diff options
Diffstat (limited to 'release/src/router/matrixssl/src/crypto')
-rw-r--r-- | release/src/router/matrixssl/src/crypto/cryptoLayer.h | 156 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/matrixCrypto.h | 145 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/arc4.c | 109 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/base64.c | 116 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/des3.c | 795 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/md2.c | 221 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/md5.c | 401 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/mpi.c | 3667 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/mpi.h | 476 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/pscrypto.h | 654 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/rsa.c | 463 | ||||
-rw-r--r-- | release/src/router/matrixssl/src/crypto/peersec/sha1.c | 317 |
12 files changed, 0 insertions, 7520 deletions
diff --git a/release/src/router/matrixssl/src/crypto/cryptoLayer.h b/release/src/router/matrixssl/src/crypto/cryptoLayer.h deleted file mode 100644 index b90baaf4..00000000 --- a/release/src/router/matrixssl/src/crypto/cryptoLayer.h +++ /dev/null @@ -1,156 +0,0 @@ -/* - * cryptoLayer.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Cryptography provider layered header. This layer decouples - * the cryptography implementation from the SSL protocol implementation. - * Contributors adding new providers must implement all functions - * externed below. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_CRYPTO_LAYER -#define _h_CRYPTO_LAYER -#define _h_EXPORT_SYMBOLS - -/******************************************************************************/ -/* - Crypto may have some reliance on os layer (psMalloc in particular) -*/ -#include "../os/osLayer.h" - -/* - Return the length of padding bytes required for a record of 'LEN' bytes - The name Pwr2 indicates that calculations will work with 'BLOCKSIZE' - that are powers of 2. - Because of the trailing pad length byte, a length that is a multiple - of the pad bytes -*/ -#define sslPadLenPwr2(LEN, BLOCKSIZE) \ - BLOCKSIZE <= 1 ? (unsigned char)0 : \ - (unsigned char)(BLOCKSIZE - ((LEN) & (BLOCKSIZE - 1))) - -/* - Define the default crypto provider here -*/ -#define USE_PEERSEC_CRYPTO - -#ifdef __cplusplus -extern "C" { -#endif - -#define SSL_MD5_HASH_SIZE 16 -#define SSL_SHA1_HASH_SIZE 20 - -#define SSL_MAX_MAC_SIZE 20 -#define SSL_MAX_IV_SIZE 16 -#define SSL_MAX_BLOCK_SIZE 16 -#define SSL_MAX_SYM_KEY_SIZE 32 - -#define USE_X509 /* Must define for certificate support */ -/* - Enable the algorithms used for each cipher suite -*/ - -#ifdef USE_SSL_RSA_WITH_NULL_MD5 -#define USE_RSA -#define USE_MD5_MAC -#endif - -#ifdef USE_SSL_RSA_WITH_NULL_SHA -#define USE_RSA -#define USE_SHA1_MAC -#endif - -#ifdef USE_SSL_RSA_WITH_RC4_128_SHA -#define USE_ARC4 -#define USE_SHA1_MAC -#define USE_RSA -#endif - -#ifdef USE_SSL_RSA_WITH_RC4_128_MD5 -#define USE_ARC4 -#define USE_MD5_MAC -#define USE_RSA -#endif - -#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA -#define USE_3DES -#define USE_SHA1_MAC -#define USE_RSA -#endif - -/* - Support for optionally encrypted private key files. These are - usually encrypted with 3DES. -*/ -#ifdef USE_ENCRYPTED_PRIVATE_KEYS -#define USE_3DES -#endif - -/* - Support for client side SSL -*/ -#ifdef USE_CLIENT_SIDE_SSL -#define USE_RSA_PUBLIC_ENCRYPT -#endif - -/* - Support for client authentication -*/ - -/* - Addtional crypt support -*/ -/* #define USE_MD2 */ - -/* - Now that we've set up the required defines, include the crypto provider -*/ -#ifdef USE_PEERSEC_CRYPTO -#include "peersec/pscrypto.h" -#endif - -/******************************************************************************/ -/* - Include the public prototypes now. This level of indirection is needed - to properly expose the public APIs to DLLs. The circular reference - between these two files is avoided with the top level defines and the - order in which they are included is the key to making this work so edit - with caution. -*/ -#include "matrixCrypto.h" - - -#ifdef __cplusplus - } -#endif - -#endif /* _h_CRYPTO_LAYER */ - -/******************************************************************************/ - - diff --git a/release/src/router/matrixssl/src/crypto/matrixCrypto.h b/release/src/router/matrixssl/src/crypto/matrixCrypto.h deleted file mode 100644 index 58f45f3d..00000000 --- a/release/src/router/matrixssl/src/crypto/matrixCrypto.h +++ /dev/null @@ -1,145 +0,0 @@ -/* - * matrixCrypto.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Public API set for matrixCrypto - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_MATRIX_CRYPTO -#define _h_MATRIX_CRYPTO - -#ifdef __cplusplus -extern "C" { -#endif - -#include "../../matrixCommon.h" - -/* - User application. Now include cryptoLayer to get the proper algorithm - defines so we know what API set to expose -*/ -#include "cryptoLayer.h" - -/******************************************************************************/ - - -MATRIXPUBLIC int32 matrixGetRandomBytes(unsigned char *bytes, int32 size); - -#ifdef USE_ARC4 -MATRIXPUBLIC void matrixArc4Init(sslCipherContext_t *ctx, unsigned char *key, - int32 keylen); -MATRIXPUBLIC int32 matrixArc4(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); -#endif /* USE_ARC4 */ - -#ifdef USE_3DES -MATRIXPUBLIC int32 matrix3desInit(sslCipherContext_t *ctx, unsigned char *IV, - unsigned char *key, int32 keylen); -MATRIXPUBLIC int32 matrix3desEncrypt(sslCipherContext_t *ctx, unsigned char *pt, - unsigned char *ct, int32 len); -MATRIXPUBLIC int32 matrix3desDecrypt(sslCipherContext_t *ctx, unsigned char *ct, - unsigned char *pt, int32 len); -MATRIXPUBLIC void generate3DESKey(unsigned char *pass, int32 passlen, - unsigned char *salt, unsigned char *key); -#endif /* USE_3DES */ - - - -/* - HMAC and message digests -*/ -MATRIXPUBLIC int32 matrixHmacMd5(unsigned char *key, int32 keyLen, - const unsigned char *buf, unsigned long len, - unsigned char *hash, unsigned char *hmacKey, - int32 *hmacKeyLen); -MATRIXPUBLIC void matrixHmacMd5Init(sslHmacContext_t *ctx, - unsigned char *key, int32 keyLen); -MATRIXPUBLIC void matrixHmacMd5Update(sslHmacContext_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixHmacMd5Final(sslHmacContext_t *ctx, - unsigned char *hash); - -MATRIXPUBLIC int32 matrixHmacSha1(unsigned char *key, int32 keyLen, - const unsigned char *buf, unsigned long len, - unsigned char *hash, unsigned char *hmacKey, - int32 *hmacKeyLen); -MATRIXPUBLIC void matrixHmacSha1Init(sslHmacContext_t *ctx, - unsigned char *key, int32 keyLen); -MATRIXPUBLIC void matrixHmacSha1Update(sslHmacContext_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixHmacSha1Final(sslHmacContext_t *ctx, - unsigned char *hash); - -MATRIXPUBLIC void matrixSha1Init(sslSha1Context_t *ctx); -MATRIXPUBLIC void matrixSha1Update(sslSha1Context_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixSha1Final(sslSha1Context_t *ctx, unsigned char *hash); - - -MATRIXPUBLIC void matrixMd5Init(sslMd5Context_t *ctx); -MATRIXPUBLIC void matrixMd5Update(sslMd5Context_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixMd5Final(sslMd5Context_t *ctx, unsigned char *hash); - - -#ifdef USE_MD2 -/* - MD2 is provided for compatibility with V2 and older X509 certificates, - it is known to have security problems and should not be used for any current - development. -*/ -MATRIXPUBLIC void matrixMd2Init(sslMd2Context_t *ctx); -MATRIXPUBLIC int32 matrixMd2Update(sslMd2Context_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixMd2Final(sslMd2Context_t *ctx, unsigned char *hash); -#endif /* USE_MD2 */ - - - - -#ifdef USE_RSA -MATRIXPUBLIC int32 matrixRsaEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -MATRIXPUBLIC int32 matrixRsaDecryptPriv(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -MATRIXPUBLIC int32 matrixRsaDecryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -#endif /* USE_RSA */ - - - - -#ifdef __cplusplus -} -#endif - -#endif /* _h_MATRIX_CRYPTO */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/crypto/peersec/arc4.c b/release/src/router/matrixssl/src/crypto/peersec/arc4.c deleted file mode 100644 index 4e39553d..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/arc4.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * arc4.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * ARC4 stream cipher implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#ifdef USE_ARC4 - -/* - Some accounts, such as O'Reilly's Secure Programming Cookbook say that no - more than 2^30 bytes should be processed without rekeying, so we - enforce that limit here. FYI, this is equal to 1GB of data transferred. -*/ -#define ARC4_MAX_BYTES 0x40000000 - -/******************************************************************************/ -/* - SSL_RSA_WITH_RC4_* cipher callbacks - */ -void matrixArc4Init(sslCipherContext_t *ctx, unsigned char *key, int32 keylen) -{ - unsigned char index1, index2, tmp, *state; - short counter; - - ctx->arc4.byteCount = 0; - state = &ctx->arc4.state[0]; - - for (counter = 0; counter < 256; counter++) { - state[counter] = (unsigned char)counter; - } - ctx->arc4.x = 0; - ctx->arc4.y = 0; - index1 = 0; - index2 = 0; - - for (counter = 0; counter < 256; counter++) { - index2 = (key[index1] + state[counter] + index2) & 0xff; - - tmp = state[counter]; - state[counter] = state[index2]; - state[index2] = tmp; - - index1 = (index1 + 1) % keylen; - } -} - -int32 matrixArc4(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len) -{ - unsigned char x, y, *state, xorIndex, tmp; - short counter; - - ctx->arc4.byteCount += len; - if (ctx->arc4.byteCount > ARC4_MAX_BYTES) { - return -1; - } - - x = ctx->arc4.x; - y = ctx->arc4.y; - state = &ctx->arc4.state[0]; - for (counter = 0; counter < len; counter++) { - x = (x + 1) & 0xff; - y = (state[x] + y) & 0xff; - - tmp = state[x]; - state[x] = state[y]; - state[y] = tmp; - - xorIndex = (state[x] + state[y]) & 0xff; - - tmp = in[counter]; - tmp ^= state[xorIndex]; - out[counter] = tmp; - } - ctx->arc4.x = x; - ctx->arc4.y = y; - return len; -} - -#endif /* USE_ARC4 */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/crypto/peersec/base64.c b/release/src/router/matrixssl/src/crypto/peersec/base64.c deleted file mode 100644 index 603b1f88..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/base64.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * base64.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Base64 operations - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -static const unsigned char map[256] = { -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 62, 255, 255, 255, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 255, 255, -255, 254, 255, 255, 255, 0, 1, 2, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 255, 255, 255, 255, 255, -255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, - 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255 }; - -int32 ps_base64_decode(const unsigned char *in, uint32 len, - unsigned char *out, uint32 *outlen) -{ - unsigned long t, x, y, z; - unsigned char c; - int32 g; - - if (in == NULL || out == NULL || outlen == NULL) { - return -1; - } - g = 3; - for (x = y = z = t = 0; x < len; x++) { - c = map[in[x]&0xFF]; - if (c == 255) { - continue; - } -/* - the final = symbols are read and used to trim the remaining bytes - */ - if (c == 254) { - c = 0; -/* - prevent g < 0 which would potentially allow an overflow later - */ - if (--g < 0) { - return CRYPT_INVALID_PACKET; - } - } else if (g != 3) { -/* - we only allow = to be at the end - */ - return CRYPT_INVALID_PACKET; - } - - t = (t<<6)|c; - - if (++y == 4) { - if (z + g > *outlen) { - return CRYPT_BUFFER_OVERFLOW; - } - out[z++] = (unsigned char)((t>>16)&255); - if (g > 1) { - out[z++] = (unsigned char)((t>>8)&255); - } - if (g > 2) { - out[z++] = (unsigned char)(t&255); - } - y = t = 0; - } - } - if (y != 0) { - return -1; - } - *outlen = z; - return 0; -} - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/des3.c b/release/src/router/matrixssl/src/crypto/peersec/des3.c deleted file mode 100644 index 53cb3472..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/des3.c +++ /dev/null @@ -1,795 +0,0 @@ -/* - * des3.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * 3DES block cipher implementation for low memory usage - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#ifdef USE_3DES - -#define EN0 0 -#define DE1 1 - -static const ulong32 bytebit[8] = -{ - 0200, 0100, 040, 020, 010, 04, 02, 01 -}; - -static const ulong32 bigbyte[24] = -{ - 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL, - 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL, - 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL, - 0x800UL, 0x400UL, 0x200UL, 0x100UL, - 0x80UL, 0x40UL, 0x20UL, 0x10UL, - 0x8UL, 0x4UL, 0x2UL, 0x1L -}; - -static const unsigned char pc1[56] = { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 -}; - -static const unsigned char pc2[48] = { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 -}; - -static const unsigned char totrot[16] = { - 1, 2, 4, 6, - 8, 10, 12, 14, - 15, 17, 19, 21, - 23, 25, 27, 28 -}; - -static const ulong32 SP1[] = -{ - 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL, - 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL, - 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL, - 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL, - 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL, - 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL, - 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL, - 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL, - 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL, - 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL, - 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL, - 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL, - 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL, - 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL -}; - -static const ulong32 SP2[] = -{ - 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL, - 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL, - 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL, - 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL, - 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL, - 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL, - 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL, - 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL, - 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL, - 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL, - 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL, - 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL, - 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL, - 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL, - 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL, - 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL -}; - -static const ulong32 SP3[] = -{ - 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL, - 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL, - 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL, - 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL, - 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL, - 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL, - 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL, - 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL, - 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL, - 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL, - 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL, - 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL, - 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL, - 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL, - 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL, - 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL -}; - -static const ulong32 SP4[] = -{ - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL, - 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL, - 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL, - 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL, - 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL, - 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL, - 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL, - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL, - 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL, - 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL -}; - -static const ulong32 SP5[] = -{ - 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL, - 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL, - 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL, - 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL, - 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL, - 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL, - 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL, - 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL, - 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL, - 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL, - 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL, - 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL, - 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL, - 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL, - 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL, - 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL -}; - -static const ulong32 SP6[] = -{ - 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL, - 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL, - 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL, - 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL, - 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL, - 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL, - 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL, - 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL, - 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL, - 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL, - 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL, - 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL, - 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL, - 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL -}; - -static const ulong32 SP7[] = -{ - 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL, - 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL, - 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL, - 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL, - 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL, - 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL, - 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL, - 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL, - 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL, - 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL, - 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL, - 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL, - 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL, - 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL, - 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL, - 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL -}; - -static const ulong32 SP8[] = -{ - 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL, - 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL, - 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL, - 