if (nsize == 1 && ((BNWORD32 *)n->ptr)[BIGLITTLE(-1,0)] == 2) {
- if (lbnTwoExpMod_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)exp->ptr, esize,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
- } else {
- if (lbnExpMod_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)n->ptr, nsize,
- (BNWORD32 *)exp->ptr, esize,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
- }
-
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/*
- * dest = n1^e1 * n2^e2 (mod mod). This is more efficient than two
- * separate modular exponentiations, and in fact asymptotically approaches
- * the cost of one.
- */
-int
-bnDoubleExpMod_32(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod)
-{
- unsigned n1size, e1size, n2size, e2size, msize;
-
- n1size = lbnNorm_32((BNWORD32 *)n1->ptr, n1->size);
- e1size = lbnNorm_32((BNWORD32 *)e1->ptr, e1->size);
- n2size = lbnNorm_32((BNWORD32 *)n2->ptr, n2->size);
- e2size = lbnNorm_32((BNWORD32 *)e2->ptr, e2->size);
- msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- if (lbnDoubleExpMod_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)n1->ptr, n1size, (BNWORD32 *)e1->ptr, e1size,
- (BNWORD32 *)n2->ptr, n2size, (BNWORD32 *)e2->ptr, e2size,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
-
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/* n = 2^exp (mod mod) */
-int
-bnTwoExpMod_32(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod)
-{
- unsigned esize, msize;
-
- esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
- msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(n, msize);
-
- if (lbnTwoExpMod_32((BNWORD32 *)n->ptr, (BNWORD32 *)exp->ptr, esize,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
-
- n->size = lbnNorm_32((BNWORD32 *)n->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/* dest = gcd(a, b) */
-int
-bnGcd_32(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- BNWORD32 *tmp;
- unsigned asize, bsize;
- int i;
-
- /* Kind of silly, but we might as well permit it... */
- if (a == b)
- return dest == a ? 0 : bnCopy(dest, a);
-
- /* Ensure a is not the same as "dest" */
- if (a == dest) {
- a = b;
- b = dest;
- }
-
- asize = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- bsize = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
-
- bnSizeCheck(dest, bsize+1);
-
- /* Copy a to tmp */
- LBNALLOC(tmp, BNWORD32, asize+1);
- if (!tmp)
- return -1;
- lbnCopy_32(tmp, (BNWORD32 *)a->ptr, asize);
-
- /* Copy b to dest, if necessary */
- if (dest != b)
- lbnCopy_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)b->ptr, bsize);
- if (bsize > asize || (bsize == asize &&
- lbnCmp_32((BNWORD32 *)b->ptr, (BNWORD32 *)a->ptr, asize) > 0))
- {
- i = lbnGcd_32((BNWORD32 *)dest->ptr, bsize, tmp, asize,
- &dest->size);
- if (i > 0) /* Result in tmp, not dest */
- lbnCopy_32((BNWORD32 *)dest->ptr, tmp, dest->size);
- } else {
- i = lbnGcd_32(tmp, asize, (BNWORD32 *)dest->ptr, bsize,
- &dest->size);
- if (i == 0) /* Result in tmp, not dest */
- lbnCopy_32((BNWORD32 *)dest->ptr, tmp, dest->size);
- }
- LBNFREE(tmp, asize+1);
- MALLOCDB;
- return (i < 0) ? i : 0;
-}
-
-/*
- * dest = 1/src (mod mod). Returns >0 if gcd(src, mod) != 1 (in which case
- * the inverse does not exist).
- */
-int
-bnInv_32(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod)
-{
- unsigned s, m;
- int i;
-
- s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- m = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- /* lbnInv_32 requires that the input be less than the modulus */
- if (m < s ||
- (m==s && lbnCmp_32((BNWORD32 *)src->ptr, (BNWORD32 *)mod->ptr, s)))
- {
- bnSizeCheck(dest, s + (m==s));
- if (dest != src)
- lbnCopy_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)src->ptr, s);
- /* Pre-reduce modulo the modulus */
- (void)lbnDiv_32((BNWORD32 *)dest->ptr BIGLITTLE(-m,+m),
- (BNWORD32 *)dest->ptr, s,
- (BNWORD32 *)mod->ptr, m);
- s = lbnNorm_32((BNWORD32 *)dest->ptr, m);
- MALLOCDB;
- } else {
- bnSizeCheck(dest, m+1);
- if (dest != src)
- lbnCopy_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)src->ptr, s);
- }
-
- i = lbnInv_32((BNWORD32 *)dest->ptr, s, (BNWORD32 *)mod->ptr, m);
- if (i == 0)
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, m);
-
- MALLOCDB;
- return i;
-}
-
-/*
- * Shift a bignum left the appropriate number of bits,
- * multiplying by 2^amt.
- */
-int
-bnLShift_32(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
- BNWORD32 carry;
-
- if (amt % 32) {
- carry = lbnLshift_32((BNWORD32 *)dest->ptr, s, amt % 32);
- if (carry) {
- s++;
- bnSizeCheck(dest, s);
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-s,s-1)] = carry;
- }
- }
-
- amt /= 32;
- if (amt) {
- bnSizeCheck(dest, s+amt);
- memmove((BNWORD32 *)dest->ptr BIGLITTLE(-s-amt, +amt),
- (BNWORD32 *)dest->ptr BIG(-s),
- s * sizeof(BNWORD32));
- lbnZero_32((BNWORD32 *)dest->ptr, amt);
- s += amt;
- }
- dest->size = s;
- MALLOCDB;
- return 0;
-}
-
-/*
- * Shift a bignum right the appropriate number of bits,
- * dividing by 2^amt.
- */
-void
-bnRShift_32(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
-
- if (amt >= 32) {
- memmove(
- (BNWORD32 *)dest->ptr BIG(-s+amt/32),
- (BNWORD32 *)dest->ptr BIGLITTLE(-s, +amt/32),
- (s-amt/32) * sizeof(BNWORD32));
- s -= amt/32;
- amt %= 32;
- }
-
- if (amt)
- (void)lbnRshift_32((BNWORD32 *)dest->ptr, s, amt);
-
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s);
- MALLOCDB;
-}
-
-/*
- * Shift a bignum right until it is odd, and return the number of
- * bits shifted. n = d * 2^s. Replaces n with d and returns s.
- * Returns 0 when given 0. (Another valid answer is infinity.)
- */
-unsigned
-bnMakeOdd_32(struct BigNum *n)
-{
- unsigned size;
- unsigned s; /* shift amount */
- BNWORD32 *p;
- BNWORD32 t;
-
- p = (BNWORD32 *)n->ptr;
- size = lbnNorm_32(p, n->size);
- if (!size)
- return 0;
-
- t = BIGLITTLE(p[-1],p[0]);
- s = 0;
-
- /* See how many words we have to shift */
- if (!t) {
- /* Shift by words */
- do {
- s++;
- BIGLITTLE(--p,p++);
- } while ((t = BIGLITTLE(p[-1],p[0])) == 0);
- size -= s;
- s *= 32;
- memmove((BNWORD32 *)n->ptr BIG(-size), p BIG(-size),
- size * sizeof(BNWORD32));
- p = (BNWORD32 *)n->ptr;
- MALLOCDB;
- }
-
- assert(t);
-
- if (!(t & 1)) {
- /* Now count the bits */
- do {
- t >>= 1;
- s++;
- } while ((t & 1) == 0);
-
- /* Shift the bits */
- lbnRshift_32(p, size, s & (32-1));
- /* Renormalize */
- if (BIGLITTLE(*(p-size),*(p+(size-1))) == 0)
- --size;
- }
- n->size = size;
-
- MALLOCDB;
- return s;
-}
-
-/*
- * Do base- and modulus-dependent precomputation for rapid computation of
- * base^exp (mod mod) with various exponents.
- *
- * See lbn32.c for the details on how the algorithm works. Basically,
- * it involves precomputing a table of powers of base, base^(order^k),
- * for a suitable range 0 <= k < n detemined by the maximum exponent size
- * desired. To do eht exponentiation, the exponent is expressed in base
- * "order" (sorry for the confusing terminology) and the precomputed powers
- * are combined.
- *
- * This implementation allows only power-of-2 values for "order". Using
- * other numbers can be more efficient, but it's more work and for the
- * popular exponent size of 320 bits, an order of 8 is optimal, so it
- * hasn't seemed worth it to implement.
- *
- * Here's a table of the optimal power-of-2 order for various exponent
- * sizes and the associated (average) cost for an exponentiation.
- * Note that *higher* orders are more memory-efficient; the number
- * of precomputed values required is ceil(ebits/order). (Ignore the
- * underscores in the middle of numbers; they're harmless.)
- *
- * At 2 bits, order 2 uses 0.000000 multiplies
- * At 4 bits, order 2 uses 1.000000 multiplies
- * At 8 bits, order 2 uses 3.000000 multiplies
- * At 1_6 bits, order 2 uses 7.000000 multiplies
- * At 3_2 bits, order 2 uses 15.000000 multiplies
- * At 34 bits, 15.750000 (order 4) < 1_6.000000 (order 2)
- * At 6_4 bits, order 4 uses 27.000000 multiplies
- * At 99 bits, 39.875000 (order 8) < 40.250000 (order 4)
- * At 128 bits, order 8 uses 48.500000 multiplies
- * At 256 bits, order 8 uses 85.875000 multiplies
- * At 280 bits, 92.625000 (order 1_6) < 92.875000 (order 8)
- * At 512 bits, order 1_6 uses 147.000000 multiplies
- * At 785 bits, 211.093750 (order 3_2) < 211.250000 (order 1_6)
- * At 1024 bits, order 3_2 uses 257.562500 multiplies
- * At 2048 bits, order 3_2 uses 456.093750 multiplies
- * At 2148 bits, 475.406250 (order 6_4) < 475.468750 (order 3_2)
- * At 4096 bits, order 6_4 uses 795.281250 multiplies
- * At 5726 bits, 1062.609375 (order 128) < 1062.843750 (order 6_4)
- * At 8192 bits, order 128 uses 1412.609375 multiplies
- * At 14848 bits, 2355.750000 (order 256) < 2355.929688 (order 128)
- * At 37593 bits, 5187.841797 (order 512) < 5188.144531 (order 256)
- */
-int
-bnBasePrecompBegin_32(struct BnBasePrecomp *pre, struct BigNum const *base,
- struct BigNum const *mod, unsigned maxebits)
-{
- int i;
- BNWORD32 **array; /* Array of precomputed powers of base */
- unsigned n; /* Number of entries in array (needed) */
- unsigned m; /* Number of entries in array (non-NULL) */
- unsigned arraysize; /* Number of entries in array (allocated) */
- unsigned bits; /* log2(order) */
- unsigned msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
- static unsigned const bnBasePrecompThreshTable[] = {
- 33, 98, 279, 784, 2147, 5725, 14847, 37592, (unsigned)-1
- };
-
- /* Clear pre in case of failure */
- pre->array = 0;
- pre->msize = 0;
- pre->bits = 0;
- pre->maxebits = 0;
- pre->arraysize = 0;
- pre->entries = 0;
-
- /* Find the correct bit-window size */
- bits = 0;
- do
- bits++;
- while (maxebits > bnBasePrecompThreshTable[bits]);
-
- /* Now the number of precomputed values we need */
- n = (maxebits+bits-1)/bits;
- assert(n*bits >= maxebits);
-
- arraysize = n+1; /* Add one trailing NULL for safety */
- array = lbnMemAlloc(arraysize * sizeof(*array));
- if (!array)
- return -1; /* Out of memory */
-
- /* Now allocate the entries (precomputed powers of base) */
- for (m = 0; m < n; m++) {
- BNWORD32 *entry;
-
- LBNALLOC(entry, BNWORD32, msize);
- if (!entry)
- break;
- array[m] = entry;
- }
-
- /* "m" is the number of successfully allocated entries */
- if (m < n) {
- /* Ran out of memory; see if we can use a smaller array */
- BNWORD32 **newarray;
-
- if (m < 2) {
- n = 0; /* Forget it */
- } else {
- /* How few bits can we use with what's allocated? */
- bits = (maxebits + m - 1) / m;
-retry:
- n = (maxebits + bits - 1) / bits;
- if (! (n >> bits) )
- n = 0; /* Not enough to amount to anything */
- }
- /* Free excess allocated array entries */
- while (m > n) {
- BNWORD32 *entry = array[--m];
- LBNFREE(entry, msize);
- }
- if (!n) {
- /* Give it up */
- lbnMemFree(array, arraysize * sizeof(*array));
- return -1;
- }
- /*
- * Try to shrink the pointer array. This might fail, but
- * it's not critical. lbnMemRealloc isn't guarnateed to
- * exist, so we may have to allocate, copy, and free.
- */
-#ifdef lbnMemRealloc
- newarray = lbnMemRealloc(array, arraysize * sizeof(*array),
- (n+1) * sizeof(*array));
- if (newarray) {
- array = newarray;
- arraysize = n+1;
- }
-#else
- newarray = lbnMemAlloc((n+1) * sizeof(*array));
- if (newarray) {
- memcpy(newarray, array, n * sizeof(*array));
- lbnMemFree(array, arraysize * sizeof(*array));
- array = newarray;
- arraysize = n+1;
- }
-#endif
- }
-
- /* Pad with null pointers */
- while (m < arraysize)
- array[m++] = 0;
-
- /* Okay, we have our array, now initialize it */
- i = lbnBasePrecompBegin_32(array, n, bits,
- (BNWORD32 *)base->ptr, base->size,
- (BNWORD32 *)mod->ptr, msize);
- if (i < 0) {
- /* Ack, still out of memory */
- bits++;
- m = n;
- goto retry;
- }
- /* Finally, totoal success */
- pre->array = array;
- pre->bits = bits;
- pre->msize = msize;
- pre->maxebits = n * bits;
- pre->arraysize = arraysize;
- pre->entries = n;
- return 0;
-}
-
-/* Free everything preallocated */
-void
-bnBasePrecompEnd_32(struct BnBasePrecomp *pre)
-{
- BNWORD32 **array = pre->array;
-
- if (array) {
- unsigned entries = pre->entries;
- unsigned msize = pre->msize;
- unsigned m;
-
- for (m = 0; m < entries; m++) {
- BNWORD32 *entry = array[m];
- if (entry)
- LBNFREE(entry, msize);
- }
- lbnMemFree(array, pre->arraysize * sizeof(array));
- }
- pre->array = 0;
- pre->bits = 0;
- pre->msize = 0;
- pre->maxebits = 0;
- pre->arraysize = 0;
- pre->entries = 0;
-}
-
-int
-bnBasePrecompExpMod_32(struct BigNum *dest, struct BnBasePrecomp const *pre,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
- unsigned esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
- BNWORD32 const * const *array = pre->array;
- int i;
-
- assert(msize == pre->msize);
- assert(((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
- assert(lbnBits_32((BNWORD32 *)exp->ptr, esize) <= pre->maxebits);
-
- bnSizeCheck(dest, msize);
-
- i = lbnBasePrecompExp_32(dest->ptr, array, pre->bits,
- exp->ptr, esize, mod->ptr, msize);
- if (i == 0)
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
- return i;
-}
-
-int
-bnDoubleBasePrecompExpMod_32(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod)
-{
- unsigned msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
- unsigned e1size = lbnNorm_32((BNWORD32 *)exp1->ptr, exp1->size);
- unsigned e2size = lbnNorm_32((BNWORD32 *)exp1->ptr, exp2->size);
- BNWORD32 const * const *array1 = pre1->array;
- BNWORD32 const * const *array2 = pre2->array;
- int i;
-
- assert(msize == pre1->msize);
- assert(msize == pre2->msize);
- assert(((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
- assert(lbnBits_32((BNWORD32 *)exp1->ptr, e1size) <= pre1->maxebits);
- assert(lbnBits_32((BNWORD32 *)exp2->ptr, e2size) <= pre2->maxebits);
- assert(pre1->bits == pre2->bits);
-
- bnSizeCheck(dest, msize);
-
- i = lbnDoubleBasePrecompExp_32(dest->ptr, pre1->bits, array1,
- exp1->ptr, e1size, array2, exp2->ptr, e2size,
- mod->ptr, msize);
- if (i == 0)
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
- return i;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn32.h - interface to 32-bit bignum routines.
- */
-struct BigNum;
-struct BnBasePrecomp;
-
-void bnInit_32(void);
-void bnEnd_32(struct BigNum *bn);
-int bnPrealloc_32(struct BigNum *bn, unsigned bits);
-int bnCopy_32(struct BigNum *dest, struct BigNum const *src);
-int bnSwap_32(struct BigNum *a, struct BigNum *b);
-void bnNorm_32(struct BigNum *bn);
-void bnExtractBigBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertBigBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-void bnExtractLittleBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertLittleBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-unsigned bnLSWord_32(struct BigNum const *src);
-int bnReadBit_32(struct BigNum const *bn, unsigned bit);
-unsigned bnBits_32(struct BigNum const *src);
-int bnAdd_32(struct BigNum *dest, struct BigNum const *src);
-int bnSub_32(struct BigNum *dest, struct BigNum const *src);
-int bnCmpQ_32(struct BigNum const *a, unsigned b);
-int bnSetQ_32(struct BigNum *dest, unsigned src);
-int bnAddQ_32(struct BigNum *dest, unsigned src);
-int bnSubQ_32(struct BigNum *dest, unsigned src);
-int bnCmp_32(struct BigNum const *a, struct BigNum const *b);
-int bnSquare_32(struct BigNum *dest, struct BigNum const *src);
-int bnMul_32(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnMulQ_32(struct BigNum *dest, struct BigNum const *a, unsigned b);
-int bnDivMod_32(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d);
-int bnMod_32(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-unsigned bnModQ_32(struct BigNum const *src, unsigned d);
-int bnExpMod_32(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleExpMod_32(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-int bnTwoExpMod_32(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-int bnGcd_32(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnInv_32(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-int bnLShift_32(struct BigNum *dest, unsigned amt);
-void bnRShift_32(struct BigNum *dest, unsigned amt);
-unsigned bnMakeOdd_32(struct BigNum *n);
-int bnBasePrecompBegin_32(struct BnBasePrecomp *pre, struct BigNum const *base,
- struct BigNum const *mod, unsigned maxebits);
-void bnBasePrecompEnd_32(struct BnBasePrecomp *pre);
-int bnBasePrecompExpMod_32(struct BigNum *dest, struct BnBasePrecomp const *pre,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleBasePrecompExpMod_32(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn64.c - the high-level bignum interface
- *
- * Like lbn64.c, this reserves the string "64" for textual replacement.
- * The string must not appear anywhere unless it is intended to be replaced
- * to generate other bignum interface functions.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* for memmove() in bnMakeOdd */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-/*
- * This was useful during debugging, so it's left in here.
- * You can ignore it. DBMALLOC is generally undefined.
- */
-#ifndef DBMALLOC
-#define DBMALLOC 0
-#endif
-#if DBMALLOC
-#include "../dbmalloc/malloc.h"
-#define MALLOCDB malloc_chain_check(1)
-#else
-#define MALLOCDB (void)0
-#endif
-
-#include "lbn.h"
-#include "lbn64.h"
-#include "lbnmem.h"
-#include "bn64.h"
-#include "bn.h"
-
-/* Work-arounds for some particularly broken systems */
-#include "kludge.h" /* For memmove() */
-
-/* Functions */
-void
-bnInit_64(void)
-{
- bnEnd = bnEnd_64;
- bnPrealloc = bnPrealloc_64;
- bnCopy = bnCopy_64;
- bnNorm = bnNorm_64;
- bnExtractBigBytes = bnExtractBigBytes_64;
- bnInsertBigBytes = bnInsertBigBytes_64;
- bnExtractLittleBytes = bnExtractLittleBytes_64;
- bnInsertLittleBytes = bnInsertLittleBytes_64;
- bnLSWord = bnLSWord_64;
- bnReadBit = bnReadBit_64;
- bnBits = bnBits_64;
- bnAdd = bnAdd_64;
- bnSub = bnSub_64;
- bnCmpQ = bnCmpQ_64;
- bnSetQ = bnSetQ_64;
- bnAddQ = bnAddQ_64;
- bnSubQ = bnSubQ_64;
- bnCmp = bnCmp_64;
- bnSquare = bnSquare_64;
- bnMul = bnMul_64;
- bnMulQ = bnMulQ_64;
- bnDivMod = bnDivMod_64;
- bnMod = bnMod_64;
- bnModQ = bnModQ_64;
- bnExpMod = bnExpMod_64;
- bnDoubleExpMod = bnDoubleExpMod_64;
- bnTwoExpMod = bnTwoExpMod_64;
- bnGcd = bnGcd_64;
- bnInv = bnInv_64;
- bnLShift = bnLShift_64;
- bnRShift = bnRShift_64;
- bnMakeOdd = bnMakeOdd_64;
- bnBasePrecompBegin = bnBasePrecompBegin_64;
- bnBasePrecompEnd = bnBasePrecompEnd_64;
- bnBasePrecompExpMod = bnBasePrecompExpMod_64;
- bnDoubleBasePrecompExpMod = bnDoubleBasePrecompExpMod_64;
-}
-
-void
-bnEnd_64(struct BigNum *bn)
-{
- if (bn->ptr) {
- LBNFREE((BNWORD64 *)bn->ptr, bn->allocated);
- bn->ptr = 0;
- }
- bn->size = 0;
- bn->allocated = 0;
-
- MALLOCDB;
-}
-
-/* Internal function. It operates in words. */
-static int
-bnResize_64(struct BigNum *bn, unsigned len)
-{
- void *p;
-
- /* Round size up: most mallocs impose 8-byte granularity anyway */
- len = (len + (8/sizeof(BNWORD64) - 1)) & ~(8/sizeof(BNWORD64) - 1);
- p = LBNREALLOC((BNWORD64 *)bn->ptr, bn->allocated, len);
- if (!p)
- return -1;
- bn->ptr = p;
- bn->allocated = len;
-
- MALLOCDB;
-
- return 0;
-}
-
-#define bnSizeCheck(bn, size) \
- if (bn->allocated < size && bnResize_64(bn, size) < 0) \
- return -1
-
-/* Preallocate enough space in bn to hold "bits" bits. */
-int
-bnPrealloc_64(struct BigNum *bn, unsigned bits)
-{
- bits = (bits + 64-1)/64;
- bnSizeCheck(bn, bits);
- MALLOCDB;
- return 0;
-}
-
-int
-bnCopy_64(struct BigNum *dest, struct BigNum const *src)
-{
- bnSizeCheck(dest, src->size);
- dest->size = src->size;
- lbnCopy_64((BNWORD64 *)dest->ptr, (BNWORD64 *)src->ptr, src->size);
- MALLOCDB;
- return 0;
-}
-
-/* Is this ever needed? Normalize the bn by deleting high-order 0 words */
-void
-bnNorm_64(struct BigNum *bn)
-{
- bn->size = lbnNorm_64((BNWORD64 *)bn->ptr, bn->size);
-}
-
-/*
- * Convert a bignum to big-endian bytes. Returns, in big-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (leading) bytes are filled with 0.
- */
-void
-bnExtractBigBytes_64(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (64 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte + len) {
- *dest++ = 0;
- len--;
- }
-
- if (len)
- lbnExtractBigBytes_64((BNWORD64 *)bn->ptr, dest, lsbyte, len);
- MALLOCDB;
-}
-
-/* The inverse of the above. */
-int
-bnInsertBigBytes_64(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD64)-1) / sizeof(BNWORD64);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_64((BNWORD64 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertBigBytes_64((BNWORD64 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_64((BNWORD64 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-
-/*
- * Convert a bignum to little-endian bytes. Returns, in little-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (trailing) bytes are filled with 0.
- */
-void
-bnExtractLittleBytes_64(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (64 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte + len)
- dest[--len] = 0;
-
- if (len)
- lbnExtractLittleBytes_64((BNWORD64 *)bn->ptr, dest,
- lsbyte, len);
- MALLOCDB;
-}
-
-/* The inverse of the above */
-int
-bnInsertLittleBytes_64(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD64)-1) / sizeof(BNWORD64);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_64((BNWORD64 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertLittleBytes_64((BNWORD64 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_64((BNWORD64 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-/* Return the least-significant word of the input. */
-unsigned
-bnLSWord_64(struct BigNum const *bn)
-{
- return bn->size ? (unsigned)((BNWORD64 *)bn->ptr)[BIGLITTLE(-1,0)]: 0;
-}
-
-/* Return a selected bit of the data */
-int
-bnReadBit_64(struct BigNum const *bn, unsigned bit)
-{
- BNWORD64 word;
- if (bit/64 >= bn->size)
- return 0;
- word = ((BNWORD64 *)bn->ptr)[BIGLITTLE(-1-bit/64,bit/64)];
- return (int)(word >> (bit % 64) & 1);
-}
-
-/* Count the number of significant bits. */
-unsigned
-bnBits_64(struct BigNum const *bn)
-{
- return lbnBits_64((BNWORD64 *)bn->ptr, bn->size);
-}
-
-/* dest += src */
-int
-bnAdd_64(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD64 t;
-
- if (!s)
- return 0;
-
- bnSizeCheck(dest, s);
-
- if (d < s) {
- lbnZero_64((BNWORD64 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- t = lbnAddN_64((BNWORD64 *)dest->ptr, (BNWORD64 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnAdd1_64((BNWORD64 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- bnSizeCheck(dest, d+1);
- ((BNWORD64 *)dest->ptr)[BIGLITTLE(-1-d,d)] = t;
- dest->size = d+1;
- }
- }
- return 0;
-}
-
-/*
- * dest -= src.
- * If dest goes negative, this produces the absolute value of
- * the difference (the negative of the true value) and returns 1.
- * Otherwise, it returls 0.
- */
-int
-bnSub_64(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD64 t;
-
- if (d < s && d < (s = lbnNorm_64((BNWORD64 *)src->ptr, s))) {
- bnSizeCheck(dest, s);
- lbnZero_64((BNWORD64 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- if (!s)
- return 0;
- t = lbnSubN_64((BNWORD64 *)dest->ptr, (BNWORD64 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnSub1_64((BNWORD64 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- lbnNeg_64((BNWORD64 *)dest->ptr, d);
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr,
- dest->size);
- MALLOCDB;
- return 1;
- }
- }
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, dest->size);
- return 0;
-}
-
-/*
- * Compare the BigNum to the given value, which must be < 65536.
- * Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmpQ(a,b) <=> 0
- */
-int
-bnCmpQ_64(struct BigNum const *a, unsigned b)
-{
- unsigned t;
- BNWORD64 v;
-
- t = lbnNorm_64((BNWORD64 *)a->ptr, a->size);
- /* If a is more than one word long or zero, it's easy... */
- if (t != 1)
- return (t > 1) ? 1 : (b ? -1 : 0);
- v = (unsigned)((BNWORD64 *)a->ptr)[BIGLITTLE(-1,0)];
- return (v > b) ? 1 : ((v < b) ? -1 : 0);
-}
-
-/* Set dest to a small value */
-int
-bnSetQ_64(struct BigNum *dest, unsigned src)
-{
- if (src) {
- bnSizeCheck(dest, 1);
-
- ((BNWORD64 *)dest->ptr)[BIGLITTLE(-1,0)] = (BNWORD64)src;
- dest->size = 1;
- } else {
- dest->size = 0;
- }
- return 0;
-}
-
-/* dest += src */
-int
-bnAddQ_64(struct BigNum *dest, unsigned src)
-{
- BNWORD64 t;
-
- if (!dest->size)
- return bnSetQ(dest, src);
-
- t = lbnAdd1_64((BNWORD64 *)dest->ptr, dest->size, (BNWORD64)src);
- MALLOCDB;
- if (t) {
- src = dest->size;
- bnSizeCheck(dest, src+1);
- ((BNWORD64 *)dest->ptr)[BIGLITTLE(-1-src,src)] = t;
- dest->size = src+1;
- }
- return 0;
-}
-
-/*
- * Return value as for bnSub: 1 if subtract underflowed, in which
- * case the return is the negative of the computed value.
- */
-int
-bnSubQ_64(struct BigNum *dest, unsigned src)
-{
- BNWORD64 t;
-
- if (!dest->size)
- return bnSetQ(dest, src) < 0 ? -1 : (src != 0);
-
- t = lbnSub1_64((BNWORD64 *)dest->ptr, dest->size, src);
- MALLOCDB;
- if (t) {
- /* Underflow. <= 1 word, so do it simply. */
- lbnNeg_64((BNWORD64 *)dest->ptr, 1);
- dest->size = 1;
- return 1;
- }
-/* Try to normalize? Needing this is going to be pretty damn rare. */
-/* dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, dest->size); */
- return 0;
-}
-
-/*
- * Compare two BigNums. Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmp(a,b) <=> 0
- */
-int
-bnCmp_64(struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
-
- s = lbnNorm_64((BNWORD64 *)a->ptr, a->size);
- t = lbnNorm_64((BNWORD64 *)b->ptr, b->size);
-
- if (s != t)
- return s > t ? 1 : -1;
- return lbnCmp_64((BNWORD64 *)a->ptr, (BNWORD64 *)b->ptr, s);
-}
-
-/* dest = src*src. This is more efficient than bnMul. */
-int
-bnSquare_64(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s;
- BNWORD64 *srcbuf;
-
- s = lbnNorm_64((BNWORD64 *)src->ptr, src->size);
- if (!s) {
- dest->size = 0;
- return 0;
- }
- bnSizeCheck(dest, 2*s);
-
- if (src == dest) {
- LBNALLOC(srcbuf, BNWORD64, s);
- if (!srcbuf)
- return -1;
- lbnCopy_64(srcbuf, (BNWORD64 *)src->ptr, s);
- lbnSquare_64((BNWORD64 *)dest->ptr, (BNWORD64 *)srcbuf, s);
- LBNFREE(srcbuf, s);
- } else {
- lbnSquare_64((BNWORD64 *)dest->ptr, (BNWORD64 *)src->ptr, s);
- }
-
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, 2*s);
- MALLOCDB;
- return 0;
-}
-
-/* dest = a * b. Any overlap between operands is allowed. */
-int
-bnMul_64(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
- BNWORD64 *srcbuf;
-
- s = lbnNorm_64((BNWORD64 *)a->ptr, a->size);
- t = lbnNorm_64((BNWORD64 *)b->ptr, b->size);
-
- if (!s || !t) {
- dest->size = 0;
- return 0;
- }
-
- if (a == b)
- return bnSquare_64(dest, a);
-
- bnSizeCheck(dest, s+t);
-
- if (dest == a) {
- LBNALLOC(srcbuf, BNWORD64, s);
- if (!srcbuf)
- return -1;
- lbnCopy_64(srcbuf, (BNWORD64 *)a->ptr, s);
- lbnMul_64((BNWORD64 *)dest->ptr, srcbuf, s,
- (BNWORD64 *)b->ptr, t);
- LBNFREE(srcbuf, s);
- } else if (dest == b) {
- LBNALLOC(srcbuf, BNWORD64, t);
- if (!srcbuf)
- return -1;
- lbnCopy_64(srcbuf, (BNWORD64 *)b->ptr, t);
- lbnMul_64((BNWORD64 *)dest->ptr, (BNWORD64 *)a->ptr, s,
- srcbuf, t);
- LBNFREE(srcbuf, t);
- } else {
- lbnMul_64((BNWORD64 *)dest->ptr, (BNWORD64 *)a->ptr, s,
- (BNWORD64 *)b->ptr, t);
- }
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, s+t);
- MALLOCDB;
- return 0;
-}
-
-/* dest = a * b */
-int
-bnMulQ_64(struct BigNum *dest, struct BigNum const *a, unsigned b)
-{
- unsigned s;
-
- s = lbnNorm_64((BNWORD64 *)a->ptr, a->size);
- if (!s || !b) {
- dest->size = 0;
- return 0;
- }
- if (b == 1)
- return bnCopy_64(dest, a);
- bnSizeCheck(dest, s+1);
- lbnMulN1_64((BNWORD64 *)dest->ptr, (BNWORD64 *)a->ptr, s, b);
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, s+1);
- MALLOCDB;
- return 0;
-}
-
-/* q = n/d, r = n % d */
-int
-bnDivMod_64(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d)
-{
- unsigned dsize, nsize;
- BNWORD64 qhigh;
-
- dsize = lbnNorm_64((BNWORD64 *)d->ptr, d->size);
- nsize = lbnNorm_64((BNWORD64 *)n->ptr, n->size);
-
- if (nsize < dsize) {
- q->size = 0; /* No quotient */
- r->size = nsize;
- return 0; /* Success */
- }
-
- bnSizeCheck(q, nsize-dsize);
-
- if (r != n) { /* You are allowed to reduce in place */
- bnSizeCheck(r, nsize);
- lbnCopy_64((BNWORD64 *)r->ptr, (BNWORD64 *)n->ptr, nsize);
- }
-
- qhigh = lbnDiv_64((BNWORD64 *)q->ptr, (BNWORD64 *)r->ptr, nsize,
- (BNWORD64 *)d->ptr, dsize);
- nsize -= dsize;
- if (qhigh) {
- bnSizeCheck(q, nsize+1);
- *((BNWORD64 *)q->ptr BIGLITTLE(-nsize-1,+nsize)) = qhigh;
- q->size = nsize+1;
- } else {
- q->size = lbnNorm_64((BNWORD64 *)q->ptr, nsize);
- }
- r->size = lbnNorm_64((BNWORD64 *)r->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-/* det = src % d */
-int
-bnMod_64(struct BigNum *dest, struct BigNum const *src, struct BigNum const *d)
-{
- unsigned dsize, nsize;
-
- nsize = lbnNorm_64((BNWORD64 *)src->ptr, src->size);
- dsize = lbnNorm_64((BNWORD64 *)d->ptr, d->size);
-
-
- if (dest != src) {
- bnSizeCheck(dest, nsize);
- lbnCopy_64((BNWORD64 *)dest->ptr, (BNWORD64 *)src->ptr, nsize);
- }
-
- if (nsize < dsize) {
- dest->size = nsize; /* No quotient */
- return 0;
- }
-
- (void)lbnDiv_64((BNWORD64 *)dest->ptr BIGLITTLE(-dsize,+dsize),
- (BNWORD64 *)dest->ptr, nsize,
- (BNWORD64 *)d->ptr, dsize);
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-/* return src % d. */
-unsigned
-bnModQ_64(struct BigNum const *src, unsigned d)
-{
- unsigned s;
-
- s = lbnNorm_64((BNWORD64 *)src->ptr, src->size);
- if (!s)
- return 0;
-
- if (d & (d-1)) /* Not a power of 2 */
- d = lbnModQ_64((BNWORD64 *)src->ptr, s, d);
- else
- d = (unsigned)((BNWORD64 *)src->ptr)[BIGLITTLE(-1,0)] & (d-1);
- return d;
-}
-
-/* dest = n^exp (mod mod) */
-int
-bnExpMod_64(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned nsize, esize, msize;
-
- nsize = lbnNorm_64((BNWORD64 *)n->ptr, n->size);
- esize = lbnNorm_64((BNWORD64 *)exp->ptr, exp->size);
- msize = lbnNorm_64((BNWORD64 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD64 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- /* Special-case base of 2 */
- if (nsize == 1 && ((BNWORD64 *)n->ptr)[BIGLITTLE(-1,0)] == 2) {
- if (lbnTwoExpMod_64((BNWORD64 *)dest->ptr,
- (BNWORD64 *)exp->ptr, esize,
- (BNWORD64 *)mod->ptr, msize) < 0)
- return -1;
- } else {
- if (lbnExpMod_64((BNWORD64 *)dest->ptr,
- (BNWORD64 *)n->ptr, nsize,
- (BNWORD64 *)exp->ptr, esize,
- (BNWORD64 *)mod->ptr, msize) < 0)
- return -1;
- }
-
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/*
- * dest = n1^e1 * n2^e2 (mod mod). This is more efficient than two
- * separate modular exponentiations, and in fact asymptotically approaches
- * the cost of one.
- */
-int
-bnDoubleExpMod_64(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod)
-{
- unsigned n1size, e1size, n2size, e2size, msize;
-
- n1size = lbnNorm_64((BNWORD64 *)n1->ptr, n1->size);
- e1size = lbnNorm_64((BNWORD64 *)e1->ptr, e1->size);
- n2size = lbnNorm_64((BNWORD64 *)n2->ptr, n2->size);
- e2size = lbnNorm_64((BNWORD64 *)e2->ptr, e2->size);
- msize = lbnNorm_64((BNWORD64 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD64 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- if (lbnDoubleExpMod_64((BNWORD64 *)dest->ptr,
- (BNWORD64 *)n1->ptr, n1size, (BNWORD64 *)e1->ptr, e1size,
- (BNWORD64 *)n2->ptr, n2size, (BNWORD64 *)e2->ptr, e2size,
- (BNWORD64 *)mod->ptr, msize) < 0)
- return -1;
-
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/* n = 2^exp (mod mod) */
-int
-bnTwoExpMod_64(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod)
-{
- unsigned esize, msize;
-
- esize = lbnNorm_64((BNWORD64 *)exp->ptr, exp->size);
- msize = lbnNorm_64((BNWORD64 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD64 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(n, msize);
-
- if (lbnTwoExpMod_64((BNWORD64 *)n->ptr, (BNWORD64 *)exp->ptr, esize,
- (BNWORD64 *)mod->ptr, msize) < 0)
- return -1;
-
- n->size = lbnNorm_64((BNWORD64 *)n->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-/* dest = gcd(a, b) */
-int
-bnGcd_64(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- BNWORD64 *tmp;
- unsigned asize, bsize;
- int i;
-
- /* Kind of silly, but we might as well permit it... */
- if (a == b)
- return dest == a ? 0 : bnCopy(dest, a);
-
- /* Ensure a is not the same as "dest" */
- if (a == dest) {
- a = b;
- b = dest;
- }
-
- asize = lbnNorm_64((BNWORD64 *)a->ptr, a->size);
- bsize = lbnNorm_64((BNWORD64 *)b->ptr, b->size);
-
- bnSizeCheck(dest, bsize+1);
-
- /* Copy a to tmp */
- LBNALLOC(tmp, BNWORD64, asize+1);
- if (!tmp)
- return -1;
- lbnCopy_64(tmp, (BNWORD64 *)a->ptr, asize);
-
- /* Copy b to dest, if necessary */
- if (dest != b)
- lbnCopy_64((BNWORD64 *)dest->ptr,
- (BNWORD64 *)b->ptr, bsize);
- if (bsize > asize || (bsize == asize &&
- lbnCmp_64((BNWORD64 *)b->ptr, (BNWORD64 *)a->ptr, asize) > 0))
- {
- i = lbnGcd_64((BNWORD64 *)dest->ptr, bsize, tmp, asize,
- &dest->size);
- if (i > 0) /* Result in tmp, not dest */
- lbnCopy_64((BNWORD64 *)dest->ptr, tmp, dest->size);
- } else {
- i = lbnGcd_64(tmp, asize, (BNWORD64 *)dest->ptr, bsize,
- &dest->size);
- if (i == 0) /* Result in tmp, not dest */
- lbnCopy_64((BNWORD64 *)dest->ptr, tmp, dest->size);
- }
- LBNFREE(tmp, asize+1);
- MALLOCDB;
- return (i < 0) ? i : 0;
-}
-
-/*
- * dest = 1/src (mod mod). Returns >0 if gcd(src, mod) != 1 (in which case
- * the inverse does not exist).
- */
-int
-bnInv_64(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod)
-{
- unsigned s, m;
- int i;
-
- s = lbnNorm_64((BNWORD64 *)src->ptr, src->size);
- m = lbnNorm_64((BNWORD64 *)mod->ptr, mod->size);
-
- /* lbnInv_64 requires that the input be less than the modulus */
- if (m < s ||
- (m==s && lbnCmp_64((BNWORD64 *)src->ptr, (BNWORD64 *)mod->ptr, s)))
- {
- bnSizeCheck(dest, s + (m==s));
- if (dest != src)
- lbnCopy_64((BNWORD64 *)dest->ptr,
- (BNWORD64 *)src->ptr, s);
- /* Pre-reduce modulo the modulus */
- (void)lbnDiv_64((BNWORD64 *)dest->ptr BIGLITTLE(-m,+m),
- (BNWORD64 *)dest->ptr, s,
- (BNWORD64 *)mod->ptr, m);
- s = lbnNorm_64((BNWORD64 *)dest->ptr, m);
- MALLOCDB;
- } else {
- bnSizeCheck(dest, m+1);
- if (dest != src)
- lbnCopy_64((BNWORD64 *)dest->ptr,
- (BNWORD64 *)src->ptr, s);
- }
-
- i = lbnInv_64((BNWORD64 *)dest->ptr, s, (BNWORD64 *)mod->ptr, m);
- if (i == 0)
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, m);
-
- MALLOCDB;
- return i;
-}
-
-/*
- * Shift a bignum left the appropriate number of bits,
- * multiplying by 2^amt.
- */
-int
-bnLShift_64(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
- BNWORD64 carry;
-
- if (amt % 64) {
- carry = lbnLshift_64((BNWORD64 *)dest->ptr, s, amt % 64);
- if (carry) {
- s++;
- bnSizeCheck(dest, s);
- ((BNWORD64 *)dest->ptr)[BIGLITTLE(-s,s-1)] = carry;
- }
- }
-
- amt /= 64;
- if (amt) {
- bnSizeCheck(dest, s+amt);
- memmove((BNWORD64 *)dest->ptr BIGLITTLE(-s-amt, +amt),
- (BNWORD64 *)dest->ptr BIG(-s),
- s * sizeof(BNWORD64));
- lbnZero_64((BNWORD64 *)dest->ptr, amt);
- s += amt;
- }
- dest->size = s;
- MALLOCDB;
- return 0;
-}
-
-/*
- * Shift a bignum right the appropriate number of bits,
- * dividing by 2^amt.
- */
-void
-bnRShift_64(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
-
- if (amt >= 64) {
- memmove(
- (BNWORD64 *)dest->ptr BIG(-s+amt/64),
- (BNWORD64 *)dest->ptr BIGLITTLE(-s, +amt/64),
- (s-amt/64) * sizeof(BNWORD64));
- s -= amt/64;
- amt %= 64;
- }
-
- if (amt)
- (void)lbnRshift_64((BNWORD64 *)dest->ptr, s, amt);
-
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, s);
- MALLOCDB;
-}
-
-/*
- * Shift a bignum right until it is odd, and return the number of
- * bits shifted. n = d * 2^s. Replaces n with d and returns s.
- * Returns 0 when given 0. (Another valid answer is infinity.)
- */
-unsigned
-bnMakeOdd_64(struct BigNum *n)
-{
- unsigned size;
- unsigned s; /* shift amount */
- BNWORD64 *p;
- BNWORD64 t;
-
- p = (BNWORD64 *)n->ptr;
- size = lbnNorm_64(p, n->size);
- if (!size)
- return 0;
-
- t = BIGLITTLE(p[-1],p[0]);
- s = 0;
-
- /* See how many words we have to shift */
- if (!t) {
- /* Shift by words */
- do {
- s++;
- BIGLITTLE(--p,p++);
- } while ((t = BIGLITTLE(p[-1],p[0])) == 0);
- size -= s;
- s *= 64;
- memmove((BNWORD64 *)n->ptr BIG(-size), p BIG(-size),
- size * sizeof(BNWORD64));
- p = (BNWORD64 *)n->ptr;
- MALLOCDB;
- }
-
- assert(t);
-
- if (!(t & 1)) {
- /* Now count the bits */
- do {
- t >>= 1;
- s++;
- } while ((t & 1) == 0);
-
- /* Shift the bits */
- lbnRshift_64(p, size, s & (64-1));
- /* Renormalize */
- if (BIGLITTLE(*(p-size),*(p+(size-1))) == 0)
- --size;
- }
- n->size = size;
-
- MALLOCDB;
- return s;
-}
-
-/*
- * Do base- and modulus-dependent precomputation for rapid computation of
- * base^exp (mod mod) with various exponents.
- *
- * See lbn64.c for the details on how the algorithm works. Basically,
- * it involves precomputing a table of powers of base, base^(order^k),
- * for a suitable range 0 <= k < n detemined by the maximum exponent size
- * desired. To do eht exponentiation, the exponent is expressed in base
- * "order" (sorry for the confusing terminology) and the precomputed powers
- * are combined.
- *
- * This implementation allows only power-of-2 values for "order". Using
- * other numbers can be more efficient, but it's more work and for the
- * popular exponent size of 640 bits, an order of 8 is optimal, so it
- * hasn't seemed worth it to implement.
- *
- * Here's a table of the optimal power-of-2 order for various exponent
- * sizes and the associated (average) cost for an exponentiation.
- * Note that *higher* orders are more memory-efficient; the number
- * of precomputed values required is ceil(ebits/order). (Ignore the
- * underscores in the middle of numbers; they're harmless.)
- *
- * At 2 bits, order 2 uses 0.000000 multiplies
- * At 4 bits, order 2 uses 1.000000 multiplies
- * At 8 bits, order 2 uses 3.000000 multiplies
- * At 1_6 bits, order 2 uses 7.000000 multiplies
- * At 3_2 bits, order 2 uses 15.000000 multiplies
- * At 34 bits, 15.750000 (order 4) < 1_6.000000 (order 2)
- * At 6_4 bits, order 4 uses 27.000000 multiplies
- * At 99 bits, 39.875000 (order 8) < 40.250000 (order 4)
- * At 128 bits, order 8 uses 48.500000 multiplies
- * At 256 bits, order 8 uses 85.875000 multiplies
- * At 280 bits, 92.625000 (order 1_6) < 92.875000 (order 8)
- * At 512 bits, order 1_6 uses 147.000000 multiplies
- * At 785 bits, 211.093750 (order 3_2) < 211.250000 (order 1_6)
- * At 1024 bits, order 3_2 uses 257.562500 multiplies
- * At 2048 bits, order 3_2 uses 456.093750 multiplies
- * At 2148 bits, 475.406250 (order 6_4) < 475.468750 (order 3_2)
- * At 4096 bits, order 6_4 uses 795.281250 multiplies
- * At 5726 bits, 1062.609375 (order 128) < 1062.843750 (order 6_4)
- * At 8192 bits, order 128 uses 1412.609375 multiplies
- * At 14848 bits, 2355.750000 (order 256) < 2355.929688 (order 128)
- * At 37593 bits, 5187.841797 (order 512) < 5188.144531 (order 256)
- */
-int
-bnBasePrecompBegin_64(struct BnBasePrecomp *pre, struct BigNum const *base,
- struct BigNum const *mod, unsigned maxebits)
-{
- int i;
- BNWORD64 **array; /* Array of precomputed powers of base */
- unsigned n; /* Number of entries in array (needed) */
- unsigned m; /* Number of entries in array (non-NULL) */
- unsigned arraysize; /* Number of entries in array (allocated) */
- unsigned bits; /* log2(order) */
- unsigned msize = lbnNorm_64((BNWORD64 *)mod->ptr, mod->size);
- static unsigned const bnBasePrecompThreshTable[] = {
- 33, 98, 279, 784, 2147, 5725, 14847, 37592, (unsigned)-1
- };
-
- /* Clear pre in case of failure */
- pre->array = 0;
- pre->msize = 0;
- pre->bits = 0;
- pre->maxebits = 0;
- pre->arraysize = 0;
- pre->entries = 0;
-
- /* Find the correct bit-window size */
- bits = 0;
- do
- bits++;
- while (maxebits > bnBasePrecompThreshTable[bits]);
-
- /* Now the number of precomputed values we need */
- n = (maxebits+bits-1)/bits;
- assert(n*bits >= maxebits);
-
- arraysize = n+1; /* Add one trailing NULL for safety */
- array = lbnMemAlloc(arraysize * sizeof(*array));
- if (!array)
- return -1; /* Out of memory */
-
- /* Now allocate the entries (precomputed powers of base) */
- for (m = 0; m < n; m++) {
- BNWORD64 *entry;
-
- LBNALLOC(entry, BNWORD64, msize);
- if (!entry)
- break;
- array[m] = entry;
- }
-
- /* "m" is the number of successfully allocated entries */
- if (m < n) {
- /* Ran out of memory; see if we can use a smaller array */
- BNWORD64 **newarray;
-
- if (m < 2) {
- n = 0; /* Forget it */
- } else {
- /* How few bits can we use with what's allocated? */
- bits = (maxebits + m - 1) / m;
-retry:
- n = (maxebits + bits - 1) / bits;
- if (! (n >> bits) )
- n = 0; /* Not enough to amount to anything */
- }
- /* Free excess allocated array entries */
- while (m > n) {
- BNWORD64 *entry = array[--m];
- LBNFREE(entry, msize);
- }
- if (!n) {
- /* Give it up */
- lbnMemFree(array, arraysize * sizeof(*array));
- return -1;
- }
- /*
- * Try to shrink the pointer array. This might fail, but
- * it's not critical. lbnMemRealloc isn't guarnateed to
- * exist, so we may have to allocate, copy, and free.
- */
-#ifdef lbnMemRealloc
- newarray = lbnMemRealloc(array, arraysize * sizeof(*array),
- (n+1) * sizeof(*array));
- if (newarray) {
- array = newarray;
- arraysize = n+1;
- }
-#else
- newarray = lbnMemAlloc((n+1) * sizeof(*array));
- if (newarray) {
- memcpy(newarray, array, n * sizeof(*array));
- lbnMemFree(array, arraysize * sizeof(*array));
- array = newarray;
- arraysize = n+1;
- }
-#endif
- }
-
- /* Pad with null pointers */
- while (m < arraysize)
- array[m++] = 0;
-
- /* Okay, we have our array, now initialize it */
- i = lbnBasePrecompBegin_64(array, n, bits,
- (BNWORD64 *)base->ptr, base->size,
- (BNWORD64 *)mod->ptr, msize);
- if (i < 0) {
- /* Ack, still out of memory */
- bits++;
- m = n;
- goto retry;
- }
- /* Finally, totoal success */
- pre->array = array;
- pre->bits = bits;
- pre->msize = msize;
- pre->maxebits = n * bits;
- pre->arraysize = arraysize;
- pre->entries = n;
- return 0;
-}
-
-/* Free everything preallocated */
-void
-bnBasePrecompEnd_64(struct BnBasePrecomp *pre)
-{
- BNWORD64 **array = pre->array;
-
- if (array) {
- unsigned entries = pre->entries;
- unsigned msize = pre->msize;
- unsigned m;
-
- for (m = 0; m < entries; m++) {
- BNWORD64 *entry = array[m];
- if (entry)
- LBNFREE(entry, msize);
- }
- lbnMemFree(array, pre->arraysize * sizeof(array));
- }
- pre->array = 0;
- pre->bits = 0;
- pre->msize = 0;
- pre->maxebits = 0;
- pre->arraysize = 0;
- pre->entries = 0;
-}
-
-int
-bnBasePrecompExpMod_64(struct BigNum *dest, struct BnBasePrecomp const *pre,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned msize = lbnNorm_64((BNWORD64 *)mod->ptr, mod->size);
- unsigned esize = lbnNorm_64((BNWORD64 *)exp->ptr, exp->size);
- BNWORD64 const * const *array = pre->array;
- int i;
-
- assert(msize == pre->msize);
- assert(((BNWORD64 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
- assert(lbnBits_64((BNWORD64 *)exp->ptr, esize) <= pre->maxebits);
-
- bnSizeCheck(dest, msize);
-
- i = lbnBasePrecompExp_64(dest->ptr, array, pre->bits,
- exp->ptr, esize, mod->ptr, msize);
- if (i == 0)
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, msize);
- return i;
-}
-
-int
-bnDoubleBasePrecompExpMod_64(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod)
-{
- unsigned msize = lbnNorm_64((BNWORD64 *)mod->ptr, mod->size);
- unsigned e1size = lbnNorm_64((BNWORD64 *)exp1->ptr, exp1->size);
- unsigned e2size = lbnNorm_64((BNWORD64 *)exp1->ptr, exp2->size);
- BNWORD64 const * const *array1 = pre1->array;
- BNWORD64 const * const *array2 = pre2->array;
- int i;
-
- assert(msize == pre1->msize);
- assert(msize == pre2->msize);
- assert(((BNWORD64 *)mod->ptr)[BIGLITTLE(-1,0)] & 1);
- assert(lbnBits_64((BNWORD64 *)exp1->ptr, e1size) <= pre1->maxebits);
- assert(lbnBits_64((BNWORD64 *)exp2->ptr, e2size) <= pre2->maxebits);
- assert(pre1->bits == pre2->bits);
-
- bnSizeCheck(dest, msize);
-
- i = lbnDoubleBasePrecompExp_64(dest->ptr, pre1->bits, array1,
- exp1->ptr, e1size, array2, exp2->ptr, e2size,
- mod->ptr, msize);
- if (i == 0)
- dest->size = lbnNorm_64((BNWORD64 *)dest->ptr, msize);
- return i;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn64.h - interface to 64-bit bignum routines.
- */
-struct BigNum;
-struct BnBasePrecomp;
-
-void bnInit_64(void);
-void bnEnd_64(struct BigNum *bn);
-int bnPrealloc_64(struct BigNum *bn, unsigned bits);
-int bnCopy_64(struct BigNum *dest, struct BigNum const *src);
-int bnSwap_64(struct BigNum *a, struct BigNum *b);
-void bnNorm_64(struct BigNum *bn);
-void bnExtractBigBytes_64(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertBigBytes_64(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-void bnExtractLittleBytes_64(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertLittleBytes_64(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-unsigned bnLSWord_64(struct BigNum const *src);
-int bnReadBit_64(struct BigNum const *bn, unsigned bit);
-unsigned bnBits_64(struct BigNum const *src);
-int bnAdd_64(struct BigNum *dest, struct BigNum const *src);
-int bnSub_64(struct BigNum *dest, struct BigNum const *src);
-int bnCmpQ_64(struct BigNum const *a, unsigned b);
-int bnSetQ_64(struct BigNum *dest, unsigned src);
-int bnAddQ_64(struct BigNum *dest, unsigned src);
-int bnSubQ_64(struct BigNum *dest, unsigned src);
-int bnCmp_64(struct BigNum const *a, struct BigNum const *b);
-int bnSquare_64(struct BigNum *dest, struct BigNum const *src);
-int bnMul_64(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnMulQ_64(struct BigNum *dest, struct BigNum const *a, unsigned b);
-int bnDivMod_64(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d);
-int bnMod_64(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-unsigned bnModQ_64(struct BigNum const *src, unsigned d);
-int bnExpMod_64(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleExpMod_64(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-int bnTwoExpMod_64(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-int bnGcd_64(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnInv_64(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-int bnLShift_64(struct BigNum *dest, unsigned amt);
-void bnRShift_64(struct BigNum *dest, unsigned amt);
-unsigned bnMakeOdd_64(struct BigNum *n);
-int bnBasePrecompBegin_64(struct BnBasePrecomp *pre, struct BigNum const *base,
- struct BigNum const *mod, unsigned maxebits);
-void bnBasePrecompEnd_64(struct BnBasePrecomp *pre);
-int bnBasePrecompExpMod_64(struct BigNum *dest, struct BnBasePrecomp const *pre,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleBasePrecompExpMod_64(struct BigNum *dest,
- struct BnBasePrecomp const *pre1, struct BigNum const *exp1,
- struct BnBasePrecomp const *pre2, struct BigNum const *exp2,
- struct BigNum const *mod);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn68000.c - bnInit() for Motorola 680x0 family, 16 or 32-bit.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "lbn.h"
-#include "bn16.h"
-#include "bn32.h"
-
-#ifndef BNINCLUDE
-#error You must define BNINCLUDE to lbn68000.h to use assembly primitives.
-#endif
-
-void
-bnInit(void)
-{
- if (is68020())
- bnInit_32();
- else
- bnInit_16();
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bn8086.c - bnInit() for Intel x86 family in 16-bit mode.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "lbn.h"
-#include "bn16.h"
-#include "bn32.h"
-
-#ifndef BNINCLUDE
-#error You must define BNINCLUDE to lbn8086.h to use assembly primitives.
-#endif
-
-void
-bnInit(void)
-{
- if (not386())
- bnInit_16();
- else
- bnInit_32();
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bnconfig.h -- Configuration file for BigNum library.
- *
- * This file is automatically filled in by configure.
- * Everything must start out turned *off*, because configure
- * (or, more properly, config.status) only knows how to turn them
- * *on*.
- */
-#ifndef CONFIG_H
-#define CONFIG_H
-
-/* Define to empty if the compiler does not support 'const' variables. */
-#undef const
-
-/* Define to `unsigned' if <sys/types.h> doesn't define it. */
-#undef size_t
-
-/* Checks for the presence and absence of various header files */
-#define HAVE_ASSERT_H 0
-#define NO_ASSERT_H !HAVE_ASSERT_H
-#define HAVE_LIMITS_H 0
-#define NO_LIMITS_H !HAVE_LIMITS_H
-#define HAVE_STDLIB_H 0
-#define NO_STDLIB_H !HAVE_STDLIB_H
-#define HAVE_STRING_H 0
-#define NO_STRING_H !HAVE_STRING_H
-
-#define HAVE_STRINGS_H 0
-
-/* We go to some trouble to find accurate times... */
-
-/* Define if you have Posix.4 glock_gettime() */
-#define HAVE_CLOCK_GETTIME 0
-/* Define if you have Solaris-style gethrvtime() */
-#define HAVE_GETHRVTIME 0
-/* Define if you have getrusage() */
-#define HAVE_GETRUSAGE 0
-/* Define if you have clock() */
-#define HAVE_CLOCK 0
-/* Define if you have time() */
-#define HAVE_TIME 0
-
-/*
- * Define as 0 if #including <sys/time.h> automatically
- * #includes <time.h>, and doing so explicitly causes an
- * error.
- */
-#define TIME_WITH_SYS_TIME 0
-
-/* Defines for various kinds of library brokenness */
-
-/* If not available, bcopy() is substituted */
-#define HAVE_MEMMOVE 0
-#define NO_MEMMOVE !HAVE_MEMMOVE
-#define HAVE_MEMCPY 0
-#define NO_MEMCPY !HAVE_MEMCPY
-
-#endif /* CONFIG_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bnconfig.h -- Configuration file for BigNum library.
- *
- * This file is automatically filled in by configure.
- * Everything must start out turned *off*, because configure
- * (or, more properly, config.status) only knows how to turn them
- * *on*.
- */
-#ifndef CONFIG_H
-#define CONFIG_H
-
-/* Define to empty if the compiler does not support 'const' variables. */
-#undef const
-
-/* Define to `unsigned' if <sys/types.h> doesn't define it. */
-#undef size_t
-
-/* Checks for the presence and absence of various header files */
-#define HAVE_ASSERT_H 1
-#define NO_ASSERT_H !HAVE_ASSERT_H
-#define HAVE_LIMITS_H 1
-#define NO_LIMITS_H !HAVE_LIMITS_H
-#define HAVE_STDLIB_H 1
-#define NO_STDLIB_H !HAVE_STDLIB_H
-#define HAVE_STRING_H 1
-#define NO_STRING_H !HAVE_STRING_H
-
-#define HAVE_STRINGS_H 0
-
-/* We go to some trouble to find accurate times... */
-
-/* Define if you have Posix.4 glock_gettime() */
-#define HAVE_CLOCK_GETTIME 0
-/* Define if you have Solaris-style gethrvtime() */
-#define HAVE_GETHRVTIME 0
-/* Define if you have getrusage() */
-#define HAVE_GETRUSAGE 0
-/* Define if you have clock() */
-#define HAVE_CLOCK 0
-/* Define if you have time() */
-#define HAVE_TIME 0
-
-/*
- * Define as 0 if #including <sys/time.h> automatically
- * #includes <time.h>, and doing so explicitly causes an
- * error.
- */
-#define TIME_WITH_SYS_TIME 0
-
-/* Defines for various kinds of library brokenness */
-
-/* If not available, bcopy() is substituted */
-#define HAVE_MEMMOVE 1
-#define NO_MEMMOVE !HAVE_MEMMOVE
-#define HAVE_MEMCPY 1
-#define NO_MEMCPY !HAVE_MEMCPY
-
-#endif /* CONFIG_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bninit16.c - Provide an init function that sets things up for 16-bit
- * operation. This is a seaparate tiny file so you can compile two bn
- * packages into the library and write a custom init routine.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bn.h"
-#include "bn16.h"
-
-void
-bnInit(void)
-{
- bnInit_16();
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bninit32.c - Provide an init function that sets things up for 32-bit
- * operation. This is a seaparate tiny file so you can compile two bn
- * packages into the library and write a custom init routine.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bn.h"
-#include "bn32.h"
-
-void
-bnInit(void)
-{
- bnInit_32();
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bninit64.c - Provide an init function that sets things up for 64-bit
- * operation. This is a seaparate tiny file so you can compile two bn
- * packages into the library and write a custom init routine.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bn.h"
-#include "bn64.h"
-
-void
-bnInit(void)
-{
- bnInit_64();
-}
+++ /dev/null
-* The organization of the BigNum Library
-
-As mentioned in bn.doc, the library should compile on anything with an
-ANSI C compiler and 16 and 32-bit data types. (Non-power-of-2 word
-lengths probably wouldn't be *too* hard, but the matter is likely to
-remain academic.) However, assembly subroutines can be added in a
-great variety of ways to speed up computations.
-
-It's even possible to vary the word length dynamically at run time.
-Currently, 80x86 and 680x0 assembly primitives have been written in 16
-and 32-bit forms, as not all members of these families support 32x32->64
-bit multiply. In future, 32/64 bit routines may be nice for the MIPS
-and PowerPC processors. (The SPARC has a 64-bit extension, but it still
-only produces a maximum 64-bit multiply result. The MIPS, PowerPC and
-Alpha give access to 128 bits of product.)
-
-The way that this works is that the file bn.c declares a big pile of
-function pointers, and the first bnInit() call figures out which set
-of functions to point these to. The functions are named so that
-it is possible to link several sets into the same executable without
-collisions.
-
-The library can store numbers in big-endian or little-endian word order,
-although the order of bytes within a word is always the platform native
-order. As long as you're using the pure C version, you can compile
-independent of the native byte ordering, but the flexibility is available
-in case assembly primitives are easier to write one way or the other.
-(In the absence of other considerations, little-endian is somewhat more
-efficient, and is the default. This is controlled by BN_XXX_ENDIAN.)
-
-In fact, it would be possible to change the word order at run time,
-except that there is no naming convention to support linking in
-functions that differ only in endianness. (Which is because the
-point of doing so is unclear.)
-
-The core of the library is in the files lbn??.c and bn??.c, where "??"
-is 16, 32, or 64. The 32 and 64-bit files are generated from the 16-bit
-version by a simple textual substitution. The 16-bit files are generally
-considered the master source, and the others generated from it with sed.
-
-Usually, only one set of these files is used on any given platform,
-but if you want multiple word sizes, you include one for each supported
-word size. The files bninit??.c define a bnInit function for a given
-word size, which calls bnInit_??() internally. Only one of these may
-be included at a time, and multiple word sizes are handled by a more
-complex bnInit function such as the ones in bn8086.c and bn68000.c,
-which determine the word size of the processor they're running on and
-call the appropriate bnInit_??() function.
-
-The file lbn.h uses <limits.h> to find the platform's available data
-types. The types are defined both as macros (BNWORD32) and as typedefs
-(bnword32) which aren't used anywhere but can come in very handy when
-using a debugger (which doesn't know about macros). Any of these may
-be overridden either on the compiler command line (cc -DBN_BIG_ENDIAN
--DBNWORD32="unsigned long"), or from an extra include file BNINCLUDE
-defined on the command line. (cc -DBNINCLUDE=lbnmagic.h) This is the
-preferred way to specify assembly primitives.
-
-So, for example, to build a 68020 version of the library, compile the
-32-bit library with -DBNINCLUDE=lbn68020.h, and compile and link in
-lbn68020.c (which is actually an assembly source file, if you look).
-
-Both 16- and 32-bit 80x86 code is included in lbn8086.h and .asm. That
-code uses 16-bit large-model addressing. lbn80386.h and .asm use 32-bit
-flat-model addressing.
-
-Three particularly heavily used macros defined by lbn.h are BIG(x),
-LITTLE(y) and BIGLITTLE(x,y). These expand to x (or nothing) on
-a big-endian system, and y (or nothing) on a little-endian system.
-These are used to conditionalize the rest of the code without taking
-up entire lines to say "#ifdef BN_BIG_ENDIAN", "#else" and "#endif".
-
-* The lbn??.c files
-
-The lbn?? file contains the low-level bignum functions. These universally
-expect their numbers to be passed to them in (buffer, length) form and
-do not attempt to extend the buffers. (In some cases, they do allocate
-temporary buffers.) The buffer pointer points to the least-significant
-end of the buffer. If the machine uses big-endian word ordering, that
-is a pointer to the end of the buffer. This is motivated by considering
-pointers to point to the boundaries between words (or bytes). If you
-consider a pointer to point to a word rather than between words, the
-pointer in the big-endian case points to the first word past the end of the
-buffer.
-
-All of the primitives have names of the form lbnAddN_16, where the
-_16 is the word size. All are surrounded by "#ifndef lbnAddN_16".
-If you #define lbnAddN_16 previously (either on the command like or
-in the BNINCLUDE file), the C code will neither define *nor declare* the
-corresponding function. The declaration must be suppressed in case you
-declare it in a magic way with special calling attributes or define it as
-a macro.
-
-If you wish to write an assembly primitive, lbnMulAdd1_??, which
-multiplies N words by 1 word and adds the result to N words, returning
-the carry word, is by FAR the most important function - almost all of
-the time spent performing a modular exponentiation is spent in this
-function. lbnMulSub1_??, which does the same but subtracts the product
-and returns a word of borrow, is used heavily in the division routine
-and thus by GCD and modular inverse computation.
-
-These two functions are the only functions which *require* some sort
-of double-word data type, so if you define them in assembly language,
-the ?? may be the widest word your C compiler supports; otherwise, you
-must limit your implementation to half of the maximum word size. Other
-functions will, however, use a double-word data type if available.
-
-Actually, there are some even simpler primitives which you can provide
-to allow double-width multiplication: mul??_ppmm, mul??_ppmma and
-mul??_ppmmaa These are expected to be defined as macros (all arguments
-are always side-effect-free lvalues), and must return two words of result
-of the computation m1*m2 + a1 + a2. It is best to define all three,
-although any that are not defined will be generated from the others in
-the obvious way. GCC's inline assembler can be used to define these.
-(The names are borrowed from the GNU MP package.)
-
-There is also lbnMulN1_??, which stores the result rather than adding or
-subtracting it, but it is less critical. If it is not provided, but
-lbnMulAdd1_?? is, it will be implemented in terms of lbnMulAdd1_?? in the
-obvious way.
-
-lbnDiv21_??, which divides two words by one word and returns a quotient
-and remainder, is greatly sped up by a double-word data type, macro
-definition, or assembly implementation, but has a version which will run
-without one. If your platform has a double/single divide with remainder,
-it would help to define this, and it's quite simple.
-
-lbnModQ_?? (return a multi-precision number reduced modulo a "quick"
-(< 65536) modulus is used heavily by prime generation for trial division,
-but is otherwise little used.
-
-Other primitives may be implemented depending on the expected usage mix.
-It is generally not worth implementing lbnAddN_?? and lbnSubN_?? unless
-you want to start learning to write assembly primitives on something
-simple; they just aren't used very much. (Of course, if you do, you'll
-probably get some improvements, in both speed and object code size, so
-it's worth keeping them in, once written.)
-
-* The bn??.c files
-
-While the lbn??.c files deal in words, the bn??.c files provide the
-public interface to the library and deal in bignum structures. These
-contain a buffer pointer, an allocated length, and a used length.
-The lengths are specified in words, but as long as the user doesn't go
-prying into such innards, all of the different word-size libraries
-provide the same interface; they may be exchanged at link time, or even
-at run time.
-
-The bn.c file defines a large collection of function pointers and one
-function, bnInit. bnInit is responsible for setting the function pointers
-to point to the appropriate bn??.c functions. Each bn??.c file
-provides a bnInit_?? function which sets itself up; it is the job
-of bnInit to figure out which word size to use and call the appropriate
-bnInit_?? function.
-
-If only one word size is in use, you may link in the file bninit??.c,
-which provides a trivial bnInit function. If multiple word sizes are
-in use, you must provide the appropriate bnInit function. See
-bn8086.c as an example.
-
-For maximum portability, you may just compile and link in the files
-lbn00.c, bn00.c and bninit00.c, which determine, using the preprocessor
-at compile time, the best word size to use. (The logic is actually
-located in the file bnsize00.h, so that the three .c files cannot get out
-of sync.)
-
-The bignum buffers are allocated using the memory management routines in
-lbnmem.c. These are word-size independent; they expect byte counts and
-expect the system malloc() to return suitably aligned buffers. The
-main reason for this wrapper layer is to support any customized allocators
-that the user might want to provide.
-
-* Other bn*.c files
-
-bnprint.c is a simple routine for printing a bignum in hex. It is
-provided in a separate file so that its calls to stdio can be eliminated
-from the link process if the capability is not needed.
-
-bntest??.c is a very useful regression test if you're implementing
-assembly primitives. If it doesn't complain, you've probably
-got it right. It also does timing tests so you can see the effects
-of any changes.
-
-* Other files
-
-sieve.c contains some primitives which use the bignum library to perform
-sieving (trial division) of ranges of numbers looking for candidate primes.
-This involves two steps: using a sieve of Eratosthenes to generate the
-primes up to 65536, and using that to do trial division on a range of
-numbers following a larger input number. Note that this is designed
-for large numbers, greater than 65536, since there is no check to see
-if the input is one of the small primes; if it is divisible, it is assumed
-composite.
-
-prime.c uses sieve.c to generate primes. It uses sieve.c to eliminate
-numbers with trivial divisors, then does strong pseudoprimality tests
-with some small bases. (Actually, the first test, to the base 2, is
-optimized a bit to be faster when it fails, which is the common case,
-but 1/8 of the time it's not a strong pseudoprimality test, so an extra,
-strong, test is done in that case.)
-
-It prints progress indicators as it searches. The algorithm
-searches a range of numbers starting at a given prime, but it does
-so in a "shuffled" order, inspired by algorithm M from Knuth. (The
-random number generator to use for this is passed in; if no function
-is given, the numbers are searched in sequential order and the
-returns value will be the next prime >= the input value.)
-
-germain.c operates similarly, but generates Sophie Germain primes;
-that is, primes p such that (p-1)/2 is also prime. It lacks the
-shuffling feature - searching is always sequential.
-
-jacobi.c computes the Jacobi symbol between a small integer and a BigNum.
-It's currently only ever used in germain.c.
-
-* Sources
-
-Obviously, a key source of information was Knuth, Volume 2,
-particularly on division algorithms.
-
-The greatest inspiration, however, was Arjen Lenstra's LIP
-(Large Integer Package), distributed with the RSA-129 effort.
-While very difficult to read (there is no internal documentation on
-sometimes very subtle algorithms), it showed me many useful tricks,
-notably the windowed exponentiation algorithm that saves so many
-multiplies. If you need a more general-purpose large-integer package,
-with only a minor speed penalty, the LIP package is almost certainly
-the best available. It implements a great range of efficient
-algorithms.
-
-The second most important source was Torbjorn Granlund's gmp
-(GNU multi-precision) library. A number of C coding tricks were
-adapted from there. I'd like to thank Torbjorn for some useful
-discussions and letting me see his development work on GMP 2.0.
-
-Antoon Bosselaers, Rene' Govaerts and Joos Vandewalle, in their CRYPTO
-'93 paper, "Comparison of three modular reduction functions", brought
-Montgomery reduction to my attention, for which I am grateful.
-
-Burt Kaliski's article in the September 1993 Dr. Dobb's Journal,
-"The Z80180 and Big-number Arithmetic" pointed out the advantages (and
-terminology) of product scanning to me, although the limited
-experiments I've done have shown no improvement from trying it in C.
-
-Hans Reisel's book, "Prime Numbers and Computer Methods for Factorization"
-was of great help in designing the prime testing, although some of
-the code in the book, notably the Jacobi function in Appendix 3,
-is an impressive example of why GOTO should be considered harmful.
-Papers by R. G. E. Pinch and others in Mathematics of Computation were
-also very useful.
-
-Keith Geddes, Stephen Czapor and George Labahn's book "Algorithms
-for Computer Algebra", although it's mostly about polynomials,
-has some useful multi-precision math examples.
-
-Philip Zimmermann's mpi (multi-precision integer) library suggested
-storing the numbers in native byte order to facilitate assembly
-subroutines, although the core modular multiplication algorithms are
-so confusing that I still don't understand them. His boasting about
-the speed of his library (albeit in 1986, before any of the above were
-available for study) also inspired me to particular effort to soundly
-beat it. It also provoked a strong reaction from me against fixed
-buffer sizes, and complaints about its implementation from Paul Leyland
-(interface) and Robert Silverman (prime searching) contributed usefully
-to the design of this current library.
-
-I'd like to credit all of the above, plus the Berkeley MP package, with
-giving me difficulty finding a short, unique distinguishing prefix for
-my library's functions. (I have just, sigh, discovered that Eric Young
-is using the same prefix for *his* library, although with the
-bn_function_name convention as opposed to the bnFunctionName one.)
-
-I'd like to thank the original implementor of Unix "dc" and "factor"
-for providing useful tools for verifying the correct operation of
-my library.
-
-* Future
-
-- Obviously, assembly-language subroutines for more platforms would
- always be nice.
-- There's a special case in the division for a two-word denominator
- which should be completed.
-- When the quotient of a division is big enough, compute an inverse of
- the high word of the denominator and use multiplication by that
- to do the divide.
-- A more efficient GCD algorithm would be nice to have.
-- More efficient modular inversion is possible. Do it.
-- Extend modular inversion to deal with non-relatively-prime
- inputs. Produce y = inv(x,m) with y * x == gcd(x,m) mod m.
-- Try some product scanning in assembly.
-- Karatsuba's multiplication and squaring speedups would be nice.
-- I *don't* think that FFT-based algorithms are worth implementing yet,
- but it's worth a little bit of study to make sure.
-- More general support for numbers in Montgomery form, so they can
- be used by more than the bowels of lbnExpMod.
-- Provide an lbnExpMod optimized for small arguments > 2, using
- conventional (or even Barrett) reduction of the multiplies, and
- Montgomery reduction of the squarings.
-- Adding a Lucas-based prime test would be a real coup, although it's
- hard to give rational reasons why it's necessary. I have a number of
- ideas on this already. Find out if norm-1 (which is faster to
- compute) suffices.
-- Split up the source code more to support linking with smaller subsets
- of the library.
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bnprint.c - Print a bignum, for debugging purposes.
- */
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#include <stdio.h>
-
-#if !NO_STRING_H
-#include <string.h>
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "bn.h"
-#include "bnprint.h"
-
-#include "kludge.h"
-
-int
-bnPrint(FILE *f, char const *prefix, struct BigNum const *bn,
- char const *suffix)
-{
- unsigned char temp[32]; /* How much to print on one line */
- unsigned len;
- size_t i;
-
- if (prefix && fputs(prefix, f) < 0)
- return EOF;
-
- len = (bnBits(bn) + 7)/ 8;
-
- if (!len) {
- if (putc('0', f) < 0)
- return EOF;
- } else {
- while (len > sizeof(temp)) {
- len -= sizeof(temp);
- bnExtractBigBytes(bn, temp, len, sizeof(temp));
- for (i = 0; i < sizeof(temp); i++)
- if (fprintf(f, "%02X", temp[i]) < 0)
- return EOF;
- if (putc('\\', f) < 0 || putc('\n', f) < 0)
- return EOF;
- if (prefix) {
- i = strlen(prefix);
- while (i--)
- if (putc(' ', f) < 0)
- return EOF;
- }
- }
- bnExtractBigBytes(bn, temp, 0, len);
- for (i = 0; i < len; i++)
- if (fprintf(f, "%02X", temp[i]) < 0)
- return EOF;
- }
- return suffix ? fputs(suffix, f) : 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef BNPRINT_H
-#define BNPRINT_H
-
-#include <stdio.h>
-struct BigNum;
-
-int bnPrint(FILE *f, char const *prefix, struct BigNum const *bn,
- char const *suffix);
-
-#endif /* BNPRINT_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bnsize00.h - pick the correct machine word size to use.
- */
-#include "lbn.h" /* Get basic information */
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16 && defined(BNWORD64)
-# if defined(BNWORD128) || (defined(lbnMulAdd1_64) && defined(lbnMulSub1_64))
-# define BNSIZE64 1
-# elif defined(mul64_ppmm) || defined(mul64_ppmma) || defined(mul64_ppmmaa)
-# define BNSIZE64 1
-# endif
-#endif
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16 && defined(BNWORD32)
-# if defined(BNWORD64) || (defined(lbnMulAdd1_32) && defined(lbnMulSub1_32))
-# define BNSIZE32 1
-# elif defined(mul32_ppmm) || defined(mul32_ppmma) || defined(mul32_ppmmaa)
-# define BNSIZE32 1
-# endif
-#endif
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16 && defined(BNWORD16)
-# if defined(BNWORD32) || (defined(lbnMulAdd1_16) && defined(lbnMulSub1_16))
-# define BNSIZE16 1
-# elif defined(mul16_ppmm) || defined(mul16_ppmma) || defined(mul16_ppmmaa)
-# define BNSIZE16 1
-# endif
-#endif
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16
-#error Unable to find a viable word size to compile bignum library.
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * bntest00.c - auto-size-detecting bntest??.c file.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bnsize00.h"
-
-#if BNSIZE64
-
-#include "bntest64.c"
-
-#elif BNSIZE32
-
-#include "bntest32.c"
-
-#else /* BNSIZE16 */
-
-#include "bntest16.c"
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Test driver for low-level bignum library (16-bit version).
- * This access the low-level library directly. It is NOT an example of
- * how to program with the library normally! By accessing the library
- * at a low level, it is possible to exercise the smallest components
- * and thus localize bugs more accurately. This is especially useful
- * when writing assembly-language primitives.
- *
- * This also does timing tests on modular exponentiation. Modular
- * exponentiation is so computationally expensive that the fact that this
- * code omits one level of interface glue has no perceptible effect on
- * the results.
- */
-#include "zrtp.h"
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-#define _ZTU_ "bntest"
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#include <stdio.h>
-
-#if !NO_STDLIB_H
-#include <stdlib.h> /* For strtol */
-#else
-long strtol(const char *, char **, int);
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "lbn16.h"
-#include "kludge.h"
-
-#if BNYIELD
-int (*bnYield)(void) = 0;
-#endif
-
-/* Work with up to 2048-bit numbers */
-#define MAXBITS 3072
-#define SIZE (MAXBITS/16 + 1)
-
-/* Additive congruential random number generator, x[i] = x[i-24] + x[i-55] */
-static BNWORD16 randp[55];
-static BNWORD16 *randp1 = randp, *randp2 = randp+24;
-
-static BNWORD16
-rand16(void)
-{
- if (++randp2 == randp+55) {
- randp2 = randp;
- randp1++;
- } else if (++randp1 == randp+55) {
- randp1 = randp;
- }
-
- return *randp1 += *randp2;
-}
-
-/*
- * CRC-3_2: x^3_2+x^26+x^23+x^22+x^1_6+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1
- *
- * The additive congruential RNG is seeded with a single integer,
- * which is shuffled with a CRC polynomial to generate the initial
- * table values. The Polynomial is the same size as the words being
- * used.
- *
- * Thus, in the various versions of this library, we actually use this
- * polynomial as-is, this polynomial mod x^17, and this polynomial with
- * the leading coefficient deleted and replaced with x^6_4. As-is,
- * it's irreducible, so it has a long period. Modulo x^17, it factors as
- * (x^4+x^3+x^2+x+1) * (x^12+x^11+x^8+x^7+x^6+x^5+x^4+x^3+1),
- * which still has a large enough period (4095) for the use it's put to.
- * With the leading coefficient moved up, it factors as
- * (x^50+x^49+x^48+x^47+x^46+x^43+x^41+x^40+x^38+x^37+x^36+x^35+x^34+x^33+
- * x^31+x^30+x^29+x^28+x^27+x^25+x^23+x^18+x^1_6+x^15+x^14+x^13+x^11+x^9+
- * x^8+x^7+x^6+x^5+x^3+x^2+1)*(x^11+x^10+x^9+x^5+x^4+x^3+1)*(x^3+x+1),
- * which definitely has a long enough period to serve for initialization.
- *
- * The effort put into this PRNG is kind of unwarranted given the trivial
- * use it's being put to, but oh, well. It does have the nice advantage
- * of producing numbers that are portable between platforms, so if there's
- * a problem with one platform, you can compare all the intermediate
- * results with another platform.
- */
-#define POLY (BNWORD16)0x04c11db7
-
-static void
-srand16(BNWORD16 seed)
-{
- int i, j;
-
- for (i = 0; i < 55; i++) {
- for (j = 0; j < 16; j++)
- if (seed >> (16-1))
- seed = (seed << 1) ^ POLY;
- else
- seed <<= 1;
- randp[i] = seed;
- }
- for (i = 0; i < 3*55; i ++)
- rand16();
-}
-
-static void
-randnum(BNWORD16 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = rand16();
-}
-
-static void
-bnprint16(BNWORD16 const *num, unsigned len)
-{
- BIGLITTLE(num -= len, num += len);
-
- while (len--)
- ZRTP_LOG(3, (_ZTU_, "%0*lX", 16/4, (unsigned long)BIGLITTLE(*num++,*--num)));
-}
-
-static void
-bnput16(char const *prompt, BNWORD16 const *num, unsigned len)
-{
- fputs(prompt, stdout);
- bnprint16(num, len);
- putchar('\n');
-}
-
-/*
- * One of our tests uses a known prime. The following selections were
- * taken from the tables at the end of Hans Reisel's "Prime Numbers and
- * Computer Methods for Factorization", second edition - an excellent book.
- * (ISBN 0-8176-3743-5 ISBN 3-7323-3743-5)
- */
-#if 0
-/* P31=1839605 17620282 38179967 87333633 from the factors of 3^256+2^256 */
-static unsigned char const prime[] = {
- 0x17,0x38,0x15,0xBC,0x8B,0xBB,0xE9,0xEF,0x01,0xA9,0xFD,0x3A,0x01
-};
-#elif 0
-/* P48=40554942 04557502 46193993 36199835 4279613_2 73199617 from the same */
-static unsigned char const prime[] = {
- 0x47,0x09,0x77,0x07,0xCF,0xFD,0xE1,0x54,0x3E,0x24,
- 0xF7,0xF1,0x7A,0x3E,0x91,0x51,0xCC,0xC7,0xD4,0x01
-};
-#elif 0
-/*
- * P75 = 450 55287320 97906895 47687014 5808213_2
- * 05219565 99525911 39967932 66003_258 91979521
- * from the factors of 4^128+3+128
- * (The "026" and "062" are to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0xFF,0x00,0xFF,0x00,0xFF,0x01,0x06,0x4F,0xF8,0xED,
- 0xA3,0x37,0x23,0x2A,0x04,0xEA,0xF9,0x5F,0x30,0x4C,
- 0xAE,0xCD, 026,0x4E, 062,0x10,0x04,0x7D,0x0D,0x79,
- 0x01
-};
-#else
-/*
- * P75 = 632 85659796 45277755 9123_2190 67300940
- * 51844953 78793489 59444670 35675855 57440257
- * from the factors of 5^128+4^128
- * (The "026" is to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0x01,0x78,0x4B,0xA5,0xD3,0x30,0x03,0xEB,0x73,0xE6,
- 0x0F,0x4E,0x31,0x7D,0xBC,0xE2,0xA0,0xD4, 026,0x3F,
- 0x3C,0xEA,0x1B,0x44,0xAD,0x39,0xE7,0xE5,0xAD,0x19,
- 0x67,0x01
-};
-#endif
-
-static int
-usage(char const *name)
-{
- ZRTP_LOG(3, (_ZTU_, "Usage: %s [modbits [expbits [expbits2]]"
-"With no arguments, just runs test suite. If modbits is given, runs\n"
-"quick validation test, then runs timing tests of modular exponentiation.\n"
-"If expbits is given, it is used as an exponent size, otherwise it defaults\n"
-"to the same as modbits. If expbits2 is given it is used as the second\n"
-"exponent size in the double-exponentiation tests, otherwise it defaults\n"
-"to the same as expbits. All are limited to %u bits.\n",
- name, (unsigned)MAXBITS));
- return 1;
-}
-
-/* for libzrtp support */
-int
-bntest_main(int argc, char **argv)
-{
- unsigned i, j, k, l, m;
- int z;
- BNWORD16 t, carry, borrow;
- BNWORD16 a[SIZE], b[SIZE], c[SIZE], d[SIZE];
- BNWORD16 e[SIZE], f[SIZE];
- static BNWORD16 entries[sizeof(prime)*2][(sizeof(prime)-1)/(16/8)+1];
- BNWORD16 *array[sizeof(prime)*2];
- unsigned long modbits = 0, expbits = 0, expbits2 = 0;
- char *p;
-#define A BIGLITTLE((a+SIZE),a)
-#define B BIGLITTLE((b+SIZE),b)
-#define C BIGLITTLE((c+SIZE),c)
-#define D BIGLITTLE((d+SIZE),d)
-#define E BIGLITTLE((e+SIZE),e)
-#define F BIGLITTLE((f+SIZE),f)
- static unsigned const smallprimes[] = {
- 2, 3, 5, 7, 11, 13, 17, 19, 23, 27, 29, 31, 37, 41, 43
- };
-
- /* Set up array for precomputed modexp */
- for (i = 0; i < sizeof(array)/sizeof(*array); i++)
- array[i] = entries[i] BIG(+ SIZE);
-
- srand16(1);
-
- puts(BIGLITTLE("Big-endian machine","Little-endian machine"));
-
- if (argc >= 2) {
- modbits = strtoul(argv[1], &p, 0);
- if (!modbits || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid modbits: %s", argv[1]));
- return usage(argv[0]);
- }
- }
- if (argc >= 3) {
- expbits = strtoul(argv[2], &p, 0);
- if (!expbits || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid expbits: %s", argv[2]));
- return usage(argv[0]);
- }
- expbits2 = expbits;
- }
- if (argc >= 4) {
- expbits2 = strtoul(argv[3], &p, 0);
- if (!expbits2 || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid expbits2: %s", argv[3]));
- return usage(argv[0]);
- }
- }
- if (argc >= 5) {
- ZRTP_LOG(1, (_ZTU_, "Too many arguments: %s", argv[4]));
- return usage(argv[0]);
- }
-
-/* B is a nice not-so-little prime */
- lbnInsertBigBytes_16(B, prime, 0, sizeof(prime));
- ((unsigned char *)c)[0] = 0;
- lbnInsertBigBytes_16(B, (unsigned char *)c, sizeof(prime), 1);
- lbnExtractBigBytes_16(B, (unsigned char *)c, 0, sizeof(prime)+1);
- i = (sizeof(prime)-1)/(16/8)+1; /* Size of array in words */
- if (((unsigned char *)c)[0] ||
- memcmp(prime, (unsigned char *)c+1, sizeof(prime)) != 0)
- {
- ZRTP_LOG(3, (_ZTU_, "Input != output!: "));
- for (k = 0; k < sizeof(prime); k++)
- ZRTP_LOG(3, (_ZTU_, "%02X ", prime[k]));
- putchar('\n');
- for (k = 0; k < sizeof(prime)+1; k++)
- ZRTP_LOG(3, (_ZTU_, "%02X ", ((unsigned char *)c)[k]));
- putchar('\n');
- bnput16("p = ", B, i);
-
- }
-
- /* Timing test code - only if requested on the command line */
- if (modbits) {
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long cursec, expsec, twoexpsec, dblexpsec;
- unsigned curms, expms, twoexpms, dblexpms;
-
- expsec = twoexpsec = dblexpsec = 0;
- expms = twoexpms = dblexpms = 0;
-#endif
-
- lbnCopy_16(C,B,i);
- lbnSub1_16(C,i,1); /* C is exponent: p-1 */
-
- puts("Testing modexp with a known prime. "
- "All results should be 1.");
- bnput16("p = ", B, i);
- bnput16("p-1 = ", C, i);
- z = lbnTwoExpMod_16(A, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("2^(p-1) mod p = ", A, i);
- for (j = 0; j < 10; j++) {
- randnum(A,i);
- (void)lbnDiv_16(D,A,i,B,i);
-
- bnput16("a = ", A, i);
- z = lbnExpMod_16(D, A, i, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^(p-1) mod p = ", D, i);
-
- z = lbnBasePrecompBegin_16(array, (sizeof(prime)*8+4)/5, 5,
- A, i, B, i);
- if (z < 0)
- goto nomem;
- BIGLITTLE(D[-1],D[0]) = -1;
- z = lbnBasePrecompExp_16(D, (BNWORD16 const * const *)array,
- 5, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^(p-1) mod p = ", D, i);
-
- for (k = 0; k < 5; k++) {
- randnum(E,i);
- bnput16("e = ", E, i);
- z = lbnExpMod_16(D, A, i, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^e mod p = ", D, i);
- z = lbnBasePrecompExp_16(D, (BNWORD16 const * const *)array,
- 5, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput16("a^e mod p = ", D, i);
- }
- }
-
- ZRTP_LOG(3, (_ZTU_, "\n"
- "Timing exponentiations modulo a %d-bit modulus, i.e.\n"
- "2^<%d> mod <%d> bits, <%d>^<%d> mod <%d> bits and\n"
- "<%d>^<%d> * <%d>^<%d> mod <%d> bits",
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits, (int)expbits2,
- (int)modbits));
-
- i = ((int)modbits-1)/16+1;
- k = ((int)expbits-1)/16+1;
- l = ((int)expbits2-1)/16+1;
- for (j = 0; j < 25; j++) {
- randnum(A,i); /* Base */
- randnum(B,k); /* Exponent */
- randnum(C,i); /* Modulus */
- randnum(D,i); /* Base2 */
- randnum(E,l); /* Exponent */
- /* Clip bases and mod to appropriate number of bits */
- t = ((BNWORD16)2<<((modbits-1)%16)) - 1;
- *(BIGLITTLE(A-i,A+i-1)) &= t;
- *(BIGLITTLE(C-i,C+i-1)) &= t;
- *(BIGLITTLE(D-i,D+i-1)) &= t;
- /* Make modulus large (msbit set) and odd (lsbit set) */
- *(BIGLITTLE(C-i,C+i-1)) |= (t >> 1) + 1;
- BIGLITTLE(C[-1],C[0]) |= 1;
-
- /* Clip exponent to appropriate number of bits */
- t = ((BNWORD16)2<<((expbits-1)%16)) - 1;
- *(BIGLITTLE(B-k,B+k-1)) &= t;
- /* Make exponent large (msbit set) */
- *(BIGLITTLE(B-k,B+k-1)) |= (t >> 1) + 1;
- /* The same for exponent 2 */
- t = ((BNWORD16)2<<((expbits2-1)%16)) - 1;
- *(BIGLITTLE(E-l,E+l-1)) &= t;
- *(BIGLITTLE(E-l,E+l-1)) |= (t >> 1) + 1;
-
- m = lbnBits_16(A, i);
- if (m > (unsigned)modbits) {
- bnput16("a = ", a, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be <= %d", m, (int)modbits));
- }
- m = lbnBits_16(B, k);
- if (m != (unsigned)expbits) {
- bnput16("b = ", b, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)expbits));
- }
- m = lbnBits_16(C, i);
- if (m != (unsigned)modbits) {
- bnput16("c = ", c, k);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)modbits));
- }
- m = lbnBits_16(D, i);
- if (m > (unsigned)modbits) {
- bnput16("d = ", d, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be <= %d", m, (int)modbits));
- }
- m = lbnBits_16(E, l);
- if (m != (unsigned)expbits2) {
- bnput16("e = ", e, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)expbits2));
- }
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- z = lbnTwoExpMod_16(A, B, k, C, i);
- if (z < 0)
- goto nomem;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- twoexpsec += cursec = sec(stop);
- twoexpms += curms = msec(stop);
-
- ZRTP_LOG(3, (_ZTU_, "2^<%d>:%4lu.%03u ", (int)expbits, cursec, curms));
-#else
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> ", (int)modbits, (int)expbits));
-#endif
- fflush(stdout);
-
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- z = lbnExpMod_16(A, A, i, B, k, C, i);
- if (z < 0)
- goto nomem;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- expsec += cursec = sec(stop);
- expms += curms = msec(stop);
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>:%4lu.%03u ",(int)modbits, (int)expbits, cursec, curms));
- fflush(stdout);
-
- gettime(&start);
- z = lbnDoubleExpMod_16(D, A, i, B, k, D, i, E, l,C,i);
- if (z < 0)
- goto nomem;
- gettime(&stop);
- subtime(stop, start);
- dblexpsec += cursec = sec(stop);
- dblexpms += curms = msec(stop);
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>*<%d>^<%d>:%4lu.%03u",
- (int)modbits, (int)expbits,
- (int)modbits, (int)expbits2,
- cursec, curms));
-#else
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>*<%d>^<%d>",
- (int)modbits, (int)expbits,
- (int)modbits, (int)expbits2));
-#endif
- }
-#if CLOCK_AVAIL
- twoexpms += (twoexpsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "2^<%d> mod <%d> bits AVERAGE: %4lu.%03u s",
- (int)expbits, (int)modbits, twoexpsec/j, twoexpms/j));
- expms += (expsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> mod <%d> bits AVERAGE: %4lu.%03u s",
- (int)modbits, (int)expbits, (int)modbits, expsec/j, expms/j));
- dblexpms += (dblexpsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> * <%d>^<%d> mod <%d> bits AVERAGE:"
- " %4lu.%03u s",
- (int)modbits, (int)expbits, (int)modbits,
- (int)expbits2,
- (int)modbits, dblexpsec/j, dblexpms/j));
-
- putchar('\n');
-#endif
- }
-
- puts("Beginning 1000 interations of sanity checking.\n"
- "Any output indicates a bug. No output is very strong\n"
- "evidence that all the important low-level bignum routines\n"
- "are working properly.\n");
-
- /*
- * If you change this loop to have an iteration 0, all results
- * are primted on that iteration. Useful to see what's going
- * on in case of major wierdness, but it produces a *lot* of
- * output.
- */
-#if (ZRTP_PLATFORM == ZP_WINCE) || (ZRTP_PLATFORM == ZP_SYMBIAN)
- for (j = 1; j <= 20; j++) {
-#else
- for (j = 1; j <= 1000; j++) {
-#endif
-/* Do the tests for lots of different number sizes. */
- for (i = 1; i <= SIZE/2; i++) {
- /* Make a random number i words long */
- do {
- randnum(A,i);
- } while (lbnNorm_16(A,i) < i);
-
- /* Checl lbnCmp - does a == a? */
- if (lbnCmp_16(A,A,i) || !j) {
- bnput16("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "(a <=> a) = %d", lbnCmp_16(A,A,i)));
- }
-
- memcpy(c, a, sizeof(a));
-
- /* Check that the difference, after copy, is good. */
- if (lbnCmp_16(A,C,i) || !j) {
- bnput16("a = ", A, i);
- bnput16("c = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_16(A,C,i)));
- }
-
- /* Generate a non-zero random t */
- do {
- t = rand16();
- } while (!t);
-
- /*
- * Add t to A. Check that:
- * - lbnCmp works in both directions, and
- * - A + t is greater than A. If there was a carry,
- * the result, less the carry, should be *less*
- * than A.
- */
- carry = lbnAdd1_16(A,i,t);
- if (lbnCmp_16(A,C,i) + lbnCmp_16(C,A,i) != 0 ||
- lbnCmp_16(A,C,i) != (carry ? -1 : 1) || !j)
- {
- bnput16("c = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- bnput16("a = c+t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "carry = %lX", (unsigned long)carry));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_16(A,C,i)));
- ZRTP_LOG(3, (_ZTU_, "(c <=> a) = %d", lbnCmp_16(C,A,i)));
- }
-
- /* Subtract t again */
- memcpy(d, a, sizeof(a));
- borrow = lbnSub1_16(A,i,t);
-
- if (carry != borrow || lbnCmp_16(A,C,i) || !j) {
- bnput16("a = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- lbnAdd1_16(A,i,t);
- bnput16("a += t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- lbnSub1_16(A,i,t);
- bnput16("a -= t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_16(A,C,i)));
- }
-
- /* Generate a random B */
- do {
- randnum(B,i);
- } while (lbnNorm_16(B,i) < i);
-
- carry = lbnAddN_16(A,B,i);
- memcpy(d, a, sizeof(a));
- borrow = lbnSubN_16(A,B,i);
-
- if (carry != borrow || lbnCmp_16(A,C,i) || !j) {
- bnput16("a = ", C, i);
- bnput16("b = ", B, i);
- bnput16("a += b = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- bnput16("a -= b = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_16(A,C,i)));
- }
-
- /* D = B * t */
- lbnMulN1_16(D, B, i, t);
- memcpy(e, d, sizeof(e));
- /* D = A + B * t, "carry" is overflow */
- borrow = *(BIGLITTLE(D-i-1,D+i)) += lbnAddN_16(D,A,i);
-
- carry = lbnMulAdd1_16(A, B, i, t);
-
- /* Did MulAdd get the same answer as mul then add? */
- if (carry != borrow || lbnCmp_16(A, D, i) || !j) {
- bnput16("a = ", C, i);
- bnput16("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- bnput16("e = b * t = ", E, i+1);
- bnput16(" a + e = ", D, i+1);
- bnput16("a + b * t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "carry = %lX", (unsigned long)carry));
- }
-
- memcpy(d, a, sizeof(a));
- borrow = lbnMulSub1_16(A, B, i, t);
-
- /* Did MulSub perform the inverse of MulAdd */
- if (carry != borrow || lbnCmp_16(A,C,i) || !j) {
- bnput16(" a = ", C, i);
- bnput16(" b = ", B, i);
- bnput16("a += b*t = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- bnput16("a -= b*t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_16(A,C,i)));
- bnput16("b*t = ", E, i+1);
- }
- /* At this point we're done with t, so it's scratch */
-#if 0
-/* Extra debug code */
- lbnMulN1_16(C, A, i, BIGLITTLE(B[-1],B[0]));
- bnput16("a * b[0] = ", C, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_16(BIGLITTLE(C-k,C+k), A, i,
- *(BIGLITTLE(B-1-k,B+k)));
- *(BIGLITTLE(C-i-k,C+i+k)) = carry;
- bnput16("a * b[x] = ", C, i+k+1);
- }
-
- lbnMulN1_16(D, B, i, BIGLITTLE(A[-1],A[0]));
- bnput16("b * a[0] = ", D, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_16(BIGLITTLE(D-k,D+k), B, i,
- *(BIGLITTLE(A-1-k,A+k)));
- *(BIGLITTLE(D-i-k,D+i+k)) = carry;
- bnput16("b * a[x] = ", D, i+k+1);
- }
-#endif
- /* Does Mul work both ways symmetrically */
- lbnMul_16(C,A,i,B,i);
- lbnMul_16(D,B,i,A,i);
- if (lbnCmp_16(C,D,i+i) || !j) {
- bnput16("a = ", A, i);
- bnput16("b = ", B, i);
- bnput16("a * b = ", C, i+i);
- bnput16("b * a = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "(a*b <=> b*a) = %d", lbnCmp_16(C,D,i+i)));
- }
- /* Check multiplication modulo some small things */
- /* 30030 = 2*3*5*11*13 */
- k = lbnModQ_16(C, i+i, 30030);
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_16(C, i+i, m);
- carry = lbnModQ_16(A, i, m);
- borrow = lbnModQ_16(B, i, m);
- if (t != (carry * borrow) % m) {
- bnput16("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "a mod %u = %u", m, (unsigned)carry));
- bnput16("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "b mod %u = %u", m, (unsigned)borrow));
- bnput16("a*b = ", C, i+i);
- ZRTP_LOG(3, (_ZTU_, "a*b mod %u = %u", m, (unsigned)t));
- ZRTP_LOG(3, (_ZTU_, "expected %u", (unsigned)((carry*borrow)%m)));
- }
- /* Verify that (C % 30030) % m == C % m */
- if (m <= 13 && t != k % m) {
- ZRTP_LOG(3, (_ZTU_, "c mod 30030 = %u mod %u= %u", k, m, k%m));
- ZRTP_LOG(3, (_ZTU_, "c mod %u = %u", m, (unsigned)t));
- }
- }
-
- /* Generate an F less than A and B */
- do {
- randnum(F,i);
- } while (lbnCmp_16(F,A,i) >= 0 ||
- lbnCmp_16(F,B,i) >= 0);
-
- /* Add F to D (remember, D = A*B) */
- lbnAdd1_16(BIGLITTLE(D-i,D+i), i, lbnAddN_16(D, F, i));
- memcpy(c, d, sizeof(d));
-
- /*
- * Divide by A and check that quotient and remainder
- * match (remainder should be F, quotient should be B)
- */
- t = lbnDiv_16(E,C,i+i,A,i);
- if (t || lbnCmp_16(E,B,i) || lbnCmp_16(C, F, i) || !j) {
- bnput16("a = ", A, i);
- bnput16("b = ", B, i);
- bnput16("f = ", F, i);
- bnput16("a * b + f = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "qhigh = %lX", (unsigned long)t));
- bnput16("(a*b+f) / a = ", E, i);
- bnput16("(a*b+f) % a = ", C, i);
- }
-
- memcpy(c, d, sizeof(d));
-
- /* Divide by B and check similarly */
- t = lbnDiv_16(E,C,i+i,B,i);
- if (lbnCmp_16(E,A,i) || lbnCmp_16(C, F, i) || !j) {
- bnput16("a = ", A, i);
- bnput16("b = ", B, i);
- bnput16("f = ", F, i);
- bnput16("a * b + f = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "qhigh = %lX", (unsigned long)t));
- bnput16("(a*b+f) / b = ", E, i);
- bnput16("(a*b+f) % b = ", C, i);
- }
-
- /* Check that A*A == A^2 */
- lbnMul_16(C,A,i,A,i);
- lbnSquare_16(D,A,i);
- if (lbnCmp_16(C,D,i+i) || !j) {
- bnput16("a*a = ", C, i+i);
- bnput16("a^2 = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "(a * a == a^2) = %d", lbnCmp_16(C,D,i+i)));
- }
-
- /* Compute a GCD */
- lbnCopy_16(C,A,i);
- lbnCopy_16(D,B,i);
- z = lbnGcd_16(C, i, D, i, &k);
- if (z < 0)
- goto nomem;
- /* z = 1 if GCD in D; z = 0 if GCD in C */
-
- /* Approximate check that the GCD came out right */
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_16(z ? D : C, k, m);
- carry = lbnModQ_16(A, i, m);
- borrow = lbnModQ_16(B, i, m);
- if (!t != (!carry && !borrow)) {
- bnput16("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "a mod %u = %u", m, (unsigned)carry));
- bnput16("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "b mod %u = %u", m, (unsigned)borrow));
- bnput16("gcd(a,b) = ", z ? D : C, k);
- ZRTP_LOG(3, (_ZTU_, "gcd(a,b) mod %u = %u", m, (unsigned)t));
- }
- }
-
-
- /*
- * Do some Montgomery operations
- * Start with A > B, and also place a copy of B into C.
- * Then make A odd so it can be a Montgomery modulus.
- */
- if (lbnCmp_16(A, B, i) < 0) {
- memcpy(c, a, sizeof(c));
- memcpy(a, b, sizeof(a));
- memcpy(b, c, sizeof(b));
- } else {
- memcpy(c, b, sizeof(c));
- }
- BIGLITTLE(A[-1],A[0]) |= 1;
-
- /* Convert to and from */
- lbnToMont_16(B, i, A, i);
- lbnFromMont_16(B, A, i);
- if (lbnCmp_16(B, C, i)) {
- memcpy(b, c, sizeof(c));
- bnput16("mod = ", A, i);
- bnput16("input = ", B, i);
- lbnToMont_16(B, i, A, i);
- bnput16("mont = ", B, i);
- lbnFromMont_16(B, A, i);
- bnput16("output = ", B, i);
- }
- /* E = B^5 (mod A), no Montgomery ops */
- lbnSquare_16(E, B, i);
- (void)lbnDiv_16(BIGLITTLE(E-i,E+i),E,i+i,A,i);
- lbnSquare_16(D, E, i);
- (void)lbnDiv_16(BIGLITTLE(D-i,D+i),D,i+i,A,i);
- lbnMul_16(E, D, i, B, i);
- (void)lbnDiv_16(BIGLITTLE(E-i,E+i),E,i+i,A,i);
-
- /* D = B^5, using ExpMod */
- BIGLITTLE(F[-1],F[0]) = 5;
- z = lbnExpMod_16(D, B, i, F, 1, A, i);
- if (z < 0)
- goto nomem;
- if (lbnCmp_16(D, E, i) || !j) {
- bnput16("mod = ", A, i);
- bnput16("input = ", B, i);
- bnput16("input^5 = ", E, i);
- bnput16("input^5 = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "a>b (x <=> y) = %d", lbnCmp_16(D,E,i)));
- }
- /* TODO: Test lbnTwoExpMod, lbnDoubleExpMod */
- } /* for (i) */
- ZRTP_LOG(3, (_ZTU_, "\r%d ", j));
- fflush(stdout);
- } /* for (j) */
- ZRTP_LOG(3, (_ZTU_, "%d iterations of up to %d 16-bit words completed.", j-1, i-1));
- return 0;
-nomem:
- ZRTP_LOG(3, (_ZTU_, "Out of memory"));
- return 1;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Test driver for low-level bignum library (32-bit version).
- * This access the low-level library directly. It is NOT an example of
- * how to program with the library normally! By accessing the library
- * at a low level, it is possible to exercise the smallest components
- * and thus localize bugs more accurately. This is especially useful
- * when writing assembly-language primitives.
- *
- * This also does timing tests on modular exponentiation. Modular
- * exponentiation is so computationally expensive that the fact that this
- * code omits one level of interface glue has no perceptible effect on
- * the results.
- */
-#include "zrtp.h"
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-#define _ZTU_ "bntest"
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#include <stdio.h>
-
-#if !NO_STDLIB_H
-#include <stdlib.h> /* For strtol */
-#else
-long strtol(const char *, char **, int);
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "lbn32.h"
-#include "kludge.h"
-
-#if BNYIELD
-int (*bnYield)(void) = 0;
-#endif
-
-/* Work with up to 2048-bit numbers */
-#define MAXBITS 3072
-#define SIZE (MAXBITS/32 + 1)
-
-/* Additive congruential random number generator, x[i] = x[i-24] + x[i-55] */
-static BNWORD32 randp[55];
-static BNWORD32 *randp1 = randp, *randp2 = randp+24;
-
-static BNWORD32
-rand32(void)
-{
- if (++randp2 == randp+55) {
- randp2 = randp;
- randp1++;
- } else if (++randp1 == randp+55) {
- randp1 = randp;
- }
-
- return *randp1 += *randp2;
-}
-
-/*
- * CRC-3_2: x^3_2+x^26+x^23+x^22+x^1_6+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1
- *
- * The additive congruential RNG is seeded with a single integer,
- * which is shuffled with a CRC polynomial to generate the initial
- * table values. The Polynomial is the same size as the words being
- * used.
- *
- * Thus, in the various versions of this library, we actually use this
- * polynomial as-is, this polynomial mod x^17, and this polynomial with
- * the leading coefficient deleted and replaced with x^6_4. As-is,
- * it's irreducible, so it has a long period. Modulo x^17, it factors as
- * (x^4+x^3+x^2+x+1) * (x^12+x^11+x^8+x^7+x^6+x^5+x^4+x^3+1),
- * which still has a large enough period (4095) for the use it's put to.
- * With the leading coefficient moved up, it factors as
- * (x^50+x^49+x^48+x^47+x^46+x^43+x^41+x^40+x^38+x^37+x^36+x^35+x^34+x^33+
- * x^31+x^30+x^29+x^28+x^27+x^25+x^23+x^18+x^1_6+x^15+x^14+x^13+x^11+x^9+
- * x^8+x^7+x^6+x^5+x^3+x^2+1)*(x^11+x^10+x^9+x^5+x^4+x^3+1)*(x^3+x+1),
- * which definitely has a long enough period to serve for initialization.
- *
- * The effort put into this PRNG is kind of unwarranted given the trivial
- * use it's being put to, but oh, well. It does have the nice advantage
- * of producing numbers that are portable between platforms, so if there's
- * a problem with one platform, you can compare all the intermediate
- * results with another platform.
- */
-#define POLY (BNWORD32)0x04c11db7
-
-static void
-srand32(BNWORD32 seed)
-{
- int i, j;
-
- for (i = 0; i < 55; i++) {
- for (j = 0; j < 32; j++)
- if (seed >> (32-1))
- seed = (seed << 1) ^ POLY;
- else
- seed <<= 1;
- randp[i] = seed;
- }
- for (i = 0; i < 3*55; i ++)
- rand32();
-}
-
-static void
-randnum(BNWORD32 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = rand32();
-}
-
-static void
-bnprint32(BNWORD32 const *num, unsigned len)
-{
- BIGLITTLE(num -= len, num += len);
-
- while (len--)
- ZRTP_LOG(3, (_ZTU_, "%0*lX", 32/4, (unsigned long)BIGLITTLE(*num++,*--num)));
-}
-
-static void
-bnput32(char const *prompt, BNWORD32 const *num, unsigned len)
-{
- fputs(prompt, stdout);
- bnprint32(num, len);
- putchar('\n');
-}
-
-/*
- * One of our tests uses a known prime. The following selections were
- * taken from the tables at the end of Hans Reisel's "Prime Numbers and
- * Computer Methods for Factorization", second edition - an excellent book.
- * (ISBN 0-8176-3743-5 ISBN 3-7643-3743-5)
- */
-#if 0
-/* P31=1839605 17620282 38179967 87333633 from the factors of 3^256+2^256 */
-static unsigned char const prime[] = {
- 0x17,0x38,0x15,0xBC,0x8B,0xBB,0xE9,0xEF,0x01,0xA9,0xFD,0x3A,0x01
-};
-#elif 0
-/* P48=40554942 04557502 46193993 36199835 4279613_2 73199617 from the same */
-static unsigned char const prime[] = {
- 0x47,0x09,0x77,0x07,0xCF,0xFD,0xE1,0x54,0x3E,0x24,
- 0xF7,0xF1,0x7A,0x3E,0x91,0x51,0xCC,0xC7,0xD4,0x01
-};
-#elif 0
-/*
- * P75 = 450 55287640 97906895 47687014 5808213_2
- * 05219565 99525911 39967964 66003_258 91979521
- * from the factors of 4^128+3+128
- * (The "026" and "062" are to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0xFF,0x00,0xFF,0x00,0xFF,0x01,0x06,0x4F,0xF8,0xED,
- 0xA3,0x37,0x23,0x2A,0x04,0xEA,0xF9,0x5F,0x30,0x4C,
- 0xAE,0xCD, 026,0x4E, 062,0x10,0x04,0x7D,0x0D,0x79,
- 0x01
-};
-#else
-/*
- * P75 = 664 85659796 45277755 9123_2190 67300940
- * 51844953 78793489 59444670 35675855 57440257
- * from the factors of 5^128+4^128
- * (The "026" is to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0x01,0x78,0x4B,0xA5,0xD3,0x30,0x03,0xEB,0x73,0xE6,
- 0x0F,0x4E,0x31,0x7D,0xBC,0xE2,0xA0,0xD4, 026,0x3F,
- 0x3C,0xEA,0x1B,0x44,0xAD,0x39,0xE7,0xE5,0xAD,0x19,
- 0x67,0x01
-};
-#endif
-
-static int
-usage(char const *name)
-{
- ZRTP_LOG(3, (_ZTU_, "Usage: %s [modbits [expbits [expbits2]]"
-"With no arguments, just runs test suite. If modbits is given, runs\n"
-"quick validation test, then runs timing tests of modular exponentiation.\n"
-"If expbits is given, it is used as an exponent size, otherwise it defaults\n"
-"to the same as modbits. If expbits2 is given it is used as the second\n"
-"exponent size in the double-exponentiation tests, otherwise it defaults\n"
-"to the same as expbits. All are limited to %u bits.\n",
- name, (unsigned)MAXBITS));
- return 1;
-}
-
-/* for libzrtp support */
-int
-bntest_main(int argc, char **argv)
-{
- unsigned i, j, k, l, m;
- int z;
- BNWORD32 t, carry, borrow;
- BNWORD32 a[SIZE], b[SIZE], c[SIZE], d[SIZE];
- BNWORD32 e[SIZE], f[SIZE];
- static BNWORD32 entries[sizeof(prime)*2][(sizeof(prime)-1)/(32/8)+1];
- BNWORD32 *array[sizeof(prime)*2];
- unsigned long modbits = 0, expbits = 0, expbits2 = 0;
- char *p;
-#define A BIGLITTLE((a+SIZE),a)
-#define B BIGLITTLE((b+SIZE),b)
-#define C BIGLITTLE((c+SIZE),c)
-#define D BIGLITTLE((d+SIZE),d)
-#define E BIGLITTLE((e+SIZE),e)
-#define F BIGLITTLE((f+SIZE),f)
- static unsigned const smallprimes[] = {
- 2, 3, 5, 7, 11, 13, 17, 19, 23, 27, 29, 31, 37, 41, 43
- };
-
- /* Set up array for precomputed modexp */
- for (i = 0; i < sizeof(array)/sizeof(*array); i++)
- array[i] = entries[i] BIG(+ SIZE);
-
- srand32(1);
-
- puts(BIGLITTLE("Big-endian machine","Little-endian machine"));
-
- if (argc >= 2) {
- modbits = strtoul(argv[1], &p, 0);
- if (!modbits || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid modbits: %s", argv[1]));
- return usage(argv[0]);
- }
- }
- if (argc >= 3) {
- expbits = strtoul(argv[2], &p, 0);
- if (!expbits || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid expbits: %s", argv[2]));
- return usage(argv[0]);
- }
- expbits2 = expbits;
- }
- if (argc >= 4) {
- expbits2 = strtoul(argv[3], &p, 0);
- if (!expbits2 || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid expbits2: %s", argv[3]));
- return usage(argv[0]);
- }
- }
- if (argc >= 5) {
- ZRTP_LOG(1, (_ZTU_, "Too many arguments: %s", argv[4]));
- return usage(argv[0]);
- }
-
-/* B is a nice not-so-little prime */
- lbnInsertBigBytes_32(B, prime, 0, sizeof(prime));
- ((unsigned char *)c)[0] = 0;
- lbnInsertBigBytes_32(B, (unsigned char *)c, sizeof(prime), 1);
- lbnExtractBigBytes_32(B, (unsigned char *)c, 0, sizeof(prime)+1);
- i = (sizeof(prime)-1)/(32/8)+1; /* Size of array in words */
- if (((unsigned char *)c)[0] ||
- memcmp(prime, (unsigned char *)c+1, sizeof(prime)) != 0)
- {
- ZRTP_LOG(3, (_ZTU_, "Input != output!: "));
- for (k = 0; k < sizeof(prime); k++)
- ZRTP_LOG(3, (_ZTU_, "%02X ", prime[k]));
- putchar('\n');
- for (k = 0; k < sizeof(prime)+1; k++)
- ZRTP_LOG(3, (_ZTU_, "%02X ", ((unsigned char *)c)[k]));
- putchar('\n');
- bnput32("p = ", B, i);
-
- }
-
- /* Timing test code - only if requested on the command line */
- if (modbits) {
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long cursec, expsec, twoexpsec, dblexpsec;
- unsigned curms, expms, twoexpms, dblexpms;
-
- expsec = twoexpsec = dblexpsec = 0;
- expms = twoexpms = dblexpms = 0;
-#endif
-
- lbnCopy_32(C,B,i);
- lbnSub1_32(C,i,1); /* C is exponent: p-1 */
-
- puts("Testing modexp with a known prime. "
- "All results should be 1.");
- bnput32("p = ", B, i);
- bnput32("p-1 = ", C, i);
- z = lbnTwoExpMod_32(A, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput32("2^(p-1) mod p = ", A, i);
- for (j = 0; j < 10; j++) {
- randnum(A,i);
- (void)lbnDiv_32(D,A,i,B,i);
-
- bnput32("a = ", A, i);
- z = lbnExpMod_32(D, A, i, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput32("a^(p-1) mod p = ", D, i);
-
- z = lbnBasePrecompBegin_32(array, (sizeof(prime)*8+4)/5, 5,
- A, i, B, i);
- if (z < 0)
- goto nomem;
- BIGLITTLE(D[-1],D[0]) = -1;
- z = lbnBasePrecompExp_32(D, (BNWORD32 const * const *)array,
- 5, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput32("a^(p-1) mod p = ", D, i);
-
- for (k = 0; k < 5; k++) {
- randnum(E,i);
- bnput32("e = ", E, i);
- z = lbnExpMod_32(D, A, i, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput32("a^e mod p = ", D, i);
- z = lbnBasePrecompExp_32(D, (BNWORD32 const * const *)array,
- 5, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput32("a^e mod p = ", D, i);
- }
- }
-
- ZRTP_LOG(3, (_ZTU_, "\n"
- "Timing exponentiations modulo a %d-bit modulus, i.e.\n"
- "2^<%d> mod <%d> bits, <%d>^<%d> mod <%d> bits and\n"
- "<%d>^<%d> * <%d>^<%d> mod <%d> bits",
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits, (int)expbits2,
- (int)modbits));
-
- i = ((int)modbits-1)/32+1;
- k = ((int)expbits-1)/32+1;
- l = ((int)expbits2-1)/32+1;
- for (j = 0; j < 25; j++) {
- randnum(A,i); /* Base */
- randnum(B,k); /* Exponent */
- randnum(C,i); /* Modulus */
- randnum(D,i); /* Base2 */
- randnum(E,l); /* Exponent */
- /* Clip bases and mod to appropriate number of bits */
- t = ((BNWORD32)2<<((modbits-1)%32)) - 1;
- *(BIGLITTLE(A-i,A+i-1)) &= t;
- *(BIGLITTLE(C-i,C+i-1)) &= t;
- *(BIGLITTLE(D-i,D+i-1)) &= t;
- /* Make modulus large (msbit set) and odd (lsbit set) */
- *(BIGLITTLE(C-i,C+i-1)) |= (t >> 1) + 1;
- BIGLITTLE(C[-1],C[0]) |= 1;
-
- /* Clip exponent to appropriate number of bits */
- t = ((BNWORD32)2<<((expbits-1)%32)) - 1;
- *(BIGLITTLE(B-k,B+k-1)) &= t;
- /* Make exponent large (msbit set) */
- *(BIGLITTLE(B-k,B+k-1)) |= (t >> 1) + 1;
- /* The same for exponent 2 */
- t = ((BNWORD32)2<<((expbits2-1)%32)) - 1;
- *(BIGLITTLE(E-l,E+l-1)) &= t;
- *(BIGLITTLE(E-l,E+l-1)) |= (t >> 1) + 1;
-
- m = lbnBits_32(A, i);
- if (m > (unsigned)modbits) {
- bnput32("a = ", a, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be <= %d", m, (int)modbits));
- }
- m = lbnBits_32(B, k);
- if (m != (unsigned)expbits) {
- bnput32("b = ", b, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)expbits));
- }
- m = lbnBits_32(C, i);
- if (m != (unsigned)modbits) {
- bnput32("c = ", c, k);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)modbits));
- }
- m = lbnBits_32(D, i);
- if (m > (unsigned)modbits) {
- bnput32("d = ", d, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be <= %d", m, (int)modbits));
- }
- m = lbnBits_32(E, l);
- if (m != (unsigned)expbits2) {
- bnput32("e = ", e, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)expbits2));
- }
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- z = lbnTwoExpMod_32(A, B, k, C, i);
- if (z < 0)
- goto nomem;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- twoexpsec += cursec = sec(stop);
- twoexpms += curms = msec(stop);
-
- ZRTP_LOG(3, (_ZTU_, "2^<%d>:%4lu.%03u ", (int)expbits, cursec, curms));
-#else
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> ", (int)modbits, (int)expbits));
-#endif
- fflush(stdout);
-
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- z = lbnExpMod_32(A, A, i, B, k, C, i);
- if (z < 0)
- goto nomem;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- expsec += cursec = sec(stop);
- expms += curms = msec(stop);
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>:%4lu.%03u ",(int)modbits, (int)expbits, cursec, curms));
- fflush(stdout);
-
- gettime(&start);
- z = lbnDoubleExpMod_32(D, A, i, B, k, D, i, E, l,C,i);
- if (z < 0)
- goto nomem;
- gettime(&stop);
- subtime(stop, start);
- dblexpsec += cursec = sec(stop);
- dblexpms += curms = msec(stop);
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>*<%d>^<%d>:%4lu.%03u",
- (int)modbits, (int)expbits,
- (int)modbits, (int)expbits2,
- cursec, curms));
-#else
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>*<%d>^<%d>",
- (int)modbits, (int)expbits,
- (int)modbits, (int)expbits2));
-#endif
- }
-#if CLOCK_AVAIL
- twoexpms += (twoexpsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "2^<%d> mod <%d> bits AVERAGE: %4lu.%03u s",
- (int)expbits, (int)modbits, twoexpsec/j, twoexpms/j));
- expms += (expsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> mod <%d> bits AVERAGE: %4lu.%03u s",
- (int)modbits, (int)expbits, (int)modbits, expsec/j, expms/j));
- dblexpms += (dblexpsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> * <%d>^<%d> mod <%d> bits AVERAGE:"
- " %4lu.%03u s",
- (int)modbits, (int)expbits, (int)modbits,
- (int)expbits2,
- (int)modbits, dblexpsec/j, dblexpms/j));
-
- putchar('\n');
-#endif
- }
-
- puts("Beginning 1000 interations of sanity checking.\n"
- "Any output indicates a bug. No output is very strong\n"
- "evidence that all the important low-level bignum routines\n"
- "are working properly.\n");
-
- /*
- * If you change this loop to have an iteration 0, all results
- * are primted on that iteration. Useful to see what's going
- * on in case of major wierdness, but it produces a *lot* of
- * output.
- */
-#if (ZRTP_PLATFORM == ZP_WINCE) || (ZRTP_PLATFORM == ZP_SYMBIAN)
- for (j = 1; j <= 20; j++) {
-#else
- for (j = 1; j <= 1000; j++) {
-#endif
-/* Do the tests for lots of different number sizes. */
- for (i = 1; i <= SIZE/2; i++) {
- /* Make a random number i words long */
- do {
- randnum(A,i);
- } while (lbnNorm_32(A,i) < i);
-
- /* Checl lbnCmp - does a == a? */
- if (lbnCmp_32(A,A,i) || !j) {
- bnput32("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "(a <=> a) = %d", lbnCmp_32(A,A,i)));
- }
-
- memcpy(c, a, sizeof(a));
-
- /* Check that the difference, after copy, is good. */
- if (lbnCmp_32(A,C,i) || !j) {
- bnput32("a = ", A, i);
- bnput32("c = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_32(A,C,i)));
- }
-
- /* Generate a non-zero random t */
- do {
- t = rand32();
- } while (!t);
-
- /*
- * Add t to A. Check that:
- * - lbnCmp works in both directions, and
- * - A + t is greater than A. If there was a carry,
- * the result, less the carry, should be *less*
- * than A.
- */
- carry = lbnAdd1_32(A,i,t);
- if (lbnCmp_32(A,C,i) + lbnCmp_32(C,A,i) != 0 ||
- lbnCmp_32(A,C,i) != (carry ? -1 : 1) || !j)
- {
- bnput32("c = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- bnput32("a = c+t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "carry = %lX", (unsigned long)carry));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_32(A,C,i)));
- ZRTP_LOG(3, (_ZTU_, "(c <=> a) = %d", lbnCmp_32(C,A,i)));
- }
-
- /* Subtract t again */
- memcpy(d, a, sizeof(a));
- borrow = lbnSub1_32(A,i,t);
-
- if (carry != borrow || lbnCmp_32(A,C,i) || !j) {
- bnput32("a = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- lbnAdd1_32(A,i,t);
- bnput32("a += t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- lbnSub1_32(A,i,t);
- bnput32("a -= t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_32(A,C,i)));
- }
-
- /* Generate a random B */
- do {
- randnum(B,i);
- } while (lbnNorm_32(B,i) < i);
-
- carry = lbnAddN_32(A,B,i);
- memcpy(d, a, sizeof(a));
- borrow = lbnSubN_32(A,B,i);
-
- if (carry != borrow || lbnCmp_32(A,C,i) || !j) {
- bnput32("a = ", C, i);
- bnput32("b = ", B, i);
- bnput32("a += b = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- bnput32("a -= b = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_32(A,C,i)));
- }
-
- /* D = B * t */
- lbnMulN1_32(D, B, i, t);
- memcpy(e, d, sizeof(e));
- /* D = A + B * t, "carry" is overflow */
- borrow = *(BIGLITTLE(D-i-1,D+i)) += lbnAddN_32(D,A,i);
-
- carry = lbnMulAdd1_32(A, B, i, t);
-
- /* Did MulAdd get the same answer as mul then add? */
- if (carry != borrow || lbnCmp_32(A, D, i) || !j) {
- bnput32("a = ", C, i);
- bnput32("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- bnput32("e = b * t = ", E, i+1);
- bnput32(" a + e = ", D, i+1);
- bnput32("a + b * t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "carry = %lX", (unsigned long)carry));
- }
-
- memcpy(d, a, sizeof(a));
- borrow = lbnMulSub1_32(A, B, i, t);
-
- /* Did MulSub perform the inverse of MulAdd */
- if (carry != borrow || lbnCmp_32(A,C,i) || !j) {
- bnput32(" a = ", C, i);
- bnput32(" b = ", B, i);
- bnput32("a += b*t = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- bnput32("a -= b*t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_32(A,C,i)));
- bnput32("b*t = ", E, i+1);
- }
- /* At this point we're done with t, so it's scratch */
-#if 0
-/* Extra debug code */
- lbnMulN1_32(C, A, i, BIGLITTLE(B[-1],B[0]));
- bnput32("a * b[0] = ", C, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_32(BIGLITTLE(C-k,C+k), A, i,
- *(BIGLITTLE(B-1-k,B+k)));
- *(BIGLITTLE(C-i-k,C+i+k)) = carry;
- bnput32("a * b[x] = ", C, i+k+1);
- }
-
- lbnMulN1_32(D, B, i, BIGLITTLE(A[-1],A[0]));
- bnput32("b * a[0] = ", D, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_32(BIGLITTLE(D-k,D+k), B, i,
- *(BIGLITTLE(A-1-k,A+k)));
- *(BIGLITTLE(D-i-k,D+i+k)) = carry;
- bnput32("b * a[x] = ", D, i+k+1);
- }
-#endif
- /* Does Mul work both ways symmetrically */
- lbnMul_32(C,A,i,B,i);
- lbnMul_32(D,B,i,A,i);
- if (lbnCmp_32(C,D,i+i) || !j) {
- bnput32("a = ", A, i);
- bnput32("b = ", B, i);
- bnput32("a * b = ", C, i+i);
- bnput32("b * a = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "(a*b <=> b*a) = %d", lbnCmp_32(C,D,i+i)));
- }
- /* Check multiplication modulo some small things */
- /* 30030 = 2*3*5*11*13 */
- k = lbnModQ_32(C, i+i, 30030);
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_32(C, i+i, m);
- carry = lbnModQ_32(A, i, m);
- borrow = lbnModQ_32(B, i, m);
- if (t != (carry * borrow) % m) {
- bnput32("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "a mod %u = %u", m, (unsigned)carry));
- bnput32("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "b mod %u = %u", m, (unsigned)borrow));
- bnput32("a*b = ", C, i+i);
- ZRTP_LOG(3, (_ZTU_, "a*b mod %u = %u", m, (unsigned)t));
- ZRTP_LOG(3, (_ZTU_, "expected %u", (unsigned)((carry*borrow)%m)));
- }
- /* Verify that (C % 30030) % m == C % m */
- if (m <= 13 && t != k % m) {
- ZRTP_LOG(3, (_ZTU_, "c mod 30030 = %u mod %u= %u", k, m, k%m));
- ZRTP_LOG(3, (_ZTU_, "c mod %u = %u", m, (unsigned)t));
- }
- }
-
- /* Generate an F less than A and B */
- do {
- randnum(F,i);
- } while (lbnCmp_32(F,A,i) >= 0 ||
- lbnCmp_32(F,B,i) >= 0);
-
- /* Add F to D (remember, D = A*B) */
- lbnAdd1_32(BIGLITTLE(D-i,D+i), i, lbnAddN_32(D, F, i));
- memcpy(c, d, sizeof(d));
-
- /*
- * Divide by A and check that quotient and remainder
- * match (remainder should be F, quotient should be B)
- */
- t = lbnDiv_32(E,C,i+i,A,i);
- if (t || lbnCmp_32(E,B,i) || lbnCmp_32(C, F, i) || !j) {
- bnput32("a = ", A, i);
- bnput32("b = ", B, i);
- bnput32("f = ", F, i);
- bnput32("a * b + f = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "qhigh = %lX", (unsigned long)t));
- bnput32("(a*b+f) / a = ", E, i);
- bnput32("(a*b+f) % a = ", C, i);
- }
-
- memcpy(c, d, sizeof(d));
-
- /* Divide by B and check similarly */
- t = lbnDiv_32(E,C,i+i,B,i);
- if (lbnCmp_32(E,A,i) || lbnCmp_32(C, F, i) || !j) {
- bnput32("a = ", A, i);
- bnput32("b = ", B, i);
- bnput32("f = ", F, i);
- bnput32("a * b + f = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "qhigh = %lX", (unsigned long)t));
- bnput32("(a*b+f) / b = ", E, i);
- bnput32("(a*b+f) % b = ", C, i);
- }
-
- /* Check that A*A == A^2 */
- lbnMul_32(C,A,i,A,i);
- lbnSquare_32(D,A,i);
- if (lbnCmp_32(C,D,i+i) || !j) {
- bnput32("a*a = ", C, i+i);
- bnput32("a^2 = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "(a * a == a^2) = %d", lbnCmp_32(C,D,i+i)));
- }
-
- /* Compute a GCD */
- lbnCopy_32(C,A,i);
- lbnCopy_32(D,B,i);
- z = lbnGcd_32(C, i, D, i, &k);
- if (z < 0)
- goto nomem;
- /* z = 1 if GCD in D; z = 0 if GCD in C */
-
- /* Approximate check that the GCD came out right */
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_32(z ? D : C, k, m);
- carry = lbnModQ_32(A, i, m);
- borrow = lbnModQ_32(B, i, m);
- if (!t != (!carry && !borrow)) {
- bnput32("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "a mod %u = %u", m, (unsigned)carry));
- bnput32("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "b mod %u = %u", m, (unsigned)borrow));
- bnput32("gcd(a,b) = ", z ? D : C, k);
- ZRTP_LOG(3, (_ZTU_, "gcd(a,b) mod %u = %u", m, (unsigned)t));
- }
- }
-
-
- /*
- * Do some Montgomery operations
- * Start with A > B, and also place a copy of B into C.
