summaryrefslogtreecommitdiff
path: root/lib/freebl
diff options
context:
space:
mode:
authorFranziskus Kiefer <franziskuskiefer@gmail.com>2016-08-29 11:25:38 +0200
committerFranziskus Kiefer <franziskuskiefer@gmail.com>2016-08-29 11:25:38 +0200
commit82515c6f5fe26fa4185e9b8227f93d196d52f9ec (patch)
tree221abd8490e19cef3ca50d586e38977916d1324c /lib/freebl
parentc5aab4eaf241e996126f6f30aa35ed1c6a9fa96b (diff)
downloadnss-hg-82515c6f5fe26fa4185e9b8227f93d196d52f9ec.tar.gz
Bug 1246619 - freebl clang-format, r=kaie
Diffstat (limited to 'lib/freebl')
-rw-r--r--lib/freebl/aeskeywrap.c320
-rw-r--r--lib/freebl/alg2268.c419
-rw-r--r--lib/freebl/alghmac.c76
-rw-r--r--lib/freebl/alghmac.h34
-rw-r--r--lib/freebl/arcfive.c19
-rw-r--r--lib/freebl/arcfour.c811
-rw-r--r--lib/freebl/blapi.h1170
-rw-r--r--lib/freebl/blapii.h11
-rw-r--r--lib/freebl/blapit.h328
-rw-r--r--lib/freebl/blname.c56
-rw-r--r--lib/freebl/camellia.c2080
-rw-r--r--lib/freebl/camellia.h25
-rw-r--r--lib/freebl/chacha20.c28
-rw-r--r--lib/freebl/chacha20_vec.c294
-rw-r--r--lib/freebl/ctr.c182
-rw-r--r--lib/freebl/ctr.h36
-rw-r--r--lib/freebl/cts.c122
-rw-r--r--lib/freebl/cts.h14
-rw-r--r--lib/freebl/des.c987
-rw-r--r--lib/freebl/des.h18
-rw-r--r--lib/freebl/desblapi.c260
-rw-r--r--lib/freebl/dh.c325
-rw-r--r--lib/freebl/drbg.c1034
-rw-r--r--lib/freebl/dsa.c393
-rw-r--r--lib/freebl/ec.c717
-rw-r--r--lib/freebl/ec.h6
-rw-r--r--lib/freebl/ecdecode.c865
-rw-r--r--lib/freebl/ecl/ec2.h46
-rw-r--r--lib/freebl/ecl/ec2_163.c322
-rw-r--r--lib/freebl/ecl/ec2_193.c356
-rw-r--r--lib/freebl/ecl/ec2_233.c396
-rw-r--r--lib/freebl/ecl/ec2_aff.c462
-rw-r--r--lib/freebl/ecl/ec2_mont.c380
-rw-r--r--lib/freebl/ecl/ec2_proj.c505
-rw-r--r--lib/freebl/ecl/ec_naf.c85
-rw-r--r--lib/freebl/ecl/ecl-curve.h164
-rw-r--r--lib/freebl/ecl/ecl-exp.h226
-rw-r--r--lib/freebl/ecl/ecl-priv.h268
-rw-r--r--lib/freebl/ecl/ecl.c607
-rw-r--r--lib/freebl/ecl/ecl.h23
-rw-r--r--lib/freebl/ecl/ecl_curve.c122
-rw-r--r--lib/freebl/ecl/ecl_gf.c1611
-rw-r--r--lib/freebl/ecl/ecl_mult.c489
-rw-r--r--lib/freebl/ecl/ecp.h50
-rw-r--r--lib/freebl/ecl/ecp_192.c786
-rw-r--r--lib/freebl/ecl/ecp_224.c565
-rw-r--r--lib/freebl/ecl/ecp_256.c680
-rw-r--r--lib/freebl/ecl/ecp_256_32.c1203
-rw-r--r--lib/freebl/ecl/ecp_384.c416
-rw-r--r--lib/freebl/ecl/ecp_521.c178
-rw-r--r--lib/freebl/ecl/ecp_aff.c465
-rw-r--r--lib/freebl/ecl/ecp_fp.c830
-rw-r--r--lib/freebl/ecl/ecp_fp.h347
-rw-r--r--lib/freebl/ecl/ecp_fp160.c222
-rw-r--r--lib/freebl/ecl/ecp_fp192.c220
-rw-r--r--lib/freebl/ecl/ecp_fp224.c238
-rw-r--r--lib/freebl/ecl/ecp_fpinc.c1612
-rw-r--r--lib/freebl/ecl/ecp_jac.c866
-rw-r--r--lib/freebl/ecl/ecp_jm.c444
-rw-r--r--lib/freebl/ecl/ecp_mont.c179
-rw-r--r--lib/freebl/ecl/tests/ec2_test.c801
-rw-r--r--lib/freebl/ecl/tests/ec_naft.c178
-rw-r--r--lib/freebl/ecl/tests/ecp_fpt.c1923
-rw-r--r--lib/freebl/ecl/tests/ecp_test.c682
-rw-r--r--lib/freebl/fipsfreebl.c2042
-rw-r--r--lib/freebl/gcm.c549
-rw-r--r--lib/freebl/gcm.h18
-rw-r--r--lib/freebl/genload.c36
-rw-r--r--lib/freebl/hmacct.c215
-rw-r--r--lib/freebl/intel-aes.h229
-rw-r--r--lib/freebl/intel-gcm-wrap.c87
-rw-r--r--lib/freebl/intel-gcm.h54
-rw-r--r--lib/freebl/jpake.c254
-rw-r--r--lib/freebl/ldvector.c607
-rw-r--r--lib/freebl/loader.c2306
-rw-r--r--lib/freebl/loader.h1287
-rw-r--r--lib/freebl/lowhash_vector.c229
-rw-r--r--lib/freebl/md2.c397
-rw-r--r--lib/freebl/md5.c747
-rw-r--r--lib/freebl/mknewpc2.c226
-rw-r--r--lib/freebl/mksp.c142
-rw-r--r--lib/freebl/mpi/logtab.h35
-rw-r--r--lib/freebl/mpi/mdxptest.c226
-rw-r--r--lib/freebl/mpi/montmulf.c441
-rw-r--r--lib/freebl/mpi/montmulf.h22
-rw-r--r--lib/freebl/mpi/mp_comba.c4391
-rw-r--r--lib/freebl/mpi/mp_gf2m-priv.h48
-rw-r--r--lib/freebl/mpi/mp_gf2m.c447
-rw-r--r--lib/freebl/mpi/mp_gf2m.h12
-rw-r--r--lib/freebl/mpi/mpcpucache.c887
-rw-r--r--lib/freebl/mpi/mpi-config.h28
-rw-r--r--lib/freebl/mpi/mpi-priv.h191
-rw-r--r--lib/freebl/mpi/mpi-test.c3057
-rw-r--r--lib/freebl/mpi/mpi.c5736
-rw-r--r--lib/freebl/mpi/mpi.h223
-rw-r--r--lib/freebl/mpi/mpi_amd64.c24
-rw-r--r--lib/freebl/mpi/mpi_arm.c242
-rw-r--r--lib/freebl/mpi/mpi_hp.c65
-rw-r--r--lib/freebl/mpi/mpi_sparc.c288
-rw-r--r--lib/freebl/mpi/mpi_x86_asm.c526
-rw-r--r--lib/freebl/mpi/mplogic.c454
-rw-r--r--lib/freebl/mpi/mplogic.h14
-rw-r--r--lib/freebl/mpi/mpmontg.c1627
-rw-r--r--lib/freebl/mpi/mpprime.c725
-rw-r--r--lib/freebl/mpi/mpprime.h24
-rw-r--r--lib/freebl/mpi/mpv_sparc.c273
-rw-r--r--lib/freebl/mpi/mpvalpha.c266
-rw-r--r--lib/freebl/mpi/mulsqr.c131
-rw-r--r--lib/freebl/mpi/primes.c1643
-rw-r--r--lib/freebl/mpi/test-info.c279
-rw-r--r--lib/freebl/mpi/tests/mptest-1.c27
-rw-r--r--lib/freebl/mpi/tests/mptest-2.c77
-rw-r--r--lib/freebl/mpi/tests/mptest-3.c157
-rw-r--r--lib/freebl/mpi/tests/mptest-3a.c188
-rw-r--r--lib/freebl/mpi/tests/mptest-4.c124
-rw-r--r--lib/freebl/mpi/tests/mptest-4a.c154
-rw-r--r--lib/freebl/mpi/tests/mptest-4b.c111
-rw-r--r--lib/freebl/mpi/tests/mptest-5.c97
-rw-r--r--lib/freebl/mpi/tests/mptest-5a.c207
-rw-r--r--lib/freebl/mpi/tests/mptest-6.c82
-rw-r--r--lib/freebl/mpi/tests/mptest-7.c113
-rw-r--r--lib/freebl/mpi/tests/mptest-8.c61
-rw-r--r--lib/freebl/mpi/tests/mptest-9.c150
-rw-r--r--lib/freebl/mpi/tests/mptest-b.c184
-rw-r--r--lib/freebl/mpi/utils/basecvt.c75
-rw-r--r--lib/freebl/mpi/utils/bbs_rand.c64
-rw-r--r--lib/freebl/mpi/utils/bbs_rand.h4
-rw-r--r--lib/freebl/mpi/utils/bbsrand.c23
-rw-r--r--lib/freebl/mpi/utils/dec2hex.c34
-rw-r--r--lib/freebl/mpi/utils/exptmod.c69
-rw-r--r--lib/freebl/mpi/utils/fact.c92
-rw-r--r--lib/freebl/mpi/utils/gcd.c121
-rw-r--r--lib/freebl/mpi/utils/hex2dec.c34
-rw-r--r--lib/freebl/mpi/utils/identest.c105
-rw-r--r--lib/freebl/mpi/utils/invmod.c88
-rw-r--r--lib/freebl/mpi/utils/isprime.c117
-rw-r--r--lib/freebl/mpi/utils/lap.c104
-rw-r--r--lib/freebl/mpi/utils/makeprime.c140
-rw-r--r--lib/freebl/mpi/utils/metime.c148
-rw-r--r--lib/freebl/mpi/utils/pi.c211
-rw-r--r--lib/freebl/mpi/utils/primegen.c235
-rw-r--r--lib/freebl/mpi/utils/prng.c50
-rw-r--r--lib/freebl/mpi/utils/sieve.c288
-rw-r--r--lib/freebl/mpi/vis_proto.h66
-rw-r--r--lib/freebl/nsslowhash.c121
-rw-r--r--lib/freebl/nsslowhash.h18
-rw-r--r--lib/freebl/os2_rand.c349
-rw-r--r--lib/freebl/poly1305-donna-x64-sse2-incremental-source.c1331
-rw-r--r--lib/freebl/poly1305.c467
-rw-r--r--lib/freebl/pqg.c1720
-rw-r--r--lib/freebl/pqg.h2
-rw-r--r--lib/freebl/rawhash.c201
-rw-r--r--lib/freebl/rijndael.c1139
-rw-r--r--lib/freebl/rijndael.h19
-rw-r--r--lib/freebl/rijndael_tables.c194
-rw-r--r--lib/freebl/rsa.c1512
-rw-r--r--lib/freebl/rsapkcs.c481
-rw-r--r--lib/freebl/secmpi.h52
-rw-r--r--lib/freebl/secrng.h2
-rw-r--r--lib/freebl/seed.c781
-rw-r--r--lib/freebl/seed.h139
-rw-r--r--lib/freebl/sha256.h8
-rw-r--r--lib/freebl/sha512.c1616
-rw-r--r--lib/freebl/sha_fast.c546
-rw-r--r--lib/freebl/sha_fast.h151
-rw-r--r--lib/freebl/shsign.h8
-rw-r--r--lib/freebl/shvfy.c299
-rw-r--r--lib/freebl/stubs.c333
-rw-r--r--lib/freebl/stubs.h58
-rw-r--r--lib/freebl/sysrand.c26
-rw-r--r--lib/freebl/tlsprfalg.c74
-rw-r--r--lib/freebl/unix_rand.c619
-rw-r--r--lib/freebl/win_rand.c78
173 files changed, 40642 insertions, 36829 deletions
diff --git a/lib/freebl/aeskeywrap.c b/lib/freebl/aeskeywrap.c
index 3b71a1576..79ff8a852 100644
--- a/lib/freebl/aeskeywrap.c
+++ b/lib/freebl/aeskeywrap.c
@@ -15,15 +15,15 @@
#else
#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 1
#endif
-#include "prtypes.h" /* for PRUintXX */
-#include "secport.h" /* for PORT_XXX */
+#include "prtypes.h" /* for PRUintXX */
+#include "secport.h" /* for PORT_XXX */
#include "secerr.h"
-#include "blapi.h" /* for AES_ functions */
+#include "blapi.h" /* for AES_ functions */
#include "rijndael.h"
struct AESKeyWrapContextStr {
- unsigned char iv[AES_KEY_WRAP_IV_BYTES];
- AESContext aescx;
+ unsigned char iv[AES_KEY_WRAP_IV_BYTES];
+ AESContext aescx;
};
/******************************************/
@@ -31,71 +31,71 @@ struct AESKeyWrapContextStr {
** AES key wrap algorithm, RFC 3394
*/
-AESKeyWrapContext *
+AESKeyWrapContext *
AESKeyWrap_AllocateContext(void)
{
- AESKeyWrapContext * cx = PORT_New(AESKeyWrapContext);
+ AESKeyWrapContext *cx = PORT_New(AESKeyWrapContext);
return cx;
}
-SECStatus
-AESKeyWrap_InitContext(AESKeyWrapContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int x1,
- unsigned int encrypt,
- unsigned int x2)
+SECStatus
+AESKeyWrap_InitContext(AESKeyWrapContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int x1,
+ unsigned int encrypt,
+ unsigned int x2)
{
SECStatus rv = SECFailure;
if (!cx) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (iv) {
- memcpy(cx->iv, iv, sizeof cx->iv);
+ memcpy(cx->iv, iv, sizeof cx->iv);
} else {
- memset(cx->iv, 0xA6, sizeof cx->iv);
+ memset(cx->iv, 0xA6, sizeof cx->iv);
}
- rv = AES_InitContext(&cx->aescx, key, keylen, NULL, NSS_AES, encrypt,
- AES_BLOCK_SIZE);
+ rv = AES_InitContext(&cx->aescx, key, keylen, NULL, NSS_AES, encrypt,
+ AES_BLOCK_SIZE);
return rv;
}
/*
** Create a new AES context suitable for AES encryption/decryption.
-** "key" raw key data
-** "keylen" the number of bytes of key data (16, 24, or 32)
+** "key" raw key data
+** "keylen" the number of bytes of key data (16, 24, or 32)
*/
extern AESKeyWrapContext *
-AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
int encrypt, unsigned int keylen)
{
SECStatus rv;
- AESKeyWrapContext * cx = AESKeyWrap_AllocateContext();
- if (!cx)
- return NULL; /* error is already set */
+ AESKeyWrapContext *cx = AESKeyWrap_AllocateContext();
+ if (!cx)
+ return NULL; /* error is already set */
rv = AESKeyWrap_InitContext(cx, key, keylen, iv, 0, encrypt, 0);
if (rv != SECSuccess) {
PORT_Free(cx);
- cx = NULL; /* error should already be set */
+ cx = NULL; /* error should already be set */
}
return cx;
}
/*
** Destroy a AES KeyWrap context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
-extern void
+extern void
AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
{
if (cx) {
- AES_DestroyContext(&cx->aescx, PR_FALSE);
-/* memset(cx, 0, sizeof *cx); */
- if (freeit)
- PORT_Free(cx);
+ AES_DestroyContext(&cx->aescx, PR_FALSE);
+ /* memset(cx, 0, sizeof *cx); */
+ if (freeit)
+ PORT_Free(cx);
}
}
@@ -112,18 +112,18 @@ AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
/* A and T point to two 64-bit values stored most signficant byte first
** (big endian). This function increments the 64-bit value T, and then
** XORs it with A, changing A.
-*/
+*/
static void
increment_and_xor(unsigned char *A, unsigned char *T)
{
if (!++T[7])
if (!++T[6])
- if (!++T[5])
- if (!++T[4])
- if (!++T[3])
- if (!++T[2])
- if (!++T[1])
- ++T[0];
+ if (!++T[5])
+ if (!++T[4])
+ if (!++T[3])
+ if (!++T[2])
+ if (!++T[1])
+ ++T[0];
A[0] ^= T[0];
A[1] ^= T[1];
@@ -142,7 +142,7 @@ increment_and_xor(unsigned char *A, unsigned char *T)
static void
xor_and_decrement(PRUint64 *A, PRUint64 *T)
{
- unsigned char* TP = (unsigned char*)T;
+ unsigned char *TP = (unsigned char *)T;
const PRUint64 mask = 0xFF;
*A = ((*A & mask << 56) ^ (*T & mask << 56)) |
((*A & mask << 48) ^ (*T & mask << 48)) |
@@ -155,13 +155,12 @@ xor_and_decrement(PRUint64 *A, PRUint64 *T)
if (!TP[7]--)
if (!TP[6]--)
- if (!TP[5]--)
- if (!TP[4]--)
- if (!TP[3]--)
- if (!TP[2]--)
- if (!TP[1]--)
- TP[0]--;
-
+ if (!TP[5]--)
+ if (!TP[4]--)
+ if (!TP[3]--)
+ if (!TP[2]--)
+ if (!TP[1]--)
+ TP[0]--;
}
/* Given an unsigned long t (in host byte order), store this value as a
@@ -170,13 +169,20 @@ xor_and_decrement(PRUint64 *A, PRUint64 *T)
static void
set_t(unsigned char *pt, unsigned long t)
{
- pt[7] = (unsigned char)t; t >>= 8;
- pt[6] = (unsigned char)t; t >>= 8;
- pt[5] = (unsigned char)t; t >>= 8;
- pt[4] = (unsigned char)t; t >>= 8;
- pt[3] = (unsigned char)t; t >>= 8;
- pt[2] = (unsigned char)t; t >>= 8;
- pt[1] = (unsigned char)t; t >>= 8;
+ pt[7] = (unsigned char)t;
+ t >>= 8;
+ pt[6] = (unsigned char)t;
+ t >>= 8;
+ pt[5] = (unsigned char)t;
+ t >>= 8;
+ pt[4] = (unsigned char)t;
+ t >>= 8;
+ pt[3] = (unsigned char)t;
+ t >>= 8;
+ pt[2] = (unsigned char)t;
+ t >>= 8;
+ pt[1] = (unsigned char)t;
+ t >>= 8;
pt[0] = (unsigned char)t;
}
@@ -184,56 +190,56 @@ set_t(unsigned char *pt, unsigned long t)
/*
** Perform AES key wrap.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
-extern SECStatus
+extern SECStatus
AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
- unsigned int *pOutputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+ unsigned int *pOutputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
- PRUint64 * R = NULL;
- unsigned int nBlocks;
- unsigned int i, j;
- unsigned int aesLen = AES_BLOCK_SIZE;
- unsigned int outLen = inputLen + AES_KEY_WRAP_BLOCK_SIZE;
- SECStatus s = SECFailure;
+ PRUint64 *R = NULL;
+ unsigned int nBlocks;
+ unsigned int i, j;
+ unsigned int aesLen = AES_BLOCK_SIZE;
+ unsigned int outLen = inputLen + AES_KEY_WRAP_BLOCK_SIZE;
+ SECStatus s = SECFailure;
/* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
- PRUint64 t;
- PRUint64 B[2];
+ PRUint64 t;
+ PRUint64 B[2];
#define A B[0]
/* Check args */
if (!inputLen || 0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return s;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return s;
}
#ifdef maybe
- if (!output && pOutputLen) { /* caller is asking for output size */
- *pOutputLen = outLen;
- return SECSuccess;
+ if (!output && pOutputLen) { /* caller is asking for output size */
+ *pOutputLen = outLen;
+ return SECSuccess;
}
#endif
if (maxOutputLen < outLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return s;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return s;
}
if (cx == NULL || output == NULL || input == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return s;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return s;
}
nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
R = PORT_NewArray(PRUint64, nBlocks + 1);
if (!R)
- return s; /* error is already set. */
- /*
+ return s; /* error is already set. */
+ /*
** 1) Initialize variables.
*/
memcpy(&A, cx->iv, AES_KEY_WRAP_IV_BYTES);
@@ -243,35 +249,35 @@ AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
#else
memset(&t, 0, sizeof t);
#endif
- /*
+ /*
** 2) Calculate intermediate values.
*/
for (j = 0; j < 6; ++j) {
- for (i = 1; i <= nBlocks; ++i) {
- B[1] = R[i];
- s = AES_Encrypt(&cx->aescx, (unsigned char *)B, &aesLen,
- sizeof B, (unsigned char *)B, sizeof B);
- if (s != SECSuccess)
- break;
- R[i] = B[1];
- /* here, increment t and XOR A with t (in big endian order); */
+ for (i = 1; i <= nBlocks; ++i) {
+ B[1] = R[i];
+ s = AES_Encrypt(&cx->aescx, (unsigned char *)B, &aesLen,
+ sizeof B, (unsigned char *)B, sizeof B);
+ if (s != SECSuccess)
+ break;
+ R[i] = B[1];
+/* here, increment t and XOR A with t (in big endian order); */
#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
- A ^= ++t;
+ A ^= ++t;
#else
- increment_and_xor((unsigned char *)&A, (unsigned char *)&t);
+ increment_and_xor((unsigned char *)&A, (unsigned char *)&t);
#endif
- }
+ }
}
- /*
+ /*
** 3) Output the results.
*/
if (s == SECSuccess) {
- R[0] = A;
- memcpy(output, &R[0], outLen);
- if (pOutputLen)
- *pOutputLen = outLen;
+ R[0] = A;
+ memcpy(output, &R[0], outLen);
+ if (pOutputLen)
+ *pOutputLen = outLen;
} else if (pOutputLen) {
- *pOutputLen = 0;
+ *pOutputLen = 0;
}
PORT_ZFree(R, outLen);
return s;
@@ -280,55 +286,55 @@ AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
/*
** Perform AES key unwrap.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
-extern SECStatus
+extern SECStatus
AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
- unsigned int *pOutputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+ unsigned int *pOutputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
- PRUint64 * R = NULL;
- unsigned int nBlocks;
- unsigned int i, j;
- unsigned int aesLen = AES_BLOCK_SIZE;
- unsigned int outLen;
- SECStatus s = SECFailure;
+ PRUint64 *R = NULL;
+ unsigned int nBlocks;
+ unsigned int i, j;
+ unsigned int aesLen = AES_BLOCK_SIZE;
+ unsigned int outLen;
+ SECStatus s = SECFailure;
/* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
- PRUint64 t;
- PRUint64 B[2];
+ PRUint64 t;
+ PRUint64 B[2];
/* Check args */
if (inputLen < 3 * AES_KEY_WRAP_BLOCK_SIZE ||
0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return s;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return s;
}
outLen = inputLen - AES_KEY_WRAP_BLOCK_SIZE;
#ifdef maybe
- if (!output && pOutputLen) { /* caller is asking for output size */
- *pOutputLen = outLen;
- return SECSuccess;
+ if (!output && pOutputLen) { /* caller is asking for output size */
+ *pOutputLen = outLen;
+ return SECSuccess;
}
#endif
if (maxOutputLen < outLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return s;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return s;
}
if (cx == NULL || output == NULL || input == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return s;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return s;
}
nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
R = PORT_NewArray(PRUint64, nBlocks);
if (!R)
- return s; /* error is already set. */
+ return s; /* error is already set. */
nBlocks--;
/*
** 1) Initialize variables.
@@ -344,38 +350,38 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
** 2) Calculate intermediate values.
*/
for (j = 0; j < 6; ++j) {
- for (i = nBlocks; i; --i) {
- /* here, XOR A with t (in big endian order) and decrement t; */
+ for (i = nBlocks; i; --i) {
+/* here, XOR A with t (in big endian order) and decrement t; */
#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
- B[0] ^= t--;
+ B[0] ^= t--;
#else
- xor_and_decrement(&B[0], &t);
+ xor_and_decrement(&B[0], &t);
#endif
- B[1] = R[i];
- s = AES_Decrypt(&cx->aescx, (unsigned char *)B, &aesLen,
- sizeof B, (unsigned char *)B, sizeof B);
- if (s != SECSuccess)
- break;
- R[i] = B[1];
- }
+ B[1] = R[i];
+ s = AES_Decrypt(&cx->aescx, (unsigned char *)B, &aesLen,
+ sizeof B, (unsigned char *)B, sizeof B);
+ if (s != SECSuccess)
+ break;
+ R[i] = B[1];
+ }
}
/*
** 3) Output the results.
*/
if (s == SECSuccess) {
- int bad = memcmp(&B[0], cx->iv, AES_KEY_WRAP_IV_BYTES);
- if (!bad) {
- memcpy(output, &R[1], outLen);
- if (pOutputLen)
- *pOutputLen = outLen;
- } else {
- s = SECFailure;
- PORT_SetError(SEC_ERROR_BAD_DATA);
- if (pOutputLen)
- *pOutputLen = 0;
- }
+ int bad = memcmp(&B[0], cx->iv, AES_KEY_WRAP_IV_BYTES);
+ if (!bad) {
+ memcpy(output, &R[1], outLen);
+ if (pOutputLen)
+ *pOutputLen = outLen;
+ } else {
+ s = SECFailure;
+ PORT_SetError(SEC_ERROR_BAD_DATA);
+ if (pOutputLen)
+ *pOutputLen = 0;
+ }
} else if (pOutputLen) {
- *pOutputLen = 0;
+ *pOutputLen = 0;
}
PORT_ZFree(R, inputLen);
return s;
diff --git a/lib/freebl/alg2268.c b/lib/freebl/alg2268.c
index ea97f52a6..7d99d2fe4 100644
--- a/lib/freebl/alg2268.c
+++ b/lib/freebl/alg2268.c
@@ -12,15 +12,15 @@
#include "blapi.h"
#include "secerr.h"
#ifdef XP_UNIX_XXX
-#include <stddef.h> /* for ptrdiff_t */
+#include <stddef.h> /* for ptrdiff_t */
#endif
/*
** RC2 symmetric block cypher
*/
-typedef SECStatus (rc2Func)(RC2Context *cx, unsigned char *output,
- const unsigned char *input, unsigned int inputLen);
+typedef SECStatus(rc2Func)(RC2Context *cx, unsigned char *output,
+ const unsigned char *input, unsigned int inputLen);
/* forward declarations */
static rc2Func rc2_EncryptECB;
@@ -29,118 +29,133 @@ static rc2Func rc2_EncryptCBC;
static rc2Func rc2_DecryptCBC;
typedef union {
- PRUint32 l[2];
- PRUint16 s[4];
- PRUint8 b[8];
+ PRUint32 l[2];
+ PRUint16 s[4];
+ PRUint8 b[8];
} RC2Block;
struct RC2ContextStr {
union {
- PRUint8 Kb[128];
- PRUint16 Kw[64];
+ PRUint8 Kb[128];
+ PRUint16 Kw[64];
} u;
- RC2Block iv;
- rc2Func *enc;
- rc2Func *dec;
+ RC2Block iv;
+ rc2Func *enc;
+ rc2Func *dec;
};
#define B u.Kb
#define K u.Kw
#define BYTESWAP(x) ((x) << 8 | (x) >> 8)
-#define SWAPK(i) cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS))
+#define SWAPK(i) cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS))
#define RC2_BLOCK_SIZE 8
-#define LOAD_HARD(R) \
+#define LOAD_HARD(R) \
R[0] = (PRUint16)input[1] << 8 | input[0]; \
R[1] = (PRUint16)input[3] << 8 | input[2]; \
R[2] = (PRUint16)input[5] << 8 | input[4]; \
R[3] = (PRUint16)input[7] << 8 | input[6];
-#define LOAD_EASY(R) \
+#define LOAD_EASY(R) \
R[0] = ((PRUint16 *)input)[0]; \
R[1] = ((PRUint16 *)input)[1]; \
R[2] = ((PRUint16 *)input)[2]; \
R[3] = ((PRUint16 *)input)[3];
-#define STORE_HARD(R) \
- output[0] = (PRUint8)(R[0]); output[1] = (PRUint8)(R[0] >> 8); \
- output[2] = (PRUint8)(R[1]); output[3] = (PRUint8)(R[1] >> 8); \
- output[4] = (PRUint8)(R[2]); output[5] = (PRUint8)(R[2] >> 8); \
- output[6] = (PRUint8)(R[3]); output[7] = (PRUint8)(R[3] >> 8);
-#define STORE_EASY(R) \
- ((PRUint16 *)output)[0] = R[0]; \
- ((PRUint16 *)output)[1] = R[1]; \
- ((PRUint16 *)output)[2] = R[2]; \
- ((PRUint16 *)output)[3] = R[3];
-
-#if defined (NSS_X86_OR_X64)
-#define LOAD(R) LOAD_EASY(R)
+#define STORE_HARD(R) \
+ output[0] = (PRUint8)(R[0]); \
+ output[1] = (PRUint8)(R[0] >> 8); \
+ output[2] = (PRUint8)(R[1]); \
+ output[3] = (PRUint8)(R[1] >> 8); \
+ output[4] = (PRUint8)(R[2]); \
+ output[5] = (PRUint8)(R[2] >> 8); \
+ output[6] = (PRUint8)(R[3]); \
+ output[7] = (PRUint8)(R[3] >> 8);
+#define STORE_EASY(R) \
+ ((PRUint16 *)output)[0] = R[0]; \
+ ((PRUint16 *)output)[1] = R[1]; \
+ ((PRUint16 *)output)[2] = R[2]; \
+ ((PRUint16 *)output)[3] = R[3];
+
+#if defined(NSS_X86_OR_X64)
+#define LOAD(R) LOAD_EASY(R)
#define STORE(R) STORE_EASY(R)
#elif !defined(IS_LITTLE_ENDIAN)
-#define LOAD(R) LOAD_HARD(R)
+#define LOAD(R) LOAD_HARD(R)
#define STORE(R) STORE_HARD(R)
#else
-#define LOAD(R) if ((ptrdiff_t)input & 1) { LOAD_HARD(R) } else { LOAD_EASY(R) }
-#define STORE(R) if ((ptrdiff_t)input & 1) { STORE_HARD(R) } else { STORE_EASY(R) }
+#define LOAD(R) \
+ if ((ptrdiff_t)input & 1) { \
+ LOAD_HARD(R) \
+ } else { \
+ LOAD_EASY(R) \
+ }
+#define STORE(R) \
+ if ((ptrdiff_t)input & 1) { \
+ STORE_HARD(R) \
+ } else { \
+ STORE_EASY(R) \
+ }
#endif
static const PRUint8 S[256] = {
-0331,0170,0371,0304,0031,0335,0265,0355,0050,0351,0375,0171,0112,0240,0330,0235,
-0306,0176,0067,0203,0053,0166,0123,0216,0142,0114,0144,0210,0104,0213,0373,0242,
-0027,0232,0131,0365,0207,0263,0117,0023,0141,0105,0155,0215,0011,0201,0175,0062,
-0275,0217,0100,0353,0206,0267,0173,0013,0360,0225,0041,0042,0134,0153,0116,0202,
-0124,0326,0145,0223,0316,0140,0262,0034,0163,0126,0300,0024,0247,0214,0361,0334,
-0022,0165,0312,0037,0073,0276,0344,0321,0102,0075,0324,0060,0243,0074,0266,0046,
-0157,0277,0016,0332,0106,0151,0007,0127,0047,0362,0035,0233,0274,0224,0103,0003,
-0370,0021,0307,0366,0220,0357,0076,0347,0006,0303,0325,0057,0310,0146,0036,0327,
-0010,0350,0352,0336,0200,0122,0356,0367,0204,0252,0162,0254,0065,0115,0152,0052,
-0226,0032,0322,0161,0132,0025,0111,0164,0113,0237,0320,0136,0004,0030,0244,0354,
-0302,0340,0101,0156,0017,0121,0313,0314,0044,0221,0257,0120,0241,0364,0160,0071,
-0231,0174,0072,0205,0043,0270,0264,0172,0374,0002,0066,0133,0045,0125,0227,0061,
-0055,0135,0372,0230,0343,0212,0222,0256,0005,0337,0051,0020,0147,0154,0272,0311,
-0323,0000,0346,0317,0341,0236,0250,0054,0143,0026,0001,0077,0130,0342,0211,0251,
-0015,0070,0064,0033,0253,0063,0377,0260,0273,0110,0014,0137,0271,0261,0315,0056,
-0305,0363,0333,0107,0345,0245,0234,0167,0012,0246,0040,0150,0376,0177,0301,0255
+ 0331, 0170, 0371, 0304, 0031, 0335, 0265, 0355, 0050, 0351, 0375, 0171, 0112, 0240, 0330, 0235,
+ 0306, 0176, 0067, 0203, 0053, 0166, 0123, 0216, 0142, 0114, 0144, 0210, 0104, 0213, 0373, 0242,
+ 0027, 0232, 0131, 0365, 0207, 0263, 0117, 0023, 0141, 0105, 0155, 0215, 0011, 0201, 0175, 0062,
+ 0275, 0217, 0100, 0353, 0206, 0267, 0173, 0013, 0360, 0225, 0041, 0042, 0134, 0153, 0116, 0202,
+ 0124, 0326, 0145, 0223, 0316, 0140, 0262, 0034, 0163, 0126, 0300, 0024, 0247, 0214, 0361, 0334,
+ 0022, 0165, 0312, 0037, 0073, 0276, 0344, 0321, 0102, 0075, 0324, 0060, 0243, 0074, 0266, 0046,
+ 0157, 0277, 0016, 0332, 0106, 0151, 0007, 0127, 0047, 0362, 0035, 0233, 0274, 0224, 0103, 0003,
+ 0370, 0021, 0307, 0366, 0220, 0357, 0076, 0347, 0006, 0303, 0325, 0057, 0310, 0146, 0036, 0327,
+ 0010, 0350, 0352, 0336, 0200, 0122, 0356, 0367, 0204, 0252, 0162, 0254, 0065, 0115, 0152, 0052,
+ 0226, 0032, 0322, 0161, 0132, 0025, 0111, 0164, 0113, 0237, 0320, 0136, 0004, 0030, 0244, 0354,
+ 0302, 0340, 0101, 0156, 0017, 0121, 0313, 0314, 0044, 0221, 0257, 0120, 0241, 0364, 0160, 0071,
+ 0231, 0174, 0072, 0205, 0043, 0270, 0264, 0172, 0374, 0002, 0066, 0133, 0045, 0125, 0227, 0061,
+ 0055, 0135, 0372, 0230, 0343, 0212, 0222, 0256, 0005, 0337, 0051, 0020, 0147, 0154, 0272, 0311,
+ 0323, 0000, 0346, 0317, 0341, 0236, 0250, 0054, 0143, 0026, 0001, 0077, 0130, 0342, 0211, 0251,
+ 0015, 0070, 0064, 0033, 0253, 0063, 0377, 0260, 0273, 0110, 0014, 0137, 0271, 0261, 0315, 0056,
+ 0305, 0363, 0333, 0107, 0345, 0245, 0234, 0167, 0012, 0246, 0040, 0150, 0376, 0177, 0301, 0255
};
-RC2Context * RC2_AllocateContext(void)
+RC2Context *
+RC2_AllocateContext(void)
{
return PORT_ZNew(RC2Context);
}
-SECStatus
+SECStatus
RC2_InitContext(RC2Context *cx, const unsigned char *key, unsigned int len,
- const unsigned char *input, int mode, unsigned int efLen8,
- unsigned int unused)
+ const unsigned char *input, int mode, unsigned int efLen8,
+ unsigned int unused)
{
- PRUint8 *L,*L2;
- int i;
+ PRUint8 *L, *L2;
+ int i;
#if !defined(IS_LITTLE_ENDIAN)
- PRUint16 tmpS;
+ PRUint16 tmpS;
#endif
- PRUint8 tmpB;
+ PRUint8 tmpB;
- if (!key || !cx || !len || len > (sizeof cx->B) ||
- efLen8 > (sizeof cx->B)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ if (!key || !cx || !len || len > (sizeof cx->B) ||
+ efLen8 > (sizeof cx->B)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (mode == NSS_RC2) {
- /* groovy */
+ /* groovy */
} else if (mode == NSS_RC2_CBC) {
- if (!input) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
+ if (!input) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
} else {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (mode == NSS_RC2_CBC) {
- cx->enc = & rc2_EncryptCBC;
- cx->dec = & rc2_DecryptCBC;
- LOAD(cx->iv.s);
+ cx->enc = &rc2_EncryptCBC;
+ cx->dec = &rc2_DecryptCBC;
+ LOAD(cx->iv.s);
} else {
- cx->enc = & rc2_EncryptECB;
- cx->dec = & rc2_DecryptECB;
+ cx->enc = &rc2_EncryptECB;
+ cx->dec = &rc2_DecryptECB;
}
/* Step 0. Copy key into table. */
@@ -151,23 +166,23 @@ RC2_InitContext(RC2Context *cx, const unsigned char *key, unsigned int len,
L = L2 + len;
tmpB = L[-1];
for (i = (sizeof cx->B) - len; i > 0; --i) {
- *L++ = tmpB = S[ (PRUint8)(tmpB + *L2++) ];
+ *L++ = tmpB = S[(PRUint8)(tmpB + *L2++)];
}
/* step 2. Adjust left most byte of effective key. */
i = (sizeof cx->B) - efLen8;
L = cx->B + i;
- *L = tmpB = S[*L]; /* mask is always 0xff */
+ *L = tmpB = S[*L]; /* mask is always 0xff */
/* step 3. Recompute all values to the left of effective key. */
L2 = --L + efLen8;
- while(L >= cx->B) {
- *L-- = tmpB = S[ tmpB ^ *L2-- ];
+ while (L >= cx->B) {
+ *L-- = tmpB = S[tmpB ^ *L2--];
}
#if !defined(IS_LITTLE_ENDIAN)
for (i = 63; i >= 0; --i) {
- SWAPK(i); /* candidate for unrolling */
+ SWAPK(i); /* candidate for unrolling */
}
#endif
return SECSuccess;
@@ -175,60 +190,64 @@ RC2_InitContext(RC2Context *cx, const unsigned char *key, unsigned int len,
/*
** Create a new RC2 context suitable for RC2 encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
-** "mode" one of NSS_RC2 or NSS_RC2_CBC
-** "effectiveKeyLen" in bytes, not bits.
+** "key" raw key data
+** "len" the number of bytes of key data
+** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
+** "mode" one of NSS_RC2 or NSS_RC2_CBC
+** "effectiveKeyLen" in bytes, not bits.
**
** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
** chaining" mode.
*/
RC2Context *
RC2_CreateContext(const unsigned char *key, unsigned int len,
- const unsigned char *iv, int mode, unsigned efLen8)
+ const unsigned char *iv, int mode, unsigned efLen8)
{
RC2Context *cx = PORT_ZNew(RC2Context);
if (cx) {
- SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0);
- if (rv != SECSuccess) {
- RC2_DestroyContext(cx, PR_TRUE);
- cx = NULL;
- }
+ SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0);
+ if (rv != SECSuccess) {
+ RC2_DestroyContext(cx, PR_TRUE);
+ cx = NULL;
+ }
}
return cx;
}
/*
** Destroy an RC2 encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
-void
+void
RC2_DestroyContext(RC2Context *cx, PRBool freeit)
{
if (cx) {
- memset(cx, 0, sizeof *cx);
- if (freeit) {
- PORT_Free(cx);
- }
+ memset(cx, 0, sizeof *cx);
+ if (freeit) {
+ PORT_Free(cx);
+ }
}
}
-#define ROL(x,k) (x << k | x >> (16-k))
-#define MIX(j) \
- R0 = R0 + cx->K[ 4*j+0] + (R3 & R2) + (~R3 & R1); R0 = ROL(R0,1);\
- R1 = R1 + cx->K[ 4*j+1] + (R0 & R3) + (~R0 & R2); R1 = ROL(R1,2);\
- R2 = R2 + cx->K[ 4*j+2] + (R1 & R0) + (~R1 & R3); R2 = ROL(R2,3);\
- R3 = R3 + cx->K[ 4*j+3] + (R2 & R1) + (~R2 & R0); R3 = ROL(R3,5)
-#define MASH \
- R0 = R0 + cx->K[R3 & 63];\
- R1 = R1 + cx->K[R0 & 63];\
- R2 = R2 + cx->K[R1 & 63];\
+#define ROL(x, k) (x << k | x >> (16 - k))
+#define MIX(j) \
+ R0 = R0 + cx->K[4 * j + 0] + (R3 & R2) + (~R3 & R1); \
+ R0 = ROL(R0, 1); \
+ R1 = R1 + cx->K[4 * j + 1] + (R0 & R3) + (~R0 & R2); \
+ R1 = ROL(R1, 2); \
+ R2 = R2 + cx->K[4 * j + 2] + (R1 & R0) + (~R1 & R3); \
+ R2 = ROL(R2, 3); \
+ R3 = R3 + cx->K[4 * j + 3] + (R2 & R1) + (~R2 & R0); \
+ R3 = ROL(R3, 5)
+#define MASH \
+ R0 = R0 + cx->K[R3 & 63]; \
+ R1 = R1 + cx->K[R0 & 63]; \
+ R2 = R2 + cx->K[R1 & 63]; \
R3 = R3 + cx->K[R2 & 63]
/* Encrypt one block */
-static void
+static void
rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
{
register PRUint16 R0, R1, R2, R3;
@@ -279,20 +298,24 @@ rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
output->s[3] = R3;
}
-#define ROR(x,k) (x >> k | x << (16-k))
-#define R_MIX(j) \
- R3 = ROR(R3,5); R3 = R3 - cx->K[ 4*j+3] - (R2 & R1) - (~R2 & R0); \
- R2 = ROR(R2,3); R2 = R2 - cx->K[ 4*j+2] - (R1 & R0) - (~R1 & R3); \
- R1 = ROR(R1,2); R1 = R1 - cx->K[ 4*j+1] - (R0 & R3) - (~R0 & R2); \
- R0 = ROR(R0,1); R0 = R0 - cx->K[ 4*j+0] - (R3 & R2) - (~R3 & R1)
-#define R_MASH \
- R3 = R3 - cx->K[R2 & 63];\
- R2 = R2 - cx->K[R1 & 63];\
- R1 = R1 - cx->K[R0 & 63];\
+#define ROR(x, k) (x >> k | x << (16 - k))
+#define R_MIX(j) \
+ R3 = ROR(R3, 5); \
+ R3 = R3 - cx->K[4 * j + 3] - (R2 & R1) - (~R2 & R0); \
+ R2 = ROR(R2, 3); \
+ R2 = R2 - cx->K[4 * j + 2] - (R1 & R0) - (~R1 & R3); \
+ R1 = ROR(R1, 2); \
+ R1 = R1 - cx->K[4 * j + 1] - (R0 & R3) - (~R0 & R2); \
+ R0 = ROR(R0, 1); \
+ R0 = R0 - cx->K[4 * j + 0] - (R3 & R2) - (~R3 & R1)
+#define R_MASH \
+ R3 = R3 - cx->K[R2 & 63]; \
+ R2 = R2 - cx->K[R1 & 63]; \
+ R1 = R1 - cx->K[R0 & 63]; \
R0 = R0 - cx->K[R3 & 63]
/* Encrypt one block */
-static void
+static void
rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
{
register PRUint16 R0, R1, R2, R3;
@@ -342,144 +365,144 @@ rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
static SECStatus
rc2_EncryptECB(RC2Context *cx, unsigned char *output,
- const unsigned char *input, unsigned int inputLen)
+ const unsigned char *input, unsigned int inputLen)
{
- RC2Block iBlock;
+ RC2Block iBlock;
while (inputLen > 0) {
- LOAD(iBlock.s)
- rc2_Encrypt1Block(cx, &iBlock, &iBlock);
- STORE(iBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
+ LOAD(iBlock.s)
+ rc2_Encrypt1Block(cx, &iBlock, &iBlock);
+ STORE(iBlock.s)
+ output += RC2_BLOCK_SIZE;
+ input += RC2_BLOCK_SIZE;
+ inputLen -= RC2_BLOCK_SIZE;
}
return SECSuccess;
}
static SECStatus
rc2_DecryptECB(RC2Context *cx, unsigned char *output,
- const unsigned char *input, unsigned int inputLen)
+ const unsigned char *input, unsigned int inputLen)
{
- RC2Block iBlock;
+ RC2Block iBlock;
while (inputLen > 0) {
- LOAD(iBlock.s)
- rc2_Decrypt1Block(cx, &iBlock, &iBlock);
- STORE(iBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
+ LOAD(iBlock.s)
+ rc2_Decrypt1Block(cx, &iBlock, &iBlock);
+ STORE(iBlock.s)
+ output += RC2_BLOCK_SIZE;
+ input += RC2_BLOCK_SIZE;
+ inputLen -= RC2_BLOCK_SIZE;
}
return SECSuccess;
}
static SECStatus
rc2_EncryptCBC(RC2Context *cx, unsigned char *output,
- const unsigned char *input, unsigned int inputLen)
+ const unsigned char *input, unsigned int inputLen)
{
- RC2Block iBlock;
+ RC2Block iBlock;
while (inputLen > 0) {
- LOAD(iBlock.s)
- iBlock.l[0] ^= cx->iv.l[0];
- iBlock.l[1] ^= cx->iv.l[1];
- rc2_Encrypt1Block(cx, &iBlock, &iBlock);
- cx->iv = iBlock;
- STORE(iBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
+ LOAD(iBlock.s)
+ iBlock.l[0] ^= cx->iv.l[0];
+ iBlock.l[1] ^= cx->iv.l[1];
+ rc2_Encrypt1Block(cx, &iBlock, &iBlock);
+ cx->iv = iBlock;
+ STORE(iBlock.s)
+ output += RC2_BLOCK_SIZE;
+ input += RC2_BLOCK_SIZE;
+ inputLen -= RC2_BLOCK_SIZE;
}
return SECSuccess;
}
static SECStatus
rc2_DecryptCBC(RC2Context *cx, unsigned char *output,
- const unsigned char *input, unsigned int inputLen)
+ const unsigned char *input, unsigned int inputLen)
{
- RC2Block iBlock;
- RC2Block oBlock;
+ RC2Block iBlock;
+ RC2Block oBlock;
while (inputLen > 0) {
- LOAD(iBlock.s)
- rc2_Decrypt1Block(cx, &oBlock, &iBlock);
- oBlock.l[0] ^= cx->iv.l[0];
- oBlock.l[1] ^= cx->iv.l[1];
- cx->iv = iBlock;
- STORE(oBlock.s)
- output += RC2_BLOCK_SIZE;
- input += RC2_BLOCK_SIZE;
- inputLen -= RC2_BLOCK_SIZE;
+ LOAD(iBlock.s)
+ rc2_Decrypt1Block(cx, &oBlock, &iBlock);
+ oBlock.l[0] ^= cx->iv.l[0];
+ oBlock.l[1] ^= cx->iv.l[1];
+ cx->iv = iBlock;
+ STORE(oBlock.s)
+ output += RC2_BLOCK_SIZE;
+ input += RC2_BLOCK_SIZE;
+ inputLen -= RC2_BLOCK_SIZE;
}
return SECSuccess;
}
-
/*
** Perform RC2 encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
-SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+SECStatus
+RC2_Encrypt(RC2Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
SECStatus rv = SECSuccess;
if (inputLen) {
- if (inputLen % RC2_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
- }
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- rv = (*cx->enc)(cx, output, input, inputLen);
+ if (inputLen % RC2_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+ if (maxOutputLen < inputLen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
+ rv = (*cx->enc)(cx, output, input, inputLen);
}
if (rv == SECSuccess) {
- *outputLen = inputLen;
+ *outputLen = inputLen;
}
return rv;
}
/*
** Perform RC2 decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
-SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+SECStatus
+RC2_Decrypt(RC2Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
SECStatus rv = SECSuccess;
if (inputLen) {
- if (inputLen % RC2_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
- }
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- rv = (*cx->dec)(cx, output, input, inputLen);
+ if (inputLen % RC2_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+ if (maxOutputLen < inputLen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
+ rv = (*cx->dec)(cx, output, input, inputLen);
}
if (rv == SECSuccess) {
- *outputLen = inputLen;
+ *outputLen = inputLen;
}
return rv;
}
-
diff --git a/lib/freebl/alghmac.c b/lib/freebl/alghmac.c
index 9b845cff1..dd8b73c5f 100644
--- a/lib/freebl/alghmac.c
+++ b/lib/freebl/alghmac.c
@@ -17,7 +17,7 @@
struct HMACContextStr {
void *hash;
const SECHashObject *hashobj;
- PRBool wasAllocated;
+ PRBool wasAllocated;
unsigned char ipad[HMAC_PAD_SIZE];
unsigned char opad[HMAC_PAD_SIZE];
};
@@ -26,50 +26,50 @@ void
HMAC_Destroy(HMACContext *cx, PRBool freeit)
{
if (cx == NULL)
- return;
+ return;
PORT_Assert(!freeit == !cx->wasAllocated);
if (cx->hash != NULL) {
- cx->hashobj->destroy(cx->hash, PR_TRUE);
- PORT_Memset(cx, 0, sizeof *cx);
+ cx->hashobj->destroy(cx->hash, PR_TRUE);
+ PORT_Memset(cx, 0, sizeof *cx);
}
if (freeit)
- PORT_Free(cx);
+ PORT_Free(cx);
}
SECStatus
-HMAC_Init( HMACContext * cx, const SECHashObject *hash_obj,
- const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
+ const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
{
unsigned int i;
unsigned char hashed_secret[HASH_LENGTH_MAX];
/* required by FIPS 198 Section 3 */
- if (isFIPS && secret_len < hash_obj->length/2) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ if (isFIPS && secret_len < hash_obj->length / 2) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
cx->wasAllocated = PR_FALSE;
cx->hashobj = hash_obj;
cx->hash = cx->hashobj->create();
if (cx->hash == NULL)
- goto loser;
+ goto loser;
if (secret_len > cx->hashobj->blocklength) {
- cx->hashobj->begin( cx->hash);
- cx->hashobj->update(cx->hash, secret, secret_len);
- PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
- cx->hashobj->end( cx->hash, hashed_secret, &secret_len,
- sizeof hashed_secret);
- if (secret_len != cx->hashobj->length) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto loser;
- }
- secret = (const unsigned char *)&hashed_secret[0];
+ cx->hashobj->begin(cx->hash);
+ cx->hashobj->update(cx->hash, secret, secret_len);
+ PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
+ cx->hashobj->end(cx->hash, hashed_secret, &secret_len,
+ sizeof hashed_secret);
+ if (secret_len != cx->hashobj->length) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ goto loser;
+ }
+ secret = (const unsigned char *)&hashed_secret[0];
}
PORT_Memset(cx->ipad, 0x36, cx->hashobj->blocklength);
@@ -77,8 +77,8 @@ HMAC_Init( HMACContext * cx, const SECHashObject *hash_obj,
/* fold secret into padding */
for (i = 0; i < secret_len; i++) {
- cx->ipad[i] ^= secret[i];
- cx->opad[i] ^= secret[i];
+ cx->ipad[i] ^= secret[i];
+ cx->opad[i] ^= secret[i];
}
PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
return SECSuccess;
@@ -86,23 +86,23 @@ HMAC_Init( HMACContext * cx, const SECHashObject *hash_obj,
loser:
PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
if (cx->hash != NULL)
- cx->hashobj->destroy(cx->hash, PR_TRUE);
+ cx->hashobj->destroy(cx->hash, PR_TRUE);
return SECFailure;
}
HMACContext *
-HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
+HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
unsigned int secret_len, PRBool isFIPS)
{
SECStatus rv;
- HMACContext * cx = PORT_ZNew(HMACContext);
+ HMACContext *cx = PORT_ZNew(HMACContext);
if (cx == NULL)
- return NULL;
+ return NULL;
rv = HMAC_Init(cx, hash_obj, secret, secret_len, isFIPS);
cx->wasAllocated = PR_TRUE;
if (rv != SECSuccess) {
- PORT_Free(cx); /* contains no secret info */
- cx = NULL;
+ PORT_Free(cx); /* contains no secret info */
+ cx = NULL;
}
return cx;
}
@@ -123,16 +123,16 @@ HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
SECStatus
HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
- unsigned int max_result_len)
+ unsigned int max_result_len)
{
if (max_result_len < cx->hashobj->length) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
cx->hashobj->end(cx->hash, result, result_len, max_result_len);
if (*result_len != cx->hashobj->length)
- return SECFailure;
+ return SECFailure;
cx->hashobj->begin(cx->hash);
cx->hashobj->update(cx->hash, cx->opad, cx->hashobj->blocklength);
@@ -146,15 +146,15 @@ HMAC_Clone(HMACContext *cx)
{
HMACContext *newcx;
- newcx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
+ newcx = (HMACContext *)PORT_ZAlloc(sizeof(HMACContext));
if (newcx == NULL)
- goto loser;
+ goto loser;
newcx->wasAllocated = PR_TRUE;
newcx->hashobj = cx->hashobj;
newcx->hash = cx->hashobj->clone(cx->hash);
if (newcx->hash == NULL)
- goto loser;
+ goto loser;
PORT_Memcpy(newcx->ipad, cx->ipad, cx->hashobj->blocklength);
PORT_Memcpy(newcx->opad, cx->opad, cx->hashobj->blocklength);
return newcx;
diff --git a/lib/freebl/alghmac.h b/lib/freebl/alghmac.h
index e77b3118d..462526ac4 100644
--- a/lib/freebl/alghmac.h
+++ b/lib/freebl/alghmac.h
@@ -15,45 +15,45 @@ HMAC_Destroy(HMACContext *cx, PRBool freeit);
/* create HMAC context
* hash_obj hash object from SECRawHashObjects[]
- * secret the secret with which the HMAC is performed.
- * secret_len the length of the secret.
- * isFIPS true if conforming to FIPS 198.
+ * secret the secret with which the HMAC is performed.
+ * secret_len the length of the secret.
+ * isFIPS true if conforming to FIPS 198.
*
* NULL is returned if an error occurs.
*/
extern HMACContext *
-HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
- unsigned int secret_len, PRBool isFIPS);
+HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
+ unsigned int secret_len, PRBool isFIPS);
/* like HMAC_Create, except caller allocates HMACContext. */
SECStatus
-HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
- const unsigned char *secret, unsigned int secret_len, PRBool isFIPS);
+HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
+ const unsigned char *secret, unsigned int secret_len, PRBool isFIPS);
/* reset HMAC for a fresh round */
extern void
HMAC_Begin(HMACContext *cx);
-/* update HMAC
- * cx HMAC Context
- * data the data to perform HMAC on
- * data_len the length of the data to process
+/* update HMAC
+ * cx HMAC Context
+ * data the data to perform HMAC on
+ * data_len the length of the data to process
*/
-extern void
+extern void
HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len);
/* Finish HMAC -- place the results within result
- * cx HMAC context
- * result buffer for resulting hmac'd data
- * result_len where the resultant hmac length is stored
+ * cx HMAC context
+ * result buffer for resulting hmac'd data
+ * result_len where the resultant hmac length is stored
* max_result_len maximum possible length that can be stored in result
*/
extern SECStatus
HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
- unsigned int max_result_len);
+ unsigned int max_result_len);
/* clone a copy of the HMAC state. this is usefult when you would
- * need to keep a running hmac but also need to extract portions
+ * need to keep a running hmac but also need to extract portions
* partway through the process.
*/
extern HMACContext *
diff --git a/lib/freebl/arcfive.c b/lib/freebl/arcfive.c
index 410cbedf5..dda77710f 100644
--- a/lib/freebl/arcfive.c
+++ b/lib/freebl/arcfive.c
@@ -40,8 +40,8 @@ RC5_CreateContext(const SECItem *key, unsigned int rounds,
** "cx" the context
** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
-void
-RC5_DestroyContext(RC5Context *cx, PRBool freeit)
+void
+RC5_DestroyContext(RC5Context *cx, PRBool freeit)
{
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
}
@@ -57,10 +57,10 @@ RC5_DestroyContext(RC5Context *cx, PRBool freeit)
** "input" the input data
** "inputLen" the amount of input data
*/
-SECStatus
-RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+SECStatus
+RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
@@ -77,12 +77,11 @@ RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
** "input" the input data
** "inputLen" the amount of input data
*/
-SECStatus
-RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen,
+SECStatus
+RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
return SECFailure;
}
-
diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
index abc9857e8..e37b45843 100644
--- a/lib/freebl/arcfour.c
+++ b/lib/freebl/arcfour.c
@@ -23,8 +23,8 @@
#endif
#if defined(AIX) || defined(OSF1) || defined(NSS_BEVAND_ARCFOUR)
-/* Treat array variables as words, not bytes, on CPUs that take
- * much longer to write bytes than to write words, or when using
+/* Treat array variables as words, not bytes, on CPUs that take
+ * much longer to write bytes than to write words, or when using
* assembler code that required it.
*/
#define USE_WORD
@@ -48,23 +48,22 @@ typedef PRUint8 Stype;
#define MASK1BYTE (WORD)(0xff)
#define SWAP(a, b) \
- tmp = a; \
- a = b; \
- b = tmp;
+ tmp = a; \
+ a = b; \
+ b = tmp;
/*
* State information for stream cipher.
*/
-struct RC4ContextStr
-{
+struct RC4ContextStr {
#if defined(NSS_ARCFOUR_IJ_B4_S) || defined(NSS_BEVAND_ARCFOUR)
- Stype i;
- Stype j;
- Stype S[ARCFOUR_STATE_SIZE];
+ Stype i;
+ Stype j;
+ Stype S[ARCFOUR_STATE_SIZE];
#else
- Stype S[ARCFOUR_STATE_SIZE];
- Stype i;
- Stype j;
+ Stype S[ARCFOUR_STATE_SIZE];
+ Stype i;
+ Stype j;
#endif
};
@@ -72,38 +71,38 @@ struct RC4ContextStr
* array indices [0..255] to initialize cx->S array (faster than loop).
*/
static const Stype Kinit[256] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
- 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
- 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
- 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
- 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
- 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
- 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
- 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
- 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+ 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+ 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+ 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+ 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+ 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+ 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+ 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+ 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+ 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+ 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+ 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+ 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+ 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
};
RC4Context *
@@ -112,52 +111,51 @@ RC4_AllocateContext(void)
return PORT_ZNew(RC4Context);
}
-SECStatus
+SECStatus
RC4_InitContext(RC4Context *cx, const unsigned char *key, unsigned int len,
- const unsigned char * unused1, int unused2,
- unsigned int unused3, unsigned int unused4)
+ const unsigned char *unused1, int unused2,
+ unsigned int unused3, unsigned int unused4)
{
- unsigned int i;
- PRUint8 j, tmp;
- PRUint8 K[256];
- PRUint8 *L;
-
- /* verify the key length. */
- PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
- if (len == 0 || len >= ARCFOUR_STATE_SIZE) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- return SECFailure;
- }
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- /* Initialize the state using array indices. */
- memcpy(cx->S, Kinit, sizeof cx->S);
- /* Fill in K repeatedly with values from key. */
- L = K;
- for (i = sizeof K; i > len; i-= len) {
- memcpy(L, key, len);
- L += len;
- }
- memcpy(L, key, i);
- /* Stir the state of the generator. At this point it is assumed
- * that the key is the size of the state buffer. If this is not
- * the case, the key bytes are repeated to fill the buffer.
- */
- j = 0;
+ unsigned int i;
+ PRUint8 j, tmp;
+ PRUint8 K[256];
+ PRUint8 *L;
+
+ /* verify the key length. */
+ PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
+ if (len == 0 || len >= ARCFOUR_STATE_SIZE) {
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
+ }
+ if (cx == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ /* Initialize the state using array indices. */
+ memcpy(cx->S, Kinit, sizeof cx->S);
+ /* Fill in K repeatedly with values from key. */
+ L = K;
+ for (i = sizeof K; i > len; i -= len) {
+ memcpy(L, key, len);
+ L += len;
+ }
+ memcpy(L, key, i);
+ /* Stir the state of the generator. At this point it is assumed
+ * that the key is the size of the state buffer. If this is not
+ * the case, the key bytes are repeated to fill the buffer.
+ */
+ j = 0;
#define ARCFOUR_STATE_STIR(ii) \
- j = j + cx->S[ii] + K[ii]; \
- SWAP(cx->S[ii], cx->S[j]);
- for (i=0; i<ARCFOUR_STATE_SIZE; i++) {
- ARCFOUR_STATE_STIR(i);
- }
- cx->i = 0;
- cx->j = 0;
- return SECSuccess;
+ j = j + cx->S[ii] + K[ii]; \
+ SWAP(cx->S[ii], cx->S[j]);
+ for (i = 0; i < ARCFOUR_STATE_SIZE; i++) {
+ ARCFOUR_STATE_STIR(i);
+ }
+ cx->i = 0;
+ cx->j = 0;
+ return SECSuccess;
}
-
/*
* Initialize a new generator.
*/
@@ -166,66 +164,66 @@ RC4_CreateContext(const unsigned char *key, int len)
{
RC4Context *cx = RC4_AllocateContext();
if (cx) {
- SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
- if (rv != SECSuccess) {
- PORT_ZFree(cx, sizeof(*cx));
- cx = NULL;
- }
+ SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
+ if (rv != SECSuccess) {
+ PORT_ZFree(cx, sizeof(*cx));
+ cx = NULL;
+ }
}
return cx;
}
-void
+void
RC4_DestroyContext(RC4Context *cx, PRBool freeit)
{
- if (freeit)
- PORT_ZFree(cx, sizeof(*cx));
+ if (freeit)
+ PORT_ZFree(cx, sizeof(*cx));
}
#if defined(NSS_BEVAND_ARCFOUR)
-extern void ARCFOUR(RC4Context *cx, WORD inputLen,
- const unsigned char *input, unsigned char *output);
+extern void ARCFOUR(RC4Context *cx, WORD inputLen,
+ const unsigned char *input, unsigned char *output);
#else
/*
* Generate the next byte in the stream.
*/
#define ARCFOUR_NEXT_BYTE() \
- tmpSi = cx->S[++tmpi]; \
- tmpj += tmpSi; \
- tmpSj = cx->S[tmpj]; \
- cx->S[tmpi] = tmpSj; \
- cx->S[tmpj] = tmpSi; \
- t = tmpSi + tmpSj;
+ tmpSi = cx->S[++tmpi]; \
+ tmpj += tmpSi; \
+ tmpSj = cx->S[tmpj]; \
+ cx->S[tmpi] = tmpSj; \
+ cx->S[tmpj] = tmpSi; \
+ t = tmpSi + tmpSj;
#ifdef CONVERT_TO_WORDS
/*
* Straight ARCFOUR op. No optimization.
*/
-static SECStatus
+static SECStatus
rc4_no_opt(RC4Context *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
PRUint8 t;
- Stype tmpSi, tmpSj;
- register PRUint8 tmpi = cx->i;
- register PRUint8 tmpj = cx->j;
- unsigned int index;
- PORT_Assert(maxOutputLen >= inputLen);
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- for (index=0; index < inputLen; index++) {
- /* Generate next byte from stream. */
- ARCFOUR_NEXT_BYTE();
- /* output = next stream byte XOR next input byte */
- output[index] = cx->S[t] ^ input[index];
- }
- *outputLen = inputLen;
- cx->i = tmpi;
- cx->j = tmpj;
- return SECSuccess;
+ Stype tmpSi, tmpSj;
+ register PRUint8 tmpi = cx->i;
+ register PRUint8 tmpj = cx->j;
+ unsigned int index;
+ PORT_Assert(maxOutputLen >= inputLen);
+ if (maxOutputLen < inputLen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
+ for (index = 0; index < inputLen; index++) {
+ /* Generate next byte from stream. */
+ ARCFOUR_NEXT_BYTE();
+ /* output = next stream byte XOR next input byte */
+ output[index] = cx->S[t] ^ input[index];
+ }
+ *outputLen = inputLen;
+ cx->i = tmpi;
+ cx->j = tmpj;
+ return SECSuccess;
}
#else
@@ -234,108 +232,130 @@ rc4_no_opt(RC4Context *cx, unsigned char *output,
/*
* Byte-at-a-time ARCFOUR, unrolling the loop into 8 pieces.
*/
-static SECStatus
+static SECStatus
rc4_unrolled(RC4Context *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
- PRUint8 t;
- Stype tmpSi, tmpSj;
- register PRUint8 tmpi = cx->i;
- register PRUint8 tmpj = cx->j;
- int index;
- PORT_Assert(maxOutputLen >= inputLen);
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- for (index = inputLen / 8; index-- > 0; input += 8, output += 8) {
- ARCFOUR_NEXT_BYTE();
- output[0] = cx->S[t] ^ input[0];
- ARCFOUR_NEXT_BYTE();
- output[1] = cx->S[t] ^ input[1];
- ARCFOUR_NEXT_BYTE();
- output[2] = cx->S[t] ^ input[2];
- ARCFOUR_NEXT_BYTE();
- output[3] = cx->S[t] ^ input[3];
- ARCFOUR_NEXT_BYTE();
- output[4] = cx->S[t] ^ input[4];
- ARCFOUR_NEXT_BYTE();
- output[5] = cx->S[t] ^ input[5];
- ARCFOUR_NEXT_BYTE();
- output[6] = cx->S[t] ^ input[6];
- ARCFOUR_NEXT_BYTE();
- output[7] = cx->S[t] ^ input[7];
- }
- index = inputLen % 8;
- if (index) {
- input += index;
- output += index;
- switch (index) {
- case 7:
- ARCFOUR_NEXT_BYTE();
- output[-7] = cx->S[t] ^ input[-7]; /* FALLTHRU */
- case 6:
- ARCFOUR_NEXT_BYTE();
- output[-6] = cx->S[t] ^ input[-6]; /* FALLTHRU */
- case 5:
- ARCFOUR_NEXT_BYTE();
- output[-5] = cx->S[t] ^ input[-5]; /* FALLTHRU */
- case 4:
- ARCFOUR_NEXT_BYTE();
- output[-4] = cx->S[t] ^ input[-4]; /* FALLTHRU */
- case 3:
- ARCFOUR_NEXT_BYTE();
- output[-3] = cx->S[t] ^ input[-3]; /* FALLTHRU */
- case 2:
- ARCFOUR_NEXT_BYTE();
- output[-2] = cx->S[t] ^ input[-2]; /* FALLTHRU */
- case 1:
- ARCFOUR_NEXT_BYTE();
- output[-1] = cx->S[t] ^ input[-1]; /* FALLTHRU */
- default:
- /* FALLTHRU */
- ; /* hp-ux build breaks without this */
- }
- }
- cx->i = tmpi;
- cx->j = tmpj;
- *outputLen = inputLen;
- return SECSuccess;
+ PRUint8 t;
+ Stype tmpSi, tmpSj;
+ register PRUint8 tmpi = cx->i;
+ register PRUint8 tmpj = cx->j;
+ int index;
+ PORT_Assert(maxOutputLen >= inputLen);
+ if (maxOutputLen < inputLen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
+ for (index = inputLen / 8; index-- > 0; input += 8, output += 8) {
+ ARCFOUR_NEXT_BYTE();
+ output[0] = cx->S[t] ^ input[0];
+ ARCFOUR_NEXT_BYTE();
+ output[1] = cx->S[t] ^ input[1];
+ ARCFOUR_NEXT_BYTE();
+ output[2] = cx->S[t] ^ input[2];
+ ARCFOUR_NEXT_BYTE();
+ output[3] = cx->S[t] ^ input[3];
+ ARCFOUR_NEXT_BYTE();
+ output[4] = cx->S[t] ^ input[4];
+ ARCFOUR_NEXT_BYTE();
+ output[5] = cx->S[t] ^ input[5];
+ ARCFOUR_NEXT_BYTE();
+ output[6] = cx->S[t] ^ input[6];
+ ARCFOUR_NEXT_BYTE();
+ output[7] = cx->S[t] ^ input[7];
+ }
+ index = inputLen % 8;
+ if (index) {
+ input += index;
+ output += index;
+ switch (index) {
+ case 7:
+ ARCFOUR_NEXT_BYTE();
+ output[-7] = cx->S[t] ^ input[-7]; /* FALLTHRU */
+ case 6:
+ ARCFOUR_NEXT_BYTE();
+ output[-6] = cx->S[t] ^ input[-6]; /* FALLTHRU */
+ case 5:
+ ARCFOUR_NEXT_BYTE();
+ output[-5] = cx->S[t] ^ input[-5]; /* FALLTHRU */
+ case 4:
+ ARCFOUR_NEXT_BYTE();
+ output[-4] = cx->S[t] ^ input[-4]; /* FALLTHRU */
+ case 3:
+ ARCFOUR_NEXT_BYTE();
+ output[-3] = cx->S[t] ^ input[-3]; /* FALLTHRU */
+ case 2:
+ ARCFOUR_NEXT_BYTE();
+ output[-2] = cx->S[t] ^ input[-2]; /* FALLTHRU */
+ case 1:
+ ARCFOUR_NEXT_BYTE();
+ output[-1] = cx->S[t] ^ input[-1]; /* FALLTHRU */
+ default:
+ /* FALLTHRU */
+ ; /* hp-ux build breaks without this */
+ }
+ }
+ cx->i = tmpi;
+ cx->j = tmpj;
+ *outputLen = inputLen;
+ return SECSuccess;
}
#endif
#ifdef IS_LITTLE_ENDIAN
-#define ARCFOUR_NEXT4BYTES_L(n) \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n ); \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 8); \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24);
+#define ARCFOUR_NEXT4BYTES_L(n) \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n); \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n + 8); \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n + 16); \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n + 24);
#else
-#define ARCFOUR_NEXT4BYTES_B(n) \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24); \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 8); \
- ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n );
+#define ARCFOUR_NEXT4BYTES_B(n) \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n + 24); \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n + 16); \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n + 8); \
+ ARCFOUR_NEXT_BYTE(); \
+ streamWord |= (WORD)cx->S[t] << (n);
#endif
#if (defined(IS_64) && !defined(__sparc)) || defined(NSS_USE_64)
/* 64-bit wordsize */
#ifdef IS_LITTLE_ENDIAN
-#define ARCFOUR_NEXT_WORD() \
- { streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); ARCFOUR_NEXT4BYTES_L(32); }
+#define ARCFOUR_NEXT_WORD() \
+ { \
+ streamWord = 0; \
+ ARCFOUR_NEXT4BYTES_L(0); \
+ ARCFOUR_NEXT4BYTES_L(32); \
+ }
#else
-#define ARCFOUR_NEXT_WORD() \
- { streamWord = 0; ARCFOUR_NEXT4BYTES_B(32); ARCFOUR_NEXT4BYTES_B(0); }
+#define ARCFOUR_NEXT_WORD() \
+ { \
+ streamWord = 0; \
+ ARCFOUR_NEXT4BYTES_B(32); \
+ ARCFOUR_NEXT4BYTES_B(0); \
+ }
#endif
#else
/* 32-bit wordsize */
#ifdef IS_LITTLE_ENDIAN
-#define ARCFOUR_NEXT_WORD() \
- { streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); }
+#define ARCFOUR_NEXT_WORD() \
+ { \
+ streamWord = 0; \
+ ARCFOUR_NEXT4BYTES_L(0); \
+ }
#else
-#define ARCFOUR_NEXT_WORD() \
- { streamWord = 0; ARCFOUR_NEXT4BYTES_B(0); }
+#define ARCFOUR_NEXT_WORD() \
+ { \
+ streamWord = 0; \
+ ARCFOUR_NEXT4BYTES_B(0); \
+ }
#endif
#endif
@@ -351,221 +371,222 @@ rc4_unrolled(RC4Context *cx, unsigned char *output,
#define LEFTMOST_BYTE_SHIFT 0
#define NEXT_BYTE_SHIFT(shift) shift + 8
#else
-#define LEFTMOST_BYTE_SHIFT 8*(WORDSIZE - 1)
+#define LEFTMOST_BYTE_SHIFT 8 * (WORDSIZE - 1)
#define NEXT_BYTE_SHIFT(shift) shift - 8
#endif
#ifdef CONVERT_TO_WORDS
-static SECStatus
+static SECStatus
rc4_wordconv(RC4Context *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
- PR_STATIC_ASSERT(sizeof(PRUword) == sizeof(ptrdiff_t));
- unsigned int inOffset = (PRUword)input % WORDSIZE;
- unsigned int outOffset = (PRUword)output % WORDSIZE;
- register WORD streamWord;
- register const WORD *pInWord;
- register WORD *pOutWord;
- register WORD inWord, nextInWord;
- PRUint8 t;
- register Stype tmpSi, tmpSj;
- register PRUint8 tmpi = cx->i;
- register PRUint8 tmpj = cx->j;
- unsigned int bufShift, invBufShift;
- unsigned int i;
- const unsigned char *finalIn;
- unsigned char *finalOut;
-
- PORT_Assert(maxOutputLen >= inputLen);
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- if (inputLen < 2*WORDSIZE) {
- /* Ignore word conversion, do byte-at-a-time */
- return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen);
- }
- *outputLen = inputLen;
- pInWord = (const WORD *)(input - inOffset);
- pOutWord = (WORD *)(output - outOffset);
- if (inOffset <= outOffset) {
- bufShift = 8*(outOffset - inOffset);
- invBufShift = 8*WORDSIZE - bufShift;
- } else {
- invBufShift = 8*(inOffset - outOffset);
- bufShift = 8*WORDSIZE - invBufShift;
- }
- /*****************************************************************/
- /* Step 1: */
- /* If the first output word is partial, consume the bytes in the */
- /* first partial output word by loading one or two words of */
- /* input and shifting them accordingly. Otherwise, just load */
- /* in the first word of input. At the end of this block, at */
- /* least one partial word of input should ALWAYS be loaded. */
- /*****************************************************************/
- if (outOffset) {
- unsigned int byteCount = WORDSIZE - outOffset;
- for (i = 0; i < byteCount; i++) {
- ARCFOUR_NEXT_BYTE();
- output[i] = cx->S[t] ^ input[i];
- }
- /* Consumed byteCount bytes of input */
- inputLen -= byteCount;
- pInWord++;
-
- /* move to next word of output */
- pOutWord++;
-
- /* If buffers are relatively misaligned, shift the bytes in inWord
- * to be aligned to the output buffer.
- */
- if (inOffset < outOffset) {
- /* The first input word (which may be partial) has more bytes
- * than needed. Copy the remainder to inWord.
- */
- unsigned int shift = LEFTMOST_BYTE_SHIFT;
- inWord = 0;
- for (i = 0; i < outOffset - inOffset; i++) {
- inWord |= (WORD)input[byteCount + i] << shift;
- shift = NEXT_BYTE_SHIFT(shift);
- }
- } else if (inOffset > outOffset) {
- /* Consumed some bytes in the second input word. Copy the
- * remainder to inWord.
- */
- inWord = *pInWord++;
- inWord = inWord LSH invBufShift;
- } else {
- inWord = 0;
- }
- } else {
- /* output is word-aligned */
- if (inOffset) {
- /* Input is not word-aligned. The first word load of input
- * will not produce a full word of input bytes, so one word
- * must be pre-loaded. The main loop below will load in the
- * next input word and shift some of its bytes into inWord
- * in order to create a full input word. Note that the main
- * loop must execute at least once because the input must
- * be at least two words.
- */
- unsigned int shift = LEFTMOST_BYTE_SHIFT;
- inWord = 0;
- for (i = 0; i < WORDSIZE - inOffset; i++) {
- inWord |= (WORD)input[i] << shift;
- shift = NEXT_BYTE_SHIFT(shift);
- }
- pInWord++;
- } else {
- /* Input is word-aligned. The first word load of input
- * will produce a full word of input bytes, so nothing
- * needs to be loaded here.
- */
- inWord = 0;
- }
- }
- /*****************************************************************/
- /* Step 2: main loop */
- /* At this point the output buffer is word-aligned. Any unused */
- /* bytes from above will be in inWord (shifted correctly). If */
- /* the input buffer is unaligned relative to the output buffer, */
- /* shifting has to be done. */
- /*****************************************************************/
- if (bufShift) {
- /* preloadedByteCount is the number of input bytes pre-loaded
- * in inWord.
- */
- unsigned int preloadedByteCount = bufShift/8;
- for (; inputLen >= preloadedByteCount + WORDSIZE;
- inputLen -= WORDSIZE) {
- nextInWord = *pInWord++;
- inWord |= nextInWord RSH bufShift;
- nextInWord = nextInWord LSH invBufShift;
- ARCFOUR_NEXT_WORD();
- *pOutWord++ = inWord ^ streamWord;
- inWord = nextInWord;
- }
- if (inputLen == 0) {
- /* Nothing left to do. */
- cx->i = tmpi;
- cx->j = tmpj;
- return SECSuccess;
- }
- finalIn = (const unsigned char *)pInWord - preloadedByteCount;
- } else {
- for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
- inWord = *pInWord++;
- ARCFOUR_NEXT_WORD();
- *pOutWord++ = inWord ^ streamWord;
- }
- if (inputLen == 0) {
- /* Nothing left to do. */
- cx->i = tmpi;
- cx->j = tmpj;
- return SECSuccess;
- }
- finalIn = (const unsigned char *)pInWord;
- }
- /*****************************************************************/
- /* Step 3: */
- /* Do the remaining partial word of input one byte at a time. */
- /*****************************************************************/
- finalOut = (unsigned char *)pOutWord;
- for (i = 0; i < inputLen; i++) {
- ARCFOUR_NEXT_BYTE();
- finalOut[i] = cx->S[t] ^ finalIn[i];
- }
- cx->i = tmpi;
- cx->j = tmpj;
- return SECSuccess;
+ PR_STATIC_ASSERT(sizeof(PRUword) == sizeof(ptrdiff_t));
+ unsigned int inOffset = (PRUword)input % WORDSIZE;
+ unsigned int outOffset = (PRUword)output % WORDSIZE;
+ register WORD streamWord;
+ register const WORD *pInWord;
+ register WORD *pOutWord;
+ register WORD inWord, nextInWord;
+ PRUint8 t;
+ register Stype tmpSi, tmpSj;
+ register PRUint8 tmpi = cx->i;
+ register PRUint8 tmpj = cx->j;
+ unsigned int bufShift, invBufShift;
+ unsigned int i;
+ const unsigned char *finalIn;
+ unsigned char *finalOut;
+
+ PORT_Assert(maxOutputLen >= inputLen);
+ if (maxOutputLen < inputLen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
+ if (inputLen < 2 * WORDSIZE) {
+ /* Ignore word conversion, do byte-at-a-time */
+ return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen);
+ }
+ *outputLen = inputLen;
+ pInWord = (const WORD *)(input - inOffset);
+ pOutWord = (WORD *)(output - outOffset);
+ if (inOffset <= outOffset) {
+ bufShift = 8 * (outOffset - inOffset);
+ invBufShift = 8 * WORDSIZE - bufShift;
+ } else {
+ invBufShift = 8 * (inOffset - outOffset);
+ bufShift = 8 * WORDSIZE - invBufShift;
+ }
+ /*****************************************************************/
+ /* Step 1: */
+ /* If the first output word is partial, consume the bytes in the */
+ /* first partial output word by loading one or two words of */
+ /* input and shifting them accordingly. Otherwise, just load */
+ /* in the first word of input. At the end of this block, at */
+ /* least one partial word of input should ALWAYS be loaded. */
+ /*****************************************************************/
+ if (outOffset) {
+ unsigned int byteCount = WORDSIZE - outOffset;
+ for (i = 0; i < byteCount; i++) {
+ ARCFOUR_NEXT_BYTE();
+ output[i] = cx->S[t] ^ input[i];
+ }
+ /* Consumed byteCount bytes of input */
+ inputLen -= byteCount;
+ pInWord++;
+
+ /* move to next word of output */
+ pOutWord++;
+
+ /* If buffers are relatively misaligned, shift the bytes in inWord
+ * to be aligned to the output buffer.
+ */
+ if (inOffset < outOffset) {
+ /* The first input word (which may be partial) has more bytes
+ * than needed. Copy the remainder to inWord.
+ */
+ unsigned int shift = LEFTMOST_BYTE_SHIFT;
+ inWord = 0;
+ for (i = 0; i < outOffset - inOffset; i++) {
+ inWord |= (WORD)input[byteCount + i] << shift;
+ shift = NEXT_BYTE_SHIFT(shift);
+ }
+ } else if (inOffset > outOffset) {
+ /* Consumed some bytes in the second input word. Copy the
+ * remainder to inWord.
+ */
+ inWord = *pInWord++;
+ inWord = inWord LSH invBufShift;
+ } else {
+ inWord = 0;
+ }
+ } else {
+ /* output is word-aligned */
+ if (inOffset) {
+ /* Input is not word-aligned. The first word load of input
+ * will not produce a full word of input bytes, so one word
+ * must be pre-loaded. The main loop below will load in the
+ * next input word and shift some of its bytes into inWord
+ * in order to create a full input word. Note that the main
+ * loop must execute at least once because the input must
+ * be at least two words.
+ */
+ unsigned int shift = LEFTMOST_BYTE_SHIFT;
+ inWord = 0;
+ for (i = 0; i < WORDSIZE - inOffset; i++) {
+ inWord |= (WORD)input[i] << shift;
+ shift = NEXT_BYTE_SHIFT(shift);
+ }
+ pInWord++;
+ } else {
+ /* Input is word-aligned. The first word load of input
+ * will produce a full word of input bytes, so nothing
+ * needs to be loaded here.
+ */
+ inWord = 0;
+ }
+ }
+ /*****************************************************************/
+ /* Step 2: main loop */
+ /* At this point the output buffer is word-aligned. Any unused */
+ /* bytes from above will be in inWord (shifted correctly). If */
+ /* the input buffer is unaligned relative to the output buffer, */
+ /* shifting has to be done. */
+ /*****************************************************************/
+ if (bufShift) {
+ /* preloadedByteCount is the number of input bytes pre-loaded
+ * in inWord.
+ */
+ unsigned int preloadedByteCount = bufShift / 8;
+ for (; inputLen >= preloadedByteCount + WORDSIZE;
+ inputLen -= WORDSIZE) {
+ nextInWord = *pInWord++;
+ inWord |= nextInWord RSH bufShift;
+ nextInWord = nextInWord LSH invBufShift;
+ ARCFOUR_NEXT_WORD();
+ *pOutWord++ = inWord ^ streamWord;
+ inWord = nextInWord;
+ }
+ if (inputLen == 0) {
+ /* Nothing left to do. */
+ cx->i = tmpi;
+ cx->j = tmpj;
+ return SECSuccess;
+ }
+ finalIn = (const unsigned char *)pInWord - preloadedByteCount;
+ } else {
+ for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
+ inWord = *pInWord++;
+ ARCFOUR_NEXT_WORD();
+ *pOutWord++ = inWord ^ streamWord;
+ }
+ if (inputLen == 0) {
+ /* Nothing left to do. */
+ cx->i = tmpi;
+ cx->j = tmpj;
+ return SECSuccess;
+ }
+ finalIn = (const unsigned char *)pInWord;
+ }
+ /*****************************************************************/
+ /* Step 3: */
+ /* Do the remaining partial word of input one byte at a time. */
+ /*****************************************************************/
+ finalOut = (unsigned char *)pOutWord;
+ for (i = 0; i < inputLen; i++) {
+ ARCFOUR_NEXT_BYTE();
+ finalOut[i] = cx->S[t] ^ finalIn[i];
+ }
+ cx->i = tmpi;
+ cx->j = tmpj;
+ return SECSuccess;
}
#endif
#endif /* NSS_BEVAND_ARCFOUR */
-SECStatus
+SECStatus
RC4_Encrypt(RC4Context *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
- PORT_Assert(maxOutputLen >= inputLen);
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
+ PORT_Assert(maxOutputLen >= inputLen);
+ if (maxOutputLen < inputLen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
#if defined(NSS_BEVAND_ARCFOUR)
- ARCFOUR(cx, inputLen, input, output);
- *outputLen = inputLen;
- return SECSuccess;
-#elif defined( CONVERT_TO_WORDS )
- /* Convert the byte-stream to a word-stream */
- return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
+ ARCFOUR(cx, inputLen, input, output);
+ *outputLen = inputLen;
+ return SECSuccess;
+#elif defined(CONVERT_TO_WORDS)
+ /* Convert the byte-stream to a word-stream */
+ return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
#else
- /* Operate on bytes, but unroll the main loop */
- return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
+ /* Operate on bytes, but unroll the main loop */
+ return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
#endif
}
-SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+SECStatus
+RC4_Decrypt(RC4Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
- PORT_Assert(maxOutputLen >= inputLen);
- if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
- }
- /* decrypt and encrypt are same operation. */
+ PORT_Assert(maxOutputLen >= inputLen);
+ if (maxOutputLen < inputLen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
+ }
+/* decrypt and encrypt are same operation. */
#if defined(NSS_BEVAND_ARCFOUR)
- ARCFOUR(cx, inputLen, input, output);
- *outputLen = inputLen;
- return SECSuccess;
-#elif defined( CONVERT_TO_WORDS )
- /* Convert the byte-stream to a word-stream */
- return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
+ ARCFOUR(cx, inputLen, input, output);
+ *outputLen = inputLen;
+ return SECSuccess;
+#elif defined(CONVERT_TO_WORDS)
+ /* Convert the byte-stream to a word-stream */
+ return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
#else
- /* Operate on bytes, but unroll the main loop */
- return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
+ /* Operate on bytes, but unroll the main loop */
+ return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
#endif
}
diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h
index 2b209015e..cff231b60 100644
--- a/lib/freebl/blapi.h
+++ b/lib/freebl/blapi.h
@@ -23,41 +23,41 @@ extern SECStatus BL_Init(void);
/*
** Generate and return a new RSA public and private key.
-** Both keys are encoded in a single RSAPrivateKey structure.
-** "cx" is the random number generator context
-** "keySizeInBits" is the size of the key to be generated, in bits.
-** 512, 1024, etc.
-** "publicExponent" when not NULL is a pointer to some data that
-** represents the public exponent to use. The data is a byte
-** encoded integer, in "big endian" order.
+** Both keys are encoded in a single RSAPrivateKey structure.
+** "cx" is the random number generator context
+** "keySizeInBits" is the size of the key to be generated, in bits.
+** 512, 1024, etc.
+** "publicExponent" when not NULL is a pointer to some data that
+** represents the public exponent to use. The data is a byte
+** encoded integer, in "big endian" order.
*/
-extern RSAPrivateKey *RSA_NewKey(int keySizeInBits,
- SECItem * publicExponent);
+extern RSAPrivateKey *RSA_NewKey(int keySizeInBits,
+ SECItem *publicExponent);
/*
-** Perform a raw public-key operation
-** Length of input and output buffers are equal to key's modulus len.
+** Perform a raw public-key operation
+** Length of input and output buffers are equal to key's modulus len.
*/
-extern SECStatus RSA_PublicKeyOp(RSAPublicKey * key,
- unsigned char * output,
- const unsigned char * input);
+extern SECStatus RSA_PublicKeyOp(RSAPublicKey *key,
+ unsigned char *output,
+ const unsigned char *input);
/*
-** Perform a raw private-key operation
-** Length of input and output buffers are equal to key's modulus len.
+** Perform a raw private-key operation
+** Length of input and output buffers are equal to key's modulus len.
*/
-extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey * key,
- unsigned char * output,
- const unsigned char * input);
+extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey *key,
+ unsigned char *output,
+ const unsigned char *input);
/*
** Perform a raw private-key operation, and check the parameters used in
** the operation for validity by performing a test operation first.
-** Length of input and output buffers are equal to key's modulus len.
+** Length of input and output buffers are equal to key's modulus len.
*/
-extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey * key,
- unsigned char * output,
- const unsigned char * input);
+extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+ unsigned char *output,
+ const unsigned char *input);
/*
** Perform a check of private key parameters for consistency.
@@ -69,7 +69,7 @@ extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
** parameters.
**
**
-** All the entries, including those supplied by the caller, will be
+** All the entries, including those supplied by the caller, will be
** overwritten with data alocated out of the arena.
**
** If no arena is supplied, one will be created.
@@ -118,43 +118,43 @@ extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key);
** inputLen MUST be equivalent to the modulus size (in bytes).
*/
extern SECStatus
-RSA_SignRaw(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_SignRaw(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
extern SECStatus
-RSA_CheckSignRaw(RSAPublicKey * key,
- const unsigned char * sig,
- unsigned int sigLen,
- const unsigned char * hash,
- unsigned int hashLen);
+RSA_CheckSignRaw(RSAPublicKey *key,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *hash,
+ unsigned int hashLen);
extern SECStatus
-RSA_CheckSignRecoverRaw(RSAPublicKey * key,
- unsigned char * data,
- unsigned int * dataLen,
- unsigned int maxDataLen,
- const unsigned char * sig,
- unsigned int sigLen);
+RSA_CheckSignRecoverRaw(RSAPublicKey *key,
+ unsigned char *data,
+ unsigned int *dataLen,
+ unsigned int maxDataLen,
+ const unsigned char *sig,
+ unsigned int sigLen);
extern SECStatus
-RSA_EncryptRaw(RSAPublicKey * key,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_EncryptRaw(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
extern SECStatus
-RSA_DecryptRaw(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_DecryptRaw(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
/********************************************************************
** RSAES-OAEP encryption/decryption, as defined in RFC 3447, Section 7.1.
@@ -168,49 +168,49 @@ RSA_DecryptRaw(RSAPrivateKey * key,
** hashAlg.
*/
extern SECStatus
-RSA_EncryptOAEP(RSAPublicKey * key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char * label,
- unsigned int labelLen,
- const unsigned char * seed,
- unsigned int seedLen,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_EncryptOAEP(RSAPublicKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *label,
+ unsigned int labelLen,
+ const unsigned char *seed,
+ unsigned int seedLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
extern SECStatus
-RSA_DecryptOAEP(RSAPrivateKey * key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char * label,
- unsigned int labelLen,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_DecryptOAEP(RSAPrivateKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *label,
+ unsigned int labelLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
/********************************************************************
** RSAES-PKCS1-v1_5 encryption/decryption, as defined in RFC 3447, Section 7.2.
*/
extern SECStatus
-RSA_EncryptBlock(RSAPublicKey * key,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_EncryptBlock(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
extern SECStatus
-RSA_DecryptBlock(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_DecryptBlock(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
/********************************************************************
** RSASSA-PSS signing/verifying, as defined in RFC 3447, Section 8.1.
@@ -222,26 +222,26 @@ RSA_DecryptBlock(RSAPrivateKey * key,
** freebl should generate a random value.
*/
extern SECStatus
-RSA_SignPSS(RSAPrivateKey * key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char * salt,
- unsigned int saltLen,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * input,
- unsigned int inputLen);
+RSA_SignPSS(RSAPrivateKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *salt,
+ unsigned int saltLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
extern SECStatus
-RSA_CheckSignPSS(RSAPublicKey * key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- unsigned int saltLen,
- const unsigned char * sig,
- unsigned int sigLen,
- const unsigned char * hash,
- unsigned int hashLen);
+RSA_CheckSignPSS(RSAPublicKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ unsigned int saltLen,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *hash,
+ unsigned int hashLen);
/********************************************************************
** RSASSA-PKCS1-v1_5 signing/verifying, as defined in RFC 3447, Section 8.2.
@@ -253,27 +253,27 @@ RSA_CheckSignPSS(RSAPublicKey * key,
** as the signatures used in SSL/TLS, which sign a raw hash.
*/
extern SECStatus
-RSA_Sign(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * data,
- unsigned int dataLen);
+RSA_Sign(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *data,
+ unsigned int dataLen);
extern SECStatus
-RSA_CheckSign(RSAPublicKey * key,
- const unsigned char * sig,
- unsigned int sigLen,
- const unsigned char * data,
- unsigned int dataLen);
+RSA_CheckSign(RSAPublicKey *key,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *data,
+ unsigned int dataLen);
extern SECStatus
-RSA_CheckSignRecover(RSAPublicKey * key,
- unsigned char * output,
- unsigned int * outputLen,
- unsigned int maxOutputLen,
- const unsigned char * sig,
- unsigned int sigLen);
+RSA_CheckSignRecover(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *sig,
+ unsigned int sigLen);
/********************************************************************
** DSA signing algorithm
@@ -281,17 +281,17 @@ RSA_CheckSignRecover(RSAPublicKey * key,
/* Generate a new random value within the interval [2, q-1].
*/
-extern SECStatus DSA_NewRandom(PLArenaPool * arena, const SECItem * q,
- SECItem * random);
+extern SECStatus DSA_NewRandom(PLArenaPool *arena, const SECItem *q,
+ SECItem *random);
/*
** Generate and return a new DSA public and private key pair,
-** both of which are encoded into a single DSAPrivateKey struct.
-** "params" is a pointer to the PQG parameters for the domain
-** Uses a random seed.
+** both of which are encoded into a single DSAPrivateKey struct.
+** "params" is a pointer to the PQG parameters for the domain
+** Uses a random seed.
*/
-extern SECStatus DSA_NewKey(const PQGParams * params,
- DSAPrivateKey ** privKey);
+extern SECStatus DSA_NewKey(const PQGParams *params,
+ DSAPrivateKey **privKey);
/* signature is caller-supplied buffer of at least 20 bytes.
** On input, signature->len == size of buffer to hold signature.
@@ -299,52 +299,52 @@ extern SECStatus DSA_NewKey(const PQGParams * params,
** On output, signature->len == size of signature in buffer.
** Uses a random seed.
*/
-extern SECStatus DSA_SignDigest(DSAPrivateKey * key,
- SECItem * signature,
- const SECItem * digest);
+extern SECStatus DSA_SignDigest(DSAPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest);
/* signature is caller-supplied buffer of at least 20 bytes.
** On input, signature->len == size of buffer to hold signature.
** digest->len == size of digest.
*/
-extern SECStatus DSA_VerifyDigest(DSAPublicKey * key,
- const SECItem * signature,
- const SECItem * digest);
+extern SECStatus DSA_VerifyDigest(DSAPublicKey *key,
+ const SECItem *signature,
+ const SECItem *digest);
/* For FIPS compliance testing. Seed must be exactly 20 bytes long */
-extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params,
- const unsigned char * seed,
+extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params,
+ const unsigned char *seed,
DSAPrivateKey **privKey);
/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
-extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key,
- SECItem * signature,
- const SECItem * digest,
- const unsigned char * seed);
+extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest,
+ const unsigned char *seed);
/******************************************************
-** Diffie Helman key exchange algorithm
+** Diffie Helman key exchange algorithm
*/
/* Generates parameters for Diffie-Helman key generation.
-** primeLen is the length in bytes of prime P to be generated.
+** primeLen is the length in bytes of prime P to be generated.
*/
-extern SECStatus DH_GenParam(int primeLen, DHParams ** params);
+extern SECStatus DH_GenParam(int primeLen, DHParams **params);
/* Generates a public and private key, both of which are encoded in a single
-** DHPrivateKey struct. Params is input, privKey are output.
-** This is Phase 1 of Diffie Hellman.
+** DHPrivateKey struct. Params is input, privKey are output.
+** This is Phase 1 of Diffie Hellman.
*/
-extern SECStatus DH_NewKey(DHParams * params,
- DHPrivateKey ** privKey);
+extern SECStatus DH_NewKey(DHParams *params,
+ DHPrivateKey **privKey);
-/*
-** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
+/*
+** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
** other party's publicValue, and the prime and our privateValue.
-** maxOutBytes is the requested length of the generated secret in bytes.
-** A zero value means produce a value of any length up to the size of
-** the prime. If successful, derivedSecret->data is set
-** to the address of the newly allocated buffer containing the derived
+** maxOutBytes is the requested length of the generated secret in bytes.
+** A zero value means produce a value of any length up to the size of
+** the prime. If successful, derivedSecret->data is set
+** to the address of the newly allocated buffer containing the derived
** secret, and derivedSecret->len is the size of the secret produced.
** The size of the secret produced will depend on the value of outBytes.
** If outBytes is 0, the key length will be all the significant bytes of
@@ -353,25 +353,25 @@ extern SECStatus DH_NewKey(DHParams * params,
** produced key will be outBytes long. If the key is truncated, the most
** significant bytes are truncated. If it is expanded, zero bytes are added
** at the beginning.
-** It is the caller's responsibility to free the allocated buffer
+** It is the caller's responsibility to free the allocated buffer
** containing the derived secret.
*/
-extern SECStatus DH_Derive(SECItem * publicValue,
- SECItem * prime,
- SECItem * privateValue,
- SECItem * derivedSecret,
- unsigned int outBytes);
+extern SECStatus DH_Derive(SECItem *publicValue,
+ SECItem *prime,
+ SECItem *privateValue,
+ SECItem *derivedSecret,
+ unsigned int outBytes);
-/*
+/*
** KEA_CalcKey returns octet string with the private key for a dual
** Diffie-Helman key generation as specified for government key exchange.
*/
-extern SECStatus KEA_Derive(SECItem *prime,
- SECItem *public1,
- SECItem *public2,
- SECItem *private1,
- SECItem *private2,
- SECItem *derivedSecret);
+extern SECStatus KEA_Derive(SECItem *prime,
+ SECItem *public1,
+ SECItem *public2,
+ SECItem *private1,
+ SECItem *private2,
+ SECItem *derivedSecret);
/*
* verify that a KEA or DSA public key is a valid key for this prime and
@@ -401,24 +401,24 @@ extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
* The arena should be zeroed when it is freed.
*/
SECStatus
-JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
- const SECItem * signerID, const SECItem * x,
- const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut,
- SECItem * gv, SECItem * r);
+JPAKE_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+ const SECItem *signerID, const SECItem *x,
+ const SECItem *testRandom, const SECItem *gxIn, SECItem *gxOut,
+ SECItem *gv, SECItem *r);
/* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the
* value x using the specified hash algorithm and signer ID.
*
- * The arena is *not* optional so do not pass NULL for the arena parameter.
+ * The arena is *not* optional so do not pass NULL for the arena parameter.
*/
SECStatus
-JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg,
- HASH_HashType hashType, const SECItem * signerID,
- const SECItem * peerID, const SECItem * gx,
- const SECItem * gv, const SECItem * r);
+JPAKE_Verify(PLArenaPool *arena, const PQGParams *pqg,
+ HASH_HashType hashType, const SECItem *signerID,
+ const SECItem *peerID, const SECItem *gx,
+ const SECItem *gv, const SECItem *r);
/* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate
- * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in
+ * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in
* round 2 (A and the proof of knowledge of x2s) can then be calculated with
* JPAKE_Sign using pqg->base = base and x = x2s.
*
@@ -431,9 +431,9 @@ JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg,
* is freed.
*/
SECStatus
-JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q,
- const SECItem * gx1, const SECItem * gx3, const SECItem * gx4,
- SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s);
+JPAKE_Round2(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+ const SECItem *gx1, const SECItem *gx3, const SECItem *gx4,
+ SECItem *base, const SECItem *x2, const SECItem *s, SECItem *x2s);
/* K = (B/g^(x2*x4*s))^x2 (mod p)
*
@@ -441,34 +441,34 @@ JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q,
* NULL for the arena parameter. The arena should be zeroed when it is freed.
*/
SECStatus
-JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q,
- const SECItem * x2, const SECItem * gx4, const SECItem * x2s,
- const SECItem * B, SECItem * K);
+JPAKE_Final(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+ const SECItem *x2, const SECItem *gx4, const SECItem *x2s,
+ const SECItem *B, SECItem *K);
/******************************************************
** Elliptic Curve algorithms
*/
-/* Generates a public and private key, both of which are encoded
+/* Generates a public and private key, both of which are encoded
** in a single ECPrivateKey struct. Params is input, privKey are
** output.
*/
-extern SECStatus EC_NewKey(ECParams * params,
- ECPrivateKey ** privKey);
+extern SECStatus EC_NewKey(ECParams *params,
+ ECPrivateKey **privKey);
-extern SECStatus EC_NewKeyFromSeed(ECParams * params,
- ECPrivateKey ** privKey,
- const unsigned char* seed,
- int seedlen);
+extern SECStatus EC_NewKeyFromSeed(ECParams *params,
+ ECPrivateKey **privKey,
+ const unsigned char *seed,
+ int seedlen);
/* Validates an EC public key as described in Section 5.2.2 of
* X9.62. Such validation prevents against small subgroup attacks
* when the ECDH primitive is used with the cofactor.
*/
-extern SECStatus EC_ValidatePublicKey(ECParams * params,
- SECItem * publicValue);
+extern SECStatus EC_ValidatePublicKey(ECParams *params,
+ SECItem *publicValue);
-/*
+/*
** ECDH_Derive performs a scalar point multiplication of a point
** representing a (peer's) public key and a large integer representing
** a private key (its own). Both keys must use the same elliptic curve
@@ -481,34 +481,34 @@ extern SECStatus EC_ValidatePublicKey(ECParams * params,
** produced. It is the caller's responsibility to free the allocated
** buffer containing the derived secret.
*/
-extern SECStatus ECDH_Derive(SECItem * publicValue,
- ECParams * params,
- SECItem * privateValue,
- PRBool withCofactor,
- SECItem * derivedSecret);
+extern SECStatus ECDH_Derive(SECItem *publicValue,
+ ECParams *params,
+ SECItem *privateValue,
+ PRBool withCofactor,
+ SECItem *derivedSecret);
/* On input, signature->len == size of buffer to hold signature.
** digest->len == size of digest.
** On output, signature->len == size of signature in buffer.
** Uses a random seed.
*/
-extern SECStatus ECDSA_SignDigest(ECPrivateKey *key,
- SECItem *signature,
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *key,
+ SECItem *signature,
const SECItem *digest);
/* On input, signature->len == size of buffer to hold signature.
** digest->len == size of digest.
*/
-extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key,
- const SECItem *signature,
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key,
+ const SECItem *signature,
const SECItem *digest);
/* Uses the provided seed. */
-extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key,
- SECItem *signature,
- const SECItem *digest,
- const unsigned char *seed,
- const int seedlen);
+extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest,
+ const unsigned char *seed,
+ const int seedlen);
/******************************************/
/*
@@ -517,56 +517,56 @@ extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key,
/*
** Create a new RC4 context suitable for RC4 encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
+** "key" raw key data
+** "len" the number of bytes of key data
*/
extern RC4Context *RC4_CreateContext(const unsigned char *key, int len);
extern RC4Context *RC4_AllocateContext(void);
-extern SECStatus RC4_InitContext(RC4Context *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *,
- int,
- unsigned int ,
- unsigned int );
+extern SECStatus RC4_InitContext(RC4Context *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *,
+ int,
+ unsigned int,
+ unsigned int);
/*
** Destroy an RC4 encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
/*
** Perform RC4 encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/*
** Perform RC4 decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/******************************************/
/*
@@ -575,64 +575,64 @@ extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
/*
** Create a new RC2 context suitable for RC2 encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
-** "mode" one of NSS_RC2 or NSS_RC2_CBC
-** "effectiveKeyLen" is the effective key length (as specified in
-** RFC 2268) in bytes (not bits).
+** "key" raw key data
+** "len" the number of bytes of key data
+** "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
+** "mode" one of NSS_RC2 or NSS_RC2_CBC
+** "effectiveKeyLen" is the effective key length (as specified in
+** RFC 2268) in bytes (not bits).
**
** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
** chaining" mode.
*/
extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len,
- const unsigned char *iv, int mode,
- unsigned effectiveKeyLen);
+ const unsigned char *iv, int mode,
+ unsigned effectiveKeyLen);
extern RC2Context *RC2_AllocateContext(void);
-extern SECStatus RC2_InitContext(RC2Context *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int effectiveKeyLen,
- unsigned int );
+extern SECStatus RC2_InitContext(RC2Context *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int effectiveKeyLen,
+ unsigned int);
/*
** Destroy an RC2 encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
/*
** Perform RC2 encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/*
** Perform RC2 decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
*/
extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/******************************************/
/*
@@ -650,15 +650,15 @@ extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
** chaining" mode.
*/
extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds,
- unsigned int wordSize, const unsigned char *iv, int mode);
+ unsigned int wordSize, const unsigned char *iv, int mode);
extern RC5Context *RC5_AllocateContext(void);
-extern SECStatus RC5_InitContext(RC5Context *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int rounds,
- unsigned int wordSize);
+extern SECStatus RC5_InitContext(RC5Context *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int rounds,
+ unsigned int wordSize);
/*
** Destroy an RC5 encryption/decryption context.
@@ -679,8 +679,8 @@ extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
** "inputLen" the amount of input data
*/
extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/*
** Perform RC5 decryption.
@@ -695,10 +695,8 @@ extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
*/
extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
-
-
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/******************************************/
/*
@@ -707,91 +705,91 @@ extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
/*
** Create a new DES context suitable for DES encryption/decryption.
-** "key" raw key data
-** "len" the number of bytes of key data
-** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
-** mode is DES_EDE3_CBC)
-** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
-** "encrypt" is PR_TRUE if the context will be used for encryption
+** "key" raw key data
+** "len" the number of bytes of key data
+** "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
+** mode is DES_EDE3_CBC)
+** "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
+** "encrypt" is PR_TRUE if the context will be used for encryption
**
** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
** cipher is run in "cipher block chaining" mode.
*/
-extern DESContext *DES_CreateContext(const unsigned char *key,
+extern DESContext *DES_CreateContext(const unsigned char *key,
const unsigned char *iv,
- int mode, PRBool encrypt);
+ int mode, PRBool encrypt);
extern DESContext *DES_AllocateContext(void);
-extern SECStatus DES_InitContext(DESContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int );
+extern SECStatus DES_InitContext(DESContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int);
/*
** Destroy an DES encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
/*
** Perform DES encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
**
** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
*/
extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/*
** Perform DES decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
**
** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
*/
extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/******************************************/
-/*
-** SEED symmetric block cypher
+/*
+** SEED symmetric block cypher
*/
extern SEEDContext *
-SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
- int mode, PRBool encrypt);
+SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
+ int mode, PRBool encrypt);
extern SEEDContext *SEED_AllocateContext(void);
-extern SECStatus SEED_InitContext(SEEDContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode, unsigned int encrypt,
- unsigned int );
+extern SECStatus SEED_InitContext(SEEDContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode, unsigned int encrypt,
+ unsigned int);
extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
-extern SECStatus
-SEED_Encrypt(SEEDContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
-extern SECStatus
-SEED_Decrypt(SEEDContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
+extern SECStatus
+SEED_Encrypt(SEEDContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
+extern SECStatus
+SEED_Decrypt(SEEDContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/******************************************/
@@ -801,60 +799,60 @@ SEED_Decrypt(SEEDContext *cx, unsigned char *output,
/*
** Create a new AES context suitable for AES encryption/decryption.
-** "key" raw key data
-** "keylen" the number of bytes of key data (16, 24, or 32)
+** "key" raw key data
+** "keylen" the number of bytes of key data (16, 24, or 32)
** "blocklen" is the blocksize to use (16, 24, or 32)
** XXX currently only blocksize==16 has been tested!
*/
extern AESContext *
-AES_CreateContext(const unsigned char *key, const unsigned char *iv,
+AES_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, int encrypt,
unsigned int keylen, unsigned int blocklen);
extern AESContext *AES_AllocateContext(void);
-extern SECStatus AES_InitContext(AESContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int blocklen);
+extern SECStatus AES_InitContext(AESContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int blocklen);
/*
** Destroy a AES encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
-extern void
+extern void
AES_DestroyContext(AESContext *cx, PRBool freeit);
/*
** Perform AES encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
+*/
+extern SECStatus
AES_Encrypt(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/*
** Perform AES decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
+*/
+extern SECStatus
AES_Decrypt(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
@@ -866,125 +864,125 @@ AES_Decrypt(AESContext *cx, unsigned char *output,
/*
** Create a new AES context suitable for AES encryption/decryption.
-** "key" raw key data
+** "key" raw key data
** "iv" The 8 byte "initial value"
** "encrypt", a boolean, true for key wrapping, false for unwrapping.
-** "keylen" the number of bytes of key data (16, 24, or 32)
+** "keylen" the number of bytes of key data (16, 24, or 32)
*/
extern AESKeyWrapContext *
-AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
int encrypt, unsigned int keylen);
-extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void);
-extern SECStatus
- AESKeyWrap_InitContext(AESKeyWrapContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int ,
- unsigned int encrypt,
- unsigned int );
+extern AESKeyWrapContext *AESKeyWrap_AllocateContext(void);
+extern SECStatus
+AESKeyWrap_InitContext(AESKeyWrapContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int,
+ unsigned int encrypt,
+ unsigned int);
/*
** Destroy a AES KeyWrap context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
-extern void
+extern void
AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit);
/*
** Perform AES key wrap.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
+*/
+extern SECStatus
AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/*
** Perform AES key unwrap.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
+*/
+extern SECStatus
AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- /******************************************/
+/******************************************/
/*
** Camellia symmetric block cypher
*/
/*
** Create a new Camellia context suitable for Camellia encryption/decryption.
-** "key" raw key data
-** "keylen" the number of bytes of key data (16, 24, or 32)
+** "key" raw key data
+** "keylen" the number of bytes of key data (16, 24, or 32)
*/
extern CamelliaContext *
-Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
- int mode, int encrypt, unsigned int keylen);
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
+ int mode, int encrypt, unsigned int keylen);
extern CamelliaContext *Camellia_AllocateContext(void);
-extern SECStatus Camellia_InitContext(CamelliaContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int unused);
+extern SECStatus Camellia_InitContext(CamelliaContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int unused);
/*
** Destroy a Camellia encryption/decryption context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
-extern void
+extern void
Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
/*
** Perform Camellia encryption.
-** "cx" the context
-** "output" the output buffer to store the encrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus
+** "cx" the context
+** "output" the output buffer to store the encrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
+*/
+extern SECStatus
Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/*
** Perform Camellia decryption.
-** "cx" the context
-** "output" the output buffer to store the decrypted data.
-** "outputLen" how much data is stored in "output". Set by the routine
-** after some data is stored in output.
-** "maxOutputLen" the maximum amount of data that can ever be
-** stored in "output"
-** "input" the input data
-** "inputLen" the amount of input data
-*/
-extern SECStatus
+** "cx" the context
+** "output" the output buffer to store the decrypted data.
+** "outputLen" how much data is stored in "output". Set by the routine
+** after some data is stored in output.
+** "maxOutputLen" the maximum amount of data that can ever be
+** stored in "output"
+** "input" the input data
+** "inputLen" the amount of input data
+*/
+extern SECStatus
Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
/******************************************/
/*
@@ -1030,18 +1028,17 @@ extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
** Hash a non-null terminated string "src" into "dest" using MD5
*/
extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ PRUint32 src_length);
/*
** Create a new MD5 context
*/
extern MD5Context *MD5_NewContext(void);
-
/*
** Destroy an MD5 secure hash context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
@@ -1052,35 +1049,35 @@ extern void MD5_Begin(MD5Context *cx);
/*
** Update the MD5 hash function with more data.
-** "cx" the context
-** "input" the data to hash
-** "inputLen" the amount of data to hash
+** "cx" the context
+** "input" the data to hash
+** "inputLen" the amount of data to hash
*/
extern void MD5_Update(MD5Context *cx,
- const unsigned char *input, unsigned int inputLen);
+ const unsigned char *input, unsigned int inputLen);
/*
** Finish the MD5 hash function. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 16 bytes of digest data are stored
-** "digestLen" where the digest length (16) is stored
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 16 bytes of digest data are stored
+** "digestLen" where the digest length (16) is stored
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void MD5_End(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
** Export the current state of the MD5 hash without appending the standard
** padding and length bytes. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 16 bytes of digest data are stored
-** "digestLen" where the digest length (16) is stored (optional)
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 16 bytes of digest data are stored
+** "digestLen" where the digest length (16) is stored (optional)
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
* Return the the size of a buffer needed to flatten the MD5 Context into
@@ -1095,7 +1092,7 @@ extern unsigned int MD5_FlattenSize(MD5Context *cx);
* "space" the buffer to flatten to
* returns status;
*/
-extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
+extern SECStatus MD5_Flatten(MD5Context *cx, unsigned char *space);
/*
* Resurrect a flattened context into a MD5 Context
@@ -1103,7 +1100,7 @@ extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
* "arg" ptr to void used by cryptographic resurrect
* returns resurected context;
*/
-extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg);
+extern MD5Context *MD5_Resurrect(unsigned char *space, void *arg);
extern void MD5_Clone(MD5Context *dest, MD5Context *src);
/*
@@ -1111,7 +1108,6 @@ extern void MD5_Clone(MD5Context *dest, MD5Context *src);
*/
extern void MD5_TraceState(MD5Context *cx);
-
/******************************************/
/*
** MD2 secure hash function
@@ -1127,11 +1123,10 @@ extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
*/
extern MD2Context *MD2_NewContext(void);
-
/*
** Destroy an MD2 secure hash context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
@@ -1142,23 +1137,23 @@ extern void MD2_Begin(MD2Context *cx);
/*
** Update the MD2 hash function with more data.
-** "cx" the context
-** "input" the data to hash
-** "inputLen" the amount of data to hash
+** "cx" the context
+** "input" the data to hash
+** "inputLen" the amount of data to hash
*/
extern void MD2_Update(MD2Context *cx,
- const unsigned char *input, unsigned int inputLen);
+ const unsigned char *input, unsigned int inputLen);
/*
** Finish the MD2 hash function. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 16 bytes of digest data are stored
-** "digestLen" where the digest length (16) is stored
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 16 bytes of digest data are stored
+** "digestLen" where the digest length (16) is stored
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void MD2_End(MD2Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
* Return the the size of a buffer needed to flatten the MD2 Context into
@@ -1173,7 +1168,7 @@ extern unsigned int MD2_FlattenSize(MD2Context *cx);
* "space" the buffer to flatten to
* returns status;
*/
-extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
+extern SECStatus MD2_Flatten(MD2Context *cx, unsigned char *space);
/*
* Resurrect a flattened context into a MD2 Context
@@ -1181,7 +1176,7 @@ extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
* "arg" ptr to void used by cryptographic resurrect
* returns resurected context;
*/
-extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg);
+extern MD2Context *MD2_Resurrect(unsigned char *space, void *arg);
extern void MD2_Clone(MD2Context *dest, MD2Context *src);
/******************************************/
@@ -1198,18 +1193,17 @@ extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
** Hash a non-null terminated string "src" into "dest" using SHA-1
*/
extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ PRUint32 src_length);
/*
** Create a new SHA-1 context
*/
extern SHA1Context *SHA1_NewContext(void);
-
/*
** Destroy a SHA-1 secure hash context.
-** "cx" the context
-** "freeit" if PR_TRUE then free the object as well as its sub-objects
+** "cx" the context
+** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
@@ -1220,35 +1214,35 @@ extern void SHA1_Begin(SHA1Context *cx);
/*
** Update the SHA-1 hash function with more data.
-** "cx" the context
-** "input" the data to hash
-** "inputLen" the amount of data to hash
+** "cx" the context
+** "input" the data to hash
+** "inputLen" the amount of data to hash
*/
extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
- unsigned int inputLen);
+ unsigned int inputLen);
/*
** Finish the SHA-1 hash function. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 16 bytes of digest data are stored
-** "digestLen" where the digest length (20) is stored
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 16 bytes of digest data are stored
+** "digestLen" where the digest length (20) is stored
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
** Export the current state of the SHA-1 hash without appending the standard
** padding and length bytes. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 20 bytes of digest data are stored
-** "digestLen" where the digest length (20) is stored (optional)
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 20 bytes of digest data are stored
+** "digestLen" where the digest length (20) is stored (optional)
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
** trace the intermediate state info of the SHA1 hash.
@@ -1268,7 +1262,7 @@ extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
* "space" the buffer to flatten to
* returns status;
*/
-extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
+extern SECStatus SHA1_Flatten(SHA1Context *cx, unsigned char *space);
/*
* Resurrect a flattened context into a SHA-1 Context
@@ -1276,7 +1270,7 @@ extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
* "arg" ptr to void used by cryptographic resurrect
* returns resurected context;
*/
-extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
+extern SHA1Context *SHA1_Resurrect(unsigned char *space, void *arg);
extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
/******************************************/
@@ -1285,27 +1279,27 @@ extern SHA224Context *SHA224_NewContext(void);
extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
extern void SHA224_Begin(SHA224Context *cx);
extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
- unsigned int inputLen);
+ unsigned int inputLen);
extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
** Export the current state of the SHA-224 hash without appending the standard
** padding and length bytes. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 28 bytes of digest data are stored
-** "digestLen" where the digest length (28) is stored (optional)
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 28 bytes of digest data are stored
+** "digestLen" where the digest length (28) is stored (optional)
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ PRUint32 src_length);
extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
extern void SHA224_TraceState(SHA224Context *cx);
extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
-extern SECStatus SHA224_Flatten(SHA224Context *cx,unsigned char *space);
-extern SHA224Context * SHA224_Resurrect(unsigned char *space, void *arg);
+extern SECStatus SHA224_Flatten(SHA224Context *cx, unsigned char *space);
+extern SHA224Context *SHA224_Resurrect(unsigned char *space, void *arg);
extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
/******************************************/
@@ -1314,27 +1308,27 @@ extern SHA256Context *SHA256_NewContext(void);
extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
extern void SHA256_Begin(SHA256Context *cx);
extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
- unsigned int inputLen);
+ unsigned int inputLen);
extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
** Export the current state of the SHA-256 hash without appending the standard
** padding and length bytes. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 32 bytes of digest data are stored
-** "digestLen" where the digest length (32) is stored (optional)
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 32 bytes of digest data are stored
+** "digestLen" where the digest length (32) is stored (optional)
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ PRUint32 src_length);
extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
extern void SHA256_TraceState(SHA256Context *cx);
extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
-extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
-extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
+extern SECStatus SHA256_Flatten(SHA256Context *cx, unsigned char *space);
+extern SHA256Context *SHA256_Resurrect(unsigned char *space, void *arg);
extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
/******************************************/
@@ -1343,27 +1337,27 @@ extern SHA512Context *SHA512_NewContext(void);
extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
extern void SHA512_Begin(SHA512Context *cx);
extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
- unsigned int inputLen);
+ unsigned int inputLen);
/*
** Export the current state of the SHA-512 hash without appending the standard
** padding and length bytes. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 64 bytes of digest data are stored
-** "digestLen" where the digest length (64) is stored (optional)
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 64 bytes of digest data are stored
+** "digestLen" where the digest length (64) is stored (optional)
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ PRUint32 src_length);
extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
extern void SHA512_TraceState(SHA512Context *cx);
extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
-extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
-extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
+extern SECStatus SHA512_Flatten(SHA512Context *cx, unsigned char *space);
+extern SHA512Context *SHA512_Resurrect(unsigned char *space, void *arg);
extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
/******************************************/
@@ -1372,27 +1366,27 @@ extern SHA384Context *SHA384_NewContext(void);
extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
extern void SHA384_Begin(SHA384Context *cx);
extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
- unsigned int inputLen);
+ unsigned int inputLen);
extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
/*
** Export the current state of the SHA-384 hash without appending the standard
** padding and length bytes. Produce the digested results in "digest"
-** "cx" the context
-** "digest" where the 48 bytes of digest data are stored
-** "digestLen" where the digest length (48) is stored (optional)
-** "maxDigestLen" the maximum amount of data that can ever be
-** stored in "digest"
+** "cx" the context
+** "digest" where the 48 bytes of digest data are stored
+** "digestLen" where the digest length (48) is stored (optional)
+** "maxDigestLen" the maximum amount of data that can ever be
+** stored in "digest"
*/
extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ unsigned int *digestLen, unsigned int maxDigestLen);
extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ PRUint32 src_length);
extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
extern void SHA384_TraceState(SHA384Context *cx);
extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
-extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
-extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
+extern SECStatus SHA384_Flatten(SHA384Context *cx, unsigned char *space);
+extern SHA384Context *SHA384_Resurrect(unsigned char *space, void *arg);
extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
/****************************************
@@ -1400,8 +1394,8 @@ extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
*/
extern SECStatus
-TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
- SECItem *result, PRBool isFIPS);
+TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
+ SECItem *result, PRBool isFIPS);
extern SECStatus
TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
@@ -1439,7 +1433,7 @@ extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
** a call to RNG_RNGInit() is required in order to use the generator again,
** along with seed data (see the comment above RNG_RNGInit()).
*/
-extern void RNG_RNGShutdown(void);
+extern void RNG_RNGShutdown(void);
extern void RNG_SystemInfoForRNG(void);
@@ -1478,17 +1472,17 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w,
* testing.
*/
extern SECStatus
-PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
- const PRUint8 *nonce, unsigned int nonce_len,
- const PRUint8 *personal_string, unsigned int ps_len);
+PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
+ const PRUint8 *nonce, unsigned int nonce_len,
+ const PRUint8 *personal_string, unsigned int ps_len);
extern SECStatus
-PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
- const PRUint8 *additional, unsigned int additional_len);
+PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
+ const PRUint8 *additional, unsigned int additional_len);
extern SECStatus
-PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
- const PRUint8 *additional, unsigned int additional_len);
+PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
+ const PRUint8 *additional, unsigned int additional_len);
extern SECStatus
PRNGTEST_Uninstantiate(void);
@@ -1497,15 +1491,15 @@ extern SECStatus
PRNGTEST_RunHealthTests(void);
/* Generate PQGParams and PQGVerify structs.
- * Length of seed and length of h both equal length of P.
+ * Length of seed and length of h both equal length of P.
* All lengths are specified by "j", according to the table above.
*
* The verify parameters will conform to FIPS186-1.
*/
extern SECStatus
-PQG_ParamGen(unsigned int j, /* input : determines length of P. */
- PQGParams **pParams, /* output: P Q and G returned here */
- PQGVerify **pVfy); /* output: counter and seed. */
+PQG_ParamGen(unsigned int j, /* input : determines length of P. */
+ PQGParams **pParams, /* output: P Q and G returned here */
+ PQGVerify **pVfy); /* output: counter and seed. */
/* Generate PQGParams and PQGVerify structs.
* Length of P specified by j. Length of h will match length of P.
@@ -1516,14 +1510,14 @@ PQG_ParamGen(unsigned int j, /* input : determines length of P. */
*/
extern SECStatus
PQG_ParamGenSeedLen(
- unsigned int j, /* input : determines length of P. */
- unsigned int seedBytes, /* input : length of seed in bytes.*/
- PQGParams **pParams, /* output: P Q and G returned here */
- PQGVerify **pVfy); /* output: counter and seed. */
+ unsigned int j, /* input : determines length of P. */
+ unsigned int seedBytes, /* input : length of seed in bytes.*/
+ PQGParams **pParams, /* output: P Q and G returned here */
+ PQGVerify **pVfy); /* output: counter and seed. */
/* Generate PQGParams and PQGVerify structs.
- * Length of P specified by L in bits.
- * Length of Q specified by N in bits.
+ * Length of P specified by L in bits.
+ * Length of Q specified by N in bits.
* Length of SEED in bytes specified in seedBytes.
* seedBbytes must be in the range [N..L*2] or an error will result.
*
@@ -1540,17 +1534,16 @@ PQG_ParamGenSeedLen(
* pick a default value (typically the smallest secure value for these
* variables).
*
- * The verify parameters will conform to FIPS186-3 using the smallest
+ * The verify parameters will conform to FIPS186-3 using the smallest
* permissible hash for the key strength.
*/
extern SECStatus
PQG_ParamGenV2(
- unsigned int L, /* input : determines length of P. */
- unsigned int N, /* input : determines length of Q. */
- unsigned int seedBytes, /* input : length of seed in bytes.*/
- PQGParams **pParams, /* output: P Q and G returned here */
- PQGVerify **pVfy); /* output: counter and seed. */
-
+ unsigned int L, /* input : determines length of P. */
+ unsigned int N, /* input : determines length of Q. */
+ unsigned int seedBytes, /* input : length of seed in bytes.*/
+ PQGParams **pParams, /* output: P Q and G returned here */
+ PQGVerify **pVfy); /* output: counter and seed. */
/* Test PQGParams for validity as DSS PQG values.
* If vfy is non-NULL, test PQGParams to make sure they were generated
@@ -1567,14 +1560,13 @@ PQG_ParamGenV2(
* PQG_VerifyParams will automatically choose the appropriate test.
*/
-extern SECStatus PQG_VerifyParams(const PQGParams *params,
- const PQGVerify *vfy, SECStatus *result);
+extern SECStatus PQG_VerifyParams(const PQGParams *params,
+ const PQGVerify *vfy, SECStatus *result);
extern void PQG_DestroyParams(PQGParams *params);
extern void PQG_DestroyVerify(PQGVerify *vfy);
-
/*
* clean-up any global tables freebl may have allocated after it starts up.
* This function is not thread safe and should be called only after the
@@ -1601,7 +1593,7 @@ PRBool BLAPI_SHVerifyFile(const char *shName);
PRBool BLAPI_VerifySelf(const char *name);
/*********************************************************************/
-extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
+extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
extern void BL_SetForkState(PRBool forked);
diff --git a/lib/freebl/blapii.h b/lib/freebl/blapii.h
index 15271a184..8a9a3d69b 100644
--- a/lib/freebl/blapii.h
+++ b/lib/freebl/blapii.h
@@ -14,9 +14,9 @@
#define MAX_BLOCK_SIZE 16
typedef SECStatus (*freeblCipherFunc)(void *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen,
+ unsigned int blocksize);
typedef void (*freeblDestroyFunc)(void *cx, PRBool freeit);
SEC_BEGIN_PROTOS
@@ -28,7 +28,9 @@ PRBool BL_POSTRan(PRBool freeblOnly);
extern PRBool bl_parentForkedAfterC_Initialize;
-#define SKIP_AFTER_FORK(x) if (!bl_parentForkedAfterC_Initialize) x
+#define SKIP_AFTER_FORK(x) \
+ if (!bl_parentForkedAfterC_Initialize) \
+ x
#else
@@ -39,4 +41,3 @@ extern PRBool bl_parentForkedAfterC_Initialize;
SEC_END_PROTOS
#endif /* _BLAPII_H_ */
-
diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h
index eacf48a7e..4e2d5e7fa 100644
--- a/lib/freebl/blapit.h
+++ b/lib/freebl/blapit.h
@@ -13,42 +13,41 @@
#include "plarena.h"
#include "ecl-exp.h"
-
/* RC2 operation modes */
-#define NSS_RC2 0
-#define NSS_RC2_CBC 1
+#define NSS_RC2 0
+#define NSS_RC2_CBC 1
/* RC5 operation modes */
-#define NSS_RC5 0
-#define NSS_RC5_CBC 1
+#define NSS_RC5 0
+#define NSS_RC5_CBC 1
/* DES operation modes */
-#define NSS_DES 0
-#define NSS_DES_CBC 1
-#define NSS_DES_EDE3 2
-#define NSS_DES_EDE3_CBC 3
+#define NSS_DES 0
+#define NSS_DES_CBC 1
+#define NSS_DES_EDE3 2
+#define NSS_DES_EDE3_CBC 3
-#define DES_KEY_LENGTH 8 /* Bytes */
+#define DES_KEY_LENGTH 8 /* Bytes */
/* AES operation modes */
-#define NSS_AES 0
-#define NSS_AES_CBC 1
-#define NSS_AES_CTS 2
-#define NSS_AES_CTR 3
-#define NSS_AES_GCM 4
+#define NSS_AES 0
+#define NSS_AES_CBC 1
+#define NSS_AES_CTS 2
+#define NSS_AES_CTR 3
+#define NSS_AES_GCM 4
/* Camellia operation modes */
-#define NSS_CAMELLIA 0
-#define NSS_CAMELLIA_CBC 1
+#define NSS_CAMELLIA 0
+#define NSS_CAMELLIA_CBC 1
/* SEED operation modes */
-#define NSS_SEED 0
-#define NSS_SEED_CBC 1
+#define NSS_SEED 0
+#define NSS_SEED_CBC 1
-#define DSA1_SUBPRIME_LEN 20 /* Bytes */
-#define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN*2) /* Bytes */
-#define DSA_MAX_SUBPRIME_LEN 32 /* Bytes */
-#define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN*2)/* Bytes */
+#define DSA1_SUBPRIME_LEN 20 /* Bytes */
+#define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN * 2) /* Bytes */
+#define DSA_MAX_SUBPRIME_LEN 32 /* Bytes */
+#define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN * 2) /* Bytes */
/*
* Mark the old defines as deprecated. This will warn code that expected
@@ -59,78 +58,77 @@
typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
#define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN)
#define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN)
-#define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN*8))
+#define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN * 8))
#else
#ifdef _WIN32
/* This magic gets the windows compiler to give us a deprecation
* warning */
#pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS)
#endif
-#define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN
+#define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN
#define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN
-#define DSA_Q_BITS (DSA1_SUBPRIME_LEN*8)
+#define DSA_Q_BITS (DSA1_SUBPRIME_LEN * 8)
#endif
-
/* XXX We shouldn't have to hard code this limit. For
* now, this is the quickest way to support ECDSA signature
* processing (ECDSA signature lengths depend on curve
* size). This limit is sufficient for curves upto
* 576 bits.
*/
-#define MAX_ECKEY_LEN 72 /* Bytes */
+#define MAX_ECKEY_LEN 72 /* Bytes */
#ifdef NSS_ECC_MORE_THAN_SUITE_B
-#define EC_MAX_KEY_BITS 571 /* in bits */
-#define EC_MIN_KEY_BITS 112 /* in bits */
+#define EC_MAX_KEY_BITS 571 /* in bits */
+#define EC_MIN_KEY_BITS 112 /* in bits */
#else
-#define EC_MAX_KEY_BITS 521 /* in bits */
-#define EC_MIN_KEY_BITS 256 /* in bits */
+#define EC_MAX_KEY_BITS 521 /* in bits */
+#define EC_MIN_KEY_BITS 256 /* in bits */
#endif
/* EC point compression format */
-#define EC_POINT_FORM_COMPRESSED_Y0 0x02
-#define EC_POINT_FORM_COMPRESSED_Y1 0x03
-#define EC_POINT_FORM_UNCOMPRESSED 0x04
-#define EC_POINT_FORM_HYBRID_Y0 0x06
-#define EC_POINT_FORM_HYBRID_Y1 0x07
+#define EC_POINT_FORM_COMPRESSED_Y0 0x02
+#define EC_POINT_FORM_COMPRESSED_Y1 0x03
+#define EC_POINT_FORM_UNCOMPRESSED 0x04
+#define EC_POINT_FORM_HYBRID_Y0 0x06
+#define EC_POINT_FORM_HYBRID_Y1 0x07
/*
* Number of bytes each hash algorithm produces
*/
-#define MD2_LENGTH 16 /* Bytes */
-#define MD5_LENGTH 16 /* Bytes */
-#define SHA1_LENGTH 20 /* Bytes */
-#define SHA256_LENGTH 32 /* bytes */
-#define SHA384_LENGTH 48 /* bytes */
-#define SHA512_LENGTH 64 /* bytes */
-#define HASH_LENGTH_MAX SHA512_LENGTH
+#define MD2_LENGTH 16 /* Bytes */
+#define MD5_LENGTH 16 /* Bytes */
+#define SHA1_LENGTH 20 /* Bytes */
+#define SHA256_LENGTH 32 /* bytes */
+#define SHA384_LENGTH 48 /* bytes */
+#define SHA512_LENGTH 64 /* bytes */
+#define HASH_LENGTH_MAX SHA512_LENGTH
/*
* Input block size for each hash algorithm.
*/
-#define MD2_BLOCK_LENGTH 64 /* bytes */
-#define MD5_BLOCK_LENGTH 64 /* bytes */
-#define SHA1_BLOCK_LENGTH 64 /* bytes */
-#define SHA224_BLOCK_LENGTH 64 /* bytes */
-#define SHA256_BLOCK_LENGTH 64 /* bytes */
-#define SHA384_BLOCK_LENGTH 128 /* bytes */
-#define SHA512_BLOCK_LENGTH 128 /* bytes */
-#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
+#define MD2_BLOCK_LENGTH 64 /* bytes */
+#define MD5_BLOCK_LENGTH 64 /* bytes */
+#define SHA1_BLOCK_LENGTH 64 /* bytes */
+#define SHA224_BLOCK_LENGTH 64 /* bytes */
+#define SHA256_BLOCK_LENGTH 64 /* bytes */
+#define SHA384_BLOCK_LENGTH 128 /* bytes */
+#define SHA512_BLOCK_LENGTH 128 /* bytes */
+#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
-#define AES_KEY_WRAP_IV_BYTES 8
-#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
-#define AES_BLOCK_SIZE 16 /* bytes */
+#define AES_KEY_WRAP_IV_BYTES 8
+#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
+#define AES_BLOCK_SIZE 16 /* bytes */
-#define AES_128_KEY_LENGTH 16 /* bytes */
-#define AES_192_KEY_LENGTH 24 /* bytes */
-#define AES_256_KEY_LENGTH 32 /* bytes */
+#define AES_128_KEY_LENGTH 16 /* bytes */
+#define AES_192_KEY_LENGTH 24 /* bytes */
+#define AES_256_KEY_LENGTH 32 /* bytes */
-#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
+#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
-#define SEED_BLOCK_SIZE 16 /* bytes */
-#define SEED_KEY_LENGTH 16 /* bytes */
+#define SEED_BLOCK_SIZE 16 /* bytes */
+#define SEED_KEY_LENGTH 16 /* bytes */
#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
@@ -138,11 +136,11 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
* These values come from the initial key size limits from the PKCS #11
* module. They may be arbitrarily adjusted to any value freebl supports.
*/
-#define RSA_MIN_MODULUS_BITS 128
+#define RSA_MIN_MODULUS_BITS 128
#define RSA_MAX_MODULUS_BITS 16384
-#define RSA_MAX_EXPONENT_BITS 64
-#define DH_MIN_P_BITS 128
-#define DH_MAX_P_BITS 16384
+#define RSA_MAX_EXPONENT_BITS 64
+#define DH_MIN_P_BITS 128
+#define DH_MAX_P_BITS 16384
/*
* The FIPS 186-1 algorithm for generating primes P and Q allows only 9
@@ -152,17 +150,17 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
* of P is to be used.
* The following table relates j to the lengths of P and Q in bits.
*
- * j bits in P bits in Q
- * _ _________ _________
- * 0 512 160
- * 1 576 160
- * 2 640 160
- * 3 704 160
- * 4 768 160
- * 5 832 160
- * 6 896 160
- * 7 960 160
- * 8 1024 160
+ * j bits in P bits in Q
+ * _ _________ _________
+ * 0 512 160
+ * 1 576 160
+ * 2 640 160
+ * 3 704 160
+ * 4 768 160
+ * 5 832 160
+ * 6 896 160
+ * 7 960 160
+ * 8 1024 160
*
* The FIPS-186-1 compliant PQG generator takes j as an input parameter.
*
@@ -179,24 +177,22 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
* lengths as input and returns an error if they aren't in this list.
*/
-#define DSA1_Q_BITS 160
-#define DSA_MAX_P_BITS 3072
-#define DSA_MIN_P_BITS 512
-#define DSA_MAX_Q_BITS 256
-#define DSA_MIN_Q_BITS 160
+#define DSA1_Q_BITS 160
+#define DSA_MAX_P_BITS 3072
+#define DSA_MIN_P_BITS 512
+#define DSA_MAX_Q_BITS 256
+#define DSA_MIN_Q_BITS 160
-#if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8
+#if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN * 8
#error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
#endif
-
/*
* function takes desired number of bits in P,
* returns index (0..8) or -1 if number of bits is invalid.
*/
#define PQG_PBITS_TO_INDEX(bits) \
- (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? \
- -1 : (int)((bits)-512)/64)
+ (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? -1 : (int)((bits)-512) / 64)
/*
* function takes index (0-8)
@@ -204,43 +200,42 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
*/
#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
-
/***************************************************************************
-** Opaque objects
+** Opaque objects
*/
-struct DESContextStr ;
-struct RC2ContextStr ;
-struct RC4ContextStr ;
-struct RC5ContextStr ;
-struct AESContextStr ;
-struct CamelliaContextStr ;
-struct MD2ContextStr ;
-struct MD5ContextStr ;
-struct SHA1ContextStr ;
-struct SHA256ContextStr ;
-struct SHA512ContextStr ;
-struct AESKeyWrapContextStr ;
-struct SEEDContextStr ;
+struct DESContextStr;
+struct RC2ContextStr;
+struct RC4ContextStr;
+struct RC5ContextStr;
+struct AESContextStr;
+struct CamelliaContextStr;
+struct MD2ContextStr;
+struct MD5ContextStr;
+struct SHA1ContextStr;
+struct SHA256ContextStr;
+struct SHA512ContextStr;
+struct AESKeyWrapContextStr;
+struct SEEDContextStr;
struct ChaCha20Poly1305ContextStr;
-typedef struct DESContextStr DESContext;
-typedef struct RC2ContextStr RC2Context;
-typedef struct RC4ContextStr RC4Context;
-typedef struct RC5ContextStr RC5Context;
-typedef struct AESContextStr AESContext;
-typedef struct CamelliaContextStr CamelliaContext;
-typedef struct MD2ContextStr MD2Context;
-typedef struct MD5ContextStr MD5Context;
-typedef struct SHA1ContextStr SHA1Context;
-typedef struct SHA256ContextStr SHA256Context;
+typedef struct DESContextStr DESContext;
+typedef struct RC2ContextStr RC2Context;
+typedef struct RC4ContextStr RC4Context;
+typedef struct RC5ContextStr RC5Context;
+typedef struct AESContextStr AESContext;
+typedef struct CamelliaContextStr CamelliaContext;
+typedef struct MD2ContextStr MD2Context;
+typedef struct MD5ContextStr MD5Context;
+typedef struct SHA1ContextStr SHA1Context;
+typedef struct SHA256ContextStr SHA256Context;
/* SHA224Context is really a SHA256ContextStr. This is not a mistake. */
-typedef struct SHA256ContextStr SHA224Context;
-typedef struct SHA512ContextStr SHA512Context;
+typedef struct SHA256ContextStr SHA224Context;
+typedef struct SHA512ContextStr SHA512Context;
/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
-typedef struct SHA512ContextStr SHA384Context;
+typedef struct SHA512ContextStr SHA384Context;
typedef struct AESKeyWrapContextStr AESKeyWrapContext;
-typedef struct SEEDContextStr SEEDContext;
+typedef struct SEEDContextStr SEEDContext;
typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context;
/***************************************************************************
@@ -249,7 +244,7 @@ typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context;
/* member names from PKCS#1, section 7.1 */
struct RSAPublicKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem modulus;
SECItem publicExponent;
};
@@ -257,7 +252,7 @@ typedef struct RSAPublicKeyStr RSAPublicKey;
/* member names from PKCS#1, section 7.2 */
struct RSAPrivateKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem version;
SECItem modulus;
SECItem publicExponent;
@@ -270,7 +265,6 @@ struct RSAPrivateKeyStr {
};
typedef struct RSAPrivateKeyStr RSAPrivateKey;
-
/***************************************************************************
** DSA Public and Private Key and related structures
*/
@@ -285,10 +279,10 @@ struct PQGParamsStr {
typedef struct PQGParamsStr PQGParams;
struct PQGVerifyStr {
- PLArenaPool * arena; /* includes this struct, seed, & h. */
- unsigned int counter;
- SECItem seed;
- SECItem h;
+ PLArenaPool *arena; /* includes this struct, seed, & h. */
+ unsigned int counter;
+ SECItem seed;
+ SECItem h;
};
typedef struct PQGVerifyStr PQGVerify;
@@ -311,14 +305,14 @@ typedef struct DSAPrivateKeyStr DSAPrivateKey;
*/
struct DHParamsStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem prime; /* p */
- SECItem base; /* g */
+ SECItem base; /* g */
};
typedef struct DHParamsStr DHParams;
struct DHPublicKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem prime;
SECItem base;
SECItem publicValue;
@@ -326,7 +320,7 @@ struct DHPublicKeyStr {
typedef struct DHPublicKeyStr DHPublicKey;
struct DHPrivateKeyStr {
- PLArenaPool * arena;
+ PLArenaPool *arena;
SECItem prime;
SECItem base;
SECItem publicValue;
@@ -340,12 +334,12 @@ typedef struct DHPrivateKeyStr DHPrivateKey;
*/
/*
-** The ECParams data structures can encode elliptic curve
+** The ECParams data structures can encode elliptic curve
** parameters for both GFp and GF2m curves.
*/
typedef enum { ec_params_explicit,
- ec_params_named
+ ec_params_named
} ECParamsType;
typedef enum { ec_field_GFp = 1,
@@ -353,72 +347,72 @@ typedef enum { ec_field_GFp = 1,
} ECFieldType;
struct ECFieldIDStr {
- int size; /* field size in bits */
+ int size; /* field size in bits */
ECFieldType type;
union {
- SECItem prime; /* prime p for (GFp) */
- SECItem poly; /* irreducible binary polynomial for (GF2m) */
+ SECItem prime; /* prime p for (GFp) */
+ SECItem poly; /* irreducible binary polynomial for (GF2m) */
} u;
- int k1; /* first coefficient of pentanomial or
- * the only coefficient of trinomial
+ int k1; /* first coefficient of pentanomial or
+ * the only coefficient of trinomial
*/
- int k2; /* two remaining coefficients of pentanomial */
- int k3;
+ int k2; /* two remaining coefficients of pentanomial */
+ int k3;
};
typedef struct ECFieldIDStr ECFieldID;
struct ECCurveStr {
- SECItem a; /* contains octet stream encoding of
- * field element (X9.62 section 4.3.3)
- */
+ SECItem a; /* contains octet stream encoding of
+ * field element (X9.62 section 4.3.3)
+ */
SECItem b;
SECItem seed;
};
typedef struct ECCurveStr ECCurve;
struct ECParamsStr {
- PLArenaPool * arena;
- ECParamsType type;
- ECFieldID fieldID;
- ECCurve curve;
- SECItem base;
- SECItem order;
- int cofactor;
- SECItem DEREncoding;
- ECCurveName name;
- SECItem curveOID;
+ PLArenaPool *arena;
+ ECParamsType type;
+ ECFieldID fieldID;
+ ECCurve curve;
+ SECItem base;
+ SECItem order;
+ int cofactor;
+ SECItem DEREncoding;
+ ECCurveName name;
+ SECItem curveOID;
};
typedef struct ECParamsStr ECParams;
struct ECPublicKeyStr {
- ECParams ecParams;
- SECItem publicValue; /* elliptic curve point encoded as
- * octet stream.
- */
+ ECParams ecParams;
+ SECItem publicValue; /* elliptic curve point encoded as
+ * octet stream.
+ */
};
typedef struct ECPublicKeyStr ECPublicKey;
struct ECPrivateKeyStr {
- ECParams ecParams;
- SECItem publicValue; /* encoded ec point */
- SECItem privateValue; /* private big integer */
- SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
+ ECParams ecParams;
+ SECItem publicValue; /* encoded ec point */
+ SECItem privateValue; /* private big integer */
+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */
};
typedef struct ECPrivateKeyStr ECPrivateKey;
-typedef void * (*BLapiAllocateFunc)(void);
+typedef void *(*BLapiAllocateFunc)(void);
typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit);
-typedef SECStatus (*BLapiInitContextFunc)(void *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *,
- int,
- unsigned int ,
- unsigned int );
+typedef SECStatus (*BLapiInitContextFunc)(void *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *,
+ int,
+ unsigned int,
+ unsigned int);
typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
#endif /* _BLAPIT_H_ */
diff --git a/lib/freebl/blname.c b/lib/freebl/blname.c
index db5fff58b..4bad74ada 100644
--- a/lib/freebl/blname.c
+++ b/lib/freebl/blname.c
@@ -1,16 +1,15 @@
/*
- * * blname.c - determine the freebl library name.
- * *
- * * This Source Code Form is subject to the terms of the Mozilla Public
- * * License, v. 2.0. If a copy of the MPL was not distributed with this
- * * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ * blname.c - determine the freebl library name.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#if defined(FREEBL_LOWHASH)
static const char* default_name =
- SHLIB_PREFIX"freeblpriv"SHLIB_VERSION"."SHLIB_SUFFIX;
+ SHLIB_PREFIX "freeblpriv" SHLIB_VERSION "." SHLIB_SUFFIX;
#else
static const char* default_name =
- SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX;
+ SHLIB_PREFIX "freebl" SHLIB_VERSION "." SHLIB_SUFFIX;
#endif
/* getLibName() returns the name of the library to load. */
@@ -20,7 +19,6 @@ static const char* default_name =
#include <strings.h>
#include <sys/systeminfo.h>
-
#if defined(NSS_USE_64)
const static char fpu_hybrid_shared_lib[] = "libfreebl_64fpu_3.so";
@@ -35,29 +33,29 @@ const static char fpu_hybrid_isa[] = "sparcv9+vis";
const static char fpu_hybrid_shared_lib[] = "libfreebl_32fpu_3.so";
const static char int_hybrid_shared_lib[] = "libfreebl_32int64_3.so";
/* This was for SPARC V8, now obsolete. */
-const static char *const non_hybrid_shared_lib = NULL;
+const static char* const non_hybrid_shared_lib = NULL;
const static char int_hybrid_isa[] = "sparcv8plus";
const static char fpu_hybrid_isa[] = "sparcv8plus+vis";
#endif
-static const char *
+static const char*
getLibName(void)
{
- char * found_int_hybrid;
- char * found_fpu_hybrid;
+ char* found_int_hybrid;
+ char* found_fpu_hybrid;
long buflen;
char buf[256];
buflen = sysinfo(SI_ISALIST, buf, sizeof buf);
- if (buflen <= 0)
- return NULL;
+ if (buflen <= 0)
+ return NULL;
/* sysinfo output is always supposed to be NUL terminated, but ... */
- if (buflen < sizeof buf)
- buf[buflen] = '\0';
+ if (buflen < sizeof buf)
+ buf[buflen] = '\0';
else
- buf[(sizeof buf) - 1] = '\0';
+ buf[(sizeof buf) - 1] = '\0';
/* The ISA list is a space separated string of names of ISAs and
* ISA extensions, in order of decreasing performance.
* There are two different ISAs with which NSS's crypto code can be
@@ -67,13 +65,13 @@ getLibName(void)
*/
found_int_hybrid = strstr(buf, int_hybrid_isa);
found_fpu_hybrid = strstr(buf, fpu_hybrid_isa);
- if (found_fpu_hybrid &&
- (!found_int_hybrid ||
- (found_int_hybrid - found_fpu_hybrid) >= 0)) {
- return fpu_hybrid_shared_lib;
+ if (found_fpu_hybrid &&
+ (!found_int_hybrid ||
+ (found_int_hybrid - found_fpu_hybrid) >= 0)) {
+ return fpu_hybrid_shared_lib;
}
if (found_int_hybrid) {
- return int_hybrid_shared_lib;
+ return int_hybrid_shared_lib;
}
return non_hybrid_shared_lib;
}
@@ -84,15 +82,19 @@ getLibName(void)
/* This code tests to see if we're running on a PA2.x CPU.
** It returns true (1) if so, and false (0) otherwise.
*/
-static const char *
+static const char*
getLibName(void)
{
long cpu = sysconf(_SC_CPU_VERSION);
- return (cpu == CPU_PA_RISC2_0)
- ? "libfreebl_32fpu_3.sl"
- : "libfreebl_32int_3.sl" ;
+ return (cpu == CPU_PA_RISC2_0)
+ ? "libfreebl_32fpu_3.sl"
+ : "libfreebl_32int_3.sl";
}
#else
/* default case, for platforms/ABIs that have only one freebl shared lib. */
-static const char * getLibName(void) { return default_name; }
+static const char*
+getLibName(void)
+{
+ return default_name;
+}
#endif
diff --git a/lib/freebl/camellia.c b/lib/freebl/camellia.c
index 07ae425b8..8e6ef91b2 100644
--- a/lib/freebl/camellia.c
+++ b/lib/freebl/camellia.c
@@ -15,7 +15,6 @@
#include "camellia.h"
#include "sha_fast.h" /* for SHA_HTONL and related configuration macros */
-
/* key constants */
#define CAMELLIA_SIGMA1L (0xA09E667FL)
@@ -35,7 +34,6 @@
* macros
*/
-
#if defined(SHA_ALLOW_UNALIGNED_ACCESS)
/* require a CPU that allows unaligned access */
@@ -44,22 +42,24 @@
#define CAMELLIA_NEED_TMP_VARIABLE 1
#endif
-# define GETU32(p) SHA_HTONL(*((PRUint32 *)(p)))
-# define PUTU32(ct, st) {*((PRUint32 *)(ct)) = SHA_HTONL(st);}
+#define GETU32(p) SHA_HTONL(*((PRUint32 *)(p)))
+#define PUTU32(ct, st) \
+ { \
+ *((PRUint32 *)(ct)) = SHA_HTONL(st); \
+ }
#else /* no unaligned access */
-# define GETU32(pt) \
- (((PRUint32)(pt)[0] << 24) \
- ^ ((PRUint32)(pt)[1] << 16) \
- ^ ((PRUint32)(pt)[2] << 8) \
- ^ ((PRUint32)(pt)[3]))
+#define GETU32(pt) \
+ (((PRUint32)(pt)[0] << 24) ^ ((PRUint32)(pt)[1] << 16) ^ ((PRUint32)(pt)[2] << 8) ^ ((PRUint32)(pt)[3]))
-# define PUTU32(ct, st) { \
- (ct)[0] = (PRUint8)((st) >> 24); \
- (ct)[1] = (PRUint8)((st) >> 16); \
- (ct)[2] = (PRUint8)((st) >> 8); \
- (ct)[3] = (PRUint8)(st); }
+#define PUTU32(ct, st) \
+ { \
+ (ct)[0] = (PRUint8)((st) >> 24); \
+ (ct)[1] = (PRUint8)((st) >> 16); \
+ (ct)[2] = (PRUint8)((st) >> 8); \
+ (ct)[3] = (PRUint8)(st); \
+ }
#endif
@@ -73,367 +73,365 @@
/* rotation left shift 1byte */
#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
-#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
- do { \
- w0 = ll; \
- ll = (ll << bits) + (lr >> (32 - bits)); \
- lr = (lr << bits) + (rl >> (32 - bits)); \
- rl = (rl << bits) + (rr >> (32 - bits)); \
- rr = (rr << bits) + (w0 >> (32 - bits)); \
- } while(0)
-
-#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
- do { \
- w0 = ll; \
- w1 = lr; \
- ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
- lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
- rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
- rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
- } while(0)
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
+ do { \
+ w0 = ll; \
+ ll = (ll << bits) + (lr >> (32 - bits)); \
+ lr = (lr << bits) + (rl >> (32 - bits)); \
+ rl = (rl << bits) + (rr >> (32 - bits)); \
+ rr = (rr << bits) + (w0 >> (32 - bits)); \
+ } while (0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
+ do { \
+ w0 = ll; \
+ w1 = lr; \
+ ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+ lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+ rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+ rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+ } while (0)
#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
-#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
- do { \
- il = xl ^ kl; \
- ir = xr ^ kr; \
- t0 = il >> 16; \
- t1 = ir >> 16; \
- yl = CAMELLIA_SP1110(ir & 0xff) \
- ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
- ^ CAMELLIA_SP3033(t1 & 0xff) \
- ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
- yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
- ^ CAMELLIA_SP0222(t0 & 0xff) \
- ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
- ^ CAMELLIA_SP4404(il & 0xff); \
- yl ^= yr; \
- yr = CAMELLIA_RR8(yr); \
- yr ^= yl; \
- } while(0)
-
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+ do { \
+ il = xl ^ kl; \
+ ir = xr ^ kr; \
+ t0 = il >> 16; \
+ t1 = ir >> 16; \
+ yl = CAMELLIA_SP1110(ir & 0xff) ^ \
+ CAMELLIA_SP0222((t1 >> 8) & 0xff) ^ \
+ CAMELLIA_SP3033(t1 & 0xff) ^ \
+ CAMELLIA_SP4404((ir >> 8) & 0xff); \
+ yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) ^ \
+ CAMELLIA_SP0222(t0 & 0xff) ^ \
+ CAMELLIA_SP3033((il >> 8) & 0xff) ^ \
+ CAMELLIA_SP4404(il & 0xff); \
+ yl ^= yr; \
+ yr = CAMELLIA_RR8(yr); \
+ yr ^= yl; \
+ } while (0)
/*
* for speed up
*
*/
#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
- do { \
- t0 = kll; \
- t0 &= ll; \
- lr ^= CAMELLIA_RL1(t0); \
- t1 = klr; \
- t1 |= lr; \
- ll ^= t1; \
- \
- t2 = krr; \
- t2 |= rr; \
- rl ^= t2; \
- t3 = krl; \
- t3 &= rl; \
- rr ^= CAMELLIA_RL1(t3); \
- } while(0)
-
-#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
- do { \
- ir = CAMELLIA_SP1110(xr & 0xff) \
- ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
- ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
- ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
- il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
- ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
- ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
- ^ CAMELLIA_SP4404(xl & 0xff); \
- il ^= kl; \
- ir ^= kr; \
- ir ^= il; \
- il = CAMELLIA_RR8(il); \
- il ^= ir; \
- yl ^= ir; \
- yr ^= il; \
- } while(0)
-
+ do { \
+ t0 = kll; \
+ t0 &= ll; \
+ lr ^= CAMELLIA_RL1(t0); \
+ t1 = klr; \
+ t1 |= lr; \
+ ll ^= t1; \
+ \
+ t2 = krr; \
+ t2 |= rr; \
+ rl ^= t2; \
+ t3 = krl; \
+ t3 &= rl; \
+ rr ^= CAMELLIA_RL1(t3); \
+ } while (0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+ do { \
+ ir = CAMELLIA_SP1110(xr & 0xff) ^ \
+ CAMELLIA_SP0222((xr >> 24) & 0xff) ^ \
+ CAMELLIA_SP3033((xr >> 16) & 0xff) ^ \
+ CAMELLIA_SP4404((xr >> 8) & 0xff); \
+ il = CAMELLIA_SP1110((xl >> 24) & 0xff) ^ \
+ CAMELLIA_SP0222((xl >> 16) & 0xff) ^ \
+ CAMELLIA_SP3033((xl >> 8) & 0xff) ^ \
+ CAMELLIA_SP4404(xl & 0xff); \
+ il ^= kl; \
+ ir ^= kr; \
+ ir ^= il; \
+ il = CAMELLIA_RR8(il); \
+ il ^= ir; \
+ yl ^= ir; \
+ yr ^= il; \
+ } while (0)
static const PRUint32 camellia_sp1110[256] = {
- 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
- 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
- 0xe4e4e400,0x85858500,0x57575700,0x35353500,
- 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
- 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
- 0x45454500,0x19191900,0xa5a5a500,0x21212100,
- 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
- 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
- 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
- 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
- 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
- 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
- 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
- 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
- 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
- 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
- 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
- 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
- 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
- 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
- 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
- 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
- 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
- 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
- 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
- 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
- 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
- 0x53535300,0x18181800,0xf2f2f200,0x22222200,
- 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
- 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
- 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
- 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
- 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
- 0xa1a1a100,0x89898900,0x62626200,0x97979700,
- 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
- 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
- 0x10101000,0xc4c4c400,0x00000000,0x48484800,
- 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
- 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
- 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
- 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
- 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
- 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
- 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
- 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
- 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
- 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
- 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
- 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
- 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
- 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
- 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
- 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
- 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
- 0xd4d4d400,0x25252500,0xababab00,0x42424200,
- 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
- 0x72727200,0x07070700,0xb9b9b900,0x55555500,
- 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
- 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
- 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
- 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
- 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
- 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
- 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+ 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
+ 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
+ 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
+ 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
+ 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
+ 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
+ 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
+ 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
+ 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
+ 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
+ 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
+ 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
+ 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
+ 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
+ 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
+ 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
+ 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
+ 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
+ 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
+ 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
+ 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
+ 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
+ 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
+ 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
+ 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
+ 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
+ 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
+ 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
+ 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
+ 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
+ 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
+ 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
+ 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
+ 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
+ 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
+ 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
+ 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
+ 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
+ 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
+ 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
+ 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
+ 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
+ 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
+ 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
+ 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
+ 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
+ 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
+ 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
+ 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
+ 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
+ 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
+ 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
+ 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
+ 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
+ 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
+ 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
+ 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
+ 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
+ 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
+ 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
+ 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
+ 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
+ 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
+ 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
};
static const PRUint32 camellia_sp0222[256] = {
- 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
- 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
- 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
- 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
- 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
- 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
- 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
- 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
- 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
- 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
- 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
- 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
- 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
- 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
- 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
- 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
- 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
- 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
- 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
- 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
- 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
- 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
- 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
- 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
- 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
- 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
- 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
- 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
- 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
- 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
- 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
- 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
- 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
- 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
- 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
- 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
- 0x00202020,0x00898989,0x00000000,0x00909090,
- 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
- 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
- 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
- 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
- 0x009b9b9b,0x00949494,0x00212121,0x00666666,
- 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
- 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
- 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
- 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
- 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
- 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
- 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
- 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
- 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
- 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
- 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
- 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
- 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
- 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
- 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
- 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
- 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
- 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
- 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
- 0x00777777,0x00939393,0x00868686,0x00838383,
- 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
- 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+ 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
+ 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
+ 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
+ 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
+ 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
+ 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
+ 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
+ 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
+ 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
+ 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
+ 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
+ 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
+ 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
+ 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
+ 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
+ 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
+ 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
+ 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
+ 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
+ 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
+ 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
+ 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
+ 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
+ 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
+ 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
+ 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
+ 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
+ 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
+ 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
+ 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
+ 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
+ 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
+ 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
+ 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
+ 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
+ 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
+ 0x00202020, 0x00898989, 0x00000000, 0x00909090,
+ 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
+ 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
+ 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
+ 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
+ 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
+ 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
+ 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
+ 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
+ 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
+ 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
+ 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
+ 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
+ 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
+ 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
+ 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
+ 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
+ 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
+ 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
+ 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
+ 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
+ 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
+ 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
+ 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
+ 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
+ 0x00777777, 0x00939393, 0x00868686, 0x00838383,
+ 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
+ 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
};
static const PRUint32 camellia_sp3033[256] = {
- 0x38003838,0x41004141,0x16001616,0x76007676,
- 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
- 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
- 0x75007575,0x06000606,0x57005757,0xa000a0a0,
- 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
- 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
- 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
- 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
- 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
- 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
- 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
- 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
- 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
- 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
- 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
- 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
- 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
- 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
- 0x3a003a3a,0x09000909,0x95009595,0x10001010,
- 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
- 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
- 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
- 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
- 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
- 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
- 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
- 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
- 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
- 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
- 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
- 0x12001212,0x04000404,0x74007474,0x54005454,
- 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
- 0x55005555,0x68006868,0x50005050,0xbe00bebe,
- 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
- 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
- 0x70007070,0xff00ffff,0x32003232,0x69006969,
- 0x08000808,0x62006262,0x00000000,0x24002424,
- 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
- 0x45004545,0x81008181,0x73007373,0x6d006d6d,
- 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
- 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
- 0xe600e6e6,0x25002525,0x48004848,0x99009999,
- 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
- 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
- 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
- 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
- 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
- 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
- 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
- 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
- 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
- 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
- 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
- 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
- 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
- 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
- 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
- 0x7c007c7c,0x77007777,0x56005656,0x05000505,
- 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
- 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
- 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
- 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
- 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
- 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+ 0x38003838, 0x41004141, 0x16001616, 0x76007676,
+ 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
+ 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
+ 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
+ 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
+ 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
+ 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
+ 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
+ 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
+ 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
+ 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
+ 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
+ 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
+ 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
+ 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
+ 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
+ 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
+ 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
+ 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
+ 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
+ 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
+ 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
+ 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
+ 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
+ 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
+ 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
+ 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
+ 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
+ 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
+ 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
+ 0x12001212, 0x04000404, 0x74007474, 0x54005454,
+ 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
+ 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
+ 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
+ 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
+ 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
+ 0x08000808, 0x62006262, 0x00000000, 0x24002424,
+ 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
+ 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
+ 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
+ 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
+ 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
+ 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
+ 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
+ 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
+ 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
+ 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
+ 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
+ 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
+ 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
+ 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
+ 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
+ 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
+ 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
+ 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
+ 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
+ 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
+ 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
+ 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
+ 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
+ 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
+ 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
+ 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
+ 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
};
static const PRUint32 camellia_sp4404[256] = {
- 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
- 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
- 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
- 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
- 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
- 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
- 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
- 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
- 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
- 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
- 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
- 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
- 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
- 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
- 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
- 0x24240024,0xe8e800e8,0x60600060,0x69690069,
- 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
- 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
- 0x10100010,0x00000000,0xa3a300a3,0x75750075,
- 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
- 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
- 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
- 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
- 0x81810081,0x6f6f006f,0x13130013,0x63630063,
- 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
- 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
- 0x78780078,0x06060006,0xe7e700e7,0x71710071,
- 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
- 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
- 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
- 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
- 0x15150015,0xadad00ad,0x77770077,0x80800080,
- 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
- 0x85850085,0x35350035,0x0c0c000c,0x41410041,
- 0xefef00ef,0x93930093,0x19190019,0x21210021,
- 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
- 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
- 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
- 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
- 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
- 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
- 0x12120012,0x20200020,0xb1b100b1,0x99990099,
- 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
- 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
- 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
- 0x0f0f000f,0x16160016,0x18180018,0x22220022,
- 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
- 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
- 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
- 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
- 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
- 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
- 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
- 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
- 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
- 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
- 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
- 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
- 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
- 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
- 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
- 0x49490049,0x68680068,0x38380038,0xa4a400a4,
- 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
- 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+ 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
+ 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
+ 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
+ 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
+ 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
+ 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
+ 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
+ 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
+ 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
+ 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
+ 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
+ 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
+ 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
+ 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
+ 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
+ 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
+ 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
+ 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
+ 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
+ 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
+ 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
+ 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
+ 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
+ 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
+ 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
+ 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
+ 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
+ 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
+ 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
+ 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
+ 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
+ 0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
+ 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
+ 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
+ 0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
+ 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
+ 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
+ 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
+ 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
+ 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
+ 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
+ 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
+ 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
+ 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
+ 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
+ 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
+ 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
+ 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
+ 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
+ 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
+ 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
+ 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
+ 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
+ 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
+ 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
+ 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
+ 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
+ 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
+ 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
+ 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
+ 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
+ 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
+ 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
+ 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
};
-
/**
* Stuff related to the Camellia key schedule
*/
#define subl(x) subL[(x)]
#define subr(x) subR[(x)]
-void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
+void
+camellia_setup128(const unsigned char *key, PRUint32 *subkey)
{
PRUint32 kll, klr, krl, krr;
PRUint32 il, ir, t0, t1, w0, w1;
@@ -447,106 +445,157 @@ void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
/**
* k == kll || klr || krl || krr (|| is concatination)
*/
- kll = GETU32(key );
- klr = GETU32(key + 4);
- krl = GETU32(key + 8);
+ kll = GETU32(key);
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
krr = GETU32(key + 12);
/**
* generate KL dependent subkeys
*/
- subl(0) = kll; subr(0) = klr;
- subl(1) = krl; subr(1) = krr;
+ subl(0) = kll;
+ subr(0) = klr;
+ subl(1) = krl;
+ subr(1) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(4) = kll; subr(4) = klr;
- subl(5) = krl; subr(5) = krr;
+ subl(4) = kll;
+ subr(4) = klr;
+ subl(5) = krl;
+ subr(5) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
- subl(10) = kll; subr(10) = klr;
- subl(11) = krl; subr(11) = krr;
+ subl(10) = kll;
+ subr(10) = klr;
+ subl(11) = krl;
+ subr(11) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(13) = krl; subr(13) = krr;
+ subl(13) = krl;
+ subr(13) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(16) = kll; subr(16) = klr;
- subl(17) = krl; subr(17) = krr;
+ subl(16) = kll;
+ subr(16) = klr;
+ subl(17) = krl;
+ subr(17) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(18) = kll; subr(18) = klr;
- subl(19) = krl; subr(19) = krr;
+ subl(18) = kll;
+ subr(18) = klr;
+ subl(19) = krl;
+ subr(19) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(22) = kll; subr(22) = klr;
- subl(23) = krl; subr(23) = krr;
+ subl(22) = kll;
+ subr(22) = klr;
+ subl(23) = krl;
+ subr(23) = krr;
/* generate KA */
- kll = subl(0); klr = subr(0);
- krl = subl(1); krr = subr(1);
+ kll = subl(0);
+ klr = subr(0);
+ krl = subl(1);
+ krr = subr(1);
CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
- w0, w1, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0;
+ krr ^= w1;
CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
- kll, klr, il, ir, t0, t1);
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
- krl, krr, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0;
+ krr ^= w1;
CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
- w0, w1, il, ir, t0, t1);
- kll ^= w0; klr ^= w1;
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0;
+ klr ^= w1;
/* generate KA dependent subkeys */
- subl(2) = kll; subr(2) = klr;
- subl(3) = krl; subr(3) = krr;
+ subl(2) = kll;
+ subr(2) = klr;
+ subl(3) = krl;
+ subr(3) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(6) = kll; subr(6) = klr;
- subl(7) = krl; subr(7) = krr;
+ subl(6) = kll;
+ subr(6) = klr;
+ subl(7) = krl;
+ subr(7) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(8) = kll; subr(8) = klr;
- subl(9) = krl; subr(9) = krr;
+ subl(8) = kll;
+ subr(8) = klr;
+ subl(9) = krl;
+ subr(9) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(12) = kll; subr(12) = klr;
+ subl(12) = kll;
+ subr(12) = klr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(14) = kll; subr(14) = klr;
- subl(15) = krl; subr(15) = krr;
+ subl(14) = kll;
+ subr(14) = klr;
+ subl(15) = krl;
+ subr(15) = krr;
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
- subl(20) = kll; subr(20) = klr;
- subl(21) = krl; subr(21) = krr;
+ subl(20) = kll;
+ subr(20) = klr;
+ subl(21) = krl;
+ subr(21) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(24) = kll; subr(24) = klr;
- subl(25) = krl; subr(25) = krr;
-
+ subl(24) = kll;
+ subr(24) = klr;
+ subl(25) = krl;
+ subr(25) = krr;
/* absorb kw2 to other subkeys */
- subl(3) ^= subl(1); subr(3) ^= subr(1);
- subl(5) ^= subl(1); subr(5) ^= subr(1);
- subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(3) ^= subl(1);
+ subr(3) ^= subr(1);
+ subl(5) ^= subl(1);
+ subr(5) ^= subr(1);
+ subl(7) ^= subl(1);
+ subr(7) ^= subr(1);
subl(1) ^= subr(1) & ~subr(9);
dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
- subl(11) ^= subl(1); subr(11) ^= subr(1);
- subl(13) ^= subl(1); subr(13) ^= subr(1);
- subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(11) ^= subl(1);
+ subr(11) ^= subr(1);
+ subl(13) ^= subl(1);
+ subr(13) ^= subr(1);
+ subl(15) ^= subl(1);
+ subr(15) ^= subr(1);
subl(1) ^= subr(1) & ~subr(17);
dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
- subl(19) ^= subl(1); subr(19) ^= subr(1);
- subl(21) ^= subl(1); subr(21) ^= subr(1);
- subl(23) ^= subl(1); subr(23) ^= subr(1);
- subl(24) ^= subl(1); subr(24) ^= subr(1);
+ subl(19) ^= subl(1);
+ subr(19) ^= subr(1);
+ subl(21) ^= subl(1);
+ subr(21) ^= subr(1);
+ subl(23) ^= subl(1);
+ subr(23) ^= subr(1);
+ subl(24) ^= subl(1);
+ subr(24) ^= subr(1);
/* absorb kw4 to other subkeys */
- kw4l = subl(25); kw4r = subr(25);
- subl(22) ^= kw4l; subr(22) ^= kw4r;
- subl(20) ^= kw4l; subr(20) ^= kw4r;
- subl(18) ^= kw4l; subr(18) ^= kw4r;
+ kw4l = subl(25);
+ kw4r = subr(25);
+ subl(22) ^= kw4l;
+ subr(22) ^= kw4r;
+ subl(20) ^= kw4l;
+ subr(20) ^= kw4r;
+ subl(18) ^= kw4l;
+ subr(18) ^= kw4r;
kw4l ^= kw4r & ~subr(16);
dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
- subl(14) ^= kw4l; subr(14) ^= kw4r;
- subl(12) ^= kw4l; subr(12) ^= kw4r;
- subl(10) ^= kw4l; subr(10) ^= kw4r;
+ subl(14) ^= kw4l;
+ subr(14) ^= kw4r;
+ subl(12) ^= kw4l;
+ subr(12) ^= kw4r;
+ subl(10) ^= kw4l;
+ subr(10) ^= kw4r;
kw4l ^= kw4r & ~subr(8);
dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
- subl(6) ^= kw4l; subr(6) ^= kw4r;
- subl(4) ^= kw4l; subr(4) ^= kw4r;
- subl(2) ^= kw4l; subr(2) ^= kw4r;
- subl(0) ^= kw4l; subr(0) ^= kw4r;
+ subl(6) ^= kw4l;
+ subr(6) ^= kw4r;
+ subl(4) ^= kw4l;
+ subr(4) ^= kw4r;
+ subl(2) ^= kw4l;
+ subr(2) ^= kw4r;
+ subl(0) ^= kw4l;
+ subr(0) ^= kw4r;
/* key XOR is end of F-function */
CamelliaSubkeyL(0) = subl(0) ^ subl(2);
@@ -582,7 +631,7 @@ void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
CamelliaSubkeyL(14) = subl(13) ^ subl(15);
CamelliaSubkeyR(14) = subr(13) ^ subr(15);
tl = subl(18) ^ (subr(18) & ~subr(16));
- dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+ dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
CamelliaSubkeyL(15) = subl(14) ^ tl;
CamelliaSubkeyR(15) = subr(14) ^ tr;
CamelliaSubkeyL(16) = subl(16);
@@ -590,7 +639,7 @@ void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
CamelliaSubkeyL(17) = subl(17);
CamelliaSubkeyR(17) = subr(17);
tl = subl(15) ^ (subr(15) & ~subr(17));
- dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+ dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
CamelliaSubkeyL(18) = tl ^ subl(19);
CamelliaSubkeyR(18) = tr ^ subr(19);
CamelliaSubkeyL(19) = subl(18) ^ subl(20);
@@ -647,11 +696,12 @@ void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
return;
}
-void camellia_setup256(const unsigned char *key, PRUint32 *subkey)
+void
+camellia_setup256(const unsigned char *key, PRUint32 *subkey)
{
- PRUint32 kll,klr,krl,krr; /* left half of key */
- PRUint32 krll,krlr,krrl,krrr; /* right half of key */
- PRUint32 il, ir, t0, t1, w0, w1; /* temporary variables */
+ PRUint32 kll, klr, krl, krr; /* left half of key */
+ PRUint32 krll, krlr, krrl, krrr; /* right half of key */
+ PRUint32 il, ir, t0, t1, w0, w1; /* temporary variables */
PRUint32 kw4l, kw4r, dw, tl, tr;
PRUint32 subL[34];
PRUint32 subR[34];
@@ -664,146 +714,217 @@ void camellia_setup256(const unsigned char *key, PRUint32 *subkey)
* (|| is concatination)
*/
- kll = GETU32(key );
- klr = GETU32(key + 4);
- krl = GETU32(key + 8);
- krr = GETU32(key + 12);
+ kll = GETU32(key);
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
krll = GETU32(key + 16);
krlr = GETU32(key + 20);
krrl = GETU32(key + 24);
krrr = GETU32(key + 28);
/* generate KL dependent subkeys */
- subl(0) = kll; subr(0) = klr;
- subl(1) = krl; subr(1) = krr;
+ subl(0) = kll;
+ subr(0) = klr;
+ subl(1) = krl;
+ subr(1) = krr;
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
- subl(12) = kll; subr(12) = klr;
- subl(13) = krl; subr(13) = krr;
+ subl(12) = kll;
+ subr(12) = klr;
+ subl(13) = krl;
+ subr(13) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(16) = kll; subr(16) = klr;
- subl(17) = krl; subr(17) = krr;
+ subl(16) = kll;
+ subr(16) = klr;
+ subl(17) = krl;
+ subr(17) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- subl(22) = kll; subr(22) = klr;
- subl(23) = krl; subr(23) = krr;
+ subl(22) = kll;
+ subr(22) = klr;
+ subl(23) = krl;
+ subr(23) = krr;
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
- subl(30) = kll; subr(30) = klr;
- subl(31) = krl; subr(31) = krr;
+ subl(30) = kll;
+ subr(30) = klr;
+ subl(31) = krl;
+ subr(31) = krr;
/* generate KR dependent subkeys */
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
- subl(4) = krll; subr(4) = krlr;
- subl(5) = krrl; subr(5) = krrr;
+ subl(4) = krll;
+ subr(4) = krlr;
+ subl(5) = krrl;
+ subr(5) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
- subl(8) = krll; subr(8) = krlr;
- subl(9) = krrl; subr(9) = krrr;
+ subl(8) = krll;
+ subr(8) = krlr;
+ subl(9) = krrl;
+ subr(9) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- subl(18) = krll; subr(18) = krlr;
- subl(19) = krrl; subr(19) = krrr;
+ subl(18) = krll;
+ subr(18) = krlr;
+ subl(19) = krrl;
+ subr(19) = krrr;
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
- subl(26) = krll; subr(26) = krlr;
- subl(27) = krrl; subr(27) = krrr;
+ subl(26) = krll;
+ subr(26) = krlr;
+ subl(27) = krrl;
+ subr(27) = krrr;
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
/* generate KA */
- kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
- krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+ kll = subl(0) ^ krll;
+ klr = subr(0) ^ krlr;
+ krl = subl(1) ^ krrl;
+ krr = subr(1) ^ krrr;
CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
- w0, w1, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0;
+ krr ^= w1;
CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
- kll, klr, il, ir, t0, t1);
- kll ^= krll; klr ^= krlr;
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
+ kll ^= krll;
+ klr ^= krlr;
CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
- krl, krr, il, ir, t0, t1);
- krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0 ^ krrl;
+ krr ^= w1 ^ krrr;
CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
- w0, w1, il, ir, t0, t1);
- kll ^= w0; klr ^= w1;
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0;
+ klr ^= w1;
/* generate KB */
- krll ^= kll; krlr ^= klr;
- krrl ^= krl; krrr ^= krr;
+ krll ^= kll;
+ krlr ^= klr;
+ krrl ^= krl;
+ krrr ^= krr;
CAMELLIA_F(krll, krlr,
- CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
- w0, w1, il, ir, t0, t1);
- krrl ^= w0; krrr ^= w1;
+ CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+ w0, w1, il, ir, t0, t1);
+ krrl ^= w0;
+ krrr ^= w1;
CAMELLIA_F(krrl, krrr,
- CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
- w0, w1, il, ir, t0, t1);
- krll ^= w0; krlr ^= w1;
+ CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+ w0, w1, il, ir, t0, t1);
+ krll ^= w0;
+ krlr ^= w1;
/* generate KA dependent subkeys */
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- subl(6) = kll; subr(6) = klr;
- subl(7) = krl; subr(7) = krr;
+ subl(6) = kll;
+ subr(6) = klr;
+ subl(7) = krl;
+ subr(7) = krr;
CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
- subl(14) = kll; subr(14) = klr;
- subl(15) = krl; subr(15) = krr;
- subl(24) = klr; subr(24) = krl;
- subl(25) = krr; subr(25) = kll;
+ subl(14) = kll;
+ subr(14) = klr;
+ subl(15) = krl;
+ subr(15) = krr;
+ subl(24) = klr;
+ subr(24) = krl;
+ subl(25) = krr;
+ subr(25) = kll;
CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
- subl(28) = kll; subr(28) = klr;
- subl(29) = krl; subr(29) = krr;
+ subl(28) = kll;
+ subr(28) = klr;
+ subl(29) = krl;
+ subr(29) = krr;
/* generate KB dependent subkeys */
- subl(2) = krll; subr(2) = krlr;
- subl(3) = krrl; subr(3) = krrr;
+ subl(2) = krll;
+ subr(2) = krlr;
+ subl(3) = krrl;
+ subr(3) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- subl(10) = krll; subr(10) = krlr;
- subl(11) = krrl; subr(11) = krrr;
+ subl(10) = krll;
+ subr(10) = krlr;
+ subl(11) = krrl;
+ subr(11) = krrr;
CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- subl(20) = krll; subr(20) = krlr;
- subl(21) = krrl; subr(21) = krrr;
+ subl(20) = krll;
+ subr(20) = krlr;
+ subl(21) = krrl;
+ subr(21) = krrr;
CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
- subl(32) = krll; subr(32) = krlr;
- subl(33) = krrl; subr(33) = krrr;
+ subl(32) = krll;
+ subr(32) = krlr;
+ subl(33) = krrl;
+ subr(33) = krrr;
/* absorb kw2 to other subkeys */
- subl(3) ^= subl(1); subr(3) ^= subr(1);
- subl(5) ^= subl(1); subr(5) ^= subr(1);
- subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(3) ^= subl(1);
+ subr(3) ^= subr(1);
+ subl(5) ^= subl(1);
+ subr(5) ^= subr(1);
+ subl(7) ^= subl(1);
+ subr(7) ^= subr(1);
subl(1) ^= subr(1) & ~subr(9);
dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
- subl(11) ^= subl(1); subr(11) ^= subr(1);
- subl(13) ^= subl(1); subr(13) ^= subr(1);
- subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(11) ^= subl(1);
+ subr(11) ^= subr(1);
+ subl(13) ^= subl(1);
+ subr(13) ^= subr(1);
+ subl(15) ^= subl(1);
+ subr(15) ^= subr(1);
subl(1) ^= subr(1) & ~subr(17);
dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
- subl(19) ^= subl(1); subr(19) ^= subr(1);
- subl(21) ^= subl(1); subr(21) ^= subr(1);
- subl(23) ^= subl(1); subr(23) ^= subr(1);
+ subl(19) ^= subl(1);
+ subr(19) ^= subr(1);
+ subl(21) ^= subl(1);
+ subr(21) ^= subr(1);
+ subl(23) ^= subl(1);
+ subr(23) ^= subr(1);
subl(1) ^= subr(1) & ~subr(25);
dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
- subl(27) ^= subl(1); subr(27) ^= subr(1);
- subl(29) ^= subl(1); subr(29) ^= subr(1);
- subl(31) ^= subl(1); subr(31) ^= subr(1);
- subl(32) ^= subl(1); subr(32) ^= subr(1);
+ subl(27) ^= subl(1);
+ subr(27) ^= subr(1);
+ subl(29) ^= subl(1);
+ subr(29) ^= subr(1);
+ subl(31) ^= subl(1);
+ subr(31) ^= subr(1);
+ subl(32) ^= subl(1);
+ subr(32) ^= subr(1);
/* absorb kw4 to other subkeys */
- kw4l = subl(33); kw4r = subr(33);
- subl(30) ^= kw4l; subr(30) ^= kw4r;
- subl(28) ^= kw4l; subr(28) ^= kw4r;
- subl(26) ^= kw4l; subr(26) ^= kw4r;
+ kw4l = subl(33);
+ kw4r = subr(33);
+ subl(30) ^= kw4l;
+ subr(30) ^= kw4r;
+ subl(28) ^= kw4l;
+ subr(28) ^= kw4r;
+ subl(26) ^= kw4l;
+ subr(26) ^= kw4r;
kw4l ^= kw4r & ~subr(24);
dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
- subl(22) ^= kw4l; subr(22) ^= kw4r;
- subl(20) ^= kw4l; subr(20) ^= kw4r;
- subl(18) ^= kw4l; subr(18) ^= kw4r;
+ subl(22) ^= kw4l;
+ subr(22) ^= kw4r;
+ subl(20) ^= kw4l;
+ subr(20) ^= kw4r;
+ subl(18) ^= kw4l;
+ subr(18) ^= kw4r;
kw4l ^= kw4r & ~subr(16);
dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
- subl(14) ^= kw4l; subr(14) ^= kw4r;
- subl(12) ^= kw4l; subr(12) ^= kw4r;
- subl(10) ^= kw4l; subr(10) ^= kw4r;
+ subl(14) ^= kw4l;
+ subr(14) ^= kw4r;
+ subl(12) ^= kw4l;
+ subr(12) ^= kw4r;
+ subl(10) ^= kw4l;
+ subr(10) ^= kw4r;
kw4l ^= kw4r & ~subr(8);
dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
- subl(6) ^= kw4l; subr(6) ^= kw4r;
- subl(4) ^= kw4l; subr(4) ^= kw4r;
- subl(2) ^= kw4l; subr(2) ^= kw4r;
- subl(0) ^= kw4l; subr(0) ^= kw4r;
+ subl(6) ^= kw4l;
+ subr(6) ^= kw4r;
+ subl(4) ^= kw4l;
+ subr(4) ^= kw4r;
+ subl(2) ^= kw4l;
+ subr(2) ^= kw4r;
+ subl(0) ^= kw4l;
+ subr(0) ^= kw4r;
/* key XOR is end of F-function */
CamelliaSubkeyL(0) = subl(0) ^ subl(2);
@@ -866,7 +987,7 @@ void camellia_setup256(const unsigned char *key, PRUint32 *subkey)
CamelliaSubkeyR(24) = subr(24);
CamelliaSubkeyL(25) = subl(25);
CamelliaSubkeyR(25) = subr(25);
- tl = subl(23) ^ (subr(23) & ~subr(25));
+ tl = subl(23) ^ (subr(23) & ~subr(25));
dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
CamelliaSubkeyL(26) = tl ^ subl(27);
CamelliaSubkeyR(26) = tr ^ subr(27);
@@ -931,36 +1052,36 @@ void camellia_setup256(const unsigned char *key, PRUint32 *subkey)
dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
- CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
-
+ CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, CamelliaSubkeyL(31) = dw;
+
return;
}
-void camellia_setup192(const unsigned char *key, PRUint32 *subkey)
+void
+camellia_setup192(const unsigned char *key, PRUint32 *subkey)
{
unsigned char kk[32];
- PRUint32 krll, krlr, krrl,krrr;
+ PRUint32 krll, krlr, krrl, krrr;
memcpy(kk, key, 24);
- memcpy((unsigned char *)&krll, key+16,4);
- memcpy((unsigned char *)&krlr, key+20,4);
+ memcpy((unsigned char *)&krll, key + 16, 4);
+ memcpy((unsigned char *)&krlr, key + 20, 4);
krrl = ~krll;
krrr = ~krlr;
- memcpy(kk+24, (unsigned char *)&krrl, 4);
- memcpy(kk+28, (unsigned char *)&krrr, 4);
+ memcpy(kk + 24, (unsigned char *)&krrl, 4);
+ memcpy(kk + 28, (unsigned char *)&krrr, 4);
camellia_setup256(kk, subkey);
return;
}
-
/**
* Stuff related to camellia encryption/decryption
*
*/
SECStatus
camellia_encrypt128(const PRUint32 *subkey,
- unsigned char *output,
- const unsigned char *input)
+ unsigned char *output,
+ const unsigned char *input)
{
PRUint32 il, ir, t0, t1;
PRUint32 io[4];
@@ -969,81 +1090,81 @@ camellia_encrypt128(const PRUint32 *subkey,
#endif
io[0] = GETU32(input);
- io[1] = GETU32(input+4);
- io[2] = GETU32(input+8);
- io[3] = GETU32(input+12);
+ io[1] = GETU32(input + 4);
+ io[2] = GETU32(input + 8);
+ io[3] = GETU32(input + 12);
/* pre whitening but absorb kw2*/
io[0] ^= CamelliaSubkeyL(0);
io[1] ^= CamelliaSubkeyR(0);
/* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[0], io[1], il, ir, t0, t1);
/* post whitening but kw4 */
io[2] ^= CamelliaSubkeyL(24);
@@ -1057,100 +1178,100 @@ camellia_encrypt128(const PRUint32 *subkey,
io[3] = t1;
PUTU32(output, io[0]);
- PUTU32(output+4, io[1]);
- PUTU32(output+8, io[2]);
- PUTU32(output+12, io[3]);
+ PUTU32(output + 4, io[1]);
+ PUTU32(output + 8, io[2]);
+ PUTU32(output + 12, io[3]);
return SECSuccess;
}
SECStatus
camellia_decrypt128(const PRUint32 *subkey,
- unsigned char *output,
- const unsigned char *input)
+ unsigned char *output,
+ const unsigned char *input)
{
- PRUint32 il,ir,t0,t1; /* temporary valiables */
+ PRUint32 il, ir, t0, t1; /* temporary valiables */
PRUint32 io[4];
#if defined(CAMELLIA_NEED_TMP_VARIABLE)
PRUint32 tmp;
#endif
io[0] = GETU32(input);
- io[1] = GETU32(input+4);
- io[2] = GETU32(input+8);
- io[3] = GETU32(input+12);
+ io[1] = GETU32(input + 4);
+ io[2] = GETU32(input + 8);
+ io[3] = GETU32(input + 12);
/* pre whitening but absorb kw2*/
io[0] ^= CamelliaSubkeyL(24);
io[1] ^= CamelliaSubkeyR(24);
/* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[0], io[1], il, ir, t0, t1);
/* post whitening but kw4 */
io[2] ^= CamelliaSubkeyL(0);
@@ -1164,9 +1285,9 @@ camellia_decrypt128(const PRUint32 *subkey,
io[3] = t1;
PUTU32(output, io[0]);
- PUTU32(output+4, io[1]);
- PUTU32(output+8, io[2]);
- PUTU32(output+12, io[3]);
+ PUTU32(output + 4, io[1]);
+ PUTU32(output + 8, io[2]);
+ PUTU32(output + 12, io[3]);
return SECSuccess;
}
@@ -1176,115 +1297,115 @@ camellia_decrypt128(const PRUint32 *subkey,
*/
SECStatus
camellia_encrypt256(const PRUint32 *subkey,
- unsigned char *output,
- const unsigned char *input)
+ unsigned char *output,
+ const unsigned char *input)
{
- PRUint32 il,ir,t0,t1; /* temporary valiables */
+ PRUint32 il, ir, t0, t1; /* temporary valiables */
PRUint32 io[4];
#if defined(CAMELLIA_NEED_TMP_VARIABLE)
PRUint32 tmp;
#endif
io[0] = GETU32(input);
- io[1] = GETU32(input+4);
- io[2] = GETU32(input+8);
- io[3] = GETU32(input+12);
+ io[1] = GETU32(input + 4);
+ io[2] = GETU32(input + 8);
+ io[3] = GETU32(input + 12);
/* pre whitening but absorb kw2*/
io[0] ^= CamelliaSubkeyL(0);
io[1] ^= CamelliaSubkeyR(0);
/* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(24),CamelliaSubkeyR(24),
- CamelliaSubkeyL(25),CamelliaSubkeyR(25),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(26),CamelliaSubkeyR(26),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(27),CamelliaSubkeyR(27),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(28),CamelliaSubkeyR(28),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(29),CamelliaSubkeyR(29),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(30),CamelliaSubkeyR(30),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(31),CamelliaSubkeyR(31),
- io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(24), CamelliaSubkeyR(24),
+ CamelliaSubkeyL(25), CamelliaSubkeyR(25),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(26), CamelliaSubkeyR(26),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(27), CamelliaSubkeyR(27),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(28), CamelliaSubkeyR(28),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(29), CamelliaSubkeyR(29),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(30), CamelliaSubkeyR(30),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(31), CamelliaSubkeyR(31),
+ io[0], io[1], il, ir, t0, t1);
/* post whitening but kw4 */
io[2] ^= CamelliaSubkeyL(32);
@@ -1298,124 +1419,124 @@ camellia_encrypt256(const PRUint32 *subkey,
io[3] = t1;
PUTU32(output, io[0]);
- PUTU32(output+4, io[1]);
- PUTU32(output+8, io[2]);
- PUTU32(output+12, io[3]);
+ PUTU32(output + 4, io[1]);
+ PUTU32(output + 8, io[2]);
+ PUTU32(output + 12, io[3]);
return SECSuccess;
}
SECStatus
camellia_decrypt256(const PRUint32 *subkey,
- unsigned char *output,
- const unsigned char *input)
+ unsigned char *output,
+ const unsigned char *input)
{
- PRUint32 il,ir,t0,t1; /* temporary valiables */
+ PRUint32 il, ir, t0, t1; /* temporary valiables */
PRUint32 io[4];
#if defined(CAMELLIA_NEED_TMP_VARIABLE)
PRUint32 tmp;
#endif
io[0] = GETU32(input);
- io[1] = GETU32(input+4);
- io[2] = GETU32(input+8);
- io[3] = GETU32(input+12);
+ io[1] = GETU32(input + 4);
+ io[2] = GETU32(input + 8);
+ io[3] = GETU32(input + 12);
/* pre whitening but absorb kw2*/
io[0] ^= CamelliaSubkeyL(32);
io[1] ^= CamelliaSubkeyR(32);
-
+
/* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(31),CamelliaSubkeyR(31),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(30),CamelliaSubkeyR(30),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(29),CamelliaSubkeyR(29),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(28),CamelliaSubkeyR(28),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(27),CamelliaSubkeyR(27),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(26),CamelliaSubkeyR(26),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(25),CamelliaSubkeyR(25),
- CamelliaSubkeyL(24),CamelliaSubkeyR(24),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(31), CamelliaSubkeyR(31),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(30), CamelliaSubkeyR(30),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(29), CamelliaSubkeyR(29),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(28), CamelliaSubkeyR(28),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(27), CamelliaSubkeyR(27),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(26), CamelliaSubkeyR(26),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(25), CamelliaSubkeyR(25),
+ CamelliaSubkeyL(24), CamelliaSubkeyR(24),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+ t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[0], io[1], il, ir, t0, t1);
/* post whitening but kw4 */
io[2] ^= CamelliaSubkeyL(0);
@@ -1429,51 +1550,49 @@ camellia_decrypt256(const PRUint32 *subkey,
io[3] = t1;
PUTU32(output, io[0]);
- PUTU32(output+4, io[1]);
- PUTU32(output+8, io[2]);
- PUTU32(output+12, io[3]);
+ PUTU32(output + 4, io[1]);
+ PUTU32(output + 8, io[2]);
+ PUTU32(output + 12, io[3]);
return SECSuccess;
}
-
/**************************************************************************
*
* Stuff related to the Camellia key schedule
*
*************************************************************************/
-SECStatus
-camellia_key_expansion(CamelliaContext *cx,
- const unsigned char *key,
+SECStatus
+camellia_key_expansion(CamelliaContext *cx,
+ const unsigned char *key,
const unsigned int keysize)
{
cx->keysize = keysize;
- switch(keysize) {
- case 16:
- camellia_setup128(key, cx->expandedKey);
- break;
- case 24:
- camellia_setup192(key, cx->expandedKey);
- break;
- case 32:
- camellia_setup256(key, cx->expandedKey);
- break;
- default:
- break;
+ switch (keysize) {
+ case 16:
+ camellia_setup128(key, cx->expandedKey);
+ break;
+ case 24:
+ camellia_setup192(key, cx->expandedKey);
+ break;
+ case 32:
+ camellia_setup256(key, cx->expandedKey);
+ break;
+ default:
+ break;
}
return SECSuccess;
}
-
/**************************************************************************
*
* Camellia modes of operation (ECB and CBC)
*
*************************************************************************/
-SECStatus
+SECStatus
camellia_encryptECB(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
@@ -1481,20 +1600,20 @@ camellia_encryptECB(CamelliaContext *cx, unsigned char *output,
CamelliaBlockFunc *encryptor;
encryptor = (cx->keysize == 16)
- ? &camellia_encrypt128
- : &camellia_encrypt256;
+ ? &camellia_encrypt128
+ : &camellia_encrypt256;
while (inputLen > 0) {
- (*encryptor)(cx->expandedKey, output, input);
-
- output += CAMELLIA_BLOCK_SIZE;
- input += CAMELLIA_BLOCK_SIZE;
- inputLen -= CAMELLIA_BLOCK_SIZE;
+ (*encryptor)(cx->expandedKey, output, input);
+
+ output += CAMELLIA_BLOCK_SIZE;
+ input += CAMELLIA_BLOCK_SIZE;
+ inputLen -= CAMELLIA_BLOCK_SIZE;
}
return SECSuccess;
}
-SECStatus
+SECStatus
camellia_encryptCBC(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
@@ -1505,31 +1624,31 @@ camellia_encryptCBC(CamelliaContext *cx, unsigned char *output,
CamelliaBlockFunc *encryptor;
if (!inputLen)
- return SECSuccess;
+ return SECSuccess;
lastblock = cx->iv;
encryptor = (cx->keysize == 16)
- ? &camellia_encrypt128
- : &camellia_encrypt256;
+ ? &camellia_encrypt128
+ : &camellia_encrypt256;
while (inputLen > 0) {
- /* XOR with the last block (IV if first block) */
- for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
- inblock[j] = input[j] ^ lastblock[j];
- /* encrypt */
- (*encryptor)(cx->expandedKey, output, inblock);
-
- /* move to the next block */
- lastblock = output;
- output += CAMELLIA_BLOCK_SIZE;
- input += CAMELLIA_BLOCK_SIZE;
- inputLen -= CAMELLIA_BLOCK_SIZE;
+ /* XOR with the last block (IV if first block) */
+ for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j)
+ inblock[j] = input[j] ^ lastblock[j];
+ /* encrypt */
+ (*encryptor)(cx->expandedKey, output, inblock);
+
+ /* move to the next block */
+ lastblock = output;
+ output += CAMELLIA_BLOCK_SIZE;
+ input += CAMELLIA_BLOCK_SIZE;
+ inputLen -= CAMELLIA_BLOCK_SIZE;
}
memcpy(cx->iv, lastblock, CAMELLIA_BLOCK_SIZE);
return SECSuccess;
}
-SECStatus
+SECStatus
camellia_decryptECB(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
@@ -1537,22 +1656,21 @@ camellia_decryptECB(CamelliaContext *cx, unsigned char *output,
CamelliaBlockFunc *decryptor;
decryptor = (cx->keysize == 16)
- ? &camellia_decrypt128
- : &camellia_decrypt256;
-
+ ? &camellia_decrypt128
+ : &camellia_decrypt256;
while (inputLen > 0) {
- (*decryptor)(cx->expandedKey, output, input);
+ (*decryptor)(cx->expandedKey, output, input);
- output += CAMELLIA_BLOCK_SIZE;
- input += CAMELLIA_BLOCK_SIZE;
- inputLen -= CAMELLIA_BLOCK_SIZE;
+ output += CAMELLIA_BLOCK_SIZE;
+ input += CAMELLIA_BLOCK_SIZE;
+ inputLen -= CAMELLIA_BLOCK_SIZE;
}
return SECSuccess;
}
-SECStatus
+SECStatus
camellia_decryptCBC(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
@@ -1563,36 +1681,34 @@ camellia_decryptCBC(CamelliaContext *cx, unsigned char *output,
unsigned char newIV[CAMELLIA_BLOCK_SIZE];
CamelliaBlockFunc *decryptor;
+ if (!inputLen)
+ return SECSuccess;
+ PORT_Assert(output - input >= 0 || input - output >= (int)inputLen);
- if (!inputLen)
- return SECSuccess;
-
- PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
-
- in = input + (inputLen - CAMELLIA_BLOCK_SIZE);
+ in = input + (inputLen - CAMELLIA_BLOCK_SIZE);
memcpy(newIV, in, CAMELLIA_BLOCK_SIZE);
out = output + (inputLen - CAMELLIA_BLOCK_SIZE);
decryptor = (cx->keysize == 16)
- ? &camellia_decrypt128
- : &camellia_decrypt256;
+ ? &camellia_decrypt128
+ : &camellia_decrypt256;
while (inputLen > CAMELLIA_BLOCK_SIZE) {
- (*decryptor)(cx->expandedKey, out, in);
+ (*decryptor)(cx->expandedKey, out, in);
- for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
- out[j] ^= in[(int)(j - CAMELLIA_BLOCK_SIZE)];
+ for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j)
+ out[j] ^= in[(int)(j - CAMELLIA_BLOCK_SIZE)];
- out -= CAMELLIA_BLOCK_SIZE;
- in -= CAMELLIA_BLOCK_SIZE;
- inputLen -= CAMELLIA_BLOCK_SIZE;
+ out -= CAMELLIA_BLOCK_SIZE;
+ in -= CAMELLIA_BLOCK_SIZE;
+ inputLen -= CAMELLIA_BLOCK_SIZE;
}
if (in == input) {
- (*decryptor)(cx->expandedKey, out, in);
+ (*decryptor)(cx->expandedKey, out, in);
- for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
- out[j] ^= cx->iv[j];
+ for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j)
+ out[j] ^= cx->iv[j];
}
memcpy(cx->iv, newIV, CAMELLIA_BLOCK_SIZE);
return SECSuccess;
@@ -1610,39 +1726,39 @@ Camellia_AllocateContext(void)
return PORT_ZNew(CamelliaContext);
}
-SECStatus
+SECStatus
Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
- unsigned int keysize,
- const unsigned char *iv, int mode, unsigned int encrypt,
- unsigned int unused)
+ unsigned int keysize,
+ const unsigned char *iv, int mode, unsigned int encrypt,
+ unsigned int unused)
{
if (key == NULL ||
- (keysize != 16 && keysize != 24 && keysize != 32)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ (keysize != 16 && keysize != 24 && keysize != 32)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (!cx) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (mode == NSS_CAMELLIA_CBC) {
- memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
- cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
+ memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
+ cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
} else {
- cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
+ cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
}
/* Generate expanded key */
if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
- goto cleanup;
+ goto cleanup;
return SECSuccess;
cleanup:
@@ -1654,66 +1770,65 @@ cleanup:
* create a new context for Camellia operations
*/
-
CamelliaContext *
-Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, int encrypt,
unsigned int keysize)
{
CamelliaContext *cx;
if (key == NULL ||
- (keysize != 16 && keysize != 24 && keysize != 32)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ (keysize != 16 && keysize != 24 && keysize != 32)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
cx = PORT_ZNew(CamelliaContext);
if (!cx) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
/* copy in the iv, if neccessary */
if (mode == NSS_CAMELLIA_CBC) {
- memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
- cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
+ memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
+ cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
} else {
- cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
+ cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
}
/* copy keysize */
cx->keysize = keysize;
/* Generate expanded key */
if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
- goto cleanup;
+ goto cleanup;
return cx;
- cleanup:
+cleanup:
PORT_ZFree(cx, sizeof *cx);
return NULL;
}
/*
* Camellia_DestroyContext
- *
+ *
* Zero an Camellia cipher context. If freeit is true, also free the pointer
* to the context.
*/
-void
+void
Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
{
if (cx)
- memset(cx, 0, sizeof *cx);
+ memset(cx, 0, sizeof *cx);
if (freeit)
- PORT_Free(cx);
+ PORT_Free(cx);
}
/*
@@ -1722,7 +1837,7 @@ Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
* Encrypt an arbitrary-length buffer. The output buffer must already be
* allocated to at least inputLen.
*/
-SECStatus
+SECStatus
Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
@@ -1730,23 +1845,23 @@ Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
/* Check args */
if (cx == NULL || output == NULL || input == NULL ||
- outputLen == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ outputLen == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
*outputLen = inputLen;
- return (*cx->worker)(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ return (*cx->worker)(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
/*
@@ -1755,28 +1870,27 @@ Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
* Decrypt and arbitrary-length buffer. The output buffer must already be
* allocated to at least inputLen.
*/
-SECStatus
+SECStatus
Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
/* Check args */
- if (cx == NULL || output == NULL || input == NULL
- || outputLen == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ if (cx == NULL || output == NULL || input == NULL || outputLen == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
*outputLen = inputLen;
- return (*cx->worker)(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ return (*cx->worker)(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
diff --git a/lib/freebl/camellia.h b/lib/freebl/camellia.h
index 0f7600577..15114db9a 100644
--- a/lib/freebl/camellia.h
+++ b/lib/freebl/camellia.h
@@ -9,19 +9,19 @@
#define CAMELLIA_MIN_KEYSIZE 16 /* bytes */
#define CAMELLIA_MAX_KEYSIZE 32 /* bytes */
-#define CAMELLIA_MAX_EXPANDEDKEY (34*2) /* 32bit unit */
+#define CAMELLIA_MAX_EXPANDEDKEY (34 * 2) /* 32bit unit */
typedef PRUint32 KEY_TABLE_TYPE[CAMELLIA_MAX_EXPANDEDKEY];
typedef SECStatus CamelliaFunc(CamelliaContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
-typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey,
- unsigned char *output,
- const unsigned char *input);
+typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey,
+ unsigned char *output,
+ const unsigned char *input);
/* CamelliaContextStr
*
@@ -32,11 +32,10 @@ typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey,
* iv - initialization vector for CBC mode
* expandedKey - the round keys in 4-byte words
*/
-struct CamelliaContextStr
-{
- PRUint32 keysize; /* bytes */
- CamelliaFunc *worker;
- PRUint32 expandedKey[CAMELLIA_MAX_EXPANDEDKEY];
+struct CamelliaContextStr {
+ PRUint32 keysize; /* bytes */
+ CamelliaFunc *worker;
+ PRUint32 expandedKey[CAMELLIA_MAX_EXPANDEDKEY];
PRUint8 iv[CAMELLIA_BLOCK_SIZE];
};
diff --git a/lib/freebl/chacha20.c b/lib/freebl/chacha20.c
index 687be6639..f55d1e670 100644
--- a/lib/freebl/chacha20.c
+++ b/lib/freebl/chacha20.c
@@ -20,18 +20,26 @@
#define ROTATE(v, c) ROTL32((v), (c))
-#define U32TO8_LITTLE(p, v) \
- { (p)[0] = ((v) ) & 0xff; (p)[1] = ((v) >> 8) & 0xff; \
- (p)[2] = ((v) >> 16) & 0xff; (p)[3] = ((v) >> 24) & 0xff; }
-#define U8TO32_LITTLE(p) \
- (((PRUint32)((p)[0]) ) | ((PRUint32)((p)[1]) << 8) | \
+#define U32TO8_LITTLE(p, v) \
+ { \
+ (p)[0] = ((v)) & 0xff; \
+ (p)[1] = ((v) >> 8) & 0xff; \
+ (p)[2] = ((v) >> 16) & 0xff; \
+ (p)[3] = ((v) >> 24) & 0xff; \
+ }
+#define U8TO32_LITTLE(p) \
+ (((PRUint32)((p)[0])) | ((PRUint32)((p)[1]) << 8) | \
((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24))
-#define QUARTERROUND(x, a, b, c, d) \
- x[a] = x[a] + x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \
- x[c] = x[c] + x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \
- x[a] = x[a] + x[b]; x[d] = ROTATE(x[d] ^ x[a], 8); \
- x[c] = x[c] + x[d]; x[b] = ROTATE(x[b] ^ x[c], 7);
+#define QUARTERROUND(x, a, b, c, d) \
+ x[a] = x[a] + x[b]; \
+ x[d] = ROTATE(x[d] ^ x[a], 16); \
+ x[c] = x[c] + x[d]; \
+ x[b] = ROTATE(x[b] ^ x[c], 12); \
+ x[a] = x[a] + x[b]; \
+ x[d] = ROTATE(x[d] ^ x[a], 8); \
+ x[c] = x[c] + x[d]; \
+ x[b] = ROTATE(x[b] ^ x[c], 7);
static void
ChaChaCore(unsigned char output[64], const PRUint32 input[16], int num_rounds)
diff --git a/lib/freebl/chacha20_vec.c b/lib/freebl/chacha20_vec.c
index 352b70d38..b328e87e5 100644
--- a/lib/freebl/chacha20_vec.c
+++ b/lib/freebl/chacha20_vec.c
@@ -11,11 +11,11 @@
#include "chacha20.h"
#ifndef CHACHA_RNDS
-#define CHACHA_RNDS 20 /* 8 (high speed), 20 (conservative), 12 (middle) */
+#define CHACHA_RNDS 20 /* 8 (high speed), 20 (conservative), 12 (middle) */
#endif
/* Architecture-neutral way to specify 16-byte vector of ints */
-typedef unsigned vec __attribute__ ((vector_size (16)));
+typedef unsigned vec __attribute__((vector_size(16)));
/* This implementation is designed for Neon, SSE and AltiVec machines. The
* following specify how to do certain vector operations efficiently on
@@ -25,101 +25,129 @@ typedef unsigned vec __attribute__ ((vector_size (16)));
*/
#if __ARM_NEON__
#include <arm_neon.h>
-#define GPR_TOO 1
-#define VBPI 2
-#define ONE (vec)vsetq_lane_u32(1,vdupq_n_u32(0),0)
-#define LOAD(m) (vec)(*((vec*)(m)))
-#define STORE(m,r) (*((vec*)(m))) = (r)
-#define ROTV1(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,1)
-#define ROTV2(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,2)
-#define ROTV3(x) (vec)vextq_u32((uint32x4_t)x,(uint32x4_t)x,3)
-#define ROTW16(x) (vec)vrev32q_u16((uint16x8_t)x)
+#define GPR_TOO 1
+#define VBPI 2
+#define ONE (vec) vsetq_lane_u32(1, vdupq_n_u32(0), 0)
+#define LOAD(m) (vec)(*((vec *)(m)))
+#define STORE(m, r) (*((vec *)(m))) = (r)
+#define ROTV1(x) (vec) vextq_u32((uint32x4_t)x, (uint32x4_t)x, 1)
+#define ROTV2(x) (vec) vextq_u32((uint32x4_t)x, (uint32x4_t)x, 2)
+#define ROTV3(x) (vec) vextq_u32((uint32x4_t)x, (uint32x4_t)x, 3)
+#define ROTW16(x) (vec) vrev32q_u16((uint16x8_t)x)
#if __clang__
-#define ROTW7(x) (x << ((vec){ 7, 7, 7, 7})) ^ (x >> ((vec){25,25,25,25}))
-#define ROTW8(x) (x << ((vec){ 8, 8, 8, 8})) ^ (x >> ((vec){24,24,24,24}))
-#define ROTW12(x) (x << ((vec){12,12,12,12})) ^ (x >> ((vec){20,20,20,20}))
+#define ROTW7(x) (x << ((vec){ 7, 7, 7, 7 })) ^ (x >> ((vec){ 25, 25, 25, 25 }))
+#define ROTW8(x) (x << ((vec){ 8, 8, 8, 8 })) ^ (x >> ((vec){ 24, 24, 24, 24 }))
+#define ROTW12(x) (x << ((vec){ 12, 12, 12, 12 })) ^ (x >> ((vec){ 20, 20, 20, 20 }))
#else
-#define ROTW7(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,7),(uint32x4_t)x,25)
-#define ROTW8(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,8),(uint32x4_t)x,24)
-#define ROTW12(x) (vec)vsriq_n_u32(vshlq_n_u32((uint32x4_t)x,12),(uint32x4_t)x,20)
+#define ROTW7(x) (vec) vsriq_n_u32(vshlq_n_u32((uint32x4_t)x, 7), (uint32x4_t)x, 25)
+#define ROTW8(x) (vec) vsriq_n_u32(vshlq_n_u32((uint32x4_t)x, 8), (uint32x4_t)x, 24)
+#define ROTW12(x) (vec) vsriq_n_u32(vshlq_n_u32((uint32x4_t)x, 12), (uint32x4_t)x, 20)
#endif
#elif __SSE2__
#include <emmintrin.h>
-#define GPR_TOO 0
+#define GPR_TOO 0
#if __clang__
-#define VBPI 4
+#define VBPI 4
#else
-#define VBPI 3
+#define VBPI 3
#endif
-#define ONE (vec)_mm_set_epi32(0,0,0,1)
-#define LOAD(m) (vec)_mm_loadu_si128((__m128i*)(m))
-#define STORE(m,r) _mm_storeu_si128((__m128i*)(m), (__m128i) (r))
-#define ROTV1(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(0,3,2,1))
-#define ROTV2(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(1,0,3,2))
-#define ROTV3(x) (vec)_mm_shuffle_epi32((__m128i)x,_MM_SHUFFLE(2,1,0,3))
-#define ROTW7(x) (vec)(_mm_slli_epi32((__m128i)x, 7) ^ _mm_srli_epi32((__m128i)x,25))
-#define ROTW12(x) (vec)(_mm_slli_epi32((__m128i)x,12) ^ _mm_srli_epi32((__m128i)x,20))
+#define ONE (vec) _mm_set_epi32(0, 0, 0, 1)
+#define LOAD(m) (vec) _mm_loadu_si128((__m128i *)(m))
+#define STORE(m, r) _mm_storeu_si128((__m128i *)(m), (__m128i)(r))
+#define ROTV1(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(0, 3, 2, 1))
+#define ROTV2(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(1, 0, 3, 2))
+#define ROTV3(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(2, 1, 0, 3))
+#define ROTW7(x) (vec)(_mm_slli_epi32((__m128i)x, 7) ^ _mm_srli_epi32((__m128i)x, 25))
+#define ROTW12(x) (vec)(_mm_slli_epi32((__m128i)x, 12) ^ _mm_srli_epi32((__m128i)x, 20))
#if __SSSE3__
#include <tmmintrin.h>
-#define ROTW8(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(14,13,12,15,10,9,8,11,6,5,4,7,2,1,0,3))
-#define ROTW16(x) (vec)_mm_shuffle_epi8((__m128i)x,_mm_set_epi8(13,12,15,14,9,8,11,10,5,4,7,6,1,0,3,2))
+#define ROTW8(x) (vec) _mm_shuffle_epi8((__m128i)x, _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3))
+#define ROTW16(x) (vec) _mm_shuffle_epi8((__m128i)x, _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2))
#else
-#define ROTW8(x) (vec)(_mm_slli_epi32((__m128i)x, 8) ^ _mm_srli_epi32((__m128i)x,24))
-#define ROTW16(x) (vec)(_mm_slli_epi32((__m128i)x,16) ^ _mm_srli_epi32((__m128i)x,16))
+#define ROTW8(x) (vec)(_mm_slli_epi32((__m128i)x, 8) ^ _mm_srli_epi32((__m128i)x, 24))
+#define ROTW16(x) (vec)(_mm_slli_epi32((__m128i)x, 16) ^ _mm_srli_epi32((__m128i)x, 16))
#endif
#else
-#error -- Implementation supports only machines with neon or SSE2
+#error-- Implementation supports only machines with neon or SSE2
#endif
#ifndef REVV_BE
-#define REVV_BE(x) (x)
+#define REVV_BE(x) (x)
#endif
#ifndef REVW_BE
-#define REVW_BE(x) (x)
+#define REVW_BE(x) (x)
#endif
-#define BPI (VBPI + GPR_TOO) /* Blocks computed per loop iteration */
+#define BPI (VBPI + GPR_TOO) /* Blocks computed per loop iteration */
-#define DQROUND_VECTORS(a,b,c,d) \
- a += b; d ^= a; d = ROTW16(d); \
- c += d; b ^= c; b = ROTW12(b); \
- a += b; d ^= a; d = ROTW8(d); \
- c += d; b ^= c; b = ROTW7(b); \
- b = ROTV1(b); c = ROTV2(c); d = ROTV3(d); \
- a += b; d ^= a; d = ROTW16(d); \
- c += d; b ^= c; b = ROTW12(b); \
- a += b; d ^= a; d = ROTW8(d); \
- c += d; b ^= c; b = ROTW7(b); \
- b = ROTV3(b); c = ROTV2(c); d = ROTV1(d);
+#define DQROUND_VECTORS(a, b, c, d) \
+ a += b; \
+ d ^= a; \
+ d = ROTW16(d); \
+ c += d; \
+ b ^= c; \
+ b = ROTW12(b); \
+ a += b; \
+ d ^= a; \
+ d = ROTW8(d); \
+ c += d; \
+ b ^= c; \
+ b = ROTW7(b); \
+ b = ROTV1(b); \
+ c = ROTV2(c); \
+ d = ROTV3(d); \
+ a += b; \
+ d ^= a; \
+ d = ROTW16(d); \
+ c += d; \
+ b ^= c; \
+ b = ROTW12(b); \
+ a += b; \
+ d ^= a; \
+ d = ROTW8(d); \
+ c += d; \
+ b ^= c; \
+ b = ROTW7(b); \
+ b = ROTV3(b); \
+ c = ROTV2(c); \
+ d = ROTV1(d);
-#define QROUND_WORDS(a,b,c,d) \
- a = a+b; d ^= a; d = d<<16 | d>>16; \
- c = c+d; b ^= c; b = b<<12 | b>>20; \
- a = a+b; d ^= a; d = d<< 8 | d>>24; \
- c = c+d; b ^= c; b = b<< 7 | b>>25;
+#define QROUND_WORDS(a, b, c, d) \
+ a = a + b; \
+ d ^= a; \
+ d = d << 16 | d >> 16; \
+ c = c + d; \
+ b ^= c; \
+ b = b << 12 | b >> 20; \
+ a = a + b; \
+ d ^= a; \
+ d = d << 8 | d >> 24; \
+ c = c + d; \
+ b ^= c; \
+ b = b << 7 | b >> 25;
-#define WRITE_XOR(in, op, d, v0, v1, v2, v3) \
- STORE(op + d + 0, LOAD(in + d + 0) ^ REVV_BE(v0)); \
- STORE(op + d + 4, LOAD(in + d + 4) ^ REVV_BE(v1)); \
- STORE(op + d + 8, LOAD(in + d + 8) ^ REVV_BE(v2)); \
- STORE(op + d +12, LOAD(in + d +12) ^ REVV_BE(v3));
+#define WRITE_XOR(in, op, d, v0, v1, v2, v3) \
+ STORE(op + d + 0, LOAD(in + d + 0) ^ REVV_BE(v0)); \
+ STORE(op + d + 4, LOAD(in + d + 4) ^ REVV_BE(v1)); \
+ STORE(op + d + 8, LOAD(in + d + 8) ^ REVV_BE(v2)); \
+ STORE(op + d + 12, LOAD(in + d + 12) ^ REVV_BE(v3));
void
ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen,
const unsigned char key[32], const unsigned char nonce[12],
uint32_t counter)
{
- unsigned iters, i, *op=(unsigned *)out, *ip=(unsigned *)in, *kp;
+ unsigned iters, i, *op = (unsigned *)out, *ip = (unsigned *)in, *kp;
#if defined(__ARM_NEON__)
unsigned *np;
#endif
vec s0, s1, s2, s3;
#if !defined(__ARM_NEON__) && !defined(__SSE2__)
- __attribute__ ((aligned (16))) unsigned key[8], nonce[4];
+ __attribute__((aligned(16))) unsigned key[8], nonce[4];
#endif
- __attribute__ ((aligned (16))) unsigned chacha_const[] =
- {0x61707865,0x3320646E,0x79622D32,0x6B206574};
+ __attribute__((aligned(16))) unsigned chacha_const[] =
+ { 0x61707865, 0x3320646E, 0x79622D32, 0x6B206574 };
#if defined(__ARM_NEON__) || defined(__SSE2__)
kp = (unsigned *)key;
#else
@@ -133,98 +161,115 @@ ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen,
np = (unsigned *)nonce;
#endif
#if defined(__ARM_NEON__)
- np = (unsigned*) nonce;
+ np = (unsigned *)nonce;
#endif
s0 = LOAD(chacha_const);
- s1 = LOAD(&((vec*)kp)[0]);
- s2 = LOAD(&((vec*)kp)[1]);
- s3 = (vec) {
+ s1 = LOAD(&((vec *)kp)[0]);
+ s2 = LOAD(&((vec *)kp)[1]);
+ s3 = (vec){
counter,
- ((uint32_t*)nonce)[0],
- ((uint32_t*)nonce)[1],
- ((uint32_t*)nonce)[2]
+ ((uint32_t *)nonce)[0],
+ ((uint32_t *)nonce)[1],
+ ((uint32_t *)nonce)[2]
};
- for (iters = 0; iters < inlen/(BPI*64); iters++) {
+ for (iters = 0; iters < inlen / (BPI * 64); iters++) {
#if GPR_TOO
register unsigned x0, x1, x2, x3, x4, x5, x6, x7, x8,
- x9, x10, x11, x12, x13, x14, x15;
+ x9, x10, x11, x12, x13, x14, x15;
#endif
#if VBPI > 2
- vec v8,v9,v10,v11;
+ vec v8, v9, v10, v11;
#endif
#if VBPI > 3
- vec v12,v13,v14,v15;
+ vec v12, v13, v14, v15;
#endif
- vec v0,v1,v2,v3,v4,v5,v6,v7;
- v4 = v0 = s0; v5 = v1 = s1; v6 = v2 = s2; v3 = s3;
+ vec v0, v1, v2, v3, v4, v5, v6, v7;
+ v4 = v0 = s0;
+ v5 = v1 = s1;
+ v6 = v2 = s2;
+ v3 = s3;
v7 = v3 + ONE;
#if VBPI > 2
- v8 = v4; v9 = v5; v10 = v6;
- v11 = v7 + ONE;
+ v8 = v4;
+ v9 = v5;
+ v10 = v6;
+ v11 = v7 + ONE;
#endif
#if VBPI > 3
- v12 = v8; v13 = v9; v14 = v10;
+ v12 = v8;
+ v13 = v9;
+ v14 = v10;
v15 = v11 + ONE;
#endif
#if GPR_TOO
- x0 = chacha_const[0]; x1 = chacha_const[1];
- x2 = chacha_const[2]; x3 = chacha_const[3];
- x4 = kp[0]; x5 = kp[1]; x6 = kp[2]; x7 = kp[3];
- x8 = kp[4]; x9 = kp[5]; x10 = kp[6]; x11 = kp[7];
- x12 = counter+BPI*iters+(BPI-1); x13 = np[0];
- x14 = np[1]; x15 = np[2];
+ x0 = chacha_const[0];
+ x1 = chacha_const[1];
+ x2 = chacha_const[2];
+ x3 = chacha_const[3];
+ x4 = kp[0];
+ x5 = kp[1];
+ x6 = kp[2];
+ x7 = kp[3];
+ x8 = kp[4];
+ x9 = kp[5];
+ x10 = kp[6];
+ x11 = kp[7];
+ x12 = counter + BPI * iters + (BPI - 1);
+ x13 = np[0];
+ x14 = np[1];
+ x15 = np[2];
#endif
- for (i = CHACHA_RNDS/2; i; i--) {
- DQROUND_VECTORS(v0,v1,v2,v3)
- DQROUND_VECTORS(v4,v5,v6,v7)
+ for (i = CHACHA_RNDS / 2; i; i--) {
+ DQROUND_VECTORS(v0, v1, v2, v3)
+ DQROUND_VECTORS(v4, v5, v6, v7)
#if VBPI > 2
- DQROUND_VECTORS(v8,v9,v10,v11)
+ DQROUND_VECTORS(v8, v9, v10, v11)
#endif
#if VBPI > 3
- DQROUND_VECTORS(v12,v13,v14,v15)
+ DQROUND_VECTORS(v12, v13, v14, v15)
#endif
#if GPR_TOO
- QROUND_WORDS( x0, x4, x8,x12)
- QROUND_WORDS( x1, x5, x9,x13)
- QROUND_WORDS( x2, x6,x10,x14)
- QROUND_WORDS( x3, x7,x11,x15)
- QROUND_WORDS( x0, x5,x10,x15)
- QROUND_WORDS( x1, x6,x11,x12)
- QROUND_WORDS( x2, x7, x8,x13)
- QROUND_WORDS( x3, x4, x9,x14)
+ QROUND_WORDS(x0, x4, x8, x12)
+ QROUND_WORDS(x1, x5, x9, x13)
+ QROUND_WORDS(x2, x6, x10, x14)
+ QROUND_WORDS(x3, x7, x11, x15)
+ QROUND_WORDS(x0, x5, x10, x15)
+ QROUND_WORDS(x1, x6, x11, x12)
+ QROUND_WORDS(x2, x7, x8, x13)
+ QROUND_WORDS(x3, x4, x9, x14)
#endif
}
- WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3)
+ WRITE_XOR(ip, op, 0, v0 + s0, v1 + s1, v2 + s2, v3 + s3)
s3 += ONE;
- WRITE_XOR(ip, op, 16, v4+s0, v5+s1, v6+s2, v7+s3)
+ WRITE_XOR(ip, op, 16, v4 + s0, v5 + s1, v6 + s2, v7 + s3)
s3 += ONE;
#if VBPI > 2
- WRITE_XOR(ip, op, 32, v8+s0, v9+s1, v10+s2, v11+s3)
+ WRITE_XOR(ip, op, 32, v8 + s0, v9 + s1, v10 + s2, v11 + s3)
s3 += ONE;
#endif
#if VBPI > 3
- WRITE_XOR(ip, op, 48, v12+s0, v13+s1, v14+s2, v15+s3)
+ WRITE_XOR(ip, op, 48, v12 + s0, v13 + s1, v14 + s2, v15 + s3)
s3 += ONE;
#endif
- ip += VBPI*16;
- op += VBPI*16;
+ ip += VBPI * 16;
+ op += VBPI * 16;
#if GPR_TOO
- op[0] = REVW_BE(REVW_BE(ip[0]) ^ (x0 + chacha_const[0]));
- op[1] = REVW_BE(REVW_BE(ip[1]) ^ (x1 + chacha_const[1]));
- op[2] = REVW_BE(REVW_BE(ip[2]) ^ (x2 + chacha_const[2]));
- op[3] = REVW_BE(REVW_BE(ip[3]) ^ (x3 + chacha_const[3]));
- op[4] = REVW_BE(REVW_BE(ip[4]) ^ (x4 + kp[0]));
- op[5] = REVW_BE(REVW_BE(ip[5]) ^ (x5 + kp[1]));
- op[6] = REVW_BE(REVW_BE(ip[6]) ^ (x6 + kp[2]));
- op[7] = REVW_BE(REVW_BE(ip[7]) ^ (x7 + kp[3]));
- op[8] = REVW_BE(REVW_BE(ip[8]) ^ (x8 + kp[4]));
- op[9] = REVW_BE(REVW_BE(ip[9]) ^ (x9 + kp[5]));
+ op[0] = REVW_BE(REVW_BE(ip[0]) ^ (x0 + chacha_const[0]));
+ op[1] = REVW_BE(REVW_BE(ip[1]) ^ (x1 + chacha_const[1]));
+ op[2] = REVW_BE(REVW_BE(ip[2]) ^ (x2 + chacha_const[2]));
+ op[3] = REVW_BE(REVW_BE(ip[3]) ^ (x3 + chacha_const[3]));
+ op[4] = REVW_BE(REVW_BE(ip[4]) ^ (x4 + kp[0]));
+ op[5] = REVW_BE(REVW_BE(ip[5]) ^ (x5 + kp[1]));
+ op[6] = REVW_BE(REVW_BE(ip[6]) ^ (x6 + kp[2]));
+ op[7] = REVW_BE(REVW_BE(ip[7]) ^ (x7 + kp[3]));
+ op[8] = REVW_BE(REVW_BE(ip[8]) ^ (x8 + kp[4]));
+ op[9] = REVW_BE(REVW_BE(ip[9]) ^ (x9 + kp[5]));
op[10] = REVW_BE(REVW_BE(ip[10]) ^ (x10 + kp[6]));
op[11] = REVW_BE(REVW_BE(ip[11]) ^ (x11 + kp[7]));
- op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + counter+BPI*iters+(BPI-1)));
+ op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + counter + BPI * iters + (BPI - 1)));
op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13 + np[0]));
op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[1]));
op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[2]));
@@ -234,12 +279,12 @@ ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen,
#endif
}
- for (iters = inlen%(BPI*64)/64; iters != 0; iters--) {
+ for (iters = inlen % (BPI * 64) / 64; iters != 0; iters--) {
vec v0 = s0, v1 = s1, v2 = s2, v3 = s3;
- for (i = CHACHA_RNDS/2; i; i--) {
- DQROUND_VECTORS(v0,v1,v2,v3);
+ for (i = CHACHA_RNDS / 2; i; i--) {
+ DQROUND_VECTORS(v0, v1, v2, v3);
}
- WRITE_XOR(ip, op, 0, v0+s0, v1+s1, v2+s2, v3+s3)
+ WRITE_XOR(ip, op, 0, v0 + s0, v1 + s1, v2 + s2, v3 + s3)
s3 += ONE;
ip += 16;
op += 16;
@@ -247,11 +292,14 @@ ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen,
inlen = inlen % 64;
if (inlen) {
- __attribute__ ((aligned (16))) vec buf[4];
- vec v0,v1,v2,v3;
- v0 = s0; v1 = s1; v2 = s2; v3 = s3;
- for (i = CHACHA_RNDS/2; i; i--) {
- DQROUND_VECTORS(v0,v1,v2,v3);
+ __attribute__((aligned(16))) vec buf[4];
+ vec v0, v1, v2, v3;
+ v0 = s0;
+ v1 = s1;
+ v2 = s2;
+ v3 = s3;
+ for (i = CHACHA_RNDS / 2; i; i--) {
+ DQROUND_VECTORS(v0, v1, v2, v3);
}
if (inlen >= 16) {
@@ -271,7 +319,7 @@ ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen,
buf[0] = REVV_BE(v0 + s0);
}
- for (i=inlen & ~15; i<inlen; i++) {
+ for (i = inlen & ~15; i < inlen; i++) {
((char *)op)[i] = ((char *)ip)[i] ^ ((char *)buf)[i];
}
}
diff --git a/lib/freebl/ctr.c b/lib/freebl/ctr.c
index accd55b48..d5715a505 100644
--- a/lib/freebl/ctr.c
+++ b/lib/freebl/ctr.c
@@ -19,14 +19,14 @@
SECStatus
CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher,
- const unsigned char *param, unsigned int blocksize)
+ const unsigned char *param, unsigned int blocksize)
{
const CK_AES_CTR_PARAMS *ctrParams = (const CK_AES_CTR_PARAMS *)param;
if (ctrParams->ulCounterBits == 0 ||
- ctrParams->ulCounterBits > blocksize * PR_BITS_PER_BYTE) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ ctrParams->ulCounterBits > blocksize * PR_BITS_PER_BYTE) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* Invariant: 0 < ctr->bufPtr <= blocksize */
@@ -36,21 +36,21 @@ CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher,
ctr->context = context;
ctr->counterBits = ctrParams->ulCounterBits;
if (blocksize > sizeof(ctr->counter) ||
- blocksize > sizeof(ctrParams->cb)) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ blocksize > sizeof(ctrParams->cb)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
PORT_Memcpy(ctr->counter, ctrParams->cb, blocksize);
if (ctr->counterBits < 64) {
- PORT_Memcpy(ctr->counterFirst, ctr->counter, blocksize);
- ctr->checkWrap = PR_TRUE;
+ PORT_Memcpy(ctr->counterFirst, ctr->counter, blocksize);
+ ctr->checkWrap = PR_TRUE;
}
return SECSuccess;
}
CTRContext *
CTR_CreateContext(void *context, freeblCipherFunc cipher,
- const unsigned char *param, unsigned int blocksize)
+ const unsigned char *param, unsigned int blocksize)
{
CTRContext *ctr;
SECStatus rv;
@@ -58,12 +58,12 @@ CTR_CreateContext(void *context, freeblCipherFunc cipher,
/* first fill in the Counter context */
ctr = PORT_ZNew(CTRContext);
if (ctr == NULL) {
- return NULL;
+ return NULL;
}
rv = CTR_InitContext(ctr, context, cipher, param, blocksize);
if (rv != SECSuccess) {
- CTR_DestroyContext(ctr, PR_TRUE);
- ctr = NULL;
+ CTR_DestroyContext(ctr, PR_TRUE);
+ ctr = NULL;
}
return ctr;
}
@@ -73,7 +73,7 @@ CTR_DestroyContext(CTRContext *ctr, PRBool freeit)
{
PORT_Memset(ctr, 0, sizeof(CTRContext));
if (freeit) {
- PORT_Free(ctr);
+ PORT_Free(ctr);
}
}
@@ -87,23 +87,23 @@ CTR_DestroyContext(CTRContext *ctr, PRBool freeit)
*/
static void
ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits,
- unsigned int blocksize)
+ unsigned int blocksize)
{
unsigned char *counterPtr = counter + blocksize - 1;
unsigned char mask, count;
- PORT_Assert(counterBits <= blocksize*PR_BITS_PER_BYTE);
+ PORT_Assert(counterBits <= blocksize * PR_BITS_PER_BYTE);
while (counterBits >= PR_BITS_PER_BYTE) {
- if (++(*(counterPtr--))) {
- return;
- }
- counterBits -= PR_BITS_PER_BYTE;
+ if (++(*(counterPtr--))) {
+ return;
+ }
+ counterBits -= PR_BITS_PER_BYTE;
}
if (counterBits == 0) {
- return;
+ return;
}
/* increment the final partial byte */
- mask = (1 << counterBits)-1;
+ mask = (1 << counterBits) - 1;
count = ++(*counterPtr) & mask;
*counterPtr = ((*counterPtr) & ~mask) | count;
return;
@@ -111,76 +111,76 @@ ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits,
static void
ctr_xor(unsigned char *target, const unsigned char *x,
- const unsigned char *y, unsigned int count)
+ const unsigned char *y, unsigned int count)
{
unsigned int i;
- for (i=0; i < count; i++) {
- *target++ = *x++ ^ *y++;
+ for (i = 0; i < count; i++) {
+ *target++ = *x++ ^ *y++;
}
}
SECStatus
CTR_Update(CTRContext *ctr, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
unsigned int tmp;
SECStatus rv;
if (maxout < inlen) {
- *outlen = inlen;
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ *outlen = inlen;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
*outlen = 0;
if (ctr->bufPtr != blocksize) {
- unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen);
- ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
- ctr->bufPtr += needed;
- outbuf += needed;
- inbuf += needed;
- *outlen += needed;
- inlen -= needed;
- if (inlen == 0) {
- return SECSuccess;
- }
- PORT_Assert(ctr->bufPtr == blocksize);
+ unsigned int needed = PR_MIN(blocksize - ctr->bufPtr, inlen);
+ ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
+ ctr->bufPtr += needed;
+ outbuf += needed;
+ inbuf += needed;
+ *outlen += needed;
+ inlen -= needed;
+ if (inlen == 0) {
+ return SECSuccess;
+ }
+ PORT_Assert(ctr->bufPtr == blocksize);
}
while (inlen >= blocksize) {
- rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
- ctr->counter, blocksize, blocksize);
- ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
- if (ctr->checkWrap) {
- if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- }
- if (rv != SECSuccess) {
- return SECFailure;
- }
- ctr_xor(outbuf, inbuf, ctr->buffer, blocksize);
- outbuf += blocksize;
- inbuf += blocksize;
- *outlen += blocksize;
- inlen -= blocksize;
+ rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
+ ctr->counter, blocksize, blocksize);
+ ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
+ if (ctr->checkWrap) {
+ if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ }
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ ctr_xor(outbuf, inbuf, ctr->buffer, blocksize);
+ outbuf += blocksize;
+ inbuf += blocksize;
+ *outlen += blocksize;
+ inlen -= blocksize;
}
if (inlen == 0) {
- return SECSuccess;
+ return SECSuccess;
}
rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
- ctr->counter, blocksize, blocksize);
+ ctr->counter, blocksize, blocksize);
ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
if (ctr->checkWrap) {
- if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
+ if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
}
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
ctr_xor(outbuf, inbuf, ctr->buffer, inlen);
ctr->bufPtr = inlen;
@@ -191,52 +191,52 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf,
#if defined(USE_HW_AES) && defined(_MSC_VER)
SECStatus
CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
unsigned int fullblocks;
unsigned int tmp;
SECStatus rv;
if (maxout < inlen) {
- *outlen = inlen;
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ *outlen = inlen;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
*outlen = 0;
if (ctr->bufPtr != blocksize) {
- unsigned int needed = PR_MIN(blocksize-ctr->bufPtr, inlen);
- ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
- ctr->bufPtr += needed;
- outbuf += needed;
- inbuf += needed;
- *outlen += needed;
- inlen -= needed;
- if (inlen == 0) {
- return SECSuccess;
- }
- PORT_Assert(ctr->bufPtr == blocksize);
- }
-
- intel_aes_ctr_worker(((AESContext*)(ctr->context))->Nr)(
- ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize);
+ unsigned int needed = PR_MIN(blocksize - ctr->bufPtr, inlen);
+ ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
+ ctr->bufPtr += needed;
+ outbuf += needed;
+ inbuf += needed;
+ *outlen += needed;
+ inlen -= needed;
+ if (inlen == 0) {
+ return SECSuccess;
+ }
+ PORT_Assert(ctr->bufPtr == blocksize);
+ }
+
+ intel_aes_ctr_worker(((AESContext *)(ctr->context))->Nr)(
+ ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize);
/* XXX intel_aes_ctr_worker should set *outlen. */
PORT_Assert(*outlen == 0);
- fullblocks = (inlen/blocksize)*blocksize;
+ fullblocks = (inlen / blocksize) * blocksize;
*outlen += fullblocks;
outbuf += fullblocks;
inbuf += fullblocks;
inlen -= fullblocks;
if (inlen == 0) {
- return SECSuccess;
+ return SECSuccess;
}
rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
- ctr->counter, blocksize, blocksize);
+ ctr->counter, blocksize, blocksize);
ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
ctr_xor(outbuf, inbuf, ctr->buffer, inlen);
ctr->bufPtr = inlen;
diff --git a/lib/freebl/ctr.h b/lib/freebl/ctr.h
index 14763c6fb..a97da144e 100644
--- a/lib/freebl/ctr.h
+++ b/lib/freebl/ctr.h
@@ -10,21 +10,21 @@
/* This structure is defined in this header because both ctr.c and gcm.c
* need it. */
struct CTRContextStr {
- freeblCipherFunc cipher;
- void *context;
- unsigned char counter[MAX_BLOCK_SIZE];
- unsigned char buffer[MAX_BLOCK_SIZE];
- unsigned char counterFirst[MAX_BLOCK_SIZE]; /* counter overlfow value */
- PRBool checkWrap; /*check for counter overflow*/
- unsigned long counterBits;
- unsigned int bufPtr;
+ freeblCipherFunc cipher;
+ void *context;
+ unsigned char counter[MAX_BLOCK_SIZE];
+ unsigned char buffer[MAX_BLOCK_SIZE];
+ unsigned char counterFirst[MAX_BLOCK_SIZE]; /* counter overlfow value */
+ PRBool checkWrap; /*check for counter overflow*/
+ unsigned long counterBits;
+ unsigned int bufPtr;
};
typedef struct CTRContextStr CTRContext;
SECStatus CTR_InitContext(CTRContext *ctr, void *context,
- freeblCipherFunc cipher, const unsigned char *param,
- unsigned int blocksize);
+ freeblCipherFunc cipher, const unsigned char *param,
+ unsigned int blocksize);
/*
* The context argument is the inner cipher context to use with cipher. The
@@ -33,21 +33,21 @@ SECStatus CTR_InitContext(CTRContext *ctr, void *context,
*
* The cipher argument is a block cipher in the ECB encrypt mode.
*/
-CTRContext * CTR_CreateContext(void *context, freeblCipherFunc cipher,
- const unsigned char *param, unsigned int blocksize);
+CTRContext *CTR_CreateContext(void *context, freeblCipherFunc cipher,
+ const unsigned char *param, unsigned int blocksize);
void CTR_DestroyContext(CTRContext *ctr, PRBool freeit);
SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
#ifdef USE_HW_AES
SECStatus CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
#endif
#endif
diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
index 33c9ccd7a..99ccebb60 100644
--- a/lib/freebl/cts.c
+++ b/lib/freebl/cts.c
@@ -20,17 +20,17 @@ struct CTSContextStr {
CTSContext *
CTS_CreateContext(void *context, freeblCipherFunc cipher,
- const unsigned char *iv, unsigned int blocksize)
+ const unsigned char *iv, unsigned int blocksize)
{
- CTSContext *cts;
+ CTSContext *cts;
if (blocksize > MAX_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
}
cts = PORT_ZNew(CTSContext);
if (cts == NULL) {
- return NULL;
+ return NULL;
}
PORT_Memcpy(cts->iv, iv, blocksize);
cts->cipher = cipher;
@@ -42,10 +42,10 @@ void
CTS_DestroyContext(CTSContext *cts, PRBool freeit)
{
if (freeit) {
- PORT_Free(cts);
+ PORT_Free(cts);
}
}
-
+
/*
* See addemdum to NIST SP 800-38A
* Generically handle cipher text stealing. Basically this is doing CBC
@@ -75,7 +75,7 @@ CTS_DestroyContext(CTSContext *cts, PRBool freeit)
* if (pad) {
* memcpy(tmp, outbuf+*outlen-blocksize, blocksize);
* memcpy(outbuf+*outlen-pad,outbuf+*outlen-blocksize-pad, pad);
- * memcpy(outbuf+*outlen-blocksize-pad, tmp, blocksize);
+ * memcpy(outbuf+*outlen-blocksize-pad, tmp, blocksize);
* }
* CS-3 (Kerberos): do
* unsigned char tmp[MAX_BLOCK_SIZE];
@@ -85,13 +85,13 @@ CTS_DestroyContext(CTSContext *cts, PRBool freeit)
* }
* memcpy(tmp, outbuf+*outlen-blocksize, blocksize);
* memcpy(outbuf+*outlen-pad,outbuf+*outlen-blocksize-pad, pad);
- * memcpy(outbuf+*outlen-blocksize-pad, tmp, blocksize);
+ * memcpy(outbuf+*outlen-blocksize-pad, tmp, blocksize);
*/
SECStatus
CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
unsigned char lastBlock[MAX_BLOCK_SIZE];
unsigned int tmp;
@@ -101,26 +101,26 @@ CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
SECStatus rv;
if (inlen < blocksize) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
if (maxout < inlen) {
- *outlen = inlen;
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ *outlen = inlen;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
- fullblocks = (inlen/blocksize)*blocksize;
+ fullblocks = (inlen / blocksize) * blocksize;
rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
- fullblocks, blocksize);
+ fullblocks, blocksize);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
*outlen = fullblocks; /* AES low level doesn't set outlen */
inbuf += fullblocks;
inlen -= fullblocks;
if (inlen == 0) {
- return SECSuccess;
+ return SECSuccess;
}
written = *outlen - (blocksize - inlen);
outbuf += written;
@@ -138,18 +138,19 @@ CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
PORT_Memcpy(lastBlock, inbuf, inlen);
PORT_Memset(lastBlock + inlen, 0, blocksize - inlen);
rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock,
- blocksize, blocksize);
+ blocksize, blocksize);
PORT_Memset(lastBlock, 0, blocksize);
if (rv == SECSuccess) {
- *outlen = written + blocksize;
+ *outlen = written + blocksize;
} else {
- PORT_Memset(saveout, 0, written+blocksize);
+ PORT_Memset(saveout, 0, written + blocksize);
}
return rv;
}
-
-#define XOR_BLOCK(x,y,count) for(i=0; i < count; i++) x[i] = x[i] ^ y[i]
+#define XOR_BLOCK(x, y, count) \
+ for (i = 0; i < count; i++) \
+ x[i] = x[i] ^ y[i]
/*
* See addemdum to NIST SP 800-38A
@@ -163,7 +164,7 @@ CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
* if (pad) {
* memcpy(tmp, inbuf+inlen-blocksize-pad, blocksize);
* memcpy(inbuf+inlen-blocksize-pad,inbuf+inlen-pad, pad);
- * memcpy(inbuf+inlen-blocksize, tmp, blocksize);
+ * memcpy(inbuf+inlen-blocksize, tmp, blocksize);
* }
* CS-3 (Kerberos): do
* unsigned char tmp[MAX_BLOCK_SIZE];
@@ -173,13 +174,13 @@ CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
* }
* memcpy(tmp, inbuf+inlen-blocksize-pad, blocksize);
* memcpy(inbuf+inlen-blocksize-pad,inbuf+inlen-pad, pad);
- * memcpy(inbuf+inlen-blocksize, tmp, blocksize);
+ * memcpy(inbuf+inlen-blocksize, tmp, blocksize);
*/
SECStatus
CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
unsigned char *Pn;
unsigned char Cn_2[MAX_BLOCK_SIZE]; /* block Cn-2 */
@@ -194,17 +195,17 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
SECStatus rv;
if (inlen < blocksize) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
if (maxout < inlen) {
- *outlen = inlen;
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ *outlen = inlen;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
- fullblocks = (inlen/blocksize)*blocksize;
+ fullblocks = (inlen / blocksize) * blocksize;
/* even though we expect the input to be CS-1, CS-2 is easier to parse,
* so convert to CS-2 immediately. NOTE: this is the same code as in
@@ -213,34 +214,33 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
*/
pad = inlen - fullblocks;
if (pad != 0) {
- if (inbuf != outbuf) {
- memcpy(outbuf, inbuf, inlen);
- /* keep the names so we logically know how we are using the
- * buffers */
- inbuf = outbuf;
- }
- memcpy(lastBlock, inbuf+inlen-blocksize, blocksize);
- /* we know inbuf == outbuf now, inbuf is declared const and can't
- * be the target, so use outbuf for the target here */
- memcpy(outbuf+inlen-pad, inbuf+inlen-blocksize-pad, pad);
- memcpy(outbuf+inlen-blocksize-pad, lastBlock, blocksize);
+ if (inbuf != outbuf) {
+ memcpy(outbuf, inbuf, inlen);
+ /* keep the names so we logically know how we are using the
+ * buffers */
+ inbuf = outbuf;
+ }
+ memcpy(lastBlock, inbuf + inlen - blocksize, blocksize);
+ /* we know inbuf == outbuf now, inbuf is declared const and can't
+ * be the target, so use outbuf for the target here */
+ memcpy(outbuf + inlen - pad, inbuf + inlen - blocksize - pad, pad);
+ memcpy(outbuf + inlen - blocksize - pad, lastBlock, blocksize);
}
/* save the previous to last block so we can undo the misordered
* chaining */
- tmp = (fullblocks < blocksize*2) ? cts->iv :
- inbuf+fullblocks-blocksize*2;
+ tmp = (fullblocks < blocksize * 2) ? cts->iv : inbuf + fullblocks - blocksize * 2;
PORT_Memcpy(Cn_2, tmp, blocksize);
- PORT_Memcpy(Cn, inbuf+fullblocks-blocksize, blocksize);
+ PORT_Memcpy(Cn, inbuf + fullblocks - blocksize, blocksize);
rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
- fullblocks, blocksize);
+ fullblocks, blocksize);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
*outlen = fullblocks; /* AES low level doesn't set outlen */
inbuf += fullblocks;
inlen -= fullblocks;
if (inlen == 0) {
- return SECSuccess;
+ return SECSuccess;
}
outbuf += fullblocks;
@@ -248,7 +248,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
PORT_Memset(lastBlock, 0, blocksize);
PORT_Memcpy(lastBlock, inbuf, inlen);
PORT_Memcpy(Cn_1, inbuf, inlen);
- Pn = outbuf-blocksize;
+ Pn = outbuf - blocksize;
/* inbuf points to Cn-1* in the input buffer */
/* NOTE: below there are 2 sections marked "make up for the out of order
* cbc decryption". You may ask, what is going on here.
@@ -282,11 +282,11 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
* points to where Pn-1 needs to reside. From here on out read Pn in
* the code as really Pn-1. */
rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock,
- blocksize, blocksize);
+ blocksize, blocksize);
if (rv != SECSuccess) {
- PORT_Memset(lastBlock, 0, blocksize);
- PORT_Memset(saveout, 0, *outlen);
- return SECFailure;
+ PORT_Memset(lastBlock, 0, blocksize);
+ PORT_Memset(saveout, 0, *outlen);
+ return SECFailure;
}
/* make up for the out of order CBC decryption */
XOR_BLOCK(Pn, Cn_2, blocksize);
@@ -296,8 +296,8 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
/* This makes Cn the last block for the next decrypt operation, which
* matches the encrypt. We don't care about the contexts of last block,
* only the side effect of setting the internal IV */
- (void) (*cts->cipher)(cts->context, lastBlock, &tmpLen, blocksize, Cn,
- blocksize, blocksize);
+ (void)(*cts->cipher)(cts->context, lastBlock, &tmpLen, blocksize, Cn,
+ blocksize, blocksize);
/* clear last block. At this point last block contains Pn xor Cn_1 xor
* Cn_2, both of with an attacker would know, so we need to clear this
* buffer out */
diff --git a/lib/freebl/cts.h b/lib/freebl/cts.h
index 97b385f4a..a3ec180af 100644
--- a/lib/freebl/cts.h
+++ b/lib/freebl/cts.h
@@ -17,17 +17,17 @@ typedef struct CTSContextStr CTSContext;
* The cipher argument is a block cipher in the CBC mode.
*/
CTSContext *CTS_CreateContext(void *context, freeblCipherFunc cipher,
- const unsigned char *iv, unsigned int blocksize);
+ const unsigned char *iv, unsigned int blocksize);
void CTS_DestroyContext(CTSContext *cts, PRBool freeit);
SECStatus CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
SECStatus CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
#endif
diff --git a/lib/freebl/des.c b/lib/freebl/des.c
index bcfcaba60..789bd520f 100644
--- a/lib/freebl/des.c
+++ b/lib/freebl/des.c
@@ -10,7 +10,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "des.h"
-#include <stddef.h> /* for ptrdiff_t */
+#include <stddef.h> /* for ptrdiff_t */
/* #define USE_INDEXING 1 */
/* Some processors automatically fix up unaligned memory access, so they can
@@ -21,513 +21,499 @@
#endif
/*
- * The tables below are the 8 sbox functions, with the 6-bit input permutation
+ * The tables below are the 8 sbox functions, with the 6-bit input permutation
* and the 32-bit output permutation pre-computed.
* They are shifted circularly to the left 3 bits, which removes 2 shifts
* and an or from each round by reducing the number of sboxes whose
- * indices cross word broundaries from 2 to 1.
+ * indices cross word broundaries from 2 to 1.
*/
static const HALF SP[8][64] = {
-/* Box S1 */ {
- 0x04041000, 0x00000000, 0x00040000, 0x04041010,
- 0x04040010, 0x00041010, 0x00000010, 0x00040000,
- 0x00001000, 0x04041000, 0x04041010, 0x00001000,
- 0x04001010, 0x04040010, 0x04000000, 0x00000010,
- 0x00001010, 0x04001000, 0x04001000, 0x00041000,
- 0x00041000, 0x04040000, 0x04040000, 0x04001010,
- 0x00040010, 0x04000010, 0x04000010, 0x00040010,
- 0x00000000, 0x00001010, 0x00041010, 0x04000000,
- 0x00040000, 0x04041010, 0x00000010, 0x04040000,
- 0x04041000, 0x04000000, 0x04000000, 0x00001000,
- 0x04040010, 0x00040000, 0x00041000, 0x04000010,
- 0x00001000, 0x00000010, 0x04001010, 0x00041010,
- 0x04041010, 0x00040010, 0x04040000, 0x04001010,
- 0x04000010, 0x00001010, 0x00041010, 0x04041000,
- 0x00001010, 0x04001000, 0x04001000, 0x00000000,
- 0x00040010, 0x00041000, 0x00000000, 0x04040010
- },
-/* Box S2 */ {
- 0x00420082, 0x00020002, 0x00020000, 0x00420080,
- 0x00400000, 0x00000080, 0x00400082, 0x00020082,
- 0x00000082, 0x00420082, 0x00420002, 0x00000002,
- 0x00020002, 0x00400000, 0x00000080, 0x00400082,
- 0x00420000, 0x00400080, 0x00020082, 0x00000000,
- 0x00000002, 0x00020000, 0x00420080, 0x00400002,
- 0x00400080, 0x00000082, 0x00000000, 0x00420000,
- 0x00020080, 0x00420002, 0x00400002, 0x00020080,
- 0x00000000, 0x00420080, 0x00400082, 0x00400000,
- 0x00020082, 0x00400002, 0x00420002, 0x00020000,
- 0x00400002, 0x00020002, 0x00000080, 0x00420082,
- 0x00420080, 0x00000080, 0x00020000, 0x00000002,
- 0x00020080, 0x00420002, 0x00400000, 0x00000082,
- 0x00400080, 0x00020082, 0x00000082, 0x00400080,
- 0x00420000, 0x00000000, 0x00020002, 0x00020080,
- 0x00000002, 0x00400082, 0x00420082, 0x00420000
- },
-/* Box S3 */ {
- 0x00000820, 0x20080800, 0x00000000, 0x20080020,
- 0x20000800, 0x00000000, 0x00080820, 0x20000800,
- 0x00080020, 0x20000020, 0x20000020, 0x00080000,
- 0x20080820, 0x00080020, 0x20080000, 0x00000820,
- 0x20000000, 0x00000020, 0x20080800, 0x00000800,
- 0x00080800, 0x20080000, 0x20080020, 0x00080820,
- 0x20000820, 0x00080800, 0x00080000, 0x20000820,
- 0x00000020, 0x20080820, 0x00000800, 0x20000000,
- 0x20080800, 0x20000000, 0x00080020, 0x00000820,
- 0x00080000, 0x20080800, 0x20000800, 0x00000000,
- 0x00000800, 0x00080020, 0x20080820, 0x20000800,
- 0x20000020, 0x00000800, 0x00000000, 0x20080020,
- 0x20000820, 0x00080000, 0x20000000, 0x20080820,
- 0x00000020, 0x00080820, 0x00080800, 0x20000020,
- 0x20080000, 0x20000820, 0x00000820, 0x20080000,
- 0x00080820, 0x00000020, 0x20080020, 0x00080800
- },
-/* Box S4 */ {
- 0x02008004, 0x00008204, 0x00008204, 0x00000200,
- 0x02008200, 0x02000204, 0x02000004, 0x00008004,
- 0x00000000, 0x02008000, 0x02008000, 0x02008204,
- 0x00000204, 0x00000000, 0x02000200, 0x02000004,
- 0x00000004, 0x00008000, 0x02000000, 0x02008004,
- 0x00000200, 0x02000000, 0x00008004, 0x00008200,
- 0x02000204, 0x00000004, 0x00008200, 0x02000200,
- 0x00008000, 0x02008200, 0x02008204, 0x00000204,
- 0x02000200, 0x02000004, 0x02008000, 0x02008204,
- 0x00000204, 0x00000000, 0x00000000, 0x02008000,
- 0x00008200, 0x02000200, 0x02000204, 0x00000004,
- 0x02008004, 0x00008204, 0x00008204, 0x00000200,
- 0x02008204, 0x00000204, 0x00000004, 0x00008000,
- 0x02000004, 0x00008004, 0x02008200, 0x02000204,
- 0x00008004, 0x00008200, 0x02000000, 0x02008004,
- 0x00000200, 0x02000000, 0x00008000, 0x02008200
- },
-/* Box S5 */ {
- 0x00000400, 0x08200400, 0x08200000, 0x08000401,
- 0x00200000, 0x00000400, 0x00000001, 0x08200000,
- 0x00200401, 0x00200000, 0x08000400, 0x00200401,
- 0x08000401, 0x08200001, 0x00200400, 0x00000001,
- 0x08000000, 0x00200001, 0x00200001, 0x00000000,
- 0x00000401, 0x08200401, 0x08200401, 0x08000400,
- 0x08200001, 0x00000401, 0x00000000, 0x08000001,
- 0x08200400, 0x08000000, 0x08000001, 0x00200400,
- 0x00200000, 0x08000401, 0x00000400, 0x08000000,
- 0x00000001, 0x08200000, 0x08000401, 0x00200401,
- 0x08000400, 0x00000001, 0x08200001, 0x08200400,
- 0x00200401, 0x00000400, 0x08000000, 0x08200001,
- 0x08200401, 0x00200400, 0x08000001, 0x08200401,
- 0x08200000, 0x00000000, 0x00200001, 0x08000001,
- 0x00200400, 0x08000400, 0x00000401, 0x00200000,
- 0x00000000, 0x00200001, 0x08200400, 0x00000401
- },
-/* Box S6 */ {
- 0x80000040, 0x81000000, 0x00010000, 0x81010040,
- 0x81000000, 0x00000040, 0x81010040, 0x01000000,
- 0x80010000, 0x01010040, 0x01000000, 0x80000040,
- 0x01000040, 0x80010000, 0x80000000, 0x00010040,
- 0x00000000, 0x01000040, 0x80010040, 0x00010000,
- 0x01010000, 0x80010040, 0x00000040, 0x81000040,
- 0x81000040, 0x00000000, 0x01010040, 0x81010000,
- 0x00010040, 0x01010000, 0x81010000, 0x80000000,
- 0x80010000, 0x00000040, 0x81000040, 0x01010000,
- 0x81010040, 0x01000000, 0x00010040, 0x80000040,
- 0x01000000, 0x80010000, 0x80000000, 0x00010040,
- 0x80000040, 0x81010040, 0x01010000, 0x81000000,
- 0x01010040, 0x81010000, 0x00000000, 0x81000040,
- 0x00000040, 0x00010000, 0x81000000, 0x01010040,
- 0x00010000, 0x01000040, 0x80010040, 0x00000000,
- 0x81010000, 0x80000000, 0x01000040, 0x80010040
- },
-/* Box S7 */ {
- 0x00800000, 0x10800008, 0x10002008, 0x00000000,
- 0x00002000, 0x10002008, 0x00802008, 0x10802000,
- 0x10802008, 0x00800000, 0x00000000, 0x10000008,
- 0x00000008, 0x10000000, 0x10800008, 0x00002008,
- 0x10002000, 0x00802008, 0x00800008, 0x10002000,
- 0x10000008, 0x10800000, 0x10802000, 0x00800008,
- 0x10800000, 0x00002000, 0x00002008, 0x10802008,
- 0x00802000, 0x00000008, 0x10000000, 0x00802000,
- 0x10000000, 0x00802000, 0x00800000, 0x10002008,
- 0x10002008, 0x10800008, 0x10800008, 0x00000008,
- 0x00800008, 0x10000000, 0x10002000, 0x00800000,
- 0x10802000, 0x00002008, 0x00802008, 0x10802000,
- 0x00002008, 0x10000008, 0x10802008, 0x10800000,
- 0x00802000, 0x00000000, 0x00000008, 0x10802008,
- 0x00000000, 0x00802008, 0x10800000, 0x00002000,
- 0x10000008, 0x10002000, 0x00002000, 0x00800008
- },
-/* Box S8 */ {
- 0x40004100, 0x00004000, 0x00100000, 0x40104100,
- 0x40000000, 0x40004100, 0x00000100, 0x40000000,
- 0x00100100, 0x40100000, 0x40104100, 0x00104000,
- 0x40104000, 0x00104100, 0x00004000, 0x00000100,
- 0x40100000, 0x40000100, 0x40004000, 0x00004100,
- 0x00104000, 0x00100100, 0x40100100, 0x40104000,
- 0x00004100, 0x00000000, 0x00000000, 0x40100100,
- 0x40000100, 0x40004000, 0x00104100, 0x00100000,
- 0x00104100, 0x00100000, 0x40104000, 0x00004000,
- 0x00000100, 0x40100100, 0x00004000, 0x00104100,
- 0x40004000, 0x00000100, 0x40000100, 0x40100000,
- 0x40100100, 0x40000000, 0x00100000, 0x40004100,
- 0x00000000, 0x40104100, 0x00100100, 0x40000100,
- 0x40100000, 0x40004000, 0x40004100, 0x00000000,
- 0x40104100, 0x00104000, 0x00104000, 0x00004100,
- 0x00004100, 0x00100100, 0x40000000, 0x40104000
- }
+ /* Box S1 */
+ { 0x04041000, 0x00000000, 0x00040000, 0x04041010,
+ 0x04040010, 0x00041010, 0x00000010, 0x00040000,
+ 0x00001000, 0x04041000, 0x04041010, 0x00001000,
+ 0x04001010, 0x04040010, 0x04000000, 0x00000010,
+ 0x00001010, 0x04001000, 0x04001000, 0x00041000,
+ 0x00041000, 0x04040000, 0x04040000, 0x04001010,
+ 0x00040010, 0x04000010, 0x04000010, 0x00040010,
+ 0x00000000, 0x00001010, 0x00041010, 0x04000000,
+ 0x00040000, 0x04041010, 0x00000010, 0x04040000,
+ 0x04041000, 0x04000000, 0x04000000, 0x00001000,
+ 0x04040010, 0x00040000, 0x00041000, 0x04000010,
+ 0x00001000, 0x00000010, 0x04001010, 0x00041010,
+ 0x04041010, 0x00040010, 0x04040000, 0x04001010,
+ 0x04000010, 0x00001010, 0x00041010, 0x04041000,
+ 0x00001010, 0x04001000, 0x04001000, 0x00000000,
+ 0x00040010, 0x00041000, 0x00000000, 0x04040010 },
+ /* Box S2 */
+ { 0x00420082, 0x00020002, 0x00020000, 0x00420080,
+ 0x00400000, 0x00000080, 0x00400082, 0x00020082,
+ 0x00000082, 0x00420082, 0x00420002, 0x00000002,
+ 0x00020002, 0x00400000, 0x00000080, 0x00400082,
+ 0x00420000, 0x00400080, 0x00020082, 0x00000000,
+ 0x00000002, 0x00020000, 0x00420080, 0x00400002,
+ 0x00400080, 0x00000082, 0x00000000, 0x00420000,
+ 0x00020080, 0x00420002, 0x00400002, 0x00020080,
+ 0x00000000, 0x00420080, 0x00400082, 0x00400000,
+ 0x00020082, 0x00400002, 0x00420002, 0x00020000,
+ 0x00400002, 0x00020002, 0x00000080, 0x00420082,
+ 0x00420080, 0x00000080, 0x00020000, 0x00000002,
+ 0x00020080, 0x00420002, 0x00400000, 0x00000082,
+ 0x00400080, 0x00020082, 0x00000082, 0x00400080,
+ 0x00420000, 0x00000000, 0x00020002, 0x00020080,
+ 0x00000002, 0x00400082, 0x00420082, 0x00420000 },
+ /* Box S3 */
+ { 0x00000820, 0x20080800, 0x00000000, 0x20080020,
+ 0x20000800, 0x00000000, 0x00080820, 0x20000800,
+ 0x00080020, 0x20000020, 0x20000020, 0x00080000,
+ 0x20080820, 0x00080020, 0x20080000, 0x00000820,
+ 0x20000000, 0x00000020, 0x20080800, 0x00000800,
+ 0x00080800, 0x20080000, 0x20080020, 0x00080820,
+ 0x20000820, 0x00080800, 0x00080000, 0x20000820,
+ 0x00000020, 0x20080820, 0x00000800, 0x20000000,
+ 0x20080800, 0x20000000, 0x00080020, 0x00000820,
+ 0x00080000, 0x20080800, 0x20000800, 0x00000000,
+ 0x00000800, 0x00080020, 0x20080820, 0x20000800,
+ 0x20000020, 0x00000800, 0x00000000, 0x20080020,
+ 0x20000820, 0x00080000, 0x20000000, 0x20080820,
+ 0x00000020, 0x00080820, 0x00080800, 0x20000020,
+ 0x20080000, 0x20000820, 0x00000820, 0x20080000,
+ 0x00080820, 0x00000020, 0x20080020, 0x00080800 },
+ /* Box S4 */
+ { 0x02008004, 0x00008204, 0x00008204, 0x00000200,
+ 0x02008200, 0x02000204, 0x02000004, 0x00008004,
+ 0x00000000, 0x02008000, 0x02008000, 0x02008204,
+ 0x00000204, 0x00000000, 0x02000200, 0x02000004,
+ 0x00000004, 0x00008000, 0x02000000, 0x02008004,
+ 0x00000200, 0x02000000, 0x00008004, 0x00008200,
+ 0x02000204, 0x00000004, 0x00008200, 0x02000200,
+ 0x00008000, 0x02008200, 0x02008204, 0x00000204,
+ 0x02000200, 0x02000004, 0x02008000, 0x02008204,
+ 0x00000204, 0x00000000, 0x00000000, 0x02008000,
+ 0x00008200, 0x02000200, 0x02000204, 0x00000004,
+ 0x02008004, 0x00008204, 0x00008204, 0x00000200,
+ 0x02008204, 0x00000204, 0x00000004, 0x00008000,
+ 0x02000004, 0x00008004, 0x02008200, 0x02000204,
+ 0x00008004, 0x00008200, 0x02000000, 0x02008004,
+ 0x00000200, 0x02000000, 0x00008000, 0x02008200 },
+ /* Box S5 */
+ { 0x00000400, 0x08200400, 0x08200000, 0x08000401,
+ 0x00200000, 0x00000400, 0x00000001, 0x08200000,
+ 0x00200401, 0x00200000, 0x08000400, 0x00200401,
+ 0x08000401, 0x08200001, 0x00200400, 0x00000001,
+ 0x08000000, 0x00200001, 0x00200001, 0x00000000,
+ 0x00000401, 0x08200401, 0x08200401, 0x08000400,
+ 0x08200001, 0x00000401, 0x00000000, 0x08000001,
+ 0x08200400, 0x08000000, 0x08000001, 0x00200400,
+ 0x00200000, 0x08000401, 0x00000400, 0x08000000,
+ 0x00000001, 0x08200000, 0x08000401, 0x00200401,
+ 0x08000400, 0x00000001, 0x08200001, 0x08200400,
+ 0x00200401, 0x00000400, 0x08000000, 0x08200001,
+ 0x08200401, 0x00200400, 0x08000001, 0x08200401,
+ 0x08200000, 0x00000000, 0x00200001, 0x08000001,
+ 0x00200400, 0x08000400, 0x00000401, 0x00200000,
+ 0x00000000, 0x00200001, 0x08200400, 0x00000401 },
+ /* Box S6 */
+ { 0x80000040, 0x81000000, 0x00010000, 0x81010040,
+ 0x81000000, 0x00000040, 0x81010040, 0x01000000,
+ 0x80010000, 0x01010040, 0x01000000, 0x80000040,
+ 0x01000040, 0x80010000, 0x80000000, 0x00010040,
+ 0x00000000, 0x01000040, 0x80010040, 0x00010000,
+ 0x01010000, 0x80010040, 0x00000040, 0x81000040,
+ 0x81000040, 0x00000000, 0x01010040, 0x81010000,
+ 0x00010040, 0x01010000, 0x81010000, 0x80000000,
+ 0x80010000, 0x00000040, 0x81000040, 0x01010000,
+ 0x81010040, 0x01000000, 0x00010040, 0x80000040,
+ 0x01000000, 0x80010000, 0x80000000, 0x00010040,
+ 0x80000040, 0x81010040, 0x01010000, 0x81000000,
+ 0x01010040, 0x81010000, 0x00000000, 0x81000040,
+ 0x00000040, 0x00010000, 0x81000000, 0x01010040,
+ 0x00010000, 0x01000040, 0x80010040, 0x00000000,
+ 0x81010000, 0x80000000, 0x01000040, 0x80010040 },
+ /* Box S7 */
+ { 0x00800000, 0x10800008, 0x10002008, 0x00000000,
+ 0x00002000, 0x10002008, 0x00802008, 0x10802000,
+ 0x10802008, 0x00800000, 0x00000000, 0x10000008,
+ 0x00000008, 0x10000000, 0x10800008, 0x00002008,
+ 0x10002000, 0x00802008, 0x00800008, 0x10002000,
+ 0x10000008, 0x10800000, 0x10802000, 0x00800008,
+ 0x10800000, 0x00002000, 0x00002008, 0x10802008,
+ 0x00802000, 0x00000008, 0x10000000, 0x00802000,
+ 0x10000000, 0x00802000, 0x00800000, 0x10002008,
+ 0x10002008, 0x10800008, 0x10800008, 0x00000008,
+ 0x00800008, 0x10000000, 0x10002000, 0x00800000,
+ 0x10802000, 0x00002008, 0x00802008, 0x10802000,
+ 0x00002008, 0x10000008, 0x10802008, 0x10800000,
+ 0x00802000, 0x00000000, 0x00000008, 0x10802008,
+ 0x00000000, 0x00802008, 0x10800000, 0x00002000,
+ 0x10000008, 0x10002000, 0x00002000, 0x00800008 },
+ /* Box S8 */
+ { 0x40004100, 0x00004000, 0x00100000, 0x40104100,
+ 0x40000000, 0x40004100, 0x00000100, 0x40000000,
+ 0x00100100, 0x40100000, 0x40104100, 0x00104000,
+ 0x40104000, 0x00104100, 0x00004000, 0x00000100,
+ 0x40100000, 0x40000100, 0x40004000, 0x00004100,
+ 0x00104000, 0x00100100, 0x40100100, 0x40104000,
+ 0x00004100, 0x00000000, 0x00000000, 0x40100100,
+ 0x40000100, 0x40004000, 0x00104100, 0x00100000,
+ 0x00104100, 0x00100000, 0x40104000, 0x00004000,
+ 0x00000100, 0x40100100, 0x00004000, 0x00104100,
+ 0x40004000, 0x00000100, 0x40000100, 0x40100000,
+ 0x40100100, 0x40000000, 0x00100000, 0x40004100,
+ 0x00000000, 0x40104100, 0x00100100, 0x40000100,
+ 0x40100000, 0x40004000, 0x40004100, 0x00000000,
+ 0x40104100, 0x00104000, 0x00104000, 0x00004100,
+ 0x00004100, 0x00100100, 0x40000000, 0x40104000 }
};
static const HALF PC2[8][64] = {
-/* table 0 */ {
- 0x00000000, 0x00001000, 0x04000000, 0x04001000,
- 0x00100000, 0x00101000, 0x04100000, 0x04101000,
- 0x00008000, 0x00009000, 0x04008000, 0x04009000,
- 0x00108000, 0x00109000, 0x04108000, 0x04109000,
- 0x00000004, 0x00001004, 0x04000004, 0x04001004,
- 0x00100004, 0x00101004, 0x04100004, 0x04101004,
- 0x00008004, 0x00009004, 0x04008004, 0x04009004,
- 0x00108004, 0x00109004, 0x04108004, 0x04109004,
- 0x08000000, 0x08001000, 0x0c000000, 0x0c001000,
- 0x08100000, 0x08101000, 0x0c100000, 0x0c101000,
- 0x08008000, 0x08009000, 0x0c008000, 0x0c009000,
- 0x08108000, 0x08109000, 0x0c108000, 0x0c109000,
- 0x08000004, 0x08001004, 0x0c000004, 0x0c001004,
- 0x08100004, 0x08101004, 0x0c100004, 0x0c101004,
- 0x08008004, 0x08009004, 0x0c008004, 0x0c009004,
- 0x08108004, 0x08109004, 0x0c108004, 0x0c109004
- },
-/* table 1 */ {
- 0x00000000, 0x00002000, 0x80000000, 0x80002000,
- 0x00000008, 0x00002008, 0x80000008, 0x80002008,
- 0x00200000, 0x00202000, 0x80200000, 0x80202000,
- 0x00200008, 0x00202008, 0x80200008, 0x80202008,
- 0x20000000, 0x20002000, 0xa0000000, 0xa0002000,
- 0x20000008, 0x20002008, 0xa0000008, 0xa0002008,
- 0x20200000, 0x20202000, 0xa0200000, 0xa0202000,
- 0x20200008, 0x20202008, 0xa0200008, 0xa0202008,
- 0x00000400, 0x00002400, 0x80000400, 0x80002400,
- 0x00000408, 0x00002408, 0x80000408, 0x80002408,
- 0x00200400, 0x00202400, 0x80200400, 0x80202400,
- 0x00200408, 0x00202408, 0x80200408, 0x80202408,
- 0x20000400, 0x20002400, 0xa0000400, 0xa0002400,
- 0x20000408, 0x20002408, 0xa0000408, 0xa0002408,
- 0x20200400, 0x20202400, 0xa0200400, 0xa0202400,
- 0x20200408, 0x20202408, 0xa0200408, 0xa0202408
- },
-/* table 2 */ {
- 0x00000000, 0x00004000, 0x00000020, 0x00004020,
- 0x00080000, 0x00084000, 0x00080020, 0x00084020,
- 0x00000800, 0x00004800, 0x00000820, 0x00004820,
- 0x00080800, 0x00084800, 0x00080820, 0x00084820,
- 0x00000010, 0x00004010, 0x00000030, 0x00004030,
- 0x00080010, 0x00084010, 0x00080030, 0x00084030,
- 0x00000810, 0x00004810, 0x00000830, 0x00004830,
- 0x00080810, 0x00084810, 0x00080830, 0x00084830,
- 0x00400000, 0x00404000, 0x00400020, 0x00404020,
- 0x00480000, 0x00484000, 0x00480020, 0x00484020,
- 0x00400800, 0x00404800, 0x00400820, 0x00404820,
- 0x00480800, 0x00484800, 0x00480820, 0x00484820,
- 0x00400010, 0x00404010, 0x00400030, 0x00404030,
- 0x00480010, 0x00484010, 0x00480030, 0x00484030,
- 0x00400810, 0x00404810, 0x00400830, 0x00404830,
- 0x00480810, 0x00484810, 0x00480830, 0x00484830
- },
-/* table 3 */ {
- 0x00000000, 0x40000000, 0x00000080, 0x40000080,
- 0x00040000, 0x40040000, 0x00040080, 0x40040080,
- 0x00000040, 0x40000040, 0x000000c0, 0x400000c0,
- 0x00040040, 0x40040040, 0x000400c0, 0x400400c0,
- 0x10000000, 0x50000000, 0x10000080, 0x50000080,
- 0x10040000, 0x50040000, 0x10040080, 0x50040080,
- 0x10000040, 0x50000040, 0x100000c0, 0x500000c0,
- 0x10040040, 0x50040040, 0x100400c0, 0x500400c0,
- 0x00800000, 0x40800000, 0x00800080, 0x40800080,
- 0x00840000, 0x40840000, 0x00840080, 0x40840080,
- 0x00800040, 0x40800040, 0x008000c0, 0x408000c0,
- 0x00840040, 0x40840040, 0x008400c0, 0x408400c0,
- 0x10800000, 0x50800000, 0x10800080, 0x50800080,
- 0x10840000, 0x50840000, 0x10840080, 0x50840080,
- 0x10800040, 0x50800040, 0x108000c0, 0x508000c0,
- 0x10840040, 0x50840040, 0x108400c0, 0x508400c0
- },
-/* table 4 */ {
- 0x00000000, 0x00000008, 0x08000000, 0x08000008,
- 0x00040000, 0x00040008, 0x08040000, 0x08040008,
- 0x00002000, 0x00002008, 0x08002000, 0x08002008,
- 0x00042000, 0x00042008, 0x08042000, 0x08042008,
- 0x80000000, 0x80000008, 0x88000000, 0x88000008,
- 0x80040000, 0x80040008, 0x88040000, 0x88040008,
- 0x80002000, 0x80002008, 0x88002000, 0x88002008,
- 0x80042000, 0x80042008, 0x88042000, 0x88042008,
- 0x00080000, 0x00080008, 0x08080000, 0x08080008,
- 0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008,
- 0x00082000, 0x00082008, 0x08082000, 0x08082008,
- 0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008,
- 0x80080000, 0x80080008, 0x88080000, 0x88080008,
- 0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008,
- 0x80082000, 0x80082008, 0x88082000, 0x88082008,
- 0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008
- },
-/* table 5 */ {
- 0x00000000, 0x00400000, 0x00008000, 0x00408000,
- 0x40000000, 0x40400000, 0x40008000, 0x40408000,
- 0x00000020, 0x00400020, 0x00008020, 0x00408020,
- 0x40000020, 0x40400020, 0x40008020, 0x40408020,
- 0x00001000, 0x00401000, 0x00009000, 0x00409000,
- 0x40001000, 0x40401000, 0x40009000, 0x40409000,
- 0x00001020, 0x00401020, 0x00009020, 0x00409020,
- 0x40001020, 0x40401020, 0x40009020, 0x40409020,
- 0x00100000, 0x00500000, 0x00108000, 0x00508000,
- 0x40100000, 0x40500000, 0x40108000, 0x40508000,
- 0x00100020, 0x00500020, 0x00108020, 0x00508020,
- 0x40100020, 0x40500020, 0x40108020, 0x40508020,
- 0x00101000, 0x00501000, 0x00109000, 0x00509000,
- 0x40101000, 0x40501000, 0x40109000, 0x40509000,
- 0x00101020, 0x00501020, 0x00109020, 0x00509020,
- 0x40101020, 0x40501020, 0x40109020, 0x40509020
- },
-/* table 6 */ {
- 0x00000000, 0x00000040, 0x04000000, 0x04000040,
- 0x00000800, 0x00000840, 0x04000800, 0x04000840,
- 0x00800000, 0x00800040, 0x04800000, 0x04800040,
- 0x00800800, 0x00800840, 0x04800800, 0x04800840,
- 0x10000000, 0x10000040, 0x14000000, 0x14000040,
- 0x10000800, 0x10000840, 0x14000800, 0x14000840,
- 0x10800000, 0x10800040, 0x14800000, 0x14800040,
- 0x10800800, 0x10800840, 0x14800800, 0x14800840,
- 0x00000080, 0x000000c0, 0x04000080, 0x040000c0,
- 0x00000880, 0x000008c0, 0x04000880, 0x040008c0,
- 0x00800080, 0x008000c0, 0x04800080, 0x048000c0,
- 0x00800880, 0x008008c0, 0x04800880, 0x048008c0,
- 0x10000080, 0x100000c0, 0x14000080, 0x140000c0,
- 0x10000880, 0x100008c0, 0x14000880, 0x140008c0,
- 0x10800080, 0x108000c0, 0x14800080, 0x148000c0,
- 0x10800880, 0x108008c0, 0x14800880, 0x148008c0
- },
-/* table 7 */ {
- 0x00000000, 0x00000010, 0x00000400, 0x00000410,
- 0x00000004, 0x00000014, 0x00000404, 0x00000414,
- 0x00004000, 0x00004010, 0x00004400, 0x00004410,
- 0x00004004, 0x00004014, 0x00004404, 0x00004414,
- 0x20000000, 0x20000010, 0x20000400, 0x20000410,
- 0x20000004, 0x20000014, 0x20000404, 0x20000414,
- 0x20004000, 0x20004010, 0x20004400, 0x20004410,
- 0x20004004, 0x20004014, 0x20004404, 0x20004414,
- 0x00200000, 0x00200010, 0x00200400, 0x00200410,
- 0x00200004, 0x00200014, 0x00200404, 0x00200414,
- 0x00204000, 0x00204010, 0x00204400, 0x00204410,
- 0x00204004, 0x00204014, 0x00204404, 0x00204414,
- 0x20200000, 0x20200010, 0x20200400, 0x20200410,
- 0x20200004, 0x20200014, 0x20200404, 0x20200414,
- 0x20204000, 0x20204010, 0x20204400, 0x20204410,
- 0x20204004, 0x20204014, 0x20204404, 0x20204414
- }
+ /* table 0 */
+ { 0x00000000, 0x00001000, 0x04000000, 0x04001000,
+ 0x00100000, 0x00101000, 0x04100000, 0x04101000,
+ 0x00008000, 0x00009000, 0x04008000, 0x04009000,
+ 0x00108000, 0x00109000, 0x04108000, 0x04109000,
+ 0x00000004, 0x00001004, 0x04000004, 0x04001004,
+ 0x00100004, 0x00101004, 0x04100004, 0x04101004,
+ 0x00008004, 0x00009004, 0x04008004, 0x04009004,
+ 0x00108004, 0x00109004, 0x04108004, 0x04109004,
+ 0x08000000, 0x08001000, 0x0c000000, 0x0c001000,
+ 0x08100000, 0x08101000, 0x0c100000, 0x0c101000,
+ 0x08008000, 0x08009000, 0x0c008000, 0x0c009000,
+ 0x08108000, 0x08109000, 0x0c108000, 0x0c109000,
+ 0x08000004, 0x08001004, 0x0c000004, 0x0c001004,
+ 0x08100004, 0x08101004, 0x0c100004, 0x0c101004,
+ 0x08008004, 0x08009004, 0x0c008004, 0x0c009004,
+ 0x08108004, 0x08109004, 0x0c108004, 0x0c109004 },
+ /* table 1 */
+ { 0x00000000, 0x00002000, 0x80000000, 0x80002000,
+ 0x00000008, 0x00002008, 0x80000008, 0x80002008,
+ 0x00200000, 0x00202000, 0x80200000, 0x80202000,
+ 0x00200008, 0x00202008, 0x80200008, 0x80202008,
+ 0x20000000, 0x20002000, 0xa0000000, 0xa0002000,
+ 0x20000008, 0x20002008, 0xa0000008, 0xa0002008,
+ 0x20200000, 0x20202000, 0xa0200000, 0xa0202000,
+ 0x20200008, 0x20202008, 0xa0200008, 0xa0202008,
+ 0x00000400, 0x00002400, 0x80000400, 0x80002400,
+ 0x00000408, 0x00002408, 0x80000408, 0x80002408,
+ 0x00200400, 0x00202400, 0x80200400, 0x80202400,
+ 0x00200408, 0x00202408, 0x80200408, 0x80202408,
+ 0x20000400, 0x20002400, 0xa0000400, 0xa0002400,
+ 0x20000408, 0x20002408, 0xa0000408, 0xa0002408,
+ 0x20200400, 0x20202400, 0xa0200400, 0xa0202400,
+ 0x20200408, 0x20202408, 0xa0200408, 0xa0202408 },
+ /* table 2 */
+ { 0x00000000, 0x00004000, 0x00000020, 0x00004020,
+ 0x00080000, 0x00084000, 0x00080020, 0x00084020,
+ 0x00000800, 0x00004800, 0x00000820, 0x00004820,
+ 0x00080800, 0x00084800, 0x00080820, 0x00084820,
+ 0x00000010, 0x00004010, 0x00000030, 0x00004030,
+ 0x00080010, 0x00084010, 0x00080030, 0x00084030,
+ 0x00000810, 0x00004810, 0x00000830, 0x00004830,
+ 0x00080810, 0x00084810, 0x00080830, 0x00084830,
+ 0x00400000, 0x00404000, 0x00400020, 0x00404020,
+ 0x00480000, 0x00484000, 0x00480020, 0x00484020,
+ 0x00400800, 0x00404800, 0x00400820, 0x00404820,
+ 0x00480800, 0x00484800, 0x00480820, 0x00484820,
+ 0x00400010, 0x00404010, 0x00400030, 0x00404030,
+ 0x00480010, 0x00484010, 0x00480030, 0x00484030,
+ 0x00400810, 0x00404810, 0x00400830, 0x00404830,
+ 0x00480810, 0x00484810, 0x00480830, 0x00484830 },
+ /* table 3 */
+ { 0x00000000, 0x40000000, 0x00000080, 0x40000080,
+ 0x00040000, 0x40040000, 0x00040080, 0x40040080,
+ 0x00000040, 0x40000040, 0x000000c0, 0x400000c0,
+ 0x00040040, 0x40040040, 0x000400c0, 0x400400c0,
+ 0x10000000, 0x50000000, 0x10000080, 0x50000080,
+ 0x10040000, 0x50040000, 0x10040080, 0x50040080,
+ 0x10000040, 0x50000040, 0x100000c0, 0x500000c0,
+ 0x10040040, 0x50040040, 0x100400c0, 0x500400c0,
+ 0x00800000, 0x40800000, 0x00800080, 0x40800080,
+ 0x00840000, 0x40840000, 0x00840080, 0x40840080,
+ 0x00800040, 0x40800040, 0x008000c0, 0x408000c0,
+ 0x00840040, 0x40840040, 0x008400c0, 0x408400c0,
+ 0x10800000, 0x50800000, 0x10800080, 0x50800080,
+ 0x10840000, 0x50840000, 0x10840080, 0x50840080,
+ 0x10800040, 0x50800040, 0x108000c0, 0x508000c0,
+ 0x10840040, 0x50840040, 0x108400c0, 0x508400c0 },
+ /* table 4 */
+ { 0x00000000, 0x00000008, 0x08000000, 0x08000008,
+ 0x00040000, 0x00040008, 0x08040000, 0x08040008,
+ 0x00002000, 0x00002008, 0x08002000, 0x08002008,
+ 0x00042000, 0x00042008, 0x08042000, 0x08042008,
+ 0x80000000, 0x80000008, 0x88000000, 0x88000008,
+ 0x80040000, 0x80040008, 0x88040000, 0x88040008,
+ 0x80002000, 0x80002008, 0x88002000, 0x88002008,
+ 0x80042000, 0x80042008, 0x88042000, 0x88042008,
+ 0x00080000, 0x00080008, 0x08080000, 0x08080008,
+ 0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008,
+ 0x00082000, 0x00082008, 0x08082000, 0x08082008,
+ 0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008,
+ 0x80080000, 0x80080008, 0x88080000, 0x88080008,
+ 0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008,
+ 0x80082000, 0x80082008, 0x88082000, 0x88082008,
+ 0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008 },
+ /* table 5 */
+ { 0x00000000, 0x00400000, 0x00008000, 0x00408000,
+ 0x40000000, 0x40400000, 0x40008000, 0x40408000,
+ 0x00000020, 0x00400020, 0x00008020, 0x00408020,
+ 0x40000020, 0x40400020, 0x40008020, 0x40408020,
+ 0x00001000, 0x00401000, 0x00009000, 0x00409000,
+ 0x40001000, 0x40401000, 0x40009000, 0x40409000,
+ 0x00001020, 0x00401020, 0x00009020, 0x00409020,
+ 0x40001020, 0x40401020, 0x40009020, 0x40409020,
+ 0x00100000, 0x00500000, 0x00108000, 0x00508000,
+ 0x40100000, 0x40500000, 0x40108000, 0x40508000,
+ 0x00100020, 0x00500020, 0x00108020, 0x00508020,
+ 0x40100020, 0x40500020, 0x40108020, 0x40508020,
+ 0x00101000, 0x00501000, 0x00109000, 0x00509000,
+ 0x40101000, 0x40501000, 0x40109000, 0x40509000,
+ 0x00101020, 0x00501020, 0x00109020, 0x00509020,
+ 0x40101020, 0x40501020, 0x40109020, 0x40509020 },
+ /* table 6 */
+ { 0x00000000, 0x00000040, 0x04000000, 0x04000040,
+ 0x00000800, 0x00000840, 0x04000800, 0x04000840,
+ 0x00800000, 0x00800040, 0x04800000, 0x04800040,
+ 0x00800800, 0x00800840, 0x04800800, 0x04800840,
+ 0x10000000, 0x10000040, 0x14000000, 0x14000040,
+ 0x10000800, 0x10000840, 0x14000800, 0x14000840,
+ 0x10800000, 0x10800040, 0x14800000, 0x14800040,
+ 0x10800800, 0x10800840, 0x14800800, 0x14800840,
+ 0x00000080, 0x000000c0, 0x04000080, 0x040000c0,
+ 0x00000880, 0x000008c0, 0x04000880, 0x040008c0,
+ 0x00800080, 0x008000c0, 0x04800080, 0x048000c0,
+ 0x00800880, 0x008008c0, 0x04800880, 0x048008c0,
+ 0x10000080, 0x100000c0, 0x14000080, 0x140000c0,
+ 0x10000880, 0x100008c0, 0x14000880, 0x140008c0,
+ 0x10800080, 0x108000c0, 0x14800080, 0x148000c0,
+ 0x10800880, 0x108008c0, 0x14800880, 0x148008c0 },
+ /* table 7 */
+ { 0x00000000, 0x00000010, 0x00000400, 0x00000410,
+ 0x00000004, 0x00000014, 0x00000404, 0x00000414,
+ 0x00004000, 0x00004010, 0x00004400, 0x00004410,
+ 0x00004004, 0x00004014, 0x00004404, 0x00004414,
+ 0x20000000, 0x20000010, 0x20000400, 0x20000410,
+ 0x20000004, 0x20000014, 0x20000404, 0x20000414,
+ 0x20004000, 0x20004010, 0x20004400, 0x20004410,
+ 0x20004004, 0x20004014, 0x20004404, 0x20004414,
+ 0x00200000, 0x00200010, 0x00200400, 0x00200410,
+ 0x00200004, 0x00200014, 0x00200404, 0x00200414,
+ 0x00204000, 0x00204010, 0x00204400, 0x00204410,
+ 0x00204004, 0x00204014, 0x00204404, 0x00204414,
+ 0x20200000, 0x20200010, 0x20200400, 0x20200410,
+ 0x20200004, 0x20200014, 0x20200404, 0x20200414,
+ 0x20204000, 0x20204010, 0x20204400, 0x20204410,
+ 0x20204004, 0x20204014, 0x20204404, 0x20204414 }
};
/*
* The PC-1 Permutation
* If we number the bits of the 8 bytes of key input like this (in octal):
- * 00 01 02 03 04 05 06 07
- * 10 11 12 13 14 15 16 17
- * 20 21 22 23 24 25 26 27
- * 30 31 32 33 34 35 36 37
- * 40 41 42 43 44 45 46 47
- * 50 51 52 53 54 55 56 57
- * 60 61 62 63 64 65 66 67
- * 70 71 72 73 74 75 76 77
- * then after the PC-1 permutation,
+ * 00 01 02 03 04 05 06 07
+ * 10 11 12 13 14 15 16 17
+ * 20 21 22 23 24 25 26 27
+ * 30 31 32 33 34 35 36 37
+ * 40 41 42 43 44 45 46 47
+ * 50 51 52 53 54 55 56 57
+ * 60 61 62 63 64 65 66 67
+ * 70 71 72 73 74 75 76 77
+ * then after the PC-1 permutation,
* C0 is
- * 70 60 50 40 30 20 10 00
- * 71 61 51 41 31 21 11 01
- * 72 62 52 42 32 22 12 02
- * 73 63 53 43
+ * 70 60 50 40 30 20 10 00
+ * 71 61 51 41 31 21 11 01
+ * 72 62 52 42 32 22 12 02
+ * 73 63 53 43
* D0 is
- * 76 66 56 46 36 26 16 06
- * 75 65 55 45 35 25 15 05
- * 74 64 54 44 34 24 14 04
- * 33 23 13 03
+ * 76 66 56 46 36 26 16 06
+ * 75 65 55 45 35 25 15 05
+ * 74 64 54 44 34 24 14 04
+ * 33 23 13 03
* and these parity bits have been discarded:
- * 77 67 57 47 37 27 17 07
- *
+ * 77 67 57 47 37 27 17 07
+ *
* We achieve this by flipping the input matrix about the diagonal from 70-07,
- * getting left =
- * 77 67 57 47 37 27 17 07 (these are the parity bits)
- * 76 66 56 46 36 26 16 06
- * 75 65 55 45 35 25 15 05
- * 74 64 54 44 34 24 14 04
- * right =
- * 73 63 53 43 33 23 13 03
- * 72 62 52 42 32 22 12 02
- * 71 61 51 41 31 21 11 01
- * 70 60 50 40 30 20 10 00
+ * getting left =
+ * 77 67 57 47 37 27 17 07 (these are the parity bits)
+ * 76 66 56 46 36 26 16 06
+ * 75 65 55 45 35 25 15 05
+ * 74 64 54 44 34 24 14 04
+ * right =
+ * 73 63 53 43 33 23 13 03
+ * 72 62 52 42 32 22 12 02
+ * 71 61 51 41 31 21 11 01
+ * 70 60 50 40 30 20 10 00
* then byte swap right, ala htonl() on a little endian machine.
- * right =
- * 70 60 50 40 30 20 10 00
- * 71 67 57 47 37 27 11 07
- * 72 62 52 42 32 22 12 02
- * 73 63 53 43 33 23 13 03
+ * right =
+ * 70 60 50 40 30 20 10 00
+ * 71 67 57 47 37 27 11 07
+ * 72 62 52 42 32 22 12 02
+ * 73 63 53 43 33 23 13 03
* then
* c0 = right >> 4;
* d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
*/
-#define FLIP_RIGHT_DIAGONAL(word, temp) \
- temp = (word ^ (word >> 18)) & 0x00003333; \
- word ^= temp | (temp << 18); \
- temp = (word ^ (word >> 9)) & 0x00550055; \
- word ^= temp | (temp << 9);
+#define FLIP_RIGHT_DIAGONAL(word, temp) \
+ temp = (word ^ (word >> 18)) & 0x00003333; \
+ word ^= temp | (temp << 18); \
+ temp = (word ^ (word >> 9)) & 0x00550055; \
+ word ^= temp | (temp << 9);
#if defined(__GNUC__) && defined(NSS_X86_OR_X64)
#define BYTESWAP(word, temp) \
- __asm("bswap %0" : "+r" (word));
+ __asm("bswap %0" \
+ : "+r"(word));
#elif (_MSC_VER >= 1300) && defined(NSS_X86_OR_X64)
#include <stdlib.h>
#pragma intrinsic(_byteswap_ulong)
#define BYTESWAP(word, temp) \
word = _byteswap_ulong(word);
-#elif defined(__GNUC__) && (defined(__thumb2__) || \
- (!defined(__thumb__) && \
- (defined(__ARM_ARCH_6__) || \
- defined(__ARM_ARCH_6J__) || \
- defined(__ARM_ARCH_6K__) || \
- defined(__ARM_ARCH_6Z__) || \
- defined(__ARM_ARCH_6ZK__) || \
- defined(__ARM_ARCH_6T2__) || \
- defined(__ARM_ARCH_7__) || \
- defined(__ARM_ARCH_7A__) || \
- defined(__ARM_ARCH_7R__))))
+#elif defined(__GNUC__) && (defined(__thumb2__) || \
+ (!defined(__thumb__) && \
+ (defined(__ARM_ARCH_6__) || \
+ defined(__ARM_ARCH_6J__) || \
+ defined(__ARM_ARCH_6K__) || \
+ defined(__ARM_ARCH_6Z__) || \
+ defined(__ARM_ARCH_6ZK__) || \
+ defined(__ARM_ARCH_6T2__) || \
+ defined(__ARM_ARCH_7__) || \
+ defined(__ARM_ARCH_7A__) || \
+ defined(__ARM_ARCH_7R__))))
#define BYTESWAP(word, temp) \
- __asm("rev %0, %0" : "+r" (word));
+ __asm("rev %0, %0" \
+ : "+r"(word));
#else
-#define BYTESWAP(word, temp) \
+#define BYTESWAP(word, temp) \
word = (word >> 16) | (word << 16); \
- temp = 0x00ff00ff; \
- word = ((word & temp) << 8) | ((word >> 8) & temp);
+ temp = 0x00ff00ff; \
+ word = ((word & temp) << 8) | ((word >> 8) & temp);
#endif
-#define PC1(left, right, c0, d0, temp) \
+#define PC1(left, right, c0, d0, temp) \
right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
- left ^= temp << 4; \
- FLIP_RIGHT_DIAGONAL(left, temp); \
- FLIP_RIGHT_DIAGONAL(right, temp); \
- BYTESWAP(right, temp); \
- c0 = right >> 4; \
- d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
+ left ^= temp << 4; \
+ FLIP_RIGHT_DIAGONAL(left, temp); \
+ FLIP_RIGHT_DIAGONAL(right, temp); \
+ BYTESWAP(right, temp); \
+ c0 = right >> 4; \
+ d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
-#define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
-#define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
+#define LEFT_SHIFT_1(reg) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
+#define LEFT_SHIFT_2(reg) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
/*
* setup key schedules from key
*/
-void
-DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction)
+void
+DES_MakeSchedule(HALF *ks, const BYTE *key, DESDirection direction)
{
register HALF left, right;
register HALF c0, d0;
register HALF temp;
- int delta;
- unsigned int ls;
+ int delta;
+ unsigned int ls;
#if defined(HAVE_UNALIGNED_ACCESS)
- left = HALFPTR(key)[0];
- right = HALFPTR(key)[1];
+ left = HALFPTR(key)[0];
+ right = HALFPTR(key)[1];
#if defined(IS_LITTLE_ENDIAN)
BYTESWAP(left, temp);
BYTESWAP(right, temp);
#endif
#else
if (((ptrdiff_t)key & 0x03) == 0) {
- left = HALFPTR(key)[0];
- right = HALFPTR(key)[1];
+ left = HALFPTR(key)[0];
+ right = HALFPTR(key)[1];
#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP(left, temp);
- BYTESWAP(right, temp);
+ BYTESWAP(left, temp);
+ BYTESWAP(right, temp);
#endif
} else {
- left = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) |
- ((HALF)key[2] << 8) | key[3];
- right = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) |
- ((HALF)key[6] << 8) | key[7];
+ left = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) |
+ ((HALF)key[2] << 8) | key[3];
+ right = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) |
+ ((HALF)key[6] << 8) | key[7];
}
#endif
PC1(left, right, c0, d0, temp);
if (direction == DES_ENCRYPT) {
- delta = 2 * (int)sizeof(HALF);
+ delta = 2 * (int)sizeof(HALF);
} else {
- ks += 30;
- delta = (-2) * (int)sizeof(HALF);
+ ks += 30;
+ delta = (-2) * (int)sizeof(HALF);
}
for (ls = 0x8103; ls; ls >>= 1) {
- if ( ls & 1 ) {
- c0 = LEFT_SHIFT_1( c0 );
- d0 = LEFT_SHIFT_1( d0 );
- } else {
- c0 = LEFT_SHIFT_2( c0 );
- d0 = LEFT_SHIFT_2( d0 );
- }
+ if (ls & 1) {
+ c0 = LEFT_SHIFT_1(c0);
+ d0 = LEFT_SHIFT_1(d0);
+ } else {
+ c0 = LEFT_SHIFT_2(c0);
+ d0 = LEFT_SHIFT_2(d0);
+ }
#ifdef USE_INDEXING
-#define PC2LOOKUP(b,c) PC2[b][c]
+#define PC2LOOKUP(b, c) PC2[b][c]
- left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F) );
- left |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F) );
- left |= PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7) );
- left |= PC2LOOKUP(3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
+ left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F));
+ left |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F));
+ left |= PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7));
+ left |= PC2LOOKUP(3, ((c0 >> 18) & 0xC) | ((c0 >> 11) & 0x3) | (c0 & 0x30));
- right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F) );
- right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
- right |= PC2LOOKUP(6, ((d0 >> 7) & 0x3F) );
- right |= PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
+ right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F));
+ right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf));
+ right |= PC2LOOKUP(6, ((d0 >> 7) & 0x3F));
+ right |= PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
#else
-#define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c))
+#define PC2LOOKUP(b, c) *(HALF *)((BYTE *)&PC2[b][0] + (c))
- left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC) );
- left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC) );
- left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C) );
- left |= PC2LOOKUP(3, ((c0>>16)&0x30)|((c0>>9)&0xC)|((c0<<2)&0xC0));
+ left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC));
+ left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC));
+ left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C));
+ left |= PC2LOOKUP(3, ((c0 >> 16) & 0x30) | ((c0 >> 9) & 0xC) | ((c0 << 2) & 0xC0));
- right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC) );
- right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C) );
- right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC) );
- right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C));
+ right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC));
+ right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C));
+ right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC));
+ right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C));
#endif
- /* left contains key bits for S1 S3 S2 S4 */
- /* right contains key bits for S6 S8 S5 S7 */
- temp = (left << 16) /* S2 S4 XX XX */
- | (right >> 16); /* XX XX S6 S8 */
- ks[0] = temp;
+ /* left contains key bits for S1 S3 S2 S4 */
+ /* right contains key bits for S6 S8 S5 S7 */
+ temp = (left << 16) /* S2 S4 XX XX */
+ | (right >> 16); /* XX XX S6 S8 */
+ ks[0] = temp;
- temp = (left & 0xffff0000) /* S1 S3 XX XX */
- | (right & 0x0000ffff);/* XX XX S5 S7 */
- ks[1] = temp;
+ temp = (left & 0xffff0000) /* S1 S3 XX XX */
+ | (right & 0x0000ffff); /* XX XX S5 S7 */
+ ks[1] = temp;
- ks = (HALF*)((BYTE *)ks + delta);
+ ks = (HALF *)((BYTE *)ks + delta);
}
}
/*
* The DES Initial Permutation
* if we number the bits of the 8 bytes of input like this (in octal):
- * 00 01 02 03 04 05 06 07
- * 10 11 12 13 14 15 16 17
- * 20 21 22 23 24 25 26 27
- * 30 31 32 33 34 35 36 37
- * 40 41 42 43 44 45 46 47
- * 50 51 52 53 54 55 56 57
- * 60 61 62 63 64 65 66 67
- * 70 71 72 73 74 75 76 77
- * then after the initial permutation, they will be in this order.
- * 71 61 51 41 31 21 11 01
- * 73 63 53 43 33 23 13 03
- * 75 65 55 45 35 25 15 05
- * 77 67 57 47 37 27 17 07
- * 70 60 50 40 30 20 10 00
- * 72 62 52 42 32 22 12 02
- * 74 64 54 44 34 24 14 04
- * 76 66 56 46 36 26 16 06
+ * 00 01 02 03 04 05 06 07
+ * 10 11 12 13 14 15 16 17
+ * 20 21 22 23 24 25 26 27
+ * 30 31 32 33 34 35 36 37
+ * 40 41 42 43 44 45 46 47
+ * 50 51 52 53 54 55 56 57
+ * 60 61 62 63 64 65 66 67
+ * 70 71 72 73 74 75 76 77
+ * then after the initial permutation, they will be in this order.
+ * 71 61 51 41 31 21 11 01
+ * 73 63 53 43 33 23 13 03
+ * 75 65 55 45 35 25 15 05
+ * 77 67 57 47 37 27 17 07
+ * 70 60 50 40 30 20 10 00
+ * 72 62 52 42 32 22 12 02
+ * 74 64 54 44 34 24 14 04
+ * 76 66 56 46 36 26 16 06
*
* One way to do this is in two steps:
* 1. Flip this matrix about the diagonal from 70-07 as done for PC1.
@@ -535,97 +521,97 @@ DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction)
*
* #define swapHiLo(word, temp) \
* temp = (word ^ (word >> 24)) & 0x000000ff; \
- * word ^= temp | (temp << 24);
+ * word ^= temp | (temp << 24);
*
- * right ^= temp = ((left << 8) ^ right) & 0xff00ff00;
- * left ^= temp >> 8;
+ * right ^= temp = ((left << 8) ^ right) & 0xff00ff00;
+ * left ^= temp >> 8;
* swapHiLo(left, temp);
* swapHiLo(right,temp);
*
* However, the two steps can be combined, so that the rows are rearranged
* while the matrix is being flipped, reducing the number of bit exchange
- * operations from 8 ot 5.