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL, - 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL, - 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL, - 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL, - 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL, - 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL, - 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL, - 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL, - 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL, - 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL, - 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL, - 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL, - 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL, - 0xe1f27f3aUL, 0xf5710fb0UL, 0xada0e5c4UL, 0x98e4c919UL -}; - -static void cookey(const ulong32 *raw1, ulong32 *keyout); -static void deskey(const unsigned char *key, short edf, ulong32 *keyout); - -/******************************************************************************/ -/* - Init the 3DES block cipher context for CBC-EDE mode. - IV should point to 8 bytes of initialization vector - Key should point to 24 bytes of data -*/ -int32 matrix3desInit(sslCipherContext_t *ctx, unsigned char *IV, - unsigned char *key, int32 keylen) -{ - int32 x, err; - - if (IV == NULL || key == NULL || ctx == NULL || keylen != SSL_DES3_KEY_LEN){ - return -1; - } -/* - setup cipher - */ - if ((err = des3_setup(key, keylen, 0, &ctx->des3)) != CRYPT_OK) { - return -1; - } -/* - copy IV - */ - ctx->des3.blocklen = SSL_DES3_IV_LEN; - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = IV[x]; - } - ctx->des3.explicitIV = 0; - return 0; -} - -/******************************************************************************/ -/* - Encrypt a buffer using 3DES-EDE-CBC - (Encrypt Decrypt Encrypt and Cipher Block Chaining) - len must be a multiple of blockLen (8 bytes) -*/ -int32 matrix3desEncrypt(sslCipherContext_t *ctx, unsigned char *pt, - unsigned char *ct, int32 len) -{ - int32 x, i; - unsigned char tmp[MAXBLOCKSIZE]; - - if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) { - return -1; - } - - /* is blocklen valid? */ - if (ctx->des3.blocklen < 0 || ctx->des3.blocklen > - (int32)sizeof(ctx->des3.IV)) { - return -1; - } - - for (i = 0; i < len; i += ctx->des3.blocklen) { - /* xor IV against plaintext */ - for (x = 0; x < ctx->des3.blocklen; x++) { - tmp[x] = pt[x] ^ ctx->des3.IV[x]; - } - /* encrypt */ - des3_ecb_encrypt(tmp, (unsigned char*)ct, &ctx->des3); - - /* store IV [ciphertext] for a future block */ - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = ct[x]; - } - ct += ctx->des3.blocklen; - pt += ctx->des3.blocklen; - } - -#ifdef CLEAN_STACK - psZeromem(tmp, sizeof(tmp)); -#endif /* CLEAN STACK */ - return len; -} - -/******************************************************************************/ -/* - Decrypt a buffer using 3DES-EDE-CBC - (Encrypt Decrypt Encrypt and Cipher Block Chaining) - len must be a multiple of blockLen (8 bytes) -*/ -int32 matrix3desDecrypt(sslCipherContext_t *ctx, unsigned char *ct, - unsigned char *pt, int32 len) -{ - int32 x, i; - unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE]; - - if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) { - return -1; - } - - /* is blocklen valid? */ - if (ctx->des3.blocklen < 0 || ctx->des3.blocklen > - (int32)sizeof(ctx->des3.IV)) { - return -1; - } - for (i = 0; i < len; i += ctx->des3.blocklen) { - /* decrypt the block from ct into tmp */ - des3_ecb_decrypt(ct, tmp, &ctx->des3); - /* xor IV against the plaintext of the previous step */ - for (x = 0; x < ctx->des3.blocklen; x++) { - /* copy CT in case ct == pt */ - tmp2[x] = ct[x]; - /* actually decrypt the byte */ - pt[x] = tmp[x] ^ ctx->des3.IV[x]; - } - /* replace IV with this current ciphertext */ - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = tmp2[x]; - } - ct += ctx->des3.blocklen; - if (ctx->des3.explicitIV) { -/* - An explict IV mode has an additional block of random data that - we dismiss here. It is not part of the MAC. The TLS 1.1 spec - isn't explicit about this, but it only makes sense since the - extra block is used to derive the IV for the remainder of the - message. In theory (DTLS for example) the actual decrypted block - could have been received out of order and the first block would - not decrypt to the plaintext it originally was anyway. - - It is easiest to simply remove the first block in this cipher - code here. If we wait until we get back into matrixSslDecode - we have to deal with a bunch of sslBuf_t manipulations which is - ugly. -*/ - if (i != 0) { - pt += ctx->des3.blocklen; - } - } else { - pt += ctx->des3.blocklen; - } - } -#ifdef CLEAN_STACK - psZeromem(tmp, sizeof(tmp)); - psZeromem(tmp2, sizeof(tmp2)); -#endif /* CLEAN_STACK */ - return len; -} - -/******************************************************************************/ -/* - 3DES implementation below -*/ -static void cookey(const ulong32 *raw1, ulong32 *keyout) -{ - ulong32 *cook; - const ulong32 *raw0; - ulong32 dough[32]; - int32 i; - - cook = dough; - for(i=0; i < 16; i++, raw1++) { - raw0 = raw1++; - *cook = (*raw0 & 0x00fc0000L) << 6; - *cook |= (*raw0 & 0x00000fc0L) << 10; - *cook |= (*raw1 & 0x00fc0000L) >> 10; - *cook++ |= (*raw1 & 0x00000fc0L) >> 6; - *cook = (*raw0 & 0x0003f000L) << 12; - *cook |= (*raw0 & 0x0000003fL) << 16; - *cook |= (*raw1 & 0x0003f000L) >> 4; - *cook++ |= (*raw1 & 0x0000003fL); - } - - psMemcpy(keyout, dough, sizeof dough); - psBurnStack(sizeof(ulong32 *) * 2 + sizeof(ulong32)*32 + sizeof(int32)); -} - - -static void deskey(const unsigned char *key, short edf, ulong32 *keyout) -{ - ulong32 i, j, l, m, n, kn[32]; - unsigned char pc1m[56], pcr[56]; - - for (j=0; j < 56; j++) { - l = (ulong32)pc1[j]; - m = l & 7; - pc1m[j] = (unsigned char)((key[l >> 3U] & bytebit[m]) == - bytebit[m] ? 1 : 0); - } - - for (i=0; i < 16; i++) { - if (edf == DE1) { - m = (15 - i) << 1; - } else { - m = i << 1; - } - n = m + 1; - kn[m] = kn[n] = 0L; - for (j=0; j < 28; j++) { - l = j + (ulong32)totrot[i]; - if (l < 28) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (/*j = 28*/; j < 56; j++) { - l = j + (ulong32)totrot[i]; - if (l < 56) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (j=0; j < 24; j++) { - if ((int32)pcr[(int32)pc2[j]] != 0) { - kn[m] |= bigbyte[j]; - } - if ((int32)pcr[(int32)pc2[j+24]] != 0) { - kn[n] |= bigbyte[j]; - } - } - } - cookey(kn, keyout); - psBurnStack(sizeof(int32)*5 + sizeof(ulong32)*32 + - sizeof(unsigned char)*112); -} - -static void desfunc(ulong32 *block, const ulong32 *keys) -{ - ulong32 work, right, leftt; - int32 cur_round; - - leftt = block[0]; - right = block[1]; - -#ifdef SMALL_CODE - work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; - right ^= work; - leftt ^= (work << 4); - - work = ((leftt >> 16) ^ right) & 0x0000ffffL; - right ^= work; - leftt ^= (work << 16); - - work = ((right >> 2) ^ leftt) & 0x33333333L; - leftt ^= work; - right ^= (work << 2); - - work = ((right >> 8) ^ leftt) & 0x00ff00ffL; - leftt ^= work; - right ^= (work << 8); - - right = ROLc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - - leftt ^= work; - right ^= work; - leftt = ROLc(leftt, 1); -#else /* SMALL_CODE */ -{ - ulong64 tmp; - tmp = des_ip[0][byte(leftt, 0)] ^ - des_ip[1][byte(leftt, 1)] ^ - des_ip[2][byte(leftt, 2)] ^ - des_ip[3][byte(leftt, 3)] ^ - des_ip[4][byte(right, 0)] ^ - des_ip[5][byte(right, 1)] ^ - des_ip[6][byte(right, 2)] ^ - des_ip[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); -} -#endif /* SMALL CODE */ - - for (cur_round = 0; cur_round < 8; cur_round++) { - work = RORc(right, 4) ^ *keys++; - leftt ^= SP7[work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = right ^ *keys++; - leftt ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - - work = RORc(leftt, 4) ^ *keys++; - right ^= SP7[ work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = leftt ^ *keys++; - right ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - } - -#ifdef SMALL_CODE - right = RORc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - leftt ^= work; - right ^= work; - leftt = RORc(leftt, 1); - work = ((leftt >> 8) ^ right) & 0x00ff00ffL; - right ^= work; - leftt ^= (work << 8); - - work = ((leftt >> 2) ^ right) & 0x33333333L; - right ^= work; - leftt ^= (work << 2); - work = ((right >> 16) ^ leftt) & 0x0000ffffL; - leftt ^= work; - right ^= (work << 16); - work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; - leftt ^= work; - right ^= (work << 4); -#else /* SMALL CODE */ - { - ulong64 tmp; - tmp = des_fp[0][byte(leftt, 0)] ^ - des_fp[1][byte(leftt, 1)] ^ - des_fp[2][byte(leftt, 2)] ^ - des_fp[3][byte(leftt, 3)] ^ - des_fp[4][byte(right, 0)] ^ - des_fp[5][byte(right, 1)] ^ - des_fp[6][byte(right, 2)] ^ - des_fp[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); - } -#endif /* SMALL CODE */ - - block[0] = right; - block[1] = leftt; - psBurnStack(sizeof(ulong32) * 4 + sizeof(int32)); -} - -/* - We don't validate DES keys against the following known weak keys. - Astronomically small chances of randomly getting a weak key - with 3DES. http://www.rsasecurity.com/rsalabs/faq/3-2-4.html - - http://www.itl.nist.gov/fipspubs/fip74.htm - 1. E001E00lFl0lFl0l 01E001E00lFl0lFl - 2. FElFFElFFEOEFEOE 1FFElFFEOEFEOEFE - 3. E01FE01FF10EF10E 1FE01FEOOEF10EF1 - 4. 01FE01FE01FE01FE FE01FE01FE01FE01 - 5. 011F011F0l0E010E 1F011F0l0E0l0E01 - 6. E0FEE0FEFlFEFlFE FEE0FEE0FEFlFEF1 - 7. 0101010101010101 - 8. FEFEFEFEFEFEFEFE - 9. E0E0E0E0FlFlFlFl - 10. lFlFlFlF0E0E0E0E -*/ -int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds, - des3_CBC *skey) -{ - if (key == NULL || skey == NULL) { - return -1; - } - - if( num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 24) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->key.ek[0]); - deskey(key+8, DE1, skey->key.ek[1]); - deskey(key+16, EN0, skey->key.ek[2]); - - deskey(key, DE1, skey->key.dk[2]); - deskey(key+8, EN0, skey->key.dk[1]); - deskey(key+16, DE1, skey->key.dk[0]); - - return CRYPT_OK; -} - -int des_setup(const unsigned char *key, int keylen, int num_rounds, - des3_CBC *skey) -{ - - if (num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 8) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->key.ek[0]); - deskey(key, DE1, skey->key.dk[0]); - - return CRYPT_OK; -} - -void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, key->key.ek[0]); - desfunc(work, key->key.ek[1]); - desfunc(work, key->key.ek[2]); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); -} - -void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, key->key.ek[0]); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); -} - -void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, key->key.dk[0]); - desfunc(work, key->key.dk[1]); - desfunc(work, key->key.dk[2]); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); -} - -void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key) -{ - ulong32 work[2]; - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, key->key.dk[0]); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); -} - -int32 des3_keysize(int32 *desired_keysize) -{ - if(*desired_keysize < 24) { - return CRYPT_INVALID_KEYSIZE; - } - *desired_keysize = 24; - return CRYPT_OK; -} - -/******************************************************************************/ -/* - Generate a 3DES key given a password and salt value. - We use PKCS#5 2.0 PBKDF1 key derivation format with MD5 and count == 1 per: - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html - - This key is compatible with the algorithm used by OpenSSL to encrypt keys - generated with 'openssl genrsa'. If other encryption formats are used - (for example PBKDF2), or an iteration count > 0 is used, they are not - compatible with this simple implementation. OpenSSL provides many options - for converting key formats to the one used here. - - A 3DES key is 24 bytes long, to generate it with this algorithm, - we md5 hash the password and salt for the first 16 bytes. We then - hash these first 16 bytes with the password and salt again, generating - another 16 bytes. We take the first 16 bytes and 8 of the second 16 to - form the 24 byte key. - - salt is assumed to point to 8 bytes of data - key is assumed to point to 24 bytes of data -*/ -void generate3DESKey(unsigned char *pass, int32 passlen, unsigned char *salt, - unsigned char *key) -{ - sslMd5Context_t state; - unsigned char md5[SSL_MD5_HASH_SIZE]; - - matrixMd5Init(&state); - matrixMd5Update(&state, pass, passlen); - matrixMd5Update(&state, salt, SSL_DES3_IV_LEN); - matrixMd5Final(&state, md5); - memcpy(key, md5, SSL_MD5_HASH_SIZE); - - matrixMd5Init(&state); - matrixMd5Update(&state, md5, SSL_MD5_HASH_SIZE); - matrixMd5Update(&state, pass, passlen); - matrixMd5Update(&state, salt, SSL_DES3_IV_LEN); - matrixMd5Final(&state, md5); - memcpy(key + SSL_MD5_HASH_SIZE, md5, SSL_DES3_KEY_LEN - SSL_MD5_HASH_SIZE); -} - - -#ifdef PEERSEC_TEST - -int32 matrixDes3Test() -{ - unsigned char key[24], pt[8], ct[8], tmp[8]; - des3_CBC skey; - int32 x, err; - - for (x = 0; x < 8; x++) { - pt[x] = x; - } - - for (x = 0; x < 24; x++) { - key[x] = x; - } - - if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) { - return err; - } - - des3_ecb_encrypt(pt, ct, &skey); - des3_ecb_decrypt(ct, tmp, &skey); - - if (memcmp(pt, tmp, 8) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; -} - -int32 matrixDesTest() -{ - unsigned char key[8], pt[8], ct[8], tmp[8]; - des3_CBC skey; - int32 x, err; - - for (x = 0; x < 8; x++) { - pt[x] = x; - } - - for (x = 0; x < 8; x++) { - key[x] = x; - } - - if ((err = des_setup(key, 8, 0, &skey)) != CRYPT_OK) { - return err; - } - - des_ecb_encrypt(pt, ct, &skey); - des_ecb_decrypt(ct, tmp, &skey); - - if (memcmp(pt, tmp, 8) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; -} - -#endif /* PEERSEC_TEST */ - -#endif /* USE_3DES */ - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/md2.c b/release/src/router/matrixssl/src/crypto/peersec/md2.c deleted file mode 100644 index b8ffbc9e..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/md2.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * md2.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * MD2 hash implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#ifdef USE_MD2 - -static const unsigned char PI_SUBST[256] = { - 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, - 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, - 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, - 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, - 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, - 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, - 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, - 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, - 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, - 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, - 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, - 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, - 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, - 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, - 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, - 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, - 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, - 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 -}; - -/* adds 16 bytes to the checksum */ -static void md2_update_chksum(hash_state *md) -{ - int32 j; - unsigned char L; - L = md->md2.chksum[15]; - for (j = 0; j < 16; j++) { - -/* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say - otherwise. -*/ - L = (md->md2.chksum[j] ^= PI_SUBST[(int32)(md->md2.buf[j] ^ L)] & 255); - } -} - -static void md2_compress(hash_state *md) -{ - int32 j, k; - unsigned char t; - - /* copy block */ - for (j = 0; j < 16; j++) { - md->md2.X[16+j] = md->md2.buf[j]; - md->md2.X[32+j] = md->md2.X[j] ^ md->md2.X[16+j]; - } - - t = (unsigned char)0; - - /* do 18 rounds */ - for (j = 0; j < 18; j++) { - for (k = 0; k < 48; k++) { - t = (md->md2.X[k] ^= PI_SUBST[(int32)(t & 255)]); - } - t = (t + (unsigned char)j) & 255; - } -} - -void matrixMd2Init(hash_state *md) -{ - sslAssert(md != NULL); - - /* MD2 uses a zero'ed state... */ - psZeromem(md->md2.X, sizeof(md->md2.X)); - psZeromem(md->md2.chksum, sizeof(md->md2.chksum)); - psZeromem(md->md2.buf, sizeof(md->md2.buf)); - md->md2.curlen = 0; -} - -int32 matrixMd2Update(hash_state *md, const unsigned char *buf, unsigned long len) -{ - unsigned long n; - sslAssert(md != NULL); - sslAssert(buf != NULL); - if (md-> md2 .curlen > sizeof(md-> md2 .buf)) { - return CRYPT_INVALID_ARG; - } - while (len > 0) { - n = MIN(len, (16 - md->md2.curlen)); - memcpy(md->md2.buf + md->md2.curlen, buf, (size_t)n); - md->md2.curlen += n; - buf += n; - len -= n; - - /* is 16 bytes full? */ - if (md->md2.curlen == 16) { - md2_compress(md); - md2_update_chksum(md); - md->md2.curlen = 0; - } - } - return CRYPT_OK; -} - -int32 matrixMd2Final(hash_state * md, unsigned char *hash) -{ - unsigned long i, k; - - sslAssert(md != NULL); - sslAssert(hash != NULL); - - if (md->md2.curlen >= sizeof(md->md2.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* pad the message */ - k = 16 - md->md2.curlen; - for (i = md->md2.curlen; i < 16; i++) { - md->md2.buf[i] = (unsigned char)k; - } - - /* hash and update */ - md2_compress(md); - md2_update_chksum(md); - - /* hash checksum */ - memcpy(md->md2.buf, md->md2.chksum, 16); - md2_compress(md); - - /* output is lower 16 bytes of X */ - memcpy(hash, md->md2.X, 16); - -#ifdef CLEAN_STACK - psZeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -#ifdef PEERSEC_TEST - -int32 matrixMd2Test(void) -{ - static const struct { - char *msg; - unsigned char md[16]; - } tests[] = { - { "", - {0x83,0x50,0xe5,0xa3,0xe2,0x4c,0x15,0x3d, - 0xf2,0x27,0x5c,0x9f,0x80,0x69,0x27,0x73 - } - }, - { "a", - {0x32,0xec,0x01,0xec,0x4a,0x6d,0xac,0x72, - 0xc0,0xab,0x96,0xfb,0x34,0xc0,0xb5,0xd1 - } - }, - { "message digest", - {0xab,0x4f,0x49,0x6b,0xfb,0x2a,0x53,0x0b, - 0x21,0x9f,0xf3,0x30,0x31,0xfe,0x06,0xb0 - } - }, - { "abcdefghijklmnopqrstuvwxyz", - {0x4e,0x8d,0xdf,0xf3,0x65,0x02,0x92,0xab, - 0x5a,0x41,0x08,0xc3,0xaa,0x47,0x94,0x0b - } - }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - {0xda,0x33,0xde,0xf2,0xa4,0x2d,0xf1,0x39, - 0x75,0x35,0x28,0x46,0xc3,0x03,0x38,0xcd - } - }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - {0xd5,0x97,0x6f,0x79,0xd8,0x3d,0x3a,0x0d, - 0xc9,0x80,0x6c,0x3c,0x66,0xf3,0xef,0xd8 - } - } - }; - int32 i; - hash_state md; - unsigned char buf[16]; - - for (i = 0; i < (int32)(sizeof(tests) / sizeof(tests[0])); i++) { - matrixMd2Init(&md); - matrixMd2Update(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - matrixMd2Final(&md, buf); - if (memcmp(buf, tests[i].md, 16) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -} - -#endif /* PEERSEC_TEST */ - -#endif /* USE_MD2 */ diff --git a/release/src/router/matrixssl/src/crypto/peersec/md5.c b/release/src/router/matrixssl/src/crypto/peersec/md5.c deleted file mode 100644 index e1161318..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/md5.c +++ /dev/null @@ -1,401 +0,0 @@ -/* - * md5.