- * Then make A odd so it can be a Montgomery modulus.
- */
- if (lbnCmp_32(A, B, i) < 0) {
- memcpy(c, a, sizeof(c));
- memcpy(a, b, sizeof(a));
- memcpy(b, c, sizeof(b));
- } else {
- memcpy(c, b, sizeof(c));
- }
- BIGLITTLE(A[-1],A[0]) |= 1;
-
- /* Convert to and from */
- lbnToMont_32(B, i, A, i);
- lbnFromMont_32(B, A, i);
- if (lbnCmp_32(B, C, i)) {
- memcpy(b, c, sizeof(c));
- bnput32("mod = ", A, i);
- bnput32("input = ", B, i);
- lbnToMont_32(B, i, A, i);
- bnput32("mont = ", B, i);
- lbnFromMont_32(B, A, i);
- bnput32("output = ", B, i);
- }
- /* E = B^5 (mod A), no Montgomery ops */
- lbnSquare_32(E, B, i);
- (void)lbnDiv_32(BIGLITTLE(E-i,E+i),E,i+i,A,i);
- lbnSquare_32(D, E, i);
- (void)lbnDiv_32(BIGLITTLE(D-i,D+i),D,i+i,A,i);
- lbnMul_32(E, D, i, B, i);
- (void)lbnDiv_32(BIGLITTLE(E-i,E+i),E,i+i,A,i);
-
- /* D = B^5, using ExpMod */
- BIGLITTLE(F[-1],F[0]) = 5;
- z = lbnExpMod_32(D, B, i, F, 1, A, i);
- if (z < 0)
- goto nomem;
- if (lbnCmp_32(D, E, i) || !j) {
- bnput32("mod = ", A, i);
- bnput32("input = ", B, i);
- bnput32("input^5 = ", E, i);
- bnput32("input^5 = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "a>b (x <=> y) = %d", lbnCmp_32(D,E,i)));
- }
- /* TODO: Test lbnTwoExpMod, lbnDoubleExpMod */
- } /* for (i) */
- ZRTP_LOG(3, (_ZTU_, "\r%d ", j));
- fflush(stdout);
- } /* for (j) */
- ZRTP_LOG(3, (_ZTU_, "%d iterations of up to %d 32-bit words completed.", j-1, i-1));
- return 0;
-nomem:
- ZRTP_LOG(3, (_ZTU_, "Out of memory"));
- return 1;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Test driver for low-level bignum library (64-bit version).
- * This access the low-level library directly. It is NOT an example of
- * how to program with the library normally! By accessing the library
- * at a low level, it is possible to exercise the smallest components
- * and thus localize bugs more accurately. This is especially useful
- * when writing assembly-language primitives.
- *
- * This also does timing tests on modular exponentiation. Modular
- * exponentiation is so computationally expensive that the fact that this
- * code omits one level of interface glue has no perceptible effect on
- * the results.
- */
-#include "zrtp.h"
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-#define _ZTU_ "bntest"
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#include <stdio.h>
-
-#if !NO_STDLIB_H
-#include <stdlib.h> /* For strtol */
-#else
-long strtol(const char *, char **, int);
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "lbn64.h"
-#include "kludge.h"
-
-#if BNYIELD
-int (*bnYield)(void) = 0;
-#endif
-
-/* Work with up to 2048-bit numbers */
-#define MAXBITS 3072
-#define SIZE (MAXBITS/64 + 1)
-
-/* Additive congruential random number generator, x[i] = x[i-24] + x[i-55] */
-static BNWORD64 randp[55];
-static BNWORD64 *randp1 = randp, *randp2 = randp+24;
-
-static BNWORD64
-rand64(void)
-{
- if (++randp2 == randp+55) {
- randp2 = randp;
- randp1++;
- } else if (++randp1 == randp+55) {
- randp1 = randp;
- }
-
- return *randp1 += *randp2;
-}
-
-/*
- * CRC-3_2: x^3_2+x^26+x^23+x^22+x^1_6+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1
- *
- * The additive congruential RNG is seeded with a single integer,
- * which is shuffled with a CRC polynomial to generate the initial
- * table values. The Polynomial is the same size as the words being
- * used.
- *
- * Thus, in the various versions of this library, we actually use this
- * polynomial as-is, this polynomial mod x^17, and this polynomial with
- * the leading coefficient deleted and replaced with x^6_4. As-is,
- * it's irreducible, so it has a long period. Modulo x^17, it factors as
- * (x^4+x^3+x^2+x+1) * (x^12+x^11+x^8+x^7+x^6+x^5+x^4+x^3+1),
- * which still has a large enough period (4095) for the use it's put to.
- * With the leading coefficient moved up, it factors as
- * (x^50+x^49+x^48+x^47+x^46+x^43+x^41+x^40+x^38+x^37+x^36+x^35+x^34+x^33+
- * x^31+x^30+x^29+x^28+x^27+x^25+x^23+x^18+x^1_6+x^15+x^14+x^13+x^11+x^9+
- * x^8+x^7+x^6+x^5+x^3+x^2+1)*(x^11+x^10+x^9+x^5+x^4+x^3+1)*(x^3+x+1),
- * which definitely has a long enough period to serve for initialization.
- *
- * The effort put into this PRNG is kind of unwarranted given the trivial
- * use it's being put to, but oh, well. It does have the nice advantage
- * of producing numbers that are portable between platforms, so if there's
- * a problem with one platform, you can compare all the intermediate
- * results with another platform.
- */
-#define POLY (BNWORD64)0x04c11db7
-
-static void
-srand64(BNWORD64 seed)
-{
- int i, j;
-
- for (i = 0; i < 55; i++) {
- for (j = 0; j < 64; j++)
- if (seed >> (64-1))
- seed = (seed << 1) ^ POLY;
- else
- seed <<= 1;
- randp[i] = seed;
- }
- for (i = 0; i < 3*55; i ++)
- rand64();
-}
-
-static void
-randnum(BNWORD64 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = rand64();
-}
-
-static void
-bnprint64(BNWORD64 const *num, unsigned len)
-{
- BIGLITTLE(num -= len, num += len);
-
- while (len--)
- ZRTP_LOG(3, (_ZTU_, "%0*lX", 64/4, (unsigned long)BIGLITTLE(*num++,*--num)));
-}
-
-static void
-bnput64(char const *prompt, BNWORD64 const *num, unsigned len)
-{
- fputs(prompt, stdout);
- bnprint64(num, len);
- putchar('\n');
-}
-
-/*
- * One of our tests uses a known prime. The following selections were
- * taken from the tables at the end of Hans Reisel's "Prime Numbers and
- * Computer Methods for Factorization", second edition - an excellent book.
- * (ISBN 0-8176-3743-5 ISBN 3-71283-3743-5)
- */
-#if 0
-/* P31=1839605 17620282 38179967 87333633 from the factors of 3^256+2^256 */
-static unsigned char const prime[] = {
- 0x17,0x38,0x15,0xBC,0x8B,0xBB,0xE9,0xEF,0x01,0xA9,0xFD,0x3A,0x01
-};
-#elif 0
-/* P48=40554942 04557502 46193993 36199835 4279613_2 73199617 from the same */
-static unsigned char const prime[] = {
- 0x47,0x09,0x77,0x07,0xCF,0xFD,0xE1,0x54,0x3E,0x24,
- 0xF7,0xF1,0x7A,0x3E,0x91,0x51,0xCC,0xC7,0xD4,0x01
-};
-#elif 0
-/*
- * P75 = 450 552871280 97906895 47687014 5808213_2
- * 05219565 99525911 399679128 66003_258 91979521
- * from the factors of 4^128+3+128
- * (The "026" and "062" are to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0xFF,0x00,0xFF,0x00,0xFF,0x01,0x06,0x4F,0xF8,0xED,
- 0xA3,0x37,0x23,0x2A,0x04,0xEA,0xF9,0x5F,0x30,0x4C,
- 0xAE,0xCD, 026,0x4E, 062,0x10,0x04,0x7D,0x0D,0x79,
- 0x01
-};
-#else
-/*
- * P75 = 6128 85659796 45277755 9123_2190 67300940
- * 51844953 78793489 59444670 35675855 57440257
- * from the factors of 5^128+4^128
- * (The "026" is to prevent a Bad String from appearing here.)
- */
-static unsigned char const prime[] = {
- 0x01,0x78,0x4B,0xA5,0xD3,0x30,0x03,0xEB,0x73,0xE6,
- 0x0F,0x4E,0x31,0x7D,0xBC,0xE2,0xA0,0xD4, 026,0x3F,
- 0x3C,0xEA,0x1B,0x44,0xAD,0x39,0xE7,0xE5,0xAD,0x19,
- 0x67,0x01
-};
-#endif
-
-static int
-usage(char const *name)
-{
- ZRTP_LOG(3, (_ZTU_, "Usage: %s [modbits [expbits [expbits2]]"
-"With no arguments, just runs test suite. If modbits is given, runs\n"
-"quick validation test, then runs timing tests of modular exponentiation.\n"
-"If expbits is given, it is used as an exponent size, otherwise it defaults\n"
-"to the same as modbits. If expbits2 is given it is used as the second\n"
-"exponent size in the double-exponentiation tests, otherwise it defaults\n"
-"to the same as expbits. All are limited to %u bits.\n",
- name, (unsigned)MAXBITS));
- return 1;
-}
-
-/* for libzrtp support */
-int
-bntest_main(int argc, char **argv)
-{
- unsigned i, j, k, l, m;
- int z;
- BNWORD64 t, carry, borrow;
- BNWORD64 a[SIZE], b[SIZE], c[SIZE], d[SIZE];
- BNWORD64 e[SIZE], f[SIZE];
- static BNWORD64 entries[sizeof(prime)*2][(sizeof(prime)-1)/(64/8)+1];
- BNWORD64 *array[sizeof(prime)*2];
- unsigned long modbits = 0, expbits = 0, expbits2 = 0;
- char *p;
-#define A BIGLITTLE((a+SIZE),a)
-#define B BIGLITTLE((b+SIZE),b)
-#define C BIGLITTLE((c+SIZE),c)
-#define D BIGLITTLE((d+SIZE),d)
-#define E BIGLITTLE((e+SIZE),e)
-#define F BIGLITTLE((f+SIZE),f)
- static unsigned const smallprimes[] = {
- 2, 3, 5, 7, 11, 13, 17, 19, 23, 27, 29, 31, 37, 41, 43
- };
-
- /* Set up array for precomputed modexp */
- for (i = 0; i < sizeof(array)/sizeof(*array); i++)
- array[i] = entries[i] BIG(+ SIZE);
-
- srand64(1);
-
- puts(BIGLITTLE("Big-endian machine","Little-endian machine"));
-
- if (argc >= 2) {
- modbits = strtoul(argv[1], &p, 0);
- if (!modbits || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid modbits: %s", argv[1]));
- return usage(argv[0]);
- }
- }
- if (argc >= 3) {
- expbits = strtoul(argv[2], &p, 0);
- if (!expbits || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid expbits: %s", argv[2]));
- return usage(argv[0]);
- }
- expbits2 = expbits;
- }
- if (argc >= 4) {
- expbits2 = strtoul(argv[3], &p, 0);
- if (!expbits2 || *p) {
- ZRTP_LOG(1, (_ZTU_, "Invalid expbits2: %s", argv[3]));
- return usage(argv[0]);
- }
- }
- if (argc >= 5) {
- ZRTP_LOG(1, (_ZTU_, "Too many arguments: %s", argv[4]));
- return usage(argv[0]);
- }
-
-/* B is a nice not-so-little prime */
- lbnInsertBigBytes_64(B, prime, 0, sizeof(prime));
- ((unsigned char *)c)[0] = 0;
- lbnInsertBigBytes_64(B, (unsigned char *)c, sizeof(prime), 1);
- lbnExtractBigBytes_64(B, (unsigned char *)c, 0, sizeof(prime)+1);
- i = (sizeof(prime)-1)/(64/8)+1; /* Size of array in words */
- if (((unsigned char *)c)[0] ||
- memcmp(prime, (unsigned char *)c+1, sizeof(prime)) != 0)
- {
- ZRTP_LOG(3, (_ZTU_, "Input != output!: "));
- for (k = 0; k < sizeof(prime); k++)
- ZRTP_LOG(3, (_ZTU_, "%02X ", prime[k]));
- putchar('\n');
- for (k = 0; k < sizeof(prime)+1; k++)
- ZRTP_LOG(3, (_ZTU_, "%02X ", ((unsigned char *)c)[k]));
- putchar('\n');
- bnput64("p = ", B, i);
-
- }
-
- /* Timing test code - only if requested on the command line */
- if (modbits) {
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long cursec, expsec, twoexpsec, dblexpsec;
- unsigned curms, expms, twoexpms, dblexpms;
-
- expsec = twoexpsec = dblexpsec = 0;
- expms = twoexpms = dblexpms = 0;
-#endif
-
- lbnCopy_64(C,B,i);
- lbnSub1_64(C,i,1); /* C is exponent: p-1 */
-
- puts("Testing modexp with a known prime. "
- "All results should be 1.");
- bnput64("p = ", B, i);
- bnput64("p-1 = ", C, i);
- z = lbnTwoExpMod_64(A, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput64("2^(p-1) mod p = ", A, i);
- for (j = 0; j < 10; j++) {
- randnum(A,i);
- (void)lbnDiv_64(D,A,i,B,i);
-
- bnput64("a = ", A, i);
- z = lbnExpMod_64(D, A, i, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput64("a^(p-1) mod p = ", D, i);
-
- z = lbnBasePrecompBegin_64(array, (sizeof(prime)*8+4)/5, 5,
- A, i, B, i);
- if (z < 0)
- goto nomem;
- BIGLITTLE(D[-1],D[0]) = -1;
- z = lbnBasePrecompExp_64(D, (BNWORD64 const * const *)array,
- 5, C, i, B, i);
- if (z < 0)
- goto nomem;
- bnput64("a^(p-1) mod p = ", D, i);
-
- for (k = 0; k < 5; k++) {
- randnum(E,i);
- bnput64("e = ", E, i);
- z = lbnExpMod_64(D, A, i, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput64("a^e mod p = ", D, i);
- z = lbnBasePrecompExp_64(D, (BNWORD64 const * const *)array,
- 5, E, i, B, i);
- if (z < 0)
- goto nomem;
- bnput64("a^e mod p = ", D, i);
- }
- }
-
- ZRTP_LOG(3, (_ZTU_, "\n"
- "Timing exponentiations modulo a %d-bit modulus, i.e.\n"
- "2^<%d> mod <%d> bits, <%d>^<%d> mod <%d> bits and\n"
- "<%d>^<%d> * <%d>^<%d> mod <%d> bits",
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits,
- (int)modbits, (int)expbits, (int)modbits, (int)expbits2,
- (int)modbits));
-
- i = ((int)modbits-1)/64+1;
- k = ((int)expbits-1)/64+1;
- l = ((int)expbits2-1)/64+1;
- for (j = 0; j < 25; j++) {
- randnum(A,i); /* Base */
- randnum(B,k); /* Exponent */
- randnum(C,i); /* Modulus */
- randnum(D,i); /* Base2 */
- randnum(E,l); /* Exponent */
- /* Clip bases and mod to appropriate number of bits */
- t = ((BNWORD64)2<<((modbits-1)%64)) - 1;
- *(BIGLITTLE(A-i,A+i-1)) &= t;
- *(BIGLITTLE(C-i,C+i-1)) &= t;
- *(BIGLITTLE(D-i,D+i-1)) &= t;
- /* Make modulus large (msbit set) and odd (lsbit set) */
- *(BIGLITTLE(C-i,C+i-1)) |= (t >> 1) + 1;
- BIGLITTLE(C[-1],C[0]) |= 1;
-
- /* Clip exponent to appropriate number of bits */
- t = ((BNWORD64)2<<((expbits-1)%64)) - 1;
- *(BIGLITTLE(B-k,B+k-1)) &= t;
- /* Make exponent large (msbit set) */
- *(BIGLITTLE(B-k,B+k-1)) |= (t >> 1) + 1;
- /* The same for exponent 2 */
- t = ((BNWORD64)2<<((expbits2-1)%64)) - 1;
- *(BIGLITTLE(E-l,E+l-1)) &= t;
- *(BIGLITTLE(E-l,E+l-1)) |= (t >> 1) + 1;
-
- m = lbnBits_64(A, i);
- if (m > (unsigned)modbits) {
- bnput64("a = ", a, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be <= %d", m, (int)modbits));
- }
- m = lbnBits_64(B, k);
- if (m != (unsigned)expbits) {
- bnput64("b = ", b, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)expbits));
- }
- m = lbnBits_64(C, i);
- if (m != (unsigned)modbits) {
- bnput64("c = ", c, k);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)modbits));
- }
- m = lbnBits_64(D, i);
- if (m > (unsigned)modbits) {
- bnput64("d = ", d, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be <= %d", m, (int)modbits));
- }
- m = lbnBits_64(E, l);
- if (m != (unsigned)expbits2) {
- bnput64("e = ", e, i);
- ZRTP_LOG(3, (_ZTU_, "%u bits, should be %d", m, (int)expbits2));
- }
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- z = lbnTwoExpMod_64(A, B, k, C, i);
- if (z < 0)
- goto nomem;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- twoexpsec += cursec = sec(stop);
- twoexpms += curms = msec(stop);
-
- ZRTP_LOG(3, (_ZTU_, "2^<%d>:%4lu.%03u ", (int)expbits, cursec, curms));
-#else
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> ", (int)modbits, (int)expbits));
-#endif
- fflush(stdout);
-
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- z = lbnExpMod_64(A, A, i, B, k, C, i);
- if (z < 0)
- goto nomem;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- expsec += cursec = sec(stop);
- expms += curms = msec(stop);
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>:%4lu.%03u ",(int)modbits, (int)expbits, cursec, curms));
- fflush(stdout);
-
- gettime(&start);
- z = lbnDoubleExpMod_64(D, A, i, B, k, D, i, E, l,C,i);
- if (z < 0)
- goto nomem;
- gettime(&stop);
- subtime(stop, start);
- dblexpsec += cursec = sec(stop);
- dblexpms += curms = msec(stop);
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>*<%d>^<%d>:%4lu.%03u",
- (int)modbits, (int)expbits,
- (int)modbits, (int)expbits2,
- cursec, curms));
-#else
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d>*<%d>^<%d>",
- (int)modbits, (int)expbits,
- (int)modbits, (int)expbits2));
-#endif
- }
-#if CLOCK_AVAIL
- twoexpms += (twoexpsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "2^<%d> mod <%d> bits AVERAGE: %4lu.%03u s",
- (int)expbits, (int)modbits, twoexpsec/j, twoexpms/j));
- expms += (expsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> mod <%d> bits AVERAGE: %4lu.%03u s",
- (int)modbits, (int)expbits, (int)modbits, expsec/j, expms/j));
- dblexpms += (dblexpsec % j) * 1000;
- ZRTP_LOG(3, (_ZTU_, "<%d>^<%d> * <%d>^<%d> mod <%d> bits AVERAGE:"
- " %4lu.%03u s",
- (int)modbits, (int)expbits, (int)modbits,
- (int)expbits2,
- (int)modbits, dblexpsec/j, dblexpms/j));
-
- putchar('\n');
-#endif
- }
-
- puts("Beginning 1000 interations of sanity checking.\n"
- "Any output indicates a bug. No output is very strong\n"
- "evidence that all the important low-level bignum routines\n"
- "are working properly.\n");
-
- /*
- * If you change this loop to have an iteration 0, all results
- * are primted on that iteration. Useful to see what's going
- * on in case of major wierdness, but it produces a *lot* of
- * output.
- */
-#if (ZRTP_PLATFORM == ZP_WINCE) || (ZRTP_PLATFORM == ZP_SYMBIAN)
- for (j = 1; j <= 20; j++) {
-#else
- for (j = 1; j <= 1000; j++) {
-#endif
-/* Do the tests for lots of different number sizes. */
- for (i = 1; i <= SIZE/2; i++) {
- /* Make a random number i words long */
- do {
- randnum(A,i);
- } while (lbnNorm_64(A,i) < i);
-
- /* Checl lbnCmp - does a == a? */
- if (lbnCmp_64(A,A,i) || !j) {
- bnput64("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "(a <=> a) = %d", lbnCmp_64(A,A,i)));
- }
-
- memcpy(c, a, sizeof(a));
-
- /* Check that the difference, after copy, is good. */
- if (lbnCmp_64(A,C,i) || !j) {
- bnput64("a = ", A, i);
- bnput64("c = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_64(A,C,i)));
- }
-
- /* Generate a non-zero random t */
- do {
- t = rand64();
- } while (!t);
-
- /*
- * Add t to A. Check that:
- * - lbnCmp works in both directions, and
- * - A + t is greater than A. If there was a carry,
- * the result, less the carry, should be *less*
- * than A.
- */
- carry = lbnAdd1_64(A,i,t);
- if (lbnCmp_64(A,C,i) + lbnCmp_64(C,A,i) != 0 ||
- lbnCmp_64(A,C,i) != (carry ? -1 : 1) || !j)
- {
- bnput64("c = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- bnput64("a = c+t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "carry = %lX", (unsigned long)carry));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_64(A,C,i)));
- ZRTP_LOG(3, (_ZTU_, "(c <=> a) = %d", lbnCmp_64(C,A,i)));
- }
-
- /* Subtract t again */
- memcpy(d, a, sizeof(a));
- borrow = lbnSub1_64(A,i,t);
-
- if (carry != borrow || lbnCmp_64(A,C,i) || !j) {
- bnput64("a = ", C, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- lbnAdd1_64(A,i,t);
- bnput64("a += t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- lbnSub1_64(A,i,t);
- bnput64("a -= t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_64(A,C,i)));
- }
-
- /* Generate a random B */
- do {
- randnum(B,i);
- } while (lbnNorm_64(B,i) < i);
-
- carry = lbnAddN_64(A,B,i);
- memcpy(d, a, sizeof(a));
- borrow = lbnSubN_64(A,B,i);
-
- if (carry != borrow || lbnCmp_64(A,C,i) || !j) {
- bnput64("a = ", C, i);
- bnput64("b = ", B, i);
- bnput64("a += b = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- bnput64("a -= b = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_64(A,C,i)));
- }
-
- /* D = B * t */
- lbnMulN1_64(D, B, i, t);
- memcpy(e, d, sizeof(e));
- /* D = A + B * t, "carry" is overflow */
- borrow = *(BIGLITTLE(D-i-1,D+i)) += lbnAddN_64(D,A,i);
-
- carry = lbnMulAdd1_64(A, B, i, t);
-
- /* Did MulAdd get the same answer as mul then add? */
- if (carry != borrow || lbnCmp_64(A, D, i) || !j) {
- bnput64("a = ", C, i);
- bnput64("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "t = %lX", (unsigned long)t));
- bnput64("e = b * t = ", E, i+1);
- bnput64(" a + e = ", D, i+1);
- bnput64("a + b * t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "carry = %lX", (unsigned long)carry));
- }
-
- memcpy(d, a, sizeof(a));
- borrow = lbnMulSub1_64(A, B, i, t);
-
- /* Did MulSub perform the inverse of MulAdd */
- if (carry != borrow || lbnCmp_64(A,C,i) || !j) {
- bnput64(" a = ", C, i);
- bnput64(" b = ", B, i);
- bnput64("a += b*t = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "Carry = %lX", (unsigned long)carry));
- bnput64("a -= b*t = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "Borrow = %lX", (unsigned long)borrow));
- ZRTP_LOG(3, (_ZTU_, "(a <=> c) = %d", lbnCmp_64(A,C,i)));
- bnput64("b*t = ", E, i+1);
- }
- /* At this point we're done with t, so it's scratch */
-#if 0
-/* Extra debug code */
- lbnMulN1_64(C, A, i, BIGLITTLE(B[-1],B[0]));
- bnput64("a * b[0] = ", C, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_64(BIGLITTLE(C-k,C+k), A, i,
- *(BIGLITTLE(B-1-k,B+k)));
- *(BIGLITTLE(C-i-k,C+i+k)) = carry;
- bnput64("a * b[x] = ", C, i+k+1);
- }
-
- lbnMulN1_64(D, B, i, BIGLITTLE(A[-1],A[0]));
- bnput64("b * a[0] = ", D, i+1);
- for (k = 1; k < i; k++) {
- carry = lbnMulAdd1_64(BIGLITTLE(D-k,D+k), B, i,
- *(BIGLITTLE(A-1-k,A+k)));
- *(BIGLITTLE(D-i-k,D+i+k)) = carry;
- bnput64("b * a[x] = ", D, i+k+1);
- }
-#endif
- /* Does Mul work both ways symmetrically */
- lbnMul_64(C,A,i,B,i);
- lbnMul_64(D,B,i,A,i);
- if (lbnCmp_64(C,D,i+i) || !j) {
- bnput64("a = ", A, i);
- bnput64("b = ", B, i);
- bnput64("a * b = ", C, i+i);
- bnput64("b * a = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "(a*b <=> b*a) = %d", lbnCmp_64(C,D,i+i)));
- }
- /* Check multiplication modulo some small things */
- /* 30030 = 2*3*5*11*13 */
- k = lbnModQ_64(C, i+i, 30030);
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_64(C, i+i, m);
- carry = lbnModQ_64(A, i, m);
- borrow = lbnModQ_64(B, i, m);
- if (t != (carry * borrow) % m) {
- bnput64("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "a mod %u = %u", m, (unsigned)carry));
- bnput64("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "b mod %u = %u", m, (unsigned)borrow));
- bnput64("a*b = ", C, i+i);
- ZRTP_LOG(3, (_ZTU_, "a*b mod %u = %u", m, (unsigned)t));
- ZRTP_LOG(3, (_ZTU_, "expected %u", (unsigned)((carry*borrow)%m)));
- }
- /* Verify that (C % 30030) % m == C % m */
- if (m <= 13 && t != k % m) {
- ZRTP_LOG(3, (_ZTU_, "c mod 30030 = %u mod %u= %u", k, m, k%m));
- ZRTP_LOG(3, (_ZTU_, "c mod %u = %u", m, (unsigned)t));
- }
- }
-
- /* Generate an F less than A and B */
- do {
- randnum(F,i);
- } while (lbnCmp_64(F,A,i) >= 0 ||
- lbnCmp_64(F,B,i) >= 0);
-
- /* Add F to D (remember, D = A*B) */
- lbnAdd1_64(BIGLITTLE(D-i,D+i), i, lbnAddN_64(D, F, i));
- memcpy(c, d, sizeof(d));
-
- /*
- * Divide by A and check that quotient and remainder
- * match (remainder should be F, quotient should be B)
- */
- t = lbnDiv_64(E,C,i+i,A,i);
- if (t || lbnCmp_64(E,B,i) || lbnCmp_64(C, F, i) || !j) {
- bnput64("a = ", A, i);
- bnput64("b = ", B, i);
- bnput64("f = ", F, i);
- bnput64("a * b + f = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "qhigh = %lX", (unsigned long)t));
- bnput64("(a*b+f) / a = ", E, i);
- bnput64("(a*b+f) % a = ", C, i);
- }
-
- memcpy(c, d, sizeof(d));
-
- /* Divide by B and check similarly */
- t = lbnDiv_64(E,C,i+i,B,i);
- if (lbnCmp_64(E,A,i) || lbnCmp_64(C, F, i) || !j) {
- bnput64("a = ", A, i);
- bnput64("b = ", B, i);
- bnput64("f = ", F, i);
- bnput64("a * b + f = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "qhigh = %lX", (unsigned long)t));
- bnput64("(a*b+f) / b = ", E, i);
- bnput64("(a*b+f) % b = ", C, i);
- }
-
- /* Check that A*A == A^2 */
- lbnMul_64(C,A,i,A,i);
- lbnSquare_64(D,A,i);
- if (lbnCmp_64(C,D,i+i) || !j) {
- bnput64("a*a = ", C, i+i);
- bnput64("a^2 = ", D, i+i);
- ZRTP_LOG(3, (_ZTU_, "(a * a == a^2) = %d", lbnCmp_64(C,D,i+i)));
- }
-
- /* Compute a GCD */
- lbnCopy_64(C,A,i);
- lbnCopy_64(D,B,i);
- z = lbnGcd_64(C, i, D, i, &k);
- if (z < 0)
- goto nomem;
- /* z = 1 if GCD in D; z = 0 if GCD in C */
-
- /* Approximate check that the GCD came out right */
- for (l = 0;
- l < sizeof(smallprimes)/sizeof(*smallprimes);
- l++)
- {
- m = smallprimes[l];
- t = lbnModQ_64(z ? D : C, k, m);
- carry = lbnModQ_64(A, i, m);
- borrow = lbnModQ_64(B, i, m);
- if (!t != (!carry && !borrow)) {
- bnput64("a = ", A, i);
- ZRTP_LOG(3, (_ZTU_, "a mod %u = %u", m, (unsigned)carry));
- bnput64("b = ", B, i);
- ZRTP_LOG(3, (_ZTU_, "b mod %u = %u", m, (unsigned)borrow));
- bnput64("gcd(a,b) = ", z ? D : C, k);
- ZRTP_LOG(3, (_ZTU_, "gcd(a,b) mod %u = %u", m, (unsigned)t));
- }
- }
-
-
- /*
- * Do some Montgomery operations
- * Start with A > B, and also place a copy of B into C.
- * Then make A odd so it can be a Montgomery modulus.
- */
- if (lbnCmp_64(A, B, i) < 0) {
- memcpy(c, a, sizeof(c));
- memcpy(a, b, sizeof(a));
- memcpy(b, c, sizeof(b));
- } else {
- memcpy(c, b, sizeof(c));
- }
- BIGLITTLE(A[-1],A[0]) |= 1;
-
- /* Convert to and from */
- lbnToMont_64(B, i, A, i);
- lbnFromMont_64(B, A, i);
- if (lbnCmp_64(B, C, i)) {
- memcpy(b, c, sizeof(c));
- bnput64("mod = ", A, i);
- bnput64("input = ", B, i);
- lbnToMont_64(B, i, A, i);
- bnput64("mont = ", B, i);
- lbnFromMont_64(B, A, i);
- bnput64("output = ", B, i);
- }
- /* E = B^5 (mod A), no Montgomery ops */
- lbnSquare_64(E, B, i);
- (void)lbnDiv_64(BIGLITTLE(E-i,E+i),E,i+i,A,i);
- lbnSquare_64(D, E, i);
- (void)lbnDiv_64(BIGLITTLE(D-i,D+i),D,i+i,A,i);
- lbnMul_64(E, D, i, B, i);
- (void)lbnDiv_64(BIGLITTLE(E-i,E+i),E,i+i,A,i);
-
- /* D = B^5, using ExpMod */
- BIGLITTLE(F[-1],F[0]) = 5;
- z = lbnExpMod_64(D, B, i, F, 1, A, i);
- if (z < 0)
- goto nomem;
- if (lbnCmp_64(D, E, i) || !j) {
- bnput64("mod = ", A, i);
- bnput64("input = ", B, i);
- bnput64("input^5 = ", E, i);
- bnput64("input^5 = ", D, i);
- ZRTP_LOG(3, (_ZTU_, "a>b (x <=> y) = %d", lbnCmp_64(D,E,i)));
- }
- /* TODO: Test lbnTwoExpMod, lbnDoubleExpMod */
- } /* for (i) */
- ZRTP_LOG(3, (_ZTU_, "\r%d ", j));
- fflush(stdout);
- } /* for (j) */
- ZRTP_LOG(3, (_ZTU_, "%d iterations of up to %d 64-bit words completed.", j-1, i-1));
- return 0;
-nomem:
- ZRTP_LOG(3, (_ZTU_, "Out of memory"));
- return 1;
-}
+++ /dev/null
-#!/bin/sh
-
-aclocal
-autoconf
-
+++ /dev/null
-# Copyright (c) 1995 Colin Plumb. All rights reserved.
-# For licensing and other legal details, see the file legal.c.
-#
-./configure CFLAGS="$CFLAGS -O3 -g0 -W -Wall"
+++ /dev/null
-# Copyright (c) 1995 Colin Plumb. All rights reserved.
-# For licensing and other legal details, see the file legal.c.
-#
-./configure CFLAGS="$CFLAGS -O0 -g3"
+++ /dev/null
-dnl Copyright (c) 1995 Colin Plumb. All rights reserved.
-dnl For licensing and other legal details, see the file legal.c.
-dnl
-dnl This file in input to autoconf. It consists of a series of m4
-dnl macros which expand to produce the shell script "configure".
-dnl Anything which is not an m4 macro is copied directly to the output.
-dnl
-dnl Start things up. If the specified file doesn't exist, configure
-dnl will complain.
-AC_INIT([libbn], [0.1])
-
-dnl The following tests need to know that we intend to produce a config.h
-dnl file, even though this won't expand to any shell script code until
-dnl AC_OUTPUT time. Name it bnconfig.hin to avoid MS-LOSS.
-AC_CONFIG_HEADER(bnconfig.h:bnconfig.hin)
-
-dnl Checks for programs.
-
-# Find a compiler to use.
-# Check 1) The $CC environment varaible, 2) egcc, 3) gcc, 4) acc, and 5) cc.
-dnl This used to be just AC-CHECK-PROGS(CC, gcc acc, cc), but...
-# This deals with brain-damaged Sun systems that place a bogus cc or
-# acc executable in the $PATH, which just prints an error and exit.
-# We deal with this by actually trying to compile a trivial test program.
-if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
- AC_MSG_CHECKING(For C compiler (cached))
- CC="$ac_cv_prog_CC"
- AC_MSG_RESULT($CC)
-elif test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
- AC_MSG_CHECKING(For C compiler)
- AC_MSG_RESULT($CC)
-else
- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:"
- echo 'main(){return 0;}' > conftest.$ac_ext
- for ac_prog in egcc gcc acc cc; do
-# Extract the first word of "$ac_prog", so it can be a program name with args.
- set dummy $ac_prog; ac_word=$2
- AC_MSG_CHECKING(for $ac_word)
- for ac_dir in $PATH; do
- test -z "$ac_dir" && ac_dir=.
- if test -x "$ac_dir/$ac_word"; then
- CC="$ac_prog"
- if eval $ac_compile; then
- ac_cv_prog_CC="$ac_prog"
- fi
- break
- fi
- done
- CC="$ac_cv_prog_CC"
- if test -n "$CC"; then
- AC_MSG_RESULT($ac_dir/$CC)
- break;
- fi
- AC_MSG_RESULT(no)
- done
- if test ! -n "$CC"; then
- AC_MSG_ERROR(no C compiler found)
- fi
- IFS="$ac_save_ifs"
- rm -f conftest*
-fi
-AC_SUBST(CC)
-
-AC_CACHE_CHECK(whether we are using GNU CC, ac_cv_prog_gcc,
-[dnl The semicolon is to pacify NeXT's syntax-checking cpp.
-cat > conftest.c <<EOF
-#ifdef __GNUC__
- yes;
-#endif
-EOF
-if ${CC-cc} -E conftest.c 2>&AC_FD_CC | egrep yes >/dev/null 2>&1; then
- ac_cv_prog_gcc=yes
-else
- ac_cv_prog_gcc=no
-fi])
-
-if test $ac_cv_prog_gcc = yes; then
- if test "${CFLAGS+set}" != set; then
-AC_CACHE_CHECK(whether ${CC-cc} accepts -g, ac_cv_prog_gcc_g,
-[echo 'void f(){}' > conftest.c
-if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then
- ac_cv_prog_gcc_g=yes
-else
- ac_cv_prog_gcc_g=no
-fi
-rm -f conftest*
-])
- fi
-
- # If we're using GCC, perform some Deep Magic to enable the result to
- # link cleanly with code compiled with a compiler that doesn't understand
- # GCC's support library (-lgcc). Do a link, to relocatable object form,
- # with just -lgcc. If it's not GCC, do the normal -c thing.
- # These substitutions are used in the Makefile to force that behaviour.
- GCCMAGIC1='-Wl,-r -nostdlib'
- GCCMAGIC2=-lgcc
-else
- GCCMAGIC1=-c
- GCCMAGIC2=
-fi
-# newer gcc on debian 9 doesn't support this, and we don't need it here as its an embedded lib so we will disable this explicitly
-GCCMAGIC1=-c
-GCCMAGIC2=
-AC_SUBST(GCCMAGIC1)
-AC_SUBST(GCCMAGIC2)
-
-# Now, figure out the CFLAGS we want. If the user didn't *ask*
-# for CFLAGS, we're going to use some ideas of our own.
-if test "${CFLAGS+set}" != set; then
-
-# First, remember one useful thing that was just figured out,
-# namely whether the compiler can take -g with -O. (Most compilers
-# seem to do the opposite of what I want here - if you give both, -g
-# overrides and disables optimization.) This is only done for
-# gcc at the moment, and the no/yes combination is possible but
-# misleading
-if test $ac_cv_prog_gcc$ac_cv_prog_gcc_g = yesyes; then
- CFLAGS=-g
-else
- CFLAGS=""
-fi
-
-# Now, the whole raison d'e^tre of this library is that it's *fast*.
-# So we are *not* happy with autoconf's normal conservative compilation
-# flags. Try to figure out what kind the compiler we're using and soup
-# things up a bit. Also turn on warnings if possible.
-# If it's GCC, crank up optimization to -O6, and try to add some
-# -m options, too.
-# Otherwise, it gets even more ad-hoc, but the test below works for the
-# SunPro C compiler and cranks it up to maximum optimization.
-dnl
-dnl Note that the situation here is actually *worse* than the usual
-dnl CPU-COMPANY-SYSTEM system type can detect, because it depends on
-dnl the C compiler. For example, all of the options below (as of the
-dnl time this is written) are available on a single machine!
-dnl Using compiler-specific checks rather than config.guess seems
-dnl entirely appropriate here.
-AC_MSG_CHECKING(for useful tuning options (\$TUNE))
-if test $ac_cv_prog_gcc = yes; then
- : ${WARN="-Wall -W -Wshadow -Wpointer-arith -Wmissing-prototypes -Wwrite-strings"}
- if test "${TUNE+set}" != set; then
- TUNE=-O6
- case `$CC -v 2>&1` in
- *gcc-lib/sparc-*)
- # Try to use the architecture-detecting tool with SunPro CC.
- if bn_tune=`(fpversion -foption) 2>/dev/null`; then
- if test "$bn_tune" = xcg92 || test "$bn_tune" = cg92; then
- TUNE="$TUNE -mv8"
- elif test "$bn_tune" != xcg89 && test "$bn_tune" != cg89; then
- TUNE="$TUNE -mv8"
- bn_tune_guess=yes
- fi
- else
- TUNE="$TUNE -mv8"
- bn_tune_guess=yes
- fi
- esac
- fi
-elif $CC -flags 2>&1 | grep SunSoft >/dev/null 2>&1; then
- if test "${WARN+set}" != set; then
- if $CC -flags 2>&1 | grep 'checking' | grep '^-vc' > /dev/null 2>&1; then
- WARN=-vc
- elif $CC -flags 2>&1 | grep 'checking' | grep '^-v ' > /dev/null 2>&1; then
- WARN=-v
- fi
- if $CC -flags 2>&1 | grep '^-xstrconst' > /dev/null 2>&1; then
- WARN="${WARN}${WARN+ }-xstrconst"
- fi
- fi
- # SunPro C compiler - now grok version and platform
- if test "${TUNE+set}" != set; then
- if $CC -flags 2>&1 | grep '^-xO.*5' >/dev/null 2>&1; then
- TUNE=-xO5
- else
- TUNE=-xO4
- fi
- # Architecture: -native iv avail., else as fpversion says, else guess -mv8
- if $CC -flags 2>&1 | grep '^-native' >/dev/null 2>&1; then
- TUNE="$TUNE -native"
- elif bn_tune=`(fpversion -foption) 2>/dev/null`; then
- TUNE="$TUNE -$bn_tune"
- elif $CC -flags 2>&1 | grep '^-xcg92' >/dev/null 2>&1; then
- TUNE="$TUNE -xcg92"
- bn_tune_guess=yes
- fi
- fi
-fi
-bn_tune_set=${TUNE+set}
-# If nothing better is available, turn on -O
-: ${TUNE=-O}
-AC_MSG_RESULT(${TUNE-none})
-if test "$bn_tune_set" != set; then
- AC_MSG_WARN(not optimizing heavily - try setting \$CFLAGS)
-elif test "$bn_tune_guess" = yes; then
- AC_MSG_WARN([architecture guessed. If incorrect, use explicit \$TUNE.])
-fi
-AC_MSG_CHECKING(for useful warning options (\$WARN))
-AC_MSG_RESULT(${WARN-none})
-fi
-# ^^ End of "$(CFLAGS+set)" != set condition
-AC_SUBST(TUNE)
-AC_SUBST(WARN)
-
-# Find "ranlib". Sone systems don't have or need ranlib. If so,
-# ":" (do nothing) is used instead.
-AC_PROG_RANLIB
-
-dnl Checks for libraries.
-dnl (we don't have any)
-
-dnl Checks for header files.
-AC_HEADER_STDC
-
-if test $ac_cv_header_stdc = yes; then
- AC_DEFINE(HAVE_ASSERT_H)
- AC_DEFINE(HAVE_LIMITS_H)
- AC_DEFINE(HAVE_STDLIB_H)
- AC_DEFINE(HAVE_STRING_H)
-
-else # If non-ANSI, check for other brokenness.
-
-AC_CHECK_HEADERS(assert.h limits.h stdlib.h string.h)
-
-fi
-# ^^ End of non-ANSI header brokenness tests (first part)
-
-# Check that we have <sys/time.h> explicitly.
-AC_CHECK_HEADERS(sys/time.h)
-AC_HEADER_TIME
-
-dnl Checks for typedefs, structures, and compiler characteristics.
-# Verify that the compiler supports const, and that it works.
-# A number of compilers sort of support const, but they have bugs
-# that will prevent valid programs from compiling.
-AC_C_CONST
-
-# See if we have size_t. (If not, define it as unsigned.)
-AC_TYPE_SIZE_T
-
-dnl Checks for library functions.
-AC_CHECK_FUNCS(clock_gettime gethrvtime getrusage)
-dnl The following are for real-time clocks only as of yet.
-dnl AC_CHECK_FUNCS(clock_getres gethrtime gettimeofday getitimer setitimer ftime)
-
-# If we don't have ANSI C, see if a few functions are missing that
-# we've noticed the lack of before.
-if test $ac_cv_header_stdc = yes; then
- AC_DEFINE(HAVE_CLOCK)
- AC_DEFINE(HAVE_TIME)
- AC_DEFINE(HAVE_MEMMOVE)
- AC_DEFINE(HAVE_MEMCPY)
-else
-AC_CHECK_FUNCS(clock time memmove memcpy)
-fi
-# ^^ End of non-ANSI header brokenness tests (second part)
-
-# libzrtp - fix it back
-#AC_OUTPUT_SUBDIRS(test)
-
-# The big bang! Produce the output files. This is config.cache, and
-# config.status, which builds the config.h file and a long list of
-# Makefiles.
-dnl The value specified to AC_CONFIG_HEADER at the top if the file is
-dnl used here to produce bnconfig.h.
-AC_OUTPUT(Makefile)
-
-echo
-echo bnlib is now configured for a generic installation.
-echo If you with assembly-language support, edit the Makefile according
-echo to the instructions in README.bn.
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef CPUTIME_H
-#define CPUTIME_H
-
-/*
- * Figure out what clock to use. Each possibility can be specifically
- * enabled or disabled by predefining USE_XXX to 1 or 0. For some,
- * the code attempts to detect availability automatically. If the
- * Symbols HAVE_XXX are defined, they are used. If not, they are
- * set to reasonable default assumptions while further conditions
- * are checked. The choices, and the ways they are auto-detected are:
- * - gethrvtime(), if HAVE_GETHRVTIME is set to 1.
- * - clock_gettime(CLOCK_VIRTUAL,...), if CLOCK_VIRTUAL is defined in <time.h>
- * - getrusage(RUSAGE_SELF,...), if RUSAGE_SELF is defined in <sys/resource.h>
- * - clock(), if CLOCKS_PER_SEC or CLK_TCK are defined in <time.h>
- * - time(), unless specifically disabled.
- *
- * The symbol CLOCK_AVAIL is given a value of 1 if a clock is found.
- * The following are then available:
- * timetype (typedef): the type needed to hold a clock value.
- * gettime(t) (macro): A function that gets passed a timetype *.
- * subtime(d,s) (macro): Sets d -= s, essentially.
- * msec(t) (macro): Given a timetype, return the number of milliseconds
- * in it, as an unsigned integer between 0 and 999.
- * sec(t) (macro): Given a timetype, return the number of seconds in it,
- * as an unsigned long integer.
- *
- * This is written to accomocate a number of crufy old preprocessors that:
- * - Emit annoying warnings if you use "#if NOT_DEFINED".
- * (Workaround: #ifndef FOO / #define FOO 0 / #endif)
- * - Emit annoying warnings if you #undef something not defined.
- * (Workaround: #ifdef FOO / #undef FOO / #endif)
- * - Don't like spaces in "# define" and the like.
- * (Workaround: harder-to-read code with no indentation.)
- */
-
-/* We expect that our caller has already #included "bnconfig.h" if possible. */
-
-#ifndef unix
-#define unix 0
-#endif
-#ifndef __unix
-#define __unix 0
-#endif
-#ifndef __unix__
-#define __unix__ 0
-#endif
-
-#ifdef UNIX
-/* Nothing */
-#elif unix
-#define UNIX 1
-#elif __unix
-#define UNIX 1
-#elif __unix__
-#define UNIX 1
-#endif
-
-#ifndef UNIX
-#define UNIX 0
-#endif
-
-#ifndef TIME_WITH_SYS_TIME
-#define TIME_WITH_SYS_TIME 1 /* Assume true if not told */
-#endif
-#ifndef HAVE_SYS_TIME_H
-#define HAVE_SYS_TIME_H 1 /* Assume true if not told */
-#endif
-
-/*
- * Include <time.h> unless that would prevent us from later including
- * <sys/time.h>, in which case include *that* immediately.
- */
-#if TIME_WITH_SYS_TIME
-#include <time.h>
-#elif HAVE_SYS_TIME_H
-#include <sys/time.h>
-#else
-#include <time.h>
-#endif
-
-/* Do we want to use gethrvtime() (a Solaris special?) */
-#ifndef USE_GETHRVTIME
-#ifdef HAVE_GETHRVTIME
-#define USE_GETHRVTIME HAVE_GETHRVTIME
-#else
-#define USE_GETHRVTIME 0
-#endif
-#endif
-
-/* If we do want to use gethrvtime(), define the functions */
-#if USE_GETHRVTIME
-#define CLOCK_AVAIL 1
-typedef hrtime_t timetype;
-#define gettime(t) *(t) = gethrvtime()
-#define subtime(d,s) d -= s
-#define msec(t) (unsigned)((t/1000000)%1000)
-#define sec(t) (unsigned long)(t/1000000000)
-
-#else /* !USE_GETHRVTIME, extends to end of file */
-
-/* Do we want to use clock_gettime()? */
-#ifndef USE_CLOCK_GETTIME
-#ifndef HAVE_CLOCK_GETTIME
-#define HAVE_CLOCK_GETTIME 1 /* Assume the CLOCK_VIRTUAL test will catch */
-#endif
-/*
- * It turns out to be non-ANSI to use the apparently simpler construct
- * "#define USE_CLOCK_GETTIME defined(CLOCK_VIRTUAL)", since
- * "If the token defined is generated as a result of this replacement
- * process or use of the defined unary operator does not match one
- * of the two specified forms prior ro macro replacement, the behaviour
- * is undefined." (ANSI/ISO 9899-1990 section 6.8.1)
- * In practice, it breaks the DEC Alpha compiler.
- */
-#if HAVE_CLOCK_GETTIME
-#ifdef CLOCK_VIRTUAL
-#define USE_CLOCK_GETTIME 1
-#endif
-#endif
-#endif
-
-/* If we do want to use clock_gettime(), define the necessary functions */
-#if USE_CLOCK_GETTIME
-#define CLOCK_AVAIL 1
-typedef struct timespec timetype;
-#define gettime(t) clock_gettime(CLOCK_VIRTUAL, t)
-#define subtime(d,s) \
- d.tv_sec -= s.tv_sec + (d.tv_nsec >= s.tv_nsec ? \
- (d.tv_nsec -= s.tv_nsec, 0) : \
- (d.tv_nsec += 1000000000-s.tv_nsec, 1))
-#define msec(t) (unsigned)(t.tv_nsec/1000000)
-#define sec(t) (unsigned long)(t.tv_sec)
-
-#else /* !USE_CLOCK_GETTIME, extends to end of file */
-
-#if UNIX
-#ifndef HAVE_GETRUSAGE
-#define HAVE_GETRUSAGE 1
-#endif
-#endif /* UNIX */
-
-/* Do we want to use getrusage()? */
-#if HAVE_GETRUSAGE
-#if TIME_WITH_SYS_TIME
-#ifndef HAVE_SYS_TIME_H /* If it's not defined */
-#include <sys/time.h>
-#elif HAVE_SYS_TIME_H /* Or it's defined true */
-#include <sys/time.h>
-#endif
-#endif /* TIME_WITH_SYS_TIME */
-#include <sys/resource.h>
-
-#ifdef RUSAGE_SELF
-#undef USE_GETRUSAGE
-#define USE_GETRUSAGE 1
-#endif
-#endif /* HAVE_GETRUSAGE */
-
-/* If we do want to use getrusage(), define the necessary functions */
-#if USE_GETRUSAGE
-#define CLOCK_AVAIL 1
-typedef struct rusage timetype;
-#define gettime(t) getrusage(RUSAGE_SELF, t);
-#define subtime(d, s) \
- d.ru_utime.tv_sec -= s.ru_utime.tv_sec + \
- (d.ru_utime.tv_usec >= s.ru_utime.tv_usec ? \
- (d.ru_utime.tv_usec -= s.ru_utime.tv_usec, 0) : \
- (d.ru_utime.tv_usec += 1000000-s.ru_utime.tv_usec, 1))
-#define msec(t) (unsigned)(t.ru_utime.tv_usec/1000)
-#define sec(t) (unsigned long)(t.ru_utime.tv_sec)
-
-#else /* !USE_GETRUSAGE, extends to end of file */
-
-#ifndef HAVE_CLOCK
-#define HAVE_CLOCK 1
-#endif
-
-#if HAVE_CLOCK
-#ifndef CLOCKS_PER_SEC
-#ifdef CLK_TCK
-#define CLOCKS_PER_SEC CLK_TCK
-#endif
-#endif /* !defined(CLOCKS_PER_SEC) */
-
-#ifndef USE_CLOCK
-#ifdef CLOCKS_PER_SEC
-#define USE_CLOCK 1
-#endif
-#endif /* !defined(USE_CLOCK) */
-#endif /* HAVE_CLOCK */
-
-/* If we want to use clock(), define the necessary functions */
-#if USE_CLOCK
-#define CLOCK_AVAIL 1
-typedef clock_t timetype;
-#define gettime(t) *(t) = clock()
-#define subtime(d, s) d -= s
-/*
- * I don't like having to do floating point math. CLOCKS_PER_SEC is
- * almost always an integer, and the most common non-integral case is
- * the MS-DOS wierdness of 18.2. We have to be a bit careful with the
- * casts, because ANSI C doesn't provide % with non-integral operands,
- * but just to be extra annoying, some implementations define it as an
- * integral-valued float. (E.g. Borland C++ 4.5 with 1000.0)
- */
-#if ((unsigned)CLOCKS_PER_SEC == CLOCKS_PER_SEC)
- /* Integer CLOCKS_PER_SEC */
-
-#define sec(t) (unsigned long)(t/CLOCKS_PER_SEC)
-#define msec(t) (unsigned)(t % (unsigned)CLOCKS_PER_SEC * 1000 / \
- (unsigned)CLOCKS_PER_SEC)
-#elif (CLOCKS_PER_SEC == 18.2)
- /* MS-DOS-ism */
-
-#define sec(t) (unsigned long)(t*5 / 91)
-#define msec(t) (unsigned)(t*5 % 91 * 1000 / 91)
-
-#else /* We are forced to muck with floating point.... */
-
-#include <math.h> /* For floor() */
-#define sec(t) (unsigned long)(t/CLOCKS_PER_SEC)
-#define msec(t) (unsigned)((t - sec(t)*CLOCKS_PER_SEC) * 1000 / CLOCKS_PER_SEC)
-
-#endif
-
-#else /* !USE_CLOCK, extends to end of file */
-
-#ifndef HAVE_TIME
-#define HAVE_TIME 1
-#endif
-
-#if HAVE_TIME
-#ifndef USE_TIME
-#define USE_TIME 1
-#endif
-#endif
-
-#if USE_TIME
-#define CLOCK_AVAIL 1
-typedef time_t timetype;
-#define gettime(t) time(t)
-#define subtime(d, s) d -= s
-#define msec(t) (unsigned)0
-#define sec(t) (unsigned long)t
-
-#else /* !USE_TIME, extends to end of file */
-
-#error No clock available.
-
-#endif /* USE_TIME */
-#endif /* USE_CLOCK */
-#endif /* USE_GETRUSAGE */
-#endif /* USE_CLOCK_GETTIME */
-#endif /* USE_GETHRVTIME */
-
-#endif /*CPUTIME_H*/
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Sophie Germain prime generation using the bignum library and sieving.
- */
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#define BNDEBUG 1
-#ifndef BNDEBUG
-#define BNDEBUG 0
-#endif
-#if BNDEBUG
-#include <stdio.h>
-#endif
-
-#include "bn.h"
-#include "germain.h"
-#include "jacobi.h"
-#include "lbnmem.h" /* For lbnMemWipe */
-#include "sieve.h"
-
-#include "kludge.h"
-
-/* Size of the sieve area (can be up to 65536/8 = 8192) */
-#define SIEVE 8192
-
-static unsigned const confirm[] = {2, 3, 5, 7, 11, 13, 17};
-#define CONFIRMTESTS (sizeof(confirm)/sizeof(*confirm))
-
-#if BNDEBUG
-/*
- * For sanity checking the sieve, we check for small divisors of the numbers
- * we get back. This takes "rem", a partially reduced form of the prime,
- * "div" a divisor to check for, and "order", a parameter of the "order"
- * of Sophie Germain primes (0 = normal primes, 1 = Sophie Germain primes,
- * 2 = 4*p+3 is also prime, etc.) and does the check. It just complains
- * to stdout if the check fails.
- */
-static void
-germainSanity(unsigned rem, unsigned div, unsigned order)
-{
- unsigned mul = 1;
-
- rem %= div;
- if (!rem)
- printf("bn div by %u!\n", div);
- while (order--) {
- rem += rem+1;
- if (rem >= div)
- rem -= div;
- mul += mul;
- if (!rem)
- printf("%u*bn+%u div by %u!\n", mul, mul-1, div);
- }
-}
-#endif /* BNDEBUG */
-
-/*
- * Helper function that does the slow primality test.
- * bn is the input bignum; a, e and bn2 are temporary buffers that are
- * allocated by the caller to save overhead. bn2 is filled with
- * a copy of 2^order*bn+2^order-1 if bn is found to be prime.
- *
- * Returns 0 if both bn and bn2 are prime, >0 if not prime, and -1 on
- * error (out of memory). If not prime, the return value is the number
- * of modular exponentiations performed. Prints a '+' or '-' on the
- * given FILE (if any) for each test that is passed by bn, and a '*'
- * for each test that is passed by bn2.
- *
- * The testing consists of strong pseudoprimality tests, to the bases given
- * in the confirm[] array above. (Also called Miller-Rabin, although that's
- * not technically correct if we're using fixed bases.) Some people worry
- * that this might not be enough. Number theorists may wish to generate
- * primality proofs, but for random inputs, this returns non-primes with
- * a probability which is quite negligible, which is good enough.
- *
- * It has been proved (see Carl Pomerance, "On the Distribution of
- * Pseudoprimes", Math. Comp. v.37 (1981) pp. 587-593) that the number of
- * pseudoprimes (composite numbers that pass a Fermat test to the base 2)
- * less than x is bounded by:
- * exp(ln(x)^(5/14)) <= P_2(x) ### CHECK THIS FORMULA - it looks wrong! ###
- * P_2(x) <= x * exp(-1/2 * ln(x) * ln(ln(ln(x))) / ln(ln(x))).
- * Thus, the local density of Pseudoprimes near x is at most
- * exp(-1/2 * ln(x) * ln(ln(ln(x))) / ln(ln(x))), and at least
- * exp(ln(x)^(5/14) - ln(x)). Here are some values of this function
- * for various k-bit numbers x = 2^k:
- * Bits Density <= Bit equivalent Density >= Bit equivalent
- * 128 3.577869e-07 21.414396 4.202213e-37 120.840190
- * 192 4.175629e-10 31.157288 4.936250e-56 183.724558
- * 256 5.804314e-13 40.647940 4.977813e-75 246.829095
- * 384 1.578039e-18 59.136573 3.938861e-113 373.400096
- * 512 5.858255e-24 77.175803 2.563353e-151 500.253110
- * 768 1.489276e-34 112.370944 7.872825e-228 754.422724
- * 1024 6.633188e-45 146.757062 1.882404e-304 1008.953565
- *
- * As you can see, there's quite a bit of slop between these estimates.
- * In fact, the density of pseudoprimes is conjectured to be closer to the
- * square of that upper bound. E.g. the density of pseudoprimes of size
- * 256 is around 3 * 10^-27. The density of primes is very high, from
- * 0.005636 at 256 bits to 0.001409 at 1024 bits, i.e. more than 10^-3.
- *
- * For those people used to cryptographic levels of security where the
- * 56 bits of DES key space is too small because it's exhaustible with
- * custom hardware searching engines, note that you are not generating
- * 50,000,000 primes per second on each of 56,000 custom hardware chips
- * for several hours. The chances that another Dinosaur Killer asteroid
- * will land today is about 10^-11 or 2^-36, so it would be better to
- * spend your time worrying about *that*. Well, okay, there should be
- * some derating for the chance that astronomers haven't seen it yet,
- * but I think you get the idea. For a good feel about the probability
- * of various events, I have heard that a good book is by E'mile Borel,
- * "Les Probabilite's et la vie". (The 's are accents, not apostrophes.)
- *
- * For more on the subject, try "Finding Four Million Large Random Primes",
- * by Ronald Rivest, in Advancess in Cryptology: Proceedings of Crypto
- * '90. He used a small-divisor test, then a Fermat test to the base 2,
- * and then 8 iterations of a Miller-Rabin test. About 718 million random
- * 256-bit integers were generated, 43,741,404 passed the small divisor
- * test, 4,058,000 passed the Fermat test, and all 4,058,000 passed all
- * 8 iterations of the Miller-Rabin test, proving their primality beyond
- * most reasonable doubts.
- *
- * If the probability of getting a pseudoprime is some small p, then the
- * probability of not getting it in t trials is (1-p)^t. Remember that,
- * for small p, (1-p)^(1/p) ~ 1/e, the base of natural logarithms.
- * (This is more commonly expressed as e = lim_{x\to\infty} (1+1/x)^x.)
- * Thus, (1-p)^t ~ e^(-p*t) = exp(-p*t). So the odds of being able to
- * do this many tests without seeing a pseudoprime if you assume that
- * p = 10^-6 (one in a million) is one in 57.86. If you assume that
- * p = 2*10^-6, it's one in 3347.6. So it's implausible that the density
- * of pseudoprimes is much more than one millionth the density of primes.
- *
- * He also gives a theoretical argument that the chance of finding a
- * 256-bit non-prime which satisfies one Fermat test to the base 2 is
- * less than 10^-22. The small divisor test improves this number, and
- * if the numbers are 512 bits (as needed for a 1024-bit key) the odds
- * of failure shrink to about 10^-44. Thus, he concludes, for practical
- * purposes *one* Fermat test to the base 2 is sufficient.
- */
-static int
-germainPrimeTest(struct BigNum const *bn, struct BigNum *bn2, struct BigNum *e,
- struct BigNum *a, unsigned order, int (*f)(void *arg, int c), void *arg)
-{
- int err;
- unsigned i;
- int j;
- unsigned k, l, n;
-
-#if BNDEBUG /* Debugging */
- /*
- * This is debugging code to test the sieving stage.
- * If the sieving is wrong, it will let past numbers with
- * small divisors. The prime test here will still work, and
- * weed them out, but you'll be doing a lot more slow tests,
- * and presumably excluding from consideration some other numbers
- * which might be prime. This check just verifies that none
- * of the candidates have any small divisors. If this
- * code is enabled and never triggers, you can feel quite
- * confident that the sieving is doing its job.
- */
- i = bnLSWord(bn);
- if (!(i % 2)) printf("bn div by 2!");
- i = bnModQ(bn, 51051); /* 51051 = 3 * 7 * 11 * 13 * 17 */
- germainSanity(i, 3, order);
- germainSanity(i, 7, order);
- germainSanity(i, 11, order);
- germainSanity(i, 13, order);
- germainSanity(i, 17, order);
- i = bnModQ(bn, 63365); /* 63365 = 5 * 19 * 23 * 29 */
- germainSanity(i, 5, order);
- germainSanity(i, 19, order);
- germainSanity(i, 23, order);
- germainSanity(i, 29, order);
- i = bnModQ(bn, 47027); /* 47027 = 31 * 37 * 41 */
- germainSanity(i, 31, order);
- germainSanity(i, 37, order);
- germainSanity(i, 41, order);
-#endif
- /*
- * First, check whether bn is prime. This uses a fast primality
- * test which usually obviates the need to do one of the
- * confirmation tests later. See prime.c for a full explanation.
- * We check bn first because it's one bit smaller, saving one
- * modular squaring, and because we might be able to save another
- * when testing it. (1/4 of the time.) A small speed hack,
- * but finding big Sophie Germain primes is *slow*.
- */
- if (bnCopy(e, bn) < 0)
- return -1;
- (void)bnSubQ(e, 1);
- l = bnLSWord(e);
-
- j = 1; /* Where to start in prime array for strong prime tests */
-
- if (l & 7) {
- bnRShift(e, 1);
- if (bnTwoExpMod(a, e, bn) < 0)
- return -1;
- if ((l & 7) == 6) {
- /* bn == 7 mod 8, expect +1 */
- if (bnBits(a) != 1)
- return 1; /* Not prime */
- k = 1;
- } else {
- /* bn == 3 or 5 mod 8, expect -1 == bn-1 */
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn) != 0)
- return 1; /* Not prime */
- k = 1;
- if (l & 4) {
- /* bn == 5 mod 8, make odd for strong tests */
- bnRShift(e, 1);
- k = 2;
- }
- }
- } else {
- /* bn == 1 mod 8, expect 2^((bn-1)/4) == +/-1 mod bn */
- bnRShift(e, 2);
- if (bnTwoExpMod(a, e, bn) < 0)
- return -1;
- if (bnBits(a) == 1) {
- j = 0; /* Re-do strong prime test to base 2 */
- } else {
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn) != 0)
- return 1; /* Not prime */
- }
- k = 2 + bnMakeOdd(e);
- }
-
-
- /*
- * It's prime! Now check higher-order forms bn2 = 2*bn+1, 4*bn+3,
- * etc. Since bn2 == 3 mod 4, a strong pseudoprimality test boils
- * down to looking at a^((bn2-1)/2) mod bn and seeing if it's +/-1.
- * (+1 if bn2 is == 7 mod 8, -1 if it's == 3)
- * Of course, that exponent is just the previous bn2 or bn...
- */
- if (bnCopy(bn2, bn) < 0)
- return -1;
- for (n = 0; n < order; n++) {
- /*
- * Print a success indicator: the sign of Jacobi(2,bn2),
- * which is available to us in l. bn2 = 2*bn + 1. Since bn
- * is odd, bn2 must be == 3 mod 4, so the options modulo 8
- * are 3 and 7. 3 if l == 1 mod 4, 7 if l == 3 mod 4.
- * The sign of the Jacobi symbol is - and + for these cases,
- * respectively.
- */
- if (f && (err = f(arg, "-+"[(l >> 1) & 1])) < 0)
- return err;
- /* Exponent is previous bn2 */
- if (bnCopy(e, bn2) < 0 || bnLShift(bn2, 1) < 0)
- return -1;
- (void)bnAddQ(bn2, 1); /* Can't overflow */
- if (bnTwoExpMod(a, e, bn2) < 0)
- return -1;
- if (n | l) { /* Expect + */
- if (bnBits(a) != 1)
- return 2+n; /* Not prime */
- } else {
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn2) != 0)
- return 2+n; /* Not prime */
- }
- l = bnLSWord(bn2);
- }
-
- /* Final success indicator - it's in the bag. */
- if (f && (err = f(arg, '*')) < 0)
- return err;
-
- /*
- * Success! We have found a prime! Now go on to confirmation
- * tests... k is an amount by which we know it's safe to shift
- * down e. j = 1 unless the test to the base 2 could stand to be
- * re-done (it wasn't *quite* a strong test), in which case it's 0.
- *
- * Here, we do the full strong pseudoprimality test. This proves
- * that a number is composite, or says that it's probably prime.
- *
- * For the given base a, find bn-1 = 2^k * e, then find
- * x == a^e (mod bn).
- * If x == +1 -> strong pseudoprime to base a
- * Otherwise, repeat k times:
- * If x == -1, -> strong pseudoprime
- * x = x^2 (mod bn)
- * If x = +1 -> composite
- * If we reach the end of the iteration and x is *not* +1, at the
- * end, it is composite. But it's also composite if the result
- * *is* +1. Which means that the squaring actually only has to
- * proceed k-1 times. If x is not -1 by then, it's composite
- * no matter what the result of the squaring is.
- *
- * For the multiples 2*bn+1, 4*bn+3, etc. then k = 1 (and e is
- * the previous multiple of bn) so the squaring loop is never
- * actually executed at all.
- */
- for (i = j; i < CONFIRMTESTS; i++) {
- if (bnCopy(e, bn) < 0)
- return -1;
- bnRShift(e, k);
- k += bnMakeOdd(e);
- (void)bnSetQ(a, confirm[i]);
- if (bnExpMod(a, a, e, bn) < 0)
- return -1;
-
- if (bnBits(a) != 1) {
- l = k;
- for (;;) {
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn) == 0) /* Was result bn-1? */
- break; /* Prime */
- if (!--l)
- return (1+order)*i+2; /* Fail */
- /* This part is executed once, on average. */
- (void)bnSubQ(a, 1); /* Restore a */
- if (bnSquare(a, a) < 0 || bnMod(a, a, bn) < 0)
- return -1;
- if (bnBits(a) == 1)
- return (1+order)*i+1; /* Fail */
- }
- }
-
- if (bnCopy(bn2, bn) < 0)
- return -1;
-
- /* Only do the following if we're not re-doing base 2 */
- if (i) for (n = 0; n < order; n++) {
- if (bnCopy(e, bn2) < 0 || bnLShift(bn2, 1) < 0)
- return -1;
- (void)bnAddQ(bn2, 1);
-
- /* Print success indicator for previous test */
- j = bnJacobiQ(confirm[i], bn2);
- if (f && (err = f(arg, j < 0 ? '-' : '+')) < 0)
- return err;
-
- /* Check that p^e == Jacobi(p,bn2) (mod bn2) */
- (void)bnSetQ(a, confirm[i]);
- if (bnExpMod(a, a, e, bn2) < 0)
- return -1;
- /*
- * FIXME: Actually, we don't need to compute the
- * Jacobi symbol externally... it never happens that
- * a = +/-1 but it's the wrong one. So we can just
- * look at a and use its sign. Find a proof somewhere.
- */
- if (j < 0) {
- /* Not a Q.R., should have a = bn2-1 */
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn2) != 0) /* Was result bn2-1? */
- return (1+order)*i+n+2; /* Fail */
- } else {
- /* Quadratic residue, should have a = 1 */
- if (bnBits(a) != 1)
- return (1+order)*i+n+2; /* Fail */
- }
- }
- /* Final success indicator for the base confirm[i]. */
- if (f && (err = f(arg, '*')) < 0)
- return err;
- }
-
- return 0; /* Prime! */
-}
-
-/*
- * Add x*y to bn, which is usually (but not always) < 65536.
- * Do it in a simple linear manner.
- */
-static int
-bnAddMult(struct BigNum *bn, unsigned long x, unsigned y)
-{
- unsigned long z = (unsigned long)x * y;
-
- while (z > 65535) {
- if (bnAddQ(bn, 65535) < 0)
- return -1;
- z -= 65535;
- }
- return bnAddQ(bn, (unsigned)z);
-}
-
-/*
- * Modifies the bignum to return the next Sophie Germain prime >= the
- * input value. Sohpie Germain primes are number such that p is
- * prime and 2*p+1 is also prime.
- *
- * This is actually parameterized: it generates primes p such that "order"
- * multiples-plus-two are also prime, 2*p+1, 2*(2*p+1)+1 = 4*p+3, etc.
- *
- * Returns >=0 on success or -1 on failure (out of memory). On success,
- * the return value is the number of modular exponentiations performed
- * (excluding the final confirmations). This never gives up searching.
- *
- * The FILE *f argument, if non-NULL, has progress indicators written
- * to it. A dot (.) is written every time a primeality test is failed,
- * a plus (+) or minus (-) when the smaller prime of the pair passes a
- * test, and a star (*) when the larger one does. Finally, a slash (/)
- * is printed when the sieve was emptied without finding a prime and is
- * being refilled.
- *
- * Apologies to structured programmers for all the GOTOs.
- */
-int
-germainPrimeGen(struct BigNum *bn, unsigned order,
- int (*f)(void *arg, int c), void *arg)
-{
- int retval;
- unsigned p, prev;
- unsigned inc;
- struct BigNum a, e, bn2;
- int modexps = 0;
-#ifdef MSDOS
- unsigned char *sieve;
-#else
- unsigned char sieve[SIEVE];
-#endif
-
-#ifdef MSDOS
- sieve = lbnMemAlloc(SIEVE);
- if (!sieve)
- return -1;
-#endif
-
- bnBegin(&a);
- bnBegin(&e);
- bnBegin(&bn2);
-
- /*
- * Obviously, the prime we find must be odd. Further, if 2*p+1
- * is also to be prime (order > 0) then p != 1 (mod 3), lest
- * 2*p+1 == 3 (mod 3). Added to p != 3 (mod 3), p == 2 (mod 3)
- * and p == 5 (mod 6).
- * If order > 2 and we care about 4*p+3 and 8*p+7, then similarly
- * p == 4 (mod 5), so p == 29 (mod 30).
- * So pick the step size for searching based on the order
- * and increse bn until it's == -1 (mod inc).
- *
- * mod 7 doesn't have a unique value for p because 2 -> 5 -> 4 -> 2,
- * nor does mod 11, and I don't want to think about things past
- * that. The required order would be impractically high, in any case.
- */
- inc = order ? ((order > 2) ? 30 : 6) : 2;
- if (bnAddQ(bn, inc-1 - bnModQ(bn, inc)) < 0)
- goto failed;
-
- for (;;) {
- if (sieveBuild(sieve, SIEVE, bn, inc, order) < 0)
- goto failed;
-
- p = prev = 0;
- if (sieve[0] & 1 || (p = sieveSearch(sieve, SIEVE, p)) != 0) {
- do {
- /* Adjust bn to have the right value. */
- assert(p >= prev);
- if (bnAddMult(bn, p-prev, inc) < 0)
- goto failed;
- prev = p;
-
- /* Okay, do the strong tests. */
- retval = germainPrimeTest(bn, &bn2, &e, &a,
- order, f, arg);
- if (retval <= 0)
- goto done;
- modexps += retval;
- if (f && (retval = f(arg, '.')) < 0)
- goto done;
-
- /* And try again */
- p = sieveSearch(sieve, SIEVE, p);
- } while (p);
- }
-
- /* Ran out of sieve space - increase bn and keep trying. */
- if (bnAddMult(bn, (unsigned long)SIEVE*8-prev, inc) < 0)
- goto failed;
- if (f && (retval = f(arg, '/')) < 0)
- goto done;
- } /* for (;;) */
-
-failed:
- retval = -1;
-done:
- bnEnd(&bn2);
- bnEnd(&e);
- bnEnd(&a);
-#ifdef MSDOS
- lbnMemFree(sieve, SIEVE);
-#else
- lbnMemWipe(sieve, sizeof(sieve));
-#endif
- return retval < 0 ? retval : modexps+(order+1)*CONFIRMTESTS;
-}
-
-int
-germainPrimeGenStrong(struct BigNum *bn, struct BigNum const *step,
- unsigned order, int (*f)(void *arg, int c), void *arg)
-{
- int retval;
- unsigned p, prev;
- struct BigNum a, e, bn2;
- int modexps = 0;
-#ifdef MSDOS
- unsigned char *sieve;
-#else
- unsigned char sieve[SIEVE];
-#endif
-
-#ifdef MSDOS
- sieve = lbnMemAlloc(SIEVE);
- if (!sieve)
- return -1;
-#endif
- bnBegin(&a);
- bnBegin(&e);
- bnBegin(&bn2);
-
- for (;;) {
- if (sieveBuildBig(sieve, SIEVE, bn, step, order) < 0)
- goto failed;
-
- p = prev = 0;
- if (sieve[0] & 1 || (p = sieveSearch(sieve, SIEVE, p)) != 0) {
- do {
- /*
- * Adjust bn to have the right value,
- * adding (p-prev) * 2*step.
- */
- assert(p >= prev);
- /* Compute delta into a */
- if (bnMulQ(&a, step, p-prev) < 0)
- goto failed;
- if (bnAdd(bn, &a) < 0)
- goto failed;
- prev = p;
-
- /* Okay, do the strong tests. */
- retval = germainPrimeTest(bn, &bn2, &e, &a,
- order, f, arg);
- if (retval <= 0)
- goto done;
- modexps += retval;
- if (f && (retval = f(arg, '.')) < 0)
- goto done;
-
- /* And try again */
- p = sieveSearch(sieve, SIEVE, p);
- } while (p);
- }
-
- /* Ran out of sieve space - increase bn and keep trying. */
-#if SIEVE*8 == 65536
- /* Corner case that will never actually happen */
- if (!prev) {
- if (bnAdd(bn, step) < 0)
- goto failed;
- p = 65535;
- } else {
- p = (unsigned)(SIEVE*8 - prev);
- }
-#else
- p = SIEVE*8 - prev;
-#endif
- if (bnMulQ(&a, step, p) < 0 || bnAdd(bn, &a) < 0)
- goto failed;
- if (f && (retval = f(arg, '/')) < 0)
- goto done;
- } /* for (;;) */
-
-failed:
- retval = -1;
-done:
- bnEnd(&bn2);
- bnEnd(&e);
- bnEnd(&a);
-#ifdef MSDOS
- lbnMemFree(sieve, SIEVE);
-#else
- lbnMemWipe(sieve, sizeof(sieve));
-#endif
- return retval < 0 ? retval : modexps+(order+1)*CONFIRMTESTS;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-struct BigNum;
-
-/* Generate a Sophie Germain prime */
-int germainPrimeGen(struct BigNum *bn, unsigned order,
- int (*f)(void *arg, int c), void *arg);
-/* The same, but search for using the given step size */
-int germainPrimeGenStrong(struct BigNum *bn, struct BigNum const *step,
- unsigned order, int (*f)(void *arg, int c), void *arg);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * germtest.c - Random Sophie Germain prime generator.
- *
- * This generates random Sophie Germain primes using the command line
- * as a seed value. It uses George Marsaglia's "mother of all random
- * number generators" to (using the command line as a seed) to pick the
- * starting search value and then searches sequentially for the next
- * Sophie Germain prime p (a prime such that 2*p+1 is also prime).
- *
- * This is a really good way to burn a lot of CPU cycles.
- */
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-#include <stdio.h>
-#if !NO_STRING_H
-#include <string.h>
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include <stdlib.h> /* For malloc() */
-
-#include "bn.h"
-#include "germain.h"
-#include "sieve.h"
-
-#include "cputime.h"
-
-#define BNDEBUG 1
-
-#include "bnprint.h"
-#define bnPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-
-/*
- * Generate random numbers according to George Marsaglia's
- * Mother Of All Random Number Generators. This has a
- * period of 0x17768215025F82EA0378038A03A203CA7FFF,
- * or decimal 2043908804452974490458343567652678881935359.
- */
-static unsigned mstate[8];
-static unsigned mcarry;
-static unsigned mindex;
-
-static unsigned
-mRandom_16(void)
-{
- unsigned long t;
-
- t = mcarry +
- mstate[ mindex ] * 1941ul +
- mstate[(mindex+1)&7] * 1860ul +
- mstate[(mindex+2)&7] * 1812ul +
- mstate[(mindex+3)&7] * 1776ul +
- mstate[(mindex+4)&7] * 1492ul +
- mstate[(mindex+5)&7] * 1215ul +
- mstate[(mindex+6)&7] * 1066ul +
- mstate[(mindex+7)&7] * 12013ul;
- mcarry = (unsigned)(t >> 16); /* 0 <= mcarry <= 0x5a87 */
- mindex = (mindex-1) & 7;
- return mstate[mindex] = (unsigned)(t & 0xffff);
-}
-
-/*
- * Initialize the RNG based on the given seed.
- * A zero-length seed will produce pretty lousy numbers,
- * but it will work.
- */
-static void
-mSeed(unsigned char const *seed, unsigned len)
-{
- unsigned i;
-
- for (i = 0; i < 8; i++)
- mstate[i] = 0;
- mcarry = 1;
- while (len--) {
- mcarry += *seed++;
- (void)mRandom_16();
- }
-}
-
-
-/*
- * Generate a bignum of a specified length, with the given
- * high and low 8 bits. "High" is merged into the high 8 bits of the
- * number. For example, set it to 0x80 to ensure that the number is
- * exactly "bits" bits long (i.e. 2^(bits-1) <= bn < 2^bits).
- * "Low" is merged into the low 8 bits. For example, set it to
- * 1 to ensure that you generate an odd number. "High" is merged
- * into the high bits; set it to 0x80 to ensure that the high bit
- * is set in the returned value.
- */
-static int
-genRandBn(struct BigNum *bn, unsigned bits, unsigned char high,
-unsigned char low, unsigned char const *seed, unsigned len)
-{
- unsigned char buf[64];
- unsigned bytes;
- unsigned l = 0; /* Current position */
- unsigned t, i;
-
- bnSetQ(bn, 0);
- if (bnPrealloc(bn, bits) < 0)
- return -1;
- mSeed(seed, len);
-
- bytes = (bits+7) / 8; /* Number of bytes to use */
-
- for (i = 0; i < sizeof(buf); i += 2) {
- t = mRandom_16();
- buf[i] = (unsigned char)(t >> 8);
- buf[i+1] = (unsigned char)t;
- }
- buf[sizeof(buf)-1] |= low;
-
- while (bytes > sizeof(buf)) {
- bytes -= sizeof(buf);
- /* Merge in low half of high bits, if necessary */
- if (bytes == 1 && (bits & 7))
- buf[0] |= high << (bits & 7);
- if (bnInsertBigBytes(bn, buf, l, sizeof(buf)) < 0)
- return -1;
- l += sizeof(buf);
- for (i = 0; i < sizeof(buf); i += 2) {
- t = mRandom_16();
- buf[i] = (unsigned char)t;
- buf[i+1] = (unsigned char)(t >> 8);
- }
- }
-
- /* Do the final "bytes"-long section, using the tail bytes in buf */
- /* Mask off excess high bits */
- buf[sizeof(buf)-bytes] &= 255 >> (-bits & 7);
- /* Merge in specified high bits */
- buf[sizeof(buf)-bytes] |= high >> (-bits & 7);
- if (bytes > 1 && (bits & 7))
- buf[sizeof(buf)-bytes+1] |= high << (bits & 7);
- /* Merge in the appropriate bytes of the buffer */
- if (bnInsertBigBytes(bn, buf+sizeof(buf)-bytes, l, bytes) < 0)
- return -1;
- return 0;
-}
-
-struct Progress {
- FILE *f;
- unsigned column;
- unsigned wrap;
-};
-
-/* Print a progress indicator, with line-wrap */
-static int
-genProgress(void *arg, int c)
-{
- struct Progress *p = arg;
- if (++p->column > p->wrap) {
- putc('\n', p->f);
- p->column = 1;
- }
- putc(c, p->f);
- fflush(p->f);
- return 0;
-}
-
-static int
-genSophieGermain(struct BigNum *bn, unsigned bits, unsigned order,
- unsigned char const *seed, unsigned len, FILE *f)
-{
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long s;
-#endif
- int i;
-#if BNDEBUG
- unsigned char s1[1024], s2[1024];
-#endif
- char buf[40];
- unsigned p1, p2;
- struct BigNum step;
- struct Progress progress;
-
- if (f)
- fprintf(f, "Generating a %u-bit order-%u Sophie Germain prime with \"%.*s\"\n",
- bits, order, (int)len, (char *)seed);
- progress.f = f;
- progress.column = 0;
- progress.wrap = 78;
-
- /* Find p - choose a starting place */
- if (genRandBn(bn, bits, 0xC0, 3, seed, len) < 0)
- return -1;
-#if BNDEBUG /* DEBUG - check that sieve works properly */
- bnBegin(&step);
- bnSetQ(&step, 2);
- sieveBuild(s1, 1024, bn, 2, order);
- sieveBuildBig(s2, 1024, bn, &step, order);
- p1 = p2 = 0;
- if (s1[0] != s2[0])
- printf("Difference: s1[0] = %x s2[0] = %x\n", s1[0], s2[0]);
- do {
- p1 = sieveSearch(s1, 1024, p1);
- p2 = sieveSearch(s2, 1024, p2);
-
- if (p1 != p2)
- printf("Difference: p1 = %u p2 = %u\n", p1, p2);
- } while (p1 && p2);
-
- bnEnd(&step);
-#endif
- /* And search for a prime */
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = germainPrimeGen(bn, order, f ? genProgress : 0, (void *)&progress);
- if (i < 0)
- return -1;
-#if CLOCK_AVAIL
- gettime(&stop);
-#endif
- if (f) {
- putc('\n', f);
- fprintf(f, "%d modular exponentiations performed.\n", i);
- }
-#if CLOCK_AVAIL
- subtime(stop, start);
- s = sec(stop);
- printf("%u-bit time = %lu.%03u sec.", bits, s, msec(stop));
- if (s > 60) {
- putchar(' ');
- putchar('(');
- if (s > 3600)
- printf("%u:%02u", (unsigned)(s/3600),
- (unsigned)(s/60%60));
- else
- printf("%u", (unsigned)(s/60));
- printf(":%02u)", (unsigned)(s%60));
- }
- putchar('\n');
-#endif
-
- bnPut(" p = ", bn);
- for (p1 = 0; p1 < order; p1++) {
- if (bnLShift(bn, 1) <0)
- return -1;
- (void)bnAddQ(bn, 1);
- sprintf(buf, "%u*p+%u = ", 2u<<p1, (2u<<p1) - 1);
- bnPut(buf, bn);
- }
- return 0;
-}
-
-/* Copy the command line to the buffer. */
-static unsigned char *
-copy(int argc, char **argv, size_t *lenp)
-{
- size_t len;
- int i;
- unsigned char *buf, *p;
-
- len = argc > 2 ? (size_t)(argc-2) : 0;
- for (i = 1; i < argc; i++)
- len += strlen(argv[i]);
- *lenp = len;
- buf = malloc(len+!len); /* Can't malloc 0 bytes... */
- if (buf) {
- p = buf;
- for (i = 1; i < argc; i++) {
- if (i > 1)
- *p++ = ' ';
- len = strlen(argv[i]);
- memcpy(p, argv[i], len);
- p += len;
- }
- }
- return buf;
-}
-
-int
-main(int argc, char **argv)
-{
- unsigned len;
- struct BigNum bn;
- unsigned char *buf;
-
- if (argc < 2) {
- fprintf(stderr, "Usage: %s <seed>\n", argv[0]);
- fputs("\
-<seed> should be a a string of bytes to be hashed to seed the prime\n\
-generator. Note that unquoted whitespace between words will be counted\n\
-as a single space. To include multiple spaces, quote them.\n", stderr);
- return 1;
- }
-
- buf = copy(argc, argv, &len);
- if (!buf) {
- fprintf(stderr, "Out of memory!\n");
- return 1;
- }
-
- bnBegin(&bn);
-
- genSophieGermain(&bn, 0x100, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x100, 1, buf, len, stdout);
- genSophieGermain(&bn, 0x100, 2, buf, len, stdout);
- genSophieGermain(&bn, 0x100, 3, buf, len, stdout);
- genSophieGermain(&bn, 0x200, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x200, 1, buf, len, stdout);
- genSophieGermain(&bn, 0x200, 2, buf, len, stdout);
- genSophieGermain(&bn, 0x300, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x300, 1, buf, len, stdout);
- genSophieGermain(&bn, 0x400, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x400, 1, buf, len, stdout);
- genSophieGermain(&bn, 0x500, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x500, 1, buf, len, stdout);
- genSophieGermain(&bn, 0x600, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x600, 1, buf, len, stdout);
-#if 0
- /* These get *really* slow */
- genSophieGermain(&bn, 0x800, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x800, 1, buf, len, stdout);
- genSophieGermain(&bn, 0xc00, 0, buf, len, stdout);
- genSophieGermain(&bn, 0xc00, 1, buf, len, stdout);
- /* Like, plan on a *week* or more for this one. */
- genSophieGermain(&bn, 0x1000, 0, buf, len, stdout);
- genSophieGermain(&bn, 0x1000, 1, buf, len, stdout);
-#endif
-
- bnEnd(&bn);
- free(buf);
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Compute the Jacobi symbol (small prime case only).
- */
-#include "bn.h"
-#include "jacobi.h"
-
-/*
- * For a small (usually prime, but not necessarily) prime p,
- * compute Jacobi(p,bn), which is -1, 0 or +1, using the following rules:
- * Jacobi(x, y) = Jacobi(x mod y, y)
- * Jacobi(0, y) = 0
- * Jacobi(1, y) = 1
- * Jacobi(2, y) = 0 if y is even, +1 if y is +/-1 mod 8, -1 if y = +/-3 mod 8
- * Jacobi(x1*x2, y) = Jacobi(x1, y) * Jacobi(x2, y) (used with x1 = 2 & x1 = 4)
- * If x and y are both odd, then
- * Jacobi(x, y) = Jacobi(y, x) * (-1 if x = y = 3 mod 4, +1 otherwise)
- */
-int
-bnJacobiQ(unsigned p, struct BigNum const *bn)
-{
- int j = 1;
- unsigned u = bnLSWord(bn);
-
- if (!(u & 1))
- return 0; /* Don't *do* that */
-
- /* First, get rid of factors of 2 in p */
- while ((p & 3) == 0)
- p >>= 2;
- if ((p & 1) == 0) {
- p >>= 1;
- if ((u ^ u>>1) & 2)
- j = -j; /* 3 (011) or 5 (101) mod 8 */
- }
- if (p == 1)
- return j;
- /* Then, apply quadratic reciprocity */
- if (p & u & 2) /* p = u = 3 (mod 4? */
- j = -j;
- /* And reduce u mod p */
- u = bnModQ(bn, p);
-
- /* Now compute Jacobi(u,p), u < p */
- while (u) {
- while ((u & 3) == 0)
- u >>= 2;
- if ((u & 1) == 0) {
- u >>= 1;
- if ((p ^ p>>1) & 2)
- j = -j; /* 3 (011) or 5 (101) mod 8 */
- }
- if (u == 1)
- return j;
- /* Now both u and p are odd, so use quadratic reciprocity */
- if (u < p) {
- unsigned t = u; u = p; p = t;
- if (u & p & 2) /* u = p = 3 (mod 4? */
- j = -j;
- }
- /* Now u >= p, so it can be reduced */
- u %= p;
- }
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * For a small (usually prime, but not necessarily) prime p,
- * Return Jacobi(p,bn), which is -1, 0 or +1.
- * bn must be odd.
- */
-struct BigNum;
-int bnJacobiQ(unsigned p, struct BigNum const *bn);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef KLUDGE_H
-#define KLUDGE_H
-
-/*
- * Kludges for not-quite-ANSI systems.
- * This should always be the last file included, because it may
- * mess up some system header files.
- */
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-
-#ifndef NO_MEMMOVE
-#define NO_MEMMOVE 0
-#endif
-#if NO_MEMMOVE /* memove() not in libraries */
-#define memmove(dest,src,len) bcopy(src,dest,len)
-#endif
-
-#ifndef NO_MEMCPY
-#define NO_MEMCPY 0
-#endif
-#if NO_MEMCPY /* memcpy() not in libraries */
-#define memcpy(dest,src,len) bcopy(src,dest,len)
-#endif
-
-/*
- * Borland C seems to think that it's a bad idea to decleare a
- * structure tag and not declare the contents. I happen to think
- * it's a *good* idea to use such "opaque" structures wherever
- * possible. So shut up.
- */
-#ifdef __BORLANDC__
-#pragma warn -stu
-#ifndef MSDOS
-#define MSDOS 1
-#endif
-#endif
-
-/* Turn off warning about negation of unsigned values */
-#ifdef _MSC_VER
-#pragma warning(disable:4146)
-#endif
-
-/* Cope with people forgetting to define the OS, if possible... */
-#ifndef MSDOS
-#ifdef __MSDOS
-#define MSDOS 1
-#endif
-#endif
-#ifndef MSDOS
-#ifdef __MSDOS__
-#define MSDOS 1
-#endif
-#endif
-
-/* By MS-DOS, we mean 16-bit brain-dead MS-DOS. Not GCC & GO32 */
-#ifdef __GO32
-#undef MSDOS
-#endif
-#ifdef __GO32__
-#undef MSDOS
-#endif
-
-#endif /* KLUDGE_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn.h - Low-level bignum header.
- * Defines various word sizes and useful macros.
- * TODO: Rewrite this to use <stdint.h> and/or <inttypes.h>
- */
-#ifndef LBN_H
-#define LBN_H
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_LIMITS_H
-#define NO_LIMITS_H 0
-#endif
-
-/* Make sure we have 8-bit bytes */
-#if !NO_LIMITS_H
-#include <limits.h>
-#if UCHAR_MAX != 0xff || CHAR_BIT != 8
-#error The bignum library requires 8-bit unsigned characters.
-#endif
-#endif /* !NO_LIMITS_H */
-
-#ifdef BNINCLUDE /* If this is defined as, say, foo.h */
-#define STR(x) #x /* STR(BNINCLUDE) -> "BNINCLUDE" */
-#define XSTR(x) STR(x) /* XSTR(BNINCLUDE) -> STR(foo.h) -> "foo.h" */
-#include XSTR(BNINCLUDE) /* #include "foo.h" */
-#undef XSTR
-#undef STR
-#endif
-
-/* Do we want bnYield()? */
-#ifndef BNYIELD
-#define BNYIELD 0
-#endif
-
-/* Figure out the endianness */
-/* Error if more than one is defined */
-#if defined(BN_BIG_ENDIAN) && defined(BN_LITTLE_ENDIAN)
-#error Only one of BN_BIG_ENDIAN or BN_LITTLE_ENDIAN may be defined
-#endif
-
-/*
- * If no preference is stated, little-endian C code is slightly more
- * efficient, so prefer that. (The endianness here does NOT have to
- * match the machine's native byte sex; the library's C code will work
- * either way. The flexibility is allowed for assembly routines
- * that do care.
- */
-#if !defined(BN_BIG_ENDIAN) && !defined(BN_LITTLE_ENDIAN)
-#define BN_LITTLE_ENDIAN 1
-#endif /* !BN_BIG_ENDIAN && !BN_LITTLE_ENDIAN */
-
-/* Macros to choose between big and little endian */
-#if defined(BN_BIG_ENDIAN)
-#define BIG(b) b
-#define LITTLE(l) /*nothing*/
-#define BIGLITTLE(b,l) b
-#elif BN_LITTLE_ENDIAN
-#define BIG(b) /*nothing*/
-#define LITTLE(l) l
-#define BIGLITTLE(b,l) l
-#else
-#error One of BN_BIG_ENDIAN or BN_LITTLE_ENDIAN must be defined as 1
-#endif
-
-
-/*
- * Find a 16-bit unsigned type.
- * Unsigned short is preferred over unsigned int to make the type chosen
- * by this file more stable on platforms (such as many 68000 compilers)
- * which support both 16- and 32-bit ints.
- */
-#ifndef BNWORD16
-#ifndef USHRT_MAX /* No <limits.h> available - guess */
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-#elif USHRT_MAX == 0xffff
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-#elif UINT_MAX == 0xffff
-typedef unsigned bnword16;
-#define BNWORD16 bnword16
-#endif
-#endif /* BNWORD16 */
-
-/*
- * Find a 32-bit unsigned type.
- * Unsigned long is preferred over unsigned int to make the type chosen
- * by this file more stable on platforms (such as many 68000 compilers)
- * which support both 16- and 32-bit ints.
- */
-#ifndef BNWORD32
-#ifndef ULONG_MAX /* No <limits.h> available - guess */
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-#elif ULONG_MAX == 0xfffffffful
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-#elif UINT_MAX == 0xffffffff
-typedef unsigned bnword32;
-#define BNWORD32 bnword32
-#elif USHRT_MAX == 0xffffffff
-typedef unsigned short bnword32;
-#define BNWORD32 bnword32
-#endif
-#endif /* BNWORD16 */
-
-/*
- * Find a 64-bit unsigned type.
- * The conditions here are more complicated to avoid using numbers that
- * will choke lesser preprocessors (like 0xffffffffffffffff) unless
- * we're reasonably certain that they'll be acceptable.
- */
-#if !defined(BNWORD64) && ULONG_MAX > 0xfffffffful
-#if ULONG_MAX == 0xffffffffffffffff
-typedef unsigned long bnword64;
-#define BNWORD64 bnword64
-#endif
-#endif
-
-/*
- * I would test the value of unsigned long long, but some *preprocessors*
- * don't constants that long even if the compiler can accept them, so it
- * doesn't work reliably. So cross our fingers and hope that it's a 64-bit
- * type.
- *
- * GCC uses ULONG_LONG_MAX. Solaris uses ULLONG_MAX. IRIX uses ULONGLONG_MAX.
- * Are there any other names for this?
- */
-#if !defined(BNWORD64) && \
- (defined(ULONG_LONG_MAX) || defined (ULLONG_MAX) || defined(ULONGLONG_MAX) || defined(ULONG_MAX))
-typedef unsigned long long bnword64;
-#define BNWORD64 bnword64
-#endif
-
-/*Workaround for windows for now. */
-#ifdef WIN32
-typedef unsigned long long bnword64;
-#define BNWORD64 bnword64
-#endif
-
-/* We don't even try to find a 128-bit type at the moment */
-
-#endif /* !LBN_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn00.c - auto-size-detecting lbn??.c file.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bnsize00.h"
-
-#if BNSIZE64
-
-/* Include all of the C source file by reference */
-#include "lbn64.c"
-
-#elif BNSIZE32
-
-/* Include all of the C source file by reference */
-#include "lbn32.c"
-
-#else /* BNSIZE16 */
-
-/* Include all of the C source file by reference */
-#include "lbn16.c"
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn16.c - Low-level bignum routines, 16-bit version.
- *
- * NOTE: the magic constants "16" and "32" appear in many places in this
- * file, including inside identifiers. Because it is not possible to
- * ask "#ifdef" of a macro expansion, it is not possible to use the
- * preprocessor to conditionalize these properly. Thus, this file is
- * intended to be edited with textual search and replace to produce
- * alternate word size versions. Any reference to the number of bits
- * in a word must be the string "16", and that string must not appear
- * otherwise. Any reference to twice this number must appear as "32",
- * which likewise must not appear otherwise. Is that clear?
- *
- * Remember, when doubling the bit size replace the larger number (32)
- * first, then the smaller (16). When halving the bit size, do the
- * opposite. Otherwise, things will get wierd. Also, be sure to replace
- * every instance that appears. (:%s/foo/bar/g in vi)
- *
- * These routines work with a pointer to the least-significant end of
- * an array of WORD16s. The BIG(x), LITTLE(y) and BIGLTTLE(x,y) macros
- * defined in lbn.h (which expand to x on a big-edian machine and y on a
- * little-endian machine) are used to conditionalize the code to work
- * either way. If you have no assembly primitives, it doesn't matter.
- * Note that on a big-endian machine, the least-significant-end pointer
- * is ONE PAST THE END. The bytes are ptr[-1] through ptr[-len].
- * On little-endian, they are ptr[0] through ptr[len-1]. This makes
- * perfect sense if you consider pointers to point *between* bytes rather
- * than at them.
- *
- * Because the array index values are unsigned integers, ptr[-i]
- * may not work properly, since the index -i is evaluated as an unsigned,
- * and if pointers are wider, zero-extension will produce a positive
- * number rahter than the needed negative. The expression used in this
- * code, *(ptr-i) will, however, work. (The array syntax is equivalent
- * to *(ptr+-i), which is a pretty subtle difference.)
- *
- * Many of these routines will get very unhappy if fed zero-length inputs.
- * They use assert() to enforce this. An higher layer of code must make
- * sure that these aren't called with zero-length inputs.
- *
- * Any of these routines can be replaced with more efficient versions
- * elsewhere, by just #defining their names. If one of the names
- * is #defined, the C code is not compiled in and no declaration is
- * made. Use the BNINCLUDE file to do that. Typically, you compile
- * asm subroutines with the same name and just, e.g.
- * #define lbnMulAdd1_16 lbnMulAdd1_16
- *
- * If you want to write asm routines, start with lbnMulAdd1_16().
- * This is the workhorse of modular exponentiation. lbnMulN1_16() is
- * also used a fair bit, although not as much and it's defined in terms
- * of lbnMulAdd1_16 if that has a custom version. lbnMulSub1_16 and
- * lbnDiv21_16 are used in the usual division and remainder finding.
- * (Not the Montgomery reduction used in modular exponentiation, though.)
- * Once you have lbnMulAdd1_16 defined, writing the other two should
- * be pretty easy. (Just make sure you get the sign of the subtraction
- * in lbnMulSub1_16 right - it's dest = dest - source * k.)
- *
- * The only definitions that absolutely need a double-word (BNWORD32)
- * type are lbnMulAdd1_16 and lbnMulSub1_16; if those are provided,
- * the rest follows. lbnDiv21_16, however, is a lot slower unless you
- * have them, and lbnModQ_16 takes after it. That one is used quite a
- * bit for prime sieving.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "lbn.h"
-#include "lbn16.h"
-#include "lbnmem.h"
-
-#include "kludge.h"
-
-#ifndef BNWORD16
-#error 16-bit bignum library requires a 16-bit data type
-#endif
-
-/* If this is defined, include bnYield() calls */
-#if BNYIELD
-extern int (*bnYield)(void); /* From bn.c */
-#endif
-
-/*
- * Most of the multiply (and Montgomery reduce) routines use an outer
- * loop that iterates over one of the operands - a so-called operand
- * scanning approach. One big advantage of this is that the assembly
- * support routines are simpler. The loops can be rearranged to have
- * an outer loop that iterates over the product, a so-called product
- * scanning approach. This has the advantage of writing less data
- * and doing fewer adds to memory, so is supposedly faster. Some
- * code has been written using a product-scanning approach, but
- * it appears to be slower, so it is turned off by default. Some
- * experimentation would be appreciated.
- *
- * (The code is also annoying to get right and not very well commented,
- * one of my pet peeves about math libraries. I'm sorry.)
- */
-#ifndef PRODUCT_SCAN
-#define PRODUCT_SCAN 0
-#endif
-
-/*
- * Copy an array of words. <Marvin mode on> Thrilling, isn't it? </Marvin>
- * This is a good example of how the byte offsets and BIGLITTLE() macros work.
- * Another alternative would have been
- * memcpy(dest BIG(-len), src BIG(-len), len*sizeof(BNWORD16)), but I find that
- * putting operators into conditional macros is confusing.
- */
-#ifndef lbnCopy_16
-void
-lbnCopy_16(BNWORD16 *dest, BNWORD16 const *src, unsigned len)
-{
- memcpy(BIGLITTLE(dest-len,dest), BIGLITTLE(src-len,src),
- len * sizeof(*src));
-}
-#endif /* !lbnCopy_16 */
-
-/*
- * Fill n words with zero. This does it manually rather than calling
- * memset because it can assume alignment to make things faster while
- * memset can't. Note how big-endian numbers are naturally addressed
- * using predecrement, while little-endian is postincrement.
- */
-#ifndef lbnZero_16
-void
-lbnZero_16(BNWORD16 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = 0;
-}
-#endif /* !lbnZero_16 */
-
-/*
- * Negate an array of words.
- * Negation is subtraction from zero. Negating low-order words
- * entails doing nothing until a non-zero word is hit. Once that
- * is negated, a borrow is generated and never dies until the end
- * of the number is hit. Negation with borrow, -x-1, is the same as ~x.
- * Repeat that until the end of the number.
- *
- * Doesn't return borrow out because that's pretty useless - it's
- * always set unless the input is 0, which is easy to notice in
- * normalized form.
- */
-#ifndef lbnNeg_16
-void
-lbnNeg_16(BNWORD16 *num, unsigned len)
-{
- assert(len);
-
- /* Skip low-order zero words */
- while (BIGLITTLE(*--num,*num) == 0) {
- if (!--len)
- return;
- LITTLE(num++;)
- }
- /* Negate the lowest-order non-zero word */
- *num = -*num;
- /* Complement all the higher-order words */
- while (--len) {
- BIGLITTLE(--num,++num);
- *num = ~*num;
- }
-}
-#endif /* !lbnNeg_16 */
-
-
-/*
- * lbnAdd1_16: add the single-word "carry" to the given number.
- * Used for minor increments and propagating the carry after
- * adding in a shorter bignum.
- *
- * Technique: If we have a double-width word, presumably the compiler
- * can add using its carry in inline code, so we just use a larger
- * accumulator to compute the carry from the first addition.
- * If not, it's more complex. After adding the first carry, which may
- * be > 1, compare the sum and the carry. If the sum wraps (causing a
- * carry out from the addition), the result will be less than each of the
- * inputs, since the wrap subtracts a number (2^16) which is larger than
- * the other input can possibly be. If the sum is >= the carry input,
- * return success immediately.
- * In either case, if there is a carry, enter a loop incrementing words
- * until one does not wrap. Since we are adding 1 each time, the wrap
- * will be to 0 and we can test for equality.
- */
-#ifndef lbnAdd1_16 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD32
-BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- BNWORD32 t;
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- t = (BNWORD32)BIGLITTLE(*--num,*num) + carry;
- BIGLITTLE(*num,*num++) = (BNWORD16)t;
- if ((t >> 16) == 0)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- if ((BIGLITTLE(*--num,*num++) += carry) >= carry)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif/* !lbnAdd1_16 */
-
-/*
- * lbnSub1_16: subtract the single-word "borrow" from the given number.
- * Used for minor decrements and propagating the borrow after
- * subtracting a shorter bignum.
- *
- * Technique: Similar to the add, above. If there is a double-length type,
- * use that to generate the first borrow.
- * If not, after subtracting the first borrow, which may be > 1, compare
- * the difference and the *negative* of the carry. If the subtract wraps
- * (causing a borrow out from the subtraction), the result will be at least
- * as large as -borrow. If the result < -borrow, then no borrow out has
- * appeared and we may return immediately, except when borrow == 0. To
- * deal with that case, use the identity that -x = ~x+1, and instead of
- * comparing < -borrow, compare for <= ~borrow.
- * Either way, if there is a borrow out, enter a loop decrementing words
- * until a non-zero word is reached.
- *
- * Note the cast of ~borrow to (BNWORD16). If the size of an int is larger
- * than BNWORD16, C rules say the number is expanded for the arithmetic, so
- * the inversion will be done on an int and the value won't be quite what
- * is expected.
- */
-#ifndef lbnSub1_16 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD32
-BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- BNWORD32 t;
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- t = (BNWORD32)BIGLITTLE(*--num,*num) - borrow;
- BIGLITTLE(*num,*num++) = (BNWORD16)t;
- if ((t >> 16) == 0)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- if ((BIGLITTLE(*--num,*num++) -= borrow) <= (BNWORD16)~borrow)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif /* !lbnSub1_16 */
-
-/*
- * lbnAddN_16: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with lbnAdd1, of adding two bignums of
- * differing lengths.
- *
- * Technique: Maintain a word of carry. If there is no double-width type,
- * use the same technique as in lbnAdd1, above, to maintain the carry by
- * comparing the inputs. Adding the carry sources is used as an OR operator;
- * at most one of the two comparisons can possibly be true. The first can
- * only be true if carry == 1 and x, the result, is 0. In that case the
- * second can't possibly be true.
- */
-#ifndef lbnAddN_16
-#ifdef BNWORD32
-BNWORD16
-lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD32 t;
-
- assert(len > 0);
-
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) + BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- while (--len) {
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) +
- (BNWORD32)BIGLITTLE(*--num2,*num2++) + (t >> 16);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- }
-
- return (BNWORD16)(t>>16);
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD16 x, carry = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- carry = (x += carry) < carry;
- carry += (BIGLITTLE(*--num1,*num1++) += x) < x;
- } while (--len);
-
- return carry;
-}
-#endif
-#endif /* !lbnAddN_16 */
-
-/*
- * lbnSubN_16: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with subn1, of subtracting two bignums of
- * differing lengths.
- *
- * Technique: If no double-width type is availble, maintain a word of borrow.
- * First, add the borrow to the subtrahend (did you have to learn all those
- * awful words in elementary school, too?), and if it overflows, set the
- * borrow again. Then subtract the modified subtrahend from the next word
- * of input, using the same technique as in subn1, above.
- * Adding the borrows is used as an OR operator; at most one of the two
- * comparisons can possibly be true. The first can only be true if
- * borrow == 1 and x, the result, is 0. In that case the second can't
- * possibly be true.
- *
- * In the double-word case, (BNWORD16)-(t>>16) is subtracted, rather than
- * adding t>>16, because the shift would need to sign-extend and that's
- * not guaranteed to happen in ANSI C, even with signed types.
- */
-#ifndef lbnSubN_16
-#ifdef BNWORD32
-BNWORD16
-lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD32 t;
-
- assert(len > 0);
-
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) - BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
-
- while (--len) {
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) -
- (BNWORD32)BIGLITTLE(*--num2,*num2++) - (BNWORD16)-(t >> 16);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- }
-
- return -(BNWORD16)(t>>16);
-}
-#else
-BNWORD16
-lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD16 x, borrow = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- borrow = (x += borrow) < borrow;
- borrow += (BIGLITTLE(*--num1,*num1++) -= x) > (BNWORD16)~x;
- } while (--len);
-
- return borrow;
-}
-#endif
-#endif /* !lbnSubN_16 */
-
-#ifndef lbnCmp_16
-/*
- * lbnCmp_16: compare two bignums of equal length, returning the sign of
- * num1 - num2. (-1, 0 or +1).
- *
- * Technique: Change the little-endian pointers to big-endian pointers
- * and compare from the most-significant end until a difference if found.
- * When it is, figure out the sign of the difference and return it.
- */
-int
-lbnCmp_16(BNWORD16 const *num1, BNWORD16 const *num2, unsigned len)
-{
- BIGLITTLE(num1 -= len, num1 += len);
- BIGLITTLE(num2 -= len, num2 += len);
-
- while (len--) {
- if (BIGLITTLE(*num1++ != *num2++, *--num1 != *--num2)) {
- if (BIGLITTLE(num1[-1] < num2[-1], *num1 < *num2))
- return -1;
- else
- return 1;
- }
- }
- return 0;
-}
-#endif /* !lbnCmp_16 */
-
-/*
- * mul16_ppmmaa(ph,pl,x,y,a,b) is an optional routine that
- * computes (ph,pl) = x * y + a + b. mul16_ppmma and mul16_ppmm
- * are simpler versions. If you want to be lazy, all of these
- * can be defined in terms of the others, so here we create any
- * that have not been defined in terms of the ones that have been.
- */
-
-/* Define ones with fewer a's in terms of ones with more a's */
-#if !defined(mul16_ppmma) && defined(mul16_ppmmaa)
-#define mul16_ppmma(ph,pl,x,y,a) mul16_ppmmaa(ph,pl,x,y,a,0)
-#endif
-
-#if !defined(mul16_ppmm) && defined(mul16_ppmma)
-#define mul16_ppmm(ph,pl,x,y) mul16_ppmma(ph,pl,x,y,0)
-#endif
-
-/*
- * Use this definition to test the mul16_ppmm-based operations on machines
- * that do not provide mul16_ppmm. Change the final "0" to a "1" to
- * enable it.
- */
-#if !defined(mul16_ppmm) && defined(BNWORD32) && 0 /* Debugging */
-#define mul16_ppmm(ph,pl,x,y) \
- ({BNWORD32 _ = (BNWORD32)(x)*(y); (pl) = _; (ph) = _>>16;})
-#endif
-
-#if defined(mul16_ppmm) && !defined(mul16_ppmma)
-#define mul16_ppmma(ph,pl,x,y,a) \
- (mul16_ppmm(ph,pl,x,y), (ph) += ((pl) += (a)) < (a))
-#endif
-
-#if defined(mul16_ppmma) && !defined(mul16_ppmmaa)
-#define mul16_ppmmaa(ph,pl,x,y,a,b) \
- (mul16_ppmma(ph,pl,x,y,a), (ph) += ((pl) += (b)) < (b))
-#endif
-
-/*
- * lbnMulN1_16: Multiply an n-word input by a 1-word input and store the
- * n+1-word product. This uses either the mul16_ppmm and mul16_ppmma
- * macros, or C multiplication with the BNWORD32 type. This uses mul16_ppmma
- * if available, assuming you won't bother defining it unless you can do
- * better than the normal multiplication.
- */
-#ifndef lbnMulN1_16
-#ifdef lbnMulAdd1_16 /* If we have this asm primitive, use it. */
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- lbnZero_16(out, len);
- BIGLITTLE(*(out-len-1),*(out+len)) = lbnMulAdd1_16(out, in, len, k);
-}
-#elif defined(mul16_ppmm)
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- mul16_ppmm(carry, *out, *in, k);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;)
- carryin = carry;
- mul16_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
- }
- BIGLITTLE(*--out,*out) = carry;
-}
-#elif defined(BNWORD32)
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k;
- BIGLITTLE(*--out,*out++) = (BNWORD16)p;
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + (BNWORD16)(p >> 16);
- BIGLITTLE(*--out,*out++) = (BNWORD16)p;
- }
- BIGLITTLE(*--out,*out) = (BNWORD16)(p >> 16);
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* lbnMulN1_16 */
-
-/*
- * lbnMulAdd1_16: Multiply an n-word input by a 1-word input and add the
- * low n words of the product to the destination. *Returns the n+1st word
- * of the product.* (That turns out to be more convenient than adding
- * it into the destination and dealing with a possible unit carry out
- * of *that*.) This uses either the mul16_ppmma and mul16_ppmmaa macros,
- * or C multiplication with the BNWORD32 type.
- *
- * If you're going to write assembly primitives, this is the one to
- * start with. It is by far the most commonly called function.
- */
-#ifndef lbnMulAdd1_16
-#if defined(mul16_ppmm)
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- carryin = *out;
- mul16_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;);
- carryin = carry;
- mul16_ppmmaa(carry, prod, *in, k, carryin, *out);
- *out = prod;
- LITTLE(out++;in++;)
- }
-
- return carry;
-}
-#elif defined(BNWORD32)
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD16)p;
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k +
- (BNWORD16)(p >> 16) + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD16)p;
- }
-
- return (BNWORD16)(p >> 16);
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* lbnMulAdd1_16 */
-
-/*
- * lbnMulSub1_16: Multiply an n-word input by a 1-word input and subtract the
- * n-word product from the destination. Returns the n+1st word of the product.
- * This uses either the mul16_ppmm and mul16_ppmma macros, or
- * C multiplication with the BNWORD32 type.
- *
- * This is rather uglier than adding, but fortunately it's only used in
- * division which is not used too heavily.
- */
-#ifndef lbnMulSub1_16
-#if defined(mul16_ppmm)
-BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--in;)
- mul16_ppmm(carry, prod, *in, k);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD16)~prod;
-
- while (--len) {
- BIG(--in;);
- carryin = carry;
- mul16_ppmma(carry, prod, *in, k, carryin);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD16)~prod;
- }
-
- return carry;
-}
-#elif defined(BNWORD32)
-BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
- BNWORD16 carry, t;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD16)(p>>16) + ((BIGLITTLE(*out,*out++)=t-(BNWORD16)p) > t);
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + carry;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD16)(p>>16) +
- ( (BIGLITTLE(*out,*out++)=t-(BNWORD16)p) > t );
- }
-
- return carry;
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* !lbnMulSub1_16 */
-
-/*
- * Shift n words left "shift" bits. 0 < shift < 16. Returns the
- * carry, any bits shifted off the left-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnLshift_16
-BNWORD16
-lbnLshift_16(BNWORD16 *num, unsigned len, unsigned shift)
-{
- BNWORD16 x, carry;
-
- assert(shift > 0);
- assert(shift < 16);
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<shift) | carry;
- LITTLE(num++;)
- carry = x >> (16-shift);
- }
- return carry;
-}
-#endif /* !lbnLshift_16 */
-
-/*
- * An optimized version of the above, for shifts of 1.
- * Some machines can use add-with-carry tricks for this.
- */
-#ifndef lbnDouble_16
-BNWORD16
-lbnDouble_16(BNWORD16 *num, unsigned len)
-{
- BNWORD16 x, carry;
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<1) | carry;
- LITTLE(num++;)
- carry = x >> (16-1);
- }
- return carry;
-}
-#endif /* !lbnDouble_16 */
-
-/*
- * Shift n words right "shift" bits. 0 < shift < 16. Returns the
- * carry, any bits shifted off the right-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnRshift_16
-BNWORD16
-lbnRshift_16(BNWORD16 *num, unsigned len, unsigned shift)
-{
- BNWORD16 x, carry = 0;
-
- assert(shift > 0);
- assert(shift < 16);
-
- BIGLITTLE(num -= len, num += len);
-
- while (len--) {
- LITTLE(--num;)
- x = *num;
- *num = (x>>shift) | carry;
- BIG(num++;)
- carry = x << (16-shift);
- }
- return carry >> (16-shift);
-}
-#endif /* !lbnRshift_16 */
-
-/*
- * Multiply two numbers of the given lengths. prod and num2 may overlap,
- * provided that the low len1 bits of prod are free. (This corresponds
- * nicely to the place the result is returned from lbnMontReduce_16.)
- *
- * TODO: Use Karatsuba multiply. The overlap constraints may have
- * to get rewhacked.
- */
-#ifndef lbnMul_16
-void
-lbnMul_16(BNWORD16 *prod, BNWORD16 const *num1, unsigned len1,
- BNWORD16 const *num2, unsigned len2)
-{
- /* Special case of zero */
- if (!len1 || !len2) {
- lbnZero_16(prod, len1+len2);
- return;
- }
-
- /* Multiply first word */
- lbnMulN1_16(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
-
- /*
- * Add in subsequent words, storing the most significant word,
- * which is new each time.
- */
- while (--len2) {
- BIGLITTLE(--prod,prod++);
- BIGLITTLE(*(prod-len1-1),*(prod+len1)) =
- lbnMulAdd1_16(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
- }
-}
-#endif /* !lbnMul_16 */
-
-/*
- * lbnMulX_16 is a square multiply - both inputs are the same length.
- * It's normally just a macro wrapper around the general multiply,
- * but might be implementable in assembly more efficiently (such as
- * when product scanning).
- */
-#ifndef lbnMulX_16
-#if defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code to see whether product scanning is any faster. It seems
- * to make the C code slower, so PRODUCT_SCAN is not defined.
- */
-static void
-lbnMulX_16(BNWORD16 *prod, BNWORD16 const *num1, BNWORD16 const *num2,
- unsigned len)
-{
- BNWORD32 x, y;
- BNWORD16 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- x = (BNWORD32)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD16)x;
- x >>= 16;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- for (j = 0; j <= i; j++) {
- BIG(y = (BNWORD32)*--p1 * *p2++;)
- LITTLE(y = (BNWORD32)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- for (j = i; j < len; j++) {
- BIG(y = (BNWORD32)*--p1 * *p2++;)
- LITTLE(y = (BNWORD32)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- BIGLITTLE(*--prod,*prod) = (BNWORD16)x;
-}
-#else /* !defined(BNWORD32) || !PRODUCT_SCAN */
-/* Default trivial macro definition */
-#define lbnMulX_16(prod, num1, num2, len) lbnMul_16(prod, num1, len, num2, len)
-#endif /* !defined(BNWORD32) || !PRODUCT_SCAN */
-#endif /* !lbmMulX_16 */
-
-#if !defined(lbnMontMul_16) && defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code for product-scanning multiply. This seems to slow the C
- * code down rather than speed it up.
- * This does a multiply and Montgomery reduction together, using the
- * same loops. The outer loop scans across the product, twice.
- * The first pass computes the low half of the product and the
- * Montgomery multipliers. These are stored in the product array,
- * which contains no data as of yet. x and carry add up the columns
- * and propagate carries forward.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-static void
-lbnMontMul_16(BNWORD16 *prod, BNWORD16 const *num1, BNWORD16 const *num2,
- BNWORD16 const *mod, unsigned len, BNWORD16 inv)
-{
- BNWORD32 x, y;
- BNWORD16 const *p1, *p2, *pm;
- BNWORD16 *pp;
- BNWORD16 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /*
- * This computes directly into the high half of prod, so just
- * shift the pointer and consider prod only "len" elements long
- * for the rest of the code.
- */
- BIGLITTLE(prod -= len, prod += len);
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- x = (BNWORD32)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(prod[-1], prod[0]) = t = inv * (BNWORD16)x;
- y = (BNWORD32)t * BIGLITTLE(mod[-1],mod[0]);
- x += y;
- /* Note: GCC 2.6.3 has a bug if you try to eliminate "carry" */
- carry = (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- pp = prod;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD32)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD32)BIGLITTLE(*--pp * *pm++, *pp++ * *--pm);
- x += y;
- carry += (x < y);
- }
- y = (BNWORD32)BIGLITTLE(p1[-1] * p2[0], p1[0] * p2[-1]);
- x += y;
- carry += (x < y);
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[-1], pp[0]) = t = inv * (BNWORD16)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD32)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
- }
-
- /* Pass 2 - compute reduced product and store */
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- pm = BIGLITTLE(mod-i,mod+i);
- pp = BIGLITTLE(prod-len,prod+len);
- for (j = i; j < len; j++) {
- y = (BNWORD32)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD32)BIGLITTLE(*--pm * *pp++, *pm++ * *--pp);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-len, pm == mod+len));
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[0],pp[-1]) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Last round of second half, simplified. */
- BIGLITTLE(*(prod-len),*(prod+len-1)) = (BNWORD16)x;
- carry = (x >> 16);
-
- while (carry)
- carry -= lbnSubN_16(prod, mod, len);
- while (lbnCmp_16(prod, mod, len) >= 0)
- (void)lbnSubN_16(prod, mod, len);
-}
-/* Suppress later definition */
-#define lbnMontMul_16 lbnMontMul_16
-#endif
-
-#if !defined(lbnSquare_16) && defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Trial code for product-scanning squaring. This seems to slow the C
- * code down rather than speed it up.
- */
-void
-lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len)
-{
- BNWORD32 x, y, z;
- BNWORD16 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /* Word 0 of product */
- x = (BNWORD32)BIGLITTLE(num[-1] * num[-1], num[0] * num[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD16)x;
- x >>= 16;
-
- /* Words 1 through len-1 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = num;
- p2 = BIGLITTLE(num-i-1,num+i+1);
- for (j = 0; j < (i+1)/2; j++) {
- BIG(z = (BNWORD32)*--p1 * *p2++;)
- LITTLE(z = (BNWORD32)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((i & 1) == 0) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD32)*p2 * *p2;)
- LITTLE(z = (BNWORD32)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
- /* Words len through 2*len-2 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = BIGLITTLE(num-i,num+i);
- p2 = BIGLITTLE(num-len,num+len);
- for (j = 0; j < (len-i)/2; j++) {
- BIG(z = (BNWORD32)*--p1 * *p2++;)
- LITTLE(z = (BNWORD32)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((len-i) & 1) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD32)*p2 * *p2;)
- LITTLE(z = (BNWORD32)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Word 2*len-1 */
- BIGLITTLE(*--prod,*prod) = (BNWORD16)x;
-}
-/* Suppress later definition */
-#define lbnSquare_16 lbnSquare_16
-#endif
-
-/*
- * Square a number, using optimized squaring to reduce the number of
- * primitive multiples that are executed. There may not be any
- * overlap of the input and output.
- *
- * Technique: Consider the partial products in the multiplication
- * of "abcde" by itself:
- *
- * a b c d e
- * * a b c d e
- * ==================
- * ae be ce de ee
- * ad bd cd dd de
- * ac bc cc cd ce
- * ab bb bc bd be
- * aa ab ac ad ae
- *
- * Note that everything above the main diagonal:
- * ae be ce de = (abcd) * e
- * ad bd cd = (abc) * d
- * ac bc = (ab) * c
- * ab = (a) * b
- *
- * is a copy of everything below the main diagonal:
- * de
- * cd ce
- * bc bd be
- * ab ac ad ae
- *
- * Thus, the sum is 2 * (off the diagonal) + diagonal.
- *
- * This is accumulated beginning with the diagonal (which
- * consist of the squares of the digits of the input), which is then
- * divided by two, the off-diagonal added, and multiplied by two
- * again. The low bit is simply a copy of the low bit of the
- * input, so it doesn't need special care.
- *
- * TODO: Merge the shift by 1 with the squaring loop.
- * TODO: Use Karatsuba. (a*W+b)^2 = a^2 * (W^2+W) + b^2 * (W+1) - (a-b)^2 * W.
- */
-#ifndef lbnSquare_16
-void
-lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len)
-{
- BNWORD16 t;
- BNWORD16 *prodx = prod; /* Working copy of the argument */
- BNWORD16 const *numx = num; /* Working copy of the argument */
- unsigned lenx = len; /* Working copy of the argument */
-
- if (!len)
- return;
-
- /* First, store all the squares */
- while (lenx--) {
-#ifdef mul16_ppmm
- BNWORD16 ph, pl;
- t = BIGLITTLE(*--numx,*numx++);
- mul16_ppmm(ph,pl,t,t);
- BIGLITTLE(*--prodx,*prodx++) = pl;
- BIGLITTLE(*--prodx,*prodx++) = ph;
-#elif defined(BNWORD32) /* use BNWORD32 */
- BNWORD32 p;
- t = BIGLITTLE(*--numx,*numx++);
- p = (BNWORD32)t * t;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD16)p;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD16)(p>>16);
-#else /* Use lbnMulN1_16 */
- t = BIGLITTLE(numx[-1],*numx);
- lbnMulN1_16(prodx, numx, 1, t);
- BIGLITTLE(--numx,numx++);
- BIGLITTLE(prodx -= 2, prodx += 2);
-#endif
- }
- /* Then, shift right 1 bit */
- (void)lbnRshift_16(prod, 2*len, 1);
-
- /* Then, add in the off-diagonal sums */
- lenx = len;
- numx = num;
- prodx = prod;
- while (--lenx) {
- t = BIGLITTLE(*--numx,*numx++);
- BIGLITTLE(--prodx,prodx++);
- t = lbnMulAdd1_16(prodx, numx, lenx, t);
- lbnAdd1_16(BIGLITTLE(prodx-lenx,prodx+lenx), lenx+1, t);
- BIGLITTLE(--prodx,prodx++);
- }
-
- /* Shift it back up */
- lbnDouble_16(prod, 2*len);
-
- /* And set the low bit appropriately */
- BIGLITTLE(prod[-1],prod[0]) |= BIGLITTLE(num[-1],num[0]) & 1;
-}
-#endif /* !lbnSquare_16 */
-
-/*
- * lbnNorm_16 - given a number, return a modified length such that the
- * most significant digit is non-zero. Zero-length input is okay.
- */
-#ifndef lbnNorm_16
-unsigned
-lbnNorm_16(BNWORD16 const *num, unsigned len)
-{
- BIGLITTLE(num -= len,num += len);
- while (len && BIGLITTLE(*num++,*--num) == 0)
- --len;
- return len;
-}
-#endif /* lbnNorm_16 */
-
-/*
- * lbnBits_16 - return the number of significant bits in the array.
- * It starts by normalizing the array. Zero-length input is okay.
- * Then assuming there's anything to it, it fetches the high word,
- * generates a bit length by multiplying the word length by 16, and
- * subtracts off 16/2, 16/4, 16/8, ... bits if the high bits are clear.
- */
-#ifndef lbnBits_16
-unsigned
-lbnBits_16(BNWORD16 const *num, unsigned len)
-{
- BNWORD16 t;
- unsigned i;
-
- len = lbnNorm_16(num, len);
- if (len) {
- t = BIGLITTLE(*(num-len),*(num+(len-1)));
- assert(t);
- len *= 16;
- i = 16/2;
- do {
- if (t >> i)
- t >>= i;
- else
- len -= i;
- } while ((i /= 2) != 0);
- }
- return len;
-}
-#endif /* lbnBits_16 */
-
-/*
- * If defined, use hand-rolled divide rather than compiler's native.
- * If the machine doesn't do it in line, the manual code is probably
- * faster, since it can assume normalization and the fact that the
- * quotient will fit into 16 bits, which a general 32-bit divide
- * in a compiler's run-time library can't do.
- */
-#ifndef BN_SLOW_DIVIDE_32
-/* Assume that divisors of more than thirty-two bits are slow */
-#define BN_SLOW_DIVIDE_32 (32 > 0x20)
-#endif
-
-/*
- * Return (nh<<16|nl) % d, and place the quotient digit into *q.
- * It is guaranteed that nh < d, and that d is normalized (with its high
- * bit set). If we have a double-width type, it's easy. If not, ooh,
- * yuk!
- */
-#ifndef lbnDiv21_16
-#if defined(BNWORD32) && !BN_SLOW_DIVIDE_32
-BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- BNWORD32 n = (BNWORD32)nh << 16 | nl;
-
- /* Divisor must be normalized */
- assert(d >> (16-1) == 1);
-
- *q = n / d;
- return n % d;
-}
-#else
-/*
- * This is where it gets ugly.
- *
- * Do the division in two halves, using Algorithm D from section 4.3.1
- * of Knuth. Note Theorem B from that section, that the quotient estimate
- * is never more than the true quotient, and is never more than two
- * too low.
- *
- * The mapping onto conventional long division is (everything a half word):
- * _____________qh___ql_
- * dh dl ) nh.h nh.l nl.h nl.l
- * - (qh * d)
- * -----------
- * rrrr rrrr nl.l
- * - (ql * d)
- * -----------
- * rrrr rrrr
- *
- * The implicit 3/2-digit d*qh and d*ql subtractors are computed this way:
- * First, estimate a q digit so that nh/dh works. Subtracting qh*dh from
- * the (nh.h nh.l) list leaves a 1/2-word remainder r. Then compute the
- * low part of the subtractor, qh * dl. This also needs to be subtracted
- * from (nh.h nh.l nl.h) to get the final remainder. So we take the
- * remainder, which is (nh.h nh.l) - qh*dl, shift it and add in nl.h, and
- * try to subtract qh * dl from that. Since the remainder is 1/2-word
- * long, shifting and adding nl.h results in a single word r.