+ * operations from 8 ot 5.
*
* Initial Permutation */
-#define IP(left, right, temp) \
- right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
- left ^= temp << 4; \
+#define IP(left, right, temp) \
+ right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
+ left ^= temp << 4; \
right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
- left ^= temp << 16; \
- right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
- left ^= temp >> 2; \
- right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
- left ^= temp >> 8; \
- right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
- left ^= temp << 1;
-
-/* The Final (Inverse Initial) permutation is done by reversing the
-** steps of the Initital Permutation
+ left ^= temp << 16; \
+ right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
+ left ^= temp >> 2; \
+ right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
+ left ^= temp >> 8; \
+ right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
+ left ^= temp << 1;
+
+/* The Final (Inverse Initial) permutation is done by reversing the
+** steps of the Initital Permutation
*/
-#define FP(left, right, temp) \
- right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
- left ^= temp << 1; \
- right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
- left ^= temp >> 8; \
- right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
- left ^= temp >> 2; \
+#define FP(left, right, temp) \
+ right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
+ left ^= temp << 1; \
+ right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
+ left ^= temp >> 8; \
+ right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
+ left ^= temp >> 2; \
right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
- left ^= temp << 16; \
- right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
- left ^= temp << 4;
+ left ^= temp << 16; \
+ right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
+ left ^= temp << 4;
-void
-DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
+void
+DES_Do1Block(HALF *ks, const BYTE *inbuf, BYTE *outbuf)
{
register HALF left, right;
register HALF temp;
#if defined(HAVE_UNALIGNED_ACCESS)
- left = HALFPTR(inbuf)[0];
- right = HALFPTR(inbuf)[1];
+ left = HALFPTR(inbuf)[0];
+ right = HALFPTR(inbuf)[1];
#if defined(IS_LITTLE_ENDIAN)
BYTESWAP(left, temp);
BYTESWAP(right, temp);
#endif
#else
if (((ptrdiff_t)inbuf & 0x03) == 0) {
- left = HALFPTR(inbuf)[0];
- right = HALFPTR(inbuf)[1];
+ left = HALFPTR(inbuf)[0];
+ right = HALFPTR(inbuf)[1];
#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP(left, temp);
- BYTESWAP(right, temp);
+ BYTESWAP(left, temp);
+ BYTESWAP(right, temp);
#endif
} else {
- left = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) |
- ((HALF)inbuf[2] << 8) | inbuf[3];
- right = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) |
- ((HALF)inbuf[6] << 8) | inbuf[7];
+ left = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) |
+ ((HALF)inbuf[2] << 8) | inbuf[3];
+ right = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) |
+ ((HALF)inbuf[6] << 8) | inbuf[7];
}
#endif
IP(left, right, temp);
/* shift the values left circularly 3 bits. */
- left = (left << 3) | (left >> 29);
+ left = (left << 3) | (left >> 29);
right = (right << 3) | (right >> 29);
#ifdef USE_INDEXING
-#define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)]
+#define KSLOOKUP(s, b) SP[s][((temp >> (b + 2)) & 0x3f)]
#else
-#define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC))
+#define KSLOOKUP(s, b) *(HALF *)((BYTE *)&SP[s][0] + ((temp >> b) & 0xFC))
#endif
-#define ROUND(out, in, r) \
- temp = in ^ ks[2*r]; \
- out ^= KSLOOKUP( 1, 24 ); \
- out ^= KSLOOKUP( 3, 16 ); \
- out ^= KSLOOKUP( 5, 8 ); \
- out ^= KSLOOKUP( 7, 0 ); \
- temp = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \
- out ^= KSLOOKUP( 0, 24 ); \
- out ^= KSLOOKUP( 2, 16 ); \
- out ^= KSLOOKUP( 4, 8 ); \
- out ^= KSLOOKUP( 6, 0 );
+#define ROUND(out, in, r) \
+ temp = in ^ ks[2 * r]; \
+ out ^= KSLOOKUP(1, 24); \
+ out ^= KSLOOKUP(3, 16); \
+ out ^= KSLOOKUP(5, 8); \
+ out ^= KSLOOKUP(7, 0); \
+ temp = ((in >> 4) | (in << 28)) ^ ks[2 * r + 1]; \
+ out ^= KSLOOKUP(0, 24); \
+ out ^= KSLOOKUP(2, 16); \
+ out ^= KSLOOKUP(4, 8); \
+ out ^= KSLOOKUP(6, 0);
/* Do the 16 Feistel rounds */
ROUND(left, right, 0)
@@ -645,11 +631,11 @@ DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
ROUND(left, right, 14)
ROUND(right, left, 15)
- /* now shift circularly right 3 bits to undo the shifting done
- ** above. switch left and right here.
+ /* now shift circularly right 3 bits to undo the shifting done
+ ** above. switch left and right here.
*/
- temp = (left >> 3) | (left << 29);
- left = (right >> 3) | (right << 29);
+ temp = (left >> 3) | (left << 29);
+ left = (right >> 3) | (right << 29);
right = temp;
FP(left, right, temp);
@@ -659,35 +645,38 @@ DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
BYTESWAP(left, temp);
BYTESWAP(right, temp);
#endif
- HALFPTR(outbuf)[0] = left;
- HALFPTR(outbuf)[1] = right;
+ HALFPTR(outbuf)
+ [0] = left;
+ HALFPTR(outbuf)
+ [1] = right;
#else
if (((ptrdiff_t)outbuf & 0x03) == 0) {
#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP(left, temp);
- BYTESWAP(right, temp);
+ BYTESWAP(left, temp);
+ BYTESWAP(right, temp);
#endif
- HALFPTR(outbuf)[0] = left;
- HALFPTR(outbuf)[1] = right;
+ HALFPTR(outbuf)
+ [0] = left;
+ HALFPTR(outbuf)
+ [1] = right;
} else {
- outbuf[0] = (BYTE)(left >> 24);
- outbuf[1] = (BYTE)(left >> 16);
- outbuf[2] = (BYTE)(left >> 8);
- outbuf[3] = (BYTE)(left );
-
- outbuf[4] = (BYTE)(right >> 24);
- outbuf[5] = (BYTE)(right >> 16);
- outbuf[6] = (BYTE)(right >> 8);
- outbuf[7] = (BYTE)(right );
+ outbuf[0] = (BYTE)(left >> 24);
+ outbuf[1] = (BYTE)(left >> 16);
+ outbuf[2] = (BYTE)(left >> 8);
+ outbuf[3] = (BYTE)(left);
+
+ outbuf[4] = (BYTE)(right >> 24);
+ outbuf[5] = (BYTE)(right >> 16);
+ outbuf[6] = (BYTE)(right >> 8);
+ outbuf[7] = (BYTE)(right);
}
#endif
-
}
/* Ackowledgements:
-** Two ideas used in this implementation were shown to me by Dennis Ferguson
+** Two ideas used in this implementation were shown to me by Dennis Ferguson
** in 1990. He credits them to Richard Outerbridge and Dan Hoey. They were:
** 1. The method of computing the Initial and Final permutations.
-** 2. Circularly rotating the SP tables and the initial values of left and
-** right to reduce the number of shifts required during the 16 rounds.
+** 2. Circularly rotating the SP tables and the initial values of left and
+** right to reduce the number of shifts required during the 16 rounds.
*/
diff --git a/lib/freebl/des.h b/lib/freebl/des.h
index 10dba12d0..70a17e510 100644
--- a/lib/freebl/des.h
+++ b/lib/freebl/des.h
@@ -13,7 +13,7 @@
#include "blapi.h"
typedef unsigned char BYTE;
-typedef unsigned int HALF;
+typedef unsigned int HALF;
#define HALFPTR(x) ((HALF *)(x))
#define SHORTPTR(x) ((unsigned short *)(x))
@@ -24,20 +24,20 @@ typedef enum {
DES_DECRYPT = 0xAAAA
} DESDirection;
-typedef void DESFunc(struct DESContextStr *cx, BYTE *out, const BYTE *in,
+typedef void DESFunc(struct DESContextStr *cx, BYTE *out, const BYTE *in,
unsigned int len);
struct DESContextStr {
/* key schedule, 16 internal keys, each with 8 6-bit parts */
- HALF ks0 [32];
- HALF ks1 [32];
- HALF ks2 [32];
- HALF iv [2];
+ HALF ks0[32];
+ HALF ks1[32];
+ HALF ks2[32];
+ HALF iv[2];
DESDirection direction;
- DESFunc *worker;
+ DESFunc *worker;
};
-void DES_MakeSchedule( HALF * ks, const BYTE * key, DESDirection direction);
-void DES_Do1Block( HALF * ks, const BYTE * inbuf, BYTE * outbuf);
+void DES_MakeSchedule(HALF *ks, const BYTE *key, DESDirection direction);
+void DES_Do1Block(HALF *ks, const BYTE *inbuf, BYTE *outbuf);
#endif
diff --git a/lib/freebl/desblapi.c b/lib/freebl/desblapi.c
index 04a07cae7..c97f53961 100644
--- a/lib/freebl/desblapi.c
+++ b/lib/freebl/desblapi.c
@@ -20,113 +20,115 @@
#if defined(NSS_X86_OR_X64)
/* Intel X86 CPUs do unaligned loads and stores without complaint. */
#define COPY8B(to, from, ptr) \
- HALFPTR(to)[0] = HALFPTR(from)[0]; \
- HALFPTR(to)[1] = HALFPTR(from)[1];
+ HALFPTR(to) \
+ [0] = HALFPTR(from)[0]; \
+ HALFPTR(to) \
+ [1] = HALFPTR(from)[1];
#else
#define COPY8B(to, from, ptr) memcpy(to, from, 8)
#endif
#define COPY8BTOHALF(to, from) COPY8B(to, from, from)
#define COPY8BFROMHALF(to, from) COPY8B(to, from, to)
-static void
+static void
DES_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
{
while (len) {
- DES_Do1Block(cx->ks0, in, out);
- len -= 8;
- in += 8;
- out += 8;
+ DES_Do1Block(cx->ks0, in, out);
+ len -= 8;
+ in += 8;
+ out += 8;
}
}
-static void
+static void
DES_EDE3_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
{
while (len) {
- DES_Do1Block(cx->ks0, in, out);
- len -= 8;
- in += 8;
- DES_Do1Block(cx->ks1, out, out);
- DES_Do1Block(cx->ks2, out, out);
- out += 8;
+ DES_Do1Block(cx->ks0, in, out);
+ len -= 8;
+ in += 8;
+ DES_Do1Block(cx->ks1, out, out);
+ DES_Do1Block(cx->ks2, out, out);
+ out += 8;
}
}
-static void
+static void
DES_CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
{
- const BYTE * bufend = in + len;
- HALF vec[2];
+ const BYTE *bufend = in + len;
+ HALF vec[2];
while (in != bufend) {
- COPY8BTOHALF(vec, in);
- in += 8;
- vec[0] ^= cx->iv[0];
- vec[1] ^= cx->iv[1];
- DES_Do1Block( cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
- COPY8BFROMHALF(out, cx->iv);
- out += 8;
+ COPY8BTOHALF(vec, in);
+ in += 8;
+ vec[0] ^= cx->iv[0];
+ vec[1] ^= cx->iv[1];
+ DES_Do1Block(cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
+ COPY8BFROMHALF(out, cx->iv);
+ out += 8;
}
}
-static void
+static void
DES_CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
{
- const BYTE * bufend;
+ const BYTE *bufend;
HALF oldciphertext[2];
- HALF plaintext [2];
-
- for (bufend = in + len; in != bufend; ) {
- oldciphertext[0] = cx->iv[0];
- oldciphertext[1] = cx->iv[1];
- COPY8BTOHALF(cx->iv, in);
- in += 8;
- DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
- plaintext[0] ^= oldciphertext[0];
- plaintext[1] ^= oldciphertext[1];
- COPY8BFROMHALF(out, plaintext);
- out += 8;
+ HALF plaintext[2];
+
+ for (bufend = in + len; in != bufend;) {
+ oldciphertext[0] = cx->iv[0];
+ oldciphertext[1] = cx->iv[1];
+ COPY8BTOHALF(cx->iv, in);
+ in += 8;
+ DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
+ plaintext[0] ^= oldciphertext[0];
+ plaintext[1] ^= oldciphertext[1];
+ COPY8BFROMHALF(out, plaintext);
+ out += 8;
}
}
-static void
+static void
DES_EDE3CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
{
- const BYTE * bufend = in + len;
- HALF vec[2];
+ const BYTE *bufend = in + len;
+ HALF vec[2];
while (in != bufend) {
- COPY8BTOHALF(vec, in);
- in += 8;
- vec[0] ^= cx->iv[0];
- vec[1] ^= cx->iv[1];
- DES_Do1Block( cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
- DES_Do1Block( cx->ks1, (BYTE *)cx->iv, (BYTE *)cx->iv);
- DES_Do1Block( cx->ks2, (BYTE *)cx->iv, (BYTE *)cx->iv);
- COPY8BFROMHALF(out, cx->iv);
- out += 8;
+ COPY8BTOHALF(vec, in);
+ in += 8;
+ vec[0] ^= cx->iv[0];
+ vec[1] ^= cx->iv[1];
+ DES_Do1Block(cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
+ DES_Do1Block(cx->ks1, (BYTE *)cx->iv, (BYTE *)cx->iv);
+ DES_Do1Block(cx->ks2, (BYTE *)cx->iv, (BYTE *)cx->iv);
+ COPY8BFROMHALF(out, cx->iv);
+ out += 8;
}
}
-static void
+static void
DES_EDE3CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
{
- const BYTE * bufend;
+ const BYTE *bufend;
HALF oldciphertext[2];
- HALF plaintext [2];
-
- for (bufend = in + len; in != bufend; ) {
- oldciphertext[0] = cx->iv[0];
- oldciphertext[1] = cx->iv[1];
- COPY8BTOHALF(cx->iv, in);
- in += 8;
- DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
- DES_Do1Block(cx->ks1, (BYTE *)plaintext, (BYTE *)plaintext);
- DES_Do1Block(cx->ks2, (BYTE *)plaintext, (BYTE *)plaintext);
- plaintext[0] ^= oldciphertext[0];
- plaintext[1] ^= oldciphertext[1];
- COPY8BFROMHALF(out, plaintext);
- out += 8;
+ HALF plaintext[2];
+
+ for (bufend = in + len; in != bufend;) {
+ oldciphertext[0] = cx->iv[0];
+ oldciphertext[1] = cx->iv[1];
+ COPY8BTOHALF(cx->iv, in);
+ in += 8;
+ DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
+ DES_Do1Block(cx->ks1, (BYTE *)plaintext, (BYTE *)plaintext);
+ DES_Do1Block(cx->ks2, (BYTE *)plaintext, (BYTE *)plaintext);
+ plaintext[0] ^= oldciphertext[0];
+ plaintext[1] ^= oldciphertext[1];
+ COPY8BFROMHALF(out, plaintext);
+ out += 8;
}
}
@@ -136,74 +138,74 @@ DES_AllocateContext(void)
return PORT_ZNew(DESContext);
}
-SECStatus
+SECStatus
DES_InitContext(DESContext *cx, const unsigned char *key, unsigned int keylen,
- const unsigned char *iv, int mode, unsigned int encrypt,
- unsigned int unused)
+ const unsigned char *iv, int mode, unsigned int encrypt,
+ unsigned int unused)
{
DESDirection opposite;
if (!cx) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
cx->direction = encrypt ? DES_ENCRYPT : DES_DECRYPT;
- opposite = encrypt ? DES_DECRYPT : DES_ENCRYPT;
+ opposite = encrypt ? DES_DECRYPT : DES_ENCRYPT;
switch (mode) {
- case NSS_DES: /* DES ECB */
- DES_MakeSchedule( cx->ks0, key, cx->direction);
- cx->worker = &DES_ECB;
- break;
-
- case NSS_DES_EDE3: /* DES EDE ECB */
- cx->worker = &DES_EDE3_ECB;
- if (encrypt) {
- DES_MakeSchedule(cx->ks0, key, cx->direction);
- DES_MakeSchedule(cx->ks1, key + 8, opposite);
- DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
- } else {
- DES_MakeSchedule(cx->ks2, key, cx->direction);
- DES_MakeSchedule(cx->ks1, key + 8, opposite);
- DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
- }
- break;
-
- case NSS_DES_CBC: /* DES CBC */
- COPY8BTOHALF(cx->iv, iv);
- cx->worker = encrypt ? &DES_CBCEn : &DES_CBCDe;
- DES_MakeSchedule(cx->ks0, key, cx->direction);
- break;
-
- case NSS_DES_EDE3_CBC: /* DES EDE CBC */
- COPY8BTOHALF(cx->iv, iv);
- if (encrypt) {
- cx->worker = &DES_EDE3CBCEn;
- DES_MakeSchedule(cx->ks0, key, cx->direction);
- DES_MakeSchedule(cx->ks1, key + 8, opposite);
- DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
- } else {
- cx->worker = &DES_EDE3CBCDe;
- DES_MakeSchedule(cx->ks2, key, cx->direction);
- DES_MakeSchedule(cx->ks1, key + 8, opposite);
- DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
- }
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ case NSS_DES: /* DES ECB */
+ DES_MakeSchedule(cx->ks0, key, cx->direction);
+ cx->worker = &DES_ECB;
+ break;
+
+ case NSS_DES_EDE3: /* DES EDE ECB */
+ cx->worker = &DES_EDE3_ECB;
+ if (encrypt) {
+ DES_MakeSchedule(cx->ks0, key, cx->direction);
+ DES_MakeSchedule(cx->ks1, key + 8, opposite);
+ DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
+ } else {
+ DES_MakeSchedule(cx->ks2, key, cx->direction);
+ DES_MakeSchedule(cx->ks1, key + 8, opposite);
+ DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
+ }
+ break;
+
+ case NSS_DES_CBC: /* DES CBC */
+ COPY8BTOHALF(cx->iv, iv);
+ cx->worker = encrypt ? &DES_CBCEn : &DES_CBCDe;
+ DES_MakeSchedule(cx->ks0, key, cx->direction);
+ break;
+
+ case NSS_DES_EDE3_CBC: /* DES EDE CBC */
+ COPY8BTOHALF(cx->iv, iv);
+ if (encrypt) {
+ cx->worker = &DES_EDE3CBCEn;
+ DES_MakeSchedule(cx->ks0, key, cx->direction);
+ DES_MakeSchedule(cx->ks1, key + 8, opposite);
+ DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
+ } else {
+ cx->worker = &DES_EDE3CBCDe;
+ DES_MakeSchedule(cx->ks2, key, cx->direction);
+ DES_MakeSchedule(cx->ks1, key + 8, opposite);
+ DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
+ }
+ break;
+
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
}
DESContext *
-DES_CreateContext(const BYTE * key, const BYTE *iv, int mode, PRBool encrypt)
+DES_CreateContext(const BYTE *key, const BYTE *iv, int mode, PRBool encrypt)
{
DESContext *cx = PORT_ZNew(DESContext);
- SECStatus rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
+ SECStatus rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
if (rv != SECSuccess) {
- PORT_ZFree(cx, sizeof *cx);
- cx = NULL;
+ PORT_ZFree(cx, sizeof *cx);
+ cx = NULL;
}
return cx;
}
@@ -212,9 +214,9 @@ void
DES_DestroyContext(DESContext *cx, PRBool freeit)
{
if (cx) {
- memset(cx, 0, sizeof *cx);
- if (freeit)
- PORT_Free(cx);
+ memset(cx, 0, sizeof *cx);
+ if (freeit)
+ PORT_Free(cx);
}
}
@@ -223,15 +225,15 @@ DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
{
- if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
+ if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
cx->direction != DES_ENCRYPT) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
cx->worker(cx, out, in, inLen);
if (outLen)
- *outLen = inLen;
+ *outLen = inLen;
return SECSuccess;
}
@@ -240,14 +242,14 @@ DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
{
- if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
+ if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
cx->direction != DES_DECRYPT) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
cx->worker(cx, out, in, inLen);
if (outLen)
- *outLen = inLen;
+ *outLen = inLen;
return SECSuccess;
}
diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c
index 86ae90e68..97025c7e2 100644
--- a/lib/freebl/dh.c
+++ b/lib/freebl/dh.c
@@ -27,21 +27,21 @@ dh_GetSecretKeyLen(unsigned int primeLen)
{
/* Based on Table 2 in NIST SP 800-57. */
if (primeLen >= 1920) { /* 15360 bits */
- return 64; /* 512 bits */
+ return 64; /* 512 bits */
}
if (primeLen >= 960) { /* 7680 bits */
- return 48; /* 384 bits */
+ return 48; /* 384 bits */
}
if (primeLen >= 384) { /* 3072 bits */
- return 32; /* 256 bits */
+ return 32; /* 256 bits */
}
if (primeLen >= 256) { /* 2048 bits */
- return 28; /* 224 bits */
+ return 28; /* 224 bits */
}
- return 20; /* 160 bits */
+ return 20; /* 160 bits */
}
-SECStatus
+SECStatus
DH_GenParam(int primeLen, DHParams **params)
{
PLArenaPool *arena;
@@ -53,19 +53,19 @@ DH_GenParam(int primeLen, DHParams **params)
mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
if (!params || primeLen < 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
if (!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
}
dhparams = (DHParams *)PORT_ArenaZAlloc(arena, sizeof(DHParams));
if (!dhparams) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(arena, PR_TRUE);
+ return SECFailure;
}
dhparams->arena = arena;
MP_DIGITS(&p) = 0;
@@ -74,42 +74,42 @@ DH_GenParam(int primeLen, DHParams **params)
MP_DIGITS(&h) = 0;
MP_DIGITS(&psub1) = 0;
MP_DIGITS(&test) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&a) );
- CHECK_MPI_OK( mp_init(&h) );
- CHECK_MPI_OK( mp_init(&psub1) );
- CHECK_MPI_OK( mp_init(&test) );
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&a));
+ CHECK_MPI_OK(mp_init(&h));
+ CHECK_MPI_OK(mp_init(&psub1));
+ CHECK_MPI_OK(mp_init(&test));
/* generate prime with MPI, uses Miller-Rabin to generate strong prime. */
pb = PORT_Alloc(primeLen);
- CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
- pb[0] |= 0x80; /* set high-order bit */
- pb[primeLen-1] |= 0x01; /* set low-order bit */
- CHECK_MPI_OK( mp_read_unsigned_octets(&p, pb, primeLen) );
- CHECK_MPI_OK( mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter) );
+ CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(pb, primeLen));
+ pb[0] |= 0x80; /* set high-order bit */
+ pb[primeLen - 1] |= 0x01; /* set low-order bit */
+ CHECK_MPI_OK(mp_read_unsigned_octets(&p, pb, primeLen));
+ CHECK_MPI_OK(mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter));
/* construct Sophie-Germain prime q = (p-1)/2. */
- CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
- CHECK_MPI_OK( mp_div_2(&psub1, &q) );
+ CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
+ CHECK_MPI_OK(mp_div_2(&psub1, &q));
/* construct a generator from the prime. */
ab = PORT_Alloc(primeLen);
/* generate a candidate number a in p's field */
- CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(ab, primeLen) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&a, ab, primeLen) );
+ CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(ab, primeLen));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&a, ab, primeLen));
/* force a < p (note that quot(a/p) <= 1) */
- if ( mp_cmp(&a, &p) > 0 )
- CHECK_MPI_OK( mp_sub(&a, &p, &a) );
+ if (mp_cmp(&a, &p) > 0)
+ CHECK_MPI_OK(mp_sub(&a, &p, &a));
do {
- /* check that a is in the range [2..p-1] */
- if ( mp_cmp_d(&a, 2) < 0 || mp_cmp(&a, &psub1) >= 0) {
- /* a is outside of the allowed range. Set a=3 and keep going. */
+ /* check that a is in the range [2..p-1] */
+ if (mp_cmp_d(&a, 2) < 0 || mp_cmp(&a, &psub1) >= 0) {
+ /* a is outside of the allowed range. Set a=3 and keep going. */
mp_set(&a, 3);
- }
- /* if a**q mod p != 1 then a is a generator */
- CHECK_MPI_OK( mp_exptmod(&a, &q, &p, &test) );
- if ( mp_cmp_d(&test, 1) != 0 )
- break;
- /* increment the candidate and try again. */
- CHECK_MPI_OK( mp_add_d(&a, 1, &a) );
+ }
+ /* if a**q mod p != 1 then a is a generator */
+ CHECK_MPI_OK(mp_exptmod(&a, &q, &p, &test));
+ if (mp_cmp_d(&test, 1) != 0)
+ break;
+ /* increment the candidate and try again. */
+ CHECK_MPI_OK(mp_add_d(&a, 1, &a));
} while (PR_TRUE);
MPINT_TO_SECITEM(&p, &dhparams->prime, arena);
MPINT_TO_SECITEM(&a, &dhparams->base, arena);
@@ -121,65 +121,67 @@ cleanup:
mp_clear(&h);
mp_clear(&psub1);
mp_clear(&test);
- if (pb) PORT_ZFree(pb, primeLen);
- if (ab) PORT_ZFree(ab, primeLen);
+ if (pb)
+ PORT_ZFree(pb, primeLen);
+ if (ab)
+ PORT_ZFree(ab, primeLen);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv)
- PORT_FreeArena(arena, PR_TRUE);
+ PORT_FreeArena(arena, PR_TRUE);
return rv;
}
-SECStatus
+SECStatus
DH_NewKey(DHParams *params, DHPrivateKey **privKey)
{
PLArenaPool *arena;
DHPrivateKey *key;
mp_int g, xa, p, Ya;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
if (!params || !privKey) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
if (!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
}
key = (DHPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DHPrivateKey));
if (!key) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(arena, PR_TRUE);
+ return SECFailure;
}
key->arena = arena;
- MP_DIGITS(&g) = 0;
+ MP_DIGITS(&g) = 0;
MP_DIGITS(&xa) = 0;
- MP_DIGITS(&p) = 0;
+ MP_DIGITS(&p) = 0;
MP_DIGITS(&Ya) = 0;
- CHECK_MPI_OK( mp_init(&g) );
- CHECK_MPI_OK( mp_init(&xa) );
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&Ya) );
+ CHECK_MPI_OK(mp_init(&g));
+ CHECK_MPI_OK(mp_init(&xa));
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&Ya));
/* Set private key's p */
- CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->prime, &params->prime) );
+ CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->prime, &params->prime));
SECITEM_TO_MPINT(key->prime, &p);
/* Set private key's g */
- CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->base, &params->base) );
+ CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->base, &params->base));
SECITEM_TO_MPINT(key->base, &g);
/* Generate private key xa */
SECITEM_AllocItem(arena, &key->privateValue,
dh_GetSecretKeyLen(params->prime.len));
- CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(key->privateValue.data,
- key->privateValue.len));
- SECITEM_TO_MPINT( key->privateValue, &xa );
+ CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(key->privateValue.data,
+ key->privateValue.len));
+ SECITEM_TO_MPINT(key->privateValue, &xa);
/* xa < p */
- CHECK_MPI_OK( mp_mod(&xa, &p, &xa) );
+ CHECK_MPI_OK(mp_mod(&xa, &p, &xa));
/* Compute public key Ya = g ** xa mod p */
- CHECK_MPI_OK( mp_exptmod(&g, &xa, &p, &Ya) );
+ CHECK_MPI_OK(mp_exptmod(&g, &xa, &p, &Ya));
MPINT_TO_SECITEM(&Ya, &key->publicValue, key->arena);
*privKey = key;
cleanup:
@@ -188,21 +190,21 @@ cleanup:
mp_clear(&p);
mp_clear(&Ya);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv) {
- *privKey = NULL;
- PORT_FreeArena(arena, PR_TRUE);
+ *privKey = NULL;
+ PORT_FreeArena(arena, PR_TRUE);
}
return rv;
}
-SECStatus
-DH_Derive(SECItem *publicValue,
- SECItem *prime,
- SECItem *privateValue,
- SECItem *derivedSecret,
+SECStatus
+DH_Derive(SECItem *publicValue,
+ SECItem *prime,
+ SECItem *privateValue,
+ SECItem *derivedSecret,
unsigned int outBytes)
{
mp_int p, Xa, Yb, ZZ, psub1;
@@ -211,24 +213,24 @@ DH_Derive(SECItem *publicValue,
unsigned int nb;
unsigned char *secret = NULL;
if (!publicValue || !prime || !privateValue || !derivedSecret) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
memset(derivedSecret, 0, sizeof *derivedSecret);
- MP_DIGITS(&p) = 0;
+ MP_DIGITS(&p) = 0;
MP_DIGITS(&Xa) = 0;
MP_DIGITS(&Yb) = 0;
MP_DIGITS(&ZZ) = 0;
MP_DIGITS(&psub1) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&Xa) );
- CHECK_MPI_OK( mp_init(&Yb) );
- CHECK_MPI_OK( mp_init(&ZZ) );
- CHECK_MPI_OK( mp_init(&psub1) );
- SECITEM_TO_MPINT(*publicValue, &Yb);
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&Xa));
+ CHECK_MPI_OK(mp_init(&Yb));
+ CHECK_MPI_OK(mp_init(&ZZ));
+ CHECK_MPI_OK(mp_init(&psub1));
+ SECITEM_TO_MPINT(*publicValue, &Yb);
SECITEM_TO_MPINT(*privateValue, &Xa);
- SECITEM_TO_MPINT(*prime, &p);
- CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
+ SECITEM_TO_MPINT(*prime, &p);
+ CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
/* We assume that the modulus, p, is a safe prime. That is, p = 2q+1 where
* q is also a prime. Thus the orders of the subgroups are factors of 2q:
@@ -241,13 +243,13 @@ DH_Derive(SECItem *publicValue,
*
* Thus we must be operating in the subgroup of size q or 2q. */
if (mp_cmp_d(&Yb, 1) <= 0 ||
- mp_cmp(&Yb, &psub1) >= 0) {
- err = MP_BADARG;
- goto cleanup;
+ mp_cmp(&Yb, &psub1) >= 0) {
+ err = MP_BADARG;
+ goto cleanup;
}
/* ZZ = (Yb)**Xa mod p */
- CHECK_MPI_OK( mp_exptmod(&Yb, &Xa, &p, &ZZ) );
+ CHECK_MPI_OK(mp_exptmod(&Yb, &Xa, &p, &ZZ));
/* number of bytes in the derived secret */
len = mp_unsigned_octet_size(&ZZ);
if (len <= 0) {
@@ -275,32 +277,33 @@ DH_Derive(SECItem *publicValue,
/* allocate a buffer which can hold the entire derived secret. */
secret = PORT_Alloc(len);
if (secret == NULL) {
- err = MP_MEM;
- goto cleanup;
+ err = MP_MEM;
+ goto cleanup;
}
/* grab the derived secret */
err = mp_to_unsigned_octets(&ZZ, secret, len);
- if (err >= 0) err = MP_OKAY;
- /*
+ if (err >= 0)
+ err = MP_OKAY;
+ /*
** if outBytes is 0 take all of the bytes from the derived secret.
** if outBytes is not 0 take exactly outBytes from the derived secret, zero
- ** pad at the beginning if necessary, and truncate beginning bytes
+ ** pad at the beginning if necessary, and truncate beginning bytes
** if necessary.
*/
if (outBytes > 0)
- nb = outBytes;
+ nb = outBytes;
else
- nb = len;
- if (SECITEM_AllocItem(NULL, derivedSecret, nb) == NULL) {
- err = MP_MEM;
- goto cleanup;
+ nb = len;
+ if (SECITEM_AllocItem(NULL, derivedSecret, nb) == NULL) {
+ err = MP_MEM;
+ goto cleanup;
}
if (len < nb) {
- unsigned int offset = nb - len;
- memset(derivedSecret->data, 0, offset);
- memcpy(derivedSecret->data + offset, secret, len);
+ unsigned int offset = nb - len;
+ memset(derivedSecret->data, 0, offset);
+ memcpy(derivedSecret->data + offset, secret, len);
} else {
- memcpy(derivedSecret->data, secret + len - nb, nb);
+ memcpy(derivedSecret->data, secret + len - nb, nb);
}
cleanup:
mp_clear(&p);
@@ -309,23 +312,23 @@ cleanup:
mp_clear(&ZZ);
mp_clear(&psub1);
if (secret) {
- /* free the buffer allocated for the full secret. */
- PORT_ZFree(secret, len);
+ /* free the buffer allocated for the full secret. */
+ PORT_ZFree(secret, len);
}
if (err) {
- MP_TO_SEC_ERROR(err);
- if (derivedSecret->data)
- PORT_ZFree(derivedSecret->data, derivedSecret->len);
- return SECFailure;
+ MP_TO_SEC_ERROR(err);
+ if (derivedSecret->data)
+ PORT_ZFree(derivedSecret->data, derivedSecret->len);
+ return SECFailure;
}
return SECSuccess;
}
-SECStatus
-KEA_Derive(SECItem *prime,
- SECItem *public1,
- SECItem *public2,
- SECItem *private1,
+SECStatus
+KEA_Derive(SECItem *prime,
+ SECItem *public1,
+ SECItem *public2,
+ SECItem *private1,
SECItem *private2,
SECItem *derivedSecret)
{
@@ -335,8 +338,8 @@ KEA_Derive(SECItem *prime,
unsigned int len = 0, offset;
if (!prime || !public1 || !public2 || !private1 || !private2 ||
!derivedSecret) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
memset(derivedSecret, 0, sizeof *derivedSecret);
MP_DIGITS(&p) = 0;
@@ -347,49 +350,49 @@ KEA_Derive(SECItem *prime,
MP_DIGITS(&t) = 0;
MP_DIGITS(&u) = 0;
MP_DIGITS(&w) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&Y) );
- CHECK_MPI_OK( mp_init(&R) );
- CHECK_MPI_OK( mp_init(&r) );
- CHECK_MPI_OK( mp_init(&x) );
- CHECK_MPI_OK( mp_init(&t) );
- CHECK_MPI_OK( mp_init(&u) );
- CHECK_MPI_OK( mp_init(&w) );
- SECITEM_TO_MPINT(*prime, &p);
- SECITEM_TO_MPINT(*public1, &Y);
- SECITEM_TO_MPINT(*public2, &R);
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&Y));
+ CHECK_MPI_OK(mp_init(&R));
+ CHECK_MPI_OK(mp_init(&r));
+ CHECK_MPI_OK(mp_init(&x));
+ CHECK_MPI_OK(mp_init(&t));
+ CHECK_MPI_OK(mp_init(&u));
+ CHECK_MPI_OK(mp_init(&w));
+ SECITEM_TO_MPINT(*prime, &p);
+ SECITEM_TO_MPINT(*public1, &Y);
+ SECITEM_TO_MPINT(*public2, &R);
SECITEM_TO_MPINT(*private1, &r);
SECITEM_TO_MPINT(*private2, &x);
/* t = DH(Y, r, p) = Y ** r mod p */
- CHECK_MPI_OK( mp_exptmod(&Y, &r, &p, &t) );
+ CHECK_MPI_OK(mp_exptmod(&Y, &r, &p, &t));
/* u = DH(R, x, p) = R ** x mod p */
- CHECK_MPI_OK( mp_exptmod(&R, &x, &p, &u) );
+ CHECK_MPI_OK(mp_exptmod(&R, &x, &p, &u));
/* w = (t + u) mod p */
- CHECK_MPI_OK( mp_addmod(&t, &u, &p, &w) );
+ CHECK_MPI_OK(mp_addmod(&t, &u, &p, &w));
/* allocate a buffer for the full derived secret */
len = mp_unsigned_octet_size(&w);
secret = PORT_Alloc(len);
if (secret == NULL) {
- err = MP_MEM;
- goto cleanup;
+ err = MP_MEM;
+ goto cleanup;
}
/* grab the secret */
err = mp_to_unsigned_octets(&w, secret, len);
- if (err > 0) err = MP_OKAY;
+ if (err > 0)
+ err = MP_OKAY;
/* allocate output buffer */
- if (SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN)
- == NULL) {
- err = MP_MEM;
- goto cleanup;
+ if (SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN) == NULL) {
+ err = MP_MEM;
+ goto cleanup;
}
memset(derivedSecret->data, 0, derivedSecret->len);
/* copy in the 128 lsb of the secret */
if (len >= KEA_DERIVED_SECRET_LEN) {
- memcpy(derivedSecret->data, secret + (len - KEA_DERIVED_SECRET_LEN),
- KEA_DERIVED_SECRET_LEN);
+ memcpy(derivedSecret->data, secret + (len - KEA_DERIVED_SECRET_LEN),
+ KEA_DERIVED_SECRET_LEN);
} else {
- offset = KEA_DERIVED_SECRET_LEN - len;
- memcpy(derivedSecret->data + offset, secret, len);
+ offset = KEA_DERIVED_SECRET_LEN - len;
+ memcpy(derivedSecret->data + offset, secret, len);
}
cleanup:
mp_clear(&p);
@@ -401,39 +404,39 @@ cleanup:
mp_clear(&u);
mp_clear(&w);
if (secret)
- PORT_ZFree(secret, len);
+ PORT_ZFree(secret, len);
if (err) {
- MP_TO_SEC_ERROR(err);
- if (derivedSecret->data)
- PORT_ZFree(derivedSecret->data, derivedSecret->len);
- return SECFailure;
+ MP_TO_SEC_ERROR(err);
+ if (derivedSecret->data)
+ PORT_ZFree(derivedSecret->data, derivedSecret->len);
+ return SECFailure;
}
return SECSuccess;
}
-PRBool
+PRBool
KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
{
mp_int p, q, y, r;
mp_err err;
- int cmp = 1; /* default is false */
+ int cmp = 1; /* default is false */
if (!Y || !prime || !subPrime) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
MP_DIGITS(&p) = 0;
MP_DIGITS(&q) = 0;
MP_DIGITS(&y) = 0;
MP_DIGITS(&r) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&y) );
- CHECK_MPI_OK( mp_init(&r) );
- SECITEM_TO_MPINT(*prime, &p);
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&y));
+ CHECK_MPI_OK(mp_init(&r));
+ SECITEM_TO_MPINT(*prime, &p);
SECITEM_TO_MPINT(*subPrime, &q);
- SECITEM_TO_MPINT(*Y, &y);
+ SECITEM_TO_MPINT(*Y, &y);
/* compute r = y**q mod p */
- CHECK_MPI_OK( mp_exptmod(&y, &q, &p, &r) );
+ CHECK_MPI_OK(mp_exptmod(&y, &q, &p, &r));
/* compare to 1 */
cmp = mp_cmp_d(&r, 1);
cleanup:
@@ -442,8 +445,8 @@ cleanup:
mp_clear(&y);
mp_clear(&r);
if (err) {
- MP_TO_SEC_ERROR(err);
- return PR_FALSE;
+ MP_TO_SEC_ERROR(err);
+ return PR_FALSE;
}
return (cmp == 0) ? PR_TRUE : PR_FALSE;
}
diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c
index 7797b0170..8d1532f36 100644
--- a/lib/freebl/drbg.c
+++ b/lib/freebl/drbg.c
@@ -17,24 +17,24 @@
#include "secitem.h"
#include "sha_fast.h"
#include "sha256.h"
-#include "secrng.h" /* for RNG_SystemRNG() */
+#include "secrng.h" /* for RNG_SystemRNG() */
#include "secmpi.h"
-/* PRNG_SEEDLEN defined in NIST SP 800-90 section 10.1
+/* PRNG_SEEDLEN defined in NIST SP 800-90 section 10.1
* for SHA-1, SHA-224, and SHA-256 it's 440 bits.
* for SHA-384 and SHA-512 it's 888 bits */
-#define PRNG_SEEDLEN (440/PR_BITS_PER_BYTE)
+#define PRNG_SEEDLEN (440 / PR_BITS_PER_BYTE)
#define PRNG_MAX_ADDITIONAL_BYTES PR_INT64(0x100000000)
- /* 2^35 bits or 2^32 bytes */
-#define PRNG_MAX_REQUEST_SIZE 0x10000 /* 2^19 bits or 2^16 bytes */
-#define PRNG_ADDITONAL_DATA_CACHE_SIZE (8*1024) /* must be less than
- * PRNG_MAX_ADDITIONAL_BYTES
- */
+/* 2^35 bits or 2^32 bytes */
+#define PRNG_MAX_REQUEST_SIZE 0x10000 /* 2^19 bits or 2^16 bytes */
+#define PRNG_ADDITONAL_DATA_CACHE_SIZE (8 * 1024) /* must be less than \
+ * PRNG_MAX_ADDITIONAL_BYTES \
+ */
-/* RESEED_COUNT is how many calls to the prng before we need to reseed
+/* RESEED_COUNT is how many calls to the prng before we need to reseed
* under normal NIST rules, you must return an error. In the NSS case, we
* self-reseed with RNG_SystemRNG(). Count can be a large number. For code
- * simplicity, we specify count with 2 components: RESEED_BYTE (which is
+ * simplicity, we specify count with 2 components: RESEED_BYTE (which is
* the same as LOG256(RESEED_COUNT)) and RESEED_VALUE (which is the same as
* RESEED_COUNT / (256 ^ RESEED_BYTE)). Another way to look at this is
* RESEED_COUNT = RESEED_VALUE * (256 ^ RESEED_BYTE). For Hash based DRBG
@@ -43,67 +43,65 @@
#define RESEED_BYTE 6
#define RESEED_VALUE 1
-#define PRNG_RESET_RESEED_COUNT(rng) \
- PORT_Memset((rng)->reseed_counter, 0, sizeof (rng)->reseed_counter); \
- (rng)->reseed_counter[RESEED_BYTE] = 1;
-
+#define PRNG_RESET_RESEED_COUNT(rng) \
+ PORT_Memset((rng)->reseed_counter, 0, sizeof(rng)->reseed_counter); \
+ (rng)->reseed_counter[RESEED_BYTE] = 1;
/*
* The actual values of this enum are specified in SP 800-90, 10.1.1.*
- * The spec does not name the types, it only uses bare values
+ * The spec does not name the types, it only uses bare values
*/
typedef enum {
- prngCGenerateType = 0, /* used when creating a new 'C' */
- prngReseedType = 1, /* used in reseeding */
- prngAdditionalDataType = 2, /* used in mixing additional data */
- prngGenerateByteType = 3 /* used when mixing internal state while
- * generating bytes */
+ prngCGenerateType = 0, /* used when creating a new 'C' */
+ prngReseedType = 1, /* used in reseeding */
+ prngAdditionalDataType = 2, /* used in mixing additional data */
+ prngGenerateByteType = 3 /* used when mixing internal state while
+ * generating bytes */
} prngVTypes;
/*
* Global RNG context
- */
+ */
struct RNGContextStr {
- PZLock *lock; /* Lock to serialize access to global rng */
+ PZLock *lock; /* Lock to serialize access to global rng */
/*
- * NOTE, a number of steps in the drbg algorithm need to hash
- * V_type || V. The code, therefore, depends on the V array following
+ * NOTE, a number of steps in the drbg algorithm need to hash
+ * V_type || V. The code, therefore, depends on the V array following
* immediately after V_type to avoid extra copies. To accomplish this
* in a way that compiliers can't perturb, we declare V_type and V
* as a V_Data array and reference them by macros */
- PRUint8 V_Data[PRNG_SEEDLEN+1]; /* internal state variables */
-#define V_type V_Data[0]
-#define V(rng) (((rng)->V_Data)+1)
-#define VSize(rng) ((sizeof (rng)->V_Data) -1)
- PRUint8 C[PRNG_SEEDLEN]; /* internal state variables */
- PRUint8 lastOutput[SHA256_LENGTH]; /* for continuous rng checking */
+ PRUint8 V_Data[PRNG_SEEDLEN + 1]; /* internal state variables */
+#define V_type V_Data[0]
+#define V(rng) (((rng)->V_Data) + 1)
+#define VSize(rng) ((sizeof(rng)->V_Data) - 1)
+ PRUint8 C[PRNG_SEEDLEN]; /* internal state variables */
+ PRUint8 lastOutput[SHA256_LENGTH]; /* for continuous rng checking */
/* If we get calls for the PRNG to return less than the length of our
* hash, we extend the request for a full hash (since we'll be doing
* the full hash anyway). Future requests for random numbers are fulfilled
* from the remainder of the bytes we generated. Requests for bytes longer
* than the hash size are fulfilled directly from the HashGen function
* of the random number generator. */
- PRUint8 reseed_counter[RESEED_BYTE+1]; /* number of requests since the
- * last reseed. Need only be
- * big enough to hold the whole
- * reseed count */
- PRUint8 data[SHA256_LENGTH]; /* when we request less than a block
- * save the rest of the rng output for
- * another partial block */
- PRUint8 dataAvail; /* # bytes of output available in our cache,
- * [0...SHA256_LENGTH] */
+ PRUint8 reseed_counter[RESEED_BYTE + 1]; /* number of requests since the
+ * last reseed. Need only be
+ * big enough to hold the whole
+ * reseed count */
+ PRUint8 data[SHA256_LENGTH]; /* when we request less than a block
+ * save the rest of the rng output for
+ * another partial block */
+ PRUint8 dataAvail; /* # bytes of output available in our cache,
+ * [0...SHA256_LENGTH] */
/* store additional data that has been shovelled off to us by
* RNG_RandomUpdate. */
- PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE];
+ PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE];
PRUint32 additionalAvail;
- PRBool isValid; /* false if RNG reaches an invalid state */
+ PRBool isValid; /* false if RNG reaches an invalid state */
};
typedef struct RNGContextStr RNGContext;
static RNGContext *globalrng = NULL;
static RNGContext theGlobalRng;
-
/*
* The next several functions are derived from the NIST SP 800-90
* spec. In these functions, an attempt was made to use names consistent
@@ -113,41 +111,40 @@ static RNGContext theGlobalRng;
/*
* Hash Derive function defined in NISP SP 800-90 Section 10.4.1.
* This function is used in the Instantiate and Reseed functions.
- *
+ *
* NOTE: requested_bytes cannot overlap with input_string_1 or input_string_2.
- * input_string_1 and input_string_2 are logically concatentated.
+ * input_string_1 and input_string_2 are logically concatentated.
* input_string_1 must be supplied.
* if input_string_2 is not supplied, NULL should be passed for this parameter.
*/
static SECStatus
-prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return,
- const PRUint8 *input_string_1, unsigned int input_string_1_len,
- const PRUint8 *input_string_2, unsigned int input_string_2_len)
+prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return,
+ const PRUint8 *input_string_1, unsigned int input_string_1_len,
+ const PRUint8 *input_string_2, unsigned int input_string_2_len)
{
SHA256Context ctx;
PRUint32 tmp;
PRUint8 counter;
- tmp=SHA_HTONL(no_of_bytes_to_return*8);
-
- for (counter = 1 ; no_of_bytes_to_return > 0; counter++) {
- unsigned int hash_return_len;
- SHA256_Begin(&ctx);
- SHA256_Update(&ctx, &counter, 1);
- SHA256_Update(&ctx, (unsigned char *)&tmp, sizeof tmp);
- SHA256_Update(&ctx, input_string_1, input_string_1_len);
- if (input_string_2) {
- SHA256_Update(&ctx, input_string_2, input_string_2_len);
- }
- SHA256_End(&ctx, requested_bytes, &hash_return_len,
- no_of_bytes_to_return);
- requested_bytes += hash_return_len;
- no_of_bytes_to_return -= hash_return_len;
+ tmp = SHA_HTONL(no_of_bytes_to_return * 8);
+
+ for (counter = 1; no_of_bytes_to_return > 0; counter++) {
+ unsigned int hash_return_len;
+ SHA256_Begin(&ctx);
+ SHA256_Update(&ctx, &counter, 1);
+ SHA256_Update(&ctx, (unsigned char *)&tmp, sizeof tmp);
+ SHA256_Update(&ctx, input_string_1, input_string_1_len);
+ if (input_string_2) {
+ SHA256_Update(&ctx, input_string_2, input_string_2_len);
+ }
+ SHA256_End(&ctx, requested_bytes, &hash_return_len,
+ no_of_bytes_to_return);
+ requested_bytes += hash_return_len;
+ no_of_bytes_to_return -= hash_return_len;
}
return SECSuccess;
}
-
/*
* Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2
*
@@ -158,18 +155,17 @@ static SECStatus
prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len)
{
if (len < PRNG_SEEDLEN) {
- /* if the seedlen is to small, it's probably because we failed to get
- * enough random data */
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- return SECFailure;
+ /* if the seedlen is to small, it's probably because we failed to get
+ * enough random data */
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ return SECFailure;
}
prng_Hash_df(V(rng), VSize(rng), bytes, len, NULL, 0);
rng->V_type = prngCGenerateType;
- prng_Hash_df(rng->C,sizeof rng->C,rng->V_Data,sizeof rng->V_Data,NULL,0);
+ prng_Hash_df(rng->C, sizeof rng->C, rng->V_Data, sizeof rng->V_Data, NULL, 0);
PRNG_RESET_RESEED_COUNT(rng)
return SECSuccess;
}
-
/*
* Update the global random number generator with more seeding
@@ -180,45 +176,45 @@ prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len)
*/
static SECStatus
prng_reseed(RNGContext *rng, const PRUint8 *entropy, unsigned int entropy_len,
- const PRUint8 *additional_input, unsigned int additional_input_len)
+ const PRUint8 *additional_input, unsigned int additional_input_len)
{
- PRUint8 noiseData[(sizeof rng->V_Data)+PRNG_SEEDLEN];
+ PRUint8 noiseData[(sizeof rng->V_Data) + PRNG_SEEDLEN];
PRUint8 *noise = &noiseData[0];
/* if entropy wasn't supplied, fetch it. (normal operation case) */
if (entropy == NULL) {
- entropy_len = (unsigned int) RNG_SystemRNG(
- &noiseData[sizeof rng->V_Data], PRNG_SEEDLEN);
+ entropy_len = (unsigned int)RNG_SystemRNG(
+ &noiseData[sizeof rng->V_Data], PRNG_SEEDLEN);
} else {
- /* NOTE: this code is only available for testing, not to applications */
- /* if entropy was too big for the stack variable, get it from malloc */
- if (entropy_len > PRNG_SEEDLEN) {
- noise = PORT_Alloc(entropy_len + (sizeof rng->V_Data));
- if (noise == NULL) {
- return SECFailure;
- }
- }
- PORT_Memcpy(&noise[sizeof rng->V_Data],entropy, entropy_len);
+ /* NOTE: this code is only available for testing, not to applications */
+ /* if entropy was too big for the stack variable, get it from malloc */
+ if (entropy_len > PRNG_SEEDLEN) {
+ noise = PORT_Alloc(entropy_len + (sizeof rng->V_Data));
+ if (noise == NULL) {
+ return SECFailure;
+ }
+ }
+ PORT_Memcpy(&noise[sizeof rng->V_Data], entropy, entropy_len);
}
- if (entropy_len < 256/PR_BITS_PER_BYTE) {
- /* noise == &noiseData[0] at this point, so nothing to free */
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- return SECFailure;
+ if (entropy_len < 256 / PR_BITS_PER_BYTE) {
+ /* noise == &noiseData[0] at this point, so nothing to free */
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ return SECFailure;
}
rng->V_type = prngReseedType;
PORT_Memcpy(noise, rng->V_Data, sizeof rng->V_Data);
prng_Hash_df(V(rng), VSize(rng), noise, (sizeof rng->V_Data) + entropy_len,
- additional_input, additional_input_len);
+ additional_input, additional_input_len);
/* clear potential CSP */
- PORT_Memset(noise, 0, (sizeof rng->V_Data) + entropy_len);
+ PORT_Memset(noise, 0, (sizeof rng->V_Data) + entropy_len);
rng->V_type = prngCGenerateType;
- prng_Hash_df(rng->C,sizeof rng->C,rng->V_Data,sizeof rng->V_Data,NULL,0);
+ prng_Hash_df(rng->C, sizeof rng->C, rng->V_Data, sizeof rng->V_Data, NULL, 0);
PRNG_RESET_RESEED_COUNT(rng)
if (noise != &noiseData[0]) {
- PORT_Free(noise);
+ PORT_Free(noise);
}
return SECSuccess;
}
@@ -227,63 +223,63 @@ prng_reseed(RNGContext *rng, const PRUint8 *entropy, unsigned int entropy_len,
* SP 800-90 requires we rerun our health tests on reseed
*/
static SECStatus
-prng_reseed_test(RNGContext *rng, const PRUint8 *entropy,
- unsigned int entropy_len, const PRUint8 *additional_input,
- unsigned int additional_input_len)
+prng_reseed_test(RNGContext *rng, const PRUint8 *entropy,
+ unsigned int entropy_len, const PRUint8 *additional_input,
+ unsigned int additional_input_len)
{
SECStatus rv;
/* do health checks in FIPS mode */
rv = PRNGTEST_RunHealthTests();
if (rv != SECSuccess) {
- /* error set by PRNGTEST_RunHealTests() */
- rng->isValid = PR_FALSE;
- return SECFailure;
+ /* error set by PRNGTEST_RunHealTests() */
+ rng->isValid = PR_FALSE;
+ return SECFailure;
}
- return prng_reseed(rng, entropy, entropy_len,
- additional_input, additional_input_len);
+ return prng_reseed(rng, entropy, entropy_len,
+ additional_input, additional_input_len);
}
/*
* build some fast inline functions for adding.
*/
-#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \
- { \
- int k1; \
+#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \
+ { \
+ int k1; \
for (k1 = start; carry && k1 >= 0; k1--) { \
- carry = !(++dest[k1]); \
- } \
+ carry = !(++dest[k1]); \
+ } \
}
/*
* NOTE: dest must be an array for the following to work.
*/
-#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
- carry = 0; \
- PORT_Assert((dest_len) >= (len)); \
- { \
- int k1, k2; \
+#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
+ carry = 0; \
+ PORT_Assert((dest_len) >= (len)); \
+ { \
+ int k1, k2; \
for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \
- carry += dest[k1] + add[k2]; \
- dest[k1] = (PRUint8) carry; \
- carry >>= 8; \
- } \
+ carry += dest[k1] + add[k2]; \
+ dest[k1] = (PRUint8)carry; \
+ carry >>= 8; \
+ } \
}
#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
- PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
+ PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
/*
* This function expands the internal state of the prng to fulfill any number
* of bytes we need for this request. We only use this call if we need more
- * than can be supplied by a single call to SHA256_HashBuf.
+ * than can be supplied by a single call to SHA256_HashBuf.
*
* This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen
*/
static void
-prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes,
- unsigned int no_of_returned_bytes)
+prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes,
+ unsigned int no_of_returned_bytes)
{
PRUint8 data[VSize(rng)];
PRUint8 thisHash[SHA256_LENGTH];
@@ -291,100 +287,100 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes,
PORT_Memcpy(data, V(rng), VSize(rng));
while (no_of_returned_bytes) {
- SHA256Context ctx;
- unsigned int len;
- unsigned int carry;
-
- SHA256_Begin(&ctx);
- SHA256_Update(&ctx, data, sizeof data);
- SHA256_End(&ctx, thisHash, &len, SHA256_LENGTH);
- if (PORT_Memcmp(lastHash, thisHash, len) == 0) {
- rng->isValid = PR_FALSE;
- break;
- }
- if (no_of_returned_bytes < SHA256_LENGTH) {
- len = no_of_returned_bytes;
- }
- PORT_Memcpy(returned_bytes, thisHash, len);
- lastHash = returned_bytes;
- returned_bytes += len;
- no_of_returned_bytes -= len;
- /* The carry parameter is a bool (increment or not).
- * This increments data if no_of_returned_bytes is not zero */
+ SHA256Context ctx;
+ unsigned int len;
+ unsigned int carry;
+
+ SHA256_Begin(&ctx);
+ SHA256_Update(&ctx, data, sizeof data);
+ SHA256_End(&ctx, thisHash, &len, SHA256_LENGTH);
+ if (PORT_Memcmp(lastHash, thisHash, len) == 0) {
+ rng->isValid = PR_FALSE;
+ break;
+ }
+ if (no_of_returned_bytes < SHA256_LENGTH) {
+ len = no_of_returned_bytes;
+ }
+ PORT_Memcpy(returned_bytes, thisHash, len);
+ lastHash = returned_bytes;
+ returned_bytes += len;
+ no_of_returned_bytes -= len;
+ /* The carry parameter is a bool (increment or not).
+ * This increments data if no_of_returned_bytes is not zero */
carry = no_of_returned_bytes;
- PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry);
+ PRNG_ADD_CARRY_ONLY(data, (sizeof data) - 1, carry);
}
PORT_Memcpy(rng->lastOutput, thisHash, SHA256_LENGTH);
- PORT_Memset(data, 0, sizeof data);
- PORT_Memset(thisHash, 0, sizeof thisHash);
+ PORT_Memset(data, 0, sizeof data);
+ PORT_Memset(thisHash, 0, sizeof thisHash);
}
-/*
- * Generates new random bytes and advances the internal prng state.
+/*
+ * Generates new random bytes and advances the internal prng state.
* additional bytes are only used in algorithm testing.
- *
+ *
* This function is specified in NIST SP 800-90 section 10.1.1.4
*/
static SECStatus
-prng_generateNewBytes(RNGContext *rng,
- PRUint8 *returned_bytes, unsigned int no_of_returned_bytes,
- const PRUint8 *additional_input,
- unsigned int additional_input_len)
+prng_generateNewBytes(RNGContext *rng,
+ PRUint8 *returned_bytes, unsigned int no_of_returned_bytes,
+ const PRUint8 *additional_input,
+ unsigned int additional_input_len)
{
- PRUint8 H[SHA256_LENGTH]; /* both H and w since they
- * aren't used concurrently */
+ PRUint8 H[SHA256_LENGTH]; /* both H and w since they
+ * aren't used concurrently */
unsigned int carry;
if (!rng->isValid) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
/* This code only triggers during tests, normal
* prng operation does not use additional_input */
- if (additional_input){
- SHA256Context ctx;
- /* NIST SP 800-90 defines two temporaries in their calculations,
- * w and H. These temporaries are the same lengths, and used
- * at different times, so we use the following macro to collapse
- * them to the same variable, but keeping their unique names for
- * easy comparison to the spec */
+ if (additional_input) {
+ SHA256Context ctx;
+/* NIST SP 800-90 defines two temporaries in their calculations,
+ * w and H. These temporaries are the same lengths, and used
+ * at different times, so we use the following macro to collapse
+ * them to the same variable, but keeping their unique names for
+ * easy comparison to the spec */
#define w H
- rng->V_type = prngAdditionalDataType;
- SHA256_Begin(&ctx);
- SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data);
- SHA256_Update(&ctx, additional_input, additional_input_len);
- SHA256_End(&ctx, w, NULL, sizeof w);
- PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry)
- PORT_Memset(w, 0, sizeof w);
-#undef w
+ rng->V_type = prngAdditionalDataType;
+ SHA256_Begin(&ctx);
+ SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data);
+ SHA256_Update(&ctx, additional_input, additional_input_len);
+ SHA256_End(&ctx, w, NULL, sizeof w);
+ PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry)
+ PORT_Memset(w, 0, sizeof w);
+#undef w
}
if (no_of_returned_bytes == SHA256_LENGTH) {
- /* short_cut to hashbuf and a couple of copies and clears */
- SHA256_HashBuf(returned_bytes, V(rng), VSize(rng) );
- /* continuous rng check */
- if (memcmp(rng->lastOutput, returned_bytes, SHA256_LENGTH) == 0) {
- rng->isValid = PR_FALSE;
- }
- PORT_Memcpy(rng->lastOutput, returned_bytes, sizeof rng->lastOutput);
+ /* short_cut to hashbuf and a couple of copies and clears */
+ SHA256_HashBuf(returned_bytes, V(rng), VSize(rng));
+ /* continuous rng check */
+ if (memcmp(rng->lastOutput, returned_bytes, SHA256_LENGTH) == 0) {
+ rng->isValid = PR_FALSE;
+ }
+ PORT_Memcpy(rng->lastOutput, returned_bytes, sizeof rng->lastOutput);
} else {
- prng_Hashgen(rng, returned_bytes, no_of_returned_bytes);
+ prng_Hashgen(rng, returned_bytes, no_of_returned_bytes);
}
/* advance our internal state... */
rng->V_type = prngGenerateByteType;
SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data);
PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry)
PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry);
- PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter,
- sizeof rng->reseed_counter, carry)
+ PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter,
+ sizeof rng->reseed_counter, carry)
carry = 1;
- PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry);
+ PRNG_ADD_CARRY_ONLY(rng->reseed_counter, (sizeof rng->reseed_counter) - 1, carry);
/* if the prng failed, don't return any output, signal softoken */
if (!rng->isValid) {
- PORT_Memset(returned_bytes, 0, no_of_returned_bytes);
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_Memset(returned_bytes, 0, no_of_returned_bytes);
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
return SECSuccess;
}
@@ -394,59 +390,60 @@ prng_generateNewBytes(RNGContext *rng,
*/
static const PRCallOnceType pristineCallOnce;
static PRCallOnceType coRNGInit;
-static PRStatus rng_init(void)
+static PRStatus
+rng_init(void)
{
- PRUint8 bytes[PRNG_SEEDLEN*2]; /* entropy + nonce */
+ PRUint8 bytes[PRNG_SEEDLEN * 2]; /* entropy + nonce */
unsigned int numBytes;
SECStatus rv = SECSuccess;
if (globalrng == NULL) {
- /* bytes needs to have enough space to hold
- * a SHA256 hash value. Blow up at compile time if this isn't true */
- PR_STATIC_ASSERT(sizeof(bytes) >= SHA256_LENGTH);
- /* create a new global RNG context */
- globalrng = &theGlobalRng;
+ /* bytes needs to have enough space to hold
+ * a SHA256 hash value. Blow up at compile time if this isn't true */
+ PR_STATIC_ASSERT(sizeof(bytes) >= SHA256_LENGTH);
+ /* create a new global RNG context */
+ globalrng = &theGlobalRng;
PORT_Assert(NULL == globalrng->lock);
- /* create a lock for it */
- globalrng->lock = PZ_NewLock(nssILockOther);
- if (globalrng->lock == NULL) {
- globalrng = NULL;
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return PR_FAILURE;
- }
-
- /* Try to get some seed data for the RNG */
- numBytes = (unsigned int) RNG_SystemRNG(bytes, sizeof bytes);
- PORT_Assert(numBytes == 0 || numBytes == sizeof bytes);
- if (numBytes != 0) {
- /* if this is our first call, instantiate, otherwise reseed
- * prng_instantiate gets a new clean state, we want to mix
- * any previous entropy we may have collected */
- if (V(globalrng)[0] == 0) {
- rv = prng_instantiate(globalrng, bytes, numBytes);
- } else {
- rv = prng_reseed_test(globalrng, bytes, numBytes, NULL, 0);
- }
- memset(bytes, 0, numBytes);
- } else {
- PZ_DestroyLock(globalrng->lock);
- globalrng->lock = NULL;
- globalrng = NULL;
- return PR_FAILURE;
- }
-
- if (rv != SECSuccess) {
- return PR_FAILURE;
- }
- /* the RNG is in a valid state */
- globalrng->isValid = PR_TRUE;
-
- /* fetch one random value so that we can populate rng->oldV for our
- * continous random number test. */
- prng_generateNewBytes(globalrng, bytes, SHA256_LENGTH, NULL, 0);
-
- /* Fetch more entropy into the PRNG */
- RNG_SystemInfoForRNG();
+ /* create a lock for it */
+ globalrng->lock = PZ_NewLock(nssILockOther);
+ if (globalrng->lock == NULL) {
+ globalrng = NULL;
+ PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+ return PR_FAILURE;
+ }
+
+ /* Try to get some seed data for the RNG */
+ numBytes = (unsigned int)RNG_SystemRNG(bytes, sizeof bytes);
+ PORT_Assert(numBytes == 0 || numBytes == sizeof bytes);
+ if (numBytes != 0) {
+ /* if this is our first call, instantiate, otherwise reseed
+ * prng_instantiate gets a new clean state, we want to mix
+ * any previous entropy we may have collected */
+ if (V(globalrng)[0] == 0) {
+ rv = prng_instantiate(globalrng, bytes, numBytes);
+ } else {
+ rv = prng_reseed_test(globalrng, bytes, numBytes, NULL, 0);
+ }
+ memset(bytes, 0, numBytes);
+ } else {
+ PZ_DestroyLock(globalrng->lock);
+ globalrng->lock = NULL;
+ globalrng = NULL;
+ return PR_FAILURE;
+ }
+
+ if (rv != SECSuccess) {
+ return PR_FAILURE;
+ }
+ /* the RNG is in a valid state */
+ globalrng->isValid = PR_TRUE;
+
+ /* fetch one random value so that we can populate rng->oldV for our
+ * continous random number test. */
+ prng_generateNewBytes(globalrng, bytes, SHA256_LENGTH, NULL, 0);
+
+ /* Fetch more entropy into the PRNG */
+ RNG_SystemInfoForRNG();
}
return PR_SUCCESS;
}
@@ -463,12 +460,12 @@ prng_freeRNGContext(RNGContext *rng)
SKIP_AFTER_FORK(PZ_DestroyLock(globalrng->lock));
/* zero global RNG context except for C & V to preserve entropy */
- prng_Hash_df(inputhash, sizeof rng->C, rng->C, sizeof rng->C, NULL, 0);
- prng_Hash_df(&inputhash[sizeof rng->C], VSize(rng), V(rng), VSize(rng),
- NULL, 0);
+ prng_Hash_df(inputhash, sizeof rng->C, rng->C, sizeof rng->C, NULL, 0);
+ prng_Hash_df(&inputhash[sizeof rng->C], VSize(rng), V(rng), VSize(rng),
+ NULL, 0);
memset(rng, 0, sizeof *rng);
- memcpy(rng->C, inputhash, sizeof rng->C);
- memcpy(V(rng), &inputhash[sizeof rng->C], VSize(rng));
+ memcpy(rng->C, inputhash, sizeof rng->C);
+ memcpy(V(rng), &inputhash[sizeof rng->C], VSize(rng));
memset(inputhash, 0, sizeof inputhash);
}
@@ -486,7 +483,7 @@ prng_freeRNGContext(RNGContext *rng)
* provide the generator with additional entropy is to call
* RNG_SystemInfoForRNG(). Note that C_Initialize() does exactly that.
*/
-SECStatus
+SECStatus
RNG_RNGInit(void)
{
/* Allow only one call to initialize the context */
@@ -499,7 +496,7 @@ RNG_RNGInit(void)
** Update the global random number generator with more seeding
** material.
*/
-SECStatus
+SECStatus
RNG_RandomUpdate(const void *data, size_t bytes)
{
SECStatus rv;
@@ -518,23 +515,23 @@ RNG_RandomUpdate(const void *data, size_t bytes)
* greater than 32 bits if it is a 64 bit platform. The corner
* cases are handled with explicit defines NS_PTR_GT_32 and NS_PTR_LE_32.
*
- * In general, neither NS_PTR_GT_32 nor NS_PTR_LE_32 will need to be
+ * In general, neither NS_PTR_GT_32 nor NS_PTR_LE_32 will need to be
* defined. If you trip over the next two size ASSERTS at compile time,
* you will need to define them for your platform.
*
* if 'sizeof(size_t) > 4' is triggered it means that we were expecting
- * sizeof(size_t) to be greater than 4, but it wasn't. Setting
+ * sizeof(size_t) to be greater than 4, but it wasn't. Setting
* NS_PTR_LE_32 will correct that mistake.
*
* if 'sizeof(size_t) <= 4' is triggered, it means that we were expecting
- * sizeof(size_t) to be less than or equal to 4, but it wasn't. Setting
+ * sizeof(size_t) to be less than or equal to 4, but it wasn't. Setting
* NS_PTR_GT_32 will correct that mistake.
*/
PR_STATIC_ASSERT(sizeof(size_t) > 4);
if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) {
- bytes = PRNG_MAX_ADDITIONAL_BYTES;
+ bytes = PRNG_MAX_ADDITIONAL_BYTES;
}
#else
PR_STATIC_ASSERT(sizeof(size_t) <= 4);
@@ -543,41 +540,38 @@ RNG_RandomUpdate(const void *data, size_t bytes)
PZ_Lock(globalrng->lock);
/* if we're passed more than our additionalDataCache, simply
* call reseed with that data */
- if (bytes > sizeof (globalrng->additionalDataCache)) {
- rv = prng_reseed_test(globalrng, NULL, 0, data, (unsigned int) bytes);
- /* if we aren't going to fill or overflow the buffer, just cache it */
- } else if (bytes < ((sizeof globalrng->additionalDataCache)
- - globalrng->additionalAvail)) {
- PORT_Memcpy(globalrng->additionalDataCache+globalrng->additionalAvail,
- data, bytes);
- globalrng->additionalAvail += (PRUint32) bytes;
- rv = SECSuccess;
+ if (bytes > sizeof(globalrng->additionalDataCache)) {
+ rv = prng_reseed_test(globalrng, NULL, 0, data, (unsigned int)bytes);
+ /* if we aren't going to fill or overflow the buffer, just cache it */
+ } else if (bytes < ((sizeof globalrng->additionalDataCache) - globalrng->additionalAvail)) {
+ PORT_Memcpy(globalrng->additionalDataCache + globalrng->additionalAvail,
+ data, bytes);
+ globalrng->additionalAvail += (PRUint32)bytes;
+ rv = SECSuccess;
} else {
- /* we are going to fill or overflow the buffer. In this case we will
- * fill the entropy buffer, reseed with it, start a new buffer with the
- * remainder. We know the remainder will fit in the buffer because
- * we already handled the case where bytes > the size of the buffer.
- */
- size_t bufRemain = (sizeof globalrng->additionalDataCache)
- - globalrng->additionalAvail;
- /* fill the rest of the buffer */
- if (bufRemain) {
- PORT_Memcpy(globalrng->additionalDataCache
- +globalrng->additionalAvail,
- data, bufRemain);
- data = ((unsigned char *)data) + bufRemain;
- bytes -= bufRemain;
- }
- /* reseed from buffer */
- rv = prng_reseed_test(globalrng, NULL, 0,
- globalrng->additionalDataCache,
- sizeof globalrng->additionalDataCache);
-
- /* copy the rest into the cache */
- PORT_Memcpy(globalrng->additionalDataCache, data, bytes);
- globalrng->additionalAvail = (PRUint32) bytes;
- }
-
+ /* we are going to fill or overflow the buffer. In this case we will
+ * fill the entropy buffer, reseed with it, start a new buffer with the
+ * remainder. We know the remainder will fit in the buffer because
+ * we already handled the case where bytes > the size of the buffer.
+ */
+ size_t bufRemain = (sizeof globalrng->additionalDataCache) - globalrng->additionalAvail;
+ /* fill the rest of the buffer */
+ if (bufRemain) {
+ PORT_Memcpy(globalrng->additionalDataCache + globalrng->additionalAvail,
+ data, bufRemain);
+ data = ((unsigned char *)data) + bufRemain;
+ bytes -= bufRemain;
+ }
+ /* reseed from buffer */
+ rv = prng_reseed_test(globalrng, NULL, 0,
+ globalrng->additionalDataCache,
+ sizeof globalrng->additionalDataCache);
+
+ /* copy the rest into the cache */
+ PORT_Memcpy(globalrng->additionalDataCache, data, bytes);
+ globalrng->additionalAvail = (PRUint32)bytes;
+ }
+
PZ_Unlock(globalrng->lock);
return rv;
}
@@ -586,7 +580,7 @@ RNG_RandomUpdate(const void *data, size_t bytes)
** Generate some random bytes, using the global random number generator
** object.
*/
-static SECStatus
+static SECStatus
prng_GenerateGlobalRandomBytes(RNGContext *rng,
void *dest, size_t len)
{
@@ -595,13 +589,13 @@ prng_GenerateGlobalRandomBytes(RNGContext *rng,
/* check for a valid global RNG context */
PORT_Assert(rng != NULL);
if (rng == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* FIPS limits the amount of entropy available in a single request */
if (len > PRNG_MAX_REQUEST_SIZE) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* --- LOCKED --- */
PZ_Lock(rng->lock);
@@ -609,40 +603,40 @@ prng_GenerateGlobalRandomBytes(RNGContext *rng,
* don't produce any data.
*/
if (rng->reseed_counter[0] >= RESEED_VALUE) {
- rv = prng_reseed_test(rng, NULL, 0, NULL, 0);
- PZ_Unlock(rng->lock);
- if (rv != SECSuccess) {
- return rv;
- }
- RNG_SystemInfoForRNG();
- PZ_Lock(rng->lock);
+ rv = prng_reseed_test(rng, NULL, 0, NULL, 0);
+ PZ_Unlock(rng->lock);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ RNG_SystemInfoForRNG();
+ PZ_Lock(rng->lock);
}
/*
* see if we have enough bytes to fulfill the request.
*/
if (len <= rng->dataAvail) {
- memcpy(output, rng->data + ((sizeof rng->data) - rng->dataAvail), len);
- memset(rng->data + ((sizeof rng->data) - rng->dataAvail), 0, len);
- rng->dataAvail -= len;
- rv = SECSuccess;
- /* if we are asking for a small number of bytes, cache the rest of
+ memcpy(output, rng->data + ((sizeof rng->data) - rng->dataAvail), len);
+ memset(rng->data + ((sizeof rng->data) - rng->dataAvail), 0, len);
+ rng->dataAvail -= len;
+ rv = SECSuccess;
+ /* if we are asking for a small number of bytes, cache the rest of
* the bytes */
} else if (len < sizeof rng->data) {
- rv = prng_generateNewBytes(rng, rng->data, sizeof rng->data,
- rng->additionalAvail ? rng->additionalDataCache : NULL,
- rng->additionalAvail);
- rng->additionalAvail = 0;
- if (rv == SECSuccess) {
- memcpy(output, rng->data, len);
- memset(rng->data, 0, len);
- rng->dataAvail = (sizeof rng->data) - len;
- }
- /* we are asking for lots of bytes, just ask the generator to pass them */
+ rv = prng_generateNewBytes(rng, rng->data, sizeof rng->data,
+ rng->additionalAvail ? rng->additionalDataCache : NULL,
+ rng->additionalAvail);
+ rng->additionalAvail = 0;
+ if (rv == SECSuccess) {
+ memcpy(output, rng->data, len);
+ memset(rng->data, 0, len);
+ rng->dataAvail = (sizeof rng->data) - len;
+ }
+ /* we are asking for lots of bytes, just ask the generator to pass them */
} else {
- rv = prng_generateNewBytes(rng, output, len,
- rng->additionalAvail ? rng->additionalDataCache : NULL,
- rng->additionalAvail);
- rng->additionalAvail = 0;
+ rv = prng_generateNewBytes(rng, output, len,
+ rng->additionalAvail ? rng->additionalDataCache : NULL,
+ rng->additionalAvail);
+ rng->additionalAvail = 0;
}
PZ_Unlock(rng->lock);
/* --- UNLOCKED --- */
@@ -653,7 +647,7 @@ prng_GenerateGlobalRandomBytes(RNGContext *rng,
** Generate some random bytes, using the global random number generator
** object.
*/
-SECStatus
+SECStatus
RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
{
return prng_GenerateGlobalRandomBytes(globalrng, dest, len);
@@ -665,9 +659,9 @@ RNG_RNGShutdown(void)
/* check for a valid global RNG context */
PORT_Assert(globalrng != NULL);
if (globalrng == NULL) {
- /* Should set a "not initialized" error code. */
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return;
+ /* Should set a "not initialized" error code. */
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return;
}
/* clear */
prng_freeRNGContext(globalrng);
@@ -679,7 +673,7 @@ RNG_RNGShutdown(void)
/*
* Test case interface. used by fips testing and power on self test
*/
- /* make sure the test context is separate from the global context, This
+/* make sure the test context is separate from the global context, This
* allows us to test the internal random number generator without losing
* entropy we may have previously collected. */
RNGContext testContext;
@@ -689,249 +683,253 @@ RNGContext testContext;
* other NIST SP 800-90 algorithms may be used in the future.
*/
SECStatus
-PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
- const PRUint8 *nonce, unsigned int nonce_len,
- const PRUint8 *personal_string, unsigned int ps_len)
+PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
+ const PRUint8 *nonce, unsigned int nonce_len,
+ const PRUint8 *personal_string, unsigned int ps_len)
{
- int bytes_len = entropy_len + nonce_len + ps_len;
- PRUint8 *bytes = NULL;
- SECStatus rv;
-
- if (entropy_len < 256/PR_BITS_PER_BYTE) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- return SECFailure;
- }
-
- bytes = PORT_Alloc(bytes_len);
- if (bytes == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- /* concatenate the various inputs, internally NSS only instantiates with
+ int bytes_len = entropy_len + nonce_len + ps_len;
+ PRUint8 *bytes = NULL;
+ SECStatus rv;
+
+ if (entropy_len < 256 / PR_BITS_PER_BYTE) {
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ return SECFailure;
+ }
+
+ bytes = PORT_Alloc(bytes_len);
+ if (bytes == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
+ }
+ /* concatenate the various inputs, internally NSS only instantiates with
* a single long string */
- PORT_Memcpy(bytes, entropy, entropy_len);
- if (nonce) {
- PORT_Memcpy(&bytes[entropy_len], nonce, nonce_len);
- } else {
- PORT_Assert(nonce_len == 0);
- }
- if (personal_string) {
- PORT_Memcpy(&bytes[entropy_len+nonce_len], personal_string, ps_len);
- } else {
- PORT_Assert(ps_len == 0);
- }
- rv = prng_instantiate(&testContext, bytes, bytes_len);
- PORT_ZFree(bytes, bytes_len);
- if (rv == SECFailure) {
- return SECFailure;
- }
- testContext.isValid = PR_TRUE;
- return SECSuccess;
+ PORT_Memcpy(bytes, entropy, entropy_len);
+ if (nonce) {
+ PORT_Memcpy(&bytes[entropy_len], nonce, nonce_len);
+ } else {
+ PORT_Assert(nonce_len == 0);
+ }
+ if (personal_string) {
+ PORT_Memcpy(&bytes[entropy_len + nonce_len], personal_string, ps_len);
+ } else {
+ PORT_Assert(ps_len == 0);
+ }
+ rv = prng_instantiate(&testContext, bytes, bytes_len);
+ PORT_ZFree(bytes, bytes_len);
+ if (rv == SECFailure) {
+ return SECFailure;
+ }
+ testContext.isValid = PR_TRUE;
+ return SECSuccess;
}
SECStatus
-PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
- const PRUint8 *additional, unsigned int additional_len)
+PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
+ const PRUint8 *additional, unsigned int additional_len)
{
if (!testContext.isValid) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
- /* This magic input tells us to set the reseed count to it's max count,
- * so we can simulate PRNGTEST_Generate reaching max reseed count */
- if ((entropy == NULL) && (entropy_len == 0) &&
- (additional == NULL) && (additional_len == 0)) {
- testContext.reseed_counter[0] = RESEED_VALUE;
- return SECSuccess;
+ /* This magic input tells us to set the reseed count to it's max count,
+ * so we can simulate PRNGTEST_Generate reaching max reseed count */
+ if ((entropy == NULL) && (entropy_len == 0) &&
+ (additional == NULL) && (additional_len == 0)) {
+ testContext.reseed_counter[0] = RESEED_VALUE;
+ return SECSuccess;
}
return prng_reseed(&testContext, entropy, entropy_len, additional,
- additional_len);
-
+ additional_len);
}
SECStatus
-PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
- const PRUint8 *additional, unsigned int additional_len)
+PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
+ const PRUint8 *additional, unsigned int additional_len)
{
SECStatus rv;
if (!testContext.isValid) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
/* replicate reseed test from prng_GenerateGlobalRandomBytes */
if (testContext.reseed_counter[0] >= RESEED_VALUE) {
- rv = prng_reseed(&testContext, NULL, 0, NULL, 0);
- if (rv != SECSuccess) {
- return rv;
- }
+ rv = prng_reseed(&testContext, NULL, 0, NULL, 0);
+ if (rv != SECSuccess) {
+ return rv;
+ }
}
return prng_generateNewBytes(&testContext, bytes, bytes_len,
- additional, additional_len);
-
+ additional, additional_len);
}
SECStatus
PRNGTEST_Uninstantiate()
{
if (!testContext.isValid) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
- PORT_Memset(&testContext, 0, sizeof testContext);
- return SECSuccess;
+ PORT_Memset(&testContext, 0, sizeof testContext);
+ return SECSuccess;
}
SECStatus
PRNGTEST_RunHealthTests()
{
- static const PRUint8 entropy[] = {
- 0x8e,0x9c,0x0d,0x25,0x75,0x22,0x04,0xf9,
- 0xc5,0x79,0x10,0x8b,0x23,0x79,0x37,0x14,
- 0x9f,0x2c,0xc7,0x0b,0x39,0xf8,0xee,0xef,
- 0x95,0x0c,0x97,0x59,0xfc,0x0a,0x85,0x41,
- 0x76,0x9d,0x6d,0x67,0x00,0x4e,0x19,0x12,
- 0x02,0x16,0x53,0xea,0xf2,0x73,0xd7,0xd6,
- 0x7f,0x7e,0xc8,0xae,0x9c,0x09,0x99,0x7d,
- 0xbb,0x9e,0x48,0x7f,0xbb,0x96,0x46,0xb3,
- 0x03,0x75,0xf8,0xc8,0x69,0x45,0x3f,0x97,
- 0x5e,0x2e,0x48,0xe1,0x5d,0x58,0x97,0x4c };
- static const PRUint8 rng_known_result[] = {
- 0x16,0xe1,0x8c,0x57,0x21,0xd8,0xf1,0x7e,
- 0x5a,0xa0,0x16,0x0b,0x7e,0xa6,0x25,0xb4,
- 0x24,0x19,0xdb,0x54,0xfa,0x35,0x13,0x66,
- 0xbb,0xaa,0x2a,0x1b,0x22,0x33,0x2e,0x4a,
- 0x14,0x07,0x9d,0x52,0xfc,0x73,0x61,0x48,
- 0xac,0xc1,0x22,0xfc,0xa4,0xfc,0xac,0xa4,
- 0xdb,0xda,0x5b,0x27,0x33,0xc4,0xb3 };
- static const PRUint8 reseed_entropy[] = {
- 0xc6,0x0b,0x0a,0x30,0x67,0x07,0xf4,0xe2,
- 0x24,0xa7,0x51,0x6f,0x5f,0x85,0x3e,0x5d,
- 0x67,0x97,0xb8,0x3b,0x30,0x9c,0x7a,0xb1,
- 0x52,0xc6,0x1b,0xc9,0x46,0xa8,0x62,0x79 };
- static const PRUint8 additional_input[] = {
- 0x86,0x82,0x28,0x98,0xe7,0xcb,0x01,0x14,
- 0xae,0x87,0x4b,0x1d,0x99,0x1b,0xc7,0x41,
- 0x33,0xff,0x33,0x66,0x40,0x95,0x54,0xc6,
- 0x67,0x4d,0x40,0x2a,0x1f,0xf9,0xeb,0x65 };
- static const PRUint8 rng_reseed_result[] = {
- 0x02,0x0c,0xc6,0x17,0x86,0x49,0xba,0xc4,
- 0x7b,0x71,0x35,0x05,0xf0,0xdb,0x4a,0xc2,
- 0x2c,0x38,0xc1,0xa4,0x42,0xe5,0x46,0x4a,
- 0x7d,0xf0,0xbe,0x47,0x88,0xb8,0x0e,0xc6,
- 0x25,0x2b,0x1d,0x13,0xef,0xa6,0x87,0x96,
- 0xa3,0x7d,0x5b,0x80,0xc2,0x38,0x76,0x61,
- 0xc7,0x80,0x5d,0x0f,0x05,0x76,0x85 };
- static const PRUint8 rng_no_reseed_result[] = {
- 0xc4,0x40,0x41,0x8c,0xbf,0x2f,0x70,0x23,
- 0x88,0xf2,0x7b,0x30,0xc3,0xca,0x1e,0xf3,
- 0xef,0x53,0x81,0x5d,0x30,0xed,0x4c,0xf1,
- 0xff,0x89,0xa5,0xee,0x92,0xf8,0xc0,0x0f,
- 0x88,0x53,0xdf,0xb6,0x76,0xf0,0xaa,0xd3,
- 0x2e,0x1d,0x64,0x37,0x3e,0xe8,0x4a,0x02,
- 0xff,0x0a,0x7f,0xe5,0xe9,0x2b,0x6d };
-
- SECStatus rng_status = SECSuccess;
- PR_STATIC_ASSERT(sizeof(rng_known_result) >= sizeof(rng_reseed_result));
- PRUint8 result[sizeof(rng_known_result)];
-
- /********************************************/
- /* First test instantiate error path. */
- /* In this case we supply enough entropy, */
- /* but not enough seed. This will trigger */
- /* the code that checks for a entropy */
- /* source failure. */
- /********************************************/
- rng_status = PRNGTEST_Instantiate(entropy, 256/PR_BITS_PER_BYTE,
- NULL, 0, NULL, 0);
- if (rng_status == SECSuccess) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- /* we failed with the proper error code, we can continue */
-
- /********************************************/
- /* Generate random bytes with a known seed. */
- /********************************************/
- rng_status = PRNGTEST_Instantiate(entropy, sizeof entropy,
- NULL, 0, NULL, 0);
- if (rng_status != SECSuccess) {
- /* Error set by PRNGTEST_Instantiate */
- return SECFailure;
- }
- rng_status = PRNGTEST_Generate(result, sizeof rng_known_result, NULL, 0);
- if ( ( rng_status != SECSuccess) ||
- ( PORT_Memcmp( result, rng_known_result,
- sizeof rng_known_result ) != 0 ) ) {
- PRNGTEST_Uninstantiate();
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- rng_status = PRNGTEST_Reseed(reseed_entropy, sizeof reseed_entropy,
- additional_input, sizeof additional_input);
- if (rng_status != SECSuccess) {
- /* Error set by PRNG_Reseed */
- PRNGTEST_Uninstantiate();
- return SECFailure;
- }
- rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
- if ( ( rng_status != SECSuccess) ||
- ( PORT_Memcmp( result, rng_reseed_result,
- sizeof rng_reseed_result ) != 0 ) ) {
- PRNGTEST_Uninstantiate();
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- /* This magic forces the reseed count to it's max count, so we can see if
- * PRNGTEST_Generate will actually when it reaches it's count */
- rng_status = PRNGTEST_Reseed(NULL, 0, NULL, 0);
- if (rng_status != SECSuccess) {
- PRNGTEST_Uninstantiate();
- /* Error set by PRNG_Reseed */
- return SECFailure;
- }
- /* This generate should now reseed */
- rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
- if ( ( rng_status != SECSuccess) ||
- /* NOTE we fail if the result is equal to the no_reseed_result.
+ static const PRUint8 entropy[] = {
+ 0x8e, 0x9c, 0x0d, 0x25, 0x75, 0x22, 0x04, 0xf9,
+ 0xc5, 0x79, 0x10, 0x8b, 0x23, 0x79, 0x37, 0x14,
+ 0x9f, 0x2c, 0xc7, 0x0b, 0x39, 0xf8, 0xee, 0xef,
+ 0x95, 0x0c, 0x97, 0x59, 0xfc, 0x0a, 0x85, 0x41,
+ 0x76, 0x9d, 0x6d, 0x67, 0x00, 0x4e, 0x19, 0x12,
+ 0x02, 0x16, 0x53, 0xea, 0xf2, 0x73, 0xd7, 0xd6,
+ 0x7f, 0x7e, 0xc8, 0xae, 0x9c, 0x09, 0x99, 0x7d,
+ 0xbb, 0x9e, 0x48, 0x7f, 0xbb, 0x96, 0x46, 0xb3,
+ 0x03, 0x75, 0xf8, 0xc8, 0x69, 0x45, 0x3f, 0x97,
+ 0x5e, 0x2e, 0x48, 0xe1, 0x5d, 0x58, 0x97, 0x4c
+ };
+ static const PRUint8 rng_known_result[] = {
+ 0x16, 0xe1, 0x8c, 0x57, 0x21, 0xd8, 0xf1, 0x7e,
+ 0x5a, 0xa0, 0x16, 0x0b, 0x7e, 0xa6, 0x25, 0xb4,
+ 0x24, 0x19, 0xdb, 0x54, 0xfa, 0x35, 0x13, 0x66,
+ 0xbb, 0xaa, 0x2a, 0x1b, 0x22, 0x33, 0x2e, 0x4a,
+ 0x14, 0x07, 0x9d, 0x52, 0xfc, 0x73, 0x61, 0x48,
+ 0xac, 0xc1, 0x22, 0xfc, 0xa4, 0xfc, 0xac, 0xa4,
+ 0xdb, 0xda, 0x5b, 0x27, 0x33, 0xc4, 0xb3
+ };
+ static const PRUint8 reseed_entropy[] = {
+ 0xc6, 0x0b, 0x0a, 0x30, 0x67, 0x07, 0xf4, 0xe2,
+ 0x24, 0xa7, 0x51, 0x6f, 0x5f, 0x85, 0x3e, 0x5d,
+ 0x67, 0x97, 0xb8, 0x3b, 0x30, 0x9c, 0x7a, 0xb1,
+ 0x52, 0xc6, 0x1b, 0xc9, 0x46, 0xa8, 0x62, 0x79
+ };
+ static const PRUint8 additional_input[] = {
+ 0x86, 0x82, 0x28, 0x98, 0xe7, 0xcb, 0x01, 0x14,
+ 0xae, 0x87, 0x4b, 0x1d, 0x99, 0x1b, 0xc7, 0x41,
+ 0x33, 0xff, 0x33, 0x66, 0x40, 0x95, 0x54, 0xc6,
+ 0x67, 0x4d, 0x40, 0x2a, 0x1f, 0xf9, 0xeb, 0x65
+ };
+ static const PRUint8 rng_reseed_result[] = {
+ 0x02, 0x0c, 0xc6, 0x17, 0x86, 0x49, 0xba, 0xc4,
+ 0x7b, 0x71, 0x35, 0x05, 0xf0, 0xdb, 0x4a, 0xc2,
+ 0x2c, 0x38, 0xc1, 0xa4, 0x42, 0xe5, 0x46, 0x4a,
+ 0x7d, 0xf0, 0xbe, 0x47, 0x88, 0xb8, 0x0e, 0xc6,
+ 0x25, 0x2b, 0x1d, 0x13, 0xef, 0xa6, 0x87, 0x96,
+ 0xa3, 0x7d, 0x5b, 0x80, 0xc2, 0x38, 0x76, 0x61,
+ 0xc7, 0x80, 0x5d, 0x0f, 0x05, 0x76, 0x85
+ };
+ static const PRUint8 rng_no_reseed_result[] = {
+ 0xc4, 0x40, 0x41, 0x8c, 0xbf, 0x2f, 0x70, 0x23,
+ 0x88, 0xf2, 0x7b, 0x30, 0xc3, 0xca, 0x1e, 0xf3,
+ 0xef, 0x53, 0x81, 0x5d, 0x30, 0xed, 0x4c, 0xf1,
+ 0xff, 0x89, 0xa5, 0xee, 0x92, 0xf8, 0xc0, 0x0f,
+ 0x88, 0x53, 0xdf, 0xb6, 0x76, 0xf0, 0xaa, 0xd3,
+ 0x2e, 0x1d, 0x64, 0x37, 0x3e, 0xe8, 0x4a, 0x02,
+ 0xff, 0x0a, 0x7f, 0xe5, 0xe9, 0x2b, 0x6d
+ };
+
+ SECStatus rng_status = SECSuccess;
+ PR_STATIC_ASSERT(sizeof(rng_known_result) >= sizeof(rng_reseed_result));
+ PRUint8 result[sizeof(rng_known_result)];
+
+ /********************************************/
+ /* First test instantiate error path. */
+ /* In this case we supply enough entropy, */
+ /* but not enough seed. This will trigger */
+ /* the code that checks for a entropy */
+ /* source failure. */
+ /********************************************/
+ rng_status = PRNGTEST_Instantiate(entropy, 256 / PR_BITS_PER_BYTE,
+ NULL, 0, NULL, 0);
+ if (rng_status == SECSuccess) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ /* we failed with the proper error code, we can continue */
+
+ /********************************************/
+ /* Generate random bytes with a known seed. */
+ /********************************************/
+ rng_status = PRNGTEST_Instantiate(entropy, sizeof entropy,
+ NULL, 0, NULL, 0);
+ if (rng_status != SECSuccess) {
+ /* Error set by PRNGTEST_Instantiate */
+ return SECFailure;
+ }
+ rng_status = PRNGTEST_Generate(result, sizeof rng_known_result, NULL, 0);
+ if ((rng_status != SECSuccess) ||
+ (PORT_Memcmp(result, rng_known_result,
+ sizeof rng_known_result) != 0)) {
+ PRNGTEST_Uninstantiate();
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ rng_status = PRNGTEST_Reseed(reseed_entropy, sizeof reseed_entropy,
+ additional_input, sizeof additional_input);
+ if (rng_status != SECSuccess) {
+ /* Error set by PRNG_Reseed */
+ PRNGTEST_Uninstantiate();
+ return SECFailure;
+ }
+ rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
+ if ((rng_status != SECSuccess) ||
+ (PORT_Memcmp(result, rng_reseed_result,
+ sizeof rng_reseed_result) != 0)) {
+ PRNGTEST_Uninstantiate();
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ /* This magic forces the reseed count to it's max count, so we can see if
+ * PRNGTEST_Generate will actually when it reaches it's count */
+ rng_status = PRNGTEST_Reseed(NULL, 0, NULL, 0);
+ if (rng_status != SECSuccess) {
+ PRNGTEST_Uninstantiate();
+ /* Error set by PRNG_Reseed */
+ return SECFailure;
+ }
+ /* This generate should now reseed */
+ rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
+ if ((rng_status != SECSuccess) ||
+ /* NOTE we fail if the result is equal to the no_reseed_result.
* no_reseed_result is the value we would have gotten if we didn't
- * do an automatic reseed in PRNGTEST_Generate */
- ( PORT_Memcmp( result, rng_no_reseed_result,
- sizeof rng_no_reseed_result ) == 0 ) ) {
- PRNGTEST_Uninstantiate();
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- /* make sure reseed fails when we don't supply enough entropy */
- rng_status = PRNGTEST_Reseed(reseed_entropy, 4, NULL, 0);
- if (rng_status == SECSuccess) {
- PRNGTEST_Uninstantiate();
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
- PRNGTEST_Uninstantiate();
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- rng_status = PRNGTEST_Uninstantiate();
- if (rng_status != SECSuccess) {
- /* Error set by PRNG_Uninstantiate */
- return rng_status;
- }
- /* make sure uninstantiate fails if the contest is not initiated (also tests
- * if the context was cleared in the previous Uninstantiate) */
- rng_status = PRNGTEST_Uninstantiate();
- if (rng_status == SECSuccess) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- if (PORT_GetError() != SEC_ERROR_LIBRARY_FAILURE) {
- return rng_status;
- }
-
- return SECSuccess;
+ * do an automatic reseed in PRNGTEST_Generate */
+ (PORT_Memcmp(result, rng_no_reseed_result,
+ sizeof rng_no_reseed_result) == 0)) {
+ PRNGTEST_Uninstantiate();
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ /* make sure reseed fails when we don't supply enough entropy */
+ rng_status = PRNGTEST_Reseed(reseed_entropy, 4, NULL, 0);
+ if (rng_status == SECSuccess) {
+ PRNGTEST_Uninstantiate();
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
+ PRNGTEST_Uninstantiate();
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ rng_status = PRNGTEST_Uninstantiate();
+ if (rng_status != SECSuccess) {
+ /* Error set by PRNG_Uninstantiate */
+ return rng_status;
+ }
+ /* make sure uninstantiate fails if the contest is not initiated (also tests
+ * if the context was cleared in the previous Uninstantiate) */
+ rng_status = PRNGTEST_Uninstantiate();
+ if (rng_status == SECSuccess) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ if (PORT_GetError() != SEC_ERROR_LIBRARY_FAILURE) {
+ return rng_status;
+ }
+
+ return SECSuccess;
}
diff --git a/lib/freebl/dsa.c b/lib/freebl/dsa.c
index 2cbd08523..9324d306b 100644
--- a/lib/freebl/dsa.c
+++ b/lib/freebl/dsa.c
@@ -21,12 +21,12 @@
#include "secmpi.h"
#include "pqg.h"
- /* XXX to be replaced by define in blapit.h */
+/* XXX to be replaced by define in blapit.h */
#define NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE 2048
/*
- * FIPS 186-2 requires result from random output to be reduced mod q when
- * generating random numbers for DSA.
+ * FIPS 186-2 requires result from random output to be reduced mod q when
+ * generating random numbers for DSA.
*
* Input: w, 2*qLen bytes
* q, qLen bytes
@@ -34,7 +34,7 @@
*/
static SECStatus
fips186Change_ReduceModQForDSA(const PRUint8 *w, const PRUint8 *q,
- unsigned int qLen, PRUint8 * xj)
+ unsigned int qLen, PRUint8 *xj)
{
mp_int W, Q, Xj;
mp_err err;
@@ -44,41 +44,42 @@ fips186Change_ReduceModQForDSA(const PRUint8 *w, const PRUint8 *q,
MP_DIGITS(&W) = 0;
MP_DIGITS(&Q) = 0;
MP_DIGITS(&Xj) = 0;
- CHECK_MPI_OK( mp_init(&W) );
- CHECK_MPI_OK( mp_init(&Q) );
- CHECK_MPI_OK( mp_init(&Xj) );
+ CHECK_MPI_OK(mp_init(&W));
+ CHECK_MPI_OK(mp_init(&Q));
+ CHECK_MPI_OK(mp_init(&Xj));
/*
* Convert input arguments into MPI integers.
*/
- CHECK_MPI_OK( mp_read_unsigned_octets(&W, w, 2*qLen) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&Q, q, qLen) );
+ CHECK_MPI_OK(mp_read_unsigned_octets(&W, w, 2 * qLen));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&Q, q, qLen));
/*
* Algorithm 1 of FIPS 186-2 Change Notice 1, Step 3.3
*
* xj = (w0 || w1) mod q
*/
- CHECK_MPI_OK( mp_mod(&W, &Q, &Xj) );
- CHECK_MPI_OK( mp_to_fixlen_octets(&Xj, xj, qLen) );
+ CHECK_MPI_OK(mp_mod(&W, &Q, &Xj));
+ CHECK_MPI_OK(mp_to_fixlen_octets(&Xj, xj, qLen));
cleanup:
mp_clear(&W);
mp_clear(&Q);
mp_clear(&Xj);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
/*
- * FIPS 186-2 requires result from random output to be reduced mod q when
- * generating random numbers for DSA.
+ * FIPS 186-2 requires result from random output to be reduced mod q when
+ * generating random numbers for DSA.
*/
SECStatus
FIPS186Change_ReduceModQForDSA(const unsigned char *w,
const unsigned char *q,
- unsigned char *xj) {
+ unsigned char *xj)
+{
return fips186Change_ReduceModQForDSA(w, q, DSA1_SUBPRIME_LEN, xj);
}
@@ -112,13 +113,13 @@ FIPS186Change_GenerateX(PRUint8 *XKEY, const PRUint8 *XSEEDj,
** Generate some random bytes, using the global random number generator
** object. In DSA mode, so there is a q.
*/
-static SECStatus
-dsa_GenerateGlobalRandomBytes(const SECItem * qItem, PRUint8 * dest,
- unsigned int * destLen, unsigned int maxDestLen)
+static SECStatus
+dsa_GenerateGlobalRandomBytes(const SECItem *qItem, PRUint8 *dest,
+ unsigned int *destLen, unsigned int maxDestLen)
{
SECStatus rv;
SECItem w;
- const PRUint8 * q = qItem->data;
+ const PRUint8 *q = qItem->data;
unsigned int qLen = qItem->len;
if (*q == 0) {
@@ -132,7 +133,7 @@ dsa_GenerateGlobalRandomBytes(const SECItem * qItem, PRUint8 * dest,
return SECFailure;
}
w.data = NULL; /* otherwise SECITEM_AllocItem asserts */
- if (!SECITEM_AllocItem(NULL, &w, 2*qLen)) {
+ if (!SECITEM_AllocItem(NULL, &w, 2 * qLen)) {
return SECFailure;
}
*destLen = qLen;
@@ -146,13 +147,14 @@ dsa_GenerateGlobalRandomBytes(const SECItem * qItem, PRUint8 * dest,
return rv;
}
-static void translate_mpi_error(mp_err err)
+static void
+translate_mpi_error(mp_err err)
{
MP_TO_SEC_ERROR(err);
}
-static SECStatus
-dsa_NewKeyExtended(const PQGParams *params, const SECItem * seed,
+static SECStatus
+dsa_NewKeyExtended(const PQGParams *params, const SECItem *seed,
DSAPrivateKey **privKey)
{
mp_int p, g;
@@ -162,20 +164,20 @@ dsa_NewKeyExtended(const PQGParams *params, const SECItem * seed,
DSAPrivateKey *key;
/* Check args. */
if (!params || !privKey || !seed || !seed->data) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* Initialize an arena for the DSA key. */
arena = PORT_NewArena(NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE);
if (!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
}
key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
if (!key) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(arena, PR_TRUE);
+ return SECFailure;
}
key->params.arena = arena;
/* Initialize MPI integers. */
@@ -183,25 +185,25 @@ dsa_NewKeyExtended(const PQGParams *params, const SECItem * seed,
MP_DIGITS(&g) = 0;
MP_DIGITS(&x) = 0;
MP_DIGITS(&y) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&g) );
- CHECK_MPI_OK( mp_init(&x) );
- CHECK_MPI_OK( mp_init(&y) );
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&g));
+ CHECK_MPI_OK(mp_init(&x));
+ CHECK_MPI_OK(mp_init(&y));
/* Copy over the PQG params */
- CHECK_MPI_OK( SECITEM_CopyItem(arena, &key->params.prime,
- &params->prime) );
- CHECK_MPI_OK( SECITEM_CopyItem(arena, &key->params.subPrime,
- &params->subPrime) );
- CHECK_MPI_OK( SECITEM_CopyItem(arena, &key->params.base, &params->base) );
+ CHECK_MPI_OK(SECITEM_CopyItem(arena, &key->params.prime,
+ &params->prime));
+ CHECK_MPI_OK(SECITEM_CopyItem(arena, &key->params.subPrime,
+ &params->subPrime));
+ CHECK_MPI_OK(SECITEM_CopyItem(arena, &key->params.base, &params->base));
/* Convert stored p, g, and received x into MPI integers. */
SECITEM_TO_MPINT(params->prime, &p);
- SECITEM_TO_MPINT(params->base, &g);
+ SECITEM_TO_MPINT(params->base, &g);
OCTETS_TO_MPINT(seed->data, &x, seed->len);
/* Store x in private key */
SECITEM_AllocItem(arena, &key->privateValue, seed->len);
PORT_Memcpy(key->privateValue.data, seed->data, seed->len);
/* Compute public key y = g**x mod p */
- CHECK_MPI_OK( mp_exptmod(&g, &x, &p, &y) );
+ CHECK_MPI_OK(mp_exptmod(&g, &x, &p, &y));
/* Store y in public key */
MPINT_TO_SECITEM(&y, &key->publicValue, arena);
*privKey = key;
@@ -212,16 +214,16 @@ cleanup:
mp_clear(&x);
mp_clear(&y);
if (key)
- PORT_FreeArena(key->params.arena, PR_TRUE);
+ PORT_FreeArena(key->params.arena, PR_TRUE);
if (err) {
- translate_mpi_error(err);
- return SECFailure;
+ translate_mpi_error(err);
+ return SECFailure;
}
return SECSuccess;
}
SECStatus
-DSA_NewRandom(PLArenaPool * arena, const SECItem * q, SECItem * seed)
+DSA_NewRandom(PLArenaPool *arena, const SECItem *q, SECItem *seed)
{
int retries = 10;
unsigned int i;
@@ -238,30 +240,31 @@ DSA_NewRandom(PLArenaPool * arena, const SECItem * q, SECItem * seed)
}
do {
- /* Generate seed bytes for x according to FIPS 186-1 appendix 3 */
+ /* Generate seed bytes for x according to FIPS 186-1 appendix 3 */
if (dsa_GenerateGlobalRandomBytes(q, seed->data, &seed->len,
seed->len)) {
goto loser;
}
- /* Disallow values of 0 and 1 for x. */
- good = PR_FALSE;
- for (i = 0; i < seed->len-1; i++) {
- if (seed->data[i] != 0) {
- good = PR_TRUE;
- break;
- }
- }
- if (!good && seed->data[i] > 1) {
- good = PR_TRUE;
- }
+ /* Disallow values of 0 and 1 for x. */
+ good = PR_FALSE;
+ for (i = 0; i < seed->len - 1; i++) {
+ if (seed->data[i] != 0) {
+ good = PR_TRUE;
+ break;
+ }
+ }
+ if (!good && seed->data[i] > 1) {
+ good = PR_TRUE;
+ }
} while (!good && --retries > 0);
if (!good) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
-loser: if (arena != NULL) {
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ loser:
+ if (arena != NULL) {
SECITEM_FreeItem(seed, PR_FALSE);
}
- return SECFailure;
+ return SECFailure;
}
return SECSuccess;
@@ -269,11 +272,11 @@ loser: if (arena != NULL) {
/*
** Generate and return a new DSA public and private key pair,
-** both of which are encoded into a single DSAPrivateKey struct.
-** "params" is a pointer to the PQG parameters for the domain
-** Uses a random seed.
+** both of which are encoded into a single DSAPrivateKey struct.
+** "params" is a pointer to the PQG parameters for the domain
+** Uses a random seed.
*/
-SECStatus
+SECStatus
DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
{
SECItem seed;
@@ -281,7 +284,7 @@ DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
rv = PQG_Check(params);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
seed.data = NULL;
@@ -299,26 +302,26 @@ DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
}
/* For FIPS compliance testing. Seed must be exactly the size of subPrime */
-SECStatus
-DSA_NewKeyFromSeed(const PQGParams *params,
+SECStatus
+DSA_NewKeyFromSeed(const PQGParams *params,
const unsigned char *seed,
DSAPrivateKey **privKey)
{
SECItem seedItem;
- seedItem.data = (unsigned char*) seed;
+ seedItem.data = (unsigned char *)seed;
seedItem.len = PQG_GetLength(&params->subPrime);
return dsa_NewKeyExtended(params, &seedItem, privKey);
}
-static SECStatus
+static SECStatus
dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
const unsigned char *kb)
{
- mp_int p, q, g; /* PQG parameters */
- mp_int x, k; /* private key & pseudo-random integer */
- mp_int r, s; /* tuple (r, s) is signature) */
- mp_int t; /* holding tmp values */
- mp_err err = MP_OKAY;
+ mp_int p, q, g; /* PQG parameters */
+ mp_int x, k; /* private key & pseudo-random integer */
+ mp_int r, s; /* tuple (r, s) is signature) */
+ mp_int t; /* holding tmp values */
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
unsigned int dsa_subprime_len, dsa_signature_len, offset;
SECItem localDigest;
@@ -328,28 +331,27 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
/* FIPS-compliance dictates that digest is a SHA hash. */
/* Check args. */
if (!key || !signature || !digest) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
dsa_subprime_len = PQG_GetLength(&key->params.subPrime);
- dsa_signature_len = dsa_subprime_len*2;
+ dsa_signature_len = dsa_subprime_len * 2;
if ((signature->len < dsa_signature_len) ||
- (digest->len > HASH_LENGTH_MAX) ||
- (digest->len < SHA1_LENGTH)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ (digest->len > HASH_LENGTH_MAX) ||
+ (digest->len < SHA1_LENGTH)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
- /* DSA accepts digests not equal to dsa_subprime_len, if the
- * digests are greater, then they are truncated to the size of
+ /* DSA accepts digests not equal to dsa_subprime_len, if the
+ * digests are greater, then they are truncated to the size of
* dsa_subprime_len, using the left most bits. If they are less
* then they are padded on the left.*/
PORT_Memset(localDigestData, 0, dsa_subprime_len);
- offset = (digest->len < dsa_subprime_len) ?
- (dsa_subprime_len - digest->len) : 0;
- PORT_Memcpy(localDigestData+offset, digest->data,
- dsa_subprime_len - offset);
+ offset = (digest->len < dsa_subprime_len) ? (dsa_subprime_len - digest->len) : 0;
+ PORT_Memcpy(localDigestData + offset, digest->data,
+ dsa_subprime_len - offset);
localDigest.data = localDigestData;
localDigest.len = dsa_subprime_len;
@@ -362,30 +364,30 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
MP_DIGITS(&r) = 0;
MP_DIGITS(&s) = 0;
MP_DIGITS(&t) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&g) );
- CHECK_MPI_OK( mp_init(&x) );
- CHECK_MPI_OK( mp_init(&k) );
- CHECK_MPI_OK( mp_init(&r) );
- CHECK_MPI_OK( mp_init(&s) );
- CHECK_MPI_OK( mp_init(&t) );
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&g));
+ CHECK_MPI_OK(mp_init(&x));
+ CHECK_MPI_OK(mp_init(&k));
+ CHECK_MPI_OK(mp_init(&r));
+ CHECK_MPI_OK(mp_init(&s));
+ CHECK_MPI_OK(mp_init(&t));
/*
** Convert stored PQG and private key into MPI integers.
*/
- SECITEM_TO_MPINT(key->params.prime, &p);
+ SECITEM_TO_MPINT(key->params.prime, &p);
SECITEM_TO_MPINT(key->params.subPrime, &q);
- SECITEM_TO_MPINT(key->params.base, &g);
- SECITEM_TO_MPINT(key->privateValue, &x);
+ SECITEM_TO_MPINT(key->params.base, &g);
+ SECITEM_TO_MPINT(key->privateValue, &x);
OCTETS_TO_MPINT(kb, &k, dsa_subprime_len);
/*
** FIPS 186-1, Section 5, Step 1
**
** r = (g**k mod p) mod q
*/
- CHECK_MPI_OK( mp_exptmod(&g, &k, &p, &r) ); /* r = g**k mod p */
- CHECK_MPI_OK( mp_mod(&r, &q, &r) ); /* r = r mod q */
- /*
+ CHECK_MPI_OK(mp_exptmod(&g, &k, &p, &r)); /* r = g**k mod p */
+ CHECK_MPI_OK(mp_mod(&r, &q, &r)); /* r = r mod q */
+ /*
** FIPS 186-1, Section 5, Step 2
**
** s = (k**-1 * (HASH(M) + x*r)) mod q
@@ -395,22 +397,22 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
rv = SECFailure;
goto cleanup;
}
- SECITEM_TO_MPINT(t2, &t); /* t <-$ Zq */
- CHECK_MPI_OK( mp_mulmod(&k, &t, &q, &k) ); /* k = k * t mod q */
- CHECK_MPI_OK( mp_invmod(&k, &q, &k) ); /* k = k**-1 mod q */
- CHECK_MPI_OK( mp_mulmod(&k, &t, &q, &k) ); /* k = k * t mod q */
- SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
- CHECK_MPI_OK( mp_mulmod(&x, &r, &q, &x) ); /* x = x * r mod q */
- CHECK_MPI_OK( mp_addmod(&s, &x, &q, &s) ); /* s = s + x mod q */
- CHECK_MPI_OK( mp_mulmod(&s, &k, &q, &s) ); /* s = s * k mod q */
+ SECITEM_TO_MPINT(t2, &t); /* t <-$ Zq */
+ CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+ CHECK_MPI_OK(mp_invmod(&k, &q, &k)); /* k = k**-1 mod q */
+ CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+ SECITEM_TO_MPINT(localDigest, &s); /* s = HASH(M) */
+ CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
+ CHECK_MPI_OK(mp_addmod(&s, &x, &q, &s)); /* s = s + x mod q */
+ CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
/*
** verify r != 0 and s != 0
** mentioned as optional in FIPS 186-1.
*/
if (mp_cmp_z(&r) == 0 || mp_cmp_z(&s) == 0) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- rv = SECFailure;
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ rv = SECFailure;
+ goto cleanup;
}
/*
** Step 4
@@ -418,10 +420,12 @@ dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
** Signature is tuple (r, s)
*/
err = mp_to_fixlen_octets(&r, signature->data, dsa_subprime_len);
- if (err < 0) goto cleanup;
- err = mp_to_fixlen_octets(&s, signature->data + dsa_subprime_len,
- dsa_subprime_len);
- if (err < 0) goto cleanup;
+ if (err < 0)
+ goto cleanup;
+ err = mp_to_fixlen_octets(&s, signature->data + dsa_subprime_len,
+ dsa_subprime_len);
+ if (err < 0)
+ goto cleanup;
err = MP_OKAY;
signature->len = dsa_signature_len;
cleanup:
@@ -436,8 +440,8 @@ cleanup:
mp_clear(&t);
SECITEM_FreeItem(&t2, PR_FALSE);
if (err) {
- translate_mpi_error(err);
- rv = SECFailure;
+ translate_mpi_error(err);
+ rv = SECFailure;
}
return rv;
}
@@ -448,53 +452,53 @@ cleanup:
** On output, signature->len == size of signature in buffer.
** Uses a random seed.
*/
-SECStatus
+SECStatus
DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest)
{
SECStatus rv;
- int retries = 10;
+ int retries = 10;
unsigned char kSeed[DSA_MAX_SUBPRIME_LEN];
unsigned int kSeedLen = 0;
unsigned int i;
unsigned int dsa_subprime_len = PQG_GetLength(&key->params.subPrime);
- PRBool good;
+ PRBool good;
PORT_SetError(0);
do {
- rv = dsa_GenerateGlobalRandomBytes(&key->params.subPrime,
+ rv = dsa_GenerateGlobalRandomBytes(&key->params.subPrime,
kSeed, &kSeedLen, sizeof kSeed);
- if (rv != SECSuccess)
- break;
+ if (rv != SECSuccess)
+ break;
if (kSeedLen != dsa_subprime_len) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
break;
}
- /* Disallow a value of 0 for k. */
- good = PR_FALSE;
- for (i = 0; i < kSeedLen; i++) {
- if (kSeed[i] != 0) {
- good = PR_TRUE;
- break;
- }
- }
- if (!good) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- rv = SECFailure;
- continue;
- }
- rv = dsa_SignDigest(key, signature, digest, kSeed);
+ /* Disallow a value of 0 for k. */
+ good = PR_FALSE;
+ for (i = 0; i < kSeedLen; i++) {
+ if (kSeed[i] != 0) {
+ good = PR_TRUE;
+ break;
+ }
+ }
+ if (!good) {
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ rv = SECFailure;
+ continue;
+ }
+ rv = dsa_SignDigest(key, signature, digest, kSeed);
} while (rv != SECSuccess && PORT_GetError() == SEC_ERROR_NEED_RANDOM &&
- --retries > 0);
+ --retries > 0);
return rv;
}
/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
-SECStatus
-DSA_SignDigestWithSeed(DSAPrivateKey * key,
- SECItem * signature,
- const SECItem * digest,
- const unsigned char * seed)
+SECStatus
+DSA_SignDigestWithSeed(DSAPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest,
+ const unsigned char *seed)
{
SECStatus rv;
rv = dsa_SignDigest(key, signature, digest, seed);
@@ -505,8 +509,8 @@ DSA_SignDigestWithSeed(DSAPrivateKey * key,
** On input, signature->len == size of buffer to hold signature.
** digest->len == size of digest.
*/
-SECStatus
-DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
+SECStatus
+DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
const SECItem *digest)
{
/* FIPS-compliance dictates that digest is a SHA hash. */
@@ -521,60 +525,59 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
SECStatus verified = SECFailure;
/* Check args. */
- if (!key || !signature || !digest ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ if (!key || !signature || !digest) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
dsa_subprime_len = PQG_GetLength(&key->params.subPrime);
- dsa_signature_len = dsa_subprime_len*2;
+ dsa_signature_len = dsa_subprime_len * 2;
if ((signature->len != dsa_signature_len) ||
- (digest->len > HASH_LENGTH_MAX) ||
- (digest->len < SHA1_LENGTH)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ (digest->len > HASH_LENGTH_MAX) ||
+ (digest->len < SHA1_LENGTH)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
- /* DSA accepts digests not equal to dsa_subprime_len, if the
- * digests are greater, than they are truncated to the size of
+ /* DSA accepts digests not equal to dsa_subprime_len, if the
+ * digests are greater, than they are truncated to the size of
* dsa_subprime_len, using the left most bits. If they are less
* then they are padded on the left.*/
PORT_Memset(localDigestData, 0, dsa_subprime_len);
- offset = (digest->len < dsa_subprime_len) ?
- (dsa_subprime_len - digest->len) : 0;
- PORT_Memcpy(localDigestData+offset, digest->data,
- dsa_subprime_len - offset);
+ offset = (digest->len < dsa_subprime_len) ? (dsa_subprime_len - digest->len) : 0;
+ PORT_Memcpy(localDigestData + offset, digest->data,
+ dsa_subprime_len - offset);
localDigest.data = localDigestData;
localDigest.len = dsa_subprime_len;
/* Initialize MPI integers. */
- MP_DIGITS(&p) = 0;
- MP_DIGITS(&q) = 0;
- MP_DIGITS(&g) = 0;
- MP_DIGITS(&y) = 0;
+ MP_DIGITS(&p) = 0;
+ MP_DIGITS(&q) = 0;
+ MP_DIGITS(&g) = 0;
+ MP_DIGITS(&y) = 0;
MP_DIGITS(&r_) = 0;
MP_DIGITS(&s_) = 0;
MP_DIGITS(&u1) = 0;
MP_DIGITS(&u2) = 0;
- MP_DIGITS(&v) = 0;
- MP_DIGITS(&w) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&g) );
- CHECK_MPI_OK( mp_init(&y) );
- CHECK_MPI_OK( mp_init(&r_) );
- CHECK_MPI_OK( mp_init(&s_) );
- CHECK_MPI_OK( mp_init(&u1) );
- CHECK_MPI_OK( mp_init(&u2) );
- CHECK_MPI_OK( mp_init(&v) );
- CHECK_MPI_OK( mp_init(&w) );
+ MP_DIGITS(&v) = 0;
+ MP_DIGITS(&w) = 0;
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&g));
+ CHECK_MPI_OK(mp_init(&y));
+ CHECK_MPI_OK(mp_init(&r_));
+ CHECK_MPI_OK(mp_init(&s_));
+ CHECK_MPI_OK(mp_init(&u1));
+ CHECK_MPI_OK(mp_init(&u2));
+ CHECK_MPI_OK(mp_init(&v));
+ CHECK_MPI_OK(mp_init(&w));
/*
** Convert stored PQG and public key into MPI integers.
*/
- SECITEM_TO_MPINT(key->params.prime, &p);
+ SECITEM_TO_MPINT(key->params.prime, &p);
SECITEM_TO_MPINT(key->params.subPrime, &q);
- SECITEM_TO_MPINT(key->params.base, &g);
- SECITEM_TO_MPINT(key->publicValue, &y);
+ SECITEM_TO_MPINT(key->params.base, &g);
+ SECITEM_TO_MPINT(key->publicValue, &y);
/*
** Convert received signature (r', s') into MPI integers.
*/
@@ -585,46 +588,46 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
*/
if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
mp_cmp(&r_, &q) >= 0 || mp_cmp(&s_, &q) >= 0) {
- /* err is zero here. */
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- goto cleanup; /* will return verified == SECFailure */
+ /* err is zero here. */
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ goto cleanup; /* will return verified == SECFailure */
}
/*
** FIPS 186-1, Section 6, Step 1
**
** w = (s')**-1 mod q
*/
- CHECK_MPI_OK( mp_invmod(&s_, &q, &w) ); /* w = (s')**-1 mod q */
+ CHECK_MPI_OK(mp_invmod(&s_, &q, &w)); /* w = (s')**-1 mod q */
/*
** FIPS 186-1, Section 6, Step 2
**
** u1 = ((Hash(M')) * w) mod q
*/
- SECITEM_TO_MPINT(localDigest, &u1); /* u1 = HASH(M') */
- CHECK_MPI_OK( mp_mulmod(&u1, &w, &q, &u1) ); /* u1 = u1 * w mod q */
+ SECITEM_TO_MPINT(localDigest, &u1); /* u1 = HASH(M') */
+ CHECK_MPI_OK(mp_mulmod(&u1, &w, &q, &u1)); /* u1 = u1 * w mod q */
/*
** FIPS 186-1, Section 6, Step 3
**
** u2 = ((r') * w) mod q
*/
- CHECK_MPI_OK( mp_mulmod(&r_, &w, &q, &u2) );
+ CHECK_MPI_OK(mp_mulmod(&r_, &w, &q, &u2));
/*
** FIPS 186-1, Section 6, Step 4
**
** v = ((g**u1 * y**u2) mod p) mod q
*/
- CHECK_MPI_OK( mp_exptmod(&g, &u1, &p, &g) ); /* g = g**u1 mod p */
- CHECK_MPI_OK( mp_exptmod(&y, &u2, &p, &y) ); /* y = y**u2 mod p */
- CHECK_MPI_OK( mp_mulmod(&g, &y, &p, &v) ); /* v = g * y mod p */
- CHECK_MPI_OK( mp_mod(&v, &q, &v) ); /* v = v mod q */
+ CHECK_MPI_OK(mp_exptmod(&g, &u1, &p, &g)); /* g = g**u1 mod p */
+ CHECK_MPI_OK(mp_exptmod(&y, &u2, &p, &y)); /* y = y**u2 mod p */
+ CHECK_MPI_OK(mp_mulmod(&g, &y, &p, &v)); /* v = g * y mod p */
+ CHECK_MPI_OK(mp_mod(&v, &q, &v)); /* v = v mod q */
/*
** Verification: v == r'
*/
if (mp_cmp(&v, &r_)) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- verified = SECFailure; /* Signature failed to verify. */
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ verified = SECFailure; /* Signature failed to verify. */
} else {
- verified = SECSuccess; /* Signature verified. */
+ verified = SECSuccess; /* Signature verified. */
}
cleanup:
mp_clear(&p);
@@ -638,7 +641,7 @@ cleanup:
mp_clear(&v);
mp_clear(&w);
if (err) {
- translate_mpi_error(err);
+ translate_mpi_error(err);
}
return verified;
}
diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c
index 18afce29c..ebe28aef5 100644
--- a/lib/freebl/ec.c
+++ b/lib/freebl/ec.c
@@ -6,7 +6,6 @@
#include "stubs.h"
#endif
-
#include "blapi.h"
#include "prerr.h"
#include "secerr.h"
@@ -18,7 +17,7 @@
#ifndef NSS_DISABLE_ECC
-/*
+/*
* Returns true if pointP is the point at infinity, false otherwise
*/
PRBool
@@ -27,19 +26,20 @@ ec_point_at_infinity(SECItem *pointP)
unsigned int i;
for (i = 1; i < pointP->len; i++) {
- if (pointP->data[i] != 0x00) return PR_FALSE;
+ if (pointP->data[i] != 0x00)
+ return PR_FALSE;
}
return PR_TRUE;
}
-/*
+/*
* Computes scalar point multiplication pointQ = k1 * G + k2 * pointP for
* the curve whose parameters are encoded in params with base point G.
*/
-SECStatus
+SECStatus
ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
- const SECItem *pointP, SECItem *pointQ)
+ const SECItem *pointP, SECItem *pointQ)
{
mp_int Px, Py, Qx, Qy;
mp_int Gx, Gy, order, irreducible, a, b;
@@ -53,96 +53,96 @@ ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
char mpstr[256];
printf("ec_points_mul: params [len=%d]:", params->DEREncoding.len);
- for (i = 0; i < params->DEREncoding.len; i++)
- printf("%02x:", params->DEREncoding.data[i]);
+ for (i = 0; i < params->DEREncoding.len; i++)
+ printf("%02x:", params->DEREncoding.data[i]);
printf("\n");
- if (k1 != NULL) {
- mp_tohex((mp_int*)k1, mpstr);
- printf("ec_points_mul: scalar k1: %s\n", mpstr);
- mp_todecimal((mp_int*)k1, mpstr);
- printf("ec_points_mul: scalar k1: %s (dec)\n", mpstr);
- }
-
- if (k2 != NULL) {
- mp_tohex((mp_int*)k2, mpstr);
- printf("ec_points_mul: scalar k2: %s\n", mpstr);
- mp_todecimal((mp_int*)k2, mpstr);
- printf("ec_points_mul: scalar k2: %s (dec)\n", mpstr);
- }
-
- if (pointP != NULL) {
- printf("ec_points_mul: pointP [len=%d]:", pointP->len);
- for (i = 0; i < pointP->len; i++)
- printf("%02x:", pointP->data[i]);
- printf("\n");
- }
+ if (k1 != NULL) {
+ mp_tohex((mp_int *)k1, mpstr);
+ printf("ec_points_mul: scalar k1: %s\n", mpstr);
+ mp_todecimal((mp_int *)k1, mpstr);
+ printf("ec_points_mul: scalar k1: %s (dec)\n", mpstr);
+ }
+
+ if (k2 != NULL) {
+ mp_tohex((mp_int *)k2, mpstr);
+ printf("ec_points_mul: scalar k2: %s\n", mpstr);
+ mp_todecimal((mp_int *)k2, mpstr);
+ printf("ec_points_mul: scalar k2: %s (dec)\n", mpstr);
+ }
+
+ if (pointP != NULL) {
+ printf("ec_points_mul: pointP [len=%d]:", pointP->len);
+ for (i = 0; i < pointP->len; i++)
+ printf("%02x:", pointP->data[i]);
+ printf("\n");
+ }
#endif
- /* NOTE: We only support uncompressed points for now */
- len = (params->fieldID.size + 7) >> 3;
- if (pointP != NULL) {
- if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
- (pointP->len != (2 * len + 1))) {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
- return SECFailure;
- };
- }
-
- MP_DIGITS(&Px) = 0;
- MP_DIGITS(&Py) = 0;
- MP_DIGITS(&Qx) = 0;
- MP_DIGITS(&Qy) = 0;
- MP_DIGITS(&Gx) = 0;
- MP_DIGITS(&Gy) = 0;
- MP_DIGITS(&order) = 0;
- MP_DIGITS(&irreducible) = 0;
- MP_DIGITS(&a) = 0;
- MP_DIGITS(&b) = 0;
- CHECK_MPI_OK( mp_init(&Px) );
- CHECK_MPI_OK( mp_init(&Py) );
- CHECK_MPI_OK( mp_init(&Qx) );
- CHECK_MPI_OK( mp_init(&Qy) );
- CHECK_MPI_OK( mp_init(&Gx) );
- CHECK_MPI_OK( mp_init(&Gy) );
- CHECK_MPI_OK( mp_init(&order) );
- CHECK_MPI_OK( mp_init(&irreducible) );
- CHECK_MPI_OK( mp_init(&a) );
- CHECK_MPI_OK( mp_init(&b) );
-
- if ((k2 != NULL) && (pointP != NULL)) {
- /* Initialize Px and Py */
- CHECK_MPI_OK( mp_read_unsigned_octets(&Px, pointP->data + 1, (mp_size) len) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&Py, pointP->data + 1 + len, (mp_size) len) );
- }
-
- /* construct from named params, if possible */
- if (params->name != ECCurve_noName) {
- group = ECGroup_fromName(params->name);
- }
-
- if (group == NULL)
- goto cleanup;
-
- if ((k2 != NULL) && (pointP != NULL)) {
- CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy) );
- } else {
- CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy) );
+ /* NOTE: We only support uncompressed points for now */
+ len = (params->fieldID.size + 7) >> 3;
+ if (pointP != NULL) {
+ if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
+ (pointP->len != (2 * len + 1))) {
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
+ return SECFailure;
+ };
+ }
+
+ MP_DIGITS(&Px) = 0;
+ MP_DIGITS(&Py) = 0;
+ MP_DIGITS(&Qx) = 0;
+ MP_DIGITS(&Qy) = 0;
+ MP_DIGITS(&Gx) = 0;
+ MP_DIGITS(&Gy) = 0;
+ MP_DIGITS(&order) = 0;
+ MP_DIGITS(&irreducible) = 0;
+ MP_DIGITS(&a) = 0;
+ MP_DIGITS(&b) = 0;
+ CHECK_MPI_OK(mp_init(&Px));
+ CHECK_MPI_OK(mp_init(&Py));
+ CHECK_MPI_OK(mp_init(&Qx));
+ CHECK_MPI_OK(mp_init(&Qy));
+ CHECK_MPI_OK(mp_init(&Gx));
+ CHECK_MPI_OK(mp_init(&Gy));
+ CHECK_MPI_OK(mp_init(&order));
+ CHECK_MPI_OK(mp_init(&irreducible));
+ CHECK_MPI_OK(mp_init(&a));
+ CHECK_MPI_OK(mp_init(&b));
+
+ if ((k2 != NULL) && (pointP != NULL)) {
+ /* Initialize Px and Py */
+ CHECK_MPI_OK(mp_read_unsigned_octets(&Px, pointP->data + 1, (mp_size)len));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&Py, pointP->data + 1 + len, (mp_size)len));
+ }
+
+ /* construct from named params, if possible */
+ if (params->name != ECCurve_noName) {
+ group = ECGroup_fromName(params->name);
+ }
+
+ if (group == NULL)
+ goto cleanup;
+
+ if ((k2 != NULL) && (pointP != NULL)) {
+ CHECK_MPI_OK(ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy));
+ } else {
+ CHECK_MPI_OK(ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy));
}
/* Construct the SECItem representation of point Q */
pointQ->data[0] = EC_POINT_FORM_UNCOMPRESSED;
- CHECK_MPI_OK( mp_to_fixlen_octets(&Qx, pointQ->data + 1,
- (mp_size) len) );
- CHECK_MPI_OK( mp_to_fixlen_octets(&Qy, pointQ->data + 1 + len,
- (mp_size) len) );
+ CHECK_MPI_OK(mp_to_fixlen_octets(&Qx, pointQ->data + 1,
+ (mp_size)len));
+ CHECK_MPI_OK(mp_to_fixlen_octets(&Qy, pointQ->data + 1 + len,
+ (mp_size)len));
rv = SECSuccess;
#if EC_DEBUG
printf("ec_points_mul: pointQ [len=%d]:", pointQ->len);
- for (i = 0; i < pointQ->len; i++)
- printf("%02x:", pointQ->data[i]);
+ for (i = 0; i < pointQ->len; i++)
+ printf("%02x:", pointQ->data[i]);
printf("\n");
#endif
@@ -159,8 +159,8 @@ cleanup:
mp_clear(&a);
mp_clear(&b);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
@@ -168,12 +168,12 @@ cleanup:
#endif /* NSS_DISABLE_ECC */
/* Generates a new EC key pair. The private key is a supplied
- * value and the public key is the result of performing a scalar
+ * value and the public key is the result of performing a scalar
* point multiplication of that value with the curve's base point.
*/
-SECStatus
-ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
- const unsigned char *privKeyBytes, int privKeyLen)
+SECStatus
+ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
+ const unsigned char *privKeyBytes, int privKeyLen)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_ECC
@@ -189,18 +189,18 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
MP_DIGITS(&k) = 0;
if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* Initialize an arena for the EC key. */
if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
- return SECFailure;
+ return SECFailure;
key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
if (!key) {
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
+ PORT_FreeArena(arena, PR_TRUE);
+ return SECFailure;
}
/* Set the version number (SEC 1 section C.4 says it should be 1) */
@@ -215,79 +215,79 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
key->ecParams.fieldID.size = ecParams->fieldID.size;
key->ecParams.fieldID.type = ecParams->fieldID.type;
if (ecParams->fieldID.type == ec_field_GFp) {
- CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime,
- &ecParams->fieldID.u.prime));
+ CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime,
+ &ecParams->fieldID.u.prime));
} else {
- CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.poly,
- &ecParams->fieldID.u.poly));
+ CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.poly,
+ &ecParams->fieldID.u.poly));
}
key->ecParams.fieldID.k1 = ecParams->fieldID.k1;
key->ecParams.fieldID.k2 = ecParams->fieldID.k2;
key->ecParams.fieldID.k3 = ecParams->fieldID.k3;
CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.a,
- &ecParams->curve.a));
+ &ecParams->curve.a));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.b,
- &ecParams->curve.b));
+ &ecParams->curve.b));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.seed,
- &ecParams->curve.seed));
+ &ecParams->curve.seed));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.base,
- &ecParams->base));
+ &ecParams->base));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.order,
- &ecParams->order));
+ &ecParams->order));
key->ecParams.cofactor = ecParams->cofactor;
CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.DEREncoding,
- &ecParams->DEREncoding));
+ &ecParams->DEREncoding));
key->ecParams.name = ecParams->name;
CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curveOID,
- &ecParams->curveOID));
+ &ecParams->curveOID));
len = (ecParams->fieldID.size + 7) >> 3;
- SECITEM_AllocItem(arena, &key->publicValue, 2*len + 1);
+ SECITEM_AllocItem(arena, &key->publicValue, 2 * len + 1);
len = ecParams->order.len;
SECITEM_AllocItem(arena, &key->privateValue, len);
/* Copy private key */
if (privKeyLen >= len) {
- memcpy(key->privateValue.data, privKeyBytes, len);
+ memcpy(key->privateValue.data, privKeyBytes, len);
} else {
- memset(key->privateValue.data, 0, (len - privKeyLen));
- memcpy(key->privateValue.data + (len - privKeyLen), privKeyBytes, privKeyLen);
+ memset(key->privateValue.data, 0, (len - privKeyLen));
+ memcpy(key->privateValue.data + (len - privKeyLen), privKeyBytes, privKeyLen);
}
/* Compute corresponding public key */
- CHECK_MPI_OK( mp_init(&k) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&k, key->privateValue.data,
- (mp_size) len) );
+ CHECK_MPI_OK(mp_init(&k));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&k, key->privateValue.data,
+ (mp_size)len));
rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue));
- if (rv != SECSuccess) goto cleanup;
+ if (rv != SECSuccess)
+ goto cleanup;
*privKey = key;
cleanup:
mp_clear(&k);
if (rv)
- PORT_FreeArena(arena, PR_TRUE);
+ PORT_FreeArena(arena, PR_TRUE);
#if EC_DEBUG
- printf("ec_NewKey returning %s\n",
- (rv == SECSuccess) ? "success" : "failure");
+ printf("ec_NewKey returning %s\n",
+ (rv == SECSuccess) ? "success" : "failure");
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_DISABLE_ECC */
return rv;
-
}
/* Generates a new EC key pair. The private key is a supplied
- * random value (in seed) and the public key is the result of
- * performing a scalar point multiplication of that value with
+ * random value (in seed) and the public key is the result of
+ * performing a scalar point multiplication of that value with
* the curve's base point.
*/
-SECStatus
-EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
- const unsigned char *seed, int seedlen)
+SECStatus
+EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
+ const unsigned char *seed, int seedlen)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_ECC
@@ -322,35 +322,36 @@ ec_GenerateRandomPrivateKey(const unsigned char *order, int len)
MP_DIGITS(&privKeyVal) = 0;
MP_DIGITS(&order_1) = 0;
MP_DIGITS(&one) = 0;
- CHECK_MPI_OK( mp_init(&privKeyVal) );
- CHECK_MPI_OK( mp_init(&order_1) );
- CHECK_MPI_OK( mp_init(&one) );
+ CHECK_MPI_OK(mp_init(&privKeyVal));
+ CHECK_MPI_OK(mp_init(&order_1));
+ CHECK_MPI_OK(mp_init(&one));
/* Generates 2*len random bytes using the global random bit generator
* (which implements Algorithm 1 of FIPS 186-2 Change Notice 1) then
* reduces modulo the group order.
*/
- if ((privKeyBytes = PORT_Alloc(2*len)) == NULL) goto cleanup;
- CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(privKeyBytes, 2*len) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2*len) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&order_1, order, len) );
- CHECK_MPI_OK( mp_set_int(&one, 1) );
- CHECK_MPI_OK( mp_sub(&order_1, &one, &order_1) );
- CHECK_MPI_OK( mp_mod(&privKeyVal, &order_1, &privKeyVal) );
- CHECK_MPI_OK( mp_add(&privKeyVal, &one, &privKeyVal) );
- CHECK_MPI_OK( mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len) );
- memset(privKeyBytes+len, 0, len);
+ if ((privKeyBytes = PORT_Alloc(2 * len)) == NULL)
+ goto cleanup;
+ CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(privKeyBytes, 2 * len));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2 * len));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&order_1, order, len));
+ CHECK_MPI_OK(mp_set_int(&one, 1));
+ CHECK_MPI_OK(mp_sub(&order_1, &one, &order_1));
+ CHECK_MPI_OK(mp_mod(&privKeyVal, &order_1, &privKeyVal));
+ CHECK_MPI_OK(mp_add(&privKeyVal, &one, &privKeyVal));
+ CHECK_MPI_OK(mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len));
+ memset(privKeyBytes + len, 0, len);
cleanup:
mp_clear(&privKeyVal);
mp_clear(&order_1);
mp_clear(&one);
if (err < MP_OKAY) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv != SECSuccess && privKeyBytes) {
- PORT_ZFree(privKeyBytes,2*len);
- privKeyBytes = NULL;
+ PORT_ZFree(privKeyBytes, 2 * len);
+ privKeyBytes = NULL;
}
return privKeyBytes;
}
@@ -360,7 +361,7 @@ cleanup:
* the public key is the result of performing a scalar point multiplication
* of that value with the curve's base point.
*/
-SECStatus
+SECStatus
EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
{
SECStatus rv = SECFailure;
@@ -369,38 +370,39 @@ EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
unsigned char *privKeyBytes = NULL;
if (!ecParams) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
len = ecParams->order.len;
privKeyBytes = ec_GenerateRandomPrivateKey(ecParams->order.data, len);
- if (privKeyBytes == NULL) goto cleanup;
+ if (privKeyBytes == NULL)
+ goto cleanup;
/* generate public key */
- CHECK_SEC_OK( ec_NewKey(ecParams, privKey, privKeyBytes, len) );
+ CHECK_SEC_OK(ec_NewKey(ecParams, privKey, privKeyBytes, len));
cleanup:
if (privKeyBytes) {
- PORT_ZFree(privKeyBytes, len);
+ PORT_ZFree(privKeyBytes, len);
}
#if EC_DEBUG
- printf("EC_NewKey returning %s\n",
- (rv == SECSuccess) ? "success" : "failure");
+ printf("EC_NewKey returning %s\n",
+ (rv == SECSuccess) ? "success" : "failure");
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_DISABLE_ECC */
-
+
return rv;
}
/* Validates an EC public key as described in Section 5.2.2 of
* X9.62. The ECDH primitive when used without the cofactor does
* not address small subgroup attacks, which may occur when the
- * public key is not valid. These attacks can be prevented by
+ * public key is not valid. These attacks can be prevented by
* validating the public key before using ECDH.
*/
-SECStatus
+SECStatus
EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
{
#ifndef NSS_DISABLE_ECC
@@ -411,58 +413,58 @@ EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
int len;
if (!ecParams || !publicValue) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
-
+
/* NOTE: We only support uncompressed points for now */
len = (ecParams->fieldID.size + 7) >> 3;
if (publicValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
+ return SECFailure;
} else if (publicValue->len != (2 * len + 1)) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
}
MP_DIGITS(&Px) = 0;
MP_DIGITS(&Py) = 0;
- CHECK_MPI_OK( mp_init(&Px) );
- CHECK_MPI_OK( mp_init(&Py) );
+ CHECK_MPI_OK(mp_init(&Px));
+ CHECK_MPI_OK(mp_init(&Py));
/* Initialize Px and Py */
- CHECK_MPI_OK( mp_read_unsigned_octets(&Px, publicValue->data + 1, (mp_size) len) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&Py, publicValue->data + 1 + len, (mp_size) len) );
+ CHECK_MPI_OK(mp_read_unsigned_octets(&Px, publicValue->data + 1, (mp_size)len));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&Py, publicValue->data + 1 + len, (mp_size)len));
/* construct from named params */
group = ECGroup_fromName(ecParams->name);
if (group == NULL) {
- /*
- * ECGroup_fromName fails if ecParams->name is not a valid
- * ECCurveName value, or if we run out of memory, or perhaps
- * for other reasons. Unfortunately if ecParams->name is a
- * valid ECCurveName value, we don't know what the right error
- * code should be because ECGroup_fromName doesn't return an
- * error code to the caller. Set err to MP_UNDEF because
- * that's what ECGroup_fromName uses internally.
- */
- if ((ecParams->name <= ECCurve_noName) ||
- (ecParams->name >= ECCurve_pastLastCurve)) {
- err = MP_BADARG;
- } else {
- err = MP_UNDEF;
- }
- goto cleanup;
+ /*
+ * ECGroup_fromName fails if ecParams->name is not a valid
+ * ECCurveName value, or if we run out of memory, or perhaps
+ * for other reasons. Unfortunately if ecParams->name is a
+ * valid ECCurveName value, we don't know what the right error
+ * code should be because ECGroup_fromName doesn't return an
+ * error code to the caller. Set err to MP_UNDEF because
+ * that's what ECGroup_fromName uses internally.
+ */
+ if ((ecParams->name <= ECCurve_noName) ||
+ (ecParams->name >= ECCurve_pastLastCurve)) {
+ err = MP_BADARG;
+ } else {
+ err = MP_UNDEF;
+ }
+ goto cleanup;
}
/* validate public point */
if ((err = ECPoint_validate(group, &Px, &Py)) < MP_YES) {
- if (err == MP_NO) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- rv = SECFailure;
- err = MP_OKAY; /* don't change the error code */
- }
- goto cleanup;
+ if (err == MP_NO) {
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ rv = SECFailure;
+ err = MP_OKAY; /* don't change the error code */
+ }
+ goto cleanup;
}
rv = SECSuccess;
@@ -472,8 +474,8 @@ cleanup:
mp_clear(&Px);
mp_clear(&Py);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
#else
@@ -482,7 +484,7 @@ cleanup:
#endif /* NSS_DISABLE_ECC */
}
-/*
+/*
** Performs an ECDH key derivation by computing the scalar point
** multiplication of privateValue and publicValue (with or without the
** cofactor) and returns the x-coordinate of the resulting elliptic
@@ -492,17 +494,17 @@ cleanup:
** produced. It is the caller's responsibility to free the allocated
** buffer containing the derived secret.
*/
-SECStatus
-ECDH_Derive(SECItem *publicValue,
+SECStatus
+ECDH_Derive(SECItem *publicValue,
ECParams *ecParams,
- SECItem *privateValue,
- PRBool withCofactor,
- SECItem *derivedSecret)
+ SECItem *privateValue,
+ PRBool withCofactor,
+ SECItem *derivedSecret)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_ECC
unsigned int len = 0;
- SECItem pointQ = {siBuffer, NULL, 0};
+ SECItem pointQ = { siBuffer, NULL, 0 };
mp_int k; /* to hold the private value */
mp_int cofactor;
mp_err err = MP_OKAY;
@@ -510,10 +512,10 @@ ECDH_Derive(SECItem *publicValue,
int i;
#endif
- if (!publicValue || !ecParams || !privateValue ||
- !derivedSecret) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ if (!publicValue || !ecParams || !privateValue ||
+ !derivedSecret) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/*
@@ -521,34 +523,35 @@ ECDH_Derive(SECItem *publicValue,
* this produces predictable results.
*/
if (ec_point_at_infinity(publicValue)) {
- PORT_SetError(SEC_ERROR_BAD_KEY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_BAD_KEY);
+ return SECFailure;
}
MP_DIGITS(&k) = 0;
memset(derivedSecret, 0, sizeof *derivedSecret);
- len = (ecParams->fieldID.size + 7) >> 3;
- pointQ.len = 2*len + 1;
- if ((pointQ.data = PORT_Alloc(2*len + 1)) == NULL) goto cleanup;
+ len = (ecParams->fieldID.size + 7) >> 3;
+ pointQ.len = 2 * len + 1;
+ if ((pointQ.data = PORT_Alloc(2 * len + 1)) == NULL)
+ goto cleanup;
- CHECK_MPI_OK( mp_init(&k) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&k, privateValue->data,
- (mp_size) privateValue->len) );
+ CHECK_MPI_OK(mp_init(&k));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&k, privateValue->data,
+ (mp_size)privateValue->len));
if (withCofactor && (ecParams->cofactor != 1)) {
- /* multiply k with the cofactor */
- MP_DIGITS(&cofactor) = 0;
- CHECK_MPI_OK( mp_init(&cofactor) );
- mp_set(&cofactor, ecParams->cofactor);
- CHECK_MPI_OK( mp_mul(&k, &cofactor, &k) );
+ /* multiply k with the cofactor */
+ MP_DIGITS(&cofactor) = 0;
+ CHECK_MPI_OK(mp_init(&cofactor));
+ mp_set(&cofactor, ecParams->cofactor);
+ CHECK_MPI_OK(mp_mul(&k, &cofactor, &k));
}
/* Multiply our private key and peer's public point */
if (ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess)
- goto cleanup;
+ goto cleanup;
if (ec_point_at_infinity(&pointQ)) {
- PORT_SetError(SEC_ERROR_BAD_KEY); /* XXX better error code? */
- goto cleanup;
+ PORT_SetError(SEC_ERROR_BAD_KEY); /* XXX better error code? */
+ goto cleanup;
}
/* Allocate memory for the derived secret and copy
@@ -561,8 +564,8 @@ ECDH_Derive(SECItem *publicValue,
#if EC_DEBUG
printf("derived_secret:\n");
- for (i = 0; i < derivedSecret->len; i++)
- printf("%02x:", derivedSecret->data[i]);
+ for (i = 0; i < derivedSecret->len; i++)
+ printf("%02x:", derivedSecret->data[i]);
printf("\n");
#endif
@@ -570,11 +573,11 @@ cleanup:
mp_clear(&k);
if (err) {
- MP_TO_SEC_ERROR(err);
+ MP_TO_SEC_ERROR(err);
}
if (pointQ.data) {
- PORT_ZFree(pointQ.data, 2*len + 1);
+ PORT_ZFree(pointQ.data, 2 * len + 1);
}
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
@@ -587,23 +590,23 @@ cleanup:
* on the digest using the given key and the random value kb (used in
* computing s).
*/
-SECStatus
-ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
- const SECItem *digest, const unsigned char *kb, const int kblen)
+SECStatus
+ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
+ const SECItem *digest, const unsigned char *kb, const int kblen)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_ECC
mp_int x1;
- mp_int d, k; /* private key, random integer */
- mp_int r, s; /* tuple (r, s) is the signature */
- mp_int t; /* holding tmp values */
+ mp_int d, k; /* private key, random integer */
+ mp_int r, s; /* tuple (r, s) is the signature */
+ mp_int t; /* holding tmp values */
mp_int n;
mp_err err = MP_OKAY;
ECParams *ecParams = NULL;
- SECItem kGpoint = { siBuffer, NULL, 0};
- int flen = 0; /* length in bytes of the field size */
- unsigned olen; /* length in bytes of the base point order */
- unsigned obits; /* length in bits of the base point order */
+ SECItem kGpoint = { siBuffer, NULL, 0 };
+ int flen = 0; /* length in bytes of the field size */
+ unsigned olen; /* length in bytes of the base point order */
+ unsigned obits; /* length in bits of the base point order */
unsigned char *t2 = NULL;
#if EC_DEBUG
@@ -622,46 +625,45 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
/* Check args */
if (!key || !signature || !digest || !kb || (kblen < 0)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto cleanup;
}
ecParams = &(key->ecParams);
flen = (ecParams->fieldID.size + 7) >> 3;
- olen = ecParams->order.len;
+ olen = ecParams->order.len;
if (signature->data == NULL) {
- /* a call to get the signature length only */
- goto finish;
+ /* a call to get the signature length only */
+ goto finish;
}
- if (signature->len < 2*olen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- goto cleanup;
+ if (signature->len < 2 * olen) {
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ goto cleanup;
}
+ CHECK_MPI_OK(mp_init(&x1));
+ CHECK_MPI_OK(mp_init(&d));
+ CHECK_MPI_OK(mp_init(&k));
+ CHECK_MPI_OK(mp_init(&r));
+ CHECK_MPI_OK(mp_init(&s));
+ CHECK_MPI_OK(mp_init(&n));
+ CHECK_MPI_OK(mp_init(&t));
- CHECK_MPI_OK( mp_init(&x1) );
- CHECK_MPI_OK( mp_init(&d) );
- CHECK_MPI_OK( mp_init(&k) );
- CHECK_MPI_OK( mp_init(&r) );
- CHECK_MPI_OK( mp_init(&s) );
- CHECK_MPI_OK( mp_init(&n) );
- CHECK_MPI_OK( mp_init(&t) );
-
- SECITEM_TO_MPINT( ecParams->order, &n );
- SECITEM_TO_MPINT( key->privateValue, &d );
+ SECITEM_TO_MPINT(ecParams->order, &n);
+ SECITEM_TO_MPINT(key->privateValue, &d);
- CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, kblen) );
+ CHECK_MPI_OK(mp_read_unsigned_octets(&k, kb, kblen));
/* Make sure k is in the interval [1, n-1] */
if ((mp_cmp_z(&k) <= 0) || (mp_cmp(&k, &n) >= 0)) {
#if EC_DEBUG
printf("k is outside [1, n-1]\n");
mp_tohex(&k, mpstr);
- printf("k : %s \n", mpstr);
+ printf("k : %s \n", mpstr);
mp_tohex(&n, mpstr);
- printf("n : %s \n", mpstr);
+ printf("n : %s \n", mpstr);
#endif
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ goto cleanup;
}
/*
@@ -680,61 +682,60 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
** final value has exactly one more bit than n. Thus, we
** always end up with a value that exactly one more bit than n.
*/
- CHECK_MPI_OK( mp_add(&k, &n, &k) );
+ CHECK_MPI_OK(mp_add(&k, &n, &k));
if (mpl_significant_bits(&k) <= mpl_significant_bits(&n)) {
- CHECK_MPI_OK( mp_add(&k, &n, &k) );
+ CHECK_MPI_OK(mp_add(&k, &n, &k));
}
- /*
+ /*
** ANSI X9.62, Section 5.3.2, Step 2
**
** Compute kG
*/
- kGpoint.len = 2*flen + 1;
- kGpoint.data = PORT_Alloc(2*flen + 1);
+ kGpoint.len = 2 * flen + 1;
+ kGpoint.data = PORT_Alloc(2 * flen + 1);
if ((kGpoint.data == NULL) ||
- (ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint)
- != SECSuccess))
- goto cleanup;
+ (ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint) != SECSuccess))
+ goto cleanup;
- /*
+ /*
** ANSI X9.62, Section 5.3.3, Step 1
**
** Extract the x co-ordinate of kG into x1
*/
- CHECK_MPI_OK( mp_read_unsigned_octets(&x1, kGpoint.data + 1,
- (mp_size) flen) );
+ CHECK_MPI_OK(mp_read_unsigned_octets(&x1, kGpoint.data + 1,
+ (mp_size)flen));
- /*
+ /*
** ANSI X9.62, Section 5.3.3, Step 2
**
** r = x1 mod n NOTE: n is the order of the curve
*/
- CHECK_MPI_OK( mp_mod(&x1, &n, &r) );
+ CHECK_MPI_OK(mp_mod(&x1, &n, &r));
/*
** ANSI X9.62, Section 5.3.3, Step 3
**
- ** verify r != 0
+ ** verify r != 0
*/
if (mp_cmp_z(&r) == 0) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ goto cleanup;
}
- /*
+ /*
** ANSI X9.62, Section 5.3.3, Step 4
**
- ** s = (k**-1 * (HASH(M) + d*r)) mod n
+ ** s = (k**-1 * (HASH(M) + d*r)) mod n
*/
- SECITEM_TO_MPINT(*digest, &s); /* s = HASH(M) */
+ SECITEM_TO_MPINT(*digest, &s); /* s = HASH(M) */
/* In the definition of EC signing, digests are truncated
- * to the length of n in bits.
+ * to the length of n in bits.
* (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
- CHECK_MPI_OK( (obits = mpl_significant_bits(&n)) );
- if (digest->len*8 > obits) {
- mpl_rsh(&s,&s,digest->len*8 - obits);
+ CHECK_MPI_OK((obits = mpl_significant_bits(&n)));
+ if (digest->len * 8 > obits) {
+ mpl_rsh(&s, &s, digest->len * 8 - obits);
}
#if EC_DEBUG
@@ -752,22 +753,22 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
printf("r : %s\n", mpstr);
#endif
- if ((t2 = PORT_Alloc(2*ecParams->order.len)) == NULL) {
+ if ((t2 = PORT_Alloc(2 * ecParams->order.len)) == NULL) {
rv = SECFailure;
goto cleanup;
}
- if (RNG_GenerateGlobalRandomBytes(t2, 2*ecParams->order.len) != SECSuccess) {
+ if (RNG_GenerateGlobalRandomBytes(t2, 2 * ecParams->order.len) != SECSuccess) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
rv = SECFailure;
goto cleanup;
}
- CHECK_MPI_OK( mp_read_unsigned_octets(&t, t2, 2*ecParams->order.len) ); /* t <-$ Zn */
- CHECK_MPI_OK( mp_mulmod(&k, &t, &n, &k) ); /* k = k * t mod n */
- CHECK_MPI_OK( mp_invmod(&k, &n, &k) ); /* k = k**-1 mod n */
- CHECK_MPI_OK( mp_mulmod(&k, &t, &n, &k) ); /* k = k * t mod n */
- CHECK_MPI_OK( mp_mulmod(&d, &r, &n, &d) ); /* d = d * r mod n */
- CHECK_MPI_OK( mp_addmod(&s, &d, &n, &s) ); /* s = s + d mod n */
- CHECK_MPI_OK( mp_mulmod(&s, &k, &n, &s) ); /* s = s * k mod n */
+ CHECK_MPI_OK(mp_read_unsigned_octets(&t, t2, 2 * ecParams->order.len)); /* t <-$ Zn */
+ CHECK_MPI_OK(mp_mulmod(&k, &t, &n, &k)); /* k = k * t mod n */
+ CHECK_MPI_OK(mp_invmod(&k, &n, &k)); /* k = k**-1 mod n */
+ CHECK_MPI_OK(mp_mulmod(&k, &t, &n, &k)); /* k = k * t mod n */
+ CHECK_MPI_OK(mp_mulmod(&d, &r, &n, &d)); /* d = d * r mod n */
+ CHECK_MPI_OK(mp_addmod(&s, &d, &n, &s)); /* s = s + d mod n */
+ CHECK_MPI_OK(mp_mulmod(&s, &k, &n, &s)); /* s = s * k mod n */
#if EC_DEBUG
mp_todecimal(&s, mpstr);
@@ -782,18 +783,18 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
** verify s != 0
*/
if (mp_cmp_z(&s) == 0) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ goto cleanup;
}
- /*
+ /*
**
** Signature is tuple (r, s)
*/
- CHECK_MPI_OK( mp_to_fixlen_octets(&r, signature->data, olen) );
- CHECK_MPI_OK( mp_to_fixlen_octets(&s, signature->data + olen, olen) );
+ CHECK_MPI_OK(mp_to_fixlen_octets(&r, signature->data, olen));
+ CHECK_MPI_OK(mp_to_fixlen_octets(&s, signature->data + olen, olen));
finish:
- signature->len = 2*olen;
+ signature->len = 2 * olen;
rv = SECSuccess;
err = MP_OKAY;
@@ -811,58 +812,59 @@ cleanup:
}
if (kGpoint.data) {
- PORT_ZFree(kGpoint.data, 2*flen + 1);
+ PORT_ZFree(kGpoint.data, 2 * flen + 1);
}
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
#if EC_DEBUG
printf("ECDSA signing with seed %s\n",
- (rv == SECSuccess) ? "succeeded" : "failed");
+ (rv == SECSuccess) ? "succeeded" : "failed");
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
#endif /* NSS_DISABLE_ECC */
- return rv;
+ return rv;
}
/*
-** Computes the ECDSA signature on the digest using the given key
+** Computes the ECDSA signature on the digest using the given key
** and a random seed.
*/
-SECStatus
+SECStatus
ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_ECC
int len;
- unsigned char *kBytes= NULL;
+ unsigned char *kBytes = NULL;
if (!key) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* Generate random value k */
len = key->ecParams.order.len;
kBytes = ec_GenerateRandomPrivateKey(key->ecParams.order.data, len);
- if (kBytes == NULL) goto cleanup;
+ if (kBytes == NULL)
+ goto cleanup;
/* Generate ECDSA signature with the specified k value */
rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len);
-cleanup:
+cleanup:
if (kBytes) {
- PORT_ZFree(kBytes, len);
+ PORT_ZFree(kBytes, len);
}
#if EC_DEBUG
printf("ECDSA signing %s\n",
- (rv == SECSuccess) ? "succeeded" : "failed");
+ (rv == SECSuccess) ? "succeeded" : "failed");
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
@@ -879,14 +881,14 @@ cleanup:
** of this function is undefined. In cases where a public key might
** not be valid, use EC_ValidatePublicKey to check.
*/
-SECStatus
-ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
- const SECItem *digest)
+SECStatus
+ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
+ const SECItem *digest)
{
SECStatus rv = SECFailure;
#ifndef NSS_DISABLE_ECC
- mp_int r_, s_; /* tuple (r', s') is received signature) */
- mp_int c, u1, u2, v; /* intermediate values used in verification */
+ mp_int r_, s_; /* tuple (r', s') is received signature) */
+ mp_int c, u1, u2, v; /* intermediate values used in verification */
mp_int x1;
mp_int n;
mp_err err = MP_OKAY;
@@ -910,45 +912,45 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
MP_DIGITS(&u1) = 0;
MP_DIGITS(&u2) = 0;
MP_DIGITS(&x1) = 0;
- MP_DIGITS(&v) = 0;
- MP_DIGITS(&n) = 0;
+ MP_DIGITS(&v) = 0;
+ MP_DIGITS(&n) = 0;
/* Check args */
if (!key || !signature || !digest) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto cleanup;
}
ecParams = &(key->ecParams);
- flen = (ecParams->fieldID.size + 7) >> 3;
- olen = ecParams->order.len;
- if (signature->len == 0 || signature->len%2 != 0 ||
- signature->len > 2*olen) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- goto cleanup;
+ flen = (ecParams->fieldID.size + 7) >> 3;
+ olen = ecParams->order.len;
+ if (signature->len == 0 || signature->len % 2 != 0 ||
+ signature->len > 2 * olen) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ goto cleanup;
}
- slen = signature->len/2;
+ slen = signature->len / 2;
- SECITEM_AllocItem(NULL, &pointC, 2*flen + 1);
+ SECITEM_AllocItem(NULL, &pointC, 2 * flen + 1);
if (pointC.data == NULL)
- goto cleanup;
+ goto cleanup;
- CHECK_MPI_OK( mp_init(&r_) );
- CHECK_MPI_OK( mp_init(&s_) );
- CHECK_MPI_OK( mp_init(&c) );
- CHECK_MPI_OK( mp_init(&u1) );
- CHECK_MPI_OK( mp_init(&u2) );
- CHECK_MPI_OK( mp_init(&x1) );
- CHECK_MPI_OK( mp_init(&v) );
- CHECK_MPI_OK( mp_init(&n) );
+ CHECK_MPI_OK(mp_init(&r_));
+ CHECK_MPI_OK(mp_init(&s_));
+ CHECK_MPI_OK(mp_init(&c));
+ CHECK_MPI_OK(mp_init(&u1));
+ CHECK_MPI_OK(mp_init(&u2));
+ CHECK_MPI_OK(mp_init(&x1));
+ CHECK_MPI_OK(mp_init(&v));
+ CHECK_MPI_OK(mp_init(&n));
/*
** Convert received signature (r', s') into MPI integers.
*/
- CHECK_MPI_OK( mp_read_unsigned_octets(&r_, signature->data, slen) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&s_, signature->data + slen, slen) );
-
- /*
+ CHECK_MPI_OK(mp_read_unsigned_octets(&r_, signature->data, slen));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&s_, signature->data + slen, slen));
+
+ /*
** ANSI X9.62, Section 5.4.2, Steps 1 and 2
**
** Verify that 0 < r' < n and 0 < s' < n
@@ -956,8 +958,8 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
SECITEM_TO_MPINT(ecParams->order, &n);
if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
mp_cmp(&r_, &n) >= 0 || mp_cmp(&s_, &n) >= 0) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- goto cleanup; /* will return rv == SECFailure */
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ goto cleanup; /* will return rv == SECFailure */
}
/*
@@ -965,21 +967,21 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
**
** c = (s')**-1 mod n
*/
- CHECK_MPI_OK( mp_invmod(&s_, &n, &c) ); /* c = (s')**-1 mod n */
+ CHECK_MPI_OK(mp_invmod(&s_, &n, &c)); /* c = (s')**-1 mod n */
/*
** ANSI X9.62, Section 5.4.2, Step 4
**
** u1 = ((HASH(M')) * c) mod n
*/
- SECITEM_TO_MPINT(*digest, &u1); /* u1 = HASH(M) */
+ SECITEM_TO_MPINT(*digest, &u1); /* u1 = HASH(M) */
/* In the definition of EC signing, digests are truncated
- * to the length of n in bits.
+ * to the length of n in bits.
* (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
- CHECK_MPI_OK( (obits = mpl_significant_bits(&n)) );
- if (digest->len*8 > obits) { /* u1 = HASH(M') */
- mpl_rsh(&u1,&u1,digest->len*8 - obits);
+ CHECK_MPI_OK((obits = mpl_significant_bits(&n)));
+ if (digest->len * 8 > obits) { /* u1 = HASH(M') */
+ mpl_rsh(&u1, &u1, digest->len * 8 - obits);
}
#if EC_DEBUG
@@ -993,14 +995,14 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
printf("digest: %s (dec)\n", mpstr);
#endif
- CHECK_MPI_OK( mp_mulmod(&u1, &c, &n, &u1) ); /* u1 = u1 * c mod n */
+ CHECK_MPI_OK(mp_mulmod(&u1, &c, &n, &u1)); /* u1 = u1 * c mod n */
/*
** ANSI X9.62, Section 5.4.2, Step 4
**
** u2 = ((r') * c) mod n
*/
- CHECK_MPI_OK( mp_mulmod(&r_, &c, &n, &u2) );
+ CHECK_MPI_OK(mp_mulmod(&r_, &c, &n, &u2));
/*
** ANSI X9.62, Section 5.4.3, Step 1
@@ -1009,25 +1011,24 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
** Here, A = u1.G B = u2.Q and C = A + B
** If the result, C, is the point at infinity, reject the signature
*/
- if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC)
- != SECSuccess) {
- rv = SECFailure;
- goto cleanup;
+ if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC) != SECSuccess) {
+ rv = SECFailure;
+ goto cleanup;
}
if (ec_point_at_infinity(&pointC)) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- rv = SECFailure;
- goto cleanup;
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ rv = SECFailure;
+ goto cleanup;
}
- CHECK_MPI_OK( mp_read_unsigned_octets(&x1, pointC.data + 1, flen) );
+ CHECK_MPI_OK(mp_read_unsigned_octets(&x1, pointC.data + 1, flen));
/*
** ANSI X9.62, Section 5.4.4, Step 2
**
** v = x1 mod n
*/
- CHECK_MPI_OK( mp_mod(&x1, &n, &v) );
+ CHECK_MPI_OK(mp_mod(&x1, &n, &v));
#if EC_DEBUG
mp_todecimal(&r_, mpstr);
@@ -1042,10 +1043,10 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
** Verification: v == r'
*/
if (mp_cmp(&v, &r_)) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- rv = SECFailure; /* Signature failed to verify. */
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ rv = SECFailure; /* Signature failed to verify. */
} else {
- rv = SECSuccess; /* Signature verified. */
+ rv = SECSuccess; /* Signature verified. */
}
#if EC_DEBUG
@@ -1069,15 +1070,16 @@ cleanup:
mp_clear(&v);
mp_clear(&n);
- if (pointC.data) SECITEM_ZfreeItem(&pointC, PR_FALSE);
+ if (pointC.data)
+ SECITEM_ZfreeItem(&pointC, PR_FALSE);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
#if EC_DEBUG
printf("ECDSA verification %s\n",
- (rv == SECSuccess) ? "succeeded" : "failed");
+ (rv == SECSuccess) ? "succeeded" : "failed");
#endif
#else
PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
@@ -1085,4 +1087,3 @@ cleanup:
return rv;
}
-
diff --git a/lib/freebl/ec.h b/lib/freebl/ec.h
index 5a694d3ed..546d6fe21 100644
--- a/lib/freebl/ec.h
+++ b/lib/freebl/ec.h
@@ -5,9 +5,9 @@
#ifndef __ec_h_
#define __ec_h_
-#define EC_DEBUG 0
+#define EC_DEBUG 0
-#define ANSI_X962_CURVE_OID_TOTAL_LEN 10
-#define SECG_CURVE_OID_TOTAL_LEN 7
+#define ANSI_X962_CURVE_OID_TOTAL_LEN 10
+#define SECG_CURVE_OID_TOTAL_LEN 7
#endif /* __ec_h_ */
diff --git a/lib/freebl/ecdecode.c b/lib/freebl/ecdecode.c
index f6c427a23..a06958291 100644
--- a/lib/freebl/ecdecode.c
+++ b/lib/freebl/ecdecode.c
@@ -15,8 +15,12 @@
#include "ec.h"
#include "ecl-curve.h"
-#define CHECK_OK(func) if (func == NULL) goto cleanup
-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+#define CHECK_OK(func) \
+ if (func == NULL) \
+ goto cleanup
+#define CHECK_SEC_OK(func) \
+ if (SECSuccess != (rv = func)) \
+ goto cleanup
/*
* Initializes a SECItem from a hexadecimal string
@@ -31,34 +35,36 @@ hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
int byteval = 0;
int tmp = PORT_Strlen(str);
- if ((tmp % 2) != 0) return NULL;
-
+ if ((tmp % 2) != 0)
+ return NULL;
+
/* skip leading 00's unless the hex string is "00" */
while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) {
str += 2;
tmp -= 2;
}
- item->data = (unsigned char *) PORT_ArenaAlloc(arena, tmp/2);
- if (item->data == NULL) return NULL;
- item->len = tmp/2;
+ item->data = (unsigned char *)PORT_ArenaAlloc(arena, tmp / 2);
+ if (item->data == NULL)
+ return NULL;
+ item->len = tmp / 2;
while (str[i]) {
if ((str[i] >= '0') && (str[i] <= '9'))
- tmp = str[i] - '0';
- else if ((str[i] >= 'a') && (str[i] <= 'f'))
- tmp = str[i] - 'a' + 10;
- else if ((str[i] >= 'A') && (str[i] <= 'F'))
- tmp = str[i] - 'A' + 10;
- else
- return NULL;
-
- byteval = byteval * 16 + tmp;
- if ((i % 2) != 0) {
- item->data[i/2] = byteval;
- byteval = 0;
- }
- i++;
+ tmp = str[i] - '0';
+ else if ((str[i] >= 'a') && (str[i] <= 'f'))
+ tmp = str[i] - 'a' + 10;
+ else if ((str[i] >= 'A') && (str[i] <= 'F'))
+ tmp = str[i] - 'A' + 10;
+ else
+ return NULL;
+
+ byteval = byteval * 16 + tmp;
+ if ((i % 2) != 0) {
+ item->data[i / 2] = byteval;
+ byteval = 0;
+ }
+ i++;
}
return item;
@@ -68,7 +74,7 @@ hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
*/
SECStatus
EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
- const ECParams *srcParams)
+ const ECParams *srcParams)
{
SECStatus rv = SECFailure;
@@ -77,30 +83,30 @@ EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
dstParams->fieldID.size = srcParams->fieldID.size;
dstParams->fieldID.type = srcParams->fieldID.type;
if (srcParams->fieldID.type == ec_field_GFp) {
- CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
- &srcParams->fieldID.u.prime));
+ CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
+ &srcParams->fieldID.u.prime));
} else {
- CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
- &srcParams->fieldID.u.poly));
+ CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
+ &srcParams->fieldID.u.poly));
}
dstParams->fieldID.k1 = srcParams->fieldID.k1;
dstParams->fieldID.k2 = srcParams->fieldID.k2;
dstParams->fieldID.k3 = srcParams->fieldID.k3;
CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
- &srcParams->curve.a));
+ &srcParams->curve.a));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
- &srcParams->curve.b));
+ &srcParams->curve.b));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
- &srcParams->curve.seed));
+ &srcParams->curve.seed));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
- &srcParams->base));
+ &srcParams->base));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
- &srcParams->order));
+ &srcParams->order));
CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
- &srcParams->DEREncoding));
- dstParams->name = srcParams->name;
+ &srcParams->DEREncoding));
+ dstParams->name = srcParams->name;
CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
- &srcParams->curveOID));
+ &srcParams->curveOID));
dstParams->cofactor = srcParams->cofactor;
return SECSuccess;
@@ -117,31 +123,32 @@ gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params)
/* 2 ['0'+'4'] + MAX_ECKEY_LEN * 2 [x,y] * 2 [hex string] + 1 ['\0'] */
char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
- if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve)) goto cleanup;
+ if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve))
+ goto cleanup;
params->name = name;
curveParams = ecCurve_map[params->name];
CHECK_OK(curveParams);
params->fieldID.size = curveParams->size;
params->fieldID.type = field_type;
if (field_type == ec_field_GFp) {
- CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime,
- curveParams->irr));
+ CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime,
+ curveParams->irr));
} else {
- CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly,
- curveParams->irr));
+ CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly,
+ curveParams->irr));
}
- CHECK_OK(hexString2SECItem(params->arena, &params->curve.a,
- curveParams->curvea));
- CHECK_OK(hexString2SECItem(params->arena, &params->curve.b,
- curveParams->curveb));
+ CHECK_OK(hexString2SECItem(params->arena, &params->curve.a,
+ curveParams->curvea));
+ CHECK_OK(hexString2SECItem(params->arena, &params->curve.b,
+ curveParams->curveb));
genenc[0] = '0';
genenc[1] = '4';
genenc[2] = '\0';
strcat(genenc, curveParams->genx);
strcat(genenc, curveParams->geny);
CHECK_OK(hexString2SECItem(params->arena, &params->base, genenc));
- CHECK_OK(hexString2SECItem(params->arena, &params->order,
- curveParams->order));
+ CHECK_OK(hexString2SECItem(params->arena, &params->order,
+ curveParams->order));
params->cofactor = curveParams->cofactor;
rv = SECSuccess;
@@ -152,34 +159,34 @@ cleanup:
SECStatus
EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
- ECParams *params)
+ ECParams *params)
{
SECStatus rv = SECFailure;
SECOidTag tag;
- SECItem oid = { siBuffer, NULL, 0};
+ SECItem oid = { siBuffer, NULL, 0 };
#if EC_DEBUG
int i;
printf("Encoded params in EC_DecodeParams: ");
for (i = 0; i < encodedParams->len; i++) {
- printf("%02x:", encodedParams->data[i]);
+ printf("%02x:", encodedParams->data[i]);
}
printf("\n");
#endif
if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
- (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return SECFailure;
+ (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN)) {
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ return SECFailure;
};
oid.len = encodedParams->len - 2;
oid.data = encodedParams->data + 2;
if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
- ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
- return SECFailure;
+ ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) {
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ return SECFailure;
}
params->arena = arena;
@@ -189,8 +196,9 @@ EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
/* Fill out curveOID */
params->curveOID.len = oid.len;
- params->curveOID.data = (unsigned char *) PORT_ArenaAlloc(arena, oid.len);
- if (params->curveOID.data == NULL) goto cleanup;
+ params->curveOID.data = (unsigned char *)PORT_ArenaAlloc(arena, oid.len);
+ if (params->curveOID.data == NULL)
+ goto cleanup;
memcpy(params->curveOID.data, oid.data, oid.len);
#if EC_DEBUG
@@ -199,373 +207,373 @@ EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
switch (tag) {
- /* Binary curves */
-
- case SEC_OID_ANSIX962_EC_C2PNB163V1:
- /* Populate params for c2pnb163v1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2PNB163V2:
- /* Populate params for c2pnb163v2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2PNB163V3:
- /* Populate params for c2pnb163v3 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2PNB176V1:
- /* Populate params for c2pnb176v1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB191V1:
- /* Populate params for c2tnb191v1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB191V2:
- /* Populate params for c2tnb191v2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB191V3:
- /* Populate params for c2tnb191v3 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2PNB208W1:
- /* Populate params for c2pnb208w1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB239V1:
- /* Populate params for c2tnb239v1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB239V2:
- /* Populate params for c2tnb239v2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB239V3:
- /* Populate params for c2tnb239v3 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2PNB272W1:
- /* Populate params for c2pnb272w1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2PNB304W1:
- /* Populate params for c2pnb304w1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB359V1:
- /* Populate params for c2tnb359v1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2PNB368W1:
- /* Populate params for c2pnb368w1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_C2TNB431R1:
- /* Populate params for c2tnb431r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT113R1:
- /* Populate params for sect113r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT113R2:
- /* Populate params for sect113r2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT131R1:
- /* Populate params for sect131r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT131R2:
- /* Populate params for sect131r2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT163K1:
- /* Populate params for sect163k1
- * (the NIST K-163 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT163R1:
- /* Populate params for sect163r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT163R2:
- /* Populate params for sect163r2
- * (the NIST B-163 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT193R1:
- /* Populate params for sect193r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT193R2:
- /* Populate params for sect193r2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT233K1:
- /* Populate params for sect233k1
- * (the NIST K-233 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT233R1:
- /* Populate params for sect233r1
- * (the NIST B-233 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT239K1:
- /* Populate params for sect239k1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT283K1:
- /* Populate params for sect283k1
- * (the NIST K-283 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT283R1:
- /* Populate params for sect283r1
- * (the NIST B-283 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT409K1:
- /* Populate params for sect409k1
- * (the NIST K-409 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT409R1:
- /* Populate params for sect409r1
- * (the NIST B-409 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT571K1:
- /* Populate params for sect571k1
- * (the NIST K-571 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECT571R1:
- /* Populate params for sect571r1
- * (the NIST B-571 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m,
- params) );
- break;
-
- /* Prime curves */
-
- case SEC_OID_ANSIX962_EC_PRIME192V1:
- /* Populate params for prime192v1 aka secp192r1
- * (the NIST P-192 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_PRIME192V2:
- /* Populate params for prime192v2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_PRIME192V3:
- /* Populate params for prime192v3 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_PRIME239V1:
- /* Populate params for prime239v1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_PRIME239V2:
- /* Populate params for prime239v2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_PRIME239V3:
- /* Populate params for prime239v3 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_ANSIX962_EC_PRIME256V1:
- /* Populate params for prime256v1 aka secp256r1
- * (the NIST P-256 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP112R1:
- /* Populate params for secp112r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP112R2:
- /* Populate params for secp112r2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP128R1:
- /* Populate params for secp128r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP128R2:
- /* Populate params for secp128r2 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP160K1:
- /* Populate params for secp160k1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP160R1:
- /* Populate params for secp160r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP160R2:
- /* Populate params for secp160r1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP192K1:
- /* Populate params for secp192k1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP224K1:
- /* Populate params for secp224k1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP224R1:
- /* Populate params for secp224r1
- * (the NIST P-224 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP256K1:
- /* Populate params for secp256k1 */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP384R1:
- /* Populate params for secp384r1
- * (the NIST P-384 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
- params) );
- break;
-
- case SEC_OID_SECG_EC_SECP521R1:
- /* Populate params for secp521r1
- * (the NIST P-521 curve)
- */
- CHECK_SEC_OK( gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
- params) );
- break;
-
- default:
- break;
+ /* Binary curves */
+
+ case SEC_OID_ANSIX962_EC_C2PNB163V1:
+ /* Populate params for c2pnb163v1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2PNB163V2:
+ /* Populate params for c2pnb163v2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V2, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2PNB163V3:
+ /* Populate params for c2pnb163v3 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB163V3, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2PNB176V1:
+ /* Populate params for c2pnb176v1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB176V1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB191V1:
+ /* Populate params for c2tnb191v1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB191V2:
+ /* Populate params for c2tnb191v2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V2, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB191V3:
+ /* Populate params for c2tnb191v3 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB191V3, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2PNB208W1:
+ /* Populate params for c2pnb208w1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB208W1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB239V1:
+ /* Populate params for c2tnb239v1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB239V2:
+ /* Populate params for c2tnb239v2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V2, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB239V3:
+ /* Populate params for c2tnb239v3 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB239V3, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2PNB272W1:
+ /* Populate params for c2pnb272w1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB272W1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2PNB304W1:
+ /* Populate params for c2pnb304w1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB304W1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB359V1:
+ /* Populate params for c2tnb359v1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB359V1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2PNB368W1:
+ /* Populate params for c2pnb368w1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_PNB368W1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_C2TNB431R1:
+ /* Populate params for c2tnb431r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_CHAR2_TNB431R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT113R1:
+ /* Populate params for sect113r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_113R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT113R2:
+ /* Populate params for sect113r2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_113R2, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT131R1:
+ /* Populate params for sect131r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_131R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT131R2:
+ /* Populate params for sect131r2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_131R2, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT163K1:
+ /* Populate params for sect163k1
+ * (the NIST K-163 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_163K1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT163R1:
+ /* Populate params for sect163r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_163R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT163R2:
+ /* Populate params for sect163r2
+ * (the NIST B-163 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_163R2, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT193R1:
+ /* Populate params for sect193r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_193R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT193R2:
+ /* Populate params for sect193r2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_193R2, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT233K1:
+ /* Populate params for sect233k1
+ * (the NIST K-233 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_233K1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT233R1:
+ /* Populate params for sect233r1
+ * (the NIST B-233 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_233R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT239K1:
+ /* Populate params for sect239k1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_239K1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT283K1:
+ /* Populate params for sect283k1
+ * (the NIST K-283 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_283K1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT283R1:
+ /* Populate params for sect283r1
+ * (the NIST B-283 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_283R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT409K1:
+ /* Populate params for sect409k1
+ * (the NIST K-409 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_409K1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT409R1:
+ /* Populate params for sect409r1
+ * (the NIST B-409 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_409R1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT571K1:
+ /* Populate params for sect571k1
+ * (the NIST K-571 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_571K1, ec_field_GF2m,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECT571R1:
+ /* Populate params for sect571r1
+ * (the NIST B-571 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_CHAR2_571R1, ec_field_GF2m,
+ params));
+ break;
+
+ /* Prime curves */
+
+ case SEC_OID_ANSIX962_EC_PRIME192V1:
+ /* Populate params for prime192v1 aka secp192r1
+ * (the NIST P-192 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_192V1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_PRIME192V2:
+ /* Populate params for prime192v2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_192V2, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_PRIME192V3:
+ /* Populate params for prime192v3 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_192V3, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_PRIME239V1:
+ /* Populate params for prime239v1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_239V1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_PRIME239V2:
+ /* Populate params for prime239v2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_239V2, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_PRIME239V3:
+ /* Populate params for prime239v3 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_239V3, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_ANSIX962_EC_PRIME256V1:
+ /* Populate params for prime256v1 aka secp256r1
+ * (the NIST P-256 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP112R1:
+ /* Populate params for secp112r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_112R1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP112R2:
+ /* Populate params for secp112r2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_112R2, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP128R1:
+ /* Populate params for secp128r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_128R1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP128R2:
+ /* Populate params for secp128r2 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_128R2, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP160K1:
+ /* Populate params for secp160k1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_160K1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP160R1:
+ /* Populate params for secp160r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_160R1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP160R2:
+ /* Populate params for secp160r1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_160R2, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP192K1:
+ /* Populate params for secp192k1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_192K1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP224K1:
+ /* Populate params for secp224k1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_224K1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP224R1:
+ /* Populate params for secp224r1
+ * (the NIST P-224 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_224R1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP256K1:
+ /* Populate params for secp256k1 */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_256K1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP384R1:
+ /* Populate params for secp384r1
+ * (the NIST P-384 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
+ params));
+ break;
+
+ case SEC_OID_SECG_EC_SECP521R1:
+ /* Populate params for secp521r1
+ * (the NIST P-521 curve)
+ */
+ CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
+ params));
+ break;
+
+ default:
+ break;
};
cleanup:
if (!params->cofactor) {
- PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+ PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
#if EC_DEBUG
- printf("Unrecognized curve, returning NULL params\n");
+ printf("Unrecognized curve, returning NULL params\n");
#endif
}
@@ -581,29 +589,30 @@ EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
/* Initialize an arena for the ECParams structure */
if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
- return SECFailure;
+ return SECFailure;
params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
if (!params) {
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
+ PORT_FreeArena(arena, PR_TRUE);
+ return SECFailure;
}
/* Copy the encoded params */
SECITEM_AllocItem(arena, &(params->DEREncoding),
- encodedParams->len);
+ encodedParams->len);
memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
- /* Fill out the rest of the ECParams structure based on
- * the encoded params
+ /* Fill out the rest of the ECParams structure based on
+ * the encoded params
*/
rv = EC_FillParams(arena, encodedParams, params);
if (rv == SECFailure) {
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
+ PORT_FreeArena(arena, PR_TRUE);
+ return SECFailure;
} else {
- *ecparams = params;;
- return SECSuccess;
+ *ecparams = params;
+ ;
+ return SECSuccess;
}
}
diff --git a/lib/freebl/ecl/ec2.h b/lib/freebl/ecl/ec2.h
index 5d75d48dd..c98057f1f 100644
--- a/lib/freebl/ecl/ec2.h
+++ b/lib/freebl/ecl/ec2.h
@@ -16,17 +16,17 @@ mp_err ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py);
/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx,
* qy). Uses affine coordinates. */
mp_err ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
/* Computes R = P - Q. Uses affine coordinates. */
mp_err ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
/* Computes R = 2P. Uses affine coordinates. */
mp_err ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ mp_int *ry, const ECGroup *group);
/* Validates a point on a GF2m curve. */
mp_err ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group);
@@ -34,36 +34,36 @@ mp_err ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup
/* by default, this routine is unused and thus doesn't need to be compiled */
#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the irreducible that
+ * a, b and p are the elliptic curve coefficients and the irreducible that
* determines the field GF2m. Uses affine coordinates. */
mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
#endif
/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
- * a, b and p are the elliptic curve coefficients and the irreducible that
+ * a, b and p are the elliptic curve coefficients and the irreducible that
* determines the field GF2m. Uses Montgomery projective coordinates. */
mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
#ifdef ECL_ENABLE_GF2M_PROJ
/* Converts a point P(px, py) from affine coordinates to projective
* coordinates R(rx, ry, rz). */
mp_err ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, mp_int *rz, const ECGroup *group);
+ mp_int *ry, mp_int *rz, const ECGroup *group);
/* Converts a point P(px, py, pz) from projective coordinates to affine
* coordinates R(rx, ry). */
mp_err ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py,
- const mp_int *pz, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ const mp_int *pz, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
/* Checks if point P(px, py, pz) is at infinity. Uses projective
* coordinates. */
mp_err ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
- const mp_int *pz);
+ const mp_int *pz);
/* Sets P(px, py, pz) to be the point at infinity. Uses projective
* coordinates. */
@@ -72,21 +72,21 @@ mp_err ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz);
/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
* (qx, qy, qz). Uses projective coordinates. */
mp_err ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py,
- const mp_int *pz, const mp_int *qx,
- const mp_int *qy, mp_int *rx, mp_int *ry,
- mp_int *rz, const ECGroup *group);
+ const mp_int *pz, const mp_int *qx,
+ const mp_int *qy, mp_int *rx, mp_int *ry,
+ mp_int *rz, const ECGroup *group);
/* Computes R = 2P. Uses projective coordinates. */
mp_err ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py,
- const mp_int *pz, mp_int *rx, mp_int *ry,
- mp_int *rz, const ECGroup *group);
+ const mp_int *pz, mp_int *rx, mp_int *ry,
+ mp_int *rz, const ECGroup *group);
/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
* a, b and p are the elliptic curve coefficients and the prime that
* determines the field GF2m. Uses projective coordinates. */
mp_err ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
#endif
-#endif /* __ec2_h_ */
+#endif /* __ec2_h_ */
diff --git a/lib/freebl/ecl/ec2_163.c b/lib/freebl/ecl/ec2_163.c
index 8ed40a4c8..da1a36b68 100644
--- a/lib/freebl/ecl/ec2_163.c
+++ b/lib/freebl/ecl/ec2_163.c
@@ -14,71 +14,71 @@
mp_err
ec_GF2m_163_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit *u, z;
+ mp_err res = MP_OKAY;
+ mp_digit *u, z;
- if (a != r) {
- MP_CHECKOK(mp_copy(a, r));
- }
+ if (a != r) {
+ MP_CHECKOK(mp_copy(a, r));
+ }
#ifdef ECL_SIXTY_FOUR_BIT
- if (MP_USED(r) < 6) {
- MP_CHECKOK(s_mp_pad(r, 6));
- }
- u = MP_DIGITS(r);
- MP_USED(r) = 6;
-
- /* u[5] only has 6 significant bits */
- z = u[5];
- u[2] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
- z = u[4];
- u[2] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
- u[1] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
- z = u[3];
- u[1] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
- u[0] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
- z = u[2] >> 35; /* z only has 29 significant bits */
- u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
- /* clear bits above 163 */
- u[5] = u[4] = u[3] = 0;
- u[2] ^= z << 35;
+ if (MP_USED(r) < 6) {
+ MP_CHECKOK(s_mp_pad(r, 6));
+ }
+ u = MP_DIGITS(r);
+ MP_USED(r) = 6;
+
+ /* u[5] only has 6 significant bits */
+ z = u[5];
+ u[2] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+ z = u[4];
+ u[2] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+ u[1] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+ z = u[3];
+ u[1] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+ u[0] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+ z = u[2] >> 35; /* z only has 29 significant bits */
+ u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+ /* clear bits above 163 */
+ u[5] = u[4] = u[3] = 0;
+ u[2] ^= z << 35;
#else
- if (MP_USED(r) < 11) {
- MP_CHECKOK(s_mp_pad(r, 11));
- }
- u = MP_DIGITS(r);
- MP_USED(r) = 11;
-
- /* u[11] only has 6 significant bits */
- z = u[10];
- u[5] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
- u[4] ^= (z << 29);
- z = u[9];
- u[5] ^= (z >> 28) ^ (z >> 29);
- u[4] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
- u[3] ^= (z << 29);
- z = u[8];
- u[4] ^= (z >> 28) ^ (z >> 29);
- u[3] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
- u[2] ^= (z << 29);
- z = u[7];
- u[3] ^= (z >> 28) ^ (z >> 29);
- u[2] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
- u[1] ^= (z << 29);
- z = u[6];
- u[2] ^= (z >> 28) ^ (z >> 29);
- u[1] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
- u[0] ^= (z << 29);
- z = u[5] >> 3; /* z only has 29 significant bits */
- u[1] ^= (z >> 25) ^ (z >> 26);
- u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
- /* clear bits above 163 */
- u[11] = u[10] = u[9] = u[8] = u[7] = u[6] = 0;
- u[5] ^= z << 3;
+ if (MP_USED(r) < 11) {
+ MP_CHECKOK(s_mp_pad(r, 11));
+ }
+ u = MP_DIGITS(r);
+ MP_USED(r) = 11;
+
+ /* u[11] only has 6 significant bits */
+ z = u[10];
+ u[5] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+ u[4] ^= (z << 29);
+ z = u[9];
+ u[5] ^= (z >> 28) ^ (z >> 29);
+ u[4] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+ u[3] ^= (z << 29);
+ z = u[8];
+ u[4] ^= (z >> 28) ^ (z >> 29);
+ u[3] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+ u[2] ^= (z << 29);
+ z = u[7];
+ u[3] ^= (z >> 28) ^ (z >> 29);
+ u[2] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+ u[1] ^= (z << 29);
+ z = u[6];
+ u[2] ^= (z >> 28) ^ (z >> 29);
+ u[1] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+ u[0] ^= (z << 29);
+ z = u[5] >> 3; /* z only has 29 significant bits */
+ u[1] ^= (z >> 25) ^ (z >> 26);
+ u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+ /* clear bits above 163 */
+ u[11] = u[10] = u[9] = u[8] = u[7] = u[6] = 0;
+ u[5] ^= z << 3;
#endif
- s_mp_clamp(r);
+ s_mp_clamp(r);
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Fast squaring for polynomials over a 163-bit curve. Assumes reduction
@@ -86,138 +86,138 @@ ec_GF2m_163_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err
ec_GF2m_163_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit *u, *v;
+ mp_err res = MP_OKAY;
+ mp_digit *u, *v;
- v = MP_DIGITS(a);
+ v = MP_DIGITS(a);
#ifdef ECL_SIXTY_FOUR_BIT
- if (MP_USED(a) < 3) {
- return mp_bsqrmod(a, meth->irr_arr, r);
- }
- if (MP_USED(r) < 6) {
- MP_CHECKOK(s_mp_pad(r, 6));
- }
- MP_USED(r) = 6;
+ if (MP_USED(a) < 3) {
+ return mp_bsqrmod(a, meth->irr_arr, r);
+ }
+ if (MP_USED(r) < 6) {
+ MP_CHECKOK(s_mp_pad(r, 6));
+ }
+ MP_USED(r) = 6;
#else
- if (MP_USED(a) < 6) {
- return mp_bsqrmod(a, meth->irr_arr, r);
- }
- if (MP_USED(r) < 12) {
- MP_CHECKOK(s_mp_pad(r, 12));
- }
- MP_USED(r) = 12;
+ if (MP_USED(a) < 6) {
+ return mp_bsqrmod(a, meth->irr_arr, r);
+ }
+ if (MP_USED(r) < 12) {
+ MP_CHECKOK(s_mp_pad(r, 12));
+ }
+ MP_USED(r) = 12;
#endif
- u = MP_DIGITS(r);
+ u = MP_DIGITS(r);
#ifdef ECL_THIRTY_TWO_BIT
- u[11] = gf2m_SQR1(v[5]);
- u[10] = gf2m_SQR0(v[5]);
- u[9] = gf2m_SQR1(v[4]);
- u[8] = gf2m_SQR0(v[4]);
- u[7] = gf2m_SQR1(v[3]);
- u[6] = gf2m_SQR0(v[3]);
+ u[11] = gf2m_SQR1(v[5]);
+ u[10] = gf2m_SQR0(v[5]);
+ u[9] = gf2m_SQR1(v[4]);
+ u[8] = gf2m_SQR0(v[4]);
+ u[7] = gf2m_SQR1(v[3]);
+ u[6] = gf2m_SQR0(v[3]);
#endif
- u[5] = gf2m_SQR1(v[2]);
- u[4] = gf2m_SQR0(v[2]);
- u[3] = gf2m_SQR1(v[1]);
- u[2] = gf2m_SQR0(v[1]);
- u[1] = gf2m_SQR1(v[0]);
- u[0] = gf2m_SQR0(v[0]);
- return ec_GF2m_163_mod(r, r, meth);
-
- CLEANUP:
- return res;
+ u[5] = gf2m_SQR1(v[2]);
+ u[4] = gf2m_SQR0(v[2]);
+ u[3] = gf2m_SQR1(v[1]);
+ u[2] = gf2m_SQR0(v[1]);
+ u[1] = gf2m_SQR1(v[0]);
+ u[0] = gf2m_SQR0(v[0]);
+ return ec_GF2m_163_mod(r, r, meth);
+
+CLEANUP:
+ return res;
}
/* Fast multiplication for polynomials over a 163-bit curve. Assumes
* reduction polynomial with terms {163, 7, 6, 3, 0}. */
mp_err
ec_GF2m_163_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a2 = 0, a1 = 0, a0, b2 = 0, b1 = 0, b0;
+ mp_err res = MP_OKAY;
+ mp_digit a2 = 0, a1 = 0, a0, b2 = 0, b1 = 0, b0;
#ifdef ECL_THIRTY_TWO_BIT
- mp_digit a5 = 0, a4 = 0, a3 = 0, b5 = 0, b4 = 0, b3 = 0;
- mp_digit rm[6];
+ mp_digit a5 = 0, a4 = 0, a3 = 0, b5 = 0, b4 = 0, b3 = 0;
+ mp_digit rm[6];
#endif
- if (a == b) {
- return ec_GF2m_163_sqr(a, r, meth);
- } else {
- switch (MP_USED(a)) {
+ if (a == b) {
+ return ec_GF2m_163_sqr(a, r, meth);
+ } else {
+ switch (MP_USED(a)) {
#ifdef ECL_THIRTY_TWO_BIT
- case 6:
- a5 = MP_DIGIT(a, 5);
- case 5:
- a4 = MP_DIGIT(a, 4);
- case 4:
- a3 = MP_DIGIT(a, 3);
+ case 6:
+ a5 = MP_DIGIT(a, 5);
+ case 5:
+ a4 = MP_DIGIT(a, 4);
+ case 4:
+ a3 = MP_DIGIT(a, 3);
#endif
- case 3:
- a2 = MP_DIGIT(a, 2);
- case 2:
- a1 = MP_DIGIT(a, 1);
- default:
- a0 = MP_DIGIT(a, 0);
- }
- switch (MP_USED(b)) {
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ default:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
#ifdef ECL_THIRTY_TWO_BIT
- case 6:
- b5 = MP_DIGIT(b, 5);
- case 5:
- b4 = MP_DIGIT(b, 4);
- case 4:
- b3 = MP_DIGIT(b, 3);
+ case 6:
+ b5 = MP_DIGIT(b, 5);
+ case 5:
+ b4 = MP_DIGIT(b, 4);
+ case 4:
+ b3 = MP_DIGIT(b, 3);
#endif
- case 3:
- b2 = MP_DIGIT(b, 2);
- case 2:
- b1 = MP_DIGIT(b, 1);
- default:
- b0 = MP_DIGIT(b, 0);
- }
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ default:
+ b0 = MP_DIGIT(b, 0);
+ }
#ifdef ECL_SIXTY_FOUR_BIT
- MP_CHECKOK(s_mp_pad(r, 6));
- s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
- MP_USED(r) = 6;
- s_mp_clamp(r);
+ MP_CHECKOK(s_mp_pad(r, 6));
+ s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+ MP_USED(r) = 6;
+ s_mp_clamp(r);
#else
- MP_CHECKOK(s_mp_pad(r, 12));
- s_bmul_3x3(MP_DIGITS(r) + 6, a5, a4, a3, b5, b4, b3);
- s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
- s_bmul_3x3(rm, a5 ^ a2, a4 ^ a1, a3 ^ a0, b5 ^ b2, b4 ^ b1,
- b3 ^ b0);
- rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 11);
- rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 10);
- rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 9);
- rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 8);
- rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 7);
- rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 6);
- MP_DIGIT(r, 8) ^= rm[5];
- MP_DIGIT(r, 7) ^= rm[4];
- MP_DIGIT(r, 6) ^= rm[3];
- MP_DIGIT(r, 5) ^= rm[2];
- MP_DIGIT(r, 4) ^= rm[1];
- MP_DIGIT(r, 3) ^= rm[0];
- MP_USED(r) = 12;
- s_mp_clamp(r);
+ MP_CHECKOK(s_mp_pad(r, 12));
+ s_bmul_3x3(MP_DIGITS(r) + 6, a5, a4, a3, b5, b4, b3);
+ s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+ s_bmul_3x3(rm, a5 ^ a2, a4 ^ a1, a3 ^ a0, b5 ^ b2, b4 ^ b1,
+ b3 ^ b0);
+ rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 11);
+ rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 10);
+ rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 9);
+ rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 8);
+ rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 7);
+ rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 6);
+ MP_DIGIT(r, 8) ^= rm[5];
+ MP_DIGIT(r, 7) ^= rm[4];
+ MP_DIGIT(r, 6) ^= rm[3];
+ MP_DIGIT(r, 5) ^= rm[2];
+ MP_DIGIT(r, 4) ^= rm[1];
+ MP_DIGIT(r, 3) ^= rm[0];
+ MP_USED(r) = 12;
+ s_mp_clamp(r);
#endif
- return ec_GF2m_163_mod(r, r, meth);
- }
+ return ec_GF2m_163_mod(r, r, meth);
+ }
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Wire in fast field arithmetic for 163-bit curves. */
mp_err
ec_group_set_gf2m163(ECGroup *group, ECCurveName name)
{
- group->meth->field_mod = &ec_GF2m_163_mod;
- group->meth->field_mul = &ec_GF2m_163_mul;
- group->meth->field_sqr = &ec_GF2m_163_sqr;
- return MP_OKAY;
+ group->meth->field_mod = &ec_GF2m_163_mod;
+ group->meth->field_mul = &ec_GF2m_163_mul;
+ group->meth->field_sqr = &ec_GF2m_163_sqr;
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ec2_193.c b/lib/freebl/ecl/ec2_193.c
index edb38a67a..cd9bb0fbb 100644
--- a/lib/freebl/ecl/ec2_193.c
+++ b/lib/freebl/ecl/ec2_193.c
@@ -14,79 +14,79 @@
mp_err
ec_GF2m_193_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit *u, z;
+ mp_err res = MP_OKAY;
+ mp_digit *u, z;
- if (a != r) {
- MP_CHECKOK(mp_copy(a, r));
- }
+ if (a != r) {
+ MP_CHECKOK(mp_copy(a, r));
+ }
#ifdef ECL_SIXTY_FOUR_BIT
- if (MP_USED(r) < 7) {
- MP_CHECKOK(s_mp_pad(r, 7));
- }
- u = MP_DIGITS(r);
- MP_USED(r) = 7;
-
- /* u[6] only has 2 significant bits */
- z = u[6];
- u[3] ^= (z << 14) ^ (z >> 1);
- u[2] ^= (z << 63);
- z = u[5];
- u[3] ^= (z >> 50);
- u[2] ^= (z << 14) ^ (z >> 1);
- u[1] ^= (z << 63);
- z = u[4];
- u[2] ^= (z >> 50);
- u[1] ^= (z << 14) ^ (z >> 1);
- u[0] ^= (z << 63);
- z = u[3] >> 1; /* z only has 63 significant bits */
- u[1] ^= (z >> 49);
- u[0] ^= (z << 15) ^ z;
- /* clear bits above 193 */
- u[6] = u[5] = u[4] = 0;
- u[3] ^= z << 1;
+ if (MP_USED(r) < 7) {
+ MP_CHECKOK(s_mp_pad(r, 7));
+ }
+ u = MP_DIGITS(r);
+ MP_USED(r) = 7;
+
+ /* u[6] only has 2 significant bits */
+ z = u[6];
+ u[3] ^= (z << 14) ^ (z >> 1);
+ u[2] ^= (z << 63);
+ z = u[5];
+ u[3] ^= (z >> 50);
+ u[2] ^= (z << 14) ^ (z >> 1);
+ u[1] ^= (z << 63);
+ z = u[4];
+ u[2] ^= (z >> 50);
+ u[1] ^= (z << 14) ^ (z >> 1);
+ u[0] ^= (z << 63);
+ z = u[3] >> 1; /* z only has 63 significant bits */
+ u[1] ^= (z >> 49);
+ u[0] ^= (z << 15) ^ z;
+ /* clear bits above 193 */
+ u[6] = u[5] = u[4] = 0;
+ u[3] ^= z << 1;
#else
- if (MP_USED(r) < 13) {
- MP_CHECKOK(s_mp_pad(r, 13));
- }
- u = MP_DIGITS(r);
- MP_USED(r) = 13;
-
- /* u[12] only has 2 significant bits */
- z = u[12];
- u[6] ^= (z << 14) ^ (z >> 1);
- u[5] ^= (z << 31);
- z = u[11];
- u[6] ^= (z >> 18);
- u[5] ^= (z << 14) ^ (z >> 1);
- u[4] ^= (z << 31);
- z = u[10];
- u[5] ^= (z >> 18);
- u[4] ^= (z << 14) ^ (z >> 1);
- u[3] ^= (z << 31);
- z = u[9];
- u[4] ^= (z >> 18);
- u[3] ^= (z << 14) ^ (z >> 1);
- u[2] ^= (z << 31);
- z = u[8];
- u[3] ^= (z >> 18);
- u[2] ^= (z << 14) ^ (z >> 1);
- u[1] ^= (z << 31);
- z = u[7];
- u[2] ^= (z >> 18);
- u[1] ^= (z << 14) ^ (z >> 1);
- u[0] ^= (z << 31);
- z = u[6] >> 1; /* z only has 31 significant bits */
- u[1] ^= (z >> 17);
- u[0] ^= (z << 15) ^ z;
- /* clear bits above 193 */
- u[12] = u[11] = u[10] = u[9] = u[8] = u[7] = 0;
- u[6] ^= z << 1;
+ if (MP_USED(r) < 13) {
+ MP_CHECKOK(s_mp_pad(r, 13));
+ }
+ u = MP_DIGITS(r);
+ MP_USED(r) = 13;
+
+ /* u[12] only has 2 significant bits */
+ z = u[12];
+ u[6] ^= (z << 14) ^ (z >> 1);
+ u[5] ^= (z << 31);
+ z = u[11];
+ u[6] ^= (z >> 18);
+ u[5] ^= (z << 14) ^ (z >> 1);
+ u[4] ^= (z << 31);
+ z = u[10];
+ u[5] ^= (z >> 18);
+ u[4] ^= (z << 14) ^ (z >> 1);
+ u[3] ^= (z << 31);
+ z = u[9];
+ u[4] ^= (z >> 18);
+ u[3] ^= (z << 14) ^ (z >> 1);
+ u[2] ^= (z << 31);
+ z = u[8];
+ u[3] ^= (z >> 18);
+ u[2] ^= (z << 14) ^ (z >> 1);
+ u[1] ^= (z << 31);
+ z = u[7];
+ u[2] ^= (z >> 18);
+ u[1] ^= (z << 14) ^ (z >> 1);
+ u[0] ^= (z << 31);
+ z = u[6] >> 1; /* z only has 31 significant bits */
+ u[1] ^= (z >> 17);
+ u[0] ^= (z << 15) ^ z;
+ /* clear bits above 193 */
+ u[12] = u[11] = u[10] = u[9] = u[8] = u[7] = 0;
+ u[6] ^= z << 1;
#endif
- s_mp_clamp(r);
+ s_mp_clamp(r);
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Fast squaring for polynomials over a 193-bit curve. Assumes reduction
@@ -94,147 +94,147 @@ ec_GF2m_193_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err
ec_GF2m_193_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit *u, *v;
+ mp_err res = MP_OKAY;
+ mp_digit *u, *v;
- v = MP_DIGITS(a);
+ v = MP_DIGITS(a);
#ifdef ECL_SIXTY_FOUR_BIT
- if (MP_USED(a) < 4) {
- return mp_bsqrmod(a, meth->irr_arr, r);
- }
- if (MP_USED(r) < 7) {
- MP_CHECKOK(s_mp_pad(r, 7));
- }
- MP_USED(r) = 7;
+ if (MP_USED(a) < 4) {
+ return mp_bsqrmod(a, meth->irr_arr, r);
+ }
+ if (MP_USED(r) < 7) {
+ MP_CHECKOK(s_mp_pad(r, 7));
+ }
+ MP_USED(r) = 7;
#else
- if (MP_USED(a) < 7) {
- return mp_bsqrmod(a, meth->irr_arr, r);
- }
- if (MP_USED(r) < 13) {
- MP_CHECKOK(s_mp_pad(r, 13));
- }
- MP_USED(r) = 13;
+ if (MP_USED(a) < 7) {
+ return mp_bsqrmod(a, meth->irr_arr, r);
+ }
+ if (MP_USED(r) < 13) {
+ MP_CHECKOK(s_mp_pad(r, 13));
+ }
+ MP_USED(r) = 13;
#endif
- u = MP_DIGITS(r);
+ u = MP_DIGITS(r);
#ifdef ECL_THIRTY_TWO_BIT
- u[12] = gf2m_SQR0(v[6]);
- u[11] = gf2m_SQR1(v[5]);
- u[10] = gf2m_SQR0(v[5]);
- u[9] = gf2m_SQR1(v[4]);
- u[8] = gf2m_SQR0(v[4]);
- u[7] = gf2m_SQR1(v[3]);
+ u[12] = gf2m_SQR0(v[6]);
+ u[11] = gf2m_SQR1(v[5]);
+ u[10] = gf2m_SQR0(v[5]);
+ u[9] = gf2m_SQR1(v[4]);
+ u[8] = gf2m_SQR0(v[4]);
+ u[7] = gf2m_SQR1(v[3]);
#endif
- u[6] = gf2m_SQR0(v[3]);
- u[5] = gf2m_SQR1(v[2]);
- u[4] = gf2m_SQR0(v[2]);
- u[3] = gf2m_SQR1(v[1]);
- u[2] = gf2m_SQR0(v[1]);
- u[1] = gf2m_SQR1(v[0]);
- u[0] = gf2m_SQR0(v[0]);
- return ec_GF2m_193_mod(r, r, meth);
-
- CLEANUP:
- return res;
+ u[6] = gf2m_SQR0(v[3]);
+ u[5] = gf2m_SQR1(v[2]);
+ u[4] = gf2m_SQR0(v[2]);
+ u[3] = gf2m_SQR1(v[1]);
+ u[2] = gf2m_SQR0(v[1]);
+ u[1] = gf2m_SQR1(v[0]);
+ u[0] = gf2m_SQR0(v[0]);
+ return ec_GF2m_193_mod(r, r, meth);
+
+CLEANUP:
+ return res;
}
/* Fast multiplication for polynomials over a 193-bit curve. Assumes
* reduction polynomial with terms {193, 15, 0}. */
mp_err
ec_GF2m_193_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
+ mp_err res = MP_OKAY;
+ mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
#ifdef ECL_THIRTY_TWO_BIT
- mp_digit a6 = 0, a5 = 0, a4 = 0, b6 = 0, b5 = 0, b4 = 0;
- mp_digit rm[8];
+ mp_digit a6 = 0, a5 = 0, a4 = 0, b6 = 0, b5 = 0, b4 = 0;
+ mp_digit rm[8];
#endif
- if (a == b) {
- return ec_GF2m_193_sqr(a, r, meth);
- } else {
- switch (MP_USED(a)) {
+ if (a == b) {
+ return ec_GF2m_193_sqr(a, r, meth);
+ } else {
+ switch (MP_USED(a)) {
#ifdef ECL_THIRTY_TWO_BIT
- case 7:
- a6 = MP_DIGIT(a, 6);
- case 6:
- a5 = MP_DIGIT(a, 5);
- case 5:
- a4 = MP_DIGIT(a, 4);
+ case 7:
+ a6 = MP_DIGIT(a, 6);
+ case 6:
+ a5 = MP_DIGIT(a, 5);
+ case 5:
+ a4 = MP_DIGIT(a, 4);
#endif
- case 4:
- a3 = MP_DIGIT(a, 3);
- case 3:
- a2 = MP_DIGIT(a, 2);
- case 2:
- a1 = MP_DIGIT(a, 1);
- default:
- a0 = MP_DIGIT(a, 0);
- }
- switch (MP_USED(b)) {
+ case 4:
+ a3 = MP_DIGIT(a, 3);
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ default:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
#ifdef ECL_THIRTY_TWO_BIT
- case 7:
- b6 = MP_DIGIT(b, 6);
- case 6:
- b5 = MP_DIGIT(b, 5);
- case 5:
- b4 = MP_DIGIT(b, 4);
+ case 7:
+ b6 = MP_DIGIT(b, 6);
+ case 6:
+ b5 = MP_DIGIT(b, 5);
+ case 5:
+ b4 = MP_DIGIT(b, 4);
#endif
- case 4:
- b3 = MP_DIGIT(b, 3);
- case 3:
- b2 = MP_DIGIT(b, 2);
- case 2:
- b1 = MP_DIGIT(b, 1);
- default:
- b0 = MP_DIGIT(b, 0);
- }
+ case 4:
+ b3 = MP_DIGIT(b, 3);
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ default:
+ b0 = MP_DIGIT(b, 0);
+ }
#ifdef ECL_SIXTY_FOUR_BIT
- MP_CHECKOK(s_mp_pad(r, 8));
- s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
- MP_USED(r) = 8;
- s_mp_clamp(r);
+ MP_CHECKOK(s_mp_pad(r, 8));
+ s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+ MP_USED(r) = 8;
+ s_mp_clamp(r);
#else
- MP_CHECKOK(s_mp_pad(r, 14));
- s_bmul_3x3(MP_DIGITS(r) + 8, a6, a5, a4, b6, b5, b4);
- s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
- s_bmul_4x4(rm, a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b3, b6 ^ b2, b5 ^ b1,
- b4 ^ b0);
- rm[7] ^= MP_DIGIT(r, 7);
- rm[6] ^= MP_DIGIT(r, 6);
- rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
- rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
- rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
- rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
- rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
- rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
- MP_DIGIT(r, 11) ^= rm[7];
- MP_DIGIT(r, 10) ^= rm[6];
- MP_DIGIT(r, 9) ^= rm[5];
- MP_DIGIT(r, 8) ^= rm[4];
- MP_DIGIT(r, 7) ^= rm[3];
- MP_DIGIT(r, 6) ^= rm[2];
- MP_DIGIT(r, 5) ^= rm[1];
- MP_DIGIT(r, 4) ^= rm[0];
- MP_USED(r) = 14;
- s_mp_clamp(r);
+ MP_CHECKOK(s_mp_pad(r, 14));
+ s_bmul_3x3(MP_DIGITS(r) + 8, a6, a5, a4, b6, b5, b4);
+ s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+ s_bmul_4x4(rm, a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b3, b6 ^ b2, b5 ^ b1,
+ b4 ^ b0);
+ rm[7] ^= MP_DIGIT(r, 7);
+ rm[6] ^= MP_DIGIT(r, 6);
+ rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
+ rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
+ rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
+ rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
+ rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
+ rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
+ MP_DIGIT(r, 11) ^= rm[7];
+ MP_DIGIT(r, 10) ^= rm[6];
+ MP_DIGIT(r, 9) ^= rm[5];
+ MP_DIGIT(r, 8) ^= rm[4];
+ MP_DIGIT(r, 7) ^= rm[3];
+ MP_DIGIT(r, 6) ^= rm[2];
+ MP_DIGIT(r, 5) ^= rm[1];
+ MP_DIGIT(r, 4) ^= rm[0];
+ MP_USED(r) = 14;
+ s_mp_clamp(r);
#endif
- return ec_GF2m_193_mod(r, r, meth);
- }
+ return ec_GF2m_193_mod(r, r, meth);
+ }
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Wire in fast field arithmetic for 193-bit curves. */
mp_err
ec_group_set_gf2m193(ECGroup *group, ECCurveName name)
{
- group->meth->field_mod = &ec_GF2m_193_mod;
- group->meth->field_mul = &ec_GF2m_193_mul;
- group->meth->field_sqr = &ec_GF2m_193_sqr;
- return MP_OKAY;
+ group->meth->field_mod = &ec_GF2m_193_mod;
+ group->meth->field_mul = &ec_GF2m_193_mul;
+ group->meth->field_sqr = &ec_GF2m_193_sqr;
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ec2_233.c b/lib/freebl/ecl/ec2_233.c
index f73673cae..c670f2f45 100644
--- a/lib/freebl/ecl/ec2_233.c
+++ b/lib/freebl/ecl/ec2_233.c
@@ -14,95 +14,95 @@
mp_err
ec_GF2m_233_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit *u, z;
+ mp_err res = MP_OKAY;
+ mp_digit *u, z;
- if (a != r) {
- MP_CHECKOK(mp_copy(a, r));
- }
+ if (a != r) {
+ MP_CHECKOK(mp_copy(a, r));
+ }
#ifdef ECL_SIXTY_FOUR_BIT
- if (MP_USED(r) < 8) {
- MP_CHECKOK(s_mp_pad(r, 8));
- }
- u = MP_DIGITS(r);
- MP_USED(r) = 8;
+ if (MP_USED(r) < 8) {
+ MP_CHECKOK(s_mp_pad(r, 8));
+ }
+ u = MP_DIGITS(r);
+ MP_USED(r) = 8;
- /* u[7] only has 18 significant bits */
- z = u[7];
- u[4] ^= (z << 33) ^ (z >> 41);
- u[3] ^= (z << 23);
- z = u[6];
- u[4] ^= (z >> 31);
- u[3] ^= (z << 33) ^ (z >> 41);
- u[2] ^= (z << 23);
- z = u[5];
- u[3] ^= (z >> 31);
- u[2] ^= (z << 33) ^ (z >> 41);
- u[1] ^= (z << 23);
- z = u[4];
- u[2] ^= (z >> 31);
- u[1] ^= (z << 33) ^ (z >> 41);
- u[0] ^= (z << 23);
- z = u[3] >> 41; /* z only has 23 significant bits */
- u[1] ^= (z << 10);
- u[0] ^= z;
- /* clear bits above 233 */
- u[7] = u[6] = u[5] = u[4] = 0;
- u[3] ^= z << 41;
+ /* u[7] only has 18 significant bits */
+ z = u[7];
+ u[4] ^= (z << 33) ^ (z >> 41);
+ u[3] ^= (z << 23);
+ z = u[6];
+ u[4] ^= (z >> 31);
+ u[3] ^= (z << 33) ^ (z >> 41);
+ u[2] ^= (z << 23);
+ z = u[5];
+ u[3] ^= (z >> 31);
+ u[2] ^= (z << 33) ^ (z >> 41);
+ u[1] ^= (z << 23);
+ z = u[4];
+ u[2] ^= (z >> 31);
+ u[1] ^= (z << 33) ^ (z >> 41);
+ u[0] ^= (z << 23);
+ z = u[3] >> 41; /* z only has 23 significant bits */
+ u[1] ^= (z << 10);
+ u[0] ^= z;
+ /* clear bits above 233 */
+ u[7] = u[6] = u[5] = u[4] = 0;
+ u[3] ^= z << 41;
#else
- if (MP_USED(r) < 15) {
- MP_CHECKOK(s_mp_pad(r, 15));
- }
- u = MP_DIGITS(r);
- MP_USED(r) = 15;
+ if (MP_USED(r) < 15) {
+ MP_CHECKOK(s_mp_pad(r, 15));
+ }
+ u = MP_DIGITS(r);
+ MP_USED(r) = 15;
- /* u[14] only has 18 significant bits */
- z = u[14];
- u[9] ^= (z << 1);
- u[7] ^= (z >> 9);
- u[6] ^= (z << 23);
- z = u[13];
- u[9] ^= (z >> 31);
- u[8] ^= (z << 1);
- u[6] ^= (z >> 9);
- u[5] ^= (z << 23);
- z = u[12];
- u[8] ^= (z >> 31);
- u[7] ^= (z << 1);
- u[5] ^= (z >> 9);
- u[4] ^= (z << 23);
- z = u[11];
- u[7] ^= (z >> 31);
- u[6] ^= (z << 1);
- u[4] ^= (z >> 9);
- u[3] ^= (z << 23);
- z = u[10];
- u[6] ^= (z >> 31);
- u[5] ^= (z << 1);
- u[3] ^= (z >> 9);
- u[2] ^= (z << 23);
- z = u[9];
- u[5] ^= (z >> 31);
- u[4] ^= (z << 1);
- u[2] ^= (z >> 9);
- u[1] ^= (z << 23);
- z = u[8];
- u[4] ^= (z >> 31);
- u[3] ^= (z << 1);
- u[1] ^= (z >> 9);
- u[0] ^= (z << 23);
- z = u[7] >> 9; /* z only has 23 significant bits */
- u[3] ^= (z >> 22);
- u[2] ^= (z << 10);
- u[0] ^= z;
- /* clear bits above 233 */
- u[14] = u[13] = u[12] = u[11] = u[10] = u[9] = u[8] = 0;
- u[7] ^= z << 9;
+ /* u[14] only has 18 significant bits */
+ z = u[14];
+ u[9] ^= (z << 1);
+ u[7] ^= (z >> 9);
+ u[6] ^= (z << 23);
+ z = u[13];
+ u[9] ^= (z >> 31);
+ u[8] ^= (z << 1);
+ u[6] ^= (z >> 9);
+ u[5] ^= (z << 23);
+ z = u[12];
+ u[8] ^= (z >> 31);
+ u[7] ^= (z << 1);
+ u[5] ^= (z >> 9);
+ u[4] ^= (z << 23);
+ z = u[11];
+ u[7] ^= (z >> 31);
+ u[6] ^= (z << 1);
+ u[4] ^= (z >> 9);
+ u[3] ^= (z << 23);
+ z = u[10];
+ u[6] ^= (z >> 31);
+ u[5] ^= (z << 1);
+ u[3] ^= (z >> 9);
+ u[2] ^= (z << 23);
+ z = u[9];
+ u[5] ^= (z >> 31);
+ u[4] ^= (z << 1);
+ u[2] ^= (z >> 9);
+ u[1] ^= (z << 23);
+ z = u[8];
+ u[4] ^= (z >> 31);
+ u[3] ^= (z << 1);
+ u[1] ^= (z >> 9);
+ u[0] ^= (z << 23);
+ z = u[7] >> 9; /* z only has 23 significant bits */
+ u[3] ^= (z >> 22);
+ u[2] ^= (z << 10);
+ u[0] ^= z;
+ /* clear bits above 233 */
+ u[14] = u[13] = u[12] = u[11] = u[10] = u[9] = u[8] = 0;
+ u[7] ^= z << 9;
#endif
- s_mp_clamp(r);
+ s_mp_clamp(r);
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Fast squaring for polynomials over a 233-bit curve. Assumes reduction
@@ -110,154 +110,154 @@ ec_GF2m_233_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err
ec_GF2m_233_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit *u, *v;
+ mp_err res = MP_OKAY;
+ mp_digit *u, *v;
- v = MP_DIGITS(a);
+ v = MP_DIGITS(a);
#ifdef ECL_SIXTY_FOUR_BIT
- if (MP_USED(a) < 4) {
- return mp_bsqrmod(a, meth->irr_arr, r);
- }
- if (MP_USED(r) < 8) {
- MP_CHECKOK(s_mp_pad(r, 8));
- }
- MP_USED(r) = 8;
+ if (MP_USED(a) < 4) {
+ return mp_bsqrmod(a, meth->irr_arr, r);
+ }
+ if (MP_USED(r) < 8) {
+ MP_CHECKOK(s_mp_pad(r, 8));
+ }
+ MP_USED(r) = 8;
#else
- if (MP_USED(a) < 8) {
- return mp_bsqrmod(a, meth->irr_arr, r);
- }
- if (MP_USED(r) < 15) {
- MP_CHECKOK(s_mp_pad(r, 15));
- }
- MP_USED(r) = 15;
+ if (MP_USED(a) < 8) {
+ return mp_bsqrmod(a, meth->irr_arr, r);
+ }
+ if (MP_USED(r) < 15) {
+ MP_CHECKOK(s_mp_pad(r, 15));
+ }
+ MP_USED(r) = 15;
#endif
- u = MP_DIGITS(r);
+ u = MP_DIGITS(r);
#ifdef ECL_THIRTY_TWO_BIT
- u[14] = gf2m_SQR0(v[7]);
- u[13] = gf2m_SQR1(v[6]);
- u[12] = gf2m_SQR0(v[6]);
- u[11] = gf2m_SQR1(v[5]);
- u[10] = gf2m_SQR0(v[5]);
- u[9] = gf2m_SQR1(v[4]);
- u[8] = gf2m_SQR0(v[4]);
+ u[14] = gf2m_SQR0(v[7]);
+ u[13] = gf2m_SQR1(v[6]);
+ u[12] = gf2m_SQR0(v[6]);
+ u[11] = gf2m_SQR1(v[5]);
+ u[10] = gf2m_SQR0(v[5]);
+ u[9] = gf2m_SQR1(v[4]);
+ u[8] = gf2m_SQR0(v[4]);
#endif
- u[7] = gf2m_SQR1(v[3]);
- u[6] = gf2m_SQR0(v[3]);
- u[5] = gf2m_SQR1(v[2]);
- u[4] = gf2m_SQR0(v[2]);
- u[3] = gf2m_SQR1(v[1]);
- u[2] = gf2m_SQR0(v[1]);
- u[1] = gf2m_SQR1(v[0]);
- u[0] = gf2m_SQR0(v[0]);
- return ec_GF2m_233_mod(r, r, meth);
+ u[7] = gf2m_SQR1(v[3]);
+ u[6] = gf2m_SQR0(v[3]);
+ u[5] = gf2m_SQR1(v[2]);
+ u[4] = gf2m_SQR0(v[2]);
+ u[3] = gf2m_SQR1(v[1]);
+ u[2] = gf2m_SQR0(v[1]);
+ u[1] = gf2m_SQR1(v[0]);
+ u[0] = gf2m_SQR0(v[0]);
+ return ec_GF2m_233_mod(r, r, meth);
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Fast multiplication for polynomials over a 233-bit curve. Assumes
* reduction polynomial with terms {233, 74, 0}. */
mp_err
ec_GF2m_233_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
+ mp_err res = MP_OKAY;
+ mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
#ifdef ECL_THIRTY_TWO_BIT
- mp_digit a7 = 0, a6 = 0, a5 = 0, a4 = 0, b7 = 0, b6 = 0, b5 = 0, b4 =
- 0;
- mp_digit rm[8];
+ mp_digit a7 = 0, a6 = 0, a5 = 0, a4 = 0, b7 = 0, b6 = 0, b5 = 0, b4 =
+ 0;
+ mp_digit rm[8];
#endif
- if (a == b) {
- return ec_GF2m_233_sqr(a, r, meth);
- } else {
- switch (MP_USED(a)) {
+ if (a == b) {
+ return ec_GF2m_233_sqr(a, r, meth);
+ } else {
+ switch (MP_USED(a)) {
#ifdef ECL_THIRTY_TWO_BIT
- case 8:
- a7 = MP_DIGIT(a, 7);
- case 7:
- a6 = MP_DIGIT(a, 6);
- case 6:
- a5 = MP_DIGIT(a, 5);
- case 5:
- a4 = MP_DIGIT(a, 4);
+ case 8:
+ a7 = MP_DIGIT(a, 7);
+ case 7:
+ a6 = MP_DIGIT(a, 6);
+ case 6:
+ a5 = MP_DIGIT(a, 5);
+ case 5:
+ a4 = MP_DIGIT(a, 4);
#endif
- case 4:
- a3 = MP_DIGIT(a, 3);
- case 3:
- a2 = MP_DIGIT(a, 2);
- case 2:
- a1 = MP_DIGIT(a, 1);
- default:
- a0 = MP_DIGIT(a, 0);
- }
- switch (MP_USED(b)) {
+ case 4:
+ a3 = MP_DIGIT(a, 3);
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ default:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
#ifdef ECL_THIRTY_TWO_BIT
- case 8:
- b7 = MP_DIGIT(b, 7);
- case 7:
- b6 = MP_DIGIT(b, 6);
- case 6:
- b5 = MP_DIGIT(b, 5);
- case 5:
- b4 = MP_DIGIT(b, 4);
+ case 8:
+ b7 = MP_DIGIT(b, 7);
+ case 7:
+ b6 = MP_DIGIT(b, 6);
+ case 6:
+ b5 = MP_DIGIT(b, 5);
+ case 5:
+ b4 = MP_DIGIT(b, 4);
#endif
- case 4:
- b3 = MP_DIGIT(b, 3);
- case 3:
- b2 = MP_DIGIT(b, 2);
- case 2:
- b1 = MP_DIGIT(b, 1);
- default:
- b0 = MP_DIGIT(b, 0);
- }
+ case 4:
+ b3 = MP_DIGIT(b, 3);
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ default:
+ b0 = MP_DIGIT(b, 0);
+ }
#ifdef ECL_SIXTY_FOUR_BIT
- MP_CHECKOK(s_mp_pad(r, 8));
- s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
- MP_USED(r) = 8;
- s_mp_clamp(r);
+ MP_CHECKOK(s_mp_pad(r, 8));
+ s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+ MP_USED(r) = 8;
+ s_mp_clamp(r);
#else
- MP_CHECKOK(s_mp_pad(r, 16));
- s_bmul_4x4(MP_DIGITS(r) + 8, a7, a6, a5, a4, b7, b6, b5, b4);
- s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
- s_bmul_4x4(rm, a7 ^ a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b7 ^ b3,
- b6 ^ b2, b5 ^ b1, b4 ^ b0);
- rm[7] ^= MP_DIGIT(r, 7) ^ MP_DIGIT(r, 15);
- rm[6] ^= MP_DIGIT(r, 6) ^ MP_DIGIT(r, 14);
- rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
- rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
- rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
- rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
- rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
- rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
- MP_DIGIT(r, 11) ^= rm[7];
- MP_DIGIT(r, 10) ^= rm[6];
- MP_DIGIT(r, 9) ^= rm[5];
- MP_DIGIT(r, 8) ^= rm[4];
- MP_DIGIT(r, 7) ^= rm[3];
- MP_DIGIT(r, 6) ^= rm[2];
- MP_DIGIT(r, 5) ^= rm[1];
- MP_DIGIT(r, 4) ^= rm[0];
- MP_USED(r) = 16;
- s_mp_clamp(r);
+ MP_CHECKOK(s_mp_pad(r, 16));
+ s_bmul_4x4(MP_DIGITS(r) + 8, a7, a6, a5, a4, b7, b6, b5, b4);
+ s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+ s_bmul_4x4(rm, a7 ^ a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b7 ^ b3,
+ b6 ^ b2, b5 ^ b1, b4 ^ b0);
+ rm[7] ^= MP_DIGIT(r, 7) ^ MP_DIGIT(r, 15);
+ rm[6] ^= MP_DIGIT(r, 6) ^ MP_DIGIT(r, 14);
+ rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
+ rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
+ rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
+ rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
+ rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
+ rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
+ MP_DIGIT(r, 11) ^= rm[7];
+ MP_DIGIT(r, 10) ^= rm[6];
+ MP_DIGIT(r, 9) ^= rm[5];
+ MP_DIGIT(r, 8) ^= rm[4];
+ MP_DIGIT(r, 7) ^= rm[3];
+ MP_DIGIT(r, 6) ^= rm[2];
+ MP_DIGIT(r, 5) ^= rm[1];
+ MP_DIGIT(r, 4) ^= rm[0];
+ MP_USED(r) = 16;
+ s_mp_clamp(r);
#endif
- return ec_GF2m_233_mod(r, r, meth);
- }
+ return ec_GF2m_233_mod(r, r, meth);
+ }
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Wire in fast field arithmetic for 233-bit curves. */
mp_err
ec_group_set_gf2m233(ECGroup *group, ECCurveName name)
{
- group->meth->field_mod = &ec_GF2m_233_mod;
- group->meth->field_mul = &ec_GF2m_233_mul;
- group->meth->field_sqr = &ec_GF2m_233_sqr;
- return MP_OKAY;
+ group->meth->field_mod = &ec_GF2m_233_mod;
+ group->meth->field_mul = &ec_GF2m_233_mul;
+ group->meth->field_sqr = &ec_GF2m_233_sqr;
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ec2_aff.c b/lib/freebl/ecl/ec2_aff.c
index 50edc54bb..e65098b32 100644
--- a/lib/freebl/ecl/ec2_aff.c
+++ b/lib/freebl/ecl/ec2_aff.c
@@ -12,301 +12,287 @@ mp_err
ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py)
{
- if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
- return MP_YES;
- } else {
- return MP_NO;
- }
-
+ if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
+ return MP_YES;
+ } else {
+ return MP_NO;
+ }
}
/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */
mp_err
ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py)
{
- mp_zero(px);
- mp_zero(py);
- return MP_OKAY;
+ mp_zero(px);
+ mp_zero(py);
+ return MP_OKAY;
}
-/* Computes R = P + Q based on IEEE P1363 A.10.2. Elliptic curve points P,
+/* Computes R = P + Q based on IEEE P1363 A.10.2. Elliptic curve points P,
* Q, and R can all be identical. Uses affine coordinates. */
mp_err
ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
- const mp_int *qy, mp_int *rx, mp_int *ry,
- const ECGroup *group)
+ const mp_int *qy, mp_int *rx, mp_int *ry,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int lambda, tempx, tempy;
+ mp_err res = MP_OKAY;
+ mp_int lambda, tempx, tempy;
- MP_DIGITS(&lambda) = 0;
- MP_DIGITS(&tempx) = 0;
- MP_DIGITS(&tempy) = 0;
- MP_CHECKOK(mp_init(&lambda));
- MP_CHECKOK(mp_init(&tempx));
- MP_CHECKOK(mp_init(&tempy));
- /* if P = inf, then R = Q */
- if (ec_GF2m_pt_is_inf_aff(px, py) == 0) {
- MP_CHECKOK(mp_copy(qx, rx));
- MP_CHECKOK(mp_copy(qy, ry));
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* if Q = inf, then R = P */
- if (ec_GF2m_pt_is_inf_aff(qx, qy) == 0) {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* if px != qx, then lambda = (py+qy) / (px+qx), tempx = a + lambda^2
- * + lambda + px + qx */
- if (mp_cmp(px, qx) != 0) {
- MP_CHECKOK(group->meth->field_add(py, qy, &tempy, group->meth));
- MP_CHECKOK(group->meth->field_add(px, qx, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_div(&tempy, &tempx, &lambda, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempx, &lambda, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempx, &group->curvea, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempx, px, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempx, qx, &tempx, group->meth));
- } else {
- /* if py != qy or qx = 0, then R = inf */
- if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) {
- mp_zero(rx);
- mp_zero(ry);
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* lambda = qx + qy / qx */
- MP_CHECKOK(group->meth->field_div(qy, qx, &lambda, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&lambda, qx, &lambda, group->meth));
- /* tempx = a + lambda^2 + lambda */
- MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempx, &lambda, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempx, &group->curvea, &tempx, group->meth));
- }
- /* ry = (qx + tempx) * lambda + tempx + qy */
- MP_CHECKOK(group->meth->field_add(qx, &tempx, &tempy, group->meth));
- MP_CHECKOK(group->meth->
- field_mul(&tempy, &lambda, &tempy, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempy, &tempx, &tempy, group->meth));
- MP_CHECKOK(group->meth->field_add(&tempy, qy, ry, group->meth));
- /* rx = tempx */
- MP_CHECKOK(mp_copy(&tempx, rx));
+ MP_DIGITS(&lambda) = 0;
+ MP_DIGITS(&tempx) = 0;
+ MP_DIGITS(&tempy) = 0;
+ MP_CHECKOK(mp_init(&lambda));
+ MP_CHECKOK(mp_init(&tempx));
+ MP_CHECKOK(mp_init(&tempy));
+ /* if P = inf, then R = Q */
+ if (ec_GF2m_pt_is_inf_aff(px, py) == 0) {
+ MP_CHECKOK(mp_copy(qx, rx));
+ MP_CHECKOK(mp_copy(qy, ry));
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* if Q = inf, then R = P */
+ if (ec_GF2m_pt_is_inf_aff(qx, qy) == 0) {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* if px != qx, then lambda = (py+qy) / (px+qx), tempx = a + lambda^2
+ * + lambda + px + qx */
+ if (mp_cmp(px, qx) != 0) {
+ MP_CHECKOK(group->meth->field_add(py, qy, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_add(px, qx, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_div(&tempy, &tempx, &lambda, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempx, &lambda, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempx, px, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempx, qx, &tempx, group->meth));
+ } else {
+ /* if py != qy or qx = 0, then R = inf */
+ if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) {
+ mp_zero(rx);
+ mp_zero(ry);
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* lambda = qx + qy / qx */
+ MP_CHECKOK(group->meth->field_div(qy, qx, &lambda, group->meth));
+ MP_CHECKOK(group->meth->field_add(&lambda, qx, &lambda, group->meth));
+ /* tempx = a + lambda^2 + lambda */
+ MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempx, &lambda, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
+ }
+ /* ry = (qx + tempx) * lambda + tempx + qy */
+ MP_CHECKOK(group->meth->field_add(qx, &tempx, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&tempy, &lambda, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempy, &tempx, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempy, qy, ry, group->meth));
+ /* rx = tempx */
+ MP_CHECKOK(mp_copy(&tempx, rx));
- CLEANUP:
- mp_clear(&lambda);
- mp_clear(&tempx);
- mp_clear(&tempy);
- return res;
+CLEANUP:
+ mp_clear(&lambda);
+ mp_clear(&tempx);
+ mp_clear(&tempy);
+ return res;
}
/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be
* identical. Uses affine coordinates. */
mp_err
ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
- const mp_int *qy, mp_int *rx, mp_int *ry,
- const ECGroup *group)
+ const mp_int *qy, mp_int *rx, mp_int *ry,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int nqy;
+ mp_err res = MP_OKAY;
+ mp_int nqy;
- MP_DIGITS(&nqy) = 0;
- MP_CHECKOK(mp_init(&nqy));
- /* nqy = qx+qy */
- MP_CHECKOK(group->meth->field_add(qx, qy, &nqy, group->meth));
- MP_CHECKOK(group->point_add(px, py, qx, &nqy, rx, ry, group));
- CLEANUP:
- mp_clear(&nqy);
- return res;
+ MP_DIGITS(&nqy) = 0;
+ MP_CHECKOK(mp_init(&nqy));
+ /* nqy = qx+qy */
+ MP_CHECKOK(group->meth->field_add(qx, qy, &nqy, group->meth));
+ MP_CHECKOK(group->point_add(px, py, qx, &nqy, rx, ry, group));
+CLEANUP:
+ mp_clear(&nqy);
+ return res;
}
/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
* affine coordinates. */
mp_err
ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group)
+ mp_int *ry, const ECGroup *group)
{
- return group->point_add(px, py, px, py, rx, ry, group);
+ return group->point_add(px, py, px, py, rx, ry, group);
}
/* by default, this routine is unused and thus doesn't need to be compiled */
#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
-/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and
+/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and
* R can be identical. Uses affine coordinates. */
mp_err
ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int k, k3, qx, qy, sx, sy;
- int b1, b3, i, l;
+ mp_err res = MP_OKAY;
+ mp_int k, k3, qx, qy, sx, sy;
+ int b1, b3, i, l;
- MP_DIGITS(&k) = 0;
- MP_DIGITS(&k3) = 0;
- MP_DIGITS(&qx) = 0;
- MP_DIGITS(&qy) = 0;
- MP_DIGITS(&sx) = 0;
- MP_DIGITS(&sy) = 0;
- MP_CHECKOK(mp_init(&k));
- MP_CHECKOK(mp_init(&k3));
- MP_CHECKOK(mp_init(&qx));
- MP_CHECKOK(mp_init(&qy));
- MP_CHECKOK(mp_init(&sx));
- MP_CHECKOK(mp_init(&sy));
+ MP_DIGITS(&k) = 0;
+ MP_DIGITS(&k3) = 0;
+ MP_DIGITS(&qx) = 0;
+ MP_DIGITS(&qy) = 0;
+ MP_DIGITS(&sx) = 0;
+ MP_DIGITS(&sy) = 0;
+ MP_CHECKOK(mp_init(&k));
+ MP_CHECKOK(mp_init(&k3));
+ MP_CHECKOK(mp_init(&qx));
+ MP_CHECKOK(mp_init(&qy));
+ MP_CHECKOK(mp_init(&sx));
+ MP_CHECKOK(mp_init(&sy));
- /* if n = 0 then r = inf */
- if (mp_cmp_z(n) == 0) {
- mp_zero(rx);
- mp_zero(ry);
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* Q = P, k = n */
- MP_CHECKOK(mp_copy(px, &qx));
- MP_CHECKOK(mp_copy(py, &qy));
- MP_CHECKOK(mp_copy(n, &k));
- /* if n < 0 then Q = -Q, k = -k */
- if (mp_cmp_z(n) < 0) {
- MP_CHECKOK(group->meth->field_add(&qx, &qy, &qy, group->meth));
- MP_CHECKOK(mp_neg(&k, &k));
- }
-#ifdef ECL_DEBUG /* basic double and add method */
- l = mpl_significant_bits(&k) - 1;
- MP_CHECKOK(mp_copy(&qx, &sx));
- MP_CHECKOK(mp_copy(&qy, &sy));
- for (i = l - 1; i >= 0; i--) {
- /* S = 2S */
- MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
- /* if k_i = 1, then S = S + Q */
- if (mpl_get_bit(&k, i) != 0) {
- MP_CHECKOK(group->
- point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
- }
- }
-#else /* double and add/subtract method from
- * standard */
- /* k3 = 3 * k */
- MP_CHECKOK(mp_set_int(&k3, 3));
- MP_CHECKOK(mp_mul(&k, &k3, &k3));
- /* S = Q */
- MP_CHECKOK(mp_copy(&qx, &sx));
- MP_CHECKOK(mp_copy(&qy, &sy));
- /* l = index of high order bit in binary representation of 3*k */
- l = mpl_significant_bits(&k3) - 1;
- /* for i = l-1 downto 1 */
- for (i = l - 1; i >= 1; i--) {
- /* S = 2S */
- MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
- b3 = MP_GET_BIT(&k3, i);
- b1 = MP_GET_BIT(&k, i);
- /* if k3_i = 1 and k_i = 0, then S = S + Q */
- if ((b3 == 1) && (b1 == 0)) {
- MP_CHECKOK(group->
- point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
- /* if k3_i = 0 and k_i = 1, then S = S - Q */
- } else if ((b3 == 0) && (b1 == 1)) {
- MP_CHECKOK(group->
- point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
- }
- }
+ /* if n = 0 then r = inf */
+ if (mp_cmp_z(n) == 0) {
+ mp_zero(rx);
+ mp_zero(ry);
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* Q = P, k = n */
+ MP_CHECKOK(mp_copy(px, &qx));
+ MP_CHECKOK(mp_copy(py, &qy));
+ MP_CHECKOK(mp_copy(n, &k));
+ /* if n < 0 then Q = -Q, k = -k */
+ if (mp_cmp_z(n) < 0) {
+ MP_CHECKOK(group->meth->field_add(&qx, &qy, &qy, group->meth));
+ MP_CHECKOK(mp_neg(&k, &k));
+ }
+#ifdef ECL_DEBUG /* basic double and add method */
+ l = mpl_significant_bits(&k) - 1;
+ MP_CHECKOK(mp_copy(&qx, &sx));
+ MP_CHECKOK(mp_copy(&qy, &sy));
+ for (i = l - 1; i >= 0; i--) {
+ /* S = 2S */
+ MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+ /* if k_i = 1, then S = S + Q */
+ if (mpl_get_bit(&k, i) != 0) {
+ MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+ }
+ }
+#else /* double and add/subtract method from \
+ * standard */
+ /* k3 = 3 * k */
+ MP_CHECKOK(mp_set_int(&k3, 3));
+ MP_CHECKOK(mp_mul(&k, &k3, &k3));
+ /* S = Q */
+ MP_CHECKOK(mp_copy(&qx, &sx));
+ MP_CHECKOK(mp_copy(&qy, &sy));
+ /* l = index of high order bit in binary representation of 3*k */
+ l = mpl_significant_bits(&k3) - 1;
+ /* for i = l-1 downto 1 */
+ for (i = l - 1; i >= 1; i--) {
+ /* S = 2S */
+ MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+ b3 = MP_GET_BIT(&k3, i);
+ b1 = MP_GET_BIT(&k, i);
+ /* if k3_i = 1 and k_i = 0, then S = S + Q */
+ if ((b3 == 1) && (b1 == 0)) {
+ MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+ /* if k3_i = 0 and k_i = 1, then S = S - Q */
+ } else if ((b3 == 0) && (b1 == 1)) {
+ MP_CHECKOK(group->point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
+ }
+ }
#endif
- /* output S */
- MP_CHECKOK(mp_copy(&sx, rx));
- MP_CHECKOK(mp_copy(&sy, ry));
+ /* output S */
+ MP_CHECKOK(mp_copy(&sx, rx));
+ MP_CHECKOK(mp_copy(&sy, ry));
- CLEANUP:
- mp_clear(&k);
- mp_clear(&k3);
- mp_clear(&qx);
- mp_clear(&qy);
- mp_clear(&sx);
- mp_clear(&sy);
- return res;
+CLEANUP:
+ mp_clear(&k);
+ mp_clear(&k3);
+ mp_clear(&qx);
+ mp_clear(&qy);
+ mp_clear(&sx);
+ mp_clear(&sy);
+ return res;
}
#endif
/* Validates a point on a GF2m curve. */
-mp_err
+mp_err
ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
{
- mp_err res = MP_NO;
- mp_int accl, accr, tmp, pxt, pyt;
+ mp_err res = MP_NO;
+ mp_int accl, accr, tmp, pxt, pyt;
- MP_DIGITS(&accl) = 0;
- MP_DIGITS(&accr) = 0;
- MP_DIGITS(&tmp) = 0;
- MP_DIGITS(&pxt) = 0;
- MP_DIGITS(&pyt) = 0;
- MP_CHECKOK(mp_init(&accl));
- MP_CHECKOK(mp_init(&accr));
- MP_CHECKOK(mp_init(&tmp));
- MP_CHECKOK(mp_init(&pxt));
- MP_CHECKOK(mp_init(&pyt));
+ MP_DIGITS(&accl) = 0;
+ MP_DIGITS(&accr) = 0;
+ MP_DIGITS(&tmp) = 0;
+ MP_DIGITS(&pxt) = 0;
+ MP_DIGITS(&pyt) = 0;
+ MP_CHECKOK(mp_init(&accl));
+ MP_CHECKOK(mp_init(&accr));
+ MP_CHECKOK(mp_init(&tmp));
+ MP_CHECKOK(mp_init(&pxt));
+ MP_CHECKOK(mp_init(&pyt));
/* 1: Verify that publicValue is not the point at infinity */
- if (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES) {
- res = MP_NO;
- goto CLEANUP;
- }
- /* 2: Verify that the coordinates of publicValue are elements
+ if (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
+ /* 2: Verify that the coordinates of publicValue are elements
* of the field.
*/
- if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) ||
- (MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
- res = MP_NO;
- goto CLEANUP;
- }
+ if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) ||
+ (MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
/* 3: Verify that publicValue is on the curve. */
- if (group->meth->field_enc) {
- group->meth->field_enc(px, &pxt, group->meth);
- group->meth->field_enc(py, &pyt, group->meth);
- } else {
- mp_copy(px, &pxt);
- mp_copy(py, &pyt);
- }
- /* left-hand side: y^2 + x*y */
- MP_CHECKOK( group->meth->field_sqr(&pyt, &accl, group->meth) );
- MP_CHECKOK( group->meth->field_mul(&pxt, &pyt, &tmp, group->meth) );
- MP_CHECKOK( group->meth->field_add(&accl, &tmp, &accl, group->meth) );
- /* right-hand side: x^3 + a*x^2 + b */
- MP_CHECKOK( group->meth->field_sqr(&pxt, &tmp, group->meth) );
- MP_CHECKOK( group->meth->field_mul(&pxt, &tmp, &accr, group->meth) );
- MP_CHECKOK( group->meth->field_mul(&group->curvea, &tmp, &tmp, group->meth) );
- MP_CHECKOK( group->meth->field_add(&tmp, &accr, &accr, group->meth) );
- MP_CHECKOK( group->meth->field_add(&accr, &group->curveb, &accr, group->meth) );
- /* check LHS - RHS == 0 */
- MP_CHECKOK( group->meth->field_add(&accl, &accr, &accr, group->meth) );
- if (mp_cmp_z(&accr) != 0) {
- res = MP_NO;
- goto CLEANUP;
- }
+ if (group->meth->field_enc) {
+ group->meth->field_enc(px, &pxt, group->meth);
+ group->meth->field_enc(py, &pyt, group->meth);
+ } else {
+ mp_copy(px, &pxt);
+ mp_copy(py, &pyt);
+ }
+ /* left-hand side: y^2 + x*y */
+ MP_CHECKOK(group->meth->field_sqr(&pyt, &accl, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&pxt, &pyt, &tmp, group->meth));
+ MP_CHECKOK(group->meth->field_add(&accl, &tmp, &accl, group->meth));
+ /* right-hand side: x^3 + a*x^2 + b */
+ MP_CHECKOK(group->meth->field_sqr(&pxt, &tmp, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&pxt, &tmp, &accr, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&group->curvea, &tmp, &tmp, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tmp, &accr, &accr, group->meth));
+ MP_CHECKOK(group->meth->field_add(&accr, &group->curveb, &accr, group->meth));
+ /* check LHS - RHS == 0 */
+ MP_CHECKOK(group->meth->field_add(&accl, &accr, &accr, group->meth));
+ if (mp_cmp_z(&accr) != 0) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
- MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
- if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
- res = MP_NO;
- goto CLEANUP;
- }
+ MP_CHECKOK(ECPoint_mul(group, &group->order, px, py, &pxt, &pyt));
+ if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
- res = MP_YES;
+ res = MP_YES;
CLEANUP:
- mp_clear(&accl);
- mp_clear(&accr);
- mp_clear(&tmp);
- mp_clear(&pxt);
- mp_clear(&pyt);
- return res;
+ mp_clear(&accl);
+ mp_clear(&accr);
+ mp_clear(&tmp);
+ mp_clear(&pxt);
+ mp_clear(&pyt);
+ return res;
}
diff --git a/lib/freebl/ecl/ec2_mont.c b/lib/freebl/ecl/ec2_mont.c
index 8d35f259b..c5b96359b 100644
--- a/lib/freebl/ecl/ec2_mont.c
+++ b/lib/freebl/ecl/ec2_mont.c
@@ -8,31 +8,30 @@
#include <stdlib.h>
/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery
- * projective coordinates. Uses algorithm Mdouble in appendix of Lopez, J.
+ * projective coordinates. Uses algorithm Mdouble in appendix of Lopez, J.
* and Dahab, R. "Fast multiplication on elliptic curves over GF(2^m)
* without precomputation". modified to not require precomputation of
* c=b^{2^{m-1}}. */
static mp_err
gf2m_Mdouble(mp_int *x, mp_int *z, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int t1;
-
- MP_DIGITS(&t1) = 0;
- MP_CHECKOK(mp_init(&t1));
-
- MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
- MP_CHECKOK(group->meth->field_sqr(z, &t1, group->meth));
- MP_CHECKOK(group->meth->field_mul(x, &t1, z, group->meth));
- MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
- MP_CHECKOK(group->meth->
- field_mul(&group->curveb, &t1, &t1, group->meth));
- MP_CHECKOK(group->meth->field_add(x, &t1, x, group->meth));
-
- CLEANUP:
- mp_clear(&t1);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int t1;
+
+ MP_DIGITS(&t1) = 0;
+ MP_CHECKOK(mp_init(&t1));
+
+ MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(z, &t1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(x, &t1, z, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&group->curveb, &t1, &t1, group->meth));
+ MP_CHECKOK(group->meth->field_add(x, &t1, x, group->meth));
+
+CLEANUP:
+ mp_clear(&t1);
+ return res;
}
/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in
@@ -41,29 +40,29 @@ gf2m_Mdouble(mp_int *x, mp_int *z, const ECGroup *group)
* GF(2^m) without precomputation". */
static mp_err
gf2m_Madd(const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, mp_int *z2,
- const ECGroup *group)
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int t1, t2;
-
- MP_DIGITS(&t1) = 0;
- MP_DIGITS(&t2) = 0;
- MP_CHECKOK(mp_init(&t1));
- MP_CHECKOK(mp_init(&t2));
-
- MP_CHECKOK(mp_copy(x, &t1));
- MP_CHECKOK(group->meth->field_mul(x1, z2, x1, group->meth));
- MP_CHECKOK(group->meth->field_mul(z1, x2, z1, group->meth));
- MP_CHECKOK(group->meth->field_mul(x1, z1, &t2, group->meth));
- MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
- MP_CHECKOK(group->meth->field_sqr(z1, z1, group->meth));
- MP_CHECKOK(group->meth->field_mul(z1, &t1, x1, group->meth));
- MP_CHECKOK(group->meth->field_add(x1, &t2, x1, group->meth));
-
- CLEANUP:
- mp_clear(&t1);
- mp_clear(&t2);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int t1, t2;
+
+ MP_DIGITS(&t1) = 0;
+ MP_DIGITS(&t2) = 0;
+ MP_CHECKOK(mp_init(&t1));
+ MP_CHECKOK(mp_init(&t2));
+
+ MP_CHECKOK(mp_copy(x, &t1));
+ MP_CHECKOK(group->meth->field_mul(x1, z2, x1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(z1, x2, z1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(x1, z1, &t2, group->meth));
+ MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(z1, z1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(z1, &t1, x1, group->meth));
+ MP_CHECKOK(group->meth->field_add(x1, &t2, x1, group->meth));
+
+CLEANUP:
+ mp_clear(&t1);
+ mp_clear(&t2);
+ return res;
}
/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
@@ -73,166 +72,159 @@ gf2m_Madd(const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, mp_int *z2,
* should be the point at infinity 2 otherwise */
static int
gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1,
- mp_int *x2, mp_int *z2, const ECGroup *group)
+ mp_int *x2, mp_int *z2, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- int ret = 0;
- mp_int t3, t4, t5;
-
- MP_DIGITS(&t3) = 0;
- MP_DIGITS(&t4) = 0;
- MP_DIGITS(&t5) = 0;
- MP_CHECKOK(mp_init(&t3));
- MP_CHECKOK(mp_init(&t4));
- MP_CHECKOK(mp_init(&t5));
-
- if (mp_cmp_z(z1) == 0) {
- mp_zero(x2);
- mp_zero(z2);
- ret = 1;
- goto CLEANUP;
- }
-
- if (mp_cmp_z(z2) == 0) {
- MP_CHECKOK(mp_copy(x, x2));
- MP_CHECKOK(group->meth->field_add(x, y, z2, group->meth));
- ret = 2;
- goto CLEANUP;
- }
-
- MP_CHECKOK(mp_set_int(&t5, 1));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->field_enc(&t5, &t5, group->meth));
- }
-
- MP_CHECKOK(group->meth->field_mul(z1, z2, &t3, group->meth));
-
- MP_CHECKOK(group->meth->field_mul(z1, x, z1, group->meth));
- MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
- MP_CHECKOK(group->meth->field_mul(z2, x, z2, group->meth));
- MP_CHECKOK(group->meth->field_mul(z2, x1, x1, group->meth));
- MP_CHECKOK(group->meth->field_add(z2, x2, z2, group->meth));
-
- MP_CHECKOK(group->meth->field_mul(z2, z1, z2, group->meth));
- MP_CHECKOK(group->meth->field_sqr(x, &t4, group->meth));
- MP_CHECKOK(group->meth->field_add(&t4, y, &t4, group->meth));
- MP_CHECKOK(group->meth->field_mul(&t4, &t3, &t4, group->meth));
- MP_CHECKOK(group->meth->field_add(&t4, z2, &t4, group->meth));
-
- MP_CHECKOK(group->meth->field_mul(&t3, x, &t3, group->meth));
- MP_CHECKOK(group->meth->field_div(&t5, &t3, &t3, group->meth));
- MP_CHECKOK(group->meth->field_mul(&t3, &t4, &t4, group->meth));
- MP_CHECKOK(group->meth->field_mul(x1, &t3, x2, group->meth));
- MP_CHECKOK(group->meth->field_add(x2, x, z2, group->meth));
-
- MP_CHECKOK(group->meth->field_mul(z2, &t4, z2, group->meth));
- MP_CHECKOK(group->meth->field_add(z2, y, z2, group->meth));
-
- ret = 2;
-
- CLEANUP:
- mp_clear(&t3);
- mp_clear(&t4);
- mp_clear(&t5);
- if (res == MP_OKAY) {
- return ret;
- } else {
- return 0;
- }
+ mp_err res = MP_OKAY;
+ int ret = 0;
+ mp_int t3, t4, t5;
+
+ MP_DIGITS(&t3) = 0;
+ MP_DIGITS(&t4) = 0;
+ MP_DIGITS(&t5) = 0;
+ MP_CHECKOK(mp_init(&t3));
+ MP_CHECKOK(mp_init(&t4));
+ MP_CHECKOK(mp_init(&t5));
+
+ if (mp_cmp_z(z1) == 0) {
+ mp_zero(x2);
+ mp_zero(z2);
+ ret = 1;
+ goto CLEANUP;
+ }
+
+ if (mp_cmp_z(z2) == 0) {
+ MP_CHECKOK(mp_copy(x, x2));
+ MP_CHECKOK(group->meth->field_add(x, y, z2, group->meth));
+ ret = 2;
+ goto CLEANUP;
+ }
+
+ MP_CHECKOK(mp_set_int(&t5, 1));
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(&t5, &t5, group->meth));
+ }
+
+ MP_CHECKOK(group->meth->field_mul(z1, z2, &t3, group->meth));
+
+ MP_CHECKOK(group->meth->field_mul(z1, x, z1, group->meth));
+ MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(z2, x, z2, group->meth));
+ MP_CHECKOK(group->meth->field_mul(z2, x1, x1, group->meth));
+ MP_CHECKOK(group->meth->field_add(z2, x2, z2, group->meth));
+
+ MP_CHECKOK(group->meth->field_mul(z2, z1, z2, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(x, &t4, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t4, y, &t4, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&t4, &t3, &t4, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t4, z2, &t4, group->meth));
+
+ MP_CHECKOK(group->meth->field_mul(&t3, x, &t3, group->meth));
+ MP_CHECKOK(group->meth->field_div(&t5, &t3, &t3, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&t3, &t4, &t4, group->meth));
+ MP_CHECKOK(group->meth->field_mul(x1, &t3, x2, group->meth));
+ MP_CHECKOK(group->meth->field_add(x2, x, z2, group->meth));
+
+ MP_CHECKOK(group->meth->field_mul(z2, &t4, z2, group->meth));
+ MP_CHECKOK(group->meth->field_add(z2, y, z2, group->meth));
+
+ ret = 2;
+
+CLEANUP:
+ mp_clear(&t3);
+ mp_clear(&t4);
+ mp_clear(&t5);
+ if (res == MP_OKAY) {
+ return ret;
+ } else {
+ return 0;
+ }
}
-/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R. "Fast
+/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R. "Fast
* multiplication on elliptic curves over GF(2^m) without
* precomputation". Elliptic curve points P and R can be identical. Uses
* Montgomery projective coordinates. */
mp_err
ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int x1, x2, z1, z2;
- int i, j;
- mp_digit top_bit, mask;
-
- MP_DIGITS(&x1) = 0;
- MP_DIGITS(&x2) = 0;
- MP_DIGITS(&z1) = 0;
- MP_DIGITS(&z2) = 0;
- MP_CHECKOK(mp_init(&x1));
- MP_CHECKOK(mp_init(&x2));
- MP_CHECKOK(mp_init(&z1));
- MP_CHECKOK(mp_init(&z2));
-
- /* if result should be point at infinity */
- if ((mp_cmp_z(n) == 0) || (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES)) {
- MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
- goto CLEANUP;
- }
-
- MP_CHECKOK(mp_copy(px, &x1)); /* x1 = px */
- MP_CHECKOK(mp_set_int(&z1, 1)); /* z1 = 1 */
- MP_CHECKOK(group->meth->field_sqr(&x1, &z2, group->meth)); /* z2 =
- * x1^2 =
- * px^2 */
- MP_CHECKOK(group->meth->field_sqr(&z2, &x2, group->meth));
- MP_CHECKOK(group->meth->field_add(&x2, &group->curveb, &x2, group->meth)); /* x2
- * =
- * px^4
- * +
- * b
- */
-
- /* find top-most bit and go one past it */
- i = MP_USED(n) - 1;
- j = MP_DIGIT_BIT - 1;
- top_bit = 1;
- top_bit <<= MP_DIGIT_BIT - 1;
- mask = top_bit;
- while (!(MP_DIGITS(n)[i] & mask)) {
- mask >>= 1;
- j--;
- }
- mask >>= 1;
- j--;
-
- /* if top most bit was at word break, go to next word */
- if (!mask) {
- i--;
- j = MP_DIGIT_BIT - 1;
- mask = top_bit;
- }
-
- for (; i >= 0; i--) {
- for (; j >= 0; j--) {
- if (MP_DIGITS(n)[i] & mask) {
- MP_CHECKOK(gf2m_Madd(px, &x1, &z1, &x2, &z2, group));
- MP_CHECKOK(gf2m_Mdouble(&x2, &z2, group));
- } else {
- MP_CHECKOK(gf2m_Madd(px, &x2, &z2, &x1, &z1, group));
- MP_CHECKOK(gf2m_Mdouble(&x1, &z1, group));
- }
- mask >>= 1;
- }
- j = MP_DIGIT_BIT - 1;
- mask = top_bit;
- }
-
- /* convert out of "projective" coordinates */
- i = gf2m_Mxy(px, py, &x1, &z1, &x2, &z2, group);
- if (i == 0) {
- res = MP_BADARG;
- goto CLEANUP;
- } else if (i == 1) {
- MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
- } else {
- MP_CHECKOK(mp_copy(&x2, rx));
- MP_CHECKOK(mp_copy(&z2, ry));
- }
-
- CLEANUP:
- mp_clear(&x1);
- mp_clear(&x2);
- mp_clear(&z1);
- mp_clear(&z2);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int x1, x2, z1, z2;
+ int i, j;
+ mp_digit top_bit, mask;
+
+ MP_DIGITS(&x1) = 0;
+ MP_DIGITS(&x2) = 0;
+ MP_DIGITS(&z1) = 0;
+ MP_DIGITS(&z2) = 0;
+ MP_CHECKOK(mp_init(&x1));
+ MP_CHECKOK(mp_init(&x2));
+ MP_CHECKOK(mp_init(&z1));
+ MP_CHECKOK(mp_init(&z2));
+
+ /* if result should be point at infinity */
+ if ((mp_cmp_z(n) == 0) || (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES)) {
+ MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+ goto CLEANUP;
+ }
+
+ MP_CHECKOK(mp_copy(px, &x1)); /* x1 = px */
+ MP_CHECKOK(mp_set_int(&z1, 1)); /* z1 = 1 */
+ MP_CHECKOK(group->meth->field_sqr(&x1, &z2, group->meth)); /* z2 = x1^2 = px^2 */
+ MP_CHECKOK(group->meth->field_sqr(&z2, &x2, group->meth));
+ MP_CHECKOK(group->meth->field_add(&x2, &group->curveb, &x2, group->meth)); /* x2 = px^4 + b */
+
+ /* find top-most bit and go one past it */
+ i = MP_USED(n) - 1;
+ j = MP_DIGIT_BIT - 1;
+ top_bit = 1;
+ top_bit <<= MP_DIGIT_BIT - 1;
+ mask = top_bit;
+ while (!(MP_DIGITS(n)[i] & mask)) {
+ mask >>= 1;
+ j--;
+ }
+ mask >>= 1;
+ j--;
+
+ /* if top most bit was at word break, go to next word */
+ if (!mask) {
+ i--;
+ j = MP_DIGIT_BIT - 1;
+ mask = top_bit;
+ }
+
+ for (; i >= 0; i--) {
+ for (; j >= 0; j--) {
+ if (MP_DIGITS(n)[i] & mask) {
+ MP_CHECKOK(gf2m_Madd(px, &x1, &z1, &x2, &z2, group));
+ MP_CHECKOK(gf2m_Mdouble(&x2, &z2, group));
+ } else {
+ MP_CHECKOK(gf2m_Madd(px, &x2, &z2, &x1, &z1, group));
+ MP_CHECKOK(gf2m_Mdouble(&x1, &z1, group));
+ }
+ mask >>= 1;
+ }
+ j = MP_DIGIT_BIT - 1;
+ mask = top_bit;
+ }
+
+ /* convert out of "projective" coordinates */
+ i = gf2m_Mxy(px, py, &x1, &z1, &x2, &z2, group);
+ if (i == 0) {
+ res = MP_BADARG;
+ goto CLEANUP;
+ } else if (i == 1) {
+ MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+ } else {
+ MP_CHECKOK(mp_copy(&x2, rx));
+ MP_CHECKOK(mp_copy(&z2, ry));
+ }
+
+CLEANUP:
+ mp_clear(&x1);
+ mp_clear(&x2);
+ mp_clear(&z1);
+ mp_clear(&z2);
+ return res;
}
diff --git a/lib/freebl/ecl/ec2_proj.c b/lib/freebl/ecl/ec2_proj.c
index 937898244..3edf7a30e 100644
--- a/lib/freebl/ecl/ec2_proj.c
+++ b/lib/freebl/ecl/ec2_proj.c
@@ -13,22 +13,22 @@
/* by default, these routines are unused and thus don't need to be compiled */
#ifdef ECL_ENABLE_GF2M_PROJ
/* Converts a point P(px, py) from affine coordinates to projective
- * coordinates R(rx, ry, rz). Assumes input is already field-encoded using
+ * coordinates R(rx, ry, rz). Assumes input is already field-encoded using
* field_enc, and returns output that is still field-encoded. */
mp_err
ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, mp_int *rz, const ECGroup *group)
+ mp_int *ry, mp_int *rz, const ECGroup *group)
{
- mp_err res = MP_OKAY;
-
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- MP_CHECKOK(mp_set_int(rz, 1));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
- }
- CLEANUP:
- return res;
+ mp_err res = MP_OKAY;
+
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ MP_CHECKOK(mp_set_int(rz, 1));
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
+ }
+CLEANUP:
+ return res;
}
/* Converts a point P(px, py, pz) from projective coordinates to affine
@@ -37,46 +37,46 @@ ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
* is still field-encoded. */
mp_err
ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int z1, z2;
-
- MP_DIGITS(&z1) = 0;
- MP_DIGITS(&z2) = 0;
- MP_CHECKOK(mp_init(&z1));
- MP_CHECKOK(mp_init(&z2));
-
- /* if point at infinity, then set point at infinity and exit */
- if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
- MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
- goto CLEANUP;
- }
-
- /* transform (px, py, pz) into (px / pz, py / pz^2) */
- if (mp_cmp_d(pz, 1) == 0) {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- } else {
- MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
- MP_CHECKOK(group->meth->field_mul(px, &z1, rx, group->meth));
- MP_CHECKOK(group->meth->field_mul(py, &z2, ry, group->meth));
- }
-
- CLEANUP:
- mp_clear(&z1);
- mp_clear(&z2);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int z1, z2;
+
+ MP_DIGITS(&z1) = 0;
+ MP_DIGITS(&z2) = 0;
+ MP_CHECKOK(mp_init(&z1));
+ MP_CHECKOK(mp_init(&z2));
+
+ /* if point at infinity, then set point at infinity and exit */
+ if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+ MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+ goto CLEANUP;
+ }
+
+ /* transform (px, py, pz) into (px / pz, py / pz^2) */
+ if (mp_cmp_d(pz, 1) == 0) {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ } else {
+ MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
+ MP_CHECKOK(group->meth->field_mul(px, &z1, rx, group->meth));
+ MP_CHECKOK(group->meth->field_mul(py, &z2, ry, group->meth));
+ }
+
+CLEANUP:
+ mp_clear(&z1);
+ mp_clear(&z2);
+ return res;
}
/* Checks if point P(px, py, pz) is at infinity. Uses projective
* coordinates. */
mp_err
ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
- const mp_int *pz)
+ const mp_int *pz)
{
- return mp_cmp_z(pz);
+ return mp_cmp_z(pz);
}
/* Sets P(px, py, pz) to be the point at infinity. Uses projective
@@ -84,8 +84,8 @@ ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
mp_err
ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz)
{
- mp_zero(pz);
- return MP_OKAY;
+ mp_zero(pz);
+ return MP_OKAY;
}
/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
@@ -97,154 +97,151 @@ ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz)
* Fields. */
mp_err
ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, mp_int *rz, const ECGroup *group)
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, mp_int *rz, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int A, B, C, D, E, F, G;
-
- /* If either P or Q is the point at infinity, then return the other
- * point */
- if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
- return ec_GF2m_pt_aff2proj(qx, qy, rx, ry, rz, group);
- }
- if (ec_GF2m_pt_is_inf_aff(qx, qy) == MP_YES) {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- return mp_copy(pz, rz);
- }
-
- MP_DIGITS(&A) = 0;
- MP_DIGITS(&B) = 0;
- MP_DIGITS(&C) = 0;
- MP_DIGITS(&D) = 0;
- MP_DIGITS(&E) = 0;
- MP_DIGITS(&F) = 0;
- MP_DIGITS(&G) = 0;
- MP_CHECKOK(mp_init(&A));
- MP_CHECKOK(mp_init(&B));
- MP_CHECKOK(mp_init(&C));
- MP_CHECKOK(mp_init(&D));
- MP_CHECKOK(mp_init(&E));
- MP_CHECKOK(mp_init(&F));
- MP_CHECKOK(mp_init(&G));
-
- /* D = pz^2 */
- MP_CHECKOK(group->meth->field_sqr(pz, &D, group->meth));
-
- /* A = qy * pz^2 + py */
- MP_CHECKOK(group->meth->field_mul(qy, &D, &A, group->meth));
- MP_CHECKOK(group->meth->field_add(&A, py, &A, group->meth));
-
- /* B = qx * pz + px */
- MP_CHECKOK(group->meth->field_mul(qx, pz, &B, group->meth));
- MP_CHECKOK(group->meth->field_add(&B, px, &B, group->meth));
-
- /* C = pz * B */
- MP_CHECKOK(group->meth->field_mul(pz, &B, &C, group->meth));
-
- /* D = B^2 * (C + a * pz^2) (using E as a temporary variable) */
- MP_CHECKOK(group->meth->
- field_mul(&group->curvea, &D, &D, group->meth));
- MP_CHECKOK(group->meth->field_add(&C, &D, &D, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&B, &E, group->meth));
- MP_CHECKOK(group->meth->field_mul(&E, &D, &D, group->meth));
-
- /* rz = C^2 */
- MP_CHECKOK(group->meth->field_sqr(&C, rz, group->meth));
-
- /* E = A * C */
- MP_CHECKOK(group->meth->field_mul(&A, &C, &E, group->meth));
-
- /* rx = A^2 + D + E */
- MP_CHECKOK(group->meth->field_sqr(&A, rx, group->meth));
- MP_CHECKOK(group->meth->field_add(rx, &D, rx, group->meth));
- MP_CHECKOK(group->meth->field_add(rx, &E, rx, group->meth));
-
- /* F = rx + qx * rz */
- MP_CHECKOK(group->meth->field_mul(qx, rz, &F, group->meth));
- MP_CHECKOK(group->meth->field_add(rx, &F, &F, group->meth));
-
- /* G = rx + qy * rz */
- MP_CHECKOK(group->meth->field_mul(qy, rz, &G, group->meth));
- MP_CHECKOK(group->meth->field_add(rx, &G, &G, group->meth));
-
- /* ry = E * F + rz * G (using G as a temporary variable) */
- MP_CHECKOK(group->meth->field_mul(rz, &G, &G, group->meth));
- MP_CHECKOK(group->meth->field_mul(&E, &F, ry, group->meth));
- MP_CHECKOK(group->meth->field_add(ry, &G, ry, group->meth));
-
- CLEANUP:
- mp_clear(&A);
- mp_clear(&B);
- mp_clear(&C);
- mp_clear(&D);
- mp_clear(&E);
- mp_clear(&F);
- mp_clear(&G);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int A, B, C, D, E, F, G;
+
+ /* If either P or Q is the point at infinity, then return the other
+ * point */
+ if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+ return ec_GF2m_pt_aff2proj(qx, qy, rx, ry, rz, group);
+ }
+ if (ec_GF2m_pt_is_inf_aff(qx, qy) == MP_YES) {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ return mp_copy(pz, rz);
+ }
+
+ MP_DIGITS(&A) = 0;
+ MP_DIGITS(&B) = 0;
+ MP_DIGITS(&C) = 0;
+ MP_DIGITS(&D) = 0;
+ MP_DIGITS(&E) = 0;
+ MP_DIGITS(&F) = 0;
+ MP_DIGITS(&G) = 0;
+ MP_CHECKOK(mp_init(&A));
+ MP_CHECKOK(mp_init(&B));
+ MP_CHECKOK(mp_init(&C));
+ MP_CHECKOK(mp_init(&D));
+ MP_CHECKOK(mp_init(&E));
+ MP_CHECKOK(mp_init(&F));
+ MP_CHECKOK(mp_init(&G));
+
+ /* D = pz^2 */
+ MP_CHECKOK(group->meth->field_sqr(pz, &D, group->meth));
+
+ /* A = qy * pz^2 + py */
+ MP_CHECKOK(group->meth->field_mul(qy, &D, &A, group->meth));
+ MP_CHECKOK(group->meth->field_add(&A, py, &A, group->meth));
+
+ /* B = qx * pz + px */
+ MP_CHECKOK(group->meth->field_mul(qx, pz, &B, group->meth));
+ MP_CHECKOK(group->meth->field_add(&B, px, &B, group->meth));
+
+ /* C = pz * B */
+ MP_CHECKOK(group->meth->field_mul(pz, &B, &C, group->meth));
+
+ /* D = B^2 * (C + a * pz^2) (using E as a temporary variable) */
+ MP_CHECKOK(group->meth->field_mul(&group->curvea, &D, &D, group->meth));
+ MP_CHECKOK(group->meth->field_add(&C, &D, &D, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&B, &E, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&E, &D, &D, group->meth));
+
+ /* rz = C^2 */
+ MP_CHECKOK(group->meth->field_sqr(&C, rz, group->meth));
+
+ /* E = A * C */
+ MP_CHECKOK(group->meth->field_mul(&A, &C, &E, group->meth));
+
+ /* rx = A^2 + D + E */
+ MP_CHECKOK(group->meth->field_sqr(&A, rx, group->meth));
+ MP_CHECKOK(group->meth->field_add(rx, &D, rx, group->meth));
+ MP_CHECKOK(group->meth->field_add(rx, &E, rx, group->meth));
+
+ /* F = rx + qx * rz */
+ MP_CHECKOK(group->meth->field_mul(qx, rz, &F, group->meth));
+ MP_CHECKOK(group->meth->field_add(rx, &F, &F, group->meth));
+
+ /* G = rx + qy * rz */
+ MP_CHECKOK(group->meth->field_mul(qy, rz, &G, group->meth));
+ MP_CHECKOK(group->meth->field_add(rx, &G, &G, group->meth));
+
+ /* ry = E * F + rz * G (using G as a temporary variable) */
+ MP_CHECKOK(group->meth->field_mul(rz, &G, &G, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&E, &F, ry, group->meth));
+ MP_CHECKOK(group->meth->field_add(ry, &G, ry, group->meth));
+
+CLEANUP:
+ mp_clear(&A);
+ mp_clear(&B);
+ mp_clear(&C);
+ mp_clear(&D);
+ mp_clear(&E);
+ mp_clear(&F);
+ mp_clear(&G);
+ return res;
}
-/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
+/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
* projective coordinates.
*
- * Assumes input is already field-encoded using field_enc, and returns
+ * Assumes input is already field-encoded using field_enc, and returns
* output that is still field-encoded.
*
- * Uses equation (3) from Hankerson, Hernandez, Menezes. Software
+ * Uses equation (3) from Hankerson, Hernandez, Menezes. Software
* Implementation of Elliptic Curve Cryptography Over Binary Fields.
*/
mp_err
ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
- mp_int *rx, mp_int *ry, mp_int *rz,
- const ECGroup *group)
+ mp_int *rx, mp_int *ry, mp_int *rz,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int t0, t1;
-
- if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
- return ec_GF2m_pt_set_inf_proj(rx, ry, rz);
- }
-
- MP_DIGITS(&t0) = 0;
- MP_DIGITS(&t1) = 0;
- MP_CHECKOK(mp_init(&t0));
- MP_CHECKOK(mp_init(&t1));
-
- /* t0 = px^2 */
- /* t1 = pz^2 */
- MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
- MP_CHECKOK(group->meth->field_sqr(pz, &t1, group->meth));
-
- /* rz = px^2 * pz^2 */
- MP_CHECKOK(group->meth->field_mul(&t0, &t1, rz, group->meth));
-
- /* t0 = px^4 */
- /* t1 = b * pz^4 */
- MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
- MP_CHECKOK(group->meth->
- field_mul(&group->curveb, &t1, &t1, group->meth));
-
- /* rx = px^4 + b * pz^4 */
- MP_CHECKOK(group->meth->field_add(&t0, &t1, rx, group->meth));
-
- /* ry = b * pz^4 * rz + rx * (a * rz + py^2 + b * pz^4) */
- MP_CHECKOK(group->meth->field_sqr(py, ry, group->meth));
- MP_CHECKOK(group->meth->field_add(ry, &t1, ry, group->meth));
- /* t0 = a * rz */
- MP_CHECKOK(group->meth->
- field_mul(&group->curvea, rz, &t0, group->meth));
- MP_CHECKOK(group->meth->field_add(&t0, ry, ry, group->meth));
- MP_CHECKOK(group->meth->field_mul(rx, ry, ry, group->meth));
- /* t1 = b * pz^4 * rz */
- MP_CHECKOK(group->meth->field_mul(&t1, rz, &t1, group->meth));
- MP_CHECKOK(group->meth->field_add(&t1, ry, ry, group->meth));
-
- CLEANUP:
- mp_clear(&t0);
- mp_clear(&t1);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int t0, t1;
+
+ if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+ return ec_GF2m_pt_set_inf_proj(rx, ry, rz);
+ }
+
+ MP_DIGITS(&t0) = 0;
+ MP_DIGITS(&t1) = 0;
+ MP_CHECKOK(mp_init(&t0));
+ MP_CHECKOK(mp_init(&t1));
+
+ /* t0 = px^2 */
+ /* t1 = pz^2 */
+ MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(pz, &t1, group->meth));
+
+ /* rz = px^2 * pz^2 */
+ MP_CHECKOK(group->meth->field_mul(&t0, &t1, rz, group->meth));
+
+ /* t0 = px^4 */
+ /* t1 = b * pz^4 */
+ MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&group->curveb, &t1, &t1, group->meth));
+
+ /* rx = px^4 + b * pz^4 */
+ MP_CHECKOK(group->meth->field_add(&t0, &t1, rx, group->meth));
+
+ /* ry = b * pz^4 * rz + rx * (a * rz + py^2 + b * pz^4) */
+ MP_CHECKOK(group->meth->field_sqr(py, ry, group->meth));
+ MP_CHECKOK(group->meth->field_add(ry, &t1, ry, group->meth));
+ /* t0 = a * rz */
+ MP_CHECKOK(group->meth->field_mul(&group->curvea, rz, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t0, ry, ry, group->meth));
+ MP_CHECKOK(group->meth->field_mul(rx, ry, ry, group->meth));
+ /* t1 = b * pz^4 * rz */
+ MP_CHECKOK(group->meth->field_mul(&t1, rz, &t1, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t1, ry, ry, group->meth));
+
+CLEANUP:
+ mp_clear(&t0);
+ mp_clear(&t1);
+ return res;
}
/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
@@ -255,79 +252,77 @@ ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
* field-encoded. Uses 4-bit window method. */
mp_err
ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int precomp[16][2], rz;
- mp_digit precomp_arr[ECL_MAX_FIELD_SIZE_DIGITS * 16 * 2], *t;
- int i, ni, d;
-
- ARGCHK(group != NULL, MP_BADARG);
- ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
-
- /* initialize precomputation table */
- t = precomp_arr;
- for (i = 0; i < 16; i++) {
- /* x co-ord */
- MP_SIGN(&precomp[i][0]) = MP_ZPOS;
- MP_ALLOC(&precomp[i][0]) = ECL_MAX_FIELD_SIZE_DIGITS;
- MP_USED(&precomp[i][0]) = 1;
- *t = 0;
- MP_DIGITS(&precomp[i][0]) = t;
- t += ECL_MAX_FIELD_SIZE_DIGITS;
- /* y co-ord */
- MP_SIGN(&precomp[i][1]) = MP_ZPOS;
- MP_ALLOC(&precomp[i][1]) = ECL_MAX_FIELD_SIZE_DIGITS;
- MP_USED(&precomp[i][1]) = 1;
- *t = 0;
- MP_DIGITS(&precomp[i][1]) = t;
- t += ECL_MAX_FIELD_SIZE_DIGITS;
- }
-
- /* fill precomputation table */
- mp_zero(&precomp[0][0]);
- mp_zero(&precomp[0][1]);
- MP_CHECKOK(mp_copy(px, &precomp[1][0]));
- MP_CHECKOK(mp_copy(py, &precomp[1][1]));
- for (i = 2; i < 16; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[1][0], &precomp[1][1],
- &precomp[i - 1][0], &precomp[i - 1][1],
- &precomp[i][0], &precomp[i][1], group));
- }
-
- d = (mpl_significant_bits(n) + 3) / 4;
-
- /* R = inf */
- MP_DIGITS(&rz) = 0;
- MP_CHECKOK(mp_init(&rz));
- MP_CHECKOK(ec_GF2m_pt_set_inf_proj(rx, ry, &rz));
-
- for (i = d - 1; i >= 0; i--) {
- /* compute window ni */
- ni = MP_GET_BIT(n, 4 * i + 3);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i + 2);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i + 1);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i);
- /* R = 2^4 * R */
- MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
- MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
- MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
- MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
- /* R = R + (ni * P) */
- MP_CHECKOK(ec_GF2m_pt_add_proj
- (rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
- &rz, group));
- }
-
- /* convert result S to affine coordinates */
- MP_CHECKOK(ec_GF2m_pt_proj2aff(rx, ry, &rz, rx, ry, group));
-
- CLEANUP:
- mp_clear(&rz);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int precomp[16][2], rz;
+ mp_digit precomp_arr[ECL_MAX_FIELD_SIZE_DIGITS * 16 * 2], *t;
+ int i, ni, d;
+
+ ARGCHK(group != NULL, MP_BADARG);
+ ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+ /* initialize precomputation table */
+ t = precomp_arr;
+ for (i = 0; i < 16; i++) {
+ /* x co-ord */
+ MP_SIGN(&precomp[i][0]) = MP_ZPOS;
+ MP_ALLOC(&precomp[i][0]) = ECL_MAX_FIELD_SIZE_DIGITS;
+ MP_USED(&precomp[i][0]) = 1;
+ *t = 0;
+ MP_DIGITS(&precomp[i][0]) = t;
+ t += ECL_MAX_FIELD_SIZE_DIGITS;
+ /* y co-ord */
+ MP_SIGN(&precomp[i][1]) = MP_ZPOS;
+ MP_ALLOC(&precomp[i][1]) = ECL_MAX_FIELD_SIZE_DIGITS;
+ MP_USED(&precomp[i][1]) = 1;
+ *t = 0;
+ MP_DIGITS(&precomp[i][1]) = t;
+ t += ECL_MAX_FIELD_SIZE_DIGITS;
+ }
+
+ /* fill precomputation table */
+ mp_zero(&precomp[0][0]);
+ mp_zero(&precomp[0][1]);
+ MP_CHECKOK(mp_copy(px, &precomp[1][0]));
+ MP_CHECKOK(mp_copy(py, &precomp[1][1]));
+ for (i = 2; i < 16; i++) {
+ MP_CHECKOK(group->point_add(&precomp[1][0], &precomp[1][1],
+ &precomp[i - 1][0], &precomp[i - 1][1],
+ &precomp[i][0], &precomp[i][1], group));
+ }
+
+ d = (mpl_significant_bits(n) + 3) / 4;
+
+ /* R = inf */
+ MP_DIGITS(&rz) = 0;
+ MP_CHECKOK(mp_init(&rz));
+ MP_CHECKOK(ec_GF2m_pt_set_inf_proj(rx, ry, &rz));
+
+ for (i = d - 1; i >= 0; i--) {
+ /* compute window ni */
+ ni = MP_GET_BIT(n, 4 * i + 3);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i + 2);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i + 1);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i);
+ /* R = 2^4 * R */
+ MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+ MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+ MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+ MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+ /* R = R + (ni * P) */
+ MP_CHECKOK(ec_GF2m_pt_add_proj(rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
+ &rz, group));
+ }
+
+ /* convert result S to affine coordinates */
+ MP_CHECKOK(ec_GF2m_pt_proj2aff(rx, ry, &rz, rx, ry, group));
+
+CLEANUP:
+ mp_clear(&rz);
+ return res;
}
#endif
diff --git a/lib/freebl/ecl/ec_naf.c b/lib/freebl/ecl/ec_naf.c
index 20892f09d..cad08cb27 100644
--- a/lib/freebl/ecl/ec_naf.c
+++ b/lib/freebl/ecl/ec_naf.c
@@ -4,22 +4,22 @@
#include "ecl-priv.h"
-/* Returns 2^e as an integer. This is meant to be used for small powers of
+/* Returns 2^e as an integer. This is meant to be used for small powers of
* two. */
int
ec_twoTo(int e)
{
- int a = 1;
- int i;
+ int a = 1;
+ int i;
- for (i = 0; i < e; i++) {
- a *= 2;
- }
- return a;
+ for (i = 0; i < e; i++) {
+ a *= 2;
+ }
+ return a;
}
/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
- * be an array of signed char's to output to, bitsize should be the number
+ * be an array of signed char's to output to, bitsize should be the number
* of bits of out, in is the original scalar, and w is the window size.
* NAF is discussed in the paper: D. Hankerson, J. Hernandez and A.
* Menezes, "Software implementation of elliptic curve cryptography over
@@ -27,43 +27,42 @@ ec_twoTo(int e)
mp_err
ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in, int w)
{
- mp_int k;
- mp_err res = MP_OKAY;
- int i, twowm1, mask;
+ mp_int k;
+ mp_err res = MP_OKAY;
+ int i, twowm1, mask;
- twowm1 = ec_twoTo(w - 1);
- mask = 2 * twowm1 - 1;
+ twowm1 = ec_twoTo(w - 1);
+ mask = 2 * twowm1 - 1;
- MP_DIGITS(&k) = 0;
- MP_CHECKOK(mp_init_copy(&k, in));
+ MP_DIGITS(&k) = 0;
+ MP_CHECKOK(mp_init_copy(&k, in));
- i = 0;
- /* Compute wNAF form */
- while (mp_cmp_z(&k) > 0) {
- if (mp_isodd(&k)) {
- out[i] = MP_DIGIT(&k, 0) & mask;
- if (out[i] >= twowm1)
- out[i] -= 2 * twowm1;
-
- /* Subtract off out[i]. Note mp_sub_d only works with
- * unsigned digits */
- if (out[i] >= 0) {
- MP_CHECKOK(mp_sub_d(&k, out[i], &k));
- } else {
- MP_CHECKOK(mp_add_d(&k, -(out[i]), &k));
- }
- } else {
- out[i] = 0;
- }
- MP_CHECKOK(mp_div_2(&k, &k));
- i++;
- }
- /* Zero out the remaining elements of the out array. */
- for (; i < bitsize + 1; i++) {
- out[i] = 0;
- }
- CLEANUP:
- mp_clear(&k);
- return res;
+ i = 0;
+ /* Compute wNAF form */
+ while (mp_cmp_z(&k) > 0) {
+ if (mp_isodd(&k)) {
+ out[i] = MP_DIGIT(&k, 0) & mask;
+ if (out[i] >= twowm1)
+ out[i] -= 2 * twowm1;
+ /* Subtract off out[i]. Note mp_sub_d only works with
+ * unsigned digits */
+ if (out[i] >= 0) {
+ MP_CHECKOK(mp_sub_d(&k, out[i], &k));
+ } else {
+ MP_CHECKOK(mp_add_d(&k, -(out[i]), &k));
+ }
+ } else {
+ out[i] = 0;
+ }
+ MP_CHECKOK(mp_div_2(&k, &k));
+ i++;
+ }
+ /* Zero out the remaining elements of the out array. */
+ for (; i < bitsize + 1; i++) {
+ out[i] = 0;
+ }
+CLEANUP:
+ mp_clear(&k);
+ return res;
}
diff --git a/lib/freebl/ecl/ecl-curve.h b/lib/freebl/ecl/ecl-curve.h
index d81d6dfdc..c295dd820 100644
--- a/lib/freebl/ecl/ecl-curve.h
+++ b/lib/freebl/ecl/ecl-curve.h
@@ -13,98 +13,98 @@
#endif
static const ECCurveParams ecCurve_NIST_P256 = {
- "NIST-P256", ECField_GFp, 256,
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
- "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
- "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
- "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
- "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1
+ "NIST-P256", ECField_GFp, 256,
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1
};
static const ECCurveParams ecCurve_NIST_P384 = {
- "NIST-P384", ECField_GFp, 384,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
- "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
- "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
- "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
- 1
+ "NIST-P384", ECField_GFp, 384,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+ 1
};
static const ECCurveParams ecCurve_NIST_P521 = {
- "NIST-P521", ECField_GFp, 521,
- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
- "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
- "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
- "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
- 1
+ "NIST-P521", ECField_GFp, 521,
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+ "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+ "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+ 1
};
/* mapping between ECCurveName enum and pointers to ECCurveParams */
static const ECCurveParams *ecCurve_map[] = {
- NULL, /* ECCurve_noName */
- NULL, /* ECCurve_NIST_P192 */
- NULL, /* ECCurve_NIST_P224 */
- &ecCurve_NIST_P256, /* ECCurve_NIST_P256 */
- &ecCurve_NIST_P384, /* ECCurve_NIST_P384 */
- &ecCurve_NIST_P521, /* ECCurve_NIST_P521 */
- NULL, /* ECCurve_NIST_K163 */
- NULL, /* ECCurve_NIST_B163 */
- NULL, /* ECCurve_NIST_K233 */
- NULL, /* ECCurve_NIST_B233 */
- NULL, /* ECCurve_NIST_K283 */
- NULL, /* ECCurve_NIST_B283 */
- NULL, /* ECCurve_NIST_K409 */
- NULL, /* ECCurve_NIST_B409 */
- NULL, /* ECCurve_NIST_K571 */
- NULL, /* ECCurve_NIST_B571 */
- NULL, /* ECCurve_X9_62_PRIME_192V2 */
- NULL, /* ECCurve_X9_62_PRIME_192V3 */
- NULL, /* ECCurve_X9_62_PRIME_239V1 */
- NULL, /* ECCurve_X9_62_PRIME_239V2 */
- NULL, /* ECCurve_X9_62_PRIME_239V3 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB163V1 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB163V2 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB163V3 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB176V1 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB191V1 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB191V2 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB191V3 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB208W1 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB239V1 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB239V2 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB239V3 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB272W1 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB304W1 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB359V1 */
- NULL, /* ECCurve_X9_62_CHAR2_PNB368W1 */
- NULL, /* ECCurve_X9_62_CHAR2_TNB431R1 */
- NULL, /* ECCurve_SECG_PRIME_112R1 */
- NULL, /* ECCurve_SECG_PRIME_112R2 */
- NULL, /* ECCurve_SECG_PRIME_128R1 */
- NULL, /* ECCurve_SECG_PRIME_128R2 */
- NULL, /* ECCurve_SECG_PRIME_160K1 */
- NULL, /* ECCurve_SECG_PRIME_160R1 */
- NULL, /* ECCurve_SECG_PRIME_160R2 */
- NULL, /* ECCurve_SECG_PRIME_192K1 */
- NULL, /* ECCurve_SECG_PRIME_224K1 */
- NULL, /* ECCurve_SECG_PRIME_256K1 */
- NULL, /* ECCurve_SECG_CHAR2_113R1 */
- NULL, /* ECCurve_SECG_CHAR2_113R2 */
- NULL, /* ECCurve_SECG_CHAR2_131R1 */
- NULL, /* ECCurve_SECG_CHAR2_131R2 */
- NULL, /* ECCurve_SECG_CHAR2_163R1 */
- NULL, /* ECCurve_SECG_CHAR2_193R1 */
- NULL, /* ECCurve_SECG_CHAR2_193R2 */
- NULL, /* ECCurve_SECG_CHAR2_239K1 */
- NULL, /* ECCurve_WTLS_1 */
- NULL, /* ECCurve_WTLS_8 */
- NULL, /* ECCurve_WTLS_9 */
- NULL /* ECCurve_pastLastCurve */
+ NULL, /* ECCurve_noName */
+ NULL, /* ECCurve_NIST_P192 */
+ NULL, /* ECCurve_NIST_P224 */
+ &ecCurve_NIST_P256, /* ECCurve_NIST_P256 */
+ &ecCurve_NIST_P384, /* ECCurve_NIST_P384 */
+ &ecCurve_NIST_P521, /* ECCurve_NIST_P521 */
+ NULL, /* ECCurve_NIST_K163 */
+ NULL, /* ECCurve_NIST_B163 */
+ NULL, /* ECCurve_NIST_K233 */
+ NULL, /* ECCurve_NIST_B233 */
+ NULL, /* ECCurve_NIST_K283 */
+ NULL, /* ECCurve_NIST_B283 */
+ NULL, /* ECCurve_NIST_K409 */
+ NULL, /* ECCurve_NIST_B409 */
+ NULL, /* ECCurve_NIST_K571 */
+ NULL, /* ECCurve_NIST_B571 */
+ NULL, /* ECCurve_X9_62_PRIME_192V2 */
+ NULL, /* ECCurve_X9_62_PRIME_192V3 */
+ NULL, /* ECCurve_X9_62_PRIME_239V1 */
+ NULL, /* ECCurve_X9_62_PRIME_239V2 */
+ NULL, /* ECCurve_X9_62_PRIME_239V3 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB163V1 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB163V2 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB163V3 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB176V1 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB191V1 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB191V2 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB191V3 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB208W1 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB239V1 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB239V2 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB239V3 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB272W1 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB304W1 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB359V1 */
+ NULL, /* ECCurve_X9_62_CHAR2_PNB368W1 */
+ NULL, /* ECCurve_X9_62_CHAR2_TNB431R1 */
+ NULL, /* ECCurve_SECG_PRIME_112R1 */
+ NULL, /* ECCurve_SECG_PRIME_112R2 */
+ NULL, /* ECCurve_SECG_PRIME_128R1 */
+ NULL, /* ECCurve_SECG_PRIME_128R2 */
+ NULL, /* ECCurve_SECG_PRIME_160K1 */
+ NULL, /* ECCurve_SECG_PRIME_160R1 */
+ NULL, /* ECCurve_SECG_PRIME_160R2 */
+ NULL, /* ECCurve_SECG_PRIME_192K1 */
+ NULL, /* ECCurve_SECG_PRIME_224K1 */
+ NULL, /* ECCurve_SECG_PRIME_256K1 */
+ NULL, /* ECCurve_SECG_CHAR2_113R1 */
+ NULL, /* ECCurve_SECG_CHAR2_113R2 */
+ NULL, /* ECCurve_SECG_CHAR2_131R1 */
+ NULL, /* ECCurve_SECG_CHAR2_131R2 */
+ NULL, /* ECCurve_SECG_CHAR2_163R1 */
+ NULL, /* ECCurve_SECG_CHAR2_193R1 */
+ NULL, /* ECCurve_SECG_CHAR2_193R2 */
+ NULL, /* ECCurve_SECG_CHAR2_239K1 */
+ NULL, /* ECCurve_WTLS_1 */
+ NULL, /* ECCurve_WTLS_8 */
+ NULL, /* ECCurve_WTLS_9 */
+ NULL /* ECCurve_pastLastCurve */
};
#endif
diff --git a/lib/freebl/ecl/ecl-exp.h b/lib/freebl/ecl/ecl-exp.h
index b79eb3087..0aae32d3a 100644
--- a/lib/freebl/ecl/ecl-exp.h
+++ b/lib/freebl/ecl/ecl-exp.h
@@ -7,128 +7,128 @@
/* Curve field type */
typedef enum {
- ECField_GFp,
- ECField_GF2m
+ ECField_GFp,
+ ECField_GF2m
} ECField;
/* Hexadecimal encoding of curve parameters */
struct ECCurveParamsStr {
- char *text;
- ECField field;
- unsigned int size;
- char *irr;
- char *curvea;
- char *curveb;
- char *genx;
- char *geny;
- char *order;
- int cofactor;
+ char *text;
+ ECField field;
+ unsigned int size;
+ char *irr;
+ char *curvea;
+ char *curveb;
+ char *genx;
+ char *geny;
+ char *order;
+ int cofactor;
};
typedef struct ECCurveParamsStr ECCurveParams;
/* Named curve parameters */
typedef enum {
- ECCurve_noName = 0,
-
- /* NIST prime curves */
- ECCurve_NIST_P192,
- ECCurve_NIST_P224,
- ECCurve_NIST_P256,
- ECCurve_NIST_P384,
- ECCurve_NIST_P521,
-
- /* NIST binary curves */
- ECCurve_NIST_K163,
- ECCurve_NIST_B163,
- ECCurve_NIST_K233,
- ECCurve_NIST_B233,
- ECCurve_NIST_K283,
- ECCurve_NIST_B283,
- ECCurve_NIST_K409,
- ECCurve_NIST_B409,
- ECCurve_NIST_K571,
- ECCurve_NIST_B571,
-
- /* ANSI X9.62 prime curves */
- /* ECCurve_X9_62_PRIME_192V1 == ECCurve_NIST_P192 */
- ECCurve_X9_62_PRIME_192V2,
- ECCurve_X9_62_PRIME_192V3,
- ECCurve_X9_62_PRIME_239V1,
- ECCurve_X9_62_PRIME_239V2,
- ECCurve_X9_62_PRIME_239V3,
- /* ECCurve_X9_62_PRIME_256V1 == ECCurve_NIST_P256 */
-
- /* ANSI X9.62 binary curves */
- ECCurve_X9_62_CHAR2_PNB163V1,
- ECCurve_X9_62_CHAR2_PNB163V2,
- ECCurve_X9_62_CHAR2_PNB163V3,
- ECCurve_X9_62_CHAR2_PNB176V1,
- ECCurve_X9_62_CHAR2_TNB191V1,
- ECCurve_X9_62_CHAR2_TNB191V2,
- ECCurve_X9_62_CHAR2_TNB191V3,
- ECCurve_X9_62_CHAR2_PNB208W1,
- ECCurve_X9_62_CHAR2_TNB239V1,
- ECCurve_X9_62_CHAR2_TNB239V2,
- ECCurve_X9_62_CHAR2_TNB239V3,
- ECCurve_X9_62_CHAR2_PNB272W1,
- ECCurve_X9_62_CHAR2_PNB304W1,
- ECCurve_X9_62_CHAR2_TNB359V1,
- ECCurve_X9_62_CHAR2_PNB368W1,
- ECCurve_X9_62_CHAR2_TNB431R1,
-
- /* SEC2 prime curves */
- ECCurve_SECG_PRIME_112R1,
- ECCurve_SECG_PRIME_112R2,
- ECCurve_SECG_PRIME_128R1,
- ECCurve_SECG_PRIME_128R2,
- ECCurve_SECG_PRIME_160K1,
- ECCurve_SECG_PRIME_160R1,
- ECCurve_SECG_PRIME_160R2,
- ECCurve_SECG_PRIME_192K1,
- /* ECCurve_SECG_PRIME_192R1 == ECCurve_NIST_P192 */
- ECCurve_SECG_PRIME_224K1,
- /* ECCurve_SECG_PRIME_224R1 == ECCurve_NIST_P224 */
- ECCurve_SECG_PRIME_256K1,
- /* ECCurve_SECG_PRIME_256R1 == ECCurve_NIST_P256 */
- /* ECCurve_SECG_PRIME_384R1 == ECCurve_NIST_P384 */
- /* ECCurve_SECG_PRIME_521R1 == ECCurve_NIST_P521 */
-
- /* SEC2 binary curves */
- ECCurve_SECG_CHAR2_113R1,
- ECCurve_SECG_CHAR2_113R2,
- ECCurve_SECG_CHAR2_131R1,
- ECCurve_SECG_CHAR2_131R2,
- /* ECCurve_SECG_CHAR2_163K1 == ECCurve_NIST_K163 */
- ECCurve_SECG_CHAR2_163R1,
- /* ECCurve_SECG_CHAR2_163R2 == ECCurve_NIST_B163 */
- ECCurve_SECG_CHAR2_193R1,
- ECCurve_SECG_CHAR2_193R2,
- /* ECCurve_SECG_CHAR2_233K1 == ECCurve_NIST_K233 */
- /* ECCurve_SECG_CHAR2_233R1 == ECCurve_NIST_B233 */
- ECCurve_SECG_CHAR2_239K1,
- /* ECCurve_SECG_CHAR2_283K1 == ECCurve_NIST_K283 */
- /* ECCurve_SECG_CHAR2_283R1 == ECCurve_NIST_B283 */
- /* ECCurve_SECG_CHAR2_409K1 == ECCurve_NIST_K409 */
- /* ECCurve_SECG_CHAR2_409R1 == ECCurve_NIST_B409 */
- /* ECCurve_SECG_CHAR2_571K1 == ECCurve_NIST_K571 */
- /* ECCurve_SECG_CHAR2_571R1 == ECCurve_NIST_B571 */
-
- /* WTLS curves */
- ECCurve_WTLS_1,
- /* there is no WTLS 2 curve */
- /* ECCurve_WTLS_3 == ECCurve_NIST_K163 */
- /* ECCurve_WTLS_4 == ECCurve_SECG_CHAR2_113R1 */
- /* ECCurve_WTLS_5 == ECCurve_X9_62_CHAR2_PNB163V1 */
- /* ECCurve_WTLS_6 == ECCurve_SECG_PRIME_112R1 */
- /* ECCurve_WTLS_7 == ECCurve_SECG_PRIME_160R1 */
- ECCurve_WTLS_8,
- ECCurve_WTLS_9,
- /* ECCurve_WTLS_10 == ECCurve_NIST_K233 */
- /* ECCurve_WTLS_11 == ECCurve_NIST_B233 */
- /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */
-
- ECCurve_pastLastCurve
+ ECCurve_noName = 0,
+
+ /* NIST prime curves */
+ ECCurve_NIST_P192,
+ ECCurve_NIST_P224,
+ ECCurve_NIST_P256,
+ ECCurve_NIST_P384,
+ ECCurve_NIST_P521,
+
+ /* NIST binary curves */
+ ECCurve_NIST_K163,
+ ECCurve_NIST_B163,
+ ECCurve_NIST_K233,
+ ECCurve_NIST_B233,
+ ECCurve_NIST_K283,
+ ECCurve_NIST_B283,
+ ECCurve_NIST_K409,
+ ECCurve_NIST_B409,
+ ECCurve_NIST_K571,
+ ECCurve_NIST_B571,
+
+ /* ANSI X9.62 prime curves */
+ /* ECCurve_X9_62_PRIME_192V1 == ECCurve_NIST_P192 */
+ ECCurve_X9_62_PRIME_192V2,
+ ECCurve_X9_62_PRIME_192V3,
+ ECCurve_X9_62_PRIME_239V1,
+ ECCurve_X9_62_PRIME_239V2,
+ ECCurve_X9_62_PRIME_239V3,
+ /* ECCurve_X9_62_PRIME_256V1 == ECCurve_NIST_P256 */
+
+ /* ANSI X9.62 binary curves */
+ ECCurve_X9_62_CHAR2_PNB163V1,
+ ECCurve_X9_62_CHAR2_PNB163V2,
+ ECCurve_X9_62_CHAR2_PNB163V3,
+ ECCurve_X9_62_CHAR2_PNB176V1,
+ ECCurve_X9_62_CHAR2_TNB191V1,
+ ECCurve_X9_62_CHAR2_TNB191V2,
+ ECCurve_X9_62_CHAR2_TNB191V3,
+ ECCurve_X9_62_CHAR2_PNB208W1,
+ ECCurve_X9_62_CHAR2_TNB239V1,
+ ECCurve_X9_62_CHAR2_TNB239V2,
+ ECCurve_X9_62_CHAR2_TNB239V3,
+ ECCurve_X9_62_CHAR2_PNB272W1,
+ ECCurve_X9_62_CHAR2_PNB304W1,
+ ECCurve_X9_62_CHAR2_TNB359V1,
+ ECCurve_X9_62_CHAR2_PNB368W1,
+ ECCurve_X9_62_CHAR2_TNB431R1,
+
+ /* SEC2 prime curves */
+ ECCurve_SECG_PRIME_112R1,
+ ECCurve_SECG_PRIME_112R2,
+ ECCurve_SECG_PRIME_128R1,
+ ECCurve_SECG_PRIME_128R2,
+ ECCurve_SECG_PRIME_160K1,
+ ECCurve_SECG_PRIME_160R1,
+ ECCurve_SECG_PRIME_160R2,
+ ECCurve_SECG_PRIME_192K1,
+ /* ECCurve_SECG_PRIME_192R1 == ECCurve_NIST_P192 */
+ ECCurve_SECG_PRIME_224K1,
+ /* ECCurve_SECG_PRIME_224R1 == ECCurve_NIST_P224 */
+ ECCurve_SECG_PRIME_256K1,
+ /* ECCurve_SECG_PRIME_256R1 == ECCurve_NIST_P256 */
+ /* ECCurve_SECG_PRIME_384R1 == ECCurve_NIST_P384 */
+ /* ECCurve_SECG_PRIME_521R1 == ECCurve_NIST_P521 */
+
+ /* SEC2 binary curves */
+ ECCurve_SECG_CHAR2_113R1,
+ ECCurve_SECG_CHAR2_113R2,
+ ECCurve_SECG_CHAR2_131R1,
+ ECCurve_SECG_CHAR2_131R2,
+ /* ECCurve_SECG_CHAR2_163K1 == ECCurve_NIST_K163 */
+ ECCurve_SECG_CHAR2_163R1,
+ /* ECCurve_SECG_CHAR2_163R2 == ECCurve_NIST_B163 */
+ ECCurve_SECG_CHAR2_193R1,
+ ECCurve_SECG_CHAR2_193R2,
+ /* ECCurve_SECG_CHAR2_233K1 == ECCurve_NIST_K233 */
+ /* ECCurve_SECG_CHAR2_233R1 == ECCurve_NIST_B233 */
+ ECCurve_SECG_CHAR2_239K1,
+ /* ECCurve_SECG_CHAR2_283K1 == ECCurve_NIST_K283 */
+ /* ECCurve_SECG_CHAR2_283R1 == ECCurve_NIST_B283 */
+ /* ECCurve_SECG_CHAR2_409K1 == ECCurve_NIST_K409 */
+ /* ECCurve_SECG_CHAR2_409R1 == ECCurve_NIST_B409 */
+ /* ECCurve_SECG_CHAR2_571K1 == ECCurve_NIST_K571 */
+ /* ECCurve_SECG_CHAR2_571R1 == ECCurve_NIST_B571 */
+
+ /* WTLS curves */
+ ECCurve_WTLS_1,
+ /* there is no WTLS 2 curve */
+ /* ECCurve_WTLS_3 == ECCurve_NIST_K163 */
+ /* ECCurve_WTLS_4 == ECCurve_SECG_CHAR2_113R1 */
+ /* ECCurve_WTLS_5 == ECCurve_X9_62_CHAR2_PNB163V1 */
+ /* ECCurve_WTLS_6 == ECCurve_SECG_PRIME_112R1 */
+ /* ECCurve_WTLS_7 == ECCurve_SECG_PRIME_160R1 */
+ ECCurve_WTLS_8,
+ ECCurve_WTLS_9,
+ /* ECCurve_WTLS_10 == ECCurve_NIST_K233 */
+ /* ECCurve_WTLS_11 == ECCurve_NIST_B233 */
+ /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */
+
+ ECCurve_pastLastCurve
} ECCurveName;
/* Aliased named curves */
@@ -159,4 +159,4 @@ typedef enum {
#define ECCurve_WTLS_11 ECCurve_NIST_B233
#define ECCurve_WTLS_12 ECCurve_NIST_P224
-#endif /* __ecl_exp_h_ */
+#endif /* __ecl_exp_h_ */
diff --git a/lib/freebl/ecl/ecl-priv.h b/lib/freebl/ecl/ecl-priv.h
index 16f80a465..b5e1c460f 100644
--- a/lib/freebl/ecl/ecl-priv.h
+++ b/lib/freebl/ecl/ecl-priv.h
@@ -18,212 +18,220 @@
#endif
#define ECL_CURVE_DIGITS(curve_size_in_bits) \
- (((curve_size_in_bits)+(sizeof(mp_digit)*8-1))/(sizeof(mp_digit)*8))
-#define ECL_BITS (sizeof(mp_digit)*8)
-#define ECL_MAX_FIELD_SIZE_DIGITS (80/sizeof(mp_digit))
+ (((curve_size_in_bits) + (sizeof(mp_digit) * 8 - 1)) / (sizeof(mp_digit) * 8))
+#define ECL_BITS (sizeof(mp_digit) * 8)
+#define ECL_MAX_FIELD_SIZE_DIGITS (80 / sizeof(mp_digit))
-/* Gets the i'th bit in the binary representation of a. If i >= length(a),
+/* Gets the i'th bit in the binary representation of a. If i >= length(a),
* then return 0. (The above behaviour differs from mpl_get_bit, which
* causes an error if i >= length(a).) */
#define MP_GET_BIT(a, i) \
- ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
+ ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
-#define MP_ADD_CARRY(a1, a2, s, carry) \
- { mp_word w; \
- w = ((mp_word)carry) + (a1) + (a2); \
- s = ACCUM(w); \
- carry = CARRYOUT(w); }
+#define MP_ADD_CARRY(a1, a2, s, carry) \
+ { \
+ mp_word w; \
+ w = ((mp_word)carry) + (a1) + (a2); \
+ s = ACCUM(w); \
+ carry = CARRYOUT(w); \
+ }
#define MP_SUB_BORROW(a1, a2, s, borrow) \
- { mp_word w; \
- w = ((mp_word)(a1)) - (a2) - borrow; \
- s = ACCUM(w); \
- borrow = (w >> MP_DIGIT_BIT) & 1; }
+ { \
+ mp_word w; \
+ w = ((mp_word)(a1)) - (a2)-borrow; \
+ s = ACCUM(w); \
+ borrow = (w >> MP_DIGIT_BIT) & 1; \
+ }
#else
-/* NOTE,
+/* NOTE,
* carry and borrow are both read and written.