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * MD5 hash implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#define F(x,y,z) (z ^ (x & (y ^ z))) -#define G(x,y,z) (y ^ (z & (y ^ x))) -#define H(x,y,z) (x^y^z) -#define I(x,y,z) (y^(x|(~z))) - -#ifdef SMALL_CODE - -#define FF(a,b,c,d,M,s,t) \ - a = (a + F(b,c,d) + M + t); a = ROL(a, s) + b; - -#define GG(a,b,c,d,M,s,t) \ - a = (a + G(b,c,d) + M + t); a = ROL(a, s) + b; - -#define HH(a,b,c,d,M,s,t) \ - a = (a + H(b,c,d) + M + t); a = ROL(a, s) + b; - -#define II(a,b,c,d,M,s,t) \ - a = (a + I(b,c,d) + M + t); a = ROL(a, s) + b; - -static const unsigned char Worder[64] = { - 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, - 1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12, - 5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2, - 0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9 -}; - -static const unsigned char Rorder[64] = { - 7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22, - 5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20, - 4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23, - 6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21 -}; - -static const ulong32 Korder[] = { - 0xd76aa478UL, 0xe8c7b756UL, 0x242070dbUL, 0xc1bdceeeUL, - 0xf57c0fafUL, 0x4787c62aUL, 0xa8304613UL, 0xfd469501UL, - 0x698098d8UL, 0x8b44f7afUL, 0xffff5bb1UL, 0x895cd7beUL, - 0x6b901122UL, 0xfd987193UL, 0xa679438eUL, 0x49b40821UL, - 0xf61e2562UL, 0xc040b340UL, 0x265e5a51UL, 0xe9b6c7aaUL, - 0xd62f105dUL, 0x02441453UL, 0xd8a1e681UL, 0xe7d3fbc8UL, - 0x21e1cde6UL, 0xc33707d6UL, 0xf4d50d87UL, 0x455a14edUL, - 0xa9e3e905UL, 0xfcefa3f8UL, 0x676f02d9UL, 0x8d2a4c8aUL, - 0xfffa3942UL, 0x8771f681UL, 0x6d9d6122UL, 0xfde5380cUL, - 0xa4beea44UL, 0x4bdecfa9UL, 0xf6bb4b60UL, 0xbebfbc70UL, - 0x289b7ec6UL, 0xeaa127faUL, 0xd4ef3085UL, 0x04881d05UL, - 0xd9d4d039UL, 0xe6db99e5UL, 0x1fa27cf8UL, 0xc4ac5665UL, - 0xf4292244UL, 0x432aff97UL, 0xab9423a7UL, 0xfc93a039UL, - 0x655b59c3UL, 0x8f0ccc92UL, 0xffeff47dUL, 0x85845dd1UL, - 0x6fa87e4fUL, 0xfe2ce6e0UL, 0xa3014314UL, 0x4e0811a1UL, - 0xf7537e82UL, 0xbd3af235UL, 0x2ad7d2bbUL, 0xeb86d391UL, - 0xe1f27f3aUL, 0xf5710fb0UL, 0xada0e5c4UL, 0x98e4c919UL - }; -#else /* SMALL_CODE */ - -#define FF(a,b,c,d,M,s,t) \ - a = (a + F(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define GG(a,b,c,d,M,s,t) \ - a = (a + G(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define HH(a,b,c,d,M,s,t) \ - a = (a + H(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define II(a,b,c,d,M,s,t) \ - a = (a + I(b,c,d) + M + t); a = ROLc(a, s) + b; - -#endif /* SMALL_CODE */ - -#ifdef CLEAN_STACK -static void _md5_compress(hash_state *md) -#else -static void md5_compress(hash_state *md) -#endif /* CLEAN_STACK */ -{ - unsigned long i, W[16], a, b, c, d; -#ifdef SMALL_CODE - ulong32 t; -#endif - - sslAssert(md != NULL); - -/* - copy the state into 512-bits into W[0..15] - */ - for (i = 0; i < 16; i++) { - LOAD32L(W[i], md->md5.buf + (4*i)); - } - -/* - copy state - */ - a = md->md5.state[0]; - b = md->md5.state[1]; - c = md->md5.state[2]; - d = md->md5.state[3]; - -#ifdef SMALL_CODE - for (i = 0; i < 16; ++i) { - FF(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 32; ++i) { - GG(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 48; ++i) { - HH(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 64; ++i) { - II(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - -#else /* SMALL_CODE */ - - FF(a,b,c,d,W[0],7,0xd76aa478UL) - FF(d,a,b,c,W[1],12,0xe8c7b756UL) - FF(c,d,a,b,W[2],17,0x242070dbUL) - FF(b,c,d,a,W[3],22,0xc1bdceeeUL) - FF(a,b,c,d,W[4],7,0xf57c0fafUL) - FF(d,a,b,c,W[5],12,0x4787c62aUL) - FF(c,d,a,b,W[6],17,0xa8304613UL) - FF(b,c,d,a,W[7],22,0xfd469501UL) - FF(a,b,c,d,W[8],7,0x698098d8UL) - FF(d,a,b,c,W[9],12,0x8b44f7afUL) - FF(c,d,a,b,W[10],17,0xffff5bb1UL) - FF(b,c,d,a,W[11],22,0x895cd7beUL) - FF(a,b,c,d,W[12],7,0x6b901122UL) - FF(d,a,b,c,W[13],12,0xfd987193UL) - FF(c,d,a,b,W[14],17,0xa679438eUL) - FF(b,c,d,a,W[15],22,0x49b40821UL) - GG(a,b,c,d,W[1],5,0xf61e2562UL) - GG(d,a,b,c,W[6],9,0xc040b340UL) - GG(c,d,a,b,W[11],14,0x265e5a51UL) - GG(b,c,d,a,W[0],20,0xe9b6c7aaUL) - GG(a,b,c,d,W[5],5,0xd62f105dUL) - GG(d,a,b,c,W[10],9,0x02441453UL) - GG(c,d,a,b,W[15],14,0xd8a1e681UL) - GG(b,c,d,a,W[4],20,0xe7d3fbc8UL) - GG(a,b,c,d,W[9],5,0x21e1cde6UL) - GG(d,a,b,c,W[14],9,0xc33707d6UL) - GG(c,d,a,b,W[3],14,0xf4d50d87UL) - GG(b,c,d,a,W[8],20,0x455a14edUL) - GG(a,b,c,d,W[13],5,0xa9e3e905UL) - GG(d,a,b,c,W[2],9,0xfcefa3f8UL) - GG(c,d,a,b,W[7],14,0x676f02d9UL) - GG(b,c,d,a,W[12],20,0x8d2a4c8aUL) - HH(a,b,c,d,W[5],4,0xfffa3942UL) - HH(d,a,b,c,W[8],11,0x8771f681UL) - HH(c,d,a,b,W[11],16,0x6d9d6122UL) - HH(b,c,d,a,W[14],23,0xfde5380cUL) - HH(a,b,c,d,W[1],4,0xa4beea44UL) - HH(d,a,b,c,W[4],11,0x4bdecfa9UL) - HH(c,d,a,b,W[7],16,0xf6bb4b60UL) - HH(b,c,d,a,W[10],23,0xbebfbc70UL) - HH(a,b,c,d,W[13],4,0x289b7ec6UL) - HH(d,a,b,c,W[0],11,0xeaa127faUL) - HH(c,d,a,b,W[3],16,0xd4ef3085UL) - HH(b,c,d,a,W[6],23,0x04881d05UL) - HH(a,b,c,d,W[9],4,0xd9d4d039UL) - HH(d,a,b,c,W[12],11,0xe6db99e5UL) - HH(c,d,a,b,W[15],16,0x1fa27cf8UL) - HH(b,c,d,a,W[2],23,0xc4ac5665UL) - II(a,b,c,d,W[0],6,0xf4292244UL) - II(d,a,b,c,W[7],10,0x432aff97UL) - II(c,d,a,b,W[14],15,0xab9423a7UL) - II(b,c,d,a,W[5],21,0xfc93a039UL) - II(a,b,c,d,W[12],6,0x655b59c3UL) - II(d,a,b,c,W[3],10,0x8f0ccc92UL) - II(c,d,a,b,W[10],15,0xffeff47dUL) - II(b,c,d,a,W[1],21,0x85845dd1UL) - II(a,b,c,d,W[8],6,0x6fa87e4fUL) - II(d,a,b,c,W[15],10,0xfe2ce6e0UL) - II(c,d,a,b,W[6],15,0xa3014314UL) - II(b,c,d,a,W[13],21,0x4e0811a1UL) - II(a,b,c,d,W[4],6,0xf7537e82UL) - II(d,a,b,c,W[11],10,0xbd3af235UL) - II(c,d,a,b,W[2],15,0x2ad7d2bbUL) - II(b,c,d,a,W[9],21,0xeb86d391UL) -#endif /* SMALL_CODE */ - - md->md5.state[0] = md->md5.state[0] + a; - md->md5.state[1] = md->md5.state[1] + b; - md->md5.state[2] = md->md5.state[2] + c; - md->md5.state[3] = md->md5.state[3] + d; -} - -#ifdef CLEAN_STACK -static void md5_compress(hash_state *md) -{ - _md5_compress(md); - psBurnStack(sizeof(unsigned long) * 21); -} -#endif /* CLEAN_STACK */ - -void matrixMd5Init(hash_state * md) -{ - sslAssert(md != NULL); - md->md5.state[0] = 0x67452301UL; - md->md5.state[1] = 0xefcdab89UL; - md->md5.state[2] = 0x98badcfeUL; - md->md5.state[3] = 0x10325476UL; - md->md5.curlen = 0; -#ifdef USE_INT64 - md->md5.length = 0; -#else - md->md5.lengthHi = 0; - md->md5.lengthLo = 0; -#endif /* USE_INT64 */ -} - -void matrixMd5Update(hash_state * md, const unsigned char *buf, unsigned long len) -{ - unsigned long n; - - sslAssert(md != NULL); - sslAssert(buf != NULL); - while (len > 0) { - n = MIN(len, (64 - md->md5.curlen)); - memcpy(md->md5.buf + md->md5.curlen, buf, (size_t)n); - md->md5.curlen += n; - buf += n; - len -= n; - -/* - is 64 bytes full? - */ - if (md->md5.curlen == 64) { - md5_compress(md); -#ifdef USE_INT64 - md->md5.length += 512; -#else - n = (md->md5.lengthLo + 512) & 0xFFFFFFFFL; - if (n < md->md5.lengthLo) { - md->md5.lengthHi++; - } - md->md5.lengthLo = n; -#endif /* USE_INT64 */ - md->md5.curlen = 0; - } - } -} - -int32 matrixMd5Final(hash_state * md, unsigned char *hash) -{ - int32 i; -#ifndef USE_INT64 - unsigned long n; -#endif - - sslAssert(md != NULL); - if (hash == NULL) { - return -1; - } - -/* - increase the length of the message - */ -#ifdef USE_INT64 - md->md5.length += md->md5.curlen << 3; -#else - n = (md->md5.lengthLo + (md->md5.curlen << 3)) & 0xFFFFFFFFL; - if (n < md->md5.lengthLo) { - md->md5.lengthHi++; - } - md->md5.lengthHi += (md->md5.curlen >> 29); - md->md5.lengthLo = n; -#endif /* USE_INT64 */ - -/* - append the '1' bit - */ - md->md5.buf[md->md5.curlen++] = (unsigned char)0x80; - -/* - if the length is currently above 56 bytes we append zeros then compress. - Then we can fall back to padding zeros and length encoding like normal. - */ - if (md->md5.curlen > 56) { - while (md->md5.curlen < 64) { - md->md5.buf[md->md5.curlen++] = (unsigned char)0; - } - md5_compress(md); - md->md5.curlen = 0; - } - -/* - pad upto 56 bytes of zeroes - */ - while (md->md5.curlen < 56) { - md->md5.buf[md->md5.curlen++] = (unsigned char)0; - } -/* - store length - */ -#ifdef USE_INT64 - STORE64L(md->md5.length, md->md5.buf+56); -#else - STORE32L(md->md5.lengthLo, md->md5.buf+56); - STORE32L(md->md5.lengthHi, md->md5.buf+60); -#endif /* USE_INT64 */ - md5_compress(md); - -/* - copy output - */ - for (i = 0; i < 4; i++) { - STORE32L(md->md5.state[i], hash+(4*i)); - } -#ifdef CLEAN_STACK - psZeromem(md, sizeof(hash_state)); -#endif /* CLEAN_STACK */ - return 16; -} - -#ifdef PEERSEC_TEST - -int32 matrixMd5Test() -{ - static const struct { - char *msg; - unsigned char hash[16]; - } tests[] = { - { "", - { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, - 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e } }, - { "a", - {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, - 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 } }, - { "abc", - { 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, - 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 } }, - { "message digest", - { 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, - 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 } }, - { "abcdefghijklmnopqrstuvwxyz", - { 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, - 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b } }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - { 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, - 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f } }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - { 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, - 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a } }, - { NULL, { 0 } } - }; - - int32 i; - unsigned char tmp[16]; - hash_state md; - - for (i = 0; tests[i].msg != NULL; i++) { - matrixMd5Init(&md); - matrixMd5Update(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - matrixMd5Final(&md, tmp); - if (memcmp(tmp, tests[i].hash, 16) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -} -#endif /* PEERSEC_TEST */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/crypto/peersec/mpi.c b/release/src/router/matrixssl/src/crypto/peersec/mpi.c deleted file mode 100644 index c37353d3..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/mpi.c +++ /dev/null @@ -1,3667 +0,0 @@ -/* - * mpi.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * multiple-precision integer library - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" -#include <stdarg.h> - -#ifndef USE_MPI2 - -static int32 mp_exptmod_fast (psPool_t *pool, mp_int * G, mp_int * X, - mp_int * P, mp_int * Y, int32 redmode); - -/******************************************************************************/ -/* - FUTURE - 1. Convert the mp_init and mp_clear functions to not use malloc + free, - but to use static storage within the bignum variable instead - but - how to handle grow()? Maybe use a simple memory allocator - 2. verify stack usage of all functions and use of MP_LOW_MEM: - fast_mp_montgomery_reduce - fast_s_mp_mul_digs - fast_s_mp_sqr - fast_s_mp_mul_high_digs - 3. HAC stands for Handbook of Applied Cryptography - http://www.cacr.math.uwaterloo.ca/hac/ -*/ -/******************************************************************************/ -/* - Utility functions -*/ -void psZeromem(void *dst, size_t len) -{ - unsigned char *mem = (unsigned char *)dst; - - if (dst == NULL) { - return; - } - while (len-- > 0) { - *mem++ = 0; - } -} - -void psBurnStack(unsigned long len) -{ - unsigned char buf[32]; - - psZeromem(buf, sizeof(buf)); - if (len > (unsigned long)sizeof(buf)) { - psBurnStack(len - sizeof(buf)); - } -} - -/******************************************************************************/ -/* - Multiple precision integer functions - Note: we don't use va_args here to prevent portability issues. -*/ -int32 _mp_init_multi(psPool_t *pool, mp_int *mp0, mp_int *mp1, mp_int *mp2, - mp_int *mp3, mp_int *mp4, mp_int *mp5, - mp_int *mp6, mp_int *mp7) -{ - mp_err res = MP_OKAY; /* Assume ok until proven otherwise */ - int32 n = 0; /* Number of ok inits */ - mp_int *tempArray[9]; - - tempArray[0] = mp0; - tempArray[1] = mp1; - tempArray[2] = mp2; - tempArray[3] = mp3; - tempArray[4] = mp4; - tempArray[5] = mp5; - tempArray[6] = mp6; - tempArray[7] = mp7; - tempArray[8] = NULL; - - while (tempArray[n] != NULL) { - if (mp_init(pool, tempArray[n]) != MP_OKAY) { - res = MP_MEM; - break; - } - n++; - } - - if (res == MP_MEM) { - n = 0; - while (tempArray[n] != NULL) { - mp_clear(tempArray[n]); - n++; - } - } - return res; /* Assumed ok, if error flagged above. */ -} -/******************************************************************************/ -/* - Reads a unsigned char array, assumes the msb is stored first [big endian] - */ -int32 mp_read_unsigned_bin (mp_int * a, unsigned char *b, int32 c) -{ - int32 res; - -/* - Make sure there are at least two digits. - */ - if (a->alloc < 2) { - if ((res = mp_grow(a, 2)) != MP_OKAY) { - return res; - } - } - -/* - Zero the int32. - */ - mp_zero (a); - -/* - read the bytes in - */ - while (c-- > 0) { - if ((res = mp_mul_2d (a, 8, a)) != MP_OKAY) { - return res; - } - -#ifndef MP_8BIT - a->dp[0] |= *b++; - a->used += 1; -#else - a->dp[0] = (*b & MP_MASK); - a->dp[1] |= ((*b++ >> 7U) & 1); - a->used += 2; -#endif /* MP_8BIT */ - } - mp_clamp (a); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Compare two ints (signed) - */ -int32 mp_cmp (mp_int * a, mp_int * b) -{ -/* - compare based on sign - */ - if (a->sign != b->sign) { - if (a->sign == MP_NEG) { - return MP_LT; - } else { - return MP_GT; - } - } - -/* - compare digits - */ - if (a->sign == MP_NEG) { - /* if negative compare opposite direction */ - return mp_cmp_mag(b, a); - } else { - return mp_cmp_mag(a, b); - } -} - -/******************************************************************************/ -/* - Store in unsigned [big endian] format. -*/ -int32 mp_to_unsigned_bin(psPool_t *pool, mp_int * a, unsigned char *b) -{ - int32 x, res; - mp_int t; - - if ((res = mp_init_copy(pool, &t, a)) != MP_OKAY) { - return res; - } - - x = 0; - while (mp_iszero (&t) == 0) { -#ifndef MP_8BIT - b[x++] = (unsigned char) (t.dp[0] & 255); -#else - b[x++] = (unsigned char) (t.dp[0] | ((t.dp[1] & 0x01) << 7)); -#endif /* MP_8BIT */ - if ((res = mp_div_2d (pool, &t, 8, &t, NULL)) != MP_OKAY) { - mp_clear (&t); - return res; - } - } - bn_reverse (b, x); - mp_clear (&t); - return MP_OKAY; -} - -void _mp_clear_multi(mp_int *mp0, mp_int *mp1, mp_int *mp2, mp_int *mp3, - mp_int *mp4, mp_int *mp5, mp_int *mp6, mp_int *mp7) -{ - int32 n = 0; /* Number of ok inits */ - - mp_int *tempArray[9]; - - tempArray[0] = mp0; - tempArray[1] = mp1; - tempArray[2] = mp2; - tempArray[3] = mp3; - tempArray[4] = mp4; - tempArray[5] = mp5; - tempArray[6] = mp6; - tempArray[7] = mp7; - tempArray[8] = NULL; - - for (n = 0; tempArray[n] != NULL; n++) { - mp_clear(tempArray[n]); - } -} - -/******************************************************************************/ -/* - Init a new mp_int. -*/ -int32 mp_init (psPool_t *pool, mp_int * a) -{ - int32 i; -/* - allocate memory required and clear it - */ - a->dp = OPT_CAST(mp_digit) psMalloc(pool, sizeof (mp_digit) * MP_PREC); - if (a->dp == NULL) { - return MP_MEM; - } - -/* - set the digits to zero - */ - for (i = 0; i < MP_PREC; i++) { - a->dp[i] = 0; - } -/* - set the used to zero, allocated digits to the default precision and sign - to positive - */ - a->used = 0; - a->alloc = MP_PREC; - a->sign = MP_ZPOS; - - return MP_OKAY; -} - -/******************************************************************************/ -/* - clear one (frees). - */ -void mp_clear (mp_int * a) -{ - int32 i; -/* - only do anything if a hasn't been freed previously - */ - if (a->dp != NULL) { -/* - first zero the digits - */ - for (i = 0; i < a->used; i++) { - a->dp[i] = 0; - } - - /* free ram */ - psFree (a->dp); - -/* - reset members to make debugging easier - */ - a->dp = NULL; - a->alloc = a->used = 0; - a->sign = MP_ZPOS; - } -} - -/******************************************************************************/ -/* - Get the size for an unsigned equivalent. - */ -int32 mp_unsigned_bin_size (mp_int * a) -{ - int32 size = mp_count_bits (a); - - return (size / 8 + ((size & 7) != 0 ? 1 : 0)); -} - -/******************************************************************************/ -/* - Trim unused digits - - This is used to ensure that leading zero digits are trimed and the - leading "used" digit will be non-zero. Typically very fast. Also fixes - the sign if there are no more leading digits -*/ -void mp_clamp (mp_int * a) -{ -/* - decrease used while the most significant digit is zero. - */ - while (a->used > 0 && a->dp[a->used - 1] == 0) { - --(a->used); - } - -/* - reset the sign flag if used == 0 - */ - if (a->used == 0) { - a->sign = MP_ZPOS; - } -} - -/******************************************************************************/ -/* - Shift left by a certain bit count. - */ -int32 mp_mul_2d (mp_int * a, int32 b, mp_int * c) -{ - mp_digit d; - int32 res; - -/* - Copy - */ - if (a != c) { - if ((res = mp_copy (a, c)) != MP_OKAY) { - return res; - } - } - - if (c->alloc < (int32)(c->used + b/DIGIT_BIT + 1)) { - if ((res = mp_grow (c, c->used + b / DIGIT_BIT + 1)) != MP_OKAY) { - return res; - } - } - -/* - Shift by as many digits in the bit count - */ - if (b >= (int32)DIGIT_BIT) { - if ((res = mp_lshd (c, b / DIGIT_BIT)) != MP_OKAY) { - return res; - } - } - -/* - shift any bit count < DIGIT_BIT - */ - d = (mp_digit) (b % DIGIT_BIT); - if (d != 0) { - register mp_digit *tmpc, shift, mask, r, rr; - register int32 x; - -/* - bitmask for carries - */ - mask = (((mp_digit)1) << d) - 1; - -/* - shift for msbs - */ - shift = DIGIT_BIT - d; - - /* alias */ - tmpc = c->dp; - - /* carry */ - r = 0; - for (x = 0; x < c->used; x++) { -/* - get the higher bits of the current word - */ - rr = (*tmpc >> shift) & mask; - -/* - shift the current word and OR in the carry - */ - *tmpc = ((*tmpc << d) | r) & MP_MASK; - ++tmpc; - -/* - set the carry to the carry bits of the current word - */ - r = rr; - } - -/* - set final carry - */ - if (r != 0) { - c->dp[(c->used)++] = r; - } - } - mp_clamp (c); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Set to zero. - */ -void mp_zero (mp_int * a) -{ - int n; - mp_digit *tmp; - - a->sign = MP_ZPOS; - a->used = 0; - - tmp = a->dp; - for (n = 0; n < a->alloc; n++) { - *tmp++ = 0; - } -} - -#ifdef MP_LOW_MEM -#define TAB_SIZE 32 -#else -#define TAB_SIZE 256 -#endif /* MP_LOW_MEM */ - -/******************************************************************************/ -/* - Compare maginitude of two ints (unsigned). - */ -int32 mp_cmp_mag (mp_int * a, mp_int * b) -{ - int32 n; - mp_digit *tmpa, *tmpb; - -/* - compare based on # of non-zero digits - */ - if (a->used > b->used) { - return MP_GT; - } - - if (a->used < b->used) { - return MP_LT; - } - - /* alias for a */ - tmpa = a->dp + (a->used - 1); - - /* alias for b */ - tmpb = b->dp + (a->used - 1); - -/* - compare based on digits - */ - for (n = 0; n < a->used; ++n, --tmpa, --tmpb) { - if (*tmpa > *tmpb) { - return MP_GT; - } - - if (*tmpa < *tmpb) { - return MP_LT; - } - } - return MP_EQ; -} - -/******************************************************************************/ -/* - computes Y == G**X mod P, HAC pp.616, Algorithm 14.85 - - Uses a left-to-right k-ary sliding window to compute the modular - exponentiation. The value of k changes based on the size of the exponent. - - Uses Montgomery or Diminished Radix reduction [whichever appropriate] -*/ -int32 mp_exptmod(psPool_t *pool, mp_int * G, mp_int * X, mp_int * P, mp_int * Y) -{ - -/* - modulus P must be positive - */ - if (P->sign == MP_NEG) { - return MP_VAL; - } - -/* - if exponent X is negative we have to recurse - */ - if (X->sign == MP_NEG) { - mp_int tmpG, tmpX; - int32 err; - -/* - first compute 1/G mod P - */ - if ((err = mp_init(pool, &tmpG)) != MP_OKAY) { - return err; - } - if ((err = mp_invmod(pool, G, P, &tmpG)) != MP_OKAY) { - mp_clear(&tmpG); - return