- * It is possible that the remainder we're working with, r, is less than
- * the product qh * dl, if we estimated qh too high. The estimation
- * technique can produce a qh that is too large (never too small), leading
- * to r which is too small. In that case, decrement the digit qh, add
- * shifted dh to r (to correct for that error), and subtract dl from the
- * product we're comparing r with. That's the "correct" way to do it, but
- * just adding dl to r instead of subtracting it from the product is
- * equivalent and a lot simpler. You just have to watch out for overflow.
- *
- * The process is repeated with (rrrr rrrr nl.l) for the low digit of the
- * quotient ql.
- *
- * The various uses of 16/2 for shifts are because of the note about
- * automatic editing of this file at the very top of the file.
- */
-#define highhalf(x) ( (x) >> 16/2 )
-#define lowhalf(x) ( (x) & (((BNWORD16)1 << 16/2)-1) )
-BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- BNWORD16 dh = highhalf(d), dl = lowhalf(d);
- BNWORD16 qh, ql, prod, r;
-
- /* Divisor must be normalized */
- assert((d >> (16-1)) == 1);
-
- /* Do first half-word of division */
- qh = nh / dh;
- r = nh % dh;
- prod = qh * dl;
-
- /*
- * Add next half-word of numerator to remainder and correct.
- * qh may be up to two too large.
- */
- r = (r << (16/2)) | highhalf(nl);
- if (r < prod) {
- --qh; r += d;
- if (r >= d && r < prod) {
- --qh; r += d;
- }
- }
- r -= prod;
-
- /* Do second half-word of division */
- ql = r / dh;
- r = r % dh;
- prod = ql * dl;
-
- r = (r << (16/2)) | lowhalf(nl);
- if (r < prod) {
- --ql; r += d;
- if (r >= d && r < prod) {
- --ql; r += d;
- }
- }
- r -= prod;
-
- *q = (qh << (16/2)) | ql;
-
- return r;
-}
-#endif
-#endif /* lbnDiv21_16 */
-
-
-/*
- * In the division functions, the dividend and divisor are referred to
- * as "n" and "d", which stand for "numerator" and "denominator".
- *
- * The quotient is (nlen-dlen+1) digits long. It may be overlapped with
- * the high (nlen-dlen) words of the dividend, but one extra word is needed
- * on top to hold the top word.
- */
-
-/*
- * Divide an n-word number by a 1-word number, storing the remainder
- * and n-1 words of the n-word quotient. The high word is returned.
- * It IS legal for rem to point to the same address as n, and for
- * q to point one word higher.
- *
- * TODO: If BN_SLOW_DIVIDE_32, add a divnhalf_16 which uses 16-bit
- * dividends if the divisor is half that long.
- * TODO: Shift the dividend on the fly to avoid the last division and
- * instead have a remainder that needs shifting.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef lbnDiv1_16
-BNWORD16
-lbnDiv1_16(BNWORD16 *q, BNWORD16 *rem, BNWORD16 const *n, unsigned len,
- BNWORD16 d)
-{
- unsigned shift;
- unsigned xlen;
- BNWORD16 r;
- BNWORD16 qhigh;
-
- assert(len > 0);
- assert(d);
-
- if (len == 1) {
- r = *n;
- *rem = r%d;
- return r/d;
- }
-
- shift = 0;
- r = d;
- xlen = 16/2;
- do {
- if (r >> xlen)
- r >>= xlen;
- else
- shift += xlen;
- } while ((xlen /= 2) != 0);
- assert((d >> (16-1-shift)) == 1);
- d <<= shift;
-
- BIGLITTLE(q -= len-1,q += len-1);
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r < d) {
- qhigh = 0;
- } else {
- qhigh = r/d;
- r %= d;
- }
-
- xlen = len;
- while (--xlen)
- r = lbnDiv21_16(BIGLITTLE(q++,--q), r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift) {
- d >>= shift;
- qhigh = (qhigh << shift) | lbnLshift_16(q, len-1, shift);
- BIGLITTLE(q[-1],*q) |= r/d;
- r %= d;
- }
- *rem = r;
-
- return qhigh;
-}
-#endif
-
-/*
- * This function performs a "quick" modulus of a number with a divisor
- * d which is guaranteed to be at most sixteen bits, i.e. less than 65536.
- * This applies regardless of the word size the library is compiled with.
- *
- * This function is important to prime generation, for sieving.
- */
-#ifndef lbnModQ_16
-/* If there's a custom lbnMod21_16, no normalization needed */
-#ifdef lbnMod21_16
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD16 r;
-
- assert(len > 0);
-
- BIGLITTLE(n -= len,n += len);
-
- /* Try using a compare to avoid the first divide */
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
- while (--len)
- r = lbnMod21_16(r, BIGLITTLE(*n++,*--n), d);
-
- return r;
-}
-#elif defined(BNWORD32) && !BN_SLOW_DIVIDE_32
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- BNWORD16 r;
-
- if (!--len)
- return BIGLITTLE(n[-1],n[0]) % d;
-
- BIGLITTLE(n -= len,n += len);
- r = BIGLITTLE(n[-1],n[0]);
-
- do {
- r = (BNWORD16)((((BNWORD32)r<<16) | BIGLITTLE(*n++,*--n)) % d);
- } while (--len);
-
- return r;
-}
-#elif 16 >= 0x20
-/*
- * If the single word size can hold 65535*65536, then this function
- * is avilable.
- */
-#ifndef highhalf
-#define highhalf(x) ( (x) >> 16/2 )
-#define lowhalf(x) ( (x) & ((1 << 16/2)-1) )
-#endif
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- BNWORD16 r, x;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- while (--len) {
- x = BIGLITTLE(*n++,*--n);
- r = (r%d << 16/2) | highhalf(x);
- r = (r%d << 16/2) | lowhalf(x);
- }
-
- return r%d;
-}
-#else
-/* Default case - use lbnDiv21_16 */
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD16 r;
- BNWORD16 q;
-
- assert(len > 0);
-
- shift = 0;
- r = d;
- i = 16;
- while (i /= 2) {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- }
- assert(d >> (16-1-shift) == 1);
- d <<= shift;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
-
- while (--len)
- r = lbnDiv21_16(&q, r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift)
- r %= d >> shift;
-
- return r;
-}
-#endif
-#endif /* lbnModQ_16 */
-
-/*
- * Reduce n mod d and return the quotient. That is, find:
- * q = n / d;
- * n = n % d;
- * d is altered during the execution of this subroutine by normalizing it.
- * It must already have its most significant word non-zero; it is shifted
- * so its most significant bit is non-zero.
- *
- * The quotient q is nlen-dlen+1 words long. To make it possible to
- * overlap the quptient with the input (you can store it in the high dlen
- * words), the high word of the quotient is *not* stored, but is returned.
- * (If all you want is the remainder, you don't care about it, anyway.)
- *
- * This uses algorithm D from Knuth (4.3.1), except that we do binary
- * (shift) normalization of the divisor. WARNING: This is hairy!
- *
- * This function is used for some modular reduction, but it is not used in
- * the modular exponentiation loops; they use Montgomery form and the
- * corresponding, more efficient, Montgomery reduction. This code
- * is needed for the conversion to Montgomery form, however, so it
- * has to be here and it might as well be reasonably efficient.
- *
- * The overall operation is as follows ("top" and "up" refer to the
- * most significant end of the number; "bottom" and "down", the least):
- *
- * - Shift the divisor up until the most significant bit is set.
- * - Shift the dividend up the same amount. This will produce the
- * correct quotient, and the remainder can be recovered by shifting
- * it back down the same number of bits. This may produce an overflow
- * word, but the word is always strictly less than the most significant
- * divisor word.
- * - Estimate the first quotient digit qhat:
- * - First take the top two words (one of which is the overflow) of the
- * dividend and divide by the top word of the divisor:
- * qhat = (nh,nm)/dh. This qhat is >= the correct quotient digit
- * and, since dh is normalized, it is at most two over.
- * - Second, correct by comparing the top three words. If
- * (dh,dl) * qhat > (nh,nm,ml), decrease qhat and try again.
- * The second iteration can be simpler because there can't be a third.
- * The computation can be simplified by subtracting dh*qhat from
- * both sides, suitably shifted. This reduces the left side to
- * dl*qhat. On the right, (nh,nm)-dh*qhat is simply the
- * remainder r from (nh,nm)%dh, so the right is (r,nl).
- * This produces qhat that is almost always correct and at
- * most (prob ~ 2/2^16) one too high.
- * - Subtract qhat times the divisor (suitably shifted) from the dividend.
- * If there is a borrow, qhat was wrong, so decrement it
- * and add the divisor back in (once).
- * - Store the final quotient digit qhat in the quotient array q.
- *
- * Repeat the quotient digit computation for successive digits of the
- * quotient until the whole quotient has been computed. Then shift the
- * divisor and the remainder down to correct for the normalization.
- *
- * TODO: Special case 2-word divisors.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef divn_16
-BNWORD16
-lbnDiv_16(BNWORD16 *q, BNWORD16 *n, unsigned nlen, BNWORD16 *d, unsigned dlen)
-{
- BNWORD16 nh,nm,nl; /* Top three words of the dividend */
- BNWORD16 dh,dl; /* Top two words of the divisor */
- BNWORD16 qhat; /* Extimate of quotient word */
- BNWORD16 r; /* Remainder from quotient estimate division */
- BNWORD16 qhigh; /* High word of quotient */
- unsigned i; /* Temp */
- unsigned shift; /* Bits shifted by normalization */
- unsigned qlen = nlen-dlen; /* Size of quotient (less 1) */
-#ifdef mul16_ppmm
- BNWORD16 t16;
-#elif defined(BNWORD32)
- BNWORD32 t32;
-#else /* use lbnMulN1_16 */
- BNWORD16 t2[2];
-#define t2high BIGLITTLE(t2[0],t2[1])
-#define t2low BIGLITTLE(t2[1],t2[0])
-#endif
-
- assert(dlen);
- assert(nlen >= dlen);
-
- /*
- * Special cases for short divisors. The general case uses the
- * top top 2 digits of the divisor (d) to estimate a quotient digit,
- * so it breaks if there are fewer digits available. Thus, we need
- * special cases for a divisor of length 1. A divisor of length
- * 2 can have a *lot* of administrivia overhead removed removed,
- * so it's probably worth special-casing that case, too.
- */
- if (dlen == 1)
- return lbnDiv1_16(q, BIGLITTLE(n-1,n), n, nlen,
- BIGLITTLE(d[-1],d[0]));
-
-#if 0
- /*
- * @@@ This is not yet written... The general loop will do,
- * albeit less efficiently
- */
- if (dlen == 2) {
- /*
- * divisor two digits long:
- * use the 3/2 technique from Knuth, but we know
- * it's exact.
- */
- dh = BIGLITTLE(d[-1],d[0]);
- dl = BIGLITTLE(d[-2],d[1]);
- shift = 0;
- if ((sh & ((BNWORD16)1 << 16-1-shift)) == 0) {
- do {
- shift++;
- } while (dh & (BNWORD16)1<<16-1-shift) == 0);
- dh = dh << shift | dl >> (16-shift);
- dl <<= shift;
-
-
- }
-
-
- for (shift = 0; (dh & (BNWORD16)1 << 16-1-shift)) == 0; shift++)
- ;
- if (shift) {
- }
- dh = dh << shift | dl >> (16-shift);
- shift = 0;
- while (dh
- }
-#endif
-
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- assert(dh);
-
- /* Normalize the divisor */
- shift = 0;
- r = dh;
- i = 16/2;
- do {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- } while ((i /= 2) != 0);
-
- nh = 0;
- if (shift) {
- lbnLshift_16(d, dlen, shift);
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- nh = lbnLshift_16(n, nlen, shift);
- }
-
- /* Assert that dh is now normalized */
- assert(dh >> (16-1));
-
- /* Also get the second-most significant word of the divisor */
- dl = BIGLITTLE(*(d-(dlen-1)),*(d+(dlen-2)));
-
- /*
- * Adjust pointers: n to point to least significant end of first
- * first subtract, and q to one the most-significant end of the
- * quotient array.
- */
- BIGLITTLE(n -= qlen,n += qlen);
- BIGLITTLE(q -= qlen,q += qlen);
-
- /* Fetch the most significant stored word of the dividend */
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- /*
- * Compute the first digit of the quotient, based on the
- * first two words of the dividend (the most significant of which
- * is the overflow word h).
- */
- if (nh) {
- assert(nh < dh);
- r = lbnDiv21_16(&qhat, nh, nm, dh);
- } else if (nm >= dh) {
- qhat = nm/dh;
- r = nm % dh;
- } else { /* Quotient is zero */
- qhigh = 0;
- goto divloop;
- }
-
- /* Now get the third most significant word of the dividend */
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-
- /*
- * Correct qhat, the estimate of quotient digit.
- * qhat can only be high, and at most two words high,
- * so the loop can be unrolled and abbreviated.
- */
-#ifdef mul16_ppmm
- mul16_ppmm(nm, t16, qhat, dl);
- if (nm > r || (nm == r && t16 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t16 < dl);
- t16 -= dl;
- if (nm > r || (nm == r && t16 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD32)
- t32 = (BNWORD32)qhat * dl;
- if (t32 > ((BNWORD32)r << 16) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) > dh) {
- t32 -= dl;
- if (t32 > ((BNWORD32)r << 16) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_16 */
- lbnMulN1_16(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /* Do the multiply and subtract */
- r = lbnMulSub1_16(n, d, dlen, qhat);
- /* If there was a borrow, add back once. */
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_16(n, d, dlen);
- qhat--;
- }
-
- /* Remember the first quotient digit. */
- qhigh = qhat;
-
- /* Now, the main division loop: */
-divloop:
- while (qlen--) {
-
- /* Advance n */
- nh = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
- BIGLITTLE(++n,--n);
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- if (nh == dh) {
- qhat = ~(BNWORD16)0;
- /* Optimized computation of r = (nh,nm) - qhat * dh */
- r = nh + nm;
- if (r < nh)
- goto subtract;
- } else {
- assert(nh < dh);
- r = lbnDiv21_16(&qhat, nh, nm, dh);
- }
-
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-#ifdef mul16_ppmm
- mul16_ppmm(nm, t16, qhat, dl);
- if (nm > r || (nm == r && t16 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t16 < dl);
- t16 -= dl;
- if (nm > r || (nm == r && t16 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD32)
- t32 = (BNWORD32)qhat * dl;
- if (t32 > ((BNWORD32)r<<16) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t32 -= dl;
- if (t32 > ((BNWORD32)r << 16) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_16 */
- lbnMulN1_16(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /*
- * As a point of interest, note that it is not worth checking
- * for qhat of 0 or 1 and installing special-case code. These
- * occur with probability 2^-16, so spending 1 cycle to check
- * for them is only worth it if we save more than 2^15 cycles,
- * and a multiply-and-subtract for numbers in the 1024-bit
- * range just doesn't take that long.
- */
-subtract:
- /*
- * n points to the least significant end of the substring
- * of n to be subtracted from. qhat is either exact or
- * one too large. If the subtract gets a borrow, it was
- * one too large and the divisor is added back in. It's
- * a dlen+1 word add which is guaranteed to produce a
- * carry out, so it can be done very simply.
- */
- r = lbnMulSub1_16(n, d, dlen, qhat);
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_16(n, d, dlen);
- qhat--;
- }
- /* Store the quotient digit */
- BIGLITTLE(*q++,*--q) = qhat;
- }
- /* Tah dah! */
-
- if (shift) {
- lbnRshift_16(d, dlen, shift);
- lbnRshift_16(n, dlen, shift);
- }
-
- return qhigh;
-}
-#endif
-
-/*
- * Find the negative multiplicative inverse of x (x must be odd!) modulo 2^16.
- *
- * This just performs Newton's iteration until it gets the
- * inverse. The initial estimate is always correct to 3 bits, and
- * sometimes 4. The number of valid bits doubles each iteration.
- * (To prove it, assume x * y == 1 (mod 2^n), and introduce a variable
- * for the error mod 2^2n. x * y == 1 + k*2^n (mod 2^2n) and follow
- * the iteration through.)
- */
-#ifndef lbnMontInv1_16
-BNWORD16
-lbnMontInv1_16(BNWORD16 const x)
-{
- BNWORD16 y = x, z;
-
- assert(x & 1);
-
- while ((z = x*y) != 1)
- y *= 2 - z;
- return -y;
-}
-#endif /* !lbnMontInv1_16 */
-
-#if defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code for product-scanning Montgomery reduction.
- * This seems to slow the C code down rather than speed it up.
- *
- * The first loop computes the Montgomery multipliers, storing them over
- * the low half of the number n.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-void
-lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned mlen, BNWORD16 inv)
-{
- BNWORD32 x, y;
- BNWORD16 const *pm;
- BNWORD16 *pn;
- BNWORD16 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!mlen)
- return;
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- t = BIGLITTLE(n[-1],n[0]);
- x = t;
- t *= inv;
- BIGLITTLE(n[-1], n[0]) = t;
- x += (BNWORD32)t * BIGLITTLE(mod[-1],mod[0]); /* Can't overflow */
- assert((BNWORD16)x == 0);
- x = x >> 16;
-
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pn = n;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD32)BIGLITTLE(*--pn * *pm++, *pn++ * *--pm);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pn == n-i, pn == n+i));
- y = t = BIGLITTLE(pn[-1], pn[0]);
- x += y;
- carry += (x < y);
- BIGLITTLE(pn[-1], pn[0]) = t = inv * (BNWORD16)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD32)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
- }
-
- BIGLITTLE(n -= mlen, n += mlen);
-
- /* Pass 2 - compute upper words and add to n */
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pm = BIGLITTLE(mod-i,mod+i);
- pn = n;
- for (j = i; j < mlen; j++) {
- y = (BNWORD32)BIGLITTLE(*--pm * *pn++, *pm++ * *--pn);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-mlen, pm == mod+mlen));
- assert(BIGLITTLE(pn == n+mlen-i, pn == n-mlen+i));
- y = t = BIGLITTLE(*(n-i),*(n+i-1));
- x += y;
- carry += (x < y);
- BIGLITTLE(*(n-i),*(n+i-1)) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Last round of second half, simplified. */
- t = BIGLITTLE(*(n-mlen),*(n+mlen-1));
- x += t;
- BIGLITTLE(*(n-mlen),*(n+mlen-1)) = (BNWORD16)x;
- carry = (unsigned)(x >> 16);
-
- while (carry)
- carry -= lbnSubN_16(n, mod, mlen);
- while (lbnCmp_16(n, mod, mlen) >= 0)
- (void)lbnSubN_16(n, mod, mlen);
-}
-#define lbnMontReduce_16 lbnMontReduce_16
-#endif
-
-/*
- * Montgomery reduce n, modulo mod. This reduces modulo mod and divides by
- * 2^(16*mlen). Returns the result in the *top* mlen words of the argument n.
- * This is ready for another multiplication using lbnMul_16.
- *
- * Montgomery representation is a very useful way to encode numbers when
- * you're doing lots of modular reduction. What you do is pick a multiplier
- * R which is relatively prime to the modulus and very easy to divide by.
- * Since the modulus is odd, R is closen as a power of 2, so the division
- * is a shift. In fact, it's a shift of an integral number of words,
- * so the shift can be implicit - just drop the low-order words.
- *
- * Now, choose R *larger* than the modulus m, 2^(16*mlen). Then convert
- * all numbers a, b, etc. to Montgomery form M(a), M(b), etc using the
- * relationship M(a) = a*R mod m, M(b) = b*R mod m, etc. Note that:
- * - The Montgomery form of a number depends on the modulus m.
- * A fixed modulus m is assumed throughout this discussion.
- * - Since R is relaitvely prime to m, multiplication by R is invertible;
- * no information about the numbers is lost, they're just scrambled.
- * - Adding (and subtracting) numbers in this form works just as usual.
- * M(a+b) = (a+b)*R mod m = (a*R + b*R) mod m = (M(a) + M(b)) mod m
- * - Multiplying numbers in this form produces a*b*R*R. The problem
- * is to divide out the excess factor of R, modulo m as well as to
- * reduce to the given length mlen. It turns out that this can be
- * done *faster* than a normal divide, which is where the speedup
- * in Montgomery division comes from.
- *
- * Normal reduction chooses a most-significant quotient digit q and then
- * subtracts q*m from the number to be reduced. Choosing q is tricky
- * and involved (just look at lbnDiv_16 to see!) and is usually
- * imperfect, requiring a check for correction after the subtraction.
- *
- * Montgomery reduction *adds* a multiple of m to the *low-order* part
- * of the number to be reduced. This multiple is chosen to make the
- * low-order part of the number come out to zero. This can be done
- * with no trickery or error using a precomputed inverse of the modulus.
- * In this code, the "part" is one word, but any width can be used.
- *
- * Repeating this step sufficiently often results in a value which
- * is a multiple of R (a power of two, remember) but is still (since
- * the additions were to the low-order part and thus did not increase
- * the value of the number being reduced very much) still not much
- * larger than m*R. Then implicitly divide by R and subtract off
- * m until the result is in the correct range.
- *
- * Since the low-order part being cancelled is less than R, the
- * multiple of m added must have a multiplier which is at most R-1.
- * Assuming that the input is at most m*R-1, the final number is
- * at most m*(2*R-1)-1 = 2*m*R - m - 1, so subtracting m once from
- * the high-order part, equivalent to subtracting m*R from the
- * while number, produces a result which is at most m*R - m - 1,
- * which divided by R is at most m-1.
- *
- * To convert *to* Montgomery form, you need a regular remainder
- * routine, although you can just compute R*R (mod m) and do the
- * conversion using Montgomery multiplication. To convert *from*
- * Montgomery form, just Montgomery reduce the number to
- * remove the extra factor of R.
- *
- * TODO: Change to a full inverse and use Karatsuba's multiplication
- * rather than this word-at-a-time.
- */
-#ifndef lbnMontReduce_16
-void
-lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned const mlen,
- BNWORD16 inv)
-{
- BNWORD16 t;
- BNWORD16 c = 0;
- unsigned len = mlen;
-
- /* inv must be the negative inverse of mod's least significant word */
- assert((BNWORD16)(inv * BIGLITTLE(mod[-1],mod[0])) == (BNWORD16)-1);
-
- assert(len);
-
- do {
- t = lbnMulAdd1_16(n, mod, mlen, inv * BIGLITTLE(n[-1],n[0]));
- c += lbnAdd1_16(BIGLITTLE(n-mlen,n+mlen), len, t);
- BIGLITTLE(--n,++n);
- } while (--len);
-
- /*
- * All that adding can cause an overflow past the modulus size,
- * but it's unusual, and never by much, so a subtraction loop
- * is the right way to deal with it.
- * This subtraction happens infrequently - I've only ever seen it
- * invoked once per reduction, and then just under 22.5% of the time.
- */
- while (c)
- c -= lbnSubN_16(n, mod, mlen);
- while (lbnCmp_16(n, mod, mlen) >= 0)
- (void)lbnSubN_16(n, mod, mlen);
-}
-#endif /* !lbnMontReduce_16 */
-
-/*
- * A couple of helpers that you might want to implement atomically
- * in asm sometime.
- */
-#ifndef lbnMontMul_16
-/*
- * Multiply "num1" by "num2", modulo "mod", all of length "len", and
- * place the result in the high half of "prod". "inv" is the inverse
- * of the least-significant word of the modulus, modulo 2^16.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontMul_16(prod, n1, n2, mod, len, inv) \
- (lbnMulX_16(prod, n1, n2, len), lbnMontReduce_16(prod, mod, len, inv))
-#endif /* !lbnMontMul_16 */
-
-#ifndef lbnMontSquare_16
-/*
- * Square "n", modulo "mod", both of length "len", and place the result
- * in the high half of "prod". "inv" is the inverse of the least-significant
- * word of the modulus, modulo 2^16.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontSquare_16(prod, n, mod, len, inv) \
- (lbnSquare_16(prod, n, len), lbnMontReduce_16(prod, mod, len, inv))
-
-#endif /* !lbnMontSquare_16 */
-
-/*
- * Convert a number to Montgomery form - requires mlen + nlen words
- * of memory in "n".
- */
-void
-lbnToMont_16(BNWORD16 *n, unsigned nlen, BNWORD16 *mod, unsigned mlen)
-{
- /* Move n up "mlen" words */
- lbnCopy_16(BIGLITTLE(n-mlen,n+mlen), n, nlen);
- lbnZero_16(n, mlen);
- /* Do the division - dump the quotient in the high-order words */
- (void)lbnDiv_16(BIGLITTLE(n-mlen,n+mlen), n, mlen+nlen, mod, mlen);
-}
-
-/*
- * Convert from Montgomery form. Montgomery reduction is all that is
- * needed.
- */
-void
-lbnFromMont_16(BNWORD16 *n, BNWORD16 *mod, unsigned len)
-{
- /* Zero the high words of n */
- lbnZero_16(BIGLITTLE(n-len,n+len), len);
- lbnMontReduce_16(n, mod, len, lbnMontInv1_16(mod[BIGLITTLE(-1,0)]));
- /* Move n down len words */
- lbnCopy_16(n, BIGLITTLE(n-len,n+len), len);
-}
-
-/*
- * The windowed exponentiation algorithm, precomputes a table of odd
- * powers of n up to 2^k. See the comment in bnExpMod_16 below for
- * an explanation of how it actually works works.
- *
- * It takes 2^(k-1)-1 multiplies to compute the table, and (e-1)/(k+1)
- * multiplies (on average) to perform the exponentiation. To minimize
- * the sum, k must vary with e. The optimal window sizes vary with the
- * exponent length. Here are some selected values and the boundary cases.
- * (An underscore _ has been inserted into some of the numbers to ensure
- * that magic strings like 16 do not appear in this table. It should be
- * ignored.)
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 8 bits, k=2 (3.333333) < k=1 (3.500000)
- * At e = 1_6 bits, k=2 (6.000000) is best
- * At e = 26 bits, k=3 (9.250000) < k=2 (9.333333)
- * At e = 3_2 bits, k=3 (10.750000) is best
- * At e = 6_4 bits, k=3 (18.750000) is best
- * At e = 82 bits, k=4 (23.200000) < k=3 (23.250000)
- * At e = 128 bits, k=4 (3_2.400000) is best
- * At e = 242 bits, k=5 (55.1_66667) < k=4 (55.200000)
- * At e = 256 bits, k=5 (57.500000) is best
- * At e = 512 bits, k=5 (100.1_66667) is best
- * At e = 674 bits, k=6 (127.142857) < k=5 (127.1_66667)
- * At e = 1024 bits, k=6 (177.142857) is best
- * At e = 1794 bits, k=7 (287.125000) < k=6 (287.142857)
- * At e = 2048 bits, k=7 (318.875000) is best
- * At e = 4096 bits, k=7 (574.875000) is best
- *
- * The numbers in parentheses are the expected number of multiplications
- * needed to do the computation. The normal russian-peasant modular
- * exponentiation technique always uses (e-1)/2. For exponents as
- * small as 192 bits (below the range of current factoring algorithms),
- * half of the multiplies are eliminated, 45.2 as opposed to the naive
- * 95.5. Counting the 191 squarings as 3/4 a multiply each (squaring
- * proper is just over half of multiplying, but the Montgomery
- * reduction in each case is also a multiply), that's 143.25
- * multiplies, for totals of 188.45 vs. 238.75 - a 21% savings.
- * For larger exponents (like 512 bits), it's 483.92 vs. 639.25, a
- * 24.3% savings. It asymptotically approaches 25%.
- *
- * Um, actually there's a slightly more accurate way to count, which
- * really is the average number of multiplies required, averaged
- * uniformly over all 2^(e-1) e-bit numbers, from 2^(e-1) to (2^e)-1.
- * It's based on the recurrence that for the last b bits, b <= k, at
- * most one multiply is needed (and none at all 1/2^b of the time),
- * while when b > k, the odds are 1/2 each way that the bit will be
- * 0 (meaning no multiplies to reduce it to the b-1-bit case) and
- * 1/2 that the bit will be 1, starting a k-bit window and requiring
- * 1 multiply beyond the b-k-bit case. Since the most significant
- * bit is always 1, a k-bit window always starts there, and that
- * multiply is by 1, so it isn't a multiply at all. Thus, the
- * number of multiplies is simply that needed for the last e-k bits.
- * This recurrence produces:
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 6 bits, k=2 (2.437500) < k=1 (2.500000)
- * At e = 8 bits, k=2 (3.109375) is best
- * At e = 1_6 bits, k=2 (5.777771) is best
- * At e = 24 bits, k=3 (8.437629) < k=2 (8.444444)
- * At e = 3_2 bits, k=3 (10.437492) is best
- * At e = 6_4 bits, k=3 (18.437500) is best
- * At e = 81 bits, k=4 (22.6_40000) < k=3 (22.687500)
- * At e = 128 bits, k=4 (3_2.040000) is best
- * At e = 241 bits, k=5 (54.611111) < k=4 (54.6_40000)
- * At e = 256 bits, k=5 (57.111111) is best
- * At e = 512 bits, k=5 (99.777778) is best
- * At e = 673 bits, k=6 (126.591837) < k=5 (126.611111)
- * At e = 1024 bits, k=6 (176.734694) is best
- * At e = 1793 bits, k=7 (286.578125) < k=6 (286.591837)
- * At e = 2048 bits, k=7 (318.453125) is best
- * At e = 4096 bits, k=7 (574.453125) is best
- *
- * This has the rollover points at 6, 24, 81, 241, 673 and 1793 instead
- * of 8, 26, 82, 242, 674, and 1794. Not a very big difference.
- * (The numbers past that are k=8 at 4609 and k=9 at 11521,
- * vs. one more in each case for the approximation.)
- *
- * Given that exponents for which k>7 are useful are uncommon,
- * a fixed size table for k <= 7 is used for simplicity.
- *
- * The basic number of squarings needed is e-1, although a k-bit
- * window (for k > 1) can save, on average, k-2 of those, too.
- * That savings currently isn't counted here. It would drive the
- * crossover points slightly lower.
- * (Actually, this win is also reduced in the DoubleExpMod case,
- * meaning we'd have to split the tables. Except for that, the
- * multiplies by powers of the two bases are independent, so
- * the same logic applies to each as the single case.)
- *
- * Table entry i is the largest number of bits in an exponent to
- * process with a window size of i+1. Entry 6 is the largest
- * possible unsigned number, so the window will never be more
- * than 7 bits, requiring 2^6 = 0x40 slots.
- */
-#define BNEXPMOD_MAX_WINDOW 7
-static unsigned const bnExpModThreshTable[BNEXPMOD_MAX_WINDOW] = {
- 5, 23, 80, 240, 672, 1792, (unsigned)-1
-/* 7, 25, 81, 241, 673, 1793, (unsigned)-1 ### The old approximations */
-};
-
-/*
- * Perform modular exponentiation, as fast as possible! This uses
- * Montgomery reduction, optimized squaring, and windowed exponentiation.
- * The modulus "mod" MUST be odd!
- *
- * This returns 0 on success, -1 on out of memory.
- *
- * The window algorithm:
- * The idea is to keep a running product of b1 = n^(high-order bits of exp),
- * and then keep appending exponent bits to it. The following patterns
- * apply to a 3-bit window (k = 3):
- * To append 0: square
- * To append 1: square, multiply by n^1
- * To append 10: square, multiply by n^1, square
- * To append 11: square, square, multiply by n^3
- * To append 100: square, multiply by n^1, square, square
- * To append 101: square, square, square, multiply by n^5
- * To append 110: square, square, multiply by n^3, square
- * To append 111: square, square, square, multiply by n^7
- *
- * Since each pattern involves only one multiply, the longer the pattern
- * the better, except that a 0 (no multiplies) can be appended directly.
- * We precompute a table of odd powers of n, up to 2^k, and can then
- * multiply k bits of exponent at a time. Actually, assuming random
- * exponents, there is on average one zero bit between needs to
- * multiply (1/2 of the time there's none, 1/4 of the time there's 1,
- * 1/8 of the time, there's 2, 1/16 of the time, there's 3, etc.), so
- * you have to do one multiply per k+1 bits of exponent.
- *
- * The loop walks down the exponent, squaring the result buffer as
- * it goes. There is a wbits+1 bit lookahead buffer, buf, that is
- * filled with the upcoming exponent bits. (What is read after the
- * end of the exponent is unimportant, but it is filled with zero here.)
- * When the most-significant bit of this buffer becomes set, i.e.
- * (buf & tblmask) != 0, we have to decide what pattern to multiply
- * by, and when to do it. We decide, remember to do it in future
- * after a suitable number of squarings have passed (e.g. a pattern
- * of "100" in the buffer requires that we multiply by n^1 immediately;
- * a pattern of "110" calls for multiplying by n^3 after one more
- * squaring), clear the buffer, and continue.
- *
- * When we start, there is one more optimization: the result buffer
- * is implcitly one, so squaring it or multiplying by it can be
- * optimized away. Further, if we start with a pattern like "100"
- * in the lookahead window, rather than placing n into the buffer
- * and then starting to square it, we have already computed n^2
- * to compute the odd-powers table, so we can place that into
- * the buffer and save a squaring.
- *
- * This means that if you have a k-bit window, to compute n^z,
- * where z is the high k bits of the exponent, 1/2 of the time
- * it requires no squarings. 1/4 of the time, it requires 1
- * squaring, ... 1/2^(k-1) of the time, it reqires k-2 squarings.
- * And the remaining 1/2^(k-1) of the time, the top k bits are a
- * 1 followed by k-1 0 bits, so it again only requires k-2
- * squarings, not k-1. The average of these is 1. Add that
- * to the one squaring we have to do to compute the table,
- * and you'll see that a k-bit window saves k-2 squarings
- * as well as reducing the multiplies. (It actually doesn't
- * hurt in the case k = 1, either.)
- *
- * n must have mlen words allocated. Although fewer may be in use
- * when n is passed in, all are in use on exit.
- */
-int
-lbnExpMod_16(BNWORD16 *result, BNWORD16 const *n, unsigned nlen,
- BNWORD16 const *e, unsigned elen, BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *table[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n */
- unsigned ebits; /* Exponent bits */
- unsigned wbits; /* Window size */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD16 bitpos; /* Mask of current look-ahead bit */
- unsigned buf; /* Buffer of exponent bits */
- unsigned multpos; /* Where to do pending multiply */
- BNWORD16 const *mult; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD16 *a, *b; /* Working buffers/accumulators */
- BNWORD16 *t; /* Pointer into the working buffers */
- BNWORD16 inv; /* mod^-1 modulo 2^16 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(nlen <= mlen);
-
- /* First, a couple of trivial cases. */
- elen = lbnNorm_16(e, elen);
- if (!elen) {
- /* x ^ 0 == 1 */
- lbnZero_16(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- ebits = lbnBits_16(e, elen);
- if (ebits == 1) {
- /* x ^ 1 == x */
- if (n != result)
- lbnCopy_16(result, n, nlen);
- if (mlen > nlen)
- lbnZero_16(BIGLITTLE(result-nlen,result+nlen),
- mlen-nlen);
- return 0;
- }
-
- /* Okay, now move the exponent pointer to the most-significant word */
- e = BIGLITTLE(e-elen, e+elen-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- wbits = 0;
- while (ebits > bnExpModThreshTable[wbits])
- wbits++;
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD16, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << wbits;
-
- /* We have the result buffer available, so use it. */
- table[0] = result;
-
- /*
- * Okay, we now have a minimal-sized table - expand it.
- * This is allowed to fail! If so, scale back the table size
- * and proceed.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table[i] = t;
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- wbits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask)
- LBNFREE(table[i], mlen);
-
- /* Okay, fill in the table */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n to Montgomery form */
-
- /* Move n up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_16(t, n, nlen);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+nlen, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_16(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_16(a, t, table[i-1], mod, mlen, inv);
- lbnCopy_16(table[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* We might use b = n^2 later... */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD16)1 << ((ebits-1) & (16-1)); /* Initialize mask */
-
- /* This should point to the msbit of e */
- assert((*e & bitpos) != 0);
-
- /*
- * Pre-load the window. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e in here.
- *
- * The read-ahead is controlled by elen and the bitpos mask.
- * Note that this is *ahead* of ebits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two wbits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- */
- buf = 0;
- for (i = 0; i <= wbits; i++) {
- buf = (buf << 1) | ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD16)1 << (16-1);
- elen--;
- }
- }
- assert(buf & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- multpos = ebits; /* A NULL value */
- mult = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- ebits--; /* Start processing the first bit... */
- isone = 1;
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf is set, and
- * - We have the extra value n^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf & tblmask);
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (multpos == ebits)
- isone = 0;
-
- /*
- * At this point, the buffer (which is the high half of b) holds
- * either 1 (implicitly, as the "isone" flag is set), or n^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the window
- * - If the most-significant bit of the window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffer
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- ebits--;
-
- /* Advance the window */
- assert(buf < tblmask);
- buf <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by ebits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (elen) {
- buf |= ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD16)1 << (16-1);
- elen--;
- }
- }
-
- /* Examine the window for pending multiplies */
- if (buf & tblmask) {
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
- }
-
- /* If we have a pending multiply, do it */
- if (ebits == multpos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!ebits)
- break;
-
- /* Square the input */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_16(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_16(b, t, mlen);
- lbnZero_16(t, mlen);
- lbnMontReduce_16(b, mod, mlen, inv);
- lbnCopy_16(result, t, mlen);
- /*
- * Clean up - free intermediate storage.
- * Do NOT free table[0], which is the result
- * buffer.
- */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- while (--tblmask)
- LBNFREE(table[tblmask], mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-/*
- * Compute and return n1^e1 * n2^e2 mod "mod".
- * result may be either input buffer, or something separate.
- * It must be "mlen" words long.
- *
- * There is a current position in the exponents, which is kept in e1bits.
- * (The exponents are swapped if necessary so e1 is the longer of the two.)
- * At any given time, the value in the accumulator is
- * n1^(e1>>e1bits) * n2^(e2>>e1bits) mod "mod".
- * As e1bits is counted down, this is updated, by squaring it and doing
- * any necessary multiplies.
- * To decide on the necessary multiplies, two windows, each w1bits+1 bits
- * wide, are maintained in buf1 and buf2, which read *ahead* of the
- * e1bits position (with appropriate handling of the case when e1bits
- * drops below w1bits+1). When the most-significant bit of either window
- * becomes set, indicating that something needs to be multiplied by
- * the accumulator or it will get out of sync, the window is examined
- * to see which power of n1 or n2 to multiply by, and when (possibly
- * later, if the power is greater than 1) the multiply should take
- * place. Then the multiply and its location are remembered and the
- * window is cleared.
- *
- * If we had every power of n1 in the table, the multiply would always
- * be w1bits steps in the future. But we only keep the odd powers,
- * so instead of waiting w1bits squarings and then multiplying
- * by n1^k, we wait w1bits-k squarings and multiply by n1.
- *
- * Actually, w2bits can be less than w1bits, but the window is the same
- * size, to make it easier to keep track of where we're reading. The
- * appropriate number of low-order bits of the window are just ignored.
- */
-int
-lbnDoubleExpMod_16(BNWORD16 *result,
- BNWORD16 const *n1, unsigned n1len,
- BNWORD16 const *e1, unsigned e1len,
- BNWORD16 const *n2, unsigned n2len,
- BNWORD16 const *e2, unsigned e2len,
- BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *table1[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n1 */
- BNWORD16 *table2[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n2 */
- unsigned e1bits, e2bits; /* Exponent bits */
- unsigned w1bits, w2bits; /* Window sizes */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD16 bitpos; /* Mask of current look-ahead bit */
- unsigned buf1, buf2; /* Buffer of exponent bits */
- unsigned mult1pos, mult2pos; /* Where to do pending multiply */
- BNWORD16 const *mult1, *mult2; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD16 *a, *b; /* Working buffers/accumulators */
- BNWORD16 *t; /* Pointer into the working buffers */
- BNWORD16 inv; /* mod^-1 modulo 2^16 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(n1len <= mlen);
- assert(n2len <= mlen);
-
- /* First, a couple of trivial cases. */
- e1len = lbnNorm_16(e1, e1len);
- e2len = lbnNorm_16(e2, e2len);
-
- /* Ensure that the first exponent is the longer */
- e1bits = lbnBits_16(e1, e1len);
- e2bits = lbnBits_16(e2, e2len);
- if (e1bits < e2bits) {
- i = e1len; e1len = e2len; e2len = i;
- i = e1bits; e1bits = e2bits; e2bits = i;
- t = (BNWORD16 *)n1; n1 = n2; n2 = t;
- t = (BNWORD16 *)e1; e1 = e2; e2 = t;
- }
- assert(e1bits >= e2bits);
-
- /* Handle a trivial case */
- if (!e2len)
- return lbnExpMod_16(result, n1, n1len, e1, e1len, mod, mlen);
- assert(e2bits);
-
- /* The code below fucks up if the exponents aren't at least 2 bits */
- if (e1bits == 1) {
- assert(e2bits == 1);
-
- LBNALLOC(a, BNWORD16, n1len+n2len);
- if (!a)
- return -1;
-
- lbnMul_16(a, n1, n1len, n2, n2len);
- /* Do a direct modular reduction */
- if (n1len + n2len >= mlen)
- (void)lbnDiv_16(a+mlen, a, n1len+n2len, mod, mlen);
- lbnCopy_16(result, a, mlen);
- LBNFREE(a, n1len+n2len);
- return 0;
- }
-
- /* Okay, now move the exponent pointers to the most-significant word */
- e1 = BIGLITTLE(e1-e1len, e1+e1len-1);
- e2 = BIGLITTLE(e2-e2len, e2+e2len-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- w1bits = 0;
- while (e1bits > bnExpModThreshTable[w1bits])
- w1bits++;
- w2bits = 0;
- while (e2bits > bnExpModThreshTable[w2bits])
- w2bits++;
-
- assert(w1bits >= w2bits);
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD16, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << w1bits;
- /* Use buf2 for its size, temporarily */
- buf2 = 1u << w2bits;
-
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) {
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return -1;
- }
- table1[0] = t;
- table2[0] = result;
-
- /*
- * Okay, we now have some minimal-sized tables - expand them.
- * This is allowed to fail! If so, scale back the table sizes
- * and proceed. We allocate both tables at the same time
- * so if it fails partway through, they'll both be a reasonable
- * size rather than one huge and one tiny.
- * When i passes buf2 (the number of entries in the e2 window,
- * which may be less than the number of entries in the e1 window),
- * stop allocating e2 space.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table1[i] = t;
- if (i < buf2) {
- LBNALLOC(t, BNWORD16, mlen);
- if (!t) {
- LBNFREE(table1[i], mlen);
- break;
- }
- table2[i] = t;
- }
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- w1bits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask) {
- if (i < buf2)
- LBNFREE(table2[i], mlen);
- LBNFREE(table1[i], mlen);
- }
- /* And shrink the second window too, if needed */
- if (w2bits > w1bits) {
- w2bits = w1bits;
- buf2 = tblmask;
- }
-
- /*
- * From now on, use the w2bits variable for the difference
- * between w1bits and w2bits.
- */
- w2bits = w1bits-w2bits;
-
- /* Okay, fill in the tables */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n1 to Montgomery form */
-
- /* Move n1 up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_16(t, n1, n1len);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+n1len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table1[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_16(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the first table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_16(a, t, table1[i-1], mod, mlen, inv);
- lbnCopy_16(table1[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* Convert n2 to Montgomery form */
-
- t = BIGLITTLE(a-mlen, a+mlen);
- /* Move n2 up "mlen" words into a */
- lbnCopy_16(t, n2, n2len);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+n2len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table2[0], a, mlen);
-
- /* Square it into a */
- lbnMontSquare_16(a, table2[0], mod, mlen, inv);
- /* Copy to b, low half */
- lbnCopy_16(b, t, mlen);
-
- /* Use b to initialize the second table */
- for (i = 1; i < buf2; i++) {
- lbnMontMul_16(a, b, table2[i-1], mod, mlen, inv);
- lbnCopy_16(table2[i], t, mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /*
- * Okay, a recap: at this point, the low part of b holds
- * n2^2, the high part holds n1^2, and the tables are
- * initialized with the odd powers of n1 and n2 from 1
- * through 2*tblmask-1 and 2*buf2-1.
- *
- * We might use those squares in b later, or we might not.
- */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD16)1 << ((e1bits-1) & (16-1)); /* Initialize mask */
-
- /* This should point to the msbit of e1 */
- assert((*e1 & bitpos) != 0);
-
- /*
- * Pre-load the windows. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e1 in here.
- *
- * The read-ahead is controlled by e1len and the bitpos mask.
- * Note that this is *ahead* of e1bits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two w1bits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- * e2len is not decremented, it is only ever compared with
- * e1len as *that* is decremented.
- */
- buf1 = buf2 = 0;
- for (i = 0; i <= w1bits; i++) {
- buf1 = (buf1 << 1) | ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 = (buf2 << 1) | ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD16)1 << (16-1);
- e1len--;
- }
- }
- assert(buf1 & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- mult1pos = mult2pos = e1bits; /* A NULL value */
- mult1 = mult2 = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- isone = 1; /* Buffer is implicitly 1, so replace * by copy */
- e1bits--; /* Start processing the first bit... */
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf1 is set, and
- * - We have the extra value n1^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n1^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n1^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf1 & tblmask);
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (mult1pos == e1bits)
- isone = 0;
-
- /*
- * The first multiply by a power of n2. Similar, but
- * we might not even want to schedule a multiply if e2 is
- * shorter than e1, and the window might be shorter so
- * we have to leave the low w2bits bits alone.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
-
- if (mult2pos == e1bits) {
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- lbnCopy_16(t, b, mlen); /* Copy low to high */
- isone = 0;
- } else {
- lbnMontMul_16(a, t, b, mod, mlen, inv);
- t = a; a = b; b = t;
- }
- }
- }
-
- /*
- * At this point, the buffer (which is the high half of b)
- * holds either 1 (implicitly, as the "isone" flag is set),
- * n1^2, n2^2 or n1^2 * n2^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the windows
- * - If the most-significant bit of a window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffers
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- e1bits--;
-
- /* Advance the windows */
- assert(buf1 < tblmask);
- buf1 <<= 1;
- assert(buf2 < tblmask);
- buf2 <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by e1bits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (e1len) {
- buf1 |= ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 |= ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD16)1 << (16-1);
- e1len--;
- }
- }
-
- /* Examine the first window for pending multiplies */
- if (buf1 & tblmask) {
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
- }
-
- /*
- * Examine the second window for pending multiplies.
- * Window 2 can be smaller than window 1, but we
- * keep the same number of bits in buf2, so we need
- * to ignore any low-order bits in the buffer when
- * computing what to multiply by, and recompute them
- * later.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
- }
-
-
- /* If we have a pending multiply for e1, do it */
- if (e1bits == mult1pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult1, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult1, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* If we have a pending multiply for e2, do it */
- if (e1bits == mult2pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult2, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult2, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!e1bits)
- break;
-
- /* Square the buffer */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_16(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf1);
- assert(!buf2);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_16(b, t, mlen);
- lbnZero_16(t, mlen);
- lbnMontReduce_16(b, mod, mlen, inv);
- lbnCopy_16(result, t, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- buf2 = tblmask >> w2bits;
- while (--tblmask) {
- if (tblmask < buf2)
- LBNFREE(table2[tblmask], mlen);
- LBNFREE(table1[tblmask], mlen);
- }
- t = table1[0];
- LBNFREE(t, mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-/*
- * 2^exp (mod mod). This is an optimized version for use in Fermat
- * tests. The input value of n is ignored; it is returned with
- * "mlen" words valid.
- */
-int
-lbnTwoExpMod_16(BNWORD16 *n, BNWORD16 const *exp, unsigned elen,
- BNWORD16 *mod, unsigned mlen)
-{
- unsigned e; /* Copy of high words of the exponent */
- unsigned bits; /* Assorted counter of bits */
- BNWORD16 const *bitptr;
- BNWORD16 bitword, bitpos;
- BNWORD16 *a, *b, *a1;
- BNWORD16 inv;
- int y; /* Result of bnYield() */
-
- assert(mlen);
-
- bitptr = BIGLITTLE(exp-elen, exp+elen-1);
- bitword = *bitptr;
- assert(bitword);
-
- /* Clear n for future use. */
- lbnZero_16(n, mlen);
-
- bits = lbnBits_16(exp, elen);
-
- /* First, a couple of trivial cases. */
- if (bits <= 1) {
- /* 2 ^ 0 == 1, 2 ^ 1 == 2 */
- BIGLITTLE(n[-1],n[0]) = (BNWORD16)1<<elen;
- return 0;
- }
-
- /* Set bitpos to the most significant bit */
- bitpos = (BNWORD16)1 << ((bits-1) & (16-1));
-
- /* Now, count the bits in the modulus. */
- bits = lbnBits_16(mod, mlen);
- assert(bits > 1); /* a 1-bit modulus is just stupid... */
-
- /*
- * We start with 1<<e, where "e" is as many high bits of the
- * exponent as we can manage without going over the modulus.
- * This first loop finds "e".
- */
- e = 1;
- while (elen) {
- /* Consume the first bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break;
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD16)1<<(16-1);
- }
- e = (e << 1) | ((bitpos & bitword) != 0);
- if (e >= bits) { /* Overflow! Back out. */
- e >>= 1;
- break;
- }
- }
- /*
- * The bit in "bitpos" being examined by the bit buffer has NOT
- * been consumed yet. This may be past the end of the exponent,
- * in which case elen == 1.
- */
-
- /* Okay, now, set bit "e" in n. n is already zero. */
- inv = (BNWORD16)1 << (e & (16-1));
- e /= 16;
- BIGLITTLE(n[-e-1],n[e]) = inv;
- /*
- * The effective length of n in words is now "e+1".
- * This is used a little bit later.
- */
-
- if (!elen)
- return 0; /* That was easy! */
-
- /*
- * We have now processed the first few bits. The next step
- * is to convert this to Montgomery form for further squaring.
- */
-
- /* Allocate working storage: two product buffers */
- LBNALLOC(a, BNWORD16, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_16(inv);
- /* Move n (length e+1, remember?) up "mlen" words into b */
- /* Note that we lie about a1 for a bit - it's pointing to b */
- a1 = BIGLITTLE(b-mlen,b+mlen);
- lbnCopy_16(a1, n, e+1);
- lbnZero_16(b, mlen);
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_16(a1, b, mlen+e+1, mod, mlen);
- /*
- * Now do the first squaring and modular reduction to put
- * the number up in a1 where it belongs.
- */
- lbnMontSquare_16(a, b, mod, mlen, inv);
- /* Fix up a1 to point to where it should go. */
- a1 = BIGLITTLE(a-mlen,a+mlen);
-
- /*
- * Okay, now, a1 holds the number being accumulated, and
- * b is a scratch register. Start working:
- */
- for (;;) {
- /*
- * Is the bit set? If so, double a1 as well.
- * A modular doubling like this is very cheap.
- */
- if (bitpos & bitword) {
- /*
- * Double the number. If there was a carry out OR
- * the result is greater than the modulus, subract
- * the modulus.
- */
- if (lbnDouble_16(a1, mlen) ||
- lbnCmp_16(a1, mod, mlen) > 0)
- (void)lbnSubN_16(a1, mod, mlen);
- }
-
- /* Advance to the next exponent bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break; /* Done! */
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD16)1<<(16-1);
- }
-
- /*
- * The elen/bitword/bitpos bit buffer is known to be
- * non-empty, i.e. there is at least one more unconsumed bit.
- * Thus, it's safe to square the number.
- */
- lbnMontSquare_16(b, a1, mod, mlen, inv);
- /* Rename result (in b) back to a (a1, really). */
- a1 = b; b = a; a = a1;
- a1 = BIGLITTLE(a-mlen,a+mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* DONE! Just a little bit of cleanup... */
-
- /*
- * Convert result out of Montgomery form... this is
- * just a Montgomery reduction.
- */
- lbnCopy_16(a, a1, mlen);
- lbnZero_16(a1, mlen);
- lbnMontReduce_16(a, mod, mlen, inv);
- lbnCopy_16(n, a1, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-
-/*
- * Returns a substring of the big-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractBigBytes_16(BNWORD16 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Needed to shut up uninitialized var warnings */
- unsigned shift;
-
- lsbyte += buflen;
-
- shift = (8 * lsbyte) % 16;
- lsbyte /= (16/8); /* Convert to word offset */
- BIGLITTLE(n -= lsbyte, n += lsbyte);
-
- if (shift)
- t = BIGLITTLE(n[-1],n[0]);
-
- while (buflen--) {
- if (!shift) {
- t = BIGLITTLE(*n++,*--n);
- shift = 16;
- }
- shift -= 8;
- *buf++ = (unsigned char)(t>>shift);
- }
-}
-
-/*
- * Merge a big-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its *last* byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertBigBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Shut up uninitialized varibale warnings */
-
- lsbyte += buflen;
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 16;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *buf++;
- if ((--lsbyte % (16/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 16;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD16)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-/*
- * Returns a substring of the little-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractLittleBytes_16(BNWORD16 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Needed to shut up uninitialized var warnings */
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte % (16/8)) * 8 ;
- }
-
- while (buflen--) {
- if ((lsbyte++ % (16/8)) == 0)
- t = BIGLITTLE(*--n,*n++);
- *buf++ = (unsigned char)t;
- t >>= 8;
- }
-}
-
-/*
- * Merge a little-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its first byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertLittleBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Shut up uninitialized varibale warnings */
-
- /* Move to most-significant end */
- lsbyte += buflen;
- buf += buflen;
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 16;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *--buf;
- if ((--lsbyte % (16/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 16;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD16)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-#ifdef DEADCODE /* This was a precursor to the more flexible lbnExtractBytes */
-/*
- * Convert a big-endian array of bytes to a bignum.
- * Returns the number of words in the bignum.
- * Note the expression "16/8" for the number of bytes per word.
- * This is so the word-size adjustment will work.
- */
-unsigned
-lbnFromBytes_16(BNWORD16 *a, unsigned char const *b, unsigned blen)
-{
- BNWORD16 t;
- unsigned alen = (blen + (16/8-1))/(16/8);
- BIGLITTLE(a -= alen, a += alen);
-
- while (blen) {
- t = 0;
- do {
- t = t << 8 | *b++;
- } while (--blen & (16/8-1));
- BIGLITTLE(*a++,*--a) = t;
- }
- return alen;
-}
-#endif
-
-/*
- * Computes the GCD of a and b. Modifies both arguments; when it returns,
- * one of them is the GCD and the other is trash. The return value
- * indicates which: 0 for a, and 1 for b. The length of the retult is
- * returned in rlen. Both inputs must have one extra word of precision.
- * alen must be >= blen.
- *
- * TODO: use the binary algorithm (Knuth section 4.5.2, algorithm B).
- * This is based on taking out common powers of 2, then repeatedly:
- * gcd(2*u,v) = gcd(u,2*v) = gcd(u,v) - isolated powers of 2 can be deleted.
- * gcd(u,v) = gcd(u-v,v) - the numbers can be easily reduced.
- * It gets less reduction per step, but the steps are much faster than
- * the division case.
- */
-int
-lbnGcd_16(BNWORD16 *a, unsigned alen, BNWORD16 *b, unsigned blen,
- unsigned *rlen)
-{
-#if BNYIELD
- int y;
-#endif
- assert(alen >= blen);
-
- while (blen != 0) {
- (void)lbnDiv_16(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- alen = lbnNorm_16(a, blen);
- if (alen == 0) {
- *rlen = blen;
- return 1;
- }
- (void)lbnDiv_16(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- blen = lbnNorm_16(b, alen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- return y;
-#endif
- }
- *rlen = alen;
- return 0;
-}
-
-/*
- * Invert "a" modulo "mod" using the extended Euclidean algorithm.
- * Note that this only computes one of the cosequences, and uses the
- * theorem that the signs flip every step and the absolute value of
- * the cosequence values are always bounded by the modulus to avoid
- * having to work with negative numbers.
- * gcd(a,mod) had better equal 1. Returns 1 if the GCD is NOT 1.
- * a must be one word longer than "mod". It is overwritten with the
- * result.
- * TODO: Use Richard Schroeppel's *much* faster algorithm.
- */
-int
-lbnInv_16(BNWORD16 *a, unsigned alen, BNWORD16 const *mod, unsigned mlen)
-{
- BNWORD16 *b; /* Hold a copy of mod during GCD reduction */
- BNWORD16 *p; /* Temporary for products added to t0 and t1 */
- BNWORD16 *t0, *t1; /* Inverse accumulators */
- BNWORD16 cy;
- unsigned blen, t0len, t1len, plen;
- int y;
-
- alen = lbnNorm_16(a, alen);
- if (!alen)
- return 1; /* No inverse */
-
- mlen = lbnNorm_16(mod, mlen);
-
- assert (alen <= mlen);
-
- /* Inverse of 1 is 1 */
- if (alen == 1 && BIGLITTLE(a[-1],a[0]) == 1) {
- lbnZero_16(BIGLITTLE(a-alen,a+alen), mlen-alen);
- return 0;
- }
-
- /* Allocate a pile of space */
- LBNALLOC(b, BNWORD16, mlen+1);
- if (b) {
- /*
- * Although products are guaranteed to always be less than the
- * modulus, it can involve multiplying two 3-word numbers to
- * get a 5-word result, requiring a 6th word to store a 0
- * temporarily. Thus, mlen + 1.
- */
- LBNALLOC(p, BNWORD16, mlen+1);
- if (p) {
- LBNALLOC(t0, BNWORD16, mlen);
- if (t0) {
- LBNALLOC(t1, BNWORD16, mlen);
- if (t1)
- goto allocated;
- LBNFREE(t0, mlen);
- }
- LBNFREE(p, mlen+1);
- }
- LBNFREE(b, mlen+1);
- }
- return -1;
-
-allocated:
-
- /* Set t0 to 1 */
- t0len = 1;
- BIGLITTLE(t0[-1],t0[0]) = 1;
-
- /* b = mod */
- lbnCopy_16(b, mod, mlen);
- /* blen = mlen (implicitly) */
-
- /* t1 = b / a; b = b % a */
- cy = lbnDiv_16(t1, b, mlen, a, alen);
- *(BIGLITTLE(t1-(mlen-alen)-1,t1+(mlen-alen))) = cy;
- t1len = lbnNorm_16(t1, mlen-alen+1);
- blen = lbnNorm_16(b, alen);
-
- /* while (b > 1) */
- while (blen > 1 || BIGLITTLE(b[-1],b[0]) != (BNWORD16)1) {
- /* q = a / b; a = a % b; */
- if (alen < blen || (alen == blen && lbnCmp_16(a, a, alen) < 0))
- assert(0);
- cy = lbnDiv_16(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- *(BIGLITTLE(a-alen-1,a+alen)) = cy;
- plen = lbnNorm_16(BIGLITTLE(a-blen,a+blen), alen-blen+1);
- assert(plen);
- alen = lbnNorm_16(a, blen);
- if (!alen)
- goto failure; /* GCD not 1 */
-
- /* t0 += q * t1; */
- assert(plen+t1len <= mlen+1);
- lbnMul_16(p, BIGLITTLE(a-blen,a+blen), plen, t1, t1len);
- plen = lbnNorm_16(p, plen + t1len);
- assert(plen <= mlen);
- if (plen > t0len) {
- lbnZero_16(BIGLITTLE(t0-t0len,t0+t0len), plen-t0len);
- t0len = plen;
- }
- cy = lbnAddN_16(t0, p, plen);
- if (cy) {
- if (t0len > plen) {
- cy = lbnAdd1_16(BIGLITTLE(t0-plen,t0+plen),
- t0len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t0[-t0len-1],t0[t0len]) = cy;
- t0len++;
- }
- }
-
- /* if (a <= 1) return a ? t0 : FAIL; */
- if (alen <= 1 && BIGLITTLE(a[-1],a[0]) == (BNWORD16)1) {
- if (alen == 0)
- goto failure; /* FAIL */
- assert(t0len <= mlen);
- lbnCopy_16(a, t0, t0len);
- lbnZero_16(BIGLITTLE(a-t0len, a+t0len), mlen-t0len);
- goto success;
- }
-
- /* q = b / a; b = b % a; */
- if (blen < alen || (blen == alen && lbnCmp_16(b, a, alen) < 0))
- assert(0);
- cy = lbnDiv_16(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- *(BIGLITTLE(b-blen-1,b+blen)) = cy;
- plen = lbnNorm_16(BIGLITTLE(b-alen,b+alen), blen-alen+1);
- assert(plen);
- blen = lbnNorm_16(b, alen);
- if (!blen)
- goto failure; /* GCD not 1 */
-
- /* t1 += q * t0; */
- assert(plen+t0len <= mlen+1);
- lbnMul_16(p, BIGLITTLE(b-alen,b+alen), plen, t0, t0len);
- plen = lbnNorm_16(p, plen + t0len);
- assert(plen <= mlen);
- if (plen > t1len) {
- lbnZero_16(BIGLITTLE(t1-t1len,t1+t1len), plen-t1len);
- t1len = plen;
- }
- cy = lbnAddN_16(t1, p, plen);
- if (cy) {
- if (t1len > plen) {
- cy = lbnAdd1_16(BIGLITTLE(t1-plen,t0+plen),
- t1len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t1[-t1len-1],t1[t1len]) = cy;
- t1len++;
- }
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
-
- if (!blen)
- goto failure; /* gcd(a, mod) != 1 -- FAIL */
-
- /* return mod-t1 */
- lbnCopy_16(a, mod, mlen);
- assert(t1len <= mlen);
- cy = lbnSubN_16(a, t1, t1len);
- if (cy) {
- assert(mlen > t1len);
- cy = lbnSub1_16(BIGLITTLE(a-t1len, a+t1len), mlen-t1len, cy);
- assert(!cy);
- }
-
-success:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 0;
-
-failure: /* GCD is not 1 - no inverse exists! */
- y = 1;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return y;
-}
-
-/*
- * Precompute powers of "a" mod "mod". Compute them every "bits"
- * for "n" steps. This is sufficient to compute powers of g with
- * exponents up to n*bits bits long, i.e. less than 2^(n*bits).
- *
- * This assumes that the caller has already initialized "array" to point
- * to "n" buffers of size "mlen".
- */
-int
-lbnBasePrecompBegin_16(BNWORD16 **array, unsigned n, unsigned bits,
- BNWORD16 const *g, unsigned glen, BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *a, *b; /* Temporary double-width accumulators */
- BNWORD16 *a1; /* Pointer to high half of a*/
- BNWORD16 inv; /* Montgomery inverse of LSW of mod */
- BNWORD16 *t;
- unsigned i;
-
- glen = lbnNorm_16(g, glen);
- assert(glen);
-
- assert (mlen == lbnNorm_16(mod, mlen));
- assert (glen <= mlen);
-
- /* Allocate two temporary buffers, and the array slots */
- LBNALLOC(a, BNWORD16, mlen*2);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD16, mlen*2);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Okay, all ready */
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_16(inv);
- /* Move g up "mlen" words into a (clearing the low mlen words) */
- a1 = BIGLITTLE(a-mlen,a+mlen);
- lbnCopy_16(a1, g, glen);
- lbnZero_16(a, mlen);
-
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_16(a1, a, mlen+glen, mod, mlen);
-
- /* Copy the first value into the array */
- t = *array;
- lbnCopy_16(t, a, mlen);
- a1 = a; /* This first value is *not* shifted up */
-
- /* Now compute the remaining n-1 array entries */
- assert(bits);
- assert(n);
- while (--n) {
- i = bits;
- do {
- /* Square a1 into b1 */
- lbnMontSquare_16(b, a1, mod, mlen, inv);
- t = b; b = a; a = t;
- a1 = BIGLITTLE(a-mlen, a+mlen);
- } while (--i);
- t = *++array;
- lbnCopy_16(t, a1, mlen);
- }
-
- /* Hooray, we're done. */
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return 0;
-}
-
-/*
- * result = base^exp (mod mod). "array" is a an array of pointers
- * to procomputed powers of base, each 2^bits apart. (I.e. array[i]
- * is base^(2^(i*bits))).
- *
- * The algorithm consists of:
- * a = b = (powers of g to be raised to the power 2^bits-1)
- * a *= b *= (powers of g to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of g to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnBasePrecompExp_16(BNWORD16 *result, BNWORD16 const * const *array,
- unsigned bits, BNWORD16 const *exp, unsigned elen,
- BNWORD16 const *mod, unsigned mlen)
-{
- BNWORD16 *a, *b, *c, *t;
- BNWORD16 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD16 const *eptr; /* Pointer into exp */
- BNWORD16 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD16 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
-
- mlen = lbnNorm_16(mod, mlen);
- assert (mlen);
-
- elen = lbnNorm_16(exp, elen);
- if (!elen) {
- lbnZero_16(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD16, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD16, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD16, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Set up bit buffer for walking the exponent */
- eptr = exp;
- buf = BIGLITTLE(*--eptr, *eptr++);
- ewords = elen-1;
- bufbits = 16;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 16;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD16 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_16(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_16(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_16(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_16(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_16(a, a1, mlen);
- lbnZero_16(a1, mlen);
- lbnMontReduce_16(a, mod, mlen, inv);
- lbnCopy_16(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
-
-/*
- * result = base1^exp1 *base2^exp2 (mod mod). "array1" and "array2" are
- * arrays of pointers to procomputed powers of the corresponding bases,
- * each 2^bits apart. (I.e. array1[i] is base1^(2^(i*bits))).
- *
- * Bits must be the same in both. (It could be made adjustable, but it's
- * a bit of a pain. Just make them both equal to the larger one.)
- *
- * The algorithm consists of:
- * a = b = (powers of base1 and base2 to be raised to the power 2^bits-1)
- * a *= b *= (powers of base1 and base2 to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of base1 and base2 to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnDoubleBasePrecompExp_16(BNWORD16 *result, unsigned bits,
- BNWORD16 const * const *array1, BNWORD16 const *exp1, unsigned elen1,
- BNWORD16 const * const *array2, BNWORD16 const *exp2,
- unsigned elen2, BNWORD16 const *mod, unsigned mlen)
-{
- BNWORD16 *a, *b, *c, *t;
- BNWORD16 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j, k; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD16 const *eptr; /* Pointer into exp */
- BNWORD16 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD16 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
- BNWORD16 const * const *array;
-
- mlen = lbnNorm_16(mod, mlen);
- assert (mlen);
-
- elen1 = lbnNorm_16(exp1, elen1);
- if (!elen1) {
- return lbnBasePrecompExp_16(result, array2, bits, exp2, elen2,
- mod, mlen);
- }
- elen2 = lbnNorm_16(exp2, elen2);
- if (!elen2) {
- return lbnBasePrecompExp_16(result, array1, bits, exp1, elen1,
- mod, mlen);
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen1);
- assert(elen2);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD16, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD16, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD16, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Walk each exponent in turn */
- for (k = 0; k < 2; k++) {
- /* Set up the exponent for walking */
- array = k ? array2 : array1;
- eptr = k ? exp2 : exp1;
- ewords = (k ? elen2 : elen1) - 1;
- /* Set up bit buffer for walking the exponent */
- buf = BIGLITTLE(*--eptr, *eptr++);
- bufbits = 16;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 16;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD16 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_16(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_16(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_16(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_16(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_16(a, a1, mlen);
- lbnZero_16(a1, mlen);
- lbnMontReduce_16(a, mod, mlen, inv);
- lbnCopy_16(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef LBN16_H
-#define LBN16_H
-
-#include "lbn.h"
-
-#ifndef BNWORD16
-#error 16-bit bignum library requires a 16-bit data type
-#endif
-
-#ifndef lbnCopy_16
-void lbnCopy_16(BNWORD16 *dest, BNWORD16 const *src, unsigned len);
-#endif
-#ifndef lbnZero_16
-void lbnZero_16(BNWORD16 *num, unsigned len);
-#endif
-#ifndef lbnNeg_16
-void lbnNeg_16(BNWORD16 *num, unsigned len);
-#endif
-
-#ifndef lbnAdd1_16
-BNWORD16 lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry);
-#endif
-#ifndef lbnSub1_16
-BNWORD16 lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow);
-#endif
-
-#ifndef lbnAddN_16
-BNWORD16 lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len);
-#endif
-#ifndef lbnSubN_16
-BNWORD16 lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len);
-#endif
-
-#ifndef lbnCmp_16
-int lbnCmp_16(BNWORD16 const *num1, BNWORD16 const *num2, unsigned len);
-#endif
-
-#ifndef lbnMulN1_16
-void lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-#ifndef lbnMulAdd1_16
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-#ifndef lbnMulSub1_16
-BNWORD16 lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-
-#ifndef lbnLshift_16
-BNWORD16 lbnLshift_16(BNWORD16 *num, unsigned len, unsigned shift);
-#endif
-#ifndef lbnDouble_16
-BNWORD16 lbnDouble_16(BNWORD16 *num, unsigned len);
-#endif
-#ifndef lbnRshift_16
-BNWORD16 lbnRshift_16(BNWORD16 *num, unsigned len, unsigned shift);
-#endif
-
-#ifndef lbnMul_16
-void lbnMul_16(BNWORD16 *prod, BNWORD16 const *num1, unsigned len1,
- BNWORD16 const *num2, unsigned len2);
-#endif
-#ifndef lbnSquare_16
-void lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len);
-#endif
-
-#ifndef lbnNorm_16
-unsigned lbnNorm_16(BNWORD16 const *num, unsigned len);
-#endif
-#ifndef lbnBits_16
-unsigned lbnBits_16(BNWORD16 const *num, unsigned len);
-#endif
-
-#ifndef lbnExtractBigBytes_16
-void lbnExtractBigBytes_16(BNWORD16 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertBigytes_16
-void lbnInsertBigBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnExtractLittleBytes_16
-void lbnExtractLittleBytes_16(BNWORD16 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertLittleBytes_16
-void lbnInsertLittleBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-
-#ifndef lbnDiv21_16
-BNWORD16 lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d);
-#endif
-#ifndef lbnDiv1_16
-BNWORD16 lbnDiv1_16(BNWORD16 *q, BNWORD16 *rem,
- BNWORD16 const *n, unsigned len, BNWORD16 d);
-#endif
-#ifndef lbnModQ_16
-unsigned lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d);
-#endif
-#ifndef lbnDiv_16
-BNWORD16
-lbnDiv_16(BNWORD16 *q, BNWORD16 *n, unsigned nlen, BNWORD16 *d, unsigned dlen);
-#endif
-
-#ifndef lbnMontInv1_16
-BNWORD16 lbnMontInv1_16(BNWORD16 const x);
-#endif
-#ifndef lbnMontReduce_16
-void lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned const mlen,
- BNWORD16 inv);
-#endif
-#ifndef lbnToMont_16
-void lbnToMont_16(BNWORD16 *n, unsigned nlen, BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnFromMont_16
-void lbnFromMont_16(BNWORD16 *n, BNWORD16 *mod, unsigned len);
-#endif
-
-#ifndef lbnExpMod_16
-int lbnExpMod_16(BNWORD16 *result, BNWORD16 const *n, unsigned nlen,
- BNWORD16 const *exp, unsigned elen, BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnDoubleExpMod_16
-int lbnDoubleExpMod_16(BNWORD16 *result,
- BNWORD16 const *n1, unsigned n1len, BNWORD16 const *e1, unsigned e1len,
- BNWORD16 const *n2, unsigned n2len, BNWORD16 const *e2, unsigned e2len,
- BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnTwoExpMod_16
-int lbnTwoExpMod_16(BNWORD16 *n, BNWORD16 const *exp, unsigned elen,
- BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnGcd_16
-int lbnGcd_16(BNWORD16 *a, unsigned alen, BNWORD16 *b, unsigned blen,
- unsigned *rlen);
-#endif
-#ifndef lbnInv_16
-int lbnInv_16(BNWORD16 *a, unsigned alen, BNWORD16 const *mod, unsigned mlen);
-#endif
-
-int lbnBasePrecompBegin_16(BNWORD16 **array, unsigned n, unsigned bits,
- BNWORD16 const *g, unsigned glen, BNWORD16 *mod, unsigned mlen);
-int lbnBasePrecompExp_16(BNWORD16 *result, BNWORD16 const * const *array,
- unsigned bits, BNWORD16 const *exp, unsigned elen,
- BNWORD16 const *mod, unsigned mlen);
-int lbnDoubleBasePrecompExp_16(BNWORD16 *result, unsigned bits,
- BNWORD16 const * const *array1, BNWORD16 const *exp1, unsigned elen1,
- BNWORD16 const * const *array2, BNWORD16 const *exp2,
- unsigned elen2, BNWORD16 const *mod, unsigned mlen);
-
-#endif /* LBN16_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn32.c - Low-level bignum routines, 32-bit version.
- *
- * NOTE: the magic constants "32" and "64" appear in many places in this
- * file, including inside identifiers. Because it is not possible to
- * ask "#ifdef" of a macro expansion, it is not possible to use the
- * preprocessor to conditionalize these properly. Thus, this file is
- * intended to be edited with textual search and replace to produce
- * alternate word size versions. Any reference to the number of bits
- * in a word must be the string "32", and that string must not appear
- * otherwise. Any reference to twice this number must appear as "64",
- * which likewise must not appear otherwise. Is that clear?
- *
- * Remember, when doubling the bit size replace the larger number (64)
- * first, then the smaller (32). When halving the bit size, do the
- * opposite. Otherwise, things will get wierd. Also, be sure to replace
- * every instance that appears. (:%s/foo/bar/g in vi)
- *
- * These routines work with a pointer to the least-significant end of
- * an array of WORD32s. The BIG(x), LITTLE(y) and BIGLTTLE(x,y) macros
- * defined in lbn.h (which expand to x on a big-edian machine and y on a
- * little-endian machine) are used to conditionalize the code to work
- * either way. If you have no assembly primitives, it doesn't matter.
- * Note that on a big-endian machine, the least-significant-end pointer
- * is ONE PAST THE END. The bytes are ptr[-1] through ptr[-len].
- * On little-endian, they are ptr[0] through ptr[len-1]. This makes
- * perfect sense if you consider pointers to point *between* bytes rather
- * than at them.
- *
- * Because the array index values are unsigned integers, ptr[-i]
- * may not work properly, since the index -i is evaluated as an unsigned,
- * and if pointers are wider, zero-extension will produce a positive
- * number rahter than the needed negative. The expression used in this
- * code, *(ptr-i) will, however, work. (The array syntax is equivalent
- * to *(ptr+-i), which is a pretty subtle difference.)
- *
- * Many of these routines will get very unhappy if fed zero-length inputs.
- * They use assert() to enforce this. An higher layer of code must make
- * sure that these aren't called with zero-length inputs.
- *
- * Any of these routines can be replaced with more efficient versions
- * elsewhere, by just #defining their names. If one of the names
- * is #defined, the C code is not compiled in and no declaration is
- * made. Use the BNINCLUDE file to do that. Typically, you compile
- * asm subroutines with the same name and just, e.g.
- * #define lbnMulAdd1_32 lbnMulAdd1_32
- *
- * If you want to write asm routines, start with lbnMulAdd1_32().
- * This is the workhorse of modular exponentiation. lbnMulN1_32() is
- * also used a fair bit, although not as much and it's defined in terms
- * of lbnMulAdd1_32 if that has a custom version. lbnMulSub1_32 and
- * lbnDiv21_32 are used in the usual division and remainder finding.
- * (Not the Montgomery reduction used in modular exponentiation, though.)
- * Once you have lbnMulAdd1_32 defined, writing the other two should
- * be pretty easy. (Just make sure you get the sign of the subtraction
- * in lbnMulSub1_32 right - it's dest = dest - source * k.)
- *
- * The only definitions that absolutely need a double-word (BNWORD64)
- * type are lbnMulAdd1_32 and lbnMulSub1_32; if those are provided,
- * the rest follows. lbnDiv21_32, however, is a lot slower unless you
- * have them, and lbnModQ_32 takes after it. That one is used quite a
- * bit for prime sieving.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "lbn.h"
-#include "lbn32.h"
-#include "lbnmem.h"
-
-#include "kludge.h"
-
-#ifndef BNWORD32
-#error 32-bit bignum library requires a 32-bit data type
-#endif
-
-/* If this is defined, include bnYield() calls */
-#if BNYIELD
-extern int (*bnYield)(void); /* From bn.c */
-#endif
-
-/*
- * Most of the multiply (and Montgomery reduce) routines use an outer
- * loop that iterates over one of the operands - a so-called operand
- * scanning approach. One big advantage of this is that the assembly
- * support routines are simpler. The loops can be rearranged to have
- * an outer loop that iterates over the product, a so-called product
- * scanning approach. This has the advantage of writing less data
- * and doing fewer adds to memory, so is supposedly faster. Some
- * code has been written using a product-scanning approach, but
- * it appears to be slower, so it is turned off by default. Some
- * experimentation would be appreciated.
- *
- * (The code is also annoying to get right and not very well commented,
- * one of my pet peeves about math libraries. I'm sorry.)
- */
-#ifndef PRODUCT_SCAN
-#define PRODUCT_SCAN 0
-#endif
-
-/*
- * Copy an array of words. <Marvin mode on> Thrilling, isn't it? </Marvin>
- * This is a good example of how the byte offsets and BIGLITTLE() macros work.
- * Another alternative would have been
- * memcpy(dest BIG(-len), src BIG(-len), len*sizeof(BNWORD32)), but I find that
- * putting operators into conditional macros is confusing.
- */
-#ifndef lbnCopy_32
-void
-lbnCopy_32(BNWORD32 *dest, BNWORD32 const *src, unsigned len)
-{
- memcpy(BIGLITTLE(dest-len,dest), BIGLITTLE(src-len,src),
- len * sizeof(*src));
-}
-#endif /* !lbnCopy_32 */
-
-/*
- * Fill n words with zero. This does it manually rather than calling
- * memset because it can assume alignment to make things faster while
- * memset can't. Note how big-endian numbers are naturally addressed
- * using predecrement, while little-endian is postincrement.
- */
-#ifndef lbnZero_32
-void
-lbnZero_32(BNWORD32 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = 0;
-}
-#endif /* !lbnZero_32 */
-
-/*
- * Negate an array of words.
- * Negation is subtraction from zero. Negating low-order words
- * entails doing nothing until a non-zero word is hit. Once that
- * is negated, a borrow is generated and never dies until the end
- * of the number is hit. Negation with borrow, -x-1, is the same as ~x.
- * Repeat that until the end of the number.
- *
- * Doesn't return borrow out because that's pretty useless - it's
- * always set unless the input is 0, which is easy to notice in
- * normalized form.
- */
-#ifndef lbnNeg_32
-void
-lbnNeg_32(BNWORD32 *num, unsigned len)
-{
- assert(len);
-
- /* Skip low-order zero words */
- while (BIGLITTLE(*--num,*num) == 0) {
- if (!--len)
- return;
- LITTLE(num++;)
- }
- /* Negate the lowest-order non-zero word */
- *num = -*num;
- /* Complement all the higher-order words */
- while (--len) {
- BIGLITTLE(--num,++num);
- *num = ~*num;
- }
-}
-#endif /* !lbnNeg_32 */
-
-
-/*
- * lbnAdd1_32: add the single-word "carry" to the given number.
- * Used for minor increments and propagating the carry after
- * adding in a shorter bignum.
- *
- * Technique: If we have a double-width word, presumably the compiler
- * can add using its carry in inline code, so we just use a larger
- * accumulator to compute the carry from the first addition.
- * If not, it's more complex. After adding the first carry, which may
- * be > 1, compare the sum and the carry. If the sum wraps (causing a
- * carry out from the addition), the result will be less than each of the
- * inputs, since the wrap subtracts a number (2^32) which is larger than
- * the other input can possibly be. If the sum is >= the carry input,
- * return success immediately.
- * In either case, if there is a carry, enter a loop incrementing words
- * until one does not wrap. Since we are adding 1 each time, the wrap
- * will be to 0 and we can test for equality.
- */
-#ifndef lbnAdd1_32 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD64
-BNWORD32
-lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry)
-{
- BNWORD64 t;
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- t = (BNWORD64)BIGLITTLE(*--num,*num) + carry;
- BIGLITTLE(*num,*num++) = (BNWORD32)t;
- if ((t >> 32) == 0)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD64 */
-BNWORD32
-lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry)
-{
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- if ((BIGLITTLE(*--num,*num++) += carry) >= carry)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif/* !lbnAdd1_32 */
-
-/*
- * lbnSub1_32: subtract the single-word "borrow" from the given number.
- * Used for minor decrements and propagating the borrow after
- * subtracting a shorter bignum.
- *
- * Technique: Similar to the add, above. If there is a double-length type,
- * use that to generate the first borrow.
- * If not, after subtracting the first borrow, which may be > 1, compare
- * the difference and the *negative* of the carry. If the subtract wraps
- * (causing a borrow out from the subtraction), the result will be at least
- * as large as -borrow. If the result < -borrow, then no borrow out has
- * appeared and we may return immediately, except when borrow == 0. To
- * deal with that case, use the identity that -x = ~x+1, and instead of
- * comparing < -borrow, compare for <= ~borrow.
- * Either way, if there is a borrow out, enter a loop decrementing words
- * until a non-zero word is reached.
- *
- * Note the cast of ~borrow to (BNWORD32). If the size of an int is larger
- * than BNWORD32, C rules say the number is expanded for the arithmetic, so
- * the inversion will be done on an int and the value won't be quite what
- * is expected.
- */
-#ifndef lbnSub1_32 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD64
-BNWORD32
-lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow)
-{
- BNWORD64 t;
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- t = (BNWORD64)BIGLITTLE(*--num,*num) - borrow;
- BIGLITTLE(*num,*num++) = (BNWORD32)t;
- if ((t >> 32) == 0)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD64 */
-BNWORD32
-lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow)
-{
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- if ((BIGLITTLE(*--num,*num++) -= borrow) <= (BNWORD32)~borrow)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif /* !lbnSub1_32 */
-
-/*
- * lbnAddN_32: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with lbnAdd1, of adding two bignums of
- * differing lengths.
- *
- * Technique: Maintain a word of carry. If there is no double-width type,
- * use the same technique as in lbnAdd1, above, to maintain the carry by
- * comparing the inputs. Adding the carry sources is used as an OR operator;
- * at most one of the two comparisons can possibly be true. The first can
- * only be true if carry == 1 and x, the result, is 0. In that case the
- * second can't possibly be true.
- */
-#ifndef lbnAddN_32
-#ifdef BNWORD64
-BNWORD32
-lbnAddN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD64 t;
-
- assert(len > 0);
-
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) + BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
- while (--len) {
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) +
- (BNWORD64)BIGLITTLE(*--num2,*num2++) + (t >> 32);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
- }
-
- return (BNWORD32)(t>>32);
-}
-#else /* no BNWORD64 */
-BNWORD32
-lbnAddN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD32 x, carry = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- carry = (x += carry) < carry;
- carry += (BIGLITTLE(*--num1,*num1++) += x) < x;
- } while (--len);
-
- return carry;
-}
-#endif
-#endif /* !lbnAddN_32 */
-
-/*
- * lbnSubN_32: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with subn1, of subtracting two bignums of
- * differing lengths.
- *
- * Technique: If no double-width type is availble, maintain a word of borrow.
- * First, add the borrow to the subtrahend (did you have to learn all those
- * awful words in elementary school, too?), and if it overflows, set the
- * borrow again. Then subtract the modified subtrahend from the next word
- * of input, using the same technique as in subn1, above.
- * Adding the borrows is used as an OR operator; at most one of the two
- * comparisons can possibly be true. The first can only be true if
- * borrow == 1 and x, the result, is 0. In that case the second can't
- * possibly be true.
- *
- * In the double-word case, (BNWORD32)-(t>>32) is subtracted, rather than
- * adding t>>32, because the shift would need to sign-extend and that's
- * not guaranteed to happen in ANSI C, even with signed types.
- */
-#ifndef lbnSubN_32
-#ifdef BNWORD64
-BNWORD32
-lbnSubN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD64 t;
-
- assert(len > 0);
-
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) - BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
-
- while (--len) {
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) -
- (BNWORD64)BIGLITTLE(*--num2,*num2++) - (BNWORD32)-(t >> 32);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
- }
-
- return -(BNWORD32)(t>>32);
-}
-#else
-BNWORD32
-lbnSubN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD32 x, borrow = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- borrow = (x += borrow) < borrow;
- borrow += (BIGLITTLE(*--num1,*num1++) -= x) > (BNWORD32)~x;
- } while (--len);
-
- return borrow;
-}
-#endif
-#endif /* !lbnSubN_32 */
-
-#ifndef lbnCmp_32
-/*
- * lbnCmp_32: compare two bignums of equal length, returning the sign of
- * num1 - num2. (-1, 0 or +1).
- *
- * Technique: Change the little-endian pointers to big-endian pointers
- * and compare from the most-significant end until a difference if found.
- * When it is, figure out the sign of the difference and return it.
- */
-int
-lbnCmp_32(BNWORD32 const *num1, BNWORD32 const *num2, unsigned len)
-{
- BIGLITTLE(num1 -= len, num1 += len);
- BIGLITTLE(num2 -= len, num2 += len);
-
- while (len--) {
- if (BIGLITTLE(*num1++ != *num2++, *--num1 != *--num2)) {
- if (BIGLITTLE(num1[-1] < num2[-1], *num1 < *num2))
- return -1;
- else
- return 1;
- }
- }
- return 0;
-}
-#endif /* !lbnCmp_32 */
-
-/*
- * mul32_ppmmaa(ph,pl,x,y,a,b) is an optional routine that
- * computes (ph,pl) = x * y + a + b. mul32_ppmma and mul32_ppmm
- * are simpler versions. If you want to be lazy, all of these
- * can be defined in terms of the others, so here we create any
- * that have not been defined in terms of the ones that have been.
- */
-
-/* Define ones with fewer a's in terms of ones with more a's */
-#if !defined(mul32_ppmma) && defined(mul32_ppmmaa)
-#define mul32_ppmma(ph,pl,x,y,a) mul32_ppmmaa(ph,pl,x,y,a,0)
-#endif
-
-#if !defined(mul32_ppmm) && defined(mul32_ppmma)
-#define mul32_ppmm(ph,pl,x,y) mul32_ppmma(ph,pl,x,y,0)
-#endif
-
-/*
- * Use this definition to test the mul32_ppmm-based operations on machines
- * that do not provide mul32_ppmm. Change the final "0" to a "1" to
- * enable it.
- */
-#if !defined(mul32_ppmm) && defined(BNWORD64) && 0 /* Debugging */
-#define mul32_ppmm(ph,pl,x,y) \
- ({BNWORD64 _ = (BNWORD64)(x)*(y); (pl) = _; (ph) = _>>32;})
-#endif
-
-#if defined(mul32_ppmm) && !defined(mul32_ppmma)
-#define mul32_ppmma(ph,pl,x,y,a) \
- (mul32_ppmm(ph,pl,x,y), (ph) += ((pl) += (a)) < (a))
-#endif
-
-#if defined(mul32_ppmma) && !defined(mul32_ppmmaa)
-#define mul32_ppmmaa(ph,pl,x,y,a,b) \
- (mul32_ppmma(ph,pl,x,y,a), (ph) += ((pl) += (b)) < (b))
-#endif
-
-/*
- * lbnMulN1_32: Multiply an n-word input by a 1-word input and store the
- * n+1-word product. This uses either the mul32_ppmm and mul32_ppmma
- * macros, or C multiplication with the BNWORD64 type. This uses mul32_ppmma
- * if available, assuming you won't bother defining it unless you can do
- * better than the normal multiplication.
- */
-#ifndef lbnMulN1_32
-#ifdef lbnMulAdd1_32 /* If we have this asm primitive, use it. */
-void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- lbnZero_32(out, len);
- BIGLITTLE(*(out-len-1),*(out+len)) = lbnMulAdd1_32(out, in, len, k);
-}
-#elif defined(mul32_ppmm)
-void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD32 carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- mul32_ppmm(carry, *out, *in, k);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;)
- carryin = carry;
- mul32_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
- }
- BIGLITTLE(*--out,*out) = carry;
-}
-#elif defined(BNWORD64)
-void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD64 p;
-
- assert(len > 0);
-
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k;
- BIGLITTLE(*--out,*out++) = (BNWORD32)p;
-
- while (--len) {
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k + (BNWORD32)(p >> 32);
- BIGLITTLE(*--out,*out++) = (BNWORD32)p;
- }
- BIGLITTLE(*--out,*out) = (BNWORD32)(p >> 32);
-}
-#else
-#error No 32x32 -> 64 multiply available for 32-bit bignum package
-#endif
-#endif /* lbnMulN1_32 */
-
-/*
- * lbnMulAdd1_32: Multiply an n-word input by a 1-word input and add the
- * low n words of the product to the destination. *Returns the n+1st word
- * of the product.* (That turns out to be more convenient than adding
- * it into the destination and dealing with a possible unit carry out
- * of *that*.) This uses either the mul32_ppmma and mul32_ppmmaa macros,
- * or C multiplication with the BNWORD64 type.
- *
- * If you're going to write assembly primitives, this is the one to
- * start with. It is by far the most commonly called function.
- */
-#ifndef lbnMulAdd1_32
-#if defined(mul32_ppmm)
-BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD32 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- carryin = *out;
- mul32_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;);
- carryin = carry;
- mul32_ppmmaa(carry, prod, *in, k, carryin, *out);
- *out = prod;
- LITTLE(out++;in++;)
- }
-
- return carry;
-}
-#elif defined(BNWORD64)
-BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD64 p;
-
- assert(len > 0);
-
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD32)p;
-
- while (--len) {
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k +
- (BNWORD32)(p >> 32) + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD32)p;
- }
-
- return (BNWORD32)(p >> 32);
-}
-#else
-#error No 32x32 -> 64 multiply available for 32-bit bignum package
-#endif
-#endif /* lbnMulAdd1_32 */
-
-/*
- * lbnMulSub1_32: Multiply an n-word input by a 1-word input and subtract the
- * n-word product from the destination. Returns the n+1st word of the product.
- * This uses either the mul32_ppmm and mul32_ppmma macros, or
- * C multiplication with the BNWORD64 type.
- *
- * This is rather uglier than adding, but fortunately it's only used in
- * division which is not used too heavily.
- */
-#ifndef lbnMulSub1_32
-#if defined(mul32_ppmm)
-BNWORD32
-lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD32 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--in;)
- mul32_ppmm(carry, prod, *in, k);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD32)~prod;
-
- while (--len) {
- BIG(--in;);
- carryin = carry;
- mul32_ppmma(carry, prod, *in, k, carryin);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD32)~prod;
- }
-
- return carry;
-}
-#elif defined(BNWORD64)
-BNWORD32
-lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD64 p;
- BNWORD32 carry, t;
-
- assert(len > 0);
-
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD32)(p>>32) + ((BIGLITTLE(*out,*out++)=t-(BNWORD32)p) > t);
-
- while (--len) {
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k + carry;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD32)(p>>32) +
- ( (BIGLITTLE(*out,*out++)=t-(BNWORD32)p) > t );
- }
-
- return carry;
-}
-#else
-#error No 32x32 -> 64 multiply available for 32-bit bignum package
-#endif
-#endif /* !lbnMulSub1_32 */
-
-/*
- * Shift n words left "shift" bits. 0 < shift < 32. Returns the
- * carry, any bits shifted off the left-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnLshift_32
-BNWORD32
-lbnLshift_32(BNWORD32 *num, unsigned len, unsigned shift)
-{
- BNWORD32 x, carry;
-
- assert(shift > 0);
- assert(shift < 32);
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<shift) | carry;
- LITTLE(num++;)
- carry = x >> (32-shift);
- }
- return carry;
-}
-#endif /* !lbnLshift_32 */
-
-/*
- * An optimized version of the above, for shifts of 1.
- * Some machines can use add-with-carry tricks for this.
- */
-#ifndef lbnDouble_32
-BNWORD32
-lbnDouble_32(BNWORD32 *num, unsigned len)
-{
- BNWORD32 x, carry;
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<1) | carry;
- LITTLE(num++;)
- carry = x >> (32-1);
- }
- return carry;
-}
-#endif /* !lbnDouble_32 */
-
-/*
- * Shift n words right "shift" bits. 0 < shift < 32. Returns the
- * carry, any bits shifted off the right-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnRshift_32
-BNWORD32
-lbnRshift_32(BNWORD32 *num, unsigned len, unsigned shift)
-{
- BNWORD32 x, carry = 0;
-
- assert(shift > 0);
- assert(shift < 32);
-
- BIGLITTLE(num -= len, num += len);
-
- while (len--) {
- LITTLE(--num;)
- x = *num;
- *num = (x>>shift) | carry;
- BIG(num++;)
- carry = x << (32-shift);
- }
- return carry >> (32-shift);
-}
-#endif /* !lbnRshift_32 */
-
-/*
- * Multiply two numbers of the given lengths. prod and num2 may overlap,
- * provided that the low len1 bits of prod are free. (This corresponds
- * nicely to the place the result is returned from lbnMontReduce_32.)
- *
- * TODO: Use Karatsuba multiply. The overlap constraints may have
- * to get rewhacked.
- */
-#ifndef lbnMul_32
-void
-lbnMul_32(BNWORD32 *prod, BNWORD32 const *num1, unsigned len1,
- BNWORD32 const *num2, unsigned len2)
-{
- /* Special case of zero */
- if (!len1 || !len2) {
- lbnZero_32(prod, len1+len2);
- return;
- }
-
- /* Multiply first word */
- lbnMulN1_32(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
-
- /*
- * Add in subsequent words, storing the most significant word,
- * which is new each time.
- */
- while (--len2) {
- BIGLITTLE(--prod,prod++);
- BIGLITTLE(*(prod-len1-1),*(prod+len1)) =
- lbnMulAdd1_32(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
- }
-}
-#endif /* !lbnMul_32 */
-
-/*
- * lbnMulX_32 is a square multiply - both inputs are the same length.
- * It's normally just a macro wrapper around the general multiply,
- * but might be implementable in assembly more efficiently (such as
- * when product scanning).
- */
-#ifndef lbnMulX_32
-#if defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Test code to see whether product scanning is any faster. It seems
- * to make the C code slower, so PRODUCT_SCAN is not defined.
- */
-static void
-lbnMulX_32(BNWORD32 *prod, BNWORD32 const *num1, BNWORD32 const *num2,
- unsigned len)
-{
- BNWORD64 x, y;
- BNWORD32 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- x = (BNWORD64)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD32)x;
- x >>= 32;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- for (j = 0; j <= i; j++) {
- BIG(y = (BNWORD64)*--p1 * *p2++;)
- LITTLE(y = (BNWORD64)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- for (j = i; j < len; j++) {
- BIG(y = (BNWORD64)*--p1 * *p2++;)
- LITTLE(y = (BNWORD64)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- BIGLITTLE(*--prod,*prod) = (BNWORD32)x;
-}
-#else /* !defined(BNWORD64) || !PRODUCT_SCAN */
-/* Default trivial macro definition */
-#define lbnMulX_32(prod, num1, num2, len) lbnMul_32(prod, num1, len, num2, len)
-#endif /* !defined(BNWORD64) || !PRODUCT_SCAN */
-#endif /* !lbmMulX_32 */
-
-#if !defined(lbnMontMul_32) && defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Test code for product-scanning multiply. This seems to slow the C
- * code down rather than speed it up.
- * This does a multiply and Montgomery reduction together, using the
- * same loops. The outer loop scans across the product, twice.
- * The first pass computes the low half of the product and the
- * Montgomery multipliers. These are stored in the product array,
- * which contains no data as of yet. x and carry add up the columns
- * and propagate carries forward.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-static void
-lbnMontMul_32(BNWORD32 *prod, BNWORD32 const *num1, BNWORD32 const *num2,
- BNWORD32 const *mod, unsigned len, BNWORD32 inv)
-{
- BNWORD64 x, y;
- BNWORD32 const *p1, *p2, *pm;
- BNWORD32 *pp;
- BNWORD32 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /*
- * This computes directly into the high half of prod, so just
- * shift the pointer and consider prod only "len" elements long
- * for the rest of the code.
- */
- BIGLITTLE(prod -= len, prod += len);
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- x = (BNWORD64)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(prod[-1], prod[0]) = t = inv * (BNWORD32)x;
- y = (BNWORD64)t * BIGLITTLE(mod[-1],mod[0]);
- x += y;
- /* Note: GCC 2.6.3 has a bug if you try to eliminate "carry" */
- carry = (x < y);
- assert((BNWORD32)x == 0);
- x = x >> 32 | (BNWORD64)carry << 32;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- pp = prod;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD64)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD64)BIGLITTLE(*--pp * *pm++, *pp++ * *--pm);
- x += y;
- carry += (x < y);
- }
- y = (BNWORD64)BIGLITTLE(p1[-1] * p2[0], p1[0] * p2[-1]);
- x += y;
- carry += (x < y);
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[-1], pp[0]) = t = inv * (BNWORD32)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD64)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD32)x == 0);
- x = x >> 32 | (BNWORD64)carry << 32;
- }
-
- /* Pass 2 - compute reduced product and store */
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- pm = BIGLITTLE(mod-i,mod+i);
- pp = BIGLITTLE(prod-len,prod+len);
- for (j = i; j < len; j++) {
- y = (BNWORD64)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD64)BIGLITTLE(*--pm * *pp++, *pm++ * *--pp);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-len, pm == mod+len));
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[0],pp[-1]) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- /* Last round of second half, simplified. */
- BIGLITTLE(*(prod-len),*(prod+len-1)) = (BNWORD32)x;
- carry = (x >> 32);
-
- while (carry)
- carry -= lbnSubN_32(prod, mod, len);
- while (lbnCmp_32(prod, mod, len) >= 0)
- (void)lbnSubN_32(prod, mod, len);
-}
-/* Suppress later definition */
-#define lbnMontMul_32 lbnMontMul_32
-#endif
-
-#if !defined(lbnSquare_32) && defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Trial code for product-scanning squaring. This seems to slow the C
- * code down rather than speed it up.
- */
-void
-lbnSquare_32(BNWORD32 *prod, BNWORD32 const *num, unsigned len)
-{
- BNWORD64 x, y, z;
- BNWORD32 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /* Word 0 of product */
- x = (BNWORD64)BIGLITTLE(num[-1] * num[-1], num[0] * num[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD32)x;
- x >>= 32;
-
- /* Words 1 through len-1 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = num;
- p2 = BIGLITTLE(num-i-1,num+i+1);
- for (j = 0; j < (i+1)/2; j++) {
- BIG(z = (BNWORD64)*--p1 * *p2++;)
- LITTLE(z = (BNWORD64)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((i & 1) == 0) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD64)*p2 * *p2;)
- LITTLE(z = (BNWORD64)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
- /* Words len through 2*len-2 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = BIGLITTLE(num-i,num+i);
- p2 = BIGLITTLE(num-len,num+len);
- for (j = 0; j < (len-i)/2; j++) {
- BIG(z = (BNWORD64)*--p1 * *p2++;)
- LITTLE(z = (BNWORD64)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((len-i) & 1) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD64)*p2 * *p2;)
- LITTLE(z = (BNWORD64)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- /* Word 2*len-1 */
- BIGLITTLE(*--prod,*prod) = (BNWORD32)x;
-}
-/* Suppress later definition */
-#define lbnSquare_32 lbnSquare_32
-#endif
-
-/*
- * Square a number, using optimized squaring to reduce the number of
- * primitive multiples that are executed. There may not be any
- * overlap of the input and output.
- *
- * Technique: Consider the partial products in the multiplication
- * of "abcde" by itself:
- *
- * a b c d e
- * * a b c d e
- * ==================
- * ae be ce de ee
- * ad bd cd dd de
- * ac bc cc cd ce
- * ab bb bc bd be
- * aa ab ac ad ae
- *
- * Note that everything above the main diagonal:
- * ae be ce de = (abcd) * e
- * ad bd cd = (abc) * d
- * ac bc = (ab) * c
- * ab = (a) * b
- *
- * is a copy of everything below the main diagonal:
- * de
- * cd ce
- * bc bd be
- * ab ac ad ae
- *
- * Thus, the sum is 2 * (off the diagonal) + diagonal.
- *
- * This is accumulated beginning with the diagonal (which
- * consist of the squares of the digits of the input), which is then
- * divided by two, the off-diagonal added, and multiplied by two
- * again. The low bit is simply a copy of the low bit of the
- * input, so it doesn't need special care.
- *
- * TODO: Merge the shift by 1 with the squaring loop.
- * TODO: Use Karatsuba. (a*W+b)^2 = a^2 * (W^2+W) + b^2 * (W+1) - (a-b)^2 * W.
- */
-#ifndef lbnSquare_32
-void
-lbnSquare_32(BNWORD32 *prod, BNWORD32 const *num, unsigned len)
-{
- BNWORD32 t;
- BNWORD32 *prodx = prod; /* Working copy of the argument */
- BNWORD32 const *numx = num; /* Working copy of the argument */
- unsigned lenx = len; /* Working copy of the argument */
-
- if (!len)
- return;
-
- /* First, store all the squares */
- while (lenx--) {
-#ifdef mul32_ppmm
- BNWORD32 ph, pl;
- t = BIGLITTLE(*--numx,*numx++);
- mul32_ppmm(ph,pl,t,t);
- BIGLITTLE(*--prodx,*prodx++) = pl;
- BIGLITTLE(*--prodx,*prodx++) = ph;
-#elif defined(BNWORD64) /* use BNWORD64 */
- BNWORD64 p;
- t = BIGLITTLE(*--numx,*numx++);
- p = (BNWORD64)t * t;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD32)p;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD32)(p>>32);
-#else /* Use lbnMulN1_32 */
- t = BIGLITTLE(numx[-1],*numx);
- lbnMulN1_32(prodx, numx, 1, t);
- BIGLITTLE(--numx,numx++);
- BIGLITTLE(prodx -= 2, prodx += 2);
-#endif
- }
- /* Then, shift right 1 bit */
- (void)lbnRshift_32(prod, 2*len, 1);
-
- /* Then, add in the off-diagonal sums */
- lenx = len;
- numx = num;
- prodx = prod;
- while (--lenx) {
- t = BIGLITTLE(*--numx,*numx++);
- BIGLITTLE(--prodx,prodx++);
- t = lbnMulAdd1_32(prodx, numx, lenx, t);
- lbnAdd1_32(BIGLITTLE(prodx-lenx,prodx+lenx), lenx+1, t);
- BIGLITTLE(--prodx,prodx++);
- }
-
- /* Shift it back up */
- lbnDouble_32(prod, 2*len);
-
- /* And set the low bit appropriately */
- BIGLITTLE(prod[-1],prod[0]) |= BIGLITTLE(num[-1],num[0]) & 1;
-}
-#endif /* !lbnSquare_32 */
-
-/*
- * lbnNorm_32 - given a number, return a modified length such that the
- * most significant digit is non-zero. Zero-length input is okay.
- */
-#ifndef lbnNorm_32
-unsigned
-lbnNorm_32(BNWORD32 const *num, unsigned len)
-{
- BIGLITTLE(num -= len,num += len);
- while (len && BIGLITTLE(*num++,*--num) == 0)
- --len;
- return len;
-}
-#endif /* lbnNorm_32 */
-
-/*
- * lbnBits_32 - return the number of significant bits in the array.
- * It starts by normalizing the array. Zero-length input is okay.
- * Then assuming there's anything to it, it fetches the high word,
- * generates a bit length by multiplying the word length by 32, and
- * subtracts off 32/2, 32/4, 32/8, ... bits if the high bits are clear.
- */
-#ifndef lbnBits_32
-unsigned
-lbnBits_32(BNWORD32 const *num, unsigned len)
-{
- BNWORD32 t;
- unsigned i;
-
- len = lbnNorm_32(num, len);
- if (len) {
- t = BIGLITTLE(*(num-len),*(num+(len-1)));
- assert(t);
- len *= 32;
- i = 32/2;
- do {
- if (t >> i)
- t >>= i;
- else
- len -= i;
- } while ((i /= 2) != 0);
- }
- return len;
-}
-#endif /* lbnBits_32 */
-
-/*
- * If defined, use hand-rolled divide rather than compiler's native.
- * If the machine doesn't do it in line, the manual code is probably
- * faster, since it can assume normalization and the fact that the
- * quotient will fit into 32 bits, which a general 64-bit divide
- * in a compiler's run-time library can't do.
- */
-#ifndef BN_SLOW_DIVIDE_64
-/* Assume that divisors of more than thirty-two bits are slow */
-#define BN_SLOW_DIVIDE_64 (64 > 0x20)
-#endif
-
-/*
- * Return (nh<<32|nl) % d, and place the quotient digit into *q.
- * It is guaranteed that nh < d, and that d is normalized (with its high
- * bit set). If we have a double-width type, it's easy. If not, ooh,
- * yuk!
- */
-#ifndef lbnDiv21_32
-#if defined(BNWORD64) && !BN_SLOW_DIVIDE_64
-BNWORD32
-lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-{
- BNWORD64 n = (BNWORD64)nh << 32 | nl;
-
- /* Divisor must be normalized */
- assert(d >> (32-1) == 1);
-
- *q = n / d;
- return n % d;
-}
-#else
-/*
- * This is where it gets ugly.
- *
- * Do the division in two halves, using Algorithm D from section 4.3.1
- * of Knuth. Note Theorem B from that section, that the quotient estimate
- * is never more than the true quotient, and is never more than two
- * too low.
- *
- * The mapping onto conventional long division is (everything a half word):
- * _____________qh___ql_
- * dh dl ) nh.h nh.l nl.h nl.l
- * - (qh * d)
- * -----------
- * rrrr rrrr nl.l
- * - (ql * d)
- * -----------
- * rrrr rrrr
- *
- * The implicit 3/2-digit d*qh and d*ql subtractors are computed this way:
- * First, estimate a q digit so that nh/dh works. Subtracting qh*dh from
- * the (nh.h nh.l) list leaves a 1/2-word remainder r. Then compute the
- * low part of the subtractor, qh * dl. This also needs to be subtracted
- * from (nh.h nh.l nl.h) to get the final remainder. So we take the
- * remainder, which is (nh.h nh.l) - qh*dl, shift it and add in nl.h, and
- * try to subtract qh * dl from that. Since the remainder is 1/2-word
- * long, shifting and adding nl.h results in a single word r.
- * It is possible that the remainder we're working with, r, is less than
- * the product qh * dl, if we estimated qh too high. The estimation
- * technique can produce a qh that is too large (never too small), leading
- * to r which is too small. In that case, decrement the digit qh, add
- * shifted dh to r (to correct for that error), and subtract dl from the
- * product we're comparing r with. That's the "correct" way to do it, but
- * just adding dl to r instead of subtracting it from the product is
- * equivalent and a lot simpler. You just have to watch out for overflow.
- *
- * The process is repeated with (rrrr rrrr nl.l) for the low digit of the
- * quotient ql.
- *
- * The various uses of 32/2 for shifts are because of the note about
- * automatic editing of this file at the very top of the file.
- */
-#define highhalf(x) ( (x) >> 32/2 )
-#define lowhalf(x) ( (x) & (((BNWORD32)1 << 32/2)-1) )
-BNWORD32
-lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-{
- BNWORD32 dh = highhalf(d), dl = lowhalf(d);
- BNWORD32 qh, ql, prod, r;
-
- /* Divisor must be normalized */
- assert((d >> (32-1)) == 1);
-
- /* Do first half-word of division */
- qh = nh / dh;
- r = nh % dh;
- prod = qh * dl;
-
- /*
- * Add next half-word of numerator to remainder and correct.
- * qh may be up to two too large.
- */
- r = (r << (32/2)) | highhalf(nl);
- if (r < prod) {
- --qh; r += d;
- if (r >= d && r < prod) {
- --qh; r += d;
- }
- }
- r -= prod;
-
- /* Do second half-word of division */
- ql = r / dh;
- r = r % dh;
- prod = ql * dl;
-
- r = (r << (32/2)) | lowhalf(nl);
- if (r < prod) {
- --ql; r += d;
- if (r >= d && r < prod) {
- --ql; r += d;
- }
- }
- r -= prod;
-
- *q = (qh << (32/2)) | ql;
-
- return r;
-}
-#endif
-#endif /* lbnDiv21_32 */
-
-
-/*
- * In the division functions, the dividend and divisor are referred to
- * as "n" and "d", which stand for "numerator" and "denominator".
- *
- * The quotient is (nlen-dlen+1) digits long. It may be overlapped with
- * the high (nlen-dlen) words of the dividend, but one extra word is needed
- * on top to hold the top word.
- */
-
-/*
- * Divide an n-word number by a 1-word number, storing the remainder
- * and n-1 words of the n-word quotient. The high word is returned.
- * It IS legal for rem to point to the same address as n, and for
- * q to point one word higher.
- *
- * TODO: If BN_SLOW_DIVIDE_64, add a divnhalf_32 which uses 32-bit
- * dividends if the divisor is half that long.
- * TODO: Shift the dividend on the fly to avoid the last division and
- * instead have a remainder that needs shifting.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef lbnDiv1_32
-BNWORD32
-lbnDiv1_32(BNWORD32 *q, BNWORD32 *rem, BNWORD32 const *n, unsigned len,
- BNWORD32 d)
-{
- unsigned shift;
- unsigned xlen;
- BNWORD32 r;
- BNWORD32 qhigh;
-
- assert(len > 0);
- assert(d);
-
- if (len == 1) {
- r = *n;
- *rem = r%d;
- return r/d;
- }
-
- shift = 0;
- r = d;
- xlen = 32/2;
- do {
- if (r >> xlen)
- r >>= xlen;
- else
- shift += xlen;
- } while ((xlen /= 2) != 0);
- assert((d >> (32-1-shift)) == 1);
- d <<= shift;
-
- BIGLITTLE(q -= len-1,q += len-1);
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r < d) {
- qhigh = 0;
- } else {
- qhigh = r/d;
- r %= d;
- }
-
- xlen = len;
- while (--xlen)
- r = lbnDiv21_32(BIGLITTLE(q++,--q), r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift) {
- d >>= shift;
- qhigh = (qhigh << shift) | lbnLshift_32(q, len-1, shift);
- BIGLITTLE(q[-1],*q) |= r/d;
- r %= d;
- }
- *rem = r;
-
- return qhigh;
-}
-#endif
-
-/*
- * This function performs a "quick" modulus of a number with a divisor
- * d which is guaranteed to be at most sixteen bits, i.e. less than 65536.
- * This applies regardless of the word size the library is compiled with.
- *
- * This function is important to prime generation, for sieving.
- */
-#ifndef lbnModQ_32
-/* If there's a custom lbnMod21_32, no normalization needed */
-#ifdef lbnMod21_32
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD32 r;
-
- assert(len > 0);
-
- BIGLITTLE(n -= len,n += len);
-
- /* Try using a compare to avoid the first divide */
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
- while (--len)
- r = lbnMod21_32(r, BIGLITTLE(*n++,*--n), d);
-
- return r;
-}
-#elif defined(BNWORD64) && !BN_SLOW_DIVIDE_64
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- BNWORD32 r;
-
- if (!--len)
- return BIGLITTLE(n[-1],n[0]) % d;
-
- BIGLITTLE(n -= len,n += len);
- r = BIGLITTLE(n[-1],n[0]);
-
- do {
- r = (BNWORD32)((((BNWORD64)r<<32) | BIGLITTLE(*n++,*--n)) % d);
- } while (--len);
-
- return r;
-}
-#elif 32 >= 0x20
-/*
- * If the single word size can hold 65535*65536, then this function
- * is avilable.
- */
-#ifndef highhalf
-#define highhalf(x) ( (x) >> 32/2 )
-#define lowhalf(x) ( (x) & ((1 << 32/2)-1) )
-#endif
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- BNWORD32 r, x;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- while (--len) {
- x = BIGLITTLE(*n++,*--n);
- r = (r%d << 32/2) | highhalf(x);
- r = (r%d << 32/2) | lowhalf(x);
- }
-
- return r%d;
-}
-#else
-/* Default case - use lbnDiv21_32 */
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD32 r;
- BNWORD32 q;
-
- assert(len > 0);
-
- shift = 0;
- r = d;
- i = 32;
- while (i /= 2) {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- }
- assert(d >> (32-1-shift) == 1);
- d <<= shift;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
-
- while (--len)
- r = lbnDiv21_32(&q, r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift)
- r %= d >> shift;
-
- return r;
-}
-#endif
-#endif /* lbnModQ_32 */
-
-/*
- * Reduce n mod d and return the quotient. That is, find:
- * q = n / d;
- * n = n % d;
- * d is altered during the execution of this subroutine by normalizing it.
- * It must already have its most significant word non-zero; it is shifted
- * so its most significant bit is non-zero.
- *
- * The quotient q is nlen-dlen+1 words long. To make it possible to
- * overlap the quptient with the input (you can store it in the high dlen
- * words), the high word of the quotient is *not* stored, but is returned.
- * (If all you want is the remainder, you don't care about it, anyway.)
- *
- * This uses algorithm D from Knuth (4.3.1), except that we do binary
- * (shift) normalization of the divisor. WARNING: This is hairy!
- *
- * This function is used for some modular reduction, but it is not used in
- * the modular exponentiation loops; they use Montgomery form and the
- * corresponding, more efficient, Montgomery reduction. This code
- * is needed for the conversion to Montgomery form, however, so it
- * has to be here and it might as well be reasonably efficient.
- *
- * The overall operation is as follows ("top" and "up" refer to the
- * most significant end of the number; "bottom" and "down", the least):
- *
- * - Shift the divisor up until the most significant bit is set.
- * - Shift the dividend up the same amount. This will produce the
- * correct quotient, and the remainder can be recovered by shifting
- * it back down the same number of bits. This may produce an overflow
- * word, but the word is always strictly less than the most significant
- * divisor word.
- * - Estimate the first quotient digit qhat:
- * - First take the top two words (one of which is the overflow) of the
- * dividend and divide by the top word of the divisor:
- * qhat = (nh,nm)/dh. This qhat is >= the correct quotient digit
- * and, since dh is normalized, it is at most two over.
- * - Second, correct by comparing the top three words. If
- * (dh,dl) * qhat > (nh,nm,ml), decrease qhat and try again.
- * The second iteration can be simpler because there can't be a third.
- * The computation can be simplified by subtracting dh*qhat from
- * both sides, suitably shifted. This reduces the left side to
- * dl*qhat. On the right, (nh,nm)-dh*qhat is simply the
- * remainder r from (nh,nm)%dh, so the right is (r,nl).
- * This produces qhat that is almost always correct and at
- * most (prob ~ 2/2^32) one too high.
- * - Subtract qhat times the divisor (suitably shifted) from the dividend.
- * If there is a borrow, qhat was wrong, so decrement it
- * and add the divisor back in (once).
- * - Store the final quotient digit qhat in the quotient array q.
- *
- * Repeat the quotient digit computation for successive digits of the
- * quotient until the whole quotient has been computed. Then shift the
- * divisor and the remainder down to correct for the normalization.
- *
- * TODO: Special case 2-word divisors.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef divn_32
-BNWORD32
-lbnDiv_32(BNWORD32 *q, BNWORD32 *n, unsigned nlen, BNWORD32 *d, unsigned dlen)
-{
- BNWORD32 nh,nm,nl; /* Top three words of the dividend */
- BNWORD32 dh,dl; /* Top two words of the divisor */
- BNWORD32 qhat; /* Extimate of quotient word */
- BNWORD32 r; /* Remainder from quotient estimate division */
- BNWORD32 qhigh; /* High word of quotient */
- unsigned i; /* Temp */
- unsigned shift; /* Bits shifted by normalization */
- unsigned qlen = nlen-dlen; /* Size of quotient (less 1) */
-#ifdef mul32_ppmm
- BNWORD32 t32;
-#elif defined(BNWORD64)
- BNWORD64 t64;
-#else /* use lbnMulN1_32 */
- BNWORD32 t2[2];
-#define t2high BIGLITTLE(t2[0],t2[1])
-#define t2low BIGLITTLE(t2[1],t2[0])
-#endif
-
- assert(dlen);
- assert(nlen >= dlen);
-
- /*
- * Special cases for short divisors. The general case uses the
- * top top 2 digits of the divisor (d) to estimate a quotient digit,
- * so it breaks if there are fewer digits available. Thus, we need
- * special cases for a divisor of length 1. A divisor of length
- * 2 can have a *lot* of administrivia overhead removed removed,
- * so it's probably worth special-casing that case, too.
- */
- if (dlen == 1)
- return lbnDiv1_32(q, BIGLITTLE(n-1,n), n, nlen,
- BIGLITTLE(d[-1],d[0]));
-
-#if 0
- /*
- * @@@ This is not yet written... The general loop will do,
- * albeit less efficiently
- */
- if (dlen == 2) {
- /*
- * divisor two digits long:
- * use the 3/2 technique from Knuth, but we know
- * it's exact.
- */
- dh = BIGLITTLE(d[-1],d[0]);
- dl = BIGLITTLE(d[-2],d[1]);
- shift = 0;
- if ((sh & ((BNWORD32)1 << 32-1-shift)) == 0) {
- do {
- shift++;
- } while (dh & (BNWORD32)1<<32-1-shift) == 0);
- dh = dh << shift | dl >> (32-shift);
- dl <<= shift;
-
-
- }
-
-
- for (shift = 0; (dh & (BNWORD32)1 << 32-1-shift)) == 0; shift++)
- ;
- if (shift) {
- }
- dh = dh << shift | dl >> (32-shift);
- shift = 0;
- while (dh
- }
-#endif
-
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- assert(dh);
-
- /* Normalize the divisor */
- shift = 0;
- r = dh;
- i = 32/2;
- do {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- } while ((i /= 2) != 0);
-
- nh = 0;
- if (shift) {
- lbnLshift_32(d, dlen, shift);
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- nh = lbnLshift_32(n, nlen, shift);
- }
-
- /* Assert that dh is now normalized */
- assert(dh >> (32-1));
-
- /* Also get the second-most significant word of the divisor */
- dl = BIGLITTLE(*(d-(dlen-1)),*(d+(dlen-2)));
-
- /*
- * Adjust pointers: n to point to least significant end of first
- * first subtract, and q to one the most-significant end of the
- * quotient array.
- */
- BIGLITTLE(n -= qlen,n += qlen);
- BIGLITTLE(q -= qlen,q += qlen);
-
- /* Fetch the most significant stored word of the dividend */
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- /*
- * Compute the first digit of the quotient, based on the
- * first two words of the dividend (the most significant of which
- * is the overflow word h).
- */
- if (nh) {
- assert(nh < dh);
- r = lbnDiv21_32(&qhat, nh, nm, dh);
- } else if (nm >= dh) {
- qhat = nm/dh;
- r = nm % dh;
- } else { /* Quotient is zero */
- qhigh = 0;
- goto divloop;
- }
-
- /* Now get the third most significant word of the dividend */
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-
- /*
- * Correct qhat, the estimate of quotient digit.
- * qhat can only be high, and at most two words high,
- * so the loop can be unrolled and abbreviated.
- */
-#ifdef mul32_ppmm
- mul32_ppmm(nm, t32, qhat, dl);
- if (nm > r || (nm == r && t32 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t32 < dl);
- t32 -= dl;
- if (nm > r || (nm == r && t32 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD64)
- t64 = (BNWORD64)qhat * dl;
- if (t64 > ((BNWORD64)r << 32) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) > dh) {
- t64 -= dl;
- if (t64 > ((BNWORD64)r << 32) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_32 */
- lbnMulN1_32(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /* Do the multiply and subtract */
- r = lbnMulSub1_32(n, d, dlen, qhat);
- /* If there was a borrow, add back once. */
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_32(n, d, dlen);
- qhat--;
- }
-
- /* Remember the first quotient digit. */
- qhigh = qhat;
-
- /* Now, the main division loop: */
-divloop:
- while (qlen--) {
-
- /* Advance n */
- nh = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
- BIGLITTLE(++n,--n);
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- if (nh == dh) {
- qhat = ~(BNWORD32)0;
- /* Optimized computation of r = (nh,nm) - qhat * dh */
- r = nh + nm;
- if (r < nh)
- goto subtract;
- } else {
- assert(nh < dh);
- r = lbnDiv21_32(&qhat, nh, nm, dh);
- }
-
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-#ifdef mul32_ppmm
- mul32_ppmm(nm, t32, qhat, dl);
- if (nm > r || (nm == r && t32 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t32 < dl);
- t32 -= dl;
- if (nm > r || (nm == r && t32 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD64)
- t64 = (BNWORD64)qhat * dl;
- if (t64 > ((BNWORD64)r<<32) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t64 -= dl;
- if (t64 > ((BNWORD64)r << 32) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_32 */
- lbnMulN1_32(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /*
- * As a point of interest, note that it is not worth checking
- * for qhat of 0 or 1 and installing special-case code. These
- * occur with probability 2^-32, so spending 1 cycle to check
- * for them is only worth it if we save more than 2^15 cycles,
- * and a multiply-and-subtract for numbers in the 1024-bit
- * range just doesn't take that long.
- */
-subtract:
- /*
- * n points to the least significant end of the substring
- * of n to be subtracted from. qhat is either exact or
- * one too large. If the subtract gets a borrow, it was
- * one too large and the divisor is added back in. It's
- * a dlen+1 word add which is guaranteed to produce a
- * carry out, so it can be done very simply.
- */
- r = lbnMulSub1_32(n, d, dlen, qhat);
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_32(n, d, dlen);
- qhat--;
- }
- /* Store the quotient digit */
- BIGLITTLE(*q++,*--q) = qhat;
- }
- /* Tah dah! */
-
- if (shift) {
- lbnRshift_32(d, dlen, shift);
- lbnRshift_32(n, dlen, shift);
- }
-
- return qhigh;
-}
-#endif
-
-/*
- * Find the negative multiplicative inverse of x (x must be odd!) modulo 2^32.
- *
- * This just performs Newton's iteration until it gets the
- * inverse. The initial estimate is always correct to 3 bits, and
- * sometimes 4. The number of valid bits doubles each iteration.
- * (To prove it, assume x * y == 1 (mod 2^n), and introduce a variable
- * for the error mod 2^2n. x * y == 1 + k*2^n (mod 2^2n) and follow
- * the iteration through.)
- */
-#ifndef lbnMontInv1_32
-BNWORD32
-lbnMontInv1_32(BNWORD32 const x)
-{
- BNWORD32 y = x, z;
-
- assert(x & 1);
-
- while ((z = x*y) != 1)
- y *= 2 - z;
- return -y;
-}
-#endif /* !lbnMontInv1_32 */
-
-#if defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Test code for product-scanning Montgomery reduction.
- * This seems to slow the C code down rather than speed it up.
- *
- * The first loop computes the Montgomery multipliers, storing them over
- * the low half of the number n.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-void
-lbnMontReduce_32(BNWORD32 *n, BNWORD32 const *mod, unsigned mlen, BNWORD32 inv)
-{
- BNWORD64 x, y;
- BNWORD32 const *pm;
- BNWORD32 *pn;
- BNWORD32 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!mlen)
- return;
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- t = BIGLITTLE(n[-1],n[0]);
- x = t;
- t *= inv;
- BIGLITTLE(n[-1], n[0]) = t;
- x += (BNWORD64)t * BIGLITTLE(mod[-1],mod[0]); /* Can't overflow */
- assert((BNWORD32)x == 0);
- x = x >> 32;
-
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pn = n;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD64)BIGLITTLE(*--pn * *pm++, *pn++ * *--pm);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pn == n-i, pn == n+i));
- y = t = BIGLITTLE(pn[-1], pn[0]);
- x += y;
- carry += (x < y);
- BIGLITTLE(pn[-1], pn[0]) = t = inv * (BNWORD32)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD64)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD32)x == 0);
- x = x >> 32 | (BNWORD64)carry << 32;
- }
-
- BIGLITTLE(n -= mlen, n += mlen);
-
- /* Pass 2 - compute upper words and add to n */
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pm = BIGLITTLE(mod-i,mod+i);
- pn = n;
- for (j = i; j < mlen; j++) {
- y = (BNWORD64)BIGLITTLE(*--pm * *pn++, *pm++ * *--pn);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-mlen, pm == mod+mlen));
- assert(BIGLITTLE(pn == n+mlen-i, pn == n-mlen+i));
- y = t = BIGLITTLE(*(n-i),*(n+i-1));
- x += y;
- carry += (x < y);
- BIGLITTLE(*(n-i),*(n+i-1)) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- /* Last round of second half, simplified. */
- t = BIGLITTLE(*(n-mlen),*(n+mlen-1));
- x += t;
- BIGLITTLE(*(n-mlen),*(n+mlen-1)) = (BNWORD32)x;
- carry = (unsigned)(x >> 32);
-
- while (carry)
- carry -= lbnSubN_32(n, mod, mlen);
- while (lbnCmp_32(n, mod, mlen) >= 0)
- (void)lbnSubN_32(n, mod, mlen);
-}
-#define lbnMontReduce_32 lbnMontReduce_32
-#endif
-
-/*
- * Montgomery reduce n, modulo mod. This reduces modulo mod and divides by
- * 2^(32*mlen). Returns the result in the *top* mlen words of the argument n.
- * This is ready for another multiplication using lbnMul_32.
- *
- * Montgomery representation is a very useful way to encode numbers when
- * you're doing lots of modular reduction. What you do is pick a multiplier
- * R which is relatively prime to the modulus and very easy to divide by.
- * Since the modulus is odd, R is closen as a power of 2, so the division
- * is a shift. In fact, it's a shift of an integral number of words,
- * so the shift can be implicit - just drop the low-order words.
- *
- * Now, choose R *larger* than the modulus m, 2^(32*mlen). Then convert
- * all numbers a, b, etc. to Montgomery form M(a), M(b), etc using the
- * relationship M(a) = a*R mod m, M(b) = b*R mod m, etc. Note that:
- * - The Montgomery form of a number depends on the modulus m.
- * A fixed modulus m is assumed throughout this discussion.
- * - Since R is relaitvely prime to m, multiplication by R is invertible;
- * no information about the numbers is lost, they're just scrambled.
- * - Adding (and subtracting) numbers in this form works just as usual.
- * M(a+b) = (a+b)*R mod m = (a*R + b*R) mod m = (M(a) + M(b)) mod m
- * - Multiplying numbers in this form produces a*b*R*R. The problem
- * is to divide out the excess factor of R, modulo m as well as to
- * reduce to the given length mlen. It turns out that this can be
- * done *faster* than a normal divide, which is where the speedup
- * in Montgomery division comes from.
- *
- * Normal reduction chooses a most-significant quotient digit q and then
- * subtracts q*m from the number to be reduced. Choosing q is tricky
- * and involved (just look at lbnDiv_32 to see!) and is usually
- * imperfect, requiring a check for correction after the subtraction.
- *
- * Montgomery reduction *adds* a multiple of m to the *low-order* part
- * of the number to be reduced. This multiple is chosen to make the
- * low-order part of the number come out to zero. This can be done
- * with no trickery or error using a precomputed inverse of the modulus.
- * In this code, the "part" is one word, but any width can be used.
- *
- * Repeating this step sufficiently often results in a value which
- * is a multiple of R (a power of two, remember) but is still (since
- * the additions were to the low-order part and thus did not increase
- * the value of the number being reduced very much) still not much
- * larger than m*R. Then implicitly divide by R and subtract off
- * m until the result is in the correct range.
- *
- * Since the low-order part being cancelled is less than R, the
- * multiple of m added must have a multiplier which is at most R-1.
- * Assuming that the input is at most m*R-1, the final number is
- * at most m*(2*R-1)-1 = 2*m*R - m - 1, so subtracting m once from
- * the high-order part, equivalent to subtracting m*R from the
- * while number, produces a result which is at most m*R - m - 1,
- * which divided by R is at most m-1.
- *
- * To convert *to* Montgomery form, you need a regular remainder
- * routine, although you can just compute R*R (mod m) and do the
- * conversion using Montgomery multiplication. To convert *from*
- * Montgomery form, just Montgomery reduce the number to
- * remove the extra factor of R.
- *
- * TODO: Change to a full inverse and use Karatsuba's multiplication
- * rather than this word-at-a-time.
- */
-#ifndef lbnMontReduce_32
-void
-lbnMontReduce_32(BNWORD32 *n, BNWORD32 const *mod, unsigned const mlen,
- BNWORD32 inv)
-{
- BNWORD32 t;
- BNWORD32 c = 0;
- unsigned len = mlen;
-
- /* inv must be the negative inverse of mod's least significant word */
- assert((BNWORD32)(inv * BIGLITTLE(mod[-1],mod[0])) == (BNWORD32)-1);
-
- assert(len);
-
- do {
- t = lbnMulAdd1_32(n, mod, mlen, inv * BIGLITTLE(n[-1],n[0]));
- c += lbnAdd1_32(BIGLITTLE(n-mlen,n+mlen), len, t);
- BIGLITTLE(--n,++n);
- } while (--len);
-
- /*
- * All that adding can cause an overflow past the modulus size,
- * but it's unusual, and never by much, so a subtraction loop
- * is the right way to deal with it.
- * This subtraction happens infrequently - I've only ever seen it
- * invoked once per reduction, and then just under 22.5% of the time.
- */
- while (c)
- c -= lbnSubN_32(n, mod, mlen);
- while (lbnCmp_32(n, mod, mlen) >= 0)
- (void)lbnSubN_32(n, mod, mlen);
-}
-#endif /* !lbnMontReduce_32 */
-
-/*
- * A couple of helpers that you might want to implement atomically
- * in asm sometime.