* a1 or a2 and s could be the same variable.
* don't trash those outputs until their respective inputs have
* been read. */
-#define MP_ADD_CARRY(a1, a2, s, carry) \
- { mp_digit tmp,sum; \
- tmp = (a1); \
- sum = tmp + (a2); \
- tmp = (sum < tmp); /* detect overflow */ \
- s = sum += carry; \
- carry = tmp + (sum < carry); }
+#define MP_ADD_CARRY(a1, a2, s, carry) \
+ { \
+ mp_digit tmp, sum; \
+ tmp = (a1); \
+ sum = tmp + (a2); \
+ tmp = (sum < tmp); /* detect overflow */ \
+ s = sum += carry; \
+ carry = tmp + (sum < carry); \
+ }
-#define MP_SUB_BORROW(a1, a2, s, borrow) \
- { mp_digit tmp; \
- tmp = (a1); \
- s = tmp - (a2); \
- tmp = (s > tmp); /* detect borrow */ \
- if (borrow && !s--) tmp++; \
- borrow = tmp; }
+#define MP_SUB_BORROW(a1, a2, s, borrow) \
+ { \
+ mp_digit tmp; \
+ tmp = (a1); \
+ s = tmp - (a2); \
+ tmp = (s > tmp); /* detect borrow */ \
+ if (borrow && !s--) \
+ tmp++; \
+ borrow = tmp; \
+ }
#endif
-
struct GFMethodStr;
typedef struct GFMethodStr GFMethod;
struct GFMethodStr {
- /* Indicates whether the structure was constructed from dynamic memory
- * or statically created. */
- int constructed;
- /* Irreducible that defines the field. For prime fields, this is the
- * prime p. For binary polynomial fields, this is the bitstring
- * representation of the irreducible polynomial. */
- mp_int irr;
- /* For prime fields, the value irr_arr[0] is the number of bits in the
- * field. For binary polynomial fields, the irreducible polynomial
- * f(t) is represented as an array of unsigned int[], where f(t) is
- * of the form: f(t) = t^p[0] + t^p[1] + ... + t^p[4] where m = p[0]
- * > p[1] > ... > p[4] = 0. */
- unsigned int irr_arr[5];
- /* Field arithmetic methods. All methods (except field_enc and
- * field_dec) are assumed to take field-encoded parameters and return
- * field-encoded values. All methods (except field_enc and field_dec)
- * are required to be implemented. */
- mp_err (*field_add) (const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
- mp_err (*field_neg) (const mp_int *a, mp_int *r, const GFMethod *meth);
- mp_err (*field_sub) (const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
- mp_err (*field_mod) (const mp_int *a, mp_int *r, const GFMethod *meth);
- mp_err (*field_mul) (const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
- mp_err (*field_sqr) (const mp_int *a, mp_int *r, const GFMethod *meth);
- mp_err (*field_div) (const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
- mp_err (*field_enc) (const mp_int *a, mp_int *r, const GFMethod *meth);
- mp_err (*field_dec) (const mp_int *a, mp_int *r, const GFMethod *meth);
- /* Extra storage for implementation-specific data. Any memory
- * allocated to these extra fields will be cleared by extra_free. */
- void *extra1;
- void *extra2;
- void (*extra_free) (GFMethod *meth);
+ /* Indicates whether the structure was constructed from dynamic memory
+ * or statically created. */
+ int constructed;
+ /* Irreducible that defines the field. For prime fields, this is the
+ * prime p. For binary polynomial fields, this is the bitstring
+ * representation of the irreducible polynomial. */
+ mp_int irr;
+ /* For prime fields, the value irr_arr[0] is the number of bits in the
+ * field. For binary polynomial fields, the irreducible polynomial
+ * f(t) is represented as an array of unsigned int[], where f(t) is
+ * of the form: f(t) = t^p[0] + t^p[1] + ... + t^p[4] where m = p[0]
+ * > p[1] > ... > p[4] = 0. */
+ unsigned int irr_arr[5];
+ /* Field arithmetic methods. All methods (except field_enc and
+ * field_dec) are assumed to take field-encoded parameters and return
+ * field-encoded values. All methods (except field_enc and field_dec)
+ * are required to be implemented. */
+ mp_err (*field_add)(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth);
+ mp_err (*field_neg)(const mp_int *a, mp_int *r, const GFMethod *meth);
+ mp_err (*field_sub)(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth);
+ mp_err (*field_mod)(const mp_int *a, mp_int *r, const GFMethod *meth);
+ mp_err (*field_mul)(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth);
+ mp_err (*field_sqr)(const mp_int *a, mp_int *r, const GFMethod *meth);
+ mp_err (*field_div)(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth);
+ mp_err (*field_enc)(const mp_int *a, mp_int *r, const GFMethod *meth);
+ mp_err (*field_dec)(const mp_int *a, mp_int *r, const GFMethod *meth);
+ /* Extra storage for implementation-specific data. Any memory
+ * allocated to these extra fields will be cleared by extra_free. */
+ void *extra1;
+ void *extra2;
+ void (*extra_free)(GFMethod *meth);
};
/* Construct generic GFMethods. */
GFMethod *GFMethod_consGFp(const mp_int *irr);
GFMethod *GFMethod_consGFp_mont(const mp_int *irr);
GFMethod *GFMethod_consGF2m(const mp_int *irr,
- const unsigned int irr_arr[5]);
+ const unsigned int irr_arr[5]);
/* Free the memory allocated (if any) to a GFMethod object. */
void GFMethod_free(GFMethod *meth);
struct ECGroupStr {
- /* Indicates whether the structure was constructed from dynamic memory
- * or statically created. */
- int constructed;
- /* Field definition and arithmetic. */
- GFMethod *meth;
- /* Textual representation of curve name, if any. */
- char *text;
- /* Curve parameters, field-encoded. */
- mp_int curvea, curveb;
- /* x and y coordinates of the base point, field-encoded. */
- mp_int genx, geny;
- /* Order and cofactor of the base point. */
- mp_int order;
- int cofactor;
- /* Point arithmetic methods. All methods are assumed to take
- * field-encoded parameters and return field-encoded values. All
- * methods (except base_point_mul and points_mul) are required to be
- * implemented. */
- mp_err (*point_add) (const mp_int *px, const mp_int *py,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, const ECGroup *group);
- mp_err (*point_sub) (const mp_int *px, const mp_int *py,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, const ECGroup *group);
- mp_err (*point_dbl) (const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group);
- mp_err (*point_mul) (const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group);
- mp_err (*base_point_mul) (const mp_int *n, mp_int *rx, mp_int *ry,
- const ECGroup *group);
- mp_err (*points_mul) (const mp_int *k1, const mp_int *k2,
- const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group);
- mp_err (*validate_point) (const mp_int *px, const mp_int *py, const ECGroup *group);
- /* Extra storage for implementation-specific data. Any memory
- * allocated to these extra fields will be cleared by extra_free. */
- void *extra1;
- void *extra2;
- void (*extra_free) (ECGroup *group);
+ /* Indicates whether the structure was constructed from dynamic memory
+ * or statically created. */
+ int constructed;
+ /* Field definition and arithmetic. */
+ GFMethod *meth;
+ /* Textual representation of curve name, if any. */
+ char *text;
+ /* Curve parameters, field-encoded. */
+ mp_int curvea, curveb;
+ /* x and y coordinates of the base point, field-encoded. */
+ mp_int genx, geny;
+ /* Order and cofactor of the base point. */
+ mp_int order;
+ int cofactor;
+ /* Point arithmetic methods. All methods are assumed to take
+ * field-encoded parameters and return field-encoded values. All
+ * methods (except base_point_mul and points_mul) are required to be
+ * implemented. */
+ mp_err (*point_add)(const mp_int *px, const mp_int *py,
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
+ mp_err (*point_sub)(const mp_int *px, const mp_int *py,
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
+ mp_err (*point_dbl)(const mp_int *px, const mp_int *py, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
+ mp_err (*point_mul)(const mp_int *n, const mp_int *px,
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
+ mp_err (*base_point_mul)(const mp_int *n, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
+ mp_err (*points_mul)(const mp_int *k1, const mp_int *k2,
+ const mp_int *px, const mp_int *py, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
+ mp_err (*validate_point)(const mp_int *px, const mp_int *py, const ECGroup *group);
+ /* Extra storage for implementation-specific data. Any memory
+ * allocated to these extra fields will be cleared by extra_free. */
+ void *extra1;
+ void *extra2;
+ void (*extra_free)(ECGroup *group);
};
/* Wrapper functions for generic prime field arithmetic. */
mp_err ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
/* fixed length in-line adds. Count is in words */
mp_err ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
/* Wrapper functions for generic binary polynomial field arithmetic. */
mp_err ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
/* Montgomery prime field arithmetic. */
mp_err ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth);
+ const GFMethod *meth);
mp_err ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
mp_err ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
void ec_GFp_extra_free_mont(GFMethod *meth);
/* point multiplication */
mp_err ec_pts_mul_basic(const mp_int *k1, const mp_int *k2,
- const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ const mp_int *px, const mp_int *py, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
mp_err ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2,
- const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ const mp_int *px, const mp_int *py, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
- * be an array of signed char's to output to, bitsize should be the number
+ * be an array of signed char's to output to, bitsize should be the number
* of bits of out, in is the original scalar, and w is the window size.
* NAF is discussed in the paper: D. Hankerson, J. Hernandez and A.
* Menezes, "Software implementation of elliptic curve cryptography over
* binary fields", Proc. CHES 2000. */
mp_err ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in,
- int w);
+ int w);
/* Optimized field arithmetic */
mp_err ec_group_set_gfp192(ECGroup *group, ECCurveName);
@@ -245,4 +253,4 @@ mp_err ec_group_set_nistp192_fp(ECGroup *group);
mp_err ec_group_set_nistp224_fp(ECGroup *group);
#endif
-#endif /* __ecl_priv_h_ */
+#endif /* __ecl_priv_h_ */
diff --git a/lib/freebl/ecl/ecl.c b/lib/freebl/ecl/ecl.c
index d55e5937a..bfd177888 100644
--- a/lib/freebl/ecl/ecl.c
+++ b/lib/freebl/ecl/ecl.c
@@ -15,120 +15,118 @@
ECGroup *
ECGroup_new()
{
- mp_err res = MP_OKAY;
- ECGroup *group;
- group = (ECGroup *) malloc(sizeof(ECGroup));
- if (group == NULL)
- return NULL;
- group->constructed = MP_YES;
- group->meth = NULL;
- group->text = NULL;
- MP_DIGITS(&group->curvea) = 0;
- MP_DIGITS(&group->curveb) = 0;
- MP_DIGITS(&group->genx) = 0;
- MP_DIGITS(&group->geny) = 0;
- MP_DIGITS(&group->order) = 0;
- group->base_point_mul = NULL;
- group->points_mul = NULL;
- group->validate_point = NULL;
- group->extra1 = NULL;
- group->extra2 = NULL;
- group->extra_free = NULL;
- MP_CHECKOK(mp_init(&group->curvea));
- MP_CHECKOK(mp_init(&group->curveb));
- MP_CHECKOK(mp_init(&group->genx));
- MP_CHECKOK(mp_init(&group->geny));
- MP_CHECKOK(mp_init(&group->order));
+ mp_err res = MP_OKAY;
+ ECGroup *group;
+ group = (ECGroup *)malloc(sizeof(ECGroup));
+ if (group == NULL)
+ return NULL;
+ group->constructed = MP_YES;
+ group->meth = NULL;
+ group->text = NULL;
+ MP_DIGITS(&group->curvea) = 0;
+ MP_DIGITS(&group->curveb) = 0;
+ MP_DIGITS(&group->genx) = 0;
+ MP_DIGITS(&group->geny) = 0;
+ MP_DIGITS(&group->order) = 0;
+ group->base_point_mul = NULL;
+ group->points_mul = NULL;
+ group->validate_point = NULL;
+ group->extra1 = NULL;
+ group->extra2 = NULL;
+ group->extra_free = NULL;
+ MP_CHECKOK(mp_init(&group->curvea));
+ MP_CHECKOK(mp_init(&group->curveb));
+ MP_CHECKOK(mp_init(&group->genx));
+ MP_CHECKOK(mp_init(&group->geny));
+ MP_CHECKOK(mp_init(&group->order));
- CLEANUP:
- if (res != MP_OKAY) {
- ECGroup_free(group);
- return NULL;
- }
- return group;
+CLEANUP:
+ if (res != MP_OKAY) {
+ ECGroup_free(group);
+ return NULL;
+ }
+ return group;
}
/* Construct a generic ECGroup for elliptic curves over prime fields. */
ECGroup *
ECGroup_consGFp(const mp_int *irr, const mp_int *curvea,
- const mp_int *curveb, const mp_int *genx,
- const mp_int *geny, const mp_int *order, int cofactor)
+ const mp_int *curveb, const mp_int *genx,
+ const mp_int *geny, const mp_int *order, int cofactor)
{
- mp_err res = MP_OKAY;
- ECGroup *group = NULL;
+ mp_err res = MP_OKAY;
+ ECGroup *group = NULL;
- group = ECGroup_new();
- if (group == NULL)
- return NULL;
+ group = ECGroup_new();
+ if (group == NULL)
+ return NULL;
- group->meth = GFMethod_consGFp(irr);
- if (group->meth == NULL) {
- res = MP_MEM;
- goto CLEANUP;
- }
- MP_CHECKOK(mp_copy(curvea, &group->curvea));
- MP_CHECKOK(mp_copy(curveb, &group->curveb));
- MP_CHECKOK(mp_copy(genx, &group->genx));
- MP_CHECKOK(mp_copy(geny, &group->geny));
- MP_CHECKOK(mp_copy(order, &group->order));
- group->cofactor = cofactor;
- group->point_add = &ec_GFp_pt_add_aff;
- group->point_sub = &ec_GFp_pt_sub_aff;
- group->point_dbl = &ec_GFp_pt_dbl_aff;
- group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
- group->base_point_mul = NULL;
- group->points_mul = &ec_GFp_pts_mul_jac;
- group->validate_point = &ec_GFp_validate_point;
+ group->meth = GFMethod_consGFp(irr);
+ if (group->meth == NULL) {
+ res = MP_MEM;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(mp_copy(curvea, &group->curvea));
+ MP_CHECKOK(mp_copy(curveb, &group->curveb));
+ MP_CHECKOK(mp_copy(genx, &group->genx));
+ MP_CHECKOK(mp_copy(geny, &group->geny));
+ MP_CHECKOK(mp_copy(order, &group->order));
+ group->cofactor = cofactor;
+ group->point_add = &ec_GFp_pt_add_aff;
+ group->point_sub = &ec_GFp_pt_sub_aff;
+ group->point_dbl = &ec_GFp_pt_dbl_aff;
+ group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
+ group->base_point_mul = NULL;
+ group->points_mul = &ec_GFp_pts_mul_jac;
+ group->validate_point = &ec_GFp_validate_point;
- CLEANUP:
- if (res != MP_OKAY) {
- ECGroup_free(group);
- return NULL;
- }
- return group;
+CLEANUP:
+ if (res != MP_OKAY) {
+ ECGroup_free(group);
+ return NULL;
+ }
+ return group;
}
/* Construct a generic ECGroup for elliptic curves over prime fields with
* field arithmetic implemented in Montgomery coordinates. */
ECGroup *
ECGroup_consGFp_mont(const mp_int *irr, const mp_int *curvea,
- const mp_int *curveb, const mp_int *genx,
- const mp_int *geny, const mp_int *order, int cofactor)
+ const mp_int *curveb, const mp_int *genx,
+ const mp_int *geny, const mp_int *order, int cofactor)
{
- mp_err res = MP_OKAY;
- ECGroup *group = NULL;
+ mp_err res = MP_OKAY;
+ ECGroup *group = NULL;
- group = ECGroup_new();
- if (group == NULL)
- return NULL;
+ group = ECGroup_new();
+ if (group == NULL)
+ return NULL;
- group->meth = GFMethod_consGFp_mont(irr);
- if (group->meth == NULL) {
- res = MP_MEM;
- goto CLEANUP;
- }
- MP_CHECKOK(group->meth->
- field_enc(curvea, &group->curvea, group->meth));
- MP_CHECKOK(group->meth->
- field_enc(curveb, &group->curveb, group->meth));
- MP_CHECKOK(group->meth->field_enc(genx, &group->genx, group->meth));
- MP_CHECKOK(group->meth->field_enc(geny, &group->geny, group->meth));
- MP_CHECKOK(mp_copy(order, &group->order));
- group->cofactor = cofactor;
- group->point_add = &ec_GFp_pt_add_aff;
- group->point_sub = &ec_GFp_pt_sub_aff;
- group->point_dbl = &ec_GFp_pt_dbl_aff;
- group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
- group->base_point_mul = NULL;
- group->points_mul = &ec_GFp_pts_mul_jac;
- group->validate_point = &ec_GFp_validate_point;
+ group->meth = GFMethod_consGFp_mont(irr);
+ if (group->meth == NULL) {
+ res = MP_MEM;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(group->meth->field_enc(curvea, &group->curvea, group->meth));
+ MP_CHECKOK(group->meth->field_enc(curveb, &group->curveb, group->meth));
+ MP_CHECKOK(group->meth->field_enc(genx, &group->genx, group->meth));
+ MP_CHECKOK(group->meth->field_enc(geny, &group->geny, group->meth));
+ MP_CHECKOK(mp_copy(order, &group->order));
+ group->cofactor = cofactor;
+ group->point_add = &ec_GFp_pt_add_aff;
+ group->point_sub = &ec_GFp_pt_sub_aff;
+ group->point_dbl = &ec_GFp_pt_dbl_aff;
+ group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
+ group->base_point_mul = NULL;
+ group->points_mul = &ec_GFp_pts_mul_jac;
+ group->validate_point = &ec_GFp_validate_point;
- CLEANUP:
- if (res != MP_OKAY) {
- ECGroup_free(group);
- return NULL;
- }
- return group;
+CLEANUP:
+ if (res != MP_OKAY) {
+ ECGroup_free(group);
+ return NULL;
+ }
+ return group;
}
#ifdef NSS_ECC_MORE_THAN_SUITE_B
@@ -136,42 +134,42 @@ ECGroup_consGFp_mont(const mp_int *irr, const mp_int *curvea,
* fields. */
ECGroup *
ECGroup_consGF2m(const mp_int *irr, const unsigned int irr_arr[5],
- const mp_int *curvea, const mp_int *curveb,
- const mp_int *genx, const mp_int *geny,
- const mp_int *order, int cofactor)
+ const mp_int *curvea, const mp_int *curveb,
+ const mp_int *genx, const mp_int *geny,
+ const mp_int *order, int cofactor)
{
- mp_err res = MP_OKAY;
- ECGroup *group = NULL;
+ mp_err res = MP_OKAY;
+ ECGroup *group = NULL;
- group = ECGroup_new();
- if (group == NULL)
- return NULL;
+ group = ECGroup_new();
+ if (group == NULL)
+ return NULL;
- group->meth = GFMethod_consGF2m(irr, irr_arr);
- if (group->meth == NULL) {
- res = MP_MEM;
- goto CLEANUP;
- }
- MP_CHECKOK(mp_copy(curvea, &group->curvea));
- MP_CHECKOK(mp_copy(curveb, &group->curveb));
- MP_CHECKOK(mp_copy(genx, &group->genx));
- MP_CHECKOK(mp_copy(geny, &group->geny));
- MP_CHECKOK(mp_copy(order, &group->order));
- group->cofactor = cofactor;
- group->point_add = &ec_GF2m_pt_add_aff;
- group->point_sub = &ec_GF2m_pt_sub_aff;
- group->point_dbl = &ec_GF2m_pt_dbl_aff;
- group->point_mul = &ec_GF2m_pt_mul_mont;
- group->base_point_mul = NULL;
- group->points_mul = &ec_pts_mul_basic;
- group->validate_point = &ec_GF2m_validate_point;
+ group->meth = GFMethod_consGF2m(irr, irr_arr);
+ if (group->meth == NULL) {
+ res = MP_MEM;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(mp_copy(curvea, &group->curvea));
+ MP_CHECKOK(mp_copy(curveb, &group->curveb));
+ MP_CHECKOK(mp_copy(genx, &group->genx));
+ MP_CHECKOK(mp_copy(geny, &group->geny));
+ MP_CHECKOK(mp_copy(order, &group->order));
+ group->cofactor = cofactor;
+ group->point_add = &ec_GF2m_pt_add_aff;
+ group->point_sub = &ec_GF2m_pt_sub_aff;
+ group->point_dbl = &ec_GF2m_pt_dbl_aff;
+ group->point_mul = &ec_GF2m_pt_mul_mont;
+ group->base_point_mul = NULL;
+ group->points_mul = &ec_pts_mul_basic;
+ group->validate_point = &ec_GF2m_validate_point;
- CLEANUP:
- if (res != MP_OKAY) {
- ECGroup_free(group);
- return NULL;
- }
- return group;
+CLEANUP:
+ if (res != MP_OKAY) {
+ ECGroup_free(group);
+ return NULL;
+ }
+ return group;
}
#endif
@@ -179,218 +177,245 @@ ECGroup_consGF2m(const mp_int *irr, const unsigned int irr_arr[5],
* ECGroup_fromHex and ECGroup_fromName. */
ECGroup *
ecgroup_fromNameAndHex(const ECCurveName name,
- const ECCurveParams * params)
+ const ECCurveParams *params)
{
- mp_int irr, curvea, curveb, genx, geny, order;
- int bits;
- ECGroup *group = NULL;
- mp_err res = MP_OKAY;
+ mp_int irr, curvea, curveb, genx, geny, order;
+ int bits;
+ ECGroup *group = NULL;
+ mp_err res = MP_OKAY;
- /* initialize values */
- MP_DIGITS(&irr) = 0;
- MP_DIGITS(&curvea) = 0;
- MP_DIGITS(&curveb) = 0;
- MP_DIGITS(&genx) = 0;
- MP_DIGITS(&geny) = 0;
- MP_DIGITS(&order) = 0;
- MP_CHECKOK(mp_init(&irr));
- MP_CHECKOK(mp_init(&curvea));
- MP_CHECKOK(mp_init(&curveb));
- MP_CHECKOK(mp_init(&genx));
- MP_CHECKOK(mp_init(&geny));
- MP_CHECKOK(mp_init(&order));
- MP_CHECKOK(mp_read_radix(&irr, params->irr, 16));
- MP_CHECKOK(mp_read_radix(&curvea, params->curvea, 16));
- MP_CHECKOK(mp_read_radix(&curveb, params->curveb, 16));
- MP_CHECKOK(mp_read_radix(&genx, params->genx, 16));
- MP_CHECKOK(mp_read_radix(&geny, params->geny, 16));
- MP_CHECKOK(mp_read_radix(&order, params->order, 16));
+ /* initialize values */
+ MP_DIGITS(&irr) = 0;
+ MP_DIGITS(&curvea) = 0;
+ MP_DIGITS(&curveb) = 0;
+ MP_DIGITS(&genx) = 0;
+ MP_DIGITS(&geny) = 0;
+ MP_DIGITS(&order) = 0;
+ MP_CHECKOK(mp_init(&irr));
+ MP_CHECKOK(mp_init(&curvea));
+ MP_CHECKOK(mp_init(&curveb));
+ MP_CHECKOK(mp_init(&genx));
+ MP_CHECKOK(mp_init(&geny));
+ MP_CHECKOK(mp_init(&order));
+ MP_CHECKOK(mp_read_radix(&irr, params->irr, 16));
+ MP_CHECKOK(mp_read_radix(&curvea, params->curvea, 16));
+ MP_CHECKOK(mp_read_radix(&curveb, params->curveb, 16));
+ MP_CHECKOK(mp_read_radix(&genx, params->genx, 16));
+ MP_CHECKOK(mp_read_radix(&geny, params->geny, 16));
+ MP_CHECKOK(mp_read_radix(&order, params->order, 16));
- /* determine number of bits */
- bits = mpl_significant_bits(&irr) - 1;
- if (bits < MP_OKAY) {
- res = bits;
- goto CLEANUP;
- }
+ /* determine number of bits */
+ bits = mpl_significant_bits(&irr) - 1;
+ if (bits < MP_OKAY) {
+ res = bits;
+ goto CLEANUP;
+ }
- /* determine which optimizations (if any) to use */
- if (params->field == ECField_GFp) {
- switch (name) {
+ /* determine which optimizations (if any) to use */
+ if (params->field == ECField_GFp) {
+ switch (name) {
#ifdef NSS_ECC_MORE_THAN_SUITE_B
#ifdef ECL_USE_FP
- case ECCurve_SECG_PRIME_160R1:
- group =
- ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- MP_CHECKOK(ec_group_set_secp160r1_fp(group));
- break;
+ case ECCurve_SECG_PRIME_160R1:
+ group =
+ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(ec_group_set_secp160r1_fp(group));
+ break;
#endif
- case ECCurve_SECG_PRIME_192R1:
+ case ECCurve_SECG_PRIME_192R1:
#ifdef ECL_USE_FP
- group =
- ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- MP_CHECKOK(ec_group_set_nistp192_fp(group));
+ group =
+ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(ec_group_set_nistp192_fp(group));
#else
- group =
- ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- MP_CHECKOK(ec_group_set_gfp192(group, name));
+ group =
+ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(ec_group_set_gfp192(group, name));
#endif
- break;
- case ECCurve_SECG_PRIME_224R1:
+ break;
+ case ECCurve_SECG_PRIME_224R1:
#ifdef ECL_USE_FP
- group =
- ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- MP_CHECKOK(ec_group_set_nistp224_fp(group));
+ group =
+ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(ec_group_set_nistp224_fp(group));
#else
- group =
- ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- MP_CHECKOK(ec_group_set_gfp224(group, name));
+ group =
+ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(ec_group_set_gfp224(group, name));
#endif
- break;
+ break;
#endif /* NSS_ECC_MORE_THAN_SUITE_B */
- case ECCurve_SECG_PRIME_256R1:
- group =
- ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- MP_CHECKOK(ec_group_set_gfp256(group, name));
- MP_CHECKOK(ec_group_set_gfp256_32(group, name));
- break;
- case ECCurve_SECG_PRIME_521R1:
- group =
- ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- MP_CHECKOK(ec_group_set_gfp521(group, name));
- break;
- default:
- /* use generic arithmetic */
- group =
- ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
- &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- }
+ case ECCurve_SECG_PRIME_256R1:
+ group =
+ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(ec_group_set_gfp256(group, name));
+ MP_CHECKOK(ec_group_set_gfp256_32(group, name));
+ break;
+ case ECCurve_SECG_PRIME_521R1:
+ group =
+ ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(ec_group_set_gfp521(group, name));
+ break;
+ default:
+ /* use generic arithmetic */
+ group =
+ ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
+ &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ }
#ifdef NSS_ECC_MORE_THAN_SUITE_B
- } else if (params->field == ECField_GF2m) {
- group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor);
- if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
- if ((name == ECCurve_NIST_K163) ||
- (name == ECCurve_NIST_B163) ||
- (name == ECCurve_SECG_CHAR2_163R1)) {
- MP_CHECKOK(ec_group_set_gf2m163(group, name));
- } else if ((name == ECCurve_SECG_CHAR2_193R1) ||
- (name == ECCurve_SECG_CHAR2_193R2)) {
- MP_CHECKOK(ec_group_set_gf2m193(group, name));
- } else if ((name == ECCurve_NIST_K233) ||
- (name == ECCurve_NIST_B233)) {
- MP_CHECKOK(ec_group_set_gf2m233(group, name));
- }
+ } else if (params->field == ECField_GF2m) {
+ group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ if ((name == ECCurve_NIST_K163) ||
+ (name == ECCurve_NIST_B163) ||
+ (name == ECCurve_SECG_CHAR2_163R1)) {
+ MP_CHECKOK(ec_group_set_gf2m163(group, name));
+ } else if ((name == ECCurve_SECG_CHAR2_193R1) ||
+ (name == ECCurve_SECG_CHAR2_193R2)) {
+ MP_CHECKOK(ec_group_set_gf2m193(group, name));
+ } else if ((name == ECCurve_NIST_K233) ||
+ (name == ECCurve_NIST_B233)) {
+ MP_CHECKOK(ec_group_set_gf2m233(group, name));
+ }
#endif
- } else {
- res = MP_UNDEF;
- goto CLEANUP;
- }
+ } else {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
- /* set name, if any */
- if ((group != NULL) && (params->text != NULL)) {
- group->text = strdup(params->text);
- if (group->text == NULL) {
- res = MP_MEM;
- }
- }
+ /* set name, if any */
+ if ((group != NULL) && (params->text != NULL)) {
+ group->text = strdup(params->text);
+ if (group->text == NULL) {
+ res = MP_MEM;
+ }
+ }
- CLEANUP:
- mp_clear(&irr);
- mp_clear(&curvea);
- mp_clear(&curveb);
- mp_clear(&genx);
- mp_clear(&geny);
- mp_clear(&order);
- if (res != MP_OKAY) {
- ECGroup_free(group);
- return NULL;
- }
- return group;
+CLEANUP:
+ mp_clear(&irr);
+ mp_clear(&curvea);
+ mp_clear(&curveb);
+ mp_clear(&genx);
+ mp_clear(&geny);
+ mp_clear(&order);
+ if (res != MP_OKAY) {
+ ECGroup_free(group);
+ return NULL;
+ }
+ return group;
}
/* Construct ECGroup from hexadecimal representations of parameters. */
ECGroup *
-ECGroup_fromHex(const ECCurveParams * params)
+ECGroup_fromHex(const ECCurveParams *params)
{
- return ecgroup_fromNameAndHex(ECCurve_noName, params);
+ return ecgroup_fromNameAndHex(ECCurve_noName, params);
}
/* Construct ECGroup from named parameters. */
ECGroup *
ECGroup_fromName(const ECCurveName name)
{
- ECGroup *group = NULL;
- ECCurveParams *params = NULL;
- mp_err res = MP_OKAY;
+ ECGroup *group = NULL;
+ ECCurveParams *params = NULL;
+ mp_err res = MP_OKAY;
- params = EC_GetNamedCurveParams(name);
- if (params == NULL) {
- res = MP_UNDEF;
- goto CLEANUP;
- }
+ params = EC_GetNamedCurveParams(name);
+ if (params == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
- /* construct actual group */
- group = ecgroup_fromNameAndHex(name, params);
- if (group == NULL) {
- res = MP_UNDEF;
- goto CLEANUP;
- }
+ /* construct actual group */
+ group = ecgroup_fromNameAndHex(name, params);
+ if (group == NULL) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
- CLEANUP:
- EC_FreeCurveParams(params);
- if (res != MP_OKAY) {
- ECGroup_free(group);
- return NULL;
- }
- return group;
+CLEANUP:
+ EC_FreeCurveParams(params);
+ if (res != MP_OKAY) {
+ ECGroup_free(group);
+ return NULL;
+ }
+ return group;
}
/* Validates an EC public key as described in Section 5.2.2 of X9.62. */
-mp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const
- mp_int *py)
+mp_err
+ECPoint_validate(const ECGroup *group, const mp_int *px, const mp_int *py)
{
/* 1: Verify that publicValue is not the point at infinity */
- /* 2: Verify that the coordinates of publicValue are elements
+ /* 2: Verify that the coordinates of publicValue are elements
* of the field.
*/
/* 3: Verify that publicValue is on the curve. */
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
- return group->validate_point(px, py, group);
+ return group->validate_point(px, py, group);
}
/* Free the memory allocated (if any) to an ECGroup object. */
void
ECGroup_free(ECGroup *group)
{
- if (group == NULL)
- return;
- GFMethod_free(group->meth);
- if (group->constructed == MP_NO)
- return;
- mp_clear(&group->curvea);
- mp_clear(&group->curveb);
- mp_clear(&group->genx);
- mp_clear(&group->geny);
- mp_clear(&group->order);
- if (group->text != NULL)
- free(group->text);
- if (group->extra_free != NULL)
- group->extra_free(group);
- free(group);
+ if (group == NULL)
+ return;
+ GFMethod_free(group->meth);
+ if (group->constructed == MP_NO)
+ return;
+ mp_clear(&group->curvea);
+ mp_clear(&group->curveb);
+ mp_clear(&group->genx);
+ mp_clear(&group->geny);
+ mp_clear(&group->order);
+ if (group->text != NULL)
+ free(group->text);
+ if (group->extra_free != NULL)
+ group->extra_free(group);
+ free(group);
}
diff --git a/lib/freebl/ecl/ecl.h b/lib/freebl/ecl/ecl.h
index 3e4480327..5bfc3ec22 100644
--- a/lib/freebl/ecl/ecl.h
+++ b/lib/freebl/ecl/ecl.h
@@ -15,7 +15,7 @@ struct ECGroupStr;
typedef struct ECGroupStr ECGroup;
/* Construct ECGroup from hexadecimal representations of parameters. */
-ECGroup *ECGroup_fromHex(const ECCurveParams * params);
+ECGroup *ECGroup_fromHex(const ECCurveParams *params);
/* Construct ECGroup from named parameters. */
ECGroup *ECGroup_fromName(const ECCurveName name);
@@ -27,31 +27,30 @@ void ECGroup_free(ECGroup *group);
ECCurveParams *EC_GetNamedCurveParams(const ECCurveName name);
/* Duplicates an ECCurveParams */
-ECCurveParams *ECCurveParams_dup(const ECCurveParams * params);
+ECCurveParams *ECCurveParams_dup(const ECCurveParams *params);
/* Free an allocated ECCurveParams */
-void EC_FreeCurveParams(ECCurveParams * params);
+void EC_FreeCurveParams(ECCurveParams *params);
-/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k * P(x,
- * y). If x, y = NULL, then P is assumed to be the generator (base point)
+/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k * P(x,
+ * y). If x, y = NULL, then P is assumed to be the generator (base point)
* of the group of points on the elliptic curve. Input and output values
* are assumed to be NOT field-encoded. */
mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
- const mp_int *py, mp_int *qx, mp_int *qy);
+ const mp_int *py, mp_int *qx, mp_int *qy);
-/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G +
+/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
* points on the elliptic curve. Input and output values are assumed to
* be NOT field-encoded. */
mp_err ECPoints_mul(const ECGroup *group, const mp_int *k1,
- const mp_int *k2, const mp_int *px, const mp_int *py,
- mp_int *qx, mp_int *qy);
+ const mp_int *k2, const mp_int *px, const mp_int *py,
+ mp_int *qx, mp_int *qy);
/* Validates an EC public key as described in Section 5.2.2 of X9.62.
* Returns MP_YES if the public key is valid, MP_NO if the public key
* is invalid, or an error code if the validation could not be
* performed. */
-mp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const
- mp_int *py);
+mp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const mp_int *py);
-#endif /* __ecl_h_ */
+#endif /* __ecl_h_ */
diff --git a/lib/freebl/ecl/ecl_curve.c b/lib/freebl/ecl/ecl_curve.c
index 192dab126..cf090cfc3 100644
--- a/lib/freebl/ecl/ecl_curve.c
+++ b/lib/freebl/ecl/ecl_curve.c
@@ -8,47 +8,51 @@
#include <stdlib.h>
#include <string.h>
-#define CHECK(func) if ((func) == NULL) { res = 0; goto CLEANUP; }
+#define CHECK(func) \
+ if ((func) == NULL) { \
+ res = 0; \
+ goto CLEANUP; \
+ }
/* Duplicates an ECCurveParams */
ECCurveParams *
-ECCurveParams_dup(const ECCurveParams * params)
+ECCurveParams_dup(const ECCurveParams *params)
{
- int res = 1;
- ECCurveParams *ret = NULL;
+ int res = 1;
+ ECCurveParams *ret = NULL;
- CHECK(ret = (ECCurveParams *) calloc(1, sizeof(ECCurveParams)));
- if (params->text != NULL) {
- CHECK(ret->text = strdup(params->text));
- }
- ret->field = params->field;
- ret->size = params->size;
- if (params->irr != NULL) {
- CHECK(ret->irr = strdup(params->irr));
- }
- if (params->curvea != NULL) {
- CHECK(ret->curvea = strdup(params->curvea));
- }
- if (params->curveb != NULL) {
- CHECK(ret->curveb = strdup(params->curveb));
- }
- if (params->genx != NULL) {
- CHECK(ret->genx = strdup(params->genx));
- }
- if (params->geny != NULL) {
- CHECK(ret->geny = strdup(params->geny));
- }
- if (params->order != NULL) {
- CHECK(ret->order = strdup(params->order));
- }
- ret->cofactor = params->cofactor;
+ CHECK(ret = (ECCurveParams *)calloc(1, sizeof(ECCurveParams)));
+ if (params->text != NULL) {
+ CHECK(ret->text = strdup(params->text));
+ }
+ ret->field = params->field;
+ ret->size = params->size;
+ if (params->irr != NULL) {
+ CHECK(ret->irr = strdup(params->irr));
+ }
+ if (params->curvea != NULL) {
+ CHECK(ret->curvea = strdup(params->curvea));
+ }
+ if (params->curveb != NULL) {
+ CHECK(ret->curveb = strdup(params->curveb));
+ }
+ if (params->genx != NULL) {
+ CHECK(ret->genx = strdup(params->genx));
+ }
+ if (params->geny != NULL) {
+ CHECK(ret->geny = strdup(params->geny));
+ }
+ if (params->order != NULL) {
+ CHECK(ret->order = strdup(params->order));
+ }
+ ret->cofactor = params->cofactor;
- CLEANUP:
- if (res != 1) {
- EC_FreeCurveParams(ret);
- return NULL;
- }
- return ret;
+CLEANUP:
+ if (res != 1) {
+ EC_FreeCurveParams(ret);
+ return NULL;
+ }
+ return ret;
}
#undef CHECK
@@ -57,33 +61,33 @@ ECCurveParams_dup(const ECCurveParams * params)
ECCurveParams *
EC_GetNamedCurveParams(const ECCurveName name)
{
- if ((name <= ECCurve_noName) || (ECCurve_pastLastCurve <= name) ||
- (ecCurve_map[name] == NULL)) {
- return NULL;
- } else {
- return ECCurveParams_dup(ecCurve_map[name]);
- }
+ if ((name <= ECCurve_noName) || (ECCurve_pastLastCurve <= name) ||
+ (ecCurve_map[name] == NULL)) {
+ return NULL;
+ } else {
+ return ECCurveParams_dup(ecCurve_map[name]);
+ }
}
/* Free the memory allocated (if any) to an ECCurveParams object. */
void
-EC_FreeCurveParams(ECCurveParams * params)
+EC_FreeCurveParams(ECCurveParams *params)
{
- if (params == NULL)
- return;
- if (params->text != NULL)
- free(params->text);
- if (params->irr != NULL)
- free(params->irr);
- if (params->curvea != NULL)
- free(params->curvea);
- if (params->curveb != NULL)
- free(params->curveb);
- if (params->genx != NULL)
- free(params->genx);
- if (params->geny != NULL)
- free(params->geny);
- if (params->order != NULL)
- free(params->order);
- free(params);
+ if (params == NULL)
+ return;
+ if (params->text != NULL)
+ free(params->text);
+ if (params->irr != NULL)
+ free(params->irr);
+ if (params->curvea != NULL)
+ free(params->curvea);
+ if (params->curveb != NULL)
+ free(params->curveb);
+ if (params->genx != NULL)
+ free(params->genx);
+ if (params->geny != NULL)
+ free(params->geny);
+ if (params->order != NULL)
+ free(params->order);
+ free(params);
}
diff --git a/lib/freebl/ecl/ecl_gf.c b/lib/freebl/ecl/ecl_gf.c
index 543330341..6ddca0b4b 100644
--- a/lib/freebl/ecl/ecl_gf.c
+++ b/lib/freebl/ecl/ecl_gf.c
@@ -12,22 +12,22 @@
GFMethod *
GFMethod_new()
{
- mp_err res = MP_OKAY;
- GFMethod *meth;
- meth = (GFMethod *) malloc(sizeof(GFMethod));
- if (meth == NULL)
- return NULL;
- meth->constructed = MP_YES;
- MP_DIGITS(&meth->irr) = 0;
- meth->extra_free = NULL;
- MP_CHECKOK(mp_init(&meth->irr));
-
- CLEANUP:
- if (res != MP_OKAY) {
- GFMethod_free(meth);
- return NULL;
- }
- return meth;
+ mp_err res = MP_OKAY;
+ GFMethod *meth;
+ meth = (GFMethod *)malloc(sizeof(GFMethod));
+ if (meth == NULL)
+ return NULL;
+ meth->constructed = MP_YES;
+ MP_DIGITS(&meth->irr) = 0;
+ meth->extra_free = NULL;
+ MP_CHECKOK(mp_init(&meth->irr));
+
+CLEANUP:
+ if (res != MP_OKAY) {
+ GFMethod_free(meth);
+ return NULL;
+ }
+ return meth;
}
/* Construct a generic GFMethod for arithmetic over prime fields with
@@ -35,126 +35,126 @@ GFMethod_new()
GFMethod *
GFMethod_consGFp(const mp_int *irr)
{
- mp_err res = MP_OKAY;
- GFMethod *meth = NULL;
-
- meth = GFMethod_new();
- if (meth == NULL)
- return NULL;
-
- MP_CHECKOK(mp_copy(irr, &meth->irr));
- meth->irr_arr[0] = mpl_significant_bits(irr);
- meth->irr_arr[1] = meth->irr_arr[2] = meth->irr_arr[3] =
- meth->irr_arr[4] = 0;
- switch(MP_USED(&meth->irr)) {
- /* maybe we need 1 and 2 words here as well?*/
- case 3:
- meth->field_add = &ec_GFp_add_3;
- meth->field_sub = &ec_GFp_sub_3;
- break;
- case 4:
- meth->field_add = &ec_GFp_add_4;
- meth->field_sub = &ec_GFp_sub_4;
- break;
- case 5:
- meth->field_add = &ec_GFp_add_5;
- meth->field_sub = &ec_GFp_sub_5;
- break;
- case 6:
- meth->field_add = &ec_GFp_add_6;
- meth->field_sub = &ec_GFp_sub_6;
- break;
- default:
- meth->field_add = &ec_GFp_add;
- meth->field_sub = &ec_GFp_sub;
- }
- meth->field_neg = &ec_GFp_neg;
- meth->field_mod = &ec_GFp_mod;
- meth->field_mul = &ec_GFp_mul;
- meth->field_sqr = &ec_GFp_sqr;
- meth->field_div = &ec_GFp_div;
- meth->field_enc = NULL;
- meth->field_dec = NULL;
- meth->extra1 = NULL;
- meth->extra2 = NULL;
- meth->extra_free = NULL;
-
- CLEANUP:
- if (res != MP_OKAY) {
- GFMethod_free(meth);
- return NULL;
- }
- return meth;
+ mp_err res = MP_OKAY;
+ GFMethod *meth = NULL;
+
+ meth = GFMethod_new();
+ if (meth == NULL)
+ return NULL;
+
+ MP_CHECKOK(mp_copy(irr, &meth->irr));
+ meth->irr_arr[0] = mpl_significant_bits(irr);
+ meth->irr_arr[1] = meth->irr_arr[2] = meth->irr_arr[3] =
+ meth->irr_arr[4] = 0;
+ switch (MP_USED(&meth->irr)) {
+ /* maybe we need 1 and 2 words here as well?*/
+ case 3:
+ meth->field_add = &ec_GFp_add_3;
+ meth->field_sub = &ec_GFp_sub_3;
+ break;
+ case 4:
+ meth->field_add = &ec_GFp_add_4;
+ meth->field_sub = &ec_GFp_sub_4;
+ break;
+ case 5:
+ meth->field_add = &ec_GFp_add_5;
+ meth->field_sub = &ec_GFp_sub_5;
+ break;
+ case 6:
+ meth->field_add = &ec_GFp_add_6;
+ meth->field_sub = &ec_GFp_sub_6;
+ break;
+ default:
+ meth->field_add = &ec_GFp_add;
+ meth->field_sub = &ec_GFp_sub;
+ }
+ meth->field_neg = &ec_GFp_neg;
+ meth->field_mod = &ec_GFp_mod;
+ meth->field_mul = &ec_GFp_mul;
+ meth->field_sqr = &ec_GFp_sqr;
+ meth->field_div = &ec_GFp_div;
+ meth->field_enc = NULL;
+ meth->field_dec = NULL;
+ meth->extra1 = NULL;
+ meth->extra2 = NULL;
+ meth->extra_free = NULL;
+
+CLEANUP:
+ if (res != MP_OKAY) {
+ GFMethod_free(meth);
+ return NULL;
+ }
+ return meth;
}
/* Construct a generic GFMethod for arithmetic over binary polynomial
* fields with irreducible irr that has array representation irr_arr (see
- * ecl-priv.h for description of the representation). If irr_arr is NULL,
+ * ecl-priv.h for description of the representation). If irr_arr is NULL,
* then it is constructed from the bitstring representation. */
GFMethod *
GFMethod_consGF2m(const mp_int *irr, const unsigned int irr_arr[5])
{
- mp_err res = MP_OKAY;
- int ret;
- GFMethod *meth = NULL;
-
- meth = GFMethod_new();
- if (meth == NULL)
- return NULL;
-
- MP_CHECKOK(mp_copy(irr, &meth->irr));
- if (irr_arr != NULL) {
- /* Irreducible polynomials are either trinomials or pentanomials. */
- meth->irr_arr[0] = irr_arr[0];
- meth->irr_arr[1] = irr_arr[1];
- meth->irr_arr[2] = irr_arr[2];
- if (irr_arr[2] > 0) {
- meth->irr_arr[3] = irr_arr[3];
- meth->irr_arr[4] = irr_arr[4];
- } else {
- meth->irr_arr[3] = meth->irr_arr[4] = 0;
- }
- } else {
- ret = mp_bpoly2arr(irr, meth->irr_arr, 5);
- /* Irreducible polynomials are either trinomials or pentanomials. */
- if ((ret != 5) && (ret != 3)) {
- res = MP_UNDEF;
- goto CLEANUP;
- }
- }
- meth->field_add = &ec_GF2m_add;
- meth->field_neg = &ec_GF2m_neg;
- meth->field_sub = &ec_GF2m_add;
- meth->field_mod = &ec_GF2m_mod;
- meth->field_mul = &ec_GF2m_mul;
- meth->field_sqr = &ec_GF2m_sqr;
- meth->field_div = &ec_GF2m_div;
- meth->field_enc = NULL;
- meth->field_dec = NULL;
- meth->extra1 = NULL;
- meth->extra2 = NULL;
- meth->extra_free = NULL;
-
- CLEANUP:
- if (res != MP_OKAY) {
- GFMethod_free(meth);
- return NULL;
- }
- return meth;
+ mp_err res = MP_OKAY;
+ int ret;
+ GFMethod *meth = NULL;
+
+ meth = GFMethod_new();
+ if (meth == NULL)
+ return NULL;
+
+ MP_CHECKOK(mp_copy(irr, &meth->irr));
+ if (irr_arr != NULL) {
+ /* Irreducible polynomials are either trinomials or pentanomials. */
+ meth->irr_arr[0] = irr_arr[0];
+ meth->irr_arr[1] = irr_arr[1];
+ meth->irr_arr[2] = irr_arr[2];
+ if (irr_arr[2] > 0) {
+ meth->irr_arr[3] = irr_arr[3];
+ meth->irr_arr[4] = irr_arr[4];
+ } else {
+ meth->irr_arr[3] = meth->irr_arr[4] = 0;
+ }
+ } else {
+ ret = mp_bpoly2arr(irr, meth->irr_arr, 5);
+ /* Irreducible polynomials are either trinomials or pentanomials. */
+ if ((ret != 5) && (ret != 3)) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ }
+ meth->field_add = &ec_GF2m_add;
+ meth->field_neg = &ec_GF2m_neg;
+ meth->field_sub = &ec_GF2m_add;
+ meth->field_mod = &ec_GF2m_mod;
+ meth->field_mul = &ec_GF2m_mul;
+ meth->field_sqr = &ec_GF2m_sqr;
+ meth->field_div = &ec_GF2m_div;
+ meth->field_enc = NULL;
+ meth->field_dec = NULL;
+ meth->extra1 = NULL;
+ meth->extra2 = NULL;
+ meth->extra_free = NULL;
+
+CLEANUP:
+ if (res != MP_OKAY) {
+ GFMethod_free(meth);
+ return NULL;
+ }
+ return meth;
}
/* Free the memory allocated (if any) to a GFMethod object. */
void
GFMethod_free(GFMethod *meth)
{
- if (meth == NULL)
- return;
- if (meth->constructed == MP_NO)
- return;
- mp_clear(&meth->irr);
- if (meth->extra_free != NULL)
- meth->extra_free(meth);
- free(meth);
+ if (meth == NULL)
+ return;
+ if (meth->constructed == MP_NO)
+ return;
+ mp_clear(&meth->irr);
+ if (meth->extra_free != NULL)
+ meth->extra_free(meth);
+ free(meth);
}
/* Wrapper functions for generic prime field arithmetic. */
@@ -162,404 +162,404 @@ GFMethod_free(GFMethod *meth)
/* Add two field elements. Assumes that 0 <= a, b < meth->irr */
mp_err
ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a + b (mod p) */
- mp_err res;
-
- if ((res = mp_add(a, b, r)) != MP_OKAY) {
- return res;
- }
- if (mp_cmp(r, &meth->irr) >= 0) {
- return mp_sub(r, &meth->irr, r);
- }
- return res;
+ /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a + b (mod p) */
+ mp_err res;
+
+ if ((res = mp_add(a, b, r)) != MP_OKAY) {
+ return res;
+ }
+ if (mp_cmp(r, &meth->irr) >= 0) {
+ return mp_sub(r, &meth->irr, r);
+ }
+ return res;
}
/* Negates a field element. Assumes that 0 <= a < meth->irr */
mp_err
ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- /* PRE: 0 <= a < p = meth->irr POST: 0 <= r < p, r = -a (mod p) */
+ /* PRE: 0 <= a < p = meth->irr POST: 0 <= r < p, r = -a (mod p) */
- if (mp_cmp_z(a) == 0) {
- mp_zero(r);
- return MP_OKAY;
- }
- return mp_sub(&meth->irr, a, r);
+ if (mp_cmp_z(a) == 0) {
+ mp_zero(r);
+ return MP_OKAY;
+ }
+ return mp_sub(&meth->irr, a, r);
}
/* Subtracts two field elements. Assumes that 0 <= a, b < meth->irr */
mp_err
ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
-
- /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a - b (mod p) */
- res = mp_sub(a, b, r);
- if (res == MP_RANGE) {
- MP_CHECKOK(mp_sub(b, a, r));
- if (mp_cmp_z(r) < 0) {
- MP_CHECKOK(mp_add(r, &meth->irr, r));
- }
- MP_CHECKOK(ec_GFp_neg(r, r, meth));
- }
- if (mp_cmp_z(r) < 0) {
- MP_CHECKOK(mp_add(r, &meth->irr, r));
- }
- CLEANUP:
- return res;
+ mp_err res = MP_OKAY;
+
+ /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a - b (mod p) */
+ res = mp_sub(a, b, r);
+ if (res == MP_RANGE) {
+ MP_CHECKOK(mp_sub(b, a, r));
+ if (mp_cmp_z(r) < 0) {
+ MP_CHECKOK(mp_add(r, &meth->irr, r));
+ }
+ MP_CHECKOK(ec_GFp_neg(r, r, meth));
+ }
+ if (mp_cmp_z(r) < 0) {
+ MP_CHECKOK(mp_add(r, &meth->irr, r));
+ }
+CLEANUP:
+ return res;
}
-/*
+/*
* Inline adds for small curve lengths.
*/
/* 3 words */
mp_err
-ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a0 = 0, a1 = 0, a2 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0;
- mp_digit carry;
-
- switch(MP_USED(a)) {
- case 3:
- a2 = MP_DIGIT(a,2);
- case 2:
- a1 = MP_DIGIT(a,1);
- case 1:
- a0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 3:
- r2 = MP_DIGIT(b,2);
- case 2:
- r1 = MP_DIGIT(b,1);
- case 1:
- r0 = MP_DIGIT(b,0);
- }
+ mp_err res = MP_OKAY;
+ mp_digit a0 = 0, a1 = 0, a2 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0;
+ mp_digit carry;
+
+ switch (MP_USED(a)) {
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ case 1:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 3:
+ r2 = MP_DIGIT(b, 2);
+ case 2:
+ r1 = MP_DIGIT(b, 1);
+ case 1:
+ r0 = MP_DIGIT(b, 0);
+ }
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
#else
- __asm__ (
- "xorq %3,%3 \n\t"
- "addq %4,%0 \n\t"
- "adcq %5,%1 \n\t"
- "adcq %6,%2 \n\t"
- "adcq $0,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
- : "r" (a0), "r" (a1), "r" (a2),
- "0" (r0), "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "xorq %3,%3 \n\t"
+ "addq %4,%0 \n\t"
+ "adcq %5,%1 \n\t"
+ "adcq %6,%2 \n\t"
+ "adcq $0,%3 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
+ : "r"(a0), "r"(a1), "r"(a2),
+ "0"(r0), "1"(r1), "2"(r2)
+ : "%cc");
#endif
- MP_CHECKOK(s_mp_pad(r, 3));
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 3;
-
- /* Do quick 'subract' if we've gone over
- * (add the 2's complement of the curve field) */
- a2 = MP_DIGIT(&meth->irr,2);
- if (carry || r2 > a2 ||
- ((r2 == a2) && mp_cmp(r,&meth->irr) != MP_LT)) {
- a1 = MP_DIGIT(&meth->irr,1);
- a0 = MP_DIGIT(&meth->irr,0);
+ MP_CHECKOK(s_mp_pad(r, 3));
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 3;
+
+ /* Do quick 'subract' if we've gone over
+ * (add the 2's complement of the curve field) */
+ a2 = MP_DIGIT(&meth->irr, 2);
+ if (carry || r2 > a2 ||
+ ((r2 == a2) && mp_cmp(r, &meth->irr) != MP_LT)) {
+ a1 = MP_DIGIT(&meth->irr, 1);
+ a0 = MP_DIGIT(&meth->irr, 0);
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
#else
- __asm__ (
- "subq %3,%0 \n\t"
- "sbbq %4,%1 \n\t"
- "sbbq %5,%2 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2)
- : "r" (a0), "r" (a1), "r" (a2),
- "0" (r0), "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "subq %3,%0 \n\t"
+ "sbbq %4,%1 \n\t"
+ "sbbq %5,%2 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2)
+ : "r"(a0), "r"(a1), "r"(a2),
+ "0"(r0), "1"(r1), "2"(r2)
+ : "%cc");
#endif
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- }
-
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ }
+
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/* 4 words */
mp_err
-ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
- mp_digit carry;
-
- switch(MP_USED(a)) {
- case 4:
- a3 = MP_DIGIT(a,3);
- case 3:
- a2 = MP_DIGIT(a,2);
- case 2:
- a1 = MP_DIGIT(a,1);
- case 1:
- a0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 4:
- r3 = MP_DIGIT(b,3);
- case 3:
- r2 = MP_DIGIT(b,2);
- case 2:
- r1 = MP_DIGIT(b,1);
- case 1:
- r0 = MP_DIGIT(b,0);
- }
+ mp_err res = MP_OKAY;
+ mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
+ mp_digit carry;
+
+ switch (MP_USED(a)) {
+ case 4:
+ a3 = MP_DIGIT(a, 3);
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ case 1:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 4:
+ r3 = MP_DIGIT(b, 3);
+ case 3:
+ r2 = MP_DIGIT(b, 2);
+ case 2:
+ r1 = MP_DIGIT(b, 1);
+ case 1:
+ r0 = MP_DIGIT(b, 0);
+ }
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
- MP_ADD_CARRY(a3, r3, r3, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry);
#else
- __asm__ (
- "xorq %4,%4 \n\t"
- "addq %5,%0 \n\t"
- "adcq %6,%1 \n\t"
- "adcq %7,%2 \n\t"
- "adcq %8,%3 \n\t"
- "adcq $0,%4 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(carry)
- : "r" (a0), "r" (a1), "r" (a2), "r" (a3),
- "0" (r0), "1" (r1), "2" (r2), "3" (r3)
- : "%cc" );
+ __asm__(
+ "xorq %4,%4 \n\t"
+ "addq %5,%0 \n\t"
+ "adcq %6,%1 \n\t"
+ "adcq %7,%2 \n\t"
+ "adcq %8,%3 \n\t"
+ "adcq $0,%4 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(carry)
+ : "r"(a0), "r"(a1), "r"(a2), "r"(a3),
+ "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+ : "%cc");
#endif
- MP_CHECKOK(s_mp_pad(r, 4));
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 4;
-
- /* Do quick 'subract' if we've gone over
- * (add the 2's complement of the curve field) */
- a3 = MP_DIGIT(&meth->irr,3);
- if (carry || r3 > a3 ||
- ((r3 == a3) && mp_cmp(r,&meth->irr) != MP_LT)) {
- a2 = MP_DIGIT(&meth->irr,2);
- a1 = MP_DIGIT(&meth->irr,1);
- a0 = MP_DIGIT(&meth->irr,0);
+ MP_CHECKOK(s_mp_pad(r, 4));
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 4;
+
+ /* Do quick 'subract' if we've gone over
+ * (add the 2's complement of the curve field) */
+ a3 = MP_DIGIT(&meth->irr, 3);
+ if (carry || r3 > a3 ||
+ ((r3 == a3) && mp_cmp(r, &meth->irr) != MP_LT)) {
+ a2 = MP_DIGIT(&meth->irr, 2);
+ a1 = MP_DIGIT(&meth->irr, 1);
+ a0 = MP_DIGIT(&meth->irr, 0);
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
- MP_SUB_BORROW(r3, a3, r3, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry);
#else
- __asm__ (
- "subq %4,%0 \n\t"
- "sbbq %5,%1 \n\t"
- "sbbq %6,%2 \n\t"
- "sbbq %7,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
- : "r" (a0), "r" (a1), "r" (a2), "r" (a3),
- "0" (r0), "1" (r1), "2" (r2), "3" (r3)
- : "%cc" );
+ __asm__(
+ "subq %4,%0 \n\t"
+ "sbbq %5,%1 \n\t"
+ "sbbq %6,%2 \n\t"
+ "sbbq %7,%3 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
+ : "r"(a0), "r"(a1), "r"(a2), "r"(a3),
+ "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+ : "%cc");
#endif
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- }
-
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ }
+
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/* 5 words */
mp_err
-ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
- mp_digit carry;
-
- switch(MP_USED(a)) {
- case 5:
- a4 = MP_DIGIT(a,4);
- case 4:
- a3 = MP_DIGIT(a,3);
- case 3:
- a2 = MP_DIGIT(a,2);
- case 2:
- a1 = MP_DIGIT(a,1);
- case 1:
- a0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 5:
- r4 = MP_DIGIT(b,4);
- case 4:
- r3 = MP_DIGIT(b,3);
- case 3:
- r2 = MP_DIGIT(b,2);
- case 2:
- r1 = MP_DIGIT(b,1);
- case 1:
- r0 = MP_DIGIT(b,0);
- }
-
+ mp_err res = MP_OKAY;
+ mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
+ mp_digit carry;
+
+ switch (MP_USED(a)) {
+ case 5:
+ a4 = MP_DIGIT(a, 4);
+ case 4:
+ a3 = MP_DIGIT(a, 3);
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ case 1:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 5:
+ r4 = MP_DIGIT(b, 4);
+ case 4:
+ r3 = MP_DIGIT(b, 3);
+ case 3:
+ r2 = MP_DIGIT(b, 2);
+ case 2:
+ r1 = MP_DIGIT(b, 1);
+ case 1:
+ r0 = MP_DIGIT(b, 0);
+ }
+
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry);
+ MP_ADD_CARRY(a4, r4, r4, carry);
+
+ MP_CHECKOK(s_mp_pad(r, 5));
+ MP_DIGIT(r, 4) = r4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 5;
+
+ /* Do quick 'subract' if we've gone over
+ * (add the 2's complement of the curve field) */
+ a4 = MP_DIGIT(&meth->irr, 4);
+ if (carry || r4 > a4 ||
+ ((r4 == a4) && mp_cmp(r, &meth->irr) != MP_LT)) {
+ a3 = MP_DIGIT(&meth->irr, 3);
+ a2 = MP_DIGIT(&meth->irr, 2);
+ a1 = MP_DIGIT(&meth->irr, 1);
+ a0 = MP_DIGIT(&meth->irr, 0);
carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
- MP_ADD_CARRY(a3, r3, r3, carry);
- MP_ADD_CARRY(a4, r4, r4, carry);
-
- MP_CHECKOK(s_mp_pad(r, 5));
- MP_DIGIT(r, 4) = r4;
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 5;
-
- /* Do quick 'subract' if we've gone over
- * (add the 2's complement of the curve field) */
- a4 = MP_DIGIT(&meth->irr,4);
- if (carry || r4 > a4 ||
- ((r4 == a4) && mp_cmp(r,&meth->irr) != MP_LT)) {
- a3 = MP_DIGIT(&meth->irr,3);
- a2 = MP_DIGIT(&meth->irr,2);
- a1 = MP_DIGIT(&meth->irr,1);
- a0 = MP_DIGIT(&meth->irr,0);
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
- MP_SUB_BORROW(r3, a3, r3, carry);
- MP_SUB_BORROW(r4, a4, r4, carry);
- MP_DIGIT(r, 4) = r4;
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- }
-
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry);
+ MP_SUB_BORROW(r4, a4, r4, carry);
+ MP_DIGIT(r, 4) = r4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ }
+
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/* 6 words */
mp_err
-ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0, a5 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
- mp_digit carry;
-
- switch(MP_USED(a)) {
- case 6:
- a5 = MP_DIGIT(a,5);
- case 5:
- a4 = MP_DIGIT(a,4);
- case 4:
- a3 = MP_DIGIT(a,3);
- case 3:
- a2 = MP_DIGIT(a,2);
- case 2:
- a1 = MP_DIGIT(a,1);
- case 1:
- a0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 6:
- r5 = MP_DIGIT(b,5);
- case 5:
- r4 = MP_DIGIT(b,4);
- case 4:
- r3 = MP_DIGIT(b,3);
- case 3:
- r2 = MP_DIGIT(b,2);
- case 2:
- r1 = MP_DIGIT(b,1);
- case 1:
- r0 = MP_DIGIT(b,0);
- }
-
+ mp_err res = MP_OKAY;
+ mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0, a5 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
+ mp_digit carry;
+
+ switch (MP_USED(a)) {
+ case 6:
+ a5 = MP_DIGIT(a, 5);
+ case 5:
+ a4 = MP_DIGIT(a, 4);
+ case 4:
+ a3 = MP_DIGIT(a, 3);
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ case 1:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 6:
+ r5 = MP_DIGIT(b, 5);
+ case 5:
+ r4 = MP_DIGIT(b, 4);
+ case 4:
+ r3 = MP_DIGIT(b, 3);
+ case 3:
+ r2 = MP_DIGIT(b, 2);
+ case 2:
+ r1 = MP_DIGIT(b, 1);
+ case 1:
+ r0 = MP_DIGIT(b, 0);
+ }
+
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry);
+ MP_ADD_CARRY(a4, r4, r4, carry);
+ MP_ADD_CARRY(a5, r5, r5, carry);
+
+ MP_CHECKOK(s_mp_pad(r, 6));
+ MP_DIGIT(r, 5) = r5;
+ MP_DIGIT(r, 4) = r4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 6;
+
+ /* Do quick 'subract' if we've gone over
+ * (add the 2's complement of the curve field) */
+ a5 = MP_DIGIT(&meth->irr, 5);
+ if (carry || r5 > a5 ||
+ ((r5 == a5) && mp_cmp(r, &meth->irr) != MP_LT)) {
+ a4 = MP_DIGIT(&meth->irr, 4);
+ a3 = MP_DIGIT(&meth->irr, 3);
+ a2 = MP_DIGIT(&meth->irr, 2);
+ a1 = MP_DIGIT(&meth->irr, 1);
+ a0 = MP_DIGIT(&meth->irr, 0);
carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
- MP_ADD_CARRY(a3, r3, r3, carry);
- MP_ADD_CARRY(a4, r4, r4, carry);
- MP_ADD_CARRY(a5, r5, r5, carry);
-
- MP_CHECKOK(s_mp_pad(r, 6));
- MP_DIGIT(r, 5) = r5;
- MP_DIGIT(r, 4) = r4;
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 6;
-
- /* Do quick 'subract' if we've gone over
- * (add the 2's complement of the curve field) */
- a5 = MP_DIGIT(&meth->irr,5);
- if (carry || r5 > a5 ||
- ((r5 == a5) && mp_cmp(r,&meth->irr) != MP_LT)) {
- a4 = MP_DIGIT(&meth->irr,4);
- a3 = MP_DIGIT(&meth->irr,3);
- a2 = MP_DIGIT(&meth->irr,2);
- a1 = MP_DIGIT(&meth->irr,1);
- a0 = MP_DIGIT(&meth->irr,0);
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
- MP_SUB_BORROW(r3, a3, r3, carry);
- MP_SUB_BORROW(r4, a4, r4, carry);
- MP_SUB_BORROW(r5, a5, r5, carry);
- MP_DIGIT(r, 5) = r5;
- MP_DIGIT(r, 4) = r4;
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- }
-
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry);
+ MP_SUB_BORROW(r4, a4, r4, carry);
+ MP_SUB_BORROW(r5, a5, r5, carry);
+ MP_DIGIT(r, 5) = r5;
+ MP_DIGIT(r, 4) = r4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ }
+
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/*
@@ -569,381 +569,380 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
* ... 3 words
*/
mp_err
-ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit b0 = 0, b1 = 0, b2 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0;
- mp_digit borrow;
-
- switch(MP_USED(a)) {
- case 3:
- r2 = MP_DIGIT(a,2);
- case 2:
- r1 = MP_DIGIT(a,1);
- case 1:
- r0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 3:
- b2 = MP_DIGIT(b,2);
- case 2:
- b1 = MP_DIGIT(b,1);
- case 1:
- b0 = MP_DIGIT(b,0);
- }
+ mp_err res = MP_OKAY;
+ mp_digit b0 = 0, b1 = 0, b2 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0;
+ mp_digit borrow;
+
+ switch (MP_USED(a)) {
+ case 3:
+ r2 = MP_DIGIT(a, 2);
+ case 2:
+ r1 = MP_DIGIT(a, 1);
+ case 1:
+ r0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ case 1:
+ b0 = MP_DIGIT(b, 0);
+ }
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
#else
- __asm__ (
- "xorq %3,%3 \n\t"
- "subq %4,%0 \n\t"
- "sbbq %5,%1 \n\t"
- "sbbq %6,%2 \n\t"
- "adcq $0,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r" (borrow)
- : "r" (b0), "r" (b1), "r" (b2),
- "0" (r0), "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "xorq %3,%3 \n\t"
+ "subq %4,%0 \n\t"
+ "sbbq %5,%1 \n\t"
+ "sbbq %6,%2 \n\t"
+ "adcq $0,%3 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(borrow)
+ : "r"(b0), "r"(b1), "r"(b2),
+ "0"(r0), "1"(r1), "2"(r2)
+ : "%cc");
#endif
- /* Do quick 'add' if we've gone under 0
- * (subtract the 2's complement of the curve field) */
- if (borrow) {
- b2 = MP_DIGIT(&meth->irr,2);
- b1 = MP_DIGIT(&meth->irr,1);
- b0 = MP_DIGIT(&meth->irr,0);
+ /* Do quick 'add' if we've gone under 0
+ * (subtract the 2's complement of the curve field) */
+ if (borrow) {
+ b2 = MP_DIGIT(&meth->irr, 2);
+ b1 = MP_DIGIT(&meth->irr, 1);
+ b0 = MP_DIGIT(&meth->irr, 0);
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
+ borrow = 0;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
#else
- __asm__ (
- "addq %3,%0 \n\t"
- "adcq %4,%1 \n\t"
- "adcq %5,%2 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2)
- : "r" (b0), "r" (b1), "r" (b2),
- "0" (r0), "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "addq %3,%0 \n\t"
+ "adcq %4,%1 \n\t"
+ "adcq %5,%2 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2)
+ : "r"(b0), "r"(b1), "r"(b2),
+ "0"(r0), "1"(r1), "2"(r2)
+ : "%cc");
#endif
- }
+ }
#ifdef MPI_AMD64_ADD
- /* compiler fakeout? */
- if ((r2 == b0) && (r1 == b0) && (r0 == b0)) {
- MP_CHECKOK(s_mp_pad(r, 4));
- }
+ /* compiler fakeout? */
+ if ((r2 == b0) && (r1 == b0) && (r0 == b0)) {
+ MP_CHECKOK(s_mp_pad(r, 4));
+ }
#endif
- MP_CHECKOK(s_mp_pad(r, 3));
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 3;
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_CHECKOK(s_mp_pad(r, 3));
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 3;
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/* 4 words */
mp_err
-ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
- mp_digit borrow;
-
- switch(MP_USED(a)) {
- case 4:
- r3 = MP_DIGIT(a,3);
- case 3:
- r2 = MP_DIGIT(a,2);
- case 2:
- r1 = MP_DIGIT(a,1);
- case 1:
- r0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 4:
- b3 = MP_DIGIT(b,3);
- case 3:
- b2 = MP_DIGIT(b,2);
- case 2:
- b1 = MP_DIGIT(b,1);
- case 1:
- b0 = MP_DIGIT(b,0);
- }
+ mp_err res = MP_OKAY;
+ mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
+ mp_digit borrow;
+
+ switch (MP_USED(a)) {
+ case 4:
+ r3 = MP_DIGIT(a, 3);
+ case 3:
+ r2 = MP_DIGIT(a, 2);
+ case 2:
+ r1 = MP_DIGIT(a, 1);
+ case 1:
+ r0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 4:
+ b3 = MP_DIGIT(b, 3);
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ case 1:
+ b0 = MP_DIGIT(b, 0);
+ }
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow);
#else
- __asm__ (
- "xorq %4,%4 \n\t"
- "subq %5,%0 \n\t"
- "sbbq %6,%1 \n\t"
- "sbbq %7,%2 \n\t"
- "sbbq %8,%3 \n\t"
- "adcq $0,%4 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r" (borrow)
- : "r" (b0), "r" (b1), "r" (b2), "r" (b3),
- "0" (r0), "1" (r1), "2" (r2), "3" (r3)
- : "%cc" );
+ __asm__(
+ "xorq %4,%4 \n\t"
+ "subq %5,%0 \n\t"
+ "sbbq %6,%1 \n\t"
+ "sbbq %7,%2 \n\t"
+ "sbbq %8,%3 \n\t"
+ "adcq $0,%4 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(borrow)
+ : "r"(b0), "r"(b1), "r"(b2), "r"(b3),
+ "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+ : "%cc");
#endif
- /* Do quick 'add' if we've gone under 0
- * (subtract the 2's complement of the curve field) */
- if (borrow) {
- b3 = MP_DIGIT(&meth->irr,3);
- b2 = MP_DIGIT(&meth->irr,2);
- b1 = MP_DIGIT(&meth->irr,1);
- b0 = MP_DIGIT(&meth->irr,0);
+ /* Do quick 'add' if we've gone under 0
+ * (subtract the 2's complement of the curve field) */
+ if (borrow) {
+ b3 = MP_DIGIT(&meth->irr, 3);
+ b2 = MP_DIGIT(&meth->irr, 2);
+ b1 = MP_DIGIT(&meth->irr, 1);
+ b0 = MP_DIGIT(&meth->irr, 0);
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow);
+ borrow = 0;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow);
#else
- __asm__ (
- "addq %4,%0 \n\t"
- "adcq %5,%1 \n\t"
- "adcq %6,%2 \n\t"
- "adcq %7,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
- : "r" (b0), "r" (b1), "r" (b2), "r" (b3),
- "0" (r0), "1" (r1), "2" (r2), "3" (r3)
- : "%cc" );
+ __asm__(
+ "addq %4,%0 \n\t"
+ "adcq %5,%1 \n\t"
+ "adcq %6,%2 \n\t"
+ "adcq %7,%3 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
+ : "r"(b0), "r"(b1), "r"(b2), "r"(b3),
+ "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+ : "%cc");
#endif
- }
+ }
#ifdef MPI_AMD64_ADD
- /* compiler fakeout? */
- if ((r3 == b0) && (r1 == b0) && (r0 == b0)) {
- MP_CHECKOK(s_mp_pad(r, 4));
- }
+ /* compiler fakeout? */
+ if ((r3 == b0) && (r1 == b0) && (r0 == b0)) {
+ MP_CHECKOK(s_mp_pad(r, 4));
+ }
#endif
- MP_CHECKOK(s_mp_pad(r, 4));
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 4;
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_CHECKOK(s_mp_pad(r, 4));
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 4;
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/* 5 words */
mp_err
-ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
- mp_digit borrow;
-
- switch(MP_USED(a)) {
- case 5:
- r4 = MP_DIGIT(a,4);
- case 4:
- r3 = MP_DIGIT(a,3);
- case 3:
- r2 = MP_DIGIT(a,2);
- case 2:
- r1 = MP_DIGIT(a,1);
- case 1:
- r0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 5:
- b4 = MP_DIGIT(b,4);
- case 4:
- b3 = MP_DIGIT(b,3);
- case 3:
- b2 = MP_DIGIT(b,2);
- case 2:
- b1 = MP_DIGIT(b,1);
- case 1:
- b0 = MP_DIGIT(b,0);
- }
-
+ mp_err res = MP_OKAY;
+ mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
+ mp_digit borrow;
+
+ switch (MP_USED(a)) {
+ case 5:
+ r4 = MP_DIGIT(a, 4);
+ case 4:
+ r3 = MP_DIGIT(a, 3);
+ case 3:
+ r2 = MP_DIGIT(a, 2);
+ case 2:
+ r1 = MP_DIGIT(a, 1);
+ case 1:
+ r0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 5:
+ b4 = MP_DIGIT(b, 4);
+ case 4:
+ b3 = MP_DIGIT(b, 3);
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ case 1:
+ b0 = MP_DIGIT(b, 0);
+ }
+
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow);
+ MP_SUB_BORROW(r4, b4, r4, borrow);
+
+ /* Do quick 'add' if we've gone under 0
+ * (subtract the 2's complement of the curve field) */
+ if (borrow) {
+ b4 = MP_DIGIT(&meth->irr, 4);
+ b3 = MP_DIGIT(&meth->irr, 3);
+ b2 = MP_DIGIT(&meth->irr, 2);
+ b1 = MP_DIGIT(&meth->irr, 1);
+ b0 = MP_DIGIT(&meth->irr, 0);
borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow);
- MP_SUB_BORROW(r4, b4, r4, borrow);
-
- /* Do quick 'add' if we've gone under 0
- * (subtract the 2's complement of the curve field) */
- if (borrow) {
- b4 = MP_DIGIT(&meth->irr,4);
- b3 = MP_DIGIT(&meth->irr,3);
- b2 = MP_DIGIT(&meth->irr,2);
- b1 = MP_DIGIT(&meth->irr,1);
- b0 = MP_DIGIT(&meth->irr,0);
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow);
- MP_ADD_CARRY(b4, r4, r4, borrow);
- }
- MP_CHECKOK(s_mp_pad(r, 5));
- MP_DIGIT(r, 4) = r4;
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 5;
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow);
+ MP_ADD_CARRY(b4, r4, r4, borrow);
+ }
+ MP_CHECKOK(s_mp_pad(r, 5));
+ MP_DIGIT(r, 4) = r4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 5;
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/* 6 words */
mp_err
-ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0, b5 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
- mp_digit borrow;
-
- switch(MP_USED(a)) {
- case 6:
- r5 = MP_DIGIT(a,5);
- case 5:
- r4 = MP_DIGIT(a,4);
- case 4:
- r3 = MP_DIGIT(a,3);
- case 3:
- r2 = MP_DIGIT(a,2);
- case 2:
- r1 = MP_DIGIT(a,1);
- case 1:
- r0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 6:
- b5 = MP_DIGIT(b,5);
- case 5:
- b4 = MP_DIGIT(b,4);
- case 4:
- b3 = MP_DIGIT(b,3);
- case 3:
- b2 = MP_DIGIT(b,2);
- case 2:
- b1 = MP_DIGIT(b,1);
- case 1:
- b0 = MP_DIGIT(b,0);
- }
-
+ mp_err res = MP_OKAY;
+ mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0, b5 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
+ mp_digit borrow;
+
+ switch (MP_USED(a)) {
+ case 6:
+ r5 = MP_DIGIT(a, 5);
+ case 5:
+ r4 = MP_DIGIT(a, 4);
+ case 4:
+ r3 = MP_DIGIT(a, 3);
+ case 3:
+ r2 = MP_DIGIT(a, 2);
+ case 2:
+ r1 = MP_DIGIT(a, 1);
+ case 1:
+ r0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 6:
+ b5 = MP_DIGIT(b, 5);
+ case 5:
+ b4 = MP_DIGIT(b, 4);
+ case 4:
+ b3 = MP_DIGIT(b, 3);
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ case 1:
+ b0 = MP_DIGIT(b, 0);
+ }
+
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow);
+ MP_SUB_BORROW(r4, b4, r4, borrow);
+ MP_SUB_BORROW(r5, b5, r5, borrow);
+
+ /* Do quick 'add' if we've gone under 0
+ * (subtract the 2's complement of the curve field) */
+ if (borrow) {
+ b5 = MP_DIGIT(&meth->irr, 5);
+ b4 = MP_DIGIT(&meth->irr, 4);
+ b3 = MP_DIGIT(&meth->irr, 3);
+ b2 = MP_DIGIT(&meth->irr, 2);
+ b1 = MP_DIGIT(&meth->irr, 1);
+ b0 = MP_DIGIT(&meth->irr, 0);
borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow);
- MP_SUB_BORROW(r4, b4, r4, borrow);
- MP_SUB_BORROW(r5, b5, r5, borrow);
-
- /* Do quick 'add' if we've gone under 0
- * (subtract the 2's complement of the curve field) */
- if (borrow) {
- b5 = MP_DIGIT(&meth->irr,5);
- b4 = MP_DIGIT(&meth->irr,4);
- b3 = MP_DIGIT(&meth->irr,3);
- b2 = MP_DIGIT(&meth->irr,2);
- b1 = MP_DIGIT(&meth->irr,1);
- b0 = MP_DIGIT(&meth->irr,0);
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow);
- MP_ADD_CARRY(b4, r4, r4, borrow);
- MP_ADD_CARRY(b5, r5, r5, borrow);
- }
-
- MP_CHECKOK(s_mp_pad(r, 6));
- MP_DIGIT(r, 5) = r5;
- MP_DIGIT(r, 4) = r4;
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 6;
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow);
+ MP_ADD_CARRY(b4, r4, r4, borrow);
+ MP_ADD_CARRY(b5, r5, r5, borrow);
+ }
+
+ MP_CHECKOK(s_mp_pad(r, 6));
+ MP_DIGIT(r, 5) = r5;
+ MP_DIGIT(r, 4) = r4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 6;
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
-
/* Reduces an integer to a field element. */
mp_err
ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- return mp_mod(a, &meth->irr, r);
+ return mp_mod(a, &meth->irr, r);
}
/* Multiplies two field elements. */
mp_err
ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- return mp_mulmod(a, b, &meth->irr, r);
+ return mp_mulmod(a, b, &meth->irr, r);
}
/* Squares a field element. */
mp_err
ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- return mp_sqrmod(a, &meth->irr, r);
+ return mp_sqrmod(a, &meth->irr, r);
}
/* Divides two field elements. If a is NULL, then returns the inverse of
* b. */
mp_err
ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_int t;
-
- /* If a is NULL, then return the inverse of b, otherwise return a/b. */
- if (a == NULL) {
- return mp_invmod(b, &meth->irr, r);
- } else {
- /* MPI doesn't support divmod, so we implement it using invmod and
- * mulmod. */
- MP_CHECKOK(mp_init(&t));
- MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
- MP_CHECKOK(mp_mulmod(a, &t, &meth->irr, r));
- CLEANUP:
- mp_clear(&t);
- return res;
- }
+ mp_err res = MP_OKAY;
+ mp_int t;
+
+ /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+ if (a == NULL) {
+ return mp_invmod(b, &meth->irr, r);
+ } else {
+ /* MPI doesn't support divmod, so we implement it using invmod and
+ * mulmod. */
+ MP_CHECKOK(mp_init(&t));
+ MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+ MP_CHECKOK(mp_mulmod(a, &t, &meth->irr, r));
+ CLEANUP:
+ mp_clear(&t);
+ return res;
+ }
}
/* Wrapper functions for generic binary polynomial field arithmetic. */
@@ -951,9 +950,9 @@ ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r,
/* Adds two field elements. */
mp_err
ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- return mp_badd(a, b, r);
+ return mp_badd(a, b, r);
}
/* Negates a field element. Note that for binary polynomial fields, the
@@ -961,55 +960,55 @@ ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r,
mp_err
ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- if (a == r) {
- return MP_OKAY;
- } else {
- return mp_copy(a, r);
- }
+ if (a == r) {
+ return MP_OKAY;
+ } else {
+ return mp_copy(a, r);
+ }
}
/* Reduces a binary polynomial to a field element. */
mp_err
ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- return mp_bmod(a, meth->irr_arr, r);
+ return mp_bmod(a, meth->irr_arr, r);
}
/* Multiplies two field elements. */
mp_err
ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- return mp_bmulmod(a, b, meth->irr_arr, r);
+ return mp_bmulmod(a, b, meth->irr_arr, r);
}
/* Squares a field element. */
mp_err
ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- return mp_bsqrmod(a, meth->irr_arr, r);
+ return mp_bsqrmod(a, meth->irr_arr, r);
}
/* Divides two field elements. If a is NULL, then returns the inverse of
* b. */
mp_err
ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_int t;
-
- /* If a is NULL, then return the inverse of b, otherwise return a/b. */
- if (a == NULL) {
- /* The GF(2^m) portion of MPI doesn't support invmod, so we
- * compute 1/b. */
- MP_CHECKOK(mp_init(&t));
- MP_CHECKOK(mp_set_int(&t, 1));
- MP_CHECKOK(mp_bdivmod(&t, b, &meth->irr, meth->irr_arr, r));
- CLEANUP:
- mp_clear(&t);
- return res;
- } else {
- return mp_bdivmod(a, b, &meth->irr, meth->irr_arr, r);
- }
+ mp_err res = MP_OKAY;
+ mp_int t;
+
+ /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+ if (a == NULL) {
+ /* The GF(2^m) portion of MPI doesn't support invmod, so we
+ * compute 1/b. */
+ MP_CHECKOK(mp_init(&t));
+ MP_CHECKOK(mp_set_int(&t, 1));
+ MP_CHECKOK(mp_bdivmod(&t, b, &meth->irr, meth->irr_arr, r));
+ CLEANUP:
+ mp_clear(&t);
+ return res;
+ } else {
+ return mp_bdivmod(a, b, &meth->irr, meth->irr_arr, r);
+ }
}
diff --git a/lib/freebl/ecl/ecl_mult.c b/lib/freebl/ecl/ecl_mult.c
index 5932828bd..ffbcbf1d9 100644
--- a/lib/freebl/ecl/ecl_mult.c
+++ b/lib/freebl/ecl/ecl_mult.c
@@ -8,113 +8,110 @@
#include "ecl-priv.h"
#include <stdlib.h>
-/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k * P(x,
- * y). If x, y = NULL, then P is assumed to be the generator (base point)
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k * P(x,
+ * y). If x, y = NULL, then P is assumed to be the generator (base point)
* of the group of points on the elliptic curve. Input and output values
* are assumed to be NOT field-encoded. */
mp_err
ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry)
+ const mp_int *py, mp_int *rx, mp_int *ry)
{
- mp_err res = MP_OKAY;
- mp_int kt;
+ mp_err res = MP_OKAY;
+ mp_int kt;
- ARGCHK((k != NULL) && (group != NULL), MP_BADARG);
- MP_DIGITS(&kt) = 0;
+ ARGCHK((k != NULL) && (group != NULL), MP_BADARG);
+ MP_DIGITS(&kt) = 0;
- /* want scalar to be less than or equal to group order */
- if (mp_cmp(k, &group->order) > 0) {
- MP_CHECKOK(mp_init(&kt));
- MP_CHECKOK(mp_mod(k, &group->order, &kt));
- } else {
- MP_SIGN(&kt) = MP_ZPOS;
- MP_USED(&kt) = MP_USED(k);
- MP_ALLOC(&kt) = MP_ALLOC(k);
- MP_DIGITS(&kt) = MP_DIGITS(k);
- }
+ /* want scalar to be less than or equal to group order */
+ if (mp_cmp(k, &group->order) > 0) {
+ MP_CHECKOK(mp_init(&kt));
+ MP_CHECKOK(mp_mod(k, &group->order, &kt));
+ } else {
+ MP_SIGN(&kt) = MP_ZPOS;
+ MP_USED(&kt) = MP_USED(k);
+ MP_ALLOC(&kt) = MP_ALLOC(k);
+ MP_DIGITS(&kt) = MP_DIGITS(k);
+ }
- if ((px == NULL) || (py == NULL)) {
- if (group->base_point_mul) {
- MP_CHECKOK(group->base_point_mul(&kt, rx, ry, group));
- } else {
- MP_CHECKOK(group->
- point_mul(&kt, &group->genx, &group->geny, rx, ry,
- group));
- }
- } else {
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->field_enc(px, rx, group->meth));
- MP_CHECKOK(group->meth->field_enc(py, ry, group->meth));
- MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group));
- } else {
- MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group));
- }
- }
- if (group->meth->field_dec) {
- MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
- MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
- }
+ if ((px == NULL) || (py == NULL)) {
+ if (group->base_point_mul) {
+ MP_CHECKOK(group->base_point_mul(&kt, rx, ry, group));
+ } else {
+ MP_CHECKOK(group->point_mul(&kt, &group->genx, &group->geny, rx, ry,
+ group));
+ }
+ } else {
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(px, rx, group->meth));
+ MP_CHECKOK(group->meth->field_enc(py, ry, group->meth));
+ MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group));
+ } else {
+ MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group));
+ }
+ }
+ if (group->meth->field_dec) {
+ MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+ MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+ }
- CLEANUP:
- if (MP_DIGITS(&kt) != MP_DIGITS(k)) {
- mp_clear(&kt);
- }
- return res;
+CLEANUP:
+ if (MP_DIGITS(&kt) != MP_DIGITS(k)) {
+ mp_clear(&kt);
+ }
+ return res;
}
-/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
* points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
* Input and output values are assumed to be NOT field-encoded. */
mp_err
ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group)
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int sx, sy;
+ mp_err res = MP_OKAY;
+ mp_int sx, sy;
- ARGCHK(group != NULL, MP_BADARG);
- ARGCHK(!((k1 == NULL)
- && ((k2 == NULL) || (px == NULL)
- || (py == NULL))), MP_BADARG);
+ ARGCHK(group != NULL, MP_BADARG);
+ ARGCHK(!((k1 == NULL) && ((k2 == NULL) || (px == NULL) || (py == NULL))), MP_BADARG);
- /* if some arguments are not defined used ECPoint_mul */
- if (k1 == NULL) {
- return ECPoint_mul(group, k2, px, py, rx, ry);
- } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
- return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
- }
+ /* if some arguments are not defined used ECPoint_mul */
+ if (k1 == NULL) {
+ return ECPoint_mul(group, k2, px, py, rx, ry);
+ } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+ return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+ }
- MP_DIGITS(&sx) = 0;
- MP_DIGITS(&sy) = 0;
- MP_CHECKOK(mp_init(&sx));
- MP_CHECKOK(mp_init(&sy));
+ MP_DIGITS(&sx) = 0;
+ MP_DIGITS(&sy) = 0;
+ MP_CHECKOK(mp_init(&sx));
+ MP_CHECKOK(mp_init(&sy));
- MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
- MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));
+ MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
+ MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
- MP_CHECKOK(group->meth->field_enc(&sy, &sy, group->meth));
- MP_CHECKOK(group->meth->field_enc(rx, rx, group->meth));
- MP_CHECKOK(group->meth->field_enc(ry, ry, group->meth));
- }
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
+ MP_CHECKOK(group->meth->field_enc(&sy, &sy, group->meth));
+ MP_CHECKOK(group->meth->field_enc(rx, rx, group->meth));
+ MP_CHECKOK(group->meth->field_enc(ry, ry, group->meth));
+ }
- MP_CHECKOK(group->point_add(&sx, &sy, rx, ry, rx, ry, group));
+ MP_CHECKOK(group->point_add(&sx, &sy, rx, ry, rx, ry, group));
- if (group->meth->field_dec) {
- MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
- MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
- }
+ if (group->meth->field_dec) {
+ MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+ MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+ }
- CLEANUP:
- mp_clear(&sx);
- mp_clear(&sy);
- return res;
+CLEANUP:
+ mp_clear(&sx);
+ mp_clear(&sy);
+ return res;
}
-/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
* points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
* Input and output values are assumed to be NOT field-encoded. Uses
@@ -123,200 +120,186 @@ ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
* Elliptic Curves over Prime Fields. */
mp_err
ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group)
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int precomp[4][4][2];
- const mp_int *a, *b;
- unsigned int i, j;
- int ai, bi, d;
+ mp_err res = MP_OKAY;
+ mp_int precomp[4][4][2];
+ const mp_int *a, *b;
+ unsigned int i, j;
+ int ai, bi, d;
- ARGCHK(group != NULL, MP_BADARG);
- ARGCHK(!((k1 == NULL)
- && ((k2 == NULL) || (px == NULL)
- || (py == NULL))), MP_BADARG);
+ ARGCHK(group != NULL, MP_BADARG);
+ ARGCHK(!((k1 == NULL) && ((k2 == NULL) || (px == NULL) || (py == NULL))), MP_BADARG);
- /* if some arguments are not defined used ECPoint_mul */
- if (k1 == NULL) {
- return ECPoint_mul(group, k2, px, py, rx, ry);
- } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
- return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
- }
+ /* if some arguments are not defined used ECPoint_mul */
+ if (k1 == NULL) {
+ return ECPoint_mul(group, k2, px, py, rx, ry);
+ } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+ return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+ }
- /* initialize precomputation table */
- for (i = 0; i < 4; i++) {
- for (j = 0; j < 4; j++) {
- MP_DIGITS(&precomp[i][j][0]) = 0;
- MP_DIGITS(&precomp[i][j][1]) = 0;
- }
- }
- for (i = 0; i < 4; i++) {
- for (j = 0; j < 4; j++) {
- MP_CHECKOK( mp_init_size(&precomp[i][j][0],
- ECL_MAX_FIELD_SIZE_DIGITS) );
- MP_CHECKOK( mp_init_size(&precomp[i][j][1],
- ECL_MAX_FIELD_SIZE_DIGITS) );
- }
- }
+ /* initialize precomputation table */
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 4; j++) {
+ MP_DIGITS(&precomp[i][j][0]) = 0;
+ MP_DIGITS(&precomp[i][j][1]) = 0;
+ }
+ }
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 4; j++) {
+ MP_CHECKOK(mp_init_size(&precomp[i][j][0],
+ ECL_MAX_FIELD_SIZE_DIGITS));
+ MP_CHECKOK(mp_init_size(&precomp[i][j][1],
+ ECL_MAX_FIELD_SIZE_DIGITS));
+ }
+ }
- /* fill precomputation table */
- /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
- if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
- a = k2;
- b = k1;
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->
- field_enc(px, &precomp[1][0][0], group->meth));
- MP_CHECKOK(group->meth->
- field_enc(py, &precomp[1][0][1], group->meth));
- } else {
- MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
- MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
- }
- MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
- MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
- } else {
- a = k1;
- b = k2;
- MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
- MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->
- field_enc(px, &precomp[0][1][0], group->meth));
- MP_CHECKOK(group->meth->
- field_enc(py, &precomp[0][1][1], group->meth));
- } else {
- MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
- MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
- }
- }
- /* precompute [*][0][*] */
- mp_zero(&precomp[0][0][0]);
- mp_zero(&precomp[0][0][1]);
- MP_CHECKOK(group->
- point_dbl(&precomp[1][0][0], &precomp[1][0][1],
- &precomp[2][0][0], &precomp[2][0][1], group));
- MP_CHECKOK(group->
- point_add(&precomp[1][0][0], &precomp[1][0][1],
- &precomp[2][0][0], &precomp[2][0][1],
- &precomp[3][0][0], &precomp[3][0][1], group));
- /* precompute [*][1][*] */
- for (i = 1; i < 4; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[0][1][0], &precomp[0][1][1],
- &precomp[i][0][0], &precomp[i][0][1],
- &precomp[i][1][0], &precomp[i][1][1], group));
- }
- /* precompute [*][2][*] */
- MP_CHECKOK(group->
- point_dbl(&precomp[0][1][0], &precomp[0][1][1],
- &precomp[0][2][0], &precomp[0][2][1], group));
- for (i = 1; i < 4; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[0][2][0], &precomp[0][2][1],
- &precomp[i][0][0], &precomp[i][0][1],
- &precomp[i][2][0], &precomp[i][2][1], group));
- }
- /* precompute [*][3][*] */
- MP_CHECKOK(group->
- point_add(&precomp[0][1][0], &precomp[0][1][1],
- &precomp[0][2][0], &precomp[0][2][1],
- &precomp[0][3][0], &precomp[0][3][1], group));
- for (i = 1; i < 4; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[0][3][0], &precomp[0][3][1],
- &precomp[i][0][0], &precomp[i][0][1],
- &precomp[i][3][0], &precomp[i][3][1], group));
- }
+ /* fill precomputation table */
+ /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
+ if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
+ a = k2;
+ b = k1;
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(px, &precomp[1][0][0], group->meth));
+ MP_CHECKOK(group->meth->field_enc(py, &precomp[1][0][1], group->meth));
+ } else {
+ MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
+ MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
+ }
+ MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
+ MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
+ } else {
+ a = k1;
+ b = k2;
+ MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
+ MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(px, &precomp[0][1][0], group->meth));
+ MP_CHECKOK(group->meth->field_enc(py, &precomp[0][1][1], group->meth));
+ } else {
+ MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
+ MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
+ }
+ }
+ /* precompute [*][0][*] */
+ mp_zero(&precomp[0][0][0]);
+ mp_zero(&precomp[0][0][1]);
+ MP_CHECKOK(group->point_dbl(&precomp[1][0][0], &precomp[1][0][1],
+ &precomp[2][0][0], &precomp[2][0][1], group));
+ MP_CHECKOK(group->point_add(&precomp[1][0][0], &precomp[1][0][1],
+ &precomp[2][0][0], &precomp[2][0][1],
+ &precomp[3][0][0], &precomp[3][0][1], group));
+ /* precompute [*][1][*] */
+ for (i = 1; i < 4; i++) {
+ MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+ &precomp[i][0][0], &precomp[i][0][1],
+ &precomp[i][1][0], &precomp[i][1][1], group));
+ }
+ /* precompute [*][2][*] */
+ MP_CHECKOK(group->point_dbl(&precomp[0][1][0], &precomp[0][1][1],
+ &precomp[0][2][0], &precomp[0][2][1], group));
+ for (i = 1; i < 4; i++) {
+ MP_CHECKOK(group->point_add(&precomp[0][2][0], &precomp[0][2][1],
+ &precomp[i][0][0], &precomp[i][0][1],
+ &precomp[i][2][0], &precomp[i][2][1], group));
+ }
+ /* precompute [*][3][*] */
+ MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+ &precomp[0][2][0], &precomp[0][2][1],
+ &precomp[0][3][0], &precomp[0][3][1], group));
+ for (i = 1; i < 4; i++) {
+ MP_CHECKOK(group->point_add(&precomp[0][3][0], &precomp[0][3][1],
+ &precomp[i][0][0], &precomp[i][0][1],
+ &precomp[i][3][0], &precomp[i][3][1], group));
+ }
- d = (mpl_significant_bits(a) + 1) / 2;
+ d = (mpl_significant_bits(a) + 1) / 2;
- /* R = inf */
- mp_zero(rx);
- mp_zero(ry);
+ /* R = inf */
+ mp_zero(rx);
+ mp_zero(ry);
- for (i = d; i-- > 0;) {
- ai = MP_GET_BIT(a, 2 * i + 1);
- ai <<= 1;
- ai |= MP_GET_BIT(a, 2 * i);
- bi = MP_GET_BIT(b, 2 * i + 1);
- bi <<= 1;
- bi |= MP_GET_BIT(b, 2 * i);
- /* R = 2^2 * R */
- MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
- MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
- /* R = R + (ai * A + bi * B) */
- MP_CHECKOK(group->
- point_add(rx, ry, &precomp[ai][bi][0],
- &precomp[ai][bi][1], rx, ry, group));
- }
+ for (i = d; i-- > 0;) {
+ ai = MP_GET_BIT(a, 2 * i + 1);
+ ai <<= 1;
+ ai |= MP_GET_BIT(a, 2 * i);
+ bi = MP_GET_BIT(b, 2 * i + 1);
+ bi <<= 1;
+ bi |= MP_GET_BIT(b, 2 * i);
+ /* R = 2^2 * R */
+ MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
+ MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
+ /* R = R + (ai * A + bi * B) */
+ MP_CHECKOK(group->point_add(rx, ry, &precomp[ai][bi][0],
+ &precomp[ai][bi][1], rx, ry, group));
+ }
- if (group->meth->field_dec) {
- MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
- MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
- }
+ if (group->meth->field_dec) {
+ MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+ MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+ }
- CLEANUP:
- for (i = 0; i < 4; i++) {
- for (j = 0; j < 4; j++) {
- mp_clear(&precomp[i][j][0]);
- mp_clear(&precomp[i][j][1]);
- }
- }
- return res;
+CLEANUP:
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 4; j++) {
+ mp_clear(&precomp[i][j][0]);
+ mp_clear(&precomp[i][j][1]);
+ }
+ }
+ return res;
}
-/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
* points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
* Input and output values are assumed to be NOT field-encoded. */
mp_err
ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
- const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry)
+ const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry)
{
- mp_err res = MP_OKAY;
- mp_int k1t, k2t;
- const mp_int *k1p, *k2p;
+ mp_err res = MP_OKAY;
+ mp_int k1t, k2t;
+ const mp_int *k1p, *k2p;
- MP_DIGITS(&k1t) = 0;
- MP_DIGITS(&k2t) = 0;
+ MP_DIGITS(&k1t) = 0;
+ MP_DIGITS(&k2t) = 0;
- ARGCHK(group != NULL, MP_BADARG);
+ ARGCHK(group != NULL, MP_BADARG);
- /* want scalar to be less than or equal to group order */
- if (k1 != NULL) {
- if (mp_cmp(k1, &group->order) >= 0) {
- MP_CHECKOK(mp_init(&k1t));
- MP_CHECKOK(mp_mod(k1, &group->order, &k1t));
- k1p = &k1t;
- } else {
- k1p = k1;
- }
- } else {
- k1p = k1;
- }
- if (k2 != NULL) {
- if (mp_cmp(k2, &group->order) >= 0) {
- MP_CHECKOK(mp_init(&k2t));
- MP_CHECKOK(mp_mod(k2, &group->order, &k2t));
- k2p = &k2t;
- } else {
- k2p = k2;
- }
- } else {
- k2p = k2;
- }
+ /* want scalar to be less than or equal to group order */
+ if (k1 != NULL) {
+ if (mp_cmp(k1, &group->order) >= 0) {
+ MP_CHECKOK(mp_init(&k1t));
+ MP_CHECKOK(mp_mod(k1, &group->order, &k1t));
+ k1p = &k1t;
+ } else {
+ k1p = k1;
+ }
+ } else {
+ k1p = k1;
+ }
+ if (k2 != NULL) {
+ if (mp_cmp(k2, &group->order) >= 0) {
+ MP_CHECKOK(mp_init(&k2t));
+ MP_CHECKOK(mp_mod(k2, &group->order, &k2t));
+ k2p = &k2t;
+ } else {
+ k2p = k2;
+ }
+ } else {
+ k2p = k2;
+ }
- /* if points_mul is defined, then use it */
- if (group->points_mul) {
- res = group->points_mul(k1p, k2p, px, py, rx, ry, group);
- } else {
- res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group);
- }
+ /* if points_mul is defined, then use it */
+ if (group->points_mul) {
+ res = group->points_mul(k1p, k2p, px, py, rx, ry, group);
+ } else {
+ res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group);
+ }
- CLEANUP:
- mp_clear(&k1t);
- mp_clear(&k2t);
- return res;
+CLEANUP:
+ mp_clear(&k1t);
+ mp_clear(&k2t);
+ return res;
}
diff --git a/lib/freebl/ecl/ecp.h b/lib/freebl/ecl/ecp.h
index 4784b022f..7e54e4e07 100644
--- a/lib/freebl/ecl/ecp.h
+++ b/lib/freebl/ecl/ecp.h
@@ -16,17 +16,17 @@ mp_err ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py);
/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx,
* qy). Uses affine coordinates. */
mp_err ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
/* Computes R = P - Q. Uses affine coordinates. */
mp_err ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, const ECGroup *group);
/* Computes R = 2P. Uses affine coordinates. */
mp_err ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group);
+ mp_int *ry, const ECGroup *group);
/* Validates a point on a GFp curve. */
mp_err ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group);
@@ -36,25 +36,25 @@ mp_err ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *
* a, b and p are the elliptic curve coefficients and the prime that
* determines the field GFp. Uses affine coordinates. */
mp_err ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
#endif
/* Converts a point P(px, py) from affine coordinates to Jacobian
* projective coordinates R(rx, ry, rz). */
mp_err ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, mp_int *rz, const ECGroup *group);
+ mp_int *ry, mp_int *rz, const ECGroup *group);
/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
* affine coordinates R(rx, ry). */
mp_err ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py,
- const mp_int *pz, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ const mp_int *pz, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
/* Checks if point P(px, py, pz) is at infinity. Uses Jacobian
* coordinates. */
mp_err ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py,
- const mp_int *pz);
+ const mp_int *pz);
/* Sets P(px, py, pz) to be the point at infinity. Uses Jacobian
* coordinates. */
@@ -63,22 +63,22 @@ mp_err ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz);
/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
* (qx, qy, qz). Uses Jacobian coordinates. */
mp_err ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py,
- const mp_int *pz, const mp_int *qx,
- const mp_int *qy, mp_int *rx, mp_int *ry,
- mp_int *rz, const ECGroup *group);
+ const mp_int *pz, const mp_int *qx,
+ const mp_int *qy, mp_int *rx, mp_int *ry,
+ mp_int *rz, const ECGroup *group);
/* Computes R = 2P. Uses Jacobian coordinates. */
mp_err ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py,
- const mp_int *pz, mp_int *rx, mp_int *ry,
- mp_int *rz, const ECGroup *group);
+ const mp_int *pz, mp_int *rx, mp_int *ry,
+ mp_int *rz, const ECGroup *group);
#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
* a, b and p are the elliptic curve coefficients and the prime that
* determines the field GFp. Uses Jacobian coordinates. */
mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
#endif
/* Computes R(x, y) = k1 * G + k2 * P(x, y), where G is the generator
@@ -87,9 +87,9 @@ mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px,
* coordinates. Input and output values are assumed to be NOT
* field-encoded and are in affine form. */
mp_err
- ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group);
+ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group);
/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
* curve points P and R can be identical. Uses mixed Modified-Jacobian
@@ -97,10 +97,10 @@ mp_err
* additions. Assumes input is already field-encoded using field_enc, and
* returns output that is still field-encoded. Uses 5-bit window NAF
* method (algorithm 11) for scalar-point multiplication from Brown,
- * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
* Curves Over Prime Fields. */
mp_err
- ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *group);
+ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
+ mp_int *rx, mp_int *ry, const ECGroup *group);
-#endif /* __ecp_h_ */
+#endif /* __ecp_h_ */
diff --git a/lib/freebl/ecl/ecp_192.c b/lib/freebl/ecl/ecp_192.c
index 0bfd95e1d..f6d45b449 100644
--- a/lib/freebl/ecl/ecp_192.c
+++ b/lib/freebl/ecl/ecp_192.c
@@ -15,423 +15,423 @@
static mp_err
ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_size a_used = MP_USED(a);
- mp_digit r3;
-#ifndef MPI_AMD64_ADD
- mp_digit carry;
+ mp_err res = MP_OKAY;
+ mp_size a_used = MP_USED(a);
+ mp_digit r3;
+#ifndef MPI_AMD64_ADD
+ mp_digit carry;
#endif
#ifdef ECL_THIRTY_TWO_BIT
- mp_digit a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0;
- mp_digit r0a, r0b, r1a, r1b, r2a, r2b;
+ mp_digit a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0;
+ mp_digit r0a, r0b, r1a, r1b, r2a, r2b;
#else
- mp_digit a5 = 0, a4 = 0, a3 = 0;
- mp_digit r0, r1, r2;
+ mp_digit a5 = 0, a4 = 0, a3 = 0;
+ mp_digit r0, r1, r2;
#endif
- /* reduction not needed if a is not larger than field size */
- if (a_used < ECP192_DIGITS) {
- if (a == r) {
- return MP_OKAY;
- }
- return mp_copy(a, r);
- }
-
- /* for polynomials larger than twice the field size, use regular
- * reduction */
- if (a_used > ECP192_DIGITS*2) {
- MP_CHECKOK(mp_mod(a, &meth->irr, r));
- } else {
- /* copy out upper words of a */
+ /* reduction not needed if a is not larger than field size */
+ if (a_used < ECP192_DIGITS) {
+ if (a == r) {
+ return MP_OKAY;
+ }
+ return mp_copy(a, r);
+ }
+
+ /* for polynomials larger than twice the field size, use regular
+ * reduction */
+ if (a_used > ECP192_DIGITS * 2) {
+ MP_CHECKOK(mp_mod(a, &meth->irr, r));
+ } else {
+/* copy out upper words of a */
#ifdef ECL_THIRTY_TWO_BIT
- /* in all the math below,
- * nXb is most signifiant, nXa is least significant */
- switch (a_used) {
- case 12:
- a5b = MP_DIGIT(a, 11);
- case 11:
- a5a = MP_DIGIT(a, 10);
- case 10:
- a4b = MP_DIGIT(a, 9);
- case 9:
- a4a = MP_DIGIT(a, 8);
- case 8:
- a3b = MP_DIGIT(a, 7);
- case 7:
- a3a = MP_DIGIT(a, 6);
- }
-
-
- r2b= MP_DIGIT(a, 5);
- r2a= MP_DIGIT(a, 4);
- r1b = MP_DIGIT(a, 3);
- r1a = MP_DIGIT(a, 2);
- r0b = MP_DIGIT(a, 1);
- r0a = MP_DIGIT(a, 0);
-
- /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
- carry = 0;
- MP_ADD_CARRY(r0a, a3a, r0a, carry);
- MP_ADD_CARRY(r0b, a3b, r0b, carry);
- MP_ADD_CARRY(r1a, a3a, r1a, carry);
- MP_ADD_CARRY(r1b, a3b, r1b, carry);
- MP_ADD_CARRY(r2a, a4a, r2a, carry);
- MP_ADD_CARRY(r2b, a4b, r2b, carry);
- r3 = carry; carry = 0;
- MP_ADD_CARRY(r0a, a5a, r0a, carry);
- MP_ADD_CARRY(r0b, a5b, r0b, carry);
- MP_ADD_CARRY(r1a, a5a, r1a, carry);
- MP_ADD_CARRY(r1b, a5b, r1b, carry);
- MP_ADD_CARRY(r2a, a5a, r2a, carry);
- MP_ADD_CARRY(r2b, a5b, r2b, carry);
- r3 += carry; carry = 0;
- MP_ADD_CARRY(r1a, a4a, r1a, carry);
- MP_ADD_CARRY(r1b, a4b, r1b, carry);
- MP_ADD_CARRY(r2a, 0, r2a, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry);
- r3 += carry;
-
- /* reduce out the carry */
- while (r3) {
- carry = 0;
- MP_ADD_CARRY(r0a, r3, r0a, carry);
- MP_ADD_CARRY(r0b, 0, r0b, carry);
- MP_ADD_CARRY(r1a, r3, r1a, carry);
- MP_ADD_CARRY(r1b, 0, r1b, carry);
- MP_ADD_CARRY(r2a, 0, r2a, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry);
- r3 = carry;
- }
-
- /* check for final reduction */
- /*
- * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
- * 0xffffffffffffffff. That means we can only be over and need
- * one more reduction
- * if r2 == 0xffffffffffffffffff (same as r2+1 == 0)
- * and
- * r1 == 0xffffffffffffffffff or
- * r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
- * In all cases, we subtract the field (or add the 2's
- * complement value (1,1,0)). (r0, r1, r2)
- */
- if (((r2b == 0xffffffff) && (r2a == 0xffffffff)
- && (r1b == 0xffffffff) ) &&
- ((r1a == 0xffffffff) ||
- ((r1a == 0xfffffffe) && (r0a == 0xffffffff) &&
- (r0b == 0xffffffff))) ) {
- /* do a quick subtract */
- carry = 0;
- MP_ADD_CARRY(r0a, 1, r0a, carry);
- MP_ADD_CARRY(r0b, carry, r0a, carry);
- r1a += 1+carry;
- r1b = r2a = r2b = 0;
- }
-
- /* set the lower words of r */
- if (a != r) {
- MP_CHECKOK(s_mp_pad(r, 6));
- }
- MP_DIGIT(r, 5) = r2b;
- MP_DIGIT(r, 4) = r2a;
- MP_DIGIT(r, 3) = r1b;
- MP_DIGIT(r, 2) = r1a;
- MP_DIGIT(r, 1) = r0b;
- MP_DIGIT(r, 0) = r0a;
- MP_USED(r) = 6;
+ /* in all the math below,
+ * nXb is most signifiant, nXa is least significant */
+ switch (a_used) {
+ case 12:
+ a5b = MP_DIGIT(a, 11);
+ case 11:
+ a5a = MP_DIGIT(a, 10);
+ case 10:
+ a4b = MP_DIGIT(a, 9);
+ case 9:
+ a4a = MP_DIGIT(a, 8);
+ case 8:
+ a3b = MP_DIGIT(a, 7);
+ case 7:
+ a3a = MP_DIGIT(a, 6);
+ }
+
+ r2b = MP_DIGIT(a, 5);
+ r2a = MP_DIGIT(a, 4);
+ r1b = MP_DIGIT(a, 3);
+ r1a = MP_DIGIT(a, 2);
+ r0b = MP_DIGIT(a, 1);
+ r0a = MP_DIGIT(a, 0);
+
+ /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
+ carry = 0;
+ MP_ADD_CARRY(r0a, a3a, r0a, carry);
+ MP_ADD_CARRY(r0b, a3b, r0b, carry);
+ MP_ADD_CARRY(r1a, a3a, r1a, carry);
+ MP_ADD_CARRY(r1b, a3b, r1b, carry);
+ MP_ADD_CARRY(r2a, a4a, r2a, carry);
+ MP_ADD_CARRY(r2b, a4b, r2b, carry);
+ r3 = carry;
+ carry = 0;
+ MP_ADD_CARRY(r0a, a5a, r0a, carry);
+ MP_ADD_CARRY(r0b, a5b, r0b, carry);
+ MP_ADD_CARRY(r1a, a5a, r1a, carry);
+ MP_ADD_CARRY(r1b, a5b, r1b, carry);
+ MP_ADD_CARRY(r2a, a5a, r2a, carry);
+ MP_ADD_CARRY(r2b, a5b, r2b, carry);
+ r3 += carry;
+ carry = 0;
+ MP_ADD_CARRY(r1a, a4a, r1a, carry);
+ MP_ADD_CARRY(r1b, a4b, r1b, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry);
+ r3 += carry;
+
+ /* reduce out the carry */
+ while (r3) {
+ carry = 0;
+ MP_ADD_CARRY(r0a, r3, r0a, carry);
+ MP_ADD_CARRY(r0b, 0, r0b, carry);
+ MP_ADD_CARRY(r1a, r3, r1a, carry);
+ MP_ADD_CARRY(r1b, 0, r1b, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry);
+ r3 = carry;
+ }
+
+ /* check for final reduction */
+ /*
+ * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
+ * 0xffffffffffffffff. That means we can only be over and need
+ * one more reduction
+ * if r2 == 0xffffffffffffffffff (same as r2+1 == 0)
+ * and
+ * r1 == 0xffffffffffffffffff or
+ * r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
+ * In all cases, we subtract the field (or add the 2's
+ * complement value (1,1,0)). (r0, r1, r2)
+ */
+ if (((r2b == 0xffffffff) && (r2a == 0xffffffff) && (r1b == 0xffffffff)) &&
+ ((r1a == 0xffffffff) ||
+ ((r1a == 0xfffffffe) && (r0a == 0xffffffff) &&
+ (r0b == 0xffffffff)))) {
+ /* do a quick subtract */
+ carry = 0;
+ MP_ADD_CARRY(r0a, 1, r0a, carry);
+ MP_ADD_CARRY(r0b, carry, r0a, carry);
+ r1a += 1 + carry;
+ r1b = r2a = r2b = 0;
+ }
+
+ /* set the lower words of r */
+ if (a != r) {
+ MP_CHECKOK(s_mp_pad(r, 6));
+ }
+ MP_DIGIT(r, 5) = r2b;
+ MP_DIGIT(r, 4) = r2a;
+ MP_DIGIT(r, 3) = r1b;
+ MP_DIGIT(r, 2) = r1a;
+ MP_DIGIT(r, 1) = r0b;
+ MP_DIGIT(r, 0) = r0a;
+ MP_USED(r) = 6;
+#else
+ switch (a_used) {
+ case 6:
+ a5 = MP_DIGIT(a, 5);
+ case 5:
+ a4 = MP_DIGIT(a, 4);
+ case 4:
+ a3 = MP_DIGIT(a, 3);
+ }
+
+ r2 = MP_DIGIT(a, 2);
+ r1 = MP_DIGIT(a, 1);
+ r0 = MP_DIGIT(a, 0);
+
+/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
+#ifndef MPI_AMD64_ADD
+ carry = 0;
+ MP_ADD_CARRY(r0, a3, r0, carry);
+ MP_ADD_CARRY(r1, a3, r1, carry);
+ MP_ADD_CARRY(r2, a4, r2, carry);
+ r3 = carry;
+ carry = 0;
+ MP_ADD_CARRY(r0, a5, r0, carry);
+ MP_ADD_CARRY(r1, a5, r1, carry);
+ MP_ADD_CARRY(r2, a5, r2, carry);
+ r3 += carry;
+ carry = 0;
+ MP_ADD_CARRY(r1, a4, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ r3 += carry;
+
+#else
+ r2 = MP_DIGIT(a, 2);
+ r1 = MP_DIGIT(a, 1);
+ r0 = MP_DIGIT(a, 0);
+
+ /* set the lower words of r */
+ __asm__(
+ "xorq %3,%3 \n\t"
+ "addq %4,%0 \n\t"
+ "adcq %4,%1 \n\t"
+ "adcq %5,%2 \n\t"
+ "adcq $0,%3 \n\t"
+ "addq %6,%0 \n\t"
+ "adcq %6,%1 \n\t"
+ "adcq %6,%2 \n\t"
+ "adcq $0,%3 \n\t"
+ "addq %5,%1 \n\t"
+ "adcq $0,%2 \n\t"
+ "adcq $0,%3 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3),
+ "=r"(a4), "=r"(a5)
+ : "0"(r0), "1"(r1), "2"(r2), "3"(r3),
+ "4"(a3), "5"(a4), "6"(a5)
+ : "%cc");
+#endif
+
+ /* reduce out the carry */
+ while (r3) {
+#ifndef MPI_AMD64_ADD
+ carry = 0;
+ MP_ADD_CARRY(r0, r3, r0, carry);
+ MP_ADD_CARRY(r1, r3, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ r3 = carry;
#else
- switch (a_used) {
- case 6:
- a5 = MP_DIGIT(a, 5);
- case 5:
- a4 = MP_DIGIT(a, 4);
- case 4:
- a3 = MP_DIGIT(a, 3);
- }
-
- r2 = MP_DIGIT(a, 2);
- r1 = MP_DIGIT(a, 1);
- r0 = MP_DIGIT(a, 0);
-
- /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
-#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(r0, a3, r0, carry);
- MP_ADD_CARRY(r1, a3, r1, carry);
- MP_ADD_CARRY(r2, a4, r2, carry);
- r3 = carry; carry = 0;
- MP_ADD_CARRY(r0, a5, r0, carry);
- MP_ADD_CARRY(r1, a5, r1, carry);
- MP_ADD_CARRY(r2, a5, r2, carry);
- r3 += carry; carry = 0;
- MP_ADD_CARRY(r1, a4, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
- r3 += carry;
-
-#else
- r2 = MP_DIGIT(a, 2);
- r1 = MP_DIGIT(a, 1);
- r0 = MP_DIGIT(a, 0);
-
- /* set the lower words of r */
- __asm__ (
+ a3 = r3;
+ __asm__(
"xorq %3,%3 \n\t"
"addq %4,%0 \n\t"
"adcq %4,%1 \n\t"
- "adcq %5,%2 \n\t"
- "adcq $0,%3 \n\t"
- "addq %6,%0 \n\t"
- "adcq %6,%1 \n\t"
- "adcq %6,%2 \n\t"
- "adcq $0,%3 \n\t"
- "addq %5,%1 \n\t"
"adcq $0,%2 \n\t"
"adcq $0,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3),
- "=r"(a4), "=r"(a5)
- : "0" (r0), "1" (r1), "2" (r2), "3" (r3),
- "4" (a3), "5" (a4), "6"(a5)
- : "%cc" );
-#endif
-
- /* reduce out the carry */
- while (r3) {
-#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(r0, r3, r0, carry);
- MP_ADD_CARRY(r1, r3, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
- r3 = carry;
-#else
- a3=r3;
- __asm__ (
- "xorq %3,%3 \n\t"
- "addq %4,%0 \n\t"
- "adcq %4,%1 \n\t"
- "adcq $0,%2 \n\t"
- "adcq $0,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3)
- : "0" (r0), "1" (r1), "2" (r2), "3" (r3), "4"(a3)
- : "%cc" );
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3)
+ : "0"(r0), "1"(r1), "2"(r2), "3"(r3), "4"(a3)
+ : "%cc");
#endif
- }
-
- /* check for final reduction */
- /*
- * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
- * 0xffffffffffffffff. That means we can only be over and need
- * one more reduction
- * if r2 == 0xffffffffffffffffff (same as r2+1 == 0)
- * and
- * r1 == 0xffffffffffffffffff or
- * r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
- * In all cases, we subtract the field (or add the 2's
- * complement value (1,1,0)). (r0, r1, r2)
- */
- if (r3 || ((r2 == MP_DIGIT_MAX) &&
- ((r1 == MP_DIGIT_MAX) ||
- ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
- /* do a quick subtract */
- carry = 0;
- MP_ADD_CARRY(r0, 1, r0, carry);
- r1 += 1+carry;
- r2 = 0;
- }
- /* set the lower words of r */
- if (a != r) {
- MP_CHECKOK(s_mp_pad(r, 3));
- }
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_USED(r) = 3;
+ }
+
+ /* check for final reduction */
+ /*
+ * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
+ * 0xffffffffffffffff. That means we can only be over and need
+ * one more reduction
+ * if r2 == 0xffffffffffffffffff (same as r2+1 == 0)
+ * and
+ * r1 == 0xffffffffffffffffff or
+ * r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
+ * In all cases, we subtract the field (or add the 2's
+ * complement value (1,1,0)). (r0, r1, r2)
+ */
+ if (r3 || ((r2 == MP_DIGIT_MAX) &&
+ ((r1 == MP_DIGIT_MAX) ||
+ ((r1 == (MP_DIGIT_MAX - 1)) && (r0 == MP_DIGIT_MAX))))) {
+ /* do a quick subtract */
+ carry = 0;
+ MP_ADD_CARRY(r0, 1, r0, carry);
+ r1 += 1 + carry;
+ r2 = 0;
+ }
+ /* set the lower words of r */
+ if (a != r) {
+ MP_CHECKOK(s_mp_pad(r, 3));
+ }
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_USED(r) = 3;
#endif
- }
- s_mp_clamp(r);
- CLEANUP:
- return res;
+ }
+ s_mp_clamp(r);
+CLEANUP:
+ return res;
}
#ifndef ECL_THIRTY_TWO_BIT
/* Compute the sum of 192 bit curves. Do the work in-line since the
* number of words are so small, we don't want to overhead of mp function
- * calls. Uses optimized modular reduction for p192.
+ * calls. Uses optimized modular reduction for p192.
*/
static mp_err
-ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit a0 = 0, a1 = 0, a2 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0;
- mp_digit carry;
-
- switch(MP_USED(a)) {
- case 3:
- a2 = MP_DIGIT(a,2);
- case 2:
- a1 = MP_DIGIT(a,1);
- case 1:
- a0 = MP_DIGIT(a,0);
- }
- switch(MP_USED(b)) {
- case 3:
- r2 = MP_DIGIT(b,2);
- case 2:
- r1 = MP_DIGIT(b,1);
- case 1:
- r0 = MP_DIGIT(b,0);
- }
+ mp_err res = MP_OKAY;
+ mp_digit a0 = 0, a1 = 0, a2 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0;
+ mp_digit carry;
+
+ switch (MP_USED(a)) {
+ case 3:
+ a2 = MP_DIGIT(a, 2);
+ case 2:
+ a1 = MP_DIGIT(a, 1);
+ case 1:
+ a0 = MP_DIGIT(a, 0);
+ }
+ switch (MP_USED(b)) {
+ case 3:
+ r2 = MP_DIGIT(b, 2);
+ case 2:
+ r1 = MP_DIGIT(b, 1);
+ case 1:
+ r0 = MP_DIGIT(b, 0);
+ }
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
#else
- __asm__ (
- "xorq %3,%3 \n\t"
- "addq %4,%0 \n\t"
- "adcq %5,%1 \n\t"
- "adcq %6,%2 \n\t"
- "adcq $0,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
- : "r" (a0), "r" (a1), "r" (a2), "0" (r0),
- "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "xorq %3,%3 \n\t"
+ "addq %4,%0 \n\t"
+ "adcq %5,%1 \n\t"
+ "adcq %6,%2 \n\t"
+ "adcq $0,%3 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
+ : "r"(a0), "r"(a1), "r"(a2), "0"(r0),
+ "1"(r1), "2"(r2)
+ : "%cc");
#endif
- /* Do quick 'subract' if we've gone over
- * (add the 2's complement of the curve field) */
- if (carry || ((r2 == MP_DIGIT_MAX) &&
- ((r1 == MP_DIGIT_MAX) ||
- ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
+ /* Do quick 'subract' if we've gone over
+ * (add the 2's complement of the curve field) */
+ if (carry || ((r2 == MP_DIGIT_MAX) &&
+ ((r1 == MP_DIGIT_MAX) ||
+ ((r1 == (MP_DIGIT_MAX - 1)) && (r0 == MP_DIGIT_MAX))))) {
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(r0, 1, r0, carry);
- MP_ADD_CARRY(r1, 1, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0, 1, r0, carry);
+ MP_ADD_CARRY(r1, 1, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
#else
- __asm__ (
- "addq $1,%0 \n\t"
- "adcq $1,%1 \n\t"
- "adcq $0,%2 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2)
- : "0" (r0), "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "addq $1,%0 \n\t"
+ "adcq $1,%1 \n\t"
+ "adcq $0,%2 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2)
+ : "0"(r0), "1"(r1), "2"(r2)
+ : "%cc");
#endif
- }
-
-
- MP_CHECKOK(s_mp_pad(r, 3));
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 3;
- s_mp_clamp(r);
-
-
- CLEANUP:
- return res;
+ }
+
+ MP_CHECKOK(s_mp_pad(r, 3));
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 3;
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
/* Compute the diff of 192 bit curves. Do the work in-line since the
* number of words are so small, we don't want to overhead of mp function
- * calls. Uses optimized modular reduction for p192.
+ * calls. Uses optimized modular reduction for p192.
*/
static mp_err
-ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r,
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_digit b0 = 0, b1 = 0, b2 = 0;
- mp_digit r0 = 0, r1 = 0, r2 = 0;
- mp_digit borrow;
-
- switch(MP_USED(a)) {
- case 3:
- r2 = MP_DIGIT(a,2);
- case 2:
- r1 = MP_DIGIT(a,1);
- case 1:
- r0 = MP_DIGIT(a,0);
- }
-
- switch(MP_USED(b)) {
- case 3:
- b2 = MP_DIGIT(b,2);
- case 2:
- b1 = MP_DIGIT(b,1);
- case 1:
- b0 = MP_DIGIT(b,0);
- }
+ mp_err res = MP_OKAY;
+ mp_digit b0 = 0, b1 = 0, b2 = 0;
+ mp_digit r0 = 0, r1 = 0, r2 = 0;
+ mp_digit borrow;
+
+ switch (MP_USED(a)) {
+ case 3:
+ r2 = MP_DIGIT(a, 2);
+ case 2:
+ r1 = MP_DIGIT(a, 1);
+ case 1:
+ r0 = MP_DIGIT(a, 0);
+ }
+
+ switch (MP_USED(b)) {
+ case 3:
+ b2 = MP_DIGIT(b, 2);
+ case 2:
+ b1 = MP_DIGIT(b, 1);
+ case 1:
+ b0 = MP_DIGIT(b, 0);
+ }
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
#else
- __asm__ (
- "xorq %3,%3 \n\t"
- "subq %4,%0 \n\t"
- "sbbq %5,%1 \n\t"
- "sbbq %6,%2 \n\t"
- "adcq $0,%3 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(borrow)
- : "r" (b0), "r" (b1), "r" (b2), "0" (r0),
- "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "xorq %3,%3 \n\t"
+ "subq %4,%0 \n\t"
+ "sbbq %5,%1 \n\t"
+ "sbbq %6,%2 \n\t"
+ "adcq $0,%3 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(borrow)
+ : "r"(b0), "r"(b1), "r"(b2), "0"(r0),
+ "1"(r1), "2"(r2)
+ : "%cc");
#endif
- /* Do quick 'add' if we've gone under 0
- * (subtract the 2's complement of the curve field) */
- if (borrow) {
+ /* Do quick 'add' if we've gone under 0
+ * (subtract the 2's complement of the curve field) */
+ if (borrow) {
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, 1, r0, borrow);
- MP_SUB_BORROW(r1, 1, r1, borrow);
- MP_SUB_BORROW(r2, 0, r2, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, 1, r0, borrow);
+ MP_SUB_BORROW(r1, 1, r1, borrow);
+ MP_SUB_BORROW(r2, 0, r2, borrow);
#else
- __asm__ (
- "subq $1,%0 \n\t"
- "sbbq $1,%1 \n\t"
- "sbbq $0,%2 \n\t"
- : "=r"(r0), "=r"(r1), "=r"(r2)
- : "0" (r0), "1" (r1), "2" (r2)
- : "%cc" );
+ __asm__(
+ "subq $1,%0 \n\t"
+ "sbbq $1,%1 \n\t"
+ "sbbq $0,%2 \n\t"
+ : "=r"(r0), "=r"(r1), "=r"(r2)
+ : "0"(r0), "1"(r1), "2"(r2)
+ : "%cc");
#endif
- }
-
- MP_CHECKOK(s_mp_pad(r, 3));
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 3;
- s_mp_clamp(r);
-
- CLEANUP:
- return res;
+ }
+
+ MP_CHECKOK(s_mp_pad(r, 3));
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 3;
+ s_mp_clamp(r);
+
+CLEANUP:
+ return res;
}
#endif
/* Compute the square of polynomial a, reduce modulo p192. Store the
- * result in r. r could be a. Uses optimized modular reduction for p192.
+ * result in r. r could be a. Uses optimized modular reduction for p192.
*/
static mp_err
ec_GFp_nistp192_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_sqr(a, r));
- MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_sqr(a, r));
+ MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Compute the product of two polynomials a and b, reduce modulo p192.
@@ -439,39 +439,39 @@ ec_GFp_nistp192_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
* optimized modular reduction for p192. */
static mp_err
ec_GFp_nistp192_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_mul(a, b, r));
- MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_mul(a, b, r));
+ MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Divides two field elements. If a is NULL, then returns the inverse of
* b. */
static mp_err
ec_GFp_nistp192_div(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_int t;
-
- /* If a is NULL, then return the inverse of b, otherwise return a/b. */
- if (a == NULL) {
- return mp_invmod(b, &meth->irr, r);
- } else {
- /* MPI doesn't support divmod, so we implement it using invmod and
- * mulmod. */
- MP_CHECKOK(mp_init(&t));
- MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
- MP_CHECKOK(mp_mul(a, &t, r));
- MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
- CLEANUP:
- mp_clear(&t);
- return res;
- }
+ mp_err res = MP_OKAY;
+ mp_int t;
+
+ /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+ if (a == NULL) {
+ return mp_invmod(b, &meth->irr, r);
+ } else {
+ /* MPI doesn't support divmod, so we implement it using invmod and
+ * mulmod. */
+ MP_CHECKOK(mp_init(&t));
+ MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+ MP_CHECKOK(mp_mul(a, &t, r));
+ MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+ CLEANUP:
+ mp_clear(&t);
+ return res;
+ }
}
/* Wire in fast field arithmetic and precomputation of base point for
@@ -479,15 +479,15 @@ ec_GFp_nistp192_div(const mp_int *a, const mp_int *b, mp_int *r,
mp_err
ec_group_set_gfp192(ECGroup *group, ECCurveName name)
{
- if (name == ECCurve_NIST_P192) {
- group->meth->field_mod = &ec_GFp_nistp192_mod;
- group->meth->field_mul = &ec_GFp_nistp192_mul;
- group->meth->field_sqr = &ec_GFp_nistp192_sqr;
- group->meth->field_div = &ec_GFp_nistp192_div;
+ if (name == ECCurve_NIST_P192) {
+ group->meth->field_mod = &ec_GFp_nistp192_mod;
+ group->meth->field_mul = &ec_GFp_nistp192_mul;
+ group->meth->field_sqr = &ec_GFp_nistp192_sqr;
+ group->meth->field_div = &ec_GFp_nistp192_div;
#ifndef ECL_THIRTY_TWO_BIT
- group->meth->field_add = &ec_GFp_nistp192_add;
- group->meth->field_sub = &ec_GFp_nistp192_sub;
+ group->meth->field_add = &ec_GFp_nistp192_add;
+ group->meth->field_sub = &ec_GFp_nistp192_sub;
#endif
- }
- return MP_OKAY;
+ }
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_224.c b/lib/freebl/ecl/ecp_224.c
index 142f255d3..bd6e14be1 100644
--- a/lib/freebl/ecl/ecp_224.c
+++ b/lib/freebl/ecl/ecp_224.c
@@ -15,286 +15,285 @@
static mp_err
ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_size a_used = MP_USED(a);
+ mp_err res = MP_OKAY;
+ mp_size a_used = MP_USED(a);
- int r3b;
- mp_digit carry;
+ int r3b;
+ mp_digit carry;
#ifdef ECL_THIRTY_TWO_BIT
- mp_digit a6a = 0, a6b = 0,
- a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3b = 0;
- mp_digit r0a, r0b, r1a, r1b, r2a, r2b, r3a;
+ mp_digit a6a = 0, a6b = 0,
+ a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3b = 0;
+ mp_digit r0a, r0b, r1a, r1b, r2a, r2b, r3a;
#else
- mp_digit a6 = 0, a5 = 0, a4 = 0, a3b = 0, a5a = 0;
- mp_digit a6b = 0, a6a_a5b = 0, a5b = 0, a5a_a4b = 0, a4a_a3b = 0;
- mp_digit r0, r1, r2, r3;
+ mp_digit a6 = 0, a5 = 0, a4 = 0, a3b = 0, a5a = 0;
+ mp_digit a6b = 0, a6a_a5b = 0, a5b = 0, a5a_a4b = 0, a4a_a3b = 0;
+ mp_digit r0, r1, r2, r3;
#endif
- /* reduction not needed if a is not larger than field size */
- if (a_used < ECP224_DIGITS) {
- if (a == r) return MP_OKAY;
- return mp_copy(a, r);
- }
- /* for polynomials larger than twice the field size, use regular
- * reduction */
- if (a_used > ECL_CURVE_DIGITS(224*2)) {
- MP_CHECKOK(mp_mod(a, &meth->irr, r));
- } else {
+ /* reduction not needed if a is not larger than field size */
+ if (a_used < ECP224_DIGITS) {
+ if (a == r)
+ return MP_OKAY;
+ return mp_copy(a, r);
+ }
+ /* for polynomials larger than twice the field size, use regular
+ * reduction */
+ if (a_used > ECL_CURVE_DIGITS(224 * 2)) {
+ MP_CHECKOK(mp_mod(a, &meth->irr, r));
+ } else {
#ifdef ECL_THIRTY_TWO_BIT
- /* copy out upper words of a */
- switch (a_used) {
- case 14:
- a6b = MP_DIGIT(a, 13);
- case 13:
- a6a = MP_DIGIT(a, 12);
- case 12:
- a5b = MP_DIGIT(a, 11);
- case 11:
- a5a = MP_DIGIT(a, 10);
- case 10:
- a4b = MP_DIGIT(a, 9);
- case 9:
- a4a = MP_DIGIT(a, 8);
- case 8:
- a3b = MP_DIGIT(a, 7);
- }
- r3a = MP_DIGIT(a, 6);
- r2b= MP_DIGIT(a, 5);
- r2a= MP_DIGIT(a, 4);
- r1b = MP_DIGIT(a, 3);
- r1a = MP_DIGIT(a, 2);
- r0b = MP_DIGIT(a, 1);
- r0a = MP_DIGIT(a, 0);
+ /* copy out upper words of a */
+ switch (a_used) {
+ case 14:
+ a6b = MP_DIGIT(a, 13);
+ case 13:
+ a6a = MP_DIGIT(a, 12);
+ case 12:
+ a5b = MP_DIGIT(a, 11);
+ case 11:
+ a5a = MP_DIGIT(a, 10);
+ case 10:
+ a4b = MP_DIGIT(a, 9);
+ case 9:
+ a4a = MP_DIGIT(a, 8);
+ case 8:
+ a3b = MP_DIGIT(a, 7);
+ }
+ r3a = MP_DIGIT(a, 6);
+ r2b = MP_DIGIT(a, 5);
+ r2a = MP_DIGIT(a, 4);
+ r1b = MP_DIGIT(a, 3);
+ r1a = MP_DIGIT(a, 2);
+ r0b = MP_DIGIT(a, 1);
+ r0a = MP_DIGIT(a, 0);
+ /* implement r = (a3a,a2,a1,a0)
+ +(a5a, a4,a3b, 0)
+ +( 0, a6,a5b, 0)
+ -( 0 0, 0|a6b, a6a|a5b )
+ -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
+ carry = 0;
+ MP_ADD_CARRY(r1b, a3b, r1b, carry);
+ MP_ADD_CARRY(r2a, a4a, r2a, carry);
+ MP_ADD_CARRY(r2b, a4b, r2b, carry);
+ MP_ADD_CARRY(r3a, a5a, r3a, carry);
+ r3b = carry;
+ carry = 0;
+ MP_ADD_CARRY(r1b, a5b, r1b, carry);
+ MP_ADD_CARRY(r2a, a6a, r2a, carry);
+ MP_ADD_CARRY(r2b, a6b, r2b, carry);
+ MP_ADD_CARRY(r3a, 0, r3a, carry);
+ r3b += carry;
+ carry = 0;
+ MP_SUB_BORROW(r0a, a3b, r0a, carry);
+ MP_SUB_BORROW(r0b, a4a, r0b, carry);
+ MP_SUB_BORROW(r1a, a4b, r1a, carry);
+ MP_SUB_BORROW(r1b, a5a, r1b, carry);
+ MP_SUB_BORROW(r2a, a5b, r2a, carry);
+ MP_SUB_BORROW(r2b, a6a, r2b, carry);
+ MP_SUB_BORROW(r3a, a6b, r3a, carry);
+ r3b -= carry;
+ carry = 0;
+ MP_SUB_BORROW(r0a, a5b, r0a, carry);
+ MP_SUB_BORROW(r0b, a6a, r0b, carry);
+ MP_SUB_BORROW(r1a, a6b, r1a, carry);
+ if (carry) {
+ MP_SUB_BORROW(r1b, 0, r1b, carry);
+ MP_SUB_BORROW(r2a, 0, r2a, carry);
+ MP_SUB_BORROW(r2b, 0, r2b, carry);
+ MP_SUB_BORROW(r3a, 0, r3a, carry);
+ r3b -= carry;
+ }
- /* implement r = (a3a,a2,a1,a0)
- +(a5a, a4,a3b, 0)
- +( 0, a6,a5b, 0)
- -( 0 0, 0|a6b, a6a|a5b )
- -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
- carry = 0;
- MP_ADD_CARRY (r1b, a3b, r1b, carry);
- MP_ADD_CARRY (r2a, a4a, r2a, carry);
- MP_ADD_CARRY (r2b, a4b, r2b, carry);
- MP_ADD_CARRY (r3a, a5a, r3a, carry);
- r3b = carry; carry = 0;
- MP_ADD_CARRY (r1b, a5b, r1b, carry);
- MP_ADD_CARRY (r2a, a6a, r2a, carry);
- MP_ADD_CARRY (r2b, a6b, r2b, carry);
- MP_ADD_CARRY (r3a, 0, r3a, carry);
- r3b += carry; carry = 0;
- MP_SUB_BORROW(r0a, a3b, r0a, carry);
- MP_SUB_BORROW(r0b, a4a, r0b, carry);
- MP_SUB_BORROW(r1a, a4b, r1a, carry);
- MP_SUB_BORROW(r1b, a5a, r1b, carry);
- MP_SUB_BORROW(r2a, a5b, r2a, carry);
- MP_SUB_BORROW(r2b, a6a, r2b, carry);
- MP_SUB_BORROW(r3a, a6b, r3a, carry);
- r3b -= carry; carry = 0;
- MP_SUB_BORROW(r0a, a5b, r0a, carry);
- MP_SUB_BORROW(r0b, a6a, r0b, carry);
- MP_SUB_BORROW(r1a, a6b, r1a, carry);
- if (carry) {
- MP_SUB_BORROW(r1b, 0, r1b, carry);
- MP_SUB_BORROW(r2a, 0, r2a, carry);
- MP_SUB_BORROW(r2b, 0, r2b, carry);
- MP_SUB_BORROW(r3a, 0, r3a, carry);
- r3b -= carry;
- }
+ while (r3b > 0) {
+ int tmp;
+ carry = 0;
+ MP_ADD_CARRY(r1b, r3b, r1b, carry);
+ if (carry) {
+ MP_ADD_CARRY(r2a, 0, r2a, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry);
+ MP_ADD_CARRY(r3a, 0, r3a, carry);
+ }
+ tmp = carry;
+ carry = 0;
+ MP_SUB_BORROW(r0a, r3b, r0a, carry);
+ if (carry) {
+ MP_SUB_BORROW(r0b, 0, r0b, carry);
+ MP_SUB_BORROW(r1a, 0, r1a, carry);
+ MP_SUB_BORROW(r1b, 0, r1b, carry);
+ MP_SUB_BORROW(r2a, 0, r2a, carry);
+ MP_SUB_BORROW(r2b, 0, r2b, carry);
+ MP_SUB_BORROW(r3a, 0, r3a, carry);
+ tmp -= carry;
+ }
+ r3b = tmp;
+ }
- while (r3b > 0) {
- int tmp;
- carry = 0;
- MP_ADD_CARRY(r1b, r3b, r1b, carry);
- if (carry) {
- MP_ADD_CARRY(r2a, 0, r2a, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry);
- MP_ADD_CARRY(r3a, 0, r3a, carry);
- }
- tmp = carry; carry = 0;
- MP_SUB_BORROW(r0a, r3b, r0a, carry);
- if (carry) {
- MP_SUB_BORROW(r0b, 0, r0b, carry);
- MP_SUB_BORROW(r1a, 0, r1a, carry);
- MP_SUB_BORROW(r1b, 0, r1b, carry);
- MP_SUB_BORROW(r2a, 0, r2a, carry);
- MP_SUB_BORROW(r2b, 0, r2b, carry);
- MP_SUB_BORROW(r3a, 0, r3a, carry);
- tmp -= carry;
- }
- r3b = tmp;
- }
+ while (r3b < 0) {
+ mp_digit maxInt = MP_DIGIT_MAX;
+ carry = 0;
+ MP_ADD_CARRY(r0a, 1, r0a, carry);
+ MP_ADD_CARRY(r0b, 0, r0b, carry);
+ MP_ADD_CARRY(r1a, 0, r1a, carry);
+ MP_ADD_CARRY(r1b, maxInt, r1b, carry);
+ MP_ADD_CARRY(r2a, maxInt, r2a, carry);
+ MP_ADD_CARRY(r2b, maxInt, r2b, carry);
+ MP_ADD_CARRY(r3a, maxInt, r3a, carry);
+ r3b += carry;
+ }
+ /* check for final reduction */
+ /* now the only way we are over is if the top 4 words are all ones */
+ if ((r3a == MP_DIGIT_MAX) && (r2b == MP_DIGIT_MAX) && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) &&
+ ((r1a != 0) || (r0b != 0) || (r0a != 0))) {
+ /* one last subraction */
+ carry = 0;
+ MP_SUB_BORROW(r0a, 1, r0a, carry);
+ MP_SUB_BORROW(r0b, 0, r0b, carry);
+ MP_SUB_BORROW(r1a, 0, r1a, carry);
+ r1b = r2a = r2b = r3a = 0;
+ }
- while (r3b < 0) {
- mp_digit maxInt = MP_DIGIT_MAX;
- carry = 0;
- MP_ADD_CARRY (r0a, 1, r0a, carry);
- MP_ADD_CARRY (r0b, 0, r0b, carry);
- MP_ADD_CARRY (r1a, 0, r1a, carry);
- MP_ADD_CARRY (r1b, maxInt, r1b, carry);
- MP_ADD_CARRY (r2a, maxInt, r2a, carry);
- MP_ADD_CARRY (r2b, maxInt, r2b, carry);
- MP_ADD_CARRY (r3a, maxInt, r3a, carry);
- r3b += carry;
- }
- /* check for final reduction */
- /* now the only way we are over is if the top 4 words are all ones */
- if ((r3a == MP_DIGIT_MAX) && (r2b == MP_DIGIT_MAX)
- && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) &&
- ((r1a != 0) || (r0b != 0) || (r0a != 0)) ) {
- /* one last subraction */
- carry = 0;
- MP_SUB_BORROW(r0a, 1, r0a, carry);
- MP_SUB_BORROW(r0b, 0, r0b, carry);
- MP_SUB_BORROW(r1a, 0, r1a, carry);
- r1b = r2a = r2b = r3a = 0;
- }
-
-
- if (a != r) {
- MP_CHECKOK(s_mp_pad(r, 7));
- }
- /* set the lower words of r */
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 7;
- MP_DIGIT(r, 6) = r3a;
- MP_DIGIT(r, 5) = r2b;
- MP_DIGIT(r, 4) = r2a;
- MP_DIGIT(r, 3) = r1b;
- MP_DIGIT(r, 2) = r1a;
- MP_DIGIT(r, 1) = r0b;
- MP_DIGIT(r, 0) = r0a;
+ if (a != r) {
+ MP_CHECKOK(s_mp_pad(r, 7));
+ }
+ /* set the lower words of r */
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 7;
+ MP_DIGIT(r, 6) = r3a;
+ MP_DIGIT(r, 5) = r2b;
+ MP_DIGIT(r, 4) = r2a;
+ MP_DIGIT(r, 3) = r1b;
+ MP_DIGIT(r, 2) = r1a;
+ MP_DIGIT(r, 1) = r0b;
+ MP_DIGIT(r, 0) = r0a;
#else
- /* copy out upper words of a */
- switch (a_used) {
- case 7:
- a6 = MP_DIGIT(a, 6);
- a6b = a6 >> 32;
- a6a_a5b = a6 << 32;
- case 6:
- a5 = MP_DIGIT(a, 5);
- a5b = a5 >> 32;
- a6a_a5b |= a5b;
- a5b = a5b << 32;
- a5a_a4b = a5 << 32;
- a5a = a5 & 0xffffffff;
- case 5:
- a4 = MP_DIGIT(a, 4);
- a5a_a4b |= a4 >> 32;
- a4a_a3b = a4 << 32;
- case 4:
- a3b = MP_DIGIT(a, 3) >> 32;
- a4a_a3b |= a3b;
- a3b = a3b << 32;
- }
-
- r3 = MP_DIGIT(a, 3) & 0xffffffff;
- r2 = MP_DIGIT(a, 2);
- r1 = MP_DIGIT(a, 1);
- r0 = MP_DIGIT(a, 0);
-
- /* implement r = (a3a,a2,a1,a0)
- +(a5a, a4,a3b, 0)
- +( 0, a6,a5b, 0)
- -( 0 0, 0|a6b, a6a|a5b )
- -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
- carry = 0;
- MP_ADD_CARRY (r1, a3b, r1, carry);
- MP_ADD_CARRY (r2, a4 , r2, carry);
- MP_ADD_CARRY (r3, a5a, r3, carry);
- carry = 0;
- MP_ADD_CARRY (r1, a5b, r1, carry);
- MP_ADD_CARRY (r2, a6 , r2, carry);
- MP_ADD_CARRY (r3, 0, r3, carry);
+ /* copy out upper words of a */
+ switch (a_used) {
+ case 7:
+ a6 = MP_DIGIT(a, 6);
+ a6b = a6 >> 32;
+ a6a_a5b = a6 << 32;
+ case 6:
+ a5 = MP_DIGIT(a, 5);
+ a5b = a5 >> 32;
+ a6a_a5b |= a5b;
+ a5b = a5b << 32;
+ a5a_a4b = a5 << 32;
+ a5a = a5 & 0xffffffff;
+ case 5:
+ a4 = MP_DIGIT(a, 4);
+ a5a_a4b |= a4 >> 32;
+ a4a_a3b = a4 << 32;
+ case 4:
+ a3b = MP_DIGIT(a, 3) >> 32;
+ a4a_a3b |= a3b;
+ a3b = a3b << 32;
+ }
- carry = 0;
- MP_SUB_BORROW(r0, a4a_a3b, r0, carry);
- MP_SUB_BORROW(r1, a5a_a4b, r1, carry);
- MP_SUB_BORROW(r2, a6a_a5b, r2, carry);
- MP_SUB_BORROW(r3, a6b , r3, carry);
- carry = 0;
- MP_SUB_BORROW(r0, a6a_a5b, r0, carry);
- MP_SUB_BORROW(r1, a6b , r1, carry);
- if (carry) {
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, 0, r3, carry);
- }
+ r3 = MP_DIGIT(a, 3) & 0xffffffff;
+ r2 = MP_DIGIT(a, 2);
+ r1 = MP_DIGIT(a, 1);
+ r0 = MP_DIGIT(a, 0);
+ /* implement r = (a3a,a2,a1,a0)
+ +(a5a, a4,a3b, 0)
+ +( 0, a6,a5b, 0)
+ -( 0 0, 0|a6b, a6a|a5b )
+ -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
+ carry = 0;
+ MP_ADD_CARRY(r1, a3b, r1, carry);
+ MP_ADD_CARRY(r2, a4, r2, carry);
+ MP_ADD_CARRY(r3, a5a, r3, carry);
+ carry = 0;
+ MP_ADD_CARRY(r1, a5b, r1, carry);
+ MP_ADD_CARRY(r2, a6, r2, carry);
+ MP_ADD_CARRY(r3, 0, r3, carry);
- /* if the value is negative, r3 has a 2's complement
- * high value */
- r3b = (int)(r3 >>32);
- while (r3b > 0) {
- r3 &= 0xffffffff;
- carry = 0;
- MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry);
- if (carry) {
- MP_ADD_CARRY(r2, 0, r2, carry);
- MP_ADD_CARRY(r3, 0, r3, carry);
- }
- carry = 0;
- MP_SUB_BORROW(r0, r3b, r0, carry);
- if (carry) {
- MP_SUB_BORROW(r1, 0, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, 0, r3, carry);
- }
- r3b = (int)(r3 >>32);
- }
+ carry = 0;
+ MP_SUB_BORROW(r0, a4a_a3b, r0, carry);
+ MP_SUB_BORROW(r1, a5a_a4b, r1, carry);
+ MP_SUB_BORROW(r2, a6a_a5b, r2, carry);
+ MP_SUB_BORROW(r3, a6b, r3, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a6a_a5b, r0, carry);
+ MP_SUB_BORROW(r1, a6b, r1, carry);
+ if (carry) {
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry);
+ }
- while (r3b < 0) {
- carry = 0;
- MP_ADD_CARRY (r0, 1, r0, carry);
- MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry);
- MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry);
- MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry);
- r3b = (int)(r3 >>32);
- }
- /* check for final reduction */
- /* now the only way we are over is if the top 4 words are
- * all ones. Subtract the curve. (curve is 2^224 - 2^96 +1)
- */
- if ((r3 == (MP_DIGIT_MAX >> 32)) && (r2 == MP_DIGIT_MAX)
- && ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) &&
- ((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) {
- /* one last subraction */
- carry = 0;
- MP_SUB_BORROW(r0, 1, r0, carry);
- MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry);
- r2 = r3 = 0;
- }
+ /* if the value is negative, r3 has a 2's complement
+ * high value */
+ r3b = (int)(r3 >> 32);
+ while (r3b > 0) {
+ r3 &= 0xffffffff;
+ carry = 0;
+ MP_ADD_CARRY(r1, ((mp_digit)r3b) << 32, r1, carry);
+ if (carry) {
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r3, 0, r3, carry);
+ }
+ carry = 0;
+ MP_SUB_BORROW(r0, r3b, r0, carry);
+ if (carry) {
+ MP_SUB_BORROW(r1, 0, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry);
+ }
+ r3b = (int)(r3 >> 32);
+ }
+ while (r3b < 0) {
+ carry = 0;
+ MP_ADD_CARRY(r0, 1, r0, carry);
+ MP_ADD_CARRY(r1, MP_DIGIT_MAX << 32, r1, carry);
+ MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry);
+ MP_ADD_CARRY(r3, MP_DIGIT_MAX >> 32, r3, carry);
+ r3b = (int)(r3 >> 32);
+ }
+ /* check for final reduction */
+ /* now the only way we are over is if the top 4 words are
+ * all ones. Subtract the curve. (curve is 2^224 - 2^96 +1)
+ */
+ if ((r3 == (MP_DIGIT_MAX >> 32)) && (r2 == MP_DIGIT_MAX) && ((r1 & MP_DIGIT_MAX << 32) == MP_DIGIT_MAX << 32) &&
+ ((r1 != MP_DIGIT_MAX << 32) || (r0 != 0))) {
+ /* one last subraction */
+ carry = 0;
+ MP_SUB_BORROW(r0, 1, r0, carry);
+ MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry);
+ r2 = r3 = 0;
+ }
- if (a != r) {
- MP_CHECKOK(s_mp_pad(r, 4));
- }
- /* set the lower words of r */
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 4;
- MP_DIGIT(r, 3) = r3;
- MP_DIGIT(r, 2) = r2;
- MP_DIGIT(r, 1) = r1;
- MP_DIGIT(r, 0) = r0;
+ if (a != r) {
+ MP_CHECKOK(s_mp_pad(r, 4));
+ }
+ /* set the lower words of r */
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
#endif
- }
- s_mp_clamp(r);
+ }
+ s_mp_clamp(r);
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Compute the square of polynomial a, reduce modulo p224. Store the
- * result in r. r could be a. Uses optimized modular reduction for p224.
+ * result in r. r could be a. Uses optimized modular reduction for p224.
*/
static mp_err
ec_GFp_nistp224_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_sqr(a, r));
- MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_sqr(a, r));
+ MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Compute the product of two polynomials a and b, reduce modulo p224.
@@ -302,39 +301,39 @@ ec_GFp_nistp224_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
* optimized modular reduction for p224. */
static mp_err
ec_GFp_nistp224_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_mul(a, b, r));
- MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_mul(a, b, r));
+ MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Divides two field elements. If a is NULL, then returns the inverse of
* b. */
static mp_err
ec_GFp_nistp224_div(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_int t;
+ mp_err res = MP_OKAY;
+ mp_int t;
- /* If a is NULL, then return the inverse of b, otherwise return a/b. */
- if (a == NULL) {
- return mp_invmod(b, &meth->irr, r);
- } else {
- /* MPI doesn't support divmod, so we implement it using invmod and
- * mulmod. */
- MP_CHECKOK(mp_init(&t));
- MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
- MP_CHECKOK(mp_mul(a, &t, r));
- MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
- CLEANUP:
- mp_clear(&t);
- return res;
- }
+ /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+ if (a == NULL) {
+ return mp_invmod(b, &meth->irr, r);
+ } else {
+ /* MPI doesn't support divmod, so we implement it using invmod and
+ * mulmod. */
+ MP_CHECKOK(mp_init(&t));
+ MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+ MP_CHECKOK(mp_mul(a, &t, r));
+ MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+ CLEANUP:
+ mp_clear(&t);
+ return res;
+ }
}
/* Wire in fast field arithmetic and precomputation of base point for
@@ -342,11 +341,11 @@ ec_GFp_nistp224_div(const mp_int *a, const mp_int *b, mp_int *r,
mp_err
ec_group_set_gfp224(ECGroup *group, ECCurveName name)
{
- if (name == ECCurve_NIST_P224) {
- group->meth->field_mod = &ec_GFp_nistp224_mod;
- group->meth->field_mul = &ec_GFp_nistp224_mul;
- group->meth->field_sqr = &ec_GFp_nistp224_sqr;
- group->meth->field_div = &ec_GFp_nistp224_div;
- }
- return MP_OKAY;
+ if (name == ECCurve_NIST_P224) {
+ group->meth->field_mod = &ec_GFp_nistp224_mod;
+ group->meth->field_mul = &ec_GFp_nistp224_mul;
+ group->meth->field_sqr = &ec_GFp_nistp224_sqr;
+ group->meth->field_div = &ec_GFp_nistp224_div;
+ }
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_256.c b/lib/freebl/ecl/ecp_256.c
index 7f8fe9e1a..ad4e630c1 100644
--- a/lib/freebl/ecl/ecp_256.c
+++ b/lib/freebl/ecl/ecp_256.c
@@ -7,369 +7,369 @@
#include "mplogic.h"
#include "mpi-priv.h"
-/* Fast modular reduction for p256 = 2^256 - 2^224 + 2^192+ 2^96 - 1. a can be r.
- * Uses algorithm 2.29 from Hankerson, Menezes, Vanstone. Guide to
+/* Fast modular reduction for p256 = 2^256 - 2^224 + 2^192+ 2^96 - 1. a can be r.
+ * Uses algorithm 2.29 from Hankerson, Menezes, Vanstone. Guide to
* Elliptic Curve Cryptography. */
static mp_err
ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_size a_used = MP_USED(a);
- int a_bits = mpl_significant_bits(a);
- mp_digit carry;
+ mp_err res = MP_OKAY;
+ mp_size a_used = MP_USED(a);
+ int a_bits = mpl_significant_bits(a);
+ mp_digit carry;
#ifdef ECL_THIRTY_TWO_BIT
- mp_digit a8=0, a9=0, a10=0, a11=0, a12=0, a13=0, a14=0, a15=0;
- mp_digit r0, r1, r2, r3, r4, r5, r6, r7;
- int r8; /* must be a signed value ! */
+ mp_digit a8 = 0, a9 = 0, a10 = 0, a11 = 0, a12 = 0, a13 = 0, a14 = 0, a15 = 0;
+ mp_digit r0, r1, r2, r3, r4, r5, r6, r7;
+ int r8; /* must be a signed value ! */
#else
- mp_digit a4=0, a5=0, a6=0, a7=0;
- mp_digit a4h, a4l, a5h, a5l, a6h, a6l, a7h, a7l;
- mp_digit r0, r1, r2, r3;
- int r4; /* must be a signed value ! */
+ mp_digit a4 = 0, a5 = 0, a6 = 0, a7 = 0;
+ mp_digit a4h, a4l, a5h, a5l, a6h, a6l, a7h, a7l;
+ mp_digit r0, r1, r2, r3;
+ int r4; /* must be a signed value ! */
#endif
- /* for polynomials larger than twice the field size
- * use regular reduction */
- if (a_bits < 256) {
- if (a == r) return MP_OKAY;
- return mp_copy(a,r);
- }
- if (a_bits > 512) {
- MP_CHECKOK(mp_mod(a, &meth->irr, r));
- } else {
+ /* for polynomials larger than twice the field size
+ * use regular reduction */
+ if (a_bits < 256) {
+ if (a == r)
+ return MP_OKAY;
+ return mp_copy(a, r);
+ }
+ if (a_bits > 512) {
+ MP_CHECKOK(mp_mod(a, &meth->irr, r));
+ } else {
#ifdef ECL_THIRTY_TWO_BIT
- switch (a_used) {
- case 16:
- a15 = MP_DIGIT(a,15);
- case 15:
- a14 = MP_DIGIT(a,14);
- case 14:
- a13 = MP_DIGIT(a,13);
- case 13:
- a12 = MP_DIGIT(a,12);
- case 12:
- a11 = MP_DIGIT(a,11);
- case 11:
- a10 = MP_DIGIT(a,10);
- case 10:
- a9 = MP_DIGIT(a,9);
- case 9:
- a8 = MP_DIGIT(a,8);
- }
+ switch (a_used) {
+ case 16:
+ a15 = MP_DIGIT(a, 15);
+ case 15:
+ a14 = MP_DIGIT(a, 14);
+ case 14:
+ a13 = MP_DIGIT(a, 13);
+ case 13:
+ a12 = MP_DIGIT(a, 12);
+ case 12:
+ a11 = MP_DIGIT(a, 11);
+ case 11:
+ a10 = MP_DIGIT(a, 10);
+ case 10:
+ a9 = MP_DIGIT(a, 9);
+ case 9:
+ a8 = MP_DIGIT(a, 8);
+ }
- r0 = MP_DIGIT(a,0);
- r1 = MP_DIGIT(a,1);
- r2 = MP_DIGIT(a,2);
- r3 = MP_DIGIT(a,3);
- r4 = MP_DIGIT(a,4);
- r5 = MP_DIGIT(a,5);
- r6 = MP_DIGIT(a,6);
- r7 = MP_DIGIT(a,7);
+ r0 = MP_DIGIT(a, 0);
+ r1 = MP_DIGIT(a, 1);
+ r2 = MP_DIGIT(a, 2);
+ r3 = MP_DIGIT(a, 3);
+ r4 = MP_DIGIT(a, 4);
+ r5 = MP_DIGIT(a, 5);
+ r6 = MP_DIGIT(a, 6);
+ r7 = MP_DIGIT(a, 7);
- /* sum 1 */
- carry = 0;
- MP_ADD_CARRY(r3, a11, r3, carry);
- MP_ADD_CARRY(r4, a12, r4, carry);
- MP_ADD_CARRY(r5, a13, r5, carry);
- MP_ADD_CARRY(r6, a14, r6, carry);
- MP_ADD_CARRY(r7, a15, r7, carry);
- r8 = carry;
- carry = 0;
- MP_ADD_CARRY(r3, a11, r3, carry);
- MP_ADD_CARRY(r4, a12, r4, carry);
- MP_ADD_CARRY(r5, a13, r5, carry);
- MP_ADD_CARRY(r6, a14, r6, carry);
- MP_ADD_CARRY(r7, a15, r7, carry);
- r8 += carry;
- carry = 0;
- /* sum 2 */
- MP_ADD_CARRY(r3, a12, r3, carry);
- MP_ADD_CARRY(r4, a13, r4, carry);
- MP_ADD_CARRY(r5, a14, r5, carry);
- MP_ADD_CARRY(r6, a15, r6, carry);
- MP_ADD_CARRY(r7, 0, r7, carry);
- r8 += carry;
- carry = 0;
- /* combine last bottom of sum 3 with second sum 2 */
- MP_ADD_CARRY(r0, a8, r0, carry);
- MP_ADD_CARRY(r1, a9, r1, carry);
- MP_ADD_CARRY(r2, a10, r2, carry);
- MP_ADD_CARRY(r3, a12, r3, carry);
- MP_ADD_CARRY(r4, a13, r4, carry);
- MP_ADD_CARRY(r5, a14, r5, carry);
- MP_ADD_CARRY(r6, a15, r6, carry);
- MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */
- r8 += carry;
- carry = 0;
- /* sum 3 (rest of it)*/
- MP_ADD_CARRY(r6, a14, r6, carry);
- MP_ADD_CARRY(r7, 0, r7, carry);
- r8 += carry;
- carry = 0;
- /* sum 4 (rest of it)*/
- MP_ADD_CARRY(r0, a9, r0, carry);
- MP_ADD_CARRY(r1, a10, r1, carry);
- MP_ADD_CARRY(r2, a11, r2, carry);
- MP_ADD_CARRY(r3, a13, r3, carry);
- MP_ADD_CARRY(r4, a14, r4, carry);
- MP_ADD_CARRY(r5, a15, r5, carry);
- MP_ADD_CARRY(r6, a13, r6, carry);
- MP_ADD_CARRY(r7, a8, r7, carry);
- r8 += carry;
- carry = 0;
- /* diff 5 */
- MP_SUB_BORROW(r0, a11, r0, carry);
- MP_SUB_BORROW(r1, a12, r1, carry);
- MP_SUB_BORROW(r2, a13, r2, carry);
- MP_SUB_BORROW(r3, 0, r3, carry);
- MP_SUB_BORROW(r4, 0, r4, carry);
- MP_SUB_BORROW(r5, 0, r5, carry);
- MP_SUB_BORROW(r6, a8, r6, carry);
- MP_SUB_BORROW(r7, a10, r7, carry);
- r8 -= carry;
- carry = 0;
- /* diff 6 */
- MP_SUB_BORROW(r0, a12, r0, carry);
- MP_SUB_BORROW(r1, a13, r1, carry);
- MP_SUB_BORROW(r2, a14, r2, carry);
- MP_SUB_BORROW(r3, a15, r3, carry);
- MP_SUB_BORROW(r4, 0, r4, carry);
- MP_SUB_BORROW(r5, 0, r5, carry);
- MP_SUB_BORROW(r6, a9, r6, carry);
- MP_SUB_BORROW(r7, a11, r7, carry);
- r8 -= carry;
- carry = 0;
- /* diff 7 */
- MP_SUB_BORROW(r0, a13, r0, carry);
- MP_SUB_BORROW(r1, a14, r1, carry);
- MP_SUB_BORROW(r2, a15, r2, carry);
- MP_SUB_BORROW(r3, a8, r3, carry);
- MP_SUB_BORROW(r4, a9, r4, carry);
- MP_SUB_BORROW(r5, a10, r5, carry);
- MP_SUB_BORROW(r6, 0, r6, carry);
- MP_SUB_BORROW(r7, a12, r7, carry);
- r8 -= carry;
- carry = 0;
- /* diff 8 */
- MP_SUB_BORROW(r0, a14, r0, carry);
- MP_SUB_BORROW(r1, a15, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, a9, r3, carry);
- MP_SUB_BORROW(r4, a10, r4, carry);
- MP_SUB_BORROW(r5, a11, r5, carry);
- MP_SUB_BORROW(r6, 0, r6, carry);
- MP_SUB_BORROW(r7, a13, r7, carry);
- r8 -= carry;
+ /* sum 1 */
+ carry = 0;
+ MP_ADD_CARRY(r3, a11, r3, carry);
+ MP_ADD_CARRY(r4, a12, r4, carry);
+ MP_ADD_CARRY(r5, a13, r5, carry);
+ MP_ADD_CARRY(r6, a14, r6, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry);
+ r8 = carry;
+ carry = 0;
+ MP_ADD_CARRY(r3, a11, r3, carry);
+ MP_ADD_CARRY(r4, a12, r4, carry);
+ MP_ADD_CARRY(r5, a13, r5, carry);
+ MP_ADD_CARRY(r6, a14, r6, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry);
+ r8 += carry;
+ carry = 0;
+ /* sum 2 */
+ MP_ADD_CARRY(r3, a12, r3, carry);
+ MP_ADD_CARRY(r4, a13, r4, carry);
+ MP_ADD_CARRY(r5, a14, r5, carry);
+ MP_ADD_CARRY(r6, a15, r6, carry);
+ MP_ADD_CARRY(r7, 0, r7, carry);
+ r8 += carry;
+ carry = 0;
+ /* combine last bottom of sum 3 with second sum 2 */
+ MP_ADD_CARRY(r0, a8, r0, carry);
+ MP_ADD_CARRY(r1, a9, r1, carry);
+ MP_ADD_CARRY(r2, a10, r2, carry);
+ MP_ADD_CARRY(r3, a12, r3, carry);
+ MP_ADD_CARRY(r4, a13, r4, carry);
+ MP_ADD_CARRY(r5, a14, r5, carry);
+ MP_ADD_CARRY(r6, a15, r6, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */
+ r8 += carry;
+ carry = 0;
+ /* sum 3 (rest of it)*/
+ MP_ADD_CARRY(r6, a14, r6, carry);
+ MP_ADD_CARRY(r7, 0, r7, carry);
+ r8 += carry;
+ carry = 0;
+ /* sum 4 (rest of it)*/
+ MP_ADD_CARRY(r0, a9, r0, carry);
+ MP_ADD_CARRY(r1, a10, r1, carry);
+ MP_ADD_CARRY(r2, a11, r2, carry);
+ MP_ADD_CARRY(r3, a13, r3, carry);
+ MP_ADD_CARRY(r4, a14, r4, carry);
+ MP_ADD_CARRY(r5, a15, r5, carry);
+ MP_ADD_CARRY(r6, a13, r6, carry);
+ MP_ADD_CARRY(r7, a8, r7, carry);
+ r8 += carry;
+ carry = 0;
+ /* diff 5 */
+ MP_SUB_BORROW(r0, a11, r0, carry);
+ MP_SUB_BORROW(r1, a12, r1, carry);
+ MP_SUB_BORROW(r2, a13, r2, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry);
+ MP_SUB_BORROW(r4, 0, r4, carry);
+ MP_SUB_BORROW(r5, 0, r5, carry);
+ MP_SUB_BORROW(r6, a8, r6, carry);
+ MP_SUB_BORROW(r7, a10, r7, carry);
+ r8 -= carry;
+ carry = 0;
+ /* diff 6 */
+ MP_SUB_BORROW(r0, a12, r0, carry);
+ MP_SUB_BORROW(r1, a13, r1, carry);
+ MP_SUB_BORROW(r2, a14, r2, carry);
+ MP_SUB_BORROW(r3, a15, r3, carry);
+ MP_SUB_BORROW(r4, 0, r4, carry);
+ MP_SUB_BORROW(r5, 0, r5, carry);
+ MP_SUB_BORROW(r6, a9, r6, carry);
+ MP_SUB_BORROW(r7, a11, r7, carry);
+ r8 -= carry;
+ carry = 0;
+ /* diff 7 */
+ MP_SUB_BORROW(r0, a13, r0, carry);
+ MP_SUB_BORROW(r1, a14, r1, carry);
+ MP_SUB_BORROW(r2, a15, r2, carry);
+ MP_SUB_BORROW(r3, a8, r3, carry);
+ MP_SUB_BORROW(r4, a9, r4, carry);
+ MP_SUB_BORROW(r5, a10, r5, carry);
+ MP_SUB_BORROW(r6, 0, r6, carry);
+ MP_SUB_BORROW(r7, a12, r7, carry);
+ r8 -= carry;
+ carry = 0;
+ /* diff 8 */
+ MP_SUB_BORROW(r0, a14, r0, carry);
+ MP_SUB_BORROW(r1, a15, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, a9, r3, carry);
+ MP_SUB_BORROW(r4, a10, r4, carry);
+ MP_SUB_BORROW(r5, a11, r5, carry);
+ MP_SUB_BORROW(r6, 0, r6, carry);
+ MP_SUB_BORROW(r7, a13, r7, carry);
+ r8 -= carry;
- /* reduce the overflows */
- while (r8 > 0) {
- mp_digit r8_d = r8;
- carry = 0;
- MP_ADD_CARRY(r0, r8_d, r0, carry);
- MP_ADD_CARRY(r1, 0, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
- MP_ADD_CARRY(r3, 0-r8_d, r3, carry);
- MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry);
- MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry);
- MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry);
- MP_ADD_CARRY(r7, (r8_d-1), r7, carry);
- r8 = carry;
- }
+ /* reduce the overflows */
+ while (r8 > 0) {
+ mp_digit r8_d = r8;
+ carry = 0;
+ MP_ADD_CARRY(r0, r8_d, r0, carry);
+ MP_ADD_CARRY(r1, 0, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r3, 0 - r8_d, r3, carry);
+ MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry);
+ MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry);
+ MP_ADD_CARRY(r6, 0 - (r8_d + 1), r6, carry);
+ MP_ADD_CARRY(r7, (r8_d - 1), r7, carry);
+ r8 = carry;
+ }
- /* reduce the underflows */
- while (r8 < 0) {
- mp_digit r8_d = -r8;
- carry = 0;
- MP_SUB_BORROW(r0, r8_d, r0, carry);
- MP_SUB_BORROW(r1, 0, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, 0-r8_d, r3, carry);
- MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry);
- MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry);
- MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry);
- MP_SUB_BORROW(r7, (r8_d-1), r7, carry);
- r8 = 0-carry;
- }
- if (a != r) {
- MP_CHECKOK(s_mp_pad(r,8));
- }
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 8;
+ /* reduce the underflows */
+ while (r8 < 0) {
+ mp_digit r8_d = -r8;
+ carry = 0;
+ MP_SUB_BORROW(r0, r8_d, r0, carry);
+ MP_SUB_BORROW(r1, 0, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, 0 - r8_d, r3, carry);
+ MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry);
+ MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry);
+ MP_SUB_BORROW(r6, 0 - (r8_d + 1), r6, carry);
+ MP_SUB_BORROW(r7, (r8_d - 1), r7, carry);
+ r8 = 0 - carry;
+ }
+ if (a != r) {
+ MP_CHECKOK(s_mp_pad(r, 8));
+ }
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 8;
- MP_DIGIT(r,7) = r7;
- MP_DIGIT(r,6) = r6;
- MP_DIGIT(r,5) = r5;
- MP_DIGIT(r,4) = r4;
- MP_DIGIT(r,3) = r3;
- MP_DIGIT(r,2) = r2;
- MP_DIGIT(r,1) = r1;
- MP_DIGIT(r,0) = r0;
+ MP_DIGIT(r, 7) = r7;
+ MP_DIGIT(r, 6) = r6;
+ MP_DIGIT(r, 5) = r5;
+ MP_DIGIT(r, 4) = r4;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
- /* final reduction if necessary */
- if ((r7 == MP_DIGIT_MAX) &&
- ((r6 > 1) || ((r6 == 1) &&
- (r5 || r4 || r3 ||
- ((r2 == MP_DIGIT_MAX) && (r1 == MP_DIGIT_MAX)
- && (r0 == MP_DIGIT_MAX)))))) {
- MP_CHECKOK(mp_sub(r, &meth->irr, r));
- }
+ /* final reduction if necessary */
+ if ((r7 == MP_DIGIT_MAX) &&
+ ((r6 > 1) || ((r6 == 1) &&
+ (r5 || r4 || r3 ||
+ ((r2 == MP_DIGIT_MAX) && (r1 == MP_DIGIT_MAX) && (r0 == MP_DIGIT_MAX)))))) {
+ MP_CHECKOK(mp_sub(r, &meth->irr, r));
+ }
- s_mp_clamp(r);
+ s_mp_clamp(r);
#else
- switch (a_used) {
- case 8:
- a7 = MP_DIGIT(a,7);
- case 7:
- a6 = MP_DIGIT(a,6);
- case 6:
- a5 = MP_DIGIT(a,5);
- case 5:
- a4 = MP_DIGIT(a,4);
- }
- a7l = a7 << 32;
- a7h = a7 >> 32;
- a6l = a6 << 32;
- a6h = a6 >> 32;
- a5l = a5 << 32;
- a5h = a5 >> 32;
- a4l = a4 << 32;
- a4h = a4 >> 32;
- r3 = MP_DIGIT(a,3);
- r2 = MP_DIGIT(a,2);
- r1 = MP_DIGIT(a,1);
- r0 = MP_DIGIT(a,0);
+ switch (a_used) {
+ case 8:
+ a7 = MP_DIGIT(a, 7);
+ case 7:
+ a6 = MP_DIGIT(a, 6);
+ case 6:
+ a5 = MP_DIGIT(a, 5);
+ case 5:
+ a4 = MP_DIGIT(a, 4);
+ }
+ a7l = a7 << 32;
+ a7h = a7 >> 32;
+ a6l = a6 << 32;
+ a6h = a6 >> 32;
+ a5l = a5 << 32;
+ a5h = a5 >> 32;
+ a4l = a4 << 32;
+ a4h = a4 >> 32;
+ r3 = MP_DIGIT(a, 3);
+ r2 = MP_DIGIT(a, 2);
+ r1 = MP_DIGIT(a, 1);
+ r0 = MP_DIGIT(a, 0);
- /* sum 1 */
- carry = 0;
- MP_ADD_CARRY(r1, a5h << 32, r1, carry);
- MP_ADD_CARRY(r2, a6, r2, carry);
- MP_ADD_CARRY(r3, a7, r3, carry);
- r4 = carry;
- carry = 0;
- MP_ADD_CARRY(r1, a5h << 32, r1, carry);
- MP_ADD_CARRY(r2, a6, r2, carry);
- MP_ADD_CARRY(r3, a7, r3, carry);
- r4 += carry;
- /* sum 2 */
- carry = 0;
- MP_ADD_CARRY(r1, a6l, r1, carry);
- MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
- MP_ADD_CARRY(r3, a7h, r3, carry);
- r4 += carry;
- carry = 0;
- MP_ADD_CARRY(r1, a6l, r1, carry);
- MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
- MP_ADD_CARRY(r3, a7h, r3, carry);
- r4 += carry;
+ /* sum 1 */
+ carry = 0;
+ MP_ADD_CARRY(r1, a5h << 32, r1, carry);
+ MP_ADD_CARRY(r2, a6, r2, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry);
+ r4 = carry;
+ carry = 0;
+ MP_ADD_CARRY(r1, a5h << 32, r1, carry);
+ MP_ADD_CARRY(r2, a6, r2, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry);
+ r4 += carry;
+ /* sum 2 */
+ carry = 0;
+ MP_ADD_CARRY(r1, a6l, r1, carry);
+ MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
+ MP_ADD_CARRY(r3, a7h, r3, carry);
+ r4 += carry;
+ carry = 0;
+ MP_ADD_CARRY(r1, a6l, r1, carry);
+ MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
+ MP_ADD_CARRY(r3, a7h, r3, carry);
+ r4 += carry;
- /* sum 3 */
- carry = 0;
- MP_ADD_CARRY(r0, a4, r0, carry);
- MP_ADD_CARRY(r1, a5l >> 32, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
- MP_ADD_CARRY(r3, a7, r3, carry);
- r4 += carry;
- /* sum 4 */
- carry = 0;
- MP_ADD_CARRY(r0, a4h | a5l, r0, carry);
- MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry);
- MP_ADD_CARRY(r2, a7, r2, carry);
- MP_ADD_CARRY(r3, a6h | a4l, r3, carry);
- r4 += carry;
- /* diff 5 */
- carry = 0;
- MP_SUB_BORROW(r0, a5h | a6l, r0, carry);
- MP_SUB_BORROW(r1, a6h, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry);
- r4 -= carry;
- /* diff 6 */
- carry = 0;
- MP_SUB_BORROW(r0, a6, r0, carry);
- MP_SUB_BORROW(r1, a7, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry);
- r4 -= carry;
- /* diff 7 */
- carry = 0;
- MP_SUB_BORROW(r0, a6h|a7l, r0, carry);
- MP_SUB_BORROW(r1, a7h|a4l, r1, carry);
- MP_SUB_BORROW(r2, a4h|a5l, r2, carry);
- MP_SUB_BORROW(r3, a6l, r3, carry);
- r4 -= carry;
- /* diff 8 */
- carry = 0;
- MP_SUB_BORROW(r0, a7, r0, carry);
- MP_SUB_BORROW(r1, a4h<<32, r1, carry);
- MP_SUB_BORROW(r2, a5, r2, carry);
- MP_SUB_BORROW(r3, a6h<<32, r3, carry);
- r4 -= carry;
+ /* sum 3 */
+ carry = 0;
+ MP_ADD_CARRY(r0, a4, r0, carry);
+ MP_ADD_CARRY(r1, a5l >> 32, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry);
+ r4 += carry;
+ /* sum 4 */
+ carry = 0;
+ MP_ADD_CARRY(r0, a4h | a5l, r0, carry);
+ MP_ADD_CARRY(r1, a5h | (a6h << 32), r1, carry);
+ MP_ADD_CARRY(r2, a7, r2, carry);
+ MP_ADD_CARRY(r3, a6h | a4l, r3, carry);
+ r4 += carry;
+ /* diff 5 */
+ carry = 0;
+ MP_SUB_BORROW(r0, a5h | a6l, r0, carry);
+ MP_SUB_BORROW(r1, a6h, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, (a4l >> 32) | a5l, r3, carry);
+ r4 -= carry;
+ /* diff 6 */
+ carry = 0;
+ MP_SUB_BORROW(r0, a6, r0, carry);
+ MP_SUB_BORROW(r1, a7, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, a4h | (a5h << 32), r3, carry);
+ r4 -= carry;
+ /* diff 7 */
+ carry = 0;
+ MP_SUB_BORROW(r0, a6h | a7l, r0, carry);
+ MP_SUB_BORROW(r1, a7h | a4l, r1, carry);
+ MP_SUB_BORROW(r2, a4h | a5l, r2, carry);
+ MP_SUB_BORROW(r3, a6l, r3, carry);
+ r4 -= carry;
+ /* diff 8 */
+ carry = 0;
+ MP_SUB_BORROW(r0, a7, r0, carry);
+ MP_SUB_BORROW(r1, a4h << 32, r1, carry);
+ MP_SUB_BORROW(r2, a5, r2, carry);
+ MP_SUB_BORROW(r3, a6h << 32, r3, carry);
+ r4 -= carry;
- /* reduce the overflows */
- while (r4 > 0) {
- mp_digit r4_long = r4;
- mp_digit r4l = (r4_long << 32);
- carry = 0;
- MP_ADD_CARRY(r0, r4_long, r0, carry);
- MP_ADD_CARRY(r1, 0-r4l, r1, carry);
- MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry);
- MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry);
- r4 = carry;
- }
+ /* reduce the overflows */
+ while (r4 > 0) {
+ mp_digit r4_long = r4;
+ mp_digit r4l = (r4_long << 32);
+ carry = 0;
+ MP_ADD_CARRY(r0, r4_long, r0, carry);
+ MP_ADD_CARRY(r1, 0 - r4l, r1, carry);
+ MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry);
+ MP_ADD_CARRY(r3, r4l - r4_long - 1, r3, carry);
+ r4 = carry;
+ }
- /* reduce the underflows */
- while (r4 < 0) {
- mp_digit r4_long = -r4;
- mp_digit r4l = (r4_long << 32);
- carry = 0;
- MP_SUB_BORROW(r0, r4_long, r0, carry);
- MP_SUB_BORROW(r1, 0-r4l, r1, carry);
- MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry);
- MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry);
- r4 = 0-carry;
- }
+ /* reduce the underflows */
+ while (r4 < 0) {
+ mp_digit r4_long = -r4;
+ mp_digit r4l = (r4_long << 32);
+ carry = 0;
+ MP_SUB_BORROW(r0, r4_long, r0, carry);
+ MP_SUB_BORROW(r1, 0 - r4l, r1, carry);
+ MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry);
+ MP_SUB_BORROW(r3, r4l - r4_long - 1, r3, carry);
+ r4 = 0 - carry;
+ }
- if (a != r) {
- MP_CHECKOK(s_mp_pad(r,4));
- }
- MP_SIGN(r) = MP_ZPOS;
- MP_USED(r) = 4;
+ if (a != r) {
+ MP_CHECKOK(s_mp_pad(r, 4));
+ }
+ MP_SIGN(r) = MP_ZPOS;
+ MP_USED(r) = 4;
- MP_DIGIT(r,3) = r3;
- MP_DIGIT(r,2) = r2;
- MP_DIGIT(r,1) = r1;
- MP_DIGIT(r,0) = r0;
+ MP_DIGIT(r, 3) = r3;
+ MP_DIGIT(r, 2) = r2;
+ MP_DIGIT(r, 1) = r1;
+ MP_DIGIT(r, 0) = r0;
- /* final reduction if necessary */
- if ((r3 > 0xFFFFFFFF00000001ULL) ||
- ((r3 == 0xFFFFFFFF00000001ULL) &&
- (r2 || (r1 >> 32)||
- (r1 == 0xFFFFFFFFULL && r0 == MP_DIGIT_MAX)))) {
- /* very rare, just use mp_sub */
- MP_CHECKOK(mp_sub(r, &meth->irr, r));
- }
-
- s_mp_clamp(r);
+ /* final reduction if necessary */
+ if ((r3 > 0xFFFFFFFF00000001ULL) ||
+ ((r3 == 0xFFFFFFFF00000001ULL) &&
+ (r2 || (r1 >> 32) ||
+ (r1 == 0xFFFFFFFFULL && r0 == MP_DIGIT_MAX)))) {
+ /* very rare, just use mp_sub */
+ MP_CHECKOK(mp_sub(r, &meth->irr, r));
+ }
+
+ s_mp_clamp(r);
#endif
- }
+ }
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Compute the square of polynomial a, reduce modulo p256. Store the
- * result in r. r could be a. Uses optimized modular reduction for p256.
+ * result in r. r could be a. Uses optimized modular reduction for p256.
*/
static mp_err
ec_GFp_nistp256_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_sqr(a, r));
- MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_sqr(a, r));
+ MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Compute the product of two polynomials a and b, reduce modulo p256.
@@ -377,14 +377,14 @@ ec_GFp_nistp256_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
* optimized modular reduction for p256. */
static mp_err
ec_GFp_nistp256_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_mul(a, b, r));
- MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_mul(a, b, r));
+ MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Wire in fast field arithmetic and precomputation of base point for
@@ -392,10 +392,10 @@ ec_GFp_nistp256_mul(const mp_int *a, const mp_int *b, mp_int *r,
mp_err
ec_group_set_gfp256(ECGroup *group, ECCurveName name)
{
- if (name == ECCurve_NIST_P256) {
- group->meth->field_mod = &ec_GFp_nistp256_mod;
- group->meth->field_mul = &ec_GFp_nistp256_mul;
- group->meth->field_sqr = &ec_GFp_nistp256_sqr;
- }
- return MP_OKAY;
+ if (name == ECCurve_NIST_P256) {
+ group->meth->field_mod = &ec_GFp_nistp256_mod;
+ group->meth->field_mul = &ec_GFp_nistp256_mul;
+ group->meth->field_sqr = &ec_GFp_nistp256_sqr;
+ }
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_256_32.c b/lib/freebl/ecl/ecp_256_32.c
index eb7a4be63..515f6f731 100644
--- a/lib/freebl/ecl/ecp_256_32.c
+++ b/lib/freebl/ecl/ecp_256_32.c
@@ -48,7 +48,7 @@ static const felem kOne = {
0x1fffffff, 0xfffffff, 0x1fbfffff, 0x1ffffff,
0
};
-static const felem kZero = {0};
+static const felem kZero = { 0 };
static const felem kP = {
0x1fffffff, 0xfffffff, 0x1fffffff, 0x3ff,
0, 0, 0x200000, 0xf000000,
@@ -162,7 +162,7 @@ static const limb kPrecomputed[NLIMBS * 2 * 15 * 2] = {
*
* x must be a u32 or an equivalent type such as limb.
*/
-#define NON_ZERO_TO_ALL_ONES(x) ((((u32)(x) - 1) >> 31) - 1)
+#define NON_ZERO_TO_ALL_ONES(x) ((((u32)(x)-1) >> 31) - 1)
/* felem_reduce_carry adds a multiple of p in order to cancel |carry|,
* which is a term at 2**257.
@@ -170,7 +170,8 @@ static const limb kPrecomputed[NLIMBS * 2 * 15 * 2] = {
* On entry: carry < 2**3, inout[0,2,...] < 2**29, inout[1,3,...] < 2**28.
* On exit: inout[0,2,..] < 2**30, inout[1,3,...] < 2**29.
*/
-static void felem_reduce_carry(felem inout, limb carry)
+static void
+felem_reduce_carry(felem inout, limb carry)
{
const u32 carry_mask = NON_ZERO_TO_ALL_ONES(carry);
@@ -196,24 +197,25 @@ static void felem_reduce_carry(felem inout, limb carry)
* On entry, in[i]+in2[i] must not overflow a 32-bit word.
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29
*/
-static void felem_sum(felem out, const felem in, const felem in2)
+static void
+felem_sum(felem out, const felem in, const felem in2)
{
limb carry = 0;
unsigned int i;
for (i = 0;; i++) {
- out[i] = in[i] + in2[i];
- out[i] += carry;
- carry = out[i] >> 29;
- out[i] &= kBottom29Bits;
-
- i++;
- if (i == NLIMBS)
- break;
-
- out[i] = in[i] + in2[i];
- out[i] += carry;
- carry = out[i] >> 28;
- out[i] &= kBottom28Bits;
+ out[i] = in[i] + in2[i];
+ out[i] += carry;
+ carry = out[i] >> 29;
+ out[i] &= kBottom29Bits;
+
+ i++;
+ if (i == NLIMBS)
+ break;
+
+ out[i] = in[i] + in2[i];
+ out[i] += carry;
+ carry = out[i] >> 28;
+ out[i] &= kBottom28Bits;
}
felem_reduce_carry(out, carry);
@@ -240,27 +242,28 @@ static const felem zero31 = {
* in2[0,2,...] < 2**30, in2[1,3,...] < 2**29.
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
*/
-static void felem_diff(felem out, const felem in, const felem in2)
+static void
+felem_diff(felem out, const felem in, const felem in2)
{
limb carry = 0;
unsigned int i;
for (i = 0;; i++) {
- out[i] = in[i] - in2[i];
- out[i] += zero31[i];
- out[i] += carry;
- carry = out[i] >> 29;
- out[i] &= kBottom29Bits;
-
- i++;
- if (i == NLIMBS)
- break;
-
- out[i] = in[i] - in2[i];
- out[i] += zero31[i];
- out[i] += carry;
- carry = out[i] >> 28;
- out[i] &= kBottom28Bits;
+ out[i] = in[i] - in2[i];
+ out[i] += zero31[i];
+ out[i] += carry;
+ carry = out[i] >> 29;
+ out[i] &= kBottom29Bits;
+
+ i++;
+ if (i == NLIMBS)
+ break;
+
+ out[i] = in[i] - in2[i];
+ out[i] += zero31[i];
+ out[i] += carry;
+ carry = out[i] >> 28;
+ out[i] &= kBottom28Bits;
}
felem_reduce_carry(out, carry);
@@ -277,7 +280,8 @@ static void felem_diff(felem out, const felem in, const felem in2)
* On entry: tmp[i] < 2**64
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29
*/
-static void felem_reduce_degree(felem out, u64 tmp[17])
+static void
+felem_reduce_degree(felem out, u64 tmp[17])
{
/* The following table may be helpful when reading this code:
*
@@ -301,36 +305,36 @@ static void felem_reduce_degree(felem out, u64 tmp[17])
* the right register rather than doing a double-word shift and truncating
* afterwards.
*/
- tmp2[1] = ((limb) tmp[0]) >> 29;
- tmp2[1] |= (((limb) (tmp[0] >> 32)) << 3) & kBottom28Bits;
- tmp2[1] += ((limb) tmp[1]) & kBottom28Bits;
+ tmp2[1] = ((limb)tmp[0]) >> 29;
+ tmp2[1] |= (((limb)(tmp[0] >> 32)) << 3) & kBottom28Bits;
+ tmp2[1] += ((limb)tmp[1]) & kBottom28Bits;
carry = tmp2[1] >> 28;
tmp2[1] &= kBottom28Bits;
for (i = 2; i < 17; i++) {
- tmp2[i] = ((limb) (tmp[i - 2] >> 32)) >> 25;
- tmp2[i] += ((limb) (tmp[i - 1])) >> 28;
- tmp2[i] += (((limb) (tmp[i - 1] >> 32)) << 4) & kBottom29Bits;
- tmp2[i] += ((limb) tmp[i]) & kBottom29Bits;
- tmp2[i] += carry;
- carry = tmp2[i] >> 29;
- tmp2[i] &= kBottom29Bits;
-
- i++;
- if (i == 17)
- break;
- tmp2[i] = ((limb) (tmp[i - 2] >> 32)) >> 25;
- tmp2[i] += ((limb) (tmp[i - 1])) >> 29;
- tmp2[i] += (((limb) (tmp[i - 1] >> 32)) << 3) & kBottom28Bits;
- tmp2[i] += ((limb) tmp[i]) & kBottom28Bits;
- tmp2[i] += carry;
- carry = tmp2[i] >> 28;
- tmp2[i] &= kBottom28Bits;
+ tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25;
+ tmp2[i] += ((limb)(tmp[i - 1])) >> 28;
+ tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 4) & kBottom29Bits;
+ tmp2[i] += ((limb)tmp[i]) & kBottom29Bits;
+ tmp2[i] += carry;
+ carry = tmp2[i] >> 29;
+ tmp2[i] &= kBottom29Bits;
+
+ i++;
+ if (i == 17)
+ break;
+ tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25;
+ tmp2[i] += ((limb)(tmp[i - 1])) >> 29;
+ tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 3) & kBottom28Bits;
+ tmp2[i] += ((limb)tmp[i]) & kBottom28Bits;
+ tmp2[i] += carry;
+ carry = tmp2[i] >> 28;
+ tmp2[i] &= kBottom28Bits;
}
- tmp2[17] = ((limb) (tmp[15] >> 32)) >> 25;
- tmp2[17] += ((limb) (tmp[16])) >> 29;
- tmp2[17] += (((limb) (tmp[16] >> 32)) << 3);
+ tmp2[17] = ((limb)(tmp[15] >> 32)) >> 25;
+ tmp2[17] += ((limb)(tmp[16])) >> 29;
+ tmp2[17] += (((limb)(tmp[16] >> 32)) << 3);
tmp2[17] += carry;
/* Montgomery elimination of terms:
@@ -345,101 +349,101 @@ static void felem_reduce_degree(felem out, u64 tmp[17])
* extra factor of R.
*/
for (i = 0;; i += 2) {
- tmp2[i + 1] += tmp2[i] >> 29;
- x = tmp2[i] & kBottom29Bits;
- xMask = NON_ZERO_TO_ALL_ONES(x);
- tmp2[i] = 0;
-
- /* The bounds calculations for this loop are tricky. Each iteration of
- * the loop eliminates two words by adding values to words to their
- * right.
- *
- * The following table contains the amounts added to each word (as an
- * offset from the value of i at the top of the loop). The amounts are
- * accounted for from the first and second half of the loop separately
- * and are written as, for example, 28 to mean a value <2**28.
- *
- * Word: 3 4 5 6 7 8 9 10
- * Added in top half: 28 11 29 21 29 28
- * 28 29
- * 29
- * Added in bottom half: 29 10 28 21 28 28
- * 29
- *
- * The value that is currently offset 7 will be offset 5 for the next
- * iteration and then offset 3 for the iteration after that. Therefore
- * the total value added will be the values added at 7, 5 and 3.
- *
- * The following table accumulates these values. The sums at the bottom
- * are written as, for example, 29+28, to mean a value < 2**29+2**28.
- *
- * Word: 3 4 5 6 7 8 9 10 11 12 13
- * 28 11 10 29 21 29 28 28 28 28 28
- * 29 28 11 28 29 28 29 28 29 28
- * 29 28 21 21 29 21 29 21
- * 10 29 28 21 28 21 28
- * 28 29 28 29 28 29 28
- * 11 10 29 10 29 10
- * 29 28 11 28 11
- * 29 29
- * --------------------------------------------
- * 30+ 31+ 30+ 31+ 30+
- * 28+ 29+ 28+ 29+ 21+
- * 21+ 28+ 21+ 28+ 10
- * 10 21+ 10 21+
- * 11 11
- *
- * So the greatest amount is added to tmp2[10] and tmp2[12]. If
- * tmp2[10/12] has an initial value of <2**29, then the maximum value
- * will be < 2**31 + 2**30 + 2**28 + 2**21 + 2**11, which is < 2**32,
- * as required.
+ tmp2[i + 1] += tmp2[i] >> 29;
+ x = tmp2[i] & kBottom29Bits;
+ xMask = NON_ZERO_TO_ALL_ONES(x);
+ tmp2[i] = 0;
+
+ /* The bounds calculations for this loop are tricky. Each iteration of
+ * the loop eliminates two words by adding values to words to their
+ * right.
+ *
+ * The following table contains the amounts added to each word (as an
+ * offset from the value of i at the top of the loop). The amounts are
+ * accounted for from the first and second half of the loop separately
+ * and are written as, for example, 28 to mean a value <2**28.
+ *
+ * Word: 3 4 5 6 7 8 9 10
+ * Added in top half: 28 11 29 21 29 28
+ * 28 29
+ * 29
+ * Added in bottom half: 29 10 28 21 28 28
+ * 29
+ *
+ * The value that is currently offset 7 will be offset 5 for the next
+ * iteration and then offset 3 for the iteration after that. Therefore
+ * the total value added will be the values added at 7, 5 and 3.
+ *
+ * The following table accumulates these values. The sums at the bottom
+ * are written as, for example, 29+28, to mean a value < 2**29+2**28.
+ *
+ * Word: 3 4 5 6 7 8 9 10 11 12 13
+ * 28 11 10 29 21 29 28 28 28 28 28
+ * 29 28 11 28 29 28 29 28 29 28
+ * 29 28 21 21 29 21 29 21
+ * 10 29 28 21 28 21 28
+ * 28 29 28 29 28 29 28
+ * 11 10 29 10 29 10
+ * 29 28 11 28 11
+ * 29 29
+ * --------------------------------------------
+ * 30+ 31+ 30+ 31+ 30+
+ * 28+ 29+ 28+ 29+ 21+
+ * 21+ 28+ 21+ 28+ 10
+ * 10 21+ 10 21+
+ * 11 11
+ *
+ * So the greatest amount is added to tmp2[10] and tmp2[12]. If
+ * tmp2[10/12] has an initial value of <2**29, then the maximum value
+ * will be < 2**31 + 2**30 + 2**28 + 2**21 + 2**11, which is < 2**32,
+ * as required.
*/
- tmp2[i + 3] += (x << 10) & kBottom28Bits;
- tmp2[i + 4] += (x >> 18);
-
- tmp2[i + 6] += (x << 21) & kBottom29Bits;
- tmp2[i + 7] += x >> 8;
-
- /* At position 200, which is the starting bit position for word 7, we
- * have a factor of 0xf000000 = 2**28 - 2**24.
- */
- tmp2[i + 7] += 0x10000000 & xMask;
- /* Word 7 is 28 bits wide, so the 2**28 term exactly hits word 8. */
- tmp2[i + 8] += (x - 1) & xMask;
- tmp2[i + 7] -= (x << 24) & kBottom28Bits;
- tmp2[i + 8] -= x >> 4;
-
- tmp2[i + 8] += 0x20000000 & xMask;
- tmp2[i + 8] -= x;
- tmp2[i + 8] += (x << 28) & kBottom29Bits;
- tmp2[i + 9] += ((x >> 1) - 1) & xMask;
-
- if (i+1 == NLIMBS)
- break;
- tmp2[i + 2] += tmp2[i + 1] >> 28;
- x = tmp2[i + 1] & kBottom28Bits;
- xMask = NON_ZERO_TO_ALL_ONES(x);
- tmp2[i + 1] = 0;
-
- tmp2[i + 4] += (x << 11) & kBottom29Bits;
- tmp2[i + 5] += (x >> 18);
-
- tmp2[i + 7] += (x << 21) & kBottom28Bits;
- tmp2[i + 8] += x >> 7;
-
- /* At position 199, which is the starting bit of the 8th word when
- * dealing with a context starting on an odd word, we have a factor of
- * 0x1e000000 = 2**29 - 2**25. Since we have not updated i, the 8th
- * word from i+1 is i+8.
- */
- tmp2[i + 8] += 0x20000000 & xMask;
- tmp2[i + 9] += (x - 1) & xMask;
- tmp2[i + 8] -= (x << 25) & kBottom29Bits;
- tmp2[i + 9] -= x >> 4;
-
- tmp2[i + 9] += 0x10000000 & xMask;
- tmp2[i + 9] -= x;
- tmp2[i + 10] += (x - 1) & xMask;
+ tmp2[i + 3] += (x << 10) & kBottom28Bits;
+ tmp2[i + 4] += (x >> 18);
+
+ tmp2[i + 6] += (x << 21) & kBottom29Bits;
+ tmp2[i + 7] += x >> 8;
+
+ /* At position 200, which is the starting bit position for word 7, we
+ * have a factor of 0xf000000 = 2**28 - 2**24.
+ */
+ tmp2[i + 7] += 0x10000000 & xMask;
+ /* Word 7 is 28 bits wide, so the 2**28 term exactly hits word 8. */
+ tmp2[i + 8] += (x - 1) & xMask;
+ tmp2[i + 7] -= (x << 24) & kBottom28Bits;
+ tmp2[i + 8] -= x >> 4;
+
+ tmp2[i + 8] += 0x20000000 & xMask;
+ tmp2[i + 8] -= x;
+ tmp2[i + 8] += (x << 28) & kBottom29Bits;
+ tmp2[i + 9] += ((x >> 1) - 1) & xMask;
+
+ if (i + 1 == NLIMBS)
+ break;
+ tmp2[i + 2] += tmp2[i + 1] >> 28;
+ x = tmp2[i + 1] & kBottom28Bits;
+ xMask = NON_ZERO_TO_ALL_ONES(x);
+ tmp2[i + 1] = 0;
+
+ tmp2[i + 4] += (x << 11) & kBottom29Bits;
+ tmp2[i + 5] += (x >> 18);
+
+ tmp2[i + 7] += (x << 21) & kBottom28Bits;
+ tmp2[i + 8] += x >> 7;
+
+ /* At position 199, which is the starting bit of the 8th word when
+ * dealing with a context starting on an odd word, we have a factor of
+ * 0x1e000000 = 2**29 - 2**25. Since we have not updated i, the 8th
+ * word from i+1 is i+8.
+ */
+ tmp2[i + 8] += 0x20000000 & xMask;
+ tmp2[i + 9] += (x - 1) & xMask;
+ tmp2[i + 8] -= (x << 25) & kBottom29Bits;
+ tmp2[i + 9] -= x >> 4;
+
+ tmp2[i + 9] += 0x10000000 & xMask;
+ tmp2[i + 9] -= x;
+ tmp2[i + 10] += (x - 1) & xMask;
}
/* We merge the right shift with a carry chain. The words above 2**257 have
@@ -447,21 +451,21 @@ static void felem_reduce_degree(felem out, u64 tmp[17])
*/
carry = 0;
for (i = 0; i < 8; i++) {
- /* The maximum value of tmp2[i + 9] occurs on the first iteration and
- * is < 2**30+2**29+2**28. Adding 2**29 (from tmp2[i + 10]) is
- * therefore safe.
- */
- out[i] = tmp2[i + 9];
- out[i] += carry;
- out[i] += (tmp2[i + 10] << 28) & kBottom29Bits;
- carry = out[i] >> 29;
- out[i] &= kBottom29Bits;
-
- i++;
- out[i] = tmp2[i + 9] >> 1;
- out[i] += carry;
- carry = out[i] >> 28;
- out[i] &= kBottom28Bits;
+ /* The maximum value of tmp2[i + 9] occurs on the first iteration and
+ * is < 2**30+2**29+2**28. Adding 2**29 (from tmp2[i + 10]) is
+ * therefore safe.
+ */
+ out[i] = tmp2[i + 9];
+ out[i] += carry;
+ out[i] += (tmp2[i + 10] << 28) & kBottom29Bits;
+ carry = out[i] >> 29;
+ out[i] &= kBottom29Bits;
+
+ i++;
+ out[i] = tmp2[i + 9] >> 1;
+ out[i] += carry;
+ carry = out[i] >> 28;
+ out[i] &= kBottom28Bits;
}
out[8] = tmp2[17];
@@ -477,58 +481,59 @@ static void felem_reduce_degree(felem out, u64 tmp[17])
* On entry: in[0,2,...] < 2**30, in[1,3,...] < 2**29.
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
*/
-static void felem_square(felem out, const felem in)
+static void
+felem_square(felem out, const felem in)
{
u64 tmp[17];
- tmp[0] = ((u64) in[0]) * in[0];
- tmp[1] = ((u64) in[0]) * (in[1] << 1);
- tmp[2] = ((u64) in[0]) * (in[2] << 1) +
- ((u64) in[1]) * (in[1] << 1);
- tmp[3] = ((u64) in[0]) * (in[3] << 1) +
- ((u64) in[1]) * (in[2] << 1);
- tmp[4] = ((u64) in[0]) * (in[4] << 1) +
- ((u64) in[1]) * (in[3] << 2) +
- ((u64) in[2]) * in[2];
- tmp[5] = ((u64) in[0]) * (in[5] << 1) +
- ((u64) in[1]) * (in[4] << 1) +
- ((u64) in[2]) * (in[3] << 1);
- tmp[6] = ((u64) in[0]) * (in[6] << 1) +
- ((u64) in[1]) * (in[5] << 2) +
- ((u64) in[2]) * (in[4] << 1) +
- ((u64) in[3]) * (in[3] << 1);
- tmp[7] = ((u64) in[0]) * (in[7] << 1) +
- ((u64) in[1]) * (in[6] << 1) +
- ((u64) in[2]) * (in[5] << 1) +
- ((u64) in[3]) * (in[4] << 1);
+ tmp[0] = ((u64)in[0]) * in[0];
+ tmp[1] = ((u64)in[0]) * (in[1] << 1);
+ tmp[2] = ((u64)in[0]) * (in[2] << 1) +
+ ((u64)in[1]) * (in[1] << 1);
+ tmp[3] = ((u64)in[0]) * (in[3] << 1) +
+ ((u64)in[1]) * (in[2] << 1);
+ tmp[4] = ((u64)in[0]) * (in[4] << 1) +
+ ((u64)in[1]) * (in[3] << 2) +
+ ((u64)in[2]) * in[2];
+ tmp[5] = ((u64)in[0]) * (in[5] << 1) +
+ ((u64)in[1]) * (in[4] << 1) +
+ ((u64)in[2]) * (in[3] << 1);
+ tmp[6] = ((u64)in[0]) * (in[6] << 1) +
+ ((u64)in[1]) * (in[5] << 2) +
+ ((u64)in[2]) * (in[4] << 1) +
+ ((u64)in[3]) * (in[3] << 1);
+ tmp[7] = ((u64)in[0]) * (in[7] << 1) +
+ ((u64)in[1]) * (in[6] << 1) +
+ ((u64)in[2]) * (in[5] << 1) +
+ ((u64)in[3]) * (in[4] << 1);
/* tmp[8] has the greatest value of 2**61 + 2**60 + 2**61 + 2**60 + 2**60,
* which is < 2**64 as required.
*/
- tmp[8] = ((u64) in[0]) * (in[8] << 1) +
- ((u64) in[1]) * (in[7] << 2) +
- ((u64) in[2]) * (in[6] << 1) +
- ((u64) in[3]) * (in[5] << 2) +
- ((u64) in[4]) * in[4];
- tmp[9] = ((u64) in[1]) * (in[8] << 1) +
- ((u64) in[2]) * (in[7] << 1) +
- ((u64) in[3]) * (in[6] << 1) +
- ((u64) in[4]) * (in[5] << 1);
- tmp[10] = ((u64) in[2]) * (in[8] << 1) +
- ((u64) in[3]) * (in[7] << 2) +
- ((u64) in[4]) * (in[6] << 1) +
- ((u64) in[5]) * (in[5] << 1);
- tmp[11] = ((u64) in[3]) * (in[8] << 1) +
- ((u64) in[4]) * (in[7] << 1) +
- ((u64) in[5]) * (in[6] << 1);
- tmp[12] = ((u64) in[4]) * (in[8] << 1) +
- ((u64) in[5]) * (in[7] << 2) +
- ((u64) in[6]) * in[6];
- tmp[13] = ((u64) in[5]) * (in[8] << 1) +
- ((u64) in[6]) * (in[7] << 1);
- tmp[14] = ((u64) in[6]) * (in[8] << 1) +
- ((u64) in[7]) * (in[7] << 1);
- tmp[15] = ((u64) in[7]) * (in[8] << 1);
- tmp[16] = ((u64) in[8]) * in[8];
+ tmp[8] = ((u64)in[0]) * (in[8] << 1) +
+ ((u64)in[1]) * (in[7] << 2) +
+ ((u64)in[2]) * (in[6] << 1) +
+ ((u64)in[3]) * (in[5] << 2) +
+ ((u64)in[4]) * in[4];
+ tmp[9] = ((u64)in[1]) * (in[8] << 1) +
+ ((u64)in[2]) * (in[7] << 1) +
+ ((u64)in[3]) * (in[6] << 1) +
+ ((u64)in[4]) * (in[5] << 1);
+ tmp[10] = ((u64)in[2]) * (in[8] << 1) +
+ ((u64)in[3]) * (in[7] << 2) +
+ ((u64)in[4]) * (in[6] << 1) +
+ ((u64)in[5]) * (in[5] << 1);
+ tmp[11] = ((u64)in[3]) * (in[8] << 1) +
+ ((u64)in[4]) * (in[7] << 1) +
+ ((u64)in[5]) * (in[6] << 1);
+ tmp[12] = ((u64)in[4]) * (in[8] << 1) +
+ ((u64)in[5]) * (in[7] << 2) +
+ ((u64)in[6]) * in[6];
+ tmp[13] = ((u64)in[5]) * (in[8] << 1) +
+ ((u64)in[6]) * (in[7] << 1);
+ tmp[14] = ((u64)in[6]) * (in[8] << 1) +
+ ((u64)in[7]) * (in[7] << 1);
+ tmp[15] = ((u64)in[7]) * (in[8] << 1);
+ tmp[16] = ((u64)in[8]) * in[8];
felem_reduce_degree(out, tmp);
}
@@ -539,99 +544,101 @@ static void felem_square(felem out, const felem in)
* in2[0,2,...] < 2**30, in2[1,3,...] < 2**29.
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
*/
-static void felem_mul(felem out, const felem in, const felem in2)
+static void
+felem_mul(felem out, const felem in, const felem in2)
{
u64 tmp[17];
- tmp[0] = ((u64) in[0]) * in2[0];
- tmp[1] = ((u64) in[0]) * (in2[1] << 0) +
- ((u64) in[1]) * (in2[0] << 0);
- tmp[2] = ((u64) in[0]) * (in2[2] << 0) +
- ((u64) in[1]) * (in2[1] << 1) +
- ((u64) in[2]) * (in2[0] << 0);
- tmp[3] = ((u64) in[0]) * (in2[3] << 0) +
- ((u64) in[1]) * (in2[2] << 0) +
- ((u64) in[2]) * (in2[1] << 0) +
- ((u64) in[3]) * (in2[0] << 0);
- tmp[4] = ((u64) in[0]) * (in2[4] << 0) +
- ((u64) in[1]) * (in2[3] << 1) +
- ((u64) in[2]) * (in2[2] << 0) +
- ((u64) in[3]) * (in2[1] << 1) +
- ((u64) in[4]) * (in2[0] << 0);
- tmp[5] = ((u64) in[0]) * (in2[5] << 0) +
- ((u64) in[1]) * (in2[4] << 0) +
- ((u64) in[2]) * (in2[3] << 0) +
- ((u64) in[3]) * (in2[2] << 0) +
- ((u64) in[4]) * (in2[1] << 0) +
- ((u64) in[5]) * (in2[0] << 0);
- tmp[6] = ((u64) in[0]) * (in2[6] << 0) +
- ((u64) in[1]) * (in2[5] << 1) +
- ((u64) in[2]) * (in2[4] << 0) +
- ((u64) in[3]) * (in2[3] << 1) +
- ((u64) in[4]) * (in2[2] << 0) +
- ((u64) in[5]) * (in2[1] << 1) +
- ((u64) in[6]) * (in2[0] << 0);
- tmp[7] = ((u64) in[0]) * (in2[7] << 0) +
- ((u64) in[1]) * (in2[6] << 0) +
- ((u64) in[2]) * (in2[5] << 0) +
- ((u64) in[3]) * (in2[4] << 0) +
- ((u64) in[4]) * (in2[3] << 0) +
- ((u64) in[5]) * (in2[2] << 0) +
- ((u64) in[6]) * (in2[1] << 0) +
- ((u64) in[7]) * (in2[0] << 0);
+ tmp[0] = ((u64)in[0]) * in2[0];
+ tmp[1] = ((u64)in[0]) * (in2[1] << 0) +
+ ((u64)in[1]) * (in2[0] << 0);
+ tmp[2] = ((u64)in[0]) * (in2[2] << 0) +
+ ((u64)in[1]) * (in2[1] << 1) +
+ ((u64)in[2]) * (in2[0] << 0);
+ tmp[3] = ((u64)in[0]) * (in2[3] << 0) +
+ ((u64)in[1]) * (in2[2] << 0) +
+ ((u64)in[2]) * (in2[1] << 0) +
+ ((u64)in[3]) * (in2[0] << 0);
+ tmp[4] = ((u64)in[0]) * (in2[4] << 0) +
+ ((u64)in[1]) * (in2[3] << 1) +
+ ((u64)in[2]) * (in2[2] << 0) +
+ ((u64)in[3]) * (in2[1] << 1) +
+ ((u64)in[4]) * (in2[0] << 0);
+ tmp[5] = ((u64)in[0]) * (in2[5] << 0) +
+ ((u64)in[1]) * (in2[4] << 0) +
+ ((u64)in[2]) * (in2[3] << 0) +
+ ((u64)in[3]) * (in2[2] << 0) +
+ ((u64)in[4]) * (in2[1] << 0) +
+ ((u64)in[5]) * (in2[0] << 0);
+ tmp[6] = ((u64)in[0]) * (in2[6] << 0) +
+ ((u64)in[1]) * (in2[5] << 1) +
+ ((u64)in[2]) * (in2[4] << 0) +
+ ((u64)in[3]) * (in2[3] << 1) +
+ ((u64)in[4]) * (in2[2] << 0) +
+ ((u64)in[5]) * (in2[1] << 1) +
+ ((u64)in[6]) * (in2[0] << 0);
+ tmp[7] = ((u64)in[0]) * (in2[7] << 0) +
+ ((u64)in[1]) * (in2[6] << 0) +
+ ((u64)in[2]) * (in2[5] << 0) +
+ ((u64)in[3]) * (in2[4] << 0) +
+ ((u64)in[4]) * (in2[3] << 0) +
+ ((u64)in[5]) * (in2[2] << 0) +
+ ((u64)in[6]) * (in2[1] << 0) +
+ ((u64)in[7]) * (in2[0] << 0);
/* tmp[8] has the greatest value but doesn't overflow. See logic in
* felem_square.
*/
- tmp[8] = ((u64) in[0]) * (in2[8] << 0) +
- ((u64) in[1]) * (in2[7] << 1) +
- ((u64) in[2]) * (in2[6] << 0) +
- ((u64) in[3]) * (in2[5] << 1) +
- ((u64) in[4]) * (in2[4] << 0) +
- ((u64) in[5]) * (in2[3] << 1) +
- ((u64) in[6]) * (in2[2] << 0) +
- ((u64) in[7]) * (in2[1] << 1) +
- ((u64) in[8]) * (in2[0] << 0);
- tmp[9] = ((u64) in[1]) * (in2[8] << 0) +
- ((u64) in[2]) * (in2[7] << 0) +
- ((u64) in[3]) * (in2[6] << 0) +
- ((u64) in[4]) * (in2[5] << 0) +
- ((u64) in[5]) * (in2[4] << 0) +
- ((u64) in[6]) * (in2[3] << 0) +
- ((u64) in[7]) * (in2[2] << 0) +
- ((u64) in[8]) * (in2[1] << 0);
- tmp[10] = ((u64) in[2]) * (in2[8] << 0) +
- ((u64) in[3]) * (in2[7] << 1) +
- ((u64) in[4]) * (in2[6] << 0) +
- ((u64) in[5]) * (in2[5] << 1) +
- ((u64) in[6]) * (in2[4] << 0) +
- ((u64) in[7]) * (in2[3] << 1) +
- ((u64) in[8]) * (in2[2] << 0);
- tmp[11] = ((u64) in[3]) * (in2[8] << 0) +
- ((u64) in[4]) * (in2[7] << 0) +
- ((u64) in[5]) * (in2[6] << 0) +
- ((u64) in[6]) * (in2[5] << 0) +
- ((u64) in[7]) * (in2[4] << 0) +
- ((u64) in[8]) * (in2[3] << 0);
- tmp[12] = ((u64) in[4]) * (in2[8] << 0) +
- ((u64) in[5]) * (in2[7] << 1) +
- ((u64) in[6]) * (in2[6] << 0) +
- ((u64) in[7]) * (in2[5] << 1) +
- ((u64) in[8]) * (in2[4] << 0);
- tmp[13] = ((u64) in[5]) * (in2[8] << 0) +
- ((u64) in[6]) * (in2[7] << 0) +
- ((u64) in[7]) * (in2[6] << 0) +
- ((u64) in[8]) * (in2[5] << 0);
- tmp[14] = ((u64) in[6]) * (in2[8] << 0) +
- ((u64) in[7]) * (in2[7] << 1) +
- ((u64) in[8]) * (in2[6] << 0);
- tmp[15] = ((u64) in[7]) * (in2[8] << 0) +
- ((u64) in[8]) * (in2[7] << 0);
- tmp[16] = ((u64) in[8]) * (in2[8] << 0);
+ tmp[8] = ((u64)in[0]) * (in2[8] << 0) +
+ ((u64)in[1]) * (in2[7] << 1) +
+ ((u64)in[2]) * (in2[6] << 0) +
+ ((u64)in[3]) * (in2[5] << 1) +
+ ((u64)in[4]) * (in2[4] << 0) +
+ ((u64)in[5]) * (in2[3] << 1) +
+ ((u64)in[6]) * (in2[2] << 0) +
+ ((u64)in[7]) * (in2[1] << 1) +
+ ((u64)in[8]) * (in2[0] << 0);
+ tmp[9] = ((u64)in[1]) * (in2[8] << 0) +
+ ((u64)in[2]) * (in2[7] << 0) +
+ ((u64)in[3]) * (in2[6] << 0) +
+ ((u64)in[4]) * (in2[5] << 0) +
+ ((u64)in[5]) * (in2[4] << 0) +
+ ((u64)in[6]) * (in2[3] << 0) +
+ ((u64)in[7]) * (in2[2] << 0) +
+ ((u64)in[8]) * (in2[1] << 0);
+ tmp[10] = ((u64)in[2]) * (in2[8] << 0) +
+ ((u64)in[3]) * (in2[7] << 1) +
+ ((u64)in[4]) * (in2[6] << 0) +
+ ((u64)in[5]) * (in2[5] << 1) +
+ ((u64)in[6]) * (in2[4] << 0) +
+ ((u64)in[7]) * (in2[3] << 1) +
+ ((u64)in[8]) * (in2[2] << 0);
+ tmp[11] = ((u64)in[3]) * (in2[8] << 0) +
+ ((u64)in[4]) * (in2[7] << 0) +
+ ((u64)in[5]) * (in2[6] << 0) +
+ ((u64)in[6]) * (in2[5] << 0) +
+ ((u64)in[7]) * (in2[4] << 0) +
+ ((u64)in[8]) * (in2[3] << 0);
+ tmp[12] = ((u64)in[4]) * (in2[8] << 0) +
+ ((u64)in[5]) * (in2[7] << 1) +
+ ((u64)in[6]) * (in2[6] << 0) +
+ ((u64)in[7]) * (in2[5] << 1) +
+ ((u64)in[8]) * (in2[4] << 0);
+ tmp[13] = ((u64)in[5]) * (in2[8] << 0) +
+ ((u64)in[6]) * (in2[7] << 0) +
+ ((u64)in[7]) * (in2[6] << 0) +
+ ((u64)in[8]) * (in2[5] << 0);
+ tmp[14] = ((u64)in[6]) * (in2[8] << 0) +
+ ((u64)in[7]) * (in2[7] << 1) +
+ ((u64)in[8]) * (in2[6] << 0);
+ tmp[15] = ((u64)in[7]) * (in2[8] << 0) +
+ ((u64)in[8]) * (in2[7] << 0);
+ tmp[16] = ((u64)in[8]) * (in2[8] << 0);
felem_reduce_degree(out, tmp);
}
-static void felem_assign(felem out, const felem in)
+static void
+felem_assign(felem out, const felem in)
{
memcpy(out, in, sizeof(felem));
}
@@ -643,66 +650,67 @@ static void felem_assign(felem out, const felem in)
* a^{p-1} = 1 (mod p)
* a^{p-2} = a^{-1} (mod p)
*/
-static void felem_inv(felem out, const felem in)
+static void
+felem_inv(felem out, const felem in)
{
felem ftmp, ftmp2;
/* each e_I will hold |in|^{2^I - 1} */
felem e2, e4, e8, e16, e32, e64;
unsigned int i;
- felem_square(ftmp, in); /* 2^1 */
- felem_mul(ftmp, in, ftmp); /* 2^2 - 2^0 */
+ felem_square(ftmp, in); /* 2^1 */
+ felem_mul(ftmp, in, ftmp); /* 2^2 - 2^0 */
felem_assign(e2, ftmp);
- felem_square(ftmp, ftmp); /* 2^3 - 2^1 */
- felem_square(ftmp, ftmp); /* 2^4 - 2^2 */
- felem_mul(ftmp, ftmp, e2); /* 2^4 - 2^0 */
+ felem_square(ftmp, ftmp); /* 2^3 - 2^1 */
+ felem_square(ftmp, ftmp); /* 2^4 - 2^2 */
+ felem_mul(ftmp, ftmp, e2); /* 2^4 - 2^0 */
felem_assign(e4, ftmp);
- felem_square(ftmp, ftmp); /* 2^5 - 2^1 */
- felem_square(ftmp, ftmp); /* 2^6 - 2^2 */
- felem_square(ftmp, ftmp); /* 2^7 - 2^3 */
- felem_square(ftmp, ftmp); /* 2^8 - 2^4 */
- felem_mul(ftmp, ftmp, e4); /* 2^8 - 2^0 */
+ felem_square(ftmp, ftmp); /* 2^5 - 2^1 */
+ felem_square(ftmp, ftmp); /* 2^6 - 2^2 */
+ felem_square(ftmp, ftmp); /* 2^7 - 2^3 */
+ felem_square(ftmp, ftmp); /* 2^8 - 2^4 */
+ felem_mul(ftmp, ftmp, e4); /* 2^8 - 2^0 */
felem_assign(e8, ftmp);
for (i = 0; i < 8; i++) {
- felem_square(ftmp, ftmp);
- } /* 2^16 - 2^8 */
- felem_mul(ftmp, ftmp, e8); /* 2^16 - 2^0 */
+ felem_square(ftmp, ftmp);
+ } /* 2^16 - 2^8 */
+ felem_mul(ftmp, ftmp, e8); /* 2^16 - 2^0 */
felem_assign(e16, ftmp);
for (i = 0; i < 16; i++) {
- felem_square(ftmp, ftmp);
- } /* 2^32 - 2^16 */
- felem_mul(ftmp, ftmp, e16); /* 2^32 - 2^0 */
+ felem_square(ftmp, ftmp);
+ } /* 2^32 - 2^16 */
+ felem_mul(ftmp, ftmp, e16); /* 2^32 - 2^0 */
felem_assign(e32, ftmp);
for (i = 0; i < 32; i++) {
- felem_square(ftmp, ftmp);
- } /* 2^64 - 2^32 */
+ felem_square(ftmp, ftmp);
+ } /* 2^64 - 2^32 */
felem_assign(e64, ftmp);
- felem_mul(ftmp, ftmp, in); /* 2^64 - 2^32 + 2^0 */
+ felem_mul(ftmp, ftmp, in); /* 2^64 - 2^32 + 2^0 */
for (i = 0; i < 192; i++) {
- felem_square(ftmp, ftmp);
- } /* 2^256 - 2^224 + 2^192 */
+ felem_square(ftmp, ftmp);
+ } /* 2^256 - 2^224 + 2^192 */
- felem_mul(ftmp2, e64, e32); /* 2^64 - 2^0 */
+ felem_mul(ftmp2, e64, e32); /* 2^64 - 2^0 */
for (i = 0; i < 16; i++) {
- felem_square(ftmp2, ftmp2);
- } /* 2^80 - 2^16 */
- felem_mul(ftmp2, ftmp2, e16); /* 2^80 - 2^0 */
+ felem_square(ftmp2, ftmp2);
+ } /* 2^80 - 2^16 */
+ felem_mul(ftmp2, ftmp2, e16); /* 2^80 - 2^0 */
for (i = 0; i < 8; i++) {
- felem_square(ftmp2, ftmp2);
- } /* 2^88 - 2^8 */
- felem_mul(ftmp2, ftmp2, e8); /* 2^88 - 2^0 */
+ felem_square(ftmp2, ftmp2);
+ } /* 2^88 - 2^8 */
+ felem_mul(ftmp2, ftmp2, e8); /* 2^88 - 2^0 */
for (i = 0; i < 4; i++) {
- felem_square(ftmp2, ftmp2);
- } /* 2^92 - 2^4 */
- felem_mul(ftmp2, ftmp2, e4); /* 2^92 - 2^0 */
- felem_square(ftmp2, ftmp2); /* 2^93 - 2^1 */
- felem_square(ftmp2, ftmp2); /* 2^94 - 2^2 */
- felem_mul(ftmp2, ftmp2, e2); /* 2^94 - 2^0 */
- felem_square(ftmp2, ftmp2); /* 2^95 - 2^1 */
- felem_square(ftmp2, ftmp2); /* 2^96 - 2^2 */
- felem_mul(ftmp2, ftmp2, in); /* 2^96 - 3 */
-
- felem_mul(out, ftmp2, ftmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
+ felem_square(ftmp2, ftmp2);
+ } /* 2^92 - 2^4 */
+ felem_mul(ftmp2, ftmp2, e4); /* 2^92 - 2^0 */
+ felem_square(ftmp2, ftmp2); /* 2^93 - 2^1 */
+ felem_square(ftmp2, ftmp2); /* 2^94 - 2^2 */
+ felem_mul(ftmp2, ftmp2, e2); /* 2^94 - 2^0 */
+ felem_square(ftmp2, ftmp2); /* 2^95 - 2^1 */
+ felem_square(ftmp2, ftmp2); /* 2^96 - 2^2 */
+ felem_mul(ftmp2, ftmp2, in); /* 2^96 - 3 */
+
+ felem_mul(out, ftmp2, ftmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
}
/* felem_scalar_3 sets out=3*out.
@@ -710,25 +718,26 @@ static void felem_inv(felem out, const felem in)
* On entry: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
*/
-static void felem_scalar_3(felem out)
+static void
+felem_scalar_3(felem out)
{
limb carry = 0;
unsigned int i;
for (i = 0;; i++) {
- out[i] *= 3;
- out[i] += carry;
- carry = out[i] >> 29;
- out[i] &= kBottom29Bits;
-
- i++;
- if (i == NLIMBS)
- break;
-
- out[i] *= 3;
- out[i] += carry;
- carry = out[i] >> 28;
- out[i] &= kBottom28Bits;
+ out[i] *= 3;
+ out[i] += carry;
+ carry = out[i] >> 29;
+ out[i] &= kBottom29Bits;
+
+ i++;
+ if (i == NLIMBS)
+ break;
+
+ out[i] *= 3;
+ out[i] += carry;
+ carry = out[i] >> 28;
+ out[i] &= kBottom28Bits;
}
felem_reduce_carry(out, carry);
@@ -739,28 +748,29 @@ static void felem_scalar_3(felem out)
* On entry: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
*/
-static void felem_scalar_4(felem out)
+static void
+felem_scalar_4(felem out)
{
limb carry = 0, next_carry;
unsigned int i;
for (i = 0;; i++) {
- next_carry = out[i] >> 27;
- out[i] <<= 2;
- out[i] &= kBottom29Bits;
- out[i] += carry;
- carry = next_carry + (out[i] >> 29);
- out[i] &= kBottom29Bits;
-
- i++;
- if (i == NLIMBS)
- break;
- next_carry = out[i] >> 26;
- out[i] <<= 2;
- out[i] &= kBottom28Bits;
- out[i] += carry;
- carry = next_carry + (out[i] >> 28);
- out[i] &= kBottom28Bits;
+ next_carry = out[i] >> 27;
+ out[i] <<= 2;
+ out[i] &= kBottom29Bits;
+ out[i] += carry;
+ carry = next_carry + (out[i] >> 29);
+ out[i] &= kBottom29Bits;
+
+ i++;
+ if (i == NLIMBS)
+ break;
+ next_carry = out[i] >> 26;
+ out[i] <<= 2;
+ out[i] &= kBottom28Bits;
+ out[i] += carry;
+ carry = next_carry + (out[i] >> 28);
+ out[i] &= kBottom28Bits;
}
felem_reduce_carry(out, carry);
@@ -771,28 +781,29 @@ static void felem_scalar_4(felem out)
* On entry: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
* On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
*/
-static void felem_scalar_8(felem out)
+static void
+felem_scalar_8(felem out)
{
limb carry = 0, next_carry;
unsigned int i;
for (i = 0;; i++) {
- next_carry = out[i] >> 26;
- out[i] <<= 3;
- out[i] &= kBottom29Bits;
- out[i] += carry;
- carry = next_carry + (out[i] >> 29);
- out[i] &= kBottom29Bits;
-
- i++;
- if (i == NLIMBS)
- break;
- next_carry = out[i] >> 25;
- out[i] <<= 3;
- out[i] &= kBottom28Bits;
- out[i] += carry;
- carry = next_carry + (out[i] >> 28);
- out[i] &= kBottom28Bits;
+ next_carry = out[i] >> 26;
+ out[i] <<= 3;
+ out[i] &= kBottom29Bits;
+ out[i] += carry;
+ carry = next_carry + (out[i] >> 29);
+ out[i] &= kBottom29Bits;
+
+ i++;
+ if (i == NLIMBS)
+ break;
+ next_carry = out[i] >> 25;
+ out[i] <<= 3;
+ out[i] &= kBottom28Bits;
+ out[i] += carry;
+ carry = next_carry + (out[i] >> 28);
+ out[i] &= kBottom28Bits;
}
felem_reduce_carry(out, carry);
@@ -801,7 +812,8 @@ static void felem_scalar_8(felem out)
/* felem_is_zero_vartime returns 1 iff |in| == 0. It takes a variable amount of
* time depending on the value of |in|.
*/
-static char felem_is_zero_vartime(const felem in)
+static char
+felem_is_zero_vartime(const felem in)
{
limb carry;
int i;
@@ -811,29 +823,29 @@ static char felem_is_zero_vartime(const felem in)
/* First, reduce tmp to a minimal form.
*/
do {
- carry = 0;
- for (i = 0;; i++) {
- tmp[i] += carry;
- carry = tmp[i] >> 29;
- tmp[i] &= kBottom29Bits;
-
- i++;
- if (i == NLIMBS)
- break;
-
- tmp[i] += carry;
- carry = tmp[i] >> 28;
- tmp[i] &= kBottom28Bits;
- }
-
- felem_reduce_carry(tmp, carry);
+ carry = 0;
+ for (i = 0;; i++) {
+ tmp[i] += carry;
+ carry = tmp[i] >> 29;
+ tmp[i] &= kBottom29Bits;
+
+ i++;
+ if (i == NLIMBS)
+ break;
+
+ tmp[i] += carry;
+ carry = tmp[i] >> 28;
+ tmp[i] &= kBottom28Bits;
+ }
+
+ felem_reduce_carry(tmp, carry);
} while (carry);
/* tmp < 2**257, so the only possible zero values are 0, p and 2p.
*/
return memcmp(tmp, kZero, sizeof(tmp)) == 0 ||
- memcmp(tmp, kP, sizeof(tmp)) == 0 ||
- memcmp(tmp, k2P, sizeof(tmp)) == 0;
+ memcmp(tmp, kP, sizeof(tmp)) == 0 ||
+ memcmp(tmp, k2P, sizeof(tmp)) == 0;
}
/* Group operations:
@@ -847,8 +859,9 @@ static char felem_is_zero_vartime(const felem in)
*
* See http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
*/
-static void point_double(felem x_out, felem y_out, felem z_out,
- const felem x, const felem y, const felem z)
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+ const felem x, const felem y, const felem z)
{
felem delta, gamma, alpha, beta, tmp, tmp2;
@@ -886,9 +899,10 @@ static void point_double(felem x_out, felem y_out, felem z_out,
* Note that this function does not handle P+P, infinity+P nor P+infinity
* correctly.
*/
-static void point_add_mixed(felem x_out, felem y_out, felem z_out,
- const felem x1, const felem y1, const felem z1,
- const felem x2, const felem y2)
+static void
+point_add_mixed(felem x_out, felem y_out, felem z_out,
+ const felem x1, const felem y1, const felem z1,
+ const felem x2, const felem y2)
{
felem z1z1, z1z1z1, s2, u2, h, i, j, r, rr, v, tmp;
@@ -926,9 +940,10 @@ static void point_add_mixed(felem x_out, felem y_out, felem z_out,
* Note that this function does not handle P+P, infinity+P nor P+infinity
* correctly.
*/
-static void point_add(felem x_out, felem y_out, felem z_out,
- const felem x1, const felem y1, const felem z1,
- const felem x2, const felem y2, const felem z2)
+static void
+point_add(felem x_out, felem y_out, felem z_out,
+ const felem x1, const felem y1, const felem z1,
+ const felem x2, const felem y2, const felem z2)
{
felem z1z1, z1z1z1, z2z2, z2z2z2, s1, s2, u1, u2, h, i, j, r, rr, v, tmp;
@@ -975,7 +990,8 @@ static void point_add(felem x_out, felem y_out, felem z_out,
*
* This function handles the case where {x1,y1,z1}={x2,y2,z2}.
*/
-static void point_add_or_double_vartime(
+static void
+point_add_or_double_vartime(
felem x_out, felem y_out, felem z_out,
const felem x1, const felem y1, const felem z1,
const felem x2, const felem y2, const felem z2)
@@ -1006,8 +1022,8 @@ static void point_add_or_double_vartime(
felem_diff(r, s2, s1);
y_equal = felem_is_zero_vartime(r);
if (x_equal && y_equal) {
- point_double(x_out, y_out, z_out, x1, y1, z1);
- return;
+ point_double(x_out, y_out, z_out, x1, y1, z1);
+ return;
}
felem_sum(r, r, r);
felem_mul(v, u1, i);
@@ -1029,21 +1045,23 @@ static void point_add_or_double_vartime(
*
* On entry: mask is either 0 or 0xffffffff.
*/
-static void copy_conditional(felem out, const felem in, limb mask)
+static void
+copy_conditional(felem out, const felem in, limb mask)
{
int i;
for (i = 0; i < NLIMBS; i++) {
- const limb tmp = mask & (in[i] ^ out[i]);
- out[i] ^= tmp;
+ const limb tmp = mask & (in[i] ^ out[i]);
+ out[i] ^= tmp;
}
}
/* select_affine_point sets {out_x,out_y} to the index'th entry of table.
* On entry: index < 16, table[0] must be zero.
*/
-static void select_affine_point(felem out_x, felem out_y,
- const limb *table, limb index)
+static void
+select_affine_point(felem out_x, felem out_y,
+ const limb *table, limb index)
{
limb i, j;
@@ -1051,25 +1069,26 @@ static void select_affine_point(felem out_x, felem out_y,
memset(out_y, 0, sizeof(felem));
for (i = 1; i < 16; i++) {
- limb mask = i ^ index;
- mask |= mask >> 2;
- mask |= mask >> 1;
- mask &= 1;
- mask--;
- for (j = 0; j < NLIMBS; j++, table++) {
- out_x[j] |= *table & mask;
- }
- for (j = 0; j < NLIMBS; j++, table++) {
- out_y[j] |= *table & mask;
- }
+ limb mask = i ^ index;
+ mask |= mask >> 2;
+ mask |= mask >> 1;
+ mask &= 1;
+ mask--;
+ for (j = 0; j < NLIMBS; j++, table++) {
+ out_x[j] |= *table & mask;
+ }
+ for (j = 0; j < NLIMBS; j++, table++) {
+ out_y[j] |= *table & mask;
+ }
}
}
/* select_jacobian_point sets {out_x,out_y,out_z} to the index'th entry of
* table. On entry: index < 16, table[0] must be zero.
*/
-static void select_jacobian_point(felem out_x, felem out_y, felem out_z,
- const limb *table, limb index)
+static void
+select_jacobian_point(felem out_x, felem out_y, felem out_z,
+ const limb *table, limb index)
{
limb i, j;
@@ -1080,28 +1099,29 @@ static void select_jacobian_point(felem out_x, felem out_y, felem out_z,
/* The implicit value at index 0 is all zero. We don't need to perform that
* iteration of the loop because we already set out_* to zero.
*/
- table += 3*NLIMBS;
+ table += 3 * NLIMBS;
for (i = 1; i < 16; i++) {
- limb mask = i ^ index;
- mask |= mask >> 2;
- mask |= mask >> 1;
- mask &= 1;
- mask--;
- for (j = 0; j < NLIMBS; j++, table++) {
- out_x[j] |= *table & mask;
- }
- for (j = 0; j < NLIMBS; j++, table++) {
- out_y[j] |= *table & mask;
- }
- for (j = 0; j < NLIMBS; j++, table++) {
- out_z[j] |= *table & mask;
- }
+ limb mask = i ^ index;
+ mask |= mask >> 2;
+ mask |= mask >> 1;
+ mask &= 1;
+ mask--;
+ for (j = 0; j < NLIMBS; j++, table++) {
+ out_x[j] |= *table & mask;
+ }
+ for (j = 0; j < NLIMBS; j++, table++) {
+ out_y[j] |= *table & mask;
+ }
+ for (j = 0; j < NLIMBS; j++, table++) {
+ out_z[j] |= *table & mask;
+ }
}
}
/* get_bit returns the bit'th bit of scalar. */
-static char get_bit(const u8 scalar[32], int bit)
+static char
+get_bit(const u8 scalar[32], int bit)
{
return ((scalar[bit >> 3]) >> (bit & 7)) & 1;
}
@@ -1110,7 +1130,8 @@ static char get_bit(const u8 scalar[32], int bit)
* number. Note that the value of scalar must be less than the order of the
* group.
*/
-static void scalar_base_mult(felem nx, felem ny, felem nz, const u8 scalar[32])
+static void
+scalar_base_mult(felem nx, felem ny, felem nz, const u8 scalar[32])
{
int i, j;
limb n_is_infinity_mask = -1, p_is_noninfinite_mask, mask;
@@ -1127,53 +1148,55 @@ static void scalar_base_mult(felem nx, felem ny, felem nz, const u8 scalar[32])
* positions 32,96,160 and 224 and does this 32 times.
*/
for (i = 0; i < 32; i++) {
- if (i) {
- point_double(nx, ny, nz, nx, ny, nz);
- }
- table_offset = 0;
- for (j = 0; j <= 32; j += 32) {
- char bit0 = get_bit(scalar, 31 - i + j);
- char bit1 = get_bit(scalar, 95 - i + j);
- char bit2 = get_bit(scalar, 159 - i + j);
- char bit3 = get_bit(scalar, 223 - i + j);
- limb index = bit0 | (bit1 << 1) | (bit2 << 2) | (bit3 << 3);
-
- select_affine_point(px, py, kPrecomputed + table_offset, index);
- table_offset += 30 * NLIMBS;
-
- /* Since scalar is less than the order of the group, we know that
- * {nx,ny,nz} != {px,py,1}, unless both are zero, which we handle
- * below.
- */
- point_add_mixed(tx, ty, tz, nx, ny, nz, px, py);
- /* The result of point_add_mixed is incorrect if {nx,ny,nz} is zero
- * (a.k.a. the point at infinity). We handle that situation by
- * copying the point from the table.
- */
- copy_conditional(nx, px, n_is_infinity_mask);
- copy_conditional(ny, py, n_is_infinity_mask);
- copy_conditional(nz, kOne, n_is_infinity_mask);
-
- /* Equally, the result is also wrong if the point from the table is
- * zero, which happens when the index is zero. We handle that by
- * only copying from {tx,ty,tz} to {nx,ny,nz} if index != 0.
- */
- p_is_noninfinite_mask = NON_ZERO_TO_ALL_ONES(index);
- mask = p_is_noninfinite_mask & ~n_is_infinity_mask;
- copy_conditional(nx, tx, mask);
- copy_conditional(ny, ty, mask);
- copy_conditional(nz, tz, mask);
- /* If p was not zero, then n is now non-zero. */
- n_is_infinity_mask &= ~p_is_noninfinite_mask;
- }
+ if (i) {
+ point_double(nx, ny, nz, nx, ny, nz);
+ }
+ table_offset = 0;
+ for (j = 0; j <= 32; j += 32) {
+ char bit0 = get_bit(scalar, 31 - i + j);
+ char bit1 = get_bit(scalar, 95 - i + j);
+ char bit2 = get_bit(scalar, 159 - i + j);
+ char bit3 = get_bit(scalar, 223 - i + j);
+ limb index = bit0 | (bit1 << 1) | (bit2 << 2) | (bit3 << 3);
+
+ select_affine_point(px, py, kPrecomputed + table_offset, index);
+ table_offset += 30 * NLIMBS;
+
+ /* Since scalar is less than the order of the group, we know that
+ * {nx,ny,nz} != {px,py,1}, unless both are zero, which we handle
+ * below.
+ */
+ point_add_mixed(tx, ty, tz, nx, ny, nz, px, py);
+ /* The result of point_add_mixed is incorrect if {nx,ny,nz} is zero
+ * (a.k.a. the point at infinity). We handle that situation by
+ * copying the point from the table.
+ */
+ copy_conditional(nx, px, n_is_infinity_mask);
+ copy_conditional(ny, py, n_is_infinity_mask);
+ copy_conditional(nz, kOne, n_is_infinity_mask);
+
+ /* Equally, the result is also wrong if the point from the table is
+ * zero, which happens when the index is zero. We handle that by
+ * only copying from {tx,ty,tz} to {nx,ny,nz} if index != 0.
+ */
+ p_is_noninfinite_mask = NON_ZERO_TO_ALL_ONES(index);
+ mask = p_is_noninfinite_mask & ~n_is_infinity_mask;
+ copy_conditional(nx, tx, mask);
+ copy_conditional(ny, ty, mask);
+ copy_conditional(nz, tz, mask);
+ /* If p was not zero, then n is now non-zero. */
+ n_is_infinity_mask &= ~p_is_noninfinite_mask;
+ }
}
}
/* point_to_affine converts a Jacobian point to an affine point. If the input
* is the point at infinity then it returns (0, 0) in constant time.
*/
-static void point_to_affine(felem x_out, felem y_out,
- const felem nx, const felem ny, const felem nz) {
+static void
+point_to_affine(felem x_out, felem y_out,
+ const felem nx, const felem ny, const felem nz)
+{
felem z_inv, z_inv_sq;
felem_inv(z_inv, nz);
felem_square(z_inv_sq, z_inv);
@@ -1183,8 +1206,9 @@ static void point_to_affine(felem x_out, felem y_out,
}
/* scalar_mult sets {nx,ny,nz} = scalar*{x,y}. */
-static void scalar_mult(felem nx, felem ny, felem nz,
- const felem x, const felem y, const u8 scalar[32])
+static void
+scalar_mult(felem nx, felem ny, felem nz,
+ const felem x, const felem y, const u8 scalar[32])
{
int i;
felem px, py, pz, tx, ty, tz;
@@ -1198,11 +1222,11 @@ static void scalar_mult(felem nx, felem ny, felem nz,
memcpy(&precomp[1][2], kOne, sizeof(felem));
for (i = 2; i < 16; i += 2) {
- point_double(precomp[i][0], precomp[i][1], precomp[i][2],
- precomp[i / 2][0], precomp[i / 2][1], precomp[i / 2][2]);
+ point_double(precomp[i][0], precomp[i][1], precomp[i][2],
+ precomp[i / 2][0], precomp[i / 2][1], precomp[i / 2][2]);
- point_add_mixed(precomp[i + 1][0], precomp[i + 1][1], precomp[i + 1][2],
- precomp[i][0], precomp[i][1], precomp[i][2], x, y);
+ point_add_mixed(precomp[i + 1][0], precomp[i + 1][1], precomp[i + 1][2],
+ precomp[i][0], precomp[i][1], precomp[i][2], x, y);
}
memset(nx, 0, sizeof(felem));
@@ -1212,33 +1236,33 @@ static void scalar_mult(felem nx, felem ny, felem nz,
/* We add in a window of four bits each iteration and do this 64 times. */
for (i = 0; i < 64; i++) {
- if (i) {
- point_double(nx, ny, nz, nx, ny, nz);
- point_double(nx, ny, nz, nx, ny, nz);
- point_double(nx, ny, nz, nx, ny, nz);
- point_double(nx, ny, nz, nx, ny, nz);
- }
-
- index = scalar[31 - i / 2];
- if ((i & 1) == 1) {
- index &= 15;
- } else {
- index >>= 4;
- }
-
- /* See the comments in scalar_base_mult about handling infinities. */
- select_jacobian_point(px, py, pz, precomp[0][0], index);
- point_add(tx, ty, tz, nx, ny, nz, px, py, pz);
- copy_conditional(nx, px, n_is_infinity_mask);
- copy_conditional(ny, py, n_is_infinity_mask);
- copy_conditional(nz, pz, n_is_infinity_mask);
-
- p_is_noninfinite_mask = NON_ZERO_TO_ALL_ONES(index);
- mask = p_is_noninfinite_mask & ~n_is_infinity_mask;
- copy_conditional(nx, tx, mask);
- copy_conditional(ny, ty, mask);
- copy_conditional(nz, tz, mask);
- n_is_infinity_mask &= ~p_is_noninfinite_mask;
+ if (i) {
+ point_double(nx, ny, nz, nx, ny, nz);
+ point_double(nx, ny, nz, nx, ny, nz);
+ point_double(nx, ny, nz, nx, ny, nz);
+ point_double(nx, ny, nz, nx, ny, nz);
+ }
+
+ index = scalar[31 - i / 2];
+ if ((i & 1) == 1) {
+ index &= 15;
+ } else {
+ index >>= 4;
+ }
+
+ /* See the comments in scalar_base_mult about handling infinities. */
+ select_jacobian_point(px, py, pz, precomp[0][0], index);
+ point_add(tx, ty, tz, nx, ny, nz, px, py, pz);
+ copy_conditional(nx, px, n_is_infinity_mask);
+ copy_conditional(ny, py, n_is_infinity_mask);
+ copy_conditional(nz, pz, n_is_infinity_mask);
+
+ p_is_noninfinite_mask = NON_ZERO_TO_ALL_ONES(index);
+ mask = p_is_noninfinite_mask & ~n_is_infinity_mask;
+ copy_conditional(nx, tx, mask);
+ copy_conditional(ny, ty, mask);
+ copy_conditional(nz, tz, mask);
+ n_is_infinity_mask &= ~p_is_noninfinite_mask;
}
}
@@ -1254,12 +1278,12 @@ static void scalar_mult(felem nx, felem ny, felem nz,
#define BYTESWAP64(x) OSSwapInt64(x)
#else
#define BYTESWAP32(x) \
- (((x) >> 24) | (((x) >> 8) & 0xff00) | (((x) & 0xff00) << 8) | ((x) << 24))
-#define BYTESWAP64(x) \
- (((x) >> 56) | (((x) >> 40) & 0xff00) | \
+ (((x) >> 24) | (((x) >> 8) & 0xff00) | (((x)&0xff00) << 8) | ((x) << 24))
+#define BYTESWAP64(x) \
+ (((x) >> 56) | (((x) >> 40) & 0xff00) | \
(((x) >> 24) & 0xff0000) | (((x) >> 8) & 0xff000000) | \
- (((x) & 0xff000000) << 8) | (((x) & 0xff0000) << 24) | \
- (((x) & 0xff00) << 40) | ((x) << 56))
+ (((x)&0xff000000) << 8) | (((x)&0xff0000) << 24) | \
+ (((x)&0xff00) << 40) | ((x) << 56))
#endif
#ifdef MP_USE_UINT_DIGIT
@@ -1276,23 +1300,24 @@ static const mp_digit kRInvDigits[8] = {
};
#else
static const mp_digit kRInvDigits[4] = {
- PR_UINT64(0x180000000), 0xffffffff,
+ PR_UINT64(0x180000000), 0xffffffff,
PR_UINT64(0xfffffffe80000001), PR_UINT64(0x7fffffff00000001)
};
#endif
-#define MP_DIGITS_IN_256_BITS (32/sizeof(mp_digit))
+#define MP_DIGITS_IN_256_BITS (32 / sizeof(mp_digit))
static const mp_int kRInv = {
MP_ZPOS,
MP_DIGITS_IN_256_BITS,
MP_DIGITS_IN_256_BITS,
- (mp_digit*) kRInvDigits
+ (mp_digit *)kRInvDigits
};
static const limb kTwo28 = 0x10000000;
static const limb kTwo29 = 0x20000000;
/* to_montgomery sets out = R*in. */
-static mp_err to_montgomery(felem out, const mp_int *in, const ECGroup *group)
+static mp_err
+to_montgomery(felem out, const mp_int *in, const ECGroup *group)
{
/* There are no MPI functions for bitshift operations and we wish to shift
* in 257 bits left so we move the digits 256-bits left and then multiply
@@ -1305,20 +1330,20 @@ static mp_err to_montgomery(felem out, const mp_int *in, const ECGroup *group)
MP_CHECKOK(mp_init(&in_shifted));
MP_CHECKOK(s_mp_pad(&in_shifted, MP_USED(in) + MP_DIGITS_IN_256_BITS));
memcpy(&MP_DIGIT(&in_shifted, MP_DIGITS_IN_256_BITS),
- MP_DIGITS(in),
- MP_USED(in)*sizeof(mp_digit));
+ MP_DIGITS(in),
+ MP_USED(in) * sizeof(mp_digit));
MP_CHECKOK(mp_mul_2(&in_shifted, &in_shifted));
MP_CHECKOK(group->meth->field_mod(&in_shifted, &in_shifted, group->meth));
for (i = 0;; i++) {
- out[i] = MP_DIGIT(&in_shifted, 0) & kBottom29Bits;
- MP_CHECKOK(mp_div_d(&in_shifted, kTwo29, &in_shifted, NULL));
-
- i++;
- if (i == NLIMBS)
- break;
- out[i] = MP_DIGIT(&in_shifted, 0) & kBottom28Bits;
- MP_CHECKOK(mp_div_d(&in_shifted, kTwo28, &in_shifted, NULL));
+ out[i] = MP_DIGIT(&in_shifted, 0) & kBottom29Bits;
+ MP_CHECKOK(mp_div_d(&in_shifted, kTwo29, &in_shifted, NULL));
+
+ i++;
+ if (i == NLIMBS)
+ break;
+ out[i] = MP_DIGIT(&in_shifted, 0) & kBottom28Bits;
+ MP_CHECKOK(mp_div_d(&in_shifted, kTwo28, &in_shifted, NULL));
}
CLEANUP:
@@ -1327,8 +1352,9 @@ CLEANUP:
}
/* from_montgomery sets out=in/R. */
-static mp_err from_montgomery(mp_int *out, const felem in,
- const ECGroup *group)
+static mp_err
+from_montgomery(mp_int *out, const felem in,
+ const ECGroup *group)
{
mp_int result, tmp;
mp_err res;
@@ -1337,14 +1363,14 @@ static mp_err from_montgomery(mp_int *out, const felem in,
MP_CHECKOK(mp_init(&result));
MP_CHECKOK(mp_init(&tmp));
- MP_CHECKOK(mp_add_d(&tmp, in[NLIMBS-1], &result));
- for (i = NLIMBS-2; i >= 0; i--) {
- if ((i & 1) == 0) {
- MP_CHECKOK(mp_mul_d(&result, kTwo29, &tmp));
- } else {
- MP_CHECKOK(mp_mul_d(&result, kTwo28, &tmp));
- }
- MP_CHECKOK(mp_add_d(&tmp, in[i], &result));
+ MP_CHECKOK(mp_add_d(&tmp, in[NLIMBS - 1], &result));
+ for (i = NLIMBS - 2; i >= 0; i--) {
+ if ((i & 1) == 0) {
+ MP_CHECKOK(mp_mul_d(&result, kTwo29, &tmp));
+ } else {
+ MP_CHECKOK(mp_mul_d(&result, kTwo28, &tmp));
+ }
+ MP_CHECKOK(mp_add_d(&tmp, in[i], &result));
}
MP_CHECKOK(mp_mul(&result, &kRInv, out));
@@ -1357,7 +1383,8 @@ CLEANUP:
}
/* scalar_from_mp_int sets out_scalar=n, where n < the group order. */
-static void scalar_from_mp_int(u8 out_scalar[32], const mp_int *n)
+static void
+scalar_from_mp_int(u8 out_scalar[32], const mp_int *n)
{
/* We require that |n| is less than the order of the group and therefore it
* will fit into |out_scalar|. However, these is a timing side-channel here
@@ -1369,12 +1396,12 @@ static void scalar_from_mp_int(u8 out_scalar[32], const mp_int *n)
memcpy(out_scalar, MP_DIGITS(n), MP_USED(n) * sizeof(mp_digit));
#else
{
- mp_size i;
- mp_digit swapped[MP_DIGITS_IN_256_BITS];
- for (i = 0; i < MP_USED(n); i++) {
- swapped[i] = BYTESWAP_MP_DIGIT_TO_LE(MP_DIGIT(n, i));
- }
- memcpy(out_scalar, swapped, MP_USED(n) * sizeof(mp_digit));
+ mp_size i;
+ mp_digit swapped[MP_DIGITS_IN_256_BITS];
+ for (i = 0; i < MP_USED(n); i++) {
+ swapped[i] = BYTESWAP_MP_DIGIT_TO_LE(MP_DIGIT(n, i));
+ }
+ memcpy(out_scalar, swapped, MP_USED(n) * sizeof(mp_digit));
}
#endif
}
@@ -1382,9 +1409,10 @@ static void scalar_from_mp_int(u8 out_scalar[32], const mp_int *n)
/* ec_GFp_nistp256_base_point_mul sets {out_x,out_y} = nG, where n is < the
* order of the group.
*/
-static mp_err ec_GFp_nistp256_base_point_mul(const mp_int *n,
- mp_int *out_x, mp_int *out_y,
- const ECGroup *group)
+static mp_err
+ec_GFp_nistp256_base_point_mul(const mp_int *n,
+ mp_int *out_x, mp_int *out_y,
+ const ECGroup *group)
{
u8 scalar[32];
felem x, y, z, x_affine, y_affine;
@@ -1405,10 +1433,11 @@ CLEANUP:
/* ec_GFp_nistp256_point_mul sets {out_x,out_y} = n*{in_x,in_y}, where n is <
* the order of the group.
*/
-static mp_err ec_GFp_nistp256_point_mul(const mp_int *n,
- const mp_int *in_x, const mp_int *in_y,
- mp_int *out_x, mp_int *out_y,
- const ECGroup *group)
+static mp_err
+ec_GFp_nistp256_point_mul(const mp_int *n,
+ const mp_int *in_x, const mp_int *in_y,
+ mp_int *out_x, mp_int *out_y,
+ const ECGroup *group)
{
u8 scalar[32];
felem x, y, z, x_affine, y_affine, px, py;
@@ -1435,11 +1464,12 @@ CLEANUP:
* is safe because it's used for signature validation which doesn't deal
* with secrets.
*/
-static mp_err ec_GFp_nistp256_points_mul_vartime(
- const mp_int *n1, const mp_int *n2,
- const mp_int *in_x, const mp_int *in_y,
- mp_int *out_x, mp_int *out_y,
- const ECGroup *group)
+static mp_err
+ec_GFp_nistp256_points_mul_vartime(
+ const mp_int *n1, const mp_int *n2,
+ const mp_int *in_x, const mp_int *in_y,
+ mp_int *out_x, mp_int *out_y,
+ const ECGroup *group)
{
u8 scalar1[32], scalar2[32];
felem x1, y1, z1, x2, y2, z2, x_affine, y_affine, px, py;
@@ -1447,19 +1477,19 @@ static mp_err ec_GFp_nistp256_points_mul_vartime(
/* If n2 == NULL, this is just a base-point multiplication. */
if (n2 == NULL) {
- return ec_GFp_nistp256_base_point_mul(n1, out_x, out_y, group);
+ return ec_GFp_nistp256_base_point_mul(n1, out_x, out_y, group);
}
/* If n1 == nULL, this is just an arbitary-point multiplication. */
if (n1 == NULL) {
- return ec_GFp_nistp256_point_mul(n2, in_x, in_y, out_x, out_y, group);
+ return ec_GFp_nistp256_point_mul(n2, in_x, in_y, out_x, out_y, group);
}
/* If both scalars are zero, then the result is the point at infinity. */
if (mp_cmp_z(n1) == 0 && mp_cmp_z(n2) == 0) {
- mp_zero(out_x);
- mp_zero(out_y);
- return res;
+ mp_zero(out_x);
+ mp_zero(out_y);
+ return res;
}
scalar_from_mp_int(scalar1, n1);
@@ -1471,17 +1501,17 @@ static mp_err ec_GFp_nistp256_points_mul_vartime(
scalar_mult(x2, y2, z2, px, py, scalar2);
if (mp_cmp_z(n2) == 0) {
- /* If n2 == 0, then {x2,y2,z2} is zero and the result is just
- * {x1,y1,z1}. */
+ /* If n2 == 0, then {x2,y2,z2} is zero and the result is just
+ * {x1,y1,z1}. */
} else if (mp_cmp_z(n1) == 0) {
- /* If n1 == 0, then {x1,y1,z1} is zero and the result is just
- * {x2,y2,z2}. */
- memcpy(x1, x2, sizeof(x2));
- memcpy(y1, y2, sizeof(y2));
- memcpy(z1, z2, sizeof(z2));
+ /* If n1 == 0, then {x1,y1,z1} is zero and the result is just
+ * {x2,y2,z2}. */
+ memcpy(x1, x2, sizeof(x2));
+ memcpy(y1, y2, sizeof(y2));
+ memcpy(z1, z2, sizeof(z2));
} else {
- /* This function handles the case where {x1,y1,z1} == {x2,y2,z2}. */
- point_add_or_double_vartime(x1, y1, z1, x1, y1, z1, x2, y2, z2);
+ /* This function handles the case where {x1,y1,z1} == {x2,y2,z2}. */
+ point_add_or_double_vartime(x1, y1, z1, x1, y1, z1, x2, y2, z2);
}
point_to_affine(x_affine, y_affine, x1, y1, z1);
@@ -1493,7 +1523,8 @@ CLEANUP:
}
/* Wire in fast point multiplication for named curves. */
-mp_err ec_group_set_gfp256_32(ECGroup *group, ECCurveName name)
+mp_err
+ec_group_set_gfp256_32(ECGroup *group, ECCurveName name)
{
if (name == ECCurve_NIST_P256) {
group->base_point_mul = &ec_GFp_nistp256_base_point_mul;
diff --git a/lib/freebl/ecl/ecp_384.c b/lib/freebl/ecl/ecp_384.c
index 4c1e85e3b..702fd976e 100644
--- a/lib/freebl/ecl/ecp_384.c
+++ b/lib/freebl/ecl/ecp_384.c
@@ -7,226 +7,226 @@
#include "mplogic.h"
#include "mpi-priv.h"
-/* Fast modular reduction for p384 = 2^384 - 2^128 - 2^96 + 2^32 - 1. a can be r.
- * Uses algorithm 2.30 from Hankerson, Menezes, Vanstone. Guide to
+/* Fast modular reduction for p384 = 2^384 - 2^128 - 2^96 + 2^32 - 1. a can be r.
+ * Uses algorithm 2.30 from Hankerson, Menezes, Vanstone. Guide to
* Elliptic Curve Cryptography. */
static mp_err
ec_GFp_nistp384_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- int a_bits = mpl_significant_bits(a);
- int i;
+ mp_err res = MP_OKAY;
+ int a_bits = mpl_significant_bits(a);
+ int i;
- /* m1, m2 are statically-allocated mp_int of exactly the size we need */
- mp_int m[10];
+ /* m1, m2 are statically-allocated mp_int of exactly the size we need */
+ mp_int m[10];
#ifdef ECL_THIRTY_TWO_BIT
- mp_digit s[10][12];
- for (i = 0; i < 10; i++) {
- MP_SIGN(&m[i]) = MP_ZPOS;
- MP_ALLOC(&m[i]) = 12;
- MP_USED(&m[i]) = 12;
- MP_DIGITS(&m[i]) = s[i];
- }
+ mp_digit s[10][12];
+ for (i = 0; i < 10; i++) {
+ MP_SIGN(&m[i]) = MP_ZPOS;
+ MP_ALLOC(&m[i]) = 12;
+ MP_USED(&m[i]) = 12;
+ MP_DIGITS(&m[i]) = s[i];
+ }
#else
- mp_digit s[10][6];
- for (i = 0; i < 10; i++) {
- MP_SIGN(&m[i]) = MP_ZPOS;
- MP_ALLOC(&m[i]) = 6;
- MP_USED(&m[i]) = 6;
- MP_DIGITS(&m[i]) = s[i];
- }
+ mp_digit s[10][6];
+ for (i = 0; i < 10; i++) {
+ MP_SIGN(&m[i]) = MP_ZPOS;
+ MP_ALLOC(&m[i]) = 6;
+ MP_USED(&m[i]) = 6;
+ MP_DIGITS(&m[i]) = s[i];
+ }
#endif
#ifdef ECL_THIRTY_TWO_BIT
- /* for polynomials larger than twice the field size or polynomials
- * not using all words, use regular reduction */
- if ((a_bits > 768) || (a_bits <= 736)) {
- MP_CHECKOK(mp_mod(a, &meth->irr, r));
- } else {
- for (i = 0; i < 12; i++) {
- s[0][i] = MP_DIGIT(a, i);
- }
- s[1][0] = 0;
- s[1][1] = 0;
- s[1][2] = 0;
- s[1][3] = 0;
- s[1][4] = MP_DIGIT(a, 21);
- s[1][5] = MP_DIGIT(a, 22);
- s[1][6] = MP_DIGIT(a, 23);
- s[1][7] = 0;
- s[1][8] = 0;
- s[1][9] = 0;
- s[1][10] = 0;
- s[1][11] = 0;
- for (i = 0; i < 12; i++) {
- s[2][i] = MP_DIGIT(a, i+12);
- }
- s[3][0] = MP_DIGIT(a, 21);
- s[3][1] = MP_DIGIT(a, 22);
- s[3][2] = MP_DIGIT(a, 23);
- for (i = 3; i < 12; i++) {
- s[3][i] = MP_DIGIT(a, i+9);
- }
- s[4][0] = 0;
- s[4][1] = MP_DIGIT(a, 23);
- s[4][2] = 0;
- s[4][3] = MP_DIGIT(a, 20);
- for (i = 4; i < 12; i++) {
- s[4][i] = MP_DIGIT(a, i+8);
- }
- s[5][0] = 0;
- s[5][1] = 0;
- s[5][2] = 0;
- s[5][3] = 0;
- s[5][4] = MP_DIGIT(a, 20);
- s[5][5] = MP_DIGIT(a, 21);
- s[5][6] = MP_DIGIT(a, 22);
- s[5][7] = MP_DIGIT(a, 23);
- s[5][8] = 0;
- s[5][9] = 0;
- s[5][10] = 0;
- s[5][11] = 0;
- s[6][0] = MP_DIGIT(a, 20);
- s[6][1] = 0;
- s[6][2] = 0;
- s[6][3] = MP_DIGIT(a, 21);
- s[6][4] = MP_DIGIT(a, 22);
- s[6][5] = MP_DIGIT(a, 23);
- s[6][6] = 0;
- s[6][7] = 0;
- s[6][8] = 0;
- s[6][9] = 0;
- s[6][10] = 0;
- s[6][11] = 0;
- s[7][0] = MP_DIGIT(a, 23);
- for (i = 1; i < 12; i++) {
- s[7][i] = MP_DIGIT(a, i+11);
- }
- s[8][0] = 0;
- s[8][1] = MP_DIGIT(a, 20);
- s[8][2] = MP_DIGIT(a, 21);
- s[8][3] = MP_DIGIT(a, 22);
- s[8][4] = MP_DIGIT(a, 23);
- s[8][5] = 0;
- s[8][6] = 0;
- s[8][7] = 0;
- s[8][8] = 0;
- s[8][9] = 0;
- s[8][10] = 0;
- s[8][11] = 0;
- s[9][0] = 0;
- s[9][1] = 0;
- s[9][2] = 0;
- s[9][3] = MP_DIGIT(a, 23);
- s[9][4] = MP_DIGIT(a, 23);
- s[9][5] = 0;
- s[9][6] = 0;
- s[9][7] = 0;
- s[9][8] = 0;
- s[9][9] = 0;
- s[9][10] = 0;
- s[9][11] = 0;
+ /* for polynomials larger than twice the field size or polynomials
+ * not using all words, use regular reduction */
+ if ((a_bits > 768) || (a_bits <= 736)) {
+ MP_CHECKOK(mp_mod(a, &meth->irr, r));
+ } else {
+ for (i = 0; i < 12; i++) {
+ s[0][i] = MP_DIGIT(a, i);
+ }
+ s[1][0] = 0;
+ s[1][1] = 0;
+ s[1][2] = 0;
+ s[1][3] = 0;
+ s[1][4] = MP_DIGIT(a, 21);
+ s[1][5] = MP_DIGIT(a, 22);
+ s[1][6] = MP_DIGIT(a, 23);
+ s[1][7] = 0;
+ s[1][8] = 0;
+ s[1][9] = 0;
+ s[1][10] = 0;
+ s[1][11] = 0;
+ for (i = 0; i < 12; i++) {
+ s[2][i] = MP_DIGIT(a, i + 12);
+ }
+ s[3][0] = MP_DIGIT(a, 21);
+ s[3][1] = MP_DIGIT(a, 22);
+ s[3][2] = MP_DIGIT(a, 23);
+ for (i = 3; i < 12; i++) {
+ s[3][i] = MP_DIGIT(a, i + 9);
+ }
+ s[4][0] = 0;
+ s[4][1] = MP_DIGIT(a, 23);
+ s[4][2] = 0;
+ s[4][3] = MP_DIGIT(a, 20);
+ for (i = 4; i < 12; i++) {
+ s[4][i] = MP_DIGIT(a, i + 8);
+ }
+ s[5][0] = 0;
+ s[5][1] = 0;
+ s[5][2] = 0;
+ s[5][3] = 0;
+ s[5][4] = MP_DIGIT(a, 20);
+ s[5][5] = MP_DIGIT(a, 21);
+ s[5][6] = MP_DIGIT(a, 22);
+ s[5][7] = MP_DIGIT(a, 23);
+ s[5][8] = 0;
+ s[5][9] = 0;
+ s[5][10] = 0;
+ s[5][11] = 0;
+ s[6][0] = MP_DIGIT(a, 20);
+ s[6][1] = 0;
+ s[6][2] = 0;
+ s[6][3] = MP_DIGIT(a, 21);
+ s[6][4] = MP_DIGIT(a, 22);
+ s[6][5] = MP_DIGIT(a, 23);
+ s[6][6] = 0;
+ s[6][7] = 0;
+ s[6][8] = 0;
+ s[6][9] = 0;
+ s[6][10] = 0;
+ s[6][11] = 0;
+ s[7][0] = MP_DIGIT(a, 23);
+ for (i = 1; i < 12; i++) {
+ s[7][i] = MP_DIGIT(a, i + 11);
+ }
+ s[8][0] = 0;
+ s[8][1] = MP_DIGIT(a, 20);
+ s[8][2] = MP_DIGIT(a, 21);
+ s[8][3] = MP_DIGIT(a, 22);
+ s[8][4] = MP_DIGIT(a, 23);
+ s[8][5] = 0;
+ s[8][6] = 0;
+ s[8][7] = 0;
+ s[8][8] = 0;
+ s[8][9] = 0;
+ s[8][10] = 0;
+ s[8][11] = 0;
+ s[9][0] = 0;
+ s[9][1] = 0;
+ s[9][2] = 0;
+ s[9][3] = MP_DIGIT(a, 23);
+ s[9][4] = MP_DIGIT(a, 23);
+ s[9][5] = 0;
+ s[9][6] = 0;
+ s[9][7] = 0;
+ s[9][8] = 0;
+ s[9][9] = 0;
+ s[9][10] = 0;
+ s[9][11] = 0;
- MP_CHECKOK(mp_add(&m[0], &m[1], r));
- MP_CHECKOK(mp_add(r, &m[1], r));
- MP_CHECKOK(mp_add(r, &m[2], r));
- MP_CHECKOK(mp_add(r, &m[3], r));
- MP_CHECKOK(mp_add(r, &m[4], r));
- MP_CHECKOK(mp_add(r, &m[5], r));
- MP_CHECKOK(mp_add(r, &m[6], r));
- MP_CHECKOK(mp_sub(r, &m[7], r));
- MP_CHECKOK(mp_sub(r, &m[8], r));
- MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
- s_mp_clamp(r);
- }
+ MP_CHECKOK(mp_add(&m[0], &m[1], r));
+ MP_CHECKOK(mp_add(r, &m[1], r));
+ MP_CHECKOK(mp_add(r, &m[2], r));
+ MP_CHECKOK(mp_add(r, &m[3], r));
+ MP_CHECKOK(mp_add(r, &m[4], r));
+ MP_CHECKOK(mp_add(r, &m[5], r));
+ MP_CHECKOK(mp_add(r, &m[6], r));
+ MP_CHECKOK(mp_sub(r, &m[7], r));
+ MP_CHECKOK(mp_sub(r, &m[8], r));
+ MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
+ s_mp_clamp(r);
+ }
#else
- /* for polynomials larger than twice the field size or polynomials
- * not using all words, use regular reduction */
- if ((a_bits > 768) || (a_bits <= 736)) {
- MP_CHECKOK(mp_mod(a, &meth->irr, r));
- } else {
- for (i = 0; i < 6; i++) {
- s[0][i] = MP_DIGIT(a, i);
- }
- s[1][0] = 0;
- s[1][1] = 0;
- s[1][2] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
- s[1][3] = MP_DIGIT(a, 11) >> 32;
- s[1][4] = 0;
- s[1][5] = 0;
- for (i = 0; i < 6; i++) {
- s[2][i] = MP_DIGIT(a, i+6);
- }
- s[3][0] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
- s[3][1] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
- for (i = 2; i < 6; i++) {
- s[3][i] = (MP_DIGIT(a, i+4) >> 32) | (MP_DIGIT(a, i+5) << 32);
- }
- s[4][0] = (MP_DIGIT(a, 11) >> 32) << 32;
- s[4][1] = MP_DIGIT(a, 10) << 32;
- for (i = 2; i < 6; i++) {
- s[4][i] = MP_DIGIT(a, i+4);
- }
- s[5][0] = 0;
- s[5][1] = 0;
- s[5][2] = MP_DIGIT(a, 10);
- s[5][3] = MP_DIGIT(a, 11);
- s[5][4] = 0;
- s[5][5] = 0;
- s[6][0] = (MP_DIGIT(a, 10) << 32) >> 32;
- s[6][1] = (MP_DIGIT(a, 10) >> 32) << 32;
- s[6][2] = MP_DIGIT(a, 11);
- s[6][3] = 0;
- s[6][4] = 0;
- s[6][5] = 0;
- s[7][0] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
- for (i = 1; i < 6; i++) {
- s[7][i] = (MP_DIGIT(a, i+5) >> 32) | (MP_DIGIT(a, i+6) << 32);
- }
- s[8][0] = MP_DIGIT(a, 10) << 32;
- s[8][1] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
- s[8][2] = MP_DIGIT(a, 11) >> 32;
- s[8][3] = 0;
- s[8][4] = 0;
- s[8][5] = 0;
- s[9][0] = 0;
- s[9][1] = (MP_DIGIT(a, 11) >> 32) << 32;
- s[9][2] = MP_DIGIT(a, 11) >> 32;
- s[9][3] = 0;
- s[9][4] = 0;
- s[9][5] = 0;
+ /* for polynomials larger than twice the field size or polynomials
+ * not using all words, use regular reduction */
+ if ((a_bits > 768) || (a_bits <= 736)) {
+ MP_CHECKOK(mp_mod(a, &meth->irr, r));
+ } else {
+ for (i = 0; i < 6; i++) {
+ s[0][i] = MP_DIGIT(a, i);
+ }
+ s[1][0] = 0;
+ s[1][1] = 0;
+ s[1][2] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+ s[1][3] = MP_DIGIT(a, 11) >> 32;
+ s[1][4] = 0;
+ s[1][5] = 0;
+ for (i = 0; i < 6; i++) {
+ s[2][i] = MP_DIGIT(a, i + 6);
+ }
+ s[3][0] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+ s[3][1] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
+ for (i = 2; i < 6; i++) {
+ s[3][i] = (MP_DIGIT(a, i + 4) >> 32) | (MP_DIGIT(a, i + 5) << 32);
+ }
+ s[4][0] = (MP_DIGIT(a, 11) >> 32) << 32;
+ s[4][1] = MP_DIGIT(a, 10) << 32;
+ for (i = 2; i < 6; i++) {
+ s[4][i] = MP_DIGIT(a, i + 4);
+ }
+ s[5][0] = 0;
+ s[5][1] = 0;
+ s[5][2] = MP_DIGIT(a, 10);
+ s[5][3] = MP_DIGIT(a, 11);
+ s[5][4] = 0;
+ s[5][5] = 0;
+ s[6][0] = (MP_DIGIT(a, 10) << 32) >> 32;
+ s[6][1] = (MP_DIGIT(a, 10) >> 32) << 32;
+ s[6][2] = MP_DIGIT(a, 11);
+ s[6][3] = 0;
+ s[6][4] = 0;
+ s[6][5] = 0;
+ s[7][0] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
+ for (i = 1; i < 6; i++) {
+ s[7][i] = (MP_DIGIT(a, i + 5) >> 32) | (MP_DIGIT(a, i + 6) << 32);
+ }
+ s[8][0] = MP_DIGIT(a, 10) << 32;
+ s[8][1] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+ s[8][2] = MP_DIGIT(a, 11) >> 32;
+ s[8][3] = 0;
+ s[8][4] = 0;
+ s[8][5] = 0;
+ s[9][0] = 0;
+ s[9][1] = (MP_DIGIT(a, 11) >> 32) << 32;
+ s[9][2] = MP_DIGIT(a, 11) >> 32;
+ s[9][3] = 0;
+ s[9][4] = 0;
+ s[9][5] = 0;
- MP_CHECKOK(mp_add(&m[0], &m[1], r));
- MP_CHECKOK(mp_add(r, &m[1], r));
- MP_CHECKOK(mp_add(r, &m[2], r));
- MP_CHECKOK(mp_add(r, &m[3], r));
- MP_CHECKOK(mp_add(r, &m[4], r));
- MP_CHECKOK(mp_add(r, &m[5], r));
- MP_CHECKOK(mp_add(r, &m[6], r));
- MP_CHECKOK(mp_sub(r, &m[7], r));
- MP_CHECKOK(mp_sub(r, &m[8], r));
- MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
- s_mp_clamp(r);
- }
+ MP_CHECKOK(mp_add(&m[0], &m[1], r));
+ MP_CHECKOK(mp_add(r, &m[1], r));
+ MP_CHECKOK(mp_add(r, &m[2], r));
+ MP_CHECKOK(mp_add(r, &m[3], r));
+ MP_CHECKOK(mp_add(r, &m[4], r));
+ MP_CHECKOK(mp_add(r, &m[5], r));
+ MP_CHECKOK(mp_add(r, &m[6], r));
+ MP_CHECKOK(mp_sub(r, &m[7], r));
+ MP_CHECKOK(mp_sub(r, &m[8], r));
+ MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
+ s_mp_clamp(r);
+ }
#endif
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Compute the square of polynomial a, reduce modulo p384. Store the
- * result in r. r could be a. Uses optimized modular reduction for p384.
+ * result in r. r could be a. Uses optimized modular reduction for p384.
*/
static mp_err
ec_GFp_nistp384_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_sqr(a, r));
- MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_sqr(a, r));
+ MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Compute the product of two polynomials a and b, reduce modulo p384.
@@ -234,14 +234,14 @@ ec_GFp_nistp384_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
* optimized modular reduction for p384. */
static mp_err
ec_GFp_nistp384_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_mul(a, b, r));
- MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_mul(a, b, r));
+ MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Wire in fast field arithmetic and precomputation of base point for
@@ -249,10 +249,10 @@ ec_GFp_nistp384_mul(const mp_int *a, const mp_int *b, mp_int *r,
mp_err
ec_group_set_gfp384(ECGroup *group, ECCurveName name)
{
- if (name == ECCurve_NIST_P384) {
- group->meth->field_mod = &ec_GFp_nistp384_mod;
- group->meth->field_mul = &ec_GFp_nistp384_mul;
- group->meth->field_sqr = &ec_GFp_nistp384_sqr;
- }
- return MP_OKAY;
+ if (name == ECCurve_NIST_P384) {
+ group->meth->field_mod = &ec_GFp_nistp384_mod;
+ group->meth->field_mul = &ec_GFp_nistp384_mul;
+ group->meth->field_sqr = &ec_GFp_nistp384_sqr;
+ }
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_521.c b/lib/freebl/ecl/ecp_521.c
index f70c2f439..6ca0dbb11 100644
--- a/lib/freebl/ecl/ecp_521.c
+++ b/lib/freebl/ecl/ecp_521.c
@@ -10,76 +10,76 @@
#define ECP521_DIGITS ECL_CURVE_DIGITS(521)
/* Fast modular reduction for p521 = 2^521 - 1. a can be r. Uses
- * algorithm 2.31 from Hankerson, Menezes, Vanstone. Guide to
+ * algorithm 2.31 from Hankerson, Menezes, Vanstone. Guide to
* Elliptic Curve Cryptography. */
static mp_err
ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- int a_bits = mpl_significant_bits(a);
- unsigned int i;
-
- /* m1, m2 are statically-allocated mp_int of exactly the size we need */
- mp_int m1;
-
- mp_digit s1[ECP521_DIGITS] = { 0 };
-
- MP_SIGN(&m1) = MP_ZPOS;
- MP_ALLOC(&m1) = ECP521_DIGITS;
- MP_USED(&m1) = ECP521_DIGITS;
- MP_DIGITS(&m1) = s1;
-
- if (a_bits < 521) {
- if (a==r) return MP_OKAY;
- return mp_copy(a, r);
- }
- /* for polynomials larger than twice the field size or polynomials
- * not using all words, use regular reduction */
- if (a_bits > (521*2)) {
- MP_CHECKOK(mp_mod(a, &meth->irr, r));
- } else {
-#define FIRST_DIGIT (ECP521_DIGITS-1)
- for (i = FIRST_DIGIT; i < MP_USED(a)-1; i++) {
- s1[i-FIRST_DIGIT] = (MP_DIGIT(a, i) >> 9)
- | (MP_DIGIT(a, 1+i) << (MP_DIGIT_BIT-9));
- }
- s1[i-FIRST_DIGIT] = MP_DIGIT(a, i) >> 9;
-
- if ( a != r ) {
- MP_CHECKOK(s_mp_pad(r,ECP521_DIGITS));
- for (i = 0; i < ECP521_DIGITS; i++) {
- MP_DIGIT(r,i) = MP_DIGIT(a, i);
- }
- }
- MP_USED(r) = ECP521_DIGITS;
- MP_DIGIT(r,FIRST_DIGIT) &= 0x1FF;
-
- MP_CHECKOK(s_mp_add(r, &m1));
- if (MP_DIGIT(r, FIRST_DIGIT) & 0x200) {
- MP_CHECKOK(s_mp_add_d(r,1));
- MP_DIGIT(r,FIRST_DIGIT) &= 0x1FF;
- } else if (s_mp_cmp(r, &meth->irr) == 0) {
- mp_zero(r);
- }
- s_mp_clamp(r);
- }
-
- CLEANUP:
- return res;
+ mp_err res = MP_OKAY;
+ int a_bits = mpl_significant_bits(a);
+ unsigned int i;
+
+ /* m1, m2 are statically-allocated mp_int of exactly the size we need */
+ mp_int m1;
+
+ mp_digit s1[ECP521_DIGITS] = { 0 };
+
+ MP_SIGN(&m1) = MP_ZPOS;
+ MP_ALLOC(&m1) = ECP521_DIGITS;
+ MP_USED(&m1) = ECP521_DIGITS;
+ MP_DIGITS(&m1) = s1;
+
+ if (a_bits < 521) {
+ if (a == r)
+ return MP_OKAY;
+ return mp_copy(a, r);
+ }
+ /* for polynomials larger than twice the field size or polynomials
+ * not using all words, use regular reduction */
+ if (a_bits > (521 * 2)) {
+ MP_CHECKOK(mp_mod(a, &meth->irr, r));
+ } else {
+#define FIRST_DIGIT (ECP521_DIGITS - 1)
+ for (i = FIRST_DIGIT; i < MP_USED(a) - 1; i++) {
+ s1[i - FIRST_DIGIT] = (MP_DIGIT(a, i) >> 9) | (MP_DIGIT(a, 1 + i) << (MP_DIGIT_BIT - 9));
+ }
+ s1[i - FIRST_DIGIT] = MP_DIGIT(a, i) >> 9;
+
+ if (a != r) {
+ MP_CHECKOK(s_mp_pad(r, ECP521_DIGITS));
+ for (i = 0; i < ECP521_DIGITS; i++) {
+ MP_DIGIT(r, i) = MP_DIGIT(a, i);
+ }
+ }
+ MP_USED(r) = ECP521_DIGITS;
+ MP_DIGIT(r, FIRST_DIGIT) &= 0x1FF;
+
+ MP_CHECKOK(s_mp_add(r, &m1));
+ if (MP_DIGIT(r, FIRST_DIGIT) & 0x200) {
+ MP_CHECKOK(s_mp_add_d(r, 1));
+ MP_DIGIT(r, FIRST_DIGIT) &= 0x1FF;
+ } else if (s_mp_cmp(r, &meth->irr) == 0) {
+ mp_zero(r);
+ }
+ s_mp_clamp(r);
+ }
+
+CLEANUP:
+ return res;
}
/* Compute the square of polynomial a, reduce modulo p521. Store the
- * result in r. r could be a. Uses optimized modular reduction for p521.
+ * result in r. r could be a. Uses optimized modular reduction for p521.
*/
static mp_err
ec_GFp_nistp521_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_sqr(a, r));
- MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_sqr(a, r));
+ MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Compute the product of two polynomials a and b, reduce modulo p521.
@@ -87,39 +87,39 @@ ec_GFp_nistp521_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
* optimized modular reduction for p521. */
static mp_err
ec_GFp_nistp521_mul(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
- MP_CHECKOK(mp_mul(a, b, r));
- MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
- CLEANUP:
- return res;
+ MP_CHECKOK(mp_mul(a, b, r));
+ MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+CLEANUP:
+ return res;
}
/* Divides two field elements. If a is NULL, then returns the inverse of
* b. */
static mp_err
ec_GFp_nistp521_div(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
- mp_int t;
-
- /* If a is NULL, then return the inverse of b, otherwise return a/b. */
- if (a == NULL) {
- return mp_invmod(b, &meth->irr, r);
- } else {
- /* MPI doesn't support divmod, so we implement it using invmod and
- * mulmod. */
- MP_CHECKOK(mp_init(&t));
- MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
- MP_CHECKOK(mp_mul(a, &t, r));
- MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
- CLEANUP:
- mp_clear(&t);
- return res;
- }
+ mp_err res = MP_OKAY;
+ mp_int t;
+
+ /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+ if (a == NULL) {
+ return mp_invmod(b, &meth->irr, r);
+ } else {
+ /* MPI doesn't support divmod, so we implement it using invmod and
+ * mulmod. */
+ MP_CHECKOK(mp_init(&t));
+ MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+ MP_CHECKOK(mp_mul(a, &t, r));
+ MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+ CLEANUP:
+ mp_clear(&t);
+ return res;
+ }
}
/* Wire in fast field arithmetic and precomputation of base point for
@@ -127,11 +127,11 @@ ec_GFp_nistp521_div(const mp_int *a, const mp_int *b, mp_int *r,
mp_err
ec_group_set_gfp521(ECGroup *group, ECCurveName name)
{
- if (name == ECCurve_NIST_P521) {
- group->meth->field_mod = &ec_GFp_nistp521_mod;
- group->meth->field_mul = &ec_GFp_nistp521_mul;
- group->meth->field_sqr = &ec_GFp_nistp521_sqr;
- group->meth->field_div = &ec_GFp_nistp521_div;
- }
- return MP_OKAY;
+ if (name == ECCurve_NIST_P521) {
+ group->meth->field_mod = &ec_GFp_nistp521_mod;
+ group->meth->field_mul = &ec_GFp_nistp521_mul;
+ group->meth->field_sqr = &ec_GFp_nistp521_sqr;
+ group->meth->field_div = &ec_GFp_nistp521_div;
+ }
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_aff.c b/lib/freebl/ecl/ecp_aff.c
index 41381073b..47fb27326 100644
--- a/lib/freebl/ecl/ecp_aff.c
+++ b/lib/freebl/ecl/ecp_aff.c
@@ -11,107 +11,101 @@ mp_err
ec_GFp_pt_is_inf_aff(const mp_int *px, const mp_int *py)
{
- if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
- return MP_YES;
- } else {
- return MP_NO;
- }
-
+ if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
+ return MP_YES;
+ } else {
+ return MP_NO;
+ }
}
/* Sets P(px, py) to be the point at infinity. Uses affine coordinates. */
mp_err
ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py)
{
- mp_zero(px);
- mp_zero(py);
- return MP_OKAY;
+ mp_zero(px);
+ mp_zero(py);
+ return MP_OKAY;
}
-/* Computes R = P + Q based on IEEE P1363 A.10.1. Elliptic curve points P,
+/* Computes R = P + Q based on IEEE P1363 A.10.1. Elliptic curve points P,
* Q, and R can all be identical. Uses affine coordinates. Assumes input
* is already field-encoded using field_enc, and returns output that is
* still field-encoded. */
mp_err
ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
- const mp_int *qy, mp_int *rx, mp_int *ry,
- const ECGroup *group)
+ const mp_int *qy, mp_int *rx, mp_int *ry,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int lambda, temp, tempx, tempy;
+ mp_err res = MP_OKAY;
+ mp_int lambda, temp, tempx, tempy;
- MP_DIGITS(&lambda) = 0;
- MP_DIGITS(&temp) = 0;
- MP_DIGITS(&tempx) = 0;
- MP_DIGITS(&tempy) = 0;
- MP_CHECKOK(mp_init(&lambda));
- MP_CHECKOK(mp_init(&temp));
- MP_CHECKOK(mp_init(&tempx));
- MP_CHECKOK(mp_init(&tempy));
- /* if P = inf, then R = Q */
- if (ec_GFp_pt_is_inf_aff(px, py) == 0) {
- MP_CHECKOK(mp_copy(qx, rx));
- MP_CHECKOK(mp_copy(qy, ry));
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* if Q = inf, then R = P */
- if (ec_GFp_pt_is_inf_aff(qx, qy) == 0) {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* if px != qx, then lambda = (py-qy) / (px-qx) */
- if (mp_cmp(px, qx) != 0) {
- MP_CHECKOK(group->meth->field_sub(py, qy, &tempy, group->meth));
- MP_CHECKOK(group->meth->field_sub(px, qx, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_div(&tempy, &tempx, &lambda, group->meth));
- } else {
- /* if py != qy or qy = 0, then R = inf */
- if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qy) == 0)) {
- mp_zero(rx);
- mp_zero(ry);
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* lambda = (3qx^2+a) / (2qy) */
- MP_CHECKOK(group->meth->field_sqr(qx, &tempx, group->meth));
- MP_CHECKOK(mp_set_int(&temp, 3));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
- }
- MP_CHECKOK(group->meth->
- field_mul(&tempx, &temp, &tempx, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&tempx, &group->curvea, &tempx, group->meth));
- MP_CHECKOK(mp_set_int(&temp, 2));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
- }
- MP_CHECKOK(group->meth->field_mul(qy, &temp, &tempy, group->meth));
- MP_CHECKOK(group->meth->
- field_div(&tempx, &tempy, &lambda, group->meth));
- }
- /* rx = lambda^2 - px - qx */
- MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
- MP_CHECKOK(group->meth->field_sub(&tempx, px, &tempx, group->meth));
- MP_CHECKOK(group->meth->field_sub(&tempx, qx, &tempx, group->meth));
- /* ry = (x1-x2) * lambda - y1 */
- MP_CHECKOK(group->meth->field_sub(qx, &tempx, &tempy, group->meth));
- MP_CHECKOK(group->meth->
- field_mul(&tempy, &lambda, &tempy, group->meth));
- MP_CHECKOK(group->meth->field_sub(&tempy, qy, &tempy, group->meth));
- MP_CHECKOK(mp_copy(&tempx, rx));
- MP_CHECKOK(mp_copy(&tempy, ry));
+ MP_DIGITS(&lambda) = 0;
+ MP_DIGITS(&temp) = 0;
+ MP_DIGITS(&tempx) = 0;
+ MP_DIGITS(&tempy) = 0;
+ MP_CHECKOK(mp_init(&lambda));
+ MP_CHECKOK(mp_init(&temp));
+ MP_CHECKOK(mp_init(&tempx));
+ MP_CHECKOK(mp_init(&tempy));
+ /* if P = inf, then R = Q */
+ if (ec_GFp_pt_is_inf_aff(px, py) == 0) {
+ MP_CHECKOK(mp_copy(qx, rx));
+ MP_CHECKOK(mp_copy(qy, ry));
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* if Q = inf, then R = P */
+ if (ec_GFp_pt_is_inf_aff(qx, qy) == 0) {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* if px != qx, then lambda = (py-qy) / (px-qx) */
+ if (mp_cmp(px, qx) != 0) {
+ MP_CHECKOK(group->meth->field_sub(py, qy, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_sub(px, qx, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_div(&tempy, &tempx, &lambda, group->meth));
+ } else {
+ /* if py != qy or qy = 0, then R = inf */
+ if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qy) == 0)) {
+ mp_zero(rx);
+ mp_zero(ry);
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* lambda = (3qx^2+a) / (2qy) */
+ MP_CHECKOK(group->meth->field_sqr(qx, &tempx, group->meth));
+ MP_CHECKOK(mp_set_int(&temp, 3));
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
+ }
+ MP_CHECKOK(group->meth->field_mul(&tempx, &temp, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
+ MP_CHECKOK(mp_set_int(&temp, 2));
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
+ }
+ MP_CHECKOK(group->meth->field_mul(qy, &temp, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_div(&tempx, &tempy, &lambda, group->meth));
+ }
+ /* rx = lambda^2 - px - qx */
+ MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_sub(&tempx, px, &tempx, group->meth));
+ MP_CHECKOK(group->meth->field_sub(&tempx, qx, &tempx, group->meth));
+ /* ry = (x1-x2) * lambda - y1 */
+ MP_CHECKOK(group->meth->field_sub(qx, &tempx, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&tempy, &lambda, &tempy, group->meth));
+ MP_CHECKOK(group->meth->field_sub(&tempy, qy, &tempy, group->meth));
+ MP_CHECKOK(mp_copy(&tempx, rx));
+ MP_CHECKOK(mp_copy(&tempy, ry));
- CLEANUP:
- mp_clear(&lambda);
- mp_clear(&temp);
- mp_clear(&tempx);
- mp_clear(&tempy);
- return res;
+CLEANUP:
+ mp_clear(&lambda);
+ mp_clear(&temp);
+ mp_clear(&tempx);
+ mp_clear(&tempy);
+ return res;
}
/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be
@@ -120,20 +114,20 @@ ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
* field-encoded. */
mp_err
ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
- const mp_int *qy, mp_int *rx, mp_int *ry,
- const ECGroup *group)
+ const mp_int *qy, mp_int *rx, mp_int *ry,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int nqy;
+ mp_err res = MP_OKAY;
+ mp_int nqy;
- MP_DIGITS(&nqy) = 0;
- MP_CHECKOK(mp_init(&nqy));
- /* nqy = -qy */
- MP_CHECKOK(group->meth->field_neg(qy, &nqy, group->meth));
- res = group->point_add(px, py, qx, &nqy, rx, ry, group);
- CLEANUP:
- mp_clear(&nqy);
- return res;
+ MP_DIGITS(&nqy) = 0;
+ MP_CHECKOK(mp_init(&nqy));
+ /* nqy = -qy */
+ MP_CHECKOK(group->meth->field_neg(qy, &nqy, group->meth));
+ res = group->point_add(px, py, qx, &nqy, rx, ry, group);
+CLEANUP:
+ mp_clear(&nqy);
+ return res;
}
/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
@@ -141,177 +135,174 @@ ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
* field_enc, and returns output that is still field-encoded. */
mp_err
ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, const ECGroup *group)
+ mp_int *ry, const ECGroup *group)
{
- return ec_GFp_pt_add_aff(px, py, px, py, rx, ry, group);
+ return ec_GFp_pt_add_aff(px, py, px, py, rx, ry, group);
}
/* by default, this routine is unused and thus doesn't need to be compiled */
#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
-/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and
+/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and
* R can be identical. Uses affine coordinates. Assumes input is already
* field-encoded using field_enc, and returns output that is still
* field-encoded. */
mp_err
ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int k, k3, qx, qy, sx, sy;
- int b1, b3, i, l;
+ mp_err res = MP_OKAY;
+ mp_int k, k3, qx, qy, sx, sy;
+ int b1, b3, i, l;
- MP_DIGITS(&k) = 0;
- MP_DIGITS(&k3) = 0;
- MP_DIGITS(&qx) = 0;
- MP_DIGITS(&qy) = 0;
- MP_DIGITS(&sx) = 0;
- MP_DIGITS(&sy) = 0;
- MP_CHECKOK(mp_init(&k));
- MP_CHECKOK(mp_init(&k3));
- MP_CHECKOK(mp_init(&qx));
- MP_CHECKOK(mp_init(&qy));
- MP_CHECKOK(mp_init(&sx));
- MP_CHECKOK(mp_init(&sy));
+ MP_DIGITS(&k) = 0;
+ MP_DIGITS(&k3) = 0;
+ MP_DIGITS(&qx) = 0;
+ MP_DIGITS(&qy) = 0;
+ MP_DIGITS(&sx) = 0;
+ MP_DIGITS(&sy) = 0;
+ MP_CHECKOK(mp_init(&k));
+ MP_CHECKOK(mp_init(&k3));
+ MP_CHECKOK(mp_init(&qx));
+ MP_CHECKOK(mp_init(&qy));
+ MP_CHECKOK(mp_init(&sx));
+ MP_CHECKOK(mp_init(&sy));
- /* if n = 0 then r = inf */
- if (mp_cmp_z(n) == 0) {
- mp_zero(rx);
- mp_zero(ry);
- res = MP_OKAY;
- goto CLEANUP;
- }
- /* Q = P, k = n */
- MP_CHECKOK(mp_copy(px, &qx));
- MP_CHECKOK(mp_copy(py, &qy));
- MP_CHECKOK(mp_copy(n, &k));
- /* if n < 0 then Q = -Q, k = -k */
- if (mp_cmp_z(n) < 0) {
- MP_CHECKOK(group->meth->field_neg(&qy, &qy, group->meth));
- MP_CHECKOK(mp_neg(&k, &k));
- }
-#ifdef ECL_DEBUG /* basic double and add method */
- l = mpl_significant_bits(&k) - 1;
- MP_CHECKOK(mp_copy(&qx, &sx));
- MP_CHECKOK(mp_copy(&qy, &sy));
- for (i = l - 1; i >= 0; i--) {
- /* S = 2S */
- MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
- /* if k_i = 1, then S = S + Q */
- if (mpl_get_bit(&k, i) != 0) {
- MP_CHECKOK(group->
- point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
- }
- }
-#else /* double and add/subtract method from
- * standard */
- /* k3 = 3 * k */
- MP_CHECKOK(mp_set_int(&k3, 3));
- MP_CHECKOK(mp_mul(&k, &k3, &k3));
- /* S = Q */
- MP_CHECKOK(mp_copy(&qx, &sx));
- MP_CHECKOK(mp_copy(&qy, &sy));
- /* l = index of high order bit in binary representation of 3*k */
- l = mpl_significant_bits(&k3) - 1;
- /* for i = l-1 downto 1 */
- for (i = l - 1; i >= 1; i--) {
- /* S = 2S */
- MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
- b3 = MP_GET_BIT(&k3, i);
- b1 = MP_GET_BIT(&k, i);
- /* if k3_i = 1 and k_i = 0, then S = S + Q */
- if ((b3 == 1) && (b1 == 0)) {
- MP_CHECKOK(group->
- point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
- /* if k3_i = 0 and k_i = 1, then S = S - Q */
- } else if ((b3 == 0) && (b1 == 1)) {
- MP_CHECKOK(group->
- point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
- }
- }
+ /* if n = 0 then r = inf */
+ if (mp_cmp_z(n) == 0) {
+ mp_zero(rx);
+ mp_zero(ry);
+ res = MP_OKAY;
+ goto CLEANUP;
+ }
+ /* Q = P, k = n */
+ MP_CHECKOK(mp_copy(px, &qx));
+ MP_CHECKOK(mp_copy(py, &qy));
+ MP_CHECKOK(mp_copy(n, &k));
+ /* if n < 0 then Q = -Q, k = -k */
+ if (mp_cmp_z(n) < 0) {
+ MP_CHECKOK(group->meth->field_neg(&qy, &qy, group->meth));
+ MP_CHECKOK(mp_neg(&k, &k));
+ }
+#ifdef ECL_DEBUG /* basic double and add method */
+ l = mpl_significant_bits(&k) - 1;
+ MP_CHECKOK(mp_copy(&qx, &sx));
+ MP_CHECKOK(mp_copy(&qy, &sy));
+ for (i = l - 1; i >= 0; i--) {
+ /* S = 2S */
+ MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+ /* if k_i = 1, then S = S + Q */
+ if (mpl_get_bit(&k, i) != 0) {
+ MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+ }
+ }
+#else /* double and add/subtract method from \
+ * standard */
+ /* k3 = 3 * k */
+ MP_CHECKOK(mp_set_int(&k3, 3));
+ MP_CHECKOK(mp_mul(&k, &k3, &k3));
+ /* S = Q */
+ MP_CHECKOK(mp_copy(&qx, &sx));
+ MP_CHECKOK(mp_copy(&qy, &sy));
+ /* l = index of high order bit in binary representation of 3*k */
+ l = mpl_significant_bits(&k3) - 1;
+ /* for i = l-1 downto 1 */
+ for (i = l - 1; i >= 1; i--) {
+ /* S = 2S */
+ MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+ b3 = MP_GET_BIT(&k3, i);
+ b1 = MP_GET_BIT(&k, i);
+ /* if k3_i = 1 and k_i = 0, then S = S + Q */
+ if ((b3 == 1) && (b1 == 0)) {
+ MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+ /* if k3_i = 0 and k_i = 1, then S = S - Q */
+ } else if ((b3 == 0) && (b1 == 1)) {
+ MP_CHECKOK(group->point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
+ }
+ }
#endif
- /* output S */
- MP_CHECKOK(mp_copy(&sx, rx));
- MP_CHECKOK(mp_copy(&sy, ry));
+ /* output S */
+ MP_CHECKOK(mp_copy(&sx, rx));
+ MP_CHECKOK(mp_copy(&sy, ry));
- CLEANUP:
- mp_clear(&k);
- mp_clear(&k3);
- mp_clear(&qx);
- mp_clear(&qy);
- mp_clear(&sx);
- mp_clear(&sy);
- return res;
+CLEANUP:
+ mp_clear(&k);
+ mp_clear(&k3);
+ mp_clear(&qx);
+ mp_clear(&qy);
+ mp_clear(&sx);
+ mp_clear(&sy);
+ return res;
}
#endif
/* Validates a point on a GFp curve. */
-mp_err
+mp_err
ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
{
- mp_err res = MP_NO;
- mp_int accl, accr, tmp, pxt, pyt;
+ mp_err res = MP_NO;
+ mp_int accl, accr, tmp, pxt, pyt;
- MP_DIGITS(&accl) = 0;
- MP_DIGITS(&accr) = 0;
- MP_DIGITS(&tmp) = 0;
- MP_DIGITS(&pxt) = 0;
- MP_DIGITS(&pyt) = 0;
- MP_CHECKOK(mp_init(&accl));
- MP_CHECKOK(mp_init(&accr));
- MP_CHECKOK(mp_init(&tmp));
- MP_CHECKOK(mp_init(&pxt));
- MP_CHECKOK(mp_init(&pyt));
+ MP_DIGITS(&accl) = 0;
+ MP_DIGITS(&accr) = 0;
+ MP_DIGITS(&tmp) = 0;
+ MP_DIGITS(&pxt) = 0;
+ MP_DIGITS(&pyt) = 0;
+ MP_CHECKOK(mp_init(&accl));
+ MP_CHECKOK(mp_init(&accr));
+ MP_CHECKOK(mp_init(&tmp));
+ MP_CHECKOK(mp_init(&pxt));
+ MP_CHECKOK(mp_init(&pyt));
/* 1: Verify that publicValue is not the point at infinity */
- if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
- res = MP_NO;
- goto CLEANUP;
- }
- /* 2: Verify that the coordinates of publicValue are elements
+ if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
+ /* 2: Verify that the coordinates of publicValue are elements
* of the field.