err; - } - -/* - now get |X| - */ - if ((err = mp_init(pool, &tmpX)) != MP_OKAY) { - mp_clear(&tmpG); - return err; - } - if ((err = mp_abs(X, &tmpX)) != MP_OKAY) { - mp_clear(&tmpG); - mp_clear(&tmpX); - return err; - } - -/* - and now compute (1/G)**|X| instead of G**X [X < 0] - */ - err = mp_exptmod(pool, &tmpG, &tmpX, P, Y); - mp_clear(&tmpG); - mp_clear(&tmpX); - return err; - } - -/* - if the modulus is odd or dr != 0 use the fast method - */ - if (mp_isodd (P) == 1) { - return mp_exptmod_fast (pool, G, X, P, Y, 0); - } else { -/* - no exptmod for evens - */ - return MP_VAL; - } -} - -/******************************************************************************/ -/* - Call only from mp_exptmod to make sure this fast version qualifies -*/ -static int32 mp_exptmod_fast(psPool_t *pool, mp_int * G, mp_int * X, - mp_int * P, mp_int * Y, int32 redmode) -{ - mp_int M[TAB_SIZE], res; - mp_digit buf, mp; - int32 err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; - - -/* - use a pointer to the reduction algorithm. This allows us to use - one of many reduction algorithms without modding the guts of - the code with if statements everywhere. - */ - int32 (*redux)(mp_int*,mp_int*,mp_digit); - -/* - find window size - */ - x = mp_count_bits (X); - if (x <= 7) { - winsize = 2; - } else if (x <= 36) { - winsize = 3; - } else if (x <= 140) { - winsize = 4; - } else if (x <= 450) { - winsize = 5; - } else if (x <= 1303) { - winsize = 6; - } else if (x <= 3529) { - winsize = 7; - } else { - winsize = 8; - } - -#ifdef MP_LOW_MEM - if (winsize > 5) { - winsize = 5; - } -#endif - -/* - init M array - init first cell - */ - if ((err = mp_init(pool, &M[1])) != MP_OKAY) { - return err; - } - -/* - now init the second half of the array - */ - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - if ((err = mp_init(pool, &M[x])) != MP_OKAY) { - for (y = 1<<(winsize-1); y < x; y++) { - mp_clear(&M[y]); - } - mp_clear(&M[1]); - return err; - } - } - - -/* - now setup montgomery - */ - if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) { - goto LBL_M; - } - -/* - automatically pick the comba one if available - */ - if (((P->used * 2 + 1) < MP_WARRAY) && - P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - redux = fast_mp_montgomery_reduce; - } else { -/* - use slower baseline Montgomery method - */ - redux = mp_montgomery_reduce; - } - -/* - setup result - */ - if ((err = mp_init(pool, &res)) != MP_OKAY) { - goto LBL_M; - } - -/* - create M table. The first half of the table is not computed - though accept for M[0] and M[1] -*/ - -/* - now we need R mod m - */ - if ((err = mp_montgomery_calc_normalization(&res, P)) != MP_OKAY) { - goto LBL_RES; - } - -/* - now set M[1] to G * R mod m - */ - if ((err = mp_mulmod(pool, G, &res, P, &M[1])) != MP_OKAY) { - goto LBL_RES; - } - -/* - compute the value at M[1<<(winsize-1)] by squaring - M[1] (winsize-1) times -*/ - if ((err = mp_copy(&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_RES; - } - - for (x = 0; x < (winsize - 1); x++) { - if ((err = mp_sqr(pool, &M[1 << (winsize - 1)], - &M[1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - -/* - create upper table - */ - for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { - if ((err = mp_mul(pool, &M[x - 1], &M[1], &M[x])) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&M[x], P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - -/* - set initial mode and bit cnt - */ - mode = 0; - bitcnt = 1; - buf = 0; - digidx = X->used - 1; - bitcpy = 0; - bitbuf = 0; - - for (;;) { -/* - grab next digit as required - */ - if (--bitcnt == 0) { - /* if digidx == -1 we are out of digits so break */ - if (digidx == -1) { - break; - } - /* read next digit and reset bitcnt */ - buf = X->dp[digidx--]; - bitcnt = (int)DIGIT_BIT; - } - - /* grab the next msb from the exponent */ - y = (mp_digit)(buf >> (DIGIT_BIT - 1)) & 1; - buf <<= (mp_digit)1; - -/* - if the bit is zero and mode == 0 then we ignore it - These represent the leading zero bits before the first 1 bit - in the exponent. Technically this opt is not required but it - does lower the # of trivial squaring/reductions used -*/ - if (mode == 0 && y == 0) { - continue; - } - -/* - if the bit is zero and mode == 1 then we square - */ - if (mode == 1 && y == 0) { - if ((err = mp_sqr (pool, &res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux (&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - continue; - } - -/* - else we add it to the window - */ - bitbuf |= (y << (winsize - ++bitcpy)); - mode = 2; - - if (bitcpy == winsize) { -/* - ok window is filled so square as required and multiply - square first - */ - for (x = 0; x < winsize; x++) { - if ((err = mp_sqr(pool, &res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - - /* then multiply */ - if ((err = mp_mul(pool, &res, &M[bitbuf], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - -/* - empty window and reset - */ - bitcpy = 0; - bitbuf = 0; - mode = 1; - } - } - -/* - if bits remain then square/multiply - */ - if (mode == 2 && bitcpy > 0) { - /* square then multiply if the bit is set */ - for (x = 0; x < bitcpy; x++) { - if ((err = mp_sqr(pool, &res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - -/* - get next bit of the window - */ - bitbuf <<= 1; - if ((bitbuf & (1 << winsize)) != 0) { -/* - then multiply - */ - if ((err = mp_mul(pool, &res, &M[1], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - } - } - -/* - fixup result if Montgomery reduction is used - recall that any value in a Montgomery system is - actually multiplied by R mod n. So we have - to reduce one more time to cancel out the factor of R. -*/ - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - -/* - swap res with Y - */ - mp_exch(&res, Y); - err = MP_OKAY; -LBL_RES:mp_clear(&res); -LBL_M: - mp_clear(&M[1]); - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - mp_clear(&M[x]); - } - return err; -} - -/******************************************************************************/ -/* - Grow as required - */ -int32 mp_grow (mp_int * a, int32 size) -{ - int32 i; - mp_digit *tmp; - -/* - If the alloc size is smaller alloc more ram. - */ - if (a->alloc < size) { -/* - ensure there are always at least MP_PREC digits extra on top - */ - size += (MP_PREC * 2) - (size % MP_PREC); - -/* - Reallocate the array a->dp - - We store the return in a temporary variable in case the operation - failed we don't want to overwrite the dp member of a. -*/ - tmp = OPT_CAST(mp_digit) psRealloc(a->dp, sizeof (mp_digit) * size); - if (tmp == NULL) { -/* - reallocation failed but "a" is still valid [can be freed] - */ - return MP_MEM; - } - -/* - reallocation succeeded so set a->dp - */ - a->dp = tmp; - -/* - zero excess digits - */ - i = a->alloc; - a->alloc = size; - for (; i < a->alloc; i++) { - a->dp[i] = 0; - } - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - b = |a| - - Simple function copies the input and fixes the sign to positive -*/ -int32 mp_abs (mp_int * a, mp_int * b) -{ - int32 res; - -/* - copy a to b - */ - if (a != b) { - if ((res = mp_copy (a, b)) != MP_OKAY) { - return res; - } - } - -/* - Force the sign of b to positive - */ - b->sign = MP_ZPOS; - - return MP_OKAY; -} - -/******************************************************************************/ -/* - Creates "a" then copies b into it - */ -int32 mp_init_copy(psPool_t *pool, mp_int * a, mp_int * b) -{ - int32 res; - - if ((res = mp_init(pool, a)) != MP_OKAY) { - return res; - } - return mp_copy (b, a); -} - -/******************************************************************************/ -/* - Reverse an array, used for radix code - */ -void bn_reverse (unsigned char *s, int32 len) -{ - int32 ix, iy; - unsigned char t; - - ix = 0; - iy = len - 1; - while (ix < iy) { - t = s[ix]; - s[ix] = s[iy]; - s[iy] = t; - ++ix; - --iy; - } -} - -/******************************************************************************/ -/* - Shift right by a certain bit count (store quotient in c, optional - remainder in d) - */ -int32 mp_div_2d(psPool_t *pool, mp_int * a, int32 b, mp_int * c, mp_int * d) -{ - mp_digit D, r, rr; - int32 x, res; - mp_int t; - -/* - If the shift count is <= 0 then we do no work - */ - if (b <= 0) { - res = mp_copy (a, c); - if (d != NULL) { - mp_zero (d); - } - return res; - } - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - -/* - Get the remainder - */ - if (d != NULL) { - if ((res = mp_mod_2d (a, b, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - } - - /* copy */ - if ((res = mp_copy (a, c)) != MP_OKAY) { - mp_clear (&t); - return res; - } - -/* - Shift by as many digits in the bit count - */ - if (b >= (int32)DIGIT_BIT) { - mp_rshd (c, b / DIGIT_BIT); - } - - /* shift any bit count < DIGIT_BIT */ - D = (mp_digit) (b % DIGIT_BIT); - if (D != 0) { - register mp_digit *tmpc, mask, shift; - - /* mask */ - mask = (((mp_digit)1) << D) - 1; - - /* shift for lsb */ - shift = DIGIT_BIT - D; - - /* alias */ - tmpc = c->dp + (c->used - 1); - - /* carry */ - r = 0; - for (x = c->used - 1; x >= 0; x--) { -/* - Get the lower bits of this word in a temp. - */ - rr = *tmpc & mask; - -/* - shift the current word and mix in the carry bits from the previous word - */ - *tmpc = (*tmpc >> D) | (r << shift); - --tmpc; - -/* - set the carry to the carry bits of the current word found above - */ - r = rr; - } - } - mp_clamp (c); - if (d != NULL) { - mp_exch (&t, d); - } - mp_clear (&t); - return MP_OKAY; -} - -/******************************************************************************/ -/* - copy, b = a - */ -int32 mp_copy (mp_int * a, mp_int * b) -{ - int32 res, n; - -/* - If dst == src do nothing - */ - if (a == b) { - return MP_OKAY; - } - -/* - Grow dest - */ - if (b->alloc < a->used) { - if ((res = mp_grow (b, a->used)) != MP_OKAY) { - return res; - } - } - -/* - Zero b and copy the parameters over - */ - { - register mp_digit *tmpa, *tmpb; - - /* pointer aliases */ - /* source */ - tmpa = a->dp; - - /* destination */ - tmpb = b->dp; - - /* copy all the digits */ - for (n = 0; n < a->used; n++) { - *tmpb++ = *tmpa++; - } - - /* clear high digits */ - for (; n < b->used; n++) { - *tmpb++ = 0; - } - } - -/* - copy used count and sign - */ - b->used = a->used; - b->sign = a->sign; - return MP_OKAY; -} - -/******************************************************************************/ -/* - Returns the number of bits in an int32 - */ -int32 mp_count_bits (mp_int * a) -{ - int32 r; - mp_digit q; - -/* - Shortcut - */ - if (a->used == 0) { - return 0; - } - -/* - Get number of digits and add that. - */ - r = (a->used - 1) * DIGIT_BIT; - -/* - Take the last digit and count the bits in it. - */ - q = a->dp[a->used - 1]; - while (q > ((mp_digit) 0)) { - ++r; - q >>= ((mp_digit) 1); - } - return r; -} - -/******************************************************************************/ -/* - Shift left a certain amount of digits. - */ -int32 mp_lshd (mp_int * a, int32 b) -{ - int32 x, res; - -/* - If its less than zero return. - */ - if (b <= 0) { - return MP_OKAY; - } - -/* - Grow to fit the new digits. - */ - if (a->alloc < a->used + b) { - if ((res = mp_grow (a, a->used + b)) != MP_OKAY) { - return res; - } - } - - { - register mp_digit *top, *bottom; - -/* - Increment the used by the shift amount then copy upwards. - */ - a->used += b; - - /* top */ - top = a->dp + a->used - 1; - - /* base */ - bottom = a->dp + a->used - 1 - b; - -/* - Much like mp_rshd this is implemented using a sliding window - except the window goes the otherway around. Copying from - the bottom to the top. see bn_mp_rshd.c for more info. - */ - for (x = a->used - 1; x >= b; x--) { - *top-- = *bottom--; - } - - /* zero the lower digits */ - top = a->dp; - for (x = 0; x < b; x++) { - *top++ = 0; - } - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - Set to a digit. - */ -void mp_set (mp_int * a, mp_digit b) -{ - mp_zero (a); - a->dp[0] = b & MP_MASK; - a->used = (a->dp[0] != 0) ? 1 : 0; -} - -/******************************************************************************/ -/* - Swap the elements of two integers, for cases where you can't simply swap - the mp_int pointers around -*/ -void mp_exch (mp_int * a, mp_int * b) -{ - mp_int t; - - t = *a; - *a = *b; - *b = t; -} - -/******************************************************************************/ -/* - High level multiplication (handles sign) - */ -int32 mp_mul(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - int32 res, neg; - int32 digs = a->used + b->used + 1; - - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - -/* Can we use the fast multiplier? - - The fast multiplier can be used if the output will have less than - MP_WARRAY digits and the number of digits won't affect carry propagation -*/ - if ((digs < MP_WARRAY) && MIN(a->used, b->used) <= - (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - res = fast_s_mp_mul_digs(pool, a, b, c, digs); - } else { - res = s_mp_mul(pool, a, b, c); - } - c->sign = (c->used > 0) ? neg : MP_ZPOS; - return res; -} - -/******************************************************************************/ -/* - c = a mod b, 0 <= c < b - */ -int32 mp_mod(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - mp_int t; - int32 res; - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - - if ((res = mp_div (pool, a, b, NULL, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - - if (t.sign != b->sign) { - res = mp_add (b, &t, c); - } else { - res = MP_OKAY; - mp_exch (&t, c); - } - - mp_clear (&t); - return res; -} - -/******************************************************************************/ -/* - shifts with subtractions when the result is greater than b. - - The method is slightly modified to shift B unconditionally upto just under - the leading bit of b. This saves alot of multiple precision shifting. -*/ -int32 mp_montgomery_calc_normalization (mp_int * a, mp_int * b) -{ - int32 x, bits, res; - -/* - How many bits of last digit does b use - */ - bits = mp_count_bits (b) % DIGIT_BIT; - - if (b->used > 1) { - if ((res = mp_2expt(a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) { - return res; - } - } else { - mp_set(a, 1); - bits = 1; - } - -/* - Now compute C = A * B mod b - */ - for (x = bits - 1; x < (int32)DIGIT_BIT; x++) { - if ((res = mp_mul_2(a, a)) != MP_OKAY) { - return res; - } - if (mp_cmp_mag(a, b) != MP_LT) { - if ((res = s_mp_sub(a, b, a)) != MP_OKAY) { - return res; - } - } - } - - return MP_OKAY; -} - -/******************************************************************************/ -/* - d = a * b (mod c) - */ -int32 mp_mulmod(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - int32 res; - mp_int t; - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - - if ((res = mp_mul (pool, a, b, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - res = mp_mod (pool, &t, c, d); - mp_clear (&t); - return res; -} - -/******************************************************************************/ -/* - Computes b = a*a - */ -#ifdef USE_SMALL_WORD -int32 mp_sqr (psPool_t *pool, mp_int * a, mp_int * b) -{ - int32 res; - -/* - Can we use the fast comba multiplier? - */ - if ((a->used * 2 + 1) < MP_WARRAY && a->used < - (1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) { - res = fast_s_mp_sqr (pool, a, b); - } else { - res = s_mp_sqr (pool, a, b); - } - b->sign = MP_ZPOS; - return res; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - Computes xR**-1 == x (mod N) via Montgomery Reduction. - - This is an optimized implementation of montgomery_reduce - which uses the comba method to quickly calculate the columns of the - reduction. - - Based on Algorithm 14.32 on pp.601 of HAC. -*/ - -int32 fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) -{ - int32 ix, res, olduse; - mp_word W[MP_WARRAY]; - -/* - Get old used count - */ - olduse = x->used; - -/* - Grow a as required - */ - if (x->alloc < n->used + 1) { - if ((res = mp_grow(x, n->used + 1)) != MP_OKAY) { - return res; - } - } - -/* - First we have to get the digits of the input into - an array of double precision words W[...] - */ - { - register mp_word *_W; - register mp_digit *tmpx; - -/* - Alias for the W[] array - */ - _W = W; - -/* - Alias for the digits of x - */ - tmpx = x->dp; - -/* - Copy the digits of a into W[0..a->used-1] - */ - for (ix = 0; ix < x->used; ix++) { - *_W++ = *tmpx++; - } - -/* - Zero the high words of W[a->used..m->used*2] - */ - for (; ix < n->used * 2 + 1; ix++) { - *_W++ = 0; - } - } - -/* - Now we proceed to zero successive digits from the least - significant upwards. - */ - for (ix = 0; ix < n->used; ix++) { -/* - mu = ai * m' mod b - - We avoid a double precision multiplication (which isn't required) by - casting the value down to a mp_digit. Note this requires that - W[ix-1] have the carry cleared (see after the inner loop) - */ - register mp_digit mu; - mu = (mp_digit) (((W[ix] & MP_MASK) * rho) & MP_MASK); - -/* - a = a + mu * m * b**i - - This is computed in place and on the fly. The multiplication by b**i - is handled by offseting which columns the results are added to. - - Note the comba method normally doesn't handle carries in the inner loop - In this case we fix the carry from the previous column since the - Montgomery reduction requires digits of the result (so far) [see above] - to work. This is handled by fixing up one carry after the inner loop. - The carry fixups are done in order so after these loops the first - m->used words of W[] have the carries fixed - */ - { - register int32 iy; - register mp_digit *tmpn; - register mp_word *_W; - -/* - Alias for the digits of the modulus - */ - tmpn = n->dp; - -/* - Alias for the columns set by an offset of ix - */ - _W = W + ix; - -/* - inner loop - */ - for (iy = 0; iy < n->used; iy++) { - *_W++ += ((mp_word)mu) * ((mp_word)*tmpn++); - } - } - -/* - Now fix carry for next digit, W[ix+1] - */ - W[ix + 1] += W[ix] >> ((mp_word) DIGIT_BIT); - } - -/* - Now we have to propagate the carries and shift the words downward [all those - least significant digits we zeroed]. - */ - { - register mp_digit *tmpx; - register mp_word *_W, *_W1; - -/* - Now fix rest of carries - */ - -/* - alias for current word - */ - _W1 = W + ix; - -/* - alias for next word, where the carry goes - */ - _W = W + ++ix; - - for (; ix <= n->used * 2 + 1; ix++) { - *_W++ += *_W1++ >> ((mp_word) DIGIT_BIT); - } - -/* - copy out, A = A/b**n - - The result is A/b**n but instead of converting from an - array of mp_word to mp_digit than calling mp_rshd - we just copy them in the right order - */ - -/* - alias for destination word - */ - tmpx = x->dp; - -/* - alias for shifted double precision result - */ - _W = W + n->used; - - for (ix = 0; ix < n->used + 1; ix++) { - *tmpx++ = (mp_digit)(*_W++ & ((mp_word) MP_MASK)); - } - -/* - zero oldused digits, if the input a was larger than - m->used+1 we'll have to clear the digits - */ - for (; ix < olduse; ix++) { - *tmpx++ = 0; - } - } - -/* - Set the max used and clamp - */ - x->used = n->used + 1; - mp_clamp(x); - -/* - if A >= m then A = A - m - */ - if (mp_cmp_mag(x, n) != MP_LT) { - return s_mp_sub(x, n, x); - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - High level addition (handles signs) - */ -int32 mp_add (mp_int * a, mp_int * b, mp_int * c) -{ - int32 sa, sb, res; - -/* - Get sign of both inputs - */ - sa = a->sign; - sb = b->sign; - -/* - Handle two cases, not four. - */ - if (sa == sb) { -/* - Both positive or both negative. Add their magnitudes, copy the sign. - */ - c->sign = sa; - res = s_mp_add (a, b, c); - } else { -/* - One positive, the other negative. Subtract