- */
-#ifndef lbnMontMul_32
-/*
- * Multiply "num1" by "num2", modulo "mod", all of length "len", and
- * place the result in the high half of "prod". "inv" is the inverse
- * of the least-significant word of the modulus, modulo 2^32.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontMul_32(prod, n1, n2, mod, len, inv) \
- (lbnMulX_32(prod, n1, n2, len), lbnMontReduce_32(prod, mod, len, inv))
-#endif /* !lbnMontMul_32 */
-
-#ifndef lbnMontSquare_32
-/*
- * Square "n", modulo "mod", both of length "len", and place the result
- * in the high half of "prod". "inv" is the inverse of the least-significant
- * word of the modulus, modulo 2^32.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontSquare_32(prod, n, mod, len, inv) \
- (lbnSquare_32(prod, n, len), lbnMontReduce_32(prod, mod, len, inv))
-
-#endif /* !lbnMontSquare_32 */
-
-/*
- * Convert a number to Montgomery form - requires mlen + nlen words
- * of memory in "n".
- */
-void
-lbnToMont_32(BNWORD32 *n, unsigned nlen, BNWORD32 *mod, unsigned mlen)
-{
- /* Move n up "mlen" words */
- lbnCopy_32(BIGLITTLE(n-mlen,n+mlen), n, nlen);
- lbnZero_32(n, mlen);
- /* Do the division - dump the quotient in the high-order words */
- (void)lbnDiv_32(BIGLITTLE(n-mlen,n+mlen), n, mlen+nlen, mod, mlen);
-}
-
-/*
- * Convert from Montgomery form. Montgomery reduction is all that is
- * needed.
- */
-void
-lbnFromMont_32(BNWORD32 *n, BNWORD32 *mod, unsigned len)
-{
- /* Zero the high words of n */
- lbnZero_32(BIGLITTLE(n-len,n+len), len);
- lbnMontReduce_32(n, mod, len, lbnMontInv1_32(mod[BIGLITTLE(-1,0)]));
- /* Move n down len words */
- lbnCopy_32(n, BIGLITTLE(n-len,n+len), len);
-}
-
-/*
- * The windowed exponentiation algorithm, precomputes a table of odd
- * powers of n up to 2^k. See the comment in bnExpMod_32 below for
- * an explanation of how it actually works works.
- *
- * It takes 2^(k-1)-1 multiplies to compute the table, and (e-1)/(k+1)
- * multiplies (on average) to perform the exponentiation. To minimize
- * the sum, k must vary with e. The optimal window sizes vary with the
- * exponent length. Here are some selected values and the boundary cases.
- * (An underscore _ has been inserted into some of the numbers to ensure
- * that magic strings like 32 do not appear in this table. It should be
- * ignored.)
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 8 bits, k=2 (3.333333) < k=1 (3.500000)
- * At e = 1_6 bits, k=2 (6.000000) is best
- * At e = 26 bits, k=3 (9.250000) < k=2 (9.333333)
- * At e = 3_2 bits, k=3 (10.750000) is best
- * At e = 6_4 bits, k=3 (18.750000) is best
- * At e = 82 bits, k=4 (23.200000) < k=3 (23.250000)
- * At e = 128 bits, k=4 (3_2.400000) is best
- * At e = 242 bits, k=5 (55.1_66667) < k=4 (55.200000)
- * At e = 256 bits, k=5 (57.500000) is best
- * At e = 512 bits, k=5 (100.1_66667) is best
- * At e = 674 bits, k=6 (127.142857) < k=5 (127.1_66667)
- * At e = 1024 bits, k=6 (177.142857) is best
- * At e = 1794 bits, k=7 (287.125000) < k=6 (287.142857)
- * At e = 2048 bits, k=7 (318.875000) is best
- * At e = 4096 bits, k=7 (574.875000) is best
- *
- * The numbers in parentheses are the expected number of multiplications
- * needed to do the computation. The normal russian-peasant modular
- * exponentiation technique always uses (e-1)/2. For exponents as
- * small as 192 bits (below the range of current factoring algorithms),
- * half of the multiplies are eliminated, 45.2 as opposed to the naive
- * 95.5. Counting the 191 squarings as 3/4 a multiply each (squaring
- * proper is just over half of multiplying, but the Montgomery
- * reduction in each case is also a multiply), that's 143.25
- * multiplies, for totals of 188.45 vs. 238.75 - a 21% savings.
- * For larger exponents (like 512 bits), it's 483.92 vs. 639.25, a
- * 24.3% savings. It asymptotically approaches 25%.
- *
- * Um, actually there's a slightly more accurate way to count, which
- * really is the average number of multiplies required, averaged
- * uniformly over all 2^(e-1) e-bit numbers, from 2^(e-1) to (2^e)-1.
- * It's based on the recurrence that for the last b bits, b <= k, at
- * most one multiply is needed (and none at all 1/2^b of the time),
- * while when b > k, the odds are 1/2 each way that the bit will be
- * 0 (meaning no multiplies to reduce it to the b-1-bit case) and
- * 1/2 that the bit will be 1, starting a k-bit window and requiring
- * 1 multiply beyond the b-k-bit case. Since the most significant
- * bit is always 1, a k-bit window always starts there, and that
- * multiply is by 1, so it isn't a multiply at all. Thus, the
- * number of multiplies is simply that needed for the last e-k bits.
- * This recurrence produces:
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 6 bits, k=2 (2.437500) < k=1 (2.500000)
- * At e = 8 bits, k=2 (3.109375) is best
- * At e = 1_6 bits, k=2 (5.777771) is best
- * At e = 24 bits, k=3 (8.437629) < k=2 (8.444444)
- * At e = 3_2 bits, k=3 (10.437492) is best
- * At e = 6_4 bits, k=3 (18.437500) is best
- * At e = 81 bits, k=4 (22.6_40000) < k=3 (22.687500)
- * At e = 128 bits, k=4 (3_2.040000) is best
- * At e = 241 bits, k=5 (54.611111) < k=4 (54.6_40000)
- * At e = 256 bits, k=5 (57.111111) is best
- * At e = 512 bits, k=5 (99.777778) is best
- * At e = 673 bits, k=6 (126.591837) < k=5 (126.611111)
- * At e = 1024 bits, k=6 (176.734694) is best
- * At e = 1793 bits, k=7 (286.578125) < k=6 (286.591837)
- * At e = 2048 bits, k=7 (318.453125) is best
- * At e = 4096 bits, k=7 (574.453125) is best
- *
- * This has the rollover points at 6, 24, 81, 241, 673 and 1793 instead
- * of 8, 26, 82, 242, 674, and 1794. Not a very big difference.
- * (The numbers past that are k=8 at 4609 and k=9 at 11521,
- * vs. one more in each case for the approximation.)
- *
- * Given that exponents for which k>7 are useful are uncommon,
- * a fixed size table for k <= 7 is used for simplicity.
- *
- * The basic number of squarings needed is e-1, although a k-bit
- * window (for k > 1) can save, on average, k-2 of those, too.
- * That savings currently isn't counted here. It would drive the
- * crossover points slightly lower.
- * (Actually, this win is also reduced in the DoubleExpMod case,
- * meaning we'd have to split the tables. Except for that, the
- * multiplies by powers of the two bases are independent, so
- * the same logic applies to each as the single case.)
- *
- * Table entry i is the largest number of bits in an exponent to
- * process with a window size of i+1. Entry 6 is the largest
- * possible unsigned number, so the window will never be more
- * than 7 bits, requiring 2^6 = 0x40 slots.
- */
-#define BNEXPMOD_MAX_WINDOW 7
-static unsigned const bnExpModThreshTable[BNEXPMOD_MAX_WINDOW] = {
- 5, 23, 80, 240, 672, 1792, (unsigned)-1
-/* 7, 25, 81, 241, 673, 1793, (unsigned)-1 ### The old approximations */
-};
-
-/*
- * Perform modular exponentiation, as fast as possible! This uses
- * Montgomery reduction, optimized squaring, and windowed exponentiation.
- * The modulus "mod" MUST be odd!
- *
- * This returns 0 on success, -1 on out of memory.
- *
- * The window algorithm:
- * The idea is to keep a running product of b1 = n^(high-order bits of exp),
- * and then keep appending exponent bits to it. The following patterns
- * apply to a 3-bit window (k = 3):
- * To append 0: square
- * To append 1: square, multiply by n^1
- * To append 10: square, multiply by n^1, square
- * To append 11: square, square, multiply by n^3
- * To append 100: square, multiply by n^1, square, square
- * To append 101: square, square, square, multiply by n^5
- * To append 110: square, square, multiply by n^3, square
- * To append 111: square, square, square, multiply by n^7
- *
- * Since each pattern involves only one multiply, the longer the pattern
- * the better, except that a 0 (no multiplies) can be appended directly.
- * We precompute a table of odd powers of n, up to 2^k, and can then
- * multiply k bits of exponent at a time. Actually, assuming random
- * exponents, there is on average one zero bit between needs to
- * multiply (1/2 of the time there's none, 1/4 of the time there's 1,
- * 1/8 of the time, there's 2, 1/32 of the time, there's 3, etc.), so
- * you have to do one multiply per k+1 bits of exponent.
- *
- * The loop walks down the exponent, squaring the result buffer as
- * it goes. There is a wbits+1 bit lookahead buffer, buf, that is
- * filled with the upcoming exponent bits. (What is read after the
- * end of the exponent is unimportant, but it is filled with zero here.)
- * When the most-significant bit of this buffer becomes set, i.e.
- * (buf & tblmask) != 0, we have to decide what pattern to multiply
- * by, and when to do it. We decide, remember to do it in future
- * after a suitable number of squarings have passed (e.g. a pattern
- * of "100" in the buffer requires that we multiply by n^1 immediately;
- * a pattern of "110" calls for multiplying by n^3 after one more
- * squaring), clear the buffer, and continue.
- *
- * When we start, there is one more optimization: the result buffer
- * is implcitly one, so squaring it or multiplying by it can be
- * optimized away. Further, if we start with a pattern like "100"
- * in the lookahead window, rather than placing n into the buffer
- * and then starting to square it, we have already computed n^2
- * to compute the odd-powers table, so we can place that into
- * the buffer and save a squaring.
- *
- * This means that if you have a k-bit window, to compute n^z,
- * where z is the high k bits of the exponent, 1/2 of the time
- * it requires no squarings. 1/4 of the time, it requires 1
- * squaring, ... 1/2^(k-1) of the time, it reqires k-2 squarings.
- * And the remaining 1/2^(k-1) of the time, the top k bits are a
- * 1 followed by k-1 0 bits, so it again only requires k-2
- * squarings, not k-1. The average of these is 1. Add that
- * to the one squaring we have to do to compute the table,
- * and you'll see that a k-bit window saves k-2 squarings
- * as well as reducing the multiplies. (It actually doesn't
- * hurt in the case k = 1, either.)
- *
- * n must have mlen words allocated. Although fewer may be in use
- * when n is passed in, all are in use on exit.
- */
-int
-lbnExpMod_32(BNWORD32 *result, BNWORD32 const *n, unsigned nlen,
- BNWORD32 const *e, unsigned elen, BNWORD32 *mod, unsigned mlen)
-{
- BNWORD32 *table[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n */
- unsigned ebits; /* Exponent bits */
- unsigned wbits; /* Window size */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD32 bitpos; /* Mask of current look-ahead bit */
- unsigned buf; /* Buffer of exponent bits */
- unsigned multpos; /* Where to do pending multiply */
- BNWORD32 const *mult; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD32 *a, *b; /* Working buffers/accumulators */
- BNWORD32 *t; /* Pointer into the working buffers */
- BNWORD32 inv; /* mod^-1 modulo 2^32 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(nlen <= mlen);
-
- /* First, a couple of trivial cases. */
- elen = lbnNorm_32(e, elen);
- if (!elen) {
- /* x ^ 0 == 1 */
- lbnZero_32(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- ebits = lbnBits_32(e, elen);
- if (ebits == 1) {
- /* x ^ 1 == x */
- if (n != result)
- lbnCopy_32(result, n, nlen);
- if (mlen > nlen)
- lbnZero_32(BIGLITTLE(result-nlen,result+nlen),
- mlen-nlen);
- return 0;
- }
-
- /* Okay, now move the exponent pointer to the most-significant word */
- e = BIGLITTLE(e-elen, e+elen-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- wbits = 0;
- while (ebits > bnExpModThreshTable[wbits])
- wbits++;
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD32, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD32, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << wbits;
-
- /* We have the result buffer available, so use it. */
- table[0] = result;
-
- /*
- * Okay, we now have a minimal-sized table - expand it.
- * This is allowed to fail! If so, scale back the table size
- * and proceed.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD32, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table[i] = t;
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- wbits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask)
- LBNFREE(table[i], mlen);
-
- /* Okay, fill in the table */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_32(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n to Montgomery form */
-
- /* Move n up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_32(t, n, nlen);
- lbnZero_32(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_32(t, a, mlen+nlen, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_32(table[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_32(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_32(a, t, table[i-1], mod, mlen, inv);
- lbnCopy_32(table[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* We might use b = n^2 later... */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD32)1 << ((ebits-1) & (32-1)); /* Initialize mask */
-
- /* This should point to the msbit of e */
- assert((*e & bitpos) != 0);
-
- /*
- * Pre-load the window. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e in here.
- *
- * The read-ahead is controlled by elen and the bitpos mask.
- * Note that this is *ahead* of ebits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two wbits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- */
- buf = 0;
- for (i = 0; i <= wbits; i++) {
- buf = (buf << 1) | ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD32)1 << (32-1);
- elen--;
- }
- }
- assert(buf & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- multpos = ebits; /* A NULL value */
- mult = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- ebits--; /* Start processing the first bit... */
- isone = 1;
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf is set, and
- * - We have the extra value n^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf & tblmask);
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (multpos == ebits)
- isone = 0;
-
- /*
- * At this point, the buffer (which is the high half of b) holds
- * either 1 (implicitly, as the "isone" flag is set), or n^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the window
- * - If the most-significant bit of the window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffer
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- ebits--;
-
- /* Advance the window */
- assert(buf < tblmask);
- buf <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by ebits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (elen) {
- buf |= ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD32)1 << (32-1);
- elen--;
- }
- }
-
- /* Examine the window for pending multiplies */
- if (buf & tblmask) {
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
- }
-
- /* If we have a pending multiply, do it */
- if (ebits == multpos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_32(t, mult, mlen);
- isone = 0;
- } else {
- lbnMontMul_32(a, t, mult, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!ebits)
- break;
-
- /* Square the input */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_32(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_32(b, t, mlen);
- lbnZero_32(t, mlen);
- lbnMontReduce_32(b, mod, mlen, inv);
- lbnCopy_32(result, t, mlen);
- /*
- * Clean up - free intermediate storage.
- * Do NOT free table[0], which is the result
- * buffer.
- */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- while (--tblmask)
- LBNFREE(table[tblmask], mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-/*
- * Compute and return n1^e1 * n2^e2 mod "mod".
- * result may be either input buffer, or something separate.
- * It must be "mlen" words long.
- *
- * There is a current position in the exponents, which is kept in e1bits.
- * (The exponents are swapped if necessary so e1 is the longer of the two.)
- * At any given time, the value in the accumulator is
- * n1^(e1>>e1bits) * n2^(e2>>e1bits) mod "mod".
- * As e1bits is counted down, this is updated, by squaring it and doing
- * any necessary multiplies.
- * To decide on the necessary multiplies, two windows, each w1bits+1 bits
- * wide, are maintained in buf1 and buf2, which read *ahead* of the
- * e1bits position (with appropriate handling of the case when e1bits
- * drops below w1bits+1). When the most-significant bit of either window
- * becomes set, indicating that something needs to be multiplied by
- * the accumulator or it will get out of sync, the window is examined
- * to see which power of n1 or n2 to multiply by, and when (possibly
- * later, if the power is greater than 1) the multiply should take
- * place. Then the multiply and its location are remembered and the
- * window is cleared.
- *
- * If we had every power of n1 in the table, the multiply would always
- * be w1bits steps in the future. But we only keep the odd powers,
- * so instead of waiting w1bits squarings and then multiplying
- * by n1^k, we wait w1bits-k squarings and multiply by n1.
- *
- * Actually, w2bits can be less than w1bits, but the window is the same
- * size, to make it easier to keep track of where we're reading. The
- * appropriate number of low-order bits of the window are just ignored.
- */
-int
-lbnDoubleExpMod_32(BNWORD32 *result,
- BNWORD32 const *n1, unsigned n1len,
- BNWORD32 const *e1, unsigned e1len,
- BNWORD32 const *n2, unsigned n2len,
- BNWORD32 const *e2, unsigned e2len,
- BNWORD32 *mod, unsigned mlen)
-{
- BNWORD32 *table1[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n1 */
- BNWORD32 *table2[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n2 */
- unsigned e1bits, e2bits; /* Exponent bits */
- unsigned w1bits, w2bits; /* Window sizes */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD32 bitpos; /* Mask of current look-ahead bit */
- unsigned buf1, buf2; /* Buffer of exponent bits */
- unsigned mult1pos, mult2pos; /* Where to do pending multiply */
- BNWORD32 const *mult1, *mult2; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD32 *a, *b; /* Working buffers/accumulators */
- BNWORD32 *t; /* Pointer into the working buffers */
- BNWORD32 inv; /* mod^-1 modulo 2^32 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(n1len <= mlen);
- assert(n2len <= mlen);
-
- /* First, a couple of trivial cases. */
- e1len = lbnNorm_32(e1, e1len);
- e2len = lbnNorm_32(e2, e2len);
-
- /* Ensure that the first exponent is the longer */
- e1bits = lbnBits_32(e1, e1len);
- e2bits = lbnBits_32(e2, e2len);
- if (e1bits < e2bits) {
- i = e1len; e1len = e2len; e2len = i;
- i = e1bits; e1bits = e2bits; e2bits = i;
- t = (BNWORD32 *)n1; n1 = n2; n2 = t;
- t = (BNWORD32 *)e1; e1 = e2; e2 = t;
- }
- assert(e1bits >= e2bits);
-
- /* Handle a trivial case */
- if (!e2len)
- return lbnExpMod_32(result, n1, n1len, e1, e1len, mod, mlen);
- assert(e2bits);
-
- /* The code below fucks up if the exponents aren't at least 2 bits */
- if (e1bits == 1) {
- assert(e2bits == 1);
-
- LBNALLOC(a, BNWORD32, n1len+n2len);
- if (!a)
- return -1;
-
- lbnMul_32(a, n1, n1len, n2, n2len);
- /* Do a direct modular reduction */
- if (n1len + n2len >= mlen)
- (void)lbnDiv_32(a+mlen, a, n1len+n2len, mod, mlen);
- lbnCopy_32(result, a, mlen);
- LBNFREE(a, n1len+n2len);
- return 0;
- }
-
- /* Okay, now move the exponent pointers to the most-significant word */
- e1 = BIGLITTLE(e1-e1len, e1+e1len-1);
- e2 = BIGLITTLE(e2-e2len, e2+e2len-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- w1bits = 0;
- while (e1bits > bnExpModThreshTable[w1bits])
- w1bits++;
- w2bits = 0;
- while (e2bits > bnExpModThreshTable[w2bits])
- w2bits++;
-
- assert(w1bits >= w2bits);
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD32, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD32, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << w1bits;
- /* Use buf2 for its size, temporarily */
- buf2 = 1u << w2bits;
-
- LBNALLOC(t, BNWORD32, mlen);
- if (!t) {
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return -1;
- }
- table1[0] = t;
- table2[0] = result;
-
- /*
- * Okay, we now have some minimal-sized tables - expand them.
- * This is allowed to fail! If so, scale back the table sizes
- * and proceed. We allocate both tables at the same time
- * so if it fails partway through, they'll both be a reasonable
- * size rather than one huge and one tiny.
- * When i passes buf2 (the number of entries in the e2 window,
- * which may be less than the number of entries in the e1 window),
- * stop allocating e2 space.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD32, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table1[i] = t;
- if (i < buf2) {
- LBNALLOC(t, BNWORD32, mlen);
- if (!t) {
- LBNFREE(table1[i], mlen);
- break;
- }
- table2[i] = t;
- }
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- w1bits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask) {
- if (i < buf2)
- LBNFREE(table2[i], mlen);
- LBNFREE(table1[i], mlen);
- }
- /* And shrink the second window too, if needed */
- if (w2bits > w1bits) {
- w2bits = w1bits;
- buf2 = tblmask;
- }
-
- /*
- * From now on, use the w2bits variable for the difference
- * between w1bits and w2bits.
- */
- w2bits = w1bits-w2bits;
-
- /* Okay, fill in the tables */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_32(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n1 to Montgomery form */
-
- /* Move n1 up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_32(t, n1, n1len);
- lbnZero_32(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_32(t, a, mlen+n1len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_32(table1[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_32(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the first table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_32(a, t, table1[i-1], mod, mlen, inv);
- lbnCopy_32(table1[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* Convert n2 to Montgomery form */
-
- t = BIGLITTLE(a-mlen, a+mlen);
- /* Move n2 up "mlen" words into a */
- lbnCopy_32(t, n2, n2len);
- lbnZero_32(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_32(t, a, mlen+n2len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_32(table2[0], a, mlen);
-
- /* Square it into a */
- lbnMontSquare_32(a, table2[0], mod, mlen, inv);
- /* Copy to b, low half */
- lbnCopy_32(b, t, mlen);
-
- /* Use b to initialize the second table */
- for (i = 1; i < buf2; i++) {
- lbnMontMul_32(a, b, table2[i-1], mod, mlen, inv);
- lbnCopy_32(table2[i], t, mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /*
- * Okay, a recap: at this point, the low part of b holds
- * n2^2, the high part holds n1^2, and the tables are
- * initialized with the odd powers of n1 and n2 from 1
- * through 2*tblmask-1 and 2*buf2-1.
- *
- * We might use those squares in b later, or we might not.
- */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD32)1 << ((e1bits-1) & (32-1)); /* Initialize mask */
-
- /* This should point to the msbit of e1 */
- assert((*e1 & bitpos) != 0);
-
- /*
- * Pre-load the windows. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e1 in here.
- *
- * The read-ahead is controlled by e1len and the bitpos mask.
- * Note that this is *ahead* of e1bits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two w1bits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- * e2len is not decremented, it is only ever compared with
- * e1len as *that* is decremented.
- */
- buf1 = buf2 = 0;
- for (i = 0; i <= w1bits; i++) {
- buf1 = (buf1 << 1) | ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 = (buf2 << 1) | ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD32)1 << (32-1);
- e1len--;
- }
- }
- assert(buf1 & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- mult1pos = mult2pos = e1bits; /* A NULL value */
- mult1 = mult2 = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- isone = 1; /* Buffer is implicitly 1, so replace * by copy */
- e1bits--; /* Start processing the first bit... */
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf1 is set, and
- * - We have the extra value n1^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n1^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n1^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf1 & tblmask);
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (mult1pos == e1bits)
- isone = 0;
-
- /*
- * The first multiply by a power of n2. Similar, but
- * we might not even want to schedule a multiply if e2 is
- * shorter than e1, and the window might be shorter so
- * we have to leave the low w2bits bits alone.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
-
- if (mult2pos == e1bits) {
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- lbnCopy_32(t, b, mlen); /* Copy low to high */
- isone = 0;
- } else {
- lbnMontMul_32(a, t, b, mod, mlen, inv);
- t = a; a = b; b = t;
- }
- }
- }
-
- /*
- * At this point, the buffer (which is the high half of b)
- * holds either 1 (implicitly, as the "isone" flag is set),
- * n1^2, n2^2 or n1^2 * n2^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the windows
- * - If the most-significant bit of a window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffers
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- e1bits--;
-
- /* Advance the windows */
- assert(buf1 < tblmask);
- buf1 <<= 1;
- assert(buf2 < tblmask);
- buf2 <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by e1bits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (e1len) {
- buf1 |= ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 |= ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD32)1 << (32-1);
- e1len--;
- }
- }
-
- /* Examine the first window for pending multiplies */
- if (buf1 & tblmask) {
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
- }
-
- /*
- * Examine the second window for pending multiplies.
- * Window 2 can be smaller than window 1, but we
- * keep the same number of bits in buf2, so we need
- * to ignore any low-order bits in the buffer when
- * computing what to multiply by, and recompute them
- * later.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
- }
-
-
- /* If we have a pending multiply for e1, do it */
- if (e1bits == mult1pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_32(t, mult1, mlen);
- isone = 0;
- } else {
- lbnMontMul_32(a, t, mult1, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* If we have a pending multiply for e2, do it */
- if (e1bits == mult2pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_32(t, mult2, mlen);
- isone = 0;
- } else {
- lbnMontMul_32(a, t, mult2, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!e1bits)
- break;
-
- /* Square the buffer */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_32(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf1);
- assert(!buf2);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_32(b, t, mlen);
- lbnZero_32(t, mlen);
- lbnMontReduce_32(b, mod, mlen, inv);
- lbnCopy_32(result, t, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- buf2 = tblmask >> w2bits;
- while (--tblmask) {
- if (tblmask < buf2)
- LBNFREE(table2[tblmask], mlen);
- LBNFREE(table1[tblmask], mlen);
- }
- t = table1[0];
- LBNFREE(t, mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-/*
- * 2^exp (mod mod). This is an optimized version for use in Fermat
- * tests. The input value of n is ignored; it is returned with
- * "mlen" words valid.
- */
-int
-lbnTwoExpMod_32(BNWORD32 *n, BNWORD32 const *exp, unsigned elen,
- BNWORD32 *mod, unsigned mlen)
-{
- unsigned e; /* Copy of high words of the exponent */
- unsigned bits; /* Assorted counter of bits */
- BNWORD32 const *bitptr;
- BNWORD32 bitword, bitpos;
- BNWORD32 *a, *b, *a1;
- BNWORD32 inv;
- int y; /* Result of bnYield() */
-
- assert(mlen);
-
- bitptr = BIGLITTLE(exp-elen, exp+elen-1);
- bitword = *bitptr;
- assert(bitword);
-
- /* Clear n for future use. */
- lbnZero_32(n, mlen);
-
- bits = lbnBits_32(exp, elen);
-
- /* First, a couple of trivial cases. */
- if (bits <= 1) {
- /* 2 ^ 0 == 1, 2 ^ 1 == 2 */
- BIGLITTLE(n[-1],n[0]) = (BNWORD32)1<<elen;
- return 0;
- }
-
- /* Set bitpos to the most significant bit */
- bitpos = (BNWORD32)1 << ((bits-1) & (32-1));
-
- /* Now, count the bits in the modulus. */
- bits = lbnBits_32(mod, mlen);
- assert(bits > 1); /* a 1-bit modulus is just stupid... */
-
- /*
- * We start with 1<<e, where "e" is as many high bits of the
- * exponent as we can manage without going over the modulus.
- * This first loop finds "e".
- */
- e = 1;
- while (elen) {
- /* Consume the first bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break;
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD32)1<<(32-1);
- }
- e = (e << 1) | ((bitpos & bitword) != 0);
- if (e >= bits) { /* Overflow! Back out. */
- e >>= 1;
- break;
- }
- }
- /*
- * The bit in "bitpos" being examined by the bit buffer has NOT
- * been consumed yet. This may be past the end of the exponent,
- * in which case elen == 1.
- */
-
- /* Okay, now, set bit "e" in n. n is already zero. */
- inv = (BNWORD32)1 << (e & (32-1));
- e /= 32;
- BIGLITTLE(n[-e-1],n[e]) = inv;
- /*
- * The effective length of n in words is now "e+1".
- * This is used a little bit later.
- */
-
- if (!elen)
- return 0; /* That was easy! */
-
- /*
- * We have now processed the first few bits. The next step
- * is to convert this to Montgomery form for further squaring.
- */
-
- /* Allocate working storage: two product buffers */
- LBNALLOC(a, BNWORD32, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD32, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_32(inv);
- /* Move n (length e+1, remember?) up "mlen" words into b */
- /* Note that we lie about a1 for a bit - it's pointing to b */
- a1 = BIGLITTLE(b-mlen,b+mlen);
- lbnCopy_32(a1, n, e+1);
- lbnZero_32(b, mlen);
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_32(a1, b, mlen+e+1, mod, mlen);
- /*
- * Now do the first squaring and modular reduction to put
- * the number up in a1 where it belongs.
- */
- lbnMontSquare_32(a, b, mod, mlen, inv);
- /* Fix up a1 to point to where it should go. */
- a1 = BIGLITTLE(a-mlen,a+mlen);
-
- /*
- * Okay, now, a1 holds the number being accumulated, and
- * b is a scratch register. Start working:
- */
- for (;;) {
- /*
- * Is the bit set? If so, double a1 as well.
- * A modular doubling like this is very cheap.
- */
- if (bitpos & bitword) {
- /*
- * Double the number. If there was a carry out OR
- * the result is greater than the modulus, subract
- * the modulus.
- */
- if (lbnDouble_32(a1, mlen) ||
- lbnCmp_32(a1, mod, mlen) > 0)
- (void)lbnSubN_32(a1, mod, mlen);
- }
-
- /* Advance to the next exponent bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break; /* Done! */
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD32)1<<(32-1);
- }
-
- /*
- * The elen/bitword/bitpos bit buffer is known to be
- * non-empty, i.e. there is at least one more unconsumed bit.
- * Thus, it's safe to square the number.
- */
- lbnMontSquare_32(b, a1, mod, mlen, inv);
- /* Rename result (in b) back to a (a1, really). */
- a1 = b; b = a; a = a1;
- a1 = BIGLITTLE(a-mlen,a+mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* DONE! Just a little bit of cleanup... */
-
- /*
- * Convert result out of Montgomery form... this is
- * just a Montgomery reduction.
- */
- lbnCopy_32(a, a1, mlen);
- lbnZero_32(a1, mlen);
- lbnMontReduce_32(a, mod, mlen, inv);
- lbnCopy_32(n, a1, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-
-/*
- * Returns a substring of the big-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractBigBytes_32(BNWORD32 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Needed to shut up uninitialized var warnings */
- unsigned shift;
-
- lsbyte += buflen;
-
- shift = (8 * lsbyte) % 32;
- lsbyte /= (32/8); /* Convert to word offset */
- BIGLITTLE(n -= lsbyte, n += lsbyte);
-
- if (shift)
- t = BIGLITTLE(n[-1],n[0]);
-
- while (buflen--) {
- if (!shift) {
- t = BIGLITTLE(*n++,*--n);
- shift = 32;
- }
- shift -= 8;
- *buf++ = (unsigned char)(t>>shift);
- }
-}
-
-/*
- * Merge a big-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its *last* byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertBigBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Shut up uninitialized varibale warnings */
-
- lsbyte += buflen;
-
- BIGLITTLE(n -= lsbyte/(32/8), n += lsbyte/(32/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (32/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 32;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *buf++;
- if ((--lsbyte % (32/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 32;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD32)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-/*
- * Returns a substring of the little-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractLittleBytes_32(BNWORD32 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Needed to shut up uninitialized var warnings */
-
- BIGLITTLE(n -= lsbyte/(32/8), n += lsbyte/(32/8));
-
- if (lsbyte % (32/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte % (32/8)) * 8 ;
- }
-
- while (buflen--) {
- if ((lsbyte++ % (32/8)) == 0)
- t = BIGLITTLE(*--n,*n++);
- *buf++ = (unsigned char)t;
- t >>= 8;
- }
-}
-
-/*
- * Merge a little-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its first byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertLittleBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Shut up uninitialized varibale warnings */
-
- /* Move to most-significant end */
- lsbyte += buflen;
- buf += buflen;
-
- BIGLITTLE(n -= lsbyte/(32/8), n += lsbyte/(32/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (32/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 32;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *--buf;
- if ((--lsbyte % (32/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 32;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD32)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-#ifdef DEADCODE /* This was a precursor to the more flexible lbnExtractBytes */
-/*
- * Convert a big-endian array of bytes to a bignum.
- * Returns the number of words in the bignum.
- * Note the expression "32/8" for the number of bytes per word.
- * This is so the word-size adjustment will work.
- */
-unsigned
-lbnFromBytes_32(BNWORD32 *a, unsigned char const *b, unsigned blen)
-{
- BNWORD32 t;
- unsigned alen = (blen + (32/8-1))/(32/8);
- BIGLITTLE(a -= alen, a += alen);
-
- while (blen) {
- t = 0;
- do {
- t = t << 8 | *b++;
- } while (--blen & (32/8-1));
- BIGLITTLE(*a++,*--a) = t;
- }
- return alen;
-}
-#endif
-
-/*
- * Computes the GCD of a and b. Modifies both arguments; when it returns,
- * one of them is the GCD and the other is trash. The return value
- * indicates which: 0 for a, and 1 for b. The length of the retult is
- * returned in rlen. Both inputs must have one extra word of precision.
- * alen must be >= blen.
- *
- * TODO: use the binary algorithm (Knuth section 4.5.2, algorithm B).
- * This is based on taking out common powers of 2, then repeatedly:
- * gcd(2*u,v) = gcd(u,2*v) = gcd(u,v) - isolated powers of 2 can be deleted.
- * gcd(u,v) = gcd(u-v,v) - the numbers can be easily reduced.
- * It gets less reduction per step, but the steps are much faster than
- * the division case.
- */
-int
-lbnGcd_32(BNWORD32 *a, unsigned alen, BNWORD32 *b, unsigned blen,
- unsigned *rlen)
-{
-#if BNYIELD
- int y;
-#endif
- assert(alen >= blen);
-
- while (blen != 0) {
- (void)lbnDiv_32(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- alen = lbnNorm_32(a, blen);
- if (alen == 0) {
- *rlen = blen;
- return 1;
- }
- (void)lbnDiv_32(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- blen = lbnNorm_32(b, alen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- return y;
-#endif
- }
- *rlen = alen;
- return 0;
-}
-
-/*
- * Invert "a" modulo "mod" using the extended Euclidean algorithm.
- * Note that this only computes one of the cosequences, and uses the
- * theorem that the signs flip every step and the absolute value of
- * the cosequence values are always bounded by the modulus to avoid
- * having to work with negative numbers.
- * gcd(a,mod) had better equal 1. Returns 1 if the GCD is NOT 1.
- * a must be one word longer than "mod". It is overwritten with the
- * result.
- * TODO: Use Richard Schroeppel's *much* faster algorithm.
- */
-int
-lbnInv_32(BNWORD32 *a, unsigned alen, BNWORD32 const *mod, unsigned mlen)
-{
- BNWORD32 *b; /* Hold a copy of mod during GCD reduction */
- BNWORD32 *p; /* Temporary for products added to t0 and t1 */
- BNWORD32 *t0, *t1; /* Inverse accumulators */
- BNWORD32 cy;
- unsigned blen, t0len, t1len, plen;
- int y;
-
- alen = lbnNorm_32(a, alen);
- if (!alen)
- return 1; /* No inverse */
-
- mlen = lbnNorm_32(mod, mlen);
-
- assert (alen <= mlen);
-
- /* Inverse of 1 is 1 */
- if (alen == 1 && BIGLITTLE(a[-1],a[0]) == 1) {
- lbnZero_32(BIGLITTLE(a-alen,a+alen), mlen-alen);
- return 0;
- }
-
- /* Allocate a pile of space */
- LBNALLOC(b, BNWORD32, mlen+1);
- if (b) {
- /*
- * Although products are guaranteed to always be less than the
- * modulus, it can involve multiplying two 3-word numbers to
- * get a 5-word result, requiring a 6th word to store a 0
- * temporarily. Thus, mlen + 1.
- */
- LBNALLOC(p, BNWORD32, mlen+1);
- if (p) {
- LBNALLOC(t0, BNWORD32, mlen);
- if (t0) {
- LBNALLOC(t1, BNWORD32, mlen);
- if (t1)
- goto allocated;
- LBNFREE(t0, mlen);
- }
- LBNFREE(p, mlen+1);
- }
- LBNFREE(b, mlen+1);
- }
- return -1;
-
-allocated:
-
- /* Set t0 to 1 */
- t0len = 1;
- BIGLITTLE(t0[-1],t0[0]) = 1;
-
- /* b = mod */
- lbnCopy_32(b, mod, mlen);
- /* blen = mlen (implicitly) */
-
- /* t1 = b / a; b = b % a */
- cy = lbnDiv_32(t1, b, mlen, a, alen);
- *(BIGLITTLE(t1-(mlen-alen)-1,t1+(mlen-alen))) = cy;
- t1len = lbnNorm_32(t1, mlen-alen+1);
- blen = lbnNorm_32(b, alen);
-
- /* while (b > 1) */
- while (blen > 1 || BIGLITTLE(b[-1],b[0]) != (BNWORD32)1) {
- /* q = a / b; a = a % b; */
- if (alen < blen || (alen == blen && lbnCmp_32(a, a, alen) < 0))
- assert(0);
- cy = lbnDiv_32(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- *(BIGLITTLE(a-alen-1,a+alen)) = cy;
- plen = lbnNorm_32(BIGLITTLE(a-blen,a+blen), alen-blen+1);
- assert(plen);
- alen = lbnNorm_32(a, blen);
- if (!alen)
- goto failure; /* GCD not 1 */
-
- /* t0 += q * t1; */
- assert(plen+t1len <= mlen+1);
- lbnMul_32(p, BIGLITTLE(a-blen,a+blen), plen, t1, t1len);
- plen = lbnNorm_32(p, plen + t1len);
- assert(plen <= mlen);
- if (plen > t0len) {
- lbnZero_32(BIGLITTLE(t0-t0len,t0+t0len), plen-t0len);
- t0len = plen;
- }
- cy = lbnAddN_32(t0, p, plen);
- if (cy) {
- if (t0len > plen) {
- cy = lbnAdd1_32(BIGLITTLE(t0-plen,t0+plen),
- t0len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t0[-t0len-1],t0[t0len]) = cy;
- t0len++;
- }
- }
-
- /* if (a <= 1) return a ? t0 : FAIL; */
- if (alen <= 1 && BIGLITTLE(a[-1],a[0]) == (BNWORD32)1) {
- if (alen == 0)
- goto failure; /* FAIL */
- assert(t0len <= mlen);
- lbnCopy_32(a, t0, t0len);
- lbnZero_32(BIGLITTLE(a-t0len, a+t0len), mlen-t0len);
- goto success;
- }
-
- /* q = b / a; b = b % a; */
- if (blen < alen || (blen == alen && lbnCmp_32(b, a, alen) < 0))
- assert(0);
- cy = lbnDiv_32(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- *(BIGLITTLE(b-blen-1,b+blen)) = cy;
- plen = lbnNorm_32(BIGLITTLE(b-alen,b+alen), blen-alen+1);
- assert(plen);
- blen = lbnNorm_32(b, alen);
- if (!blen)
- goto failure; /* GCD not 1 */
-
- /* t1 += q * t0; */
- assert(plen+t0len <= mlen+1);
- lbnMul_32(p, BIGLITTLE(b-alen,b+alen), plen, t0, t0len);
- plen = lbnNorm_32(p, plen + t0len);
- assert(plen <= mlen);
- if (plen > t1len) {
- lbnZero_32(BIGLITTLE(t1-t1len,t1+t1len), plen-t1len);
- t1len = plen;
- }
- cy = lbnAddN_32(t1, p, plen);
- if (cy) {
- if (t1len > plen) {
- cy = lbnAdd1_32(BIGLITTLE(t1-plen,t0+plen),
- t1len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t1[-t1len-1],t1[t1len]) = cy;
- t1len++;
- }
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
-
- if (!blen)
- goto failure; /* gcd(a, mod) != 1 -- FAIL */
-
- /* return mod-t1 */
- lbnCopy_32(a, mod, mlen);
- assert(t1len <= mlen);
- cy = lbnSubN_32(a, t1, t1len);
- if (cy) {
- assert(mlen > t1len);
- cy = lbnSub1_32(BIGLITTLE(a-t1len, a+t1len), mlen-t1len, cy);
- assert(!cy);
- }
-
-success:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 0;
-
-failure: /* GCD is not 1 - no inverse exists! */
- y = 1;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return y;
-}
-
-/*
- * Precompute powers of "a" mod "mod". Compute them every "bits"
- * for "n" steps. This is sufficient to compute powers of g with
- * exponents up to n*bits bits long, i.e. less than 2^(n*bits).
- *
- * This assumes that the caller has already initialized "array" to point
- * to "n" buffers of size "mlen".
- */
-int
-lbnBasePrecompBegin_32(BNWORD32 **array, unsigned n, unsigned bits,
- BNWORD32 const *g, unsigned glen, BNWORD32 *mod, unsigned mlen)
-{
- BNWORD32 *a, *b; /* Temporary double-width accumulators */
- BNWORD32 *a1; /* Pointer to high half of a*/
- BNWORD32 inv; /* Montgomery inverse of LSW of mod */
- BNWORD32 *t;
- unsigned i;
-
- glen = lbnNorm_32(g, glen);
- assert(glen);
-
- assert (mlen == lbnNorm_32(mod, mlen));
- assert (glen <= mlen);
-
- /* Allocate two temporary buffers, and the array slots */
- LBNALLOC(a, BNWORD32, mlen*2);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD32, mlen*2);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Okay, all ready */
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_32(inv);
- /* Move g up "mlen" words into a (clearing the low mlen words) */
- a1 = BIGLITTLE(a-mlen,a+mlen);
- lbnCopy_32(a1, g, glen);
- lbnZero_32(a, mlen);
-
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_32(a1, a, mlen+glen, mod, mlen);
-
- /* Copy the first value into the array */
- t = *array;
- lbnCopy_32(t, a, mlen);
- a1 = a; /* This first value is *not* shifted up */
-
- /* Now compute the remaining n-1 array entries */
- assert(bits);
- assert(n);
- while (--n) {
- i = bits;
- do {
- /* Square a1 into b1 */
- lbnMontSquare_32(b, a1, mod, mlen, inv);
- t = b; b = a; a = t;
- a1 = BIGLITTLE(a-mlen, a+mlen);
- } while (--i);
- t = *++array;
- lbnCopy_32(t, a1, mlen);
- }
-
- /* Hooray, we're done. */
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return 0;
-}
-
-/*
- * result = base^exp (mod mod). "array" is a an array of pointers
- * to procomputed powers of base, each 2^bits apart. (I.e. array[i]
- * is base^(2^(i*bits))).
- *
- * The algorithm consists of:
- * a = b = (powers of g to be raised to the power 2^bits-1)
- * a *= b *= (powers of g to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of g to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnBasePrecompExp_32(BNWORD32 *result, BNWORD32 const * const *array,
- unsigned bits, BNWORD32 const *exp, unsigned elen,
- BNWORD32 const *mod, unsigned mlen)
-{
- BNWORD32 *a, *b, *c, *t;
- BNWORD32 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD32 const *eptr; /* Pointer into exp */
- BNWORD32 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD32 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
-
- mlen = lbnNorm_32(mod, mlen);
- assert (mlen);
-
- elen = lbnNorm_32(exp, elen);
- if (!elen) {
- lbnZero_32(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_32(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD32, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD32, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD32, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Set up bit buffer for walking the exponent */
- eptr = exp;
- buf = BIGLITTLE(*--eptr, *eptr++);
- ewords = elen-1;
- bufbits = 32;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 32;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD32 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_32(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_32(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_32(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_32(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_32(a, a1, mlen);
- lbnZero_32(a1, mlen);
- lbnMontReduce_32(a, mod, mlen, inv);
- lbnCopy_32(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
-
-/*
- * result = base1^exp1 *base2^exp2 (mod mod). "array1" and "array2" are
- * arrays of pointers to procomputed powers of the corresponding bases,
- * each 2^bits apart. (I.e. array1[i] is base1^(2^(i*bits))).
- *
- * Bits must be the same in both. (It could be made adjustable, but it's
- * a bit of a pain. Just make them both equal to the larger one.)
- *
- * The algorithm consists of:
- * a = b = (powers of base1 and base2 to be raised to the power 2^bits-1)
- * a *= b *= (powers of base1 and base2 to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of base1 and base2 to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnDoubleBasePrecompExp_32(BNWORD32 *result, unsigned bits,
- BNWORD32 const * const *array1, BNWORD32 const *exp1, unsigned elen1,
- BNWORD32 const * const *array2, BNWORD32 const *exp2,
- unsigned elen2, BNWORD32 const *mod, unsigned mlen)
-{
- BNWORD32 *a, *b, *c, *t;
- BNWORD32 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j, k; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD32 const *eptr; /* Pointer into exp */
- BNWORD32 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD32 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
- BNWORD32 const * const *array;
-
- mlen = lbnNorm_32(mod, mlen);
- assert (mlen);
-
- elen1 = lbnNorm_32(exp1, elen1);
- if (!elen1) {
- return lbnBasePrecompExp_32(result, array2, bits, exp2, elen2,
- mod, mlen);
- }
- elen2 = lbnNorm_32(exp2, elen2);
- if (!elen2) {
- return lbnBasePrecompExp_32(result, array1, bits, exp1, elen1,
- mod, mlen);
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_32(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen1);
- assert(elen2);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD32, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD32, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD32, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Walk each exponent in turn */
- for (k = 0; k < 2; k++) {
- /* Set up the exponent for walking */
- array = k ? array2 : array1;
- eptr = k ? exp2 : exp1;
- ewords = (k ? elen2 : elen1) - 1;
- /* Set up bit buffer for walking the exponent */
- buf = BIGLITTLE(*--eptr, *eptr++);
- bufbits = 32;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 32;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD32 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_32(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_32(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_32(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_32(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_32(a, a1, mlen);
- lbnZero_32(a1, mlen);
- lbnMontReduce_32(a, mod, mlen, inv);
- lbnCopy_32(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef LBN32_H
-#define LBN32_H
-
-#include "lbn.h"
-
-#ifndef BNWORD32
-#error 32-bit bignum library requires a 32-bit data type
-#endif
-
-#ifndef lbnCopy_32
-void lbnCopy_32(BNWORD32 *dest, BNWORD32 const *src, unsigned len);
-#endif
-#ifndef lbnZero_32
-void lbnZero_32(BNWORD32 *num, unsigned len);
-#endif
-#ifndef lbnNeg_32
-void lbnNeg_32(BNWORD32 *num, unsigned len);
-#endif
-
-#ifndef lbnAdd1_32
-BNWORD32 lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry);
-#endif
-#ifndef lbnSub1_32
-BNWORD32 lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow);
-#endif
-
-#ifndef lbnAddN_32
-BNWORD32 lbnAddN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len);
-#endif
-#ifndef lbnSubN_32
-BNWORD32 lbnSubN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len);
-#endif
-
-#ifndef lbnCmp_32
-int lbnCmp_32(BNWORD32 const *num1, BNWORD32 const *num2, unsigned len);
-#endif
-
-#ifndef lbnMulN1_32
-void lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k);
-#endif
-#ifndef lbnMulAdd1_32
-BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k);
-#endif
-#ifndef lbnMulSub1_32
-BNWORD32 lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k);
-#endif
-
-#ifndef lbnLshift_32
-BNWORD32 lbnLshift_32(BNWORD32 *num, unsigned len, unsigned shift);
-#endif
-#ifndef lbnDouble_32
-BNWORD32 lbnDouble_32(BNWORD32 *num, unsigned len);
-#endif
-#ifndef lbnRshift_32
-BNWORD32 lbnRshift_32(BNWORD32 *num, unsigned len, unsigned shift);
-#endif
-
-#ifndef lbnMul_32
-void lbnMul_32(BNWORD32 *prod, BNWORD32 const *num1, unsigned len1,
- BNWORD32 const *num2, unsigned len2);
-#endif
-#ifndef lbnSquare_32
-void lbnSquare_32(BNWORD32 *prod, BNWORD32 const *num, unsigned len);
-#endif
-
-#ifndef lbnNorm_32
-unsigned lbnNorm_32(BNWORD32 const *num, unsigned len);
-#endif
-#ifndef lbnBits_32
-unsigned lbnBits_32(BNWORD32 const *num, unsigned len);
-#endif
-
-#ifndef lbnExtractBigBytes_32
-void lbnExtractBigBytes_32(BNWORD32 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertBigytes_32
-void lbnInsertBigBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnExtractLittleBytes_32
-void lbnExtractLittleBytes_32(BNWORD32 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertLittleBytes_32
-void lbnInsertLittleBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-
-#ifndef lbnDiv21_32
-BNWORD32 lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d);
-#endif
-#ifndef lbnDiv1_32
-BNWORD32 lbnDiv1_32(BNWORD32 *q, BNWORD32 *rem,
- BNWORD32 const *n, unsigned len, BNWORD32 d);
-#endif
-#ifndef lbnModQ_32
-unsigned lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d);
-#endif
-#ifndef lbnDiv_32
-BNWORD32
-lbnDiv_32(BNWORD32 *q, BNWORD32 *n, unsigned nlen, BNWORD32 *d, unsigned dlen);
-#endif
-
-#ifndef lbnMontInv1_32
-BNWORD32 lbnMontInv1_32(BNWORD32 const x);
-#endif
-#ifndef lbnMontReduce_32
-void lbnMontReduce_32(BNWORD32 *n, BNWORD32 const *mod, unsigned const mlen,
- BNWORD32 inv);
-#endif
-#ifndef lbnToMont_32
-void lbnToMont_32(BNWORD32 *n, unsigned nlen, BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnFromMont_32
-void lbnFromMont_32(BNWORD32 *n, BNWORD32 *mod, unsigned len);
-#endif
-
-#ifndef lbnExpMod_32
-int lbnExpMod_32(BNWORD32 *result, BNWORD32 const *n, unsigned nlen,
- BNWORD32 const *exp, unsigned elen, BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnDoubleExpMod_32
-int lbnDoubleExpMod_32(BNWORD32 *result,
- BNWORD32 const *n1, unsigned n1len, BNWORD32 const *e1, unsigned e1len,
- BNWORD32 const *n2, unsigned n2len, BNWORD32 const *e2, unsigned e2len,
- BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnTwoExpMod_32
-int lbnTwoExpMod_32(BNWORD32 *n, BNWORD32 const *exp, unsigned elen,
- BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnGcd_32
-int lbnGcd_32(BNWORD32 *a, unsigned alen, BNWORD32 *b, unsigned blen,
- unsigned *rlen);
-#endif
-#ifndef lbnInv_32
-int lbnInv_32(BNWORD32 *a, unsigned alen, BNWORD32 const *mod, unsigned mlen);
-#endif
-
-int lbnBasePrecompBegin_32(BNWORD32 **array, unsigned n, unsigned bits,
- BNWORD32 const *g, unsigned glen, BNWORD32 *mod, unsigned mlen);
-int lbnBasePrecompExp_32(BNWORD32 *result, BNWORD32 const * const *array,
- unsigned bits, BNWORD32 const *exp, unsigned elen,
- BNWORD32 const *mod, unsigned mlen);
-int lbnDoubleBasePrecompExp_32(BNWORD32 *result, unsigned bits,
- BNWORD32 const * const *array1, BNWORD32 const *exp1, unsigned elen1,
- BNWORD32 const * const *array2, BNWORD32 const *exp2,
- unsigned elen2, BNWORD32 const *mod, unsigned mlen);
-
-#endif /* LBN32_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn64.c - Low-level bignum routines, 64-bit version.
- *
- * NOTE: the magic constants "64" and "128" appear in many places in this
- * file, including inside identifiers. Because it is not possible to
- * ask "#ifdef" of a macro expansion, it is not possible to use the
- * preprocessor to conditionalize these properly. Thus, this file is
- * intended to be edited with textual search and replace to produce
- * alternate word size versions. Any reference to the number of bits
- * in a word must be the string "64", and that string must not appear
- * otherwise. Any reference to twice this number must appear as "128",
- * which likewise must not appear otherwise. Is that clear?
- *
- * Remember, when doubling the bit size replace the larger number (128)
- * first, then the smaller (64). When halving the bit size, do the
- * opposite. Otherwise, things will get wierd. Also, be sure to replace
- * every instance that appears. (:%s/foo/bar/g in vi)
- *
- * These routines work with a pointer to the least-significant end of
- * an array of WORD64s. The BIG(x), LITTLE(y) and BIGLTTLE(x,y) macros
- * defined in lbn.h (which expand to x on a big-edian machine and y on a
- * little-endian machine) are used to conditionalize the code to work
- * either way. If you have no assembly primitives, it doesn't matter.
- * Note that on a big-endian machine, the least-significant-end pointer
- * is ONE PAST THE END. The bytes are ptr[-1] through ptr[-len].
- * On little-endian, they are ptr[0] through ptr[len-1]. This makes
- * perfect sense if you consider pointers to point *between* bytes rather
- * than at them.
- *
- * Because the array index values are unsigned integers, ptr[-i]
- * may not work properly, since the index -i is evaluated as an unsigned,
- * and if pointers are wider, zero-extension will produce a positive
- * number rahter than the needed negative. The expression used in this
- * code, *(ptr-i) will, however, work. (The array syntax is equivalent
- * to *(ptr+-i), which is a pretty subtle difference.)
- *
- * Many of these routines will get very unhappy if fed zero-length inputs.
- * They use assert() to enforce this. An higher layer of code must make
- * sure that these aren't called with zero-length inputs.
- *
- * Any of these routines can be replaced with more efficient versions
- * elsewhere, by just #defining their names. If one of the names
- * is #defined, the C code is not compiled in and no declaration is
- * made. Use the BNINCLUDE file to do that. Typically, you compile
- * asm subroutines with the same name and just, e.g.
- * #define lbnMulAdd1_64 lbnMulAdd1_64
- *
- * If you want to write asm routines, start with lbnMulAdd1_64().
- * This is the workhorse of modular exponentiation. lbnMulN1_64() is
- * also used a fair bit, although not as much and it's defined in terms
- * of lbnMulAdd1_64 if that has a custom version. lbnMulSub1_64 and
- * lbnDiv21_64 are used in the usual division and remainder finding.
- * (Not the Montgomery reduction used in modular exponentiation, though.)
- * Once you have lbnMulAdd1_64 defined, writing the other two should
- * be pretty easy. (Just make sure you get the sign of the subtraction
- * in lbnMulSub1_64 right - it's dest = dest - source * k.)
- *
- * The only definitions that absolutely need a double-word (BNWORD128)
- * type are lbnMulAdd1_64 and lbnMulSub1_64; if those are provided,
- * the rest follows. lbnDiv21_64, however, is a lot slower unless you
- * have them, and lbnModQ_64 takes after it. That one is used quite a
- * bit for prime sieving.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "lbn.h"
-#include "lbn64.h"
-#include "lbnmem.h"
-
-#include "kludge.h"
-
-#ifndef BNWORD64
-#error 64-bit bignum library requires a 64-bit data type
-#endif
-
-/* If this is defined, include bnYield() calls */
-#if BNYIELD
-extern int (*bnYield)(void); /* From bn.c */
-#endif
-
-/*
- * Most of the multiply (and Montgomery reduce) routines use an outer
- * loop that iterates over one of the operands - a so-called operand
- * scanning approach. One big advantage of this is that the assembly
- * support routines are simpler. The loops can be rearranged to have
- * an outer loop that iterates over the product, a so-called product
- * scanning approach. This has the advantage of writing less data
- * and doing fewer adds to memory, so is supposedly faster. Some
- * code has been written using a product-scanning approach, but
- * it appears to be slower, so it is turned off by default. Some
- * experimentation would be appreciated.
- *
- * (The code is also annoying to get right and not very well commented,
- * one of my pet peeves about math libraries. I'm sorry.)
- */
-#ifndef PRODUCT_SCAN
-#define PRODUCT_SCAN 0
-#endif
-
-/*
- * Copy an array of words. <Marvin mode on> Thrilling, isn't it? </Marvin>
- * This is a good example of how the byte offsets and BIGLITTLE() macros work.
- * Another alternative would have been
- * memcpy(dest BIG(-len), src BIG(-len), len*sizeof(BNWORD64)), but I find that
- * putting operators into conditional macros is confusing.
- */
-#ifndef lbnCopy_64
-void
-lbnCopy_64(BNWORD64 *dest, BNWORD64 const *src, unsigned len)
-{
- memcpy(BIGLITTLE(dest-len,dest), BIGLITTLE(src-len,src),
- len * sizeof(*src));
-}
-#endif /* !lbnCopy_64 */
-
-/*
- * Fill n words with zero. This does it manually rather than calling
- * memset because it can assume alignment to make things faster while
- * memset can't. Note how big-endian numbers are naturally addressed
- * using predecrement, while little-endian is postincrement.
- */
-#ifndef lbnZero_64
-void
-lbnZero_64(BNWORD64 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = 0;
-}
-#endif /* !lbnZero_64 */
-
-/*
- * Negate an array of words.
- * Negation is subtraction from zero. Negating low-order words
- * entails doing nothing until a non-zero word is hit. Once that
- * is negated, a borrow is generated and never dies until the end
- * of the number is hit. Negation with borrow, -x-1, is the same as ~x.
- * Repeat that until the end of the number.
- *
- * Doesn't return borrow out because that's pretty useless - it's
- * always set unless the input is 0, which is easy to notice in
- * normalized form.
- */
-#ifndef lbnNeg_64
-void
-lbnNeg_64(BNWORD64 *num, unsigned len)
-{
- assert(len);
-
- /* Skip low-order zero words */
- while (BIGLITTLE(*--num,*num) == 0) {
- if (!--len)
- return;
- LITTLE(num++;)
- }
- /* Negate the lowest-order non-zero word */
- *num = -*num;
- /* Complement all the higher-order words */
- while (--len) {
- BIGLITTLE(--num,++num);
- *num = ~*num;
- }
-}
-#endif /* !lbnNeg_64 */
-
-
-/*
- * lbnAdd1_64: add the single-word "carry" to the given number.
- * Used for minor increments and propagating the carry after
- * adding in a shorter bignum.
- *
- * Technique: If we have a double-width word, presumably the compiler
- * can add using its carry in inline code, so we just use a larger
- * accumulator to compute the carry from the first addition.
- * If not, it's more complex. After adding the first carry, which may
- * be > 1, compare the sum and the carry. If the sum wraps (causing a
- * carry out from the addition), the result will be less than each of the
- * inputs, since the wrap subtracts a number (2^64) which is larger than
- * the other input can possibly be. If the sum is >= the carry input,
- * return success immediately.
- * In either case, if there is a carry, enter a loop incrementing words
- * until one does not wrap. Since we are adding 1 each time, the wrap
- * will be to 0 and we can test for equality.
- */
-#ifndef lbnAdd1_64 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD128
-BNWORD64
-lbnAdd1_64(BNWORD64 *num, unsigned len, BNWORD64 carry)
-{
- BNWORD128 t;
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- t = (BNWORD128)BIGLITTLE(*--num,*num) + carry;
- BIGLITTLE(*num,*num++) = (BNWORD64)t;
- if ((t >> 64) == 0)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD128 */
-BNWORD64
-lbnAdd1_64(BNWORD64 *num, unsigned len, BNWORD64 carry)
-{
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- if ((BIGLITTLE(*--num,*num++) += carry) >= carry)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif/* !lbnAdd1_64 */
-
-/*
- * lbnSub1_64: subtract the single-word "borrow" from the given number.
- * Used for minor decrements and propagating the borrow after
- * subtracting a shorter bignum.
- *
- * Technique: Similar to the add, above. If there is a double-length type,
- * use that to generate the first borrow.
- * If not, after subtracting the first borrow, which may be > 1, compare
- * the difference and the *negative* of the carry. If the subtract wraps
- * (causing a borrow out from the subtraction), the result will be at least
- * as large as -borrow. If the result < -borrow, then no borrow out has
- * appeared and we may return immediately, except when borrow == 0. To
- * deal with that case, use the identity that -x = ~x+1, and instead of
- * comparing < -borrow, compare for <= ~borrow.
- * Either way, if there is a borrow out, enter a loop decrementing words
- * until a non-zero word is reached.
- *
- * Note the cast of ~borrow to (BNWORD64). If the size of an int is larger
- * than BNWORD64, C rules say the number is expanded for the arithmetic, so
- * the inversion will be done on an int and the value won't be quite what
- * is expected.
- */
-#ifndef lbnSub1_64 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD128
-BNWORD64
-lbnSub1_64(BNWORD64 *num, unsigned len, BNWORD64 borrow)
-{
- BNWORD128 t;
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- t = (BNWORD128)BIGLITTLE(*--num,*num) - borrow;
- BIGLITTLE(*num,*num++) = (BNWORD64)t;
- if ((t >> 64) == 0)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD128 */
-BNWORD64
-lbnSub1_64(BNWORD64 *num, unsigned len, BNWORD64 borrow)
-{
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- if ((BIGLITTLE(*--num,*num++) -= borrow) <= (BNWORD64)~borrow)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif /* !lbnSub1_64 */
-
-/*
- * lbnAddN_64: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with lbnAdd1, of adding two bignums of
- * differing lengths.
- *
- * Technique: Maintain a word of carry. If there is no double-width type,
- * use the same technique as in lbnAdd1, above, to maintain the carry by
- * comparing the inputs. Adding the carry sources is used as an OR operator;
- * at most one of the two comparisons can possibly be true. The first can
- * only be true if carry == 1 and x, the result, is 0. In that case the
- * second can't possibly be true.
- */
-#ifndef lbnAddN_64
-#ifdef BNWORD128
-BNWORD64
-lbnAddN_64(BNWORD64 *num1, BNWORD64 const *num2, unsigned len)
-{
- BNWORD128 t;
-
- assert(len > 0);
-
- t = (BNWORD128)BIGLITTLE(*--num1,*num1) + BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD64)t;
- while (--len) {
- t = (BNWORD128)BIGLITTLE(*--num1,*num1) +
- (BNWORD128)BIGLITTLE(*--num2,*num2++) + (t >> 64);
- BIGLITTLE(*num1,*num1++) = (BNWORD64)t;
- }
-
- return (BNWORD64)(t>>64);
-}
-#else /* no BNWORD128 */
-BNWORD64
-lbnAddN_64(BNWORD64 *num1, BNWORD64 const *num2, unsigned len)
-{
- BNWORD64 x, carry = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- carry = (x += carry) < carry;
- carry += (BIGLITTLE(*--num1,*num1++) += x) < x;
- } while (--len);
-
- return carry;
-}
-#endif
-#endif /* !lbnAddN_64 */
-
-/*
- * lbnSubN_64: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with subn1, of subtracting two bignums of
- * differing lengths.
- *
- * Technique: If no double-width type is availble, maintain a word of borrow.
- * First, add the borrow to the subtrahend (did you have to learn all those
- * awful words in elementary school, too?), and if it overflows, set the
- * borrow again. Then subtract the modified subtrahend from the next word
- * of input, using the same technique as in subn1, above.
- * Adding the borrows is used as an OR operator; at most one of the two
- * comparisons can possibly be true. The first can only be true if
- * borrow == 1 and x, the result, is 0. In that case the second can't
- * possibly be true.
- *
- * In the double-word case, (BNWORD64)-(t>>64) is subtracted, rather than
- * adding t>>64, because the shift would need to sign-extend and that's
- * not guaranteed to happen in ANSI C, even with signed types.
- */
-#ifndef lbnSubN_64
-#ifdef BNWORD128
-BNWORD64
-lbnSubN_64(BNWORD64 *num1, BNWORD64 const *num2, unsigned len)
-{
- BNWORD128 t;
-
- assert(len > 0);
-
- t = (BNWORD128)BIGLITTLE(*--num1,*num1) - BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD64)t;
-
- while (--len) {
- t = (BNWORD128)BIGLITTLE(*--num1,*num1) -
- (BNWORD128)BIGLITTLE(*--num2,*num2++) - (BNWORD64)-(t >> 64);
- BIGLITTLE(*num1,*num1++) = (BNWORD64)t;
- }
-
- return -(BNWORD64)(t>>64);
-}
-#else
-BNWORD64
-lbnSubN_64(BNWORD64 *num1, BNWORD64 const *num2, unsigned len)
-{
- BNWORD64 x, borrow = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- borrow = (x += borrow) < borrow;
- borrow += (BIGLITTLE(*--num1,*num1++) -= x) > (BNWORD64)~x;
- } while (--len);
-
- return borrow;
-}
-#endif
-#endif /* !lbnSubN_64 */
-
-#ifndef lbnCmp_64
-/*
- * lbnCmp_64: compare two bignums of equal length, returning the sign of
- * num1 - num2. (-1, 0 or +1).
- *
- * Technique: Change the little-endian pointers to big-endian pointers
- * and compare from the most-significant end until a difference if found.
- * When it is, figure out the sign of the difference and return it.
- */
-int
-lbnCmp_64(BNWORD64 const *num1, BNWORD64 const *num2, unsigned len)
-{
- BIGLITTLE(num1 -= len, num1 += len);
- BIGLITTLE(num2 -= len, num2 += len);
-
- while (len--) {
- if (BIGLITTLE(*num1++ != *num2++, *--num1 != *--num2)) {
- if (BIGLITTLE(num1[-1] < num2[-1], *num1 < *num2))
- return -1;
- else
- return 1;
- }
- }
- return 0;
-}
-#endif /* !lbnCmp_64 */
-
-/*
- * mul64_ppmmaa(ph,pl,x,y,a,b) is an optional routine that
- * computes (ph,pl) = x * y + a + b. mul64_ppmma and mul64_ppmm
- * are simpler versions. If you want to be lazy, all of these
- * can be defined in terms of the others, so here we create any
- * that have not been defined in terms of the ones that have been.
- */
-
-/* Define ones with fewer a's in terms of ones with more a's */
-#if !defined(mul64_ppmma) && defined(mul64_ppmmaa)
-#define mul64_ppmma(ph,pl,x,y,a) mul64_ppmmaa(ph,pl,x,y,a,0)
-#endif
-
-#if !defined(mul64_ppmm) && defined(mul64_ppmma)
-#define mul64_ppmm(ph,pl,x,y) mul64_ppmma(ph,pl,x,y,0)
-#endif
-
-/*
- * Use this definition to test the mul64_ppmm-based operations on machines
- * that do not provide mul64_ppmm. Change the final "0" to a "1" to
- * enable it.
- */
-#if !defined(mul64_ppmm) && defined(BNWORD128) && 0 /* Debugging */
-#define mul64_ppmm(ph,pl,x,y) \
- ({BNWORD128 _ = (BNWORD128)(x)*(y); (pl) = _; (ph) = _>>64;})
-#endif
-
-#if defined(mul64_ppmm) && !defined(mul64_ppmma)
-#define mul64_ppmma(ph,pl,x,y,a) \
- (mul64_ppmm(ph,pl,x,y), (ph) += ((pl) += (a)) < (a))
-#endif
-
-#if defined(mul64_ppmma) && !defined(mul64_ppmmaa)
-#define mul64_ppmmaa(ph,pl,x,y,a,b) \
- (mul64_ppmma(ph,pl,x,y,a), (ph) += ((pl) += (b)) < (b))
-#endif
-
-/*
- * lbnMulN1_64: Multiply an n-word input by a 1-word input and store the
- * n+1-word product. This uses either the mul64_ppmm and mul64_ppmma
- * macros, or C multiplication with the BNWORD128 type. This uses mul64_ppmma
- * if available, assuming you won't bother defining it unless you can do
- * better than the normal multiplication.
- */
-#ifndef lbnMulN1_64
-#ifdef lbnMulAdd1_64 /* If we have this asm primitive, use it. */
-void
-lbnMulN1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k)
-{
- lbnZero_64(out, len);
- BIGLITTLE(*(out-len-1),*(out+len)) = lbnMulAdd1_64(out, in, len, k);
-}
-#elif defined(mul64_ppmm)
-void
-lbnMulN1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k)
-{
- BNWORD64 carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- mul64_ppmm(carry, *out, *in, k);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;)
- carryin = carry;
- mul64_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
- }
- BIGLITTLE(*--out,*out) = carry;
-}
-#elif defined(BNWORD128)
-void
-lbnMulN1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k)
-{
- BNWORD128 p;
-
- assert(len > 0);
-
- p = (BNWORD128)BIGLITTLE(*--in,*in++) * k;
- BIGLITTLE(*--out,*out++) = (BNWORD64)p;
-
- while (--len) {
- p = (BNWORD128)BIGLITTLE(*--in,*in++) * k + (BNWORD64)(p >> 64);
- BIGLITTLE(*--out,*out++) = (BNWORD64)p;
- }
- BIGLITTLE(*--out,*out) = (BNWORD64)(p >> 64);
-}
-#else
-#error No 64x64 -> 128 multiply available for 64-bit bignum package
-#endif
-#endif /* lbnMulN1_64 */
-
-/*
- * lbnMulAdd1_64: Multiply an n-word input by a 1-word input and add the
- * low n words of the product to the destination. *Returns the n+1st word
- * of the product.* (That turns out to be more convenient than adding
- * it into the destination and dealing with a possible unit carry out
- * of *that*.) This uses either the mul64_ppmma and mul64_ppmmaa macros,
- * or C multiplication with the BNWORD128 type.
- *
- * If you're going to write assembly primitives, this is the one to
- * start with. It is by far the most commonly called function.
- */
-#ifndef lbnMulAdd1_64
-#if defined(mul64_ppmm)
-BNWORD64
-lbnMulAdd1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k)
-{
- BNWORD64 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- carryin = *out;
- mul64_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;);
- carryin = carry;
- mul64_ppmmaa(carry, prod, *in, k, carryin, *out);
- *out = prod;
- LITTLE(out++;in++;)
- }
-
- return carry;
-}
-#elif defined(BNWORD128)
-BNWORD64
-lbnMulAdd1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k)
-{
- BNWORD128 p;
-
- assert(len > 0);
-
- p = (BNWORD128)BIGLITTLE(*--in,*in++) * k + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD64)p;
-
- while (--len) {
- p = (BNWORD128)BIGLITTLE(*--in,*in++) * k +
- (BNWORD64)(p >> 64) + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD64)p;
- }
-
- return (BNWORD64)(p >> 64);
-}
-#else
-#error No 64x64 -> 128 multiply available for 64-bit bignum package
-#endif
-#endif /* lbnMulAdd1_64 */
-
-/*
- * lbnMulSub1_64: Multiply an n-word input by a 1-word input and subtract the
- * n-word product from the destination. Returns the n+1st word of the product.
- * This uses either the mul64_ppmm and mul64_ppmma macros, or
- * C multiplication with the BNWORD128 type.
- *
- * This is rather uglier than adding, but fortunately it's only used in
- * division which is not used too heavily.
- */
-#ifndef lbnMulSub1_64
-#if defined(mul64_ppmm)
-BNWORD64
-lbnMulSub1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k)
-{
- BNWORD64 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--in;)
- mul64_ppmm(carry, prod, *in, k);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD64)~prod;
-
- while (--len) {
- BIG(--in;);
- carryin = carry;
- mul64_ppmma(carry, prod, *in, k, carryin);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD64)~prod;
- }
-
- return carry;
-}
-#elif defined(BNWORD128)
-BNWORD64
-lbnMulSub1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k)
-{
- BNWORD128 p;
- BNWORD64 carry, t;
-
- assert(len > 0);
-
- p = (BNWORD128)BIGLITTLE(*--in,*in++) * k;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD64)(p>>64) + ((BIGLITTLE(*out,*out++)=t-(BNWORD64)p) > t);
-
- while (--len) {
- p = (BNWORD128)BIGLITTLE(*--in,*in++) * k + carry;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD64)(p>>64) +
- ( (BIGLITTLE(*out,*out++)=t-(BNWORD64)p) > t );
- }
-
- return carry;
-}
-#else
-#error No 64x64 -> 128 multiply available for 64-bit bignum package
-#endif
-#endif /* !lbnMulSub1_64 */
-
-/*
- * Shift n words left "shift" bits. 0 < shift < 64. Returns the
- * carry, any bits shifted off the left-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnLshift_64
-BNWORD64
-lbnLshift_64(BNWORD64 *num, unsigned len, unsigned shift)
-{
- BNWORD64 x, carry;
-
- assert(shift > 0);
- assert(shift < 64);
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<shift) | carry;
- LITTLE(num++;)
- carry = x >> (64-shift);
- }
- return carry;
-}
-#endif /* !lbnLshift_64 */
-
-/*
- * An optimized version of the above, for shifts of 1.
- * Some machines can use add-with-carry tricks for this.
- */
-#ifndef lbnDouble_64
-BNWORD64
-lbnDouble_64(BNWORD64 *num, unsigned len)
-{
- BNWORD64 x, carry;
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<1) | carry;
- LITTLE(num++;)
- carry = x >> (64-1);
- }
- return carry;
-}
-#endif /* !lbnDouble_64 */
-
-/*
- * Shift n words right "shift" bits. 0 < shift < 64. Returns the
- * carry, any bits shifted off the right-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnRshift_64
-BNWORD64
-lbnRshift_64(BNWORD64 *num, unsigned len, unsigned shift)
-{
- BNWORD64 x, carry = 0;
-
- assert(shift > 0);
- assert(shift < 64);
-
- BIGLITTLE(num -= len, num += len);
-
- while (len--) {
- LITTLE(--num;)
- x = *num;
- *num = (x>>shift) | carry;
- BIG(num++;)
- carry = x << (64-shift);
- }
- return carry >> (64-shift);
-}
-#endif /* !lbnRshift_64 */
-
-/*
- * Multiply two numbers of the given lengths. prod and num2 may overlap,
- * provided that the low len1 bits of prod are free. (This corresponds
- * nicely to the place the result is returned from lbnMontReduce_64.)
- *
- * TODO: Use Karatsuba multiply. The overlap constraints may have
- * to get rewhacked.
- */
-#ifndef lbnMul_64
-void
-lbnMul_64(BNWORD64 *prod, BNWORD64 const *num1, unsigned len1,
- BNWORD64 const *num2, unsigned len2)
-{
- /* Special case of zero */
- if (!len1 || !len2) {
- lbnZero_64(prod, len1+len2);
- return;
- }
-
- /* Multiply first word */
- lbnMulN1_64(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
-
- /*
- * Add in subsequent words, storing the most significant word,
- * which is new each time.
- */
- while (--len2) {
- BIGLITTLE(--prod,prod++);
- BIGLITTLE(*(prod-len1-1),*(prod+len1)) =
- lbnMulAdd1_64(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
- }
-}
-#endif /* !lbnMul_64 */
-
-/*
- * lbnMulX_64 is a square multiply - both inputs are the same length.
- * It's normally just a macro wrapper around the general multiply,
- * but might be implementable in assembly more efficiently (such as
- * when product scanning).
- */
-#ifndef lbnMulX_64
-#if defined(BNWORD128) && PRODUCT_SCAN
-/*
- * Test code to see whether product scanning is any faster. It seems
- * to make the C code slower, so PRODUCT_SCAN is not defined.
- */
-static void
-lbnMulX_64(BNWORD64 *prod, BNWORD64 const *num1, BNWORD64 const *num2,
- unsigned len)
-{
- BNWORD128 x, y;
- BNWORD64 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- x = (BNWORD128)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD64)x;
- x >>= 64;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- for (j = 0; j <= i; j++) {
- BIG(y = (BNWORD128)*--p1 * *p2++;)
- LITTLE(y = (BNWORD128)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD64)x;
- x = (x >> 64) | (BNWORD128)carry << 64;
- }
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- for (j = i; j < len; j++) {
- BIG(y = (BNWORD128)*--p1 * *p2++;)
- LITTLE(y = (BNWORD128)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD64)x;
- x = (x >> 64) | (BNWORD128)carry << 64;
- }
-
- BIGLITTLE(*--prod,*prod) = (BNWORD64)x;
-}
-#else /* !defined(BNWORD128) || !PRODUCT_SCAN */
-/* Default trivial macro definition */
-#define lbnMulX_64(prod, num1, num2, len) lbnMul_64(prod, num1, len, num2, len)
-#endif /* !defined(BNWORD128) || !PRODUCT_SCAN */
-#endif /* !lbmMulX_64 */
-
-#if !defined(lbnMontMul_64) && defined(BNWORD128) && PRODUCT_SCAN
-/*
- * Test code for product-scanning multiply. This seems to slow the C
- * code down rather than speed it up.
- * This does a multiply and Montgomery reduction together, using the
- * same loops. The outer loop scans across the product, twice.
- * The first pass computes the low half of the product and the
- * Montgomery multipliers. These are stored in the product array,
- * which contains no data as of yet. x and carry add up the columns
- * and propagate carries forward.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-static void
-lbnMontMul_64(BNWORD64 *prod, BNWORD64 const *num1, BNWORD64 const *num2,
- BNWORD64 const *mod, unsigned len, BNWORD64 inv)
-{
- BNWORD128 x, y;
- BNWORD64 const *p1, *p2, *pm;
- BNWORD64 *pp;
- BNWORD64 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /*
- * This computes directly into the high half of prod, so just
- * shift the pointer and consider prod only "len" elements long
- * for the rest of the code.
- */
- BIGLITTLE(prod -= len, prod += len);
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- x = (BNWORD128)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(prod[-1], prod[0]) = t = inv * (BNWORD64)x;
- y = (BNWORD128)t * BIGLITTLE(mod[-1],mod[0]);
- x += y;
- /* Note: GCC 2.6.3 has a bug if you try to eliminate "carry" */
- carry = (x < y);
- assert((BNWORD64)x == 0);
- x = x >> 64 | (BNWORD128)carry << 64;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- pp = prod;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD128)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD128)BIGLITTLE(*--pp * *pm++, *pp++ * *--pm);
- x += y;
- carry += (x < y);
- }
- y = (BNWORD128)BIGLITTLE(p1[-1] * p2[0], p1[0] * p2[-1]);
- x += y;
- carry += (x < y);
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[-1], pp[0]) = t = inv * (BNWORD64)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD128)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD64)x == 0);
- x = x >> 64 | (BNWORD128)carry << 64;
- }
-
- /* Pass 2 - compute reduced product and store */
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- pm = BIGLITTLE(mod-i,mod+i);
- pp = BIGLITTLE(prod-len,prod+len);
- for (j = i; j < len; j++) {
- y = (BNWORD128)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD128)BIGLITTLE(*--pm * *pp++, *pm++ * *--pp);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-len, pm == mod+len));
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[0],pp[-1]) = (BNWORD64)x;
- x = (x >> 64) | (BNWORD128)carry << 64;
- }
-
- /* Last round of second half, simplified. */
- BIGLITTLE(*(prod-len),*(prod+len-1)) = (BNWORD64)x;
- carry = (x >> 64);
-
- while (carry)
- carry -= lbnSubN_64(prod, mod, len);
- while (lbnCmp_64(prod, mod, len) >= 0)
- (void)lbnSubN_64(prod, mod, len);
-}
-/* Suppress later definition */
-#define lbnMontMul_64 lbnMontMul_64
-#endif
-
-#if !defined(lbnSquare_64) && defined(BNWORD128) && PRODUCT_SCAN
-/*
- * Trial code for product-scanning squaring. This seems to slow the C
- * code down rather than speed it up.
- */
-void
-lbnSquare_64(BNWORD64 *prod, BNWORD64 const *num, unsigned len)
-{
- BNWORD128 x, y, z;
- BNWORD64 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /* Word 0 of product */
- x = (BNWORD128)BIGLITTLE(num[-1] * num[-1], num[0] * num[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD64)x;
- x >>= 64;
-
- /* Words 1 through len-1 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = num;
- p2 = BIGLITTLE(num-i-1,num+i+1);
- for (j = 0; j < (i+1)/2; j++) {
- BIG(z = (BNWORD128)*--p1 * *p2++;)
- LITTLE(z = (BNWORD128)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((i & 1) == 0) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD128)*p2 * *p2;)
- LITTLE(z = (BNWORD128)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD64)x;
- x = (x >> 64) | (BNWORD128)carry << 64;
- }
- /* Words len through 2*len-2 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = BIGLITTLE(num-i,num+i);
- p2 = BIGLITTLE(num-len,num+len);
- for (j = 0; j < (len-i)/2; j++) {
- BIG(z = (BNWORD128)*--p1 * *p2++;)
- LITTLE(z = (BNWORD128)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((len-i) & 1) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD128)*p2 * *p2;)
- LITTLE(z = (BNWORD128)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD64)x;
- x = (x >> 64) | (BNWORD128)carry << 64;
- }
-
- /* Word 2*len-1 */
- BIGLITTLE(*--prod,*prod) = (BNWORD64)x;
-}
-/* Suppress later definition */
-#define lbnSquare_64 lbnSquare_64
-#endif
-
-/*
- * Square a number, using optimized squaring to reduce the number of
- * primitive multiples that are executed. There may not be any
- * overlap of the input and output.
- *
- * Technique: Consider the partial products in the multiplication
- * of "abcde" by itself:
- *
- * a b c d e
- * * a b c d e
- * ==================
- * ae be ce de ee
- * ad bd cd dd de
- * ac bc cc cd ce
- * ab bb bc bd be
- * aa ab ac ad ae
- *
- * Note that everything above the main diagonal:
- * ae be ce de = (abcd) * e
- * ad bd cd = (abc) * d
- * ac bc = (ab) * c
- * ab = (a) * b
- *
- * is a copy of everything below the main diagonal:
- * de
- * cd ce
- * bc bd be
- * ab ac ad ae
- *
- * Thus, the sum is 2 * (off the diagonal) + diagonal.
- *
- * This is accumulated beginning with the diagonal (which
- * consist of the squares of the digits of the input), which is then
- * divided by two, the off-diagonal added, and multiplied by two
- * again. The low bit is simply a copy of the low bit of the
- * input, so it doesn't need special care.
- *
- * TODO: Merge the shift by 1 with the squaring loop.
- * TODO: Use Karatsuba. (a*W+b)^2 = a^2 * (W^2+W) + b^2 * (W+1) - (a-b)^2 * W.
- */
-#ifndef lbnSquare_64
-void
-lbnSquare_64(BNWORD64 *prod, BNWORD64 const *num, unsigned len)
-{
- BNWORD64 t;
- BNWORD64 *prodx = prod; /* Working copy of the argument */
- BNWORD64 const *numx = num; /* Working copy of the argument */
- unsigned lenx = len; /* Working copy of the argument */
-
- if (!len)
- return;
-
- /* First, store all the squares */
- while (lenx--) {
-#ifdef mul64_ppmm
- BNWORD64 ph, pl;
- t = BIGLITTLE(*--numx,*numx++);
- mul64_ppmm(ph,pl,t,t);
- BIGLITTLE(*--prodx,*prodx++) = pl;
- BIGLITTLE(*--prodx,*prodx++) = ph;
-#elif defined(BNWORD128) /* use BNWORD128 */
- BNWORD128 p;
- t = BIGLITTLE(*--numx,*numx++);
- p = (BNWORD128)t * t;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD64)p;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD64)(p>>64);
-#else /* Use lbnMulN1_64 */
- t = BIGLITTLE(numx[-1],*numx);
- lbnMulN1_64(prodx, numx, 1, t);
- BIGLITTLE(--numx,numx++);
- BIGLITTLE(prodx -= 2, prodx += 2);
-#endif
- }
- /* Then, shift right 1 bit */
- (void)lbnRshift_64(prod, 2*len, 1);
-
- /* Then, add in the off-diagonal sums */
- lenx = len;
- numx = num;
- prodx = prod;
- while (--lenx) {
- t = BIGLITTLE(*--numx,*numx++);
- BIGLITTLE(--prodx,prodx++);
- t = lbnMulAdd1_64(prodx, numx, lenx, t);
- lbnAdd1_64(BIGLITTLE(prodx-lenx,prodx+lenx), lenx+1, t);
- BIGLITTLE(--prodx,prodx++);
- }
-
- /* Shift it back up */
- lbnDouble_64(prod, 2*len);
-
- /* And set the low bit appropriately */
- BIGLITTLE(prod[-1],prod[0]) |= BIGLITTLE(num[-1],num[0]) & 1;
-}
-#endif /* !lbnSquare_64 */
-
-/*
- * lbnNorm_64 - given a number, return a modified length such that the
- * most significant digit is non-zero. Zero-length input is okay.
- */
-#ifndef lbnNorm_64
-unsigned
-lbnNorm_64(BNWORD64 const *num, unsigned len)
-{
- BIGLITTLE(num -= len,num += len);
- while (len && BIGLITTLE(*num++,*--num) == 0)
- --len;
- return len;
-}
-#endif /* lbnNorm_64 */
-
-/*
- * lbnBits_64 - return the number of significant bits in the array.
- * It starts by normalizing the array. Zero-length input is okay.
- * Then assuming there's anything to it, it fetches the high word,
- * generates a bit length by multiplying the word length by 64, and
- * subtracts off 64/2, 64/4, 64/8, ... bits if the high bits are clear.
- */
-#ifndef lbnBits_64
-unsigned
-lbnBits_64(BNWORD64 const *num, unsigned len)
-{
- BNWORD64 t;
- unsigned i;
-
- len = lbnNorm_64(num, len);
- if (len) {
- t = BIGLITTLE(*(num-len),*(num+(len-1)));
- assert(t);
- len *= 64;
- i = 64/2;
- do {
- if (t >> i)
- t >>= i;
- else
- len -= i;
- } while ((i /= 2) != 0);
- }
- return len;
-}
-#endif /* lbnBits_64 */
-
-/*
- * If defined, use hand-rolled divide rather than compiler's native.
- * If the machine doesn't do it in line, the manual code is probably
- * faster, since it can assume normalization and the fact that the
- * quotient will fit into 64 bits, which a general 128-bit divide
- * in a compiler's run-time library can't do.
- */
-#ifndef BN_SLOW_DIVIDE_128
-/* Assume that divisors of more than thirty-two bits are slow */
-#define BN_SLOW_DIVIDE_128 (128 > 0x20)
-#endif
-
-/*
- * Return (nh<<64|nl) % d, and place the quotient digit into *q.
- * It is guaranteed that nh < d, and that d is normalized (with its high
- * bit set). If we have a double-width type, it's easy. If not, ooh,
- * yuk!
- */
-#ifndef lbnDiv21_64
-#if defined(BNWORD128) && !BN_SLOW_DIVIDE_128
-BNWORD64
-lbnDiv21_64(BNWORD64 *q, BNWORD64 nh, BNWORD64 nl, BNWORD64 d)
-{
- BNWORD128 n = (BNWORD128)nh << 64 | nl;
-
- /* Divisor must be normalized */
- assert(d >> (64-1) == 1);
-
- *q = n / d;
- return n % d;
-}
-#else
-/*
- * This is where it gets ugly.
- *
- * Do the division in two halves, using Algorithm D from section 4.3.1
- * of Knuth. Note Theorem B from that section, that the quotient estimate
- * is never more than the true quotient, and is never more than two
- * too low.
- *
- * The mapping onto conventional long division is (everything a half word):
- * _____________qh___ql_
- * dh dl ) nh.h nh.l nl.h nl.l
- * - (qh * d)
- * -----------
- * rrrr rrrr nl.l
- * - (ql * d)
- * -----------
- * rrrr rrrr
- *
- * The implicit 3/2-digit d*qh and d*ql subtractors are computed this way:
- * First, estimate a q digit so that nh/dh works. Subtracting qh*dh from
- * the (nh.h nh.l) list leaves a 1/2-word remainder r. Then compute the
- * low part of the subtractor, qh * dl. This also needs to be subtracted
- * from (nh.h nh.l nl.h) to get the final remainder. So we take the
- * remainder, which is (nh.h nh.l) - qh*dl, shift it and add in nl.h, and
- * try to subtract qh * dl from that. Since the remainder is 1/2-word
- * long, shifting and adding nl.h results in a single word r.
- * It is possible that the remainder we're working with, r, is less than
- * the product qh * dl, if we estimated qh too high. The estimation
- * technique can produce a qh that is too large (never too small), leading
- * to r which is too small. In that case, decrement the digit qh, add
- * shifted dh to r (to correct for that error), and subtract dl from the
- * product we're comparing r with. That's the "correct" way to do it, but
- * just adding dl to r instead of subtracting it from the product is
- * equivalent and a lot simpler. You just have to watch out for overflow.
- *
- * The process is repeated with (rrrr rrrr nl.l) for the low digit of the
- * quotient ql.
- *
- * The various uses of 64/2 for shifts are because of the note about
- * automatic editing of this file at the very top of the file.
- */
-#define highhalf(x) ( (x) >> 64/2 )
-#define lowhalf(x) ( (x) & (((BNWORD64)1 << 64/2)-1) )
-BNWORD64
-lbnDiv21_64(BNWORD64 *q, BNWORD64 nh, BNWORD64 nl, BNWORD64 d)
-{
- BNWORD64 dh = highhalf(d), dl = lowhalf(d);
- BNWORD64 qh, ql, prod, r;
-
- /* Divisor must be normalized */
- assert((d >> (64-1)) == 1);
-
- /* Do first half-word of division */
- qh = nh / dh;
- r = nh % dh;
- prod = qh * dl;
-
- /*
- * Add next half-word of numerator to remainder and correct.
- * qh may be up to two too large.
- */
- r = (r << (64/2)) | highhalf(nl);
- if (r < prod) {
- --qh; r += d;
- if (r >= d && r < prod) {
- --qh; r += d;
- }
- }
- r -= prod;
-
- /* Do second half-word of division */
- ql = r / dh;
- r = r % dh;
- prod = ql * dl;
-
- r = (r << (64/2)) | lowhalf(nl);
- if (r < prod) {
- --ql; r += d;
- if (r >= d && r < prod) {
- --ql; r += d;
- }
- }
- r -= prod;
-
- *q = (qh << (64/2)) | ql;
-
- return r;
-}
-#endif
-#endif /* lbnDiv21_64 */
-
-
-/*
- * In the division functions, the dividend and divisor are referred to
- * as "n" and "d", which stand for "numerator" and "denominator".
- *
- * The quotient is (nlen-dlen+1) digits long. It may be overlapped with
- * the high (nlen-dlen) words of the dividend, but one extra word is needed
- * on top to hold the top word.
- */
-
-/*
- * Divide an n-word number by a 1-word number, storing the remainder
- * and n-1 words of the n-word quotient. The high word is returned.
- * It IS legal for rem to point to the same address as n, and for
- * q to point one word higher.
- *
- * TODO: If BN_SLOW_DIVIDE_128, add a divnhalf_64 which uses 64-bit
- * dividends if the divisor is half that long.
- * TODO: Shift the dividend on the fly to avoid the last division and
- * instead have a remainder that needs shifting.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef lbnDiv1_64
-BNWORD64
-lbnDiv1_64(BNWORD64 *q, BNWORD64 *rem, BNWORD64 const *n, unsigned len,
- BNWORD64 d)
-{
- unsigned shift;
- unsigned xlen;
- BNWORD64 r;
- BNWORD64 qhigh;
-
- assert(len > 0);
- assert(d);
-
- if (len == 1) {
- r = *n;
- *rem = r%d;
- return r/d;
- }
-
- shift = 0;
- r = d;
- xlen = 64/2;
- do {
- if (r >> xlen)
- r >>= xlen;
- else
- shift += xlen;
- } while ((xlen /= 2) != 0);
- assert((d >> (64-1-shift)) == 1);
- d <<= shift;
-
- BIGLITTLE(q -= len-1,q += len-1);
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r < d) {
- qhigh = 0;
- } else {
- qhigh = r/d;
- r %= d;
- }
-
- xlen = len;
- while (--xlen)
- r = lbnDiv21_64(BIGLITTLE(q++,--q), r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift) {
- d >>= shift;
- qhigh = (qhigh << shift) | lbnLshift_64(q, len-1, shift);
- BIGLITTLE(q[-1],*q) |= r/d;
- r %= d;
- }
- *rem = r;
-
- return qhigh;
-}
-#endif
-
-/*
- * This function performs a "quick" modulus of a number with a divisor
- * d which is guaranteed to be at most sixteen bits, i.e. less than 65536.
- * This applies regardless of the word size the library is compiled with.
- *
- * This function is important to prime generation, for sieving.
- */
-#ifndef lbnModQ_64
-/* If there's a custom lbnMod21_64, no normalization needed */
-#ifdef lbnMod21_64
-unsigned
-lbnModQ_64(BNWORD64 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD64 r;
-
- assert(len > 0);
-
- BIGLITTLE(n -= len,n += len);
-
- /* Try using a compare to avoid the first divide */
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
- while (--len)
- r = lbnMod21_64(r, BIGLITTLE(*n++,*--n), d);
-
- return r;
-}
-#elif defined(BNWORD128) && !BN_SLOW_DIVIDE_128
-unsigned
-lbnModQ_64(BNWORD64 const *n, unsigned len, unsigned d)
-{
- BNWORD64 r;
-
- if (!--len)
- return BIGLITTLE(n[-1],n[0]) % d;
-
- BIGLITTLE(n -= len,n += len);
- r = BIGLITTLE(n[-1],n[0]);
-
- do {
- r = (BNWORD64)((((BNWORD128)r<<64) | BIGLITTLE(*n++,*--n)) % d);
- } while (--len);
-
- return r;
-}
-#elif 64 >= 0x20
-/*
- * If the single word size can hold 65535*65536, then this function
- * is avilable.
- */
-#ifndef highhalf
-#define highhalf(x) ( (x) >> 64/2 )
-#define lowhalf(x) ( (x) & ((1 << 64/2)-1) )
-#endif
-unsigned
-lbnModQ_64(BNWORD64 const *n, unsigned len, unsigned d)
-{
- BNWORD64 r, x;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- while (--len) {
- x = BIGLITTLE(*n++,*--n);
- r = (r%d << 64/2) | highhalf(x);
- r = (r%d << 64/2) | lowhalf(x);
- }
-
- return r%d;
-}
-#else
-/* Default case - use lbnDiv21_64 */
-unsigned
-lbnModQ_64(BNWORD64 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD64 r;
- BNWORD64 q;
-
- assert(len > 0);
-
- shift = 0;
- r = d;
- i = 64;
- while (i /= 2) {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- }
- assert(d >> (64-1-shift) == 1);
- d <<= shift;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
-
- while (--len)
- r = lbnDiv21_64(&q, r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift)
- r %= d >> shift;
-
- return r;
-}
-#endif
-#endif /* lbnModQ_64 */
-
-/*
- * Reduce n mod d and return the quotient. That is, find:
- * q = n / d;
- * n = n % d;
- * d is altered during the execution of this subroutine by normalizing it.
- * It must already have its most significant word non-zero; it is shifted
- * so its most significant bit is non-zero.
- *
- * The quotient q is nlen-dlen+1 words long. To make it possible to
- * overlap the quptient with the input (you can store it in the high dlen
- * words), the high word of the quotient is *not* stored, but is returned.
- * (If all you want is the remainder, you don't care about it, anyway.)
- *
- * This uses algorithm D from Knuth (4.3.1), except that we do binary
- * (shift) normalization of the divisor. WARNING: This is hairy!
- *
- * This function is used for some modular reduction, but it is not used in
- * the modular exponentiation loops; they use Montgomery form and the
- * corresponding, more efficient, Montgomery reduction. This code
- * is needed for the conversion to Montgomery form, however, so it
- * has to be here and it might as well be reasonably efficient.
- *
- * The overall operation is as follows ("top" and "up" refer to the
- * most significant end of the number; "bottom" and "down", the least):
- *
- * - Shift the divisor up until the most significant bit is set.
- * - Shift the dividend up the same amount. This will produce the
- * correct quotient, and the remainder can be recovered by shifting
- * it back down the same number of bits. This may produce an overflow
- * word, but the word is always strictly less than the most significant
- * divisor word.
- * - Estimate the first quotient digit qhat:
- * - First take the top two words (one of which is the overflow) of the
- * dividend and divide by the top word of the divisor:
- * qhat = (nh,nm)/dh. This qhat is >= the correct quotient digit
- * and, since dh is normalized, it is at most two over.
- * - Second, correct by comparing the top three words. If
- * (dh,dl) * qhat > (nh,nm,ml), decrease qhat and try again.
- * The second iteration can be simpler because there can't be a third.
- * The computation can be simplified by subtracting dh*qhat from
- * both sides, suitably shifted. This reduces the left side to
- * dl*qhat. On the right, (nh,nm)-dh*qhat is simply the
- * remainder r from (nh,nm)%dh, so the right is (r,nl).
- * This produces qhat that is almost always correct and at
- * most (prob ~ 2/2^64) one too high.
- * - Subtract qhat times the divisor (suitably shifted) from the dividend.
- * If there is a borrow, qhat was wrong, so decrement it
- * and add the divisor back in (once).
- * - Store the final quotient digit qhat in the quotient array q.
- *
- * Repeat the quotient digit computation for successive digits of the
- * quotient until the whole quotient has been computed. Then shift the
- * divisor and the remainder down to correct for the normalization.
- *
- * TODO: Special case 2-word divisors.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef divn_64
-BNWORD64
-lbnDiv_64(BNWORD64 *q, BNWORD64 *n, unsigned nlen, BNWORD64 *d, unsigned dlen)
-{
- BNWORD64 nh,nm,nl; /* Top three words of the dividend */
- BNWORD64 dh,dl; /* Top two words of the divisor */
- BNWORD64 qhat; /* Extimate of quotient word */
- BNWORD64 r; /* Remainder from quotient estimate division */
- BNWORD64 qhigh; /* High word of quotient */
- unsigned i; /* Temp */
- unsigned shift; /* Bits shifted by normalization */
- unsigned qlen = nlen-dlen; /* Size of quotient (less 1) */
-#ifdef mul64_ppmm
- BNWORD64 t64;
-#elif defined(BNWORD128)
- BNWORD128 t128;
-#else /* use lbnMulN1_64 */
- BNWORD64 t2[2];
-#define t2high BIGLITTLE(t2[0],t2[1])
-#define t2low BIGLITTLE(t2[1],t2[0])
-#endif
-
- assert(dlen);
- assert(nlen >= dlen);
-
- /*
- * Special cases for short divisors. The general case uses the
- * top top 2 digits of the divisor (d) to estimate a quotient digit,
- * so it breaks if there are fewer digits available. Thus, we need
- * special cases for a divisor of length 1. A divisor of length
- * 2 can have a *lot* of administrivia overhead removed removed,
- * so it's probably worth special-casing that case, too.
- */
- if (dlen == 1)
- return lbnDiv1_64(q, BIGLITTLE(n-1,n), n, nlen,
- BIGLITTLE(d[-1],d[0]));
-
-#if 0
- /*
- * @@@ This is not yet written... The general loop will do,
- * albeit less efficiently
- */
- if (dlen == 2) {
- /*
- * divisor two digits long:
- * use the 3/2 technique from Knuth, but we know
- * it's exact.
- */
- dh = BIGLITTLE(d[-1],d[0]);
- dl = BIGLITTLE(d[-2],d[1]);
- shift = 0;
- if ((sh & ((BNWORD64)1 << 64-1-shift)) == 0) {
- do {
- shift++;
- } while (dh & (BNWORD64)1<<64-1-shift) == 0);
- dh = dh << shift | dl >> (64-shift);
- dl <<= shift;
-
-
- }
-
-
- for (shift = 0; (dh & (BNWORD64)1 << 64-1-shift)) == 0; shift++)
- ;
- if (shift) {
- }
- dh = dh << shift | dl >> (64-shift);
- shift = 0;
- while (dh
- }
-#endif
-
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- assert(dh);
-
- /* Normalize the divisor */
- shift = 0;
- r = dh;
- i = 64/2;
- do {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- } while ((i /= 2) != 0);
-
- nh = 0;
- if (shift) {
- lbnLshift_64(d, dlen, shift);
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- nh = lbnLshift_64(n, nlen, shift);
- }
-
- /* Assert that dh is now normalized */
- assert(dh >> (64-1));
-
- /* Also get the second-most significant word of the divisor */
- dl = BIGLITTLE(*(d-(dlen-1)),*(d+(dlen-2)));
-
- /*
- * Adjust pointers: n to point to least significant end of first
- * first subtract, and q to one the most-significant end of the
- * quotient array.
- */
- BIGLITTLE(n -= qlen,n += qlen);
- BIGLITTLE(q -= qlen,q += qlen);
-
- /* Fetch the most significant stored word of the dividend */
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- /*
- * Compute the first digit of the quotient, based on the
- * first two words of the dividend (the most significant of which
- * is the overflow word h).
- */
- if (nh) {
- assert(nh < dh);
- r = lbnDiv21_64(&qhat, nh, nm, dh);
- } else if (nm >= dh) {
- qhat = nm/dh;
- r = nm % dh;
- } else { /* Quotient is zero */
- qhigh = 0;
- goto divloop;
- }
-
- /* Now get the third most significant word of the dividend */
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-
- /*
- * Correct qhat, the estimate of quotient digit.
- * qhat can only be high, and at most two words high,
- * so the loop can be unrolled and abbreviated.
- */
-#ifdef mul64_ppmm
- mul64_ppmm(nm, t64, qhat, dl);
- if (nm > r || (nm == r && t64 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t64 < dl);
- t64 -= dl;
- if (nm > r || (nm == r && t64 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD128)
- t128 = (BNWORD128)qhat * dl;
- if (t128 > ((BNWORD128)r << 64) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) > dh) {
- t128 -= dl;
- if (t128 > ((BNWORD128)r << 64) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_64 */
- lbnMulN1_64(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /* Do the multiply and subtract */
- r = lbnMulSub1_64(n, d, dlen, qhat);
- /* If there was a borrow, add back once. */
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_64(n, d, dlen);
- qhat--;
- }
-
- /* Remember the first quotient digit. */
- qhigh = qhat;
-
- /* Now, the main division loop: */
-divloop:
- while (qlen--) {
-
- /* Advance n */
- nh = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
- BIGLITTLE(++n,--n);
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- if (nh == dh) {
- qhat = ~(BNWORD64)0;
- /* Optimized computation of r = (nh,nm) - qhat * dh */
- r = nh + nm;
- if (r < nh)
- goto subtract;
- } else {
- assert(nh < dh);
- r = lbnDiv21_64(&qhat, nh, nm, dh);
- }
-
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-#ifdef mul64_ppmm
- mul64_ppmm(nm, t64, qhat, dl);
- if (nm > r || (nm == r && t64 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t64 < dl);
- t64 -= dl;
- if (nm > r || (nm == r && t64 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD128)
- t128 = (BNWORD128)qhat * dl;
- if (t128 > ((BNWORD128)r<<64) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t128 -= dl;
- if (t128 > ((BNWORD128)r << 64) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_64 */
- lbnMulN1_64(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /*
- * As a point of interest, note that it is not worth checking
- * for qhat of 0 or 1 and installing special-case code. These
- * occur with probability 2^-64, so spending 1 cycle to check
- * for them is only worth it if we save more than 2^15 cycles,
- * and a multiply-and-subtract for numbers in the 1024-bit
- * range just doesn't take that long.
- */
-subtract:
- /*
- * n points to the least significant end of the substring
- * of n to be subtracted from. qhat is either exact or
- * one too large. If the subtract gets a borrow, it was
- * one too large and the divisor is added back in. It's
- * a dlen+1 word add which is guaranteed to produce a
- * carry out, so it can be done very simply.
- */
- r = lbnMulSub1_64(n, d, dlen, qhat);
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_64(n, d, dlen);
- qhat--;
- }
- /* Store the quotient digit */
- BIGLITTLE(*q++,*--q) = qhat;
- }
- /* Tah dah! */
-
- if (shift) {
- lbnRshift_64(d, dlen, shift);
- lbnRshift_64(n, dlen, shift);
- }
-
- return qhigh;
-}
-#endif
-
-/*
- * Find the negative multiplicative inverse of x (x must be odd!) modulo 2^64.
- *
- * This just performs Newton's iteration until it gets the
- * inverse. The initial estimate is always correct to 3 bits, and
- * sometimes 4. The number of valid bits doubles each iteration.
- * (To prove it, assume x * y == 1 (mod 2^n), and introduce a variable
- * for the error mod 2^2n. x * y == 1 + k*2^n (mod 2^2n) and follow
- * the iteration through.)
- */
-#ifndef lbnMontInv1_64
-BNWORD64
-lbnMontInv1_64(BNWORD64 const x)
-{
- BNWORD64 y = x, z;
-
- assert(x & 1);
-
- while ((z = x*y) != 1)
- y *= 2 - z;
- return -y;
-}
-#endif /* !lbnMontInv1_64 */
-
-#if defined(BNWORD128) && PRODUCT_SCAN
-/*
- * Test code for product-scanning Montgomery reduction.
- * This seems to slow the C code down rather than speed it up.
- *
- * The first loop computes the Montgomery multipliers, storing them over
- * the low half of the number n.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-void
-lbnMontReduce_64(BNWORD64 *n, BNWORD64 const *mod, unsigned mlen, BNWORD64 inv)
-{
- BNWORD128 x, y;
- BNWORD64 const *pm;
- BNWORD64 *pn;
- BNWORD64 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!mlen)
- return;
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- t = BIGLITTLE(n[-1],n[0]);
- x = t;
- t *= inv;
- BIGLITTLE(n[-1], n[0]) = t;
- x += (BNWORD128)t * BIGLITTLE(mod[-1],mod[0]); /* Can't overflow */
- assert((BNWORD64)x == 0);
- x = x >> 64;
-
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pn = n;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD128)BIGLITTLE(*--pn * *pm++, *pn++ * *--pm);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pn == n-i, pn == n+i));
- y = t = BIGLITTLE(pn[-1], pn[0]);
- x += y;
- carry += (x < y);
- BIGLITTLE(pn[-1], pn[0]) = t = inv * (BNWORD64)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD128)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD64)x == 0);
- x = x >> 64 | (BNWORD128)carry << 64;
- }
-
- BIGLITTLE(n -= mlen, n += mlen);
-
- /* Pass 2 - compute upper words and add to n */
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pm = BIGLITTLE(mod-i,mod+i);
- pn = n;
- for (j = i; j < mlen; j++) {
- y = (BNWORD128)BIGLITTLE(*--pm * *pn++, *pm++ * *--pn);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-mlen, pm == mod+mlen));
- assert(BIGLITTLE(pn == n+mlen-i, pn == n-mlen+i));
- y = t = BIGLITTLE(*(n-i),*(n+i-1));
- x += y;
- carry += (x < y);
- BIGLITTLE(*(n-i),*(n+i-1)) = (BNWORD64)x;
- x = (x >> 64) | (BNWORD128)carry << 64;
- }
-
- /* Last round of second half, simplified. */
- t = BIGLITTLE(*(n-mlen),*(n+mlen-1));
- x += t;
- BIGLITTLE(*(n-mlen),*(n+mlen-1)) = (BNWORD64)x;
- carry = (unsigned)(x >> 64);
-
- while (carry)
- carry -= lbnSubN_64(n, mod, mlen);
- while (lbnCmp_64(n, mod, mlen) >= 0)
- (void)lbnSubN_64(n, mod, mlen);
-}
-#define lbnMontReduce_64 lbnMontReduce_64
-#endif
-
-/*
- * Montgomery reduce n, modulo mod. This reduces modulo mod and divides by
- * 2^(64*mlen). Returns the result in the *top* mlen words of the argument n.
- * This is ready for another multiplication using lbnMul_64.
- *
- * Montgomery representation is a very useful way to encode numbers when
- * you're doing lots of modular reduction. What you do is pick a multiplier
- * R which is relatively prime to the modulus and very easy to divide by.
- * Since the modulus is odd, R is closen as a power of 2, so the division
- * is a shift. In fact, it's a shift of an integral number of words,
- * so the shift can be implicit - just drop the low-order words.
- *
- * Now, choose R *larger* than the modulus m, 2^(64*mlen). Then convert
- * all numbers a, b, etc. to Montgomery form M(a), M(b), etc using the
- * relationship M(a) = a*R mod m, M(b) = b*R mod m, etc. Note that:
- * - The Montgomery form of a number depends on the modulus m.
- * A fixed modulus m is assumed throughout this discussion.
- * - Since R is relaitvely prime to m, multiplication by R is invertible;
- * no information about the numbers is lost, they're just scrambled.
- * - Adding (and subtracting) numbers in this form works just as usual.
- * M(a+b) = (a+b)*R mod m = (a*R + b*R) mod m = (M(a) + M(b)) mod m
- * - Multiplying numbers in this form produces a*b*R*R. The problem
- * is to divide out the excess factor of R, modulo m as well as to
- * reduce to the given length mlen. It turns out that this can be
- * done *faster* than a normal divide, which is where the speedup
- * in Montgomery division comes from.
- *
- * Normal reduction chooses a most-significant quotient digit q and then
- * subtracts q*m from the number to be reduced. Choosing q is tricky
- * and involved (just look at lbnDiv_64 to see!) and is usually
- * imperfect, requiring a check for correction after the subtraction.
- *
- * Montgomery reduction *adds* a multiple of m to the *low-order* part
- * of the number to be reduced. This multiple is chosen to make the
- * low-order part of the number come out to zero. This can be done
- * with no trickery or error using a precomputed inverse of the modulus.
- * In this code, the "part" is one word, but any width can be used.
- *
- * Repeating this step sufficiently often results in a value which
- * is a multiple of R (a power of two, remember) but is still (since
- * the additions were to the low-order part and thus did not increase
- * the value of the number being reduced very much) still not much
- * larger than m*R. Then implicitly divide by R and subtract off
- * m until the result is in the correct range.
- *
- * Since the low-order part being cancelled is less than R, the
- * multiple of m added must have a multiplier which is at most R-1.
- * Assuming that the input is at most m*R-1, the final number is
- * at most m*(2*R-1)-1 = 2*m*R - m - 1, so subtracting m once from
- * the high-order part, equivalent to subtracting m*R from the
- * while number, produces a result which is at most m*R - m - 1,
- * which divided by R is at most m-1.
- *
- * To convert *to* Montgomery form, you need a regular remainder
- * routine, although you can just compute R*R (mod m) and do the
- * conversion using Montgomery multiplication. To convert *from*
- * Montgomery form, just Montgomery reduce the number to
- * remove the extra factor of R.
- *
- * TODO: Change to a full inverse and use Karatsuba's multiplication
- * rather than this word-at-a-time.
- */
-#ifndef lbnMontReduce_64
-void
-lbnMontReduce_64(BNWORD64 *n, BNWORD64 const *mod, unsigned const mlen,
- BNWORD64 inv)
-{
- BNWORD64 t;
- BNWORD64 c = 0;
- unsigned len = mlen;
-
- /* inv must be the negative inverse of mod's least significant word */
- assert((BNWORD64)(inv * BIGLITTLE(mod[-1],mod[0])) == (BNWORD64)-1);
-
- assert(len);
-
- do {
- t = lbnMulAdd1_64(n, mod, mlen, inv * BIGLITTLE(n[-1],n[0]));
- c += lbnAdd1_64(BIGLITTLE(n-mlen,n+mlen), len, t);
- BIGLITTLE(--n,++n);
- } while (--len);
-
- /*
- * All that adding can cause an overflow past the modulus size,
- * but it's unusual, and never by much, so a subtraction loop
- * is the right way to deal with it.
- * This subtraction happens infrequently - I've only ever seen it
- * invoked once per reduction, and then just under 22.5% of the time.
- */
- while (c)
- c -= lbnSubN_64(n, mod, mlen);
- while (lbnCmp_64(n, mod, mlen) >= 0)
- (void)lbnSubN_64(n, mod, mlen);
-}
-#endif /* !lbnMontReduce_64 */
-
-/*
- * A couple of helpers that you might want to implement atomically
- * in asm sometime.
- */
-#ifndef lbnMontMul_64
-/*
- * Multiply "num1" by "num2", modulo "mod", all of length "len", and
- * place the result in the high half of "prod". "inv" is the inverse
- * of the least-significant word of the modulus, modulo 2^64.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontMul_64(prod, n1, n2, mod, len, inv) \
- (lbnMulX_64(prod, n1, n2, len), lbnMontReduce_64(prod, mod, len, inv))
-#endif /* !lbnMontMul_64 */
-
-#ifndef lbnMontSquare_64
-/*
- * Square "n", modulo "mod", both of length "len", and place the result
- * in the high half of "prod". "inv" is the inverse of the least-significant
- * word of the modulus, modulo 2^64.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontSquare_64(prod, n, mod, len, inv) \
- (lbnSquare_64(prod, n, len), lbnMontReduce_64(prod, mod, len, inv))
-
-#endif /* !lbnMontSquare_64 */
-
-/*
- * Convert a number to Montgomery form - requires mlen + nlen words
- * of memory in "n".
- */
-void
-lbnToMont_64(BNWORD64 *n, unsigned nlen, BNWORD64 *mod, unsigned mlen)
-{
- /* Move n up "mlen" words */
- lbnCopy_64(BIGLITTLE(n-mlen,n+mlen), n, nlen);
- lbnZero_64(n, mlen);
- /* Do the division - dump the quotient in the high-order words */
- (void)lbnDiv_64(BIGLITTLE(n-mlen,n+mlen), n, mlen+nlen, mod, mlen);
-}
-
-/*
- * Convert from Montgomery form. Montgomery reduction is all that is
- * needed.
- */
-void
-lbnFromMont_64(BNWORD64 *n, BNWORD64 *mod, unsigned len)
-{
- /* Zero the high words of n */
- lbnZero_64(BIGLITTLE(n-len,n+len), len);
- lbnMontReduce_64(n, mod, len, lbnMontInv1_64(mod[BIGLITTLE(-1,0)]));
- /* Move n down len words */
- lbnCopy_64(n, BIGLITTLE(n-len,n+len), len);
-}
-
-/*
- * The windowed exponentiation algorithm, precomputes a table of odd
- * powers of n up to 2^k. See the comment in bnExpMod_64 below for
- * an explanation of how it actually works works.
- *
- * It takes 2^(k-1)-1 multiplies to compute the table, and (e-1)/(k+1)
- * multiplies (on average) to perform the exponentiation. To minimize
- * the sum, k must vary with e. The optimal window sizes vary with the
- * exponent length. Here are some selected values and the boundary cases.
- * (An underscore _ has been inserted into some of the numbers to ensure
- * that magic strings like 64 do not appear in this table. It should be
- * ignored.)
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 8 bits, k=2 (3.333333) < k=1 (3.500000)
- * At e = 1_6 bits, k=2 (6.000000) is best
- * At e = 26 bits, k=3 (9.250000) < k=2 (9.333333)
- * At e = 3_2 bits, k=3 (10.750000) is best
- * At e = 6_4 bits, k=3 (18.750000) is best
- * At e = 82 bits, k=4 (23.200000) < k=3 (23.250000)
- * At e = 128 bits, k=4 (3_2.400000) is best
- * At e = 242 bits, k=5 (55.1_66667) < k=4 (55.200000)
- * At e = 256 bits, k=5 (57.500000) is best
- * At e = 512 bits, k=5 (100.1_66667) is best
- * At e = 674 bits, k=6 (127.142857) < k=5 (127.1_66667)
- * At e = 1024 bits, k=6 (177.142857) is best
- * At e = 1794 bits, k=7 (287.125000) < k=6 (287.142857)
- * At e = 2048 bits, k=7 (318.875000) is best
- * At e = 4096 bits, k=7 (574.875000) is best
- *
- * The numbers in parentheses are the expected number of multiplications
- * needed to do the computation. The normal russian-peasant modular
- * exponentiation technique always uses (e-1)/2. For exponents as
- * small as 192 bits (below the range of current factoring algorithms),
- * half of the multiplies are eliminated, 45.2 as opposed to the naive
- * 95.5. Counting the 191 squarings as 3/4 a multiply each (squaring
- * proper is just over half of multiplying, but the Montgomery
- * reduction in each case is also a multiply), that's 143.25
- * multiplies, for totals of 188.45 vs. 238.75 - a 21% savings.
- * For larger exponents (like 512 bits), it's 483.92 vs. 639.25, a
- * 24.3% savings. It asymptotically approaches 25%.
- *
- * Um, actually there's a slightly more accurate way to count, which
- * really is the average number of multiplies required, averaged
- * uniformly over all 2^(e-1) e-bit numbers, from 2^(e-1) to (2^e)-1.
- * It's based on the recurrence that for the last b bits, b <= k, at
- * most one multiply is needed (and none at all 1/2^b of the time),
- * while when b > k, the odds are 1/2 each way that the bit will be
- * 0 (meaning no multiplies to reduce it to the b-1-bit case) and
- * 1/2 that the bit will be 1, starting a k-bit window and requiring
- * 1 multiply beyond the b-k-bit case. Since the most significant
- * bit is always 1, a k-bit window always starts there, and that
- * multiply is by 1, so it isn't a multiply at all. Thus, the
- * number of multiplies is simply that needed for the last e-k bits.
- * This recurrence produces:
- *
- * At e = 1 bits, k=1 (0.000000) is best
- * At e = 2 bits, k=1 (0.500000) is best
- * At e = 4 bits, k=1 (1.500000) is best
- * At e = 6 bits, k=2 (2.437500) < k=1 (2.500000)
- * At e = 8 bits, k=2 (3.109375) is best
- * At e = 1_6 bits, k=2 (5.777771) is best
- * At e = 24 bits, k=3 (8.437629) < k=2 (8.444444)
- * At e = 3_2 bits, k=3 (10.437492) is best
- * At e = 6_4 bits, k=3 (18.437500) is best
- * At e = 81 bits, k=4 (22.6_40000) < k=3 (22.687500)
- * At e = 128 bits, k=4 (3_2.040000) is best
- * At e = 241 bits, k=5 (54.611111) < k=4 (54.6_40000)
- * At e = 256 bits, k=5 (57.111111) is best
- * At e = 512 bits, k=5 (99.777778) is best
- * At e = 673 bits, k=6 (126.591837) < k=5 (126.611111)
- * At e = 1024 bits, k=6 (176.734694) is best
- * At e = 1793 bits, k=7 (286.578125) < k=6 (286.591837)
- * At e = 2048 bits, k=7 (318.453125) is best
- * At e = 4096 bits, k=7 (574.453125) is best
- *
- * This has the rollover points at 6, 24, 81, 241, 673 and 1793 instead
- * of 8, 26, 82, 242, 674, and 1794. Not a very big difference.
- * (The numbers past that are k=8 at 4609 and k=9 at 11521,
- * vs. one more in each case for the approximation.)
- *
- * Given that exponents for which k>7 are useful are uncommon,
- * a fixed size table for k <= 7 is used for simplicity.
- *
- * The basic number of squarings needed is e-1, although a k-bit
- * window (for k > 1) can save, on average, k-2 of those, too.
- * That savings currently isn't counted here. It would drive the
- * crossover points slightly lower.
- * (Actually, this win is also reduced in the DoubleExpMod case,
- * meaning we'd have to split the tables. Except for that, the
- * multiplies by powers of the two bases are independent, so
- * the same logic applies to each as the single case.)
- *
- * Table entry i is the largest number of bits in an exponent to
- * process with a window size of i+1. Entry 6 is the largest
- * possible unsigned number, so the window will never be more
- * than 7 bits, requiring 2^6 = 0x40 slots.
- */
-#define BNEXPMOD_MAX_WINDOW 7
-static unsigned const bnExpModThreshTable[BNEXPMOD_MAX_WINDOW] = {
- 5, 23, 80, 240, 672, 1792, (unsigned)-1
-/* 7, 25, 81, 241, 673, 1793, (unsigned)-1 ### The old approximations */
-};
-
-/*
- * Perform modular exponentiation, as fast as possible! This uses
- * Montgomery reduction, optimized squaring, and windowed exponentiation.
- * The modulus "mod" MUST be odd!
- *
- * This returns 0 on success, -1 on out of memory.
- *
- * The window algorithm:
- * The idea is to keep a running product of b1 = n^(high-order bits of exp),
- * and then keep appending exponent bits to it. The following patterns
- * apply to a 3-bit window (k = 3):
- * To append 0: square
- * To append 1: square, multiply by n^1
- * To append 10: square, multiply by n^1, square
- * To append 11: square, square, multiply by n^3
- * To append 100: square, multiply by n^1, square, square
- * To append 101: square, square, square, multiply by n^5
- * To append 110: square, square, multiply by n^3, square
- * To append 111: square, square, square, multiply by n^7
- *
- * Since each pattern involves only one multiply, the longer the pattern
- * the better, except that a 0 (no multiplies) can be appended directly.
- * We precompute a table of odd powers of n, up to 2^k, and can then
- * multiply k bits of exponent at a time. Actually, assuming random
- * exponents, there is on average one zero bit between needs to
- * multiply (1/2 of the time there's none, 1/4 of the time there's 1,
- * 1/8 of the time, there's 2, 1/64 of the time, there's 3, etc.), so
- * you have to do one multiply per k+1 bits of exponent.
- *
- * The loop walks down the exponent, squaring the result buffer as
- * it goes. There is a wbits+1 bit lookahead buffer, buf, that is
- * filled with the upcoming exponent bits. (What is read after the
- * end of the exponent is unimportant, but it is filled with zero here.)
- * When the most-significant bit of this buffer becomes set, i.e.
- * (buf & tblmask) != 0, we have to decide what pattern to multiply
- * by, and when to do it. We decide, remember to do it in future
- * after a suitable number of squarings have passed (e.g. a pattern
- * of "100" in the buffer requires that we multiply by n^1 immediately;
- * a pattern of "110" calls for multiplying by n^3 after one more
- * squaring), clear the buffer, and continue.
- *
- * When we start, there is one more optimization: the result buffer
- * is implcitly one, so squaring it or multiplying by it can be
- * optimized away. Further, if we start with a pattern like "100"
- * in the lookahead window, rather than placing n into the buffer
- * and then starting to square it, we have already computed n^2
- * to compute the odd-powers table, so we can place that into
- * the buffer and save a squaring.
- *
- * This means that if you have a k-bit window, to compute n^z,
- * where z is the high k bits of the exponent, 1/2 of the time
- * it requires no squarings. 1/4 of the time, it requires 1
- * squaring, ... 1/2^(k-1) of the time, it reqires k-2 squarings.
- * And the remaining 1/2^(k-1) of the time, the top k bits are a
- * 1 followed by k-1 0 bits, so it again only requires k-2
- * squarings, not k-1. The average of these is 1. Add that
- * to the one squaring we have to do to compute the table,
- * and you'll see that a k-bit window saves k-2 squarings
- * as well as reducing the multiplies. (It actually doesn't
- * hurt in the case k = 1, either.)
- *
- * n must have mlen words allocated. Although fewer may be in use
- * when n is passed in, all are in use on exit.
- */
-int
-lbnExpMod_64(BNWORD64 *result, BNWORD64 const *n, unsigned nlen,
- BNWORD64 const *e, unsigned elen, BNWORD64 *mod, unsigned mlen)
-{
- BNWORD64 *table[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n */
- unsigned ebits; /* Exponent bits */
- unsigned wbits; /* Window size */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD64 bitpos; /* Mask of current look-ahead bit */
- unsigned buf; /* Buffer of exponent bits */
- unsigned multpos; /* Where to do pending multiply */
- BNWORD64 const *mult; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD64 *a, *b; /* Working buffers/accumulators */
- BNWORD64 *t; /* Pointer into the working buffers */
- BNWORD64 inv; /* mod^-1 modulo 2^64 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(nlen <= mlen);
-
- /* First, a couple of trivial cases. */
- elen = lbnNorm_64(e, elen);
- if (!elen) {
- /* x ^ 0 == 1 */
- lbnZero_64(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- ebits = lbnBits_64(e, elen);
- if (ebits == 1) {
- /* x ^ 1 == x */
- if (n != result)
- lbnCopy_64(result, n, nlen);
- if (mlen > nlen)
- lbnZero_64(BIGLITTLE(result-nlen,result+nlen),
- mlen-nlen);
- return 0;
- }
-
- /* Okay, now move the exponent pointer to the most-significant word */
- e = BIGLITTLE(e-elen, e+elen-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- wbits = 0;
- while (ebits > bnExpModThreshTable[wbits])
- wbits++;
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD64, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD64, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << wbits;
-
- /* We have the result buffer available, so use it. */
- table[0] = result;
-
- /*
- * Okay, we now have a minimal-sized table - expand it.
- * This is allowed to fail! If so, scale back the table size
- * and proceed.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD64, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table[i] = t;
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- wbits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask)
- LBNFREE(table[i], mlen);
-
- /* Okay, fill in the table */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_64(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n to Montgomery form */
-
- /* Move n up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_64(t, n, nlen);
- lbnZero_64(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_64(t, a, mlen+nlen, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_64(table[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_64(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_64(a, t, table[i-1], mod, mlen, inv);
- lbnCopy_64(table[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* We might use b = n^2 later... */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD64)1 << ((ebits-1) & (64-1)); /* Initialize mask */
-
- /* This should point to the msbit of e */
- assert((*e & bitpos) != 0);
-
- /*
- * Pre-load the window. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e in here.
- *
- * The read-ahead is controlled by elen and the bitpos mask.
- * Note that this is *ahead* of ebits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two wbits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- */
- buf = 0;
- for (i = 0; i <= wbits; i++) {
- buf = (buf << 1) | ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD64)1 << (64-1);
- elen--;
- }
- }
- assert(buf & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- multpos = ebits; /* A NULL value */
- mult = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- ebits--; /* Start processing the first bit... */
- isone = 1;
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf is set, and
- * - We have the extra value n^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf & tblmask);
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (multpos == ebits)
- isone = 0;
-
- /*
- * At this point, the buffer (which is the high half of b) holds
- * either 1 (implicitly, as the "isone" flag is set), or n^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the window
- * - If the most-significant bit of the window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffer
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- ebits--;
-
- /* Advance the window */
- assert(buf < tblmask);
- buf <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by ebits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (elen) {
- buf |= ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD64)1 << (64-1);
- elen--;
- }
- }
-
- /* Examine the window for pending multiplies */
- if (buf & tblmask) {
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
- }
-
- /* If we have a pending multiply, do it */
- if (ebits == multpos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_64(t, mult, mlen);
- isone = 0;
- } else {
- lbnMontMul_64(a, t, mult, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!ebits)
- break;
-
- /* Square the input */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_64(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_64(b, t, mlen);
- lbnZero_64(t, mlen);
- lbnMontReduce_64(b, mod, mlen, inv);
- lbnCopy_64(result, t, mlen);
- /*
- * Clean up - free intermediate storage.
- * Do NOT free table[0], which is the result
- * buffer.
- */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- while (--tblmask)
- LBNFREE(table[tblmask], mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-/*
- * Compute and return n1^e1 * n2^e2 mod "mod".
- * result may be either input buffer, or something separate.
- * It must be "mlen" words long.
- *
- * There is a current position in the exponents, which is kept in e1bits.
- * (The exponents are swapped if necessary so e1 is the longer of the two.)
- * At any given time, the value in the accumulator is
- * n1^(e1>>e1bits) * n2^(e2>>e1bits) mod "mod".
- * As e1bits is counted down, this is updated, by squaring it and doing
- * any necessary multiplies.
- * To decide on the necessary multiplies, two windows, each w1bits+1 bits
- * wide, are maintained in buf1 and buf2, which read *ahead* of the
- * e1bits position (with appropriate handling of the case when e1bits
- * drops below w1bits+1). When the most-significant bit of either window
- * becomes set, indicating that something needs to be multiplied by
- * the accumulator or it will get out of sync, the window is examined
- * to see which power of n1 or n2 to multiply by, and when (possibly
- * later, if the power is greater than 1) the multiply should take
- * place. Then the multiply and its location are remembered and the
- * window is cleared.
- *
- * If we had every power of n1 in the table, the multiply would always
- * be w1bits steps in the future. But we only keep the odd powers,
- * so instead of waiting w1bits squarings and then multiplying
- * by n1^k, we wait w1bits-k squarings and multiply by n1.
- *
- * Actually, w2bits can be less than w1bits, but the window is the same
- * size, to make it easier to keep track of where we're reading. The
- * appropriate number of low-order bits of the window are just ignored.
- */
-int
-lbnDoubleExpMod_64(BNWORD64 *result,
- BNWORD64 const *n1, unsigned n1len,
- BNWORD64 const *e1, unsigned e1len,
- BNWORD64 const *n2, unsigned n2len,
- BNWORD64 const *e2, unsigned e2len,
- BNWORD64 *mod, unsigned mlen)
-{
- BNWORD64 *table1[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n1 */
- BNWORD64 *table2[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n2 */
- unsigned e1bits, e2bits; /* Exponent bits */
- unsigned w1bits, w2bits; /* Window sizes */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD64 bitpos; /* Mask of current look-ahead bit */
- unsigned buf1, buf2; /* Buffer of exponent bits */
- unsigned mult1pos, mult2pos; /* Where to do pending multiply */
- BNWORD64 const *mult1, *mult2; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD64 *a, *b; /* Working buffers/accumulators */
- BNWORD64 *t; /* Pointer into the working buffers */
- BNWORD64 inv; /* mod^-1 modulo 2^64 */
- int y; /* bnYield() result */
-
- assert(mlen);
- assert(n1len <= mlen);
- assert(n2len <= mlen);
-
- /* First, a couple of trivial cases. */
- e1len = lbnNorm_64(e1, e1len);
- e2len = lbnNorm_64(e2, e2len);
-
- /* Ensure that the first exponent is the longer */
- e1bits = lbnBits_64(e1, e1len);
- e2bits = lbnBits_64(e2, e2len);
- if (e1bits < e2bits) {
- i = e1len; e1len = e2len; e2len = i;
- i = e1bits; e1bits = e2bits; e2bits = i;
- t = (BNWORD64 *)n1; n1 = n2; n2 = t;
- t = (BNWORD64 *)e1; e1 = e2; e2 = t;
- }
- assert(e1bits >= e2bits);
-
- /* Handle a trivial case */
- if (!e2len)
- return lbnExpMod_64(result, n1, n1len, e1, e1len, mod, mlen);
- assert(e2bits);
-
- /* The code below fucks up if the exponents aren't at least 2 bits */
- if (e1bits == 1) {
- assert(e2bits == 1);
-
- LBNALLOC(a, BNWORD64, n1len+n2len);
- if (!a)
- return -1;
-
- lbnMul_64(a, n1, n1len, n2, n2len);
- /* Do a direct modular reduction */
- if (n1len + n2len >= mlen)
- (void)lbnDiv_64(a+mlen, a, n1len+n2len, mod, mlen);
- lbnCopy_64(result, a, mlen);
- LBNFREE(a, n1len+n2len);
- return 0;
- }
-
- /* Okay, now move the exponent pointers to the most-significant word */
- e1 = BIGLITTLE(e1-e1len, e1+e1len-1);
- e2 = BIGLITTLE(e2-e2len, e2+e2len-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- w1bits = 0;
- while (e1bits > bnExpModThreshTable[w1bits])
- w1bits++;
- w2bits = 0;
- while (e2bits > bnExpModThreshTable[w2bits])
- w2bits++;
-
- assert(w1bits >= w2bits);
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, BNWORD64, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD64, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << w1bits;
- /* Use buf2 for its size, temporarily */
- buf2 = 1u << w2bits;
-
- LBNALLOC(t, BNWORD64, mlen);
- if (!t) {
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return -1;
- }
- table1[0] = t;
- table2[0] = result;
-
- /*
- * Okay, we now have some minimal-sized tables - expand them.