*/
- if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) ||
- (MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
- res = MP_NO;
- goto CLEANUP;
- }
+ if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) ||
+ (MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
/* 3: Verify that publicValue is on the curve. */
- if (group->meth->field_enc) {
- group->meth->field_enc(px, &pxt, group->meth);
- group->meth->field_enc(py, &pyt, group->meth);
- } else {
- MP_CHECKOK( mp_copy(px, &pxt) );
- MP_CHECKOK( mp_copy(py, &pyt) );
- }
- /* left-hand side: y^2 */
- MP_CHECKOK( group->meth->field_sqr(&pyt, &accl, group->meth) );
- /* right-hand side: x^3 + a*x + b = (x^2 + a)*x + b by Horner's rule */
- MP_CHECKOK( group->meth->field_sqr(&pxt, &tmp, group->meth) );
- MP_CHECKOK( group->meth->field_add(&tmp, &group->curvea, &tmp, group->meth) );
- MP_CHECKOK( group->meth->field_mul(&tmp, &pxt, &accr, group->meth) );
- MP_CHECKOK( group->meth->field_add(&accr, &group->curveb, &accr, group->meth) );
- /* check LHS - RHS == 0 */
- MP_CHECKOK( group->meth->field_sub(&accl, &accr, &accr, group->meth) );
- if (mp_cmp_z(&accr) != 0) {
- res = MP_NO;
- goto CLEANUP;
- }
+ if (group->meth->field_enc) {
+ group->meth->field_enc(px, &pxt, group->meth);
+ group->meth->field_enc(py, &pyt, group->meth);
+ } else {
+ MP_CHECKOK(mp_copy(px, &pxt));
+ MP_CHECKOK(mp_copy(py, &pyt));
+ }
+ /* left-hand side: y^2 */
+ MP_CHECKOK(group->meth->field_sqr(&pyt, &accl, group->meth));
+ /* right-hand side: x^3 + a*x + b = (x^2 + a)*x + b by Horner's rule */
+ MP_CHECKOK(group->meth->field_sqr(&pxt, &tmp, group->meth));
+ MP_CHECKOK(group->meth->field_add(&tmp, &group->curvea, &tmp, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&tmp, &pxt, &accr, group->meth));
+ MP_CHECKOK(group->meth->field_add(&accr, &group->curveb, &accr, group->meth));
+ /* check LHS - RHS == 0 */
+ MP_CHECKOK(group->meth->field_sub(&accl, &accr, &accr, group->meth));
+ if (mp_cmp_z(&accr) != 0) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
/* 4: Verify that the order of the curve times the publicValue
* is the point at infinity.
*/
- MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
- if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
- res = MP_NO;
- goto CLEANUP;
- }
+ MP_CHECKOK(ECPoint_mul(group, &group->order, px, py, &pxt, &pyt));
+ if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
- res = MP_YES;
+ res = MP_YES;
CLEANUP:
- mp_clear(&accl);
- mp_clear(&accr);
- mp_clear(&tmp);
- mp_clear(&pxt);
- mp_clear(&pyt);
- return res;
+ mp_clear(&accl);
+ mp_clear(&accr);
+ mp_clear(&tmp);
+ mp_clear(&pxt);
+ mp_clear(&pyt);
+ return res;
}
diff --git a/lib/freebl/ecl/ecp_fp.c b/lib/freebl/ecl/ecp_fp.c
index 46dc123ca..2adffb3a6 100644
--- a/lib/freebl/ecl/ecp_fp.c
+++ b/lib/freebl/ecl/ecp_fp.c
@@ -6,72 +6,72 @@
#include "ecl-priv.h"
#include <stdlib.h>
-/* Performs tidying on a short multi-precision floating point integer (the
+/* Performs tidying on a short multi-precision floating point integer (the
* lower group->numDoubles floats). */
void
-ecfp_tidyShort(double *t, const EC_group_fp * group)
+ecfp_tidyShort(double *t, const EC_group_fp *group)
{
- group->ecfp_tidy(t, group->alpha, group);
+ group->ecfp_tidy(t, group->alpha, group);
}
/* Performs tidying on only the upper float digits of a multi-precision
- * floating point integer, i.e. the digits beyond the regular length which
+ * floating point integer, i.e. the digits beyond the regular length which
* are removed in the reduction step. */
void
-ecfp_tidyUpper(double *t, const EC_group_fp * group)
+ecfp_tidyUpper(double *t, const EC_group_fp *group)
{
- group->ecfp_tidy(t + group->numDoubles,
- group->alpha + group->numDoubles, group);
+ group->ecfp_tidy(t + group->numDoubles,
+ group->alpha + group->numDoubles, group);
}
/* Performs a "tidy" operation, which performs carrying, moving excess
* bits from one double to the next double, so that the precision of the
* doubles is reduced to the regular precision group->doubleBitSize. This
- * might result in some float digits being negative. Alternative C version
+ * might result in some float digits being negative. Alternative C version
* for portability. */
void
-ecfp_tidy(double *t, const double *alpha, const EC_group_fp * group)
+ecfp_tidy(double *t, const double *alpha, const EC_group_fp *group)
{
- double q;
- int i;
-
- /* Do carrying */
- for (i = 0; i < group->numDoubles - 1; i++) {
- q = t[i] + alpha[i + 1];
- q -= alpha[i + 1];
- t[i] -= q;
- t[i + 1] += q;
-
- /* If we don't assume that truncation rounding is used, then q
- * might be 2^n bigger than expected (if it rounds up), then t[0]
- * could be negative and t[1] 2^n larger than expected. */
- }
+ double q;
+ int i;
+
+ /* Do carrying */
+ for (i = 0; i < group->numDoubles - 1; i++) {
+ q = t[i] + alpha[i + 1];
+ q -= alpha[i + 1];
+ t[i] -= q;
+ t[i + 1] += q;
+
+ /* If we don't assume that truncation rounding is used, then q
+ * might be 2^n bigger than expected (if it rounds up), then t[0]
+ * could be negative and t[1] 2^n larger than expected. */
+ }
}
/* Performs a more mathematically precise "tidying" so that each term is
* positive. This is slower than the regular tidying, and is used for
* conversion from floating point to integer. */
void
-ecfp_positiveTidy(double *t, const EC_group_fp * group)
+ecfp_positiveTidy(double *t, const EC_group_fp *group)
{
- double q;
- int i;
-
- /* Do carrying */
- for (i = 0; i < group->numDoubles - 1; i++) {
- /* Subtract beta to force rounding down */
- q = t[i] - ecfp_beta[i + 1];
- q += group->alpha[i + 1];
- q -= group->alpha[i + 1];
- t[i] -= q;
- t[i + 1] += q;
-
- /* Due to subtracting ecfp_beta, we should have each term a
- * non-negative int */
- ECFP_ASSERT(t[i] / ecfp_exp[i] ==
- (unsigned long long) (t[i] / ecfp_exp[i]));
- ECFP_ASSERT(t[i] >= 0);
- }
+ double q;
+ int i;
+
+ /* Do carrying */
+ for (i = 0; i < group->numDoubles - 1; i++) {
+ /* Subtract beta to force rounding down */
+ q = t[i] - ecfp_beta[i + 1];
+ q += group->alpha[i + 1];
+ q -= group->alpha[i + 1];
+ t[i] -= q;
+ t[i + 1] += q;
+
+ /* Due to subtracting ecfp_beta, we should have each term a
+ * non-negative int */
+ ECFP_ASSERT(t[i] / ecfp_exp[i] ==
+ (unsigned long long)(t[i] / ecfp_exp[i]));
+ ECFP_ASSERT(t[i] >= 0);
+ }
}
/* Converts from a floating point representation into an mp_int. Expects
@@ -79,186 +79,186 @@ ecfp_positiveTidy(double *t, const EC_group_fp * group)
void
ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup)
{
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
- unsigned short i16[(group->primeBitSize + 15) / 16];
- double q = 1;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+ unsigned short i16[(group->primeBitSize + 15) / 16];
+ double q = 1;
#ifdef ECL_THIRTY_TWO_BIT
- /* TEST uint32_t z = 0; */
- unsigned int z = 0;
+ /* TEST uint32_t z = 0; */
+ unsigned int z = 0;
#else
- uint64_t z = 0;
+ uint64_t z = 0;
#endif
- int zBits = 0;
- int copiedBits = 0;
- int i = 0;
- int j = 0;
-
- mp_digit *out;
-
- /* Result should always be >= 0, so set sign accordingly */
- MP_SIGN(mpout) = MP_ZPOS;
-
- /* Tidy up so we're just dealing with positive numbers */
- ecfp_positiveTidy(d, group);
-
- /* We might need to do this reduction step more than once if the
- * reduction adds smaller terms which carry-over to cause another
- * reduction. However, this should happen very rarely, if ever,
- * depending on the elliptic curve. */
- do {
- /* Init loop data */
- z = 0;
- zBits = 0;
- q = 1;
- i = 0;
- j = 0;
- copiedBits = 0;
-
- /* Might have to do a bit more reduction */
- group->ecfp_singleReduce(d, group);
-
- /* Grow the size of the mpint if it's too small */
- s_mp_grow(mpout, group->numInts);
- MP_USED(mpout) = group->numInts;
- out = MP_DIGITS(mpout);
-
- /* Convert double to 16 bit integers */
- while (copiedBits < group->primeBitSize) {
- if (zBits < 16) {
- z += d[i] * q;
- i++;
- ECFP_ASSERT(i < (group->primeBitSize + 15) / 16);
- zBits += group->doubleBitSize;
- }
- i16[j] = z;
- j++;
- z >>= 16;
- zBits -= 16;
- q *= ecfp_twom16;
- copiedBits += 16;
- }
- } while (z != 0);
-
- /* Convert 16 bit integers to mp_digit */
+ int zBits = 0;
+ int copiedBits = 0;
+ int i = 0;
+ int j = 0;
+
+ mp_digit *out;
+
+ /* Result should always be >= 0, so set sign accordingly */
+ MP_SIGN(mpout) = MP_ZPOS;
+
+ /* Tidy up so we're just dealing with positive numbers */
+ ecfp_positiveTidy(d, group);
+
+ /* We might need to do this reduction step more than once if the
+ * reduction adds smaller terms which carry-over to cause another
+ * reduction. However, this should happen very rarely, if ever,
+ * depending on the elliptic curve. */
+ do {
+ /* Init loop data */
+ z = 0;
+ zBits = 0;
+ q = 1;
+ i = 0;
+ j = 0;
+ copiedBits = 0;
+
+ /* Might have to do a bit more reduction */
+ group->ecfp_singleReduce(d, group);
+
+ /* Grow the size of the mpint if it's too small */
+ s_mp_grow(mpout, group->numInts);
+ MP_USED(mpout) = group->numInts;
+ out = MP_DIGITS(mpout);
+
+ /* Convert double to 16 bit integers */
+ while (copiedBits < group->primeBitSize) {
+ if (zBits < 16) {
+ z += d[i] * q;
+ i++;
+ ECFP_ASSERT(i < (group->primeBitSize + 15) / 16);
+ zBits += group->doubleBitSize;
+ }
+ i16[j] = z;
+ j++;
+ z >>= 16;
+ zBits -= 16;
+ q *= ecfp_twom16;
+ copiedBits += 16;
+ }
+ } while (z != 0);
+
+/* Convert 16 bit integers to mp_digit */
#ifdef ECL_THIRTY_TWO_BIT
- for (i = 0; i < (group->primeBitSize + 15) / 16; i += 2) {
- *out = 0;
- if (i + 1 < (group->primeBitSize + 15) / 16) {
- *out = i16[i + 1];
- *out <<= 16;
- }
- *out++ += i16[i];
- }
-#else /* 64 bit */
- for (i = 0; i < (group->primeBitSize + 15) / 16; i += 4) {
- *out = 0;
- if (i + 3 < (group->primeBitSize + 15) / 16) {
- *out = i16[i + 3];
- *out <<= 16;
- }
- if (i + 2 < (group->primeBitSize + 15) / 16) {
- *out += i16[i + 2];
- *out <<= 16;
- }
- if (i + 1 < (group->primeBitSize + 15) / 16) {
- *out += i16[i + 1];
- *out <<= 16;
- }
- *out++ += i16[i];
- }
+ for (i = 0; i < (group->primeBitSize + 15) / 16; i += 2) {
+ *out = 0;
+ if (i + 1 < (group->primeBitSize + 15) / 16) {
+ *out = i16[i + 1];
+ *out <<= 16;
+ }
+ *out++ += i16[i];
+ }
+#else /* 64 bit */
+ for (i = 0; i < (group->primeBitSize + 15) / 16; i += 4) {
+ *out = 0;
+ if (i + 3 < (group->primeBitSize + 15) / 16) {
+ *out = i16[i + 3];
+ *out <<= 16;
+ }
+ if (i + 2 < (group->primeBitSize + 15) / 16) {
+ *out += i16[i + 2];
+ *out <<= 16;
+ }
+ if (i + 1 < (group->primeBitSize + 15) / 16) {
+ *out += i16[i + 1];
+ *out <<= 16;
+ }
+ *out++ += i16[i];
+ }
#endif
- /* Perform final reduction. mpout should already be the same number
- * of bits as p, but might not be less than p. Make it so. Since
- * mpout has the same number of bits as p, and 2p has a larger bit
- * size, then mpout < 2p, so a single subtraction of p will suffice. */
- if (mp_cmp(mpout, &ecgroup->meth->irr) >= 0) {
- mp_sub(mpout, &ecgroup->meth->irr, mpout);
- }
-
- /* Shrink the size of the mp_int to the actual used size (required for
- * mp_cmp_z == 0) */
- out = MP_DIGITS(mpout);
- for (i = group->numInts - 1; i > 0; i--) {
- if (out[i] != 0)
- break;
- }
- MP_USED(mpout) = i + 1;
-
- /* Should be between 0 and p-1 */
- ECFP_ASSERT(mp_cmp(mpout, &ecgroup->meth->irr) < 0);
- ECFP_ASSERT(mp_cmp_z(mpout) >= 0);
+ /* Perform final reduction. mpout should already be the same number
+ * of bits as p, but might not be less than p. Make it so. Since
+ * mpout has the same number of bits as p, and 2p has a larger bit
+ * size, then mpout < 2p, so a single subtraction of p will suffice. */
+ if (mp_cmp(mpout, &ecgroup->meth->irr) >= 0) {
+ mp_sub(mpout, &ecgroup->meth->irr, mpout);
+ }
+
+ /* Shrink the size of the mp_int to the actual used size (required for
+ * mp_cmp_z == 0) */
+ out = MP_DIGITS(mpout);
+ for (i = group->numInts - 1; i > 0; i--) {
+ if (out[i] != 0)
+ break;
+ }
+ MP_USED(mpout) = i + 1;
+
+ /* Should be between 0 and p-1 */
+ ECFP_ASSERT(mp_cmp(mpout, &ecgroup->meth->irr) < 0);
+ ECFP_ASSERT(mp_cmp_z(mpout) >= 0);
}
/* Converts from an mpint into a floating point representation. */
void
ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup)
{
- int i;
- int j = 0;
- int size;
- double shift = 1;
- mp_digit *in;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+ int i;
+ int j = 0;
+ int size;
+ double shift = 1;
+ mp_digit *in;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
#ifdef ECL_DEBUG
- /* if debug mode, convert result back using ecfp_fp2i into cmp, then
- * compare to x. */
- mp_int cmp;
+ /* if debug mode, convert result back using ecfp_fp2i into cmp, then
+ * compare to x. */
+ mp_int cmp;
- MP_DIGITS(&cmp) = NULL;
- mp_init(&cmp);
+ MP_DIGITS(&cmp) = NULL;
+ mp_init(&cmp);
#endif
- ECFP_ASSERT(group != NULL);
+ ECFP_ASSERT(group != NULL);
- /* init output to 0 (since we skip over some terms) */
- for (i = 0; i < group->numDoubles; i++)
- out[i] = 0;
- i = 0;
+ /* init output to 0 (since we skip over some terms) */
+ for (i = 0; i < group->numDoubles; i++)
+ out[i] = 0;
+ i = 0;
- size = MP_USED(x);
- in = MP_DIGITS(x);
+ size = MP_USED(x);
+ in = MP_DIGITS(x);
- /* Copy from int into doubles */
+/* Copy from int into doubles */
#ifdef ECL_THIRTY_TWO_BIT
- while (j < size) {
- while (group->doubleBitSize * (i + 1) <= 32 * j) {
- i++;
- }
- ECFP_ASSERT(group->doubleBitSize * i <= 32 * j);
- out[i] = in[j];
- out[i] *= shift;
- shift *= ecfp_two32;
- j++;
- }
+ while (j < size) {
+ while (group->doubleBitSize * (i + 1) <= 32 * j) {
+ i++;
+ }
+ ECFP_ASSERT(group->doubleBitSize * i <= 32 * j);
+ out[i] = in[j];
+ out[i] *= shift;
+ shift *= ecfp_two32;
+ j++;
+ }
#else
- while (j < size) {
- while (group->doubleBitSize * (i + 1) <= 64 * j) {
- i++;
- }
- ECFP_ASSERT(group->doubleBitSize * i <= 64 * j);
- out[i] = (in[j] & 0x00000000FFFFFFFF) * shift;
-
- while (group->doubleBitSize * (i + 1) <= 64 * j + 32) {
- i++;
- }
- ECFP_ASSERT(24 * i <= 64 * j + 32);
- out[i] = (in[j] & 0xFFFFFFFF00000000) * shift;
-
- shift *= ecfp_two64;
- j++;
- }
+ while (j < size) {
+ while (group->doubleBitSize * (i + 1) <= 64 * j) {
+ i++;
+ }
+ ECFP_ASSERT(group->doubleBitSize * i <= 64 * j);
+ out[i] = (in[j] & 0x00000000FFFFFFFF) * shift;
+
+ while (group->doubleBitSize * (i + 1) <= 64 * j + 32) {
+ i++;
+ }
+ ECFP_ASSERT(24 * i <= 64 * j + 32);
+ out[i] = (in[j] & 0xFFFFFFFF00000000) * shift;
+
+ shift *= ecfp_two64;
+ j++;
+ }
#endif
- /* Realign bits to match double boundaries */
- ecfp_tidyShort(out, group);
+ /* Realign bits to match double boundaries */
+ ecfp_tidyShort(out, group);
#ifdef ECL_DEBUG
- /* Convert result back to mp_int, compare to original */
- ecfp_fp2i(&cmp, out, ecgroup);
- ECFP_ASSERT(mp_cmp(&cmp, x) == 0);
- mp_clear(&cmp);
+ /* Convert result back to mp_int, compare to original */
+ ecfp_fp2i(&cmp, out, ecgroup);
+ ECFP_ASSERT(mp_cmp(&cmp, x) == 0);
+ mp_clear(&cmp);
#endif
}
@@ -268,71 +268,71 @@ ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup)
* identical. Uses Jacobian coordinates. Uses 4-bit window method. */
mp_err
ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *ecgroup)
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *ecgroup)
{
- mp_err res = MP_OKAY;
- ecfp_jac_pt precomp[16], r;
- ecfp_aff_pt p;
- EC_group_fp *group;
-
- mp_int rz;
- int i, ni, d;
-
- ARGCHK(ecgroup != NULL, MP_BADARG);
- ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
-
- group = (EC_group_fp *) ecgroup->extra1;
- MP_DIGITS(&rz) = 0;
- MP_CHECKOK(mp_init(&rz));
-
- /* init p, da */
- ecfp_i2fp(p.x, px, ecgroup);
- ecfp_i2fp(p.y, py, ecgroup);
- ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
-
- /* Do precomputation */
- group->precompute_jac(precomp, &p, group);
-
- /* Do main body of calculations */
- d = (mpl_significant_bits(n) + 3) / 4;
-
- /* R = inf */
- for (i = 0; i < group->numDoubles; i++) {
- r.z[i] = 0;
- }
-
- for (i = d - 1; i >= 0; i--) {
- /* compute window ni */
- ni = MP_GET_BIT(n, 4 * i + 3);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i + 2);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i + 1);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i);
-
- /* R = 2^4 * R */
- group->pt_dbl_jac(&r, &r, group);
- group->pt_dbl_jac(&r, &r, group);
- group->pt_dbl_jac(&r, &r, group);
- group->pt_dbl_jac(&r, &r, group);
-
- /* R = R + (ni * P) */
- group->pt_add_jac(&r, &precomp[ni], &r, group);
- }
-
- /* Convert back to integer */
- ecfp_fp2i(rx, r.x, ecgroup);
- ecfp_fp2i(ry, r.y, ecgroup);
- ecfp_fp2i(&rz, r.z, ecgroup);
-
- /* convert result S to affine coordinates */
- MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, ecgroup));
-
- CLEANUP:
- mp_clear(&rz);
- return res;
+ mp_err res = MP_OKAY;
+ ecfp_jac_pt precomp[16], r;
+ ecfp_aff_pt p;
+ EC_group_fp *group;
+
+ mp_int rz;
+ int i, ni, d;
+
+ ARGCHK(ecgroup != NULL, MP_BADARG);
+ ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+ group = (EC_group_fp *)ecgroup->extra1;
+ MP_DIGITS(&rz) = 0;
+ MP_CHECKOK(mp_init(&rz));
+
+ /* init p, da */
+ ecfp_i2fp(p.x, px, ecgroup);
+ ecfp_i2fp(p.y, py, ecgroup);
+ ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+ /* Do precomputation */
+ group->precompute_jac(precomp, &p, group);
+
+ /* Do main body of calculations */
+ d = (mpl_significant_bits(n) + 3) / 4;
+
+ /* R = inf */
+ for (i = 0; i < group->numDoubles; i++) {
+ r.z[i] = 0;
+ }
+
+ for (i = d - 1; i >= 0; i--) {
+ /* compute window ni */
+ ni = MP_GET_BIT(n, 4 * i + 3);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i + 2);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i + 1);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i);
+
+ /* R = 2^4 * R */
+ group->pt_dbl_jac(&r, &r, group);
+ group->pt_dbl_jac(&r, &r, group);
+ group->pt_dbl_jac(&r, &r, group);
+ group->pt_dbl_jac(&r, &r, group);
+
+ /* R = R + (ni * P) */
+ group->pt_add_jac(&r, &precomp[ni], &r, group);
+ }
+
+ /* Convert back to integer */
+ ecfp_fp2i(rx, r.x, ecgroup);
+ ecfp_fp2i(ry, r.y, ecgroup);
+ ecfp_fp2i(&rz, r.z, ecgroup);
+
+ /* convert result S to affine coordinates */
+ MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, ecgroup));
+
+CLEANUP:
+ mp_clear(&rz);
+ return res;
}
/* Uses mixed Jacobian-affine coordinates to perform a point
@@ -342,172 +342,172 @@ ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
* time efficient but quite space efficient, no precomputation needed.
* group contains the elliptic curve coefficients and the prime that
* determines the field GFp. Elliptic curve points P and R can be
- * identical. Performs calculations in floating point number format, since
+ * identical. Performs calculations in floating point number format, since
* this is faster than the integer operations on the ULTRASPARC III.
* Uses left-to-right binary method (double & add) (algorithm 9) for
* scalar-point multiplication from Brown, Hankerson, Lopez, Menezes.
* Software Implementation of the NIST Elliptic Curves Over Prime Fields. */
mp_err
ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *ecgroup)
+ mp_int *rx, mp_int *ry, const ECGroup *ecgroup)
{
- mp_err res;
- mp_int sx, sy, sz;
-
- ecfp_aff_pt p;
- ecfp_jac_pt r;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- int i, l;
-
- MP_DIGITS(&sx) = 0;
- MP_DIGITS(&sy) = 0;
- MP_DIGITS(&sz) = 0;
- MP_CHECKOK(mp_init(&sx));
- MP_CHECKOK(mp_init(&sy));
- MP_CHECKOK(mp_init(&sz));
-
- /* if n = 0 then r = inf */
- if (mp_cmp_z(n) == 0) {
- mp_zero(rx);
- mp_zero(ry);
- res = MP_OKAY;
- goto CLEANUP;
- /* if n < 0 then out of range error */
- } else if (mp_cmp_z(n) < 0) {
- res = MP_RANGE;
- goto CLEANUP;
- }
-
- /* Convert from integer to floating point */
- ecfp_i2fp(p.x, px, ecgroup);
- ecfp_i2fp(p.y, py, ecgroup);
- ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
-
- /* Init r to point at infinity */
- for (i = 0; i < group->numDoubles; i++) {
- r.z[i] = 0;
- }
-
- /* double and add method */
- l = mpl_significant_bits(n) - 1;
-
- for (i = l; i >= 0; i--) {
- /* R = 2R */
- group->pt_dbl_jac(&r, &r, group);
-
- /* if n_i = 1, then R = R + Q */
- if (MP_GET_BIT(n, i) != 0) {
- group->pt_add_jac_aff(&r, &p, &r, group);
- }
- }
-
- /* Convert from floating point to integer */
- ecfp_fp2i(&sx, r.x, ecgroup);
- ecfp_fp2i(&sy, r.y, ecgroup);
- ecfp_fp2i(&sz, r.z, ecgroup);
-
- /* convert result R to affine coordinates */
- MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
-
- CLEANUP:
- mp_clear(&sx);
- mp_clear(&sy);
- mp_clear(&sz);
- return res;
+ mp_err res;
+ mp_int sx, sy, sz;
+
+ ecfp_aff_pt p;
+ ecfp_jac_pt r;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ int i, l;
+
+ MP_DIGITS(&sx) = 0;
+ MP_DIGITS(&sy) = 0;
+ MP_DIGITS(&sz) = 0;
+ MP_CHECKOK(mp_init(&sx));
+ MP_CHECKOK(mp_init(&sy));
+ MP_CHECKOK(mp_init(&sz));
+
+ /* if n = 0 then r = inf */
+ if (mp_cmp_z(n) == 0) {
+ mp_zero(rx);
+ mp_zero(ry);
+ res = MP_OKAY;
+ goto CLEANUP;
+ /* if n < 0 then out of range error */
+ } else if (mp_cmp_z(n) < 0) {
+ res = MP_RANGE;
+ goto CLEANUP;
+ }
+
+ /* Convert from integer to floating point */
+ ecfp_i2fp(p.x, px, ecgroup);
+ ecfp_i2fp(p.y, py, ecgroup);
+ ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+ /* Init r to point at infinity */
+ for (i = 0; i < group->numDoubles; i++) {
+ r.z[i] = 0;
+ }
+
+ /* double and add method */
+ l = mpl_significant_bits(n) - 1;
+
+ for (i = l; i >= 0; i--) {
+ /* R = 2R */
+ group->pt_dbl_jac(&r, &r, group);
+
+ /* if n_i = 1, then R = R + Q */
+ if (MP_GET_BIT(n, i) != 0) {
+ group->pt_add_jac_aff(&r, &p, &r, group);
+ }
+ }
+
+ /* Convert from floating point to integer */
+ ecfp_fp2i(&sx, r.x, ecgroup);
+ ecfp_fp2i(&sy, r.y, ecgroup);
+ ecfp_fp2i(&sz, r.z, ecgroup);
+
+ /* convert result R to affine coordinates */
+ MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
+
+CLEANUP:
+ mp_clear(&sx);
+ mp_clear(&sy);
+ mp_clear(&sz);
+ return res;
}
/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
* curve points P and R can be identical. Uses mixed Modified-Jacobian
* co-ordinates for doubling and Chudnovsky Jacobian coordinates for
- * additions. Uses 5-bit window NAF method (algorithm 11) for scalar-point
+ * additions. Uses 5-bit window NAF method (algorithm 11) for scalar-point
* multiplication from Brown, Hankerson, Lopez, Menezes. Software
* Implementation of the NIST Elliptic Curves Over Prime Fields. */
mp_err
ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *ecgroup)
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *ecgroup)
{
- mp_err res = MP_OKAY;
- mp_int sx, sy, sz;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
- ecfp_chud_pt precomp[16];
-
- ecfp_aff_pt p;
- ecfp_jm_pt r;
-
- signed char naf[group->orderBitSize + 1];
- int i;
-
- MP_DIGITS(&sx) = 0;
- MP_DIGITS(&sy) = 0;
- MP_DIGITS(&sz) = 0;
- MP_CHECKOK(mp_init(&sx));
- MP_CHECKOK(mp_init(&sy));
- MP_CHECKOK(mp_init(&sz));
-
- /* if n = 0 then r = inf */
- if (mp_cmp_z(n) == 0) {
- mp_zero(rx);
- mp_zero(ry);
- res = MP_OKAY;
- goto CLEANUP;
- /* if n < 0 then out of range error */
- } else if (mp_cmp_z(n) < 0) {
- res = MP_RANGE;
- goto CLEANUP;
- }
-
- /* Convert from integer to floating point */
- ecfp_i2fp(p.x, px, ecgroup);
- ecfp_i2fp(p.y, py, ecgroup);
- ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
-
- /* Perform precomputation */
- group->precompute_chud(precomp, &p, group);
-
- /* Compute 5NAF */
- ec_compute_wNAF(naf, group->orderBitSize, n, 5);
-
- /* Init R = pt at infinity */
- for (i = 0; i < group->numDoubles; i++) {
- r.z[i] = 0;
- }
-
- /* wNAF method */
- for (i = group->orderBitSize; i >= 0; i--) {
- /* R = 2R */
- group->pt_dbl_jm(&r, &r, group);
-
- if (naf[i] != 0) {
- group->pt_add_jm_chud(&r, &precomp[(naf[i] + 15) / 2], &r,
- group);
- }
- }
-
- /* Convert from floating point to integer */
- ecfp_fp2i(&sx, r.x, ecgroup);
- ecfp_fp2i(&sy, r.y, ecgroup);
- ecfp_fp2i(&sz, r.z, ecgroup);
-
- /* convert result R to affine coordinates */
- MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
-
- CLEANUP:
- mp_clear(&sx);
- mp_clear(&sy);
- mp_clear(&sz);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int sx, sy, sz;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+ ecfp_chud_pt precomp[16];
+
+ ecfp_aff_pt p;
+ ecfp_jm_pt r;
+
+ signed char naf[group->orderBitSize + 1];
+ int i;
+
+ MP_DIGITS(&sx) = 0;
+ MP_DIGITS(&sy) = 0;
+ MP_DIGITS(&sz) = 0;
+ MP_CHECKOK(mp_init(&sx));
+ MP_CHECKOK(mp_init(&sy));
+ MP_CHECKOK(mp_init(&sz));
+
+ /* if n = 0 then r = inf */
+ if (mp_cmp_z(n) == 0) {
+ mp_zero(rx);
+ mp_zero(ry);
+ res = MP_OKAY;
+ goto CLEANUP;
+ /* if n < 0 then out of range error */
+ } else if (mp_cmp_z(n) < 0) {
+ res = MP_RANGE;
+ goto CLEANUP;
+ }
+
+ /* Convert from integer to floating point */
+ ecfp_i2fp(p.x, px, ecgroup);
+ ecfp_i2fp(p.y, py, ecgroup);
+ ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+ /* Perform precomputation */
+ group->precompute_chud(precomp, &p, group);
+
+ /* Compute 5NAF */
+ ec_compute_wNAF(naf, group->orderBitSize, n, 5);
+
+ /* Init R = pt at infinity */
+ for (i = 0; i < group->numDoubles; i++) {
+ r.z[i] = 0;
+ }
+
+ /* wNAF method */
+ for (i = group->orderBitSize; i >= 0; i--) {
+ /* R = 2R */
+ group->pt_dbl_jm(&r, &r, group);
+
+ if (naf[i] != 0) {
+ group->pt_add_jm_chud(&r, &precomp[(naf[i] + 15) / 2], &r,
+ group);
+ }
+ }
+
+ /* Convert from floating point to integer */
+ ecfp_fp2i(&sx, r.x, ecgroup);
+ ecfp_fp2i(&sy, r.y, ecgroup);
+ ecfp_fp2i(&sz, r.z, ecgroup);
+
+ /* convert result R to affine coordinates */
+ MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
+
+CLEANUP:
+ mp_clear(&sx);
+ mp_clear(&sy);
+ mp_clear(&sz);
+ return res;
}
/* Cleans up extra memory allocated in ECGroup for this implementation. */
void
ec_GFp_extra_free_fp(ECGroup *group)
{
- if (group->extra1 != NULL) {
- free(group->extra1);
- group->extra1 = NULL;
- }
+ if (group->extra1 != NULL) {
+ free(group->extra1);
+ group->extra1 = NULL;
+ }
}
/* Tests what precision floating point arithmetic is set to. This should
@@ -515,17 +515,17 @@ ec_GFp_extra_free_fp(ECGroup *group)
* (extended precision on x86) and sets it into the EC_group_fp. Returns
* either 53 or 64 accordingly. */
int
-ec_set_fp_precision(EC_group_fp * group)
+ec_set_fp_precision(EC_group_fp *group)
{
- double a = 9007199254740992.0; /* 2^53 */
- double b = a + 1;
-
- if (a == b) {
- group->fpPrecision = 53;
- group->alpha = ecfp_alpha_53;
- return 53;
- }
- group->fpPrecision = 64;
- group->alpha = ecfp_alpha_64;
- return 64;
+ double a = 9007199254740992.0; /* 2^53 */
+ double b = a + 1;
+
+ if (a == b) {
+ group->fpPrecision = 53;
+ group->alpha = ecfp_alpha_53;
+ return 53;
+ }
+ group->fpPrecision = 64;
+ group->alpha = ecfp_alpha_64;
+ return 64;
}
diff --git a/lib/freebl/ecl/ecp_fp.h b/lib/freebl/ecl/ecp_fp.h
index a5a676913..6fff0632b 100644
--- a/lib/freebl/ecl/ecp_fp.h
+++ b/lib/freebl/ecl/ecp_fp.h
@@ -39,10 +39,10 @@
#define ECFP_T7 374144419156711147060143317175368453031918731001856.0
#define ECFP_T8 6277101735386680763835789423207666416102355444464034512896.0
#define ECFP_T9 105312291668557186697918027683670432318895095400549111254310977536.0
-#define ECFP_T10 1766847064778384329583297500742918515827483896875618958121606201292619776.0
+#define ECFP_T10 1766847064778384329583297500742918515827483896875618958121606201292619776.0
#define ECFP_T11 29642774844752946028434172162224104410437116074403984394101141506025761187823616.0
#define ECFP_T12 497323236409786642155382248146820840100456150797347717440463976893159497012533375533056.0
-#define ECFP_T13 8343699359066055009355553539724812947666814540455674882605631280555545803830627148527195652096.0
+#define ECFP_T13 8343699359066055009355553539724812947666814540455674882605631280555545803830627148527195652096.0
#define ECFP_T14 139984046386112763159840142535527767382602843577165595931249318810236991948760059086304843329475444736.0
#define ECFP_T15 2348542582773833227889480596789337027375682548908319870707290971532209025114608443463698998384768703031934976.0
#define ECFP_T16 39402006196394479212279040100143613805079739270465446667948293404245\
@@ -64,22 +64,22 @@ static const double ecfp_two32 = 4294967296.0;
static const double ecfp_two64 = 18446744073709551616.0;
static const double ecfp_twom16 = .0000152587890625;
static const double ecfp_twom128 =
- .00000000000000000000000000000000000000293873587705571876992184134305561419454666389193021880377187926569604314863681793212890625;
+ .00000000000000000000000000000000000000293873587705571876992184134305561419454666389193021880377187926569604314863681793212890625;
static const double ecfp_twom129 =
- .000000000000000000000000000000000000001469367938527859384960920671527807097273331945965109401885939632848021574318408966064453125;
+ .000000000000000000000000000000000000001469367938527859384960920671527807097273331945965109401885939632848021574318408966064453125;
static const double ecfp_twom160 =
- .0000000000000000000000000000000000000000000000006842277657836020854119773355907793609766904013068924666782559979930620520927053718196475529111921787261962890625;
+ .0000000000000000000000000000000000000000000000006842277657836020854119773355907793609766904013068924666782559979930620520927053718196475529111921787261962890625;
static const double ecfp_twom192 =
- .000000000000000000000000000000000000000000000000000000000159309191113245227702888039776771180559110455519261878607388585338616290151305816094308987472018268594098344692611135542392730712890625;
+ .000000000000000000000000000000000000000000000000000000000159309191113245227702888039776771180559110455519261878607388585338616290151305816094308987472018268594098344692611135542392730712890625;
static const double ecfp_twom224 =
- .00000000000000000000000000000000000000000000000000000000000000000003709206150687421385731735261547639513367564778757791002453039058917581340095629358997312082723208437536338919136001159027049567384892725385725498199462890625;
+ .00000000000000000000000000000000000000000000000000000000000000000003709206150687421385731735261547639513367564778757791002453039058917581340095629358997312082723208437536338919136001159027049567384892725385725498199462890625;
/* ecfp_exp[i] = 2^(i*ECFP_DSIZE) */
static const double ecfp_exp[2 * ECFP_MAXDOUBLES] = {
- ECFP_T0, ECFP_T1, ECFP_T2, ECFP_T3, ECFP_T4, ECFP_T5,
- ECFP_T6, ECFP_T7, ECFP_T8, ECFP_T9, ECFP_T10, ECFP_T11,
- ECFP_T12, ECFP_T13, ECFP_T14, ECFP_T15, ECFP_T16, ECFP_T17, ECFP_T18,
- ECFP_T19
+ ECFP_T0, ECFP_T1, ECFP_T2, ECFP_T3, ECFP_T4, ECFP_T5,
+ ECFP_T6, ECFP_T7, ECFP_T8, ECFP_T9, ECFP_T10, ECFP_T11,
+ ECFP_T12, ECFP_T13, ECFP_T14, ECFP_T15, ECFP_T16, ECFP_T17, ECFP_T18,
+ ECFP_T19
};
/* 1.1 * 2^52 Uses 2^52 to truncate, the .1 is an extra 2^51 to protect
@@ -92,199 +92,198 @@ static const double ecfp_exp[2 * ECFP_MAXDOUBLES] = {
* larger value of alpha to truncate, i.e. 1.1 * 2^63. */
#define ECFP_ALPHABASE_64 13835058055282163712.0
-/*
+/*
* ecfp_alpha[i] = 1.5 * 2^(52 + i*ECFP_DSIZE) we add and subtract alpha
* to truncate floating point numbers to a certain number of bits for
* tidying */
static const double ecfp_alpha_53[2 * ECFP_MAXDOUBLES] = {
- ECFP_ALPHABASE_53 * ECFP_T0,
- ECFP_ALPHABASE_53 * ECFP_T1,
- ECFP_ALPHABASE_53 * ECFP_T2,
- ECFP_ALPHABASE_53 * ECFP_T3,
- ECFP_ALPHABASE_53 * ECFP_T4,
- ECFP_ALPHABASE_53 * ECFP_T5,
- ECFP_ALPHABASE_53 * ECFP_T6,
- ECFP_ALPHABASE_53 * ECFP_T7,
- ECFP_ALPHABASE_53 * ECFP_T8,
- ECFP_ALPHABASE_53 * ECFP_T9,
- ECFP_ALPHABASE_53 * ECFP_T10,
- ECFP_ALPHABASE_53 * ECFP_T11,
- ECFP_ALPHABASE_53 * ECFP_T12,
- ECFP_ALPHABASE_53 * ECFP_T13,
- ECFP_ALPHABASE_53 * ECFP_T14,
- ECFP_ALPHABASE_53 * ECFP_T15,
- ECFP_ALPHABASE_53 * ECFP_T16,
- ECFP_ALPHABASE_53 * ECFP_T17,
- ECFP_ALPHABASE_53 * ECFP_T18,
- ECFP_ALPHABASE_53 * ECFP_T19
+ ECFP_ALPHABASE_53 * ECFP_T0,
+ ECFP_ALPHABASE_53 *ECFP_T1,
+ ECFP_ALPHABASE_53 *ECFP_T2,
+ ECFP_ALPHABASE_53 *ECFP_T3,
+ ECFP_ALPHABASE_53 *ECFP_T4,
+ ECFP_ALPHABASE_53 *ECFP_T5,
+ ECFP_ALPHABASE_53 *ECFP_T6,
+ ECFP_ALPHABASE_53 *ECFP_T7,
+ ECFP_ALPHABASE_53 *ECFP_T8,
+ ECFP_ALPHABASE_53 *ECFP_T9,
+ ECFP_ALPHABASE_53 *ECFP_T10,
+ ECFP_ALPHABASE_53 *ECFP_T11,
+ ECFP_ALPHABASE_53 *ECFP_T12,
+ ECFP_ALPHABASE_53 *ECFP_T13,
+ ECFP_ALPHABASE_53 *ECFP_T14,
+ ECFP_ALPHABASE_53 *ECFP_T15,
+ ECFP_ALPHABASE_53 *ECFP_T16,
+ ECFP_ALPHABASE_53 *ECFP_T17,
+ ECFP_ALPHABASE_53 *ECFP_T18,
+ ECFP_ALPHABASE_53 *ECFP_T19
};
-/*
+/*
* ecfp_alpha[i] = 1.5 * 2^(63 + i*ECFP_DSIZE) we add and subtract alpha
* to truncate floating point numbers to a certain number of bits for
* tidying */
static const double ecfp_alpha_64[2 * ECFP_MAXDOUBLES] = {
- ECFP_ALPHABASE_64 * ECFP_T0,
- ECFP_ALPHABASE_64 * ECFP_T1,
- ECFP_ALPHABASE_64 * ECFP_T2,
- ECFP_ALPHABASE_64 * ECFP_T3,
- ECFP_ALPHABASE_64 * ECFP_T4,
- ECFP_ALPHABASE_64 * ECFP_T5,
- ECFP_ALPHABASE_64 * ECFP_T6,
- ECFP_ALPHABASE_64 * ECFP_T7,
- ECFP_ALPHABASE_64 * ECFP_T8,
- ECFP_ALPHABASE_64 * ECFP_T9,
- ECFP_ALPHABASE_64 * ECFP_T10,
- ECFP_ALPHABASE_64 * ECFP_T11,
- ECFP_ALPHABASE_64 * ECFP_T12,
- ECFP_ALPHABASE_64 * ECFP_T13,
- ECFP_ALPHABASE_64 * ECFP_T14,
- ECFP_ALPHABASE_64 * ECFP_T15,
- ECFP_ALPHABASE_64 * ECFP_T16,
- ECFP_ALPHABASE_64 * ECFP_T17,
- ECFP_ALPHABASE_64 * ECFP_T18,
- ECFP_ALPHABASE_64 * ECFP_T19
+ ECFP_ALPHABASE_64 * ECFP_T0,
+ ECFP_ALPHABASE_64 *ECFP_T1,
+ ECFP_ALPHABASE_64 *ECFP_T2,
+ ECFP_ALPHABASE_64 *ECFP_T3,
+ ECFP_ALPHABASE_64 *ECFP_T4,
+ ECFP_ALPHABASE_64 *ECFP_T5,
+ ECFP_ALPHABASE_64 *ECFP_T6,
+ ECFP_ALPHABASE_64 *ECFP_T7,
+ ECFP_ALPHABASE_64 *ECFP_T8,
+ ECFP_ALPHABASE_64 *ECFP_T9,
+ ECFP_ALPHABASE_64 *ECFP_T10,
+ ECFP_ALPHABASE_64 *ECFP_T11,
+ ECFP_ALPHABASE_64 *ECFP_T12,
+ ECFP_ALPHABASE_64 *ECFP_T13,
+ ECFP_ALPHABASE_64 *ECFP_T14,
+ ECFP_ALPHABASE_64 *ECFP_T15,
+ ECFP_ALPHABASE_64 *ECFP_T16,
+ ECFP_ALPHABASE_64 *ECFP_T17,
+ ECFP_ALPHABASE_64 *ECFP_T18,
+ ECFP_ALPHABASE_64 *ECFP_T19
};
/* 0.011111111111111111111111 (binary) = 0.5 - 2^25 (24 ones) */
#define ECFP_BETABASE 0.4999999701976776123046875
-/*
+/*
* We subtract beta prior to using alpha to simulate rounding down. We
- * make this close to 0.5 to round almost everything down, but exactly 0.5
+ * make this close to 0.5 to round almost everything down, but exactly 0.5
* would cause some incorrect rounding. */
static const double ecfp_beta[2 * ECFP_MAXDOUBLES] = {
- ECFP_BETABASE * ECFP_T0,
- ECFP_BETABASE * ECFP_T1,
- ECFP_BETABASE * ECFP_T2,
- ECFP_BETABASE * ECFP_T3,
- ECFP_BETABASE * ECFP_T4,
- ECFP_BETABASE * ECFP_T5,
- ECFP_BETABASE * ECFP_T6,
- ECFP_BETABASE * ECFP_T7,
- ECFP_BETABASE * ECFP_T8,
- ECFP_BETABASE * ECFP_T9,
- ECFP_BETABASE * ECFP_T10,
- ECFP_BETABASE * ECFP_T11,
- ECFP_BETABASE * ECFP_T12,
- ECFP_BETABASE * ECFP_T13,
- ECFP_BETABASE * ECFP_T14,
- ECFP_BETABASE * ECFP_T15,
- ECFP_BETABASE * ECFP_T16,
- ECFP_BETABASE * ECFP_T17,
- ECFP_BETABASE * ECFP_T18,
- ECFP_BETABASE * ECFP_T19
+ ECFP_BETABASE * ECFP_T0,
+ ECFP_BETABASE *ECFP_T1,
+ ECFP_BETABASE *ECFP_T2,
+ ECFP_BETABASE *ECFP_T3,
+ ECFP_BETABASE *ECFP_T4,
+ ECFP_BETABASE *ECFP_T5,
+ ECFP_BETABASE *ECFP_T6,
+ ECFP_BETABASE *ECFP_T7,
+ ECFP_BETABASE *ECFP_T8,
+ ECFP_BETABASE *ECFP_T9,
+ ECFP_BETABASE *ECFP_T10,
+ ECFP_BETABASE *ECFP_T11,
+ ECFP_BETABASE *ECFP_T12,
+ ECFP_BETABASE *ECFP_T13,
+ ECFP_BETABASE *ECFP_T14,
+ ECFP_BETABASE *ECFP_T15,
+ ECFP_BETABASE *ECFP_T16,
+ ECFP_BETABASE *ECFP_T17,
+ ECFP_BETABASE *ECFP_T18,
+ ECFP_BETABASE *ECFP_T19
};
static const double ecfp_beta_160 = ECFP_BETABASE * ECFP_TWO160;
static const double ecfp_beta_192 = ECFP_BETABASE * ECFP_TWO192;
static const double ecfp_beta_224 = ECFP_BETABASE * ECFP_TWO224;
-/* Affine EC Point. This is the basic representation (x, y) of an elliptic
+/* Affine EC Point. This is the basic representation (x, y) of an elliptic
* curve point. */
typedef struct {
- double x[ECFP_MAXDOUBLES];
- double y[ECFP_MAXDOUBLES];
+ double x[ECFP_MAXDOUBLES];
+ double y[ECFP_MAXDOUBLES];
} ecfp_aff_pt;
/* Jacobian EC Point. This coordinate system uses X = x/z^2, Y = y/z^3,
* which enables calculations with fewer inversions than affine
* coordinates. */
typedef struct {
- double x[ECFP_MAXDOUBLES];
- double y[ECFP_MAXDOUBLES];
- double z[ECFP_MAXDOUBLES];
+ double x[ECFP_MAXDOUBLES];
+ double y[ECFP_MAXDOUBLES];
+ double z[ECFP_MAXDOUBLES];
} ecfp_jac_pt;
/* Chudnovsky Jacobian EC Point. This coordinate system is the same as
* Jacobian, except it keeps z^2, z^3 for faster additions. */
typedef struct {
- double x[ECFP_MAXDOUBLES];
- double y[ECFP_MAXDOUBLES];
- double z[ECFP_MAXDOUBLES];
- double z2[ECFP_MAXDOUBLES];
- double z3[ECFP_MAXDOUBLES];
+ double x[ECFP_MAXDOUBLES];
+ double y[ECFP_MAXDOUBLES];
+ double z[ECFP_MAXDOUBLES];
+ double z2[ECFP_MAXDOUBLES];
+ double z3[ECFP_MAXDOUBLES];
} ecfp_chud_pt;
/* Modified Jacobian EC Point. This coordinate system is the same as
* Jacobian, except it keeps a*z^4 for faster doublings. */
typedef struct {
- double x[ECFP_MAXDOUBLES];
- double y[ECFP_MAXDOUBLES];
- double z[ECFP_MAXDOUBLES];
- double az4[ECFP_MAXDOUBLES];
+ double x[ECFP_MAXDOUBLES];
+ double y[ECFP_MAXDOUBLES];
+ double z[ECFP_MAXDOUBLES];
+ double az4[ECFP_MAXDOUBLES];
} ecfp_jm_pt;
struct EC_group_fp_str;
typedef struct EC_group_fp_str EC_group_fp;
struct EC_group_fp_str {
- int fpPrecision; /* Set to number of bits in mantissa, 53
- * or 64 */
- int numDoubles;
- int primeBitSize;
- int orderBitSize;
- int doubleBitSize;
- int numInts;
- int aIsM3; /* True if curvea == -3 (mod p), then we
- * can optimize doubling */
- double curvea[ECFP_MAXDOUBLES];
- /* Used to truncate a double to the number of bits in the curve */
- double bitSize_alpha;
- /* Pointer to either ecfp_alpha_53 or ecfp_alpha_64 */
- const double *alpha;
-
- void (*ecfp_singleReduce) (double *r, const EC_group_fp * group);
- void (*ecfp_reduce) (double *r, double *x, const EC_group_fp * group);
- /* Performs a "tidy" operation, which performs carrying, moving excess
- * bits from one double to the next double, so that the precision of
- * the doubles is reduced to the regular precision ECFP_DSIZE. This
- * might result in some float digits being negative. */
- void (*ecfp_tidy) (double *t, const double *alpha,
- const EC_group_fp * group);
- /* Perform a point addition using coordinate system Jacobian + Affine
- * -> Jacobian. Input and output should be multi-precision floating
- * point integers. */
- void (*pt_add_jac_aff) (const ecfp_jac_pt * p, const ecfp_aff_pt * q,
- ecfp_jac_pt * r, const EC_group_fp * group);
- /* Perform a point doubling in Jacobian coordinates. Input and output
- * should be multi-precision floating point integers. */
- void (*pt_dbl_jac) (const ecfp_jac_pt * dp, ecfp_jac_pt * dr,
- const EC_group_fp * group);
- /* Perform a point addition using Jacobian coordinate system. Input
- * and output should be multi-precision floating point integers. */
- void (*pt_add_jac) (const ecfp_jac_pt * p, const ecfp_jac_pt * q,
- ecfp_jac_pt * r, const EC_group_fp * group);
- /* Perform a point doubling in Modified Jacobian coordinates. Input
- * and output should be multi-precision floating point integers. */
- void (*pt_dbl_jm) (const ecfp_jm_pt * p, ecfp_jm_pt * r,
- const EC_group_fp * group);
- /* Perform a point doubling using coordinates Affine -> Chudnovsky
- * Jacobian. Input and output should be multi-precision floating point
- * integers. */
- void (*pt_dbl_aff2chud) (const ecfp_aff_pt * p, ecfp_chud_pt * r,
- const EC_group_fp * group);
- /* Perform a point addition using coordinates: Modified Jacobian +
- * Chudnovsky Jacobian -> Modified Jacobian. Input and output should
- * be multi-precision floating point integers. */
- void (*pt_add_jm_chud) (ecfp_jm_pt * p, ecfp_chud_pt * q,
- ecfp_jm_pt * r, const EC_group_fp * group);
- /* Perform a point addition using Chudnovsky Jacobian coordinates.
- * Input and output should be multi-precision floating point integers.
- */
- void (*pt_add_chud) (const ecfp_chud_pt * p, const ecfp_chud_pt * q,
- ecfp_chud_pt * r, const EC_group_fp * group);
- /* Expects out to be an array of size 16 of Chudnovsky Jacobian
- * points. Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for
- * -15P, -13P, -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P,
- * 13P, 15P */
- void (*precompute_chud) (ecfp_chud_pt * out, const ecfp_aff_pt * p,
- const EC_group_fp * group);
- /* Expects out to be an array of size 16 of Jacobian points. Fills in
- * Chudnovsky Jacobian form (x, y, z), for O, P, 2P, ... 15P */
- void (*precompute_jac) (ecfp_jac_pt * out, const ecfp_aff_pt * p,
- const EC_group_fp * group);
-
+ int fpPrecision; /* Set to number of bits in mantissa, 53
+ * or 64 */
+ int numDoubles;
+ int primeBitSize;
+ int orderBitSize;
+ int doubleBitSize;
+ int numInts;
+ int aIsM3; /* True if curvea == -3 (mod p), then we
+ * can optimize doubling */
+ double curvea[ECFP_MAXDOUBLES];
+ /* Used to truncate a double to the number of bits in the curve */
+ double bitSize_alpha;
+ /* Pointer to either ecfp_alpha_53 or ecfp_alpha_64 */
+ const double *alpha;
+
+ void (*ecfp_singleReduce)(double *r, const EC_group_fp *group);
+ void (*ecfp_reduce)(double *r, double *x, const EC_group_fp *group);
+ /* Performs a "tidy" operation, which performs carrying, moving excess
+ * bits from one double to the next double, so that the precision of
+ * the doubles is reduced to the regular precision ECFP_DSIZE. This
+ * might result in some float digits being negative. */
+ void (*ecfp_tidy)(double *t, const double *alpha,
+ const EC_group_fp *group);
+ /* Perform a point addition using coordinate system Jacobian + Affine
+ * -> Jacobian. Input and output should be multi-precision floating
+ * point integers. */
+ void (*pt_add_jac_aff)(const ecfp_jac_pt *p, const ecfp_aff_pt *q,
+ ecfp_jac_pt *r, const EC_group_fp *group);
+ /* Perform a point doubling in Jacobian coordinates. Input and output
+ * should be multi-precision floating point integers. */
+ void (*pt_dbl_jac)(const ecfp_jac_pt *dp, ecfp_jac_pt *dr,
+ const EC_group_fp *group);
+ /* Perform a point addition using Jacobian coordinate system. Input
+ * and output should be multi-precision floating point integers. */
+ void (*pt_add_jac)(const ecfp_jac_pt *p, const ecfp_jac_pt *q,
+ ecfp_jac_pt *r, const EC_group_fp *group);
+ /* Perform a point doubling in Modified Jacobian coordinates. Input
+ * and output should be multi-precision floating point integers. */
+ void (*pt_dbl_jm)(const ecfp_jm_pt *p, ecfp_jm_pt *r,
+ const EC_group_fp *group);
+ /* Perform a point doubling using coordinates Affine -> Chudnovsky
+ * Jacobian. Input and output should be multi-precision floating point
+ * integers. */
+ void (*pt_dbl_aff2chud)(const ecfp_aff_pt *p, ecfp_chud_pt *r,
+ const EC_group_fp *group);
+ /* Perform a point addition using coordinates: Modified Jacobian +
+ * Chudnovsky Jacobian -> Modified Jacobian. Input and output should
+ * be multi-precision floating point integers. */
+ void (*pt_add_jm_chud)(ecfp_jm_pt *p, ecfp_chud_pt *q,
+ ecfp_jm_pt *r, const EC_group_fp *group);
+ /* Perform a point addition using Chudnovsky Jacobian coordinates.
+ * Input and output should be multi-precision floating point integers.
+ */
+ void (*pt_add_chud)(const ecfp_chud_pt *p, const ecfp_chud_pt *q,
+ ecfp_chud_pt *r, const EC_group_fp *group);
+ /* Expects out to be an array of size 16 of Chudnovsky Jacobian
+ * points. Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for
+ * -15P, -13P, -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P,
+ * 13P, 15P */
+ void (*precompute_chud)(ecfp_chud_pt *out, const ecfp_aff_pt *p,
+ const EC_group_fp *group);
+ /* Expects out to be an array of size 16 of Jacobian points. Fills in
+ * Chudnovsky Jacobian form (x, y, z), for O, P, 2P, ... 15P */
+ void (*precompute_jac)(ecfp_jac_pt *out, const ecfp_aff_pt *p,
+ const EC_group_fp *group);
};
/* Computes r = x*y.
@@ -296,21 +295,21 @@ void ecfp_multiply(double *r, const double *x, const double *y);
* bits from one double to the next double, so that the precision of the
* doubles is reduced to the regular precision group->doubleBitSize. This
* might result in some float digits being negative. */
-void ecfp_tidy(double *t, const double *alpha, const EC_group_fp * group);
+void ecfp_tidy(double *t, const double *alpha, const EC_group_fp *group);
/* Performs tidying on only the upper float digits of a multi-precision
- * floating point integer, i.e. the digits beyond the regular length which
+ * floating point integer, i.e. the digits beyond the regular length which
* are removed in the reduction step. */
-void ecfp_tidyUpper(double *t, const EC_group_fp * group);
+void ecfp_tidyUpper(double *t, const EC_group_fp *group);
-/* Performs tidying on a short multi-precision floating point integer (the
+/* Performs tidying on a short multi-precision floating point integer (the
* lower group->numDoubles floats). */
-void ecfp_tidyShort(double *t, const EC_group_fp * group);
+void ecfp_tidyShort(double *t, const EC_group_fp *group);
/* Performs a more mathematically precise "tidying" so that each term is
* positive. This is slower than the regular tidying, and is used for
* conversion from floating point to integer. */
-void ecfp_positiveTidy(double *t, const EC_group_fp * group);
+void ecfp_positiveTidy(double *t, const EC_group_fp *group);
/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
* a, b and p are the elliptic curve coefficients and the prime that
@@ -318,12 +317,12 @@ void ecfp_positiveTidy(double *t, const EC_group_fp * group);
* identical. Uses mixed Jacobian-affine coordinates. Uses 4-bit window
* method. */
mp_err
- ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *ecgroup);
+ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *ecgroup);
/* Computes R = nP where R is (rx, ry) and P is the base point. The
- * parameters a, b and p are the elliptic curve coefficients and the prime
+ * parameters a, b and p are the elliptic curve coefficients and the prime
* that determines the field GFp. Elliptic curve points P and R can be
* identical. Uses mixed Jacobian-affine coordinates (Jacobian
* coordinates for doubles and affine coordinates for additions; based on
@@ -332,8 +331,8 @@ mp_err
* Menezes. Software Implementation of the NIST Elliptic Curves Over Prime
* Fields. */
mp_err ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *ecgroup);
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *ecgroup);
/* Uses mixed Jacobian-affine coordinates to perform a point
* multiplication: R = n * P, n scalar. Uses mixed Jacobian-affine
@@ -342,14 +341,14 @@ mp_err ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px,
* time efficient but quite space efficient, no precomputation needed.
* group contains the elliptic curve coefficients and the prime that
* determines the field GFp. Elliptic curve points P and R can be
- * identical. Performs calculations in floating point number format, since
+ * identical. Performs calculations in floating point number format, since
* this is faster than the integer operations on the ULTRASPARC III.
* Uses left-to-right binary method (double & add) (algorithm 9) for
* scalar-point multiplication from Brown, Hankerson, Lopez, Menezes.
* Software Implementation of the NIST Elliptic Curves Over Prime Fields. */
mp_err
- ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *ecgroup);
+ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py,
+ mp_int *rx, mp_int *ry, const ECGroup *ecgroup);
/* Cleans up extra memory allocated in ECGroup for this implementation. */
void ec_GFp_extra_free_fp(ECGroup *group);
@@ -357,16 +356,16 @@ void ec_GFp_extra_free_fp(ECGroup *group);
/* Converts from a floating point representation into an mp_int. Expects
* that d is already reduced. */
void
- ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup);
+ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup);
/* Converts from an mpint into a floating point representation. */
void
- ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup);
+ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup);
/* Tests what precision floating point arithmetic is set to. This should
* be either a 53-bit mantissa (IEEE standard) or a 64-bit mantissa
* (extended precision on x86) and sets it into the EC_group_fp. Returns
* either 53 or 64 accordingly. */
-int ec_set_fp_precision(EC_group_fp * group);
+int ec_set_fp_precision(EC_group_fp *group);
#endif
diff --git a/lib/freebl/ecl/ecp_fp160.c b/lib/freebl/ecl/ecp_fp160.c
index f462f3ba1..f3de30c2e 100644
--- a/lib/freebl/ecl/ecp_fp160.c
+++ b/lib/freebl/ecl/ecp_fp160.c
@@ -12,93 +12,93 @@
/* Performs a single step of reduction, just on the uppermost float
* (assumes already tidied), and then retidies. Note, this does not
- * guarantee that the result will be less than p, but truncates the number
+ * guarantee that the result will be less than p, but truncates the number
* of bits. */
void
-ecfp160_singleReduce(double *d, const EC_group_fp * group)
+ecfp160_singleReduce(double *d, const EC_group_fp *group)
{
- double q;
-
- ECFP_ASSERT(group->doubleBitSize == 24);
- ECFP_ASSERT(group->primeBitSize == 160);
- ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
-
- q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
- q += group->bitSize_alpha;
- q -= group->bitSize_alpha;
-
- d[ECFP_NUMDOUBLES - 1] -= q;
- d[0] += q * ecfp_twom160;
- d[1] += q * ecfp_twom129;
- ecfp_positiveTidy(d, group);
-
- /* Assertions for the highest order term */
- ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] / ecfp_exp[ECFP_NUMDOUBLES - 1] ==
- (unsigned long long) (d[ECFP_NUMDOUBLES - 1] /
- ecfp_exp[ECFP_NUMDOUBLES - 1]));
- ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] >= 0);
+ double q;
+
+ ECFP_ASSERT(group->doubleBitSize == 24);
+ ECFP_ASSERT(group->primeBitSize == 160);
+ ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
+
+ q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
+ q += group->bitSize_alpha;
+ q -= group->bitSize_alpha;
+
+ d[ECFP_NUMDOUBLES - 1] -= q;
+ d[0] += q * ecfp_twom160;
+ d[1] += q * ecfp_twom129;
+ ecfp_positiveTidy(d, group);
+
+ /* Assertions for the highest order term */
+ ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] / ecfp_exp[ECFP_NUMDOUBLES - 1] ==
+ (unsigned long long)(d[ECFP_NUMDOUBLES - 1] /
+ ecfp_exp[ECFP_NUMDOUBLES - 1]));
+ ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] >= 0);
}
/* Performs imperfect reduction. This might leave some negative terms,
- * and one more reduction might be required for the result to be between 0
+ * and one more reduction might be required for the result to be between 0
* and p-1. x should not already be reduced, i.e. should have
* 2*ECFP_NUMDOUBLES significant terms. x and r can be the same, but then
* the upper parts of r are not zeroed */
void
-ecfp160_reduce(double *r, double *x, const EC_group_fp * group)
+ecfp160_reduce(double *r, double *x, const EC_group_fp *group)
{
- double x7, x8, q;
-
- ECFP_ASSERT(group->doubleBitSize == 24);
- ECFP_ASSERT(group->primeBitSize == 160);
- ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
-
- /* Tidy just the upper bits, the lower bits can wait. */
- ecfp_tidyUpper(x, group);
-
- /* Assume that this is already tidied so that we have enough extra
- * bits */
- x7 = x[7] + x[13] * ecfp_twom129; /* adds bits 15-39 */
-
- /* Tidy x7, or we won't have enough bits later to add it in */
- q = x7 + group->alpha[8];
- q -= group->alpha[8];
- x7 -= q; /* holds bits 0-24 */
- x8 = x[8] + q; /* holds bits 0-25 */
-
- r[6] = x[6] + x[13] * ecfp_twom160 + x[12] * ecfp_twom129; /* adds
- * bits
- * 8-39 */
- r[5] = x[5] + x[12] * ecfp_twom160 + x[11] * ecfp_twom129;
- r[4] = x[4] + x[11] * ecfp_twom160 + x[10] * ecfp_twom129;
- r[3] = x[3] + x[10] * ecfp_twom160 + x[9] * ecfp_twom129;
- r[2] = x[2] + x[9] * ecfp_twom160 + x8 * ecfp_twom129; /* adds bits
- * 8-40 */
- r[1] = x[1] + x8 * ecfp_twom160 + x7 * ecfp_twom129; /* adds bits
- * 8-39 */
- r[0] = x[0] + x7 * ecfp_twom160;
-
- /* Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
- * is accurate plus or minus one. (Rather than tidy all to make it
- * totally accurate, which is more costly.) */
- q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
- q -= group->alpha[ECFP_NUMDOUBLES - 1];
- r[ECFP_NUMDOUBLES - 2] -= q;
- r[ECFP_NUMDOUBLES - 1] += q;
-
- /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
- /* Use ecfp_beta so we get a positive result */
- q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
- q += group->bitSize_alpha;
- q -= group->bitSize_alpha;
-
- r[ECFP_NUMDOUBLES - 1] -= q;
- r[0] += q * ecfp_twom160;
- r[1] += q * ecfp_twom129;
-
- /* Tidy the result */
- ecfp_tidyShort(r, group);
+ double x7, x8, q;
+
+ ECFP_ASSERT(group->doubleBitSize == 24);
+ ECFP_ASSERT(group->primeBitSize == 160);
+ ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
+
+ /* Tidy just the upper bits, the lower bits can wait. */
+ ecfp_tidyUpper(x, group);
+
+ /* Assume that this is already tidied so that we have enough extra
+ * bits */
+ x7 = x[7] + x[13] * ecfp_twom129; /* adds bits 15-39 */
+
+ /* Tidy x7, or we won't have enough bits later to add it in */
+ q = x7 + group->alpha[8];
+ q -= group->alpha[8];
+ x7 -= q; /* holds bits 0-24 */
+ x8 = x[8] + q; /* holds bits 0-25 */
+
+ r[6] = x[6] + x[13] * ecfp_twom160 + x[12] * ecfp_twom129; /* adds
+ * bits
+ * 8-39 */
+ r[5] = x[5] + x[12] * ecfp_twom160 + x[11] * ecfp_twom129;
+ r[4] = x[4] + x[11] * ecfp_twom160 + x[10] * ecfp_twom129;
+ r[3] = x[3] + x[10] * ecfp_twom160 + x[9] * ecfp_twom129;
+ r[2] = x[2] + x[9] * ecfp_twom160 + x8 * ecfp_twom129; /* adds bits
+ * 8-40 */
+ r[1] = x[1] + x8 * ecfp_twom160 + x7 * ecfp_twom129; /* adds bits
+ * 8-39 */
+ r[0] = x[0] + x7 * ecfp_twom160;
+
+ /* Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
+ * is accurate plus or minus one. (Rather than tidy all to make it
+ * totally accurate, which is more costly.) */
+ q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+ q -= group->alpha[ECFP_NUMDOUBLES - 1];
+ r[ECFP_NUMDOUBLES - 2] -= q;
+ r[ECFP_NUMDOUBLES - 1] += q;
+
+ /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
+ /* Use ecfp_beta so we get a positive result */
+ q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
+ q += group->bitSize_alpha;
+ q -= group->bitSize_alpha;
+
+ r[ECFP_NUMDOUBLES - 1] -= q;
+ r[0] += q * ecfp_twom160;
+ r[1] += q * ecfp_twom129;
+
+ /* Tidy the result */
+ ecfp_tidyShort(r, group);
}
/* Sets group to use optimized calculations in this file */
@@ -106,40 +106,40 @@ mp_err
ec_group_set_secp160r1_fp(ECGroup *group)
{
- EC_group_fp *fpg = NULL;
-
- /* Allocate memory for floating point group data */
- fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp));
- if (fpg == NULL) {
- return MP_MEM;
- }
-
- fpg->numDoubles = ECFP_NUMDOUBLES;
- fpg->primeBitSize = ECFP_BSIZE;
- fpg->orderBitSize = 161;
- fpg->doubleBitSize = 24;
- fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
- fpg->aIsM3 = 1;
- fpg->ecfp_singleReduce = &ecfp160_singleReduce;
- fpg->ecfp_reduce = &ecfp160_reduce;
- fpg->ecfp_tidy = &ecfp_tidy;
-
- fpg->pt_add_jac_aff = &ecfp160_pt_add_jac_aff;
- fpg->pt_add_jac = &ecfp160_pt_add_jac;
- fpg->pt_add_jm_chud = &ecfp160_pt_add_jm_chud;
- fpg->pt_add_chud = &ecfp160_pt_add_chud;
- fpg->pt_dbl_jac = &ecfp160_pt_dbl_jac;
- fpg->pt_dbl_jm = &ecfp160_pt_dbl_jm;
- fpg->pt_dbl_aff2chud = &ecfp160_pt_dbl_aff2chud;
- fpg->precompute_chud = &ecfp160_precompute_chud;
- fpg->precompute_jac = &ecfp160_precompute_jac;
-
- group->point_mul = &ec_GFp_point_mul_wNAF_fp;
- group->points_mul = &ec_pts_mul_basic;
- group->extra1 = fpg;
- group->extra_free = &ec_GFp_extra_free_fp;
-
- ec_set_fp_precision(fpg);
- fpg->bitSize_alpha = ECFP_TWO160 * fpg->alpha[0];
- return MP_OKAY;
+ EC_group_fp *fpg = NULL;
+
+ /* Allocate memory for floating point group data */
+ fpg = (EC_group_fp *)malloc(sizeof(EC_group_fp));
+ if (fpg == NULL) {
+ return MP_MEM;
+ }
+
+ fpg->numDoubles = ECFP_NUMDOUBLES;
+ fpg->primeBitSize = ECFP_BSIZE;
+ fpg->orderBitSize = 161;
+ fpg->doubleBitSize = 24;
+ fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+ fpg->aIsM3 = 1;
+ fpg->ecfp_singleReduce = &ecfp160_singleReduce;
+ fpg->ecfp_reduce = &ecfp160_reduce;
+ fpg->ecfp_tidy = &ecfp_tidy;
+
+ fpg->pt_add_jac_aff = &ecfp160_pt_add_jac_aff;
+ fpg->pt_add_jac = &ecfp160_pt_add_jac;
+ fpg->pt_add_jm_chud = &ecfp160_pt_add_jm_chud;
+ fpg->pt_add_chud = &ecfp160_pt_add_chud;
+ fpg->pt_dbl_jac = &ecfp160_pt_dbl_jac;
+ fpg->pt_dbl_jm = &ecfp160_pt_dbl_jm;
+ fpg->pt_dbl_aff2chud = &ecfp160_pt_dbl_aff2chud;
+ fpg->precompute_chud = &ecfp160_precompute_chud;
+ fpg->precompute_jac = &ecfp160_precompute_jac;
+
+ group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+ group->points_mul = &ec_pts_mul_basic;
+ group->extra1 = fpg;
+ group->extra_free = &ec_GFp_extra_free_fp;
+
+ ec_set_fp_precision(fpg);
+ fpg->bitSize_alpha = ECFP_TWO160 * fpg->alpha[0];
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_fp192.c b/lib/freebl/ecl/ecp_fp192.c
index a415bcd05..52e5f7737 100644
--- a/lib/freebl/ecl/ecp_fp192.c
+++ b/lib/freebl/ecl/ecp_fp192.c
@@ -14,130 +14,130 @@
* (assumes already tidied), and then retidies. Note, this does not
* guarantee that the result will be less than p. */
void
-ecfp192_singleReduce(double *d, const EC_group_fp * group)
+ecfp192_singleReduce(double *d, const EC_group_fp *group)
{
- double q;
+ double q;
- ECFP_ASSERT(group->doubleBitSize == 24);
- ECFP_ASSERT(group->primeBitSize == 192);
- ECFP_ASSERT(group->numDoubles == 8);
+ ECFP_ASSERT(group->doubleBitSize == 24);
+ ECFP_ASSERT(group->primeBitSize == 192);
+ ECFP_ASSERT(group->numDoubles == 8);
- q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
- q += group->bitSize_alpha;
- q -= group->bitSize_alpha;
+ q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
+ q += group->bitSize_alpha;
+ q -= group->bitSize_alpha;
- d[ECFP_NUMDOUBLES - 1] -= q;
- d[0] += q * ecfp_twom192;
- d[2] += q * ecfp_twom128;
- ecfp_positiveTidy(d, group);
+ d[ECFP_NUMDOUBLES - 1] -= q;
+ d[0] += q * ecfp_twom192;
+ d[2] += q * ecfp_twom128;
+ ecfp_positiveTidy(d, group);
}
-/*
+/*
* Performs imperfect reduction. This might leave some negative terms,
- * and one more reduction might be required for the result to be between 0
- * and p-1. x should be be an array of at least 16, and r at least 8 x and
+ * and one more reduction might be required for the result to be between 0
+ * and p-1. x should be be an array of at least 16, and r at least 8 x and
* r can be the same, but then the upper parts of r are not zeroed */
void
-ecfp_reduce_192(double *r, double *x, const EC_group_fp * group)
+ecfp_reduce_192(double *r, double *x, const EC_group_fp *group)
{
- double x8, x9, x10, q;
-
- ECFP_ASSERT(group->doubleBitSize == 24);
- ECFP_ASSERT(group->primeBitSize == 192);
- ECFP_ASSERT(group->numDoubles == 8);
-
- /* Tidy just the upper portion, the lower part can wait */
- ecfp_tidyUpper(x, group);
-
- x8 = x[8] + x[14] * ecfp_twom128; /* adds bits 16-40 */
- x9 = x[9] + x[15] * ecfp_twom128; /* adds bits 16-40 */
-
- /* Tidy up, or we won't have enough bits later to add it in */
-
- q = x8 + group->alpha[9];
- q -= group->alpha[9];
- x8 -= q;
- x9 += q;
-
- q = x9 + group->alpha[10];
- q -= group->alpha[10];
- x9 -= q;
- x10 = x[10] + q;
-
- r[7] = x[7] + x[15] * ecfp_twom192 + x[13] * ecfp_twom128; /* adds
- * bits
- * 0-40 */
- r[6] = x[6] + x[14] * ecfp_twom192 + x[12] * ecfp_twom128;
- r[5] = x[5] + x[13] * ecfp_twom192 + x[11] * ecfp_twom128;
- r[4] = x[4] + x[12] * ecfp_twom192 + x10 * ecfp_twom128;
- r[3] = x[3] + x[11] * ecfp_twom192 + x9 * ecfp_twom128; /* adds bits
- * 0-40 */
- r[2] = x[2] + x10 * ecfp_twom192 + x8 * ecfp_twom128;
- r[1] = x[1] + x9 * ecfp_twom192; /* adds bits 16-40 */
- r[0] = x[0] + x8 * ecfp_twom192;
-
- /*
- * Tidy up just r[group->numDoubles-2] so that the number of
- * reductions is accurate plus or minus one. (Rather than tidy all to
- * make it totally accurate) */
- q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
- q -= group->alpha[ECFP_NUMDOUBLES - 1];
- r[ECFP_NUMDOUBLES - 2] -= q;
- r[ECFP_NUMDOUBLES - 1] += q;
-
- /* Tidy up the excess bits on r[group->numDoubles-1] using reduction */
- /* Use ecfp_beta so we get a positive res */
- q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
- q += group->bitSize_alpha;
- q -= group->bitSize_alpha;
-
- r[ECFP_NUMDOUBLES - 1] -= q;
- r[0] += q * ecfp_twom192;
- r[2] += q * ecfp_twom128;
-
- /* Tidy the result */
- ecfp_tidyShort(r, group);
+ double x8, x9, x10, q;
+
+ ECFP_ASSERT(group->doubleBitSize == 24);
+ ECFP_ASSERT(group->primeBitSize == 192);
+ ECFP_ASSERT(group->numDoubles == 8);
+
+ /* Tidy just the upper portion, the lower part can wait */
+ ecfp_tidyUpper(x, group);
+
+ x8 = x[8] + x[14] * ecfp_twom128; /* adds bits 16-40 */
+ x9 = x[9] + x[15] * ecfp_twom128; /* adds bits 16-40 */
+
+ /* Tidy up, or we won't have enough bits later to add it in */
+
+ q = x8 + group->alpha[9];
+ q -= group->alpha[9];
+ x8 -= q;
+ x9 += q;
+
+ q = x9 + group->alpha[10];
+ q -= group->alpha[10];
+ x9 -= q;
+ x10 = x[10] + q;
+
+ r[7] = x[7] + x[15] * ecfp_twom192 + x[13] * ecfp_twom128; /* adds
+ * bits
+ * 0-40 */
+ r[6] = x[6] + x[14] * ecfp_twom192 + x[12] * ecfp_twom128;
+ r[5] = x[5] + x[13] * ecfp_twom192 + x[11] * ecfp_twom128;
+ r[4] = x[4] + x[12] * ecfp_twom192 + x10 * ecfp_twom128;
+ r[3] = x[3] + x[11] * ecfp_twom192 + x9 * ecfp_twom128; /* adds bits
+ * 0-40 */
+ r[2] = x[2] + x10 * ecfp_twom192 + x8 * ecfp_twom128;
+ r[1] = x[1] + x9 * ecfp_twom192; /* adds bits 16-40 */
+ r[0] = x[0] + x8 * ecfp_twom192;
+
+ /*
+ * Tidy up just r[group->numDoubles-2] so that the number of
+ * reductions is accurate plus or minus one. (Rather than tidy all to
+ * make it totally accurate) */
+ q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+ q -= group->alpha[ECFP_NUMDOUBLES - 1];
+ r[ECFP_NUMDOUBLES - 2] -= q;
+ r[ECFP_NUMDOUBLES - 1] += q;
+
+ /* Tidy up the excess bits on r[group->numDoubles-1] using reduction */
+ /* Use ecfp_beta so we get a positive res */
+ q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
+ q += group->bitSize_alpha;
+ q -= group->bitSize_alpha;
+
+ r[ECFP_NUMDOUBLES - 1] -= q;
+ r[0] += q * ecfp_twom192;
+ r[2] += q * ecfp_twom128;
+
+ /* Tidy the result */
+ ecfp_tidyShort(r, group);
}
/* Sets group to use optimized calculations in this file */
mp_err
ec_group_set_nistp192_fp(ECGroup *group)
{
- EC_group_fp *fpg;
-
- /* Allocate memory for floating point group data */
- fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp));
- if (fpg == NULL) {
- return MP_MEM;
- }
-
- fpg->numDoubles = ECFP_NUMDOUBLES;
- fpg->primeBitSize = ECFP_BSIZE;
- fpg->orderBitSize = 192;
- fpg->doubleBitSize = 24;
- fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
- fpg->aIsM3 = 1;
- fpg->ecfp_singleReduce = &ecfp192_singleReduce;
- fpg->ecfp_reduce = &ecfp_reduce_192;
- fpg->ecfp_tidy = &ecfp_tidy;
-
- fpg->pt_add_jac_aff = &ecfp192_pt_add_jac_aff;
- fpg->pt_add_jac = &ecfp192_pt_add_jac;
- fpg->pt_add_jm_chud = &ecfp192_pt_add_jm_chud;
- fpg->pt_add_chud = &ecfp192_pt_add_chud;
- fpg->pt_dbl_jac = &ecfp192_pt_dbl_jac;
- fpg->pt_dbl_jm = &ecfp192_pt_dbl_jm;
- fpg->pt_dbl_aff2chud = &ecfp192_pt_dbl_aff2chud;
- fpg->precompute_chud = &ecfp192_precompute_chud;
- fpg->precompute_jac = &ecfp192_precompute_jac;
-
- group->point_mul = &ec_GFp_point_mul_wNAF_fp;
- group->points_mul = &ec_pts_mul_basic;
- group->extra1 = fpg;
- group->extra_free = &ec_GFp_extra_free_fp;
-
- ec_set_fp_precision(fpg);
- fpg->bitSize_alpha = ECFP_TWO192 * fpg->alpha[0];
-
- return MP_OKAY;
+ EC_group_fp *fpg;
+
+ /* Allocate memory for floating point group data */
+ fpg = (EC_group_fp *)malloc(sizeof(EC_group_fp));
+ if (fpg == NULL) {
+ return MP_MEM;
+ }
+
+ fpg->numDoubles = ECFP_NUMDOUBLES;
+ fpg->primeBitSize = ECFP_BSIZE;
+ fpg->orderBitSize = 192;
+ fpg->doubleBitSize = 24;
+ fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+ fpg->aIsM3 = 1;
+ fpg->ecfp_singleReduce = &ecfp192_singleReduce;
+ fpg->ecfp_reduce = &ecfp_reduce_192;
+ fpg->ecfp_tidy = &ecfp_tidy;
+
+ fpg->pt_add_jac_aff = &ecfp192_pt_add_jac_aff;
+ fpg->pt_add_jac = &ecfp192_pt_add_jac;
+ fpg->pt_add_jm_chud = &ecfp192_pt_add_jm_chud;
+ fpg->pt_add_chud = &ecfp192_pt_add_chud;
+ fpg->pt_dbl_jac = &ecfp192_pt_dbl_jac;
+ fpg->pt_dbl_jm = &ecfp192_pt_dbl_jm;
+ fpg->pt_dbl_aff2chud = &ecfp192_pt_dbl_aff2chud;
+ fpg->precompute_chud = &ecfp192_precompute_chud;
+ fpg->precompute_jac = &ecfp192_precompute_jac;
+
+ group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+ group->points_mul = &ec_pts_mul_basic;
+ group->extra1 = fpg;
+ group->extra_free = &ec_GFp_extra_free_fp;
+
+ ec_set_fp_precision(fpg);
+ fpg->bitSize_alpha = ECFP_TWO192 * fpg->alpha[0];
+
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_fp224.c b/lib/freebl/ecl/ecp_fp224.c
index 71b6a6dcd..07f770ddb 100644
--- a/lib/freebl/ecl/ecp_fp224.c
+++ b/lib/freebl/ecl/ecp_fp224.c
@@ -14,101 +14,101 @@
* (assumes already tidied), and then retidies. Note, this does not
* guarantee that the result will be less than p. */
void
-ecfp224_singleReduce(double *r, const EC_group_fp * group)
+ecfp224_singleReduce(double *r, const EC_group_fp *group)
{
- double q;
+ double q;
- ECFP_ASSERT(group->doubleBitSize == 24);
- ECFP_ASSERT(group->primeBitSize == 224);
- ECFP_ASSERT(group->numDoubles == 10);
+ ECFP_ASSERT(group->doubleBitSize == 24);
+ ECFP_ASSERT(group->primeBitSize == 224);
+ ECFP_ASSERT(group->numDoubles == 10);
- q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
- q += group->bitSize_alpha;
- q -= group->bitSize_alpha;
+ q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
+ q += group->bitSize_alpha;
+ q -= group->bitSize_alpha;
- r[ECFP_NUMDOUBLES - 1] -= q;
- r[0] -= q * ecfp_twom224;
- r[4] += q * ecfp_twom128;
+ r[ECFP_NUMDOUBLES - 1] -= q;
+ r[0] -= q * ecfp_twom224;
+ r[4] += q * ecfp_twom128;
- ecfp_positiveTidy(r, group);
+ ecfp_positiveTidy(r, group);
}
-/*
+/*
* Performs imperfect reduction. This might leave some negative terms,
- * and one more reduction might be required for the result to be between 0
+ * and one more reduction might be required for the result to be between 0
* and p-1. x should be be an array of at least 20, and r at least 10 x
* and r can be the same, but then the upper parts of r are not zeroed */
void
-ecfp224_reduce(double *r, double *x, const EC_group_fp * group)
+ecfp224_reduce(double *r, double *x, const EC_group_fp *group)
{
- double x10, x11, x12, x13, x14, q;
-
- ECFP_ASSERT(group->doubleBitSize == 24);
- ECFP_ASSERT(group->primeBitSize == 224);
- ECFP_ASSERT(group->numDoubles == 10);
-
- /* Tidy just the upper bits of x. Don't need to tidy the lower ones
- * yet. */
- ecfp_tidyUpper(x, group);
-
- x10 = x[10] + x[16] * ecfp_twom128;
- x11 = x[11] + x[17] * ecfp_twom128;
- x12 = x[12] + x[18] * ecfp_twom128;
- x13 = x[13] + x[19] * ecfp_twom128;
-
- /* Tidy up, or we won't have enough bits later to add it in */
- q = x10 + group->alpha[11];
- q -= group->alpha[11];
- x10 -= q;
- x11 = x11 + q;
-
- q = x11 + group->alpha[12];
- q -= group->alpha[12];
- x11 -= q;
- x12 = x12 + q;
-
- q = x12 + group->alpha[13];
- q -= group->alpha[13];
- x12 -= q;
- x13 = x13 + q;
-
- q = x13 + group->alpha[14];
- q -= group->alpha[14];
- x13 -= q;
- x14 = x[14] + q;
-
- r[9] = x[9] + x[15] * ecfp_twom128 - x[19] * ecfp_twom224;
- r[8] = x[8] + x14 * ecfp_twom128 - x[18] * ecfp_twom224;
- r[7] = x[7] + x13 * ecfp_twom128 - x[17] * ecfp_twom224;
- r[6] = x[6] + x12 * ecfp_twom128 - x[16] * ecfp_twom224;
- r[5] = x[5] + x11 * ecfp_twom128 - x[15] * ecfp_twom224;
- r[4] = x[4] + x10 * ecfp_twom128 - x14 * ecfp_twom224;
- r[3] = x[3] - x13 * ecfp_twom224;
- r[2] = x[2] - x12 * ecfp_twom224;
- r[1] = x[1] - x11 * ecfp_twom224;
- r[0] = x[0] - x10 * ecfp_twom224;
-
- /*
- * Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
- * is accurate plus or minus one. (Rather than tidy all to make it
- * totally accurate) */
- q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
- q -= group->alpha[ECFP_NUMDOUBLES - 1];
- r[ECFP_NUMDOUBLES - 2] -= q;
- r[ECFP_NUMDOUBLES - 1] += q;
-
- /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
- /* Use ecfp_beta so we get a positive res */
- q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
- q += group->bitSize_alpha;
- q -= group->bitSize_alpha;
-
- r[ECFP_NUMDOUBLES - 1] -= q;
- r[0] -= q * ecfp_twom224;
- r[4] += q * ecfp_twom128;
-
- ecfp_tidyShort(r, group);
+ double x10, x11, x12, x13, x14, q;
+
+ ECFP_ASSERT(group->doubleBitSize == 24);
+ ECFP_ASSERT(group->primeBitSize == 224);
+ ECFP_ASSERT(group->numDoubles == 10);
+
+ /* Tidy just the upper bits of x. Don't need to tidy the lower ones
+ * yet. */
+ ecfp_tidyUpper(x, group);
+
+ x10 = x[10] + x[16] * ecfp_twom128;
+ x11 = x[11] + x[17] * ecfp_twom128;
+ x12 = x[12] + x[18] * ecfp_twom128;
+ x13 = x[13] + x[19] * ecfp_twom128;
+
+ /* Tidy up, or we won't have enough bits later to add it in */
+ q = x10 + group->alpha[11];
+ q -= group->alpha[11];
+ x10 -= q;
+ x11 = x11 + q;
+
+ q = x11 + group->alpha[12];
+ q -= group->alpha[12];
+ x11 -= q;
+ x12 = x12 + q;
+
+ q = x12 + group->alpha[13];
+ q -= group->alpha[13];
+ x12 -= q;
+ x13 = x13 + q;
+
+ q = x13 + group->alpha[14];
+ q -= group->alpha[14];
+ x13 -= q;
+ x14 = x[14] + q;
+
+ r[9] = x[9] + x[15] * ecfp_twom128 - x[19] * ecfp_twom224;
+ r[8] = x[8] + x14 * ecfp_twom128 - x[18] * ecfp_twom224;
+ r[7] = x[7] + x13 * ecfp_twom128 - x[17] * ecfp_twom224;
+ r[6] = x[6] + x12 * ecfp_twom128 - x[16] * ecfp_twom224;
+ r[5] = x[5] + x11 * ecfp_twom128 - x[15] * ecfp_twom224;
+ r[4] = x[4] + x10 * ecfp_twom128 - x14 * ecfp_twom224;
+ r[3] = x[3] - x13 * ecfp_twom224;
+ r[2] = x[2] - x12 * ecfp_twom224;
+ r[1] = x[1] - x11 * ecfp_twom224;
+ r[0] = x[0] - x10 * ecfp_twom224;
+
+ /*
+ * Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
+ * is accurate plus or minus one. (Rather than tidy all to make it
+ * totally accurate) */
+ q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+ q -= group->alpha[ECFP_NUMDOUBLES - 1];
+ r[ECFP_NUMDOUBLES - 2] -= q;
+ r[ECFP_NUMDOUBLES - 1] += q;
+
+ /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
+ /* Use ecfp_beta so we get a positive res */
+ q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
+ q += group->bitSize_alpha;
+ q -= group->bitSize_alpha;
+
+ r[ECFP_NUMDOUBLES - 1] -= q;
+ r[0] -= q * ecfp_twom224;
+ r[4] += q * ecfp_twom128;
+
+ ecfp_tidyShort(r, group);
}
/* Sets group to use optimized calculations in this file */
@@ -116,41 +116,41 @@ mp_err
ec_group_set_nistp224_fp(ECGroup *group)
{
- EC_group_fp *fpg;
-
- /* Allocate memory for floating point group data */
- fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp));
- if (fpg == NULL) {
- return MP_MEM;
- }
-
- fpg->numDoubles = ECFP_NUMDOUBLES;
- fpg->primeBitSize = ECFP_BSIZE;
- fpg->orderBitSize = 224;
- fpg->doubleBitSize = 24;
- fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
- fpg->aIsM3 = 1;
- fpg->ecfp_singleReduce = &ecfp224_singleReduce;
- fpg->ecfp_reduce = &ecfp224_reduce;
- fpg->ecfp_tidy = &ecfp_tidy;
-
- fpg->pt_add_jac_aff = &ecfp224_pt_add_jac_aff;
- fpg->pt_add_jac = &ecfp224_pt_add_jac;
- fpg->pt_add_jm_chud = &ecfp224_pt_add_jm_chud;
- fpg->pt_add_chud = &ecfp224_pt_add_chud;
- fpg->pt_dbl_jac = &ecfp224_pt_dbl_jac;
- fpg->pt_dbl_jm = &ecfp224_pt_dbl_jm;
- fpg->pt_dbl_aff2chud = &ecfp224_pt_dbl_aff2chud;
- fpg->precompute_chud = &ecfp224_precompute_chud;
- fpg->precompute_jac = &ecfp224_precompute_jac;
-
- group->point_mul = &ec_GFp_point_mul_wNAF_fp;
- group->points_mul = &ec_pts_mul_basic;
- group->extra1 = fpg;
- group->extra_free = &ec_GFp_extra_free_fp;
-
- ec_set_fp_precision(fpg);
- fpg->bitSize_alpha = ECFP_TWO224 * fpg->alpha[0];
-
- return MP_OKAY;
+ EC_group_fp *fpg;
+
+ /* Allocate memory for floating point group data */
+ fpg = (EC_group_fp *)malloc(sizeof(EC_group_fp));
+ if (fpg == NULL) {
+ return MP_MEM;
+ }
+
+ fpg->numDoubles = ECFP_NUMDOUBLES;
+ fpg->primeBitSize = ECFP_BSIZE;
+ fpg->orderBitSize = 224;
+ fpg->doubleBitSize = 24;
+ fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+ fpg->aIsM3 = 1;
+ fpg->ecfp_singleReduce = &ecfp224_singleReduce;
+ fpg->ecfp_reduce = &ecfp224_reduce;
+ fpg->ecfp_tidy = &ecfp_tidy;
+
+ fpg->pt_add_jac_aff = &ecfp224_pt_add_jac_aff;
+ fpg->pt_add_jac = &ecfp224_pt_add_jac;
+ fpg->pt_add_jm_chud = &ecfp224_pt_add_jm_chud;
+ fpg->pt_add_chud = &ecfp224_pt_add_chud;
+ fpg->pt_dbl_jac = &ecfp224_pt_dbl_jac;
+ fpg->pt_dbl_jm = &ecfp224_pt_dbl_jm;
+ fpg->pt_dbl_aff2chud = &ecfp224_pt_dbl_aff2chud;
+ fpg->precompute_chud = &ecfp224_precompute_chud;
+ fpg->precompute_jac = &ecfp224_precompute_jac;
+
+ group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+ group->points_mul = &ec_pts_mul_basic;
+ group->extra1 = fpg;
+ group->extra_free = &ec_GFp_extra_free_fp;
+
+ ec_set_fp_precision(fpg);
+ fpg->bitSize_alpha = ECFP_TWO224 * fpg->alpha[0];
+
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/ecp_fpinc.c b/lib/freebl/ecl/ecp_fpinc.c
index 0df0faf35..79df347e0 100644
--- a/lib/freebl/ecl/ecp_fpinc.c
+++ b/lib/freebl/ecl/ecp_fpinc.c
@@ -17,805 +17,1061 @@
#ifndef PREFIX
#define PREFIX(b) PREFIX1(ECFP_BSIZE, b)
#define PREFIX1(bsize, b) PREFIX2(bsize, b)
-#define PREFIX2(bsize, b) ecfp ## bsize ## _ ## b
+#define PREFIX2(bsize, b) ecfp##bsize##_##b
#endif
/* Returns true iff every double in d is 0. (If d == 0 and it is tidied,
* this will be true.) */
-mp_err PREFIX(isZero) (const double *d) {
- int i;
-
- for (i = 0; i < ECFP_NUMDOUBLES; i++) {
- if (d[i] != 0)
- return MP_NO;
- }
- return MP_YES;
+mp_err PREFIX(isZero)(const double *d)
+{
+ int i;
+
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+ if (d[i] != 0)
+ return MP_NO;
+ }
+ return MP_YES;
}
/* Sets the multi-precision floating point number at t = 0 */
-void PREFIX(zero) (double *t) {
- int i;
+void PREFIX(zero)(double *t)
+{
+ int i;
- for (i = 0; i < ECFP_NUMDOUBLES; i++) {
- t[i] = 0;
- }
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+ t[i] = 0;
+ }
}
/* Sets the multi-precision floating point number at t = 1 */
-void PREFIX(one) (double *t) {
- int i;
-
- t[0] = 1;
- for (i = 1; i < ECFP_NUMDOUBLES; i++) {
- t[i] = 0;
- }
+void PREFIX(one)(double *t)
+{
+ int i;
+
+ t[0] = 1;
+ for (i = 1; i < ECFP_NUMDOUBLES; i++) {
+ t[i] = 0;
+ }
}
/* Checks if point P(x, y, z) is at infinity. Uses Jacobian coordinates. */
-mp_err PREFIX(pt_is_inf_jac) (const ecfp_jac_pt * p) {
- return PREFIX(isZero) (p->z);
+mp_err PREFIX(pt_is_inf_jac)(const ecfp_jac_pt *p)
+{
+ return PREFIX(isZero)(p->z);
}
/* Sets the Jacobian point P to be at infinity. */
-void PREFIX(set_pt_inf_jac) (ecfp_jac_pt * p) {
- PREFIX(zero) (p->z);
+void PREFIX(set_pt_inf_jac)(ecfp_jac_pt *p)
+{
+ PREFIX(zero)
+ (p->z);
}
/* Checks if point P(x, y) is at infinity. Uses Affine coordinates. */
-mp_err PREFIX(pt_is_inf_aff) (const ecfp_aff_pt * p) {
- if (PREFIX(isZero) (p->x) == MP_YES && PREFIX(isZero) (p->y) == MP_YES)
- return MP_YES;
- return MP_NO;
+mp_err PREFIX(pt_is_inf_aff)(const ecfp_aff_pt *p)
+{
+ if (PREFIX(isZero)(p->x) == MP_YES && PREFIX(isZero)(p->y) == MP_YES)
+ return MP_YES;
+ return MP_NO;
}
/* Sets the affine point P to be at infinity. */
-void PREFIX(set_pt_inf_aff) (ecfp_aff_pt * p) {
- PREFIX(zero) (p->x);
- PREFIX(zero) (p->y);
+void PREFIX(set_pt_inf_aff)(ecfp_aff_pt *p)
+{
+ PREFIX(zero)
+ (p->x);
+ PREFIX(zero)
+ (p->y);
}
/* Checks if point P(x, y, z, a*z^4) is at infinity. Uses Modified
* Jacobian coordinates. */
-mp_err PREFIX(pt_is_inf_jm) (const ecfp_jm_pt * p) {
- return PREFIX(isZero) (p->z);
+mp_err PREFIX(pt_is_inf_jm)(const ecfp_jm_pt *p)
+{
+ return PREFIX(isZero)(p->z);
}
/* Sets the Modified Jacobian point P to be at infinity. */
-void PREFIX(set_pt_inf_jm) (ecfp_jm_pt * p) {
- PREFIX(zero) (p->z);
+void PREFIX(set_pt_inf_jm)(ecfp_jm_pt *p)
+{
+ PREFIX(zero)
+ (p->z);
}
/* Checks if point P(x, y, z, z^2, z^3) is at infinity. Uses Chudnovsky
* Jacobian coordinates */
-mp_err PREFIX(pt_is_inf_chud) (const ecfp_chud_pt * p) {
- return PREFIX(isZero) (p->z);
+mp_err PREFIX(pt_is_inf_chud)(const ecfp_chud_pt *p)
+{
+ return PREFIX(isZero)(p->z);
}
/* Sets the Chudnovsky Jacobian point P to be at infinity. */
-void PREFIX(set_pt_inf_chud) (ecfp_chud_pt * p) {
- PREFIX(zero) (p->z);
+void PREFIX(set_pt_inf_chud)(ecfp_chud_pt *p)
+{
+ PREFIX(zero)
+ (p->z);
}
/* Copies a multi-precision floating point number, Setting dest = src */
-void PREFIX(copy) (double *dest, const double *src) {
- int i;
+void PREFIX(copy)(double *dest, const double *src)
+{
+ int i;
- for (i = 0; i < ECFP_NUMDOUBLES; i++) {
- dest[i] = src[i];
- }
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+ dest[i] = src[i];
+ }
}
/* Sets dest = -src */
-void PREFIX(negLong) (double *dest, const double *src) {
- int i;
+void PREFIX(negLong)(double *dest, const double *src)
+{
+ int i;
- for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
- dest[i] = -src[i];
- }
+ for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+ dest[i] = -src[i];
+ }
}
/* Sets r = -p p = (x, y, z, z2, z3) r = (x, -y, z, z2, z3) Uses
* Chudnovsky Jacobian coordinates. */
/* TODO reverse order */
-void PREFIX(pt_neg_chud) (const ecfp_chud_pt * p, ecfp_chud_pt * r) {
- int i;
-
- PREFIX(copy) (r->x, p->x);
- PREFIX(copy) (r->z, p->z);
- PREFIX(copy) (r->z2, p->z2);
- PREFIX(copy) (r->z3, p->z3);
- for (i = 0; i < ECFP_NUMDOUBLES; i++) {
- r->y[i] = -p->y[i];
- }
+void PREFIX(pt_neg_chud)(const ecfp_chud_pt *p, ecfp_chud_pt *r)
+{
+ int i;
+
+ PREFIX(copy)
+ (r->x, p->x);
+ PREFIX(copy)
+ (r->z, p->z);
+ PREFIX(copy)
+ (r->z2, p->z2);
+ PREFIX(copy)
+ (r->z3, p->z3);
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+ r->y[i] = -p->y[i];
+ }
}
/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x,
* y can point to the same data. Componentwise adds first ECFP_NUMDOUBLES
* doubles of x and y and stores the result in r. */
-void PREFIX(addShort) (double *r, const double *x, const double *y) {
- int i;
+void PREFIX(addShort)(double *r, const double *x, const double *y)
+{
+ int i;
- for (i = 0; i < ECFP_NUMDOUBLES; i++) {
- *r++ = *x++ + *y++;
- }
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+ *r++ = *x++ + *y++;
+ }
}
/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x,
* y can point to the same data. Componentwise adds first
* 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
-void PREFIX(addLong) (double *r, const double *x, const double *y) {
- int i;
+void PREFIX(addLong)(double *r, const double *x, const double *y)
+{
+ int i;
- for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
- *r++ = *x++ + *y++;
- }
+ for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+ *r++ = *x++ + *y++;
+ }
}
/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x,
* y can point to the same data. Componentwise subtracts first
* ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
-void PREFIX(subtractShort) (double *r, const double *x, const double *y) {
- int i;
+void PREFIX(subtractShort)(double *r, const double *x, const double *y)
+{
+ int i;
- for (i = 0; i < ECFP_NUMDOUBLES; i++) {
- *r++ = *x++ - *y++;
- }
+ for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+ *r++ = *x++ - *y++;
+ }
}
/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x,
* y can point to the same data. Componentwise subtracts first
* 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
-void PREFIX(subtractLong) (double *r, const double *x, const double *y) {
- int i;
+void PREFIX(subtractLong)(double *r, const double *x, const double *y)
+{
+ int i;
- for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
- *r++ = *x++ - *y++;
- }
+ for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+ *r++ = *x++ - *y++;
+ }
}
/* Computes r = x*y. Both x and y should be tidied and reduced,
* r must be different (point to different memory) than x and y.
* Does not tidy or reduce. */
-void PREFIX(multiply)(double *r, const double *x, const double *y) {
- int i, j;
-
- for(j=0;j<ECFP_NUMDOUBLES-1;j++) {
- r[j] = x[0] * y[j];
- r[j+(ECFP_NUMDOUBLES-1)] = x[ECFP_NUMDOUBLES-1] * y[j];
- }
- r[ECFP_NUMDOUBLES-1] = x[0] * y[ECFP_NUMDOUBLES-1];
- r[ECFP_NUMDOUBLES-1] += x[ECFP_NUMDOUBLES-1] * y[0];
- r[2*ECFP_NUMDOUBLES-2] = x[ECFP_NUMDOUBLES-1] * y[ECFP_NUMDOUBLES-1];
- r[2*ECFP_NUMDOUBLES-1] = 0;
-
- for(i=1;i<ECFP_NUMDOUBLES-1;i++) {
- for(j=0;j<ECFP_NUMDOUBLES;j++) {
- r[i+j] += (x[i] * y[j]);
- }
- }
+void PREFIX(multiply)(double *r, const double *x, const double *y)
+{
+ int i, j;
+
+ for (j = 0; j < ECFP_NUMDOUBLES - 1; j++) {
+ r[j] = x[0] * y[j];
+ r[j + (ECFP_NUMDOUBLES - 1)] = x[ECFP_NUMDOUBLES - 1] * y[j];
+ }
+ r[ECFP_NUMDOUBLES - 1] = x[0] * y[ECFP_NUMDOUBLES - 1];
+ r[ECFP_NUMDOUBLES - 1] += x[ECFP_NUMDOUBLES - 1] * y[0];
+ r[2 * ECFP_NUMDOUBLES - 2] = x[ECFP_NUMDOUBLES - 1] * y[ECFP_NUMDOUBLES - 1];
+ r[2 * ECFP_NUMDOUBLES - 1] = 0;
+
+ for (i = 1; i < ECFP_NUMDOUBLES - 1; i++) {
+ for (j = 0; j < ECFP_NUMDOUBLES; j++) {
+ r[i + j] += (x[i] * y[j]);
+ }
+ }
}
/* Computes the square of x and stores the result in r. x should be
- * tidied & reduced, r will be neither tidied nor reduced.
+ * tidied & reduced, r will be neither tidied nor reduced.
* r should point to different memory than x */
-void PREFIX(square) (double *r, const double *x) {
- PREFIX(multiply) (r, x, x);
+void PREFIX(square)(double *r, const double *x)
+{
+ PREFIX(multiply)
+ (r, x, x);
}
/* Perform a point doubling in Jacobian coordinates. Input and output
* should be multi-precision floating point integers. */
-void PREFIX(pt_dbl_jac) (const ecfp_jac_pt * dp, ecfp_jac_pt * dr,
- const EC_group_fp * group) {
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
- M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES];
-
- /* Check for point at infinity */
- if (PREFIX(pt_is_inf_jac) (dp) == MP_YES) {
- /* Set r = pt at infinity */
- PREFIX(set_pt_inf_jac) (dr);
- goto CLEANUP;
- }
-
- /* Perform typical point doubling operations */
-
- /* TODO? is it worthwhile to do optimizations for when pz = 1? */
-
- if (group->aIsM3) {
- /* When a = -3, M = 3(px - pz^2)(px + pz^2) */
- PREFIX(square) (t1, dp->z);
- group->ecfp_reduce(t1, t1, group); /* 2^23 since the negative
- * rounding buys another bit */
- PREFIX(addShort) (t0, dp->x, t1); /* 2*2^23 */
- PREFIX(subtractShort) (t1, dp->x, t1); /* 2 * 2^23 */
- PREFIX(multiply) (M, t0, t1); /* 40 * 2^46 */
- PREFIX(addLong) (t0, M, M); /* 80 * 2^46 */
- PREFIX(addLong) (M, t0, M); /* 120 * 2^46 < 2^53 */
- group->ecfp_reduce(M, M, group);
- } else {
- /* Generic case */
- /* M = 3 (px^2) + a*(pz^4) */
- PREFIX(square) (t0, dp->x);
- PREFIX(addLong) (M, t0, t0);
- PREFIX(addLong) (t0, t0, M); /* t0 = 3(px^2) */
- PREFIX(square) (M, dp->z);
- group->ecfp_reduce(M, M, group);
- PREFIX(square) (t1, M);
- group->ecfp_reduce(t1, t1, group);
- PREFIX(multiply) (M, t1, group->curvea); /* M = a(pz^4) */
- PREFIX(addLong) (M, M, t0);
- group->ecfp_reduce(M, M, group);
- }
-
- /* rz = 2 * py * pz */
- PREFIX(multiply) (t1, dp->y, dp->z);
- PREFIX(addLong) (t1, t1, t1);
- group->ecfp_reduce(dr->z, t1, group);
-
- /* t0 = 2y^2 */
- PREFIX(square) (t0, dp->y);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(addShort) (t0, t0, t0);
-
- /* S = 4 * px * py^2 = 2 * px * t0 */
- PREFIX(multiply) (S, dp->x, t0);
- PREFIX(addLong) (S, S, S);
- group->ecfp_reduce(S, S, group);
-
- /* rx = M^2 - 2 * S */
- PREFIX(square) (t1, M);
- PREFIX(subtractShort) (t1, t1, S);
- PREFIX(subtractShort) (t1, t1, S);
- group->ecfp_reduce(dr->x, t1, group);
-
- /* ry = M * (S - rx) - 8 * py^4 */
- PREFIX(square) (t1, t0); /* t1 = 4y^4 */
- PREFIX(subtractShort) (S, S, dr->x);
- PREFIX(multiply) (t0, M, S);
- PREFIX(subtractLong) (t0, t0, t1);
- PREFIX(subtractLong) (t0, t0, t1);
- group->ecfp_reduce(dr->y, t0, group);
-
- CLEANUP:
- return;
+void PREFIX(pt_dbl_jac)(const ecfp_jac_pt *dp, ecfp_jac_pt *dr,
+ const EC_group_fp *group)
+{
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+ M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES];
+
+ /* Check for point at infinity */
+ if (PREFIX(pt_is_inf_jac)(dp) == MP_YES) {
+ /* Set r = pt at infinity */
+ PREFIX(set_pt_inf_jac)
+ (dr);
+ goto CLEANUP;
+ }
+
+ /* Perform typical point doubling operations */
+
+ /* TODO? is it worthwhile to do optimizations for when pz = 1? */
+
+ if (group->aIsM3) {
+ /* When a = -3, M = 3(px - pz^2)(px + pz^2) */
+ PREFIX(square)
+ (t1, dp->z);
+ group->ecfp_reduce(t1, t1, group); /* 2^23 since the negative
+ * rounding buys another bit */
+ PREFIX(addShort)
+ (t0, dp->x, t1); /* 2*2^23 */
+ PREFIX(subtractShort)
+ (t1, dp->x, t1); /* 2 * 2^23 */
+ PREFIX(multiply)
+ (M, t0, t1); /* 40 * 2^46 */
+ PREFIX(addLong)
+ (t0, M, M); /* 80 * 2^46 */
+ PREFIX(addLong)
+ (M, t0, M); /* 120 * 2^46 < 2^53 */
+ group->ecfp_reduce(M, M, group);
+ } else {
+ /* Generic case */
+ /* M = 3 (px^2) + a*(pz^4) */
+ PREFIX(square)
+ (t0, dp->x);
+ PREFIX(addLong)
+ (M, t0, t0);
+ PREFIX(addLong)
+ (t0, t0, M); /* t0 = 3(px^2) */
+ PREFIX(square)
+ (M, dp->z);
+ group->ecfp_reduce(M, M, group);
+ PREFIX(square)
+ (t1, M);
+ group->ecfp_reduce(t1, t1, group);
+ PREFIX(multiply)
+ (M, t1, group->curvea); /* M = a(pz^4) */
+ PREFIX(addLong)
+ (M, M, t0);
+ group->ecfp_reduce(M, M, group);
+ }
+
+ /* rz = 2 * py * pz */
+ PREFIX(multiply)
+ (t1, dp->y, dp->z);
+ PREFIX(addLong)
+ (t1, t1, t1);
+ group->ecfp_reduce(dr->z, t1, group);
+
+ /* t0 = 2y^2 */
+ PREFIX(square)
+ (t0, dp->y);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(addShort)
+ (t0, t0, t0);
+
+ /* S = 4 * px * py^2 = 2 * px * t0 */
+ PREFIX(multiply)
+ (S, dp->x, t0);
+ PREFIX(addLong)
+ (S, S, S);
+ group->ecfp_reduce(S, S, group);
+
+ /* rx = M^2 - 2 * S */
+ PREFIX(square)
+ (t1, M);
+ PREFIX(subtractShort)
+ (t1, t1, S);
+ PREFIX(subtractShort)
+ (t1, t1, S);
+ group->ecfp_reduce(dr->x, t1, group);
+
+ /* ry = M * (S - rx) - 8 * py^4 */
+ PREFIX(square)
+ (t1, t0); /* t1 = 4y^4 */
+ PREFIX(subtractShort)
+ (S, S, dr->x);
+ PREFIX(multiply)
+ (t0, M, S);
+ PREFIX(subtractLong)
+ (t0, t0, t1);
+ PREFIX(subtractLong)
+ (t0, t0, t1);
+ group->ecfp_reduce(dr->y, t0, group);
+
+CLEANUP:
+ return;
}
/* Perform a point addition using coordinate system Jacobian + Affine ->
* Jacobian. Input and output should be multi-precision floating point
* integers. */
-void PREFIX(pt_add_jac_aff) (const ecfp_jac_pt * p, const ecfp_aff_pt * q,
- ecfp_jac_pt * r, const EC_group_fp * group) {
- /* Temporary storage */
- double A[2 * ECFP_NUMDOUBLES], B[2 * ECFP_NUMDOUBLES],
- C[2 * ECFP_NUMDOUBLES], C2[2 * ECFP_NUMDOUBLES],
- D[2 * ECFP_NUMDOUBLES], C3[2 * ECFP_NUMDOUBLES];
-
- /* Check for point at infinity for p or q */
- if (PREFIX(pt_is_inf_aff) (q) == MP_YES) {
- PREFIX(copy) (r->x, p->x);
- PREFIX(copy) (r->y, p->y);
- PREFIX(copy) (r->z, p->z);
- goto CLEANUP;
- } else if (PREFIX(pt_is_inf_jac) (p) == MP_YES) {
- PREFIX(copy) (r->x, q->x);
- PREFIX(copy) (r->y, q->y);
- /* Since the affine point is not infinity, we can set r->z = 1 */
- PREFIX(one) (r->z);
- goto CLEANUP;
- }
-
- /* Calculates c = qx * pz^2 - px d = (qy * b - py) rx = d^2 - c^3 + 2
- * (px * c^2) ry = d * (c-rx) - py*c^3 rz = c * pz */
-
- /* A = pz^2, B = pz^3 */
- PREFIX(square) (A, p->z);
- group->ecfp_reduce(A, A, group);
- PREFIX(multiply) (B, A, p->z);
- group->ecfp_reduce(B, B, group);
-
- /* C = qx * A - px */
- PREFIX(multiply) (C, q->x, A);
- PREFIX(subtractShort) (C, C, p->x);
- group->ecfp_reduce(C, C, group);
-
- /* D = qy * B - py */
- PREFIX(multiply) (D, q->y, B);
- PREFIX(subtractShort) (D, D, p->y);
- group->ecfp_reduce(D, D, group);
-
- /* C2 = C^2, C3 = C^3 */
- PREFIX(square) (C2, C);
- group->ecfp_reduce(C2, C2, group);
- PREFIX(multiply) (C3, C2, C);
- group->ecfp_reduce(C3, C3, group);
-
- /* rz = A = pz * C */
- PREFIX(multiply) (A, p->z, C);
- group->ecfp_reduce(r->z, A, group);
-
- /* C = px * C^2, untidied, unreduced */
- PREFIX(multiply) (C, p->x, C2);
-
- /* A = D^2, untidied, unreduced */
- PREFIX(square) (A, D);
-
- /* rx = B = A - C3 - C - C = D^2 - (C^3 + 2 * (px * C^2) */
- PREFIX(subtractShort) (A, A, C3);
- PREFIX(subtractLong) (A, A, C);
- PREFIX(subtractLong) (A, A, C);
- group->ecfp_reduce(r->x, A, group);
-
- /* B = py * C3, untidied, unreduced */
- PREFIX(multiply) (B, p->y, C3);
-
- /* C = px * C^2 - rx */
- PREFIX(subtractShort) (C, C, r->x);
- group->ecfp_reduce(C, C, group);
-
- /* ry = A = D * C - py * C^3 */
- PREFIX(multiply) (A, D, C);
- PREFIX(subtractLong) (A, A, B);
- group->ecfp_reduce(r->y, A, group);
-
- CLEANUP:
- return;
+void PREFIX(pt_add_jac_aff)(const ecfp_jac_pt *p, const ecfp_aff_pt *q,
+ ecfp_jac_pt *r, const EC_group_fp *group)
+{
+ /* Temporary storage */
+ double A[2 * ECFP_NUMDOUBLES], B[2 * ECFP_NUMDOUBLES],
+ C[2 * ECFP_NUMDOUBLES], C2[2 * ECFP_NUMDOUBLES],
+ D[2 * ECFP_NUMDOUBLES], C3[2 * ECFP_NUMDOUBLES];
+
+ /* Check for point at infinity for p or q */
+ if (PREFIX(pt_is_inf_aff)(q) == MP_YES) {
+ PREFIX(copy)
+ (r->x, p->x);
+ PREFIX(copy)
+ (r->y, p->y);
+ PREFIX(copy)
+ (r->z, p->z);
+ goto CLEANUP;
+ } else if (PREFIX(pt_is_inf_jac)(p) == MP_YES) {
+ PREFIX(copy)
+ (r->x, q->x);
+ PREFIX(copy)
+ (r->y, q->y);
+ /* Since the affine point is not infinity, we can set r->z = 1 */
+ PREFIX(one)
+ (r->z);
+ goto CLEANUP;
+ }
+
+ /* Calculates c = qx * pz^2 - px d = (qy * b - py) rx = d^2 - c^3 + 2
+ * (px * c^2) ry = d * (c-rx) - py*c^3 rz = c * pz */
+
+ /* A = pz^2, B = pz^3 */
+ PREFIX(square)
+ (A, p->z);
+ group->ecfp_reduce(A, A, group);
+ PREFIX(multiply)
+ (B, A, p->z);
+ group->ecfp_reduce(B, B, group);
+
+ /* C = qx * A - px */
+ PREFIX(multiply)
+ (C, q->x, A);
+ PREFIX(subtractShort)
+ (C, C, p->x);
+ group->ecfp_reduce(C, C, group);
+
+ /* D = qy * B - py */
+ PREFIX(multiply)
+ (D, q->y, B);
+ PREFIX(subtractShort)
+ (D, D, p->y);
+ group->ecfp_reduce(D, D, group);
+
+ /* C2 = C^2, C3 = C^3 */
+ PREFIX(square)
+ (C2, C);
+ group->ecfp_reduce(C2, C2, group);
+ PREFIX(multiply)
+ (C3, C2, C);
+ group->ecfp_reduce(C3, C3, group);
+
+ /* rz = A = pz * C */
+ PREFIX(multiply)
+ (A, p->z, C);
+ group->ecfp_reduce(r->z, A, group);
+
+ /* C = px * C^2, untidied, unreduced */
+ PREFIX(multiply)
+ (C, p->x, C2);
+
+ /* A = D^2, untidied, unreduced */
+ PREFIX(square)
+ (A, D);
+
+ /* rx = B = A - C3 - C - C = D^2 - (C^3 + 2 * (px * C^2) */
+ PREFIX(subtractShort)
+ (A, A, C3);
+ PREFIX(subtractLong)
+ (A, A, C);
+ PREFIX(subtractLong)
+ (A, A, C);
+ group->ecfp_reduce(r->x, A, group);
+
+ /* B = py * C3, untidied, unreduced */
+ PREFIX(multiply)
+ (B, p->y, C3);
+
+ /* C = px * C^2 - rx */
+ PREFIX(subtractShort)
+ (C, C, r->x);
+ group->ecfp_reduce(C, C, group);
+
+ /* ry = A = D * C - py * C^3 */
+ PREFIX(multiply)
+ (A, D, C);
+ PREFIX(subtractLong)
+ (A, A, B);
+ group->ecfp_reduce(r->y, A, group);
+
+CLEANUP:
+ return;
}
/* Perform a point addition using Jacobian coordinate system. Input and
* output should be multi-precision floating point integers. */
-void PREFIX(pt_add_jac) (const ecfp_jac_pt * p, const ecfp_jac_pt * q,
- ecfp_jac_pt * r, const EC_group_fp * group) {
-
- /* Temporary Storage */
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
- U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
- S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
- H3[2 * ECFP_NUMDOUBLES];
-
- /* Check for point at infinity for p, if so set r = q */
- if (PREFIX(pt_is_inf_jac) (p) == MP_YES) {
- PREFIX(copy) (r->x, q->x);
- PREFIX(copy) (r->y, q->y);
- PREFIX(copy) (r->z, q->z);
- goto CLEANUP;
- }
-
- /* Check for point at infinity for p, if so set r = q */
- if (PREFIX(pt_is_inf_jac) (q) == MP_YES) {
- PREFIX(copy) (r->x, p->x);
- PREFIX(copy) (r->y, p->y);
- PREFIX(copy) (r->z, p->z);
- goto CLEANUP;
- }
-
- /* U = px * qz^2 , S = py * qz^3 */
- PREFIX(square) (t0, q->z);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (U, p->x, t0);
- group->ecfp_reduce(U, U, group);
- PREFIX(multiply) (t1, t0, q->z);
- group->ecfp_reduce(t1, t1, group);
- PREFIX(multiply) (t0, p->y, t1);
- group->ecfp_reduce(S, t0, group);
-
- /* H = qx*(pz)^2 - U , R = (qy * pz^3 - S) */
- PREFIX(square) (t0, p->z);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (H, q->x, t0);
- PREFIX(subtractShort) (H, H, U);
- group->ecfp_reduce(H, H, group);
- PREFIX(multiply) (t1, t0, p->z); /* t1 = pz^3 */
- group->ecfp_reduce(t1, t1, group);
- PREFIX(multiply) (t0, t1, q->y); /* t0 = qy * pz^3 */
- PREFIX(subtractShort) (t0, t0, S);
- group->ecfp_reduce(R, t0, group);
-
- /* U = U*H^2, H3 = H^3 */
- PREFIX(square) (t0, H);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (t1, U, t0);
- group->ecfp_reduce(U, t1, group);
- PREFIX(multiply) (H3, t0, H);
- group->ecfp_reduce(H3, H3, group);
-
- /* rz = pz * qz * H */
- PREFIX(multiply) (t0, q->z, H);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (t1, t0, p->z);
- group->ecfp_reduce(r->z, t1, group);
-
- /* rx = R^2 - H^3 - 2 * U */
- PREFIX(square) (t0, R);
- PREFIX(subtractShort) (t0, t0, H3);
- PREFIX(subtractShort) (t0, t0, U);
- PREFIX(subtractShort) (t0, t0, U);
- group->ecfp_reduce(r->x, t0, group);
-
- /* ry = R(U - rx) - S*H3 */
- PREFIX(subtractShort) (t1, U, r->x);
- PREFIX(multiply) (t0, t1, R);
- PREFIX(multiply) (t1, S, H3);
- PREFIX(subtractLong) (t1, t0, t1);
- group->ecfp_reduce(r->y, t1, group);
-
- CLEANUP:
- return;
+void PREFIX(pt_add_jac)(const ecfp_jac_pt *p, const ecfp_jac_pt *q,
+ ecfp_jac_pt *r, const EC_group_fp *group)
+{
+
+ /* Temporary Storage */
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+ U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+ S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+ H3[2 * ECFP_NUMDOUBLES];
+
+ /* Check for point at infinity for p, if so set r = q */
+ if (PREFIX(pt_is_inf_jac)(p) == MP_YES) {
+ PREFIX(copy)
+ (r->x, q->x);
+ PREFIX(copy)
+ (r->y, q->y);
+ PREFIX(copy)
+ (r->z, q->z);
+ goto CLEANUP;
+ }
+
+ /* Check for point at infinity for p, if so set r = q */
+ if (PREFIX(pt_is_inf_jac)(q) == MP_YES) {
+ PREFIX(copy)
+ (r->x, p->x);
+ PREFIX(copy)
+ (r->y, p->y);
+ PREFIX(copy)
+ (r->z, p->z);
+ goto CLEANUP;
+ }
+
+ /* U = px * qz^2 , S = py * qz^3 */
+ PREFIX(square)
+ (t0, q->z);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (U, p->x, t0);
+ group->ecfp_reduce(U, U, group);
+ PREFIX(multiply)
+ (t1, t0, q->z);
+ group->ecfp_reduce(t1, t1, group);
+ PREFIX(multiply)
+ (t0, p->y, t1);
+ group->ecfp_reduce(S, t0, group);
+
+ /* H = qx*(pz)^2 - U , R = (qy * pz^3 - S) */
+ PREFIX(square)
+ (t0, p->z);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (H, q->x, t0);
+ PREFIX(subtractShort)
+ (H, H, U);
+ group->ecfp_reduce(H, H, group);
+ PREFIX(multiply)
+ (t1, t0, p->z); /* t1 = pz^3 */
+ group->ecfp_reduce(t1, t1, group);
+ PREFIX(multiply)
+ (t0, t1, q->y); /* t0 = qy * pz^3 */
+ PREFIX(subtractShort)
+ (t0, t0, S);
+ group->ecfp_reduce(R, t0, group);
+
+ /* U = U*H^2, H3 = H^3 */
+ PREFIX(square)
+ (t0, H);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (t1, U, t0);
+ group->ecfp_reduce(U, t1, group);
+ PREFIX(multiply)
+ (H3, t0, H);
+ group->ecfp_reduce(H3, H3, group);
+
+ /* rz = pz * qz * H */
+ PREFIX(multiply)
+ (t0, q->z, H);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (t1, t0, p->z);
+ group->ecfp_reduce(r->z, t1, group);
+
+ /* rx = R^2 - H^3 - 2 * U */
+ PREFIX(square)
+ (t0, R);
+ PREFIX(subtractShort)
+ (t0, t0, H3);
+ PREFIX(subtractShort)
+ (t0, t0, U);
+ PREFIX(subtractShort)
+ (t0, t0, U);
+ group->ecfp_reduce(r->x, t0, group);
+
+ /* ry = R(U - rx) - S*H3 */
+ PREFIX(subtractShort)
+ (t1, U, r->x);
+ PREFIX(multiply)
+ (t0, t1, R);
+ PREFIX(multiply)
+ (t1, S, H3);
+ PREFIX(subtractLong)
+ (t1, t0, t1);
+ group->ecfp_reduce(r->y, t1, group);
+
+CLEANUP:
+ return;
}
/* Perform a point doubling in Modified Jacobian coordinates. Input and
* output should be multi-precision floating point integers. */
-void PREFIX(pt_dbl_jm) (const ecfp_jm_pt * p, ecfp_jm_pt * r,
- const EC_group_fp * group) {
-
- /* Temporary storage */
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
- M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES],
- U[2 * ECFP_NUMDOUBLES], T[2 * ECFP_NUMDOUBLES];
-
- /* Check for point at infinity */
- if (PREFIX(pt_is_inf_jm) (p) == MP_YES) {
- /* Set r = pt at infinity by setting rz = 0 */
- PREFIX(set_pt_inf_jm) (r);
- goto CLEANUP;
- }
-
- /* M = 3 (px^2) + a*(pz^4) */
- PREFIX(square) (t0, p->x);
- PREFIX(addLong) (M, t0, t0);
- PREFIX(addLong) (t0, t0, M); /* t0 = 3(px^2) */
- PREFIX(addShort) (t0, t0, p->az4);
- group->ecfp_reduce(M, t0, group);
-
- /* rz = 2 * py * pz */
- PREFIX(multiply) (t1, p->y, p->z);
- PREFIX(addLong) (t1, t1, t1);
- group->ecfp_reduce(r->z, t1, group);
-
- /* t0 = 2y^2, U = 8y^4 */
- PREFIX(square) (t0, p->y);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(addShort) (t0, t0, t0);
- PREFIX(square) (U, t0);
- group->ecfp_reduce(U, U, group);
- PREFIX(addShort) (U, U, U);
-
- /* S = 4 * px * py^2 = 2 * px * t0 */
- PREFIX(multiply) (S, p->x, t0);
- group->ecfp_reduce(S, S, group);
- PREFIX(addShort) (S, S, S);
-
- /* rx = M^2 - 2S */
- PREFIX(square) (T, M);
- PREFIX(subtractShort) (T, T, S);
- PREFIX(subtractShort) (T, T, S);
- group->ecfp_reduce(r->x, T, group);
-
- /* ry = M * (S - rx) - U */
- PREFIX(subtractShort) (S, S, r->x);
- PREFIX(multiply) (t0, M, S);
- PREFIX(subtractShort) (t0, t0, U);
- group->ecfp_reduce(r->y, t0, group);
-
- /* ra*z^4 = 2*U*(apz4) */
- PREFIX(multiply) (t1, U, p->az4);
- PREFIX(addLong) (t1, t1, t1);
- group->ecfp_reduce(r->az4, t1, group);
-
- CLEANUP:
- return;
+void PREFIX(pt_dbl_jm)(const ecfp_jm_pt *p, ecfp_jm_pt *r,
+ const EC_group_fp *group)
+{
+
+ /* Temporary storage */
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+ M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES],
+ U[2 * ECFP_NUMDOUBLES], T[2 * ECFP_NUMDOUBLES];
+
+ /* Check for point at infinity */
+ if (PREFIX(pt_is_inf_jm)(p) == MP_YES) {
+ /* Set r = pt at infinity by setting rz = 0 */
+ PREFIX(set_pt_inf_jm)
+ (r);
+ goto CLEANUP;
+ }
+
+ /* M = 3 (px^2) + a*(pz^4) */
+ PREFIX(square)
+ (t0, p->x);
+ PREFIX(addLong)
+ (M, t0, t0);
+ PREFIX(addLong)
+ (t0, t0, M); /* t0 = 3(px^2) */
+ PREFIX(addShort)
+ (t0, t0, p->az4);
+ group->ecfp_reduce(M, t0, group);
+
+ /* rz = 2 * py * pz */
+ PREFIX(multiply)
+ (t1, p->y, p->z);
+ PREFIX(addLong)
+ (t1, t1, t1);
+ group->ecfp_reduce(r->z, t1, group);
+
+ /* t0 = 2y^2, U = 8y^4 */
+ PREFIX(square)
+ (t0, p->y);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(addShort)
+ (t0, t0, t0);
+ PREFIX(square)
+ (U, t0);
+ group->ecfp_reduce(U, U, group);
+ PREFIX(addShort)
+ (U, U, U);
+
+ /* S = 4 * px * py^2 = 2 * px * t0 */
+ PREFIX(multiply)
+ (S, p->x, t0);
+ group->ecfp_reduce(S, S, group);
+ PREFIX(addShort)
+ (S, S, S);
+
+ /* rx = M^2 - 2S */
+ PREFIX(square)
+ (T, M);
+ PREFIX(subtractShort)
+ (T, T, S);
+ PREFIX(subtractShort)
+ (T, T, S);
+ group->ecfp_reduce(r->x, T, group);
+
+ /* ry = M * (S - rx) - U */
+ PREFIX(subtractShort)
+ (S, S, r->x);
+ PREFIX(multiply)
+ (t0, M, S);
+ PREFIX(subtractShort)
+ (t0, t0, U);
+ group->ecfp_reduce(r->y, t0, group);
+
+ /* ra*z^4 = 2*U*(apz4) */
+ PREFIX(multiply)
+ (t1, U, p->az4);
+ PREFIX(addLong)
+ (t1, t1, t1);
+ group->ecfp_reduce(r->az4, t1, group);
+
+CLEANUP:
+ return;
}
/* Perform a point doubling using coordinates Affine -> Chudnovsky
* Jacobian. Input and output should be multi-precision floating point
* integers. */
-void PREFIX(pt_dbl_aff2chud) (const ecfp_aff_pt * p, ecfp_chud_pt * r,
- const EC_group_fp * group) {
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
- M[2 * ECFP_NUMDOUBLES], twoY2[2 * ECFP_NUMDOUBLES],
- S[2 * ECFP_NUMDOUBLES];
-
- /* Check for point at infinity for p, if so set r = O */
- if (PREFIX(pt_is_inf_aff) (p) == MP_YES) {
- PREFIX(set_pt_inf_chud) (r);
- goto CLEANUP;
- }
-
- /* M = 3(px)^2 + a */
- PREFIX(square) (t0, p->x);
- PREFIX(addLong) (t1, t0, t0);
- PREFIX(addLong) (t1, t1, t0);
- PREFIX(addShort) (t1, t1, group->curvea);
- group->ecfp_reduce(M, t1, group);
-
- /* twoY2 = 2*(py)^2, S = 4(px)(py)^2 */
- PREFIX(square) (twoY2, p->y);
- PREFIX(addLong) (twoY2, twoY2, twoY2);
- group->ecfp_reduce(twoY2, twoY2, group);
- PREFIX(multiply) (S, p->x, twoY2);
- PREFIX(addLong) (S, S, S);
- group->ecfp_reduce(S, S, group);
-
- /* rx = M^2 - 2S */
- PREFIX(square) (t0, M);
- PREFIX(subtractShort) (t0, t0, S);
- PREFIX(subtractShort) (t0, t0, S);
- group->ecfp_reduce(r->x, t0, group);
-
- /* ry = M(S-rx) - 8y^4 */
- PREFIX(subtractShort) (t0, S, r->x);
- PREFIX(multiply) (t1, t0, M);
- PREFIX(square) (t0, twoY2);
- PREFIX(subtractLong) (t1, t1, t0);
- PREFIX(subtractLong) (t1, t1, t0);
- group->ecfp_reduce(r->y, t1, group);
-
- /* rz = 2py */
- PREFIX(addShort) (r->z, p->y, p->y);
-
- /* rz2 = rz^2 */
- PREFIX(square) (t0, r->z);
- group->ecfp_reduce(r->z2, t0, group);
-
- /* rz3 = rz^3 */
- PREFIX(multiply) (t0, r->z, r->z2);
- group->ecfp_reduce(r->z3, t0, group);
-
- CLEANUP:
- return;
+void PREFIX(pt_dbl_aff2chud)(const ecfp_aff_pt *p, ecfp_chud_pt *r,
+ const EC_group_fp *group)
+{
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+ M[2 * ECFP_NUMDOUBLES], twoY2[2 * ECFP_NUMDOUBLES],
+ S[2 * ECFP_NUMDOUBLES];
+
+ /* Check for point at infinity for p, if so set r = O */
+ if (PREFIX(pt_is_inf_aff)(p) == MP_YES) {
+ PREFIX(set_pt_inf_chud)
+ (r);
+ goto CLEANUP;
+ }
+
+ /* M = 3(px)^2 + a */
+ PREFIX(square)
+ (t0, p->x);
+ PREFIX(addLong)
+ (t1, t0, t0);
+ PREFIX(addLong)
+ (t1, t1, t0);
+ PREFIX(addShort)
+ (t1, t1, group->curvea);
+ group->ecfp_reduce(M, t1, group);
+
+ /* twoY2 = 2*(py)^2, S = 4(px)(py)^2 */
+ PREFIX(square)
+ (twoY2, p->y);
+ PREFIX(addLong)
+ (twoY2, twoY2, twoY2);
+ group->ecfp_reduce(twoY2, twoY2, group);
+ PREFIX(multiply)
+ (S, p->x, twoY2);
+ PREFIX(addLong)
+ (S, S, S);
+ group->ecfp_reduce(S, S, group);
+
+ /* rx = M^2 - 2S */
+ PREFIX(square)
+ (t0, M);
+ PREFIX(subtractShort)
+ (t0, t0, S);
+ PREFIX(subtractShort)
+ (t0, t0, S);
+ group->ecfp_reduce(r->x, t0, group);
+
+ /* ry = M(S-rx) - 8y^4 */
+ PREFIX(subtractShort)
+ (t0, S, r->x);
+ PREFIX(multiply)
+ (t1, t0, M);
+ PREFIX(square)
+ (t0, twoY2);
+ PREFIX(subtractLong)
+ (t1, t1, t0);
+ PREFIX(subtractLong)
+ (t1, t1, t0);
+ group->ecfp_reduce(r->y, t1, group);
+
+ /* rz = 2py */
+ PREFIX(addShort)
+ (r->z, p->y, p->y);
+
+ /* rz2 = rz^2 */
+ PREFIX(square)
+ (t0, r->z);
+ group->ecfp_reduce(r->z2, t0, group);
+
+ /* rz3 = rz^3 */
+ PREFIX(multiply)
+ (t0, r->z, r->z2);
+ group->ecfp_reduce(r->z3, t0, group);
+
+CLEANUP:
+ return;
}
/* Perform a point addition using coordinates: Modified Jacobian +
* Chudnovsky Jacobian -> Modified Jacobian. Input and output should be
* multi-precision floating point integers. */
-void PREFIX(pt_add_jm_chud) (ecfp_jm_pt * p, ecfp_chud_pt * q,
- ecfp_jm_pt * r, const EC_group_fp * group) {
-
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
- U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
- S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
- H3[2 * ECFP_NUMDOUBLES], pz2[2 * ECFP_NUMDOUBLES];
-
- /* Check for point at infinity for p, if so set r = q need to convert
- * from Chudnovsky form to Modified Jacobian form */
- if (PREFIX(pt_is_inf_jm) (p) == MP_YES) {
- PREFIX(copy) (r->x, q->x);
- PREFIX(copy) (r->y, q->y);
- PREFIX(copy) (r->z, q->z);
- PREFIX(square) (t0, q->z2);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (t1, t0, group->curvea);
- group->ecfp_reduce(r->az4, t1, group);
- goto CLEANUP;
- }
- /* Check for point at infinity for q, if so set r = p */
- if (PREFIX(pt_is_inf_chud) (q) == MP_YES) {
- PREFIX(copy) (r->x, p->x);
- PREFIX(copy) (r->y, p->y);
- PREFIX(copy) (r->z, p->z);
- PREFIX(copy) (r->az4, p->az4);
- goto CLEANUP;
- }
-
- /* U = px * qz^2 */
- PREFIX(multiply) (U, p->x, q->z2);
- group->ecfp_reduce(U, U, group);
-
- /* H = qx*(pz)^2 - U */
- PREFIX(square) (t0, p->z);
- group->ecfp_reduce(pz2, t0, group);
- PREFIX(multiply) (H, pz2, q->x);
- group->ecfp_reduce(H, H, group);
- PREFIX(subtractShort) (H, H, U);
-
- /* U = U*H^2, H3 = H^3 */
- PREFIX(square) (t0, H);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (t1, U, t0);
- group->ecfp_reduce(U, t1, group);
- PREFIX(multiply) (H3, t0, H);
- group->ecfp_reduce(H3, H3, group);
-
- /* S = py * qz^3 */
- PREFIX(multiply) (S, p->y, q->z3);
- group->ecfp_reduce(S, S, group);
-
- /* R = (qy * z1^3 - s) */
- PREFIX(multiply) (t0, pz2, p->z);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (R, t0, q->y);
- PREFIX(subtractShort) (R, R, S);
- group->ecfp_reduce(R, R, group);
-
- /* rz = pz * qz * H */
- PREFIX(multiply) (t1, q->z, H);
- group->ecfp_reduce(t1, t1, group);
- PREFIX(multiply) (t0, p->z, t1);
- group->ecfp_reduce(r->z, t0, group);
-
- /* rx = R^2 - H^3 - 2 * U */
- PREFIX(square) (t0, R);
- PREFIX(subtractShort) (t0, t0, H3);
- PREFIX(subtractShort) (t0, t0, U);
- PREFIX(subtractShort) (t0, t0, U);
- group->ecfp_reduce(r->x, t0, group);
-
- /* ry = R(U - rx) - S*H3 */
- PREFIX(subtractShort) (t1, U, r->x);
- PREFIX(multiply) (t0, t1, R);
- PREFIX(multiply) (t1, S, H3);
- PREFIX(subtractLong) (t1, t0, t1);
- group->ecfp_reduce(r->y, t1, group);
-
- if (group->aIsM3) { /* a == -3 */
- /* a(rz^4) = -3 * ((rz^2)^2) */
- PREFIX(square) (t0, r->z);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(square) (t1, t0);
- PREFIX(addLong) (t0, t1, t1);
- PREFIX(addLong) (t0, t0, t1);
- PREFIX(negLong) (t0, t0);
- group->ecfp_reduce(r->az4, t0, group);
- } else { /* Generic case */
- /* a(rz^4) = a * ((rz^2)^2) */
- PREFIX(square) (t0, r->z);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(square) (t1, t0);
- group->ecfp_reduce(t1, t1, group);
- PREFIX(multiply) (t0, group->curvea, t1);
- group->ecfp_reduce(r->az4, t0, group);
- }
- CLEANUP:
- return;
+void PREFIX(pt_add_jm_chud)(ecfp_jm_pt *p, ecfp_chud_pt *q,
+ ecfp_jm_pt *r, const EC_group_fp *group)
+{
+
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+ U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+ S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+ H3[2 * ECFP_NUMDOUBLES], pz2[2 * ECFP_NUMDOUBLES];
+
+ /* Check for point at infinity for p, if so set r = q need to convert
+ * from Chudnovsky form to Modified Jacobian form */
+ if (PREFIX(pt_is_inf_jm)(p) == MP_YES) {
+ PREFIX(copy)
+ (r->x, q->x);
+ PREFIX(copy)
+ (r->y, q->y);
+ PREFIX(copy)
+ (r->z, q->z);
+ PREFIX(square)
+ (t0, q->z2);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (t1, t0, group->curvea);
+ group->ecfp_reduce(r->az4, t1, group);
+ goto CLEANUP;
+ }
+ /* Check for point at infinity for q, if so set r = p */
+ if (PREFIX(pt_is_inf_chud)(q) == MP_YES) {
+ PREFIX(copy)
+ (r->x, p->x);
+ PREFIX(copy)
+ (r->y, p->y);
+ PREFIX(copy)
+ (r->z, p->z);
+ PREFIX(copy)
+ (r->az4, p->az4);
+ goto CLEANUP;
+ }
+
+ /* U = px * qz^2 */
+ PREFIX(multiply)
+ (U, p->x, q->z2);
+ group->ecfp_reduce(U, U, group);
+
+ /* H = qx*(pz)^2 - U */
+ PREFIX(square)
+ (t0, p->z);
+ group->ecfp_reduce(pz2, t0, group);
+ PREFIX(multiply)
+ (H, pz2, q->x);
+ group->ecfp_reduce(H, H, group);
+ PREFIX(subtractShort)
+ (H, H, U);
+
+ /* U = U*H^2, H3 = H^3 */
+ PREFIX(square)
+ (t0, H);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (t1, U, t0);
+ group->ecfp_reduce(U, t1, group);
+ PREFIX(multiply)
+ (H3, t0, H);
+ group->ecfp_reduce(H3, H3, group);
+
+ /* S = py * qz^3 */
+ PREFIX(multiply)
+ (S, p->y, q->z3);
+ group->ecfp_reduce(S, S, group);
+
+ /* R = (qy * z1^3 - s) */
+ PREFIX(multiply)
+ (t0, pz2, p->z);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (R, t0, q->y);
+ PREFIX(subtractShort)
+ (R, R, S);
+ group->ecfp_reduce(R, R, group);
+
+ /* rz = pz * qz * H */
+ PREFIX(multiply)
+ (t1, q->z, H);
+ group->ecfp_reduce(t1, t1, group);
+ PREFIX(multiply)
+ (t0, p->z, t1);
+ group->ecfp_reduce(r->z, t0, group);
+
+ /* rx = R^2 - H^3 - 2 * U */
+ PREFIX(square)
+ (t0, R);
+ PREFIX(subtractShort)
+ (t0, t0, H3);
+ PREFIX(subtractShort)
+ (t0, t0, U);
+ PREFIX(subtractShort)
+ (t0, t0, U);
+ group->ecfp_reduce(r->x, t0, group);
+
+ /* ry = R(U - rx) - S*H3 */
+ PREFIX(subtractShort)
+ (t1, U, r->x);
+ PREFIX(multiply)
+ (t0, t1, R);
+ PREFIX(multiply)
+ (t1, S, H3);
+ PREFIX(subtractLong)
+ (t1, t0, t1);
+ group->ecfp_reduce(r->y, t1, group);
+
+ if (group->aIsM3) { /* a == -3 */
+ /* a(rz^4) = -3 * ((rz^2)^2) */
+ PREFIX(square)
+ (t0, r->z);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(square)
+ (t1, t0);
+ PREFIX(addLong)
+ (t0, t1, t1);
+ PREFIX(addLong)
+ (t0, t0, t1);
+ PREFIX(negLong)
+ (t0, t0);
+ group->ecfp_reduce(r->az4, t0, group);
+ } else { /* Generic case */
+ /* a(rz^4) = a * ((rz^2)^2) */
+ PREFIX(square)
+ (t0, r->z);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(square)
+ (t1, t0);
+ group->ecfp_reduce(t1, t1, group);
+ PREFIX(multiply)
+ (t0, group->curvea, t1);
+ group->ecfp_reduce(r->az4, t0, group);
+ }
+CLEANUP:
+ return;
}
/* Perform a point addition using Chudnovsky Jacobian coordinates. Input
* and output should be multi-precision floating point integers. */
-void PREFIX(pt_add_chud) (const ecfp_chud_pt * p, const ecfp_chud_pt * q,
- ecfp_chud_pt * r, const EC_group_fp * group) {
-
- /* Temporary Storage */
- double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
- U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
- S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
- H3[2 * ECFP_NUMDOUBLES];
-
- /* Check for point at infinity for p, if so set r = q */
- if (PREFIX(pt_is_inf_chud) (p) == MP_YES) {
- PREFIX(copy) (r->x, q->x);
- PREFIX(copy) (r->y, q->y);
- PREFIX(copy) (r->z, q->z);
- PREFIX(copy) (r->z2, q->z2);
- PREFIX(copy) (r->z3, q->z3);
- goto CLEANUP;
- }
-
- /* Check for point at infinity for p, if so set r = q */
- if (PREFIX(pt_is_inf_chud) (q) == MP_YES) {
- PREFIX(copy) (r->x, p->x);
- PREFIX(copy) (r->y, p->y);
- PREFIX(copy) (r->z, p->z);
- PREFIX(copy) (r->z2, p->z2);
- PREFIX(copy) (r->z3, p->z3);
- goto CLEANUP;
- }
-
- /* U = px * qz^2 */
- PREFIX(multiply) (U, p->x, q->z2);
- group->ecfp_reduce(U, U, group);
-
- /* H = qx*(pz)^2 - U */
- PREFIX(multiply) (H, q->x, p->z2);
- PREFIX(subtractShort) (H, H, U);
- group->ecfp_reduce(H, H, group);
-
- /* U = U*H^2, H3 = H^3 */
- PREFIX(square) (t0, H);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (t1, U, t0);
- group->ecfp_reduce(U, t1, group);
- PREFIX(multiply) (H3, t0, H);
- group->ecfp_reduce(H3, H3, group);
-
- /* S = py * qz^3 */
- PREFIX(multiply) (S, p->y, q->z3);
- group->ecfp_reduce(S, S, group);
-
- /* rz = pz * qz * H */
- PREFIX(multiply) (t0, q->z, H);
- group->ecfp_reduce(t0, t0, group);
- PREFIX(multiply) (t1, t0, p->z);
- group->ecfp_reduce(r->z, t1, group);
-
- /* R = (qy * z1^3 - s) */
- PREFIX(multiply) (t0, q->y, p->z3);
- PREFIX(subtractShort) (t0, t0, S);
- group->ecfp_reduce(R, t0, group);
-
- /* rx = R^2 - H^3 - 2 * U */
- PREFIX(square) (t0, R);
- PREFIX(subtractShort) (t0, t0, H3);
- PREFIX(subtractShort) (t0, t0, U);
- PREFIX(subtractShort) (t0, t0, U);
- group->ecfp_reduce(r->x, t0, group);
-
- /* ry = R(U - rx) - S*H3 */
- PREFIX(subtractShort) (t1, U, r->x);
- PREFIX(multiply) (t0, t1, R);
- PREFIX(multiply) (t1, S, H3);
- PREFIX(subtractLong) (t1, t0, t1);
- group->ecfp_reduce(r->y, t1, group);
-
- /* rz2 = rz^2 */
- PREFIX(square) (t0, r->z);
- group->ecfp_reduce(r->z2, t0, group);
-
- /* rz3 = rz^3 */
- PREFIX(multiply) (t0, r->z, r->z2);
- group->ecfp_reduce(r->z3, t0, group);
-
- CLEANUP:
- return;
+void PREFIX(pt_add_chud)(const ecfp_chud_pt *p, const ecfp_chud_pt *q,
+ ecfp_chud_pt *r, const EC_group_fp *group)
+{
+
+ /* Temporary Storage */
+ double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+ U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+ S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+ H3[2 * ECFP_NUMDOUBLES];
+
+ /* Check for point at infinity for p, if so set r = q */
+ if (PREFIX(pt_is_inf_chud)(p) == MP_YES) {
+ PREFIX(copy)
+ (r->x, q->x);
+ PREFIX(copy)
+ (r->y, q->y);
+ PREFIX(copy)
+ (r->z, q->z);
+ PREFIX(copy)
+ (r->z2, q->z2);
+ PREFIX(copy)
+ (r->z3, q->z3);
+ goto CLEANUP;
+ }
+
+ /* Check for point at infinity for p, if so set r = q */
+ if (PREFIX(pt_is_inf_chud)(q) == MP_YES) {
+ PREFIX(copy)
+ (r->x, p->x);
+ PREFIX(copy)
+ (r->y, p->y);
+ PREFIX(copy)
+ (r->z, p->z);
+ PREFIX(copy)
+ (r->z2, p->z2);
+ PREFIX(copy)
+ (r->z3, p->z3);
+ goto CLEANUP;
+ }
+
+ /* U = px * qz^2 */
+ PREFIX(multiply)
+ (U, p->x, q->z2);
+ group->ecfp_reduce(U, U, group);
+
+ /* H = qx*(pz)^2 - U */
+ PREFIX(multiply)
+ (H, q->x, p->z2);
+ PREFIX(subtractShort)
+ (H, H, U);
+ group->ecfp_reduce(H, H, group);
+
+ /* U = U*H^2, H3 = H^3 */
+ PREFIX(square)
+ (t0, H);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (t1, U, t0);
+ group->ecfp_reduce(U, t1, group);
+ PREFIX(multiply)
+ (H3, t0, H);
+ group->ecfp_reduce(H3, H3, group);
+
+ /* S = py * qz^3 */
+ PREFIX(multiply)
+ (S, p->y, q->z3);
+ group->ecfp_reduce(S, S, group);
+
+ /* rz = pz * qz * H */
+ PREFIX(multiply)
+ (t0, q->z, H);
+ group->ecfp_reduce(t0, t0, group);
+ PREFIX(multiply)
+ (t1, t0, p->z);
+ group->ecfp_reduce(r->z, t1, group);
+
+ /* R = (qy * z1^3 - s) */
+ PREFIX(multiply)
+ (t0, q->y, p->z3);
+ PREFIX(subtractShort)
+ (t0, t0, S);
+ group->ecfp_reduce(R, t0, group);
+
+ /* rx = R^2 - H^3 - 2 * U */
+ PREFIX(square)
+ (t0, R);
+ PREFIX(subtractShort)
+ (t0, t0, H3);
+ PREFIX(subtractShort)
+ (t0, t0, U);
+ PREFIX(subtractShort)
+ (t0, t0, U);
+ group->ecfp_reduce(r->x, t0, group);
+
+ /* ry = R(U - rx) - S*H3 */
+ PREFIX(subtractShort)
+ (t1, U, r->x);
+ PREFIX(multiply)
+ (t0, t1, R);
+ PREFIX(multiply)
+ (t1, S, H3);
+ PREFIX(subtractLong)
+ (t1, t0, t1);
+ group->ecfp_reduce(r->y, t1, group);
+
+ /* rz2 = rz^2 */
+ PREFIX(square)
+ (t0, r->z);
+ group->ecfp_reduce(r->z2, t0, group);
+
+ /* rz3 = rz^3 */
+ PREFIX(multiply)
+ (t0, r->z, r->z2);
+ group->ecfp_reduce(r->z3, t0, group);
+
+CLEANUP:
+ return;
}
/* Expects out to be an array of size 16 of Chudnovsky Jacobian points.
* Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for -15P, -13P,
* -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P, 13P, 15P */
-void PREFIX(precompute_chud) (ecfp_chud_pt * out, const ecfp_aff_pt * p,
- const EC_group_fp * group) {
-
- ecfp_chud_pt p2;
-
- /* Set out[8] = P */
- PREFIX(copy) (out[8].x, p->x);
- PREFIX(copy) (out[8].y, p->y);
- PREFIX(one) (out[8].z);
- PREFIX(one) (out[8].z2);
- PREFIX(one) (out[8].z3);
-
- /* Set p2 = 2P */
- PREFIX(pt_dbl_aff2chud) (p, &p2, group);
-
- /* Set 3P, 5P, ..., 15P */
- PREFIX(pt_add_chud) (&out[8], &p2, &out[9], group);
- PREFIX(pt_add_chud) (&out[9], &p2, &out[10], group);
- PREFIX(pt_add_chud) (&out[10], &p2, &out[11], group);
- PREFIX(pt_add_chud) (&out[11], &p2, &out[12], group);
- PREFIX(pt_add_chud) (&out[12], &p2, &out[13], group);
- PREFIX(pt_add_chud) (&out[13], &p2, &out[14], group);
- PREFIX(pt_add_chud) (&out[14], &p2, &out[15], group);
-
- /* Set -15P, -13P, ..., -P */
- PREFIX(pt_neg_chud) (&out[8], &out[7]);
- PREFIX(pt_neg_chud) (&out[9], &out[6]);
- PREFIX(pt_neg_chud) (&out[10], &out[5]);
- PREFIX(pt_neg_chud) (&out[11], &out[4]);
- PREFIX(pt_neg_chud) (&out[12], &out[3]);
- PREFIX(pt_neg_chud) (&out[13], &out[2]);
- PREFIX(pt_neg_chud) (&out[14], &out[1]);
- PREFIX(pt_neg_chud) (&out[15], &out[0]);
+void PREFIX(precompute_chud)(ecfp_chud_pt *out, const ecfp_aff_pt *p,
+ const EC_group_fp *group)
+{
+
+ ecfp_chud_pt p2;
+
+ /* Set out[8] = P */
+ PREFIX(copy)
+ (out[8].x, p->x);
+ PREFIX(copy)
+ (out[8].y, p->y);
+ PREFIX(one)
+ (out[8].z);
+ PREFIX(one)
+ (out[8].z2);
+ PREFIX(one)
+ (out[8].z3);
+
+ /* Set p2 = 2P */
+ PREFIX(pt_dbl_aff2chud)
+ (p, &p2, group);
+
+ /* Set 3P, 5P, ..., 15P */
+ PREFIX(pt_add_chud)
+ (&out[8], &p2, &out[9], group);
+ PREFIX(pt_add_chud)
+ (&out[9], &p2, &out[10], group);
+ PREFIX(pt_add_chud)
+ (&out[10], &p2, &out[11], group);
+ PREFIX(pt_add_chud)
+ (&out[11], &p2, &out[12], group);
+ PREFIX(pt_add_chud)
+ (&out[12], &p2, &out[13], group);
+ PREFIX(pt_add_chud)
+ (&out[13], &p2, &out[14], group);
+ PREFIX(pt_add_chud)
+ (&out[14], &p2, &out[15], group);
+
+ /* Set -15P, -13P, ..., -P */
+ PREFIX(pt_neg_chud)
+ (&out[8], &out[7]);
+ PREFIX(pt_neg_chud)
+ (&out[9], &out[6]);
+ PREFIX(pt_neg_chud)
+ (&out[10], &out[5]);
+ PREFIX(pt_neg_chud)
+ (&out[11], &out[4]);
+ PREFIX(pt_neg_chud)
+ (&out[12], &out[3]);
+ PREFIX(pt_neg_chud)
+ (&out[13], &out[2]);
+ PREFIX(pt_neg_chud)
+ (&out[14], &out[1]);
+ PREFIX(pt_neg_chud)
+ (&out[15], &out[0]);
}
/* Expects out to be an array of size 16 of Jacobian points. Fills in
* Jacobian form (x, y, z), for O, P, 2P, ... 15P */
-void PREFIX(precompute_jac) (ecfp_jac_pt * precomp, const ecfp_aff_pt * p,
- const EC_group_fp * group) {
- int i;
-
- /* fill precomputation table */
- /* set precomp[0] */
- PREFIX(set_pt_inf_jac) (&precomp[0]);
- /* set precomp[1] */
- PREFIX(copy) (precomp[1].x, p->x);
- PREFIX(copy) (precomp[1].y, p->y);
- if (PREFIX(pt_is_inf_aff) (p) == MP_YES) {
- PREFIX(zero) (precomp[1].z);
- } else {
- PREFIX(one) (precomp[1].z);
- }
- /* set precomp[2] */
- group->pt_dbl_jac(&precomp[1], &precomp[2], group);
-
- /* set rest of precomp */
- for (i = 3; i < 16; i++) {
- group->pt_add_jac_aff(&precomp[i - 1], p, &precomp[i], group);
- }
+void PREFIX(precompute_jac)(ecfp_jac_pt *precomp, const ecfp_aff_pt *p,
+ const EC_group_fp *group)
+{
+ int i;
+
+ /* fill precomputation table */
+ /* set precomp[0] */
+ PREFIX(set_pt_inf_jac)
+ (&precomp[0]);
+ /* set precomp[1] */
+ PREFIX(copy)
+ (precomp[1].x, p->x);
+ PREFIX(copy)
+ (precomp[1].y, p->y);
+ if (PREFIX(pt_is_inf_aff)(p) == MP_YES) {
+ PREFIX(zero)
+ (precomp[1].z);
+ } else {
+ PREFIX(one)
+ (precomp[1].z);
+ }
+ /* set precomp[2] */
+ group->pt_dbl_jac(&precomp[1], &precomp[2], group);
+
+ /* set rest of precomp */
+ for (i = 3; i < 16; i++) {
+ group->pt_add_jac_aff(&precomp[i - 1], p, &precomp[i], group);
+ }
}
diff --git a/lib/freebl/ecl/ecp_jac.c b/lib/freebl/ecl/ecp_jac.c
index 0eea3fadc..535e75903 100644
--- a/lib/freebl/ecl/ecp_jac.c
+++ b/lib/freebl/ecl/ecp_jac.c
@@ -15,22 +15,22 @@
* field-encoded. */
mp_err
ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx,
- mp_int *ry, mp_int *rz, const ECGroup *group)
+ mp_int *ry, mp_int *rz, const ECGroup *group)
{
- mp_err res = MP_OKAY;
-
- if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
- MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
- } else {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- MP_CHECKOK(mp_set_int(rz, 1));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
- }
- }
- CLEANUP:
- return res;
+ mp_err res = MP_OKAY;
+
+ if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+ } else {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ MP_CHECKOK(mp_set_int(rz, 1));
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
+ }
+ }
+CLEANUP:
+ return res;
}
/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
@@ -39,41 +39,41 @@ ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx,
* output that is still field-encoded. */
mp_err
ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int z1, z2, z3;
-
- MP_DIGITS(&z1) = 0;
- MP_DIGITS(&z2) = 0;
- MP_DIGITS(&z3) = 0;
- MP_CHECKOK(mp_init(&z1));
- MP_CHECKOK(mp_init(&z2));
- MP_CHECKOK(mp_init(&z3));
-
- /* if point at infinity, then set point at infinity and exit */
- if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
- MP_CHECKOK(ec_GFp_pt_set_inf_aff(rx, ry));
- goto CLEANUP;
- }
-
- /* transform (px, py, pz) into (px / pz^2, py / pz^3) */
- if (mp_cmp_d(pz, 1) == 0) {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- } else {
- MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
- MP_CHECKOK(group->meth->field_mul(&z1, &z2, &z3, group->meth));
- MP_CHECKOK(group->meth->field_mul(px, &z2, rx, group->meth));
- MP_CHECKOK(group->meth->field_mul(py, &z3, ry, group->meth));
- }
-
- CLEANUP:
- mp_clear(&z1);
- mp_clear(&z2);
- mp_clear(&z3);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int z1, z2, z3;
+
+ MP_DIGITS(&z1) = 0;
+ MP_DIGITS(&z2) = 0;
+ MP_DIGITS(&z3) = 0;
+ MP_CHECKOK(mp_init(&z1));
+ MP_CHECKOK(mp_init(&z2));
+ MP_CHECKOK(mp_init(&z3));
+
+ /* if point at infinity, then set point at infinity and exit */
+ if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+ MP_CHECKOK(ec_GFp_pt_set_inf_aff(rx, ry));
+ goto CLEANUP;
+ }
+
+ /* transform (px, py, pz) into (px / pz^2, py / pz^3) */
+ if (mp_cmp_d(pz, 1) == 0) {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ } else {
+ MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&z1, &z2, &z3, group->meth));
+ MP_CHECKOK(group->meth->field_mul(px, &z2, rx, group->meth));
+ MP_CHECKOK(group->meth->field_mul(py, &z3, ry, group->meth));
+ }
+
+CLEANUP:
+ mp_clear(&z1);
+ mp_clear(&z2);
+ mp_clear(&z3);
+ return res;
}
/* Checks if point P(px, py, pz) is at infinity. Uses Jacobian
@@ -81,7 +81,7 @@ ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
mp_err
ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py, const mp_int *pz)
{
- return mp_cmp_z(pz);
+ return mp_cmp_z(pz);
}
/* Sets P(px, py, pz) to be the point at infinity. Uses Jacobian
@@ -89,8 +89,8 @@ ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py, const mp_int *pz)
mp_err
ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz)
{
- mp_zero(pz);
- return MP_OKAY;
+ mp_zero(pz);
+ return MP_OKAY;
}
/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
@@ -102,193 +102,191 @@ ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz)
* Fields. */
mp_err
ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
- const mp_int *qx, const mp_int *qy, mp_int *rx,
- mp_int *ry, mp_int *rz, const ECGroup *group)
+ const mp_int *qx, const mp_int *qy, mp_int *rx,
+ mp_int *ry, mp_int *rz, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int A, B, C, D, C2, C3;
-
- MP_DIGITS(&A) = 0;
- MP_DIGITS(&B) = 0;
- MP_DIGITS(&C) = 0;
- MP_DIGITS(&D) = 0;
- MP_DIGITS(&C2) = 0;
- MP_DIGITS(&C3) = 0;
- MP_CHECKOK(mp_init(&A));
- MP_CHECKOK(mp_init(&B));
- MP_CHECKOK(mp_init(&C));
- MP_CHECKOK(mp_init(&D));
- MP_CHECKOK(mp_init(&C2));
- MP_CHECKOK(mp_init(&C3));
-
- /* If either P or Q is the point at infinity, then return the other
- * point */
- if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
- MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
- goto CLEANUP;
- }
- if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- MP_CHECKOK(mp_copy(pz, rz));
- goto CLEANUP;
- }
-
- /* A = qx * pz^2, B = qy * pz^3 */
- MP_CHECKOK(group->meth->field_sqr(pz, &A, group->meth));
- MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth));
- MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
- MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
-
- /* C = A - px, D = B - py */
- MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
- MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
-
- if (mp_cmp_z(&C) == 0) {
- /* P == Q or P == -Q */
- if (mp_cmp_z(&D) == 0) {
- /* P == Q */
- /* It is cheaper to double (qx, qy, 1) than (px, py, pz). */
- MP_DIGIT(&D, 0) = 1; /* Set D to 1. */
- MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group));
- } else {
- /* P == -Q */
- MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
- }
- goto CLEANUP;
- }
-
- /* C2 = C^2, C3 = C^3 */
- MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth));
- MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth));
-
- /* rz = pz * C */
- MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth));
-
- /* C = px * C^2 */
- MP_CHECKOK(group->meth->field_mul(px, &C2, &C, group->meth));
- /* A = D^2 */
- MP_CHECKOK(group->meth->field_sqr(&D, &A, group->meth));
-
- /* rx = D^2 - (C^3 + 2 * (px * C^2)) */
- MP_CHECKOK(group->meth->field_add(&C, &C, rx, group->meth));
- MP_CHECKOK(group->meth->field_add(&C3, rx, rx, group->meth));
- MP_CHECKOK(group->meth->field_sub(&A, rx, rx, group->meth));
-
- /* C3 = py * C^3 */
- MP_CHECKOK(group->meth->field_mul(py, &C3, &C3, group->meth));
-
- /* ry = D * (px * C^2 - rx) - py * C^3 */
- MP_CHECKOK(group->meth->field_sub(&C, rx, ry, group->meth));
- MP_CHECKOK(group->meth->field_mul(&D, ry, ry, group->meth));
- MP_CHECKOK(group->meth->field_sub(ry, &C3, ry, group->meth));
-
- CLEANUP:
- mp_clear(&A);
- mp_clear(&B);
- mp_clear(&C);
- mp_clear(&D);
- mp_clear(&C2);
- mp_clear(&C3);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int A, B, C, D, C2, C3;
+
+ MP_DIGITS(&A) = 0;
+ MP_DIGITS(&B) = 0;
+ MP_DIGITS(&C) = 0;
+ MP_DIGITS(&D) = 0;
+ MP_DIGITS(&C2) = 0;
+ MP_DIGITS(&C3) = 0;
+ MP_CHECKOK(mp_init(&A));
+ MP_CHECKOK(mp_init(&B));
+ MP_CHECKOK(mp_init(&C));
+ MP_CHECKOK(mp_init(&D));
+ MP_CHECKOK(mp_init(&C2));
+ MP_CHECKOK(mp_init(&C3));
+
+ /* If either P or Q is the point at infinity, then return the other
+ * point */
+ if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+ MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
+ goto CLEANUP;
+ }
+ if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ MP_CHECKOK(mp_copy(pz, rz));
+ goto CLEANUP;
+ }
+
+ /* A = qx * pz^2, B = qy * pz^3 */
+ MP_CHECKOK(group->meth->field_sqr(pz, &A, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
+
+ /* C = A - px, D = B - py */
+ MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
+ MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
+
+ if (mp_cmp_z(&C) == 0) {
+ /* P == Q or P == -Q */
+ if (mp_cmp_z(&D) == 0) {
+ /* P == Q */
+ /* It is cheaper to double (qx, qy, 1) than (px, py, pz). */
+ MP_DIGIT(&D, 0) = 1; /* Set D to 1. */
+ MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group));
+ } else {
+ /* P == -Q */
+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+ }
+ goto CLEANUP;
+ }
+
+ /* C2 = C^2, C3 = C^3 */
+ MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth));
+
+ /* rz = pz * C */
+ MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth));
+
+ /* C = px * C^2 */
+ MP_CHECKOK(group->meth->field_mul(px, &C2, &C, group->meth));
+ /* A = D^2 */
+ MP_CHECKOK(group->meth->field_sqr(&D, &A, group->meth));
+
+ /* rx = D^2 - (C^3 + 2 * (px * C^2)) */
+ MP_CHECKOK(group->meth->field_add(&C, &C, rx, group->meth));
+ MP_CHECKOK(group->meth->field_add(&C3, rx, rx, group->meth));
+ MP_CHECKOK(group->meth->field_sub(&A, rx, rx, group->meth));
+
+ /* C3 = py * C^3 */
+ MP_CHECKOK(group->meth->field_mul(py, &C3, &C3, group->meth));
+
+ /* ry = D * (px * C^2 - rx) - py * C^3 */
+ MP_CHECKOK(group->meth->field_sub(&C, rx, ry, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&D, ry, ry, group->meth));
+ MP_CHECKOK(group->meth->field_sub(ry, &C3, ry, group->meth));
+
+CLEANUP:
+ mp_clear(&A);
+ mp_clear(&B);
+ mp_clear(&C);
+ mp_clear(&D);
+ mp_clear(&C2);
+ mp_clear(&C3);
+ return res;
}
-/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
+/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
* Jacobian coordinates.
*
- * Assumes input is already field-encoded using field_enc, and returns
+ * Assumes input is already field-encoded using field_enc, and returns
* output that is still field-encoded.
*
- * This routine implements Point Doubling in the Jacobian Projective
- * space as described in the paper "Efficient elliptic curve exponentiation
+ * This routine implements Point Doubling in the Jacobian Projective
+ * space as described in the paper "Efficient elliptic curve exponentiation
* using mixed coordinates", by H. Cohen, A Miyaji, T. Ono.
*/
mp_err
ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz,
- mp_int *rx, mp_int *ry, mp_int *rz, const ECGroup *group)
+ mp_int *rx, mp_int *ry, mp_int *rz, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int t0, t1, M, S;
-
- MP_DIGITS(&t0) = 0;
- MP_DIGITS(&t1) = 0;
- MP_DIGITS(&M) = 0;
- MP_DIGITS(&S) = 0;
- MP_CHECKOK(mp_init(&t0));
- MP_CHECKOK(mp_init(&t1));
- MP_CHECKOK(mp_init(&M));
- MP_CHECKOK(mp_init(&S));
-
- /* P == inf or P == -P */
- if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) {
- MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
- goto CLEANUP;
- }
-
- if (mp_cmp_d(pz, 1) == 0) {
- /* M = 3 * px^2 + a */
- MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
- MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
- MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
- MP_CHECKOK(group->meth->
- field_add(&t0, &group->curvea, &M, group->meth));
- } else if (MP_SIGN(&group->curvea) == MP_NEG &&
- MP_USED(&group->curvea) == 1 &&
- MP_DIGIT(&group->curvea, 0) == 3) {
- /* M = 3 * (px + pz^2) * (px - pz^2) */
- MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
- MP_CHECKOK(group->meth->field_add(px, &M, &t0, group->meth));
- MP_CHECKOK(group->meth->field_sub(px, &M, &t1, group->meth));
- MP_CHECKOK(group->meth->field_mul(&t0, &t1, &M, group->meth));
- MP_CHECKOK(group->meth->field_add(&M, &M, &t0, group->meth));
- MP_CHECKOK(group->meth->field_add(&t0, &M, &M, group->meth));
- } else {
- /* M = 3 * (px^2) + a * (pz^4) */
- MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
- MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
- MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
- MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&M, &M, group->meth));
- MP_CHECKOK(group->meth->
- field_mul(&M, &group->curvea, &M, group->meth));
- MP_CHECKOK(group->meth->field_add(&M, &t0, &M, group->meth));
- }
-
- /* rz = 2 * py * pz */
- /* t0 = 4 * py^2 */
- if (mp_cmp_d(pz, 1) == 0) {
- MP_CHECKOK(group->meth->field_add(py, py, rz, group->meth));
- MP_CHECKOK(group->meth->field_sqr(rz, &t0, group->meth));
- } else {
- MP_CHECKOK(group->meth->field_add(py, py, &t0, group->meth));
- MP_CHECKOK(group->meth->field_mul(&t0, pz, rz, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
- }
-
- /* S = 4 * px * py^2 = px * (2 * py)^2 */
- MP_CHECKOK(group->meth->field_mul(px, &t0, &S, group->meth));
-
- /* rx = M^2 - 2 * S */
- MP_CHECKOK(group->meth->field_add(&S, &S, &t1, group->meth));
- MP_CHECKOK(group->meth->field_sqr(&M, rx, group->meth));
- MP_CHECKOK(group->meth->field_sub(rx, &t1, rx, group->meth));
-
- /* ry = M * (S - rx) - 8 * py^4 */
- MP_CHECKOK(group->meth->field_sqr(&t0, &t1, group->meth));
- if (mp_isodd(&t1)) {
- MP_CHECKOK(mp_add(&t1, &group->meth->irr, &t1));
- }
- MP_CHECKOK(mp_div_2(&t1, &t1));
- MP_CHECKOK(group->meth->field_sub(&S, rx, &S, group->meth));
- MP_CHECKOK(group->meth->field_mul(&M, &S, &M, group->meth));
- MP_CHECKOK(group->meth->field_sub(&M, &t1, ry, group->meth));
-
- CLEANUP:
- mp_clear(&t0);
- mp_clear(&t1);
- mp_clear(&M);
- mp_clear(&S);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int t0, t1, M, S;
+
+ MP_DIGITS(&t0) = 0;
+ MP_DIGITS(&t1) = 0;
+ MP_DIGITS(&M) = 0;
+ MP_DIGITS(&S) = 0;
+ MP_CHECKOK(mp_init(&t0));
+ MP_CHECKOK(mp_init(&t1));
+ MP_CHECKOK(mp_init(&M));
+ MP_CHECKOK(mp_init(&S));
+
+ /* P == inf or P == -P */
+ if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) {
+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+ goto CLEANUP;
+ }
+
+ if (mp_cmp_d(pz, 1) == 0) {
+ /* M = 3 * px^2 + a */
+ MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t0, &group->curvea, &M, group->meth));
+ } else if (MP_SIGN(&group->curvea) == MP_NEG &&
+ MP_USED(&group->curvea) == 1 &&
+ MP_DIGIT(&group->curvea, 0) == 3) {
+ /* M = 3 * (px + pz^2) * (px - pz^2) */
+ MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
+ MP_CHECKOK(group->meth->field_add(px, &M, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_sub(px, &M, &t1, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&t0, &t1, &M, group->meth));
+ MP_CHECKOK(group->meth->field_add(&M, &M, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t0, &M, &M, group->meth));
+ } else {
+ /* M = 3 * (px^2) + a * (pz^4) */
+ MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
+ MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&M, &M, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&M, &group->curvea, &M, group->meth));
+ MP_CHECKOK(group->meth->field_add(&M, &t0, &M, group->meth));
+ }
+
+ /* rz = 2 * py * pz */
+ /* t0 = 4 * py^2 */
+ if (mp_cmp_d(pz, 1) == 0) {
+ MP_CHECKOK(group->meth->field_add(py, py, rz, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(rz, &t0, group->meth));
+ } else {
+ MP_CHECKOK(group->meth->field_add(py, py, &t0, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&t0, pz, rz, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
+ }
+
+ /* S = 4 * px * py^2 = px * (2 * py)^2 */
+ MP_CHECKOK(group->meth->field_mul(px, &t0, &S, group->meth));
+
+ /* rx = M^2 - 2 * S */
+ MP_CHECKOK(group->meth->field_add(&S, &S, &t1, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(&M, rx, group->meth));
+ MP_CHECKOK(group->meth->field_sub(rx, &t1, rx, group->meth));
+
+ /* ry = M * (S - rx) - 8 * py^4 */
+ MP_CHECKOK(group->meth->field_sqr(&t0, &t1, group->meth));
+ if (mp_isodd(&t1)) {
+ MP_CHECKOK(mp_add(&t1, &group->meth->irr, &t1));
+ }
+ MP_CHECKOK(mp_div_2(&t1, &t1));
+ MP_CHECKOK(group->meth->field_sub(&S, rx, &S, group->meth));
+ MP_CHECKOK(group->meth->field_mul(&M, &S, &M, group->meth));
+ MP_CHECKOK(group->meth->field_sub(&M, &t1, ry, group->meth));
+
+CLEANUP:
+ mp_clear(&t0);
+ mp_clear(&t1);
+ mp_clear(&M);
+ mp_clear(&S);
+ return res;
}
/* by default, this routine is unused and thus doesn't need to be compiled */
@@ -297,83 +295,81 @@ ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz,
* a, b and p are the elliptic curve coefficients and the prime that
* determines the field GFp. Elliptic curve points P and R can be
* identical. Uses mixed Jacobian-affine coordinates. Assumes input is
- * already field-encoded using field_enc, and returns output that is still
+ * already field-encoded using field_enc, and returns output that is still
* field-encoded. Uses 4-bit window method. */
mp_err
ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int precomp[16][2], rz;
- int i, ni, d;
-
- MP_DIGITS(&rz) = 0;
- for (i = 0; i < 16; i++) {
- MP_DIGITS(&precomp[i][0]) = 0;
- MP_DIGITS(&precomp[i][1]) = 0;
- }
-
- ARGCHK(group != NULL, MP_BADARG);
- ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
-
- /* initialize precomputation table */
- for (i = 0; i < 16; i++) {
- MP_CHECKOK(mp_init(&precomp[i][0]));
- MP_CHECKOK(mp_init(&precomp[i][1]));
- }
-
- /* fill precomputation table */
- mp_zero(&precomp[0][0]);
- mp_zero(&precomp[0][1]);
- MP_CHECKOK(mp_copy(px, &precomp[1][0]));
- MP_CHECKOK(mp_copy(py, &precomp[1][1]));
- for (i = 2; i < 16; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[1][0], &precomp[1][1],
- &precomp[i - 1][0], &precomp[i - 1][1],
- &precomp[i][0], &precomp[i][1], group));
- }
-
- d = (mpl_significant_bits(n) + 3) / 4;
-
- /* R = inf */
- MP_CHECKOK(mp_init(&rz));
- MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
-
- for (i = d - 1; i >= 0; i--) {
- /* compute window ni */
- ni = MP_GET_BIT(n, 4 * i + 3);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i + 2);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i + 1);
- ni <<= 1;
- ni |= MP_GET_BIT(n, 4 * i);
- /* R = 2^4 * R */
- MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
- MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
- MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
- MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
- /* R = R + (ni * P) */
- MP_CHECKOK(ec_GFp_pt_add_jac_aff
- (rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
- &rz, group));
- }
-
- /* convert result S to affine coordinates */
- MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
-
- CLEANUP:
- mp_clear(&rz);
- for (i = 0; i < 16; i++) {
- mp_clear(&precomp[i][0]);
- mp_clear(&precomp[i][1]);
- }
- return res;
+ mp_err res = MP_OKAY;
+ mp_int precomp[16][2], rz;
+ int i, ni, d;
+
+ MP_DIGITS(&rz) = 0;
+ for (i = 0; i < 16; i++) {
+ MP_DIGITS(&precomp[i][0]) = 0;
+ MP_DIGITS(&precomp[i][1]) = 0;
+ }
+
+ ARGCHK(group != NULL, MP_BADARG);
+ ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+ /* initialize precomputation table */
+ for (i = 0; i < 16; i++) {
+ MP_CHECKOK(mp_init(&precomp[i][0]));
+ MP_CHECKOK(mp_init(&precomp[i][1]));
+ }
+
+ /* fill precomputation table */
+ mp_zero(&precomp[0][0]);
+ mp_zero(&precomp[0][1]);
+ MP_CHECKOK(mp_copy(px, &precomp[1][0]));
+ MP_CHECKOK(mp_copy(py, &precomp[1][1]));
+ for (i = 2; i < 16; i++) {
+ MP_CHECKOK(group->point_add(&precomp[1][0], &precomp[1][1],
+ &precomp[i - 1][0], &precomp[i - 1][1],
+ &precomp[i][0], &precomp[i][1], group));
+ }
+
+ d = (mpl_significant_bits(n) + 3) / 4;
+
+ /* R = inf */
+ MP_CHECKOK(mp_init(&rz));
+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+ for (i = d - 1; i >= 0; i--) {
+ /* compute window ni */
+ ni = MP_GET_BIT(n, 4 * i + 3);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i + 2);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i + 1);
+ ni <<= 1;
+ ni |= MP_GET_BIT(n, 4 * i);
+ /* R = 2^4 * R */
+ MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+ MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+ MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+ MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+ /* R = R + (ni * P) */
+ MP_CHECKOK(ec_GFp_pt_add_jac_aff(rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
+ &rz, group));
+ }
+
+ /* convert result S to affine coordinates */
+ MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+CLEANUP:
+ mp_clear(&rz);
+ for (i = 0; i < 16; i++) {
+ mp_clear(&precomp[i][0]);
+ mp_clear(&precomp[i][1]);
+ }
+ return res;
}
#endif
-/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
* k2 * P(x, y), where G is the generator (base point) of the group of
* points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
* Uses mixed Jacobian-affine coordinates. Input and output values are
@@ -382,150 +378,136 @@ ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py,
* Software Implementation of the NIST Elliptic Curves over Prime Fields. */
mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
- const mp_int *py, mp_int *rx, mp_int *ry,
- const ECGroup *group)
+ const mp_int *py, mp_int *rx, mp_int *ry,
+ const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int precomp[4][4][2];
- mp_int rz;
- const mp_int *a, *b;
- unsigned int i, j;
- int ai, bi, d;
-
- for (i = 0; i < 4; i++) {
- for (j = 0; j < 4; j++) {
- MP_DIGITS(&precomp[i][j][0]) = 0;
- MP_DIGITS(&precomp[i][j][1]) = 0;
- }
- }
- MP_DIGITS(&rz) = 0;
-
- ARGCHK(group != NULL, MP_BADARG);
- ARGCHK(!((k1 == NULL)
- && ((k2 == NULL) || (px == NULL)
- || (py == NULL))), MP_BADARG);
-
- /* if some arguments are not defined used ECPoint_mul */
- if (k1 == NULL) {
- return ECPoint_mul(group, k2, px, py, rx, ry);
- } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
- return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
- }
-
- /* initialize precomputation table */
- for (i = 0; i < 4; i++) {
- for (j = 0; j < 4; j++) {
- MP_CHECKOK(mp_init(&precomp[i][j][0]));
- MP_CHECKOK(mp_init(&precomp[i][j][1]));
- }
- }
-
- /* fill precomputation table */
- /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
- if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
- a = k2;
- b = k1;
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->
- field_enc(px, &precomp[1][0][0], group->meth));
- MP_CHECKOK(group->meth->
- field_enc(py, &precomp[1][0][1], group->meth));
- } else {
- MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
- MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
- }
- MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
- MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
- } else {
- a = k1;
- b = k2;
- MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
- MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
- if (group->meth->field_enc) {
- MP_CHECKOK(group->meth->
- field_enc(px, &precomp[0][1][0], group->meth));
- MP_CHECKOK(group->meth->
- field_enc(py, &precomp[0][1][1], group->meth));
- } else {
- MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
- MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
- }
- }
- /* precompute [*][0][*] */
- mp_zero(&precomp[0][0][0]);
- mp_zero(&precomp[0][0][1]);
- MP_CHECKOK(group->
- point_dbl(&precomp[1][0][0], &precomp[1][0][1],
- &precomp[2][0][0], &precomp[2][0][1], group));
- MP_CHECKOK(group->
- point_add(&precomp[1][0][0], &precomp[1][0][1],
- &precomp[2][0][0], &precomp[2][0][1],
- &precomp[3][0][0], &precomp[3][0][1], group));
- /* precompute [*][1][*] */
- for (i = 1; i < 4; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[0][1][0], &precomp[0][1][1],
- &precomp[i][0][0], &precomp[i][0][1],
- &precomp[i][1][0], &precomp[i][1][1], group));
- }
- /* precompute [*][2][*] */
- MP_CHECKOK(group->
- point_dbl(&precomp[0][1][0], &precomp[0][1][1],
- &precomp[0][2][0], &precomp[0][2][1], group));
- for (i = 1; i < 4; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[0][2][0], &precomp[0][2][1],
- &precomp[i][0][0], &precomp[i][0][1],
- &precomp[i][2][0], &precomp[i][2][1], group));
- }
- /* precompute [*][3][*] */
- MP_CHECKOK(group->
- point_add(&precomp[0][1][0], &precomp[0][1][1],
- &precomp[0][2][0], &precomp[0][2][1],
- &precomp[0][3][0], &precomp[0][3][1], group));
- for (i = 1; i < 4; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[0][3][0], &precomp[0][3][1],
- &precomp[i][0][0], &precomp[i][0][1],
- &precomp[i][3][0], &precomp[i][3][1], group));
- }
-
- d = (mpl_significant_bits(a) + 1) / 2;
-
- /* R = inf */
- MP_CHECKOK(mp_init(&rz));
- MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
-
- for (i = d; i-- > 0;) {
- ai = MP_GET_BIT(a, 2 * i + 1);
- ai <<= 1;
- ai |= MP_GET_BIT(a, 2 * i);
- bi = MP_GET_BIT(b, 2 * i + 1);
- bi <<= 1;
- bi |= MP_GET_BIT(b, 2 * i);
- /* R = 2^2 * R */
- MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
- MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
- /* R = R + (ai * A + bi * B) */
- MP_CHECKOK(ec_GFp_pt_add_jac_aff
- (rx, ry, &rz, &precomp[ai][bi][0], &precomp[ai][bi][1],
- rx, ry, &rz, group));
- }
-
- MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
-
- if (group->meth->field_dec) {
- MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
- MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
- }
-
- CLEANUP:
- mp_clear(&rz);
- for (i = 0; i < 4; i++) {
- for (j = 0; j < 4; j++) {
- mp_clear(&precomp[i][j][0]);
- mp_clear(&precomp[i][j][1]);
- }
- }
- return res;
+ mp_err res = MP_OKAY;
+ mp_int precomp[4][4][2];
+ mp_int rz;
+ const mp_int *a, *b;
+ unsigned int i, j;
+ int ai, bi, d;
+
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 4; j++) {
+ MP_DIGITS(&precomp[i][j][0]) = 0;
+ MP_DIGITS(&precomp[i][j][1]) = 0;
+ }
+ }
+ MP_DIGITS(&rz) = 0;
+
+ ARGCHK(group != NULL, MP_BADARG);
+ ARGCHK(!((k1 == NULL) && ((k2 == NULL) || (px == NULL) || (py == NULL))), MP_BADARG);
+
+ /* if some arguments are not defined used ECPoint_mul */
+ if (k1 == NULL) {
+ return ECPoint_mul(group, k2, px, py, rx, ry);
+ } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+ return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+ }
+
+ /* initialize precomputation table */
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 4; j++) {
+ MP_CHECKOK(mp_init(&precomp[i][j][0]));
+ MP_CHECKOK(mp_init(&precomp[i][j][1]));
+ }
+ }
+
+ /* fill precomputation table */
+ /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
+ if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
+ a = k2;
+ b = k1;
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(px, &precomp[1][0][0], group->meth));
+ MP_CHECKOK(group->meth->field_enc(py, &precomp[1][0][1], group->meth));
+ } else {
+ MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
+ MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
+ }
+ MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
+ MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
+ } else {
+ a = k1;
+ b = k2;
+ MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
+ MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
+ if (group->meth->field_enc) {
+ MP_CHECKOK(group->meth->field_enc(px, &precomp[0][1][0], group->meth));
+ MP_CHECKOK(group->meth->field_enc(py, &precomp[0][1][1], group->meth));
+ } else {
+ MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
+ MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
+ }
+ }
+ /* precompute [*][0][*] */
+ mp_zero(&precomp[0][0][0]);
+ mp_zero(&precomp[0][0][1]);
+ MP_CHECKOK(group->point_dbl(&precomp[1][0][0], &precomp[1][0][1],
+ &precomp[2][0][0], &precomp[2][0][1], group));
+ MP_CHECKOK(group->point_add(&precomp[1][0][0], &precomp[1][0][1],
+ &precomp[2][0][0], &precomp[2][0][1],
+ &precomp[3][0][0], &precomp[3][0][1], group));
+ /* precompute [*][1][*] */
+ for (i = 1; i < 4; i++) {
+ MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+ &precomp[i][0][0], &precomp[i][0][1],
+ &precomp[i][1][0], &precomp[i][1][1], group));
+ }
+ /* precompute [*][2][*] */
+ MP_CHECKOK(group->point_dbl(&precomp[0][1][0], &precomp[0][1][1],
+ &precomp[0][2][0], &precomp[0][2][1], group));
+ for (i = 1; i < 4; i++) {
+ MP_CHECKOK(group->point_add(&precomp[0][2][0], &precomp[0][2][1],
+ &precomp[i][0][0], &precomp[i][0][1],
+ &precomp[i][2][0], &precomp[i][2][1], group));
+ }
+ /* precompute [*][3][*] */
+ MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+ &precomp[0][2][0], &precomp[0][2][1],
+ &precomp[0][3][0], &precomp[0][3][1], group));
+ for (i = 1; i < 4; i++) {
+ MP_CHECKOK(group->point_add(&precomp[0][3][0], &precomp[0][3][1],
+ &precomp[i][0][0], &precomp[i][0][1],
+ &precomp[i][3][0], &precomp[i][3][1], group));
+ }
+
+ d = (mpl_significant_bits(a) + 1) / 2;
+
+ /* R = inf */
+ MP_CHECKOK(mp_init(&rz));
+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+ for (i = d; i-- > 0;) {
+ ai = MP_GET_BIT(a, 2 * i + 1);
+ ai <<= 1;
+ ai |= MP_GET_BIT(a, 2 * i);
+ bi = MP_GET_BIT(b, 2 * i + 1);
+ bi <<= 1;
+ bi |= MP_GET_BIT(b, 2 * i);
+ /* R = 2^2 * R */
+ MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+ MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+ /* R = R + (ai * A + bi * B) */
+ MP_CHECKOK(ec_GFp_pt_add_jac_aff(rx, ry, &rz, &precomp[ai][bi][0], &precomp[ai][bi][1],
+ rx, ry, &rz, group));
+ }
+
+ MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+ if (group->meth->field_dec) {
+ MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+ MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+ }
+
+CLEANUP:
+ mp_clear(&rz);
+ for (i = 0; i < 4; i++) {
+ for (j = 0; j < 4; j++) {
+ mp_clear(&precomp[i][j][0]);
+ mp_clear(&precomp[i][j][1]);
+ }
+ }
+ return res;
}
diff --git a/lib/freebl/ecl/ecp_jm.c b/lib/freebl/ecl/ecp_jm.c
index 2d564127c..a1106cea8 100644
--- a/lib/freebl/ecl/ecp_jm.c
+++ b/lib/freebl/ecl/ecp_jm.c
@@ -9,76 +9,74 @@
#define MAX_SCRATCH 6
-/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
+/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
* Modified Jacobian coordinates.
*
- * Assumes input is already field-encoded using field_enc, and returns
+ * Assumes input is already field-encoded using field_enc, and returns
* output that is still field-encoded.
*
*/
static mp_err
ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz,
- const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz,
- mp_int *raz4, mp_int scratch[], const ECGroup *group)
+ const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz,
+ mp_int *raz4, mp_int scratch[], const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int *t0, *t1, *M, *S;
+ mp_err res = MP_OKAY;
+ mp_int *t0, *t1, *M, *S;
- t0 = &scratch[0];
- t1 = &scratch[1];
- M = &scratch[2];
- S = &scratch[3];
+ t0 = &scratch[0];
+ t1 = &scratch[1];
+ M = &scratch[2];
+ S = &scratch[3];
#if MAX_SCRATCH < 4
#error "Scratch array defined too small "
#endif
- /* Check for point at infinity */
- if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
- /* Set r = pt at infinity by setting rz = 0 */
+ /* Check for point at infinity */
+ if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+ /* Set r = pt at infinity by setting rz = 0 */
- MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
- goto CLEANUP;
- }
+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+ goto CLEANUP;
+ }
- /* M = 3 (px^2) + a*(pz^4) */
- MP_CHECKOK(group->meth->field_sqr(px, t0, group->meth));
- MP_CHECKOK(group->meth->field_add(t0, t0, M, group->meth));
- MP_CHECKOK(group->meth->field_add(t0, M, t0, group->meth));
- MP_CHECKOK(group->meth->field_add(t0, paz4, M, group->meth));
+ /* M = 3 (px^2) + a*(pz^4) */
+ MP_CHECKOK(group->meth->field_sqr(px, t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(t0, t0, M, group->meth));
+ MP_CHECKOK(group->meth->field_add(t0, M, t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(t0, paz4, M, group->meth));
- /* rz = 2 * py * pz */
- MP_CHECKOK(group->meth->field_mul(py, pz, S, group->meth));
- MP_CHECKOK(group->meth->field_add(S, S, rz, group->meth));
+ /* rz = 2 * py * pz */
+ MP_CHECKOK(group->meth->field_mul(py, pz, S, group->meth));
+ MP_CHECKOK(group->meth->field_add(S, S, rz, group->meth));
- /* t0 = 2y^2 , t1 = 8y^4 */
- MP_CHECKOK(group->meth->field_sqr(py, t0, group->meth));
- MP_CHECKOK(group->meth->field_add(t0, t0, t0, group->meth));
- MP_CHECKOK(group->meth->field_sqr(t0, t1, group->meth));
- MP_CHECKOK(group->meth->field_add(t1, t1, t1, group->meth));
+ /* t0 = 2y^2 , t1 = 8y^4 */
+ MP_CHECKOK(group->meth->field_sqr(py, t0, group->meth));
+ MP_CHECKOK(group->meth->field_add(t0, t0, t0, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(t0, t1, group->meth));
+ MP_CHECKOK(group->meth->field_add(t1, t1, t1, group->meth));
- /* S = 4 * px * py^2 = 2 * px * t0 */
- MP_CHECKOK(group->meth->field_mul(px, t0, S, group->meth));
- MP_CHECKOK(group->meth->field_add(S, S, S, group->meth));
+ /* S = 4 * px * py^2 = 2 * px * t0 */
+ MP_CHECKOK(group->meth->field_mul(px, t0, S, group->meth));
+ MP_CHECKOK(group->meth->field_add(S, S, S, group->meth));
+ /* rx = M^2 - 2S */
+ MP_CHECKOK(group->meth->field_sqr(M, rx, group->meth));
+ MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
+ MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
- /* rx = M^2 - 2S */
- MP_CHECKOK(group->meth->field_sqr(M, rx, group->meth));
- MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
- MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
+ /* ry = M * (S - rx) - t1 */
+ MP_CHECKOK(group->meth->field_sub(S, rx, S, group->meth));
+ MP_CHECKOK(group->meth->field_mul(S, M, ry, group->meth));
+ MP_CHECKOK(group->meth->field_sub(ry, t1, ry, group->meth));
- /* ry = M * (S - rx) - t1 */
- MP_CHECKOK(group->meth->field_sub(S, rx, S, group->meth));
- MP_CHECKOK(group->meth->field_mul(S, M, ry, group->meth));
- MP_CHECKOK(group->meth->field_sub(ry, t1, ry, group->meth));
+ /* ra*z^4 = 2*t1*(apz4) */
+ MP_CHECKOK(group->meth->field_mul(paz4, t1, raz4, group->meth));
+ MP_CHECKOK(group->meth->field_add(raz4, raz4, raz4, group->meth));
- /* ra*z^4 = 2*t1*(apz4) */
- MP_CHECKOK(group->meth->field_mul(paz4, t1, raz4, group->meth));
- MP_CHECKOK(group->meth->field_add(raz4, raz4, raz4, group->meth));
-
-
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
@@ -88,84 +86,82 @@ ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz,
* field-encoded. */
static mp_err
ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
- const mp_int *paz4, const mp_int *qx,
- const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz,
- mp_int *raz4, mp_int scratch[], const ECGroup *group)
+ const mp_int *paz4, const mp_int *qx,
+ const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz,
+ mp_int *raz4, mp_int scratch[], const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int *A, *B, *C, *D, *C2, *C3;
+ mp_err res = MP_OKAY;
+ mp_int *A, *B, *C, *D, *C2, *C3;
- A = &scratch[0];
- B = &scratch[1];
- C = &scratch[2];
- D = &scratch[3];
- C2 = &scratch[4];
- C3 = &scratch[5];
+ A = &scratch[0];
+ B = &scratch[1];
+ C = &scratch[2];
+ D = &scratch[3];
+ C2 = &scratch[4];
+ C3 = &scratch[5];
#if MAX_SCRATCH < 6
#error "Scratch array defined too small "
#endif
- /* If either P or Q is the point at infinity, then return the other
- * point */
- if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
- MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
- MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
- MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
- MP_CHECKOK(group->meth->
- field_mul(raz4, &group->curvea, raz4, group->meth));
- goto CLEANUP;
- }
- if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
- MP_CHECKOK(mp_copy(px, rx));
- MP_CHECKOK(mp_copy(py, ry));
- MP_CHECKOK(mp_copy(pz, rz));
- MP_CHECKOK(mp_copy(paz4, raz4));
- goto CLEANUP;
- }
-
- /* A = qx * pz^2, B = qy * pz^3 */
- MP_CHECKOK(group->meth->field_sqr(pz, A, group->meth));
- MP_CHECKOK(group->meth->field_mul(A, pz, B, group->meth));
- MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
- MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
-
- /* C = A - px, D = B - py */
- MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
- MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
-
- /* C2 = C^2, C3 = C^3 */
- MP_CHECKOK(group->meth->field_sqr(C, C2, group->meth));
- MP_CHECKOK(group->meth->field_mul(C, C2, C3, group->meth));
-
- /* rz = pz * C */
- MP_CHECKOK(group->meth->field_mul(pz, C, rz, group->meth));
-
- /* C = px * C^2 */
- MP_CHECKOK(group->meth->field_mul(px, C2, C, group->meth));
- /* A = D^2 */
- MP_CHECKOK(group->meth->field_sqr(D, A, group->meth));
-
- /* rx = D^2 - (C^3 + 2 * (px * C^2)) */
- MP_CHECKOK(group->meth->field_add(C, C, rx, group->meth));
- MP_CHECKOK(group->meth->field_add(C3, rx, rx, group->meth));
- MP_CHECKOK(group->meth->field_sub(A, rx, rx, group->meth));
-
- /* C3 = py * C^3 */
- MP_CHECKOK(group->meth->field_mul(py, C3, C3, group->meth));
-
- /* ry = D * (px * C^2 - rx) - py * C^3 */
- MP_CHECKOK(group->meth->field_sub(C, rx, ry, group->meth));
- MP_CHECKOK(group->meth->field_mul(D, ry, ry, group->meth));
- MP_CHECKOK(group->meth->field_sub(ry, C3, ry, group->meth));
-
- /* raz4 = a * rz^4 */
- MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
- MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
- MP_CHECKOK(group->meth->
- field_mul(raz4, &group->curvea, raz4, group->meth));
+ /* If either P or Q is the point at infinity, then return the other
+ * point */
+ if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+ MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
+ MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
+ MP_CHECKOK(group->meth->field_mul(raz4, &group->curvea, raz4, group->meth));
+ goto CLEANUP;
+ }
+ if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
+ MP_CHECKOK(mp_copy(px, rx));
+ MP_CHECKOK(mp_copy(py, ry));
+ MP_CHECKOK(mp_copy(pz, rz));
+ MP_CHECKOK(mp_copy(paz4, raz4));
+ goto CLEANUP;
+ }
+
+ /* A = qx * pz^2, B = qy * pz^3 */
+ MP_CHECKOK(group->meth->field_sqr(pz, A, group->meth));
+ MP_CHECKOK(group->meth->field_mul(A, pz, B, group->meth));
+ MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
+ MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
+
+ /* C = A - px, D = B - py */
+ MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
+ MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
+
+ /* C2 = C^2, C3 = C^3 */
+ MP_CHECKOK(group->meth->field_sqr(C, C2, group->meth));
+ MP_CHECKOK(group->meth->field_mul(C, C2, C3, group->meth));
+
+ /* rz = pz * C */
+ MP_CHECKOK(group->meth->field_mul(pz, C, rz, group->meth));
+
+ /* C = px * C^2 */
+ MP_CHECKOK(group->meth->field_mul(px, C2, C, group->meth));
+ /* A = D^2 */
+ MP_CHECKOK(group->meth->field_sqr(D, A, group->meth));
+
+ /* rx = D^2 - (C^3 + 2 * (px * C^2)) */
+ MP_CHECKOK(group->meth->field_add(C, C, rx, group->meth));
+ MP_CHECKOK(group->meth->field_add(C3, rx, rx, group->meth));
+ MP_CHECKOK(group->meth->field_sub(A, rx, rx, group->meth));
+
+ /* C3 = py * C^3 */
+ MP_CHECKOK(group->meth->field_mul(py, C3, C3, group->meth));
+
+ /* ry = D * (px * C^2 - rx) - py * C^3 */
+ MP_CHECKOK(group->meth->field_sub(C, rx, ry, group->meth));
+ MP_CHECKOK(group->meth->field_mul(D, ry, ry, group->meth));
+ MP_CHECKOK(group->meth->field_sub(ry, C3, ry, group->meth));
+
+ /* raz4 = a * rz^4 */
+ MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
+ MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
+ MP_CHECKOK(group->meth->field_mul(raz4, &group->curvea, raz4, group->meth));
CLEANUP:
- return res;
+ return res;
}
/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
@@ -174,116 +170,114 @@ CLEANUP:
* additions. Assumes input is already field-encoded using field_enc, and
* returns output that is still field-encoded. Uses 5-bit window NAF
* method (algorithm 11) for scalar-point multiplication from Brown,
- * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
* Curves Over Prime Fields. */
mp_err
ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
- mp_int *rx, mp_int *ry, const ECGroup *group)
+ mp_int *rx, mp_int *ry, const ECGroup *group)
{
- mp_err res = MP_OKAY;
- mp_int precomp[16][2], rz, tpx, tpy;
- mp_int raz4;
- mp_int scratch[MAX_SCRATCH];
- signed char *naf = NULL;
- int i, orderBitSize;
-
- MP_DIGITS(&rz) = 0;
- MP_DIGITS(&raz4) = 0;
- MP_DIGITS(&tpx) = 0;
- MP_DIGITS(&tpy) = 0;
- for (i = 0; i < 16; i++) {
- MP_DIGITS(&precomp[i][0]) = 0;
- MP_DIGITS(&precomp[i][1]) = 0;
- }
- for (i = 0; i < MAX_SCRATCH; i++) {
- MP_DIGITS(&scratch[i]) = 0;
- }
-
- ARGCHK(group != NULL, MP_BADARG);
- ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
-
- /* initialize precomputation table */
- MP_CHECKOK(mp_init(&tpx));
- MP_CHECKOK(mp_init(&tpy));;
- MP_CHECKOK(mp_init(&rz));
- MP_CHECKOK(mp_init(&raz4));
-
- for (i = 0; i < 16; i++) {
- MP_CHECKOK(mp_init(&precomp[i][0]));
- MP_CHECKOK(mp_init(&precomp[i][1]));
- }
- for (i = 0; i < MAX_SCRATCH; i++) {
- MP_CHECKOK(mp_init(&scratch[i]));
- }
-
- /* Set out[8] = P */
- MP_CHECKOK(mp_copy(px, &precomp[8][0]));
- MP_CHECKOK(mp_copy(py, &precomp[8][1]));
-
- /* Set (tpx, tpy) = 2P */
- MP_CHECKOK(group->
- point_dbl(&precomp[8][0], &precomp[8][1], &tpx, &tpy,
- group));
-
- /* Set 3P, 5P, ..., 15P */
- for (i = 8; i < 15; i++) {
- MP_CHECKOK(group->
- point_add(&precomp[i][0], &precomp[i][1], &tpx, &tpy,
- &precomp[i + 1][0], &precomp[i + 1][1],
- group));
- }
-
- /* Set -15P, -13P, ..., -P */
- for (i = 0; i < 8; i++) {
- MP_CHECKOK(mp_copy(&precomp[15 - i][0], &precomp[i][0]));
- MP_CHECKOK(group->meth->
- field_neg(&precomp[15 - i][1], &precomp[i][1],
- group->meth));
- }
-
- /* R = inf */
- MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
-
- orderBitSize = mpl_significant_bits(&group->order);
-
- /* Allocate memory for NAF */
- naf = (signed char *) malloc(sizeof(signed char) * (orderBitSize + 1));
- if (naf == NULL) {
- res = MP_MEM;
- goto CLEANUP;
- }
-
- /* Compute 5NAF */
- ec_compute_wNAF(naf, orderBitSize, n, 5);
-
- /* wNAF method */
- for (i = orderBitSize; i >= 0; i--) {
- /* R = 2R */
- ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz,
- &raz4, scratch, group);
- if (naf[i] != 0) {
- ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4,
- &precomp[(naf[i] + 15) / 2][0],
- &precomp[(naf[i] + 15) / 2][1], rx, ry,
- &rz, &raz4, scratch, group);
- }
- }
-
- /* convert result S to affine coordinates */
- MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
-
- CLEANUP:
- for (i = 0; i < MAX_SCRATCH; i++) {
- mp_clear(&scratch[i]);
- }
- for (i = 0; i < 16; i++) {
- mp_clear(&precomp[i][0]);
- mp_clear(&precomp[i][1]);
- }
- mp_clear(&tpx);
- mp_clear(&tpy);
- mp_clear(&rz);
- mp_clear(&raz4);
- free(naf);
- return res;
+ mp_err res = MP_OKAY;
+ mp_int precomp[16][2], rz, tpx, tpy;
+ mp_int raz4;
+ mp_int scratch[MAX_SCRATCH];
+ signed char *naf = NULL;
+ int i, orderBitSize;
+
+ MP_DIGITS(&rz) = 0;
+ MP_DIGITS(&raz4) = 0;
+ MP_DIGITS(&tpx) = 0;
+ MP_DIGITS(&tpy) = 0;
+ for (i = 0; i < 16; i++) {
+ MP_DIGITS(&precomp[i][0]) = 0;
+ MP_DIGITS(&precomp[i][1]) = 0;
+ }
+ for (i = 0; i < MAX_SCRATCH; i++) {
+ MP_DIGITS(&scratch[i]) = 0;
+ }
+
+ ARGCHK(group != NULL, MP_BADARG);
+ ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+ /* initialize precomputation table */
+ MP_CHECKOK(mp_init(&tpx));
+ MP_CHECKOK(mp_init(&tpy));
+ ;
+ MP_CHECKOK(mp_init(&rz));
+ MP_CHECKOK(mp_init(&raz4));
+
+ for (i = 0; i < 16; i++) {
+ MP_CHECKOK(mp_init(&precomp[i][0]));
+ MP_CHECKOK(mp_init(&precomp[i][1]));
+ }
+ for (i = 0; i < MAX_SCRATCH; i++) {
+ MP_CHECKOK(mp_init(&scratch[i]));
+ }
+
+ /* Set out[8] = P */
+ MP_CHECKOK(mp_copy(px, &precomp[8][0]));
+ MP_CHECKOK(mp_copy(py, &precomp[8][1]));
+
+ /* Set (tpx, tpy) = 2P */
+ MP_CHECKOK(group->point_dbl(&precomp[8][0], &precomp[8][1], &tpx, &tpy,
+ group));
+
+ /* Set 3P, 5P, ..., 15P */
+ for (i = 8; i < 15; i++) {
+ MP_CHECKOK(group->point_add(&precomp[i][0], &precomp[i][1], &tpx, &tpy,
+ &precomp[i + 1][0], &precomp[i + 1][1],
+ group));
+ }
+
+ /* Set -15P, -13P, ..., -P */
+ for (i = 0; i < 8; i++) {
+ MP_CHECKOK(mp_copy(&precomp[15 - i][0], &precomp[i][0]));
+ MP_CHECKOK(group->meth->field_neg(&precomp[15 - i][1], &precomp[i][1],
+ group->meth));
+ }
+
+ /* R = inf */
+ MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+ orderBitSize = mpl_significant_bits(&group->order);
+
+ /* Allocate memory for NAF */
+ naf = (signed char *)malloc(sizeof(signed char) * (orderBitSize + 1));
+ if (naf == NULL) {
+ res = MP_MEM;
+ goto CLEANUP;
+ }
+
+ /* Compute 5NAF */
+ ec_compute_wNAF(naf, orderBitSize, n, 5);
+
+ /* wNAF method */
+ for (i = orderBitSize; i >= 0; i--) {
+ /* R = 2R */
+ ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz,
+ &raz4, scratch, group);
+ if (naf[i] != 0) {
+ ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4,
+ &precomp[(naf[i] + 15) / 2][0],
+ &precomp[(naf[i] + 15) / 2][1], rx, ry,
+ &rz, &raz4, scratch, group);
+ }
+ }
+
+ /* convert result S to affine coordinates */
+ MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+CLEANUP:
+ for (i = 0; i < MAX_SCRATCH; i++) {
+ mp_clear(&scratch[i]);
+ }
+ for (i = 0; i < 16; i++) {
+ mp_clear(&precomp[i][0]);
+ mp_clear(&precomp[i][1]);
+ }
+ mp_clear(&tpx);
+ mp_clear(&tpy);
+ mp_clear(&rz);
+ mp_clear(&raz4);
+ free(naf);
+ return res;
}
diff --git a/lib/freebl/ecl/ecp_mont.c b/lib/freebl/ecl/ecp_mont.c
index 6b8462e9e..779685b4d 100644
--- a/lib/freebl/ecl/ecp_mont.c
+++ b/lib/freebl/ecl/ecp_mont.c
@@ -18,38 +18,38 @@
GFMethod *
GFMethod_consGFp_mont(const mp_int *irr)
{
- mp_err res = MP_OKAY;
- GFMethod *meth = NULL;
- mp_mont_modulus *mmm;
-
- meth = GFMethod_consGFp(irr);
- if (meth == NULL)
- return NULL;
-
- mmm = (mp_mont_modulus *) malloc(sizeof(mp_mont_modulus));
- if (mmm == NULL) {
- res = MP_MEM;
- goto CLEANUP;
- }
-
- meth->field_mul = &ec_GFp_mul_mont;
- meth->field_sqr = &ec_GFp_sqr_mont;
- meth->field_div = &ec_GFp_div_mont;
- meth->field_enc = &ec_GFp_enc_mont;
- meth->field_dec = &ec_GFp_dec_mont;
- meth->extra1 = mmm;
- meth->extra2 = NULL;
- meth->extra_free = &ec_GFp_extra_free_mont;
-
- mmm->N = meth->irr;
- mmm->n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(&meth->irr, 0));
-
- CLEANUP:
- if (res != MP_OKAY) {
- GFMethod_free(meth);
- return NULL;
- }
- return meth;
+ mp_err res = MP_OKAY;
+ GFMethod *meth = NULL;
+ mp_mont_modulus *mmm;
+
+ meth = GFMethod_consGFp(irr);
+ if (meth == NULL)
+ return NULL;
+
+ mmm = (mp_mont_modulus *)malloc(sizeof(mp_mont_modulus));
+ if (mmm == NULL) {
+ res = MP_MEM;
+ goto CLEANUP;
+ }
+
+ meth->field_mul = &ec_GFp_mul_mont;
+ meth->field_sqr = &ec_GFp_sqr_mont;
+ meth->field_div = &ec_GFp_div_mont;
+ meth->field_enc = &ec_GFp_enc_mont;
+ meth->field_dec = &ec_GFp_dec_mont;
+ meth->extra1 = mmm;
+ meth->extra2 = NULL;
+ meth->extra_free = &ec_GFp_extra_free_mont;
+
+ mmm->N = meth->irr;
+ mmm->n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(&meth->irr, 0));
+
+CLEANUP:
+ if (res != MP_OKAY) {
+ GFMethod_free(meth);
+ return NULL;
+ }
+ return meth;
}
/* Wrapper functions for generic prime field arithmetic. */
@@ -57,60 +57,59 @@ GFMethod_consGFp_mont(const mp_int *irr)
/* Field multiplication using Montgomery reduction. */
mp_err
ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
+ mp_err res = MP_OKAY;
#ifdef MP_MONT_USE_MP_MUL
- /* if MP_MONT_USE_MP_MUL is defined, then the function s_mp_mul_mont
- * is not implemented and we have to use mp_mul and s_mp_redc directly
- */
- MP_CHECKOK(mp_mul(a, b, r));
- MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1));
+ /* if MP_MONT_USE_MP_MUL is defined, then the function s_mp_mul_mont
+ * is not implemented and we have to use mp_mul and s_mp_redc directly
+ */
+ MP_CHECKOK(mp_mul(a, b, r));
+ MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *)meth->extra1));
#else
- mp_int s;
-
- MP_DIGITS(&s) = 0;
- /* s_mp_mul_mont doesn't allow source and destination to be the same */
- if ((a == r) || (b == r)) {
- MP_CHECKOK(mp_init(&s));
- MP_CHECKOK(s_mp_mul_mont
- (a, b, &s, (mp_mont_modulus *) meth->extra1));
- MP_CHECKOK(mp_copy(&s, r));
- mp_clear(&s);
- } else {
- return s_mp_mul_mont(a, b, r, (mp_mont_modulus *) meth->extra1);
- }
+ mp_int s;
+
+ MP_DIGITS(&s) = 0;
+ /* s_mp_mul_mont doesn't allow source and destination to be the same */
+ if ((a == r) || (b == r)) {
+ MP_CHECKOK(mp_init(&s));
+ MP_CHECKOK(s_mp_mul_mont(a, b, &s, (mp_mont_modulus *)meth->extra1));
+ MP_CHECKOK(mp_copy(&s, r));
+ mp_clear(&s);
+ } else {
+ return s_mp_mul_mont(a, b, r, (mp_mont_modulus *)meth->extra1);
+ }
#endif
- CLEANUP:
- return res;
+CLEANUP:
+ return res;
}
/* Field squaring using Montgomery reduction. */
mp_err
ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- return ec_GFp_mul_mont(a, a, r, meth);
+ return ec_GFp_mul_mont(a, a, r, meth);
}
/* Field division using Montgomery reduction. */
mp_err
ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r,
- const GFMethod *meth)
+ const GFMethod *meth)
{
- mp_err res = MP_OKAY;
-
- /* if A=aZ represents a encoded in montgomery coordinates with Z and #
- * and \ respectively represent multiplication and division in
- * montgomery coordinates, then A\B = (a/b)Z = (A/B)Z and Binv =
- * (1/b)Z = (1/B)(Z^2) where B # Binv = Z */
- MP_CHECKOK(ec_GFp_div(a, b, r, meth));
- MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
- if (a == NULL) {
- MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
- }
- CLEANUP:
- return res;
+ mp_err res = MP_OKAY;
+
+ /* if A=aZ represents a encoded in montgomery coordinates with Z and #
+ * and \ respectively represent multiplication and division in
+ * montgomery coordinates, then A\B = (a/b)Z = (A/B)Z and Binv =
+ * (1/b)Z = (1/B)(Z^2) where B # Binv = Z */
+ MP_CHECKOK(ec_GFp_div(a, b, r, meth));
+ MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
+ if (a == NULL) {
+ MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
+ }
+CLEANUP:
+ return res;
}
/* Encode a field element in Montgomery form. See s_mp_to_mont in
@@ -118,29 +117,29 @@ ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r,
mp_err
ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_mont_modulus *mmm;
- mp_err res = MP_OKAY;
-
- mmm = (mp_mont_modulus *) meth->extra1;
- MP_CHECKOK(mp_copy(a, r));
- MP_CHECKOK(s_mp_lshd(r, MP_USED(&mmm->N)));
- MP_CHECKOK(mp_mod(r, &mmm->N, r));
- CLEANUP:
- return res;
+ mp_mont_modulus *mmm;
+ mp_err res = MP_OKAY;
+
+ mmm = (mp_mont_modulus *)meth->extra1;
+ MP_CHECKOK(mp_copy(a, r));
+ MP_CHECKOK(s_mp_lshd(r, MP_USED(&mmm->N)));
+ MP_CHECKOK(mp_mod(r, &mmm->N, r));
+CLEANUP:
+ return res;
}
/* Decode a field element from Montgomery form. */
mp_err
ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
{
- mp_err res = MP_OKAY;
-
- if (a != r) {
- MP_CHECKOK(mp_copy(a, r));
- }
- MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1));
- CLEANUP:
- return res;
+ mp_err res = MP_OKAY;
+
+ if (a != r) {
+ MP_CHECKOK(mp_copy(a, r));
+ }
+ MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *)meth->extra1));
+CLEANUP:
+ return res;
}
/* Free the memory allocated to the extra fields of Montgomery GFMethod
@@ -148,8 +147,8 @@ ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
void
ec_GFp_extra_free_mont(GFMethod *meth)
{
- if (meth->extra1 != NULL) {
- free(meth->extra1);
- meth->extra1 = NULL;
- }
+ if (meth->extra1 != NULL) {
+ free(meth->extra1);
+ meth->extra1 = NULL;
+ }
}
diff --git a/lib/freebl/ecl/tests/ec2_test.c b/lib/freebl/ecl/tests/ec2_test.c
index 1b4d8c3d5..df0170903 100644
--- a/lib/freebl/ecl/tests/ec2_test.c
+++ b/lib/freebl/ecl/tests/ec2_test.c
@@ -18,373 +18,356 @@
#include <sys/resource.h>
/* Time k repetitions of operation op. */
-#define M_TimeOperation(op, k) { \
- double dStart, dNow, dUserTime; \
- struct rusage ru; \
- int i; \
- getrusage(RUSAGE_SELF, &ru); \
- dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- for (i = 0; i < k; i++) { \
- { op; } \
- }; \
- getrusage(RUSAGE_SELF, &ru); \
- dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- dUserTime = dNow-dStart; \
- if (dUserTime) printf(" %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
-}
+#define M_TimeOperation(op, k) \
+ { \
+ double dStart, dNow, dUserTime; \
+ struct rusage ru; \
+ int i; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ for (i = 0; i < k; i++) { \
+ { \
+ op; \
+ } \
+ }; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ dUserTime = dNow - dStart; \
+ if (dUserTime) \
+ printf(" %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
+ }
/* Test curve using generic field arithmetic. */
-#define ECTEST_GENERIC_GF2M(name_c, name) \
- printf("Testing %s using generic implementation...\n", name_c); \
- params = EC_GetNamedCurveParams(name); \
- if (params == NULL) { \
- printf(" Error: could not construct params.\n"); \
- res = MP_NO; \
- goto CLEANUP; \
- } \
- ECGroup_free(group); \
- group = ECGroup_fromHex(params); \
- if (group == NULL) { \
- printf(" Error: could not construct group.\n"); \
- res = MP_NO; \
- goto CLEANUP; \
- } \
- MP_CHECKOK( ectest_curve_GF2m(group, ectestPrint, ectestTime, 1) ); \
- printf("... okay.\n");
+#define ECTEST_GENERIC_GF2M(name_c, name) \
+ printf("Testing %s using generic implementation...\n", name_c); \
+ params = EC_GetNamedCurveParams(name); \
+ if (params == NULL) { \
+ printf(" Error: could not construct params.\n"); \
+ res = MP_NO; \
+ goto CLEANUP; \
+ } \
+ ECGroup_free(group); \
+ group = ECGroup_fromHex(params); \
+ if (group == NULL) { \
+ printf(" Error: could not construct group.\n"); \
+ res = MP_NO; \
+ goto CLEANUP; \
+ } \
+ MP_CHECKOK(ectest_curve_GF2m(group, ectestPrint, ectestTime, 1)); \
+ printf("... okay.\n");
/* Test curve using specific field arithmetic. */
-#define ECTEST_NAMED_GF2M(name_c, name) \
- printf("Testing %s using specific implementation...\n", name_c); \
- ECGroup_free(group); \
- group = ECGroup_fromName(name); \
- if (group == NULL) { \
- printf(" Warning: could not construct group.\n"); \
- printf("... failed; continuing with remaining tests.\n"); \
- } else { \
- MP_CHECKOK( ectest_curve_GF2m(group, ectestPrint, ectestTime, 0) ); \
- printf("... okay.\n"); \
- }
+#define ECTEST_NAMED_GF2M(name_c, name) \
+ printf("Testing %s using specific implementation...\n", name_c); \
+ ECGroup_free(group); \
+ group = ECGroup_fromName(name); \
+ if (group == NULL) { \
+ printf(" Warning: could not construct group.\n"); \
+ printf("... failed; continuing with remaining tests.\n"); \
+ } else { \
+ MP_CHECKOK(ectest_curve_GF2m(group, ectestPrint, ectestTime, 0)); \
+ printf("... okay.\n"); \
+ }
/* Performs basic tests of elliptic curve cryptography over binary
* polynomial fields. If tests fail, then it prints an error message,
* aborts, and returns an error code. Otherwise, returns 0. */
int
ectest_curve_GF2m(ECGroup *group, int ectestPrint, int ectestTime,
- int generic)
+ int generic)
{
- mp_int one, order_1, gx, gy, rx, ry, n;
- int size;
- mp_err res;
- char s[1000];
-
- /* initialize values */
- MP_CHECKOK(mp_init(&one));
- MP_CHECKOK(mp_init(&order_1));
- MP_CHECKOK(mp_init(&gx));
- MP_CHECKOK(mp_init(&gy));
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&n));
-
- MP_CHECKOK(mp_set_int(&one, 1));
- MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
-
- /* encode base point */
- if (group->meth->field_dec) {
- MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
- MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
- } else {
- MP_CHECKOK(mp_copy(&group->genx, &gx));
- MP_CHECKOK(mp_copy(&group->geny, &gy));
- }
-
- if (ectestPrint) {
- /* output base point */
- printf(" base point P:\n");
- MP_CHECKOK(mp_toradix(&gx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&gy, s, 16));
- printf(" %s\n", s);
- if (group->meth->field_enc) {
- printf(" base point P (encoded):\n");
- MP_CHECKOK(mp_toradix(&group->genx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&group->geny, s, 16));
- printf(" %s\n", s);
- }
- }
+ mp_int one, order_1, gx, gy, rx, ry, n;
+ int size;
+ mp_err res;
+ char s[1000];
+
+ /* initialize values */
+ MP_CHECKOK(mp_init(&one));
+ MP_CHECKOK(mp_init(&order_1));
+ MP_CHECKOK(mp_init(&gx));
+ MP_CHECKOK(mp_init(&gy));
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&n));
+
+ MP_CHECKOK(mp_set_int(&one, 1));
+ MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
+
+ /* encode base point */
+ if (group->meth->field_dec) {
+ MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
+ MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
+ } else {
+ MP_CHECKOK(mp_copy(&group->genx, &gx));
+ MP_CHECKOK(mp_copy(&group->geny, &gy));
+ }
+
+ if (ectestPrint) {
+ /* output base point */
+ printf(" base point P:\n");
+ MP_CHECKOK(mp_toradix(&gx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&gy, s, 16));
+ printf(" %s\n", s);
+ if (group->meth->field_enc) {
+ printf(" base point P (encoded):\n");
+ MP_CHECKOK(mp_toradix(&group->genx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&group->geny, s, 16));
+ printf(" %s\n", s);
+ }
+ }
#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
- /* multiply base point by order - 1 and check for negative of base
+ /* multiply base point by order - 1 and check for negative of base
* point */
- MP_CHECKOK(ec_GF2m_pt_mul_aff
- (&order_1, &group->genx, &group->geny, &rx, &ry, group));
- if (ectestPrint) {
- printf(" (order-1)*P (affine):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
- if ((mp_cmp(&rx, &group->genx) != 0)
- || (mp_cmp(&ry, &group->geny) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ MP_CHECKOK(ec_GF2m_pt_mul_aff(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+ if (ectestPrint) {
+ printf(" (order-1)*P (affine):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+ if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
- /* multiply base point by order - 1 and check for negative of base
+ /* multiply base point by order - 1 and check for negative of base
* point */
- MP_CHECKOK(ec_GF2m_pt_mul_mont
- (&order_1, &group->genx, &group->geny, &rx, &ry, group));
- if (ectestPrint) {
- printf(" (order-1)*P (montgomery):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
- if ((mp_cmp(&rx, &group->genx) != 0)
- || (mp_cmp(&ry, &group->geny) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ MP_CHECKOK(ec_GF2m_pt_mul_mont(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+ if (ectestPrint) {
+ printf(" (order-1)*P (montgomery):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+ if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#ifdef ECL_ENABLE_GF2M_PROJ
- /* multiply base point by order - 1 and check for negative of base
+ /* multiply base point by order - 1 and check for negative of base
* point */
- MP_CHECKOK(ec_GF2m_pt_mul_proj
- (&order_1, &group->genx, &group->geny, &rx, &ry, group));
- if (ectestPrint) {
- printf(" (order-1)*P (projective):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
- if ((mp_cmp(&rx, &group->genx) != 0)
- || (mp_cmp(&ry, &group->geny) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ MP_CHECKOK(ec_GF2m_pt_mul_proj(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+ if (ectestPrint) {
+ printf(" (order-1)*P (projective):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+ if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
- /* multiply base point by order - 1 and check for negative of base
+ /* multiply base point by order - 1 and check for negative of base
* point */
- MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
- if (ectestPrint) {
- printf(" (order-1)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
- if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* multiply base point by order - 1 and check for negative of base
+ MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order-1)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+ if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* multiply base point by order - 1 and check for negative of base
* point */
- MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
- if (ectestPrint) {
- printf(" (order-1)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
- if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order-1)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+ if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ec_GF2m_pt_mul_aff
- (&group->order, &group->genx, &group->geny, &rx, &ry,
- group));
- if (ectestPrint) {
- printf(" (order)*P (affine):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ec_GF2m_pt_mul_aff(&group->order, &group->genx, &group->geny, &rx, &ry,
+ group));
+ if (ectestPrint) {
+ printf(" (order)*P (affine):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ec_GF2m_pt_mul_mont
- (&group->order, &group->genx, &group->geny, &rx, &ry,
- group));
- if (ectestPrint) {
- printf(" (order)*P (montgomery):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ec_GF2m_pt_mul_mont(&group->order, &group->genx, &group->geny, &rx, &ry,
+ group));
+ if (ectestPrint) {
+ printf(" (order)*P (montgomery):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#ifdef ECL_ENABLE_GF2M_PROJ
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ec_GF2m_pt_mul_proj
- (&group->order, &group->genx, &group->geny, &rx, &ry,
- group));
- if (ectestPrint) {
- printf(" (order)*P (projective):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ec_GF2m_pt_mul_proj(&group->order, &group->genx, &group->geny, &rx, &ry,
+ group));
+ if (ectestPrint) {
+ printf(" (order)*P (projective):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
- if (ectestPrint) {
- printf(" (order)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
- if (ectestPrint) {
- printf(" (order)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* check that (order-1)P + (order-1)P + P == (order-1)P */
- MP_CHECKOK(ECPoints_mul
- (group, &order_1, &order_1, &gx, &gy, &rx, &ry));
- MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
- if (ectestPrint) {
- printf
- (" (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
- if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* test validate_point function */
- if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
- printf(" Error: validate point on base point failed.\n");
- res = MP_NO;
- goto CLEANUP;
- }
- MP_CHECKOK(mp_add_d(&gy, 1, &ry));
- if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
- printf(" Error: validate point on invalid point passed.\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- if (ectestTime) {
- /* compute random scalar */
- size = mpl_significant_bits(&group->meth->irr);
- if (size < MP_OKAY) {
- goto CLEANUP;
- }
- MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
- MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
- /* timed test */
- if (generic) {
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* check that (order-1)P + (order-1)P + P == (order-1)P */
+ MP_CHECKOK(ECPoints_mul(group, &order_1, &order_1, &gx, &gy, &rx, &ry));
+ MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+ if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* test validate_point function */
+ if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
+ printf(" Error: validate point on base point failed.\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(mp_add_d(&gy, 1, &ry));
+ if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
+ printf(" Error: validate point on invalid point passed.\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ if (ectestTime) {
+ /* compute random scalar */
+ size = mpl_significant_bits(&group->meth->irr);
+ if (size < MP_OKAY) {
+ goto CLEANUP;
+ }
+ MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+ MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
+ /* timed test */
+ if (generic) {
#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
- M_TimeOperation(MP_CHECKOK
- (ec_GF2m_pt_mul_aff
- (&n, &group->genx, &group->geny, &rx, &ry,
- group)), 100);
+ M_TimeOperation(MP_CHECKOK(ec_GF2m_pt_mul_aff(&n, &group->genx, &group->geny, &rx, &ry,
+ group)),
+ 100);
#endif
- M_TimeOperation(MP_CHECKOK
- (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
- 100);
- M_TimeOperation(MP_CHECKOK
- (ECPoints_mul
- (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
- } else {
- M_TimeOperation(MP_CHECKOK
- (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
- 100);
- M_TimeOperation(MP_CHECKOK
- (ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
- 100);
- M_TimeOperation(MP_CHECKOK
- (ECPoints_mul
- (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
- }
- }
-
- CLEANUP:
- mp_clear(&one);
- mp_clear(&order_1);
- mp_clear(&gx);
- mp_clear(&gy);
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&n);
- if (res != MP_OKAY) {
- printf(" Error: exiting with error value %i\n", res);
- }
- return res;
+ M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+ 100);
+ M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+ } else {
+ M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+ 100);
+ M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
+ 100);
+ M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+ }
+ }
+
+CLEANUP:
+ mp_clear(&one);
+ mp_clear(&order_1);
+ mp_clear(&gx);
+ mp_clear(&gy);
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&n);
+ if (res != MP_OKAY) {
+ printf(" Error: exiting with error value %i\n", res);
+ }
+ return res;
}
/* Prints help information. */
void
printUsage()
{
- printf("Usage: ecp_test [--print] [--time]\n");
- printf
- (" --print Print out results of each point arithmetic test.\n");
- printf
- (" --time Benchmark point operations and print results.\n");
+ printf("Usage: ecp_test [--print] [--time]\n");
+ printf(" --print Print out results of each point arithmetic test.\n");
+ printf(" --time Benchmark point operations and print results.\n");
}
/* Performs tests of elliptic curve cryptography over binary polynomial
@@ -394,89 +377,85 @@ int
main(int argv, char **argc)
{
- int ectestTime = 0;
- int ectestPrint = 0;
- int i;
- ECGroup *group = NULL;
- ECCurveParams *params = NULL;
- mp_err res;
-
- /* read command-line arguments */
- for (i = 1; i < argv; i++) {
- if ((strcasecmp(argc[i], "time") == 0)
- || (strcasecmp(argc[i], "-time") == 0)
- || (strcasecmp(argc[i], "--time") == 0)) {
- ectestTime = 1;
- } else if ((strcasecmp(argc[i], "print") == 0)
- || (strcasecmp(argc[i], "-print") == 0)
- || (strcasecmp(argc[i], "--print") == 0)) {
- ectestPrint = 1;
- } else {
- printUsage();
- return 0;
- }
- }
-
- /* generic arithmetic tests */
- ECTEST_GENERIC_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
-
- /* specific arithmetic tests */
- ECTEST_NAMED_GF2M("NIST-K163", ECCurve_NIST_K163);
- ECTEST_NAMED_GF2M("NIST-B163", ECCurve_NIST_B163);
- ECTEST_NAMED_GF2M("NIST-K233", ECCurve_NIST_K233);
- ECTEST_NAMED_GF2M("NIST-B233", ECCurve_NIST_B233);
- ECTEST_NAMED_GF2M("NIST-K283", ECCurve_NIST_K283);
- ECTEST_NAMED_GF2M("NIST-B283", ECCurve_NIST_B283);
- ECTEST_NAMED_GF2M("NIST-K409", ECCurve_NIST_K409);
- ECTEST_NAMED_GF2M("NIST-B409", ECCurve_NIST_B409);
- ECTEST_NAMED_GF2M("NIST-K571", ECCurve_NIST_K571);
- ECTEST_NAMED_GF2M("NIST-B571", ECCurve_NIST_B571);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V1", ECCurve_X9_62_CHAR2_PNB163V1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V2", ECCurve_X9_62_CHAR2_PNB163V2);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V3", ECCurve_X9_62_CHAR2_PNB163V3);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB176V1", ECCurve_X9_62_CHAR2_PNB176V1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V1", ECCurve_X9_62_CHAR2_TNB191V1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V2", ECCurve_X9_62_CHAR2_TNB191V2);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V3", ECCurve_X9_62_CHAR2_TNB191V3);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB208W1", ECCurve_X9_62_CHAR2_PNB208W1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V1", ECCurve_X9_62_CHAR2_TNB239V1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V2", ECCurve_X9_62_CHAR2_TNB239V2);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V3", ECCurve_X9_62_CHAR2_TNB239V3);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB272W1", ECCurve_X9_62_CHAR2_PNB272W1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB304W1", ECCurve_X9_62_CHAR2_PNB304W1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB359V1", ECCurve_X9_62_CHAR2_TNB359V1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB368W1", ECCurve_X9_62_CHAR2_PNB368W1);
- ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB431R1", ECCurve_X9_62_CHAR2_TNB431R1);
- ECTEST_NAMED_GF2M("SECT-113R1", ECCurve_SECG_CHAR2_113R1);
- ECTEST_NAMED_GF2M("SECT-113R2", ECCurve_SECG_CHAR2_113R2);
- ECTEST_NAMED_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
- ECTEST_NAMED_GF2M("SECT-131R2", ECCurve_SECG_CHAR2_131R2);
- ECTEST_NAMED_GF2M("SECT-163K1", ECCurve_SECG_CHAR2_163K1);
- ECTEST_NAMED_GF2M("SECT-163R1", ECCurve_SECG_CHAR2_163R1);
- ECTEST_NAMED_GF2M("SECT-163R2", ECCurve_SECG_CHAR2_163R2);
- ECTEST_NAMED_GF2M("SECT-193R1", ECCurve_SECG_CHAR2_193R1);
- ECTEST_NAMED_GF2M("SECT-193R2", ECCurve_SECG_CHAR2_193R2);
- ECTEST_NAMED_GF2M("SECT-233K1", ECCurve_SECG_CHAR2_233K1);
- ECTEST_NAMED_GF2M("SECT-233R1", ECCurve_SECG_CHAR2_233R1);
- ECTEST_NAMED_GF2M("SECT-239K1", ECCurve_SECG_CHAR2_239K1);
- ECTEST_NAMED_GF2M("SECT-283K1", ECCurve_SECG_CHAR2_283K1);
- ECTEST_NAMED_GF2M("SECT-283R1", ECCurve_SECG_CHAR2_283R1);
- ECTEST_NAMED_GF2M("SECT-409K1", ECCurve_SECG_CHAR2_409K1);
- ECTEST_NAMED_GF2M("SECT-409R1", ECCurve_SECG_CHAR2_409R1);
- ECTEST_NAMED_GF2M("SECT-571K1", ECCurve_SECG_CHAR2_571K1);
- ECTEST_NAMED_GF2M("SECT-571R1", ECCurve_SECG_CHAR2_571R1);
- ECTEST_NAMED_GF2M("WTLS-1 (113)", ECCurve_WTLS_1);
- ECTEST_NAMED_GF2M("WTLS-3 (163)", ECCurve_WTLS_3);
- ECTEST_NAMED_GF2M("WTLS-4 (113)", ECCurve_WTLS_4);
- ECTEST_NAMED_GF2M("WTLS-5 (163)", ECCurve_WTLS_5);
- ECTEST_NAMED_GF2M("WTLS-10 (233)", ECCurve_WTLS_10);
- ECTEST_NAMED_GF2M("WTLS-11 (233)", ECCurve_WTLS_11);
-
- CLEANUP:
- EC_FreeCurveParams(params);
- ECGroup_free(group);
- if (res != MP_OKAY) {
- printf("Error: exiting with error value %i\n", res);
- }
- return res;
+ int ectestTime = 0;
+ int ectestPrint = 0;
+ int i;
+ ECGroup *group = NULL;
+ ECCurveParams *params = NULL;
+ mp_err res;
+
+ /* read command-line arguments */
+ for (i = 1; i < argv; i++) {
+ if ((strcasecmp(argc[i], "time") == 0) || (strcasecmp(argc[i], "-time") == 0) || (strcasecmp(argc[i], "--time") == 0)) {
+ ectestTime = 1;
+ } else if ((strcasecmp(argc[i], "print") == 0) || (strcasecmp(argc[i], "-print") == 0) || (strcasecmp(argc[i], "--print") == 0)) {
+ ectestPrint = 1;
+ } else {
+ printUsage();
+ return 0;
+ }
+ }
+
+ /* generic arithmetic tests */
+ ECTEST_GENERIC_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
+
+ /* specific arithmetic tests */
+ ECTEST_NAMED_GF2M("NIST-K163", ECCurve_NIST_K163);
+ ECTEST_NAMED_GF2M("NIST-B163", ECCurve_NIST_B163);
+ ECTEST_NAMED_GF2M("NIST-K233", ECCurve_NIST_K233);
+ ECTEST_NAMED_GF2M("NIST-B233", ECCurve_NIST_B233);
+ ECTEST_NAMED_GF2M("NIST-K283", ECCurve_NIST_K283);
+ ECTEST_NAMED_GF2M("NIST-B283", ECCurve_NIST_B283);
+ ECTEST_NAMED_GF2M("NIST-K409", ECCurve_NIST_K409);
+ ECTEST_NAMED_GF2M("NIST-B409", ECCurve_NIST_B409);
+ ECTEST_NAMED_GF2M("NIST-K571", ECCurve_NIST_K571);
+ ECTEST_NAMED_GF2M("NIST-B571", ECCurve_NIST_B571);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V1", ECCurve_X9_62_CHAR2_PNB163V1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V2", ECCurve_X9_62_CHAR2_PNB163V2);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V3", ECCurve_X9_62_CHAR2_PNB163V3);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB176V1", ECCurve_X9_62_CHAR2_PNB176V1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V1", ECCurve_X9_62_CHAR2_TNB191V1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V2", ECCurve_X9_62_CHAR2_TNB191V2);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V3", ECCurve_X9_62_CHAR2_TNB191V3);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB208W1", ECCurve_X9_62_CHAR2_PNB208W1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V1", ECCurve_X9_62_CHAR2_TNB239V1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V2", ECCurve_X9_62_CHAR2_TNB239V2);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V3", ECCurve_X9_62_CHAR2_TNB239V3);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB272W1", ECCurve_X9_62_CHAR2_PNB272W1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB304W1", ECCurve_X9_62_CHAR2_PNB304W1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB359V1", ECCurve_X9_62_CHAR2_TNB359V1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB368W1", ECCurve_X9_62_CHAR2_PNB368W1);
+ ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB431R1", ECCurve_X9_62_CHAR2_TNB431R1);
+ ECTEST_NAMED_GF2M("SECT-113R1", ECCurve_SECG_CHAR2_113R1);
+ ECTEST_NAMED_GF2M("SECT-113R2", ECCurve_SECG_CHAR2_113R2);
+ ECTEST_NAMED_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
+ ECTEST_NAMED_GF2M("SECT-131R2", ECCurve_SECG_CHAR2_131R2);
+ ECTEST_NAMED_GF2M("SECT-163K1", ECCurve_SECG_CHAR2_163K1);
+ ECTEST_NAMED_GF2M("SECT-163R1", ECCurve_SECG_CHAR2_163R1);
+ ECTEST_NAMED_GF2M("SECT-163R2", ECCurve_SECG_CHAR2_163R2);
+ ECTEST_NAMED_GF2M("SECT-193R1", ECCurve_SECG_CHAR2_193R1);
+ ECTEST_NAMED_GF2M("SECT-193R2", ECCurve_SECG_CHAR2_193R2);
+ ECTEST_NAMED_GF2M("SECT-233K1", ECCurve_SECG_CHAR2_233K1);
+ ECTEST_NAMED_GF2M("SECT-233R1", ECCurve_SECG_CHAR2_233R1);
+ ECTEST_NAMED_GF2M("SECT-239K1", ECCurve_SECG_CHAR2_239K1);
+ ECTEST_NAMED_GF2M("SECT-283K1", ECCurve_SECG_CHAR2_283K1);
+ ECTEST_NAMED_GF2M("SECT-283R1", ECCurve_SECG_CHAR2_283R1);
+ ECTEST_NAMED_GF2M("SECT-409K1", ECCurve_SECG_CHAR2_409K1);
+ ECTEST_NAMED_GF2M("SECT-409R1", ECCurve_SECG_CHAR2_409R1);
+ ECTEST_NAMED_GF2M("SECT-571K1", ECCurve_SECG_CHAR2_571K1);
+ ECTEST_NAMED_GF2M("SECT-571R1", ECCurve_SECG_CHAR2_571R1);
+ ECTEST_NAMED_GF2M("WTLS-1 (113)", ECCurve_WTLS_1);
+ ECTEST_NAMED_GF2M("WTLS-3 (163)", ECCurve_WTLS_3);
+ ECTEST_NAMED_GF2M("WTLS-4 (113)", ECCurve_WTLS_4);
+ ECTEST_NAMED_GF2M("WTLS-5 (163)", ECCurve_WTLS_5);
+ ECTEST_NAMED_GF2M("WTLS-10 (233)", ECCurve_WTLS_10);
+ ECTEST_NAMED_GF2M("WTLS-11 (233)", ECCurve_WTLS_11);
+
+CLEANUP:
+ EC_FreeCurveParams(params);
+ ECGroup_free(group);
+ if (res != MP_OKAY) {
+ printf("Error: exiting with error value %i\n", res);
+ }
+ return res;
}
diff --git a/lib/freebl/ecl/tests/ec_naft.c b/lib/freebl/ecl/tests/ec_naft.c
index 833daeaca..61ef15c36 100644
--- a/lib/freebl/ecl/tests/ec_naft.c
+++ b/lib/freebl/ecl/tests/ec_naft.c
@@ -14,7 +14,7 @@
#include <sys/time.h>
#include <sys/resource.h>
-/* Returns 2^e as an integer. This is meant to be used for small powers of
+/* Returns 2^e as an integer. This is meant to be used for small powers of
* two. */
int ec_twoTo(int e);
@@ -22,96 +22,100 @@ int ec_twoTo(int e);
#define BITSIZE 160
/* Time k repetitions of operation op. */
-#define M_TimeOperation(op, k) { \
- double dStart, dNow, dUserTime; \
- struct rusage ru; \
- int i; \
- getrusage(RUSAGE_SELF, &ru); \
- dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- for (i = 0; i < k; i++) { \
- { op; } \
- }; \
- getrusage(RUSAGE_SELF, &ru); \
- dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- dUserTime = dNow-dStart; \
- if (dUserTime) printf(" %-45s\n k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
-}
-
-/* Tests wNAF computation. Non-adjacent-form is discussed in the paper: D.
+#define M_TimeOperation(op, k) \
+ { \
+ double dStart, dNow, dUserTime; \
+ struct rusage ru; \
+ int i; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ for (i = 0; i < k; i++) { \
+ { \
+ op; \
+ } \
+ }; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ dUserTime = dNow - dStart; \
+ if (dUserTime) \
+ printf(" %-45s\n k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
+ }
+
+/* Tests wNAF computation. Non-adjacent-form is discussed in the paper: D.
* Hankerson, J. Hernandez and A. Menezes, "Software implementation of
* elliptic curve cryptography over binary fields", Proc. CHES 2000. */
mp_err
main(void)
{
- signed char naf[BITSIZE + 1];
- ECGroup *group = NULL;
- mp_int k;
- mp_int *scalar;
- int i, count;
- int res;
- int w = 5;
- char s[1000];
-
- /* Get a 160 bit scalar to compute wNAF from */
- group = ECGroup_fromName(ECCurve_SECG_PRIME_160R1);
- scalar = &group->genx;
-
- /* Compute wNAF representation of scalar */
- ec_compute_wNAF(naf, BITSIZE, scalar, w);
-
- /* Verify correctness of representation */
- mp_init(&k); /* init k to 0 */
-
- for (i = BITSIZE; i >= 0; i--) {
- mp_add(&k, &k, &k);
- /* digits in mp_???_d are unsigned */
- if (naf[i] >= 0) {
- mp_add_d(&k, naf[i], &k);
- } else {
- mp_sub_d(&k, -naf[i], &k);
- }
- }
-
- if (mp_cmp(&k, scalar) != 0) {
- printf("Error: incorrect NAF value.\n");
- MP_CHECKOK(mp_toradix(&k, s, 16));
- printf("NAF value %s\n", s);
- MP_CHECKOK(mp_toradix(scalar, s, 16));
- printf("original value %s\n", s);
- goto CLEANUP;
- }
-
- /* Verify digits of representation are valid */
- for (i = 0; i <= BITSIZE; i++) {
- if (naf[i] % 2 == 0 && naf[i] != 0) {
- printf("Error: Even non-zero digit found.\n");
- goto CLEANUP;
- }
- if (naf[i] < -(ec_twoTo(w - 1)) || naf[i] >= ec_twoTo(w - 1)) {
- printf("Error: Magnitude of naf digit too large.\n");
- goto CLEANUP;
- }
- }
-
- /* Verify sparsity of representation */
- count = w - 1;
- for (i = 0; i <= BITSIZE; i++) {
- if (naf[i] != 0) {
- if (count < w - 1) {
- printf("Error: Sparsity failed.\n");
- goto CLEANUP;
- }
- count = 0;
- } else
- count++;
- }
-
- /* Check timing */
- M_TimeOperation(ec_compute_wNAF(naf, BITSIZE, scalar, w), 10000);
-
- printf("Test passed.\n");
- CLEANUP:
- ECGroup_free(group);
- return MP_OKAY;
+ signed char naf[BITSIZE + 1];
+ ECGroup *group = NULL;
+ mp_int k;
+ mp_int *scalar;
+ int i, count;
+ int res;
+ int w = 5;
+ char s[1000];
+
+ /* Get a 160 bit scalar to compute wNAF from */
+ group = ECGroup_fromName(ECCurve_SECG_PRIME_160R1);
+ scalar = &group->genx;
+
+ /* Compute wNAF representation of scalar */
+ ec_compute_wNAF(naf, BITSIZE, scalar, w);
+
+ /* Verify correctness of representation */
+ mp_init(&k); /* init k to 0 */
+
+ for (i = BITSIZE; i >= 0; i--) {
+ mp_add(&k, &k, &k);
+ /* digits in mp_???_d are unsigned */
+ if (naf[i] >= 0) {
+ mp_add_d(&k, naf[i], &k);
+ } else {
+ mp_sub_d(&k, -naf[i], &k);
+ }
+ }
+
+ if (mp_cmp(&k, scalar) != 0) {
+ printf("Error: incorrect NAF value.\n");
+ MP_CHECKOK(mp_toradix(&k, s, 16));
+ printf("NAF value %s\n", s);
+ MP_CHECKOK(mp_toradix(scalar, s, 16));
+ printf("original value %s\n", s);
+ goto CLEANUP;
+ }
+
+ /* Verify digits of representation are valid */
+ for (i = 0; i <= BITSIZE; i++) {
+ if (naf[i] % 2 == 0 && naf[i] != 0) {
+ printf("Error: Even non-zero digit found.\n");
+ goto CLEANUP;
+ }
+ if (naf[i] < -(ec_twoTo(w - 1)) || naf[i] >= ec_twoTo(w - 1)) {
+ printf("Error: Magnitude of naf digit too large.\n");
+ goto CLEANUP;
+ }
+ }
+
+ /* Verify sparsity of representation */
+ count = w - 1;
+ for (i = 0; i <= BITSIZE; i++) {
+ if (naf[i] != 0) {
+ if (count < w - 1) {
+ printf("Error: Sparsity failed.\n");
+ goto CLEANUP;
+ }
+ count = 0;
+ } else
+ count++;
+ }
+
+ /* Check timing */
+ M_TimeOperation(ec_compute_wNAF(naf, BITSIZE, scalar, w), 10000);
+
+ printf("Test passed.\n");
+CLEANUP:
+ ECGroup_free(group);
+ return MP_OKAY;
}
diff --git a/lib/freebl/ecl/tests/ecp_fpt.c b/lib/freebl/ecl/tests/ecp_fpt.c
index 3c9179665..490e0afc0 100644
--- a/lib/freebl/ecl/tests/ecp_fpt.c
+++ b/lib/freebl/ecl/tests/ecp_fpt.c
@@ -11,450 +11,453 @@
#include <sys/resource.h>
/* Time k repetitions of operation op. */
-#define M_TimeOperation(op, k) { \
- double dStart, dNow, dUserTime; \
- struct rusage ru; \
- int i; \
- getrusage(RUSAGE_SELF, &ru); \
- dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- for (i = 0; i < k; i++) { \
- { op; } \
- }; \
- getrusage(RUSAGE_SELF, &ru); \
- dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- dUserTime = dNow-dStart; \
- if (dUserTime) printf(" %-45s\n k: %6i, t: %6.2f sec, k/t: %6.2f ops/sec\n", #op, k, dUserTime, k/dUserTime); \
-}
+#define M_TimeOperation(op, k) \
+ { \
+ double dStart, dNow, dUserTime; \
+ struct rusage ru; \
+ int i; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ for (i = 0; i < k; i++) { \
+ { \
+ op; \
+ } \
+ }; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ dUserTime = dNow - dStart; \
+ if (dUserTime) \
+ printf(" %-45s\n k: %6i, t: %6.2f sec, k/t: %6.2f ops/sec\n", #op, k, dUserTime, k / dUserTime); \
+ }
/* Test curve using specific floating point field arithmetic. */
-#define M_TestCurve(name_c, name) { \
- printf("Testing %s using specific floating point implementation...\n", name_c); \
- ECGroup_free(ecgroup); \
- ecgroup = ECGroup_fromName(name); \
- if (ecgroup == NULL) { \
- printf(" Warning: could not construct group.\n"); \
- printf("%s failed.\n", name_c); \
- res = MP_NO; \
- goto CLEANUP; \
- } else { \
- MP_CHECKOK( testCurve(ecgroup)); \
- printf("%s passed.\n", name_c); \
- } \
-}
+#define M_TestCurve(name_c, name) \
+ { \
+ printf("Testing %s using specific floating point implementation...\n", name_c); \
+ ECGroup_free(ecgroup); \
+ ecgroup = ECGroup_fromName(name); \
+ if (ecgroup == NULL) { \
+ printf(" Warning: could not construct group.\n"); \
+ printf("%s failed.\n", name_c); \
+ res = MP_NO; \
+ goto CLEANUP; \
+ } else { \
+ MP_CHECKOK(testCurve(ecgroup)); \
+ printf("%s passed.\n", name_c); \
+ } \
+ }
/* Outputs a floating point double (currently not used) */
void
-d_output(const double *u, int len, char *name, const EC_group_fp * group)
+d_output(const double *u, int len, char *name, const EC_group_fp *group)
{
- int i;
-
- printf("%s: ", name);
- for (i = 0; i < len; i++) {
- printf("+ %.2f * 2^%i ", u[i] / ecfp_exp[i],
- group->doubleBitSize * i);
- }
- printf("\n");
+ int i;
+
+ printf("%s: ", name);
+ for (i = 0; i < len; i++) {
+ printf("+ %.2f * 2^%i ", u[i] / ecfp_exp[i],
+ group->doubleBitSize * i);
+ }
+ printf("\n");
}
/* Tests a point p in Jacobian coordinates, comparing against the
* expected affine result (x, y). */
mp_err
-testJacPoint(ecfp_jac_pt * p, mp_int *x, mp_int *y, ECGroup *ecgroup)
+testJacPoint(ecfp_jac_pt *p, mp_int *x, mp_int *y, ECGroup *ecgroup)
{
- char s[1000];
- mp_int rx, ry, rz;
- mp_err res = MP_OKAY;
-
- MP_DIGITS(&rx) = 0;
- MP_DIGITS(&ry) = 0;
- MP_DIGITS(&rz) = 0;
-
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&rz));
-
- ecfp_fp2i(&rx, p->x, ecgroup);
- ecfp_fp2i(&ry, p->y, ecgroup);
- ecfp_fp2i(&rz, p->z, ecgroup);
-
- /* convert result R to affine coordinates */
- ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
-
- /* Compare to expected result */
- if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
- printf(" Error: Jacobian Floating Point Incorrect.\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("floating point result\nrx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- MP_CHECKOK(mp_toradix(x, s, 16));
- printf("integer result\nx %s\n", s);
- MP_CHECKOK(mp_toradix(y, s, 16));
- printf("y %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- CLEANUP:
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&rz);
-
- return res;
+ char s[1000];
+ mp_int rx, ry, rz;
+ mp_err res = MP_OKAY;
+
+ MP_DIGITS(&rx) = 0;
+ MP_DIGITS(&ry) = 0;
+ MP_DIGITS(&rz) = 0;
+
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&rz));
+
+ ecfp_fp2i(&rx, p->x, ecgroup);
+ ecfp_fp2i(&ry, p->y, ecgroup);
+ ecfp_fp2i(&rz, p->z, ecgroup);
+
+ /* convert result R to affine coordinates */
+ ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+ /* Compare to expected result */
+ if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+ printf(" Error: Jacobian Floating Point Incorrect.\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("floating point result\nrx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ MP_CHECKOK(mp_toradix(x, s, 16));
+ printf("integer result\nx %s\n", s);
+ MP_CHECKOK(mp_toradix(y, s, 16));
+ printf("y %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+CLEANUP:
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&rz);
+
+ return res;
}
/* Tests a point p in Chudnovsky Jacobian coordinates, comparing against
* the expected affine result (x, y). */
mp_err
-testChudPoint(ecfp_chud_pt * p, mp_int *x, mp_int *y, ECGroup *ecgroup)
+testChudPoint(ecfp_chud_pt *p, mp_int *x, mp_int *y, ECGroup *ecgroup)
{
- char s[1000];
- mp_int rx, ry, rz, rz2, rz3, test;
- mp_err res = MP_OKAY;
-
- /* Initialization */
- MP_DIGITS(&rx) = 0;
- MP_DIGITS(&ry) = 0;
- MP_DIGITS(&rz) = 0;
- MP_DIGITS(&rz2) = 0;
- MP_DIGITS(&rz3) = 0;
- MP_DIGITS(&test) = 0;
-
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&rz));
- MP_CHECKOK(mp_init(&rz2));
- MP_CHECKOK(mp_init(&rz3));
- MP_CHECKOK(mp_init(&test));
-
- /* Convert to integers */
- ecfp_fp2i(&rx, p->x, ecgroup);
- ecfp_fp2i(&ry, p->y, ecgroup);
- ecfp_fp2i(&rz, p->z, ecgroup);
- ecfp_fp2i(&rz2, p->z2, ecgroup);
- ecfp_fp2i(&rz3, p->z3, ecgroup);
-
- /* Verify z2, z3 are valid */
- mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
- if (mp_cmp(&test, &rz2) != 0) {
- printf(" Error: rzp2 not valid\n");
- res = MP_NO;
- goto CLEANUP;
- }
- mp_mulmod(&test, &rz, &ecgroup->meth->irr, &test);
- if (mp_cmp(&test, &rz3) != 0) {
- printf(" Error: rzp2 not valid\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* convert result R to affine coordinates */
- ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
-
- /* Compare against expected result */
- if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
- printf(" Error: Chudnovsky Floating Point Incorrect.\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("floating point result\nrx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- MP_CHECKOK(mp_toradix(x, s, 16));
- printf("integer result\nx %s\n", s);
- MP_CHECKOK(mp_toradix(y, s, 16));
- printf("y %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- CLEANUP:
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&rz);
- mp_clear(&rz2);
- mp_clear(&rz3);
- mp_clear(&test);
-
- return res;
+ char s[1000];
+ mp_int rx, ry, rz, rz2, rz3, test;
+ mp_err res = MP_OKAY;
+
+ /* Initialization */
+ MP_DIGITS(&rx) = 0;
+ MP_DIGITS(&ry) = 0;
+ MP_DIGITS(&rz) = 0;
+ MP_DIGITS(&rz2) = 0;
+ MP_DIGITS(&rz3) = 0;
+ MP_DIGITS(&test) = 0;
+
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&rz));
+ MP_CHECKOK(mp_init(&rz2));
+ MP_CHECKOK(mp_init(&rz3));
+ MP_CHECKOK(mp_init(&test));
+
+ /* Convert to integers */
+ ecfp_fp2i(&rx, p->x, ecgroup);
+ ecfp_fp2i(&ry, p->y, ecgroup);
+ ecfp_fp2i(&rz, p->z, ecgroup);
+ ecfp_fp2i(&rz2, p->z2, ecgroup);
+ ecfp_fp2i(&rz3, p->z3, ecgroup);
+
+ /* Verify z2, z3 are valid */
+ mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
+ if (mp_cmp(&test, &rz2) != 0) {
+ printf(" Error: rzp2 not valid\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+ mp_mulmod(&test, &rz, &ecgroup->meth->irr, &test);
+ if (mp_cmp(&test, &rz3) != 0) {
+ printf(" Error: rzp2 not valid\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* convert result R to affine coordinates */
+ ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+ /* Compare against expected result */
+ if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+ printf(" Error: Chudnovsky Floating Point Incorrect.\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("floating point result\nrx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ MP_CHECKOK(mp_toradix(x, s, 16));
+ printf("integer result\nx %s\n", s);
+ MP_CHECKOK(mp_toradix(y, s, 16));
+ printf("y %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+CLEANUP:
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&rz);
+ mp_clear(&rz2);
+ mp_clear(&rz3);
+ mp_clear(&test);
+
+ return res;
}
-/* Tests a point p in Modified Jacobian coordinates, comparing against the
+/* Tests a point p in Modified Jacobian coordinates, comparing against the
* expected affine result (x, y). */
mp_err
-testJmPoint(ecfp_jm_pt * r, mp_int *x, mp_int *y, ECGroup *ecgroup)
+testJmPoint(ecfp_jm_pt *r, mp_int *x, mp_int *y, ECGroup *ecgroup)
{
- char s[1000];
- mp_int rx, ry, rz, raz4, test;
- mp_err res = MP_OKAY;
-
- /* Initialization */
- MP_DIGITS(&rx) = 0;
- MP_DIGITS(&ry) = 0;
- MP_DIGITS(&rz) = 0;
- MP_DIGITS(&raz4) = 0;
- MP_DIGITS(&test) = 0;
-
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&rz));
- MP_CHECKOK(mp_init(&raz4));
- MP_CHECKOK(mp_init(&test));
-
- /* Convert to integer */
- ecfp_fp2i(&rx, r->x, ecgroup);
- ecfp_fp2i(&ry, r->y, ecgroup);
- ecfp_fp2i(&rz, r->z, ecgroup);
- ecfp_fp2i(&raz4, r->az4, ecgroup);
-
- /* Verify raz4 = rz^4 * a */
- mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
- mp_sqrmod(&test, &ecgroup->meth->irr, &test);
- mp_mulmod(&test, &ecgroup->curvea, &ecgroup->meth->irr, &test);
- if (mp_cmp(&test, &raz4) != 0) {
- printf(" Error: a*z^4 not valid\n");
- MP_CHECKOK(mp_toradix(&ecgroup->curvea, s, 16));
- printf("a %s\n", s);
- MP_CHECKOK(mp_toradix(&rz, s, 16));
- printf("rz %s\n", s);
- MP_CHECKOK(mp_toradix(&raz4, s, 16));
- printf("raz4 %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* convert result R to affine coordinates */
- ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
-
- /* Compare against expected result */
- if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
- printf(" Error: Modified Jacobian Floating Point Incorrect.\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("floating point result\nrx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- MP_CHECKOK(mp_toradix(x, s, 16));
- printf("integer result\nx %s\n", s);
- MP_CHECKOK(mp_toradix(y, s, 16));
- printf("y %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
- CLEANUP:
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&rz);
- mp_clear(&raz4);
- mp_clear(&test);
-
- return res;
+ char s[1000];
+ mp_int rx, ry, rz, raz4, test;
+ mp_err res = MP_OKAY;
+
+ /* Initialization */
+ MP_DIGITS(&rx) = 0;
+ MP_DIGITS(&ry) = 0;
+ MP_DIGITS(&rz) = 0;
+ MP_DIGITS(&raz4) = 0;
+ MP_DIGITS(&test) = 0;
+
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&rz));
+ MP_CHECKOK(mp_init(&raz4));
+ MP_CHECKOK(mp_init(&test));
+
+ /* Convert to integer */
+ ecfp_fp2i(&rx, r->x, ecgroup);
+ ecfp_fp2i(&ry, r->y, ecgroup);
+ ecfp_fp2i(&rz, r->z, ecgroup);
+ ecfp_fp2i(&raz4, r->az4, ecgroup);
+
+ /* Verify raz4 = rz^4 * a */
+ mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
+ mp_sqrmod(&test, &ecgroup->meth->irr, &test);
+ mp_mulmod(&test, &ecgroup->curvea, &ecgroup->meth->irr, &test);
+ if (mp_cmp(&test, &raz4) != 0) {
+ printf(" Error: a*z^4 not valid\n");
+ MP_CHECKOK(mp_toradix(&ecgroup->curvea, s, 16));
+ printf("a %s\n", s);
+ MP_CHECKOK(mp_toradix(&rz, s, 16));
+ printf("rz %s\n", s);
+ MP_CHECKOK(mp_toradix(&raz4, s, 16));
+ printf("raz4 %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* convert result R to affine coordinates */
+ ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+ /* Compare against expected result */
+ if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+ printf(" Error: Modified Jacobian Floating Point Incorrect.\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("floating point result\nrx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ MP_CHECKOK(mp_toradix(x, s, 16));
+ printf("integer result\nx %s\n", s);
+ MP_CHECKOK(mp_toradix(y, s, 16));
+ printf("y %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+CLEANUP:
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&rz);
+ mp_clear(&raz4);
+ mp_clear(&test);
+
+ return res;
}
/* Tests point addition of Jacobian + Affine -> Jacobian */
mp_err
testPointAddJacAff(ECGroup *ecgroup)
{
- mp_err res;
- mp_int pz, rx2, ry2, rz2;
- ecfp_jac_pt p, r;
- ecfp_aff_pt q;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- /* Init */
- MP_DIGITS(&pz) = 0;
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&rz2) = 0;
- MP_CHECKOK(mp_init(&pz));
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&rz2));
-
- MP_CHECKOK(mp_set_int(&pz, 5));
-
- /* Set p */
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(p.z, &pz, ecgroup);
- /* Set q */
- ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
- ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
-
- /* Do calculations */
- group->pt_add_jac_aff(&p, &q, &r, group);
-
- /* Do calculation in integer to compare against */
- MP_CHECKOK(ec_GFp_pt_add_jac_aff
- (&ecgroup->genx, &ecgroup->geny, &pz, &ecgroup->geny,
- &ecgroup->genx, &rx2, &ry2, &rz2, ecgroup));
- /* convert result R to affine coordinates */
- ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
-
- MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Addition - Jacobian & Affine\n");
- else
- printf("TEST FAILED - Point Addition - Jacobian & Affine\n");
-
- mp_clear(&pz);
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&rz2);
-
- return res;
+ mp_err res;
+ mp_int pz, rx2, ry2, rz2;
+ ecfp_jac_pt p, r;
+ ecfp_aff_pt q;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ /* Init */
+ MP_DIGITS(&pz) = 0;
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&rz2) = 0;
+ MP_CHECKOK(mp_init(&pz));
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&rz2));
+
+ MP_CHECKOK(mp_set_int(&pz, 5));
+
+ /* Set p */
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(p.z, &pz, ecgroup);
+ /* Set q */
+ ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+
+ /* Do calculations */
+ group->pt_add_jac_aff(&p, &q, &r, group);
+
+ /* Do calculation in integer to compare against */
+ MP_CHECKOK(ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &ecgroup->geny,
+ &ecgroup->genx, &rx2, &ry2, &rz2, ecgroup));
+ /* convert result R to affine coordinates */
+ ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+ MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Addition - Jacobian & Affine\n");
+ else
+ printf("TEST FAILED - Point Addition - Jacobian & Affine\n");
+
+ mp_clear(&pz);
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&rz2);
+
+ return res;
}
/* Tests point addition in Jacobian coordinates */
mp_err
testPointAddJac(ECGroup *ecgroup)
{
- mp_err res;
- mp_int pz, qz, qx, qy, rx2, ry2, rz2;
- ecfp_jac_pt p, q, r;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- /* Init */
- MP_DIGITS(&pz) = 0;
- MP_DIGITS(&qx) = 0;
- MP_DIGITS(&qy) = 0;
- MP_DIGITS(&qz) = 0;
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&rz2) = 0;
- MP_CHECKOK(mp_init(&pz));
- MP_CHECKOK(mp_init(&qx));
- MP_CHECKOK(mp_init(&qy));
- MP_CHECKOK(mp_init(&qz));
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&rz2));
-
- MP_CHECKOK(mp_set_int(&pz, 5));
- MP_CHECKOK(mp_set_int(&qz, 105));
-
- /* Set p */
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(p.z, &pz, ecgroup);
- /* Set q */
- ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
- ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
- ecfp_i2fp(q.z, &qz, ecgroup);
-
- /* Do calculations */
- group->pt_add_jac(&p, &q, &r, group);
-
- /* Do calculation in integer to compare against */
- ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
- ecgroup);
- MP_CHECKOK(ec_GFp_pt_add_jac_aff
- (&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy, &rx2, &ry2,
- &rz2, ecgroup));
- /* convert result R to affine coordinates */
- ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
-
- MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Addition - Jacobian\n");
- else
- printf("TEST FAILED - Point Addition - Jacobian\n");
-
- mp_clear(&pz);
- mp_clear(&qx);
- mp_clear(&qy);
- mp_clear(&qz);
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&rz2);
-
- return res;
+ mp_err res;
+ mp_int pz, qz, qx, qy, rx2, ry2, rz2;
+ ecfp_jac_pt p, q, r;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ /* Init */
+ MP_DIGITS(&pz) = 0;
+ MP_DIGITS(&qx) = 0;
+ MP_DIGITS(&qy) = 0;
+ MP_DIGITS(&qz) = 0;
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&rz2) = 0;
+ MP_CHECKOK(mp_init(&pz));
+ MP_CHECKOK(mp_init(&qx));
+ MP_CHECKOK(mp_init(&qy));
+ MP_CHECKOK(mp_init(&qz));
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&rz2));
+
+ MP_CHECKOK(mp_set_int(&pz, 5));
+ MP_CHECKOK(mp_set_int(&qz, 105));
+
+ /* Set p */
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(p.z, &pz, ecgroup);
+ /* Set q */
+ ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(q.z, &qz, ecgroup);
+
+ /* Do calculations */
+ group->pt_add_jac(&p, &q, &r, group);
+
+ /* Do calculation in integer to compare against */
+ ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+ ecgroup);
+ MP_CHECKOK(ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy, &rx2, &ry2,
+ &rz2, ecgroup));
+ /* convert result R to affine coordinates */
+ ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+ MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Addition - Jacobian\n");
+ else
+ printf("TEST FAILED - Point Addition - Jacobian\n");
+
+ mp_clear(&pz);
+ mp_clear(&qx);
+ mp_clear(&qy);
+ mp_clear(&qz);
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&rz2);
+
+ return res;
}
/* Tests point addition in Chudnovsky Jacobian Coordinates */
mp_err
testPointAddChud(ECGroup *ecgroup)
{
- mp_err res;
- mp_int rx2, ry2, ix, iy, iz, test, pz, qx, qy, qz;
- ecfp_chud_pt p, q, r;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- MP_DIGITS(&qx) = 0;
- MP_DIGITS(&qy) = 0;
- MP_DIGITS(&qz) = 0;
- MP_DIGITS(&pz) = 0;
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&ix) = 0;
- MP_DIGITS(&iy) = 0;
- MP_DIGITS(&iz) = 0;
- MP_DIGITS(&test) = 0;
-
- MP_CHECKOK(mp_init(&qx));
- MP_CHECKOK(mp_init(&qy));
- MP_CHECKOK(mp_init(&qz));
- MP_CHECKOK(mp_init(&pz));
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&ix));
- MP_CHECKOK(mp_init(&iy));
- MP_CHECKOK(mp_init(&iz));
- MP_CHECKOK(mp_init(&test));
-
- /* Test Chudnovsky form addition */
- /* Set p */
- MP_CHECKOK(mp_set_int(&pz, 5));
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(p.z, &pz, ecgroup);
- mp_sqrmod(&pz, &ecgroup->meth->irr, &test);
- ecfp_i2fp(p.z2, &test, ecgroup);
- mp_mulmod(&test, &pz, &ecgroup->meth->irr, &test);
- ecfp_i2fp(p.z3, &test, ecgroup);
-
- /* Set q */
- MP_CHECKOK(mp_set_int(&qz, 105));
- ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
- ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
- ecfp_i2fp(q.z, &qz, ecgroup);
- mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
- ecfp_i2fp(q.z2, &test, ecgroup);
- mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
- ecfp_i2fp(q.z3, &test, ecgroup);
-
- group->pt_add_chud(&p, &q, &r, group);
-
- /* Calculate addition to compare against */
- ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
- ecgroup);
- ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
- &ix, &iy, &iz, ecgroup);
- ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
-
- MP_CHECKOK(testChudPoint(&r, &rx2, &ry2, ecgroup));
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Addition - Chudnovsky Jacobian\n");
- else
- printf("TEST FAILED - Point Addition - Chudnovsky Jacobian\n");
-
- mp_clear(&qx);
- mp_clear(&qy);
- mp_clear(&qz);
- mp_clear(&pz);
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&ix);
- mp_clear(&iy);
- mp_clear(&iz);
- mp_clear(&test);
-
- return res;
+ mp_err res;
+ mp_int rx2, ry2, ix, iy, iz, test, pz, qx, qy, qz;
+ ecfp_chud_pt p, q, r;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ MP_DIGITS(&qx) = 0;
+ MP_DIGITS(&qy) = 0;
+ MP_DIGITS(&qz) = 0;
+ MP_DIGITS(&pz) = 0;
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&ix) = 0;
+ MP_DIGITS(&iy) = 0;
+ MP_DIGITS(&iz) = 0;
+ MP_DIGITS(&test) = 0;
+
+ MP_CHECKOK(mp_init(&qx));
+ MP_CHECKOK(mp_init(&qy));
+ MP_CHECKOK(mp_init(&qz));
+ MP_CHECKOK(mp_init(&pz));
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&ix));
+ MP_CHECKOK(mp_init(&iy));
+ MP_CHECKOK(mp_init(&iz));
+ MP_CHECKOK(mp_init(&test));
+
+ /* Test Chudnovsky form addition */
+ /* Set p */
+ MP_CHECKOK(mp_set_int(&pz, 5));
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(p.z, &pz, ecgroup);
+ mp_sqrmod(&pz, &ecgroup->meth->irr, &test);
+ ecfp_i2fp(p.z2, &test, ecgroup);
+ mp_mulmod(&test, &pz, &ecgroup->meth->irr, &test);
+ ecfp_i2fp(p.z3, &test, ecgroup);
+
+ /* Set q */
+ MP_CHECKOK(mp_set_int(&qz, 105));
+ ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(q.z, &qz, ecgroup);
+ mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
+ ecfp_i2fp(q.z2, &test, ecgroup);
+ mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
+ ecfp_i2fp(q.z3, &test, ecgroup);
+
+ group->pt_add_chud(&p, &q, &r, group);
+
+ /* Calculate addition to compare against */
+ ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+ ecgroup);
+ ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
+ &ix, &iy, &iz, ecgroup);
+ ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
+
+ MP_CHECKOK(testChudPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Addition - Chudnovsky Jacobian\n");
+ else
+ printf("TEST FAILED - Point Addition - Chudnovsky Jacobian\n");
+
+ mp_clear(&qx);
+ mp_clear(&qy);
+ mp_clear(&qz);
+ mp_clear(&pz);
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&ix);
+ mp_clear(&iy);
+ mp_clear(&iz);
+ mp_clear(&test);
+
+ return res;
}
/* Tests point addition in Modified Jacobian + Chudnovsky Jacobian ->
@@ -462,394 +465,382 @@ testPointAddChud(ECGroup *ecgroup)
mp_err
testPointAddJmChud(ECGroup *ecgroup)
{
- mp_err res;
- mp_int rx2, ry2, ix, iy, iz, test, pz, paz4, qx, qy, qz;
- ecfp_chud_pt q;
- ecfp_jm_pt p, r;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- MP_DIGITS(&qx) = 0;
- MP_DIGITS(&qy) = 0;
- MP_DIGITS(&qz) = 0;
- MP_DIGITS(&pz) = 0;
- MP_DIGITS(&paz4) = 0;
- MP_DIGITS(&iz) = 0;
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&ix) = 0;
- MP_DIGITS(&iy) = 0;
- MP_DIGITS(&iz) = 0;
- MP_DIGITS(&test) = 0;
-
- MP_CHECKOK(mp_init(&qx));
- MP_CHECKOK(mp_init(&qy));
- MP_CHECKOK(mp_init(&qz));
- MP_CHECKOK(mp_init(&pz));
- MP_CHECKOK(mp_init(&paz4));
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&ix));
- MP_CHECKOK(mp_init(&iy));
- MP_CHECKOK(mp_init(&iz));
- MP_CHECKOK(mp_init(&test));
-
- /* Test Modified Jacobian form addition */
- /* Set p */
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
- /* paz4 = az^4 */
- MP_CHECKOK(mp_set_int(&pz, 5));
- mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
- mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
- mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
- ecfp_i2fp(p.z, &pz, ecgroup);
- ecfp_i2fp(p.az4, &paz4, ecgroup);
-
- /* Set q */
- MP_CHECKOK(mp_set_int(&qz, 105));
- ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
- ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
- ecfp_i2fp(q.z, &qz, ecgroup);
- mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
- ecfp_i2fp(q.z2, &test, ecgroup);
- mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
- ecfp_i2fp(q.z3, &test, ecgroup);
-
- /* Do calculation */
- group->pt_add_jm_chud(&p, &q, &r, group);
-
- /* Calculate addition to compare against */
- ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
- ecgroup);
- ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
- &ix, &iy, &iz, ecgroup);
- ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
-
- MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
-
- CLEANUP:
- if (res == MP_OKAY)
- printf
- (" Test Passed - Point Addition - Modified & Chudnovsky Jacobian\n");
- else
- printf
- ("TEST FAILED - Point Addition - Modified & Chudnovsky Jacobian\n");
-
- mp_clear(&qx);
- mp_clear(&qy);
- mp_clear(&qz);
- mp_clear(&pz);
- mp_clear(&paz4);
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&ix);
- mp_clear(&iy);
- mp_clear(&iz);
- mp_clear(&test);
-
- return res;
+ mp_err res;
+ mp_int rx2, ry2, ix, iy, iz, test, pz, paz4, qx, qy, qz;
+ ecfp_chud_pt q;
+ ecfp_jm_pt p, r;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ MP_DIGITS(&qx) = 0;
+ MP_DIGITS(&qy) = 0;
+ MP_DIGITS(&qz) = 0;
+ MP_DIGITS(&pz) = 0;
+ MP_DIGITS(&paz4) = 0;
+ MP_DIGITS(&iz) = 0;
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&ix) = 0;
+ MP_DIGITS(&iy) = 0;
+ MP_DIGITS(&iz) = 0;
+ MP_DIGITS(&test) = 0;
+
+ MP_CHECKOK(mp_init(&qx));
+ MP_CHECKOK(mp_init(&qy));
+ MP_CHECKOK(mp_init(&qz));
+ MP_CHECKOK(mp_init(&pz));
+ MP_CHECKOK(mp_init(&paz4));
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&ix));
+ MP_CHECKOK(mp_init(&iy));
+ MP_CHECKOK(mp_init(&iz));
+ MP_CHECKOK(mp_init(&test));
+
+ /* Test Modified Jacobian form addition */
+ /* Set p */
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+ /* paz4 = az^4 */
+ MP_CHECKOK(mp_set_int(&pz, 5));
+ mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
+ mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
+ mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
+ ecfp_i2fp(p.z, &pz, ecgroup);
+ ecfp_i2fp(p.az4, &paz4, ecgroup);
+
+ /* Set q */
+ MP_CHECKOK(mp_set_int(&qz, 105));
+ ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(q.z, &qz, ecgroup);
+ mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
+ ecfp_i2fp(q.z2, &test, ecgroup);
+ mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
+ ecfp_i2fp(q.z3, &test, ecgroup);
+
+ /* Do calculation */
+ group->pt_add_jm_chud(&p, &q, &r, group);
+
+ /* Calculate addition to compare against */
+ ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+ ecgroup);
+ ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
+ &ix, &iy, &iz, ecgroup);
+ ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
+
+ MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Addition - Modified & Chudnovsky Jacobian\n");
+ else
+ printf("TEST FAILED - Point Addition - Modified & Chudnovsky Jacobian\n");
+
+ mp_clear(&qx);
+ mp_clear(&qy);
+ mp_clear(&qz);
+ mp_clear(&pz);
+ mp_clear(&paz4);
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&ix);
+ mp_clear(&iy);
+ mp_clear(&iz);
+ mp_clear(&test);
+
+ return res;
}
/* Tests point doubling in Modified Jacobian coordinates */
mp_err
testPointDoubleJm(ECGroup *ecgroup)
{
- mp_err res;
- mp_int pz, paz4, rx2, ry2, rz2, raz4;
- ecfp_jm_pt p, r;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- MP_DIGITS(&pz) = 0;
- MP_DIGITS(&paz4) = 0;
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&rz2) = 0;
- MP_DIGITS(&raz4) = 0;
-
- MP_CHECKOK(mp_init(&pz));
- MP_CHECKOK(mp_init(&paz4));
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&rz2));
- MP_CHECKOK(mp_init(&raz4));
-
- /* Set p */
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
-
- /* paz4 = az^4 */
- MP_CHECKOK(mp_set_int(&pz, 5));
- mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
- mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
- mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
-
- ecfp_i2fp(p.z, &pz, ecgroup);
- ecfp_i2fp(p.az4, &paz4, ecgroup);
-
- group->pt_dbl_jm(&p, &r, group);
-
- M_TimeOperation(group->pt_dbl_jm(&p, &r, group), 100000);
-
- /* Calculate doubling to compare against */
- ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
- &rz2, ecgroup);
- ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
-
- /* Do comparison and check az^4 */
- MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Doubling - Modified Jacobian\n");
- else
- printf("TEST FAILED - Point Doubling - Modified Jacobian\n");
- mp_clear(&pz);
- mp_clear(&paz4);
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&rz2);
- mp_clear(&raz4);
-
- return res;
-
+ mp_err res;
+ mp_int pz, paz4, rx2, ry2, rz2, raz4;
+ ecfp_jm_pt p, r;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ MP_DIGITS(&pz) = 0;
+ MP_DIGITS(&paz4) = 0;
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&rz2) = 0;
+ MP_DIGITS(&raz4) = 0;
+
+ MP_CHECKOK(mp_init(&pz));
+ MP_CHECKOK(mp_init(&paz4));
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&rz2));
+ MP_CHECKOK(mp_init(&raz4));
+
+ /* Set p */
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+ /* paz4 = az^4 */
+ MP_CHECKOK(mp_set_int(&pz, 5));
+ mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
+ mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
+ mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
+
+ ecfp_i2fp(p.z, &pz, ecgroup);
+ ecfp_i2fp(p.az4, &paz4, ecgroup);
+
+ group->pt_dbl_jm(&p, &r, group);
+
+ M_TimeOperation(group->pt_dbl_jm(&p, &r, group), 100000);
+
+ /* Calculate doubling to compare against */
+ ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+ &rz2, ecgroup);
+ ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+ /* Do comparison and check az^4 */
+ MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Doubling - Modified Jacobian\n");
+ else
+ printf("TEST FAILED - Point Doubling - Modified Jacobian\n");
+ mp_clear(&pz);
+ mp_clear(&paz4);
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&rz2);
+ mp_clear(&raz4);
+
+ return res;
}
/* Tests point doubling in Chudnovsky Jacobian coordinates */
mp_err
testPointDoubleChud(ECGroup *ecgroup)
{
- mp_err res;
- mp_int px, py, pz, rx2, ry2, rz2;
- ecfp_aff_pt p;
- ecfp_chud_pt p2;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&rz2) = 0;
- MP_DIGITS(&px) = 0;
- MP_DIGITS(&py) = 0;
- MP_DIGITS(&pz) = 0;
-
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&rz2));
- MP_CHECKOK(mp_init(&px));
- MP_CHECKOK(mp_init(&py));
- MP_CHECKOK(mp_init(&pz));
-
- /* Set p2 = 2P */
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
-
- group->pt_dbl_aff2chud(&p, &p2, group);
-
- /* Calculate doubling to compare against */
- MP_CHECKOK(mp_set_int(&pz, 1));
- ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
- &rz2, ecgroup);
- ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
-
- /* Do comparison and check az^4 */
- MP_CHECKOK(testChudPoint(&p2, &rx2, &ry2, ecgroup));
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Doubling - Chudnovsky Jacobian\n");
- else
- printf("TEST FAILED - Point Doubling - Chudnovsky Jacobian\n");
-
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&rz2);
- mp_clear(&px);
- mp_clear(&py);
- mp_clear(&pz);
-
- return res;
+ mp_err res;
+ mp_int px, py, pz, rx2, ry2, rz2;
+ ecfp_aff_pt p;
+ ecfp_chud_pt p2;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&rz2) = 0;
+ MP_DIGITS(&px) = 0;
+ MP_DIGITS(&py) = 0;
+ MP_DIGITS(&pz) = 0;
+
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&rz2));
+ MP_CHECKOK(mp_init(&px));
+ MP_CHECKOK(mp_init(&py));
+ MP_CHECKOK(mp_init(&pz));
+
+ /* Set p2 = 2P */
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+ group->pt_dbl_aff2chud(&p, &p2, group);
+
+ /* Calculate doubling to compare against */
+ MP_CHECKOK(mp_set_int(&pz, 1));
+ ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+ &rz2, ecgroup);
+ ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+ /* Do comparison and check az^4 */
+ MP_CHECKOK(testChudPoint(&p2, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Doubling - Chudnovsky Jacobian\n");
+ else
+ printf("TEST FAILED - Point Doubling - Chudnovsky Jacobian\n");
+
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&rz2);
+ mp_clear(&px);
+ mp_clear(&py);
+ mp_clear(&pz);
+
+ return res;
}
/* Test point doubling in Jacobian coordinates */
mp_err
testPointDoubleJac(ECGroup *ecgroup)
{
- mp_err res;
- mp_int pz, rx, ry, rz, rx2, ry2, rz2;
- ecfp_jac_pt p, p2;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- MP_DIGITS(&pz) = 0;
- MP_DIGITS(&rx) = 0;
- MP_DIGITS(&ry) = 0;
- MP_DIGITS(&rz) = 0;
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&rz2) = 0;
-
- MP_CHECKOK(mp_init(&pz));
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&rz));
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&rz2));
-
- MP_CHECKOK(mp_set_int(&pz, 5));
-
- /* Set p2 = 2P */
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(p.z, &pz, ecgroup);
- ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
-
- group->pt_dbl_jac(&p, &p2, group);
- M_TimeOperation(group->pt_dbl_jac(&p, &p2, group), 100000);
-
- /* Calculate doubling to compare against */
- ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
- &rz2, ecgroup);
- ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
-
- /* Do comparison */
- MP_CHECKOK(testJacPoint(&p2, &rx2, &ry2, ecgroup));
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Doubling - Jacobian\n");
- else
- printf("TEST FAILED - Point Doubling - Jacobian\n");
-
- mp_clear(&pz);
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&rz);
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&rz2);
-
- return res;
+ mp_err res;
+ mp_int pz, rx, ry, rz, rx2, ry2, rz2;
+ ecfp_jac_pt p, p2;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ MP_DIGITS(&pz) = 0;
+ MP_DIGITS(&rx) = 0;
+ MP_DIGITS(&ry) = 0;
+ MP_DIGITS(&rz) = 0;
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&rz2) = 0;
+
+ MP_CHECKOK(mp_init(&pz));
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&rz));
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&rz2));
+
+ MP_CHECKOK(mp_set_int(&pz, 5));
+
+ /* Set p2 = 2P */
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(p.z, &pz, ecgroup);
+ ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+ group->pt_dbl_jac(&p, &p2, group);
+ M_TimeOperation(group->pt_dbl_jac(&p, &p2, group), 100000);
+
+ /* Calculate doubling to compare against */
+ ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+ &rz2, ecgroup);
+ ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+ /* Do comparison */
+ MP_CHECKOK(testJacPoint(&p2, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Doubling - Jacobian\n");
+ else
+ printf("TEST FAILED - Point Doubling - Jacobian\n");
+
+ mp_clear(&pz);
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&rz);
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&rz2);
+
+ return res;
}
/* Tests a point multiplication (various algorithms) */
mp_err
testPointMul(ECGroup *ecgroup)
{
- mp_err res;
- char s[1000];
- mp_int rx, ry, order_1;
-
- /* Init */
- MP_DIGITS(&rx) = 0;
- MP_DIGITS(&ry) = 0;
- MP_DIGITS(&order_1) = 0;
-
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&order_1));
-
- MP_CHECKOK(mp_set_int(&order_1, 1));
- MP_CHECKOK(mp_sub(&ecgroup->order, &order_1, &order_1));
-
- /* Test Algorithm 1: Jacobian-Affine Double & Add */
- ec_GFp_pt_mul_jac_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
- &ry, ecgroup);
- MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
- if ((mp_cmp(&rx, &ecgroup->genx) != 0)
- || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
- printf
- (" Error: ec_GFp_pt_mul_jac_fp invalid result (expected (- base point)).\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("rx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- ec_GFp_pt_mul_jac_fp(&ecgroup->order, &ecgroup->genx, &ecgroup->geny,
- &rx, &ry, ecgroup);
- if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf
- (" Error: ec_GFp_pt_mul_jac_fp invalid result (expected point at infinity.\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("rx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* Test Algorithm 2: 4-bit Window in Jacobian */
- ec_GFp_point_mul_jac_4w_fp(&order_1, &ecgroup->genx, &ecgroup->geny,
- &rx, &ry, ecgroup);
- MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
- if ((mp_cmp(&rx, &ecgroup->genx) != 0)
- || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
- printf
- (" Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected (- base point)).\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("rx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- ec_GFp_point_mul_jac_4w_fp(&ecgroup->order, &ecgroup->genx,
- &ecgroup->geny, &rx, &ry, ecgroup);
- if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf
- (" Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected point at infinity.\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("rx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- /* Test Algorithm 3: wNAF with modified Jacobian coordinates */
- ec_GFp_point_mul_wNAF_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
- &ry, ecgroup);
- MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
- if ((mp_cmp(&rx, &ecgroup->genx) != 0)
- || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
- printf
- (" Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected (- base point)).\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("rx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- ec_GFp_point_mul_wNAF_fp(&ecgroup->order, &ecgroup->genx,
- &ecgroup->geny, &rx, &ry, ecgroup);
- if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf
- (" Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected point at infinity.\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf("rx %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf("ry %s\n", s);
- res = MP_NO;
- goto CLEANUP;
- }
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Multiplication\n");
- else
- printf("TEST FAILED - Point Multiplication\n");
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&order_1);
-
- return res;
+ mp_err res;
+ char s[1000];
+ mp_int rx, ry, order_1;
+
+ /* Init */
+ MP_DIGITS(&rx) = 0;
+ MP_DIGITS(&ry) = 0;
+ MP_DIGITS(&order_1) = 0;
+
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&order_1));
+
+ MP_CHECKOK(mp_set_int(&order_1, 1));
+ MP_CHECKOK(mp_sub(&ecgroup->order, &order_1, &order_1));
+
+ /* Test Algorithm 1: Jacobian-Affine Double & Add */
+ ec_GFp_pt_mul_jac_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
+ &ry, ecgroup);
+ MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+ if ((mp_cmp(&rx, &ecgroup->genx) != 0) || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+ printf(" Error: ec_GFp_pt_mul_jac_fp invalid result (expected (- base point)).\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("rx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ ec_GFp_pt_mul_jac_fp(&ecgroup->order, &ecgroup->genx, &ecgroup->geny,
+ &rx, &ry, ecgroup);
+ if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: ec_GFp_pt_mul_jac_fp invalid result (expected point at infinity.\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("rx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* Test Algorithm 2: 4-bit Window in Jacobian */
+ ec_GFp_point_mul_jac_4w_fp(&order_1, &ecgroup->genx, &ecgroup->geny,
+ &rx, &ry, ecgroup);
+ MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+ if ((mp_cmp(&rx, &ecgroup->genx) != 0) || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+ printf(" Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected (- base point)).\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("rx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ ec_GFp_point_mul_jac_4w_fp(&ecgroup->order, &ecgroup->genx,
+ &ecgroup->geny, &rx, &ry, ecgroup);
+ if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected point at infinity.\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("rx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ /* Test Algorithm 3: wNAF with modified Jacobian coordinates */
+ ec_GFp_point_mul_wNAF_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
+ &ry, ecgroup);
+ MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+ if ((mp_cmp(&rx, &ecgroup->genx) != 0) || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+ printf(" Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected (- base point)).\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("rx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ ec_GFp_point_mul_wNAF_fp(&ecgroup->order, &ecgroup->genx,
+ &ecgroup->geny, &rx, &ry, ecgroup);
+ if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected point at infinity.\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf("rx %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf("ry %s\n", s);
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Multiplication\n");
+ else
+ printf("TEST FAILED - Point Multiplication\n");
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&order_1);
+
+ return res;
}
/* Tests point multiplication with a random scalar repeatedly, comparing
@@ -857,192 +848,188 @@ testPointMul(ECGroup *ecgroup)
mp_err
testPointMulRandom(ECGroup *ecgroup)
{
- mp_err res;
- mp_int rx, ry, rx2, ry2, n;
- int i, size;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
-
- MP_DIGITS(&rx) = 0;
- MP_DIGITS(&ry) = 0;
- MP_DIGITS(&rx2) = 0;
- MP_DIGITS(&ry2) = 0;
- MP_DIGITS(&n) = 0;
-
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&rx2));
- MP_CHECKOK(mp_init(&ry2));
- MP_CHECKOK(mp_init(&n));
-
- for (i = 0; i < 100; i++) {
- /* compute random scalar */
- size = mpl_significant_bits(&ecgroup->meth->irr);
- if (size < MP_OKAY) {
- res = MP_NO;
- goto CLEANUP;
- }
- MP_CHECKOK(mpp_random_size(&n, group->orderBitSize));
- MP_CHECKOK(mp_mod(&n, &ecgroup->order, &n));
-
- ec_GFp_pt_mul_jac(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
- ecgroup);
- ec_GFp_pt_mul_jac_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx2,
- &ry2, ecgroup);
-
- if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
- printf
- (" Error: different results for Point Multiplication - Double & Add.\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- ec_GFp_point_mul_wNAF_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
- &ry, ecgroup);
- if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
- printf
- (" Error: different results for Point Multiplication - wNAF.\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- ec_GFp_point_mul_jac_4w_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
- &ry, ecgroup);
- if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
- printf
- (" Error: different results for Point Multiplication - 4 bit window.\n");
- res = MP_NO;
- goto CLEANUP;
- }
-
- }
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Random Multiplication\n");
- else
- printf("TEST FAILED - Point Random Multiplication\n");
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&rx2);
- mp_clear(&ry2);
- mp_clear(&n);
-
- return res;
+ mp_err res;
+ mp_int rx, ry, rx2, ry2, n;
+ int i, size;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+ MP_DIGITS(&rx) = 0;
+ MP_DIGITS(&ry) = 0;
+ MP_DIGITS(&rx2) = 0;
+ MP_DIGITS(&ry2) = 0;
+ MP_DIGITS(&n) = 0;
+
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&rx2));
+ MP_CHECKOK(mp_init(&ry2));
+ MP_CHECKOK(mp_init(&n));
+
+ for (i = 0; i < 100; i++) {
+ /* compute random scalar */
+ size = mpl_significant_bits(&ecgroup->meth->irr);
+ if (size < MP_OKAY) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(mpp_random_size(&n, group->orderBitSize));
+ MP_CHECKOK(mp_mod(&n, &ecgroup->order, &n));
+
+ ec_GFp_pt_mul_jac(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+ ecgroup);
+ ec_GFp_pt_mul_jac_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx2,
+ &ry2, ecgroup);
+
+ if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+ printf(" Error: different results for Point Multiplication - Double & Add.\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ ec_GFp_point_mul_wNAF_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
+ &ry, ecgroup);
+ if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+ printf(" Error: different results for Point Multiplication - wNAF.\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ ec_GFp_point_mul_jac_4w_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
+ &ry, ecgroup);
+ if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+ printf(" Error: different results for Point Multiplication - 4 bit window.\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+ }
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Random Multiplication\n");
+ else
+ printf("TEST FAILED - Point Random Multiplication\n");
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&rx2);
+ mp_clear(&ry2);
+ mp_clear(&n);
+
+ return res;
}
/* Tests the time required for a point multiplication */
mp_err
testPointMulTime(ECGroup *ecgroup)
{
- mp_err res = MP_OKAY;
- mp_int rx, ry, n;
- int size;
-
- MP_DIGITS(&rx) = 0;
- MP_DIGITS(&ry) = 0;
- MP_DIGITS(&n) = 0;
-
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&n));
-
- /* compute random scalar */
- size = mpl_significant_bits(&ecgroup->meth->irr);
- if (size < MP_OKAY) {
- res = MP_NO;
- goto CLEANUP;
- }
-
- MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
- MP_CHECKOK(ecgroup->meth->field_mod(&n, &n, ecgroup->meth));
-
- M_TimeOperation(ec_GFp_pt_mul_jac_fp
- (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
- ecgroup), 1000);
-
- M_TimeOperation(ec_GFp_point_mul_jac_4w_fp
- (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
- ecgroup), 1000);
-
- M_TimeOperation(ec_GFp_point_mul_wNAF_fp
- (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
- ecgroup), 1000);
-
- M_TimeOperation(ec_GFp_pt_mul_jac
- (&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
- ecgroup), 100);
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Point Multiplication Timing\n");
- else
- printf("TEST FAILED - Point Multiplication Timing\n");
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&n);
-
- return res;
+ mp_err res = MP_OKAY;
+ mp_int rx, ry, n;
+ int size;
+
+ MP_DIGITS(&rx) = 0;
+ MP_DIGITS(&ry) = 0;
+ MP_DIGITS(&n) = 0;
+
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&n));
+
+ /* compute random scalar */
+ size = mpl_significant_bits(&ecgroup->meth->irr);
+ if (size < MP_OKAY) {
+ res = MP_NO;
+ goto CLEANUP;
+ }
+
+ MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+ MP_CHECKOK(ecgroup->meth->field_mod(&n, &n, ecgroup->meth));
+
+ M_TimeOperation(ec_GFp_pt_mul_jac_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+ ecgroup),
+ 1000);
+
+ M_TimeOperation(ec_GFp_point_mul_jac_4w_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+ ecgroup),
+ 1000);
+
+ M_TimeOperation(ec_GFp_point_mul_wNAF_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+ ecgroup),
+ 1000);
+
+ M_TimeOperation(ec_GFp_pt_mul_jac(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+ ecgroup),
+ 100);
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Point Multiplication Timing\n");
+ else
+ printf("TEST FAILED - Point Multiplication Timing\n");
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&n);
+
+ return res;
}
/* Tests pre computation of Chudnovsky Jacobian points used in wNAF form */
mp_err
testPreCompute(ECGroup *ecgroup)
{
- ecfp_chud_pt precomp[16];
- ecfp_aff_pt p;
- EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
- int i;
- mp_err res;
-
- mp_int x, y, ny, x2, y2;
-
- MP_DIGITS(&x) = 0;
- MP_DIGITS(&y) = 0;
- MP_DIGITS(&ny) = 0;
- MP_DIGITS(&x2) = 0;
- MP_DIGITS(&y2) = 0;
-
- MP_CHECKOK(mp_init(&x));
- MP_CHECKOK(mp_init(&y));
- MP_CHECKOK(mp_init(&ny));
- MP_CHECKOK(mp_init(&x2));
- MP_CHECKOK(mp_init(&y2));
-
- ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
- ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
- ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
-
- /* Perform precomputation */
- group->precompute_chud(precomp, &p, group);
-
- M_TimeOperation(group->precompute_chud(precomp, &p, group), 10000);
-
- /* Calculate addition to compare against */
- MP_CHECKOK(mp_copy(&ecgroup->genx, &x));
- MP_CHECKOK(mp_copy(&ecgroup->geny, &y));
- MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
-
- ec_GFp_pt_dbl_aff(&x, &y, &x2, &y2, ecgroup);
-
- for (i = 0; i < 8; i++) {
- MP_CHECKOK(testChudPoint(&precomp[8 + i], &x, &y, ecgroup));
- MP_CHECKOK(testChudPoint(&precomp[7 - i], &x, &ny, ecgroup));
- ec_GFp_pt_add_aff(&x, &y, &x2, &y2, &x, &y, ecgroup);
- MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
- }
-
- CLEANUP:
- if (res == MP_OKAY)
- printf(" Test Passed - Precomputation\n");
- else
- printf("TEST FAILED - Precomputation\n");
-
- mp_clear(&x);
- mp_clear(&y);
- mp_clear(&ny);
- mp_clear(&x2);
- mp_clear(&y2);
- return res;
+ ecfp_chud_pt precomp[16];
+ ecfp_aff_pt p;
+ EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+ int i;
+ mp_err res;
+
+ mp_int x, y, ny, x2, y2;
+
+ MP_DIGITS(&x) = 0;
+ MP_DIGITS(&y) = 0;
+ MP_DIGITS(&ny) = 0;
+ MP_DIGITS(&x2) = 0;
+ MP_DIGITS(&y2) = 0;
+
+ MP_CHECKOK(mp_init(&x));
+ MP_CHECKOK(mp_init(&y));
+ MP_CHECKOK(mp_init(&ny));
+ MP_CHECKOK(mp_init(&x2));
+ MP_CHECKOK(mp_init(&y2));
+
+ ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+ ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+ ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+ /* Perform precomputation */
+ group->precompute_chud(precomp, &p, group);
+
+ M_TimeOperation(group->precompute_chud(precomp, &p, group), 10000);
+
+ /* Calculate addition to compare against */
+ MP_CHECKOK(mp_copy(&ecgroup->genx, &x));
+ MP_CHECKOK(mp_copy(&ecgroup->geny, &y));
+ MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
+
+ ec_GFp_pt_dbl_aff(&x, &y, &x2, &y2, ecgroup);
+
+ for (i = 0; i < 8; i++) {
+ MP_CHECKOK(testChudPoint(&precomp[8 + i], &x, &y, ecgroup));
+ MP_CHECKOK(testChudPoint(&precomp[7 - i], &x, &ny, ecgroup));
+ ec_GFp_pt_add_aff(&x, &y, &x2, &y2, &x, &y, ecgroup);
+ MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
+ }
+
+CLEANUP:
+ if (res == MP_OKAY)
+ printf(" Test Passed - Precomputation\n");
+ else
+ printf("TEST FAILED - Precomputation\n");
+
+ mp_clear(&x);
+ mp_clear(&y);
+ mp_clear(&ny);
+ mp_clear(&x2);
+ mp_clear(&y2);
+ return res;
}
/* Given a curve using floating point arithmetic, test it. This method
@@ -1050,39 +1037,39 @@ testPreCompute(ECGroup *ecgroup)
mp_err
testCurve(ECGroup *ecgroup)
{
- int res = MP_OKAY;
-
- MP_CHECKOK(testPointAddJacAff(ecgroup));
- MP_CHECKOK(testPointAddJac(ecgroup));
- MP_CHECKOK(testPointAddChud(ecgroup));
- MP_CHECKOK(testPointAddJmChud(ecgroup));
- MP_CHECKOK(testPointDoubleJac(ecgroup));
- MP_CHECKOK(testPointDoubleChud(ecgroup));
- MP_CHECKOK(testPointDoubleJm(ecgroup));
- MP_CHECKOK(testPreCompute(ecgroup));
- MP_CHECKOK(testPointMul(ecgroup));
- MP_CHECKOK(testPointMulRandom(ecgroup));
- MP_CHECKOK(testPointMulTime(ecgroup));
- CLEANUP:
- return res;
+ int res = MP_OKAY;
+
+ MP_CHECKOK(testPointAddJacAff(ecgroup));
+ MP_CHECKOK(testPointAddJac(ecgroup));
+ MP_CHECKOK(testPointAddChud(ecgroup));
+ MP_CHECKOK(testPointAddJmChud(ecgroup));
+ MP_CHECKOK(testPointDoubleJac(ecgroup));
+ MP_CHECKOK(testPointDoubleChud(ecgroup));
+ MP_CHECKOK(testPointDoubleJm(ecgroup));
+ MP_CHECKOK(testPreCompute(ecgroup));
+ MP_CHECKOK(testPointMul(ecgroup));
+ MP_CHECKOK(testPointMulRandom(ecgroup));
+ MP_CHECKOK(testPointMulTime(ecgroup));
+CLEANUP:
+ return res;
}
/* Tests a number of curves optimized using floating point arithmetic */
int
main(void)
{
- mp_err res = MP_OKAY;
- ECGroup *ecgroup = NULL;
-
- /* specific arithmetic tests */
- M_TestCurve("SECG-160R1", ECCurve_SECG_PRIME_160R1);
- M_TestCurve("SECG-192R1", ECCurve_SECG_PRIME_192R1);
- M_TestCurve("SEGC-224R1", ECCurve_SECG_PRIME_224R1);
-
- CLEANUP:
- ECGroup_free(ecgroup);
- if (res != MP_OKAY) {
- printf("Error: exiting with error value %i\n", res);
- }
- return res;
+ mp_err res = MP_OKAY;
+ ECGroup *ecgroup = NULL;
+
+ /* specific arithmetic tests */
+ M_TestCurve("SECG-160R1", ECCurve_SECG_PRIME_160R1);
+ M_TestCurve("SECG-192R1", ECCurve_SECG_PRIME_192R1);
+ M_TestCurve("SEGC-224R1", ECCurve_SECG_PRIME_224R1);
+
+CLEANUP:
+ ECGroup_free(ecgroup);
+ if (res != MP_OKAY) {
+ printf("Error: exiting with error value %i\n", res);
+ }
+ return res;
}
diff --git a/lib/freebl/ecl/tests/ecp_test.c b/lib/freebl/ecl/tests/ecp_test.c
index e9a448e00..949d8c832 100644
--- a/lib/freebl/ecl/tests/ecp_test.c
+++ b/lib/freebl/ecl/tests/ecp_test.c
@@ -17,336 +17,322 @@
#include <sys/resource.h>
/* Time k repetitions of operation op. */
-#define M_TimeOperation(op, k) { \
- double dStart, dNow, dUserTime; \
- struct rusage ru; \
- int i; \
- getrusage(RUSAGE_SELF, &ru); \
- dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- for (i = 0; i < k; i++) { \
- { op; } \
- }; \
- getrusage(RUSAGE_SELF, &ru); \
- dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
- dUserTime = dNow-dStart; \
- if (dUserTime) printf(" %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
-}
+#define M_TimeOperation(op, k) \
+ { \
+ double dStart, dNow, dUserTime; \
+ struct rusage ru; \
+ int i; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ for (i = 0; i < k; i++) { \
+ { \
+ op; \
+ } \
+ }; \
+ getrusage(RUSAGE_SELF, &ru); \
+ dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+ dUserTime = dNow - dStart; \
+ if (dUserTime) \
+ printf(" %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
+ }
/* Test curve using generic field arithmetic. */
-#define ECTEST_GENERIC_GFP(name_c, name) \
- printf("Testing %s using generic implementation...\n", name_c); \
- params = EC_GetNamedCurveParams(name); \
- if (params == NULL) { \
- printf(" Error: could not construct params.\n"); \
- res = MP_NO; \
- goto CLEANUP; \
- } \
- ECGroup_free(group); \
- group = ECGroup_fromHex(params); \
- if (group == NULL) { \
- printf(" Error: could not construct group.\n"); \
- res = MP_NO; \
- goto CLEANUP; \
- } \
- MP_CHECKOK( ectest_curve_GFp(group, ectestPrint, ectestTime, 1) ); \
- printf("... okay.\n");
+#define ECTEST_GENERIC_GFP(name_c, name) \
+ printf("Testing %s using generic implementation...\n", name_c); \
+ params = EC_GetNamedCurveParams(name); \
+ if (params == NULL) { \
+ printf(" Error: could not construct params.\n"); \
+ res = MP_NO; \
+ goto CLEANUP; \
+ } \
+ ECGroup_free(group); \
+ group = ECGroup_fromHex(params); \
+ if (group == NULL) { \
+ printf(" Error: could not construct group.\n"); \
+ res = MP_NO; \
+ goto CLEANUP; \
+ } \
+ MP_CHECKOK(ectest_curve_GFp(group, ectestPrint, ectestTime, 1)); \
+ printf("... okay.\n");
/* Test curve using specific field arithmetic. */
-#define ECTEST_NAMED_GFP(name_c, name) \
- printf("Testing %s using specific implementation...\n", name_c); \
- ECGroup_free(group); \
- group = ECGroup_fromName(name); \
- if (group == NULL) { \
- printf(" Warning: could not construct group.\n"); \
- printf("... failed; continuing with remaining tests.\n"); \
- } else { \
- MP_CHECKOK( ectest_curve_GFp(group, ectestPrint, ectestTime, 0) ); \
- printf("... okay.\n"); \
- }
+#define ECTEST_NAMED_GFP(name_c, name) \
+ printf("Testing %s using specific implementation...\n", name_c); \
+ ECGroup_free(group); \
+ group = ECGroup_fromName(name); \
+ if (group == NULL) { \
+ printf(" Warning: could not construct group.\n"); \
+ printf("... failed; continuing with remaining tests.\n"); \
+ } else { \
+ MP_CHECKOK(ectest_curve_GFp(group, ectestPrint, ectestTime, 0)); \
+ printf("... okay.\n"); \
+ }
/* Performs basic tests of elliptic curve cryptography over prime fields.