the one with the greater - magnitude from the one of the lesser magnitude. The result gets the sign of - the one with the greater magnitude. - */ - if (mp_cmp_mag (a, b) == MP_LT) { - c->sign = sb; - res = s_mp_sub (b, a, c); - } else { - c->sign = sa; - res = s_mp_sub (a, b, c); - } - } - return res; -} - -/******************************************************************************/ -/* - Compare a digit. - */ -int32 mp_cmp_d (mp_int * a, mp_digit b) -{ -/* - Compare based on sign - */ - if (a->sign == MP_NEG) { - return MP_LT; - } - -/* - Compare based on magnitude - */ - if (a->used > 1) { - return MP_GT; - } - -/* - Compare the only digit of a to b - */ - if (a->dp[0] > b) { - return MP_GT; - } else if (a->dp[0] < b) { - return MP_LT; - } else { - return MP_EQ; - } -} - -/******************************************************************************/ -/* - b = a/2 - */ -int32 mp_div_2 (mp_int * a, mp_int * b) -{ - int32 x, res, oldused; - -/* - Copy - */ - if (b->alloc < a->used) { - if ((res = mp_grow (b, a->used)) != MP_OKAY) { - return res; - } - } - - oldused = b->used; - b->used = a->used; - { - register mp_digit r, rr, *tmpa, *tmpb; - -/* - Source alias - */ - tmpa = a->dp + b->used - 1; - -/* - dest alias - */ - tmpb = b->dp + b->used - 1; - -/* - carry - */ - r = 0; - for (x = b->used - 1; x >= 0; x--) { -/* - Get the carry for the next iteration - */ - rr = *tmpa & 1; - -/* - Shift the current digit, add in carry and store - */ - *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1)); -/* - Forward carry to next iteration - */ - r = rr; - } - -/* - Zero excess digits - */ - tmpb = b->dp + b->used; - for (x = b->used; x < oldused; x++) { - *tmpb++ = 0; - } - } - b->sign = a->sign; - mp_clamp (b); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Computes xR**-1 == x (mod N) via Montgomery Reduction - */ -#ifdef USE_SMALL_WORD -int32 mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) -{ - int32 ix, res, digs; - mp_digit mu; - -/* Can the fast reduction [comba] method be used? - - Note that unlike in mul you're safely allowed *less* than the available - columns [255 per default] since carries are fixed up in the inner loop. - */ - digs = n->used * 2 + 1; - if ((digs < MP_WARRAY) && - n->used < - (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - return fast_mp_montgomery_reduce (x, n, rho); - } - -/* - Grow the input as required. - */ - if (x->alloc < digs) { - if ((res = mp_grow (x, digs)) != MP_OKAY) { - return res; - } - } - x->used = digs; - - for (ix = 0; ix < n->used; ix++) { -/* - mu = ai * rho mod b - - The value of rho must be precalculated via mp_montgomery_setup() - such that it equals -1/n0 mod b this allows the following inner - loop to reduce the input one digit at a time - */ - mu = (mp_digit)(((mp_word)x->dp[ix]) * ((mp_word)rho) & MP_MASK); - - /* a = a + mu * m * b**i */ - { - register int32 iy; - register mp_digit *tmpn, *tmpx, u; - register mp_word r; - -/* - alias for digits of the modulus - */ - tmpn = n->dp; - -/* - alias for the digits of x [the input] - */ - tmpx = x->dp + ix; - -/* - set the carry to zero - */ - u = 0; - -/* - Multiply and add in place - */ - for (iy = 0; iy < n->used; iy++) { - /* compute product and sum */ - r = ((mp_word)mu) * ((mp_word)*tmpn++) + - ((mp_word) u) + ((mp_word) * tmpx); - - /* get carry */ - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - - /* fix digit */ - *tmpx++ = (mp_digit)(r & ((mp_word) MP_MASK)); - } - /* At this point the ix'th digit of x should be zero */ - - -/* - propagate carries upwards as required - */ - while (u) { - *tmpx += u; - u = *tmpx >> DIGIT_BIT; - *tmpx++ &= MP_MASK; - } - } - } - -/* - At this point the n.used'th least significant digits of x are all zero - which means we can shift x to the right by n.used digits and the - residue is unchanged. -*/ - /* x = x/b**n.used */ - mp_clamp(x); - mp_rshd (x, n->used); - - /* if x >= n then x = x - n */ - if (mp_cmp_mag (x, n) != MP_LT) { - return s_mp_sub (x, n, x); - } - - return MP_OKAY; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - Setups the montgomery reduction stuff. - */ -int32 mp_montgomery_setup (mp_int * n, mp_digit * rho) -{ - mp_digit x, b; - -/* - fast inversion mod 2**k - - Based on the fact that - - XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n) - => 2*X*A - X*X*A*A = 1 - => 2*(1) - (1) = 1 -*/ - b = n->dp[0]; - - if ((b & 1) == 0) { - return MP_VAL; - } - - x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */ - x = (x * (2 - b * x)) & MP_MASK; /* here x*a==1 mod 2**8 */ -#if !defined(MP_8BIT) - x = (x * (2 - b * x)) & MP_MASK; /* here x*a==1 mod 2**8 */ -#endif /* MP_8BIT */ -#if defined(MP_64BIT) || !(defined(MP_8BIT) || defined(MP_16BIT)) - x *= 2 - b * x; /* here x*a==1 mod 2**32 */ -#endif -#ifdef MP_64BIT - x *= 2 - b * x; /* here x*a==1 mod 2**64 */ -#endif /* MP_64BIT */ - - /* rho = -1/m mod b */ - *rho = (((mp_word) 1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; - - return MP_OKAY; -} - -/******************************************************************************/ -/* - High level subtraction (handles signs) - */ -int32 mp_sub (mp_int * a, mp_int * b, mp_int * c) -{ - int32 sa, sb, res; - - sa = a->sign; - sb = b->sign; - - if (sa != sb) { -/* - Subtract a negative from a positive, OR subtract a positive from a - negative. In either case, ADD their magnitudes, and use the sign of - the first number. - */ - c->sign = sa; - res = s_mp_add (a, b, c); - } else { -/* - Subtract a positive from a positive, OR subtract a negative - from a negative. First, take the difference between their - magnitudes, then... - */ - if (mp_cmp_mag (a, b) != MP_LT) { -/* - Copy the sign from the first - */ - c->sign = sa; - /* The first has a larger or equal magnitude */ - res = s_mp_sub (a, b, c); - } else { -/* - The result has the *opposite* sign from the first number. - */ - c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; -/* - The second has a larger magnitude - */ - res = s_mp_sub (b, a, c); - } - } - return res; -} - -/******************************************************************************/ -/* - calc a value mod 2**b - */ -int32 mp_mod_2d (mp_int * a, int32 b, mp_int * c) -{ - int32 x, res; - -/* - if b is <= 0 then zero the int32 - */ - if (b <= 0) { - mp_zero (c); - return MP_OKAY; - } - -/* - If the modulus is larger than the value than return - */ - if (b >=(int32) (a->used * DIGIT_BIT)) { - res = mp_copy (a, c); - return res; - } - - /* copy */ - if ((res = mp_copy (a, c)) != MP_OKAY) { - return res; - } - -/* - Zero digits above the last digit of the modulus - */ - for (x = (b / DIGIT_BIT) + ((b % DIGIT_BIT) == 0 ? 0 : 1); x < c->used; x++) { - c->dp[x] = 0; - } -/* - Clear the digit that is not completely outside/inside the modulus - */ - c->dp[b / DIGIT_BIT] &= - (mp_digit) ((((mp_digit) 1) << (((mp_digit) b) % DIGIT_BIT)) - ((mp_digit) 1)); - mp_clamp (c); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Shift right a certain amount of digits. - */ -void mp_rshd (mp_int * a, int32 b) -{ - int32 x; - -/* - If b <= 0 then ignore it - */ - if (b <= 0) { - return; - } - -/* - If b > used then simply zero it and return. -*/ - if (a->used <= b) { - mp_zero (a); - return; - } - - { - register mp_digit *bottom, *top; - -/* - Shift the digits down - */ - /* bottom */ - bottom = a->dp; - - /* top [offset into digits] */ - top = a->dp + b; - -/* - This is implemented as a sliding window where the window is b-digits long - and digits from the top of the window are copied to the bottom. - - e.g. - - b-2 | b-1 | b0 | b1 | b2 | ... | bb | ----> - /\ | ----> - \-------------------/ ----> - */ - for (x = 0; x < (a->used - b); x++) { - *bottom++ = *top++; - } - -/* - Zero the top digits - */ - for (; x < a->used; x++) { - *bottom++ = 0; - } - } - -/* - Remove excess digits - */ - a->used -= b; -} - -/******************************************************************************/ -/* - Low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 - */ -int32 s_mp_sub (mp_int * a, mp_int * b, mp_int * c) -{ - int32 olduse, res, min, max; - -/* - Find sizes - */ - min = b->used; - max = a->used; - -/* - init result - */ - if (c->alloc < max) { - if ((res = mp_grow (c, max)) != MP_OKAY) { - return res; - } - } - olduse = c->used; - c->used = max; - - { - register mp_digit u, *tmpa, *tmpb, *tmpc; - register int32 i; - -/* - alias for digit pointers - */ - tmpa = a->dp; - tmpb = b->dp; - tmpc = c->dp; - -/* - set carry to zero - */ - u = 0; - for (i = 0; i < min; i++) { - /* T[i] = A[i] - B[i] - U */ - *tmpc = *tmpa++ - *tmpb++ - u; - -/* - U = carry bit of T[i] - Note this saves performing an AND operation since if a carry does occur it - will propagate all the way to the MSB. As a result a single shift - is enough to get the carry - */ - u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1)); - - /* Clear carry from T[i] */ - *tmpc++ &= MP_MASK; - } - -/* - Now copy higher words if any, e.g. if A has more digits than B - */ - for (; i < max; i++) { - /* T[i] = A[i] - U */ - *tmpc = *tmpa++ - u; - - /* U = carry bit of T[i] */ - u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1)); - - /* Clear carry from T[i] */ - *tmpc++ &= MP_MASK; - } - -/* - Clear digits above used (since we may not have grown result above) - */ - for (i = c->used; i < olduse; i++) { - *tmpc++ = 0; - } - } - - mp_clamp (c); - return MP_OKAY; -} -/******************************************************************************/ -/* - integer signed division. - - c*b + d == a [e.g. a/b, c=quotient, d=remainder] - HAC pp.598 Algorithm 14.20 - - Note that the description in HAC is horribly incomplete. For example, - it doesn't consider the case where digits are removed from 'x' in the inner - loop. It also doesn't consider the case that y has fewer than three - digits, etc.. - - The overall algorithm is as described as 14.20 from HAC but fixed to - treat these cases. - */ -#ifdef MP_DIV_SMALL -int32 mp_div(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - mp_int ta, tb, tq, q; - int32 res, n, n2; - -/* - is divisor zero ? - */ - if (mp_iszero (b) == 1) { - return MP_VAL; - } - -/* - if a < b then q=0, r = a - */ - if (mp_cmp_mag (a, b) == MP_LT) { - if (d != NULL) { - res = mp_copy (a, d); - } else { - res = MP_OKAY; - } - if (c != NULL) { - mp_zero (c); - } - return res; - } - -/* - init our temps - */ - if ((res = _mp_init_multi(pool, &ta, &tb, &tq, &q, NULL, NULL, NULL, NULL) != MP_OKAY)) { - return res; - } - -/* - tq = 2^n, tb == b*2^n - */ - mp_set(&tq, 1); - n = mp_count_bits(a) - mp_count_bits(b); - if (((res = mp_abs(a, &ta)) != MP_OKAY) || - ((res = mp_abs(b, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) { - goto __ERR; - } -/* old - if (((res = mp_copy(a, &ta)) != MP_OKAY) || - ((res = mp_copy(b, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) { - goto LBL_ERR; - } -*/ - while (n-- >= 0) { - if (mp_cmp(&tb, &ta) != MP_GT) { - if (((res = mp_sub(&ta, &tb, &ta)) != MP_OKAY) || - ((res = mp_add(&q, &tq, &q)) != MP_OKAY)) { - goto LBL_ERR; - } - } - if (((res = mp_div_2d(pool, &tb, 1, &tb, NULL)) != MP_OKAY) || - ((res = mp_div_2d(pool, &tq, 1, &tq, NULL)) != MP_OKAY)) { - goto LBL_ERR; - } - } - -/* - now q == quotient and ta == remainder - */ - n = a->sign; - n2 = (a->sign == b->sign ? MP_ZPOS : MP_NEG); - if (c != NULL) { - mp_exch(c, &q); - c->sign = (mp_iszero(c) == MP_YES) ? MP_ZPOS : n2; - } - if (d != NULL) { - mp_exch(d, &ta); - d->sign = (mp_iszero(d) == MP_YES) ? MP_ZPOS : n; - } -LBL_ERR: - _mp_clear_multi(&ta, &tb, &tq, &q, NULL, NULL, NULL, NULL); - return res; -} -#else /* MP_DIV_SMALL */ - -int32 mp_div(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - mp_int q, x, y, t1, t2; - int32 res, n, t, i, norm, neg; - -/* - is divisor zero ? - */ - if (mp_iszero(b) == 1) { - return MP_VAL; - } - -/* - if a < b then q=0, r = a - */ - if (mp_cmp_mag(a, b) == MP_LT) { - if (d != NULL) { - res = mp_copy(a, d); - } else { - res = MP_OKAY; - } - if (c != NULL) { - mp_zero(c); - } - return res; - } - - if ((res = mp_init_size(pool, &q, a->used + 2)) != MP_OKAY) { - return res; - } - q.used = a->used + 2; - - if ((res = mp_init(pool, &t1)) != MP_OKAY) { - goto LBL_Q; - } - - if ((res = mp_init(pool, &t2)) != MP_OKAY) { - goto LBL_T1; - } - - if ((res = mp_init_copy(pool, &x, a)) != MP_OKAY) { - goto LBL_T2; - } - - if ((res = mp_init_copy(pool, &y, b)) != MP_OKAY) { - goto LBL_X; - } - -/* - fix the sign - */ - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - x.sign = y.sign = MP_ZPOS; - -/* - normalize both x and y, ensure that y >= b/2, [b == 2**DIGIT_BIT] - */ - norm = mp_count_bits(&y) % DIGIT_BIT; - if (norm < (int32)(DIGIT_BIT-1)) { - norm = (DIGIT_BIT-1) - norm; - if ((res = mp_mul_2d(&x, norm, &x)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_mul_2d(&y, norm, &y)) != MP_OKAY) { - goto LBL_Y; - } - } else { - norm = 0; - } - -/* - note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 - */ - n = x.used - 1; - t = y.used - 1; - -/* - while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } - */ - if ((res = mp_lshd(&y, n - t)) != MP_OKAY) { /* y = y*b**{n-t} */ - goto LBL_Y; - } - - while (mp_cmp(&x, &y) != MP_LT) { - ++(q.dp[n - t]); - if ((res = mp_sub(&x, &y, &x)) != MP_OKAY) { - goto LBL_Y; - } - } - -/* - reset y by shifting it back down - */ - mp_rshd(&y, n - t); - -/* - step 3. for i from n down to (t + 1) - */ - for (i = n; i >= (t + 1); i--) { - if (i > x.used) { - continue; - } - -/* - step 3.1 if xi == yt then set q{i-t-1} to b-1, - otherwise set q{i-t-1} to (xi*b + x{i-1})/yt - */ - if (x.dp[i] == y.dp[t]) { - q.dp[i - t - 1] = ((((mp_digit)1) << DIGIT_BIT) - 1); - } else { - mp_word tmp; - tmp = ((mp_word) x.dp[i]) << ((mp_word) DIGIT_BIT); - tmp |= ((mp_word) x.dp[i - 1]); - tmp /= ((mp_word) y.dp[t]); - if (tmp > (mp_word) MP_MASK) { - tmp = MP_MASK; - } - q.dp[i - t - 1] = (mp_digit) (tmp & (mp_word) (MP_MASK)); - } - -/* - while (q{i-t-1} * (yt * b + y{t-1})) > - xi * b**2 + xi-1 * b + xi-2 - - do q{i-t-1} -= 1; - */ - q.dp[i - t - 1] = (q.dp[i - t - 1] + 1) & MP_MASK; - do { - q.dp[i - t - 1] = (q.dp[i - t - 1] - 1) & MP_MASK; - -/* - find left hand - */ - mp_zero (&t1); - t1.dp[0] = (t - 1 < 0) ? 0 : y.dp[t - 1]; - t1.dp[1] = y.dp[t]; - t1.used = 2; - if ((res = mp_mul_d (&t1, q.dp[i - t - 1], &t1)) != MP_OKAY) { - goto LBL_Y; - } - -/* - find right hand - */ - t2.dp[0] = (i - 2 < 0) ? 0 : x.dp[i - 2]; - t2.dp[1] = (i - 1 < 0) ? 0 : x.dp[i - 1]; - t2.dp[2] = x.dp[i]; - t2.used = 3; - } while (mp_cmp_mag(&t1, &t2) == MP_GT); - -/* - step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} - */ - if ((res = mp_mul_d(&y, q.dp[i - t - 1], &t1)) != MP_OKAY) { - goto LBL_Y; - } - - if ((res = mp_lshd(&t1, i - t - 1)) != MP_OKAY) { - goto LBL_Y; - } - - if ((res = mp_sub(&x, &t1, &x)) != MP_OKAY) { - goto LBL_Y; - } - -/* - if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } - */ - if (x.sign == MP_NEG) { - if ((res = mp_copy(&y, &t1)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_lshd (&t1, i - t - 1)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_add (&x, &t1, &x)) != MP_OKAY) { - goto LBL_Y; - } - - q.dp[i - t - 1] = (q.dp[i - t - 1] - 1UL) & MP_MASK; - } - } - -/* - now q is the quotient and x is the remainder - [which we have to normalize] - */ - -/* - get sign before writing to c - */ - x.sign = x.used == 0 ? MP_ZPOS : a->sign; - - if (c != NULL) { - mp_clamp(&q); - mp_exch(&q, c); - c->sign = neg; - } - - if (d != NULL) { - mp_div_2d(pool, &x, norm, &x, NULL); - mp_exch(&x, d); - } - - res = MP_OKAY; - -LBL_Y:mp_clear (&y); -LBL_X:mp_clear (&x); -LBL_T2:mp_clear (&t2); -LBL_T1:mp_clear (&t1); -LBL_Q:mp_clear (&q); - return res; -} -#endif /* MP_DIV_SMALL */ - -/******************************************************************************/ -/* - multiplies |a| * |b| and only computes upto digs digits of result - HAC pp. 595, Algorithm 14.12 Modified so you can control how many digits - of output are created. - */ -#ifdef USE_SMALL_WORD -int32 s_mp_mul_digs(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, int32 digs) -{ - mp_int t; - int32 res, pa, pb, ix, iy; - mp_digit u; - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -/* - Can we use the fast multiplier? - */ - if (((digs) < MP_WARRAY) && - MIN (a->used, b->used) < - (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - return fast_s_mp_mul_digs (pool, a, b, c, digs); - } - - if ((res = mp_init_size(pool, &t, digs)) != MP_OKAY) { - return res; - } - t.used = digs; - -/* - Compute the digits of the product directly - */ - pa = a->used; - for (ix = 0; ix < pa; ix++) { - /* set the carry to zero */ - u = 0; - -/* - Limit ourselves to making digs digits of output. -*/ - pb = MIN (b->used, digs - ix); - -/* - Setup some aliases. Copy of the digit from a used - within the nested loop - */ - tmpx = a->dp[ix]; - -/* - An alias for the destination shifted ix places - */ - tmpt = t.dp + ix; - -/* - An alias for the digits of b - */ - tmpy = b->dp; - -/* - Compute the columns of the output and propagate the carry - */ - for (iy = 0; iy < pb; iy++) { - /* compute the column as a mp_word */ - r = ((mp_word)*tmpt) + - ((mp_word)tmpx) * ((mp_word)*tmpy++) + - ((mp_word) u); - - /* the new column is the lower part of the result */ - *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK)); - - /* get the carry word from the result */ - u = (mp_digit) (r >> ((mp_word) DIGIT_BIT)); - } -/* - Set carry if it is placed below digs - */ - if (ix + iy < digs) { - *tmpt = u; - } - } - - mp_clamp (&t); - mp_exch (&t, c); - - mp_clear (&t); - return MP_OKAY; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - Fast (comba) multiplier - - This is the fast column-array [comba] multiplier. It is designed to - compute the columns of the product first then handle the carries afterwards. - This has the effect of making the nested loops that compute the columns - very simple and schedulable on super-scalar processors. - - This has been modified to produce a variable number of digits of output so - if say only a half-product is required you don't have to compute the upper - half (a feature required for fast Barrett reduction). - - Based on Algorithm 14.12 on pp.595 of HAC. -*/ - -int32 fast_s_mp_mul_digs(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, - int32 digs) -{ - int32 olduse, res, pa, ix, iz, neg; - mp_digit W[MP_WARRAY]; - register mp_word _W; - - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - -/* - grow the destination as required - */ - if (c->alloc < digs) { - if ((res = mp_grow(c, digs)) != MP_OKAY) { - return res; - } - } - -/* - number of output digits to produce - */ - pa = MIN(digs, a->used + b->used); - -/* - clear the carry - */ - _W = 0; - for (ix = 0; ix < pa; ix++) { - int32 tx, ty; - int32 iy; - mp_digit *tmpx, *tmpy; - -/* - get offsets into the two bignums - */ - ty = MIN(b->used-1, ix); - tx = ix - ty; - -/* - setup temp aliases - */ - tmpx = a->dp + tx; - tmpy = b->dp + ty; - -/* - this is the number of times the loop will iterrate, essentially its - while (tx++ < a->used && ty-- >= 0) { ... } - */ - iy = MIN(a->used-tx, ty+1); - -/* - execute loop - */ - for (iz = 0; iz < iy; ++iz) { - _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); - } - -/* - store term - */ - W[ix] = (mp_digit)(_W & MP_MASK); - -/* - make next carry - */ - _W = _W >> ((mp_word)DIGIT_BIT); - } - -/* - store final carry - */ - W[ix] = (mp_digit)(_W & MP_MASK); - -/* - setup dest - */ - olduse = c->used; - c->used = pa; - - { - register mp_digit *tmpc; - tmpc = c->dp; - for (ix = 0; ix < pa+1; ix++) { -/* - now extract the previous digit [below the carry] - */ - *tmpc++ = W[ix]; - } - -/* - clear unused digits [that existed in the old copy of c] - */ - for (; ix < olduse; ix++) { - *tmpc++ = 0; - } - } - mp_clamp (c); - c->sign = (c->used > 0) ? neg : MP_ZPOS; - return MP_OKAY; -} - -/******************************************************************************/ -/* - b = a*2 - */ -int32 mp_mul_2 (mp_int * a, mp_int * b) -{ - int32 x, res, oldused; - -/* - grow to accomodate result - */ - if (b->alloc < a->used + 1) { - if ((res = mp_grow (b, a->used + 1)) != MP_OKAY) { - return res; - } - } - - oldused = b->used; - b->used = a->used; - - { - register mp_digit r, rr, *tmpa, *tmpb; - - /* alias for source */ - tmpa = a->dp; - - /* alias for dest */ - tmpb = b->dp; - - /* carry */ - r = 0; - for (x = 0; x < a->used; x++) { - -/* - get what will be the *next* carry bit from the MSB of the - current digit - */ - rr = *tmpa >> ((mp_digit)(DIGIT_BIT - 1)); - -/* - now shift up this digit, add in the carry [from the previous] - */ - *tmpb++ = ((*tmpa++ << ((mp_digit)1)) | r) & MP_MASK; - -/* copy the carry that would be from the source digit into the next - iteration - */ - r = rr; - } - -/* - new leading digit? - */ - if (r != 0) { -/* - add a MSB which is always 1 at this point - */ - *tmpb = 1; - ++(b->used); - } - -/* - now zero any excess digits on the destination that we didn't write to - */ - tmpb = b->dp + b->used; - for (x = b->used; x < oldused; x++) { - *tmpb++ = 0; - } - } - b->sign = a->sign; - return MP_OKAY; -} - -/******************************************************************************/ -/* - multiply by a digit - */ -int32 mp_mul_d(mp_int * a, mp_digit b, mp_int * c) -{ - mp_digit u, *tmpa, *tmpc; - mp_word r; - int32 ix, res, olduse; - -/* - make sure c is big enough to hold a*b - */ - if (c->alloc < a->used + 1) { - if ((res = mp_grow (c, a->used + 1)) != MP_OKAY) { - return res; - } - } - -/* - get the original destinations used count - */ - olduse = c->used; - -/* - set the sign - */ - c->sign = a->sign; - -/* - alias for a->dp [source] - */ - tmpa = a->dp; - -/* - alias for c->dp [dest] - */ - tmpc = c->dp; - - /* zero carry */ - u = 0; - - /* compute columns */ - for (ix = 0; ix < a->used; ix++) { -/* - compute product and carry sum for this term - */ - r = ((mp_word) u) + ((mp_word)*tmpa++) * ((mp_word)b); - -/* - mask off higher bits to get a single digit - */ - *tmpc++ = (mp_digit) (r & ((mp_word) MP_MASK)); - -/* - send carry into next iteration - */ - u = (mp_digit) (r >> ((mp_word) DIGIT_BIT)); - } - -/* - store final carry [if any] and increment ix offset - */ - *tmpc++ = u; - ++ix; - -/* - now zero digits above the top - */ - while (ix++ < olduse) { - *tmpc++ = 0; - } - - /* set used count */ - c->used = a->used + 1; - mp_clamp(c); - - return MP_OKAY; -} - -/******************************************************************************/ -/* - low level squaring, b = a*a, HAC pp.596-597, Algorithm 14.16 - */ -#ifdef USE_SMALL_WORD -int32 s_mp_sqr (psPool_t *pool, mp_int * a, mp_int * b) -{ - mp_int t; - int32 res, ix, iy, pa; - mp_word r; - mp_digit u, tmpx, *tmpt; - - pa = a->used; - if ((res = mp_init_size(pool, &t, 2*pa + 1)) != MP_OKAY) { - return res; - } - -/* - default used is maximum possible size - */ - t.used = 2*pa + 1; - - for (ix = 0; ix < pa; ix++) { -/* - first calculate the digit at 2*ix - calculate double precision result - */ - r = ((mp_word) t.dp[2*ix]) + - ((mp_word)a->dp[ix])*((mp_word)a->dp[ix]); - -/* - store lower part in result - */ - t.dp[ix+ix] = (mp_digit) (r & ((mp_word) MP_MASK)); - -/* - get the carry - */ - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - -/* - left hand side of A[ix] * A[iy] - */ - tmpx = a->dp[ix]; - -/* - alias for where to store the results - */ - tmpt = t.dp + (2*ix + 1); - - for (iy = ix + 1; iy < pa; iy++) { -/* - first calculate the product - */ - r = ((mp_word)tmpx) * ((mp_word)a->dp[iy]); - -/* - now calculate the double precision result, note we use addition - instead of *2 since it's easier to optimize - */ - r = ((mp_word) *tmpt) + r + r + ((mp_word) u); - -/* - store lower part - */ - *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK)); - - /* get carry */ - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - } - /* propagate upwards */ - while (u != ((mp_digit) 0)) { - r = ((mp_word) *tmpt) + ((mp_word) u); - *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK)); - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - } - } - - mp_clamp (&t); - mp_exch (&t, b); - mp_clear (&t); - return MP_OKAY; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - fast squaring - - This is the comba method where the columns of the product are computed - first then the carries are computed. This has the effect of making a very - simple inner loop that is executed the most - - W2 represents the outer products and W the inner. - - A further optimizations is made because the inner products are of the - form "A * B * 2". The *2 part does not need to be computed until the end - which is good because 64-bit shifts are slow! - - Based on Algorithm 14.16 on pp.597 of HAC. - - This is the 1.0 version, but no SSE stuff -*/ -int32 fast_s_mp_sqr(psPool_t *pool, mp_int * a, mp_int * b) -{ - int32 olduse, res, pa, ix, iz; - mp_digit W[MP_WARRAY], *tmpx; - mp_word W1; - -/* - grow the destination as required - */ - pa = a->used + a->used; - if (b->alloc < pa) { - if ((res = mp_grow(b, pa)) != MP_OKAY) { - return res; - } - } - -/* - number of output digits to produce - */ - W1 = 0; - for (ix = 0; ix < pa; ix++) { - int32 tx, ty, iy; - mp_word _W; - mp_digit *tmpy; - -/* - clear counter - */ - _W = 0; - -/* - get offsets into the two bignums - */ - ty = MIN(a->used-1, ix); - tx = ix - ty; - -/* - setup temp aliases - */ - tmpx = a->dp + tx; - tmpy = a->dp + ty; - -/* - this is the number of times the loop will iterrate, essentially - while (tx++ < a->used && ty-- >= 0) { ... } -*/ - iy = MIN(a->used-tx, ty+1); - -/* - now for squaring tx can never equal ty - we halve the distance since they approach at a rate of 2x - and we have to round because odd cases need to be executed -*/ - iy = MIN(iy, (ty-tx+1)>>1); - -/* - execute loop - */ - for (iz = 0; iz < iy; iz++) { - _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); - } - -/* - double the inner product and add carry - */ - _W = _W + _W + W1; - -/* - even columns have the square term in them - */ - if ((ix&1) == 0) { - _W += ((mp_word)a->dp[ix>>1])*((mp_word)a->dp[ix>>1]); - } - -/* - store it - */ - W[ix] = (mp_digit)(_W & MP_MASK); - -/* - make next carry - */ - W1 = _W >> ((mp_word)DIGIT_BIT); - } - -/* - setup dest - */ - olduse = b->used; - b->used = a->used+a->used; - - { - mp_digit *tmpb; - tmpb = b->dp; - for (ix = 0; ix < pa; ix++) { - *tmpb++ = W[ix] & MP_MASK; - } - -/* - clear unused digits [that existed in the old copy of c] - */ - for (; ix < olduse; ix++) { - *tmpb++ = 0; - } - } - mp_clamp(b); - return MP_OKAY; -} - -/******************************************************************************/ -/* - computes a = 2**b - - Simple algorithm which zeroes the int32, grows it then just sets one bit - as required. - */ -int32 mp_2expt (mp_int * a, int32 b) -{ - int32 res; - -/* - zero a as per default - */ - mp_zero (a); - -/* - grow a to accomodate the single bit - */ - if ((res = mp_grow (a, b / DIGIT_BIT + 1)) != MP_OKAY) { - return res; - } - -/* - set the used count of where the bit will go - */ - a->used = b / DIGIT_BIT + 1; - -/* - put the single bit in its place - */ - a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT); - - return MP_OKAY; -} - -/******************************************************************************/ -/* - init an mp_init for a given size - */ -int32 mp_init_size(psPool_t *pool, mp_int * a, int32 size) -{ - int x; -/* - pad size so there are always extra digits - */ - size += (MP_PREC * 2) - (size % MP_PREC); - -/* - alloc mem - */ - a->dp = OPT_CAST(mp_digit) psMalloc(pool, sizeof (mp_digit) * size); - if (a->dp == NULL) { - return MP_MEM; - } - a->used = 0; - a->alloc = size; - a->sign = MP_ZPOS; - -/* - zero the digits - */ - for (x = 0; x < size; x++) { - a->dp[x] = 0; - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - low level addition, based on HAC pp.594, Algorithm 14.7 - */ -int32 s_mp_add (mp_int * a, mp_int * b, mp_int * c) -{ - mp_int *x; - int32 olduse, res, min, max; - -/* - find sizes, we let |a| <= |b| which means we have to sort them. "x" will - point to the input with the most digits - */ - if (a->used > b->used) { - min = b->used; - max = a->used; - x = a; - } else { - min = a->used; - max = b->used; - x = b; - } - - /* init result */ - if (c->alloc < max + 1) { - if ((res = mp_grow (c, max + 1)) != MP_OKAY) { - return res; - } - } - -/* - get old used digit count and set new one - */ - olduse = c->used; - c->used = max + 1; - - { - register mp_digit u, *tmpa, *tmpb, *tmpc; - register int32 i; - - /* alias for digit pointers */ - - /* first input */ - tmpa = a->dp; - - /* second input */ - tmpb = b->dp; - - /* destination */ - tmpc = c->dp; - - /* zero the carry */ - u = 0; - for (i = 0; i < min; i++) { -/* - Compute the sum at one digit, T[i] = A[i] + B[i] + U - */ - *tmpc = *tmpa++ + *tmpb++ + u; - -/* - U = carry bit of T[i] - */ - u = *tmpc >> ((mp_digit)DIGIT_BIT); - -/* - take away carry bit from T[i] - */ - *tmpc++ &= MP_MASK; - } - -/* - now copy higher words if any, that is in A+B if A or B has more digits add - those in - */ - if (min != max) { - for (; i < max; i++) { - /* T[i] = X[i] + U */ - *tmpc = x->dp[i] + u; - - /* U = carry bit of T[i] */ - u = *tmpc >> ((mp_digit)DIGIT_BIT); - - /* take away carry bit from T[i] */ - *tmpc++ &= MP_MASK; - } - } - - /* add carry */ - *tmpc++ = u; - -/* - clear digits above oldused - */ - for (i = c->used; i < olduse; i++) { - *tmpc++ = 0; - } - } - - mp_clamp (c); - return MP_OKAY; -} - -/******************************************************************************/ -/* - FUTURE - this is only needed by the SSH code, SLOW or not, because RSA - exponents are always odd. -*/ -int32 mp_invmodSSH(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - mp_int x, y, u, v, A, B, C, D; - int32 res; - -/* - b cannot be negative - */ - if (b->sign == MP_NEG || mp_iszero(b) == 1) { - return MP_VAL; - } - -/* - if the modulus is odd we can use a faster routine instead - */ - if (mp_isodd (b) == 1) { - return fast_mp_invmod(pool, a, b, c); - } - -/* - init temps - */ - if ((res = _mp_init_multi(pool, &x, &y, &u, &v, - &A, &B, &C, &D)) != MP_OKAY) { - return res; - } - - /* x = a, y = b */ - if ((res = mp_copy(a, &x)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(b, &y)) != MP_OKAY) { - goto LBL_ERR; - } - -/* - 2. [modified] if x,y are both even then return an error! - */ - if (mp_iseven(&x) == 1 && mp_iseven (&y) == 1) { - res = MP_VAL; - goto LBL_ERR; - } - -/* - 3. u=x, v=y, A=1, B=0, C=0,D=1 - */ - if ((res = mp_copy(&x, &u)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(&y, &v)) != MP_OKAY) { - goto LBL_ERR; - } - mp_set (&A, 1); - mp_set (&D, 1); - -top: -/* - 4. while u is even do - */ - while (mp_iseven(&u) == 1) { - /* 4.1 u = u/2 */ - if ((res = mp_div_2(&u, &u)) != MP_OKAY) { - goto LBL_ERR; - } - /* 4.2 if A or B is odd then */ - if (mp_isodd (&A) == 1 || mp_isodd (&B) == 1) { - /* A = (A+y)/2, B = (B-x)/2 */ - if ((res = mp_add(&A, &y, &A)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* A = A/2, B = B/2 */ - if ((res = mp_div_2(&A, &A)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_div_2(&B, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 5. while v is even do - */ - while (mp_iseven(&v) == 1) { - /* 5.1 v = v/2 */ - if ((res = mp_div_2(&v, &v)) != MP_OKAY) { - goto LBL_ERR; - } - /* 5.2 if C or D is odd then */ - if (mp_isodd(&C) == 1 || mp_isodd (&D) == 1) { - /* C = (C+y)/2, D = (D-x)/2 */ - if ((res = mp_add(&C, &y, &C)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* C = C/2, D = D/2 */ - if ((res = mp_div_2(&C, &C)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_div_2(&D, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 6. if u >= v then - */ - if (mp_cmp(&u, &v) != MP_LT) { - /* u = u - v, A = A - C, B = B - D */ - if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&A, &C, &A)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } else { - /* v - v - u, C = C - A, D = D - B */ - if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&C, &A, &C)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - if not zero goto step 4 - */ - if (mp_iszero(&u) == 0) - goto top; - -/* - now a = C, b = D, gcd == g*v - */ - -/* - if v != 1 then there is no inverse - */ - if (mp_cmp_d(&v, 1) != MP_EQ) { - res = MP_VAL; - goto LBL_ERR; - } - -/* - if its too low - */ - while (mp_cmp_d(&C, 0) == MP_LT) { - if ((res = mp_add(&C, b, &C)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - too big - */ - while (mp_cmp_mag(&C, b) != MP_LT) { - if ((res = mp_sub(&C, b, &C)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - C is now the inverse - */ - mp_exch(&C, c); - res = MP_OKAY; -LBL_ERR:_mp_clear_multi(&x, &y, &u, &v, &A, &B, &C, &D); - return res; -} - -/******************************************************************************/ - -/* - * Computes the modular inverse via binary extended euclidean algorithm, - * that is c = 1/a mod b - * - * Based on slow invmod except this is optimized for the case where b is - * odd as per HAC Note 14.64 on pp. 610 - */ -int32 fast_mp_invmod(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - mp_int x, y, u, v, B, D; - int32 res, neg; - -/* - 2. [modified] b must be odd - */ - if (mp_iseven (b) == 1) { - return MP_VAL; - } - -/* - init all our temps - */ - if ((res = _mp_init_multi(pool, &x, &y, &u, &v, &B, &D, NULL, NULL)) != MP_OKAY) { - return res; - } - -/* - x == modulus, y == value to invert - */ - if ((res = mp_copy(b, &x)) != MP_OKAY) { - goto LBL_ERR; - } - -/* - we need y = |a| - */ - if ((res = mp_mod(pool, a, b, &y)) != MP_OKAY) { - goto LBL_ERR; - } - -/* - 3. u=x, v=y, A=1, B=0, C=0,D=1 - */ - if ((res = mp_copy(&x, &u)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(&y, &v)) != MP_OKAY) { - goto LBL_ERR; - } - mp_set(&D, 1); - -top: -/* - 4. while u is even do -*/ - while (mp_iseven(&u) == 1) { - /* 4.1 u = u/2 */ - if ((res = mp_div_2(&u, &u)) != MP_OKAY) { - goto LBL_ERR; - } - /* 4.2 if B is odd then */ - if (mp_isodd(&B) == 1) { - if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* B = B/2 */ - if ((res = mp_div_2(&B, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 5. while v is even do - */ - while (mp_iseven(&v) == 1) { - /* 5.1 v = v/2 */ - if ((res = mp_div_2(&v, &v)) != MP_OKAY) { - goto LBL_ERR; - } - /* 5.2 if D is odd then */ - if (mp_isodd(&D) == 1) { - /* D = (D-x)/2 */ - if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* D = D/2 */ - if ((res = mp_div_2(&D, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 6. if u >= v then - */ - if (mp_cmp(&u, &v) != MP_LT) { - /* u = u - v, B = B - D */ - if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } else { - /* v - v - u, D = D - B */ - if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - if not zero goto step 4 - */ - if (mp_iszero(&u) == 0) { - goto top; - } - -/* - now a = C, b = D, gcd == g*v - */ - -/* - if v != 1 then there is no inverse - */ - if (mp_cmp_d(&v, 1) != MP_EQ) { - res = MP_VAL; - goto LBL_ERR; - } - -/* - b is now the inverse - */ - neg = a->sign; - while (D.sign == MP_NEG) { - if ((res = mp_add(&D, b, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - mp_exch(&D, c); - c->sign = neg; - res = MP_OKAY; - -LBL_ERR:_mp_clear_multi(&x, &y, &u, &v, &B, &D, NULL, NULL); - return res; -} - -/******************************************************************************/ -/* - d = a + b (mod c) - */ -int32 mp_addmod (psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - int32 res; - mp_int t; - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - - if ((res = mp_add (a, b, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - res = mp_mod (pool, &t, c, d); - mp_clear (&t); - return res; -} - -/******************************************************************************/ -/* - shrink a bignum - */ -int32 mp_shrink (mp_int * a) -{ - mp_digit *tmp; - - if (a->alloc != a->used && a->used > 0) { - if ((tmp = psRealloc(a->dp, sizeof (mp_digit) * a->used)) == NULL) { - return MP_MEM; - } - a->dp = tmp; - a->alloc = a->used; - } - return MP_OKAY; -} - -/* single digit subtraction */ -int32 mp_sub_d (mp_int * a, mp_digit b, mp_int * c) -{ - mp_digit *tmpa, *tmpc, mu; - int32 res, ix, oldused; - - /* grow c as required */ - if (c->alloc < a->used + 1) { - if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) { - return res; - } - } - - /* if a is negative just do an unsigned - * addition [with fudged signs] - */ - if (a->sign == MP_NEG) { - a->sign = MP_ZPOS; - res = mp_add_d(a, b, c); - a->sign = c->sign = MP_NEG; - return res; - } - - /* setup regs */ - oldused = c->used; - tmpa = a->dp; - tmpc = c->dp; - - /* if a <= b simply fix the single digit */ - if ((a->used == 1 && a->dp[0] <= b) || a->used == 0) { - if (a->used == 1) { - *tmpc++ = b - *tmpa; - } else { - *tmpc++ = b; - } - ix = 1; - - /* negative/1digit */ - c->sign = MP_NEG; - c->used = 1; - } else { - /* positive/size */ - c->sign = MP_ZPOS; - c->used = a->used; - - /* subtract first digit */ - *tmpc = *tmpa++ - b; - mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); - *tmpc++ &= MP_MASK; - - /* handle rest of the digits */ - for (ix = 1; ix < a->used; ix++) { - *tmpc = *tmpa++ - mu; - mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); - *tmpc++ &= MP_MASK; - } - } - - /* zero excess digits */ - while (ix++ < oldused) { - *tmpc++ = 0; - } - mp_clamp(c); - return MP_OKAY; -} - -/* single digit addition */ -int32 mp_add_d (mp_int * a, mp_digit b, mp_int * c) -{ - int32 res, ix, oldused; - mp_digit *tmpa, *tmpc, mu; - - /* grow c as required */ - if (c->alloc < a->used + 1) { - if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) { - return res; - } - } - - /* if a is negative and |a| >= b, call c = |a| - b */ - if (a->sign == MP_NEG && (a->used > 1 || a->dp[0] >= b)) { - /* temporarily fix sign of a */ - a->sign = MP_ZPOS; - - /* c = |a| - b */ - res = mp_sub_d(a, b, c); - - /* fix sign */ - a->sign = c->sign = MP_NEG; - return res; - } - - /* old number of used digits in c */ - oldused = c->used; - - /* sign always positive */ - c->sign = MP_ZPOS; - - /* source alias */ - tmpa = a->dp; - - /* destination alias */ - tmpc = c->dp; - - /* if a is positive */ - if (a->sign == MP_ZPOS) { - /* add digit, after this we're propagating the carry */ - *tmpc = *tmpa++ + b; - mu = *tmpc >> DIGIT_BIT; - *tmpc++ &= MP_MASK; - - /* now handle rest of the digits */ - for (ix = 1; ix < a->used; ix++) { - *tmpc = *tmpa++ + mu; - mu = *tmpc >> DIGIT_BIT; - *tmpc++ &= MP_MASK; - } - /* set final carry */ - ix++; - *tmpc++ = mu; - - /* setup size */ - c->used = a->used + 1; - } else { - /* a was negative and |a| < b */ - c->used = 1; - - /* the result is a single digit */ - if (a->used == 1) { - *tmpc++ = b - a->dp[0]; - } else { - *tmpc++ = b; - } - - /* setup count so the clearing of oldused - * can fall through correctly - */ - ix = 1; - } - - /* now zero to oldused */ - while (ix++ < oldused) { - *tmpc++ = 0; - } - mp_clamp(c); - return MP_OKAY; -} - - -/******************************************************************************/ - -#endif /* USE_MPI2 */ diff --git a/release/src/router/matrixssl/src/crypto/peersec/mpi.h b/release/src/router/matrixssl/src/crypto/peersec/mpi.h deleted file mode 100644 index 3b1f2d07..