- * This is allowed to fail! If so, scale back the table sizes
- * and proceed. We allocate both tables at the same time
- * so if it fails partway through, they'll both be a reasonable
- * size rather than one huge and one tiny.
- * When i passes buf2 (the number of entries in the e2 window,
- * which may be less than the number of entries in the e1 window),
- * stop allocating e2 space.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, BNWORD64, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table1[i] = t;
- if (i < buf2) {
- LBNALLOC(t, BNWORD64, mlen);
- if (!t) {
- LBNFREE(table1[i], mlen);
- break;
- }
- table2[i] = t;
- }
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- w1bits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask) {
- if (i < buf2)
- LBNFREE(table2[i], mlen);
- LBNFREE(table1[i], mlen);
- }
- /* And shrink the second window too, if needed */
- if (w2bits > w1bits) {
- w2bits = w1bits;
- buf2 = tblmask;
- }
-
- /*
- * From now on, use the w2bits variable for the difference
- * between w1bits and w2bits.
- */
- w2bits = w1bits-w2bits;
-
- /* Okay, fill in the tables */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_64(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n1 to Montgomery form */
-
- /* Move n1 up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_64(t, n1, n1len);
- lbnZero_64(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_64(t, a, mlen+n1len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_64(table1[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_64(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the first table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_64(a, t, table1[i-1], mod, mlen, inv);
- lbnCopy_64(table1[i], BIGLITTLE(a-mlen, a+mlen), mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* Convert n2 to Montgomery form */
-
- t = BIGLITTLE(a-mlen, a+mlen);
- /* Move n2 up "mlen" words into a */
- lbnCopy_64(t, n2, n2len);
- lbnZero_64(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_64(t, a, mlen+n2len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_64(table2[0], a, mlen);
-
- /* Square it into a */
- lbnMontSquare_64(a, table2[0], mod, mlen, inv);
- /* Copy to b, low half */
- lbnCopy_64(b, t, mlen);
-
- /* Use b to initialize the second table */
- for (i = 1; i < buf2; i++) {
- lbnMontMul_64(a, b, table2[i-1], mod, mlen, inv);
- lbnCopy_64(table2[i], t, mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /*
- * Okay, a recap: at this point, the low part of b holds
- * n2^2, the high part holds n1^2, and the tables are
- * initialized with the odd powers of n1 and n2 from 1
- * through 2*tblmask-1 and 2*buf2-1.
- *
- * We might use those squares in b later, or we might not.
- */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD64)1 << ((e1bits-1) & (64-1)); /* Initialize mask */
-
- /* This should point to the msbit of e1 */
- assert((*e1 & bitpos) != 0);
-
- /*
- * Pre-load the windows. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e1 in here.
- *
- * The read-ahead is controlled by e1len and the bitpos mask.
- * Note that this is *ahead* of e1bits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two w1bits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- * e2len is not decremented, it is only ever compared with
- * e1len as *that* is decremented.
- */
- buf1 = buf2 = 0;
- for (i = 0; i <= w1bits; i++) {
- buf1 = (buf1 << 1) | ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 = (buf2 << 1) | ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD64)1 << (64-1);
- e1len--;
- }
- }
- assert(buf1 & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- mult1pos = mult2pos = e1bits; /* A NULL value */
- mult1 = mult2 = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- isone = 1; /* Buffer is implicitly 1, so replace * by copy */
- e1bits--; /* Start processing the first bit... */
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf1 is set, and
- * - We have the extra value n1^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n1^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n1^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf1 & tblmask);
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (mult1pos == e1bits)
- isone = 0;
-
- /*
- * The first multiply by a power of n2. Similar, but
- * we might not even want to schedule a multiply if e2 is
- * shorter than e1, and the window might be shorter so
- * we have to leave the low w2bits bits alone.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
-
- if (mult2pos == e1bits) {
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- lbnCopy_64(t, b, mlen); /* Copy low to high */
- isone = 0;
- } else {
- lbnMontMul_64(a, t, b, mod, mlen, inv);
- t = a; a = b; b = t;
- }
- }
- }
-
- /*
- * At this point, the buffer (which is the high half of b)
- * holds either 1 (implicitly, as the "isone" flag is set),
- * n1^2, n2^2 or n1^2 * n2^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the windows
- * - If the most-significant bit of a window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffers
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- e1bits--;
-
- /* Advance the windows */
- assert(buf1 < tblmask);
- buf1 <<= 1;
- assert(buf2 < tblmask);
- buf2 <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by e1bits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (e1len) {
- buf1 |= ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 |= ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD64)1 << (64-1);
- e1len--;
- }
- }
-
- /* Examine the first window for pending multiplies */
- if (buf1 & tblmask) {
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
- }
-
- /*
- * Examine the second window for pending multiplies.
- * Window 2 can be smaller than window 1, but we
- * keep the same number of bits in buf2, so we need
- * to ignore any low-order bits in the buffer when
- * computing what to multiply by, and recompute them
- * later.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
- }
-
-
- /* If we have a pending multiply for e1, do it */
- if (e1bits == mult1pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_64(t, mult1, mlen);
- isone = 0;
- } else {
- lbnMontMul_64(a, t, mult1, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* If we have a pending multiply for e2, do it */
- if (e1bits == mult2pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_64(t, mult2, mlen);
- isone = 0;
- } else {
- lbnMontMul_64(a, t, mult2, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!e1bits)
- break;
-
- /* Square the buffer */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_64(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf1);
- assert(!buf2);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_64(b, t, mlen);
- lbnZero_64(t, mlen);
- lbnMontReduce_64(b, mod, mlen, inv);
- lbnCopy_64(result, t, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- buf2 = tblmask >> w2bits;
- while (--tblmask) {
- if (tblmask < buf2)
- LBNFREE(table2[tblmask], mlen);
- LBNFREE(table1[tblmask], mlen);
- }
- t = table1[0];
- LBNFREE(t, mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-/*
- * 2^exp (mod mod). This is an optimized version for use in Fermat
- * tests. The input value of n is ignored; it is returned with
- * "mlen" words valid.
- */
-int
-lbnTwoExpMod_64(BNWORD64 *n, BNWORD64 const *exp, unsigned elen,
- BNWORD64 *mod, unsigned mlen)
-{
- unsigned e; /* Copy of high words of the exponent */
- unsigned bits; /* Assorted counter of bits */
- BNWORD64 const *bitptr;
- BNWORD64 bitword, bitpos;
- BNWORD64 *a, *b, *a1;
- BNWORD64 inv;
- int y; /* Result of bnYield() */
-
- assert(mlen);
-
- bitptr = BIGLITTLE(exp-elen, exp+elen-1);
- bitword = *bitptr;
- assert(bitword);
-
- /* Clear n for future use. */
- lbnZero_64(n, mlen);
-
- bits = lbnBits_64(exp, elen);
-
- /* First, a couple of trivial cases. */
- if (bits <= 1) {
- /* 2 ^ 0 == 1, 2 ^ 1 == 2 */
- BIGLITTLE(n[-1],n[0]) = (BNWORD64)1<<elen;
- return 0;
- }
-
- /* Set bitpos to the most significant bit */
- bitpos = (BNWORD64)1 << ((bits-1) & (64-1));
-
- /* Now, count the bits in the modulus. */
- bits = lbnBits_64(mod, mlen);
- assert(bits > 1); /* a 1-bit modulus is just stupid... */
-
- /*
- * We start with 1<<e, where "e" is as many high bits of the
- * exponent as we can manage without going over the modulus.
- * This first loop finds "e".
- */
- e = 1;
- while (elen) {
- /* Consume the first bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break;
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD64)1<<(64-1);
- }
- e = (e << 1) | ((bitpos & bitword) != 0);
- if (e >= bits) { /* Overflow! Back out. */
- e >>= 1;
- break;
- }
- }
- /*
- * The bit in "bitpos" being examined by the bit buffer has NOT
- * been consumed yet. This may be past the end of the exponent,
- * in which case elen == 1.
- */
-
- /* Okay, now, set bit "e" in n. n is already zero. */
- inv = (BNWORD64)1 << (e & (64-1));
- e /= 64;
- BIGLITTLE(n[-e-1],n[e]) = inv;
- /*
- * The effective length of n in words is now "e+1".
- * This is used a little bit later.
- */
-
- if (!elen)
- return 0; /* That was easy! */
-
- /*
- * We have now processed the first few bits. The next step
- * is to convert this to Montgomery form for further squaring.
- */
-
- /* Allocate working storage: two product buffers */
- LBNALLOC(a, BNWORD64, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD64, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_64(inv);
- /* Move n (length e+1, remember?) up "mlen" words into b */
- /* Note that we lie about a1 for a bit - it's pointing to b */
- a1 = BIGLITTLE(b-mlen,b+mlen);
- lbnCopy_64(a1, n, e+1);
- lbnZero_64(b, mlen);
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_64(a1, b, mlen+e+1, mod, mlen);
- /*
- * Now do the first squaring and modular reduction to put
- * the number up in a1 where it belongs.
- */
- lbnMontSquare_64(a, b, mod, mlen, inv);
- /* Fix up a1 to point to where it should go. */
- a1 = BIGLITTLE(a-mlen,a+mlen);
-
- /*
- * Okay, now, a1 holds the number being accumulated, and
- * b is a scratch register. Start working:
- */
- for (;;) {
- /*
- * Is the bit set? If so, double a1 as well.
- * A modular doubling like this is very cheap.
- */
- if (bitpos & bitword) {
- /*
- * Double the number. If there was a carry out OR
- * the result is greater than the modulus, subract
- * the modulus.
- */
- if (lbnDouble_64(a1, mlen) ||
- lbnCmp_64(a1, mod, mlen) > 0)
- (void)lbnSubN_64(a1, mod, mlen);
- }
-
- /* Advance to the next exponent bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break; /* Done! */
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD64)1<<(64-1);
- }
-
- /*
- * The elen/bitword/bitpos bit buffer is known to be
- * non-empty, i.e. there is at least one more unconsumed bit.
- * Thus, it's safe to square the number.
- */
- lbnMontSquare_64(b, a1, mod, mlen, inv);
- /* Rename result (in b) back to a (a1, really). */
- a1 = b; b = a; a = a1;
- a1 = BIGLITTLE(a-mlen,a+mlen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- goto yield;
-#endif
- }
-
- /* DONE! Just a little bit of cleanup... */
-
- /*
- * Convert result out of Montgomery form... this is
- * just a Montgomery reduction.
- */
- lbnCopy_64(a, a1, mlen);
- lbnZero_64(a1, mlen);
- lbnMontReduce_64(a, mod, mlen, inv);
- lbnCopy_64(n, a1, mlen);
-
- /* Clean up - free intermediate storage */
- y = 0;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y; /* Success */
-}
-
-
-/*
- * Returns a substring of the big-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractBigBytes_64(BNWORD64 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD64 t = 0; /* Needed to shut up uninitialized var warnings */
- unsigned shift;
-
- lsbyte += buflen;
-
- shift = (8 * lsbyte) % 64;
- lsbyte /= (64/8); /* Convert to word offset */
- BIGLITTLE(n -= lsbyte, n += lsbyte);
-
- if (shift)
- t = BIGLITTLE(n[-1],n[0]);
-
- while (buflen--) {
- if (!shift) {
- t = BIGLITTLE(*n++,*--n);
- shift = 64;
- }
- shift -= 8;
- *buf++ = (unsigned char)(t>>shift);
- }
-}
-
-/*
- * Merge a big-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its *last* byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertBigBytes_64(BNWORD64 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD64 t = 0; /* Shut up uninitialized varibale warnings */
-
- lsbyte += buflen;
-
- BIGLITTLE(n -= lsbyte/(64/8), n += lsbyte/(64/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (64/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 64;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *buf++;
- if ((--lsbyte % (64/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 64;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD64)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-/*
- * Returns a substring of the little-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractLittleBytes_64(BNWORD64 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD64 t = 0; /* Needed to shut up uninitialized var warnings */
-
- BIGLITTLE(n -= lsbyte/(64/8), n += lsbyte/(64/8));
-
- if (lsbyte % (64/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte % (64/8)) * 8 ;
- }
-
- while (buflen--) {
- if ((lsbyte++ % (64/8)) == 0)
- t = BIGLITTLE(*--n,*n++);
- *buf++ = (unsigned char)t;
- t >>= 8;
- }
-}
-
-/*
- * Merge a little-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its first byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertLittleBytes_64(BNWORD64 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD64 t = 0; /* Shut up uninitialized varibale warnings */
-
- /* Move to most-significant end */
- lsbyte += buflen;
- buf += buflen;
-
- BIGLITTLE(n -= lsbyte/(64/8), n += lsbyte/(64/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (64/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 64;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *--buf;
- if ((--lsbyte % (64/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 64;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD64)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-#ifdef DEADCODE /* This was a precursor to the more flexible lbnExtractBytes */
-/*
- * Convert a big-endian array of bytes to a bignum.
- * Returns the number of words in the bignum.
- * Note the expression "64/8" for the number of bytes per word.
- * This is so the word-size adjustment will work.
- */
-unsigned
-lbnFromBytes_64(BNWORD64 *a, unsigned char const *b, unsigned blen)
-{
- BNWORD64 t;
- unsigned alen = (blen + (64/8-1))/(64/8);
- BIGLITTLE(a -= alen, a += alen);
-
- while (blen) {
- t = 0;
- do {
- t = t << 8 | *b++;
- } while (--blen & (64/8-1));
- BIGLITTLE(*a++,*--a) = t;
- }
- return alen;
-}
-#endif
-
-/*
- * Computes the GCD of a and b. Modifies both arguments; when it returns,
- * one of them is the GCD and the other is trash. The return value
- * indicates which: 0 for a, and 1 for b. The length of the retult is
- * returned in rlen. Both inputs must have one extra word of precision.
- * alen must be >= blen.
- *
- * TODO: use the binary algorithm (Knuth section 4.5.2, algorithm B).
- * This is based on taking out common powers of 2, then repeatedly:
- * gcd(2*u,v) = gcd(u,2*v) = gcd(u,v) - isolated powers of 2 can be deleted.
- * gcd(u,v) = gcd(u-v,v) - the numbers can be easily reduced.
- * It gets less reduction per step, but the steps are much faster than
- * the division case.
- */
-int
-lbnGcd_64(BNWORD64 *a, unsigned alen, BNWORD64 *b, unsigned blen,
- unsigned *rlen)
-{
-#if BNYIELD
- int y;
-#endif
- assert(alen >= blen);
-
- while (blen != 0) {
- (void)lbnDiv_64(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- alen = lbnNorm_64(a, blen);
- if (alen == 0) {
- *rlen = blen;
- return 1;
- }
- (void)lbnDiv_64(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- blen = lbnNorm_64(b, alen);
-#if BNYIELD
- if (bnYield && (y = bnYield()) < 0)
- return y;
-#endif
- }
- *rlen = alen;
- return 0;
-}
-
-/*
- * Invert "a" modulo "mod" using the extended Euclidean algorithm.
- * Note that this only computes one of the cosequences, and uses the
- * theorem that the signs flip every step and the absolute value of
- * the cosequence values are always bounded by the modulus to avoid
- * having to work with negative numbers.
- * gcd(a,mod) had better equal 1. Returns 1 if the GCD is NOT 1.
- * a must be one word longer than "mod". It is overwritten with the
- * result.
- * TODO: Use Richard Schroeppel's *much* faster algorithm.
- */
-int
-lbnInv_64(BNWORD64 *a, unsigned alen, BNWORD64 const *mod, unsigned mlen)
-{
- BNWORD64 *b; /* Hold a copy of mod during GCD reduction */
- BNWORD64 *p; /* Temporary for products added to t0 and t1 */
- BNWORD64 *t0, *t1; /* Inverse accumulators */
- BNWORD64 cy;
- unsigned blen, t0len, t1len, plen;
- int y;
-
- alen = lbnNorm_64(a, alen);
- if (!alen)
- return 1; /* No inverse */
-
- mlen = lbnNorm_64(mod, mlen);
-
- assert (alen <= mlen);
-
- /* Inverse of 1 is 1 */
- if (alen == 1 && BIGLITTLE(a[-1],a[0]) == 1) {
- lbnZero_64(BIGLITTLE(a-alen,a+alen), mlen-alen);
- return 0;
- }
-
- /* Allocate a pile of space */
- LBNALLOC(b, BNWORD64, mlen+1);
- if (b) {
- /*
- * Although products are guaranteed to always be less than the
- * modulus, it can involve multiplying two 3-word numbers to
- * get a 5-word result, requiring a 6th word to store a 0
- * temporarily. Thus, mlen + 1.
- */
- LBNALLOC(p, BNWORD64, mlen+1);
- if (p) {
- LBNALLOC(t0, BNWORD64, mlen);
- if (t0) {
- LBNALLOC(t1, BNWORD64, mlen);
- if (t1)
- goto allocated;
- LBNFREE(t0, mlen);
- }
- LBNFREE(p, mlen+1);
- }
- LBNFREE(b, mlen+1);
- }
- return -1;
-
-allocated:
-
- /* Set t0 to 1 */
- t0len = 1;
- BIGLITTLE(t0[-1],t0[0]) = 1;
-
- /* b = mod */
- lbnCopy_64(b, mod, mlen);
- /* blen = mlen (implicitly) */
-
- /* t1 = b / a; b = b % a */
- cy = lbnDiv_64(t1, b, mlen, a, alen);
- *(BIGLITTLE(t1-(mlen-alen)-1,t1+(mlen-alen))) = cy;
- t1len = lbnNorm_64(t1, mlen-alen+1);
- blen = lbnNorm_64(b, alen);
-
- /* while (b > 1) */
- while (blen > 1 || BIGLITTLE(b[-1],b[0]) != (BNWORD64)1) {
- /* q = a / b; a = a % b; */
- if (alen < blen || (alen == blen && lbnCmp_64(a, a, alen) < 0))
- assert(0);
- cy = lbnDiv_64(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- *(BIGLITTLE(a-alen-1,a+alen)) = cy;
- plen = lbnNorm_64(BIGLITTLE(a-blen,a+blen), alen-blen+1);
- assert(plen);
- alen = lbnNorm_64(a, blen);
- if (!alen)
- goto failure; /* GCD not 1 */
-
- /* t0 += q * t1; */
- assert(plen+t1len <= mlen+1);
- lbnMul_64(p, BIGLITTLE(a-blen,a+blen), plen, t1, t1len);
- plen = lbnNorm_64(p, plen + t1len);
- assert(plen <= mlen);
- if (plen > t0len) {
- lbnZero_64(BIGLITTLE(t0-t0len,t0+t0len), plen-t0len);
- t0len = plen;
- }
- cy = lbnAddN_64(t0, p, plen);
- if (cy) {
- if (t0len > plen) {
- cy = lbnAdd1_64(BIGLITTLE(t0-plen,t0+plen),
- t0len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t0[-t0len-1],t0[t0len]) = cy;
- t0len++;
- }
- }
-
- /* if (a <= 1) return a ? t0 : FAIL; */
- if (alen <= 1 && BIGLITTLE(a[-1],a[0]) == (BNWORD64)1) {
- if (alen == 0)
- goto failure; /* FAIL */
- assert(t0len <= mlen);
- lbnCopy_64(a, t0, t0len);
- lbnZero_64(BIGLITTLE(a-t0len, a+t0len), mlen-t0len);
- goto success;
- }
-
- /* q = b / a; b = b % a; */
- if (blen < alen || (blen == alen && lbnCmp_64(b, a, alen) < 0))
- assert(0);
- cy = lbnDiv_64(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- *(BIGLITTLE(b-blen-1,b+blen)) = cy;
- plen = lbnNorm_64(BIGLITTLE(b-alen,b+alen), blen-alen+1);
- assert(plen);
- blen = lbnNorm_64(b, alen);
- if (!blen)
- goto failure; /* GCD not 1 */
-
- /* t1 += q * t0; */
- assert(plen+t0len <= mlen+1);
- lbnMul_64(p, BIGLITTLE(b-alen,b+alen), plen, t0, t0len);
- plen = lbnNorm_64(p, plen + t0len);
- assert(plen <= mlen);
- if (plen > t1len) {
- lbnZero_64(BIGLITTLE(t1-t1len,t1+t1len), plen-t1len);
- t1len = plen;
- }
- cy = lbnAddN_64(t1, p, plen);
- if (cy) {
- if (t1len > plen) {
- cy = lbnAdd1_64(BIGLITTLE(t1-plen,t0+plen),
- t1len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t1[-t1len-1],t1[t1len]) = cy;
- t1len++;
- }
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
-
- if (!blen)
- goto failure; /* gcd(a, mod) != 1 -- FAIL */
-
- /* return mod-t1 */
- lbnCopy_64(a, mod, mlen);
- assert(t1len <= mlen);
- cy = lbnSubN_64(a, t1, t1len);
- if (cy) {
- assert(mlen > t1len);
- cy = lbnSub1_64(BIGLITTLE(a-t1len, a+t1len), mlen-t1len, cy);
- assert(!cy);
- }
-
-success:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 0;
-
-failure: /* GCD is not 1 - no inverse exists! */
- y = 1;
-#if BNYIELD
-yield:
-#endif
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return y;
-}
-
-/*
- * Precompute powers of "a" mod "mod". Compute them every "bits"
- * for "n" steps. This is sufficient to compute powers of g with
- * exponents up to n*bits bits long, i.e. less than 2^(n*bits).
- *
- * This assumes that the caller has already initialized "array" to point
- * to "n" buffers of size "mlen".
- */
-int
-lbnBasePrecompBegin_64(BNWORD64 **array, unsigned n, unsigned bits,
- BNWORD64 const *g, unsigned glen, BNWORD64 *mod, unsigned mlen)
-{
- BNWORD64 *a, *b; /* Temporary double-width accumulators */
- BNWORD64 *a1; /* Pointer to high half of a*/
- BNWORD64 inv; /* Montgomery inverse of LSW of mod */
- BNWORD64 *t;
- unsigned i;
-
- glen = lbnNorm_64(g, glen);
- assert(glen);
-
- assert (mlen == lbnNorm_64(mod, mlen));
- assert (glen <= mlen);
-
- /* Allocate two temporary buffers, and the array slots */
- LBNALLOC(a, BNWORD64, mlen*2);
- if (!a)
- return -1;
- LBNALLOC(b, BNWORD64, mlen*2);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Okay, all ready */
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_64(inv);
- /* Move g up "mlen" words into a (clearing the low mlen words) */
- a1 = BIGLITTLE(a-mlen,a+mlen);
- lbnCopy_64(a1, g, glen);
- lbnZero_64(a, mlen);
-
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_64(a1, a, mlen+glen, mod, mlen);
-
- /* Copy the first value into the array */
- t = *array;
- lbnCopy_64(t, a, mlen);
- a1 = a; /* This first value is *not* shifted up */
-
- /* Now compute the remaining n-1 array entries */
- assert(bits);
- assert(n);
- while (--n) {
- i = bits;
- do {
- /* Square a1 into b1 */
- lbnMontSquare_64(b, a1, mod, mlen, inv);
- t = b; b = a; a = t;
- a1 = BIGLITTLE(a-mlen, a+mlen);
- } while (--i);
- t = *++array;
- lbnCopy_64(t, a1, mlen);
- }
-
- /* Hooray, we're done. */
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return 0;
-}
-
-/*
- * result = base^exp (mod mod). "array" is a an array of pointers
- * to procomputed powers of base, each 2^bits apart. (I.e. array[i]
- * is base^(2^(i*bits))).
- *
- * The algorithm consists of:
- * a = b = (powers of g to be raised to the power 2^bits-1)
- * a *= b *= (powers of g to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of g to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnBasePrecompExp_64(BNWORD64 *result, BNWORD64 const * const *array,
- unsigned bits, BNWORD64 const *exp, unsigned elen,
- BNWORD64 const *mod, unsigned mlen)
-{
- BNWORD64 *a, *b, *c, *t;
- BNWORD64 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD64 const *eptr; /* Pointer into exp */
- BNWORD64 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD64 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
-
- mlen = lbnNorm_64(mod, mlen);
- assert (mlen);
-
- elen = lbnNorm_64(exp, elen);
- if (!elen) {
- lbnZero_64(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_64(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD64, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD64, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD64, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Set up bit buffer for walking the exponent */
- eptr = exp;
- buf = BIGLITTLE(*--eptr, *eptr++);
- ewords = elen-1;
- bufbits = 64;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 64;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD64 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_64(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_64(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_64(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_64(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_64(a, a1, mlen);
- lbnZero_64(a1, mlen);
- lbnMontReduce_64(a, mod, mlen, inv);
- lbnCopy_64(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
-
-/*
- * result = base1^exp1 *base2^exp2 (mod mod). "array1" and "array2" are
- * arrays of pointers to procomputed powers of the corresponding bases,
- * each 2^bits apart. (I.e. array1[i] is base1^(2^(i*bits))).
- *
- * Bits must be the same in both. (It could be made adjustable, but it's
- * a bit of a pain. Just make them both equal to the larger one.)
- *
- * The algorithm consists of:
- * a = b = (powers of base1 and base2 to be raised to the power 2^bits-1)
- * a *= b *= (powers of base1 and base2 to be raised to the power 2^bits-2)
- * ...
- * a *= b *= (powers of base1 and base2 to be raised to the power 1)
- *
- * All we do is walk the exponent 2^bits-1 times in groups of "bits" bits,
- */
-int
-lbnDoubleBasePrecompExp_64(BNWORD64 *result, unsigned bits,
- BNWORD64 const * const *array1, BNWORD64 const *exp1, unsigned elen1,
- BNWORD64 const * const *array2, BNWORD64 const *exp2,
- unsigned elen2, BNWORD64 const *mod, unsigned mlen)
-{
- BNWORD64 *a, *b, *c, *t;
- BNWORD64 *a1, *b1;
- int anull, bnull; /* Null flags: values are implicitly 1 */
- unsigned i, j, k; /* Loop counters */
- unsigned mask; /* Exponent bits to examime */
- BNWORD64 const *eptr; /* Pointer into exp */
- BNWORD64 buf, curbits, nextword; /* Bit-buffer varaibles */
- BNWORD64 inv; /* Inverse of LSW of modulus */
- unsigned ewords; /* Words of exponent left */
- int bufbits; /* Number of valid bits */
- int y = 0;
- BNWORD64 const * const *array;
-
- mlen = lbnNorm_64(mod, mlen);
- assert (mlen);
-
- elen1 = lbnNorm_64(exp1, elen1);
- if (!elen1) {
- return lbnBasePrecompExp_64(result, array2, bits, exp2, elen2,
- mod, mlen);
- }
- elen2 = lbnNorm_64(exp2, elen2);
- if (!elen2) {
- return lbnBasePrecompExp_64(result, array1, bits, exp1, elen1,
- mod, mlen);
- }
- /*
- * This could be precomputed, but it's so cheap, and it would require
- * making the precomputation structure word-size dependent.
- */
- inv = lbnMontInv1_64(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- assert(elen1);
- assert(elen2);
-
- /*
- * Allocate three temporary buffers. The current numbers generally
- * live in the upper halves of these buffers.
- */
- LBNALLOC(a, BNWORD64, mlen*2);
- if (a) {
- LBNALLOC(b, BNWORD64, mlen*2);
- if (b) {
- LBNALLOC(c, BNWORD64, mlen*2);
- if (c)
- goto allocated;
- LBNFREE(b, 2*mlen);
- }
- LBNFREE(a, 2*mlen);
- }
- return -1;
-
-allocated:
-
- anull = bnull = 1;
-
- mask = (1u<<bits) - 1;
- for (i = mask; i; --i) {
- /* Walk each exponent in turn */
- for (k = 0; k < 2; k++) {
- /* Set up the exponent for walking */
- array = k ? array2 : array1;
- eptr = k ? exp2 : exp1;
- ewords = (k ? elen2 : elen1) - 1;
- /* Set up bit buffer for walking the exponent */
- buf = BIGLITTLE(*--eptr, *eptr++);
- bufbits = 64;
- for (j = 0; ewords || buf; j++) {
- /* Shift down current buffer */
- curbits = buf;
- buf >>= bits;
- /* If necessary, add next word */
- bufbits -= bits;
- if (bufbits < 0 && ewords > 0) {
- nextword = BIGLITTLE(*--eptr, *eptr++);
- ewords--;
- curbits |= nextword << (bufbits+bits);
- buf = nextword >> -bufbits;
- bufbits += 64;
- }
- /* If appropriate, multiply b *= array[j] */
- if ((curbits & mask) == i) {
- BNWORD64 const *d = array[j];
-
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (bnull) {
- lbnCopy_64(b1, d, mlen);
- bnull = 0;
- } else {
- lbnMontMul_64(c, b1, d, mod, mlen, inv);
- t = c; c = b; b = t;
- }
-#if BNYIELD
- if (bnYield && (y = bnYield() < 0))
- goto yield;
-#endif
- }
- }
- }
-
- /* Multiply a *= b */
- if (!bnull) {
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- b1 = BIGLITTLE(b-mlen-1,b+mlen);
- if (anull) {
- lbnCopy_64(a1, b1, mlen);
- anull = 0;
- } else {
- lbnMontMul_64(c, a1, b1, mod, mlen, inv);
- t = c; c = a; a = t;
- }
- }
- }
-
- assert(!anull); /* If it were, elen would have been 0 */
-
- /* Convert out of Montgomery form and return */
- a1 = BIGLITTLE(a-mlen-1,a+mlen);
- lbnCopy_64(a, a1, mlen);
- lbnZero_64(a1, mlen);
- lbnMontReduce_64(a, mod, mlen, inv);
- lbnCopy_64(result, a1, mlen);
-
-#if BNYIELD
-yield:
-#endif
- LBNFREE(c, 2*mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return y;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef LBN64_H
-#define LBN64_H
-
-#include "lbn.h"
-
-#ifndef BNWORD64
-#error 64-bit bignum library requires a 64-bit data type
-#endif
-
-#ifndef lbnCopy_64
-void lbnCopy_64(BNWORD64 *dest, BNWORD64 const *src, unsigned len);
-#endif
-#ifndef lbnZero_64
-void lbnZero_64(BNWORD64 *num, unsigned len);
-#endif
-#ifndef lbnNeg_64
-void lbnNeg_64(BNWORD64 *num, unsigned len);
-#endif
-
-#ifndef lbnAdd1_64
-BNWORD64 lbnAdd1_64(BNWORD64 *num, unsigned len, BNWORD64 carry);
-#endif
-#ifndef lbnSub1_64
-BNWORD64 lbnSub1_64(BNWORD64 *num, unsigned len, BNWORD64 borrow);
-#endif
-
-#ifndef lbnAddN_64
-BNWORD64 lbnAddN_64(BNWORD64 *num1, BNWORD64 const *num2, unsigned len);
-#endif
-#ifndef lbnSubN_64
-BNWORD64 lbnSubN_64(BNWORD64 *num1, BNWORD64 const *num2, unsigned len);
-#endif
-
-#ifndef lbnCmp_64
-int lbnCmp_64(BNWORD64 const *num1, BNWORD64 const *num2, unsigned len);
-#endif
-
-#ifndef lbnMulN1_64
-void lbnMulN1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k);
-#endif
-#ifndef lbnMulAdd1_64
-BNWORD64
-lbnMulAdd1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k);
-#endif
-#ifndef lbnMulSub1_64
-BNWORD64 lbnMulSub1_64(BNWORD64 *out, BNWORD64 const *in, unsigned len, BNWORD64 k);
-#endif
-
-#ifndef lbnLshift_64
-BNWORD64 lbnLshift_64(BNWORD64 *num, unsigned len, unsigned shift);
-#endif
-#ifndef lbnDouble_64
-BNWORD64 lbnDouble_64(BNWORD64 *num, unsigned len);
-#endif
-#ifndef lbnRshift_64
-BNWORD64 lbnRshift_64(BNWORD64 *num, unsigned len, unsigned shift);
-#endif
-
-#ifndef lbnMul_64
-void lbnMul_64(BNWORD64 *prod, BNWORD64 const *num1, unsigned len1,
- BNWORD64 const *num2, unsigned len2);
-#endif
-#ifndef lbnSquare_64
-void lbnSquare_64(BNWORD64 *prod, BNWORD64 const *num, unsigned len);
-#endif
-
-#ifndef lbnNorm_64
-unsigned lbnNorm_64(BNWORD64 const *num, unsigned len);
-#endif
-#ifndef lbnBits_64
-unsigned lbnBits_64(BNWORD64 const *num, unsigned len);
-#endif
-
-#ifndef lbnExtractBigBytes_64
-void lbnExtractBigBytes_64(BNWORD64 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertBigytes_64
-void lbnInsertBigBytes_64(BNWORD64 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnExtractLittleBytes_64
-void lbnExtractLittleBytes_64(BNWORD64 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertLittleBytes_64
-void lbnInsertLittleBytes_64(BNWORD64 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-
-#ifndef lbnDiv21_64
-BNWORD64 lbnDiv21_64(BNWORD64 *q, BNWORD64 nh, BNWORD64 nl, BNWORD64 d);
-#endif
-#ifndef lbnDiv1_64
-BNWORD64 lbnDiv1_64(BNWORD64 *q, BNWORD64 *rem,
- BNWORD64 const *n, unsigned len, BNWORD64 d);
-#endif
-#ifndef lbnModQ_64
-unsigned lbnModQ_64(BNWORD64 const *n, unsigned len, unsigned d);
-#endif
-#ifndef lbnDiv_64
-BNWORD64
-lbnDiv_64(BNWORD64 *q, BNWORD64 *n, unsigned nlen, BNWORD64 *d, unsigned dlen);
-#endif
-
-#ifndef lbnMontInv1_64
-BNWORD64 lbnMontInv1_64(BNWORD64 const x);
-#endif
-#ifndef lbnMontReduce_64
-void lbnMontReduce_64(BNWORD64 *n, BNWORD64 const *mod, unsigned const mlen,
- BNWORD64 inv);
-#endif
-#ifndef lbnToMont_64
-void lbnToMont_64(BNWORD64 *n, unsigned nlen, BNWORD64 *mod, unsigned mlen);
-#endif
-#ifndef lbnFromMont_64
-void lbnFromMont_64(BNWORD64 *n, BNWORD64 *mod, unsigned len);
-#endif
-
-#ifndef lbnExpMod_64
-int lbnExpMod_64(BNWORD64 *result, BNWORD64 const *n, unsigned nlen,
- BNWORD64 const *exp, unsigned elen, BNWORD64 *mod, unsigned mlen);
-#endif
-#ifndef lbnDoubleExpMod_64
-int lbnDoubleExpMod_64(BNWORD64 *result,
- BNWORD64 const *n1, unsigned n1len, BNWORD64 const *e1, unsigned e1len,
- BNWORD64 const *n2, unsigned n2len, BNWORD64 const *e2, unsigned e2len,
- BNWORD64 *mod, unsigned mlen);
-#endif
-#ifndef lbnTwoExpMod_64
-int lbnTwoExpMod_64(BNWORD64 *n, BNWORD64 const *exp, unsigned elen,
- BNWORD64 *mod, unsigned mlen);
-#endif
-#ifndef lbnGcd_64
-int lbnGcd_64(BNWORD64 *a, unsigned alen, BNWORD64 *b, unsigned blen,
- unsigned *rlen);
-#endif
-#ifndef lbnInv_64
-int lbnInv_64(BNWORD64 *a, unsigned alen, BNWORD64 const *mod, unsigned mlen);
-#endif
-
-int lbnBasePrecompBegin_64(BNWORD64 **array, unsigned n, unsigned bits,
- BNWORD64 const *g, unsigned glen, BNWORD64 *mod, unsigned mlen);
-int lbnBasePrecompExp_64(BNWORD64 *result, BNWORD64 const * const *array,
- unsigned bits, BNWORD64 const *exp, unsigned elen,
- BNWORD64 const *mod, unsigned mlen);
-int lbnDoubleBasePrecompExp_64(BNWORD64 *result, unsigned bits,
- BNWORD64 const * const *array1, BNWORD64 const *exp1, unsigned elen1,
- BNWORD64 const * const *array2, BNWORD64 const *exp2,
- unsigned elen2, BNWORD64 const *mod, unsigned mlen);
-
-#endif /* LBN64_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn68000.c - 16-bit bignum primitives for the 68000 (or 68010) processors.
- *
- * This was written for Metrowerks C, and while it should be reasonably
- * portable, NOTE that Metrowerks lets a callee trash a0, a1, d0, d1, and d2.
- * Some 680x0 compilers make d2 callee-save, so instructions to save it
- * will have to be added.
- *
- * This code supports 16 or 32-bit ints, based on UINT_MAX.
- * Regardless of UINT_MAX, only bignums up to 64K words (1 million bits)
- * are supported. (68k hackers will recognize this as a consequence of
- * using dbra.)
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant to this issue.)
- */
-
-#include <limits.h>
-
-#include "lbn.h" /* Should include lbn68000.h */
-
-/*
- * The Metrowerks C compiler (1.2.2) produces bad 68k code for the
- * following input, which happens to be the inner loop of lbnSub1,
- * so a few less than critical routines have been recoded in assembly
- * to avoid the bug. (Optimizer on or off does not matter.)
- *
- * unsigned
- * decrement(unsigned *num, unsigned len)
- * {
- * do {
- * if ((*num++)-- != 0)
- * return 0;
- * } while (--len);
- * return 1;
- * }
- */
-asm BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.w 10(sp),d0 /* borrow */
-#else
- move.w 12(sp),d0 /* borrow */
-#endif
- sub.w d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- subq.w #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.w 10(sp),d0 /* carry */
-#else
- move.w 12(sp),d0 /* carry */
-#endif
- add.w d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- addq.w #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- move.w d3,-(sp) /* 2 bytes of stack frame */
- move.l 2+4(sp),a1 /* out */
- move.l 2+8(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 2+12(sp),d3 /* len */
- move.w 2+14(sp),d2 /* k */
-#else
- move.w 2+14(sp),d3 /* len (low 16 bits) */
- move.w 2+16(sp),d2 /* k */
-#endif
-
- move.w (a0)+,d1 /* First multiply */
- mulu.w d2,d1
- move.w d1,(a1)+
- clr.w d1
- swap d1
-
- subq.w #1,d3 /* Setup for loop unrolling */
- lsr.w #1,d3
- bcs.s m16_even
- beq.s m16_short
-
- subq.w #1,d3 /* Set up software pipeline properly */
- move.l d1,d0
-
-m16_loop:
- move.w (a0)+,d1
- mulu.w d2,d1
- add.l d0,d1
- move.w d1,(a1)+
- clr.w d1
- swap d1
-m16_even:
-
- move.w (a0)+,d0
- mulu.w d2,d0
- add.l d1,d0
- move.w d0,(a1)+
- clr.w d0
- swap d0
-
- dbra d3,m16_loop
-
- move.w d0,(a1)
- move.w (sp)+,d3
- rts
-m16_short:
- move.w d1,(a1)
- move.w (sp)+,d3
- rts
-}
-
-
-asm BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- move.w d4,-(sp)
- clr.w d4
- move.w d3,-(sp) /* 4 bytes of stack frame */
- move.l 4+4(sp),a1 /* out */
- move.l 4+8(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 4+12(sp),d3 /* len */
- move.w 4+14(sp),d2 /* k */
-#else
- move.w 4+14(sp),d3 /* len (low 16 bits) */
- move.w 4+16(sp),d2 /* k */
-#endif
-
- move.w (a0)+,d1 /* First multiply */
- mulu.w d2,d1
- add.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-
- subq.w #1,d3 /* Setup for loop unrolling */
- lsr.w #1,d3
- bcs.s ma16_even
- beq.s ma16_short
-
- subq.w #1,d3 /* Set up software pipeline properly */
- move.l d1,d0
-
-ma16_loop:
- move.w (a0)+,d1
- mulu.w d2,d1
- add.l d0,d1
- add.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-ma16_even:
-
- move.w (a0)+,d0
- mulu.w d2,d0
- add.l d1,d0
- add.w d0,(a1)+
- clr.w d0
- swap d0
- addx.w d4,d0
-
- dbra d3,ma16_loop
-
- move.w (sp)+,d3
- move.w (sp)+,d4
- rts
-ma16_short:
- move.w (sp)+,d3
- move.l d1,d0
- move.w (sp)+,d4
- rts
-}
-
-
-
-asm BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- move.w d4,-(sp)
- clr.w d4
- move.w d3,-(sp) /* 4 bytes of stack frame */
- move.l 4+4(sp),a1 /* out */
- move.l 4+8(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 4+12(sp),d3 /* len */
- move.w 4+14(sp),d2 /* k */
-#else
- move.w 4+14(sp),d3 /* len (low 16 bits) */
- move.w 4+16(sp),d2 /* k */
-#endif
-
- move.w (a0)+,d1 /* First multiply */
- mulu.w d2,d1
- sub.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-
- subq.w #1,d3 /* Setup for loop unrolling */
- lsr.w #1,d3
- bcs.s ms16_even
- beq.s ms16_short
-
- subq.w #1,d3 /* Set up software pipeline properly */
- move.l d1,d0
-
-ms16_loop:
- move.w (a0)+,d1
- mulu.w d2,d1
- add.l d0,d1
- sub.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-ms16_even:
-
- move.w (a0)+,d0
- mulu.w d2,d0
- add.l d1,d0
- sub.w d0,(a1)+
- clr.w d0
- swap d0
- addx.w d4,d0
-
- dbra d3,ms16_loop
-
- move.w (sp)+,d3
- move.w (sp)+,d4
- rts
-ms16_short:
- move.w (sp)+,d3
- move.l d1,d0
- move.w (sp)+,d4
- rts
-}
-
-/* The generic long/short divide doesn't know that nh < d */
-asm BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- move.l 8(sp),d0 /* nh *and* nl */
- divu.w 12(sp),d0
- move.l 4(sp),a0
- move.w d0,(a0)
- clr.w d0
- swap d0
- rts
-}
-
-asm unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, BNWORD16 d)
-{
- move.l 4(sp),a0 /* n */
- moveq.l #0,d1
-#if UINT_MAX == 0xffff
- move.w 8(sp),d1 /* len */
- move.w 10(sp),d2 /* d */
-#else
- move.w 10(sp),d1 /* len (low 16 bits) */
- move.w 12(sp),d2 /* d */
-#endif
-
- add.l d1,a0
- add.l d1,a0 /* n += len */
- moveq.l #0,d0
- subq.w #1,d1
-
-mq16_loop:
- move.w -(a0),d0 /* Assemble remainder and new word */
- divu.w d2,d0 /* Put remainder in high half of d0 */
- dbra d1,mq16_loop
-
-mq16_done:
- clr.w d0
- swap d0
- rts
-}
-
-/*
- * Detect if this is a 32-bit processor (68020+ *or* CPU32).
- * Both the 68020+ and CPU32 processors (which have 32x32->64-bit
- * multiply, what the 32-bit math library wants) support scaled indexed
- * addressing. The 68000 and 68010 ignore the scale selection
- * bits, treating it as *1 all the time. So a 32-bit processor
- * will evaluate -2(a0,a0.w*2) as 1+1*2-2 = 1.
- * A 16-bit processor will compute 1+1-2 = 0.
- *
- * Thus, the return value will indicate whether the chip this is
- * running on supports 32x32->64-bit multiply (mulu.l).
- */
-asm int
-is68020(void)
-{
- machine 68020
- lea 1,a0
-#if 0
- lea -2(a0,a0.w*2),a0 /* Metrowerks won't assemble this, arrgh */
-#else
- dc.w 0x41f0, 0x82fe
-#endif
- move.l a0,d0
- rts
-}
-/*
- * Since I had to hand-assemble that fancy addressing mode, I had to study
- * up on 680x0 addressing modes.
- * A summary of 680x0 addressing modes.
- * A 68000 effective address specifies an operand on an instruction, which
- * may be a register or in memory. It is made up of a 3-bit mode and a
- * 3-bit register specifier. The meanings of the various modes are:
- *
- * 000 reg - Dn, n specified by "reg"
- * 001 reg - An, n specified by "reg"
- * 010 reg - (An)
- * 011 reg - (An)+
- * 100 reg - -(An)
- * 101 reg - d16(An), one 16-bit displacement word follows, sign-extended
- * 110 reg - Fancy addressing mode off of An, see extension word below
- * 111 000 - abs.W, one 16-bit signed absolute address follows
- * 111 001 - abs.L, one 32-bit absolute address follows
- * 111 010 - d16(PC), one 16-bit displacemnt word follows, sign-extended
- * 111 011 - Fancy addressing mode off of PC, see extension word below
- * 111 100 - #immediate, followed by 16 or 32 bits of immediate value
- * 111 101 - unused, reserved
- * 111 110 - unused, reserved
- * 111 111 - unused, reserved
- *
- * Memory references are to data space, except that PC-relative references
- * are to program space, and are read-only.
- *
- * Fancy addressing modes are followed by a 16-bit extension word, and come
- * in "brief" and "full" forms.
- * The "brief" form looks like this. Bit 8 is 0 to indicate this form:
- *
- * 1 1 1 1 1 1 1
- * 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- * |A/D| register |L/W| scale | 0 | 8-bit signed displacement |
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- *
- * The basic effective address specifies a 32-bit base register - A0 through
- * A7 or PC (the address of the following instruction).
- * The A/D and register fields specify an index register. A/D is 1 for
- * address registers, and 0 for data registers. L/W specifies the length
- * of the index register, 1 for 32 bits, and 0 for 16 bits (sign-extended).
- * The scale field is a left shift amount (0 to 3 bits) to apply to the
- * sign-extended index register. The final address is d8(An,Rn.X*SCALE),
- * also written (d8,An,Rn.X*SCALE). X is "W" or "L", SCALE is 1, 2, 4 or 8.
- * "*1" may be omitted, as may a d8 of 0.
- *
- * The 68000 supports this form, but only with a scale field of 0.
- * It does NOT (says the MC68030 User's Manual MC68030UM/AD, section 2.7)
- * decode the scale field and the following format bit. They are treated
- * as 0.
- * I recall (I don't have the data book handy) that the CPU32 processor
- * core used in the 683xx series processors supports variable scales,
- * but only the brief extension word form. I suspect it decodes the
- * format bit and traps if it is not zero, but I don't recall.
- *
- * The "full" form (680x0, x >= 2 processors only) looks like this:
- *
- * 1 1 1 1 1 1 1
- * 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- * |A/D| register |L/W| scale | 1 | BS| IS|BD size| 0 | P |OD size|
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- *
- * The first 8 bits are interpreted the same way as in the brief form,
- * except that bit 8 is set to 1 to indicate the full form.
- * BS, Base Suppress, if set, causes a value of 0 to be used in place of
- * the base register value. If this is set, the base register
- * specified is irrelevant, except that if it is the PC, the fetch is
- * still done from program space. The specifier "ZPC" can be used in
- * place of "PC" in the effective address mnemonic to represent this
- * case.
- * IS, Index Suppress, if set, causes a value of 0 to be used in place
- * of the scaled index register. In this case, the first 7 bits of the
- * extension word are irrelevant.
- * BD size specifies the base displacement size. A value of 00
- * in this field is illegal, while 01, 10 and 11 indicate that the
- * extension word is followed by 0, 1 or 2 16-bit words of base displacement
- * (zero, sign-extended to 32 bits, and most-significant word first,
- * respectively) to add to the base register value.
- * Bit 3 is unused.
- * The P bit is the pre/post indexing bit, and only applies if an outer
- * displacement is used. This is explained later.
- * OD size specifies the size of an outer displacement. In the simple
- * case, this field is set to 00 and the effective address is
- * (disp,An,Rn.X*SCALE) or (disp,PC,Rn.X*SCALE).
- * In this case the P bit must be 0. Any of those compnents may be
- * suppressed, with a BD size of 01, the BS bit, or the IS bit.
- * If the OD size is not 00, it encodes an outer displacement in the same
- * manner as the BD size, and 0, 1 or 2 16-bit words of outer displacement
- * follow the base displacement in the instruction stream. In this case,
- * this is a double-indirect addressing mode. The base, base displacement,
- * and possibly the index, specify a 32-bit memory word which holds a value
- * which is fetched, and the outer displacement and possibly the index are
- * added to produce the address of the operand.
- * If the P bit is 0, this is pre-indexed, and the index value is added
- * before the fetch of the indirect word, producing an effective address
- * of ([disp,An,Rn.X*SCALE],disp). If the P bit is 1, the post-indexed case,
- * the memory word is fectched from base+base displacement, then the index
- * and outer displacement are added to compute the address of the operand.
- * This effective address is written ([disp,An],Rn.X*SCALE,disp).
- * (In both cases, "An" may also be "PC" or "ZPC".)
- * Any of the components may be omitted. If the index is omitted (using the
- * IS bit), the P bit is irrelevant, but must be written as 0.
- * Thus, legal combinations of IS, P and OD size are:
- * 0 0 00 - (disp,An,Rn.X*SCALE), also written disp(An,Rn.X*SCALE)
- * 0 0 01 - ([disp,An,Rn.X*SCALE])
- * 0 0 10 - ([disp,An,Rn.X*SCALE],d16)
- * 0 0 11 - ([disp,An,Rn.X*SCALE],d32)
- * 0 1 01 - ([disp,An],Rn.X*SCALE)
- * 0 1 10 - ([disp,An],Rn.X*SCALE,d16)
- * 0 1 11 - ([disp,An],Rn.X*SCALE,d32)
- * 1 0 00 - (disp,An), also written disp(An)
- * 1 0 01 - ([disp,An])
- * 1 0 10 - ([disp,An],d16)
- * 1 0 11 - ([disp,An],d32)
- */
-
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn68000.h - 16-bit bignum primitives for the 68000 (or 68010) processors.
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant.)
- */
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned short bnword16
-#define BNWORD16 bnword16
-
-bnword16 lbnSub1_16(bnword16 *num, unsigned len, bnword16 borrow);
-bnword16 lbnAdd1_16(bnword16 *num, unsigned len, bnword16 carry);
-void lbnMulN1_16(bnword16 *out, bnword16 const *in, unsigned len, bnword16 k);
-bnword16
-lbnMulAdd1_16(bnword16 *out, bnword16 const *in, unsigned len, bnword16 k);
-bnword16
-lbnMulSub1_16(bnword16 *out, bnword16 const *in, unsigned len, bnword16 k);
-bnword16 lbnDiv21_16(bnword16 *q, bnword16 nh, bnword16 nl, bnword16 d);
-unsigned lbnModQ_16(bnword16 const *n, unsigned len, bnword16 d);
-
-int is68020(void);
-
-/* #define the values to exclude the C versions */
-#define lbnSub1_16 lbnSub1_16
-#define lbnAdd1_16 lbnAdd1_16
-#define lbnMulN1_16 lbnMulN1_16
-#define lbnMulAdd1_16 lbnMulAdd1_16
-#define lbnMulSub1_16 lbnMulSub1_16
-#define lbnDiv21_16 lbnDiv21_16
-#define lbnModQ_16 lbnModQ_16
-
-/* Also include the 68020 definitions for 16/32 bit switching versions. */
-#include <lbn68020.h>
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn68020.c - 32-bit bignum primitives for the 68020+ (0r 683xx) processors.
- *
- * This was written for Metrowerks C, and while it should be reasonably
- * portable, NOTE that Metrowerks lets a callee trash a0, a1, d0, d1, and d2.
- * Some 680x0 compilers make d2 callee-save, so instructions to save it
- * will have to be added.
- *
- * This code supports 16 or 32-bit ints, based on UINT_MAX.
- * Regardless of UINT_MAX, only bignums up to 64K words (2 million bits)
- * are supported. (68k hackers will recognize this as a consequence of
- * using dbra.)
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant to this issue.)
- *
- * TODO: Schedule this for the 68040's pipeline. (When I get a 68040 manual.)
- */
-
-#include <limits.h>
-
-#include "lbn.h" /* Should include lbn68020.h */
-
-/*
- * The Metrowerks C compiler (1.2.2) produces bad 68k code for the
- * following input, which happens to be the inner loop of lbnSub1,
- * so a few less than critical routines have been recoded in assembly
- * to avoid the bug. (Optimizer on or off does not matter.)
- *
- * unsigned
- * decrement(unsigned *num, unsigned len)
- * {
- * do {
- * if ((*num++)-- != 0)
- * return 0;
- * } while (--len);
- * return 1;
- * }
- */
-asm BNWORD32
-lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.l 10(sp),d0 /* borrow */
-#else
- move.l 12(sp),d0 /* borrow */
-#endif
- sub.l d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- subq.l #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm BNWORD32
-lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.l 10(sp),d0 /* carry */
-#else
- move.l 12(sp),d0 /* carry */
-#endif
- add.l d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- addq.l #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- machine 68020
-
- movem.l d3-d5,-(sp) /* 12 bytes of extra data */
- moveq.l #0,d4
- move.l 16(sp),a1 /* out */
- move.l 20(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 24(sp),d5 /* len */
- move.l 26(sp),d2 /* k */
-#else
- move.w 26(sp),d5 /* len */
- move.l 28(sp),d2 /* k */
-#endif
-
- move.l (a0)+,d3 /* First multiply */
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- move.l d3,(a1)+
-
- subq.w #1,d5 /* Setup for loop unrolling */
- lsr.w #1,d5
- bcs.s m32_even
- beq.s m32_short
-
- subq.w #1,d5 /* Set up software pipeline properly */
- move.l d1,d0
-
-m32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d0,d3
- addx.l d4,d1
- move.l d3,(a1)+
-m32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 /* dc.w 0x4c02, 0x3400 */
- add.l d1,d3
- addx.l d4,d0
- move.l d3,(a1)+
-
- dbra d5,m32_loop
-
- move.l d0,(a1)
- movem.l (sp)+,d3-d5
- rts
-m32_short:
- move.l d1,(a1)
- movem.l (sp)+,d3-d5
- rts
-}
-
-
-asm BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- machine 68020
- movem.l d3-d5,-(sp) /* 12 bytes of extra data */
- moveq.l #0,d4
- move.l 16(sp),a1 /* out */
- move.l 20(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 24(sp),d5 /* len */
- move.l 26(sp),d2 /* k */
-#else
- move.w 26(sp),d5 /* len */
- move.l 28(sp),d2 /* k */
-#endif
-
- move.l (a0)+,d3 /* First multiply */
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d3,(a1)+
- addx.l d4,d1
-
- subq.w #1,d5 /* Setup for loop unrolling */
- lsr.w #1,d5
- bcs.s ma32_even
- beq.s ma32_short
-
- subq.w #1,d5 /* Set up software pipeline properly */
- move.l d1,d0
-
-ma32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d0,d3
- addx.l d4,d1
- add.l d3,(a1)+
- addx.l d4,d1
-ma32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 /* dc.w 0x4c02, 0x3400 */
- add.l d1,d3
- addx.l d4,d0
- add.l d3,(a1)+
- addx.l d4,d0
-
- dbra d5,ma32_loop
-
- movem.l (sp)+,d3-d5
- rts
-ma32_short:
- move.l d1,d0
- movem.l (sp)+,d3-d5
- rts
-}
-
-
-asm BNWORD32
-lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- machine 68020
- movem.l d3-d5,-(sp) /* 12 bytes of extra data */
- moveq.l #0,d4
- move.l 16(sp),a1 /* out */
- move.l 20(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 24(sp),d5 /* len */
- move.l 26(sp),d2 /* k */
-#else
- move.w 26(sp),d5 /* len */
- move.l 28(sp),d2 /* k */
-#endif
-
- move.l (a0)+,d3 /* First multiply */
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- sub.l d3,(a1)+
- addx.l d4,d1
-
- subq.w #1,d5 /* Setup for loop unrolling */
- lsr.w #1,d5
- bcs.s ms32_even
- beq.s ms32_short
-
- subq.w #1,d5 /* Set up software pipeline properly */
- move.l d1,d0
-
-ms32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d0,d3
- addx.l d4,d1
- sub.l d3,(a1)+
- addx.l d4,d1
-ms32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 /* dc.w 0x4c02, 0x3400 */
- add.l d1,d3
- addx.l d4,d0
- sub.l d3,(a1)+
- addx.l d4,d0
-
- dbra d5,ms32_loop
-
- movem.l (sp)+,d3-d5
- rts
-
-ms32_short:
- move.l d1,d0
- movem.l (sp)+,d3-d5
- rts
-}
-
-
-asm BNWORD32
-lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-{
- machine 68020
- move.l 8(sp),d0
- move.l 12(sp),d1
- move.l 4(sp),a0
- divu.l 16(sp),d0:d1 /* dc.w 0x4c6f, 0x1400, 16 */
- move.l d1,(a0)
- rts
-}
-
-asm unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- machine 68020
- move.l 4(sp),a0 /* n */
- move.l d3,a1
-#if UINT_MAX == 0xffff
- moveq.l #0,d2
- move.w 8(sp),d1 /* len */
- move.w 10(sp),d2 /* d */
-#else
- move.w 10(sp),d1 /* len */
- move.l 12(sp),d2 /* d */
-#endif
- dc.w 0x41f0, 0x1cfc /* lea -4(a0,d1.L*4),a0 */
-
- /* First time, divide 32/32 - may be faster than 64/32 */
- move.l (a0),d3
- divul.l d2,d0:d3 /* dc.w 0x4c02, 0x3000 */
- subq.w #2,d1
- bmi mq32_done
-
-mq32_loop:
- move.l -(a0),d3
- divu.l d2,d0:d3 /* dc.w 0x4c02,0x3400 */
- dbra d1,mq32_loop
-
-mq32_done:
- move.l a1,d3
- rts
-}
-
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn68020.h - 32-bit bignum primitives for the 68020 (or 683xx) processors.
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant.)
- */
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-
-bnword32 lbnSub1_32(bnword32 *num, unsigned len, bnword32 borrow);
-bnword32 lbnAdd1_32(bnword32 *num, unsigned len, bnword32 carry);
-void lbnMulN1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-bnword32
-lbnMulAdd1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-bnword32
-lbnMulSub1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-bnword32 lbnDiv21_32(bnword32 *q, bnword32 nh, bnword32 nl, bnword32 d);
-unsigned lbnModQ_32(bnword32 const *n, unsigned len, unsigned d);
-
-/* #define the values to exclude the C versions */
-#define lbnSub1_32 lbnSub1_32
-#define lbnAdd1_32 lbnAdd1_32
-#define lbnMulN1_32 lbnMulN1_32
-#define lbnMulAdd1_32 lbnMulAdd1_32
-#define lbnMulSub1_32 lbnMulSub1_32
-#define lbnDiv21_32 lbnDiv21_32
-#define lbnModQ_32 lbnModQ_32
+++ /dev/null
-* Copyright (c) 1995 Colin Plumb. All rights reserved.
-* For licensing and other legal details, see the file legal.c.
-*
-* lbn68360.c - 32-bit bignum primitives for 683xx processors.
-*
-* This code is using InterTools calling convention, which is a bit odd.
-* One minor note is that the default variable sizes are
-* char = unsigned 8, short = 8 (in violation of ANSI!),
-* int = 16, long = 32. Longs (including on the stack) are 16-bit aligned.
-* Arguments are apdded to 16 bits.
-* A6 is used as a frame pointer, and globals are indexed off A5.
-* Return valies are passes id D0 or A0 (or FP0), depending on type.
-* D0, D1, A0 and A4 (!) are volatile across function calls. A1
-* must be preserved!
-*
-* This code assumes 16-bit ints. Code for 32-bit ints is commented out
-* with "**".
-*
-* Regardless of UINT_MAX, only bignums up to 64K words (2 million bits)
-* are supported. (68k hackers will recognize this as a consequence of
-* using dbra.) This could be extended easily if anyone cares.
-*
-* These primitives use little-endian word order.
-* (The order of bytes within words is irrelevant to this issue.)
-
-* The Metrowerks C compiler (1.2.2) produces bad 68k code for the
-* following input, which happens to be the inner loop of lbnSub1,
-* so it has been rewritees in assembly, even though it is not terribly
-* speed-critical. (Optimizer on or off does not matter.)
-*
-* unsigned
-* decrement(unsigned *num, unsigned len)
-* {
-* do {
-* if ((*num++)-- != 0)
-* return 0;
-* } while (--len);
-* return 1;
-* }
-
-* BNWORD32 lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow)
- SECTION S_lbnSub1_32,,"code"
- XDEF _lbnSub1_32
-_lbnSub1_32:
- movea.l 4(sp),a0 * num
- move.l 10(sp),d0 * borrow
-** move.l 12(sp),d0 * borrow
- sub.l d0,(a0)+
- bcc sub_done
- move.w 8(sp),d0 * len
-** move.w 10(sp),d0 * len
- subq.w #2,d0
- bcs sub_done
-sub_loop:
- subq.l #1,(a0)+
- dbcc d0,sub_loop
-sub_done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-
-* BNWORD32 lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry)
- SECTION S_lbnAdd1_32,,"code"
- XDEF _lbnAdd1_32
-_lbnAdd1_32:
- movea.l 4(sp),a0 * num
- move.l 10(sp),d0 * carry
-** move.l 12(sp),d0 * carry
- add.l d0,(a0)+
- bcc add_done
- move.w 8(sp),d0 * len
-** move.w 10(sp),d0 * len
- subq.w #2,d0
- bcs add_done
-add_loop:
- addq.l #1,(a0)+
- dbcc d0,add_loop
-add_done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-
-* void lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
- SECTION S_lbnMulN1_32,,"code"
- XDEF _lbnMulN1_32
-_lbnMulN1_32:
- movem.l d2-d5,-(sp) * 16 bytes of extra data
- moveq.l #0,d4
- move.l 20(sp),a4 * out
- move.l 24(sp),a0 * in
- move.w 28(sp),d5 * len
- move.l 30(sp),d2 * k
-** move.w 30(sp),d5 * len
-** move.l 32(sp),d2 * k
-
- move.l (a0)+,d3 * First multiply
- mulu.l d2,d1:d3 * dc.w 0x4c02, 0x3401
- move.l d3,(a4)+
-
- subq.w #1,d5 * Setup for loop unrolling
- lsr.w #1,d5
- bcs.s m32_even
- beq.s m32_short
-
- subq.w #1,d5 * Set up software pipeline properly
- move.l d1,d0
-
-m32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 * dc.w 0x4c02, 0x3401
- add.l d0,d3
- addx.l d4,d1
- move.l d3,(a4)+
-m32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 * dc.w 0x4c02, 0x3400
- add.l d1,d3
- addx.l d4,d0
- move.l d3,(a4)+
-
- dbra d5,m32_loop
-
- move.l d0,(a4)
- movem.l (sp)+,d2-d5
- rts
-m32_short:
- move.l d1,(a4)
- movem.l (sp)+,d2-d5
- rts
-
-* BNWORD32
-* lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
- SECTION S_lbnMulAdd1_32,,"code"
- XDEF _lbnMulAdd1_32
-_lbnMulAdd1_32:
- movem.l d2-d5,-(sp) * 16 bytes of extra data
- moveq.l #0,d4
- move.l 20(sp),a4 * out
- move.l 24(sp),a0 * in
- move.w 28(sp),d5 * len
- move.l 30(sp),d2 * k
-** move.w 30(sp),d5 * len
-** move.l 32(sp),d2 * k
-
- move.l (a0)+,d3 * First multiply
- mulu.l d2,d1:d3 * dc.w 0x4c02, 0x3401
- add.l d3,(a4)+
- addx.l d4,d1
-
- subq.w #1,d5 * Setup for loop unrolling
- lsr.w #1,d5
- bcs.s ma32_even
- beq.s ma32_short
-
- subq.w #1,d5 * Set up software pipeline properly
- move.l d1,d0
-
-ma32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 * dc.w 0x4c02, 0x3401
- add.l d0,d3
- addx.l d4,d1
- add.l d3,(a4)+
- addx.l d4,d1
-ma32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 * dc.w 0x4c02, 0x3400
- add.l d1,d3
- addx.l d4,d0
- add.l d3,(a4)+
- addx.l d4,d0
-
- dbra d5,ma32_loop
-
- movem.l (sp)+,d2-d5
- rts
-ma32_short:
- move.l d1,d0
- movem.l (sp)+,d2-d5
- rts
-
-* BNWORD32
-* lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
- SECTION S_lbnMulSub1_32,,"code"
- XDEF _lbnMulSub1_32
-_lbnMulSub1_32:
- movem.l d2-d5,-(sp) * 16 bytes of extra data
- moveq.l #0,d4
- move.l 20(sp),a4 * out
- move.l 24(sp),a0 * in
- move.w 28(sp),d5 * len
- move.l 30(sp),d2 * k
-** move.w 30(sp),d5 * len
-** move.l 32(sp),d2 * k
-
- move.l (a0)+,d3 * First multiply
- mulu.l d2,d1:d3 * dc.w 0x4c02, 0x3401
- sub.l d3,(a4)+
- addx.l d4,d1
-
- subq.w #1,d5 * Setup for loop unrolling
- lsr.w #1,d5
- bcs.s ms32_even
- beq.s ms32_short
-
- subq.w #1,d5 * Set up software pipeline properly
- move.l d1,d0
-
-ms32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 * dc.w 0x4c02, 0x3401
- add.l d0,d3
- addx.l d4,d1
- sub.l d3,(a4)+
- addx.l d4,d1
-ms32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 * dc.w 0x4c02, 0x3400
- add.l d1,d3
- addx.l d4,d0
- sub.l d3,(a4)+
- addx.l d4,d0
-
- dbra d5,ms32_loop
-
- movem.l (sp)+,d2-d5
- rts
-
-ms32_short:
- move.l d1,d0
- movem.l (sp)+,d2-d5
- rts
-
-
-* BNWORD32 lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
- SECTION S_lbnDiv21_32,,"code"
- XDEF _lbnDiv21_32
-_lbnDiv21_32:
- move.l 8(sp),d0
- move.l 12(sp),d1
- move.l 4(sp),a0
- divu.l 16(sp),d0:d1 * dc.w 0x4c6f, 0x1400, 16
- move.l d1,(a0)
- rts
-
-* unsigned lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
- SECTION S_lbnModQ_32,,"code"
- XDEF _lbnModQ_32
-_lbnModQ_32:
- move.l 4(sp),a0 * n
- move.l d2,-(sp)
- move.l d3,a4
- moveq.l #0,d1
- moveq.l #0,d2
- move.w 12(sp),d1 * len
- move.w 14(sp),d2 * d
-** move.l 12(sp),d1 * len
-** move.l 16(sp),d2 * d
- lea -4(a0,d1.L*4),a0 * dc.w 0x41f0, 0x1cfc
-
-* First time, divide 32/32 - may be faster than 64/32
- move.l (a0),d3
- divul.l d2,d0:d3 * dc.w 0x4c02, 0x3000
- subq.w #2,d1
- bmi mq32_done
-
-mq32_loop:
- move.l -(a0),d3
- divu.l d2,d0:d3 * dc.w 0x4c02,0x3400
- dbra d1,mq32_loop
-
-mq32_done:
- move.l (sp)+,d2
- move.l a4,d3
- rts
-
- end
+++ /dev/null
-;;; Copyright (c) 1995, Colin Plumb.
-;;; For licensing and other legal details, see the file legal.c.
-;;;
-;;; Assembly primitives for bignum library, 80386 family, 32-bit code.
-;;;
-;;; Several primitives are included here. Only lbnMulAdd1 is *really*
-;;; critical, but once that's written, lnmMulN1 and lbnMulSub1 are quite
-;;; easy to write as well, so they are included here as well.
-;;; lbnDiv21 and lbnModQ are so easy to write that they're included, too.
-;;;
-;;; All functions here are for 32-bit flat mode. I.e. near code and
-;;; near data, although the near offsets are 32 bits.
-;;;
-;;; The usual 80x86 calling conventions have AX, BX, CX and DX
-;;; volatile, and SI, DI, SP and BP preserved across calls.
-;;; This includes the "E"xtended forms of all of those registers
-;;;
-;;; However, just to be confusing, recent 32-bit DOS compilers have
-;;; quietly changed that to require EBX preserved across calls, too.
-;;; Joy.
-
-.386
-;_TEXT segment para public use32 'CODE' ; 16-byte aligned because 486 cares
-;_TEXT ends
-
-ifdef @Version
-if @Version le 510
-FLAT group _TEXT
-endif
-else
-FLAT group _TEXT
-endif
- assume cs:FLAT, ds:FLAT, ss:FLAT
-_TEXT segment para public use32 'CODE' ; 16-byte aligned because 486 cares
-
- public _lbnMulN1_32
- public _lbnMulAdd1_32
- public _lbnMulSub1_32
- public _lbnDiv21_32
- public _lbnModQ_32
-
-;; Register usage:
-;; eax - low half of product
-;; ebx - carry to next iteration
-;; ecx - multiplier (k)
-;; edx - high half of product
-;; esi - source pointer
-;; edi - dest pointer
-;; ebp - loop counter
-;;
-;; Stack frame:
-;; +--------+ esp+20 esp+24 esp+28 esp+32 esp+36
-;; | k |
-;; +--------+ esp+16 esp+20 esp+24 esp+28 esp+32
-;; | len |
-;; +--------+ esp+12 esp+16 esp+20 esp+24 esp+28
-;; | in |
-;; +--------+ esp+8 esp+12 esp+16 esp+20 esp+24
-;; | out |
-;; +--------+ esp+4 esp+8 esp+12 esp+16 esp+20
-;; | return |
-;; +--------+ esp esp+4 esp+8 esp+12 esp+16
-;; | esi |
-;; +--------+ esp esp+4 esp+8 esp+12
-;; | ebp |
-;; +--------+ esp esp+4 esp+8
-;; | ebx |
-;; +--------+ esp esp+4
-;; | edi |
-;; +--------+ esp
-
- align 16
-_lbnMulN1_32 proc near
-
- push esi ; U
- mov esi,[esp+12] ; V load in
- push ebp ; U
- mov ebp,[esp+20] ; V load len
- push ebx ; U
- mov ecx,[esp+28] ; V load k
- push edi ; U
- mov edi,[esp+20] ; V load out
-
-;; First multiply step has no carry in.
- mov eax,[esi] ; U
- lea ebx,[ebp*4-4] ; V loop unrolling
- mul ecx ; NP first multiply
- mov [edi],eax ; U
- and ebx,12 ; V loop unrolling
-
- add esi,ebx ; U loop unrolling
- add edi,ebx ; V loop unrolling
-
- jmp DWORD PTR m32_jumptable[ebx] ; NP loop unrolling
-
- align 4
-m32_jumptable:
- dd m32_case0
- dd m32_case1
- dd m32_case2
- dd m32_case3
-
- nop
- align 8
- nop
- nop
- nop ; Get loop nicely aligned
-
-m32_case0:
- sub ebp,4 ; U
- jbe SHORT m32_done ; V
-
-m32_loop:
- mov eax,[esi+4] ; U
- mov ebx,edx ; V Remember carry for later
- add esi,16 ; U
- add edi,16 ; V
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- mov [edi-12],eax ; V
-m32_case3:
- mov eax,[esi-8] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- mov [edi-8],eax ; V
-m32_case2:
- mov eax,[esi-4] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- mov [edi-4],eax ; V
-m32_case1:
- mov eax,[esi] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- mov [edi],eax ; V
-
- sub ebp,4 ; U
- ja SHORT m32_loop ; V
-
-m32_done:
- mov [edi+4],edx ; U
- pop edi ; V
- pop ebx ; U
- pop ebp ; V
- pop esi ; U
- ret ; NP
-_lbnMulN1_32 endp
-
-
- align 16
-_lbnMulAdd1_32 proc near
-
- push esi ; U
- mov esi,[esp+12] ; V load in
- push edi ; U
- mov edi,[esp+12] ; V load out
- push ebp ; U
- mov ebp,[esp+24] ; V load len
- push ebx ; U
- mov ecx,[esp+32] ; V load k
-
-;; First multiply step has no carry in.
- mov eax,[esi] ; U
- mov ebx,[edi] ; V
- mul ecx ; NP first multiply
- add ebx,eax ; U
- lea eax,[ebp*4-4] ; V loop unrolling
- adc edx,0 ; U
- and eax,12 ; V loop unrolling
- mov [edi],ebx ; U
-
- add esi,eax ; V loop unrolling
- add edi,eax ; U loop unrolling
-
- jmp DWORD PTR ma32_jumptable[eax] ; NP loop unrolling
-
- align 4
-ma32_jumptable:
- dd ma32_case0
- dd ma32_case1
- dd ma32_case2
- dd ma32_case3
-
- nop
- align 8
- nop
- nop
- nop ; To align loop properly
-
-
-ma32_case0:
- sub ebp,4 ; U
- jbe SHORT ma32_done ; V
-
-ma32_loop:
- mov eax,[esi+4] ; U
- mov ebx,edx ; V Remember carry for later
- add esi,16 ; U
- add edi,16 ; V
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi-12] ; V
- adc edx,0 ; U
- add ebx,eax ; V
- adc edx,0 ; U
- mov [edi-12],ebx ; V
-ma32_case3:
- mov eax,[esi-8] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi-8] ; V
- adc edx,0 ; U
- add ebx,eax ; V
- adc edx,0 ; U
- mov [edi-8],ebx ; V
-ma32_case2:
- mov eax,[esi-4] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi-4] ; V
- adc edx,0 ; U
- add ebx,eax ; V
- adc edx,0 ; U
- mov [edi-4],ebx ; V
-ma32_case1:
- mov eax,[esi] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi] ; V
- adc edx,0 ; U
- add ebx,eax ; V
- adc edx,0 ; U
- mov [edi],ebx ; V
-
- sub ebp,4 ; U
- ja SHORT ma32_loop ; V
-
-ma32_done:
- pop ebx ; U
- pop ebp ; V
- mov eax,edx ; U
- pop edi ; V
- pop esi ; U
- ret ; NP
-_lbnMulAdd1_32 endp
-
-
- align 16
-_lbnMulSub1_32 proc near
- push esi ; U
- mov esi,[esp+12] ; V load in
- push edi ; U
- mov edi,[esp+12] ; V load out
- push ebp ; U
- mov ebp,[esp+24] ; V load len
- push ebx ; U
- mov ecx,[esp+32] ; V load k
-
-;; First multiply step has no carry in.
- push esi ; U
- mov esi,[esp+12] ; V load in
- push edi ; U
- mov edi,[esp+12] ; V load out
- push ebp ; U
- mov ebp,[esp+24] ; V load len
- mov ecx,[esp+28] ; U load k
-
-;; First multiply step has no carry in.
- mov eax,[esi] ; V
- mov ebx,[edi] ; U
- mul ecx ; NP first multiply
- sub ebx,eax ; U
- lea eax,[ebp*4-4] ; V loop unrolling
- adc edx,0 ; U
- and eax,12 ; V loop unrolling
- mov [edi],ebx ; U
-
- add esi,eax ; V loop unrolling
- add edi,eax ; U loop unrolling
-
- jmp DWORD PTR ms32_jumptable[eax] ; NP loop unrolling
-
- align 4
-ms32_jumptable:
- dd ms32_case0
- dd ms32_case1
- dd ms32_case2
- dd ms32_case3
-
- nop
- align 8
- nop
- nop
- nop
-
-ms32_case0:
- sub ebp,4 ; U
- jbe SHORT ms32_done ; V
-
-ms32_loop:
- mov eax,[esi+4] ; U
- mov ebx,edx ; V Remember carry for later
- add esi,16 ; U
- add edi,16 ; V
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi-12] ; V
- adc edx,0 ; U
- sub ebx,eax ; V
- adc edx,0 ; U
- mov [edi-12],ebx ; V
-ms32_case3:
- mov eax,[esi-8] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi-8] ; V
- adc edx,0 ; U
- sub ebx,eax ; V
- adc edx,0 ; U
- mov [edi-8],ebx ; V
-ms32_case2:
- mov eax,[esi-4] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi-4] ; V
- adc edx,0 ; U
- sub ebx,eax ; V
- adc edx,0 ; U
- mov [edi-4],ebx ; V
-ms32_case1:
- mov eax,[esi] ; U
- mov ebx,edx ; V Remember carry for later
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- mov ebx,[edi] ; V
- adc edx,0 ; U
- sub ebx,eax ; V
- adc edx,0 ; U
- mov [edi],ebx ; V
-
- sub ebp,4 ; U
- ja SHORT ms32_loop ; V
-
-ms32_done:
- pop ebx ; U
- pop ebp ; V
- mov eax,edx ; U
- pop edi ; V
- pop esi ; U
- ret ; NP
-_lbnMulSub1_32 endp
-
-
-
-;; Two-word by one-word divide. Stores quotient, returns remainder.
-;; BNWORD32 lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-;; 4 8 12 16
-align 4
-_lbnDiv21_32 proc near
- mov edx,[esp+8] ; U Load nh
- mov eax,[esp+12] ; V Load nl
- mov ecx,[esp+4] ; U Load q
- div DWORD PTR [esp+16] ; NP
- mov [ecx],eax ; U Store quotient
- mov eax,edx ; V Return remainder
- ret
-_lbnDiv21_32 endp
-
-;; Multi-word by one-word remainder.
-;; This speeds up key generation. It's not worth unrolling and so on;
-;; using 32-bit divides is enough of a speedup.
-;;
-;; The modulus (in ebp) is often 16 bits. Given that the dividend is 32
-;; bits, the chances of saving the first divide because the high word of the
-;; dividend is less than the modulus are low enough it's not worth taking
-;; the cycles to test for it.
-;;
-;; unsigned lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-;; 4 8 12
-align 4
-_lbnModQ_32 proc near
- mov eax,[esp+4] ; U Load n
- push ebp ; V
- mov ebp,[esp+12] ; U Load len
- push esi ; V
- lea esi,[ebp*4+eax-4] ; U
- mov ecx,[esp+20] ; V Load d
- xor edx,edx ; U Clear edx for first iteration
-modq32_loop:
- mov eax,[esi] ; U Load new low word for divide
- sub esi,4 ; V
- div ecx ; NP edx = edx:eax % ecx
- dec ebp ; U
- jnz SHORT modq32_loop ; V
-
- pop esi ; U
- mov eax,edx ; V Return remainder in eax
- pop ebp ; U
- ret ; NP
-_lbnModQ_32 endp
-
- end
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn80386.h - This file defines the interfaces to the 80386
- * assembly primitives. It is intended to be included in "lbn.h"
- * via the "#include BNINCLUDE" mechanism.
- */
-
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-
-/* MS-DOS needs the calling convention described to it. */
-#ifndef MSDOS
-#ifdef __MSDOS
-#define MSDOS 1
-#endif
-#endif
-#ifndef MSDOS
-#ifdef __MSDOS__
-#define MSDOS 1
-#endif
-#endif
-
-/* By MS-DOS, we mean 16-bit brain-dead MS-DOS. Not 32-bit good things. */
-#ifdef __GO32
-#undef MSDOS
-#endif
-#ifdef __GO32__
-#undef MSDOS
-#endif
-
-#ifdef MSDOS
-#define CDECL __cdecl
-#else
-#define CDECL /*nothing*/
-#endif
-
-#ifdef __cplusplus
-/* These assembly-language primitives use C names */
-extern "C" {
-#endif
-
-/* Function prototypes for the asm routines */
-void CDECL
-lbnMulN1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulN1_32 lbnMulN1_32
-
-bnword32 CDECL
-lbnMulAdd1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-
-bnword32 CDECL
-lbnMulSub1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-bnword32 CDECL
-lbnDiv21_32(bnword32 *q, bnword32 nh, bnword32 nl, bnword32 d);
-#define lbnDiv21_32 lbnDiv21_32
-
-unsigned CDECL
-lbnModQ_32(bnword32 const *n, unsigned len, bnword32 d);
-#define lbnModQ_32 lbnModQ_32
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#if __GNUC__
-/*
- * Use the (massively cool) GNU inline-assembler extension to define
- * inline expansions for various operations.
- *
- * The massively cool part is that the assembler can have inputs
- * and outputs, and you specify the operands and which effective
- * addresses are legal and they get substituted into the code.
- * (For example, some of the code requires a zero. Rather than
- * specify an immediate constant, the expansion specifies an operand
- * of zero which can be in various places. This lets GCC use an
- * immediate zero, or a register which contains zero if it's available.)
- *
- * The syntax is asm("asm_code" : outputs : inputs : trashed)
- * %0, %1 and so on in the asm code are substituted by the operands
- * in left-to-right order (outputs, then inputs).
- * The operands contain constraint strings and values to use.
- * Outputs must be lvalues, inputs may be rvalues. In the constraints:
- * "a" means that the operand must be in eax.
- * "d" means that the operand must be in edx.
- * "g" means that the operand may be any effective address.
- * "=" means that the operand is assigned to.
- * "%" means that this operand and the following one may be
- * interchanged if desirable.
- * "bcDSmn" means that the operand must be in ebx, ecx, esi, edi, memory,
- * or an immediate constant. (This is almost the same as "g"
- * but allowing it in eax wouldn't help because x is already
- * assigned there, and it must not be in edx, since edx is
- * overwritten by the multiply before a and b are read.)
- *
- * Note that GCC uses AT&T assembler syntax, which is rather
- * different from Intel syntax. The length (b, w or l) of the
- * operation is appended to the opcode, and the *second* operand
- * is the destination, not the first. Finally, the register names
- * are all preceded with "%". (Doubled here because % is a
- * magic character.)
- */
-
-/* (ph<<32) + pl = x*y */
-#define mul32_ppmm(ph,pl,x,y) \
- __asm__("mull %3" : "=d"(ph), "=a"(pl) : "%a"(x), "g"(y))
-
-/* (ph<<32) + pl = x*y + a */
-#define mul32_ppmma(ph,pl,x,y,a) \
- __asm__("mull %3\n\t" \
- "addl %4,%%eax\n\t" \
- "adcl %5,%%edx" \
- : "=&d"(ph), "=a"(pl) \
- : "%a"(x), "g"(y), "bcDSmn"(a), "bcDSmn"(0))
-
-/* (ph<<32) + pl = x*y + a + b */
-#define mul32_ppmmaa(ph,pl,x,y,a,b) \
- __asm__("mull %3\n\t" \
- "addl %4,%%eax\n\t" \
- "adcl %6,%%edx\n\t" \
- "addl %5,%%eax\n\t" \
- "adcl %6,%%edx" \
- : "=&d"(ph), "=a"(pl) \
- : "%a"(x), "g"(y), "%bcDSmn"(a), "bcDSmn"(b), "bcDSmn"(0))
-
-/* q = ((nh<<32) + nl) / d, return remainder. nh guaranteed < d. */
-#undef lbnDiv21_32
-#define lbnDiv21_32(q,nh,nl,d) \
- ({unsigned _; \
- __asm__("divl %4" : "=d"(_), "=a"(*q) : "d"(nh), "a"(nl), "g"(d)); \
- _;})
-
-/* No quotient, just return remainder ((nh<<32) + nl) % d */
-#define lbnMod21_32(nh,nl,d) \
- ({unsigned _; \
- __asm__("divl %3" : "=d"(_) : "d"(nh), "a"(nl), "g"(d) : "ax"); \
- _;})
-
-#endif /* __GNUC__ */
+++ /dev/null
-### Copyright (c) 1995, Colin Plumb.
-### For licensing and other legal details, see the file legal.c.
-###
-### Assembly primitives for bignum library, 80386 family, 32-bit code.
-###
-### Several primitives are included here. Only lbnMulAdd1 is *really*
-### critical, but once that's written, lnmMulN1 and lbnMulSub1 are quite
-### easy to write as well, so they are included here as well.
-### lbnDiv21 and lbnModQ are so easy to write that they're included, too.
-###
-### All functions here are for 32-bit flat mode. I.e. near code and
-### near data, although the near offsets are 32 bits.
-### Preserved registers are esp, ebp, esi, edi and ebx. That last
-### is needed by ELF for PIC, and differs from the IBM PC calling
-### convention.
-
-# Different assemblers have different conventions here
-align4=4 # could be 2 or 4
-align8=8 # could be 3 or 8
-align16=16 # cound be 4 or 16
-
-
-.text
-
-# We declare each symbol with two names, to deal with ELF/a.out variances.
- .globl lbnMulN1_32
- .globl _lbnMulN1_32
- .globl lbnMulAdd1_32
- .globl _lbnMulAdd1_32
- .globl lbnMulSub1_32
- .globl _lbnMulSub1_32
- .globl lbnDiv21_32
- .globl _lbnDiv21_32
- .globl lbnModQ_32
- .globl _lbnModQ_32
-
-## Register usage:
-## %eax - low half of product
-## %ebx - carry to next iteration
-## %ecx - multiplier (k)
-## %edx - high half of product
-## %esi - source pointer
-## %edi - dest pointer
-## %ebp - loop counter
-##
-## Stack frame:
-## +--------+ %esp+20 %esp+24 %esp+28 %esp+32 %esp+36
-## | k |
-## +--------+ %esp+16 %esp+20 %esp+24 %esp+28 %esp+32
-## | len |
-## +--------+ %esp+12 %esp+16 %esp+20 %esp+24 %esp+28
-## | in |
-## +--------+ %esp+8 %esp+12 %esp+16 %esp+20 %esp+24
-## | out |
-## +--------+ %esp+4 %esp+8 %esp+12 %esp+16 %esp+20
-## | return |
-## +--------+ %esp %esp+4 %esp+8 %esp+12 %esp+16
-## | %esi |
-## +--------+ %esp %esp+4 %esp+8 %esp+12
-## | %ebp |
-## +--------+ %esp %esp+4 %esp+8
-## | %ebx |
-## +--------+ %esp %esp+4
-## | %edi |
-## +--------+ %esp
-
- .align align16
-lbnMulN1_32:
-_lbnMulN1_32:
- pushl %esi # U
- movl 12(%esp),%esi # V load in
- pushl %ebp # U
- movl 20(%esp),%ebp # V load len
- pushl %ebx # U
- movl 28(%esp),%ecx # V load k
- pushl %edi # U
- movl 20(%esp),%edi # V load out
-
-## First multiply step has no carry in.
- movl (%esi),%eax # V
- leal -4(,%ebp,4),%ebx # U loop unrolling
- mull %ecx # NP first multiply
- movl %eax,(%edi) # U
- andl $12,%ebx # V loop unrolling
-
- addl %ebx,%esi # U loop unrolling
- addl %ebx,%edi # V loop unrolling
-
- jmp *m32_jumptable(%ebx) # NP loop unrolling
-
- .align align4
-m32_jumptable:
- .long m32_case0
- .long m32_case1
- .long m32_case2
- .long m32_case3
-
- nop
- .align align8
- nop
- nop
- nop # Get loop nicely aligned
-
-m32_case0:
- subl $4,%ebp # U
- jbe m32_done # V
-
-m32_loop:
- movl 4(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- addl $16,%esi # U
- addl $16,%edi # V
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- adcl $0,%edx # U
- movl %eax,-12(%edi) # V
-m32_case3:
- movl -8(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- adcl $0,%edx # U
- movl %eax,-8(%edi) # V
-m32_case2:
- movl -4(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- adcl $0,%edx # U
- movl %eax,-4(%edi) # V
-m32_case1:
- movl (%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- adcl $0,%edx # U
- movl %eax,(%edi) # V
-
- subl $4,%ebp # U
- ja m32_loop # V
-
-m32_done:
- movl %edx,4(%edi) # U
- popl %edi # V
- popl %ebx # U
- popl %ebp # V
- popl %esi # U
- ret # NP
-
-
- .align align16
-lbnMulAdd1_32:
-_lbnMulAdd1_32:
-
- pushl %esi # U
- movl 12(%esp),%esi # V load in
- pushl %edi # U
- movl 12(%esp),%edi # V load out
- pushl %ebp # U
- movl 24(%esp),%ebp # V load len
- pushl %ebx # U
- movl 32(%esp),%ecx # V load k
-
-## First multiply step has no carry in.
- movl (%esi),%eax # V
- movl (%edi),%ebx # U
- mull %ecx # NP first multiply
- addl %eax,%ebx # U
- leal -4(,%ebp,4),%eax # V loop unrolling
- adcl $0,%edx # U
- andl $12,%eax # V loop unrolling
- movl %ebx,(%edi) # U
-
- addl %eax,%esi # V loop unrolling
- addl %eax,%edi # U loop unrolling
-
- jmp *ma32_jumptable(%eax) # NP loop unrolling
-
- .align align4
-ma32_jumptable:
- .long ma32_case0
- .long ma32_case1
- .long ma32_case2
- .long ma32_case3
-
- .align align8
- nop
- nop
- nop # To align loop properly
-
-
-ma32_case0:
- subl $4,%ebp # U
- jbe ma32_done # V
-
-ma32_loop:
- movl 4(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- addl $16,%esi # U
- addl $16,%edi # V
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl -12(%edi),%ebx # V
- adcl $0,%edx # U
- addl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,-12(%edi) # V
-ma32_case3:
- movl -8(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl -8(%edi),%ebx # V
- adcl $0,%edx # U
- addl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,-8(%edi) # V
-ma32_case2:
- movl -4(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl -4(%edi),%ebx # V
- adcl $0,%edx # U
- addl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,-4(%edi) # V
-ma32_case1:
- movl (%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl (%edi),%ebx # V
- adcl $0,%edx # U
- addl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,(%edi) # V
-
- subl $4,%ebp # U
- ja ma32_loop # V
-
-ma32_done:
- popl %ebx # U
- popl %ebp # V
- movl %edx,%eax # U
- popl %edi # V
- popl %esi # U
- ret # NP
-
-
- .align align16
-lbnMulSub1_32:
-_lbnMulSub1_32:
- pushl %esi # U
- movl 12(%esp),%esi # V load in
- pushl %edi # U
- movl 12(%esp),%edi # V load out
- pushl %ebp # U
- movl 24(%esp),%ebp # V load len
- pushl %ebx # U
- movl 32(%esp),%ecx # V load k
-
-/* First multiply step has no carry in. */
- movl (%esi),%eax # V
- movl (%edi),%ebx # U
- mull %ecx # NP first multiply
- subl %eax,%ebx # U
- leal -4(,%ebp,4),%eax # V loop unrolling
- adcl $0,%edx # U
- andl $12,%eax # V loop unrolling
- movl %ebx,(%edi) # U
-
- addl %eax,%esi # V loop unrolling
- addl %eax,%edi # U loop unrolling
-
- jmp *ms32_jumptable(%eax) # NP loop unrolling
-
- .align align4
-ms32_jumptable:
- .long ms32_case0
- .long ms32_case1
- .long ms32_case2
- .long ms32_case3
-
- .align align8
- nop
- nop
- nop
-
-ms32_case0:
- subl $4,%ebp # U
- jbe ms32_done # V
-
-ms32_loop:
- movl 4(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- addl $16,%esi # U
- addl $16,%edi # V
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl -12(%edi),%ebx # V
- adcl $0,%edx # U
- subl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,-12(%edi) # V
-ms32_case3:
- movl -8(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl -8(%edi),%ebx # V
- adcl $0,%edx # U
- subl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,-8(%edi) # V
-ms32_case2:
- movl -4(%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl -4(%edi),%ebx # V
- adcl $0,%edx # U
- subl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,-4(%edi) # V
-ms32_case1:
- movl (%esi),%eax # U
- movl %edx,%ebx # V Remember carry for later
- mull %ecx # NP
- addl %ebx,%eax # U Add carry in from previous word
- movl (%edi),%ebx # V
- adcl $0,%edx # U
- subl %eax,%ebx # V
- adcl $0,%edx # U
- movl %ebx,(%edi) # V
-
- subl $4,%ebp # U
- ja ms32_loop # V
-
-ms32_done:
- popl %ebx # U
- popl %ebp # V
- movl %edx,%eax # U
- popl %edi # V
- popl %esi # U
- ret # NP
-
-## Two-word by one-word divide. Stores quotient, returns remainder.
-## BNWORD32 lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-## 4 8 12 16
-
- .align align16
-lbnDiv21_32:
-_lbnDiv21_32:
- movl 8(%esp),%edx # U Load nh
- movl 12(%esp),%eax # V Load nl
- movl 4(%esp),%ecx # U Load q
- divl 16(%esp) # NP
- movl %eax,(%ecx) # U Store quotient
- movl %edx,%eax # V Return remainder
- ret
-
-## Multi-word by one-word remainder.
-## This speeds up key generation. It's not worth unrolling and so on;
-## using 32-bit divides is enough of a speedup.
-##
-## The modulus (in %ebp) is often 16 bits. Given that the dividend is 32
-## bits, the chances of saving the first divide because the high word of the
-## dividend is less than the modulus are low enough it's not worth taking
-## the cycles to test for it.
-##
-## unsigned lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-## 4 8 12
- .align align16
-lbnModQ_32:
-_lbnModQ_32:
- movl 4(%esp),%eax # U Load n
- pushl %ebp # V
- movl 12(%esp),%ebp # U Load len
- pushl %esi # V
- leal -4(%eax,%ebp,4),%esi # U
- movl 20(%esp),%ecx # V Load d
- xorl %edx,%edx # U Clear MSW for first divide
-modq32_loop:
- movl (%esi),%eax # U
- subl $4,%esi # V
- divl %ecx # NP
- decl %ebp # U
- jnz modq32_loop # V
-
- popl %esi # U
- movl %edx,%eax # V
- popl %ebp # U
- ret # NP
+++ /dev/null
-;;; Copyright (c) 1995, Colin Plumb.
-;;; For licensing and other legal details, see the file legal.c.
-;;;
-;;; Assembly primitives for bignum library, 80x86 family.
-;;;
-;;; Several primitives are included here. Only lbnMulAdd1 is *really*
-;;; critical, but once that's written, lnmMul1 and lbnSub1 are quite
-;;; easy to write as well, so they are included here as well.
-;;; lbnDiv21 and lbnModQ are so easy to write that they're included, too.
-;;;
-;;; All functions here are for large code, large data.
-;;; All use standard "cdecl" calling convention: arguments pushed on the
-;;; stack (ss:sp) right to left (the leftmost agrument at the lowest address)
-;;; and popped by the caller, return values in ax or dx:ax, and register
-;;; usage as follows:
-;;;
-;;; Callee-save (preserved by callee if needed):
-;;; ss, esp, cs, eip, ds, esi, edi, ebp, high byte of FLAGS except DF,
-;;; all other registers (CRx, DRx, TRx, IDT, GDT, LDT, TR, etc.).
-;;; Caller-save (may be corrupted by callee):
-;;; es, eax, ebx, ecx, edx, low byte of flags (SF, ZF, AF, PF, CF)
-;;;
-;;; The direction flag (DF) is either preserved or cleared.
-;;; I'm not sure what the calling convention is for fs and gs. This
-;;; code never alters them.
-
-;; Not all of this code has to be '386 code, but STUPID FUCKING MASM (5.0)
-;; gives an error if you change in the middle of a segment. Rather than
-;; fight the thing, just enable '386 instructions everywhere. (And lose
-;; the error checking.)
-.386
-
-_TEXT segment para public use16 'CODE' ; 16-byte aligned because '486 cares
- assume cs:_TEXT
-
- public _lbnMulN1_16
- public _lbnMulAdd1_16
- public _lbnMulSub1_16
- public _lbnDiv21_16
- public _lbnModQ_16
-
- public _lbnMulN1_32
- public _lbnMulAdd1_32
- public _lbnMulSub1_32
- public _lbnDiv21_32
- public _lbnModQ_32
-
- public _not386
-
-
-;; Prototype:
-;; BNWORD16
-;; lbnMulAdd_16(BNWORD16 *out, BNWORD16 *in, unsigned len, BNWORD16 k)
-;;
-;; Multiply len words of "in" by k and add to len words of "out";
-;; return the len+1st word of carry. All pointers are to the least-
-;; significant ends of the appropriate arrays. len is guaraneed > 0.
-;;
-;; This 16-bit code is optimized for an 8086/80286. It will not be run
-;; on 32-bit processors except for debugging during development.
-;;
-;; NOTE that it may be possible to assume that the direction flag is clear
-;; on entry; this would avoid the need for the cld instructions. Hoewever,
-;; the Microsoft C libraries require that the direction flag be clear.
-;; Thus, lbnModQ_16 clears it before returning.
-;;
-;; Stack frame:
-;; +--------+ bp+18
-;; | k |
-;; +--------+ bp+16
-;; | len |
-;; +--------+ bp+14
-;; | |
-;; +- in -+
-;; | |
-;; +--------+ bp+10
-;; | |
-;; +- out -+
-;; | |
-;; +--------+ bp+6
-;; | |
-;; +-return-+
-;; | |
-;; +--------+ bp+2
-;; | old bp |
-;; +--------+ bp
-;;
-;; Register usage for lbnMul1_16:
-;; ds:[si] in
-;; es:[di] out
-;; bp k
-;; cx loop counter (len/4)
-;; dx,ax high,low parts of product
-;; bx carry from previous multiply iteration
-;;
-;; Register usage for lbnMulAdd1_16 and lbnMulSub1_16:
-;; ds:[si] in
-;; es:[bx+si] out
-;; bp k
-;; cx loop counter (len/4)
-;; dx,ax high,low parts of product
-;; di carry from previous multiply iteration
-;;
-;; The reson for the difference is that straight mul can use stosw, but
-;; the multiply and add or multiply and subtract add the result in, so
-;; they have to reference es:[di] to add it in.
-;;
-;; The options are either "add ax,es:[di]; stosw" or "add es:[di],ax;
-;; add di,2"; both take 10 cycles on an 80286, 27 on an 8086 and 35 on
-;; an 8088 although the former is preferred since it's one byte smaller.
-;; However, using [bx+si] is even faster; "add es:[bx+si],ax" takes
-;; 7 cycles on an 80286, 25 on an 8086 and 33 on an 8088, as well as
-;; being the smallest. (Of course, stosw, at 3 on an 80286, 11 on an
-;; 8086 amd 15 on an 8088 wins easily in the straight multiply case over
-;; mov es:[bx+si],ax, which takes 3/18/22 cycles and is larger to boot.)
-;;
-;; Most of these register assignments are driven by the 8086's instruction
-;; set. The only really practical variation would be to put the multiplier
-;; k into bx or di and use bp for carry, but if someone can make a faster
-;; Duff's device using a lookup table, bx and di are useful because indexing
-;; off them is more flexible than bp.
-;;
-;; Overview of code:
-;;
-;; len is guaranteed to be at least 1, so do the first multiply (with no
-;; carry in) unconditionally. Then go to a min loop unrolled 4 times,
-;; jumping into the middle using a variant of Duff's device.
-;;
-;; The loop is constructed using the loop instruction, which does
-;; "} while (--cnt)". This means that we have to divide the count
-;; by 4, and increment it so it doesn't start at 0. To gain a little
-;; bit more efficiency, we actually increment the count by 2, so the
-;; minimum possible value is 3, which will be shifted down to produce 0.
-;; usually in Duff's device, if the number of iterations is a multiple
-;; of the unrolling factor, you branch to just before the loop conditional
-;; and let it handle the case of 0. Here, we have a special test for 0
-;; at the head of the loop and fall through into the top of the loop
-;; if it passes.
-;;
-;; Basically, with STEP being a multiply step, it's:
-;;
-;; STEP;
-;; count += 2;
-;; mod4 = count % 4;
-;; count /= 4;
-;; switch(mod4) {
-;; case 3:
-;; if (count) {
-;; do {
-;; STEP;
-;; case 2:
-;; STEP;
-;; case 1:
-;; STEP;
-;; case 0:
-;; STEP;
-;; } while (--count);
-;; }
-;; }
-;;
-;; The switch() is actually done by two levels of branch instructions
-;; rather than a lookup table.
-
-_lbnMulN1_16 proc far
-
- push bp
- mov bp,sp
- push ds
- push si
- push di
- cld
-
- les di,[bp+6] ; out
- lds si,[bp+10] ; in
- mov cx,[bp+14] ; len
- mov bp,[bp+16] ; k
-
-;; First multiply step has no carry in
- lodsw
- mul bp
- stosw
-
-;; The switch() for Duff's device starts here
-;; Note: this *is* faster than a jump table for an 8086 and '286.
-;; 8086: jump table: 44 cycles; this: 27/29/31/41
-;; 80286: jump table: 25 cycles; this: 17/17/20/22
- shr cx,1
- jc SHORT m16_odd
-
- inc cx
- shr cx,1
- jc SHORT m16_case2
- jmp SHORT m16_case0
-
- nop ; To align loop
-m16_odd:
- inc cx
- shr cx,1
- jnc SHORT m16_case1
- jz SHORT m16_done ; Avoid entire loop in this case
-
-m16_loop:
- lodsw
- mov bx,dx ; Remember carry for later
- mul bp
- add ax,bx ; Add carry in from previous word
- adc dx,0
- stosw
-m16_case2:
- lodsw
- mov bx,dx ; Remember carry for later
- mul bp
- add ax,bx ; Add carry in from previous word
- adc dx,0
- stosw
-m16_case1:
- lodsw
- mov bx,dx ; Remember carry for later
- mul bp
- add ax,bx ; Add carry in from previous word
- adc dx,0
- stosw
-m16_case0:
- lodsw
- mov bx,dx ; Remember carry for later
- mul bp
- add ax,bx ; Add carry in from previous word
- adc dx,0
- stosw
-
- loop m16_loop
-
-m16_done:
- mov ax,dx
- stosw ; Store last word
- pop di
- pop si
- pop ds
- pop bp
- ret
-
-_lbnMulN1_16 endp
-
-
- align 2
-_lbnMulAdd1_16 proc far
-
- push bp
- mov bp,sp
- push ds
- push si
- push di
- cld
-
- les bx,[bp+6] ; out
- lds si,[bp+10] ; in
- mov cx,[bp+14] ; len
- mov bp,[bp+16] ; k
-
-;; First multiply step has no carry in
- lodsw
- mul bp
- add es:[bx],ax ; This time, store in [bx] directly
- adc dx,0
- sub bx,si ; Prepare to use [bx+si].
-
-;; The switch() for Duff's device starts here
-;; Note: this *is* faster than a jump table for an 8086 and '286.
-;; 8086: jump table: 44 cycles; this: 27/29/31/41
-;; 80286: jump table: 25 cycles; this: 17/17/20/22
- shr cx,1
- jc SHORT ma16_odd
-
- inc cx
- shr cx,1
- jc SHORT ma16_case2
- jmp SHORT ma16_case0
-
-ma16_odd:
- inc cx
- shr cx,1
- jnc SHORT ma16_case1
- jz SHORT ma16_done ; Avoid entire loop in this case
-
-ma16_loop:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- add es:[bx+si],ax
- adc dx,0
-ma16_case2:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- add es:[bx+si],ax
- adc dx,0
-ma16_case1:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- add es:[bx+si],ax
- adc dx,0
-ma16_case0:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- add es:[bx+si],ax
- adc dx,0
-
- loop ma16_loop
-
-ma16_done:
- mov ax,dx
- pop di
- pop si
- pop ds
- pop bp
- ret
-
-_lbnMulAdd1_16 endp
-
- align 2
-_lbnMulSub1_16 proc far
-
- push bp
- mov bp,sp
- push ds
- push si
- push di
- cld
-
- les bx,[bp+6] ; out
- lds si,[bp+10] ; in
- mov cx,[bp+14] ; len
- mov bp,[bp+16] ; k
-
-;; First multiply step has no carry in
- lodsw
- mul bp
- sub es:[bx],ax ; This time, store in [bx] directly
- adc dx,0
- sub bx,si ; Prepare to use [bx+si].
-
-;; The switch() for Duff's device starts here
-;; Note: this *is* faster than a jump table for an 8086 and '286.
-;; 8086: jump table: 44 cycles; this: 27/29/31/41
-;; 80286: jump table: 25 cycles; this: 17/17/20/22
- shr cx,1
- jc SHORT ms16_odd
-
- inc cx
- shr cx,1
- jc SHORT ms16_case2
- jmp SHORT ms16_case0
-
-ms16_odd:
- inc cx
- shr cx,1
- jnc SHORT ms16_case1
- jz SHORT ms16_done ; Avoid entire loop in this case
-
-ms16_loop:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- sub es:[bx+si],ax
- adc dx,0
-ms16_case2:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- sub es:[bx+si],ax
- adc dx,0
-ms16_case1:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- sub es:[bx+si],ax
- adc dx,0
-ms16_case0:
- lodsw
- mov di,dx ; Remember carry for later
- mul bp
- add ax,di ; Add carry in from previous word
- adc dx,0
- sub es:[bx+si],ax
- adc dx,0
-
- loop ms16_loop
-
-ms16_done:
- mov ax,dx
- pop di
- pop si
- pop ds
- pop bp
- ret
-
-_lbnMulSub1_16 endp
-
-;; Two-word by one-word divide. Stores quotient, returns remainder.
-;; BNWORD16 lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-;; 4 8 10 12
- align 2
-_lbnDiv21_16 proc far
- mov cx,bp ; bp NOT pushed; note change in offsets
- mov bp,sp
- mov dx,[bp+8]
- mov ax,[bp+10]
- div WORD PTR [bp+12]
- les bx,[bp+4]
- mov es:[bx],ax
- mov ax,dx
- mov bp,cx
- ret
-
- nop ; To align loop in lbnModQ properly
-
-_lbnDiv21_16 endp
-
-;; Multi-word by one-word remainder.
-;; BNWORD16 lbnModQ_16(BNWORD16 *q, unsigned len, unsigned d)
-;; 6 10 12
-_lbnModQ_16 proc far
- push bp
- mov bp,sp
- push ds
- mov bx,si
- mov cx,10[bp] ; load len
- lds si,6[bp] ; load q
- std ; loop MSW to LSW
- add si,cx
- mov bp,12[bp] ; load d
- add si,cx
- xor dx,dx ; Set up for first divide
- sub si,2 ; Adjust pointer to point to MSW
-
- lodsw ; Load first word
-
- cmp ax,bp ; See if we can skip first divide
- jnc SHORT modq16_inner ; No such luck
- mov dx,ax ; Yes! Modulus > input, so remainder = input
- dec cx ; Do loop
- jz SHORT modq16_done
-
-modq16_loop:
- lodsw
-modq16_inner:
- div bp
- loop modq16_loop
-modq16_done:
- pop ds
- mov ax,dx ; Return remainder
- pop bp
- mov si,bx
- cld ; Microsoft C's libraries assume this
- ret
-
-_lbnModQ_16 endp
-
-
-;; Similar, but using 32-bit operations.
-;;
-;; The differences are that the switch() in Duff's device is done using
-;; a jump table, and lods is not used because it's slower than load and
-;; increment. The pointers are only updated once per loop; offset
-;; addressing modes are used, since they're no slower. [di] is used
-;; instead of [bx+si] because the extra increment of di take only one
-;; cycle per loop a '486, while [bx+si] takes one extra cycle per multiply.
-;;
-;; The register assignments are also slightly different:
-;;
-;; es:[si] in
-;; ds:[di] out
-;; ecx k
-;; bp loop counter (len/4)
-;; edx,eax high,low parts of product
-;; ebx carry word from previous multiply iteration
-;;
-;; The use of bp for a loop counter lets all the 32-bit values go
-;; in caller-save registers, so there's no need to do any 32-bit
-;; saves and restores. Using ds:di for the destination saves one
-;; segment override in the lbnMulN1_32 code, since there's one more
-;; store to [di] than load from es:[si].
-;;
-;; Given the number of 32-bit references that this code uses, optimizing
-;; it for the Pentium is interesting, because the Pentium has a very
-;; inefficient implementation of prefix bytes. Each prefix byte, with
-;; the exception of 0x0f *>> on conditional branch instructions ONLY <<*
-;; is a 1-cycle non-pairiable instruction. Which has the effect of
-;; forcing the instruction it's on into the U pipe. But this code uses
-;; *lots* of prefix bytes, notably the 0x66 operand size override.
-;;
-;; For example "add [di],eax" is advised against in Intel's optimization
-;; papers, because it takes 3 cycles and 2 of them are not pairable.
-;; But any longer sequence would have a prefix byte on every instruction,
-;; resulting in even more non-pairable cycles. Also, only two instructions
-;; in the multiply kernel can go in the V pipe (the increments of si and
-;; di), and they're already there, so the pairable cycles would be wasted.
-;;
-;; Things would be *quite* different in native 32-bit mode.
-;;
-;; All instructions that could go in the V pipe that aren't there are
-;; marked.
-;;
-;; The setup code is quite intricately interleaved to get the best possible
-;; performance out of a Pentium. If you want to follow the code,
-;; pretend that the sections actually come in the following order:
-;; 1) prologue (push registers)
-;; 2) load (fetch arguments)
-;; 3) first multiply
-;; 4) loop unrolling
-;;
-;; The loop unrolling setup consists of taking the count, adjusting
-;; it to account for the first multiply, and splitting it into
-;; two parts: the high bits are a loop count, while the low bits are
-;; used to find the right entry in the Duff's device jump table and
-;; to adjust the initial data pointers.
-;;
-;; Known slack: There is one instruction in the prologue and one in
-;; the epilogue that could go in the V pipe if I could find a U-pipe
-;; instruction to pair them with, but all the U-pipe instructions
-;; are already paired, so it looks difficult.
-;;
-;; There is a cycle of Address Generation Interlock in the lbnMulN1_32
-;; code on the Pentium (not on a '486). I can't figure out how to
-;; get rid of it without wasting time elsewhere. The problem is that
-;; the load of bx needs to be done as soon as possible to let it
-;; be set up in time for the switch(). The other problem is the
-;; epilogue code which can waste time if the order of the pushed
-;; registers is diddled with so that ds doesn't come between si and di.
-;;
-;; The increment of si after the last load is redundant, and the
-;; copy of the high word of the product to the carry after the last
-;; multiply is likewise unnecessary.
-;;
-;; In these cases, the operations were done that way in order to remove
-;; cycles from the loop on the '486 and/or Pentium, even though it costs
-;; a few overhead cycles on a '386.
-;; The increment fo si has to be done early because a load based on si
-;; is the first thing in any given multiply step, and the address
-;; generation interlock on the '486 and Pentium requires that a full
-;; cycle (i.e. possibly two instructions on a Pentium) pass between
-;; incrementing a register and using it in an address.
-;; This saves one cycle per multiply on a '486 and Pentium, and costs
-;; 2 cycles per call to the function on a '386 and 1 cycle on a '486.
-;;
-;; The carry word is copied where it is so that the decrement of the loop
-;; counter happens in the V pipe. The instruction between the decrement
-;; of the loop counter and the branch should be a U-pipe instruction that
-;; doesn't affect the flags. Thus, the "mov" was rotated down from
-;; the top of the loop to fill the slot.
-;; This is a bit more marginal: it saves one cycle per loop iteration on
-;; a Pentium, and costs 2 cycles per call on a '386, '486 or Pentium.
-;;
-;; The same logic applies to the copy of the carry and increment of si
-;; before the test, in case 0, for skipping the loop entirely.
-;; It makes no difference in speed if the loop is executed, but
-;; incrementing si before saves an address generation interlock cycle
-;; On a '486 and Pentium in the case that the loop is executed.
-;; And the loop is executed more often than not.
-;;
-;; Given that just one multiply on a '386 takes 12 to 41 cycles (with the
-;; average being very much at the high end of that) 4 cycles of additional
-;; overhead per call is not a big deal.
-;;
-;; On a Pentium, it would actually be easier to *not* unroll the loop
-;; at all, since the decrement and compare are completely hidden
-;; in the V-pipe and it wouldn't cost anything to do them more often.
-;; That would save the setup for the unrolling and Duff's device at the
-;; beginning. But the overhead for that is pretty minor: ignoring what's
-;; hidden in the V pipe, it's two cycles plus the indirect jump.
-;; Not too much, and special-casing the pentium is quite a hassle.
-;; (For starters, you have to detect it, and since you're probably in
-;; V86 mode, without access to the EFLAGS register to test the CPUID bit.)
-
-
- align 16
-_lbnMulN1_32 proc far
-
- push bp ; U prologue ** Could be V
- mov bp,sp ; V prologue
- push si ; U prologue ** Could be V
- mov bx,[bp+14] ; U load len ** Could be V (AGI!)r
- push ds ; NP prologue
- les si,[bp+10] ; NP load in
- mov ecx,[bp+16] ; U load k
- dec bx ; V loop unrolling
- shl bx,2 ; U loop unrolling
- push di ; V prologue
- lds di,[bp+6] ; NP load out
- mov bp,bx ; U loop unrolling ** Could be V
- and bx,12 ; V loop unrolling
-
-;; First multiply step has no carry in.
- mov eax,es:[si] ; U first multiply
- add si,bx ; V loop unrolling
- mul ecx ; NP first multiply
- mov [di],eax ; U first multiply
- add di,bx ; V loop unrolling
-
-;; The switch() for Duff's device. This jump table is (slightly!) faster
-;; than a bunch of branches on a '386 and '486, and is probably better yet
-;; on higher processors.
- jmp WORD PTR cs:m32_jumptable[bx] ; NP loop unrolling
- align 2
-m32_jumptable:
- dw OFFSET m32_case0, 0
- dw OFFSET m32_case1, 0
- dw OFFSET m32_case2, 0
- dw OFFSET m32_case3, 0, 0, 0, 0 ; Get loop aligned properly
-
-m32_case0:
- add si,16 ; U Fix up si ** Could be V
- test bp,bp ; V
- mov ebx,edx ; U Remember carry for later
- jbe SHORT m32_done ; V Avoid entire loop if loop count is 0
-
-m32_loop:
- mov eax,es:[si-12] ; U
- add di, 16 ; V
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- mov [di-12],eax ; U
-m32_case3:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si-8] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- mov [di-8],eax ; U
-m32_case2:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si-4] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- mov [di-4],eax ; U
-m32_case1:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- add si,16 ; V
- mov [di],eax ; U
-
- sub bp,16 ; V
- mov ebx,edx ; U Remember carry for later
- ja m32_loop ; V
-
-m32_done:
- mov [di+4],edx ; U
- pop di ; V
- pop ds ; NP
- pop si ; U ** Could be V
- pop bp ; V
- ret ; NP
-
-_lbnMulN1_32 endp
-
-
- align 16
-_lbnMulAdd1_32 proc far
-
- push bp ; U prologue ** Could be V
- mov bp,sp ; V prologue
- push ds ; NP prologue
-
- mov ecx,[bp+16] ; U load k
- mov bx,[bp+14] ; V load len
- push di ; U prologue ** Could be V
- dec bx ; V loop unrolling
- lds di,[bp+6] ; NP load out
- shl bx,2 ; U loop unrolling
- push si ; V prologue
- les si,[bp+10] ; NP load in
-
- mov bp,bx ; U loop unrolling ** Could be V
- and bx,12 ; V loop unrolling
-
-;; First multiply step has no carry in.
- mov eax,es:[si] ; U first multiply
- add si,bx ; V loop unrolling
- mul ecx ; NP first multiply
- add [di],eax ; U first multiply
- adc edx,0 ; U first multiply
- add di,bx ; V loop unrolling
-
-;; The switch() for Duff's device. This jump table is (slightly!) faster
-;; than a bunch of branches on a '386 and '486, and is probably better yet
-;; on higher processors.
- jmp WORD PTR cs:ma32_jumptable[bx] ; NP loop unrolling
- align 2
-ma32_jumptable:
- dw OFFSET ma32_case0, 0
- dw OFFSET ma32_case1, 0
- dw OFFSET ma32_case2, 0
- dw OFFSET ma32_case3, 0, 0 ; To get loop aligned properly
-
-ma32_case0:
- add si,16 ; U Fix up si ** Could be V
- test bp,bp ; V
- mov ebx,edx ; U Remember carry for later
- jbe SHORT ma32_done ; V Avoid entire loop if loop count is 0
-
-ma32_loop:
- mov eax,es:[si-12] ; U
- add di, 16 ; V
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- add [di-12],eax ; U
- adc edx,0 ; U
-ma32_case3:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si-8] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- add [di-8],eax ; U
- adc edx,0 ; U
-ma32_case2:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si-4] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- add [di-4],eax ; U
- adc edx,0 ; U
-ma32_case1:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- add si,16 ; V
- add [di],eax ; U
- adc edx,0 ; U
-
- sub bp,16 ; V
- mov ebx,edx ; U Remember carry for later
- ja ma32_loop ; V
-
-ma32_done:
- pop si ; U ** Could be V
- pop di ; V
- mov ax,dx ; U return value low ** Could be V
- pop ds ; NP
- shr edx,16 ; U return value high
- pop bp ; V
- ret ; NP
-
-_lbnMulAdd1_32 endp
-
-
- align 16
-_lbnMulSub1_32 proc far
-
- push bp ; U prologue ** Could be V
- mov bp,sp ; V prologue
- push ds ; NP prologue
-
- mov ecx,[bp+16] ; U load k
- mov bx,[bp+14] ; V load len
- push di ; U prologue ** Could be V
- dec bx ; V loop unrolling
- lds di,[bp+6] ; NP load out
- shl bx,2 ; U loop unrolling
- push si ; V prologue
- les si,[bp+10] ; NP load in
-
- mov bp,bx ; U loop unrolling ** Could be V
- and bx,12 ; V loop unrolling
-
-;; First multiply step has no carry in.
- mov eax,es:[si] ; U first multiply
- add si,bx ; V loop unrolling
- mul ecx ; NP first multiply
- sub [di],eax ; U first multiply
- adc edx,0 ; U first multiply
- add di,bx ; V loop unrolling
-
-;; The switch() for Duff's device. This jump table is (slightly!) faster
-;; than a bunch of branches on a '386 and '486, and is probably better yet
-;; on higher processors.
- jmp WORD PTR cs:ms32_jumptable[bx] ; NP loop unrolling
- align 2
-ms32_jumptable:
- dw OFFSET ms32_case0, 0
- dw OFFSET ms32_case1, 0
- dw OFFSET ms32_case2, 0
- dw OFFSET ms32_case3, 0, 0 ; To get loop aligned properly
-
-ms32_case0:
- add si,16 ; U Fix up si ** Could be V
- test bp,bp ; V
- mov ebx,edx ; U Remember carry for later
- jbe SHORT ms32_done ; V Avoid entire loop if loop count is 0
-
-ms32_loop:
- mov eax,es:[si-12] ; U
- add di, 16 ; V
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- sub [di-12],eax ; U
- adc edx,0 ; U
-ms32_case3:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si-8] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- sub [di-8],eax ; U
- adc edx,0 ; U
-ms32_case2:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si-4] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- sub [di-4],eax ; U
- adc edx,0 ; U
-ms32_case1:
- mov ebx,edx ; U Remember carry for later
- mov eax,es:[si] ; U
- mul ecx ; NP
- add eax,ebx ; U Add carry in from previous word
- adc edx,0 ; U
- add si,16 ; V
- sub [di],eax ; U
- adc edx,0 ; U
-
- sub bp,16 ; V
- mov ebx,edx ; U Remember carry for later
- ja ms32_loop ; V
-
-ms32_done:
- pop si ; U ** Could be V
- pop di ; V
- mov ax,dx ; U return value low ** Could be V
- pop ds ; NP
- shr edx,16 ; U return value high
- pop bp ; V
- ret ; NP
-
-_lbnMulSub1_32 endp
-
-
-
-;; Just for interest's sake, here's a completely Pentium-optimized version.
-;; In addition to being smaller, it takes 8 + (8+mul_time)*n cycles, as
-;; compared to the 10 + jmp_time + (8+mul_time)*n cycles for the loop above.
-;; (I don't know how long a 32x32->64 bit multiply or an indirect jump
-;; take on a Pentium, so plug those numbers in.)
-; align 2
-; nop ; To align loop nicely
-;P_lbnMulAdd1_32 proc far
-;
-; push bp ; U prologue ** Could be V
-; mov bp,sp ; V prologue
-; push ds ; NP prologue
-; mov ecx,[bp+16] ; U load k
-; push si ; V prologue
-; lds si,[bp+10] ; NP load in
-; mov eax,[si] ; U first multiply
-; push di ; V prologue
-; mul ecx ; NP first multiply
-; les di,[bp+6] ; NP load out
-; add es:[di],eax ; U first multiply
-; mov bp,[bp+14] ; V load len
-; adc edx,0 ; U first multiply
-; dec bp ; V
-; mov ebx,edx ; U Remember carry for later
-; je Pma32_done ; V
-;Pma32_loop:
-; mov eax,[si+4] ; U
-; add di,4 ; V
-; mul ecx ; NP
-; add eax,ebx ; U Add carry in from previous word
-; adc edx,0 ; U
-; add si,4 ; V
-; add es:[di],eax ; U
-; adc edx,0 ; U
-; dec bp ; V
-; mov ebx,edx ; U Remember carry for later
-; jne Pma32_loop ; V
-;Pma32_done:
-; pop di ; U ** Could be V
-; pop si ; V
-; pop ds ; NP
-; mov ax,dx ; U return value low ** Could be V
-; pop bp ; V
-; shr edx,16 ; U return value high
-; ret ; NP
-;
-;P_lbnMulAdd1_32 endp
-
-
-
-;; Two-word by one-word divide. Stores quotient, returns remainder.
-;; BNWORD32 lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-;; 4 8 12 16
- align 16
-_lbnDiv21_32 proc far
- mov cx,bp ; U bp NOT pushed; offsets differ
- mov bp,sp ; V
- ; AGI
- mov edx,[bp+8] ; U
- mov eax,[bp+12] ; U
- div DWORD PTR [bp+16] ; NP
- les bx,[bp+4] ; NP
- mov es:[bx],eax ; U
- mov ax,dx ; V
- shr edx,16 ; U
- mov bp,cx ; V
- ret ; NP
-
- nop
- nop
- nop
- nop ; Get lbnModQ_32 aligned properly
-
-_lbnDiv21_32 endp
-
-;; Multi-word by one-word remainder.
-;; This speeds up key generation. It's not worth unrolling and so on;
-;; using 32-bit divides is enough of a speedup.
-;;
-;; bp is used as a counter so that all the 32-bit values can be in
-;; caller-save registers (eax, ecx, edx). bx is needed as a pointer.
-;;
-;; The modulus (in ebp) is 16 bits. Given that the dividend is 32 bits,
-;; the chances of saving the first divide because the high word of the
-;; dividend is less than the modulus are low enough it's not worth taking
-;; the cycles to test for it.
-;;
-;; unsigned lbnModQ_32(BNWORD16 *q, unsigned len, unsigned d)
-;; 6 10 12
-_lbnModQ_32 proc far
- xor ecx,ecx ; U Clear ecx (really, the high half)
- push bp ; V
- mov edx,ecx ; U Clear high word for first divide
- mov bp,sp ; V
- push ds ; NP
- lds ax,[bp+6] ; NP Load dividend pointer
- mov bx,[bp+10] ; U Load count ** Could be V
- sub ax,4 ; V Offset dividend pointer
- mov cx,[bp+12] ; U Load modulus ** Could be V
- mov bp,bx ; V Copy count
- shl bx,2 ; U Shift index
- add bx,ax ; U Add base ** Could be V
-; lea bx,[eax+ebp*4-4]; U Move pointer to high word
-
-modq32_loop:
- mov eax,[bx] ; U
- sub bx,4 ; V
- div ecx ; NP
- dec bp ; U ** Could be V
- jnz modq32_loop ; V
-modq32_done:
- pop ds ; NP
- mov ax,dx ; U ** Could be V
- pop bp ; V
- ret ; NP
-
-_lbnModQ_32 endp
-
-
-;; int not386(void) returns 0 on a 32-bit (386 or better) processor;
-;; non-zero if an 80286 or lower. The Z flag is set to reflect
-;; ax on return. This is only called once, so it doesn't matter how
-;; it's aligned.
-
-_not386 proc far
-;;
-;; This first test detects 80x86 for x < 2. On the 8086 and '186,
-;; "push sp" does "--sp; sp[0] = sp". On all later processors, it does
-;; "sp[-1] = sp; --sp".
-;;
- push sp
- pop ax
- sub ax,sp
- jne SHORT return
-
-;; This test is the key one. It will probably detect 8086, V30 and 80186
-;; as well as 80286, but I haven't had access to test it on any of those,
-;; so it's protected by the well-known test above. It has been tested
-;; on the 80286, 80386, 80486, Pentium and AMD tested it on their K5.
-;; I have not been able to confirm effectiveness on the P6 yet, although
-;; someone I spoke to at Intel said it should work.
-;;
-;; This test uses the fact that the '386 and above have a barrel shifter
-;; to do shifts, while the '286 does left shifts by releated adds.
-;; That means that on the '286, the auxilliary carry gets a copy of
-;; bit 4 of the shift output, while on the '386 and up, it's trashed
-;; (as it happens, set to 1) independent of the result. (It's documented
-;; as undefined.)
-;;
-;; We do two shifts, which should produce different auxilliary carries
-;; on a '286 and XOR them to see if they are different. Even on a
-;; future processor that does something different with the aux carry
-;; flag, it probably does something data-independent, so this will still
-;; work. Note that all flags except aux carry are defined for shl
-;; output and will be the same for both cases.
-
- mov al,4
- shl al,1 ; Expected to produce ac = 0 on a '286
- lahf
- shl al,1 ; Expected to produce ac = 1 on a '286
- mov al,ah
- lahf
- xor al,ah ; Xor the flags together to detect the difference
- mov ah,al ; Clear ah if al is clear, leave Z flag alone
-return:
- ret
-
-_not386 endp
-
-_TEXT ends
-
- end
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn8086.h - This file defines the interfaces to the 8086
- * assembly primitives for 16-bit MS-DOS environments.
- * It is intended to be included in "lbn.h"
- * via the "#include BNINCLUDE" mechanism.
- */
-
-#define BN_LITTLE_ENDIAN 1
-
-#ifdef __cplusplus
-/* These assembly-language primitives use C names */
-extern "C" {
-#endif
-
-/* Set up the appropriate types */
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-
-void __cdecl __far
-lbnMulN1_16(bnword16 __far *out, bnword16 const __far *in,
- unsigned len, bnword16 k);
-#define lbnMulN1_16 lbnMulN1_16
-
-bnword16 __cdecl __far
-lbnMulAdd1_16(bnword16 __far *out, bnword16 const __far *in,
- unsigned len, bnword16 k);
-#define lbnMulAdd1_16 lbnMulAdd1_16
-
-bnword16 __cdecl __far
-lbnMulSub1_16(bnword16 __far *out, bnword16 const __far *in,
- unsigned len, bnword16 k);
-#define lbnMulSub1_16 lbnMulSub1_16
-
-bnword16 __cdecl __far
-lbnDiv21_16(bnword16 __far *q, bnword16 nh, bnword16 nl, bnword16 d);
-#define lbnDiv21_16 lbnDiv21_16
-
-bnword16 __cdecl __far
-lbnModQ_16(bnword16 const __far *n, unsigned len, bnword16 d);
-#define lbnModQ_16 lbnModQ_16
-
-
-
-void __cdecl __far
-lbnMulN1_32(bnword32 __far *out, bnword32 const __far *in,
- unsigned len, bnword32 k);
-#define lbnMulN1_32 lbnMulN1_32
-
-bnword32 __cdecl __far
-lbnMulAdd1_32(bnword32 __far *out, bnword32 const __far *in,
- unsigned len, bnword32 k);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-
-bnword32 __cdecl __far
-lbnMulSub1_32(bnword32 __far *out, bnword32 const __far *in,
- unsigned len, bnword32 k);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-bnword32 __cdecl __far
-lbnDiv21_32(bnword32 __far *q, bnword32 nh, bnword32 nl, bnword32 d);
-#define lbnDiv21_32 lbnDiv21_32
-
-bnword16 __cdecl __far
-lbnModQ_32(bnword32 const __far *n, unsigned len, bnword32 d);
-#define lbnModQ_32 lbnModQ_32
-
-int __cdecl __far not386(void);
-
-#ifdef __cplusplus
-}
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbn960jx.h - This file defines the interfaces to assembly primitives
- * for the the Intel i960Jx series of processors. In fact, these thould
- * work on any i960 series processor, but haven't been tested.