* If tests fail, then it prints an error message, aborts, and returns an
* error code. Otherwise, returns 0. */
int
ectest_curve_GFp(ECGroup *group, int ectestPrint, int ectestTime,
- int generic)
+ int generic)
{
- mp_int one, order_1, gx, gy, rx, ry, n;
- int size;
- mp_err res;
- char s[1000];
+ mp_int one, order_1, gx, gy, rx, ry, n;
+ int size;
+ mp_err res;
+ char s[1000];
- /* initialize values */
- MP_CHECKOK(mp_init(&one));
- MP_CHECKOK(mp_init(&order_1));
- MP_CHECKOK(mp_init(&gx));
- MP_CHECKOK(mp_init(&gy));
- MP_CHECKOK(mp_init(&rx));
- MP_CHECKOK(mp_init(&ry));
- MP_CHECKOK(mp_init(&n));
+ /* initialize values */
+ MP_CHECKOK(mp_init(&one));
+ MP_CHECKOK(mp_init(&order_1));
+ MP_CHECKOK(mp_init(&gx));
+ MP_CHECKOK(mp_init(&gy));
+ MP_CHECKOK(mp_init(&rx));
+ MP_CHECKOK(mp_init(&ry));
+ MP_CHECKOK(mp_init(&n));
- MP_CHECKOK(mp_set_int(&one, 1));
- MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
+ MP_CHECKOK(mp_set_int(&one, 1));
+ MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
- /* encode base point */
- if (group->meth->field_dec) {
- MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
- MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
- } else {
- MP_CHECKOK(mp_copy(&group->genx, &gx));
- MP_CHECKOK(mp_copy(&group->geny, &gy));
- }
- if (ectestPrint) {
- /* output base point */
- printf(" base point P:\n");
- MP_CHECKOK(mp_toradix(&gx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&gy, s, 16));
- printf(" %s\n", s);
- if (group->meth->field_enc) {
- printf(" base point P (encoded):\n");
- MP_CHECKOK(mp_toradix(&group->genx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&group->geny, s, 16));
- printf(" %s\n", s);
- }
- }
+ /* encode base point */
+ if (group->meth->field_dec) {
+ MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
+ MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
+ } else {
+ MP_CHECKOK(mp_copy(&group->genx, &gx));
+ MP_CHECKOK(mp_copy(&group->geny, &gy));
+ }
+ if (ectestPrint) {
+ /* output base point */
+ printf(" base point P:\n");
+ MP_CHECKOK(mp_toradix(&gx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&gy, s, 16));
+ printf(" %s\n", s);
+ if (group->meth->field_enc) {
+ printf(" base point P (encoded):\n");
+ MP_CHECKOK(mp_toradix(&group->genx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&group->geny, s, 16));
+ printf(" %s\n", s);
+ }
+ }
#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
- /* multiply base point by order - 1 and check for negative of base
- * point */
- MP_CHECKOK(ec_GFp_pt_mul_aff
- (&order_1, &group->genx, &group->geny, &rx, &ry, group));
- if (ectestPrint) {
- printf(" (order-1)*P (affine):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
- if ((mp_cmp(&rx, &group->genx) != 0)
- || (mp_cmp(&ry, &group->geny) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order - 1 and check for negative of base
+ * point */
+ MP_CHECKOK(ec_GFp_pt_mul_aff(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+ if (ectestPrint) {
+ printf(" (order-1)*P (affine):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
+ if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
- /* multiply base point by order - 1 and check for negative of base
- * point */
- MP_CHECKOK(ec_GFp_pt_mul_jac
- (&order_1, &group->genx, &group->geny, &rx, &ry, group));
- if (ectestPrint) {
- printf(" (order-1)*P (jacobian):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
- if ((mp_cmp(&rx, &group->genx) != 0)
- || (mp_cmp(&ry, &group->geny) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order - 1 and check for negative of base
+ * point */
+ MP_CHECKOK(ec_GFp_pt_mul_jac(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+ if (ectestPrint) {
+ printf(" (order-1)*P (jacobian):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
+ if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
- /* multiply base point by order - 1 and check for negative of base
- * point */
- MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
- if (ectestPrint) {
- printf(" (order-1)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
- if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order - 1 and check for negative of base
+ * point */
+ MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order-1)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+ if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
- /* multiply base point by order - 1 and check for negative of base
- * point */
- MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
- if (ectestPrint) {
- printf(" (order-1)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
- if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order - 1 and check for negative of base
+ * point */
+ MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order-1)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+ if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ec_GFp_pt_mul_aff
- (&group->order, &group->genx, &group->geny, &rx, &ry,
- group));
- if (ectestPrint) {
- printf(" (order)*P (affine):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ec_GFp_pt_mul_aff(&group->order, &group->genx, &group->geny, &rx, &ry,
+ group));
+ if (ectestPrint) {
+ printf(" (order)*P (affine):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ec_GFp_pt_mul_jac
- (&group->order, &group->genx, &group->geny, &rx, &ry,
- group));
- if (ectestPrint) {
- printf(" (order)*P (jacobian):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ec_GFp_pt_mul_jac(&group->order, &group->genx, &group->geny, &rx, &ry,
+ group));
+ if (ectestPrint) {
+ printf(" (order)*P (jacobian):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
#endif
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
- if (ectestPrint) {
- printf(" (order)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
- /* multiply base point by order and check for point at infinity */
- MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
- if (ectestPrint) {
- printf(" (order)*P (ECPoint_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
- printf(" Error: invalid result (expected point at infinity).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* multiply base point by order and check for point at infinity */
+ MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order)*P (ECPoint_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+ printf(" Error: invalid result (expected point at infinity).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
- /* check that (order-1)P + (order-1)P + P == (order-1)P */
- MP_CHECKOK(ECPoints_mul
- (group, &order_1, &order_1, &gx, &gy, &rx, &ry));
- MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
- if (ectestPrint) {
- printf
- (" (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
- MP_CHECKOK(mp_toradix(&rx, s, 16));
- printf(" %s\n", s);
- MP_CHECKOK(mp_toradix(&ry, s, 16));
- printf(" %s\n", s);
- }
- MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
- if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
- printf(" Error: invalid result (expected (- base point)).\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* check that (order-1)P + (order-1)P + P == (order-1)P */
+ MP_CHECKOK(ECPoints_mul(group, &order_1, &order_1, &gx, &gy, &rx, &ry));
+ MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
+ if (ectestPrint) {
+ printf(" (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
+ MP_CHECKOK(mp_toradix(&rx, s, 16));
+ printf(" %s\n", s);
+ MP_CHECKOK(mp_toradix(&ry, s, 16));
+ printf(" %s\n", s);
+ }
+ MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+ if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+ printf(" Error: invalid result (expected (- base point)).\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
- /* test validate_point function */
- if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
- printf(" Error: validate point on base point failed.\n");
- res = MP_NO;
- goto CLEANUP;
- }
- MP_CHECKOK(mp_add_d(&gy, 1, &ry));
- if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
- printf(" Error: validate point on invalid point passed.\n");
- res = MP_NO;
- goto CLEANUP;
- }
+ /* test validate_point function */
+ if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
+ printf(" Error: validate point on base point failed.\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
+ MP_CHECKOK(mp_add_d(&gy, 1, &ry));
+ if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
+ printf(" Error: validate point on invalid point passed.\n");
+ res = MP_NO;
+ goto CLEANUP;
+ }
- if (ectestTime) {
- /* compute random scalar */
- size = mpl_significant_bits(&group->meth->irr);
- if (size < MP_OKAY) {
- goto CLEANUP;
- }
- MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
- MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
- /* timed test */
- if (generic) {
+ if (ectestTime) {
+ /* compute random scalar */
+ size = mpl_significant_bits(&group->meth->irr);
+ if (size < MP_OKAY) {
+ goto CLEANUP;
+ }
+ MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+ MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
+ /* timed test */
+ if (generic) {
#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
- M_TimeOperation(MP_CHECKOK
- (ec_GFp_pt_mul_aff
- (&n, &group->genx, &group->geny, &rx, &ry,
- group)), 100);
+ M_TimeOperation(MP_CHECKOK(ec_GFp_pt_mul_aff(&n, &group->genx, &group->geny, &rx, &ry,
+ group)),
+ 100);
#endif
- M_TimeOperation(MP_CHECKOK
- (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
- 100);
- M_TimeOperation(MP_CHECKOK
- (ECPoints_mul
- (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
- } else {
- M_TimeOperation(MP_CHECKOK
- (ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
- 100);
- M_TimeOperation(MP_CHECKOK
- (ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
- 100);
- M_TimeOperation(MP_CHECKOK
- (ECPoints_mul
- (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
- }
- }
+ M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+ 100);
+ M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+ } else {
+ M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+ 100);
+ M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
+ 100);
+ M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+ }
+ }
- CLEANUP:
- mp_clear(&one);
- mp_clear(&order_1);
- mp_clear(&gx);
- mp_clear(&gy);
- mp_clear(&rx);
- mp_clear(&ry);
- mp_clear(&n);
- if (res != MP_OKAY) {
- printf(" Error: exiting with error value %i\n", res);
- }
- return res;
+CLEANUP:
+ mp_clear(&one);
+ mp_clear(&order_1);
+ mp_clear(&gx);
+ mp_clear(&gy);
+ mp_clear(&rx);
+ mp_clear(&ry);
+ mp_clear(&n);
+ if (res != MP_OKAY) {
+ printf(" Error: exiting with error value %i\n", res);
+ }
+ return res;
}
/* Prints help information. */
void
printUsage()
{
- printf("Usage: ecp_test [--print] [--time]\n");
- printf
- (" --print Print out results of each point arithmetic test.\n");
- printf
- (" --time Benchmark point operations and print results.\n");
+ printf("Usage: ecp_test [--print] [--time]\n");
+ printf(" --print Print out results of each point arithmetic test.\n");
+ printf(" --time Benchmark point operations and print results.\n");
}
/* Performs tests of elliptic curve cryptography over prime fields If
@@ -356,71 +342,67 @@ int
main(int argv, char **argc)
{
- int ectestTime = 0;
- int ectestPrint = 0;
- int i;
- ECGroup *group = NULL;
- ECCurveParams *params = NULL;
- mp_err res;
+ int ectestTime = 0;
+ int ectestPrint = 0;
+ int i;
+ ECGroup *group = NULL;
+ ECCurveParams *params = NULL;
+ mp_err res;
- /* read command-line arguments */
- for (i = 1; i < argv; i++) {
- if ((strcasecmp(argc[i], "time") == 0)
- || (strcasecmp(argc[i], "-time") == 0)
- || (strcasecmp(argc[i], "--time") == 0)) {
- ectestTime = 1;
- } else if ((strcasecmp(argc[i], "print") == 0)
- || (strcasecmp(argc[i], "-print") == 0)
- || (strcasecmp(argc[i], "--print") == 0)) {
- ectestPrint = 1;
- } else {
- printUsage();
- return 0;
- }
- }
+ /* read command-line arguments */
+ for (i = 1; i < argv; i++) {
+ if ((strcasecmp(argc[i], "time") == 0) || (strcasecmp(argc[i], "-time") == 0) || (strcasecmp(argc[i], "--time") == 0)) {
+ ectestTime = 1;
+ } else if ((strcasecmp(argc[i], "print") == 0) || (strcasecmp(argc[i], "-print") == 0) || (strcasecmp(argc[i], "--print") == 0)) {
+ ectestPrint = 1;
+ } else {
+ printUsage();
+ return 0;
+ }
+ }
- /* generic arithmetic tests */
- ECTEST_GENERIC_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
+ /* generic arithmetic tests */
+ ECTEST_GENERIC_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
- /* specific arithmetic tests */
- ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
- ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
- ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
- ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
- ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
- ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
- ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
- ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
- ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
- ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
- ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
- ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
- ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
- ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
- ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
- ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
- ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
- ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
- ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
- ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1);
- ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
- ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
- ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
- ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
- ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
- ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
- ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
- ECTEST_NAMED_GFP("WTLS-6 (112)", ECCurve_WTLS_6);
- ECTEST_NAMED_GFP("WTLS-7 (160)", ECCurve_WTLS_7);
- ECTEST_NAMED_GFP("WTLS-8 (112)", ECCurve_WTLS_8);
- ECTEST_NAMED_GFP("WTLS-9 (160)", ECCurve_WTLS_9);
- ECTEST_NAMED_GFP("WTLS-12 (224)", ECCurve_WTLS_12);
+ /* specific arithmetic tests */
+ ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
+ ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
+ ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
+ ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
+ ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
+ ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
+ ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
+ ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
+ ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
+ ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
+ ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
+ ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
+ ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
+ ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
+ ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
+ ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
+ ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
+ ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
+ ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
+ ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1);
+ ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
+ ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
+ ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
+ ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
+ ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
+ ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
+ ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
+ ECTEST_NAMED_GFP("WTLS-6 (112)", ECCurve_WTLS_6);
+ ECTEST_NAMED_GFP("WTLS-7 (160)", ECCurve_WTLS_7);
+ ECTEST_NAMED_GFP("WTLS-8 (112)", ECCurve_WTLS_8);
+ ECTEST_NAMED_GFP("WTLS-9 (160)", ECCurve_WTLS_9);
+ ECTEST_NAMED_GFP("WTLS-12 (224)", ECCurve_WTLS_12);
- CLEANUP:
- EC_FreeCurveParams(params);
- ECGroup_free(group);
- if (res != MP_OKAY) {
- printf("Error: exiting with error value %i\n", res);
- }
- return res;
+CLEANUP:
+ EC_FreeCurveParams(params);
+ ECGroup_free(group);
+ if (res != MP_OKAY) {
+ printf("Error: exiting with error value %i\n", res);
+ }
+ return res;
}
diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
index 75cc26777..e0b2c09fd 100644
--- a/lib/freebl/fipsfreebl.c
+++ b/lib/freebl/fipsfreebl.c
@@ -11,12 +11,12 @@
#endif
#include "blapi.h"
-#include "seccomon.h" /* Required for RSA and DSA. */
+#include "seccomon.h" /* Required for RSA and DSA. */
#include "secerr.h"
#include "prtypes.h"
#ifdef NSS_ENABLE_ECC
-#include "ec.h" /* Required for ECDSA */
+#include "ec.h" /* Required for ECDSA */
#endif
/*
@@ -31,7 +31,6 @@
#pragma init(bl_startup_tests)
#endif
-
/* GCC Attribute */
#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT)
#define INIT_FUNCTION __attribute__((constructor))
@@ -41,110 +40,100 @@
static void INIT_FUNCTION bl_startup_tests(void);
-
/* Windows pre-defined entry */
#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
#include <windows.h>
BOOL WINAPI DllMain(
- HINSTANCE hinstDLL, // handle to DLL module
- DWORD fdwReason, // reason for calling function
- LPVOID lpReserved ) // reserved
+ HINSTANCE hinstDLL, // handle to DLL module
+ DWORD fdwReason, // reason for calling function
+ LPVOID lpReserved) // reserved
{
// Perform actions based on the reason for calling.
- switch( fdwReason )
- {
+ switch (fdwReason) {
case DLL_PROCESS_ATTACH:
- // Initialize once for each new process.
- // Return FALSE to fail DLL load.
- bl_startup_tests();
+ // Initialize once for each new process.
+ // Return FALSE to fail DLL load.
+ bl_startup_tests();
break;
case DLL_THREAD_ATTACH:
- // Do thread-specific initialization.
+ // Do thread-specific initialization.
break;
case DLL_THREAD_DETACH:
- // Do thread-specific cleanup.
+ // Do thread-specific cleanup.
break;
case DLL_PROCESS_DETACH:
- // Perform any necessary cleanup.
+ // Perform any necessary cleanup.
break;
}
- return TRUE; // Successful DLL_PROCESS_ATTACH.
+ return TRUE; // Successful DLL_PROCESS_ATTACH.
}
#endif
/* insert other platform dependent init entry points here, or modify
* the linker line */
-
/* FIPS preprocessor directives for RC2-ECB and RC2-CBC. */
-#define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
-#define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
-
+#define FIPS_RC2_KEY_LENGTH 5 /* 40-bits */
+#define FIPS_RC2_ENCRYPT_LENGTH 8 /* 64-bits */
+#define FIPS_RC2_DECRYPT_LENGTH 8 /* 64-bits */
/* FIPS preprocessor directives for RC4. */
-#define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
-#define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
-
+#define FIPS_RC4_KEY_LENGTH 5 /* 40-bits */
+#define FIPS_RC4_ENCRYPT_LENGTH 8 /* 64-bits */
+#define FIPS_RC4_DECRYPT_LENGTH 8 /* 64-bits */
/* FIPS preprocessor directives for DES-ECB and DES-CBC. */
-#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
-
+#define FIPS_DES_ENCRYPT_LENGTH 8 /* 64-bits */
+#define FIPS_DES_DECRYPT_LENGTH 8 /* 64-bits */
/* FIPS preprocessor directives for DES3-CBC and DES3-ECB. */
-#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
-#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
-
+#define FIPS_DES3_ENCRYPT_LENGTH 8 /* 64-bits */
+#define FIPS_DES3_DECRYPT_LENGTH 8 /* 64-bits */
/* FIPS preprocessor directives for AES-ECB and AES-CBC. */
-#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
-#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
-#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
-#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
-#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
-#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
-
+#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
+#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
+#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
+#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
+#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
+#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
/* FIPS preprocessor directives for message digests */
-#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
-
+#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
/* FIPS preprocessor directives for RSA. */
-#define FIPS_RSA_TYPE siBuffer
-#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
-#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
-#define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */
-#define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */
-#define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */
-#define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */
-#define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */
-#define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */
-#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
-#define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */
-#define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */
-#define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */
-#define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */
-
+#define FIPS_RSA_TYPE siBuffer
+#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
+#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
+#define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_COEFFICIENT_LENGTH 128 /* 1024-bits */
+#define FIPS_RSA_PRIME0_LENGTH 128 /* 1024-bits */
+#define FIPS_RSA_PRIME1_LENGTH 128 /* 1024-bits */
+#define FIPS_RSA_EXPONENT0_LENGTH 128 /* 1024-bits */
+#define FIPS_RSA_EXPONENT1_LENGTH 128 /* 1024-bits */
+#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_ENCRYPT_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_DECRYPT_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_SIGNATURE_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_MODULUS_LENGTH 256 /* 2048-bits */
/* FIPS preprocessor directives for DSA. */
-#define FIPS_DSA_TYPE siBuffer
-#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
-#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
-#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
-#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
-#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
+#define FIPS_DSA_TYPE siBuffer
+#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
+#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
+#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
+#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
+#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
/* FIPS preprocessor directives for RNG. */
-#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
+#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
static SECStatus
-freebl_fips_DES3_PowerUpSelfTest( void )
+freebl_fips_DES3_PowerUpSelfTest(void)
{
/* DES3 Known Key (56-bits). */
static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
@@ -158,146 +147,143 @@ freebl_fips_DES3_PowerUpSelfTest( void )
/* DES3 Known Ciphertext (64-bits). */
static const PRUint8 des3_ecb_known_ciphertext[] = {
- 0x55,0x8e,0xad,0x3c,0xee,0x49,0x69,0xbe};
+ 0x55, 0x8e, 0xad, 0x3c, 0xee, 0x49, 0x69, 0xbe
+ };
static const PRUint8 des3_cbc_known_ciphertext[] = {
- 0x43,0xdc,0x6a,0xc1,0xaf,0xa6,0x32,0xf5};
+ 0x43, 0xdc, 0x6a, 0xc1, 0xaf, 0xa6, 0x32, 0xf5
+ };
/* DES3 variables. */
- PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
- PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
- DESContext * des3_context;
- unsigned int des3_bytes_encrypted;
- unsigned int des3_bytes_decrypted;
- SECStatus des3_status;
-
+ PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
+ PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
+ DESContext *des3_context;
+ unsigned int des3_bytes_encrypted;
+ unsigned int des3_bytes_decrypted;
+ SECStatus des3_status;
/*******************************************************/
/* DES3-ECB Single-Round Known Answer Encryption Test. */
/*******************************************************/
- des3_context = DES_CreateContext( des3_known_key, NULL,
- NSS_DES_EDE3, PR_TRUE );
+ des3_context = DES_CreateContext(des3_known_key, NULL,
+ NSS_DES_EDE3, PR_TRUE);
- if( des3_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (des3_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
- &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
- des3_ecb_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH );
+ des3_status = DES_Encrypt(des3_context, des3_computed_ciphertext,
+ &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
+ des3_ecb_known_plaintext,
+ FIPS_DES3_DECRYPT_LENGTH);
- DES_DestroyContext( des3_context, PR_TRUE );
+ DES_DestroyContext(des3_context, PR_TRUE);
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_ciphertext, des3_ecb_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((des3_status != SECSuccess) ||
+ (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) ||
+ (PORT_Memcmp(des3_computed_ciphertext, des3_ecb_known_ciphertext,
+ FIPS_DES3_ENCRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
-
/*******************************************************/
/* DES3-ECB Single-Round Known Answer Decryption Test. */
/*******************************************************/
- des3_context = DES_CreateContext( des3_known_key, NULL,
- NSS_DES_EDE3, PR_FALSE );
+ des3_context = DES_CreateContext(des3_known_key, NULL,
+ NSS_DES_EDE3, PR_FALSE);
- if( des3_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (des3_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
- &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
- des3_ecb_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH );
+ des3_status = DES_Decrypt(des3_context, des3_computed_plaintext,
+ &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
+ des3_ecb_known_ciphertext,
+ FIPS_DES3_ENCRYPT_LENGTH);
- DES_DestroyContext( des3_context, PR_TRUE );
+ DES_DestroyContext(des3_context, PR_TRUE);
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_plaintext, des3_ecb_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((des3_status != SECSuccess) ||
+ (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) ||
+ (PORT_Memcmp(des3_computed_plaintext, des3_ecb_known_plaintext,
+ FIPS_DES3_DECRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
-
/*******************************************************/
/* DES3-CBC Single-Round Known Answer Encryption Test. */
/*******************************************************/
- des3_context = DES_CreateContext( des3_known_key,
- des3_cbc_known_initialization_vector,
- NSS_DES_EDE3_CBC, PR_TRUE );
+ des3_context = DES_CreateContext(des3_known_key,
+ des3_cbc_known_initialization_vector,
+ NSS_DES_EDE3_CBC, PR_TRUE);
- if( des3_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (des3_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- des3_status = DES_Encrypt( des3_context, des3_computed_ciphertext,
- &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
- des3_cbc_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH );
+ des3_status = DES_Encrypt(des3_context, des3_computed_ciphertext,
+ &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
+ des3_cbc_known_plaintext,
+ FIPS_DES3_DECRYPT_LENGTH);
- DES_DestroyContext( des3_context, PR_TRUE );
+ DES_DestroyContext(des3_context, PR_TRUE);
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_ciphertext, des3_cbc_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((des3_status != SECSuccess) ||
+ (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) ||
+ (PORT_Memcmp(des3_computed_ciphertext, des3_cbc_known_ciphertext,
+ FIPS_DES3_ENCRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
-
/*******************************************************/
/* DES3-CBC Single-Round Known Answer Decryption Test. */
/*******************************************************/
- des3_context = DES_CreateContext( des3_known_key,
- des3_cbc_known_initialization_vector,
- NSS_DES_EDE3_CBC, PR_FALSE );
+ des3_context = DES_CreateContext(des3_known_key,
+ des3_cbc_known_initialization_vector,
+ NSS_DES_EDE3_CBC, PR_FALSE);
- if( des3_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (des3_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- des3_status = DES_Decrypt( des3_context, des3_computed_plaintext,
- &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
- des3_cbc_known_ciphertext,
- FIPS_DES3_ENCRYPT_LENGTH );
+ des3_status = DES_Decrypt(des3_context, des3_computed_plaintext,
+ &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
+ des3_cbc_known_ciphertext,
+ FIPS_DES3_ENCRYPT_LENGTH);
- DES_DestroyContext( des3_context, PR_TRUE );
+ DES_DestroyContext(des3_context, PR_TRUE);
- if( ( des3_status != SECSuccess ) ||
- ( des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( des3_computed_plaintext, des3_cbc_known_plaintext,
- FIPS_DES3_DECRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((des3_status != SECSuccess) ||
+ (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) ||
+ (PORT_Memcmp(des3_computed_plaintext, des3_cbc_known_plaintext,
+ FIPS_DES3_DECRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
- return( SECSuccess );
+ return (SECSuccess);
}
-
/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
static SECStatus
-freebl_fips_AES_PowerUpSelfTest( int aes_key_size )
+freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
{
/* AES Known Key (up to 256-bits). */
- static const PRUint8 aes_known_key[] =
+ static const PRUint8 aes_known_key[] =
{ "AES-128 RIJNDAELLEADNJIR 821-SEA" };
/* AES-CBC Known Initialization Vector (128-bits). */
- static const PRUint8 aes_cbc_known_initialization_vector[] =
+ static const PRUint8 aes_cbc_known_initialization_vector[] =
{ "SecurityytiruceS" };
/* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
@@ -305,245 +291,248 @@ freebl_fips_AES_PowerUpSelfTest( int aes_key_size )
/* AES Known Ciphertext (128-bit key). */
static const PRUint8 aes_ecb128_known_ciphertext[] = {
- 0x3c,0xa5,0x96,0xf3,0x34,0x6a,0x96,0xc1,
- 0x03,0x88,0x16,0x7b,0x20,0xbf,0x35,0x47 };
+ 0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
+ 0x03, 0x88, 0x16, 0x7b, 0x20, 0xbf, 0x35, 0x47
+ };
- static const PRUint8 aes_cbc128_known_ciphertext[] = {
- 0xcf,0x15,0x1d,0x4f,0x96,0xe4,0x4f,0x63,
- 0x15,0x54,0x14,0x1d,0x4e,0xd8,0xd5,0xea };
+ static const PRUint8 aes_cbc128_known_ciphertext[] = {
+ 0xcf, 0x15, 0x1d, 0x4f, 0x96, 0xe4, 0x4f, 0x63,
+ 0x15, 0x54, 0x14, 0x1d, 0x4e, 0xd8, 0xd5, 0xea
+ };
/* AES Known Ciphertext (192-bit key). */
- static const PRUint8 aes_ecb192_known_ciphertext[] = {
- 0xa0,0x18,0x62,0xed,0x88,0x19,0xcb,0x62,
- 0x88,0x1d,0x4d,0xfe,0x84,0x02,0x89,0x0e };
+ static const PRUint8 aes_ecb192_known_ciphertext[] = {
+ 0xa0, 0x18, 0x62, 0xed, 0x88, 0x19, 0xcb, 0x62,
+ 0x88, 0x1d, 0x4d, 0xfe, 0x84, 0x02, 0x89, 0x0e
+ };
- static const PRUint8 aes_cbc192_known_ciphertext[] = {
- 0x83,0xf7,0xa4,0x76,0xd1,0x6f,0x07,0xbe,
- 0x07,0xbc,0x43,0x2f,0x6d,0xad,0x29,0xe1 };
+ static const PRUint8 aes_cbc192_known_ciphertext[] = {
+ 0x83, 0xf7, 0xa4, 0x76, 0xd1, 0x6f, 0x07, 0xbe,
+ 0x07, 0xbc, 0x43, 0x2f, 0x6d, 0xad, 0x29, 0xe1
+ };
/* AES Known Ciphertext (256-bit key). */
- static const PRUint8 aes_ecb256_known_ciphertext[] = {
- 0xdb,0xa6,0x52,0x01,0x8a,0x70,0xae,0x66,
- 0x3a,0x99,0xd8,0x95,0x7f,0xfb,0x01,0x67 };
-
- static const PRUint8 aes_cbc256_known_ciphertext[] = {
- 0x37,0xea,0x07,0x06,0x31,0x1c,0x59,0x27,
- 0xc5,0xc5,0x68,0x71,0x6e,0x34,0x40,0x16 };
+ static const PRUint8 aes_ecb256_known_ciphertext[] = {
+ 0xdb, 0xa6, 0x52, 0x01, 0x8a, 0x70, 0xae, 0x66,
+ 0x3a, 0x99, 0xd8, 0x95, 0x7f, 0xfb, 0x01, 0x67
+ };
+
+ static const PRUint8 aes_cbc256_known_ciphertext[] = {
+ 0x37, 0xea, 0x07, 0x06, 0x31, 0x1c, 0x59, 0x27,
+ 0xc5, 0xc5, 0x68, 0x71, 0x6e, 0x34, 0x40, 0x16
+ };
const PRUint8 *aes_ecb_known_ciphertext =
- ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext :
- ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext :
- aes_ecb256_known_ciphertext;
+ (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext;
const PRUint8 *aes_cbc_known_ciphertext =
- ( aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext :
- ( aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext :
- aes_cbc256_known_ciphertext;
+ (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext : aes_cbc256_known_ciphertext;
/* AES variables. */
- PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
- PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
- AESContext * aes_context;
- unsigned int aes_bytes_encrypted;
- unsigned int aes_bytes_decrypted;
- SECStatus aes_status;
+ PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
+ PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
+ AESContext *aes_context;
+ unsigned int aes_bytes_encrypted;
+ unsigned int aes_bytes_decrypted;
+ SECStatus aes_status;
/*check if aes_key_size is 128, 192, or 256 bits */
- if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
- (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
- (aes_key_size != FIPS_AES_256_KEY_SIZE)) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
+ (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
+ (aes_key_size != FIPS_AES_256_KEY_SIZE)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/******************************************************/
/* AES-ECB Single-Round Known Answer Encryption Test: */
/******************************************************/
- aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_TRUE,
- aes_key_size, FIPS_AES_BLOCK_SIZE );
+ aes_context = AES_CreateContext(aes_known_key, NULL, NSS_AES, PR_TRUE,
+ aes_key_size, FIPS_AES_BLOCK_SIZE);
- if( aes_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (aes_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
- &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
- aes_known_plaintext,
- FIPS_AES_DECRYPT_LENGTH );
-
- AES_DestroyContext( aes_context, PR_TRUE );
-
- if( ( aes_status != SECSuccess ) ||
- ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( aes_computed_ciphertext, aes_ecb_known_ciphertext,
- FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
- }
+ aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext,
+ &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
+ aes_known_plaintext,
+ FIPS_AES_DECRYPT_LENGTH);
+ AES_DestroyContext(aes_context, PR_TRUE);
+
+ if ((aes_status != SECSuccess) ||
+ (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) ||
+ (PORT_Memcmp(aes_computed_ciphertext, aes_ecb_known_ciphertext,
+ FIPS_AES_ENCRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
+ }
/******************************************************/
/* AES-ECB Single-Round Known Answer Decryption Test: */
/******************************************************/
- aes_context = AES_CreateContext( aes_known_key, NULL, NSS_AES, PR_FALSE,
- aes_key_size, FIPS_AES_BLOCK_SIZE );
+ aes_context = AES_CreateContext(aes_known_key, NULL, NSS_AES, PR_FALSE,
+ aes_key_size, FIPS_AES_BLOCK_SIZE);
- if( aes_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (aes_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
- &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
- aes_ecb_known_ciphertext,
- FIPS_AES_ENCRYPT_LENGTH );
+ aes_status = AES_Decrypt(aes_context, aes_computed_plaintext,
+ &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
+ aes_ecb_known_ciphertext,
+ FIPS_AES_ENCRYPT_LENGTH);
- AES_DestroyContext( aes_context, PR_TRUE );
+ AES_DestroyContext(aes_context, PR_TRUE);
- if( ( aes_status != SECSuccess ) ||
- ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
- FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((aes_status != SECSuccess) ||
+ (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) ||
+ (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext,
+ FIPS_AES_DECRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
-
/******************************************************/
/* AES-CBC Single-Round Known Answer Encryption Test. */
/******************************************************/
- aes_context = AES_CreateContext( aes_known_key,
- aes_cbc_known_initialization_vector,
- NSS_AES_CBC, PR_TRUE, aes_key_size,
- FIPS_AES_BLOCK_SIZE );
+ aes_context = AES_CreateContext(aes_known_key,
+ aes_cbc_known_initialization_vector,
+ NSS_AES_CBC, PR_TRUE, aes_key_size,
+ FIPS_AES_BLOCK_SIZE);
- if( aes_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (aes_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- aes_status = AES_Encrypt( aes_context, aes_computed_ciphertext,
- &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
- aes_known_plaintext,
- FIPS_AES_DECRYPT_LENGTH );
+ aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext,
+ &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
+ aes_known_plaintext,
+ FIPS_AES_DECRYPT_LENGTH);
- AES_DestroyContext( aes_context, PR_TRUE );
+ AES_DestroyContext(aes_context, PR_TRUE);
- if( ( aes_status != SECSuccess ) ||
- ( aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH ) ||
- ( PORT_Memcmp( aes_computed_ciphertext, aes_cbc_known_ciphertext,
- FIPS_AES_ENCRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((aes_status != SECSuccess) ||
+ (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) ||
+ (PORT_Memcmp(aes_computed_ciphertext, aes_cbc_known_ciphertext,
+ FIPS_AES_ENCRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
-
/******************************************************/
/* AES-CBC Single-Round Known Answer Decryption Test. */
/******************************************************/
- aes_context = AES_CreateContext( aes_known_key,
- aes_cbc_known_initialization_vector,
- NSS_AES_CBC, PR_FALSE, aes_key_size,
- FIPS_AES_BLOCK_SIZE );
+ aes_context = AES_CreateContext(aes_known_key,
+ aes_cbc_known_initialization_vector,
+ NSS_AES_CBC, PR_FALSE, aes_key_size,
+ FIPS_AES_BLOCK_SIZE);
- if( aes_context == NULL ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (aes_context == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
- aes_status = AES_Decrypt( aes_context, aes_computed_plaintext,
- &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
- aes_cbc_known_ciphertext,
- FIPS_AES_ENCRYPT_LENGTH );
+ aes_status = AES_Decrypt(aes_context, aes_computed_plaintext,
+ &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
+ aes_cbc_known_ciphertext,
+ FIPS_AES_ENCRYPT_LENGTH);
- AES_DestroyContext( aes_context, PR_TRUE );
+ AES_DestroyContext(aes_context, PR_TRUE);
- if( ( aes_status != SECSuccess ) ||
- ( aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH ) ||
- ( PORT_Memcmp( aes_computed_plaintext, aes_known_plaintext,
- FIPS_AES_DECRYPT_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((aes_status != SECSuccess) ||
+ (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) ||
+ (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext,
+ FIPS_AES_DECRYPT_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
- return( SECSuccess );
+ return (SECSuccess);
}
/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
static const PRUint8 known_hash_message[] = {
- "The test message for the MD2, MD5, and SHA-1 hashing algorithms." };
+ "The test message for the MD2, MD5, and SHA-1 hashing algorithms."
+};
/****************************************************/
/* Single Round HMAC SHA-X test */
/****************************************************/
static SECStatus
freebl_fips_HMAC(unsigned char *hmac_computed,
- const PRUint8 *secret_key,
- unsigned int secret_key_length,
- const PRUint8 *message,
- unsigned int message_length,
- HASH_HashType hashAlg )
+ const PRUint8 *secret_key,
+ unsigned int secret_key_length,
+ const PRUint8 *message,
+ unsigned int message_length,
+ HASH_HashType hashAlg)
{
SECStatus hmac_status = SECFailure;
HMACContext *cx = NULL;
SECHashObject *hashObj = NULL;
unsigned int bytes_hashed = 0;
- hashObj = (SECHashObject *) HASH_GetRawHashObject(hashAlg);
-
- if (!hashObj)
- return( SECFailure );
+ hashObj = (SECHashObject *)HASH_GetRawHashObject(hashAlg);
+
+ if (!hashObj)
+ return (SECFailure);
- cx = HMAC_Create(hashObj, secret_key,
- secret_key_length,
- PR_TRUE); /* PR_TRUE for in FIPS mode */
+ cx = HMAC_Create(hashObj, secret_key,
+ secret_key_length,
+ PR_TRUE); /* PR_TRUE for in FIPS mode */
- if (cx == NULL)
- return( SECFailure );
+ if (cx == NULL)
+ return (SECFailure);
HMAC_Begin(cx);
HMAC_Update(cx, message, message_length);
- hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
+ hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
hashObj->length);
HMAC_Destroy(cx, PR_TRUE);
- return( hmac_status );
+ return (hmac_status);
}
static SECStatus
-freebl_fips_HMAC_PowerUpSelfTest( void )
+freebl_fips_HMAC_PowerUpSelfTest(void)
{
static const PRUint8 HMAC_known_secret_key[] = {
- "Firefox and ThunderBird are awesome!"};
+ "Firefox and ThunderBird are awesome!"
+ };
- static const PRUint8 HMAC_known_secret_key_length
- = sizeof HMAC_known_secret_key;
+ static const PRUint8 HMAC_known_secret_key_length = sizeof HMAC_known_secret_key;
/* known SHA1 hmac (20 bytes) */
static const PRUint8 known_SHA1_hmac[] = {
- 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
- 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
- 0x5d, 0x0e, 0x1e, 0x11};
+ 0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
+ 0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
+ 0x5d, 0x0e, 0x1e, 0x11
+ };
/* known SHA224 hmac (28 bytes) */
static const PRUint8 known_SHA224_hmac[] = {
- 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
+ 0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
- 0x9a, 0xb8, 0x98, 0x4e};
+ 0x9a, 0xb8, 0x98, 0x4e
+ };
/* known SHA256 hmac (32 bytes) */
static const PRUint8 known_SHA256_hmac[] = {
- 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
- 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
- 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
- 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48};
+ 0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
+ 0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
+ 0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
+ 0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48
+ };
/* known SHA384 hmac (48 bytes) */
static const PRUint8 known_SHA384_hmac[] = {
@@ -552,7 +541,8 @@ freebl_fips_HMAC_PowerUpSelfTest( void )
0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
- 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87};
+ 0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87
+ };
/* known SHA512 hmac (64 bytes) */
static const PRUint8 known_SHA512_hmac[] = {
@@ -563,63 +553,64 @@ freebl_fips_HMAC_PowerUpSelfTest( void )
0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
- 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37};
+ 0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37
+ };
- SECStatus hmac_status;
- PRUint8 hmac_computed[HASH_LENGTH_MAX];
+ SECStatus hmac_status;
+ PRUint8 hmac_computed[HASH_LENGTH_MAX];
/***************************************************/
/* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
/***************************************************/
- hmac_status = freebl_fips_HMAC(hmac_computed,
- HMAC_known_secret_key,
- HMAC_known_secret_key_length,
- known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH,
- HASH_AlgSHA1);
-
- if( ( hmac_status != SECSuccess ) ||
- ( PORT_Memcmp( hmac_computed, known_SHA1_hmac,
- SHA1_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ hmac_status = freebl_fips_HMAC(hmac_computed,
+ HMAC_known_secret_key,
+ HMAC_known_secret_key_length,
+ known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+ HASH_AlgSHA1);
+
+ if ((hmac_status != SECSuccess) ||
+ (PORT_Memcmp(hmac_computed, known_SHA1_hmac,
+ SHA1_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
/* HMAC SHA-224 Single-Round Known Answer Test. */
/***************************************************/
- hmac_status = freebl_fips_HMAC(hmac_computed,
- HMAC_known_secret_key,
- HMAC_known_secret_key_length,
- known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH,
- HASH_AlgSHA224);
-
- if( ( hmac_status != SECSuccess ) ||
- ( PORT_Memcmp( hmac_computed, known_SHA224_hmac,
- SHA224_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ hmac_status = freebl_fips_HMAC(hmac_computed,
+ HMAC_known_secret_key,
+ HMAC_known_secret_key_length,
+ known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+ HASH_AlgSHA224);
+
+ if ((hmac_status != SECSuccess) ||
+ (PORT_Memcmp(hmac_computed, known_SHA224_hmac,
+ SHA224_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
/* HMAC SHA-256 Single-Round Known Answer Test. */
/***************************************************/
- hmac_status = freebl_fips_HMAC(hmac_computed,
- HMAC_known_secret_key,
- HMAC_known_secret_key_length,
- known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH,
- HASH_AlgSHA256);
-
- if( ( hmac_status != SECSuccess ) ||
- ( PORT_Memcmp( hmac_computed, known_SHA256_hmac,
- SHA256_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ hmac_status = freebl_fips_HMAC(hmac_computed,
+ HMAC_known_secret_key,
+ HMAC_known_secret_key_length,
+ known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+ HASH_AlgSHA256);
+
+ if ((hmac_status != SECSuccess) ||
+ (PORT_Memcmp(hmac_computed, known_SHA256_hmac,
+ SHA256_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
@@ -627,17 +618,17 @@ freebl_fips_HMAC_PowerUpSelfTest( void )
/***************************************************/
hmac_status = freebl_fips_HMAC(hmac_computed,
- HMAC_known_secret_key,
- HMAC_known_secret_key_length,
- known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH,
- HASH_AlgSHA384);
-
- if( ( hmac_status != SECSuccess ) ||
- ( PORT_Memcmp( hmac_computed, known_SHA384_hmac,
- SHA384_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ HMAC_known_secret_key,
+ HMAC_known_secret_key_length,
+ known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+ HASH_AlgSHA384);
+
+ if ((hmac_status != SECSuccess) ||
+ (PORT_Memcmp(hmac_computed, known_SHA384_hmac,
+ SHA384_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
@@ -645,184 +636,188 @@ freebl_fips_HMAC_PowerUpSelfTest( void )
/***************************************************/
hmac_status = freebl_fips_HMAC(hmac_computed,
- HMAC_known_secret_key,
- HMAC_known_secret_key_length,
- known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH,
- HASH_AlgSHA512);
-
- if( ( hmac_status != SECSuccess ) ||
- ( PORT_Memcmp( hmac_computed, known_SHA512_hmac,
- SHA512_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ HMAC_known_secret_key,
+ HMAC_known_secret_key_length,
+ known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+ HASH_AlgSHA512);
+
+ if ((hmac_status != SECSuccess) ||
+ (PORT_Memcmp(hmac_computed, known_SHA512_hmac,
+ SHA512_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
- return( SECSuccess );
+ return (SECSuccess);
}
static SECStatus
-freebl_fips_SHA_PowerUpSelfTest( void )
+freebl_fips_SHA_PowerUpSelfTest(void)
{
/* SHA-1 Known Digest Message (160-bits). */
static const PRUint8 sha1_known_digest[] = {
- 0x0a,0x6d,0x07,0xba,0x1e,0xbd,0x8a,0x1b,
- 0x72,0xf6,0xc7,0x22,0xf1,0x27,0x9f,0xf0,
- 0xe0,0x68,0x47,0x7a};
+ 0x0a, 0x6d, 0x07, 0xba, 0x1e, 0xbd, 0x8a, 0x1b,
+ 0x72, 0xf6, 0xc7, 0x22, 0xf1, 0x27, 0x9f, 0xf0,
+ 0xe0, 0x68, 0x47, 0x7a
+ };
/* SHA-224 Known Digest Message (224-bits). */
static const PRUint8 sha224_known_digest[] = {
- 0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
- 0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
- 0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
- 0x8e,0x08,0xe5,0xcb};
+ 0x89, 0x5e, 0x7f, 0xfd, 0x0e, 0xd8, 0x35, 0x6f,
+ 0x64, 0x6d, 0xf2, 0xde, 0x5e, 0xed, 0xa6, 0x7f,
+ 0x29, 0xd1, 0x12, 0x73, 0x42, 0x84, 0x95, 0x4f,
+ 0x8e, 0x08, 0xe5, 0xcb
+ };
/* SHA-256 Known Digest Message (256-bits). */
static const PRUint8 sha256_known_digest[] = {
- 0x38,0xa9,0xc1,0xf0,0x35,0xf6,0x5d,0x61,
- 0x11,0xd4,0x0b,0xdc,0xce,0x35,0x14,0x8d,
- 0xf2,0xdd,0xaf,0xaf,0xcf,0xb7,0x87,0xe9,
- 0x96,0xa5,0xd2,0x83,0x62,0x46,0x56,0x79};
-
+ 0x38, 0xa9, 0xc1, 0xf0, 0x35, 0xf6, 0x5d, 0x61,
+ 0x11, 0xd4, 0x0b, 0xdc, 0xce, 0x35, 0x14, 0x8d,
+ 0xf2, 0xdd, 0xaf, 0xaf, 0xcf, 0xb7, 0x87, 0xe9,
+ 0x96, 0xa5, 0xd2, 0x83, 0x62, 0x46, 0x56, 0x79
+ };
+
/* SHA-384 Known Digest Message (384-bits). */
static const PRUint8 sha384_known_digest[] = {
- 0x11,0xfe,0x1c,0x00,0x89,0x48,0xde,0xb3,
- 0x99,0xee,0x1c,0x18,0xb4,0x10,0xfb,0xfe,
- 0xe3,0xa8,0x2c,0xf3,0x04,0xb0,0x2f,0xc8,
- 0xa3,0xc4,0x5e,0xea,0x7e,0x60,0x48,0x7b,
- 0xce,0x2c,0x62,0xf7,0xbc,0xa7,0xe8,0xa3,
- 0xcf,0x24,0xce,0x9c,0xe2,0x8b,0x09,0x72};
+ 0x11, 0xfe, 0x1c, 0x00, 0x89, 0x48, 0xde, 0xb3,
+ 0x99, 0xee, 0x1c, 0x18, 0xb4, 0x10, 0xfb, 0xfe,
+ 0xe3, 0xa8, 0x2c, 0xf3, 0x04, 0xb0, 0x2f, 0xc8,
+ 0xa3, 0xc4, 0x5e, 0xea, 0x7e, 0x60, 0x48, 0x7b,
+ 0xce, 0x2c, 0x62, 0xf7, 0xbc, 0xa7, 0xe8, 0xa3,
+ 0xcf, 0x24, 0xce, 0x9c, 0xe2, 0x8b, 0x09, 0x72
+ };
/* SHA-512 Known Digest Message (512-bits). */
static const PRUint8 sha512_known_digest[] = {
- 0xc8,0xb3,0x27,0xf9,0x0b,0x24,0xc8,0xbf,
- 0x4c,0xba,0x33,0x54,0xf2,0x31,0xbf,0xdb,
- 0xab,0xfd,0xb3,0x15,0xd7,0xfa,0x48,0x99,
- 0x07,0x60,0x0f,0x57,0x41,0x1a,0xdd,0x28,
- 0x12,0x55,0x25,0xac,0xba,0x3a,0x99,0x12,
- 0x2c,0x7a,0x8f,0x75,0x3a,0xe1,0x06,0x6f,
- 0x30,0x31,0xc9,0x33,0xc6,0x1b,0x90,0x1a,
- 0x6c,0x98,0x9a,0x87,0xd0,0xb2,0xf8,0x07};
+ 0xc8, 0xb3, 0x27, 0xf9, 0x0b, 0x24, 0xc8, 0xbf,
+ 0x4c, 0xba, 0x33, 0x54, 0xf2, 0x31, 0xbf, 0xdb,
+ 0xab, 0xfd, 0xb3, 0x15, 0xd7, 0xfa, 0x48, 0x99,
+ 0x07, 0x60, 0x0f, 0x57, 0x41, 0x1a, 0xdd, 0x28,
+ 0x12, 0x55, 0x25, 0xac, 0xba, 0x3a, 0x99, 0x12,
+ 0x2c, 0x7a, 0x8f, 0x75, 0x3a, 0xe1, 0x06, 0x6f,
+ 0x30, 0x31, 0xc9, 0x33, 0xc6, 0x1b, 0x90, 0x1a,
+ 0x6c, 0x98, 0x9a, 0x87, 0xd0, 0xb2, 0xf8, 0x07
+ };
/* SHA-X variables. */
- PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
- SECStatus sha_status;
+ PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
+ SECStatus sha_status;
/*************************************************/
/* SHA-1 Single-Round Known Answer Hashing Test. */
/*************************************************/
- sha_status = SHA1_HashBuf( sha_computed_digest, known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH );
-
- if( ( sha_status != SECSuccess ) ||
- ( PORT_Memcmp( sha_computed_digest, sha1_known_digest,
- SHA1_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ sha_status = SHA1_HashBuf(sha_computed_digest, known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH);
+
+ if ((sha_status != SECSuccess) ||
+ (PORT_Memcmp(sha_computed_digest, sha1_known_digest,
+ SHA1_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
/* SHA-224 Single-Round Known Answer Hashing Test. */
/***************************************************/
- sha_status = SHA224_HashBuf( sha_computed_digest, known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH );
+ sha_status = SHA224_HashBuf(sha_computed_digest, known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH);
- if( ( sha_status != SECSuccess ) ||
- ( PORT_Memcmp( sha_computed_digest, sha224_known_digest,
- SHA224_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((sha_status != SECSuccess) ||
+ (PORT_Memcmp(sha_computed_digest, sha224_known_digest,
+ SHA224_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
/* SHA-256 Single-Round Known Answer Hashing Test. */
/***************************************************/
- sha_status = SHA256_HashBuf( sha_computed_digest, known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH );
+ sha_status = SHA256_HashBuf(sha_computed_digest, known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH);
- if( ( sha_status != SECSuccess ) ||
- ( PORT_Memcmp( sha_computed_digest, sha256_known_digest,
- SHA256_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((sha_status != SECSuccess) ||
+ (PORT_Memcmp(sha_computed_digest, sha256_known_digest,
+ SHA256_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
/* SHA-384 Single-Round Known Answer Hashing Test. */
/***************************************************/
- sha_status = SHA384_HashBuf( sha_computed_digest, known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH );
+ sha_status = SHA384_HashBuf(sha_computed_digest, known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH);
- if( ( sha_status != SECSuccess ) ||
- ( PORT_Memcmp( sha_computed_digest, sha384_known_digest,
- SHA384_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((sha_status != SECSuccess) ||
+ (PORT_Memcmp(sha_computed_digest, sha384_known_digest,
+ SHA384_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/***************************************************/
/* SHA-512 Single-Round Known Answer Hashing Test. */
/***************************************************/
- sha_status = SHA512_HashBuf( sha_computed_digest, known_hash_message,
- FIPS_KNOWN_HASH_MESSAGE_LENGTH );
+ sha_status = SHA512_HashBuf(sha_computed_digest, known_hash_message,
+ FIPS_KNOWN_HASH_MESSAGE_LENGTH);
- if( ( sha_status != SECSuccess ) ||
- ( PORT_Memcmp( sha_computed_digest, sha512_known_digest,
- SHA512_LENGTH ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ if ((sha_status != SECSuccess) ||
+ (PORT_Memcmp(sha_computed_digest, sha512_known_digest,
+ SHA512_LENGTH) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
- return( SECSuccess );
+ return (SECSuccess);
}
-
static SECStatus
-freebl_fips_RSA_PowerUpSelfTest( void )
+freebl_fips_RSA_PowerUpSelfTest(void)
{
/* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
- 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
- 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
- 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
- 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
- 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
- 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
- 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
- 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
- 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
- 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
- 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
- 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
- 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
- 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
- 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
- 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
- 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
- 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
- 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
- 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
- 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
- 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
- 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
- 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
- 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
- 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
- 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
- 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
- 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
- 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
- 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
- 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b};
+ 0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
+ 0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
+ 0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
+ 0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
+ 0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
+ 0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
+ 0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
+ 0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
+ 0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
+ 0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
+ 0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
+ 0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
+ 0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
+ 0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
+ 0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
+ 0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
+ 0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
+ 0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
+ 0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
+ 0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
+ 0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
+ 0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
+ 0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
+ 0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
+ 0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
+ 0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
+ 0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
+ 0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
+ 0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
+ 0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
+ 0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
+ 0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b
+ };
/* RSA Known Public Key Values (24-bits). */
- static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH]
- = { 0x01, 0x00, 0x01 };
+ static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 };
/* RSA Known Private Key Values (version is 8-bits), */
/* (private exponent is 2048-bits), */
/* (private prime0 is 1024-bits), */
@@ -832,207 +827,216 @@ freebl_fips_RSA_PowerUpSelfTest( void )
/* and (private coefficient is 1024-bits). */
static const PRUint8 rsa_version[] = { 0x00 };
- static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
- = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
- 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
- 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
- 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
- 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
- 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
- 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
- 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
- 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
- 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
- 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
- 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
- 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
- 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
- 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
- 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
- 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
- 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
- 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
- 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
- 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
- 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
- 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
- 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
- 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
- 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
- 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
- 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
- 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
- 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
- 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
- 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 };
-
- static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
- 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
- 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
- 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
- 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
- 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
- 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
- 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
- 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
- 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
- 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
- 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
- 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
- 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
- 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
- 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
- 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05};
- static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
- 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
- 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
- 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
- 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
- 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
- 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
- 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
- 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
- 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
- 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
- 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
- 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
- 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
- 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
- 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
- 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf};
+ static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = {
+ 0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
+ 0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
+ 0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
+ 0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
+ 0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
+ 0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
+ 0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
+ 0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
+ 0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
+ 0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
+ 0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
+ 0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
+ 0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
+ 0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
+ 0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
+ 0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
+ 0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
+ 0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
+ 0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
+ 0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
+ 0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
+ 0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
+ 0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
+ 0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
+ 0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
+ 0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
+ 0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
+ 0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
+ 0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
+ 0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
+ 0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
+ 0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81
+ };
+
+ static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
+ 0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
+ 0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
+ 0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
+ 0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
+ 0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
+ 0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
+ 0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
+ 0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
+ 0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
+ 0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
+ 0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
+ 0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
+ 0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
+ 0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
+ 0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
+ 0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05
+ };
+ static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
+ 0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
+ 0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
+ 0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
+ 0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
+ 0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
+ 0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
+ 0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
+ 0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
+ 0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
+ 0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
+ 0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
+ 0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
+ 0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
+ 0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
+ 0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
+ 0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf
+ };
static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
- 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
- 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
- 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
- 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
- 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
- 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
- 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
- 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
- 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
- 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
- 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
- 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
- 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
- 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
- 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
- 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d};
+ 0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
+ 0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
+ 0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
+ 0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
+ 0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
+ 0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
+ 0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
+ 0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
+ 0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
+ 0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
+ 0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
+ 0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
+ 0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
+ 0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
+ 0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
+ 0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d
+ };
static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
- 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
- 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
- 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
- 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
- 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
- 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
- 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
- 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
- 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
- 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
- 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
- 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
- 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
- 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
- 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
- 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59};
+ 0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
+ 0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
+ 0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
+ 0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
+ 0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
+ 0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
+ 0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
+ 0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
+ 0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
+ 0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
+ 0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
+ 0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
+ 0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
+ 0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
+ 0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
+ 0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59
+ };
static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
- 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
- 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
- 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
- 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
- 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
- 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
- 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
- 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
- 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
- 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
- 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
- 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
- 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
- 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
- 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
- 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02};
+ 0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
+ 0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
+ 0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
+ 0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
+ 0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
+ 0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
+ 0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
+ 0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
+ 0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
+ 0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
+ 0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
+ 0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
+ 0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
+ 0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
+ 0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
+ 0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02
+ };
/* RSA Known Plaintext Message (1024-bits). */
static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
- "Known plaintext message utilized"
- "for RSA Encryption & Decryption"
- "blocks SHA256, SHA384 and "
- "SHA512 RSA Signature KAT tests. "
- "Known plaintext message utilized"
- "for RSA Encryption & Decryption"
- "blocks SHA256, SHA384 and "
- "SHA512 RSA Signature KAT tests."};
+ "Known plaintext message utilized"
+ "for RSA Encryption & Decryption"
+ "blocks SHA256, SHA384 and "
+ "SHA512 RSA Signature KAT tests. "
+ "Known plaintext message utilized"
+ "for RSA Encryption & Decryption"
+ "blocks SHA256, SHA384 and "
+ "SHA512 RSA Signature KAT tests."
+ };
/* RSA Known Ciphertext (2048-bits). */
static const PRUint8 rsa_known_ciphertext[] = {
- 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
- 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
- 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
- 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
- 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
- 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
- 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
- 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
- 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
- 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
- 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
- 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
- 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
- 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
- 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
- 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
- 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
- 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
- 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
- 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
- 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
- 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
- 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
- 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
- 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
- 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
- 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
- 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
- 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
- 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
- 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
- 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef};
-
-
- static const RSAPublicKey bl_public_key = { NULL,
- { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
- FIPS_RSA_MODULUS_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
- FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
+ 0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
+ 0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
+ 0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
+ 0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
+ 0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
+ 0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
+ 0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
+ 0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
+ 0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
+ 0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
+ 0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
+ 0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
+ 0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
+ 0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
+ 0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
+ 0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
+ 0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
+ 0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
+ 0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
+ 0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
+ 0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
+ 0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
+ 0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
+ 0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
+ 0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
+ 0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
+ 0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
+ 0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
+ 0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
+ 0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
+ 0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
+ 0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef
};
- static const RSAPrivateKey bl_private_key = { NULL,
- { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
- FIPS_RSA_PRIVATE_VERSION_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
- FIPS_RSA_MODULUS_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
- FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
- FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
- FIPS_RSA_PRIME0_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
- FIPS_RSA_PRIME1_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
- FIPS_RSA_EXPONENT0_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
- FIPS_RSA_EXPONENT1_LENGTH },
- { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
- FIPS_RSA_COEFFICIENT_LENGTH }
+
+ static const RSAPublicKey bl_public_key = {
+ NULL,
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+ FIPS_RSA_MODULUS_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+ FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
+ };
+ static const RSAPrivateKey bl_private_key = {
+ NULL,
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
+ FIPS_RSA_PRIVATE_VERSION_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+ FIPS_RSA_MODULUS_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+ FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
+ FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
+ FIPS_RSA_PRIME0_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
+ FIPS_RSA_PRIME1_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
+ FIPS_RSA_EXPONENT0_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
+ FIPS_RSA_EXPONENT1_LENGTH },
+ { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
+ FIPS_RSA_COEFFICIENT_LENGTH }
};
/* RSA variables. */
- SECStatus rsa_status;
- RSAPublicKey rsa_public_key;
- RSAPrivateKey rsa_private_key;
+ SECStatus rsa_status;
+ RSAPublicKey rsa_public_key;
+ RSAPrivateKey rsa_private_key;
- PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
- PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
+ PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
+ PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
rsa_public_key = bl_public_key;
rsa_private_key = bl_private_key;
@@ -1046,9 +1050,9 @@ freebl_fips_RSA_PowerUpSelfTest( void )
rsa_computed_ciphertext,
rsa_known_plaintext_msg);
- if( ( rsa_status != SECSuccess ) ||
- ( PORT_Memcmp( rsa_computed_ciphertext, rsa_known_ciphertext,
- FIPS_RSA_ENCRYPT_LENGTH ) != 0 ) )
+ if ((rsa_status != SECSuccess) ||
+ (PORT_Memcmp(rsa_computed_ciphertext, rsa_known_ciphertext,
+ FIPS_RSA_ENCRYPT_LENGTH) != 0))
goto rsa_loser;
/**************************************************/
@@ -1060,54 +1064,57 @@ freebl_fips_RSA_PowerUpSelfTest( void )
rsa_computed_plaintext,
rsa_known_ciphertext);
- if( ( rsa_status != SECSuccess ) ||
- ( PORT_Memcmp( rsa_computed_plaintext, rsa_known_plaintext_msg,
- FIPS_RSA_DECRYPT_LENGTH ) != 0 ) )
+ if ((rsa_status != SECSuccess) ||
+ (PORT_Memcmp(rsa_computed_plaintext, rsa_known_plaintext_msg,
+ FIPS_RSA_DECRYPT_LENGTH) != 0))
goto rsa_loser;
- return( SECSuccess );
+ return (SECSuccess);
rsa_loser:
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
#ifdef NSS_ENABLE_ECC
static SECStatus
-freebl_fips_ECDSA_Test(ECParams *ecparams,
- const PRUint8 *knownSignature,
- unsigned int knownSignatureLen) {
+freebl_fips_ECDSA_Test(ECParams *ecparams,
+ const PRUint8 *knownSignature,
+ unsigned int knownSignatureLen)
+{
/* ECDSA Known Seed info for curves nistp256 and nistk283 */
static const PRUint8 ecdsa_Known_Seed[] = {
- 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
- 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
- 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
- 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f};
+ 0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
+ 0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
+ 0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
+ 0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f
+ };
static const PRUint8 msg[] = {
- "Firefox and ThunderBird are awesome!"};
+ "Firefox and ThunderBird are awesome!"
+ };
- unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
- unsigned char sig[2*MAX_ECKEY_LEN];
+ unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
+ unsigned char sig[2 * MAX_ECKEY_LEN];
SECItem signature, digest;
ECPrivateKey *ecdsa_private_key = NULL;
ECPublicKey ecdsa_public_key;
SECStatus ecdsaStatus = SECSuccess;
/* Generates a new EC key pair. The private key is a supplied
- * random value (in seed) and the public key is the result of
- * performing a scalar point multiplication of that value with
+ * random value (in seed) and the public key is the result of
+ * performing a scalar point multiplication of that value with
* the curve's base point.
*/
- ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
- ecdsa_Known_Seed,
- sizeof(ecdsa_Known_Seed));
+ ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
+ ecdsa_Known_Seed,
+ sizeof(ecdsa_Known_Seed));
if (ecdsaStatus != SECSuccess) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
/* construct public key from private key. */
@@ -1115,14 +1122,14 @@ freebl_fips_ECDSA_Test(ECParams *ecparams,
ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
/* validate public key value */
- ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
+ ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
&ecdsa_public_key.publicValue);
if (ecdsaStatus != SECSuccess) {
goto loser;
}
/* validate public key value */
- ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
+ ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
&ecdsa_private_key->publicValue);
if (ecdsaStatus != SECSuccess) {
goto loser;
@@ -1131,7 +1138,7 @@ freebl_fips_ECDSA_Test(ECParams *ecparams,
/***************************************************/
/* ECDSA Single-Round Known Answer Signature Test. */
/***************************************************/
-
+
ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
if (ecdsaStatus != SECSuccess) {
goto loser;
@@ -1139,25 +1146,25 @@ freebl_fips_ECDSA_Test(ECParams *ecparams,
digest.type = siBuffer;
digest.data = sha1;
digest.len = SHA1_LENGTH;
-
+
memset(sig, 0, sizeof sig);
signature.type = siBuffer;
signature.data = sig;
signature.len = sizeof sig;
-
- ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
- &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
+
+ ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
+ &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
if (ecdsaStatus != SECSuccess) {
goto loser;
}
- if( ( signature.len != knownSignatureLen ) ||
- ( PORT_Memcmp( signature.data, knownSignature,
- knownSignatureLen ) != 0 ) ) {
+ if ((signature.len != knownSignatureLen) ||
+ (PORT_Memcmp(signature.data, knownSignature,
+ knownSignatureLen) != 0)) {
ecdsaStatus = SECFailure;
goto loser;
}
-
+
/******************************************************/
/* ECDSA Single-Round Known Answer Verification Test. */
/******************************************************/
@@ -1170,147 +1177,163 @@ loser:
PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
if (ecdsaStatus != SECSuccess) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return( SECFailure );
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
}
- return( SECSuccess );
+ return (SECSuccess);
}
static SECStatus
-freebl_fips_ECDSA_PowerUpSelfTest() {
-
+freebl_fips_ECDSA_PowerUpSelfTest()
+{
+
/* ECDSA Known curve nistp256 == ECCCurve_X9_62_PRIME_256V1 params */
static const unsigned char p256_prime[] = {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
static const unsigned char p256_a[] = {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFC};
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC
+ };
static const unsigned char p256_b[] = {
- 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,0xBD,0x55,0x76,
- 0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,0x3B,0xCE,
- 0x3C,0x3E,0x27,0xD2,0x60,0x4B};
- static const unsigned char p256_base[] = { 0x04,
- 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,0xE6,0xE5,0x63,
- 0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,0xF4,0xA1,
- 0x39,0x45,0xD8,0x98,0xC2,0x96,
- 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,0x8E,0xE7,0xEB,0x4A,0x7C,
- 0x0F,0x9E,0x16,0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,0xCB,0xB6,
- 0x40,0x68,0x37,0xBF,0x51,0xF5};
+ 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 0x76,
+ 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 0x3B, 0xCE,
+ 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B
+ };
+ static const unsigned char p256_base[] = {
+ 0x04,
+ 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 0x63,
+ 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1,
+ 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
+ 0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, 0x8E, 0xE7, 0xEB, 0x4A, 0x7C,
+ 0x0F, 0x9E, 0x16, 0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, 0xCB, 0xB6,
+ 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5
+ };
static const unsigned char p256_order[] = {
- 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,0xF3,0xB9,
- 0xCA,0xC2,0xFC,0x63,0x25,0x51};
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9,
+ 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
+ };
static const unsigned char p256_encoding[] = {
- 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03, 0x01,0x07 };
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+ };
static const ECParams ecdsa_known_P256_Params = {
- NULL, ec_params_named, /* arena, type */
- /* fieldID */
- { 256 , ec_field_GFp, /* size and type */
- {{siBuffer, (unsigned char*)p256_prime, sizeof(p256_prime)}}, /* u.prime */
- 0, 0, 0 },
- /* curve */
- {
- /* a = curvea b = curveb */
- /* curve.a */
- { siBuffer, (unsigned char*)p256_a, sizeof(p256_a) },
- /* curve.b */
- { siBuffer, (unsigned char*)p256_b, sizeof(p256_b) },
- /* curve.seed */
- { siBuffer, NULL, 0}
- },
- /* base = 04xy*/
- { siBuffer, (unsigned char*)p256_base, sizeof(p256_base) },
- /* order */
- { siBuffer, (unsigned char*)p256_order, sizeof(p256_order) },
- 1,/* cofactor */
- /* DEREncoding */
- { siBuffer, (unsigned char*)p256_encoding, sizeof(p256_encoding)},
- ECCurve_X9_62_PRIME_256V1,
- /* curveOID */
- { siBuffer, (unsigned char*)(p256_encoding)+2, sizeof(p256_encoding)-2},
+ NULL, ec_params_named, /* arena, type */
+ /* fieldID */
+ { 256, ec_field_GFp, /* size and type */
+ { { siBuffer, (unsigned char *)p256_prime, sizeof(p256_prime) } }, /* u.prime */
+ 0,
+ 0,
+ 0 },
+ /* curve */
+ { /* a = curvea b = curveb */
+ /* curve.a */
+ { siBuffer, (unsigned char *)p256_a, sizeof(p256_a) },
+ /* curve.b */
+ { siBuffer, (unsigned char *)p256_b, sizeof(p256_b) },
+ /* curve.seed */
+ { siBuffer, NULL, 0 } },
+ /* base = 04xy*/
+ { siBuffer, (unsigned char *)p256_base, sizeof(p256_base) },
+ /* order */
+ { siBuffer, (unsigned char *)p256_order, sizeof(p256_order) },
+ 1, /* cofactor */
+ /* DEREncoding */
+ { siBuffer, (unsigned char *)p256_encoding, sizeof(p256_encoding) },
+ ECCurve_X9_62_PRIME_256V1,
+ /* curveOID */
+ { siBuffer, (unsigned char *)(p256_encoding) + 2, sizeof(p256_encoding) - 2 },
};
-
static const PRUint8 ecdsa_known_P256_signature[] = {
- 0x07,0xb1,0xcb,0x57,0x20,0xa7,0x10,0xd6,
- 0x9d,0x37,0x4b,0x1c,0xdc,0x35,0x90,0xff,
- 0x1a,0x2d,0x98,0x95,0x1b,0x2f,0xeb,0x7f,
- 0xbb,0x81,0xca,0xc0,0x69,0x75,0xea,0xc5,
- 0x59,0x6a,0x62,0x49,0x3d,0x50,0xc9,0xe1,
- 0x27,0x3b,0xff,0x9b,0x13,0x66,0x67,0xdd,
- 0x7d,0xd1,0x0d,0x2d,0x7c,0x44,0x04,0x1b,
- 0x16,0x21,0x12,0xc5,0xcb,0xbd,0x9e,0x75};
+ 0x07, 0xb1, 0xcb, 0x57, 0x20, 0xa7, 0x10, 0xd6,
+ 0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff,
+ 0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f,
+ 0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5,
+ 0x59, 0x6a, 0x62, 0x49, 0x3d, 0x50, 0xc9, 0xe1,
+ 0x27, 0x3b, 0xff, 0x9b, 0x13, 0x66, 0x67, 0xdd,
+ 0x7d, 0xd1, 0x0d, 0x2d, 0x7c, 0x44, 0x04, 0x1b,
+ 0x16, 0x21, 0x12, 0xc5, 0xcb, 0xbd, 0x9e, 0x75
+ };
#ifdef NSS_ECC_MORE_THAN_SUITE_B
/* ECDSA Known curve nistk283 == SEC_OID_SECG_EC_SECT283K1 params */
static const unsigned char k283_poly[] = {
- 0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0xA1};
+ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1
+ };
static const unsigned char k283_a[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
static const unsigned char k283_b[] = {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01};
- static const unsigned char k283_base[] = { 0x04,
- 0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A,0x3B,0x81,0x62,
- 0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F,0x23,0xC1,0x56,0x7A,0x16,0x87,
- 0x69,0x13,0xB0,0xC2,0xAC,0x24,0x58,0x49,0x28,0x36,
- 0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90,0xF9,0x5D,0x07,
- 0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0,0xE8,0x18,0x46,0x98,0xE4,0x59,
- 0x62,0x36,0x4E,0x34,0x11,0x61,0x77,0xDD,0x22,0x59};
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+ };
+ static const unsigned char k283_base[] = {
+ 0x04,
+ 0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, 0x3F, 0x1A, 0x3B, 0x81, 0x62,
+ 0xF1, 0x88, 0xE5, 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A, 0x16, 0x87,
+ 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, 0x58, 0x49, 0x28, 0x36,
+ 0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, 0x8D, 0x90, 0xF9, 0x5D, 0x07,
+ 0xE5, 0x42, 0x6F, 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98, 0xE4, 0x59,
+ 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, 0x77, 0xDD, 0x22, 0x59
+ };
static const unsigned char k283_order[] = {
- 0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE,0x2E,0xD0,0x75,0x77,0x26,0x5D,
- 0xFF,0x7F,0x94,0x45,0x1E,0x06,0x1E,0x16,0x3C,0x61};
+ 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77, 0x26, 0x5D,
+ 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61
+ };
static const PRUint8 k283_encoding[] = {
- 0x06,0x05,0x2b,0x81,0x04,0x00,0x10};
+ 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x10
+ };
static const ECParams ecdsa_known_K283_Params = {
- NULL, ec_params_named, /* arena, type */
- /* fieldID */
- { 283 , ec_field_GF2m, /* size and type */
- {{siBuffer, p283_poly, sizeof(p283_poly)}}, /* u.poly */
- 0, 0, 0 },
- /* curve */
- {
- /* a = curvea b = curveb */
- /* curve.a */
- { siBuffer, p283_a, sizeof(p283_a) },
- /* curve.b */
- { siBuffer, p283_b, sizeof(p283_b) },
- /* curve.seed */
- { siBuffer, NULL, 0}
- },
- /* base = 04xy*/
- { siBuffer, p283_base, sizeof(p283_base) },
- /* order */
- { siBuffer, p283_order, sizeof(p283_order) },
- 4,/* cofactor */
- /* DEREncoding */
- { siBuffer, k283_encoding, sizeof(k283_encoding)},
- /* name */
- ECCurve_SECG_CHAR2_283K1,
- /* curveOID */
- { siBuffer, k283_encoding+2, sizeof(k283_encoding)-2},
+ NULL, ec_params_named, /* arena, type */
+ /* fieldID */
+ { 283, ec_field_GF2m, /* size and type */
+ { { siBuffer, p283_poly, sizeof(p283_poly) } }, /* u.poly */
+ 0,
+ 0,
+ 0 },
+ /* curve */
+ { /* a = curvea b = curveb */
+ /* curve.a */
+ { siBuffer, p283_a, sizeof(p283_a) },
+ /* curve.b */
+ { siBuffer, p283_b, sizeof(p283_b) },
+ /* curve.seed */
+ { siBuffer, NULL, 0 } },
+ /* base = 04xy*/
+ { siBuffer, p283_base, sizeof(p283_base) },
+ /* order */
+ { siBuffer, p283_order, sizeof(p283_order) },
+ 4, /* cofactor */
+ /* DEREncoding */
+ { siBuffer, k283_encoding, sizeof(k283_encoding) },
+ /* name */
+ ECCurve_SECG_CHAR2_283K1,
+ /* curveOID */
+ { siBuffer, k283_encoding + 2, sizeof(k283_encoding) - 2 },
};
-
+
static const PRUint8 ecdsa_known_K283_signature[] = {
- 0x00,0x45,0x88,0xc0,0x79,0x09,0x07,0xd1,
- 0x4e,0x88,0xe6,0xd5,0x2f,0x22,0x04,0x74,
- 0x35,0x24,0x65,0xe8,0x15,0xde,0x90,0x66,
- 0x94,0x70,0xdd,0x3a,0x14,0x70,0x02,0xd1,
- 0xef,0x86,0xbd,0x15,0x00,0xd9,0xdc,0xfc,
- 0x87,0x2e,0x7c,0x99,0xe2,0xe3,0x79,0xb8,
- 0xd9,0x10,0x49,0x78,0x4b,0x59,0x8b,0x05,
- 0x77,0xec,0x6c,0xe8,0x35,0xe6,0x2e,0xa9,
- 0xf9,0x77,0x1f,0x71,0x86,0xa5,0x4a,0xd0};
+ 0x00, 0x45, 0x88, 0xc0, 0x79, 0x09, 0x07, 0xd1,
+ 0x4e, 0x88, 0xe6, 0xd5, 0x2f, 0x22, 0x04, 0x74,
+ 0x35, 0x24, 0x65, 0xe8, 0x15, 0xde, 0x90, 0x66,
+ 0x94, 0x70, 0xdd, 0x3a, 0x14, 0x70, 0x02, 0xd1,
+ 0xef, 0x86, 0xbd, 0x15, 0x00, 0xd9, 0xdc, 0xfc,
+ 0x87, 0x2e, 0x7c, 0x99, 0xe2, 0xe3, 0x79, 0xb8,
+ 0xd9, 0x10, 0x49, 0x78, 0x4b, 0x59, 0x8b, 0x05,
+ 0x77, 0xec, 0x6c, 0xe8, 0x35, 0xe6, 0x2e, 0xa9,
+ 0xf9, 0x77, 0x1f, 0x71, 0x86, 0xa5, 0x4a, 0xd0
+ };
#endif
ECParams ecparams;
@@ -1319,102 +1342,110 @@ freebl_fips_ECDSA_PowerUpSelfTest() {
/* ECDSA GF(p) prime field curve test */
ecparams = ecdsa_known_P256_Params;
rv = freebl_fips_ECDSA_Test(&ecparams,
- ecdsa_known_P256_signature,
- sizeof ecdsa_known_P256_signature );
+ ecdsa_known_P256_signature,
+ sizeof ecdsa_known_P256_signature);
if (rv != SECSuccess) {
- return( SECFailure );
+ return (SECFailure);
}
#ifdef NSS_ECC_MORE_THAN_SUITE_B
/* ECDSA GF(2m) binary field curve test */
ecparams = ecdsa_known_K283_Params;
rv = freebl_fips_ECDSA_Test(&ecparams,
- ecdsa_known_K283_signature,
- sizeof ecdsa_known_K283_signature );
+ ecdsa_known_K283_signature,
+ sizeof ecdsa_known_K283_signature);
if (rv != SECSuccess) {
- return( SECFailure );
+ return (SECFailure);
}
#endif
- return( SECSuccess );
+ return (SECSuccess);
}
-#endif /* NSS_ENABLE_ECC */
+#endif /* NSS_ENABLE_ECC */
static SECStatus
-freebl_fips_DSA_PowerUpSelfTest( void )
+freebl_fips_DSA_PowerUpSelfTest(void)
{
/* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
static const PRUint8 dsa_P[] = {
- 0x80,0xb0,0xd1,0x9d,0x6e,0xa4,0xf3,0x28,
- 0x9f,0x24,0xa9,0x8a,0x49,0xd0,0x0c,0x63,
- 0xe8,0x59,0x04,0xf9,0x89,0x4a,0x5e,0xc0,
- 0x6d,0xd2,0x67,0x6b,0x37,0x81,0x83,0x0c,
- 0xfe,0x3a,0x8a,0xfd,0xa0,0x3b,0x08,0x91,
- 0x1c,0xcb,0xb5,0x63,0xb0,0x1c,0x70,0xd0,
- 0xae,0xe1,0x60,0x2e,0x12,0xeb,0x54,0xc7,
- 0xcf,0xc6,0xcc,0xae,0x97,0x52,0x32,0x63,
- 0xd3,0xeb,0x55,0xea,0x2f,0x4c,0xd5,0xd7,
- 0x3f,0xda,0xec,0x49,0x27,0x0b,0x14,0x56,
- 0xc5,0x09,0xbe,0x4d,0x09,0x15,0x75,0x2b,
- 0xa3,0x42,0x0d,0x03,0x71,0xdf,0x0f,0xf4,
- 0x0e,0xe9,0x0c,0x46,0x93,0x3d,0x3f,0xa6,
- 0x6c,0xdb,0xca,0xe5,0xac,0x96,0xc8,0x64,
- 0x5c,0xec,0x4b,0x35,0x65,0xfc,0xfb,0x5a,
- 0x1b,0x04,0x1b,0xa1,0x0e,0xfd,0x88,0x15};
-
+ 0x80, 0xb0, 0xd1, 0x9d, 0x6e, 0xa4, 0xf3, 0x28,
+ 0x9f, 0x24, 0xa9, 0x8a, 0x49, 0xd0, 0x0c, 0x63,
+ 0xe8, 0x59, 0x04, 0xf9, 0x89, 0x4a, 0x5e, 0xc0,
+ 0x6d, 0xd2, 0x67, 0x6b, 0x37, 0x81, 0x83, 0x0c,
+ 0xfe, 0x3a, 0x8a, 0xfd, 0xa0, 0x3b, 0x08, 0x91,
+ 0x1c, 0xcb, 0xb5, 0x63, 0xb0, 0x1c, 0x70, 0xd0,
+ 0xae, 0xe1, 0x60, 0x2e, 0x12, 0xeb, 0x54, 0xc7,
+ 0xcf, 0xc6, 0xcc, 0xae, 0x97, 0x52, 0x32, 0x63,
+ 0xd3, 0xeb, 0x55, 0xea, 0x2f, 0x4c, 0xd5, 0xd7,
+ 0x3f, 0xda, 0xec, 0x49, 0x27, 0x0b, 0x14, 0x56,
+ 0xc5, 0x09, 0xbe, 0x4d, 0x09, 0x15, 0x75, 0x2b,
+ 0xa3, 0x42, 0x0d, 0x03, 0x71, 0xdf, 0x0f, 0xf4,
+ 0x0e, 0xe9, 0x0c, 0x46, 0x93, 0x3d, 0x3f, 0xa6,
+ 0x6c, 0xdb, 0xca, 0xe5, 0xac, 0x96, 0xc8, 0x64,
+ 0x5c, 0xec, 0x4b, 0x35, 0x65, 0xfc, 0xfb, 0x5a,
+ 0x1b, 0x04, 0x1b, 0xa1, 0x0e, 0xfd, 0x88, 0x15
+ };
+
static const PRUint8 dsa_Q[] = {
- 0xad,0x22,0x59,0xdf,0xe5,0xec,0x4c,0x6e,
- 0xf9,0x43,0xf0,0x4b,0x2d,0x50,0x51,0xc6,
- 0x91,0x99,0x8b,0xcf};
-
+ 0xad, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e,
+ 0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6,
+ 0x91, 0x99, 0x8b, 0xcf
+ };
+
static const PRUint8 dsa_G[] = {
- 0x78,0x6e,0xa9,0xd8,0xcd,0x4a,0x85,0xa4,
- 0x45,0xb6,0x6e,0x5d,0x21,0x50,0x61,0xf6,
- 0x5f,0xdf,0x5c,0x7a,0xde,0x0d,0x19,0xd3,
- 0xc1,0x3b,0x14,0xcc,0x8e,0xed,0xdb,0x17,
- 0xb6,0xca,0xba,0x86,0xa9,0xea,0x51,0x2d,
- 0xc1,0xa9,0x16,0xda,0xf8,0x7b,0x59,0x8a,
- 0xdf,0xcb,0xa4,0x67,0x00,0x44,0xea,0x24,
- 0x73,0xe5,0xcb,0x4b,0xaf,0x2a,0x31,0x25,
- 0x22,0x28,0x3f,0x16,0x10,0x82,0xf7,0xeb,
- 0x94,0x0d,0xdd,0x09,0x22,0x14,0x08,0x79,
- 0xba,0x11,0x0b,0xf1,0xff,0x2d,0x67,0xac,
- 0xeb,0xb6,0x55,0x51,0x69,0x97,0xa7,0x25,
- 0x6b,0x9c,0xa0,0x9b,0xd5,0x08,0x9b,0x27,
- 0x42,0x1c,0x7a,0x69,0x57,0xe6,0x2e,0xed,
- 0xa9,0x5b,0x25,0xe8,0x1f,0xd2,0xed,0x1f,
- 0xdf,0xe7,0x80,0x17,0xba,0x0d,0x4d,0x38};
+ 0x78, 0x6e, 0xa9, 0xd8, 0xcd, 0x4a, 0x85, 0xa4,
+ 0x45, 0xb6, 0x6e, 0x5d, 0x21, 0x50, 0x61, 0xf6,
+ 0x5f, 0xdf, 0x5c, 0x7a, 0xde, 0x0d, 0x19, 0xd3,
+ 0xc1, 0x3b, 0x14, 0xcc, 0x8e, 0xed, 0xdb, 0x17,
+ 0xb6, 0xca, 0xba, 0x86, 0xa9, 0xea, 0x51, 0x2d,
+ 0xc1, 0xa9, 0x16, 0xda, 0xf8, 0x7b, 0x59, 0x8a,
+ 0xdf, 0xcb, 0xa4, 0x67, 0x00, 0x44, 0xea, 0x24,
+ 0x73, 0xe5, 0xcb, 0x4b, 0xaf, 0x2a, 0x31, 0x25,
+ 0x22, 0x28, 0x3f, 0x16, 0x10, 0x82, 0xf7, 0xeb,
+ 0x94, 0x0d, 0xdd, 0x09, 0x22, 0x14, 0x08, 0x79,
+ 0xba, 0x11, 0x0b, 0xf1, 0xff, 0x2d, 0x67, 0xac,
+ 0xeb, 0xb6, 0x55, 0x51, 0x69, 0x97, 0xa7, 0x25,
+ 0x6b, 0x9c, 0xa0, 0x9b, 0xd5, 0x08, 0x9b, 0x27,
+ 0x42, 0x1c, 0x7a, 0x69, 0x57, 0xe6, 0x2e, 0xed,
+ 0xa9, 0x5b, 0x25, 0xe8, 0x1f, 0xd2, 0xed, 0x1f,
+ 0xdf, 0xe7, 0x80, 0x17, 0xba, 0x0d, 0x4d, 0x38
+ };
/* DSA Known Random Values (known random key block is 160-bits) */
/* and (known random signature block is 160-bits). */
static const PRUint8 dsa_known_random_key_block[] = {
- "Mozilla Rules World!"};
+ "Mozilla Rules World!"
+ };
static const PRUint8 dsa_known_random_signature_block[] = {
- "Random DSA Signature"};
+ "Random DSA Signature"
+ };
/* DSA Known Digest (160-bits) */
static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
/* DSA Known Signature (320-bits). */
static const PRUint8 dsa_known_signature[] = {
- 0x25,0x7c,0x3a,0x79,0x32,0x45,0xb7,0x32,
- 0x70,0xca,0x62,0x63,0x2b,0xf6,0x29,0x2c,
- 0x22,0x2a,0x03,0xce,0x48,0x15,0x11,0x72,
- 0x7b,0x7e,0xf5,0x7a,0xf3,0x10,0x3b,0xde,
- 0x34,0xc1,0x9e,0xd7,0x27,0x9e,0x77,0x38};
+ 0x25, 0x7c, 0x3a, 0x79, 0x32, 0x45, 0xb7, 0x32,
+ 0x70, 0xca, 0x62, 0x63, 0x2b, 0xf6, 0x29, 0x2c,
+ 0x22, 0x2a, 0x03, 0xce, 0x48, 0x15, 0x11, 0x72,
+ 0x7b, 0x7e, 0xf5, 0x7a, 0xf3, 0x10, 0x3b, 0xde,
+ 0x34, 0xc1, 0x9e, 0xd7, 0x27, 0x9e, 0x77, 0x38
+ };
/* DSA variables. */
- DSAPrivateKey * dsa_private_key;
- SECStatus dsa_status;
- SECItem dsa_signature_item;
- SECItem dsa_digest_item;
- DSAPublicKey dsa_public_key;
- PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
- static const PQGParams dsa_pqg = { NULL,
- { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
- { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
- { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }};
+ DSAPrivateKey *dsa_private_key;
+ SECStatus dsa_status;
+ SECItem dsa_signature_item;
+ SECItem dsa_digest_item;
+ DSAPublicKey dsa_public_key;
+ PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
+ static const PQGParams dsa_pqg = {
+ NULL,
+ { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
+ { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
+ { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }
+ };
/*******************************************/
/* Generate a DSA public/private key pair. */
@@ -1424,13 +1455,13 @@ freebl_fips_DSA_PowerUpSelfTest( void )
dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
&dsa_private_key);
- if( dsa_status != SECSuccess ) {
- PORT_SetError( SEC_ERROR_NO_MEMORY );
- return( SECFailure );
+ if (dsa_status != SECSuccess) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return (SECFailure);
}
/* construct public key from private key. */
- dsa_public_key.params = dsa_private_key->params;
+ dsa_public_key.params = dsa_private_key->params;
dsa_public_key.publicValue = dsa_private_key->publicValue;
/*************************************************/
@@ -1438,95 +1469,94 @@ freebl_fips_DSA_PowerUpSelfTest( void )
/*************************************************/
dsa_signature_item.data = dsa_computed_signature;
- dsa_signature_item.len = sizeof dsa_computed_signature;
+ dsa_signature_item.len = sizeof dsa_computed_signature;
- dsa_digest_item.data = (unsigned char *)dsa_known_digest;
- dsa_digest_item.len = SHA1_LENGTH;
+ dsa_digest_item.data = (unsigned char *)dsa_known_digest;
+ dsa_digest_item.len = SHA1_LENGTH;
/* Perform DSA signature process. */
- dsa_status = DSA_SignDigestWithSeed( dsa_private_key,
- &dsa_signature_item,
- &dsa_digest_item,
- dsa_known_random_signature_block );
-
- if( ( dsa_status != SECSuccess ) ||
- ( dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH ) ||
- ( PORT_Memcmp( dsa_computed_signature, dsa_known_signature,
- FIPS_DSA_SIGNATURE_LENGTH ) != 0 ) ) {
+ dsa_status = DSA_SignDigestWithSeed(dsa_private_key,
+ &dsa_signature_item,
+ &dsa_digest_item,
+ dsa_known_random_signature_block);
+
+ if ((dsa_status != SECSuccess) ||
+ (dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH) ||
+ (PORT_Memcmp(dsa_computed_signature, dsa_known_signature,
+ FIPS_DSA_SIGNATURE_LENGTH) != 0)) {
dsa_status = SECFailure;
} else {
- /****************************************************/
- /* DSA Single-Round Known Answer Verification Test. */
- /****************************************************/
+ /****************************************************/
+ /* DSA Single-Round Known Answer Verification Test. */
+ /****************************************************/
- /* Perform DSA verification process. */
- dsa_status = DSA_VerifyDigest( &dsa_public_key,
- &dsa_signature_item,
- &dsa_digest_item);
+ /* Perform DSA verification process. */
+ dsa_status = DSA_VerifyDigest(&dsa_public_key,
+ &dsa_signature_item,
+ &dsa_digest_item);
}
PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
/* Don't free public key, it uses same arena as private key */
/* Verify DSA signature. */
- if( dsa_status != SECSuccess ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return SECFailure;
+ if (dsa_status != SECSuccess) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
- return( SECSuccess );
-
-
+ return (SECSuccess);
}
static SECStatus
-freebl_fips_RNG_PowerUpSelfTest( void )
+freebl_fips_RNG_PowerUpSelfTest(void)
{
- static const PRUint8 Q[] = {
- 0x85,0x89,0x9c,0x77,0xa3,0x79,0xff,0x1a,
- 0x86,0x6f,0x2f,0x3e,0x2e,0xf9,0x8c,0x9c,
- 0x9d,0xef,0xeb,0xed};
- static const PRUint8 GENX[] = {
- 0x65,0x48,0xe3,0xca,0xac,0x64,0x2d,0xf7,
- 0x7b,0xd3,0x4e,0x79,0xc9,0x7d,0xa6,0xa8,
- 0xa2,0xc2,0x1f,0x8f,0xe9,0xb9,0xd3,0xa1,
- 0x3f,0xf7,0x0c,0xcd,0xa6,0xca,0xbf,0xce,
- 0x84,0x0e,0xb6,0xf1,0x0d,0xbe,0xa9,0xa3};
- static const PRUint8 rng_known_DSAX[] = {
- 0x7a,0x86,0xf1,0x7f,0xbd,0x4e,0x6e,0xd9,
- 0x0a,0x26,0x21,0xd0,0x19,0xcb,0x86,0x73,
- 0x10,0x1f,0x60,0xd7};
-
-
-
- SECStatus rng_status = SECSuccess;
- PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
-
- /*******************************************/
- /* Run the SP 800-90 Health tests */
- /*******************************************/
- rng_status = PRNGTEST_RunHealthTests();
- if (rng_status != SECSuccess) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return SECFailure;
- }
-
- /*******************************************/
- /* Generate DSAX fow given Q. */
- /*******************************************/
-
- rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
-
- /* Verify DSAX to perform the RNG integrity check */
- if( ( rng_status != SECSuccess ) ||
- ( PORT_Memcmp( DSAX, rng_known_DSAX,
- (FIPS_DSA_SUBPRIME_LENGTH) ) != 0 ) ) {
- PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
- return SECFailure;
- }
-
- return( SECSuccess );
+ static const PRUint8 Q[] = {
+ 0x85, 0x89, 0x9c, 0x77, 0xa3, 0x79, 0xff, 0x1a,
+ 0x86, 0x6f, 0x2f, 0x3e, 0x2e, 0xf9, 0x8c, 0x9c,
+ 0x9d, 0xef, 0xeb, 0xed
+ };
+ static const PRUint8 GENX[] = {
+ 0x65, 0x48, 0xe3, 0xca, 0xac, 0x64, 0x2d, 0xf7,
+ 0x7b, 0xd3, 0x4e, 0x79, 0xc9, 0x7d, 0xa6, 0xa8,
+ 0xa2, 0xc2, 0x1f, 0x8f, 0xe9, 0xb9, 0xd3, 0xa1,
+ 0x3f, 0xf7, 0x0c, 0xcd, 0xa6, 0xca, 0xbf, 0xce,
+ 0x84, 0x0e, 0xb6, 0xf1, 0x0d, 0xbe, 0xa9, 0xa3
+ };
+ static const PRUint8 rng_known_DSAX[] = {
+ 0x7a, 0x86, 0xf1, 0x7f, 0xbd, 0x4e, 0x6e, 0xd9,
+ 0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73,
+ 0x10, 0x1f, 0x60, 0xd7
+ };
+
+ SECStatus rng_status = SECSuccess;
+ PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
+
+ /*******************************************/
+ /* Run the SP 800-90 Health tests */
+ /*******************************************/
+ rng_status = PRNGTEST_RunHealthTests();
+ if (rng_status != SECSuccess) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
+ /*******************************************/
+ /* Generate DSAX fow given Q. */
+ /*******************************************/
+
+ rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
+
+ /* Verify DSAX to perform the RNG integrity check */
+ if ((rng_status != SECSuccess) ||
+ (PORT_Memcmp(DSAX, rng_known_DSAX,
+ (FIPS_DSA_SUBPRIME_LENGTH)) != 0)) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
+ return (SECSuccess);
}
static SECStatus
@@ -1535,8 +1565,8 @@ freebl_fipsSoftwareIntegrityTest(const char *libname)
SECStatus rv = SECSuccess;
/* make sure that our check file signatures are OK */
- if( !BLAPI_VerifySelf(libname) ) {
- rv = SECFailure;
+ if (!BLAPI_VerifySelf(libname)) {
+ rv = SECFailure;
}
return rv;
}
@@ -1545,7 +1575,7 @@ freebl_fipsSoftwareIntegrityTest(const char *libname)
#define DO_REST 2
static SECStatus
-freebl_fipsPowerUpSelfTest( unsigned int tests )
+freebl_fipsPowerUpSelfTest(unsigned int tests)
{
SECStatus rv;
@@ -1554,17 +1584,17 @@ freebl_fipsPowerUpSelfTest( unsigned int tests )
*/
if (tests & DO_FREEBL) {
- /* SHA-X Power-Up SelfTest(s). */
- rv = freebl_fips_SHA_PowerUpSelfTest();
+ /* SHA-X Power-Up SelfTest(s). */
+ rv = freebl_fips_SHA_PowerUpSelfTest();
- if( rv != SECSuccess )
- return rv;
+ if (rv != SECSuccess)
+ return rv;
- /* RNG Power-Up SelfTest(s). */
- rv = freebl_fips_RNG_PowerUpSelfTest();
+ /* RNG Power-Up SelfTest(s). */
+ rv = freebl_fips_RNG_PowerUpSelfTest();
- if( rv != SECSuccess )
- return rv;
+ if (rv != SECSuccess)
+ return rv;
}
/*
@@ -1572,60 +1602,60 @@ freebl_fipsPowerUpSelfTest( unsigned int tests )
* standalone */
if (tests & DO_REST) {
- /* DES3 Power-Up SelfTest(s). */
- rv = freebl_fips_DES3_PowerUpSelfTest();
+ /* DES3 Power-Up SelfTest(s). */
+ rv = freebl_fips_DES3_PowerUpSelfTest();
+
+ if (rv != SECSuccess)
+ return rv;
+
+ /* AES Power-Up SelfTest(s) for 128-bit key. */
+ rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
- if( rv != SECSuccess )
- return rv;
-
- /* AES Power-Up SelfTest(s) for 128-bit key. */
- rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
+ if (rv != SECSuccess)
+ return rv;
- if( rv != SECSuccess )
- return rv;
+ /* AES Power-Up SelfTest(s) for 192-bit key. */
+ rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
- /* AES Power-Up SelfTest(s) for 192-bit key. */
- rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
+ if (rv != SECSuccess)
+ return rv;
- if( rv != SECSuccess )
- return rv;
+ /* AES Power-Up SelfTest(s) for 256-bit key. */
+ rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
- /* AES Power-Up SelfTest(s) for 256-bit key. */
- rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
+ if (rv != SECSuccess)
+ return rv;
- if( rv != SECSuccess )
- return rv;
+ /* HMAC SHA-X Power-Up SelfTest(s). */
+ rv = freebl_fips_HMAC_PowerUpSelfTest();
- /* HMAC SHA-X Power-Up SelfTest(s). */
- rv = freebl_fips_HMAC_PowerUpSelfTest();
-
- if( rv != SECSuccess )
- return rv;
+ if (rv != SECSuccess)
+ return rv;
- /* NOTE: RSA can only be tested in full freebl. It requires access to
+ /* NOTE: RSA can only be tested in full freebl. It requires access to
* the locking primitives */
- /* RSA Power-Up SelfTest(s). */
- rv = freebl_fips_RSA_PowerUpSelfTest();
+ /* RSA Power-Up SelfTest(s). */
+ rv = freebl_fips_RSA_PowerUpSelfTest();
- if( rv != SECSuccess )
- return rv;
+ if (rv != SECSuccess)
+ return rv;
- /* DSA Power-Up SelfTest(s). */
- rv = freebl_fips_DSA_PowerUpSelfTest();
+ /* DSA Power-Up SelfTest(s). */
+ rv = freebl_fips_DSA_PowerUpSelfTest();
+
+ if (rv != SECSuccess)
+ return rv;
- if( rv != SECSuccess )
- return rv;
-
#ifdef NSS_ENABLE_ECC
- /* ECDSA Power-Up SelfTest(s). */
- rv = freebl_fips_ECDSA_PowerUpSelfTest();
+ /* ECDSA Power-Up SelfTest(s). */
+ rv = freebl_fips_ECDSA_PowerUpSelfTest();
- if( rv != SECSuccess )
- return rv;
+ if (rv != SECSuccess)
+ return rv;
#endif
}
/* Passed Power-Up SelfTest(s). */
- return( SECSuccess );
+ return (SECSuccess);
}
/*
@@ -1636,8 +1666,8 @@ freebl_fipsPowerUpSelfTest( unsigned int tests )
* the joint use requires both to be loaded. Certain functions (like RSA)
* needs locking from NSPR, for instance.
*
- * At load time, we need to handle the two uses separately. If nspr and
- * nss-util are loaded, then we can run all the selftests, but if nspr and
+ * At load time, we need to handle the two uses separately. If nspr and
+ * nss-util are loaded, then we can run all the selftests, but if nspr and
* nss-util are not loaded, then we can't run all the selftests, and we need
* to prevent the softoken function pointer table from operating until the
* libraries are loaded and we try to use them.
@@ -1653,21 +1683,22 @@ static PRBool fips_mode_available = PR_FALSE;
/*
* accessors for freebl
*/
-PRBool BL_POSTRan(PRBool freebl_only)
-{
+PRBool
+BL_POSTRan(PRBool freebl_only)
+{
SECStatus rv;
- /* if the freebl self tests didn't run, there is something wrong with
+ /* if the freebl self tests didn't run, there is something wrong with
* our on load tests */
if (!self_tests_freebl_ran) {
- return PR_FALSE;
+ return PR_FALSE;
}
/* if all the self tests have run, we are good */
if (self_tests_ran) {
- return PR_TRUE;
+ return PR_TRUE;
}
/* if we only care about the freebl tests, we are good */
if (freebl_only) {
- return PR_TRUE;
+ return PR_TRUE;
}
/* run the rest of the self tests */
/* We could get there if freebl was loaded without the rest of the support
@@ -1675,8 +1706,8 @@ PRBool BL_POSTRan(PRBool freebl_only)
* This requires the other libraries to be loaded.
* If they are now loaded, Try to run the rest of the selftests,
* otherwise fail (disabling access to these algorithms) */
- self_tests_ran = PR_TRUE;
- BL_Init(); /* required by RSA */
+ self_tests_ran = PR_TRUE;
+ BL_Init(); /* required by RSA */
RNG_RNGInit(); /* required by RSA */
rv = freebl_fipsPowerUpSelfTest(DO_REST);
if (rv == SECSuccess) {
@@ -1688,49 +1719,48 @@ PRBool BL_POSTRan(PRBool freebl_only)
#include "blname.c"
/*
- * This function is called at dll load time, the code tha makes this
+ * This function is called at dll load time, the code tha makes this
* happen is platform specific on defined above.
- */
+ */
static void
bl_startup_tests(void)
{
const char *libraryName;
PRBool freebl_only = PR_FALSE;
- SECStatus rv;
+ SECStatus rv;
PORT_Assert(self_tests_freebl_ran == PR_FALSE);
PORT_Assert(self_tests_success == PR_FALSE);
PORT_Assert(fips_mode_available == PR_FALSE);
- self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
- self_tests_success = PR_FALSE; /* force it just in case */
+ self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
+ self_tests_success = PR_FALSE; /* force it just in case */
self_tests_freebl_success = PR_FALSE; /* force it just in case */
#ifdef FREEBL_NO_DEPEND
rv = FREEBL_InitStubs();
if (rv != SECSuccess) {
- freebl_only = PR_TRUE;
+ freebl_only = PR_TRUE;
}
#endif
-
- self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
+ self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
if (!freebl_only) {
- self_tests_ran = PR_TRUE; /* we're running all the tests */
- BL_Init(); /* needs to be called before RSA can be used */
- RNG_RNGInit();
+ self_tests_ran = PR_TRUE; /* we're running all the tests */
+ BL_Init(); /* needs to be called before RSA can be used */
+ RNG_RNGInit();
}
/* always run the post tests */
- rv = freebl_fipsPowerUpSelfTest(freebl_only? DO_FREEBL : DO_FREEBL|DO_REST);
+ rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST);
if (rv != SECSuccess) {
- return;
+ return;
}
libraryName = getLibName();
rv = freebl_fipsSoftwareIntegrityTest(libraryName);
if (rv != SECSuccess) {
- return;
+ return;
}
/* posts are happy, allow the fips module to function now */
@@ -1741,32 +1771,32 @@ bl_startup_tests(void)
}
/*
- * this is called from the freebl init entry points that controll access to
+ * this is called from the freebl init entry points that controll access to
* all other freebl functions. This prevents freebl from operating if our
* power on selftest failed.
*/
SECStatus
-BL_FIPSEntryOK(PRBool freebl_only) {
+BL_FIPSEntryOK(PRBool freebl_only)
+{
#ifdef NSS_NO_INIT_SUPPORT
- /* this should only be set on platforms that can't handle one of the INIT
- * schemes. This code allows those platforms to continue to function,
+ /* this should only be set on platforms that can't handle one of the INIT
+ * schemes. This code allows those platforms to continue to function,
* though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
* is not set, and init support has not been properly enabled, freebl
* will always fail because of the test below
*/
if (!self_tests_freebl_ran) {
- bl_startup_tests();
+ bl_startup_tests();
}
#endif
/* if the general self tests succeeded, we're done */
if (self_tests_success) {
- return SECSuccess;
+ return SECSuccess;
}
/* standalone freebl can initialize */
if (freebl_only & self_tests_freebl_success) {
- return SECSuccess;
+ return SECSuccess;
}
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
-
diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
index da97245a3..22121001b 100644
--- a/lib/freebl/gcm.c
+++ b/lib/freebl/gcm.c
@@ -23,19 +23,19 @@
typedef struct gcmHashContextStr gcmHashContext;
static SECStatus gcmHash_InitContext(gcmHashContext *hash,
- const unsigned char *H,
- unsigned int blocksize);
+ const unsigned char *H,
+ unsigned int blocksize);
static void gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit);
static SECStatus gcmHash_Update(gcmHashContext *ghash,
- const unsigned char *buf, unsigned int len,
- unsigned int blocksize);
+ const unsigned char *buf, unsigned int len,
+ unsigned int blocksize);
static SECStatus gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize);
static SECStatus gcmHash_Final(gcmHashContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ unsigned int blocksize);
static SECStatus gcmHash_Reset(gcmHashContext *ghash,
- const unsigned char *inbuf,
- unsigned int inbufLen, unsigned int blocksize);
+ const unsigned char *inbuf,
+ unsigned int inbufLen, unsigned int blocksize);
/* compile time defines to select how the GF2 multiply is calculated.
* There are currently 2 algorithms implemented here: MPI and ALGORITHM_1.
@@ -45,9 +45,9 @@ static SECStatus gcmHash_Reset(gcmHashContext *ghash,
* "The Galois/Counter Mode of Operation (GCM)", McGrew & Viega.
*/
#if !defined(GCM_USE_ALGORITHM_1) && !defined(GCM_USE_MPI)
-#define GCM_USE_MPI 1 /* MPI is about 5x faster with the
- * same or less complexity. It's possible to use
- * tables to speed things up even more */
+#define GCM_USE_MPI 1 /* MPI is about 5x faster with the \
+ * same or less complexity. It's possible to use \
+ * tables to speed things up even more */
#endif
/* GCM defines the bit string to be LSB first, which is exactly
@@ -88,23 +88,29 @@ static const unsigned char gcm_byte_rev[256] = {
0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
};
-
#ifdef GCM_TRACE
#include <stdio.h>
-#define GCM_TRACE_X(ghash,label) { \
- unsigned char _X[MAX_BLOCK_SIZE]; int i; \
- gcm_getX(ghash, _X, blocksize); \
- printf(label,(ghash)->m); \
- for (i=0; i < blocksize; i++) printf("%02x",_X[i]); \
- printf("\n"); }
-#define GCM_TRACE_BLOCK(label,buf,blocksize) {\
- printf(label); \
- for (i=0; i < blocksize; i++) printf("%02x",buf[i]); \
- printf("\n"); }
+#define GCM_TRACE_X(ghash, label) \
+ { \
+ unsigned char _X[MAX_BLOCK_SIZE]; \
+ int i; \
+ gcm_getX(ghash, _X, blocksize); \
+ printf(label, (ghash)->m); \
+ for (i = 0; i < blocksize; i++) \
+ printf("%02x", _X[i]); \
+ printf("\n"); \
+ }
+#define GCM_TRACE_BLOCK(label, buf, blocksize) \
+ { \
+ printf(label); \
+ for (i = 0; i < blocksize; i++) \
+ printf("%02x", buf[i]); \
+ printf("\n"); \
+ }
#else
-#define GCM_TRACE_X(ghash,label)
-#define GCM_TRACE_BLOCK(label,buf,blocksize)
+#define GCM_TRACE_X(ghash, label)
+#define GCM_TRACE_BLOCK(label, buf, blocksize)
#endif
#ifdef GCM_USE_MPI
@@ -120,15 +126,15 @@ static const unsigned char gcm_byte_rev[256] = {
/* state needed to handle GCM Hash function */
struct gcmHashContextStr {
- mp_int H;
- mp_int X;
- mp_int C_i;
- const unsigned int *poly;
- unsigned char buffer[MAX_BLOCK_SIZE];
- unsigned int bufLen;
- int m; /* XXX what is m? */
- unsigned char counterBuf[2*GCM_HASH_LEN_LEN];
- PRUint64 cLen;
+ mp_int H;
+ mp_int X;
+ mp_int C_i;
+ const unsigned int *poly;
+ unsigned char buffer[MAX_BLOCK_SIZE];
+ unsigned int bufLen;
+ int m; /* XXX what is m? */
+ unsigned char counterBuf[2 * GCM_HASH_LEN_LEN];
+ PRUint64 cLen;
};
/* f = x^128 + x^7 + x^2 + x + 1 */
@@ -137,18 +143,18 @@ static const unsigned int poly_128[] = { 128, 7, 2, 1, 0 };
/* sigh, GCM defines the bit strings exactly backwards from everything else */
static void
gcm_reverse(unsigned char *target, const unsigned char *src,
- unsigned int blocksize)
+ unsigned int blocksize)
{
unsigned int i;
- for (i=0; i < blocksize; i++) {
- target[blocksize-i-1] = gcm_byte_rev[src[i]];
+ for (i = 0; i < blocksize; i++) {
+ target[blocksize - i - 1] = gcm_byte_rev[src[i]];
}
}
/* Initialize a gcmHashContext */
static SECStatus
gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
- unsigned int blocksize)
+ unsigned int blocksize)
{
mp_err err = MP_OKAY;
unsigned char H_rev[MAX_BLOCK_SIZE];
@@ -156,23 +162,23 @@ gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
MP_DIGITS(&ghash->H) = 0;
MP_DIGITS(&ghash->X) = 0;
MP_DIGITS(&ghash->C_i) = 0;
- CHECK_MPI_OK( mp_init(&ghash->H) );
- CHECK_MPI_OK( mp_init(&ghash->X) );
- CHECK_MPI_OK( mp_init(&ghash->C_i) );
+ CHECK_MPI_OK(mp_init(&ghash->H));
+ CHECK_MPI_OK(mp_init(&ghash->X));
+ CHECK_MPI_OK(mp_init(&ghash->C_i));
mp_zero(&ghash->X);
gcm_reverse(H_rev, H, blocksize);
- CHECK_MPI_OK( mp_read_unsigned_octets(&ghash->H, H_rev, blocksize) );
+ CHECK_MPI_OK(mp_read_unsigned_octets(&ghash->H, H_rev, blocksize));
/* set the irreducible polynomial. Each blocksize has its own polynomial.
* for now only blocksize 16 (=128 bits) is defined */
switch (blocksize) {
- case 16: /* 128 bits */
- ghash->poly = poly_128;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto cleanup;
+ case 16: /* 128 bits */
+ ghash->poly = poly_128;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto cleanup;
}
ghash->cLen = 0;
ghash->bufLen = 0;
@@ -194,7 +200,7 @@ gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit)
mp_clear(&ghash->C_i);
PORT_Memset(ghash, 0, sizeof(gcmHashContext));
if (freeit) {
- PORT_Free(ghash);
+ PORT_Free(ghash);
}
}
@@ -208,25 +214,25 @@ gcm_getX(gcmHashContext *ghash, unsigned char *T, unsigned int blocksize)
len = mp_unsigned_octet_size(&ghash->X);
if (len <= 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
X = tmp_buf;
PORT_Assert((unsigned int)len <= blocksize);
if ((unsigned int)len > blocksize) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
/* zero pad the result */
if (len != blocksize) {
- PORT_Memset(X,0,blocksize-len);
- X += blocksize-len;
+ PORT_Memset(X, 0, blocksize - len);
+ X += blocksize - len;
}
err = mp_to_unsigned_octets(&ghash->X, X, len);
if (err < 0) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
}
gcm_reverse(T, tmp_buf, blocksize);
return SECSuccess;
@@ -234,40 +240,40 @@ gcm_getX(gcmHashContext *ghash, unsigned char *T, unsigned int blocksize)
static SECStatus
gcm_HashMult(gcmHashContext *ghash, const unsigned char *buf,
- unsigned int count, unsigned int blocksize)
+ unsigned int count, unsigned int blocksize)
{
SECStatus rv = SECFailure;
mp_err err = MP_OKAY;
unsigned char tmp_buf[MAX_BLOCK_SIZE];
unsigned int i;
- for (i=0; i < count; i++, buf += blocksize) {
- ghash->m++;
- gcm_reverse(tmp_buf, buf, blocksize);
- CHECK_MPI_OK(mp_read_unsigned_octets(&ghash->C_i, tmp_buf, blocksize));
- CHECK_MPI_OK(mp_badd(&ghash->X, &ghash->C_i, &ghash->C_i));
- /*
- * Looking to speed up GCM, this the the place to do it.
- * There are two areas that can be exploited to speed up this code.
- *
- * 1) H is a constant in this multiply. We can precompute H * (0 - 255)
- * at init time and this becomes an blockize xors of our table lookup.
- *
- * 2) poly is a constant for each blocksize. We can calculate the
- * modulo reduction by a series of adds and shifts.
- *
- * For now we are after functionality, so we will go ahead and use
- * the builtin bmulmod from mpi
- */
+ for (i = 0; i < count; i++, buf += blocksize) {
+ ghash->m++;
+ gcm_reverse(tmp_buf, buf, blocksize);
+ CHECK_MPI_OK(mp_read_unsigned_octets(&ghash->C_i, tmp_buf, blocksize));
+ CHECK_MPI_OK(mp_badd(&ghash->X, &ghash->C_i, &ghash->C_i));
+ /*
+ * Looking to speed up GCM, this the the place to do it.
+ * There are two areas that can be exploited to speed up this code.
+ *
+ * 1) H is a constant in this multiply. We can precompute H * (0 - 255)
+ * at init time and this becomes an blockize xors of our table lookup.
+ *
+ * 2) poly is a constant for each blocksize. We can calculate the
+ * modulo reduction by a series of adds and shifts.
+ *
+ * For now we are after functionality, so we will go ahead and use
+ * the builtin bmulmod from mpi
+ */
CHECK_MPI_OK(mp_bmulmod(&ghash->C_i, &ghash->H,
- ghash->poly, &ghash->X));
- GCM_TRACE_X(ghash, "X%d = ")
+ ghash->poly, &ghash->X));
+ GCM_TRACE_X(ghash, "X%d = ")
}
rv = SECSuccess;
cleanup:
PORT_Memset(tmp_buf, 0, sizeof(tmp_buf));
if (rv != SECSuccess) {
- MP_TO_SEC_ERROR(err);
+ MP_TO_SEC_ERROR(err);
}
return rv;
}
@@ -284,58 +290,57 @@ gcm_zeroX(gcmHashContext *ghash)
#ifdef GCM_USE_ALGORITHM_1
/* use algorithm 1 of McGrew & Viega "The Galois/Counter Mode of Operation" */
-#define GCM_ARRAY_SIZE (MAX_BLOCK_SIZE/sizeof(unsigned long))
+#define GCM_ARRAY_SIZE (MAX_BLOCK_SIZE / sizeof(unsigned long))
struct gcmHashContextStr {
- unsigned long H[GCM_ARRAY_SIZE];
- unsigned long X[GCM_ARRAY_SIZE];
- unsigned long R;
- unsigned char buffer[MAX_BLOCK_SIZE];
- unsigned int bufLen;
- int m;
- unsigned char counterBuf[2*GCM_HASH_LEN_LEN];
- PRUint64 cLen;
+ unsigned long H[GCM_ARRAY_SIZE];
+ unsigned long X[GCM_ARRAY_SIZE];
+ unsigned long R;
+ unsigned char buffer[MAX_BLOCK_SIZE];
+ unsigned int bufLen;
+ int m;
+ unsigned char counterBuf[2 * GCM_HASH_LEN_LEN];
+ PRUint64 cLen;
};
static void
gcm_bytes_to_longs(unsigned long *l, const unsigned char *c, unsigned int len)
{
- int i,j;
- int array_size = len/sizeof(unsigned long);
+ int i, j;
+ int array_size = len / sizeof(unsigned long);
PORT_Assert(len % sizeof(unsigned long) == 0);
- for (i=0; i < array_size; i++) {
- unsigned long tmp = 0;
- int byte_offset = i * sizeof(unsigned long);
- for (j=sizeof(unsigned long)-1; j >= 0; j--) {
- tmp = (tmp << PR_BITS_PER_BYTE) | gcm_byte_rev[c[byte_offset+j]];
- }
- l[i] = tmp;
+ for (i = 0; i < array_size; i++) {
+ unsigned long tmp = 0;
+ int byte_offset = i * sizeof(unsigned long);
+ for (j = sizeof(unsigned long) - 1; j >= 0; j--) {
+ tmp = (tmp << PR_BITS_PER_BYTE) | gcm_byte_rev[c[byte_offset + j]];
+ }
+ l[i] = tmp;
}
}
static void
gcm_longs_to_bytes(const unsigned long *l, unsigned char *c, unsigned int len)
{
- int i,j;
- int array_size = len/sizeof(unsigned long);
+ int i, j;
+ int array_size = len / sizeof(unsigned long);
PORT_Assert(len % sizeof(unsigned long) == 0);
- for (i=0; i < array_size; i++) {
- unsigned long tmp = l[i];
- int byte_offset = i * sizeof(unsigned long);
- for (j=0; j < sizeof(unsigned long); j++) {
- c[byte_offset+j] = gcm_byte_rev[tmp & 0xff];
- tmp = (tmp >> PR_BITS_PER_BYTE);
- }
+ for (i = 0; i < array_size; i++) {
+ unsigned long tmp = l[i];
+ int byte_offset = i * sizeof(unsigned long);
+ for (j = 0; j < sizeof(unsigned long); j++) {
+ c[byte_offset + j] = gcm_byte_rev[tmp & 0xff];
+ tmp = (tmp >> PR_BITS_PER_BYTE);
+ }
}
}
-
/* Initialize a gcmHashContext */
static SECStatus
gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
- unsigned int blocksize)
+ unsigned int blocksize)
{
PORT_Memset(ghash->X, 0, sizeof(ghash->X));
PORT_Memset(ghash->H, 0, sizeof(ghash->H));
@@ -344,12 +349,12 @@ gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
/* set the irreducible polynomial. Each blocksize has its own polynommial
* for now only blocksize 16 (=128 bits) is defined */
switch (blocksize) {
- case 16: /* 128 bits */
- ghash->R = (unsigned long) 0x87; /* x^7 + x^2 + x +1 */
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- goto cleanup;
+ case 16: /* 128 bits */
+ ghash->R = (unsigned long)0x87; /* x^7 + x^2 + x +1 */
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ goto cleanup;
}
ghash->cLen = 0;
ghash->bufLen = 0;
@@ -367,7 +372,7 @@ gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit)
{
PORT_Memset(ghash, 0, sizeof(gcmHashContext));
if (freeit) {
- PORT_Free(ghash);
+ PORT_Free(ghash);
}
}
@@ -377,10 +382,10 @@ gcm_shift_one(unsigned long *t, unsigned int count)
unsigned long carry = 0;
unsigned long nextcarry = 0;
unsigned int i;
- for (i=0; i < count; i++) {
- nextcarry = t[i] >> ((sizeof(unsigned long)*PR_BITS_PER_BYTE)-1);
- t[i] = (t[i] << 1) | carry;
- carry = nextcarry;
+ for (i = 0; i < count; i++) {
+ nextcarry = t[i] >> ((sizeof(unsigned long) * PR_BITS_PER_BYTE) - 1);
+ t[i] = (t[i] << 1) | carry;
+ carry = nextcarry;
}
return carry;
}
@@ -392,42 +397,42 @@ gcm_getX(gcmHashContext *ghash, unsigned char *T, unsigned int blocksize)
return SECSuccess;
}
-#define GCM_XOR(t, s, len) \
- for (l=0; l < len; l++) t[l] ^= s[l]
+#define GCM_XOR(t, s, len) \
+ for (l = 0; l < len; l++) \
+ t[l] ^= s[l]
static SECStatus
gcm_HashMult(gcmHashContext *ghash, const unsigned char *buf,
- unsigned int count, unsigned int blocksize)
+ unsigned int count, unsigned int blocksize)
{
unsigned long C_i[GCM_ARRAY_SIZE];
- unsigned int arraysize = blocksize/sizeof(unsigned long);
+ unsigned int arraysize = blocksize / sizeof(unsigned long);
unsigned int i, j, k, l;
- for (i=0; i < count; i++, buf += blocksize) {
- ghash->m++;
- gcm_bytes_to_longs(C_i, buf, blocksize);
- GCM_XOR(C_i, ghash->X, arraysize);
- /* multiply X = C_i * H */
- PORT_Memset(ghash->X, 0, sizeof(ghash->X));
- for (j=0; j < arraysize; j++) {
- unsigned long H = ghash->H[j];
- for (k=0; k < sizeof(unsigned long)*PR_BITS_PER_BYTE; k++) {
- if (H & 1) {
- GCM_XOR(ghash->X, C_i, arraysize);
- }
- if (gcm_shift_one(C_i, arraysize)) {
- C_i[0] = C_i[0] ^ ghash->R;
- }
- H = H >> 1;
- }
- }
- GCM_TRACE_X(ghash, "X%d = ")
+ for (i = 0; i < count; i++, buf += blocksize) {
+ ghash->m++;
+ gcm_bytes_to_longs(C_i, buf, blocksize);
+ GCM_XOR(C_i, ghash->X, arraysize);
+ /* multiply X = C_i * H */
+ PORT_Memset(ghash->X, 0, sizeof(ghash->X));
+ for (j = 0; j < arraysize; j++) {
+ unsigned long H = ghash->H[j];
+ for (k = 0; k < sizeof(unsigned long) * PR_BITS_PER_BYTE; k++) {
+ if (H & 1) {
+ GCM_XOR(ghash->X, C_i, arraysize);
+ }
+ if (gcm_shift_one(C_i, arraysize)) {
+ C_i[0] = C_i[0] ^ ghash->R;
+ }
+ H = H >> 1;
+ }
+ }
+ GCM_TRACE_X(ghash, "X%d = ")
}
PORT_Memset(C_i, 0, sizeof(C_i));
return SECSuccess;
}
-
static void
gcm_zeroX(gcmHashContext *ghash)
{
@@ -443,51 +448,51 @@ gcm_zeroX(gcmHashContext *ghash)
*/
static SECStatus
gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
- unsigned int len, unsigned int blocksize)
+ unsigned int len, unsigned int blocksize)
{
unsigned int blocks;
SECStatus rv;
- ghash->cLen += (len*PR_BITS_PER_BYTE);
+ ghash->cLen += (len * PR_BITS_PER_BYTE);
/* first deal with the current buffer of data. Try to fill it out so
* we can hash it */
if (ghash->bufLen) {
- unsigned int needed = PR_MIN(len, blocksize - ghash->bufLen);
- if (needed != 0) {
- PORT_Memcpy(ghash->buffer+ghash->bufLen, buf, needed);
- }
- buf += needed;
- len -= needed;
- ghash->bufLen += needed;
- if (len == 0) {
- /* didn't add enough to hash the data, nothing more do do */
- return SECSuccess;
- }
- PORT_Assert(ghash->bufLen == blocksize);
- /* hash the buffer and clear it */
- rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
- PORT_Memset(ghash->buffer, 0, blocksize);
- ghash->bufLen = 0;
- if (rv != SECSuccess) {
- return SECFailure;
- }
+ unsigned int needed = PR_MIN(len, blocksize - ghash->bufLen);
+ if (needed != 0) {
+ PORT_Memcpy(ghash->buffer + ghash->bufLen, buf, needed);
+ }
+ buf += needed;
+ len -= needed;
+ ghash->bufLen += needed;
+ if (len == 0) {
+ /* didn't add enough to hash the data, nothing more do do */
+ return SECSuccess;
+ }
+ PORT_Assert(ghash->bufLen == blocksize);
+ /* hash the buffer and clear it */
+ rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
+ PORT_Memset(ghash->buffer, 0, blocksize);
+ ghash->bufLen = 0;
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
}
/* now hash any full blocks remaining in the data stream */
- blocks = len/blocksize;
+ blocks = len / blocksize;
if (blocks) {
- rv = gcm_HashMult(ghash, buf, blocks, blocksize);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- buf += blocks*blocksize;
- len -= blocks*blocksize;
+ rv = gcm_HashMult(ghash, buf, blocks, blocksize);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ buf += blocks * blocksize;
+ len -= blocks * blocksize;
}
/* save any remainder in the buffer to be hashed with the next call */
if (len != 0) {
- PORT_Memcpy(ghash->buffer, buf, len);
- ghash->bufLen = len;
+ PORT_Memcpy(ghash->buffer, buf, len);
+ ghash->bufLen = len;
}
return SECSuccess;
}
@@ -504,23 +509,23 @@ gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize)
/* copy the previous counter to the upper block */
PORT_Memcpy(ghash->counterBuf, &ghash->counterBuf[GCM_HASH_LEN_LEN],
- GCM_HASH_LEN_LEN);
+ GCM_HASH_LEN_LEN);
/* copy the current counter in the lower block */
- for (i=0; i < GCM_HASH_LEN_LEN; i++) {
- ghash->counterBuf[GCM_HASH_LEN_LEN+i] =
- (ghash->cLen >> ((GCM_HASH_LEN_LEN-1-i)*PR_BITS_PER_BYTE)) & 0xff;
+ for (i = 0; i < GCM_HASH_LEN_LEN; i++) {
+ ghash->counterBuf[GCM_HASH_LEN_LEN + i] =
+ (ghash->cLen >> ((GCM_HASH_LEN_LEN - 1 - i) * PR_BITS_PER_BYTE)) & 0xff;
}
ghash->cLen = 0;
/* now zero fill the buffer and hash the last block */
if (ghash->bufLen) {
- PORT_Memset(ghash->buffer+ghash->bufLen, 0, blocksize - ghash->bufLen);
- rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
- PORT_Memset(ghash->buffer, 0, blocksize);
- ghash->bufLen = 0;
- if (rv != SECSuccess) {
- return SECFailure;
- }
+ PORT_Memset(ghash->buffer + ghash->bufLen, 0, blocksize - ghash->bufLen);
+ rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
+ PORT_Memset(ghash->buffer, 0, blocksize);
+ ghash->bufLen = 0;
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
}
return SECSuccess;
}
@@ -531,31 +536,32 @@ gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize)
*/
static SECStatus
gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ unsigned int blocksize)
{
unsigned char T[MAX_BLOCK_SIZE];
SECStatus rv;
rv = gcmHash_Sync(ghash, blocksize);
if (rv != SECSuccess) {
- goto cleanup;
+ goto cleanup;
}
- rv = gcm_HashMult(ghash, ghash->counterBuf, (GCM_HASH_LEN_LEN*2)/blocksize,
- blocksize);
+ rv = gcm_HashMult(ghash, ghash->counterBuf, (GCM_HASH_LEN_LEN * 2) / blocksize,
+ blocksize);
if (rv != SECSuccess) {
- goto cleanup;
+ goto cleanup;
}
GCM_TRACE_X(ghash, "GHASH(H,A,C) = ")
rv = gcm_getX(ghash, T, blocksize);
if (rv != SECSuccess) {
- goto cleanup;
+ goto cleanup;
}
- if (maxout > blocksize) maxout = blocksize;
+ if (maxout > blocksize)
+ maxout = blocksize;
PORT_Memcpy(outbuf, T, maxout);
*outlen = maxout;
rv = SECSuccess;
@@ -567,25 +573,25 @@ cleanup:
SECStatus
gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
- unsigned int AADLen, unsigned int blocksize)
+ unsigned int AADLen, unsigned int blocksize)
{
SECStatus rv;
ghash->cLen = 0;
- PORT_Memset(ghash->counterBuf, 0, GCM_HASH_LEN_LEN*2);
+ PORT_Memset(ghash->counterBuf, 0, GCM_HASH_LEN_LEN * 2);
ghash->bufLen = 0;
gcm_zeroX(ghash);
/* now kick things off by hashing the Additional Authenticated Data */
if (AADLen != 0) {
- rv = gcmHash_Update(ghash, AAD, AADLen, blocksize);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- rv = gcmHash_Sync(ghash, blocksize);
- if (rv != SECSuccess) {
- return SECFailure;
- }
+ rv = gcmHash_Update(ghash, AAD, AADLen, blocksize);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ rv = gcmHash_Sync(ghash, blocksize);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
}
return SECSuccess;
}
@@ -604,7 +610,7 @@ struct GCMContextStr {
GCMContext *
GCM_CreateContext(void *context, freeblCipherFunc cipher,
- const unsigned char *params, unsigned int blocksize)
+ const unsigned char *params, unsigned int blocksize)
{
GCMContext *gcm = NULL;
gcmHashContext *ghash;
@@ -617,23 +623,23 @@ GCM_CreateContext(void *context, freeblCipherFunc cipher,
SECStatus rv;
if (blocksize > MAX_BLOCK_SIZE || blocksize > sizeof(ctrParams.cb)) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
}
gcm = PORT_ZNew(GCMContext);
if (gcm == NULL) {
- return NULL;
+ return NULL;
}
/* first fill in the ghash context */
ghash = &gcm->ghash_context;
PORT_Memset(H, 0, blocksize);
rv = (*cipher)(context, H, &tmp, blocksize, H, blocksize, blocksize);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
rv = gcmHash_InitContext(ghash, H, blocksize);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
freeHash = PR_TRUE;
@@ -641,23 +647,23 @@ GCM_CreateContext(void *context, freeblCipherFunc cipher,
ctrParams.ulCounterBits = 32;
PORT_Memset(ctrParams.cb, 0, sizeof(ctrParams.cb));
if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
- PORT_Memcpy(ctrParams.cb, gcmParams->pIv, gcmParams->ulIvLen);
- ctrParams.cb[blocksize-1] = 1;
+ PORT_Memcpy(ctrParams.cb, gcmParams->pIv, gcmParams->ulIvLen);
+ ctrParams.cb[blocksize - 1] = 1;
} else {
- rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen,
- blocksize);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = gcmHash_Final(ghash, ctrParams.cb, &tmp, blocksize, blocksize);
- if (rv != SECSuccess) {
- goto loser;
- }
+ rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen,
+ blocksize);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ rv = gcmHash_Final(ghash, ctrParams.cb, &tmp, blocksize, blocksize);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
}
rv = CTR_InitContext(&gcm->ctr_context, context, cipher,
- (unsigned char *)&ctrParams, blocksize);
+ (unsigned char *)&ctrParams, blocksize);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
freeCtr = PR_TRUE;
@@ -666,28 +672,28 @@ GCM_CreateContext(void *context, freeblCipherFunc cipher,
/* calculate the final tag key. NOTE: gcm->tagKey is zero to start with.
* if this assumption changes, we would need to explicitly clear it here */
rv = CTR_Update(&gcm->ctr_context, gcm->tagKey, &tmp, blocksize,
- gcm->tagKey, blocksize, blocksize);
+ gcm->tagKey, blocksize, blocksize);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
/* finally mix in the AAD data */
rv = gcmHash_Reset(ghash, gcmParams->pAAD, gcmParams->ulAADLen, blocksize);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
return gcm;
loser:
if (freeCtr) {
- CTR_DestroyContext(&gcm->ctr_context, PR_FALSE);
+ CTR_DestroyContext(&gcm->ctr_context, PR_FALSE);
}
if (freeHash) {
- gcmHash_DestroyContext(&gcm->ghash_context, PR_FALSE);
+ gcmHash_DestroyContext(&gcm->ghash_context, PR_FALSE);
}
if (gcm) {
- PORT_Free(gcm);
+ PORT_Free(gcm);
}
return NULL;
}
@@ -703,55 +709,54 @@ GCM_DestroyContext(GCMContext *gcm, PRBool freeit)
PORT_Memset(&gcm->tagBits, 0, sizeof(gcm->tagBits));
PORT_Memset(gcm->tagKey, 0, sizeof(gcm->tagKey));
if (freeit) {
- PORT_Free(gcm);
+ PORT_Free(gcm);
}
}
static SECStatus
gcm_GetTag(GCMContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ unsigned int blocksize)
{
unsigned int tagBytes;
unsigned int extra;
unsigned int i;
SECStatus rv;
- tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
- extra = tagBytes*PR_BITS_PER_BYTE - gcm->tagBits;
+ tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+ extra = tagBytes * PR_BITS_PER_BYTE - gcm->tagBits;
if (outbuf == NULL) {
- *outlen = tagBytes;
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ *outlen = tagBytes;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
if (maxout < tagBytes) {
- *outlen = tagBytes;
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ *outlen = tagBytes;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
maxout = tagBytes;
rv = gcmHash_Final(&gcm->ghash_context, outbuf, outlen, maxout, blocksize);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
GCM_TRACE_BLOCK("GHASH=", outbuf, blocksize);
GCM_TRACE_BLOCK("Y0=", gcm->tagKey, blocksize);
- for (i=0; i < *outlen; i++) {
- outbuf[i] ^= gcm->tagKey[i];
+ for (i = 0; i < *outlen; i++) {
+ outbuf[i] ^= gcm->tagKey[i];
}
GCM_TRACE_BLOCK("Y0=", gcm->tagKey, blocksize);
GCM_TRACE_BLOCK("T=", outbuf, blocksize);
/* mask off any extra bits we got */
if (extra) {
- outbuf[tagBytes-1] &= ~((1 << extra)-1);
+ outbuf[tagBytes - 1] &= ~((1 << extra) - 1);
}
return SECSuccess;
}
-
/*
* See The Galois/Counter Mode of Operation, McGrew and Viega.
* GCM is basically counter mode with a specific initialization and
@@ -759,41 +764,41 @@ gcm_GetTag(GCMContext *gcm, unsigned char *outbuf,
*/
SECStatus
GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
SECStatus rv;
unsigned int tagBytes;
unsigned int len;
- tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
+ tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
if (UINT_MAX - inlen < tagBytes) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
if (maxout < inlen + tagBytes) {
- *outlen = inlen + tagBytes;
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ *outlen = inlen + tagBytes;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
rv = CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout,
- inbuf, inlen, blocksize);
+ inbuf, inlen, blocksize);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
rv = gcmHash_Update(&gcm->ghash_context, outbuf, *outlen, blocksize);
if (rv != SECSuccess) {
- PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
- *outlen = 0;
- return SECFailure;
+ PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
+ *outlen = 0;
+ return SECFailure;
}
rv = gcm_GetTag(gcm, outbuf + *outlen, &len, maxout - *outlen, blocksize);
if (rv != SECSuccess) {
- PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
- *outlen = 0;
- return SECFailure;
+ PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
+ *outlen = 0;
+ return SECFailure;
};
*outlen += len;
return SECSuccess;
@@ -809,9 +814,9 @@ GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
*/
SECStatus
GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
SECStatus rv;
unsigned int tagBytes;
@@ -819,12 +824,12 @@ GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
const unsigned char *intag;
unsigned int len;
- tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE-1)) / PR_BITS_PER_BYTE;
+ tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
/* get the authentication block */
if (inlen < tagBytes) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
inlen -= tagBytes;
@@ -833,23 +838,23 @@ GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
/* verify the block */
rv = gcmHash_Update(&gcm->ghash_context, inbuf, inlen, blocksize);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
rv = gcm_GetTag(gcm, tag, &len, blocksize, blocksize);
if (rv != SECSuccess) {
- return SECFailure;
+ return SECFailure;
}
/* Don't decrypt if we can't authenticate the encrypted data!
* This assumes that if tagBits is not a multiple of 8, intag will
* preserve the masked off missing bits. */
if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) {
- /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
- PORT_SetError(SEC_ERROR_BAD_DATA);
- PORT_Memset(tag, 0, sizeof(tag));
- return SECFailure;
+ /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
+ PORT_SetError(SEC_ERROR_BAD_DATA);
+ PORT_Memset(tag, 0, sizeof(tag));
+ return SECFailure;
}
PORT_Memset(tag, 0, sizeof(tag));
/* finish the decryption */
return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout,
- inbuf, inlen, blocksize);
+ inbuf, inlen, blocksize);
}
diff --git a/lib/freebl/gcm.h b/lib/freebl/gcm.h
index 4dd71b4c8..1cdba534d 100644
--- a/lib/freebl/gcm.h
+++ b/lib/freebl/gcm.h
@@ -16,16 +16,16 @@ typedef struct GCMContextStr GCMContext;
*
* The cipher argument is a block cipher in the ECB encrypt mode.
*/
-GCMContext * GCM_CreateContext(void *context, freeblCipherFunc cipher,
- const unsigned char *params, unsigned int blocksize);
+GCMContext *GCM_CreateContext(void *context, freeblCipherFunc cipher,
+ const unsigned char *params, unsigned int blocksize);
void GCM_DestroyContext(GCMContext *gcm, PRBool freeit);
-SECStatus GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+SECStatus GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
SECStatus GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
#endif
diff --git a/lib/freebl/genload.c b/lib/freebl/genload.c
index 63b97dbdf..832deb58c 100644
--- a/lib/freebl/genload.c
+++ b/lib/freebl/genload.c
@@ -9,7 +9,7 @@
* const char *NameOfThisSharedLib;
*
* NameOfThisSharedLib:
- * The file name of the shared library that shall be used as the
+ * The file name of the shared library that shall be used as the
* "reference library". The loader will attempt to load the requested
* library from the same directory as the reference library.
*/
@@ -25,13 +25,14 @@
* The caller should call PR_Free to free the string returned by this
* function.
*/
-static char* loader_GetOriginalPathname(const char* link)
+static char*
+loader_GetOriginalPathname(const char* link)
{
#ifdef __GLIBC__
char* tmp = realpath(link, NULL);
char* resolved;
- if (! tmp)
- return NULL;
+ if (!tmp)
+ return NULL;
resolved = PR_Malloc(strlen(tmp) + 1);
strcpy(resolved, tmp); /* This is necessary because PR_Free might not be using free() */
free(tmp);
@@ -58,8 +59,8 @@ static char* loader_GetOriginalPathname(const char* link)
return NULL;
}
strcpy(input, link);
- while ( (iterations++ < BL_MAXSYMLINKS) &&
- ( (retlen = readlink(input, resolved, len - 1)) > 0) ) {
+ while ((iterations++ < BL_MAXSYMLINKS) &&
+ ((retlen = readlink(input, resolved, len - 1)) > 0)) {
char* tmp = input;
resolved[retlen] = '\0'; /* NULL termination */
input = resolved;
@@ -79,11 +80,11 @@ static char* loader_GetOriginalPathname(const char* link)
* Load the library with the file name 'name' residing in the same
* directory as the reference library, whose pathname is 'referencePath'.
*/
-static PRLibrary *
-loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
+static PRLibrary*
+loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
{
- PRLibrary *dlh = NULL;
- char *fullName = NULL;
+ PRLibrary* dlh = NULL;
+ char* fullName = NULL;
char* c;
PRLibSpec libSpec;
@@ -91,12 +92,12 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
c = strrchr(referencePath, PR_GetDirectorySeparator());
if (c) {
size_t referencePathSize = 1 + c - referencePath;
- fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 1);
+ fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1);
if (fullName) {
memcpy(fullName, referencePath, referencePathSize);
- strcpy(fullName + referencePathSize, name);
+ strcpy(fullName + referencePathSize, name);
#ifdef DEBUG_LOADER
- PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n",
+ PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n",
fullName);
#endif
libSpec.type = PR_LibSpec_Pathname;
@@ -109,15 +110,15 @@ loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
}
/*
- * We use PR_GetLibraryFilePathname to get the pathname of the loaded
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded
* shared lib that contains this function, and then do a PR_LoadLibrary
* with an absolute pathname for the softoken shared library.
*/
-static PRLibrary *
-loader_LoadLibrary(const char *nameToLoad)
+static PRLibrary*
+loader_LoadLibrary(const char* nameToLoad)
{
- PRLibrary *lib = NULL;
+ PRLibrary* lib = NULL;
char* fullPath = NULL;
PRLibSpec libSpec;
@@ -164,4 +165,3 @@ loader_LoadLibrary(const char *nameToLoad)
}
return lib;
}
-
diff --git a/lib/freebl/hmacct.c b/lib/freebl/hmacct.c
index 0c3ba41de..c7815ac05 100644
--- a/lib/freebl/hmacct.c
+++ b/lib/freebl/hmacct.c
@@ -25,8 +25,8 @@
*
* Note: the argument to these macros must be an unsigned int.
* */
-#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned int)( (int)(x) >> (sizeof(int)*8-1) ) )
-#define DUPLICATE_MSB_TO_ALL_8(x) ( (unsigned char)(DUPLICATE_MSB_TO_ALL(x)) )
+#define DUPLICATE_MSB_TO_ALL(x) ((unsigned int)((int)(x) >> (sizeof(int) * 8 - 1)))
+#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
/* constantTimeGE returns 0xff if a>=b and 0x00 otherwise, where a, b <
* MAX_UINT/2. */
@@ -115,7 +115,7 @@ MAC(unsigned char *mdOut,
const unsigned int maxMACBytes = len - mdSize - 1;
/* numBlocks is the maximum number of hash blocks. */
const unsigned int numBlocks =
- (maxMACBytes + 1 + mdLengthSize + mdBlockSize - 1) / mdBlockSize;
+ (maxMACBytes + 1 + mdLengthSize + mdBlockSize - 1) / mdBlockSize;
/* macEndOffset is the index just past the end of the data to be
* MACed. */
const unsigned int macEndOffset = dataLen + headerLen - mdSize;
@@ -152,67 +152,67 @@ MAC(unsigned char *mdOut,
/* For SSLv3, if we're going to have any starting blocks then we need
* at least two because the header is larger than a single block. */
if (numBlocks > varianceBlocks + (isSSLv3 ? 1 : 0)) {
- numStartingBlocks = numBlocks - varianceBlocks;
- k = mdBlockSize*numStartingBlocks;
+ numStartingBlocks = numBlocks - varianceBlocks;
+ k = mdBlockSize * numStartingBlocks;
}
- bits = 8*macEndOffset;
+ bits = 8 * macEndOffset;
hashObj->begin(mdState);
if (!isSSLv3) {
- /* Compute the initial HMAC block. For SSLv3, the padding and
- * secret bytes are included in |header| because they take more
- * than a single block. */
- bits += 8*mdBlockSize;
- memset(hmacPad, 0, mdBlockSize);
- PORT_Assert(macSecretLen <= sizeof(hmacPad));
- memcpy(hmacPad, macSecret, macSecretLen);
- for (i = 0; i < mdBlockSize; i++)
- hmacPad[i] ^= 0x36;
- hashObj->update(mdState, hmacPad, mdBlockSize);
+ /* Compute the initial HMAC block. For SSLv3, the padding and
+ * secret bytes are included in |header| because they take more
+ * than a single block. */
+ bits += 8 * mdBlockSize;
+ memset(hmacPad, 0, mdBlockSize);
+ PORT_Assert(macSecretLen <= sizeof(hmacPad));
+ memcpy(hmacPad, macSecret, macSecretLen);
+ for (i = 0; i < mdBlockSize; i++)
+ hmacPad[i] ^= 0x36;
+ hashObj->update(mdState, hmacPad, mdBlockSize);
}
j = 0;
memset(lengthBytes, 0, sizeof(lengthBytes));
if (mdLengthSize == 16) {
- j = 8;
+ j = 8;
}
if (hashObj->type == HASH_AlgMD5) {
- /* MD5 appends a little-endian length. */
- for (i = 0; i < 4; i++) {
- lengthBytes[i+j] = bits >> (8*i);
- }
+ /* MD5 appends a little-endian length. */
+ for (i = 0; i < 4; i++) {
+ lengthBytes[i + j] = bits >> (8 * i);
+ }
} else {
- /* All other TLS hash functions use a big-endian length. */
- for (i = 0; i < 4; i++) {
- lengthBytes[4+i+j] = bits >> (8*(3-i));
- }
+ /* All other TLS hash functions use a big-endian length. */
+ for (i = 0; i < 4; i++) {
+ lengthBytes[4 + i + j] = bits >> (8 * (3 - i));
+ }
}
if (k > 0) {
- if (isSSLv3) {
- /* The SSLv3 header is larger than a single block.
- * overhang is the number of bytes beyond a single
- * block that the header consumes: either 7 bytes
- * (SHA1) or 11 bytes (MD5). */
- const unsigned int overhang = headerLen-mdBlockSize;
- hashObj->update(mdState, header, mdBlockSize);
- memcpy(firstBlock, header + mdBlockSize, overhang);
- memcpy(firstBlock + overhang, data, mdBlockSize-overhang);
- hashObj->update(mdState, firstBlock, mdBlockSize);
- for (i = 1; i < k/mdBlockSize - 1; i++) {
- hashObj->update(mdState, data + mdBlockSize*i - overhang,
- mdBlockSize);
- }
- } else {
- /* k is a multiple of mdBlockSize. */
- memcpy(firstBlock, header, 13);
- memcpy(firstBlock+13, data, mdBlockSize-13);
- hashObj->update(mdState, firstBlock, mdBlockSize);
- for (i = 1; i < k/mdBlockSize; i++) {
- hashObj->update(mdState, data + mdBlockSize*i - 13,
- mdBlockSize);
- }
- }
+ if (isSSLv3) {
+ /* The SSLv3 header is larger than a single block.
+ * overhang is the number of bytes beyond a single
+ * block that the header consumes: either 7 bytes
+ * (SHA1) or 11 bytes (MD5). */
+ const unsigned int overhang = headerLen - mdBlockSize;
+ hashObj->update(mdState, header, mdBlockSize);
+ memcpy(firstBlock, header + mdBlockSize, overhang);
+ memcpy(firstBlock + overhang, data, mdBlockSize - overhang);
+ hashObj->update(mdState, firstBlock, mdBlockSize);
+ for (i = 1; i < k / mdBlockSize - 1; i++) {
+ hashObj->update(mdState, data + mdBlockSize * i - overhang,
+ mdBlockSize);
+ }
+ } else {
+ /* k is a multiple of mdBlockSize. */
+ memcpy(firstBlock, header, 13);
+ memcpy(firstBlock + 13, data, mdBlockSize - 13);
+ hashObj->update(mdState, firstBlock, mdBlockSize);
+ for (i = 1; i < k / mdBlockSize; i++) {
+ hashObj->update(mdState, data + mdBlockSize * i - 13,
+ mdBlockSize);
+ }
+ }
}
memset(macOut, 0, sizeof(macOut));
@@ -221,69 +221,69 @@ MAC(unsigned char *mdOut,
* it in constant time. If i == indexA then we'll include the 0x80
* bytes and zero pad etc. For each block we selectively copy it, in
* constant time, to |macOut|. */
- for (i = numStartingBlocks; i <= numStartingBlocks+varianceBlocks; i++) {
- unsigned char block[HASH_BLOCK_LENGTH_MAX];
- unsigned char isBlockA = constantTimeEQ8(i, indexA);
- unsigned char isBlockB = constantTimeEQ8(i, indexB);
- for (j = 0; j < mdBlockSize; j++) {
- unsigned char isPastC = isBlockA & constantTimeGE(j, c);
- unsigned char isPastCPlus1 = isBlockA & constantTimeGE(j, c+1);
- unsigned char b = 0;
- if (k < headerLen) {
- b = header[k];
- } else if (k < dataTotalLen + headerLen) {
- b = data[k-headerLen];
- }
- k++;
+ for (i = numStartingBlocks; i <= numStartingBlocks + varianceBlocks; i++) {
+ unsigned char block[HASH_BLOCK_LENGTH_MAX];
+ unsigned char isBlockA = constantTimeEQ8(i, indexA);
+ unsigned char isBlockB = constantTimeEQ8(i, indexB);
+ for (j = 0; j < mdBlockSize; j++) {
+ unsigned char isPastC = isBlockA & constantTimeGE(j, c);
+ unsigned char isPastCPlus1 = isBlockA & constantTimeGE(j, c + 1);
+ unsigned char b = 0;
+ if (k < headerLen) {
+ b = header[k];
+ } else if (k < dataTotalLen + headerLen) {
+ b = data[k - headerLen];
+ }
+ k++;
- /* If this is the block containing the end of the
- * application data, and we are at the offset for the
- * 0x80 value, then overwrite b with 0x80. */
- b = (b&~isPastC) | (0x80&isPastC);
- /* If this the the block containing the end of the
- * application data and we're past the 0x80 value then
- * just write zero. */
- b = b&~isPastCPlus1;
- /* If this is indexB (the final block), but not
- * indexA (the end of the data), then the 64-bit
- * length didn't fit into indexA and we're having to
- * add an extra block of zeros. */
- b &= ~isBlockB | isBlockA;
+ /* If this is the block containing the end of the
+ * application data, and we are at the offset for the
+ * 0x80 value, then overwrite b with 0x80. */
+ b = (b & ~isPastC) | (0x80 & isPastC);
+ /* If this the the block containing the end of the
+ * application data and we're past the 0x80 value then
+ * just write zero. */
+ b = b & ~isPastCPlus1;
+ /* If this is indexB (the final block), but not
+ * indexA (the end of the data), then the 64-bit
+ * length didn't fit into indexA and we're having to
+ * add an extra block of zeros. */
+ b &= ~isBlockB | isBlockA;
- /* The final bytes of one of the blocks contains the length. */
- if (j >= mdBlockSize - mdLengthSize) {
- /* If this is indexB, write a length byte. */
- b = (b&~isBlockB) |
- (isBlockB&lengthBytes[j-(mdBlockSize-mdLengthSize)]);
- }
- block[j] = b;
- }
+ /* The final bytes of one of the blocks contains the length. */
+ if (j >= mdBlockSize - mdLengthSize) {
+ /* If this is indexB, write a length byte. */
+ b = (b & ~isBlockB) |
+ (isBlockB & lengthBytes[j - (mdBlockSize - mdLengthSize)]);
+ }
+ block[j] = b;
+ }
- hashObj->update(mdState, block, mdBlockSize);
- hashObj->end_raw(mdState, block, NULL, mdSize);
- /* If this is indexB, copy the hash value to |macOut|. */
- for (j = 0; j < mdSize; j++) {
- macOut[j] |= block[j]&isBlockB;
- }
+ hashObj->update(mdState, block, mdBlockSize);
+ hashObj->end_raw(mdState, block, NULL, mdSize);
+ /* If this is indexB, copy the hash value to |macOut|. */
+ for (j = 0; j < mdSize; j++) {
+ macOut[j] |= block[j] & isBlockB;
+ }
}
hashObj->begin(mdState);
if (isSSLv3) {
- /* We repurpose |hmacPad| to contain the SSLv3 pad2 block. */
- for (i = 0; i < sslv3PadLen; i++)
- hmacPad[i] = 0x5c;
+ /* We repurpose |hmacPad| to contain the SSLv3 pad2 block. */
+ for (i = 0; i < sslv3PadLen; i++)
+ hmacPad[i] = 0x5c;
- hashObj->update(mdState, macSecret, macSecretLen);
- hashObj->update(mdState, hmacPad, sslv3PadLen);
- hashObj->update(mdState, macOut, mdSize);
+ hashObj->update(mdState, macSecret, macSecretLen);
+ hashObj->update(mdState, hmacPad, sslv3PadLen);
+ hashObj->update(mdState, macOut, mdSize);
} else {
- /* Complete the HMAC in the standard manner. */
- for (i = 0; i < mdBlockSize; i++)
- hmacPad[i] ^= 0x6a;
+ /* Complete the HMAC in the standard manner. */
+ for (i = 0; i < mdBlockSize; i++)
+ hmacPad[i] ^= 0x6a;
- hashObj->update(mdState, hmacPad, mdBlockSize);
- hashObj->update(mdState, macOut, mdSize);
+ hashObj->update(mdState, hmacPad, mdBlockSize);
+ hashObj->update(mdState, macOut, mdSize);
}
hashObj->end(mdState, mdOut, mdOutLen, mdOutMax);
@@ -307,10 +307,10 @@ HMAC_ConstantTime(
unsigned int bodyTotalLen)
{
if (hashObj->end_raw == NULL)
- return SECFailure;
+ return SECFailure;
return MAC(result, resultLen, maxResultLen, hashObj, secret, secretLen,
- header, headerLen, body, bodyLen, bodyTotalLen,
- 0 /* not SSLv3 */);
+ header, headerLen, body, bodyLen, bodyTotalLen,
+ 0 /* not SSLv3 */);
}
SECStatus
@@ -328,9 +328,8 @@ SSLv3_MAC_ConstantTime(
unsigned int bodyTotalLen)
{
if (hashObj->end_raw == NULL)
- return SECFailure;
+ return SECFailure;
return MAC(result, resultLen, maxResultLen, hashObj, secret, secretLen,
- header, headerLen, body, bodyLen, bodyTotalLen,
- 1 /* SSLv3 */);
+ header, headerLen, body, bodyLen, bodyTotalLen,
+ 1 /* SSLv3 */);
}
-
diff --git a/lib/freebl/intel-aes.h b/lib/freebl/intel-aes.h
index 3b71e5fa6..d5bd2d8ca 100644
--- a/lib/freebl/intel-aes.h
+++ b/lib/freebl/intel-aes.h
@@ -10,137 +10,134 @@ void intel_aes_decrypt_init_128(const unsigned char *key, PRUint32 *expanded);
void intel_aes_decrypt_init_192(const unsigned char *key, PRUint32 *expanded);
void intel_aes_decrypt_init_256(const unsigned char *key, PRUint32 *expanded);
SECStatus intel_aes_encrypt_ecb_128(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_decrypt_ecb_128(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_cbc_128(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_ctr_128(CTRContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_decrypt_ecb_192(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_cbc_192(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_ctr_192(CTRContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_decrypt_ecb_256(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_cbc_256(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen,
- unsigned int blocksize);
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen,
+ unsigned int blocksize);
+#define intel_aes_ecb_worker(encrypt, keysize) \
+ ((encrypt) \
+ ? ((keysize) == 16 ? intel_aes_encrypt_ecb_128 \
+ : (keysize) == 24 ? intel_aes_encrypt_ecb_192 \
+ : intel_aes_encrypt_ecb_256) \
+ : ((keysize) == 16 ? intel_aes_decrypt_ecb_128 \
+ : (keysize) == 24 ? intel_aes_decrypt_ecb_192 \
+ : intel_aes_decrypt_ecb_256))
-#define intel_aes_ecb_worker(encrypt, keysize) \
- ((encrypt) \
- ? ((keysize) == 16 ? intel_aes_encrypt_ecb_128 : \
- (keysize) == 24 ? intel_aes_encrypt_ecb_192 : \
- intel_aes_encrypt_ecb_256) \
- : ((keysize) == 16 ? intel_aes_decrypt_ecb_128 : \
- (keysize) == 24 ? intel_aes_decrypt_ecb_192 : \
- intel_aes_decrypt_ecb_256))
+#define intel_aes_cbc_worker(encrypt, keysize) \
+ ((encrypt) \
+ ? ((keysize) == 16 ? intel_aes_encrypt_cbc_128 \
+ : (keysize) == 24 ? intel_aes_encrypt_cbc_192 \
+ : intel_aes_encrypt_cbc_256) \
+ : ((keysize) == 16 ? intel_aes_decrypt_cbc_128 \
+ : (keysize) == 24 ? intel_aes_decrypt_cbc_192 \
+ : intel_aes_decrypt_cbc_256))
+#define intel_aes_ctr_worker(nr) \
+ ((nr) == 10 ? intel_aes_encrypt_ctr_128 \
+ : (nr) == 12 ? intel_aes_encrypt_ctr_192 \
+ : intel_aes_encrypt_ctr_256)
-#define intel_aes_cbc_worker(encrypt, keysize) \
- ((encrypt) \
- ? ((keysize) == 16 ? intel_aes_encrypt_cbc_128 : \
- (keysize) == 24 ? intel_aes_encrypt_cbc_192 : \
- intel_aes_encrypt_cbc_256) \
- : ((keysize) == 16 ? intel_aes_decrypt_cbc_128 : \
- (keysize) == 24 ? intel_aes_decrypt_cbc_192 : \
- intel_aes_decrypt_cbc_256))
-
-#define intel_aes_ctr_worker(nr) \
- ((nr) == 10 ? intel_aes_encrypt_ctr_128 : \
- (nr) == 12 ? intel_aes_encrypt_ctr_192 : \
- intel_aes_encrypt_ctr_256)
-
-
-#define intel_aes_init(encrypt, keysize) \
- do { \
- if (encrypt) { \
- if (keysize == 16) \
- intel_aes_encrypt_init_128(key, cx->expandedKey); \
- else if (keysize == 24) \
- intel_aes_encrypt_init_192(key, cx->expandedKey); \
- else \
- intel_aes_encrypt_init_256(key, cx->expandedKey); \
- } else { \
- if (keysize == 16) \
- intel_aes_decrypt_init_128(key, cx->expandedKey); \
- else if (keysize == 24) \
- intel_aes_decrypt_init_192(key, cx->expandedKey); \
- else \
- intel_aes_decrypt_init_256(key, cx->expandedKey); \
- } \
- } while (0)
+#define intel_aes_init(encrypt, keysize) \
+ do { \
+ if (encrypt) { \
+ if (keysize == 16) \
+ intel_aes_encrypt_init_128(key, cx->expandedKey); \
+ else if (keysize == 24) \
+ intel_aes_encrypt_init_192(key, cx->expandedKey); \
+ else \
+ intel_aes_encrypt_init_256(key, cx->expandedKey); \
+ } else { \
+ if (keysize == 16) \
+ intel_aes_decrypt_init_128(key, cx->expandedKey); \
+ else if (keysize == 24) \
+ intel_aes_decrypt_init_192(key, cx->expandedKey); \
+ else \
+ intel_aes_decrypt_init_256(key, cx->expandedKey); \
+ } \
+ } while (0)
diff --git a/lib/freebl/intel-gcm-wrap.c b/lib/freebl/intel-gcm-wrap.c
index 12874749a..8c5eaf021 100644
--- a/lib/freebl/intel-gcm-wrap.c
+++ b/lib/freebl/intel-gcm-wrap.c
@@ -27,9 +27,8 @@
#include <emmintrin.h>
#include <tmmintrin.h>
-
-struct intel_AES_GCMContextStr{
- unsigned char Htbl[16*AES_BLOCK_SIZE];
+struct intel_AES_GCMContextStr {
+ unsigned char Htbl[16 * AES_BLOCK_SIZE];
unsigned char X0[AES_BLOCK_SIZE];
unsigned char T[AES_BLOCK_SIZE];
unsigned char CTR[AES_BLOCK_SIZE];
@@ -39,13 +38,14 @@ struct intel_AES_GCMContextStr{
unsigned long Mlen;
};
-intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
- freeblCipherFunc cipher,
- const unsigned char *params,
- unsigned int blocksize)
+intel_AES_GCMContext *
+intel_AES_GCM_CreateContext(void *context,
+ freeblCipherFunc cipher,
+ const unsigned char *params,
+ unsigned int blocksize)
{
intel_AES_GCMContext *gcm = NULL;
- AESContext *aes = (AESContext*)context;
+ AESContext *aes = (AESContext *)context;
const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */
@@ -54,14 +54,14 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful);
unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful;
- __m128i BSWAP_MASK = _mm_setr_epi8(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
- __m128i ONE = _mm_set_epi32(0,0,0,1);
+ __m128i BSWAP_MASK = _mm_setr_epi8(15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0);
+ __m128i ONE = _mm_set_epi32(0, 0, 0, 1);
unsigned int j;
SECStatus rv;
if (blocksize != AES_BLOCK_SIZE) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return NULL;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
}
gcm = PORT_ZNew(intel_AES_GCMContext);
@@ -76,18 +76,18 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
gcm->Mlen = 0;
/* first prepare H and its derivatives for ghash */
- intel_aes_gcmINIT(gcm->Htbl, (unsigned char*)aes->expandedKey, aes->Nr);
+ intel_aes_gcmINIT(gcm->Htbl, (unsigned char *)aes->expandedKey, aes->Nr);
/* Initial TAG value is zero */
- _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
- _mm_storeu_si128((__m128i*)gcm->X0, _mm_setzero_si128());
+ _mm_storeu_si128((__m128i *)gcm->T, _mm_setzero_si128());
+ _mm_storeu_si128((__m128i *)gcm->X0, _mm_setzero_si128());
/* Init the counter */
if (gcmParams->ulIvLen == 12) {
- _mm_storeu_si128((__m128i*)gcm->CTR,
- _mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0],
- ((unsigned int*)gcmParams->pIv)[1],
- ((unsigned int*)gcmParams->pIv)[2],
+ _mm_storeu_si128((__m128i *)gcm->CTR,
+ _mm_setr_epi32(((unsigned int *)gcmParams->pIv)[0],
+ ((unsigned int *)gcmParams->pIv)[1],
+ ((unsigned int *)gcmParams->pIv)[2],
0x01000000));
} else {
/* If IV size is not 96 bits, then the initial counter value is GHASH
@@ -110,7 +110,7 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
gcm->CTR);
/* TAG should be zero again */
- _mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
+ _mm_storeu_si128((__m128i *)gcm->T, _mm_setzero_si128());
}
/* Encrypt the initial counter, will be used to encrypt the GHASH value,
@@ -122,7 +122,7 @@ intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
}
/* Promote the counter by 1 */
- _mm_storeu_si128((__m128i*)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)gcm->CTR), BSWAP_MASK)), BSWAP_MASK));
+ _mm_storeu_si128((__m128i *)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i *)gcm->CTR), BSWAP_MASK)), BSWAP_MASK));
/* Now hash AAD - it would actually make sense to seperate the context
* creation from the AAD, because that would allow to reuse the H, which
@@ -142,18 +142,20 @@ loser:
return NULL;
}
-void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit)
+void
+intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit)
{
if (freeit) {
PORT_Free(gcm);
}
}
-SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
- unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+SECStatus
+intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
+ unsigned char *outbuf,
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
unsigned int tagBytes;
unsigned char T[AES_BLOCK_SIZE];
@@ -194,11 +196,12 @@ SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
return SECSuccess;
}
-SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
- unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize)
+SECStatus
+intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
+ unsigned char *outbuf,
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize)
{
unsigned int tagBytes;
unsigned char T[AES_BLOCK_SIZE];
@@ -222,19 +225,19 @@ SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
}
intel_aes_gcmDEC(
- inbuf,
- outbuf,
- gcm,
- inlen);
+ inbuf,
+ outbuf,
+ gcm,
+ inlen);
gcm->Mlen += inlen;
intel_aes_gcmTAG(
- gcm->Htbl,
- gcm->T,
- gcm->Mlen,
- gcm->Alen,
- gcm->X0,
- T);
+ gcm->Htbl,
+ gcm->T,
+ gcm->Mlen,
+ gcm->Alen,
+ gcm->X0,
+ T);
if (NSS_SecureMemcmp(T, intag, tagBytes) != 0) {
memset(outbuf, 0, inlen);
diff --git a/lib/freebl/intel-gcm.h b/lib/freebl/intel-gcm.h
index 6dfbc3c43..566e544d8 100644
--- a/lib/freebl/intel-gcm.h
+++ b/lib/freebl/intel-gcm.h
@@ -27,57 +27,57 @@
typedef struct intel_AES_GCMContextStr intel_AES_GCMContext;
intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher,
- const unsigned char *params, unsigned int blocksize);
+ const unsigned char *params, unsigned int blocksize);
void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit);
SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
- unsigned int *outlen, unsigned int maxout,
- const unsigned char *inbuf, unsigned int inlen,
- unsigned int blocksize);
+ unsigned int *outlen, unsigned int maxout,
+ const unsigned char *inbuf, unsigned int inlen,
+ unsigned int blocksize);
-/* Prototypes of functions in the assembler file for fast AES-GCM, using
+/* Prototypes of functions in the assembler file for fast AES-GCM, using
Intel AES-NI and CLMUL-NI, as described in [1]
[1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication
Instruction and its Usage for Computing the GCM Mode */
-
+
/* Prepares the constants used in the aggregated reduction method */
-void intel_aes_gcmINIT(unsigned char Htbl[16*16],
+void intel_aes_gcmINIT(unsigned char Htbl[16 * 16],
unsigned char *KS,
int NR);
/* Produces the final GHASH value */
-void intel_aes_gcmTAG(unsigned char Htbl[16*16],
- unsigned char *Tp,
- unsigned long Mlen,
- unsigned long Alen,
- unsigned char* X0,
- unsigned char* TAG);
+void intel_aes_gcmTAG(unsigned char Htbl[16 * 16],
+ unsigned char *Tp,
+ unsigned long Mlen,
+ unsigned long Alen,
+ unsigned char *X0,
+ unsigned char *TAG);
/* Hashes the Additional Authenticated Data, should be used before enc/dec.
Operates on whole blocks only. Partial blocks should be padded externally. */
-void intel_aes_gcmAAD(unsigned char Htbl[16*16],
- unsigned char *AAD,
- unsigned long Alen,
+void intel_aes_gcmAAD(unsigned char Htbl[16 * 16],
+ unsigned char *AAD,
+ unsigned long Alen,
unsigned char *Tp);
-/* Encrypts and hashes the Plaintext.
+/* Encrypts and hashes the Plaintext.
Operates on any length of data, however partial block should only be encrypted
at the last call, otherwise the result will be incorrect. */
-void intel_aes_gcmENC(const unsigned char* PT,
- unsigned char* CT,
- void *Gctx,
+void intel_aes_gcmENC(const unsigned char *PT,
+ unsigned char *CT,
+ void *Gctx,
unsigned long len);
-
+
/* Similar to ENC, but decrypts the Ciphertext. */
-void intel_aes_gcmDEC(const unsigned char* CT,
- unsigned char* PT,
- void *Gctx,
+void intel_aes_gcmDEC(const unsigned char *CT,
+ unsigned char *PT,
+ void *Gctx,
unsigned long len);
#endif
diff --git a/lib/freebl/jpake.c b/lib/freebl/jpake.c
index 88cdc6edd..741c7a876 100644
--- a/lib/freebl/jpake.c
+++ b/lib/freebl/jpake.c
@@ -16,15 +16,15 @@
* to match the OpenSSL J-PAKE implementation.
*/
static mp_err
-hashSECItem(HASHContext * hash, const SECItem * it)
+hashSECItem(HASHContext *hash, const SECItem *it)
{
unsigned char length[2];
if (it->len > 0xffff)
return MP_BADARG;
- length[0] = (unsigned char) (it->len >> 8);
- length[1] = (unsigned char) (it->len);
+ length[0] = (unsigned char)(it->len >> 8);
+ length[1] = (unsigned char)(it->len);
hash->hashobj->update(hash->hash_context, length, 2);
hash->hashobj->update(hash->hash_context, it->data, it->len);
return MP_OKAY;
@@ -33,15 +33,15 @@ hashSECItem(HASHContext * hash, const SECItem * it)
/* Hash all public components of the signature, each prefixed with its
length, and then convert the hash to an mp_int. */
static mp_err
-hashPublicParams(HASH_HashType hashType, const SECItem * g,
- const SECItem * gv, const SECItem * gx,
- const SECItem * signerID, mp_int * h)
+hashPublicParams(HASH_HashType hashType, const SECItem *g,
+ const SECItem *gv, const SECItem *gx,
+ const SECItem *signerID, mp_int *h)
{
mp_err err;
unsigned char hBuf[HASH_LENGTH_MAX];
SECItem hItem;
HASHContext hash;
-
+
hash.hashobj = HASH_GetRawHashObject(hashType);
if (hash.hashobj == NULL || hash.hashobj->length > sizeof hBuf) {
return MP_BADARG;
@@ -55,10 +55,10 @@ hashPublicParams(HASH_HashType hashType, const SECItem * g,
hItem.len = hash.hashobj->length;
hash.hashobj->begin(hash.hash_context);
- CHECK_MPI_OK( hashSECItem(&hash, g) );
- CHECK_MPI_OK( hashSECItem(&hash, gv) );
- CHECK_MPI_OK( hashSECItem(&hash, gx) );
- CHECK_MPI_OK( hashSECItem(&hash, signerID) );
+ CHECK_MPI_OK(hashSECItem(&hash, g));
+ CHECK_MPI_OK(hashSECItem(&hash, gv));
+ CHECK_MPI_OK(hashSECItem(&hash, gx));
+ CHECK_MPI_OK(hashSECItem(&hash, signerID));
hash.hashobj->end(hash.hash_context, hItem.data, &hItem.len,
sizeof hBuf);
SECITEM_TO_MPINT(hItem, h);
@@ -73,10 +73,10 @@ cleanup:
/* Generate a Schnorr signature for round 1 or round 2 */
SECStatus
-JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
- const SECItem * signerID, const SECItem * x,
- const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut,
- SECItem * gv, SECItem * r)
+JPAKE_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+ const SECItem *signerID, const SECItem *x,
+ const SECItem *testRandom, const SECItem *gxIn, SECItem *gxOut,
+ SECItem *gv, SECItem *r)
{
SECStatus rv = SECSuccess;
mp_err err;
@@ -92,22 +92,21 @@ JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
mp_int R;
SECItem v;
- if (!arena ||
- !pqg || !pqg->prime.data || pqg->prime.len == 0 ||
- !pqg->subPrime.data || pqg->subPrime.len == 0 ||
- !pqg->base.data || pqg->base.len == 0 ||
- !signerID || !signerID->data || signerID->len == 0 ||
- !x || !x->data || x->len == 0 ||
+ if (!arena ||
+ !pqg || !pqg->prime.data || pqg->prime.len == 0 ||
+ !pqg->subPrime.data || pqg->subPrime.len == 0 ||
+ !pqg->base.data || pqg->base.len == 0 ||
+ !signerID || !signerID->data || signerID->len == 0 ||
+ !x || !x->data || x->len == 0 ||
(testRandom && (!testRandom->data || testRandom->len == 0)) ||
(gxIn == NULL && (!gxOut || gxOut->data != NULL)) ||
(gxIn != NULL && (!gxIn->data || gxIn->len == 0 || gxOut != NULL)) ||
- !gv || gv->data != NULL ||
- !r || r->data != NULL) {
+ !gv || gv->data != NULL ||
+ !r || r->data != NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
-
MP_DIGITS(&p) = 0;
MP_DIGITS(&q) = 0;
MP_DIGITS(&g) = 0;
@@ -119,25 +118,25 @@ JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
MP_DIGITS(&tmp) = 0;
MP_DIGITS(&R) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&g) );
- CHECK_MPI_OK( mp_init(&X) );
- CHECK_MPI_OK( mp_init(&GX) );
- CHECK_MPI_OK( mp_init(&V) );
- CHECK_MPI_OK( mp_init(&GV) );
- CHECK_MPI_OK( mp_init(&h) );
- CHECK_MPI_OK( mp_init(&tmp) );
- CHECK_MPI_OK( mp_init(&R) );
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&g));
+ CHECK_MPI_OK(mp_init(&X));
+ CHECK_MPI_OK(mp_init(&GX));
+ CHECK_MPI_OK(mp_init(&V));
+ CHECK_MPI_OK(mp_init(&GV));
+ CHECK_MPI_OK(mp_init(&h));
+ CHECK_MPI_OK(mp_init(&tmp));
+ CHECK_MPI_OK(mp_init(&R));
SECITEM_TO_MPINT(pqg->prime, &p);
SECITEM_TO_MPINT(pqg->subPrime, &q);
SECITEM_TO_MPINT(pqg->base, &g);
- SECITEM_TO_MPINT(*x, &X);
+ SECITEM_TO_MPINT(*x, &X);
/* gx = g^x */
if (gxIn == NULL) {
- CHECK_MPI_OK( mp_exptmod(&g, &X, &p, &GX) );
+ CHECK_MPI_OK(mp_exptmod(&g, &X, &p, &GX));
MPINT_TO_SECITEM(&GX, gxOut, arena);
gxIn = gxOut;
} else {
@@ -158,16 +157,16 @@ JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
SECITEM_TO_MPINT(v, &V);
/* gv = g^v (mod q), random v, 1 <= v < q */
- CHECK_MPI_OK( mp_exptmod(&g, &V, &p, &GV) );
+ CHECK_MPI_OK(mp_exptmod(&g, &V, &p, &GV));
MPINT_TO_SECITEM(&GV, gv, arena);
/* h = H(g, gv, gx, signerID) */
- CHECK_MPI_OK( hashPublicParams(hashType, &pqg->base, gv, gxIn, signerID,
- &h) );
+ CHECK_MPI_OK(hashPublicParams(hashType, &pqg->base, gv, gxIn, signerID,
+ &h));
/* r = v - x*h (mod q) */
- CHECK_MPI_OK( mp_mulmod(&X, &h, &q, &tmp) );
- CHECK_MPI_OK( mp_submod(&V, &tmp, &q, &R) );
+ CHECK_MPI_OK(mp_mulmod(&X, &h, &q, &tmp));
+ CHECK_MPI_OK(mp_submod(&V, &tmp, &q, &R));
MPINT_TO_SECITEM(&R, r, arena);
cleanup:
@@ -191,9 +190,9 @@ cleanup:
/* Verify a Schnorr signature generated by the peer in round 1 or round 2. */
SECStatus
-JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
- const SECItem * signerID, const SECItem * peerID,
- const SECItem * gx, const SECItem * gv, const SECItem * r)
+JPAKE_Verify(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+ const SECItem *signerID, const SECItem *peerID,
+ const SECItem *gx, const SECItem *gv, const SECItem *r)
{
SECStatus rv = SECSuccess;
mp_err err;
@@ -210,15 +209,15 @@ JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
mp_int gr_gxh;
SECItem calculated;
- if (!arena ||
- !pqg || !pqg->prime.data || pqg->prime.len == 0 ||
- !pqg->subPrime.data || pqg->subPrime.len == 0 ||
- !pqg->base.data || pqg->base.len == 0 ||
- !signerID || !signerID->data || signerID->len == 0 ||
- !peerID || !peerID->data || peerID->len == 0 ||
- !gx || !gx->data || gx->len == 0 ||
- !gv || !gv->data || gv->len == 0 ||
- !r || !r->data || r->len == 0 ||
+ if (!arena ||
+ !pqg || !pqg->prime.data || pqg->prime.len == 0 ||
+ !pqg->subPrime.data || pqg->subPrime.len == 0 ||
+ !pqg->base.data || pqg->base.len == 0 ||
+ !signerID || !signerID->data || signerID->len == 0 ||
+ !peerID || !peerID->data || peerID->len == 0 ||
+ !gx || !gx->data || gx->len == 0 ||
+ !gv || !gv->data || gv->len == 0 ||
+ !r || !r->data || r->len == 0 ||
SECITEM_CompareItem(signerID, peerID) == SECEqual) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -237,17 +236,17 @@ JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
MP_DIGITS(&gr_gxh) = 0;
calculated.data = NULL;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&g) );
- CHECK_MPI_OK( mp_init(&p_minus_1) );
- CHECK_MPI_OK( mp_init(&GX) );
- CHECK_MPI_OK( mp_init(&h) );
- CHECK_MPI_OK( mp_init(&one) );
- CHECK_MPI_OK( mp_init(&R) );
- CHECK_MPI_OK( mp_init(&gr) );
- CHECK_MPI_OK( mp_init(&gxh) );
- CHECK_MPI_OK( mp_init(&gr_gxh) );
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&g));
+ CHECK_MPI_OK(mp_init(&p_minus_1));
+ CHECK_MPI_OK(mp_init(&GX));
+ CHECK_MPI_OK(mp_init(&h));
+ CHECK_MPI_OK(mp_init(&one));
+ CHECK_MPI_OK(mp_init(&R));
+ CHECK_MPI_OK(mp_init(&gr));
+ CHECK_MPI_OK(mp_init(&gxh));
+ CHECK_MPI_OK(mp_init(&gr_gxh));
SECITEM_TO_MPINT(pqg->prime, &p);
SECITEM_TO_MPINT(pqg->subPrime, &q);
@@ -255,23 +254,23 @@ JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
SECITEM_TO_MPINT(*gx, &GX);
SECITEM_TO_MPINT(*r, &R);
- CHECK_MPI_OK( mp_sub_d(&p, 1, &p_minus_1) );
- CHECK_MPI_OK( mp_exptmod(&GX, &q, &p, &one) );
+ CHECK_MPI_OK(mp_sub_d(&p, 1, &p_minus_1));
+ CHECK_MPI_OK(mp_exptmod(&GX, &q, &p, &one));
/* Check g^x is in [1, p-2], R is in [0, q-1], and (g^x)^q mod p == 1 */
- if (!(mp_cmp_z(&GX) > 0 &&
- mp_cmp(&GX, &p_minus_1) < 0 &&
+ if (!(mp_cmp_z(&GX) > 0 &&
+ mp_cmp(&GX, &p_minus_1) < 0 &&
mp_cmp(&R, &q) < 0 &&
mp_cmp_d(&one, 1) == 0)) {
goto badSig;
}
-
- CHECK_MPI_OK( hashPublicParams(hashType, &pqg->base, gv, gx, peerID,
- &h) );
+
+ CHECK_MPI_OK(hashPublicParams(hashType, &pqg->base, gv, gx, peerID,
+ &h));
/* Calculate g^v = g^r * g^x^h */
- CHECK_MPI_OK( mp_exptmod(&g, &R, &p, &gr) );
- CHECK_MPI_OK( mp_exptmod(&GX, &h, &p, &gxh) );
- CHECK_MPI_OK( mp_mulmod(&gr, &gxh, &p, &gr_gxh) );
+ CHECK_MPI_OK(mp_exptmod(&g, &R, &p, &gr));
+ CHECK_MPI_OK(mp_exptmod(&GX, &h, &p, &gxh));
+ CHECK_MPI_OK(mp_mulmod(&gr, &gxh, &p, &gr_gxh));
/* Compare calculated g^v to given g^v */
MPINT_TO_SECITEM(&gr_gxh, &calculated, arena);
@@ -279,7 +278,8 @@ JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
NSS_SecureMemcmp(calculated.data, gv->data, calculated.len) == 0) {
rv = SECSuccess;
} else {
-badSig: PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ badSig:
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
rv = SECFailure;
}
@@ -295,7 +295,7 @@ cleanup:
mp_clear(&gr);
mp_clear(&gxh);
mp_clear(&gr_gxh);
-
+
if (rv == SECSuccess && err != MP_OKAY) {
MP_TO_SEC_ERROR(err);
rv = SECFailure;
@@ -305,8 +305,8 @@ cleanup:
/* Calculate base = gx1*gx3*gx4 (mod p), i.e. g^(x1+x3+x4) (mod p) */
static mp_err
-jpake_Round2Base(const SECItem * gx1, const SECItem * gx3,
- const SECItem * gx4, const mp_int * p, mp_int * base)
+jpake_Round2Base(const SECItem *gx1, const SECItem *gx3,
+ const SECItem *gx4, const mp_int *p, mp_int *base)
{
mp_err err;
mp_int GX1;
@@ -319,10 +319,10 @@ jpake_Round2Base(const SECItem * gx1, const SECItem * gx3,
MP_DIGITS(&GX4) = 0;
MP_DIGITS(&tmp) = 0;
- CHECK_MPI_OK( mp_init(&GX1) );
- CHECK_MPI_OK( mp_init(&GX3) );
- CHECK_MPI_OK( mp_init(&GX4) );
- CHECK_MPI_OK( mp_init(&tmp) );
+ CHECK_MPI_OK(mp_init(&GX1));
+ CHECK_MPI_OK(mp_init(&GX3));
+ CHECK_MPI_OK(mp_init(&GX4));
+ CHECK_MPI_OK(mp_init(&tmp));
SECITEM_TO_MPINT(*gx1, &GX1);
SECITEM_TO_MPINT(*gx3, &GX3);
@@ -333,10 +333,10 @@ jpake_Round2Base(const SECItem * gx1, const SECItem * gx3,
if (mp_cmp(&GX3, &GX4) == 0) {
return MP_BADARG;
}
-
- CHECK_MPI_OK( mp_mul(&GX1, &GX3, &tmp) );
- CHECK_MPI_OK( mp_mul(&tmp, &GX4, &tmp) );
- CHECK_MPI_OK( mp_mod(&tmp, p, base) );
+
+ CHECK_MPI_OK(mp_mul(&GX1, &GX3, &tmp));
+ CHECK_MPI_OK(mp_mul(&tmp, &GX4, &tmp));
+ CHECK_MPI_OK(mp_mod(&tmp, p, base));
cleanup:
mp_clear(&GX1);
@@ -347,10 +347,10 @@ cleanup:
}
SECStatus
-JPAKE_Round2(PLArenaPool * arena,
- const SECItem * p, const SECItem *q, const SECItem * gx1,
- const SECItem * gx3, const SECItem * gx4, SECItem * base,
- const SECItem * x2, const SECItem * s, SECItem * x2s)
+JPAKE_Round2(PLArenaPool *arena,
+ const SECItem *p, const SECItem *q, const SECItem *gx1,
+ const SECItem *gx3, const SECItem *gx4, SECItem *base,
+ const SECItem *x2, const SECItem *s, SECItem *x2s)
{
mp_err err;
mp_int P;
@@ -360,15 +360,15 @@ JPAKE_Round2(PLArenaPool * arena,
mp_int result;
if (!arena ||
- !p || !p->data || p->len == 0 ||
- !q || !q->data || q->len == 0 ||
- !gx1 || !gx1->data || gx1->len == 0 ||
- !gx3 || !gx3->data || gx3->len == 0 ||
- !gx4 || !gx4->data || gx4->len == 0 ||
- !base || base->data != NULL ||
+ !p || !p->data || p->len == 0 ||
+ !q || !q->data || q->len == 0 ||
+ !gx1 || !gx1->data || gx1->len == 0 ||
+ !gx3 || !gx3->data || gx3->len == 0 ||
+ !gx4 || !gx4->data || gx4->len == 0 ||
+ !base || base->data != NULL ||
(x2s != NULL && (x2s->data != NULL ||
- !x2 || !x2->data || x2->len == 0 ||
- !s || !s->data || s->len == 0))) {
+ !x2 || !x2->data || x2->len == 0 ||
+ !s || !s->data || s->len == 0))) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -379,17 +379,17 @@ JPAKE_Round2(PLArenaPool * arena,
MP_DIGITS(&S) = 0;
MP_DIGITS(&result) = 0;
- CHECK_MPI_OK( mp_init(&P) );
- CHECK_MPI_OK( mp_init(&Q) );
- CHECK_MPI_OK( mp_init(&result) );
+ CHECK_MPI_OK(mp_init(&P));
+ CHECK_MPI_OK(mp_init(&Q));
+ CHECK_MPI_OK(mp_init(&result));
if (x2s != NULL) {
- CHECK_MPI_OK( mp_init(&X2) );
- CHECK_MPI_OK( mp_init(&S) );
+ CHECK_MPI_OK(mp_init(&X2));
+ CHECK_MPI_OK(mp_init(&S));
SECITEM_TO_MPINT(*q, &Q);
SECITEM_TO_MPINT(*x2, &X2);
-
+
SECITEM_TO_MPINT(*s, &S);
/* S must be in [1, Q-1] */
if (mp_cmp_z(&S) <= 0 || mp_cmp(&S, &Q) >= 0) {
@@ -397,12 +397,12 @@ JPAKE_Round2(PLArenaPool * arena,
goto cleanup;
}
- CHECK_MPI_OK( mp_mulmod(&X2, &S, &Q, &result) );
+ CHECK_MPI_OK(mp_mulmod(&X2, &S, &Q, &result));
MPINT_TO_SECITEM(&result, x2s, arena);
}
SECITEM_TO_MPINT(*p, &P);
- CHECK_MPI_OK( jpake_Round2Base(gx1, gx3, gx4, &P, &result) );
+ CHECK_MPI_OK(jpake_Round2Base(gx1, gx3, gx4, &P, &result));
MPINT_TO_SECITEM(&result, base, arena);
cleanup:
@@ -420,9 +420,9 @@ cleanup:
}
SECStatus
-JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem * q,
- const SECItem * x2, const SECItem * gx4, const SECItem * x2s,
- const SECItem * B, SECItem * K)
+JPAKE_Final(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+ const SECItem *x2, const SECItem *gx4, const SECItem *x2s,
+ const SECItem *B, SECItem *K)
{
mp_err err;
mp_int P;
@@ -433,13 +433,13 @@ JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem * q,
mp_int base;
if (!arena ||
- !p || !p->data || p->len == 0 ||
- !q || !q->data || q->len == 0 ||
- !x2 || !x2->data || x2->len == 0 ||
- !gx4 || !gx4->data || gx4->len == 0 ||
- !x2s || !x2s->data || x2s->len == 0 ||
- !B || !B->data || B->len == 0 ||
- !K || K->data != NULL) {
+ !p || !p->data || p->len == 0 ||
+ !q || !q->data || q->len == 0 ||
+ !x2 || !x2->data || x2->len == 0 ||
+ !gx4 || !gx4->data || gx4->len == 0 ||
+ !x2s || !x2s->data || x2s->len == 0 ||
+ !B || !B->data || B->len == 0 ||
+ !K || K->data != NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -451,31 +451,31 @@ JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem * q,
MP_DIGITS(&divisor) = 0;
MP_DIGITS(&base) = 0;
- CHECK_MPI_OK( mp_init(&P) );
- CHECK_MPI_OK( mp_init(&Q) );
- CHECK_MPI_OK( mp_init(&tmp) );
- CHECK_MPI_OK( mp_init(&exponent) );
- CHECK_MPI_OK( mp_init(&divisor) );
- CHECK_MPI_OK( mp_init(&base) );
+ CHECK_MPI_OK(mp_init(&P));
+ CHECK_MPI_OK(mp_init(&Q));
+ CHECK_MPI_OK(mp_init(&tmp));
+ CHECK_MPI_OK(mp_init(&exponent));
+ CHECK_MPI_OK(mp_init(&divisor));
+ CHECK_MPI_OK(mp_init(&base));
/* exponent = -x2s (mod q) */
SECITEM_TO_MPINT(*q, &Q);
SECITEM_TO_MPINT(*x2s, &tmp);
/* q == 0 (mod q), so q - x2s == -x2s (mod q) */
- CHECK_MPI_OK( mp_sub(&Q, &tmp, &exponent) );
+ CHECK_MPI_OK(mp_sub(&Q, &tmp, &exponent));
/* divisor = gx4^-x2s = 1/(gx4^x2s) (mod p) */
SECITEM_TO_MPINT(*p, &P);
SECITEM_TO_MPINT(*gx4, &tmp);
- CHECK_MPI_OK( mp_exptmod(&tmp, &exponent, &P, &divisor) );
-
+ CHECK_MPI_OK(mp_exptmod(&tmp, &exponent, &P, &divisor));
+
/* base = B*divisor = B/(gx4^x2s) (mod p) */
SECITEM_TO_MPINT(*B, &tmp);
- CHECK_MPI_OK( mp_mulmod(&divisor, &tmp, &P, &base) );
+ CHECK_MPI_OK(mp_mulmod(&divisor, &tmp, &P, &base));
/* tmp = base^x2 (mod p) */
SECITEM_TO_MPINT(*x2, &exponent);
- CHECK_MPI_OK( mp_exptmod(&base, &exponent, &P, &tmp) );
+ CHECK_MPI_OK(mp_exptmod(&base, &exponent, &P, &tmp));
MPINT_TO_SECITEM(&tmp, K, arena);
diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c
index a2c2eae07..fb986a6dd 100644
--- a/lib/freebl/ldvector.c
+++ b/lib/freebl/ldvector.c
@@ -14,294 +14,292 @@ extern int FREEBL_InitStubs(void);
#include "hmacct.h"
#include "blapii.h"
-static const struct FREEBLVectorStr vector =
-{
-
- sizeof vector,
- FREEBL_VERSION,
-
- RSA_NewKey,
- RSA_PublicKeyOp,
- RSA_PrivateKeyOp,
- DSA_NewKey,
- DSA_SignDigest,
- DSA_VerifyDigest,
- DSA_NewKeyFromSeed,
- DSA_SignDigestWithSeed,
- DH_GenParam,
- DH_NewKey,
- DH_Derive,
- KEA_Derive,
- KEA_Verify,
- RC4_CreateContext,
- RC4_DestroyContext,
- RC4_Encrypt,
- RC4_Decrypt,
- RC2_CreateContext,
- RC2_DestroyContext,
- RC2_Encrypt,
- RC2_Decrypt,
- RC5_CreateContext,
- RC5_DestroyContext,
- RC5_Encrypt,
- RC5_Decrypt,
- DES_CreateContext,
- DES_DestroyContext,
- DES_Encrypt,
- DES_Decrypt,
- AES_CreateContext,
- AES_DestroyContext,
- AES_Encrypt,
- AES_Decrypt,
- MD5_Hash,
- MD5_HashBuf,
- MD5_NewContext,
- MD5_DestroyContext,
- MD5_Begin,
- MD5_Update,
- MD5_End,
- MD5_FlattenSize,
- MD5_Flatten,
- MD5_Resurrect,
- MD5_TraceState,
- MD2_Hash,
- MD2_NewContext,
- MD2_DestroyContext,
- MD2_Begin,
- MD2_Update,
- MD2_End,
- MD2_FlattenSize,
- MD2_Flatten,
- MD2_Resurrect,
- SHA1_Hash,
- SHA1_HashBuf,
- SHA1_NewContext,
- SHA1_DestroyContext,
- SHA1_Begin,
- SHA1_Update,
- SHA1_End,
- SHA1_TraceState,
- SHA1_FlattenSize,
- SHA1_Flatten,
- SHA1_Resurrect,
- RNG_RNGInit,
- RNG_RandomUpdate,
- RNG_GenerateGlobalRandomBytes,
- RNG_RNGShutdown,
- PQG_ParamGen,
- PQG_ParamGenSeedLen,
- PQG_VerifyParams,
-
- /* End of Version 3.001. */
-
- RSA_PrivateKeyOpDoubleChecked,
- RSA_PrivateKeyCheck,
- BL_Cleanup,
-
- /* End of Version 3.002. */
-
- SHA256_NewContext,
- SHA256_DestroyContext,
- SHA256_Begin,
- SHA256_Update,
- SHA256_End,
- SHA256_HashBuf,
- SHA256_Hash,
- SHA256_TraceState,
- SHA256_FlattenSize,
- SHA256_Flatten,
- SHA256_Resurrect,
-
- SHA512_NewContext,
- SHA512_DestroyContext,
- SHA512_Begin,
- SHA512_Update,
- SHA512_End,
- SHA512_HashBuf,
- SHA512_Hash,
- SHA512_TraceState,
- SHA512_FlattenSize,
- SHA512_Flatten,
- SHA512_Resurrect,
-
- SHA384_NewContext,
- SHA384_DestroyContext,
- SHA384_Begin,
- SHA384_Update,
- SHA384_End,
- SHA384_HashBuf,
- SHA384_Hash,
- SHA384_TraceState,
- SHA384_FlattenSize,
- SHA384_Flatten,
- SHA384_Resurrect,
-
- /* End of Version 3.003. */
-
- AESKeyWrap_CreateContext,
- AESKeyWrap_DestroyContext,
- AESKeyWrap_Encrypt,
- AESKeyWrap_Decrypt,
-
- /* End of Version 3.004. */
-
- BLAPI_SHVerify,
- BLAPI_VerifySelf,
-
- /* End of Version 3.005. */
-
- EC_NewKey,
- EC_NewKeyFromSeed,
- EC_ValidatePublicKey,
- ECDH_Derive,
- ECDSA_SignDigest,
- ECDSA_VerifyDigest,
- ECDSA_SignDigestWithSeed,
-
- /* End of Version 3.006. */
- /* End of Version 3.007. */
-
- AES_InitContext,
- AESKeyWrap_InitContext,
- DES_InitContext,
- RC2_InitContext,
- RC4_InitContext,
-
- AES_AllocateContext,
- AESKeyWrap_AllocateContext,
- DES_AllocateContext,
- RC2_AllocateContext,
- RC4_AllocateContext,
-
- MD2_Clone,
- MD5_Clone,
- SHA1_Clone,
- SHA256_Clone,
- SHA384_Clone,
- SHA512_Clone,
-
- TLS_PRF,
- HASH_GetRawHashObject,
-
- HMAC_Create,
- HMAC_Init,
- HMAC_Begin,
- HMAC_Update,
- HMAC_Clone,
- HMAC_Finish,
- HMAC_Destroy,
-
- RNG_SystemInfoForRNG,
-
- /* End of Version 3.008. */
-
- FIPS186Change_GenerateX,
- FIPS186Change_ReduceModQForDSA,
-
- /* End of Version 3.009. */
- Camellia_InitContext,
- Camellia_AllocateContext,
- Camellia_CreateContext,
- Camellia_DestroyContext,
- Camellia_Encrypt,
- Camellia_Decrypt,
-
- PQG_DestroyParams,
- PQG_DestroyVerify,
-
- /* End of Version 3.010. */
-
- SEED_InitContext,
- SEED_AllocateContext,
- SEED_CreateContext,
- SEED_DestroyContext,
- SEED_Encrypt,
- SEED_Decrypt,
-
- BL_Init,
- BL_SetForkState,
-
- PRNGTEST_Instantiate,
- PRNGTEST_Reseed,
- PRNGTEST_Generate,
-
- PRNGTEST_Uninstantiate,
-
- /* End of Version 3.011. */
-
- RSA_PopulatePrivateKey,
-
- DSA_NewRandom,
-
- JPAKE_Sign,
- JPAKE_Verify,
- JPAKE_Round2,
- JPAKE_Final,
-
- /* End of Version 3.012 */
-
- TLS_P_hash,
- SHA224_NewContext,
- SHA224_DestroyContext,
- SHA224_Begin,
- SHA224_Update,
- SHA224_End,
- SHA224_HashBuf,
- SHA224_Hash,
- SHA224_TraceState,
- SHA224_FlattenSize,
- SHA224_Flatten,
- SHA224_Resurrect,
- SHA224_Clone,
- BLAPI_SHVerifyFile,
-
- /* End of Version 3.013 */
-
- PQG_ParamGenV2,
- PRNGTEST_RunHealthTests,
-
- /* End of Version 3.014 */
-
- HMAC_ConstantTime,
- SSLv3_MAC_ConstantTime,
-
- /* End of Version 3.015 */
+static const struct FREEBLVectorStr vector =
+ {
+
+ sizeof vector,
+ FREEBL_VERSION,
+
+ RSA_NewKey,
+ RSA_PublicKeyOp,
+ RSA_PrivateKeyOp,
+ DSA_NewKey,
+ DSA_SignDigest,
+ DSA_VerifyDigest,
+ DSA_NewKeyFromSeed,
+ DSA_SignDigestWithSeed,
+ DH_GenParam,
+ DH_NewKey,
+ DH_Derive,
+ KEA_Derive,
+ KEA_Verify,
+ RC4_CreateContext,
+ RC4_DestroyContext,
+ RC4_Encrypt,
+ RC4_Decrypt,
+ RC2_CreateContext,
+ RC2_DestroyContext,
+ RC2_Encrypt,
+ RC2_Decrypt,
+ RC5_CreateContext,
+ RC5_DestroyContext,
+ RC5_Encrypt,
+ RC5_Decrypt,
+ DES_CreateContext,
+ DES_DestroyContext,
+ DES_Encrypt,
+ DES_Decrypt,
+ AES_CreateContext,
+ AES_DestroyContext,
+ AES_Encrypt,
+ AES_Decrypt,
+ MD5_Hash,
+ MD5_HashBuf,
+ MD5_NewContext,
+ MD5_DestroyContext,
+ MD5_Begin,
+ MD5_Update,
+ MD5_End,
+ MD5_FlattenSize,
+ MD5_Flatten,
+ MD5_Resurrect,
+ MD5_TraceState,
+ MD2_Hash,
+ MD2_NewContext,
+ MD2_DestroyContext,
+ MD2_Begin,
+ MD2_Update,
+ MD2_End,
+ MD2_FlattenSize,
+ MD2_Flatten,
+ MD2_Resurrect,
+ SHA1_Hash,
+ SHA1_HashBuf,
+ SHA1_NewContext,
+ SHA1_DestroyContext,
+ SHA1_Begin,
+ SHA1_Update,
+ SHA1_End,
+ SHA1_TraceState,
+ SHA1_FlattenSize,
+ SHA1_Flatten,
+ SHA1_Resurrect,
+ RNG_RNGInit,
+ RNG_RandomUpdate,
+ RNG_GenerateGlobalRandomBytes,
+ RNG_RNGShutdown,
+ PQG_ParamGen,
+ PQG_ParamGenSeedLen,
+ PQG_VerifyParams,
+
+ /* End of Version 3.001. */
+
+ RSA_PrivateKeyOpDoubleChecked,
+ RSA_PrivateKeyCheck,
+ BL_Cleanup,
+
+ /* End of Version 3.002. */
+
+ SHA256_NewContext,
+ SHA256_DestroyContext,
+ SHA256_Begin,
+ SHA256_Update,
+ SHA256_End,
+ SHA256_HashBuf,
+ SHA256_Hash,
+ SHA256_TraceState,
+ SHA256_FlattenSize,
+ SHA256_Flatten,
+ SHA256_Resurrect,
+
+ SHA512_NewContext,
+ SHA512_DestroyContext,
+ SHA512_Begin,
+ SHA512_Update,
+ SHA512_End,
+ SHA512_HashBuf,
+ SHA512_Hash,
+ SHA512_TraceState,
+ SHA512_FlattenSize,
+ SHA512_Flatten,
+ SHA512_Resurrect,
+
+ SHA384_NewContext,
+ SHA384_DestroyContext,
+ SHA384_Begin,
+ SHA384_Update,
+ SHA384_End,
+ SHA384_HashBuf,
+ SHA384_Hash,
+ SHA384_TraceState,
+ SHA384_FlattenSize,
+ SHA384_Flatten,
+ SHA384_Resurrect,
+
+ /* End of Version 3.003. */
+
+ AESKeyWrap_CreateContext,
+ AESKeyWrap_DestroyContext,
+ AESKeyWrap_Encrypt,
+ AESKeyWrap_Decrypt,
+
+ /* End of Version 3.004. */
+
+ BLAPI_SHVerify,
+ BLAPI_VerifySelf,
+
+ /* End of Version 3.005. */
+
+ EC_NewKey,
+ EC_NewKeyFromSeed,
+ EC_ValidatePublicKey,
+ ECDH_Derive,
+ ECDSA_SignDigest,
+ ECDSA_VerifyDigest,
+ ECDSA_SignDigestWithSeed,
+
+ /* End of Version 3.006. */
+ /* End of Version 3.007. */
+
+ AES_InitContext,
+ AESKeyWrap_InitContext,
+ DES_InitContext,
+ RC2_InitContext,
+ RC4_InitContext,
+
+ AES_AllocateContext,
+ AESKeyWrap_AllocateContext,
+ DES_AllocateContext,
+ RC2_AllocateContext,
+ RC4_AllocateContext,
+
+ MD2_Clone,
+ MD5_Clone,
+ SHA1_Clone,
+ SHA256_Clone,
+ SHA384_Clone,
+ SHA512_Clone,
+
+ TLS_PRF,
+ HASH_GetRawHashObject,
+
+ HMAC_Create,
+ HMAC_Init,
+ HMAC_Begin,
+ HMAC_Update,
+ HMAC_Clone,
+ HMAC_Finish,
+ HMAC_Destroy,
+
+ RNG_SystemInfoForRNG,
+
+ /* End of Version 3.008. */
+
+ FIPS186Change_GenerateX,
+ FIPS186Change_ReduceModQForDSA,
+
+ /* End of Version 3.009. */
+ Camellia_InitContext,
+ Camellia_AllocateContext,
+ Camellia_CreateContext,
+ Camellia_DestroyContext,
+ Camellia_Encrypt,
+ Camellia_Decrypt,
+
+ PQG_DestroyParams,
+ PQG_DestroyVerify,
+
+ /* End of Version 3.010. */
+
+ SEED_InitContext,
+ SEED_AllocateContext,
+ SEED_CreateContext,
+ SEED_DestroyContext,
+ SEED_Encrypt,
+ SEED_Decrypt,
+
+ BL_Init,
+ BL_SetForkState,
+
+ PRNGTEST_Instantiate,
+ PRNGTEST_Reseed,
+ PRNGTEST_Generate,
+
+ PRNGTEST_Uninstantiate,
+
+ /* End of Version 3.011. */
+
+ RSA_PopulatePrivateKey,
+
+ DSA_NewRandom,
+
+ JPAKE_Sign,
+ JPAKE_Verify,
+ JPAKE_Round2,
+ JPAKE_Final,
+
+ /* End of Version 3.012 */
+
+ TLS_P_hash,
+ SHA224_NewContext,
+ SHA224_DestroyContext,
+ SHA224_Begin,
+ SHA224_Update,
+ SHA224_End,
+ SHA224_HashBuf,
+ SHA224_Hash,
+ SHA224_TraceState,
+ SHA224_FlattenSize,
+ SHA224_Flatten,
+ SHA224_Resurrect,
+ SHA224_Clone,
+ BLAPI_SHVerifyFile,
+
+ /* End of Version 3.013 */
+
+ PQG_ParamGenV2,
+ PRNGTEST_RunHealthTests,
+
+ /* End of Version 3.014 */
+
+ HMAC_ConstantTime,
+ SSLv3_MAC_ConstantTime,
+
+ /* End of Version 3.015 */
+
+ RSA_SignRaw,
+ RSA_CheckSignRaw,
+ RSA_CheckSignRecoverRaw,
+ RSA_EncryptRaw,
+ RSA_DecryptRaw,
+ RSA_EncryptOAEP,
+ RSA_DecryptOAEP,
+ RSA_EncryptBlock,
+ RSA_DecryptBlock,
+ RSA_SignPSS,
+ RSA_CheckSignPSS,
+ RSA_Sign,
+ RSA_CheckSign,
+ RSA_CheckSignRecover,
- RSA_SignRaw,
- RSA_CheckSignRaw,
- RSA_CheckSignRecoverRaw,
- RSA_EncryptRaw,
- RSA_DecryptRaw,
- RSA_EncryptOAEP,
- RSA_DecryptOAEP,
- RSA_EncryptBlock,
- RSA_DecryptBlock,
- RSA_SignPSS,
- RSA_CheckSignPSS,
- RSA_Sign,
- RSA_CheckSign,
- RSA_CheckSignRecover,
+ /* End of Version 3.016 */
+
+ EC_FillParams,
+ EC_DecodeParams,
+ EC_CopyParams,
- /* End of Version 3.016 */
+ /* End of Version 3.017 */
- EC_FillParams,
- EC_DecodeParams,
- EC_CopyParams,
-
- /* End of Version 3.017 */
-
- ChaCha20Poly1305_InitContext,
- ChaCha20Poly1305_CreateContext,
- ChaCha20Poly1305_DestroyContext,
- ChaCha20Poly1305_Seal,
- ChaCha20Poly1305_Open
-
- /* End of Version 3.018 */
-};
-
-
-
-const FREEBLVector *
+ ChaCha20Poly1305_InitContext,
+ ChaCha20Poly1305_CreateContext,
+ ChaCha20Poly1305_DestroyContext,
+ ChaCha20Poly1305_Seal,
+ ChaCha20Poly1305_Open
+
+ /* End of Version 3.018 */
+ };
+
+const FREEBLVector*
FREEBL_GetVector(void)
{
#ifdef FREEBL_NO_DEPEND
@@ -315,7 +313,7 @@ FREEBL_GetVector(void)
/* this entry point is only valid if nspr and nss-util has been loaded */
rv = FREEBL_InitStubs();
if (rv != SECSuccess) {
- return NULL;
+ return NULL;
}
#endif
/* make sure the Full self tests have been run before continuing */
@@ -325,28 +323,27 @@ FREEBL_GetVector(void)
}
#ifdef FREEBL_LOWHASH
-static const struct NSSLOWVectorStr nssvector =
-{
- sizeof nssvector,
- NSSLOW_VERSION,
- FREEBL_GetVector,
- NSSLOW_Init,
- NSSLOW_Shutdown,
- NSSLOW_Reset,
- NSSLOWHASH_NewContext,
- NSSLOWHASH_Begin,
- NSSLOWHASH_Update,
- NSSLOWHASH_End,
- NSSLOWHASH_Destroy,
- NSSLOWHASH_Length
-};
-
-const NSSLOWVector *
+static const struct NSSLOWVectorStr nssvector =
+ {
+ sizeof nssvector,
+ NSSLOW_VERSION,
+ FREEBL_GetVector,
+ NSSLOW_Init,
+ NSSLOW_Shutdown,
+ NSSLOW_Reset,
+ NSSLOWHASH_NewContext,
+ NSSLOWHASH_Begin,
+ NSSLOWHASH_Update,
+ NSSLOWHASH_End,
+ NSSLOWHASH_Destroy,
+ NSSLOWHASH_Length
+ };
+
+const NSSLOWVector*
NSSLOW_GetVector(void)
{
- /* POST check and stub init happens in FREEBL_GetVector() and
+ /* POST check and stub init happens in FREEBL_GetVector() and
* NSSLOW_Init() respectively */
return &nssvector;
}
#endif
-
diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
index b3fd2cd7d..5958af8dc 100644
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -17,13 +17,13 @@
#include <stdio.h>
#include "prsystem.h"
-static const char *NameOfThisSharedLib =
- SHLIB_PREFIX"softokn"SOFTOKEN_SHLIB_VERSION"."SHLIB_SUFFIX;
+static const char *NameOfThisSharedLib =
+ SHLIB_PREFIX "softokn" SOFTOKEN_SHLIB_VERSION "." SHLIB_SUFFIX;
-static PRLibrary* blLib = NULL;
+static PRLibrary *blLib = NULL;
#define LSB(x) ((x)&0xff)
-#define MSB(x) ((x)>>8)
+#define MSB(x) ((x) >> 8)
static const FREEBLVector *vector;
static const char *libraryName = NULL;
@@ -33,93 +33,94 @@ static const char *libraryName = NULL;
/* This function must be run only once. */
/* determine if hybrid platform, then actually load the DSO. */
static PRStatus
-freebl_LoadDSO( void )
+freebl_LoadDSO(void)
{
- PRLibrary * handle;
- const char * name = getLibName();
+ PRLibrary *handle;
+ const char *name = getLibName();
- if (!name) {
- PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
- return PR_FAILURE;
- }
-
- handle = loader_LoadLibrary(name);
- if (handle) {
- PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
- if (address) {
- FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address;
- const FREEBLVector * dsoVector = getVector();
- if (dsoVector) {
- unsigned short dsoVersion = dsoVector->version;
- unsigned short myVersion = FREEBL_VERSION;
- if (MSB(dsoVersion) == MSB(myVersion) &&
- LSB(dsoVersion) >= LSB(myVersion) &&
- dsoVector->length >= sizeof(FREEBLVector)) {
- vector = dsoVector;
- libraryName = name;
- blLib = handle;
- return PR_SUCCESS;
- }
- }
+ if (!name) {
+ PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
+ return PR_FAILURE;
}
+
+ handle = loader_LoadLibrary(name);
+ if (handle) {
+ PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
+ if (address) {
+ FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address;
+ const FREEBLVector *dsoVector = getVector();
+ if (dsoVector) {
+ unsigned short dsoVersion = dsoVector->version;
+ unsigned short myVersion = FREEBL_VERSION;
+ if (MSB(dsoVersion) == MSB(myVersion) &&
+ LSB(dsoVersion) >= LSB(myVersion) &&
+ dsoVector->length >= sizeof(FREEBLVector)) {
+ vector = dsoVector;
+ libraryName = name;
+ blLib = handle;
+ return PR_SUCCESS;
+ }
+ }
+ }
#ifdef DEBUG
- if (blLib) {
- PRStatus status = PR_UnloadLibrary(blLib);
- PORT_Assert(PR_SUCCESS == status);
- }
+ if (blLib) {
+ PRStatus status = PR_UnloadLibrary(blLib);
+ PORT_Assert(PR_SUCCESS == status);
+ }
#else
- if (blLib) PR_UnloadLibrary(blLib);
+ if (blLib)
+ PR_UnloadLibrary(blLib);
#endif
- }
- return PR_FAILURE;
+ }
+ return PR_FAILURE;
}
static const PRCallOnceType pristineCallOnce;
static PRCallOnceType loadFreeBLOnce;
static PRStatus
-freebl_RunLoaderOnce( void )
+freebl_RunLoaderOnce(void)
{
- PRStatus status;
+ PRStatus status;
- status = PR_CallOnce(&loadFreeBLOnce, &freebl_LoadDSO);
- return status;
+ status = PR_CallOnce(&loadFreeBLOnce, &freebl_LoadDSO);
+ return status;
}
-SECStatus
+SECStatus
BL_Init(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_BL_Init)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_BL_Init)();
}
-RSAPrivateKey *
-RSA_NewKey(int keySizeInBits, SECItem * publicExponent)
+RSAPrivateKey *
+RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_RSA_NewKey)(keySizeInBits, publicExponent);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_RSA_NewKey)(keySizeInBits, publicExponent);
}
-SECStatus
-RSA_PublicKeyOp(RSAPublicKey * key,
- unsigned char * output,
- const unsigned char * input)
+SECStatus
+RSA_PublicKeyOp(RSAPublicKey *key,
+ unsigned char *output,
+ const unsigned char *input)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_PublicKeyOp)(key, output, input);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_PublicKeyOp)(key, output, input);
}
-SECStatus
-RSA_PrivateKeyOp(RSAPrivateKey * key,
- unsigned char * output,
- const unsigned char * input)
+SECStatus
+RSA_PrivateKeyOp(RSAPrivateKey *key,
+ unsigned char *output,
+ const unsigned char *input)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_PrivateKeyOp)(key, output, input);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_PrivateKeyOp)(key, output, input);
}
SECStatus
@@ -127,1029 +128,1025 @@ RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
unsigned char *output,
const unsigned char *input)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_PrivateKeyOpDoubleChecked)(key, output, input);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_PrivateKeyOpDoubleChecked)(key, output, input);
}
SECStatus
RSA_PrivateKeyCheck(const RSAPrivateKey *key)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_PrivateKeyCheck)(key);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_PrivateKeyCheck)(key);
}
-SECStatus
-DSA_NewKey(const PQGParams * params, DSAPrivateKey ** privKey)
+SECStatus
+DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DSA_NewKey)(params, privKey);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DSA_NewKey)(params, privKey);
}
-SECStatus
-DSA_SignDigest(DSAPrivateKey * key, SECItem * signature, const SECItem * digest)
+SECStatus
+DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DSA_SignDigest)( key, signature, digest);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DSA_SignDigest)(key, signature, digest);
}
-SECStatus
-DSA_VerifyDigest(DSAPublicKey * key, const SECItem * signature,
- const SECItem * digest)
+SECStatus
+DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
+ const SECItem *digest)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DSA_VerifyDigest)( key, signature, digest);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DSA_VerifyDigest)(key, signature, digest);
}
-SECStatus
-DSA_NewKeyFromSeed(const PQGParams *params, const unsigned char * seed,
+SECStatus
+DSA_NewKeyFromSeed(const PQGParams *params, const unsigned char *seed,
DSAPrivateKey **privKey)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DSA_NewKeyFromSeed)(params, seed, privKey);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DSA_NewKeyFromSeed)(params, seed, privKey);
}
-SECStatus
-DSA_SignDigestWithSeed(DSAPrivateKey * key, SECItem * signature,
- const SECItem * digest, const unsigned char * seed)
+SECStatus
+DSA_SignDigestWithSeed(DSAPrivateKey *key, SECItem *signature,
+ const SECItem *digest, const unsigned char *seed)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DSA_SignDigestWithSeed)( key, signature, digest, seed);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DSA_SignDigestWithSeed)(key, signature, digest, seed);
}
SECStatus
-DSA_NewRandom(PLArenaPool * arena, const SECItem * q, SECItem * seed)
+DSA_NewRandom(PLArenaPool *arena, const SECItem *q, SECItem *seed)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_DSA_NewRandom)(arena, q, seed);
}
-SECStatus
-DH_GenParam(int primeLen, DHParams ** params)
+SECStatus
+DH_GenParam(int primeLen, DHParams **params)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DH_GenParam)(primeLen, params);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DH_GenParam)(primeLen, params);
}
-SECStatus
-DH_NewKey(DHParams * params, DHPrivateKey ** privKey)
+SECStatus
+DH_NewKey(DHParams *params, DHPrivateKey **privKey)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DH_NewKey)( params, privKey);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DH_NewKey)(params, privKey);
}
-SECStatus
-DH_Derive(SECItem * publicValue, SECItem * prime, SECItem * privateValue,
- SECItem * derivedSecret, unsigned int maxOutBytes)
+SECStatus
+DH_Derive(SECItem *publicValue, SECItem *prime, SECItem *privateValue,
+ SECItem *derivedSecret, unsigned int maxOutBytes)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DH_Derive)( publicValue, prime, privateValue,
- derivedSecret, maxOutBytes);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DH_Derive)(publicValue, prime, privateValue,
+ derivedSecret, maxOutBytes);
}
-SECStatus
-KEA_Derive(SECItem *prime, SECItem *public1, SECItem *public2,
- SECItem *private1, SECItem *private2, SECItem *derivedSecret)
+SECStatus
+KEA_Derive(SECItem *prime, SECItem *public1, SECItem *public2,
+ SECItem *private1, SECItem *private2, SECItem *derivedSecret)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_KEA_Derive)(prime, public1, public2,
- private1, private2, derivedSecret);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_KEA_Derive)(prime, public1, public2,
+ private1, private2, derivedSecret);
}
-PRBool
+PRBool
KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return PR_FALSE;
- return (vector->p_KEA_Verify)(Y, prime, subPrime);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return PR_FALSE;
+ return (vector->p_KEA_Verify)(Y, prime, subPrime);
}
RC4Context *
RC4_CreateContext(const unsigned char *key, int len)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_RC4_CreateContext)(key, len);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_RC4_CreateContext)(key, len);
}
-void
+void
RC4_DestroyContext(RC4Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_RC4_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_RC4_DestroyContext)(cx, freeit);
}
-SECStatus
-RC4_Encrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+RC4_Encrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC4_Encrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC4_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
-SECStatus
-RC4_Decrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+RC4_Decrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC4_Decrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC4_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
RC2Context *
RC2_CreateContext(const unsigned char *key, unsigned int len,
- const unsigned char *iv, int mode, unsigned effectiveKeyLen)
+ const unsigned char *iv, int mode, unsigned effectiveKeyLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_RC2_CreateContext)(key, len, iv, mode, effectiveKeyLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_RC2_CreateContext)(key, len, iv, mode, effectiveKeyLen);
}
-void
+void
RC2_DestroyContext(RC2Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_RC2_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_RC2_DestroyContext)(cx, freeit);
}
-SECStatus
-RC2_Encrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+RC2_Encrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC2_Encrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC2_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
-SECStatus
-RC2_Decrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+RC2_Decrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC2_Decrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC2_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
RC5Context *
RC5_CreateContext(const SECItem *key, unsigned int rounds,
- unsigned int wordSize, const unsigned char *iv, int mode)
+ unsigned int wordSize, const unsigned char *iv, int mode)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_RC5_CreateContext)(key, rounds, wordSize, iv, mode);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_RC5_CreateContext)(key, rounds, wordSize, iv, mode);
}
-void
+void
RC5_DestroyContext(RC5Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_RC5_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_RC5_DestroyContext)(cx, freeit);
}
-SECStatus
-RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC5_Encrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC5_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
-SECStatus
-RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC5_Decrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC5_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
DESContext *
DES_CreateContext(const unsigned char *key, const unsigned char *iv,
- int mode, PRBool encrypt)
+ int mode, PRBool encrypt)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_DES_CreateContext)(key, iv, mode, encrypt);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_DES_CreateContext)(key, iv, mode, encrypt);
}
-void
+void
DES_DestroyContext(DESContext *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_DES_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_DES_DestroyContext)(cx, freeit);
}
-SECStatus
-DES_Encrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+DES_Encrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DES_Encrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DES_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
-SECStatus
-DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
SEEDContext *
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
- int mode, PRBool encrypt)
+ int mode, PRBool encrypt)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SEED_CreateContext)(key, iv, mode, encrypt);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SEED_CreateContext)(key, iv, mode, encrypt);
}
-void
+void
SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SEED_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SEED_DestroyContext)(cx, freeit);
}
-SECStatus
-SEED_Encrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+SEED_Encrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SEED_Encrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SEED_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
-SECStatus
-SEED_Decrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
- unsigned int maxOutputLen, const unsigned char *input,
- unsigned int inputLen)
+SECStatus
+SEED_Decrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
+ unsigned int maxOutputLen, const unsigned char *input,
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SEED_Decrypt)(cx, output, outputLen, maxOutputLen, input,
- inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SEED_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+ inputLen);
}
AESContext *
-AES_CreateContext(const unsigned char *key, const unsigned char *iv,
+AES_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, int encrypt,
unsigned int keylen, unsigned int blocklen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_AES_CreateContext)(key, iv, mode, encrypt, keylen,
- blocklen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_AES_CreateContext)(key, iv, mode, encrypt, keylen,
+ blocklen);
}
-void
+void
AES_DestroyContext(AESContext *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_AES_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_AES_DestroyContext)(cx, freeit);
}
-SECStatus
+SECStatus
AES_Encrypt(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_AES_Encrypt)(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_AES_Encrypt)(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
-SECStatus
+SECStatus
AES_Decrypt(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_AES_Decrypt)(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_AES_Decrypt)(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
-SECStatus
+SECStatus
MD5_Hash(unsigned char *dest, const char *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_MD5_Hash)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_MD5_Hash)(dest, src);
}
-SECStatus
+SECStatus
MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_MD5_HashBuf)(dest, src, src_length);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_MD5_HashBuf)(dest, src, src_length);
}
MD5Context *
MD5_NewContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_MD5_NewContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_MD5_NewContext)();
}
-void
+void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_MD5_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD5_DestroyContext)(cx, freeit);
}
-void
+void
MD5_Begin(MD5Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_MD5_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD5_Begin)(cx);
}
-void
+void
MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_MD5_Update)(cx, input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD5_Update)(cx, input, inputLen);
}
-void
+void
MD5_End(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_MD5_End)(cx, digest, digestLen, maxDigestLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD5_End)(cx, digest, digestLen, maxDigestLen);
}
-unsigned int
+unsigned int
MD5_FlattenSize(MD5Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return 0;
- return (vector->p_MD5_FlattenSize)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return 0;
+ return (vector->p_MD5_FlattenSize)(cx);
}
-SECStatus
-MD5_Flatten(MD5Context *cx,unsigned char *space)
+SECStatus
+MD5_Flatten(MD5Context *cx, unsigned char *space)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_MD5_Flatten)(cx, space);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_MD5_Flatten)(cx, space);
}
-MD5Context *
+MD5Context *
MD5_Resurrect(unsigned char *space, void *arg)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_MD5_Resurrect)(space, arg);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_MD5_Resurrect)(space, arg);
}
-void
+void
MD5_TraceState(MD5Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_MD5_TraceState)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD5_TraceState)(cx);
}
-SECStatus
+SECStatus
MD2_Hash(unsigned char *dest, const char *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_MD2_Hash)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_MD2_Hash)(dest, src);
}
MD2Context *
MD2_NewContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_MD2_NewContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_MD2_NewContext)();
}
-void
+void
MD2_DestroyContext(MD2Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_MD2_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD2_DestroyContext)(cx, freeit);
}
-void
+void
MD2_Begin(MD2Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_MD2_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD2_Begin)(cx);
}
-void
+void
MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_MD2_Update)(cx, input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD2_Update)(cx, input, inputLen);
}
-void
+void
MD2_End(MD2Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_MD2_End)(cx, digest, digestLen, maxDigestLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD2_End)(cx, digest, digestLen, maxDigestLen);
}
-unsigned int
+unsigned int
MD2_FlattenSize(MD2Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return 0;
- return (vector->p_MD2_FlattenSize)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return 0;
+ return (vector->p_MD2_FlattenSize)(cx);
}
-SECStatus
-MD2_Flatten(MD2Context *cx,unsigned char *space)
+SECStatus
+MD2_Flatten(MD2Context *cx, unsigned char *space)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_MD2_Flatten)(cx, space);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_MD2_Flatten)(cx, space);
}
-MD2Context *
+MD2Context *
MD2_Resurrect(unsigned char *space, void *arg)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_MD2_Resurrect)(space, arg);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_MD2_Resurrect)(space, arg);
}
-
-SECStatus
+SECStatus
SHA1_Hash(unsigned char *dest, const char *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA1_Hash)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA1_Hash)(dest, src);
}
-SECStatus
+SECStatus
SHA1_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA1_HashBuf)(dest, src, src_length);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA1_HashBuf)(dest, src, src_length);
}
SHA1Context *
SHA1_NewContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA1_NewContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA1_NewContext)();
}
-void
+void
SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA1_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA1_DestroyContext)(cx, freeit);
}
-void
+void
SHA1_Begin(SHA1Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA1_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA1_Begin)(cx);
}
-void
+void
SHA1_Update(SHA1Context *cx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA1_Update)(cx, input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA1_Update)(cx, input, inputLen);
}
-void
+void
SHA1_End(SHA1Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA1_End)(cx, digest, digestLen, maxDigestLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA1_End)(cx, digest, digestLen, maxDigestLen);
}
-void
+void
SHA1_TraceState(SHA1Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA1_TraceState)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA1_TraceState)(cx);
}
-unsigned int
+unsigned int
SHA1_FlattenSize(SHA1Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return 0;
- return (vector->p_SHA1_FlattenSize)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return 0;
+ return (vector->p_SHA1_FlattenSize)(cx);
}
-SECStatus
-SHA1_Flatten(SHA1Context *cx,unsigned char *space)
+SECStatus
+SHA1_Flatten(SHA1Context *cx, unsigned char *space)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA1_Flatten)(cx, space);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA1_Flatten)(cx, space);
}
-SHA1Context *
+SHA1Context *
SHA1_Resurrect(unsigned char *space, void *arg)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA1_Resurrect)(space, arg);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA1_Resurrect)(space, arg);
}
-SECStatus
+SECStatus
RNG_RNGInit(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RNG_RNGInit)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RNG_RNGInit)();
}
-SECStatus
+SECStatus
RNG_RandomUpdate(const void *data, size_t bytes)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RNG_RandomUpdate)(data, bytes);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RNG_RandomUpdate)(data, bytes);
}
-SECStatus
+SECStatus
RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RNG_GenerateGlobalRandomBytes)(dest, len);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RNG_GenerateGlobalRandomBytes)(dest, len);
}
-void
+void
RNG_RNGShutdown(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_RNG_RNGShutdown)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_RNG_RNGShutdown)();
}
SECStatus
PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_PQG_ParamGen)(j, pParams, pVfy);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_PQG_ParamGen)(j, pParams, pVfy);
}
SECStatus
-PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes,
- PQGParams **pParams, PQGVerify **pVfy)
+PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_PQG_ParamGenSeedLen)(j, seedBytes, pParams, pVfy);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_PQG_ParamGenSeedLen)(j, seedBytes, pParams, pVfy);
}
-
-SECStatus
-PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy,
- SECStatus *result)
+SECStatus
+PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy,
+ SECStatus *result)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_PQG_VerifyParams)(params, vfy, result);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_PQG_VerifyParams)(params, vfy, result);
}
-void
+void
PQG_DestroyParams(PQGParams *params)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_PQG_DestroyParams)(params);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_PQG_DestroyParams)(params);
}
-void
+void
PQG_DestroyVerify(PQGVerify *vfy)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_PQG_DestroyVerify)(vfy);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_PQG_DestroyVerify)(vfy);
}
-void
+void
BL_Cleanup(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_BL_Cleanup)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_BL_Cleanup)();
}
void
BL_Unload(void)
{
- /* This function is not thread-safe, but doesn't need to be, because it is
- * only called from functions that are also defined as not thread-safe,
- * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
- * from NSS_Shutdown. */
- char *disableUnload = NULL;
- vector = NULL;
- /* If an SSL socket is configured with SSL_BYPASS_PKCS11, but the application
- * never does a handshake on it, BL_Unload will be called even though freebl
- * was never loaded. So, don't assert blLib. */
- if (blLib) {
- disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
- if (!disableUnload) {
+ /* This function is not thread-safe, but doesn't need to be, because it is
+ * only called from functions that are also defined as not thread-safe,
+ * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
+ * from NSS_Shutdown. */
+ char *disableUnload = NULL;
+ vector = NULL;
+ /* If an SSL socket is configured with SSL_BYPASS_PKCS11, but the application
+ * never does a handshake on it, BL_Unload will be called even though freebl
+ * was never loaded. So, don't assert blLib. */
+ if (blLib) {
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+ if (!disableUnload) {
#ifdef DEBUG
- PRStatus status = PR_UnloadLibrary(blLib);
- PORT_Assert(PR_SUCCESS == status);
+ PRStatus status = PR_UnloadLibrary(blLib);
+ PORT_Assert(PR_SUCCESS == status);
#else
- PR_UnloadLibrary(blLib);
+ PR_UnloadLibrary(blLib);
#endif
- }
- blLib = NULL;
- }
- loadFreeBLOnce = pristineCallOnce;
+ }
+ blLib = NULL;
+ }
+ loadFreeBLOnce = pristineCallOnce;
}
/* ============== New for 3.003 =============================== */
-SECStatus
+SECStatus
SHA256_Hash(unsigned char *dest, const char *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA256_Hash)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA256_Hash)(dest, src);
}
-SECStatus
+SECStatus
SHA256_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA256_HashBuf)(dest, src, src_length);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA256_HashBuf)(dest, src, src_length);
}
SHA256Context *
SHA256_NewContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA256_NewContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA256_NewContext)();
}
-void
+void
SHA256_DestroyContext(SHA256Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA256_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA256_DestroyContext)(cx, freeit);
}
-void
+void
SHA256_Begin(SHA256Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA256_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA256_Begin)(cx);
}
-void
+void
SHA256_Update(SHA256Context *cx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA256_Update)(cx, input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA256_Update)(cx, input, inputLen);
}
-void
+void
SHA256_End(SHA256Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen);
}
-void
+void
SHA256_TraceState(SHA256Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA256_TraceState)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA256_TraceState)(cx);
}
-unsigned int
+unsigned int
SHA256_FlattenSize(SHA256Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return 0;
- return (vector->p_SHA256_FlattenSize)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return 0;
+ return (vector->p_SHA256_FlattenSize)(cx);
}
-SECStatus
-SHA256_Flatten(SHA256Context *cx,unsigned char *space)
+SECStatus
+SHA256_Flatten(SHA256Context *cx, unsigned char *space)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA256_Flatten)(cx, space);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA256_Flatten)(cx, space);
}
-SHA256Context *
+SHA256Context *
SHA256_Resurrect(unsigned char *space, void *arg)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA256_Resurrect)(space, arg);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA256_Resurrect)(space, arg);
}
-SECStatus
+SECStatus
SHA512_Hash(unsigned char *dest, const char *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA512_Hash)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA512_Hash)(dest, src);
}
-SECStatus
+SECStatus
SHA512_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA512_HashBuf)(dest, src, src_length);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA512_HashBuf)(dest, src, src_length);
}
SHA512Context *
SHA512_NewContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA512_NewContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA512_NewContext)();
}
-void
+void
SHA512_DestroyContext(SHA512Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA512_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA512_DestroyContext)(cx, freeit);
}
-void
+void
SHA512_Begin(SHA512Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA512_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA512_Begin)(cx);
}
-void
+void
SHA512_Update(SHA512Context *cx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA512_Update)(cx, input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA512_Update)(cx, input, inputLen);
}
-void
+void
SHA512_End(SHA512Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen);
}
-void
+void
SHA512_TraceState(SHA512Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA512_TraceState)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA512_TraceState)(cx);
}
-unsigned int
+unsigned int
SHA512_FlattenSize(SHA512Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return 0;
- return (vector->p_SHA512_FlattenSize)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return 0;
+ return (vector->p_SHA512_FlattenSize)(cx);
}
-SECStatus
-SHA512_Flatten(SHA512Context *cx,unsigned char *space)
+SECStatus
+SHA512_Flatten(SHA512Context *cx, unsigned char *space)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA512_Flatten)(cx, space);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA512_Flatten)(cx, space);
}
-SHA512Context *
+SHA512Context *
SHA512_Resurrect(unsigned char *space, void *arg)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA512_Resurrect)(space, arg);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA512_Resurrect)(space, arg);
}
-
-SECStatus
+SECStatus
SHA384_Hash(unsigned char *dest, const char *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA384_Hash)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA384_Hash)(dest, src);
}
-SECStatus
+SECStatus
SHA384_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA384_HashBuf)(dest, src, src_length);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA384_HashBuf)(dest, src, src_length);
}
SHA384Context *
SHA384_NewContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA384_NewContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA384_NewContext)();
}
-void
+void
SHA384_DestroyContext(SHA384Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA384_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA384_DestroyContext)(cx, freeit);
}
-void
+void
SHA384_Begin(SHA384Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA384_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA384_Begin)(cx);
}
-void
+void
SHA384_Update(SHA384Context *cx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA384_Update)(cx, input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA384_Update)(cx, input, inputLen);
}
-void
+void
SHA384_End(SHA384Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen);
}
-void
+void
SHA384_TraceState(SHA384Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_SHA384_TraceState)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA384_TraceState)(cx);
}
-unsigned int
+unsigned int
SHA384_FlattenSize(SHA384Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return 0;
- return (vector->p_SHA384_FlattenSize)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return 0;
+ return (vector->p_SHA384_FlattenSize)(cx);
}
-SECStatus
-SHA384_Flatten(SHA384Context *cx,unsigned char *space)
+SECStatus
+SHA384_Flatten(SHA384Context *cx, unsigned char *space)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA384_Flatten)(cx, space);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA384_Flatten)(cx, space);
}
-SHA384Context *
+SHA384Context *
SHA384_Resurrect(unsigned char *space, void *arg)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA384_Resurrect)(space, arg);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA384_Resurrect)(space, arg);
}
-
AESKeyWrapContext *
-AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
int encrypt, unsigned int keylen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return vector->p_AESKeyWrap_CreateContext(key, iv, encrypt, keylen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return vector->p_AESKeyWrap_CreateContext(key, iv, encrypt, keylen);
}
-void
+void
AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- vector->p_AESKeyWrap_DestroyContext(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ vector->p_AESKeyWrap_DestroyContext(cx, freeit);
}
-SECStatus
+SECStatus
AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return vector->p_AESKeyWrap_Encrypt(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return vector->p_AESKeyWrap_Encrypt(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
-SECStatus
+SECStatus
AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return vector->p_AESKeyWrap_Decrypt(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return vector->p_AESKeyWrap_Decrypt(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
PRBool
BLAPI_SHVerify(const char *name, PRFuncPtr addr)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return PR_FALSE;
- return vector->p_BLAPI_SHVerify(name, addr);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return PR_FALSE;
+ return vector->p_BLAPI_SHVerify(name, addr);
}
/*
@@ -1161,75 +1158,75 @@ BLAPI_SHVerify(const char *name, PRFuncPtr addr)
PRBool
BLAPI_VerifySelf(const char *name)
{
- PORT_Assert(!name);
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return PR_FALSE;
- return vector->p_BLAPI_VerifySelf(libraryName);
+ PORT_Assert(!name);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return PR_FALSE;
+ return vector->p_BLAPI_VerifySelf(libraryName);
}
/* ============== New for 3.006 =============================== */
-SECStatus
-EC_NewKey(ECParams * params, ECPrivateKey ** privKey)
+SECStatus
+EC_NewKey(ECParams *params, ECPrivateKey **privKey)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_EC_NewKey)( params, privKey );
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_EC_NewKey)(params, privKey);
}
-SECStatus
-EC_NewKeyFromSeed(ECParams * params, ECPrivateKey ** privKey,
- const unsigned char *seed, int seedlen)
+SECStatus
+EC_NewKeyFromSeed(ECParams *params, ECPrivateKey **privKey,
+ const unsigned char *seed, int seedlen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_EC_NewKeyFromSeed)( params, privKey, seed, seedlen );
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_EC_NewKeyFromSeed)(params, privKey, seed, seedlen);
}
-SECStatus
-EC_ValidatePublicKey(ECParams * params, SECItem * publicValue)
+SECStatus
+EC_ValidatePublicKey(ECParams *params, SECItem *publicValue)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_EC_ValidatePublicKey)( params, publicValue );
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_EC_ValidatePublicKey)(params, publicValue);
}
-SECStatus
-ECDH_Derive(SECItem * publicValue, ECParams * params, SECItem * privateValue,
- PRBool withCofactor, SECItem * derivedSecret)
+SECStatus
+ECDH_Derive(SECItem *publicValue, ECParams *params, SECItem *privateValue,
+ PRBool withCofactor, SECItem *derivedSecret)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_ECDH_Derive)( publicValue, params, privateValue,
- withCofactor, derivedSecret );
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_ECDH_Derive)(publicValue, params, privateValue,
+ withCofactor, derivedSecret);
}
SECStatus
-ECDSA_SignDigest(ECPrivateKey * key, SECItem * signature,
- const SECItem * digest)
+ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature,
+ const SECItem *digest)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_ECDSA_SignDigest)( key, signature, digest );
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_ECDSA_SignDigest)(key, signature, digest);
}
SECStatus
-ECDSA_VerifyDigest(ECPublicKey * key, const SECItem * signature,
- const SECItem * digest)
+ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
+ const SECItem *digest)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_ECDSA_VerifyDigest)( key, signature, digest );
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_ECDSA_VerifyDigest)(key, signature, digest);
}
SECStatus
-ECDSA_SignDigestWithSeed(ECPrivateKey * key, SECItem * signature,
- const SECItem * digest, const unsigned char *seed, const int seedlen)
+ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
+ const SECItem *digest, const unsigned char *seed, const int seedlen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_ECDSA_SignDigestWithSeed)( key, signature, digest,
- seed, seedlen );
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_ECDSA_SignDigestWithSeed)(key, signature, digest,
+ seed, seedlen);
}
/* ============== New for 3.008 =============================== */
@@ -1237,247 +1234,245 @@ ECDSA_SignDigestWithSeed(ECPrivateKey * key, SECItem * signature,
AESContext *
AES_AllocateContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_AES_AllocateContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_AES_AllocateContext)();
}
AESKeyWrapContext *
AESKeyWrap_AllocateContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_AESKeyWrap_AllocateContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_AESKeyWrap_AllocateContext)();
}
DESContext *
DES_AllocateContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_DES_AllocateContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_DES_AllocateContext)();
}
RC2Context *
RC2_AllocateContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_RC2_AllocateContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_RC2_AllocateContext)();
}
RC4Context *
RC4_AllocateContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_RC4_AllocateContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_RC4_AllocateContext)();
}
-SECStatus
-AES_InitContext(AESContext *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *iv, int mode,
- unsigned int encrypt, unsigned int blocklen)
+SECStatus
+AES_InitContext(AESContext *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *iv, int mode,
+ unsigned int encrypt, unsigned int blocklen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_AES_InitContext)(cx, key, keylen, iv, mode, encrypt,
- blocklen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_AES_InitContext)(cx, key, keylen, iv, mode, encrypt,
+ blocklen);
}
-SECStatus
-AESKeyWrap_InitContext(AESKeyWrapContext *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *iv, int mode,
- unsigned int encrypt, unsigned int blocklen)
+SECStatus
+AESKeyWrap_InitContext(AESKeyWrapContext *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *iv, int mode,
+ unsigned int encrypt, unsigned int blocklen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_AESKeyWrap_InitContext)(cx, key, keylen, iv, mode,
- encrypt, blocklen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_AESKeyWrap_InitContext)(cx, key, keylen, iv, mode,
+ encrypt, blocklen);
}
-SECStatus
-DES_InitContext(DESContext *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *iv, int mode,
- unsigned int encrypt, unsigned int xtra)
+SECStatus
+DES_InitContext(DESContext *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *iv, int mode,
+ unsigned int encrypt, unsigned int xtra)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_DES_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_DES_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
}
-SECStatus
-SEED_InitContext(SEEDContext *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *iv, int mode,
- unsigned int encrypt, unsigned int xtra)
+SECStatus
+SEED_InitContext(SEEDContext *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *iv, int mode,
+ unsigned int encrypt, unsigned int xtra)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SEED_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SEED_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
}
-SECStatus
-RC2_InitContext(RC2Context *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *iv, int mode,
- unsigned int effectiveKeyLen, unsigned int xtra)
+SECStatus
+RC2_InitContext(RC2Context *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *iv, int mode,
+ unsigned int effectiveKeyLen, unsigned int xtra)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC2_InitContext)(cx, key, keylen, iv, mode,
- effectiveKeyLen, xtra);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC2_InitContext)(cx, key, keylen, iv, mode,
+ effectiveKeyLen, xtra);
}
-SECStatus
-RC4_InitContext(RC4Context *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *x1, int x2,
- unsigned int x3, unsigned int x4)
+SECStatus
+RC4_InitContext(RC4Context *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *x1, int x2,
+ unsigned int x3, unsigned int x4)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RC4_InitContext)(cx, key, keylen, x1, x2, x3, x4);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RC4_InitContext)(cx, key, keylen, x1, x2, x3, x4);
}
-void
+void
MD2_Clone(MD2Context *dest, MD2Context *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_MD2_Clone)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD2_Clone)(dest, src);
}
-void
+void
MD5_Clone(MD5Context *dest, MD5Context *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_MD5_Clone)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_MD5_Clone)(dest, src);
}
-void
+void
SHA1_Clone(SHA1Context *dest, SHA1Context *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA1_Clone)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA1_Clone)(dest, src);
}
-void
+void
SHA256_Clone(SHA256Context *dest, SHA256Context *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA256_Clone)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA256_Clone)(dest, src);
}
-void
+void
SHA384_Clone(SHA384Context *dest, SHA384Context *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA384_Clone)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA384_Clone)(dest, src);
}
-void
+void
SHA512_Clone(SHA512Context *dest, SHA512Context *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA512_Clone)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA512_Clone)(dest, src);
}
-SECStatus
-TLS_PRF(const SECItem *secret, const char *label,
- SECItem *seed, SECItem *result, PRBool isFIPS)
+SECStatus
+TLS_PRF(const SECItem *secret, const char *label,
+ SECItem *seed, SECItem *result, PRBool isFIPS)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_TLS_PRF)(secret, label, seed, result, isFIPS);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_TLS_PRF)(secret, label, seed, result, isFIPS);
}
const SECHashObject *
HASH_GetRawHashObject(HASH_HashType hashType)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_HASH_GetRawHashObject)(hashType);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_HASH_GetRawHashObject)(hashType);
}
-
void
HMAC_Destroy(HMACContext *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_HMAC_Destroy)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_HMAC_Destroy)(cx, freeit);
}
HMACContext *
-HMAC_Create(const SECHashObject *hashObj, const unsigned char *secret,
- unsigned int secret_len, PRBool isFIPS)
+HMAC_Create(const SECHashObject *hashObj, const unsigned char *secret,
+ unsigned int secret_len, PRBool isFIPS)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_HMAC_Create)(hashObj, secret, secret_len, isFIPS);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_HMAC_Create)(hashObj, secret, secret_len, isFIPS);
}
SECStatus
-HMAC_Init(HMACContext *cx, const SECHashObject *hashObj,
- const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+HMAC_Init(HMACContext *cx, const SECHashObject *hashObj,
+ const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_HMAC_Init)(cx, hashObj, secret, secret_len, isFIPS);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_HMAC_Init)(cx, hashObj, secret, secret_len, isFIPS);
}
void
HMAC_Begin(HMACContext *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_HMAC_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_HMAC_Begin)(cx);
}
-void
+void
HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_HMAC_Update)(cx, data, data_len);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_HMAC_Update)(cx, data, data_len);
}
SECStatus
HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
- unsigned int max_result_len)
+ unsigned int max_result_len)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_HMAC_Finish)(cx, result, result_len, max_result_len);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_HMAC_Finish)(cx, result, result_len, max_result_len);
}
HMACContext *
HMAC_Clone(HMACContext *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_HMAC_Clone)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_HMAC_Clone)(cx);
}
void
RNG_SystemInfoForRNG(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
- (vector->p_RNG_SystemInfoForRNG)();
-
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_RNG_SystemInfoForRNG)();
}
SECStatus
FIPS186Change_GenerateX(unsigned char *XKEY, const unsigned char *XSEEDj,
unsigned char *x_j)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_FIPS186Change_GenerateX)(XKEY, XSEEDj, x_j);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_FIPS186Change_GenerateX)(XKEY, XSEEDj, x_j);
}
SECStatus
@@ -1485,116 +1480,116 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w,
const unsigned char *q,
unsigned char *xj)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_FIPS186Change_ReduceModQForDSA)(w, q, xj);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_FIPS186Change_ReduceModQForDSA)(w, q, xj);
}
/* === new for Camellia === */
-SECStatus
-Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *iv, int mode,
- unsigned int encrypt, unsigned int unused)
+SECStatus
+Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *iv, int mode,
+ unsigned int encrypt, unsigned int unused)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_Camellia_InitContext)(cx, key, keylen, iv, mode, encrypt,
- unused);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_Camellia_InitContext)(cx, key, keylen, iv, mode, encrypt,
+ unused);
}
CamelliaContext *
Camellia_AllocateContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_Camellia_AllocateContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_Camellia_AllocateContext)();
}
-
CamelliaContext *
-Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
- int mode, int encrypt,
- unsigned int keylen)
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
+ int mode, int encrypt,
+ unsigned int keylen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
+ return NULL;
return (vector->p_Camellia_CreateContext)(key, iv, mode, encrypt, keylen);
}
-void
+void
Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return ;
+ return;
(vector->p_Camellia_DestroyContext)(cx, freeit);
}
-SECStatus
+SECStatus
Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_Camellia_Encrypt)(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ return SECFailure;
+ return (vector->p_Camellia_Encrypt)(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
-SECStatus
+SECStatus
Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen)
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen,
- input, inputLen);
+ return SECFailure;
+ return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen,
+ input, inputLen);
}
-void BL_SetForkState(PRBool forked)
+void
+BL_SetForkState(PRBool forked)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
+ return;
(vector->p_BL_SetForkState)(forked);
}
SECStatus
-PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
- const PRUint8 *nonce, unsigned int nonce_len,
- const PRUint8 *personal_string, unsigned int ps_len)
+PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
+ const PRUint8 *nonce, unsigned int nonce_len,
+ const PRUint8 *personal_string, unsigned int ps_len)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_PRNGTEST_Instantiate)(entropy, entropy_len,
- nonce, nonce_len,
- personal_string, ps_len);
+ return SECFailure;
+ return (vector->p_PRNGTEST_Instantiate)(entropy, entropy_len,
+ nonce, nonce_len,
+ personal_string, ps_len);
}
SECStatus
-PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
- const PRUint8 *additional, unsigned int additional_len)
+PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
+ const PRUint8 *additional, unsigned int additional_len)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_PRNGTEST_Reseed)(entropy, entropy_len,
- additional, additional_len);
+ return SECFailure;
+ return (vector->p_PRNGTEST_Reseed)(entropy, entropy_len,
+ additional, additional_len);
}
SECStatus
-PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
- const PRUint8 *additional, unsigned int additional_len)
+PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
+ const PRUint8 *additional, unsigned int additional_len)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_PRNGTEST_Generate)(bytes, bytes_len,
- additional, additional_len);
+ return SECFailure;
+ return (vector->p_PRNGTEST_Generate)(bytes, bytes_len,
+ additional, additional_len);
}
SECStatus
PRNGTEST_Uninstantiate()
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
+ return SECFailure;
return (vector->p_PRNGTEST_Uninstantiate)();
}
@@ -1602,16 +1597,15 @@ SECStatus
RSA_PopulatePrivateKey(RSAPrivateKey *key)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
+ return SECFailure;
return (vector->p_RSA_PopulatePrivateKey)(key);
}
-
SECStatus
-JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
- const SECItem * signerID, const SECItem * x,
- const SECItem * testRandom, const SECItem * gxIn, SECItem * gxOut,
- SECItem * gv, SECItem * r)
+JPAKE_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+ const SECItem *signerID, const SECItem *x,
+ const SECItem *testRandom, const SECItem *gxIn, SECItem *gxOut,
+ SECItem *gv, SECItem *r)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
@@ -1620,21 +1614,21 @@ JPAKE_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
}
SECStatus
-JPAKE_Verify(PLArenaPool * arena, const PQGParams * pqg,
- HASH_HashType hashType, const SECItem * signerID,
- const SECItem * peerID, const SECItem * gx,
- const SECItem * gv, const SECItem * r)
+JPAKE_Verify(PLArenaPool *arena, const PQGParams *pqg,
+ HASH_HashType hashType, const SECItem *signerID,
+ const SECItem *peerID, const SECItem *gx,
+ const SECItem *gv, const SECItem *r)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
- return (vector->p_JPAKE_Verify)(arena, pqg, hashType, signerID, peerID,
+ return (vector->p_JPAKE_Verify)(arena, pqg, hashType, signerID, peerID,
gx, gv, r);
}
SECStatus
-JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q,
- const SECItem * gx1, const SECItem * gx3, const SECItem * gx4,
- SECItem * base, const SECItem * x2, const SECItem * s, SECItem * x2s)
+JPAKE_Round2(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+ const SECItem *gx1, const SECItem *gx3, const SECItem *gx4,
+ SECItem *base, const SECItem *x2, const SECItem *s, SECItem *x2s)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
@@ -1642,146 +1636,146 @@ JPAKE_Round2(PLArenaPool * arena, const SECItem * p, const SECItem *q,
}
SECStatus
-JPAKE_Final(PLArenaPool * arena, const SECItem * p, const SECItem *q,
- const SECItem * x2, const SECItem * gx4, const SECItem * x2s,
- const SECItem * B, SECItem * K)
+JPAKE_Final(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+ const SECItem *x2, const SECItem *gx4, const SECItem *x2s,
+ const SECItem *B, SECItem *K)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_JPAKE_Final)(arena, p, q, x2, gx4, x2s, B, K);
}
-SECStatus
+SECStatus
TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
SECItem *seed, SECItem *result, PRBool isFIPS)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_TLS_P_hash)(hashAlg, secret, label, seed, result, isFIPS);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_TLS_P_hash)(hashAlg, secret, label, seed, result, isFIPS);
}
-SECStatus
+SECStatus
SHA224_Hash(unsigned char *dest, const char *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA224_Hash)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA224_Hash)(dest, src);
}
SECStatus
SHA224_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA224_HashBuf)(dest, src, src_length);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA224_HashBuf)(dest, src, src_length);
}
SHA224Context *
SHA224_NewContext(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA224_NewContext)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA224_NewContext)();
}
void
SHA224_DestroyContext(SHA224Context *cx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA224_DestroyContext)(cx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA224_DestroyContext)(cx, freeit);
}
void
SHA224_Begin(SHA256Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA224_Begin)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA224_Begin)(cx);
}
void
SHA224_Update(SHA224Context *cx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA224_Update)(cx, input, inputLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA224_Update)(cx, input, inputLen);
}
void
SHA224_End(SHA224Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA224_End)(cx, digest, digestLen, maxDigestLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA224_End)(cx, digest, digestLen, maxDigestLen);
}
void
SHA224_TraceState(SHA224Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA224_TraceState)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA224_TraceState)(cx);
}
unsigned int
SHA224_FlattenSize(SHA224Context *cx)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return 0;
- return (vector->p_SHA224_FlattenSize)(cx);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return 0;
+ return (vector->p_SHA224_FlattenSize)(cx);
}
SECStatus
-SHA224_Flatten(SHA224Context *cx,unsigned char *space)
+SHA224_Flatten(SHA224Context *cx, unsigned char *space)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SHA224_Flatten)(cx, space);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SHA224_Flatten)(cx, space);
}
SHA224Context *
SHA224_Resurrect(unsigned char *space, void *arg)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_SHA224_Resurrect)(space, arg);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_SHA224_Resurrect)(space, arg);
}
-void
+void
SHA224_Clone(SHA224Context *dest, SHA224Context *src)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_SHA224_Clone)(dest, src);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_SHA224_Clone)(dest, src);
}
PRBool
BLAPI_SHVerifyFile(const char *name)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return PR_FALSE;
- return vector->p_BLAPI_SHVerifyFile(name);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return PR_FALSE;
+ return vector->p_BLAPI_SHVerifyFile(name);
}
/* === new for DSA-2 === */
SECStatus
-PQG_ParamGenV2( unsigned int L, unsigned int N, unsigned int seedBytes,
+PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
PQGParams **pParams, PQGVerify **pVfy)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_PQG_ParamGenV2)(L, N, seedBytes, pParams, pVfy);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_PQG_ParamGenV2)(L, N, seedBytes, pParams, pVfy);
}
SECStatus
PRNGTEST_RunHealthTests(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return vector->p_PRNGTEST_RunHealthTests();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return vector->p_PRNGTEST_RunHealthTests();
}
SECStatus
@@ -1798,14 +1792,14 @@ SSLv3_MAC_ConstantTime(
unsigned int bodyLen,
unsigned int bodyTotalLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_SSLv3_MAC_ConstantTime)(
- result, resultLen, maxResultLen,
- hashObj,
- secret, secretLen,
- header, headerLen,
- body, bodyLen, bodyTotalLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_SSLv3_MAC_ConstantTime)(
+ result, resultLen, maxResultLen,
+ hashObj,
+ secret, secretLen,
+ header, headerLen,
+ body, bodyLen, bodyTotalLen);
}
SECStatus
@@ -1822,224 +1816,253 @@ HMAC_ConstantTime(
unsigned int bodyLen,
unsigned int bodyTotalLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_HMAC_ConstantTime)(
- result, resultLen, maxResultLen,
- hashObj,
- secret, secretLen,
- header, headerLen,
- body, bodyLen, bodyTotalLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_HMAC_ConstantTime)(
+ result, resultLen, maxResultLen,
+ hashObj,
+ secret, secretLen,
+ header, headerLen,
+ body, bodyLen, bodyTotalLen);
}
-SECStatus RSA_SignRaw(RSAPrivateKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_SignRaw)(key, output, outputLen, maxOutputLen, input,
- inputLen);
-}
-
-SECStatus RSA_CheckSignRaw(RSAPublicKey *key,
- const unsigned char *sig,
- unsigned int sigLen,
- const unsigned char *hash,
- unsigned int hashLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_CheckSignRaw)(key, sig, sigLen, hash, hashLen);
-}
-
-SECStatus RSA_CheckSignRecoverRaw(RSAPublicKey *key,
- unsigned char *data,
- unsigned int *dataLen,
- unsigned int maxDataLen,
- const unsigned char *sig,
- unsigned int sigLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_CheckSignRecoverRaw)(key, data, dataLen, maxDataLen,
- sig, sigLen);
-}
-
-SECStatus RSA_EncryptRaw(RSAPublicKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_EncryptRaw)(key, output, outputLen, maxOutputLen,
- input, inputLen);
-}
-
-SECStatus RSA_DecryptRaw(RSAPrivateKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_DecryptRaw)(key, output, outputLen, maxOutputLen,
- input, inputLen);
-
-}
-
-SECStatus RSA_EncryptOAEP(RSAPublicKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char *label,
- unsigned int labelLen,
- const unsigned char *seed,
- unsigned int seedLen,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_EncryptOAEP)(key, hashAlg, maskHashAlg, label,
- labelLen, seed, seedLen, output,
- outputLen, maxOutputLen, input, inputLen);
-}
-
-SECStatus RSA_DecryptOAEP(RSAPrivateKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char *label,
- unsigned int labelLen,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_DecryptOAEP)(key, hashAlg, maskHashAlg, label,
- labelLen, output, outputLen,
- maxOutputLen, input, inputLen);
-}
-
-SECStatus RSA_EncryptBlock(RSAPublicKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_EncryptBlock)(key, output, outputLen, maxOutputLen,
+SECStatus
+RSA_SignRaw(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_SignRaw)(key, output, outputLen, maxOutputLen, input,
+ inputLen);
+}
+
+SECStatus
+RSA_CheckSignRaw(RSAPublicKey *key,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *hash,
+ unsigned int hashLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_CheckSignRaw)(key, sig, sigLen, hash, hashLen);
+}
+
+SECStatus
+RSA_CheckSignRecoverRaw(RSAPublicKey *key,
+ unsigned char *data,
+ unsigned int *dataLen,
+ unsigned int maxDataLen,
+ const unsigned char *sig,
+ unsigned int sigLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_CheckSignRecoverRaw)(key, data, dataLen, maxDataLen,
+ sig, sigLen);
+}
+
+SECStatus
+RSA_EncryptRaw(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_EncryptRaw)(key, output, outputLen, maxOutputLen,
input, inputLen);
}
-SECStatus RSA_DecryptBlock(RSAPrivateKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_DecryptBlock)(key, output, outputLen, maxOutputLen,
+SECStatus
+RSA_DecryptRaw(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_DecryptRaw)(key, output, outputLen, maxOutputLen,
input, inputLen);
}
-SECStatus RSA_SignPSS(RSAPrivateKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char *salt,
- unsigned int saltLen,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_SignPSS)(key, hashAlg, maskHashAlg, salt, saltLen,
- output, outputLen, maxOutputLen, input,
- inputLen);
-}
-
-SECStatus RSA_CheckSignPSS(RSAPublicKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- unsigned int saltLen,
- const unsigned char *sig,
- unsigned int sigLen,
- const unsigned char *hash,
- unsigned int hashLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_CheckSignPSS)(key, hashAlg, maskHashAlg, saltLen,
- sig, sigLen, hash, hashLen);
-}
-
-SECStatus RSA_Sign(RSAPrivateKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_Sign)(key, output, outputLen, maxOutputLen, input,
- inputLen);
-}
-
-SECStatus RSA_CheckSign(RSAPublicKey *key,
- const unsigned char *sig,
- unsigned int sigLen,
- const unsigned char *data,
- unsigned int dataLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_CheckSign)(key, sig, sigLen, data, dataLen);
+SECStatus
+RSA_EncryptOAEP(RSAPublicKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *label,
+ unsigned int labelLen,
+ const unsigned char *seed,
+ unsigned int seedLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_EncryptOAEP)(key, hashAlg, maskHashAlg, label,
+ labelLen, seed, seedLen, output,
+ outputLen, maxOutputLen, input, inputLen);
+}
+SECStatus
+RSA_DecryptOAEP(RSAPrivateKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *label,
+ unsigned int labelLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_DecryptOAEP)(key, hashAlg, maskHashAlg, label,
+ labelLen, output, outputLen,
+ maxOutputLen, input, inputLen);
+}
+
+SECStatus
+RSA_EncryptBlock(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_EncryptBlock)(key, output, outputLen, maxOutputLen,
+ input, inputLen);
+}
+
+SECStatus
+RSA_DecryptBlock(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_DecryptBlock)(key, output, outputLen, maxOutputLen,
+ input, inputLen);
+}
+
+SECStatus
+RSA_SignPSS(RSAPrivateKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *salt,
+ unsigned int saltLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_SignPSS)(key, hashAlg, maskHashAlg, salt, saltLen,
+ output, outputLen, maxOutputLen, input,
+ inputLen);
+}
+
+SECStatus
+RSA_CheckSignPSS(RSAPublicKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ unsigned int saltLen,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *hash,
+ unsigned int hashLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_CheckSignPSS)(key, hashAlg, maskHashAlg, saltLen,
+ sig, sigLen, hash, hashLen);
+}
+
+SECStatus
+RSA_Sign(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_Sign)(key, output, outputLen, maxOutputLen, input,
+ inputLen);
}
-SECStatus RSA_CheckSignRecover(RSAPublicKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *sig,
- unsigned int sigLen) {
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_RSA_CheckSignRecover)(key, output, outputLen, maxOutputLen,
- sig, sigLen);
+SECStatus
+RSA_CheckSign(RSAPublicKey *key,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *data,
+ unsigned int dataLen)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_CheckSign)(key, sig, sigLen, data, dataLen);
}
-SECStatus EC_FillParams(PLArenaPool *arena,
- const SECItem *encodedParams,
- ECParams *params)
+SECStatus
+RSA_CheckSignRecover(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *sig,
+ unsigned int sigLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_EC_FillParams)(arena, encodedParams, params);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_RSA_CheckSignRecover)(key, output, outputLen, maxOutputLen,
+ sig, sigLen);
}
-SECStatus EC_DecodeParams(const SECItem *encodedParams,
- ECParams **ecparams)
+SECStatus
+EC_FillParams(PLArenaPool *arena,
+ const SECItem *encodedParams,
+ ECParams *params)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_EC_DecodeParams)(encodedParams, ecparams);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_EC_FillParams)(arena, encodedParams, params);
}
-SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
- const ECParams *srcParams)
+SECStatus
+EC_DecodeParams(const SECItem *encodedParams,
+ ECParams **ecparams)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_EC_CopyParams)(arena, dstParams, srcParams);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_EC_DecodeParams)(encodedParams, ecparams);
+}
+
+SECStatus
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+ const ECParams *srcParams)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_EC_CopyParams)(arena, dstParams, srcParams);
}
SECStatus
@@ -2047,26 +2070,26 @@ ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
const unsigned char *key, unsigned int keyLen,
unsigned int tagLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_ChaCha20Poly1305_InitContext)(ctx, key, keyLen, tagLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_ChaCha20Poly1305_InitContext)(ctx, key, keyLen, tagLen);
}
ChaCha20Poly1305Context *
ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen,
unsigned int tagLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_ChaCha20Poly1305_CreateContext)(key, keyLen, tagLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_ChaCha20Poly1305_CreateContext)(key, keyLen, tagLen);
}
void
ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_ChaCha20Poly1305_DestroyContext)(ctx, freeit);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_ChaCha20Poly1305_DestroyContext)(ctx, freeit);
}
SECStatus
@@ -2077,11 +2100,11 @@ ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx,
const unsigned char *nonce, unsigned int nonceLen,
const unsigned char *ad, unsigned int adLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_ChaCha20Poly1305_Seal)(
- ctx, output, outputLen, maxOutputLen, input, inputLen,
- nonce, nonceLen, ad, adLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_ChaCha20Poly1305_Seal)(
+ ctx, output, outputLen, maxOutputLen, input, inputLen,
+ nonce, nonceLen, ad, adLen);
}
SECStatus
@@ -2092,10 +2115,9 @@ ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx,
const unsigned char *nonce, unsigned int nonceLen,
const unsigned char *ad, unsigned int adLen)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return SECFailure;
- return (vector->p_ChaCha20Poly1305_Open)(
- ctx, output, outputLen, maxOutputLen, input, inputLen,
- nonce, nonceLen, ad, adLen);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return SECFailure;
+ return (vector->p_ChaCha20Poly1305_Open)(
+ ctx, output, outputLen, maxOutputLen, input, inputLen,
+ nonce, nonceLen, ad, adLen);
}
-
diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h
index ef195857c..ced03b5ca 100644
--- a/lib/freebl/loader.h
+++ b/lib/freebl/loader.h
@@ -10,734 +10,731 @@
#include "blapi.h"
-
#define FREEBL_VERSION 0x0312
struct FREEBLVectorStr {
- unsigned short length; /* of this struct in bytes */
- unsigned short version; /* of this struct. */
+ unsigned short length; /* of this struct in bytes */
+ unsigned short version; /* of this struct. */
+
+ RSAPrivateKey *(*p_RSA_NewKey)(int keySizeInBits,
+ SECItem *publicExponent);
+
+ SECStatus (*p_RSA_PublicKeyOp)(RSAPublicKey *key,
+ unsigned char *output,
+ const unsigned char *input);
+
+ SECStatus (*p_RSA_PrivateKeyOp)(RSAPrivateKey *key,
+ unsigned char *output,
+ const unsigned char *input);
- RSAPrivateKey * (* p_RSA_NewKey)(int keySizeInBits,
- SECItem * publicExponent);
+ SECStatus (*p_DSA_NewKey)(const PQGParams *params,
+ DSAPrivateKey **privKey);
- SECStatus (* p_RSA_PublicKeyOp) (RSAPublicKey * key,
- unsigned char * output,
- const unsigned char * input);
+ SECStatus (*p_DSA_SignDigest)(DSAPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest);
- SECStatus (* p_RSA_PrivateKeyOp)(RSAPrivateKey * key,
- unsigned char * output,
- const unsigned char * input);
+ SECStatus (*p_DSA_VerifyDigest)(DSAPublicKey *key,
+ const SECItem *signature,
+ const SECItem *digest);
- SECStatus (* p_DSA_NewKey)(const PQGParams * params,
- DSAPrivateKey ** privKey);
+ SECStatus (*p_DSA_NewKeyFromSeed)(const PQGParams *params,
+ const unsigned char *seed,
+ DSAPrivateKey **privKey);
- SECStatus (* p_DSA_SignDigest)(DSAPrivateKey * key,
- SECItem * signature,
- const SECItem * digest);
+ SECStatus (*p_DSA_SignDigestWithSeed)(DSAPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest,
+ const unsigned char *seed);
- SECStatus (* p_DSA_VerifyDigest)(DSAPublicKey * key,
- const SECItem * signature,
- const SECItem * digest);
+ SECStatus (*p_DH_GenParam)(int primeLen, DHParams **params);
- SECStatus (* p_DSA_NewKeyFromSeed)(const PQGParams *params,
- const unsigned char * seed,
- DSAPrivateKey **privKey);
+ SECStatus (*p_DH_NewKey)(DHParams *params,
+ DHPrivateKey **privKey);
- SECStatus (* p_DSA_SignDigestWithSeed)(DSAPrivateKey * key,
- SECItem * signature,
- const SECItem * digest,
- const unsigned char * seed);
+ SECStatus (*p_DH_Derive)(SECItem *publicValue,
+ SECItem *prime,
+ SECItem *privateValue,
+ SECItem *derivedSecret,
+ unsigned int maxOutBytes);
- SECStatus (* p_DH_GenParam)(int primeLen, DHParams ** params);
+ SECStatus (*p_KEA_Derive)(SECItem *prime,
+ SECItem *public1,
+ SECItem *public2,
+ SECItem *private1,
+ SECItem *private2,
+ SECItem *derivedSecret);
- SECStatus (* p_DH_NewKey)(DHParams * params,
- DHPrivateKey ** privKey);
+ PRBool (*p_KEA_Verify)(SECItem *Y, SECItem *prime, SECItem *subPrime);
- SECStatus (* p_DH_Derive)(SECItem * publicValue,
- SECItem * prime,
- SECItem * privateValue,
- SECItem * derivedSecret,
- unsigned int maxOutBytes);
+ RC4Context *(*p_RC4_CreateContext)(const unsigned char *key, int len);
- SECStatus (* p_KEA_Derive)(SECItem *prime,
- SECItem *public1,
- SECItem *public2,
- SECItem *private1,
- SECItem *private2,
- SECItem *derivedSecret);
+ void (*p_RC4_DestroyContext)(RC4Context *cx, PRBool freeit);
- PRBool (* p_KEA_Verify)(SECItem *Y, SECItem *prime, SECItem *subPrime);
+ SECStatus (*p_RC4_Encrypt)(RC4Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- RC4Context * (* p_RC4_CreateContext)(const unsigned char *key, int len);
+ SECStatus (*p_RC4_Decrypt)(RC4Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- void (* p_RC4_DestroyContext)(RC4Context *cx, PRBool freeit);
+ RC2Context *(*p_RC2_CreateContext)(const unsigned char *key,
+ unsigned int len, const unsigned char *iv,
+ int mode, unsigned effectiveKeyLen);
- SECStatus (* p_RC4_Encrypt)(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ void (*p_RC2_DestroyContext)(RC2Context *cx, PRBool freeit);
- SECStatus (* p_RC4_Decrypt)(RC4Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_RC2_Encrypt)(RC2Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- RC2Context * (* p_RC2_CreateContext)(const unsigned char *key,
- unsigned int len, const unsigned char *iv,
- int mode, unsigned effectiveKeyLen);
+ SECStatus (*p_RC2_Decrypt)(RC2Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- void (* p_RC2_DestroyContext)(RC2Context *cx, PRBool freeit);
+ RC5Context *(*p_RC5_CreateContext)(const SECItem *key, unsigned int rounds,
+ unsigned int wordSize, const unsigned char *iv, int mode);
- SECStatus (* p_RC2_Encrypt)(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ void (*p_RC5_DestroyContext)(RC5Context *cx, PRBool freeit);
- SECStatus (* p_RC2_Decrypt)(RC2Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_RC5_Encrypt)(RC5Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- RC5Context *(* p_RC5_CreateContext)(const SECItem *key, unsigned int rounds,
- unsigned int wordSize, const unsigned char *iv, int mode);
+ SECStatus (*p_RC5_Decrypt)(RC5Context *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- void (* p_RC5_DestroyContext)(RC5Context *cx, PRBool freeit);
+ DESContext *(*p_DES_CreateContext)(const unsigned char *key,
+ const unsigned char *iv,
+ int mode, PRBool encrypt);
- SECStatus (* p_RC5_Encrypt)(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ void (*p_DES_DestroyContext)(DESContext *cx, PRBool freeit);
- SECStatus (* p_RC5_Decrypt)(RC5Context *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_DES_Encrypt)(DESContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- DESContext *(* p_DES_CreateContext)(const unsigned char *key,
- const unsigned char *iv,
- int mode, PRBool encrypt);
+ SECStatus (*p_DES_Decrypt)(DESContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- void (* p_DES_DestroyContext)(DESContext *cx, PRBool freeit);
+ AESContext *(*p_AES_CreateContext)(const unsigned char *key,
+ const unsigned char *iv,
+ int mode, int encrypt, unsigned int keylen,
+ unsigned int blocklen);
- SECStatus (* p_DES_Encrypt)(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ void (*p_AES_DestroyContext)(AESContext *cx, PRBool freeit);
- SECStatus (* p_DES_Decrypt)(DESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_AES_Encrypt)(AESContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- AESContext * (* p_AES_CreateContext)(const unsigned char *key,
- const unsigned char *iv,
- int mode, int encrypt, unsigned int keylen,
- unsigned int blocklen);
+ SECStatus (*p_AES_Decrypt)(AESContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- void (* p_AES_DestroyContext)(AESContext *cx, PRBool freeit);
+ SECStatus (*p_MD5_Hash)(unsigned char *dest, const char *src);
- SECStatus (* p_AES_Encrypt)(AESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src,
+ PRUint32 src_length);
- SECStatus (* p_AES_Decrypt)(AESContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ MD5Context *(*p_MD5_NewContext)(void);
- SECStatus (* p_MD5_Hash)(unsigned char *dest, const char *src);
+ void (*p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit);
- SECStatus (* p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ void (*p_MD5_Begin)(MD5Context *cx);
- MD5Context *(* p_MD5_NewContext)(void);
+ void (*p_MD5_Update)(MD5Context *cx,
+ const unsigned char *input, unsigned int inputLen);
- void (* p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit);
+ void (*p_MD5_End)(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
- void (* p_MD5_Begin)(MD5Context *cx);
+ unsigned int (*p_MD5_FlattenSize)(MD5Context *cx);
- void (* p_MD5_Update)(MD5Context *cx,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_MD5_Flatten)(MD5Context *cx, unsigned char *space);
- void (* p_MD5_End)(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ MD5Context *(*p_MD5_Resurrect)(unsigned char *space, void *arg);
- unsigned int (* p_MD5_FlattenSize)(MD5Context *cx);
+ void (*p_MD5_TraceState)(MD5Context *cx);
- SECStatus (* p_MD5_Flatten)(MD5Context *cx,unsigned char *space);
+ SECStatus (*p_MD2_Hash)(unsigned char *dest, const char *src);
- MD5Context * (* p_MD5_Resurrect)(unsigned char *space, void *arg);
+ MD2Context *(*p_MD2_NewContext)(void);
- void (* p_MD5_TraceState)(MD5Context *cx);
+ void (*p_MD2_DestroyContext)(MD2Context *cx, PRBool freeit);
- SECStatus (* p_MD2_Hash)(unsigned char *dest, const char *src);
+ void (*p_MD2_Begin)(MD2Context *cx);
- MD2Context *(* p_MD2_NewContext)(void);
+ void (*p_MD2_Update)(MD2Context *cx,
+ const unsigned char *input, unsigned int inputLen);
- void (* p_MD2_DestroyContext)(MD2Context *cx, PRBool freeit);
+ void (*p_MD2_End)(MD2Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
- void (* p_MD2_Begin)(MD2Context *cx);
+ unsigned int (*p_MD2_FlattenSize)(MD2Context *cx);
- void (* p_MD2_Update)(MD2Context *cx,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_MD2_Flatten)(MD2Context *cx, unsigned char *space);
- void (* p_MD2_End)(MD2Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ MD2Context *(*p_MD2_Resurrect)(unsigned char *space, void *arg);
- unsigned int (* p_MD2_FlattenSize)(MD2Context *cx);
+ SECStatus (*p_SHA1_Hash)(unsigned char *dest, const char *src);
- SECStatus (* p_MD2_Flatten)(MD2Context *cx,unsigned char *space);
+ SECStatus (*p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src,
+ PRUint32 src_length);
- MD2Context * (* p_MD2_Resurrect)(unsigned char *space, void *arg);
+ SHA1Context *(*p_SHA1_NewContext)(void);
- SECStatus (* p_SHA1_Hash)(unsigned char *dest, const char *src);
+ void (*p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit);
+
+ void (*p_SHA1_Begin)(SHA1Context *cx);
+
+ void (*p_SHA1_Update)(SHA1Context *cx, const unsigned char *input,
+ unsigned int inputLen);
- SECStatus (* p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
+ void (*p_SHA1_End)(SHA1Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
- SHA1Context *(* p_SHA1_NewContext)(void);
+ void (*p_SHA1_TraceState)(SHA1Context *cx);
- void (* p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit);
+ unsigned int (*p_SHA1_FlattenSize)(SHA1Context *cx);
- void (* p_SHA1_Begin)(SHA1Context *cx);
+ SECStatus (*p_SHA1_Flatten)(SHA1Context *cx, unsigned char *space);
- void (* p_SHA1_Update)(SHA1Context *cx, const unsigned char *input,
- unsigned int inputLen);
+ SHA1Context *(*p_SHA1_Resurrect)(unsigned char *space, void *arg);
- void (* p_SHA1_End)(SHA1Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (*p_RNG_RNGInit)(void);
- void (* p_SHA1_TraceState)(SHA1Context *cx);
+ SECStatus (*p_RNG_RandomUpdate)(const void *data, size_t bytes);
- unsigned int (* p_SHA1_FlattenSize)(SHA1Context *cx);
+ SECStatus (*p_RNG_GenerateGlobalRandomBytes)(void *dest, size_t len);
- SECStatus (* p_SHA1_Flatten)(SHA1Context *cx,unsigned char *space);
+ void (*p_RNG_RNGShutdown)(void);
- SHA1Context * (* p_SHA1_Resurrect)(unsigned char *space, void *arg);
+ SECStatus (*p_PQG_ParamGen)(unsigned int j, PQGParams **pParams,
+ PQGVerify **pVfy);
- SECStatus (* p_RNG_RNGInit)(void);
+ SECStatus (*p_PQG_ParamGenSeedLen)(unsigned int j, unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy);
- SECStatus (* p_RNG_RandomUpdate)(const void *data, size_t bytes);
+ SECStatus (*p_PQG_VerifyParams)(const PQGParams *params,
+ const PQGVerify *vfy, SECStatus *result);
- SECStatus (* p_RNG_GenerateGlobalRandomBytes)(void *dest, size_t len);
+ /* Version 3.001 came to here */
- void (* p_RNG_RNGShutdown)(void);
+ SECStatus (*p_RSA_PrivateKeyOpDoubleChecked)(RSAPrivateKey *key,
+ unsigned char *output,
+ const unsigned char *input);
- SECStatus (* p_PQG_ParamGen)(unsigned int j, PQGParams **pParams,
- PQGVerify **pVfy);
+ SECStatus (*p_RSA_PrivateKeyCheck)(const RSAPrivateKey *key);
- SECStatus (* p_PQG_ParamGenSeedLen)( unsigned int j, unsigned int seedBytes,
- PQGParams **pParams, PQGVerify **pVfy);
+ void (*p_BL_Cleanup)(void);
- SECStatus (* p_PQG_VerifyParams)(const PQGParams *params,
- const PQGVerify *vfy, SECStatus *result);
+ /* Version 3.002 came to here */
- /* Version 3.001 came to here */
+ SHA256Context *(*p_SHA256_NewContext)(void);
+ void (*p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
+ void (*p_SHA256_Begin)(SHA256Context *cx);
+ void (*p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
+ unsigned int inputLen);
+ void (*p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (*p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
+ PRUint32 src_length);
+ SECStatus (*p_SHA256_Hash)(unsigned char *dest, const char *src);
+ void (*p_SHA256_TraceState)(SHA256Context *cx);
+ unsigned int (*p_SHA256_FlattenSize)(SHA256Context *cx);
+ SECStatus (*p_SHA256_Flatten)(SHA256Context *cx, unsigned char *space);
+ SHA256Context *(*p_SHA256_Resurrect)(unsigned char *space, void *arg);
- SECStatus (* p_RSA_PrivateKeyOpDoubleChecked)(RSAPrivateKey *key,
- unsigned char *output,
- const unsigned char *input);
+ SHA512Context *(*p_SHA512_NewContext)(void);
+ void (*p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
+ void (*p_SHA512_Begin)(SHA512Context *cx);
+ void (*p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
+ unsigned int inputLen);
+ void (*p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (*p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
+ PRUint32 src_length);
+ SECStatus (*p_SHA512_Hash)(unsigned char *dest, const char *src);
+ void (*p_SHA512_TraceState)(SHA512Context *cx);
+ unsigned int (*p_SHA512_FlattenSize)(SHA512Context *cx);
+ SECStatus (*p_SHA512_Flatten)(SHA512Context *cx, unsigned char *space);
+ SHA512Context *(*p_SHA512_Resurrect)(unsigned char *space, void *arg);
- SECStatus (* p_RSA_PrivateKeyCheck)(const RSAPrivateKey *key);
+ SHA384Context *(*p_SHA384_NewContext)(void);
+ void (*p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
+ void (*p_SHA384_Begin)(SHA384Context *cx);
+ void (*p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
+ unsigned int inputLen);
+ void (*p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (*p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
+ PRUint32 src_length);
+ SECStatus (*p_SHA384_Hash)(unsigned char *dest, const char *src);
+ void (*p_SHA384_TraceState)(SHA384Context *cx);
+ unsigned int (*p_SHA384_FlattenSize)(SHA384Context *cx);
+ SECStatus (*p_SHA384_Flatten)(SHA384Context *cx, unsigned char *space);
+ SHA384Context *(*p_SHA384_Resurrect)(unsigned char *space, void *arg);
- void (* p_BL_Cleanup)(void);
+ /* Version 3.003 came to here */
+
+ AESKeyWrapContext *(*p_AESKeyWrap_CreateContext)(const unsigned char *key,
+ const unsigned char *iv, int encrypt, unsigned int keylen);
+
+ void (*p_AESKeyWrap_DestroyContext)(AESKeyWrapContext *cx, PRBool freeit);
+
+ SECStatus (*p_AESKeyWrap_Encrypt)(AESKeyWrapContext *cx,
+ unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (*p_AESKeyWrap_Decrypt)(AESKeyWrapContext *cx,
+ unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
- /* Version 3.002 came to here */
+ /* Version 3.004 came to here */
- SHA256Context *(* p_SHA256_NewContext)(void);
- void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
- void (* p_SHA256_Begin)(SHA256Context *cx);
- void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
- unsigned int inputLen);
- void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
- SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA256_TraceState)(SHA256Context *cx);
- unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx);
- SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space);
- SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg);
+ PRBool (*p_BLAPI_SHVerify)(const char *name, PRFuncPtr addr);
+ PRBool (*p_BLAPI_VerifySelf)(const char *name);
- SHA512Context *(* p_SHA512_NewContext)(void);
- void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
- void (* p_SHA512_Begin)(SHA512Context *cx);
- void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
- unsigned int inputLen);
- void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
- SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA512_TraceState)(SHA512Context *cx);
- unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx);
- SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space);
- SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg);
+ /* Version 3.005 came to here */
- SHA384Context *(* p_SHA384_NewContext)(void);
- void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
- void (* p_SHA384_Begin)(SHA384Context *cx);
- void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
- unsigned int inputLen);
- void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
- SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src);
- void (* p_SHA384_TraceState)(SHA384Context *cx);
- unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx);
- SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space);
- SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg);
+ SECStatus (*p_EC_NewKey)(ECParams *params,
+ ECPrivateKey **privKey);
- /* Version 3.003 came to here */
+ SECStatus (*p_EC_NewKeyFromSeed)(ECParams *params,
+ ECPrivateKey **privKey,
+ const unsigned char *seed,
+ int seedlen);
- AESKeyWrapContext * (* p_AESKeyWrap_CreateContext)(const unsigned char *key,
- const unsigned char *iv, int encrypt, unsigned int keylen);
+ SECStatus (*p_EC_ValidatePublicKey)(ECParams *params,
+ SECItem *publicValue);
- void (* p_AESKeyWrap_DestroyContext)(AESKeyWrapContext *cx, PRBool freeit);
+ SECStatus (*p_ECDH_Derive)(SECItem *publicValue,
+ ECParams *params,
+ SECItem *privateValue,
+ PRBool withCofactor,
+ SECItem *derivedSecret);
- SECStatus (* p_AESKeyWrap_Encrypt)(AESKeyWrapContext *cx,
- unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_ECDSA_SignDigest)(ECPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest);
- SECStatus (* p_AESKeyWrap_Decrypt)(AESKeyWrapContext *cx,
- unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
+ SECStatus (*p_ECDSA_VerifyDigest)(ECPublicKey *key,
+ const SECItem *signature,
+ const SECItem *digest);
- /* Version 3.004 came to here */
+ SECStatus (*p_ECDSA_SignDigestWithSeed)(ECPrivateKey *key,
+ SECItem *signature,
+ const SECItem *digest,
+ const unsigned char *seed,
+ const int seedlen);
- PRBool (*p_BLAPI_SHVerify)(const char *name, PRFuncPtr addr);
- PRBool (*p_BLAPI_VerifySelf)(const char *name);
+ /* Version 3.006 came to here */
- /* Version 3.005 came to here */
-
- SECStatus (* p_EC_NewKey)(ECParams * params,
- ECPrivateKey ** privKey);
-
- SECStatus (* p_EC_NewKeyFromSeed)(ECParams * params,
- ECPrivateKey ** privKey,
- const unsigned char * seed,
- int seedlen);
-
- SECStatus (* p_EC_ValidatePublicKey)(ECParams * params,
- SECItem * publicValue);
-
- SECStatus (* p_ECDH_Derive)(SECItem * publicValue,
- ECParams * params,
- SECItem * privateValue,
- PRBool withCofactor,
- SECItem * derivedSecret);
-
- SECStatus (* p_ECDSA_SignDigest)(ECPrivateKey * key,
- SECItem * signature,
- const SECItem * digest);
-
- SECStatus (* p_ECDSA_VerifyDigest)(ECPublicKey * key,
- const SECItem * signature,
- const SECItem * digest);
-
- SECStatus (* p_ECDSA_SignDigestWithSeed)(ECPrivateKey * key,
- SECItem * signature,
- const SECItem * digest,
- const unsigned char * seed,
- const int seedlen);
-
- /* Version 3.006 came to here */
-
- /* no modification to FREEBLVectorStr itself
- * but ECParamStr was modified
+ /* no modification to FREEBLVectorStr itself
+ * but ECParamStr was modified
*/
- /* Version 3.007 came to here */
-
- SECStatus (* p_AES_InitContext)(AESContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int blocklen);
- SECStatus (* p_AESKeyWrap_InitContext)(AESKeyWrapContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int blocklen);
- SECStatus (* p_DES_InitContext)(DESContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int );
- SECStatus (* p_RC2_InitContext)(RC2Context *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int effectiveKeyLen,
- unsigned int );
- SECStatus (* p_RC4_InitContext)(RC4Context *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *,
- int,
- unsigned int ,
- unsigned int );
-
- AESContext *(*p_AES_AllocateContext)(void);
- AESKeyWrapContext *(*p_AESKeyWrap_AllocateContext)(void);
- DESContext *(*p_DES_AllocateContext)(void);
- RC2Context *(*p_RC2_AllocateContext)(void);
- RC4Context *(*p_RC4_AllocateContext)(void);
-
- void (* p_MD2_Clone)(MD2Context *dest, MD2Context *src);
- void (* p_MD5_Clone)(MD5Context *dest, MD5Context *src);
- void (* p_SHA1_Clone)(SHA1Context *dest, SHA1Context *src);
- void (* p_SHA256_Clone)(SHA256Context *dest, SHA256Context *src);
- void (* p_SHA384_Clone)(SHA384Context *dest, SHA384Context *src);
- void (* p_SHA512_Clone)(SHA512Context *dest, SHA512Context *src);
-
- SECStatus (* p_TLS_PRF)(const SECItem *secret, const char *label,
- SECItem *seed, SECItem *result, PRBool isFIPS);
-
- const SECHashObject *(* p_HASH_GetRawHashObject)(HASH_HashType hashType);
-
- HMACContext * (* p_HMAC_Create)(const SECHashObject *hashObj,
- const unsigned char *secret,
- unsigned int secret_len, PRBool isFIPS);
- SECStatus (* p_HMAC_Init)(HMACContext *cx, const SECHashObject *hash_obj,
- const unsigned char *secret,
- unsigned int secret_len, PRBool isFIPS);
- void (* p_HMAC_Begin)(HMACContext *cx);
- void (* p_HMAC_Update)(HMACContext *cx, const unsigned char *data,
- unsigned int data_len);
- HMACContext * (* p_HMAC_Clone)(HMACContext *cx);
- SECStatus (* p_HMAC_Finish)(HMACContext *cx, unsigned char *result,
- unsigned int *result_len,
- unsigned int max_result_len);
- void (* p_HMAC_Destroy)(HMACContext *cx, PRBool freeit);
-
- void (* p_RNG_SystemInfoForRNG)(void);
-
- /* Version 3.008 came to here */
-
- SECStatus (* p_FIPS186Change_GenerateX)(unsigned char *XKEY,
- const unsigned char *XSEEDj,
- unsigned char *x_j);
- SECStatus (* p_FIPS186Change_ReduceModQForDSA)(const unsigned char *w,
- const unsigned char *q,
- unsigned char *xj);
-
- /* Version 3.009 came to here */
-
- SECStatus (* p_Camellia_InitContext)(CamelliaContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int unused);
-
- CamelliaContext *(*p_Camellia_AllocateContext)(void);
- CamelliaContext * (* p_Camellia_CreateContext)(const unsigned char *key,
- const unsigned char *iv,
- int mode, int encrypt,
- unsigned int keylen);
- void (* p_Camellia_DestroyContext)(CamelliaContext *cx, PRBool freeit);
-
- SECStatus (* p_Camellia_Encrypt)(CamelliaContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
-
- SECStatus (* p_Camellia_Decrypt)(CamelliaContext *cx, unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
-
- void (* p_PQG_DestroyParams)(PQGParams *params);
-
- void (* p_PQG_DestroyVerify)(PQGVerify *vfy);
-
- /* Version 3.010 came to here */
-
- SECStatus (* p_SEED_InitContext)(SEEDContext *cx,
- const unsigned char *key,
- unsigned int keylen,
- const unsigned char *iv,
- int mode,
- unsigned int encrypt,
- unsigned int );
-
- SEEDContext *(*p_SEED_AllocateContext)(void);
-
- SEEDContext *(* p_SEED_CreateContext)(const unsigned char *key,
- const unsigned char *iv,
- int mode, PRBool encrypt);
-
- void (* p_SEED_DestroyContext)(SEEDContext *cx, PRBool freeit);
-
- SECStatus (* p_SEED_Encrypt)(SEEDContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
-
- SECStatus (* p_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen);
-
-
-
- SECStatus (* p_BL_Init)(void);
- void ( * p_BL_SetForkState)(PRBool);
-
- SECStatus (* p_PRNGTEST_Instantiate)(const PRUint8 *entropy,
- unsigned int entropy_len,
- const PRUint8 *nonce,
- unsigned int nonce_len,
- const PRUint8 *personal_string,
- unsigned int ps_len);
-
- SECStatus (* p_PRNGTEST_Reseed)(const PRUint8 *entropy,
- unsigned int entropy_len,
- const PRUint8 *additional,
- unsigned int additional_len);
-
- SECStatus (* p_PRNGTEST_Generate)(PRUint8 *bytes,
- unsigned int bytes_len,
- const PRUint8 *additional,
- unsigned int additional_len);
-
- SECStatus (* p_PRNGTEST_Uninstantiate)(void);
- /* Version 3.011 came to here */
-
- SECStatus (*p_RSA_PopulatePrivateKey)(RSAPrivateKey *key);
-
- SECStatus (*p_DSA_NewRandom)(PLArenaPool * arena, const SECItem * q,
- SECItem * seed);
-
- SECStatus (*p_JPAKE_Sign)(PLArenaPool * arena, const PQGParams * pqg,
- HASH_HashType hashType, const SECItem * signerID,
- const SECItem * x, const SECItem * testRandom,
- const SECItem * gxIn, SECItem * gxOut,
- SECItem * gv, SECItem * r);
-
- SECStatus (*p_JPAKE_Verify)(PLArenaPool * arena, const PQGParams * pqg,
- HASH_HashType hashType, const SECItem * signerID,
- const SECItem * peerID, const SECItem * gx,
- const SECItem * gv, const SECItem * r);
-
- SECStatus (*p_JPAKE_Round2)(PLArenaPool * arena, const SECItem * p,
- const SECItem *q, const SECItem * gx1,
- const SECItem * gx3, const SECItem * gx4,
- SECItem * base, const SECItem * x2,
- const SECItem * s, SECItem * x2s);
-
- SECStatus (*p_JPAKE_Final)(PLArenaPool * arena, const SECItem * p,
- const SECItem *q, const SECItem * x2,
- const SECItem * gx4, const SECItem * x2s,
- const SECItem * B, SECItem * K);
-
- /* Version 3.012 came to here */
-
- SECStatus (* p_TLS_P_hash)(HASH_HashType hashAlg,
- const SECItem *secret,
- const char *label,
- SECItem *seed,
- SECItem *result,
- PRBool isFIPS);
-
- SHA224Context *(*p_SHA224_NewContext)(void);
- void (* p_SHA224_DestroyContext)(SHA224Context *cx, PRBool freeit);
- void (* p_SHA224_Begin)(SHA224Context *cx);
- void (* p_SHA224_Update)(SHA224Context *cx, const unsigned char *input,
- unsigned int inputLen);
- void (* p_SHA224_End)(SHA224Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
- SECStatus (*p_SHA224_HashBuf)(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length);
- SECStatus (*p_SHA224_Hash)(unsigned char *dest, const char *src);
- void (*p_SHA224_TraceState)(SHA224Context *cx);
- unsigned int (* p_SHA224_FlattenSize)(SHA224Context *cx);
- SECStatus (* p_SHA224_Flatten)(SHA224Context *cx,unsigned char *space);
- SHA224Context * (* p_SHA224_Resurrect)(unsigned char *space, void *arg);
- void (* p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);
- PRBool (*p_BLAPI_SHVerifyFile)(const char *name);
-
- /* Version 3.013 came to here */
-
- SECStatus (* p_PQG_ParamGenV2)( unsigned int L, unsigned int N,
- unsigned int seedBytes,
- PQGParams **pParams, PQGVerify **pVfy);
- SECStatus (*p_PRNGTEST_RunHealthTests)(void);
-
- /* Version 3.014 came to here */
-
- SECStatus (* p_HMAC_ConstantTime)(
- unsigned char *result,
- unsigned int *resultLen,
- unsigned int maxResultLen,
- const SECHashObject *hashObj,
- const unsigned char *secret,
- unsigned int secretLen,
- const unsigned char *header,
- unsigned int headerLen,
- const unsigned char *body,
- unsigned int bodyLen,
- unsigned int bodyTotalLen);
-
- SECStatus (* p_SSLv3_MAC_ConstantTime)(
- unsigned char *result,
- unsigned int *resultLen,
- unsigned int maxResultLen,
- const SECHashObject *hashObj,
- const unsigned char *secret,
- unsigned int secretLen,
- const unsigned char *header,
- unsigned int headerLen,
- const unsigned char *body,
- unsigned int bodyLen,
- unsigned int bodyTotalLen);
-
- /* Version 3.015 came to here */
-
- SECStatus (* p_RSA_SignRaw)(RSAPrivateKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
- SECStatus (* p_RSA_CheckSignRaw)(RSAPublicKey *key,
- const unsigned char *sig,
- unsigned int sigLen,
- const unsigned char *hash,
- unsigned int hashLen);
- SECStatus (* p_RSA_CheckSignRecoverRaw)(RSAPublicKey *key,
- unsigned char *data,
- unsigned int *dataLen,
- unsigned int maxDataLen,
- const unsigned char *sig,
- unsigned int sigLen);
- SECStatus (* p_RSA_EncryptRaw)(RSAPublicKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
- SECStatus (* p_RSA_DecryptRaw)(RSAPrivateKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
- SECStatus (* p_RSA_EncryptOAEP)(RSAPublicKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char *label,
- unsigned int labelLen,
- const unsigned char *seed,
- unsigned int seedLen,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
- SECStatus (* p_RSA_DecryptOAEP)(RSAPrivateKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char *label,
- unsigned int labelLen,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
- SECStatus (* p_RSA_EncryptBlock)(RSAPublicKey *key,
+ /* Version 3.007 came to here */
+
+ SECStatus (*p_AES_InitContext)(AESContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int blocklen);
+ SECStatus (*p_AESKeyWrap_InitContext)(AESKeyWrapContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int blocklen);
+ SECStatus (*p_DES_InitContext)(DESContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int);
+ SECStatus (*p_RC2_InitContext)(RC2Context *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int effectiveKeyLen,
+ unsigned int);
+ SECStatus (*p_RC4_InitContext)(RC4Context *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *,
+ int,
+ unsigned int,
+ unsigned int);
+
+ AESContext *(*p_AES_AllocateContext)(void);
+ AESKeyWrapContext *(*p_AESKeyWrap_AllocateContext)(void);
+ DESContext *(*p_DES_AllocateContext)(void);
+ RC2Context *(*p_RC2_AllocateContext)(void);
+ RC4Context *(*p_RC4_AllocateContext)(void);
+
+ void (*p_MD2_Clone)(MD2Context *dest, MD2Context *src);
+ void (*p_MD5_Clone)(MD5Context *dest, MD5Context *src);
+ void (*p_SHA1_Clone)(SHA1Context *dest, SHA1Context *src);
+ void (*p_SHA256_Clone)(SHA256Context *dest, SHA256Context *src);
+ void (*p_SHA384_Clone)(SHA384Context *dest, SHA384Context *src);
+ void (*p_SHA512_Clone)(SHA512Context *dest, SHA512Context *src);
+
+ SECStatus (*p_TLS_PRF)(const SECItem *secret, const char *label,
+ SECItem *seed, SECItem *result, PRBool isFIPS);
+
+ const SECHashObject *(*p_HASH_GetRawHashObject)(HASH_HashType hashType);
+
+ HMACContext *(*p_HMAC_Create)(const SECHashObject *hashObj,
+ const unsigned char *secret,
+ unsigned int secret_len, PRBool isFIPS);
+ SECStatus (*p_HMAC_Init)(HMACContext *cx, const SECHashObject *hash_obj,
+ const unsigned char *secret,
+ unsigned int secret_len, PRBool isFIPS);
+ void (*p_HMAC_Begin)(HMACContext *cx);
+ void (*p_HMAC_Update)(HMACContext *cx, const unsigned char *data,
+ unsigned int data_len);
+ HMACContext *(*p_HMAC_Clone)(HMACContext *cx);
+ SECStatus (*p_HMAC_Finish)(HMACContext *cx, unsigned char *result,
+ unsigned int *result_len,
+ unsigned int max_result_len);
+ void (*p_HMAC_Destroy)(HMACContext *cx, PRBool freeit);
+
+ void (*p_RNG_SystemInfoForRNG)(void);
+
+ /* Version 3.008 came to here */
+
+ SECStatus (*p_FIPS186Change_GenerateX)(unsigned char *XKEY,
+ const unsigned char *XSEEDj,
+ unsigned char *x_j);
+ SECStatus (*p_FIPS186Change_ReduceModQForDSA)(const unsigned char *w,
+ const unsigned char *q,
+ unsigned char *xj);
+
+ /* Version 3.009 came to here */
+
+ SECStatus (*p_Camellia_InitContext)(CamelliaContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int unused);
+
+ CamelliaContext *(*p_Camellia_AllocateContext)(void);
+ CamelliaContext *(*p_Camellia_CreateContext)(const unsigned char *key,
+ const unsigned char *iv,
+ int mode, int encrypt,
+ unsigned int keylen);
+ void (*p_Camellia_DestroyContext)(CamelliaContext *cx, PRBool freeit);
+
+ SECStatus (*p_Camellia_Encrypt)(CamelliaContext *cx, unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+
+ SECStatus (*p_Camellia_Decrypt)(CamelliaContext *cx, unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+
+ void (*p_PQG_DestroyParams)(PQGParams *params);
+
+ void (*p_PQG_DestroyVerify)(PQGVerify *vfy);
+
+ /* Version 3.010 came to here */
+
+ SECStatus (*p_SEED_InitContext)(SEEDContext *cx,
+ const unsigned char *key,
+ unsigned int keylen,
+ const unsigned char *iv,
+ int mode,
+ unsigned int encrypt,
+ unsigned int);
+
+ SEEDContext *(*p_SEED_AllocateContext)(void);
+
+ SEEDContext *(*p_SEED_CreateContext)(const unsigned char *key,
+ const unsigned char *iv,
+ int mode, PRBool encrypt);
+
+ void (*p_SEED_DestroyContext)(SEEDContext *cx, PRBool freeit);
+
+ SECStatus (*p_SEED_Encrypt)(SEEDContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (*p_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (*p_BL_Init)(void);
+ void (*p_BL_SetForkState)(PRBool);
+
+ SECStatus (*p_PRNGTEST_Instantiate)(const PRUint8 *entropy,
+ unsigned int entropy_len,
+ const PRUint8 *nonce,
+ unsigned int nonce_len,
+ const PRUint8 *personal_string,
+ unsigned int ps_len);
+
+ SECStatus (*p_PRNGTEST_Reseed)(const PRUint8 *entropy,
+ unsigned int entropy_len,
+ const PRUint8 *additional,
+ unsigned int additional_len);
+
+ SECStatus (*p_PRNGTEST_Generate)(PRUint8 *bytes,
+ unsigned int bytes_len,
+ const PRUint8 *additional,
+ unsigned int additional_len);
+
+ SECStatus (*p_PRNGTEST_Uninstantiate)(void);
+ /* Version 3.011 came to here */
+
+ SECStatus (*p_RSA_PopulatePrivateKey)(RSAPrivateKey *key);
+
+ SECStatus (*p_DSA_NewRandom)(PLArenaPool *arena, const SECItem *q,
+ SECItem *seed);
+
+ SECStatus (*p_JPAKE_Sign)(PLArenaPool *arena, const PQGParams *pqg,
+ HASH_HashType hashType, const SECItem *signerID,
+ const SECItem *x, const SECItem *testRandom,
+ const SECItem *gxIn, SECItem *gxOut,
+ SECItem *gv, SECItem *r);
+
+ SECStatus (*p_JPAKE_Verify)(PLArenaPool *arena, const PQGParams *pqg,
+ HASH_HashType hashType, const SECItem *signerID,
+ const SECItem *peerID, const SECItem *gx,
+ const SECItem *gv, const SECItem *r);
+
+ SECStatus (*p_JPAKE_Round2)(PLArenaPool *arena, const SECItem *p,
+ const SECItem *q, const SECItem *gx1,
+ const SECItem *gx3, const SECItem *gx4,
+ SECItem *base, const SECItem *x2,
+ const SECItem *s, SECItem *x2s);
+
+ SECStatus (*p_JPAKE_Final)(PLArenaPool *arena, const SECItem *p,
+ const SECItem *q, const SECItem *x2,
+ const SECItem *gx4, const SECItem *x2s,
+ const SECItem *B, SECItem *K);
+
+ /* Version 3.012 came to here */
+
+ SECStatus (*p_TLS_P_hash)(HASH_HashType hashAlg,
+ const SECItem *secret,
+ const char *label,
+ SECItem *seed,
+ SECItem *result,
+ PRBool isFIPS);
+
+ SHA224Context *(*p_SHA224_NewContext)(void);
+ void (*p_SHA224_DestroyContext)(SHA224Context *cx, PRBool freeit);
+ void (*p_SHA224_Begin)(SHA224Context *cx);
+ void (*p_SHA224_Update)(SHA224Context *cx, const unsigned char *input,
+ unsigned int inputLen);
+ void (*p_SHA224_End)(SHA224Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (*p_SHA224_HashBuf)(unsigned char *dest, const unsigned char *src,
+ PRUint32 src_length);
+ SECStatus (*p_SHA224_Hash)(unsigned char *dest, const char *src);
+ void (*p_SHA224_TraceState)(SHA224Context *cx);
+ unsigned int (*p_SHA224_FlattenSize)(SHA224Context *cx);
+ SECStatus (*p_SHA224_Flatten)(SHA224Context *cx, unsigned char *space);
+ SHA224Context *(*p_SHA224_Resurrect)(unsigned char *space, void *arg);
+ void (*p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);
+ PRBool (*p_BLAPI_SHVerifyFile)(const char *name);
+
+ /* Version 3.013 came to here */
+
+ SECStatus (*p_PQG_ParamGenV2)(unsigned int L, unsigned int N,
+ unsigned int seedBytes,
+ PQGParams **pParams, PQGVerify **pVfy);
+ SECStatus (*p_PRNGTEST_RunHealthTests)(void);
+
+ /* Version 3.014 came to here */
+
+ SECStatus (*p_HMAC_ConstantTime)(
+ unsigned char *result,
+ unsigned int *resultLen,
+ unsigned int maxResultLen,
+ const SECHashObject *hashObj,
+ const unsigned char *secret,
+ unsigned int secretLen,
+ const unsigned char *header,
+ unsigned int headerLen,
+ const unsigned char *body,
+ unsigned int bodyLen,
+ unsigned int bodyTotalLen);
+
+ SECStatus (*p_SSLv3_MAC_ConstantTime)(
+ unsigned char *result,
+ unsigned int *resultLen,
+ unsigned int maxResultLen,
+ const SECHashObject *hashObj,
+ const unsigned char *secret,
+ unsigned int secretLen,
+ const unsigned char *header,
+ unsigned int headerLen,
+ const unsigned char *body,
+ unsigned int bodyLen,
+ unsigned int bodyTotalLen);
+
+ /* Version 3.015 came to here */
+
+ SECStatus (*p_RSA_SignRaw)(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+ SECStatus (*p_RSA_CheckSignRaw)(RSAPublicKey *key,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *hash,
+ unsigned int hashLen);
+ SECStatus (*p_RSA_CheckSignRecoverRaw)(RSAPublicKey *key,
+ unsigned char *data,
+ unsigned int *dataLen,
+ unsigned int maxDataLen,
+ const unsigned char *sig,
+ unsigned int sigLen);
+ SECStatus (*p_RSA_EncryptRaw)(RSAPublicKey *key,
unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen);
- SECStatus (* p_RSA_DecryptBlock)(RSAPrivateKey *key,
+ SECStatus (*p_RSA_DecryptRaw)(RSAPrivateKey *key,
unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen);
- SECStatus (* p_RSA_SignPSS)(RSAPrivateKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- const unsigned char *salt,
- unsigned int saltLen,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
- SECStatus (* p_RSA_CheckSignPSS)(RSAPublicKey *key,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- unsigned int saltLen,
- const unsigned char *sig,
- unsigned int sigLen,
- const unsigned char *hash,
- unsigned int hashLen);
- SECStatus (* p_RSA_Sign)(RSAPrivateKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *input,
- unsigned int inputLen);
- SECStatus (* p_RSA_CheckSign)(RSAPublicKey *key,
- const unsigned char *sig,
- unsigned int sigLen,
- const unsigned char *data,
- unsigned int dataLen);
- SECStatus (* p_RSA_CheckSignRecover)(RSAPublicKey *key,
- unsigned char *output,
- unsigned int *outputLen,
- unsigned int maxOutputLen,
- const unsigned char *sig,
- unsigned int sigLen);
-
- /* Version 3.016 came to here */
-
- SECStatus (* p_EC_FillParams)(PLArenaPool *arena,
- const SECItem *encodedParams, ECParams *params);
- SECStatus (* p_EC_DecodeParams)(const SECItem *encodedParams,
- ECParams **ecparams);
- SECStatus (* p_EC_CopyParams)(PLArenaPool *arena, ECParams *dstParams,
- const ECParams *srcParams);
-
- /* Version 3.017 came to here */
-
- SECStatus (* p_ChaCha20Poly1305_InitContext)(ChaCha20Poly1305Context *ctx,
- const unsigned char *key,
- unsigned int keyLen,
- unsigned int tagLen);
-
- ChaCha20Poly1305Context *(* p_ChaCha20Poly1305_CreateContext)(
- const unsigned char *key, unsigned int keyLen, unsigned int tagLen);
-
- void (* p_ChaCha20Poly1305_DestroyContext)(ChaCha20Poly1305Context *ctx,
- PRBool freeit);
-
- SECStatus (* p_ChaCha20Poly1305_Seal)(
- const ChaCha20Poly1305Context *ctx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
- const unsigned char *nonce, unsigned int nonceLen,
- const unsigned char *ad, unsigned int adLen);
-
- SECStatus (* p_ChaCha20Poly1305_Open)(
- const ChaCha20Poly1305Context *ctx, unsigned char *output,
- unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
- const unsigned char *nonce, unsigned int nonceLen,
- const unsigned char *ad, unsigned int adLen);
-
- /* Version 3.018 came to here */
-
- /* Add new function pointers at the end of this struct and bump
- * FREEBL_VERSION at the beginning of this file. */
- };
+ SECStatus (*p_RSA_EncryptOAEP)(RSAPublicKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *label,
+ unsigned int labelLen,
+ const unsigned char *seed,
+ unsigned int seedLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+ SECStatus (*p_RSA_DecryptOAEP)(RSAPrivateKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *label,
+ unsigned int labelLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+ SECStatus (*p_RSA_EncryptBlock)(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+ SECStatus (*p_RSA_DecryptBlock)(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+ SECStatus (*p_RSA_SignPSS)(RSAPrivateKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ const unsigned char *salt,
+ unsigned int saltLen,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+ SECStatus (*p_RSA_CheckSignPSS)(RSAPublicKey *key,
+ HASH_HashType hashAlg,
+ HASH_HashType maskHashAlg,
+ unsigned int saltLen,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *hash,
+ unsigned int hashLen);
+ SECStatus (*p_RSA_Sign)(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+ SECStatus (*p_RSA_CheckSign)(RSAPublicKey *key,
+ const unsigned char *sig,
+ unsigned int sigLen,
+ const unsigned char *data,
+ unsigned int dataLen);
+ SECStatus (*p_RSA_CheckSignRecover)(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *sig,
+ unsigned int sigLen);
+
+ /* Version 3.016 came to here */
+
+ SECStatus (*p_EC_FillParams)(PLArenaPool *arena,
+ const SECItem *encodedParams, ECParams *params);
+ SECStatus (*p_EC_DecodeParams)(const SECItem *encodedParams,
+ ECParams **ecparams);
+ SECStatus (*p_EC_CopyParams)(PLArenaPool *arena, ECParams *dstParams,
+ const ECParams *srcParams);
+
+ /* Version 3.017 came to here */
+
+ SECStatus (*p_ChaCha20Poly1305_InitContext)(ChaCha20Poly1305Context *ctx,
+ const unsigned char *key,
+ unsigned int keyLen,
+ unsigned int tagLen);
+
+ ChaCha20Poly1305Context *(*p_ChaCha20Poly1305_CreateContext)(
+ const unsigned char *key, unsigned int keyLen, unsigned int tagLen);
+
+ void (*p_ChaCha20Poly1305_DestroyContext)(ChaCha20Poly1305Context *ctx,
+ PRBool freeit);
+
+ SECStatus (*p_ChaCha20Poly1305_Seal)(
+ const ChaCha20Poly1305Context *ctx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen,
+ const unsigned char *nonce, unsigned int nonceLen,
+ const unsigned char *ad, unsigned int adLen);
+
+ SECStatus (*p_ChaCha20Poly1305_Open)(
+ const ChaCha20Poly1305Context *ctx, unsigned char *output,
+ unsigned int *outputLen, unsigned int maxOutputLen,
+ const unsigned char *input, unsigned int inputLen,
+ const unsigned char *nonce, unsigned int nonceLen,
+ const unsigned char *ad, unsigned int adLen);
+
+ /* Version 3.018 came to here */
+
+ /* Add new function pointers at the end of this struct and bump
+ * FREEBL_VERSION at the beginning of this file. */
+};
typedef struct FREEBLVectorStr FREEBLVector;
@@ -747,24 +744,24 @@ typedef struct FREEBLVectorStr FREEBLVector;
#define NSSLOW_VERSION 0x0300
struct NSSLOWVectorStr {
- unsigned short length; /* of this struct in bytes */
- unsigned short version; /* of this struct. */
- const FREEBLVector *(*p_FREEBL_GetVector)(void);
- NSSLOWInitContext *(*p_NSSLOW_Init)(void);
- void (*p_NSSLOW_Shutdown)(NSSLOWInitContext *context);
- void (*p_NSSLOW_Reset)(NSSLOWInitContext *context);
- NSSLOWHASHContext *(*p_NSSLOWHASH_NewContext)(
- NSSLOWInitContext *initContext,
- HASH_HashType hashType);
- void (*p_NSSLOWHASH_Begin)(NSSLOWHASHContext *context);
- void (*p_NSSLOWHASH_Update)(NSSLOWHASHContext *context,
- const unsigned char *buf,
- unsigned int len);
- void (*p_NSSLOWHASH_End)(NSSLOWHASHContext *context,
- unsigned char *buf,
- unsigned int *ret, unsigned int len);
- void (*p_NSSLOWHASH_Destroy)(NSSLOWHASHContext *context);
- unsigned int (*p_NSSLOWHASH_Length)(NSSLOWHASHContext *context);
+ unsigned short length; /* of this struct in bytes */
+ unsigned short version; /* of this struct. */
+ const FREEBLVector *(*p_FREEBL_GetVector)(void);
+ NSSLOWInitContext *(*p_NSSLOW_Init)(void);
+ void (*p_NSSLOW_Shutdown)(NSSLOWInitContext *context);
+ void (*p_NSSLOW_Reset)(NSSLOWInitContext *context);
+ NSSLOWHASHContext *(*p_NSSLOWHASH_NewContext)(
+ NSSLOWInitContext *initContext,
+ HASH_HashType hashType);
+ void (*p_NSSLOWHASH_Begin)(NSSLOWHASHContext *context);
+ void (*p_NSSLOWHASH_Update)(NSSLOWHASHContext *context,
+ const unsigned char *buf,
+ unsigned int len);
+ void (*p_NSSLOWHASH_End)(NSSLOWHASHContext *context,
+ unsigned char *buf,
+ unsigned int *ret, unsigned int len);
+ void (*p_NSSLOWHASH_Destroy)(NSSLOWHASHContext *context);
+ unsigned int (*p_NSSLOWHASH_Length)(NSSLOWHASHContext *context);
};
typedef struct NSSLOWVectorStr NSSLOWVector;
@@ -773,12 +770,12 @@ typedef struct NSSLOWVectorStr NSSLOWVector;
SEC_BEGIN_PROTOS
#ifdef FREEBL_LOWHASH
-typedef const NSSLOWVector * NSSLOWGetVectorFn(void);
+typedef const NSSLOWVector *NSSLOWGetVectorFn(void);
extern NSSLOWGetVectorFn NSSLOW_GetVector;
#endif
-typedef const FREEBLVector * FREEBLGetVectorFn(void);
+typedef const FREEBLVector *FREEBLGetVectorFn(void);
extern FREEBLGetVectorFn FREEBL_GetVector;
diff --git a/lib/freebl/lowhash_vector.c b/lib/freebl/lowhash_vector.c
index a19b76d6c..7690c98da 100644
--- a/lib/freebl/lowhash_vector.c
+++ b/lib/freebl/lowhash_vector.c
@@ -21,16 +21,15 @@
#include <dlfcn.h>
#include "pratom.h"
-
-static PRLibrary* blLib;
+static PRLibrary *blLib;
#define LSB(x) ((x)&0xff)
-#define MSB(x) ((x)>>8)
+#define MSB(x) ((x) >> 8)
static const NSSLOWVector *vector;
static const char *libraryName = NULL;
-/* pretty much only glibc uses this, make sure we don't have any depenencies
+/* pretty much only glibc uses this, make sure we don't have any depenencies
* on nspr.. */
#undef PORT_Alloc
#undef PORT_Free
@@ -39,17 +38,17 @@ static const char *libraryName = NULL;
#define PORT_Free free
#define PR_Free free
#define PR_GetDirectorySeparator() '/'
-#define PR_LoadLibraryWithFlags(libspec,flags) \
- (PRLibrary*)dlopen(libSpec.value.pathname,RTLD_NOW|RTLD_LOCAL)
-#define PR_GetLibraryFilePathname(name,addr) \
- freebl_lowhash_getLibraryFilePath(addr)
+#define PR_LoadLibraryWithFlags(libspec, flags) \
+ (PRLibrary *)dlopen(libSpec.value.pathname, RTLD_NOW | RTLD_LOCAL)
+#define PR_GetLibraryFilePathname(name, addr) \
+ freebl_lowhash_getLibraryFilePath(addr)
static char *
freebl_lowhash_getLibraryFilePath(void *addr)
{
Dl_info dli;
if (dladdr(addr, &dli) == 0) {
- return NULL;
+ return NULL;
}
return strdup(dli.dli_fname);
}
@@ -59,152 +58,160 @@ freebl_lowhash_getLibraryFilePath(void *addr)
* don't need it..