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/mpi.h +++ /dev/null @@ -1,476 +0,0 @@ -/* - * mpi.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * multiple-precision integer library - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - - -#ifndef _h_MPI -#define _h_MPI - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <ctype.h> -#include <limits.h> - -#undef MIN -#define MIN(x,y) ((x)<(y)?(x):(y)) -#undef MAX -#define MAX(x,y) ((x)>(y)?(x):(y)) - -#ifdef __cplusplus -extern "C" { - - -/* - C++ compilers don't like assigning void * to mp_digit * - */ -#define OPT_CAST(x) (x *) - -#else - -/* - C on the other hand doesn't care - */ -#define OPT_CAST(x) - -#endif /* __cplusplus */ - -/******************************************************************************/ -/* - some default configurations. - - A "mp_digit" must be able to hold DIGIT_BIT + 1 bits - A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits - - At the very least a mp_digit must be able to hold 7 bits - [any size beyond that is ok provided it doesn't overflow the data type] - */ -#ifdef MP_8BIT - typedef unsigned char mp_digit; - typedef unsigned short mp_word; -#elif defined(MP_16BIT) - typedef unsigned short mp_digit; - typedef unsigned long mp_word; -#elif defined(MP_64BIT) -/* - for GCC only on supported platforms - */ - #ifndef CRYPT - typedef unsigned long long ulong64; - typedef signed long long long64; - #endif /* CRYPT */ - - typedef ulong64 mp_digit; - typedef unsigned long mp_word __attribute__ ((mode(TI))); - - #define DIGIT_BIT 60 -#else /* MP_8BIT */ -/* - this is the default case, 28-bit digits - */ - #ifndef CRYPT - #if defined(_MSC_VER) || defined(__BORLANDC__) - typedef unsigned __int64 ulong64; - typedef signed __int64 long64; - #else - typedef unsigned long long ulong64; - typedef signed long long long64; - #endif - #endif /* CRYPT */ - - typedef unsigned long mp_digit; - typedef ulong64 mp_word; - - #ifdef MP_31BIT -/* - this is an extension that uses 31-bit digits - */ - #define DIGIT_BIT 31 - #else /* MP_31BIT */ -/* - default case is 28-bit digits, defines MP_28BIT as a handy macro to test - */ - #define DIGIT_BIT 28 - #define MP_28BIT - #endif /* MP_31BIT */ -#endif /* MP_8BIT */ - -/* - otherwise the bits per digit is calculated automatically from the size of - a mp_digit - */ -#ifndef DIGIT_BIT - #define DIGIT_BIT ((int32)((CHAR_BIT * sizeof(mp_digit) - 1))) /* bits per digit */ -#endif /* DIGIT_BIT */ - -#define MP_DIGIT_BIT DIGIT_BIT -#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1)) -#define MP_DIGIT_MAX MP_MASK - -/******************************************************************************/ -/* - equalities - */ -#define MP_LT -1 /* less than */ -#define MP_EQ 0 /* equal to */ -#define MP_GT 1 /* greater than */ - -#define MP_ZPOS 0 /* positive integer */ -#define MP_NEG 1 /* negative */ - -#define MP_OKAY 0 /* ok result */ -#define MP_MEM -2 /* out of mem */ -#define MP_VAL -3 /* invalid input */ -#define MP_RANGE MP_VAL - -#define MP_YES 1 /* yes response */ -#define MP_NO 0 /* no response */ - -typedef int32 mp_err; - -/******************************************************************************/ -/* - various build options - */ -#define MP_PREC 64 /* default digits of precision */ - -/* - define this to use lower memory usage routines (exptmods mostly) - */ -#define MP_LOW_MEM - -/* - size of comba arrays, should be at least - 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) - */ -#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1)) - -typedef struct { - int32 used, alloc, sign; - mp_digit *dp; -} mp_int; - -#define USED(m) ((m)->used) -#define DIGIT(m,k) ((m)->dp[(k)]) -#define SIGN(m) ((m)->sign) - -/******************************************************************************/ -/* - init and deinit bignum functions - */ - -/* - init a bignum - */ -extern int32 mp_init(psPool_t *pool, mp_int *a); - -/* - free a bignum - */ -extern void mp_clear(mp_int *a); - -/* - init a series of arguments - */ -extern int32 _mp_init_multi(psPool_t *pool, mp_int *mp0, mp_int *mp1, mp_int *mp2, - mp_int *mp3, mp_int *mp4, mp_int *mp5, mp_int *mp6, - mp_int *mp7); - -/* - clear a series of arguments - */ -extern void _mp_clear_multi(mp_int *mp0, mp_int *mp1, mp_int *mp2, mp_int *mp3, - mp_int *mp4, mp_int *mp5, mp_int *mp6, mp_int *mp7); - -/* - exchange two ints - */ -extern void mp_exch(mp_int *a, mp_int *b); - -/* - shrink ram required for a bignum - */ -extern int32 mp_shrink(mp_int *a); - -/* - grow an int32 to a given size - */ -extern int32 mp_grow(mp_int *a, int32 size); - -/* - init to a given number of digits - */ -extern int32 mp_init_size(psPool_t *pool, mp_int *a, int32 size); - -/******************************************************************************/ -/* - Basic Manipulations - */ -#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO) -#define mp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO) -#define mp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO) - -extern int32 mp_add_d (mp_int * a, mp_digit b, mp_int * c); -extern int32 mp_sub_d (mp_int * a, mp_digit b, mp_int * c); -/* - set to zero - */ -extern void mp_zero(mp_int *a); - -/* - set to a digit - */ -extern void mp_set(mp_int *a, mp_digit b); - -/* - copy, b = a - */ -extern int32 mp_copy(mp_int *a, mp_int *b); - -/* - inits and copies, a = b - */ -extern int32 mp_init_copy(psPool_t *pool, mp_int *a, mp_int *b); - -/* - trim unused digits - */ -extern void mp_clamp(mp_int *a); - -/******************************************************************************/ -/* - digit manipulation -*/ - -/* - right shift by "b" digits - */ -extern void mp_rshd(mp_int *a, int32 b); - -/* - left shift by "b" digits - */ -extern int32 mp_lshd(mp_int *a, int32 b); - -/* - c = a / 2**b - */ -extern int32 mp_div_2d(psPool_t *pool, mp_int *a, int32 b, mp_int *c, mp_int *d); - -/* - b = a/2 - */ -extern int32 mp_div_2(mp_int *a, mp_int *b); - -/* - c = a * 2**b - */ -extern int32 mp_mul_2d(mp_int *a, int32 b, mp_int *c); - -/* - c = a mod 2**d - */ -extern int32 mp_mod_2d(mp_int *a, int32 b, mp_int *c); - -/* - computes a = 2**b - */ -extern int32 mp_2expt(mp_int *a, int32 b); - -/******************************************************************************/ -/* - Basic arithmetic - */ - -/* - b = |a| - */ -extern int32 mp_abs(mp_int *a, mp_int *b); - -/* - compare a to b - */ -extern int32 mp_cmp(mp_int *a, mp_int *b); - -/* - compare |a| to |b| - */ -extern int32 mp_cmp_mag(mp_int *a, mp_int *b); - -/* - c = a + b - */ -extern int32 mp_add(mp_int *a, mp_int *b, mp_int *c); - -/* - c = a - b - */ -extern int32 mp_sub(mp_int *a, mp_int *b, mp_int *c); - -/* - c = a * b - b = a*a - */ -/* moved mp_mul out of SLOW case */ -extern int32 mp_mul(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); -#ifdef USE_SMALL_WORD -extern int32 mp_sqr(psPool_t *pool, mp_int *a, mp_int *b); -#endif - -/* - a/b => cb + d == a - */ -extern int32 mp_div(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/* - c = a mod b, 0 <= c < b - */ -extern int32 mp_mod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); - -/******************************************************************************/ -/* - single digit functions - */ - -/* - compare against a single digit - */ -extern int32 mp_cmp_d(mp_int *a, mp_digit b); - -/* - c = a * b - */ -extern int32 mp_mul_d(mp_int *a, mp_digit b, mp_int *c); - -/******************************************************************************/ -/* - number theory - */ - -/* - d = a + b (mod c) - */ -extern int32 mp_addmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/* - d = a * b (mod c) - */ -extern int32 mp_mulmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/* - c = 1/a (mod b) - */ -extern int32 mp_invmodSSH(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); - -/* - setups the montgomery reduction - */ -extern int32 mp_montgomery_setup(mp_int *a, mp_digit *mp); - -/* - computes a = B**n mod b without division or multiplication useful for - normalizing numbers in a Montgomery system. - */ -extern int32 mp_montgomery_calc_normalization(mp_int *a, mp_int *b); - -/* - computes x/R == x (mod N) via Montgomery Reduction - */ -#ifdef USE_SMALL_WORD -extern int32 mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp); -#endif - -/* - d = a**b (mod c) - */ -extern int32 mp_exptmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/******************************************************************************/ -/* - If we're using 1024 or 2048 bit keys and 28 bit digits, we only need the - fast_ versions of these functions, removing the others to save space. - Otherwise, we include the slow versions as well and which version to use - is done at runtime. -*/ -#ifdef USE_SMALL_WORD -extern int32 s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, - int32 digs); -extern int32 s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b); - -#else -#define mp_montgomery_reduce fast_mp_montgomery_reduce -#define mp_sqr fast_s_mp_sqr -#define s_mp_mul_digs fast_s_mp_mul_digs -#define mp_invmod fast_mp_invmod -#endif - -/******************************************************************************/ -/* - radix conversion - */ -extern int32 mp_count_bits(mp_int *a); - -extern int32 mp_unsigned_bin_size(mp_int *a); -extern int32 mp_read_unsigned_bin(mp_int *a, unsigned char *b, int32 c); -extern int32 mp_to_unsigned_bin(psPool_t *pool, mp_int *a, unsigned char *b); - -extern int32 mp_signed_bin_size(mp_int *a); - -/* - lowlevel functions, do not call! - */ -/* define this in all cases for now FUTURE*/ -#define s_mp_mul(P, A, B, C) s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1) - - -/* - b = a*2 - */ -extern int32 mp_mul_2(mp_int *a, mp_int *b); - -extern int32 s_mp_add(mp_int *a, mp_int *b, mp_int *c); -extern int32 s_mp_sub(mp_int *a, mp_int *b, mp_int *c); - -extern int32 fast_s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, - int32 digs); -extern int32 fast_s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b); - -extern int32 fast_mp_invmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); -extern int32 fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp); - -extern void bn_reverse(unsigned char *s, int32 len); - - -#ifdef __cplusplus - } -#endif /* __cplusplus */ - -#endif /* _h_MPI */ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/pscrypto.h b/release/src/router/matrixssl/src/crypto/peersec/pscrypto.h deleted file mode 100644 index 43a96666..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/pscrypto.h +++ /dev/null @@ -1,654 +0,0 @@ -/* - * pscrypto.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Internal definitions for PeerSec Networks MatrixSSL cryptography provider - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_PSCRYPTO -#define _h_PSCRYPTO - -#ifdef __cplusplus -extern "C" { -#endif - -/* - PeerSec crypto-specific defines. - */ -#define SMALL_CODE -#define CLEAN_STACK -/* - If Native 64 bit integers are not supported, we must set the 16 bit flag - to produce 32 bit mp_words in mpi.h - We must also include the slow MPI functions because the fast ones only - work with larger (28 bit) digit sizes. -*/ -#ifndef USE_INT64 -#define MP_16BIT -#define USE_SMALL_WORD -#endif /* USE_INT64 */ - -/******************************************************************************/ - -#ifdef USE_RSA - -#include "mpi.h" - -#if LINUX - #define _stat stat -#endif - -/* this is the "32-bit at least" data type - * Re-define it to suit your platform but it must be at least 32-bits - */ -typedef unsigned long ulong32; - -/* - Primary RSA Key struct. Define here for crypto -*/ -typedef struct { - mp_int e, d, N, qP, dP, dQ, p, q; - int32 size; /* Size of the key in bytes */ - int32 optimized; /* 1 for optimized */ -} sslRsaKey_t; - -#endif /* USE_RSA */ - - - -/* - * Private - */ -extern int32 ps_base64_decode(const unsigned char *in, uint32 len, - unsigned char *out, uint32 *outlen); - -/* - * Memory routines - */ -extern void psZeromem(void *dst, size_t len); -extern void psBurnStack(unsigned long len); - - -/* max size of either a cipher/hash block or symmetric key [largest of the two] */ -#define MAXBLOCKSIZE 24 - -/* ch1-01-1 */ -/* error codes [will be expanded in future releases] */ -enum { - CRYPT_OK=0, /* Result OK */ - CRYPT_ERROR, /* Generic Error */ - CRYPT_NOP, /* Not a failure but no operation was performed */ - - CRYPT_INVALID_KEYSIZE, /* Invalid key size given */ - CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */ - CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */ - - CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */ - CRYPT_INVALID_PACKET, /* Invalid input packet given */ - - CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */ - CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */ - - CRYPT_INVALID_CIPHER, /* Invalid cipher specified */ - CRYPT_INVALID_HASH, /* Invalid hash specified */ - CRYPT_INVALID_PRNG, /* Invalid PRNG specified */ - - CRYPT_MEM, /* Out of memory */ - - CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */ - CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */ - - CRYPT_INVALID_ARG, /* Generic invalid argument */ - CRYPT_FILE_NOTFOUND, /* File Not Found */ - - CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ - CRYPT_PK_INVALID_SYSTEM, /* Invalid PK system specified */ - CRYPT_PK_DUP, /* Duplicate key already in key ring */ - CRYPT_PK_NOT_FOUND, /* Key not found in keyring */ - CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ - - CRYPT_INVALID_PRIME_SIZE /* Invalid size of prime requested */ -}; - -/******************************************************************************/ -/* - hash defines - */ -struct sha1_state { -#ifdef USE_INT64 - ulong64 length; -#else - ulong32 lengthHi; - ulong32 lengthLo; -#endif /* USE_INT64 */ - ulong32 state[5], curlen; - unsigned char buf[64]; -}; - -struct md5_state { -#ifdef USE_INT64 - ulong64 length; -#else - ulong32 lengthHi; - ulong32 lengthLo; -#endif /* USE_INT64 */ - ulong32 state[4], curlen; - unsigned char buf[64]; -}; - -#ifdef USE_MD2 -struct md2_state { - unsigned char chksum[16], X[48], buf[16]; - unsigned long curlen; -}; -#endif /* USE_MD2 */ - - - -typedef union { - struct sha1_state sha1; - struct md5_state md5; -#ifdef USE_MD2 - struct md2_state md2; -#endif /* USE_MD2 */ -} hash_state; - -typedef hash_state sslSha1Context_t; -typedef hash_state sslMd5Context_t; -#ifdef USE_MD2 -typedef hash_state sslMd2Context_t; -#endif /* USE_MD2 */ - -typedef struct { - unsigned char pad[64]; - union { - sslMd5Context_t md5; - sslSha1Context_t sha1; - } u; -} sslHmacContext_t; - -/******************************************************************************/ -/* - RC4 - */ -#ifdef USE_ARC4 -typedef struct { - unsigned char state[256]; - uint32 byteCount; - unsigned char x; - unsigned char y; -} rc4_key; -#endif /* USE_ARC4 */ - - -#define SSL_DES3_KEY_LEN 24 -#define SSL_DES3_IV_LEN 8 -#define SSL_DES_KEY_LEN 8 - -#ifdef USE_3DES - -typedef struct { - ulong32 ek[3][32], dk[3][32]; -} des3_key; - -/* - A block cipher CBC structure - */ -typedef struct { - int32 blocklen; - unsigned char IV[8]; - des3_key key; - int32 explicitIV; /* 1 if yes */ -} des3_CBC; - -extern int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds, - des3_CBC *skey); -extern void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key); -extern void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key); -extern int32 des3_keysize(int32 *desired_keysize); - -extern int32 des_setup(const unsigned char *key, int32 keylen, int32 num_rounds, - des3_CBC *skey); -extern void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key); -extern void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key); - -#endif /* USE_3DES */ - - - -typedef union { -#ifdef USE_ARC4 - rc4_key arc4; -#endif -#ifdef USE_3DES - des3_CBC des3; -#endif -} sslCipherContext_t; - - -/* - Controls endianess and size of registers. Leave uncommented to get - platform neutral [slower] code detect x86-32 machines somewhat - */ -#if (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__))) - #define ENDIAN_LITTLE - #define ENDIAN_32BITWORD -#endif - - -/* #define ENDIAN_LITTLE */ -/* #define ENDIAN_BIG */ - -/* #define ENDIAN_32BITWORD */ -/* #define ENDIAN_64BITWORD */ - -#if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) - #error You must specify a word size as well as endianess -#endif - -#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) - #define ENDIAN_NEUTRAL -#endif - -/* - helper macros - */ -#if defined (ENDIAN_NEUTRAL) - -#define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } - -#define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } - -#define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } - -#define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } - -#define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } - -#define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } - -#endif /* ENDIAN_NEUTRAL */ - -#ifdef ENDIAN_LITTLE - -#define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } - -#define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } - -#define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } - -#define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } - -#ifdef ENDIAN_32BITWORD - -#define STORE32L(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32L(x, y) \ - memcpy(&(x), y, 4); - -#define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } - -#else /* 64-bit words then */ - -#define STORE32L(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32L(x, y) \ - { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; } - -#define STORE64L(x, y) \ - { ulong64 __t = (x); memcpy(y, &__t, 8); } - -#define LOAD64L(x, y) \ - { memcpy(&(x), y, 8); } - -#endif /* ENDIAN_64BITWORD */ -#endif /* ENDIAN_LITTLE */ - -#ifdef ENDIAN_BIG -#define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } - -#define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } - -#ifdef ENDIAN_32BITWORD - -#define STORE32H(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32H(x, y) \ - memcpy(&(x), y, 4); - -#define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } - -#define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \ - (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } - -#else /* 64-bit words then */ - -#define STORE32H(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32H(x, y) \ - { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; } - -#define STORE64H(x, y) \ - { ulong64 __t = (x); memcpy(y, &__t, 8); } - -#define LOAD64H(x, y) \ - { memcpy(&(x), y, 8); } - -#endif /* ENDIAN_64BITWORD */ -#endif /* ENDIAN_BIG */ - -/* - packet code */ -#if defined(USE_RSA) || defined(MDH) || defined(MECC) - #define PACKET - -/* - size of a packet header in bytes */ - #define PACKET_SIZE 4 - -/* - Section tags - */ - #define PACKET_SECT_RSA 0 - #define PACKET_SECT_DH 1 - #define PACKET_SECT_ECC 2 - #define PACKET_SECT_DSA 3 - -/* - Subsection Tags for the first three sections - */ - #define PACKET_SUB_KEY 0 - #define PACKET_SUB_ENCRYPTED 1 - #define PACKET_SUB_SIGNED 2 - #define PACKET_SUB_ENC_KEY 3 -#endif - -/* - fix for MSVC ...evil! - */ -#ifdef WIN32 -#ifdef _MSC_VER - #define CONST64(n) n ## ui64 - typedef unsigned __int64 ulong64; -#else - #define CONST64(n) n ## ULL - typedef unsigned long long ulong64; -#endif -#endif /* WIN32 */ - - -#define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \ - ((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) ) - -#ifdef _MSC_VER - -/* - instrinsic rotate - */ -#include <stdlib.h> -#pragma intrinsic(_lrotr,_lrotl) -#define ROR(x,n) _lrotr(x,n) -#define ROL(x,n) _lrotl(x,n) -#define RORc(x,n) _lrotr(x,n) -#define ROLc(x,n) _lrotl(x,n) - -/* -#elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(PS_NO_ASM) - -static inline unsigned ROL(unsigned word, int32 i) -{ - asm ("roll %%cl,%0" - :"0" (word),"c" (i)); - return word; -} - -static inline unsigned ROR(unsigned word, int32 i) -{ - asm ("rorl %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} -*/ -/* -#ifndef PS_NO_ROLC - -static inline unsigned ROLc(unsigned word, const int32 i) -{ - asm ("roll %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} - -static inline unsigned RORc(unsigned word, const int32 i) -{ - asm ("rorl %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} - -#else - -#define ROLc ROL -#define RORc ROR - -#endif -*/ - -#else /* _MSC_VER */ - -/* - rotates the hard way - */ -#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define RORc(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) - -#endif /* _MSC_VER */ - -/* 64-bit Rotates */ -#if 0 - -#if defined(__GNUC__) && defined(__x86_64__) && !defined(PS_NO_ASM) - -static inline unsigned long ROL64(unsigned long word, int32 i) -{ - asm("rolq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -static inline unsigned long ROR64(unsigned long word, int32 i) -{ - asm("rorq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -#ifndef PS_NO_ROLC - -static inline unsigned long ROL64c(unsigned long word, const int32 i) -{ - asm("rolq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; -} - -static inline unsigned long ROR64c(unsigned long word, const int32 i) -{ - asm("rorq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; -} - -#else /* PS_NO_ROLC */ - -#define ROL64c ROL -#define ROR64c ROR - -#endif /* PS_NO_ROLC */ -#endif -#endif /* commented out */ - -#define ROL64(x, y) \ - ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64(x, y) \ - ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROL64c(x, y) \ - ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64c(x, y) \ - ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#undef MAX -#undef MIN -#define MAX(x, y) ( ((x)>(y))?