- * It is intended to be included in "lbn.h"
- * via the "#include BNINCLUDE" mechanism.
- */
-
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32;
-
-
-#ifdef __cplusplus
-/* These assembly-language primitives use C names */
-extern "C" {
-#endif
-
-/* Function prototypes for the asm routines */
-void
-lbnMulN1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulN1_32 lbnMulN1_32
-
-bnword32
-lbnMulAdd1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-
-bnword32
-lbnMulSub1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-#ifdef __cplusplus
-}
-#endif
+++ /dev/null
-# Copyright (c) 1995 Colin Plumb. All rights reserved.
-# For licensing and other legal details, see the file legal.c.
-#
-# Assembly-language bignum primitives for the i960 Jx series.
-#
-# The Jx series is fairly straightforward single-instruction-issue
-# implementation, with a 1-cycle-issue 4-cycle-latency non-pipelined
-# multiplier that we can use. Note also that loads which hit in the
-# cache have 2 cycles of latency and stores stall until all pending
-# loads are done.
-#
-# What is intensely annoying about the i960 is that it uses the same
-# flags for all conditional branches (even compare-and-branch sets the
-# flags) AND for the carry bit. Further, it is hard to manipulate
-# that bit.
-#
-# Calling conventions:
-# The r registers are all local, if you set them up. There's an alternative
-# calling convention that uses bal (branch and link) and doesn't set them up.
-# Currently, all of these functions are designed to work that way.
-# g0-g7 are argument registers and volatile across calls. return in g0-g3.
-# g8-g11 are extra argument registers, and volatile if used, but
-# preserved if not. Here, they are not.
-# g12 is used for PIC, and is preserved.
-# g13 is a pointer to a structure return value, if used, and is volatile.
-# g14 is magic, and is used as a return address in the branch-and-link
-# convention, and as a pointer to an argument block if the arguments
-# won't fit in registers, but is usually hardwired 0 and must be
-# returned set to zero (0).
-# g15 is the frame pointer, and shouldn't be messed with.
-# The AC (condition codes) are all volatile.
-# The fp registers are all volatile, but irrelevant.
-#
-
-# BNWORD32
-# lbnMultAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-# This adds "k" * "in" to "len" words of "out" and returns the word of
-# carry.
-#
-# For doing multiply-add, the 960 is a bit annoying because it uses
-# the same status bits for the carry flag and for the loop indexing
-# computation, and doesn't have an "add with carry out but not carry in"
-# instruction. Fortunately, we can arrange to have the loop indexing
-# leave the carry bit clear most of the time.
-#
-# The basic sequence of the loop is:
-# 1. Multiply k * *in++ -> high, low
-# 2. Addc carry word and carry bit to low
-# 3. Addc carry bit to high, producing carry word (note: cannot generate carry!)
-# 4. Addc low to *out++
-#
-# Note that the carry bit set in step 4 is used in step 2. The only place
-# in this loop that the carry flag isn't in use is between steps 3 and 4,
-# so we have to rotate the loop to place the loop indexing operations here.
-# (Which consist of a compare-and-decrement and a conditional branch.)
-# The loop above ignores the details of when to do loads and stores, which
-# have some flexibility, but must be carefully scheduled to avoid stalls.
-#
-# The first iteration has no carry word in, so it requires only steps 1 and 4,
-# and since we begin the loop with step 4, it boils down to just step 1
-# followed by the loop indexing (which clears the carry bit in preparation
-# for step 4).
-#
-# Arguments are passed as follows:
-# g0 - out pointer
-# g1 - in pointer
-# g2 - length
-# g3 - k
-# The other registers are used as follows.
-# g4 - low word of product
-# g5 - high word of product
-# g6 - current word of "out"
-# g7 - carry word
-# g13 - current word of "in"
-
- .globl _lbnMulAdd1_32
-_lbnMulAdd1_32:
- ld (g1),g13 # Fetch *in
- addo g1,4,g1 # Increment in
- emul g13,g3,g4 # Do multiply (step 1)
- ld (g0),g6 # Fetch *out
- chkbit 0,g2 # Check if loop counter was odd
- shro 1,g2,g2 # Divide loop counter by 2
- mov g5,g7 # Move high word to carry
- bno ma_loop1 # If even, jump to ma_loop1
- cmpo 0,g2 # If odd, was it 1 (now 0)?
- be ma_done # If equal (carry set), jump to ending code
-
-# Entered with carry bit clear
-ma_loop:
- ld (g1),g13 # Fetch *in
- addc g4,g6,g6 # Add low to *out (step 4), generate carry
- emul g13,g3,g4 # Do multiply (step 1)
- st g6,(g0) # Write out *out
- addo g0,4,g0 # Increment out
- addo g1,4,g1 # Increment in
- ld (g0),g6 # Fetch next *out
- addc g7,g4,g4 # Add carries to low (step 2)
- addc g5,0,g7 # Add carry bit to high (step 3) & clear carry
-ma_loop1:
- ld (g1),g13 # Fetch *in
- addc g4,g6,g6 # Add low to *out (step 4), generate carry
- emul g13,g3,g4 # Do multiply (step 1)
- st g6,(g0) # Write out *out
- addo g0,4,g0 # Increment out
- addo g1,4,g1 # Increment in
- ld (g0),g6 # Fetch next *out
- addc g7,g4,g4 # Add carries to low (step 2)
- addc g5,0,g7 # Add carry bit to high (step 3) & clear carry
-
- cmpdeco 1,g2,g2
- bne ma_loop
-# When we come here, carry is *set*, and we stil have to do step 4
-ma_done:
- cmpi 0,1 # Clear carry (equal flag)
- addc g4,g6,g6 # Add low to *out (step 4), generate carry
- st g6,(g0) # Write out *out
- addc g7,0,g0 # Add carry bit and word to produce return value
- ret
-
-# Now, multiply N by 1 is similarly annoying. We only have one add in the
-# whole loop, which should just be able to leave its carry output in the
-# carry flag for the next iteration, but we need the condition codes to do
-# loop testing. *Sigh*.
-#
-# void
-# lbnMultN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-# This stores len+1 words of "k" * len words of "in" and stores the result
-# in "out".
-#
-# To avoid having to do a move after the first iteration, for the first
-# step, g4/g5 is the product. For second step, g6/g7 is used for product
-# storage and g5 is the carry in. It alternates from then on.
- .globl _lbnMulN1_32
-_lbnMulN1_32:
- ld (g1),g13 # Fetch *in
- addo g1,4,g1 # Increment in
- emul g13,g3,g4 # Do multiply (step 1)
- chkbit 0,g2 # Check if loop counter was odd
- shro 1,g2,g2 # Divide loop counter by 2
- bno m_loop1 # If even, jump to ma_loop1
- mov g4,g6
- cmpo 0,g2 # If counter was odd, was it 1 (now 0)?
- mov g5,g7
- be m_done # If equal (carry set), jump to ending code
-
-# Entered with carry bit clear
-m_loop:
- # Result in g6, carry word in g7
- ld (g1),g13 # Fetch *in
- addo g1,4,g1 # Increment in
- emul g13,g3,g4 # Do multiply (step 1)
- st g6,(g0) # Write out *out
- addo g0,4,g0 # Increment out
- addc g7,g4,g4 # Add carries to low (step 2)
-# No need to add carry bit here, because it'll get remembered until next addc.
-# addc g5,0,g5 # Add carry bit to high (step 3)
-m_loop1:
- # Carry word in g5
- ld (g1),g13 # Fetch *in
- addo g1,4,g1 # Increment in
- emul g13,g3,g6 # Do multiply (step 1)
- st g4,(g0) # Write out *out
- addo g0,4,g0 # Increment out
- addc g5,g6,g6 # Add carries to low (step 2)
- addc g7,0,g7 # Add carry bit to high (step 3)
-
- cmpdeco 1,g2,g2
- bne m_loop
-
-# When we come here, we have to store g6 and the carry word in g7.
-m_done:
- st g6,(g0) # Write out *out
- st g7,4(g0) # Write out *out
- ret
-
-# BNWORD32
-# lbnMultSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-# This subtracts "k" * "in" from "len" words of "out" and returns the word of
-# borrow.
-#
-# This is similar to multiply-add, but actually a bit more obnoxious,
-# because of the carry situation. The 960 uses a carry (rather than a borrow)
-# bit on subtracts, so the carry bit should be 1 for a subc to do the
-# same thing as an ordinary subo. So we use two carry chains: one from
-# the add of the low-order words to the high-order carry word, and a second,
-# which uses an extra register, to connect the subtracts. This avoids
-# the need to fiddle with inverting the bit in the usual case.
-#
-# Arguments are passed as follows:
-# g0 - out pointer
-# g1 - in pointer
-# g2 - length
-# g3 - k
-# The other registers are used as follows.
-# g4 - low word of product
-# g5 - high word of product
-# g6 - current word of "out"
-# g7 - carry word
-# g13 - current word of "in"
-# g14 - remembered carry bit
-
- .globl _lbnMulSub1_32
-_lbnMulSub1_32:
- ld (g1),g13 # Fetch *in
- addo g1,4,g1 # Increment in
- emul g13,g3,g4 # Do multiply (step 1)
- ld (g0),g6 # Fetch *out
- chkbit 0,g2 # Check if loop counter was odd
- mov 1,g14 # Set remembered carry for first iteration
- shro 1,g2,g2 # Divide loop counter by 2
- mov g5,g7 # Move high word to carry
- bno ms_loop1 # If even, jump to ma_loop1
- cmpo 0,g2 # If odd, was it 1 (now 0)?
- be ms_done # If equal (carry set), jump to ending code
-
-# Entered with carry bit clear
-ms_loop:
- ld (g1),g13 # Fetch *in
- cmpi g14,1 # Set carry flag
- subc g4,g6,g6 # Subtract low from *out (step 4), gen. carry
- emul g13,g3,g4 # Do multiply (step 1)
- addc 0,0,g14 # g14 = carry, then clear carry
- st g6,(g0) # Write out *out
- addo g0,4,g0 # Increment out
- addo g1,4,g1 # Increment in
- ld (g0),g6 # Fetch next *out
- addc g7,g4,g4 # Add carries to low (step 2)
- addc g5,0,g7 # Add carry bit to high (step 3)
-ms_loop1:
- ld (g1),g13 # Fetch *in
- cmpi g14,1 # Set carry flag for subtrsct
- subc g4,g6,g6 # Subtract low from *out (step 4), gen. carry
- emul g13,g3,g4 # Do multiply (step 1)
- addc 0,0,g14 # g14 = carry, then clear carry
- st g6,(g0) # Write out *out
- addo g0,4,g0 # Increment out
- addo g1,4,g1 # Increment in
- ld (g0),g6 # Fetch next *out
- addc g7,g4,g4 # Add carries to low (step 2)
- addc g5,0,g7 # Add carry bit to high (step 3)
-
- cmpdeco 1,g2,g2
- bne ms_loop
-# When we come here, carry is *set*, and we stil have to do step 4
-ms_done:
- cmpi g14,1 # set carry (equal flag)
- subc g4,g6,g6 # Add low to *out (step 4), generate carry
- st g6,(g0) # Write out *out
- subc 0,0,g14 # g14 = -1 if no carry (borrow), 0 if carry
- subo g14,g7,g0 # Add borrow bit to produce return value
- mov 0,g14 # Restore g14 to 0 for return
- ret
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbnalpha.h - header file that declares the Alpha assembly-language
- * subroutines. It is intended to be included via the BNINCLUDE
- * mechanism.
- */
-
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned long bnword64;
-#define BNWORD64 bnword64
-
-#ifdef __cplusplus
-/* These assembly-language primitives use C names */
-extern "C" {
-#endif
-
-void lbnMulN1_64(bnword64 *out, bnword64 const *in, unsigned len, bnword64 k);
-#define lbnMulN1_64 lbnMulN1_64
-
-bnword64
-lbnMulAdd1_64(bnword64 *out, bnword64 const *in, unsigned len, bnword64 k);
-#define lbnMulAdd1_64 lbnMulAdd1_64
-
-bnword64
-lbnMulSub1_64(bnword64 *out, bnword64 const *in, unsigned len, bnword64 k);
-#define lbnMulSub1_64 lbnMulSub1_64
-
-#ifdef __cplusplus
-}
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * DEC Alpha 64-bit math primitives. These use 64-bit words
- * unless otherwise noted.
- *
- * The DEC assembler apparently does some instruction scheduling,
- * but I tried to do some of my own, and tries to spread things
- * out over the register file to give the assembler more room
- * to schedule things.
- *
- * Alpha OSF/1 register usage conventions:
- * r0 - v0 - Temp, holds integer return value
- * r1..r8 - t0..t7 - Temp, trashed by procedure call
- * r9..r14 - s0..s5 - Saved across procedure calls
- * r15 - s6/FP - Frame pointer, saved across procedure calls
- * r16..r21 - a0..a5 - Argument registers, all trashed by procedure call
- * r22..r25 - t8..t11 - Temp, trashed by procedure call
- * r26 - ra - Return address
- * r27 - t12/pv - Procedure value, trashed by procedure call
- * r28 - at - Assembler temp, trashed by procedure call
- * r29 - gp - Global pointer
- * r30 - sp - Stack pointer
- * r31 - zero - hardwired to zero
- */
- .text
- .align 4
- .globl lbnMulN1_64
-/* I have no idea what the '2' at the end of the .ent line means. */
- .ent lbnMulN1_64 2
-/*
- * Arguments: $16 = out, $17 = in, $18 = len<32>, $19 = k
- * Other registers: $0 = carry word, $1 = product low,
- * $2 = product high, $3 = input word
- */
-lbnMulN1_64:
- ldq $3,0($17) /* Load first word of input */
- subl $18,1,$18
- mulq $3,$19,$1 /* Do low half of first multiply */
- umulh $3,$19,$0 /* Do second half of first multiply */
- stq $1,0($16)
- beq $18,m64_done
-m64_loop:
- ldq $3,8($17)
- addq $17,8,$17
- mulq $3,$19,$1 /* Do bottom half of multiply */
- subl $18,1,$18
- umulh $3,$19,$2 /* Do top half of multiply */
- addq $0,$1,$1 /* Add carry word from previous multiply */
- stq $1,8($16)
- cmpult $1,$0,$0 /* Compute carry bit from add */
- addq $16,8,$16
- addq $2,$0,$0 /* Add carry bit to carry word */
-
- beq $18,m64_done
-
- ldq $3,8($17)
- addq $17,8,$17
- mulq $3,$19,$1 /* Do bottom half of multiply */
- subl $18,1,$18
- umulh $3,$19,$2 /* Do top half of multiply */
- addq $0,$1,$1 /* Add carry word from previous multiply */
- stq $1,8($16)
- cmpult $1,$0,$0 /* Compute carry bit from add */
- addq $16,8,$16
- addq $2,$0,$0 /* Add carry bit to carry word */
-
- bne $18,m64_loop
-m64_done:
- stq $0,8($16) /* Store last word of result */
- ret $31,($26),1
-/* The '1' in the hint field means procedure return - software convention */
- .end lbnMulN1_64
-
-
- .text
- .align 4
- .globl lbnMulAdd1_64
- .ent lbnMulAdd1_64 2
-/*
- * Arguments: $16 = out, $17 = in, $18 = len<32>, $19 = k
- * Other registers: $0 = product high, $1 = product low,
- * $2 = product high temp, $3 = input word, $4 = output word
- * $5 = carry bit from add to out
- */
-lbnMulAdd1_64:
- ldq $3,0($17) /* Load first word of input */
- subl $18,1,$18
- mulq $3,$19,$1 /* Do low half of first multiply */
- ldq $4,0($16) /* Load first word of output */
- umulh $3,$19,$2 /* Do second half of first multiply */
- addq $4,$1,$4
- cmpult $4,$1,$5 /* Compute borrow bit from subtract */
- stq $4,0($16)
- addq $5,$2,$0 /* Add carry bit to high word */
- beq $18,ma64_done
-ma64_loop:
- ldq $3,8($17) /* Load next word of input */
- addq $17,8,$17
- ldq $4,8($16) /* Load next word of output */
- mulq $3,$19,$1 /* Do bottom half of multiply */
- subl $18,1,$18
- addq $0,$1,$1 /* Add carry word from previous multiply */
- umulh $3,$19,$2 /* Do top half of multiply */
- cmpult $1,$0,$0 /* Compute carry bit from add */
- addq $4,$1,$4 /* Add product to loaded word */
- cmpult $4,$1,$5 /* Compute carry bit from add */
- stq $4,8($16)
- addq $5,$0,$5 /* Add carry bits together */
- addq $16,8,$16
- addq $5,$2,$0 /* Add carry bits to carry word */
-
- beq $18,ma64_done
-
- ldq $3,8($17) /* Load next word of input */
- addq $17,8,$17
- ldq $4,8($16) /* Load next word of output */
- mulq $3,$19,$1 /* Do bottom half of multiply */
- subl $18,1,$18
- addq $0,$1,$1 /* Add carry word from previous multiply */
- umulh $3,$19,$2 /* Do top half of multiply */
- cmpult $1,$0,$0 /* Compute carry bit from add */
- addq $4,$1,$4 /* Add product to loaded word */
- cmpult $4,$1,$5 /* Compute carry bit from add */
- stq $4,8($16)
- addq $5,$0,$5 /* Add carry bits together */
- addq $16,8,$16
- addq $5,$2,$0 /* Add carry bits to carry word */
-
- bne $18,ma64_loop
-ma64_done:
- ret $31,($26),1
- .end lbnMulAdd1_64
-
-
- .text
- .align 4
- .globl lbnMulSub1_64
- .ent lbnMulSub1_64 2
-/*
- * Arguments: $16 = out, $17 = in, $18 = len<32>, $19 = k
- * Other registers: $0 = carry word, $1 = product low,
- * $2 = product high temp, $3 = input word, $4 = output word
- * $5 = borrow bit from subtract
- */
-lbnMulSub1_64:
- ldq $3,0($17) /* Load first word of input */
- subl $18,1,$18
- mulq $3,$19,$1 /* Do low half of first multiply */
- ldq $4,0($16) /* Load first word of output */
- umulh $3,$19,$2 /* Do second half of first multiply */
- cmpult $4,$1,$5 /* Compute borrow bit from subtract */
- subq $4,$1,$4
- addq $5,$2,$0 /* Add carry bit to high word */
- stq $4,0($16)
- beq $18,ms64_done
-ms64_loop:
- ldq $3,8($17) /* Load next word of input */
- addq $17,8,$17
- ldq $4,8($16) /* Load next word of output */
- mulq $3,$19,$1 /* Do bottom half of multiply */
- subl $18,1,$18
- addq $0,$1,$1 /* Add carry word from previous multiply */
- umulh $3,$19,$2 /* Do top half of multiply */
- cmpult $1,$0,$0 /* Compute carry bit from add */
- cmpult $4,$1,$5 /* Compute borrow bit from subtract */
- subq $4,$1,$4
- addq $5,$0,$5 /* Add carry bits together */
- stq $4,8($16)
- addq $5,$2,$0 /* Add carry bits to carry word */
- addq $16,8,$16
-
- beq $18,ms64_done
-
- ldq $3,8($17) /* Load next word of input */
- addq $17,8,$17
- ldq $4,8($16) /* Load next word of output */
- mulq $3,$19,$1 /* Do bottom half of multiply */
- subl $18,1,$18
- addq $0,$1,$1 /* Add carry word from previous multiply */
- umulh $3,$19,$2 /* Do top half of multiply */
- cmpult $1,$0,$0 /* Compute carry bit from add */
- cmpult $4,$1,$5 /* Compute borrow bit from subtract */
- subq $4,$1,$4
- addq $5,$0,$5 /* Add carry bits together */
- stq $4,8($16)
- addq $5,$2,$0 /* Add carry bits to carry word */
- addq $16,8,$16
-
- bne $18,ms64_loop
-ms64_done:
- ret $31,($26),1
- .end lbnMulSub1_64
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * lbnmem.c - low-level bignum memory handling.
- *
- * Note that in all cases, the pointers passed around
- * are pointers to the *least* significant end of the word.
- * On big-endian machines, these are pointers to the *end*
- * of the allocated range.
- *
- * BNSECURE is a simple level of security; for more security
- * change these function to use locked unswappable memory.
- */
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_STDLIB_H
-#include <stdlib.h> /* For malloc() & co. */
-#else
-void *malloc();
-void *realloc();
-void free();
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memset */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#ifndef DBMALLOC
-#define DBMALLOC 0
-#endif
-#if DBMALLOC
-/* Development debugging */
-#include "../dbmalloc/malloc.h"
-#endif
-
-#include "lbn.h"
-#include "lbnmem.h"
-
-#include "kludge.h"
-
-#include "zrtp.h"
-
-#ifndef lbnMemWipe
-void
-lbnMemWipe(void *ptr, unsigned bytes)
-{
- zrtp_memset(ptr, 0, bytes);
-}
-#define lbnMemWipe(ptr, bytes) memset(ptr, 0, bytes)
-#endif
-
-#ifndef lbnMemAlloc
-void *
-lbnMemAlloc(unsigned bytes)
-{
- return zrtp_sys_alloc(bytes);
-}
-#endif
-
-#ifndef lbnMemFree
-void
-lbnMemFree(void *ptr, unsigned bytes)
-{
- lbnMemWipe(ptr, bytes);
- zrtp_sys_free(ptr);
-}
-#endif
-
-#ifndef lbnRealloc
-#if defined(lbnMemRealloc) || !BNSECURE
-void *
-lbnRealloc(void *ptr, unsigned oldbytes, unsigned newbytes)
-{
- if (ptr) {
- BIG(ptr = (char *)ptr - oldbytes;)
- if (newbytes < oldbytes)
- memmove(ptr, (char *)ptr + oldbytes-newbytes, oldbytes);
- }
-#ifdef lbnMemRealloc
- ptr = lbnMemRealloc(ptr, oldbytes, newbytes);
-#else
- ptr = realloc(ptr, newbytes);
-#endif
- if (ptr) {
- if (newbytes > oldbytes)
- memmove((char *)ptr + newbytes-oldbytes, ptr, oldbytes);
- BIG(ptr = (char *)ptr + newbytes;)
- }
-
- return ptr;
-}
-
-#else /* BNSECURE */
-
-void *
-lbnRealloc(void *oldptr, unsigned oldbytes, unsigned newbytes)
-{
- void *newptr = lbnMemAlloc(newbytes);
-
- if (!newptr)
- return newptr;
- if (!oldptr)
- return BIGLITTLE((char *)newptr+newbytes, newptr);
-
- /*
- * The following copies are a bit non-obvious in the big-endian case
- * because one of the pointers points to the *end* of allocated memory.
- */
- if (newbytes > oldbytes) { /* Copy all of old into part of new */
- BIG(newptr = (char *)newptr + newbytes;)
- BIG(oldptr = (char *)oldptr - oldbytes;)
- memcpy(BIGLITTLE((char *)newptr-oldbytes, newptr), oldptr,
- oldbytes);
- } else { /* Copy part of old into all of new */
- memcpy(newptr, BIGLITTLE((char *)oldptr-newbytes, oldptr),
- newbytes);
- BIG(newptr = (char *)newptr + newbytes;)
- BIG(oldptr = (char *)oldptr - oldbytes;)
- }
-
- lbnMemFree(oldptr, oldbytes);
-
- return newptr;
-}
-#endif /* BNSECURE */
-#endif /* !lbnRealloc */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Operations on the usual buffers of bytes
- */
-#ifndef BNSECURE
-#define BNSECURE 1
-#endif
-
-/*
- * These operations act on buffers of memory, just like malloc & free.
- * One exception: it is not legal to pass a NULL pointer to lbnMemFree.
- */
-
-#ifndef lbnMemAlloc
-void *lbnMemAlloc(unsigned bytes);
-#endif
-
-#ifndef lbnMemFree
-void lbnMemFree(void *ptr, unsigned bytes);
-#endif
-
-/* This wipes out a buffer of bytes if necessary needed. */
-
-#ifndef lbnMemWipe
-#if BNSECURE
-void lbnMemWipe(void *ptr, unsigned bytes);
-#else
-#define lbnMemWipe(ptr, bytes) (void)(ptr,bytes)
-#endif
-#endif /* !lbnMemWipe */
-
-/*
- * lbnRealloc is NOT like realloc(); it's endian-sensitive!
- * If lbnMemRealloc is #defined, lbnRealloc will be defined in terms of it.
- * It is legal to pass a NULL pointer to lbnRealloc, although oldbytes
- * will always be sero.
- */
-#ifndef lbnRealloc
-void *lbnRealloc(void *ptr, unsigned oldbytes, unsigned newbytes);
-#endif
-
-
-/*
- * These macros are the ones actually used most often in the math library.
- * They take and return pointers to the *end* of the given buffer, and
- * take sizes in terms of words, not bytes.
- *
- * Note that LBNALLOC takes the pointer as an argument instead of returning
- * the value.
- *
- * Note also that these macros are only useable if you have included
- * lbn.h (for the BIG and BIGLITTLE macros), which this file does NOT include.
- */
-
-#define LBNALLOC(p,type,words) BIGLITTLE( \
- if ( ((p) = (type *)lbnMemAlloc((words)*sizeof*(p))) != 0) \
- (p) += (words), \
- (p) = (type *)lbnMemAlloc((words) * sizeof*(p)) \
- )
-#define LBNFREE(p,words) lbnMemFree((p) BIG(-(words)), (words) * sizeof*(p))
-#define LBNREALLOC(p,old,new) \
- lbnRealloc(p, (old) * sizeof*(p), (new) * sizeof*(p))
-#define LBNWIPE(p,words) lbnMemWipe((p) BIG(-(words)), (words) * sizeof*(p))
-
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#include "lbnppc.h"
-
-/*
- * lbnppc.c - Assembly primitives for the bignum library, PowerPC version.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Register usage during function calls is:
- * r0 - volatile
- * r1 - stack pointer, preserved
- * r2 - TOC pointer, preserved
- * r3 - First argument and return value register
- * r4-r10 - More argument registers, volatile
- * r11-r12 - Volatile
- * r13-r31 - Preserved
- * LR, CTR, XER and MQ are all volatile.
- * LR holds return address on entry.
- *
- * On the PPC 601, unrolling the loops more doesn't seem to speed things
- * up at all. I'd be curious if other chips differed.
- */
-#if __MWERKS__ < 0x800
-
-#include "ppcasm.h" /* PowerPC assembler */
-
-/*
- * MulN1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-static const unsigned mulN1[] = {
- PPC_LWZ(7,4,0), /* Load first word of in in r7 */
- PPC_MULLW(8,7,6), /* Low half of multiply in r8 */
- PPC_MTCTR(5), /* Move len into CTR */
- PPC_ADDIC(0,0,0), /* Clear carry bit for loop */
- PPC_MULHWU(5,7,6), /* High half of multiply in r5 */
- PPC_STW(8,3,0),
- PPC_BC(18,31,7), /* Branch to Label if --ctr == 0 */
-/* Loop: */
- PPC_LWZU(7,4,4), /* r7 = *++in */
- PPC_MULLW(8,7,6), /* r8 = low word of product */
- PPC_ADDE(8,8,5), /* Add carry word r5 and bit CF to r8 */
- PPC_STWU(8,3,4), /* *++out = r8 */
- PPC_MULHWU(5,7,6), /* r5 is high word of product, for carry word */
- PPC_BC(16,31,-5), /* Branch to Loop if --ctr != 0 */
-/* Label: */
- PPC_ADDZE(5,5), /* Add carry flag to r5 */
- PPC_STW(5,3,4), /* out[1] = r5 */
- PPC_BLR()
-};
-
-/*
- * MulAdd1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-static unsigned const mulAdd1[] = {
- PPC_LWZ(7,4,0), /* Load first word of in in r7 */
- PPC_LWZ(0,3,0), /* Load first word of out into r0 */
- PPC_MULLW(8,7,6), /* Low half of multiply in r8 */
- PPC_MTCTR(5), /* Move len into CTR */
- PPC_MULHWU(5,7,6), /* High half of multiply in r5 */
- PPC_ADDC(8,8,0), /* r8 = r8 + r0 */
- PPC_STW(8,3,0), /* Store result to memory */
- PPC_BC(18,31,10), /* Branch to Label if --ctr == 0 */
-/* Loop: */
- PPC_LWZU(7,4,4), /* r7 = *++in */
- PPC_LWZU(0,3,4), /* r0 = *++out */
- PPC_MULLW(8,7,6), /* r8 = low word of product */
- PPC_ADDE(8,8,5), /* Add carry word r5 and carry bit CF to r8 */
- PPC_MULHWU(5,7,6), /* r5 is high word of product, for carry word */
- PPC_ADDZE(5,5), /* Add carry bit from low add to r5 */
- PPC_ADDC(8,8,0), /* r8 = r8 + r0 */
- PPC_STW(8,3,0), /* *out = r8 */
- PPC_BC(16,31,-8), /* Branch to Loop if --ctr != 0 */
-/* Label: */
- PPC_ADDZE(3,5), /* Add carry flag to r5 and move to r3 */
- PPC_BLR()
-};
-
-/*
- * MulSub1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- *
- * Multiply and subtract is rather a pain. If the subtract of the
- * low word of the product from out[i] generates a borrow, we want to
- * increment the carry word (initially in the range 0..0xfffffffe).
- * However, the PPC's carry bit CF is *clear* after a subtract, so
- * we want to add (1-CF) to the carry word. This is done using two
- * instructions:
- *
- * SUBFME, subtract from minus one extended. This computes
- * rD = ~rS + 0xffffffff + CF. Since rS is from 0 to 0xfffffffe,
- * ~rS is from 1 through 0xffffffff, and the sum with 0xffffffff+CF is
- * from 0 through 0xfffffffff, setting the carry flag unconditionally, and
- * NOR, which is used as a bitwise invert NOT instruction.
- *
- * The SUBFME performs the computation rD = ~rS + 0xffffffff + CF,
- * = (-rS - 1) + (CF - 1) = -(rS - CF + 1) - 1 = ~(rS + 1-CF),
- * which is the bitwise complement of the value we want.
- * We want to add the complement of that result to the low word of the
- * product, which is just what a subtract would do, if only we could get
- * the carry flag clear. But it's always set, except for SUBFE, and the
- * operation we just performed unconditionally *sets* the carry flag. Ugh.
- * So find the complement in a separate instruction.
- */
-static unsigned const mulSub1[] = {
- PPC_LWZ(7,4,0), /* Load first word of in in r7 */
- PPC_LWZ(0,3,0), /* Load first word of out into r0 */
- PPC_MTCTR(5), /* Move len into CTR */
- PPC_MULLW(8,7,6), /* Low half of multiply in r8 */
- PPC_MULHWU(5,7,6), /* High half of multiply in r5 */
- PPC_SUBFC(8,8,0), /* r8 = r0 - r8, setting CF */
- PPC_STW(8,3,0), /* Store result to memory */
- PPC_SUBFME(5,5), /* First of two insns to add (1-CF) to r5 */
- PPC_BC(18,31,12), /* Branch to Label if --ctr == 0 */
-/* Loop: */
- PPC_LWZU(7,4,4), /* r7 = *++in */
- PPC_LWZU(0,3,4), /* r0 = *++out */
- PPC_NOR(5,5,5), /* Second of two insns to add (1-CF) to r5 */
- PPC_MULLW(8,7,6), /* r8 = low word of product */
- PPC_ADDC(8,8,5), /* Add carry word r5 to r8 */
- PPC_MULHWU(5,7,6), /* r5 is high word of product, for carry word */
- PPC_ADDZE(5,5), /* Add carry bit from low add to r5 */
- PPC_SUBFC(8,8,0), /* r8 = r0 - r8, setting CF */
- PPC_STW(8,3,0), /* *out = r8 */
- PPC_SUBFME(5,5), /* First of two insns to add (1-CF) to r5 */
- PPC_BC(16,31,-10), /* Branch to Loop if --ctr != 0 */
-/* Label: */
- PPC_NOR(3,5,5), /* Finish adding (1-CF) to r5, store in r3 */
- PPC_BLR()
-};
-
-#if 0
-/*
- * Args: BNWORD32 *n, BNWORD32 const *mod, unsigned mlen, BNWORD32 inv)
- * r3 r4 r5 r6
- * r7, r8 and r9 are the triple-width accumulator.
- * r0 and r10 are temporary registers.
- * r11 and r12 are temporary pointers into n and mod, respectively.
- * r2 (!) is another temporary register.
- */
-static unsigned const montReduce[] = {
- PPC_MTCTR(5), /* ??? */
- PPC_LWZ(7,3,0), /* Load low word of n into r7 */
- PPC_LWZ(10,4,0), /* Fetch low word of mod */
- PPC_MULLW(0,7,6), /* Invert r7 into r0 */
- PPC_STW(0,3,0), /* Store back for future use */
- PPC_MULHWU(8,10,7), /* Get high word of whatnot */
- PPC_MULLW(10,10,7), /* Get low word of it */
- PPC_ADDC(7,7,10), /* Add low word of product to r7 */
- PPC_ADDZE(8,8), /* Add carry to high word */
- PPC_
-
-
- PPC_MULHW(8,7,6),
- PPC_ADDC(7,7,0), /* Add inverse back to r7 */
- PPC_ADDZE(8,8),
- PPC_
-
- PPC_LWZU(
-/* Loop: */
- PPC_LWZU(0,11,4),
- PPC_LWZU(10,23,-4),
- PPC_MULLW(2,0,10),
- PPC_ADDC(7,7,2),
- PPC_MULHWU(0,0,10),
- PPC_ADDE(8,8,0),
- PPC_ADDZE(9,9),
- PPC_BC(16,31,-7), /* Branch to Loop if --ctr != 0 */
-
- PPC_ADDIC_(count,-1),
- PPC_LWZU(0,x,4),
- PPC_ADDC(0,7,0),
- PPC_STW(0,x,0),
- PPC_ADDZE(7,8),
- PPC_ADDZE(8,9),
- PPC_LI(9,0),
- PPC_BC(xx,2,yy),
-
-};
-#endif
-
-/*
- * Three overlapped transition vectors for three functions.
- * A PowerPC transition vector for a (potentially) inter-module
- * jump or call consists of two words, an instruction address
- * and a Table Of Contents (TOC) pointer, which is loaded into
- * r1. Since none of the routines here have global variables,
- * they don't need a TOC pointer, so the value is unimportant.
- * This array places an unintersting 32-bit value after each address.
- */
-unsigned const * const lbnPPC_tv[] = {
- mulN1,
- mulAdd1,
- mulSub1,
- 0
-};
-
-#else /* __MWERKS >= 0x800 */
-
-/*
- * MulN1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-asm void
-lbnMulN1_32(register unsigned *out, register unsigned const *in,
- register unsigned len, register unsigned k)
-{
- lwz r7,0(in) /* Load first word of in in r7 */
- mtctr len /* Move len into CTR */
- mullw r8,r7,k /* Low half of multiply in r8 */
- addic r0,r0,0 /* Clear carry bit for loop */
- mulhwu len,r7,k /* High half of multiply in len */
- stw r8,0(out) /* *out = r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- bdz- label /* Branch to Label if --ctr == 0 */
-loop:
- lwzu r7,4(in) /* r7 = *++in */
- mullw r8,r7,k /* Low half of multiply in r8 */
- adde r8,r8,len /* Add carry word len and bit CF to r8 */
- stwu r8,4(out) /* *++out = r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- bdnz+ loop /* Branch to Loop if --ctr != 0 */
-label:
- addze len,len /* Add carry flag to carry word */
- stw len,4(out)
- blr
-}
-
-/*
- * MulAdd1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-asm unsigned
-lbnMulAdd1_32(register unsigned *out, register unsigned const *in,
- register unsigned len, register unsigned k)
-{
- lwz r7,0(in) /* Load first word of in in r7 */
- lwz r0,0(out) /* Load first word of out into r0 */
- mullw r8,r7,k /* Low half of multiply in r8 */
- mtctr len /* Move len into CTR */
- mulhwu len,r7,k /* High half of multiply in len */
- addc r8,r8,r0 /* r8 = r8 + r0 */
- stw r8,0(out) /* Store result to memory */
- bdz- label /* Branch to Label if --ctr == 0 */
-loop:
- lwzu r7,4(in) /* r7 = *++in */
- lwzu r0,4(out) /* r0 = *++out */
- mullw r8,r7,k /* r8 = low word of product */
- adde r8,r8,len /* Add carry word len and carry bit CF to r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- addze len,len /* Add carry bit from low add to r5 */
- addc r8,r8,r0 /* r8 = r8 + r0 */
- stw r8,0(out) /* *out = r8 */
- bdnz+ loop /* Branch to Loop if --ctr != 0 */
-label:
- addze r3,r5 /* Add carry flag to r5 and move to r3 */
- blr
-}
-
-/*
- * MulSub1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- *
- * Multiply and subtract is rather a pain. If the subtract of the
- * low word of the product from out[i] generates a borrow, we want to
- * increment the carry word (initially in the range 0..0xfffffffe).
- * However, the PPC's carry bit CF is *clear* after a subtract, so
- * we want to add (1-CF) to the carry word. This is done using two
- * instructions:
- *
- * SUBFME, subtract from minus one extended. This computes
- * rD = ~rS + 0xffffffff + CF. Since rS is from 0 to 0xfffffffe,
- * ~rS is from 1 through 0xffffffff, and the sum with 0xffffffff+CF is
- * from 0 through 0xfffffffff, setting the carry flag unconditionally, and
- * NOR, which is used as a bitwise invert NOT instruction.
- *
- * The SUBFME performs the computation rD = ~rS + 0xffffffff + CF,
- * = (-rS - 1) + (CF - 1) = -(rS - CF + 1) - 1 = ~(rS + 1-CF),
- * which is the bitwise complement of the value we want.
- * We want to add the complement of that result to the low word of the
- * product, which is just what a subtract would do, if only we could get
- * the carry flag clear. But it's always set, except for SUBFE, and the
- * operation we just performed unconditionally *sets* the carry flag. Ugh.
- * So find the complement in a separate instruction.
- */
-asm unsigned
-lbnMulSub1_32(register unsigned *out, register unsigned const *in,
- register unsigned len, register unsigned k)
-{
- lwz r7,0(in) /* Load first word of in in r7 */
- lwz r0,0(out) /* Load first word of out into r0 */
- mtctr len /* Move len into CTR */
- mullw r8,r7,k /* Low half of multiply in r8 */
- mulhwu len,r7,k /* High half of multiply in len */
- subfc r8,r8,r0 /* r8 = r0 - r8, setting CF */
- stw r8,0(out) /* Store result to memory */
- subfme len,len /* First of two insns to add (1-CF) to len */
- bdz- label /* Branch to Label if --ctr == 0 */
-loop:
- lwzu r7,4(in) /* r7 = *++in */
- lwzu r0,4(out) /* r0 = *++out */
- nor len,len,len /* Second of two insns to add (1-CF) to len */
- mullw r8,r7,k /* r8 = low word of product */
- addc r8,r8,len /* Add carry word len to r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- addze len,len /* Add carry bit from low add to len */
- subfc r8,r8,r0 /* r8 = r0 - r8 */
- stw r8,0(out) /* *out = r8 */
- subfme len,len /* First of two insns to add (1-CF) to len */
- bdnz+ loop /* Branch to Loop if --ctr != 0 */
-label:
- nor r3,r5,r5 /* Finish adding (1-CF) to len, store in r3 */
- blr
-}
-
-#endif /* __MWERKS >= 0x800 */
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef LBNPPC_H
-#define LBNPPC_H
-
-/*
- * Assembly-language routines for the Power PC processor.
- * Annoyingly, the Power PC does not have 64/32->32 bit divide,
- * so the C code should be reasonably fast. But it does have
- * 32x32->64-bit multiplies, and these routines provide access
- * to that.
- *
- * In versions of CodeWarrior before 8.0, there was no PPC assembler,
- * so a kludged-up one in CPP is used. This requires casting an
- * array of unsigneds to function pointer type, and a function pointer
- * is not a pointer to the code, but rather a pointer to a (code,TOC)
- * pointer pair which we fake up.
- *
- * CodeWarrior 8.0 supports PCC assembly, which is used directly.
- */
-
-/*
- * Bignums are stored in arrays of 32-bit words, and the least
- * significant 32-bit word has the lowest address, thus "little-endian".
- * The C code is slightly more efficient this way, so unless the
- * processor cares (the PowerPC, like most RISCs, doesn't), it is
- * best to use BN_LITTLE_ENDIAN.
- * Note that this has NOTHING to do with the order of bytes within a 32-bit
- * word; the math library is insensitive to that.
- */
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned bnword32;
-#define BNWORD32 bnword32
-
-#if __MWERKS__ < 0x800
-
-/* Shared transition vector array */
-extern unsigned const * const lbnPPC_tv[];
-
-/* A function pointer on the PowerPC is a pointer to a transition vector */
-#define lbnMulN1_32 \
-((void (*)(bnword32 *, bnword32 const *, unsigned, bnword32))(lbnPPC_tv+0))
-#define lbnMulAdd1_32 \
-((bnword32 (*)(bnword32 *, bnword32 const *, unsigned, bnword32))(lbnPPC_tv+1))
-#define lbnMulSub1_32 \
-((bnword32 (*)(bnword32 *, bnword32 const *, unsigned, bnword32))(lbnPPC_tv+2))
-
-#else /* __MWERKS__ >= 0x800 */
-
-void lbnMulN1_32(bnword32 *, bnword32 const *, unsigned, bnword32);
-#define lbnMulN1_32 lbnMulN1_32
-bnword32 lbnMulAdd1_32(bnword32 *, bnword32 const *, unsigned, bnword32);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-bnword32 lbnMulSub1_32(bnword32 *, bnword32 const *, unsigned, bnword32);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-#endif /* __MWERKS__ >= 0x800 */
-
-#endif /* LBNPPC_H */
+++ /dev/null
-/*
- * bnlib - BigNum multiprecision integer math library.
- * Copyright (c) 1995, 2005 Colin Plumb. All rights reserved.
- *
- * This library (the "program") is licensed under the terms of the GNU
- * General Public License (GPL) as published by the Free Software
- * Foundation, GPL version 2 or version 3 at your option, except as
- * described below.
- *
- * Philip Zimmermann has received from Colin Plumb the unlimited right
- * to sublicense this library to others under non-GPL terms. If by
- * private arrangement with Philip Zimmermann you've received this
- * library under a different license, that license will supersede the
- * terms set out in this document.
- *
- * You may not redistribute this library except according to the terms
- * described in this document. Don't be confused by the GPL. It is
- * not the LGPL, Apache, MIT, BSD, Creative Commons, WTFPL, or any
- * other license you might imagine. It is the GPL, as included below.
- *
- * The GPL license places many complex restrictions on the
- * distribution of this library which might make it inconvenient to
- * use in a commercial project. Be sure to check the exact details of
- * the license before you use this library for anything meaningful.
- * For more information about the GPL, visit:
- * http://www.gnu.org/copyleft/gpl.html
- *
- * To license this library under non-GPL terms, please contact: Philip
- * Zimmermann <prz@mit.edu> (http://philzimmermann.com).
- *
- * As a special exception, you may combine this library with the code
- * of FreeSWITCH or FreeSWITCH derivatives and modify, redistribute,
- * and use the resulting source code and executable binaries
- * (including modified versions of each) under the Mozilla Public
- * License Version 1.1 (MPLv1.1). For more information about
- * FreeSWITCH, visit: https://freeswitch.org/
- *
- * As a restatement of the above, you may use, modify, and
- * redistribute this library as if it were licensed under the MPLv1.1
- * if and only if it is combined with FreeSWITCH or a derivative work
- * of the FreeSWITCH code. If it is not combined with anything, the
- * terms of the GPL apply. If it is combined with any other program
- * that is not FreeSWITCH or a derivative work of the FreeSWITCH code
- * but not also combined with FreeSWITCH or a derivative work of the
- * FreeSWITCH code in the same work, the terms of the GPL apply.
- *
- * I, Phil Zimmermann, would like to make the following non-binding
- * request of any contributors to this library: please make your
- * changes available for me to sublicense. I support myself in part
- * on my ability to license software I've created to producers of
- * proprietary software, and I'd like to include your contributions in
- * the proprietary releases I make. You can allow me to do so either
- * by placing your changes in the public domain (e.g. "I place these
- * changes in the public domain") or by granting me certain rights to
- * your changes (e.g. "I grant to Philip Zimmermann a non-exclusive,
- * irrevocable, world-wide license to distribute, modify, use in any
- * way, and sublicense under any terms my code and changes to
- * bnlib").
- *
- * This file must be packaged together with the rest of the bnlib
- * source code. That's why it's in a .c file.
- *
- * This software might be subject to export controls by the US
- * Commerce Department's Bureau of Industry and Security. This
- * software is provided "as is," with no warranty expressed or
- * implied.
- *
- */
-
-/* Force inclusion of this copyright string. It may be commented out only
- * if necessary in order to squeeze bnlib into memory-starved environments. */
-#include "legal.h"
-volatile const char bnCopyright[] =
- "\0bnlib Copyright (c) 1995, 2005 Colin Plumb.";
-
-
-/****************************************************************************
-
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users. This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it. (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.) You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
- To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have. You must make sure that they, too, receive or can get the
-source code. And you must show them these terms so they know their
-rights.
-
- We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
- Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software. If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
- Finally, any free program is threatened constantly by software
-patents. We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary. To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- GNU GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License. The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language. (Hereinafter, translation is included without limitation in
-the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
- 1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
- 2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) You must cause the modified files to carry prominent notices
- stating that you changed the files and the date of any change.
-
- b) You must cause any work that you distribute or publish, that in
- whole or in part contains or is derived from the Program or any
- part thereof, to be licensed as a whole at no charge to all third
- parties under the terms of this License.
-
- c) If the modified program normally reads commands interactively
- when run, you must cause it, when started running for such
- interactive use in the most ordinary way, to print or display an
- announcement including an appropriate copyright notice and a
- notice that there is no warranty (or else, saying that you provide
- a warranty) and that users may redistribute the program under
- these conditions, and telling the user how to view a copy of this
- License. (Exception: if the Program itself is interactive but
- does not normally print such an announcement, your work based on
- the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
- a) Accompany it with the complete corresponding machine-readable
- source code, which must be distributed under the terms of Sections
- 1 and 2 above on a medium customarily used for software interchange; or,
-
- b) Accompany it with a written offer, valid for at least three
- years, to give any third party, for a charge no more than your
- cost of physically performing source distribution, a complete
- machine-readable copy of the corresponding source code, to be
- distributed under the terms of Sections 1 and 2 above on a medium
- customarily used for software interchange; or,
-
- c) Accompany it with the information you received as to the offer
- to distribute corresponding source code. (This alternative is
- allowed only for noncommercial distribution and only if you
- received the program in object code or executable form with such
- an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it. For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable. However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
- 4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License. Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
- 5. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Program or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
- 6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
- 7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all. For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
- 8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation. If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
- 10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission. For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this. Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
- NO WARRANTY
-
- 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
- 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
- Gnomovision version 69, Copyright (C) year name of author
- Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary. Here is a sample; alter the names:
-
- Yoyodyne, Inc., hereby disclaims all copyright interest in the program
- `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
- <signature of Ty Coon>, 1 April 1989
- Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs. If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
-
-****************************************************************************/
-
-
-/****************************************************************************
-
- GNU GENERAL PUBLIC LICENSE
- Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
- The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works. By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users. We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors. You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
- To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights. Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received. You must make sure that they, too, receive
-or can get the source code. And you must show them these terms so they
-know their rights.
-
- Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
- For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software. For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
- Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so. This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software. The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable. Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products. If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
- Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary. To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-
- TERMS AND CONDITIONS
-
- 0. Definitions.
-
- "This License" refers to version 3 of the GNU General Public License.
-
- "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
- "The Program" refers to any copyrightable work licensed under this
-License. Each licensee is addressed as "you". "Licensees" and
-"recipients" may be individuals or organizations.
-
- To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy. The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
- A "covered work" means either the unmodified Program or a work based
-on the Program.
-
- To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy. Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
- To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies. Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
- An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License. If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
- 1. Source Code.
-
- The "source code" for a work means the preferred form of the work
-for making modifications to it. "Object code" means any non-source
-form of a work.
-
- A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
- The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form. A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
- The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities. However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work. For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
- The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
- The Corresponding Source for a work in source code form is that
-same work.
-
- 2. Basic Permissions.
-
- All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met. This License explicitly affirms your unlimited
-permission to run the unmodified Program. The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work. This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
- You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force. You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright. Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
- Conveying under any other circumstances is permitted solely under
-the conditions stated below. Sublicensing is not allowed; section 10
-makes it unnecessary.
-
- 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
- No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
- When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
- 4. Conveying Verbatim Copies.
-
- You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
- You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
- 5. Conveying Modified Source Versions.
-
- You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
- a) The work must carry prominent notices stating that you modified
- it, and giving a relevant date.
-
- b) The work must carry prominent notices stating that it is
- released under this License and any conditions added under section
- 7. This requirement modifies the requirement in section 4 to
- "keep intact all notices".
-
- c) You must license the entire work, as a whole, under this
- License to anyone who comes into possession of a copy. This
- License will therefore apply, along with any applicable section 7
- additional terms, to the whole of the work, and all its parts,
- regardless of how they are packaged. This License gives no
- permission to license the work in any other way, but it does not
- invalidate such permission if you have separately received it.
-
- d) If the work has interactive user interfaces, each must display
- Appropriate Legal Notices; however, if the Program has interactive
- interfaces that do not display Appropriate Legal Notices, your
- work need not make them do so.
-
- A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit. Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
- 6. Conveying Non-Source Forms.
-
- You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
- a) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by the
- Corresponding Source fixed on a durable physical medium
- customarily used for software interchange.
-
- b) Convey the object code in, or embodied in, a physical product
- (including a physical distribution medium), accompanied by a
- written offer, valid for at least three years and valid for as
- long as you offer spare parts or customer support for that product
- model, to give anyone who possesses the object code either (1) a
- copy of the Corresponding Source for all the software in the
- product that is covered by this License, on a durable physical
- medium customarily used for software interchange, for a price no
- more than your reasonable cost of physically performing this
- conveying of source, or (2) access to copy the
- Corresponding Source from a network server at no charge.
-
- c) Convey individual copies of the object code with a copy of the
- written offer to provide the Corresponding Source. This
- alternative is allowed only occasionally and noncommercially, and
- only if you received the object code with such an offer, in accord
- with subsection 6b.
-
- d) Convey the object code by offering access from a designated
- place (gratis or for a charge), and offer equivalent access to the
- Corresponding Source in the same way through the same place at no
- further charge. You need not require recipients to copy the
- Corresponding Source along with the object code. If the place to
- copy the object code is a network server, the Corresponding Source
- may be on a different server (operated by you or a third party)
- that supports equivalent copying facilities, provided you maintain
- clear directions next to the object code saying where to find the
- Corresponding Source. Regardless of what server hosts the
- Corresponding Source, you remain obligated to ensure that it is
- available for as long as needed to satisfy these requirements.
-
- e) Convey the object code using peer-to-peer transmission, provided
- you inform other peers where the object code and Corresponding
- Source of the work are being offered to the general public at no
- charge under subsection 6d.
-
- A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
- A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling. In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage. For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product. A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
- "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source. The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
- If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information. But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
- The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed. Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
- Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
- 7. Additional Terms.
-
- "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law. If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
- When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it. (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.) You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
- Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
- a) Disclaiming warranty or limiting liability differently from the
- terms of sections 15 and 16 of this License; or
-
- b) Requiring preservation of specified reasonable legal notices or
- author attributions in that material or in the Appropriate Legal
- Notices displayed by works containing it; or
-
- c) Prohibiting misrepresentation of the origin of that material, or
- requiring that modified versions of such material be marked in
- reasonable ways as different from the original version; or
-
- d) Limiting the use for publicity purposes of names of licensors or
- authors of the material; or
-
- e) Declining to grant rights under trademark law for use of some
- trade names, trademarks, or service marks; or
-
- f) Requiring indemnification of licensors and authors of that
- material by anyone who conveys the material (or modified versions of
- it) with contractual assumptions of liability to the recipient, for
- any liability that these contractual assumptions directly impose on
- those licensors and authors.
-
- All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10. If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term. If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
- If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
- Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
- 8. Termination.
-
- You may not propagate or modify a covered work except as expressly
-provided under this License. Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
- However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
- Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
- Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License. If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
- 9. Acceptance Not Required for Having Copies.
-
- You are not required to accept this License in order to receive or
-run a copy of the Program. Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance. However,
-nothing other than this License grants you permission to propagate or
-modify any covered work. These actions infringe copyright if you do
-not accept this License. Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
- 10. Automatic Licensing of Downstream Recipients.
-
- Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License. You are not responsible
-for enforcing compliance by third parties with this License.
-
- An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations. If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
- You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License. For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
- 11. Patents.
-
- A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based. The
-work thus licensed is called the contributor's "contributor version".
-
- A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version. For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
- Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
- In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement). To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
- If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients. "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
- If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
- A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License. You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
- Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
- 12. No Surrender of Others' Freedom.
-
- If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all. For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
- 13. Use with the GNU Affero General Public License.
-
- Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work. The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
- 14. Revised Versions of this License.
-
- The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
- Each version is given a distinguishing version number. If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation. If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
- If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
- Later license versions may give you additional or different
-permissions. However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
- 15. Disclaimer of Warranty.
-
- THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. Limitation of Liability.
-
- IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
- 17. Interpretation of Sections 15 and 16.
-
- If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
-
- If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
- To do so, attach the following notices to the program. It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
- <one line to give the program's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
- If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
- <program> Copyright (C) <year> <name of author>
- This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
- This is free software, and you are welcome to redistribute it
- under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License. Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
- You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
- The GNU General Public License does not permit incorporating your program
-into proprietary programs. If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library. If this is what you want to do, use the GNU Lesser General
-Public License instead of this License. But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
-
-****************************************************************************/
-
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * We want the copyright string to be accessable to the unix strings command
- * in the final linked binary, and we don't want the linker to remove it if
- * it's not referenced, so we do that by using the volatile qualifier.
- *
- * ANSI C standard, section 3.5.3: "An object that has volatile-qualified
- * type may be modified in ways unknown to the implementation or have
- * other unknown side effects." Yes, we can't expect a compiler to
- * understand law...
- */
-extern volatile const char bnCopyright[];
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef PPCASM_H
-#define PPCASM_H
-/*
- * A PowerPC assembler in the C preprocessor.
- * This assumes that ints are 32 bits, and uses them for the values.
- *
- * An assembly-language routine is simply an array of unsigned ints,
- * initialized with the macros defined here.
- *
- * In the PowerPC, a generic function pointer does *not* point to the
- * first word of code, but to a two (or possibly more) word "transition
- * vector." The first word of the TV points to the function's code.
- * The second word is the function's TOC (Table Of Contents) pointer,
- * which is loaded into r2. The function's global variables are
- * accessed via the TOC pointed to by r2. TOC pointers are changed,
- * for example, when a dynamically linked library is called, so the
- * library can have private global variables.
- *
- * Saving r2 and reloading r2 each function call is a hassle that
- * I'd really rather avoid, since a lot of useful assembly language routines
- * can be written without global variables at all, so they don't need a TOC
- * pointer. But I haven't figured out how to persuade CodeWarrior 7 to
- * generate an intra-TOC call to an array. (CodeWarrior 8 supports
- * PowerPC asm, which obviates the need to do the cast-to-function-pointer
- * trick, which obviates the need for cross-TOC calls.)
- *
- * The basic PowerPC calling conventions for integers are:
- * r0 - scratch. May be modified by function calls.
- * r1 - stack pointer. Must be preserved across function calls.
- * See IMPORTANT notes on stack frame format below.
- * This must *ALWAYS*, at every instruction boundary, be 16-byte
- * aligned and point to a valid stack frame. If a procedure
- * needs to create a stack frame, the recommended way is to do:
- * stwu r1,-frame_size(r1)
- * and on exit, recover with one of:
- * addi r1,r1,frame_size, OR
- * lwz r1,0(r1)
- * r2 - TOC pointer. Points to the current table of contents.
- * Must be preserved across function calls.
- * r3 - First argument register and return value register.
- * Arguments are passed in r3 through r10, and values returned in
- * r3 through r6, as needed. (Usually only r3 for single word.)
- * r4-r10 - More argument registers
- * r11 - Scratch, may be modified by function calls.
- * On entry to indirect function calls, this points to the
- * transition vector, and additional words may be loaded
- * at offsets from it. Some conventions use r12 instead.
- * r12 - Scratch, may be modified by function calls.
- * r13-r31 - Callee-save registers, may not be modified by function
- * calls.
- * The LR, CTR and XER may be modified by function calls, as may the MQ
- * register, on those processors for which it is implemented.
- * CR fields 0, 1, 5, 6 and 7 are scratch and may be modified by function
- * calls. CR fields 2, 3 and 4 must be preserved across function calls.
- *
- * Stack frame format - READ
- *
- * r1 points to a stack frame, which must *ALWAYS*, meaning after each and
- * every instruction, without excpetion, point to a valid 16-byte-aligned
- * stack frame, defined as follows:
- * - The 296 bytes below r1 (from -296(r1) to -1(r1)) are the so-called Red
- * Zone reserved for leaf procedures, which may use it without allocating
- * a stack frame and without decrementing r1. The size comes from the room
- * needed to store all the callee-save registers: 19 64-bit integer registers
- * and 18 64-bit floating-point registers. (18+19)*8 = 296. So any
- * procedure can save all the registers it needs to save before creating
- * a stack frame and moving r1.
- * The bytes at -297(r1) and below may be used by interrupt and exception
- * handlers *at any time*. Anything placed there may disappear before
- * the next instruction.
- * The word at 0(r1) is the previous r1, and so on in a linked list.
- * This is the minimum needed to be a valid stack frame, but some other
- * offsets from r1 are preallocated by the calling procedure for the called
- * procedure's use. These are:
- * Offset 0: Link to previous stack frame - saved r1, if the called
- * procedure alters it.
- * Offset 4: Saved CR, if the called procedure alters the callee-save
- * fields. There's no important reason to save it here,
- * but the space is reserved and you might as well use it
- * for its intended purpose unless you have good reason to
- * do otherwise. (This may help some debuggers.)
- * Offset 8: Saved LR, if the called procedure needs to save it for
- * later function return. Saving the LR here helps a debugger
- * track the chain of return addresses on the stack.
- * Note that a called procedure does not need to preserve the
- * LR for it's caller's sake, but it uually wants to preserve
- * the value for its own sake until it finishes and it's
- * time to return. At that point, this is usually loaded
- * back into the LR and the branch accomplished with BLR.
- * However, if you want to be preverse, you could load it
- * into the CTR and use BCTR instead.
- * Offset 12: Reserved to compiler. I can't find what this is for.
- * Offset 16: Reserved to compiler. I can't find what this is for.
- * Offset 20: Saved TOC pointer. In a cross-TOC call, the old TOC (r2)
- * is saved here before r2 is loaded with the new TOC value.
- * Again, it's not important to use this slot for this, but
- * you might as well.
- * Beginning at offset 24 is the argument area. This area is at least 8 words
- * (32 bytes; I don't know what happens with 64 bits) long, and may be longer,
- * up to the length of the longest argument list in a function called by
- * the function which allocated this stack frame. Generally, arguments
- * to functions are passed in registers, but if those functions notice
- * the address of the arguments being taken, the registers are stored
- * into the space reserved for them in this area and then used from memory.
- * Additional arguments that will not fit into registers are also stored
- * here. Variadic functions (like printf) generally start by saving
- * all the integer argument registers from the "..." onwards to this space.
- * For that reason, the space must be large enough to store all the argument
- * registers, even if they're never used.
- * (It could probably be safely shrunk if you're not calling any variadic
- * functions, but be careful!)
- *
- * Offsets above that are private to the calling function and shouldn't
- * be messed with. Generally, what appears there is locals, then saved
- * registers.
- *
- *
- * The floating-point instruction set isn't implemented yet (I'm too
- * lazy, as I don't need it yet), but for when it is, the register
- * usage convention is:
- * FPSCR - Scratch, except for floating point exception enable fields,
- * which should only be modified by functions defined to do so.
- * fr0 - scratch
- * fr1 - first floating point parameter and return value, scratch
- * fr2 - second floating point parameter and return value (if needed), scratch
- * fr3 - third floating point parameter and return value (if needed), scratch
- * fr4 - fourth floating point parameter and return value (if needed), scratch
- * fr5-fr13 - More floating point argument registers, scratch
- * fr14-fr31 - Callee-save registers, may not be modified across a function call
- *
- * Complex values store the real part in the lower-numberd register of a pair.
- * When mixing floating-point and integer arguments, reserve space (one register
- * for single-precision, two for double-precision values) in the integer
- * argument list for the floating-point values. Those integer registers
- * generally have undefined values, UNLESS there is no prototype for the call,
- * in which case they should contain a copy of the floating-point value's
- * bit pattern to cope with wierd software.
- * If the floating point arguments go past the end of the integer registers,
- * they are stored in the argument area as well as being passed in here.
- *
- * After the argument area comes the calling function's private storage.
- * Typically, there are locals, followed by saved GP rgisters, followed
- * by saved FP registers.
- *
- * Suggested instruction for allocating a stack frame:
- * stwu r1,-frame_size(r1)
- * Suggested instructions for deallocating a stack frame:
- * addi r1,r1,frame_size
- * or
- * lwz r1,0(r1)
- * If frame_size is too big, you'll have to load the offset into a temp
- * register, but be sure that r1 is updated atomically.
- *
- *
- * Basic PowerPC instructions look like this:
- *
- * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | | | | | | | | | | | | | | | | | | | | | | | | | | |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * Branch instructions look like this:
- *
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | Branch offset |A|L|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * The L, or LK, or Link bit indicates that the return address for the
- * branch should be copied to the link register (LR).
- * The A, or AA, or absolute address bit, indicates that the address
- * of the current instruction (NOTE: not next instruction!) should NOT
- * be added to the branch offset; it is relative to address 0.
- *
- * Conditional branches looks like this:
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | BO | BI | Branch offset |A|L|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * The BI field specifies the condition bit of interest (from the CR).
- * The BO field specifies what's interesting. You can branch on a
- * combination of a bit of the condition register and --ctr, the CTR
- * register. Two bits encode the branch condition to use:
- * BRANCH IF
- * 00--- = Bit BI is 0
- * 01--- = Bit BI is 1
- * 1z--- = don't care about bit BI (always true)
- * AND
- * --00- = --ctr != 0
- * --01- = --ctr == 0
- * --1z- = don't decrement ctr (always true)
- * The last bit us used as a branch prediction bit. If set, it reverses
- * the usual backward-branch-taken heuristic.
- *
- * y = branch prediction bit. z = unused, must be 0
- * 0000y - branch if --ctr != 0 && BI == 0
- * don't branch if --ctr == 0 || BI != 0
- * 0001y - branch if --ctr == 0 && BI == 0
- * don't branch if --ctr != 0 || BI != 0
- * 001zy - branch if BI == 0
- * don't branch if BI != 0
- * 0100y - branch if --ctr != 0 && BI != 0
- * don't branch if --ctr == 0 || BI == 0
- * 0101y - branch if --ctr == 0 && BI != 0
- * don't branch if --ctr != 0 || BI == 0
- * 011zy - branch if BI != 0
- * don't branch if BI == 0
- * 1z00y - branch if --ctr != 0
- * don't branch if --ctr == 0
- * 1z01y - branch if --ctr == 0
- * don't branch if --ctr != 0
- * 1z1zz - branch always
- * If y is 1, the usual branch prediction (usually not taken, taken for
- * backwards branches with immediate offsets) is reversed.
- *
- * Instructions with 2 operands and a 16-bit immediate field look like this:
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | D | A | 16-bit immediate value |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * Now, there are three variations of note. In some instructions, the 16-bit
- * value is sign-extended. In others, it's zero-extended. These are noted
- * below as "simm" (signed immediate) and "uimm", respectively. Also, which
- * field is the destination and which is the source sometimes switches.
- * Sometimes it's d = a OP imm, and sometimes it's a = s OP imm. In the
- * latter cases, the "d" field is referred to as "s" ("source" instead of
- * "destination". These are logical and shift instructions. (Store also
- * refers to the s register, but that's the source of the value to be stored.)
- * The assembly mnemonics, however, always lists the destination first,
- * swapping the order in the instruction if necessary.
- * Third, quite often, if r0 is specified for the source a, then the constant
- * value 0 is used instead. Thus, r0 is of limited use - it can be used for
- * some things, but not all.
- *
- * Instructions with three register operands look like this:
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | D | A | B | Subopcode |C|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * For most of the instructions of interest the Opcode is 31 and the subopcode
- * determines what the instruction does. For a few instructions (mostly loads
- * and stores), if the A field is 0, the constant 0 is used. The "C"
- * bit (also known as the "RC" bit) controls whether or not the condition
- * codes are updated. If it is set (indicated by a "." suffix on the official
- * PowerPC opcodes, and a "_" suffix on these macros), condition code register
- * field 0 (for integer instructions; field 1 for floating point) is updated
- * to reflect the result of the operation.
- * Some arithmetic instructions use the most significant bit of the subopcode
- * field as an overflow enable bit (o suffix).
- *
- * Then there are the rotate and mask instructions, which have 5 operands, and
- * fill the subopcode field with 2 more 5-bit fields. See below for them.
- *
- * NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE
- * These macros fully parenthesize their arguments, but are not themselves
- * fully parenthesized. They are intended to be used for initializer lists,
- * and if you want to do tricks with their numeric values, wrap them in
- * parentheses.
- */
-
-#define PPC_MAJOR(x) ((x)<<26) /* Major opcode (0..63) */
-#define PPC_MINOR(x) ((x)<<1) /* Minor opcode (0..1023) */
-#define PPC_RC 1 /* Record carry (. suffix, represented as _) */
-#define PPC_OE 1024 /* Overflow enable (o suffix) */
-#define PPC_DEST(reg) ((reg)<<21) /* Dest register field */
-#define PPC_SRCA(reg) ((reg)<<16) /* First source register field */
-#define PPC_SRCB(reg) ((reg)<<11) /* Second source register field */
-#define PPC_AA 2 /* Branch is absolute, relative to address 0 */
-#define PPC_LK 1 /* Branch with link (L suffix) */
-
-/* Unconditional branch (dest is 26 bits, +/- 2^25 bytes) */
-#define PPC_B(dest) PPC_MAJOR(18)|(((dest)<<2) & 0x03fffffc)
-#define PPC_BA(dest) PPC_B(dest)|PPC_AA
-#define PPC_BL(dest) PPC_B(dest)|PPC_LK
-#define PPC_BLA(dest) PPC_B(dest)|PPC_AA|PPC_LK
-
-/* Three-operand instructions */
-#define PPC_TYPE31(minor,d,a,b) \
- PPC_MAJOR(31)|PPC_DEST(d)|PPC_SRCA(a)|PPC_SRCB(b)|PPC_MINOR(minor)
-#define PPC_ADD(d,a,b) PPC_TYPE31(266,d,a,b)
-#define PPC_ADD_(d,a,b) PPC_TYPE31(266,d,a,b)|PPC_RC
-#define PPC_ADDO(d,a,b) PPC_TYPE31(266,d,a,b)|PPC_OE
-#define PPC_ADDO_(d,a,b) PPC_TYPE31(266,d,a,b)|PPC_OE|PPC_RC
-#define PPC_ADDC(d,a,b) PPC_TYPE31(10,d,a,b)
-#define PPC_ADDC_(d,a,b) PPC_TYPE31(10,d,a,b)|PPC_RC
-#define PPC_ADDCO(d,a,b) PPC_TYPE31(10,d,a,b)|PPC_OE
-#define PPC_ADDCO_(d,a,b) PPC_TYPE31(10,d,a,b)|PPC_OE|PPC_RC
-#define PPC_ADDE(d,a,b) PPC_TYPE31(138,d,a,b)
-#define PPC_ADDE_(d,a,b) PPC_TYPE31(138,d,a,b)|PPC_RC
-#define PPC_ADDEO(d,a,b) PPC_TYPE31(138,d,a,b)|PPC_OE
-#define PPC_ADDEO_(d,a,b) PPC_TYPE31(138,d,a,b)|PPC_OE|PPC_RC
-#define PPC_ADDME(d,a) PPC_TYPE31(234,d,a,0)
-#define PPC_ADDME_(d,a) PPC_TYPE31(234,d,a,0)|PPC_RC
-#define PPC_ADDMEO(d,a) PPC_TYPE31(234,d,a,0)|PPC_OE
-#define PPC_ADDMEO_(d,a) PPC_TYPE31(234,d,a,0)|PPC_OE|PPC_RC
-#define PPC_ADDZE(d,a) PPC_TYPE31(202,d,a,0)
-#define PPC_ADDZE_(d,a) PPC_TYPE31(202,d,a,0)|PPC_RC
-#define PPC_ADDZEO(d,a) PPC_TYPE31(202,d,a,0)|PPC_OE
-#define PPC_ADDZEO_(d,a) PPC_TYPE31(202,d,a,0)|PPC_OE|PPC_RC
-#define PPC_AND(a,s,b) PPC_TYPE31(28,s,a,b)
-#define PPC_AND_(a,s,b) PPC_TYPE31(28,s,a,b)|PPC_RC
-#define PPC_ANDC(a,s,b) PPC_TYPE31(60,s,a,b)
-#define PPC_ANDC_(a,s,b) PPC_TYPE31(60,s,a,b)|PPC_RC
-#define PPC_CMP(cr,a,b) PPC_TYPE31(0,(cr)<<2,a,b)
-#define PPC_CMPL(cr,a,b) PPC_TYPE31(32,(cr)<<2,a,b)
-#define PPC_CNTLZW(a,s) PPC_TYPE31(26,s,a,0)
-#define PPC_CNTLZW_(a,s) PPC_TYPE31(26,s,a,0)|PPC_RC
-#define PPC_DCBF(a,b) PPC_TYPE31(86,0,a,b)
-#define PPC_DCBI(a,b) PPC_TYPE31(470,0,a,b)
-#define PPC_DCBST(a,b) PPC_TYPE31(54,0,a,b)
-#define PPC_DCBT(a,b) PPC_TYPE31(278,0,a,b)
-#define PPC_DCBTST(a,b) PPC_TYPE31(246,0,a,b)
-#define PPC_DCBZ(a,b) PPC_TYPE31(1014,0,a,b)
-#define PPC_DIVW(d,a,b) PPC_TYPE31(491,d,a,b)
-#define PPC_DIVW_(d,a,b) PPC_TYPE31(491,d,a,b)|PPC_RC
-#define PPC_DIVWO(d,a,b) PPC_TYPE31(491,d,a,b)|PPC_OE
-#define PPC_DIVWO_(d,a,b) PPC_TYPE31(491,d,a,b)|PPC_OE|PPC_RC
-#define PPC_DIVWU(d,a,b) PPC_TYPE31(459,d,a,b)
-#define PPC_DIVWU_(d,a,b) PPC_TYPE31(459,d,a,b)|PPC_RC
-#define PPC_DIVWUO(d,a,b) PPC_TYPE31(459,d,a,b)|PPC_OE
-#define PPC_DIVWUO_(d,a,b) PPC_TYPE31(459,d,a,b)|PPC_OE|PPC_RC
-#define PPC_EIEIO() PPC_TYPE31(854,0,0,0)
-#define PPC_EQV(a,s,b) PPC_TYPE31(284,s,a,b)
-#define PPC_EQV_(a,s,b) PPC_TYPE31(284,s,a,b)|PPC_RC
-#define PPC_EXTSB(a,s,b) PPC_TYPE31(954,s,a,b)
-#define PPC_EXTSB_(a,s,b) PPC_TYPE31(954,s,a,b)|PPC_RC
-#define PPC_EXTSH(a,s,b) PPC_TYPE31(922,s,a,b)
-#define PPC_EXTSH_(a,s,b) PPC_TYPE31(922,s,a,b)|PPC_RC
-#define PPC_ICBI(a,b) PPC_TYPE31(982,0,a,b)
-#define PPC_ISYNC() PPC_TYPE31(150,0,0,0)
-#define PPC_LBZUX(d,a,b) PPC_TYPE31(119,d,a,b)
-#define PPC_LBZX(d,a,b) PPC_TYPE31(87,d,a,b)
-#define PPC_LHAUX(d,a,b) PPC_TYPE31(375,d,a,b)
-#define PPC_LHAX(d,a,b) PPC_TYPE31(343,d,a,b)
-#define PPC_LHBRX(d,a,b) PPC_TYPE31(790,d,a,b)
-#define PPC_LHZUX(d,a,b) PPC_TYPE31(311,d,a,b)
-#define PPC_LHZX(d,a,b) PPC_TYPE31(279,d,a,b)
-#define PPC_LSWI(d,a,nb) PPC_TYPE31(597,d,a,nb)
-#define PPC_LSWX(d,a,b) PPC_TYPE31(533,d,a,b)
-#define PPC_LSARX(d,a,b) PPC_TYPE31(20,d,a,b)
-#define PPC_LSBRX(d,a,b) PPC_TYPE31(534,d,a,b)
-#define PPC_MCRXR(crd) PPC_TYPE31(512,(crd)<<2,0,0)
-#define PPC_MFCR(d) PPC_TYPE31(19,d,0,0)
-#define PPC_MFSPR(d,spr) PPC_TYPE31(339,d,(spr)&31,(spr)>>5)
-#define PPC_MFTB(d) PPC_TYPE31(371,d,12,8)
-#define PPC_MFTBU(d) PPC_TYPE31(371,d,13,8)
-#define PPC_MTCRF(mask,s) PPC_TYPE31(144,s,0,(mask)&0xff)
-#define PPC_MTSPR(s,spr) PPC_TYPE31(467,s,(spr)&31,(spr)>>5)
-#define PPC_MULHW(d,a,b) PPC_TYPE31(75,d,a,b)
-#define PPC_MULHW_(d,a,b) PPC_TYPE31(75,d,a,b)|PPC_RC
-#define PPC_MULHWU(d,a,b) PPC_TYPE31(11,d,a,b)
-#define PPC_MULHWU_(d,a,b) PPC_TYPE31(11,d,a,b)|PPC_RC
-#define PPC_MULLW(d,a,b) PPC_TYPE31(235,d,a,b)
-#define PPC_MULLW_(d,a,b) PPC_TYPE31(235,d,a,b)|PPC_RC
-#define PPC_MULLWO(d,a,b) PPC_TYPE31(235,d,a,b)|PPC_OE
-#define PPC_MULLWO_(d,a,b) PPC_TYPE31(235,d,a,b)|PPC_OE|PPC_RC
-#define PPC_NAND(a,s,b) PPC_TYPE31(476,s,a,b)
-#define PPC_NAND_(a,s,b) PPC_TYPE31(476,s,a,b)|PPC_RC
-#define PPC_NEG(d,a) PPC_TYPE31(104,d,a,b)
-#define PPC_NEG_(d,a) PPC_TYPE31(104,d,a,b)|PPC_RC
-#define PPC_NEGO(d,a) PPC_TYPE31(104,d,a,b)|PPC_OE
-#define PPC_NEGO_(d,a) PPC_TYPE31(104,d,a,b)|PPC_OE|PPC_RC
-#define PPC_NOR(a,s,b) PPC_TYPE31(124,s,a,b)
-#define PPC_NOR_(a,s,b) PPC_TYPE31(124,s,a,b)|PPC_RC
-#define PPC_OR(a,s,b) PPC_TYPE31(444,s,a,b)
-#define PPC_OR_(a,s,b) PPC_TYPE31(444,s,a,b)|PPC_RC
-#define PPC_ORC(a,s,b) PPC_TYPE31(412,s,a,b)
-#define PPC_ORC_(a,s,b) PPC_TYPE31(412,s,a,b)|PPC_RC
-#define PPC_SLW(a,s,b) PPC_TYPE31(24,s,a,b)
-#define PPC_SLW_(a,s,b) PPC_TYPE31(24,s,a,b)|PPC_RC
-#define PPC_SRAW(a,s,b) PPC_TYPE31(792,s,a,b)
-#define PPC_SRAW_(a,s,b) PPC_TYPE31(792,s,a,b)|PPC_RC
-#define PPC_SRAWI(a,s,sh) PPC_TYPE31(824,s,a,sh)
-#define PPC_SRAWI_(a,s,sh) PPC_TYPE31(824,s,a,sh)|PPC_RC
-#define PPC_SRW(a,s,b) PPC_TYPE31(536,s,a,b)
-#define PPC_SRW_(a,s,b) PPC_TYPE31(536,s,a,b)|PPC_RC
-#define PPC_STBUX(s,a,b) PPC_TYPE31(247,s,a,b)
-#define PPC_STBX(s,a,b) PPC_TYPE31(215,s,a,b)
-#define PPC_STHBRX(s,a,b) PPC_TYPE31(918,s,a,b)
-#define PPC_STHUX(s,a,b) PPC_TYPE31(439,s,a,b)
-#define PPC_STHX(s,a,b) PPC_TYPE31(407,s,a,b)
-#define PPC_STSWI(s,a,nb) PPC_TYPE31(725,s,a,nb)
-#define PPC_STSWX(s,a,b) PPC_TYPE31(661,s,a,b)
-#define PPC_STWBRX(s,a,b) PPC_TYPE31(662,s,a,b)
-#define PPC_STWCX_(s,a,b) PPC_TYPE31(150,s,a,b)|PPC_RC
-#define PPC_STWUX(s,a,b) PPC_TYPE31(183,s,a,b)
-#define PPC_STWX(s,a,b) PPC_TYPE31(151,s,a,b)
-#define PPC_SUBF(d,a,b) PPC_TYPE31(40,d,a,b)
-#define PPC_SUBF_(d,a,b) PPC_TYPE31(40,d,a,b)|PPC_RC
-#define PPC_SUBFO(d,a,b) PPC_TYPE31(40,d,a,b)|PPC_OE
-#define PPC_SUBFO_(d,a,b) PPC_TYPE31(40,d,a,b)|PPC_OE|PPC_RC
-#define PPC_SUB(d,b,a) PPC_SUBF(d,a,b)
-#define PPC_SUB_(d,b,a) PPC_SUBF_(d,a,b)
-#define PPC_SUBO(d,b,a) PPC_SUBFO(d,a,b)
-#define PPC_SUBO_(d,b,a) PPC_SUBFO_(d,a,b)
-#define PPC_SUBFC(d,a,b) PPC_TYPE31(8,d,a,b)
-#define PPC_SUBFC_(d,a,b) PPC_TYPE31(8,d,a,b)|PPC_RC
-#define PPC_SUBFCO(d,a,b) PPC_TYPE31(8,d,a,b)|PPC_OE
-#define PPC_SUBFCO_(d,a,b) PPC_TYPE31(8,d,a,b)|PPC_OE|PPC_RC
-#define PPC_SUBFE(d,a,b) PPC_TYPE31(136,d,a,b)
-#define PPC_SUBFE_(d,a,b) PPC_TYPE31(136,d,a,b)|PPC_RC
-#define PPC_SUBFEO(d,a,b) PPC_TYPE31(136,d,a,b)|PPC_OE
-#define PPC_SUBFEO_(d,a,b) PPC_TYPE31(136,d,a,b)|PPC_OE|PPC_RC
-#define PPC_SUBFME(d,a) PPC_TYPE31(232,d,a,0)
-#define PPC_SUBFME_(d,a) PPC_TYPE31(232,d,a,0)|PPC_RC
-#define PPC_SUBFMEO(d,a) PPC_TYPE31(232,d,a,0)|PPC_OE
-#define PPC_SUBFMEO_(d,a) PPC_TYPE31(232,d,a,0)|PPC_OE|PPC_RC
-#define PPC_SUBFZE(d,a) PPC_TYPE31(200,d,a,0)
-#define PPC_SUBFZE_(d,a) PPC_TYPE31(200,d,a,0)|PPC_RC
-#define PPC_SUBFZEO(d,a) PPC_TYPE31(200,d,a,0)|PPC_OE
-#define PPC_SUBFZEO_(d,a) PPC_TYPE31(200,d,a,0)|PPC_OE|PPC_RC
-#define PPC_SYNC() PPC_TYPE31(598,0,0,0)
-#define PPC_TW(to,a,b) PPC_TYPE31(4,to,a,b)
-#define PPC_XOR(a,s,b) PPC_TYPE31(316,s,a,b)
-
-/* Immediate-operand instructions. Take a 16-bit immediate operand */
-#define PPC_IMM(major,d,a,imm) \
- PPC_MAJOR(major)|PPC_DEST(d)|PPC_SRCA(a)|((imm)&0xffff)
-/* Trap word immediate */
-#define PPV_TWI(to,a,simm) PPC_IMM(3,to,a,simm)
-/* Integer arithmetic */
-#define PPC_MULLI(d,a,simm) PPC_IMM(7,d,a,simm)
-#define PPC_SUBFIC(s,a,simm) PPC_IMM(8,s,a,simm)
-#define PPC_CMPLI(cr,a,uimm) PPC_IMM(10,(cr)<<2,a,uimm)
-#define PPC_CMPI(cr,a,simm) PPC_IMM(11,(cr)<<2,a,simm)
-#define PPC_ADDIC(d,a,simm) PPC_IMM(12,d,a,simm)
-#define PPC_ADDIC_(d,a,simm) PPC_IMM(13,d,a,simm)
-#define PPC_ADDI(d,a,simm) PPC_IMM(14,d,a,simm)
-#define PPC_ADDIS(d,a,simm) PPC_IMM(15,d,a,simm)
-
-/* Conditional branch (dest is 16 bits, +/- 2^15 bytes) */
-#define PPC_BC(bo,bi,dest) PPC_IMM(16,bo,bi,((dest)<<2)&0xfffc)
-#define PPC_BCA(bo,bi,dest) PPC_BC(bo,bi,dest)|PPC_AA
-#define PPC_BCL(bo,bi,dest) PPC_BC(bo,bi,dest)|PPC_LK
-#define PPC_BCLA(bo,bi,dest) PPC_BC(bo,bi,dest)|PPC_AA|PPC_LK
-
-/* Logical operations */
-#define PPC_ORI(a,s,uimm) PPC_IMM(24,s,a,uimm)
-#define PPC_ORIS(a,s,uimm) PPC_IMM(25,s,a,uimm)
-#define PPC_XORI(a,s,uimm) PPC_IMM(26,s,a,uimm)
-#define PPC_XORIS(a,s,uimm) PPC_IMM(27,s,a,uimm)
-#define PPC_ANDI_(a,s,uimm) PPC_IMM(28,s,a,uimm)
-#define PPC_ANDIS(a,s,uimm) PPC_IMM(29,s,a,uimm)
-
-/* Load/store */
-#define PPC_LWZ(d,a,simm) PPC_IMM(32,d,a,simm)
-#define PPC_LWZU(d,a,simm) PPC_IMM(33,d,a,simm)
-#define PPC_LBZ(d,a,simm) PPC_IMM(34,d,a,simm)
-#define PPC_LBZU(d,a,simm) PPC_IMM(35,d,a,simm)
-#define PPC_STW(s,a,simm) PPC_IMM(36,s,a,simm)
-#define PPC_STWU(s,a,simm) PPC_IMM(37,s,a,simm)
-#define PPC_STB(s,a,simm) PPC_IMM(38,s,a,simm)
-#define PPC_STBU(s,a,simm) PPC_IMM(39,s,a,simm)
-#define PPC_LHZ(d,a,simm) PPC_IMM(40,d,a,simm)
-#define PPC_LHZU(d,a,simm) PPC_IMM(41,d,a,simm)
-#define PPC_LHA(d,a,simm) PPC_IMM(42,d,a,simm)
-#define PPC_STH(s,a,simm) PPC_IMM(44,s,a,simm)
-#define PPC_STHU(s,a,simm) PPC_IMM(45,s,a,simm)
-#define PPC_LHAU(d,a,simm) PPC_IMM(43,d,a,simm)
-#define PPC_LMW(d,a,simm) PPC_IMM(46,d,a,simm)
-#define PPC_STMW(s,a,simm) PPC_IMM(47,s,a,simm)
-
-/* Major number = 19 - condition register operations. d, a and b are CR bits */
-#define PPC_TYPE19(minor,d,a,b) \
- PPC_MAJOR(19)|PPC_DEST(d)|PPC_SRCA(a)|PPC_SRCB(b)|PPC_MINOR(minor)
-#define PPC_MCRF(d,s) PPC_TYPE19(0,(d)<<2,(s)<<2,0)
-#define PPC_CRNOR(d,a,b) PPC_TYPE19(33,d,a,b)
-#define PPC_CRANDC(d,a,b) PPC_TYPE19(129,d,a,b)
-#define PPC_CRXOR(d,a,b) PPC_TYPE19(193,d,a,b)
-#define PPC_CRNAND(d,a,b) PPC_TYPE19(225,d,a,b)
-#define PPC_CRAND(d,a,b) PPC_TYPE19(257,d,a,b)
-#define PPC_CREQV(d,a,b) PPC_TYPE19(289,d,a,b)
-#define PPC_CRORC(d,a,b) PPC_TYPE19(417,d,a,b)
-#define PPC_CROR(d,a,b) PPC_TYPE19(449,d,a,b)
-
-/* Indirect conditional branch */
-#define PPC_BCLR(bo,bi) PPC_TYPE19(16,bo,bi,0)
-#define PPC_BCLRL(bo,bi) PPC_TYPE19(16,bo,bi,0)|PPC_LK
-#define PPC_BCCTR(bo,bi) PPC_TYPE19(528,bo,bi,0)
-#define PPC_BCCTRL(bo,bi) PPC_TYPE19(528,bo,bi,0)|PPC_LK
-#define PPC_BLR() PPC_BCLR(20,31)
-#define PPC_BCTR() PPC_BCCTR(20,31)
-
-/* Other */
-#define PPC_RLWIMI(a,s,sh,mb,me) \
- PPC_MAJOR(20)|PPC_DEST(s)|PPC_SRCA(A)|PPC_SRCB(sh)|(mb)<<6|(me)<<1
-#define PPC_RLWIMI_(a,s,sh,mb,me) PPC_RLWIMI(a,s,sh,mb,me)|PPC_RC
-#define PPC_RLWINM(a,s,sh,mb,me) \
- PPC_MAJOR(21)|PPC_DEST(s)|PPC_SRCA(A)|PPC_SRCB(sh)|(mb)<<6|(me)<<1
-#define PPC_RLWINM_(a,s,sh,mb,me) PPC_RLWINM(a,s,sh,mb,me)|PPC_RC
-#define PPC_RLWNM(a,s,b,mb,me) \
- PPC_MAJOR(23)|PPC_DEST(s)|PPC_SRCA(A)|PPC_SRCB(b)|(mb)<<6|(me)<<1
-#define PPC_RLWNM_(a,s,b,mb,me) PPC_RLWNM(a,s,b,mb,me)|PPC_RC
-
-#define PPC_SC() PPC_MAJOR(17)|2
-/* Major number = 63 Floating-point operations (not implemented for now) */
-
-/* Simplified Mnemonics */
-/* Fabricate immediate subtract out of add negative */
-#define PPC_SUBI(d,a,simm) PPC_ADDI(d,a,-(simm))
-#define PPC_SUBIS(d,a,simm) PPC_ADDIS(d,a,-(simm))
-#define PPC_SUBIC(d,a,simm) PPC_ADDIC(d,a,-(simm))
-#define PPC_SUBIC_(d,a,simm) PPC_ADDIC_(d,a,-(simm))
-/* Fabricate subtract out of subtract from */
-#define PPC_SUBC(d,b,a) PPC_SUBFC(d,a,b)
-#define PPC_SUBC_(d,b,a) PPC_SUBFC_(d,a,b)
-#define PPC_SUBCO(d,b,a) PPC_SUBFCO(d,a,b)
-#define PPC_SUBCO_(d,b,a) PPC_SUBFCO_(d,a,b)
-/* Messy compare bits omitted */
-/* Shift and rotate omitted */
-/* Branch coding omitted */
-#define PPC_CRSET(d) PPC_CREQV(d,d,d)
-#define PPC_CRCLR(d) PPC_CRXOR(d,d,d)
-#define PPC_CRMOVE(d,s) PPC_CROR(d,s,s)
-#define PPC_CRNOT(d,s) PPC_CRNOR(d,s,s)
-/* Trap menmonics omitted */
-/* Menmonics for user-accessible SPRs */
-#define PPC_MFXER(d) PPC_MFSPR(d,1)
-#define PPC_MFLR(d) PPC_MFSPR(d,8)
-#define PPC_MFCTR(d) PPC_MFSPR(d,9)
-#define PPC_MTXER(s) PPC_MTSPR(s,1)
-#define PPC_MTLR(s) PPC_MTSPR(s,8)
-#define PPC_MTCTR(s) PPC_MTSPR(s,9)
-/* Recommended mnemonics */
-#define PPC_NOP() PPC_ORI(0,0,0)
-#define PPC_LI(d,simm) PPC_ADDI(d,0,simm)
-#define PPC_LIS(d,simm) PPC_ADDIS(d,0,simm)
-#define PPC_LA(d,a,simm) PPC_ADDI(d,a,simm)
-#define PPC_MR(d,s) PPC_OR(d,s,s)
-#define PPC_NOT(d,s) PPC_NOR(d,s,s)
-#define PPC_MTCR(s) PPC_MTCRF(0xff,s)
-
-#endif /* PPCASM_H */
-
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Prime generation using the bignum library and sieving.
- */
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#include <stdarg.h> /* We just can't live without this... */
-
-#ifndef BNDEBUG
-#define BNDEBUG 1
-#endif
-#if BNDEBUG
-#include <stdio.h>
-#endif
-
-#include "bn.h"
-#include "lbnmem.h"
-#include "prime.h"
-#include "sieve.h"
-
-#include "kludge.h"
-
-/* Size of the shuffle table */
-#define SHUFFLE 256
-/* Size of the sieve area */
-#define SIEVE 32768u/16
-
-/* Confirmation tests. The first one *must* be 2 */
-static unsigned const confirm[] = {2, 3, 5, 7, 11, 13, 17};
-#define CONFIRMTESTS (sizeof(confirm)/sizeof(*confirm))
-
-/*
- * Helper function that does the slow primality test.
- * bn is the input bignum; a and e are temporary buffers that are
- * allocated by the caller to save overhead.
- *
- * Returns 0 if prime, >0 if not prime, and -1 on error (out of memory).
- * If not prime, returns the number of modular exponentiations performed.
- * Calls the given progress function with a '*' for each primality test
- * that is passed.
- *
- * The testing consists of strong pseudoprimality tests, to the bases given
- * in the confirm[] array above. (Also called Miller-Rabin, although that's
- * not technically correct if we're using fixed bases.) Some people worry
- * that this might not be enough. Number theorists may wish to generate
- * primality proofs, but for random inputs, this returns non-primes with
- * a probability which is quite negligible, which is good enough.
- *
- * It has been proved (see Carl Pomerance, "On the Distribution of
- * Pseudoprimes", Math. Comp. v.37 (1981) pp. 587-593) that the number of
- * pseudoprimes (composite numbers that pass a Fermat test to the base 2)
- * less than x is bounded by:
- * exp(ln(x)^(5/14)) <= P_2(x) ### CHECK THIS FORMULA - it looks wrong! ###
- * P_2(x) <= x * exp(-1/2 * ln(x) * ln(ln(ln(x))) / ln(ln(x))).
- * Thus, the local density of Pseudoprimes near x is at most
- * exp(-1/2 * ln(x) * ln(ln(ln(x))) / ln(ln(x))), and at least
- * exp(ln(x)^(5/14) - ln(x)). Here are some values of this function
- * for various k-bit numbers x = 2^k:
- * Bits Density <= Bit equivalent Density >= Bit equivalent
- * 128 3.577869e-07 21.414396 4.202213e-37 120.840190
- * 192 4.175629e-10 31.157288 4.936250e-56 183.724558
- * 256 5.804314e-13 40.647940 4.977813e-75 246.829095
- * 384 1.578039e-18 59.136573 3.938861e-113 373.400096
- * 512 5.858255e-24 77.175803 2.563353e-151 500.253110
- * 768 1.489276e-34 112.370944 7.872825e-228 754.422724
- * 1024 6.633188e-45 146.757062 1.882404e-304 1008.953565
- *
- * As you can see, there's quite a bit of slop between these estimates.
- * In fact, the density of pseudoprimes is conjectured to be closer to the
- * square of that upper bound. E.g. the density of pseudoprimes of size
- * 256 is around 3 * 10^-27. The density of primes is very high, from
- * 0.005636 at 256 bits to 0.001409 at 1024 bits, i.e. more than 10^-3.
- *
- * For those people used to cryptographic levels of security where the
- * 56 bits of DES key space is too small because it's exhaustible with
- * custom hardware searching engines, note that you are not generating
- * 50,000,000 primes per second on each of 56,000 custom hardware chips
- * for several hours. The chances that another Dinosaur Killer asteroid
- * will land today is about 10^-11 or 2^-36, so it would be better to
- * spend your time worrying about *that*. Well, okay, there should be
- * some derating for the chance that astronomers haven't seen it yet,
- * but I think you get the idea. For a good feel about the probability
- * of various events, I have heard that a good book is by E'mile Borel,
- * "Les Probabilite's et la vie". (The 's are accents, not apostrophes.)
- *
- * For more on the subject, try "Finding Four Million Large Random Primes",
- * by Ronald Rivest, in Advancess in Cryptology: Proceedings of Crypto
- * '90. He used a small-divisor test, then a Fermat test to the base 2,
- * and then 8 iterations of a Miller-Rabin test. About 718 million random
- * 256-bit integers were generated, 43,741,404 passed the small divisor
- * test, 4,058,000 passed the Fermat test, and all 4,058,000 passed all
- * 8 iterations of the Miller-Rabin test, proving their primality beyond
- * most reasonable doubts.
- *
- * If the probability of getting a pseudoprime is some small p, then the
- * probability of not getting it in t trials is (1-p)^t. Remember that,
- * for small p, (1-p)^(1/p) ~ 1/e, the base of natural logarithms.
- * (This is more commonly expressed as e = lim_{x\to\infty} (1+1/x)^x.)
- * Thus, (1-p)^t ~ e^(-p*t) = exp(-p*t). So the odds of being able to
- * do this many tests without seeing a pseudoprime if you assume that
- * p = 10^-6 (one in a million) is one in 57.86. If you assume that
- * p = 2*10^-6, it's one in 3347.6. So it's implausible that the density
- * of pseudoprimes is much more than one millionth the density of primes.
- *
- * He also gives a theoretical argument that the chance of finding a
- * 256-bit non-prime which satisfies one Fermat test to the base 2 is
- * less than 10^-22. The small divisor test improves this number, and
- * if the numbers are 512 bits (as needed for a 1024-bit key) the odds
- * of failure shrink to about 10^-44. Thus, he concludes, for practical
- * purposes *one* Fermat test to the base 2 is sufficient.
- */
-static int
-primeTest(struct BigNum const *bn, struct BigNum *e, struct BigNum *a,
- int (*f)(void *arg, int c), void *arg)
-{
- unsigned i, j;
- unsigned k, l;
- int err;
-
-#if BNDEBUG /* Debugging */
- /*
- * This is debugging code to test the sieving stage.
- * If the sieving is wrong, it will let past numbers with
- * small divisors. The prime test here will still work, and
- * weed them out, but you'll be doing a lot more slow tests,
- * and presumably excluding from consideration some other numbers
- * which might be prime. This check just verifies that none
- * of the candidates have any small divisors. If this
- * code is enabled and never triggers, you can feel quite
- * confident that the sieving is doing its job.
- */
- i = bnLSWord(bn);
- if (!(i % 2)) printf("bn div by 2!");
- i = bnModQ(bn, 51051); /* 51051 = 3 * 7 * 11 * 13 * 17 */
- if (!(i % 3)) printf("bn div by 3!");
- if (!(i % 7)) printf("bn div by 7!");
- if (!(i % 11)) printf("bn div by 11!");
- if (!(i % 13)) printf("bn div by 13!");
- if (!(i % 17)) printf("bn div by 17!");
- i = bnModQ(bn, 63365); /* 63365 = 5 * 19 * 23 * 29 */
- if (!(i % 5)) printf("bn div by 5!");
- if (!(i % 19)) printf("bn div by 19!");
- if (!(i % 23)) printf("bn div by 23!");
- if (!(i % 29)) printf("bn div by 29!");
- i = bnModQ(bn, 47027); /* 47027 = 31 * 37 * 41 */
- if (!(i % 31)) printf("bn div by 31!");
- if (!(i % 37)) printf("bn div by 37!");
- if (!(i % 41)) printf("bn div by 41!");
-#endif
-
- /*
- * Now, check that bn is prime. If it passes to the base 2,
- * it's prime beyond all reasonable doubt, and everything else
- * is just gravy, but it gives people warm fuzzies to do it.
- *
- * This starts with verifying Euler's criterion for a base of 2.
- * This is the fastest pseudoprimality test that I know of,
- * saving a modular squaring over a Fermat test, as well as
- * being stronger. 7/8 of the time, it's as strong as a strong
- * pseudoprimality test, too. (The exception being when bn ==
- * 1 mod 8 and 2 is a quartic residue, i.e. bn is of the form
- * a^2 + (8*b)^2.) The precise series of tricks used here is
- * not documented anywhere, so here's an explanation.
- * Euler's criterion states that if p is prime then a^((p-1)/2)
- * is congruent to Jacobi(a,p), modulo p. Jacobi(a,p) is
- * a function which is +1 if a is a square modulo p, and -1 if
- * it is not. For a = 2, this is particularly simple. It's
- * +1 if p == +/-1 (mod 8), and -1 if m == +/-3 (mod 8).
- * If p == 3 mod 4, then all a strong test does is compute
- * 2^((p-1)/2). and see if it's +1 or -1. (Euler's criterion
- * says *which* it should be.) If p == 5 (mod 8), then
- * 2^((p-1)/2) is -1, so the initial step in a strong test,
- * looking at 2^((p-1)/4), is wasted - you're not going to
- * find a +/-1 before then if it *is* prime, and it shouldn't
- * have either of those values if it isn't. So don't bother.
- *
- * The remaining case is p == 1 (mod 8). In this case, we
- * expect 2^((p-1)/2) == 1 (mod p), so we expect that the
- * square root of this, 2^((p-1)/4), will be +/-1 (mod p).
- * Evaluating this saves us a modular squaring 1/4 of the time.
- * If it's -1, a strong pseudoprimality test would call p
- * prime as well. Only if the result is +1, indicating that
- * 2 is not only a quadratic residue, but a quartic one as well,
- * does a strong pseudoprimality test verify more things than
- * this test does. Good enough.
- *
- * We could back that down another step, looking at 2^((p-1)/8)
- * if there was a cheap way to determine if 2 were expected to
- * be a quartic residue or not. Dirichlet proved that 2 is
- * a quartic residue iff p is of the form a^2 + (8*b^2).
- * All primes == 1 (mod 4) can be expressed as a^2 + (2*b)^2,
- * but I see no cheap way to evaluate this condition.
- */
- if (bnCopy(e, bn) < 0)
- return -1;
- (void)bnSubQ(e, 1);
- l = bnLSWord(e);
-
- j = 1; /* Where to start in prime array for strong prime tests */
-
- if (l & 7) {
- bnRShift(e, 1);
- if (bnTwoExpMod(a, e, bn) < 0)
- return -1;
- if ((l & 7) == 6) {
- /* bn == 7 mod 8, expect +1 */
- if (bnBits(a) != 1)
- return 1; /* Not prime */
- k = 1;
- } else {
- /* bn == 3 or 5 mod 8, expect -1 == bn-1 */
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn) != 0)
- return 1; /* Not prime */
- k = 1;
- if (l & 4) {
- /* bn == 5 mod 8, make odd for strong tests */
- bnRShift(e, 1);
- k = 2;
- }
- }
- } else {
- /* bn == 1 mod 8, expect 2^((bn-1)/4) == +/-1 mod bn */
- bnRShift(e, 2);
- if (bnTwoExpMod(a, e, bn) < 0)
- return -1;
- if (bnBits(a) == 1) {
- j = 0; /* Re-do strong prime test to base 2 */
- } else {
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn) != 0)
- return 1; /* Not prime */
- }
- k = 2 + bnMakeOdd(e);
- }
- /* It's prime! Now go on to confirmation tests */
-
- /*
- * Now, e = (bn-1)/2^k is odd. k >= 1, and has a given value
- * with probability 2^-k, so its expected value is 2.
- * j = 1 in the usual case when the previous test was as good as
- * a strong prime test, but 1/8 of the time, j = 0 because
- * the strong prime test to the base 2 needs to be re-done.
- */
- for (i = j; i < CONFIRMTESTS; i++) {
- if (f && (err = f(arg, '*')) < 0)
- return err;
- (void)bnSetQ(a, confirm[i]);
- if (bnExpMod(a, a, e, bn) < 0)
- return -1;
- if (bnBits(a) == 1)
- continue; /* Passed this test */
-
- l = k;
- for (;;) {
- if (bnAddQ(a, 1) < 0)
- return -1;
- if (bnCmp(a, bn) == 0) /* Was result bn-1? */
- break; /* Prime */
- if (!--l) /* Reached end, not -1? luck? */
- return i+2-j; /* Failed, not prime */
- /* This portion is executed, on average, once. */
- (void)bnSubQ(a, 1); /* Put a back where it was. */
- if (bnSquare(a, a) < 0 || bnMod(a, a, bn) < 0)
- return -1;
- if (bnBits(a) == 1)
- return i+2-j; /* Failed, not prime */
- }
- /* It worked (to the base confirm[i]) */
- }
-
- /* Yes, we've decided that it's prime. */
- if (f && (err = f(arg, '*')) < 0)
- return err;
- return 0; /* Prime! */
-}
-
-/*
- * Add x*y to bn, which is usually (but not always) < 65536.
- * Do it in a simple linear manner.
- */
-static int
-bnAddMult(struct BigNum *bn, unsigned x, unsigned y)
-{
- unsigned long z = (unsigned long)x * y;
-
- while (z > 65535) {
- if (bnAddQ(bn, 65535) < 0)
- return -1;
- z -= 65535;
- }
- return bnAddQ(bn, (unsigned)z);
-}
-
-static int
-bnSubMult(struct BigNum *bn, unsigned x, unsigned y)
-{
- unsigned long z = (unsigned long)x * y;
-
- while (z > 65535) {
- if (bnSubQ(bn, 65535) < 0)
- return -1;
- z -= 65535;
- }
- return bnSubQ(bn, (unsigned)z);
-}
-
-/*
- * Modifies the bignum to return a nearby (slightly larger) number which
- * is a probable prime. Returns >=0 on success or -1 on failure (out of
- * memory). The return value is the number of unsuccessful modular
- * exponentiations performed. This never gives up searching.
- *
- * All other arguments are optional. They may be NULL. They are:
- *
- * unsigned (*rand)(unsigned limit)
- * For better distributed numbers, supply a non-null pointer to a
- * function which returns a random x, 0 <= x < limit. (It may make it
- * simpler to know that 0 < limit <= SHUFFLE, so you need at most a byte.)
- * The program generates a large window of sieve data and then does
- * pseudoprimality tests on the data. If a rand function is supplied,
- * the candidates which survive sieving are shuffled with a window of
- * size SHUFFLE before testing to increase the uniformity of the prime
- * selection. This isn't perfect, but it reduces the correlation between
- * the size of the prime-free gap before a prime and the probability
- * that that prime will be found by a sequential search.
- *
- * If rand is NULL, sequential search is used. If you want sequential
- * search, note that the search begins with the given number; if you're
- * trying to generate consecutive primes, you must increment the previous
- * one by two before calling this again.
- *
- * int (*f)(void *arg, int c), void *arg
- * The function f argument, if non-NULL, is called with progress indicator
- * characters for printing. A dot (.) is written every time a primality test
- * is failed, a star (*) every time one is passed, and a slash (/) in the
- * (very rare) case that the sieve was emptied without finding a prime
- * and is being refilled. f is also passed the void *arg argument for
- * private context storage. If f returns < 0, the test aborts and returns
- * that value immediately. (bn is set to the last value tested, so you
- * can increment bn and continue.)
- *
- * The "exponent" argument, and following unsigned numbers, are exponents
- * for which an inverse is desired, modulo p. For a d to exist such that
- * (x^e)^d == x (mod p), then d*e == 1 (mod p-1), so gcd(e,p-1) must be 1.
- * The prime returned is constrained to not be congruent to 1 modulo
- * any of the zero-terminated list of 16-bit numbers. Note that this list
- * should contain all the small prime factors of e. (You'll have to test
- * for large prime factors of e elsewhere, but the chances of needing to
- * generate another prime are low.)
- *
- * The list is terminated by a 0, and may be empty.
- */
-int
-primeGen(struct BigNum *bn, unsigned (*rand)(unsigned),
- int (*f)(void *arg, int c), void *arg, unsigned exponent, ...)
-{
- int retval;
- int modexps = 0;
- unsigned short offsets[SHUFFLE];
- unsigned i, j;
- unsigned p, q, prev;
- struct BigNum a, e;
-#ifdef MSDOS
- unsigned char *sieve;
-#else
- unsigned char sieve[SIEVE];
-#endif
-
-#ifdef MSDOS
- sieve = lbnMemAlloc(SIEVE);
- if (!sieve)
- return -1;
-#endif
-
- bnBegin(&a);
- bnBegin(&e);
-
-#if 0 /* Self-test (not used for production) */
-{
- struct BigNum t;
- static unsigned char const prime1[] = {5};
- static unsigned char const prime2[] = {7};
- static unsigned char const prime3[] = {11};
- static unsigned char const prime4[] = {1, 1}; /* 257 */
- static unsigned char const prime5[] = {0xFF, 0xF1}; /* 65521 */
- static unsigned char const prime6[] = {1, 0, 1}; /* 65537 */
- static unsigned char const prime7[] = {1, 0, 3}; /* 65539 */
- /* A small prime: 1234567891 */
- static unsigned char const prime8[] = {0x49, 0x96, 0x02, 0xD3};
- /* A slightly larger prime: 12345678901234567891 */
- static unsigned char const prime9[] = {
- 0xAB, 0x54, 0xA9, 0x8C, 0xEB, 0x1F, 0x0A, 0xD3 };
- /*
- * No, 123456789012345678901234567891 isn't prime; it's just a
- * lucky, easy-to-remember conicidence. (You have to go to
- * ...4567907 for a prime.)
- */
- static struct {
- unsigned char const *prime;
- unsigned size;
- } const primelist[] = {
- { prime1, sizeof(prime1) },
- { prime2, sizeof(prime2) },
- { prime3, sizeof(prime3) },
- { prime4, sizeof(prime4) },
- { prime5, sizeof(prime5) },
- { prime6, sizeof(prime6) },
- { prime7, sizeof(prime7) },
- { prime8, sizeof(prime8) },
- { prime9, sizeof(prime9) } };
-
- bnBegin(&t);
-
- for (i = 0; i < sizeof(primelist)/sizeof(primelist[0]); i++) {
- bnInsertBytes(&t, primelist[i].prime, 0,
- primelist[i].size);
- bnCopy(&e, &t);
- (void)bnSubQ(&e, 1);
- bnTwoExpMod(&a, &e, &t);
- p = bnBits(&a);
- if (p != 1) {
- printf(
- "Bug: Fermat(2) %u-bit output (1 expected)\n", p);
- fputs("Prime = 0x", stdout);
- for (j = 0; j < primelist[i].size; j++)
- printf("%02X", primelist[i].prime[j]);
- putchar('\n');
- }
- bnSetQ(&a, 3);
- bnExpMod(&a, &a, &e, &t);
- p = bnBits(&a);
- if (p != 1) {
- printf(
- "Bug: Fermat(3) %u-bit output (1 expected)\n", p);
- fputs("Prime = 0x", stdout);
- for (j = 0; j < primelist[i].size; j++)
- printf("%02X", primelist[i].prime[j]);
- putchar('\n');
- }
- }
-
- bnEnd(&t);
-}
-#endif
-
- /* First, make sure that bn is odd. */
- if ((bnLSWord(bn) & 1) == 0)
- (void)bnAddQ(bn, 1);
-
-retry:
- /* Then build a sieve starting at bn. */
- sieveBuild(sieve, SIEVE, bn, 2, 0);
-
- /* Do the extra exponent sieving */
- if (exponent) {
- va_list ap;
- unsigned t = exponent;
-
- va_start(ap, exponent);
-
- do {
- /* The exponent had better be odd! */
- assert(t & 1);
-
- i = bnModQ(bn, t);
- /* Find 1-i */
- if (i == 0)
- i = 1;
- else if (--i)
- i = t - i;
-
- /* Divide by 2, modulo the exponent */
- i = (i & 1) ? i/2 + t/2 + 1 : i/2;
-
- /* Remove all following multiples from the sieve. */
- sieveSingle(sieve, SIEVE, i, t);
-
- /* Get the next exponent value */
- t = va_arg(ap, unsigned);
- } while (t);
-
- va_end(ap);
- }
-
- /* Fill up the offsets array with the first SHUFFLE candidates */
- i = p = 0;
- /* Get first prime */
- if (sieve[0] & 1 || (p = sieveSearch(sieve, SIEVE, p)) != 0) {
- offsets[i++] = p;
- p = sieveSearch(sieve, SIEVE, p);
- }
- /*
- * Okay, from this point onwards, p is always the next entry
- * from the sieve, that has not been added to the shuffle table,
- * and is 0 iff the sieve has been exhausted.
- *
- * If we want to shuffle, then fill the shuffle table until the
- * sieve is exhausted or the table is full.
- */
- if (rand && p) {
- do {
- offsets[i++] = p;
- p = sieveSearch(sieve, SIEVE, p);
- } while (p && i < SHUFFLE);
- }
-
- /* Choose a random candidate for experimentation */
- prev = 0;
- while (i) {
- /* Pick a random entry from the shuffle table */
- j = rand ? rand(i) : 0;
- q = offsets[j]; /* The entry to use */
-
- /* Replace the entry with some more data, if possible */
- if (p) {
- offsets[j] = p;
- p = sieveSearch(sieve, SIEVE, p);
- } else {
- offsets[j] = offsets[--i];
- offsets[i] = 0;
- }
-
- /* Adjust bn to have the right value */
- if ((q > prev ? bnAddMult(bn, q-prev, 2)
- : bnSubMult(bn, prev-q, 2)) < 0)
- goto failed;
- prev = q;
-
- /* Now do the Fermat tests */
- retval = primeTest(bn, &e, &a, f, arg);
- if (retval <= 0)
- goto done; /* Success or error */
- modexps += retval;
- if (f && (retval = f(arg, '.')) < 0)
- goto done;
- }
-
- /* Ran out of sieve space - increase bn and keep trying. */
- if (bnAddMult(bn, SIEVE*8-prev, 2) < 0)
- goto failed;
- if (f && (retval = f(arg, '/')) < 0)
- goto done;
- goto retry;
-
-failed:
- retval = -1;
-done:
- bnEnd(&e);
- bnEnd(&a);
- lbnMemWipe(offsets, sizeof(offsets));
-#ifdef MSDOS
- lbnMemFree(sieve, SIEVE);
-#else
- lbnMemWipe(sieve, sizeof(sieve));
-#endif
-
- return retval < 0 ? retval : modexps + CONFIRMTESTS;
-}
-
-/*
- * Similar, but searches forward from the given starting value in steps of
- * "step" rather than 1. The step size must be even, and bn must be odd.
- * Among other possibilities, this can be used to generate "strong"
- * primes, where p-1 has a large prime factor.
- */
-int
-primeGenStrong(struct BigNum *bn, struct BigNum const *step,
- int (*f)(void *arg, int c), void *arg)
-{
- int retval;
- unsigned p, prev;
- struct BigNum a, e;
- int modexps = 0;
-#ifdef MSDOS
- unsigned char *sieve;
-#else
- unsigned char sieve[SIEVE];
-#endif
-
-#ifdef MSDOS
- sieve = lbnMemAlloc(SIEVE);
- if (!sieve)
- return -1;
-#endif
-
- /* Step must be even and bn must be odd */
- assert((bnLSWord(step) & 1) == 0);
- assert((bnLSWord(bn) & 1) == 1);
-
- bnBegin(&a);
- bnBegin(&e);
-
- for (;;) {
- if (sieveBuildBig(sieve, SIEVE, bn, step, 0) < 0)
- goto failed;
-
- p = prev = 0;
- if (sieve[0] & 1 || (p = sieveSearch(sieve, SIEVE, p)) != 0) {
- do {
- /*
- * Adjust bn to have the right value,
- * adding (p-prev) * 2*step.
- */
- assert(p >= prev);
- /* Compute delta into a */
- if (bnMulQ(&a, step, p-prev) < 0)
- goto failed;
- if (bnAdd(bn, &a) < 0)
- goto failed;
- prev = p;
-
- retval = primeTest(bn, &e, &a, f, arg);
- if (retval <= 0)
- goto done; /* Success! */
- modexps += retval;
- if (f && (retval = f(arg, '.')) < 0)
- goto done;
-
- /* And try again */
- p = sieveSearch(sieve, SIEVE, p);
- } while (p);
- }
-
- /* Ran out of sieve space - increase bn and keep trying. */
-#if SIEVE*8 == 65536
- /* Corner case that will never actually happen */
- if (!prev) {
- if (bnAdd(bn, step) < 0)
- goto failed;
- p = 65535;
- } else {
- p = (unsigned)(SIEVE*8 - prev);
- }
-#else
- p = SIEVE*8 - prev;
-#endif
- if (bnMulQ(&a, step, p) < 0 || bnAdd(bn, &a) < 0)
- goto failed;
- if (f && (retval = f(arg, '/')) < 0)
- goto done;
- } /* for (;;) */
-
-failed:
- retval = -1;
-
-done:
-
- bnEnd(&e);
- bnEnd(&a);
-#ifdef MSDOS
- lbnMemFree(sieve, SIEVE);
-#else
- lbnMemWipe(sieve, sizeof(sieve));
-#endif
- return retval < 0 ? retval : modexps + CONFIRMTESTS;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-struct BigNum;
-
-/* Generate a prime >= bn. leaving the result in bn. */
-int primeGen(struct BigNum *bn, unsigned (*randfunc)(unsigned),
- int (*f)(void *arg, int c), void *arg, unsigned exponent, ...);
-
-/*
- * Generate a prime of the form bn + k*step. Step must be even and
- * bn must be odd.
- */
-int primeGenStrong(struct BigNum *bn, struct BigNum const *step,
- int (*f)(void *arg, int c), void *arg);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * sieve.c - Trial division for prime finding.
- *
- * Finding primes:
- * - Sieve 1 to find the small primes for
- * - Sieve 2 to find the candidate large primes, then
- * - Pseudo-primality test.
- *
- * An important question is how much trial division by small primes
- * should we do? The answer is a LOT. Even a heavily optimized
- * Fermat test to the base 2 (the simplest pseudoprimality test)
- * is much more expensive than a division.
- *
- * For an prime of n k-bit words, a Fermat test to the base 2 requires n*k
- * modular squarings, each of which involves n*(n+1)/2 signle-word multiplies
- * in the squaring and n*(n+1) multiplies in the modular reduction, plus
- * some overhead to get into and out of Montgomery form. This is a total
- * of 3/2 * k * n^2 * (n+1). Equivalently, if n*k = b bits, it's
- * 3/2 * (b/k+1) * b^2 / k.
- *
- * A modulo operation requires n single-word divides. Let's assume that
- * a divide is 4 times the cost of a multiply. That's 4*n multiplies.
- * However, you only have to do the division once for your entire
- * search. It can be amortized over 10-15 primes. So it's
- * really more like n/3 multiplies. This is b/3k.
- *
- * Now, let's suppose you have a candidate prime t. Your options
- * are to a) do trial division by a prime p, then do a Fermat test,
- * or to do the Fermat test directly. Doing the trial division
- * costs b/3k multiplies, but a certain fraction of the time (1/p), it
- * saves you 3/2 b^3 / k^2 multiplies. Thus, it's worth it doing the
- * division as long as b/3k < 3/2 * (b/k+1) * b^2 / k / p.
- * I.e. p < 9/2 * (b/k + 1) * b = 9/2 * (b^2/k + b).
- * E.g. for k=16 and b=256, p < 9/2 * 17 * 256 = 19584.
- * Solving for k=16 and k=32 at a few interesting value of b:
- *
- * k=16, b=256: p < 19584 k=32, b=256: p < 10368
- * k=16, b=384: p < 43200 k=32, b=384; p < 22464
- * k=16, b=512: p < 76032 k=32, b=512: p < 39168
- * k=16, b=640: p < 118080 k=32, b=640: p < 60480
- *
- * H'm... before using the highly-optimized Fermat test, I got much larger
- * numbers (64K to 256K), and designed the sieve for that. Maybe it needs
- * to be reduced. It *is* true that the desirable sieve size increases
- * rapidly with increasing prime size, and it's the larger primes that are
- * worrisome in any case. I'll leave it as is (64K) for now while I
- * think about it.
- *
- * A bit of tweaking the division (we can compute a reciprocal and do
- * multiplies instead, turning 4*n into 4 + 2*n) would increase all the
- * numbers by a factor of 2 or so.
- *
- *
- * Bit k in a sieve corresponds to the number a + k*b.
- * For a given a and b, the sieve's job is to find the values of
- * k for which a + k*b == 0 (mod p). Multiplying by b^-1 and
- * isolating k, you get k == -a*b^-1 (mod p). So the values of
- * k which should be worked on are k = (-a*b^-1 mod p) + i * p,
- * for i = 0, 1, 2,...
- *
- * Note how this is still easy to use with very large b, if you need it.
- * It just requires computing (b mod p) and then finding the multiplicative
- * inverse of that.
- *
- *
- * How large a space to search to ensure that one will hit a prime?
- * The average density is known, but the primes behave oddly, and sometimes
- * there are large gaps. It is conjectured by shanks that the first gap
- * of size "delta" will occur at approximately exp(sqrt(delta)), so a delta
- * of 65536 is conjectured to be to contain a prime up to e^256.
- * Remembering the handy 2<->e conversion ratios:
- * ln(2) = 0.693147 log2(e) = 1.442695
- * This covers up to 369 bits. Damn, not enough! Still, it'll have to do.
- *
- * Cramer's conjecture (he proved it for "most" cases) is that in the limit,
- * as p goes to infinity, the largest gap after a prime p tends to (ln(p))^2.
- * So, for a 1024-bit p, the interval to the next prime is expected to be
- * about 709.78^2, or 503791. We'd need to enlarge our space by a factor of
- * 8 to be sure. It isn't worth the hassle.
- *
- * Note that a span of this size is expected to contain 92 primes even
- * in the vicinity of 2^1024 (it's 369 at 256 bits and 492 at 192 bits).
- * So the probability of failure is pretty low.
- */
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "bnconfig.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_LIMITS_H
-#define NO_LIMITS_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_LIMITS_H
-#include <limits.h> /* For UINT_MAX */
-#endif /* If not avail, default value of 0 is safe */
-
-#if !NO_STRING_H
-#include <string.h> /* for memset() */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "bn.h"
-#include "sieve.h"
-#ifdef MSDOS
-#include "lbnmem.h"
-#endif
-
-#include "kludge.h"
-
-/*
- * Each array stores potential primes as 1 bits in little-endian bytes.
- * Bit k in an array represents a + k*b, for some parameters a and b
- * of the sieve. Currently, b is hardcoded to 2.
- *
- * Various factors of 16 arise because these are all *byte* sizes, and
- * skipping even numbers, 16 numbers fit into a byte's worth of bitmap.
- */
-
-/*
- * The first number in the small prime sieve. This could be raised to
- * 3 if you want to squeeze bytes out aggressively for a smaller SMALL
- * table, and doing so would let one more prime into the end of the array,
- * but there is no sense making it larger if you're generating small
- * primes up to the limit if 2^16, since it doesn't save any memory and
- * would require extra code to ignore 65537 in the last byte, which is
- * over the 16-bit limit.
- */
-#define SMALLSTART 1
-
-/*
- * Size of sieve used to find large primes, in bytes. For compatibility
- * with 16-bit-int systems, the largest prime that can appear in it,
- * SMALL * 16 + SMALLSTART - 2, must be < 65536. Since 65537 is a prime,
- * this is the absolute maximum table size.
- */
-#define SMALL (65536/16)
-
-/*
- * Compute the multiplicative inverse of x, modulo mod, using the extended
- * Euclidean algorithm. The classical EEA returns two results, traditionally
- * named s and t, but only one (t) is needed or computed here.
- * It is unrolled twice to avoid some variable-swapping, and because negating
- * t every other round makes all the number positive and less than the
- * modulus, which makes fixed-length arithmetic easier.
- *
- * If gcd(x, mod) != 1, then this will return 0.
- */
-static unsigned
-sieveModInvert(unsigned x, unsigned mod)
-{
- unsigned y;
- unsigned t0, t1;
- unsigned q;
-
- if (x <= 1)
- return x; /* 0 and 1 are self-inverse */
- /*
- * The first round is simplified based on the
- * initial conditions t0 = 1 and t1 = 0.
- */
- t1 = mod / x;
- y = mod % x;
- if (y <= 1)
- return y ? mod - t1 : 0;
- t0 = 1;
-
- do {
- q = x / y;
- x = x % y;
- t0 += q * t1;
- if (x <= 1)
- return x ? t0 : 0;
- q = y / x;
- y = y % x;
- t1 += q * t0;
- } while (y > 1);
- return y ? mod - t1 : 0;
-}
-
-
-/*
- * Perform a single sieving operation on an array. Clear bits "start",
- * "start+step", "start+2*step", etc. from the array, up to the size
- * limit (in BYTES) "size". All of the arguments must fit into 16 bits
- * for portability.
- *
- * This is the core of the sieving operation. In addition to being
- * called from the sieving functions, it is useful to call directly if,
- * say, you want to exclude primes congruent to 1 mod 3, or whatever.
- * (Although in that case, it would be better to change the sieving to
- * use a step size of 6 and start == 5 (mod 6).)
- *
- * Originally, this was inlined in the code below (with various checks
- * turned off where they could be inferred from the environment), but it
- * turns out that all the sieving is so fast that it makes a negligible
- * speed difference and smaller, cleaner code was preferred.
- *
- * Rather than increment a bit index through the array and clear
- * the corresponding bit, this code takes advantage of the fact that
- * every eighth increment must use the same bit position in a byte.
- * I.e. start + k*step == start + (k+8)*step (mod 8). Thus, a bitmask
- * can be computed only eight times and used for all multiples. Thus, the
- * outer loop is over (k mod 8) while the inner loop is over (k div 8).
- *
- * The only further trickiness is that this code is designed to accept
- * start, step, and size up to 65535 on 16-bit machines. On such a
- * machine, the computation "start+step" can overflow, so we need to
- * insert an extra check for that situation.
- */
-void
-sieveSingle(unsigned char *array, unsigned size, unsigned start, unsigned step)
-{
- unsigned bit;
- unsigned char mask;
- unsigned i;
-
-#if UINT_MAX < 0x1ffff
- /* Unsigned is small; add checks for wrap */
- for (bit = 0; bit < 8; bit++) {
- i = start/8;
- if (i >= size)
- break;
- mask = ~(1 << (start & 7));
- do {
- array[i] &= mask;
- i += step;
- } while (i >= step && i < size);
- start += step;
- if (start < step) /* Overflow test */
- break;
- }
-#else
- /* Unsigned has the range - no overflow possible */
- for (bit = 0; bit < 8; bit++) {
- i = start/8;
- if (i >= size)
- break;
- mask = ~(1 << (start & 7));
- do {
- array[i] &= mask;
- i += step;
- } while (i < size);
- start += step;
- }
-#endif
-}
-
-/*
- * Returns the index of the next bit set in the given array. The search
- * begins after the specified bit, so if you care about bit 0, you need
- * to check it explicitly yourself. This returns 0 if no bits are found.
- *
- * Note that the size is in bytes, and that it takes and returns BIT
- * positions. If the array represents odd numbers only, as usual, the
- * returned values must be doubled to turn them into offsets from the
- * initial number.
- */
-unsigned
-sieveSearch(unsigned char const *array, unsigned size, unsigned start)
-{
- unsigned i; /* Loop index */
- unsigned char t; /* Temp */
-
- if (!++start)
- return 0;
- i = start/8;
- if (i >= size)
- return 0; /* Done! */
-
- /* Deal with odd-bit beginnings => search the first byte */
- if (start & 7) {
- t = array[i++] >> (start & 7);
- if (t) {
- if (!(t & 15)) {
- t >>= 4;
- start += 4;
- }
- if (!(t & 3)) {
- t >>= 2;
- start += 2;
- }
- if (!(t & 1))
- start += 1;
- return start;
- } else if (i == size) {
- return 0; /* Done */
- }
- }
-
- /* Now the main search loop */
-
- do {
- if ((t = array[i]) != 0) {
- start = 8*i;
- if (!(t & 15)) {
- t >>= 4;
- start += 4;
- }
- if (!(t & 3)) {
- t >>= 2;
- start += 2;
- }
- if (!(t & 1))
- start += 1;
- return start;
- }
- } while (++i < size);
-
- /* Failed */
- return 0;
-}
-
-/*
- * Build a table of small primes for sieving larger primes with. This
- * could be cached between calls to sieveBuild, but it's so fast that
- * it's really not worth it. This code takes a few milliseconds to run.
- */
-static void
-sieveSmall(unsigned char *array, unsigned size)
-{
- unsigned i; /* Loop index */
- unsigned p; /* The current prime */
-
- /* Initialize to all 1s */
- memset(array, 0xFF, size);
-
-#if SMALLSTART == 1
- /* Mark 1 as NOT prime */
- array[0] = 0xfe;
- i = 1; /* Index of first prime */
-#else
- i = 0; /* Index of first prime */
-#endif
-
- /*
- * Okay, now sieve via the primes up to 256, obtained from the
- * table itself. We know the maximum possible table size is
- * 65536, and sieveSingle() can cope with out-of-range inputs
- * safely, and the time required is trivial, so it isn't adaptive
- * based on the array size.
- *
- * Convert each bit position into a prime, compute a starting
- * sieve position (the square of the prime), and remove multiples
- * from the table, using sieveSingle(). I used to have that
- * code in line here, but the speed difference was so small it
- * wasn't worth it. If a compiler really wants to waste memory,
- * it can inline it.
- */
- do {
- p = 2 * i + SMALLSTART;
- if (p > 256)
- break;
- /* Start at square of p */
- sieveSingle(array, size, (p*p-SMALLSTART)/2, p);
-
- /* And find the next prime */
- i = sieveSearch(array, 16, i);
- } while (i);
-}
-
-
-/*
- * This is the primary sieving function. It fills in the array with
- * a sieve (multiples of small primes removed) beginning at bn and
- * proceeding in steps of "step".
- *
- * It generates a small array to get the primes to sieve by. It's
- * generated on the fly - sieveSmall is fast enough to make that
- * perfectly acceptable.
- *
- * The caller should take the array, walk it with sieveSearch, and
- * apply a stronger primality test to the numbers that are returned.
- *
- * If the "dbl" flag non-zero (at least 1), this also sieves 2*bn+1, in
- * steps of 2*step. If dbl is 2 or more, this also sieve 4*bn+3,
- * in steps of 4*step, and so on for arbitrarily high values of "dbl".
- * This is convenient for finding primes such that (p-1)/2 is also prime.
- * This is particularly efficient because sieveSingle is controlled by the
- * parameter s = -n/step (mod p). (In fact, we find t = -1/step (mod p)
- * and multiply that by n (mod p).) If you have -n/step (mod p), then
- * finding -(2*n+1)/(2*step) (mod p), which is -n/step - 1/(2*step) (mod p),
- * reduces to finding -1/(2*step) (mod p), or t/2 (mod p), and adding that
- * to s = -n/step (mod p). Dividing by 2 modulo an odd p is easy -
- * if even, divide directly. Otherwise, add p (which produces an even
- * sum), and divide by 2. Very simple. And this produces s' and t'
- * for step' = 2*step. It can be repeated for step'' = 4*step and so on.
- *
- * Note that some of the math is complicated by the fact that 2*p might
- * not fit into an unsigned, so rather than if (odd(x)) x = (x+p)/2,
- * we do if (odd(x)) x = x/2 + p/2 + 1;
- *
- * TODO: Do the double-sieving by sieving the larger number, and then
- * just subtract one from the remainder to get the other parameter.
- * (bn-1)/2 is divisible by an odd p iff bn-1 is divisible, which is
- * true iff bn == 1 mod p. This requires using a step size of 4.
- */
-int
-sieveBuild(unsigned char *array, unsigned size, struct BigNum const *bn,
- unsigned step, unsigned dbl)
-{
- unsigned i, j; /* Loop index */
- unsigned p; /* Current small prime */
- unsigned s; /* Where to start operations in the big sieve */
- unsigned t; /* Step modulo p, the current prime */
-#ifdef MSDOS /* Use dynamic allocation rather than on the stack */
- unsigned char *small;
-#else
- unsigned char small[SMALL];
-#endif
-
- assert(array);
-
-#ifdef MSDOS
- small = lbnMemAlloc(SMALL); /* Which allocator? Not secure. */
- if (!small)
- return -1; /* Failed */
-#endif
-
- /*
- * An odd step is a special case, since we must sieve by 2,
- * which isn't in the small prime array and has a few other
- * special properties. These are:
- * - Since the numbers are stored in binary, we don't need to
- * use bnModQ to find the remainder.