*/
#ifdef nodef
-static const char *NameOfThisSharedLib =
- SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX;
+static const char *NameOfThisSharedLib =
+ SHLIB_PREFIX "freebl" SHLIB_VERSION "." SHLIB_SUFFIX;
#endif
#include "genload.c"
-
/* This function must be run only once. */
/* determine if hybrid platform, then actually load the DSO. */
static PRStatus
-freebl_LoadDSO( void )
+freebl_LoadDSO(void)
{
- PRLibrary * handle;
- const char * name = getLibName();
+ PRLibrary *handle;
+ const char *name = getLibName();
- if (!name) {
- /*PR_SetError(PR_LOAD_LIBRARY_ERROR,0); */
- return PR_FAILURE;
- }
- handle = loader_LoadLibrary(name);
- if (handle) {
- void *address = dlsym(handle, "NSSLOW_GetVector");
- if (address) {
- NSSLOWGetVectorFn * getVector = (NSSLOWGetVectorFn *)address;
- const NSSLOWVector * dsoVector = getVector();
- if (dsoVector) {
- unsigned short dsoVersion = dsoVector->version;
- unsigned short myVersion = NSSLOW_VERSION;
- if (MSB(dsoVersion) == MSB(myVersion) &&
- LSB(dsoVersion) >= LSB(myVersion) &&
- dsoVector->length >= sizeof(NSSLOWVector)) {
- vector = dsoVector;
- libraryName = name;
- blLib = handle;
- return PR_SUCCESS;
- }
- }
+ if (!name) {
+ /*PR_SetError(PR_LOAD_LIBRARY_ERROR,0); */
+ return PR_FAILURE;
}
- (void)dlclose(handle);
- }
- return PR_FAILURE;
+ handle = loader_LoadLibrary(name);
+ if (handle) {
+ void *address = dlsym(handle, "NSSLOW_GetVector");
+ if (address) {
+ NSSLOWGetVectorFn *getVector = (NSSLOWGetVectorFn *)address;
+ const NSSLOWVector *dsoVector = getVector();
+ if (dsoVector) {
+ unsigned short dsoVersion = dsoVector->version;
+ unsigned short myVersion = NSSLOW_VERSION;
+ if (MSB(dsoVersion) == MSB(myVersion) &&
+ LSB(dsoVersion) >= LSB(myVersion) &&
+ dsoVector->length >= sizeof(NSSLOWVector)) {
+ vector = dsoVector;
+ libraryName = name;
+ blLib = handle;
+ return PR_SUCCESS;
+ }
+ }
+ }
+ (void)dlclose(handle);
+ }
+ return PR_FAILURE;
}
static PRCallOnceType loadFreeBLOnce;
static PRStatus
-freebl_RunLoaderOnce( void )
+freebl_RunLoaderOnce(void)
{
- /* Don't have NSPR, so can use the real PR_CallOnce, implement a stripped
- * down version. */
- if (loadFreeBLOnce.initialized) {
- return loadFreeBLOnce.status;
- }
- if (__sync_lock_test_and_set(&loadFreeBLOnce.inProgress,1) == 0) {
- loadFreeBLOnce.status = freebl_LoadDSO();
- loadFreeBLOnce.initialized = 1;
- } else {
- /* shouldn't have a lot of takers on the else clause, which is good
- * since we don't have condition variables yet.
- * 'initialized' only ever gets set (not cleared) so we don't
- * need the traditional locks. */
- while (!loadFreeBLOnce.initialized) {
- sleep(1); /* don't have condition variables, just give up the CPU */
- }
- }
-
- return loadFreeBLOnce.status;
+ /* Don't have NSPR, so can use the real PR_CallOnce, implement a stripped
+ * down version. */
+ if (loadFreeBLOnce.initialized) {
+ return loadFreeBLOnce.status;
+ }
+ if (__sync_lock_test_and_set(&loadFreeBLOnce.inProgress, 1) == 0) {
+ loadFreeBLOnce.status = freebl_LoadDSO();
+ loadFreeBLOnce.initialized = 1;
+ } else {
+ /* shouldn't have a lot of takers on the else clause, which is good
+ * since we don't have condition variables yet.
+ * 'initialized' only ever gets set (not cleared) so we don't
+ * need the traditional locks. */
+ while (!loadFreeBLOnce.initialized) {
+ sleep(1); /* don't have condition variables, just give up the CPU */
+ }
+ }
+
+ return loadFreeBLOnce.status;
}
-const FREEBLVector *FREEBL_GetVector(void)
+const FREEBLVector *
+FREEBL_GetVector(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
- return NULL;
- }
- if (vector) {
- return (vector->p_FREEBL_GetVector)();
- }
- return NULL;
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
+ return NULL;
+ }
+ if (vector) {
+ return (vector->p_FREEBL_GetVector)();
+ }
+ return NULL;
}
-NSSLOWInitContext *NSSLOW_Init(void)
+NSSLOWInitContext *
+NSSLOW_Init(void)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_NSSLOW_Init)();
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_NSSLOW_Init)();
}
-void NSSLOW_Shutdown(NSSLOWInitContext *context)
+void
+NSSLOW_Shutdown(NSSLOWInitContext *context)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_NSSLOW_Shutdown)(context);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_NSSLOW_Shutdown)(context);
}
-void NSSLOW_Reset(NSSLOWInitContext *context)
+void
+NSSLOW_Reset(NSSLOWInitContext *context)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_NSSLOW_Reset)(context);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_NSSLOW_Reset)(context);
}
-NSSLOWHASHContext *NSSLOWHASH_NewContext(
- NSSLOWInitContext *initContext,
- HASH_HashType hashType)
+NSSLOWHASHContext *
+NSSLOWHASH_NewContext(
+ NSSLOWInitContext *initContext,
+ HASH_HashType hashType)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return NULL;
- return (vector->p_NSSLOWHASH_NewContext)(initContext, hashType);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_NSSLOWHASH_NewContext)(initContext, hashType);
}
-void NSSLOWHASH_Begin(NSSLOWHASHContext *context)
+void
+NSSLOWHASH_Begin(NSSLOWHASHContext *context)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_NSSLOWHASH_Begin)(context);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_NSSLOWHASH_Begin)(context);
}
-void NSSLOWHASH_Update(NSSLOWHASHContext *context,
- const unsigned char *buf,
- unsigned int len)
+void
+NSSLOWHASH_Update(NSSLOWHASHContext *context,
+ const unsigned char *buf,
+ unsigned int len)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_NSSLOWHASH_Update)(context, buf, len);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_NSSLOWHASH_Update)(context, buf, len);
}
-void NSSLOWHASH_End(NSSLOWHASHContext *context,
- unsigned char *buf,
- unsigned int *ret, unsigned int len)
+void
+NSSLOWHASH_End(NSSLOWHASHContext *context,
+ unsigned char *buf,
+ unsigned int *ret, unsigned int len)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_NSSLOWHASH_End)(context, buf, ret, len);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_NSSLOWHASH_End)(context, buf, ret, len);
}
-void NSSLOWHASH_Destroy(NSSLOWHASHContext *context)
+void
+NSSLOWHASH_Destroy(NSSLOWHASHContext *context)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return;
- (vector->p_NSSLOWHASH_Destroy)(context);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_NSSLOWHASH_Destroy)(context);
}
-unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context)
+unsigned int
+NSSLOWHASH_Length(NSSLOWHASHContext *context)
{
- if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
- return -1;
- return (vector->p_NSSLOWHASH_Length)(context);
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return -1;
+ return (vector->p_NSSLOWHASH_Length)(context);
}
-
diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
index d069ecaaa..cb3d3d82b 100644
--- a/lib/freebl/md2.c
+++ b/lib/freebl/md2.c
@@ -13,256 +13,257 @@
#include "blapi.h"
-#define MD2_DIGEST_LEN 16
-#define MD2_BUFSIZE 16
-#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */
-#define MD2_CV 0 /* index into X for chaining variables */
-#define MD2_INPUT 16 /* index into X for input */
-#define MD2_TMPVARS 32 /* index into X for temporary variables */
+#define MD2_DIGEST_LEN 16
+#define MD2_BUFSIZE 16
+#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */
+#define MD2_CV 0 /* index into X for chaining variables */
+#define MD2_INPUT 16 /* index into X for input */
+#define MD2_TMPVARS 32 /* index into X for temporary variables */
#define MD2_CHECKSUM_SIZE 16
struct MD2ContextStr {
- unsigned char checksum[MD2_BUFSIZE];
- unsigned char X[MD2_X_SIZE];
- PRUint8 unusedBuffer;
+ unsigned char checksum[MD2_BUFSIZE];
+ unsigned char X[MD2_X_SIZE];
+ PRUint8 unusedBuffer;
};
static const PRUint8 MD2S[256] = {
- 0051, 0056, 0103, 0311, 0242, 0330, 0174, 0001,
- 0075, 0066, 0124, 0241, 0354, 0360, 0006, 0023,
- 0142, 0247, 0005, 0363, 0300, 0307, 0163, 0214,
- 0230, 0223, 0053, 0331, 0274, 0114, 0202, 0312,
- 0036, 0233, 0127, 0074, 0375, 0324, 0340, 0026,
- 0147, 0102, 0157, 0030, 0212, 0027, 0345, 0022,
- 0276, 0116, 0304, 0326, 0332, 0236, 0336, 0111,
- 0240, 0373, 0365, 0216, 0273, 0057, 0356, 0172,
- 0251, 0150, 0171, 0221, 0025, 0262, 0007, 0077,
- 0224, 0302, 0020, 0211, 0013, 0042, 0137, 0041,
- 0200, 0177, 0135, 0232, 0132, 0220, 0062, 0047,
- 0065, 0076, 0314, 0347, 0277, 0367, 0227, 0003,
- 0377, 0031, 0060, 0263, 0110, 0245, 0265, 0321,
- 0327, 0136, 0222, 0052, 0254, 0126, 0252, 0306,
- 0117, 0270, 0070, 0322, 0226, 0244, 0175, 0266,
- 0166, 0374, 0153, 0342, 0234, 0164, 0004, 0361,
- 0105, 0235, 0160, 0131, 0144, 0161, 0207, 0040,
- 0206, 0133, 0317, 0145, 0346, 0055, 0250, 0002,
- 0033, 0140, 0045, 0255, 0256, 0260, 0271, 0366,
- 0034, 0106, 0141, 0151, 0064, 0100, 0176, 0017,
- 0125, 0107, 0243, 0043, 0335, 0121, 0257, 0072,
- 0303, 0134, 0371, 0316, 0272, 0305, 0352, 0046,
- 0054, 0123, 0015, 0156, 0205, 0050, 0204, 0011,
- 0323, 0337, 0315, 0364, 0101, 0201, 0115, 0122,
- 0152, 0334, 0067, 0310, 0154, 0301, 0253, 0372,
- 0044, 0341, 0173, 0010, 0014, 0275, 0261, 0112,
- 0170, 0210, 0225, 0213, 0343, 0143, 0350, 0155,
- 0351, 0313, 0325, 0376, 0073, 0000, 0035, 0071,
- 0362, 0357, 0267, 0016, 0146, 0130, 0320, 0344,
- 0246, 0167, 0162, 0370, 0353, 0165, 0113, 0012,
- 0061, 0104, 0120, 0264, 0217, 0355, 0037, 0032,
- 0333, 0231, 0215, 0063, 0237, 0021, 0203, 0024
+ 0051, 0056, 0103, 0311, 0242, 0330, 0174, 0001,
+ 0075, 0066, 0124, 0241, 0354, 0360, 0006, 0023,
+ 0142, 0247, 0005, 0363, 0300, 0307, 0163, 0214,
+ 0230, 0223, 0053, 0331, 0274, 0114, 0202, 0312,
+ 0036, 0233, 0127, 0074, 0375, 0324, 0340, 0026,
+ 0147, 0102, 0157, 0030, 0212, 0027, 0345, 0022,
+ 0276, 0116, 0304, 0326, 0332, 0236, 0336, 0111,
+ 0240, 0373, 0365, 0216, 0273, 0057, 0356, 0172,
+ 0251, 0150, 0171, 0221, 0025, 0262, 0007, 0077,
+ 0224, 0302, 0020, 0211, 0013, 0042, 0137, 0041,
+ 0200, 0177, 0135, 0232, 0132, 0220, 0062, 0047,
+ 0065, 0076, 0314, 0347, 0277, 0367, 0227, 0003,
+ 0377, 0031, 0060, 0263, 0110, 0245, 0265, 0321,
+ 0327, 0136, 0222, 0052, 0254, 0126, 0252, 0306,
+ 0117, 0270, 0070, 0322, 0226, 0244, 0175, 0266,
+ 0166, 0374, 0153, 0342, 0234, 0164, 0004, 0361,
+ 0105, 0235, 0160, 0131, 0144, 0161, 0207, 0040,
+ 0206, 0133, 0317, 0145, 0346, 0055, 0250, 0002,
+ 0033, 0140, 0045, 0255, 0256, 0260, 0271, 0366,
+ 0034, 0106, 0141, 0151, 0064, 0100, 0176, 0017,
+ 0125, 0107, 0243, 0043, 0335, 0121, 0257, 0072,
+ 0303, 0134, 0371, 0316, 0272, 0305, 0352, 0046,
+ 0054, 0123, 0015, 0156, 0205, 0050, 0204, 0011,
+ 0323, 0337, 0315, 0364, 0101, 0201, 0115, 0122,
+ 0152, 0334, 0067, 0310, 0154, 0301, 0253, 0372,
+ 0044, 0341, 0173, 0010, 0014, 0275, 0261, 0112,
+ 0170, 0210, 0225, 0213, 0343, 0143, 0350, 0155,
+ 0351, 0313, 0325, 0376, 0073, 0000, 0035, 0071,
+ 0362, 0357, 0267, 0016, 0146, 0130, 0320, 0344,
+ 0246, 0167, 0162, 0370, 0353, 0165, 0113, 0012,
+ 0061, 0104, 0120, 0264, 0217, 0355, 0037, 0032,
+ 0333, 0231, 0215, 0063, 0237, 0021, 0203, 0024
};
-SECStatus
+SECStatus
MD2_Hash(unsigned char *dest, const char *src)
{
- unsigned int len;
- MD2Context *cx = MD2_NewContext();
- if (!cx) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return SECFailure;
- }
- MD2_Begin(cx);
- MD2_Update(cx, (const unsigned char *)src, PORT_Strlen(src));
- MD2_End(cx, dest, &len, MD2_DIGEST_LEN);
- MD2_DestroyContext(cx, PR_TRUE);
- return SECSuccess;
+ unsigned int len;
+ MD2Context *cx = MD2_NewContext();
+ if (!cx) {
+ PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+ return SECFailure;
+ }
+ MD2_Begin(cx);
+ MD2_Update(cx, (const unsigned char *)src, PORT_Strlen(src));
+ MD2_End(cx, dest, &len, MD2_DIGEST_LEN);
+ MD2_DestroyContext(cx, PR_TRUE);
+ return SECSuccess;
}
MD2Context *
MD2_NewContext(void)
{
- MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return NULL;
- }
- return cx;
+ MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
+ if (cx == NULL) {
+ PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+ return NULL;
+ }
+ return cx;
}
-void
+void
MD2_DestroyContext(MD2Context *cx, PRBool freeit)
{
- if (freeit)
- PORT_ZFree(cx, sizeof(*cx));
+ if (freeit)
+ PORT_ZFree(cx, sizeof(*cx));
}
-void
+void
MD2_Begin(MD2Context *cx)
{
- memset(cx, 0, sizeof(*cx));
- cx->unusedBuffer = MD2_BUFSIZE;
+ memset(cx, 0, sizeof(*cx));
+ cx->unusedBuffer = MD2_BUFSIZE;
}
static void
md2_compress(MD2Context *cx)
{
- int j;
- unsigned char P;
- P = cx->checksum[MD2_CHECKSUM_SIZE-1];
- /* Compute the running checksum, and set the tmp variables to be
- * CV[i] XOR input[i]
- */
-#define CKSUMFN(n) \
- P = cx->checksum[n] ^ MD2S[cx->X[MD2_INPUT+n] ^ P]; \
- cx->checksum[n] = P; \
- cx->X[MD2_TMPVARS+n] = cx->X[n] ^ cx->X[MD2_INPUT+n];
- CKSUMFN(0);
- CKSUMFN(1);
- CKSUMFN(2);
- CKSUMFN(3);
- CKSUMFN(4);
- CKSUMFN(5);
- CKSUMFN(6);
- CKSUMFN(7);
- CKSUMFN(8);
- CKSUMFN(9);
- CKSUMFN(10);
- CKSUMFN(11);
- CKSUMFN(12);
- CKSUMFN(13);
- CKSUMFN(14);
- CKSUMFN(15);
- /* The compression function. */
-#define COMPRESS(n) \
- P = cx->X[n] ^ MD2S[P]; \
- cx->X[n] = P;
- P = 0x00;
- for (j=0; j<18; j++) {
- COMPRESS(0);
- COMPRESS(1);
- COMPRESS(2);
- COMPRESS(3);
- COMPRESS(4);
- COMPRESS(5);
- COMPRESS(6);
- COMPRESS(7);
- COMPRESS(8);
- COMPRESS(9);
- COMPRESS(10);
- COMPRESS(11);
- COMPRESS(12);
- COMPRESS(13);
- COMPRESS(14);
- COMPRESS(15);
- COMPRESS(16);
- COMPRESS(17);
- COMPRESS(18);
- COMPRESS(19);
- COMPRESS(20);
- COMPRESS(21);
- COMPRESS(22);
- COMPRESS(23);
- COMPRESS(24);
- COMPRESS(25);
- COMPRESS(26);
- COMPRESS(27);
- COMPRESS(28);
- COMPRESS(29);
- COMPRESS(30);
- COMPRESS(31);
- COMPRESS(32);
- COMPRESS(33);
- COMPRESS(34);
- COMPRESS(35);
- COMPRESS(36);
- COMPRESS(37);
- COMPRESS(38);
- COMPRESS(39);
- COMPRESS(40);
- COMPRESS(41);
- COMPRESS(42);
- COMPRESS(43);
- COMPRESS(44);
- COMPRESS(45);
- COMPRESS(46);
- COMPRESS(47);
- P = (P + j) % 256;
- }
- cx->unusedBuffer = MD2_BUFSIZE;
+ int j;
+ unsigned char P;
+ P = cx->checksum[MD2_CHECKSUM_SIZE - 1];
+/* Compute the running checksum, and set the tmp variables to be
+ * CV[i] XOR input[i]
+ */
+#define CKSUMFN(n) \
+ P = cx->checksum[n] ^ MD2S[cx->X[MD2_INPUT + n] ^ P]; \
+ cx->checksum[n] = P; \
+ cx->X[MD2_TMPVARS + n] = cx->X[n] ^ cx->X[MD2_INPUT + n];
+ CKSUMFN(0);
+ CKSUMFN(1);
+ CKSUMFN(2);
+ CKSUMFN(3);
+ CKSUMFN(4);
+ CKSUMFN(5);
+ CKSUMFN(6);
+ CKSUMFN(7);
+ CKSUMFN(8);
+ CKSUMFN(9);
+ CKSUMFN(10);
+ CKSUMFN(11);
+ CKSUMFN(12);
+ CKSUMFN(13);
+ CKSUMFN(14);
+ CKSUMFN(15);
+/* The compression function. */
+#define COMPRESS(n) \
+ P = cx->X[n] ^ MD2S[P]; \
+ cx->X[n] = P;
+ P = 0x00;
+ for (j = 0; j < 18; j++) {
+ COMPRESS(0);
+ COMPRESS(1);
+ COMPRESS(2);
+ COMPRESS(3);
+ COMPRESS(4);
+ COMPRESS(5);
+ COMPRESS(6);
+ COMPRESS(7);
+ COMPRESS(8);
+ COMPRESS(9);
+ COMPRESS(10);
+ COMPRESS(11);
+ COMPRESS(12);
+ COMPRESS(13);
+ COMPRESS(14);
+ COMPRESS(15);
+ COMPRESS(16);
+ COMPRESS(17);
+ COMPRESS(18);
+ COMPRESS(19);
+ COMPRESS(20);
+ COMPRESS(21);
+ COMPRESS(22);
+ COMPRESS(23);
+ COMPRESS(24);
+ COMPRESS(25);
+ COMPRESS(26);
+ COMPRESS(27);
+ COMPRESS(28);
+ COMPRESS(29);
+ COMPRESS(30);
+ COMPRESS(31);
+ COMPRESS(32);
+ COMPRESS(33);
+ COMPRESS(34);
+ COMPRESS(35);
+ COMPRESS(36);
+ COMPRESS(37);
+ COMPRESS(38);
+ COMPRESS(39);
+ COMPRESS(40);
+ COMPRESS(41);
+ COMPRESS(42);
+ COMPRESS(43);
+ COMPRESS(44);
+ COMPRESS(45);
+ COMPRESS(46);
+ COMPRESS(47);
+ P = (P + j) % 256;
+ }
+ cx->unusedBuffer = MD2_BUFSIZE;
}
-void
+void
MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen)
{
- PRUint32 bytesToConsume;
-
- /* Fill the remaining input buffer. */
- if (cx->unusedBuffer != MD2_BUFSIZE) {
- bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
- memcpy(&cx->X[MD2_INPUT + (MD2_BUFSIZE - cx->unusedBuffer)],
- input, bytesToConsume);
- if (cx->unusedBuffer + bytesToConsume >= MD2_BUFSIZE)
- md2_compress(cx);
- inputLen -= bytesToConsume;
- input += bytesToConsume;
- }
+ PRUint32 bytesToConsume;
- /* Iterate over 16-byte chunks of the input. */
- while (inputLen >= MD2_BUFSIZE) {
- memcpy(&cx->X[MD2_INPUT], input, MD2_BUFSIZE);
- md2_compress(cx);
- inputLen -= MD2_BUFSIZE;
- input += MD2_BUFSIZE;
- }
+ /* Fill the remaining input buffer. */
+ if (cx->unusedBuffer != MD2_BUFSIZE) {
+ bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
+ memcpy(&cx->X[MD2_INPUT + (MD2_BUFSIZE - cx->unusedBuffer)],
+ input, bytesToConsume);
+ if (cx->unusedBuffer + bytesToConsume >= MD2_BUFSIZE)
+ md2_compress(cx);
+ inputLen -= bytesToConsume;
+ input += bytesToConsume;
+ }
- /* Copy any input that remains into the buffer. */
- if (inputLen)
- memcpy(&cx->X[MD2_INPUT], input, inputLen);
- cx->unusedBuffer = MD2_BUFSIZE - inputLen;
+ /* Iterate over 16-byte chunks of the input. */
+ while (inputLen >= MD2_BUFSIZE) {
+ memcpy(&cx->X[MD2_INPUT], input, MD2_BUFSIZE);
+ md2_compress(cx);
+ inputLen -= MD2_BUFSIZE;
+ input += MD2_BUFSIZE;
+ }
+
+ /* Copy any input that remains into the buffer. */
+ if (inputLen)
+ memcpy(&cx->X[MD2_INPUT], input, inputLen);
+ cx->unusedBuffer = MD2_BUFSIZE - inputLen;
}
-void
+void
MD2_End(MD2Context *cx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
- PRUint8 padStart;
- if (maxDigestLen < MD2_BUFSIZE) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
- padStart = MD2_BUFSIZE - cx->unusedBuffer;
- memset(&cx->X[MD2_INPUT + padStart], cx->unusedBuffer,
- cx->unusedBuffer);
- md2_compress(cx);
- memcpy(&cx->X[MD2_INPUT], cx->checksum, MD2_BUFSIZE);
- md2_compress(cx);
- *digestLen = MD2_DIGEST_LEN;
- memcpy(digest, &cx->X[MD2_CV], MD2_DIGEST_LEN);
+ PRUint8 padStart;
+ if (maxDigestLen < MD2_BUFSIZE) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return;
+ }
+ padStart = MD2_BUFSIZE - cx->unusedBuffer;
+ memset(&cx->X[MD2_INPUT + padStart], cx->unusedBuffer,
+ cx->unusedBuffer);
+ md2_compress(cx);
+ memcpy(&cx->X[MD2_INPUT], cx->checksum, MD2_BUFSIZE);
+ md2_compress(cx);
+ *digestLen = MD2_DIGEST_LEN;
+ memcpy(digest, &cx->X[MD2_CV], MD2_DIGEST_LEN);
}
-unsigned int
+unsigned int
MD2_FlattenSize(MD2Context *cx)
{
- return sizeof(*cx);
+ return sizeof(*cx);
}
-SECStatus
+SECStatus
MD2_Flatten(MD2Context *cx, unsigned char *space)
{
- memcpy(space, cx, sizeof(*cx));
- return SECSuccess;
+ memcpy(space, cx, sizeof(*cx));
+ return SECSuccess;
}
-MD2Context *
+MD2Context *
MD2_Resurrect(unsigned char *space, void *arg)
{
- MD2Context *cx = MD2_NewContext();
- if (cx)
- memcpy(cx, space, sizeof(*cx));
- return cx;
+ MD2Context *cx = MD2_NewContext();
+ if (cx)
+ memcpy(cx, space, sizeof(*cx));
+ return cx;
}
-void MD2_Clone(MD2Context *dest, MD2Context *src)
+void
+MD2_Clone(MD2Context *dest, MD2Context *src)
{
- memcpy(dest, src, sizeof *dest);
+ memcpy(dest, src, sizeof *dest);
}
diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
index 6ac15b64b..5b12c9ff4 100644
--- a/lib/freebl/md5.c
+++ b/lib/freebl/md5.c
@@ -23,16 +23,16 @@
#define CV0_3 0x98badcfe
#define CV0_4 0x10325476
-#define T1_0 0xd76aa478
-#define T1_1 0xe8c7b756
-#define T1_2 0x242070db
-#define T1_3 0xc1bdceee
-#define T1_4 0xf57c0faf
-#define T1_5 0x4787c62a
-#define T1_6 0xa8304613
-#define T1_7 0xfd469501
-#define T1_8 0x698098d8
-#define T1_9 0x8b44f7af
+#define T1_0 0xd76aa478
+#define T1_1 0xe8c7b756
+#define T1_2 0x242070db
+#define T1_3 0xc1bdceee
+#define T1_4 0xf57c0faf
+#define T1_5 0x4787c62a
+#define T1_6 0xa8304613
+#define T1_7 0xfd469501
+#define T1_8 0x698098d8
+#define T1_9 0x8b44f7af
#define T1_10 0xffff5bb1
#define T1_11 0x895cd7be
#define T1_12 0x6b901122
@@ -40,16 +40,16 @@
#define T1_14 0xa679438e
#define T1_15 0x49b40821
-#define T2_0 0xf61e2562
-#define T2_1 0xc040b340
-#define T2_2 0x265e5a51
-#define T2_3 0xe9b6c7aa
-#define T2_4 0xd62f105d
-#define T2_5 0x02441453
-#define T2_6 0xd8a1e681
-#define T2_7 0xe7d3fbc8
-#define T2_8 0x21e1cde6
-#define T2_9 0xc33707d6
+#define T2_0 0xf61e2562
+#define T2_1 0xc040b340
+#define T2_2 0x265e5a51
+#define T2_3 0xe9b6c7aa
+#define T2_4 0xd62f105d
+#define T2_5 0x02441453
+#define T2_6 0xd8a1e681
+#define T2_7 0xe7d3fbc8
+#define T2_8 0x21e1cde6
+#define T2_9 0xc33707d6
#define T2_10 0xf4d50d87
#define T2_11 0x455a14ed
#define T2_12 0xa9e3e905
@@ -57,16 +57,16 @@
#define T2_14 0x676f02d9
#define T2_15 0x8d2a4c8a
-#define T3_0 0xfffa3942
-#define T3_1 0x8771f681
-#define T3_2 0x6d9d6122
-#define T3_3 0xfde5380c
-#define T3_4 0xa4beea44
-#define T3_5 0x4bdecfa9
-#define T3_6 0xf6bb4b60
-#define T3_7 0xbebfbc70
-#define T3_8 0x289b7ec6
-#define T3_9 0xeaa127fa
+#define T3_0 0xfffa3942
+#define T3_1 0x8771f681
+#define T3_2 0x6d9d6122
+#define T3_3 0xfde5380c
+#define T3_4 0xa4beea44
+#define T3_5 0x4bdecfa9
+#define T3_6 0xf6bb4b60
+#define T3_7 0xbebfbc70
+#define T3_8 0x289b7ec6
+#define T3_9 0xeaa127fa
#define T3_10 0xd4ef3085
#define T3_11 0x04881d05
#define T3_12 0xd9d4d039
@@ -74,16 +74,16 @@
#define T3_14 0x1fa27cf8
#define T3_15 0xc4ac5665
-#define T4_0 0xf4292244
-#define T4_1 0x432aff97
-#define T4_2 0xab9423a7
-#define T4_3 0xfc93a039
-#define T4_4 0x655b59c3
-#define T4_5 0x8f0ccc92
-#define T4_6 0xffeff47d
-#define T4_7 0x85845dd1
-#define T4_8 0x6fa87e4f
-#define T4_9 0xfe2ce6e0
+#define T4_0 0xf4292244
+#define T4_1 0x432aff97
+#define T4_2 0xab9423a7
+#define T4_3 0xfc93a039
+#define T4_4 0x655b59c3
+#define T4_5 0x8f0ccc92
+#define T4_6 0xffeff47d
+#define T4_7 0x85845dd1
+#define T4_8 0x6fa87e4f
+#define T4_9 0xfe2ce6e0
#define T4_10 0xa3014314
#define T4_11 0x4e0811a1
#define T4_12 0xf7537e82
@@ -91,16 +91,16 @@
#define T4_14 0x2ad7d2bb
#define T4_15 0xeb86d391
-#define R1B0 0
-#define R1B1 1
-#define R1B2 2
-#define R1B3 3
-#define R1B4 4
-#define R1B5 5
-#define R1B6 6
-#define R1B7 7
-#define R1B8 8
-#define R1B9 9
+#define R1B0 0
+#define R1B1 1
+#define R1B2 2
+#define R1B3 3
+#define R1B4 4
+#define R1B5 5
+#define R1B6 6
+#define R1B7 7
+#define R1B8 8
+#define R1B9 9
#define R1B10 10
#define R1B11 11
#define R1B12 12
@@ -108,56 +108,56 @@
#define R1B14 14
#define R1B15 15
-#define R2B0 1
-#define R2B1 6
-#define R2B2 11
-#define R2B3 0
-#define R2B4 5
-#define R2B5 10
-#define R2B6 15
-#define R2B7 4
-#define R2B8 9
-#define R2B9 14
-#define R2B10 3
-#define R2B11 8
+#define R2B0 1
+#define R2B1 6
+#define R2B2 11
+#define R2B3 0
+#define R2B4 5
+#define R2B5 10
+#define R2B6 15
+#define R2B7 4
+#define R2B8 9
+#define R2B9 14
+#define R2B10 3
+#define R2B11 8
#define R2B12 13
-#define R2B13 2
-#define R2B14 7
+#define R2B13 2
+#define R2B14 7
#define R2B15 12
-#define R3B0 5
-#define R3B1 8
-#define R3B2 11
-#define R3B3 14
-#define R3B4 1
-#define R3B5 4
-#define R3B6 7
-#define R3B7 10
-#define R3B8 13
-#define R3B9 0
-#define R3B10 3
-#define R3B11 6
-#define R3B12 9
+#define R3B0 5
+#define R3B1 8
+#define R3B2 11
+#define R3B3 14
+#define R3B4 1
+#define R3B5 4
+#define R3B6 7
+#define R3B7 10
+#define R3B8 13
+#define R3B9 0
+#define R3B10 3
+#define R3B11 6
+#define R3B12 9
#define R3B13 12
#define R3B14 15
-#define R3B15 2
-
-#define R4B0 0
-#define R4B1 7
-#define R4B2 14
-#define R4B3 5
-#define R4B4 12
-#define R4B5 3
-#define R4B6 10
-#define R4B7 1
-#define R4B8 8
-#define R4B9 15
-#define R4B10 6
+#define R3B15 2
+
+#define R4B0 0
+#define R4B1 7
+#define R4B2 14
+#define R4B3 5
+#define R4B4 12
+#define R4B5 3
+#define R4B6 10
+#define R4B7 1
+#define R4B8 8
+#define R4B9 15
+#define R4B10 6
#define R4B11 13
-#define R4B12 4
+#define R4B12 4
#define R4B13 11
-#define R4B14 2
-#define R4B15 9
+#define R4B14 2
+#define R4B15 9
#define S1_0 7
#define S1_1 12
@@ -180,358 +180,360 @@
#define S4_3 21
struct MD5ContextStr {
- PRUint32 lsbInput;
- PRUint32 msbInput;
- PRUint32 cv[4];
- union {
- PRUint8 b[64];
- PRUint32 w[16];
- } u;
+ PRUint32 lsbInput;
+ PRUint32 msbInput;
+ PRUint32 cv[4];
+ union {
+ PRUint8 b[64];
+ PRUint32 w[16];
+ } u;
};
#define inBuf u.b
-SECStatus
+SECStatus
MD5_Hash(unsigned char *dest, const char *src)
{
- return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+ return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
-SECStatus
+SECStatus
MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
{
- unsigned int len;
- MD5Context cx;
-
- MD5_Begin(&cx);
- MD5_Update(&cx, src, src_length);
- MD5_End(&cx, dest, &len, MD5_HASH_LEN);
- memset(&cx, 0, sizeof cx);
- return SECSuccess;
+ unsigned int len;
+ MD5Context cx;
+
+ MD5_Begin(&cx);
+ MD5_Update(&cx, src, src_length);
+ MD5_End(&cx, dest, &len, MD5_HASH_LEN);
+ memset(&cx, 0, sizeof cx);
+ return SECSuccess;
}
MD5Context *
MD5_NewContext(void)
{
- /* no need to ZAlloc, MD5_Begin will init the context */
- MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
- if (cx == NULL) {
- PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
- return NULL;
- }
- return cx;
+ /* no need to ZAlloc, MD5_Begin will init the context */
+ MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
+ if (cx == NULL) {
+ PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+ return NULL;
+ }
+ return cx;
}
-void
+void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
- memset(cx, 0, sizeof *cx);
- if (freeit) {
- PORT_Free(cx);
- }
+ memset(cx, 0, sizeof *cx);
+ if (freeit) {
+ PORT_Free(cx);
+ }
}
-void
+void
MD5_Begin(MD5Context *cx)
{
- cx->lsbInput = 0;
- cx->msbInput = 0;
-/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
- cx->cv[0] = CV0_1;
- cx->cv[1] = CV0_2;
- cx->cv[2] = CV0_3;
- cx->cv[3] = CV0_4;
+ cx->lsbInput = 0;
+ cx->msbInput = 0;
+ /* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
+ cx->cv[0] = CV0_1;
+ cx->cv[1] = CV0_2;
+ cx->cv[2] = CV0_3;
+ cx->cv[3] = CV0_4;
}
#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
#if defined(SOLARIS) || defined(HPUX)
#define addto64(sumhigh, sumlow, addend) \
- sumlow += addend; sumhigh += (sumlow < addend);
+ sumlow += addend; \
+ sumhigh += (sumlow < addend);
#else
#define addto64(sumhigh, sumlow, addend) \
- sumlow += addend; if (sumlow < addend) ++sumhigh;
+ sumlow += addend; \
+ if (sumlow < addend) \
+ ++sumhigh;
#endif
#define MASK 0x00ff00ff
#ifdef IS_LITTLE_ENDIAN
#define lendian(i32) \
- (i32)
+ (i32)
#else
#define lendian(i32) \
- (tmp = (i32 >> 16) | (i32 << 16), ((tmp & MASK) << 8) | ((tmp >> 8) & MASK))
+ (tmp = (i32 >> 16) | (i32 << 16), ((tmp & MASK) << 8) | ((tmp >> 8) & MASK))
#endif
#ifndef IS_LITTLE_ENDIAN
#define lebytes(b4) \
- ((b4)[3] << 24 | (b4)[2] << 16 | (b4)[1] << 8 | (b4)[0])
+ ((b4)[3] << 24 | (b4)[2] << 16 | (b4)[1] << 8 | (b4)[0])
static void
md5_prep_state_le(MD5Context *cx)
{
- PRUint32 tmp;
- cx->u.w[0] = lendian(cx->u.w[0]);
- cx->u.w[1] = lendian(cx->u.w[1]);
- cx->u.w[2] = lendian(cx->u.w[2]);
- cx->u.w[3] = lendian(cx->u.w[3]);
- cx->u.w[4] = lendian(cx->u.w[4]);
- cx->u.w[5] = lendian(cx->u.w[5]);
- cx->u.w[6] = lendian(cx->u.w[6]);
- cx->u.w[7] = lendian(cx->u.w[7]);
- cx->u.w[8] = lendian(cx->u.w[8]);
- cx->u.w[9] = lendian(cx->u.w[9]);
- cx->u.w[10] = lendian(cx->u.w[10]);
- cx->u.w[11] = lendian(cx->u.w[11]);
- cx->u.w[12] = lendian(cx->u.w[12]);
- cx->u.w[13] = lendian(cx->u.w[13]);
- cx->u.w[14] = lendian(cx->u.w[14]);
- cx->u.w[15] = lendian(cx->u.w[15]);
+ PRUint32 tmp;
+ cx->u.w[0] = lendian(cx->u.w[0]);
+ cx->u.w[1] = lendian(cx->u.w[1]);
+ cx->u.w[2] = lendian(cx->u.w[2]);
+ cx->u.w[3] = lendian(cx->u.w[3]);
+ cx->u.w[4] = lendian(cx->u.w[4]);
+ cx->u.w[5] = lendian(cx->u.w[5]);
+ cx->u.w[6] = lendian(cx->u.w[6]);
+ cx->u.w[7] = lendian(cx->u.w[7]);
+ cx->u.w[8] = lendian(cx->u.w[8]);
+ cx->u.w[9] = lendian(cx->u.w[9]);
+ cx->u.w[10] = lendian(cx->u.w[10]);
+ cx->u.w[11] = lendian(cx->u.w[11]);
+ cx->u.w[12] = lendian(cx->u.w[12]);
+ cx->u.w[13] = lendian(cx->u.w[13]);
+ cx->u.w[14] = lendian(cx->u.w[14]);
+ cx->u.w[15] = lendian(cx->u.w[15]);
}
static void
md5_prep_buffer_le(MD5Context *cx, const PRUint8 *beBuf)
{
- cx->u.w[0] = lebytes(&beBuf[0]);
- cx->u.w[1] = lebytes(&beBuf[4]);
- cx->u.w[2] = lebytes(&beBuf[8]);
- cx->u.w[3] = lebytes(&beBuf[12]);
- cx->u.w[4] = lebytes(&beBuf[16]);
- cx->u.w[5] = lebytes(&beBuf[20]);
- cx->u.w[6] = lebytes(&beBuf[24]);
- cx->u.w[7] = lebytes(&beBuf[28]);
- cx->u.w[8] = lebytes(&beBuf[32]);
- cx->u.w[9] = lebytes(&beBuf[36]);
- cx->u.w[10] = lebytes(&beBuf[40]);
- cx->u.w[11] = lebytes(&beBuf[44]);
- cx->u.w[12] = lebytes(&beBuf[48]);
- cx->u.w[13] = lebytes(&beBuf[52]);
- cx->u.w[14] = lebytes(&beBuf[56]);
- cx->u.w[15] = lebytes(&beBuf[60]);
+ cx->u.w[0] = lebytes(&beBuf[0]);
+ cx->u.w[1] = lebytes(&beBuf[4]);
+ cx->u.w[2] = lebytes(&beBuf[8]);
+ cx->u.w[3] = lebytes(&beBuf[12]);
+ cx->u.w[4] = lebytes(&beBuf[16]);
+ cx->u.w[5] = lebytes(&beBuf[20]);
+ cx->u.w[6] = lebytes(&beBuf[24]);
+ cx->u.w[7] = lebytes(&beBuf[28]);
+ cx->u.w[8] = lebytes(&beBuf[32]);
+ cx->u.w[9] = lebytes(&beBuf[36]);
+ cx->u.w[10] = lebytes(&beBuf[40]);
+ cx->u.w[11] = lebytes(&beBuf[44]);
+ cx->u.w[12] = lebytes(&beBuf[48]);
+ cx->u.w[13] = lebytes(&beBuf[52]);
+ cx->u.w[14] = lebytes(&beBuf[56]);
+ cx->u.w[15] = lebytes(&beBuf[60]);
}
#endif
-
#define F(X, Y, Z) \
- ((X & Y) | ((~X) & Z))
+ ((X & Y) | ((~X) & Z))
#define G(X, Y, Z) \
- ((X & Z) | (Y & (~Z)))
+ ((X & Z) | (Y & (~Z)))
#define H(X, Y, Z) \
- (X ^ Y ^ Z)
+ (X ^ Y ^ Z)
#define I(X, Y, Z) \
- (Y ^ (X | (~Z)))
+ (Y ^ (X | (~Z)))
#define FF(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + F(b, c, d) + bufint + ti, s)
+ a = b + cls(a + F(b, c, d) + bufint + ti, s)
#define GG(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + G(b, c, d) + bufint + ti, s)
+ a = b + cls(a + G(b, c, d) + bufint + ti, s)
#define HH(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + H(b, c, d) + bufint + ti, s)
+ a = b + cls(a + H(b, c, d) + bufint + ti, s)
#define II(a, b, c, d, bufint, s, ti) \
- a = b + cls(a + I(b, c, d) + bufint + ti, s)
+ a = b + cls(a + I(b, c, d) + bufint + ti, s)
static void
md5_compress(MD5Context *cx, const PRUint32 *wBuf)
{
- PRUint32 a, b, c, d;
- PRUint32 tmp;
- a = cx->cv[0];
- b = cx->cv[1];
- c = cx->cv[2];
- d = cx->cv[3];
- FF(a, b, c, d, wBuf[R1B0 ], S1_0, T1_0);
- FF(d, a, b, c, wBuf[R1B1 ], S1_1, T1_1);
- FF(c, d, a, b, wBuf[R1B2 ], S1_2, T1_2);
- FF(b, c, d, a, wBuf[R1B3 ], S1_3, T1_3);
- FF(a, b, c, d, wBuf[R1B4 ], S1_0, T1_4);
- FF(d, a, b, c, wBuf[R1B5 ], S1_1, T1_5);
- FF(c, d, a, b, wBuf[R1B6 ], S1_2, T1_6);
- FF(b, c, d, a, wBuf[R1B7 ], S1_3, T1_7);
- FF(a, b, c, d, wBuf[R1B8 ], S1_0, T1_8);
- FF(d, a, b, c, wBuf[R1B9 ], S1_1, T1_9);
- FF(c, d, a, b, wBuf[R1B10], S1_2, T1_10);
- FF(b, c, d, a, wBuf[R1B11], S1_3, T1_11);
- FF(a, b, c, d, wBuf[R1B12], S1_0, T1_12);
- FF(d, a, b, c, wBuf[R1B13], S1_1, T1_13);
- FF(c, d, a, b, wBuf[R1B14], S1_2, T1_14);
- FF(b, c, d, a, wBuf[R1B15], S1_3, T1_15);
- GG(a, b, c, d, wBuf[R2B0 ], S2_0, T2_0);
- GG(d, a, b, c, wBuf[R2B1 ], S2_1, T2_1);
- GG(c, d, a, b, wBuf[R2B2 ], S2_2, T2_2);
- GG(b, c, d, a, wBuf[R2B3 ], S2_3, T2_3);
- GG(a, b, c, d, wBuf[R2B4 ], S2_0, T2_4);
- GG(d, a, b, c, wBuf[R2B5 ], S2_1, T2_5);
- GG(c, d, a, b, wBuf[R2B6 ], S2_2, T2_6);
- GG(b, c, d, a, wBuf[R2B7 ], S2_3, T2_7);
- GG(a, b, c, d, wBuf[R2B8 ], S2_0, T2_8);
- GG(d, a, b, c, wBuf[R2B9 ], S2_1, T2_9);
- GG(c, d, a, b, wBuf[R2B10], S2_2, T2_10);
- GG(b, c, d, a, wBuf[R2B11], S2_3, T2_11);
- GG(a, b, c, d, wBuf[R2B12], S2_0, T2_12);
- GG(d, a, b, c, wBuf[R2B13], S2_1, T2_13);
- GG(c, d, a, b, wBuf[R2B14], S2_2, T2_14);
- GG(b, c, d, a, wBuf[R2B15], S2_3, T2_15);
- HH(a, b, c, d, wBuf[R3B0 ], S3_0, T3_0);
- HH(d, a, b, c, wBuf[R3B1 ], S3_1, T3_1);
- HH(c, d, a, b, wBuf[R3B2 ], S3_2, T3_2);
- HH(b, c, d, a, wBuf[R3B3 ], S3_3, T3_3);
- HH(a, b, c, d, wBuf[R3B4 ], S3_0, T3_4);
- HH(d, a, b, c, wBuf[R3B5 ], S3_1, T3_5);
- HH(c, d, a, b, wBuf[R3B6 ], S3_2, T3_6);
- HH(b, c, d, a, wBuf[R3B7 ], S3_3, T3_7);
- HH(a, b, c, d, wBuf[R3B8 ], S3_0, T3_8);
- HH(d, a, b, c, wBuf[R3B9 ], S3_1, T3_9);
- HH(c, d, a, b, wBuf[R3B10], S3_2, T3_10);
- HH(b, c, d, a, wBuf[R3B11], S3_3, T3_11);
- HH(a, b, c, d, wBuf[R3B12], S3_0, T3_12);
- HH(d, a, b, c, wBuf[R3B13], S3_1, T3_13);
- HH(c, d, a, b, wBuf[R3B14], S3_2, T3_14);
- HH(b, c, d, a, wBuf[R3B15], S3_3, T3_15);
- II(a, b, c, d, wBuf[R4B0 ], S4_0, T4_0);
- II(d, a, b, c, wBuf[R4B1 ], S4_1, T4_1);
- II(c, d, a, b, wBuf[R4B2 ], S4_2, T4_2);
- II(b, c, d, a, wBuf[R4B3 ], S4_3, T4_3);
- II(a, b, c, d, wBuf[R4B4 ], S4_0, T4_4);
- II(d, a, b, c, wBuf[R4B5 ], S4_1, T4_5);
- II(c, d, a, b, wBuf[R4B6 ], S4_2, T4_6);
- II(b, c, d, a, wBuf[R4B7 ], S4_3, T4_7);
- II(a, b, c, d, wBuf[R4B8 ], S4_0, T4_8);
- II(d, a, b, c, wBuf[R4B9 ], S4_1, T4_9);
- II(c, d, a, b, wBuf[R4B10], S4_2, T4_10);
- II(b, c, d, a, wBuf[R4B11], S4_3, T4_11);
- II(a, b, c, d, wBuf[R4B12], S4_0, T4_12);
- II(d, a, b, c, wBuf[R4B13], S4_1, T4_13);
- II(c, d, a, b, wBuf[R4B14], S4_2, T4_14);
- II(b, c, d, a, wBuf[R4B15], S4_3, T4_15);
- cx->cv[0] += a;
- cx->cv[1] += b;
- cx->cv[2] += c;
- cx->cv[3] += d;
+ PRUint32 a, b, c, d;
+ PRUint32 tmp;
+ a = cx->cv[0];
+ b = cx->cv[1];
+ c = cx->cv[2];
+ d = cx->cv[3];
+ FF(a, b, c, d, wBuf[R1B0], S1_0, T1_0);
+ FF(d, a, b, c, wBuf[R1B1], S1_1, T1_1);
+ FF(c, d, a, b, wBuf[R1B2], S1_2, T1_2);
+ FF(b, c, d, a, wBuf[R1B3], S1_3, T1_3);
+ FF(a, b, c, d, wBuf[R1B4], S1_0, T1_4);
+ FF(d, a, b, c, wBuf[R1B5], S1_1, T1_5);
+ FF(c, d, a, b, wBuf[R1B6], S1_2, T1_6);
+ FF(b, c, d, a, wBuf[R1B7], S1_3, T1_7);
+ FF(a, b, c, d, wBuf[R1B8], S1_0, T1_8);
+ FF(d, a, b, c, wBuf[R1B9], S1_1, T1_9);
+ FF(c, d, a, b, wBuf[R1B10], S1_2, T1_10);
+ FF(b, c, d, a, wBuf[R1B11], S1_3, T1_11);
+ FF(a, b, c, d, wBuf[R1B12], S1_0, T1_12);
+ FF(d, a, b, c, wBuf[R1B13], S1_1, T1_13);
+ FF(c, d, a, b, wBuf[R1B14], S1_2, T1_14);
+ FF(b, c, d, a, wBuf[R1B15], S1_3, T1_15);
+ GG(a, b, c, d, wBuf[R2B0], S2_0, T2_0);
+ GG(d, a, b, c, wBuf[R2B1], S2_1, T2_1);
+ GG(c, d, a, b, wBuf[R2B2], S2_2, T2_2);
+ GG(b, c, d, a, wBuf[R2B3], S2_3, T2_3);
+ GG(a, b, c, d, wBuf[R2B4], S2_0, T2_4);
+ GG(d, a, b, c, wBuf[R2B5], S2_1, T2_5);
+ GG(c, d, a, b, wBuf[R2B6], S2_2, T2_6);
+ GG(b, c, d, a, wBuf[R2B7], S2_3, T2_7);
+ GG(a, b, c, d, wBuf[R2B8], S2_0, T2_8);
+ GG(d, a, b, c, wBuf[R2B9], S2_1, T2_9);
+ GG(c, d, a, b, wBuf[R2B10], S2_2, T2_10);
+ GG(b, c, d, a, wBuf[R2B11], S2_3, T2_11);
+ GG(a, b, c, d, wBuf[R2B12], S2_0, T2_12);
+ GG(d, a, b, c, wBuf[R2B13], S2_1, T2_13);
+ GG(c, d, a, b, wBuf[R2B14], S2_2, T2_14);
+ GG(b, c, d, a, wBuf[R2B15], S2_3, T2_15);
+ HH(a, b, c, d, wBuf[R3B0], S3_0, T3_0);
+ HH(d, a, b, c, wBuf[R3B1], S3_1, T3_1);
+ HH(c, d, a, b, wBuf[R3B2], S3_2, T3_2);
+ HH(b, c, d, a, wBuf[R3B3], S3_3, T3_3);
+ HH(a, b, c, d, wBuf[R3B4], S3_0, T3_4);
+ HH(d, a, b, c, wBuf[R3B5], S3_1, T3_5);
+ HH(c, d, a, b, wBuf[R3B6], S3_2, T3_6);
+ HH(b, c, d, a, wBuf[R3B7], S3_3, T3_7);
+ HH(a, b, c, d, wBuf[R3B8], S3_0, T3_8);
+ HH(d, a, b, c, wBuf[R3B9], S3_1, T3_9);
+ HH(c, d, a, b, wBuf[R3B10], S3_2, T3_10);
+ HH(b, c, d, a, wBuf[R3B11], S3_3, T3_11);
+ HH(a, b, c, d, wBuf[R3B12], S3_0, T3_12);
+ HH(d, a, b, c, wBuf[R3B13], S3_1, T3_13);
+ HH(c, d, a, b, wBuf[R3B14], S3_2, T3_14);
+ HH(b, c, d, a, wBuf[R3B15], S3_3, T3_15);
+ II(a, b, c, d, wBuf[R4B0], S4_0, T4_0);
+ II(d, a, b, c, wBuf[R4B1], S4_1, T4_1);
+ II(c, d, a, b, wBuf[R4B2], S4_2, T4_2);
+ II(b, c, d, a, wBuf[R4B3], S4_3, T4_3);
+ II(a, b, c, d, wBuf[R4B4], S4_0, T4_4);
+ II(d, a, b, c, wBuf[R4B5], S4_1, T4_5);
+ II(c, d, a, b, wBuf[R4B6], S4_2, T4_6);
+ II(b, c, d, a, wBuf[R4B7], S4_3, T4_7);
+ II(a, b, c, d, wBuf[R4B8], S4_0, T4_8);
+ II(d, a, b, c, wBuf[R4B9], S4_1, T4_9);
+ II(c, d, a, b, wBuf[R4B10], S4_2, T4_10);
+ II(b, c, d, a, wBuf[R4B11], S4_3, T4_11);
+ II(a, b, c, d, wBuf[R4B12], S4_0, T4_12);
+ II(d, a, b, c, wBuf[R4B13], S4_1, T4_13);
+ II(c, d, a, b, wBuf[R4B14], S4_2, T4_14);
+ II(b, c, d, a, wBuf[R4B15], S4_3, T4_15);
+ cx->cv[0] += a;
+ cx->cv[1] += b;
+ cx->cv[2] += c;
+ cx->cv[3] += d;
}
-void
+void
MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
{
- PRUint32 bytesToConsume;
- PRUint32 inBufIndex = cx->lsbInput & 63;
- const PRUint32 *wBuf;
-
- /* Add the number of input bytes to the 64-bit input counter. */
- addto64(cx->msbInput, cx->lsbInput, inputLen);
- if (inBufIndex) {
- /* There is already data in the buffer. Fill with input. */
- bytesToConsume = PR_MIN(inputLen, MD5_BUFFER_SIZE - inBufIndex);
- memcpy(&cx->inBuf[inBufIndex], input, bytesToConsume);
- if (inBufIndex + bytesToConsume >= MD5_BUFFER_SIZE) {
- /* The buffer is filled. Run the compression function. */
+ PRUint32 bytesToConsume;
+ PRUint32 inBufIndex = cx->lsbInput & 63;
+ const PRUint32 *wBuf;
+
+ /* Add the number of input bytes to the 64-bit input counter. */
+ addto64(cx->msbInput, cx->lsbInput, inputLen);
+ if (inBufIndex) {
+ /* There is already data in the buffer. Fill with input. */
+ bytesToConsume = PR_MIN(inputLen, MD5_BUFFER_SIZE - inBufIndex);
+ memcpy(&cx->inBuf[inBufIndex], input, bytesToConsume);
+ if (inBufIndex + bytesToConsume >= MD5_BUFFER_SIZE) {
+/* The buffer is filled. Run the compression function. */
#ifndef IS_LITTLE_ENDIAN
- md5_prep_state_le(cx);
+ md5_prep_state_le(cx);
#endif
- md5_compress(cx, cx->u.w);
- }
- /* Remaining input. */
- inputLen -= bytesToConsume;
- input += bytesToConsume;
- }
-
- /* Iterate over 64-byte chunks of the message. */
- while (inputLen >= MD5_BUFFER_SIZE) {
+ md5_compress(cx, cx->u.w);
+ }
+ /* Remaining input. */
+ inputLen -= bytesToConsume;
+ input += bytesToConsume;
+ }
+
+ /* Iterate over 64-byte chunks of the message. */
+ while (inputLen >= MD5_BUFFER_SIZE) {
#ifdef IS_LITTLE_ENDIAN
#ifdef NSS_X86_OR_X64
- /* x86 can handle arithmetic on non-word-aligned buffers */
- wBuf = (PRUint32 *)input;
+ /* x86 can handle arithmetic on non-word-aligned buffers */
+ wBuf = (PRUint32 *)input;
#else
- if ((ptrdiff_t)input & 0x3) {
- /* buffer not aligned, copy it to force alignment */
- memcpy(cx->inBuf, input, MD5_BUFFER_SIZE);
- wBuf = cx->u.w;
- } else {
- /* buffer is aligned */
- wBuf = (PRUint32 *)input;
- }
+ if ((ptrdiff_t)input & 0x3) {
+ /* buffer not aligned, copy it to force alignment */
+ memcpy(cx->inBuf, input, MD5_BUFFER_SIZE);
+ wBuf = cx->u.w;
+ } else {
+ /* buffer is aligned */
+ wBuf = (PRUint32 *)input;
+ }
#endif
#else
- md5_prep_buffer_le(cx, input);
- wBuf = cx->u.w;
+ md5_prep_buffer_le(cx, input);
+ wBuf = cx->u.w;
#endif
- md5_compress(cx, wBuf);
- inputLen -= MD5_BUFFER_SIZE;
- input += MD5_BUFFER_SIZE;
- }
-
- /* Tail of message (message bytes mod 64). */
- if (inputLen)
- memcpy(cx->inBuf, input, inputLen);
+ md5_compress(cx, wBuf);
+ inputLen -= MD5_BUFFER_SIZE;
+ input += MD5_BUFFER_SIZE;
+ }
+
+ /* Tail of message (message bytes mod 64). */
+ if (inputLen)
+ memcpy(cx->inBuf, input, inputLen);
}
static const unsigned char padbytes[] = {
- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-void
+void
MD5_End(MD5Context *cx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
#ifndef IS_LITTLE_ENDIAN
- PRUint32 tmp;
+ PRUint32 tmp;
#endif
- PRUint32 lowInput, highInput;
- PRUint32 inBufIndex = cx->lsbInput & 63;
-
- if (maxDigestLen < MD5_HASH_LEN) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
-
- /* Copy out the length of bits input before padding. */
- lowInput = cx->lsbInput;
- highInput = (cx->msbInput << 3) | (lowInput >> 29);
- lowInput <<= 3;
-
- if (inBufIndex < MD5_END_BUFFER) {
- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
- } else {
- MD5_Update(cx, padbytes,
- MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
- }
-
- /* Store the number of bytes input (before padding) in final 64 bits. */
- cx->u.w[14] = lendian(lowInput);
- cx->u.w[15] = lendian(highInput);
-
- /* Final call to compress. */
+ PRUint32 lowInput, highInput;
+ PRUint32 inBufIndex = cx->lsbInput & 63;
+
+ if (maxDigestLen < MD5_HASH_LEN) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return;
+ }
+
+ /* Copy out the length of bits input before padding. */
+ lowInput = cx->lsbInput;
+ highInput = (cx->msbInput << 3) | (lowInput >> 29);
+ lowInput <<= 3;
+
+ if (inBufIndex < MD5_END_BUFFER) {
+ MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+ } else {
+ MD5_Update(cx, padbytes,
+ MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
+ }
+
+ /* Store the number of bytes input (before padding) in final 64 bits. */
+ cx->u.w[14] = lendian(lowInput);
+ cx->u.w[15] = lendian(highInput);
+
+/* Final call to compress. */
#ifndef IS_LITTLE_ENDIAN
- md5_prep_state_le(cx);
+ md5_prep_state_le(cx);
#endif
- md5_compress(cx, cx->u.w);
+ md5_compress(cx, cx->u.w);
- /* Copy the resulting values out of the chain variables into return buf. */
- if (digestLen)
- *digestLen = MD5_HASH_LEN;
+ /* Copy the resulting values out of the chain variables into return buf. */
+ if (digestLen)
+ *digestLen = MD5_HASH_LEN;
#ifndef IS_LITTLE_ENDIAN
- cx->cv[0] = lendian(cx->cv[0]);
- cx->cv[1] = lendian(cx->cv[1]);
- cx->cv[2] = lendian(cx->cv[2]);
- cx->cv[3] = lendian(cx->cv[3]);
+ cx->cv[0] = lendian(cx->cv[0]);
+ cx->cv[1] = lendian(cx->cv[1]);
+ cx->cv[2] = lendian(cx->cv[2]);
+ cx->cv[3] = lendian(cx->cv[3]);
#endif
- memcpy(digest, cx->cv, MD5_HASH_LEN);
+ memcpy(digest, cx->cv, MD5_HASH_LEN);
}
void
@@ -539,56 +541,57 @@ MD5_EndRaw(MD5Context *cx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
#ifndef IS_LITTLE_ENDIAN
- PRUint32 tmp;
+ PRUint32 tmp;
#endif
- PRUint32 cv[4];
+ PRUint32 cv[4];
- if (maxDigestLen < MD5_HASH_LEN) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return;
- }
+ if (maxDigestLen < MD5_HASH_LEN) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return;
+ }
- memcpy(cv, cx->cv, sizeof(cv));
+ memcpy(cv, cx->cv, sizeof(cv));
#ifndef IS_LITTLE_ENDIAN
- cv[0] = lendian(cv[0]);
- cv[1] = lendian(cv[1]);
- cv[2] = lendian(cv[2]);
- cv[3] = lendian(cv[3]);
+ cv[0] = lendian(cv[0]);
+ cv[1] = lendian(cv[1]);
+ cv[2] = lendian(cv[2]);
+ cv[3] = lendian(cv[3]);
#endif
- memcpy(digest, cv, MD5_HASH_LEN);
- if (digestLen)
- *digestLen = MD5_HASH_LEN;
+ memcpy(digest, cv, MD5_HASH_LEN);
+ if (digestLen)
+ *digestLen = MD5_HASH_LEN;
}
-unsigned int
+unsigned int
MD5_FlattenSize(MD5Context *cx)
{
- return sizeof(*cx);
+ return sizeof(*cx);
}
-SECStatus
+SECStatus
MD5_Flatten(MD5Context *cx, unsigned char *space)
{
- memcpy(space, cx, sizeof(*cx));
- return SECSuccess;
+ memcpy(space, cx, sizeof(*cx));
+ return SECSuccess;
}
-MD5Context *
+MD5Context *
MD5_Resurrect(unsigned char *space, void *arg)
{
- MD5Context *cx = MD5_NewContext();
- if (cx)
- memcpy(cx, space, sizeof(*cx));
- return cx;
+ MD5Context *cx = MD5_NewContext();
+ if (cx)
+ memcpy(cx, space, sizeof(*cx));
+ return cx;
}
-void MD5_Clone(MD5Context *dest, MD5Context *src)
+void
+MD5_Clone(MD5Context *dest, MD5Context *src)
{
- memcpy(dest, src, sizeof *dest);
+ memcpy(dest, src, sizeof *dest);
}
-void
+void
MD5_TraceState(MD5Context *cx)
{
- PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+ PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
}
diff --git a/lib/freebl/mknewpc2.c b/lib/freebl/mknewpc2.c
index b0957fa99..6b2968816 100644
--- a/lib/freebl/mknewpc2.c
+++ b/lib/freebl/mknewpc2.c
@@ -8,7 +8,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
typedef unsigned char BYTE;
-typedef unsigned int HALF;
+typedef unsigned int HALF;
#define DES_ENCRYPT 0
#define DES_DECRYPT 1
@@ -19,65 +19,64 @@ static HALF C0, D0;
static HALF L0, R0;
/* key schedule, 16 internal keys, each with 8 6-bit parts */
-static BYTE KS [8] [16];
-
+static BYTE KS[8][16];
/*
- * This table takes the 56 bits in C0 and D0 and shows show they are
+ * This table takes the 56 bits in C0 and D0 and shows show they are
* permuted into the 8 6-bit parts of the key in the key schedule.
* The bits of C0 are numbered left to right, 1-28.
* The bits of D0 are numbered left to right, 29-56.
* Zeros in this table represent bits that are always zero.
- * Note that all the bits in the first 4 rows come from C0,
+ * Note that all the bits in the first 4 rows come from C0,
* and all the bits in the second 4 rows come from D0.
*/
static const BYTE PC2[64] = {
- 14, 17, 11, 24, 1, 5, 0, 0, /* S1 */
- 3, 28, 15, 6, 21, 10, 0, 0, /* S2 */
- 23, 19, 12, 4, 26, 8, 0, 0, /* S3 */
- 16, 7, 27, 20, 13, 2, 0, 0, /* S4 */
-
- 41, 52, 31, 37, 47, 55, 0, 0, /* S5 */
- 30, 40, 51, 45, 33, 48, 0, 0, /* S6 */
- 44, 49, 39, 56, 34, 53, 0, 0, /* S7 */
- 46, 42, 50, 36, 29, 32, 0, 0 /* S8 */
+ 14, 17, 11, 24, 1, 5, 0, 0, /* S1 */
+ 3, 28, 15, 6, 21, 10, 0, 0, /* S2 */
+ 23, 19, 12, 4, 26, 8, 0, 0, /* S3 */
+ 16, 7, 27, 20, 13, 2, 0, 0, /* S4 */
+
+ 41, 52, 31, 37, 47, 55, 0, 0, /* S5 */
+ 30, 40, 51, 45, 33, 48, 0, 0, /* S6 */
+ 44, 49, 39, 56, 34, 53, 0, 0, /* S7 */
+ 46, 42, 50, 36, 29, 32, 0, 0 /* S8 */
};
-/* This table represents the same info as PC2, except that
+/* This table represents the same info as PC2, except that
* The bits of C0 and D0 are each numbered right to left, 0-27.
* -1 values indicate bits that are always zero.
- * As before all the bits in the first 4 rows come from C0,
+ * As before all the bits in the first 4 rows come from C0,
* and all the bits in the second 4 rows come from D0.
*/
-static signed char PC2a[64] = {
-/* bits of C0 */
- 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */
- 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */
- 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */
- 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */
-/* bits of D0 */
- 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */
- 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */
- 12, 7, 17, 0, 22, 3, -1, -1, /* S7 */
- 10, 14, 6, 20, 27, 24, -1, -1 /* S8 */
+static signed char PC2a[64] = {
+ /* bits of C0 */
+ 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */
+ 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */
+ 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */
+ 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */
+ /* bits of D0 */
+ 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */
+ 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */
+ 12, 7, 17, 0, 22, 3, -1, -1, /* S7 */
+ 10, 14, 6, 20, 27, 24, -1, -1 /* S8 */
};
-/* This table represents the same info as PC2a, except that
+/* This table represents the same info as PC2a, except that
* The order of of the rows has been changed to increase the efficiency
* with which the key sechedule is created.
* Fewer shifts and ANDs are required to make the KS from these.
*/
static const signed char PC2b[64] = {
-/* bits of C0 */
- 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */
- 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */
- 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */
- 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */
-/* bits of D0 */
- 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */
- 10, 14, 6, 20, 27, 24, -1, -1, /* S8 */
- 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */
- 12, 7, 17, 0, 22, 3, -1, -1 /* S7 */
+ /* bits of C0 */
+ 14, 11, 17, 4, 27, 23, -1, -1, /* S1 */
+ 5, 9, 16, 24, 2, 20, -1, -1, /* S3 */
+ 25, 0, 13, 22, 7, 18, -1, -1, /* S2 */
+ 12, 21, 1, 8, 15, 26, -1, -1, /* S4 */
+ /* bits of D0 */
+ 26, 16, 5, 11, 23, 8, -1, -1, /* S6 */
+ 10, 14, 6, 20, 27, 24, -1, -1, /* S8 */
+ 15, 4, 25, 19, 9, 1, -1, -1, /* S5 */
+ 12, 7, 17, 0, 22, 3, -1, -1 /* S7 */
};
/* Only 24 of the 28 bits in C0 and D0 are used in PC2.
@@ -85,54 +84,54 @@ static const signed char PC2b[64] = {
* so that the PC2 permutation can be accomplished with 4 lookups
* in tables of 64 entries.
* The following table shows how the bits of C0 and D0 are grouped
- * into indexes for the respective table lookups.
+ * into indexes for the respective table lookups.
* Bits are numbered right-to-left, 0-27, as in PC2b.
*/
static BYTE NDX[48] = {
-/* Bits of C0 */
- 27, 26, 25, 24, 23, 22, /* C0 table 0 */
- 18, 17, 16, 15, 14, 13, /* C0 table 1 */
- 9, 8, 7, 2, 1, 0, /* C0 table 2 */
- 5, 4, 21, 20, 12, 11, /* C0 table 3 */
-/* bits of D0 */
- 27, 26, 25, 24, 23, 22, /* D0 table 0 */
- 20, 19, 17, 16, 15, 14, /* D0 table 1 */
- 12, 11, 10, 9, 8, 7, /* D0 table 2 */
- 6, 5, 4, 3, 1, 0 /* D0 table 3 */
+ /* Bits of C0 */
+ 27, 26, 25, 24, 23, 22, /* C0 table 0 */
+ 18, 17, 16, 15, 14, 13, /* C0 table 1 */
+ 9, 8, 7, 2, 1, 0, /* C0 table 2 */
+ 5, 4, 21, 20, 12, 11, /* C0 table 3 */
+ /* bits of D0 */
+ 27, 26, 25, 24, 23, 22, /* D0 table 0 */
+ 20, 19, 17, 16, 15, 14, /* D0 table 1 */
+ 12, 11, 10, 9, 8, 7, /* D0 table 2 */
+ 6, 5, 4, 3, 1, 0 /* D0 table 3 */
};
-/* Here's the code that does that grouping.
- left = PC2LOOKUP(0, 0, ((c0 >> 22) & 0x3F) );
- left |= PC2LOOKUP(0, 1, ((c0 >> 13) & 0x3F) );
- left |= PC2LOOKUP(0, 2, ((c0 >> 4) & 0x38) | (c0 & 0x7) );
- left |= PC2LOOKUP(0, 3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
+/* Here's the code that does that grouping.
+ left = PC2LOOKUP(0, 0, ((c0 >> 22) & 0x3F) );
+ left |= PC2LOOKUP(0, 1, ((c0 >> 13) & 0x3F) );
+ left |= PC2LOOKUP(0, 2, ((c0 >> 4) & 0x38) | (c0 & 0x7) );
+ left |= PC2LOOKUP(0, 3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
- right = PC2LOOKUP(1, 0, ((d0 >> 22) & 0x3F) );
- right |= PC2LOOKUP(1, 1, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
- right |= PC2LOOKUP(1, 2, ((d0 >> 7) & 0x3F) );
- right |= PC2LOOKUP(1, 3, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
+ right = PC2LOOKUP(1, 0, ((d0 >> 22) & 0x3F) );
+ right |= PC2LOOKUP(1, 1, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
+ right |= PC2LOOKUP(1, 2, ((d0 >> 7) & 0x3F) );
+ right |= PC2LOOKUP(1, 3, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
*/
void
-make_pc2a( void )
+make_pc2a(void)
{
int i, j;
- for ( i = 0; i < 64; ++i ) {
- j = PC2[i];
- if (j == 0)
- j = -1;
- else if ( j < 29 )
- j = 28 - j ;
- else
- j = 56 - j;
- PC2a[i] = j;
+ for (i = 0; i < 64; ++i) {
+ j = PC2[i];
+ if (j == 0)
+ j = -1;
+ else if (j < 29)
+ j = 28 - j;
+ else
+ j = 56 - j;
+ PC2a[i] = j;
}
- for ( i = 0; i < 64; i += 8 ) {
- printf("%3d,%3d,%3d,%3d,%3d,%3d,%3d,%3d,\n",
- PC2a[i+0],PC2a[i+1],PC2a[i+2],PC2a[i+3],
- PC2a[i+4],PC2a[i+5],PC2a[i+6],PC2a[i+7] );
+ for (i = 0; i < 64; i += 8) {
+ printf("%3d,%3d,%3d,%3d,%3d,%3d,%3d,%3d,\n",
+ PC2a[i + 0], PC2a[i + 1], PC2a[i + 2], PC2a[i + 3],
+ PC2a[i + 4], PC2a[i + 5], PC2a[i + 6], PC2a[i + 7]);
}
}
@@ -141,70 +140,69 @@ HALF PC2cd0[64];
HALF PC_2H[8][64];
void
-mktable( )
+mktable()
{
int i;
int table;
- const BYTE * ndx = NDX;
- HALF mask;
+ const BYTE* ndx = NDX;
+ HALF mask;
- mask = 0x80000000;
+ mask = 0x80000000;
for (i = 0; i < 32; ++i, mask >>= 1) {
- int bit = PC2b[i];
- if (bit < 0)
- continue;
- PC2cd0[bit + 32] = mask;
+ int bit = PC2b[i];
+ if (bit < 0)
+ continue;
+ PC2cd0[bit + 32] = mask;
}
- mask = 0x80000000;
+ mask = 0x80000000;
for (i = 32; i < 64; ++i, mask >>= 1) {
- int bit = PC2b[i];
- if (bit < 0)
- continue;
- PC2cd0[bit] = mask;
+ int bit = PC2b[i];
+ if (bit < 0)
+ continue;
+ PC2cd0[bit] = mask;
}
#if DEBUG
for (i = 0; i < 64; ++i) {
- printf("0x%08x,\n", PC2cd0[i]);
+ printf("0x%08x,\n", PC2cd0[i]);
}
#endif
for (i = 0; i < 24; ++i) {
- NDX[i] += 32; /* because c0 is the upper half */
+ NDX[i] += 32; /* because c0 is the upper half */
}
for (table = 0; table < 8; ++table) {
- HALF bitvals[6];
- for (i = 0; i < 6; ++i) {
- bitvals[5-i] = PC2cd0[*ndx++];
- }
- for (i = 0; i < 64; ++i) {
- int j;
- int k = 0;
- HALF value = 0;
-
- for (j = i; j; j >>= 1, ++k) {
- if (j & 1) {
- value |= bitvals[k];
- }
- }
- PC_2H[table][i] = value;
- }
- printf("/* table %d */ {\n", table );
- for (i = 0; i < 64; i += 4) {
- printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x, \n",
- PC_2H[table][i], PC_2H[table][i+1],
- PC_2H[table][i+2], PC_2H[table][i+3]);
- }
- printf(" },\n");
+ HALF bitvals[6];
+ for (i = 0; i < 6; ++i) {
+ bitvals[5 - i] = PC2cd0[*ndx++];
+ }
+ for (i = 0; i < 64; ++i) {
+ int j;
+ int k = 0;
+ HALF value = 0;
+
+ for (j = i; j; j >>= 1, ++k) {
+ if (j & 1) {
+ value |= bitvals[k];
+ }
+ }
+ PC_2H[table][i] = value;
+ }
+ printf("/* table %d */ {\n", table);
+ for (i = 0; i < 64; i += 4) {
+ printf(" 0x%08x, 0x%08x, 0x%08x, 0x%08x, \n",
+ PC_2H[table][i], PC_2H[table][i + 1],
+ PC_2H[table][i + 2], PC_2H[table][i + 3]);
+ }
+ printf(" },\n");
}
}
-
int
main(void)
{
-/* make_pc2a(); */
- mktable();
- return 0;
+ /* make_pc2a(); */
+ mktable();
+ return 0;
}
diff --git a/lib/freebl/mksp.c b/lib/freebl/mksp.c
index 99b9917b8..ca83ac8e7 100644
--- a/lib/freebl/mksp.c
+++ b/lib/freebl/mksp.c
@@ -14,66 +14,58 @@
* from FIPS 46, pages 15-16.
*/
unsigned char S[8][64] = {
-/* Func S1 = */ {
- 14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1,
- 3, 10, 10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8,
- 4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7,
- 15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13
- },
-/* Func S2 = */ {
- 15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14,
- 9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5,
- 0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2,
- 5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9
- },
-/* Func S3 = */ {
- 10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10,
- 1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1,
- 13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7,
- 11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12
- },
-/* Func S4 = */ {
- 7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3,
- 1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9,
- 10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8,
- 15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14
- },
-/* Func S5 = */ {
- 2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1,
- 8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6,
- 4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13,
- 15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3
- },
-/* Func S6 = */ {
- 12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5,
- 0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8,
- 9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10,
- 7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13
- },
-/* Func S7 = */ {
- 4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10,
- 3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6,
- 1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7,
- 10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12
- },
-/* Func S8 = */ {
- 13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4,
- 10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2,
- 7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13,
- 0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11
- }
+ /* Func S1 = */
+ { 14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1,
+ 3, 10, 10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8,
+ 4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7,
+ 15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13 },
+ /* Func S2 = */
+ { 15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14,
+ 9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5,
+ 0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2,
+ 5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9 },
+ /* Func S3 = */
+ { 10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10,
+ 1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1,
+ 13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7,
+ 11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12 },
+ /* Func S4 = */
+ { 7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3,
+ 1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9,
+ 10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8,
+ 15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14 },
+ /* Func S5 = */
+ { 2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1,
+ 8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6,
+ 4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13,
+ 15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3 },
+ /* Func S6 = */
+ { 12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5,
+ 0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8,
+ 9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10,
+ 7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13 },
+ /* Func S7 = */
+ { 4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10,
+ 3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6,
+ 1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7,
+ 10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12 },
+ /* Func S8 = */
+ { 13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4,
+ 10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2,
+ 7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13,
+ 0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11 }
};
/*
* Permutation function for results from s-boxes
* from FIPS 46 pages 12 and 16.
- * P =
+ * P =
*/
unsigned char P[32] = {
- 16, 7, 20, 21, 29, 12, 28, 17,
- 1, 15, 23, 26, 5, 18, 31, 10,
- 2, 8, 24, 14, 32, 27, 3, 9,
- 19, 13, 30, 6, 22, 11, 4, 25
+ 16, 7, 20, 21, 29, 12, 28, 17,
+ 1, 15, 23, 26, 5, 18, 31, 10,
+ 2, 8, 24, 14, 32, 27, 3, 9,
+ 19, 13, 30, 6, 22, 11, 4, 25
};
unsigned int Pinv[32];
@@ -85,9 +77,9 @@ makePinv(void)
int i;
unsigned int Pi = 0x80000000;
for (i = 0; i < 32; ++i) {
- int j = 32 - P[i];
- Pinv[j] = Pi;
- Pi >>= 1;
+ int j = 32 - P[i];
+ Pinv[j] = Pi;
+ Pi >>= 1;
}
}
@@ -96,25 +88,25 @@ makeSP(void)
{
int box;
for (box = 0; box < 8; ++box) {
- int item;
- printf("/* box S%d */ {\n", box + 1);
- for (item = 0; item < 64; ++item ) {
- unsigned int s = S[box][item];
- unsigned int val = 0;
- unsigned int bitnum = (7-box) * 4;
- for (; s; s >>= 1, ++bitnum) {
- if (s & 1) {
- val |= Pinv[bitnum];
- }
- }
- val = (val << 3) | (val >> 29);
- SP[box][item] = val;
- }
- for (item = 0; item < 64; item += 4) {
- printf("\t0x%08x, 0x%08x, 0x%08x, 0x%08x,\n",
- SP[box][item], SP[box][item+1], SP[box][item+2], SP[box][item+3]);
- }
- printf(" },\n");
+ int item;
+ printf("/* box S%d */ {\n", box + 1);
+ for (item = 0; item < 64; ++item) {
+ unsigned int s = S[box][item];
+ unsigned int val = 0;
+ unsigned int bitnum = (7 - box) * 4;
+ for (; s; s >>= 1, ++bitnum) {
+ if (s & 1) {
+ val |= Pinv[bitnum];
+ }
+ }
+ val = (val << 3) | (val >> 29);
+ SP[box][item] = val;
+ }
+ for (item = 0; item < 64; item += 4) {
+ printf("\t0x%08x, 0x%08x, 0x%08x, 0x%08x,\n",
+ SP[box][item], SP[box][item + 1], SP[box][item + 2], SP[box][item + 3]);
+ }
+ printf(" },\n");
}
}
diff --git a/lib/freebl/mpi/logtab.h b/lib/freebl/mpi/logtab.h
index 1f2660e49..24cb13c5b 100644
--- a/lib/freebl/mpi/logtab.h
+++ b/lib/freebl/mpi/logtab.h
@@ -8,22 +8,21 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const float s_logv_2[] = {
- 0.000000000f, 0.000000000f, 1.000000000f, 0.630929754f, /* 0 1 2 3 */
- 0.500000000f, 0.430676558f, 0.386852807f, 0.356207187f, /* 4 5 6 7 */
- 0.333333333f, 0.315464877f, 0.301029996f, 0.289064826f, /* 8 9 10 11 */
- 0.278942946f, 0.270238154f, 0.262649535f, 0.255958025f, /* 12 13 14 15 */
- 0.250000000f, 0.244650542f, 0.239812467f, 0.235408913f, /* 16 17 18 19 */
- 0.231378213f, 0.227670249f, 0.224243824f, 0.221064729f, /* 20 21 22 23 */
- 0.218104292f, 0.215338279f, 0.212746054f, 0.210309918f, /* 24 25 26 27 */
- 0.208014598f, 0.205846832f, 0.203795047f, 0.201849087f, /* 28 29 30 31 */
- 0.200000000f, 0.198239863f, 0.196561632f, 0.194959022f, /* 32 33 34 35 */
- 0.193426404f, 0.191958720f, 0.190551412f, 0.189200360f, /* 36 37 38 39 */
- 0.187901825f, 0.186652411f, 0.185449023f, 0.184288833f, /* 40 41 42 43 */
- 0.183169251f, 0.182087900f, 0.181042597f, 0.180031327f, /* 44 45 46 47 */
- 0.179052232f, 0.178103594f, 0.177183820f, 0.176291434f, /* 48 49 50 51 */
- 0.175425064f, 0.174583430f, 0.173765343f, 0.172969690f, /* 52 53 54 55 */
- 0.172195434f, 0.171441601f, 0.170707280f, 0.169991616f, /* 56 57 58 59 */
- 0.169293808f, 0.168613099f, 0.167948779f, 0.167300179f, /* 60 61 62 63 */
- 0.166666667f
+ 0.000000000f, 0.000000000f, 1.000000000f, 0.630929754f, /* 0 1 2 3 */
+ 0.500000000f, 0.430676558f, 0.386852807f, 0.356207187f, /* 4 5 6 7 */
+ 0.333333333f, 0.315464877f, 0.301029996f, 0.289064826f, /* 8 9 10 11 */
+ 0.278942946f, 0.270238154f, 0.262649535f, 0.255958025f, /* 12 13 14 15 */
+ 0.250000000f, 0.244650542f, 0.239812467f, 0.235408913f, /* 16 17 18 19 */
+ 0.231378213f, 0.227670249f, 0.224243824f, 0.221064729f, /* 20 21 22 23 */
+ 0.218104292f, 0.215338279f, 0.212746054f, 0.210309918f, /* 24 25 26 27 */
+ 0.208014598f, 0.205846832f, 0.203795047f, 0.201849087f, /* 28 29 30 31 */
+ 0.200000000f, 0.198239863f, 0.196561632f, 0.194959022f, /* 32 33 34 35 */
+ 0.193426404f, 0.191958720f, 0.190551412f, 0.189200360f, /* 36 37 38 39 */
+ 0.187901825f, 0.186652411f, 0.185449023f, 0.184288833f, /* 40 41 42 43 */
+ 0.183169251f, 0.182087900f, 0.181042597f, 0.180031327f, /* 44 45 46 47 */
+ 0.179052232f, 0.178103594f, 0.177183820f, 0.176291434f, /* 48 49 50 51 */
+ 0.175425064f, 0.174583430f, 0.173765343f, 0.172969690f, /* 52 53 54 55 */
+ 0.172195434f, 0.171441601f, 0.170707280f, 0.169991616f, /* 56 57 58 59 */
+ 0.169293808f, 0.168613099f, 0.167948779f, 0.167300179f, /* 60 61 62 63 */
+ 0.166666667f
};
-
diff --git a/lib/freebl/mpi/mdxptest.c b/lib/freebl/mpi/mdxptest.c
index 3f8db4ce6..adbcfc3d1 100644
--- a/lib/freebl/mpi/mdxptest.c
+++ b/lib/freebl/mpi/mdxptest.c
@@ -11,35 +11,34 @@
/* #define OLD_WAY 1 */
-/* This key is the 1024-bit test key used for speed testing of RSA private
+/* This key is the 1024-bit test key used for speed testing of RSA private
** key ops.
*/
#define CONST const
static CONST unsigned char default_n[128] = {
-0xc2,0xae,0x96,0x89,0xaf,0xce,0xd0,0x7b,0x3b,0x35,0xfd,0x0f,0xb1,0xf4,0x7a,0xd1,
-0x3c,0x7d,0xb5,0x86,0xf2,0x68,0x36,0xc9,0x97,0xe6,0x82,0x94,0x86,0xaa,0x05,0x39,
-0xec,0x11,0x51,0xcc,0x5c,0xa1,0x59,0xba,0x29,0x18,0xf3,0x28,0xf1,0x9d,0xe3,0xae,
-0x96,0x5d,0x6d,0x87,0x73,0xf6,0xf6,0x1f,0xd0,0x2d,0xfb,0x2f,0x7a,0x13,0x7f,0xc8,
-0x0c,0x7a,0xe9,0x85,0xfb,0xce,0x74,0x86,0xf8,0xef,0x2f,0x85,0x37,0x73,0x0f,0x62,
-0x4e,0x93,0x17,0xb7,0x7e,0x84,0x9a,0x94,0x11,0x05,0xca,0x0d,0x31,0x4b,0x2a,0xc8,
-0xdf,0xfe,0xe9,0x0c,0x13,0xc7,0xf2,0xad,0x19,0x64,0x28,0x3c,0xb5,0x6a,0xc8,0x4b,
-0x79,0xea,0x7c,0xce,0x75,0x92,0x45,0x3e,0xa3,0x9d,0x64,0x6f,0x04,0x69,0x19,0x17
+ 0xc2, 0xae, 0x96, 0x89, 0xaf, 0xce, 0xd0, 0x7b, 0x3b, 0x35, 0xfd, 0x0f, 0xb1, 0xf4, 0x7a, 0xd1,
+ 0x3c, 0x7d, 0xb5, 0x86, 0xf2, 0x68, 0x36, 0xc9, 0x97, 0xe6, 0x82, 0x94, 0x86, 0xaa, 0x05, 0x39,
+ 0xec, 0x11, 0x51, 0xcc, 0x5c, 0xa1, 0x59, 0xba, 0x29, 0x18, 0xf3, 0x28, 0xf1, 0x9d, 0xe3, 0xae,
+ 0x96, 0x5d, 0x6d, 0x87, 0x73, 0xf6, 0xf6, 0x1f, 0xd0, 0x2d, 0xfb, 0x2f, 0x7a, 0x13, 0x7f, 0xc8,
+ 0x0c, 0x7a, 0xe9, 0x85, 0xfb, 0xce, 0x74, 0x86, 0xf8, 0xef, 0x2f, 0x85, 0x37, 0x73, 0x0f, 0x62,
+ 0x4e, 0x93, 0x17, 0xb7, 0x7e, 0x84, 0x9a, 0x94, 0x11, 0x05, 0xca, 0x0d, 0x31, 0x4b, 0x2a, 0xc8,
+ 0xdf, 0xfe, 0xe9, 0x0c, 0x13, 0xc7, 0xf2, 0xad, 0x19, 0x64, 0x28, 0x3c, 0xb5, 0x6a, 0xc8, 0x4b,
+ 0x79, 0xea, 0x7c, 0xce, 0x75, 0x92, 0x45, 0x3e, 0xa3, 0x9d, 0x64, 0x6f, 0x04, 0x69, 0x19, 0x17
};
static CONST unsigned char default_d[128] = {
-0x13,0xcb,0xbc,0xf2,0xf3,0x35,0x8c,0x6d,0x7b,0x6f,0xd9,0xf3,0xa6,0x9c,0xbd,0x80,
-0x59,0x2e,0x4f,0x2f,0x11,0xa7,0x17,0x2b,0x18,0x8f,0x0f,0xe8,0x1a,0x69,0x5f,0x6e,
-0xac,0x5a,0x76,0x7e,0xd9,0x4c,0x6e,0xdb,0x47,0x22,0x8a,0x57,0x37,0x7a,0x5e,0x94,
-0x7a,0x25,0xb5,0xe5,0x78,0x1d,0x3c,0x99,0xaf,0x89,0x7d,0x69,0x2e,0x78,0x9d,0x1d,
-0x84,0xc8,0xc1,0xd7,0x1a,0xb2,0x6d,0x2d,0x8a,0xd9,0xab,0x6b,0xce,0xae,0xb0,0xa0,
-0x58,0x55,0xad,0x5c,0x40,0x8a,0xd6,0x96,0x08,0x8a,0xe8,0x63,0xe6,0x3d,0x6c,0x20,
-0x49,0xc7,0xaf,0x0f,0x25,0x73,0xd3,0x69,0x43,0x3b,0xf2,0x32,0xf8,0x3d,0x5e,0xee,
-0x7a,0xca,0xd6,0x94,0x55,0xe5,0xbd,0x25,0x34,0x8d,0x63,0x40,0xb5,0x8a,0xc3,0x01
+ 0x13, 0xcb, 0xbc, 0xf2, 0xf3, 0x35, 0x8c, 0x6d, 0x7b, 0x6f, 0xd9, 0xf3, 0xa6, 0x9c, 0xbd, 0x80,
+ 0x59, 0x2e, 0x4f, 0x2f, 0x11, 0xa7, 0x17, 0x2b, 0x18, 0x8f, 0x0f, 0xe8, 0x1a, 0x69, 0x5f, 0x6e,
+ 0xac, 0x5a, 0x76, 0x7e, 0xd9, 0x4c, 0x6e, 0xdb, 0x47, 0x22, 0x8a, 0x57, 0x37, 0x7a, 0x5e, 0x94,
+ 0x7a, 0x25, 0xb5, 0xe5, 0x78, 0x1d, 0x3c, 0x99, 0xaf, 0x89, 0x7d, 0x69, 0x2e, 0x78, 0x9d, 0x1d,
+ 0x84, 0xc8, 0xc1, 0xd7, 0x1a, 0xb2, 0x6d, 0x2d, 0x8a, 0xd9, 0xab, 0x6b, 0xce, 0xae, 0xb0, 0xa0,
+ 0x58, 0x55, 0xad, 0x5c, 0x40, 0x8a, 0xd6, 0x96, 0x08, 0x8a, 0xe8, 0x63, 0xe6, 0x3d, 0x6c, 0x20,
+ 0x49, 0xc7, 0xaf, 0x0f, 0x25, 0x73, 0xd3, 0x69, 0x43, 0x3b, 0xf2, 0x32, 0xf8, 0x3d, 0x5e, 0xee,
+ 0x7a, 0xca, 0xd6, 0x94, 0x55, 0xe5, 0xbd, 0x25, 0x34, 0x8d, 0x63, 0x40, 0xb5, 0x8a, 0xc3, 0x01
};
-
#define DEFAULT_ITERS 50
typedef clock_t timetype;
@@ -53,39 +52,43 @@ struct TimingContextStr {
timetype end;
timetype interval;
- int minutes;
- int seconds;
- int millisecs;
+ int minutes;
+ int seconds;
+ int millisecs;
};
typedef struct TimingContextStr TimingContext;
-TimingContext *CreateTimingContext(void)
+TimingContext *
+CreateTimingContext(void)
{
return (TimingContext *)malloc(sizeof(TimingContext));
}
-void DestroyTimingContext(TimingContext *ctx)
+void
+DestroyTimingContext(TimingContext *ctx)
{
free(ctx);
}
-void TimingBegin(TimingContext *ctx)
+void
+TimingBegin(TimingContext *ctx)
{
gettime(&ctx->start);
}
-static void timingUpdate(TimingContext *ctx)
+static void
+timingUpdate(TimingContext *ctx)
{
ctx->millisecs = msec(ctx->interval) % 1000;
- ctx->seconds = sec(ctx->interval);
- ctx->minutes = ctx->seconds / 60;
- ctx->seconds %= 60;
-
+ ctx->seconds = sec(ctx->interval);
+ ctx->minutes = ctx->seconds / 60;
+ ctx->seconds %= 60;
}
-void TimingEnd(TimingContext *ctx)
+void
+TimingEnd(TimingContext *ctx)
{
gettime(&ctx->end);
ctx->interval = ctx->end;
@@ -93,17 +96,18 @@ void TimingEnd(TimingContext *ctx)
timingUpdate(ctx);
}
-char *TimingGenerateString(TimingContext *ctx)
+char *
+TimingGenerateString(TimingContext *ctx)
{
static char sBuf[4096];
sprintf(sBuf, "%d minutes, %d.%03d seconds", ctx->minutes,
- ctx->seconds, ctx->millisecs);
+ ctx->seconds, ctx->millisecs);
return sBuf;
}
static void
-dumpBytes( unsigned char * b, int l)
+dumpBytes(unsigned char *b, int l)
{
int i;
if (l <= 0)
@@ -121,17 +125,17 @@ dumpBytes( unsigned char * b, int l)
}
static mp_err
-testNewFuncs(const unsigned char * modulusBytes, int modulus_len)
+testNewFuncs(const unsigned char *modulusBytes, int modulus_len)
{
- mp_err mperr = MP_OKAY;
+ mp_err mperr = MP_OKAY;
mp_int modulus;
unsigned char buf[512];
mperr = mp_init(&modulus);
- mperr = mp_read_unsigned_octets(&modulus, modulusBytes, modulus_len );
+ mperr = mp_read_unsigned_octets(&modulus, modulusBytes, modulus_len);
mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len);
- mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len+1);
- mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len+4);
+ mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len + 1);
+ mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len + 4);
mperr = mp_to_unsigned_octets(&modulus, buf, modulus_len);
mperr = mp_to_signed_octets(&modulus, buf, modulus_len + 1);
mp_clear(&modulus);
@@ -139,41 +143,41 @@ testNewFuncs(const unsigned char * modulusBytes, int modulus_len)
}
int
-testModExp( const unsigned char * modulusBytes,
- const unsigned int expo,
- const unsigned char * input,
- unsigned char * output,
- int modulus_len)
+testModExp(const unsigned char *modulusBytes,
+ const unsigned int expo,
+ const unsigned char *input,
+ unsigned char *output,
+ int modulus_len)
{
- mp_err mperr = MP_OKAY;
+ mp_err mperr = MP_OKAY;
mp_int modulus;
mp_int base;
mp_int exponent;
mp_int result;
- mperr = mp_init(&modulus);
+ mperr = mp_init(&modulus);
mperr += mp_init(&base);
mperr += mp_init(&exponent);
mperr += mp_init(&result);
/* we initialize all mp_ints unconditionally, even if some fail.
** This guarantees that the DIGITS pointer is valid (even if null).
- ** So, mp_clear will do the right thing below.
+ ** So, mp_clear will do the right thing below.
*/
if (mperr == MP_OKAY) {
- mperr = mp_read_unsigned_octets(&modulus,
- modulusBytes + (sizeof default_n - modulus_len), modulus_len );
- mperr += mp_read_unsigned_octets(&base, input, modulus_len );
- mp_set(&exponent, expo);
- if (mperr == MP_OKAY) {
+ mperr = mp_read_unsigned_octets(&modulus,
+ modulusBytes + (sizeof default_n - modulus_len), modulus_len);
+ mperr += mp_read_unsigned_octets(&base, input, modulus_len);
+ mp_set(&exponent, expo);
+ if (mperr == MP_OKAY) {
#if OLD_WAY
- mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
+ mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
#else
- mperr = mp_exptmod(&base, &exponent, &modulus, &result);
+ mperr = mp_exptmod(&base, &exponent, &modulus, &result);
#endif
- if (mperr == MP_OKAY) {
- mperr = mp_to_fixlen_octets(&result, output, modulus_len);
- }
- }
+ if (mperr == MP_OKAY) {
+ mperr = mp_to_fixlen_octets(&result, output, modulus_len);
+ }
+ }
}
mp_clear(&base);
mp_clear(&result);
@@ -185,41 +189,41 @@ testModExp( const unsigned char * modulusBytes,
}
int
-doModExp( const unsigned char * modulusBytes,
- const unsigned char * exponentBytes,
- const unsigned char * input,
- unsigned char * output,
- int modulus_len)
+doModExp(const unsigned char *modulusBytes,
+ const unsigned char *exponentBytes,
+ const unsigned char *input,
+ unsigned char *output,
+ int modulus_len)
{
- mp_err mperr = MP_OKAY;
+ mp_err mperr = MP_OKAY;
mp_int modulus;
mp_int base;
mp_int exponent;
mp_int result;
- mperr = mp_init(&modulus);
+ mperr = mp_init(&modulus);
mperr += mp_init(&base);
mperr += mp_init(&exponent);
mperr += mp_init(&result);
/* we initialize all mp_ints unconditionally, even if some fail.
** This guarantees that the DIGITS pointer is valid (even if null).
- ** So, mp_clear will do the right thing below.
+ ** So, mp_clear will do the right thing below.
*/
if (mperr == MP_OKAY) {
- mperr = mp_read_unsigned_octets(&modulus,
- modulusBytes + (sizeof default_n - modulus_len), modulus_len );
- mperr += mp_read_unsigned_octets(&exponent, exponentBytes, modulus_len );
- mperr += mp_read_unsigned_octets(&base, input, modulus_len );
- if (mperr == MP_OKAY) {
+ mperr = mp_read_unsigned_octets(&modulus,
+ modulusBytes + (sizeof default_n - modulus_len), modulus_len);
+ mperr += mp_read_unsigned_octets(&exponent, exponentBytes, modulus_len);
+ mperr += mp_read_unsigned_octets(&base, input, modulus_len);
+ if (mperr == MP_OKAY) {
#if OLD_WAY
- mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
+ mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
#else
- mperr = mp_exptmod(&base, &exponent, &modulus, &result);
+ mperr = mp_exptmod(&base, &exponent, &modulus, &result);
#endif
- if (mperr == MP_OKAY) {
- mperr = mp_to_fixlen_octets(&result, output, modulus_len);
- }
- }
+ if (mperr == MP_OKAY) {
+ mperr = mp_to_fixlen_octets(&result, output, modulus_len);
+ }
+ }
}
mp_clear(&base);
mp_clear(&result);
@@ -233,55 +237,55 @@ doModExp( const unsigned char * modulusBytes,
int
main(int argc, char **argv)
{
- TimingContext * timeCtx;
- char * progName;
- long iters = DEFAULT_ITERS;
- unsigned int modulus_len;
- int i;
- int rv;
- unsigned char buf [1024];
- unsigned char buf2[1024];
+ TimingContext *timeCtx;
+ char *progName;
+ long iters = DEFAULT_ITERS;
+ unsigned int modulus_len;
+ int i;
+ int rv;
+ unsigned char buf[1024];
+ unsigned char buf2[1024];
progName = strrchr(argv[0], '/');
if (!progName)
- progName = strrchr(argv[0], '\\');
- progName = progName ? progName+1 : argv[0];
+ progName = strrchr(argv[0], '\\');
+ progName = progName ? progName + 1 : argv[0];
if (argc >= 2) {
- iters = atol(argv[1]);
+ iters = atol(argv[1]);
}
if (argc >= 3) {
- modulus_len = atol(argv[2]);
- } else
- modulus_len = sizeof default_n;
+ modulus_len = atol(argv[2]);
+ } else
+ modulus_len = sizeof default_n;
/* no library init function !? */
memset(buf, 0x41, sizeof buf);
- if (iters < 2) {
- testNewFuncs( default_n, modulus_len);
- testNewFuncs( default_n+1, modulus_len - 1);
- testNewFuncs( default_n+2, modulus_len - 2);
- testNewFuncs( default_n+3, modulus_len - 3);
+ if (iters < 2) {
+ testNewFuncs(default_n, modulus_len);
+ testNewFuncs(default_n + 1, modulus_len - 1);
+ testNewFuncs(default_n + 2, modulus_len - 2);
+ testNewFuncs(default_n + 3, modulus_len - 3);
- rv = testModExp(default_n, 0, buf, buf2, modulus_len);
- dumpBytes((unsigned char *)buf2, modulus_len);
+ rv = testModExp(default_n, 0, buf, buf2, modulus_len);
+ dumpBytes((unsigned char *)buf2, modulus_len);
- rv = testModExp(default_n, 1, buf, buf2, modulus_len);
- dumpBytes((unsigned char *)buf2, modulus_len);
+ rv = testModExp(default_n, 1, buf, buf2, modulus_len);
+ dumpBytes((unsigned char *)buf2, modulus_len);
- rv = testModExp(default_n, 2, buf, buf2, modulus_len);
- dumpBytes((unsigned char *)buf2, modulus_len);
+ rv = testModExp(default_n, 2, buf, buf2, modulus_len);
+ dumpBytes((unsigned char *)buf2, modulus_len);
- rv = testModExp(default_n, 3, buf, buf2, modulus_len);
- dumpBytes((unsigned char *)buf2, modulus_len);
- }
+ rv = testModExp(default_n, 3, buf, buf2, modulus_len);
+ dumpBytes((unsigned char *)buf2, modulus_len);
+ }
rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
if (rv != 0) {
- fprintf(stderr, "Error in modexp operation:\n");
- exit(1);
+ fprintf(stderr, "Error in modexp operation:\n");
+ exit(1);
}
dumpBytes((unsigned char *)buf2, modulus_len);
@@ -289,11 +293,11 @@ main(int argc, char **argv)
TimingBegin(timeCtx);
i = iters;
while (i--) {
- rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
- if (rv != 0) {
- fprintf(stderr, "Error in modexp operation\n");
- exit(1);
- }
+ rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
+ if (rv != 0) {
+ fprintf(stderr, "Error in modexp operation\n");
+ exit(1);
+ }
}
TimingEnd(timeCtx);
printf("%ld iterations in %s\n", iters, TimingGenerateString(timeCtx));
diff --git a/lib/freebl/mpi/montmulf.c b/lib/freebl/mpi/montmulf.c
index 3f93d3e76..ce8fbc31d 100644
--- a/lib/freebl/mpi/montmulf.c
+++ b/lib/freebl/mpi/montmulf.c
@@ -6,11 +6,11 @@
#define RF_INLINE_MACROS 1
#endif
-static const double TwoTo16=65536.0;
-static const double TwoToMinus16=1.0/65536.0;
-static const double Zero=0.0;
-static const double TwoTo32=65536.0*65536.0;
-static const double TwoToMinus32=1.0/(65536.0*65536.0);
+static const double TwoTo16 = 65536.0;
+static const double TwoToMinus16 = 1.0 / 65536.0;
+static const double Zero = 0.0;
+static const double TwoTo32 = 65536.0 * 65536.0;
+static const double TwoToMinus32 = 1.0 / (65536.0 * 65536.0);
#ifdef RF_INLINE_MACROS
@@ -18,13 +18,12 @@ double upper32(double);
double lower32(double, double);
double mod(double, double, double);
-void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/,
- const double * /* 2^16*/,
- const double * /* 0 */,
- double * /*result16*/,
- double * /* result32 */,
- float * /*source - should be unsigned int*
- converted to float* */);
+void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/,
+ const double * /* 2^16*/,
+ const double * /* 0 */,
+ double * /*result16*/,
+ double * /* result32 */,
+ float * /*source - should be unsigned int* converted to float* */);
#else
#ifdef MP_USE_FLOOR
@@ -33,263 +32,255 @@ void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/,
#define floor(d) ((double)((unsigned long long)(d)))
#endif
-static double upper32(double x)
+static double
+upper32(double x)
{
- return floor(x*TwoToMinus32);
+ return floor(x * TwoToMinus32);
}
-static double lower32(double x, double y)
+static double
+lower32(double x, double y)
{
- return x-TwoTo32*floor(x*TwoToMinus32);
+ return x - TwoTo32 * floor(x * TwoToMinus32);
}
-static double mod(double x, double oneoverm, double m)
+static double
+mod(double x, double oneoverm, double m)
{
- return x-m*floor(x*oneoverm);
+ return x - m * floor(x * oneoverm);
}
#endif
-
-static void cleanup(double *dt, int from, int tlen)
+static void
+cleanup(double *dt, int from, int tlen)
{
- int i;
- double tmp,tmp1,x,x1;
-
- tmp=tmp1=Zero;
- /* original code **
- for(i=2*from;i<2*tlen-2;i++)
- {
- x=dt[i];
- dt[i]=lower32(x,Zero)+tmp1;
- tmp1=tmp;
- tmp=upper32(x);
- }
- dt[tlen-2]+=tmp1;
- dt[tlen-1]+=tmp;
- **end original code ***/
- /* new code ***/
- for(i=2*from;i<2*tlen;i+=2)
- {
- x=dt[i];
- x1=dt[i+1];
- dt[i]=lower32(x,Zero)+tmp;
- dt[i+1]=lower32(x1,Zero)+tmp1;
- tmp=upper32(x);
- tmp1=upper32(x1);
- }
- /** end new code **/
-}
+ int i;
+ double tmp, tmp1, x, x1;
+ tmp = tmp1 = Zero;
+ /* original code **
+ for(i=2*from;i<2*tlen-2;i++)
+ {
+ x=dt[i];
+ dt[i]=lower32(x,Zero)+tmp1;
+ tmp1=tmp;
+ tmp=upper32(x);
+ }
+ dt[tlen-2]+=tmp1;
+ dt[tlen-1]+=tmp;
+ **end original code ***/
+ /* new code ***/
+ for (i = 2 * from; i < 2 * tlen; i += 2) {
+ x = dt[i];
+ x1 = dt[i + 1];
+ dt[i] = lower32(x, Zero) + tmp;
+ dt[i + 1] = lower32(x1, Zero) + tmp1;
+ tmp = upper32(x);
+ tmp1 = upper32(x1);
+ }
+ /** end new code **/
+}
-void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+void
+conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
{
-int i;
-long long t, t1, a, b, c, d;
-
- t1=0;
- a=(long long)d16[0];
- b=(long long)d16[1];
- for(i=0; i<ilen-1; i++)
- {
- c=(long long)d16[2*i+2];
- t1+=(unsigned int)a;
- t=(a>>32);
- d=(long long)d16[2*i+3];
- t1+=(b&0xffff)<<16;
- t+=(b>>16)+(t1>>32);
- i32[i]=(unsigned int)t1;
- t1=t;
- a=c;
- b=d;
- }
- t1+=(unsigned int)a;
- t=(a>>32);
- t1+=(b&0xffff)<<16;
- i32[i]=(unsigned int)t1;
+ int i;
+ long long t, t1, a, b, c, d;
+
+ t1 = 0;
+ a = (long long)d16[0];
+ b = (long long)d16[1];
+ for (i = 0; i < ilen - 1; i++) {
+ c = (long long)d16[2 * i + 2];
+ t1 += (unsigned int)a;
+ t = (a >> 32);
+ d = (long long)d16[2 * i + 3];
+ t1 += (b & 0xffff) << 16;
+ t += (b >> 16) + (t1 >> 32);
+ i32[i] = (unsigned int)t1;
+ t1 = t;
+ a = c;
+ b = d;
+ }
+ t1 += (unsigned int)a;
+ t = (a >> 32);
+ t1 += (b & 0xffff) << 16;
+ i32[i] = (unsigned int)t1;
}
-void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+void
+conv_i32_to_d32(double *d32, unsigned int *i32, int len)
{
-int i;
+ int i;
#pragma pipeloop(0)
- for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+ for (i = 0; i < len; i++)
+ d32[i] = (double)(i32[i]);
}
-
-void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+void
+conv_i32_to_d16(double *d16, unsigned int *i32, int len)
{
-int i;
-unsigned int a;
+ int i;
+ unsigned int a;
#pragma pipeloop(0)
- for(i=0;i<len;i++)
- {
- a=i32[i];
- d16[2*i]=(double)(a&0xffff);
- d16[2*i+1]=(double)(a>>16);
- }
+ for (i = 0; i < len; i++) {
+ a = i32[i];
+ d16[2 * i] = (double)(a & 0xffff);
+ d16[2 * i + 1] = (double)(a >> 16);
+ }
}
-
-void conv_i32_to_d32_and_d16(double *d32, double *d16,
- unsigned int *i32, int len)
+void
+conv_i32_to_d32_and_d16(double *d32, double *d16,
+ unsigned int *i32, int len)
{
-int i = 0;
-unsigned int a;
+ int i = 0;
+ unsigned int a;
#pragma pipeloop(0)
#ifdef RF_INLINE_MACROS
- for(;i<len-3;i+=4)
- {
- i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
- &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
- }
+ for (; i < len - 3; i += 4) {
+ i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+ &(d16[2 * i]), &(d32[i]), (float *)(&(i32[i])));
+ }
#endif
- for(;i<len;i++)
- {
- a=i32[i];
- d32[i]=(double)(i32[i]);
- d16[2*i]=(double)(a&0xffff);
- d16[2*i+1]=(double)(a>>16);
- }
+ for (; i < len; i++) {
+ a = i32[i];
+ d32[i] = (double)(i32[i]);
+ d16[2 * i] = (double)(a & 0xffff);
+ d16[2 * i + 1] = (double)(a >> 16);
+ }
}
-
-void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+void
+adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
{
-long long acc;
-int i;
-
- if(i32[len]>0) i=-1;
- else
- {
- for(i=len-1; i>=0; i--)
- {
- if(i32[i]!=nint[i]) break;
- }
- }
- if((i<0)||(i32[i]>nint[i]))
- {
- acc=0;
- for(i=0;i<len;i++)
- {
- acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
- i32[i]=(unsigned int)acc;
- acc=acc>>32;
- }
- }
+ long long acc;
+ int i;
+
+ if (i32[len] > 0)
+ i = -1;
+ else {
+ for (i = len - 1; i >= 0; i--) {
+ if (i32[i] != nint[i])
+ break;
+ }
+ }
+ if ((i < 0) || (i32[i] > nint[i])) {
+ acc = 0;
+ for (i = 0; i < len; i++) {
+ acc = acc + (unsigned long long)(i32[i]) - (unsigned long long)(nint[i]);
+ i32[i] = (unsigned int)acc;
+ acc = acc >> 32;
+ }
+ }
}
-
-
-
/*
** the lengths of the input arrays should be at least the following:
** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
** all of them should be different from one another
**
*/
-void mont_mulf_noconv(unsigned int *result,
- double *dm1, double *dm2, double *dt,
- double *dn, unsigned int *nint,
- int nlen, double dn0)
+void
+mont_mulf_noconv(unsigned int *result,
+ double *dm1, double *dm2, double *dt,
+ double *dn, unsigned int *nint,
+ int nlen, double dn0)
{
- int i, j, jj;
- int tmp;
- double digit, m2j, nextm2j, a, b;
- double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
-
- pdm1=&(dm1[0]);
- pdm2=&(dm2[0]);
- pdn=&(dn[0]);
- pdm2[2*nlen]=Zero;
-
- if (nlen!=16)
- {
- for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
-
- a=dt[0]=pdm1[0]*pdm2[0];
- digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
-
- pdtj=&(dt[0]);
- for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
- {
- m2j=pdm2[j];
- a=pdtj[0]+pdn[0]*digit;
- b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
- pdtj[1]=b;
+ int i, j, jj;
+ int tmp;
+ double digit, m2j, nextm2j, a, b;
+ double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+
+ pdm1 = &(dm1[0]);
+ pdm2 = &(dm2[0]);
+ pdn = &(dn[0]);
+ pdm2[2 * nlen] = Zero;
+
+ if (nlen != 16) {
+ for (i = 0; i < 4 * nlen + 2; i++)
+ dt[i] = Zero;
+
+ a = dt[0] = pdm1[0] * pdm2[0];
+ digit = mod(lower32(a, Zero) * dn0, TwoToMinus16, TwoTo16);
+
+ pdtj = &(dt[0]);
+ for (j = jj = 0; j < 2 * nlen; j++, jj++, pdtj++) {
+ m2j = pdm2[j];
+ a = pdtj[0] + pdn[0] * digit;
+ b = pdtj[1] + pdm1[0] * pdm2[j + 1] + a * TwoToMinus16;
+ pdtj[1] = b;
#pragma pipeloop(0)
- for(i=1;i<nlen;i++)
- {
- pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
- }
- if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
-
- digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
- }
- }
- else
- {
- a=dt[0]=pdm1[0]*pdm2[0];
-
- dt[65]= dt[64]= dt[63]= dt[62]= dt[61]= dt[60]=
- dt[59]= dt[58]= dt[57]= dt[56]= dt[55]= dt[54]=
- dt[53]= dt[52]= dt[51]= dt[50]= dt[49]= dt[48]=
- dt[47]= dt[46]= dt[45]= dt[44]= dt[43]= dt[42]=
- dt[41]= dt[40]= dt[39]= dt[38]= dt[37]= dt[36]=
- dt[35]= dt[34]= dt[33]= dt[32]= dt[31]= dt[30]=
- dt[29]= dt[28]= dt[27]= dt[26]= dt[25]= dt[24]=
- dt[23]= dt[22]= dt[21]= dt[20]= dt[19]= dt[18]=
- dt[17]= dt[16]= dt[15]= dt[14]= dt[13]= dt[12]=
- dt[11]= dt[10]= dt[ 9]= dt[ 8]= dt[ 7]= dt[ 6]=
- dt[ 5]= dt[ 4]= dt[ 3]= dt[ 2]= dt[ 1]=Zero;
-
- pdn_0=pdn[0];
- pdm1_0=pdm1[0];
-
- digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
- pdtj=&(dt[0]);
-
- for(j=0;j<32;j++,pdtj++)
- {
-
- m2j=pdm2[j];
- a=pdtj[0]+pdn_0*digit;
- b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
- pdtj[1]=b;
-
- /**** this loop will be fully unrolled:
- for(i=1;i<16;i++)
- {
- pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
- }
- *************************************/
- pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
- pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
- pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
- pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
- pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
- pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
- pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
- pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
- pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
- pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
- pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
- pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
- pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
- pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
- pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
- /* no need for cleenup, cannot overflow */
- digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
- }
- }
-
- conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
-
- adjust_montf_result(result,nint,nlen);
-
+ for (i = 1; i < nlen; i++) {
+ pdtj[2 * i] += pdm1[i] * m2j + pdn[i] * digit;
+ }
+ if ((jj == 30)) {
+ cleanup(dt, j / 2 + 1, 2 * nlen + 1);
+ jj = 0;
+ }
+
+ digit = mod(lower32(b, Zero) * dn0, TwoToMinus16, TwoTo16);
+ }
+ } else {
+ a = dt[0] = pdm1[0] * pdm2[0];
+
+ dt[65] = dt[64] = dt[63] = dt[62] = dt[61] = dt[60] =
+ dt[59] = dt[58] = dt[57] = dt[56] = dt[55] = dt[54] =
+ dt[53] = dt[52] = dt[51] = dt[50] = dt[49] = dt[48] =
+ dt[47] = dt[46] = dt[45] = dt[44] = dt[43] = dt[42] =
+ dt[41] = dt[40] = dt[39] = dt[38] = dt[37] = dt[36] =
+ dt[35] = dt[34] = dt[33] = dt[32] = dt[31] = dt[30] =
+ dt[29] = dt[28] = dt[27] = dt[26] = dt[25] = dt[24] =
+ dt[23] = dt[22] = dt[21] = dt[20] = dt[19] = dt[18] =
+ dt[17] = dt[16] = dt[15] = dt[14] = dt[13] = dt[12] =
+ dt[11] = dt[10] = dt[9] = dt[8] = dt[7] = dt[6] =
+ dt[5] = dt[4] = dt[3] = dt[2] = dt[1] = Zero;
+
+ pdn_0 = pdn[0];
+ pdm1_0 = pdm1[0];
+
+ digit = mod(lower32(a, Zero) * dn0, TwoToMinus16, TwoTo16);
+ pdtj = &(dt[0]);
+
+ for (j = 0; j < 32; j++, pdtj++) {
+
+ m2j = pdm2[j];
+ a = pdtj[0] + pdn_0 * digit;
+ b = pdtj[1] + pdm1_0 * pdm2[j + 1] + a * TwoToMinus16;
+ pdtj[1] = b;
+
+ /**** this loop will be fully unrolled:
+ for(i=1;i<16;i++)
+ {
+ pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+ }
+ *************************************/
+ pdtj[2] += pdm1[1] * m2j + pdn[1] * digit;
+ pdtj[4] += pdm1[2] * m2j + pdn[2] * digit;
+ pdtj[6] += pdm1[3] * m2j + pdn[3] * digit;
+ pdtj[8] += pdm1[4] * m2j + pdn[4] * digit;
+ pdtj[10] += pdm1[5] * m2j + pdn[5] * digit;
+ pdtj[12] += pdm1[6] * m2j + pdn[6] * digit;
+ pdtj[14] += pdm1[7] * m2j + pdn[7] * digit;
+ pdtj[16] += pdm1[8] * m2j + pdn[8] * digit;
+ pdtj[18] += pdm1[9] * m2j + pdn[9] * digit;
+ pdtj[20] += pdm1[10] * m2j + pdn[10] * digit;
+ pdtj[22] += pdm1[11] * m2j + pdn[11] * digit;
+ pdtj[24] += pdm1[12] * m2j + pdn[12] * digit;
+ pdtj[26] += pdm1[13] * m2j + pdn[13] * digit;
+ pdtj[28] += pdm1[14] * m2j + pdn[14] * digit;
+ pdtj[30] += pdm1[15] * m2j + pdn[15] * digit;
+ /* no need for cleenup, cannot overflow */
+ digit = mod(lower32(b, Zero) * dn0, TwoToMinus16, TwoTo16);
+ }
+ }
+
+ conv_d16_to_i32(result, dt + 2 * nlen, (long long *)dt, nlen + 1);
+
+ adjust_montf_result(result, nint, nlen);
}
-
diff --git a/lib/freebl/mpi/montmulf.h b/lib/freebl/mpi/montmulf.h
index 7039c0bd0..69bed4acb 100644
--- a/lib/freebl/mpi/montmulf.h
+++ b/lib/freebl/mpi/montmulf.h
@@ -6,7 +6,6 @@
* following interfaces and array size requirements:
*/
-
void conv_i32_to_d32(double *d32, unsigned int *i32, int len);
/* Converts an array of int's to an array of doubles, so that each double
@@ -16,7 +15,6 @@ void conv_i32_to_d32(double *d32, unsigned int *i32, int len);
* (doubles and unsigned ints, respectively)
*/
-
void conv_i32_to_d16(double *d16, unsigned int *i32, int len);
/* Converts an array of int's to an array of doubles so that each element
@@ -29,24 +27,22 @@ void conv_i32_to_d16(double *d16, unsigned int *i32, int len);
* 2*len and i32 should point an array of ints of size at least len
*/
-
-void conv_i32_to_d32_and_d16(double *d32, double *d16,
- unsigned int *i32, int len);
+void conv_i32_to_d32_and_d16(double *d32, double *d16,
+ unsigned int *i32, int len);
/* Does the above two conversions together, it is much faster than doing
* both of those in succession
*/
-
void mont_mulf_noconv(unsigned int *result,
- double *dm1, double *dm2, double *dt,
- double *dn, unsigned int *nint,
- int nlen, double dn0);
+ double *dm1, double *dm2, double *dt,
+ double *dn, unsigned int *nint,
+ int nlen, double dn0);
/* Does the Montgomery multiplication of the numbers stored in the arrays
* pointed to by dm1 and dm2, writing the result to the array pointed to by
* result. It uses the array pointed to by dt as a temporary work area.
- * nint should point to the modulus in the array-of-integers representation,
+ * nint should point to the modulus in the array-of-integers representation,
* dn should point to its array-of-doubles as obtained as a result of the
* function call conv_i32_to_d32(dn, nint, nlen);
* nlen is the length of the array containing the modulus.
@@ -54,10 +50,10 @@ void mont_mulf_noconv(unsigned int *result,
* call conv_i32_to_d32(dm1, m1, nlen), the representation for dm2 is the
* result of the function call conv_i32_to_d16(dm2, m2, nlen).
* Note that m1 and m2 should both be of length nlen, so they should be
- * padded with 0's if necessary before the conversion. The result comes in
+ * padded with 0's if necessary before the conversion. The result comes in
* this form (int representation, padded with 0's).
* dn0 is the value of the 16 least significant bits of n0'.
- * The function does not allocate memory for any of the arrays, so the
+ * The function does not allocate memory for any of the arrays, so the
* pointers should point to arrays with the following minimal sizes:
* result - nlen+1
* dm1 - nlen
@@ -66,4 +62,4 @@ void mont_mulf_noconv(unsigned int *result,
* dn - nlen
* nint - nlen
* No two arrays should point to overlapping areas of memory.
- */
+ */
diff --git a/lib/freebl/mpi/mp_comba.c b/lib/freebl/mpi/mp_comba.c
index f12f454a1..3b4937b98 100644
--- a/lib/freebl/mpi/mp_comba.c
+++ b/lib/freebl/mpi/mp_comba.c
@@ -10,1289 +10,3226 @@
*/
/* TomsFastMath, a fast ISO C bignum library.
- *
+ *
* This project is meant to fill in where LibTomMath
* falls short. That is speed ;-)
*
* This project is public domain and free for all purposes.
- *
+ *
* Tom St Denis, tomstdenis@iahu.ca
*/
-
#include "mpi-priv.h"
-
-
/* clamp digits */
-#define mp_clamp(a) { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : ZPOS; }
+#define mp_clamp(a) \
+ { \
+ while ((a)->used && (a)->dp[(a)->used - 1] == 0) \
+ --((a)->used); \
+ (a)->sign = (a)->used ? (a)->sign : ZPOS; \
+ }
/* anything you need at the start */
#define COMBA_START
/* clear the chaining variables */
#define COMBA_CLEAR \
- c0 = c1 = c2 = 0;
+ c0 = c1 = c2 = 0;
/* forward the carry to the next digit */
#define COMBA_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
+ do { \
+ c0 = c1; \
+ c1 = c2; \
+ c2 = 0; \
+ } while (0);
/* anything you need at the end */
#define COMBA_FINI
/* this should multiply i and j */
-#define MULADD(i, j) \
-__asm__ ( \
- "movq %6,%%rax \n\t" \
- "mulq %7 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-
-
+#define MULADD(i, j) \
+ __asm__( \
+ "movq %6,%%rax \n\t" \
+ "mulq %7 \n\t" \
+ "addq %%rax,%0 \n\t" \
+ "adcq %%rdx,%1 \n\t" \
+ "adcq $0,%2 \n\t" \
+ : "=r"(c0), "=r"(c1), "=r"(c2) \
+ : "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) \
+ : "%rax", "%rdx", "cc");
/* sqr macros only */
#define CLEAR_CARRY \
- c0 = c1 = c2 = 0;
+ c0 = c1 = c2 = 0;
#define COMBA_STORE(x) \
- x = c0;
+ x = c0;
#define COMBA_STORE2(x) \
- x = c1;
+ x = c1;
#define CARRY_FORWARD \
- do { c0 = c1; c1 = c2; c2 = 0; } while (0);
+ do { \
+ c0 = c1; \
+ c1 = c2; \
+ c2 = 0; \
+ } while (0);
#define COMBA_FINI
-#define SQRADD(i, j) \
-__asm__ ( \
- "movq %6,%%rax \n\t" \
- "mulq %%rax \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","cc");
-
-#define SQRADD2(i, j) \
-__asm__ ( \
- "movq %6,%%rax \n\t" \
- "mulq %7 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-#define SQRADDSC(i, j) \
-__asm__ ( \
- "movq %3,%%rax \n\t" \
- "mulq %4 \n\t" \
- "movq %%rax,%0 \n\t" \
- "movq %%rdx,%1 \n\t" \
- "xorq %2,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-#define SQRADDAC(i, j) \
-__asm__ ( \
- "movq %6,%%rax \n\t" \
- "mulq %7 \n\t" \
- "addq %%rax,%0 \n\t" \
- "adcq %%rdx,%1 \n\t" \
- "adcq $0,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","cc");
-
-#define SQRADDDB \
-__asm__ ( \
- "addq %6,%0 \n\t" \
- "adcq %7,%1 \n\t" \
- "adcq %8,%2 \n\t" \
- "addq %6,%0 \n\t" \
- "adcq %7,%1 \n\t" \
- "adcq %8,%2 \n\t" \
- :"=&r"(c0), "=&r"(c1), "=&r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");
-
-
-
-
-
-void s_mp_mul_comba_4(const mp_int *A, const mp_int *B, mp_int *C)
+#define SQRADD(i, j) \
+ __asm__( \
+ "movq %6,%%rax \n\t" \
+ "mulq %%rax \n\t" \
+ "addq %%rax,%0 \n\t" \
+ "adcq %%rdx,%1 \n\t" \
+ "adcq $0,%2 \n\t" \
+ : "=r"(c0), "=r"(c1), "=r"(c2) \
+ : "0"(c0), "1"(c1), "2"(c2), "g"(i) \
+ : "%rax", "%rdx", "cc");
+
+#define SQRADD2(i, j) \
+ __asm__( \
+ "movq %6,%%rax \n\t" \
+ "mulq %7 \n\t" \
+ "addq %%rax,%0 \n\t" \
+ "adcq %%rdx,%1 \n\t" \
+ "adcq $0,%2 \n\t" \
+ "addq %%rax,%0 \n\t" \
+ "adcq %%rdx,%1 \n\t" \
+ "adcq $0,%2 \n\t" \
+ : "=r"(c0), "=r"(c1), "=r"(c2) \
+ : "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) \
+ : "%rax", "%rdx", "cc");
+
+#define SQRADDSC(i, j) \
+ __asm__( \
+ "movq %3,%%rax \n\t" \
+ "mulq %4 \n\t" \
+ "movq %%rax,%0 \n\t" \
+ "movq %%rdx,%1 \n\t" \
+ "xorq %2,%2 \n\t" \
+ : "=r"(sc0), "=r"(sc1), "=r"(sc2) \
+ : "g"(i), "g"(j) \
+ : "%rax", "%rdx", "cc");
+
+#define SQRADDAC(i, j) \
+ __asm__( \
+ "movq %6,%%rax \n\t" \
+ "mulq %7 \n\t" \
+ "addq %%rax,%0 \n\t" \
+ "adcq %%rdx,%1 \n\t" \
+ "adcq $0,%2 \n\t" \
+ : "=r"(sc0), "=r"(sc1), "=r"(sc2) \
+ : "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) \
+ : "%rax", "%rdx", "cc");
+
+#define SQRADDDB \
+ __asm__( \
+ "addq %6,%0 \n\t" \
+ "adcq %7,%1 \n\t" \
+ "adcq %8,%2 \n\t" \
+ "addq %6,%0 \n\t" \
+ "adcq %7,%1 \n\t" \
+ "adcq %8,%2 \n\t" \
+ : "=&r"(c0), "=&r"(c1), "=&r"(c2) \
+ : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) \
+ : "cc");
+
+void
+s_mp_mul_comba_4(const mp_int *A, const mp_int *B, mp_int *C)
{
- mp_digit c0, c1, c2, at[8];
-
- memcpy(at, A->dp, 4 * sizeof(mp_digit));
- memcpy(at+4, B->dp, 4 * sizeof(mp_digit));
- COMBA_START;
-
- COMBA_CLEAR;
- /* 0 */
- MULADD(at[0], at[4]);
- COMBA_STORE(C->dp[0]);
- /* 1 */
- COMBA_FORWARD;
- MULADD(at[0], at[5]); MULADD(at[1], at[4]);
- COMBA_STORE(C->dp[1]);
- /* 2 */
- COMBA_FORWARD;
- MULADD(at[0], at[6]); MULADD(at[1], at[5]); MULADD(at[2], at[4]);
- COMBA_STORE(C->dp[2]);
- /* 3 */
- COMBA_FORWARD;
- MULADD(at[0], at[7]); MULADD(at[1], at[6]); MULADD(at[2], at[5]); MULADD(at[3], at[4]);
- COMBA_STORE(C->dp[3]);
- /* 4 */
- COMBA_FORWARD;
- MULADD(at[1], at[7]); MULADD(at[2], at[6]); MULADD(at[3], at[5]);
- COMBA_STORE(C->dp[4]);
- /* 5 */
- COMBA_FORWARD;
- MULADD(at[2], at[7]); MULADD(at[3], at[6]);
- COMBA_STORE(C->dp[5]);
- /* 6 */
- COMBA_FORWARD;
- MULADD(at[3], at[7]);
- COMBA_STORE(C->dp[6]);
- COMBA_STORE2(C->dp[7]);
- C->used = 8;
- C->sign = A->sign ^ B->sign;
- mp_clamp(C);
- COMBA_FINI;
+ mp_digit c0, c1, c2, at[8];
+
+ memcpy(at, A->dp, 4 * sizeof(mp_digit));
+ memcpy(at + 4, B->dp, 4 * sizeof(mp_digit));
+ COMBA_START;
+
+ COMBA_CLEAR;
+ /* 0 */
+ MULADD(at[0], at[4]);
+ COMBA_STORE(C->dp[0]);
+ /* 1 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[5]);
+ MULADD(at[1], at[4]);
+ COMBA_STORE(C->dp[1]);
+ /* 2 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[6]);
+ MULADD(at[1], at[5]);
+ MULADD(at[2], at[4]);
+ COMBA_STORE(C->dp[2]);
+ /* 3 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[7]);
+ MULADD(at[1], at[6]);
+ MULADD(at[2], at[5]);
+ MULADD(at[3], at[4]);
+ COMBA_STORE(C->dp[3]);
+ /* 4 */
+ COMBA_FORWARD;
+ MULADD(at[1], at[7]);
+ MULADD(at[2], at[6]);
+ MULADD(at[3], at[5]);
+ COMBA_STORE(C->dp[4]);
+ /* 5 */
+ COMBA_FORWARD;
+ MULADD(at[2], at[7]);
+ MULADD(at[3], at[6]);
+ COMBA_STORE(C->dp[5]);
+ /* 6 */
+ COMBA_FORWARD;
+ MULADD(at[3], at[7]);
+ COMBA_STORE(C->dp[6]);
+ COMBA_STORE2(C->dp[7]);
+ C->used = 8;
+ C->sign = A->sign ^ B->sign;
+ mp_clamp(C);
+ COMBA_FINI;
}
-void s_mp_mul_comba_8(const mp_int *A, const mp_int *B, mp_int *C)
+void
+s_mp_mul_comba_8(const mp_int *A, const mp_int *B, mp_int *C)
{
- mp_digit c0, c1, c2, at[16];
-
- memcpy(at, A->dp, 8 * sizeof(mp_digit));
- memcpy(at+8, B->dp, 8 * sizeof(mp_digit));
- COMBA_START;
-
- COMBA_CLEAR;
- /* 0 */
- MULADD(at[0], at[8]);
- COMBA_STORE(C->dp[0]);
- /* 1 */
- COMBA_FORWARD;
- MULADD(at[0], at[9]); MULADD(at[1], at[8]);
- COMBA_STORE(C->dp[1]);
- /* 2 */
- COMBA_FORWARD;
- MULADD(at[0], at[10]); MULADD(at[1], at[9]); MULADD(at[2], at[8]);
- COMBA_STORE(C->dp[2]);
- /* 3 */
- COMBA_FORWARD;
- MULADD(at[0], at[11]); MULADD(at[1], at[10]); MULADD(at[2], at[9]); MULADD(at[3], at[8]);
- COMBA_STORE(C->dp[3]);
- /* 4 */
- COMBA_FORWARD;
- MULADD(at[0], at[12]); MULADD(at[1], at[11]); MULADD(at[2], at[10]); MULADD(at[3], at[9]); MULADD(at[4], at[8]);
- COMBA_STORE(C->dp[4]);
- /* 5 */
- COMBA_FORWARD;
- MULADD(at[0], at[13]); MULADD(at[1], at[12]); MULADD(at[2], at[11]); MULADD(at[3], at[10]); MULADD(at[4], at[9]); MULADD(at[5], at[8]);
- COMBA_STORE(C->dp[5]);
- /* 6 */
- COMBA_FORWARD;
- MULADD(at[0], at[14]); MULADD(at[1], at[13]); MULADD(at[2], at[12]); MULADD(at[3], at[11]); MULADD(at[4], at[10]); MULADD(at[5], at[9]); MULADD(at[6], at[8]);
- COMBA_STORE(C->dp[6]);
- /* 7 */
- COMBA_FORWARD;
- MULADD(at[0], at[15]); MULADD(at[1], at[14]); MULADD(at[2], at[13]); MULADD(at[3], at[12]); MULADD(at[4], at[11]); MULADD(at[5], at[10]); MULADD(at[6], at[9]); MULADD(at[7], at[8]);
- COMBA_STORE(C->dp[7]);
- /* 8 */
- COMBA_FORWARD;
- MULADD(at[1], at[15]); MULADD(at[2], at[14]); MULADD(at[3], at[13]); MULADD(at[4], at[12]); MULADD(at[5], at[11]); MULADD(at[6], at[10]); MULADD(at[7], at[9]);
- COMBA_STORE(C->dp[8]);
- /* 9 */
- COMBA_FORWARD;
- MULADD(at[2], at[15]); MULADD(at[3], at[14]); MULADD(at[4], at[13]); MULADD(at[5], at[12]); MULADD(at[6], at[11]); MULADD(at[7], at[10]);
- COMBA_STORE(C->dp[9]);
- /* 10 */
- COMBA_FORWARD;
- MULADD(at[3], at[15]); MULADD(at[4], at[14]); MULADD(at[5], at[13]); MULADD(at[6], at[12]); MULADD(at[7], at[11]);
- COMBA_STORE(C->dp[10]);
- /* 11 */
- COMBA_FORWARD;
- MULADD(at[4], at[15]); MULADD(at[5], at[14]); MULADD(at[6], at[13]); MULADD(at[7], at[12]);
- COMBA_STORE(C->dp[11]);
- /* 12 */
- COMBA_FORWARD;
- MULADD(at[5], at[15]); MULADD(at[6], at[14]); MULADD(at[7], at[13]);
- COMBA_STORE(C->dp[12]);
- /* 13 */
- COMBA_FORWARD;
- MULADD(at[6], at[15]); MULADD(at[7], at[14]);
- COMBA_STORE(C->dp[13]);
- /* 14 */
- COMBA_FORWARD;
- MULADD(at[7], at[15]);
- COMBA_STORE(C->dp[14]);
- COMBA_STORE2(C->dp[15]);
- C->used = 16;
- C->sign = A->sign ^ B->sign;
- mp_clamp(C);
- COMBA_FINI;
+ mp_digit c0, c1, c2, at[16];
+
+ memcpy(at, A->dp, 8 * sizeof(mp_digit));
+ memcpy(at + 8, B->dp, 8 * sizeof(mp_digit));
+ COMBA_START;
+
+ COMBA_CLEAR;
+ /* 0 */
+ MULADD(at[0], at[8]);
+ COMBA_STORE(C->dp[0]);
+ /* 1 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[9]);
+ MULADD(at[1], at[8]);
+ COMBA_STORE(C->dp[1]);
+ /* 2 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[10]);
+ MULADD(at[1], at[9]);
+ MULADD(at[2], at[8]);
+ COMBA_STORE(C->dp[2]);
+ /* 3 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[11]);
+ MULADD(at[1], at[10]);
+ MULADD(at[2], at[9]);
+ MULADD(at[3], at[8]);
+ COMBA_STORE(C->dp[3]);
+ /* 4 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[12]);
+ MULADD(at[1], at[11]);
+ MULADD(at[2], at[10]);
+ MULADD(at[3], at[9]);
+ MULADD(at[4], at[8]);
+ COMBA_STORE(C->dp[4]);
+ /* 5 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[13]);
+ MULADD(at[1], at[12]);
+ MULADD(at[2], at[11]);
+ MULADD(at[3], at[10]);
+ MULADD(at[4], at[9]);
+ MULADD(at[5], at[8]);
+ COMBA_STORE(C->dp[5]);
+ /* 6 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[14]);
+ MULADD(at[1], at[13]);
+ MULADD(at[2], at[12]);
+ MULADD(at[3], at[11]);
+ MULADD(at[4], at[10]);
+ MULADD(at[5], at[9]);
+ MULADD(at[6], at[8]);
+ COMBA_STORE(C->dp[6]);
+ /* 7 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[15]);
+ MULADD(at[1], at[14]);
+ MULADD(at[2], at[13]);
+ MULADD(at[3], at[12]);
+ MULADD(at[4], at[11]);
+ MULADD(at[5], at[10]);
+ MULADD(at[6], at[9]);
+ MULADD(at[7], at[8]);
+ COMBA_STORE(C->dp[7]);
+ /* 8 */
+ COMBA_FORWARD;
+ MULADD(at[1], at[15]);
+ MULADD(at[2], at[14]);
+ MULADD(at[3], at[13]);
+ MULADD(at[4], at[12]);
+ MULADD(at[5], at[11]);
+ MULADD(at[6], at[10]);
+ MULADD(at[7], at[9]);
+ COMBA_STORE(C->dp[8]);
+ /* 9 */
+ COMBA_FORWARD;
+ MULADD(at[2], at[15]);
+ MULADD(at[3], at[14]);
+ MULADD(at[4], at[13]);
+ MULADD(at[5], at[12]);
+ MULADD(at[6], at[11]);
+ MULADD(at[7], at[10]);
+ COMBA_STORE(C->dp[9]);
+ /* 10 */
+ COMBA_FORWARD;
+ MULADD(at[3], at[15]);
+ MULADD(at[4], at[14]);
+ MULADD(at[5], at[13]);
+ MULADD(at[6], at[12]);
+ MULADD(at[7], at[11]);
+ COMBA_STORE(C->dp[10]);
+ /* 11 */
+ COMBA_FORWARD;
+ MULADD(at[4], at[15]);
+ MULADD(at[5], at[14]);
+ MULADD(at[6], at[13]);
+ MULADD(at[7], at[12]);
+ COMBA_STORE(C->dp[11]);
+ /* 12 */
+ COMBA_FORWARD;
+ MULADD(at[5], at[15]);
+ MULADD(at[6], at[14]);
+ MULADD(at[7], at[13]);
+ COMBA_STORE(C->dp[12]);
+ /* 13 */
+ COMBA_FORWARD;
+ MULADD(at[6], at[15]);
+ MULADD(at[7], at[14]);
+ COMBA_STORE(C->dp[13]);
+ /* 14 */
+ COMBA_FORWARD;
+ MULADD(at[7], at[15]);
+ COMBA_STORE(C->dp[14]);
+ COMBA_STORE2(C->dp[15]);
+ C->used = 16;
+ C->sign = A->sign ^ B->sign;
+ mp_clamp(C);
+ COMBA_FINI;
}
-void s_mp_mul_comba_16(const mp_int *A, const mp_int *B, mp_int *C)
+void
+s_mp_mul_comba_16(const mp_int *A, const mp_int *B, mp_int *C)
{
- mp_digit c0, c1, c2, at[32];
-
- memcpy(at, A->dp, 16 * sizeof(mp_digit));
- memcpy(at+16, B->dp, 16 * sizeof(mp_digit));
- COMBA_START;
-
- COMBA_CLEAR;
- /* 0 */
- MULADD(at[0], at[16]);
- COMBA_STORE(C->dp[0]);
- /* 1 */
- COMBA_FORWARD;
- MULADD(at[0], at[17]); MULADD(at[1], at[16]);
- COMBA_STORE(C->dp[1]);
- /* 2 */
- COMBA_FORWARD;
- MULADD(at[0], at[18]); MULADD(at[1], at[17]); MULADD(at[2], at[16]);
- COMBA_STORE(C->dp[2]);
- /* 3 */
- COMBA_FORWARD;
- MULADD(at[0], at[19]); MULADD(at[1], at[18]); MULADD(at[2], at[17]); MULADD(at[3], at[16]);
- COMBA_STORE(C->dp[3]);
- /* 4 */
- COMBA_FORWARD;
- MULADD(at[0], at[20]); MULADD(at[1], at[19]); MULADD(at[2], at[18]); MULADD(at[3], at[17]); MULADD(at[4], at[16]);
- COMBA_STORE(C->dp[4]);
- /* 5 */
- COMBA_FORWARD;
- MULADD(at[0], at[21]); MULADD(at[1], at[20]); MULADD(at[2], at[19]); MULADD(at[3], at[18]); MULADD(at[4], at[17]); MULADD(at[5], at[16]);
- COMBA_STORE(C->dp[5]);
- /* 6 */
- COMBA_FORWARD;
- MULADD(at[0], at[22]); MULADD(at[1], at[21]); MULADD(at[2], at[20]); MULADD(at[3], at[19]); MULADD(at[4], at[18]); MULADD(at[5], at[17]); MULADD(at[6], at[16]);
- COMBA_STORE(C->dp[6]);
- /* 7 */
- COMBA_FORWARD;
- MULADD(at[0], at[23]); MULADD(at[1], at[22]); MULADD(at[2], at[21]); MULADD(at[3], at[20]); MULADD(at[4], at[19]); MULADD(at[5], at[18]); MULADD(at[6], at[17]); MULADD(at[7], at[16]);
- COMBA_STORE(C->dp[7]);
- /* 8 */
- COMBA_FORWARD;
- MULADD(at[0], at[24]); MULADD(at[1], at[23]); MULADD(at[2], at[22]); MULADD(at[3], at[21]); MULADD(at[4], at[20]); MULADD(at[5], at[19]); MULADD(at[6], at[18]); MULADD(at[7], at[17]); MULADD(at[8], at[16]);
- COMBA_STORE(C->dp[8]);
- /* 9 */
- COMBA_FORWARD;
- MULADD(at[0], at[25]); MULADD(at[1], at[24]); MULADD(at[2], at[23]); MULADD(at[3], at[22]); MULADD(at[4], at[21]); MULADD(at[5], at[20]); MULADD(at[6], at[19]); MULADD(at[7], at[18]); MULADD(at[8], at[17]); MULADD(at[9], at[16]);
- COMBA_STORE(C->dp[9]);
- /* 10 */
- COMBA_FORWARD;
- MULADD(at[0], at[26]); MULADD(at[1], at[25]); MULADD(at[2], at[24]); MULADD(at[3], at[23]); MULADD(at[4], at[22]); MULADD(at[5], at[21]); MULADD(at[6], at[20]); MULADD(at[7], at[19]); MULADD(at[8], at[18]); MULADD(at[9], at[17]); MULADD(at[10], at[16]);
- COMBA_STORE(C->dp[10]);
- /* 11 */
- COMBA_FORWARD;
- MULADD(at[0], at[27]); MULADD(at[1], at[26]); MULADD(at[2], at[25]); MULADD(at[3], at[24]); MULADD(at[4], at[23]); MULADD(at[5], at[22]); MULADD(at[6], at[21]); MULADD(at[7], at[20]); MULADD(at[8], at[19]); MULADD(at[9], at[18]); MULADD(at[10], at[17]); MULADD(at[11], at[16]);
- COMBA_STORE(C->dp[11]);
- /* 12 */
- COMBA_FORWARD;
- MULADD(at[0], at[28]); MULADD(at[1], at[27]); MULADD(at[2], at[26]); MULADD(at[3], at[25]); MULADD(at[4], at[24]); MULADD(at[5], at[23]); MULADD(at[6], at[22]); MULADD(at[7], at[21]); MULADD(at[8], at[20]); MULADD(at[9], at[19]); MULADD(at[10], at[18]); MULADD(at[11], at[17]); MULADD(at[12], at[16]);
- COMBA_STORE(C->dp[12]);
- /* 13 */
- COMBA_FORWARD;
- MULADD(at[0], at[29]); MULADD(at[1], at[28]); MULADD(at[2], at[27]); MULADD(at[3], at[26]); MULADD(at[4], at[25]); MULADD(at[5], at[24]); MULADD(at[6], at[23]); MULADD(at[7], at[22]); MULADD(at[8], at[21]); MULADD(at[9], at[20]); MULADD(at[10], at[19]); MULADD(at[11], at[18]); MULADD(at[12], at[17]); MULADD(at[13], at[16]);
- COMBA_STORE(C->dp[13]);
- /* 14 */
- COMBA_FORWARD;
- MULADD(at[0], at[30]); MULADD(at[1], at[29]); MULADD(at[2], at[28]); MULADD(at[3], at[27]); MULADD(at[4], at[26]); MULADD(at[5], at[25]); MULADD(at[6], at[24]); MULADD(at[7], at[23]); MULADD(at[8], at[22]); MULADD(at[9], at[21]); MULADD(at[10], at[20]); MULADD(at[11], at[19]); MULADD(at[12], at[18]); MULADD(at[13], at[17]); MULADD(at[14], at[16]);
- COMBA_STORE(C->dp[14]);
- /* 15 */
- COMBA_FORWARD;
- MULADD(at[0], at[31]); MULADD(at[1], at[30]); MULADD(at[2], at[29]); MULADD(at[3], at[28]); MULADD(at[4], at[27]); MULADD(at[5], at[26]); MULADD(at[6], at[25]); MULADD(at[7], at[24]); MULADD(at[8], at[23]); MULADD(at[9], at[22]); MULADD(at[10], at[21]); MULADD(at[11], at[20]); MULADD(at[12], at[19]); MULADD(at[13], at[18]); MULADD(at[14], at[17]); MULADD(at[15], at[16]);
- COMBA_STORE(C->dp[15]);
- /* 16 */
- COMBA_FORWARD;
- MULADD(at[1], at[31]); MULADD(at[2], at[30]); MULADD(at[3], at[29]); MULADD(at[4], at[28]); MULADD(at[5], at[27]); MULADD(at[6], at[26]); MULADD(at[7], at[25]); MULADD(at[8], at[24]); MULADD(at[9], at[23]); MULADD(at[10], at[22]); MULADD(at[11], at[21]); MULADD(at[12], at[20]); MULADD(at[13], at[19]); MULADD(at[14], at[18]); MULADD(at[15], at[17]);
- COMBA_STORE(C->dp[16]);
- /* 17 */
- COMBA_FORWARD;
- MULADD(at[2], at[31]); MULADD(at[3], at[30]); MULADD(at[4], at[29]); MULADD(at[5], at[28]); MULADD(at[6], at[27]); MULADD(at[7], at[26]); MULADD(at[8], at[25]); MULADD(at[9], at[24]); MULADD(at[10], at[23]); MULADD(at[11], at[22]); MULADD(at[12], at[21]); MULADD(at[13], at[20]); MULADD(at[14], at[19]); MULADD(at[15], at[18]);
- COMBA_STORE(C->dp[17]);
- /* 18 */
- COMBA_FORWARD;
- MULADD(at[3], at[31]); MULADD(at[4], at[30]); MULADD(at[5], at[29]); MULADD(at[6], at[28]); MULADD(at[7], at[27]); MULADD(at[8], at[26]); MULADD(at[9], at[25]); MULADD(at[10], at[24]); MULADD(at[11], at[23]); MULADD(at[12], at[22]); MULADD(at[13], at[21]); MULADD(at[14], at[20]); MULADD(at[15], at[19]);
- COMBA_STORE(C->dp[18]);
- /* 19 */
- COMBA_FORWARD;
- MULADD(at[4], at[31]); MULADD(at[5], at[30]); MULADD(at[6], at[29]); MULADD(at[7], at[28]); MULADD(at[8], at[27]); MULADD(at[9], at[26]); MULADD(at[10], at[25]); MULADD(at[11], at[24]); MULADD(at[12], at[23]); MULADD(at[13], at[22]); MULADD(at[14], at[21]); MULADD(at[15], at[20]);
- COMBA_STORE(C->dp[19]);
- /* 20 */
- COMBA_FORWARD;
- MULADD(at[5], at[31]); MULADD(at[6], at[30]); MULADD(at[7], at[29]); MULADD(at[8], at[28]); MULADD(at[9], at[27]); MULADD(at[10], at[26]); MULADD(at[11], at[25]); MULADD(at[12], at[24]); MULADD(at[13], at[23]); MULADD(at[14], at[22]); MULADD(at[15], at[21]);
- COMBA_STORE(C->dp[20]);
- /* 21 */
- COMBA_FORWARD;
- MULADD(at[6], at[31]); MULADD(at[7], at[30]); MULADD(at[8], at[29]); MULADD(at[9], at[28]); MULADD(at[10], at[27]); MULADD(at[11], at[26]); MULADD(at[12], at[25]); MULADD(at[13], at[24]); MULADD(at[14], at[23]); MULADD(at[15], at[22]);
- COMBA_STORE(C->dp[21]);
- /* 22 */
- COMBA_FORWARD;
- MULADD(at[7], at[31]); MULADD(at[8], at[30]); MULADD(at[9], at[29]); MULADD(at[10], at[28]); MULADD(at[11], at[27]); MULADD(at[12], at[26]); MULADD(at[13], at[25]); MULADD(at[14], at[24]); MULADD(at[15], at[23]);
- COMBA_STORE(C->dp[22]);
- /* 23 */
- COMBA_FORWARD;
- MULADD(at[8], at[31]); MULADD(at[9], at[30]); MULADD(at[10], at[29]); MULADD(at[11], at[28]); MULADD(at[12], at[27]); MULADD(at[13], at[26]); MULADD(at[14], at[25]); MULADD(at[15], at[24]);
- COMBA_STORE(C->dp[23]);
- /* 24 */
- COMBA_FORWARD;
- MULADD(at[9], at[31]); MULADD(at[10], at[30]); MULADD(at[11], at[29]); MULADD(at[12], at[28]); MULADD(at[13], at[27]); MULADD(at[14], at[26]); MULADD(at[15], at[25]);
- COMBA_STORE(C->dp[24]);
- /* 25 */
- COMBA_FORWARD;
- MULADD(at[10], at[31]); MULADD(at[11], at[30]); MULADD(at[12], at[29]); MULADD(at[13], at[28]); MULADD(at[14], at[27]); MULADD(at[15], at[26]);
- COMBA_STORE(C->dp[25]);
- /* 26 */
- COMBA_FORWARD;
- MULADD(at[11], at[31]); MULADD(at[12], at[30]); MULADD(at[13], at[29]); MULADD(at[14], at[28]); MULADD(at[15], at[27]);
- COMBA_STORE(C->dp[26]);
- /* 27 */
- COMBA_FORWARD;
- MULADD(at[12], at[31]); MULADD(at[13], at[30]); MULADD(at[14], at[29]); MULADD(at[15], at[28]);
- COMBA_STORE(C->dp[27]);
- /* 28 */
- COMBA_FORWARD;
- MULADD(at[13], at[31]); MULADD(at[14], at[30]); MULADD(at[15], at[29]);
- COMBA_STORE(C->dp[28]);
- /* 29 */
- COMBA_FORWARD;
- MULADD(at[14], at[31]); MULADD(at[15], at[30]);
- COMBA_STORE(C->dp[29]);
- /* 30 */
- COMBA_FORWARD;
- MULADD(at[15], at[31]);
- COMBA_STORE(C->dp[30]);
- COMBA_STORE2(C->dp[31]);
- C->used = 32;
- C->sign = A->sign ^ B->sign;
- mp_clamp(C);
- COMBA_FINI;
+ mp_digit c0, c1, c2, at[32];
+
+ memcpy(at, A->dp, 16 * sizeof(mp_digit));
+ memcpy(at + 16, B->dp, 16 * sizeof(mp_digit));
+ COMBA_START;
+
+ COMBA_CLEAR;
+ /* 0 */
+ MULADD(at[0], at[16]);
+ COMBA_STORE(C->dp[0]);
+ /* 1 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[17]);
+ MULADD(at[1], at[16]);
+ COMBA_STORE(C->dp[1]);
+ /* 2 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[18]);
+ MULADD(at[1], at[17]);
+ MULADD(at[2], at[16]);
+ COMBA_STORE(C->dp[2]);
+ /* 3 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[19]);
+ MULADD(at[1], at[18]);
+ MULADD(at[2], at[17]);
+ MULADD(at[3], at[16]);
+ COMBA_STORE(C->dp[3]);
+ /* 4 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[20]);
+ MULADD(at[1], at[19]);
+ MULADD(at[2], at[18]);
+ MULADD(at[3], at[17]);
+ MULADD(at[4], at[16]);
+ COMBA_STORE(C->dp[4]);
+ /* 5 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[21]);
+ MULADD(at[1], at[20]);
+ MULADD(at[2], at[19]);
+ MULADD(at[3], at[18]);
+ MULADD(at[4], at[17]);
+ MULADD(at[5], at[16]);
+ COMBA_STORE(C->dp[5]);
+ /* 6 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[22]);
+ MULADD(at[1], at[21]);
+ MULADD(at[2], at[20]);
+ MULADD(at[3], at[19]);
+ MULADD(at[4], at[18]);
+ MULADD(at[5], at[17]);
+ MULADD(at[6], at[16]);
+ COMBA_STORE(C->dp[6]);
+ /* 7 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[23]);
+ MULADD(at[1], at[22]);
+ MULADD(at[2], at[21]);
+ MULADD(at[3], at[20]);
+ MULADD(at[4], at[19]);
+ MULADD(at[5], at[18]);
+ MULADD(at[6], at[17]);
+ MULADD(at[7], at[16]);
+ COMBA_STORE(C->dp[7]);
+ /* 8 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[24]);
+ MULADD(at[1], at[23]);
+ MULADD(at[2], at[22]);
+ MULADD(at[3], at[21]);
+ MULADD(at[4], at[20]);
+ MULADD(at[5], at[19]);
+ MULADD(at[6], at[18]);
+ MULADD(at[7], at[17]);
+ MULADD(at[8], at[16]);
+ COMBA_STORE(C->dp[8]);
+ /* 9 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[25]);
+ MULADD(at[1], at[24]);
+ MULADD(at[2], at[23]);
+ MULADD(at[3], at[22]);
+ MULADD(at[4], at[21]);
+ MULADD(at[5], at[20]);
+ MULADD(at[6], at[19]);
+ MULADD(at[7], at[18]);
+ MULADD(at[8], at[17]);
+ MULADD(at[9], at[16]);
+ COMBA_STORE(C->dp[9]);
+ /* 10 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[26]);
+ MULADD(at[1], at[25]);
+ MULADD(at[2], at[24]);
+ MULADD(at[3], at[23]);
+ MULADD(at[4], at[22]);
+ MULADD(at[5], at[21]);
+ MULADD(at[6], at[20]);
+ MULADD(at[7], at[19]);
+ MULADD(at[8], at[18]);
+ MULADD(at[9], at[17]);
+ MULADD(at[10], at[16]);
+ COMBA_STORE(C->dp[10]);
+ /* 11 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[27]);
+ MULADD(at[1], at[26]);
+ MULADD(at[2], at[25]);
+ MULADD(at[3], at[24]);
+ MULADD(at[4], at[23]);
+ MULADD(at[5], at[22]);
+ MULADD(at[6], at[21]);
+ MULADD(at[7], at[20]);
+ MULADD(at[8], at[19]);
+ MULADD(at[9], at[18]);
+ MULADD(at[10], at[17]);
+ MULADD(at[11], at[16]);
+ COMBA_STORE(C->dp[11]);
+ /* 12 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[28]);
+ MULADD(at[1], at[27]);
+ MULADD(at[2], at[26]);
+ MULADD(at[3], at[25]);
+ MULADD(at[4], at[24]);
+ MULADD(at[5], at[23]);
+ MULADD(at[6], at[22]);
+ MULADD(at[7], at[21]);
+ MULADD(at[8], at[20]);
+ MULADD(at[9], at[19]);
+ MULADD(at[10], at[18]);
+ MULADD(at[11], at[17]);
+ MULADD(at[12], at[16]);
+ COMBA_STORE(C->dp[12]);
+ /* 13 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[29]);
+ MULADD(at[1], at[28]);
+ MULADD(at[2], at[27]);
+ MULADD(at[3], at[26]);
+ MULADD(at[4], at[25]);
+ MULADD(at[5], at[24]);
+ MULADD(at[6], at[23]);
+ MULADD(at[7], at[22]);
+ MULADD(at[8], at[21]);
+ MULADD(at[9], at[20]);
+ MULADD(at[10], at[19]);
+ MULADD(at[11], at[18]);
+ MULADD(at[12], at[17]);
+ MULADD(at[13], at[16]);
+ COMBA_STORE(C->dp[13]);
+ /* 14 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[30]);
+ MULADD(at[1], at[29]);
+ MULADD(at[2], at[28]);
+ MULADD(at[3], at[27]);
+ MULADD(at[4], at[26]);
+ MULADD(at[5], at[25]);
+ MULADD(at[6], at[24]);
+ MULADD(at[7], at[23]);
+ MULADD(at[8], at[22]);
+ MULADD(at[9], at[21]);
+ MULADD(at[10], at[20]);
+ MULADD(at[11], at[19]);
+ MULADD(at[12], at[18]);
+ MULADD(at[13], at[17]);
+ MULADD(at[14], at[16]);
+ COMBA_STORE(C->dp[14]);
+ /* 15 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[31]);
+ MULADD(at[1], at[30]);
+ MULADD(at[2], at[29]);
+ MULADD(at[3], at[28]);
+ MULADD(at[4], at[27]);
+ MULADD(at[5], at[26]);
+ MULADD(at[6], at[25]);
+ MULADD(at[7], at[24]);
+ MULADD(at[8], at[23]);
+ MULADD(at[9], at[22]);
+ MULADD(at[10], at[21]);
+ MULADD(at[11], at[20]);
+ MULADD(at[12], at[19]);
+ MULADD(at[13], at[18]);
+ MULADD(at[14], at[17]);
+ MULADD(at[15], at[16]);
+ COMBA_STORE(C->dp[15]);
+ /* 16 */
+ COMBA_FORWARD;
+ MULADD(at[1], at[31]);
+ MULADD(at[2], at[30]);
+ MULADD(at[3], at[29]);
+ MULADD(at[4], at[28]);
+ MULADD(at[5], at[27]);
+ MULADD(at[6], at[26]);
+ MULADD(at[7], at[25]);
+ MULADD(at[8], at[24]);
+ MULADD(at[9], at[23]);
+ MULADD(at[10], at[22]);
+ MULADD(at[11], at[21]);
+ MULADD(at[12], at[20]);
+ MULADD(at[13], at[19]);
+ MULADD(at[14], at[18]);
+ MULADD(at[15], at[17]);
+ COMBA_STORE(C->dp[16]);
+ /* 17 */
+ COMBA_FORWARD;
+ MULADD(at[2], at[31]);
+ MULADD(at[3], at[30]);
+ MULADD(at[4], at[29]);
+ MULADD(at[5], at[28]);
+ MULADD(at[6], at[27]);
+ MULADD(at[7], at[26]);
+ MULADD(at[8], at[25]);
+ MULADD(at[9], at[24]);
+ MULADD(at[10], at[23]);
+ MULADD(at[11], at[22]);
+ MULADD(at[12], at[21]);
+ MULADD(at[13], at[20]);
+ MULADD(at[14], at[19]);
+ MULADD(at[15], at[18]);
+ COMBA_STORE(C->dp[17]);
+ /* 18 */
+ COMBA_FORWARD;
+ MULADD(at[3], at[31]);
+ MULADD(at[4], at[30]);
+ MULADD(at[5], at[29]);
+ MULADD(at[6], at[28]);
+ MULADD(at[7], at[27]);
+ MULADD(at[8], at[26]);
+ MULADD(at[9], at[25]);
+ MULADD(at[10], at[24]);
+ MULADD(at[11], at[23]);
+ MULADD(at[12], at[22]);
+ MULADD(at[13], at[21]);
+ MULADD(at[14], at[20]);
+ MULADD(at[15], at[19]);
+ COMBA_STORE(C->dp[18]);
+ /* 19 */
+ COMBA_FORWARD;
+ MULADD(at[4], at[31]);
+ MULADD(at[5], at[30]);
+ MULADD(at[6], at[29]);
+ MULADD(at[7], at[28]);
+ MULADD(at[8], at[27]);
+ MULADD(at[9], at[26]);
+ MULADD(at[10], at[25]);
+ MULADD(at[11], at[24]);
+ MULADD(at[12], at[23]);
+ MULADD(at[13], at[22]);
+ MULADD(at[14], at[21]);
+ MULADD(at[15], at[20]);
+ COMBA_STORE(C->dp[19]);
+ /* 20 */
+ COMBA_FORWARD;
+ MULADD(at[5], at[31]);
+ MULADD(at[6], at[30]);
+ MULADD(at[7], at[29]);
+ MULADD(at[8], at[28]);
+ MULADD(at[9], at[27]);
+ MULADD(at[10], at[26]);
+ MULADD(at[11], at[25]);
+ MULADD(at[12], at[24]);
+ MULADD(at[13], at[23]);
+ MULADD(at[14], at[22]);
+ MULADD(at[15], at[21]);
+ COMBA_STORE(C->dp[20]);
+ /* 21 */
+ COMBA_FORWARD;
+ MULADD(at[6], at[31]);
+ MULADD(at[7], at[30]);
+ MULADD(at[8], at[29]);
+ MULADD(at[9], at[28]);
+ MULADD(at[10], at[27]);
+ MULADD(at[11], at[26]);
+ MULADD(at[12], at[25]);
+ MULADD(at[13], at[24]);
+ MULADD(at[14], at[23]);
+ MULADD(at[15], at[22]);
+ COMBA_STORE(C->dp[21]);
+ /* 22 */
+ COMBA_FORWARD;
+ MULADD(at[7], at[31]);
+ MULADD(at[8], at[30]);
+ MULADD(at[9], at[29]);
+ MULADD(at[10], at[28]);
+ MULADD(at[11], at[27]);
+ MULADD(at[12], at[26]);
+ MULADD(at[13], at[25]);
+ MULADD(at[14], at[24]);
+ MULADD(at[15], at[23]);
+ COMBA_STORE(C->dp[22]);
+ /* 23 */
+ COMBA_FORWARD;
+ MULADD(at[8], at[31]);
+ MULADD(at[9], at[30]);
+ MULADD(at[10], at[29]);
+ MULADD(at[11], at[28]);
+ MULADD(at[12], at[27]);
+ MULADD(at[13], at[26]);
+ MULADD(at[14], at[25]);
+ MULADD(at[15], at[24]);
+ COMBA_STORE(C->dp[23]);
+ /* 24 */
+ COMBA_FORWARD;
+ MULADD(at[9], at[31]);
+ MULADD(at[10], at[30]);
+ MULADD(at[11], at[29]);
+ MULADD(at[12], at[28]);
+ MULADD(at[13], at[27]);
+ MULADD(at[14], at[26]);
+ MULADD(at[15], at[25]);
+ COMBA_STORE(C->dp[24]);
+ /* 25 */
+ COMBA_FORWARD;
+ MULADD(at[10], at[31]);
+ MULADD(at[11], at[30]);
+ MULADD(at[12], at[29]);
+ MULADD(at[13], at[28]);
+ MULADD(at[14], at[27]);
+ MULADD(at[15], at[26]);
+ COMBA_STORE(C->dp[25]);
+ /* 26 */
+ COMBA_FORWARD;
+ MULADD(at[11], at[31]);
+ MULADD(at[12], at[30]);
+ MULADD(at[13], at[29]);
+ MULADD(at[14], at[28]);
+ MULADD(at[15], at[27]);
+ COMBA_STORE(C->dp[26]);
+ /* 27 */
+ COMBA_FORWARD;
+ MULADD(at[12], at[31]);
+ MULADD(at[13], at[30]);
+ MULADD(at[14], at[29]);
+ MULADD(at[15], at[28]);
+ COMBA_STORE(C->dp[27]);
+ /* 28 */
+ COMBA_FORWARD;
+ MULADD(at[13], at[31]);
+ MULADD(at[14], at[30]);
+ MULADD(at[15], at[29]);
+ COMBA_STORE(C->dp[28]);
+ /* 29 */
+ COMBA_FORWARD;
+ MULADD(at[14], at[31]);
+ MULADD(at[15], at[30]);
+ COMBA_STORE(C->dp[29]);
+ /* 30 */
+ COMBA_FORWARD;
+ MULADD(at[15], at[31]);
+ COMBA_STORE(C->dp[30]);
+ COMBA_STORE2(C->dp[31]);
+ C->used = 32;
+ C->sign = A->sign ^ B->sign;
+ mp_clamp(C);
+ COMBA_FINI;
}
-void s_mp_mul_comba_32(const mp_int *A, const mp_int *B, mp_int *C)
+void
+s_mp_mul_comba_32(const mp_int *A, const mp_int *B, mp_int *C)
{
- mp_digit c0, c1, c2, at[64];
-
- memcpy(at, A->dp, 32 * sizeof(mp_digit));
- memcpy(at+32, B->dp, 32 * sizeof(mp_digit));
- COMBA_START;
-
- COMBA_CLEAR;
- /* 0 */
- MULADD(at[0], at[32]);
- COMBA_STORE(C->dp[0]);
- /* 1 */
- COMBA_FORWARD;
- MULADD(at[0], at[33]); MULADD(at[1], at[32]);
- COMBA_STORE(C->dp[1]);
- /* 2 */
- COMBA_FORWARD;
- MULADD(at[0], at[34]); MULADD(at[1], at[33]); MULADD(at[2], at[32]);
- COMBA_STORE(C->dp[2]);
- /* 3 */
- COMBA_FORWARD;
- MULADD(at[0], at[35]); MULADD(at[1], at[34]); MULADD(at[2], at[33]); MULADD(at[3], at[32]);
- COMBA_STORE(C->dp[3]);
- /* 4 */
- COMBA_FORWARD;
- MULADD(at[0], at[36]); MULADD(at[1], at[35]); MULADD(at[2], at[34]); MULADD(at[3], at[33]); MULADD(at[4], at[32]);
- COMBA_STORE(C->dp[4]);
- /* 5 */
- COMBA_FORWARD;
- MULADD(at[0], at[37]); MULADD(at[1], at[36]); MULADD(at[2], at[35]); MULADD(at[3], at[34]); MULADD(at[4], at[33]); MULADD(at[5], at[32]);
- COMBA_STORE(C->dp[5]);
- /* 6 */
- COMBA_FORWARD;
- MULADD(at[0], at[38]); MULADD(at[1], at[37]); MULADD(at[2], at[36]); MULADD(at[3], at[35]); MULADD(at[4], at[34]); MULADD(at[5], at[33]); MULADD(at[6], at[32]);
- COMBA_STORE(C->dp[6]);
- /* 7 */
- COMBA_FORWARD;
- MULADD(at[0], at[39]); MULADD(at[1], at[38]); MULADD(at[2], at[37]); MULADD(at[3], at[36]); MULADD(at[4], at[35]); MULADD(at[5], at[34]); MULADD(at[6], at[33]); MULADD(at[7], at[32]);
- COMBA_STORE(C->dp[7]);
- /* 8 */
- COMBA_FORWARD;
- MULADD(at[0], at[40]); MULADD(at[1], at[39]); MULADD(at[2], at[38]); MULADD(at[3], at[37]); MULADD(at[4], at[36]); MULADD(at[5], at[35]); MULADD(at[6], at[34]); MULADD(at[7], at[33]); MULADD(at[8], at[32]);
- COMBA_STORE(C->dp[8]);
- /* 9 */
- COMBA_FORWARD;
- MULADD(at[0], at[41]); MULADD(at[1], at[40]); MULADD(at[2], at[39]); MULADD(at[3], at[38]); MULADD(at[4], at[37]); MULADD(at[5], at[36]); MULADD(at[6], at[35]); MULADD(at[7], at[34]); MULADD(at[8], at[33]); MULADD(at[9], at[32]);
- COMBA_STORE(C->dp[9]);
- /* 10 */
- COMBA_FORWARD;
- MULADD(at[0], at[42]); MULADD(at[1], at[41]); MULADD(at[2], at[40]); MULADD(at[3], at[39]); MULADD(at[4], at[38]); MULADD(at[5], at[37]); MULADD(at[6], at[36]); MULADD(at[7], at[35]); MULADD(at[8], at[34]); MULADD(at[9], at[33]); MULADD(at[10], at[32]);
- COMBA_STORE(C->dp[10]);
- /* 11 */
- COMBA_FORWARD;
- MULADD(at[0], at[43]); MULADD(at[1], at[42]); MULADD(at[2], at[41]); MULADD(at[3], at[40]); MULADD(at[4], at[39]); MULADD(at[5], at[38]); MULADD(at[6], at[37]); MULADD(at[7], at[36]); MULADD(at[8], at[35]); MULADD(at[9], at[34]); MULADD(at[10], at[33]); MULADD(at[11], at[32]);
- COMBA_STORE(C->dp[11]);
- /* 12 */
- COMBA_FORWARD;
- MULADD(at[0], at[44]); MULADD(at[1], at[43]); MULADD(at[2], at[42]); MULADD(at[3], at[41]); MULADD(at[4], at[40]); MULADD(at[5], at[39]); MULADD(at[6], at[38]); MULADD(at[7], at[37]); MULADD(at[8], at[36]); MULADD(at[9], at[35]); MULADD(at[10], at[34]); MULADD(at[11], at[33]); MULADD(at[12], at[32]);
- COMBA_STORE(C->dp[12]);
- /* 13 */
- COMBA_FORWARD;
- MULADD(at[0], at[45]); MULADD(at[1], at[44]); MULADD(at[2], at[43]); MULADD(at[3], at[42]); MULADD(at[4], at[41]); MULADD(at[5], at[40]); MULADD(at[6], at[39]); MULADD(at[7], at[38]); MULADD(at[8], at[37]); MULADD(at[9], at[36]); MULADD(at[10], at[35]); MULADD(at[11], at[34]); MULADD(at[12], at[33]); MULADD(at[13], at[32]);
- COMBA_STORE(C->dp[13]);
- /* 14 */
- COMBA_FORWARD;
- MULADD(at[0], at[46]); MULADD(at[1], at[45]); MULADD(at[2], at[44]); MULADD(at[3], at[43]); MULADD(at[4], at[42]); MULADD(at[5], at[41]); MULADD(at[6], at[40]); MULADD(at[7], at[39]); MULADD(at[8], at[38]); MULADD(at[9], at[37]); MULADD(at[10], at[36]); MULADD(at[11], at[35]); MULADD(at[12], at[34]); MULADD(at[13], at[33]); MULADD(at[14], at[32]);
- COMBA_STORE(C->dp[14]);
- /* 15 */
- COMBA_FORWARD;
- MULADD(at[0], at[47]); MULADD(at[1], at[46]); MULADD(at[2], at[45]); MULADD(at[3], at[44]); MULADD(at[4], at[43]); MULADD(at[5], at[42]); MULADD(at[6], at[41]); MULADD(at[7], at[40]); MULADD(at[8], at[39]); MULADD(at[9], at[38]); MULADD(at[10], at[37]); MULADD(at[11], at[36]); MULADD(at[12], at[35]); MULADD(at[13], at[34]); MULADD(at[14], at[33]); MULADD(at[15], at[32]);
- COMBA_STORE(C->dp[15]);
- /* 16 */
- COMBA_FORWARD;
- MULADD(at[0], at[48]); MULADD(at[1], at[47]); MULADD(at[2], at[46]); MULADD(at[3], at[45]); MULADD(at[4], at[44]); MULADD(at[5], at[43]); MULADD(at[6], at[42]); MULADD(at[7], at[41]); MULADD(at[8], at[40]); MULADD(at[9], at[39]); MULADD(at[10], at[38]); MULADD(at[11], at[37]); MULADD(at[12], at[36]); MULADD(at[13], at[35]); MULADD(at[14], at[34]); MULADD(at[15], at[33]); MULADD(at[16], at[32]);
- COMBA_STORE(C->dp[16]);
- /* 17 */
- COMBA_FORWARD;
- MULADD(at[0], at[49]); MULADD(at[1], at[48]); MULADD(at[2], at[47]); MULADD(at[3], at[46]); MULADD(at[4], at[45]); MULADD(at[5], at[44]); MULADD(at[6], at[43]); MULADD(at[7], at[42]); MULADD(at[8], at[41]); MULADD(at[9], at[40]); MULADD(at[10], at[39]); MULADD(at[11], at[38]); MULADD(at[12], at[37]); MULADD(at[13], at[36]); MULADD(at[14], at[35]); MULADD(at[15], at[34]); MULADD(at[16], at[33]); MULADD(at[17], at[32]);
- COMBA_STORE(C->dp[17]);
- /* 18 */
- COMBA_FORWARD;
- MULADD(at[0], at[50]); MULADD(at[1], at[49]); MULADD(at[2], at[48]); MULADD(at[3], at[47]); MULADD(at[4], at[46]); MULADD(at[5], at[45]); MULADD(at[6], at[44]); MULADD(at[7], at[43]); MULADD(at[8], at[42]); MULADD(at[9], at[41]); MULADD(at[10], at[40]); MULADD(at[11], at[39]); MULADD(at[12], at[38]); MULADD(at[13], at[37]); MULADD(at[14], at[36]); MULADD(at[15], at[35]); MULADD(at[16], at[34]); MULADD(at[17], at[33]); MULADD(at[18], at[32]);
- COMBA_STORE(C->dp[18]);
- /* 19 */
- COMBA_FORWARD;
- MULADD(at[0], at[51]); MULADD(at[1], at[50]); MULADD(at[2], at[49]); MULADD(at[3], at[48]); MULADD(at[4], at[47]); MULADD(at[5], at[46]); MULADD(at[6], at[45]); MULADD(at[7], at[44]); MULADD(at[8], at[43]); MULADD(at[9], at[42]); MULADD(at[10], at[41]); MULADD(at[11], at[40]); MULADD(at[12], at[39]); MULADD(at[13], at[38]); MULADD(at[14], at[37]); MULADD(at[15], at[36]); MULADD(at[16], at[35]); MULADD(at[17], at[34]); MULADD(at[18], at[33]); MULADD(at[19], at[32]);
- COMBA_STORE(C->dp[19]);
- /* 20 */
- COMBA_FORWARD;
- MULADD(at[0], at[52]); MULADD(at[1], at[51]); MULADD(at[2], at[50]); MULADD(at[3], at[49]); MULADD(at[4], at[48]); MULADD(at[5], at[47]); MULADD(at[6], at[46]); MULADD(at[7], at[45]); MULADD(at[8], at[44]); MULADD(at[9], at[43]); MULADD(at[10], at[42]); MULADD(at[11], at[41]); MULADD(at[12], at[40]); MULADD(at[13], at[39]); MULADD(at[14], at[38]); MULADD(at[15], at[37]); MULADD(at[16], at[36]); MULADD(at[17], at[35]); MULADD(at[18], at[34]); MULADD(at[19], at[33]); MULADD(at[20], at[32]);
- COMBA_STORE(C->dp[20]);
- /* 21 */
- COMBA_FORWARD;
- MULADD(at[0], at[53]); MULADD(at[1], at[52]); MULADD(at[2], at[51]); MULADD(at[3], at[50]); MULADD(at[4], at[49]); MULADD(at[5], at[48]); MULADD(at[6], at[47]); MULADD(at[7], at[46]); MULADD(at[8], at[45]); MULADD(at[9], at[44]); MULADD(at[10], at[43]); MULADD(at[11], at[42]); MULADD(at[12], at[41]); MULADD(at[13], at[40]); MULADD(at[14], at[39]); MULADD(at[15], at[38]); MULADD(at[16], at[37]); MULADD(at[17], at[36]); MULADD(at[18], at[35]); MULADD(at[19], at[34]); MULADD(at[20], at[33]); MULADD(at[21], at[32]);
- COMBA_STORE(C->dp[21]);
- /* 22 */
- COMBA_FORWARD;
- MULADD(at[0], at[54]); MULADD(at[1], at[53]); MULADD(at[2], at[52]); MULADD(at[3], at[51]); MULADD(at[4], at[50]); MULADD(at[5], at[49]); MULADD(at[6], at[48]); MULADD(at[7], at[47]); MULADD(at[8], at[46]); MULADD(at[9], at[45]); MULADD(at[10], at[44]); MULADD(at[11], at[43]); MULADD(at[12], at[42]); MULADD(at[13], at[41]); MULADD(at[14], at[40]); MULADD(at[15], at[39]); MULADD(at[16], at[38]); MULADD(at[17], at[37]); MULADD(at[18], at[36]); MULADD(at[19], at[35]); MULADD(at[20], at[34]); MULADD(at[21], at[33]); MULADD(at[22], at[32]);
- COMBA_STORE(C->dp[22]);
- /* 23 */
- COMBA_FORWARD;
- MULADD(at[0], at[55]); MULADD(at[1], at[54]); MULADD(at[2], at[53]); MULADD(at[3], at[52]); MULADD(at[4], at[51]); MULADD(at[5], at[50]); MULADD(at[6], at[49]); MULADD(at[7], at[48]); MULADD(at[8], at[47]); MULADD(at[9], at[46]); MULADD(at[10], at[45]); MULADD(at[11], at[44]); MULADD(at[12], at[43]); MULADD(at[13], at[42]); MULADD(at[14], at[41]); MULADD(at[15], at[40]); MULADD(at[16], at[39]); MULADD(at[17], at[38]); MULADD(at[18], at[37]); MULADD(at[19], at[36]); MULADD(at[20], at[35]); MULADD(at[21], at[34]); MULADD(at[22], at[33]); MULADD(at[23], at[32]);
- COMBA_STORE(C->dp[23]);
- /* 24 */
- COMBA_FORWARD;
- MULADD(at[0], at[56]); MULADD(at[1], at[55]); MULADD(at[2], at[54]); MULADD(at[3], at[53]); MULADD(at[4], at[52]); MULADD(at[5], at[51]); MULADD(at[6], at[50]); MULADD(at[7], at[49]); MULADD(at[8], at[48]); MULADD(at[9], at[47]); MULADD(at[10], at[46]); MULADD(at[11], at[45]); MULADD(at[12], at[44]); MULADD(at[13], at[43]); MULADD(at[14], at[42]); MULADD(at[15], at[41]); MULADD(at[16], at[40]); MULADD(at[17], at[39]); MULADD(at[18], at[38]); MULADD(at[19], at[37]); MULADD(at[20], at[36]); MULADD(at[21], at[35]); MULADD(at[22], at[34]); MULADD(at[23], at[33]); MULADD(at[24], at[32]);
- COMBA_STORE(C->dp[24]);
- /* 25 */
- COMBA_FORWARD;
- MULADD(at[0], at[57]); MULADD(at[1], at[56]); MULADD(at[2], at[55]); MULADD(at[3], at[54]); MULADD(at[4], at[53]); MULADD(at[5], at[52]); MULADD(at[6], at[51]); MULADD(at[7], at[50]); MULADD(at[8], at[49]); MULADD(at[9], at[48]); MULADD(at[10], at[47]); MULADD(at[11], at[46]); MULADD(at[12], at[45]); MULADD(at[13], at[44]); MULADD(at[14], at[43]); MULADD(at[15], at[42]); MULADD(at[16], at[41]); MULADD(at[17], at[40]); MULADD(at[18], at[39]); MULADD(at[19], at[38]); MULADD(at[20], at[37]); MULADD(at[21], at[36]); MULADD(at[22], at[35]); MULADD(at[23], at[34]); MULADD(at[24], at[33]); MULADD(at[25], at[32]);
- COMBA_STORE(C->dp[25]);
- /* 26 */
- COMBA_FORWARD;
- MULADD(at[0], at[58]); MULADD(at[1], at[57]); MULADD(at[2], at[56]); MULADD(at[3], at[55]); MULADD(at[4], at[54]); MULADD(at[5], at[53]); MULADD(at[6], at[52]); MULADD(at[7], at[51]); MULADD(at[8], at[50]); MULADD(at[9], at[49]); MULADD(at[10], at[48]); MULADD(at[11], at[47]); MULADD(at[12], at[46]); MULADD(at[13], at[45]); MULADD(at[14], at[44]); MULADD(at[15], at[43]); MULADD(at[16], at[42]); MULADD(at[17], at[41]); MULADD(at[18], at[40]); MULADD(at[19], at[39]); MULADD(at[20], at[38]); MULADD(at[21], at[37]); MULADD(at[22], at[36]); MULADD(at[23], at[35]); MULADD(at[24], at[34]); MULADD(at[25], at[33]); MULADD(at[26], at[32]);
- COMBA_STORE(C->dp[26]);
- /* 27 */
- COMBA_FORWARD;
- MULADD(at[0], at[59]); MULADD(at[1], at[58]); MULADD(at[2], at[57]); MULADD(at[3], at[56]); MULADD(at[4], at[55]); MULADD(at[5], at[54]); MULADD(at[6], at[53]); MULADD(at[7], at[52]); MULADD(at[8], at[51]); MULADD(at[9], at[50]); MULADD(at[10], at[49]); MULADD(at[11], at[48]); MULADD(at[12], at[47]); MULADD(at[13], at[46]); MULADD(at[14], at[45]); MULADD(at[15], at[44]); MULADD(at[16], at[43]); MULADD(at[17], at[42]); MULADD(at[18], at[41]); MULADD(at[19], at[40]); MULADD(at[20], at[39]); MULADD(at[21], at[38]); MULADD(at[22], at[37]); MULADD(at[23], at[36]); MULADD(at[24], at[35]); MULADD(at[25], at[34]); MULADD(at[26], at[33]); MULADD(at[27], at[32]);
- COMBA_STORE(C->dp[27]);
- /* 28 */
- COMBA_FORWARD;
- MULADD(at[0], at[60]); MULADD(at[1], at[59]); MULADD(at[2], at[58]); MULADD(at[3], at[57]); MULADD(at[4], at[56]); MULADD(at[5], at[55]); MULADD(at[6], at[54]); MULADD(at[7], at[53]); MULADD(at[8], at[52]); MULADD(at[9], at[51]); MULADD(at[10], at[50]); MULADD(at[11], at[49]); MULADD(at[12], at[48]); MULADD(at[13], at[47]); MULADD(at[14], at[46]); MULADD(at[15], at[45]); MULADD(at[16], at[44]); MULADD(at[17], at[43]); MULADD(at[18], at[42]); MULADD(at[19], at[41]); MULADD(at[20], at[40]); MULADD(at[21], at[39]); MULADD(at[22], at[38]); MULADD(at[23], at[37]); MULADD(at[24], at[36]); MULADD(at[25], at[35]); MULADD(at[26], at[34]); MULADD(at[27], at[33]); MULADD(at[28], at[32]);
- COMBA_STORE(C->dp[28]);
- /* 29 */
- COMBA_FORWARD;
- MULADD(at[0], at[61]); MULADD(at[1], at[60]); MULADD(at[2], at[59]); MULADD(at[3], at[58]); MULADD(at[4], at[57]); MULADD(at[5], at[56]); MULADD(at[6], at[55]); MULADD(at[7], at[54]); MULADD(at[8], at[53]); MULADD(at[9], at[52]); MULADD(at[10], at[51]); MULADD(at[11], at[50]); MULADD(at[12], at[49]); MULADD(at[13], at[48]); MULADD(at[14], at[47]); MULADD(at[15], at[46]); MULADD(at[16], at[45]); MULADD(at[17], at[44]); MULADD(at[18], at[43]); MULADD(at[19], at[42]); MULADD(at[20], at[41]); MULADD(at[21], at[40]); MULADD(at[22], at[39]); MULADD(at[23], at[38]); MULADD(at[24], at[37]); MULADD(at[25], at[36]); MULADD(at[26], at[35]); MULADD(at[27], at[34]); MULADD(at[28], at[33]); MULADD(at[29], at[32]);
- COMBA_STORE(C->dp[29]);
- /* 30 */
- COMBA_FORWARD;
- MULADD(at[0], at[62]); MULADD(at[1], at[61]); MULADD(at[2], at[60]); MULADD(at[3], at[59]); MULADD(at[4], at[58]); MULADD(at[5], at[57]); MULADD(at[6], at[56]); MULADD(at[7], at[55]); MULADD(at[8], at[54]); MULADD(at[9], at[53]); MULADD(at[10], at[52]); MULADD(at[11], at[51]); MULADD(at[12], at[50]); MULADD(at[13], at[49]); MULADD(at[14], at[48]); MULADD(at[15], at[47]); MULADD(at[16], at[46]); MULADD(at[17], at[45]); MULADD(at[18], at[44]); MULADD(at[19], at[43]); MULADD(at[20], at[42]); MULADD(at[21], at[41]); MULADD(at[22], at[40]); MULADD(at[23], at[39]); MULADD(at[24], at[38]); MULADD(at[25], at[37]); MULADD(at[26], at[36]); MULADD(at[27], at[35]); MULADD(at[28], at[34]); MULADD(at[29], at[33]); MULADD(at[30], at[32]);
- COMBA_STORE(C->dp[30]);
- /* 31 */
- COMBA_FORWARD;
- MULADD(at[0], at[63]); MULADD(at[1], at[62]); MULADD(at[2], at[61]); MULADD(at[3], at[60]); MULADD(at[4], at[59]); MULADD(at[5], at[58]); MULADD(at[6], at[57]); MULADD(at[7], at[56]); MULADD(at[8], at[55]); MULADD(at[9], at[54]); MULADD(at[10], at[53]); MULADD(at[11], at[52]); MULADD(at[12], at[51]); MULADD(at[13], at[50]); MULADD(at[14], at[49]); MULADD(at[15], at[48]); MULADD(at[16], at[47]); MULADD(at[17], at[46]); MULADD(at[18], at[45]); MULADD(at[19], at[44]); MULADD(at[20], at[43]); MULADD(at[21], at[42]); MULADD(at[22], at[41]); MULADD(at[23], at[40]); MULADD(at[24], at[39]); MULADD(at[25], at[38]); MULADD(at[26], at[37]); MULADD(at[27], at[36]); MULADD(at[28], at[35]); MULADD(at[29], at[34]); MULADD(at[30], at[33]); MULADD(at[31], at[32]);
- COMBA_STORE(C->dp[31]);
- /* 32 */
- COMBA_FORWARD;
- MULADD(at[1], at[63]); MULADD(at[2], at[62]); MULADD(at[3], at[61]); MULADD(at[4], at[60]); MULADD(at[5], at[59]); MULADD(at[6], at[58]); MULADD(at[7], at[57]); MULADD(at[8], at[56]); MULADD(at[9], at[55]); MULADD(at[10], at[54]); MULADD(at[11], at[53]); MULADD(at[12], at[52]); MULADD(at[13], at[51]); MULADD(at[14], at[50]); MULADD(at[15], at[49]); MULADD(at[16], at[48]); MULADD(at[17], at[47]); MULADD(at[18], at[46]); MULADD(at[19], at[45]); MULADD(at[20], at[44]); MULADD(at[21], at[43]); MULADD(at[22], at[42]); MULADD(at[23], at[41]); MULADD(at[24], at[40]); MULADD(at[25], at[39]); MULADD(at[26], at[38]); MULADD(at[27], at[37]); MULADD(at[28], at[36]); MULADD(at[29], at[35]); MULADD(at[30], at[34]); MULADD(at[31], at[33]);
- COMBA_STORE(C->dp[32]);
- /* 33 */
- COMBA_FORWARD;
- MULADD(at[2], at[63]); MULADD(at[3], at[62]); MULADD(at[4], at[61]); MULADD(at[5], at[60]); MULADD(at[6], at[59]); MULADD(at[7], at[58]); MULADD(at[8], at[57]); MULADD(at[9], at[56]); MULADD(at[10], at[55]); MULADD(at[11], at[54]); MULADD(at[12], at[53]); MULADD(at[13], at[52]); MULADD(at[14], at[51]); MULADD(at[15], at[50]); MULADD(at[16], at[49]); MULADD(at[17], at[48]); MULADD(at[18], at[47]); MULADD(at[19], at[46]); MULADD(at[20], at[45]); MULADD(at[21], at[44]); MULADD(at[22], at[43]); MULADD(at[23], at[42]); MULADD(at[24], at[41]); MULADD(at[25], at[40]); MULADD(at[26], at[39]); MULADD(at[27], at[38]); MULADD(at[28], at[37]); MULADD(at[29], at[36]); MULADD(at[30], at[35]); MULADD(at[31], at[34]);
- COMBA_STORE(C->dp[33]);
- /* 34 */
- COMBA_FORWARD;
- MULADD(at[3], at[63]); MULADD(at[4], at[62]); MULADD(at[5], at[61]); MULADD(at[6], at[60]); MULADD(at[7], at[59]); MULADD(at[8], at[58]); MULADD(at[9], at[57]); MULADD(at[10], at[56]); MULADD(at[11], at[55]); MULADD(at[12], at[54]); MULADD(at[13], at[53]); MULADD(at[14], at[52]); MULADD(at[15], at[51]); MULADD(at[16], at[50]); MULADD(at[17], at[49]); MULADD(at[18], at[48]); MULADD(at[19], at[47]); MULADD(at[20], at[46]); MULADD(at[21], at[45]); MULADD(at[22], at[44]); MULADD(at[23], at[43]); MULADD(at[24], at[42]); MULADD(at[25], at[41]); MULADD(at[26], at[40]); MULADD(at[27], at[39]); MULADD(at[28], at[38]); MULADD(at[29], at[37]); MULADD(at[30], at[36]); MULADD(at[31], at[35]);
- COMBA_STORE(C->dp[34]);
- /* 35 */
- COMBA_FORWARD;
- MULADD(at[4], at[63]); MULADD(at[5], at[62]); MULADD(at[6], at[61]); MULADD(at[7], at[60]); MULADD(at[8], at[59]); MULADD(at[9], at[58]); MULADD(at[10], at[57]); MULADD(at[11], at[56]); MULADD(at[12], at[55]); MULADD(at[13], at[54]); MULADD(at[14], at[53]); MULADD(at[15], at[52]); MULADD(at[16], at[51]); MULADD(at[17], at[50]); MULADD(at[18], at[49]); MULADD(at[19], at[48]); MULADD(at[20], at[47]); MULADD(at[21], at[46]); MULADD(at[22], at[45]); MULADD(at[23], at[44]); MULADD(at[24], at[43]); MULADD(at[25], at[42]); MULADD(at[26], at[41]); MULADD(at[27], at[40]); MULADD(at[28], at[39]); MULADD(at[29], at[38]); MULADD(at[30], at[37]); MULADD(at[31], at[36]);
- COMBA_STORE(C->dp[35]);
- /* 36 */
- COMBA_FORWARD;
- MULADD(at[5], at[63]); MULADD(at[6], at[62]); MULADD(at[7], at[61]); MULADD(at[8], at[60]); MULADD(at[9], at[59]); MULADD(at[10], at[58]); MULADD(at[11], at[57]); MULADD(at[12], at[56]); MULADD(at[13], at[55]); MULADD(at[14], at[54]); MULADD(at[15], at[53]); MULADD(at[16], at[52]); MULADD(at[17], at[51]); MULADD(at[18], at[50]); MULADD(at[19], at[49]); MULADD(at[20], at[48]); MULADD(at[21], at[47]); MULADD(at[22], at[46]); MULADD(at[23], at[45]); MULADD(at[24], at[44]); MULADD(at[25], at[43]); MULADD(at[26], at[42]); MULADD(at[27], at[41]); MULADD(at[28], at[40]); MULADD(at[29], at[39]); MULADD(at[30], at[38]); MULADD(at[31], at[37]);
- COMBA_STORE(C->dp[36]);
- /* 37 */
- COMBA_FORWARD;
- MULADD(at[6], at[63]); MULADD(at[7], at[62]); MULADD(at[8], at[61]); MULADD(at[9], at[60]); MULADD(at[10], at[59]); MULADD(at[11], at[58]); MULADD(at[12], at[57]); MULADD(at[13], at[56]); MULADD(at[14], at[55]); MULADD(at[15], at[54]); MULADD(at[16], at[53]); MULADD(at[17], at[52]); MULADD(at[18], at[51]); MULADD(at[19], at[50]); MULADD(at[20], at[49]); MULADD(at[21], at[48]); MULADD(at[22], at[47]); MULADD(at[23], at[46]); MULADD(at[24], at[45]); MULADD(at[25], at[44]); MULADD(at[26], at[43]); MULADD(at[27], at[42]); MULADD(at[28], at[41]); MULADD(at[29], at[40]); MULADD(at[30], at[39]); MULADD(at[31], at[38]);
- COMBA_STORE(C->dp[37]);
- /* 38 */
- COMBA_FORWARD;
- MULADD(at[7], at[63]); MULADD(at[8], at[62]); MULADD(at[9], at[61]); MULADD(at[10], at[60]); MULADD(at[11], at[59]); MULADD(at[12], at[58]); MULADD(at[13], at[57]); MULADD(at[14], at[56]); MULADD(at[15], at[55]); MULADD(at[16], at[54]); MULADD(at[17], at[53]); MULADD(at[18], at[52]); MULADD(at[19], at[51]); MULADD(at[20], at[50]); MULADD(at[21], at[49]); MULADD(at[22], at[48]); MULADD(at[23], at[47]); MULADD(at[24], at[46]); MULADD(at[25], at[45]); MULADD(at[26], at[44]); MULADD(at[27], at[43]); MULADD(at[28], at[42]); MULADD(at[29], at[41]); MULADD(at[30], at[40]); MULADD(at[31], at[39]);
- COMBA_STORE(C->dp[38]);
- /* 39 */
- COMBA_FORWARD;
- MULADD(at[8], at[63]); MULADD(at[9], at[62]); MULADD(at[10], at[61]); MULADD(at[11], at[60]); MULADD(at[12], at[59]); MULADD(at[13], at[58]); MULADD(at[14], at[57]); MULADD(at[15], at[56]); MULADD(at[16], at[55]); MULADD(at[17], at[54]); MULADD(at[18], at[53]); MULADD(at[19], at[52]); MULADD(at[20], at[51]); MULADD(at[21], at[50]); MULADD(at[22], at[49]); MULADD(at[23], at[48]); MULADD(at[24], at[47]); MULADD(at[25], at[46]); MULADD(at[26], at[45]); MULADD(at[27], at[44]); MULADD(at[28], at[43]); MULADD(at[29], at[42]); MULADD(at[30], at[41]); MULADD(at[31], at[40]);
- COMBA_STORE(C->dp[39]);
- /* 40 */
- COMBA_FORWARD;
- MULADD(at[9], at[63]); MULADD(at[10], at[62]); MULADD(at[11], at[61]); MULADD(at[12], at[60]); MULADD(at[13], at[59]); MULADD(at[14], at[58]); MULADD(at[15], at[57]); MULADD(at[16], at[56]); MULADD(at[17], at[55]); MULADD(at[18], at[54]); MULADD(at[19], at[53]); MULADD(at[20], at[52]); MULADD(at[21], at[51]); MULADD(at[22], at[50]); MULADD(at[23], at[49]); MULADD(at[24], at[48]); MULADD(at[25], at[47]); MULADD(at[26], at[46]); MULADD(at[27], at[45]); MULADD(at[28], at[44]); MULADD(at[29], at[43]); MULADD(at[30], at[42]); MULADD(at[31], at[41]);
- COMBA_STORE(C->dp[40]);
- /* 41 */
- COMBA_FORWARD;
- MULADD(at[10], at[63]); MULADD(at[11], at[62]); MULADD(at[12], at[61]); MULADD(at[13], at[60]); MULADD(at[14], at[59]); MULADD(at[15], at[58]); MULADD(at[16], at[57]); MULADD(at[17], at[56]); MULADD(at[18], at[55]); MULADD(at[19], at[54]); MULADD(at[20], at[53]); MULADD(at[21], at[52]); MULADD(at[22], at[51]); MULADD(at[23], at[50]); MULADD(at[24], at[49]); MULADD(at[25], at[48]); MULADD(at[26], at[47]); MULADD(at[27], at[46]); MULADD(at[28], at[45]); MULADD(at[29], at[44]); MULADD(at[30], at[43]); MULADD(at[31], at[42]);
- COMBA_STORE(C->dp[41]);
- /* 42 */
- COMBA_FORWARD;
- MULADD(at[11], at[63]); MULADD(at[12], at[62]); MULADD(at[13], at[61]); MULADD(at[14], at[60]); MULADD(at[15], at[59]); MULADD(at[16], at[58]); MULADD(at[17], at[57]); MULADD(at[18], at[56]); MULADD(at[19], at[55]); MULADD(at[20], at[54]); MULADD(at[21], at[53]); MULADD(at[22], at[52]); MULADD(at[23], at[51]); MULADD(at[24], at[50]); MULADD(at[25], at[49]); MULADD(at[26], at[48]); MULADD(at[27], at[47]); MULADD(at[28], at[46]); MULADD(at[29], at[45]); MULADD(at[30], at[44]); MULADD(at[31], at[43]);
- COMBA_STORE(C->dp[42]);
- /* 43 */
- COMBA_FORWARD;
- MULADD(at[12], at[63]); MULADD(at[13], at[62]); MULADD(at[14], at[61]); MULADD(at[15], at[60]); MULADD(at[16], at[59]); MULADD(at[17], at[58]); MULADD(at[18], at[57]); MULADD(at[19], at[56]); MULADD(at[20], at[55]); MULADD(at[21], at[54]); MULADD(at[22], at[53]); MULADD(at[23], at[52]); MULADD(at[24], at[51]); MULADD(at[25], at[50]); MULADD(at[26], at[49]); MULADD(at[27], at[48]); MULADD(at[28], at[47]); MULADD(at[29], at[46]); MULADD(at[30], at[45]); MULADD(at[31], at[44]);
- COMBA_STORE(C->dp[43]);
- /* 44 */
- COMBA_FORWARD;
- MULADD(at[13], at[63]); MULADD(at[14], at[62]); MULADD(at[15], at[61]); MULADD(at[16], at[60]); MULADD(at[17], at[59]); MULADD(at[18], at[58]); MULADD(at[19], at[57]); MULADD(at[20], at[56]); MULADD(at[21], at[55]); MULADD(at[22], at[54]); MULADD(at[23], at[53]); MULADD(at[24], at[52]); MULADD(at[25], at[51]); MULADD(at[26], at[50]); MULADD(at[27], at[49]); MULADD(at[28], at[48]); MULADD(at[29], at[47]); MULADD(at[30], at[46]); MULADD(at[31], at[45]);
- COMBA_STORE(C->dp[44]);
- /* 45 */
- COMBA_FORWARD;
- MULADD(at[14], at[63]); MULADD(at[15], at[62]); MULADD(at[16], at[61]); MULADD(at[17], at[60]); MULADD(at[18], at[59]); MULADD(at[19], at[58]); MULADD(at[20], at[57]); MULADD(at[21], at[56]); MULADD(at[22], at[55]); MULADD(at[23], at[54]); MULADD(at[24], at[53]); MULADD(at[25], at[52]); MULADD(at[26], at[51]); MULADD(at[27], at[50]); MULADD(at[28], at[49]); MULADD(at[29], at[48]); MULADD(at[30], at[47]); MULADD(at[31], at[46]);
- COMBA_STORE(C->dp[45]);
- /* 46 */
- COMBA_FORWARD;
- MULADD(at[15], at[63]); MULADD(at[16], at[62]); MULADD(at[17], at[61]); MULADD(at[18], at[60]); MULADD(at[19], at[59]); MULADD(at[20], at[58]); MULADD(at[21], at[57]); MULADD(at[22], at[56]); MULADD(at[23], at[55]); MULADD(at[24], at[54]); MULADD(at[25], at[53]); MULADD(at[26], at[52]); MULADD(at[27], at[51]); MULADD(at[28], at[50]); MULADD(at[29], at[49]); MULADD(at[30], at[48]); MULADD(at[31], at[47]);
- COMBA_STORE(C->dp[46]);
- /* 47 */
- COMBA_FORWARD;
- MULADD(at[16], at[63]); MULADD(at[17], at[62]); MULADD(at[18], at[61]); MULADD(at[19], at[60]); MULADD(at[20], at[59]); MULADD(at[21], at[58]); MULADD(at[22], at[57]); MULADD(at[23], at[56]); MULADD(at[24], at[55]); MULADD(at[25], at[54]); MULADD(at[26], at[53]); MULADD(at[27], at[52]); MULADD(at[28], at[51]); MULADD(at[29], at[50]); MULADD(at[30], at[49]); MULADD(at[31], at[48]);
- COMBA_STORE(C->dp[47]);
- /* 48 */
- COMBA_FORWARD;
- MULADD(at[17], at[63]); MULADD(at[18], at[62]); MULADD(at[19], at[61]); MULADD(at[20], at[60]); MULADD(at[21], at[59]); MULADD(at[22], at[58]); MULADD(at[23], at[57]); MULADD(at[24], at[56]); MULADD(at[25], at[55]); MULADD(at[26], at[54]); MULADD(at[27], at[53]); MULADD(at[28], at[52]); MULADD(at[29], at[51]); MULADD(at[30], at[50]); MULADD(at[31], at[49]);
- COMBA_STORE(C->dp[48]);
- /* 49 */
- COMBA_FORWARD;
- MULADD(at[18], at[63]); MULADD(at[19], at[62]); MULADD(at[20], at[61]); MULADD(at[21], at[60]); MULADD(at[22], at[59]); MULADD(at[23], at[58]); MULADD(at[24], at[57]); MULADD(at[25], at[56]); MULADD(at[26], at[55]); MULADD(at[27], at[54]); MULADD(at[28], at[53]); MULADD(at[29], at[52]); MULADD(at[30], at[51]); MULADD(at[31], at[50]);
- COMBA_STORE(C->dp[49]);
- /* 50 */
- COMBA_FORWARD;
- MULADD(at[19], at[63]); MULADD(at[20], at[62]); MULADD(at[21], at[61]); MULADD(at[22], at[60]); MULADD(at[23], at[59]); MULADD(at[24], at[58]); MULADD(at[25], at[57]); MULADD(at[26], at[56]); MULADD(at[27], at[55]); MULADD(at[28], at[54]); MULADD(at[29], at[53]); MULADD(at[30], at[52]); MULADD(at[31], at[51]);
- COMBA_STORE(C->dp[50]);
- /* 51 */
- COMBA_FORWARD;
- MULADD(at[20], at[63]); MULADD(at[21], at[62]); MULADD(at[22], at[61]); MULADD(at[23], at[60]); MULADD(at[24], at[59]); MULADD(at[25], at[58]); MULADD(at[26], at[57]); MULADD(at[27], at[56]); MULADD(at[28], at[55]); MULADD(at[29], at[54]); MULADD(at[30], at[53]); MULADD(at[31], at[52]);
- COMBA_STORE(C->dp[51]);
- /* 52 */
- COMBA_FORWARD;
- MULADD(at[21], at[63]); MULADD(at[22], at[62]); MULADD(at[23], at[61]); MULADD(at[24], at[60]); MULADD(at[25], at[59]); MULADD(at[26], at[58]); MULADD(at[27], at[57]); MULADD(at[28], at[56]); MULADD(at[29], at[55]); MULADD(at[30], at[54]); MULADD(at[31], at[53]);
- COMBA_STORE(C->dp[52]);
- /* 53 */
- COMBA_FORWARD;
- MULADD(at[22], at[63]); MULADD(at[23], at[62]); MULADD(at[24], at[61]); MULADD(at[25], at[60]); MULADD(at[26], at[59]); MULADD(at[27], at[58]); MULADD(at[28], at[57]); MULADD(at[29], at[56]); MULADD(at[30], at[55]); MULADD(at[31], at[54]);
- COMBA_STORE(C->dp[53]);
- /* 54 */
- COMBA_FORWARD;
- MULADD(at[23], at[63]); MULADD(at[24], at[62]); MULADD(at[25], at[61]); MULADD(at[26], at[60]); MULADD(at[27], at[59]); MULADD(at[28], at[58]); MULADD(at[29], at[57]); MULADD(at[30], at[56]); MULADD(at[31], at[55]);
- COMBA_STORE(C->dp[54]);
- /* 55 */
- COMBA_FORWARD;
- MULADD(at[24], at[63]); MULADD(at[25], at[62]); MULADD(at[26], at[61]); MULADD(at[27], at[60]); MULADD(at[28], at[59]); MULADD(at[29], at[58]); MULADD(at[30], at[57]); MULADD(at[31], at[56]);
- COMBA_STORE(C->dp[55]);
- /* 56 */
- COMBA_FORWARD;
- MULADD(at[25], at[63]); MULADD(at[26], at[62]); MULADD(at[27], at[61]); MULADD(at[28], at[60]); MULADD(at[29], at[59]); MULADD(at[30], at[58]); MULADD(at[31], at[57]);
- COMBA_STORE(C->dp[56]);
- /* 57 */
- COMBA_FORWARD;
- MULADD(at[26], at[63]); MULADD(at[27], at[62]); MULADD(at[28], at[61]); MULADD(at[29], at[60]); MULADD(at[30], at[59]); MULADD(at[31], at[58]);
- COMBA_STORE(C->dp[57]);
- /* 58 */
- COMBA_FORWARD;
- MULADD(at[27], at[63]); MULADD(at[28], at[62]); MULADD(at[29], at[61]); MULADD(at[30], at[60]); MULADD(at[31], at[59]);
- COMBA_STORE(C->dp[58]);
- /* 59 */
- COMBA_FORWARD;
- MULADD(at[28], at[63]); MULADD(at[29], at[62]); MULADD(at[30], at[61]); MULADD(at[31], at[60]);
- COMBA_STORE(C->dp[59]);
- /* 60 */
- COMBA_FORWARD;
- MULADD(at[29], at[63]); MULADD(at[30], at[62]); MULADD(at[31], at[61]);
- COMBA_STORE(C->dp[60]);
- /* 61 */
- COMBA_FORWARD;
- MULADD(at[30], at[63]); MULADD(at[31], at[62]);
- COMBA_STORE(C->dp[61]);
- /* 62 */
- COMBA_FORWARD;
- MULADD(at[31], at[63]);
- COMBA_STORE(C->dp[62]);
- COMBA_STORE2(C->dp[63]);
- C->used = 64;
- C->sign = A->sign ^ B->sign;
- mp_clamp(C);
- COMBA_FINI;
+ mp_digit c0, c1, c2, at[64];
+
+ memcpy(at, A->dp, 32 * sizeof(mp_digit));
+ memcpy(at + 32, B->dp, 32 * sizeof(mp_digit));
+ COMBA_START;
+
+ COMBA_CLEAR;
+ /* 0 */
+ MULADD(at[0], at[32]);
+ COMBA_STORE(C->dp[0]);
+ /* 1 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[33]);
+ MULADD(at[1], at[32]);
+ COMBA_STORE(C->dp[1]);
+ /* 2 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[34]);
+ MULADD(at[1], at[33]);
+ MULADD(at[2], at[32]);
+ COMBA_STORE(C->dp[2]);
+ /* 3 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[35]);
+ MULADD(at[1], at[34]);
+ MULADD(at[2], at[33]);
+ MULADD(at[3], at[32]);
+ COMBA_STORE(C->dp[3]);
+ /* 4 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[36]);
+ MULADD(at[1], at[35]);
+ MULADD(at[2], at[34]);
+ MULADD(at[3], at[33]);
+ MULADD(at[4], at[32]);
+ COMBA_STORE(C->dp[4]);
+ /* 5 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[37]);
+ MULADD(at[1], at[36]);
+ MULADD(at[2], at[35]);
+ MULADD(at[3], at[34]);
+ MULADD(at[4], at[33]);
+ MULADD(at[5], at[32]);
+ COMBA_STORE(C->dp[5]);
+ /* 6 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[38]);
+ MULADD(at[1], at[37]);
+ MULADD(at[2], at[36]);
+ MULADD(at[3], at[35]);
+ MULADD(at[4], at[34]);
+ MULADD(at[5], at[33]);
+ MULADD(at[6], at[32]);
+ COMBA_STORE(C->dp[6]);
+ /* 7 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[39]);
+ MULADD(at[1], at[38]);
+ MULADD(at[2], at[37]);
+ MULADD(at[3], at[36]);
+ MULADD(at[4], at[35]);
+ MULADD(at[5], at[34]);
+ MULADD(at[6], at[33]);
+ MULADD(at[7], at[32]);
+ COMBA_STORE(C->dp[7]);
+ /* 8 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[40]);
+ MULADD(at[1], at[39]);
+ MULADD(at[2], at[38]);
+ MULADD(at[3], at[37]);
+ MULADD(at[4], at[36]);
+ MULADD(at[5], at[35]);
+ MULADD(at[6], at[34]);
+ MULADD(at[7], at[33]);
+ MULADD(at[8], at[32]);
+ COMBA_STORE(C->dp[8]);
+ /* 9 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[41]);
+ MULADD(at[1], at[40]);
+ MULADD(at[2], at[39]);
+ MULADD(at[3], at[38]);
+ MULADD(at[4], at[37]);
+ MULADD(at[5], at[36]);
+ MULADD(at[6], at[35]);
+ MULADD(at[7], at[34]);
+ MULADD(at[8], at[33]);
+ MULADD(at[9], at[32]);
+ COMBA_STORE(C->dp[9]);
+ /* 10 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[42]);
+ MULADD(at[1], at[41]);
+ MULADD(at[2], at[40]);
+ MULADD(at[3], at[39]);
+ MULADD(at[4], at[38]);
+ MULADD(at[5], at[37]);
+ MULADD(at[6], at[36]);
+ MULADD(at[7], at[35]);
+ MULADD(at[8], at[34]);
+ MULADD(at[9], at[33]);
+ MULADD(at[10], at[32]);
+ COMBA_STORE(C->dp[10]);
+ /* 11 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[43]);
+ MULADD(at[1], at[42]);
+ MULADD(at[2], at[41]);
+ MULADD(at[3], at[40]);
+ MULADD(at[4], at[39]);
+ MULADD(at[5], at[38]);
+ MULADD(at[6], at[37]);
+ MULADD(at[7], at[36]);
+ MULADD(at[8], at[35]);
+ MULADD(at[9], at[34]);
+ MULADD(at[10], at[33]);
+ MULADD(at[11], at[32]);
+ COMBA_STORE(C->dp[11]);
+ /* 12 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[44]);
+ MULADD(at[1], at[43]);
+ MULADD(at[2], at[42]);
+ MULADD(at[3], at[41]);
+ MULADD(at[4], at[40]);
+ MULADD(at[5], at[39]);
+ MULADD(at[6], at[38]);
+ MULADD(at[7], at[37]);
+ MULADD(at[8], at[36]);
+ MULADD(at[9], at[35]);
+ MULADD(at[10], at[34]);
+ MULADD(at[11], at[33]);
+ MULADD(at[12], at[32]);
+ COMBA_STORE(C->dp[12]);
+ /* 13 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[45]);
+ MULADD(at[1], at[44]);
+ MULADD(at[2], at[43]);
+ MULADD(at[3], at[42]);
+ MULADD(at[4], at[41]);
+ MULADD(at[5], at[40]);
+ MULADD(at[6], at[39]);
+ MULADD(at[7], at[38]);
+ MULADD(at[8], at[37]);
+ MULADD(at[9], at[36]);
+ MULADD(at[10], at[35]);
+ MULADD(at[11], at[34]);
+ MULADD(at[12], at[33]);
+ MULADD(at[13], at[32]);
+ COMBA_STORE(C->dp[13]);
+ /* 14 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[46]);
+ MULADD(at[1], at[45]);
+ MULADD(at[2], at[44]);
+ MULADD(at[3], at[43]);
+ MULADD(at[4], at[42]);
+ MULADD(at[5], at[41]);
+ MULADD(at[6], at[40]);
+ MULADD(at[7], at[39]);
+ MULADD(at[8], at[38]);
+ MULADD(at[9], at[37]);
+ MULADD(at[10], at[36]);
+ MULADD(at[11], at[35]);
+ MULADD(at[12], at[34]);
+ MULADD(at[13], at[33]);
+ MULADD(at[14], at[32]);
+ COMBA_STORE(C->dp[14]);
+ /* 15 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[47]);
+ MULADD(at[1], at[46]);
+ MULADD(at[2], at[45]);
+ MULADD(at[3], at[44]);
+ MULADD(at[4], at[43]);
+ MULADD(at[5], at[42]);
+ MULADD(at[6], at[41]);
+ MULADD(at[7], at[40]);
+ MULADD(at[8], at[39]);
+ MULADD(at[9], at[38]);
+ MULADD(at[10], at[37]);
+ MULADD(at[11], at[36]);
+ MULADD(at[12], at[35]);
+ MULADD(at[13], at[34]);
+ MULADD(at[14], at[33]);
+ MULADD(at[15], at[32]);
+ COMBA_STORE(C->dp[15]);
+ /* 16 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[48]);
+ MULADD(at[1], at[47]);
+ MULADD(at[2], at[46]);
+ MULADD(at[3], at[45]);
+ MULADD(at[4], at[44]);
+ MULADD(at[5], at[43]);
+ MULADD(at[6], at[42]);
+ MULADD(at[7], at[41]);
+ MULADD(at[8], at[40]);
+ MULADD(at[9], at[39]);
+ MULADD(at[10], at[38]);
+ MULADD(at[11], at[37]);
+ MULADD(at[12], at[36]);
+ MULADD(at[13], at[35]);
+ MULADD(at[14], at[34]);
+ MULADD(at[15], at[33]);
+ MULADD(at[16], at[32]);
+ COMBA_STORE(C->dp[16]);
+ /* 17 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[49]);
+ MULADD(at[1], at[48]);
+ MULADD(at[2], at[47]);
+ MULADD(at[3], at[46]);
+ MULADD(at[4], at[45]);
+ MULADD(at[5], at[44]);
+ MULADD(at[6], at[43]);
+ MULADD(at[7], at[42]);
+ MULADD(at[8], at[41]);
+ MULADD(at[9], at[40]);
+ MULADD(at[10], at[39]);
+ MULADD(at[11], at[38]);
+ MULADD(at[12], at[37]);
+ MULADD(at[13], at[36]);
+ MULADD(at[14], at[35]);
+ MULADD(at[15], at[34]);
+ MULADD(at[16], at[33]);
+ MULADD(at[17], at[32]);
+ COMBA_STORE(C->dp[17]);
+ /* 18 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[50]);
+ MULADD(at[1], at[49]);
+ MULADD(at[2], at[48]);
+ MULADD(at[3], at[47]);
+ MULADD(at[4], at[46]);
+ MULADD(at[5], at[45]);
+ MULADD(at[6], at[44]);
+ MULADD(at[7], at[43]);
+ MULADD(at[8], at[42]);
+ MULADD(at[9], at[41]);
+ MULADD(at[10], at[40]);
+ MULADD(at[11], at[39]);
+ MULADD(at[12], at[38]);
+ MULADD(at[13], at[37]);
+ MULADD(at[14], at[36]);
+ MULADD(at[15], at[35]);
+ MULADD(at[16], at[34]);
+ MULADD(at[17], at[33]);
+ MULADD(at[18], at[32]);
+ COMBA_STORE(C->dp[18]);
+ /* 19 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[51]);
+ MULADD(at[1], at[50]);
+ MULADD(at[2], at[49]);
+ MULADD(at[3], at[48]);
+ MULADD(at[4], at[47]);
+ MULADD(at[5], at[46]);
+ MULADD(at[6], at[45]);
+ MULADD(at[7], at[44]);
+ MULADD(at[8], at[43]);
+ MULADD(at[9], at[42]);
+ MULADD(at[10], at[41]);
+ MULADD(at[11], at[40]);
+ MULADD(at[12], at[39]);
+ MULADD(at[13], at[38]);
+ MULADD(at[14], at[37]);
+ MULADD(at[15], at[36]);
+ MULADD(at[16], at[35]);
+ MULADD(at[17], at[34]);
+ MULADD(at[18], at[33]);
+ MULADD(at[19], at[32]);
+ COMBA_STORE(C->dp[19]);
+ /* 20 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[52]);
+ MULADD(at[1], at[51]);
+ MULADD(at[2], at[50]);
+ MULADD(at[3], at[49]);
+ MULADD(at[4], at[48]);
+ MULADD(at[5], at[47]);
+ MULADD(at[6], at[46]);
+ MULADD(at[7], at[45]);
+ MULADD(at[8], at[44]);
+ MULADD(at[9], at[43]);
+ MULADD(at[10], at[42]);
+ MULADD(at[11], at[41]);
+ MULADD(at[12], at[40]);
+ MULADD(at[13], at[39]);
+ MULADD(at[14], at[38]);
+ MULADD(at[15], at[37]);
+ MULADD(at[16], at[36]);
+ MULADD(at[17], at[35]);
+ MULADD(at[18], at[34]);
+ MULADD(at[19], at[33]);
+ MULADD(at[20], at[32]);
+ COMBA_STORE(C->dp[20]);
+ /* 21 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[53]);
+ MULADD(at[1], at[52]);
+ MULADD(at[2], at[51]);
+ MULADD(at[3], at[50]);
+ MULADD(at[4], at[49]);
+ MULADD(at[5], at[48]);
+ MULADD(at[6], at[47]);
+ MULADD(at[7], at[46]);
+ MULADD(at[8], at[45]);
+ MULADD(at[9], at[44]);
+ MULADD(at[10], at[43]);
+ MULADD(at[11], at[42]);
+ MULADD(at[12], at[41]);
+ MULADD(at[13], at[40]);
+ MULADD(at[14], at[39]);
+ MULADD(at[15], at[38]);
+ MULADD(at[16], at[37]);
+ MULADD(at[17], at[36]);
+ MULADD(at[18], at[35]);
+ MULADD(at[19], at[34]);
+ MULADD(at[20], at[33]);
+ MULADD(at[21], at[32]);
+ COMBA_STORE(C->dp[21]);
+ /* 22 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[54]);
+ MULADD(at[1], at[53]);
+ MULADD(at[2], at[52]);
+ MULADD(at[3], at[51]);
+ MULADD(at[4], at[50]);
+ MULADD(at[5], at[49]);
+ MULADD(at[6], at[48]);
+ MULADD(at[7], at[47]);
+ MULADD(at[8], at[46]);
+ MULADD(at[9], at[45]);
+ MULADD(at[10], at[44]);
+ MULADD(at[11], at[43]);
+ MULADD(at[12], at[42]);
+ MULADD(at[13], at[41]);
+ MULADD(at[14], at[40]);
+ MULADD(at[15], at[39]);
+ MULADD(at[16], at[38]);
+ MULADD(at[17], at[37]);
+ MULADD(at[18], at[36]);
+ MULADD(at[19], at[35]);
+ MULADD(at[20], at[34]);
+ MULADD(at[21], at[33]);
+ MULADD(at[22], at[32]);
+ COMBA_STORE(C->dp[22]);
+ /* 23 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[55]);
+ MULADD(at[1], at[54]);
+ MULADD(at[2], at[53]);
+ MULADD(at[3], at[52]);
+ MULADD(at[4], at[51]);
+ MULADD(at[5], at[50]);
+ MULADD(at[6], at[49]);
+ MULADD(at[7], at[48]);
+ MULADD(at[8], at[47]);
+ MULADD(at[9], at[46]);
+ MULADD(at[10], at[45]);
+ MULADD(at[11], at[44]);
+ MULADD(at[12], at[43]);
+ MULADD(at[13], at[42]);
+ MULADD(at[14], at[41]);
+ MULADD(at[15], at[40]);
+ MULADD(at[16], at[39]);
+ MULADD(at[17], at[38]);
+ MULADD(at[18], at[37]);
+ MULADD(at[19], at[36]);
+ MULADD(at[20], at[35]);
+ MULADD(at[21], at[34]);
+ MULADD(at[22], at[33]);
+ MULADD(at[23], at[32]);
+ COMBA_STORE(C->dp[23]);
+ /* 24 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[56]);
+ MULADD(at[1], at[55]);
+ MULADD(at[2], at[54]);
+ MULADD(at[3], at[53]);
+ MULADD(at[4], at[52]);
+ MULADD(at[5], at[51]);
+ MULADD(at[6], at[50]);
+ MULADD(at[7], at[49]);
+ MULADD(at[8], at[48]);
+ MULADD(at[9], at[47]);
+ MULADD(at[10], at[46]);
+ MULADD(at[11], at[45]);
+ MULADD(at[12], at[44]);
+ MULADD(at[13], at[43]);
+ MULADD(at[14], at[42]);
+ MULADD(at[15], at[41]);
+ MULADD(at[16], at[40]);
+ MULADD(at[17], at[39]);
+ MULADD(at[18], at[38]);
+ MULADD(at[19], at[37]);
+ MULADD(at[20], at[36]);
+ MULADD(at[21], at[35]);
+ MULADD(at[22], at[34]);
+ MULADD(at[23], at[33]);
+ MULADD(at[24], at[32]);
+ COMBA_STORE(C->dp[24]);
+ /* 25 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[57]);
+ MULADD(at[1], at[56]);
+ MULADD(at[2], at[55]);
+ MULADD(at[3], at[54]);
+ MULADD(at[4], at[53]);
+ MULADD(at[5], at[52]);
+ MULADD(at[6], at[51]);
+ MULADD(at[7], at[50]);
+ MULADD(at[8], at[49]);
+ MULADD(at[9], at[48]);
+ MULADD(at[10], at[47]);
+ MULADD(at[11], at[46]);
+ MULADD(at[12], at[45]);
+ MULADD(at[13], at[44]);
+ MULADD(at[14], at[43]);
+ MULADD(at[15], at[42]);
+ MULADD(at[16], at[41]);
+ MULADD(at[17], at[40]);
+ MULADD(at[18], at[39]);
+ MULADD(at[19], at[38]);
+ MULADD(at[20], at[37]);
+ MULADD(at[21], at[36]);
+ MULADD(at[22], at[35]);
+ MULADD(at[23], at[34]);
+ MULADD(at[24], at[33]);
+ MULADD(at[25], at[32]);
+ COMBA_STORE(C->dp[25]);
+ /* 26 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[58]);
+ MULADD(at[1], at[57]);
+ MULADD(at[2], at[56]);
+ MULADD(at[3], at[55]);
+ MULADD(at[4], at[54]);
+ MULADD(at[5], at[53]);
+ MULADD(at[6], at[52]);
+ MULADD(at[7], at[51]);
+ MULADD(at[8], at[50]);
+ MULADD(at[9], at[49]);
+ MULADD(at[10], at[48]);
+ MULADD(at[11], at[47]);
+ MULADD(at[12], at[46]);
+ MULADD(at[13], at[45]);
+ MULADD(at[14], at[44]);
+ MULADD(at[15], at[43]);
+ MULADD(at[16], at[42]);
+ MULADD(at[17], at[41]);
+ MULADD(at[18], at[40]);
+ MULADD(at[19], at[39]);
+ MULADD(at[20], at[38]);
+ MULADD(at[21], at[37]);
+ MULADD(at[22], at[36]);
+ MULADD(at[23], at[35]);
+ MULADD(at[24], at[34]);
+ MULADD(at[25], at[33]);
+ MULADD(at[26], at[32]);
+ COMBA_STORE(C->dp[26]);
+ /* 27 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[59]);
+ MULADD(at[1], at[58]);
+ MULADD(at[2], at[57]);
+ MULADD(at[3], at[56]);
+ MULADD(at[4], at[55]);
+ MULADD(at[5], at[54]);
+ MULADD(at[6], at[53]);
+ MULADD(at[7], at[52]);
+ MULADD(at[8], at[51]);
+ MULADD(at[9], at[50]);
+ MULADD(at[10], at[49]);
+ MULADD(at[11], at[48]);
+ MULADD(at[12], at[47]);
+ MULADD(at[13], at[46]);
+ MULADD(at[14], at[45]);
+ MULADD(at[15], at[44]);
+ MULADD(at[16], at[43]);
+ MULADD(at[17], at[42]);
+ MULADD(at[18], at[41]);
+ MULADD(at[19], at[40]);
+ MULADD(at[20], at[39]);
+ MULADD(at[21], at[38]);
+ MULADD(at[22], at[37]);
+ MULADD(at[23], at[36]);
+ MULADD(at[24], at[35]);
+ MULADD(at[25], at[34]);
+ MULADD(at[26], at[33]);
+ MULADD(at[27], at[32]);
+ COMBA_STORE(C->dp[27]);
+ /* 28 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[60]);
+ MULADD(at[1], at[59]);
+ MULADD(at[2], at[58]);
+ MULADD(at[3], at[57]);
+ MULADD(at[4], at[56]);
+ MULADD(at[5], at[55]);
+ MULADD(at[6], at[54]);
+ MULADD(at[7], at[53]);
+ MULADD(at[8], at[52]);
+ MULADD(at[9], at[51]);
+ MULADD(at[10], at[50]);
+ MULADD(at[11], at[49]);
+ MULADD(at[12], at[48]);
+ MULADD(at[13], at[47]);
+ MULADD(at[14], at[46]);
+ MULADD(at[15], at[45]);
+ MULADD(at[16], at[44]);
+ MULADD(at[17], at[43]);
+ MULADD(at[18], at[42]);
+ MULADD(at[19], at[41]);
+ MULADD(at[20], at[40]);
+ MULADD(at[21], at[39]);
+ MULADD(at[22], at[38]);
+ MULADD(at[23], at[37]);
+ MULADD(at[24], at[36]);
+ MULADD(at[25], at[35]);
+ MULADD(at[26], at[34]);
+ MULADD(at[27], at[33]);
+ MULADD(at[28], at[32]);
+ COMBA_STORE(C->dp[28]);
+ /* 29 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[61]);
+ MULADD(at[1], at[60]);
+ MULADD(at[2], at[59]);
+ MULADD(at[3], at[58]);
+ MULADD(at[4], at[57]);
+ MULADD(at[5], at[56]);
+ MULADD(at[6], at[55]);
+ MULADD(at[7], at[54]);
+ MULADD(at[8], at[53]);
+ MULADD(at[9], at[52]);
+ MULADD(at[10], at[51]);
+ MULADD(at[11], at[50]);
+ MULADD(at[12], at[49]);
+ MULADD(at[13], at[48]);
+ MULADD(at[14], at[47]);
+ MULADD(at[15], at[46]);
+ MULADD(at[16], at[45]);
+ MULADD(at[17], at[44]);
+ MULADD(at[18], at[43]);
+ MULADD(at[19], at[42]);
+ MULADD(at[20], at[41]);
+ MULADD(at[21], at[40]);
+ MULADD(at[22], at[39]);
+ MULADD(at[23], at[38]);
+ MULADD(at[24], at[37]);
+ MULADD(at[25], at[36]);
+ MULADD(at[26], at[35]);
+ MULADD(at[27], at[34]);
+ MULADD(at[28], at[33]);
+ MULADD(at[29], at[32]);
+ COMBA_STORE(C->dp[29]);
+ /* 30 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[62]);
+ MULADD(at[1], at[61]);
+ MULADD(at[2], at[60]);
+ MULADD(at[3], at[59]);
+ MULADD(at[4], at[58]);
+ MULADD(at[5], at[57]);
+ MULADD(at[6], at[56]);
+ MULADD(at[7], at[55]);
+ MULADD(at[8], at[54]);
+ MULADD(at[9], at[53]);
+ MULADD(at[10], at[52]);
+ MULADD(at[11], at[51]);
+ MULADD(at[12], at[50]);
+ MULADD(at[13], at[49]);
+ MULADD(at[14], at[48]);
+ MULADD(at[15], at[47]);
+ MULADD(at[16], at[46]);
+ MULADD(at[17], at[45]);
+ MULADD(at[18], at[44]);
+ MULADD(at[19], at[43]);
+ MULADD(at[20], at[42]);
+ MULADD(at[21], at[41]);
+ MULADD(at[22], at[40]);
+ MULADD(at[23], at[39]);
+ MULADD(at[24], at[38]);
+ MULADD(at[25], at[37]);
+ MULADD(at[26], at[36]);
+ MULADD(at[27], at[35]);
+ MULADD(at[28], at[34]);
+ MULADD(at[29], at[33]);
+ MULADD(at[30], at[32]);
+ COMBA_STORE(C->dp[30]);
+ /* 31 */
+ COMBA_FORWARD;
+ MULADD(at[0], at[63]);
+ MULADD(at[1], at[62]);
+ MULADD(at[2], at[61]);
+ MULADD(at[3], at[60]);
+ MULADD(at[4], at[59]);
+ MULADD(at[5], at[58]);
+ MULADD(at[6], at[57]);
+ MULADD(at[7], at[56]);
+ MULADD(at[8], at[55]);
+ MULADD(at[9], at[54]);
+ MULADD(at[10], at[53]);
+ MULADD(at[11], at[52]);
+ MULADD(at[12], at[51]);
+ MULADD(at[13], at[50]);
+ MULADD(at[14], at[49]);
+ MULADD(at[15], at[48]);
+ MULADD(at[16], at[47]);
+ MULADD(at[17], at[46]);
+ MULADD(at[18], at[45]);
+ MULADD(at[19], at[44]);
+ MULADD(at[20], at[43]);
+ MULADD(at[21], at[42]);
+ MULADD(at[22], at[41]);
+ MULADD(at[23], at[40]);
+ MULADD(at[24], at[39]);
+ MULADD(at[25], at[38]);
+ MULADD(at[26], at[37]);
+ MULADD(at[27], at[36]);
+ MULADD(at[28], at[35]);
+ MULADD(at[29], at[34]);
+ MULADD(at[30], at[33]);
+ MULADD(at[31], at[32]);
+ COMBA_STORE(C->dp[31]);
+ /* 32 */
+ COMBA_FORWARD;
+ MULADD(at[1], at[63]);
+ MULADD(at[2], at[62]);
+ MULADD(at[3], at[61]);
+ MULADD(at[4], at[60]);
+ MULADD(at[5], at[59]);
+ MULADD(at[6], at[58]);
+ MULADD(at[7], at[57]);
+ MULADD(at[8], at[56]);
+ MULADD(at[9], at[55]);
+ MULADD(at[10], at[54]);
+ MULADD(at[11], at[53]);
+ MULADD(at[12], at[52]);
+ MULADD(at[13], at[51]);
+ MULADD(at[14], at[50]);
+ MULADD(at[15], at[49]);
+ MULADD(at[16], at[48]);
+ MULADD(at[17], at[47]);
+ MULADD(at[18], at[46]);
+ MULADD(at[19], at[45]);
+ MULADD(at[20], at[44]);
+ MULADD(at[21], at[43]);
+ MULADD(at[22], at[42]);
+ MULADD(at[23], at[41]);
+ MULADD(at[24], at[40]);
+ MULADD(at[25], at[39]);
+ MULADD(at[26], at[38]);
+ MULADD(at[27], at[37]);
+ MULADD(at[28], at[36]);
+ MULADD(at[29], at[35]);
+ MULADD(at[30], at[34]);
+ MULADD(at[31], at[33]);
+ COMBA_STORE(C->dp[32]);
+ /* 33 */
+ COMBA_FORWARD;
+ MULADD(at[2], at[63]);
+ MULADD(at[3], at[62]);
+ MULADD(at[4], at[61]);
+ MULADD(at[5], at[60]);
+ MULADD(at[6], at[59]);
+ MULADD(at[7], at[58]);
+ MULADD(at[8], at[57]);
+ MULADD(at[9], at[56]);
+ MULADD(at[10], at[55]);
+ MULADD(at[11], at[54]);
+ MULADD(at[12], at[53]);
+ MULADD(at[13], at[52]);
+ MULADD(at[14], at[51]);
+ MULADD(at[15], at[50]);
+ MULADD(at[16], at[49]);
+ MULADD(at[17], at[48]);
+ MULADD(at[18], at[47]);
+ MULADD(at[19], at[46]);
+ MULADD(at[20], at[45]);
+ MULADD(at[21], at[44]);
+ MULADD(at[22], at[43]);
+ MULADD(at[23], at[42]);
+ MULADD(at[24], at[41]);
+ MULADD(at[25], at[40]);
+ MULADD(at[26], at[39]);
+ MULADD(at[27], at[38]);
+ MULADD(at[28], at[37]);
+ MULADD(at[29], at[36]);
+ MULADD(at[30], at[35]);
+ MULADD(at[31], at[34]);
+ COMBA_STORE(C->dp[33]);
+ /* 34 */
+ COMBA_FORWARD;
+ MULADD(at[3], at[63]);
+ MULADD(at[4], at[62]);
+ MULADD(at[5], at[61]);
+ MULADD(at[6], at[60]);
+ MULADD(at[7], at[59]);
+ MULADD(at[8], at[58]);
+ MULADD(at[9], at[57]);
+ MULADD(at[10], at[56]);
+ MULADD(at[11], at[55]);
+ MULADD(at[12], at[54]);
+ MULADD(at[13], at[53]);
+ MULADD(at[14], at[52]);
+ MULADD(at[15], at[51]);
+ MULADD(at[16], at[50]);
+ MULADD(at[17], at[49]);
+ MULADD(at[18], at[48]);
+ MULADD(at[19], at[47]);
+ MULADD(at[20], at[46]);
+ MULADD(at[21], at[45]);
+ MULADD(at[22], at[44]);
+ MULADD(at[23], at[43]);
+ MULADD(at[24], at[42]);
+ MULADD(at[25], at[41]);
+ MULADD(at[26], at[40]);
+ MULADD(at[27], at[39]);
+ MULADD(at[28], at[38]);
+ MULADD(at[29], at[37]);
+ MULADD(at[30], at[36]);
+ MULADD(at[31], at[35]);
+ COMBA_STORE(C->dp[34]);
+ /* 35 */
+ COMBA_FORWARD;
+ MULADD(at[4], at[63]);
+ MULADD(at[5], at[62]);
+ MULADD(at[6], at[61]);
+ MULADD(at[7], at[60]);
+ MULADD(at[8], at[59]);
+ MULADD(at[9], at[58]);
+ MULADD(at[10], at[57]);
+ MULADD(at[11], at[56]);
+ MULADD(at[12], at[55]);
+ MULADD(at[13], at[54]);
+ MULADD(at[14], at[53]);
+ MULADD(at[15], at[52]);
+ MULADD(at[16], at[51]);
+ MULADD(at[17], at[50]);
+ MULADD(at[18], at[49]);
+ MULADD(at[19], at[48]);
+ MULADD(at[20], at[47]);
+ MULADD(at[21], at[46]);
+ MULADD(at[22], at[45]);
+ MULADD(at[23], at[44]);
+ MULADD(at[24], at[43]);
+ MULADD(at[25], at[42]);
+ MULADD(at[26], at[41]);
+ MULADD(at[27], at[40]);
+ MULADD(at[28], at[39]);
+ MULADD(at[29], at[38]);
+ MULADD(at[30], at[37]);
+ MULADD(at[31], at[36]);
+ COMBA_STORE(C->dp[35]);
+ /* 36 */
+ COMBA_FORWARD;
+ MULADD(at[5], at[63]);
+ MULADD(at[6], at[62]);
+ MULADD(at[7], at[61]);
+ MULADD(at[8], at[60]);
+ MULADD(at[9], at[59]);
+ MULADD(at[10], at[58]);
+ MULADD(at[11], at[57]);
+ MULADD(at[12], at[56]);
+ MULADD(at[13], at[55]);
+ MULADD(at[14], at[54]);
+ MULADD(at[15], at[53]);
+ MULADD(at[16], at[52]);
+ MULADD(at[17], at[51]);
+ MULADD(at[18], at[50]);
+ MULADD(at[19], at[49]);
+ MULADD(at[20], at[48]);
+ MULADD(at[21], at[47]);
+ MULADD(at[22], at[46]);
+ MULADD(at[23], at[45]);
+ MULADD(at[24], at[44]);
+ MULADD(at[25], at[43]);
+ MULADD(at[26], at[42]);
+ MULADD(at[27], at[41]);
+ MULADD(at[28], at[40]);
+ MULADD(at[29], at[39]);
+ MULADD(at[30], at[38]);
+ MULADD(at[31], at[37]);
+ COMBA_STORE(C->dp[36]);
+ /* 37 */
+ COMBA_FORWARD;
+ MULADD(at[6], at[63]);
+ MULADD(at[7], at[62]);
+ MULADD(at[8], at[61]);
+ MULADD(at[9], at[60]);
+ MULADD(at[10], at[59]);
+ MULADD(at[11], at[58]);
+ MULADD(at[12], at[57]);
+ MULADD(at[13], at[56]);
+ MULADD(at[14], at[55]);
+ MULADD(at[15], at[54]);
+ MULADD(at[16], at[53]);
+ MULADD(at[17], at[52]);
+ MULADD(at[18], at[51]);
+ MULADD(at[19], at[50]);
+ MULADD(at[20], at[49]);
+ MULADD(at[21], at[48]);
+ MULADD(at[22], at[47]);
+ MULADD(at[23], at[46]);
+ MULADD(at[24], at[45]);
+ MULADD(at[25], at[44]);
+ MULADD(at[26], at[43]);
+ MULADD(at[27], at[42]);
+ MULADD(at[28], at[41]);
+ MULADD(at[29], at[40]);
+ MULADD(at[30], at[39]);
+ MULADD(at[31], at[38]);
+ COMBA_STORE(C->dp[37]);
+ /* 38 */
+ COMBA_FORWARD;
+ MULADD(at[7], at[63]);
+ MULADD(at[8], at[62]);
+ MULADD(at[9], at[61]);
+ MULADD(at[10], at[60]);
+ MULADD(at[11], at[59]);
+ MULADD(at[12], at[58]);
+ MULADD(at[13], at[57]);
+ MULADD(at[14], at[56]);
+ MULADD(at[15], at[55]);
+ MULADD(at[16], at[54]);
+ MULADD(at[17], at[53]);
+ MULADD(at[18], at[52]);
+ MULADD(at[19], at[51]);
+ MULADD(at[20], at[50]);
+ MULADD(at[21], at[49]);
+ MULADD(at[22], at[48]);
+ MULADD(at[23], at[47]);
+ MULADD(at[24], at[46]);
+ MULADD(at[25], at[45]);
+ MULADD(at[26], at[44]);
+ MULADD(at[27], at[43]);
+ MULADD(at[28], at[42]);
+ MULADD(at[29], at[41]);
+ MULADD(at[30], at[40]);
+ MULADD(at[31], at[39]);
+ COMBA_STORE(C->dp[38]);
+ /* 39 */
+ COMBA_FORWARD;
+ MULADD(at[8], at[63]);
+ MULADD(at[9], at[62]);
+ MULADD(at[10], at[61]);
+ MULADD(at[11], at[60]);
+ MULADD(at[12], at[59]);
+ MULADD(at[13], at[58]);
+ MULADD(at[14], at[57]);
+ MULADD(at[15], at[56]);
+ MULADD(at[16], at[55]);
+ MULADD(at[17], at[54]);
+ MULADD(at[18], at[53]);
+ MULADD(at[19], at[52]);
+ MULADD(at[20], at[51]);
+ MULADD(at[21], at[50]);
+ MULADD(at[22], at[49]);
+ MULADD(at[23], at[48]);
+ MULADD(at[24], at[47]);
+ MULADD(at[25], at[46]);
+ MULADD(at[26], at[45]);
+ MULADD(at[27], at[44]);
+ MULADD(at[28], at[43]);
+ MULADD(at[29], at[42]);
+ MULADD(at[30], at[41]);
+ MULADD(at[31], at[40]);
+ COMBA_STORE(C->dp[39]);
+ /* 40 */
+ COMBA_FORWARD;
+ MULADD(at[9], at[63]);
+ MULADD(at[10], at[62]);
+ MULADD(at[11], at[61]);
+ MULADD(at[12], at[60]);
+ MULADD(at[13], at[59]);
+ MULADD(at[14], at[58]);
+ MULADD(at[15], at[57]);
+ MULADD(at[16], at[56]);
+ MULADD(at[17], at[55]);
+ MULADD(at[18], at[54]);
+ MULADD(at[19], at[53]);
+ MULADD(at[20], at[52]);
+ MULADD(at[21], at[51]);
+ MULADD(at[22], at[50]);
+ MULADD(at[23], at[49]);
+ MULADD(at[24], at[48]);
+ MULADD(at[25], at[47]);
+ MULADD(at[26], at[46]);
+ MULADD(at[27], at[45]);
+ MULADD(at[28], at[44]);
+ MULADD(at[29], at[43]);
+ MULADD(at[30], at[42]);
+ MULADD(at[31], at[41]);
+ COMBA_STORE(C->dp[40]);
+ /* 41 */
+ COMBA_FORWARD;
+ MULADD(at[10], at[63]);
+ MULADD(at[11], at[62]);
+ MULADD(at[12], at[61]);
+ MULADD(at[13], at[60]);
+ MULADD(at[14], at[59]);
+ MULADD(at[15], at[58]);
+ MULADD(at[16], at[57]);
+ MULADD(at[17], at[56]);
+ MULADD(at[18], at[55]);
+ MULADD(at[19], at[54]);
+ MULADD(at[20], at[53]);
+ MULADD(at[21], at[52]);
+ MULADD(at[22], at[51]);
+ MULADD(at[23], at[50]);
+ MULADD(at[24], at[49]);
+ MULADD(at[25], at[48]);
+ MULADD(at[26], at[47]);
+ MULADD(at[27], at[46]);
+ MULADD(at[28], at[45]);
+ MULADD(at[29], at[44]);
+ MULADD(at[30], at[43]);
+ MULADD(at[31], at[42]);
+ COMBA_STORE(C->dp[41]);
+ /* 42 */
+ COMBA_FORWARD;
+ MULADD(at[11], at[63]);
+ MULADD(at[12], at[62]);
+ MULADD(at[13], at[61]);
+ MULADD(at[14], at[60]);
+ MULADD(at[15], at[59]);
+ MULADD(at[16], at[58]);
+ MULADD(at[17], at[57]);
+ MULADD(at[18], at[56]);
+ MULADD(at[19], at[55]);
+ MULADD(at[20], at[54]);
+ MULADD(at[21], at[53]);
+ MULADD(at[22], at[52]);
+ MULADD(at[23], at[51]);
+ MULADD(at[24], at[50]);
+ MULADD(at[25], at[49]);
+ MULADD(at[26], at[48]);
+ MULADD(at[27], at[47]);
+ MULADD(at[28], at[46]);
+ MULADD(at[29], at[45]);
+ MULADD(at[30], at[44]);
+ MULADD(at[31], at[43]);
+ COMBA_STORE(C->dp[42]);
+ /* 43 */
+ COMBA_FORWARD;
+ MULADD(at[12], at[63]);
+ MULADD(at[13], at[62]);
+ MULADD(at[14], at[61]);
+ MULADD(at[15], at[60]);
+ MULADD(at[16], at[59]);
+ MULADD(at[17], at[58]);
+ MULADD(at[18], at[57]);
+ MULADD(at[19], at[56]);
+ MULADD(at[20], at[55]);
+ MULADD(at[21], at[54]);
+ MULADD(at[22], at[53]);
+ MULADD(at[23], at[52]);
+ MULADD(at[24], at[51]);
+ MULADD(at[25], at[50]);
+ MULADD(at[26], at[49]);
+ MULADD(at[27], at[48]);
+ MULADD(at[28], at[47]);
+ MULADD(at[29], at[46]);
+ MULADD(at[30], at[45]);
+ MULADD(at[31], at[44]);
+ COMBA_STORE(C->dp[43]);
+ /* 44 */
+ COMBA_FORWARD;
+ MULADD(at[13], at[63]);
+ MULADD(at[14], at[62]);
+ MULADD(at[15], at[61]);
+ MULADD(at[16], at[60]);
+ MULADD(at[17], at[59]);
+ MULADD(at[18], at[58]);
+ MULADD(at[19], at[57]);
+ MULADD(at[20], at[56]);
+ MULADD(at[21], at[55]);
+ MULADD(at[22], at[54]);
+ MULADD(at[23], at[53]);
+ MULADD(at[24], at[52]);
+ MULADD(at[25], at[51]);
+ MULADD(at[26], at[50]);
+ MULADD(at[27], at[49]);
+ MULADD(at[28], at[48]);
+ MULADD(at[29], at[47]);
+ MULADD(at[30], at[46]);
+ MULADD(at[31], at[45]);
+ COMBA_STORE(C->dp[44]);
+ /* 45 */
+ COMBA_FORWARD;
+ MULADD(at[14], at[63]);
+ MULADD(at[15], at[62]);
+ MULADD(at[16], at[61]);
+ MULADD(at[17], at[60]);
+ MULADD(at[18], at[59]);
+ MULADD(at[19], at[58]);
+ MULADD(at[20], at[57]);
+ MULADD(at[21], at[56]);
+ MULADD(at[22], at[55]);
+ MULADD(at[23], at[54]);
+ MULADD(at[24], at[53]);
+ MULADD(at[25], at[52]);
+ MULADD(at[26], at[51]);
+ MULADD(at[27], at[50]);
+ MULADD(at[28], at[49]);
+ MULADD(at[29], at[48]);
+ MULADD(at[30], at[47]);
+ MULADD(at[31], at[46]);
+ COMBA_STORE(C->dp[45]);
+ /* 46 */
+ COMBA_FORWARD;
+ MULADD(at[15], at[63]);
+ MULADD(at[16], at[62]);
+ MULADD(at[17], at[61]);
+ MULADD(at[18], at[60]);
+ MULADD(at[19], at[59]);
+ MULADD(at[20], at[58]);
+ MULADD(at[21], at[57]);
+ MULADD(at[22], at[56]);
+ MULADD(at[23], at[55]);
+ MULADD(at[24], at[54]);
+ MULADD(at[25], at[53]);
+ MULADD(at[26], at[52]);
+ MULADD(at[27], at[51]);
+ MULADD(at[28], at[50]);
+ MULADD(at[29], at[49]);
+ MULADD(at[30], at[48]);
+ MULADD(at[31], at[47]);
+ COMBA_STORE(C->dp[46]);
+ /* 47 */
+ COMBA_FORWARD;
+ MULADD(at[16], at[63]);
+ MULADD(at[17], at[62]);
+ MULADD(at[18], at[61]);
+ MULADD(at[19], at[60]);
+ MULADD(at[20], at[59]);
+ MULADD(at[21], at[58]);
+ MULADD(at[22], at[57]);
+ MULADD(at[23], at[56]);
+ MULADD(at[24], at[55]);
+ MULADD(at[25], at[54]);
+ MULADD(at[26], at[53]);
+ MULADD(at[27], at[52]);
+ MULADD(at[28], at[51]);
+ MULADD(at[29], at[50]);
+ MULADD(at[30], at[49]);
+ MULADD(at[31], at[48]);
+ COMBA_STORE(C->dp[47]);
+ /* 48 */
+ COMBA_FORWARD;
+ MULADD(at[17], at[63]);
+ MULADD(at[18], at[62]);
+ MULADD(at[19], at[61]);
+ MULADD(at[20], at[60]);
+ MULADD(at[21], at[59]);
+ MULADD(at[22], at[58]);
+ MULADD(at[23], at[57]);
+ MULADD(at[24], at[56]);
+ MULADD(at[25], at[55]);
+ MULADD(at[26], at[54]);
+ MULADD(at[27], at[53]);
+ MULADD(at[28], at[52]);
+ MULADD(at[29], at[51]);
+ MULADD(at[30], at[50]);
+ MULADD(at[31], at[49]);
+ COMBA_STORE(C->dp[48]);
+ /* 49 */
+ COMBA_FORWARD;
+ MULADD(at[18], at[63]);
+ MULADD(at[19], at[62]);
+ MULADD(at[20], at[61]);
+ MULADD(at[21], at[60]);
+ MULADD(at[22], at[59]);
+ MULADD(at[23], at[58]);
+ MULADD(at[24], at[57]);
+ MULADD(at[25], at[56]);
+ MULADD(at[26], at[55]);
+ MULADD(at[27], at[54]);
+ MULADD(at[28], at[53]);
+ MULADD(at[29], at[52]);
+ MULADD(at[30], at[51]);
+ MULADD(at[31], at[50]);
+ COMBA_STORE(C->dp[49]);
+ /* 50 */
+ COMBA_FORWARD;
+ MULADD(at[19], at[63]);
+ MULADD(at[20], at[62]);
+ MULADD(at[21], at[61]);
+ MULADD(at[22], at[60]);
+ MULADD(at[23], at[59]);
+ MULADD(at[24], at[58]);
+ MULADD(at[25], at[57]);
+ MULADD(at[26], at[56]);
+ MULADD(at[27], at[55]);
+ MULADD(at[28], at[54]);
+ MULADD(at[29], at[53]);
+ MULADD(at[30], at[52]);
+ MULADD(at[31], at[51]);
+ COMBA_STORE(C->dp[50]);
+ /* 51 */
+ COMBA_FORWARD;
+ MULADD(at[20], at[63]);
+ MULADD(at[21], at[62]);
+ MULADD(at[22], at[61]);
+ MULADD(at[23], at[60]);
+ MULADD(at[24], at[59]);
+ MULADD(at[25], at[58]);
+ MULADD(at[26], at[57]);
+ MULADD(at[27], at[56]);
+ MULADD(at[28], at[55]);
+ MULADD(at[29], at[54]);
+ MULADD(at[30], at[53]);
+ MULADD(at[31], at[52]);
+ COMBA_STORE(C->dp[51]);
+ /* 52 */
+ COMBA_FORWARD;
+ MULADD(at[21], at[63]);
+ MULADD(at[22], at[62]);
+ MULADD(at[23], at[61]);
+ MULADD(at[24], at[60]);
+ MULADD(at[25], at[59]);
+ MULADD(at[26], at[58]);
+ MULADD(at[27], at[57]);
+ MULADD(at[28], at[56]);
+ MULADD(at[29], at[55]);
+ MULADD(at[30], at[54]);
+ MULADD(at[31], at[53]);
+ COMBA_STORE(C->dp[52]);
+ /* 53 */
+ COMBA_FORWARD;
+ MULADD(at[22], at[63]);
+ MULADD(at[23], at[62]);
+ MULADD(at[24], at[61]);
+ MULADD(at[25], at[60]);
+ MULADD(at[26], at[59]);
+ MULADD(at[27], at[58]);
+ MULADD(at[28], at[57]);
+ MULADD(at[29], at[56]);
+ MULADD(at[30], at[55]);
+ MULADD(at[31], at[54]);
+ COMBA_STORE(C->dp[53]);
+ /* 54 */
+ COMBA_FORWARD;
+ MULADD(at[23], at[63]);
+ MULADD(at[24], at[62]);
+ MULADD(at[25], at[61]);
+ MULADD(at[26], at[60]);
+ MULADD(at[27], at[59]);
+ MULADD(at[28], at[58]);
+ MULADD(at[29], at[57]);
+ MULADD(at[30], at[56]);
+ MULADD(at[31], at[55]);
+ COMBA_STORE(C->dp[54]);
+ /* 55 */
+ COMBA_FORWARD;
+ MULADD(at[24], at[63]);
+ MULADD(at[25], at[62]);
+ MULADD(at[26], at[61]);
+ MULADD(at[27], at[60]);
+ MULADD(at[28], at[59]);
+ MULADD(at[29], at[58]);
+ MULADD(at[30], at[57]);
+ MULADD(at[31], at[56]);
+ COMBA_STORE(C->dp[55]);
+ /* 56 */
+ COMBA_FORWARD;
+ MULADD(at[25], at[63]);
+ MULADD(at[26], at[62]);
+ MULADD(at[27], at[61]);
+ MULADD(at[28], at[60]);
+ MULADD(at[29], at[59]);
+ MULADD(at[30], at[58]);
+ MULADD(at[31], at[57]);
+ COMBA_STORE(C->dp[56]);
+ /* 57 */
+ COMBA_FORWARD;
+ MULADD(at[26], at[63]);
+ MULADD(at[27], at[62]);
+ MULADD(at[28], at[61]);
+ MULADD(at[29], at[60]);
+ MULADD(at[30], at[59]);
+ MULADD(at[31], at[58]);
+ COMBA_STORE(C->dp[57]);
+ /* 58 */
+ COMBA_FORWARD;
+ MULADD(at[27], at[63]);
+ MULADD(at[28], at[62]);
+ MULADD(at[29], at[61]);
+ MULADD(at[30], at[60]);
+ MULADD(at[31], at[59]);
+ COMBA_STORE(C->dp[58]);
+ /* 59 */
+ COMBA_FORWARD;
+ MULADD(at[28], at[63]);
+ MULADD(at[29], at[62]);
+ MULADD(at[30], at[61]);
+ MULADD(at[31], at[60]);
+ COMBA_STORE(C->dp[59]);
+ /* 60 */
+ COMBA_FORWARD;
+ MULADD(at[29], at[63]);
+ MULADD(at[30], at[62]);
+ MULADD(at[31], at[61]);
+ COMBA_STORE(C->dp[60]);
+ /* 61 */
+ COMBA_FORWARD;
+ MULADD(at[30], at[63]);
+ MULADD(at[31], at[62]);
+ COMBA_STORE(C->dp[61]);
+ /* 62 */
+ COMBA_FORWARD;
+ MULADD(at[31], at[63]);
+ COMBA_STORE(C->dp[62]);
+ COMBA_STORE2(C->dp[63]);
+ C->used = 64;
+ C->sign = A->sign ^ B->sign;
+ mp_clamp(C);
+ COMBA_FINI;
}
-
-
-void s_mp_sqr_comba_4(const mp_int *A, mp_int *B)
+void
+s_mp_sqr_comba_4(const mp_int *A, mp_int *B)
{
- mp_digit *a, b[8], c0, c1, c2;
-
- a = A->dp;
- COMBA_START;
-
- /* clear carries */
- CLEAR_CARRY;
-
- /* output 0 */
- SQRADD(a[0],a[0]);
- COMBA_STORE(b[0]);
-
- /* output 1 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[1]);
- COMBA_STORE(b[1]);
-
- /* output 2 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[2]); SQRADD(a[1], a[1]);
- COMBA_STORE(b[2]);
-
- /* output 3 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[3]); SQRADD2(a[1], a[2]);
- COMBA_STORE(b[3]);
-
- /* output 4 */
- CARRY_FORWARD;
- SQRADD2(a[1], a[3]); SQRADD(a[2], a[2]);
- COMBA_STORE(b[4]);
-
- /* output 5 */
- CARRY_FORWARD;
- SQRADD2(a[2], a[3]);
- COMBA_STORE(b[5]);
-
- /* output 6 */
- CARRY_FORWARD;
- SQRADD(a[3], a[3]);
- COMBA_STORE(b[6]);
- COMBA_STORE2(b[7]);
- COMBA_FINI;
-
- B->used = 8;
- B->sign = ZPOS;
- memcpy(B->dp, b, 8 * sizeof(mp_digit));
- mp_clamp(B);
+ mp_digit *a, b[8], c0, c1, c2;
+
+ a = A->dp;
+ COMBA_START;
+
+ /* clear carries */
+ CLEAR_CARRY;
+
+ /* output 0 */
+ SQRADD(a[0], a[0]);
+ COMBA_STORE(b[0]);
+
+ /* output 1 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[1]);
+ COMBA_STORE(b[1]);
+
+ /* output 2 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[2]);
+ SQRADD(a[1], a[1]);
+ COMBA_STORE(b[2]);
+
+ /* output 3 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[3]);
+ SQRADD2(a[1], a[2]);
+ COMBA_STORE(b[3]);
+
+ /* output 4 */
+ CARRY_FORWARD;
+ SQRADD2(a[1], a[3]);
+ SQRADD(a[2], a[2]);
+ COMBA_STORE(b[4]);
+
+ /* output 5 */
+ CARRY_FORWARD;
+ SQRADD2(a[2], a[3]);
+ COMBA_STORE(b[5]);
+
+ /* output 6 */
+ CARRY_FORWARD;
+ SQRADD(a[3], a[3]);
+ COMBA_STORE(b[6]);
+ COMBA_STORE2(b[7]);
+ COMBA_FINI;
+
+ B->used = 8;
+ B->sign = ZPOS;
+ memcpy(B->dp, b, 8 * sizeof(mp_digit));
+ mp_clamp(B);
}
-void s_mp_sqr_comba_8(const mp_int *A, mp_int *B)
+void
+s_mp_sqr_comba_8(const mp_int *A, mp_int *B)
{
- mp_digit *a, b[16], c0, c1, c2, sc0, sc1, sc2;
-
- a = A->dp;
- COMBA_START;
-
- /* clear carries */
- CLEAR_CARRY;
-
- /* output 0 */
- SQRADD(a[0],a[0]);
- COMBA_STORE(b[0]);
-
- /* output 1 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[1]);
- COMBA_STORE(b[1]);
-
- /* output 2 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[2]); SQRADD(a[1], a[1]);
- COMBA_STORE(b[2]);
-
- /* output 3 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[3]); SQRADD2(a[1], a[2]);
- COMBA_STORE(b[3]);
-
- /* output 4 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[4]); SQRADD2(a[1], a[3]); SQRADD(a[2], a[2]);
- COMBA_STORE(b[4]);
-
- /* output 5 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB;
- COMBA_STORE(b[5]);
-
- /* output 6 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]);
- COMBA_STORE(b[6]);
-
- /* output 7 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB;
- COMBA_STORE(b[7]);
-
- /* output 8 */
- CARRY_FORWARD;
- SQRADDSC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]);
- COMBA_STORE(b[8]);
-
- /* output 9 */
- CARRY_FORWARD;
- SQRADDSC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB;
- COMBA_STORE(b[9]);
-
- /* output 10 */
- CARRY_FORWARD;
- SQRADD2(a[3], a[7]); SQRADD2(a[4], a[6]); SQRADD(a[5], a[5]);
- COMBA_STORE(b[10]);
-
- /* output 11 */
- CARRY_FORWARD;
- SQRADD2(a[4], a[7]); SQRADD2(a[5], a[6]);
- COMBA_STORE(b[11]);
-
- /* output 12 */
- CARRY_FORWARD;
- SQRADD2(a[5], a[7]); SQRADD(a[6], a[6]);
- COMBA_STORE(b[12]);
-
- /* output 13 */
- CARRY_FORWARD;
- SQRADD2(a[6], a[7]);
- COMBA_STORE(b[13]);
-
- /* output 14 */
- CARRY_FORWARD;
- SQRADD(a[7], a[7]);
- COMBA_STORE(b[14]);
- COMBA_STORE2(b[15]);
- COMBA_FINI;
-
- B->used = 16;
- B->sign = ZPOS;
- memcpy(B->dp, b, 16 * sizeof(mp_digit));
- mp_clamp(B);
+ mp_digit *a, b[16], c0, c1, c2, sc0, sc1, sc2;
+
+ a = A->dp;
+ COMBA_START;
+
+ /* clear carries */
+ CLEAR_CARRY;
+
+ /* output 0 */
+ SQRADD(a[0], a[0]);
+ COMBA_STORE(b[0]);
+
+ /* output 1 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[1]);
+ COMBA_STORE(b[1]);
+
+ /* output 2 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[2]);
+ SQRADD(a[1], a[1]);
+ COMBA_STORE(b[2]);
+
+ /* output 3 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[3]);
+ SQRADD2(a[1], a[2]);
+ COMBA_STORE(b[3]);
+
+ /* output 4 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[4]);
+ SQRADD2(a[1], a[3]);
+ SQRADD(a[2], a[2]);
+ COMBA_STORE(b[4]);
+
+ /* output 5 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[5]);
+ SQRADDAC(a[1], a[4]);
+ SQRADDAC(a[2], a[3]);
+ SQRADDDB;
+ COMBA_STORE(b[5]);
+
+ /* output 6 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[6]);
+ SQRADDAC(a[1], a[5]);
+ SQRADDAC(a[2], a[4]);
+ SQRADDDB;
+ SQRADD(a[3], a[3]);
+ COMBA_STORE(b[6]);
+
+ /* output 7 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[7]);
+ SQRADDAC(a[1], a[6]);
+ SQRADDAC(a[2], a[5]);
+ SQRADDAC(a[3], a[4]);
+ SQRADDDB;
+ COMBA_STORE(b[7]);
+
+ /* output 8 */
+ CARRY_FORWARD;
+ SQRADDSC(a[1], a[7]);
+ SQRADDAC(a[2], a[6]);
+ SQRADDAC(a[3], a[5]);
+ SQRADDDB;
+ SQRADD(a[4], a[4]);
+ COMBA_STORE(b[8]);
+
+ /* output 9 */
+ CARRY_FORWARD;
+ SQRADDSC(a[2], a[7]);
+ SQRADDAC(a[3], a[6]);
+ SQRADDAC(a[4], a[5]);
+ SQRADDDB;
+ COMBA_STORE(b[9]);
+
+ /* output 10 */
+ CARRY_FORWARD;
+ SQRADD2(a[3], a[7]);
+ SQRADD2(a[4], a[6]);
+ SQRADD(a[5], a[5]);
+ COMBA_STORE(b[10]);
+
+ /* output 11 */
+ CARRY_FORWARD;
+ SQRADD2(a[4], a[7]);
+ SQRADD2(a[5], a[6]);
+ COMBA_STORE(b[11]);
+
+ /* output 12 */
+ CARRY_FORWARD;
+ SQRADD2(a[5], a[7]);
+ SQRADD(a[6], a[6]);
+ COMBA_STORE(b[12]);
+
+ /* output 13 */
+ CARRY_FORWARD;
+ SQRADD2(a[6], a[7]);
+ COMBA_STORE(b[13]);
+
+ /* output 14 */
+ CARRY_FORWARD;
+ SQRADD(a[7], a[7]);
+ COMBA_STORE(b[14]);
+ COMBA_STORE2(b[15]);
+ COMBA_FINI;
+
+ B->used = 16;
+ B->sign = ZPOS;
+ memcpy(B->dp, b, 16 * sizeof(mp_digit));
+ mp_clamp(B);
}
-void s_mp_sqr_comba_16(const mp_int *A, mp_int *B)
+void
+s_mp_sqr_comba_16(const mp_int *A, mp_int *B)
{
- mp_digit *a, b[32], c0, c1, c2, sc0, sc1, sc2;
-
- a = A->dp;
- COMBA_START;
-
- /* clear carries */
- CLEAR_CARRY;
-
- /* output 0 */
- SQRADD(a[0],a[0]);
- COMBA_STORE(b[0]);
-
- /* output 1 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[1]);
- COMBA_STORE(b[1]);
-
- /* output 2 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[2]); SQRADD(a[1], a[1]);
- COMBA_STORE(b[2]);
-
- /* output 3 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[3]); SQRADD2(a[1], a[2]);
- COMBA_STORE(b[3]);
-
- /* output 4 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[4]); SQRADD2(a[1], a[3]); SQRADD(a[2], a[2]);
- COMBA_STORE(b[4]);
-
- /* output 5 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB;
- COMBA_STORE(b[5]);
-
- /* output 6 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]);
- COMBA_STORE(b[6]);
-
- /* output 7 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB;
- COMBA_STORE(b[7]);
-
- /* output 8 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[8]); SQRADDAC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]);
- COMBA_STORE(b[8]);
-
- /* output 9 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[9]); SQRADDAC(a[1], a[8]); SQRADDAC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB;
- COMBA_STORE(b[9]);
-
- /* output 10 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[10]); SQRADDAC(a[1], a[9]); SQRADDAC(a[2], a[8]); SQRADDAC(a[3], a[7]); SQRADDAC(a[4], a[6]); SQRADDDB; SQRADD(a[5], a[5]);
- COMBA_STORE(b[10]);
-
- /* output 11 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[11]); SQRADDAC(a[1], a[10]); SQRADDAC(a[2], a[9]); SQRADDAC(a[3], a[8]); SQRADDAC(a[4], a[7]); SQRADDAC(a[5], a[6]); SQRADDDB;
- COMBA_STORE(b[11]);
-
- /* output 12 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[12]); SQRADDAC(a[1], a[11]); SQRADDAC(a[2], a[10]); SQRADDAC(a[3], a[9]); SQRADDAC(a[4], a[8]); SQRADDAC(a[5], a[7]); SQRADDDB; SQRADD(a[6], a[6]);
- COMBA_STORE(b[12]);
-
- /* output 13 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[13]); SQRADDAC(a[1], a[12]); SQRADDAC(a[2], a[11]); SQRADDAC(a[3], a[10]); SQRADDAC(a[4], a[9]); SQRADDAC(a[5], a[8]); SQRADDAC(a[6], a[7]); SQRADDDB;
- COMBA_STORE(b[13]);
-
- /* output 14 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[14]); SQRADDAC(a[1], a[13]); SQRADDAC(a[2], a[12]); SQRADDAC(a[3], a[11]); SQRADDAC(a[4], a[10]); SQRADDAC(a[5], a[9]); SQRADDAC(a[6], a[8]); SQRADDDB; SQRADD(a[7], a[7]);
- COMBA_STORE(b[14]);
-
- /* output 15 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[15]); SQRADDAC(a[1], a[14]); SQRADDAC(a[2], a[13]); SQRADDAC(a[3], a[12]); SQRADDAC(a[4], a[11]); SQRADDAC(a[5], a[10]); SQRADDAC(a[6], a[9]); SQRADDAC(a[7], a[8]); SQRADDDB;
- COMBA_STORE(b[15]);
-
- /* output 16 */
- CARRY_FORWARD;
- SQRADDSC(a[1], a[15]); SQRADDAC(a[2], a[14]); SQRADDAC(a[3], a[13]); SQRADDAC(a[4], a[12]); SQRADDAC(a[5], a[11]); SQRADDAC(a[6], a[10]); SQRADDAC(a[7], a[9]); SQRADDDB; SQRADD(a[8], a[8]);
- COMBA_STORE(b[16]);
-
- /* output 17 */
- CARRY_FORWARD;
- SQRADDSC(a[2], a[15]); SQRADDAC(a[3], a[14]); SQRADDAC(a[4], a[13]); SQRADDAC(a[5], a[12]); SQRADDAC(a[6], a[11]); SQRADDAC(a[7], a[10]); SQRADDAC(a[8], a[9]); SQRADDDB;
- COMBA_STORE(b[17]);
-
- /* output 18 */
- CARRY_FORWARD;
- SQRADDSC(a[3], a[15]); SQRADDAC(a[4], a[14]); SQRADDAC(a[5], a[13]); SQRADDAC(a[6], a[12]); SQRADDAC(a[7], a[11]); SQRADDAC(a[8], a[10]); SQRADDDB; SQRADD(a[9], a[9]);
- COMBA_STORE(b[18]);
-
- /* output 19 */
- CARRY_FORWARD;
- SQRADDSC(a[4], a[15]); SQRADDAC(a[5], a[14]); SQRADDAC(a[6], a[13]); SQRADDAC(a[7], a[12]); SQRADDAC(a[8], a[11]); SQRADDAC(a[9], a[10]); SQRADDDB;
- COMBA_STORE(b[19]);
-
- /* output 20 */
- CARRY_FORWARD;
- SQRADDSC(a[5], a[15]); SQRADDAC(a[6], a[14]); SQRADDAC(a[7], a[13]); SQRADDAC(a[8], a[12]); SQRADDAC(a[9], a[11]); SQRADDDB; SQRADD(a[10], a[10]);
- COMBA_STORE(b[20]);
-
- /* output 21 */
- CARRY_FORWARD;
- SQRADDSC(a[6], a[15]); SQRADDAC(a[7], a[14]); SQRADDAC(a[8], a[13]); SQRADDAC(a[9], a[12]); SQRADDAC(a[10], a[11]); SQRADDDB;
- COMBA_STORE(b[21]);
-
- /* output 22 */
- CARRY_FORWARD;
- SQRADDSC(a[7], a[15]); SQRADDAC(a[8], a[14]); SQRADDAC(a[9], a[13]); SQRADDAC(a[10], a[12]); SQRADDDB; SQRADD(a[11], a[11]);
- COMBA_STORE(b[22]);
-
- /* output 23 */
- CARRY_FORWARD;
- SQRADDSC(a[8], a[15]); SQRADDAC(a[9], a[14]); SQRADDAC(a[10], a[13]); SQRADDAC(a[11], a[12]); SQRADDDB;
- COMBA_STORE(b[23]);
-
- /* output 24 */
- CARRY_FORWARD;
- SQRADDSC(a[9], a[15]); SQRADDAC(a[10], a[14]); SQRADDAC(a[11], a[13]); SQRADDDB; SQRADD(a[12], a[12]);
- COMBA_STORE(b[24]);
-
- /* output 25 */
- CARRY_FORWARD;
- SQRADDSC(a[10], a[15]); SQRADDAC(a[11], a[14]); SQRADDAC(a[12], a[13]); SQRADDDB;
- COMBA_STORE(b[25]);
-
- /* output 26 */
- CARRY_FORWARD;
- SQRADD2(a[11], a[15]); SQRADD2(a[12], a[14]); SQRADD(a[13], a[13]);
- COMBA_STORE(b[26]);
-
- /* output 27 */
- CARRY_FORWARD;
- SQRADD2(a[12], a[15]); SQRADD2(a[13], a[14]);
- COMBA_STORE(b[27]);
-
- /* output 28 */
- CARRY_FORWARD;
- SQRADD2(a[13], a[15]); SQRADD(a[14], a[14]);
- COMBA_STORE(b[28]);
-
- /* output 29 */
- CARRY_FORWARD;
- SQRADD2(a[14], a[15]);
- COMBA_STORE(b[29]);
-
- /* output 30 */
- CARRY_FORWARD;
- SQRADD(a[15], a[15]);
- COMBA_STORE(b[30]);
- COMBA_STORE2(b[31]);
- COMBA_FINI;
-
- B->used = 32;
- B->sign = ZPOS;
- memcpy(B->dp, b, 32 * sizeof(mp_digit));
- mp_clamp(B);
+ mp_digit *a, b[32], c0, c1, c2, sc0, sc1, sc2;
+
+ a = A->dp;
+ COMBA_START;
+
+ /* clear carries */
+ CLEAR_CARRY;
+
+ /* output 0 */
+ SQRADD(a[0], a[0]);
+ COMBA_STORE(b[0]);
+
+ /* output 1 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[1]);
+ COMBA_STORE(b[1]);
+
+ /* output 2 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[2]);
+ SQRADD(a[1], a[1]);
+ COMBA_STORE(b[2]);
+
+ /* output 3 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[3]);
+ SQRADD2(a[1], a[2]);
+ COMBA_STORE(b[3]);
+
+ /* output 4 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[4]);
+ SQRADD2(a[1], a[3]);
+ SQRADD(a[2], a[2]);
+ COMBA_STORE(b[4]);
+
+ /* output 5 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[5]);
+ SQRADDAC(a[1], a[4]);
+ SQRADDAC(a[2], a[3]);
+ SQRADDDB;
+ COMBA_STORE(b[5]);
+
+ /* output 6 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[6]);
+ SQRADDAC(a[1], a[5]);
+ SQRADDAC(a[2], a[4]);
+ SQRADDDB;
+ SQRADD(a[3], a[3]);
+ COMBA_STORE(b[6]);
+
+ /* output 7 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[7]);
+ SQRADDAC(a[1], a[6]);
+ SQRADDAC(a[2], a[5]);
+ SQRADDAC(a[3], a[4]);
+ SQRADDDB;
+ COMBA_STORE(b[7]);
+
+ /* output 8 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[8]);
+ SQRADDAC(a[1], a[7]);
+ SQRADDAC(a[2], a[6]);
+ SQRADDAC(a[3], a[5]);
+ SQRADDDB;
+ SQRADD(a[4], a[4]);
+ COMBA_STORE(b[8]);
+
+ /* output 9 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[9]);
+ SQRADDAC(a[1], a[8]);
+ SQRADDAC(a[2], a[7]);
+ SQRADDAC(a[3], a[6]);
+ SQRADDAC(a[4], a[5]);
+ SQRADDDB;
+ COMBA_STORE(b[9]);
+
+ /* output 10 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[10]);
+ SQRADDAC(a[1], a[9]);
+ SQRADDAC(a[2], a[8]);
+ SQRADDAC(a[3], a[7]);
+ SQRADDAC(a[4], a[6]);
+ SQRADDDB;
+ SQRADD(a[5], a[5]);
+ COMBA_STORE(b[10]);
+
+ /* output 11 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[11]);
+ SQRADDAC(a[1], a[10]);
+ SQRADDAC(a[2], a[9]);
+ SQRADDAC(a[3], a[8]);
+ SQRADDAC(a[4], a[7]);
+ SQRADDAC(a[5], a[6]);
+ SQRADDDB;
+ COMBA_STORE(b[11]);
+
+ /* output 12 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[12]);
+ SQRADDAC(a[1], a[11]);
+ SQRADDAC(a[2], a[10]);
+ SQRADDAC(a[3], a[9]);
+ SQRADDAC(a[4], a[8]);
+ SQRADDAC(a[5], a[7]);
+ SQRADDDB;
+ SQRADD(a[6], a[6]);
+ COMBA_STORE(b[12]);
+
+ /* output 13 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[13]);
+ SQRADDAC(a[1], a[12]);
+ SQRADDAC(a[2], a[11]);
+ SQRADDAC(a[3], a[10]);
+ SQRADDAC(a[4], a[9]);
+ SQRADDAC(a[5], a[8]);
+ SQRADDAC(a[6], a[7]);
+ SQRADDDB;
+ COMBA_STORE(b[13]);
+
+ /* output 14 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[14]);
+ SQRADDAC(a[1], a[13]);
+ SQRADDAC(a[2], a[12]);
+ SQRADDAC(a[3], a[11]);
+ SQRADDAC(a[4], a[10]);
+ SQRADDAC(a[5], a[9]);
+ SQRADDAC(a[6], a[8]);
+ SQRADDDB;
+ SQRADD(a[7], a[7]);
+ COMBA_STORE(b[14]);
+
+ /* output 15 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[15]);
+ SQRADDAC(a[1], a[14]);
+ SQRADDAC(a[2], a[13]);
+ SQRADDAC(a[3], a[12]);
+ SQRADDAC(a[4], a[11]);
+ SQRADDAC(a[5], a[10]);
+ SQRADDAC(a[6], a[9]);
+ SQRADDAC(a[7], a[8]);
+ SQRADDDB;
+ COMBA_STORE(b[15]);
+
+ /* output 16 */
+ CARRY_FORWARD;
+ SQRADDSC(a[1], a[15]);
+ SQRADDAC(a[2], a[14]);
+ SQRADDAC(a[3], a[13]);
+ SQRADDAC(a[4], a[12]);
+ SQRADDAC(a[5], a[11]);
+ SQRADDAC(a[6], a[10]);
+ SQRADDAC(a[7], a[9]);
+ SQRADDDB;
+ SQRADD(a[8], a[8]);
+ COMBA_STORE(b[16]);
+
+ /* output 17 */
+ CARRY_FORWARD;
+ SQRADDSC(a[2], a[15]);
+ SQRADDAC(a[3], a[14]);
+ SQRADDAC(a[4], a[13]);
+ SQRADDAC(a[5], a[12]);
+ SQRADDAC(a[6], a[11]);
+ SQRADDAC(a[7], a[10]);
+ SQRADDAC(a[8], a[9]);
+ SQRADDDB;
+ COMBA_STORE(b[17]);
+
+ /* output 18 */
+ CARRY_FORWARD;
+ SQRADDSC(a[3], a[15]);
+ SQRADDAC(a[4], a[14]);
+ SQRADDAC(a[5], a[13]);
+ SQRADDAC(a[6], a[12]);
+ SQRADDAC(a[7], a[11]);
+ SQRADDAC(a[8], a[10]);
+ SQRADDDB;
+ SQRADD(a[9], a[9]);
+ COMBA_STORE(b[18]);
+
+ /* output 19 */
+ CARRY_FORWARD;
+ SQRADDSC(a[4], a[15]);
+ SQRADDAC(a[5], a[14]);
+ SQRADDAC(a[6], a[13]);
+ SQRADDAC(a[7], a[12]);
+ SQRADDAC(a[8], a[11]);
+ SQRADDAC(a[9], a[10]);
+ SQRADDDB;
+ COMBA_STORE(b[19]);
+
+ /* output 20 */
+ CARRY_FORWARD;
+ SQRADDSC(a[5], a[15]);
+ SQRADDAC(a[6], a[14]);
+ SQRADDAC(a[7], a[13]);
+ SQRADDAC(a[8], a[12]);
+ SQRADDAC(a[9], a[11]);
+ SQRADDDB;
+ SQRADD(a[10], a[10]);
+ COMBA_STORE(b[20]);
+
+ /* output 21 */
+ CARRY_FORWARD;
+ SQRADDSC(a[6], a[15]);
+ SQRADDAC(a[7], a[14]);
+ SQRADDAC(a[8], a[13]);
+ SQRADDAC(a[9], a[12]);
+ SQRADDAC(a[10], a[11]);
+ SQRADDDB;
+ COMBA_STORE(b[21]);
+
+ /* output 22 */
+ CARRY_FORWARD;
+ SQRADDSC(a[7], a[15]);
+ SQRADDAC(a[8], a[14]);
+ SQRADDAC(a[9], a[13]);
+ SQRADDAC(a[10], a[12]);
+ SQRADDDB;
+ SQRADD(a[11], a[11]);
+ COMBA_STORE(b[22]);
+
+ /* output 23 */
+ CARRY_FORWARD;
+ SQRADDSC(a[8], a[15]);
+ SQRADDAC(a[9], a[14]);
+ SQRADDAC(a[10], a[13]);
+ SQRADDAC(a[11], a[12]);
+ SQRADDDB;
+ COMBA_STORE(b[23]);
+
+ /* output 24 */
+ CARRY_FORWARD;
+ SQRADDSC(a[9], a[15]);
+ SQRADDAC(a[10], a[14]);
+ SQRADDAC(a[11], a[13]);
+ SQRADDDB;
+ SQRADD(a[12], a[12]);
+ COMBA_STORE(b[24]);
+
+ /* output 25 */
+ CARRY_FORWARD;
+ SQRADDSC(a[10], a[15]);
+ SQRADDAC(a[11], a[14]);
+ SQRADDAC(a[12], a[13]);
+ SQRADDDB;
+ COMBA_STORE(b[25]);
+
+ /* output 26 */
+ CARRY_FORWARD;
+ SQRADD2(a[11], a[15]);
+ SQRADD2(a[12], a[14]);
+ SQRADD(a[13], a[13]);
+ COMBA_STORE(b[26]);
+
+ /* output 27 */
+ CARRY_FORWARD;
+ SQRADD2(a[12], a[15]);
+ SQRADD2(a[13], a[14]);
+ COMBA_STORE(b[27]);
+
+ /* output 28 */
+ CARRY_FORWARD;
+ SQRADD2(a[13], a[15]);
+ SQRADD(a[14], a[14]);
+ COMBA_STORE(b[28]);
+
+ /* output 29 */
+ CARRY_FORWARD;
+ SQRADD2(a[14], a[15]);
+ COMBA_STORE(b[29]);
+
+ /* output 30 */
+ CARRY_FORWARD;
+ SQRADD(a[15], a[15]);
+ COMBA_STORE(b[30]);
+ COMBA_STORE2(b[31]);
+ COMBA_FINI;
+
+ B->used = 32;
+ B->sign = ZPOS;
+ memcpy(B->dp, b, 32 * sizeof(mp_digit));
+ mp_clamp(B);
}
-
-void s_mp_sqr_comba_32(const mp_int *A, mp_int *B)
+void
+s_mp_sqr_comba_32(const mp_int *A, mp_int *B)
{
- mp_digit *a, b[64], c0, c1, c2, sc0, sc1, sc2;
-
- a = A->dp;
- COMBA_START;
-
- /* clear carries */
- CLEAR_CARRY;
-
- /* output 0 */
- SQRADD(a[0],a[0]);
- COMBA_STORE(b[0]);
-
- /* output 1 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[1]);
- COMBA_STORE(b[1]);
-
- /* output 2 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[2]); SQRADD(a[1], a[1]);
- COMBA_STORE(b[2]);
-
- /* output 3 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[3]); SQRADD2(a[1], a[2]);
- COMBA_STORE(b[3]);
-
- /* output 4 */
- CARRY_FORWARD;
- SQRADD2(a[0], a[4]); SQRADD2(a[1], a[3]); SQRADD(a[2], a[2]);
- COMBA_STORE(b[4]);
-
- /* output 5 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB;
- COMBA_STORE(b[5]);
-
- /* output 6 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]);
- COMBA_STORE(b[6]);
-
- /* output 7 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB;
- COMBA_STORE(b[7]);
-
- /* output 8 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[8]); SQRADDAC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]);
- COMBA_STORE(b[8]);
-
- /* output 9 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[9]); SQRADDAC(a[1], a[8]); SQRADDAC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB;
- COMBA_STORE(b[9]);
-
- /* output 10 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[10]); SQRADDAC(a[1], a[9]); SQRADDAC(a[2], a[8]); SQRADDAC(a[3], a[7]); SQRADDAC(a[4], a[6]); SQRADDDB; SQRADD(a[5], a[5]);
- COMBA_STORE(b[10]);
-
- /* output 11 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[11]); SQRADDAC(a[1], a[10]); SQRADDAC(a[2], a[9]); SQRADDAC(a[3], a[8]); SQRADDAC(a[4], a[7]); SQRADDAC(a[5], a[6]); SQRADDDB;
- COMBA_STORE(b[11]);
-
- /* output 12 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[12]); SQRADDAC(a[1], a[11]); SQRADDAC(a[2], a[10]); SQRADDAC(a[3], a[9]); SQRADDAC(a[4], a[8]); SQRADDAC(a[5], a[7]); SQRADDDB; SQRADD(a[6], a[6]);
- COMBA_STORE(b[12]);
-
- /* output 13 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[13]); SQRADDAC(a[1], a[12]); SQRADDAC(a[2], a[11]); SQRADDAC(a[3], a[10]); SQRADDAC(a[4], a[9]); SQRADDAC(a[5], a[8]); SQRADDAC(a[6], a[7]); SQRADDDB;
- COMBA_STORE(b[13]);
-
- /* output 14 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[14]); SQRADDAC(a[1], a[13]); SQRADDAC(a[2], a[12]); SQRADDAC(a[3], a[11]); SQRADDAC(a[4], a[10]); SQRADDAC(a[5], a[9]); SQRADDAC(a[6], a[8]); SQRADDDB; SQRADD(a[7], a[7]);
- COMBA_STORE(b[14]);
-
- /* output 15 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[15]); SQRADDAC(a[1], a[14]); SQRADDAC(a[2], a[13]); SQRADDAC(a[3], a[12]); SQRADDAC(a[4], a[11]); SQRADDAC(a[5], a[10]); SQRADDAC(a[6], a[9]); SQRADDAC(a[7], a[8]); SQRADDDB;
- COMBA_STORE(b[15]);
-
- /* output 16 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[16]); SQRADDAC(a[1], a[15]); SQRADDAC(a[2], a[14]); SQRADDAC(a[3], a[13]); SQRADDAC(a[4], a[12]); SQRADDAC(a[5], a[11]); SQRADDAC(a[6], a[10]); SQRADDAC(a[7], a[9]); SQRADDDB; SQRADD(a[8], a[8]);
- COMBA_STORE(b[16]);
-
- /* output 17 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[17]); SQRADDAC(a[1], a[16]); SQRADDAC(a[2], a[15]); SQRADDAC(a[3], a[14]); SQRADDAC(a[4], a[13]); SQRADDAC(a[5], a[12]); SQRADDAC(a[6], a[11]); SQRADDAC(a[7], a[10]); SQRADDAC(a[8], a[9]); SQRADDDB;
- COMBA_STORE(b[17]);
-
- /* output 18 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[18]); SQRADDAC(a[1], a[17]); SQRADDAC(a[2], a[16]); SQRADDAC(a[3], a[15]); SQRADDAC(a[4], a[14]); SQRADDAC(a[5], a[13]); SQRADDAC(a[6], a[12]); SQRADDAC(a[7], a[11]); SQRADDAC(a[8], a[10]); SQRADDDB; SQRADD(a[9], a[9]);
- COMBA_STORE(b[18]);
-
- /* output 19 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[19]); SQRADDAC(a[1], a[18]); SQRADDAC(a[2], a[17]); SQRADDAC(a[3], a[16]); SQRADDAC(a[4], a[15]); SQRADDAC(a[5], a[14]); SQRADDAC(a[6], a[13]); SQRADDAC(a[7], a[12]); SQRADDAC(a[8], a[11]); SQRADDAC(a[9], a[10]); SQRADDDB;
- COMBA_STORE(b[19]);
-
- /* output 20 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[20]); SQRADDAC(a[1], a[19]); SQRADDAC(a[2], a[18]); SQRADDAC(a[3], a[17]); SQRADDAC(a[4], a[16]); SQRADDAC(a[5], a[15]); SQRADDAC(a[6], a[14]); SQRADDAC(a[7], a[13]); SQRADDAC(a[8], a[12]); SQRADDAC(a[9], a[11]); SQRADDDB; SQRADD(a[10], a[10]);
- COMBA_STORE(b[20]);
-
- /* output 21 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[21]); SQRADDAC(a[1], a[20]); SQRADDAC(a[2], a[19]); SQRADDAC(a[3], a[18]); SQRADDAC(a[4], a[17]); SQRADDAC(a[5], a[16]); SQRADDAC(a[6], a[15]); SQRADDAC(a[7], a[14]); SQRADDAC(a[8], a[13]); SQRADDAC(a[9], a[12]); SQRADDAC(a[10], a[11]); SQRADDDB;
- COMBA_STORE(b[21]);
-
- /* output 22 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[22]); SQRADDAC(a[1], a[21]); SQRADDAC(a[2], a[20]); SQRADDAC(a[3], a[19]); SQRADDAC(a[4], a[18]); SQRADDAC(a[5], a[17]); SQRADDAC(a[6], a[16]); SQRADDAC(a[7], a[15]); SQRADDAC(a[8], a[14]); SQRADDAC(a[9], a[13]); SQRADDAC(a[10], a[12]); SQRADDDB; SQRADD(a[11], a[11]);
- COMBA_STORE(b[22]);
-
- /* output 23 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[23]); SQRADDAC(a[1], a[22]); SQRADDAC(a[2], a[21]); SQRADDAC(a[3], a[20]); SQRADDAC(a[4], a[19]); SQRADDAC(a[5], a[18]); SQRADDAC(a[6], a[17]); SQRADDAC(a[7], a[16]); SQRADDAC(a[8], a[15]); SQRADDAC(a[9], a[14]); SQRADDAC(a[10], a[13]); SQRADDAC(a[11], a[12]); SQRADDDB;
- COMBA_STORE(b[23]);
-
- /* output 24 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[24]); SQRADDAC(a[1], a[23]); SQRADDAC(a[2], a[22]); SQRADDAC(a[3], a[21]); SQRADDAC(a[4], a[20]); SQRADDAC(a[5], a[19]); SQRADDAC(a[6], a[18]); SQRADDAC(a[7], a[17]); SQRADDAC(a[8], a[16]); SQRADDAC(a[9], a[15]); SQRADDAC(a[10], a[14]); SQRADDAC(a[11], a[13]); SQRADDDB; SQRADD(a[12], a[12]);
- COMBA_STORE(b[24]);
-
- /* output 25 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[25]); SQRADDAC(a[1], a[24]); SQRADDAC(a[2], a[23]); SQRADDAC(a[3], a[22]); SQRADDAC(a[4], a[21]); SQRADDAC(a[5], a[20]); SQRADDAC(a[6], a[19]); SQRADDAC(a[7], a[18]); SQRADDAC(a[8], a[17]); SQRADDAC(a[9], a[16]); SQRADDAC(a[10], a[15]); SQRADDAC(a[11], a[14]); SQRADDAC(a[12], a[13]); SQRADDDB;
- COMBA_STORE(b[25]);
-
- /* output 26 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[26]); SQRADDAC(a[1], a[25]); SQRADDAC(a[2], a[24]); SQRADDAC(a[3], a[23]); SQRADDAC(a[4], a[22]); SQRADDAC(a[5], a[21]); SQRADDAC(a[6], a[20]); SQRADDAC(a[7], a[19]); SQRADDAC(a[8], a[18]); SQRADDAC(a[9], a[17]); SQRADDAC(a[10], a[16]); SQRADDAC(a[11], a[15]); SQRADDAC(a[12], a[14]); SQRADDDB; SQRADD(a[13], a[13]);
- COMBA_STORE(b[26]);
-
- /* output 27 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[27]); SQRADDAC(a[1], a[26]); SQRADDAC(a[2], a[25]); SQRADDAC(a[3], a[24]); SQRADDAC(a[4], a[23]); SQRADDAC(a[5], a[22]); SQRADDAC(a[6], a[21]); SQRADDAC(a[7], a[20]); SQRADDAC(a[8], a[19]); SQRADDAC(a[9], a[18]); SQRADDAC(a[10], a[17]); SQRADDAC(a[11], a[16]); SQRADDAC(a[12], a[15]); SQRADDAC(a[13], a[14]); SQRADDDB;
- COMBA_STORE(b[27]);
-
- /* output 28 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[28]); SQRADDAC(a[1], a[27]); SQRADDAC(a[2], a[26]); SQRADDAC(a[3], a[25]); SQRADDAC(a[4], a[24]); SQRADDAC(a[5], a[23]); SQRADDAC(a[6], a[22]); SQRADDAC(a[7], a[21]); SQRADDAC(a[8], a[20]); SQRADDAC(a[9], a[19]); SQRADDAC(a[10], a[18]); SQRADDAC(a[11], a[17]); SQRADDAC(a[12], a[16]); SQRADDAC(a[13], a[15]); SQRADDDB; SQRADD(a[14], a[14]);
- COMBA_STORE(b[28]);
-
- /* output 29 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[29]); SQRADDAC(a[1], a[28]); SQRADDAC(a[2], a[27]); SQRADDAC(a[3], a[26]); SQRADDAC(a[4], a[25]); SQRADDAC(a[5], a[24]); SQRADDAC(a[6], a[23]); SQRADDAC(a[7], a[22]); SQRADDAC(a[8], a[21]); SQRADDAC(a[9], a[20]); SQRADDAC(a[10], a[19]); SQRADDAC(a[11], a[18]); SQRADDAC(a[12], a[17]); SQRADDAC(a[13], a[16]); SQRADDAC(a[14], a[15]); SQRADDDB;
- COMBA_STORE(b[29]);
-
- /* output 30 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[30]); SQRADDAC(a[1], a[29]); SQRADDAC(a[2], a[28]); SQRADDAC(a[3], a[27]); SQRADDAC(a[4], a[26]); SQRADDAC(a[5], a[25]); SQRADDAC(a[6], a[24]); SQRADDAC(a[7], a[23]); SQRADDAC(a[8], a[22]); SQRADDAC(a[9], a[21]); SQRADDAC(a[10], a[20]); SQRADDAC(a[11], a[19]); SQRADDAC(a[12], a[18]); SQRADDAC(a[13], a[17]); SQRADDAC(a[14], a[16]); SQRADDDB; SQRADD(a[15], a[15]);
- COMBA_STORE(b[30]);
-
- /* output 31 */
- CARRY_FORWARD;
- SQRADDSC(a[0], a[31]); SQRADDAC(a[1], a[30]); SQRADDAC(a[2], a[29]); SQRADDAC(a[3], a[28]); SQRADDAC(a[4], a[27]); SQRADDAC(a[5], a[26]); SQRADDAC(a[6], a[25]); SQRADDAC(a[7], a[24]); SQRADDAC(a[8], a[23]); SQRADDAC(a[9], a[22]); SQRADDAC(a[10], a[21]); SQRADDAC(a[11], a[20]); SQRADDAC(a[12], a[19]); SQRADDAC(a[13], a[18]); SQRADDAC(a[14], a[17]); SQRADDAC(a[15], a[16]); SQRADDDB;
- COMBA_STORE(b[31]);
-
- /* output 32 */
- CARRY_FORWARD;
- SQRADDSC(a[1], a[31]); SQRADDAC(a[2], a[30]); SQRADDAC(a[3], a[29]); SQRADDAC(a[4], a[28]); SQRADDAC(a[5], a[27]); SQRADDAC(a[6], a[26]); SQRADDAC(a[7], a[25]); SQRADDAC(a[8], a[24]); SQRADDAC(a[9], a[23]); SQRADDAC(a[10], a[22]); SQRADDAC(a[11], a[21]); SQRADDAC(a[12], a[20]); SQRADDAC(a[13], a[19]); SQRADDAC(a[14], a[18]); SQRADDAC(a[15], a[17]); SQRADDDB; SQRADD(a[16], a[16]);
- COMBA_STORE(b[32]);
-
- /* output 33 */
- CARRY_FORWARD;
- SQRADDSC(a[2], a[31]); SQRADDAC(a[3], a[30]); SQRADDAC(a[4], a[29]); SQRADDAC(a[5], a[28]); SQRADDAC(a[6], a[27]); SQRADDAC(a[7], a[26]); SQRADDAC(a[8], a[25]); SQRADDAC(a[9], a[24]); SQRADDAC(a[10], a[23]); SQRADDAC(a[11], a[22]); SQRADDAC(a[12], a[21]); SQRADDAC(a[13], a[20]); SQRADDAC(a[14], a[19]); SQRADDAC(a[15], a[18]); SQRADDAC(a[16], a[17]); SQRADDDB;
- COMBA_STORE(b[33]);
-
- /* output 34 */
- CARRY_FORWARD;
- SQRADDSC(a[3], a[31]); SQRADDAC(a[4], a[30]); SQRADDAC(a[5], a[29]); SQRADDAC(a[6], a[28]); SQRADDAC(a[7], a[27]); SQRADDAC(a[8], a[26]); SQRADDAC(a[9], a[25]); SQRADDAC(a[10], a[24]); SQRADDAC(a[11], a[23]); SQRADDAC(a[12], a[22]); SQRADDAC(a[13], a[21]); SQRADDAC(a[14], a[20]); SQRADDAC(a[15], a[19]); SQRADDAC(a[16], a[18]); SQRADDDB; SQRADD(a[17], a[17]);
- COMBA_STORE(b[34]);
-
- /* output 35 */
- CARRY_FORWARD;
- SQRADDSC(a[4], a[31]); SQRADDAC(a[5], a[30]); SQRADDAC(a[6], a[29]); SQRADDAC(a[7], a[28]); SQRADDAC(a[8], a[27]); SQRADDAC(a[9], a[26]); SQRADDAC(a[10], a[25]); SQRADDAC(a[11], a[24]); SQRADDAC(a[12], a[23]); SQRADDAC(a[13], a[22]); SQRADDAC(a[14], a[21]); SQRADDAC(a[15], a[20]); SQRADDAC(a[16], a[19]); SQRADDAC(a[17], a[18]); SQRADDDB;
- COMBA_STORE(b[35]);
-
- /* output 36 */
- CARRY_FORWARD;
- SQRADDSC(a[5], a[31]); SQRADDAC(a[6], a[30]); SQRADDAC(a[7], a[29]); SQRADDAC(a[8], a[28]); SQRADDAC(a[9], a[27]); SQRADDAC(a[10], a[26]); SQRADDAC(a[11], a[25]); SQRADDAC(a[12], a[24]); SQRADDAC(a[13], a[23]); SQRADDAC(a[14], a[22]); SQRADDAC(a[15], a[21]); SQRADDAC(a[16], a[20]); SQRADDAC(a[17], a[19]); SQRADDDB; SQRADD(a[18], a[18]);
- COMBA_STORE(b[36]);
-
- /* output 37 */
- CARRY_FORWARD;
- SQRADDSC(a[6], a[31]); SQRADDAC(a[7], a[30]); SQRADDAC(a[8], a[29]); SQRADDAC(a[9], a[28]); SQRADDAC(a[10], a[27]); SQRADDAC(a[11], a[26]); SQRADDAC(a[12], a[25]); SQRADDAC(a[13], a[24]); SQRADDAC(a[14], a[23]); SQRADDAC(a[15], a[22]); SQRADDAC(a[16], a[21]); SQRADDAC(a[17], a[20]); SQRADDAC(a[18], a[19]); SQRADDDB;
- COMBA_STORE(b[37]);
-
- /* output 38 */
- CARRY_FORWARD;
- SQRADDSC(a[7], a[31]); SQRADDAC(a[8], a[30]); SQRADDAC(a[9], a[29]); SQRADDAC(a[10], a[28]); SQRADDAC(a[11], a[27]); SQRADDAC(a[12], a[26]); SQRADDAC(a[13], a[25]); SQRADDAC(a[14], a[24]); SQRADDAC(a[15], a[23]); SQRADDAC(a[16], a[22]); SQRADDAC(a[17], a[21]); SQRADDAC(a[18], a[20]); SQRADDDB; SQRADD(a[19], a[19]);
- COMBA_STORE(b[38]);
-
- /* output 39 */
- CARRY_FORWARD;
- SQRADDSC(a[8], a[31]); SQRADDAC(a[9], a[30]); SQRADDAC(a[10], a[29]); SQRADDAC(a[11], a[28]); SQRADDAC(a[12], a[27]); SQRADDAC(a[13], a[26]); SQRADDAC(a[14], a[25]); SQRADDAC(a[15], a[24]); SQRADDAC(a[16], a[23]); SQRADDAC(a[17], a[22]); SQRADDAC(a[18], a[21]); SQRADDAC(a[19], a[20]); SQRADDDB;
- COMBA_STORE(b[39]);
-
- /* output 40 */
- CARRY_FORWARD;
- SQRADDSC(a[9], a[31]); SQRADDAC(a[10], a[30]); SQRADDAC(a[11], a[29]); SQRADDAC(a[12], a[28]); SQRADDAC(a[13], a[27]); SQRADDAC(a[14], a[26]); SQRADDAC(a[15], a[25]); SQRADDAC(a[16], a[24]); SQRADDAC(a[17], a[23]); SQRADDAC(a[18], a[22]); SQRADDAC(a[19], a[21]); SQRADDDB; SQRADD(a[20], a[20]);
- COMBA_STORE(b[40]);
-
- /* output 41 */
- CARRY_FORWARD;
- SQRADDSC(a[10], a[31]); SQRADDAC(a[11], a[30]); SQRADDAC(a[12], a[29]); SQRADDAC(a[13], a[28]); SQRADDAC(a[14], a[27]); SQRADDAC(a[15], a[26]); SQRADDAC(a[16], a[25]); SQRADDAC(a[17], a[24]); SQRADDAC(a[18], a[23]); SQRADDAC(a[19], a[22]); SQRADDAC(a[20], a[21]); SQRADDDB;
- COMBA_STORE(b[41]);
-
- /* output 42 */
- CARRY_FORWARD;
- SQRADDSC(a[11], a[31]); SQRADDAC(a[12], a[30]); SQRADDAC(a[13], a[29]); SQRADDAC(a[14], a[28]); SQRADDAC(a[15], a[27]); SQRADDAC(a[16], a[26]); SQRADDAC(a[17], a[25]); SQRADDAC(a[18], a[24]); SQRADDAC(a[19], a[23]); SQRADDAC(a[20], a[22]); SQRADDDB; SQRADD(a[21], a[21]);
- COMBA_STORE(b[42]);
-
- /* output 43 */
- CARRY_FORWARD;
- SQRADDSC(a[12], a[31]); SQRADDAC(a[13], a[30]); SQRADDAC(a[14], a[29]); SQRADDAC(a[15], a[28]); SQRADDAC(a[16], a[27]); SQRADDAC(a[17], a[26]); SQRADDAC(a[18], a[25]); SQRADDAC(a[19], a[24]); SQRADDAC(a[20], a[23]); SQRADDAC(a[21], a[22]); SQRADDDB;
- COMBA_STORE(b[43]);
-
- /* output 44 */
- CARRY_FORWARD;
- SQRADDSC(a[13], a[31]); SQRADDAC(a[14], a[30]); SQRADDAC(a[15], a[29]); SQRADDAC(a[16], a[28]); SQRADDAC(a[17], a[27]); SQRADDAC(a[18], a[26]); SQRADDAC(a[19], a[25]); SQRADDAC(a[20], a[24]); SQRADDAC(a[21], a[23]); SQRADDDB; SQRADD(a[22], a[22]);
- COMBA_STORE(b[44]);
-
- /* output 45 */
- CARRY_FORWARD;
- SQRADDSC(a[14], a[31]); SQRADDAC(a[15], a[30]); SQRADDAC(a[16], a[29]); SQRADDAC(a[17], a[28]); SQRADDAC(a[18], a[27]); SQRADDAC(a[19], a[26]); SQRADDAC(a[20], a[25]); SQRADDAC(a[21], a[24]); SQRADDAC(a[22], a[23]); SQRADDDB;
- COMBA_STORE(b[45]);
-
- /* output 46 */
- CARRY_FORWARD;
- SQRADDSC(a[15], a[31]); SQRADDAC(a[16], a[30]); SQRADDAC(a[17], a[29]); SQRADDAC(a[18], a[28]); SQRADDAC(a[19], a[27]); SQRADDAC(a[20], a[26]); SQRADDAC(a[21], a[25]); SQRADDAC(a[22], a[24]); SQRADDDB; SQRADD(a[23], a[23]);
- COMBA_STORE(b[46]);
-
- /* output 47 */
- CARRY_FORWARD;
- SQRADDSC(a[16], a[31]); SQRADDAC(a[17], a[30]); SQRADDAC(a[18], a[29]); SQRADDAC(a[19], a[28]); SQRADDAC(a[20], a[27]); SQRADDAC(a[21], a[26]); SQRADDAC(a[22], a[25]); SQRADDAC(a[23], a[24]); SQRADDDB;
- COMBA_STORE(b[47]);
-
- /* output 48 */
- CARRY_FORWARD;
- SQRADDSC(a[17], a[31]); SQRADDAC(a[18], a[30]); SQRADDAC(a[19], a[29]); SQRADDAC(a[20], a[28]); SQRADDAC(a[21], a[27]); SQRADDAC(a[22], a[26]); SQRADDAC(a[23], a[25]); SQRADDDB; SQRADD(a[24], a[24]);
- COMBA_STORE(b[48]);
-
- /* output 49 */
- CARRY_FORWARD;
- SQRADDSC(a[18], a[31]); SQRADDAC(a[19], a[30]); SQRADDAC(a[20], a[29]); SQRADDAC(a[21], a[28]); SQRADDAC(a[22], a[27]); SQRADDAC(a[23], a[26]); SQRADDAC(a[24], a[25]); SQRADDDB;
- COMBA_STORE(b[49]);
-
- /* output 50 */
- CARRY_FORWARD;
- SQRADDSC(a[19], a[31]); SQRADDAC(a[20], a[30]); SQRADDAC(a[21], a[29]); SQRADDAC(a[22], a[28]); SQRADDAC(a[23], a[27]); SQRADDAC(a[24], a[26]); SQRADDDB; SQRADD(a[25], a[25]);
- COMBA_STORE(b[50]);
-
- /* output 51 */
- CARRY_FORWARD;
- SQRADDSC(a[20], a[31]); SQRADDAC(a[21], a[30]); SQRADDAC(a[22], a[29]); SQRADDAC(a[23], a[28]); SQRADDAC(a[24], a[27]); SQRADDAC(a[25], a[26]); SQRADDDB;
- COMBA_STORE(b[51]);
-
- /* output 52 */
- CARRY_FORWARD;
- SQRADDSC(a[21], a[31]); SQRADDAC(a[22], a[30]); SQRADDAC(a[23], a[29]); SQRADDAC(a[24], a[28]); SQRADDAC(a[25], a[27]); SQRADDDB; SQRADD(a[26], a[26]);
- COMBA_STORE(b[52]);
-
- /* output 53 */
- CARRY_FORWARD;
- SQRADDSC(a[22], a[31]); SQRADDAC(a[23], a[30]); SQRADDAC(a[24], a[29]); SQRADDAC(a[25], a[28]); SQRADDAC(a[26], a[27]); SQRADDDB;
- COMBA_STORE(b[53]);
-
- /* output 54 */
- CARRY_FORWARD;
- SQRADDSC(a[23], a[31]); SQRADDAC(a[24], a[30]); SQRADDAC(a[25], a[29]); SQRADDAC(a[26], a[28]); SQRADDDB; SQRADD(a[27], a[27]);
- COMBA_STORE(b[54]);
-
- /* output 55 */
- CARRY_FORWARD;
- SQRADDSC(a[24], a[31]); SQRADDAC(a[25], a[30]); SQRADDAC(a[26], a[29]); SQRADDAC(a[27], a[28]); SQRADDDB;
- COMBA_STORE(b[55]);
-
- /* output 56 */
- CARRY_FORWARD;
- SQRADDSC(a[25], a[31]); SQRADDAC(a[26], a[30]); SQRADDAC(a[27], a[29]); SQRADDDB; SQRADD(a[28], a[28]);
- COMBA_STORE(b[56]);
-
- /* output 57 */
- CARRY_FORWARD;
- SQRADDSC(a[26], a[31]); SQRADDAC(a[27], a[30]); SQRADDAC(a[28], a[29]); SQRADDDB;
- COMBA_STORE(b[57]);
-
- /* output 58 */
- CARRY_FORWARD;
- SQRADD2(a[27], a[31]); SQRADD2(a[28], a[30]); SQRADD(a[29], a[29]);
- COMBA_STORE(b[58]);
-
- /* output 59 */
- CARRY_FORWARD;
- SQRADD2(a[28], a[31]); SQRADD2(a[29], a[30]);
- COMBA_STORE(b[59]);
-
- /* output 60 */
- CARRY_FORWARD;
- SQRADD2(a[29], a[31]); SQRADD(a[30], a[30]);
- COMBA_STORE(b[60]);
-
- /* output 61 */
- CARRY_FORWARD;
- SQRADD2(a[30], a[31]);
- COMBA_STORE(b[61]);
-
- /* output 62 */
- CARRY_FORWARD;
- SQRADD(a[31], a[31]);
- COMBA_STORE(b[62]);
- COMBA_STORE2(b[63]);
- COMBA_FINI;
-
- B->used = 64;
- B->sign = ZPOS;
- memcpy(B->dp, b, 64 * sizeof(mp_digit));
- mp_clamp(B);
+ mp_digit *a, b[64], c0, c1, c2, sc0, sc1, sc2;
+
+ a = A->dp;
+ COMBA_START;
+
+ /* clear carries */
+ CLEAR_CARRY;
+
+ /* output 0 */
+ SQRADD(a[0], a[0]);
+ COMBA_STORE(b[0]);
+
+ /* output 1 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[1]);
+ COMBA_STORE(b[1]);
+
+ /* output 2 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[2]);
+ SQRADD(a[1], a[1]);
+ COMBA_STORE(b[2]);
+
+ /* output 3 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[3]);
+ SQRADD2(a[1], a[2]);
+ COMBA_STORE(b[3]);
+
+ /* output 4 */
+ CARRY_FORWARD;
+ SQRADD2(a[0], a[4]);
+ SQRADD2(a[1], a[3]);
+ SQRADD(a[2], a[2]);
+ COMBA_STORE(b[4]);
+
+ /* output 5 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[5]);
+ SQRADDAC(a[1], a[4]);
+ SQRADDAC(a[2], a[3]);
+ SQRADDDB;
+ COMBA_STORE(b[5]);
+
+ /* output 6 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[6]);
+ SQRADDAC(a[1], a[5]);
+ SQRADDAC(a[2], a[4]);
+ SQRADDDB;
+ SQRADD(a[3], a[3]);
+ COMBA_STORE(b[6]);
+
+ /* output 7 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[7]);
+ SQRADDAC(a[1], a[6]);
+ SQRADDAC(a[2], a[5]);
+ SQRADDAC(a[3], a[4]);
+ SQRADDDB;
+ COMBA_STORE(b[7]);
+
+ /* output 8 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[8]);
+ SQRADDAC(a[1], a[7]);
+ SQRADDAC(a[2], a[6]);
+ SQRADDAC(a[3], a[5]);
+ SQRADDDB;
+ SQRADD(a[4], a[4]);
+ COMBA_STORE(b[8]);
+
+ /* output 9 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[9]);
+ SQRADDAC(a[1], a[8]);
+ SQRADDAC(a[2], a[7]);
+ SQRADDAC(a[3], a[6]);
+ SQRADDAC(a[4], a[5]);
+ SQRADDDB;
+ COMBA_STORE(b[9]);
+
+ /* output 10 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[10]);
+ SQRADDAC(a[1], a[9]);
+ SQRADDAC(a[2], a[8]);
+ SQRADDAC(a[3], a[7]);
+ SQRADDAC(a[4], a[6]);
+ SQRADDDB;
+ SQRADD(a[5], a[5]);
+ COMBA_STORE(b[10]);
+
+ /* output 11 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[11]);
+ SQRADDAC(a[1], a[10]);
+ SQRADDAC(a[2], a[9]);
+ SQRADDAC(a[3], a[8]);
+ SQRADDAC(a[4], a[7]);
+ SQRADDAC(a[5], a[6]);
+ SQRADDDB;
+ COMBA_STORE(b[11]);
+
+ /* output 12 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[12]);
+ SQRADDAC(a[1], a[11]);
+ SQRADDAC(a[2], a[10]);
+ SQRADDAC(a[3], a[9]);
+ SQRADDAC(a[4], a[8]);
+ SQRADDAC(a[5], a[7]);
+ SQRADDDB;
+ SQRADD(a[6], a[6]);
+ COMBA_STORE(b[12]);
+
+ /* output 13 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[13]);
+ SQRADDAC(a[1], a[12]);
+ SQRADDAC(a[2], a[11]);
+ SQRADDAC(a[3], a[10]);
+ SQRADDAC(a[4], a[9]);
+ SQRADDAC(a[5], a[8]);
+ SQRADDAC(a[6], a[7]);
+ SQRADDDB;
+ COMBA_STORE(b[13]);
+
+ /* output 14 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[14]);
+ SQRADDAC(a[1], a[13]);
+ SQRADDAC(a[2], a[12]);
+ SQRADDAC(a[3], a[11]);
+ SQRADDAC(a[4], a[10]);
+ SQRADDAC(a[5], a[9]);
+ SQRADDAC(a[6], a[8]);
+ SQRADDDB;
+ SQRADD(a[7], a[7]);
+ COMBA_STORE(b[14]);
+
+ /* output 15 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[15]);
+ SQRADDAC(a[1], a[14]);
+ SQRADDAC(a[2], a[13]);
+ SQRADDAC(a[3], a[12]);
+ SQRADDAC(a[4], a[11]);
+ SQRADDAC(a[5], a[10]);
+ SQRADDAC(a[6], a[9]);
+ SQRADDAC(a[7], a[8]);
+ SQRADDDB;
+ COMBA_STORE(b[15]);
+
+ /* output 16 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[16]);
+ SQRADDAC(a[1], a[15]);
+ SQRADDAC(a[2], a[14]);
+ SQRADDAC(a[3], a[13]);
+ SQRADDAC(a[4], a[12]);
+ SQRADDAC(a[5], a[11]);
+ SQRADDAC(a[6], a[10]);
+ SQRADDAC(a[7], a[9]);
+ SQRADDDB;
+ SQRADD(a[8], a[8]);
+ COMBA_STORE(b[16]);
+
+ /* output 17 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[17]);
+ SQRADDAC(a[1], a[16]);
+ SQRADDAC(a[2], a[15]);
+ SQRADDAC(a[3], a[14]);
+ SQRADDAC(a[4], a[13]);
+ SQRADDAC(a[5], a[12]);
+ SQRADDAC(a[6], a[11]);
+ SQRADDAC(a[7], a[10]);
+ SQRADDAC(a[8], a[9]);
+ SQRADDDB;
+ COMBA_STORE(b[17]);
+
+ /* output 18 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[18]);
+ SQRADDAC(a[1], a[17]);
+ SQRADDAC(a[2], a[16]);
+ SQRADDAC(a[3], a[15]);
+ SQRADDAC(a[4], a[14]);
+ SQRADDAC(a[5], a[13]);
+ SQRADDAC(a[6], a[12]);
+ SQRADDAC(a[7], a[11]);
+ SQRADDAC(a[8], a[10]);
+ SQRADDDB;
+ SQRADD(a[9], a[9]);
+ COMBA_STORE(b[18]);
+
+ /* output 19 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[19]);
+ SQRADDAC(a[1], a[18]);
+ SQRADDAC(a[2], a[17]);
+ SQRADDAC(a[3], a[16]);
+ SQRADDAC(a[4], a[15]);
+ SQRADDAC(a[5], a[14]);
+ SQRADDAC(a[6], a[13]);
+ SQRADDAC(a[7], a[12]);
+ SQRADDAC(a[8], a[11]);
+ SQRADDAC(a[9], a[10]);
+ SQRADDDB;
+ COMBA_STORE(b[19]);
+
+ /* output 20 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[20]);
+ SQRADDAC(a[1], a[19]);
+ SQRADDAC(a[2], a[18]);
+ SQRADDAC(a[3], a[17]);
+ SQRADDAC(a[4], a[16]);
+ SQRADDAC(a[5], a[15]);
+ SQRADDAC(a[6], a[14]);
+ SQRADDAC(a[7], a[13]);
+ SQRADDAC(a[8], a[12]);
+ SQRADDAC(a[9], a[11]);
+ SQRADDDB;
+ SQRADD(a[10], a[10]);
+ COMBA_STORE(b[20]);
+
+ /* output 21 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[21]);
+ SQRADDAC(a[1], a[20]);
+ SQRADDAC(a[2], a[19]);
+ SQRADDAC(a[3], a[18]);
+ SQRADDAC(a[4], a[17]);
+ SQRADDAC(a[5], a[16]);
+ SQRADDAC(a[6], a[15]);
+ SQRADDAC(a[7], a[14]);
+ SQRADDAC(a[8], a[13]);
+ SQRADDAC(a[9], a[12]);
+ SQRADDAC(a[10], a[11]);
+ SQRADDDB;
+ COMBA_STORE(b[21]);
+
+ /* output 22 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[22]);
+ SQRADDAC(a[1], a[21]);
+ SQRADDAC(a[2], a[20]);
+ SQRADDAC(a[3], a[19]);
+ SQRADDAC(a[4], a[18]);
+ SQRADDAC(a[5], a[17]);
+ SQRADDAC(a[6], a[16]);
+ SQRADDAC(a[7], a[15]);
+ SQRADDAC(a[8], a[14]);
+ SQRADDAC(a[9], a[13]);
+ SQRADDAC(a[10], a[12]);
+ SQRADDDB;
+ SQRADD(a[11], a[11]);
+ COMBA_STORE(b[22]);
+
+ /* output 23 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[23]);
+ SQRADDAC(a[1], a[22]);
+ SQRADDAC(a[2], a[21]);
+ SQRADDAC(a[3], a[20]);
+ SQRADDAC(a[4], a[19]);
+ SQRADDAC(a[5], a[18]);
+ SQRADDAC(a[6], a[17]);
+ SQRADDAC(a[7], a[16]);
+ SQRADDAC(a[8], a[15]);
+ SQRADDAC(a[9], a[14]);
+ SQRADDAC(a[10], a[13]);
+ SQRADDAC(a[11], a[12]);
+ SQRADDDB;
+ COMBA_STORE(b[23]);
+
+ /* output 24 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[24]);
+ SQRADDAC(a[1], a[23]);
+ SQRADDAC(a[2], a[22]);
+ SQRADDAC(a[3], a[21]);
+ SQRADDAC(a[4], a[20]);
+ SQRADDAC(a[5], a[19]);
+ SQRADDAC(a[6], a[18]);
+ SQRADDAC(a[7], a[17]);
+ SQRADDAC(a[8], a[16]);
+ SQRADDAC(a[9], a[15]);
+ SQRADDAC(a[10], a[14]);
+ SQRADDAC(a[11], a[13]);
+ SQRADDDB;
+ SQRADD(a[12], a[12]);
+ COMBA_STORE(b[24]);
+
+ /* output 25 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[25]);
+ SQRADDAC(a[1], a[24]);
+ SQRADDAC(a[2], a[23]);
+ SQRADDAC(a[3], a[22]);
+ SQRADDAC(a[4], a[21]);
+ SQRADDAC(a[5], a[20]);
+ SQRADDAC(a[6], a[19]);
+ SQRADDAC(a[7], a[18]);
+ SQRADDAC(a[8], a[17]);
+ SQRADDAC(a[9], a[16]);
+ SQRADDAC(a[10], a[15]);
+ SQRADDAC(a[11], a[14]);
+ SQRADDAC(a[12], a[13]);
+ SQRADDDB;
+ COMBA_STORE(b[25]);
+
+ /* output 26 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[26]);
+ SQRADDAC(a[1], a[25]);
+ SQRADDAC(a[2], a[24]);
+ SQRADDAC(a[3], a[23]);
+ SQRADDAC(a[4], a[22]);
+ SQRADDAC(a[5], a[21]);
+ SQRADDAC(a[6], a[20]);
+ SQRADDAC(a[7], a[19]);
+ SQRADDAC(a[8], a[18]);
+ SQRADDAC(a[9], a[17]);
+ SQRADDAC(a[10], a[16]);
+ SQRADDAC(a[11], a[15]);
+ SQRADDAC(a[12], a[14]);
+ SQRADDDB;
+ SQRADD(a[13], a[13]);
+ COMBA_STORE(b[26]);
+
+ /* output 27 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[27]);
+ SQRADDAC(a[1], a[26]);
+ SQRADDAC(a[2], a[25]);
+ SQRADDAC(a[3], a[24]);
+ SQRADDAC(a[4], a[23]);
+ SQRADDAC(a[5], a[22]);
+ SQRADDAC(a[6], a[21]);
+ SQRADDAC(a[7], a[20]);
+ SQRADDAC(a[8], a[19]);
+ SQRADDAC(a[9], a[18]);
+ SQRADDAC(a[10], a[17]);
+ SQRADDAC(a[11], a[16]);
+ SQRADDAC(a[12], a[15]);
+ SQRADDAC(a[13], a[14]);
+ SQRADDDB;
+ COMBA_STORE(b[27]);
+
+ /* output 28 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[28]);
+ SQRADDAC(a[1], a[27]);
+ SQRADDAC(a[2], a[26]);
+ SQRADDAC(a[3], a[25]);
+ SQRADDAC(a[4], a[24]);
+ SQRADDAC(a[5], a[23]);
+ SQRADDAC(a[6], a[22]);
+ SQRADDAC(a[7], a[21]);
+ SQRADDAC(a[8], a[20]);
+ SQRADDAC(a[9], a[19]);
+ SQRADDAC(a[10], a[18]);
+ SQRADDAC(a[11], a[17]);
+ SQRADDAC(a[12], a[16]);
+ SQRADDAC(a[13], a[15]);
+ SQRADDDB;
+ SQRADD(a[14], a[14]);
+ COMBA_STORE(b[28]);
+
+ /* output 29 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[29]);
+ SQRADDAC(a[1], a[28]);
+ SQRADDAC(a[2], a[27]);
+ SQRADDAC(a[3], a[26]);
+ SQRADDAC(a[4], a[25]);
+ SQRADDAC(a[5], a[24]);
+ SQRADDAC(a[6], a[23]);
+ SQRADDAC(a[7], a[22]);
+ SQRADDAC(a[8], a[21]);
+ SQRADDAC(a[9], a[20]);
+ SQRADDAC(a[10], a[19]);
+ SQRADDAC(a[11], a[18]);
+ SQRADDAC(a[12], a[17]);
+ SQRADDAC(a[13], a[16]);
+ SQRADDAC(a[14], a[15]);
+ SQRADDDB;
+ COMBA_STORE(b[29]);
+
+ /* output 30 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[30]);
+ SQRADDAC(a[1], a[29]);
+ SQRADDAC(a[2], a[28]);
+ SQRADDAC(a[3], a[27]);
+ SQRADDAC(a[4], a[26]);
+ SQRADDAC(a[5], a[25]);
+ SQRADDAC(a[6], a[24]);
+ SQRADDAC(a[7], a[23]);
+ SQRADDAC(a[8], a[22]);
+ SQRADDAC(a[9], a[21]);
+ SQRADDAC(a[10], a[20]);
+ SQRADDAC(a[11], a[19]);
+ SQRADDAC(a[12], a[18]);
+ SQRADDAC(a[13], a[17]);
+ SQRADDAC(a[14], a[16]);
+ SQRADDDB;
+ SQRADD(a[15], a[15]);
+ COMBA_STORE(b[30]);
+
+ /* output 31 */
+ CARRY_FORWARD;
+ SQRADDSC(a[0], a[31]);
+ SQRADDAC(a[1], a[30]);
+ SQRADDAC(a[2], a[29]);
+ SQRADDAC(a[3], a[28]);
+ SQRADDAC(a[4], a[27]);
+ SQRADDAC(a[5], a[26]);
+ SQRADDAC(a[6], a[25]);
+ SQRADDAC(a[7], a[24]);
+ SQRADDAC(a[8], a[23]);
+ SQRADDAC(a[9], a[22]);
+ SQRADDAC(a[10], a[21]);
+ SQRADDAC(a[11], a[20]);
+ SQRADDAC(a[12], a[19]);
+ SQRADDAC(a[13], a[18]);
+ SQRADDAC(a[14], a[17]);
+ SQRADDAC(a[15], a[16]);
+ SQRADDDB;
+ COMBA_STORE(b[31]);
+
+ /* output 32 */
+ CARRY_FORWARD;
+ SQRADDSC(a[1], a[31]);
+ SQRADDAC(a[2], a[30]);
+ SQRADDAC(a[3], a[29]);
+ SQRADDAC(a[4], a[28]);
+ SQRADDAC(a[5], a[27]);
+ SQRADDAC(a[6], a[26]);
+ SQRADDAC(a[7], a[25]);
+ SQRADDAC(a[8], a[24]);
+ SQRADDAC(a[9], a[23]);
+ SQRADDAC(a[10], a[22]);
+ SQRADDAC(a[11], a[21]);
+ SQRADDAC(a[12], a[20]);
+ SQRADDAC(a[13], a[19]);
+ SQRADDAC(a[14], a[18]);
+ SQRADDAC(a[15], a[17]);
+ SQRADDDB;
+ SQRADD(a[16], a[16]);
+ COMBA_STORE(b[32]);
+
+ /* output 33 */
+ CARRY_FORWARD;
+ SQRADDSC(a[2], a[31]);
+ SQRADDAC(a[3], a[30]);
+ SQRADDAC(a[4], a[29]);
+ SQRADDAC(a[5], a[28]);
+ SQRADDAC(a[6], a[27]);
+ SQRADDAC(a[7], a[26]);
+ SQRADDAC(a[8], a[25]);
+ SQRADDAC(a[9], a[24]);
+ SQRADDAC(a[10], a[23]);
+ SQRADDAC(a[11], a[22]);
+ SQRADDAC(a[12], a[21]);
+ SQRADDAC(a[13], a[20]);
+ SQRADDAC(a[14], a[19]);
+ SQRADDAC(a[15], a[18]);
+ SQRADDAC(a[16], a[17]);
+ SQRADDDB;
+ COMBA_STORE(b[33]);
+
+ /* output 34 */
+ CARRY_FORWARD;
+ SQRADDSC(a[3], a[31]);
+ SQRADDAC(a[4], a[30]);
+ SQRADDAC(a[5], a[29]);
+ SQRADDAC(a[6], a[28]);
+ SQRADDAC(a[7], a[27]);
+ SQRADDAC(a[8], a[26]);
+ SQRADDAC(a[9], a[25]);
+ SQRADDAC(a[10], a[24]);
+ SQRADDAC(a[11], a[23]);
+ SQRADDAC(a[12], a[22]);
+ SQRADDAC(a[13], a[21]);
+ SQRADDAC(a[14], a[20]);
+ SQRADDAC(a[15], a[19]);
+ SQRADDAC(a[16], a[18]);
+ SQRADDDB;
+ SQRADD(a[17], a[17]);
+ COMBA_STORE(b[34]);
+
+ /* output 35 */
+ CARRY_FORWARD;
+ SQRADDSC(a[4], a[31]);
+ SQRADDAC(a[5], a[30]);
+ SQRADDAC(a[6], a[29]);
+ SQRADDAC(a[7], a[28]);
+ SQRADDAC(a[8], a[27]);
+ SQRADDAC(a[9], a[26]);
+ SQRADDAC(a[10], a[25]);
+ SQRADDAC(a[11], a[24]);
+ SQRADDAC(a[12], a[23]);
+ SQRADDAC(a[13], a[22]);
+ SQRADDAC(a[14], a[21]);
+ SQRADDAC(a[15], a[20]);
+ SQRADDAC(a[16], a[19]);
+ SQRADDAC(a[17], a[18]);
+ SQRADDDB;
+ COMBA_STORE(b[35]);
+
+ /* output 36 */
+ CARRY_FORWARD;
+ SQRADDSC(a[5], a[31]);
+ SQRADDAC(a[6], a[30]);
+ SQRADDAC(a[7], a[29]);
+ SQRADDAC(a[8], a[28]);
+ SQRADDAC(a[9], a[27]);
+ SQRADDAC(a[10], a[26]);
+ SQRADDAC(a[11], a[25]);
+ SQRADDAC(a[12], a[24]);
+ SQRADDAC(a[13], a[23]);
+ SQRADDAC(a[14], a[22]);
+ SQRADDAC(a[15], a[21]);
+ SQRADDAC(a[16], a[20]);
+ SQRADDAC(a[17], a[19]);
+ SQRADDDB;
+ SQRADD(a[18], a[18]);
+ COMBA_STORE(b[36]);
+
+ /* output 37 */
+ CARRY_FORWARD;
+ SQRADDSC(a[6], a[31]);
+ SQRADDAC(a[7], a[30]);
+ SQRADDAC(a[8], a[29]);
+ SQRADDAC(a[9], a[28]);
+ SQRADDAC(a[10], a[27]);
+ SQRADDAC(a[11], a[26]);
+ SQRADDAC(a[12], a[25]);
+ SQRADDAC(a[13], a[24]);
+ SQRADDAC(a[14], a[23]);
+ SQRADDAC(a[15], a[22]);
+ SQRADDAC(a[16], a[21]);
+ SQRADDAC(a[17], a[20]);
+ SQRADDAC(a[18], a[19]);
+ SQRADDDB;
+ COMBA_STORE(b[37]);
+
+ /* output 38 */
+ CARRY_FORWARD;
+ SQRADDSC(a[7], a[31]);
+ SQRADDAC(a[8], a[30]);
+ SQRADDAC(a[9], a[29]);
+ SQRADDAC(a[10], a[28]);
+ SQRADDAC(a[11], a[27]);
+ SQRADDAC(a[12], a[26]);
+ SQRADDAC(a[13], a[25]);
+ SQRADDAC(a[14], a[24]);
+ SQRADDAC(a[15], a[23]);
+ SQRADDAC(a[16], a[22]);
+ SQRADDAC(a[17], a[21]);
+ SQRADDAC(a[18], a[20]);
+ SQRADDDB;
+ SQRADD(a[19], a[19]);
+ COMBA_STORE(b[38]);
+
+ /* output 39 */
+ CARRY_FORWARD;
+ SQRADDSC(a[8], a[31]);
+ SQRADDAC(a[9], a[30]);
+ SQRADDAC(a[10], a[29]);
+ SQRADDAC(a[11], a[28]);
+ SQRADDAC(a[12], a[27]);
+ SQRADDAC(a[13], a[26]);
+ SQRADDAC(a[14], a[25]);
+ SQRADDAC(a[15], a[24]);
+ SQRADDAC(a[16], a[23]);
+ SQRADDAC(a[17], a[22]);
+ SQRADDAC(a[18], a[21]);
+ SQRADDAC(a[19], a[20]);
+ SQRADDDB;
+ COMBA_STORE(b[39]);
+
+ /* output 40 */
+ CARRY_FORWARD;
+ SQRADDSC(a[9], a[31]);
+ SQRADDAC(a[10], a[30]);
+ SQRADDAC(a[11], a[29]);
+ SQRADDAC(a[12], a[28]);
+ SQRADDAC(a[13], a[27]);
+ SQRADDAC(a[14], a[26]);
+ SQRADDAC(a[15], a[25]);
+ SQRADDAC(a[16], a[24]);
+ SQRADDAC(a[17], a[23]);
+ SQRADDAC(a[18], a[22]);
+ SQRADDAC(a[19], a[21]);
+ SQRADDDB;
+ SQRADD(a[20], a[20]);
+ COMBA_STORE(b[40]);
+
+ /* output 41 */
+ CARRY_FORWARD;
+ SQRADDSC(a[10], a[31]);
+ SQRADDAC(a[11], a[30]);
+ SQRADDAC(a[12], a[29]);
+ SQRADDAC(a[13], a[28]);
+ SQRADDAC(a[14], a[27]);
+ SQRADDAC(a[15], a[26]);
+ SQRADDAC(a[16], a[25]);
+ SQRADDAC(a[17], a[24]);
+ SQRADDAC(a[18], a[23]);
+ SQRADDAC(a[19], a[22]);
+ SQRADDAC(a[20], a[21]);
+ SQRADDDB;
+ COMBA_STORE(b[41]);
+
+ /* output 42 */
+ CARRY_FORWARD;
+ SQRADDSC(a[11], a[31]);
+ SQRADDAC(a[12], a[30]);
+ SQRADDAC(a[13], a[29]);
+ SQRADDAC(a[14], a[28]);
+ SQRADDAC(a[15], a[27]);
+ SQRADDAC(a[16], a[26]);
+ SQRADDAC(a[17], a[25]);
+ SQRADDAC(a[18], a[24]);
+ SQRADDAC(a[19], a[23]);
+ SQRADDAC(a[20], a[22]);
+ SQRADDDB;
+ SQRADD(a[21], a[21]);
+ COMBA_STORE(b[42]);
+
+ /* output 43 */
+ CARRY_FORWARD;
+ SQRADDSC(a[12], a[31]);
+ SQRADDAC(a[13], a[30]);
+ SQRADDAC(a[14], a[29]);
+ SQRADDAC(a[15], a[28]);
+ SQRADDAC(a[16], a[27]);
+ SQRADDAC(a[17], a[26]);
+ SQRADDAC(a[18], a[25]);
+ SQRADDAC(a[19], a[24]);
+ SQRADDAC(a[20], a[23]);
+ SQRADDAC(a[21], a[22]);
+ SQRADDDB;
+ COMBA_STORE(b[43]);
+
+ /* output 44 */
+ CARRY_FORWARD;
+ SQRADDSC(a[13], a[31]);
+ SQRADDAC(a[14], a[30]);
+ SQRADDAC(a[15], a[29]);
+ SQRADDAC(a[16], a[28]);
+ SQRADDAC(a[17], a[27]);
+ SQRADDAC(a[18], a[26]);
+ SQRADDAC(a[19], a[25]);
+ SQRADDAC(a[20], a[24]);
+ SQRADDAC(a[21], a[23]);
+ SQRADDDB;
+ SQRADD(a[22], a[22]);
+ COMBA_STORE(b[44]);
+
+ /* output 45 */
+ CARRY_FORWARD;
+ SQRADDSC(a[14], a[31]);
+ SQRADDAC(a[15], a[30]);
+ SQRADDAC(a[16], a[29]);
+ SQRADDAC(a[17], a[28]);
+ SQRADDAC(a[18], a[27]);
+ SQRADDAC(a[19], a[26]);
+ SQRADDAC(a[20], a[25]);
+ SQRADDAC(a[21], a[24]);
+ SQRADDAC(a[22], a[23]);
+ SQRADDDB;
+ COMBA_STORE(b[45]);
+
+ /* output 46 */
+ CARRY_FORWARD;
+ SQRADDSC(a[15], a[31]);
+ SQRADDAC(a[16], a[30]);
+ SQRADDAC(a[17], a[29]);
+ SQRADDAC(a[18], a[28]);
+ SQRADDAC(a[19], a[27]);
+ SQRADDAC(a[20], a[26]);
+ SQRADDAC(a[21], a[25]);
+ SQRADDAC(a[22], a[24]);
+ SQRADDDB;
+ SQRADD(a[23], a[23]);
+ COMBA_STORE(b[46]);
+
+ /* output 47 */
+ CARRY_FORWARD;
+ SQRADDSC(a[16], a[31]);
+ SQRADDAC(a[17], a[30]);
+ SQRADDAC(a[18], a[29]);
+ SQRADDAC(a[19], a[28]);
+ SQRADDAC(a[20], a[27]);
+ SQRADDAC(a[21], a[26]);
+ SQRADDAC(a[22], a[25]);
+ SQRADDAC(a[23], a[24]);
+ SQRADDDB;
+ COMBA_STORE(b[47]);
+
+ /* output 48 */
+ CARRY_FORWARD;
+ SQRADDSC(a[17], a[31]);
+ SQRADDAC(a[18], a[30]);
+ SQRADDAC(a[19], a[29]);
+ SQRADDAC(a[20], a[28]);
+ SQRADDAC(a[21], a[27]);
+ SQRADDAC(a[22], a[26]);
+ SQRADDAC(a[23], a[25]);
+ SQRADDDB;
+ SQRADD(a[24], a[24]);
+ COMBA_STORE(b[48]);
+
+ /* output 49 */
+ CARRY_FORWARD;
+ SQRADDSC(a[18], a[31]);
+ SQRADDAC(a[19], a[30]);
+ SQRADDAC(a[20], a[29]);
+ SQRADDAC(a[21], a[28]);
+ SQRADDAC(a[22], a[27]);
+ SQRADDAC(a[23], a[26]);
+ SQRADDAC(a[24], a[25]);
+ SQRADDDB;
+ COMBA_STORE(b[49]);
+
+ /* output 50 */
+ CARRY_FORWARD;
+ SQRADDSC(a[19], a[31]);
+ SQRADDAC(a[20], a[30]);
+ SQRADDAC(a[21], a[29]);
+ SQRADDAC(a[22], a[28]);
+ SQRADDAC(a[23], a[27]);
+ SQRADDAC(a[24], a[26]);
+ SQRADDDB;
+ SQRADD(a[25], a[25]);
+ COMBA_STORE(b[50]);
+
+ /* output 51 */
+ CARRY_FORWARD;
+ SQRADDSC(a[20], a[31]);
+ SQRADDAC(a[21], a[30]);
+ SQRADDAC(a[22], a[29]);
+ SQRADDAC(a[23], a[28]);
+ SQRADDAC(a[24], a[27]);
+ SQRADDAC(a[25], a[26]);
+ SQRADDDB;
+ COMBA_STORE(b[51]);
+
+ /* output 52 */
+ CARRY_FORWARD;
+ SQRADDSC(a[21], a[31]);
+ SQRADDAC(a[22], a[30]);
+ SQRADDAC(a[23], a[29]);
+ SQRADDAC(a[24], a[28]);
+ SQRADDAC(a[25], a[27]);
+ SQRADDDB;
+ SQRADD(a[26], a[26]);
+ COMBA_STORE(b[52]);
+
+ /* output 53 */
+ CARRY_FORWARD;
+ SQRADDSC(a[22], a[31]);
+ SQRADDAC(a[23], a[30]);
+ SQRADDAC(a[24], a[29]);
+ SQRADDAC(a[25], a[28]);
+ SQRADDAC(a[26], a[27]);
+ SQRADDDB;
+ COMBA_STORE(b[53]);
+
+ /* output 54 */
+ CARRY_FORWARD;
+ SQRADDSC(a[23], a[31]);
+ SQRADDAC(a[24], a[30]);
+ SQRADDAC(a[25], a[29]);
+ SQRADDAC(a[26], a[28]);
+ SQRADDDB;
+ SQRADD(a[27], a[27]);
+ COMBA_STORE(b[54]);
+
+ /* output 55 */
+ CARRY_FORWARD;
+ SQRADDSC(a[24], a[31]);
+ SQRADDAC(a[25], a[30]);
+ SQRADDAC(a[26], a[29]);
+ SQRADDAC(a[27], a[28]);
+ SQRADDDB;
+ COMBA_STORE(b[55]);
+
+ /* output 56 */
+ CARRY_FORWARD;
+ SQRADDSC(a[25], a[31]);
+ SQRADDAC(a[26], a[30]);
+ SQRADDAC(a[27], a[29]);
+ SQRADDDB;
+ SQRADD(a[28], a[28]);
+ COMBA_STORE(b[56]);
+
+ /* output 57 */
+ CARRY_FORWARD;
+ SQRADDSC(a[26], a[31]);
+ SQRADDAC(a[27], a[30]);
+ SQRADDAC(a[28], a[29]);
+ SQRADDDB;
+ COMBA_STORE(b[57]);
+
+ /* output 58 */
+ CARRY_FORWARD;
+ SQRADD2(a[27], a[31]);
+ SQRADD2(a[28], a[30]);
+ SQRADD(a[29], a[29]);
+ COMBA_STORE(b[58]);
+
+ /* output 59 */
+ CARRY_FORWARD;
+ SQRADD2(a[28], a[31]);
+ SQRADD2(a[29], a[30]);
+ COMBA_STORE(b[59]);
+
+ /* output 60 */
+ CARRY_FORWARD;
+ SQRADD2(a[29], a[31]);
+ SQRADD(a[30], a[30]);
+ COMBA_STORE(b[60]);
+
+ /* output 61 */
+ CARRY_FORWARD;
+ SQRADD2(a[30], a[31]);
+ COMBA_STORE(b[61]);
+
+ /* output 62 */
+ CARRY_FORWARD;
+ SQRADD(a[31], a[31]);
+ COMBA_STORE(b[62]);
+ COMBA_STORE2(b[63]);
+ COMBA_FINI;
+
+ B->used = 64;
+ B->sign = ZPOS;
+ memcpy(B->dp, b, 64 * sizeof(mp_digit));
+ mp_clamp(B);
}
diff --git a/lib/freebl/mpi/mp_gf2m-priv.h b/lib/freebl/mpi/mp_gf2m-priv.h
index b9c2f3bb1..5be4da4bf 100644
--- a/lib/freebl/mpi/mp_gf2m-priv.h
+++ b/lib/freebl/mpi/mp_gf2m-priv.h
@@ -23,23 +23,23 @@ extern const mp_digit mp_gf2m_sqr_tb[16];
/* Platform-specific macros for fast binary polynomial squaring. */
#if MP_DIGIT_BITS == 32
-#define gf2m_SQR1(w) \
+#define gf2m_SQR1(w) \
mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 16 | \
- mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF]
-#define gf2m_SQR0(w) \
- mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 | \
- mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) & 0xF]
+ mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF]
+#define gf2m_SQR0(w) \
+ mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 | \
+ mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w)&0xF]
#else
-#define gf2m_SQR1(w) \
- mp_gf2m_sqr_tb[(w) >> 60 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 56 & 0xF] << 48 | \
- mp_gf2m_sqr_tb[(w) >> 52 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 48 & 0xF] << 32 | \
- mp_gf2m_sqr_tb[(w) >> 44 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 40 & 0xF] << 16 | \
- mp_gf2m_sqr_tb[(w) >> 36 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 32 & 0xF]
-#define gf2m_SQR0(w) \
- mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 48 | \
- mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF] << 32 | \
- mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 | \
- mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) & 0xF]
+#define gf2m_SQR1(w) \
+ mp_gf2m_sqr_tb[(w) >> 60 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 56 & 0xF] << 48 | \
+ mp_gf2m_sqr_tb[(w) >> 52 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 48 & 0xF] << 32 | \
+ mp_gf2m_sqr_tb[(w) >> 44 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 40 & 0xF] << 16 | \
+ mp_gf2m_sqr_tb[(w) >> 36 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 32 & 0xF]
+#define gf2m_SQR0(w) \
+ mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 48 | \
+ mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF] << 32 | \
+ mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 | \
+ mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w)&0xF]
#endif
/* Multiply two binary polynomials mp_digits a, b.