(x):(y) ) -#define MIN(x, y) ( ((x)<(y))?(x):(y) ) - -/* - extract a byte portably This MSC code causes runtime errors in VS.NET, - always use the other - */ -/* -#ifdef _MSC_VER - #define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) -#else -*/ - #define byte(x, n) (((x) >> (8 * (n))) & 255) -/* -#endif -*/ -#ifdef __cplusplus - } -#endif /* __cplusplus */ - -#endif /* _h_PSCRYPTO */ - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/rsa.c b/release/src/router/matrixssl/src/crypto/peersec/rsa.c deleted file mode 100644 index 5d6fcccb..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/rsa.c +++ /dev/null @@ -1,463 +0,0 @@ -/* - * rsa.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * RSA crypto - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -/******************************************************************************/ - -static int32 ssl_rsa_crypt(psPool_t *pool, - const unsigned char *in, uint32 inlen, - unsigned char *out, uint32 *outlen, - sslRsaKey_t *key, int32 type); - -static int32 sslUnpadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 decryptType); -static int32 sslPadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 cryptType); - -#ifdef USE_RSA_BLINDING -static int32 tim_mp_exptmod(psPool_t *pool, - mp_int *c, mp_int *e, mp_int *d, mp_int *n, mp_int *m); -#else -#define tim_mp_exptmod(p, c, e, d, n, m) mp_exptmod(p, c, d, n, m) -#endif - -/******************************************************************************/ - -#define RSA_PUBLIC 0x01 -#define RSA_PRIVATE 0x02 - -/******************************************************************************/ -/* - Public API wrapper around sslGetEntropy -*/ -int32 matrixGetRandomBytes(unsigned char *bytes, int32 size) -{ - return sslGetEntropy(bytes, size); -} - -/******************************************************************************/ -/* - Primary RSA encryption routine -*/ -static int32 ssl_rsa_crypt(psPool_t *pool, - const unsigned char *in, uint32 inlen, - unsigned char *out, uint32 *outlen, - sslRsaKey_t *key, int32 type) -{ - mp_int tmp, tmpa, tmpb; - unsigned long x; - int32 res; - - if (in == NULL || out == NULL || outlen == NULL || key == NULL) { - return -1; - } -/* - init and copy into tmp - */ - if (_mp_init_multi(pool, &tmp, &tmpa, &tmpb, NULL, NULL, NULL, NULL, NULL) - != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_init_multi\n", NULL); - goto error; - } - if (mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int32)inlen) != - MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_read_unsigned_bin\n", NULL); - goto error; - } -/* - sanity check on the input - */ - if (mp_cmp(&key->N, &tmp) == MP_LT) { - res = -1; - goto done; - } - if (type == RSA_PRIVATE) { - if (key->optimized) { - if (tim_mp_exptmod(pool, &tmp, &key->e, &key->dP, &key->p, &tmpa) - != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_exptmod dP, p\n", NULL); - goto error; - } - if (tim_mp_exptmod(pool, &tmp, &key->e, &key->dQ, &key->q, &tmpb) - != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_exptmod dQ, q\n", NULL); - goto error; - } - if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: sub tmpb, tmp\n", NULL); - goto error; - } - if (mp_mulmod(pool, &tmp, &key->qP, &key->p, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_mulmod qP, p\n", NULL); - goto error; - } - if (mp_mul(pool, &tmp, &key->q, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_mul q \n", NULL); - goto error; - } - if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_add tmp \n", NULL); - goto error; - } - } else { - if (tim_mp_exptmod(pool, &tmp, &key->e, &key->d, &key->N, &tmp) != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_exptmod\n", NULL); - goto error; - } - } - } else if (type == RSA_PUBLIC) { - if (mp_exptmod(pool, &tmp, &key->e, &key->N, &tmp) != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_exptmod\n", NULL); - goto error; - } - } else { - matrixStrDebugMsg("ssl_rsa_crypt error: invalid type param\n", NULL); - goto error; - } -/* - read it back - */ - x = (unsigned long)mp_unsigned_bin_size(&key->N); - if (x > *outlen) { - res = -1; - matrixStrDebugMsg("ssl_rsa_crypt error: mp_unsigned_bin_size\n", NULL); - goto done; - } -/* - We want the encrypted value to always be the key size. Pad with 0x0 -*/ - while (x < (unsigned long)key->size) { - *out++ = 0x0; - x++; - } - - *outlen = x; -/* - convert it - */ - memset(out, 0x0, x); - if (mp_to_unsigned_bin(pool, &tmp, out+(x-mp_unsigned_bin_size(&tmp))) - != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_to_unsigned_bin\n", NULL); - goto error; - } -/* - clean up and return - */ - res = 0; - goto done; -error: - res = -1; -done: - _mp_clear_multi(&tmp, &tmpa, &tmpb, NULL, NULL, NULL, NULL, NULL); - return res; -} - -/******************************************************************************/ -/* - Pad a value to be encrypted by RSA, according to PKCS#1 v1.5 - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ - When encrypting a value with RSA, the value is first padded to be - equal to the public key size using the following method: - 00 <id> <data> 00 <value to be encrypted> - - id denotes a public or private key operation - - if id is private, data is however many non-zero bytes it takes to pad the - value to the key length (randomLen = keyLen - 3 - valueLen). - - if id is public, data is FF for the same length as described above - - There must be at least 8 bytes of data. -*/ -static int32 sslPadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 cryptType) -{ - unsigned char *c; - int32 randomLen; - - randomLen = outlen - 3 - inlen; - if (randomLen < 8) { - matrixIntDebugMsg("RSA encryption data too large: %d\n", inlen); - return -1; - } - c = out; - *c = 0x00; - c++; - *c = (unsigned char)cryptType; - c++; - if (cryptType == RSA_PUBLIC) { - while (randomLen-- > 0) { - *c++ = 0xFF; - } - } else { - if (sslGetEntropy(c, randomLen) < 0) { - matrixStrDebugMsg("Error gathering RSA pad entropy\n", NULL); - return -1; - } -/* - SECURITY: Read through the random data and change all 0x0 to 0x01. - This is per spec that no random bytes should be 0 -*/ - while (randomLen-- > 0) { - if (*c == 0x0) { - *c = 0x01; - } - c++; - } - } - *c = 0x00; - c++; - memcpy(c, in, inlen); - - return outlen; -} - - -#ifdef USE_RSA_PUBLIC_ENCRYPT -/******************************************************************************/ -/* - RSA public encryption. - Always called by SSL client for server auth in ClientKeyExchange - The outlen param must be set to the strength of the key: key->size -*/ -int32 matrixRsaEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - int32 size; - - size = key->size; - if (outlen < size) { - return -1; - } - - if (sslPadRSA(in, inlen, out, size, RSA_PRIVATE) < 0) { - return -1; - } - if (ssl_rsa_crypt(pool, out, size, out, (uint32*)&outlen, key, - RSA_PUBLIC) < 0 || outlen != size) { - return -1; - } - return size; -} - -#else /* USE_RSA_PUBLIC_ENCRYPT - Keeps the cipher suite definition clean */ -int32 matrixRsaEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - if (inlen > outlen) { - return -1; - } - memcpy(out, in, inlen); - return inlen; -} -#endif /* USE_RSA_PUBLIC_ENCRYPT */ - -/******************************************************************************/ -/* - Unpad a value decrypted by RSA, according to PKCS#1 v1.5 - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ - - When decrypted, the data will look like the pad, including the inital - byte (00). Form: - 00 <decryptType> <random data (min 8 bytes)> 00 <value to be encrypted> - - We don't worry about v2 rollback issues because we don't support v2 -*/ -static int32 sslUnpadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 decryptType) -{ - unsigned char *c, *end; - - if (inlen < outlen + 10) { - return -1; - } - c = in; - end = in + inlen; -/* - Verify the first byte (block type) is correct. -*/ - if (*c++ != 0x00 || *c != decryptType) { - return -1; - } - c++; -/* - Skip over the random, non-zero bytes used as padding -*/ - while (c < end && *c != 0x0) { - if (decryptType == RSA_PUBLIC) { - if (*c != 0xFF) { - return -1; - } - } - c++; - } - c++; -/* - The length of the remaining data should be equal to what was expected - Combined with the initial length check, there must be >= 8 bytes of pad - ftp://ftp.rsa.com/pub/pdfs/bulletn7.pdf -*/ - if (end - c != outlen) { - return -1; - } -/* - Copy the value bytes to the out buffer -*/ - while (c < end) { - *out = *c; - out++; c++; - } - return outlen; -} - -/******************************************************************************/ -/* - Always called by the server to decrypt the ClientKeyExchange -*/ -int32 matrixRsaDecryptPriv(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - int32 ptLen; - - if (inlen != key->size) { - return -1; - } - ptLen = inlen; - if (ssl_rsa_crypt(pool, in, inlen, in, (uint32*)&ptLen, key, - RSA_PRIVATE) < 0 || ptLen != inlen) { - return -1; - } - ptLen = sslUnpadRSA(in, inlen, out, outlen, RSA_PRIVATE); - memset(in, 0x0, inlen); - return ptLen; -} - -/******************************************************************************/ -/* - Called by client as normal part of signature validation from server cert. - Called by the server if authenticating client in CertificateVerify -*/ -int32 matrixRsaDecryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - int32 ptLen; - - if (inlen != key->size) { - return -1; - } - ptLen = inlen; - if (ssl_rsa_crypt(pool, in, inlen, in, (uint32*)&ptLen, key, - RSA_PUBLIC) < 0 || ptLen != inlen) { - return -1; - } - if ((ptLen = sslUnpadRSA(in, inlen, out, outlen, RSA_PUBLIC)) < 0) { - return ptLen; - } - return 0; -} - - -#ifdef USE_RSA_BLINDING - -static int32 tim_mp_exptmod(psPool_t *pool, - mp_int *c, mp_int *e, mp_int *d, mp_int *n, mp_int *m) -{ - int32 err; - mp_int r, tmp, tmp2; - unsigned char *rtmp; - unsigned long rlen; -/* - pick random r - */ - rlen = mp_unsigned_bin_size(n); - - rtmp = psMalloc(pool, rlen); - if (rtmp == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - sslGetEntropy(rtmp, rlen); - - if ((err = _mp_init_multi(pool, &r, &tmp, &tmp2, NULL, NULL, NULL, NULL, - NULL)) != MP_OKAY) { - psFree(rtmp); - return -1; - } -/* - read in r - */ - if ((err = mp_read_unsigned_bin(&r, rtmp, rlen)) != MP_OKAY) { - goto __ERR; - } -/* - compute tmp = r^e - */ - if ((err = mp_exptmod(pool, &r, e, n, &tmp)) != MP_OKAY) { - goto __ERR; - } -/* - multiply C into the mix - */ - if ((err = mp_mulmod(pool, c, &tmp, n, &tmp)) != MP_OKAY) { - goto __ERR; - } -/* - raise to d - */ - if ((err = mp_exptmod(pool, &tmp, d, n, &tmp)) != MP_OKAY) { - goto __ERR; - } -/* - invert r and multiply - */ - if ((err = mp_invmod(pool, &r, n, &tmp2)) != MP_OKAY) { - goto __ERR; - } -/* - multiply and we are totally set - */ - if ((err = mp_mulmod(pool, &tmp, &tmp2, n, m)) != MP_OKAY) { - goto __ERR; - } - -__ERR: _mp_clear_multi(&r, &tmp, &tmp2, NULL, NULL, NULL, NULL, NULL); - psFree(rtmp); - return err; -} -#endif /* USE_RSA_BLINDING */ - -/******************************************************************************/ - - - - - diff --git a/release/src/router/matrixssl/src/crypto/peersec/sha1.c b/release/src/router/matrixssl/src/crypto/peersec/sha1.c deleted file mode 100644 index 7a92654f..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/sha1.c +++ /dev/null @@ -1,317 +0,0 @@ -/* - * sha1.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * SHA1 hash implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#define F0(x,y,z) (z ^ (x & (y ^ z))) -#define F1(x,y,z) (x ^ y ^ z) -#define F2(x,y,z) ((x & y) | (z & (x | y))) -#define F3(x,y,z) (x ^ y ^ z) - -#ifdef CLEAN_STACK -static void _sha1_compress(hash_state *md) -#else -static void sha1_compress(hash_state *md) -#endif /* CLEAN STACK */ -{ - unsigned long a,b,c,d,e,W[80],i; -#ifdef SMALL_CODE - ulong32 t; -#endif - - sslAssert(md != NULL); - -/* - copy the state into 512-bits into W[0..15] - */ - for (i = 0; i < 16; i++) { - LOAD32H(W[i], md->sha1.buf + (4*i)); - } - -/* - copy state - */ - a = md->sha1.state[0]; - b = md->sha1.state[1]; - c = md->sha1.state[2]; - d = md->sha1.state[3]; - e = md->sha1.state[4]; - -/* - expand it - */ - for (i = 16; i < 80; i++) { - W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); - } - -/* - compress - */ - /* round one */ - #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); - #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); - #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); - #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); - -#ifdef SMALL_CODE - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } -#else /* SMALL_CODE */ - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); - FF0(e,a,b,c,d,i++); - FF0(d,e,a,b,c,i++); - FF0(c,d,e,a,b,i++); - FF0(b,c,d,e,a,i++); - } - - /* round two */ - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); - FF1(e,a,b,c,d,i++); - FF1(d,e,a,b,c,i++); - FF1(c,d,e,a,b,i++); - FF1(b,c,d,e,a,i++); - } - - /* round three */ - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); - FF2(e,a,b,c,d,i++); - FF2(d,e,a,b,c,i++); - FF2(c,d,e,a,b,i++); - FF2(b,c,d,e,a,i++); - } - - /* round four */ - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); - FF3(e,a,b,c,d,i++); - FF3(d,e,a,b,c,i++); - FF3(c,d,e,a,b,i++); - FF3(b,c,d,e,a,i++); - } -#endif /* SMALL_CODE */ - - #undef FF0 - #undef FF1 - #undef FF2 - #undef FF3 - -/* - store - */ - md->sha1.state[0] = md->sha1.state[0] + a; - md->sha1.state[1] = md->sha1.state[1] + b; - md->sha1.state[2] = md->sha1.state[2] + c; - md->sha1.state[3] = md->sha1.state[3] + d; - md->sha1.state[4] = md->sha1.state[4] + e; -} - -#ifdef CLEAN_STACK -static void sha1_compress(hash_state *md) -{ - _sha1_compress(md); - psBurnStack(sizeof(unsigned long) * 87); -} -#endif /* CLEAN_STACK */ - -void matrixSha1Init(hash_state * md) -{ - sslAssert(md != NULL); - md->sha1.state[0] = 0x67452301UL; - md->sha1.state[1] = 0xefcdab89UL; - md->sha1.state[2] = 0x98badcfeUL; - md->sha1.state[3] = 0x10325476UL; - md->sha1.state[4] = 0xc3d2e1f0UL; - md->sha1.curlen = 0; -#ifdef USE_INT64 - md->sha1.length = 0; -#else - md->sha1.lengthHi = 0; - md->sha1.lengthLo = 0; -#endif /* USE_INT64 */ -} - -void matrixSha1Update(hash_state * md, const unsigned char *buf, unsigned long len) -{ - unsigned long n; - - sslAssert(md != NULL); - sslAssert(buf != NULL); - while (len > 0) { - n = MIN(len, (64 - md->sha1.curlen)); - memcpy(md->sha1.buf + md->sha1.curlen, buf, (size_t)n); - md->sha1.curlen += n; - buf += n; - len -= n; - - /* is 64 bytes full? */ - if (md->sha1.curlen == 64) { - sha1_compress(md); -#ifdef USE_INT64 - md->sha1.length += 512; -#else - n = (md->sha1.lengthLo + 512) & 0xFFFFFFFFL; - if (n < md->sha1.lengthLo) { - md->sha1.lengthHi++; - } - md->sha1.lengthLo = n; -#endif /* USE_INT64 */ - md->sha1.curlen = 0; - } - } -} - -int32 matrixSha1Final(hash_state * md, unsigned char *hash) -{ - int32 i; -#ifndef USE_INT64 - unsigned long n; -#endif - sslAssert(md != NULL); - if (md->sha1.curlen >= sizeof(md->sha1.buf) || hash == NULL) { - return -1; - } - -/* - increase the length of the message - */ -#ifdef USE_INT64 - md->sha1.length += md->sha1.curlen << 3; -#else - n = (md->sha1.lengthLo + (md->sha1.curlen << 3)) & 0xFFFFFFFFL; - if (n < md->sha1.lengthLo) { - md->sha1.lengthHi++; - } - md->sha1.lengthHi += (md->sha1.curlen >> 29); - md->sha1.lengthLo = n; -#endif /* USE_INT64 */ - -/* - append the '1' bit - */ - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; - -/* - if the length is currently above 56 bytes we append zeros then compress. - Then we can fall back to padding zeros and length encoding like normal. - */ - if (md->sha1.curlen > 56) { - while (md->sha1.curlen < 64) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - sha1_compress(md); - md->sha1.curlen = 0; - } - -/* - pad upto 56 bytes of zeroes - */ - while (md->sha1.curlen < 56) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - -/* - store length - */ -#ifdef USE_INT64 - STORE64H(md->sha1.length, md->sha1.buf+56); -#else - STORE32H(md->sha1.lengthHi, md->sha1.buf+56); - STORE32H(md->sha1.lengthLo, md->sha1.buf+60); -#endif /* USE_INT64 */ - sha1_compress(md); - -/* - copy output - */ - for (i = 0; i < 5; i++) { - STORE32H(md->sha1.state[i], hash+(4*i)); - } -#ifdef CLEAN_STACK - psZeromem(md, sizeof(hash_state)); -#endif /* CLEAN_STACK */ - return 20; -} - -#ifdef PEERSEC_TEST - -int32 matrixSha1Test() -{ - static const struct { - char *msg; - unsigned char hash[20]; - } tests[] = { - { "abc", - { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, - 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, - 0x9c, 0xd0, 0xd8, 0x9d } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, - 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, - 0xE5, 0x46, 0x70, 0xF1 } - } - }; - - int32 i; - unsigned char tmp[20]; - hash_state md; - - for (i = 0; i < (int32)(sizeof(tests) / sizeof(tests[0])); i++) { - matrixSha1Init(&md); - matrixSha1Update(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - matrixSha1Final(&md, tmp); - if (memcmp(tmp, tests[i].hash, 20) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -} -#endif /* PEERSEC_TEST */ - - -/******************************************************************************/ - |