- * - If step is odd, then t = step % 2 is 1, which allows
- * the elimination of a lot of math. Inverting and negating
- * t don't change it, and multiplying s by 1 is a no-op,
- * so t isn't actually mentioned.
- * - Since this is the first sieving, instead of calling
- * sieveSingle, we can just use memset to fill the array
- * with 0x55 or 0xAA. Since a 1 bit means possible prime
- * (i.e. NOT divisible by 2), and the least significant bit
- * is first, if bn % 2 == 0, we use 0xAA (bit 0 = bn is NOT
- * prime), while if bn % 2 == 1, use 0x55.
- * (If step is even, bn must be odd, so fill the array with 0xFF.)
- * - Any doublings need not be considered, since 2*bn+1 is odd, and
- * 2*step is even, so none of these numbers are divisible by 2.
- */
- if (step & 1) {
- s = bnLSWord(bn) & 1;
- memset(array, 0xAA >> s, size);
- } else {
- /* Initialize the array to all 1's */
- memset(array, 255, size);
- assert(bnLSWord(bn) & 1);
- }
-
- /*
- * This could be cached between calls to sieveBuild, but
- * it's really not worth it; sieveSmall is *very* fast.
- * sieveSmall returns a sieve of odd primes.
- */
- sieveSmall(small, SMALL);
-
- /*
- * Okay, now sieve via the primes up to ssize*16+SMALLSTART-1,
- * obtained from the small table.
- */
- i = (small[0] & 1) ? 0 : sieveSearch(small, SMALL, 0);
- do {
- p = 2 * i + SMALLSTART;
-
- /*
- * Modulo is usually very expensive, but step is usually
- * small, so this conditional is worth it.
- */
- t = (step < p) ? step : step % p;
- if (!t) {
- /*
- * Instead of assert failing, returning all zero
- * bits is the "correct" thing to do, but I think
- * that the caller should take care of that
- * themselves before starting.
- */
- assert(bnModQ(bn, p) != 0);
- continue;
- }
- /*
- * Get inverse of step mod p. 0 < t < p, and p is prime,
- * so it has an inverse and sieveModInvert can't return 0.
- */
- t = sieveModInvert(t, p);
- assert(t);
- /* Negate t, so now t == -1/step (mod p) */
- t = p - t;
-
- /* Now get the bignum modulo the prime. */
- s = bnModQ(bn, p);
-
- /* Multiply by t, the negative inverse of step size */
-#if UINT_MAX/0xffff < 0xffff
- s = (unsigned)(((unsigned long)s * t) % p);
-#else
- s = (s * t) % p;
-#endif
-
- /* s is now the starting bit position, so sieve */
- sieveSingle(array, size, s, p);
-
- /* Now do the double sieves as desired. */
- for (j = 0; j < dbl; j++) {
- /* Halve t modulo p */
-#if UINT_MAX < 0x1ffff
- t = (t & 1) ? p/2 + t/2 + 1 : t/2;
- /* Add t to s, modulo p with overflow checks. */
- s += t;
- if (s >= p || s < t)
- s -= p;
-#else
- if (t & 1)
- t += p;
- t /= 2;
- /* Add t to s, modulo p */
- s += t;
- if (s >= p)
- s -= p;
-#endif
- sieveSingle(array, size, s, p);
- }
-
- /* And find the next prime */
- } while ((i = sieveSearch(small, SMALL, i)) != 0);
-
-#ifdef MSDOS
- lbnMemFree(small, SMALL);
-#endif
- return 0; /* Success */
-}
-
-/*
- * Similar to the above, but use "step" (which must be even) as a step
- * size rather than a fixed value of 2. If "step" has any small divisors
- * other than 2, this will blow up.
- *
- * Returns -1 on out of memory (MSDOS only, actually), and -2
- * if step is found to be non-prime.
- */
-int
-sieveBuildBig(unsigned char *array, unsigned size, struct BigNum const *bn,
- struct BigNum const *step, unsigned dbl)
-{
- unsigned i, j; /* Loop index */
- unsigned p; /* Current small prime */
- unsigned s; /* Where to start operations in the big sieve */
- unsigned t; /* step modulo p, the current prime */
-#ifdef MSDOS /* Use dynamic allocation rather than on the stack */
- unsigned char *small;
-#else
- unsigned char small[SMALL];
-#endif
-
- assert(array);
-
-#ifdef MSDOS
- small = lbnMemAlloc(SMALL); /* Which allocator? Not secure. */
- if (!small)
- return -1; /* Failed */
-#endif
- /*
- * An odd step is a special case, since we must sieve by 2,
- * which isn't in the small prime array and has a few other
- * special properties. These are:
- * - Since the numbers are stored in binary, we don't need to
- * use bnModQ to find the remainder.
- * - If step is odd, then t = step % 2 is 1, which allows
- * the elimination of a lot of math. Inverting and negating
- * t don't change it, and multiplying s by 1 is a no-op,
- * so t isn't actually mentioned.
- * - Since this is the first sieving, instead of calling
- * sieveSingle, we can just use memset to fill the array
- * with 0x55 or 0xAA. Since a 1 bit means possible prime
- * (i.e. NOT divisible by 2), and the least significant bit
- * is first, if bn % 2 == 0, we use 0xAA (bit 0 = bn is NOT
- * prime), while if bn % 2 == 1, use 0x55.
- * (If step is even, bn must be odd, so fill the array with 0xFF.)
- * - Any doublings need not be considered, since 2*bn+1 is odd, and
- * 2*step is even, so none of these numbers are divisible by 2.
- */
- if (bnLSWord(step) & 1) {
- s = bnLSWord(bn) & 1;
- memset(array, 0xAA >> s, size);
- } else {
- /* Initialize the array to all 1's */
- memset(array, 255, size);
- assert(bnLSWord(bn) & 1);
- }
-
- /*
- * This could be cached between calls to sieveBuild, but
- * it's really not worth it; sieveSmall is *very* fast.
- * sieveSmall returns a sieve of the odd primes.
- */
- sieveSmall(small, SMALL);
-
- /*
- * Okay, now sieve via the primes up to ssize*16+SMALLSTART-1,
- * obtained from the small table.
- */
- i = (small[0] & 1) ? 0 : sieveSearch(small, SMALL, 0);
- do {
- p = 2 * i + SMALLSTART;
-
- t = bnModQ(step, p);
- if (!t) {
- assert(bnModQ(bn, p) != 0);
- continue;
- }
- /* Get negative inverse of step */
- t = sieveModInvert(bnModQ(step, p), p);
- assert(t);
- t = p-t;
-
- /* Okay, we have a prime - get the remainder */
- s = bnModQ(bn, p);
-
- /* Now multiply s by the negative inverse of step (mod p) */
-#if UINT_MAX/0xffff < 0xffff
- s = (unsigned)(((unsigned long)s * t) % p);
-#else
- s = (s * t) % p;
-#endif
- /* We now have the starting bit pos */
- sieveSingle(array, size, s, p);
-
- /* Now do the double sieves as desired. */
- for (j = 0; j < dbl; j++) {
- /* Halve t modulo p */
-#if UINT_MAX < 0x1ffff
- t = (t & 1) ? p/2 + t/2 + 1 : t/2;
- /* Add t to s, modulo p with overflow checks. */
- s += t;
- if (s >= p || s < t)
- s -= p;
-#else
- if (t & 1)
- t += p;
- t /= 2;
- /* Add t to s, modulo p */
- s += t;
- if (s >= p)
- s -= p;
-#endif
- sieveSingle(array, size, s, p);
- }
-
- /* And find the next prime */
- } while ((i = sieveSearch(small, SMALL, i)) != 0);
-
-#ifdef MSDOS
- lbnMemFree(small, SMALL);
-#endif
- return 0; /* Success */
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * sieve.h - Trial division for prime finding.
- *
- * This is generally not intended for direct use by a user of the library;
- * the prime.c and dhprime.c functions. are more likely to be used.
- * However, a special application may need these.
- */
-struct BigNum;
-
-/* Remove multiples of a single number from the sieve */
-void
-sieveSingle(unsigned char *array, unsigned size, unsigned start, unsigned step);
-
-/* Build a sieve starting at the number and incrementing by "step". */
-int sieveBuild(unsigned char *array, unsigned size, struct BigNum const *bn,
- unsigned step, unsigned dbl);
-
-/* Similar, but uses a >16-bit step size */
-int sieveBuildBig(unsigned char *array, unsigned size, struct BigNum const *bn,
- struct BigNum const *step, unsigned dbl);
-
-/* Return the next bit set in the sieve (or 0 on failure) */
-unsigned sieveSearch(unsigned char const *array, unsigned size, unsigned start);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#include "bnsize00.h"
-
-#if BNSIZE16
-#error Using 16-bit math library
-#elif BNSIZE32
-#error Using 32-bit math library
-#elif BNSIZE64
-#error Using 64-bit math library
-#else
-#error No math library size defined
-#endif
+++ /dev/null
-Test driver for Diffie-Hellman key agreement operations.
-
-This program generates Diffie-Hellman moduli and does a sample
-key agreement with them.
-
-The command line is a seed string which is used to generate the
-public modulus. The use of a seed lets you verify that the
-modulus was not generated in a weak manner.
-
-Currently, the list of key sizes to generate is compiled in.
-
-After key generation, the program performs a sample key agreement.
-
-The primes used in SKIP were generated with the seed in the file
-Gandhi, which contains 79 bytes plus a newline:
-Whatever you do will be insignificant, but it is very important that you do it.
-
-Example invocation lines:
-
-dhtest arbitrary seed string
-dhtest `cat Gandhi`
+++ /dev/null
-Test driver for Digital Signature Algorithm operations.
-
-This program generates DSA keys (currently, of a few compiled-in
-sizes) and does timing tests on DSA operations.
-
-The command line is a seed string which is used to generate the
-public parameters. The use of a seed lets you verify that the
-key was not generated in a weak manner.
-
-Currently, the list of key sizes to generate is compiled in.
-
-After key generation, the program DSA-signs and verifies a
-random message, and displays the timing.
-
-Example invocation lines:
-
-dsatest arbitrary seed string
-dsatest foo
+++ /dev/null
-Rsatest is a test driver for RSA operations.
-
-Rsatest takes a list of vecimal key sizes (in bits) on the command
-line, and generates keys of those sizes. It generates keys randomly,
-using keyboard timings for a random number source, then tests the
-resultant keys, doing an encryption, a decryption, a signing and a
-verification.
-
-Example invocation lines:
-
-rsatest 512 768 1024
-rsatest 2048
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * dhtest.c - Diffie-Hellman prime generator.
- *
- * This generates Diffie-Hellman primes using a (hopefully) clearly
- * defined algorithm, based on David Kravitz's "kosherizer".
- * This takes a seed in the form of a byte string, usually ASCII.
- * The byte string is hashed with SHA. This forms the low 160 bits
- * of the search start number. If the desired start number is longer
- * than this, the byte string is treated as a big-endian number and
- * incremented, which increments the last byte, propagating carry.
- * (Modulo the size of the seed itself, which is not an issue in
- * practice for any seed at least one byte long.)
- * This incremented value is hashed to produce the next most significant
- * 160 bits, and so on.
- * After enough bits have been accumulated, the low bit is set, the extra
- * high bits are masked off to zero, and the two high bits of the
- * search start number are set. This is used as a starting seed for a
- * sequential (increasing) search for a suitable prime.
- *
- * A suitable prime P is itself prime, and (P-1)/2 is also prime.
- */
-#include <stdio.h>
-#include <string.h>
-
-#include "bn.h"
-#include "germain.h"
-#include "sieve.h"
-
-#include "cputime.h"
-#include "sha.h"
-
-#define BNDEBUG 1
-
-#if BNDEBUG
-#include "bnprint.h"
-#define bndPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-#define bndPrintf printf
-#else
-#define bndPut(prompt, bn) ((void)(prompt),(void)(bn))
-#define bndPrintf (void)
-#endif
-
-/*
- * Generate a bignum of a specified length, with the given
- * high and low 8 bits. "High" is merged into the high 8 bits of the
- * number. For example, set it to 0x80 to ensure that the number is
- * exactly "bits" bits long (i.e. 2^(bits-1) <= bn < 2^bits).
- * "Low" is merged into the low 8 bits. For example, set it to
- * 1 to ensure that you generate an odd number.
- *
- * The bignum is generated using the given seed string. The
- * technique is from David Kravitz (of the NSA)'s "kosherizer".
- * The string is hashed, and that (with the low bit forced to 1)
- * is used for the low 160 bits of the number. Then the string,
- * considered as a big-endian array of bytes, is incremented
- * and the incremented value is hashed to produce the next most
- * significant 160 bits, and so on. The increment is performed
- * modulo the size of the seed string.
- *
- * The most significant *two* bits are forced to 1, the first to
- * ensure that the number is long enough, and the second just to
- * place the prime in the high half of the range to make breaking
- * it slightly more difficult, since it makes essentially no
- * difference to the use of the number.
- */
-static int
-genRandBn(struct BigNum *bn, unsigned bits, unsigned char high,
-unsigned char low, unsigned char *seed, unsigned len)
-{
- unsigned char buf[SHA_DIGESTSIZE];
- unsigned bytes;
- unsigned l = 0; /* Current position */
- unsigned i;
- struct SHAContext sha;
-
- bnSetQ(bn, 0);
-
- bytes = (bits+7) / 8; /* Number of bytes to use */
- shaInit(&sha);
- shaUpdate(&sha, seed, len);
- shaFinal(&sha, buf);
- buf[SHA_DIGESTSIZE-1] |= low;
-
- while (bytes > SHA_DIGESTSIZE) {
- bytes -= SHA_DIGESTSIZE;
- /* Merge in low half of high bits, if necessary */
- if (bytes == 1 && (bits & 7))
- buf[0] |= high << (bits & 7);
- if (bnInsertBigBytes(bn, buf, l, SHA_DIGESTSIZE) < 0)
- return -1;
- l += SHA_DIGESTSIZE;
-
- /* Increment the seed, ignoring carry out. */
- i = len;
- while (i--) {
- if (++seed[i] & 255)
- break; /* Didn't wrap; done */
- }
- shaInit(&sha);
- shaUpdate(&sha, seed, len);
- shaFinal(&sha, buf);
- }
-
- /* Do the final "bytes"-long section, using the tail bytes in buf */
- /* Mask off excess high bits */
- buf[SHA_DIGESTSIZE-bytes] &= 255 >> (-bits & 7);
- /* Merge in specified high bits */
- buf[SHA_DIGESTSIZE-bytes] |= high >> (-bits & 7);
- if (bytes > 1 && (bits & 7))
- buf[SHA_DIGESTSIZE-bytes+1] |= high << (bits & 7);
- /* Merge in the appropriate bytes of the buffer */
- if (bnInsertBigBytes(bn, buf+SHA_DIGESTSIZE-bytes, l, bytes) < 0)
- return -1;
- return 0;
-}
-
-struct Progress {
- FILE *f;
- unsigned column;
- unsigned wrap;
-};
-
-static int
-genProgress(void *arg, int c)
-{
- struct Progress *p = arg;
- if (++p->column > p->wrap) {
- putc('\n', p->f);
- p->column = 1;
- }
- putc(c, p->f);
- fflush(p->f);
- return 0;
-}
-
-static int
-genDH(struct BigNum *bn, unsigned bits, unsigned char *seed, unsigned len,
- FILE *f)
-{
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long s;
-#endif
- int i;
- unsigned char s1[1024], s2[1024];
- unsigned p1, p2;
- struct BigNum step;
- struct Progress progress;
-
- if (f)
- fprintf(f, "Generating a %u-bit D-H prime with \"%.*s\"\n",
- bits, (int)len, (char *)seed);
- progress.f = f;
- progress.column = 0;
- progress.wrap = 78;
-
- /* Find p - choose a starting place */
- if (genRandBn(bn, bits, 0xC0, 3, seed, len) < 0)
- return -1;
-#if BNDEBUG /* DEBUG - check that sieve works properly */
- bnBegin(&step);
- bnSetQ(&step, 2);
- sieveBuild(s1, 1024, bn, 2, 0);
- sieveBuildBig(s2, 1024, bn, &step, 0);
- p1 = p2 = 0;
- if (s1[0] != s2[0])
- printf("Difference: s1[0] = %x s2[0] = %x\n", s1[0], s2[0]);
- do {
- p1 = sieveSearch(s1, 1024, p1);
- p2 = sieveSearch(s2, 1024, p2);
-
- if (p1 != p2)
- printf("Difference: p1 = %u p2 = %u\n", p1, p2);
- } while (p1 && p2);
-
- bnEnd(&step);
-#endif
- /* And search for a prime */
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = germainPrimeGen(bn, 1, f ? genProgress : 0, (void *)&progress);
- if (i < 0)
- return -1;
-#if CLOCK_AVAIL
- gettime(&stop);
-#endif
- if (f) {
- putc('\n', f);
- fprintf(f, "%d modular exponentiations performed.\n", i);
- }
-#if CLOCK_AVAIL
- subtime(stop, start);
- s = sec(stop);
- bndPrintf("%u-bit time = %lu.%03u sec.", bits, s, msec(stop));
- if (s > 60) {
- putchar(' ');
- putchar('(');
- if (s > 3600)
- printf("%u:%02u", (unsigned)(s/3600),
- (unsigned)(s/60%60));
- else
- printf("%u", (unsigned)(s/60));
- printf(":%02u)", (unsigned)(s%60));
- }
- putchar('\n');
-#endif
-
- bndPut("p = ", bn);
-
- return 0;
-}
-
-static int
-testDH(struct BigNum *bn)
-{
- struct BigNum pub1, pub2, sec1, sec2;
- unsigned bits;
- int i = 0;
- char buf[4];
-
- bnBegin(&pub1);
- bnBegin(&pub2);
- bnBegin(&sec1);
- bnBegin(&sec2);
-
- /* Bits of secret - add a few to ensure an even distribution */
- bits = bnBits(bn)+4;
- /* Temporarily decrement bn for some operations */
- (void)bnSubQ(bn, 1);
-
- strcpy(buf, "foo");
- i = genRandBn(&sec1, bits, 0, 0, (unsigned char *)buf, 4);
- if (i < 0)
- goto done;
- /* Reduce sec1 to the correct range */
- i = bnMod(&sec1, &sec1, bn);
- if (i < 0)
- goto done;
-
- strcpy(buf, "bar");
- i = genRandBn(&sec2, bits, 0, 0, (unsigned char *)buf, 4);
- if (i < 0)
- goto done;
- /* Reduce sec2 to the correct range */
- i = bnMod(&sec2, &sec2, bn);
- if (i < 0)
- goto done;
-
- /* Re-increment bn */
- (void)bnAddQ(bn, 1);
-
- puts("Doing first half for party 1");
- i = bnTwoExpMod(&pub1, &sec1, bn);
- if (i < 0)
- goto done;
- puts("Doing first half for party 2");
- i = bnTwoExpMod(&pub2, &sec2, bn);
- if (i < 0)
- goto done;
-
- /* In a real protocol, pub1 and pub2 are now exchanged */
-
- puts("Doing second half for party 1");
- i = bnExpMod(&pub2, &pub2, &sec1, bn);
- if (i < 0)
- goto done;
- bndPut("shared = ", &pub2);
- puts("Doing second half for party 2");
- i = bnExpMod(&pub1, &pub1, &sec2, bn);
- if (i < 0)
- goto done;
- bndPut("shared = ", &pub1);
-
- if (bnCmp(&pub1, &pub2) != 0) {
- puts("Diffie-Hellman failed!");
- i = -1;
- } else {
- puts("Test successful.");
- }
-done:
- bnEnd(&sec2);
- bnEnd(&sec1);
- bnEnd(&pub2);
- bnEnd(&pub1);
-
- return i;
-}
-
-/* Copy the command line to the buffer. */
-static unsigned
-copy(unsigned char *buf, int argc, char **argv)
-{
- unsigned pos, len;
-
- pos = 0;
- while (--argc) {
- len = strlen(*++argv);
- memcpy(buf, *argv, len);
- buf += len;
- pos += len;
- if (argc > 1) {
- *buf++ = ' ';
- pos++;
- }
- }
- return pos;
-}
-
-int
-main(int argc, char **argv)
-{
- unsigned len;
- struct BigNum bn;
- unsigned char buf[1024];
-
- if (argc < 2) {
- fprintf(stderr, "Usage: %s <seed>\n", argv[0]);
- fputs("\
-<seed> should be a a string of bytes to be hashed to seed the prime\n\
-generator. Note that unquoted whitespace between words will be counted\n\
-as a single space. To include multiple spaces, quote them.\n", stderr);
- return 1;
- }
-
- bnInit();
- bnBegin(&bn);
-
- len = copy(buf, argc, argv);
- genDH(&bn, 0x100, buf, len, stdout);
- testDH(&bn);
-
- len = copy(buf, argc, argv);
- genDH(&bn, 0x200, buf, len, stdout);
- testDH(&bn);
-
- len = copy(buf, argc, argv);
- genDH(&bn, 0x300, buf, len, stdout);
- testDH(&bn);
-
- len = copy(buf, argc, argv);
- genDH(&bn, 0x400, buf, len, stdout);
- testDH(&bn);
-
- len = copy(buf, argc, argv);
- genDH(&bn, 0x500, buf, len, stdout);
- testDH(&bn);
-
-#if 0
- /* These get *really* slow */
- len = copy(buf, argc, argv);
- genDH(&bn, 0x600, buf, len, stdout);
- testDH(&bn);
-
- len = copy(buf, argc, argv);
- genDH(&bn, 0x800, buf, len, stdout);
- testDH(&bn);
-
- len = copy(buf, argc, argv);
- genDH(&bn, 0xc00, buf, len, stdout);
- testDH(&bn);
-
- /* Like, plan on a *week* or more for this one. */
- len = copy(buf, argc, argv);
- genDH(&bn, 0x1000, buf, len, stdout);
- testDH(&bn);
-#endif
-
- bnEnd(&bn);
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * dsatest.c - DSA key generator and test driver.
- *
- * This generates DSA primes using a (hopefully) clearly
- * defined algorithm, based on David Kravitz's "kosherizer".
- * It is not, however, identical.
- */
-#include <stdio.h>
-#include <string.h>
-
-#include "bn.h"
-#include "prime.h"
-
-#include "cputime.h"
-#include "sha.h"
-
-#define BNDEBUG 1
-
-#if BNDEBUG
-#include "bnprint.h"
-#define bndPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-#define bndPrintf printf
-#else
-#define bndPut(prompt, bn) ((void)(prompt),(void)(bn))
-#define bndPrintf (void)
-#endif
-
-/*
- * Generate a bignum of a specified length, with the given
- * high and low 8 bits. "High" is merged into the high 8 bits of the
- * number. For example, set it to 0x80 to ensure that the number is
- * exactly "bits" bits long (i.e. 2^(bits-1) <= bn < 2^bits).
- * "Low" is merged into the low 8 bits. For example, set it to
- * 1 to ensure that you generate an odd number.
- *
- * Then XOR the result into the input bignum. This is to
- * accomodate the kosherizer in all its generality.
- *
- * The bignum is generated using the given seed string. The
- * technique is from David Kravitz (of the NSA)'s "kosherizer".
- * The string is hashed, and that (with the low bit forced to 1)
- * is used for the low 160 bits of the number. Then the string,
- * considered as a big-endian array of bytes, is incremented
- * and the incremented value is hashed to produce the next most
- * significant 160 bits, and so on. The increment is performed
- * modulo the size of the seed string.
- *
- * The seed is returned incremented so that it may be used to generate
- * subsequent numbers.
- *
- * The most and least significant 8 bits of the returned number are forced
- * to the values passed in "high" and "low", respectively. Typically,
- * high would be set to 0x80 to force the most significant bit to 1.
- */
-static int
-genRandBn(struct BigNum *bn, unsigned bits, unsigned char high,
-unsigned char low, unsigned char *seed, unsigned len)
-{
- unsigned char buf1[SHA_DIGESTSIZE];
- unsigned char buf2[SHA_DIGESTSIZE];
- unsigned bytes = (bits+7)/8;
- unsigned l = 0; /* Current position */
- unsigned i;
- struct SHAContext sha;
-
- if (!bits)
- return 0;
-
- /* Generate the first bunch of hashed data */
- shaInit(&sha);
- shaUpdate(&sha, seed, len);
- shaFinal(&sha, buf1);
- /* Increment the seed, ignoring carry out. */
- i = len;
- while (i-- && (++seed[i] & 255) == 0)
- ;
- /* XOR in the existing bytes */
- bnExtractBigBytes(bn, buf2, l, SHA_DIGESTSIZE);
- for (i = 0; i < SHA_DIGESTSIZE; i++)
- buf1[i] ^= buf2[i];
- buf1[SHA_DIGESTSIZE-1] |= low;
-
- while (bytes > SHA_DIGESTSIZE) {
- bytes -= SHA_DIGESTSIZE;
- /* Merge in low half of high bits, if necessary */
- if (bytes == 1 && (bits & 7))
- buf1[0] |= high << (bits & 7);
- if (bnInsertBigBytes(bn, buf1, l, SHA_DIGESTSIZE) < 0)
- return -1;
- l += SHA_DIGESTSIZE;
-
- /* Compute the next hash we need */
- shaInit(&sha);
- shaUpdate(&sha, seed, len);
- shaFinal(&sha, buf1);
- /* Increment the seed, ignoring carry out. */
- i = len;
- while (i-- && (++seed[i] & 255) == 0)
- ;
- /* XOR in the existing bytes */
- bnExtractBigBytes(bn, buf2, l, SHA_DIGESTSIZE);
- for (i = 0; i < SHA_DIGESTSIZE; i++)
- buf1[i] ^= buf2[i];
- }
-
- /* Do the final "bytes"-long section, using the tail bytes in buf1 */
- /* Mask off excess high bits */
- buf1[SHA_DIGESTSIZE-bytes] &= 255 >> (-bits & 7);
- /* Merge in specified high bits */
- buf1[SHA_DIGESTSIZE-bytes] |= high >> (-bits & 7);
- if (bytes > 1 && (bits & 7))
- buf1[SHA_DIGESTSIZE-bytes+1] |= high << (bits & 7);
- /* Merge in the appropriate bytes of the buffer */
- if (bnInsertBigBytes(bn, buf1+SHA_DIGESTSIZE-bytes, l, bytes) < 0)
- return -1;
-
- return 0;
-}
-
-struct Progress {
- FILE *f;
- unsigned column;
- unsigned wrap;
-};
-
-static int
-genProgress(void *arg, int c)
-{
- struct Progress *p = arg;
- if (++p->column > p->wrap) {
- putc('\n', p->f);
- p->column = 1;
- }
- putc(c, p->f);
- fflush(p->f);
- return 0;
-}
-
-static int
-dsaGen(struct BigNum *p, unsigned pbits, struct BigNum *q, unsigned qbits,
- struct BigNum *g, struct BigNum *x, struct BigNum *y,
- unsigned char *seed, unsigned len, FILE *f)
-{
- struct BigNum h, e;
- int i;
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long s;
-#endif
- struct Progress progress;
-
- if (f)
- fprintf(f,
- "Generating a DSA key pair with %u-bit p and %u-bit q,\n"
- "seed = \"%.*s\"\n", pbits, qbits, (int)len, (char *)seed);
- progress.f = f;
- progress.column = 0;
- progress.wrap = 78;
-
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
-
- /*
- * Choose a random starting place for q
- * Starting place is SHA(seed) XOR SHA(seed+1),
- * With the high *8* bits set to 1.
- */
- (void)bnSetQ(q, 0);
- if (genRandBn(q, qbits, 0xFF, 0, seed, len) < 0)
- return -1;
- bndPut("q1 = ", q);
- if (genRandBn(q, qbits, 0xFF, 1, seed, len) < 0)
- return -1;
- bndPut("q2 = ", q);
- /* And search for a prime */
- i = primeGen(q, (unsigned (*)(unsigned))0, f ? genProgress : 0,
- (void *)&progress, 0);
- bndPut("q = ", q);
- if (i < 0)
- return -1;
-
- /* ...and for p */
- (void)bnSetQ(p, 0);
- if (genRandBn(p, pbits, 0xC0, 1, seed, len) < 0)
- return -1;
- bndPut("p1 = ", p);
-
- /* Temporarily double q */
- if (bnLShift(q, 1) < 0)
- return -1;
-
- bnBegin(&h);
- bnBegin(&e);
-
- /* Set p = p - (p mod q) + 1, i.e. congruent to 1 mod 2*q */
- if (bnMod(&e, p, q) < 0)
- goto failed;
- if (bnSub(p, &e) < 0 || bnAddQ(p, 1) < 0)
- goto failed;
- bndPut("p2 = ", p);
-
- if (f)
- genProgress(&progress, ' ');
-
- /* And search for a prime */
- i = primeGenStrong(p, q, f ? genProgress : 0, (void *)&progress);
- if (i < 0)
- return -1;
- bndPut("p = ", p);
-
- /* Reduce q again */
- bnRShift(q, 1);
-
- /* Now hunt for a suitable g - first, find (p-1)/q */
- if (bnDivMod(&e, &h, p, q) < 0)
- goto failed;
- /* e is now the exponent (p-1)/q, and h is the remainder (one!) */
- if (bnBits(&h) != 1) {
- bndPut("Huh? p % q = ", &h);
- goto failed;
- }
-
- if (f)
- genProgress(&progress, ' ');
-
- /* Search for a suitable h */
- if (bnSetQ(&h, 2) < 0 || bnTwoExpMod(g, &e, p) < 0)
- goto failed;
- i++;
- while (bnBits(g) < 2) {
- if (f)
- genProgress(&progress, '.');
- if (bnAddQ(&h, 1) < 0 || bnExpMod(g, &h, &e, p) < 0)
- goto failed;
- i++;
- }
- if (f)
- genProgress(&progress, '*');
-#if CLOCK_AVAIL
- gettime(&stop);
-#endif
-
- /*
- * Now pick the secret, x. Choose it a bit larger than q and do
- * modular reduction to make it uniformly distributed.
- */
- bnSetQ(x, 0);
- /* XXX SECURITY ALERT Replace with a real RNG! SECURITY ALERT XXX */
- if (genRandBn(x, qbits+8, 0, 0, seed, len) < 0)
- goto failed;
- if (bnMod(x, x, q) < 0 || bnExpMod(y, g, x, p) < 0)
- goto failed;
- i++;
- if (f)
- putc('\n', f);
-
- printf("%d modular exponentiations performed.\n", i);
-
-#if CLOCK_AVAIL
- subtime(stop, start);
- s = sec(stop);
- bndPrintf("%u/%u-bit time = %lu.%03u sec.", pbits, qbits,
- s, msec(stop));
- if (s > 60) {
- putchar(' ');
- putchar('(');
- if (s > 3600)
- printf("%u:%02u", (unsigned)(s/3600),
- (unsigned)(s/60%60));
- else
- printf("%u", (unsigned)(s/60));
- printf(":%02u)", (unsigned)(s%60));
- }
- putchar('\n');
-#endif
-
- bndPut("q = ", q);
- bndPut("p = ", p);
- bndPut("h = ", &h);
- bndPut("g = ", g);
- bndPut("x = ", x);
- bndPut("y = ", y);
-
- bnEnd(&h);
- bnEnd(&e);
-
- return 0;
-
-failed:
- bnEnd(&h);
- bnEnd(&e);
- return -1;
-}
-
-static int
-dsaSign(struct BigNum const *p, struct BigNum const *q, struct BigNum const *g,
- struct BigNum const *x, struct BigNum const *y,
- struct BigNum const *hash, struct BigNum const *k,
- struct BigNum *r, struct BigNum *s)
-{
- int retval = -1;
- struct BigNum t;
-
- (void)y;
-
- bnBegin(&t);
- /* Make the signature... first the precomputation */
-
- /* Compute r = (g^k mod p) mod q */
- if (bnExpMod(r, g, k, p) < 0 || bnMod(r, r, q) < 0)
- goto failed;
-
- /* Compute s = k^-1 * (hash + x*r) mod q */
- if (bnInv(&t, k, q) < 0)
- goto failed;
- if (bnMul(s, x, r) < 0 || bnMod(s, s, q) < 0)
- goto failed;
-
- /* End of precomputation. Steps after this require the hash. */
-
- if (bnAdd(s, hash) < 0)
- goto failed;
- if (bnCmp(s, q) > 0 && bnSub(s, q) < 0)
- goto failed;
- if (bnMul(s, s, &t) < 0 || bnMod(s, s, q) < 0)
- goto failed;
- /* Okay, r and s are the signature! */
-
- retval = 0;
-
-failed:
- bnEnd(&t);
- return retval;
-}
-
-/* Faster version, using precomputed tables */
-static int
-dsaSignFast(struct BigNum const *p, struct BigNum const *q,
- struct BnBasePrecomp const *pre,
- struct BigNum const *x, struct BigNum const *y,
- struct BigNum const *hash, struct BigNum const *k,
- struct BigNum *r, struct BigNum *s)
-{
- int retval = -1;
- struct BigNum t;
-
- (void)y;
-
- bnBegin(&t);
- /* Make the signature... first the precomputation */
-
- /* Compute r = (g^k mod p) mod q */
- if (bnBasePrecompExpMod(r, pre, k, p) < 0 || bnMod(r, r, q) < 0)
- goto failed;
-
- /* Compute s = k^-1 * (hash + x*r) mod q */
- if (bnInv(&t, k, q) < 0)
- goto failed;
- if (bnMul(s, x, r) < 0 || bnMod(s, s, q) < 0)
- goto failed;
-
- /* End of precomputation. Steps after this require the hash. */
-
- if (bnAdd(s, hash) < 0)
- goto failed;
- if (bnCmp(s, q) > 0 && bnSub(s, q) < 0)
- goto failed;
- if (bnMul(s, s, &t) < 0 || bnMod(s, s, q) < 0)
- goto failed;
- /* Okay, r and s are the signature! */
-
- retval = 0;
-
-failed:
- bnEnd(&t);
- return retval;
-}
-
-/*
- * Returns 1 for a good signature, 0 for bad, and -1 on error.
- */
-static int
-dsaVerify(struct BigNum const *p, struct BigNum const *q,
- struct BigNum const *g, struct BigNum const *y,
- struct BigNum const *r, struct BigNum const *s,
- struct BigNum const *hash)
-{
- struct BigNum w, u1, u2;
- int retval = -1;
-
- bnBegin(&w);
- bnBegin(&u1);
- bnBegin(&u2);
-
- if (bnInv(&w, s, q) < 0)
- goto failed;
-
- if (bnMul(&u1, hash, &w) < 0 || bnMod(&u1, &u1, q) < 0)
- goto failed;
- if (bnMul(&u2, r, &w) < 0 || bnMod(&u2, &u2, q) < 0)
- goto failed;
-
- /* Now for the expensive part... */
-
- if (bnDoubleExpMod(&w, g, &u1, y, &u2, p) < 0)
- goto failed;
- if (bnMod(&w, &w, q) < 0)
- goto failed;
- retval = (bnCmp(r, &w) == 0);
-failed:
- bnEnd(&u2);
- bnEnd(&u1);
- bnEnd(&w);
- return retval;
-}
-
-#define divide_by_n(sec, msec, n) \
- ( msec += 1000 * (sec % n), \
- sec /= n, msec /= n, \
- sec += msec / 1000, \
- msec %= 1000 )
-
-static int
-dsaTest(struct BigNum const *p, struct BigNum const *q, struct BigNum const *g,
- struct BigNum const *x, struct BigNum const *y)
-{
- struct BigNum hash, r, s, k;
- struct BigNum r1, s1;
- struct BnBasePrecomp pre;
- unsigned bits;
- unsigned i;
- int verified;
- int retval = -1;
- unsigned char foo[4], bar[4];
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long cursec, sigsec = 0, sig1sec = 0, versec = 0;
- unsigned curms, sigms = 0, sig1ms = 0, verms = 0;
- unsigned j, n, m = 0;
-#endif
-
- bnBegin(&hash);
- bnBegin(&r); bnBegin(&r1);
- bnBegin(&s); bnBegin(&s1);
- bnBegin(&k);
-
- bits = bnBits(q);
- strcpy((char *)foo, "foo");
- strcpy((char *)bar, "bar");
-
- /* Precompute powers of g */
- if (bnBasePrecompBegin(&pre, g, p, bits) < 0)
- goto failed;
-
- bndPrintf(" N\tSigning \tSigning1\tVerifying\tStatus\n");
- for (i = 0; i < 25; i++) {
- /* Pick a random hash, the right length. */
- (void)bnSetQ(&k, 0);
- if (genRandBn(&hash, bits, 0, 0, foo, 4) < 0)
- goto failed;
-
- /* Make the signature... */
-
- /*
- * XXX SECURITY ALERT XXX
- * XXX Replace with a real RNG! XXX
- * XXX SECURITY ALERT XXX
- */
- (void)bnSetQ(&k, 0);
- if (genRandBn(&k, bnBits(q)+8, 0, 0, bar, 4) < 0)
- goto failed;
- /* Reduce k to the correct range */
- if (bnMod(&k, &k, q) < 0)
- goto failed;
-#if CLOCK_AVAIL
- /* Decide on a number of iterations to perform... */
- m += n = i+1; /* This goes from 1 to 325 */
- bndPrintf("%3d", n);
- gettime(&start);
- for (j = 0; j < n; j++)
-#endif
- if (dsaSign(p, q, g, x, y, &hash, &k, &r, &s) < 0)
- goto failed;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- sigsec += cursec = sec(stop);
- sigms += curms = msec(stop);
- divide_by_n(cursec, curms, n);
- bndPrintf("\t%lu.%03u\t\t", cursec, curms);
-#else
- bndPrintf("\t*\t\t");
-#endif
- fflush(stdout);
-
-#if CLOCK_AVAIL
- gettime(&start);
- for (j = 0; j < n; j++)
-#endif
- if (dsaSignFast(p, q, &pre, x, y, &hash, &k, &r1, &s1) < 0)
- goto failed;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- sig1sec += cursec = sec(stop);
- sig1ms += curms = msec(stop);
- divide_by_n(cursec, curms, n);
- bndPrintf("%lu.%03u\t\t", cursec, curms);
-#else
- bndPrintf("*\t\t");
-#endif
- fflush(stdout);
- if (bnCmp(&r, &r1) != 0) {
- printf("\a** Error r != r1");
- bndPut("g = ", g);
- bndPut("k = ", &k);
- bndPut("r = ", &r);
- bndPut("r1= ", &r1);
- }
- if (bnCmp(&s, &s1) != 0) {
- printf("\a** Error r != r1");
- bndPut("g = ", g);
- bndPut("k = ", &k);
- bndPut("s = ", &s);
- bndPut("s1= ", &s1);
- }
-
- /* Okay, r and s are the signature! Now, verify it. */
-
-#if CLOCK_AVAIL
- gettime(&start);
- verified = 0; /* To silence warning */
- for (j = 0; j < n; j++) {
-#endif
- verified = dsaVerify(p, q, g, y, &r, &s, &hash);
- if (verified <= 0)
- break;
- }
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- versec += cursec = sec(stop);
- verms += curms = msec(stop);
- divide_by_n(cursec, curms, j);
- bndPrintf("%lu.%03u\t\t", cursec, curms);
-#else
- bndPrintf("*\t\t");
-#endif
- if (verified > 0) {
- printf("Test successful.\n");
- } else if (verified == 0) {
- printf("\aSignature did NOT check!.\n");
- bndPut("hash = ", &hash);
- bndPut("k = ", &k);
- bndPut("r = ", &r);
- bndPut("s = ", &s);
- getchar();
- } else {
- printf("\a** Error while verifying");
- bndPut("hash = ", &hash);
- bndPut("k = ", &k);
- bndPut("r = ", &r);
- bndPut("s = ", &s);
- getchar();
- goto failed;
- }
- }
-#if CLOCK_AVAIL
- divide_by_n(sigsec, sigms, m);
- divide_by_n(sig1sec, sig1ms, m);
- divide_by_n(versec, verms, m);
-
- bndPrintf("%3u\t%lu.%03u\t\t%lu.%03u\t\t%lu.%03u\t\tAVERAGE %u/%u\n",
- m, sigsec, sigms, sig1sec, sig1ms, versec, verms,
- bnBits(p), bnBits(q));
-#endif
- /* Success */
- retval = 0;
-
-failed:
- bnBasePrecompEnd(&pre);
- bnEnd(&k);
- bnEnd(&s1); bnEnd(&s);
- bnEnd(&r1); bnEnd(&r);
- bnEnd(&hash);
-
- return retval;
-}
-
-/* Copy the command line to the buffer. */
-static unsigned
-copy(unsigned char *buf, int argc, char **argv)
-{
- unsigned pos, len;
-
- pos = 0;
- while (--argc) {
- len = strlen(*++argv);
- memcpy(buf, *argv, len);
- buf += len;
- pos += len;
- if (argc > 1) {
- *buf++ = ' ';
- pos++;
- }
- }
- return pos;
-}
-
-int
-main(int argc, char **argv)
-{
- unsigned len;
- struct BigNum p, q, g, x, y;
- unsigned char buf[1024];
-
- if (argc < 2) {
- fprintf(stderr, "Usage: %s <seed>\n", argv[0]);
- fputs("\
-<seed> should be a a string of bytes to be hashed to seed the prime\n\
-generator. Note that unquoted whitespace between words will be counted\n\
-as a single space. To include multiple spaces, quote them.\n", stderr);
- return 1;
- }
-
- bnInit();
- bnBegin(&p);
- bnBegin(&q);
- bnBegin(&g);
- bnBegin(&x);
- bnBegin(&y);
-
- len = copy(buf, argc, argv);
- dsaGen(&p, 512, &q, 160, &g, &x, &y, buf, len, stdout);
- dsaTest(&p, &q, &g, &x, &y);
-
- len = copy(buf, argc, argv);
- dsaGen(&p, 768, &q, 160, &g, &x, &y, buf, len, stdout);
- dsaTest(&p, &q, &g, &x, &y);
-
- len = copy(buf, argc, argv);
- dsaGen(&p, 1024, &q, 160, &g, &x, &y, buf, len, stdout);
- dsaTest(&p, &q, &g, &x, &y);
-
- len = copy(buf, argc, argv);
- dsaGen(&p, 1536, &q, 192, &g, &x, &y, buf, len, stdout);
- dsaTest(&p, &q, &g, &x, &y);
-
- len = copy(buf, argc, argv);
- dsaGen(&p, 2048, &q, 224, &g, &x, &y, buf, len, stdout);
- dsaTest(&p, &q, &g, &x, &y);
-
- len = copy(buf, argc, argv);
- dsaGen(&p, 3072, &q, 256, &g, &x, &y, buf, len, stdout);
- dsaTest(&p, &q, &g, &x, &y);
-
- len = copy(buf, argc, argv);
- dsaGen(&p, 4096, &q, 288, &g, &x, &y, buf, len, stdout);
- dsaTest(&p, &q, &g, &x, &y);
-
- bnEnd(&y);
- bnEnd(&x);
- bnEnd(&g);
- bnEnd(&q);
- bnEnd(&p);
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * kb.h - interface for keyboard I/O
- */
-
-/* The implementation is in kbunix.c, kbmsdos.c, kbvms.c, etc. */
-
-void kbCbreak(void), kbNorm(void);
-int kbGet(void);
-void kbFlush(int thorough);
+++ /dev/null
-/*
- * Copyright (c) 1993 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * MS-DOS non-echoing keyboard routines.
- */
-
-#include <conio.h> /* For getch() and kbhit() */
-#include <signal.h> /* For raise() */
-#ifdef _MSC_VER
-#include <time.h> /* For clock() */
-#else
-#include <dos.h> /* For sleep() */
-#endif
-
-#include "kb.h"
-#include "random.h" /* For randEvent() */
-
-/* These are pretty boring */
-void kbCbreak(void) { }
-void kbNorm(void) { }
-
-int kbGet(void)
-{
- int c;
-
- c = getch();
- if (c == 0)
- c = 0x100 + getch();
-
- /*
- * Borland C's getch() uses int 0x21 function 0x7,
- * which does not detect break. So we do it explicitly.
- */
- if (c == 3)
- raise(SIGINT);
-
- randEvent(c);
-
- return c;
-}
-
-#ifdef _MSC_VER
-/*
- * Microsoft Visual C 1.5 (at least) does not have sleep() in the
- * library. So we use this crude approximation. ("crude" because,
- * assuming CLOCKS_PER_SEC is 18.2, it rounds to 18 to avoid floating
- * point math.)
- */
-#ifndef CLOCKS_PER_SEC
-#define CLOCKS_PER_SEC CLK_TCK
-#endif
-static unsigned
-sleep(unsigned t)
-{
- clock_t target;
-
- target = clock() + t * (unsigned)CLOCKS_PER_SEC;
- while (clock() < target)
- ;
- return 0;
-}
-#endif
-
-void kbFlush(int thorough)
-{
- do {
- while(kbhit())
- (void)getch();
- if (!thorough)
- break;
- /* Extra thorough: wait for one second of quiet */
- sleep(1);
- } while (kbhit());
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * kbunix.c - Unix keyboard input routines.
- */
-
-/*
- * Define NOTERMIO if you don't have the termios stuff
- */
-
-#include "first.h"
-#include <fcntl.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h> /* For exit() */
-#include <sys/types.h>
-
-/* How to get cbreak mode */
-
-#if defined(NOTERMIO)
-#include <sgtty.h> /* No termio: Use ioctl() TIOCGETP and TIOCSETP */
-#elif defined(SVR2)
-#include <termio.h> /* SVR2: Use ioctl() TCGETA and TCSETAF */
-#else /* Usual case */
-#include <termios.h> /* Posix: use tcgetattr/tcsetattr */
-#endif
-
-#ifdef sun /* including ioctl.h and termios.h gives a lot of warnings on sun */
-#include <sys/filio.h>
-#else
-#include <sys/ioctl.h> /* for FIONREAD */
-#endif /* sun */
-
-#ifndef FIONREAD
-#define FIONREAD TIOCINQ
-#endif
-
-#include "posix.h" /* For read(), sleep() */
-#include "kb.h"
-#if UNITTTEST
-#define randEvent(c) (void)c
-#else
-#include "random.h"
-#endif
-
-#include "kludge.h"
-
-/* The structure to hold the keyuboard's state */
-#if defined(NOTERMIO)
-static struct sgttyb kbState0, kbState1;
-#elif defined(SVR2)
-static struct termio kbState0, kbState1;
-#else
-static struct termios kbState0, kbState1;
-#endif
-
-#ifndef CBREAK
-#define CBREAK RAW
-#endif
-/* The basic task of getting the terminal into CBREAK mode. */
-static void
-kbInternalCbreak(int fd)
-{
-#ifdef NOTERMIO
-
- if (ioctl(fd, TIOCGETP, &kbState0) < 0) {
- fprintf (stderr, "\nUnable to get terminal characteristics: ");
- perror("ioctl");
- exit(1);
- }
- kbState1 = kbState0;
- kbState1.sg_flags |= CBREAK;
- kbState1.sg_flags &= ~ECHO;
- ioctl(fd, TIOCSETP, &kbState1);
-
-#else /* !NOTERMIO - the usual case */
-
-#ifdef SVR2
- if (ioctl(fd, TCGETA, &kbState0) < 0)
-#else
- if (tcgetattr(fd, &kbState0) < 0)
-#endif
- {
- fprintf (stderr, "\nUnable to get terminal characteristics: ");
- perror("ioctl");
- exit(1);
- }
- kbState1 = kbState0;
- kbState1.c_cc[VMIN] = 1;
- kbState1.c_cc[VTIME] = 0;
- kbState1.c_lflag &= ~(ECHO|ICANON);
-#ifdef SVR2
- ioctl(fd, TCSETAF, &kbState1);
-#else
- tcsetattr(fd, TCSAFLUSH, &kbState1);
-#endif /* not SVR2 */
-
-#endif /* !NOTERMIO */
-}
-
-/* Restore the terminal to normal operation */
-static void
-kbInternalNorm(int fd)
-{
-#if defined(NOTERMIO)
- ioctl(fd, TIOCSETP, &kbState0);
-#elif defined(SVR2)
- ioctl(fd, TCSETAF, &kbState0);
-#else /* Usual case */
- tcsetattr (fd, TCSAFLUSH, &kbState0);
-#endif
-}
-
-/* State variables */
-static volatile int kbCbreakFlag = 0;
-static int kbFd = -1;
-
-#ifdef SVR2
-static int (*savesig)(int);
-#else
-static void (*savesig)(int);
-#endif
-
-/* A wrapper around SIGINT and SIGCONT to restore the terminal modes. */
-static void
-kbSig1(int sig)
-{
- if (kbCbreakFlag)
- kbInternalNorm(kbFd);
- if (sig == SIGINT)
- signal(sig, savesig);
- else
- signal(sig, SIG_DFL);
- raise(sig); /* Re-send the signal */
-}
-
-static void
-kbAddSigs(void);
-
-/* Resume cbreak after SIGCONT */
-static void
-kbSig2(int sig)
-{
- (void)sig;
- if (kbCbreakFlag)
- kbInternalCbreak(kbFd);
- else
- kbAddSigs();
-}
-
-static void
-kbAddSigs(void)
-{
- savesig = signal (SIGINT, kbSig1);
-#ifdef SIGTSTP
- signal (SIGCONT, kbSig2);
- signal (SIGTSTP, kbSig1);
-#endif
-}
-
-static void
-kbRemoveSigs(void)
-{
- signal (SIGINT, savesig);
-#ifdef SIGTSTP
- signal (SIGCONT, SIG_DFL);
- signal (SIGTSTP, SIG_DFL);
-#endif
-}
-
-
-/* Now, at last, the externally callable functions */
-
-void
-kbCbreak(void)
-{
- if (kbFd < 0) {
- kbFd = open("/dev/tty", O_RDWR);
- if (kbFd < 0) {
- fputs("Can't open tty; using stdin\n", stderr);
- kbFd = STDIN_FILENO;
- }
- }
-
- kbAddSigs();
- kbCbreakFlag = 1;
- kbInternalCbreak(kbFd);
-}
-
-void
-kbNorm(void)
-{
- kbInternalNorm(kbFd);
- kbCbreakFlag = 0;
- kbRemoveSigs();
-}
-
-int
-kbGet(void)
-{
- int i;
- char c;
-
- i = read(kbFd, &c, 1);
- if (i < 1)
- return -1;
- randEvent(c);
- return c;
-}
-
-/*
- * Flush any pending input. If "thorough" is set, tries to be more
- * thorough about it. Ideally, wait for 1 second of quiet, but we
- * may do something more primitive.
- *
- * kbCbreak() has the side effect of flushing the inout queue, so this
- * is not too critical.
- */
-void
-kbFlush(int thorough)
-{
- if (thorough)
- sleep(1);
-#if defined(TCIFLUSH)
- tcflush(kbFd, TCIFLUSH);
-#elif defined(TIOCFLUSH)
-#ifndef FREAD
-#define FREAD 1 /* The usual value */
-#endif
- ioctl(kbFd, TIOCFLUSH, FREAD);
-#endif
-}
-
-#if UNITTEST /* Self-contained test driver */
-
-#include <ctype.h>
-
-int
-main(void)
-{
- int c;
-
- puts("Going to cbreak mode...");
- kbCbreak();
- puts("In cbreak mode. Please type.");
- for (;;) {
- c = kbGet();
- if (c == '\n' || c == '\r')
- break;
- printf("c = %d = '%c'\n", c, c);
- kbFlush(isupper(c));
- }
- puts("Returning to normal mode...");
- kbNorm();
- puts("Done.");
- return 0;
-}
-
-#endif /* UNITTEST */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * keygen.c - generate RSA key pairs using the bignum library.
- */
-#include "first.h"
-#include <assert.h>
-#include <stdio.h> /* For FILE type */
-#include <string.h> /* For memset */
-
-#include "bn.h"
-#include "prime.h"
-
-#include "keygen.h"
-#include "keys.h" /* Key structures */
-#include "random.h" /* Good random number generator */
-
-#if BNDEBUG
-#include "bnprint.h"
-#define bndPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-#define bndPrintf printf
-#else
-#define bndPut(prompt, bn) ((void)(prompt),(void)(bn))
-#define bndPrintf (void)
-#endif
-
-#include "kludge.h"
-
-
-/*
- * Generate a random bignum of a specified length, with the given
- * high and low 8 bits. "High" is merged into the high 8 bits of the
- * number. For example, set it to 0x80 to ensure that the number is
- * exactly "bits" bits long (i.e. 2^(bits-1) <= bn < 2^bits).
- * "Low" is merged into the low 8 bits. For example, set it to
- * 1 to ensure that you generate an odd number.
- */
-static int
-genRandBn(struct BigNum *bn, unsigned bits, byte high, byte low)
-{
- unsigned char buf[64];
- unsigned bytes;
- unsigned l;
- int err;
-
- bnSetQ(bn, 0);
-
- bytes = (bits+7) / 8;
- l = bytes < sizeof(buf) ? bytes : sizeof(buf);
- randBytes(buf, l);
-
- /* Mask off excess high bits */
- buf[0] &= 255 >> (-bits & 7);
- /* Merge in specified high bits */
- buf[0] |= high >> (-bits & 7);
- if (bits & 7)
- buf[1] |= high << (bits & 7);
-
- for (;;) {
- bytes -= l;
- if (!bytes) /* Last word - merge in low bits */
- buf[l-1] |= low;
- err = bnInsertBigBytes(bn, buf, bytes, l);
- if (!bytes || err < 0)
- break;
- l = bytes < sizeof(buf) ? bytes : sizeof(buf);
- randBytes(buf, l);
- }
-
- memset(buf, 0, sizeof(buf));
- return err;
-}
-
-
-/*
- * Generate a new RSA key, with the specified number of bits and
- * public exponent. The high two bits of each prime are always
- * set to make the number more difficult to factor by forcing the
- * number into the high end of the range.
- */
-
-struct Progress {
- FILE *f;
- unsigned column;
- unsigned wrap;
-};
-
-static int
-genProgress(void *arg, int c)
-{
- struct Progress *p = arg;
- if (++p->column > p->wrap) {
- putc('\n', p->f);
- p->column = 1;
- }
- putc(c, p->f);
- fflush(p->f);
- return 0;
-}
-
-int
-genRsaKey(struct PubKey *pub, struct SecKey *sec,
- unsigned bits, unsigned exp, FILE *file)
-{
- int modexps = 0;
- struct BigNum t; /* Temporary */
- int i;
- struct Progress progress;
-
- progress.f = file;
- progress.column = 0;
- progress.wrap = 78;
-
- if (bnSetQ(&pub->e, exp))
- return -1;
-
- /* Find p - choose a starting place */
- if (genRandBn(&sec->p, bits/2, 0xC0, 1) < 0)
- return -1;
- /* And search for a prime */
- i = primeGen(&sec->p, randRange, file ? genProgress : 0, &progress,
- exp, 0);
- if (i < 0)
- goto error;
- modexps = i;
- assert(bnModQ(&sec->p, exp) != 1);
-bndPut("p = ", &sec->p);
-
- do {
- /* Visual separator between the two progress indicators */
- if (file)
- genProgress(&progress, ' ');
-
- if (genRandBn(&sec->q, (bits+1)/2, 0xC0, 1) < 0)
- goto error;
- if (bnCopy(&pub->n, &sec->q) < 0)
- goto error;
- if (bnSub(&pub->n, &sec->p) < 0)
- goto error;
- /* Note that bnSub(a,b) returns abs(a-b) */
- } while (bnBits(&pub->n) < bits/2-5);
-
- if (file)
- fflush(file); /* Ensure the separators are visible */
-
- i = primeGen(&sec->q, randRange, file ? genProgress : 0, &progress,
- exp, 0);
- if (i < 0)
- goto error;
- modexps += i;
- assert(bnModQ(&sec->p, exp) != 1);
-bndPut("q = ", &sec->q);
-
- /* Wash the random number pool. */
- randFlush();
-
- /* Ensure that q is larger */
- if (bnCmp(&sec->p, &sec->q) > 0)
- bnSwap(&sec->p, &sec->q);
-bndPut("p = ", &sec->p);
-bndPut("q = ", &sec->q);
-
-
- /*
- * Now we dive into a large amount of fiddling to compute d,
- * the decryption exponent, from the encryption exponent.
- * We require that e*d == 1 (mod p-1) and e*d == 1 (mod q-1).
- * This can alomost be done via the Chinese Remainder Algorithm,
- * but it doesn't quite apply, because p-1 and q-1 are not
- * realitvely prime. Our task is to massage these into
- * two numbers a and b such that a*b = lcm(p-1,q-1) and
- * gcd(a,b) = 1. The technique is not well documented,
- * so I'll describe it here.
- * First, let d = gcd(p-1,q-1), then let a' = (p-1)/d and
- * b' = (q-1)/d. By the definition of the gcd, gcd(a',b') at
- * this point is 1, but a'*b' is a factor of d shy of the desired
- * value. We have to produce a = a' * d1 and b = b' * d2 such
- * d1*d2 = d and gcd(a,b) is 1. This will be the case iff
- * gcd(a,d2) = gcd(b,d1) = 1. Since GCD is associative and
- * (gcd(x,y,z) = gcd(x,gcd(y,z)) = gcd(gcd(x,y),z), etc.),
- * gcd(a',b') = 1 implies that gcd(a',b',d) = 1 which implies
- * that gcd(a',gcd(b',d)) = gcd(gcd(a',d),b') = 1. So you can
- * extract gcd(b',d) from d and make it part of d2, and the
- * same for d1. And iterate? A pessimal example is x = 2*6^k
- * and y = 3*6^k. gcd(x,y) = 6^k and we have to divvy it up
- * somehow so that all the factors of 2 go to x and all the
- * factors of 3 go to y, ending up with a = 2*2^k and b = 3*3^k.
- *
- * Aah, fuck it. It's simpler to do one big inverse for now.
- * Later I'll figure out how to get this to work properly.
- */
-
- /* Decrement q temporarily */
- (void)bnSubQ(&sec->q, 1);
- /* And u = p-1, to be divided by gcd(p-1,q-1) */
- if (bnCopy(&sec->u, &sec->p) < 0)
- goto error;
- (void)bnSubQ(&sec->u, 1);
-bndPut("p-1 = ", &sec->u);
-bndPut("q-1 = ", &sec->q);
- /* Use t to store gcd(p-1,q-1) */
- bnBegin(&t);
- if (bnGcd(&t, &sec->q, &sec->u) < 0) {
- bnEnd(&t);
- goto error;
- }
-bndPut("t = gcd(p-1,q-1) = ", &t);
-
- /* Let d = (p-1) / gcd(p-1,q-1) (n is scratch for the remainder) */
- i = bnDivMod(&sec->d, &pub->n, &sec->u, &t);
-bndPut("(p-1)/t = ", &sec->d);
-bndPut("(p-1)%t = ", &pub->n);
- bnEnd(&t);
- if (i < 0)
- goto error;
- assert(bnBits(&pub->n) == 0);
- /* Now we have q-1 and d = (p-1) / gcd(p-1,q-1) */
- /* Find the product, n = lcm(p-1,q-1) = c * d */
- if (bnMul(&pub->n, &sec->q, &sec->d) < 0)
- goto error;
-bndPut("(p-1)*(q-1)/t = ", &pub->n);
- /* Find the inverse of the exponent mod n */
- i = bnInv(&sec->d, &pub->e, &pub->n);
-bndPut("e = ", &pub->e);
-bndPut("d = ", &sec->d);
- if (i < 0)
- goto error;
- assert(!i); /* We should NOT get an error here */
- /*
- * Now we have the comparatively simple task of computing
- * u = p^-1 mod q.
- */
-#if BNDEBUG
- bnMul(&sec->u, &sec->d, &pub->e);
-bndPut("d * e = ", &sec->u);
- bnMod(&pub->n, &sec->u, &sec->q);
-bndPut("d * e = ", &sec->u);
-bndPut("q-1 = ", &sec->q);
-bndPut("d * e % (q-1)= ", &pub->n);
- bnNorm(&pub->n);
- bnSubQ(&sec->p, 1);
-bndPut("d * e = ", &sec->u);
- bnMod(&sec->u, &sec->u, &sec->p);
-bndPut("p-1 = ", &sec->p);
-bndPut("d * e % (p-1)= ", &sec->u);
- bnNorm(&sec->u);
- bnAddQ(&sec->p, 1);
-#endif
-
- /* But it *would* be nice to have q back first. */
- (void)bnAddQ(&sec->q, 1);
-
-bndPut("p = ", &sec->p);
-bndPut("q = ", &sec->q);
-
- /* Now compute u = p^-1 mod q */
- i = bnInv(&sec->u, &sec->p, &sec->q);
- if (i < 0)
- goto error;
-bndPut("u = p^-1 % q = ", &sec->u);
- assert(!i); /* p and q had better be relatively prime! */
-
-#if BNDEBUG
- bnMul(&pub->n, &sec->u, &sec->p);
-bndPut("u * p = ", &pub->n);
- bnMod(&pub->n, &pub->n, &sec->q);
-bndPut("u * p % q = ", &pub->n);
- bnNorm(&pub->n);
-#endif
- /* And finally, n = p * q */
- if (bnMul(&pub->n, &sec->p, &sec->q) < 0)
- goto error;
-bndPut("n = p * q = ", &pub->n);
- /* And that's it... success! */
- if (file)
- putc('\n', file); /* Signal done */
- return modexps;
-
-error:
- if (file)
- fputs("?\n", file); /* Signal error */
-
- return -1;
-}
-
-/*
- * Chinese Remainder Theorem refresher.
- * The theorem is actually that, "given x mod a, x mod b, x mod c, x mod d,
- * etc., the value of x mod lcm(a, b, c, d, ...) is uniquely determined",
- * But everyone seems to use the name "theorem" to refer to the algorithm
- * to put the number back together.
- *
- * Doing it for multiple numbers efficiently is a bit hairier, so I'll
- * just consider it for two moduli, a and b. We assume that the inputs
- * are in the canonical equivalence class (0 <= xa = x mod a < a, and
- * 0 <= xb = x mod b < b), and we want the output in the same form.
- *
- * First, divide one or the other by gcd(a,b) to reduce the problem to
- * one of relatively prime numbers. You'll have to reduce the corresponding
- * xa or xb modulo the new modulus.
- *
- * Then, note that if xa == x (mod a), then x = xa + a*k. The problem
- * lies in finding k so that xa + a*k == xb (mod b). Rearranging
- * gives a*k == xb - xa (mod b), and then multiplying both sides by
- * a^-1, the inverse of a mod b, gives k == a^-1 * (xb-xa) (mod b).
- * If k is reduced mod b, then xa + a*k <= (a-1) + a * (b-1) =
- * a + a*(b-1) - 1 = a*b - 1, which is exactly as it should be to
- * be reduced mod a*b. And if all the inputs are >= 0, the output
- * will be non-negative.
- *
- * For multiple numbers, you can get the number into a similar mixed-
- * radix form x = xa + a*(k1 + b*(k2 + c*(k3 +...))). All the math
- * to do this is modulo the small numbers (and thus faster); only the
- * final summing has to be performed at large sizes. For the greatest
- * efficiency, order the numbers so a > b > c >..., so as many computations
- * as possible are small.
- *
- * So the total procedure for two numbers is:
- * - Let a be the larger and b be the smaller of the numbers.
- * - Divide b by gcd(a,b) to make it even smaller.
- * - Find a^-1 mod b.
- * - Find (xb-xa) mod b.
- * - Multiply (xb-xa) by a^-1, modulo b.
- * - Multiply that by a, without any modular reduction
- * - Add xa.
- */
-
-#if 0
-/* A simple test driver */
-
-#include "bnprint.h"
-#include <time.h>
-int
-main(void)
-{
- struct BigNum p, q, d, u;
- int i;
- clock_t interval;
- static unsigned const sizetable[] = {
- 384, 512, 513, 514, 515, 768, 1024, 1536, 2048, 0
- };
- unsigned const *sizeptr = sizetable;
-
- bnInit();
- bnRandSeed(1);
- bnBegin(&p);
- bnBegin(&q);
- bnBegin(&d);
- bnBegin(&u);
-
- while (*sizeptr) {
- printf("Generating a %u-bit RSA key\n", *sizeptr);
-
- interval = clock();
- i = genRsaKey(&p, &q, &d, &u, *sizeptr, 17, stdout);
- interval = clock() - interval;
- printf("genRsaKey returned %d. %ld.%06ld s\n", i,
- interval / 1000000, interval % 1000000);
- fputs("p = ", stdout);
- bnPrint(stdout, &p);
- fputs("\nq = ", stdout);
- bnPrint(stdout, &q);
- fputs("\nd = ", stdout);
- bnPrint(stdout, &d);
- fputs("\nu = ", stdout);
- bnPrint(stdout, &u);
- putchar('\n');
-
- sizeptr++;
- }
-
- bnEnd(&p);
- bnEnd(&q);
- bnEnd(&d);
- bnEnd(&u);
-
- return 0;
-}
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#include <stdio.h>
-struct PubKey;
-struct SecKey;
-
-int
-genRsaKey(struct PubKey *pub, struct SecKey *sec,
- unsigned bits, unsigned exp, FILE *file);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * keys.c - allocate and free PubKey and SecKey structures.
- */
-
-#include "first.h"
-
-#include "bn.h"
-
-#include "keys.h"
-#include "usuals.h"
-
-void
-pubKeyBegin(struct PubKey *pub)
-{
- if (pub) {
- bnBegin(&pub->n);
- bnBegin(&pub->e);
- }
-}
-
-void
-pubKeyEnd(struct PubKey *pub)
-{
- if (pub) {
- bnEnd(&pub->n);
- bnEnd(&pub->e);
- wipe(pub);
- }
-}
-
-void
-secKeyBegin(struct SecKey *sec)
-{
- if (sec) {
- bnBegin(&sec->d);
- bnBegin(&sec->p);
- bnBegin(&sec->q);
- bnBegin(&sec->u);
- }
-}
-
-void
-secKeyEnd(struct SecKey *sec)
-{
- if (sec) {
- bnEnd(&sec->d);
- bnEnd(&sec->p);
- bnEnd(&sec->q);
- bnEnd(&sec->u);
- wipe(sec);
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef KEYS_H
-#define KEYS_H
-
-/*
- * Structures for keys.
- */
-
-#include "bn.h"
-
-/* A structure to hold a public key */
-struct PubKey {
- struct BigNum n; /* The public modulus */
- struct BigNum e; /* The public exponent */
-};
-
-/* A structure to hold a secret key */
-struct SecKey {
- struct BigNum d; /* Decryption exponent */
- struct BigNum p; /* The smaller factor of n */
- struct BigNum q; /* The larger factor of n */
- struct BigNum u; /* 1/p (mod q) */
-};
-
-void pubKeyBegin(struct PubKey *pub);
-void pubKeyEnd(struct PubKey *pub);
-
-void secKeyBegin(struct SecKey *sec);
-void secKeyEnd(struct SecKey *sec);
-
-#endif /* KEYS_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef KLUDGE_H
-#define KLUDGE_H
-
-/*
- * Kludges for not-quite-ANSI systems.
- * This should always be the last file included, because it may
- * mess up some system header files.
- */
-
-#if NO_MEMMOVE /* memove() not in libraries */
-#define memmove(dest,src,len) bcopy(src,dest,len)
-#endif
-
-#if NO_STRTOUL /* strtoul() not in libraries */
-#define strtoul strtol /* Close enough */
-#endif
-
-#if NO_RAISE /* raise() not in libraries */
-#include <sys/types.h> /* For getpid() - kill() is in <signal.h> */
-#define raise(sig) kill(getpid(),sig)
-#endif
-
-/*
- * Make Microsoft Visual C shut the hell up about a few things...
- * Warning 4116 complains about the alignof() macro, saying:
- * warning C4116: unnamed type definition in parentheses
- * I do not know of a reasonable way to recode to eliminate this warning.
- * Warning 4761 complains about passing an expression (which has
- * type int) to a function expecting something narrower - like
- * a ringmask, if ringmask is set to 8 bits. The error is:
- * warning C4761: integral size mismatch in argument : conversion supplied
- * I do not know of a reasonable way to recode to eliminate this warning.
- */
-#ifdef _MSC_VER
-#pragma warning(disable: 4116 4761)
-#endif
-
-/*
- * Borland C seems to think that it's a bad idea to decleare a
- * structure tag and not declare the contents. I happen to think
- * it's a *good* idea to use such "opaque" structures wherever
- * possible. So shut up.
- */
-#ifdef __BORLANDC__
-#pragma warn -stu
-#endif
-
-/* Cope with people forgetting to define the OS, if possible... */
-
-#if !defined(MSDOS) && defined(__MSDOS__)
-#define MSDOS 1
-#endif
-
-#if !defined(UNIX) && (defined(unix) || defined (__unix__))
-#define UNIX 1
-#endif
-
-
-#endif /* KLUDGE_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- */
-#include "first.h"
-#include <string.h> /* for memcpy() */
-
-#include "md5.h"
-
-#ifndef ASM_MD5
-/*
- * Shuffle the bytes into little-endian order within words, as per the
- * MD5 spec. Note: this code works regardless of the byte order.
- */
-void
-byteSwap(word32 *buf, unsigned words)
-{
- byte *p = (byte *)buf;
-
- do {
- *buf++ = (word32)((unsigned)p[3] << 8 | p[2]) << 16 |
- ((unsigned)p[1] << 8 | p[0]);
- p += 4;
- } while (--words);
-}
-#endif
-
-/*
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void
-MD5Init(struct MD5Context *ctx)
-{
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bytes[0] = 0;
- ctx->bytes[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void
-MD5Update(struct MD5Context *ctx, byte const *buf, size_t len)
-{
- word32 t;
-
- /* Update byte count */
-
- t = ctx->bytes[0];
- if ((ctx->bytes[0] = t + len) < t)
- ctx->bytes[1]++; /* Carry from low to high */
-
- t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */
- if ((unsigned)t > len) {
- memcpy((byte *)ctx->in + 64 - (unsigned)t, buf, len);
- return;
- }
- /* First chunk is an odd size */
- memcpy((byte *)ctx->in + 64 - (unsigned)t, buf, (unsigned)t);
- byteSwap(ctx->in, 16);
- MD5Transform(ctx->buf, ctx->in);
- buf += (unsigned)t;
- len -= (unsigned)t;
-
- /* Process data in 64-byte chunks */
- while (len >= 64) {
- memcpy(ctx->in, buf, 64);
- byteSwap(ctx->in, 16);
- MD5Transform(ctx->buf, ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
- memcpy(ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void
-MD5Final(byte digest[16], struct MD5Context *ctx)
-{
- int count = (int)(ctx->bytes[0] & 0x3f); /* Bytes in ctx->in */
- byte *p = (byte *)ctx->in + count; /* First unused byte */
-
- /* Set the first char of padding to 0x80. There is always room. */
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 56 bytes (-8..55) */
- count = 56 - 1 - count;
-
- if (count < 0) { /* Padding forces an extra block */
- memset(p, 0, count + 8);
- byteSwap(ctx->in, 16);
- MD5Transform(ctx->buf, ctx->in);
- p = (byte *)ctx->in;
- count = 56;
- }
- memset(p, 0, count);
- byteSwap(ctx->in, 14);
-
- /* Append length in bits and transform */
- ctx->in[14] = ctx->bytes[0] << 3;
- ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29;
- MD5Transform(ctx->buf, ctx->in);
-
- byteSwap(ctx->buf, 4);
- memcpy(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
-}
-
-#ifndef ASM_MD5
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f,w,x,y,z,in,s) \
- (w += f(x,y,z) + in, w = (w<<s | w>>(32-s)) + x)
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-void
-MD5Transform(word32 buf[4], word32 const in[16])
-{
- register word32 a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef MD5_H
-#define MD5_H
-
-#include <stddef.h>
-#include "usuals.h"
-
-struct MD5Context {
- word32 buf[4];
- word32 bytes[2];
- word32 in[16];
-};
-
-void MD5Init(struct MD5Context *context);
-void MD5Update(struct MD5Context *context, byte const *buf, size_t len);
-void MD5Final(unsigned char digest[16], struct MD5Context *context);
-void MD5Transform(word32 buf[4], word32 const in[16]);
-
-void byteSwap(word32 *buf, unsigned words);
-
-#endif /* !MD5_H */
+++ /dev/null
-/*
- * Copyright (c) 1993-1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Get environmental noise.
- */
-
-#include "first.h"
-#include <time.h> /* For time measurement code */
-
-#ifndef MSDOS
-#ifdef __MSDOS
-#define MSDOS 1
-#endif
-#endif
-#ifndef MSDOS
-#ifdef __MSDOS__
-#define MSDOS 1
-#endif
-#endif
-#ifndef UNIX
-#ifdef unix
-#define UNIX 1
-#endif
-#endif
-#ifndef UNIX
-#ifdef __unix
-#define UNIX 1
-#endif
-#endif
-#ifndef UNIX
-#ifdef __unix__
-#define UNIX 1
-#endif
-#endif
-
-#ifdef MSDOS
-
-#if __BORLANDC__
-#define far __far /* Borland C++ 3.1's <dos.h> kacks in ANSI mode. Ugh! */
-#endif
-
-#include <dos.h> /* for enable() and disable() */
-#include <conio.h> /* for inp() and outp() */
-
-/*
- * This code gets as much information as possible out of 8253/8254 timer 0,
- * which ticks every .84 microseconds. There are three cases:
- * 1) Original 8253. 15 bits available, as the low bit is unused.
- * 2) 8254, in mode 3. The 16th bit is available from the status register.
- * 3) 8254, in mode 2. All 16 bits of the counters are available.
- * (This is not documented anywhere, but I've seen it!)
- *
- * This code repeatedly tries to latch the status (ignored by an 8253) and
- * sees if it looks like xx1101x0. If not, it's definitely not an 8254.
- * Repeat this a few times to make sure it is an 8254.
- */
-static int
-has8254(void)
-{
- int i, s1, s2;
-
- for (i = 0; i < 5; i++) {
- _disable();
- outp(0x43, 0xe2); /* Latch status for timer 0 */
- s1 = inp(0x40); /* If 8253, read timer low byte */
- outp(0x43, 0xe2); /* Latch status for timer 0 */
- s2 = inp(0x40); /* If 8253, read timer high byte */
- _enable();
- if ((s1 & 0x3d) != 0x34 || (s2 & 0x3d) != 0x34)
- return 0; /* Ignoring status latch; 8253 */
- }
- return 1; /* Status reads as expected; 8254 */
-}
-
-/* TODO: It might be better to capture this data in a keyboard ISR */
-static unsigned
-read8254(void)
-{
- unsigned status, count;
-
- _disable();
- outp(0x43, 0xc2); /* Latch status and count for timer 0 */
- status = inp(0x40);
- count = inp(0x40);
- count |= inp(0x40) << 8;
- _enable();
- /* The timer is usually in mode 3, but some motherboards use mode 2. */
- if (status & 2)
- count = count>>1 | (status & 0x80)<<8;
-
- return count;
-}
-
-static unsigned
-read8253(void)
-{
- unsigned count;
-
- _disable();
- outp(0x43, 0x00); /* Latch count for timer 0 */
- count = (inp(0x40) & 0xff);
- count |= (inp(0x40) & 0xff) << 8;
- _enable();
-
- return count >> 1;
-}
-#endif /* MSDOS */
-
-#ifdef UNIX
-/*
- * This code uses five different timers, if available, in decreasing
- * priority order:
- * - gethrtime(), assumed unavailable unless USE_GETHRTIME=1
- * - clock_gettime(), auto-detected unless overridden with USE_CLOCK_GETTIME
- * - gettimeofday(), assumed available unless USE_GETTIMEOFDAY=0
- * - getitimer(), auto-detected unless overridden with USE_GETITIMER
- * - ftime(), assumed available unless USE_FTIME=0
- *
- * These are all accessed through the gettime(), timetype, and tickdiff()
- * macros. The MINTICK constant is something to avoid the gettimeofday()
- * glitch wherein it increments the return value even if no tick has occurred.
- * When measuring the tick interval, if the difference between two successive
- * times is not at least MINTICK ticks, it is ignored.
- */
-
-#include <sys/types.h>
-#include <sys/times.h> /* for times() */
-#include <stdlib.h> /* For qsort() */
-
-#if !USE_GETHRTIME
-#ifndef USE_CLOCK_GETTIME /* Detect using CLOCK_REALTIME from <time.h> */
-#ifdef CLOCK_REALTIMExxx /* Stupid libc... */
-#define USE_CLOCK_GETTIME 1
-#else
-#define USE_CLOCK_GETTIME 0
-#endif
-#endif
-
-#if !USE_CLOCK_GETTIME
-#include <sys/time.h> /* For gettimeofday(), getitimer(), or ftime() */
-
-#ifndef USE_GETTIMEOFDAY
-#define USE_GETTIMEOFDAY 1 /* No way to tell, so assume it's there */
-#endif
-
-#if !USE_GETTIMEOFDAY
-#ifndef USE_GETITIMER /* Detect using ITIMER_REAL from <sys/time.h> */
-#define USE_GETITIMER defined(ITIMER_REAL)
-#endif
-
-#if !USE_GETITIMER
-#ifndef USE_FTIME
-#define USE_FTIME 1
-#endif
-
-#endif /* !USE_GETITIMER */
-#endif /* !USE_GETTIMEOFDAY */
-#endif /* !USE_CLOCK_GETTIME */
-#endif /* !USE_GETHRTIME */
-
-#if USE_GETHRTIME
-
-#define CHOICE_GETHRTIME 1
-#include <sys/time.h>
-typedef hrtime_t timetype;
-#define gettime(s) (*(s) = gethrtime())
-#define tickdiff(s,t) ((s)-(t))
-#define MINTICK 0
-
-#elif USE_CLOCK_GETTIME
-
-#define CHOICE_CLOCK_GETTIME 1
-typedef struct timespec timetype;
-#define gettime(s) (void)clock_gettime(CLOCK_REALTIME, s)
-#define tickdiff(s,t) (((s).tv_sec-(t).tv_sec)*1000000000 + \
- (s).tv_nsec - (t).tv_nsec)
-
-#elif USE_GETTIMEOFDAY
-
-#define CHOICE_GETTIMEOFDAY 1
-typedef struct timeval timetype;
-#define gettime(s) (void)gettimeofday(s, (struct timezone *)0)
-#define tickdiff(s,t) (((s).tv_sec-(t).tv_sec)*1000000+(s).tv_usec-(t).tv_usec)
-#define MINTICK 1
-
-#elif USE_GETITIMER
-
-#define CHOICE_GETITIMER 1
-#include <signal.h> /* For signal(), SIGALRM, SIG_IGN */
-typedef struct itimerval timetype;
-#define gettime(s) (void)getitimer(ITIMER_REAL, s)
-#define tickdiff(s,t) (((t).it_value.tv_sec-(s).it_value.tv_sec)*1000000 + \
- (t).it_value.tv_usec - (s).it_value.tv_usec)
-#define MINTICK 1
-
-#elif USE_FTIME /* Use ftime() */
-
-#define CHOICE_FTIME 1
-#include <sys/timeb.h>
-typedef struct timeb timetype;
-#define gettime(s) (void)ftime(s)
-#define tickdiff(s,t) (((s).time-(t).time)*1000 + (s).millitm - (t).millitm)
-#define MINTICK 0
-
-#else
-
-#error No clock available - please define one.
-
-#endif /* End of complex choice of clock conditional */
-
-#if CHOICE_CLOCK_GETTIME
-
-static unsigned
-noiseTickSize(void)
-{
- struct timespec res;
-
- clock_getres(CLOCK_REALTIME, &res);
- return res.tv_nsec;
-}
-
-#else /* Normal clock resolution estimation */
-
-#if NOISEDEBUG
-#include <stdio.h>
-#endif
-
-#define N 15 /* Number of deltas to try (at least 5, preferably odd) */
-
-/* Function needed for qsort() */
-static int
-noiseCompare(void const *p1, void const *p2)
-{
- return *(unsigned const *)p1 > *(unsigned const *)p2 ? 1 :
- *(unsigned const *)p1 < *(unsigned const *)p2 ? -1 : 0;
-}
-
-/*
- * Find the resolution of the high-resolution clock by sampling successive
- * values until a tick boundary, at which point the delta is entered into
- * a table. An average near the median of the table is taken and returned
- * as the system tick size to eliminate outliers due to descheduling (high)
- * or tv0 not being the "zero" time in a given tick (low).
- *
- * Some trickery is needed to defeat the habit systems have of always
- * incrementing the microseconds field from gettimeofday() results so that
- * no two calls return the same value. Thus, a "tick boundary" is assumed
- * when successive calls return a difference of more than MINTICK ticks.
- * (For gettimeofday(), this is set to 2 us.) This catches cases where at
- * most one other task reads the clock between successive reads by this task.
- * More tasks in between are rare enough that they'll get cut off by the
- * median filter.
- *
- * When a tick boundary is found, the *first* time read during the previous
- * tick (tv0) is subtracted from the new time to get microseconds per tick.
- *
- * Suns have a 1 us timer, and as of SunOS 4.1, they return that timer, but
- * there is ~50 us of system-call overhead to get it, so this overestimates
- * the tick size considerably. On SunOS 5.x/Solaris, the overhead has been
- * cut to about 2.5 us, so the measured time alternates between 2 and 3 us.
- * Some better algorithms will be required for future machines that really
- * do achieve 1 us granularity.
- *
- * Current best idea: discard all this hair and use Ueli Maurer's entropy
- * estimation scheme. Assign each input event (delta) a sequence number.
- * 16 bits should be more than adequate. Make a table of the last time
- * (by sequence number) each possibe input event occurred. For practical
- * implementation, hash the event to a fixed-size code and consider two
- * events identical if they have the same hash code. This will only ever
- * underestimate entropy. Then use the number of bits in the difference
- * between the current sequence number and the previous one as the entropy
- * estimate.
- *
- * If it's desirable to use longer contexts, Maurer's original technique
- * just groups events into non-overlapping pairs and uses the technique on
- * the pairs. If you want to increment the entropy numbers on each keystroke
- * for user-interface niceness, you can do the operation each time, but you
- * have to halve the sequence number difference before starting, and then you
- * have to halve the number of bits of entropy computed because you're adding
- * them twice.
- *
- * You can put the even and odd events into separate tables to close Maurer's
- * model exactly, or you can just dump them into the same table, which will
- * be more conservative.
- */
-static unsigned
-noiseTickSize(void)
-{
- unsigned i = 0, j = 0, diff, d[N];
- timetype tv0, tv1, tv2;
-
- gettime(&tv0);
- tv1 = tv0;
- do {
- gettime(&tv2);
- diff = (unsigned)tickdiff(tv2, tv1);
- if (diff > MINTICK) {
- d[i++] = diff;
- tv0 = tv2;
- j = 0;
- } else if (++j >= 4096) /* Always getting <= MINTICK units */
- return MINTICK + !MINTICK;
- tv1 = tv2;
- } while (i < N);
-
- /* Return average of middle 5 values (rounding up) */
- qsort(d, N, sizeof(d[0]), noiseCompare);
- diff = (d[N/2-2]+d[N/2-1]+d[N/2]+d[N/2+1]+d[N/2+2]+4)/5;
-#if NOISEDEBUG
- fprintf(stderr, "Tick size is %u\n", diff);
-#endif
- return diff;
-}
-
-#endif /* Clock resolution measurement condition */
-
-#endif /* UNIX */
-
-#include "usuals.h"
-#include "randpool.h"
-#include "noise.h"
-
-/*
- * Add as much environmentally-derived random noise as possible
- * to the randPool. Typically, this involves reading the most
- * accurate system clocks available.
- *
- * Returns the number of ticks that have passed since the last call,
- * for entropy estimation purposes.
- */
-word32
-noise(void)
-{
- word32 delta;
-
-#if defined(MSDOS)
- static unsigned deltamask = 0;
- static unsigned prevt;
- unsigned t;
- time_t tnow;
- clock_t cnow;
-
- if (deltamask == 0)
- deltamask = has8254() ? 0xffff : 0x7fff;
- t = (deltamask & 0x8000) ? read8254() : read8253();
- randPoolAddBytes((byte const *)&t, sizeof(t));
- delta = deltamask & (t - prevt);
- prevt = t;
-
- /* Add more-significant time components. */
- cnow = clock();
- randPoolAddBytes((byte *)&cnow, sizeof(cnow));
- tnow = time((time_t *)0);
- randPoolAddBytes((byte *)&tnow, sizeof(tnow));
-/* END OF DOS */
-#elif defined(VMS)
- word32 t[2]; /* little-endian 64-bit timer */
- word32 d1; /* MSW of difference */
- static word32 prevt[2];
-
- SYS$GETTIM(t); /* VMS hardware clock increments by 100000 per tick */
- randPoolAddBytes((byte const *)t, sizeof(t));
- /* Get difference in d1 and delta, and old time in prevt */
- d1 = t[1] - prevt[1] + (t[0] < prevt[0]);
- prevt[1] = t[1];
- delta = t[0] - prevt[0];
- prevt[0] = t[0];
-
- /* Now, divide the 64-bit value by 100000 = 2^5 * 5^5 = 32 * 3125 */
- /* Divide value, MSW in d1 and LSW in delta, by 32 */
- delta >>= 5;
- delta |= d1 << (32-5);
- d1 >>= 5;
- /*
- * Divide by 3125. This fits into 16 bits, so the following
- * code is possible. 2^32 = 3125 * 1374389 + 1671.
- *
- * This code has confused people reading it, so here's a detailed
- * explanation. First, since we only want a 32-bit result,
- * reduce the input mod 3125 * 2^32 before starting. This
- * amounts to reducing the most significant word mod 3125 and
- * leaving the least-significant word alone.
- *
- * Then, using / for mathematical (real, not integer) division, we
- * want to compute floor(d1 * 2^32 + d0) / 3125), which I'll denote
- * using the old [ ] syntax for floor, so it's
- * [ (d1 * 2^32 + d0) / 3125 ]
- * = [ (d1 * (3125 * 1374389 + 1671) + d0) / 3125 ]
- * = [ d1 * 1374389 + (d1 * 1671 + d0) / 3125 ]
- * = d1 * 137438 + [ (d1 * 1671 + d0) / 3125 ]
- * = d1 * 137438 + [ d0 / 3125 ] + [ (d1 * 1671 + d0 % 3125) / 3125 ]
- *
- * The C / operator, applied to integers, performs [ a / b ], so
- * this can be implemented in C, and since d1 < 3125 (by the first
- * modulo operation), d1 * 1671 + d0 % 3125 < 3125 * 1672, which
- * is 5225000, less than 2^32, so it all fits into 32 bits.
- */
- d1 %= 3125; /* Ignore overflow past 32 bits */
- delta = delta/3125 + d1*1374389 + (delta%3125 + d1*1671) / 3125;
-/* END OF VMS */
-#elif defined(UNIX)
- timetype t;
- static unsigned ticksize = 0;
- static timetype prevt;
-
- gettime(&t);
-#if CHOICE_GETITIMER
- /* If itimer isn't started, start it */
- if (t.it_value.tv_sec == 0 && t.it_value.tv_usec == 0) {
- /*
- * start the timer - assume that PGP won't be running for
- * more than 11 days, 13 hours, 46 minutes and 40 seconds.
- */
- t.it_value.tv_sec = 1000000;
- t.it_interval.tv_sec = 1000000;
- t.it_interval.tv_usec = 0;
- signal(SIGALRM, SIG_IGN); /* just in case.. */
- setitimer(ITIMER_REAL, &t, NULL);
- t.it_value.tv_sec = 0;
- }
- randPoolAddBytes((byte const *)&t.it_value, sizeof(t.it_value));
-#else
- randPoolAddBytes((byte const *)&t, sizeof(t));
-#endif
-
- if (!ticksize)
- ticksize = noiseTickSize();
- delta = (word32)(tickdiff(t, prevt) / ticksize);
- prevt = t;
-/* END OF UNIX */
-#else
-#error Unknown OS - define UNIX or MSDOS or add code for high-resolution timers
-#endif
-
- return delta;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Noise.h - get environmental noise for RNG
- *
- * The interface is system-independent, but the
- * implementation should be highly system-dependent,
- * to get at as much state as possible.
- */
-
-#include "usuals.h"
-
-word32 noise(void);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * This file includes <unistd.h>, if it's available, and
- * declares a bunch of functions with "traditional" values if not.
- * The GNU Libc Manual (node "Version Supported") says this is impossible;
- * I wonder what they think of this.
- */
-
-#include <limits.h>
-
-/*
- * See if this is a POSIX <limits.h>. A POSIX system *may* define
- * a macro for ARG_MAX, but it may instead defined _SC_ARG_MAX
- * in <unistd.h> and require you yo use sysconf() to get the value.
- * However, a POSIX system is supposed to defined _POSIX_ARG_MAX
- * in <limits.h> with the value of 4096, the POSIX-mandated lower
- * bound on ARG_MAX or sysconf(_SC_ARG_MAX).
- * A POSIX system is supposed to define most of these, so checking for
- * them *all* is overkill, but it's easy enough...
- */
-#ifndef HAVE_UNISTD_H
-#ifdef __POSIX__ /* Defined by GCC on POSIX systems */
-#define HAVE_UNISTD_H 1
-#elif defined(_POSIX_ARG_MAX) || defined(_POSIX_CHILD_MAX)
-#define HAVE_UNISTD_H 1
-#elif defined(_POSIX_LINK_MAX) || defined(_POSIX_MAX_CANON)
-#define HAVE_UNISTD_H 1
-#elif defined(_POSIX_MAX_INPUT) || defined(_POSIX_NAME_MAX)
-#define HAVE_UNISTD_H 1
-#elif defined(_POSIX_NGROUPS_MAX) || defined(_POSIX_OPEN_MAX)
-#define HAVE_UNISTD_H 1
-#elif defined(_POSIX_PATH_MAX) || defined(_POSIX_PIPE_BUF)
-#define HAVE_UNISTD_H 1
-#elif defined(_POSIX_RE_DUP_MAX) || defined(_POSIX_SSIZE_MAX)
-#define HAVE_UNISTD_H 1
-#elif defined(_POSIX_STREAM_MAX) || defined (_POSIX_TZNAME_MAX)
-#define HAVE_UNISTD_H 1
-#endif
-#endif
-
-#if HAVE_UNISTD_H
-#include <unistd.h>
-#elif defined(MSDOS)
-#include <io.h> /* Where MSDOS keeps such things */
-#else
-/* Not POSIX - declare the portions of <unistd.h> we need manually. */
-int ioctl(int fd, int request, void *arg);
-int isatty(int fd);
-int read(int fd, void *buf, int nbytes);
-unsigned sleep(unsigned seconds);
-#endif
+++ /dev/null
- The choice of Diffie-Hellman parameters
-
-* Background
-
-Diffie-Hellman key exchange uses two parameters, a prime p and a
-generator g, which are used to derive the public parameters
-y1 = g^x1 (mod p) and y2 = g^x2 (mod p), and then the shared secret
-z = y1^x2 = (g^x1)^x2 = g^(x1*x2) = (g^x2)^x1 = y2^x1 (mod p).
-
-For the computation to be secure, several conditions must be true.
-The exponent must be big enough, for there is a square-root search
-algorithm to find the exponent. (E.g. a 16-bit exponent can be found
-in about 2^8 = 256 steps.) And then the modulus must be chosen so
-as to make the general discrete log problem difficult.
-
-The general discrete log problem can be solved for each prime-power
-factor of p-1 independently, so if all of the factors of p-1 are small,
-this is easy to do. Since p-1 is even, it must have a factor of 2, but
-the remaining portion q = (p-1)/2 can be chosen to be prime, making the
-problem as difficult as possible. Finding such numbers is computationally
-expensive, but as they are parameters which are only computed once, this
-is a reasonable up-front cost.
-
-* Number theory
-
-A second advantage of prime moduli of this form is that all generators
-g are good. This is because the generator must have a large order in
-the group Z*_p. But that group is of size p-1 = 2*q, and the order of
-any element of a group must divide the size of the group. The only
-divisors this has are 1, 2, q and 2*q. The only element of order 1 is
-1, and the only element of order 2 is -1. All other elements, from 2
-through -2, have orders of either p-1 or (p-1)/2, which are both large.
-
-If the generator g has order p-1, it is a generator of the group Z*_p,
-and this is generally how one is advised to generate Diffie-Hellman
-parameters. This explains the similarity in names. However, if g is
-of order p-1, then it must be a quadratic non-residue modulo p. That
-is, it must not be a square of another number. If it were a square,
-then since the size of the group is even, no power of it would ever
-equal its square root, so it could not be a generator.
-
-If g is indeed of order p-1, then even powers of g are quadratic
-residues (squares, modulo p), and odd powers are quadratic non-residues
-(non-squares). Given a number y and a prime p, the Legendre symbol
-(y/p) is straightforward to compute, and this tells you if y is a
-quadratic residue. If it is, and y = g^x, then x must be even. If not,
-then x would have to be odd. In this way, for a generator which is a
-quadratic non-residue, the low-order bit of the exponent x is easily
-computed.
-
-If g is a quadratic residue, then the useful values of exponents x is
-more limited, since only the value of the exponent x modulo q = (p-1)/2
-has any effect on the output y = g^x (mod p), but generally exponents x
-are much less than p in any case, so this limitation on range is not an
-issue.
-
-Essentially, in either case, only the value of x modulo q is secret,
-but if g is a quadratic non-residue, the low-order bit of x is
-available to an attacker, while if it is a quadratic residue, the
-high-order bit is known to be 0.
-
-Thus, it does not really matter whether g is a quadratic residue or
-not, but if it is not, the exponent x should be chosen one bit larger.
-This adds a trivial amount of work to the computation of y, and for
-that reason it may be preferable to choose g to be a quadratic
-residue. This is not currently done, however.
-
-* Choice of generator g
-
-Because any g will do, and the choice of g does not affect the difficulty
-of performing the discrete log computation, choosing it for convenience
-of computation is best, and g = 2 is simplest to compute with.
-
-If in fact it is desirable to choose a generator which is a quadratic
-residue, then g = 2 can still be used if the prime p is suitably
-chosen. If p = +/-1 (mod 8), then 2 is a quadratic residue. If
-p = +/-3 (mod 8), then 2 is a non-residue.
-
-* Choice of prime-generation technique
-
-There may be additional primes of special form for which the discrete
-logarithm problem is particularly easy. The authors are not aware of
-any, but theoretical advances are possible and it would be nice to
-assure users of the system that the prime was not chosen to have any
-hidden special properties: only the published criteria were used.
-David Kravitz of the NSA has suggested a technique for generating
-"kosherized" primes for DSS which has been adapted to generate
-Diffie-Hellman primes.
-
-The technique uses a string of bytes as a seed to a cryptographically
-strong one-way hash function. This generator produces the initial
-value for a search for a suitable prime.
-
-David Kravitz' technique generates random numbers from successive seeds
-until one is found to be a suitable prime. This is unbearably slow for
-primes of the special form being sought, but it can be sped up, at a
-negligible cost in uniformity of the chosen primes by generating only a
-starting position for a linear search for a suitable prime. Such a
-search can be carried out particularly efficiently.
-
-* Details of the technique
-
-The generator is based on SHA.1, the FIPS 180.1 secure hash algorithm.
-This takes the given seed as input and produces a 160-bit output
-sequence in 20 bytes. These bytes are taken as a big-endian number to
-produce a number n0 from 0 to 2^160-1.
-(I.e. n0 = 2^152 * byte0 + 2^144 * byte1 + ... + 2^8 * byte19 + byte20.)
-
-Then, the seed is incremented, as a big-endian array of bytes, modulo its
-size (i.e. the last byte is incremented, propagating carry if necessary),
-and hashed again to produce n1, then n2, etc.
-
-A number of arbitrary size may be constructed by concatenating
-N = n0 + 2^160 * n1 + 2^320 * n2 + .... To get a number no larger
-than 2^k, take the low-order k bits of N, N mod 2^k. Obviously,
-if k is 1024, it is only necessary to compute n0 through n6.
-
-To generate a k-bit prime p (2^k > p >= 2^(k-1)), take t = N mod 2^(k-2),
-i.e. a number with at most k-2 significant bits. Then add 2^(k-1),
-to force the number into the desired range, and 2^(k-2), to force it
-into the high half of the range. This extra refinement makes an attack
-more expensive, without affecting the time required to do computations
-mod p. Additional high-order 1 bits could be forced, but the incremental
-benefit rapidly diminishes.
-
-The resultant number t is used as the starting point in a search for a
-suitable prime p. p is chosen to be the first number >= t such that p
-is prime and (p-1)/2 is prime.
-
-* Choice of seed
-
-Because SHA.1 is a cryptographic hash, it is computationally infeasible
-to find an input which has a given output. Indeed, there is no known
-technique better than brute-force search to find an input which
-produces an output with any special properties. Assuming that there is
-an unknown class of primes which are easy to solve the discrete
-logarithm problem for, this ensures that the chance of choosing a prime
-p which is a member of that class is no better than random chance,
-regardless of malice on the part of the designer.
-
-The seed chosen is arbitrary, so was chosen for aesthetic reasons.
-It is the 79 bytes of the ASCII representation of a quote by Mahatma
-Gandhi:
-
-Whatever you do will be insignificant, but it is very important that you do it.
-
-* Implementation details
-
-Obviously, a program was written to find a prime according to these
-rules. To aid anyone who wishes to repeat the search to confirm that
-the published primes were indeed generated in this way, here is a
-description of how it was done. The primes if the desired form have a
-density of about (ln p)^-2. E.g. for 1024-bit p, about one out of
-every 503791 numbers meets these criteria, so a considerable amount of
-searching is required. The following techniques can make the
-computation tolerable.
-
-First, note that q must be odd and not congruent to 0, modulo 3. Thus,
-q must be congruent to +/-1, modulo 6. Thus p = 2*q+1 must be
-congruent to 2*1+1 = 3 or 2*-1+1 = -1 modulo 12. But p congruent to 3
-mod 12 would be divisible by 3, and not prime, so p must be congruent
-to 11 mod 12.
-
-Thus, the initial search point t can first be increased until it is
-congruent to 11 modulo 12. Searching from this point forward, only
-every 12th number, t+12*i, needs to be considered.
-
-If it is desired to choose p so that 2 is a quadratic residue (meaning
-that p is congruent to +/-1 modulo 8), then this additional constraint
-can be met with no additional difficulty by beginning at the next
-number which is congruent to 23 mod 24 and searching in steps of 24.
-But in the following discussion, a step size of 12 is assumed.
-
-Then, a sieve is built for trial division by a number of small primes
-for a range of following i values. For large primes, a large search
-space is required, so a large sieve is desirable. The value used was
-65536 bits (8K bytes). It may be necessary to rebuild the sieve
-beginning at t+12*65536 if no suitable prime is found before then, but
-this sieve is large enough that the refilling is infrequent and the
-overhead is negligible.
-
-Initially, every position in the sieve is marked as a potential prime.
-Then, for the small primes s from 5 through 65521, position i in the
-sieve is marked as unsuitable if t+12*i is divisble by s, i.e.
-definitely not prime. To do this cheaply, consider that t+12*i = 0
-(mod s) if i = -12^-1 * t (mod s). So finding t mod s, then 12^-1 (mod
-s) and multiplying (mod s) will produce the first i value which is
-known to be divisible by s, and then every s positions thereafter in
-the sieve will be divisible. This does the equivalent of a great deal
-of trial division with minimal effort.
-
-Positions in the sieve are also marked as as unsuitable if (t-1)/2+6*i
-= 0 (mod s), because these positions will have (p-1)/2 divisible by s
-and thus non-prime. This works similarly, and (t-1)/2 mod s can be
-derived from t mod s without actually doing another full division.
-
-This sieve filters out all but 1/591 of the possible values of i as
-obviously composite, leaving an expected 852 numbers to be checked by
-stronger means before a suitable prime p is found.
-
-After these two sieving operations have removed all numbers from
-consideration where p or q = (p-1)/2 have small divisors, the remaining
-candidates are subjected to a fast optimized Fermat test, to the base 2,
-once for p and once for q. This eliminates, for practical purposes,
-all composite numbers.
-
-Special composite numbers can be chosen which pass this test and yet
-are not primes - they are called pseudoprimes - but they are so rare in
-the ranges considered that the chances of finding one without
-deliberate search are utterly negligible. And the stating value for
-the search was carefully chosen to have no hidden special properties.
-
-If p and q are found to be prime by this test, some extra confirmation
-pseudoprimality tests are performed just to make sure of the conclusion
-and p is returned as the result.
+++ /dev/null
-/*
- * Copyright (c) 1994, 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * primetest.c - Test driver for prime generation.
- */
-
-#include "first.h"
-#include <stdio.h>
-#include <stdlib.h> /* For strtoul() */
-
-#include "bn.h"
-#include "bnprint.h"
-#include "cputime.h"
-#include "prime.h"
-#include "random.h" /* Good random number generator */
-#include "noise.h"
-
-#include "kludge.h"
-
-#define bnPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-
-/*
- * Generate a random bignum of a specified length, with the given
- * high and low 8 bits. "High" is merged into the high 8 bits of the
- * number. For example, set it to 0x80 to ensure that the number is
- * exactly "bits" bits long (i.e. 2^(bits-1) <= bn < 2^bits).
- * "Low" is merged into the low 8 bits. For example, set it to
- * 1 to ensure that you generate an odd number.
- */
-static int
-genRandBn(struct BigNum *bn, unsigned bits, byte high, byte low)
-{
- unsigned char buf[64];
- unsigned bytes;
- unsigned l;
- int err;
-
- bnSetQ(bn, 0);
-
- bytes = (bits+7) / 8;
- l = bytes < sizeof(buf) ? bytes : sizeof(buf);
- randBytes(buf, l);
-
- /* Mask off excess high bits */
- buf[0] &= 255 >> (-bits & 7);
- /* Merge in specified high bits */
- buf[0] |= high >> (-bits & 7);
- if (bits & 7)
- buf[1] |= high << (bits & 7);
-
- for (;;) {
- bytes -= l;
- if (!bytes) /* Last word - merge in low bits */
- buf[l-1] |= low;
- err = bnInsertBigBytes(bn, buf, bytes, l);
- if (!bytes || err < 0)
- break;
- l = bytes < sizeof(buf) ? bytes : sizeof(buf);
- randBytes(buf, l);
- }
-
- memset(buf, 0, sizeof(buf));
- return err;
-}
-
-
-/*
- * Generate a new RSA key, with the specified number of bits and
- * public exponent. The high two bits of each prime are always
- * set to make the number more difficult to factor by forcing the
- * number into the high end of the range.
- */
-
-struct Progress {
- FILE *f;
- unsigned column;
- unsigned wrap;
-};
-
-static int
-primeProgress(void *arg, int c)
-{
- struct Progress *p = arg;
- if (++p->column > p->wrap) {
- putc('\n', p->f);
- p->column = 1;
- }
- putc(c, p->f);
- fflush(p->f);
- return 0;
-}
-
-static int
-primeTest(unsigned bits)
-{
- int modexps = 0;
- struct BigNum bn; /* Temporary */
- int i, j;
- struct Progress progress;
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long curs, tots = 0;
- unsigned curms, totms = 0;
-#endif
- progress.f = stdout;
- progress.wrap = 78;
-
- bnBegin(&bn);
-
- /* Find p - choose a starting place */
- i = genRandBn(&bn, bits, 0x80, 1);
- if (i < 0)
- goto error;
-
- /* And search for primes */
- for (j = 0; j < 40; j++) {
- progress.column = 0;
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = primeGen(&bn, 0, primeProgress, &progress, 0);
- if (i < 0)
- goto error;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- tots += curs = sec(stop);
- totms += curms = msec(stop);
-#endif
- modexps += i;
- putchar('\n'); /* Signal done */
- printf("%d modular exponentiations performed", i);
-#if CLOCK_AVAIL
- printf(" in %lu.%03u s", curs, curms);
-#endif
- putchar('\n');
- bnPut("n = ", &bn);
- if (bnAddQ(&bn, 2) < 0)
- goto error;
- }
-
- bnEnd(&bn);
- printf("Total %d modular exponentiations performed", modexps);
-#if CLOCK_AVAIL
- tots += totms/1000;
- totms %= 1000;
- printf(" in %lu.%03u s\n", tots, totms);
- totms += 1000 * (tots % j);
- tots /= j;
- totms /= j;
- tots += totms / 1000;
- totms %= 1000;
- printf("Average time: %lu.%03u s", tots, totms);
-#endif
- putchar('\n');
-
- /* And that's it... success! */
- return 0;
-error:
- puts("\nError!");
- bnEnd(&bn);
- return -1;
-}
-
-
-int
-main(int argc, char **argv)
-{
- unsigned long t;
- char *p;
-
- if (argc < 2) {
- fprintf(stderr, "Usage: %s <bits>...\n", argv[0]);
- fputs("\
-This generates a random RSA key pair and prints its value. <bits>\n\
-is the size of the modulus to use.\n", stderr);
- return 1;
- }
-
- noise();
- bnInit();
-
- while (--argc) {
- t = strtoul(*++argv, &p, 0);
- if (t < 17 || t > 65536 || *p) {
- fprintf(stderr, "Illegal prime size: \"%s\"\n",
- *argv);
- return 1;
- }
-
- primeTest((unsigned)t);
- }
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 1994, 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * primetest.c - Test driver for prime generation.
- */
-
-#include "first.h"
-#include <stdio.h>
-#include <stdlib.h> /* For strtoul() */
-
-#include "bn.h"
-#include "bnprint.h"
-#include "cputime.h"
-#include "prime.h"
-#include "noise.h"
-
-#include "kludge.h"
-
-#define bnPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-
-/*
- * Generate a new RSA key, with the specified number of bits and
- * public exponent. The high two bits of each prime are always
- * set to make the number more difficult to factor by forcing the
- * number into the high end of the range.
- */
-
-struct Progress {
- FILE *f;
- unsigned column;
- unsigned wrap;
-};
-
-static int
-primeProgress(void *arg, int c)
-{
- struct Progress *p = arg;
- if (++p->column > p->wrap) {
- putc('\n', p->f);
- p->column = 1;
- }
- putc(c, p->f);
- fflush(p->f);
- return 0;
-}
-
-static int
-hextoval(char c)
-{
- if (c < '0')
- return -1;
- c -= '0';
- if (c < 10)
- return c;
- c -= 'A'-'0';
- c &= ~('a'-'A');
- if (c >= 0 && c < 6)
- return c+10;
- return -1;
-}
-
-static int
-stringToBn(struct BigNum *bn, char const *string)
-{
- size_t len = strlen(string);
- char buf;
- int i, j;
-
- (void)bnSetQ(bn, 0);
-
- if (len & 1) {
- i = hextoval(*string++);
- if (i < 0)
- return 0;
- buf = i;
- if (bnInsertBigBytes(bn, &buf, len/2, 1) < 0)
- return -1;
- }
- len /= 2;
- while (len--) {
- i = hextoval(*string++);
- if (i < 0)
- return 0;
- j = hextoval(*string++);
- if (j < 0)
- return 0;
- buf = i*16 + j;
- if (bnInsertBigBytes(bn, &buf, len, 1) < 0)
- return -1;
- }
- return 1; /* Success */
-}
-
-static int
-primeTest(char const *string)
-{
- int modexps = 0;
- struct BigNum bn; /* Temporary */
- int i, j;
- struct Progress progress;
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long curs, tots = 0;
- unsigned curms, totms = 0;
-#endif
- progress.f = stdout;
- progress.wrap = 78;
-
- bnBegin(&bn);
-
- /* Find p - choose a starting place */
- i = stringToBn(&bn, string);
- if (i < 1) {
- if (i < 0)
- goto error;
- printf("Malformed string: \"%s\"\n", string);
- bnEnd(&bn);
- return 0;
- }
-
- /* And search for primes */
- for (j = 0; j < 40; j++) {
- progress.column = 0;
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = primeGen(&bn, 0, primeProgress, &progress, 0);
- if (i < 0)
- goto error;
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- tots += curs = sec(stop);
- totms += curms = msec(stop);
-#endif
- modexps += i;
- putchar('\n'); /* Signal done */
- printf("%d modular exponentiations performed", i);
-#if CLOCK_AVAIL
- printf(" in %lu.%03u s", curs, curms);
-#endif
- putchar('\n');
- bnPut("n = ", &bn);
- if (bnAddQ(&bn, 2) < 0)
- goto error;
- }
-
- bnEnd(&bn);
- printf("Total %d modular exponentiations performed", modexps);
-#if CLOCK_AVAIL
- tots += totms/1000;
- totms %= 1000;
- printf(" in %lu.%03u s\n", tots, totms);
- totms += 1000 * (tots % j);
- tots /= j;
- totms /= j;
- tots += totms / 1000;
- totms %= 1000;
- printf("Average time: %lu.%03u s", tots, totms);
-#endif
- putchar('\n');
-
- /* And that's it... success! */
- return 1;
-error:
- puts("\nError!");
- bnEnd(&bn);
- return -1;
-}
-
-int
-main(int argc, char **argv)
-{
- if (argc < 2) {
- fprintf(stderr, "Usage: %s <hex>...\n", argv[0]);
- fputs("\
-This finds the next primes after the given hex strings.\n", stderr);
- return 1;
- }
-
- bnInit();
-
- while (--argc)
- primeTest(*++argv);
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 1993, 1994 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Cryptographic random number generation.
- */
-
-#include "first.h"
-#include <string.h>
-
-#include "kb.h" /* For kbGet() other stuff */
-#include "md5.h"
-#include "noise.h"
-#include "random.h"
-#include "randpool.h"
-#include "userio.h"
-
-#include "kludge.h"
-
-/*
- * This code uses the randpool.c code to generate random numbers.
- * That can be augmented with other techniques, such as the
- * ANSI X9.17 generator, but the X9.17 generator uses a key-generating
- * key which needs to be obtained from somewhere, and the location is
- * not entirely clear. The randpool.c functions are entirely
- * adequate; extra layers are for belt-and-suspenders security and
- * compliance to standards.
- *
- * For generating long-lived secret keys, we go one more step:
- * actually keep track of (an estimate of) the amount of entropy
- * which is in the random number pool, and wait for events until
- * the amount of entropy accumulated is enough to make all of the
- * bits of the secret key truly random. Of course, the guarantees
- * of cryptographic strength still apply even if this estimation
- * is faulty.
- */
-
-
-/* Get some random bytes */
-void
-randBytes(byte *buf, unsigned len)
-{
- randPoolGetBytes(buf, len);
-}
-
-/*
- * A handy utility for generating uniformly distributed random numbers
- * in a small range.
- */
-unsigned
-randRange(unsigned range)
-{
- unsigned div, r;
- byte b[2];
-
- if (range <= 1)
- return 0;
-
- if (range <= 256) {
- div = 256/range;
- do {
- randBytes(b, 1);
- r = b[0]/div;
- } while (r >= range);
- } else {
- div = (unsigned)(65536/range);
- do {
- randBytes(b, 2);
- r = ((unsigned)b[0] << 8 | b[1])/div;
- } while (r >= range);
- }
- b[0] = b[1] = 0;
- return r;
-}
-
-#ifdef UNIX /* Or we have popen() */
-/*
- * Execute the command "string", adding the entropy from the data thus
- * gethered to the random number pool. Because the pool is rather
- * slow and we want to encourage the use of lots of data, rather than
- * adding the data directly, the MD5 is taken and that is added to the
- * pool.
- */
-int
-randSourceSet(char const *string, unsigned len, int pri)
-{
- FILE *f;
- struct MD5Context md5;
- char buf[256];
- int i;
-
- (void)len; /* string is null-terminated */
- (void)pri; /* Use every argument, regardless of priority */
-
- f = popen(string, "r");
- if (!f)
- return -1;
- MD5Init(&md5);
- while ((i = fread(buf, 1, sizeof(buf), f)) > 0)
- MD5Update(&md5, (unsigned char *)buf, i);
- pclose(f);
- MD5Final((unsigned char *)buf, &md5);
- randPoolAddBytes((unsigned char *)buf, 16);
- memset(buf, 0, sizeof(buf));
- return 0;
-}
-#endif
-
-/*
- * True random bit handling
- */
-
-/*
- * Truly random bits are difficult to get and must be carefully hoarded.
- * These functions use the randpool.c code to store the entropy, and provide
- * some bookkeeping on the count of bits of true (Shannon) entropy available
- * in the pool.
- *
- * For generating ordinary session keys, "as much entropy as you've got"
- * is good enough, and no accounting is done, except to get some entropy
- * to generate the random number seed file if necessary.
- *
- * But for generating long-lived secret key components, extraordinary
- * measures are called for. In addition to what may have been available
- * from the random seed file, random data from timed keystrokes is
- * accumulated until enough is available.
- *
- * An estimate of the number of bits of true (Shannon) entropy in the pool
- * is kept in trueRandBits. This is incremented when timed keystrokes
- * are available, and decremented when bits are explicitly consumed for
- * some purpose or another. This counter is maintained here, scaled by
- * FRACBITS to count fractional bits for thoroughness. (Thus, the name
- * "trueRandBits" is a bit misleading, since it actually counts sixteenths
- * of a bit, but I can't think of a better one.)
- *
- * randFlush is the pool-stirring function. It is also called to
- * obliterate traces of old random bits after prime generation is
- * completed. (Primes are the most carefully-guarded values in PGP.)
- */
-
-#define FRACBITS 4
-#define DERATING 0x28 /* 2.5 bits subtracted for derating */
-static word32 trueRandBits = 0; /* Bits of entropy in pool */
-
-/*
- * Ensure that the random numbers generated by prior calls to randBytes
- * will never be recoverable from the contents of memory. This doesn't
- * wipe memory to a fixed value (the entropy might come in handy for future
- * operations), it just runs the generators forward enough that the previous
- * state is irretrievable.
- *
- * This is called after prime generation, before the random data is saved
- * out, so it is protecting prime data and is particularly paranoid.
- */
-void
-randFlush(void)
-{
- byte buf[16];
- int i;
-
- for (i = 0; i < 3; i++) /* Zipper + Belt + Suspenders */
- randPoolStir(); /* Clean pseudo-random generator */
- memset(buf, 0, sizeof(buf));
- trueRandBits = 0;
-}
-
-/*
- * Given an event (typically a keystroke) coded by "event" at a random time,
- * add all randomness to the random pool, compute a (conservative) estimate
- * of the amount, add it to the pool, and return the amount of randomness.
- * (The return value is just for informational purposes.)
- *
- * Double events are okay, but three in a row is considered
- * suspicious and the randomness is counted as 0.
- *
- * As an extra precaution against key repeat or other very regular input
- * data, the entropy extimate is derived not from the time interval measured,
- * but from the minimum of it and the (absolute) difference between it and
- * the previous time interval, i.e. the second-order delta.
- */
-unsigned
-randEvent(int event)
-{
- static int event1 = 0, event2 = 0; /* Previous events */
- static word32 prevdelta; /* Previous delta */
- word32 delta; /* Time between last two events */
- unsigned cbits; /* Entropy estimate, in bits. */
- word32 t; /* Temprary value */
- int i;
-
- delta = noise();
- randPoolAddBytes((byte *)&event, sizeof(event));
-
- /*
- * Don't credit triple events with any entropy on the grounds that
- * they're probably something periodic like key repeat. But remember
- * the delta.
- */
- if (event == event1 && event == event2) {
- prevdelta = delta;
- return 0;
- }
-
- event2 = event1;
- event1 = event;
-
- /* Compute second-order delta */
- t = (delta > prevdelta) ? delta - prevdelta : prevdelta - delta;
- /* Remember current delta for next time */
- prevdelta = delta;
- /* Find minimum of delta and second-order delta */
- if (delta > t)
- delta = t;
-
- /* Avoid divide-by-zero errors below */
- if (!delta)
- return 0;
-
- /* Count the number of bits of entropy available - integer log2. */
- cbits = 0;
- i = 16;
- t = 0xffffffff;
- do {
- t <<= i;
- if (delta & t)
- cbits += i;
- else
- delta <<= i;
- } while (i >>= 1);
-
- /*
- * At this point, delta is normalized and has its high bit set.
- * Now count fractional bits, using binary logarithm algorithm
- */
- for (i = 0; i < FRACBITS; i++) {
- cbits <<= 1;
- delta >>= 16;
- delta *= delta;
- if (delta & 0x80000000)
- cbits++;
- else
- delta <<= 1;
- }
-
- if (cbits <= DERATING)
- return 0; /* nothing */
- cbits -= DERATING;
- trueRandBits += cbits;
- if (trueRandBits > RANDPOOLBITS<<FRACBITS)
- trueRandBits = RANDPOOLBITS<<FRACBITS;
-
- return cbits;
-}
-
-/*
- * Performs an accumulation of random bits. As long as there are
- * fewer bits in the buffer than are needed, prompt for more.
- * (kbGet is known to call randEvent() which increments trueRandBits.)
- */
-void
-randAccum(unsigned count)
-{
- word32 randbits = trueRandBits;
-
- noise(); /* Establish a baseline for timing comparisons */
-
- if (count > RANDPOOLBITS)
- count = RANDPOOLBITS;
-
- if (randbits>>FRACBITS >= count)
- return;
-
- userPrintf("\n\
-We need to generate %u random bits. This is done by measuring the\n\
-time intervals between your keystrokes. Please enter some random text\n\
-on your keyboard until you hear the beep:\n", count - (randbits>>FRACBITS));
-
- kbCbreak();
-
- do {
- /* display counter to show progress */
- userPrintf(("\r%4u "), count-(unsigned)(randbits>>FRACBITS));
- userFlush(); /* ensure screen update */
-
- kbFlush(0); /* Typeahead is illegal */
- (void)kbGet(); /* Wait for next char */
-
- /* Print flag indicating acceptance (or not) */
- userPutc(trueRandBits == randbits ? '?' : '.');
- randbits = trueRandBits;
- } while (randbits>>FRACBITS < count);
-
- /* Do final display update */
- userPuts(("\r 0 *"));
- userPuts("\a -Enough, thank you.\n");
-
- /* Do an extra-thorough flush to absorb extra typing. */
- kbFlush(1);
-
- kbNorm();
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#include "usuals.h"
-
-int randSourceSet(char const *string, unsigned len, int pri);
-
-void randBytes(byte *dest, unsigned len);
-unsigned randRange(unsigned range);
-
-unsigned randEvent(int event);
-void randFlush(void);
-
-void randAccum(unsigned count);
+++ /dev/null
-/*
- * Copyright (c) 1993, 1994 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * True random number computation and storage
- *
- */
-
-#include "first.h"
-#include <stdlib.h>
-#include <string.h>
-
-#include "md5.h"
-#include "randpool.h"
-#include "usuals.h"
-
-/* This is a parameter of the MD5 algorithm */
-#define RANDKEYWORDS 16
-
-/* The pool must be a multiple of the 16-byte (128-bit) MD5 block size */
-#define RANDPOOLWORDS (((RANDPOOLBITS+127) & ~127) >> 5)
-
-#if RANDPOOLWORDS <= RANDKEYWORDS
-#error Random pool too small - please increase RANDPOOLBITS in randpool.h
-#endif
-
-/* Must be word-aligned, so make it words. Cast to bytes as needed. */
-static word32 randPool[RANDPOOLWORDS]; /* Random pool */
-static word32 randKey[RANDKEYWORDS]; /* Random pool */
-static unsigned randKeyAddPos = 0; /* Position to add to */
-static unsigned randPoolGetPos = 16; /* Position to get from */
-
-/*
- * Destroys already-used random numbers. Ensures no sensitive data
- * remains in memory that can be recovered later. This is also
- * called to "stir in" newly acquired environmental noise bits before
- * removing any random bytes.
- *
- * The transformation is carried out by "encrypting" the data in CFB
- * mode with MD5 as the block cipher. Then, to make certain the stirring
- * operation is strictly one-way, we destroy the key, getting 64 bytes
- * from the beginning of the pool and using them to reinitialize the
- * key. These bytes are not returned by randPoolGetBytes().
- *
- * The key for the stirring operation is the XOR of some bytes from the
- * previous pool contents (not provably necessary, but it produces uniformly
- * distributed keys, which "feels better") and the newly added raw noise,
- * which will have a profound effect on every bit in the pool.
- *
- * To make this useful for pseudo-random (that is, repeatable) operations,
- * the MD5 transformation is always done with a consistent byte order.
- * MD5Transform itself works with 32-bit words, not bytes, so the pool,
- * usually an array of bytes, is transformed into an array of 32-bit words,
- * taking each group of 4 bytes in big-endian order. At the end of the
- * stirring, the transformation is reversed.
- */
-void
-randPoolStir(void)
-{
- int i;
- word32 iv[4];
-
- /* Convert to word32s for stirring operation */
- byteSwap(randPool, RANDPOOLWORDS);
- byteSwap(randKey, RANDKEYWORDS);
-
- /* Start IV from last block of randPool */
- memcpy(iv, randPool+RANDPOOLWORDS-4, sizeof(iv));
-
- /* CFB pass */
- for (i = 0; i < RANDPOOLWORDS; i += 4) {
- MD5Transform(iv, randKey);
- iv[0] = randPool[i ] ^= iv[0];
- iv[1] = randPool[i+1] ^= iv[1];
- iv[2] = randPool[i+2] ^= iv[2];
- iv[3] = randPool[i+3] ^= iv[3];
- }
-
- /* Wipe iv from memory */
- iv[3] = iv[2] = iv[1] = iv[0] = 0;
-
- /* Convert randPool back to bytes for further use */
- byteSwap(randPool, RANDPOOLWORDS);
-
- /* Get new key */
- memcpy(randKey, randPool, sizeof(randKey));
-
- /* Set up pointers for future addition or removal of random bytes */
- randKeyAddPos = 0;
- randPoolGetPos = sizeof(randKey);
-}
-
-/*
- * Make a deposit of information (entropy) into the pool. This is done by
- * XORing them into the key which is used to encrypt the pool. Before any
- * bytes are retrieved from the pool, the altered key will be used to encrypt
- * the whole pool, causing all bits in the pool to depend on the new
- * information.
- *
- * The bits deposited need not have any particular distribution; the stirring
- * operation transforms them to uniformly-distributed bits.
- */
-void
-randPoolAddBytes(byte const *buf, unsigned len)
-{
- byte *p = (byte *)randKey + randKeyAddPos;
- unsigned t = sizeof(randKey) - randKeyAddPos;
-
- while (len > t) {
- len -= t;
- while (t--)
- *p++ ^= *buf++;
- randPoolStir(); /* sets randKeyAddPos to 0 */
- p = (byte *)randKey;
- t = sizeof(randKey);
- }
-
- if (len) {
- randKeyAddPos += len;
- do
- *p++ ^= *buf++;
- while (--len);
- randPoolGetPos = sizeof(randPool); /* Force stir on get */
- }
-}
-
-/*
- * Withdraw some bits from the pool. Regardless of the distribution of the
- * input bits, the bits returned are uniformly distributed, although they
- * cannot, of course, contain more Shannon entropy than the input bits.
- */
-void
-randPoolGetBytes(byte *buf, unsigned len)
-{
- unsigned t;
-
- while (len > (t = sizeof(randPool) - randPoolGetPos)) {
- memcpy(buf, (byte *)randPool+randPoolGetPos, t);
- buf += t;
- len -= t;
- randPoolStir();
- }
-
- if (len) {
- memcpy(buf, (byte *)randPool+randPoolGetPos, len);
- randPoolGetPos += len;
- buf += len;
- }
-}
-
-byte
-randPoolGetByte(void)
-{
- if (randPoolGetPos == sizeof(randPool))
- randPoolStir();
-
- return ((byte *)randPool)[randPoolGetPos++];
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#include "usuals.h"
-
-/* Set this to whatever you need (must be > 512) */
-#define RANDPOOLBITS 3072
-
-void randPoolStir(void);
-void randPoolAddBytes(byte const *buf, unsigned len);
-void randPoolGetBytes(byte *buf, unsigned len);
-byte randPoolGetByte(void);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * randtest.c - FIPS 140 random number tests.
- * This performs all the tests required by the FIPS 140
- * standard on the raw random number pool. If any fail,
- * with at least one bit of entropy in the input, the random
- * number generator is to be considered broken.
- *
- * The FIPS parameters are very loose, to guarantee that a
- * system will not, in practice, declare itself broken during
- * normal operation. The results from any given run should
- * be *much* closer to centered in the allowed ranges.
- *
- * E.g. The expected sum of 20000 random bits is 10000,
- * with a standard deviation of 1/12 * sqrt(20000) = 11.785
- * the deviation at which an error is signalled of 346 from
- * this average is 29.359 standard deviations out. *Very* unlikely.
- */
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h> /* For strtoul */
-#include <string.h> /* For memset */
-#include "kludge.h"
-
-#include "random.h" /* Good random number generator */
-
-/* Number of bits to check */
-#define NBITS 20000
-#define NBYTES ((NBITS+7)/8)
-
-#define MAXRUNSTAT 20 /* Longest run accumulated */
-#define MAXRUNCHECK 6 /* Longest run checked */
-#define MAXRUNTOOLONG 34 /* A run this long is an error */
-
-static unsigned
-pokerstat(unsigned char const buf[NBYTES], unsigned counts[16])
-{
- unsigned i;
- unsigned char c;
-
- for (i = 0; i < 16; i++)
- counts[i] = 0;
-
- for (i = 0; i < NBYTES; i++) {
- c = buf[i];
- counts[c & 15]++;
- counts[c>>4]++;
- }
-
- return counts[15] * 4 +
- (counts[14] + counts[13] + counts[11] + counts[7]) * 3 +
- (counts[12] + counts[10] + counts[9] +
- counts[6] + counts[5] + counts[3]) * 2 +
- counts[8] + counts[4] + counts[2] + counts[1];
-}
-
-static unsigned
-countrunsbig(unsigned char const buf[NBYTES],
- unsigned zeros[MAXRUNSTAT], unsigned ones[MAXRUNSTAT])
-{
- unsigned i;
- unsigned char c, mask;
- unsigned char state; /* All 0s or all 1s */
- unsigned runlength;
- unsigned maxrun = 0;
-
- /* Initialize to zero */
- for (i = 0; i < MAXRUNSTAT; i++) {
- zeros[i] = 0;
- ones[i] = 0;
- }
-
- /* Start with a run of length 0 matching the first bit */
- state = (buf[0] & 0x80) ? 0xff : 0;
- runlength = 0;
-
- for (i = 0; i < NBYTES; i++) {
- c = buf[i];
- mask = 0x80;
- do {
- if ((c ^ state) & mask) {
- /* Change of state; update counters */
- if (maxrun < runlength)
- maxrun = runlength;
- if (runlength > MAXRUNSTAT)
- runlength = MAXRUNSTAT;
- (state ? ones : zeros)[runlength-1]++;
- state = ~state;
- runlength = 0;
- }
- runlength++;
- } while (mask >>= 1);
- }
-
- /* Add in final run */
- if (maxrun < runlength)
- maxrun = runlength;
- if (runlength > MAXRUNSTAT)
- runlength = MAXRUNSTAT;
- (state ? ones : zeros)[runlength-1]++;
-
- return maxrun;
-}
-
-static unsigned
-countrunslittle(unsigned char const buf[NBYTES],
- unsigned zeros[MAXRUNSTAT], unsigned ones[MAXRUNSTAT])
-{
- unsigned i;
- unsigned char c, mask;
- unsigned char state; /* All 0s or all 1s */
- unsigned runlength;
- unsigned maxrun = 0;
-
- /* Initialize to zero */
- for (i = 0; i < MAXRUNSTAT; i++) {
- zeros[i] = 0;
- ones[i] = 0;
- }
-
- /* Start with a run of length 0 matching the first bit */
- state = (buf[0] & 1) ? 0xff : 0;
- runlength = 0;
-
- for (i = 0; i < NBYTES; i++) {
- c = buf[i];
- mask = 1;
- do {
- if ((c ^ state) & mask) {
- /* Change of state; update counters */
- if (maxrun < runlength)
- maxrun = runlength;
- if (runlength > MAXRUNSTAT)
- runlength = MAXRUNSTAT;
- (state ? ones : zeros)[runlength-1]++;
- state = ~state;
- runlength = 0;
- }
- runlength++;
- } while ((mask <<= 1) & 0xff);
- }
-
- /* Add in final run */
- if (maxrun < runlength)
- maxrun = runlength;
- if (runlength > MAXRUNSTAT)
- runlength = MAXRUNSTAT;
- (state ? ones : zeros)[runlength-1]++;
-
- return maxrun;
-}
-
-static int
-checkruns(unsigned const zeros[MAXRUNSTAT], unsigned const ones[MAXRUNSTAT],
- unsigned maxrun)
-{
- int passed, numfailed;
- unsigned i, j;
- unsigned sumones, sumzeros;
- static unsigned const lowlimit[MAXRUNCHECK] =
- { 2267, 1079, 502, 223, 90, 90 };
- static unsigned const highlimit[MAXRUNCHECK] =
- { 2733, 1421, 748, 402, 223, 223 };
-
- numfailed = 0;
-
- j = MAXRUNSTAT;
- while (j--) {
- if (zeros[j] || ones[j])
- break;
- }
-
- for (i = 0; i < MAXRUNCHECK - 1; i++) {
- passed = (lowlimit[i] < zeros[i]) && (zeros[i] < highlimit[i]);
- numfailed += !passed;
- printf("%2u zeros: %4u <%5u < %4u: %s\t",
- i+1, lowlimit[i], zeros[i], highlimit[i],
- passed ? "Pass " : "FAIL *");
-
- passed = (lowlimit[i] < ones[i]) && (ones[i] < highlimit[i]);
- numfailed += !passed;
- printf("%2u ones: %4u <%5u < %4u: %s\n",
- i+1, lowlimit[i], ones[i], highlimit[i],
- passed ? "Pass " : "FAIL *");
- }
- for (sumzeros = 0, sumones = 0; i <= j; i++) {
- printf("%2u zeros: %4u \t\t",
- i+1, zeros[i]);
- sumzeros += zeros[i];
- printf("%2u ones: %4u\n", i+1, ones[i]);
- sumones += ones[i];
- }
-
- i = MAXRUNCHECK-1;
- passed = (lowlimit[i] < sumzeros) && (sumzeros < highlimit[i]);
- numfailed += !passed;
- printf("%u+ zeros: %4u < %4u < %4u: %s\t",
- i+1, lowlimit[i], sumzeros, highlimit[i],
- passed ? "Pass " : "FAIL *");
- passed = (lowlimit[i] < sumones) && (sumones < highlimit[i]);
- numfailed += !passed;
- printf("%u+ zeros: %4u < %4u < %4u: %s\n",
- i+1, lowlimit[i], sumones, highlimit[i],
- passed ? "Pass " : "FAIL *");
-
- passed = maxrun < MAXRUNTOOLONG;
- numfailed += !passed;
- printf("Longest run: %u < %u: %s\n", maxrun, (unsigned)MAXRUNTOOLONG,
- passed ? "Pass " : "FAIL *");
-
- return numfailed;
-}
-
-int
-main(int argc, char **argv)
-{
- unsigned char buf[NBYTES];
- unsigned poker[16];
- unsigned onebits;
- unsigned runzero[MAXRUNSTAT], runone[MAXRUNSTAT];
- unsigned maxrun;
- unsigned long t;
- unsigned i;
- int passed;
- int numfailed = 0;
- char *p;
-
- if (argc != 2) {
- fprintf(stderr, "Usage: %s <bits>\n"
-"Accumulate random bits and then do randomness tests on the RNG output.\n",
- argv[0]);
- return 1;
- }
- t = strtoul(argv[1], &p, 0);
- if (t > 3072 || *p) {
- fprintf(stderr, "Illegal number of bits: \"%s\"\n", argv[1]);
- return 1;
- }
- randAccum(t);
-
- randBytes(buf, sizeof(buf));
- onebits = pokerstat(buf, poker);
-
- passed = (9654 < onebits) && (onebits < 10346);
- numfailed += !passed;
- printf("\nNumber of one bits: 9654 < %u < 10346: %s\n", onebits,
- passed ? "Pass " : "FAIL *");
- /*
- * Original test asks for
- * X = (16/5000) * sum(poker[i]^2, i = 0..15) - 5000,
- * and requires that 1.03 < X < 57.4.