@@ -48,26 +48,26 @@ extern const mp_digit mp_gf2m_sqr_tb[16];
*/
void s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b);
-/* Compute xor-multiply of two binary polynomials (a1, a0) x (b1, b0)
+/* Compute xor-multiply of two binary polynomials (a1, a0) x (b1, b0)
* result is a binary polynomial in 4 mp_digits r[4].
* The caller MUST ensure that r has the right amount of space allocated.
*/
void s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1,
- const mp_digit b0);
+ const mp_digit b0);
-/* Compute xor-multiply of two binary polynomials (a2, a1, a0) x (b2, b1, b0)
+/* Compute xor-multiply of two binary polynomials (a2, a1, a0) x (b2, b1, b0)
* result is a binary polynomial in 6 mp_digits r[6].
* The caller MUST ensure that r has the right amount of space allocated.
*/
-void s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0,
- const mp_digit b2, const mp_digit b1, const mp_digit b0);
+void s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0,
+ const mp_digit b2, const mp_digit b1, const mp_digit b0);
-/* Compute xor-multiply of two binary polynomials (a3, a2, a1, a0) x (b3, b2, b1, b0)
+/* Compute xor-multiply of two binary polynomials (a3, a2, a1, a0) x (b3, b2, b1, b0)
* result is a binary polynomial in 8 mp_digits r[8].
* The caller MUST ensure that r has the right amount of space allocated.
*/
-void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1,
- const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1,
- const mp_digit b0);
+void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1,
+ const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1,
+ const mp_digit b0);
#endif /* _MP_GF2M_PRIV_H_ */
diff --git a/lib/freebl/mpi/mp_gf2m.c b/lib/freebl/mpi/mp_gf2m.c
index e84f3a044..5a096adde 100644
--- a/lib/freebl/mpi/mp_gf2m.c
+++ b/lib/freebl/mpi/mp_gf2m.c
@@ -8,159 +8,251 @@
#include "mpi-priv.h"
const mp_digit mp_gf2m_sqr_tb[16] =
-{
- 0, 1, 4, 5, 16, 17, 20, 21,
- 64, 65, 68, 69, 80, 81, 84, 85
-};
+ {
+ 0, 1, 4, 5, 16, 17, 20, 21,
+ 64, 65, 68, 69, 80, 81, 84, 85
+ };
/* Multiply two binary polynomials mp_digits a, b.
* Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1.
* Output in two mp_digits rh, rl.
*/
#if MP_DIGIT_BITS == 32
-void
+void
s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b)
{
register mp_digit h, l, s;
- mp_digit tab[8], top2b = a >> 30;
+ mp_digit tab[8], top2b = a >> 30;
register mp_digit a1, a2, a4;
- a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
-
- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
- tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
-
- s = tab[b & 0x7]; l = s;
- s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29;
- s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26;
- s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23;
- s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
- s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
- s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
- s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
- s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8;
- s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5;
- s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2;
+ a1 = a & (0x3FFFFFFF);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+
+ s = tab[b & 0x7];
+ l = s;
+ s = tab[b >> 3 & 0x7];
+ l ^= s << 3;
+ h = s >> 29;
+ s = tab[b >> 6 & 0x7];
+ l ^= s << 6;
+ h ^= s >> 26;
+ s = tab[b >> 9 & 0x7];
+ l ^= s << 9;
+ h ^= s >> 23;
+ s = tab[b >> 12 & 0x7];
+ l ^= s << 12;
+ h ^= s >> 20;
+ s = tab[b >> 15 & 0x7];
+ l ^= s << 15;
+ h ^= s >> 17;
+ s = tab[b >> 18 & 0x7];
+ l ^= s << 18;
+ h ^= s >> 14;
+ s = tab[b >> 21 & 0x7];
+ l ^= s << 21;
+ h ^= s >> 11;
+ s = tab[b >> 24 & 0x7];
+ l ^= s << 24;
+ h ^= s >> 8;
+ s = tab[b >> 27 & 0x7];
+ l ^= s << 27;
+ h ^= s >> 5;
+ s = tab[b >> 30];
+ l ^= s << 30;
+ h ^= s >> 2;
/* compensate for the top two bits of a */
- if (top2b & 01) { l ^= b << 30; h ^= b >> 2; }
- if (top2b & 02) { l ^= b << 31; h ^= b >> 1; }
+ if (top2b & 01) {
+ l ^= b << 30;
+ h ^= b >> 2;
+ }
+ if (top2b & 02) {
+ l ^= b << 31;
+ h ^= b >> 1;
+ }
- *rh = h; *rl = l;
-}
+ *rh = h;
+ *rl = l;
+}
#else
-void
+void
s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b)
{
register mp_digit h, l, s;
mp_digit tab[16], top3b = a >> 61;
register mp_digit a1, a2, a4, a8;
- a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1;
- a4 = a2 << 1; a8 = a4 << 1;
- tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2;
- tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4;
- tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8;
- tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
-
- s = tab[b & 0xF]; l = s;
- s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60;
- s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56;
- s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
- s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
- s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
- s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
- s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
- s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
- s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
- s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
- s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
- s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
- s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
- s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8;
- s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4;
+ a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+ a8 = a4 << 1;
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+ tab[8] = a8;
+ tab[9] = a1 ^ a8;
+ tab[10] = a2 ^ a8;
+ tab[11] = a1 ^ a2 ^ a8;
+ tab[12] = a4 ^ a8;
+ tab[13] = a1 ^ a4 ^ a8;
+ tab[14] = a2 ^ a4 ^ a8;
+ tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+ s = tab[b & 0xF];
+ l = s;
+ s = tab[b >> 4 & 0xF];
+ l ^= s << 4;
+ h = s >> 60;
+ s = tab[b >> 8 & 0xF];
+ l ^= s << 8;
+ h ^= s >> 56;
+ s = tab[b >> 12 & 0xF];
+ l ^= s << 12;
+ h ^= s >> 52;
+ s = tab[b >> 16 & 0xF];
+ l ^= s << 16;
+ h ^= s >> 48;
+ s = tab[b >> 20 & 0xF];
+ l ^= s << 20;
+ h ^= s >> 44;
+ s = tab[b >> 24 & 0xF];
+ l ^= s << 24;
+ h ^= s >> 40;
+ s = tab[b >> 28 & 0xF];
+ l ^= s << 28;
+ h ^= s >> 36;
+ s = tab[b >> 32 & 0xF];
+ l ^= s << 32;
+ h ^= s >> 32;
+ s = tab[b >> 36 & 0xF];
+ l ^= s << 36;
+ h ^= s >> 28;
+ s = tab[b >> 40 & 0xF];
+ l ^= s << 40;
+ h ^= s >> 24;
+ s = tab[b >> 44 & 0xF];
+ l ^= s << 44;
+ h ^= s >> 20;
+ s = tab[b >> 48 & 0xF];
+ l ^= s << 48;
+ h ^= s >> 16;
+ s = tab[b >> 52 & 0xF];
+ l ^= s << 52;
+ h ^= s >> 12;
+ s = tab[b >> 56 & 0xF];
+ l ^= s << 56;
+ h ^= s >> 8;
+ s = tab[b >> 60];
+ l ^= s << 60;
+ h ^= s >> 4;
/* compensate for the top three bits of a */
- if (top3b & 01) { l ^= b << 61; h ^= b >> 3; }
- if (top3b & 02) { l ^= b << 62; h ^= b >> 2; }
- if (top3b & 04) { l ^= b << 63; h ^= b >> 1; }
+ if (top3b & 01) {
+ l ^= b << 61;
+ h ^= b >> 3;
+ }
+ if (top3b & 02) {
+ l ^= b << 62;
+ h ^= b >> 2;
+ }
+ if (top3b & 04) {
+ l ^= b << 63;
+ h ^= b >> 1;
+ }
- *rh = h; *rl = l;
-}
+ *rh = h;
+ *rl = l;
+}
#endif
-/* Compute xor-multiply of two binary polynomials (a1, a0) x (b1, b0)
+/* Compute xor-multiply of two binary polynomials (a1, a0) x (b1, b0)
* result is a binary polynomial in 4 mp_digits r[4].
* The caller MUST ensure that r has the right amount of space allocated.
*/
-void
+void
s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1,
const mp_digit b0)
{
mp_digit m1, m0;
/* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
- s_bmul_1x1(r+3, r+2, a1, b1);
- s_bmul_1x1(r+1, r, a0, b0);
+ s_bmul_1x1(r + 3, r + 2, a1, b1);
+ s_bmul_1x1(r + 1, r, a0, b0);
s_bmul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
/* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
- r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
- r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+ r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
+ r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
}
-/* Compute xor-multiply of two binary polynomials (a2, a1, a0) x (b2, b1, b0)
+/* Compute xor-multiply of two binary polynomials (a2, a1, a0) x (b2, b1, b0)
* result is a binary polynomial in 6 mp_digits r[6].
* The caller MUST ensure that r has the right amount of space allocated.
*/
-void
-s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0,
- const mp_digit b2, const mp_digit b1, const mp_digit b0)
+void
+s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0,
+ const mp_digit b2, const mp_digit b1, const mp_digit b0)
{
- mp_digit zm[4];
+ mp_digit zm[4];
- s_bmul_1x1(r+5, r+4, a2, b2); /* fill top 2 words */
- s_bmul_2x2(zm, a1, a2^a0, b1, b2^b0); /* fill middle 4 words */
- s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */
+ s_bmul_1x1(r + 5, r + 4, a2, b2); /* fill top 2 words */
+ s_bmul_2x2(zm, a1, a2 ^ a0, b1, b2 ^ b0); /* fill middle 4 words */
+ s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */
- zm[3] ^= r[3];
- zm[2] ^= r[2];
- zm[1] ^= r[1] ^ r[5];
- zm[0] ^= r[0] ^ r[4];
+ zm[3] ^= r[3];
+ zm[2] ^= r[2];
+ zm[1] ^= r[1] ^ r[5];
+ zm[0] ^= r[0] ^ r[4];
- r[5] ^= zm[3];
- r[4] ^= zm[2];
- r[3] ^= zm[1];
- r[2] ^= zm[0];
+ r[5] ^= zm[3];
+ r[4] ^= zm[2];
+ r[3] ^= zm[1];
+ r[2] ^= zm[0];
}
-/* Compute xor-multiply of two binary polynomials (a3, a2, a1, a0) x (b3, b2, b1, b0)
+/* Compute xor-multiply of two binary polynomials (a3, a2, a1, a0) x (b3, b2, b1, b0)
* result is a binary polynomial in 8 mp_digits r[8].
* The caller MUST ensure that r has the right amount of space allocated.
*/
-void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1,
- const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1,
- const mp_digit b0)
+void
+s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1,
+ const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1,
+ const mp_digit b0)
{
- mp_digit zm[4];
+ mp_digit zm[4];
- s_bmul_2x2(r+4, a3, a2, b3, b2); /* fill top 4 words */
- s_bmul_2x2(zm, a3^a1, a2^a0, b3^b1, b2^b0); /* fill middle 4 words */
- s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */
+ s_bmul_2x2(r + 4, a3, a2, b3, b2); /* fill top 4 words */
+ s_bmul_2x2(zm, a3 ^ a1, a2 ^ a0, b3 ^ b1, b2 ^ b0); /* fill middle 4 words */
+ s_bmul_2x2(r, a1, a0, b1, b0); /* fill bottom 4 words */
- zm[3] ^= r[3] ^ r[7];
- zm[2] ^= r[2] ^ r[6];
- zm[1] ^= r[1] ^ r[5];
- zm[0] ^= r[0] ^ r[4];
+ zm[3] ^= r[3] ^ r[7];
+ zm[2] ^= r[2] ^ r[6];
+ zm[1] ^= r[1] ^ r[5];
+ zm[0] ^= r[0] ^ r[4];
- r[5] ^= zm[3];
- r[4] ^= zm[2];
- r[3] ^= zm[1];
- r[2] ^= zm[0];
+ r[5] ^= zm[3];
+ r[4] ^= zm[2];
+ r[3] ^= zm[1];
+ r[2] ^= zm[0];
}
/* Compute addition of two binary polynomials a and b,
- * store result in c; c could be a or b, a and b could be equal;
+ * store result in c; c could be a or b, a and b could be equal;
* c is the bitwise XOR of a and b.
*/
mp_err
@@ -187,7 +279,7 @@ mp_badd(const mp_int *a, const mp_int *b, mp_int *c)
}
/* Make sure c has enough precision for the output value */
- MP_CHECKOK( s_mp_pad(c, used_pa) );
+ MP_CHECKOK(s_mp_pad(c, used_pa));
/* Do word-by-word xor */
pc = MP_DIGITS(c);
@@ -206,12 +298,12 @@ mp_badd(const mp_int *a, const mp_int *b, mp_int *c)
CLEANUP:
return res;
-}
+}
-#define s_mp_div2(a) MP_CHECKOK( mpl_rsh((a), (a), 1) );
+#define s_mp_div2(a) MP_CHECKOK(mpl_rsh((a), (a), 1));
/* Compute binary polynomial multiply d = a * b */
-static void
+static void
s_bmul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
{
mp_digit a_i, a0b0, a1b1, carry = 0;
@@ -225,7 +317,7 @@ s_bmul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
}
/* Compute binary polynomial xor multiply accumulate d ^= a * b */
-static void
+static void
s_bmul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
{
mp_digit a_i, a0b0, a1b1, carry = 0;
@@ -238,10 +330,10 @@ s_bmul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
*d ^= carry;
}
-/* Compute binary polynomial xor multiply c = a * b.
+/* Compute binary polynomial xor multiply c = a * b.
* All parameters may be identical.
*/
-mp_err
+mp_err
mp_bmul(const mp_int *a, const mp_int *b, mp_int *c)
{
mp_digit *pb, b_i;
@@ -254,23 +346,24 @@ mp_bmul(const mp_int *a, const mp_int *b, mp_int *c)
ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
if (a == c) {
- MP_CHECKOK( mp_init_copy(&tmp, a) );
+ MP_CHECKOK(mp_init_copy(&tmp, a));
if (a == b)
b = &tmp;
a = &tmp;
} else if (b == c) {
- MP_CHECKOK( mp_init_copy(&tmp, b) );
+ MP_CHECKOK(mp_init_copy(&tmp, b));
b = &tmp;
}
if (MP_USED(a) < MP_USED(b)) {
- const mp_int *xch = b; /* switch a and b if b longer */
+ const mp_int *xch = b; /* switch a and b if b longer */
b = a;
a = xch;
}
- MP_USED(c) = 1; MP_DIGIT(c, 0) = 0;
- MP_CHECKOK( s_mp_pad(c, USED(a) + USED(b)) );
+ MP_USED(c) = 1;
+ MP_DIGIT(c, 0) = 0;
+ MP_CHECKOK(s_mp_pad(c, USED(a) + USED(b)));
pb = MP_DIGITS(b);
s_bmul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c));
@@ -278,7 +371,7 @@ mp_bmul(const mp_int *a, const mp_int *b, mp_int *c)
/* Outer loop: Digits of b */
a_used = MP_USED(a);
b_used = MP_USED(b);
- MP_USED(c) = a_used + b_used;
+ MP_USED(c) = a_used + b_used;
for (ib = 1; ib < b_used; ib++) {
b_i = *pb++;
@@ -298,11 +391,10 @@ CLEANUP:
return res;
}
-
-/* Compute modular reduction of a and store result in r.
- * r could be a.
- * For modular arithmetic, the irreducible polynomial f(t) is represented
- * as an array of int[], where f(t) is of the form:
+/* Compute modular reduction of a and store result in r.
+ * r could be a.
+ * For modular arithmetic, the irreducible polynomial f(t) is represented
+ * as an array of int[], where f(t) is of the form:
* f(t) = t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
*/
@@ -315,11 +407,11 @@ mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r)
mp_size used;
mp_err res = MP_OKAY;
- /* The algorithm does the reduction in place in r,
+ /* The algorithm does the reduction in place in r,
* if a != r, copy a into r first so reduction can be done in r
*/
if (a != r) {
- MP_CHECKOK( mp_copy(a, r) );
+ MP_CHECKOK(mp_copy(a, r));
}
z = MP_DIGITS(r);
@@ -332,7 +424,8 @@ mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r)
zz = z[j];
if (zz == 0) {
- j--; continue;
+ j--;
+ continue;
}
z[j] = 0;
@@ -344,20 +437,19 @@ mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r)
d1 = MP_DIGIT_BITS - d0;
/*n /= MP_DIGIT_BITS; */
n >>= MP_DIGIT_BITS_LOG_2;
- z[j-n] ^= (zz>>d0);
- if (d0)
- z[j-n-1] ^= (zz<<d1);
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
}
/* reducing component t^0 */
- n = dN;
+ n = dN;
/*d0 = p[0] % MP_DIGIT_BITS;*/
d0 = p[0] & MP_DIGIT_BITS_MASK;
d1 = MP_DIGIT_BITS - d0;
- z[j-n] ^= (zz >> d0);
- if (d0)
- z[j-n-1] ^= (zz << d1);
-
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
}
/* final round of reduction */
@@ -365,16 +457,17 @@ mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r)
/* d0 = p[0] % MP_DIGIT_BITS; */
d0 = p[0] & MP_DIGIT_BITS_MASK;
- zz = z[dN] >> d0;
- if (zz == 0) break;
+ zz = z[dN] >> d0;
+ if (zz == 0)
+ break;
d1 = MP_DIGIT_BITS - d0;
/* clear up the top d1 bits */
if (d0) {
- z[dN] = (z[dN] << d1) >> d1;
- } else {
- z[dN] = 0;
- }
+ z[dN] = (z[dN] << d1) >> d1;
+ } else {
+ z[dN] = 0;
+ }
*z ^= zz; /* reduction t^0 component */
for (k = 1; p[k] > 0; k++) {
@@ -387,7 +480,7 @@ mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r)
z[n] ^= (zz << d0);
tmp = zz >> d1;
if (d0 && tmp)
- z[n+1] ^= tmp;
+ z[n + 1] ^= tmp;
}
}
@@ -396,25 +489,26 @@ CLEANUP:
return res;
}
-/* Compute the product of two polynomials a and b, reduce modulo p,
+/* Compute the product of two polynomials a and b, reduce modulo p,
* Store the result in r. r could be a or b; a could be b.
*/
-mp_err
+mp_err
mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[], mp_int *r)
{
mp_err res;
-
- if (a == b) return mp_bsqrmod(a, p, r);
- if ((res = mp_bmul(a, b, r) ) != MP_OKAY)
- return res;
+
+ if (a == b)
+ return mp_bsqrmod(a, p, r);
+ if ((res = mp_bmul(a, b, r)) != MP_OKAY)
+ return res;
return mp_bmod(r, p, r);
}
-/* Compute binary polynomial squaring c = a*a mod p .
+/* Compute binary polynomial squaring c = a*a mod p .
* Parameter r and a can be identical.
*/
-mp_err
+mp_err
mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r)
{
mp_digit *pa, *pr, a_i;
@@ -426,17 +520,18 @@ mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r)
MP_DIGITS(&tmp) = 0;
if (a == r) {
- MP_CHECKOK( mp_init_copy(&tmp, a) );
+ MP_CHECKOK(mp_init_copy(&tmp, a));
a = &tmp;
}
- MP_USED(r) = 1; MP_DIGIT(r, 0) = 0;
- MP_CHECKOK( s_mp_pad(r, 2*USED(a)) );
+ MP_USED(r) = 1;
+ MP_DIGIT(r, 0) = 0;
+ MP_CHECKOK(s_mp_pad(r, 2 * USED(a)));
pa = MP_DIGITS(a);
pr = MP_DIGITS(r);
a_used = MP_USED(a);
- MP_USED(r) = 2 * a_used;
+ MP_USED(r) = 2 * a_used;
for (ia = 0; ia < a_used; ia++) {
a_i = *pa++;
@@ -444,7 +539,7 @@ mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r)
*pr++ = gf2m_SQR1(a_i);
}
- MP_CHECKOK( mp_bmod(r, p, r) );
+ MP_CHECKOK(mp_bmod(r, p, r));
s_mp_clamp(r);
SIGN(r) = ZPOS;
@@ -455,13 +550,13 @@ CLEANUP:
/* Compute binary polynomial y/x mod p, y divided by x, reduce modulo p.
* Store the result in r. r could be x or y, and x could equal y.
- * Uses algorithm Modular_Division_GF(2^m) from
- * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
+ * Uses algorithm Modular_Division_GF(2^m) from
+ * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
* the Great Divide".
*/
-int
-mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp,
- const unsigned int p[], mp_int *r)
+int
+mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp,
+ const unsigned int p[], mp_int *r)
{
mp_int aa, bb, uu;
mp_int *a, *b, *u, *v;
@@ -471,60 +566,62 @@ mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp,
MP_DIGITS(&bb) = 0;
MP_DIGITS(&uu) = 0;
- MP_CHECKOK( mp_init_copy(&aa, x) );
- MP_CHECKOK( mp_init_copy(&uu, y) );
- MP_CHECKOK( mp_init_copy(&bb, pp) );
- MP_CHECKOK( s_mp_pad(r, USED(pp)) );
- MP_USED(r) = 1; MP_DIGIT(r, 0) = 0;
-
- a = &aa; b= &bb; u=&uu; v=r;
+ MP_CHECKOK(mp_init_copy(&aa, x));
+ MP_CHECKOK(mp_init_copy(&uu, y));
+ MP_CHECKOK(mp_init_copy(&bb, pp));
+ MP_CHECKOK(s_mp_pad(r, USED(pp)));
+ MP_USED(r) = 1;
+ MP_DIGIT(r, 0) = 0;
+
+ a = &aa;
+ b = &bb;
+ u = &uu;
+ v = r;
/* reduce x and y mod p */
- MP_CHECKOK( mp_bmod(a, p, a) );
- MP_CHECKOK( mp_bmod(u, p, u) );
+ MP_CHECKOK(mp_bmod(a, p, a));
+ MP_CHECKOK(mp_bmod(u, p, u));
while (!mp_isodd(a)) {
s_mp_div2(a);
if (mp_isodd(u)) {
- MP_CHECKOK( mp_badd(u, pp, u) );
+ MP_CHECKOK(mp_badd(u, pp, u));
}
s_mp_div2(u);
}
do {
if (mp_cmp_mag(b, a) > 0) {
- MP_CHECKOK( mp_badd(b, a, b) );
- MP_CHECKOK( mp_badd(v, u, v) );
+ MP_CHECKOK(mp_badd(b, a, b));
+ MP_CHECKOK(mp_badd(v, u, v));
do {
s_mp_div2(b);
if (mp_isodd(v)) {
- MP_CHECKOK( mp_badd(v, pp, v) );
+ MP_CHECKOK(mp_badd(v, pp, v));
}
s_mp_div2(v);
} while (!mp_isodd(b));
- }
- else if ((MP_DIGIT(a,0) == 1) && (MP_USED(a) == 1))
+ } else if ((MP_DIGIT(a, 0) == 1) && (MP_USED(a) == 1))
break;
else {
- MP_CHECKOK( mp_badd(a, b, a) );
- MP_CHECKOK( mp_badd(u, v, u) );
+ MP_CHECKOK(mp_badd(a, b, a));
+ MP_CHECKOK(mp_badd(u, v, u));
do {
s_mp_div2(a);
if (mp_isodd(u)) {
- MP_CHECKOK( mp_badd(u, pp, u) );
+ MP_CHECKOK(mp_badd(u, pp, u));
}
s_mp_div2(u);
} while (!mp_isodd(a));
}
} while (1);
- MP_CHECKOK( mp_copy(u, r) );
+ MP_CHECKOK(mp_copy(u, r));
CLEANUP:
mp_clear(&aa);
mp_clear(&bb);
mp_clear(&uu);
return res;
-
}
/* Convert the bit-string representation of a polynomial a into an array
@@ -541,14 +638,16 @@ mp_bpoly2arr(const mp_int *a, unsigned int p[], int max)
top_bit = 1;
top_bit <<= MP_DIGIT_BIT - 1;
- for (k = 0; k < max; k++) p[k] = 0;
+ for (k = 0; k < max; k++)
+ p[k] = 0;
k = 0;
for (i = MP_USED(a) - 1; i >= 0; i--) {
mask = top_bit;
for (j = MP_DIGIT_BIT - 1; j >= 0; j--) {
if (MP_DIGITS(a)[i] & mask) {
- if (k < max) p[k] = MP_DIGIT_BIT * i + j;
+ if (k < max)
+ p[k] = MP_DIGIT_BIT * i + j;
k++;
}
mask >>= 1;
@@ -558,7 +657,7 @@ mp_bpoly2arr(const mp_int *a, unsigned int p[], int max)
return k;
}
-/* Convert the coefficient array representation of a polynomial to a
+/* Convert the coefficient array representation of a polynomial to a
* bit-string. The array must be terminated by 0.
*/
mp_err
@@ -570,10 +669,10 @@ mp_barr2poly(const unsigned int p[], mp_int *a)
mp_zero(a);
for (i = 0; p[i] > 0; i++) {
- MP_CHECKOK( mpl_set_bit(a, p[i], 1) );
+ MP_CHECKOK(mpl_set_bit(a, p[i], 1));
}
- MP_CHECKOK( mpl_set_bit(a, 0, 1) );
-
+ MP_CHECKOK(mpl_set_bit(a, 0, 1));
+
CLEANUP:
return res;
}
diff --git a/lib/freebl/mpi/mp_gf2m.h b/lib/freebl/mpi/mp_gf2m.h
index 9faa026c3..ed2c85493 100644
--- a/lib/freebl/mpi/mp_gf2m.h
+++ b/lib/freebl/mpi/mp_gf2m.h
@@ -10,17 +10,17 @@
mp_err mp_badd(const mp_int *a, const mp_int *b, mp_int *c);
mp_err mp_bmul(const mp_int *a, const mp_int *b, mp_int *c);
-/* For modular arithmetic, the irreducible polynomial f(t) is represented
- * as an array of int[], where f(t) is of the form:
+/* For modular arithmetic, the irreducible polynomial f(t) is represented
+ * as an array of int[], where f(t) is of the form:
* f(t) = t^p[0] + t^p[1] + ... + t^p[k]
* where m = p[0] > p[1] > ... > p[k] = 0.
*/
mp_err mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r);
-mp_err mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[],
- mp_int *r);
+mp_err mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[],
+ mp_int *r);
mp_err mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r);
-mp_err mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp,
- const unsigned int p[], mp_int *r);
+mp_err mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp,
+ const unsigned int p[], mp_int *r);
int mp_bpoly2arr(const mp_int *a, unsigned int p[], int max);
mp_err mp_barr2poly(const unsigned int p[], mp_int *a);
diff --git a/lib/freebl/mpi/mpcpucache.c b/lib/freebl/mpi/mpcpucache.c
index bd9b4d1f7..6fed35239 100644
--- a/lib/freebl/mpi/mpcpucache.c
+++ b/lib/freebl/mpi/mpcpucache.c
@@ -9,7 +9,7 @@
* This file implements a single function: s_mpi_getProcessorLineSize();
* s_mpi_getProcessorLineSize() returns the size in bytes of the cache line
* if a cache exists, or zero if there is no cache. If more than one
- * cache line exists, it should return the smallest line size (which is
+ * cache line exists, it should return the smallest line size (which is
* usually the L1 cache).
*
* mp_modexp uses this information to make sure that private key information
@@ -18,10 +18,10 @@
* Currently the file returns good data for most modern x86 processors, and
* reasonable data on 64-bit ppc processors. All other processors are assumed
* to have a cache line size of 32 bytes unless modified by target.mk.
- *
+ *
*/
-#if defined(i386) || defined(__i386) || defined(__X86__) || defined (_M_IX86) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
+#if defined(i386) || defined(__i386) || defined(__X86__) || defined(_M_IX86) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
/* X86 processors have special instructions that tell us about the cache */
#include "string.h"
@@ -34,25 +34,27 @@
#if defined(__GNUC__)
-void freebl_cpuid(unsigned long op, unsigned long *eax,
- unsigned long *ebx, unsigned long *ecx,
- unsigned long *edx)
+void
+freebl_cpuid(unsigned long op, unsigned long *eax,
+ unsigned long *ebx, unsigned long *ecx,
+ unsigned long *edx)
{
- __asm__("cpuid\n\t"
- : "=a" (*eax),
- "=b" (*ebx),
- "=c" (*ecx),
- "=d" (*edx)
- : "0" (op));
+ __asm__("cpuid\n\t"
+ : "=a"(*eax),
+ "=b"(*ebx),
+ "=c"(*ecx),
+ "=d"(*edx)
+ : "0"(op));
}
#elif defined(_MSC_VER)
#include <intrin.h>
-void freebl_cpuid(unsigned long op, unsigned long *eax,
- unsigned long *ebx, unsigned long *ecx,
- unsigned long *edx)
+void
+freebl_cpuid(unsigned long op, unsigned long *eax,
+ unsigned long *ebx, unsigned long *ecx,
+ unsigned long *edx)
{
int intrinsic_out[4];
@@ -70,48 +72,50 @@ void freebl_cpuid(unsigned long op, unsigned long *eax,
/* x86 */
#if defined(__GNUC__)
-void freebl_cpuid(unsigned long op, unsigned long *eax,
- unsigned long *ebx, unsigned long *ecx,
- unsigned long *edx)
+void
+freebl_cpuid(unsigned long op, unsigned long *eax,
+ unsigned long *ebx, unsigned long *ecx,
+ unsigned long *edx)
{
-/* Some older processors don't fill the ecx register with cpuid, so clobber it
- * before calling cpuid, so that there's no risk of picking random bits that
- * erroneously indicate that absent CPU features are present.
- * Also, GCC isn't smart enough to save the ebx PIC register on its own
- * in this case, so do it by hand. Use edi to store ebx and pass the
- * value returned in ebx from cpuid through edi. */
- __asm__("xor %%ecx, %%ecx\n\t"
- "mov %%ebx,%%edi\n\t"
- "cpuid\n\t"
- "xchgl %%ebx,%%edi\n\t"
- : "=a" (*eax),
- "=D" (*ebx),
- "=c" (*ecx),
- "=d" (*edx)
- : "0" (op));
+ /* Some older processors don't fill the ecx register with cpuid, so clobber it
+ * before calling cpuid, so that there's no risk of picking random bits that
+ * erroneously indicate that absent CPU features are present.
+ * Also, GCC isn't smart enough to save the ebx PIC register on its own
+ * in this case, so do it by hand. Use edi to store ebx and pass the
+ * value returned in ebx from cpuid through edi. */
+ __asm__("xor %%ecx, %%ecx\n\t"
+ "mov %%ebx,%%edi\n\t"
+ "cpuid\n\t"
+ "xchgl %%ebx,%%edi\n\t"
+ : "=a"(*eax),
+ "=D"(*ebx),
+ "=c"(*ecx),
+ "=d"(*edx)
+ : "0"(op));
}
/*
* try flipping a processor flag to determine CPU type
*/
-static unsigned long changeFlag(unsigned long flag)
+static unsigned long
+changeFlag(unsigned long flag)
{
- unsigned long changedFlags, originalFlags;
- __asm__("pushfl\n\t" /* get the flags */
- "popl %0\n\t"
- "movl %0,%1\n\t" /* save the original flags */
- "xorl %2,%0\n\t" /* flip the bit */
- "pushl %0\n\t" /* set the flags */
- "popfl\n\t"
- "pushfl\n\t" /* get the flags again (for return) */
- "popl %0\n\t"
- "pushl %1\n\t" /* restore the original flags */
- "popfl\n\t"
- : "=r" (changedFlags),
- "=r" (originalFlags),
- "=r" (flag)
- : "2" (flag));
- return changedFlags ^ originalFlags;
+ unsigned long changedFlags, originalFlags;
+ __asm__("pushfl\n\t" /* get the flags */
+ "popl %0\n\t"
+ "movl %0,%1\n\t" /* save the original flags */
+ "xorl %2,%0\n\t" /* flip the bit */
+ "pushl %0\n\t" /* set the flags */
+ "popfl\n\t"
+ "pushfl\n\t" /* get the flags again (for return) */
+ "popl %0\n\t"
+ "pushl %1\n\t" /* restore the original flags */
+ "popfl\n\t"
+ : "=r"(changedFlags),
+ "=r"(originalFlags),
+ "=r"(flag)
+ : "2"(flag));
+ return changedFlags ^ originalFlags;
}
#elif defined(_MSC_VER)
@@ -120,11 +124,12 @@ static unsigned long changeFlag(unsigned long flag)
* windows versions of the above assembler
*/
#define wcpuid __asm __emit 0fh __asm __emit 0a2h
-void freebl_cpuid(unsigned long op, unsigned long *Reax,
- unsigned long *Rebx, unsigned long *Recx, unsigned long *Redx)
+void
+freebl_cpuid(unsigned long op, unsigned long *Reax,
+ unsigned long *Rebx, unsigned long *Recx, unsigned long *Redx)
{
- unsigned long Leax, Lebx, Lecx, Ledx;
- __asm {
+ unsigned long Leax, Lebx, Lecx, Ledx;
+ __asm {
pushad
xor ecx,ecx
mov eax,op
@@ -134,35 +139,36 @@ void freebl_cpuid(unsigned long op, unsigned long *Reax,
mov Lecx,ecx
mov Ledx,edx
popad
- }
- *Reax = Leax;
- *Rebx = Lebx;
- *Recx = Lecx;
- *Redx = Ledx;
+ }
+ *Reax = Leax;
+ *Rebx = Lebx;
+ *Recx = Lecx;
+ *Redx = Ledx;
}
-static unsigned long changeFlag(unsigned long flag)
+static unsigned long
+changeFlag(unsigned long flag)
{
- unsigned long changedFlags, originalFlags;
- __asm {
- push eax
- push ebx
- pushfd /* get the flags */
- pop eax
- push eax /* save the flags on the stack */
- mov originalFlags,eax /* save the original flags */
- mov ebx,flag
- xor eax,ebx /* flip the bit */
- push eax /* set the flags */
- popfd
- pushfd /* get the flags again (for return) */
- pop eax
- popfd /* restore the original flags */
- mov changedFlags,eax
- pop ebx
- pop eax
- }
- return changedFlags ^ originalFlags;
+ unsigned long changedFlags, originalFlags;
+ __asm {
+ push eax
+ push ebx
+ pushfd /* get the flags */
+ pop eax
+ push eax /* save the flags on the stack */
+ mov originalFlags,eax /* save the original flags */
+ mov ebx,flag
+ xor eax,ebx /* flip the bit */
+ push eax /* set the flags */
+ popfd
+ pushfd /* get the flags again (for return) */
+ pop eax
+ popfd /* restore the original flags */
+ mov changedFlags,eax
+ pop ebx
+ pop eax
+ }
+ return changedFlags ^ originalFlags;
}
#endif
@@ -173,42 +179,43 @@ static unsigned long changeFlag(unsigned long flag)
#define ID_FLAG 0x200000
/* 386 processors can't flip the AC_FLAG, intel AP Note AP-485 */
-static int is386()
+static int
+is386()
{
return changeFlag(AC_FLAG) == 0;
}
/* 486 processors can't flip the ID_FLAG, intel AP Note AP-485 */
-static int is486()
+static int
+is486()
{
return changeFlag(ID_FLAG) == 0;
}
#endif
-
/*
* table for Intel Cache.
- * See Intel Application Note AP-485 for more information
+ * See Intel Application Note AP-485 for more information
*/
typedef unsigned char CacheTypeEntry;
typedef enum {
- Cache_NONE = 0,
+ Cache_NONE = 0,
Cache_UNKNOWN = 1,
- Cache_TLB = 2,
- Cache_TLBi = 3,
- Cache_TLBd = 4,
- Cache_Trace = 5,
- Cache_L1 = 6,
- Cache_L1i = 7,
- Cache_L1d = 8,
- Cache_L2 = 9 ,
- Cache_L2i = 10 ,
- Cache_L2d = 11 ,
- Cache_L3 = 12 ,
- Cache_L3i = 13,
- Cache_L3d = 14
+ Cache_TLB = 2,
+ Cache_TLBi = 3,
+ Cache_TLBd = 4,
+ Cache_Trace = 5,
+ Cache_L1 = 6,
+ Cache_L1i = 7,
+ Cache_L1d = 8,
+ Cache_L2 = 9,
+ Cache_L2i = 10,
+ Cache_L2d = 11,
+ Cache_L3 = 12,
+ Cache_L3i = 13,
+ Cache_L3d = 14
} CacheType;
struct _cache {
@@ -216,271 +223,272 @@ struct _cache {
unsigned char lineSize;
};
static const struct _cache CacheMap[256] = {
-/* 00 */ {Cache_NONE, 0 },
-/* 01 */ {Cache_TLBi, 0 },
-/* 02 */ {Cache_TLBi, 0 },
-/* 03 */ {Cache_TLBd, 0 },
-/* 04 */ {Cache_TLBd, },
-/* 05 */ {Cache_UNKNOWN, 0 },
-/* 06 */ {Cache_L1i, 32 },
-/* 07 */ {Cache_UNKNOWN, 0 },
-/* 08 */ {Cache_L1i, 32 },
-/* 09 */ {Cache_UNKNOWN, 0 },
-/* 0a */ {Cache_L1d, 32 },
-/* 0b */ {Cache_UNKNOWN, 0 },
-/* 0c */ {Cache_L1d, 32 },
-/* 0d */ {Cache_UNKNOWN, 0 },
-/* 0e */ {Cache_UNKNOWN, 0 },
-/* 0f */ {Cache_UNKNOWN, 0 },
-/* 10 */ {Cache_UNKNOWN, 0 },
-/* 11 */ {Cache_UNKNOWN, 0 },
-/* 12 */ {Cache_UNKNOWN, 0 },
-/* 13 */ {Cache_UNKNOWN, 0 },
-/* 14 */ {Cache_UNKNOWN, 0 },
-/* 15 */ {Cache_UNKNOWN, 0 },
-/* 16 */ {Cache_UNKNOWN, 0 },
-/* 17 */ {Cache_UNKNOWN, 0 },
-/* 18 */ {Cache_UNKNOWN, 0 },
-/* 19 */ {Cache_UNKNOWN, 0 },
-/* 1a */ {Cache_UNKNOWN, 0 },
-/* 1b */ {Cache_UNKNOWN, 0 },
-/* 1c */ {Cache_UNKNOWN, 0 },
-/* 1d */ {Cache_UNKNOWN, 0 },
-/* 1e */ {Cache_UNKNOWN, 0 },
-/* 1f */ {Cache_UNKNOWN, 0 },
-/* 20 */ {Cache_UNKNOWN, 0 },
-/* 21 */ {Cache_UNKNOWN, 0 },
-/* 22 */ {Cache_L3, 64 },
-/* 23 */ {Cache_L3, 64 },
-/* 24 */ {Cache_UNKNOWN, 0 },
-/* 25 */ {Cache_L3, 64 },
-/* 26 */ {Cache_UNKNOWN, 0 },
-/* 27 */ {Cache_UNKNOWN, 0 },
-/* 28 */ {Cache_UNKNOWN, 0 },
-/* 29 */ {Cache_L3, 64 },
-/* 2a */ {Cache_UNKNOWN, 0 },
-/* 2b */ {Cache_UNKNOWN, 0 },
-/* 2c */ {Cache_L1d, 64 },
-/* 2d */ {Cache_UNKNOWN, 0 },
-/* 2e */ {Cache_UNKNOWN, 0 },
-/* 2f */ {Cache_UNKNOWN, 0 },
-/* 30 */ {Cache_L1i, 64 },
-/* 31 */ {Cache_UNKNOWN, 0 },
-/* 32 */ {Cache_UNKNOWN, 0 },
-/* 33 */ {Cache_UNKNOWN, 0 },
-/* 34 */ {Cache_UNKNOWN, 0 },
-/* 35 */ {Cache_UNKNOWN, 0 },
-/* 36 */ {Cache_UNKNOWN, 0 },
-/* 37 */ {Cache_UNKNOWN, 0 },
-/* 38 */ {Cache_UNKNOWN, 0 },
-/* 39 */ {Cache_L2, 64 },
-/* 3a */ {Cache_UNKNOWN, 0 },
-/* 3b */ {Cache_L2, 64 },
-/* 3c */ {Cache_L2, 64 },
-/* 3d */ {Cache_UNKNOWN, 0 },
-/* 3e */ {Cache_UNKNOWN, 0 },
-/* 3f */ {Cache_UNKNOWN, 0 },
-/* 40 */ {Cache_L2, 0 },
-/* 41 */ {Cache_L2, 32 },
-/* 42 */ {Cache_L2, 32 },
-/* 43 */ {Cache_L2, 32 },
-/* 44 */ {Cache_L2, 32 },
-/* 45 */ {Cache_L2, 32 },
-/* 46 */ {Cache_UNKNOWN, 0 },
-/* 47 */ {Cache_UNKNOWN, 0 },
-/* 48 */ {Cache_UNKNOWN, 0 },
-/* 49 */ {Cache_UNKNOWN, 0 },
-/* 4a */ {Cache_UNKNOWN, 0 },
-/* 4b */ {Cache_UNKNOWN, 0 },
-/* 4c */ {Cache_UNKNOWN, 0 },
-/* 4d */ {Cache_UNKNOWN, 0 },
-/* 4e */ {Cache_UNKNOWN, 0 },
-/* 4f */ {Cache_UNKNOWN, 0 },
-/* 50 */ {Cache_TLBi, 0 },
-/* 51 */ {Cache_TLBi, 0 },
-/* 52 */ {Cache_TLBi, 0 },
-/* 53 */ {Cache_UNKNOWN, 0 },
-/* 54 */ {Cache_UNKNOWN, 0 },
-/* 55 */ {Cache_UNKNOWN, 0 },
-/* 56 */ {Cache_UNKNOWN, 0 },
-/* 57 */ {Cache_UNKNOWN, 0 },
-/* 58 */ {Cache_UNKNOWN, 0 },
-/* 59 */ {Cache_UNKNOWN, 0 },
-/* 5a */ {Cache_UNKNOWN, 0 },
-/* 5b */ {Cache_TLBd, 0 },
-/* 5c */ {Cache_TLBd, 0 },
-/* 5d */ {Cache_TLBd, 0 },
-/* 5e */ {Cache_UNKNOWN, 0 },
-/* 5f */ {Cache_UNKNOWN, 0 },
-/* 60 */ {Cache_UNKNOWN, 0 },
-/* 61 */ {Cache_UNKNOWN, 0 },
-/* 62 */ {Cache_UNKNOWN, 0 },
-/* 63 */ {Cache_UNKNOWN, 0 },
-/* 64 */ {Cache_UNKNOWN, 0 },
-/* 65 */ {Cache_UNKNOWN, 0 },
-/* 66 */ {Cache_L1d, 64 },
-/* 67 */ {Cache_L1d, 64 },
-/* 68 */ {Cache_L1d, 64 },
-/* 69 */ {Cache_UNKNOWN, 0 },
-/* 6a */ {Cache_UNKNOWN, 0 },
-/* 6b */ {Cache_UNKNOWN, 0 },
-/* 6c */ {Cache_UNKNOWN, 0 },
-/* 6d */ {Cache_UNKNOWN, 0 },
-/* 6e */ {Cache_UNKNOWN, 0 },
-/* 6f */ {Cache_UNKNOWN, 0 },
-/* 70 */ {Cache_Trace, 1 },
-/* 71 */ {Cache_Trace, 1 },
-/* 72 */ {Cache_Trace, 1 },
-/* 73 */ {Cache_UNKNOWN, 0 },
-/* 74 */ {Cache_UNKNOWN, 0 },
-/* 75 */ {Cache_UNKNOWN, 0 },
-/* 76 */ {Cache_UNKNOWN, 0 },
-/* 77 */ {Cache_UNKNOWN, 0 },
-/* 78 */ {Cache_UNKNOWN, 0 },
-/* 79 */ {Cache_L2, 64 },
-/* 7a */ {Cache_L2, 64 },
-/* 7b */ {Cache_L2, 64 },
-/* 7c */ {Cache_L2, 64 },
-/* 7d */ {Cache_UNKNOWN, 0 },
-/* 7e */ {Cache_UNKNOWN, 0 },
-/* 7f */ {Cache_UNKNOWN, 0 },
-/* 80 */ {Cache_UNKNOWN, 0 },
-/* 81 */ {Cache_UNKNOWN, 0 },
-/* 82 */ {Cache_L2, 32 },
-/* 83 */ {Cache_L2, 32 },
-/* 84 */ {Cache_L2, 32 },
-/* 85 */ {Cache_L2, 32 },
-/* 86 */ {Cache_L2, 64 },
-/* 87 */ {Cache_L2, 64 },
-/* 88 */ {Cache_UNKNOWN, 0 },
-/* 89 */ {Cache_UNKNOWN, 0 },
-/* 8a */ {Cache_UNKNOWN, 0 },
-/* 8b */ {Cache_UNKNOWN, 0 },
-/* 8c */ {Cache_UNKNOWN, 0 },
-/* 8d */ {Cache_UNKNOWN, 0 },
-/* 8e */ {Cache_UNKNOWN, 0 },
-/* 8f */ {Cache_UNKNOWN, 0 },
-/* 90 */ {Cache_UNKNOWN, 0 },
-/* 91 */ {Cache_UNKNOWN, 0 },
-/* 92 */ {Cache_UNKNOWN, 0 },
-/* 93 */ {Cache_UNKNOWN, 0 },
-/* 94 */ {Cache_UNKNOWN, 0 },
-/* 95 */ {Cache_UNKNOWN, 0 },
-/* 96 */ {Cache_UNKNOWN, 0 },
-/* 97 */ {Cache_UNKNOWN, 0 },
-/* 98 */ {Cache_UNKNOWN, 0 },
-/* 99 */ {Cache_UNKNOWN, 0 },
-/* 9a */ {Cache_UNKNOWN, 0 },
-/* 9b */ {Cache_UNKNOWN, 0 },
-/* 9c */ {Cache_UNKNOWN, 0 },
-/* 9d */ {Cache_UNKNOWN, 0 },
-/* 9e */ {Cache_UNKNOWN, 0 },
-/* 9f */ {Cache_UNKNOWN, 0 },
-/* a0 */ {Cache_UNKNOWN, 0 },
-/* a1 */ {Cache_UNKNOWN, 0 },
-/* a2 */ {Cache_UNKNOWN, 0 },
-/* a3 */ {Cache_UNKNOWN, 0 },
-/* a4 */ {Cache_UNKNOWN, 0 },
-/* a5 */ {Cache_UNKNOWN, 0 },
-/* a6 */ {Cache_UNKNOWN, 0 },
-/* a7 */ {Cache_UNKNOWN, 0 },
-/* a8 */ {Cache_UNKNOWN, 0 },
-/* a9 */ {Cache_UNKNOWN, 0 },
-/* aa */ {Cache_UNKNOWN, 0 },
-/* ab */ {Cache_UNKNOWN, 0 },
-/* ac */ {Cache_UNKNOWN, 0 },
-/* ad */ {Cache_UNKNOWN, 0 },
-/* ae */ {Cache_UNKNOWN, 0 },
-/* af */ {Cache_UNKNOWN, 0 },
-/* b0 */ {Cache_TLBi, 0 },
-/* b1 */ {Cache_UNKNOWN, 0 },
-/* b2 */ {Cache_UNKNOWN, 0 },
-/* b3 */ {Cache_TLBd, 0 },
-/* b4 */ {Cache_UNKNOWN, 0 },
-/* b5 */ {Cache_UNKNOWN, 0 },
-/* b6 */ {Cache_UNKNOWN, 0 },
-/* b7 */ {Cache_UNKNOWN, 0 },
-/* b8 */ {Cache_UNKNOWN, 0 },
-/* b9 */ {Cache_UNKNOWN, 0 },
-/* ba */ {Cache_UNKNOWN, 0 },
-/* bb */ {Cache_UNKNOWN, 0 },
-/* bc */ {Cache_UNKNOWN, 0 },
-/* bd */ {Cache_UNKNOWN, 0 },
-/* be */ {Cache_UNKNOWN, 0 },
-/* bf */ {Cache_UNKNOWN, 0 },
-/* c0 */ {Cache_UNKNOWN, 0 },
-/* c1 */ {Cache_UNKNOWN, 0 },
-/* c2 */ {Cache_UNKNOWN, 0 },
-/* c3 */ {Cache_UNKNOWN, 0 },
-/* c4 */ {Cache_UNKNOWN, 0 },
-/* c5 */ {Cache_UNKNOWN, 0 },
-/* c6 */ {Cache_UNKNOWN, 0 },
-/* c7 */ {Cache_UNKNOWN, 0 },
-/* c8 */ {Cache_UNKNOWN, 0 },
-/* c9 */ {Cache_UNKNOWN, 0 },
-/* ca */ {Cache_UNKNOWN, 0 },
-/* cb */ {Cache_UNKNOWN, 0 },
-/* cc */ {Cache_UNKNOWN, 0 },
-/* cd */ {Cache_UNKNOWN, 0 },
-/* ce */ {Cache_UNKNOWN, 0 },
-/* cf */ {Cache_UNKNOWN, 0 },
-/* d0 */ {Cache_UNKNOWN, 0 },
-/* d1 */ {Cache_UNKNOWN, 0 },
-/* d2 */ {Cache_UNKNOWN, 0 },
-/* d3 */ {Cache_UNKNOWN, 0 },
-/* d4 */ {Cache_UNKNOWN, 0 },
-/* d5 */ {Cache_UNKNOWN, 0 },
-/* d6 */ {Cache_UNKNOWN, 0 },
-/* d7 */ {Cache_UNKNOWN, 0 },
-/* d8 */ {Cache_UNKNOWN, 0 },
-/* d9 */ {Cache_UNKNOWN, 0 },
-/* da */ {Cache_UNKNOWN, 0 },
-/* db */ {Cache_UNKNOWN, 0 },
-/* dc */ {Cache_UNKNOWN, 0 },
-/* dd */ {Cache_UNKNOWN, 0 },
-/* de */ {Cache_UNKNOWN, 0 },
-/* df */ {Cache_UNKNOWN, 0 },
-/* e0 */ {Cache_UNKNOWN, 0 },
-/* e1 */ {Cache_UNKNOWN, 0 },
-/* e2 */ {Cache_UNKNOWN, 0 },
-/* e3 */ {Cache_UNKNOWN, 0 },
-/* e4 */ {Cache_UNKNOWN, 0 },
-/* e5 */ {Cache_UNKNOWN, 0 },
-/* e6 */ {Cache_UNKNOWN, 0 },
-/* e7 */ {Cache_UNKNOWN, 0 },
-/* e8 */ {Cache_UNKNOWN, 0 },
-/* e9 */ {Cache_UNKNOWN, 0 },
-/* ea */ {Cache_UNKNOWN, 0 },
-/* eb */ {Cache_UNKNOWN, 0 },
-/* ec */ {Cache_UNKNOWN, 0 },
-/* ed */ {Cache_UNKNOWN, 0 },
-/* ee */ {Cache_UNKNOWN, 0 },
-/* ef */ {Cache_UNKNOWN, 0 },
-/* f0 */ {Cache_UNKNOWN, 0 },
-/* f1 */ {Cache_UNKNOWN, 0 },
-/* f2 */ {Cache_UNKNOWN, 0 },
-/* f3 */ {Cache_UNKNOWN, 0 },
-/* f4 */ {Cache_UNKNOWN, 0 },
-/* f5 */ {Cache_UNKNOWN, 0 },
-/* f6 */ {Cache_UNKNOWN, 0 },
-/* f7 */ {Cache_UNKNOWN, 0 },
-/* f8 */ {Cache_UNKNOWN, 0 },
-/* f9 */ {Cache_UNKNOWN, 0 },
-/* fa */ {Cache_UNKNOWN, 0 },
-/* fb */ {Cache_UNKNOWN, 0 },
-/* fc */ {Cache_UNKNOWN, 0 },
-/* fd */ {Cache_UNKNOWN, 0 },
-/* fe */ {Cache_UNKNOWN, 0 },
-/* ff */ {Cache_UNKNOWN, 0 }
+ /* 00 */ { Cache_NONE, 0 },
+ /* 01 */ { Cache_TLBi, 0 },
+ /* 02 */ { Cache_TLBi, 0 },
+ /* 03 */ { Cache_TLBd, 0 },
+ /* 04 */ {
+ Cache_TLBd,
+ },
+ /* 05 */ { Cache_UNKNOWN, 0 },
+ /* 06 */ { Cache_L1i, 32 },
+ /* 07 */ { Cache_UNKNOWN, 0 },
+ /* 08 */ { Cache_L1i, 32 },
+ /* 09 */ { Cache_UNKNOWN, 0 },
+ /* 0a */ { Cache_L1d, 32 },
+ /* 0b */ { Cache_UNKNOWN, 0 },
+ /* 0c */ { Cache_L1d, 32 },
+ /* 0d */ { Cache_UNKNOWN, 0 },
+ /* 0e */ { Cache_UNKNOWN, 0 },
+ /* 0f */ { Cache_UNKNOWN, 0 },
+ /* 10 */ { Cache_UNKNOWN, 0 },
+ /* 11 */ { Cache_UNKNOWN, 0 },
+ /* 12 */ { Cache_UNKNOWN, 0 },
+ /* 13 */ { Cache_UNKNOWN, 0 },
+ /* 14 */ { Cache_UNKNOWN, 0 },
+ /* 15 */ { Cache_UNKNOWN, 0 },
+ /* 16 */ { Cache_UNKNOWN, 0 },
+ /* 17 */ { Cache_UNKNOWN, 0 },
+ /* 18 */ { Cache_UNKNOWN, 0 },
+ /* 19 */ { Cache_UNKNOWN, 0 },
+ /* 1a */ { Cache_UNKNOWN, 0 },
+ /* 1b */ { Cache_UNKNOWN, 0 },
+ /* 1c */ { Cache_UNKNOWN, 0 },
+ /* 1d */ { Cache_UNKNOWN, 0 },
+ /* 1e */ { Cache_UNKNOWN, 0 },
+ /* 1f */ { Cache_UNKNOWN, 0 },
+ /* 20 */ { Cache_UNKNOWN, 0 },
+ /* 21 */ { Cache_UNKNOWN, 0 },
+ /* 22 */ { Cache_L3, 64 },
+ /* 23 */ { Cache_L3, 64 },
+ /* 24 */ { Cache_UNKNOWN, 0 },
+ /* 25 */ { Cache_L3, 64 },
+ /* 26 */ { Cache_UNKNOWN, 0 },
+ /* 27 */ { Cache_UNKNOWN, 0 },
+ /* 28 */ { Cache_UNKNOWN, 0 },
+ /* 29 */ { Cache_L3, 64 },
+ /* 2a */ { Cache_UNKNOWN, 0 },
+ /* 2b */ { Cache_UNKNOWN, 0 },
+ /* 2c */ { Cache_L1d, 64 },
+ /* 2d */ { Cache_UNKNOWN, 0 },
+ /* 2e */ { Cache_UNKNOWN, 0 },
+ /* 2f */ { Cache_UNKNOWN, 0 },
+ /* 30 */ { Cache_L1i, 64 },
+ /* 31 */ { Cache_UNKNOWN, 0 },
+ /* 32 */ { Cache_UNKNOWN, 0 },
+ /* 33 */ { Cache_UNKNOWN, 0 },
+ /* 34 */ { Cache_UNKNOWN, 0 },
+ /* 35 */ { Cache_UNKNOWN, 0 },
+ /* 36 */ { Cache_UNKNOWN, 0 },
+ /* 37 */ { Cache_UNKNOWN, 0 },
+ /* 38 */ { Cache_UNKNOWN, 0 },
+ /* 39 */ { Cache_L2, 64 },
+ /* 3a */ { Cache_UNKNOWN, 0 },
+ /* 3b */ { Cache_L2, 64 },
+ /* 3c */ { Cache_L2, 64 },
+ /* 3d */ { Cache_UNKNOWN, 0 },
+ /* 3e */ { Cache_UNKNOWN, 0 },
+ /* 3f */ { Cache_UNKNOWN, 0 },
+ /* 40 */ { Cache_L2, 0 },
+ /* 41 */ { Cache_L2, 32 },
+ /* 42 */ { Cache_L2, 32 },
+ /* 43 */ { Cache_L2, 32 },
+ /* 44 */ { Cache_L2, 32 },
+ /* 45 */ { Cache_L2, 32 },
+ /* 46 */ { Cache_UNKNOWN, 0 },
+ /* 47 */ { Cache_UNKNOWN, 0 },
+ /* 48 */ { Cache_UNKNOWN, 0 },
+ /* 49 */ { Cache_UNKNOWN, 0 },
+ /* 4a */ { Cache_UNKNOWN, 0 },
+ /* 4b */ { Cache_UNKNOWN, 0 },
+ /* 4c */ { Cache_UNKNOWN, 0 },
+ /* 4d */ { Cache_UNKNOWN, 0 },
+ /* 4e */ { Cache_UNKNOWN, 0 },
+ /* 4f */ { Cache_UNKNOWN, 0 },
+ /* 50 */ { Cache_TLBi, 0 },
+ /* 51 */ { Cache_TLBi, 0 },
+ /* 52 */ { Cache_TLBi, 0 },
+ /* 53 */ { Cache_UNKNOWN, 0 },
+ /* 54 */ { Cache_UNKNOWN, 0 },
+ /* 55 */ { Cache_UNKNOWN, 0 },
+ /* 56 */ { Cache_UNKNOWN, 0 },
+ /* 57 */ { Cache_UNKNOWN, 0 },
+ /* 58 */ { Cache_UNKNOWN, 0 },
+ /* 59 */ { Cache_UNKNOWN, 0 },
+ /* 5a */ { Cache_UNKNOWN, 0 },
+ /* 5b */ { Cache_TLBd, 0 },
+ /* 5c */ { Cache_TLBd, 0 },
+ /* 5d */ { Cache_TLBd, 0 },
+ /* 5e */ { Cache_UNKNOWN, 0 },
+ /* 5f */ { Cache_UNKNOWN, 0 },
+ /* 60 */ { Cache_UNKNOWN, 0 },
+ /* 61 */ { Cache_UNKNOWN, 0 },
+ /* 62 */ { Cache_UNKNOWN, 0 },
+ /* 63 */ { Cache_UNKNOWN, 0 },
+ /* 64 */ { Cache_UNKNOWN, 0 },
+ /* 65 */ { Cache_UNKNOWN, 0 },
+ /* 66 */ { Cache_L1d, 64 },
+ /* 67 */ { Cache_L1d, 64 },
+ /* 68 */ { Cache_L1d, 64 },
+ /* 69 */ { Cache_UNKNOWN, 0 },
+ /* 6a */ { Cache_UNKNOWN, 0 },
+ /* 6b */ { Cache_UNKNOWN, 0 },
+ /* 6c */ { Cache_UNKNOWN, 0 },
+ /* 6d */ { Cache_UNKNOWN, 0 },
+ /* 6e */ { Cache_UNKNOWN, 0 },
+ /* 6f */ { Cache_UNKNOWN, 0 },
+ /* 70 */ { Cache_Trace, 1 },
+ /* 71 */ { Cache_Trace, 1 },
+ /* 72 */ { Cache_Trace, 1 },
+ /* 73 */ { Cache_UNKNOWN, 0 },
+ /* 74 */ { Cache_UNKNOWN, 0 },
+ /* 75 */ { Cache_UNKNOWN, 0 },
+ /* 76 */ { Cache_UNKNOWN, 0 },
+ /* 77 */ { Cache_UNKNOWN, 0 },
+ /* 78 */ { Cache_UNKNOWN, 0 },
+ /* 79 */ { Cache_L2, 64 },
+ /* 7a */ { Cache_L2, 64 },
+ /* 7b */ { Cache_L2, 64 },
+ /* 7c */ { Cache_L2, 64 },
+ /* 7d */ { Cache_UNKNOWN, 0 },
+ /* 7e */ { Cache_UNKNOWN, 0 },
+ /* 7f */ { Cache_UNKNOWN, 0 },
+ /* 80 */ { Cache_UNKNOWN, 0 },
+ /* 81 */ { Cache_UNKNOWN, 0 },
+ /* 82 */ { Cache_L2, 32 },
+ /* 83 */ { Cache_L2, 32 },
+ /* 84 */ { Cache_L2, 32 },
+ /* 85 */ { Cache_L2, 32 },
+ /* 86 */ { Cache_L2, 64 },
+ /* 87 */ { Cache_L2, 64 },
+ /* 88 */ { Cache_UNKNOWN, 0 },
+ /* 89 */ { Cache_UNKNOWN, 0 },
+ /* 8a */ { Cache_UNKNOWN, 0 },
+ /* 8b */ { Cache_UNKNOWN, 0 },
+ /* 8c */ { Cache_UNKNOWN, 0 },
+ /* 8d */ { Cache_UNKNOWN, 0 },
+ /* 8e */ { Cache_UNKNOWN, 0 },
+ /* 8f */ { Cache_UNKNOWN, 0 },
+ /* 90 */ { Cache_UNKNOWN, 0 },
+ /* 91 */ { Cache_UNKNOWN, 0 },
+ /* 92 */ { Cache_UNKNOWN, 0 },
+ /* 93 */ { Cache_UNKNOWN, 0 },
+ /* 94 */ { Cache_UNKNOWN, 0 },
+ /* 95 */ { Cache_UNKNOWN, 0 },
+ /* 96 */ { Cache_UNKNOWN, 0 },
+ /* 97 */ { Cache_UNKNOWN, 0 },
+ /* 98 */ { Cache_UNKNOWN, 0 },
+ /* 99 */ { Cache_UNKNOWN, 0 },
+ /* 9a */ { Cache_UNKNOWN, 0 },
+ /* 9b */ { Cache_UNKNOWN, 0 },
+ /* 9c */ { Cache_UNKNOWN, 0 },
+ /* 9d */ { Cache_UNKNOWN, 0 },
+ /* 9e */ { Cache_UNKNOWN, 0 },
+ /* 9f */ { Cache_UNKNOWN, 0 },
+ /* a0 */ { Cache_UNKNOWN, 0 },
+ /* a1 */ { Cache_UNKNOWN, 0 },
+ /* a2 */ { Cache_UNKNOWN, 0 },
+ /* a3 */ { Cache_UNKNOWN, 0 },
+ /* a4 */ { Cache_UNKNOWN, 0 },
+ /* a5 */ { Cache_UNKNOWN, 0 },
+ /* a6 */ { Cache_UNKNOWN, 0 },
+ /* a7 */ { Cache_UNKNOWN, 0 },
+ /* a8 */ { Cache_UNKNOWN, 0 },
+ /* a9 */ { Cache_UNKNOWN, 0 },
+ /* aa */ { Cache_UNKNOWN, 0 },
+ /* ab */ { Cache_UNKNOWN, 0 },
+ /* ac */ { Cache_UNKNOWN, 0 },
+ /* ad */ { Cache_UNKNOWN, 0 },
+ /* ae */ { Cache_UNKNOWN, 0 },
+ /* af */ { Cache_UNKNOWN, 0 },
+ /* b0 */ { Cache_TLBi, 0 },
+ /* b1 */ { Cache_UNKNOWN, 0 },
+ /* b2 */ { Cache_UNKNOWN, 0 },
+ /* b3 */ { Cache_TLBd, 0 },
+ /* b4 */ { Cache_UNKNOWN, 0 },
+ /* b5 */ { Cache_UNKNOWN, 0 },
+ /* b6 */ { Cache_UNKNOWN, 0 },
+ /* b7 */ { Cache_UNKNOWN, 0 },
+ /* b8 */ { Cache_UNKNOWN, 0 },
+ /* b9 */ { Cache_UNKNOWN, 0 },
+ /* ba */ { Cache_UNKNOWN, 0 },
+ /* bb */ { Cache_UNKNOWN, 0 },
+ /* bc */ { Cache_UNKNOWN, 0 },
+ /* bd */ { Cache_UNKNOWN, 0 },
+ /* be */ { Cache_UNKNOWN, 0 },
+ /* bf */ { Cache_UNKNOWN, 0 },
+ /* c0 */ { Cache_UNKNOWN, 0 },
+ /* c1 */ { Cache_UNKNOWN, 0 },
+ /* c2 */ { Cache_UNKNOWN, 0 },
+ /* c3 */ { Cache_UNKNOWN, 0 },
+ /* c4 */ { Cache_UNKNOWN, 0 },
+ /* c5 */ { Cache_UNKNOWN, 0 },
+ /* c6 */ { Cache_UNKNOWN, 0 },
+ /* c7 */ { Cache_UNKNOWN, 0 },
+ /* c8 */ { Cache_UNKNOWN, 0 },
+ /* c9 */ { Cache_UNKNOWN, 0 },
+ /* ca */ { Cache_UNKNOWN, 0 },
+ /* cb */ { Cache_UNKNOWN, 0 },
+ /* cc */ { Cache_UNKNOWN, 0 },
+ /* cd */ { Cache_UNKNOWN, 0 },
+ /* ce */ { Cache_UNKNOWN, 0 },
+ /* cf */ { Cache_UNKNOWN, 0 },
+ /* d0 */ { Cache_UNKNOWN, 0 },
+ /* d1 */ { Cache_UNKNOWN, 0 },
+ /* d2 */ { Cache_UNKNOWN, 0 },
+ /* d3 */ { Cache_UNKNOWN, 0 },
+ /* d4 */ { Cache_UNKNOWN, 0 },
+ /* d5 */ { Cache_UNKNOWN, 0 },
+ /* d6 */ { Cache_UNKNOWN, 0 },
+ /* d7 */ { Cache_UNKNOWN, 0 },
+ /* d8 */ { Cache_UNKNOWN, 0 },
+ /* d9 */ { Cache_UNKNOWN, 0 },
+ /* da */ { Cache_UNKNOWN, 0 },
+ /* db */ { Cache_UNKNOWN, 0 },
+ /* dc */ { Cache_UNKNOWN, 0 },
+ /* dd */ { Cache_UNKNOWN, 0 },
+ /* de */ { Cache_UNKNOWN, 0 },
+ /* df */ { Cache_UNKNOWN, 0 },
+ /* e0 */ { Cache_UNKNOWN, 0 },
+ /* e1 */ { Cache_UNKNOWN, 0 },
+ /* e2 */ { Cache_UNKNOWN, 0 },
+ /* e3 */ { Cache_UNKNOWN, 0 },
+ /* e4 */ { Cache_UNKNOWN, 0 },
+ /* e5 */ { Cache_UNKNOWN, 0 },
+ /* e6 */ { Cache_UNKNOWN, 0 },
+ /* e7 */ { Cache_UNKNOWN, 0 },
+ /* e8 */ { Cache_UNKNOWN, 0 },
+ /* e9 */ { Cache_UNKNOWN, 0 },
+ /* ea */ { Cache_UNKNOWN, 0 },
+ /* eb */ { Cache_UNKNOWN, 0 },
+ /* ec */ { Cache_UNKNOWN, 0 },
+ /* ed */ { Cache_UNKNOWN, 0 },
+ /* ee */ { Cache_UNKNOWN, 0 },
+ /* ef */ { Cache_UNKNOWN, 0 },
+ /* f0 */ { Cache_UNKNOWN, 0 },
+ /* f1 */ { Cache_UNKNOWN, 0 },
+ /* f2 */ { Cache_UNKNOWN, 0 },
+ /* f3 */ { Cache_UNKNOWN, 0 },
+ /* f4 */ { Cache_UNKNOWN, 0 },
+ /* f5 */ { Cache_UNKNOWN, 0 },
+ /* f6 */ { Cache_UNKNOWN, 0 },
+ /* f7 */ { Cache_UNKNOWN, 0 },
+ /* f8 */ { Cache_UNKNOWN, 0 },
+ /* f9 */ { Cache_UNKNOWN, 0 },
+ /* fa */ { Cache_UNKNOWN, 0 },
+ /* fb */ { Cache_UNKNOWN, 0 },
+ /* fc */ { Cache_UNKNOWN, 0 },
+ /* fd */ { Cache_UNKNOWN, 0 },
+ /* fe */ { Cache_UNKNOWN, 0 },
+ /* ff */ { Cache_UNKNOWN, 0 }
};
-
/*
* use the above table to determine the CacheEntryLineSize.
*/
static void
-getIntelCacheEntryLineSize(unsigned long val, int *level,
- unsigned long *lineSize)
+getIntelCacheEntryLineSize(unsigned long val, int *level,
+ unsigned long *lineSize)
{
CacheType type;
@@ -490,28 +498,27 @@ getIntelCacheEntryLineSize(unsigned long val, int *level,
* this data check has the side effect of rejecting that entry. If
* that wasn't the case, we could have to reject it explicitly */
if (CacheMap[val].lineSize == 0) {
- return;
+ return;
}
/* look at the caches, skip types we aren't interested in.
* if we already have a value for a lower level cache, skip the
* current entry */
- if ((type == Cache_L1)|| (type == Cache_L1d)) {
- *level = 1;
- *lineSize = CacheMap[val].lineSize;
+ if ((type == Cache_L1) || (type == Cache_L1d)) {
+ *level = 1;
+ *lineSize = CacheMap[val].lineSize;
} else if ((*level >= 2) && ((type == Cache_L2) || (type == Cache_L2d))) {
- *level = 2;
- *lineSize = CacheMap[val].lineSize;
+ *level = 2;
+ *lineSize = CacheMap[val].lineSize;
} else if ((*level >= 3) && ((type == Cache_L3) || (type == Cache_L3d))) {
- *level = 3;
- *lineSize = CacheMap[val].lineSize;
+ *level = 3;
+ *lineSize = CacheMap[val].lineSize;
}
return;
}
-
static void
-getIntelRegisterCacheLineSize(unsigned long val,
- int *level, unsigned long *lineSize)
+getIntelRegisterCacheLineSize(unsigned long val,
+ int *level, unsigned long *lineSize)
{
getIntelCacheEntryLineSize(val >> 24 & 0xff, level, lineSize);
getIntelCacheEntryLineSize(val >> 16 & 0xff, level, lineSize);
@@ -521,7 +528,7 @@ getIntelRegisterCacheLineSize(unsigned long val,
/*
* returns '0' if no recognized cache is found, or if the cache
- * information is supported by this processor
+ * information is supported by this processor
*/
static unsigned long
getIntelCacheLineSize(int cpuidLevel)
@@ -532,13 +539,13 @@ getIntelCacheLineSize(int cpuidLevel)
int repeat, count;
if (cpuidLevel < 2) {
- return 0;
+ return 0;
}
/* command '2' of the cpuid is intel's cache info call. Each byte of the
- * 4 registers contain a potential descriptor for the cache. The CacheMap
+ * 4 registers contain a potential descriptor for the cache. The CacheMap
* table maps the cache entry with the processor cache. Register 'al'
- * contains a count value that cpuid '2' needs to be called in order to
+ * contains a count value that cpuid '2' needs to be called in order to
* find all the cache descriptors. Only registers with the high bit set
* to 'zero' have valid descriptors. This code loops through all the
* required calls to cpuid '2' and passes any valid descriptors it finds
@@ -548,28 +555,28 @@ getIntelCacheLineSize(int cpuidLevel)
freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
repeat = eax & 0xf;
for (count = 0; count < repeat; count++) {
- if ((eax & 0x80000000) == 0) {
- getIntelRegisterCacheLineSize(eax & 0xffffff00, &level, &lineSize);
- }
- if ((ebx & 0x80000000) == 0) {
- getIntelRegisterCacheLineSize(ebx, &level, &lineSize);
- }
- if ((ecx & 0x80000000) == 0) {
- getIntelRegisterCacheLineSize(ecx, &level, &lineSize);
- }
- if ((edx & 0x80000000) == 0) {
- getIntelRegisterCacheLineSize(edx, &level, &lineSize);
- }
- if (count+1 != repeat) {
- freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
- }
+ if ((eax & 0x80000000) == 0) {
+ getIntelRegisterCacheLineSize(eax & 0xffffff00, &level, &lineSize);
+ }
+ if ((ebx & 0x80000000) == 0) {
+ getIntelRegisterCacheLineSize(ebx, &level, &lineSize);
+ }
+ if ((ecx & 0x80000000) == 0) {
+ getIntelRegisterCacheLineSize(ecx, &level, &lineSize);
+ }
+ if ((edx & 0x80000000) == 0) {
+ getIntelRegisterCacheLineSize(edx, &level, &lineSize);
+ }
+ if (count + 1 != repeat) {
+ freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
+ }
}
return lineSize;
}
/*
* returns '0' if the cache info is not supported by this processor.
- * This is based on the AMD extended cache commands for cpuid.
+ * This is based on the AMD extended cache commands for cpuid.
* (see "AMD Processor Recognition Application Note" Publication 20734).
* Some other processors use the identical scheme.
* (see "Processor Recognition, Transmeta Corporation").
@@ -585,58 +592,57 @@ getOtherCacheLineSize(unsigned long cpuidLevel)
cpuidLevel = eax;
if (cpuidLevel >= 0x80000005) {
- freebl_cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
- lineSize = ecx & 0xff; /* line Size, L1 Data Cache */
+ freebl_cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
+ lineSize = ecx & 0xff; /* line Size, L1 Data Cache */
}
return lineSize;
}
-static const char * const manMap[] = {
-#define INTEL 0
+static const char *const manMap[] = {
+#define INTEL 0
"GenuineIntel",
-#define AMD 1
+#define AMD 1
"AuthenticAMD",
-#define CYRIX 2
+#define CYRIX 2
"CyrixInstead",
-#define CENTAUR 2
+#define CENTAUR 2
"CentaurHauls",
-#define NEXGEN 3
+#define NEXGEN 3
"NexGenDriven",
#define TRANSMETA 4
"GenuineTMx86",
-#define RISE 5
+#define RISE 5
"RiseRiseRise",
-#define UMC 6
+#define UMC 6
"UMC UMC UMC ",
-#define SIS 7
+#define SIS 7
"Sis Sis Sis ",
-#define NATIONAL 8
+#define NATIONAL 8
"Geode by NSC",
};
-static const int n_manufacturers = sizeof(manMap)/sizeof(manMap[0]);
-
+static const int n_manufacturers = sizeof(manMap) / sizeof(manMap[0]);
#define MAN_UNKNOWN 9
#if !defined(AMD_64)
-#define SSE2_FLAG (1<<26)
+#define SSE2_FLAG (1 << 26)
unsigned long
s_mpi_is_sse2()
{
unsigned long eax, ebx, ecx, edx;
if (is386() || is486()) {
- return 0;
+ return 0;
}
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
/* has no SSE2 extensions */
if (eax == 0) {
- return 0;
+ return 0;
}
- freebl_cpuid(1,&eax,&ebx,&ecx,&edx);
+ freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
return (edx & SSE2_FLAG) == SSE2_FLAG;
}
#endif
@@ -654,9 +660,10 @@ s_mpi_getProcessorLineSize()
#if !defined(AMD_64)
if (is386()) {
- return 0; /* 386 had no cache */
- } if (is486()) {
- return 32; /* really? need more info */
+ return 0; /* 386 had no cache */
+ }
+ if (is486()) {
+ return 32; /* really? need more info */
}
#endif
@@ -674,30 +681,30 @@ s_mpi_getProcessorLineSize()
string[12] = 0;
manufacturer = MAN_UNKNOWN;
- for (i=0; i < n_manufacturers; i++) {
- if ( strcmp(manMap[i],string) == 0) {
- manufacturer = i;
- }
+ for (i = 0; i < n_manufacturers; i++) {
+ if (strcmp(manMap[i], string) == 0) {
+ manufacturer = i;
+ }
}
if (manufacturer == INTEL) {
- cacheLineSize = getIntelCacheLineSize(cpuidLevel);
+ cacheLineSize = getIntelCacheLineSize(cpuidLevel);
} else {
- cacheLineSize = getOtherCacheLineSize(cpuidLevel);
+ cacheLineSize = getOtherCacheLineSize(cpuidLevel);
}
/* doesn't support cache info based on cpuid. This means
* an old pentium class processor, which have cache lines of
* 32. If we learn differently, we can use a switch based on
* the Manufacturer id */
if (cacheLineSize == 0) {
- cacheLineSize = 32;
+ cacheLineSize = 32;
}
return cacheLineSize;
}
#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
#endif
-#if defined(__ppc64__)
+#if defined(__ppc64__)
/*
* Sigh, The PPC has some really nice features to help us determine cache
* size, since it had lots of direct control functions to do so. The POWER
@@ -705,48 +712,49 @@ s_mpi_getProcessorLineSize()
* PowerPC. Unfortunately most of them are not available in user mode.
*
* The dcbz function would be a great way to determine cache line size except
- * 1) it only works on write-back memory (it throws an exception otherwise),
+ * 1) it only works on write-back memory (it throws an exception otherwise),
* and 2) because so many mac programs 'knew' the processor cache size was
* 32 bytes, they used this instruction as a fast 'zero 32 bytes'. Now the new
* G5 processor has 128 byte cache, but dcbz only clears 32 bytes to keep
* these programs happy. dcbzl work if 64 bit instructions are supported.
- * If you know 64 bit instructions are supported, and that stack is
+ * If you know 64 bit instructions are supported, and that stack is
* write-back, you can use this code.
*/
#include "memory.h"
/* clear the cache line that contains 'array' */
-static inline void dcbzl(char *array)
+static inline void
+dcbzl(char *array)
{
- register char *a asm("r2") = array;
- __asm__ __volatile__( "dcbzl %0,r0" : "=r" (a): "0"(a) );
+ register char *a asm("r2") = array;
+ __asm__ __volatile__("dcbzl %0,r0"
+ : "=r"(a)
+ : "0"(a));
}
-
-#define PPC_DO_ALIGN(x,y) ((char *)\
- ((((long long) (x))+((y)-1))&~((y)-1)))
+#define PPC_DO_ALIGN(x, y) ((char *)((((long long)(x)) + ((y)-1)) & ~((y)-1)))
#define PPC_MAX_LINE_SIZE 256
unsigned long
s_mpi_getProcessorLineSize()
{
- char testArray[2*PPC_MAX_LINE_SIZE+1];
+ char testArray[2 * PPC_MAX_LINE_SIZE + 1];
char *test;
int i;
/* align the array on a maximum line size boundary, so we
* know we are starting to clear from the first address */
- test = PPC_DO_ALIGN(testArray, PPC_MAX_LINE_SIZE);
+ test = PPC_DO_ALIGN(testArray, PPC_MAX_LINE_SIZE);
/* set all the values to 1's */
memset(test, 0xff, PPC_MAX_LINE_SIZE);
/* clear one cache block starting at 'test' */
dcbzl(test);
/* find the size of the cleared area, that's our block size */
- for (i=PPC_MAX_LINE_SIZE; i != 0; i = i/2) {
- if (test[i-1] == 0) {
- return i;
- }
+ for (i = PPC_MAX_LINE_SIZE; i != 0; i = i / 2) {
+ if (test[i - 1] == 0) {
+ return i;
+ }
}
return 0;
}
@@ -754,42 +762,39 @@ s_mpi_getProcessorLineSize()
#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
#endif
-
/*
* put other processor and platform specific cache code here
- * return the smallest cache line size in bytes on the processor
+ * return the smallest cache line size in bytes on the processor
* (usually the L1 cache). If the OS has a call, this would be
* a greate place to put it.
*
* If there is no cache, return 0;
- *
+ *
* define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED so the generic functions
* below aren't compiled.
*
*/
-
-/* target.mk can define MPI_CACHE_LINE_SIZE if it's common for the family or
+/* target.mk can define MPI_CACHE_LINE_SIZE if it's common for the family or
* OS */
#if defined(MPI_CACHE_LINE_SIZE) && !defined(MPI_GET_PROCESSOR_LINE_SIZE_DEFINED)
unsigned long
s_mpi_getProcessorLineSize()
{
- return MPI_CACHE_LINE_SIZE;
+ return MPI_CACHE_LINE_SIZE;
}
#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
#endif
-
/* If no way to get the processor cache line size has been defined, assume
* it's 32 bytes (most common value, does not significantly impact performance)
- */
+ */
#ifndef MPI_GET_PROCESSOR_LINE_SIZE_DEFINED
unsigned long
s_mpi_getProcessorLineSize()
{
- return 32;
+ return 32;
}
#endif
@@ -799,5 +804,5 @@ s_mpi_getProcessorLineSize()
main()
{
printf("line size = %d\n", s_mpi_getProcessorLineSize());
-}
+}
#endif
diff --git a/lib/freebl/mpi/mpi-config.h b/lib/freebl/mpi/mpi-config.h
index 171dacc7c..f365592a4 100644
--- a/lib/freebl/mpi/mpi-config.h
+++ b/lib/freebl/mpi/mpi-config.h
@@ -1,4 +1,4 @@
-/* Default configuration for MPI library
+/* Default configuration for MPI library
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -8,7 +8,7 @@
#define MPI_CONFIG_H_
/*
- For boolean options,
+ For boolean options,
0 = no
1 = yes
@@ -17,27 +17,27 @@
*/
#ifndef MP_IOFUNC
-#define MP_IOFUNC 0 /* include mp_print() ? */
+#define MP_IOFUNC 0 /* include mp_print() ? */
#endif
#ifndef MP_MODARITH
-#define MP_MODARITH 1 /* include modular arithmetic ? */
+#define MP_MODARITH 1 /* include modular arithmetic ? */
#endif
#ifndef MP_NUMTH
-#define MP_NUMTH 1 /* include number theoretic functions? */
+#define MP_NUMTH 1 /* include number theoretic functions? */
#endif
#ifndef MP_LOGTAB
-#define MP_LOGTAB 1 /* use table of logs instead of log()? */
+#define MP_LOGTAB 1 /* use table of logs instead of log()? */
#endif
#ifndef MP_MEMSET
-#define MP_MEMSET 1 /* use memset() to zero buffers? */
+#define MP_MEMSET 1 /* use memset() to zero buffers? */
#endif
#ifndef MP_MEMCPY
-#define MP_MEMCPY 1 /* use memcpy() to copy buffers? */
+#define MP_MEMCPY 1 /* use memcpy() to copy buffers? */
#endif
#ifndef MP_ARGCHK
@@ -47,24 +47,22 @@
2 = assertions; dump core on parameter errors
*/
#ifdef DEBUG
-#define MP_ARGCHK 2 /* how to check input arguments */
+#define MP_ARGCHK 2 /* how to check input arguments */
#else
-#define MP_ARGCHK 1 /* how to check input arguments */
+#define MP_ARGCHK 1 /* how to check input arguments */
#endif
#endif
#ifndef MP_DEBUG
-#define MP_DEBUG 0 /* print diagnostic output? */
+#define MP_DEBUG 0 /* print diagnostic output? */
#endif
#ifndef MP_DEFPREC
-#define MP_DEFPREC 64 /* default precision, in digits */
+#define MP_DEFPREC 64 /* default precision, in digits */
#endif
#ifndef MP_SQUARE
-#define MP_SQUARE 1 /* use separate squaring code? */
+#define MP_SQUARE 1 /* use separate squaring code? */
#endif
#endif /* ifndef MPI_CONFIG_H_ */
-
-
diff --git a/lib/freebl/mpi/mpi-priv.h b/lib/freebl/mpi/mpi-priv.h
index b00e54e88..b34452c48 100644
--- a/lib/freebl/mpi/mpi-priv.h
+++ b/lib/freebl/mpi/mpi-priv.h
@@ -1,9 +1,9 @@
/*
- * mpi-priv.h - Private header file for MPI
+ * mpi-priv.h - Private header file for MPI
* Arbitrary precision integer arithmetic library
*
* NOTE WELL: the content of this header file is NOT part of the "public"
- * API for the MPI library, and may change at any time.
+ * API for the MPI library, and may change at any time.
* Application programs that use libmpi should NOT include this header file.
*
* This Source Code Form is subject to the terms of the Mozilla Public
@@ -20,9 +20,14 @@
#if MP_DEBUG
#include <stdio.h>
-#define DIAG(T,V) {fprintf(stderr,T);mp_print(V,stderr);fputc('\n',stderr);}
+#define DIAG(T, V) \
+ { \
+ fprintf(stderr, T); \
+ mp_print(V, stderr); \
+ fputc('\n', stderr); \
+ }
#else
-#define DIAG(T,V)
+#define DIAG(T, V)
#endif
/* If we aren't using a wired-in logarithm table, we need to include
@@ -34,7 +39,7 @@
#if MP_LOGTAB
/*
A table of the logs of 2 for various bases (the 0 and 1 entries of
- this table are meaningless and should not be referenced).
+ this table are meaningless and should not be referenced).
This table is used to compute output lengths for the mp_toradix()
function. Since a number n in radix r takes up about log_r(n)
@@ -44,22 +49,22 @@
log_r(n) = log_2(n) * log_r(2)
This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
- which are the output bases supported.
+ which are the output bases supported.
*/
extern const float s_logv_2[];
-#define LOG_V_2(R) s_logv_2[(R)]
+#define LOG_V_2(R) s_logv_2[(R)]
#else
-/*
+/*
If MP_LOGTAB is not defined, use the math library to compute the
logarithms on the fly. Otherwise, use the table.
Pick which works best for your system.
*/
#include <math.h>
-#define LOG_V_2(R) (log(2.0)/log(R))
+#define LOG_V_2(R) (log(2.0) / log(R))
#endif /* if MP_LOGTAB */
@@ -75,81 +80,81 @@ extern const float s_logv_2[];
ourselves with the low-order 2 mp_digits)
*/
-#define CARRYOUT(W) (mp_digit)((W)>>DIGIT_BIT)
-#define ACCUM(W) (mp_digit)(W)
+#define CARRYOUT(W) (mp_digit)((W) >> DIGIT_BIT)
+#define ACCUM(W) (mp_digit)(W)
-#define MP_MIN(a,b) (((a) < (b)) ? (a) : (b))
-#define MP_MAX(a,b) (((a) > (b)) ? (a) : (b))
-#define MP_HOWMANY(a,b) (((a) + (b) - 1)/(b))
-#define MP_ROUNDUP(a,b) (MP_HOWMANY(a,b) * (b))
+#define MP_MIN(a, b) (((a) < (b)) ? (a) : (b))
+#define MP_MAX(a, b) (((a) > (b)) ? (a) : (b))
+#define MP_HOWMANY(a, b) (((a) + (b)-1) / (b))
+#define MP_ROUNDUP(a, b) (MP_HOWMANY(a, b) * (b))
/* }}} */
/* {{{ Comparison constants */
-#define MP_LT -1
-#define MP_EQ 0
-#define MP_GT 1
+#define MP_LT -1
+#define MP_EQ 0
+#define MP_GT 1
/* }}} */
/* {{{ private function declarations */
-void s_mp_setz(mp_digit *dp, mp_size count); /* zero digits */
-void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count); /* copy */
-void *s_mp_alloc(size_t nb, size_t ni); /* general allocator */
-void s_mp_free(void *ptr); /* general free function */
-
-mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */
-mp_err s_mp_pad(mp_int *mp, mp_size min); /* left pad with zeroes */
-
-void s_mp_clamp(mp_int *mp); /* clip leading zeroes */
-
-void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place */
-
-mp_err s_mp_lshd(mp_int *mp, mp_size p); /* left-shift by p digits */
-void s_mp_rshd(mp_int *mp, mp_size p); /* right-shift by p digits */
-mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place */
-void s_mp_div_2d(mp_int *mp, mp_digit d); /* divide by 2^d in place */
-void s_mp_mod_2d(mp_int *mp, mp_digit d); /* modulo 2^d in place */
-void s_mp_div_2(mp_int *mp); /* divide by 2 in place */
-mp_err s_mp_mul_2(mp_int *mp); /* multiply by 2 in place */
-mp_err s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd);
- /* normalize for division */
-mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */
-mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */
-mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */
-mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r);
- /* unsigned digit divide */
-mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu);
- /* Barrett reduction */
-mp_err s_mp_add(mp_int *a, const mp_int *b); /* magnitude addition */
-mp_err s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c);
-mp_err s_mp_sub(mp_int *a, const mp_int *b); /* magnitude subtract */
-mp_err s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c);
-mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset);
- /* a += b * RADIX^offset */
-mp_err s_mp_mul(mp_int *a, const mp_int *b); /* magnitude multiply */
+void s_mp_setz(mp_digit *dp, mp_size count); /* zero digits */
+void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count); /* copy */
+void *s_mp_alloc(size_t nb, size_t ni); /* general allocator */
+void s_mp_free(void *ptr); /* general free function */
+
+mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */
+mp_err s_mp_pad(mp_int *mp, mp_size min); /* left pad with zeroes */
+
+void s_mp_clamp(mp_int *mp); /* clip leading zeroes */
+
+void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place */
+
+mp_err s_mp_lshd(mp_int *mp, mp_size p); /* left-shift by p digits */
+void s_mp_rshd(mp_int *mp, mp_size p); /* right-shift by p digits */
+mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place */
+void s_mp_div_2d(mp_int *mp, mp_digit d); /* divide by 2^d in place */
+void s_mp_mod_2d(mp_int *mp, mp_digit d); /* modulo 2^d in place */
+void s_mp_div_2(mp_int *mp); /* divide by 2 in place */
+mp_err s_mp_mul_2(mp_int *mp); /* multiply by 2 in place */
+mp_err s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd);
+/* normalize for division */
+mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */
+mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */
+mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */
+mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r);
+/* unsigned digit divide */
+mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu);
+/* Barrett reduction */
+mp_err s_mp_add(mp_int *a, const mp_int *b); /* magnitude addition */
+mp_err s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err s_mp_sub(mp_int *a, const mp_int *b); /* magnitude subtract */
+mp_err s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset);
+/* a += b * RADIX^offset */
+mp_err s_mp_mul(mp_int *a, const mp_int *b); /* magnitude multiply */
#if MP_SQUARE
-mp_err s_mp_sqr(mp_int *a); /* magnitude square */
+mp_err s_mp_sqr(mp_int *a); /* magnitude square */
#else
-#define s_mp_sqr(a) s_mp_mul(a, a)
+#define s_mp_sqr(a) s_mp_mul(a, a)
#endif
-mp_err s_mp_div(mp_int *rem, mp_int *div, mp_int *quot); /* magnitude div */
-mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
-mp_err s_mp_2expt(mp_int *a, mp_digit k); /* a = 2^k */
-int s_mp_cmp(const mp_int *a, const mp_int *b); /* magnitude comparison */
-int s_mp_cmp_d(const mp_int *a, mp_digit d); /* magnitude digit compare */
-int s_mp_ispow2(const mp_int *v); /* is v a power of 2? */
-int s_mp_ispow2d(mp_digit d); /* is d a power of 2? */
-
-int s_mp_tovalue(char ch, int r); /* convert ch to value */
-char s_mp_todigit(mp_digit val, int r, int low); /* convert val to digit */
-int s_mp_outlen(int bits, int r); /* output length in bytes */
-mp_digit s_mp_invmod_radix(mp_digit P); /* returns (P ** -1) mod RADIX */
-mp_err s_mp_invmod_odd_m( const mp_int *a, const mp_int *m, mp_int *c);
-mp_err s_mp_invmod_2d( const mp_int *a, mp_size k, mp_int *c);
-mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c);
+mp_err s_mp_div(mp_int *rem, mp_int *div, mp_int *quot); /* magnitude div */
+mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err s_mp_2expt(mp_int *a, mp_digit k); /* a = 2^k */
+int s_mp_cmp(const mp_int *a, const mp_int *b); /* magnitude comparison */
+int s_mp_cmp_d(const mp_int *a, mp_digit d); /* magnitude digit compare */
+int s_mp_ispow2(const mp_int *v); /* is v a power of 2? */
+int s_mp_ispow2d(mp_digit d); /* is d a power of 2? */
+
+int s_mp_tovalue(char ch, int r); /* convert ch to value */
+char s_mp_todigit(mp_digit val, int r, int low); /* convert val to digit */
+int s_mp_outlen(int bits, int r); /* output length in bytes */
+mp_digit s_mp_invmod_radix(mp_digit P); /* returns (P ** -1) mod RADIX */
+mp_err s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c);
+mp_err s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c);
+mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c);
#ifdef NSS_USE_COMBA
@@ -168,7 +173,7 @@ void s_mp_sqr_comba_32(const mp_int *A, mp_int *B);
#endif /* end NSS_USE_COMBA */
/* ------ mpv functions, operate on arrays of digits, not on mp_int's ------ */
-#if defined (__OS2__) && defined (__IBMC__)
+#if defined(__OS2__) && defined(__IBMC__)
#define MPI_ASM_DECL __cdecl
#else
#define MPI_ASM_DECL
@@ -176,50 +181,49 @@ void s_mp_sqr_comba_32(const mp_int *A, mp_int *B);
#ifdef MPI_AMD64
-mp_digit MPI_ASM_DECL s_mpv_mul_set_vec64(mp_digit*, mp_digit *, mp_size, mp_digit);
-mp_digit MPI_ASM_DECL s_mpv_mul_add_vec64(mp_digit*, const mp_digit*, mp_size, mp_digit);
+mp_digit MPI_ASM_DECL s_mpv_mul_set_vec64(mp_digit *, mp_digit *, mp_size, mp_digit);
+mp_digit MPI_ASM_DECL s_mpv_mul_add_vec64(mp_digit *, const mp_digit *, mp_size, mp_digit);
/* c = a * b */
#define s_mpv_mul_d(a, a_len, b, c) \
- ((mp_digit *)c)[a_len] = s_mpv_mul_set_vec64(c, a, a_len, b)
+ ((mp_digit *)c)[a_len] = s_mpv_mul_set_vec64(c, a, a_len, b)
/* c += a * b */
#define s_mpv_mul_d_add(a, a_len, b, c) \
- ((mp_digit *)c)[a_len] = s_mpv_mul_add_vec64(c, a, a_len, b)
-
+ ((mp_digit *)c)[a_len] = s_mpv_mul_add_vec64(c, a, a_len, b)
#else
-void MPI_ASM_DECL s_mpv_mul_d(const mp_digit *a, mp_size a_len,
- mp_digit b, mp_digit *c);
-void MPI_ASM_DECL s_mpv_mul_d_add(const mp_digit *a, mp_size a_len,
- mp_digit b, mp_digit *c);
+void MPI_ASM_DECL s_mpv_mul_d(const mp_digit *a, mp_size a_len,
+ mp_digit b, mp_digit *c);
+void MPI_ASM_DECL s_mpv_mul_d_add(const mp_digit *a, mp_size a_len,
+ mp_digit b, mp_digit *c);
#endif
-void MPI_ASM_DECL s_mpv_mul_d_add_prop(const mp_digit *a,
- mp_size a_len, mp_digit b,
- mp_digit *c);
-void MPI_ASM_DECL s_mpv_sqr_add_prop(const mp_digit *a,
- mp_size a_len,
- mp_digit *sqrs);
+void MPI_ASM_DECL s_mpv_mul_d_add_prop(const mp_digit *a,
+ mp_size a_len, mp_digit b,
+ mp_digit *c);
+void MPI_ASM_DECL s_mpv_sqr_add_prop(const mp_digit *a,
+ mp_size a_len,
+ mp_digit *sqrs);
-mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo,
- mp_digit divisor, mp_digit *quot, mp_digit *rem);
+mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo,
+ mp_digit divisor, mp_digit *quot, mp_digit *rem);
/* c += a * b * (MP_RADIX ** offset); */
/* Callers of this macro should be aware that the return type might vary;
* it should be treated as a void function. */
#define s_mp_mul_d_add_offset(a, b, c, off) \
- s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off)
+ s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off)
typedef struct {
- mp_int N; /* modulus N */
- mp_digit n0prime; /* n0' = - (n0 ** -1) mod MP_RADIX */
+ mp_int N; /* modulus N */
+ mp_digit n0prime; /* n0' = - (n0 ** -1) mod MP_RADIX */
} mp_mont_modulus;
-mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,
- mp_mont_modulus *mmm);
+mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,
+ mp_mont_modulus *mmm);
mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm);
/*
@@ -237,4 +241,3 @@ unsigned long s_mpi_getProcessorLineSize();
/* }}} */
#endif
-
diff --git a/lib/freebl/mpi/mpi-test.c b/lib/freebl/mpi/mpi-test.c
index 907dcc420..94445e562 100644
--- a/lib/freebl/mpi/mpi-test.c
+++ b/lib/freebl/mpi/mpi-test.c
@@ -3,7 +3,7 @@
*
* This is a general test suite for the MPI library, which tests
* all the functions in the library with known values. The program
- * exits with a zero (successful) status if the tests pass, or a
+ * exits with a zero (successful) status if the tests pass, or a
* nonzero status if the tests fail.
*
* This Source Code Form is subject to the terms of the Mozilla Public
@@ -23,12 +23,12 @@
#include "test-info.c"
/* ZS means Zero Suppressed (no leading zeros) */
-#if MP_USE_LONG_DIGIT
-#define ZS_DIGIT_FMT "%lX"
+#if MP_USE_LONG_DIGIT
+#define ZS_DIGIT_FMT "%lX"
#elif MP_USE_LONG_LONG_DIGIT
-#define ZS_DIGIT_FMT "%llX"
-#elif MP_USE_UINT_DIGIT
-#define ZS_DIGIT_FMT "%X"
+#define ZS_DIGIT_FMT "%llX"
+#elif MP_USE_UINT_DIGIT
+#define ZS_DIGIT_FMT "%X"
#else
#error "unknown type of digit"
#endif
@@ -45,62 +45,62 @@
for the comparison tests accordingly. Most of the other tests
should be fine as long as you re-compute the solutions, though.
*/
-const char *mp1 = "639A868CDA0C569861B";
-const char *mp2 = "AAFC0A3FE45E5E09DBE2C29";
-const char *mp3 = "B55AA8DF8A7E83241F38AC7A9E479CAEF2E4D7C5";
-const char *mp4 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
-const char *mp5 = "F595CB42";
-const char *mp5a = "-4B597E";
-const char *mp6 = "0";
-const char *mp7 = "EBFA7121CD838CE6439CC59DDB4CBEF3";
-const char *mp8 = "5";
-const char *mp9 = "F74A2876A1432698923B0767DA19DCF3D71795EE";
-const char *mp10 = "9184E72A000";
-const char *mp11 = "54D79A3557E8";
-const char *mp12 = "10000000000000000";
-const char *mp13 =
-"34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342BDAB6163963C"
-"D5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45F2B050D226E6DA88";
-const char *mp14 =
-"AC3FA0EABAAC45724814D798942A1E28E14C81E0DE8055CED630E7689DA648683645DB6E"
-"458D9F5338CC3D4E33A5D1C9BF42780133599E60DEE0049AFA8F9489501AE5C9AA2B8C13"
-"FD21285A538B2CA87A626BB56E0A654C8707535E637FF4E39174157402BDE3AA30C9F134"
-"0C1307BAA864B075A9CC828B6A5E2B2BF1AE406D920CC5E7657D7C0E697DEE5375773AF9"
-"E200A1B8FAD7CD141F9EE47ABB55511FEB9A4D99EBA22F3A3FF6792FA7EE9E5DC0EE94F7"
-"7A631EDF3D7DD7C2DAAAFDF234D60302AB63D5234CEAE941B9AF0ADDD9E6E3A940A94EE5"
-"5DB45A7C66E61EDD0477419BBEFA44C325129601C4F45671C6A0E64665DF341D17FBC71F"
-"77418BD9F4375DDB3B9D56126526D8E5E0F35A121FD4F347013DA880020A752324F31DDD"
-"9BCDB13A3B86E207A2DE086825E6EEB87B3A64232CFD8205B799BC018634AAE193F19531"
-"D6EBC19A75F27CFFAA03EB5974898F53FD569AA5CE60F431B53B0CDE715A5F382405C9C4"
-"761A8E24888328F09F7BCE4E8D80C957DF177629C8421ACCD0C268C63C0DD47C3C0D954F"
-"D79F7D7297C6788DF4B3E51381759864D880ACA246DF09533739B8BB6085EAF7AE8DC2D9"
-"F224E6874926C8D24D34B457FD2C9A586C6B99582DC24F787A39E3942786CF1D494B6EB4"
-"A513498CDA0B217C4E80BCE7DA1C704C35E071AC21E0DA9F57C27C3533F46A8D20B04137"
-"C1B1384BE4B2EB46";
-const char *mp15 =
-"39849CF7FD65AF2E3C4D87FE5526221103D90BA26A6642FFE3C3ECC0887BBBC57E011BF1"
-"05D822A841653509C68F79EBE51C0099B8CBB04DEF31F36F5954208A3209AC122F0E11D8"
-"4AE67A494D78336A2066D394D42E27EF6B03DDAF6D69F5112C93E714D27C94F82FC7EF77"
-"445768C68EAE1C4A1407BE1B303243391D325090449764AE469CC53EC8012C4C02A72F37"
-"07ED7275D2CC8D0A14B5BCC6BF264941520EBA97E3E6BAE4EE8BC87EE0DDA1F5611A6ECB"
-"65F8AEF4F184E10CADBDFA5A2FEF828901D18C20785E5CC63473D638762DA80625003711"
-"9E984AC43E707915B133543AF9D5522C3E7180DC58E1E5381C1FB7DC6A5F4198F3E88FA6"
-"CBB6DFA8B2D1C763226B253E18BCCB79A29EE82D2DE735078C8AE3C3C86D476AAA08434C"
-"09C274BDD40A1D8FDE38D6536C22F44E807EB73DE4FB36C9F51E0BC835DDBE3A8EFCF2FE"
-"672B525769DC39230EE624D5EEDBD837C82A52E153F37378C3AD68A81A7ADBDF3345DBCE"
-"8FA18CA1DE618EF94DF72EAD928D4F45B9E51632ACF158CF8332C51891D1D12C2A7E6684"
-"360C4BF177C952579A9F442CFFEC8DAE4821A8E7A31C4861D8464CA9116C60866C5E72F7"
-"434ADBED36D54ACDFDFF70A4EFB46E285131FE725F1C637D1C62115EDAD01C4189716327"
-"BFAA79618B1656CBFA22C2C965687D0381CC2FE0245913C4D8D96108213680BD8E93E821"
-"822AD9DDBFE4BD04";
-const char *mp16 = "4A724340668DB150339A70";
-const char *mp17 = "8ADB90F58";
-const char *mp18 = "C64C230AB20E5";
-const char *mp19 =
-"F1C9DACDA287F2E3C88DCE2393B8F53DAAAC1196DC36510962B6B59454CFE64B";
-const char *mp20 =
-"D445662C8B6FE394107B867797750C326E0F4A967E135FC430F6CD7207913AC7";
-const char* mp21 = "2";
+const char *mp1 = "639A868CDA0C569861B";
+const char *mp2 = "AAFC0A3FE45E5E09DBE2C29";
+const char *mp3 = "B55AA8DF8A7E83241F38AC7A9E479CAEF2E4D7C5";
+const char *mp4 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char *mp5 = "F595CB42";
+const char *mp5a = "-4B597E";
+const char *mp6 = "0";
+const char *mp7 = "EBFA7121CD838CE6439CC59DDB4CBEF3";
+const char *mp8 = "5";
+const char *mp9 = "F74A2876A1432698923B0767DA19DCF3D71795EE";
+const char *mp10 = "9184E72A000";
+const char *mp11 = "54D79A3557E8";
+const char *mp12 = "10000000000000000";
+const char *mp13 =
+ "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342BDAB6163963C"
+ "D5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45F2B050D226E6DA88";
+const char *mp14 =
+ "AC3FA0EABAAC45724814D798942A1E28E14C81E0DE8055CED630E7689DA648683645DB6E"
+ "458D9F5338CC3D4E33A5D1C9BF42780133599E60DEE0049AFA8F9489501AE5C9AA2B8C13"
+ "FD21285A538B2CA87A626BB56E0A654C8707535E637FF4E39174157402BDE3AA30C9F134"
+ "0C1307BAA864B075A9CC828B6A5E2B2BF1AE406D920CC5E7657D7C0E697DEE5375773AF9"
+ "E200A1B8FAD7CD141F9EE47ABB55511FEB9A4D99EBA22F3A3FF6792FA7EE9E5DC0EE94F7"
+ "7A631EDF3D7DD7C2DAAAFDF234D60302AB63D5234CEAE941B9AF0ADDD9E6E3A940A94EE5"
+ "5DB45A7C66E61EDD0477419BBEFA44C325129601C4F45671C6A0E64665DF341D17FBC71F"
+ "77418BD9F4375DDB3B9D56126526D8E5E0F35A121FD4F347013DA880020A752324F31DDD"
+ "9BCDB13A3B86E207A2DE086825E6EEB87B3A64232CFD8205B799BC018634AAE193F19531"
+ "D6EBC19A75F27CFFAA03EB5974898F53FD569AA5CE60F431B53B0CDE715A5F382405C9C4"
+ "761A8E24888328F09F7BCE4E8D80C957DF177629C8421ACCD0C268C63C0DD47C3C0D954F"
+ "D79F7D7297C6788DF4B3E51381759864D880ACA246DF09533739B8BB6085EAF7AE8DC2D9"
+ "F224E6874926C8D24D34B457FD2C9A586C6B99582DC24F787A39E3942786CF1D494B6EB4"
+ "A513498CDA0B217C4E80BCE7DA1C704C35E071AC21E0DA9F57C27C3533F46A8D20B04137"
+ "C1B1384BE4B2EB46";
+const char *mp15 =
+ "39849CF7FD65AF2E3C4D87FE5526221103D90BA26A6642FFE3C3ECC0887BBBC57E011BF1"
+ "05D822A841653509C68F79EBE51C0099B8CBB04DEF31F36F5954208A3209AC122F0E11D8"
+ "4AE67A494D78336A2066D394D42E27EF6B03DDAF6D69F5112C93E714D27C94F82FC7EF77"
+ "445768C68EAE1C4A1407BE1B303243391D325090449764AE469CC53EC8012C4C02A72F37"
+ "07ED7275D2CC8D0A14B5BCC6BF264941520EBA97E3E6BAE4EE8BC87EE0DDA1F5611A6ECB"
+ "65F8AEF4F184E10CADBDFA5A2FEF828901D18C20785E5CC63473D638762DA80625003711"
+ "9E984AC43E707915B133543AF9D5522C3E7180DC58E1E5381C1FB7DC6A5F4198F3E88FA6"
+ "CBB6DFA8B2D1C763226B253E18BCCB79A29EE82D2DE735078C8AE3C3C86D476AAA08434C"
+ "09C274BDD40A1D8FDE38D6536C22F44E807EB73DE4FB36C9F51E0BC835DDBE3A8EFCF2FE"
+ "672B525769DC39230EE624D5EEDBD837C82A52E153F37378C3AD68A81A7ADBDF3345DBCE"
+ "8FA18CA1DE618EF94DF72EAD928D4F45B9E51632ACF158CF8332C51891D1D12C2A7E6684"
+ "360C4BF177C952579A9F442CFFEC8DAE4821A8E7A31C4861D8464CA9116C60866C5E72F7"
+ "434ADBED36D54ACDFDFF70A4EFB46E285131FE725F1C637D1C62115EDAD01C4189716327"
+ "BFAA79618B1656CBFA22C2C965687D0381CC2FE0245913C4D8D96108213680BD8E93E821"
+ "822AD9DDBFE4BD04";
+const char *mp16 = "4A724340668DB150339A70";
+const char *mp17 = "8ADB90F58";
+const char *mp18 = "C64C230AB20E5";
+const char *mp19 =
+ "F1C9DACDA287F2E3C88DCE2393B8F53DAAAC1196DC36510962B6B59454CFE64B";
+const char *mp20 =
+ "D445662C8B6FE394107B867797750C326E0F4A967E135FC430F6CD7207913AC7";
+const char *mp21 = "2";
const mp_digit md1 = 0;
const mp_digit md2 = 0x1;
@@ -112,7 +112,7 @@ const mp_digit md7 = 0x03E8;
const mp_digit md8 = 0x0101;
const mp_digit md9 = 0xA;
-/*
+/*
Solutions of the form x_mpABC, where:
x = (p)roduct, (s)um, (d)ifference, (q)uotient, (r)emainder, (g)cd,
@@ -122,1821 +122,2038 @@ const mp_digit md9 = 0xA;
ABC are the operand numbers involved in the computation. If a 'd'
precedes the number, it is a digit operand; if a 'c' precedes it,
- it is a constant; otherwise, it is a full integer.
+ it is a constant; otherwise, it is a full integer.
*/
-const char *p_mp12 = "4286AD72E095C9FE009938750743174ADDD7FD1E53";
-const char *p_mp34 = "-46BDBD66CA108C94A8CF46C325F7B6E2F2BA82D35"
- "A1BFD6934C441EE369B60CA29BADC26845E918B";
-const char *p_mp57 = "E260C265A0A27C17AD5F4E59D6E0360217A2EBA6";
-const char *p_mp22 = "7233B5C1097FFC77CCF55928FDC3A5D31B712FDE7A1E91";
-const char *p_mp1d4 = "3CECEA2331F4220BEF68DED";
-const char *p_mp8d6 = "6720";
+const char *p_mp12 = "4286AD72E095C9FE009938750743174ADDD7FD1E53";
+const char *p_mp34 = "-46BDBD66CA108C94A8CF46C325F7B6E2F2BA82D35"
+ "A1BFD6934C441EE369B60CA29BADC26845E918B";
+const char *p_mp57 = "E260C265A0A27C17AD5F4E59D6E0360217A2EBA6";
+const char *p_mp22 = "7233B5C1097FFC77CCF55928FDC3A5D31B712FDE7A1E91";
+const char *p_mp1d4 = "3CECEA2331F4220BEF68DED";
+const char *p_mp8d6 = "6720";
const char *p_mp1113 =
-"11590FC3831C8C3C51813142C88E566408DB04F9E27642F6471A1822E0100B12F7F1"
-"5699A127C0FA9D26DCBFF458522661F30C6ADA4A07C8C90F9116893F6DBFBF24C3A2"
-"4340";
-const char *p_mp1415 =
-"26B36540DE8B3586699CCEAE218A2842C7D5A01590E70C4A26E789107FBCDB06AA2C"
-"6DDC39E6FA18B16FCB2E934C9A5F844DAD60EE3B1EA82199EC5E9608F67F860FB965"
-"736055DF0E8F2540EB28D07F47E309B5F5D7C94FF190AB9C83A6970160CA700B1081"
-"F60518132AF28C6CEE6B7C473E461ABAC52C39CED50A08DD4E7EA8BA18DAD545126D"
-"A388F6983C29B6BE3F9DCBC15766E8E6D626A92C5296A9C4653CAE5788350C0E2107"
-"F57E5E8B6994C4847D727FF1A63A66A6CEF42B9C9E6BD04C92550B85D5527DE8A132"
-"E6BE89341A9285C7CE7FB929D871BBCBD0ED2863B6B078B0DBB30FCA66D6C64284D6"
-"57F394A0271E15B6EC7A9D530EBAC6CA262EF6F97E1A29FCE7749240E4AECA591ECF"
-"272122BC587370F9371B67BB696B3CDC1BC8C5B64B6280994EBA00CDEB8EB0F5D06E"
-"18F401D65FDCECF23DD7B9BB5B4C5458AEF2CCC09BA7F70EACB844750ACFD027521E"
-"2E047DE8388B35F8512D3DA46FF1A12D4260213602BF7BFFDB6059439B1BD0676449"
-"8D98C74F48FB3F548948D5BA0C8ECFCD054465132DC43466D6BBD59FBAF8D6D4E157"
-"2D612B40A956C7D3E140F3B8562EF18568B24D335707D5BAC7495014DF2444172426"
-"FD099DED560D30D1F945386604AFC85C64BD1E5F531F5C7840475FC0CF0F79810012"
-"4572BAF5A9910CDBD02B27FFCC3C7E5E88EF59F3AE152476E33EDA696A4F751E0AE4"
-"A3D2792DEA78E25B9110E12A19EFD09EA47FF9D6594DA445478BEB6901EAF8A35B2D"
-"FD59BEE9BF7AA8535B7D326EFA5AA2121B5EBE04DD85827A3D43BD04F4AA6D7B62A2"
-"B6D7A3077286A511A431E1EF75FCEBA3FAE9D5843A8ED17AA02BBB1B571F904699C5"
-"A6073F87DDD012E2322AB3F41F2A61F428636FE86914148E19B8EF8314ED83332F2F"
-"8C2ADE95071E792C0A68B903E060DD322A75FD0C2B992059FCCBB58AFA06B50D1634"
-"BBD93F187FCE0566609FCC2BABB269C66CEB097598AA17957BB4FDA3E64A1B30402E"
-"851CF9208E33D52E459A92C63FBB66435BB018E155E2C7F055E0B7AB82CD58FC4889"
-"372ED9EEAC2A07E8E654AB445B9298D2830D6D4DFD117B9C8ABE3968927DC24B3633"
-"BAD6E6466DB45DDAE87A0AB00336AC2CCCE176704F7214FCAB55743AB76C2B6CA231"
-"7984610B27B5786DE55C184DDF556EDFEA79A3652831940DAD941E243F482DC17E50"
-"284BC2FB1AD712A92542C573E55678878F02DFD9E3A863C7DF863227AEDE14B47AD3"
-"957190124820ADC19F5353878EDB6BF7D0C77352A6E3BDB53EEB88F5AEF6226D6E68"
-"756776A8FB49B77564147A641664C2A54F7E5B680CCC6A4D22D894E464DF20537094"
-"548F1732452F9E7F810C0B4B430C073C0FBCE03F0D03F82630654BCE166AA772E1EE"
-"DD0C08D3E3EBDF0AF54203B43AFDFC40D8FC79C97A4B0A4E1BEB14D8FCEFDDED8758"
-"6ED65B18";
+ "11590FC3831C8C3C51813142C88E566408DB04F9E27642F6471A1822E0100B12F7F1"
+ "5699A127C0FA9D26DCBFF458522661F30C6ADA4A07C8C90F9116893F6DBFBF24C3A2"
+ "4340";
+const char *p_mp1415 =
+ "26B36540DE8B3586699CCEAE218A2842C7D5A01590E70C4A26E789107FBCDB06AA2C"
+ "6DDC39E6FA18B16FCB2E934C9A5F844DAD60EE3B1EA82199EC5E9608F67F860FB965"
+ "736055DF0E8F2540EB28D07F47E309B5F5D7C94FF190AB9C83A6970160CA700B1081"
+ "F60518132AF28C6CEE6B7C473E461ABAC52C39CED50A08DD4E7EA8BA18DAD545126D"
+ "A388F6983C29B6BE3F9DCBC15766E8E6D626A92C5296A9C4653CAE5788350C0E2107"
+ "F57E5E8B6994C4847D727FF1A63A66A6CEF42B9C9E6BD04C92550B85D5527DE8A132"
+ "E6BE89341A9285C7CE7FB929D871BBCBD0ED2863B6B078B0DBB30FCA66D6C64284D6"
+ "57F394A0271E15B6EC7A9D530EBAC6CA262EF6F97E1A29FCE7749240E4AECA591ECF"
+ "272122BC587370F9371B67BB696B3CDC1BC8C5B64B6280994EBA00CDEB8EB0F5D06E"
+ "18F401D65FDCECF23DD7B9BB5B4C5458AEF2CCC09BA7F70EACB844750ACFD027521E"
+ "2E047DE8388B35F8512D3DA46FF1A12D4260213602BF7BFFDB6059439B1BD0676449"
+ "8D98C74F48FB3F548948D5BA0C8ECFCD054465132DC43466D6BBD59FBAF8D6D4E157"
+ "2D612B40A956C7D3E140F3B8562EF18568B24D335707D5BAC7495014DF2444172426"
+ "FD099DED560D30D1F945386604AFC85C64BD1E5F531F5C7840475FC0CF0F79810012"
+ "4572BAF5A9910CDBD02B27FFCC3C7E5E88EF59F3AE152476E33EDA696A4F751E0AE4"
+ "A3D2792DEA78E25B9110E12A19EFD09EA47FF9D6594DA445478BEB6901EAF8A35B2D"
+ "FD59BEE9BF7AA8535B7D326EFA5AA2121B5EBE04DD85827A3D43BD04F4AA6D7B62A2"
+ "B6D7A3077286A511A431E1EF75FCEBA3FAE9D5843A8ED17AA02BBB1B571F904699C5"
+ "A6073F87DDD012E2322AB3F41F2A61F428636FE86914148E19B8EF8314ED83332F2F"
+ "8C2ADE95071E792C0A68B903E060DD322A75FD0C2B992059FCCBB58AFA06B50D1634"
+ "BBD93F187FCE0566609FCC2BABB269C66CEB097598AA17957BB4FDA3E64A1B30402E"
+ "851CF9208E33D52E459A92C63FBB66435BB018E155E2C7F055E0B7AB82CD58FC4889"
+ "372ED9EEAC2A07E8E654AB445B9298D2830D6D4DFD117B9C8ABE3968927DC24B3633"
+ "BAD6E6466DB45DDAE87A0AB00336AC2CCCE176704F7214FCAB55743AB76C2B6CA231"
+ "7984610B27B5786DE55C184DDF556EDFEA79A3652831940DAD941E243F482DC17E50"
+ "284BC2FB1AD712A92542C573E55678878F02DFD9E3A863C7DF863227AEDE14B47AD3"
+ "957190124820ADC19F5353878EDB6BF7D0C77352A6E3BDB53EEB88F5AEF6226D6E68"
+ "756776A8FB49B77564147A641664C2A54F7E5B680CCC6A4D22D894E464DF20537094"
+ "548F1732452F9E7F810C0B4B430C073C0FBCE03F0D03F82630654BCE166AA772E1EE"
+ "DD0C08D3E3EBDF0AF54203B43AFDFC40D8FC79C97A4B0A4E1BEB14D8FCEFDDED8758"
+ "6ED65B18";
const char *p_mp2121 = "4";
const char *mp_mp345 = "B9B6D3A3";
const char *mp_mp335 = "16609C2D";
-const char *s_mp13 = "B55AA8DF8A7E83241F38B2B446B06A4FB84E5DE0";
-const char *s_mp34 = "517EE6B92EF65C965736EB6BF7C325F73504CEB6";
-const char *s_mp46 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
-const char *s_mp5d4 = "F59667D9";
-const char *s_mp2d5 = "AAFC0A3FE45E5E09DBF21E8";
-const char *s_mp1415 =
-"E5C43DE2B811F4A084625F96E9504039E5258D8348E698CEB9F4D4292622042DB446"
-"F75F4B65C1FB7A317257FA354BB5A45E789AEC254EAECE11F80A53E3B513822491DB"
-"D9399DEC4807A2A3A10360129AC93F4A42388D3BF20B310DD0E9E9F4BE07FC88D53A"
-"78A26091E0AB506A70813712CCBFBDD440A69A906E650EE090FDD6A42A95AC1A414D"
-"317F1A9F781E6A30E9EE142ECDA45A1E3454A1417A7B9A613DA90831CF88EA1F2E82"
-"41AE88CC4053220903C2E05BCDD42F02B8CF8868F84C64C5858BAD356143C5494607"
-"EE22E11650148BAF65A985F6FC4CA540A55697F2B5AA95D6B8CF96EF638416DE1DD6"
-"3BA9E2C09E22D03E75B60BE456C642F86B82A709253E5E087B507DE3A45F8392423F"
-"4DBC284E8DC88C43CA77BC8DCEFB6129A59025F80F90FF978116DEBB9209E306FBB9"
-"1B6111F8B8CFACB7C7C9BC12691C22EE88303E1713F1DFCEB622B8EA102F6365678B"
-"C580ED87225467AA78E875868BD53B17574BA59305BC1AC666E4B7E9ED72FCFC200E"
-"189D98FC8C5C7533739C53F52DDECDDFA5A8668BFBD40DABC9640F8FCAE58F532940"
-"8162261320A25589E9FB51B50F80056471F24B7E1AEC35D1356FC2747FFC13A04B34"
-"24FCECE10880BD9D97CA8CDEB2F5969BF4F30256EB5ED2BCD1DC64BDC2EE65217848"
-"48A37FB13F84ED4FB7ACA18C4639EE64309BDD3D552AEB4AAF44295943DC1229A497"
-"A84A";
+const char *s_mp13 = "B55AA8DF8A7E83241F38B2B446B06A4FB84E5DE0";
+const char *s_mp34 = "517EE6B92EF65C965736EB6BF7C325F73504CEB6";
+const char *s_mp46 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char *s_mp5d4 = "F59667D9";
+const char *s_mp2d5 = "AAFC0A3FE45E5E09DBF21E8";
+const char *s_mp1415 =
+ "E5C43DE2B811F4A084625F96E9504039E5258D8348E698CEB9F4D4292622042DB446"
+ "F75F4B65C1FB7A317257FA354BB5A45E789AEC254EAECE11F80A53E3B513822491DB"
+ "D9399DEC4807A2A3A10360129AC93F4A42388D3BF20B310DD0E9E9F4BE07FC88D53A"
+ "78A26091E0AB506A70813712CCBFBDD440A69A906E650EE090FDD6A42A95AC1A414D"
+ "317F1A9F781E6A30E9EE142ECDA45A1E3454A1417A7B9A613DA90831CF88EA1F2E82"
+ "41AE88CC4053220903C2E05BCDD42F02B8CF8868F84C64C5858BAD356143C5494607"
+ "EE22E11650148BAF65A985F6FC4CA540A55697F2B5AA95D6B8CF96EF638416DE1DD6"
+ "3BA9E2C09E22D03E75B60BE456C642F86B82A709253E5E087B507DE3A45F8392423F"
+ "4DBC284E8DC88C43CA77BC8DCEFB6129A59025F80F90FF978116DEBB9209E306FBB9"
+ "1B6111F8B8CFACB7C7C9BC12691C22EE88303E1713F1DFCEB622B8EA102F6365678B"
+ "C580ED87225467AA78E875868BD53B17574BA59305BC1AC666E4B7E9ED72FCFC200E"
+ "189D98FC8C5C7533739C53F52DDECDDFA5A8668BFBD40DABC9640F8FCAE58F532940"
+ "8162261320A25589E9FB51B50F80056471F24B7E1AEC35D1356FC2747FFC13A04B34"
+ "24FCECE10880BD9D97CA8CDEB2F5969BF4F30256EB5ED2BCD1DC64BDC2EE65217848"
+ "48A37FB13F84ED4FB7ACA18C4639EE64309BDD3D552AEB4AAF44295943DC1229A497"
+ "A84A";
const char *ms_mp345 = "1E71E292";
-const char *d_mp12 = "-AAFBA6A55DD183FD854A60E";
-const char *d_mp34 = "119366B05E606A9B1E73A6D8944CC1366B0C4E0D4";
-const char *d_mp5d4 = "F5952EAB";
-const char *d_mp6d2 = "-1";
+const char *d_mp12 = "-AAFBA6A55DD183FD854A60E";
+const char *d_mp34 = "119366B05E606A9B1E73A6D8944CC1366B0C4E0D4";
+const char *d_mp5d4 = "F5952EAB";
+const char *d_mp6d2 = "-1";
const char *md_mp345 = "26596B86";
-const char *q_mp42 = "-95825A1FFA1A155D5";
-const char *r_mp42 = "-6312E99D7700A3DCB32ADF2";
-const char *q_mp45a = "15344CDA3D841F661D2B61B6EDF7828CE36";
-const char *r_mp45a = "-47C47B";
-const char *q_mp7c2 = "75FD3890E6C1C67321CE62CEEDA65F79";
-const char *q_mp3d6 = "8CAFD53C272BD6FE8B0847BDC3B539EFAB5C3";
-const char *r_mp3d6 = "1E5";
-const char *r_mp5d5 = "1257";
-const char *r_mp47 = "B3A9018D970281A90FB729A181D95CB8";
-const char *q_mp1404 =
-"-1B994D869142D3EF6123A3CBBC3C0114FA071CFCEEF4B7D231D65591D32501AD80F"
-"FF49AE4EC80514CC071EF6B42521C2508F4CB2FEAD69A2D2EF3934087DCAF88CC4C4"
-"659F1CA8A7F4D36817D802F778F1392337FE36302D6865BF0D4645625DF8BB044E19"
-"930635BE2609FAC8D99357D3A9F81F2578DE15A300964188292107DAC980E0A08CD7"
-"E938A2135FAD45D50CB1D8C2D4C4E60C27AB98B9FBD7E4DBF752C57D2674520E4BB2"
-"7E42324C0EFE84FB3E38CF6950E699E86FD45FE40D428400F2F94EDF7E94FAE10B45"
-"89329E1BF61E5A378C7B31C9C6A234F8254D4C24823B84D0BF8D671D8BC9154DFAC9"
-"49BD8ACABD6BD32DD4DC587F22C86153CB3954BDF7C2A890D623642492C482CF3E2C"
-"776FC019C3BBC61688B485E6FD35D6376089C1E33F880E84C4E51E8ABEACE1B3FB70"
-"3EAD0E28D2D44E7F1C0A859C840775E94F8C1369D985A3C5E8114B21D68B3CBB75D2"
-"791C586153C85B90CAA483E57A40E2D97950AAB84920A4396C950C87C7FFFE748358"
-"42A0BF65445B26D40F05BE164B822CA96321F41D85A289C5F5CD5F438A78704C9683"
-"422299D21899A22F853B0C93081CC9925E350132A0717A611DD932A68A0ACC6E4C7F"
-"7F685EF8C1F4910AEA5DC00BB5A36FCA07FFEAA490C547F6E14A08FE87041AB803E1"
-"BD9E23E4D367A2C35762F209073DFF48F3";
+const char *q_mp42 = "-95825A1FFA1A155D5";
+const char *r_mp42 = "-6312E99D7700A3DCB32ADF2";
+const char *q_mp45a = "15344CDA3D841F661D2B61B6EDF7828CE36";
+const char *r_mp45a = "-47C47B";
+const char *q_mp7c2 = "75FD3890E6C1C67321CE62CEEDA65F79";
+const char *q_mp3d6 = "8CAFD53C272BD6FE8B0847BDC3B539EFAB5C3";
+const char *r_mp3d6 = "1E5";
+const char *r_mp5d5 = "1257";
+const char *r_mp47 = "B3A9018D970281A90FB729A181D95CB8";
+const char *q_mp1404 =
+ "-1B994D869142D3EF6123A3CBBC3C0114FA071CFCEEF4B7D231D65591D32501AD80F"
+ "FF49AE4EC80514CC071EF6B42521C2508F4CB2FEAD69A2D2EF3934087DCAF88CC4C4"
+ "659F1CA8A7F4D36817D802F778F1392337FE36302D6865BF0D4645625DF8BB044E19"
+ "930635BE2609FAC8D99357D3A9F81F2578DE15A300964188292107DAC980E0A08CD7"
+ "E938A2135FAD45D50CB1D8C2D4C4E60C27AB98B9FBD7E4DBF752C57D2674520E4BB2"
+ "7E42324C0EFE84FB3E38CF6950E699E86FD45FE40D428400F2F94EDF7E94FAE10B45"
+ "89329E1BF61E5A378C7B31C9C6A234F8254D4C24823B84D0BF8D671D8BC9154DFAC9"
+ "49BD8ACABD6BD32DD4DC587F22C86153CB3954BDF7C2A890D623642492C482CF3E2C"
+ "776FC019C3BBC61688B485E6FD35D6376089C1E33F880E84C4E51E8ABEACE1B3FB70"
+ "3EAD0E28D2D44E7F1C0A859C840775E94F8C1369D985A3C5E8114B21D68B3CBB75D2"
+ "791C586153C85B90CAA483E57A40E2D97950AAB84920A4396C950C87C7FFFE748358"
+ "42A0BF65445B26D40F05BE164B822CA96321F41D85A289C5F5CD5F438A78704C9683"
+ "422299D21899A22F853B0C93081CC9925E350132A0717A611DD932A68A0ACC6E4C7F"
+ "7F685EF8C1F4910AEA5DC00BB5A36FCA07FFEAA490C547F6E14A08FE87041AB803E1"
+ "BD9E23E4D367A2C35762F209073DFF48F3";
const char *r_mp1404 = "12FF98621ABF63144BFFC3207AC8FC10D8D1A09";
-const char *q_mp13c =
- "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342"
- "BDAB6163963CD5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45";
-const char *r_mp13c = "F2B050D226E6DA88";
+const char *q_mp13c =
+ "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342"
+ "BDAB6163963CD5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45";
+const char *r_mp13c = "F2B050D226E6DA88";
const char *q_mp9c16 = "F74A2876A1432698923B0767DA19DCF3D71795E";
const char *r_mp9c16 = "E";
const char *e_mp5d9 = "A8FD7145E727A20E52E73D22990D35D158090307A"
- "13A5215AAC4E9AB1E96BD34E531209E03310400";
-const char *e_mp78 = "AA5F72C737DFFD8CCD108008BFE7C79ADC01A819B"
- "32B75FB82EC0FB8CA83311DA36D4063F1E57857A2"
- "1AB226563D84A15BB63CE975FF1453BD6750C58D9"
- "D113175764F5D0B3C89B262D4702F4D9640A3";
+ "13A5215AAC4E9AB1E96BD34E531209E03310400";
+const char *e_mp78 = "AA5F72C737DFFD8CCD108008BFE7C79ADC01A819B"
+ "32B75FB82EC0FB8CA83311DA36D4063F1E57857A2"
+ "1AB226563D84A15BB63CE975FF1453BD6750C58D9"
+ "D113175764F5D0B3C89B262D4702F4D9640A3";
const char *me_mp817 = "E504493ACB02F7F802B327AB13BF25";
const char *me_mp5d47 = "1D45ED0D78F2778157992C951DD2734C";
const char *me_mp1512 = "FB5B2A28D902B9D9";
const char *me_mp161718 = "423C6AC6DBD74";
const char *me_mp5114 =
-"64F0F72807993578BBA3C7C36FFB184028F9EB9A810C92079E1498D8A80FC848E1F0"
-"25F1DE43B7F6AC063F5CC29D8A7C2D7A66269D72BF5CDC327AF88AF8EF9E601DCB0A"
-"3F35BFF3525FB1B61CE3A25182F17C0A0633B4089EA15BDC47664A43FEF639748AAC"
-"19CF58E83D8FA32CD10661D2D4210CC84792937E6F36CB601851356622E63ADD4BD5"
-"542412C2E0C4958E51FD2524AABDC7D60CFB5DB332EEC9DC84210F10FAE0BA2018F2"
-"14C9D6867C9D6E49CF28C18D06CE009FD4D04BFC8837C3FAAA773F5CCF6DED1C22DE"
-"181786AFE188540586F2D74BF312E595244E6936AE52E45742109BAA76C36F2692F5"
-"CEF97AD462B138BE92721194B163254CBAAEE9B9864B21CCDD5375BCAD0D24132724"
-"113D3374B4BCF9AA49BA5ACBC12288C0BCF46DCE6CB4A241A91BD559B130B6E9CD3D"
-"D7A2C8B280C2A278BA9BF5D93244D563015C9484B86D9FEB602501DC16EEBC3EFF19"
-"53D7999682BF1A1E3B2E7B21F4BDCA3C355039FEF55B9C0885F98DC355CA7A6D8ECF"
-"5F7F1A6E11A764F2343C823B879B44616B56BF6AE3FA2ACF5483660E618882018E3F"
-"C8459313BACFE1F93CECC37B2576A5C0B2714BD3EEDEEC22F0E7E3E77B11396B9B99"
-"D683F2447A4004BBD4A57F6A616CDDFEC595C4FC19884CC2FC21CF5BF5B0B81E0F83"
-"B9DDA0CF4DFF35BB8D31245912BF4497FD0BD95F0C604E26EA5A8EA4F5EAE870A5BD"
-"FE8C";
+ "64F0F72807993578BBA3C7C36FFB184028F9EB9A810C92079E1498D8A80FC848E1F0"
+ "25F1DE43B7F6AC063F5CC29D8A7C2D7A66269D72BF5CDC327AF88AF8EF9E601DCB0A"
+ "3F35BFF3525FB1B61CE3A25182F17C0A0633B4089EA15BDC47664A43FEF639748AAC"
+ "19CF58E83D8FA32CD10661D2D4210CC84792937E6F36CB601851356622E63ADD4BD5"
+ "542412C2E0C4958E51FD2524AABDC7D60CFB5DB332EEC9DC84210F10FAE0BA2018F2"
+ "14C9D6867C9D6E49CF28C18D06CE009FD4D04BFC8837C3FAAA773F5CCF6DED1C22DE"
+ "181786AFE188540586F2D74BF312E595244E6936AE52E45742109BAA76C36F2692F5"
+ "CEF97AD462B138BE92721194B163254CBAAEE9B9864B21CCDD5375BCAD0D24132724"
+ "113D3374B4BCF9AA49BA5ACBC12288C0BCF46DCE6CB4A241A91BD559B130B6E9CD3D"
+ "D7A2C8B280C2A278BA9BF5D93244D563015C9484B86D9FEB602501DC16EEBC3EFF19"
+ "53D7999682BF1A1E3B2E7B21F4BDCA3C355039FEF55B9C0885F98DC355CA7A6D8ECF"
+ "5F7F1A6E11A764F2343C823B879B44616B56BF6AE3FA2ACF5483660E618882018E3F"
+ "C8459313BACFE1F93CECC37B2576A5C0B2714BD3EEDEEC22F0E7E3E77B11396B9B99"
+ "D683F2447A4004BBD4A57F6A616CDDFEC595C4FC19884CC2FC21CF5BF5B0B81E0F83"
+ "B9DDA0CF4DFF35BB8D31245912BF4497FD0BD95F0C604E26EA5A8EA4F5EAE870A5BD"
+ "FE8C";
const char *e_mpc2d3 = "100000000000000000000000000000000";
-const char *t_mp9 = "FB9B6E32FF0452A34746";
-const char *i_mp27 = "B6AD8DCCDAF92B6FE57D062FFEE3A99";
-const char *i_mp2019 =
-"BDF3D88DC373A63EED92903115B03FC8501910AF68297B4C41870AED3EA9F839";
+const char *t_mp9 = "FB9B6E32FF0452A34746";
+const char *i_mp27 = "B6AD8DCCDAF92B6FE57D062FFEE3A99";
+const char *i_mp2019 =
+ "BDF3D88DC373A63EED92903115B03FC8501910AF68297B4C41870AED3EA9F839";
/* "15E3FE09E8AE5523AABA197BD2D16318D3CA148EDF4AE1C1C52FC96AFAF5680B"; */
-
const char *t_mp15 =
-"795853094E59B0008093BCA8DECF68587C64BDCA2F3F7F8963DABC12F1CFFFA9B8C4"
-"365232FD4751870A0EF6CA619287C5D8B7F1747D95076AB19645EF309773E9EACEA0"
-"975FA4AE16251A8DA5865349C3A903E3B8A2C0DEA3C0720B6020C7FED69AFF62BB72"
-"10FAC443F9FFA2950776F949E819260C2AF8D94E8A1431A40F8C23C1973DE5D49AA2"
-"0B3FF5DA5C1D5324E712A78FF33A9B1748F83FA529905924A31DF38643B3F693EF9B"
-"58D846BB1AEAE4523ECC843FF551C1B300A130B65C1677402778F98C51C10813250E"
-"2496882877B069E877B59740DC1226F18A5C0F66F64A5F59A9FAFC5E9FC45AEC0E7A"
-"BEE244F7DD3AC268CF512A0E52E4F5BE5B94";
-
-const char *g_mp71 = "1";
-const char *g_mp25 = "7";
+ "795853094E59B0008093BCA8DECF68587C64BDCA2F3F7F8963DABC12F1CFFFA9B8C4"
+ "365232FD4751870A0EF6CA619287C5D8B7F1747D95076AB19645EF309773E9EACEA0"
+ "975FA4AE16251A8DA5865349C3A903E3B8A2C0DEA3C0720B6020C7FED69AFF62BB72"
+ "10FAC443F9FFA2950776F949E819260C2AF8D94E8A1431A40F8C23C1973DE5D49AA2"
+ "0B3FF5DA5C1D5324E712A78FF33A9B1748F83FA529905924A31DF38643B3F693EF9B"
+ "58D846BB1AEAE4523ECC843FF551C1B300A130B65C1677402778F98C51C10813250E"
+ "2496882877B069E877B59740DC1226F18A5C0F66F64A5F59A9FAFC5E9FC45AEC0E7A"
+ "BEE244F7DD3AC268CF512A0E52E4F5BE5B94";
+
+const char *g_mp71 = "1";
+const char *g_mp25 = "7";
const char *l_mp1011 = "C589E3D7D64A6942A000";
/* mp9 in radices from 5 to 64 inclusive */
-#define LOW_RADIX 5
-#define HIGH_RADIX 64
+#define LOW_RADIX 5
+#define HIGH_RADIX 64
const char *v_mp9[] = {
- "404041130042310320100141302000203430214122130002340212132414134210033",
- "44515230120451152500101352430105520150025145320010504454125502",
- "644641136612541136016610100564613624243140151310023515322",
- "173512120732412062323044435407317550316717172705712756",
- "265785018434285762514442046172754680368422060744852",
- "1411774500397290569709059837552310354075408897518",
- "184064268501499311A17746095910428222A241708032A",
- "47706011B225950B02BB45602AA039893118A85950892",
- "1A188C826B982353CB58422563AC602B783101671A86",
- "105957B358B89B018958908A9114BC3DDC410B77982",
- "CB7B3387E23452178846C55DD9D70C7CA9AEA78E8",
- "F74A2876A1432698923B0767DA19DCF3D71795EE",
- "17BF7C3673B76D7G7A5GA836277296F806E7453A",
- "2EBG8HH3HFA6185D6H0596AH96G24C966DD3HG2",
- "6G3HGBFEG8I3F25EAF61B904EIA40CFDH2124F",
- "10AHC3D29EBHDF3HD97905CG0JA8061855C3FI",
- "3BA5A55J5K699B2D09C38A4B237CH51IHA132",
- "EDEA90DJ0B5CB3FGG1C8587FEB99D3C143CA",
- "31M26JI1BBD56K3I028MML4EEDMAJK60LGLE",
- "GGG5M3142FKKG82EJ28111D70EMHC241E4E",
- "4446F4D5H10982023N297BF0DKBBHLLJB0I",
- "12E9DEEOBMKAKEP0IM284MIP7FO1O521M46",
- "85NN0HD48NN2FDDB1F5BMMKIB8CK20MDPK",
- "2D882A7A0O0JPCJ4APDRIB77IABAKDGJP2",
- "MFMCI0R7S27AAA3O3L2S8K44HKA7O02CN",
- "7IGQS73FFSHC50NNH44B6PTTNLC3M6H78",
- "2KLUB3U9850CSN6ANIDNIF1LB29MJ43LH",
- "UT52GTL18CJ9H4HR0TJTK6ESUFBHF5FE",
- "BTVL87QQBMUGF8PFWU4W3VU7U922QTMW",
- "4OG10HW0MSWJBIDEE2PDH24GA7RIHIAA",
- "1W8W9AX2DRUX48GXOLMK0PE42H0FEUWN",
- "SVWI84VBH069WR15W1U2VTK06USY8Z2",
- "CPTPNPDa5TYCPPNLALENT9IMX2GL0W2",
- "5QU21UJMRaUYYYYYN6GHSMPOYOXEEUY",
- "2O2Q7C6RPPB1SXJ9bR4035SPaQQ3H2W",
- "18d994IbT4PHbD7cGIPCRP00bbQO0bc",
- "NcDUEEWRO7XT76260WGeBHPVa72RdA",
- "BbX2WCF9VfSB5LPdJAdeXKV1fd6LC2",
- "60QDKW67P4JSQaTdQg7JE9ISafLaVU",
- "33ba9XbDbRdNF4BeDB2XYMhAVDaBdA",
- "1RIPZJA8gT5L5H7fTcaRhQ39geMMTc",
- "d65j70fBATjcDiidPYXUGcaBVVLME",
- "LKA9jhPabDG612TXWkhfT2gMXNIP2",
- "BgNaYhjfT0G8PBcYRP8khJCR3C9QE",
- "6Wk8RhJTAgDh10fYAiUVB1aM0HacG",
- "3dOCjaf78kd5EQNViUZWj3AfFL90I",
- "290VWkL3aiJoW4MBbHk0Z0bDo22Ni",
- "1DbDZ1hpPZNUDBUp6UigcJllEdC26",
- "dFSOLBUM7UZX8Vnc6qokGIOiFo1h",
- "NcoUYJOg0HVmKI9fR2ag0S8R2hrK",
- "EOpiJ5Te7oDe2pn8ZhAUKkhFHlZh",
- "8nXK8rp8neV8LWta1WDgd1QnlWsU",
- "5T3d6bcSBtHgrH9bCbu84tblaa7r",
- "3PlUDIYUvMqOVCir7AtquK5dWanq",
- "2A70gDPX2AtiicvIGGk9poiMtgvu",
- "1MjiRxjk10J6SVAxFguv9kZiUnIc",
- "rpre2vIDeb4h3sp50r1YBbtEx9L",
- "ZHcoip0AglDAfibrsUcJ9M1C8fm",
- "NHP18+eoe6uU54W49Kc6ZK7+bT2",
- "FTAA7QXGoQOaZi7PzePtFFN5vNk"
+ "404041130042310320100141302000203430214122130002340212132414134210033",
+ "44515230120451152500101352430105520150025145320010504454125502",
+ "644641136612541136016610100564613624243140151310023515322",
+ "173512120732412062323044435407317550316717172705712756",
+ "265785018434285762514442046172754680368422060744852",
+ "1411774500397290569709059837552310354075408897518",
+ "184064268501499311A17746095910428222A241708032A",
+ "47706011B225950B02BB45602AA039893118A85950892",
+ "1A188C826B982353CB58422563AC602B783101671A86",
+ "105957B358B89B018958908A9114BC3DDC410B77982",
+ "CB7B3387E23452178846C55DD9D70C7CA9AEA78E8",
+ "F74A2876A1432698923B0767DA19DCF3D71795EE",
+ "17BF7C3673B76D7G7A5GA836277296F806E7453A",
+ "2EBG8HH3HFA6185D6H0596AH96G24C966DD3HG2",
+ "6G3HGBFEG8I3F25EAF61B904EIA40CFDH2124F",
+ "10AHC3D29EBHDF3HD97905CG0JA8061855C3FI",
+ "3BA5A55J5K699B2D09C38A4B237CH51IHA132",
+ "EDEA90DJ0B5CB3FGG1C8587FEB99D3C143CA",
+ "31M26JI1BBD56K3I028MML4EEDMAJK60LGLE",
+ "GGG5M3142FKKG82EJ28111D70EMHC241E4E",
+ "4446F4D5H10982023N297BF0DKBBHLLJB0I",
+ "12E9DEEOBMKAKEP0IM284MIP7FO1O521M46",
+ "85NN0HD48NN2FDDB1F5BMMKIB8CK20MDPK",
+ "2D882A7A0O0JPCJ4APDRIB77IABAKDGJP2",
+ "MFMCI0R7S27AAA3O3L2S8K44HKA7O02CN",
+ "7IGQS73FFSHC50NNH44B6PTTNLC3M6H78",
+ "2KLUB3U9850CSN6ANIDNIF1LB29MJ43LH",
+ "UT52GTL18CJ9H4HR0TJTK6ESUFBHF5FE",
+ "BTVL87QQBMUGF8PFWU4W3VU7U922QTMW",
+ "4OG10HW0MSWJBIDEE2PDH24GA7RIHIAA",
+ "1W8W9AX2DRUX48GXOLMK0PE42H0FEUWN",
+ "SVWI84VBH069WR15W1U2VTK06USY8Z2",
+ "CPTPNPDa5TYCPPNLALENT9IMX2GL0W2",
+ "5QU21UJMRaUYYYYYN6GHSMPOYOXEEUY",
+ "2O2Q7C6RPPB1SXJ9bR4035SPaQQ3H2W",
+ "18d994IbT4PHbD7cGIPCRP00bbQO0bc",
+ "NcDUEEWRO7XT76260WGeBHPVa72RdA",
+ "BbX2WCF9VfSB5LPdJAdeXKV1fd6LC2",
+ "60QDKW67P4JSQaTdQg7JE9ISafLaVU",
+ "33ba9XbDbRdNF4BeDB2XYMhAVDaBdA",
+ "1RIPZJA8gT5L5H7fTcaRhQ39geMMTc",
+ "d65j70fBATjcDiidPYXUGcaBVVLME",
+ "LKA9jhPabDG612TXWkhfT2gMXNIP2",
+ "BgNaYhjfT0G8PBcYRP8khJCR3C9QE",
+ "6Wk8RhJTAgDh10fYAiUVB1aM0HacG",
+ "3dOCjaf78kd5EQNViUZWj3AfFL90I",
+ "290VWkL3aiJoW4MBbHk0Z0bDo22Ni",
+ "1DbDZ1hpPZNUDBUp6UigcJllEdC26",
+ "dFSOLBUM7UZX8Vnc6qokGIOiFo1h",
+ "NcoUYJOg0HVmKI9fR2ag0S8R2hrK",
+ "EOpiJ5Te7oDe2pn8ZhAUKkhFHlZh",
+ "8nXK8rp8neV8LWta1WDgd1QnlWsU",
+ "5T3d6bcSBtHgrH9bCbu84tblaa7r",
+ "3PlUDIYUvMqOVCir7AtquK5dWanq",
+ "2A70gDPX2AtiicvIGGk9poiMtgvu",
+ "1MjiRxjk10J6SVAxFguv9kZiUnIc",
+ "rpre2vIDeb4h3sp50r1YBbtEx9L",
+ "ZHcoip0AglDAfibrsUcJ9M1C8fm",
+ "NHP18+eoe6uU54W49Kc6ZK7+bT2",
+ "FTAA7QXGoQOaZi7PzePtFFN5vNk"
};
const unsigned char b_mp4[] = {
- 0x01,
+ 0x01,
#if MP_DIGIT_MAX > MP_32BIT_MAX
- 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
#endif
- 0x63, 0xDB, 0xC2, 0x26,
- 0x5B, 0x88, 0x26, 0x8D,
- 0xC8, 0x01, 0xC1, 0x0E,
- 0xA6, 0x84, 0x76, 0xB7,
- 0xBD, 0xE0, 0x09, 0x0F
+ 0x63, 0xDB, 0xC2, 0x26,
+ 0x5B, 0x88, 0x26, 0x8D,
+ 0xC8, 0x01, 0xC1, 0x0E,
+ 0xA6, 0x84, 0x76, 0xB7,
+ 0xBD, 0xE0, 0x09, 0x0F
};
/* Search for a test suite name in the names table */
-int find_name(char *name);
+int find_name(char *name);
void reason(char *fmt, ...);
/*------------------------------------------------------------------------*/
/*------------------------------------------------------------------------*/
-char g_intbuf[4096]; /* buffer for integer comparison */
-char a_intbuf[4096]; /* buffer for integer comparison */
-int g_verbose = 1; /* print out reasons for failure? */
-int res;
-
-#define IFOK(x) { if (MP_OKAY > (res = (x))) { \
- reason("test %s failed: error %d\n", #x, res); return 1; }}
+char g_intbuf[4096]; /* buffer for integer comparison */
+char a_intbuf[4096]; /* buffer for integer comparison */
+int g_verbose = 1; /* print out reasons for failure? */
+int res;
+
+#define IFOK(x) \
+ { \
+ if (MP_OKAY > (res = (x))) { \
+ reason("test %s failed: error %d\n", #x, res); \
+ return 1; \
+ } \
+ }
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int which, res;
-
- srand((unsigned int)time(NULL));
-
- if (argc < 2) {
- fprintf(stderr, "Usage: %s <test-suite> | list\n"
- "Type '%s help' for assistance\n", argv[0], argv[0]);
- return 2;
- } else if(argc > 2) {
- if(strcmp(argv[2], "quiet") == 0)
- g_verbose = 0;
- }
-
- if(strcmp(argv[1], "help") == 0) {
- fprintf(stderr, "Help for mpi-test\n\n"
- "This program is a test driver for the MPI library, which\n"
- "tests all the various functions in the library to make sure\n"
- "they are working correctly. The syntax is:\n"
- " %s <suite-name>\n"
- "...where <suite-name> is the name of the test you wish to\n"
- "run. To get a list of the tests, use '%s list'.\n\n"
- "The program exits with a status of zero if the test passes,\n"
- "or non-zero if it fails. Ordinarily, failure is accompanied\n"
- "by a diagnostic message to standard error. To suppress this\n"
- "add the keyword 'quiet' after the suite-name on the command\n"
- "line.\n\n", argv[0], argv[0]);
- return 0;
- }
+ int which, res;
+
+ srand((unsigned int)time(NULL));
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <test-suite> | list\n"
+ "Type '%s help' for assistance\n",
+ argv[0], argv[0]);
+ return 2;
+ } else if (argc > 2) {
+ if (strcmp(argv[2], "quiet") == 0)
+ g_verbose = 0;
+ }
- if ((which = find_name(argv[1])) < 0) {
- fprintf(stderr, "%s: test suite '%s' is not known\n", argv[0], argv[1]);
- return 2;
- }
+ if (strcmp(argv[1], "help") == 0) {
+ fprintf(stderr, "Help for mpi-test\n\n"
+ "This program is a test driver for the MPI library, which\n"
+ "tests all the various functions in the library to make sure\n"
+ "they are working correctly. The syntax is:\n"
+ " %s <suite-name>\n"
+ "...where <suite-name> is the name of the test you wish to\n"
+ "run. To get a list of the tests, use '%s list'.\n\n"
+ "The program exits with a status of zero if the test passes,\n"
+ "or non-zero if it fails. Ordinarily, failure is accompanied\n"
+ "by a diagnostic message to standard error. To suppress this\n"
+ "add the keyword 'quiet' after the suite-name on the command\n"
+ "line.\n\n",
+ argv[0], argv[0]);
+ return 0;
+ }
- if((res = (g_tests[which])()) < 0) {
- fprintf(stderr, "%s: test suite not implemented yet\n", argv[0]);
- return 2;
- } else {
- return res;
- }
+ if ((which = find_name(argv[1])) < 0) {
+ fprintf(stderr, "%s: test suite '%s' is not known\n", argv[0], argv[1]);
+ return 2;
+ }
+ if ((res = (g_tests[which])()) < 0) {
+ fprintf(stderr, "%s: test suite not implemented yet\n", argv[0]);
+ return 2;
+ } else {
+ return res;
+ }
}
/*------------------------------------------------------------------------*/
-int find_name(char *name)
+int
+find_name(char *name)
{
- int ix = 0;
-
- while(ix < g_count) {
- if (strcmp(name, g_names[ix]) == 0)
- return ix;
-
- ++ix;
- }
-
- return -1;
+ int ix = 0;
+
+ while (ix < g_count) {
+ if (strcmp(name, g_names[ix]) == 0)
+ return ix;
+
+ ++ix;
+ }
+
+ return -1;
}
/*------------------------------------------------------------------------*/
-int test_list(void)
+int
+test_list(void)
{
- int ix;
-
- fprintf(stderr, "There are currently %d test suites available\n",
- g_count);
-
- for(ix = 1; ix < g_count; ix++)
- fprintf(stdout, "%-20s %s\n", g_names[ix], g_descs[ix]);
-
- return 0;
+ int ix;
+
+ fprintf(stderr, "There are currently %d test suites available\n",
+ g_count);
+
+ for (ix = 1; ix < g_count; ix++)
+ fprintf(stdout, "%-20s %s\n", g_names[ix], g_descs[ix]);
+
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_copy(void)
+int
+test_copy(void)
{
- mp_int a, b;
- int ix;
-
- mp_init(&a); mp_init(&b);
+ mp_int a, b;
+ int ix;
+
+ mp_init(&a);
+ mp_init(&b);
+
+ mp_read_radix(&a, mp3, 16);
+ mp_copy(&a, &b);
+
+ if (SIGN(&a) != SIGN(&b) || USED(&a) != USED(&b)) {
+ if (SIGN(&a) != SIGN(&b)) {
+ reason("error: sign of original is %d, sign of copy is %d\n",
+ SIGN(&a), SIGN(&b));
+ } else {
+ reason("error: original precision is %d, copy precision is %d\n",
+ USED(&a), USED(&b));
+ }
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
- mp_read_radix(&a, mp3, 16);
- mp_copy(&a, &b);
+ for (ix = 0; ix < USED(&b); ix++) {
+ if (DIGIT(&a, ix) != DIGIT(&b, ix)) {
+ reason("error: digit %d " DIGIT_FMT " != " DIGIT_FMT "\n",
+ ix, DIGIT(&a, ix), DIGIT(&b, ix));
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
+ }
- if(SIGN(&a) != SIGN(&b) || USED(&a) != USED(&b)) {
- if(SIGN(&a) != SIGN(&b)) {
- reason("error: sign of original is %d, sign of copy is %d\n",
- SIGN(&a), SIGN(&b));
- } else {
- reason("error: original precision is %d, copy precision is %d\n",
- USED(&a), USED(&b));
- }
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
-
- for(ix = 0; ix < USED(&b); ix++) {
- if(DIGIT(&a, ix) != DIGIT(&b, ix)) {
- reason("error: digit %d " DIGIT_FMT " != " DIGIT_FMT "\n",
- ix, DIGIT(&a, ix), DIGIT(&b, ix));
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
- }
-
- mp_clear(&a); mp_clear(&b);
- return 0;
+ mp_clear(&a);
+ mp_clear(&b);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_exch(void)
+int
+test_exch(void)
{
- mp_int a, b;
+ mp_int a, b;
- mp_init(&a); mp_init(&b);
- mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp1, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_read_radix(&a, mp7, 16);
+ mp_read_radix(&b, mp1, 16);
- mp_exch(&a, &b);
- mp_toradix(&a, g_intbuf, 16);
+ mp_exch(&a, &b);
+ mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a);
- if(strcmp(g_intbuf, mp1) != 0) {
- mp_clear(&b);
- reason("error: exchange failed\n");
- return 1;
- }
+ mp_clear(&a);
+ if (strcmp(g_intbuf, mp1) != 0) {
+ mp_clear(&b);
+ reason("error: exchange failed\n");
+ return 1;
+ }
- mp_toradix(&b, g_intbuf, 16);
+ mp_toradix(&b, g_intbuf, 16);
- mp_clear(&b);
- if(strcmp(g_intbuf, mp7) != 0) {
- reason("error: exchange failed\n");
- return 1;
- }
+ mp_clear(&b);
+ if (strcmp(g_intbuf, mp7) != 0) {
+ reason("error: exchange failed\n");
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_zero(void)
+int
+test_zero(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a); mp_read_radix(&a, mp7, 16);
- mp_zero(&a);
+ mp_init(&a);
+ mp_read_radix(&a, mp7, 16);
+ mp_zero(&a);
- if(USED(&a) != 1 || DIGIT(&a, 1) != 0) {
- mp_toradix(&a, g_intbuf, 16);
- reason("error: result is %s\n", g_intbuf);
- mp_clear(&a);
- return 1;
- }
+ if (USED(&a) != 1 || DIGIT(&a, 1) != 0) {
+ mp_toradix(&a, g_intbuf, 16);
+ reason("error: result is %s\n", g_intbuf);
+ mp_clear(&a);
+ return 1;
+ }
- mp_clear(&a);
- return 0;
+ mp_clear(&a);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_set(void)
+int
+test_set(void)
{
- mp_int a;
+ mp_int a;
+
+ /* Test single digit set */
+ mp_init(&a);
+ mp_set(&a, 5);
+ if (DIGIT(&a, 0) != 5) {
+ mp_toradix(&a, g_intbuf, 16);
+ reason("error: result is %s, expected 5\n", g_intbuf);
+ mp_clear(&a);
+ return 1;
+ }
- /* Test single digit set */
- mp_init(&a); mp_set(&a, 5);
- if(DIGIT(&a, 0) != 5) {
+ /* Test integer set */
+ mp_set_int(&a, -4938110);
mp_toradix(&a, g_intbuf, 16);
- reason("error: result is %s, expected 5\n", g_intbuf);
mp_clear(&a);
- return 1;
- }
-
- /* Test integer set */
- mp_set_int(&a, -4938110);
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a);
- if(strcmp(g_intbuf, mp5a) != 0) {
- reason("error: result is %s, expected %s\n", g_intbuf, mp5a);
- return 1;
- }
-
- return 0;
+ if (strcmp(g_intbuf, mp5a) != 0) {
+ reason("error: result is %s, expected %s\n", g_intbuf, mp5a);
+ return 1;
+ }
+
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_abs(void)
+int
+test_abs(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a); mp_read_radix(&a, mp4, 16);
- mp_abs(&a, &a);
-
- if(SIGN(&a) != ZPOS) {
- reason("error: sign of result is negative\n");
- mp_clear(&a);
- return 1;
- }
+ mp_init(&a);
+ mp_read_radix(&a, mp4, 16);
+ mp_abs(&a, &a);
- mp_clear(&a);
- return 0;
+ if (SIGN(&a) != ZPOS) {
+ reason("error: sign of result is negative\n");
+ mp_clear(&a);
+ return 1;
+ }
+
+ mp_clear(&a);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_neg(void)
+int
+test_neg(void)
{
- mp_int a;
- mp_sign s;
-
- mp_init(&a); mp_read_radix(&a, mp4, 16);
+ mp_int a;
+ mp_sign s;
+
+ mp_init(&a);
+ mp_read_radix(&a, mp4, 16);
+
+ s = SIGN(&a);
+ mp_neg(&a, &a);
+ if (SIGN(&a) == s) {
+ reason("error: sign of result is same as sign of nonzero input\n");
+ mp_clear(&a);
+ return 1;
+ }
- s = SIGN(&a);
- mp_neg(&a, &a);
- if(SIGN(&a) == s) {
- reason("error: sign of result is same as sign of nonzero input\n");
mp_clear(&a);
- return 1;
- }
-
- mp_clear(&a);
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_add_d(void)
+int
+test_add_d(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a);
-
- mp_read_radix(&a, mp5, 16);
- mp_add_d(&a, md4, &a);
- mp_toradix(&a, g_intbuf, 16);
+ mp_init(&a);
- if(strcmp(g_intbuf, s_mp5d4) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, s_mp5d4);
- mp_clear(&a);
- return 1;
- }
+ mp_read_radix(&a, mp5, 16);
+ mp_add_d(&a, md4, &a);
+ mp_toradix(&a, g_intbuf, 16);
- mp_read_radix(&a, mp2, 16);
- mp_add_d(&a, md5, &a);
- mp_toradix(&a, g_intbuf, 16);
+ if (strcmp(g_intbuf, s_mp5d4) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, s_mp5d4);
+ mp_clear(&a);
+ return 1;
+ }
- if(strcmp(g_intbuf, s_mp2d5) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, s_mp2d5);
- mp_clear(&a);
- return 1;
- }
+ mp_read_radix(&a, mp2, 16);
+ mp_add_d(&a, md5, &a);
+ mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a);
- return 0;
+ if (strcmp(g_intbuf, s_mp2d5) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, s_mp2d5);
+ mp_clear(&a);
+ return 1;
+ }
+
+ mp_clear(&a);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_add(void)
+int
+test_add(void)
{
- mp_int a, b;
- int res = 0;
-
- mp_init(&a); mp_init(&b);
-
- mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp3, 16);
- mp_add(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
-
- if(strcmp(g_intbuf, s_mp13) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, s_mp13);
- res = 1; goto CLEANUP;
- }
-
- mp_read_radix(&a, mp4, 16);
- mp_add(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
-
- if(strcmp(g_intbuf, s_mp34) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, s_mp34);
- res = 1; goto CLEANUP;
- }
-
- mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp6, 16);
- mp_add(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
-
- if(strcmp(g_intbuf, s_mp46) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, s_mp46);
- res = 1; goto CLEANUP;
- }
-
- mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp15, 16);
- mp_add(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
-
- if(strcmp(g_intbuf, s_mp1415) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, s_mp1415);
- res = 1;
- }
-
- CLEANUP:
- mp_clear(&a); mp_clear(&b);
- return res;
+ mp_int a, b;
+ int res = 0;
+
+ mp_init(&a);
+ mp_init(&b);
+
+ mp_read_radix(&a, mp1, 16);
+ mp_read_radix(&b, mp3, 16);
+ mp_add(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, s_mp13) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, s_mp13);
+ res = 1;
+ goto CLEANUP;
+ }
+
+ mp_read_radix(&a, mp4, 16);
+ mp_add(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, s_mp34) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, s_mp34);
+ res = 1;
+ goto CLEANUP;
+ }
+
+ mp_read_radix(&a, mp4, 16);
+ mp_read_radix(&b, mp6, 16);
+ mp_add(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, s_mp46) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, s_mp46);
+ res = 1;
+ goto CLEANUP;
+ }
+
+ mp_read_radix(&a, mp14, 16);
+ mp_read_radix(&b, mp15, 16);
+ mp_add(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, s_mp1415) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, s_mp1415);
+ res = 1;
+ }
+
+CLEANUP:
+ mp_clear(&a);
+ mp_clear(&b);
+ return res;
}
/*------------------------------------------------------------------------*/
-int test_sub_d(void)
+int
+test_sub_d(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a);
- mp_read_radix(&a, mp5, 16);
+ mp_init(&a);
+ mp_read_radix(&a, mp5, 16);
- mp_sub_d(&a, md4, &a);
- mp_toradix(&a, g_intbuf, 16);
+ mp_sub_d(&a, md4, &a);
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, d_mp5d4) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, d_mp5d4);
+ mp_clear(&a);
+ return 1;
+ }
+
+ mp_read_radix(&a, mp6, 16);
+
+ mp_sub_d(&a, md2, &a);
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, d_mp5d4) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, d_mp5d4);
mp_clear(&a);
- return 1;
- }
-
- mp_read_radix(&a, mp6, 16);
-
- mp_sub_d(&a, md2, &a);
- mp_toradix(&a, g_intbuf, 16);
-
- mp_clear(&a);
- if(strcmp(g_intbuf, d_mp6d2) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, d_mp6d2);
- return 1;
- }
-
- return 0;
+ if (strcmp(g_intbuf, d_mp6d2) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, d_mp6d2);
+ return 1;
+ }
+
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_sub(void)
+int
+test_sub(void)
{
- mp_int a, b;
+ mp_int a, b;
- mp_init(&a); mp_init(&b);
+ mp_init(&a);
+ mp_init(&b);
- mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp2, 16);
- mp_sub(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
+ mp_read_radix(&a, mp1, 16);
+ mp_read_radix(&b, mp2, 16);
+ mp_sub(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, d_mp12) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, d_mp12);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
+ if (strcmp(g_intbuf, d_mp12) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, d_mp12);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
- mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
- mp_sub(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
+ mp_read_radix(&a, mp3, 16);
+ mp_read_radix(&b, mp4, 16);
+ mp_sub(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, d_mp34) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, d_mp34);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
+ if (strcmp(g_intbuf, d_mp34) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, d_mp34);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
- mp_clear(&a); mp_clear(&b);
- return 0;
+ mp_clear(&a);
+ mp_clear(&b);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_mul_d(void)
+int
+test_mul_d(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a);
- mp_read_radix(&a, mp1, 16);
+ mp_init(&a);
+ mp_read_radix(&a, mp1, 16);
- IFOK( mp_mul_d(&a, md4, &a) );
- mp_toradix(&a, g_intbuf, 16);
-
- if(strcmp(g_intbuf, p_mp1d4) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp1d4);
- mp_clear(&a);
- return 1;
- }
+ IFOK(mp_mul_d(&a, md4, &a));
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, p_mp1d4) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp1d4);
+ mp_clear(&a);
+ return 1;
+ }
- mp_read_radix(&a, mp8, 16);
- IFOK( mp_mul_d(&a, md6, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ mp_read_radix(&a, mp8, 16);
+ IFOK(mp_mul_d(&a, md6, &a));
+ mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a);
- if(strcmp(g_intbuf, p_mp8d6) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp8d6);
- return 1;
- }
+ mp_clear(&a);
+ if (strcmp(g_intbuf, p_mp8d6) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp8d6);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_mul(void)
+int
+test_mul(void)
{
- mp_int a, b;
- int res = 0;
-
- mp_init(&a); mp_init(&b);
- mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp2, 16);
+ mp_int a, b;
+ int res = 0;
- IFOK( mp_mul(&a, &b, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_read_radix(&a, mp1, 16);
+ mp_read_radix(&b, mp2, 16);
- if(strcmp(g_intbuf, p_mp12) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp12);
- res = 1; goto CLEANUP;
- }
+ IFOK(mp_mul(&a, &b, &a));
+ mp_toradix(&a, g_intbuf, 16);
- mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
- IFOK( mp_mul(&a, &b, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ if (strcmp(g_intbuf, p_mp12) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp12);
+ res = 1;
+ goto CLEANUP;
+ }
- if(strcmp(g_intbuf, p_mp34) !=0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp34);
- res = 1; goto CLEANUP;
- }
+ mp_read_radix(&a, mp3, 16);
+ mp_read_radix(&b, mp4, 16);
+ IFOK(mp_mul(&a, &b, &a));
+ mp_toradix(&a, g_intbuf, 16);
- mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp7, 16);
- IFOK( mp_mul(&a, &b, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ if (strcmp(g_intbuf, p_mp34) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp34);
+ res = 1;
+ goto CLEANUP;
+ }
- if(strcmp(g_intbuf, p_mp57) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp57);
- res = 1; goto CLEANUP;
- }
+ mp_read_radix(&a, mp5, 16);
+ mp_read_radix(&b, mp7, 16);
+ IFOK(mp_mul(&a, &b, &a));
+ mp_toradix(&a, g_intbuf, 16);
- mp_read_radix(&a, mp11, 16); mp_read_radix(&b, mp13, 16);
- IFOK( mp_mul(&a, &b, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ if (strcmp(g_intbuf, p_mp57) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp57);
+ res = 1;
+ goto CLEANUP;
+ }
- if(strcmp(g_intbuf, p_mp1113) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp1113);
- res = 1; goto CLEANUP;
- }
+ mp_read_radix(&a, mp11, 16);
+ mp_read_radix(&b, mp13, 16);
+ IFOK(mp_mul(&a, &b, &a));
+ mp_toradix(&a, g_intbuf, 16);
- mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp15, 16);
- IFOK( mp_mul(&a, &b, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ if (strcmp(g_intbuf, p_mp1113) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp1113);
+ res = 1;
+ goto CLEANUP;
+ }
- if(strcmp(g_intbuf, p_mp1415) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp1415);
- res = 1;
- }
- mp_read_radix(&a, mp21, 10); mp_read_radix(&b, mp21, 10);
+ mp_read_radix(&a, mp14, 16);
+ mp_read_radix(&b, mp15, 16);
+ IFOK(mp_mul(&a, &b, &a));
+ mp_toradix(&a, g_intbuf, 16);
- IFOK( mp_mul(&a, &b, &a) );
- mp_toradix(&a, g_intbuf, 10);
+ if (strcmp(g_intbuf, p_mp1415) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp1415);
+ res = 1;
+ }
+ mp_read_radix(&a, mp21, 10);
+ mp_read_radix(&b, mp21, 10);
- if(strcmp(g_intbuf, p_mp2121) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp2121);
- res = 1; goto CLEANUP;
- }
+ IFOK(mp_mul(&a, &b, &a));
+ mp_toradix(&a, g_intbuf, 10);
- CLEANUP:
- mp_clear(&a); mp_clear(&b);
- return res;
+ if (strcmp(g_intbuf, p_mp2121) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp2121);
+ res = 1;
+ goto CLEANUP;
+ }
+CLEANUP:
+ mp_clear(&a);
+ mp_clear(&b);
+ return res;
}
/*------------------------------------------------------------------------*/
-int test_sqr(void)
+int
+test_sqr(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a); mp_read_radix(&a, mp2, 16);
+ mp_init(&a);
+ mp_read_radix(&a, mp2, 16);
- mp_sqr(&a, &a);
- mp_toradix(&a, g_intbuf, 16);
+ mp_sqr(&a, &a);
+ mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a);
- if(strcmp(g_intbuf, p_mp22) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, p_mp22);
- return 1;
- }
+ mp_clear(&a);
+ if (strcmp(g_intbuf, p_mp22) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, p_mp22);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_div_d(void)
+int
+test_div_d(void)
{
- mp_int a, q;
- mp_digit r;
- int err = 0;
+ mp_int a, q;
+ mp_digit r;
+ int err = 0;
- mp_init(&a); mp_init(&q);
- mp_read_radix(&a, mp3, 16);
+ mp_init(&a);
+ mp_init(&q);
+ mp_read_radix(&a, mp3, 16);
- IFOK( mp_div_d(&a, md6, &q, &r) );
- mp_toradix(&q, g_intbuf, 16);
+ IFOK(mp_div_d(&a, md6, &q, &r));
+ mp_toradix(&q, g_intbuf, 16);
- if(strcmp(g_intbuf, q_mp3d6) != 0) {
- reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp3d6);
- ++err;
- }
+ if (strcmp(g_intbuf, q_mp3d6) != 0) {
+ reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp3d6);
+ ++err;
+ }
- sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+ sprintf(g_intbuf, ZS_DIGIT_FMT, r);
- if(strcmp(g_intbuf, r_mp3d6) != 0) {
- reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp3d6);
- ++err;
- }
+ if (strcmp(g_intbuf, r_mp3d6) != 0) {
+ reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp3d6);
+ ++err;
+ }
- mp_read_radix(&a, mp9, 16);
- IFOK( mp_div_d(&a, 16, &q, &r) );
- mp_toradix(&q, g_intbuf, 16);
+ mp_read_radix(&a, mp9, 16);
+ IFOK(mp_div_d(&a, 16, &q, &r));
+ mp_toradix(&q, g_intbuf, 16);
- if(strcmp(g_intbuf, q_mp9c16) != 0) {
- reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp9c16);
- ++err;
- }
+ if (strcmp(g_intbuf, q_mp9c16) != 0) {
+ reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp9c16);
+ ++err;
+ }
- sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+ sprintf(g_intbuf, ZS_DIGIT_FMT, r);
- if(strcmp(g_intbuf, r_mp9c16) != 0) {
- reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp9c16);
- ++err;
- }
+ if (strcmp(g_intbuf, r_mp9c16) != 0) {
+ reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp9c16);
+ ++err;
+ }
- mp_clear(&a); mp_clear(&q);
- return err;
+ mp_clear(&a);
+ mp_clear(&q);
+ return err;
}
/*------------------------------------------------------------------------*/
-int test_div_2(void)
+int
+test_div_2(void)
{
- mp_int a;
-
- mp_init(&a); mp_read_radix(&a, mp7, 16);
- IFOK( mp_div_2(&a, &a) );
- mp_toradix(&a, g_intbuf, 16);
-
- mp_clear(&a);
- if(strcmp(g_intbuf, q_mp7c2) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, q_mp7c2);
- return 1;
- }
-
- return 0;
+ mp_int a;
+
+ mp_init(&a);
+ mp_read_radix(&a, mp7, 16);
+ IFOK(mp_div_2(&a, &a));
+ mp_toradix(&a, g_intbuf, 16);
+
+ mp_clear(&a);
+ if (strcmp(g_intbuf, q_mp7c2) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, q_mp7c2);
+ return 1;
+ }
+
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_div_2d(void)
+int
+test_div_2d(void)
{
- mp_int a, q, r;
+ mp_int a, q, r;
+
+ mp_init(&q);
+ mp_init(&r);
+ mp_init(&a);
+ mp_read_radix(&a, mp13, 16);
- mp_init(&q); mp_init(&r);
- mp_init(&a); mp_read_radix(&a, mp13, 16);
+ IFOK(mp_div_2d(&a, 64, &q, &r));
+ mp_clear(&a);
- IFOK( mp_div_2d(&a, 64, &q, &r) );
- mp_clear(&a);
+ mp_toradix(&q, g_intbuf, 16);
- mp_toradix(&q, g_intbuf, 16);
+ if (strcmp(g_intbuf, q_mp13c) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, q_mp13c);
+ mp_clear(&q);
+ mp_clear(&r);
+ return 1;
+ }
- if(strcmp(g_intbuf, q_mp13c) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, q_mp13c);
- mp_clear(&q); mp_clear(&r);
- return 1;
- }
+ mp_clear(&q);
- mp_clear(&q);
+ mp_toradix(&r, g_intbuf, 16);
+ if (strcmp(g_intbuf, r_mp13c) != 0) {
+ reason("error, computed %s, expected %s\n", g_intbuf, r_mp13c);
+ mp_clear(&r);
+ return 1;
+ }
- mp_toradix(&r, g_intbuf, 16);
- if(strcmp(g_intbuf, r_mp13c) != 0) {
- reason("error, computed %s, expected %s\n", g_intbuf, r_mp13c);
mp_clear(&r);
- return 1;
- }
- mp_clear(&r);
-
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_div(void)
+int
+test_div(void)
{
- mp_int a, b, r;
- int err = 0;
+ mp_int a, b, r;
+ int err = 0;
- mp_init(&a); mp_init(&b); mp_init(&r);
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&r);
- mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp2, 16);
- IFOK( mp_div(&a, &b, &a, &r) );
- mp_toradix(&a, g_intbuf, 16);
+ mp_read_radix(&a, mp4, 16);
+ mp_read_radix(&b, mp2, 16);
+ IFOK(mp_div(&a, &b, &a, &r));
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, q_mp42) != 0) {
- reason("error: test 1 computed quot %s, expected %s\n", g_intbuf, q_mp42);
- ++err;
- }
+ if (strcmp(g_intbuf, q_mp42) != 0) {
+ reason("error: test 1 computed quot %s, expected %s\n", g_intbuf, q_mp42);
+ ++err;
+ }
- mp_toradix(&r, g_intbuf, 16);
+ mp_toradix(&r, g_intbuf, 16);
- if(strcmp(g_intbuf, r_mp42) != 0) {
- reason("error: test 1 computed rem %s, expected %s\n", g_intbuf, r_mp42);
- ++err;
- }
+ if (strcmp(g_intbuf, r_mp42) != 0) {
+ reason("error: test 1 computed rem %s, expected %s\n", g_intbuf, r_mp42);
+ ++err;
+ }
- mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp5a, 16);
- IFOK( mp_div(&a, &b, &a, &r) );
- mp_toradix(&a, g_intbuf, 16);
+ mp_read_radix(&a, mp4, 16);
+ mp_read_radix(&b, mp5a, 16);
+ IFOK(mp_div(&a, &b, &a, &r));
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, q_mp45a) != 0) {
- reason("error: test 2 computed quot %s, expected %s\n", g_intbuf, q_mp45a);
- ++err;
- }
+ if (strcmp(g_intbuf, q_mp45a) != 0) {
+ reason("error: test 2 computed quot %s, expected %s\n", g_intbuf, q_mp45a);
+ ++err;
+ }
- mp_toradix(&r, g_intbuf, 16);
+ mp_toradix(&r, g_intbuf, 16);
- if(strcmp(g_intbuf, r_mp45a) != 0) {
- reason("error: test 2 computed rem %s, expected %s\n", g_intbuf, r_mp45a);
- ++err;
- }
+ if (strcmp(g_intbuf, r_mp45a) != 0) {
+ reason("error: test 2 computed rem %s, expected %s\n", g_intbuf, r_mp45a);
+ ++err;
+ }
- mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp4, 16);
- IFOK( mp_div(&a, &b, &a, &r) );
- mp_toradix(&a, g_intbuf, 16);
+ mp_read_radix(&a, mp14, 16);
+ mp_read_radix(&b, mp4, 16);
+ IFOK(mp_div(&a, &b, &a, &r));
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, q_mp1404) != 0) {
- reason("error: test 3 computed quot %s, expected %s\n", g_intbuf, q_mp1404);
- ++err;
- }
+ if (strcmp(g_intbuf, q_mp1404) != 0) {
+ reason("error: test 3 computed quot %s, expected %s\n", g_intbuf, q_mp1404);
+ ++err;
+ }
- mp_toradix(&r, g_intbuf, 16);
-
- if(strcmp(g_intbuf, r_mp1404) != 0) {
- reason("error: test 3 computed rem %s, expected %s\n", g_intbuf, r_mp1404);
- ++err;
- }
+ mp_toradix(&r, g_intbuf, 16);
- mp_clear(&a); mp_clear(&b); mp_clear(&r);
+ if (strcmp(g_intbuf, r_mp1404) != 0) {
+ reason("error: test 3 computed rem %s, expected %s\n", g_intbuf, r_mp1404);
+ ++err;
+ }
- return err;
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&r);
+
+ return err;
}
/*------------------------------------------------------------------------*/
-int test_expt_d(void)
+int
+test_expt_d(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a); mp_read_radix(&a, mp5, 16);
- mp_expt_d(&a, md9, &a);
- mp_toradix(&a, g_intbuf, 16);
+ mp_init(&a);
+ mp_read_radix(&a, mp5, 16);
+ mp_expt_d(&a, md9, &a);
+ mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a);
- if(strcmp(g_intbuf, e_mp5d9) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, e_mp5d9);
- return 1;
- }
+ mp_clear(&a);
+ if (strcmp(g_intbuf, e_mp5d9) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, e_mp5d9);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_expt(void)
+int
+test_expt(void)
{
- mp_int a, b;
+ mp_int a, b;
- mp_init(&a); mp_init(&b);
- mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp8, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_read_radix(&a, mp7, 16);
+ mp_read_radix(&b, mp8, 16);
- mp_expt(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&b);
+ mp_expt(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
+ mp_clear(&b);
- if(strcmp(g_intbuf, e_mp78) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, e_mp78);
- return 1;
- }
+ if (strcmp(g_intbuf, e_mp78) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, e_mp78);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_2expt(void)
+int
+test_2expt(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a);
- mp_2expt(&a, md3);
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a);
+ mp_init(&a);
+ mp_2expt(&a, md3);
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
- if(strcmp(g_intbuf, e_mpc2d3) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, e_mpc2d3);
- return 1;
- }
+ if (strcmp(g_intbuf, e_mpc2d3) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, e_mpc2d3);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_sqrt(void)
+int
+test_sqrt(void)
{
- mp_int a;
- int res = 0;
-
- mp_init(&a); mp_read_radix(&a, mp9, 16);
- mp_sqrt(&a, &a);
- mp_toradix(&a, g_intbuf, 16);
-
- if(strcmp(g_intbuf, t_mp9) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, t_mp9);
- res = 1; goto CLEANUP;
- }
-
- mp_read_radix(&a, mp15, 16);
- mp_sqrt(&a, &a);
- mp_toradix(&a, g_intbuf, 16);
-
- if(strcmp(g_intbuf, t_mp15) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, t_mp15);
- res = 1;
- }
-
- CLEANUP:
- mp_clear(&a);
- return res;
+ mp_int a;
+ int res = 0;
+
+ mp_init(&a);
+ mp_read_radix(&a, mp9, 16);
+ mp_sqrt(&a, &a);
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, t_mp9) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, t_mp9);
+ res = 1;
+ goto CLEANUP;
+ }
+
+ mp_read_radix(&a, mp15, 16);
+ mp_sqrt(&a, &a);
+ mp_toradix(&a, g_intbuf, 16);
+
+ if (strcmp(g_intbuf, t_mp15) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, t_mp15);
+ res = 1;
+ }
+
+CLEANUP:
+ mp_clear(&a);
+ return res;
}
/*------------------------------------------------------------------------*/
-int test_mod_d(void)
+int
+test_mod_d(void)
{
- mp_int a;
- mp_digit r;
+ mp_int a;
+ mp_digit r;
- mp_init(&a); mp_read_radix(&a, mp5, 16);
- IFOK( mp_mod_d(&a, md5, &r) );
- sprintf(g_intbuf, ZS_DIGIT_FMT, r);
- mp_clear(&a);
+ mp_init(&a);
+ mp_read_radix(&a, mp5, 16);
+ IFOK(mp_mod_d(&a, md5, &r));
+ sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+ mp_clear(&a);
- if(strcmp(g_intbuf, r_mp5d5) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, r_mp5d5);
- return 1;
- }
+ if (strcmp(g_intbuf, r_mp5d5) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, r_mp5d5);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_mod(void)
+int
+test_mod(void)
{
- mp_int a, m;
+ mp_int a, m;
- mp_init(&a); mp_init(&m);
- mp_read_radix(&a, mp4, 16); mp_read_radix(&m, mp7, 16);
- IFOK( mp_mod(&a, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&m);
+ mp_init(&a);
+ mp_init(&m);
+ mp_read_radix(&a, mp4, 16);
+ mp_read_radix(&m, mp7, 16);
+ IFOK(mp_mod(&a, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
+ mp_clear(&m);
- if(strcmp(g_intbuf, r_mp47) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, r_mp47);
- return 1;
- }
+ if (strcmp(g_intbuf, r_mp47) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, r_mp47);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_addmod(void)
+int
+test_addmod(void)
{
- mp_int a, b, m;
+ mp_int a, b, m;
- mp_init(&a); mp_init(&b); mp_init(&m);
- mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
- mp_read_radix(&m, mp5, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&m);
+ mp_read_radix(&a, mp3, 16);
+ mp_read_radix(&b, mp4, 16);
+ mp_read_radix(&m, mp5, 16);
- IFOK( mp_addmod(&a, &b, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&b); mp_clear(&m);
+ IFOK(mp_addmod(&a, &b, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&m);
- if(strcmp(g_intbuf, ms_mp345) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, ms_mp345);
- return 1;
- }
+ if (strcmp(g_intbuf, ms_mp345) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, ms_mp345);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_submod(void)
+int
+test_submod(void)
{
- mp_int a, b, m;
+ mp_int a, b, m;
- mp_init(&a); mp_init(&b); mp_init(&m);
- mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
- mp_read_radix(&m, mp5, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&m);
+ mp_read_radix(&a, mp3, 16);
+ mp_read_radix(&b, mp4, 16);
+ mp_read_radix(&m, mp5, 16);
- IFOK( mp_submod(&a, &b, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&b); mp_clear(&m);
+ IFOK(mp_submod(&a, &b, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&m);
- if(strcmp(g_intbuf, md_mp345) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, md_mp345);
- return 1;
- }
+ if (strcmp(g_intbuf, md_mp345) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, md_mp345);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_mulmod(void)
+int
+test_mulmod(void)
{
- mp_int a, b, m;
+ mp_int a, b, m;
- mp_init(&a); mp_init(&b); mp_init(&m);
- mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
- mp_read_radix(&m, mp5, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&m);
+ mp_read_radix(&a, mp3, 16);
+ mp_read_radix(&b, mp4, 16);
+ mp_read_radix(&m, mp5, 16);
- IFOK( mp_mulmod(&a, &b, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&b); mp_clear(&m);
+ IFOK(mp_mulmod(&a, &b, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&m);
- if(strcmp(g_intbuf, mp_mp345) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, mp_mp345);
- return 1;
- }
+ if (strcmp(g_intbuf, mp_mp345) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, mp_mp345);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_sqrmod(void)
+int
+test_sqrmod(void)
{
- mp_int a, m;
+ mp_int a, m;
- mp_init(&a); mp_init(&m);
- mp_read_radix(&a, mp3, 16); mp_read_radix(&m, mp5, 16);
+ mp_init(&a);
+ mp_init(&m);
+ mp_read_radix(&a, mp3, 16);
+ mp_read_radix(&m, mp5, 16);
- IFOK( mp_sqrmod(&a, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&m);
+ IFOK(mp_sqrmod(&a, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
+ mp_clear(&m);
- if(strcmp(g_intbuf, mp_mp335) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, mp_mp335);
- return 1;
- }
+ if (strcmp(g_intbuf, mp_mp335) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, mp_mp335);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_exptmod(void)
+int
+test_exptmod(void)
{
- mp_int a, b, m;
- int res = 0;
+ mp_int a, b, m;
+ int res = 0;
- mp_init(&a); mp_init(&b); mp_init(&m);
- mp_read_radix(&a, mp8, 16); mp_read_radix(&b, mp1, 16);
- mp_read_radix(&m, mp7, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&m);
+ mp_read_radix(&a, mp8, 16);
+ mp_read_radix(&b, mp1, 16);
+ mp_read_radix(&m, mp7, 16);
- IFOK( mp_exptmod(&a, &b, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ IFOK(mp_exptmod(&a, &b, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, me_mp817) != 0) {
- reason("case 1: error: computed %s, expected %s\n", g_intbuf, me_mp817);
- res = 1; goto CLEANUP;
- }
+ if (strcmp(g_intbuf, me_mp817) != 0) {
+ reason("case 1: error: computed %s, expected %s\n", g_intbuf, me_mp817);
+ res = 1;
+ goto CLEANUP;
+ }
- mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp5, 16);
- mp_read_radix(&m, mp12, 16);
+ mp_read_radix(&a, mp1, 16);
+ mp_read_radix(&b, mp5, 16);
+ mp_read_radix(&m, mp12, 16);
- IFOK( mp_exptmod(&a, &b, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ IFOK(mp_exptmod(&a, &b, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, me_mp1512) != 0) {
- reason("case 2: error: computed %s, expected %s\n", g_intbuf, me_mp1512);
- res = 1; goto CLEANUP;
- }
+ if (strcmp(g_intbuf, me_mp1512) != 0) {
+ reason("case 2: error: computed %s, expected %s\n", g_intbuf, me_mp1512);
+ res = 1;
+ goto CLEANUP;
+ }
- mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp1, 16);
- mp_read_radix(&m, mp14, 16);
+ mp_read_radix(&a, mp5, 16);
+ mp_read_radix(&b, mp1, 16);
+ mp_read_radix(&m, mp14, 16);
- IFOK( mp_exptmod(&a, &b, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ IFOK(mp_exptmod(&a, &b, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, me_mp5114) != 0) {
- reason("case 3: error: computed %s, expected %s\n", g_intbuf, me_mp5114);
- res = 1;
- }
+ if (strcmp(g_intbuf, me_mp5114) != 0) {
+ reason("case 3: error: computed %s, expected %s\n", g_intbuf, me_mp5114);
+ res = 1;
+ }
- mp_read_radix(&a, mp16, 16); mp_read_radix(&b, mp17, 16);
- mp_read_radix(&m, mp18, 16);
+ mp_read_radix(&a, mp16, 16);
+ mp_read_radix(&b, mp17, 16);
+ mp_read_radix(&m, mp18, 16);
- IFOK( mp_exptmod(&a, &b, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
+ IFOK(mp_exptmod(&a, &b, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, me_mp161718) != 0) {
- reason("case 4: error: computed %s, expected %s\n", g_intbuf, me_mp161718);
- res = 1;
- }
+ if (strcmp(g_intbuf, me_mp161718) != 0) {
+ reason("case 4: error: computed %s, expected %s\n", g_intbuf, me_mp161718);
+ res = 1;
+ }
- CLEANUP:
- mp_clear(&a); mp_clear(&b); mp_clear(&m);
- return res;
+CLEANUP:
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&m);
+ return res;
}
/*------------------------------------------------------------------------*/
-int test_exptmod_d(void)
+int
+test_exptmod_d(void)
{
- mp_int a, m;
+ mp_int a, m;
- mp_init(&a); mp_init(&m);
- mp_read_radix(&a, mp5, 16); mp_read_radix(&m, mp7, 16);
+ mp_init(&a);
+ mp_init(&m);
+ mp_read_radix(&a, mp5, 16);
+ mp_read_radix(&m, mp7, 16);
- IFOK( mp_exptmod_d(&a, md4, &m, &a) );
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&m);
+ IFOK(mp_exptmod_d(&a, md4, &m, &a));
+ mp_toradix(&a, g_intbuf, 16);
+ mp_clear(&a);
+ mp_clear(&m);
- if(strcmp(g_intbuf, me_mp5d47) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, me_mp5d47);
- return 1;
- }
+ if (strcmp(g_intbuf, me_mp5d47) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, me_mp5d47);
+ return 1;
+ }
- return 0;
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_invmod(void)
+int
+test_invmod(void)
{
- mp_int a, m, c;
- mp_int p1, p2, p3, p4, p5;
- mp_int t1, t2, t3, t4;
- mp_err res;
-
- /* 5 128-bit primes. */
- static const char ivp1[] = { "AAD8A5A2A2BEF644BAEE7DB0CA643719" };
- static const char ivp2[] = { "CB371AD2B79A90BCC88D0430663E40B9" };
- static const char ivp3[] = { "C6C818D4DF2618406CA09280C0400099" };
- static const char ivp4[] = { "CE949C04512E68918006B1F0D7E93F27" };
- static const char ivp5[] = { "F8EE999B6416645040687440E0B89F51" };
-
- mp_init(&a); mp_init(&m);
- mp_read_radix(&a, mp2, 16); mp_read_radix(&m, mp7, 16);
-
- IFOK( mp_invmod(&a, &m, &a) );
-
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&m);
-
- if(strcmp(g_intbuf, i_mp27) != 0) {
- reason("error: invmod test 1 computed %s, expected %s\n", g_intbuf, i_mp27);
- return 1;
- }
-
- mp_init(&a); mp_init(&m);
- mp_read_radix(&a, mp20, 16); mp_read_radix(&m, mp19, 16);
-
- IFOK( mp_invmod(&a, &m, &a) );
-
- mp_toradix(&a, g_intbuf, 16);
- mp_clear(&a); mp_clear(&m);
-
- if(strcmp(g_intbuf, i_mp2019) != 0) {
- reason("error: invmod test 2 computed %s, expected %s\n", g_intbuf, i_mp2019);
- return 1;
- }
-
-/* Need the following test cases:
- Odd modulus
- - a is odd, relatively prime to m
- - a is odd, not relatively prime to m
- - a is even, relatively prime to m
- - a is even, not relatively prime to m
- Even modulus
- - a is even (should fail)
- - a is odd, not relatively prime to m
- - a is odd, relatively prime to m,
- m is not a power of 2
- - m has factor 2**k, k < 32
- - m has factor 2**k, k > 32
- m is a power of 2, 2**k
- - k < 32
- - k > 32
-*/
-
- mp_init(&a); mp_init(&m); mp_init(&c);
- mp_init(&p1); mp_init(&p2); mp_init(&p3); mp_init(&p4); mp_init(&p5);
- mp_init(&t1); mp_init(&t2); mp_init(&t3); mp_init(&t4);
-
- mp_read_radix(&p1, ivp1, 16);
- mp_read_radix(&p2, ivp2, 16);
- mp_read_radix(&p3, ivp3, 16);
- mp_read_radix(&p4, ivp4, 16);
- mp_read_radix(&p5, ivp5, 16);
-
- IFOK( mp_2expt(&t2, 68) ); /* t2 = 2**68 */
- IFOK( mp_2expt(&t3, 128) ); /* t3 = 2**128 */
- IFOK( mp_2expt(&t4, 31) ); /* t4 = 2**31 */
-
-/* test 3: Odd modulus - a is odd, relatively prime to m */
-
- IFOK( mp_mul(&p1, &p2, &a) );
- IFOK( mp_mul(&p3, &p4, &m) );
- IFOK( mp_invmod(&a, &m, &t1) );
- IFOK( mp_invmod_xgcd(&a, &m, &c) );
-
- if (mp_cmp(&t1, &c) != 0) {
- mp_toradix(&t1, g_intbuf, 16);
- mp_toradix(&c, a_intbuf, 16);
- reason("error: invmod test 3 computed %s, expected %s\n",
- g_intbuf, a_intbuf);
- return 1;
- }
- mp_clear(&a); mp_clear(&t1); mp_clear(&c);
- mp_init(&a); mp_init(&t1); mp_init(&c);
-
-/* test 4: Odd modulus - a is odd, NOT relatively prime to m */
-
- IFOK( mp_mul(&p1, &p3, &a) );
- /* reuse same m as before */
-
- res = mp_invmod_xgcd(&a, &m, &c);
- if (res != MP_UNDEF)
- goto CLEANUP4;
-
- res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
- if (res != MP_UNDEF) {
-CLEANUP4:
- reason("error: invmod test 4 succeeded, should have failed.\n");
- return 1;
- }
- mp_clear(&a); mp_clear(&t1); mp_clear(&c);
- mp_init(&a); mp_init(&t1); mp_init(&c);
-
-/* test 5: Odd modulus - a is even, relatively prime to m */
-
- IFOK( mp_mul(&p1, &t2, &a) );
- /* reuse m */
- IFOK( mp_invmod(&a, &m, &t1) );
- IFOK( mp_invmod_xgcd(&a, &m, &c) );
-
- if (mp_cmp(&t1, &c) != 0) {
- mp_toradix(&t1, g_intbuf, 16);
- mp_toradix(&c, a_intbuf, 16);
- reason("error: invmod test 5 computed %s, expected %s\n",
- g_intbuf, a_intbuf);
- return 1;
- }
- mp_clear(&a); mp_clear(&t1); mp_clear(&c);
- mp_init(&a); mp_init(&t1); mp_init(&c);
-
-/* test 6: Odd modulus - a is odd, NOT relatively prime to m */
-
- /* reuse t2 */
- IFOK( mp_mul(&t2, &p3, &a) );
- /* reuse same m as before */
-
- res = mp_invmod_xgcd(&a, &m, &c);
- if (res != MP_UNDEF)
- goto CLEANUP6;
-
- res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
- if (res != MP_UNDEF) {
-CLEANUP6:
- reason("error: invmod test 6 succeeded, should have failed.\n");
- return 1;
- }
- mp_clear(&a); mp_clear(&m); mp_clear(&c); mp_clear(&t1);
- mp_init(&a); mp_init(&m); mp_init(&c); mp_init(&t1);
-
-/* test 7: Even modulus, even a, should fail */
-
- IFOK( mp_mul(&p3, &t3, &m) ); /* even m */
- /* reuse t2 */
- IFOK( mp_mul(&p1, &t2, &a) ); /* even a */
-
- res = mp_invmod_xgcd(&a, &m, &c);
- if (res != MP_UNDEF)
- goto CLEANUP7;
-
- res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
- if (res != MP_UNDEF) {
-CLEANUP7:
- reason("error: invmod test 7 succeeded, should have failed.\n");
- return 1;
- }
- mp_clear(&a); mp_clear(&c); mp_clear(&t1);
- mp_init(&a); mp_init(&c); mp_init(&t1);
-
-/* test 8: Even modulus - a is odd, not relatively prime to m */
-
- /* reuse m */
- IFOK( mp_mul(&p3, &p1, &a) ); /* even a */
-
- res = mp_invmod_xgcd(&a, &m, &c);
- if (res != MP_UNDEF)
- goto CLEANUP8;
-
- res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
- if (res != MP_UNDEF) {
-CLEANUP8:
- reason("error: invmod test 8 succeeded, should have failed.\n");
- return 1;
- }
- mp_clear(&a); mp_clear(&m); mp_clear(&c); mp_clear(&t1);
- mp_init(&a); mp_init(&m); mp_init(&c); mp_init(&t1);
-
-/* test 9: Even modulus - m has factor 2**k, k < 32
- * - a is odd, relatively prime to m,
- */
- IFOK( mp_mul(&p3, &t4, &m) ); /* even m */
- IFOK( mp_mul(&p1, &p2, &a) );
- IFOK( mp_invmod(&a, &m, &t1) );
- IFOK( mp_invmod_xgcd(&a, &m, &c) );
-
- if (mp_cmp(&t1, &c) != 0) {
- mp_toradix(&t1, g_intbuf, 16);
- mp_toradix(&c, a_intbuf, 16);
- reason("error: invmod test 9 computed %s, expected %s\n",
- g_intbuf, a_intbuf);
- return 1;
- }
- mp_clear(&m); mp_clear(&t1); mp_clear(&c);
- mp_init(&m); mp_init(&t1); mp_init(&c);
-
-/* test 10: Even modulus - m has factor 2**k, k > 32
- * - a is odd, relatively prime to m,
- */
- IFOK( mp_mul(&p3, &t3, &m) ); /* even m */
- /* reuse a */
- IFOK( mp_invmod(&a, &m, &t1) );
- IFOK( mp_invmod_xgcd(&a, &m, &c) );
-
- if (mp_cmp(&t1, &c) != 0) {
- mp_toradix(&t1, g_intbuf, 16);
- mp_toradix(&c, a_intbuf, 16);
- reason("error: invmod test 10 computed %s, expected %s\n",
- g_intbuf, a_intbuf);
- return 1;
- }
- mp_clear(&t1); mp_clear(&c);
- mp_init(&t1); mp_init(&c);
-
-/* test 11: Even modulus - m is a power of 2, 2**k | k < 32
- * - a is odd, relatively prime to m,
- */
- IFOK( mp_invmod(&a, &t4, &t1) );
- IFOK( mp_invmod_xgcd(&a, &t4, &c) );
-
- if (mp_cmp(&t1, &c) != 0) {
- mp_toradix(&t1, g_intbuf, 16);
- mp_toradix(&c, a_intbuf, 16);
- reason("error: invmod test 11 computed %s, expected %s\n",
- g_intbuf, a_intbuf);
- return 1;
- }
- mp_clear(&t1); mp_clear(&c);
- mp_init(&t1); mp_init(&c);
-
-/* test 12: Even modulus - m is a power of 2, 2**k | k > 32
- * - a is odd, relatively prime to m,
- */
- IFOK( mp_invmod(&a, &t3, &t1) );
- IFOK( mp_invmod_xgcd(&a, &t3, &c) );
-
- if (mp_cmp(&t1, &c) != 0) {
- mp_toradix(&t1, g_intbuf, 16);
- mp_toradix(&c, a_intbuf, 16);
- reason("error: invmod test 12 computed %s, expected %s\n",
- g_intbuf, a_intbuf);
- return 1;
- }
-
- mp_clear(&a); mp_clear(&m); mp_clear(&c);
- mp_clear(&t1); mp_clear(&t2); mp_clear(&t3); mp_clear(&t4);
- mp_clear(&p1); mp_clear(&p2); mp_clear(&p3); mp_clear(&p4); mp_clear(&p5);
-
- return 0;
-}
+ mp_int a, m, c;
+ mp_int p1, p2, p3, p4, p5;
+ mp_int t1, t2, t3, t4;
+ mp_err res;
-/*------------------------------------------------------------------------*/
+ /* 5 128-bit primes. */
+ static const char ivp1[] = { "AAD8A5A2A2BEF644BAEE7DB0CA643719" };
+ static const char ivp2[] = { "CB371AD2B79A90BCC88D0430663E40B9" };
+ static const char ivp3[] = { "C6C818D4DF2618406CA09280C0400099" };
+ static const char ivp4[] = { "CE949C04512E68918006B1F0D7E93F27" };
+ static const char ivp5[] = { "F8EE999B6416645040687440E0B89F51" };
-int test_cmp_d(void)
-{
- mp_int a;
+ mp_init(&a);
+ mp_init(&m);
+ mp_read_radix(&a, mp2, 16);
+ mp_read_radix(&m, mp7, 16);
- mp_init(&a); mp_read_radix(&a, mp8, 16);
+ IFOK(mp_invmod(&a, &m, &a));
- if(mp_cmp_d(&a, md8) >= 0) {
- reason("error: %s >= " DIGIT_FMT "\n", mp8, md8);
+ mp_toradix(&a, g_intbuf, 16);
mp_clear(&a);
- return 1;
- }
+ mp_clear(&m);
+
+ if (strcmp(g_intbuf, i_mp27) != 0) {
+ reason("error: invmod test 1 computed %s, expected %s\n", g_intbuf, i_mp27);
+ return 1;
+ }
+
+ mp_init(&a);
+ mp_init(&m);
+ mp_read_radix(&a, mp20, 16);
+ mp_read_radix(&m, mp19, 16);
- mp_read_radix(&a, mp5, 16);
+ IFOK(mp_invmod(&a, &m, &a));
- if(mp_cmp_d(&a, md8) <= 0) {
- reason("error: %s <= " DIGIT_FMT "\n", mp5, md8);
+ mp_toradix(&a, g_intbuf, 16);
mp_clear(&a);
- return 1;
- }
+ mp_clear(&m);
- mp_read_radix(&a, mp6, 16);
+ if (strcmp(g_intbuf, i_mp2019) != 0) {
+ reason("error: invmod test 2 computed %s, expected %s\n", g_intbuf, i_mp2019);
+ return 1;
+ }
- if(mp_cmp_d(&a, md1) != 0) {
- reason("error: %s != " DIGIT_FMT "\n", mp6, md1);
+ /* Need the following test cases:
+ Odd modulus
+ - a is odd, relatively prime to m
+ - a is odd, not relatively prime to m
+ - a is even, relatively prime to m
+ - a is even, not relatively prime to m
+ Even modulus
+ - a is even (should fail)
+ - a is odd, not relatively prime to m
+ - a is odd, relatively prime to m,
+ m is not a power of 2
+ - m has factor 2**k, k < 32
+ - m has factor 2**k, k > 32
+ m is a power of 2, 2**k
+ - k < 32
+ - k > 32
+ */
+
+ mp_init(&a);
+ mp_init(&m);
+ mp_init(&c);
+ mp_init(&p1);
+ mp_init(&p2);
+ mp_init(&p3);
+ mp_init(&p4);
+ mp_init(&p5);
+ mp_init(&t1);
+ mp_init(&t2);
+ mp_init(&t3);
+ mp_init(&t4);
+
+ mp_read_radix(&p1, ivp1, 16);
+ mp_read_radix(&p2, ivp2, 16);
+ mp_read_radix(&p3, ivp3, 16);
+ mp_read_radix(&p4, ivp4, 16);
+ mp_read_radix(&p5, ivp5, 16);
+
+ IFOK(mp_2expt(&t2, 68)); /* t2 = 2**68 */
+ IFOK(mp_2expt(&t3, 128)); /* t3 = 2**128 */
+ IFOK(mp_2expt(&t4, 31)); /* t4 = 2**31 */
+
+ /* test 3: Odd modulus - a is odd, relatively prime to m */
+
+ IFOK(mp_mul(&p1, &p2, &a));
+ IFOK(mp_mul(&p3, &p4, &m));
+ IFOK(mp_invmod(&a, &m, &t1));
+ IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+ if (mp_cmp(&t1, &c) != 0) {
+ mp_toradix(&t1, g_intbuf, 16);
+ mp_toradix(&c, a_intbuf, 16);
+ reason("error: invmod test 3 computed %s, expected %s\n",
+ g_intbuf, a_intbuf);
+ return 1;
+ }
mp_clear(&a);
- return 1;
- }
+ mp_clear(&t1);
+ mp_clear(&c);
+ mp_init(&a);
+ mp_init(&t1);
+ mp_init(&c);
+
+ /* test 4: Odd modulus - a is odd, NOT relatively prime to m */
+
+ IFOK(mp_mul(&p1, &p3, &a));
+ /* reuse same m as before */
+
+ res = mp_invmod_xgcd(&a, &m, &c);
+ if (res != MP_UNDEF)
+ goto CLEANUP4;
+
+ res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+ if (res != MP_UNDEF) {
+ CLEANUP4:
+ reason("error: invmod test 4 succeeded, should have failed.\n");
+ return 1;
+ }
+ mp_clear(&a);
+ mp_clear(&t1);
+ mp_clear(&c);
+ mp_init(&a);
+ mp_init(&t1);
+ mp_init(&c);
+
+ /* test 5: Odd modulus - a is even, relatively prime to m */
+
+ IFOK(mp_mul(&p1, &t2, &a));
+ /* reuse m */
+ IFOK(mp_invmod(&a, &m, &t1));
+ IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+ if (mp_cmp(&t1, &c) != 0) {
+ mp_toradix(&t1, g_intbuf, 16);
+ mp_toradix(&c, a_intbuf, 16);
+ reason("error: invmod test 5 computed %s, expected %s\n",
+ g_intbuf, a_intbuf);
+ return 1;
+ }
+ mp_clear(&a);
+ mp_clear(&t1);
+ mp_clear(&c);
+ mp_init(&a);
+ mp_init(&t1);
+ mp_init(&c);
+
+ /* test 6: Odd modulus - a is odd, NOT relatively prime to m */
+
+ /* reuse t2 */
+ IFOK(mp_mul(&t2, &p3, &a));
+ /* reuse same m as before */
+
+ res = mp_invmod_xgcd(&a, &m, &c);
+ if (res != MP_UNDEF)
+ goto CLEANUP6;
+
+ res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+ if (res != MP_UNDEF) {
+ CLEANUP6:
+ reason("error: invmod test 6 succeeded, should have failed.\n");
+ return 1;
+ }
+ mp_clear(&a);
+ mp_clear(&m);
+ mp_clear(&c);
+ mp_clear(&t1);
+ mp_init(&a);
+ mp_init(&m);
+ mp_init(&c);
+ mp_init(&t1);
+
+ /* test 7: Even modulus, even a, should fail */
+
+ IFOK(mp_mul(&p3, &t3, &m)); /* even m */
+ /* reuse t2 */
+ IFOK(mp_mul(&p1, &t2, &a)); /* even a */
+
+ res = mp_invmod_xgcd(&a, &m, &c);
+ if (res != MP_UNDEF)
+ goto CLEANUP7;
+
+ res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+ if (res != MP_UNDEF) {
+ CLEANUP7:
+ reason("error: invmod test 7 succeeded, should have failed.\n");
+ return 1;
+ }
+ mp_clear(&a);
+ mp_clear(&c);
+ mp_clear(&t1);
+ mp_init(&a);
+ mp_init(&c);
+ mp_init(&t1);
+
+ /* test 8: Even modulus - a is odd, not relatively prime to m */
+
+ /* reuse m */
+ IFOK(mp_mul(&p3, &p1, &a)); /* even a */
+
+ res = mp_invmod_xgcd(&a, &m, &c);
+ if (res != MP_UNDEF)
+ goto CLEANUP8;
+
+ res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+ if (res != MP_UNDEF) {
+ CLEANUP8:
+ reason("error: invmod test 8 succeeded, should have failed.\n");
+ return 1;
+ }
+ mp_clear(&a);
+ mp_clear(&m);
+ mp_clear(&c);
+ mp_clear(&t1);
+ mp_init(&a);
+ mp_init(&m);
+ mp_init(&c);
+ mp_init(&t1);
+
+ /* test 9: Even modulus - m has factor 2**k, k < 32
+ * - a is odd, relatively prime to m,
+ */
+ IFOK(mp_mul(&p3, &t4, &m)); /* even m */
+ IFOK(mp_mul(&p1, &p2, &a));
+ IFOK(mp_invmod(&a, &m, &t1));
+ IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+ if (mp_cmp(&t1, &c) != 0) {
+ mp_toradix(&t1, g_intbuf, 16);
+ mp_toradix(&c, a_intbuf, 16);
+ reason("error: invmod test 9 computed %s, expected %s\n",
+ g_intbuf, a_intbuf);
+ return 1;
+ }
+ mp_clear(&m);
+ mp_clear(&t1);
+ mp_clear(&c);
+ mp_init(&m);
+ mp_init(&t1);
+ mp_init(&c);
+
+ /* test 10: Even modulus - m has factor 2**k, k > 32
+ * - a is odd, relatively prime to m,
+ */
+ IFOK(mp_mul(&p3, &t3, &m)); /* even m */
+ /* reuse a */
+ IFOK(mp_invmod(&a, &m, &t1));
+ IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+ if (mp_cmp(&t1, &c) != 0) {
+ mp_toradix(&t1, g_intbuf, 16);
+ mp_toradix(&c, a_intbuf, 16);
+ reason("error: invmod test 10 computed %s, expected %s\n",
+ g_intbuf, a_intbuf);
+ return 1;
+ }
+ mp_clear(&t1);
+ mp_clear(&c);
+ mp_init(&t1);
+ mp_init(&c);
+
+ /* test 11: Even modulus - m is a power of 2, 2**k | k < 32
+ * - a is odd, relatively prime to m,
+ */
+ IFOK(mp_invmod(&a, &t4, &t1));
+ IFOK(mp_invmod_xgcd(&a, &t4, &c));
+
+ if (mp_cmp(&t1, &c) != 0) {
+ mp_toradix(&t1, g_intbuf, 16);
+ mp_toradix(&c, a_intbuf, 16);
+ reason("error: invmod test 11 computed %s, expected %s\n",
+ g_intbuf, a_intbuf);
+ return 1;
+ }
+ mp_clear(&t1);
+ mp_clear(&c);
+ mp_init(&t1);
+ mp_init(&c);
+
+ /* test 12: Even modulus - m is a power of 2, 2**k | k > 32
+ * - a is odd, relatively prime to m,
+ */
+ IFOK(mp_invmod(&a, &t3, &t1));
+ IFOK(mp_invmod_xgcd(&a, &t3, &c));
+
+ if (mp_cmp(&t1, &c) != 0) {
+ mp_toradix(&t1, g_intbuf, 16);
+ mp_toradix(&c, a_intbuf, 16);
+ reason("error: invmod test 12 computed %s, expected %s\n",
+ g_intbuf, a_intbuf);
+ return 1;
+ }
- mp_clear(&a);
- return 0;
+ mp_clear(&a);
+ mp_clear(&m);
+ mp_clear(&c);
+ mp_clear(&t1);
+ mp_clear(&t2);
+ mp_clear(&t3);
+ mp_clear(&t4);
+ mp_clear(&p1);
+ mp_clear(&p2);
+ mp_clear(&p3);
+ mp_clear(&p4);
+ mp_clear(&p5);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_cmp_z(void)
+int
+test_cmp_d(void)
{
- mp_int a;
+ mp_int a;
- mp_init(&a); mp_read_radix(&a, mp6, 16);
+ mp_init(&a);
+ mp_read_radix(&a, mp8, 16);
- if(mp_cmp_z(&a) != 0) {
- reason("error: someone thinks a zero value is non-zero\n");
- mp_clear(&a);
- return 1;
- }
+ if (mp_cmp_d(&a, md8) >= 0) {
+ reason("error: %s >= " DIGIT_FMT "\n", mp8, md8);
+ mp_clear(&a);
+ return 1;
+ }
- mp_read_radix(&a, mp1, 16);
-
- if(mp_cmp_z(&a) <= 0) {
- reason("error: someone thinks a positive value is non-positive\n");
- mp_clear(&a);
- return 1;
- }
+ mp_read_radix(&a, mp5, 16);
- mp_read_radix(&a, mp4, 16);
+ if (mp_cmp_d(&a, md8) <= 0) {
+ reason("error: %s <= " DIGIT_FMT "\n", mp5, md8);
+ mp_clear(&a);
+ return 1;
+ }
- if(mp_cmp_z(&a) >= 0) {
- reason("error: someone thinks a negative value is non-negative\n");
- mp_clear(&a);
- return 1;
- }
+ mp_read_radix(&a, mp6, 16);
- mp_clear(&a);
- return 0;
+ if (mp_cmp_d(&a, md1) != 0) {
+ reason("error: %s != " DIGIT_FMT "\n", mp6, md1);
+ mp_clear(&a);
+ return 1;
+ }
+
+ mp_clear(&a);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_cmp(void)
+int
+test_cmp_z(void)
{
- mp_int a, b;
-
- mp_init(&a); mp_init(&b);
- mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
-
- if(mp_cmp(&a, &b) <= 0) {
- reason("error: %s <= %s\n", mp3, mp4);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
-
- mp_read_radix(&b, mp3, 16);
- if(mp_cmp(&a, &b) != 0) {
- reason("error: %s != %s\n", mp3, mp3);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
-
- mp_read_radix(&a, mp5, 16);
- if(mp_cmp(&a, &b) >= 0) {
- reason("error: %s >= %s\n", mp5, mp3);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
-
- mp_clear(&a); mp_clear(&b);
- return 0;
+ mp_int a;
+
+ mp_init(&a);
+ mp_read_radix(&a, mp6, 16);
+
+ if (mp_cmp_z(&a) != 0) {
+ reason("error: someone thinks a zero value is non-zero\n");
+ mp_clear(&a);
+ return 1;
+ }
+
+ mp_read_radix(&a, mp1, 16);
+
+ if (mp_cmp_z(&a) <= 0) {
+ reason("error: someone thinks a positive value is non-positive\n");
+ mp_clear(&a);
+ return 1;
+ }
+
+ mp_read_radix(&a, mp4, 16);
+
+ if (mp_cmp_z(&a) >= 0) {
+ reason("error: someone thinks a negative value is non-negative\n");
+ mp_clear(&a);
+ return 1;
+ }
+
+ mp_clear(&a);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_cmp_mag(void)
+int
+test_cmp(void)
{
- mp_int a, b;
-
- mp_init(&a); mp_init(&b);
- mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp4, 16);
-
- if(mp_cmp_mag(&a, &b) >= 0) {
- reason("error: %s >= %s\n", mp5, mp4);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
-
- mp_read_radix(&b, mp5, 16);
- if(mp_cmp_mag(&a, &b) != 0) {
- reason("error: %s != %s\n", mp5, mp5);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
-
- mp_read_radix(&a, mp1, 16);
- if(mp_cmp_mag(&b, &a) >= 0) {
- reason("error: %s >= %s\n", mp5, mp1);
- mp_clear(&a); mp_clear(&b);
- return 1;
- }
-
- mp_clear(&a); mp_clear(&b);
- return 0;
+ mp_int a, b;
+
+ mp_init(&a);
+ mp_init(&b);
+ mp_read_radix(&a, mp3, 16);
+ mp_read_radix(&b, mp4, 16);
+
+ if (mp_cmp(&a, &b) <= 0) {
+ reason("error: %s <= %s\n", mp3, mp4);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
+ mp_read_radix(&b, mp3, 16);
+ if (mp_cmp(&a, &b) != 0) {
+ reason("error: %s != %s\n", mp3, mp3);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
+
+ mp_read_radix(&a, mp5, 16);
+ if (mp_cmp(&a, &b) >= 0) {
+ reason("error: %s >= %s\n", mp5, mp3);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
+
+ mp_clear(&a);
+ mp_clear(&b);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_parity(void)
+int
+test_cmp_mag(void)
{
- mp_int a;
+ mp_int a, b;
+
+ mp_init(&a);
+ mp_init(&b);
+ mp_read_radix(&a, mp5, 16);
+ mp_read_radix(&b, mp4, 16);
+
+ if (mp_cmp_mag(&a, &b) >= 0) {
+ reason("error: %s >= %s\n", mp5, mp4);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
- mp_init(&a); mp_read_radix(&a, mp1, 16);
+ mp_read_radix(&b, mp5, 16);
+ if (mp_cmp_mag(&a, &b) != 0) {
+ reason("error: %s != %s\n", mp5, mp5);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
- if(!mp_isodd(&a)) {
- reason("error: expected operand to be odd, but it isn't\n");
- mp_clear(&a);
- return 1;
- }
+ mp_read_radix(&a, mp1, 16);
+ if (mp_cmp_mag(&b, &a) >= 0) {
+ reason("error: %s >= %s\n", mp5, mp1);
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
- mp_read_radix(&a, mp6, 16);
-
- if(!mp_iseven(&a)) {
- reason("error: expected operand to be even, but it isn't\n");
mp_clear(&a);
- return 1;
- }
-
- mp_clear(&a);
- return 0;
+ mp_clear(&b);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_gcd(void)
+int
+test_parity(void)
{
- mp_int a, b;
- int out = 0;
+ mp_int a;
- mp_init(&a); mp_init(&b);
- mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp1, 16);
+ mp_init(&a);
+ mp_read_radix(&a, mp1, 16);
- mp_gcd(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
+ if (!mp_isodd(&a)) {
+ reason("error: expected operand to be odd, but it isn't\n");
+ mp_clear(&a);
+ return 1;
+ }
- if(strcmp(g_intbuf, g_mp71) != 0) {
- reason("error: computed %s, expected %s\n", g_intbuf, g_mp71);
- out = 1;
- }
+ mp_read_radix(&a, mp6, 16);
- mp_clear(&a); mp_clear(&b);
- return out;
+ if (!mp_iseven(&a)) {
+ reason("error: expected operand to be even, but it isn't\n");
+ mp_clear(&a);
+ return 1;
+ }
+ mp_clear(&a);
+ return 0;
}
/*------------------------------------------------------------------------*/
-int test_lcm(void)
+int
+test_gcd(void)
{
- mp_int a, b;
- int out = 0;
-
- mp_init(&a); mp_init(&b);
- mp_read_radix(&a, mp10, 16); mp_read_radix(&b, mp11, 16);
-
- mp_lcm(&a, &b, &a);
- mp_toradix(&a, g_intbuf, 16);
+ mp_int a, b;
+ int out = 0;
- if(strcmp(g_intbuf, l_mp1011) != 0) {
- reason("error: computed %s, expected%s\n", g_intbuf, l_mp1011);
- out = 1;
- }
+ mp_init(&a);
+ mp_init(&b);
+ mp_read_radix(&a, mp7, 16);
+ mp_read_radix(&b, mp1, 16);
- mp_clear(&a); mp_clear(&b);
+ mp_gcd(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
- return out;
+ if (strcmp(g_intbuf, g_mp71) != 0) {
+ reason("error: computed %s, expected %s\n", g_intbuf, g_mp71);
+ out = 1;
+ }
+ mp_clear(&a);
+ mp_clear(&b);
+ return out;
}
/*------------------------------------------------------------------------*/
-int test_convert(void)
+int
+test_lcm(void)
{
- int ix;
- mp_int a;
+ mp_int a, b;
+ int out = 0;
- mp_init(&a); mp_read_radix(&a, mp9, 16);
+ mp_init(&a);
+ mp_init(&b);
+ mp_read_radix(&a, mp10, 16);
+ mp_read_radix(&b, mp11, 16);
- for(ix = LOW_RADIX; ix <= HIGH_RADIX; ix++) {
- mp_toradix(&a, g_intbuf, ix);
+ mp_lcm(&a, &b, &a);
+ mp_toradix(&a, g_intbuf, 16);
- if(strcmp(g_intbuf, v_mp9[ix - LOW_RADIX]) != 0) {
- reason("error: radix %d, computed %s, expected %s\n",
- ix, g_intbuf, v_mp9[ix - LOW_RADIX]);
- mp_clear(&a);
- return 1;
+ if (strcmp(g_intbuf, l_mp1011) != 0) {
+ reason("error: computed %s, expected%s\n", g_intbuf, l_mp1011);
+ out = 1;
}
- }
- mp_clear(&a);
- return 0;
+ mp_clear(&a);
+ mp_clear(&b);
+
+ return out;
}
/*------------------------------------------------------------------------*/
-int test_raw(void)
+int
+test_convert(void)
{
- int len, out = 0;
- mp_int a;
- char *buf;
+ int ix;
+ mp_int a;
- mp_init(&a); mp_read_radix(&a, mp4, 16);
+ mp_init(&a);
+ mp_read_radix(&a, mp9, 16);
+
+ for (ix = LOW_RADIX; ix <= HIGH_RADIX; ix++) {
+ mp_toradix(&a, g_intbuf, ix);
+
+ if (strcmp(g_intbuf, v_mp9[ix - LOW_RADIX]) != 0) {
+ reason("error: radix %d, computed %s, expected %s\n",
+ ix, g_intbuf, v_mp9[ix - LOW_RADIX]);
+ mp_clear(&a);
+ return 1;
+ }
+ }
- len = mp_raw_size(&a);
- if(len != sizeof(b_mp4)) {
- reason("error: test_raw: expected length %d, computed %d\n", sizeof(b_mp4),
- len);
mp_clear(&a);
- return 1;
- }
+ return 0;
+}
+
+/*------------------------------------------------------------------------*/
- buf = calloc(len, sizeof(char));
- mp_toraw(&a, buf);
+int
+test_raw(void)
+{
+ int len, out = 0;
+ mp_int a;
+ char *buf;
+
+ mp_init(&a);
+ mp_read_radix(&a, mp4, 16);
+
+ len = mp_raw_size(&a);
+ if (len != sizeof(b_mp4)) {
+ reason("error: test_raw: expected length %d, computed %d\n", sizeof(b_mp4),
+ len);
+ mp_clear(&a);
+ return 1;
+ }
- if(memcmp(buf, b_mp4, sizeof(b_mp4)) != 0) {
- reason("error: test_raw: binary output does not match test vector\n");
- out = 1;
- }
+ buf = calloc(len, sizeof(char));
+ mp_toraw(&a, buf);
- free(buf);
- mp_clear(&a);
+ if (memcmp(buf, b_mp4, sizeof(b_mp4)) != 0) {
+ reason("error: test_raw: binary output does not match test vector\n");
+ out = 1;
+ }
- return out;
+ free(buf);
+ mp_clear(&a);
+ return out;
}
/*------------------------------------------------------------------------*/
-int test_pprime(void)
+int
+test_pprime(void)
{
- mp_int p;
- int err = 0;
- mp_err res;
-
- mp_init(&p);
- mp_read_radix(&p, mp7, 16);
-
- if(mpp_pprime(&p, 5) != MP_YES) {
- reason("error: %s failed Rabin-Miller test, but is prime\n", mp7);
- err = 1;
- }
-
- IFOK( mp_set_int(&p, 9) );
- res = mpp_pprime(&p, 50);
- if (res == MP_YES) {
- reason("error: 9 is composite but passed Rabin-Miller test\n");
- err = 1;
- } else if (res != MP_NO) {
- reason("test mpp_pprime(9, 50) failed: error %d\n", res);
- err = 1;
- }
-
- IFOK( mp_set_int(&p, 15) );
- res = mpp_pprime(&p, 50);
- if (res == MP_YES) {
- reason("error: 15 is composite but passed Rabin-Miller test\n");
- err = 1;
- } else if (res != MP_NO) {
- reason("test mpp_pprime(15, 50) failed: error %d\n", res);
- err = 1;
- }
-
- mp_clear(&p);
-
- return err;
+ mp_int p;
+ int err = 0;
+ mp_err res;
+
+ mp_init(&p);
+ mp_read_radix(&p, mp7, 16);
+ if (mpp_pprime(&p, 5) != MP_YES) {
+ reason("error: %s failed Rabin-Miller test, but is prime\n", mp7);
+ err = 1;
+ }
+
+ IFOK(mp_set_int(&p, 9));
+ res = mpp_pprime(&p, 50);
+ if (res == MP_YES) {
+ reason("error: 9 is composite but passed Rabin-Miller test\n");
+ err = 1;
+ } else if (res != MP_NO) {
+ reason("test mpp_pprime(9, 50) failed: error %d\n", res);
+ err = 1;
+ }
+
+ IFOK(mp_set_int(&p, 15));
+ res = mpp_pprime(&p, 50);
+ if (res == MP_YES) {
+ reason("error: 15 is composite but passed Rabin-Miller test\n");
+ err = 1;
+ } else if (res != MP_NO) {
+ reason("test mpp_pprime(15, 50) failed: error %d\n", res);
+ err = 1;
+ }
+
+ mp_clear(&p);
+
+ return err;
}
/*------------------------------------------------------------------------*/
-int test_fermat(void)
+int
+test_fermat(void)
{
- mp_int p;
- mp_err res;
- int err = 0;
+ mp_int p;
+ mp_err res;
+ int err = 0;
- mp_init(&p);
- mp_read_radix(&p, mp7, 16);
-
- if((res = mpp_fermat(&p, 2)) != MP_YES) {
- reason("error: %s failed Fermat test on 2: %s\n", mp7,
- mp_strerror(res));
- ++err;
- }
+ mp_init(&p);
+ mp_read_radix(&p, mp7, 16);
- if((res = mpp_fermat(&p, 3)) != MP_YES) {
- reason("error: %s failed Fermat test on 3: %s\n", mp7,
- mp_strerror(res));
- ++err;
- }
+ if ((res = mpp_fermat(&p, 2)) != MP_YES) {
+ reason("error: %s failed Fermat test on 2: %s\n", mp7,
+ mp_strerror(res));
+ ++err;
+ }
- mp_clear(&p);
+ if ((res = mpp_fermat(&p, 3)) != MP_YES) {
+ reason("error: %s failed Fermat test on 3: %s\n", mp7,
+ mp_strerror(res));
+ ++err;
+ }
- return err;
+ mp_clear(&p);
+ return err;
}
/*------------------------------------------------------------------------*/
/* Like fprintf(), but only if we are behaving in a verbose manner */
-void reason(char *fmt, ...)
+void
+reason(char *fmt, ...)
{
- va_list ap;
+ va_list ap;
- if(!g_verbose)
- return;
+ if (!g_verbose)
+ return;
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
- va_end(ap);
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
}
/*------------------------------------------------------------------------*/
diff --git a/lib/freebl/mpi/mpi.c b/lib/freebl/mpi/mpi.c
index 194f3b3fd..13a2f0266 100644
--- a/lib/freebl/mpi/mpi.c
+++ b/lib/freebl/mpi/mpi.c
@@ -26,7 +26,7 @@
#if MP_LOGTAB
/*
A table of the logs of 2 for various bases (the 0 and 1 entries of
- this table are meaningless and should not be referenced).
+ this table are meaningless and should not be referenced).
This table is used to compute output lengths for the mp_toradix()
function. Since a number n in radix r takes up about log_r(n)
@@ -36,7 +36,7 @@
log_r(n) = log_2(n) * log_r(2)
This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
- which are the output bases supported.
+ which are the output bases supported.
*/
#include "logtab.h"
#endif
@@ -45,20 +45,20 @@
/* Constant strings returned by mp_strerror() */
static const char *mp_err_string[] = {
- "unknown result code", /* say what? */
- "boolean true", /* MP_OKAY, MP_YES */
- "boolean false", /* MP_NO */
- "out of memory", /* MP_MEM */
- "argument out of range", /* MP_RANGE */
- "invalid input parameter", /* MP_BADARG */
- "result is undefined" /* MP_UNDEF */
+ "unknown result code", /* say what? */
+ "boolean true", /* MP_OKAY, MP_YES */
+ "boolean false", /* MP_NO */
+ "out of memory", /* MP_MEM */
+ "argument out of range", /* MP_RANGE */
+ "invalid input parameter", /* MP_BADARG */
+ "result is undefined" /* MP_UNDEF */
};
/* Value to digit maps for radix conversion */
/* s_dmap_1 - standard digits and letters */
-static const char *s_dmap_1 =
- "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
+static const char *s_dmap_1 =
+ "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
/* }}} */
@@ -67,18 +67,20 @@ static const char *s_dmap_1 =
/* Default precision for newly created mp_int's */
static mp_size s_mp_defprec = MP_DEFPREC;
-mp_size mp_get_prec(void)
+mp_size
+mp_get_prec(void)
{
- return s_mp_defprec;
+ return s_mp_defprec;
} /* end mp_get_prec() */
-void mp_set_prec(mp_size prec)
+void
+mp_set_prec(mp_size prec)
{
- if(prec == 0)
- s_mp_defprec = MP_DEFPREC;
- else
- s_mp_defprec = prec;
+ if (prec == 0)
+ s_mp_defprec = MP_DEFPREC;
+ else
+ s_mp_defprec = prec;
} /* end mp_set_prec() */
@@ -94,9 +96,10 @@ void mp_set_prec(mp_size prec)
MP_MEM if memory could not be allocated for the structure.
*/
-mp_err mp_init(mp_int *mp)
+mp_err
+mp_init(mp_int *mp)
{
- return mp_init_size(mp, s_mp_defprec);
+ return mp_init_size(mp, s_mp_defprec);
} /* end mp_init() */
@@ -112,19 +115,20 @@ mp_err mp_init(mp_int *mp)
not be allocated for the structure.
*/
-mp_err mp_init_size(mp_int *mp, mp_size prec)
+mp_err
+mp_init_size(mp_int *mp, mp_size prec)
{
- ARGCHK(mp != NULL && prec > 0, MP_BADARG);
+ ARGCHK(mp != NULL && prec > 0, MP_BADARG);
- prec = MP_ROUNDUP(prec, s_mp_defprec);
- if((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL)
- return MP_MEM;
+ prec = MP_ROUNDUP(prec, s_mp_defprec);
+ if ((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL)
+ return MP_MEM;
- SIGN(mp) = ZPOS;
- USED(mp) = 1;
- ALLOC(mp) = prec;
+ SIGN(mp) = ZPOS;
+ USED(mp) = 1;
+ ALLOC(mp) = prec;
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_init_size() */
@@ -140,22 +144,23 @@ mp_err mp_init_size(mp_int *mp, mp_size prec)
structure.
*/
-mp_err mp_init_copy(mp_int *mp, const mp_int *from)
+mp_err
+mp_init_copy(mp_int *mp, const mp_int *from)
{
- ARGCHK(mp != NULL && from != NULL, MP_BADARG);
+ ARGCHK(mp != NULL && from != NULL, MP_BADARG);
- if(mp == from)
- return MP_OKAY;
+ if (mp == from)
+ return MP_OKAY;
- if((DIGITS(mp) = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
- return MP_MEM;
+ if ((DIGITS(mp) = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
+ return MP_MEM;
- s_mp_copy(DIGITS(from), DIGITS(mp), USED(from));
- USED(mp) = USED(from);
- ALLOC(mp) = ALLOC(from);
- SIGN(mp) = SIGN(from);
+ s_mp_copy(DIGITS(from), DIGITS(mp), USED(from));
+ USED(mp) = USED(from);
+ ALLOC(mp) = ALLOC(from);
+ SIGN(mp) = SIGN(from);
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_init_copy() */
@@ -171,48 +176,49 @@ mp_err mp_init_copy(mp_int *mp, const mp_int *from)
instead). If 'from' and 'to' are identical, nothing happens.
*/
-mp_err mp_copy(const mp_int *from, mp_int *to)
+mp_err
+mp_copy(const mp_int *from, mp_int *to)
{
- ARGCHK(from != NULL && to != NULL, MP_BADARG);
+ ARGCHK(from != NULL && to != NULL, MP_BADARG);
- if(from == to)
- return MP_OKAY;
+ if (from == to)
+ return MP_OKAY;
- { /* copy */
- mp_digit *tmp;
+ { /* copy */
+ mp_digit *tmp;
- /*
- If the allocated buffer in 'to' already has enough space to hold
- all the used digits of 'from', we'll re-use it to avoid hitting
- the memory allocater more than necessary; otherwise, we'd have
- to grow anyway, so we just allocate a hunk and make the copy as
- usual
- */
- if(ALLOC(to) >= USED(from)) {
- s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from));
- s_mp_copy(DIGITS(from), DIGITS(to), USED(from));
-
- } else {
- if((tmp = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
- return MP_MEM;
+ /*
+ If the allocated buffer in 'to' already has enough space to hold
+ all the used digits of 'from', we'll re-use it to avoid hitting
+ the memory allocater more than necessary; otherwise, we'd have
+ to grow anyway, so we just allocate a hunk and make the copy as
+ usual
+ */
+ if (ALLOC(to) >= USED(from)) {
+ s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from));
+ s_mp_copy(DIGITS(from), DIGITS(to), USED(from));
- s_mp_copy(DIGITS(from), tmp, USED(from));
+ } else {
+ if ((tmp = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
+ return MP_MEM;
- if(DIGITS(to) != NULL) {
- s_mp_setz(DIGITS(to), ALLOC(to));
- s_mp_free(DIGITS(to));
- }
+ s_mp_copy(DIGITS(from), tmp, USED(from));
- DIGITS(to) = tmp;
- ALLOC(to) = ALLOC(from);
- }
+ if (DIGITS(to) != NULL) {
+ s_mp_setz(DIGITS(to), ALLOC(to));
+ s_mp_free(DIGITS(to));
+ }
- /* Copy the precision and sign from the original */
- USED(to) = USED(from);
- SIGN(to) = SIGN(from);
- } /* end copy */
+ DIGITS(to) = tmp;
+ ALLOC(to) = ALLOC(from);
+ }
- return MP_OKAY;
+ /* Copy the precision and sign from the original */
+ USED(to) = USED(from);
+ SIGN(to) = SIGN(from);
+ } /* end copy */
+
+ return MP_OKAY;
} /* end mp_copy() */
@@ -228,16 +234,17 @@ mp_err mp_copy(const mp_int *from, mp_int *to)
locals it creates...). This cannot fail.
*/
-void mp_exch(mp_int *mp1, mp_int *mp2)
+void
+mp_exch(mp_int *mp1, mp_int *mp2)
{
#if MP_ARGCHK == 2
- assert(mp1 != NULL && mp2 != NULL);
+ assert(mp1 != NULL && mp2 != NULL);
#else
- if(mp1 == NULL || mp2 == NULL)
- return;
+ if (mp1 == NULL || mp2 == NULL)
+ return;
#endif
- s_mp_exch(mp1, mp2);
+ s_mp_exch(mp1, mp2);
} /* end mp_exch() */
@@ -253,19 +260,20 @@ void mp_exch(mp_int *mp1, mp_int *mp2)
get tollchocked.
*/
-void mp_clear(mp_int *mp)
+void
+mp_clear(mp_int *mp)
{
- if(mp == NULL)
- return;
+ if (mp == NULL)
+ return;
- if(DIGITS(mp) != NULL) {
- s_mp_setz(DIGITS(mp), ALLOC(mp));
- s_mp_free(DIGITS(mp));
- DIGITS(mp) = NULL;
- }
+ if (DIGITS(mp) != NULL) {
+ s_mp_setz(DIGITS(mp), ALLOC(mp));
+ s_mp_free(DIGITS(mp));
+ DIGITS(mp) = NULL;
+ }
- USED(mp) = 0;
- ALLOC(mp) = 0;
+ USED(mp) = 0;
+ ALLOC(mp) = 0;
} /* end mp_clear() */
@@ -274,19 +282,20 @@ void mp_clear(mp_int *mp)
/* {{{ mp_zero(mp) */
/*
- mp_zero(mp)
+ mp_zero(mp)
Set mp to zero. Does not change the allocated size of the structure,
and therefore cannot fail (except on a bad argument, which we ignore)
*/
-void mp_zero(mp_int *mp)
+void
+mp_zero(mp_int *mp)
{
- if(mp == NULL)
- return;
+ if (mp == NULL)
+ return;
- s_mp_setz(DIGITS(mp), ALLOC(mp));
- USED(mp) = 1;
- SIGN(mp) = ZPOS;
+ s_mp_setz(DIGITS(mp), ALLOC(mp));
+ USED(mp) = 1;
+ SIGN(mp) = ZPOS;
} /* end mp_zero() */
@@ -294,13 +303,14 @@ void mp_zero(mp_int *mp)
/* {{{ mp_set(mp, d) */
-void mp_set(mp_int *mp, mp_digit d)
+void
+mp_set(mp_int *mp, mp_digit d)
{
- if(mp == NULL)
- return;
+ if (mp == NULL)
+ return;
- mp_zero(mp);
- DIGIT(mp, 0) = d;
+ mp_zero(mp);
+ DIGIT(mp, 0) = d;
} /* end mp_set() */
@@ -308,34 +318,35 @@ void mp_set(mp_int *mp, mp_digit d)
/* {{{ mp_set_int(mp, z) */
-mp_err mp_set_int(mp_int *mp, long z)
+mp_err
+mp_set_int(mp_int *mp, long z)
{
- int ix;
- unsigned long v = labs(z);
- mp_err res;
+ int ix;
+ unsigned long v = labs(z);
+ mp_err res;
- ARGCHK(mp != NULL, MP_BADARG);
+ ARGCHK(mp != NULL, MP_BADARG);
- mp_zero(mp);
- if(z == 0)
- return MP_OKAY; /* shortcut for zero */
+ mp_zero(mp);
+ if (z == 0)
+ return MP_OKAY; /* shortcut for zero */
- if (sizeof v <= sizeof(mp_digit)) {
- DIGIT(mp,0) = v;
- } else {
- for (ix = sizeof(long) - 1; ix >= 0; ix--) {
- if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
- return res;
-
- res = s_mp_add_d(mp, (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX));
- if (res != MP_OKAY)
- return res;
+ if (sizeof v <= sizeof(mp_digit)) {
+ DIGIT(mp, 0) = v;
+ } else {
+ for (ix = sizeof(long) - 1; ix >= 0; ix--) {
+ if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
+ return res;
+
+ res = s_mp_add_d(mp, (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX));
+ if (res != MP_OKAY)
+ return res;
+ }
}
- }
- if(z < 0)
- SIGN(mp) = NEG;
+ if (z < 0)
+ SIGN(mp) = NEG;
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_set_int() */
@@ -343,30 +354,31 @@ mp_err mp_set_int(mp_int *mp, long z)
/* {{{ mp_set_ulong(mp, z) */
-mp_err mp_set_ulong(mp_int *mp, unsigned long z)
+mp_err
+mp_set_ulong(mp_int *mp, unsigned long z)
{
- int ix;
- mp_err res;
+ int ix;
+ mp_err res;
- ARGCHK(mp != NULL, MP_BADARG);
+ ARGCHK(mp != NULL, MP_BADARG);
- mp_zero(mp);
- if(z == 0)
- return MP_OKAY; /* shortcut for zero */
+ mp_zero(mp);
+ if (z == 0)
+ return MP_OKAY; /* shortcut for zero */
- if (sizeof z <= sizeof(mp_digit)) {
- DIGIT(mp,0) = z;
- } else {
- for (ix = sizeof(long) - 1; ix >= 0; ix--) {
- if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
- return res;
-
- res = s_mp_add_d(mp, (mp_digit)((z >> (ix * CHAR_BIT)) & UCHAR_MAX));
- if (res != MP_OKAY)
- return res;
+ if (sizeof z <= sizeof(mp_digit)) {
+ DIGIT(mp, 0) = z;
+ } else {
+ for (ix = sizeof(long) - 1; ix >= 0; ix--) {
+ if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
+ return res;
+
+ res = s_mp_add_d(mp, (mp_digit)((z >> (ix * CHAR_BIT)) & UCHAR_MAX));
+ if (res != MP_OKAY)
+ return res;
+ }
}
- }
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_set_ulong() */
/* }}} */
@@ -383,36 +395,37 @@ mp_err mp_set_ulong(mp_int *mp, unsigned long z)
its primary addend (single digits are unsigned anyway).
*/
-mp_err mp_add_d(const mp_int *a, mp_digit d, mp_int *b)
+mp_err
+mp_add_d(const mp_int *a, mp_digit d, mp_int *b)
{
- mp_int tmp;
- mp_err res;
+ mp_int tmp;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
- return res;
+ if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+ return res;
- if(SIGN(&tmp) == ZPOS) {
- if((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
- goto CLEANUP;
- } else if(s_mp_cmp_d(&tmp, d) >= 0) {
- if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
- goto CLEANUP;
- } else {
- mp_neg(&tmp, &tmp);
+ if (SIGN(&tmp) == ZPOS) {
+ if ((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
+ goto CLEANUP;
+ } else if (s_mp_cmp_d(&tmp, d) >= 0) {
+ if ((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
+ goto CLEANUP;
+ } else {
+ mp_neg(&tmp, &tmp);
- DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
- }
+ DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
+ }
- if(s_mp_cmp_d(&tmp, 0) == 0)
- SIGN(&tmp) = ZPOS;
+ if (s_mp_cmp_d(&tmp, 0) == 0)
+ SIGN(&tmp) = ZPOS;
- s_mp_exch(&tmp, b);
+ s_mp_exch(&tmp, b);
CLEANUP:
- mp_clear(&tmp);
- return res;
+ mp_clear(&tmp);
+ return res;
} /* end mp_add_d() */
@@ -427,37 +440,38 @@ CLEANUP:
sign of its subtrahend (single digits are unsigned anyway).
*/
-mp_err mp_sub_d(const mp_int *a, mp_digit d, mp_int *b)
+mp_err
+mp_sub_d(const mp_int *a, mp_digit d, mp_int *b)
{
- mp_int tmp;
- mp_err res;
+ mp_int tmp;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
- return res;
+ if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+ return res;
- if(SIGN(&tmp) == NEG) {
- if((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
- goto CLEANUP;
- } else if(s_mp_cmp_d(&tmp, d) >= 0) {
- if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
- goto CLEANUP;
- } else {
- mp_neg(&tmp, &tmp);
+ if (SIGN(&tmp) == NEG) {
+ if ((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
+ goto CLEANUP;
+ } else if (s_mp_cmp_d(&tmp, d) >= 0) {
+ if ((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
+ goto CLEANUP;
+ } else {
+ mp_neg(&tmp, &tmp);
- DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
- SIGN(&tmp) = NEG;
- }
+ DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
+ SIGN(&tmp) = NEG;
+ }
- if(s_mp_cmp_d(&tmp, 0) == 0)
- SIGN(&tmp) = ZPOS;
+ if (s_mp_cmp_d(&tmp, 0) == 0)
+ SIGN(&tmp) = ZPOS;
- s_mp_exch(&tmp, b);
+ s_mp_exch(&tmp, b);
CLEANUP:
- mp_clear(&tmp);
- return res;
+ mp_clear(&tmp);
+ return res;
} /* end mp_sub_d() */
@@ -472,23 +486,24 @@ CLEANUP:
of its multiplicand (single digits are unsigned anyway)
*/
-mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b)
+mp_err
+mp_mul_d(const mp_int *a, mp_digit d, mp_int *b)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if(d == 0) {
- mp_zero(b);
- return MP_OKAY;
- }
+ if (d == 0) {
+ mp_zero(b);
+ return MP_OKAY;
+ }
- if((res = mp_copy(a, b)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, b)) != MP_OKAY)
+ return res;
- res = s_mp_mul_d(b, d);
+ res = s_mp_mul_d(b, d);
- return res;
+ return res;
} /* end mp_mul_d() */
@@ -496,16 +511,17 @@ mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b)
/* {{{ mp_mul_2(a, c) */
-mp_err mp_mul_2(const mp_int *a, mp_int *c)
+mp_err
+mp_mul_2(const mp_int *a, mp_int *c)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && c != NULL, MP_BADARG);
- if((res = mp_copy(a, c)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, c)) != MP_OKAY)
+ return res;
- return s_mp_mul_2(c);
+ return s_mp_mul_2(c);
} /* end mp_mul_2() */
@@ -521,55 +537,56 @@ mp_err mp_mul_2(const mp_int *a, mp_int *c)
unsigned anyway).