- * This test uses t = 5000/16 * X, and requires that
- * 321.875 < t < 17937.5. Note that if the distribution
- * were totally flat, t would be 0, which is *also* bad.
- */
- t = 0;
- for (i = 0; i < 16; i++) {
- printf("poker[%u%u%u%u] =%4u %c",
- i>>3, i>>2 & 1, i>>1 & 1, i & 1,
- poker[i],(~i & 3) ? ' ' : '\n');
- t += (unsigned long)poker[i] * poker[i];
- }
- t -= 5000ul * 5000 / 16;
- passed = (321 < t) && (t < 17938);
- numfailed += !passed;
- printf("Poker parameter: 321.875 < %lu < 17937.5: %s\n", t,
- passed ? "Pass " : "FAIL *");
-
- /*
- * Next, we're asked to count runs of consecutive ones and
- * zeroes. The shortest possible run is of length 1.
- * The longest, 20000. Since the byte ordering is not defined,
- * do it both ways! This tallies the run lengths of all
- * zeros and all ones, giving totals for the short runs
- * and the longest run of either size encountered.
- */
- printf("\nBig-endian run tests:\n");
- maxrun = countrunsbig(buf, runzero, runone);
- numfailed += checkruns(runzero, runone, maxrun);
-
- printf("\nLittle-endian run tests:\n");
- maxrun = countrunslittle(buf, runzero, runone);
- numfailed += checkruns(runzero, runone, maxrun);
-
- /*
- * Tests are:
- * 1 - Number of one bits
- * 1 - Poker test
- * 12 - Big-endian run length tests
- * 1 - Big-endian maximum run length test
- * 12 - Little-endian run length tests
- * 1 - Little-endian maximum run length test
- */
- printf("\nOut of 28 tests, %d tests failed.\n", numfailed);
-
- return numfailed;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * rsaglue.c - The interface between bignum math and RSA operations.
- * This layer's primary reason for existence is to allow adaptation
- * to other RSA math libraries for legal reasons.
- */
-
-#include "first.h"
-
-#include "bn.h"
-
-#include "keys.h"
-#include "random.h"
-#include "rsaglue.h"
-#include "usuals.h"
-
-/*#define BNDEBUG 1*/
-
-#if BNDEBUG
-/* Some debugging hooks which have been left in for now. */
-#include "bn/bnprint.h"
-#define bndPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-#define bndPrintf printf
-#else
-#define bndPut(prompt, bn) ((void)(prompt),(void)(bn))
-#define bndPrintf(x) (void)0
-#endif
-
-
-/*
- * This returns TRUE if the key is too big, returning the
- * maximum number of bits that the library can accept. It
- * is used if you want to use something icky from RSADSI, whose
- * code is known to have satatic limits on key sizes. (BSAFE 2.1
- * advertises 2048-bit key sizes. It lies. It's talking about
- * conventional RC4 keys, whicah are useless to make anything like
- * that large. RSA keys are limited to 1024 bits.
- */
-int
-rsaKeyTooBig(struct PubKey const *pub, struct SecKey const *sec)
-{
- (void)pub;
- (void)sec;
- return 0; /* Never too big! */
-}
-
-/*
- * Fill the given bignum, from bytes high-1 through low (where 0 is
- * the least significant byte), with non-zero random data.
- */
-static int
-randomPad(struct BigNum *bn, unsigned high, unsigned low)
-{
- unsigned i, l;
- byte padding[64]; /* This can be any size (>0) whatsoever */
-
- high -= low;
- while (high) {
- l = high < sizeof(padding) ? high : sizeof(padding);
- randBytes(padding, l);
- for (i = 0; i < l; i++) { /* Replace all zero bytes */
- while(padding[i] == 0)
- randBytes(padding+i, 1);
- }
- high -= l;
- if (bnInsertBigBytes(bn, padding, high+low, l) < 0)
- return RSAGLUE_NOMEM;
- }
-
- memset(padding, 0, sizeof(padding));
- return 0;
-}
-
-/*
- * Fill the given bignum, from bytes high-1 through low (where 0 is
- * the least significant byte), with all ones (0xFF) data.
- */
-static int
-onesPad(struct BigNum *bn, unsigned high, unsigned low)
-{
- unsigned l;
- static byte const padding[] = {
- 255,255,255,255,255,255,255,255,
- 255,255,255,255,255,255,255,255
- };
-
- high -= low;
- while (high) {
- l = high < sizeof(padding) ? high : sizeof(padding);
- high -= l;
- if (bnInsertBigBytes(bn, padding, high+low, l) < 0)
- return RSAGLUE_NOMEM;
- }
- return 0;
-}
-
-/*
- * Wrap a PKCS type 2 wrapper around some data and RSA encrypt it.
- * If the modulus is n bytes long, with the most significant byte
- * being n-1 and the least significant, 0, the wrapper looks like:
- *
- * Position Value Function
- * n-1 0 This is needed to ensure that the padded number
- * is less than the modulus.
- * n-2 2 The padding type (non-zero random).
- * n-3..len+1 ??? Non-zero random padding bytes to "salt" the
- * output and prevent duplicate plaintext attacks.
- * len 0 Zero byte to mark the end of the padding
- * len-1..0 data Supplied payload data.
- *
- * There really should be several bytes of padding, although this
- * routine will not fail to encrypt unless it will not fit, even
- * with no padding bytes.
- */
-
-static byte const encryptedType = 2;
-
-int
-rsaPublicEncrypt(struct BigNum *bn, byte const *in, unsigned len,
- struct PubKey const *pub)
-{
- unsigned bytes = (bnBits(&pub->n)+7)/8;
-
- if (len+3 > bytes)
- return RSAGLUE_TOOSMALL; /* Won't fit! */
-
- /* Set the entire number to 0 to start */
- (void)bnSetQ(bn, 0);
-
- if (bnInsertBigBytes(bn, &encryptedType, bytes-2, 1) < 0)
- return RSAGLUE_NOMEM;
- if (randomPad(bn, bytes-2, len+1) < 0)
- return RSAGLUE_NOMEM;
-
- if (bnInsertBigBytes(bn, in, 0, len) < 0)
- return RSAGLUE_NOMEM;
-bndPrintf("RSA encrypting.\n");
-bndPut("plaintext = ", bn);
- return bnExpMod(bn, bn, &pub->e, &pub->n);
-}
-
-/*
- * This performs a modular exponentiation using the Chinese Remainder
- * Algorithm when the modulus is known to have two relatively prime
- * factors n = p * q, and u = p^-1 (mod q) has been precomputed.
- *
- * The chinese remainder algorithm lets a computation mod n be performed
- * mod p and mod q, and the results combined. Since it takes
- * (considerably) more than twice as long to perform modular exponentiation
- * mod n as it does to perform it mod p and mod q, time is saved.
- *
- * If x is the desired result, let xp and xq be the values of x mod p
- * and mod q, respectively. Obviously, x = xp + p * k for some k.
- * Taking this mod q, xq == xp + p*k (mod q), so p*k == xq-xp (mod q)
- * and k == p^-1 * (xq-xp) (mod q), so k = u * (xq-xp mod q) mod q.
- * After that, x = xp + p * k.
- *
- * Another savings comes from reducing the exponent d modulo phi(p)
- * and phi(q). Here, we assume that p and q are prime, so phi(p) = p-1
- * and phi(q) = q-1.
- */
-static int
-bnExpModCRA(struct BigNum *x, struct BigNum const *d,
- struct BigNum const *p, struct BigNum const *q, struct BigNum const *u)
-{
- struct BigNum xp, xq, k;
- int i;
-
-bndPrintf("Performing CRA\n");
-bndPut("x = ", x);
-bndPut("p = ", p);
-bndPut("q = ", q);
-bndPut("d = ", d);
-bndPut("u = ", u);
-
- bnBegin(&xp);
- bnBegin(&xq);
- bnBegin(&k);
-
- /* Compute xp = (x mod p) ^ (d mod p-1) mod p */
- if (bnCopy(&xp, p) < 0) /* First, use xp to hold p-1 */
- goto fail;
- (void)bnSubQ(&xp, 1); /* p > 1, so subtracting is safe. */
- if (bnMod(&k, d, &xp) < 0) /* Use k to hold the exponent */
- goto fail;
-bndPut("d mod p-1 = ", &k);
- if (bnMod(&xp, x, p) < 0) /* Now xp = (x mod p) */
- goto fail;
-bndPut("x mod p = ", &xp);
- if (bnExpMod(&xp, &xp, &k, p) < 0) /* xp = (x mod p)^k mod p */
- goto fail;
-bndPut("xp = x^d mod p = ", &xp);
-
- /* Compute xq = (x mod q) ^ (d mod q-1) mod q */
- if (bnCopy(&xq, q) < 0) /* First, use xq to hold q-1 */
- goto fail;
- (void)bnSubQ(&xq, 1); /* q > 1, so subtracting is safe. */
- if (bnMod(&k, d, &xq) < 0) /* Use k to hold the exponent */
- goto fail;
-bndPut("d mod q-1 = ", &k);
- if (bnMod(&xq, x, q) < 0) /* Now xq = (x mod q) */
- goto fail;
-bndPut("x mod q = ", &xq);
- if (bnExpMod(&xq, &xq, &k, q) < 0) /* xq = (x mod q)^k mod q */
- goto fail;
-bndPut("xq = x^d mod q = ", &xq);
-
- i = bnSub(&xq, &xp);
-bndPut("xq - xp = ", &xq);
-bndPrintf(("With sign %d\n", i));
- if (i < 0)
- goto fail;
- if (i) {
- /*
- * Borrow out - xq-xp is negative, so bnSub returned
- * xp-xq instead, the negative of the true answer.
- * Add q back (which is subtracting from the negative)
- * until the sign flips again. If p is much greater
- * than q, this step could take annoyingly long.
- * PGP requires that p < q, so it'll only happen once.
- * You could get this stuck in a very lengthy loop by
- * feeding this function a p >> q, but it seems fair
- * to assume that secret keys are not constructed
- * maliciously.
- *
- * If this becomes a concern, you can fix it up with a
- * bnMod. (But watch out for the case that the correct
- * answer is zero!)
- */
- do {
- i = bnSub(&xq, q);
-bndPut("xq - xp mod q = ", &xq);
- if (i < 0)
- goto fail;
- } while (!i);
- }
-
- /* Compute k = xq * u mod q */
- if (bnMul(&k, u, &xq) < 0)
- goto fail;
-bndPut("(xq-xp) * u = ", &k);
- if (bnMod(&k, &k, q) < 0)
- goto fail;
-bndPut("k = (xq-xp)*u % q = ", &k);
-
-#if BNDEBUG /* @@@ DEBUG - do it the slow way for comparison */
- if (bnMul(&xq, p, q) < 0)
- goto fail;
-bndPut("n = p*q = ", &xq);
- if (bnExpMod(x, x, d, &xq) < 0)
- goto fail;
- if (bnCopy(&xq, x) < 0)
- goto fail;
-bndPut("x^d mod n = ", &xq);
-#endif
-
- /* Now x = k * p + xp is the final answer */
- if (bnMul(x, &k, p) < 0)
- goto fail;
-bndPut("k * p = ", x);
- if (bnAdd(x, &xp) < 0)
- goto fail;
-bndPut("k*p + xp = ", x);
-#if BNDEBUG
- if (bnCmp(x, &xq) != 0) {
-bndPrintf(("Nasty!!!\n"));
- goto fail;
- }
- bnSetQ(&k, 17);
- bnMul(&xp, p, q);
- bnExpMod(&xq, &xq, &k, &xp);
-bndPut("x^17 mod n = ", &xq);
-#endif
- bnEnd(&xp);
- bnEnd(&xq);
- bnEnd(&k);
- return 0;
-
-fail:
- bnEnd(&xp);
- bnEnd(&xq);
- bnEnd(&k);
- return RSAGLUE_NOMEM;
-}
-
-/*
- * This does an RSA signing operation, which is very similar, except
- * that the padding differs. The type is 1, and the padding is all 1's
- * (hex 0xFF).
- *
- * To summarize, the format is:
- *
- * Position Value Function
- * n-1 0 This is needed to ensure that the padded number
- * is less than the modulus.
- * n-2 1 The padding type (all ones).
- * n-3..len+1 255 All ones padding to ensure signatures are rare.
- * len 0 Zero byte to mark the end of the padding
- * len-1..0 data The payload
- *
- *
- * The reason for the all 1's padding is an extra consistency check.
- * A randomly invented signature will not decrypt to have the long
- * run of ones necessary for acceptance.
- *
- * Oh... the public key isn't needed to decrypt, but it's passed in
- * because a different glue library may need it for some reason.
- */
-static const byte signedType = 1;
-
-int
-rsaPrivateEncrypt(struct BigNum *bn, byte const *in, unsigned len,
- struct PubKey const *pub, struct SecKey const *sec)
-{
- unsigned bytes = (bnBits(&pub->n)+7)/8;
-
- /* Set the entire number to 0 to start */
- (void)bnSetQ(bn, 0);
-
- if (len+3 > bytes)
- return RSAGLUE_TOOSMALL; /* Won't fit */
- if (bnInsertBigBytes(bn, &signedType, bytes-2, 1) < 0)
- return RSAGLUE_NOMEM;
- if (onesPad(bn, bytes-2, len+1) < 0)
- return RSAGLUE_NOMEM;
- if (bnInsertBigBytes(bn, in, 0, len) < 0)
- return RSAGLUE_NOMEM;
-
-bndPrintf(("RSA signing.\n"));
-bndPut("plaintext = ", bn);
- return bnExpModCRA(bn, &sec->d, &sec->p, &sec->q, &sec->u);
-}
-
-/*
- * Searches bytes, beginning with start-1 and progressing to 0,
- * until one that is not 0xff is found. The idex of the last 0xff
- * byte is returned (or start if start-1 is not 0xff.)
- */
-static unsigned
-bnSearchNonOneFromHigh(struct BigNum const *bn, unsigned start)
-{
- byte buf[16]; /* Size is arbitrary */
- unsigned l;
- unsigned i;
-
- while (start) {
- l = start < sizeof(buf) ? start : sizeof(buf);
- start -= l;
- bnExtractBigBytes(bn, buf, start, l);
- for (i = 0; i < l; i++) {
- if (buf[i] != 0xff) {
- memset(buf, 0, sizeof(buf));
- return start + l - i;
- }
- }
- }
- /* Nothing found */
- memset(buf, 0, sizeof(buf));
- return 0;
-}
-
-/*
- * Decrypt a message with a public key.
- * These destroy (actually, replace with a decrypted version) the
- * input bignum bn.
- *
- * Performs an RSA signature check. Returns a prefix of the unwrapped
- * data in the given buf. Returns the length of the untruncated
- * data, which may exceed "len". Returns <0 on error.
- */
-int
-rsaPublicDecrypt(byte *buf, unsigned len, struct BigNum *bn,
- struct PubKey const *pub)
-{
- byte tmp[1];
- unsigned bytes;
-
-bndPrintf(("RSA signature checking.\n"));
- if (bnExpMod(bn, bn, &pub->e, &pub->n) < 0)
- return RSAGLUE_NOMEM;
-bndPut("decrypted = ", bn);
- bytes = (bnBits(&pub->n)+7)/8;
-
- bnExtractBigBytes(bn, tmp, bytes-2, 2);
- if (tmp[0] != 0 || tmp[1] != signedType) {
- memset(tmp, 0, 2);
- return RSAGLUE_CORRUPT;
- }
-
- bytes = bnSearchNonOneFromHigh(bn, bytes-2);
- if (bytes < 1)
- return RSAGLUE_CORRUPT;
- bytes--;
- bnExtractBigBytes(bn, tmp, bytes, 1);
- if (tmp[0] != 0) {
- tmp[0] = 0;
- return RSAGLUE_CORRUPT;
- }
- /* Note: tmp isn't sensitive any more because its a constant! */
- /* Success! Return the data */
- if (len > bytes)
- len = bytes;
- bnExtractBigBytes(bn, buf, bytes-len, len);
- return bytes;
-}
-
-
-/*
- * Searches bytes, beginning with start-1 and progressing to 0,
- * until finding one that is zero, or the end of the array.
- * The index of the last non-zero byte is returned (0 if the array
- * is all non-zero, or start if start-1 is zero).
- */
-static unsigned
-bnSearchZeroFromHigh(struct BigNum const *bn, unsigned start)
-{
- byte buf[16]; /* Size is arbitrary */
- unsigned l;
- unsigned i;
-
- while (start) {
- l = start < sizeof(buf) ? start : sizeof(buf);
- start -= l;
- bnExtractBigBytes(bn, buf, start, l);
- for (i = 0; i < l; i++) {
- if (buf[i] == 0) {
- memset(buf, 0, sizeof(buf));
- return start + l - i;
- }
- }
- }
- /* Nothing found */
- memset(buf, 0, sizeof(buf));
- return 0;
-}
-
-/*
- * Performs an RSA decryption. Returns a prefix of the unwrapped
- * data in the given buf. Returns the length of the untruncated
- * data, which may exceed "len". Returns <0 on error.
- */
-int
-rsaPrivateDecrypt(byte *buf, unsigned len, struct BigNum *bn,
- struct PubKey const *pub, struct SecKey const *sec)
-{
- unsigned bytes;
- byte tmp[2];
-
-bndPrintf(("RSA decrypting\n"));
- if (bnExpModCRA(bn, &sec->d, &sec->p, &sec->q, &sec->u) < 0)
- return RSAGLUE_NOMEM;
-bndPut("decrypted = ", bn);
- bytes = (bnBits(&pub->n)+7)/8;
-
- bnExtractBigBytes(bn, tmp, bytes-2, 2);
- if (tmp[0] != 0 || tmp[1] != 2) {
- memset(tmp, 0, 2);
- return RSAGLUE_CORRUPT;
- }
-
- bytes = bnSearchZeroFromHigh(bn, bytes-2);
- if (bytes-- == 0)
- return RSAGLUE_CORRUPT;
-
- if (len > bytes)
- len = bytes;
- bnExtractBigBytes(bn, buf, bytes-len, len);
- return bytes;
-}
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * rsaglue.h - RSA encryption and decryption
- */
-#ifndef RSAGLUE_H
-#define RSAGLUE_H
-
-struct PubKey;
-struct SecKey;
-struct BigNum;
-#include "usuals.h"
-
-#define RSAGLUE_NOMEM -1 /* Ran out of memory */
-#define RSAGLUE_TOOBIG -2 /* Key too big (currently impossible) */
-#define RSAGLUE_TOOSMALL -3 /* Key too small (encryption only) */
-#define RSAGLUE_CORRUPT -4 /* Decrypted data corrupt (decrypt only) */
-#define RSAGLUE_UNRECOG -5 /* Unrecognized data (decrypt only) */
-
-/* Declarations */
-int rsaKeyTooBig(struct PubKey const *pub, struct SecKey const *sec);
-
-int
-rsaPublicEncrypt(struct BigNum *bn, byte const *in, unsigned len,
- struct PubKey const *pub);
-int
-rsaPrivateEncrypt(struct BigNum *bn, byte const *in, unsigned len,
- struct PubKey const *pub, struct SecKey const *sec);
-int
-rsaPublicDecrypt(byte *buf, unsigned len, struct BigNum *bn,
- struct PubKey const *pub);
-int
-rsaPrivateDecrypt(byte *buf, unsigned len, struct BigNum *bn,
- struct PubKey const *pub, struct SecKey const *sec);
-
-#endif /* !RSAGLUE_H */
+++ /dev/null
-/*
- * Copyright (c) 1994, 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * rsatest.c - Test driver for RSA key generation.
- */
-
-#include "first.h"
-#include <stdio.h>
-#include <stdlib.h> /* For strtoul() */
-#include <string.h> /* For strerror */
-
-#include "bnprint.h"
-#include "cputime.h"
-
-#include "keygen.h"
-#include "keys.h"
-#include "random.h"
-#include "rsaglue.h"
-#include "userio.h"
-
-#include "kludge.h"
-
-#define bnPut(prompt, bn) bnPrint(stdout, prompt, bn, "\n")
-
-static int
-rsaTest(struct PubKey const *pub, struct SecKey const *sec)
-{
- struct BigNum bn;
- char const buf1[25] = "abcdefghijklmnopqrstuvwxy";
- char buf2[64];
- int i, j;
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long cursec, encsec = 0, decsec = 0, sigsec = 0, versec = 0;
- unsigned curms, encms = 0, decms = 0, sigms = 0, verms = 0;
-#endif
-
- if (rsaKeyTooBig(pub, sec)) {
- printf("Key too large for RSA library - not testing.\n");
- return 0;
- }
-
- puts("\tEncrypt\t\tDecrypt\t\tSign\t\tVerify\tStatus");
- bnBegin(&bn);
-
- for (j = 0; j < (int)sizeof(buf1); j++) {
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = rsaPublicEncrypt(&bn, (byte const *)buf1, (size_t)j+1, pub);
- if (i < 0) {
- printf("RSA encryption failed, i = %dn", i);
- return i;
- }
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- encsec += cursec = sec(stop);
- encms += curms = msec(stop);
- printf("\t%lu.%03u\t", cursec, curms);
-#else
- printf("\t*\t");
-#endif
- fflush(stdout);
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = rsaPrivateDecrypt((byte *)buf2, sizeof(buf2), &bn,
- pub, sec);
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- decsec += cursec = sec(stop);
- decms += curms = msec(stop);
- printf("\t%lu.%03u\t", cursec, curms);
-#else
- printf("\t*\t");
-#endif
- fflush(stdout);
- if (i != j+1 || memcmp(buf1, buf2, (size_t)j+1) != 0) {
- printf("RSA Decryption failed, i = %d\n", i);
- return i;
- }
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = rsaPrivateEncrypt(&bn, (byte const *)buf1, (size_t)j+1,
- pub, sec);
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- sigsec += cursec = sec(stop);
- sigms += curms = msec(stop);
- printf("\t%lu.%03u\t", cursec, curms);
-#else
- printf("\t*\t");
-#endif
- fflush(stdout);
- if (i < 0) {
- printf("RSA signing failed, i = %d\n", i);
- return i;
- }
-
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = rsaPublicDecrypt((byte *)buf2, sizeof(buf2), &bn, pub);
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- versec += cursec = sec(stop);
- verms += curms = msec(stop);
- printf("\t%lu.%03u\t", cursec, curms);
-#else
- printf("\t*\t");
-#endif
- fflush(stdout);
- if (i != j+1 || memcmp(buf1, buf2, (size_t)j+1) != 0) {
- printf("RSA verify failed i = %d != %d\n", i, j+1);
- return i;
- }
- printf("Succeeded\n");
- fflush(stdout);
- }
-#if CLOCK_AVAIL
- encms += 1000 * (encsec % j);
- encsec /= j;
- encms /= j;
- encsec += encms / 1000;
- encms %= 1000;
- decms += 1000 * (decsec % j);
- decsec /= j;
- decms /= j;
- decsec += decms / 1000;
- decms %= 1000;
- sigms += 1000 * (sigsec % j);
- sigsec /= j;
- sigms /= j;
- sigsec += sigms / 1000;
- sigms %= 1000;
- verms += 1000 * (versec % j);
- versec /= j;
- verms /= j;
- versec += verms / 1000;
- verms %= 1000;
- printf("\t%lu.%03u\t\t%lu.%03u\t\t%lu.%03u\t\t%lu.%03u\tAVERAGE %u\n",
- encsec, encms, decsec, decms,
- sigsec, sigms, versec, verms, bnBits(&pub->n));
-#endif
-
- return 0;
-}
-
-static int
-rsaGen(unsigned keybits)
-{
- struct PubKey pub;
- struct SecKey sec;
- int i;
-#if CLOCK_AVAIL
- timetype start, stop;
- unsigned long s;
-#endif
-
- if (keybits < 384)
- keybits = 384;
- userPrintf("Generating an RSA key with a %u-bit modulus.\n", keybits);
-
- randAccum(1);
-/* randAccum(keybits); */
-
- /*
- * One dot is printed per pseudoprimality test that fails.
- * the density of primes of length "keybits/2" is about
- * ln(2^(keybits/2)), or keybits/2*ln(2), so if we were to
- * naively test numbers at random, we'd expect to print
- * keybits/2*ln(2) dots per number, or keybits*ln(2) for
- * both. This is keybits/1.44.
- * However, the sieve removes all multiples of 2, 3, 5, 7, 11, 13,
- * etc (up to 65521, the largest prime < 65536) from the candidates.
- * (1-1/2)*(1-1/3)*(1-1/5)*(1-1/7)*(1-1/11)*...*(1-1/65521) is
- * about 0.05061325. So we only actually print keybits*ln(2)*0.0506
- * from the numbers we test, 0.035 of them, or about 1/28.5.
- * We round this up to 0.04, or 1/25, because it produces nice
- * round numbers and people don't get as impatient if we're a
- * little pessimistic. (The Poisson distribution has a long
- * tail.) If you really want to know, it's a 14% overestimate.
- */
- userPrintf("\n\
-Key generation takes a little while. This program prints dots as it\n\
-searches for each of the two primes it needs for a key. How long it will\n\
-have to search is unpredictable, but expect an average of %u dots total.\n",
- keybits/25);
-
- pubKeyBegin(&pub);
- secKeyBegin(&sec);
-#if CLOCK_AVAIL
- gettime(&start);
-#endif
- i = genRsaKey(&pub, &sec, keybits, 17, stdout);
-#if CLOCK_AVAIL
- gettime(&stop);
- subtime(stop, start);
- s = sec(stop);
- printf("%u-bit time = %lu.%03u sec.", keybits, s, msec(stop));
- if (s > 60) {
- putchar(' ');
- putchar('(');
- if (s > 3600)
- printf("%u:%02u", (unsigned)(s/3600),
- (unsigned)(s/60%60));
- else
- printf("%u", (unsigned)(s/60));
- printf(":%02u)", (unsigned)(s%60));
- }
- putchar('\n');
-#endif
- if (i < 0) {
- userPuts("\a\nKeygen failed!\n");
- } else {
- userPrintf("%d modular exponentiations performed.\n", i);
- bnPut("n = ", &pub.n);
- bnPut("e = ", &pub.e);
- bnPut("d = ", &sec.d);
- bnPut("p = ", &sec.p);
- bnPut("q = ", &sec.q);
- bnPut("u = ", &sec.u);
- i = rsaTest(&pub, &sec);
- }
-
- pubKeyEnd(&pub);
- secKeyEnd(&sec);
- return i;
-}
-
-int
-main(int argc, char **argv)
-{
- unsigned long t;
- char *p;
-
- if (argc < 2) {
- fprintf(stderr, "Usage: %s <bits>...\n", argv[0]);
- fputs("\
-This generates a random RSA key pair and prints its value. <bits>\n\
-is the size of the modulus to use.\n", stderr);
- return 1;
- }
-
- bnInit();
-
- while (--argc) {
- t = strtoul(*++argv, &p, 0);
- if (t < 384 || t > 65536 || *p) {
- fprintf(stderr, "Illegal modulus size: \"%s\"\n",
- *argv);
- return 1;
- }
-
- rsaGen((unsigned)t);
- }
-
- return 0;
-}
+++ /dev/null
-/* --------------------------------- SHA.C ------------------------------- */
-#include <string.h>
-
-#include "sha.h"
-
-/*
- * NIST Secure Hash Algorithm.
- *
- * Written 2 September 1992, Peter C. Gutmann.
- * This implementation placed in the public domain.
- *
- * Modified 1 June 1993, Colin Plumb.
- * Modified for the new SHS based on Peter Gutmann's work,
- * 18 July 1994, Colin Plumb.
- * Gutmann's work.
- * Renamed to SHA and comments updated a bit 1 November 1995, Colin Plumb.
- * These modifications placed in the public domain.
- *
- * Comments to pgut1@cs.aukuni.ac.nz
- */
-
-#include <string.h>
-
-/*
- * The SHA f()-functions. The f1 and f3 functions can be optimized to
- * save one boolean operation each - thanks to Rich Schroeppel,
- * rcs@cs.arizona.edu for discovering this
- */
-/*#define f1(x,y,z) ( (x & y) | (~x & z) ) // Rounds 0-19 */
-#define f1(x,y,z) ( z ^ (x & (y ^ z) ) ) /* Rounds 0-19 */
-#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
-/*#define f3(x,y,z) ( (x & y) | (x & z) | (y & z) ) // Rounds 40-59 */
-#define f3(x,y,z) ( (x & y) | (z & (x | y) ) ) /* Rounds 40-59 */
-#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
-
-/*
- * The SHA Mysterious Constants.
- * K1 = floor(sqrt(2) * 2^30)
- * K2 = floor(sqrt(3) * 2^30)
- * K3 = floor(sqrt(5) * 2^30)
- * K4 = floor(sqrt(10) * 2^30)
- */
-#define K1 0x5A827999L /* Rounds 0-19 */
-#define K2 0x6ED9EBA1L /* Rounds 20-39 */
-#define K3 0x8F1BBCDCL /* Rounds 40-59 */
-#define K4 0xCA62C1D6L /* Rounds 60-79 */
-
-/* SHA initial values */
-
-#define h0init 0x67452301L
-#define h1init 0xEFCDAB89L
-#define h2init 0x98BADCFEL
-#define h3init 0x10325476L
-#define h4init 0xC3D2E1F0L
-
-/*
- * Note that it may be necessary to add parentheses to these macros
- * if they are to be called with expressions as arguments.
- */
-
-/* 32-bit rotate left - kludged with shifts */
-
-#define ROTL(n,X) ( (X << n) | (X >> (32-n)) )
-
-/*
- * The initial expanding function
- *
- * The hash function is defined over an 80-word expanded input array W,
- * where the first 16 are copies of the input data, and the remaining 64
- * are defined by W[i] = W[i-16] ^ W[i-14] ^ W[i-8] ^ W[i-3]. This
- * implementation generates these values on the fly in a circular buffer.
- */
-
-#if SHA_VERSION
-/* The new ("corrected") SHA, FIPS 180.1 */
-/* Same as below, but then rotate left one bit */
-#define expand(W,i) (W[i&15] ^= W[(i-14)&15] ^ W[(i-8)&15] ^ W[(i-3)&15], \
- W[i&15] = ROTL(1, W[i&15]))
-#else
-/* The old (pre-correction) SHA, FIPS 180 */
-#define expand(W,i) (W[i&15] ^= W[(i-14)&15] ^ W[(i-8)&15] ^ W[(i-3)&15])
-#endif
-
-/*
- * The prototype SHA sub-round
- *
- * The fundamental sub-round is
- * a' = e + ROTL(5,a) + f(b, c, d) + k + data;
- * b' = a;
- * c' = ROTL(30,b);
- * d' = c;
- * e' = d;
- * ... but this is implemented by unrolling the loop 5 times and renaming
- * the variables (e,a,b,c,d) = (a',b',c',d',e') each iteration.
- */
-#define subRound(a, b, c, d, e, f, k, data) \
- ( e += ROTL(5,a) + f(b, c, d) + k + data, b = ROTL(30, b) )
-/*
- * The above code is replicated 20 times for each of the 4 functions,
- * using the next 20 values from the W[] array each time.
- */
-
-/* Initialize the SHA values */
-
-void
-shaInit(struct SHAContext *sha)
-{
- /* Set the h-vars to their initial values */
- sha->digest[0] = h0init;
- sha->digest[1] = h1init;
- sha->digest[2] = h2init;
- sha->digest[3] = h3init;
- sha->digest[4] = h4init;
-
- /* Initialise bit count */
-#ifdef HAVE64
- sha->count = 0;
-#else
- sha->countLo = sha->countHi = 0;
-#endif
-}
-
-/*
- * Perform the SHA transformation. Note that this code, like MD5, seems to
- * break some optimizing compilers due to the complexity of the expressions
- * and the size of the basic block. It may be necessary to split it into
- * sections, e.g. based on the four subrounds
- *
- * Note that this corrupts the sha->data area.
- */
-#ifndef ASM
-
-void shaTransform(struct SHAContext *sha)
-{
- register word32 A, B, C, D, E;
-
- /* Set up first buffer */
- A = sha->digest[0];
- B = sha->digest[1];
- C = sha->digest[2];
- D = sha->digest[3];
- E = sha->digest[4];
-
- /* Heavy mangling, in 4 sub-rounds of 20 interations each. */
- subRound( A, B, C, D, E, f1, K1, sha->data[ 0] );
- subRound( E, A, B, C, D, f1, K1, sha->data[ 1] );
- subRound( D, E, A, B, C, f1, K1, sha->data[ 2] );
- subRound( C, D, E, A, B, f1, K1, sha->data[ 3] );
- subRound( B, C, D, E, A, f1, K1, sha->data[ 4] );
- subRound( A, B, C, D, E, f1, K1, sha->data[ 5] );
- subRound( E, A, B, C, D, f1, K1, sha->data[ 6] );
- subRound( D, E, A, B, C, f1, K1, sha->data[ 7] );
- subRound( C, D, E, A, B, f1, K1, sha->data[ 8] );
- subRound( B, C, D, E, A, f1, K1, sha->data[ 9] );
- subRound( A, B, C, D, E, f1, K1, sha->data[10] );
- subRound( E, A, B, C, D, f1, K1, sha->data[11] );
- subRound( D, E, A, B, C, f1, K1, sha->data[12] );
- subRound( C, D, E, A, B, f1, K1, sha->data[13] );
- subRound( B, C, D, E, A, f1, K1, sha->data[14] );
- subRound( A, B, C, D, E, f1, K1, sha->data[15] );
- subRound( E, A, B, C, D, f1, K1, expand(sha->data, 16) );
- subRound( D, E, A, B, C, f1, K1, expand(sha->data, 17) );
- subRound( C, D, E, A, B, f1, K1, expand(sha->data, 18) );
- subRound( B, C, D, E, A, f1, K1, expand(sha->data, 19) );
-
- subRound( A, B, C, D, E, f2, K2, expand(sha->data, 20) );
- subRound( E, A, B, C, D, f2, K2, expand(sha->data, 21) );
- subRound( D, E, A, B, C, f2, K2, expand(sha->data, 22) );
- subRound( C, D, E, A, B, f2, K2, expand(sha->data, 23) );
- subRound( B, C, D, E, A, f2, K2, expand(sha->data, 24) );
- subRound( A, B, C, D, E, f2, K2, expand(sha->data, 25) );
- subRound( E, A, B, C, D, f2, K2, expand(sha->data, 26) );
- subRound( D, E, A, B, C, f2, K2, expand(sha->data, 27) );
- subRound( C, D, E, A, B, f2, K2, expand(sha->data, 28) );
- subRound( B, C, D, E, A, f2, K2, expand(sha->data, 29) );
- subRound( A, B, C, D, E, f2, K2, expand(sha->data, 30) );
- subRound( E, A, B, C, D, f2, K2, expand(sha->data, 31) );
- subRound( D, E, A, B, C, f2, K2, expand(sha->data, 32) );
- subRound( C, D, E, A, B, f2, K2, expand(sha->data, 33) );
- subRound( B, C, D, E, A, f2, K2, expand(sha->data, 34) );
- subRound( A, B, C, D, E, f2, K2, expand(sha->data, 35) );
- subRound( E, A, B, C, D, f2, K2, expand(sha->data, 36) );
- subRound( D, E, A, B, C, f2, K2, expand(sha->data, 37) );
- subRound( C, D, E, A, B, f2, K2, expand(sha->data, 38) );
- subRound( B, C, D, E, A, f2, K2, expand(sha->data, 39) );
-
- subRound( A, B, C, D, E, f3, K3, expand(sha->data, 40) );
- subRound( E, A, B, C, D, f3, K3, expand(sha->data, 41) );
- subRound( D, E, A, B, C, f3, K3, expand(sha->data, 42) );
- subRound( C, D, E, A, B, f3, K3, expand(sha->data, 43) );
- subRound( B, C, D, E, A, f3, K3, expand(sha->data, 44) );
- subRound( A, B, C, D, E, f3, K3, expand(sha->data, 45) );
- subRound( E, A, B, C, D, f3, K3, expand(sha->data, 46) );
- subRound( D, E, A, B, C, f3, K3, expand(sha->data, 47) );
- subRound( C, D, E, A, B, f3, K3, expand(sha->data, 48) );
- subRound( B, C, D, E, A, f3, K3, expand(sha->data, 49) );
- subRound( A, B, C, D, E, f3, K3, expand(sha->data, 50) );
- subRound( E, A, B, C, D, f3, K3, expand(sha->data, 51) );
- subRound( D, E, A, B, C, f3, K3, expand(sha->data, 52) );
- subRound( C, D, E, A, B, f3, K3, expand(sha->data, 53) );
- subRound( B, C, D, E, A, f3, K3, expand(sha->data, 54) );
- subRound( A, B, C, D, E, f3, K3, expand(sha->data, 55) );
- subRound( E, A, B, C, D, f3, K3, expand(sha->data, 56) );
- subRound( D, E, A, B, C, f3, K3, expand(sha->data, 57) );
- subRound( C, D, E, A, B, f3, K3, expand(sha->data, 58) );
- subRound( B, C, D, E, A, f3, K3, expand(sha->data, 59) );
-
- subRound( A, B, C, D, E, f4, K4, expand(sha->data, 60) );
- subRound( E, A, B, C, D, f4, K4, expand(sha->data, 61) );
- subRound( D, E, A, B, C, f4, K4, expand(sha->data, 62) );
- subRound( C, D, E, A, B, f4, K4, expand(sha->data, 63) );
- subRound( B, C, D, E, A, f4, K4, expand(sha->data, 64) );
- subRound( A, B, C, D, E, f4, K4, expand(sha->data, 65) );
- subRound( E, A, B, C, D, f4, K4, expand(sha->data, 66) );
- subRound( D, E, A, B, C, f4, K4, expand(sha->data, 67) );
- subRound( C, D, E, A, B, f4, K4, expand(sha->data, 68) );
- subRound( B, C, D, E, A, f4, K4, expand(sha->data, 69) );
- subRound( A, B, C, D, E, f4, K4, expand(sha->data, 70) );
- subRound( E, A, B, C, D, f4, K4, expand(sha->data, 71) );
- subRound( D, E, A, B, C, f4, K4, expand(sha->data, 72) );
- subRound( C, D, E, A, B, f4, K4, expand(sha->data, 73) );
- subRound( B, C, D, E, A, f4, K4, expand(sha->data, 74) );
- subRound( A, B, C, D, E, f4, K4, expand(sha->data, 75) );
- subRound( E, A, B, C, D, f4, K4, expand(sha->data, 76) );
- subRound( D, E, A, B, C, f4, K4, expand(sha->data, 77) );
- subRound( C, D, E, A, B, f4, K4, expand(sha->data, 78) );
- subRound( B, C, D, E, A, f4, K4, expand(sha->data, 79) );
-
- /* Build message digest */
- sha->digest[0] += A;
- sha->digest[1] += B;
- sha->digest[2] += C;
- sha->digest[3] += D;
- sha->digest[4] += E;
-}
-
-#endif /* !ASM */
-
-/*
- * SHA is defined in big-endian form, so this converts the buffer from
- * bytes to words, independent of the machine's native endianness.
- *
- * Assuming a consistent byte ordering for the machine, this also
- * has the magic property of being self-inverse. It is used as
- * such.
- */
-
-static void byteReverse(word32 *buffer, unsigned byteCount)
-{
- word32 value;
-
- byteCount /= sizeof(word32);
- while ( byteCount-- ) {
- value = (word32)((unsigned)((word8 *)buffer)[0] << 8 |
- ((word8 *)buffer)[1]) << 16 |
- ((unsigned)((word8 *)buffer)[2] << 8 |
- ((word8 *)buffer)[3]);
- *buffer++ = value;
- }
-}
-
-/* Update SHA for a block of data. */
-
-void
-shaUpdate(struct SHAContext *sha, word8 const *buffer, unsigned count)
-{
- word32 t;
-
- /* Update bitcount */
-
-#ifdef HAVE64
- t = (word32)sha->count & 0x3f;
- sha->count += count;
-#else
- t = sha->countLo;
- if ( ( sha->countLo = t + count ) < t )
- sha->countHi++; /* Carry from low to high */
-
- t &= 0x3f; /* Bytes already in sha->data */
-#endif
-
- /* Handle any leading odd-sized chunks */
-
- if (t) {
- word8 *p = (word8 *)sha->data + t;
-
- t = 64-t;
- if (count < t) {
- memcpy(p, buffer, count);
- return;
- }
- memcpy(p, buffer, t);
- byteReverse(sha->data, SHA_BLOCKSIZE);
- shaTransform(sha);
- buffer += t;
- count -= t;
- }
-
- /* Process data in SHA_BLOCKSIZE chunks */
-
- while (count >= SHA_BLOCKSIZE) {
- memcpy(sha->data, buffer, SHA_BLOCKSIZE);
- byteReverse(sha->data, SHA_BLOCKSIZE);
- shaTransform(sha);
- buffer += SHA_BLOCKSIZE;
- count -= SHA_BLOCKSIZE;
- }
-
- /* Handle any remaining bytes of data. */
-
- memcpy(sha->data, buffer, count);
-}
-
-/* Final wrapup - pad to 64-byte boundary with the bit pattern
- 1 0* (64-bit count of bits processed, MSB-first) */
-
-void
-shaFinal(struct SHAContext *sha, word8 *hash)
-{
- int count;
- word8 *p;
-
- /* Compute number of bytes mod 64 */
-#ifdef HAVE64
- count = (int)sha->count & 0x3F;
-#else
- count = (int)sha->countLo & 0x3F;
-#endif
-
- /*
- * Set the first char of padding to 0x80.
- * This is safe since there is always at least one byte free
- */
- p = (word8 *)sha->data + count;
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 64 bytes */
- count = SHA_BLOCKSIZE - 1 - count;
-
- /* Pad out to 56 mod 64 */
- if (count < 8) {
- /* Two lots of padding: Pad the first block to 64 bytes */
- memset(p, 0, count);
- byteReverse(sha->data, SHA_BLOCKSIZE);
- shaTransform(sha);
-
- /* Now fill the next block with 56 bytes */
- memset(sha->data, 0, SHA_BLOCKSIZE-8);
- } else {
- /* Pad block to 56 bytes */
- memset(p, 0, count-8);
- }
- byteReverse(sha->data, SHA_BLOCKSIZE-8);
-
- /* Append length in *bits* and transform */
-#if HAVE64
- sha->data[14] = (word32)(sha->count >> 29);
- sha->data[15] = (word32)sha->count << 3;
-#else
- sha->data[14] = sha->countHi << 3 | sha->countLo >> 29;
- sha->data[15] = sha->countLo << 3;
-#endif
-
- shaTransform(sha);
-
- /* Store output hash in buffer */
- byteReverse(sha->digest, SHA_DIGESTSIZE);
- memcpy(hash, sha->digest, SHA_DIGESTSIZE);
- memset(sha, 0, sizeof(*sha));
-}
-
-#if 0
-/* ----------------------------- SHA Test code --------------------------- */
-#include <stdio.h>
-#include <stdlib.h> /* For exit() */
-#include <time.h>
-
-/* Size of buffer for SHA speed test data */
-
-#define TEST_BLOCK_SIZE ( SHA_DIGESTSIZE * 100 )
-
-/* Number of bytes of test data to process */
-
-#define TEST_BYTES 10000000L
-#define TEST_BLOCKS ( TEST_BYTES / TEST_BLOCK_SIZE )
-
-#if SHA_VERSION
-static char const *shaTestResults[] = {
- "A9993E364706816ABA3E25717850C26C9CD0D89D",
- "84983E441C3BD26EBAAE4AA1F95129E5E54670F1",
- "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F",
- "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F",
- "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" };
-#else
-static char const *shaTestResults[] = {
- "0164B8A914CD2A5E74C4F7FF082C4D97F1EDF880",
- "D2516EE1ACFA5BAF33DFC1C471E438449EF134C8",
- "3232AFFA48628A26653B5AAA44541FD90D690603",
- "3232AFFA48628A26653B5AAA44541FD90D690603",
- "3232AFFA48628A26653B5AAA44541FD90D690603" };
-#endif
-
-static int
-compareSHAresults(word8 *hash, int level)
-{
- char buf[41];
- int i;
-
- for (i = 0; i < SHA_DIGESTSIZE; i++)
- sprintf(buf+2*i, "%02X", hash[i]);
-
- if (strcmp(buf, shaTestResults[level-1]) == 0) {
- printf("Test %d passed, result = %s\n", level, buf);
- return 0;
- } else {
- printf("Error in SHA implementation: Test %d failed\n", level);
- printf(" Result = %s\n", buf);
- printf("Expected = %s\n", shaTestResults[level-1]);
- return -1;
- }
-}
-
-
-int
-main(void)
-{
- struct SHAContext sha;
- word8 data[TEST_BLOCK_SIZE];
- word8 hash[SHA_DIGESTSIZE];
- time_t seconds;
- long i;
- word32 t;
-
- /* Check that LITTLE_ENDIAN is set correctly */
- t = 0x12345678;
-
-#if LITTLE_ENDIAN
- if (*(word8 *)&t != 0x78) {
- puts("Error: Define BIG_ENDIAN in SHA.H and recompile");
- exit(-1);
- }
-#elif BIG_ENDIAN
- if (*(word8 *)&t != 0x12) {
- puts("Error: Define LITTLE_ENDIAN in SHA.H and recompile");
- exit(-1);
- }
-#endif
-
- /*
- * Test output data (these are the only test data given in the
- * Secure Hash Standard document, but chances are if it works
- * for this it'll work for anything)
- */
- shaInit(&sha);
- shaUpdate(&sha, (word8 *)"abc", 3);
- shaFinal(&sha, hash);
- if (compareSHAresults(hash, 1) < 0)
- exit (-1);
-
- shaInit(&sha);
- shaUpdate(&sha, (word8 *)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56);
- shaFinal(&sha, hash);
- if (compareSHAresults(hash, 2) < 0)
- exit (-1);
-
- /* 1,000,000 bytes of ASCII 'a' (0x61), by 64's */
- shaInit(&sha);
- for (i = 0; i < 15625; i++)
- shaUpdate(&sha, (word8 *)"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64);
- shaFinal(&sha, hash);
- if (compareSHAresults(hash, 3) < 0)
- exit (-1);
-
- /* 1,000,000 bytes of ASCII 'a' (0x61), by 25's */
- shaInit(&sha);
- for (i = 0; i < 40000; i++)
- shaUpdate(&sha, (word8 *)"aaaaaaaaaaaaaaaaaaaaaaaaa", 25);
- shaFinal(&sha, hash);
- if (compareSHAresults(hash, 4) < 0)
- exit (-1);
-
- /* 1,000,000 bytes of ASCII 'a' (0x61), by 125's */
- shaInit(&sha);
- for (i = 0; i < 8000; i++)
- shaUpdate(&sha, (word8 *)"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 125);
- shaFinal(&sha, hash);
- if (compareSHAresults(hash, 5) < 0)
- exit (-1);
-
- /* Now perform time trial, generating MD for 10MB of data. First,
- initialize the test data */
- memset(data, 0, TEST_BLOCK_SIZE);
-
- /* Get start time */
- printf("SHA time trial. Processing %ld characters...\n", TEST_BYTES);
- seconds = time((time_t *)0);
-
- /* Calculate SHA message digest in TEST_BLOCK_SIZE byte blocks */
- shaInit(&sha);
- for (i = TEST_BLOCKS; i > 0; i--)
- shaUpdate(&sha, data, TEST_BLOCK_SIZE);
- shaFinal(&sha, hash);
-
- /* Get finish time and print difference */
- seconds = time((time_t *)0) - seconds;
- printf("Seconds to process test input: %ld\n", seconds);
- printf("Characters processed per second: %ld\n", TEST_BYTES / seconds);
-
- return 0;
-}
-#endif /* Test driver */
+++ /dev/null
-/* --------------------------------- SHA.H ------------------------------- */
-
-/*
- * NIST Secure Hash Algorithm.
- *
- * Written 2 September 1992, Peter C. Gutmann.
- * This implementation placed in the public domain.
- *
- * Modified 1 June 1993, Colin Plumb.
- * Renamed to SHA and comments updated a bit 1 November 1995, Colin Plumb.
- * These modifications placed in the public domain.
- *
- * Comments to pgut1@cs.aukuni.ac.nz
- */
-
-/* Typedefs for various word sizes */
-#include "types.h"
-
-/*
- * Since 64-bit machines are the wave of the future, we may as well
- * support them directly.
- */
-
-/* The SHA block size and message digest sizes, in bytes */
-
-#define SHA_BLOCKSIZE 64
-#define SHA_DIGESTSIZE 20
-
-/*
- * The structure for storing SHA info.
- * data[] is placed first in case offsets of 0 are faster
- * for some reason; it's the most often accessed field.
- */
-
-struct SHAContext {
- word32 data[ 16 ]; /* SHA data buffer */
- word32 digest[ 5 ]; /* Message digest */
-#ifdef HAVE64
- word64 count;
-#else
- word32 countHi, countLo; /* 64-bit byte count */
-#endif
-};
-
-/* Which standard? FIPS 180 or FIPS 180.1? */
-
-#define SHA_VERSION 1
-
-/* Whether the machine is little-endian or not */
-
-#if !defined(BIG_ENDIAN) && !defined(LITTLE_ENDIAN)
-#define BIG_ENDIAN 1
-#endif
-
-void shaInit(struct SHAContext *sha);
-void shaTransform(struct SHAContext *sha);
-void shaUpdate(struct SHAContext *sha, word8 const *buffer, unsigned count);
-void shaFinal(struct SHAContext *shaInfo, word8 *hash);
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef TYPES_H
-#define TYPES_H
-
-#include <limits.h>
-
-#if UCHAR_MAX == 0xff
-typedef unsigned char word8;
-typedef signed char int8;
-#endif
-
-#if UINT_MAX == 0xffffu
-typedef unsigned word16;
-typedef int int16;
-#elif USHRT_MAX == 0xffffu
-typedef unsigned short word16;
-typedef short int16;
-#endif
-
-#if UINT_MAX == 0xffffffffu
-typedef unsigned word32;
-typedef int int32;
-#elif ULONG_MAX == 0xffffffffu
-typedef unsigned long word32;
-typedef long int32;
-#endif
-
-#if ULONG_MAX > 0xffffffffu
-typedef unsigned long word64;
-typedef long int64;
-#ifndef HAVE64
-#define HAVE64 1
-#endif
-#elif defined(ULONGLONG_MAX) || defined(ULONG_LONG_MAX) || defined(ULLONG_MAX)
-typedef unsigned long long word64;
-typedef long long int64;
-#ifndef HAVE64
-#define HAVE64 1
-#endif
-#endif
-
-#endif /* !TYPES_H */
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#include <stdio.h>
-
-#define userPrintf printf
-#define userPuts(s) fputs(s, stdout)
-#define userFlush() fflush(stdout)
-#define userPutc putchar
+++ /dev/null
-/*
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * usuals.h - Typedefs and #defines used widely.
- */
-#ifndef USUALS_H
-#define USUALS_H
-
-#include <limits.h>
-
-#if UCHAR_MAX == 0xff
-typedef unsigned char byte;
-typedef signed char int8;
-#else
-#error This machine has no 8-bit type
-#endif
-
-#if UINT_MAX == 0xffffu
-typedef unsigned word16;
-typedef int int16;
-#elif USHRT_MAX == 0xffffu
-typedef unsigned short word16;
-typedef short int16;
-#else
-#error This machine has no 16-bit type
-#endif
-
-#if UINT_MAX == 0xffffffffu
-typedef unsigned int word32;
-typedef int int32;
-#elif ULONG_MAX == 0xffffffffu
-typedef unsigned long word32;
-typedef long int32;
-#else
-#error This machine has no 32-bit type
-#endif
-
-#include <string.h> /* Prototype for memset */
-/*
- * Wipe sensitive data.
- * Note that this takes a structure, not a pointer to one!
- */
-#define wipe(x) memset(x, 0, sizeof(*(x)))
-
-#endif /* USUALS_H */
./configure -C --enable-portable-binary --enable-sctp\
--prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-gnu-ld --with-openssl \
- --enable-core-odbc-support --enable-zrtp \
+ --enable-core-odbc-support \
--enable-core-pgsql-support \
--enable-static-v8 --disable-parallel-build-v8 --enable-amr $@
#CC=clang-3.6 CXX=clang++-3.6 ./configure -C --enable-portable-binary \
# --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
# --with-gnu-ld --with-openssl \
-# --enable-core-odbc-support --enable-zrtp \
+# --enable-core-odbc-support \
# --enable-core-pgsql-support \
# --enable-static-v8 --disable-parallel-build-v8 --enable-address-sanitizer
['phonetic-ascii'] = 1,
['time'] = 1,
['voicemail'] = 1,
- ['zrtp'] = 1
};
tbl_rates = {['8000'] = 1 ,['16000'] = 1, ['32000'] = 1, ['48000'] = 1};
else
freeswitch.consoleLog("ERR","Result of system call: " .. what .. " " .. code .. "\n");
end
-end
\ No newline at end of file
+end
+++ /dev/null
--- ZRTP Enrollment Agent
-session:setVariable("zrtp_secure_media", "true");
-session:setVariable("zrtp_enrollment", "true");
-session:sleep(100);
-session:answer();
-session:streamFile("zrtp/zrtp-status_securing.wav");
-session:sleep(3000);
--- Give the agent time to bring up ZRTP.
-
-local zrtp_secure_media_confirmed = session:getVariable("zrtp_secure_media_confirmed_audio");
-local zrtp_new_user_enrolled = session:getVariable("zrtp_new_user_enrolled_audio");
-local zrtp_already_enrolled = session:getVariable("zrtp_already_enrolled_audio");
-
-if zrtp_secure_media_confirmed == "true" then
- session:streamFile("zrtp/zrtp-status_secure.wav");
-else
- session:streamFile("zrtp/zrtp-status_notsecure.wav");
-end
-
-session:streamFile("zrtp/zrtp-enroll_welcome.wav");
-session:sleep(1000);
-
-if zrtp_secure_media_confirmed == "true" then
- if zrtp_new_user_enrolled == "true" then
- session:streamFile("zrtp/zrtp-enroll_confirmed.wav");
- session:sleep(3000);
- else
- if zrtp_already_enrolled == "true" then
- session:streamFile("zrtp/zrtp-enroll_already_enrolled.wav");
- end
- end
-else
- session:streamFile("zrtp/zrtp-enroll_notzrtp.wav");
-end
-
-session:sleep(1000);
-session:streamFile("zrtp/zrtp-thankyou_goodbye.wav");
-session:sleep(1000);
+++ /dev/null
--- Copyright (c) 2011-2012, Travis Cross.
---
--- The contents of this file are subject to the Mozilla Public License
--- Version 1.1 (the "License"); you may not use this file except in
--- compliance with the License. You may obtain a copy of the License
--- at http://www.mozilla.org/MPL/
---
--- Software distributed under the License is distributed on an "AS IS"
--- basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
--- the License for the specific language governing rights and
--- limitations under the License.
---
--- zrtp_proxy_media.lua
---
--- The logic in this script enables ZRTP sessions to negotiate
--- end-to-end security associations, which is desirable whether or not
--- the switch natively supports ZRTP itself.
---
--- To enable this logic, call the script from the top of your dialplan
--- as so:
---
--- <extension name="global" continue="true">
--- <condition break="never">
--- <action application="lua" data="lua/zrtp_proxy_media.lua"/>
--- </condition>
--- </extension>
---
--- If any particular call flow should never have proxy_media enabled,
--- such as for connecting to voicemail systems or conferences, make
--- sure this is called before the bridge:
---
--- <action application="lua" data="lua/zrtp_proxy_media.lua disable"/>
-
-api=freeswitch.API()
-
-function sappend(s1,s2) if s1 and #s1>0 then return s1..s2 else return s2 end end
-function log(level,msg) return freeswitch.consoleLog(level,msg.."\n") end
-function ready() return session:ready() end
-function getvar(var) return session:getVariable(var) end
-function getvarp(var) return getvar(var)=="true" end
-function setvar_a(k,v) return session:setVariable(k,v) end
-function append_var(k,v) return setvar_a(k,sappend(getvar(k),v)) end
-function export(k) return append_var("export_vars",","..k) end
-function setvar_ab(k,v) if v then setvar_a(k,v) end return export(k) end
-function setvar_b(k,v) return setvar_ab("nolocal:"..k,v) end
-
-function enable_zd(msg)
- log("info",msg)
- setvar_ab("zrtp_set","true")
- setvar_ab("proxy_media","true")
- setvar_ab("zrtp_secure_media","false")
-end
-
-function disable_zd(msg)
- log("info",msg)
- setvar_ab("zrtp_set","true")
- setvar_ab("proxy_media","false")
- setvar_ab("zrtp_secure_media","true")
-end
-
-function xfer(x)
- return session:transfer(x,getvar("dialplan"),getvar("context"))
-end
-
-function main()
- if ready() then
- session:setAutoHangup(false)
- local dst=getvar("destination_number")
- if argv[1]=="disable" then
- return disable_zd("zrtp-direct disabled on this call flow")
- elseif getvarp("zrtp_set") then
- return log("notice","zrtp already decided; doing nothing") end
- local x=dst:match("^%*%*%*(.*)$")
- if x then
- enable_zd("going zrtp-direct based on star code")
- return xfer(x) end
- local x=dst:match("^%*%*(.*)$")
- if x then
- disable_zd("going zrtp-indirect based on star code")
- return xfer(x) end
- if getvar("switch_r_sdp"):match("a=zrtp%-hash:") then
- return enable_zd("going zrtp-direct based on a=zrtp-hash") end
- return disable_zd("not going zrtp-direct")
- end
-end
-
-main()
+++ /dev/null
--- zrtp_sas_proxy.lua
---
--- Copyright (c) 2011-2013 Travis Cross
---
--- Permission is hereby granted, free of charge, to any person obtaining a copy
--- of this software and associated documentation files (the "Software"), to deal
--- in the Software without restriction, including without limitation the rights
--- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
--- copies of the Software, and to permit persons to whom the Software is
--- furnished to do so, subject to the following conditions:
---
--- The above copyright notice and this permission notice shall be included in
--- all copies or substantial portions of the Software.
---
--- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
--- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
--- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
--- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
--- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
--- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
--- THE SOFTWARE.
---
---
--- When we're acting as a ZRTP man-in-the-middle, proxy the SAS (Short
--- Authentication String) from one leg of the call to the other.
---
--- This script should be called asynchonously with luarun. e.g.:
---
--- <action application="export" data="nolocal:api_on_answer=luarun zrtp_sas_proxy.lua ${uuid}"/>
---
-aleg=argv[1]
-api=freeswitch.API()
-
-function log(level,msg) return freeswitch.consoleLog(level,"zrtp_sas: "..msg.."\n") end
-function sleep(sec) return freeswitch.msleep(sec*1000) end
-function ready() return api:execute("uuid_exists",aleg)=="true" end
-function getvar(uuid,var)
- local x=api:execute("uuid_getvar",uuid.." "..var)
- if x=="_undef_" then return nil end
- return x
-end
-function getvarp(uuid,var) return getvar(uuid,var)=="true" end
-function display(uuid,msg)
- local cidn=getvar(uuid,"caller_id_name")
- return api:execute("uuid_display",uuid.." "..msg.." "..cidn)
-end
-
-function mk_sas(sas1,sas2)
- if sas1 and sas2 then return sas1.." "..sas2
- else return sas1 or sas2 or "" end
-end
-
-function get_sas(uuid)
- return mk_sas(getvar(uuid,"zrtp_sas1_string_audio"),
- getvar(uuid,"zrtp_sas2_string"))
-end
-
-function log_sas(leg,uuid)
- return log("notice",leg..": "..uuid.." sas: "..get_sas(uuid))
-end
-
-function display_sas(to,from)
- return display(to," ("..get_sas(from)..")")
-end
-
-function get_bleg(aleg)
- local retries=15 bleg=nil
- while ready() do
- if retries<1 then return nil end
- local bleg=getvar(aleg,"signal_bond")
- if bleg then return bleg end
- log("debug","waiting for bleg uuid...")
- sleep(1)
- retries=retries-1
- end
-end
-
-function handle_sas(aleg,bleg)
- local retries=45 af=false bf=false
- while ready() do
- if retries<1 then return nil end
- if not af and getvarp(aleg,"zrtp_secure_media_confirmed_audio") then
- af=true
- log_sas("aleg",aleg)
- display_sas(bleg,aleg)
- end
- if not bf and getvarp(bleg,"zrtp_secure_media_confirmed_audio") then
- bf=true
- log_sas("bleg",bleg)
- display_sas(aleg,bleg)
- end
- if (af and bf) then break
- elseif af then log("debug","waiting on bleg zrtp...")
- elseif bf then log("debug","waiting on aleg zrtp...")
- else log("debug","waiting for zrtp...") end
- sleep(1)
- retries=retries-1
- end
-end
-
-if not (getvarp(aleg,"zrtp_passthru") or getvarp(aleg,"proxy_media")) then
- handle_sas(aleg,get_bleg(aleg))
-end
./configure -C --enable-portable-binary \
--prefix=/usr --localstatedir=/var --sysconfdir=/etc \
--with-gnu-ld --with-python --with-erlang --with-openssl \
- --enable-core-odbc-support --enable-zrtp \
+ --enable-core-odbc-support \
--enable-core-pgsql-support \
--enable-static-v8
#CC=clang-3.6 CXX=clang++-3.6 ./configure -C --enable-portable-binary \
# --prefix=/usr --localstatedir=/var --sysconfdir=/etc \
# --with-gnu-ld --with-python --with-erlang --with-openssl \
-# --enable-core-odbc-support --enable-zrtp \
+# --enable-core-odbc-support \
# --enable-core-pgsql-support \
# --enable-static-v8 --disable-parallel-build-v8 --enable-address-sanitizer
make
SWITCH_DECLARE(switch_status_t) switch_channel_perform_answer(switch_channel_t *channel, const char *file, const char *func, int line);
SWITCH_DECLARE(switch_status_t) switch_channel_perform_mark_answered(switch_channel_t *channel, const char *file, const char *func, int line);
-SWITCH_DECLARE(void) switch_channel_check_zrtp(switch_channel_t *channel);
/*!
\brief Answer a channel (initiate/acknowledge a successful connection)
SWITCH_DECLARE(void) switch_core_media_parse_rtp_bugs(switch_rtp_bug_flag_t *flag_pole, const char *str);
SWITCH_DECLARE(switch_status_t) switch_core_media_add_crypto(switch_core_session_t *session, switch_secure_settings_t *ssec, switch_rtp_crypto_direction_t direction);
SWITCH_DECLARE(switch_t38_options_t *) switch_core_media_extract_t38_options(switch_core_session_t *session, const char *r_sdp);
-SWITCH_DECLARE(void) switch_core_media_pass_zrtp_hash(switch_core_session_t *session);
-SWITCH_DECLARE(const char *) switch_core_media_get_zrtp_hash(switch_core_session_t *session, switch_media_type_t type, switch_bool_t local);
-SWITCH_DECLARE(void) switch_core_media_pass_zrtp_hash2(switch_core_session_t *aleg_session, switch_core_session_t *bleg_session);
SWITCH_DECLARE(int) switch_core_media_toggle_hold(switch_core_session_t *session, int sendonly);
SWITCH_DECLARE(void) switch_core_media_reset_t38(switch_core_session_t *session);
SWITCH_DECLARE(void) switch_core_media_copy_t38_options(switch_t38_options_t *t38_options, switch_core_session_t *session);
#define SWITCH_CACHE_SPEECH_HANDLES_OBJ_NAME "__cache_speech_handles_obj__"
#define SWITCH_BYPASS_MEDIA_VARIABLE "bypass_media"
#define SWITCH_PROXY_MEDIA_VARIABLE "proxy_media"
-#define SWITCH_ZRTP_PASSTHRU_VARIABLE "zrtp_passthru"
#define SWITCH_ENDPOINT_DISPOSITION_VARIABLE "endpoint_disposition"
#define SWITCH_HOLD_MUSIC_VARIABLE "hold_music"
#define SWITCH_TEMP_HOLD_MUSIC_VARIABLE "temp_hold_music"
SWITCH_RTP_FLAG_FLUSH,
SWITCH_RTP_FLAG_AUTOFLUSH,
SWITCH_RTP_FLAG_STICKY_FLUSH,
- SWITCH_ZRTP_FLAG_SECURE_SEND,
- SWITCH_ZRTP_FLAG_SECURE_RECV,
- SWITCH_ZRTP_FLAG_SECURE_MITM_SEND,
- SWITCH_ZRTP_FLAG_SECURE_MITM_RECV,
SWITCH_RTP_FLAG_DEBUG_RTP_READ,
SWITCH_RTP_FLAG_DEBUG_RTP_WRITE,
SWITCH_RTP_FLAG_ESTIMATORS,
CF_MANUAL_MEDIA_PARAMS,
CF_SERVICE_AUDIO,
CF_SERVICE_VIDEO,
- CF_ZRTP_PASSTHRU_REQ,
- CF_ZRTP_PASSTHRU,
- CF_ZRTP_HASH,
CF_CHANNEL_SWAP,
CF_DEVICE_LEG,
CF_FINAL_DEVICE_LEG,
SFF_RFC2833 = (1 << 4),
SFF_PROXY_PACKET = (1 << 5),
SFF_DYNAMIC = (1 << 6),
- SFF_ZRTP = (1 << 7),
- SFF_UDPTL_PACKET = (1 << 8),
- SFF_NOT_AUDIO = (1 << 9),
- SFF_RTCP = (1 << 10),
- SFF_MARKER = (1 << 11),
- SFF_WAIT_KEY_FRAME = (1 << 12),
- SFF_RAW_RTP_PARSE_FRAME = (1 << 13),
- SFF_PICTURE_RESET = (1 << 14),
- SFF_SAME_IMAGE = (1 << 15),
- SFF_USE_VIDEO_TIMESTAMP = (1 << 16),
- SFF_ENCODED = (1 << 17),
- SFF_TEXT_LINE_BREAK = (1 << 18),
- SFF_IS_KEYFRAME = (1 << 19),
- SFF_EXTERNAL = (1 << 20)
+ SFF_UDPTL_PACKET = (1 << 7),
+ SFF_NOT_AUDIO = (1 << 8),
+ SFF_RTCP = (1 << 9),
+ SFF_MARKER = (1 << 10),
+ SFF_WAIT_KEY_FRAME = (1 << 11),
+ SFF_RAW_RTP_PARSE_FRAME = (1 << 12),
+ SFF_PICTURE_RESET = (1 << 13),
+ SFF_SAME_IMAGE = (1 << 14),
+ SFF_USE_VIDEO_TIMESTAMP = (1 << 15),
+ SFF_ENCODED = (1 << 16),
+ SFF_TEXT_LINE_BREAK = (1 << 17),
+ SFF_IS_KEYFRAME = (1 << 18),
+ SFF_EXTERNAL = (1 << 19)
} switch_frame_flag_enum_t;
typedef uint32_t switch_frame_flag_t;
<!-- Let calls hit the dialplan before selecting codec for the a-leg -->
<param name="inbound-late-negotiation" value="true"/>
- <!-- Allow ZRTP clients to negotiate end-to-end security associations (also enables late negotiation) -->
- <param name="inbound-zrtp-passthru" value="true"/>
-
<!-- this lets anything register -->
<!-- comment the next line and uncomment one or both of the other 2
lines for call authentication -->
}
}
- switch_channel_check_zrtp(tech_pvt->channel);
-
if ((status = switch_core_media_choose_port(tech_pvt->session, SWITCH_MEDIA_TYPE_AUDIO, 0)) != SWITCH_STATUS_SUCCESS) {
switch_channel_hangup(channel, SWITCH_CAUSE_DESTINATION_OUT_OF_ORDER);
goto end_lock;
stream->write_function(stream, "NOMEDIA \t%s\n", sofia_test_flag(profile, TFLAG_INB_NOMEDIA) ? "true" : "false");
stream->write_function(stream, "LATE-NEG \t%s\n", sofia_test_flag(profile, TFLAG_LATE_NEGOTIATION) ? "true" : "false");
stream->write_function(stream, "PROXY-MEDIA \t%s\n", sofia_test_flag(profile, TFLAG_PROXY_MEDIA) ? "true" : "false");
- stream->write_function(stream, "ZRTP-PASSTHRU \t%s\n", sofia_test_flag(profile, TFLAG_ZRTP_PASSTHRU) ? "true" : "false");
stream->write_function(stream, "AGGRESSIVENAT \t%s\n",
sofia_test_pflag(profile, PFLAG_AGGRESSIVE_NAT_DETECTION) ? "true" : "false");
if (profile->user_agent_filter) {
stream->write_function(stream, " <nomedia>%s</nomedia>\n", sofia_test_flag(profile, TFLAG_INB_NOMEDIA) ? "true" : "false");
stream->write_function(stream, " <late-neg>%s</late-neg>\n", sofia_test_flag(profile, TFLAG_LATE_NEGOTIATION) ? "true" : "false");
stream->write_function(stream, " <proxy-media>%s</proxy-media>\n", sofia_test_flag(profile, TFLAG_PROXY_MEDIA) ? "true" : "false");
- stream->write_function(stream, " <zrtp-passthru>%s</zrtp-passthru>\n", sofia_test_flag(profile, TFLAG_ZRTP_PASSTHRU) ? "true" : "false");
stream->write_function(stream, " <aggressive-nat>%s</aggressive-nat>\n",
sofia_test_pflag(profile, PFLAG_AGGRESSIVE_NAT_DETECTION) ? "true" : "false");
if (profile->user_agent_filter) {
sofia_clear_flag(ctech_pvt, TFLAG_ENABLE_SOA);
}
- if (switch_channel_test_flag(o_channel, CF_ZRTP_PASSTHRU_REQ) && switch_channel_test_flag(o_channel, CF_ZRTP_HASH)) {
- const char *x = NULL;
- switch_core_media_pass_zrtp_hash2(session, nsession);
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "[zrtp_passthru] Setting a-leg inherit_codec=true\n");
- switch_channel_set_variable(o_channel, "inherit_codec", "true");
- if ((x = switch_channel_get_variable(o_channel, "ep_codec_string"))) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "[zrtp_passthru] Setting b-leg absolute_codec_string='%s'\n", x);
- switch_channel_set_variable(nchannel, "absolute_codec_string", x);
- }
- }
-
/* SNARK: lets copy this across so we can see if we're the other leg of 3PCC + bypass_media... */
if (sofia_test_flag(ctech_pvt, TFLAG_3PCC) && (switch_channel_test_flag(o_channel, CF_PROXY_MODE) || switch_channel_test_flag(o_channel, CF_PROXY_MEDIA))) {
sofia_set_flag(tech_pvt, TFLAG_3PCC_INVITE);
TFLAG_TPORT_LOG,
TFLAG_SENT_UPDATE,
TFLAG_PROXY_MEDIA,
- TFLAG_ZRTP_PASSTHRU,
TFLAG_HOLD_LOCK,
TFLAG_3PCC_HAS_ACK,
TFLAG_UPDATING_DISPLAY,
} else {
sofia_clear_flag(profile, TFLAG_PROXY_MEDIA);
}
- } else if (!strcasecmp(var, "inbound-zrtp-passthru")) {
- if (switch_true(val)) {
- sofia_set_flag(profile, TFLAG_ZRTP_PASSTHRU);
- } else {
- sofia_clear_flag(profile, TFLAG_ZRTP_PASSTHRU);
- }
} else if (!strcasecmp(var, "force-subscription-expires") && !zstr(val)) {
int tmp = atoi(val);
if (tmp > 0) {
}
}
- if (sofia_test_flag(profile, TFLAG_ZRTP_PASSTHRU) && !sofia_test_flag(profile, TFLAG_LATE_NEGOTIATION)) {
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "ZRTP passthrough implictly enables inbound-late-negotiation\n");
- sofia_set_flag(profile, TFLAG_LATE_NEGOTIATION);
- }
-
if (sofia_test_flag(profile, TFLAG_INB_NOMEDIA) && !sofia_test_flag(profile, TFLAG_LATE_NEGOTIATION)) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "inbound-bypass-media implictly enables inbound-late-negotiation\n");
sofia_set_flag(profile, TFLAG_LATE_NEGOTIATION);
if (profile_already_started) {
switch_xml_t gateways_tag, domain_tag, domains_tag, aliases_tag, alias_tag;
- if (sofia_test_flag(profile, TFLAG_ZRTP_PASSTHRU)) {
- sofia_set_flag(profile, TFLAG_LATE_NEGOTIATION);
- }
-
if ((gateways_tag = switch_xml_child(xprofile, "gateways"))) {
parse_gateways(profile, gateways_tag, NULL);
}
sofia_set_flag_locked(tech_pvt, TFLAG_ANS);
if (match) {
- switch_channel_check_zrtp(channel);
if (switch_core_media_choose_port(tech_pvt->session, SWITCH_MEDIA_TYPE_AUDIO, 0) == SWITCH_STATUS_SUCCESS) {
if (sofia_media_activate_rtp(tech_pvt) == SWITCH_STATUS_SUCCESS) {
switch_channel_set_flag(channel, CF_PROXY_MEDIA);
}
- if (sofia_test_flag(tech_pvt, TFLAG_ZRTP_PASSTHRU)) {
- switch_channel_set_flag(channel, CF_ZRTP_PASSTHRU_REQ);
- }
-
if (sip->sip_subject && sip->sip_subject->g_string) {
switch_channel_set_variable(channel, "sip_subject", sip->sip_subject->g_string);
}
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="170.0.0.1"/>
<param name="sip-ip" value="170.0.0.1"/>
<param name="ext-rtp-ip" value="170.0.0.1"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
switch_core_hash_insert(filter, "variable_rtp_secure_media_confirmed", "1");
switch_core_hash_insert(filter, "variable_rtp_secure_media_confirmed_audio", "1");
switch_core_hash_insert(filter, "variable_rtp_secure_media_confirmed_video", "1");
- switch_core_hash_insert(filter, "variable_zrtp_secure_media", "1");
- switch_core_hash_insert(filter, "variable_zrtp_secure_media_confirmed", "1");
- switch_core_hash_insert(filter, "variable_zrtp_secure_media_confirmed_audio", "1");
- switch_core_hash_insert(filter, "variable_zrtp_secure_media_confirmed_video", "1");
switch_core_hash_insert(filter, "sdp_secure_savp_only", "1");
switch_core_hash_insert(filter, "rtp_has_crypto", "1");
switch_core_hash_insert(filter, "rtp_secure_media", "1");
switch_core_hash_insert(filter, "rtp_secure_media_confirmed", "1");
switch_core_hash_insert(filter, "rtp_secure_media_confirmed_audio", "1");
switch_core_hash_insert(filter, "rtp_secure_media_confirmed_video", "1");
- switch_core_hash_insert(filter, "zrtp_secure_media", "1");
- switch_core_hash_insert(filter, "zrtp_secure_media_confirmed", "1");
- switch_core_hash_insert(filter, "zrtp_secure_media_confirmed_audio", "1");
- switch_core_hash_insert(filter, "zrtp_secure_media_confirmed_video", "1");
/* Device Redirect headers */
switch_core_hash_insert(filter, "variable_last_bridge_hangup_cause", "1");
return SWITCH_STATUS_FALSE;
}
-SWITCH_DECLARE(void) switch_channel_check_zrtp(switch_channel_t *channel)
-{
-
- if (!switch_channel_test_flag(channel, CF_ZRTP_PASSTHRU)
- && switch_channel_test_flag(channel, CF_ZRTP_PASSTHRU_REQ)
- && switch_channel_test_flag(channel, CF_ZRTP_HASH)) {
- switch_core_session_t *other_session;
- switch_channel_t *other_channel;
- int doit = 1;
-
- if (switch_core_session_get_partner(channel->session, &other_session) == SWITCH_STATUS_SUCCESS) {
- other_channel = switch_core_session_get_channel(other_session);
-
- if (switch_channel_test_flag(other_channel, CF_ZRTP_HASH) && !switch_channel_test_flag(other_channel, CF_ZRTP_PASSTHRU)) {
-
- switch_channel_set_flag(channel, CF_ZRTP_PASSTHRU);
- switch_channel_set_flag(other_channel, CF_ZRTP_PASSTHRU);
-
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(channel->session), SWITCH_LOG_INFO,
- "%s Activating ZRTP passthru mode.\n", switch_channel_get_name(channel));
-
- switch_channel_set_variable(channel, "zrtp_passthru_active", "true");
- switch_channel_set_variable(other_channel, "zrtp_passthru_active", "true");
- switch_channel_set_variable(channel, "zrtp_secure_media", "false");
- switch_channel_set_variable(other_channel, "zrtp_secure_media", "false");
- doit = 0;
- }
-
- switch_core_session_rwunlock(other_session);
- }
-
- if (doit) {
- switch_channel_set_variable(channel, "zrtp_passthru_active", "false");
- switch_channel_set_variable(channel, "zrtp_secure_media", "true");
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(channel->session), SWITCH_LOG_INFO,
- "%s ZRTP not negotiated on both sides; disabling ZRTP passthru mode.\n", switch_channel_get_name(channel));
-
- switch_channel_clear_flag(channel, CF_ZRTP_PASSTHRU);
- switch_channel_clear_flag(channel, CF_ZRTP_HASH);
-
- if (switch_core_session_get_partner(channel->session, &other_session) == SWITCH_STATUS_SUCCESS) {
- other_channel = switch_core_session_get_channel(other_session);
-
- switch_channel_set_variable(other_channel, "zrtp_passthru_active", "false");
- switch_channel_set_variable(other_channel, "zrtp_secure_media", "true");
- switch_channel_clear_flag(other_channel, CF_ZRTP_PASSTHRU);
- switch_channel_clear_flag(other_channel, CF_ZRTP_HASH);
-
- switch_core_session_rwunlock(other_session);
- }
-
- }
- }
-}
-
SWITCH_DECLARE(switch_status_t) switch_channel_perform_mark_pre_answered(switch_channel_t *channel, const char *file, const char *func, int line)
{
switch_event_t *event;
switch_core_media_check_dtls(channel->session, SWITCH_MEDIA_TYPE_AUDIO);
- switch_channel_check_zrtp(channel);
switch_log_printf(SWITCH_CHANNEL_ID_LOG, file, func, line, switch_channel_get_uuid(channel), SWITCH_LOG_NOTICE, "Pre-Answer %s!\n", channel->name);
switch_channel_set_flag(channel, CF_EARLY_MEDIA);
switch_mutex_unlock(channel->profile_mutex);
}
- switch_channel_check_zrtp(channel);
switch_channel_set_flag(channel, CF_ANSWERED);
if (switch_true(switch_channel_get_variable(channel, "video_mirror_input"))) {
}
-#ifdef ENABLE_ZRTP
-static void switch_core_set_serial(void)
-{
- char buf[13] = "";
- char path[256];
-
- int fd = -1, write_fd = -1;
- switch_ssize_t bytes = 0;
-
- switch_snprintf(path, sizeof(path), "%s%sfreeswitch.serial", SWITCH_GLOBAL_dirs.conf_dir, SWITCH_PATH_SEPARATOR);
-
-
- if ((fd = open(path, O_RDONLY, 0)) < 0) {
- char *ip = switch_core_get_variable_dup("local_ip_v4");
- uint32_t ipi = 0;
- switch_byte_t *byte;
- int i = 0;
-
- if (ip) {
- switch_inet_pton(AF_INET, ip, &ipi);
- free(ip);
- ip = NULL;
- }
-
-
- byte = (switch_byte_t *) & ipi;
-
- for (i = 0; i < 8; i += 2) {
- switch_snprintf(buf + i, sizeof(buf) - i, "%0.2x", *byte);
- byte++;
- }
-
- switch_stun_random_string(buf + 8, 4, "0123456789abcdef");
-
- if ((write_fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) >= 0) {
- bytes = write(write_fd, buf, sizeof(buf));
- bytes++;
- close(write_fd);
- }
- } else {
- bytes = read(fd, buf, sizeof(buf) - 1);
- close(fd);
- }
-
- switch_core_set_variable("switch_serial", buf);
-}
-#endif
-
SWITCH_DECLARE(int) switch_core_test_flag(int flag)
{
return switch_test_flag((&runtime), flag);
switch_core_set_variable("cache_dir", SWITCH_GLOBAL_dirs.cache_dir);
switch_core_set_variable("data_dir", SWITCH_GLOBAL_dirs.data_dir);
switch_core_set_variable("localstate_dir", SWITCH_GLOBAL_dirs.localstate_dir);
-#ifdef ENABLE_ZRTP
- switch_core_set_serial();
-#endif
switch_console_init(runtime.memory_pool);
switch_event_init(runtime.memory_pool);
switch_channel_global_init(runtime.memory_pool);
} else {
runtime.odbc_dbtype = DBTYPE_DEFAULT;
}
-#ifdef ENABLE_ZRTP
- } else if (!strcasecmp(var, "rtp-enable-zrtp")) {
- switch_core_set_variable("zrtp_enabled", val);
-#endif
} else if (!strcasecmp(var, "switchname") && !zstr(val)) {
runtime.switchname = switch_core_strdup(runtime.memory_pool, val);
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Set switchname to %s\n", runtime.switchname);
#include <stdbool.h>
static switch_t38_options_t * switch_core_media_process_udptl(switch_core_session_t *session, sdp_session_t *sdp, sdp_media_t *m);
-static void switch_core_media_find_zrtp_hash(switch_core_session_t *session, sdp_session_t *sdp);
static void switch_core_media_set_r_sdp_codec_string(switch_core_session_t *session, const char *codec_string, sdp_session_t *sdp, switch_sdp_type_t sdp_type);
static void gen_ice(switch_core_session_t *session, switch_media_type_t type, const char *ip, switch_port_t port);
//#define GOOGLE_ICE
switch_port_t proxy_sdp_port;
- /** ZRTP **/
- char *local_sdp_zrtp_hash;
- char *remote_sdp_zrtp_hash;
-
payload_map_t *cur_payload_map;
payload_map_t *payload_map;
payload_map_t *pmap_tail;
return dft ? dft : 1;
}
-static void _switch_core_media_pass_zrtp_hash2(switch_core_session_t *aleg_session, switch_core_session_t *bleg_session, switch_media_type_t type)
-{
- switch_rtp_engine_t *aleg_engine;
- switch_rtp_engine_t *bleg_engine;
-
- if (!aleg_session->media_handle || !bleg_session->media_handle) return;
- aleg_engine = &aleg_session->media_handle->engines[type];
- bleg_engine = &bleg_session->media_handle->engines[type];
-
-
-
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(aleg_session->channel), SWITCH_LOG_DEBUG1,
- "Deciding whether to pass zrtp-hash between a-leg and b-leg\n");
-
- if (!(switch_channel_test_flag(aleg_session->channel, CF_ZRTP_PASSTHRU_REQ))) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(aleg_session->channel), SWITCH_LOG_DEBUG1,
- "CF_ZRTP_PASSTHRU_REQ not set on a-leg, so not propagating zrtp-hash\n");
- return;
- }
-
- if (aleg_engine->remote_sdp_zrtp_hash) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(aleg_session->channel), SWITCH_LOG_DEBUG, "Passing a-leg remote zrtp-hash (audio) to b-leg\n");
- bleg_engine->local_sdp_zrtp_hash = switch_core_session_strdup(bleg_session, aleg_engine->remote_sdp_zrtp_hash);
- switch_channel_set_variable(bleg_session->channel, "l_sdp_audio_zrtp_hash", bleg_engine->local_sdp_zrtp_hash);
- }
-
- if (bleg_engine->remote_sdp_zrtp_hash) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(aleg_session->channel), SWITCH_LOG_DEBUG, "Passing b-leg remote zrtp-hash (audio) to a-leg\n");
- aleg_engine->local_sdp_zrtp_hash = switch_core_session_strdup(aleg_session, bleg_engine->remote_sdp_zrtp_hash);
- switch_channel_set_variable(aleg_session->channel, "l_sdp_audio_zrtp_hash", aleg_engine->local_sdp_zrtp_hash);
- }
-}
-
SWITCH_DECLARE(uint32_t) switch_core_media_get_video_fps(switch_core_session_t *session)
{
switch_media_handle_t *smh;
return fps;
}
-SWITCH_DECLARE(void) switch_core_media_pass_zrtp_hash2(switch_core_session_t *aleg_session, switch_core_session_t *bleg_session)
-{
- _switch_core_media_pass_zrtp_hash2(aleg_session, bleg_session, SWITCH_MEDIA_TYPE_AUDIO);
- _switch_core_media_pass_zrtp_hash2(aleg_session, bleg_session, SWITCH_MEDIA_TYPE_VIDEO);
- _switch_core_media_pass_zrtp_hash2(aleg_session, bleg_session, SWITCH_MEDIA_TYPE_TEXT);
-}
-
-
-SWITCH_DECLARE(void) switch_core_media_pass_zrtp_hash(switch_core_session_t *session)
-{
- switch_channel_t *channel = switch_core_session_get_channel(session);
-
- switch_core_session_t *other_session;
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG1, "Deciding whether to pass zrtp-hash between legs\n");
- if (!(switch_channel_test_flag(channel, CF_ZRTP_PASSTHRU_REQ))) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG1, "CF_ZRTP_PASSTHRU_REQ not set, so not propagating zrtp-hash\n");
- return;
- } else if (!(switch_core_session_get_partner(session, &other_session) == SWITCH_STATUS_SUCCESS)) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG1, "No partner channel found, so not propagating zrtp-hash\n");
- return;
- } else {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG1, "Found peer channel; propagating zrtp-hash if set\n");
- switch_core_media_pass_zrtp_hash2(session, other_session);
- switch_core_session_rwunlock(other_session);
- }
-}
-
-SWITCH_DECLARE(const char *) switch_core_media_get_zrtp_hash(switch_core_session_t *session, switch_media_type_t type, switch_bool_t local)
-{
- switch_rtp_engine_t *engine;
- if (!session->media_handle) return NULL;
-
- engine = &session->media_handle->engines[type];
-
- if (local) {
- return engine->local_sdp_zrtp_hash;
- }
-
-
- return engine->remote_sdp_zrtp_hash;
-
-}
-
-static void switch_core_media_find_zrtp_hash(switch_core_session_t *session, sdp_session_t *sdp)
-{
- switch_channel_t *channel = switch_core_session_get_channel(session);
- switch_rtp_engine_t *audio_engine;
- switch_rtp_engine_t *video_engine;
- switch_rtp_engine_t *text_engine;
- sdp_media_t *m;
- sdp_attribute_t *attr;
- int got_audio = 0, got_video = 0, got_text = 0;
-
- if (!session->media_handle) return;
-
- audio_engine = &session->media_handle->engines[SWITCH_MEDIA_TYPE_AUDIO];
- video_engine = &session->media_handle->engines[SWITCH_MEDIA_TYPE_VIDEO];
- text_engine = &session->media_handle->engines[SWITCH_MEDIA_TYPE_TEXT];
-
-
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG1, "Looking for zrtp-hash\n");
- for (m = sdp->sdp_media; m; m = m->m_next) {
- if (got_audio && got_video && got_text) break;
- if (m->m_port && ((m->m_type == sdp_media_audio && !got_audio)
- || (m->m_type == sdp_media_video && !got_video))) {
- for (attr = m->m_attributes; attr; attr = attr->a_next) {
- if (zstr(attr->a_name)) continue;
- if (strcasecmp(attr->a_name, "zrtp-hash") || !(attr->a_value)) continue;
- if (m->m_type == sdp_media_audio) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG,
- "Found audio zrtp-hash; setting r_sdp_audio_zrtp_hash=%s\n", attr->a_value);
- switch_channel_set_variable(channel, "r_sdp_audio_zrtp_hash", attr->a_value);
- audio_engine->remote_sdp_zrtp_hash = switch_core_session_strdup(session, attr->a_value);
- got_audio++;
- } else if (m->m_type == sdp_media_video) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG,
- "Found video zrtp-hash; setting r_sdp_video_zrtp_hash=%s\n", attr->a_value);
- switch_channel_set_variable(channel, "r_sdp_video_zrtp_hash", attr->a_value);
- video_engine->remote_sdp_zrtp_hash = switch_core_session_strdup(session, attr->a_value);
- got_video++;
- } else if (m->m_type == sdp_media_text) {
- switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_DEBUG,
- "Found text zrtp-hash; setting r_sdp_video_zrtp_hash=%s\n", attr->a_value);
- switch_channel_set_variable(channel, "r_sdp_text_zrtp_hash", attr->a_value);
- text_engine->remote_sdp_zrtp_hash = switch_core_session_strdup(session, attr->a_value);
- got_text++;
- }
- switch_channel_set_flag(channel, CF_ZRTP_HASH);
- break;
- }
- }
- }
-}
-
-
static switch_t38_options_t * switch_core_media_process_udptl(switch_core_session_t *session, sdp_session_t *sdp, sdp_media_t *m)
{
switch_t38_options_t *t38_options = switch_channel_get_private(session->channel, "t38_options");
switch_channel_set_variable(session->channel, "t38_broken_boolean", "true");
}
- switch_core_media_find_zrtp_hash(session, sdp);
- switch_core_media_pass_zrtp_hash(session);
-
check_ice(smh, SWITCH_MEDIA_TYPE_AUDIO, sdp, NULL);
check_ice(smh, SWITCH_MEDIA_TYPE_VIDEO, sdp, NULL);
check_ice(smh, SWITCH_MEDIA_TYPE_TEXT, sdp, NULL);
switch_channel_set_variable(session->channel, SWITCH_REMOTE_MEDIA_PORT_VARIABLE, tmp);
- if (switch_channel_test_flag(session->channel, CF_ZRTP_PASSTHRU)) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_INFO, "Activating ZRTP PROXY MODE\n");
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Disable NOTIMER_DURING_BRIDGE\n");
- switch_channel_clear_flag(session->channel, CF_NOTIMER_DURING_BRIDGE);
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Activating audio UDPTL mode\n");
- switch_rtp_udptl_mode(a_engine->rtp_session);
- }
-
-
-
text:
//if (switch_channel_test_flag(session->channel, CF_MSRP)) { // skip RTP RTT
switch_core_session_apply_crypto(session, SWITCH_MEDIA_TYPE_TEXT);
-
- if (switch_channel_test_flag(session->channel, CF_ZRTP_PASSTHRU)) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Activating text UDPTL mode\n");
- switch_rtp_udptl_mode(t_engine->rtp_session);
- }
-
} else {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "TEXT RTP REPORTS ERROR: [%s]\n", switch_str_nil(err));
switch_channel_hangup(session->channel, SWITCH_CAUSE_DESTINATION_OUT_OF_ORDER);
switch_core_session_apply_crypto(session, SWITCH_MEDIA_TYPE_VIDEO);
- if (switch_channel_test_flag(session->channel, CF_ZRTP_PASSTHRU)) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Activating video UDPTL mode\n");
- switch_rtp_udptl_mode(v_engine->rtp_session);
- }
-
} else {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "VIDEO RTP REPORTS ERROR: [%s]\n", switch_str_nil(err));
switch_channel_hangup(session->channel, SWITCH_CAUSE_INCOMPATIBLE_DESTINATION);
int rate;
int already_did[128] = { 0 };
int ptime = 0, noptime = 0;
- const char *local_sdp_audio_zrtp_hash;
switch_media_handle_t *smh;
switch_rtp_engine_t *a_engine;
int include_external;
switch_snprintf(buf + strlen(buf), buflen - strlen(buf), "a=ptime:%d\r\n", cur_ptime);
}
- local_sdp_audio_zrtp_hash = switch_core_media_get_zrtp_hash(session, SWITCH_MEDIA_TYPE_AUDIO, SWITCH_TRUE);
-
- if (local_sdp_audio_zrtp_hash) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Adding audio a=zrtp-hash:%s\n", local_sdp_audio_zrtp_hash);
- switch_snprintf(buf + strlen(buf), buflen - strlen(buf), "a=zrtp-hash:%s\r\n", local_sdp_audio_zrtp_hash);
- }
-
if (!zstr(sr)) {
switch_snprintf(buf + strlen(buf), buflen - strlen(buf), "a=%s\r\n", sr);
}
switch_event_t *map = NULL, *ptmap = NULL;
//const char *b_sdp = NULL;
//const char *local_audio_crypto_key = switch_core_session_local_crypto_key(session, SWITCH_MEDIA_TYPE_AUDIO);
- const char *local_sdp_audio_zrtp_hash = switch_core_media_get_zrtp_hash(session, SWITCH_MEDIA_TYPE_AUDIO, SWITCH_TRUE);
- const char *local_sdp_video_zrtp_hash = switch_core_media_get_zrtp_hash(session, SWITCH_MEDIA_TYPE_VIDEO, SWITCH_TRUE);
- const char *local_sdp_text_zrtp_hash = switch_core_media_get_zrtp_hash(session, SWITCH_MEDIA_TYPE_TEXT, SWITCH_TRUE);
const char *tmp;
switch_rtp_engine_t *a_engine, *v_engine, *t_engine;
switch_media_handle_t *smh;
}
- if (local_sdp_audio_zrtp_hash) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Adding audio a=zrtp-hash:%s\r\n",
- local_sdp_audio_zrtp_hash);
- switch_snprintf(buf + strlen(buf), SDPBUFLEN - strlen(buf), "a=zrtp-hash:%s\r\n",
- local_sdp_audio_zrtp_hash);
- }
-
if (!zstr(sr)) {
switch_snprintf(buf + strlen(buf), SDPBUFLEN - strlen(buf), "a=%s\r\n", sr);
}
}
- if (local_sdp_video_zrtp_hash) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Adding video a=zrtp-hash:%s\n", local_sdp_video_zrtp_hash);
- switch_snprintf(buf + strlen(buf), SDPBUFLEN - strlen(buf), "a=zrtp-hash:%s\r\n", local_sdp_video_zrtp_hash);
- }
-
-
if (switch_channel_test_flag(session->channel, CF_DTLS) ||
!switch_channel_test_flag(session->channel, CF_SECURE) ||
smh->crypto_mode == CRYPTO_MODE_MANDATORY || smh->crypto_mode == CRYPTO_MODE_FORBIDDEN) {
}
- if (local_sdp_text_zrtp_hash) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Adding text a=zrtp-hash:%s\n", local_sdp_text_zrtp_hash);
- switch_snprintf(buf + strlen(buf), SDPBUFLEN - strlen(buf), "a=zrtp-hash:%s\r\n", local_sdp_text_zrtp_hash);
- }
-
-
if (switch_channel_test_flag(session->channel, CF_DTLS) ||
!switch_channel_test_flag(session->channel, CF_SECURE) ||
smh->crypto_mode == CRYPTO_MODE_MANDATORY || smh->crypto_mode == CRYPTO_MODE_FORBIDDEN) {
}
}
- switch_core_media_find_zrtp_hash(session, sdp);
- switch_core_media_pass_zrtp_hash(session);
-
for (m = sdp->sdp_media; m; m = m->m_next) {
ptime = dptime;
}
}
- if (switch_channel_test_flag(channel, CF_ZRTP_PASSTHRU_REQ)) {
- switch_channel_set_flag(peer_channel, CF_ZRTP_PASSTHRU_REQ);
- }
-
if (profile) {
if ((cloned_profile = switch_caller_profile_clone(*new_session, profile)) != 0) {
switch_channel_set_originator_caller_profile(peer_channel, cloned_profile);
}
if (session) {
- const char *to_var, *bypass_media = NULL, *proxy_media = NULL, *zrtp_passthru = NULL;
+ const char *to_var, *bypass_media = NULL, *proxy_media = NULL;
switch_channel_set_flag(caller_channel, CF_ORIGINATOR);
oglobals.session = session;
proxy_media = switch_channel_get_variable(caller_channel, SWITCH_PROXY_MEDIA_VARIABLE);
bypass_media = switch_channel_get_variable(caller_channel, SWITCH_BYPASS_MEDIA_VARIABLE);
- zrtp_passthru = switch_channel_get_variable(caller_channel, SWITCH_ZRTP_PASSTHRU_VARIABLE);
if (!zstr(proxy_media)) {
if (switch_true(proxy_media)) {
}
}
- if (!zstr(zrtp_passthru)) {
- if (switch_true(zrtp_passthru)) {
- switch_channel_set_flag(caller_channel, CF_ZRTP_PASSTHRU_REQ);
- } else if (switch_channel_test_flag(caller_channel, CF_ZRTP_PASSTHRU_REQ)) {
- switch_channel_clear_flag(caller_channel, CF_ZRTP_PASSTHRU_REQ);
- }
- }
-
if (bypass_media && switch_channel_test_flag(caller_channel, CF_EARLY_MEDIA) && !switch_channel_test_flag(caller_channel, CF_ANSWERED)) {
switch_core_session_message_t msg = { 0 };
#define WARN_SRTP_ERRS 10
#define MAX_SRTP_ERRS 100
#define NTP_TIME_OFFSET 2208988800UL
-#define ZRTP_MAGIC_COOKIE 0x5a525450
static const switch_payload_t INVALID_PT = 255;
#define DTMF_SANITY (rtp_session->one_second * 30)
typedef srtp_hdr_t rtp_hdr_t;
-#ifdef ENABLE_ZRTP
-#include "zrtp.h"
-static zrtp_global_t *zrtp_global;
-#ifndef WIN32
-static zrtp_zid_t zid = { "FreeSWITCH01" };
-#else
-static zrtp_zid_t zid = { "FreeSWITCH0" };
-#endif
-static int zrtp_on = 0;
-#define ZRTP_MITM_TRIES 100
-#endif
#ifdef _MSC_VER
#pragma pack(4)
uint32_t last_max_vb_frames;
int skip_timer;
uint32_t prev_nacks_inflight;
-#ifdef ENABLE_ZRTP
- zrtp_session_t *zrtp_session;
- zrtp_profile_t *zrtp_profile;
- zrtp_stream_t *zrtp_stream;
- int zrtp_mitm_tries;
- int zinit;
-#endif
-
};
struct switch_rtcp_report_block {
READ_DEC(rtp_session);
}
-#ifdef ENABLE_ZRTP
-SWITCH_STANDARD_SCHED_FUNC(zrtp_cache_save_callback)
-{
- zrtp_status_t status = zrtp_status_ok;
-
- status = zrtp_def_cache_store(zrtp_global);
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Saving ZRTP cache: %s\n", zrtp_status_ok == status ? "OK" : "FAIL");
- task->runtime = switch_epoch_time_now(NULL) + 900;
-}
-
-static int zrtp_send_rtp_callback(const zrtp_stream_t *stream, char *rtp_packet, unsigned int rtp_packet_length)
-{
- switch_rtp_t *rtp_session = zrtp_stream_get_userdata(stream);
- switch_size_t len = rtp_packet_length;
- zrtp_status_t status = zrtp_status_ok;
-
- if (!rtp_session->sock_output) {
- return status;
- }
-
- switch_socket_sendto(rtp_session->sock_output, rtp_session->remote_addr, 0, rtp_packet, &len);
- return status;
-}
-
-static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
-{
- switch_rtp_t *rtp_session = zrtp_stream_get_userdata(stream);
- zrtp_session_info_t zrtp_session_info;
-
- switch_channel_t *channel = switch_core_session_get_channel(rtp_session->session);
- switch_event_t *fsevent = NULL;
- const char *type;
-
- type = rtp_type(rtp_session);
-
- switch (event) {
- case ZRTP_EVENT_IS_SECURE:
- {
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_SEND] = 1;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_RECV] = 1;
- if (!rtp_session->flags[SWITCH_RTP_FLAG_VIDEO]) {
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND] = 1;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV] = 1;
- }
- if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) {
- if (zrtp_session_info.sas_is_ready) {
-
- switch_channel_set_variable_name_printf(channel, "true", "zrtp_secure_media_confirmed_%s", type);
- switch_channel_set_variable_name_printf(channel, stream->session->sas1.buffer, "zrtp_sas1_string_%s", type);
- switch_channel_set_variable_name_printf(channel, stream->session->sas2.buffer, "zrtp_sas2_string", type);
- zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)1);
- }
- }
-
- if (!rtp_session->flags[SWITCH_RTP_FLAG_VIDEO]) {
-
-
- if (rtp_session->session) {
- switch_channel_t *channel = switch_core_session_get_channel(rtp_session->session);
- switch_rtp_t *video_rtp_session = switch_channel_get_private(channel, "__zrtp_video_rtp_session");
-
- if (!video_rtp_session) {
- video_rtp_session = switch_channel_get_private_partner(channel, "__zrtp_video_rtp_session");
- }
-
- if (video_rtp_session) {
- if (zrtp_status_ok != zrtp_stream_attach(stream->session, &video_rtp_session->zrtp_stream)) {
- abort();
- }
- zrtp_stream_set_userdata(video_rtp_session->zrtp_stream, video_rtp_session);
- if (switch_true(switch_channel_get_variable(channel, "zrtp_enrollment"))) {
- zrtp_stream_registration_start(video_rtp_session->zrtp_stream, video_rtp_session->ssrc);
- } else {
- zrtp_stream_start(video_rtp_session->zrtp_stream, video_rtp_session->ssrc);
- }
- }
- }
- }
-
- if (switch_event_create(&fsevent, SWITCH_EVENT_CALL_SECURE) == SWITCH_STATUS_SUCCESS) {
- switch_event_add_header(fsevent, SWITCH_STACK_BOTTOM, "secure_media_type", "%s", type);
- switch_event_add_header(fsevent, SWITCH_STACK_BOTTOM, "secure_type", "zrtp:%s:%s", stream->session->sas1.buffer,
- stream->session->sas2.buffer);
- switch_event_add_header_string(fsevent, SWITCH_STACK_BOTTOM, "caller-unique-id", switch_channel_get_uuid(channel));
- switch_event_fire(&fsevent);
- }
- }
- break;
-#if 0
- case ZRTP_EVENT_NO_ZRTP_QUICK:
- {
- if (stream != NULL) {
- zrtp_stream_stop(stream);
- }
- }
- break;
-#endif
- case ZRTP_EVENT_IS_CLIENT_ENROLLMENT:
- {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG, "Enrolled complete!\n");
- switch_channel_set_variable_name_printf(channel, "true", "zrtp_enroll_complete_%s", type);
- }
- break;
-
- case ZRTP_EVENT_USER_ALREADY_ENROLLED:
- {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG, "User already enrolled!\n");
- switch_channel_set_variable_name_printf(channel, "true", "zrtp_already_enrolled_%s", type);
- }
- break;
-
- case ZRTP_EVENT_NEW_USER_ENROLLED:
- {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG, "New user enrolled!\n");
- switch_channel_set_variable_name_printf(channel, "true", "zrtp_new_user_enrolled_%s", type);
- }
- break;
-
- case ZRTP_EVENT_USER_UNENROLLED:
- {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG, "User unenrolled!\n");
- switch_channel_set_variable_name_printf(channel, "true", "zrtp_user_unenrolled_%s", type);
- }
- break;
-
- case ZRTP_EVENT_IS_PENDINGCLEAR:
- {
- switch_channel_set_variable_name_printf(channel, "false", "zrtp_secure_media_confirmed_%s", type);
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_SEND] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_RECV] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV] = 0;
- rtp_session->zrtp_mitm_tries = 0;
- }
- break;
-
- case ZRTP_EVENT_NO_ZRTP:
- {
- switch_channel_set_variable_name_printf(channel, "false", "zrtp_secure_media_confirmed_%s", type);
- }
- break;
-
- default:
- break;
- }
-}
-
-static void zrtp_logger(int level, const char *data, int len, int offset)
-{
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "%s", data);
-}
-#endif
#ifdef ENABLE_SRTP
SWITCH_DECLARE(void) switch_srtp_err_to_txt(srtp_err_status_t stat, char **msg)
SWITCH_DECLARE(void) switch_rtp_init(switch_memory_pool_t *pool)
{
-#ifdef ENABLE_ZRTP
- const char *zid_string = switch_core_get_variable_pdup("switch_serial", pool);
- const char *zrtp_enabled = switch_core_get_variable_pdup("zrtp_enabled", pool);
- zrtp_config_t zrtp_config;
- char zrtp_cache_path[256] = "";
- zrtp_on = zrtp_enabled ? switch_true(zrtp_enabled) : 0;
-#endif
if (global_init) {
return;
}
switch_core_hash_init(&alloc_hash);
-#ifdef ENABLE_ZRTP
- if (zrtp_on) {
- uint32_t cache_len;
- zrtp_config_defaults(&zrtp_config);
- strcpy(zrtp_config.client_id, "FreeSWITCH");
- zrtp_config.is_mitm = 1;
- zrtp_config.lic_mode = ZRTP_LICENSE_MODE_ACTIVE;
- switch_snprintf(zrtp_cache_path, sizeof(zrtp_cache_path), "%s%szrtp.dat", SWITCH_GLOBAL_dirs.db_dir, SWITCH_PATH_SEPARATOR);
- cache_len=(uint32_t)strlen(zrtp_cache_path);
- ZSTR_SET_EMPTY(zrtp_config.def_cache_path);
- zrtp_config.def_cache_path.length = cache_len > zrtp_config.def_cache_path.max_length ? zrtp_config.def_cache_path.max_length : (uint16_t)cache_len;
- strncpy(zrtp_config.def_cache_path.buffer, zrtp_cache_path, zrtp_config.def_cache_path.max_length);
- zrtp_config.cb.event_cb.on_zrtp_protocol_event = (void (*)(zrtp_stream_t*,zrtp_protocol_event_t))zrtp_event_callback;
- zrtp_config.cb.misc_cb.on_send_packet = zrtp_send_rtp_callback;
- zrtp_config.cb.event_cb.on_zrtp_security_event = (void (*)(zrtp_stream_t*,zrtp_security_event_t))zrtp_event_callback;
- zrtp_log_set_log_engine((zrtp_log_engine *) zrtp_logger);
- zrtp_log_set_level(4);
- if (zrtp_status_ok == zrtp_init(&zrtp_config, &zrtp_global)) {
- memcpy(zid, zid_string, 12);
- switch_scheduler_add_task(switch_epoch_time_now(NULL) + 900, zrtp_cache_save_callback, "zrtp_cache_save", "core", 0, NULL,
- SSHF_NONE | SSHF_NO_DEL);
- } else {
- switch_core_set_variable("zrtp_enabled", NULL);
- zrtp_on = 0;
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_CRIT, "ZRTP init failed!\n");
- }
- }
-#endif
#ifdef ENABLE_SRTP
{
srtp_err_status_t stat = srtp_init();
switch_mutex_unlock(rtp_session->ice_mutex);
#endif
-#ifdef ENABLE_ZRTP
- /* ZRTP Send */
- if (zrtp_on && !rtp_session->flags[SWITCH_RTP_FLAG_PROXY_MEDIA]) {
- unsigned int sbytes = (int) rtcp_bytes;
- zrtp_status_t stat = zrtp_status_fail;
-
- stat = zrtp_process_rtcp(rtp_session->zrtp_stream, (void *) &rtp_session->rtcp_send_msg, &sbytes);
-
- switch (stat) {
- case zrtp_status_ok:
- break;
- case zrtp_status_drop:
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error: zRTP protection drop with code %d\n", stat);
- ret = (int)rtcp_bytes;
- goto end;
- break;
- case zrtp_status_fail:
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error: zRTP protection fail with code %d\n", stat);
- break;
- default:
- break;
- }
-
- rtcp_bytes = sbytes;
- }
-#endif
//#define DEBUG_EXTRA
#ifdef DEBUG_EXTRA
{
switch_core_hash_destroy(&alloc_hash);
switch_mutex_unlock(port_lock);
-#ifdef ENABLE_ZRTP
- if (zrtp_on) {
- zrtp_status_t status = zrtp_status_ok;
-
- status = zrtp_def_cache_store(zrtp_global);
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Saving ZRTP cache: %s\n", zrtp_status_ok == status ? "OK" : "FAIL");
- zrtp_down(zrtp_global);
- }
-#endif
#ifdef ENABLE_SRTP
srtp_crypto_kernel_shutdown();
#endif
switch_channel_set_private(channel, "__rtcp_audio_rtp_session", rtp_session);
}
-#ifdef ENABLE_ZRTP
- if (zrtp_on && session && channel && !rtp_session->flags[SWITCH_RTP_FLAG_PROXY_MEDIA]) {
- switch_rtp_t *master_rtp_session = NULL;
-
- int initiator = 0;
- const char *zrtp_enabled = switch_channel_get_variable(channel, "zrtp_secure_media");
- int srtp_enabled = switch_channel_test_flag(channel, CF_SECURE);
-
- if (srtp_enabled && switch_true(zrtp_enabled)) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_WARNING,
- "You can not have ZRTP and SRTP enabled simultaneously, ZRTP will be disabled for this call!\n");
- switch_channel_set_variable(channel, "zrtp_secure_media", NULL);
- zrtp_enabled = NULL;
- }
-
-
- if (switch_true(zrtp_enabled)) {
- if (rtp_session->flags[SWITCH_RTP_FLAG_VIDEO]) {
- switch_channel_set_private(channel, "__zrtp_video_rtp_session", rtp_session);
- master_rtp_session = switch_channel_get_private(channel, "__zrtp_audio_rtp_session");
- } else {
- switch_channel_set_private(channel, "__zrtp_audio_rtp_session", rtp_session);
- master_rtp_session = rtp_session;
- }
-
-
- if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
- initiator = 1;
- }
-
- if (rtp_session == master_rtp_session) {
- rtp_session->zrtp_profile = switch_core_alloc(rtp_session->pool, sizeof(*rtp_session->zrtp_profile));
- zrtp_profile_defaults(rtp_session->zrtp_profile, zrtp_global);
-
- rtp_session->zrtp_profile->allowclear = 0;
- rtp_session->zrtp_profile->disclose_bit = 0;
- rtp_session->zrtp_profile->cache_ttl = (uint32_t) -1;
-
- if (zrtp_status_ok != zrtp_session_init(zrtp_global, rtp_session->zrtp_profile, zid, initiator, &rtp_session->zrtp_session)) {
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_ERROR, "Error! zRTP INIT Failed\n");
- zrtp_session_down(rtp_session->zrtp_session);
- rtp_session->zrtp_session = NULL;
- goto end;
- }
-
- zrtp_session_set_userdata(rtp_session->zrtp_session, session);
-
-
- if (zrtp_status_ok != zrtp_stream_attach(master_rtp_session->zrtp_session, &rtp_session->zrtp_stream)) {
- abort();
- }
-
- zrtp_stream_set_userdata(rtp_session->zrtp_stream, rtp_session);
-
- if (switch_true(switch_channel_get_variable(channel, "zrtp_enrollment"))) {
- zrtp_stream_registration_start(rtp_session->zrtp_stream, rtp_session->ssrc);
- } else {
- zrtp_stream_start(rtp_session->zrtp_stream, rtp_session->ssrc);
- }
- }
-
- }
- }
-
- end:
-
-#endif
/* Jitter */
rtp_session->stats.inbound.last_proc_time = switch_micro_time_now() / 1000;
}
#endif
-#ifdef ENABLE_ZRTP
- /* ZRTP */
- if (zrtp_on && !(*rtp_session)->flags[SWITCH_RTP_FLAG_PROXY_MEDIA]) {
-
- if ((*rtp_session)->zrtp_stream != NULL) {
- zrtp_stream_stop((*rtp_session)->zrtp_stream);
- }
-
- if ((*rtp_session)->flags[SWITCH_ZRTP_FLAG_SECURE_SEND]) {
- (*rtp_session)->flags[SWITCH_ZRTP_FLAG_SECURE_SEND] = 0;
- }
-
- if ((*rtp_session)->flags[SWITCH_ZRTP_FLAG_SECURE_RECV]) {
- (*rtp_session)->flags[SWITCH_ZRTP_FLAG_SECURE_RECV] = 0;
- }
-
- if ((*rtp_session)->zrtp_session) {
- zrtp_session_down((*rtp_session)->zrtp_session);
- (*rtp_session)->zrtp_session = NULL;
- }
- }
-#endif
if ((*rtp_session)->timer.timer_interface) {
switch_core_timer_destroy(&(*rtp_session)->timer);
}
if (*bytes) {
b = (unsigned char *) &rtp_session->recv_msg;
- /* version 2 probably rtp, zrtp cookie present means zrtp */
- rtp_session->has_rtp = (rtp_session->recv_msg.header.version == 2 || ntohl(*(int *)(b+4)) == ZRTP_MAGIC_COOKIE);
+ /* version 2 probably rtp */
+ rtp_session->has_rtp = (rtp_session->recv_msg.header.version == 2);
if (rtp_session->media_timeout) {
rtp_session->last_media = switch_micro_time_now();
switch_mutex_lock(rtp_session->flag_mutex);
for (pmap = *rtp_session->pmaps; pmap && pmap->allocated; pmap = pmap->next) {
- if (ntohl(*(int *)(b+4)) == ZRTP_MAGIC_COOKIE) {
- accept_packet = 1;
- break;
- }
-
if (!pmap->negotiated) {
continue;
}
if (*bytes) {
if (!rtp_session->flags[SWITCH_RTP_FLAG_PROXY_MEDIA] && !rtp_session->flags[SWITCH_RTP_FLAG_UDPTL]) {
-#ifdef ENABLE_ZRTP
- /* ZRTP Recv */
- if (zrtp_on) {
-
- unsigned int sbytes = (int) *bytes;
- zrtp_status_t stat = 0;
-
- stat = zrtp_process_srtp(rtp_session->zrtp_stream, (void *) &rtp_session->recv_msg, &sbytes);
-
- switch (stat) {
- case zrtp_status_ok:
- *bytes = sbytes;
- break;
- case zrtp_status_drop:
- /* switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Error: zRTP protection drop with code %d\n", stat); */
- *bytes = 0;
- return SWITCH_STATUS_SUCCESS;
- case zrtp_status_fail:
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error: zRTP protection fail with code %d\n", stat);
- return SWITCH_STATUS_FALSE;
- default:
- break;
- }
- }
-#endif
#ifdef ENABLE_SRTP
switch_mutex_lock(rtp_session->ice_mutex);
switch_mutex_unlock(rtp_session->ice_mutex);
-#ifdef ENABLE_ZRTP
- if (zrtp_on && !rtp_session->flags[SWITCH_RTP_FLAG_PROXY_MEDIA] && rtp_session->rtcp_recv_msg_p->header.version == 2) {
- /* ZRTP Recv */
- if (bytes) {
- unsigned int sbytes = (int) *bytes;
- zrtp_status_t stat = 0;
-
- stat = zrtp_process_srtcp(rtp_session->zrtp_stream, (void *) rtp_session->rtcp_recv_msg_p, &sbytes);
-
- switch (stat) {
- case zrtp_status_ok:
- *bytes = sbytes;
- break;
- case zrtp_status_drop:
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error: zRTP protection drop with code %d\n", stat);
- *bytes = 0;
- break;
- case zrtp_status_fail:
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error: zRTP protection fail with code %d\n", stat);
- *bytes = 0;
- break;
- default:
- break;
- }
- }
- }
-#endif
/* RTCP Auto ADJ */
if (*bytes && rtp_session->flags[SWITCH_RTP_FLAG_RTCP_AUTOADJ] && switch_sockaddr_get_port(rtp_session->rtcp_from_addr)) {
switch_mutex_unlock(other_rtp_session->ice_mutex);
#endif
-#ifdef ENABLE_ZRTP
- /* ZRTP Send */
- if (zrtp_on && !rtp_session->flags[SWITCH_RTP_FLAG_PROXY_MEDIA]) {
- unsigned int sbytes = (unsigned int) bytes;
- zrtp_status_t stat = zrtp_status_fail;
-
- stat = zrtp_process_rtcp(other_rtp_session->zrtp_stream, (void *) &other_rtp_session->rtcp_send_msg, &sbytes);
-
- switch (stat) {
- case zrtp_status_ok:
- break;
- case zrtp_status_drop:
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_ERROR, "Error: zRTP protection drop with code %d\n", stat);
- ret = (int) bytes;
- goto end;
- break;
- case zrtp_status_fail:
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_ERROR, "Error: zRTP protection fail with code %d\n", stat);
- break;
- default:
- break;
- }
-
- bytes = sbytes;
- }
-#endif
if (switch_socket_sendto(other_rtp_session->rtcp_sock_output, other_rtp_session->rtcp_remote_addr, 0,
(const char*)&other_rtp_session->rtcp_send_msg, &rtcp_bytes ) != SWITCH_STATUS_SUCCESS) {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG,"RTCP packet not written\n");
frame->m = rtp_session->last_rtp_hdr.m ? SWITCH_TRUE : SWITCH_FALSE;
}
-#ifdef ENABLE_ZRTP
- if (zrtp_on && rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV]) {
- zrtp_session_info_t zrtp_session_info;
-
- if (rtp_session->zrtp_session && (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info))) {
- if (zrtp_session_info.sas_is_ready) {
-
- switch_channel_t *channel = switch_core_session_get_channel(rtp_session->session);
-
- const char *uuid = switch_channel_get_partner_uuid(channel);
- if (uuid) {
- switch_core_session_t *other_session;
-
- if ((other_session = switch_core_session_locate(uuid))) {
- switch_channel_t *other_channel = switch_core_session_get_channel(other_session);
- switch_rtp_t *other_rtp_session = switch_channel_get_private(other_channel, "__zrtp_audio_rtp_session");
-
- if (other_rtp_session) {
- if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_INBOUND) {
- switch_mutex_lock(other_rtp_session->read_mutex);
- if (zrtp_status_ok == zrtp_session_get(other_rtp_session->zrtp_session, &zrtp_session_info)) {
- if (rtp_session->zrtp_mitm_tries > ZRTP_MITM_TRIES) {
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND] = 0;
- } else if (zrtp_status_ok == zrtp_resolve_mitm_call(other_rtp_session->zrtp_stream, rtp_session->zrtp_stream)) {
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND] = 0;
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
- rtp_session->zrtp_mitm_tries++;
- }
- }
- switch_mutex_unlock(other_rtp_session->read_mutex);
- }
- }
-
- switch_core_session_rwunlock(other_session);
- }
- }
- }
- } else {
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND] = 0;
- }
- }
-#endif
if (bytes < 0) {
frame->datalen = 0;
}
switch_mutex_unlock(rtp_session->ice_mutex);
#endif
-#ifdef ENABLE_ZRTP
- /* ZRTP Send */
- if (zrtp_on && !rtp_session->flags[SWITCH_RTP_FLAG_PROXY_MEDIA]) {
- unsigned int sbytes = (int) bytes;
- zrtp_status_t stat = zrtp_status_fail;
-
-
- stat = zrtp_process_rtp(rtp_session->zrtp_stream, (void *) send_msg, &sbytes);
-
- switch (stat) {
- case zrtp_status_ok:
- break;
- case zrtp_status_drop:
- /* switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG, "Error: zRTP protection drop with code %d\n", stat); */
- ret = (int) bytes;
- goto end;
- break;
- case zrtp_status_fail:
- switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_ERROR, "Error: zRTP protection fail with code %d\n", stat);
- break;
- default:
- break;
- }
-
- bytes = sbytes;
- }
-#endif
now = switch_micro_time_now();
#ifdef RTP_DEBUG_WRITE_DELTA
rtp_session->stats.outbound.packet_count++;
return (int) bytes;
}
-#ifdef ENABLE_ZRTP
- if (zrtp_on && rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND]) {
- zrtp_session_info_t zrtp_session_info;
-
- if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) {
- if (zrtp_session_info.sas_is_ready) {
-
- switch_channel_t *channel = switch_core_session_get_channel(rtp_session->session);
-
- const char *uuid = switch_channel_get_partner_uuid(channel);
- if (uuid) {
- switch_core_session_t *other_session;
-
- if ((other_session = switch_core_session_locate(uuid))) {
- switch_channel_t *other_channel = switch_core_session_get_channel(other_session);
- switch_rtp_t *other_rtp_session = switch_channel_get_private(other_channel, "__zrtp_audio_rtp_session");
-
-
- if (other_rtp_session) {
- if (zrtp_status_ok == zrtp_session_get(other_rtp_session->zrtp_session, &zrtp_session_info)) {
- if (rtp_session->zrtp_mitm_tries > ZRTP_MITM_TRIES) {
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND] = 0;
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
- } else if (zrtp_status_ok == zrtp_resolve_mitm_call(other_rtp_session->zrtp_stream, rtp_session->zrtp_stream)) {
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_RECV] = 0;
- rtp_session->flags[SWITCH_ZRTP_FLAG_SECURE_MITM_SEND] = 0;
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
- switch_rtp_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
- rtp_session->zrtp_mitm_tries++;
- }
- rtp_session->zrtp_mitm_tries++;
- }
- }
-
- switch_core_session_rwunlock(other_session);
- }
- }
- }
- }
- }
-#endif
fwd = (rtp_session->flags[SWITCH_RTP_FLAG_RAW_WRITE] &&
(switch_test_flag(frame, SFF_RAW_RTP) || switch_test_flag(frame, SFF_RAW_RTP_PARSE_FRAME))) ? 1 : 0;
*bytes = sbytes;
}
switch_mutex_unlock(rtp_session->ice_mutex);
-#endif
-#ifdef ENABLE_ZRTP
- /* ZRTP Send */
- if (zrtp_on && !rtp_session->flags[SWITCH_RTP_FLAG_PROXY_MEDIA]) {
- unsigned int sbytes = (int) *bytes;
- zrtp_status_t stat = zrtp_status_fail;
-
- stat = zrtp_process_rtp(rtp_session->zrtp_stream, (void *) &rtp_session->write_msg, &sbytes);
-
- switch (stat) {
- case zrtp_status_ok:
- break;
- case zrtp_status_drop:
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error: zRTP protection drop with code %d\n", stat);
- status = SWITCH_STATUS_SUCCESS;
- goto end;
- break;
- case zrtp_status_fail:
- switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error: zRTP protection fail with code %d\n", stat);
- break;
- default:
- break;
- }
-
- *bytes = sbytes;
- }
#endif
}
status = switch_socket_sendto(rtp_session->sock_output, rtp_session->remote_addr, 0, data, bytes);
-#if defined(ENABLE_SRTP) || defined(ENABLE_ZRTP)
+#if defined(ENABLE_SRTP)
end:
#endif
<param name="loglevel" value="debug"/>
<param name="rtp-start-port" value="1234"/>
<param name="rtp-end-port" value="1234"/>
- <param name="rtp-enable-zrtp" value="false"/>
</settings>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="loglevel" value="debug"/>
<param name="rtp-start-port" value="1234"/>
<param name="rtp-end-port" value="1234"/>
- <param name="rtp-enable-zrtp" value="false"/>
</settings>
</configuration>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="inbound-late-negotiation" value="true"/>
- <param name="inbound-zrtp-passthru" value="false"/>
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
<BuildLog />\r
<ClCompile>\r
<Optimization>Disabled</Optimization>\r
- <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libzrtp\include;..\..\libs\libzrtp\third_party\bgaes;..\..\libs\libzrtp\third_party\bnlib;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;ENABLE_ZRTP;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
+ <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
+ <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
<MinimalRebuild>true</MinimalRebuild>\r
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>\r
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>\r
</Midl>\r
<ClCompile>\r
<Optimization>Disabled</Optimization>\r
- <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libzrtp\include;..\..\libs\libzrtp\third_party\bgaes;..\..\libs\libzrtp\third_party\bnlib;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;ENABLE_ZRTP;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
+ <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
+ <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;_DEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
<MinimalRebuild>true</MinimalRebuild>\r
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>\r
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>\r
<BuildLog />\r
<ClCompile>\r
<Optimization>MaxSpeed</Optimization>\r
- <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libzrtp\include;..\..\libs\libzrtp\third_party\bgaes;..\..\libs\libzrtp\third_party\bnlib;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;CRASH_PROT;ENABLE_ZRTP;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
+ <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
+ <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;CRASH_PROT;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>\r
<PrecompiledHeader>Create</PrecompiledHeader>\r
<PrecompiledHeaderFile>switch.h</PrecompiledHeaderFile>\r
</Midl>\r
<ClCompile>\r
<Optimization>MaxSpeed</Optimization>\r
- <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libzrtp\include;..\..\libs\libzrtp\third_party\bgaes;..\..\libs\libzrtp\third_party\bnlib;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
- <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;CRASH_PROT;ENABLE_ZRTP;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
+ <AdditionalIncludeDirectories>..\..\src\include;..\..\libs\include;..\..\libs\srtp\include;..\..\libs\srtp\crypto\include;..\..\libs\libteletone\src;..\..\libs\sqlite-amalgamation-3080401;..\..\libs\speex-1.2rc1\include;..\..\libs\spandsp\src\msvc;..\..\libs\spandsp\src;..\..\libs\libtpl-1.5\src;..\..\libs\libtpl-1.5\src\win;..\..\libs\sofia-sip\libsofia-sip-ua\sdp;..\..\libs\sofia-sip\libsofia-sip-ua\su;..\..\libs\sofia-sip\win32;..\..\libs\libyuv\include;..\..\libs\freetype\include;..\..\libs\libpng;..\..\libs\libvpx;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>\r
+ <PreprocessorDefinitions>CJSON_EXPORT_SYMBOLS;_CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;FREESWITCHCORE_EXPORTS;STATICLIB;CRASH_PROT;TPL_NOLIB;LIBSOFIA_SIP_UA_STATIC;SWITCH_HAVE_YUV;SWITCH_HAVE_VPX;SWITCH_HAVE_PNG;SWITCH_HAVE_FREETYPE;%(PreprocessorDefinitions)</PreprocessorDefinitions>\r
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>\r
<PrecompiledHeader>Create</PrecompiledHeader>\r
<PrecompiledHeaderFile>switch.h</PrecompiledHeaderFile>\r
<Project>{89385c74-5860-4174-9caf-a39e7c48909c}</Project>\r
<ReferenceOutputAssembly>false</ReferenceOutputAssembly>\r
</ProjectReference>\r
- <ProjectReference Include="..\..\libs\libzrtp\projects\win\libzrtp.2017.vcxproj">\r
- <Project>{c13cc324-0032-4492-9a30-310a6bd64ff5}</Project>\r
- </ProjectReference>\r
<ProjectReference Include="..\..\libs\win32\spandsp\libspandsp.2017.vcxproj">\r
<Project>{1cbb0077-18c5-455f-801c-0a0ce7b0bbf5}</Project>\r
</ProjectReference>\r
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
<ImportGroup Label="ExtensionTargets">\r
</ImportGroup>\r
-</Project>
\ No newline at end of file
+</Project>
projects / thirdparty / freeswitch.git / commitdiff