*/
-mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r)
+mp_err
+mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r)
{
- mp_err res;
- mp_int qp;
- mp_digit rem = 0;
- int pow;
+ mp_err res;
+ mp_int qp;
+ mp_digit rem = 0;
+ int pow;
- ARGCHK(a != NULL, MP_BADARG);
+ ARGCHK(a != NULL, MP_BADARG);
- if(d == 0)
- return MP_RANGE;
+ if (d == 0)
+ return MP_RANGE;
- /* Shortcut for powers of two ... */
- if((pow = s_mp_ispow2d(d)) >= 0) {
- mp_digit mask;
+ /* Shortcut for powers of two ... */
+ if ((pow = s_mp_ispow2d(d)) >= 0) {
+ mp_digit mask;
- mask = ((mp_digit)1 << pow) - 1;
- rem = DIGIT(a, 0) & mask;
+ mask = ((mp_digit)1 << pow) - 1;
+ rem = DIGIT(a, 0) & mask;
- if(q) {
- if((res = mp_copy(a, q)) != MP_OKAY) {
- return res;
- }
- s_mp_div_2d(q, pow);
- }
+ if (q) {
+ if ((res = mp_copy(a, q)) != MP_OKAY) {
+ return res;
+ }
+ s_mp_div_2d(q, pow);
+ }
- if(r)
- *r = rem;
+ if (r)
+ *r = rem;
- return MP_OKAY;
- }
+ return MP_OKAY;
+ }
- if((res = mp_init_copy(&qp, a)) != MP_OKAY)
- return res;
+ if ((res = mp_init_copy(&qp, a)) != MP_OKAY)
+ return res;
- res = s_mp_div_d(&qp, d, &rem);
+ res = s_mp_div_d(&qp, d, &rem);
- if(s_mp_cmp_d(&qp, 0) == 0)
- SIGN(q) = ZPOS;
+ if (s_mp_cmp_d(&qp, 0) == 0)
+ SIGN(q) = ZPOS;
- if(r) {
- *r = rem;
- }
+ if (r) {
+ *r = rem;
+ }
- if(q)
- s_mp_exch(&qp, q);
+ if (q)
+ s_mp_exch(&qp, q);
- mp_clear(&qp);
- return res;
+ mp_clear(&qp);
+ return res;
} /* end mp_div_d() */
@@ -583,18 +600,19 @@ mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r)
Compute c = a / 2, disregarding the remainder.
*/
-mp_err mp_div_2(const mp_int *a, mp_int *c)
+mp_err
+mp_div_2(const mp_int *a, mp_int *c)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && c != NULL, MP_BADARG);
- if((res = mp_copy(a, c)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, c)) != MP_OKAY)
+ return res;
- s_mp_div_2(c);
+ s_mp_div_2(c);
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_div_2() */
@@ -602,40 +620,41 @@ mp_err mp_div_2(const mp_int *a, mp_int *c)
/* {{{ mp_expt_d(a, d, b) */
-mp_err mp_expt_d(const mp_int *a, mp_digit d, mp_int *c)
+mp_err
+mp_expt_d(const mp_int *a, mp_digit d, mp_int *c)
{
- mp_int s, x;
- mp_err res;
+ mp_int s, x;
+ mp_err res;
- ARGCHK(a != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && c != NULL, MP_BADARG);
- if((res = mp_init(&s)) != MP_OKAY)
- return res;
- if((res = mp_init_copy(&x, a)) != MP_OKAY)
- goto X;
+ if ((res = mp_init(&s)) != MP_OKAY)
+ return res;
+ if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+ goto X;
- DIGIT(&s, 0) = 1;
+ DIGIT(&s, 0) = 1;
- while(d != 0) {
- if(d & 1) {
- if((res = s_mp_mul(&s, &x)) != MP_OKAY)
- goto CLEANUP;
- }
+ while (d != 0) {
+ if (d & 1) {
+ if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+ goto CLEANUP;
+ }
- d /= 2;
+ d /= 2;
- if((res = s_mp_sqr(&x)) != MP_OKAY)
- goto CLEANUP;
- }
+ if ((res = s_mp_sqr(&x)) != MP_OKAY)
+ goto CLEANUP;
+ }
- s_mp_exch(&s, c);
+ s_mp_exch(&s, c);
CLEANUP:
- mp_clear(&x);
+ mp_clear(&x);
X:
- mp_clear(&s);
+ mp_clear(&s);
- return res;
+ return res;
} /* end mp_expt_d() */
@@ -654,18 +673,19 @@ X:
Compute b = |a|. 'a' and 'b' may be identical.
*/
-mp_err mp_abs(const mp_int *a, mp_int *b)
+mp_err
+mp_abs(const mp_int *a, mp_int *b)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if((res = mp_copy(a, b)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, b)) != MP_OKAY)
+ return res;
- SIGN(b) = ZPOS;
+ SIGN(b) = ZPOS;
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_abs() */
@@ -679,21 +699,22 @@ mp_err mp_abs(const mp_int *a, mp_int *b)
Compute b = -a. 'a' and 'b' may be identical.
*/
-mp_err mp_neg(const mp_int *a, mp_int *b)
+mp_err
+mp_neg(const mp_int *a, mp_int *b)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if((res = mp_copy(a, b)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, b)) != MP_OKAY)
+ return res;
- if(s_mp_cmp_d(b, 0) == MP_EQ)
- SIGN(b) = ZPOS;
- else
- SIGN(b) = (SIGN(b) == NEG) ? ZPOS : NEG;
+ if (s_mp_cmp_d(b, 0) == MP_EQ)
+ SIGN(b) = ZPOS;
+ else
+ SIGN(b) = (SIGN(b) == NEG) ? ZPOS : NEG;
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_neg() */
@@ -707,25 +728,26 @@ mp_err mp_neg(const mp_int *a, mp_int *b)
Compute c = a + b. All parameters may be identical.
*/
-mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err
+mp_add(const mp_int *a, const mp_int *b, mp_int *c)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
- if(SIGN(a) == SIGN(b)) { /* same sign: add values, keep sign */
- MP_CHECKOK( s_mp_add_3arg(a, b, c) );
- } else if(s_mp_cmp(a, b) >= 0) { /* different sign: |a| >= |b| */
- MP_CHECKOK( s_mp_sub_3arg(a, b, c) );
- } else { /* different sign: |a| < |b| */
- MP_CHECKOK( s_mp_sub_3arg(b, a, c) );
- }
+ if (SIGN(a) == SIGN(b)) { /* same sign: add values, keep sign */
+ MP_CHECKOK(s_mp_add_3arg(a, b, c));
+ } else if (s_mp_cmp(a, b) >= 0) { /* different sign: |a| >= |b| */
+ MP_CHECKOK(s_mp_sub_3arg(a, b, c));
+ } else { /* different sign: |a| < |b| */
+ MP_CHECKOK(s_mp_sub_3arg(b, a, c));
+ }
- if (s_mp_cmp_d(c, 0) == MP_EQ)
- SIGN(c) = ZPOS;
+ if (s_mp_cmp_d(c, 0) == MP_EQ)
+ SIGN(c) = ZPOS;
CLEANUP:
- return res;
+ return res;
} /* end mp_add() */
@@ -739,35 +761,36 @@ CLEANUP:
Compute c = a - b. All parameters may be identical.
*/
-mp_err mp_sub(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err
+mp_sub(const mp_int *a, const mp_int *b, mp_int *c)
{
- mp_err res;
- int magDiff;
+ mp_err res;
+ int magDiff;
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
- if (a == b) {
- mp_zero(c);
- return MP_OKAY;
- }
+ if (a == b) {
+ mp_zero(c);
+ return MP_OKAY;
+ }
- if (MP_SIGN(a) != MP_SIGN(b)) {
- MP_CHECKOK( s_mp_add_3arg(a, b, c) );
- } else if (!(magDiff = s_mp_cmp(a, b))) {
- mp_zero(c);
- res = MP_OKAY;
- } else if (magDiff > 0) {
- MP_CHECKOK( s_mp_sub_3arg(a, b, c) );
- } else {
- MP_CHECKOK( s_mp_sub_3arg(b, a, c) );
- MP_SIGN(c) = !MP_SIGN(a);
- }
+ if (MP_SIGN(a) != MP_SIGN(b)) {
+ MP_CHECKOK(s_mp_add_3arg(a, b, c));
+ } else if (!(magDiff = s_mp_cmp(a, b))) {
+ mp_zero(c);
+ res = MP_OKAY;
+ } else if (magDiff > 0) {
+ MP_CHECKOK(s_mp_sub_3arg(a, b, c));
+ } else {
+ MP_CHECKOK(s_mp_sub_3arg(b, a, c));
+ MP_SIGN(c) = !MP_SIGN(a);
+ }
- if (s_mp_cmp_d(c, 0) == MP_EQ)
- MP_SIGN(c) = MP_ZPOS;
+ if (s_mp_cmp_d(c, 0) == MP_EQ)
+ MP_SIGN(c) = MP_ZPOS;
CLEANUP:
- return res;
+ return res;
} /* end mp_sub() */
@@ -780,87 +803,89 @@ CLEANUP:
Compute c = a * b. All parameters may be identical.
*/
-mp_err mp_mul(const mp_int *a, const mp_int *b, mp_int * c)
+mp_err
+mp_mul(const mp_int *a, const mp_int *b, mp_int *c)
{
- mp_digit *pb;
- mp_int tmp;
- mp_err res;
- mp_size ib;
- mp_size useda, usedb;
-
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
-
- if (a == c) {
- if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
- return res;
- if (a == b)
- b = &tmp;
- a = &tmp;
- } else if (b == c) {
- if ((res = mp_init_copy(&tmp, b)) != MP_OKAY)
- return res;
- b = &tmp;
- } else {
- MP_DIGITS(&tmp) = 0;
- }
+ mp_digit *pb;
+ mp_int tmp;
+ mp_err res;
+ mp_size ib;
+ mp_size useda, usedb;
+
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+ if (a == c) {
+ if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+ return res;
+ if (a == b)
+ b = &tmp;
+ a = &tmp;
+ } else if (b == c) {
+ if ((res = mp_init_copy(&tmp, b)) != MP_OKAY)
+ return res;
+ b = &tmp;
+ } else {
+ MP_DIGITS(&tmp) = 0;
+ }
- if (MP_USED(a) < MP_USED(b)) {
- const mp_int *xch = b; /* switch a and b, to do fewer outer loops */
- b = a;
- a = xch;
- }
+ if (MP_USED(a) < MP_USED(b)) {
+ const mp_int *xch = b; /* switch a and b, to do fewer outer loops */
+ b = a;
+ a = xch;
+ }
- MP_USED(c) = 1; MP_DIGIT(c, 0) = 0;
- if((res = s_mp_pad(c, USED(a) + USED(b))) != MP_OKAY)
- goto CLEANUP;
+ MP_USED(c) = 1;
+ MP_DIGIT(c, 0) = 0;
+ if ((res = s_mp_pad(c, USED(a) + USED(b))) != MP_OKAY)
+ goto CLEANUP;
#ifdef NSS_USE_COMBA
- if ((MP_USED(a) == MP_USED(b)) && IS_POWER_OF_2(MP_USED(b))) {
- if (MP_USED(a) == 4) {
- s_mp_mul_comba_4(a, b, c);
- goto CLEANUP;
- }
- if (MP_USED(a) == 8) {
- s_mp_mul_comba_8(a, b, c);
- goto CLEANUP;
- }
- if (MP_USED(a) == 16) {
- s_mp_mul_comba_16(a, b, c);
- goto CLEANUP;
- }
- if (MP_USED(a) == 32) {
- s_mp_mul_comba_32(a, b, c);
- goto CLEANUP;
- }
- }
+ if ((MP_USED(a) == MP_USED(b)) && IS_POWER_OF_2(MP_USED(b))) {
+ if (MP_USED(a) == 4) {
+ s_mp_mul_comba_4(a, b, c);
+ goto CLEANUP;
+ }
+ if (MP_USED(a) == 8) {
+ s_mp_mul_comba_8(a, b, c);
+ goto CLEANUP;
+ }
+ if (MP_USED(a) == 16) {
+ s_mp_mul_comba_16(a, b, c);
+ goto CLEANUP;
+ }
+ if (MP_USED(a) == 32) {
+ s_mp_mul_comba_32(a, b, c);
+ goto CLEANUP;
+ }
+ }
#endif
- pb = MP_DIGITS(b);
- s_mpv_mul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c));
+ pb = MP_DIGITS(b);
+ s_mpv_mul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c));
- /* Outer loop: Digits of b */
- useda = MP_USED(a);
- usedb = MP_USED(b);
- for (ib = 1; ib < usedb; ib++) {
- mp_digit b_i = *pb++;
+ /* Outer loop: Digits of b */
+ useda = MP_USED(a);
+ usedb = MP_USED(b);
+ for (ib = 1; ib < usedb; ib++) {
+ mp_digit b_i = *pb++;
- /* Inner product: Digits of a */
- if (b_i)
- s_mpv_mul_d_add(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
- else
- MP_DIGIT(c, ib + useda) = b_i;
- }
+ /* Inner product: Digits of a */
+ if (b_i)
+ s_mpv_mul_d_add(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
+ else
+ MP_DIGIT(c, ib + useda) = b_i;
+ }
- s_mp_clamp(c);
+ s_mp_clamp(c);
- if(SIGN(a) == SIGN(b) || s_mp_cmp_d(c, 0) == MP_EQ)
- SIGN(c) = ZPOS;
- else
- SIGN(c) = NEG;
+ if (SIGN(a) == SIGN(b) || s_mp_cmp_d(c, 0) == MP_EQ)
+ SIGN(c) = ZPOS;
+ else
+ SIGN(c) = NEG;
CLEANUP:
- mp_clear(&tmp);
- return res;
+ mp_clear(&tmp);
+ return res;
} /* end mp_mul() */
/* }}} */
@@ -877,81 +902,82 @@ CLEANUP:
*/
/* sqr = a^2; Caller provides both a and tmp; */
-mp_err mp_sqr(const mp_int *a, mp_int *sqr)
+mp_err
+mp_sqr(const mp_int *a, mp_int *sqr)
{
- mp_digit *pa;
- mp_digit d;
- mp_err res;
- mp_size ix;
- mp_int tmp;
- int count;
-
- ARGCHK(a != NULL && sqr != NULL, MP_BADARG);
-
- if (a == sqr) {
- if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
- return res;
- a = &tmp;
- } else {
- DIGITS(&tmp) = 0;
- res = MP_OKAY;
- }
+ mp_digit *pa;
+ mp_digit d;
+ mp_err res;
+ mp_size ix;
+ mp_int tmp;
+ int count;
+
+ ARGCHK(a != NULL && sqr != NULL, MP_BADARG);
+
+ if (a == sqr) {
+ if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+ return res;
+ a = &tmp;
+ } else {
+ DIGITS(&tmp) = 0;
+ res = MP_OKAY;
+ }
- ix = 2 * MP_USED(a);
- if (ix > MP_ALLOC(sqr)) {
- MP_USED(sqr) = 1;
- MP_CHECKOK( s_mp_grow(sqr, ix) );
- }
- MP_USED(sqr) = ix;
- MP_DIGIT(sqr, 0) = 0;
+ ix = 2 * MP_USED(a);
+ if (ix > MP_ALLOC(sqr)) {
+ MP_USED(sqr) = 1;
+ MP_CHECKOK(s_mp_grow(sqr, ix));
+ }
+ MP_USED(sqr) = ix;
+ MP_DIGIT(sqr, 0) = 0;
#ifdef NSS_USE_COMBA
- if (IS_POWER_OF_2(MP_USED(a))) {
- if (MP_USED(a) == 4) {
- s_mp_sqr_comba_4(a, sqr);
- goto CLEANUP;
- }
- if (MP_USED(a) == 8) {
- s_mp_sqr_comba_8(a, sqr);
- goto CLEANUP;
- }
- if (MP_USED(a) == 16) {
- s_mp_sqr_comba_16(a, sqr);
- goto CLEANUP;
- }
- if (MP_USED(a) == 32) {
- s_mp_sqr_comba_32(a, sqr);
- goto CLEANUP;
- }
- }
+ if (IS_POWER_OF_2(MP_USED(a))) {
+ if (MP_USED(a) == 4) {
+ s_mp_sqr_comba_4(a, sqr);
+ goto CLEANUP;
+ }
+ if (MP_USED(a) == 8) {
+ s_mp_sqr_comba_8(a, sqr);
+ goto CLEANUP;
+ }
+ if (MP_USED(a) == 16) {
+ s_mp_sqr_comba_16(a, sqr);
+ goto CLEANUP;
+ }
+ if (MP_USED(a) == 32) {
+ s_mp_sqr_comba_32(a, sqr);
+ goto CLEANUP;
+ }
+ }
#endif
- pa = MP_DIGITS(a);
- count = MP_USED(a) - 1;
- if (count > 0) {
- d = *pa++;
- s_mpv_mul_d(pa, count, d, MP_DIGITS(sqr) + 1);
- for (ix = 3; --count > 0; ix += 2) {
- d = *pa++;
- s_mpv_mul_d_add(pa, count, d, MP_DIGITS(sqr) + ix);
- } /* for(ix ...) */
- MP_DIGIT(sqr, MP_USED(sqr)-1) = 0; /* above loop stopped short of this. */
-
- /* now sqr *= 2 */
- s_mp_mul_2(sqr);
- } else {
- MP_DIGIT(sqr, 1) = 0;
- }
-
- /* now add the squares of the digits of a to sqr. */
- s_mpv_sqr_add_prop(MP_DIGITS(a), MP_USED(a), MP_DIGITS(sqr));
-
- SIGN(sqr) = ZPOS;
- s_mp_clamp(sqr);
+ pa = MP_DIGITS(a);
+ count = MP_USED(a) - 1;
+ if (count > 0) {
+ d = *pa++;
+ s_mpv_mul_d(pa, count, d, MP_DIGITS(sqr) + 1);
+ for (ix = 3; --count > 0; ix += 2) {
+ d = *pa++;
+ s_mpv_mul_d_add(pa, count, d, MP_DIGITS(sqr) + ix);
+ } /* for(ix ...) */
+ MP_DIGIT(sqr, MP_USED(sqr) - 1) = 0; /* above loop stopped short of this. */
+
+ /* now sqr *= 2 */
+ s_mp_mul_2(sqr);
+ } else {
+ MP_DIGIT(sqr, 1) = 0;
+ }
+
+ /* now add the squares of the digits of a to sqr. */
+ s_mpv_sqr_add_prop(MP_DIGITS(a), MP_USED(a), MP_DIGITS(sqr));
+
+ SIGN(sqr) = ZPOS;
+ s_mp_clamp(sqr);
CLEANUP:
- mp_clear(&tmp);
- return res;
+ mp_clear(&tmp);
+ return res;
} /* end mp_sqr() */
#endif
@@ -967,85 +993,86 @@ CLEANUP:
as output parameters. If q or r is NULL, that portion of the
computation will be discarded (although it will still be computed)
*/
-mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r)
+mp_err
+mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r)
{
- mp_err res;
- mp_int *pQ, *pR;
- mp_int qtmp, rtmp, btmp;
- int cmp;
- mp_sign signA;
- mp_sign signB;
-
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
-
- signA = MP_SIGN(a);
- signB = MP_SIGN(b);
-
- if(mp_cmp_z(b) == MP_EQ)
- return MP_RANGE;
-
- DIGITS(&qtmp) = 0;
- DIGITS(&rtmp) = 0;
- DIGITS(&btmp) = 0;
-
- /* Set up some temporaries... */
- if (!r || r == a || r == b) {
- MP_CHECKOK( mp_init_copy(&rtmp, a) );
- pR = &rtmp;
- } else {
- MP_CHECKOK( mp_copy(a, r) );
- pR = r;
- }
-
- if (!q || q == a || q == b) {
- MP_CHECKOK( mp_init_size(&qtmp, MP_USED(a)) );
- pQ = &qtmp;
- } else {
- MP_CHECKOK( s_mp_pad(q, MP_USED(a)) );
- pQ = q;
- mp_zero(pQ);
- }
-
- /*
- If |a| <= |b|, we can compute the solution without division;
- otherwise, we actually do the work required.
- */
- if ((cmp = s_mp_cmp(a, b)) <= 0) {
- if (cmp) {
- /* r was set to a above. */
- mp_zero(pQ);
+ mp_err res;
+ mp_int *pQ, *pR;
+ mp_int qtmp, rtmp, btmp;
+ int cmp;
+ mp_sign signA;
+ mp_sign signB;
+
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+ signA = MP_SIGN(a);
+ signB = MP_SIGN(b);
+
+ if (mp_cmp_z(b) == MP_EQ)
+ return MP_RANGE;
+
+ DIGITS(&qtmp) = 0;
+ DIGITS(&rtmp) = 0;
+ DIGITS(&btmp) = 0;
+
+ /* Set up some temporaries... */
+ if (!r || r == a || r == b) {
+ MP_CHECKOK(mp_init_copy(&rtmp, a));
+ pR = &rtmp;
+ } else {
+ MP_CHECKOK(mp_copy(a, r));
+ pR = r;
+ }
+
+ if (!q || q == a || q == b) {
+ MP_CHECKOK(mp_init_size(&qtmp, MP_USED(a)));
+ pQ = &qtmp;
+ } else {
+ MP_CHECKOK(s_mp_pad(q, MP_USED(a)));
+ pQ = q;
+ mp_zero(pQ);
+ }
+
+ /*
+ If |a| <= |b|, we can compute the solution without division;
+ otherwise, we actually do the work required.
+ */
+ if ((cmp = s_mp_cmp(a, b)) <= 0) {
+ if (cmp) {
+ /* r was set to a above. */
+ mp_zero(pQ);
+ } else {
+ mp_set(pQ, 1);
+ mp_zero(pR);
+ }
} else {
- mp_set(pQ, 1);
- mp_zero(pR);
+ MP_CHECKOK(mp_init_copy(&btmp, b));
+ MP_CHECKOK(s_mp_div(pR, &btmp, pQ));
}
- } else {
- MP_CHECKOK( mp_init_copy(&btmp, b) );
- MP_CHECKOK( s_mp_div(pR, &btmp, pQ) );
- }
- /* Compute the signs for the output */
- MP_SIGN(pR) = signA; /* Sr = Sa */
- /* Sq = ZPOS if Sa == Sb */ /* Sq = NEG if Sa != Sb */
- MP_SIGN(pQ) = (signA == signB) ? ZPOS : NEG;
+ /* Compute the signs for the output */
+ MP_SIGN(pR) = signA; /* Sr = Sa */
+ /* Sq = ZPOS if Sa == Sb */ /* Sq = NEG if Sa != Sb */
+ MP_SIGN(pQ) = (signA == signB) ? ZPOS : NEG;
- if(s_mp_cmp_d(pQ, 0) == MP_EQ)
- SIGN(pQ) = ZPOS;
- if(s_mp_cmp_d(pR, 0) == MP_EQ)
- SIGN(pR) = ZPOS;
+ if (s_mp_cmp_d(pQ, 0) == MP_EQ)
+ SIGN(pQ) = ZPOS;
+ if (s_mp_cmp_d(pR, 0) == MP_EQ)
+ SIGN(pR) = ZPOS;
- /* Copy output, if it is needed */
- if(q && q != pQ)
- s_mp_exch(pQ, q);
+ /* Copy output, if it is needed */
+ if (q && q != pQ)
+ s_mp_exch(pQ, q);
- if(r && r != pR)
- s_mp_exch(pR, r);
+ if (r && r != pR)
+ s_mp_exch(pR, r);
CLEANUP:
- mp_clear(&btmp);
- mp_clear(&rtmp);
- mp_clear(&qtmp);
+ mp_clear(&btmp);
+ mp_clear(&rtmp);
+ mp_clear(&qtmp);
- return res;
+ return res;
} /* end mp_div() */
@@ -1053,28 +1080,29 @@ CLEANUP:
/* {{{ mp_div_2d(a, d, q, r) */
-mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r)
+mp_err
+mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r)
{
- mp_err res;
-
- ARGCHK(a != NULL, MP_BADARG);
-
- if(q) {
- if((res = mp_copy(a, q)) != MP_OKAY)
- return res;
- }
- if(r) {
- if((res = mp_copy(a, r)) != MP_OKAY)
- return res;
- }
- if(q) {
- s_mp_div_2d(q, d);
- }
- if(r) {
- s_mp_mod_2d(r, d);
- }
-
- return MP_OKAY;
+ mp_err res;
+
+ ARGCHK(a != NULL, MP_BADARG);
+
+ if (q) {
+ if ((res = mp_copy(a, q)) != MP_OKAY)
+ return res;
+ }
+ if (r) {
+ if ((res = mp_copy(a, r)) != MP_OKAY)
+ return res;
+ }
+ if (q) {
+ s_mp_div_2d(q, d);
+ }
+ if (r) {
+ s_mp_mod_2d(r, d);
+ }
+
+ return MP_OKAY;
} /* end mp_div_2d() */
@@ -1089,70 +1117,71 @@ mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r)
standard iterative square-and-multiply technique.
*/
-mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
+mp_err
+mp_expt(mp_int *a, mp_int *b, mp_int *c)
{
- mp_int s, x;
- mp_err res;
- mp_digit d;
- unsigned int dig, bit;
+ mp_int s, x;
+ mp_err res;
+ mp_digit d;
+ unsigned int dig, bit;
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
- if(mp_cmp_z(b) < 0)
- return MP_RANGE;
+ if (mp_cmp_z(b) < 0)
+ return MP_RANGE;
- if((res = mp_init(&s)) != MP_OKAY)
- return res;
+ if ((res = mp_init(&s)) != MP_OKAY)
+ return res;
- mp_set(&s, 1);
+ mp_set(&s, 1);
- if((res = mp_init_copy(&x, a)) != MP_OKAY)
- goto X;
+ if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+ goto X;
- /* Loop over low-order digits in ascending order */
- for(dig = 0; dig < (USED(b) - 1); dig++) {
- d = DIGIT(b, dig);
+ /* Loop over low-order digits in ascending order */
+ for (dig = 0; dig < (USED(b) - 1); dig++) {
+ d = DIGIT(b, dig);
- /* Loop over bits of each non-maximal digit */
- for(bit = 0; bit < DIGIT_BIT; bit++) {
- if(d & 1) {
- if((res = s_mp_mul(&s, &x)) != MP_OKAY)
- goto CLEANUP;
- }
+ /* Loop over bits of each non-maximal digit */
+ for (bit = 0; bit < DIGIT_BIT; bit++) {
+ if (d & 1) {
+ if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+ goto CLEANUP;
+ }
- d >>= 1;
-
- if((res = s_mp_sqr(&x)) != MP_OKAY)
- goto CLEANUP;
+ d >>= 1;
+
+ if ((res = s_mp_sqr(&x)) != MP_OKAY)
+ goto CLEANUP;
+ }
}
- }
- /* Consider now the last digit... */
- d = DIGIT(b, dig);
+ /* Consider now the last digit... */
+ d = DIGIT(b, dig);
- while(d) {
- if(d & 1) {
- if((res = s_mp_mul(&s, &x)) != MP_OKAY)
- goto CLEANUP;
- }
+ while (d) {
+ if (d & 1) {
+ if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+ goto CLEANUP;
+ }
+
+ d >>= 1;
- d >>= 1;
+ if ((res = s_mp_sqr(&x)) != MP_OKAY)
+ goto CLEANUP;
+ }
- if((res = s_mp_sqr(&x)) != MP_OKAY)
- goto CLEANUP;
- }
-
- if(mp_iseven(b))
- SIGN(&s) = SIGN(a);
+ if (mp_iseven(b))
+ SIGN(&s) = SIGN(a);
- res = mp_copy(&s, c);
+ res = mp_copy(&s, c);
CLEANUP:
- mp_clear(&x);
+ mp_clear(&x);
X:
- mp_clear(&s);
+ mp_clear(&s);
- return res;
+ return res;
} /* end mp_expt() */
@@ -1162,11 +1191,12 @@ X:
/* Compute a = 2^k */
-mp_err mp_2expt(mp_int *a, mp_digit k)
+mp_err
+mp_2expt(mp_int *a, mp_digit k)
{
- ARGCHK(a != NULL, MP_BADARG);
+ ARGCHK(a != NULL, MP_BADARG);
- return s_mp_2expt(a, k);
+ return s_mp_2expt(a, k);
} /* end mp_2expt() */
@@ -1180,19 +1210,20 @@ mp_err mp_2expt(mp_int *a, mp_digit k)
Compute c = a (mod m). Result will always be 0 <= c < m.
*/
-mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c)
+mp_err
+mp_mod(const mp_int *a, const mp_int *m, mp_int *c)
{
- mp_err res;
- int mag;
+ mp_err res;
+ int mag;
- ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
- if(SIGN(m) == NEG)
- return MP_RANGE;
+ if (SIGN(m) == NEG)
+ return MP_RANGE;
- /*
+ /*
If |a| > m, we need to divide to get the remainder and take the
- absolute value.
+ absolute value.
If |a| < m, we don't need to do any division, just copy and adjust
the sign (if a is negative).
@@ -1202,32 +1233,30 @@ mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c)
This order is intended to minimize the average path length of the
comparison chain on common workloads -- the most frequent cases are
that |a| != m, so we do those first.
- */
- if((mag = s_mp_cmp(a, m)) > 0) {
- if((res = mp_div(a, m, NULL, c)) != MP_OKAY)
- return res;
-
- if(SIGN(c) == NEG) {
- if((res = mp_add(c, m, c)) != MP_OKAY)
- return res;
- }
+ */
+ if ((mag = s_mp_cmp(a, m)) > 0) {
+ if ((res = mp_div(a, m, NULL, c)) != MP_OKAY)
+ return res;
- } else if(mag < 0) {
- if((res = mp_copy(a, c)) != MP_OKAY)
- return res;
+ if (SIGN(c) == NEG) {
+ if ((res = mp_add(c, m, c)) != MP_OKAY)
+ return res;
+ }
- if(mp_cmp_z(a) < 0) {
- if((res = mp_add(c, m, c)) != MP_OKAY)
- return res;
+ } else if (mag < 0) {
+ if ((res = mp_copy(a, c)) != MP_OKAY)
+ return res;
- }
-
- } else {
- mp_zero(c);
+ if (mp_cmp_z(a) < 0) {
+ if ((res = mp_add(c, m, c)) != MP_OKAY)
+ return res;
+ }
- }
+ } else {
+ mp_zero(c);
+ }
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_mod() */
@@ -1240,28 +1269,29 @@ mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c)
Compute c = a (mod d). Result will always be 0 <= c < d
*/
-mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c)
+mp_err
+mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c)
{
- mp_err res;
- mp_digit rem;
+ mp_err res;
+ mp_digit rem;
- ARGCHK(a != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && c != NULL, MP_BADARG);
- if(s_mp_cmp_d(a, d) > 0) {
- if((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY)
- return res;
+ if (s_mp_cmp_d(a, d) > 0) {
+ if ((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY)
+ return res;
- } else {
- if(SIGN(a) == NEG)
- rem = d - DIGIT(a, 0);
- else
- rem = DIGIT(a, 0);
- }
+ } else {
+ if (SIGN(a) == NEG)
+ rem = d - DIGIT(a, 0);
+ else
+ rem = DIGIT(a, 0);
+ }
- if(c)
- *c = rem;
+ if (c)
+ *c = rem;
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_mod_d() */
@@ -1282,68 +1312,68 @@ mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c)
It is a range error to pass a negative value.
*/
-mp_err mp_sqrt(const mp_int *a, mp_int *b)
+mp_err
+mp_sqrt(const mp_int *a, mp_int *b)
{
- mp_int x, t;
- mp_err res;
- mp_size used;
-
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
-
- /* Cannot take square root of a negative value */
- if(SIGN(a) == NEG)
- return MP_RANGE;
-
- /* Special cases for zero and one, trivial */
- if(mp_cmp_d(a, 1) <= 0)
- return mp_copy(a, b);
-
- /* Initialize the temporaries we'll use below */
- if((res = mp_init_size(&t, USED(a))) != MP_OKAY)
- return res;
+ mp_int x, t;
+ mp_err res;
+ mp_size used;
- /* Compute an initial guess for the iteration as a itself */
- if((res = mp_init_copy(&x, a)) != MP_OKAY)
- goto X;
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- used = MP_USED(&x);
- if (used > 1) {
- s_mp_rshd(&x, used / 2);
- }
+ /* Cannot take square root of a negative value */
+ if (SIGN(a) == NEG)
+ return MP_RANGE;
- for(;;) {
- /* t = (x * x) - a */
- if((res = mp_copy(&x, &t)) != MP_OKAY ||
- (res = mp_sqr(&t, &t)) != MP_OKAY ||
- (res = mp_sub(&t, a, &t)) != MP_OKAY)
- goto CLEANUP;
+ /* Special cases for zero and one, trivial */
+ if (mp_cmp_d(a, 1) <= 0)
+ return mp_copy(a, b);
- /* t = t / 2x */
- s_mp_mul_2(&x);
- if((res = mp_div(&t, &x, &t, NULL)) != MP_OKAY)
- goto CLEANUP;
- s_mp_div_2(&x);
+ /* Initialize the temporaries we'll use below */
+ if ((res = mp_init_size(&t, USED(a))) != MP_OKAY)
+ return res;
- /* Terminate the loop, if the quotient is zero */
- if(mp_cmp_z(&t) == MP_EQ)
- break;
+ /* Compute an initial guess for the iteration as a itself */
+ if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+ goto X;
- /* x = x - t */
- if((res = mp_sub(&x, &t, &x)) != MP_OKAY)
- goto CLEANUP;
+ used = MP_USED(&x);
+ if (used > 1) {
+ s_mp_rshd(&x, used / 2);
+ }
- }
+ for (;;) {
+ /* t = (x * x) - a */
+ if ((res = mp_copy(&x, &t)) != MP_OKAY ||
+ (res = mp_sqr(&t, &t)) != MP_OKAY ||
+ (res = mp_sub(&t, a, &t)) != MP_OKAY)
+ goto CLEANUP;
+
+ /* t = t / 2x */
+ s_mp_mul_2(&x);
+ if ((res = mp_div(&t, &x, &t, NULL)) != MP_OKAY)
+ goto CLEANUP;
+ s_mp_div_2(&x);
+
+ /* Terminate the loop, if the quotient is zero */
+ if (mp_cmp_z(&t) == MP_EQ)
+ break;
+
+ /* x = x - t */
+ if ((res = mp_sub(&x, &t, &x)) != MP_OKAY)
+ goto CLEANUP;
+ }
- /* Copy result to output parameter */
- MP_CHECKOK(mp_sub_d(&x, 1, &x));
- s_mp_exch(&x, b);
+ /* Copy result to output parameter */
+ MP_CHECKOK(mp_sub_d(&x, 1, &x));
+ s_mp_exch(&x, b);
- CLEANUP:
- mp_clear(&x);
- X:
- mp_clear(&t);
+CLEANUP:
+ mp_clear(&x);
+X:
+ mp_clear(&t);
- return res;
+ return res;
} /* end mp_sqrt() */
@@ -1363,19 +1393,19 @@ mp_err mp_sqrt(const mp_int *a, mp_int *b)
Compute c = (a + b) mod m
*/
-mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+mp_err
+mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
- if((res = mp_add(a, b, c)) != MP_OKAY)
- return res;
- if((res = mp_mod(c, m, c)) != MP_OKAY)
- return res;
-
- return MP_OKAY;
+ if ((res = mp_add(a, b, c)) != MP_OKAY)
+ return res;
+ if ((res = mp_mod(c, m, c)) != MP_OKAY)
+ return res;
+ return MP_OKAY;
}
/* }}} */
@@ -1388,19 +1418,19 @@ mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
Compute c = (a - b) mod m
*/
-mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+mp_err
+mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
- if((res = mp_sub(a, b, c)) != MP_OKAY)
- return res;
- if((res = mp_mod(c, m, c)) != MP_OKAY)
- return res;
-
- return MP_OKAY;
+ if ((res = mp_sub(a, b, c)) != MP_OKAY)
+ return res;
+ if ((res = mp_mod(c, m, c)) != MP_OKAY)
+ return res;
+ return MP_OKAY;
}
/* }}} */
@@ -1413,19 +1443,19 @@ mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
Compute c = (a * b) mod m
*/
-mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+mp_err
+mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
-
- if((res = mp_mul(a, b, c)) != MP_OKAY)
- return res;
- if((res = mp_mod(c, m, c)) != MP_OKAY)
- return res;
+ ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
- return MP_OKAY;
+ if ((res = mp_mul(a, b, c)) != MP_OKAY)
+ return res;
+ if ((res = mp_mod(c, m, c)) != MP_OKAY)
+ return res;
+ return MP_OKAY;
}
/* }}} */
@@ -1433,18 +1463,19 @@ mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
/* {{{ mp_sqrmod(a, m, c) */
#if MP_SQUARE
-mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c)
+mp_err
+mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
- if((res = mp_sqr(a, c)) != MP_OKAY)
- return res;
- if((res = mp_mod(c, m, c)) != MP_OKAY)
- return res;
+ if ((res = mp_sqr(a, c)) != MP_OKAY)
+ return res;
+ if ((res = mp_mod(c, m, c)) != MP_OKAY)
+ return res;
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_sqrmod() */
#endif
@@ -1459,92 +1490,93 @@ mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c)
Compute c = (a ** b) mod m. Uses a standard square-and-multiply
method with modular reductions at each step. (This is basically the
same code as mp_expt(), except for the addition of the reductions)
-
+
The modular reductions are done using Barrett's algorithm (see
s_mp_reduce() below for details)
*/
-mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+mp_err
+s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
{
- mp_int s, x, mu;
- mp_err res;
- mp_digit d;
- unsigned int dig, bit;
-
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
-
- if(mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0)
- return MP_RANGE;
-
- if((res = mp_init(&s)) != MP_OKAY)
- return res;
- if((res = mp_init_copy(&x, a)) != MP_OKAY ||
- (res = mp_mod(&x, m, &x)) != MP_OKAY)
- goto X;
- if((res = mp_init(&mu)) != MP_OKAY)
- goto MU;
-
- mp_set(&s, 1);
-
- /* mu = b^2k / m */
- if((res = s_mp_add_d(&mu, 1)) != MP_OKAY)
- goto CLEANUP;
- if((res = s_mp_lshd(&mu, 2 * USED(m))) != MP_OKAY)
- goto CLEANUP;
- if((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY)
- goto CLEANUP;
-
- /* Loop over digits of b in ascending order, except highest order */
- for(dig = 0; dig < (USED(b) - 1); dig++) {
- d = DIGIT(b, dig);
+ mp_int s, x, mu;
+ mp_err res;
+ mp_digit d;
+ unsigned int dig, bit;
- /* Loop over the bits of the lower-order digits */
- for(bit = 0; bit < DIGIT_BIT; bit++) {
- if(d & 1) {
- if((res = s_mp_mul(&s, &x)) != MP_OKAY)
- goto CLEANUP;
- if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
- goto CLEANUP;
- }
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
- d >>= 1;
+ if (mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0)
+ return MP_RANGE;
- if((res = s_mp_sqr(&x)) != MP_OKAY)
- goto CLEANUP;
- if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
- goto CLEANUP;
+ if ((res = mp_init(&s)) != MP_OKAY)
+ return res;
+ if ((res = mp_init_copy(&x, a)) != MP_OKAY ||
+ (res = mp_mod(&x, m, &x)) != MP_OKAY)
+ goto X;
+ if ((res = mp_init(&mu)) != MP_OKAY)
+ goto MU;
+
+ mp_set(&s, 1);
+
+ /* mu = b^2k / m */
+ if ((res = s_mp_add_d(&mu, 1)) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = s_mp_lshd(&mu, 2 * USED(m))) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY)
+ goto CLEANUP;
+
+ /* Loop over digits of b in ascending order, except highest order */
+ for (dig = 0; dig < (USED(b) - 1); dig++) {
+ d = DIGIT(b, dig);
+
+ /* Loop over the bits of the lower-order digits */
+ for (bit = 0; bit < DIGIT_BIT; bit++) {
+ if (d & 1) {
+ if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
+ goto CLEANUP;
+ }
+
+ d >>= 1;
+
+ if ((res = s_mp_sqr(&x)) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
+ goto CLEANUP;
+ }
}
- }
- /* Now do the last digit... */
- d = DIGIT(b, dig);
+ /* Now do the last digit... */
+ d = DIGIT(b, dig);
- while(d) {
- if(d & 1) {
- if((res = s_mp_mul(&s, &x)) != MP_OKAY)
- goto CLEANUP;
- if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
- goto CLEANUP;
- }
+ while (d) {
+ if (d & 1) {
+ if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
+ goto CLEANUP;
+ }
- d >>= 1;
+ d >>= 1;
- if((res = s_mp_sqr(&x)) != MP_OKAY)
- goto CLEANUP;
- if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
- goto CLEANUP;
- }
+ if ((res = s_mp_sqr(&x)) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
+ goto CLEANUP;
+ }
- s_mp_exch(&s, c);
+ s_mp_exch(&s, c);
- CLEANUP:
- mp_clear(&mu);
- MU:
- mp_clear(&x);
- X:
- mp_clear(&s);
+CLEANUP:
+ mp_clear(&mu);
+MU:
+ mp_clear(&x);
+X:
+ mp_clear(&s);
- return res;
+ return res;
} /* end s_mp_exptmod() */
@@ -1552,42 +1584,43 @@ mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c
/* {{{ mp_exptmod_d(a, d, m, c) */
-mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c)
+mp_err
+mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c)
{
- mp_int s, x;
- mp_err res;
+ mp_int s, x;
+ mp_err res;
- ARGCHK(a != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && c != NULL, MP_BADARG);
- if((res = mp_init(&s)) != MP_OKAY)
- return res;
- if((res = mp_init_copy(&x, a)) != MP_OKAY)
- goto X;
+ if ((res = mp_init(&s)) != MP_OKAY)
+ return res;
+ if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+ goto X;
- mp_set(&s, 1);
+ mp_set(&s, 1);
- while(d != 0) {
- if(d & 1) {
- if((res = s_mp_mul(&s, &x)) != MP_OKAY ||
- (res = mp_mod(&s, m, &s)) != MP_OKAY)
- goto CLEANUP;
- }
+ while (d != 0) {
+ if (d & 1) {
+ if ((res = s_mp_mul(&s, &x)) != MP_OKAY ||
+ (res = mp_mod(&s, m, &s)) != MP_OKAY)
+ goto CLEANUP;
+ }
- d /= 2;
+ d /= 2;
- if((res = s_mp_sqr(&x)) != MP_OKAY ||
- (res = mp_mod(&x, m, &x)) != MP_OKAY)
- goto CLEANUP;
- }
+ if ((res = s_mp_sqr(&x)) != MP_OKAY ||
+ (res = mp_mod(&x, m, &x)) != MP_OKAY)
+ goto CLEANUP;
+ }
- s_mp_exch(&s, c);
+ s_mp_exch(&s, c);
CLEANUP:
- mp_clear(&x);
+ mp_clear(&x);
X:
- mp_clear(&s);
+ mp_clear(&s);
- return res;
+ return res;
} /* end mp_exptmod_d() */
@@ -1607,14 +1640,15 @@ X:
Compare a <=> 0. Returns <0 if a<0, 0 if a=0, >0 if a>0.
*/
-int mp_cmp_z(const mp_int *a)
+int
+mp_cmp_z(const mp_int *a)
{
- if(SIGN(a) == NEG)
- return MP_LT;
- else if(USED(a) == 1 && DIGIT(a, 0) == 0)
- return MP_EQ;
- else
- return MP_GT;
+ if (SIGN(a) == NEG)
+ return MP_LT;
+ else if (USED(a) == 1 && DIGIT(a, 0) == 0)
+ return MP_EQ;
+ else
+ return MP_GT;
} /* end mp_cmp_z() */
@@ -1628,14 +1662,15 @@ int mp_cmp_z(const mp_int *a)
Compare a <=> d. Returns <0 if a<d, 0 if a=d, >0 if a>d
*/
-int mp_cmp_d(const mp_int *a, mp_digit d)
+int
+mp_cmp_d(const mp_int *a, mp_digit d)
{
- ARGCHK(a != NULL, MP_EQ);
+ ARGCHK(a != NULL, MP_EQ);
- if(SIGN(a) == NEG)
- return MP_LT;
+ if (SIGN(a) == NEG)
+ return MP_LT;
- return s_mp_cmp_d(a, d);
+ return s_mp_cmp_d(a, d);
} /* end mp_cmp_d() */
@@ -1643,26 +1678,27 @@ int mp_cmp_d(const mp_int *a, mp_digit d)
/* {{{ mp_cmp(a, b) */
-int mp_cmp(const mp_int *a, const mp_int *b)
+int
+mp_cmp(const mp_int *a, const mp_int *b)
{
- ARGCHK(a != NULL && b != NULL, MP_EQ);
+ ARGCHK(a != NULL && b != NULL, MP_EQ);
- if(SIGN(a) == SIGN(b)) {
- int mag;
+ if (SIGN(a) == SIGN(b)) {
+ int mag;
- if((mag = s_mp_cmp(a, b)) == MP_EQ)
- return MP_EQ;
+ if ((mag = s_mp_cmp(a, b)) == MP_EQ)
+ return MP_EQ;
- if(SIGN(a) == ZPOS)
- return mag;
- else
- return -mag;
+ if (SIGN(a) == ZPOS)
+ return mag;
+ else
+ return -mag;
- } else if(SIGN(a) == ZPOS) {
- return MP_GT;
- } else {
- return MP_LT;
- }
+ } else if (SIGN(a) == ZPOS) {
+ return MP_GT;
+ } else {
+ return MP_LT;
+ }
} /* end mp_cmp() */
@@ -1676,11 +1712,12 @@ int mp_cmp(const mp_int *a, const mp_int *b)
Compares |a| <=> |b|, and returns an appropriate comparison result
*/
-int mp_cmp_mag(const mp_int *a, const mp_int *b)
+int
+mp_cmp_mag(const mp_int *a, const mp_int *b)
{
- ARGCHK(a != NULL && b != NULL, MP_EQ);
+ ARGCHK(a != NULL && b != NULL, MP_EQ);
- return s_mp_cmp(a, b);
+ return s_mp_cmp(a, b);
} /* end mp_cmp_mag() */
@@ -1693,11 +1730,12 @@ int mp_cmp_mag(const mp_int *a, const mp_int *b)
Returns a true (non-zero) value if a is odd, false (zero) otherwise.
*/
-int mp_isodd(const mp_int *a)
+int
+mp_isodd(const mp_int *a)
{
- ARGCHK(a != NULL, 0);
+ ARGCHK(a != NULL, 0);
- return (int)(DIGIT(a, 0) & 1);
+ return (int)(DIGIT(a, 0) & 1);
} /* end mp_isodd() */
@@ -1705,9 +1743,10 @@ int mp_isodd(const mp_int *a)
/* {{{ mp_iseven(a) */
-int mp_iseven(const mp_int *a)
+int
+mp_iseven(const mp_int *a)
{
- return !mp_isodd(a);
+ return !mp_isodd(a);
} /* end mp_iseven() */
@@ -1725,94 +1764,94 @@ int mp_iseven(const mp_int *a)
Like the old mp_gcd() function, except computes the GCD using the
binary algorithm due to Josef Stein in 1961 (via Knuth).
*/
-mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c)
+mp_err
+mp_gcd(mp_int *a, mp_int *b, mp_int *c)
{
- mp_err res;
- mp_int u, v, t;
- mp_size k = 0;
-
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+ mp_err res;
+ mp_int u, v, t;
+ mp_size k = 0;
+
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+ if (mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ)
+ return MP_RANGE;
+ if (mp_cmp_z(a) == MP_EQ) {
+ return mp_copy(b, c);
+ } else if (mp_cmp_z(b) == MP_EQ) {
+ return mp_copy(a, c);
+ }
- if(mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ)
- return MP_RANGE;
- if(mp_cmp_z(a) == MP_EQ) {
- return mp_copy(b, c);
- } else if(mp_cmp_z(b) == MP_EQ) {
- return mp_copy(a, c);
- }
+ if ((res = mp_init(&t)) != MP_OKAY)
+ return res;
+ if ((res = mp_init_copy(&u, a)) != MP_OKAY)
+ goto U;
+ if ((res = mp_init_copy(&v, b)) != MP_OKAY)
+ goto V;
+
+ SIGN(&u) = ZPOS;
+ SIGN(&v) = ZPOS;
+
+ /* Divide out common factors of 2 until at least 1 of a, b is even */
+ while (mp_iseven(&u) && mp_iseven(&v)) {
+ s_mp_div_2(&u);
+ s_mp_div_2(&v);
+ ++k;
+ }
- if((res = mp_init(&t)) != MP_OKAY)
- return res;
- if((res = mp_init_copy(&u, a)) != MP_OKAY)
- goto U;
- if((res = mp_init_copy(&v, b)) != MP_OKAY)
- goto V;
-
- SIGN(&u) = ZPOS;
- SIGN(&v) = ZPOS;
-
- /* Divide out common factors of 2 until at least 1 of a, b is even */
- while(mp_iseven(&u) && mp_iseven(&v)) {
- s_mp_div_2(&u);
- s_mp_div_2(&v);
- ++k;
- }
-
- /* Initialize t */
- if(mp_isodd(&u)) {
- if((res = mp_copy(&v, &t)) != MP_OKAY)
- goto CLEANUP;
-
- /* t = -v */
- if(SIGN(&v) == ZPOS)
- SIGN(&t) = NEG;
- else
- SIGN(&t) = ZPOS;
-
- } else {
- if((res = mp_copy(&u, &t)) != MP_OKAY)
- goto CLEANUP;
+ /* Initialize t */
+ if (mp_isodd(&u)) {
+ if ((res = mp_copy(&v, &t)) != MP_OKAY)
+ goto CLEANUP;
- }
+ /* t = -v */
+ if (SIGN(&v) == ZPOS)
+ SIGN(&t) = NEG;
+ else
+ SIGN(&t) = ZPOS;
- for(;;) {
- while(mp_iseven(&t)) {
- s_mp_div_2(&t);
+ } else {
+ if ((res = mp_copy(&u, &t)) != MP_OKAY)
+ goto CLEANUP;
}
- if(mp_cmp_z(&t) == MP_GT) {
- if((res = mp_copy(&t, &u)) != MP_OKAY)
- goto CLEANUP;
+ for (;;) {
+ while (mp_iseven(&t)) {
+ s_mp_div_2(&t);
+ }
- } else {
- if((res = mp_copy(&t, &v)) != MP_OKAY)
- goto CLEANUP;
+ if (mp_cmp_z(&t) == MP_GT) {
+ if ((res = mp_copy(&t, &u)) != MP_OKAY)
+ goto CLEANUP;
- /* v = -t */
- if(SIGN(&t) == ZPOS)
- SIGN(&v) = NEG;
- else
- SIGN(&v) = ZPOS;
- }
+ } else {
+ if ((res = mp_copy(&t, &v)) != MP_OKAY)
+ goto CLEANUP;
+
+ /* v = -t */
+ if (SIGN(&t) == ZPOS)
+ SIGN(&v) = NEG;
+ else
+ SIGN(&v) = ZPOS;
+ }
- if((res = mp_sub(&u, &v, &t)) != MP_OKAY)
- goto CLEANUP;
+ if ((res = mp_sub(&u, &v, &t)) != MP_OKAY)
+ goto CLEANUP;
- if(s_mp_cmp_d(&t, 0) == MP_EQ)
- break;
- }
+ if (s_mp_cmp_d(&t, 0) == MP_EQ)
+ break;
+ }
- s_mp_2expt(&v, k); /* v = 2^k */
- res = mp_mul(&u, &v, c); /* c = u * v */
+ s_mp_2expt(&v, k); /* v = 2^k */
+ res = mp_mul(&u, &v, c); /* c = u * v */
- CLEANUP:
- mp_clear(&v);
- V:
- mp_clear(&u);
- U:
- mp_clear(&t);
+CLEANUP:
+ mp_clear(&v);
+V:
+ mp_clear(&u);
+U:
+ mp_clear(&t);
- return res;
+ return res;
} /* end mp_gcd() */
@@ -1827,32 +1866,33 @@ mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c)
... by computing the product, and dividing out the gcd.
*/
-mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c)
+mp_err
+mp_lcm(mp_int *a, mp_int *b, mp_int *c)
{
- mp_int gcd, prod;
- mp_err res;
+ mp_int gcd, prod;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
- /* Set up temporaries */
- if((res = mp_init(&gcd)) != MP_OKAY)
- return res;
- if((res = mp_init(&prod)) != MP_OKAY)
- goto GCD;
+ /* Set up temporaries */
+ if ((res = mp_init(&gcd)) != MP_OKAY)
+ return res;
+ if ((res = mp_init(&prod)) != MP_OKAY)
+ goto GCD;
- if((res = mp_mul(a, b, &prod)) != MP_OKAY)
- goto CLEANUP;
- if((res = mp_gcd(a, b, &gcd)) != MP_OKAY)
- goto CLEANUP;
+ if ((res = mp_mul(a, b, &prod)) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = mp_gcd(a, b, &gcd)) != MP_OKAY)
+ goto CLEANUP;
- res = mp_div(&prod, &gcd, c, NULL);
+ res = mp_div(&prod, &gcd, c, NULL);
- CLEANUP:
- mp_clear(&prod);
- GCD:
- mp_clear(&gcd);
+CLEANUP:
+ mp_clear(&prod);
+GCD:
+ mp_clear(&gcd);
- return res;
+ return res;
} /* end mp_lcm() */
@@ -1869,156 +1909,161 @@ mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c)
See algorithm 14.61 in Handbook of Applied Cryptogrpahy.
*/
-mp_err mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y)
+mp_err
+mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y)
{
- mp_int gx, xc, yc, u, v, A, B, C, D;
- mp_int *clean[9];
- mp_err res;
- int last = -1;
-
- if(mp_cmp_z(b) == 0)
- return MP_RANGE;
-
- /* Initialize all these variables we need */
- MP_CHECKOK( mp_init(&u) );
- clean[++last] = &u;
- MP_CHECKOK( mp_init(&v) );
- clean[++last] = &v;
- MP_CHECKOK( mp_init(&gx) );
- clean[++last] = &gx;
- MP_CHECKOK( mp_init(&A) );
- clean[++last] = &A;
- MP_CHECKOK( mp_init(&B) );
- clean[++last] = &B;
- MP_CHECKOK( mp_init(&C) );
- clean[++last] = &C;
- MP_CHECKOK( mp_init(&D) );
- clean[++last] = &D;
- MP_CHECKOK( mp_init_copy(&xc, a) );
- clean[++last] = &xc;
- mp_abs(&xc, &xc);
- MP_CHECKOK( mp_init_copy(&yc, b) );
- clean[++last] = &yc;
- mp_abs(&yc, &yc);
-
- mp_set(&gx, 1);
-
- /* Divide by two until at least one of them is odd */
- while(mp_iseven(&xc) && mp_iseven(&yc)) {
- mp_size nx = mp_trailing_zeros(&xc);
- mp_size ny = mp_trailing_zeros(&yc);
- mp_size n = MP_MIN(nx, ny);
- s_mp_div_2d(&xc,n);
- s_mp_div_2d(&yc,n);
- MP_CHECKOK( s_mp_mul_2d(&gx,n) );
- }
-
- MP_CHECKOK(mp_copy(&xc, &u));
- MP_CHECKOK(mp_copy(&yc, &v));
- mp_set(&A, 1); mp_set(&D, 1);
-
- /* Loop through binary GCD algorithm */
- do {
- while(mp_iseven(&u)) {
- s_mp_div_2(&u);
-
- if(mp_iseven(&A) && mp_iseven(&B)) {
- s_mp_div_2(&A); s_mp_div_2(&B);
- } else {
- MP_CHECKOK( mp_add(&A, &yc, &A) );
- s_mp_div_2(&A);
- MP_CHECKOK( mp_sub(&B, &xc, &B) );
- s_mp_div_2(&B);
- }
- }
-
- while(mp_iseven(&v)) {
- s_mp_div_2(&v);
-
- if(mp_iseven(&C) && mp_iseven(&D)) {
- s_mp_div_2(&C); s_mp_div_2(&D);
- } else {
- MP_CHECKOK( mp_add(&C, &yc, &C) );
- s_mp_div_2(&C);
- MP_CHECKOK( mp_sub(&D, &xc, &D) );
- s_mp_div_2(&D);
- }
- }
-
- if(mp_cmp(&u, &v) >= 0) {
- MP_CHECKOK( mp_sub(&u, &v, &u) );
- MP_CHECKOK( mp_sub(&A, &C, &A) );
- MP_CHECKOK( mp_sub(&B, &D, &B) );
- } else {
- MP_CHECKOK( mp_sub(&v, &u, &v) );
- MP_CHECKOK( mp_sub(&C, &A, &C) );
- MP_CHECKOK( mp_sub(&D, &B, &D) );
+ mp_int gx, xc, yc, u, v, A, B, C, D;
+ mp_int *clean[9];
+ mp_err res;
+ int last = -1;
+
+ if (mp_cmp_z(b) == 0)
+ return MP_RANGE;
+
+ /* Initialize all these variables we need */
+ MP_CHECKOK(mp_init(&u));
+ clean[++last] = &u;
+ MP_CHECKOK(mp_init(&v));
+ clean[++last] = &v;
+ MP_CHECKOK(mp_init(&gx));
+ clean[++last] = &gx;
+ MP_CHECKOK(mp_init(&A));
+ clean[++last] = &A;
+ MP_CHECKOK(mp_init(&B));
+ clean[++last] = &B;
+ MP_CHECKOK(mp_init(&C));
+ clean[++last] = &C;
+ MP_CHECKOK(mp_init(&D));
+ clean[++last] = &D;
+ MP_CHECKOK(mp_init_copy(&xc, a));
+ clean[++last] = &xc;
+ mp_abs(&xc, &xc);
+ MP_CHECKOK(mp_init_copy(&yc, b));
+ clean[++last] = &yc;
+ mp_abs(&yc, &yc);
+
+ mp_set(&gx, 1);
+
+ /* Divide by two until at least one of them is odd */
+ while (mp_iseven(&xc) && mp_iseven(&yc)) {
+ mp_size nx = mp_trailing_zeros(&xc);
+ mp_size ny = mp_trailing_zeros(&yc);
+ mp_size n = MP_MIN(nx, ny);
+ s_mp_div_2d(&xc, n);
+ s_mp_div_2d(&yc, n);
+ MP_CHECKOK(s_mp_mul_2d(&gx, n));
}
- } while (mp_cmp_z(&u) != 0);
-
- /* copy results to output */
- if(x)
- MP_CHECKOK( mp_copy(&C, x) );
- if(y)
- MP_CHECKOK( mp_copy(&D, y) );
-
- if(g)
- MP_CHECKOK( mp_mul(&gx, &v, g) );
+ MP_CHECKOK(mp_copy(&xc, &u));
+ MP_CHECKOK(mp_copy(&yc, &v));
+ mp_set(&A, 1);
+ mp_set(&D, 1);
+
+ /* Loop through binary GCD algorithm */
+ do {
+ while (mp_iseven(&u)) {
+ s_mp_div_2(&u);
+
+ if (mp_iseven(&A) && mp_iseven(&B)) {
+ s_mp_div_2(&A);
+ s_mp_div_2(&B);
+ } else {
+ MP_CHECKOK(mp_add(&A, &yc, &A));
+ s_mp_div_2(&A);
+ MP_CHECKOK(mp_sub(&B, &xc, &B));
+ s_mp_div_2(&B);
+ }
+ }
+
+ while (mp_iseven(&v)) {
+ s_mp_div_2(&v);
+
+ if (mp_iseven(&C) && mp_iseven(&D)) {
+ s_mp_div_2(&C);
+ s_mp_div_2(&D);
+ } else {
+ MP_CHECKOK(mp_add(&C, &yc, &C));
+ s_mp_div_2(&C);
+ MP_CHECKOK(mp_sub(&D, &xc, &D));
+ s_mp_div_2(&D);
+ }
+ }
+
+ if (mp_cmp(&u, &v) >= 0) {
+ MP_CHECKOK(mp_sub(&u, &v, &u));
+ MP_CHECKOK(mp_sub(&A, &C, &A));
+ MP_CHECKOK(mp_sub(&B, &D, &B));
+ } else {
+ MP_CHECKOK(mp_sub(&v, &u, &v));
+ MP_CHECKOK(mp_sub(&C, &A, &C));
+ MP_CHECKOK(mp_sub(&D, &B, &D));
+ }
+ } while (mp_cmp_z(&u) != 0);
+
+ /* copy results to output */
+ if (x)
+ MP_CHECKOK(mp_copy(&C, x));
+
+ if (y)
+ MP_CHECKOK(mp_copy(&D, y));
+
+ if (g)
+ MP_CHECKOK(mp_mul(&gx, &v, g));
- CLEANUP:
- while(last >= 0)
- mp_clear(clean[last--]);
+CLEANUP:
+ while (last >= 0)
+ mp_clear(clean[last--]);
- return res;
+ return res;
} /* end mp_xgcd() */
/* }}} */
-mp_size mp_trailing_zeros(const mp_int *mp)
+mp_size
+mp_trailing_zeros(const mp_int *mp)
{
- mp_digit d;
- mp_size n = 0;
- unsigned int ix;
+ mp_digit d;
+ mp_size n = 0;
+ unsigned int ix;
- if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp))
- return n;
+ if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp))
+ return n;
- for (ix = 0; !(d = MP_DIGIT(mp,ix)) && (ix < MP_USED(mp)); ++ix)
- n += MP_DIGIT_BIT;
- if (!d)
- return 0; /* shouldn't happen, but ... */
+ for (ix = 0; !(d = MP_DIGIT(mp, ix)) && (ix < MP_USED(mp)); ++ix)
+ n += MP_DIGIT_BIT;
+ if (!d)
+ return 0; /* shouldn't happen, but ... */
#if !defined(MP_USE_UINT_DIGIT)
- if (!(d & 0xffffffffU)) {
- d >>= 32;
- n += 32;
- }
+ if (!(d & 0xffffffffU)) {
+ d >>= 32;
+ n += 32;
+ }
#endif
- if (!(d & 0xffffU)) {
- d >>= 16;
- n += 16;
- }
- if (!(d & 0xffU)) {
- d >>= 8;
- n += 8;
- }
- if (!(d & 0xfU)) {
- d >>= 4;
- n += 4;
- }
- if (!(d & 0x3U)) {
- d >>= 2;
- n += 2;
- }
- if (!(d & 0x1U)) {
- d >>= 1;
- n += 1;
- }
+ if (!(d & 0xffffU)) {
+ d >>= 16;
+ n += 16;
+ }
+ if (!(d & 0xffU)) {
+ d >>= 8;
+ n += 8;
+ }
+ if (!(d & 0xfU)) {
+ d >>= 4;
+ n += 4;
+ }
+ if (!(d & 0x3U)) {
+ d >>= 2;
+ n += 2;
+ }
+ if (!(d & 0x1U)) {
+ d >>= 1;
+ n += 1;
+ }
#if MP_ARGCHK == 2
- assert(0 != (d & 1));
+ assert(0 != (d & 1));
#endif
- return n;
+ return n;
}
/* Given a and prime p, computes c and k such that a*c == 2**k (mod p).
@@ -2026,337 +2071,343 @@ mp_size mp_trailing_zeros(const mp_int *mp)
** This technique from the paper "Fast Modular Reciprocals" (unpublished)
** by Richard Schroeppel (a.k.a. Captain Nemo).
*/
-mp_err s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c)
+mp_err
+s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c)
{
- mp_err res;
- mp_err k = 0;
- mp_int d, f, g;
-
- ARGCHK(a && p && c, MP_BADARG);
-
- MP_DIGITS(&d) = 0;
- MP_DIGITS(&f) = 0;
- MP_DIGITS(&g) = 0;
- MP_CHECKOK( mp_init(&d) );
- MP_CHECKOK( mp_init_copy(&f, a) ); /* f = a */
- MP_CHECKOK( mp_init_copy(&g, p) ); /* g = p */
-
- mp_set(c, 1);
- mp_zero(&d);
-
- if (mp_cmp_z(&f) == 0) {
- res = MP_UNDEF;
- } else
- for (;;) {
- int diff_sign;
- while (mp_iseven(&f)) {
- mp_size n = mp_trailing_zeros(&f);
- if (!n) {
- res = MP_UNDEF;
- goto CLEANUP;
- }
- s_mp_div_2d(&f, n);
- MP_CHECKOK( s_mp_mul_2d(&d, n) );
- k += n;
- }
- if (mp_cmp_d(&f, 1) == MP_EQ) { /* f == 1 */
- res = k;
- break;
- }
- diff_sign = mp_cmp(&f, &g);
- if (diff_sign < 0) { /* f < g */
- s_mp_exch(&f, &g);
- s_mp_exch(c, &d);
- } else if (diff_sign == 0) { /* f == g */
- res = MP_UNDEF; /* a and p are not relatively prime */
- break;
- }
- if ((MP_DIGIT(&f,0) % 4) == (MP_DIGIT(&g,0) % 4)) {
- MP_CHECKOK( mp_sub(&f, &g, &f) ); /* f = f - g */
- MP_CHECKOK( mp_sub(c, &d, c) ); /* c = c - d */
- } else {
- MP_CHECKOK( mp_add(&f, &g, &f) ); /* f = f + g */
- MP_CHECKOK( mp_add(c, &d, c) ); /* c = c + d */
+ mp_err res;
+ mp_err k = 0;
+ mp_int d, f, g;
+
+ ARGCHK(a && p && c, MP_BADARG);
+
+ MP_DIGITS(&d) = 0;
+ MP_DIGITS(&f) = 0;
+ MP_DIGITS(&g) = 0;
+ MP_CHECKOK(mp_init(&d));
+ MP_CHECKOK(mp_init_copy(&f, a)); /* f = a */
+ MP_CHECKOK(mp_init_copy(&g, p)); /* g = p */
+
+ mp_set(c, 1);
+ mp_zero(&d);
+
+ if (mp_cmp_z(&f) == 0) {
+ res = MP_UNDEF;
+ } else
+ for (;;) {
+ int diff_sign;
+ while (mp_iseven(&f)) {
+ mp_size n = mp_trailing_zeros(&f);
+ if (!n) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
+ s_mp_div_2d(&f, n);
+ MP_CHECKOK(s_mp_mul_2d(&d, n));
+ k += n;
+ }
+ if (mp_cmp_d(&f, 1) == MP_EQ) { /* f == 1 */
+ res = k;
+ break;
+ }
+ diff_sign = mp_cmp(&f, &g);
+ if (diff_sign < 0) { /* f < g */
+ s_mp_exch(&f, &g);
+ s_mp_exch(c, &d);
+ } else if (diff_sign == 0) { /* f == g */
+ res = MP_UNDEF; /* a and p are not relatively prime */
+ break;
+ }
+ if ((MP_DIGIT(&f, 0) % 4) == (MP_DIGIT(&g, 0) % 4)) {
+ MP_CHECKOK(mp_sub(&f, &g, &f)); /* f = f - g */
+ MP_CHECKOK(mp_sub(c, &d, c)); /* c = c - d */
+ } else {
+ MP_CHECKOK(mp_add(&f, &g, &f)); /* f = f + g */
+ MP_CHECKOK(mp_add(c, &d, c)); /* c = c + d */
+ }
+ }
+ if (res >= 0) {
+ while (MP_SIGN(c) != MP_ZPOS) {
+ MP_CHECKOK(mp_add(c, p, c));
+ }
+ res = k;
}
- }
- if (res >= 0) {
- while (MP_SIGN(c) != MP_ZPOS) {
- MP_CHECKOK( mp_add(c, p, c) );
- }
- res = k;
- }
CLEANUP:
- mp_clear(&d);
- mp_clear(&f);
- mp_clear(&g);
- return res;
+ mp_clear(&d);
+ mp_clear(&f);
+ mp_clear(&g);
+ return res;
}
/* Compute T = (P ** -1) mod MP_RADIX. Also works for 16-bit mp_digits.
** This technique from the paper "Fast Modular Reciprocals" (unpublished)
** by Richard Schroeppel (a.k.a. Captain Nemo).
*/
-mp_digit s_mp_invmod_radix(mp_digit P)
+mp_digit
+s_mp_invmod_radix(mp_digit P)
{
- mp_digit T = P;
- T *= 2 - (P * T);
- T *= 2 - (P * T);
- T *= 2 - (P * T);
- T *= 2 - (P * T);
+ mp_digit T = P;
+ T *= 2 - (P * T);
+ T *= 2 - (P * T);
+ T *= 2 - (P * T);
+ T *= 2 - (P * T);
#if !defined(MP_USE_UINT_DIGIT)
- T *= 2 - (P * T);
- T *= 2 - (P * T);
+ T *= 2 - (P * T);
+ T *= 2 - (P * T);
#endif
- return T;
+ return T;
}
-/* Given c, k, and prime p, where a*c == 2**k (mod p),
+/* Given c, k, and prime p, where a*c == 2**k (mod p),
** Compute x = (a ** -1) mod p. This is similar to Montgomery reduction.
** This technique from the paper "Fast Modular Reciprocals" (unpublished)
** by Richard Schroeppel (a.k.a. Captain Nemo).
*/
-mp_err s_mp_fixup_reciprocal(const mp_int *c, const mp_int *p, int k, mp_int *x)
+mp_err
+s_mp_fixup_reciprocal(const mp_int *c, const mp_int *p, int k, mp_int *x)
{
- int k_orig = k;
- mp_digit r;
- mp_size ix;
- mp_err res;
-
- if (mp_cmp_z(c) < 0) { /* c < 0 */
- MP_CHECKOK( mp_add(c, p, x) ); /* x = c + p */
- } else {
- MP_CHECKOK( mp_copy(c, x) ); /* x = c */
- }
-
- /* make sure x is large enough */
- ix = MP_HOWMANY(k, MP_DIGIT_BIT) + MP_USED(p) + 1;
- ix = MP_MAX(ix, MP_USED(x));
- MP_CHECKOK( s_mp_pad(x, ix) );
-
- r = 0 - s_mp_invmod_radix(MP_DIGIT(p,0));
-
- for (ix = 0; k > 0; ix++) {
- int j = MP_MIN(k, MP_DIGIT_BIT);
- mp_digit v = r * MP_DIGIT(x, ix);
- if (j < MP_DIGIT_BIT) {
- v &= ((mp_digit)1 << j) - 1; /* v = v mod (2 ** j) */
- }
- s_mp_mul_d_add_offset(p, v, x, ix); /* x += p * v * (RADIX ** ix) */
- k -= j;
- }
- s_mp_clamp(x);
- s_mp_div_2d(x, k_orig);
- res = MP_OKAY;
+ int k_orig = k;
+ mp_digit r;
+ mp_size ix;
+ mp_err res;
+
+ if (mp_cmp_z(c) < 0) { /* c < 0 */
+ MP_CHECKOK(mp_add(c, p, x)); /* x = c + p */
+ } else {
+ MP_CHECKOK(mp_copy(c, x)); /* x = c */
+ }
+
+ /* make sure x is large enough */
+ ix = MP_HOWMANY(k, MP_DIGIT_BIT) + MP_USED(p) + 1;
+ ix = MP_MAX(ix, MP_USED(x));
+ MP_CHECKOK(s_mp_pad(x, ix));
+
+ r = 0 - s_mp_invmod_radix(MP_DIGIT(p, 0));
+
+ for (ix = 0; k > 0; ix++) {
+ int j = MP_MIN(k, MP_DIGIT_BIT);
+ mp_digit v = r * MP_DIGIT(x, ix);
+ if (j < MP_DIGIT_BIT) {
+ v &= ((mp_digit)1 << j) - 1; /* v = v mod (2 ** j) */
+ }
+ s_mp_mul_d_add_offset(p, v, x, ix); /* x += p * v * (RADIX ** ix) */
+ k -= j;
+ }
+ s_mp_clamp(x);
+ s_mp_div_2d(x, k_orig);
+ res = MP_OKAY;
CLEANUP:
- return res;
+ return res;
}
/* compute mod inverse using Schroeppel's method, only if m is odd */
-mp_err s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c)
+mp_err
+s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c)
{
- int k;
- mp_err res;
- mp_int x;
+ int k;
+ mp_err res;
+ mp_int x;
- ARGCHK(a && m && c, MP_BADARG);
+ ARGCHK(a && m && c, MP_BADARG);
- if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
- return MP_RANGE;
- if (mp_iseven(m))
- return MP_UNDEF;
+ if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+ return MP_RANGE;
+ if (mp_iseven(m))
+ return MP_UNDEF;
- MP_DIGITS(&x) = 0;
-
- if (a == c) {
- if ((res = mp_init_copy(&x, a)) != MP_OKAY)
- return res;
- if (a == m)
- m = &x;
- a = &x;
- } else if (m == c) {
- if ((res = mp_init_copy(&x, m)) != MP_OKAY)
- return res;
- m = &x;
- } else {
MP_DIGITS(&x) = 0;
- }
- MP_CHECKOK( s_mp_almost_inverse(a, m, c) );
- k = res;
- MP_CHECKOK( s_mp_fixup_reciprocal(c, m, k, c) );
+ if (a == c) {
+ if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+ return res;
+ if (a == m)
+ m = &x;
+ a = &x;
+ } else if (m == c) {
+ if ((res = mp_init_copy(&x, m)) != MP_OKAY)
+ return res;
+ m = &x;
+ } else {
+ MP_DIGITS(&x) = 0;
+ }
+
+ MP_CHECKOK(s_mp_almost_inverse(a, m, c));
+ k = res;
+ MP_CHECKOK(s_mp_fixup_reciprocal(c, m, k, c));
CLEANUP:
- mp_clear(&x);
- return res;
+ mp_clear(&x);
+ return res;
}
/* Known good algorithm for computing modular inverse. But slow. */
-mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c)
+mp_err
+mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c)
{
- mp_int g, x;
- mp_err res;
+ mp_int g, x;
+ mp_err res;
- ARGCHK(a && m && c, MP_BADARG);
+ ARGCHK(a && m && c, MP_BADARG);
- if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
- return MP_RANGE;
+ if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+ return MP_RANGE;
- MP_DIGITS(&g) = 0;
- MP_DIGITS(&x) = 0;
- MP_CHECKOK( mp_init(&x) );
- MP_CHECKOK( mp_init(&g) );
+ MP_DIGITS(&g) = 0;
+ MP_DIGITS(&x) = 0;
+ MP_CHECKOK(mp_init(&x));
+ MP_CHECKOK(mp_init(&g));
- MP_CHECKOK( mp_xgcd(a, m, &g, &x, NULL) );
+ MP_CHECKOK(mp_xgcd(a, m, &g, &x, NULL));
- if (mp_cmp_d(&g, 1) != MP_EQ) {
- res = MP_UNDEF;
- goto CLEANUP;
- }
+ if (mp_cmp_d(&g, 1) != MP_EQ) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
- res = mp_mod(&x, m, c);
- SIGN(c) = SIGN(a);
+ res = mp_mod(&x, m, c);
+ SIGN(c) = SIGN(a);
CLEANUP:
- mp_clear(&x);
- mp_clear(&g);
+ mp_clear(&x);
+ mp_clear(&g);
- return res;
+ return res;
}
/* modular inverse where modulus is 2**k. */
/* c = a**-1 mod 2**k */
-mp_err s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c)
+mp_err
+s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c)
{
- mp_err res;
- mp_size ix = k + 4;
- mp_int t0, t1, val, tmp, two2k;
-
- static const mp_digit d2 = 2;
- static const mp_int two = { MP_ZPOS, 1, 1, (mp_digit *)&d2 };
-
- if (mp_iseven(a))
- return MP_UNDEF;
- if (k <= MP_DIGIT_BIT) {
- mp_digit i = s_mp_invmod_radix(MP_DIGIT(a,0));
- if (k < MP_DIGIT_BIT)
- i &= ((mp_digit)1 << k) - (mp_digit)1;
- mp_set(c, i);
- return MP_OKAY;
- }
- MP_DIGITS(&t0) = 0;
- MP_DIGITS(&t1) = 0;
- MP_DIGITS(&val) = 0;
- MP_DIGITS(&tmp) = 0;
- MP_DIGITS(&two2k) = 0;
- MP_CHECKOK( mp_init_copy(&val, a) );
- s_mp_mod_2d(&val, k);
- MP_CHECKOK( mp_init_copy(&t0, &val) );
- MP_CHECKOK( mp_init_copy(&t1, &t0) );
- MP_CHECKOK( mp_init(&tmp) );
- MP_CHECKOK( mp_init(&two2k) );
- MP_CHECKOK( s_mp_2expt(&two2k, k) );
- do {
- MP_CHECKOK( mp_mul(&val, &t1, &tmp) );
- MP_CHECKOK( mp_sub(&two, &tmp, &tmp) );
- MP_CHECKOK( mp_mul(&t1, &tmp, &t1) );
- s_mp_mod_2d(&t1, k);
- while (MP_SIGN(&t1) != MP_ZPOS) {
- MP_CHECKOK( mp_add(&t1, &two2k, &t1) );
- }
- if (mp_cmp(&t1, &t0) == MP_EQ)
- break;
- MP_CHECKOK( mp_copy(&t1, &t0) );
- } while (--ix > 0);
- if (!ix) {
- res = MP_UNDEF;
- } else {
- mp_exch(c, &t1);
- }
+ mp_err res;
+ mp_size ix = k + 4;
+ mp_int t0, t1, val, tmp, two2k;
+
+ static const mp_digit d2 = 2;
+ static const mp_int two = { MP_ZPOS, 1, 1, (mp_digit *)&d2 };
+
+ if (mp_iseven(a))
+ return MP_UNDEF;
+ if (k <= MP_DIGIT_BIT) {
+ mp_digit i = s_mp_invmod_radix(MP_DIGIT(a, 0));
+ if (k < MP_DIGIT_BIT)
+ i &= ((mp_digit)1 << k) - (mp_digit)1;
+ mp_set(c, i);
+ return MP_OKAY;
+ }
+ MP_DIGITS(&t0) = 0;
+ MP_DIGITS(&t1) = 0;
+ MP_DIGITS(&val) = 0;
+ MP_DIGITS(&tmp) = 0;
+ MP_DIGITS(&two2k) = 0;
+ MP_CHECKOK(mp_init_copy(&val, a));
+ s_mp_mod_2d(&val, k);
+ MP_CHECKOK(mp_init_copy(&t0, &val));
+ MP_CHECKOK(mp_init_copy(&t1, &t0));
+ MP_CHECKOK(mp_init(&tmp));
+ MP_CHECKOK(mp_init(&two2k));
+ MP_CHECKOK(s_mp_2expt(&two2k, k));
+ do {
+ MP_CHECKOK(mp_mul(&val, &t1, &tmp));
+ MP_CHECKOK(mp_sub(&two, &tmp, &tmp));
+ MP_CHECKOK(mp_mul(&t1, &tmp, &t1));
+ s_mp_mod_2d(&t1, k);
+ while (MP_SIGN(&t1) != MP_ZPOS) {
+ MP_CHECKOK(mp_add(&t1, &two2k, &t1));
+ }
+ if (mp_cmp(&t1, &t0) == MP_EQ)
+ break;
+ MP_CHECKOK(mp_copy(&t1, &t0));
+ } while (--ix > 0);
+ if (!ix) {
+ res = MP_UNDEF;
+ } else {
+ mp_exch(c, &t1);
+ }
CLEANUP:
- mp_clear(&t0);
- mp_clear(&t1);
- mp_clear(&val);
- mp_clear(&tmp);
- mp_clear(&two2k);
- return res;
+ mp_clear(&t0);
+ mp_clear(&t1);
+ mp_clear(&val);
+ mp_clear(&tmp);
+ mp_clear(&two2k);
+ return res;
}
-mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c)
+mp_err
+s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c)
{
- mp_err res;
- mp_size k;
- mp_int oddFactor, evenFactor; /* factors of the modulus */
- mp_int oddPart, evenPart; /* parts to combine via CRT. */
- mp_int C2, tmp1, tmp2;
-
- /*static const mp_digit d1 = 1; */
- /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */
-
- if ((res = s_mp_ispow2(m)) >= 0) {
- k = res;
- return s_mp_invmod_2d(a, k, c);
- }
- MP_DIGITS(&oddFactor) = 0;
- MP_DIGITS(&evenFactor) = 0;
- MP_DIGITS(&oddPart) = 0;
- MP_DIGITS(&evenPart) = 0;
- MP_DIGITS(&C2) = 0;
- MP_DIGITS(&tmp1) = 0;
- MP_DIGITS(&tmp2) = 0;
-
- MP_CHECKOK( mp_init_copy(&oddFactor, m) ); /* oddFactor = m */
- MP_CHECKOK( mp_init(&evenFactor) );
- MP_CHECKOK( mp_init(&oddPart) );
- MP_CHECKOK( mp_init(&evenPart) );
- MP_CHECKOK( mp_init(&C2) );
- MP_CHECKOK( mp_init(&tmp1) );
- MP_CHECKOK( mp_init(&tmp2) );
-
- k = mp_trailing_zeros(m);
- s_mp_div_2d(&oddFactor, k);
- MP_CHECKOK( s_mp_2expt(&evenFactor, k) );
-
- /* compute a**-1 mod oddFactor. */
- MP_CHECKOK( s_mp_invmod_odd_m(a, &oddFactor, &oddPart) );
- /* compute a**-1 mod evenFactor, where evenFactor == 2**k. */
- MP_CHECKOK( s_mp_invmod_2d( a, k, &evenPart) );
-
- /* Use Chinese Remainer theorem to compute a**-1 mod m. */
- /* let m1 = oddFactor, v1 = oddPart,
- * let m2 = evenFactor, v2 = evenPart.
- */
+ mp_err res;
+ mp_size k;
+ mp_int oddFactor, evenFactor; /* factors of the modulus */
+ mp_int oddPart, evenPart; /* parts to combine via CRT. */
+ mp_int C2, tmp1, tmp2;
+
+ /*static const mp_digit d1 = 1; */
+ /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */
+
+ if ((res = s_mp_ispow2(m)) >= 0) {
+ k = res;
+ return s_mp_invmod_2d(a, k, c);
+ }
+ MP_DIGITS(&oddFactor) = 0;
+ MP_DIGITS(&evenFactor) = 0;
+ MP_DIGITS(&oddPart) = 0;
+ MP_DIGITS(&evenPart) = 0;
+ MP_DIGITS(&C2) = 0;
+ MP_DIGITS(&tmp1) = 0;
+ MP_DIGITS(&tmp2) = 0;
+
+ MP_CHECKOK(mp_init_copy(&oddFactor, m)); /* oddFactor = m */
+ MP_CHECKOK(mp_init(&evenFactor));
+ MP_CHECKOK(mp_init(&oddPart));
+ MP_CHECKOK(mp_init(&evenPart));
+ MP_CHECKOK(mp_init(&C2));
+ MP_CHECKOK(mp_init(&tmp1));
+ MP_CHECKOK(mp_init(&tmp2));
+
+ k = mp_trailing_zeros(m);
+ s_mp_div_2d(&oddFactor, k);
+ MP_CHECKOK(s_mp_2expt(&evenFactor, k));
+
+ /* compute a**-1 mod oddFactor. */
+ MP_CHECKOK(s_mp_invmod_odd_m(a, &oddFactor, &oddPart));
+ /* compute a**-1 mod evenFactor, where evenFactor == 2**k. */
+ MP_CHECKOK(s_mp_invmod_2d(a, k, &evenPart));
+
+ /* Use Chinese Remainer theorem to compute a**-1 mod m. */
+ /* let m1 = oddFactor, v1 = oddPart,
+ * let m2 = evenFactor, v2 = evenPart.
+ */
- /* Compute C2 = m1**-1 mod m2. */
- MP_CHECKOK( s_mp_invmod_2d(&oddFactor, k, &C2) );
+ /* Compute C2 = m1**-1 mod m2. */
+ MP_CHECKOK(s_mp_invmod_2d(&oddFactor, k, &C2));
- /* compute u = (v2 - v1)*C2 mod m2 */
- MP_CHECKOK( mp_sub(&evenPart, &oddPart, &tmp1) );
- MP_CHECKOK( mp_mul(&tmp1, &C2, &tmp2) );
- s_mp_mod_2d(&tmp2, k);
- while (MP_SIGN(&tmp2) != MP_ZPOS) {
- MP_CHECKOK( mp_add(&tmp2, &evenFactor, &tmp2) );
- }
+ /* compute u = (v2 - v1)*C2 mod m2 */
+ MP_CHECKOK(mp_sub(&evenPart, &oddPart, &tmp1));
+ MP_CHECKOK(mp_mul(&tmp1, &C2, &tmp2));
+ s_mp_mod_2d(&tmp2, k);
+ while (MP_SIGN(&tmp2) != MP_ZPOS) {
+ MP_CHECKOK(mp_add(&tmp2, &evenFactor, &tmp2));
+ }
- /* compute answer = v1 + u*m1 */
- MP_CHECKOK( mp_mul(&tmp2, &oddFactor, c) );
- MP_CHECKOK( mp_add(&oddPart, c, c) );
- /* not sure this is necessary, but it's low cost if not. */
- MP_CHECKOK( mp_mod(c, m, c) );
+ /* compute answer = v1 + u*m1 */
+ MP_CHECKOK(mp_mul(&tmp2, &oddFactor, c));
+ MP_CHECKOK(mp_add(&oddPart, c, c));
+ /* not sure this is necessary, but it's low cost if not. */
+ MP_CHECKOK(mp_mod(c, m, c));
CLEANUP:
- mp_clear(&oddFactor);
- mp_clear(&evenFactor);
- mp_clear(&oddPart);
- mp_clear(&evenPart);
- mp_clear(&C2);
- mp_clear(&tmp1);
- mp_clear(&tmp2);
- return res;
+ mp_clear(&oddFactor);
+ mp_clear(&evenFactor);
+ mp_clear(&oddPart);
+ mp_clear(&evenPart);
+ mp_clear(&C2);
+ mp_clear(&tmp1);
+ mp_clear(&tmp2);
+ return res;
}
-
/* {{{ mp_invmod(a, m, c) */
/*
@@ -2367,21 +2418,22 @@ CLEANUP:
MP_UNDEF is returned, and there is no inverse.
*/
-mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c)
+mp_err
+mp_invmod(const mp_int *a, const mp_int *m, mp_int *c)
{
- ARGCHK(a && m && c, MP_BADARG);
+ ARGCHK(a && m && c, MP_BADARG);
- if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
- return MP_RANGE;
+ if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+ return MP_RANGE;
- if (mp_isodd(m)) {
- return s_mp_invmod_odd_m(a, m, c);
- }
- if (mp_iseven(a))
- return MP_UNDEF; /* not invertable */
+ if (mp_isodd(m)) {
+ return s_mp_invmod_odd_m(a, m, c);
+ }
+ if (mp_iseven(a))
+ return MP_UNDEF; /* not invertable */
- return s_mp_invmod_even_m(a, m, c);
+ return s_mp_invmod_even_m(a, m, c);
} /* end mp_invmod() */
@@ -2401,18 +2453,19 @@ mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c)
stream 'ofp'. Output is generated using the internal radix.
*/
-void mp_print(mp_int *mp, FILE *ofp)
+void
+mp_print(mp_int *mp, FILE *ofp)
{
- int ix;
+ int ix;
- if(mp == NULL || ofp == NULL)
- return;
+ if (mp == NULL || ofp == NULL)
+ return;
- fputc((SIGN(mp) == NEG) ? '-' : '+', ofp);
+ fputc((SIGN(mp) == NEG) ? '-' : '+', ofp);
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix));
- }
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix));
+ }
} /* end mp_print() */
@@ -2425,37 +2478,38 @@ void mp_print(mp_int *mp, FILE *ofp)
/* {{{ mp_read_raw(mp, str, len) */
-/*
+/*
mp_read_raw(mp, str, len)
Read in a raw value (base 256) into the given mp_int
*/
-mp_err mp_read_raw(mp_int *mp, char *str, int len)
+mp_err
+mp_read_raw(mp_int *mp, char *str, int len)
{
- int ix;
- mp_err res;
- unsigned char *ustr = (unsigned char *)str;
-
- ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
+ int ix;
+ mp_err res;
+ unsigned char *ustr = (unsigned char *)str;
- mp_zero(mp);
+ ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
- /* Get sign from first byte */
- if(ustr[0])
- SIGN(mp) = NEG;
- else
- SIGN(mp) = ZPOS;
+ mp_zero(mp);
- /* Read the rest of the digits */
- for(ix = 1; ix < len; ix++) {
- if((res = mp_mul_d(mp, 256, mp)) != MP_OKAY)
- return res;
- if((res = mp_add_d(mp, ustr[ix], mp)) != MP_OKAY)
- return res;
- }
+ /* Get sign from first byte */
+ if (ustr[0])
+ SIGN(mp) = NEG;
+ else
+ SIGN(mp) = ZPOS;
+
+ /* Read the rest of the digits */
+ for (ix = 1; ix < len; ix++) {
+ if ((res = mp_mul_d(mp, 256, mp)) != MP_OKAY)
+ return res;
+ if ((res = mp_add_d(mp, ustr[ix], mp)) != MP_OKAY)
+ return res;
+ }
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_read_raw() */
@@ -2463,11 +2517,12 @@ mp_err mp_read_raw(mp_int *mp, char *str, int len)
/* {{{ mp_raw_size(mp) */
-int mp_raw_size(mp_int *mp)
+int
+mp_raw_size(mp_int *mp)
{
- ARGCHK(mp != NULL, 0);
+ ARGCHK(mp != NULL, 0);
- return (USED(mp) * sizeof(mp_digit)) + 1;
+ return (USED(mp) * sizeof(mp_digit)) + 1;
} /* end mp_raw_size() */
@@ -2475,25 +2530,26 @@ int mp_raw_size(mp_int *mp)
/* {{{ mp_toraw(mp, str) */
-mp_err mp_toraw(mp_int *mp, char *str)
+mp_err
+mp_toraw(mp_int *mp, char *str)
{
- int ix, jx, pos = 1;
+ int ix, jx, pos = 1;
- ARGCHK(mp != NULL && str != NULL, MP_BADARG);
+ ARGCHK(mp != NULL && str != NULL, MP_BADARG);
- str[0] = (char)SIGN(mp);
+ str[0] = (char)SIGN(mp);
- /* Iterate over each digit... */
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- mp_digit d = DIGIT(mp, ix);
+ /* Iterate over each digit... */
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ mp_digit d = DIGIT(mp, ix);
- /* Unpack digit bytes, high order first */
- for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
- str[pos++] = (char)(d >> (jx * CHAR_BIT));
+ /* Unpack digit bytes, high order first */
+ for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+ str[pos++] = (char)(d >> (jx * CHAR_BIT));
+ }
}
- }
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_toraw() */
@@ -2510,103 +2566,106 @@ mp_err mp_toraw(mp_int *mp, char *str)
character or the end of the string.
*/
-mp_err mp_read_radix(mp_int *mp, const char *str, int radix)
+mp_err
+mp_read_radix(mp_int *mp, const char *str, int radix)
{
- int ix = 0, val = 0;
- mp_err res;
- mp_sign sig = ZPOS;
-
- ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX,
- MP_BADARG);
-
- mp_zero(mp);
-
- /* Skip leading non-digit characters until a digit or '-' or '+' */
- while(str[ix] &&
- (s_mp_tovalue(str[ix], radix) < 0) &&
- str[ix] != '-' &&
- str[ix] != '+') {
- ++ix;
- }
-
- if(str[ix] == '-') {
- sig = NEG;
- ++ix;
- } else if(str[ix] == '+') {
- sig = ZPOS; /* this is the default anyway... */
- ++ix;
- }
-
- while((val = s_mp_tovalue(str[ix], radix)) >= 0) {
- if((res = s_mp_mul_d(mp, radix)) != MP_OKAY)
- return res;
- if((res = s_mp_add_d(mp, val)) != MP_OKAY)
- return res;
- ++ix;
- }
-
- if(s_mp_cmp_d(mp, 0) == MP_EQ)
- SIGN(mp) = ZPOS;
- else
- SIGN(mp) = sig;
+ int ix = 0, val = 0;
+ mp_err res;
+ mp_sign sig = ZPOS;
+
+ ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX,
+ MP_BADARG);
+
+ mp_zero(mp);
+
+ /* Skip leading non-digit characters until a digit or '-' or '+' */
+ while (str[ix] &&
+ (s_mp_tovalue(str[ix], radix) < 0) &&
+ str[ix] != '-' &&
+ str[ix] != '+') {
+ ++ix;
+ }
+
+ if (str[ix] == '-') {
+ sig = NEG;
+ ++ix;
+ } else if (str[ix] == '+') {
+ sig = ZPOS; /* this is the default anyway... */
+ ++ix;
+ }
- return MP_OKAY;
+ while ((val = s_mp_tovalue(str[ix], radix)) >= 0) {
+ if ((res = s_mp_mul_d(mp, radix)) != MP_OKAY)
+ return res;
+ if ((res = s_mp_add_d(mp, val)) != MP_OKAY)
+ return res;
+ ++ix;
+ }
+
+ if (s_mp_cmp_d(mp, 0) == MP_EQ)
+ SIGN(mp) = ZPOS;
+ else
+ SIGN(mp) = sig;
+
+ return MP_OKAY;
} /* end mp_read_radix() */
-mp_err mp_read_variable_radix(mp_int *a, const char * str, int default_radix)
+mp_err
+mp_read_variable_radix(mp_int *a, const char *str, int default_radix)
{
- int radix = default_radix;
- int cx;
- mp_sign sig = ZPOS;
- mp_err res;
-
- /* Skip leading non-digit characters until a digit or '-' or '+' */
- while ((cx = *str) != 0 &&
- (s_mp_tovalue(cx, radix) < 0) &&
- cx != '-' &&
- cx != '+') {
- ++str;
- }
-
- if (cx == '-') {
- sig = NEG;
- ++str;
- } else if (cx == '+') {
- sig = ZPOS; /* this is the default anyway... */
- ++str;
- }
-
- if (str[0] == '0') {
- if ((str[1] | 0x20) == 'x') {
- radix = 16;
- str += 2;
- } else {
- radix = 8;
- str++;
- }
- }
- res = mp_read_radix(a, str, radix);
- if (res == MP_OKAY) {
- MP_SIGN(a) = (s_mp_cmp_d(a, 0) == MP_EQ) ? ZPOS : sig;
- }
- return res;
+ int radix = default_radix;
+ int cx;
+ mp_sign sig = ZPOS;
+ mp_err res;
+
+ /* Skip leading non-digit characters until a digit or '-' or '+' */
+ while ((cx = *str) != 0 &&
+ (s_mp_tovalue(cx, radix) < 0) &&
+ cx != '-' &&
+ cx != '+') {
+ ++str;
+ }
+
+ if (cx == '-') {
+ sig = NEG;
+ ++str;
+ } else if (cx == '+') {
+ sig = ZPOS; /* this is the default anyway... */
+ ++str;
+ }
+
+ if (str[0] == '0') {
+ if ((str[1] | 0x20) == 'x') {
+ radix = 16;
+ str += 2;
+ } else {
+ radix = 8;
+ str++;
+ }
+ }
+ res = mp_read_radix(a, str, radix);
+ if (res == MP_OKAY) {
+ MP_SIGN(a) = (s_mp_cmp_d(a, 0) == MP_EQ) ? ZPOS : sig;
+ }
+ return res;
}
/* }}} */
/* {{{ mp_radix_size(mp, radix) */
-int mp_radix_size(mp_int *mp, int radix)
+int
+mp_radix_size(mp_int *mp, int radix)
{
- int bits;
+ int bits;
- if(!mp || radix < 2 || radix > MAX_RADIX)
- return 0;
+ if (!mp || radix < 2 || radix > MAX_RADIX)
+ return 0;
- bits = USED(mp) * DIGIT_BIT - 1;
-
- return s_mp_outlen(bits, radix);
+ bits = USED(mp) * DIGIT_BIT - 1;
+
+ return s_mp_outlen(bits, radix);
} /* end mp_radix_size() */
@@ -2614,64 +2673,66 @@ int mp_radix_size(mp_int *mp, int radix)
/* {{{ mp_toradix(mp, str, radix) */
-mp_err mp_toradix(mp_int *mp, char *str, int radix)
+mp_err
+mp_toradix(mp_int *mp, char *str, int radix)
{
- int ix, pos = 0;
-
- ARGCHK(mp != NULL && str != NULL, MP_BADARG);
- ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE);
-
- if(mp_cmp_z(mp) == MP_EQ) {
- str[0] = '0';
- str[1] = '\0';
- } else {
- mp_err res;
- mp_int tmp;
- mp_sign sgn;
- mp_digit rem, rdx = (mp_digit)radix;
- char ch;
-
- if((res = mp_init_copy(&tmp, mp)) != MP_OKAY)
- return res;
+ int ix, pos = 0;
- /* Save sign for later, and take absolute value */
- sgn = SIGN(&tmp); SIGN(&tmp) = ZPOS;
+ ARGCHK(mp != NULL && str != NULL, MP_BADARG);
+ ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE);
- /* Generate output digits in reverse order */
- while(mp_cmp_z(&tmp) != 0) {
- if((res = mp_div_d(&tmp, rdx, &tmp, &rem)) != MP_OKAY) {
- mp_clear(&tmp);
- return res;
- }
-
- /* Generate digits, use capital letters */
- ch = s_mp_todigit(rem, radix, 0);
-
- str[pos++] = ch;
- }
-
- /* Add - sign if original value was negative */
- if(sgn == NEG)
- str[pos++] = '-';
-
- /* Add trailing NUL to end the string */
- str[pos--] = '\0';
-
- /* Reverse the digits and sign indicator */
- ix = 0;
- while(ix < pos) {
- char tmp = str[ix];
-
- str[ix] = str[pos];
- str[pos] = tmp;
- ++ix;
- --pos;
+ if (mp_cmp_z(mp) == MP_EQ) {
+ str[0] = '0';
+ str[1] = '\0';
+ } else {
+ mp_err res;
+ mp_int tmp;
+ mp_sign sgn;
+ mp_digit rem, rdx = (mp_digit)radix;
+ char ch;
+
+ if ((res = mp_init_copy(&tmp, mp)) != MP_OKAY)
+ return res;
+
+ /* Save sign for later, and take absolute value */
+ sgn = SIGN(&tmp);
+ SIGN(&tmp) = ZPOS;
+
+ /* Generate output digits in reverse order */
+ while (mp_cmp_z(&tmp) != 0) {
+ if ((res = mp_div_d(&tmp, rdx, &tmp, &rem)) != MP_OKAY) {
+ mp_clear(&tmp);
+ return res;
+ }
+
+ /* Generate digits, use capital letters */
+ ch = s_mp_todigit(rem, radix, 0);
+
+ str[pos++] = ch;
+ }
+
+ /* Add - sign if original value was negative */
+ if (sgn == NEG)
+ str[pos++] = '-';
+
+ /* Add trailing NUL to end the string */
+ str[pos--] = '\0';
+
+ /* Reverse the digits and sign indicator */
+ ix = 0;
+ while (ix < pos) {
+ char tmp = str[ix];
+
+ str[ix] = str[pos];
+ str[pos] = tmp;
+ ++ix;
+ --pos;
+ }
+
+ mp_clear(&tmp);
}
-
- mp_clear(&tmp);
- }
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_toradix() */
@@ -2679,9 +2740,10 @@ mp_err mp_toradix(mp_int *mp, char *str, int radix)
/* {{{ mp_tovalue(ch, r) */
-int mp_tovalue(char ch, int r)
+int
+mp_tovalue(char ch, int r)
{
- return s_mp_tovalue(ch, r);
+ return s_mp_tovalue(ch, r);
} /* end mp_tovalue() */
@@ -2699,17 +2761,18 @@ int mp_tovalue(char ch, int r)
not attempt to modify or free the memory associated with this
string.
*/
-const char *mp_strerror(mp_err ec)
+const char *
+mp_strerror(mp_err ec)
{
- int aec = (ec < 0) ? -ec : ec;
+ int aec = (ec < 0) ? -ec : ec;
- /* Code values are negative, so the senses of these comparisons
+ /* Code values are negative, so the senses of these comparisons
are accurate */
- if(ec < MP_LAST_CODE || ec > MP_OKAY) {
- return mp_err_string[0]; /* unknown error code */
- } else {
- return mp_err_string[aec + 1];
- }
+ if (ec < MP_LAST_CODE || ec > MP_OKAY) {
+ return mp_err_string[0]; /* unknown error code */
+ } else {
+ return mp_err_string[aec + 1];
+ }
} /* end mp_strerror() */
@@ -2724,26 +2787,27 @@ const char *mp_strerror(mp_err ec)
/* {{{ s_mp_grow(mp, min) */
/* Make sure there are at least 'min' digits allocated to mp */
-mp_err s_mp_grow(mp_int *mp, mp_size min)
+mp_err
+s_mp_grow(mp_int *mp, mp_size min)
{
- if(min > ALLOC(mp)) {
- mp_digit *tmp;
+ if (min > ALLOC(mp)) {
+ mp_digit *tmp;
- /* Set min to next nearest default precision block size */
- min = MP_ROUNDUP(min, s_mp_defprec);
+ /* Set min to next nearest default precision block size */
+ min = MP_ROUNDUP(min, s_mp_defprec);
- if((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL)
- return MP_MEM;
+ if ((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL)
+ return MP_MEM;
- s_mp_copy(DIGITS(mp), tmp, USED(mp));
+ s_mp_copy(DIGITS(mp), tmp, USED(mp));
- s_mp_setz(DIGITS(mp), ALLOC(mp));
- s_mp_free(DIGITS(mp));
- DIGITS(mp) = tmp;
- ALLOC(mp) = min;
- }
+ s_mp_setz(DIGITS(mp), ALLOC(mp));
+ s_mp_free(DIGITS(mp));
+ DIGITS(mp) = tmp;
+ ALLOC(mp) = min;
+ }
- return MP_OKAY;
+ return MP_OKAY;
} /* end s_mp_grow() */
@@ -2752,24 +2816,25 @@ mp_err s_mp_grow(mp_int *mp, mp_size min)
/* {{{ s_mp_pad(mp, min) */
/* Make sure the used size of mp is at least 'min', growing if needed */
-mp_err s_mp_pad(mp_int *mp, mp_size min)
+mp_err
+s_mp_pad(mp_int *mp, mp_size min)
{
- if(min > USED(mp)) {
- mp_err res;
-
- /* Make sure there is room to increase precision */
- if (min > ALLOC(mp)) {
- if ((res = s_mp_grow(mp, min)) != MP_OKAY)
- return res;
- } else {
- s_mp_setz(DIGITS(mp) + USED(mp), min - USED(mp));
+ if (min > USED(mp)) {
+ mp_err res;
+
+ /* Make sure there is room to increase precision */
+ if (min > ALLOC(mp)) {
+ if ((res = s_mp_grow(mp, min)) != MP_OKAY)
+ return res;
+ } else {
+ s_mp_setz(DIGITS(mp) + USED(mp), min - USED(mp));
+ }
+
+ /* Increase precision; should already be 0-filled */
+ USED(mp) = min;
}
- /* Increase precision; should already be 0-filled */
- USED(mp) = min;
- }
-
- return MP_OKAY;
+ return MP_OKAY;
} /* end s_mp_pad() */
@@ -2778,15 +2843,16 @@ mp_err s_mp_pad(mp_int *mp, mp_size min)
/* {{{ s_mp_setz(dp, count) */
/* Set 'count' digits pointed to by dp to be zeroes */
-inline void s_mp_setz(mp_digit *dp, mp_size count)
+inline void
+s_mp_setz(mp_digit *dp, mp_size count)
{
#if MP_MEMSET == 0
- int ix;
+ int ix;
- for(ix = 0; ix < count; ix++)
- dp[ix] = 0;
+ for (ix = 0; ix < count; ix++)
+ dp[ix] = 0;
#else
- memset(dp, 0, count * sizeof(mp_digit));
+ memset(dp, 0, count * sizeof(mp_digit));
#endif
} /* end s_mp_setz() */
@@ -2796,15 +2862,16 @@ inline void s_mp_setz(mp_digit *dp, mp_size count)
/* {{{ s_mp_copy(sp, dp, count) */
/* Copy 'count' digits from sp to dp */
-inline void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
+inline void
+s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
{
#if MP_MEMCPY == 0
- int ix;
+ int ix;
- for(ix = 0; ix < count; ix++)
- dp[ix] = sp[ix];
+ for (ix = 0; ix < count; ix++)
+ dp[ix] = sp[ix];
#else
- memcpy(dp, sp, count * sizeof(mp_digit));
+ memcpy(dp, sp, count * sizeof(mp_digit));
#endif
} /* end s_mp_copy() */
@@ -2813,9 +2880,10 @@ inline void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
/* {{{ s_mp_alloc(nb, ni) */
/* Allocate ni records of nb bytes each, and return a pointer to that */
-inline void *s_mp_alloc(size_t nb, size_t ni)
+inline void *
+s_mp_alloc(size_t nb, size_t ni)
{
- return calloc(nb, ni);
+ return calloc(nb, ni);
} /* end s_mp_alloc() */
@@ -2824,11 +2892,12 @@ inline void *s_mp_alloc(size_t nb, size_t ni)
/* {{{ s_mp_free(ptr) */
/* Free the memory pointed to by ptr */
-inline void s_mp_free(void *ptr)
+inline void
+s_mp_free(void *ptr)
{
- if(ptr) {
- free(ptr);
- }
+ if (ptr) {
+ free(ptr);
+ }
} /* end s_mp_free() */
/* }}} */
@@ -2836,12 +2905,13 @@ inline void s_mp_free(void *ptr)
/* {{{ s_mp_clamp(mp) */
/* Remove leading zeroes from the given value */
-inline void s_mp_clamp(mp_int *mp)
+inline void
+s_mp_clamp(mp_int *mp)
{
- mp_size used = MP_USED(mp);
- while (used > 1 && DIGIT(mp, used - 1) == 0)
- --used;
- MP_USED(mp) = used;
+ mp_size used = MP_USED(mp);
+ while (used > 1 && DIGIT(mp, used - 1) == 0)
+ --used;
+ MP_USED(mp) = used;
} /* end s_mp_clamp() */
/* }}} */
@@ -2849,13 +2919,14 @@ inline void s_mp_clamp(mp_int *mp)
/* {{{ s_mp_exch(a, b) */
/* Exchange the data for a and b; (b, a) = (a, b) */
-void s_mp_exch(mp_int *a, mp_int *b)
+void
+s_mp_exch(mp_int *a, mp_int *b)
{
- mp_int tmp;
+ mp_int tmp;
- tmp = *a;
- *a = *b;
- *b = tmp;
+ tmp = *a;
+ *a = *b;
+ *b = tmp;
} /* end s_mp_exch() */
@@ -2867,36 +2938,37 @@ void s_mp_exch(mp_int *a, mp_int *b)
/* {{{ s_mp_lshd(mp, p) */
-/*
+/*
Shift mp leftward by p digits, growing if needed, and zero-filling
the in-shifted digits at the right end. This is a convenient
alternative to multiplication by powers of the radix
- */
+ */
-mp_err s_mp_lshd(mp_int *mp, mp_size p)
+mp_err
+s_mp_lshd(mp_int *mp, mp_size p)
{
- mp_err res;
- unsigned int ix;
+ mp_err res;
+ unsigned int ix;
- if(p == 0)
- return MP_OKAY;
+ if (p == 0)
+ return MP_OKAY;
- if (MP_USED(mp) == 1 && MP_DIGIT(mp, 0) == 0)
- return MP_OKAY;
+ if (MP_USED(mp) == 1 && MP_DIGIT(mp, 0) == 0)
+ return MP_OKAY;
- if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY)
- return res;
+ if ((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY)
+ return res;
- /* Shift all the significant figures over as needed */
- for (ix = USED(mp) - p; ix-- > 0;) {
- DIGIT(mp, ix + p) = DIGIT(mp, ix);
- }
+ /* Shift all the significant figures over as needed */
+ for (ix = USED(mp) - p; ix-- > 0;) {
+ DIGIT(mp, ix + p) = DIGIT(mp, ix);
+ }
- /* Fill the bottom digits with zeroes */
- for(ix = 0; (mp_size)ix < p; ix++)
- DIGIT(mp, ix) = 0;
+ /* Fill the bottom digits with zeroes */
+ for (ix = 0; (mp_size)ix < p; ix++)
+ DIGIT(mp, ix) = 0;
- return MP_OKAY;
+ return MP_OKAY;
} /* end s_mp_lshd() */
@@ -2908,80 +2980,82 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p)
Multiply the integer by 2^d, where d is a number of bits. This
amounts to a bitwise shift of the value.
*/
-mp_err s_mp_mul_2d(mp_int *mp, mp_digit d)
+mp_err
+s_mp_mul_2d(mp_int *mp, mp_digit d)
{
- mp_err res;
- mp_digit dshift, bshift;
- mp_digit mask;
-
- ARGCHK(mp != NULL, MP_BADARG);
-
- dshift = d / MP_DIGIT_BIT;
- bshift = d % MP_DIGIT_BIT;
- /* bits to be shifted out of the top word */
- if (bshift) {
- mask = (mp_digit)~0 << (MP_DIGIT_BIT - bshift);
- mask &= MP_DIGIT(mp, MP_USED(mp) - 1);
- } else {
- mask = 0;
- }
-
- if (MP_OKAY != (res = s_mp_pad(mp, MP_USED(mp) + dshift + (mask != 0) )))
- return res;
+ mp_err res;
+ mp_digit dshift, bshift;
+ mp_digit mask;
+
+ ARGCHK(mp != NULL, MP_BADARG);
+
+ dshift = d / MP_DIGIT_BIT;
+ bshift = d % MP_DIGIT_BIT;
+ /* bits to be shifted out of the top word */
+ if (bshift) {
+ mask = (mp_digit)~0 << (MP_DIGIT_BIT - bshift);
+ mask &= MP_DIGIT(mp, MP_USED(mp) - 1);
+ } else {
+ mask = 0;
+ }
- if (dshift && MP_OKAY != (res = s_mp_lshd(mp, dshift)))
- return res;
+ if (MP_OKAY != (res = s_mp_pad(mp, MP_USED(mp) + dshift + (mask != 0))))
+ return res;
- if (bshift) {
- mp_digit *pa = MP_DIGITS(mp);
- mp_digit *alim = pa + MP_USED(mp);
- mp_digit prev = 0;
+ if (dshift && MP_OKAY != (res = s_mp_lshd(mp, dshift)))
+ return res;
+
+ if (bshift) {
+ mp_digit *pa = MP_DIGITS(mp);
+ mp_digit *alim = pa + MP_USED(mp);
+ mp_digit prev = 0;
- for (pa += dshift; pa < alim; ) {
- mp_digit x = *pa;
- *pa++ = (x << bshift) | prev;
- prev = x >> (DIGIT_BIT - bshift);
+ for (pa += dshift; pa < alim;) {
+ mp_digit x = *pa;
+ *pa++ = (x << bshift) | prev;
+ prev = x >> (DIGIT_BIT - bshift);
+ }
}
- }
- s_mp_clamp(mp);
- return MP_OKAY;
+ s_mp_clamp(mp);
+ return MP_OKAY;
} /* end s_mp_mul_2d() */
/* {{{ s_mp_rshd(mp, p) */
-/*
+/*
Shift mp rightward by p digits. Maintains the invariant that
digits above the precision are all zero. Digits shifted off the
end are lost. Cannot fail.
*/
-void s_mp_rshd(mp_int *mp, mp_size p)
+void
+s_mp_rshd(mp_int *mp, mp_size p)
{
- mp_size ix;
- mp_digit *src, *dst;
-
- if(p == 0)
- return;
-
- /* Shortcut when all digits are to be shifted off */
- if(p >= USED(mp)) {
- s_mp_setz(DIGITS(mp), ALLOC(mp));
- USED(mp) = 1;
- SIGN(mp) = ZPOS;
- return;
- }
+ mp_size ix;
+ mp_digit *src, *dst;
+
+ if (p == 0)
+ return;
+
+ /* Shortcut when all digits are to be shifted off */
+ if (p >= USED(mp)) {
+ s_mp_setz(DIGITS(mp), ALLOC(mp));
+ USED(mp) = 1;
+ SIGN(mp) = ZPOS;
+ return;
+ }
- /* Shift all the significant figures over as needed */
- dst = MP_DIGITS(mp);
- src = dst + p;
- for (ix = USED(mp) - p; ix > 0; ix--)
- *dst++ = *src++;
+ /* Shift all the significant figures over as needed */
+ dst = MP_DIGITS(mp);
+ src = dst + p;
+ for (ix = USED(mp) - p; ix > 0; ix--)
+ *dst++ = *src++;
- MP_USED(mp) -= p;
- /* Fill the top digits with zeroes */
- while (p-- > 0)
- *dst++ = 0;
+ MP_USED(mp) -= p;
+ /* Fill the top digits with zeroes */
+ while (p-- > 0)
+ *dst++ = 0;
} /* end s_mp_rshd() */
@@ -2990,9 +3064,10 @@ void s_mp_rshd(mp_int *mp, mp_size p)
/* {{{ s_mp_div_2(mp) */
/* Divide by two -- take advantage of radix properties to do it fast */
-void s_mp_div_2(mp_int *mp)
+void
+s_mp_div_2(mp_int *mp)
{
- s_mp_div_2d(mp, 1);
+ s_mp_div_2d(mp, 1);
} /* end s_mp_div_2() */
@@ -3000,34 +3075,35 @@ void s_mp_div_2(mp_int *mp)
/* {{{ s_mp_mul_2(mp) */
-mp_err s_mp_mul_2(mp_int *mp)
+mp_err
+s_mp_mul_2(mp_int *mp)
{
- mp_digit *pd;
- unsigned int ix, used;
- mp_digit kin = 0;
-
- /* Shift digits leftward by 1 bit */
- used = MP_USED(mp);
- pd = MP_DIGITS(mp);
- for (ix = 0; ix < used; ix++) {
- mp_digit d = *pd;
- *pd++ = (d << 1) | kin;
- kin = (d >> (DIGIT_BIT - 1));
- }
+ mp_digit *pd;
+ unsigned int ix, used;
+ mp_digit kin = 0;
- /* Deal with rollover from last digit */
- if (kin) {
- if (ix >= ALLOC(mp)) {
- mp_err res;
- if((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY)
- return res;
+ /* Shift digits leftward by 1 bit */
+ used = MP_USED(mp);
+ pd = MP_DIGITS(mp);
+ for (ix = 0; ix < used; ix++) {
+ mp_digit d = *pd;
+ *pd++ = (d << 1) | kin;
+ kin = (d >> (DIGIT_BIT - 1));
}
- DIGIT(mp, ix) = kin;
- USED(mp) += 1;
- }
+ /* Deal with rollover from last digit */
+ if (kin) {
+ if (ix >= ALLOC(mp)) {
+ mp_err res;
+ if ((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY)
+ return res;
+ }
- return MP_OKAY;
+ DIGIT(mp, ix) = kin;
+ USED(mp) += 1;
+ }
+
+ return MP_OKAY;
} /* end s_mp_mul_2() */
@@ -3040,24 +3116,25 @@ mp_err s_mp_mul_2(mp_int *mp)
amounts to a bitwise AND of the value, and does not require the full
division code
*/
-void s_mp_mod_2d(mp_int *mp, mp_digit d)
+void
+s_mp_mod_2d(mp_int *mp, mp_digit d)
{
- mp_size ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT);
- mp_size ix;
- mp_digit dmask;
+ mp_size ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT);
+ mp_size ix;
+ mp_digit dmask;
- if(ndig >= USED(mp))
- return;
+ if (ndig >= USED(mp))
+ return;
- /* Flush all the bits above 2^d in its digit */
- dmask = ((mp_digit)1 << nbit) - 1;
- DIGIT(mp, ndig) &= dmask;
+ /* Flush all the bits above 2^d in its digit */
+ dmask = ((mp_digit)1 << nbit) - 1;
+ DIGIT(mp, ndig) &= dmask;
- /* Flush all digits above the one with 2^d in it */
- for(ix = ndig + 1; ix < USED(mp); ix++)
- DIGIT(mp, ix) = 0;
+ /* Flush all digits above the one with 2^d in it */
+ for (ix = ndig + 1; ix < USED(mp); ix++)
+ DIGIT(mp, ix) = 0;
- s_mp_clamp(mp);
+ s_mp_clamp(mp);
} /* end s_mp_mod_2d() */
@@ -3070,23 +3147,24 @@ void s_mp_mod_2d(mp_int *mp, mp_digit d)
amounts to a bitwise shift of the value, and does not require the
full division code (used in Barrett reduction, see below)
*/
-void s_mp_div_2d(mp_int *mp, mp_digit d)
+void
+s_mp_div_2d(mp_int *mp, mp_digit d)
{
- int ix;
- mp_digit save, next, mask;
-
- s_mp_rshd(mp, d / DIGIT_BIT);
- d %= DIGIT_BIT;
- if (d) {
- mask = ((mp_digit)1 << d) - 1;
- save = 0;
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- next = DIGIT(mp, ix) & mask;
- DIGIT(mp, ix) = (DIGIT(mp, ix) >> d) | (save << (DIGIT_BIT - d));
- save = next;
- }
- }
- s_mp_clamp(mp);
+ int ix;
+ mp_digit save, next, mask;
+
+ s_mp_rshd(mp, d / DIGIT_BIT);
+ d %= DIGIT_BIT;
+ if (d) {
+ mask = ((mp_digit)1 << d) - 1;
+ save = 0;
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ next = DIGIT(mp, ix) & mask;
+ DIGIT(mp, ix) = (DIGIT(mp, ix) >> d) | (save << (DIGIT_BIT - d));
+ save = next;
+ }
+ }
+ s_mp_clamp(mp);
} /* end s_mp_div_2d() */
@@ -3100,34 +3178,35 @@ void s_mp_div_2d(mp_int *mp, mp_digit d)
Normalize a and b for division, where b is the divisor. In order
that we might make good guesses for quotient digits, we want the
leading digit of b to be at least half the radix, which we
- accomplish by multiplying a and b by a power of 2. The exponent
- (shift count) is placed in *pd, so that the remainder can be shifted
+ accomplish by multiplying a and b by a power of 2. The exponent
+ (shift count) is placed in *pd, so that the remainder can be shifted
back at the end of the division process.
*/
-mp_err s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd)
+mp_err
+s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd)
{
- mp_digit d;
- mp_digit mask;
- mp_digit b_msd;
- mp_err res = MP_OKAY;
-
- d = 0;
- mask = DIGIT_MAX & ~(DIGIT_MAX >> 1); /* mask is msb of digit */
- b_msd = DIGIT(b, USED(b) - 1);
- while (!(b_msd & mask)) {
- b_msd <<= 1;
- ++d;
- }
-
- if (d) {
- MP_CHECKOK( s_mp_mul_2d(a, d) );
- MP_CHECKOK( s_mp_mul_2d(b, d) );
- }
-
- *pd = d;
+ mp_digit d;
+ mp_digit mask;
+ mp_digit b_msd;
+ mp_err res = MP_OKAY;
+
+ d = 0;
+ mask = DIGIT_MAX & ~(DIGIT_MAX >> 1); /* mask is msb of digit */
+ b_msd = DIGIT(b, USED(b) - 1);
+ while (!(b_msd & mask)) {
+ b_msd <<= 1;
+ ++d;
+ }
+
+ if (d) {
+ MP_CHECKOK(s_mp_mul_2d(a, d));
+ MP_CHECKOK(s_mp_mul_2d(b, d));
+ }
+
+ *pd = d;
CLEANUP:
- return res;
+ return res;
} /* end s_mp_norm() */
@@ -3140,55 +3219,55 @@ CLEANUP:
/* {{{ s_mp_add_d(mp, d) */
/* Add d to |mp| in place */
-mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */
+mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- mp_word w, k = 0;
- mp_size ix = 1;
-
- w = (mp_word)DIGIT(mp, 0) + d;
- DIGIT(mp, 0) = ACCUM(w);
- k = CARRYOUT(w);
+ mp_word w, k = 0;
+ mp_size ix = 1;
- while(ix < USED(mp) && k) {
- w = (mp_word)DIGIT(mp, ix) + k;
- DIGIT(mp, ix) = ACCUM(w);
+ w = (mp_word)DIGIT(mp, 0) + d;
+ DIGIT(mp, 0) = ACCUM(w);
k = CARRYOUT(w);
- ++ix;
- }
- if(k != 0) {
- mp_err res;
+ while (ix < USED(mp) && k) {
+ w = (mp_word)DIGIT(mp, ix) + k;
+ DIGIT(mp, ix) = ACCUM(w);
+ k = CARRYOUT(w);
+ ++ix;
+ }
+
+ if (k != 0) {
+ mp_err res;
- if((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY)
- return res;
+ if ((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY)
+ return res;
- DIGIT(mp, ix) = (mp_digit)k;
- }
+ DIGIT(mp, ix) = (mp_digit)k;
+ }
- return MP_OKAY;
+ return MP_OKAY;
#else
- mp_digit * pmp = MP_DIGITS(mp);
- mp_digit sum, mp_i, carry = 0;
- mp_err res = MP_OKAY;
- int used = (int)MP_USED(mp);
-
- mp_i = *pmp;
- *pmp++ = sum = d + mp_i;
- carry = (sum < d);
- while (carry && --used > 0) {
+ mp_digit *pmp = MP_DIGITS(mp);
+ mp_digit sum, mp_i, carry = 0;
+ mp_err res = MP_OKAY;
+ int used = (int)MP_USED(mp);
+
mp_i = *pmp;
- *pmp++ = sum = carry + mp_i;
- carry = !sum;
- }
- if (carry && !used) {
- /* mp is growing */
- used = MP_USED(mp);
- MP_CHECKOK( s_mp_pad(mp, used + 1) );
- MP_DIGIT(mp, used) = carry;
- }
+ *pmp++ = sum = d + mp_i;
+ carry = (sum < d);
+ while (carry && --used > 0) {
+ mp_i = *pmp;
+ *pmp++ = sum = carry + mp_i;
+ carry = !sum;
+ }
+ if (carry && !used) {
+ /* mp is growing */
+ used = MP_USED(mp);
+ MP_CHECKOK(s_mp_pad(mp, used + 1));
+ MP_DIGIT(mp, used) = carry;
+ }
CLEANUP:
- return res;
+ return res;
#endif
} /* end s_mp_add_d() */
@@ -3197,48 +3276,48 @@ CLEANUP:
/* {{{ s_mp_sub_d(mp, d) */
/* Subtract d from |mp| in place, assumes |mp| > d */
-mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */
+mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- mp_word w, b = 0;
- mp_size ix = 1;
-
- /* Compute initial subtraction */
- w = (RADIX + (mp_word)DIGIT(mp, 0)) - d;
- b = CARRYOUT(w) ? 0 : 1;
- DIGIT(mp, 0) = ACCUM(w);
+ mp_word w, b = 0;
+ mp_size ix = 1;
- /* Propagate borrows leftward */
- while(b && ix < USED(mp)) {
- w = (RADIX + (mp_word)DIGIT(mp, ix)) - b;
+ /* Compute initial subtraction */
+ w = (RADIX + (mp_word)DIGIT(mp, 0)) - d;
b = CARRYOUT(w) ? 0 : 1;
- DIGIT(mp, ix) = ACCUM(w);
- ++ix;
- }
+ DIGIT(mp, 0) = ACCUM(w);
+
+ /* Propagate borrows leftward */
+ while (b && ix < USED(mp)) {
+ w = (RADIX + (mp_word)DIGIT(mp, ix)) - b;
+ b = CARRYOUT(w) ? 0 : 1;
+ DIGIT(mp, ix) = ACCUM(w);
+ ++ix;
+ }
- /* Remove leading zeroes */
- s_mp_clamp(mp);
+ /* Remove leading zeroes */
+ s_mp_clamp(mp);
- /* If we have a borrow out, it's a violation of the input invariant */
- if(b)
- return MP_RANGE;
- else
- return MP_OKAY;
+ /* If we have a borrow out, it's a violation of the input invariant */
+ if (b)
+ return MP_RANGE;
+ else
+ return MP_OKAY;
#else
- mp_digit *pmp = MP_DIGITS(mp);
- mp_digit mp_i, diff, borrow;
- mp_size used = MP_USED(mp);
-
- mp_i = *pmp;
- *pmp++ = diff = mp_i - d;
- borrow = (diff > mp_i);
- while (borrow && --used) {
+ mp_digit *pmp = MP_DIGITS(mp);
+ mp_digit mp_i, diff, borrow;
+ mp_size used = MP_USED(mp);
+
mp_i = *pmp;
- *pmp++ = diff = mp_i - borrow;
+ *pmp++ = diff = mp_i - d;
borrow = (diff > mp_i);
- }
- s_mp_clamp(mp);
- return (borrow && !used) ? MP_RANGE : MP_OKAY;
+ while (borrow && --used) {
+ mp_i = *pmp;
+ *pmp++ = diff = mp_i - borrow;
+ borrow = (diff > mp_i);
+ }
+ s_mp_clamp(mp);
+ return (borrow && !used) ? MP_RANGE : MP_OKAY;
#endif
} /* end s_mp_sub_d() */
@@ -3247,32 +3326,33 @@ mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */
/* {{{ s_mp_mul_d(a, d) */
/* Compute a = a * d, single digit multiplication */
-mp_err s_mp_mul_d(mp_int *a, mp_digit d)
+mp_err
+s_mp_mul_d(mp_int *a, mp_digit d)
{
- mp_err res;
- mp_size used;
- int pow;
+ mp_err res;
+ mp_size used;
+ int pow;
- if (!d) {
- mp_zero(a);
- return MP_OKAY;
- }
- if (d == 1)
- return MP_OKAY;
- if (0 <= (pow = s_mp_ispow2d(d))) {
- return s_mp_mul_2d(a, (mp_digit)pow);
- }
+ if (!d) {
+ mp_zero(a);
+ return MP_OKAY;
+ }
+ if (d == 1)
+ return MP_OKAY;
+ if (0 <= (pow = s_mp_ispow2d(d))) {
+ return s_mp_mul_2d(a, (mp_digit)pow);
+ }
- used = MP_USED(a);
- MP_CHECKOK( s_mp_pad(a, used + 1) );
+ used = MP_USED(a);
+ MP_CHECKOK(s_mp_pad(a, used + 1));
- s_mpv_mul_d(MP_DIGITS(a), used, d, MP_DIGITS(a));
+ s_mpv_mul_d(MP_DIGITS(a), used, d, MP_DIGITS(a));
- s_mp_clamp(a);
+ s_mp_clamp(a);
CLEANUP:
- return res;
-
+ return res;
+
} /* end s_mp_mul_d() */
/* }}} */
@@ -3286,115 +3366,115 @@ CLEANUP:
single digit d. If r is null, the remainder will be discarded.
*/
-mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r)
+mp_err
+s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r)
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
- mp_word w = 0, q;
+ mp_word w = 0, q;
#else
- mp_digit w = 0, q;
+ mp_digit w = 0, q;
#endif
- int ix;
- mp_err res;
- mp_int quot;
- mp_int rem;
-
- if(d == 0)
- return MP_RANGE;
- if (d == 1) {
- if (r)
- *r = 0;
- return MP_OKAY;
- }
- /* could check for power of 2 here, but mp_div_d does that. */
- if (MP_USED(mp) == 1) {
- mp_digit n = MP_DIGIT(mp,0);
- mp_digit rem;
-
- q = n / d;
- rem = n % d;
- MP_DIGIT(mp,0) = q;
- if (r)
- *r = rem;
- return MP_OKAY;
- }
+ int ix;
+ mp_err res;
+ mp_int quot;
+ mp_int rem;
+
+ if (d == 0)
+ return MP_RANGE;
+ if (d == 1) {
+ if (r)
+ *r = 0;
+ return MP_OKAY;
+ }
+ /* could check for power of 2 here, but mp_div_d does that. */
+ if (MP_USED(mp) == 1) {
+ mp_digit n = MP_DIGIT(mp, 0);
+ mp_digit rem;
+
+ q = n / d;
+ rem = n % d;
+ MP_DIGIT(mp, 0) = q;
+ if (r)
+ *r = rem;
+ return MP_OKAY;
+ }
- MP_DIGITS(&rem) = 0;
- MP_DIGITS(&quot) = 0;
- /* Make room for the quotient */
- MP_CHECKOK( mp_init_size(&quot, USED(mp)) );
+ MP_DIGITS(&rem) = 0;
+ MP_DIGITS(&quot) = 0;
+ /* Make room for the quotient */
+ MP_CHECKOK(mp_init_size(&quot, USED(mp)));
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- w = (w << DIGIT_BIT) | DIGIT(mp, ix);
-
- if(w >= d) {
- q = w / d;
- w = w % d;
- } else {
- q = 0;
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ w = (w << DIGIT_BIT) | DIGIT(mp, ix);
+
+ if (w >= d) {
+ q = w / d;
+ w = w % d;
+ } else {
+ q = 0;
+ }
+
+ s_mp_lshd(&quot, 1);
+ DIGIT(&quot, 0) = (mp_digit)q;
}
-
- s_mp_lshd(&quot, 1);
- DIGIT(&quot, 0) = (mp_digit)q;
- }
#else
- {
- mp_digit p;
+ {
+ mp_digit p;
#if !defined(MP_ASSEMBLY_DIV_2DX1D)
- mp_digit norm;
+ mp_digit norm;
#endif
- MP_CHECKOK( mp_init_copy(&rem, mp) );
+ MP_CHECKOK(mp_init_copy(&rem, mp));
#if !defined(MP_ASSEMBLY_DIV_2DX1D)
- MP_DIGIT(&quot, 0) = d;
- MP_CHECKOK( s_mp_norm(&rem, &quot, &norm) );
- if (norm)
- d <<= norm;
- MP_DIGIT(&quot, 0) = 0;
+ MP_DIGIT(&quot, 0) = d;
+ MP_CHECKOK(s_mp_norm(&rem, &quot, &norm));
+ if (norm)
+ d <<= norm;
+ MP_DIGIT(&quot, 0) = 0;
#endif
- p = 0;
- for (ix = USED(&rem) - 1; ix >= 0; ix--) {
- w = DIGIT(&rem, ix);
-
- if (p) {
- MP_CHECKOK( s_mpv_div_2dx1d(p, w, d, &q, &w) );
- } else if (w >= d) {
- q = w / d;
- w = w % d;
- } else {
- q = 0;
- }
-
- MP_CHECKOK( s_mp_lshd(&quot, 1) );
- DIGIT(&quot, 0) = q;
- p = w;
- }
+ p = 0;
+ for (ix = USED(&rem) - 1; ix >= 0; ix--) {
+ w = DIGIT(&rem, ix);
+
+ if (p) {
+ MP_CHECKOK(s_mpv_div_2dx1d(p, w, d, &q, &w));
+ } else if (w >= d) {
+ q = w / d;
+ w = w % d;
+ } else {
+ q = 0;
+ }
+
+ MP_CHECKOK(s_mp_lshd(&quot, 1));
+ DIGIT(&quot, 0) = q;
+ p = w;
+ }
#if !defined(MP_ASSEMBLY_DIV_2DX1D)
- if (norm)
- w >>= norm;
+ if (norm)
+ w >>= norm;
#endif
- }
+ }
#endif
- /* Deliver the remainder, if desired */
- if(r) {
- *r = (mp_digit)w;
- }
+ /* Deliver the remainder, if desired */
+ if (r) {
+ *r = (mp_digit)w;
+ }
- s_mp_clamp(&quot);
- mp_exch(&quot, mp);
+ s_mp_clamp(&quot);
+ mp_exch(&quot, mp);
CLEANUP:
- mp_clear(&quot);
- mp_clear(&rem);
+ mp_clear(&quot);
+ mp_clear(&rem);
- return res;
+ return res;
} /* end s_mp_div_d() */
/* }}} */
-
/* }}} */
/* {{{ Primitive full arithmetic */
@@ -3402,259 +3482,261 @@ CLEANUP:
/* {{{ s_mp_add(a, b) */
/* Compute a = |a| + |b| */
-mp_err s_mp_add(mp_int *a, const mp_int *b) /* magnitude addition */
+mp_err s_mp_add(mp_int *a, const mp_int *b) /* magnitude addition */
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- mp_word w = 0;
+ mp_word w = 0;
#else
- mp_digit d, sum, carry = 0;
+ mp_digit d, sum, carry = 0;
#endif
- mp_digit *pa, *pb;
- mp_size ix;
- mp_size used;
- mp_err res;
+ mp_digit *pa, *pb;
+ mp_size ix;
+ mp_size used;
+ mp_err res;
- /* Make sure a has enough precision for the output value */
- if((USED(b) > USED(a)) && (res = s_mp_pad(a, USED(b))) != MP_OKAY)
- return res;
+ /* Make sure a has enough precision for the output value */
+ if ((USED(b) > USED(a)) && (res = s_mp_pad(a, USED(b))) != MP_OKAY)
+ return res;
- /*
- Add up all digits up to the precision of b. If b had initially
- the same precision as a, or greater, we took care of it by the
- padding step above, so there is no problem. If b had initially
- less precision, we'll have to make sure the carry out is duly
- propagated upward among the higher-order digits of the sum.
- */
- pa = MP_DIGITS(a);
- pb = MP_DIGITS(b);
- used = MP_USED(b);
- for(ix = 0; ix < used; ix++) {
+ /*
+ Add up all digits up to the precision of b. If b had initially
+ the same precision as a, or greater, we took care of it by the
+ padding step above, so there is no problem. If b had initially
+ less precision, we'll have to make sure the carry out is duly
+ propagated upward among the higher-order digits of the sum.
+ */
+ pa = MP_DIGITS(a);
+ pb = MP_DIGITS(b);
+ used = MP_USED(b);
+ for (ix = 0; ix < used; ix++) {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- w = w + *pa + *pb++;
- *pa++ = ACCUM(w);
- w = CARRYOUT(w);
+ w = w + *pa + *pb++;
+ *pa++ = ACCUM(w);
+ w = CARRYOUT(w);
#else
- d = *pa;
- sum = d + *pb++;
- d = (sum < d); /* detect overflow */
- *pa++ = sum += carry;
- carry = d + (sum < carry); /* detect overflow */
+ d = *pa;
+ sum = d + *pb++;
+ d = (sum < d); /* detect overflow */
+ *pa++ = sum += carry;
+ carry = d + (sum < carry); /* detect overflow */
#endif
- }
+ }
- /* If we run out of 'b' digits before we're actually done, make
- sure the carries get propagated upward...
- */
- used = MP_USED(a);
+ /* If we run out of 'b' digits before we're actually done, make
+ sure the carries get propagated upward...
+ */
+ used = MP_USED(a);
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- while (w && ix < used) {
- w = w + *pa;
- *pa++ = ACCUM(w);
- w = CARRYOUT(w);
- ++ix;
- }
+ while (w && ix < used) {
+ w = w + *pa;
+ *pa++ = ACCUM(w);
+ w = CARRYOUT(w);
+ ++ix;
+ }
#else
- while (carry && ix < used) {
- sum = carry + *pa;
- *pa++ = sum;
- carry = !sum;
- ++ix;
- }
+ while (carry && ix < used) {
+ sum = carry + *pa;
+ *pa++ = sum;
+ carry = !sum;
+ ++ix;
+ }
#endif
- /* If there's an overall carry out, increase precision and include
+/* If there's an overall carry out, increase precision and include
it. We could have done this initially, but why touch the memory
allocator unless we're sure we have to?
*/
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- if (w) {
- if((res = s_mp_pad(a, used + 1)) != MP_OKAY)
- return res;
+ if (w) {
+ if ((res = s_mp_pad(a, used + 1)) != MP_OKAY)
+ return res;
- DIGIT(a, ix) = (mp_digit)w;
- }
+ DIGIT(a, ix) = (mp_digit)w;
+ }
#else
- if (carry) {
- if((res = s_mp_pad(a, used + 1)) != MP_OKAY)
- return res;
+ if (carry) {
+ if ((res = s_mp_pad(a, used + 1)) != MP_OKAY)
+ return res;
- DIGIT(a, used) = carry;
- }
+ DIGIT(a, used) = carry;
+ }
#endif
- return MP_OKAY;
+ return MP_OKAY;
} /* end s_mp_add() */
/* }}} */
/* Compute c = |a| + |b| */ /* magnitude addition */
-mp_err s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err
+s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c)
{
- mp_digit *pa, *pb, *pc;
+ mp_digit *pa, *pb, *pc;
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- mp_word w = 0;
+ mp_word w = 0;
#else
- mp_digit sum, carry = 0, d;
+ mp_digit sum, carry = 0, d;
#endif
- mp_size ix;
- mp_size used;
- mp_err res;
-
- MP_SIGN(c) = MP_SIGN(a);
- if (MP_USED(a) < MP_USED(b)) {
- const mp_int *xch = a;
- a = b;
- b = xch;
- }
-
- /* Make sure a has enough precision for the output value */
- if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
- return res;
+ mp_size ix;
+ mp_size used;
+ mp_err res;
+
+ MP_SIGN(c) = MP_SIGN(a);
+ if (MP_USED(a) < MP_USED(b)) {
+ const mp_int *xch = a;
+ a = b;
+ b = xch;
+ }
- /*
- Add up all digits up to the precision of b. If b had initially
- the same precision as a, or greater, we took care of it by the
- exchange step above, so there is no problem. If b had initially
- less precision, we'll have to make sure the carry out is duly
- propagated upward among the higher-order digits of the sum.
- */
- pa = MP_DIGITS(a);
- pb = MP_DIGITS(b);
- pc = MP_DIGITS(c);
- used = MP_USED(b);
- for (ix = 0; ix < used; ix++) {
+ /* Make sure a has enough precision for the output value */
+ if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
+ return res;
+
+ /*
+ Add up all digits up to the precision of b. If b had initially
+ the same precision as a, or greater, we took care of it by the
+ exchange step above, so there is no problem. If b had initially
+ less precision, we'll have to make sure the carry out is duly
+ propagated upward among the higher-order digits of the sum.
+ */
+ pa = MP_DIGITS(a);
+ pb = MP_DIGITS(b);
+ pc = MP_DIGITS(c);
+ used = MP_USED(b);
+ for (ix = 0; ix < used; ix++) {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- w = w + *pa++ + *pb++;
- *pc++ = ACCUM(w);
- w = CARRYOUT(w);
+ w = w + *pa++ + *pb++;
+ *pc++ = ACCUM(w);
+ w = CARRYOUT(w);
#else
- d = *pa++;
- sum = d + *pb++;
- d = (sum < d); /* detect overflow */
- *pc++ = sum += carry;
- carry = d + (sum < carry); /* detect overflow */
+ d = *pa++;
+ sum = d + *pb++;
+ d = (sum < d); /* detect overflow */
+ *pc++ = sum += carry;
+ carry = d + (sum < carry); /* detect overflow */
#endif
- }
+ }
- /* If we run out of 'b' digits before we're actually done, make
- sure the carries get propagated upward...
+ /* If we run out of 'b' digits before we're actually done, make
+ sure the carries get propagated upward...
*/
- for (used = MP_USED(a); ix < used; ++ix) {
+ for (used = MP_USED(a); ix < used; ++ix) {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- w = w + *pa++;
- *pc++ = ACCUM(w);
- w = CARRYOUT(w);
+ w = w + *pa++;
+ *pc++ = ACCUM(w);
+ w = CARRYOUT(w);
#else
- *pc++ = sum = carry + *pa++;
- carry = (sum < carry);
+ *pc++ = sum = carry + *pa++;
+ carry = (sum < carry);
#endif
- }
+ }
- /* If there's an overall carry out, increase precision and include
+/* If there's an overall carry out, increase precision and include
it. We could have done this initially, but why touch the memory
allocator unless we're sure we have to?
*/
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- if (w) {
- if((res = s_mp_pad(c, used + 1)) != MP_OKAY)
- return res;
+ if (w) {
+ if ((res = s_mp_pad(c, used + 1)) != MP_OKAY)
+ return res;
- DIGIT(c, used) = (mp_digit)w;
- ++used;
- }
+ DIGIT(c, used) = (mp_digit)w;
+ ++used;
+ }
#else
- if (carry) {
- if((res = s_mp_pad(c, used + 1)) != MP_OKAY)
- return res;
+ if (carry) {
+ if ((res = s_mp_pad(c, used + 1)) != MP_OKAY)
+ return res;
- DIGIT(c, used) = carry;
- ++used;
- }
+ DIGIT(c, used) = carry;
+ ++used;
+ }
#endif
- MP_USED(c) = used;
- return MP_OKAY;
+ MP_USED(c) = used;
+ return MP_OKAY;
}
/* {{{ s_mp_add_offset(a, b, offset) */
/* Compute a = |a| + ( |b| * (RADIX ** offset) ) */
-mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset)
+mp_err
+s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset)
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- mp_word w, k = 0;
+ mp_word w, k = 0;
#else
- mp_digit d, sum, carry = 0;
+ mp_digit d, sum, carry = 0;
#endif
- mp_size ib;
- mp_size ia;
- mp_size lim;
- mp_err res;
-
- /* Make sure a has enough precision for the output value */
- lim = MP_USED(b) + offset;
- if((lim > USED(a)) && (res = s_mp_pad(a, lim)) != MP_OKAY)
- return res;
+ mp_size ib;
+ mp_size ia;
+ mp_size lim;
+ mp_err res;
+
+ /* Make sure a has enough precision for the output value */
+ lim = MP_USED(b) + offset;
+ if ((lim > USED(a)) && (res = s_mp_pad(a, lim)) != MP_OKAY)
+ return res;
- /*
+ /*
Add up all digits up to the precision of b. If b had initially
the same precision as a, or greater, we took care of it by the
padding step above, so there is no problem. If b had initially
less precision, we'll have to make sure the carry out is duly
propagated upward among the higher-order digits of the sum.
*/
- lim = USED(b);
- for(ib = 0, ia = offset; ib < lim; ib++, ia++) {
+ lim = USED(b);
+ for (ib = 0, ia = offset; ib < lim; ib++, ia++) {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- w = (mp_word)DIGIT(a, ia) + DIGIT(b, ib) + k;
- DIGIT(a, ia) = ACCUM(w);
- k = CARRYOUT(w);
+ w = (mp_word)DIGIT(a, ia) + DIGIT(b, ib) + k;
+ DIGIT(a, ia) = ACCUM(w);
+ k = CARRYOUT(w);
#else
- d = MP_DIGIT(a, ia);
- sum = d + MP_DIGIT(b, ib);
- d = (sum < d);
- MP_DIGIT(a,ia) = sum += carry;
- carry = d + (sum < carry);
+ d = MP_DIGIT(a, ia);
+ sum = d + MP_DIGIT(b, ib);
+ d = (sum < d);
+ MP_DIGIT(a, ia) = sum += carry;
+ carry = d + (sum < carry);
#endif
- }
+ }
- /* If we run out of 'b' digits before we're actually done, make
- sure the carries get propagated upward...
+/* If we run out of 'b' digits before we're actually done, make
+ sure the carries get propagated upward...
*/
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- for (lim = MP_USED(a); k && (ia < lim); ++ia) {
- w = (mp_word)DIGIT(a, ia) + k;
- DIGIT(a, ia) = ACCUM(w);
- k = CARRYOUT(w);
- }
+ for (lim = MP_USED(a); k && (ia < lim); ++ia) {
+ w = (mp_word)DIGIT(a, ia) + k;
+ DIGIT(a, ia) = ACCUM(w);
+ k = CARRYOUT(w);
+ }
#else
- for (lim = MP_USED(a); carry && (ia < lim); ++ia) {
- d = MP_DIGIT(a, ia);
- MP_DIGIT(a,ia) = sum = d + carry;
- carry = (sum < d);
- }
+ for (lim = MP_USED(a); carry && (ia < lim); ++ia) {
+ d = MP_DIGIT(a, ia);
+ MP_DIGIT(a, ia) = sum = d + carry;
+ carry = (sum < d);
+ }
#endif
- /* If there's an overall carry out, increase precision and include
+/* If there's an overall carry out, increase precision and include
it. We could have done this initially, but why touch the memory
allocator unless we're sure we have to?
*/
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
- if(k) {
- if((res = s_mp_pad(a, USED(a) + 1)) != MP_OKAY)
- return res;
+ if (k) {
+ if ((res = s_mp_pad(a, USED(a) + 1)) != MP_OKAY)
+ return res;
- DIGIT(a, ia) = (mp_digit)k;
- }
+ DIGIT(a, ia) = (mp_digit)k;
+ }
#else
- if (carry) {
- if((res = s_mp_pad(a, lim + 1)) != MP_OKAY)
- return res;
+ if (carry) {
+ if ((res = s_mp_pad(a, lim + 1)) != MP_OKAY)
+ return res;
- DIGIT(a, lim) = carry;
- }
+ DIGIT(a, lim) = carry;
+ }
#endif
- s_mp_clamp(a);
+ s_mp_clamp(a);
- return MP_OKAY;
+ return MP_OKAY;
} /* end s_mp_add_offset() */
@@ -3663,399 +3745,419 @@ mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset)
/* {{{ s_mp_sub(a, b) */
/* Compute a = |a| - |b|, assumes |a| >= |b| */
-mp_err s_mp_sub(mp_int *a, const mp_int *b) /* magnitude subtract */
+mp_err s_mp_sub(mp_int *a, const mp_int *b) /* magnitude subtract */
{
- mp_digit *pa, *pb, *limit;
+ mp_digit *pa, *pb, *limit;
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- mp_sword w = 0;
+ mp_sword w = 0;
#else
- mp_digit d, diff, borrow = 0;
+ mp_digit d, diff, borrow = 0;
#endif
- /*
+ /*
Subtract and propagate borrow. Up to the precision of b, this
accounts for the digits of b; after that, we just make sure the
carries get to the right place. This saves having to pad b out to
the precision of a just to make the loops work right...
*/
- pa = MP_DIGITS(a);
- pb = MP_DIGITS(b);
- limit = pb + MP_USED(b);
- while (pb < limit) {
+ pa = MP_DIGITS(a);
+ pb = MP_DIGITS(b);
+ limit = pb + MP_USED(b);
+ while (pb < limit) {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- w = w + *pa - *pb++;
- *pa++ = ACCUM(w);
- w >>= MP_DIGIT_BIT;
+ w = w + *pa - *pb++;
+ *pa++ = ACCUM(w);
+ w >>= MP_DIGIT_BIT;
#else
- d = *pa;
- diff = d - *pb++;
- d = (diff > d); /* detect borrow */
- if (borrow && --diff == MP_DIGIT_MAX)
- ++d;
- *pa++ = diff;
- borrow = d;
+ d = *pa;
+ diff = d - *pb++;
+ d = (diff > d); /* detect borrow */
+ if (borrow && --diff == MP_DIGIT_MAX)
+ ++d;
+ *pa++ = diff;
+ borrow = d;
#endif
- }
- limit = MP_DIGITS(a) + MP_USED(a);
+ }
+ limit = MP_DIGITS(a) + MP_USED(a);
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- while (w && pa < limit) {
- w = w + *pa;
- *pa++ = ACCUM(w);
- w >>= MP_DIGIT_BIT;
- }
+ while (w && pa < limit) {
+ w = w + *pa;
+ *pa++ = ACCUM(w);
+ w >>= MP_DIGIT_BIT;
+ }
#else
- while (borrow && pa < limit) {
- d = *pa;
- *pa++ = diff = d - borrow;
- borrow = (diff > d);
- }
+ while (borrow && pa < limit) {
+ d = *pa;
+ *pa++ = diff = d - borrow;
+ borrow = (diff > d);
+ }
#endif
- /* Clobber any leading zeroes we created */
- s_mp_clamp(a);
+ /* Clobber any leading zeroes we created */
+ s_mp_clamp(a);
- /*
+/*
If there was a borrow out, then |b| > |a| in violation
of our input invariant. We've already done the work,
but we'll at least complain about it...
*/
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- return w ? MP_RANGE : MP_OKAY;
+ return w ? MP_RANGE : MP_OKAY;
#else
- return borrow ? MP_RANGE : MP_OKAY;
+ return borrow ? MP_RANGE : MP_OKAY;
#endif
} /* end s_mp_sub() */
/* }}} */
/* Compute c = |a| - |b|, assumes |a| >= |b| */ /* magnitude subtract */
-mp_err s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c)
+mp_err
+s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c)
{
- mp_digit *pa, *pb, *pc;
+ mp_digit *pa, *pb, *pc;
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- mp_sword w = 0;
+ mp_sword w = 0;
#else
- mp_digit d, diff, borrow = 0;
+ mp_digit d, diff, borrow = 0;
#endif
- int ix, limit;
- mp_err res;
+ int ix, limit;
+ mp_err res;
- MP_SIGN(c) = MP_SIGN(a);
+ MP_SIGN(c) = MP_SIGN(a);
- /* Make sure a has enough precision for the output value */
- if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
- return res;
+ /* Make sure a has enough precision for the output value */
+ if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
+ return res;
- /*
+ /*
Subtract and propagate borrow. Up to the precision of b, this
accounts for the digits of b; after that, we just make sure the
carries get to the right place. This saves having to pad b out to
the precision of a just to make the loops work right...
*/
- pa = MP_DIGITS(a);
- pb = MP_DIGITS(b);
- pc = MP_DIGITS(c);
- limit = MP_USED(b);
- for (ix = 0; ix < limit; ++ix) {
+ pa = MP_DIGITS(a);
+ pb = MP_DIGITS(b);
+ pc = MP_DIGITS(c);
+ limit = MP_USED(b);
+ for (ix = 0; ix < limit; ++ix) {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- w = w + *pa++ - *pb++;
- *pc++ = ACCUM(w);
- w >>= MP_DIGIT_BIT;
+ w = w + *pa++ - *pb++;
+ *pc++ = ACCUM(w);
+ w >>= MP_DIGIT_BIT;
#else
- d = *pa++;
- diff = d - *pb++;
- d = (diff > d);
- if (borrow && --diff == MP_DIGIT_MAX)
- ++d;
- *pc++ = diff;
- borrow = d;
+ d = *pa++;
+ diff = d - *pb++;
+ d = (diff > d);
+ if (borrow && --diff == MP_DIGIT_MAX)
+ ++d;
+ *pc++ = diff;
+ borrow = d;
#endif
- }
- for (limit = MP_USED(a); ix < limit; ++ix) {
+ }
+ for (limit = MP_USED(a); ix < limit; ++ix) {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- w = w + *pa++;
- *pc++ = ACCUM(w);
- w >>= MP_DIGIT_BIT;
+ w = w + *pa++;
+ *pc++ = ACCUM(w);
+ w >>= MP_DIGIT_BIT;
#else
- d = *pa++;
- *pc++ = diff = d - borrow;
- borrow = (diff > d);
+ d = *pa++;
+ *pc++ = diff = d - borrow;
+ borrow = (diff > d);
#endif
- }
+ }
- /* Clobber any leading zeroes we created */
- MP_USED(c) = ix;
- s_mp_clamp(c);
+ /* Clobber any leading zeroes we created */
+ MP_USED(c) = ix;
+ s_mp_clamp(c);
- /*
+/*
If there was a borrow out, then |b| > |a| in violation
of our input invariant. We've already done the work,
but we'll at least complain about it...
*/
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
- return w ? MP_RANGE : MP_OKAY;
+ return w ? MP_RANGE : MP_OKAY;
#else
- return borrow ? MP_RANGE : MP_OKAY;
+ return borrow ? MP_RANGE : MP_OKAY;
#endif
}
/* {{{ s_mp_mul(a, b) */
/* Compute a = |a| * |b| */
-mp_err s_mp_mul(mp_int *a, const mp_int *b)
+mp_err
+s_mp_mul(mp_int *a, const mp_int *b)
{
- return mp_mul(a, b, a);
+ return mp_mul(a, b, a);
} /* end s_mp_mul() */
/* }}} */
#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
-#define MP_MUL_DxD(a, b, Phi, Plo) \
- { unsigned long long product = (unsigned long long)a * b; \
- Plo = (mp_digit)product; \
- Phi = (mp_digit)(product >> MP_DIGIT_BIT); }
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+ { \
+ unsigned long long product = (unsigned long long)a * b; \
+ Plo = (mp_digit)product; \
+ Phi = (mp_digit)(product >> MP_DIGIT_BIT); \
+ }
#elif defined(OSF1)
-#define MP_MUL_DxD(a, b, Phi, Plo) \
- { Plo = asm ("mulq %a0, %a1, %v0", a, b);\
- Phi = asm ("umulh %a0, %a1, %v0", a, b); }
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+ { \
+ Plo = asm("mulq %a0, %a1, %v0", a, b); \
+ Phi = asm("umulh %a0, %a1, %v0", a, b); \
+ }
#else
-#define MP_MUL_DxD(a, b, Phi, Plo) \
- { mp_digit a0b1, a1b0; \
- Plo = (a & MP_HALF_DIGIT_MAX) * (b & MP_HALF_DIGIT_MAX); \
- Phi = (a >> MP_HALF_DIGIT_BIT) * (b >> MP_HALF_DIGIT_BIT); \
- a0b1 = (a & MP_HALF_DIGIT_MAX) * (b >> MP_HALF_DIGIT_BIT); \
- a1b0 = (a >> MP_HALF_DIGIT_BIT) * (b & MP_HALF_DIGIT_MAX); \
- a1b0 += a0b1; \
- Phi += a1b0 >> MP_HALF_DIGIT_BIT; \
- if (a1b0 < a0b1) \
- Phi += MP_HALF_RADIX; \
- a1b0 <<= MP_HALF_DIGIT_BIT; \
- Plo += a1b0; \
- if (Plo < a1b0) \
- ++Phi; \
- }
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+ { \
+ mp_digit a0b1, a1b0; \
+ Plo = (a & MP_HALF_DIGIT_MAX) * (b & MP_HALF_DIGIT_MAX); \
+ Phi = (a >> MP_HALF_DIGIT_BIT) * (b >> MP_HALF_DIGIT_BIT); \
+ a0b1 = (a & MP_HALF_DIGIT_MAX) * (b >> MP_HALF_DIGIT_BIT); \
+ a1b0 = (a >> MP_HALF_DIGIT_BIT) * (b & MP_HALF_DIGIT_MAX); \
+ a1b0 += a0b1; \
+ Phi += a1b0 >> MP_HALF_DIGIT_BIT; \
+ if (a1b0 < a0b1) \
+ Phi += MP_HALF_RADIX; \
+ a1b0 <<= MP_HALF_DIGIT_BIT; \
+ Plo += a1b0; \
+ if (Plo < a1b0) \
+ ++Phi; \
+ }
#endif
#if !defined(MP_ASSEMBLY_MULTIPLY)
/* c = a * b */
-void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
- mp_digit d = 0;
-
- /* Inner product: Digits of a */
- while (a_len--) {
- mp_word w = ((mp_word)b * *a++) + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
- *c = d;
+ mp_digit d = 0;
+
+ /* Inner product: Digits of a */
+ while (a_len--) {
+ mp_word w = ((mp_word)b * *a++) + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
+ *c = d;
#else
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *a++;
- mp_digit a0b0, a1b1;
-
- MP_MUL_DxD(a_i, b, a1b1, a0b0);
-
- a0b0 += carry;
- if (a0b0 < carry)
- ++a1b1;
- *c++ = a0b0;
- carry = a1b1;
- }
- *c = carry;
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *a++;
+ mp_digit a0b0, a1b1;
+
+ MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+ a0b0 += carry;
+ if (a0b0 < carry)
+ ++a1b1;
+ *c++ = a0b0;
+ carry = a1b1;
+ }
+ *c = carry;
#endif
}
/* c += a * b */
-void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b,
- mp_digit *c)
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b,
+ mp_digit *c)
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
- mp_digit d = 0;
-
- /* Inner product: Digits of a */
- while (a_len--) {
- mp_word w = ((mp_word)b * *a++) + *c + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
- *c = d;
+ mp_digit d = 0;
+
+ /* Inner product: Digits of a */
+ while (a_len--) {
+ mp_word w = ((mp_word)b * *a++) + *c + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
+ *c = d;
#else
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *a++;
- mp_digit a0b0, a1b1;
-
- MP_MUL_DxD(a_i, b, a1b1, a0b0);
-
- a0b0 += carry;
- if (a0b0 < carry)
- ++a1b1;
- a0b0 += a_i = *c;
- if (a0b0 < a_i)
- ++a1b1;
- *c++ = a0b0;
- carry = a1b1;
- }
- *c = carry;
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *a++;
+ mp_digit a0b0, a1b1;
+
+ MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+ a0b0 += carry;
+ if (a0b0 < carry)
+ ++a1b1;
+ a0b0 += a_i = *c;
+ if (a0b0 < a_i)
+ ++a1b1;
+ *c++ = a0b0;
+ carry = a1b1;
+ }
+ *c = carry;
#endif
}
/* Presently, this is only used by the Montgomery arithmetic code. */
/* c += a * b */
-void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
- mp_digit d = 0;
-
- /* Inner product: Digits of a */
- while (a_len--) {
- mp_word w = ((mp_word)b * *a++) + *c + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
-
- while (d) {
- mp_word w = (mp_word)*c + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
+ mp_digit d = 0;
+
+ /* Inner product: Digits of a */
+ while (a_len--) {
+ mp_word w = ((mp_word)b * *a++) + *c + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
+
+ while (d) {
+ mp_word w = (mp_word)*c + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
#else
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *a++;
- mp_digit a0b0, a1b1;
-
- MP_MUL_DxD(a_i, b, a1b1, a0b0);
-
- a0b0 += carry;
- if (a0b0 < carry)
- ++a1b1;
-
- a0b0 += a_i = *c;
- if (a0b0 < a_i)
- ++a1b1;
-
- *c++ = a0b0;
- carry = a1b1;
- }
- while (carry) {
- mp_digit c_i = *c;
- carry += c_i;
- *c++ = carry;
- carry = carry < c_i;
- }
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *a++;
+ mp_digit a0b0, a1b1;
+
+ MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+ a0b0 += carry;
+ if (a0b0 < carry)
+ ++a1b1;
+
+ a0b0 += a_i = *c;
+ if (a0b0 < a_i)
+ ++a1b1;
+
+ *c++ = a0b0;
+ carry = a1b1;
+ }
+ while (carry) {
+ mp_digit c_i = *c;
+ carry += c_i;
+ *c++ = carry;
+ carry = carry < c_i;
+ }
#endif
}
#endif
#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
-#define MP_SQR_D(a, Phi, Plo) \
- { unsigned long long square = (unsigned long long)a * a; \
- Plo = (mp_digit)square; \
- Phi = (mp_digit)(square >> MP_DIGIT_BIT); }
+#define MP_SQR_D(a, Phi, Plo) \
+ { \
+ unsigned long long square = (unsigned long long)a * a; \
+ Plo = (mp_digit)square; \
+ Phi = (mp_digit)(square >> MP_DIGIT_BIT); \
+ }
#elif defined(OSF1)
-#define MP_SQR_D(a, Phi, Plo) \
- { Plo = asm ("mulq %a0, %a0, %v0", a);\
- Phi = asm ("umulh %a0, %a0, %v0", a); }
+#define MP_SQR_D(a, Phi, Plo) \
+ { \
+ Plo = asm("mulq %a0, %a0, %v0", a); \
+ Phi = asm("umulh %a0, %a0, %v0", a); \
+ }
#else
-#define MP_SQR_D(a, Phi, Plo) \
- { mp_digit Pmid; \
- Plo = (a & MP_HALF_DIGIT_MAX) * (a & MP_HALF_DIGIT_MAX); \
- Phi = (a >> MP_HALF_DIGIT_BIT) * (a >> MP_HALF_DIGIT_BIT); \
- Pmid = (a & MP_HALF_DIGIT_MAX) * (a >> MP_HALF_DIGIT_BIT); \
- Phi += Pmid >> (MP_HALF_DIGIT_BIT - 1); \
- Pmid <<= (MP_HALF_DIGIT_BIT + 1); \
- Plo += Pmid; \
- if (Plo < Pmid) \
- ++Phi; \
- }
+#define MP_SQR_D(a, Phi, Plo) \
+ { \
+ mp_digit Pmid; \
+ Plo = (a & MP_HALF_DIGIT_MAX) * (a & MP_HALF_DIGIT_MAX); \
+ Phi = (a >> MP_HALF_DIGIT_BIT) * (a >> MP_HALF_DIGIT_BIT); \
+ Pmid = (a & MP_HALF_DIGIT_MAX) * (a >> MP_HALF_DIGIT_BIT); \
+ Phi += Pmid >> (MP_HALF_DIGIT_BIT - 1); \
+ Pmid <<= (MP_HALF_DIGIT_BIT + 1); \
+ Plo += Pmid; \
+ if (Plo < Pmid) \
+ ++Phi; \
+ }
#endif
#if !defined(MP_ASSEMBLY_SQUARE)
/* Add the squares of the digits of a to the digits of b. */
-void s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
+void
+s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
{
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
- mp_word w;
- mp_digit d;
- mp_size ix;
-
- w = 0;
-#define ADD_SQUARE(n) \
- d = pa[n]; \
- w += (d * (mp_word)d) + ps[2*n]; \
- ps[2*n] = ACCUM(w); \
- w = (w >> DIGIT_BIT) + ps[2*n+1]; \
- ps[2*n+1] = ACCUM(w); \
+ mp_word w;
+ mp_digit d;
+ mp_size ix;
+
+ w = 0;
+#define ADD_SQUARE(n) \
+ d = pa[n]; \
+ w += (d * (mp_word)d) + ps[2 * n]; \
+ ps[2 * n] = ACCUM(w); \
+ w = (w >> DIGIT_BIT) + ps[2 * n + 1]; \
+ ps[2 * n + 1] = ACCUM(w); \
w = (w >> DIGIT_BIT)
- for (ix = a_len; ix >= 4; ix -= 4) {
- ADD_SQUARE(0);
- ADD_SQUARE(1);
- ADD_SQUARE(2);
- ADD_SQUARE(3);
- pa += 4;
- ps += 8;
- }
- if (ix) {
- ps += 2*ix;
- pa += ix;
- switch (ix) {
- case 3: ADD_SQUARE(-3); /* FALLTHRU */
- case 2: ADD_SQUARE(-2); /* FALLTHRU */
- case 1: ADD_SQUARE(-1); /* FALLTHRU */
- case 0: break;
- }
- }
- while (w) {
- w += *ps;
- *ps++ = ACCUM(w);
- w = (w >> DIGIT_BIT);
- }
+ for (ix = a_len; ix >= 4; ix -= 4) {
+ ADD_SQUARE(0);
+ ADD_SQUARE(1);
+ ADD_SQUARE(2);
+ ADD_SQUARE(3);
+ pa += 4;
+ ps += 8;
+ }
+ if (ix) {
+ ps += 2 * ix;
+ pa += ix;
+ switch (ix) {
+ case 3:
+ ADD_SQUARE(-3); /* FALLTHRU */
+ case 2:
+ ADD_SQUARE(-2); /* FALLTHRU */
+ case 1:
+ ADD_SQUARE(-1); /* FALLTHRU */
+ case 0:
+ break;
+ }
+ }
+ while (w) {
+ w += *ps;
+ *ps++ = ACCUM(w);
+ w = (w >> DIGIT_BIT);
+ }
#else
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *pa++;
- mp_digit a0a0, a1a1;
-
- MP_SQR_D(a_i, a1a1, a0a0);
-
- /* here a1a1 and a0a0 constitute a_i ** 2 */
- a0a0 += carry;
- if (a0a0 < carry)
- ++a1a1;
-
- /* now add to ps */
- a0a0 += a_i = *ps;
- if (a0a0 < a_i)
- ++a1a1;
- *ps++ = a0a0;
- a1a1 += a_i = *ps;
- carry = (a1a1 < a_i);
- *ps++ = a1a1;
- }
- while (carry) {
- mp_digit s_i = *ps;
- carry += s_i;
- *ps++ = carry;
- carry = carry < s_i;
- }
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *pa++;
+ mp_digit a0a0, a1a1;
+
+ MP_SQR_D(a_i, a1a1, a0a0);
+
+ /* here a1a1 and a0a0 constitute a_i ** 2 */
+ a0a0 += carry;
+ if (a0a0 < carry)
+ ++a1a1;
+
+ /* now add to ps */
+ a0a0 += a_i = *ps;
+ if (a0a0 < a_i)
+ ++a1a1;
+ *ps++ = a0a0;
+ a1a1 += a_i = *ps;
+ carry = (a1a1 < a_i);
+ *ps++ = a1a1;
+ }
+ while (carry) {
+ mp_digit s_i = *ps;
+ carry += s_i;
+ *ps++ = carry;
+ carry = carry < s_i;
+ }
#endif
}
#endif
-#if (defined(MP_NO_MP_WORD) || defined(MP_NO_DIV_WORD)) \
-&& !defined(MP_ASSEMBLY_DIV_2DX1D)
+#if (defined(MP_NO_MP_WORD) || defined(MP_NO_DIV_WORD)) && !defined(MP_ASSEMBLY_DIV_2DX1D)
/*
-** Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+** Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
** so its high bit is 1. This code is from NSPR.
*/
-mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
- mp_digit *qp, mp_digit *rp)
+mp_err
+s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ mp_digit *qp, mp_digit *rp)
{
mp_digit d1, d0, q1, q0;
mp_digit r1, r0, m;
@@ -4069,8 +4171,8 @@ mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
if (r1 < m) {
q1--, r1 += divisor;
if (r1 >= divisor && r1 < m) {
- q1--, r1 += divisor;
- }
+ q1--, r1 += divisor;
+ }
}
r1 -= m;
r0 = r1 % d1;
@@ -4080,13 +4182,13 @@ mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
if (r0 < m) {
q0--, r0 += divisor;
if (r0 >= divisor && r0 < m) {
- q0--, r0 += divisor;
- }
+ q0--, r0 += divisor;
+ }
}
if (qp)
- *qp = (q1 << MP_HALF_DIGIT_BIT) | q0;
+ *qp = (q1 << MP_HALF_DIGIT_BIT) | q0;
if (rp)
- *rp = r0 - m;
+ *rp = r0 - m;
return MP_OKAY;
}
#endif
@@ -4094,19 +4196,20 @@ mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
#if MP_SQUARE
/* {{{ s_mp_sqr(a) */
-mp_err s_mp_sqr(mp_int *a)
+mp_err
+s_mp_sqr(mp_int *a)
{
- mp_err res;
- mp_int tmp;
+ mp_err res;
+ mp_int tmp;
- if((res = mp_init_size(&tmp, 2 * USED(a))) != MP_OKAY)
+ if ((res = mp_init_size(&tmp, 2 * USED(a))) != MP_OKAY)
+ return res;
+ res = mp_sqr(a, &tmp);
+ if (res == MP_OKAY) {
+ s_mp_exch(&tmp, a);
+ }
+ mp_clear(&tmp);
return res;
- res = mp_sqr(a, &tmp);
- if (res == MP_OKAY) {
- s_mp_exch(&tmp, a);
- }
- mp_clear(&tmp);
- return res;
}
/* }}} */
@@ -4120,170 +4223,170 @@ mp_err s_mp_sqr(mp_int *a)
Compute a = a / b and b = a mod b. Assumes b > a.
*/
-mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
- mp_int *div, /* i: divisor */
- mp_int *quot) /* i: 0; o: quotient */
+mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
+ mp_int *div, /* i: divisor */
+ mp_int *quot) /* i: 0; o: quotient */
{
- mp_int part, t;
+ mp_int part, t;
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
- mp_word q_msd;
+ mp_word q_msd;
#else
- mp_digit q_msd;
+ mp_digit q_msd;
#endif
- mp_err res;
- mp_digit d;
- mp_digit div_msd;
- int ix;
-
- if(mp_cmp_z(div) == 0)
- return MP_RANGE;
-
- DIGITS(&t) = 0;
- /* Shortcut if divisor is power of two */
- if((ix = s_mp_ispow2(div)) >= 0) {
- MP_CHECKOK( mp_copy(rem, quot) );
- s_mp_div_2d(quot, (mp_digit)ix);
- s_mp_mod_2d(rem, (mp_digit)ix);
-
- return MP_OKAY;
- }
+ mp_err res;
+ mp_digit d;
+ mp_digit div_msd;
+ int ix;
+
+ if (mp_cmp_z(div) == 0)
+ return MP_RANGE;
+
+ DIGITS(&t) = 0;
+ /* Shortcut if divisor is power of two */
+ if ((ix = s_mp_ispow2(div)) >= 0) {
+ MP_CHECKOK(mp_copy(rem, quot));
+ s_mp_div_2d(quot, (mp_digit)ix);
+ s_mp_mod_2d(rem, (mp_digit)ix);
+
+ return MP_OKAY;
+ }
- MP_SIGN(rem) = ZPOS;
- MP_SIGN(div) = ZPOS;
- MP_SIGN(&part) = ZPOS;
+ MP_SIGN(rem) = ZPOS;
+ MP_SIGN(div) = ZPOS;
+ MP_SIGN(&part) = ZPOS;
- /* A working temporary for division */
- MP_CHECKOK( mp_init_size(&t, MP_ALLOC(rem)));
+ /* A working temporary for division */
+ MP_CHECKOK(mp_init_size(&t, MP_ALLOC(rem)));
- /* Normalize to optimize guessing */
- MP_CHECKOK( s_mp_norm(rem, div, &d) );
+ /* Normalize to optimize guessing */
+ MP_CHECKOK(s_mp_norm(rem, div, &d));
- /* Perform the division itself...woo! */
- MP_USED(quot) = MP_ALLOC(quot);
+ /* Perform the division itself...woo! */
+ MP_USED(quot) = MP_ALLOC(quot);
- /* Find a partial substring of rem which is at least div */
- /* If we didn't find one, we're finished dividing */
- while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) {
- int i;
- int unusedRem;
- int partExtended = 0; /* set to true if we need to extend part */
+ /* Find a partial substring of rem which is at least div */
+ /* If we didn't find one, we're finished dividing */
+ while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) {
+ int i;
+ int unusedRem;
+ int partExtended = 0; /* set to true if we need to extend part */
- unusedRem = MP_USED(rem) - MP_USED(div);
- MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem;
- MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem;
- MP_USED(&part) = MP_USED(div);
+ unusedRem = MP_USED(rem) - MP_USED(div);
+ MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem;
+ MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem;
+ MP_USED(&part) = MP_USED(div);
- /* We have now truncated the part of the remainder to the same length as
+ /* We have now truncated the part of the remainder to the same length as
* the divisor. If part is smaller than div, extend part by one digit. */
- if (s_mp_cmp(&part, div) < 0) {
- -- unusedRem;
+ if (s_mp_cmp(&part, div) < 0) {
+ --unusedRem;
#if MP_ARGCHK == 2
- assert(unusedRem >= 0);
+ assert(unusedRem >= 0);
#endif
- -- MP_DIGITS(&part);
- ++ MP_USED(&part);
- ++ MP_ALLOC(&part);
- partExtended = 1;
- }
-
- /* Compute a guess for the next quotient digit */
- q_msd = MP_DIGIT(&part, MP_USED(&part) - 1);
- div_msd = MP_DIGIT(div, MP_USED(div) - 1);
- if (!partExtended) {
- /* In this case, q_msd /= div_msd is always 1. First, since div_msd is
+ --MP_DIGITS(&part);
+ ++MP_USED(&part);
+ ++MP_ALLOC(&part);
+ partExtended = 1;
+ }
+
+ /* Compute a guess for the next quotient digit */
+ q_msd = MP_DIGIT(&part, MP_USED(&part) - 1);
+ div_msd = MP_DIGIT(div, MP_USED(div) - 1);
+ if (!partExtended) {
+ /* In this case, q_msd /= div_msd is always 1. First, since div_msd is
* normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since
* we didn't extend part, q_msd >= div_msd. Therefore we know that
* div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we
* get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */
- q_msd = 1;
- } else {
+ q_msd = 1;
+ } else {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
- q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2);
- q_msd /= div_msd;
- if (q_msd == RADIX)
- --q_msd;
+ q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2);
+ q_msd /= div_msd;
+ if (q_msd == RADIX)
+ --q_msd;
#else
- if (q_msd == div_msd) {
- q_msd = MP_DIGIT_MAX;
- } else {
- mp_digit r;
- MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2),
- div_msd, &q_msd, &r) );
- }
+ if (q_msd == div_msd) {
+ q_msd = MP_DIGIT_MAX;
+ } else {
+ mp_digit r;
+ MP_CHECKOK(s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2),
+ div_msd, &q_msd, &r));
+ }
#endif
- }
+ }
#if MP_ARGCHK == 2
- assert(q_msd > 0); /* This case should never occur any more. */
+ assert(q_msd > 0); /* This case should never occur any more. */
#endif
- if (q_msd <= 0)
- break;
+ if (q_msd <= 0)
+ break;
- /* See what that multiplies out to */
- mp_copy(div, &t);
- MP_CHECKOK( s_mp_mul_d(&t, (mp_digit)q_msd) );
+ /* See what that multiplies out to */
+ mp_copy(div, &t);
+ MP_CHECKOK(s_mp_mul_d(&t, (mp_digit)q_msd));
- /*
+ /*
If it's too big, back it off. We should not have to do this
more than once, or, in rare cases, twice. Knuth describes a
method by which this could be reduced to a maximum of once, but
I didn't implement that here.
* When using s_mpv_div_2dx1d, we may have to do this 3 times.
*/
- for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) {
- --q_msd;
- MP_CHECKOK(s_mp_sub(&t, div)); /* t -= div */
- }
- if (i < 0) {
- res = MP_RANGE;
- goto CLEANUP;
- }
-
- /* At this point, q_msd should be the right next digit */
- MP_CHECKOK( s_mp_sub(&part, &t) ); /* part -= t */
- s_mp_clamp(rem);
-
- /*
+ for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) {
+ --q_msd;
+ MP_CHECKOK(s_mp_sub(&t, div)); /* t -= div */
+ }
+ if (i < 0) {
+ res = MP_RANGE;
+ goto CLEANUP;
+ }
+
+ /* At this point, q_msd should be the right next digit */
+ MP_CHECKOK(s_mp_sub(&part, &t)); /* part -= t */
+ s_mp_clamp(rem);
+
+ /*
Include the digit in the quotient. We allocated enough memory
for any quotient we could ever possibly get, so we should not
have to check for failures here
*/
- MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd;
- }
+ MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd;
+ }
- /* Denormalize remainder */
- if (d) {
- s_mp_div_2d(rem, d);
- }
+ /* Denormalize remainder */
+ if (d) {
+ s_mp_div_2d(rem, d);
+ }
- s_mp_clamp(quot);
+ s_mp_clamp(quot);
CLEANUP:
- mp_clear(&t);
+ mp_clear(&t);
- return res;
+ return res;
} /* end s_mp_div() */
-
/* }}} */
/* {{{ s_mp_2expt(a, k) */
-mp_err s_mp_2expt(mp_int *a, mp_digit k)
+mp_err
+s_mp_2expt(mp_int *a, mp_digit k)
{
- mp_err res;
- mp_size dig, bit;
+ mp_err res;
+ mp_size dig, bit;
- dig = k / DIGIT_BIT;
- bit = k % DIGIT_BIT;
+ dig = k / DIGIT_BIT;
+ bit = k % DIGIT_BIT;
- mp_zero(a);
- if((res = s_mp_pad(a, dig + 1)) != MP_OKAY)
- return res;
-
- DIGIT(a, dig) |= ((mp_digit)1 << bit);
+ mp_zero(a);
+ if ((res = s_mp_pad(a, dig + 1)) != MP_OKAY)
+ return res;
+
+ DIGIT(a, dig) |= ((mp_digit)1 << bit);
- return MP_OKAY;
+ return MP_OKAY;
} /* end s_mp_2expt() */
@@ -4301,51 +4404,52 @@ mp_err s_mp_2expt(mp_int *a, mp_digit k)
This algorithm was derived from the _Handbook of Applied
Cryptography_ by Menezes, Oorschot and VanStone, Ch. 14,
- pp. 603-604.
+ pp. 603-604.
*/
-mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu)
+mp_err
+s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu)
{
- mp_int q;
- mp_err res;
+ mp_int q;
+ mp_err res;
- if((res = mp_init_copy(&q, x)) != MP_OKAY)
- return res;
+ if ((res = mp_init_copy(&q, x)) != MP_OKAY)
+ return res;
- s_mp_rshd(&q, USED(m) - 1); /* q1 = x / b^(k-1) */
- s_mp_mul(&q, mu); /* q2 = q1 * mu */
- s_mp_rshd(&q, USED(m) + 1); /* q3 = q2 / b^(k+1) */
+ s_mp_rshd(&q, USED(m) - 1); /* q1 = x / b^(k-1) */
+ s_mp_mul(&q, mu); /* q2 = q1 * mu */
+ s_mp_rshd(&q, USED(m) + 1); /* q3 = q2 / b^(k+1) */
- /* x = x mod b^(k+1), quick (no division) */
- s_mp_mod_2d(x, DIGIT_BIT * (USED(m) + 1));
+ /* x = x mod b^(k+1), quick (no division) */
+ s_mp_mod_2d(x, DIGIT_BIT * (USED(m) + 1));
- /* q = q * m mod b^(k+1), quick (no division) */
- s_mp_mul(&q, m);
- s_mp_mod_2d(&q, DIGIT_BIT * (USED(m) + 1));
+ /* q = q * m mod b^(k+1), quick (no division) */
+ s_mp_mul(&q, m);
+ s_mp_mod_2d(&q, DIGIT_BIT * (USED(m) + 1));
- /* x = x - q */
- if((res = mp_sub(x, &q, x)) != MP_OKAY)
- goto CLEANUP;
+ /* x = x - q */
+ if ((res = mp_sub(x, &q, x)) != MP_OKAY)
+ goto CLEANUP;
- /* If x < 0, add b^(k+1) to it */
- if(mp_cmp_z(x) < 0) {
- mp_set(&q, 1);
- if((res = s_mp_lshd(&q, USED(m) + 1)) != MP_OKAY)
- goto CLEANUP;
- if((res = mp_add(x, &q, x)) != MP_OKAY)
- goto CLEANUP;
- }
+ /* If x < 0, add b^(k+1) to it */
+ if (mp_cmp_z(x) < 0) {
+ mp_set(&q, 1);
+ if ((res = s_mp_lshd(&q, USED(m) + 1)) != MP_OKAY)
+ goto CLEANUP;
+ if ((res = mp_add(x, &q, x)) != MP_OKAY)
+ goto CLEANUP;
+ }
- /* Back off if it's too big */
- while(mp_cmp(x, m) >= 0) {
- if((res = s_mp_sub(x, m)) != MP_OKAY)
- break;
- }
+ /* Back off if it's too big */
+ while (mp_cmp(x, m) >= 0) {
+ if ((res = s_mp_sub(x, m)) != MP_OKAY)
+ break;
+ }
- CLEANUP:
- mp_clear(&q);
+CLEANUP:
+ mp_clear(&q);
- return res;
+ return res;
} /* end s_mp_reduce() */
@@ -4358,47 +4462,50 @@ mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu)
/* {{{ s_mp_cmp(a, b) */
/* Compare |a| <=> |b|, return 0 if equal, <0 if a<b, >0 if a>b */
-int s_mp_cmp(const mp_int *a, const mp_int *b)
+int
+s_mp_cmp(const mp_int *a, const mp_int *b)
{
- mp_size used_a = MP_USED(a);
- {
- mp_size used_b = MP_USED(b);
-
- if (used_a > used_b)
- goto IS_GT;
- if (used_a < used_b)
- goto IS_LT;
- }
- {
- mp_digit *pa, *pb;
- mp_digit da = 0, db = 0;
-
-#define CMP_AB(n) if ((da = pa[n]) != (db = pb[n])) goto done
-
- pa = MP_DIGITS(a) + used_a;
- pb = MP_DIGITS(b) + used_a;
- while (used_a >= 4) {
- pa -= 4;
- pb -= 4;
- used_a -= 4;
- CMP_AB(3);
- CMP_AB(2);
- CMP_AB(1);
- CMP_AB(0);
- }
- while (used_a-- > 0 && ((da = *--pa) == (db = *--pb)))
- /* do nothing */;
-done:
- if (da > db)
- goto IS_GT;
- if (da < db)
- goto IS_LT;
- }
- return MP_EQ;
+ mp_size used_a = MP_USED(a);
+ {
+ mp_size used_b = MP_USED(b);
+
+ if (used_a > used_b)
+ goto IS_GT;
+ if (used_a < used_b)
+ goto IS_LT;
+ }
+ {
+ mp_digit *pa, *pb;
+ mp_digit da = 0, db = 0;
+
+#define CMP_AB(n) \
+ if ((da = pa[n]) != (db = pb[n])) \
+ goto done
+
+ pa = MP_DIGITS(a) + used_a;
+ pb = MP_DIGITS(b) + used_a;
+ while (used_a >= 4) {
+ pa -= 4;
+ pb -= 4;
+ used_a -= 4;
+ CMP_AB(3);
+ CMP_AB(2);
+ CMP_AB(1);
+ CMP_AB(0);
+ }
+ while (used_a-- > 0 && ((da = *--pa) == (db = *--pb)))
+ /* do nothing */;
+ done:
+ if (da > db)
+ goto IS_GT;
+ if (da < db)
+ goto IS_LT;
+ }
+ return MP_EQ;
IS_LT:
- return MP_LT;
+ return MP_LT;
IS_GT:
- return MP_GT;
+ return MP_GT;
} /* end s_mp_cmp() */
/* }}} */
@@ -4406,17 +4513,18 @@ IS_GT:
/* {{{ s_mp_cmp_d(a, d) */
/* Compare |a| <=> d, return 0 if equal, <0 if a<d, >0 if a>d */
-int s_mp_cmp_d(const mp_int *a, mp_digit d)
+int
+s_mp_cmp_d(const mp_int *a, mp_digit d)
{
- if(USED(a) > 1)
- return MP_GT;
+ if (USED(a) > 1)
+ return MP_GT;
- if(DIGIT(a, 0) < d)
- return MP_LT;
- else if(DIGIT(a, 0) > d)
- return MP_GT;
- else
- return MP_EQ;
+ if (DIGIT(a, 0) < d)
+ return MP_LT;
+ else if (DIGIT(a, 0) > d)
+ return MP_GT;
+ else
+ return MP_EQ;
} /* end s_mp_cmp_d() */
@@ -4428,25 +4536,26 @@ int s_mp_cmp_d(const mp_int *a, mp_digit d)
Returns -1 if the value is not a power of two; otherwise, it returns
k such that v = 2^k, i.e. lg(v).
*/
-int s_mp_ispow2(const mp_int *v)
+int
+s_mp_ispow2(const mp_int *v)
{
- mp_digit d;
- int extra = 0, ix;
+ mp_digit d;
+ int extra = 0, ix;
- ix = MP_USED(v) - 1;
- d = MP_DIGIT(v, ix); /* most significant digit of v */
+ ix = MP_USED(v) - 1;
+ d = MP_DIGIT(v, ix); /* most significant digit of v */
- extra = s_mp_ispow2d(d);
- if (extra < 0 || ix == 0)
- return extra;
+ extra = s_mp_ispow2d(d);
+ if (extra < 0 || ix == 0)
+ return extra;
- while (--ix >= 0) {
- if (DIGIT(v, ix) != 0)
- return -1; /* not a power of two */
- extra += MP_DIGIT_BIT;
- }
+ while (--ix >= 0) {
+ if (DIGIT(v, ix) != 0)
+ return -1; /* not a power of two */
+ extra += MP_DIGIT_BIT;
+ }
- return extra;
+ return extra;
} /* end s_mp_ispow2() */
@@ -4454,53 +4563,54 @@ int s_mp_ispow2(const mp_int *v)
/* {{{ s_mp_ispow2d(d) */
-int s_mp_ispow2d(mp_digit d)
+int
+s_mp_ispow2d(mp_digit d)
{
- if ((d != 0) && ((d & (d-1)) == 0)) { /* d is a power of 2 */
- int pow = 0;
-#if defined (MP_USE_UINT_DIGIT)
- if (d & 0xffff0000U)
- pow += 16;
- if (d & 0xff00ff00U)
- pow += 8;
- if (d & 0xf0f0f0f0U)
- pow += 4;
- if (d & 0xccccccccU)
- pow += 2;
- if (d & 0xaaaaaaaaU)
- pow += 1;
+ if ((d != 0) && ((d & (d - 1)) == 0)) { /* d is a power of 2 */
+ int pow = 0;
+#if defined(MP_USE_UINT_DIGIT)
+ if (d & 0xffff0000U)
+ pow += 16;
+ if (d & 0xff00ff00U)
+ pow += 8;
+ if (d & 0xf0f0f0f0U)
+ pow += 4;
+ if (d & 0xccccccccU)
+ pow += 2;
+ if (d & 0xaaaaaaaaU)
+ pow += 1;
#elif defined(MP_USE_LONG_LONG_DIGIT)
- if (d & 0xffffffff00000000ULL)
- pow += 32;
- if (d & 0xffff0000ffff0000ULL)
- pow += 16;
- if (d & 0xff00ff00ff00ff00ULL)
- pow += 8;
- if (d & 0xf0f0f0f0f0f0f0f0ULL)
- pow += 4;
- if (d & 0xccccccccccccccccULL)
- pow += 2;
- if (d & 0xaaaaaaaaaaaaaaaaULL)
- pow += 1;
+ if (d & 0xffffffff00000000ULL)
+ pow += 32;
+ if (d & 0xffff0000ffff0000ULL)
+ pow += 16;
+ if (d & 0xff00ff00ff00ff00ULL)
+ pow += 8;
+ if (d & 0xf0f0f0f0f0f0f0f0ULL)
+ pow += 4;
+ if (d & 0xccccccccccccccccULL)
+ pow += 2;
+ if (d & 0xaaaaaaaaaaaaaaaaULL)
+ pow += 1;
#elif defined(MP_USE_LONG_DIGIT)
- if (d & 0xffffffff00000000UL)
- pow += 32;
- if (d & 0xffff0000ffff0000UL)
- pow += 16;
- if (d & 0xff00ff00ff00ff00UL)
- pow += 8;
- if (d & 0xf0f0f0f0f0f0f0f0UL)
- pow += 4;
- if (d & 0xccccccccccccccccUL)
- pow += 2;
- if (d & 0xaaaaaaaaaaaaaaaaUL)
- pow += 1;
+ if (d & 0xffffffff00000000UL)
+ pow += 32;
+ if (d & 0xffff0000ffff0000UL)
+ pow += 16;
+ if (d & 0xff00ff00ff00ff00UL)
+ pow += 8;
+ if (d & 0xf0f0f0f0f0f0f0f0UL)
+ pow += 4;
+ if (d & 0xccccccccccccccccUL)
+ pow += 2;
+ if (d & 0xaaaaaaaaaaaaaaaaUL)
+ pow += 1;
#else
#error "unknown type for mp_digit"
#endif
- return pow;
- }
- return -1;
+ return pow;
+ }
+ return -1;
} /* end s_mp_ispow2d() */
@@ -4520,32 +4630,33 @@ int s_mp_ispow2d(mp_digit d)
The results will be odd if you use a radix < 2 or > 62, you are
expected to know what you're up to.
*/
-int s_mp_tovalue(char ch, int r)
+int
+s_mp_tovalue(char ch, int r)
{
- int val, xch;
-
- if(r > 36)
- xch = ch;
- else
- xch = toupper(ch);
-
- if(isdigit(xch))
- val = xch - '0';
- else if(isupper(xch))
- val = xch - 'A' + 10;
- else if(islower(xch))
- val = xch - 'a' + 36;
- else if(xch == '+')
- val = 62;
- else if(xch == '/')
- val = 63;
- else
- return -1;
+ int val, xch;
- if(val < 0 || val >= r)
- return -1;
+ if (r > 36)
+ xch = ch;
+ else
+ xch = toupper(ch);
+
+ if (isdigit(xch))
+ val = xch - '0';
+ else if (isupper(xch))
+ val = xch - 'A' + 10;
+ else if (islower(xch))
+ val = xch - 'a' + 36;
+ else if (xch == '+')
+ val = 62;
+ else if (xch == '/')
+ val = 63;
+ else
+ return -1;
+
+ if (val < 0 || val >= r)
+ return -1;
- return val;
+ return val;
} /* end s_mp_tovalue() */
@@ -4561,20 +4672,21 @@ int s_mp_tovalue(char ch, int r)
The results may be odd if you use a radix < 2 or > 64, you are
expected to know what you're doing.
*/
-
-char s_mp_todigit(mp_digit val, int r, int low)
+
+char
+s_mp_todigit(mp_digit val, int r, int low)
{
- char ch;
+ char ch;
- if(val >= r)
- return 0;
+ if (val >= r)
+ return 0;
- ch = s_dmap_1[val];
+ ch = s_dmap_1[val];
- if(r <= 36 && low)
- ch = tolower(ch);
+ if (r <= 36 && low)
+ ch = tolower(ch);
- return ch;
+ return ch;
} /* end s_mp_todigit() */
@@ -4582,14 +4694,15 @@ char s_mp_todigit(mp_digit val, int r, int low)
/* {{{ s_mp_outlen(bits, radix) */
-/*
+/*
Return an estimate for how long a string is needed to hold a radix
r representation of a number with 'bits' significant bits, plus an
extra for a zero terminator (assuming C style strings here)
*/
-int s_mp_outlen(int bits, int r)
+int
+s_mp_outlen(int bits, int r)
{
- return (int)((double)bits * LOG_V_2(r) + 1.5) + 1;
+ return (int)((double)bits * LOG_V_2(r) + 1.5) + 1;
} /* end s_mp_outlen() */
@@ -4603,40 +4716,40 @@ int s_mp_outlen(int bits, int r)
No sign bit, number is positive. Leading zeros ignored.
*/
-mp_err
+mp_err
mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len)
{
- int count;
- mp_err res;
- mp_digit d;
+ int count;
+ mp_err res;
+ mp_digit d;
- ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
+ ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
- mp_zero(mp);
+ mp_zero(mp);
- count = len % sizeof(mp_digit);
- if (count) {
- for (d = 0; count-- > 0; --len) {
- d = (d << 8) | *str++;
+ count = len % sizeof(mp_digit);
+ if (count) {
+ for (d = 0; count-- > 0; --len) {
+ d = (d << 8) | *str++;
+ }
+ MP_DIGIT(mp, 0) = d;
}
- MP_DIGIT(mp, 0) = d;
- }
- /* Read the rest of the digits */
- for(; len > 0; len -= sizeof(mp_digit)) {
- for (d = 0, count = sizeof(mp_digit); count > 0; --count) {
- d = (d << 8) | *str++;
+ /* Read the rest of the digits */
+ for (; len > 0; len -= sizeof(mp_digit)) {
+ for (d = 0, count = sizeof(mp_digit); count > 0; --count) {
+ d = (d << 8) | *str++;
+ }
+ if (MP_EQ == mp_cmp_z(mp)) {
+ if (!d)
+ continue;
+ } else {
+ if ((res = s_mp_lshd(mp, 1)) != MP_OKAY)
+ return res;
+ }
+ MP_DIGIT(mp, 0) = d;
}
- if (MP_EQ == mp_cmp_z(mp)) {
- if (!d)
- continue;
- } else {
- if((res = s_mp_lshd(mp, 1)) != MP_OKAY)
- return res;
- }
- MP_DIGIT(mp, 0) = d;
- }
- return MP_OKAY;
+ return MP_OKAY;
} /* end mp_read_unsigned_octets() */
/* }}} */
@@ -4644,146 +4757,145 @@ mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len)
unsigned int
mp_unsigned_octet_size(const mp_int *mp)
{
- unsigned int bytes;
- int ix;
- mp_digit d = 0;
-
- ARGCHK(mp != NULL, MP_BADARG);
- ARGCHK(MP_ZPOS == SIGN(mp), MP_BADARG);
-
- bytes = (USED(mp) * sizeof(mp_digit));
-
- /* subtract leading zeros. */
- /* Iterate over each digit... */
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- d = DIGIT(mp, ix);
- if (d)
- break;
- bytes -= sizeof(d);
- }
- if (!bytes)
- return 1;
-
- /* Have MSD, check digit bytes, high order first */
- for(ix = sizeof(mp_digit) - 1; ix >= 0; ix--) {
- unsigned char x = (unsigned char)(d >> (ix * CHAR_BIT));
- if (x)
- break;
- --bytes;
- }
- return bytes;
+ unsigned int bytes;
+ int ix;
+ mp_digit d = 0;
+
+ ARGCHK(mp != NULL, MP_BADARG);
+ ARGCHK(MP_ZPOS == SIGN(mp), MP_BADARG);
+
+ bytes = (USED(mp) * sizeof(mp_digit));
+
+ /* subtract leading zeros. */
+ /* Iterate over each digit... */
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ d = DIGIT(mp, ix);
+ if (d)
+ break;
+ bytes -= sizeof(d);
+ }
+ if (!bytes)
+ return 1;
+
+ /* Have MSD, check digit bytes, high order first */
+ for (ix = sizeof(mp_digit) - 1; ix >= 0; ix--) {
+ unsigned char x = (unsigned char)(d >> (ix * CHAR_BIT));
+ if (x)
+ break;
+ --bytes;
+ }
+ return bytes;
} /* end mp_unsigned_octet_size() */
/* }}} */
/* {{{ mp_to_unsigned_octets(mp, str) */
/* output a buffer of big endian octets no longer than specified. */
-mp_err
+mp_err
mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
{
- int ix, pos = 0;
- unsigned int bytes;
-
- ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
-
- bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes <= maxlen, MP_BADARG);
-
- /* Iterate over each digit... */
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- mp_digit d = DIGIT(mp, ix);
- int jx;
-
- /* Unpack digit bytes, high order first */
- for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
- unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
- if (!pos && !x) /* suppress leading zeros */
- continue;
- str[pos++] = x;
- }
- }
- if (!pos)
- str[pos++] = 0;
- return pos;
+ int ix, pos = 0;
+ unsigned int bytes;
+
+ ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+ bytes = mp_unsigned_octet_size(mp);
+ ARGCHK(bytes <= maxlen, MP_BADARG);
+
+ /* Iterate over each digit... */
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ mp_digit d = DIGIT(mp, ix);
+ int jx;
+
+ /* Unpack digit bytes, high order first */
+ for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+ unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+ if (!pos && !x) /* suppress leading zeros */
+ continue;
+ str[pos++] = x;
+ }
+ }
+ if (!pos)
+ str[pos++] = 0;
+ return pos;
} /* end mp_to_unsigned_octets() */
/* }}} */
/* {{{ mp_to_signed_octets(mp, str) */
/* output a buffer of big endian octets no longer than specified. */
-mp_err
+mp_err
mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
{
- int ix, pos = 0;
- unsigned int bytes;
-
- ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
-
- bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes <= maxlen, MP_BADARG);
-
- /* Iterate over each digit... */
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- mp_digit d = DIGIT(mp, ix);
- int jx;
-
- /* Unpack digit bytes, high order first */
- for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
- unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
- if (!pos) {
- if (!x) /* suppress leading zeros */
- continue;
- if (x & 0x80) { /* add one leading zero to make output positive. */
- ARGCHK(bytes + 1 <= maxlen, MP_BADARG);
- if (bytes + 1 > maxlen)
- return MP_BADARG;
- str[pos++] = 0;
- }
- }
- str[pos++] = x;
- }
- }
- if (!pos)
- str[pos++] = 0;
- return pos;
+ int ix, pos = 0;
+ unsigned int bytes;
+
+ ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+ bytes = mp_unsigned_octet_size(mp);
+ ARGCHK(bytes <= maxlen, MP_BADARG);
+
+ /* Iterate over each digit... */
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ mp_digit d = DIGIT(mp, ix);
+ int jx;
+
+ /* Unpack digit bytes, high order first */
+ for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+ unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+ if (!pos) {
+ if (!x) /* suppress leading zeros */
+ continue;
+ if (x & 0x80) { /* add one leading zero to make output positive. */
+ ARGCHK(bytes + 1 <= maxlen, MP_BADARG);
+ if (bytes + 1 > maxlen)
+ return MP_BADARG;
+ str[pos++] = 0;
+ }
+ }
+ str[pos++] = x;
+ }
+ }
+ if (!pos)
+ str[pos++] = 0;
+ return pos;
} /* end mp_to_signed_octets() */
/* }}} */
/* {{{ mp_to_fixlen_octets(mp, str) */
/* output a buffer of big endian octets exactly as long as requested. */
-mp_err
+mp_err
mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length)
{
- int ix, pos = 0;
- unsigned int bytes;
-
- ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
-
- bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes <= length, MP_BADARG);
-
- /* place any needed leading zeros */
- for (;length > bytes; --length) {
- *str++ = 0;
- }
-
- /* Iterate over each digit... */
- for(ix = USED(mp) - 1; ix >= 0; ix--) {
- mp_digit d = DIGIT(mp, ix);
- int jx;
-
- /* Unpack digit bytes, high order first */
- for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
- unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
- if (!pos && !x) /* suppress leading zeros */
- continue;
- str[pos++] = x;
- }
- }
- if (!pos)
- str[pos++] = 0;
- return MP_OKAY;
+ int ix, pos = 0;
+ unsigned int bytes;
+
+ ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+ bytes = mp_unsigned_octet_size(mp);
+ ARGCHK(bytes <= length, MP_BADARG);
+
+ /* place any needed leading zeros */
+ for (; length > bytes; --length) {
+ *str++ = 0;
+ }
+
+ /* Iterate over each digit... */
+ for (ix = USED(mp) - 1; ix >= 0; ix--) {
+ mp_digit d = DIGIT(mp, ix);
+ int jx;
+
+ /* Unpack digit bytes, high order first */
+ for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+ unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+ if (!pos && !x) /* suppress leading zeros */
+ continue;
+ str[pos++] = x;
+ }
+ }
+ if (!pos)
+ str[pos++] = 0;
+ return MP_OKAY;
} /* end mp_to_fixlen_octets() */
/* }}} */
-
/*------------------------------------------------------------------------*/
/* HERE THERE BE DRAGONS */
diff --git a/lib/freebl/mpi/mpi.h b/lib/freebl/mpi/mpi.h
index 9776d4949..3cc87a6fa 100644
--- a/lib/freebl/mpi/mpi.h
+++ b/lib/freebl/mpi/mpi.h
@@ -30,25 +30,25 @@
#include <sys/types.h>
-#define MP_NEG 1
-#define MP_ZPOS 0
-
-#define MP_OKAY 0 /* no error, all is well */
-#define MP_YES 0 /* yes (boolean result) */
-#define MP_NO -1 /* no (boolean result) */
-#define MP_MEM -2 /* out of memory */
-#define MP_RANGE -3 /* argument out of range */
-#define MP_BADARG -4 /* invalid parameter */
-#define MP_UNDEF -5 /* answer is undefined */
-#define MP_LAST_CODE MP_UNDEF
-
-typedef unsigned int mp_sign;
-typedef unsigned int mp_size;
-typedef int mp_err;
+#define MP_NEG 1
+#define MP_ZPOS 0
+
+#define MP_OKAY 0 /* no error, all is well */
+#define MP_YES 0 /* yes (boolean result) */
+#define MP_NO -1 /* no (boolean result) */
+#define MP_MEM -2 /* out of memory */
+#define MP_RANGE -3 /* argument out of range */
+#define MP_BADARG -4 /* invalid parameter */
+#define MP_UNDEF -5 /* answer is undefined */
+#define MP_LAST_CODE MP_UNDEF
+
+typedef unsigned int mp_sign;
+typedef unsigned int mp_size;
+typedef int mp_err;
#define MP_32BIT_MAX 4294967295U
-#if !defined(ULONG_MAX)
+#if !defined(ULONG_MAX)
#error "ULONG_MAX not defined"
#elif !defined(UINT_MAX)
#error "UINT_MAX not defined"
@@ -56,119 +56,118 @@ typedef int mp_err;
#error "USHRT_MAX not defined"
#endif
-#if defined(ULLONG_MAX) /* C99, Solaris */
+#if defined(ULLONG_MAX) /* C99, Solaris */
#define MP_ULONG_LONG_MAX ULLONG_MAX
/* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */
-#elif defined(ULONG_LONG_MAX) /* HPUX */
+#elif defined(ULONG_LONG_MAX) /* HPUX */
#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
-#elif defined(ULONGLONG_MAX) /* IRIX, AIX */
+#elif defined(ULONGLONG_MAX) /* IRIX, AIX */
#define MP_ULONG_LONG_MAX ULONGLONG_MAX
#endif
/* We only use unsigned long for mp_digit iff long is more than 32 bits. */
#if !defined(MP_USE_UINT_DIGIT) && ULONG_MAX > MP_32BIT_MAX
-typedef unsigned long mp_digit;
-#define MP_DIGIT_MAX ULONG_MAX
-#define MP_DIGIT_FMT "%016lX" /* printf() format for 1 digit */
+typedef unsigned long mp_digit;
+#define MP_DIGIT_MAX ULONG_MAX
+#define MP_DIGIT_FMT "%016lX" /* printf() format for 1 digit */
#define MP_HALF_DIGIT_MAX UINT_MAX
-#undef MP_NO_MP_WORD
+#undef MP_NO_MP_WORD
#define MP_NO_MP_WORD 1
-#undef MP_USE_LONG_DIGIT
+#undef MP_USE_LONG_DIGIT
#define MP_USE_LONG_DIGIT 1
-#undef MP_USE_LONG_LONG_DIGIT
+#undef MP_USE_LONG_LONG_DIGIT
-#elif !defined(MP_USE_UINT_DIGIT) && defined(MP_ULONG_LONG_MAX)
+#elif !defined(MP_USE_UINT_DIGIT) && defined(MP_ULONG_LONG_MAX)
typedef unsigned long long mp_digit;
-#define MP_DIGIT_MAX MP_ULONG_LONG_MAX
-#define MP_DIGIT_FMT "%016llX" /* printf() format for 1 digit */
-#define MP_HALF_DIGIT_MAX UINT_MAX
-#undef MP_NO_MP_WORD
+#define MP_DIGIT_MAX MP_ULONG_LONG_MAX
+#define MP_DIGIT_FMT "%016llX" /* printf() format for 1 digit */
+#define MP_HALF_DIGIT_MAX UINT_MAX
+#undef MP_NO_MP_WORD
#define MP_NO_MP_WORD 1
-#undef MP_USE_LONG_LONG_DIGIT
+#undef MP_USE_LONG_LONG_DIGIT
#define MP_USE_LONG_LONG_DIGIT 1
-#undef MP_USE_LONG_DIGIT
+#undef MP_USE_LONG_DIGIT
#else
-typedef unsigned int mp_digit;
-#define MP_DIGIT_MAX UINT_MAX
-#define MP_DIGIT_FMT "%08X" /* printf() format for 1 digit */
+typedef unsigned int mp_digit;
+#define MP_DIGIT_MAX UINT_MAX
+#define MP_DIGIT_FMT "%08X" /* printf() format for 1 digit */
#define MP_HALF_DIGIT_MAX USHRT_MAX
-#undef MP_USE_UINT_DIGIT
+#undef MP_USE_UINT_DIGIT
#define MP_USE_UINT_DIGIT 1
-#undef MP_USE_LONG_LONG_DIGIT
-#undef MP_USE_LONG_DIGIT
+#undef MP_USE_LONG_LONG_DIGIT
+#undef MP_USE_LONG_DIGIT
#endif
-#if !defined(MP_NO_MP_WORD)
-#if defined(MP_USE_UINT_DIGIT) && \
+#if !defined(MP_NO_MP_WORD)
+#if defined(MP_USE_UINT_DIGIT) && \
(defined(MP_ULONG_LONG_MAX) || (ULONG_MAX > UINT_MAX))
#if (ULONG_MAX > UINT_MAX)
-typedef unsigned long mp_word;
-typedef long mp_sword;
-#define MP_WORD_MAX ULONG_MAX
+typedef unsigned long mp_word;
+typedef long mp_sword;
+#define MP_WORD_MAX ULONG_MAX
#else
typedef unsigned long long mp_word;
-typedef long long mp_sword;
-#define MP_WORD_MAX MP_ULONG_LONG_MAX
+typedef long long mp_sword;
+#define MP_WORD_MAX MP_ULONG_LONG_MAX
#endif
-#else
+#else
#define MP_NO_MP_WORD 1
#endif
#endif /* !defined(MP_NO_MP_WORD) */
#if !defined(MP_WORD_MAX) && defined(MP_DEFINE_SMALL_WORD)
-typedef unsigned int mp_word;
-typedef int mp_sword;
-#define MP_WORD_MAX UINT_MAX
+typedef unsigned int mp_word;
+typedef int mp_sword;
+#define MP_WORD_MAX UINT_MAX
#endif
-#define MP_DIGIT_BIT (CHAR_BIT*sizeof(mp_digit))
-#define MP_WORD_BIT (CHAR_BIT*sizeof(mp_word))
-#define MP_RADIX (1+(mp_word)MP_DIGIT_MAX)
+#define MP_DIGIT_BIT (CHAR_BIT * sizeof(mp_digit))
+#define MP_WORD_BIT (CHAR_BIT * sizeof(mp_word))
+#define MP_RADIX (1 + (mp_word)MP_DIGIT_MAX)
-#define MP_HALF_DIGIT_BIT (MP_DIGIT_BIT/2)
-#define MP_HALF_RADIX (1+(mp_digit)MP_HALF_DIGIT_MAX)
-/* MP_HALF_RADIX really ought to be called MP_SQRT_RADIX, but it's named
-** MP_HALF_RADIX because it's the radix for MP_HALF_DIGITs, and it's
+#define MP_HALF_DIGIT_BIT (MP_DIGIT_BIT / 2)
+#define MP_HALF_RADIX (1 + (mp_digit)MP_HALF_DIGIT_MAX)
+/* MP_HALF_RADIX really ought to be called MP_SQRT_RADIX, but it's named
+** MP_HALF_RADIX because it's the radix for MP_HALF_DIGITs, and it's
** consistent with the other _HALF_ names.
*/
-
/* Macros for accessing the mp_int internals */
-#define MP_SIGN(MP) ((MP)->sign)
-#define MP_USED(MP) ((MP)->used)
-#define MP_ALLOC(MP) ((MP)->alloc)
-#define MP_DIGITS(MP) ((MP)->dp)
-#define MP_DIGIT(MP,N) (MP)->dp[(N)]
+#define MP_SIGN(MP) ((MP)->sign)
+#define MP_USED(MP) ((MP)->used)
+#define MP_ALLOC(MP) ((MP)->alloc)
+#define MP_DIGITS(MP) ((MP)->dp)
+#define MP_DIGIT(MP, N) (MP)->dp[(N)]
/* This defines the maximum I/O base (minimum is 2) */
-#define MP_MAX_RADIX 64
+#define MP_MAX_RADIX 64
typedef struct {
- mp_sign sign; /* sign of this quantity */
- mp_size alloc; /* how many digits allocated */
- mp_size used; /* how many digits used */
- mp_digit *dp; /* the digits themselves */
+ mp_sign sign; /* sign of this quantity */
+ mp_size alloc; /* how many digits allocated */
+ mp_size used; /* how many digits used */
+ mp_digit *dp; /* the digits themselves */
} mp_int;
/* Default precision */
mp_size mp_get_prec(void);
-void mp_set_prec(mp_size prec);
+void mp_set_prec(mp_size prec);
/* Memory management */
mp_err mp_init(mp_int *mp);
mp_err mp_init_size(mp_int *mp, mp_size prec);
mp_err mp_init_copy(mp_int *mp, const mp_int *from);
mp_err mp_copy(const mp_int *from, mp_int *to);
-void mp_exch(mp_int *mp1, mp_int *mp2);
-void mp_clear(mp_int *mp);
-void mp_zero(mp_int *mp);
-void mp_set(mp_int *mp, mp_digit d);
+void mp_exch(mp_int *mp1, mp_int *mp2);
+void mp_clear(mp_int *mp);
+void mp_zero(mp_int *mp);
+void mp_set(mp_int *mp, mp_digit d);
mp_err mp_set_int(mp_int *mp, long z);
-#define mp_set_long(mp,z) mp_set_int(mp,z)
+#define mp_set_long(mp, z) mp_set_int(mp, z)
mp_err mp_set_ulong(mp_int *mp, unsigned long z);
/* Single digit arithmetic */
@@ -216,12 +215,12 @@ mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c);
#endif /* MP_MODARITH */
/* Comparisons */
-int mp_cmp_z(const mp_int *a);
-int mp_cmp_d(const mp_int *a, mp_digit d);
-int mp_cmp(const mp_int *a, const mp_int *b);
-int mp_cmp_mag(const mp_int *a, const mp_int *b);
-int mp_isodd(const mp_int *a);
-int mp_iseven(const mp_int *a);
+int mp_cmp_z(const mp_int *a);
+int mp_cmp_d(const mp_int *a, mp_digit d);
+int mp_cmp(const mp_int *a, const mp_int *b);
+int mp_cmp_mag(const mp_int *a, const mp_int *b);
+int mp_isodd(const mp_int *a);
+int mp_iseven(const mp_int *a);
/* Number theoretic */
#if MP_NUMTH
@@ -234,26 +233,26 @@ mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c);
/* Input and output */
#if MP_IOFUNC
-void mp_print(mp_int *mp, FILE *ofp);
+void mp_print(mp_int *mp, FILE *ofp);
#endif /* end MP_IOFUNC */
/* Base conversion */
mp_err mp_read_raw(mp_int *mp, char *str, int len);
-int mp_raw_size(mp_int *mp);
+int mp_raw_size(mp_int *mp);
mp_err mp_toraw(mp_int *mp, char *str);
mp_err mp_read_radix(mp_int *mp, const char *str, int radix);
-mp_err mp_read_variable_radix(mp_int *a, const char * str, int default_radix);
-int mp_radix_size(mp_int *mp, int radix);
+mp_err mp_read_variable_radix(mp_int *a, const char *str, int default_radix);
+int mp_radix_size(mp_int *mp, int radix);
mp_err mp_toradix(mp_int *mp, char *str, int radix);
-int mp_tovalue(char ch, int r);
+int mp_tovalue(char ch, int r);
-#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
-#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
+#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
+#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
-#define mp_tohex(M, S) mp_toradix((M), (S), 16)
+#define mp_tohex(M, S) mp_toradix((M), (S), 16)
/* Error strings */
-const char *mp_strerror(mp_err ec);
+const char *mp_strerror(mp_err ec);
/* Octet string conversion functions */
mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len);
@@ -265,34 +264,42 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len);
/* Miscellaneous */
mp_size mp_trailing_zeros(const mp_int *mp);
void freebl_cpuid(unsigned long op, unsigned long *eax,
- unsigned long *ebx, unsigned long *ecx,
- unsigned long *edx);
-
+ unsigned long *ebx, unsigned long *ecx,
+ unsigned long *edx);
-#define MP_CHECKOK(x) if (MP_OKAY > (res = (x))) goto CLEANUP
-#define MP_CHECKERR(x) if (MP_OKAY > (res = (x))) goto CLEANUP
+#define MP_CHECKOK(x) \
+ if (MP_OKAY > (res = (x))) \
+ goto CLEANUP
+#define MP_CHECKERR(x) \
+ if (MP_OKAY > (res = (x))) \
+ goto CLEANUP
#if defined(MP_API_COMPATIBLE)
-#define NEG MP_NEG
-#define ZPOS MP_ZPOS
-#define DIGIT_MAX MP_DIGIT_MAX
-#define DIGIT_BIT MP_DIGIT_BIT
-#define DIGIT_FMT MP_DIGIT_FMT
-#define RADIX MP_RADIX
-#define MAX_RADIX MP_MAX_RADIX
-#define SIGN(MP) MP_SIGN(MP)
-#define USED(MP) MP_USED(MP)
-#define ALLOC(MP) MP_ALLOC(MP)
-#define DIGITS(MP) MP_DIGITS(MP)
-#define DIGIT(MP,N) MP_DIGIT(MP,N)
+#define NEG MP_NEG
+#define ZPOS MP_ZPOS
+#define DIGIT_MAX MP_DIGIT_MAX
+#define DIGIT_BIT MP_DIGIT_BIT
+#define DIGIT_FMT MP_DIGIT_FMT
+#define RADIX MP_RADIX
+#define MAX_RADIX MP_MAX_RADIX
+#define SIGN(MP) MP_SIGN(MP)
+#define USED(MP) MP_USED(MP)
+#define ALLOC(MP) MP_ALLOC(MP)
+#define DIGITS(MP) MP_DIGITS(MP)
+#define DIGIT(MP, N) MP_DIGIT(MP, N)
#if MP_ARGCHK == 1
-#define ARGCHK(X,Y) {if(!(X)){return (Y);}}
+#define ARGCHK(X, Y) \
+ { \
+ if (!(X)) { \
+ return (Y); \
+ } \
+ }
#elif MP_ARGCHK == 2
#include <assert.h>
-#define ARGCHK(X,Y) assert(X)
+#define ARGCHK(X, Y) assert(X)
#else
-#define ARGCHK(X,Y) /* */
+#define ARGCHK(X, Y) /* */
#endif
#endif /* defined MP_API_COMPATIBLE */
diff --git a/lib/freebl/mpi/mpi_amd64.c b/lib/freebl/mpi/mpi_amd64.c
index 9c9b1f9bc..9e538bb6a 100644
--- a/lib/freebl/mpi/mpi_amd64.c
+++ b/lib/freebl/mpi/mpi_amd64.c
@@ -15,18 +15,18 @@
/* Presently, this is only used by the Montgomery arithmetic code. */
/* c += a * b */
-void MPI_ASM_DECL s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len,
- mp_digit b, mp_digit *c)
+void MPI_ASM_DECL
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len,
+ mp_digit b, mp_digit *c)
{
- mp_digit w;
- mp_digit d;
+ mp_digit w;
+ mp_digit d;
- d = s_mpv_mul_add_vec64(c, a, a_len, b);
- c += a_len;
- while (d) {
- w = c[0] + d;
- d = (w < c[0] || w < d);
- *c++ = w;
- }
+ d = s_mpv_mul_add_vec64(c, a, a_len, b);
+ c += a_len;
+ while (d) {
+ w = c[0] + d;
+ d = (w < c[0] || w < d);
+ *c++ = w;
+ }
}
-
diff --git a/lib/freebl/mpi/mpi_arm.c b/lib/freebl/mpi/mpi_arm.c
index 9199aab46..b5139f28d 100644
--- a/lib/freebl/mpi/mpi_arm.c
+++ b/lib/freebl/mpi/mpi_arm.c
@@ -14,158 +14,162 @@
#include "mpi-priv.h"
#ifdef MP_ASSEMBLY_MULTIPLY
-void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
- __asm__ __volatile__(
- "mov r5, #0\n"
+ __asm__ __volatile__(
+ "mov r5, #0\n"
#ifdef __thumb2__
- "cbz %1, 2f\n"
+ "cbz %1, 2f\n"
#else
- "cmp %1, r5\n" /* r5 is 0 now */
- "beq 2f\n"
+ "cmp %1, r5\n" /* r5 is 0 now */
+ "beq 2f\n"
#endif
- "1:\n"
- "mov r4, #0\n"
- "ldr r6, [%0], #4\n"
- "umlal r5, r4, r6, %2\n"
- "str r5, [%3], #4\n"
- "mov r5, r4\n"
-
- "subs %1, #1\n"
- "bne 1b\n"
-
- "2:\n"
- "str r5, [%3]\n"
- :
- : "r"(a), "r"(a_len), "r"(b), "r"(c)
- : "memory", "cc", "%r4", "%r5", "%r6");
+ "1:\n"
+ "mov r4, #0\n"
+ "ldr r6, [%0], #4\n"
+ "umlal r5, r4, r6, %2\n"
+ "str r5, [%3], #4\n"
+ "mov r5, r4\n"
+
+ "subs %1, #1\n"
+ "bne 1b\n"
+
+ "2:\n"
+ "str r5, [%3]\n"
+ :
+ : "r"(a), "r"(a_len), "r"(b), "r"(c)
+ : "memory", "cc", "%r4", "%r5", "%r6");
}
-void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
- __asm__ __volatile__(
- "mov r5, #0\n"
+ __asm__ __volatile__(
+ "mov r5, #0\n"
#ifdef __thumb2__
- "cbz %1, 2f\n"
+ "cbz %1, 2f\n"
#else
- "cmp %1, r5\n" /* r5 is 0 now */
- "beq 2f\n"
+ "cmp %1, r5\n" /* r5 is 0 now */
+ "beq 2f\n"
#endif
- "1:\n"
- "mov r4, #0\n"
- "ldr r6, [%3]\n"
- "adds r5, r6\n"
- "adc r4, r4, #0\n"
-
- "ldr r6, [%0], #4\n"
- "umlal r5, r4, r6, %2\n"
- "str r5, [%3], #4\n"
- "mov r5, r4\n"
-
- "subs %1, #1\n"
- "bne 1b\n"
-
- "2:\n"
- "str r5, [%3]\n"
- :
- : "r"(a), "r"(a_len), "r"(b), "r"(c)
- : "memory", "cc", "%r4", "%r5", "%r6");
+ "1:\n"
+ "mov r4, #0\n"
+ "ldr r6, [%3]\n"
+ "adds r5, r6\n"
+ "adc r4, r4, #0\n"
+
+ "ldr r6, [%0], #4\n"
+ "umlal r5, r4, r6, %2\n"
+ "str r5, [%3], #4\n"
+ "mov r5, r4\n"
+
+ "subs %1, #1\n"
+ "bne 1b\n"
+
+ "2:\n"
+ "str r5, [%3]\n"
+ :
+ : "r"(a), "r"(a_len), "r"(b), "r"(c)
+ : "memory", "cc", "%r4", "%r5", "%r6");
}
-void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
- if (!a_len)
- return;
+ if (!a_len)
+ return;
- __asm__ __volatile__(
- "mov r5, #0\n"
+ __asm__ __volatile__(
+ "mov r5, #0\n"
- "1:\n"
- "mov r4, #0\n"
- "ldr r6, [%3]\n"
- "adds r5, r6\n"
- "adc r4, r4, #0\n"
- "ldr r6, [%0], #4\n"
- "umlal r5, r4, r6, %2\n"
- "str r5, [%3], #4\n"
- "mov r5, r4\n"
+ "1:\n"
+ "mov r4, #0\n"
+ "ldr r6, [%3]\n"
+ "adds r5, r6\n"
+ "adc r4, r4, #0\n"
+ "ldr r6, [%0], #4\n"
+ "umlal r5, r4, r6, %2\n"
+ "str r5, [%3], #4\n"
+ "mov r5, r4\n"
- "subs %1, #1\n"
- "bne 1b\n"
+ "subs %1, #1\n"
+ "bne 1b\n"
#ifdef __thumb2__
- "cbz r4, 3f\n"
+ "cbz r4, 3f\n"
#else
- "cmp r4, #0\n"
- "beq 3f\n"
+ "cmp r4, #0\n"
+ "beq 3f\n"
#endif
- "2:\n"
- "mov r4, #0\n"
- "ldr r6, [%3]\n"
- "adds r5, r6\n"
- "adc r4, r4, #0\n"
- "str r5, [%3], #4\n"
- "movs r5, r4\n"
- "bne 2b\n"
-
- "3:\n"
- :
- : "r"(a), "r"(a_len), "r"(b), "r"(c)
- : "memory", "cc", "%r4", "%r5", "%r6");
+ "2:\n"
+ "mov r4, #0\n"
+ "ldr r6, [%3]\n"
+ "adds r5, r6\n"
+ "adc r4, r4, #0\n"
+ "str r5, [%3], #4\n"
+ "movs r5, r4\n"
+ "bne 2b\n"
+
+ "3:\n"
+ :
+ : "r"(a), "r"(a_len), "r"(b), "r"(c)
+ : "memory", "cc", "%r4", "%r5", "%r6");
}
#endif
#ifdef MP_ASSEMBLY_SQUARE
-void s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
+void
+s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
{
- if (!a_len)
- return;
-
- __asm__ __volatile__(
- "mov r3, #0\n"
-
- "1:\n"
- "mov r4, #0\n"
- "ldr r6, [%0], #4\n"
- "ldr r5, [%2]\n"
- "adds r3, r5\n"
- "adc r4, r4, #0\n"
- "umlal r3, r4, r6, r6\n" /* w = r3:r4 */
- "str r3, [%2], #4\n"
-
- "ldr r5, [%2]\n"
- "adds r3, r4, r5\n"
- "mov r4, #0\n"
- "adc r4, r4, #0\n"
- "str r3, [%2], #4\n"
- "mov r3, r4\n"
-
- "subs %1, #1\n"
- "bne 1b\n"
+ if (!a_len)
+ return;
+
+ __asm__ __volatile__(
+ "mov r3, #0\n"
+
+ "1:\n"
+ "mov r4, #0\n"
+ "ldr r6, [%0], #4\n"
+ "ldr r5, [%2]\n"
+ "adds r3, r5\n"
+ "adc r4, r4, #0\n"
+ "umlal r3, r4, r6, r6\n" /* w = r3:r4 */
+ "str r3, [%2], #4\n"
+
+ "ldr r5, [%2]\n"
+ "adds r3, r4, r5\n"
+ "mov r4, #0\n"
+ "adc r4, r4, #0\n"
+ "str r3, [%2], #4\n"
+ "mov r3, r4\n"
+
+ "subs %1, #1\n"
+ "bne 1b\n"
#ifdef __thumb2__
- "cbz r3, 3f\n"
+ "cbz r3, 3f\n"
#else
- "cmp r3, #0\n"
- "beq 3f\n"
+ "cmp r3, #0\n"
+ "beq 3f\n"
#endif
- "2:\n"
- "mov r4, #0\n"
- "ldr r5, [%2]\n"
- "adds r3, r5\n"
- "adc r4, r4, #0\n"
- "str r3, [%2], #4\n"
- "movs r3, r4\n"
- "bne 2b\n"
-
- "3:"
- :
- : "r"(pa), "r"(a_len), "r"(ps)
- : "memory", "cc", "%r3", "%r4", "%r5", "%r6");
+ "2:\n"
+ "mov r4, #0\n"
+ "ldr r5, [%2]\n"
+ "adds r3, r5\n"
+ "adc r4, r4, #0\n"
+ "str r3, [%2], #4\n"
+ "movs r3, r4\n"
+ "bne 2b\n"
+
+ "3:"
+ :
+ : "r"(pa), "r"(a_len), "r"(ps)
+ : "memory", "cc", "%r3", "%r4", "%r5", "%r6");
}
#endif
#endif
diff --git a/lib/freebl/mpi/mpi_hp.c b/lib/freebl/mpi/mpi_hp.c
index e86d3d63f..0cea7685d 100644
--- a/lib/freebl/mpi/mpi_hp.c
+++ b/lib/freebl/mpi/mpi_hp.c
@@ -11,72 +11,71 @@
/* #include <sys/systeminfo.h> */
#include <strings.h>
-extern void multacc512(
- int length, /* doublewords in multiplicand vector. */
- const mp_digit *scalaraddr, /* Address of scalar. */
- const mp_digit *multiplicand, /* The multiplicand vector. */
- mp_digit * result); /* Where to accumulate the result. */
+extern void multacc512(
+ int length, /* doublewords in multiplicand vector. */
+ const mp_digit *scalaraddr, /* Address of scalar. */
+ const mp_digit *multiplicand, /* The multiplicand vector. */
+ mp_digit *result); /* Where to accumulate the result. */
extern void maxpy_little(
- int length, /* doublewords in multiplicand vector. */
- const mp_digit *scalaraddr, /* Address of scalar. */
- const mp_digit *multiplicand, /* The multiplicand vector. */
- mp_digit * result); /* Where to accumulate the result. */
+ int length, /* doublewords in multiplicand vector. */
+ const mp_digit *scalaraddr, /* Address of scalar. */
+ const mp_digit *multiplicand, /* The multiplicand vector. */
+ mp_digit *result); /* Where to accumulate the result. */
extern void add_diag_little(
- int length, /* doublewords in input vector. */
- const mp_digit *root, /* The vector to square. */
- mp_digit * result); /* Where to accumulate the result. */
+ int length, /* doublewords in input vector. */
+ const mp_digit *root, /* The vector to square. */
+ mp_digit *result); /* Where to accumulate the result. */
-void
+void
s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
{
add_diag_little(a_len, pa, ps);
}
#define MAX_STACK_DIGITS 258
-#define MULTACC512_LEN (512 / MP_DIGIT_BIT)
-#define HP_MPY_ADD_FN (a_len == MULTACC512_LEN ? multacc512 : maxpy_little)
+#define MULTACC512_LEN (512 / MP_DIGIT_BIT)
+#define HP_MPY_ADD_FN (a_len == MULTACC512_LEN ? multacc512 : maxpy_little)
/* c = a * b */
-void
+void
s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
mp_digit x[MAX_STACK_DIGITS];
mp_digit *px = x;
- size_t xSize = 0;
+ size_t xSize = 0;
if (a == c) {
- if (a_len > MAX_STACK_DIGITS) {
- xSize = sizeof(mp_digit) * (a_len + 2);
- px = malloc(xSize);
- if (!px)
- return;
- }
- memcpy(px, a, a_len * sizeof(*a));
- a = px;
+ if (a_len > MAX_STACK_DIGITS) {
+ xSize = sizeof(mp_digit) * (a_len + 2);
+ px = malloc(xSize);
+ if (!px)
+ return;
+ }
+ memcpy(px, a, a_len * sizeof(*a));
+ a = px;
}
s_mp_setz(c, a_len + 1);
HP_MPY_ADD_FN(a_len, &b, a, c);
if (px != x && px) {
- memset(px, 0, xSize);
- free(px);
+ memset(px, 0, xSize);
+ free(px);
}
}
/* c += a * b, where a is a_len words long. */
-void
+void
s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
- c[a_len] = 0; /* so carry propagation stops here. */
+ c[a_len] = 0; /* so carry propagation stops here. */
HP_MPY_ADD_FN(a_len, &b, a, c);
}
/* c += a * b, where a is y words long. */
-void
-s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b,
- mp_digit *c)
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b,
+ mp_digit *c)
{
HP_MPY_ADD_FN(a_len, &b, a, c);
}
-
diff --git a/lib/freebl/mpi/mpi_sparc.c b/lib/freebl/mpi/mpi_sparc.c
index 628843e4b..1e88357af 100644
--- a/lib/freebl/mpi/mpi_sparc.c
+++ b/lib/freebl/mpi/mpi_sparc.c
@@ -18,207 +18,209 @@
extern mp_digit mul_add_inp(mp_digit *x, const mp_digit *y, int n, mp_digit a);
/* vector z = vector x + vector y * scaler a; where y is of length n words. */
-extern mp_digit mul_add(mp_digit *z, const mp_digit *x, const mp_digit *y,
- int n, mp_digit a);
+extern mp_digit mul_add(mp_digit *z, const mp_digit *x, const mp_digit *y,
+ int n, mp_digit a);
/* v8 versions of these functions run on any Sparc v8 CPU. */
/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
-#define MP_MUL_DxD(a, b, Phi, Plo) \
- { unsigned long long product = (unsigned long long)a * b; \
- Plo = (mp_digit)product; \
- Phi = (mp_digit)(product >> MP_DIGIT_BIT); }
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+ { \
+ unsigned long long product = (unsigned long long)a * b; \
+ Plo = (mp_digit)product; \
+ Phi = (mp_digit)(product >> MP_DIGIT_BIT); \
+ }
/* c = a * b */
-static void
+static void
v8_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
#if !defined(MP_NO_MP_WORD)
- mp_digit d = 0;
-
- /* Inner product: Digits of a */
- while (a_len--) {
- mp_word w = ((mp_word)b * *a++) + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
- *c = d;
+ mp_digit d = 0;
+
+ /* Inner product: Digits of a */
+ while (a_len--) {
+ mp_word w = ((mp_word)b * *a++) + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
+ *c = d;
#else
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *a++;
- mp_digit a0b0, a1b1;
-
- MP_MUL_DxD(a_i, b, a1b1, a0b0);
-
- a0b0 += carry;
- if (a0b0 < carry)
- ++a1b1;
- *c++ = a0b0;
- carry = a1b1;
- }
- *c = carry;
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *a++;
+ mp_digit a0b0, a1b1;
+
+ MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+ a0b0 += carry;
+ if (a0b0 < carry)
+ ++a1b1;
+ *c++ = a0b0;
+ carry = a1b1;
+ }
+ *c = carry;
#endif
}
/* c += a * b */
-static void
+static void
v8_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
#if !defined(MP_NO_MP_WORD)
- mp_digit d = 0;
-
- /* Inner product: Digits of a */
- while (a_len--) {
- mp_word w = ((mp_word)b * *a++) + *c + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
- *c = d;
+ mp_digit d = 0;
+
+ /* Inner product: Digits of a */
+ while (a_len--) {
+ mp_word w = ((mp_word)b * *a++) + *c + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
+ *c = d;
#else
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *a++;
- mp_digit a0b0, a1b1;
-
- MP_MUL_DxD(a_i, b, a1b1, a0b0);
-
- a0b0 += carry;
- if (a0b0 < carry)
- ++a1b1;
- a0b0 += a_i = *c;
- if (a0b0 < a_i)
- ++a1b1;
- *c++ = a0b0;
- carry = a1b1;
- }
- *c = carry;
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *a++;
+ mp_digit a0b0, a1b1;
+
+ MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+ a0b0 += carry;
+ if (a0b0 < carry)
+ ++a1b1;
+ a0b0 += a_i = *c;
+ if (a0b0 < a_i)
+ ++a1b1;
+ *c++ = a0b0;
+ carry = a1b1;
+ }
+ *c = carry;
#endif
}
/* Presently, this is only used by the Montgomery arithmetic code. */
/* c += a * b */
-static void
+static void
v8_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
#if !defined(MP_NO_MP_WORD)
- mp_digit d = 0;
-
- /* Inner product: Digits of a */
- while (a_len--) {
- mp_word w = ((mp_word)b * *a++) + *c + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
-
- while (d) {
- mp_word w = (mp_word)*c + d;
- *c++ = ACCUM(w);
- d = CARRYOUT(w);
- }
+ mp_digit d = 0;
+
+ /* Inner product: Digits of a */
+ while (a_len--) {
+ mp_word w = ((mp_word)b * *a++) + *c + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
+
+ while (d) {
+ mp_word w = (mp_word)*c + d;
+ *c++ = ACCUM(w);
+ d = CARRYOUT(w);
+ }
#else
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *a++;
- mp_digit a0b0, a1b1;
-
- MP_MUL_DxD(a_i, b, a1b1, a0b0);
-
- a0b0 += carry;
- if (a0b0 < carry)
- ++a1b1;
-
- a0b0 += a_i = *c;
- if (a0b0 < a_i)
- ++a1b1;
-
- *c++ = a0b0;
- carry = a1b1;
- }
- while (carry) {
- mp_digit c_i = *c;
- carry += c_i;
- *c++ = carry;
- carry = carry < c_i;
- }
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *a++;
+ mp_digit a0b0, a1b1;
+
+ MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+ a0b0 += carry;
+ if (a0b0 < carry)
+ ++a1b1;
+
+ a0b0 += a_i = *c;
+ if (a0b0 < a_i)
+ ++a1b1;
+
+ *c++ = a0b0;
+ carry = a1b1;
+ }
+ while (carry) {
+ mp_digit c_i = *c;
+ carry += c_i;
+ *c++ = carry;
+ carry = carry < c_i;
+ }
#endif
}
/* These functions run only on v8plus+vis or v9+vis CPUs. */
/* c = a * b */
-void
+void
s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
mp_digit d;
mp_digit x[258];
if (a_len <= 256) {
- if (a == c || ((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
- mp_digit * px;
- px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
- memcpy(px, a, a_len * sizeof(*a));
- a = px;
- if (a_len & 1) {
- px[a_len] = 0;
- }
- }
- s_mp_setz(c, a_len + 1);
- d = mul_add_inp(c, a, a_len, b);
- c[a_len] = d;
+ if (a == c || ((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+ mp_digit *px;
+ px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+ memcpy(px, a, a_len * sizeof(*a));
+ a = px;
+ if (a_len & 1) {
+ px[a_len] = 0;
+ }
+ }
+ s_mp_setz(c, a_len + 1);
+ d = mul_add_inp(c, a, a_len, b);
+ c[a_len] = d;
} else {
- v8_mpv_mul_d(a, a_len, b, c);
+ v8_mpv_mul_d(a, a_len, b, c);
}
}
/* c += a * b, where a is a_len words long. */
-void
+void
s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
mp_digit d;
mp_digit x[258];
if (a_len <= 256) {
- if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
- mp_digit * px;
- px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
- memcpy(px, a, a_len * sizeof(*a));
- a = px;
- if (a_len & 1) {
- px[a_len] = 0;
- }
- }
- d = mul_add_inp(c, a, a_len, b);
- c[a_len] = d;
+ if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+ mp_digit *px;
+ px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+ memcpy(px, a, a_len * sizeof(*a));
+ a = px;
+ if (a_len & 1) {
+ px[a_len] = 0;
+ }
+ }
+ d = mul_add_inp(c, a, a_len, b);
+ c[a_len] = d;
} else {
- v8_mpv_mul_d_add(a, a_len, b, c);
+ v8_mpv_mul_d_add(a, a_len, b, c);
}
}
/* c += a * b, where a is y words long. */
-void
+void
s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
mp_digit d;
mp_digit x[258];
if (a_len <= 256) {
- if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
- mp_digit * px;
- px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
- memcpy(px, a, a_len * sizeof(*a));
- a = px;
- if (a_len & 1) {
- px[a_len] = 0;
- }
- }
- d = mul_add_inp(c, a, a_len, b);
- if (d) {
- c += a_len;
- do {
- mp_digit sum = d + *c;
- *c++ = sum;
- d = sum < d;
- } while (d);
- }
+ if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+ mp_digit *px;
+ px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+ memcpy(px, a, a_len * sizeof(*a));
+ a = px;
+ if (a_len & 1) {
+ px[a_len] = 0;
+ }
+ }
+ d = mul_add_inp(c, a, a_len, b);
+ if (d) {
+ c += a_len;
+ do {
+ mp_digit sum = d + *c;
+ *c++ = sum;
+ d = sum < d;
+ } while (d);
+ }
} else {
- v8_mpv_mul_d_add_prop(a, a_len, b, c);
+ v8_mpv_mul_d_add_prop(a, a_len, b, c);
}
}
diff --git a/lib/freebl/mpi/mpi_x86_asm.c b/lib/freebl/mpi/mpi_x86_asm.c
index e25166e58..4faeef30c 100644
--- a/lib/freebl/mpi/mpi_x86_asm.c
+++ b/lib/freebl/mpi/mpi_x86_asm.c
@@ -1,6 +1,6 @@
/*
* mpi_x86_asm.c - MSVC inline assembly implementation of s_mpv_ functions.
- *
+ *
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@@ -11,33 +11,32 @@ static int is_sse = -1;
extern unsigned long s_mpi_is_sse2();
/*
- * ebp - 36: caller's esi
- * ebp - 32: caller's edi
- * ebp - 28:
- * ebp - 24:
- * ebp - 20:
- * ebp - 16:
- * ebp - 12:
- * ebp - 8:
- * ebp - 4:
- * ebp + 0: caller's ebp
- * ebp + 4: return address
- * ebp + 8: a argument
- * ebp + 12: a_len argument
- * ebp + 16: b argument
- * ebp + 20: c argument
+ * ebp - 36: caller's esi
+ * ebp - 32: caller's edi
+ * ebp - 28:
+ * ebp - 24:
+ * ebp - 20:
+ * ebp - 16:
+ * ebp - 12:
+ * ebp - 8:
+ * ebp - 4:
+ * ebp + 0: caller's ebp
+ * ebp + 4: return address
+ * ebp + 8: a argument
+ * ebp + 12: a_len argument
+ * ebp + 16: b argument
+ * ebp + 20: c argument
* registers:
- * eax:
- * ebx: carry
- * ecx: a_len
- * edx:
- * esi: a ptr
- * edi: c ptr
+ * eax:
+ * ebx: carry
+ * ecx: a_len
+ * edx:
+ * esi: a ptr
+ * edi: c ptr
*/
-__declspec(naked) void
-s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+__declspec(naked) void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
- __asm {
+ __asm {
mov eax, is_sse
cmp eax, 0
je s_mpv_mul_d_x86
@@ -53,95 +52,94 @@ s_mpv_mul_d_x86:
push edi
push esi
push ebx
- mov ebx,0 ; carry = 0
- mov ecx,[ebp+12] ; ecx = a_len
+ mov ebx,0 ; carry = 0
+ mov ecx,[ebp+12] ; ecx = a_len
mov edi,[ebp+20]
cmp ecx,0
- je L_2 ; jmp if a_len == 0
- mov esi,[ebp+8] ; esi = a
+ je L_2 ; jmp if a_len == 0
+ mov esi,[ebp+8] ; esi = a
cld
L_1:
- lodsd ; eax = [ds:esi]; esi += 4
- mov edx,[ebp+16] ; edx = b
- mul edx ; edx:eax = Phi:Plo = a_i * b
+ lodsd ; eax = [ds:esi]; esi += 4
+ mov edx,[ebp+16] ; edx = b
+ mul edx ; edx:eax = Phi:Plo = a_i * b
- add eax,ebx ; add carry (ebx) to edx:eax
+ add eax,ebx ; add carry (ebx) to edx:eax
adc edx,0
- mov ebx,edx ; high half of product becomes next carry
+ mov ebx,edx ; high half of product becomes next carry
- stosd ; [es:edi] = ax; edi += 4;
- dec ecx ; --a_len
- jnz L_1 ; jmp if a_len != 0
+ stosd ; [es:edi] = ax; edi += 4;
+ dec ecx ; --a_len
+ jnz L_1 ; jmp if a_len != 0
L_2:
- mov [edi],ebx ; *c = carry
+ mov [edi],ebx ; *c = carry
pop ebx
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
s_mpv_mul_d_sse2:
push ebp
mov ebp, esp
push edi
push esi
- psubq mm2, mm2 ; carry = 0
- mov ecx, [ebp+12] ; ecx = a_len
- movd mm1, [ebp+16] ; mm1 = b
+ psubq mm2, mm2 ; carry = 0
+ mov ecx, [ebp+12] ; ecx = a_len
+ movd mm1, [ebp+16] ; mm1 = b
mov edi, [ebp+20]
cmp ecx, 0
- je L_6 ; jmp if a_len == 0
- mov esi, [ebp+8] ; esi = a
+ je L_6 ; jmp if a_len == 0
+ mov esi, [ebp+8] ; esi = a
cld
L_5:
- movd mm0, [esi] ; mm0 = *a++
+ movd mm0, [esi] ; mm0 = *a++
add esi, 4
- pmuludq mm0, mm1 ; mm0 = b * *a++
- paddq mm2, mm0 ; add the carry
- movd [edi], mm2 ; store the 32bit result
+ pmuludq mm0, mm1 ; mm0 = b * *a++
+ paddq mm2, mm0 ; add the carry
+ movd [edi], mm2 ; store the 32bit result
add edi, 4
- psrlq mm2, 32 ; save the carry
- dec ecx ; --a_len
- jnz L_5 ; jmp if a_len != 0
+ psrlq mm2, 32 ; save the carry
+ dec ecx ; --a_len
+ jnz L_5 ; jmp if a_len != 0
L_6:
- movd [edi], mm2 ; *c = carry
+ movd [edi], mm2 ; *c = carry
emms
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
- }
+ }
}
/*
- * ebp - 36: caller's esi
- * ebp - 32: caller's edi
- * ebp - 28:
- * ebp - 24:
- * ebp - 20:
- * ebp - 16:
- * ebp - 12:
- * ebp - 8:
- * ebp - 4:
- * ebp + 0: caller's ebp
- * ebp + 4: return address
- * ebp + 8: a argument
- * ebp + 12: a_len argument
- * ebp + 16: b argument
- * ebp + 20: c argument
+ * ebp - 36: caller's esi
+ * ebp - 32: caller's edi
+ * ebp - 28:
+ * ebp - 24:
+ * ebp - 20:
+ * ebp - 16:
+ * ebp - 12:
+ * ebp - 8:
+ * ebp - 4:
+ * ebp + 0: caller's ebp
+ * ebp + 4: return address
+ * ebp + 8: a argument
+ * ebp + 12: a_len argument
+ * ebp + 16: b argument
+ * ebp + 20: c argument
* registers:
- * eax:
- * ebx: carry
- * ecx: a_len
- * edx:
- * esi: a ptr
- * edi: c ptr
+ * eax:
+ * ebx: carry
+ * ecx: a_len
+ * edx:
+ * esi: a ptr
+ * edi: c ptr
*/
-__declspec(naked) void
-s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+__declspec(naked) void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
- __asm {
+ __asm {
mov eax, is_sse
cmp eax, 0
je s_mpv_mul_d_add_x86
@@ -157,100 +155,99 @@ s_mpv_mul_d_add_x86:
push edi
push esi
push ebx
- mov ebx,0 ; carry = 0
- mov ecx,[ebp+12] ; ecx = a_len
+ mov ebx,0 ; carry = 0
+ mov ecx,[ebp+12] ; ecx = a_len
mov edi,[ebp+20]
cmp ecx,0
- je L_11 ; jmp if a_len == 0
- mov esi,[ebp+8] ; esi = a
+ je L_11 ; jmp if a_len == 0
+ mov esi,[ebp+8] ; esi = a
cld
L_10:
- lodsd ; eax = [ds:esi]; esi += 4
- mov edx,[ebp+16] ; edx = b
- mul edx ; edx:eax = Phi:Plo = a_i * b
+ lodsd ; eax = [ds:esi]; esi += 4
+ mov edx,[ebp+16] ; edx = b
+ mul edx ; edx:eax = Phi:Plo = a_i * b
- add eax,ebx ; add carry (ebx) to edx:eax
+ add eax,ebx ; add carry (ebx) to edx:eax
adc edx,0
- mov ebx,[edi] ; add in current word from *c
- add eax,ebx
+ mov ebx,[edi] ; add in current word from *c
+ add eax,ebx
adc edx,0
- mov ebx,edx ; high half of product becomes next carry
+ mov ebx,edx ; high half of product becomes next carry
- stosd ; [es:edi] = ax; edi += 4;
- dec ecx ; --a_len
- jnz L_10 ; jmp if a_len != 0
+ stosd ; [es:edi] = ax; edi += 4;
+ dec ecx ; --a_len
+ jnz L_10 ; jmp if a_len != 0
L_11:
- mov [edi],ebx ; *c = carry
+ mov [edi],ebx ; *c = carry
pop ebx
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
s_mpv_mul_d_add_sse2:
push ebp
mov ebp, esp
push edi
push esi
- psubq mm2, mm2 ; carry = 0
- mov ecx, [ebp+12] ; ecx = a_len
- movd mm1, [ebp+16] ; mm1 = b
+ psubq mm2, mm2 ; carry = 0
+ mov ecx, [ebp+12] ; ecx = a_len
+ movd mm1, [ebp+16] ; mm1 = b
mov edi, [ebp+20]
cmp ecx, 0
- je L_16 ; jmp if a_len == 0
- mov esi, [ebp+8] ; esi = a
+ je L_16 ; jmp if a_len == 0
+ mov esi, [ebp+8] ; esi = a
cld
L_15:
- movd mm0, [esi] ; mm0 = *a++
+ movd mm0, [esi] ; mm0 = *a++
add esi, 4
- pmuludq mm0, mm1 ; mm0 = b * *a++
- paddq mm2, mm0 ; add the carry
+ pmuludq mm0, mm1 ; mm0 = b * *a++
+ paddq mm2, mm0 ; add the carry
movd mm0, [edi]
- paddq mm2, mm0 ; add the carry
- movd [edi], mm2 ; store the 32bit result
+ paddq mm2, mm0 ; add the carry
+ movd [edi], mm2 ; store the 32bit result
add edi, 4
- psrlq mm2, 32 ; save the carry
- dec ecx ; --a_len
- jnz L_15 ; jmp if a_len != 0
+ psrlq mm2, 32 ; save the carry
+ dec ecx ; --a_len
+ jnz L_15 ; jmp if a_len != 0
L_16:
- movd [edi], mm2 ; *c = carry
+ movd [edi], mm2 ; *c = carry
emms
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
- }
+ }
}
/*
- * ebp - 36: caller's esi
- * ebp - 32: caller's edi
- * ebp - 28:
- * ebp - 24:
- * ebp - 20:
- * ebp - 16:
- * ebp - 12:
- * ebp - 8:
- * ebp - 4:
- * ebp + 0: caller's ebp
- * ebp + 4: return address
- * ebp + 8: a argument
- * ebp + 12: a_len argument
- * ebp + 16: b argument
- * ebp + 20: c argument
+ * ebp - 36: caller's esi
+ * ebp - 32: caller's edi
+ * ebp - 28:
+ * ebp - 24:
+ * ebp - 20:
+ * ebp - 16:
+ * ebp - 12:
+ * ebp - 8:
+ * ebp - 4:
+ * ebp + 0: caller's ebp
+ * ebp + 4: return address
+ * ebp + 8: a argument
+ * ebp + 12: a_len argument
+ * ebp + 16: b argument
+ * ebp + 20: c argument
* registers:
- * eax:
- * ebx: carry
- * ecx: a_len
- * edx:
- * esi: a ptr
- * edi: c ptr
+ * eax:
+ * ebx: carry
+ * ecx: a_len
+ * edx:
+ * esi: a ptr
+ * edi: c ptr
*/
-__declspec(naked) void
-s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+__declspec(naked) void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
{
- __asm {
+ __asm {
mov eax, is_sse
cmp eax, 0
je s_mpv_mul_d_add_prop_x86
@@ -266,46 +263,46 @@ s_mpv_mul_d_add_prop_x86:
push edi
push esi
push ebx
- mov ebx,0 ; carry = 0
- mov ecx,[ebp+12] ; ecx = a_len
+ mov ebx,0 ; carry = 0
+ mov ecx,[ebp+12] ; ecx = a_len
mov edi,[ebp+20]
cmp ecx,0
- je L_21 ; jmp if a_len == 0
+ je L_21 ; jmp if a_len == 0
cld
- mov esi,[ebp+8] ; esi = a
+ mov esi,[ebp+8] ; esi = a
L_20:
- lodsd ; eax = [ds:esi]; esi += 4
- mov edx,[ebp+16] ; edx = b
- mul edx ; edx:eax = Phi:Plo = a_i * b
+ lodsd ; eax = [ds:esi]; esi += 4
+ mov edx,[ebp+16] ; edx = b
+ mul edx ; edx:eax = Phi:Plo = a_i * b
- add eax,ebx ; add carry (ebx) to edx:eax
+ add eax,ebx ; add carry (ebx) to edx:eax
adc edx,0
- mov ebx,[edi] ; add in current word from *c
- add eax,ebx
+ mov ebx,[edi] ; add in current word from *c
+ add eax,ebx
adc edx,0
- mov ebx,edx ; high half of product becomes next carry
+ mov ebx,edx ; high half of product becomes next carry
- stosd ; [es:edi] = ax; edi += 4;
- dec ecx ; --a_len
- jnz L_20 ; jmp if a_len != 0
+ stosd ; [es:edi] = ax; edi += 4;
+ dec ecx ; --a_len
+ jnz L_20 ; jmp if a_len != 0
L_21:
- cmp ebx,0 ; is carry zero?
+ cmp ebx,0 ; is carry zero?
jz L_23
- mov eax,[edi] ; add in current word from *c
+ mov eax,[edi] ; add in current word from *c
add eax,ebx
- stosd ; [es:edi] = ax; edi += 4;
+ stosd ; [es:edi] = ax; edi += 4;
jnc L_23
L_22:
- mov eax,[edi] ; add in current word from *c
+ mov eax,[edi] ; add in current word from *c
adc eax,0
- stosd ; [es:edi] = ax; edi += 4;
+ stosd ; [es:edi] = ax; edi += 4;
jc L_22
L_23:
pop ebx
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
s_mpv_mul_d_add_prop_sse2:
push ebp
@@ -313,74 +310,73 @@ s_mpv_mul_d_add_prop_sse2:
push edi
push esi
push ebx
- psubq mm2, mm2 ; carry = 0
- mov ecx, [ebp+12] ; ecx = a_len
- movd mm1, [ebp+16] ; mm1 = b
+ psubq mm2, mm2 ; carry = 0
+ mov ecx, [ebp+12] ; ecx = a_len
+ movd mm1, [ebp+16] ; mm1 = b
mov edi, [ebp+20]
cmp ecx, 0
- je L_26 ; jmp if a_len == 0
- mov esi, [ebp+8] ; esi = a
+ je L_26 ; jmp if a_len == 0
+ mov esi, [ebp+8] ; esi = a
cld
L_25:
- movd mm0, [esi] ; mm0 = *a++
- movd mm3, [edi] ; fetch the sum
+ movd mm0, [esi] ; mm0 = *a++
+ movd mm3, [edi] ; fetch the sum
add esi, 4
- pmuludq mm0, mm1 ; mm0 = b * *a++
- paddq mm2, mm0 ; add the carry
- paddq mm2, mm3 ; add *c++
- movd [edi], mm2 ; store the 32bit result
+ pmuludq mm0, mm1 ; mm0 = b * *a++
+ paddq mm2, mm0 ; add the carry
+ paddq mm2, mm3 ; add *c++
+ movd [edi], mm2 ; store the 32bit result
add edi, 4
- psrlq mm2, 32 ; save the carry
- dec ecx ; --a_len
- jnz L_25 ; jmp if a_len != 0
+ psrlq mm2, 32 ; save the carry
+ dec ecx ; --a_len
+ jnz L_25 ; jmp if a_len != 0
L_26:
movd ebx, mm2
- cmp ebx, 0 ; is carry zero?
+ cmp ebx, 0 ; is carry zero?
jz L_28
mov eax, [edi]
add eax, ebx
stosd
jnc L_28
L_27:
- mov eax, [edi] ; add in current word from *c
- adc eax, 0
- stosd ; [es:edi] = ax; edi += 4;
+ mov eax, [edi] ; add in current word from *c
+ adc eax, 0
+ stosd ; [es:edi] = ax; edi += 4;
jc L_27
L_28:
emms
pop ebx
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
- }
+ }
}
/*
- * ebp - 20: caller's esi
- * ebp - 16: caller's edi
- * ebp - 12:
- * ebp - 8: carry
- * ebp - 4: a_len local
- * ebp + 0: caller's ebp
- * ebp + 4: return address
- * ebp + 8: pa argument
- * ebp + 12: a_len argument
- * ebp + 16: ps argument
- * ebp + 20:
+ * ebp - 20: caller's esi
+ * ebp - 16: caller's edi
+ * ebp - 12:
+ * ebp - 8: carry
+ * ebp - 4: a_len local
+ * ebp + 0: caller's ebp
+ * ebp + 4: return address
+ * ebp + 8: pa argument
+ * ebp + 12: a_len argument
+ * ebp + 16: ps argument
+ * ebp + 20:
* registers:
- * eax:
- * ebx: carry
- * ecx: a_len
- * edx:
- * esi: a ptr
- * edi: c ptr
+ * eax:
+ * ebx: carry
+ * ecx: a_len
+ * edx:
+ * esi: a ptr
+ * edi: c ptr
*/
-__declspec(naked) void
-s_mpv_sqr_add_prop(const mp_digit *a, mp_size a_len, mp_digit *sqrs)
+__declspec(naked) void s_mpv_sqr_add_prop(const mp_digit *a, mp_size a_len, mp_digit *sqrs)
{
- __asm {
+ __asm {
mov eax, is_sse
cmp eax, 0
je s_mpv_sqr_add_prop_x86
@@ -396,48 +392,48 @@ s_mpv_sqr_add_prop_x86:
push edi
push esi
push ebx
- mov ebx,0 ; carry = 0
- mov ecx,[ebp+12] ; a_len
- mov edi,[ebp+16] ; edi = ps
+ mov ebx,0 ; carry = 0
+ mov ecx,[ebp+12] ; a_len
+ mov edi,[ebp+16] ; edi = ps
cmp ecx,0
- je L_31 ; jump if a_len == 0
+ je L_31 ; jump if a_len == 0
cld
- mov esi,[ebp+8] ; esi = pa
+ mov esi,[ebp+8] ; esi = pa
L_30:
- lodsd ; eax = [ds:si]; si += 4;
+ lodsd ; eax = [ds:si]; si += 4;
mul eax
- add eax,ebx ; add "carry"
+ add eax,ebx ; add "carry"
adc edx,0
mov ebx,[edi]
- add eax,ebx ; add low word from result
+ add eax,ebx ; add low word from result
mov ebx,[edi+4]
- stosd ; [es:di] = eax; di += 4;
- adc edx,ebx ; add high word from result
+ stosd ; [es:di] = eax; di += 4;
+ adc edx,ebx ; add high word from result
mov ebx,0
mov eax,edx
adc ebx,0
- stosd ; [es:di] = eax; di += 4;
- dec ecx ; --a_len
- jnz L_30 ; jmp if a_len != 0
+ stosd ; [es:di] = eax; di += 4;
+ dec ecx ; --a_len
+ jnz L_30 ; jmp if a_len != 0
L_31:
- cmp ebx,0 ; is carry zero?
+ cmp ebx,0 ; is carry zero?
jz L_34
- mov eax,[edi] ; add in current word from *c
+ mov eax,[edi] ; add in current word from *c
add eax,ebx
- stosd ; [es:edi] = ax; edi += 4;
+ stosd ; [es:edi] = ax; edi += 4;
jnc L_34
L_32:
- mov eax,[edi] ; add in current word from *c
+ mov eax,[edi] ; add in current word from *c
adc eax,0
- stosd ; [es:edi] = ax; edi += 4;
+ stosd ; [es:edi] = ax; edi += 4;
jc L_32
L_34:
pop ebx
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
s_mpv_sqr_add_prop_sse2:
push ebp
@@ -445,79 +441,79 @@ s_mpv_sqr_add_prop_sse2:
push edi
push esi
push ebx
- psubq mm2, mm2 ; carry = 0
- mov ecx, [ebp+12] ; ecx = a_len
+ psubq mm2, mm2 ; carry = 0
+ mov ecx, [ebp+12] ; ecx = a_len
mov edi, [ebp+16]
cmp ecx, 0
- je L_36 ; jmp if a_len == 0
- mov esi, [ebp+8] ; esi = a
+ je L_36 ; jmp if a_len == 0
+ mov esi, [ebp+8] ; esi = a
cld
L_35:
- movd mm0, [esi] ; mm0 = *a
- movd mm3, [edi] ; fetch the sum
- add esi, 4
- pmuludq mm0, mm0 ; mm0 = sqr(a)
- paddq mm2, mm0 ; add the carry
- paddq mm2, mm3 ; add the low word
+ movd mm0, [esi] ; mm0 = *a
+ movd mm3, [edi] ; fetch the sum
+ add esi, 4
+ pmuludq mm0, mm0 ; mm0 = sqr(a)
+ paddq mm2, mm0 ; add the carry
+ paddq mm2, mm3 ; add the low word
movd mm3, [edi+4]
- movd [edi], mm2 ; store the 32bit result
- psrlq mm2, 32
- paddq mm2, mm3 ; add the high word
- movd [edi+4], mm2 ; store the 32bit result
- psrlq mm2, 32 ; save the carry.
+ movd [edi], mm2 ; store the 32bit result
+ psrlq mm2, 32
+ paddq mm2, mm3 ; add the high word
+ movd [edi+4], mm2 ; store the 32bit result
+ psrlq mm2, 32 ; save the carry.
add edi, 8
- dec ecx ; --a_len
- jnz L_35 ; jmp if a_len != 0
+ dec ecx ; --a_len
+ jnz L_35 ; jmp if a_len != 0
L_36:
movd ebx, mm2
- cmp ebx, 0 ; is carry zero?
+ cmp ebx, 0 ; is carry zero?
jz L_38
mov eax, [edi]
add eax, ebx
stosd
jnc L_38
L_37:
- mov eax, [edi] ; add in current word from *c
- adc eax, 0
- stosd ; [es:edi] = ax; edi += 4;
+ mov eax, [edi] ; add in current word from *c
+ adc eax, 0
+ stosd ; [es:edi] = ax; edi += 4;
jc L_37
L_38:
emms
pop ebx
pop esi
pop edi
- leave
- ret
+ leave
+ ret
nop
- }
+ }
}
-/*
+/*
* Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
* so its high bit is 1. This code is from NSPR.
*
* Dump of assembler code for function s_mpv_div_2dx1d:
- *
+ *
* esp + 0: Caller's ebx
- * esp + 4: return address
- * esp + 8: Nhi argument
- * esp + 12: Nlo argument
- * esp + 16: divisor argument
- * esp + 20: qp argument
- * esp + 24: rp argument
+ * esp + 4: return address
+ * esp + 8: Nhi argument
+ * esp + 12: Nlo argument
+ * esp + 16: divisor argument
+ * esp + 20: qp argument
+ * esp + 24: rp argument
* registers:
- * eax:
- * ebx: carry
- * ecx: a_len
- * edx:
- * esi: a ptr
- * edi: c ptr
- */
+ * eax:
+ * ebx: carry
+ * ecx: a_len
+ * edx:
+ * esi: a ptr
+ * edi: c ptr
+ */
__declspec(naked) mp_err
-s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
- mp_digit *qp, mp_digit *rp)
+ s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ mp_digit *qp, mp_digit *rp)
{
- __asm {
+ __asm {
push ebx
mov edx,[esp+8]
mov eax,[esp+12]
@@ -527,9 +523,9 @@ s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
mov [ebx],eax
mov ebx,[esp+24]
mov [ebx],edx
- xor eax,eax ; return zero
+ xor eax,eax ; return zero
pop ebx
- ret
+ ret
nop
- }
+ }
}
diff --git a/lib/freebl/mpi/mplogic.c b/lib/freebl/mpi/mplogic.c
index 65f504e15..89fd03ae8 100644
--- a/lib/freebl/mpi/mplogic.c
+++ b/lib/freebl/mpi/mplogic.c
@@ -13,22 +13,22 @@
/* {{{ Lookup table for population count */
static unsigned char bitc[] = {
- 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,
- 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
- 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
- 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
- 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
- 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
- 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
- 4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8
+ 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,
+ 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+ 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+ 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+ 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+ 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+ 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+ 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+ 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+ 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+ 4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8
};
/* }}} */
@@ -43,23 +43,24 @@ static unsigned char bitc[] = {
/* {{{ mpl_not(a, b) */
-mp_err mpl_not(mp_int *a, mp_int *b)
+mp_err
+mpl_not(mp_int *a, mp_int *b)
{
- mp_err res;
- unsigned int ix;
+ mp_err res;
+ unsigned int ix;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if((res = mp_copy(a, b)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, b)) != MP_OKAY)
+ return res;
- /* This relies on the fact that the digit type is unsigned */
- for(ix = 0; ix < USED(b); ix++)
- DIGIT(b, ix) = ~DIGIT(b, ix);
+ /* This relies on the fact that the digit type is unsigned */
+ for (ix = 0; ix < USED(b); ix++)
+ DIGIT(b, ix) = ~DIGIT(b, ix);
- s_mp_clamp(b);
+ s_mp_clamp(b);
- return MP_OKAY;
+ return MP_OKAY;
} /* end mpl_not() */
@@ -67,31 +68,32 @@ mp_err mpl_not(mp_int *a, mp_int *b)
/* {{{ mpl_and(a, b, c) */
-mp_err mpl_and(mp_int *a, mp_int *b, mp_int *c)
+mp_err
+mpl_and(mp_int *a, mp_int *b, mp_int *c)
{
- mp_int *which, *other;
- mp_err res;
- unsigned int ix;
-
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
-
- if(USED(a) <= USED(b)) {
- which = a;
- other = b;
- } else {
- which = b;
- other = a;
- }
+ mp_int *which, *other;
+ mp_err res;
+ unsigned int ix;
+
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+ if (USED(a) <= USED(b)) {
+ which = a;
+ other = b;
+ } else {
+ which = b;
+ other = a;
+ }
- if((res = mp_copy(which, c)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(which, c)) != MP_OKAY)
+ return res;
- for(ix = 0; ix < USED(which); ix++)
- DIGIT(c, ix) &= DIGIT(other, ix);
+ for (ix = 0; ix < USED(which); ix++)
+ DIGIT(c, ix) &= DIGIT(other, ix);
- s_mp_clamp(c);
+ s_mp_clamp(c);
- return MP_OKAY;
+ return MP_OKAY;
} /* end mpl_and() */
@@ -99,29 +101,30 @@ mp_err mpl_and(mp_int *a, mp_int *b, mp_int *c)
/* {{{ mpl_or(a, b, c) */
-mp_err mpl_or(mp_int *a, mp_int *b, mp_int *c)
+mp_err
+mpl_or(mp_int *a, mp_int *b, mp_int *c)
{
- mp_int *which, *other;
- mp_err res;
- unsigned int ix;
-
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
-
- if(USED(a) >= USED(b)) {
- which = a;
- other = b;
- } else {
- which = b;
- other = a;
- }
+ mp_int *which, *other;
+ mp_err res;
+ unsigned int ix;
+
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+ if (USED(a) >= USED(b)) {
+ which = a;
+ other = b;
+ } else {
+ which = b;
+ other = a;
+ }
- if((res = mp_copy(which, c)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(which, c)) != MP_OKAY)
+ return res;
- for(ix = 0; ix < USED(which); ix++)
- DIGIT(c, ix) |= DIGIT(other, ix);
+ for (ix = 0; ix < USED(which); ix++)
+ DIGIT(c, ix) |= DIGIT(other, ix);
- return MP_OKAY;
+ return MP_OKAY;
} /* end mpl_or() */
@@ -129,31 +132,32 @@ mp_err mpl_or(mp_int *a, mp_int *b, mp_int *c)
/* {{{ mpl_xor(a, b, c) */
-mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c)
+mp_err
+mpl_xor(mp_int *a, mp_int *b, mp_int *c)
{
- mp_int *which, *other;
- mp_err res;
- unsigned int ix;
-
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
-
- if(USED(a) >= USED(b)) {
- which = a;
- other = b;
- } else {
- which = b;
- other = a;
- }
+ mp_int *which, *other;
+ mp_err res;
+ unsigned int ix;
+
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+ if (USED(a) >= USED(b)) {
+ which = a;
+ other = b;
+ } else {
+ which = b;
+ other = a;
+ }
- if((res = mp_copy(which, c)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(which, c)) != MP_OKAY)
+ return res;
- for(ix = 0; ix < USED(which); ix++)
- DIGIT(c, ix) ^= DIGIT(other, ix);
+ for (ix = 0; ix < USED(which); ix++)
+ DIGIT(c, ix) ^= DIGIT(other, ix);
- s_mp_clamp(c);
+ s_mp_clamp(c);
- return MP_OKAY;
+ return MP_OKAY;
} /* end mpl_xor() */
@@ -167,18 +171,19 @@ mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c)
/* {{{ mpl_rsh(a, b, d) */
-mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d)
+mp_err
+mpl_rsh(const mp_int *a, mp_int *b, mp_digit d)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if((res = mp_copy(a, b)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, b)) != MP_OKAY)
+ return res;
- s_mp_div_2d(b, d);
+ s_mp_div_2d(b, d);
- return MP_OKAY;
+ return MP_OKAY;
} /* end mpl_rsh() */
@@ -186,16 +191,17 @@ mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d)
/* {{{ mpl_lsh(a, b, d) */
-mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d)
+mp_err
+mpl_lsh(const mp_int *a, mp_int *b, mp_digit d)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && b != NULL, MP_BADARG);
+ ARGCHK(a != NULL && b != NULL, MP_BADARG);
- if((res = mp_copy(a, b)) != MP_OKAY)
- return res;
+ if ((res = mp_copy(a, b)) != MP_OKAY)
+ return res;
- return s_mp_mul_2d(b, d);
+ return s_mp_mul_2d(b, d);
} /* end mpl_lsh() */
@@ -215,29 +221,30 @@ mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d)
/* {{{ mpl_num_set(a, num) */
-mp_err mpl_num_set(mp_int *a, int *num)
+mp_err
+mpl_num_set(mp_int *a, int *num)
{
- unsigned int ix;
- int db, nset = 0;
- mp_digit cur;
- unsigned char reg;
+ unsigned int ix;
+ int db, nset = 0;
+ mp_digit cur;
+ unsigned char reg;
+
+ ARGCHK(a != NULL, MP_BADARG);
- ARGCHK(a != NULL, MP_BADARG);
+ for (ix = 0; ix < USED(a); ix++) {
+ cur = DIGIT(a, ix);
- for(ix = 0; ix < USED(a); ix++) {
- cur = DIGIT(a, ix);
-
- for(db = 0; db < sizeof(mp_digit); db++) {
- reg = (unsigned char)(cur >> (CHAR_BIT * db));
+ for (db = 0; db < sizeof(mp_digit); db++) {
+ reg = (unsigned char)(cur >> (CHAR_BIT * db));
- nset += bitc[reg];
+ nset += bitc[reg];
+ }
}
- }
- if(num)
- *num = nset;
+ if (num)
+ *num = nset;
- return MP_OKAY;
+ return MP_OKAY;
} /* end mpl_num_set() */
@@ -245,30 +252,30 @@ mp_err mpl_num_set(mp_int *a, int *num)
/* {{{ mpl_num_clear(a, num) */
-mp_err mpl_num_clear(mp_int *a, int *num)
+mp_err
+mpl_num_clear(mp_int *a, int *num)
{
- unsigned int ix;
- int db, nset = 0;
- mp_digit cur;
- unsigned char reg;
+ unsigned int ix;
+ int db, nset = 0;
+ mp_digit cur;
+ unsigned char reg;
- ARGCHK(a != NULL, MP_BADARG);
+ ARGCHK(a != NULL, MP_BADARG);
- for(ix = 0; ix < USED(a); ix++) {
- cur = DIGIT(a, ix);
-
- for(db = 0; db < sizeof(mp_digit); db++) {
- reg = (unsigned char)(cur >> (CHAR_BIT * db));
+ for (ix = 0; ix < USED(a); ix++) {
+ cur = DIGIT(a, ix);
- nset += bitc[UCHAR_MAX - reg];
- }
- }
+ for (db = 0; db < sizeof(mp_digit); db++) {
+ reg = (unsigned char)(cur >> (CHAR_BIT * db));
- if(num)
- *num = nset;
+ nset += bitc[UCHAR_MAX - reg];
+ }
+ }
- return MP_OKAY;
+ if (num)
+ *num = nset;
+ return MP_OKAY;
} /* end mpl_num_clear() */
@@ -285,34 +292,35 @@ mp_err mpl_num_clear(mp_int *a, int *num)
/* {{{ mpl_parity(a) */
-mp_err mpl_parity(mp_int *a)
+mp_err
+mpl_parity(mp_int *a)
{
- unsigned int ix;
- int par = 0;
- mp_digit cur;
+ unsigned int ix;
+ int par = 0;
+ mp_digit cur;
- ARGCHK(a != NULL, MP_BADARG);
+ ARGCHK(a != NULL, MP_BADARG);
- for(ix = 0; ix < USED(a); ix++) {
- int shft = (sizeof(mp_digit) * CHAR_BIT) / 2;
+ for (ix = 0; ix < USED(a); ix++) {
+ int shft = (sizeof(mp_digit) * CHAR_BIT) / 2;
- cur = DIGIT(a, ix);
+ cur = DIGIT(a, ix);
- /* Compute parity for current digit */
- while(shft != 0) {
- cur ^= (cur >> shft);
- shft >>= 1;
- }
- cur &= 1;
+ /* Compute parity for current digit */
+ while (shft != 0) {
+ cur ^= (cur >> shft);
+ shft >>= 1;
+ }
+ cur &= 1;
- /* XOR with running parity so far */
- par ^= cur;
- }
+ /* XOR with running parity so far */
+ par ^= cur;
+ }
- if(par)
- return MP_ODD;
- else
- return MP_EVEN;
+ if (par)
+ return MP_ODD;
+ else
+ return MP_EVEN;
} /* end mpl_parity() */
@@ -324,29 +332,30 @@ mp_err mpl_parity(mp_int *a)
Returns MP_OKAY or some error code.
Grows a if needed to set a bit to 1.
*/
-mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value)
+mp_err
+mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value)
{
- mp_size ix;
- mp_err rv;
- mp_digit mask;
-
- ARGCHK(a != NULL, MP_BADARG);
-
- ix = bitNum / MP_DIGIT_BIT;
- if (ix + 1 > MP_USED(a)) {
- rv = s_mp_pad(a, ix + 1);
- if (rv != MP_OKAY)
- return rv;
- }
-
- bitNum = bitNum % MP_DIGIT_BIT;
- mask = (mp_digit)1 << bitNum;
- if (value)
- MP_DIGIT(a,ix) |= mask;
- else
- MP_DIGIT(a,ix) &= ~mask;
- s_mp_clamp(a);
- return MP_OKAY;
+ mp_size ix;
+ mp_err rv;
+ mp_digit mask;
+
+ ARGCHK(a != NULL, MP_BADARG);
+
+ ix = bitNum / MP_DIGIT_BIT;
+ if (ix + 1 > MP_USED(a)) {
+ rv = s_mp_pad(a, ix + 1);
+ if (rv != MP_OKAY)
+ return rv;
+ }
+
+ bitNum = bitNum % MP_DIGIT_BIT;
+ mask = (mp_digit)1 << bitNum;
+ if (value)
+ MP_DIGIT(a, ix) |= mask;
+ else
+ MP_DIGIT(a, ix) &= ~mask;
+ s_mp_clamp(a);
+ return MP_OKAY;
}
/*
@@ -354,48 +363,50 @@ mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value)
returns 0 or 1 or some (negative) error code.
*/
-mp_err mpl_get_bit(const mp_int *a, mp_size bitNum)
+mp_err
+mpl_get_bit(const mp_int *a, mp_size bitNum)
{
- mp_size bit, ix;
- mp_err rv;
+ mp_size bit, ix;
+ mp_err rv;
- ARGCHK(a != NULL, MP_BADARG);
+ ARGCHK(a != NULL, MP_BADARG);
- ix = bitNum / MP_DIGIT_BIT;
- ARGCHK(ix <= MP_USED(a) - 1, MP_RANGE);
+ ix = bitNum / MP_DIGIT_BIT;
+ ARGCHK(ix <= MP_USED(a) - 1, MP_RANGE);
- bit = bitNum % MP_DIGIT_BIT;
- rv = (mp_err)(MP_DIGIT(a, ix) >> bit) & 1;
- return rv;
+ bit = bitNum % MP_DIGIT_BIT;
+ rv = (mp_err)(MP_DIGIT(a, ix) >> bit) & 1;
+ return rv;
}
/*
mpl_get_bits
- Extracts numBits bits from a, where the least significant extracted bit
is bit lsbNum. Returns a negative value if error occurs.
- - Because sign bit is used to indicate error, maximum number of bits to
+ - Because sign bit is used to indicate error, maximum number of bits to
be returned is the lesser of (a) the number of bits in an mp_digit, or
(b) one less than the number of bits in an mp_err.
- lsbNum + numbits can be greater than the number of significant bits in
integer a, as long as bit lsbNum is in the high order digit of a.
*/
-mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits)
+mp_err
+mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits)
{
- mp_size rshift = (lsbNum % MP_DIGIT_BIT);
- mp_size lsWndx = (lsbNum / MP_DIGIT_BIT);
- mp_digit * digit = MP_DIGITS(a) + lsWndx;
- mp_digit mask = ((1 << numBits) - 1);
-
- ARGCHK(numBits < CHAR_BIT * sizeof mask, MP_BADARG);
- ARGCHK(MP_HOWMANY(lsbNum, MP_DIGIT_BIT) <= MP_USED(a), MP_RANGE);
-
- if ((numBits + lsbNum % MP_DIGIT_BIT <= MP_DIGIT_BIT) ||
- (lsWndx + 1 >= MP_USED(a))) {
- mask &= (digit[0] >> rshift);
- } else {
- mask &= ((digit[0] >> rshift) | (digit[1] << (MP_DIGIT_BIT - rshift)));
- }
- return (mp_err)mask;
+ mp_size rshift = (lsbNum % MP_DIGIT_BIT);
+ mp_size lsWndx = (lsbNum / MP_DIGIT_BIT);
+ mp_digit *digit = MP_DIGITS(a) + lsWndx;
+ mp_digit mask = ((1 << numBits) - 1);
+
+ ARGCHK(numBits < CHAR_BIT * sizeof mask, MP_BADARG);
+ ARGCHK(MP_HOWMANY(lsbNum, MP_DIGIT_BIT) <= MP_USED(a), MP_RANGE);
+
+ if ((numBits + lsbNum % MP_DIGIT_BIT <= MP_DIGIT_BIT) ||
+ (lsWndx + 1 >= MP_USED(a))) {
+ mask &= (digit[0] >> rshift);
+ } else {
+ mask &= ((digit[0] >> rshift) | (digit[1] << (MP_DIGIT_BIT - rshift)));
+ }
+ return (mp_err)mask;
}
/*
@@ -403,28 +414,29 @@ mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits)
returns number of significnant bits in abs(a).
returns 1 if value is zero.
*/
-mp_size mpl_significant_bits(const mp_int *a)
+mp_size
+mpl_significant_bits(const mp_int *a)
{
- mp_size bits = 0;
- int ix;
-
- ARGCHK(a != NULL, MP_BADARG);
-
- for (ix = MP_USED(a); ix > 0; ) {
- mp_digit d;
- d = MP_DIGIT(a, --ix);
- if (d) {
- while (d) {
- ++bits;
- d >>= 1;
- }
- break;
+ mp_size bits = 0;
+ int ix;
+
+ ARGCHK(a != NULL, MP_BADARG);
+
+ for (ix = MP_USED(a); ix > 0;) {
+ mp_digit d;
+ d = MP_DIGIT(a, --ix);
+ if (d) {
+ while (d) {
+ ++bits;
+ d >>= 1;
+ }
+ break;
+ }
}
- }
- bits += ix * MP_DIGIT_BIT;
- if (!bits)
- bits = 1;
- return bits;
+ bits += ix * MP_DIGIT_BIT;
+ if (!bits)
+ bits = 1;
+ return bits;
}
/*------------------------------------------------------------------------*/
diff --git a/lib/freebl/mpi/mplogic.h b/lib/freebl/mpi/mplogic.h
index e05374a82..a4a6b7735 100644
--- a/lib/freebl/mpi/mplogic.h
+++ b/lib/freebl/mpi/mplogic.h
@@ -21,8 +21,8 @@
/* Parity results */
-#define MP_EVEN MP_YES
-#define MP_ODD MP_NO
+#define MP_EVEN MP_YES
+#define MP_ODD MP_NO
/* Bitwise functions */
@@ -33,14 +33,14 @@ mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c); /* bitwise XOR */
/* Shift functions */
-mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d); /* right shift */
-mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d); /* left shift */
+mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d); /* right shift */
+mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d); /* left shift */
/* Bit count and parity */
-mp_err mpl_num_set(mp_int *a, int *num); /* count set bits */
-mp_err mpl_num_clear(mp_int *a, int *num); /* count clear bits */
-mp_err mpl_parity(mp_int *a); /* determine parity */
+mp_err mpl_num_set(mp_int *a, int *num); /* count set bits */
+mp_err mpl_num_clear(mp_int *a, int *num); /* count clear bits */
+mp_err mpl_parity(mp_int *a); /* determine parity */
/* Get & Set the value of a bit */
diff --git a/lib/freebl/mpi/mpmontg.c b/lib/freebl/mpi/mpmontg.c
index a141ae3ab..06fd41b3a 100644
--- a/lib/freebl/mpi/mpmontg.c
+++ b/lib/freebl/mpi/mpmontg.c
@@ -11,7 +11,7 @@
* published by Springer Verlag.
*/
-#define MP_USING_CACHE_SAFE_MOD_EXP 1
+#define MP_USING_CACHE_SAFE_MOD_EXP 1
#include <string.h>
#include "mpi-priv.h"
#include "mplogic.h"
@@ -24,41 +24,42 @@
#define STATIC
-#define MAX_ODD_INTS 32 /* 2 ** (WINDOW_BITS - 1) */
+#define MAX_ODD_INTS 32 /* 2 ** (WINDOW_BITS - 1) */
-/*! computes T = REDC(T), 2^b == R
+/*! computes T = REDC(T), 2^b == R
\param T < RN
*/
-mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm)
+mp_err
+s_mp_redc(mp_int *T, mp_mont_modulus *mmm)
{
- mp_err res;
- mp_size i;
-
- i = (MP_USED(&mmm->N) << 1) + 1;
- MP_CHECKOK( s_mp_pad(T, i) );
- for (i = 0; i < MP_USED(&mmm->N); ++i ) {
- mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime;
- /* T += N * m_i * (MP_RADIX ** i); */
- s_mp_mul_d_add_offset(&mmm->N, m_i, T, i);
- }
- s_mp_clamp(T);
-
- /* T /= R */
- s_mp_rshd( T, MP_USED(&mmm->N) );
-
- if ((res = s_mp_cmp(T, &mmm->N)) >= 0) {
- /* T = T - N */
- MP_CHECKOK( s_mp_sub(T, &mmm->N) );
-#ifdef DEBUG
- if ((res = mp_cmp(T, &mmm->N)) >= 0) {
- res = MP_UNDEF;
- goto CLEANUP;
+ mp_err res;
+ mp_size i;
+
+ i = (MP_USED(&mmm->N) << 1) + 1;
+ MP_CHECKOK(s_mp_pad(T, i));
+ for (i = 0; i < MP_USED(&mmm->N); ++i) {
+ mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime;
+ /* T += N * m_i * (MP_RADIX ** i); */
+ s_mp_mul_d_add_offset(&mmm->N, m_i, T, i);
}
+ s_mp_clamp(T);
+
+ /* T /= R */
+ s_mp_rshd(T, MP_USED(&mmm->N));
+
+ if ((res = s_mp_cmp(T, &mmm->N)) >= 0) {
+ /* T = T - N */
+ MP_CHECKOK(s_mp_sub(T, &mmm->N));
+#ifdef DEBUG
+ if ((res = mp_cmp(T, &mmm->N)) >= 0) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
#endif
- }
- res = MP_OKAY;
+ }
+ res = MP_OKAY;
CLEANUP:
- return res;
+ return res;
}
#if !defined(MP_MONT_USE_MP_MUL)
@@ -68,75 +69,78 @@ CLEANUP:
\param b < N i.e. "reduced"
\param mmm modulus N and n0' of N
*/
-mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,
- mp_mont_modulus *mmm)
+mp_err
+s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,
+ mp_mont_modulus *mmm)
{
- mp_digit *pb;
- mp_digit m_i;
- mp_err res;
- mp_size ib; /* "index b": index of current digit of B */
- mp_size useda, usedb;
-
- ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
-
- if (MP_USED(a) < MP_USED(b)) {
- const mp_int *xch = b; /* switch a and b, to do fewer outer loops */
- b = a;
- a = xch;
- }
-
- MP_USED(c) = 1; MP_DIGIT(c, 0) = 0;
- ib = (MP_USED(&mmm->N) << 1) + 1;
- if((res = s_mp_pad(c, ib)) != MP_OKAY)
- goto CLEANUP;
-
- useda = MP_USED(a);
- pb = MP_DIGITS(b);
- s_mpv_mul_d(MP_DIGITS(a), useda, *pb++, MP_DIGITS(c));
- s_mp_setz(MP_DIGITS(c) + useda + 1, ib - (useda + 1));
- m_i = MP_DIGIT(c, 0) * mmm->n0prime;
- s_mp_mul_d_add_offset(&mmm->N, m_i, c, 0);
-
- /* Outer loop: Digits of b */
- usedb = MP_USED(b);
- for (ib = 1; ib < usedb; ib++) {
- mp_digit b_i = *pb++;
-
- /* Inner product: Digits of a */
- if (b_i)
- s_mpv_mul_d_add_prop(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
- m_i = MP_DIGIT(c, ib) * mmm->n0prime;
- s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
- }
- if (usedb < MP_USED(&mmm->N)) {
- for (usedb = MP_USED(&mmm->N); ib < usedb; ++ib ) {
- m_i = MP_DIGIT(c, ib) * mmm->n0prime;
- s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
+ mp_digit *pb;
+ mp_digit m_i;
+ mp_err res;
+ mp_size ib; /* "index b": index of current digit of B */
+ mp_size useda, usedb;
+
+ ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+ if (MP_USED(a) < MP_USED(b)) {
+ const mp_int *xch = b; /* switch a and b, to do fewer outer loops */
+ b = a;
+ a = xch;
+ }
+
+ MP_USED(c) = 1;
+ MP_DIGIT(c, 0) = 0;
+ ib = (MP_USED(&mmm->N) << 1) + 1;
+ if ((res = s_mp_pad(c, ib)) != MP_OKAY)
+ goto CLEANUP;
+
+ useda = MP_USED(a);
+ pb = MP_DIGITS(b);
+ s_mpv_mul_d(MP_DIGITS(a), useda, *pb++, MP_DIGITS(c));
+ s_mp_setz(MP_DIGITS(c) + useda + 1, ib - (useda + 1));
+ m_i = MP_DIGIT(c, 0) * mmm->n0prime;
+ s_mp_mul_d_add_offset(&mmm->N, m_i, c, 0);
+
+ /* Outer loop: Digits of b */
+ usedb = MP_USED(b);
+ for (ib = 1; ib < usedb; ib++) {
+ mp_digit b_i = *pb++;
+
+ /* Inner product: Digits of a */
+ if (b_i)
+ s_mpv_mul_d_add_prop(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
+ m_i = MP_DIGIT(c, ib) * mmm->n0prime;
+ s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
+ }
+ if (usedb < MP_USED(&mmm->N)) {
+ for (usedb = MP_USED(&mmm->N); ib < usedb; ++ib) {
+ m_i = MP_DIGIT(c, ib) * mmm->n0prime;
+ s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
+ }
+ }
+ s_mp_clamp(c);
+ s_mp_rshd(c, MP_USED(&mmm->N)); /* c /= R */
+ if (s_mp_cmp(c, &mmm->N) >= 0) {
+ MP_CHECKOK(s_mp_sub(c, &mmm->N));
}
- }
- s_mp_clamp(c);
- s_mp_rshd( c, MP_USED(&mmm->N) ); /* c /= R */
- if (s_mp_cmp(c, &mmm->N) >= 0) {
- MP_CHECKOK( s_mp_sub(c, &mmm->N) );
- }
- res = MP_OKAY;
+ res = MP_OKAY;
CLEANUP:
- return res;
+ return res;
}
#endif
STATIC
-mp_err s_mp_to_mont(const mp_int *x, mp_mont_modulus *mmm, mp_int *xMont)
+mp_err
+s_mp_to_mont(const mp_int *x, mp_mont_modulus *mmm, mp_int *xMont)
{
- mp_err res;
+ mp_err res;
- /* xMont = x * R mod N where N is modulus */
- MP_CHECKOK( mp_copy( x, xMont ) );
- MP_CHECKOK( s_mp_lshd( xMont, MP_USED(&mmm->N) ) ); /* xMont = x << b */
- MP_CHECKOK( mp_div(xMont, &mmm->N, 0, xMont) ); /* mod N */
+ /* xMont = x * R mod N where N is modulus */
+ MP_CHECKOK(mp_copy(x, xMont));
+ MP_CHECKOK(s_mp_lshd(xMont, MP_USED(&mmm->N))); /* xMont = x << b */
+ MP_CHECKOK(mp_div(xMont, &mmm->N, 0, xMont)); /* mod N */
CLEANUP:
- return res;
+ return res;
}
#ifdef MP_USING_MONT_MULF
@@ -151,329 +155,508 @@ CLEANUP:
unsigned int mp_using_mont_mulf = 1;
/* computes montgomery square of the integer in mResult */
-#define SQR \
- conv_i32_to_d32_and_d16(dm1, d16Tmp, mResult, nLen); \
- mont_mulf_noconv(mResult, dm1, d16Tmp, \
- dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
+#define SQR \
+ conv_i32_to_d32_and_d16(dm1, d16Tmp, mResult, nLen); \
+ mont_mulf_noconv(mResult, dm1, d16Tmp, \
+ dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
/* computes montgomery product of x and the integer in mResult */
-#define MUL(x) \
- conv_i32_to_d32(dm1, mResult, nLen); \
- mont_mulf_noconv(mResult, dm1, oddPowers[x], \
- dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
+#define MUL(x) \
+ conv_i32_to_d32(dm1, mResult, nLen); \
+ mont_mulf_noconv(mResult, dm1, oddPowers[x], \
+ dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
/* Do modular exponentiation using floating point multiply code. */
-mp_err mp_exptmod_f(const mp_int * montBase,
- const mp_int * exponent,
- const mp_int * modulus,
- mp_int * result,
- mp_mont_modulus *mmm,
- int nLen,
- mp_size bits_in_exponent,
- mp_size window_bits,
- mp_size odd_ints)
+mp_err
+mp_exptmod_f(const mp_int *montBase,
+ const mp_int *exponent,
+ const mp_int *modulus,
+ mp_int *result,
+ mp_mont_modulus *mmm,
+ int nLen,
+ mp_size bits_in_exponent,
+ mp_size window_bits,
+ mp_size odd_ints)
{
- mp_digit *mResult;
- double *dBuf = 0, *dm1, *dn, *dSqr, *d16Tmp, *dTmp;
- double dn0;
- mp_size i;
- mp_err res;
- int expOff;
- int dSize = 0, oddPowSize, dTmpSize;
- mp_int accum1;
- double *oddPowers[MAX_ODD_INTS];
-
- /* function for computing n0prime only works if n0 is odd */
-
- MP_DIGITS(&accum1) = 0;
-
- for (i = 0; i < MAX_ODD_INTS; ++i)
- oddPowers[i] = 0;
-
- MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
-
- mp_set(&accum1, 1);
- MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
- MP_CHECKOK( s_mp_pad(&accum1, nLen) );
-
- oddPowSize = 2 * nLen + 1;
- dTmpSize = 2 * oddPowSize;
- dSize = sizeof(double) * (nLen * 4 + 1 +
- ((odd_ints + 1) * oddPowSize) + dTmpSize);
- dBuf = (double *)malloc(dSize);
- dm1 = dBuf; /* array of d32 */
- dn = dBuf + nLen; /* array of d32 */
- dSqr = dn + nLen; /* array of d32 */
- d16Tmp = dSqr + nLen; /* array of d16 */
- dTmp = d16Tmp + oddPowSize;
-
- for (i = 0; i < odd_ints; ++i) {
- oddPowers[i] = dTmp;
- dTmp += oddPowSize;
- }
- mResult = (mp_digit *)(dTmp + dTmpSize); /* size is nLen + 1 */
-
- /* Make dn and dn0 */
- conv_i32_to_d32(dn, MP_DIGITS(modulus), nLen);
- dn0 = (double)(mmm->n0prime & 0xffff);
-
- /* Make dSqr */
- conv_i32_to_d32_and_d16(dm1, oddPowers[0], MP_DIGITS(montBase), nLen);
- mont_mulf_noconv(mResult, dm1, oddPowers[0],
- dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
- conv_i32_to_d32(dSqr, mResult, nLen);
-
- for (i = 1; i < odd_ints; ++i) {
- mont_mulf_noconv(mResult, dSqr, oddPowers[i - 1],
- dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
- conv_i32_to_d16(oddPowers[i], mResult, nLen);
- }
-
- s_mp_copy(MP_DIGITS(&accum1), mResult, nLen); /* from, to, len */
-
- for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
- mp_size smallExp;
- MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
- smallExp = (mp_size)res;
-
- if (window_bits == 1) {
- if (!smallExp) {
- SQR;
- } else if (smallExp & 1) {
- SQR; MUL(0);
- } else {
- abort();
- }
- } else if (window_bits == 4) {
- if (!smallExp) {
- SQR; SQR; SQR; SQR;
- } else if (smallExp & 1) {
- SQR; SQR; SQR; SQR; MUL(smallExp/2);
- } else if (smallExp & 2) {
- SQR; SQR; SQR; MUL(smallExp/4); SQR;
- } else if (smallExp & 4) {
- SQR; SQR; MUL(smallExp/8); SQR; SQR;
- } else if (smallExp & 8) {
- SQR; MUL(smallExp/16); SQR; SQR; SQR;
- } else {
- abort();
- }
- } else if (window_bits == 5) {
- if (!smallExp) {
- SQR; SQR; SQR; SQR; SQR;
- } else if (smallExp & 1) {
- SQR; SQR; SQR; SQR; SQR; MUL(smallExp/2);
- } else if (smallExp & 2) {
- SQR; SQR; SQR; SQR; MUL(smallExp/4); SQR;
- } else if (smallExp & 4) {
- SQR; SQR; SQR; MUL(smallExp/8); SQR; SQR;
- } else if (smallExp & 8) {
- SQR; SQR; MUL(smallExp/16); SQR; SQR; SQR;
- } else if (smallExp & 0x10) {
- SQR; MUL(smallExp/32); SQR; SQR; SQR; SQR;
- } else {
- abort();
- }
- } else if (window_bits == 6) {
- if (!smallExp) {
- SQR; SQR; SQR; SQR; SQR; SQR;
- } else if (smallExp & 1) {
- SQR; SQR; SQR; SQR; SQR; SQR; MUL(smallExp/2);
- } else if (smallExp & 2) {
- SQR; SQR; SQR; SQR; SQR; MUL(smallExp/4); SQR;
- } else if (smallExp & 4) {
- SQR; SQR; SQR; SQR; MUL(smallExp/8); SQR; SQR;
- } else if (smallExp & 8) {
- SQR; SQR; SQR; MUL(smallExp/16); SQR; SQR; SQR;
- } else if (smallExp & 0x10) {
- SQR; SQR; MUL(smallExp/32); SQR; SQR; SQR; SQR;
- } else if (smallExp & 0x20) {
- SQR; MUL(smallExp/64); SQR; SQR; SQR; SQR; SQR;
- } else {
- abort();
- }
- } else {
- abort();
+ mp_digit *mResult;
+ double *dBuf = 0, *dm1, *dn, *dSqr, *d16Tmp, *dTmp;
+ double dn0;
+ mp_size i;
+ mp_err res;
+ int expOff;
+ int dSize = 0, oddPowSize, dTmpSize;
+ mp_int accum1;
+ double *oddPowers[MAX_ODD_INTS];
+
+ /* function for computing n0prime only works if n0 is odd */
+
+ MP_DIGITS(&accum1) = 0;
+
+ for (i = 0; i < MAX_ODD_INTS; ++i)
+ oddPowers[i] = 0;
+
+ MP_CHECKOK(mp_init_size(&accum1, 3 * nLen + 2));
+
+ mp_set(&accum1, 1);
+ MP_CHECKOK(s_mp_to_mont(&accum1, mmm, &accum1));
+ MP_CHECKOK(s_mp_pad(&accum1, nLen));
+
+ oddPowSize = 2 * nLen + 1;
+ dTmpSize = 2 * oddPowSize;
+ dSize = sizeof(double) * (nLen * 4 + 1 +
+ ((odd_ints + 1) * oddPowSize) + dTmpSize);
+ dBuf = (double *)malloc(dSize);
+ dm1 = dBuf; /* array of d32 */
+ dn = dBuf + nLen; /* array of d32 */
+ dSqr = dn + nLen; /* array of d32 */
+ d16Tmp = dSqr + nLen; /* array of d16 */
+ dTmp = d16Tmp + oddPowSize;
+
+ for (i = 0; i < odd_ints; ++i) {
+ oddPowers[i] = dTmp;
+ dTmp += oddPowSize;
+ }
+ mResult = (mp_digit *)(dTmp + dTmpSize); /* size is nLen + 1 */
+
+ /* Make dn and dn0 */
+ conv_i32_to_d32(dn, MP_DIGITS(modulus), nLen);
+ dn0 = (double)(mmm->n0prime & 0xffff);
+
+ /* Make dSqr */
+ conv_i32_to_d32_and_d16(dm1, oddPowers[0], MP_DIGITS(montBase), nLen);
+ mont_mulf_noconv(mResult, dm1, oddPowers[0],
+ dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
+ conv_i32_to_d32(dSqr, mResult, nLen);
+
+ for (i = 1; i < odd_ints; ++i) {
+ mont_mulf_noconv(mResult, dSqr, oddPowers[i - 1],
+ dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
+ conv_i32_to_d16(oddPowers[i], mResult, nLen);
+ }
+
+ s_mp_copy(MP_DIGITS(&accum1), mResult, nLen); /* from, to, len */
+
+ for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
+ mp_size smallExp;
+ MP_CHECKOK(mpl_get_bits(exponent, expOff, window_bits));
+ smallExp = (mp_size)res;
+
+ if (window_bits == 1) {
+ if (!smallExp) {
+ SQR;
+ } else if (smallExp & 1) {
+ SQR;
+ MUL(0);
+ } else {
+ abort();
+ }
+ } else if (window_bits == 4) {
+ if (!smallExp) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ } else if (smallExp & 1) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 2);
+ } else if (smallExp & 2) {
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 4);
+ SQR;
+ } else if (smallExp & 4) {
+ SQR;
+ SQR;
+ MUL(smallExp / 8);
+ SQR;
+ SQR;
+ } else if (smallExp & 8) {
+ SQR;
+ MUL(smallExp / 16);
+ SQR;
+ SQR;
+ SQR;
+ } else {
+ abort();
+ }
+ } else if (window_bits == 5) {
+ if (!smallExp) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ } else if (smallExp & 1) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 2);
+ } else if (smallExp & 2) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 4);
+ SQR;
+ } else if (smallExp & 4) {
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 8);
+ SQR;
+ SQR;
+ } else if (smallExp & 8) {
+ SQR;
+ SQR;
+ MUL(smallExp / 16);
+ SQR;
+ SQR;
+ SQR;
+ } else if (smallExp & 0x10) {
+ SQR;
+ MUL(smallExp / 32);
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ } else {
+ abort();
+ }
+ } else if (window_bits == 6) {
+ if (!smallExp) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ } else if (smallExp & 1) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 2);
+ } else if (smallExp & 2) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 4);
+ SQR;
+ } else if (smallExp & 4) {
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 8);
+ SQR;
+ SQR;
+ } else if (smallExp & 8) {
+ SQR;
+ SQR;
+ SQR;
+ MUL(smallExp / 16);
+ SQR;
+ SQR;
+ SQR;
+ } else if (smallExp & 0x10) {
+ SQR;
+ SQR;
+ MUL(smallExp / 32);
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ } else if (smallExp & 0x20) {
+ SQR;
+ MUL(smallExp / 64);
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ SQR;
+ } else {
+ abort();
+ }
+ } else {
+ abort();
+ }
}
- }
- s_mp_copy(mResult, MP_DIGITS(&accum1), nLen); /* from, to, len */
+ s_mp_copy(mResult, MP_DIGITS(&accum1), nLen); /* from, to, len */
- res = s_mp_redc(&accum1, mmm);
- mp_exch(&accum1, result);
+ res = s_mp_redc(&accum1, mmm);
+ mp_exch(&accum1, result);
CLEANUP:
- mp_clear(&accum1);
- if (dBuf) {
- if (dSize)
- memset(dBuf, 0, dSize);
- free(dBuf);
- }
-
- return res;
+ mp_clear(&accum1);
+ if (dBuf) {
+ if (dSize)
+ memset(dBuf, 0, dSize);
+ free(dBuf);
+ }
+
+ return res;
}
#undef SQR
#undef MUL
#endif
-#define SQR(a,b) \
- MP_CHECKOK( mp_sqr(a, b) );\
- MP_CHECKOK( s_mp_redc(b, mmm) )
+#define SQR(a, b) \
+ MP_CHECKOK(mp_sqr(a, b)); \
+ MP_CHECKOK(s_mp_redc(b, mmm))
#if defined(MP_MONT_USE_MP_MUL)
-#define MUL(x,a,b) \
- MP_CHECKOK( mp_mul(a, oddPowers + (x), b) ); \
- MP_CHECKOK( s_mp_redc(b, mmm) )
+#define MUL(x, a, b) \
+ MP_CHECKOK(mp_mul(a, oddPowers + (x), b)); \
+ MP_CHECKOK(s_mp_redc(b, mmm))
#else
-#define MUL(x,a,b) \
- MP_CHECKOK( s_mp_mul_mont(a, oddPowers + (x), b, mmm) )
+#define MUL(x, a, b) \
+ MP_CHECKOK(s_mp_mul_mont(a, oddPowers + (x), b, mmm))
#endif
-#define SWAPPA ptmp = pa1; pa1 = pa2; pa2 = ptmp
+#define SWAPPA \
+ ptmp = pa1; \
+ pa1 = pa2; \
+ pa2 = ptmp
/* Do modular exponentiation using integer multiply code. */
-mp_err mp_exptmod_i(const mp_int * montBase,
- const mp_int * exponent,
- const mp_int * modulus,
- mp_int * result,
- mp_mont_modulus *mmm,
- int nLen,
- mp_size bits_in_exponent,
- mp_size window_bits,
- mp_size odd_ints)
+mp_err
+mp_exptmod_i(const mp_int *montBase,
+ const mp_int *exponent,
+ const mp_int *modulus,
+ mp_int *result,
+ mp_mont_modulus *mmm,
+ int nLen,
+ mp_size bits_in_exponent,
+ mp_size window_bits,
+ mp_size odd_ints)
{
- mp_int *pa1, *pa2, *ptmp;
- mp_size i;
- mp_err res;
- int expOff;
- mp_int accum1, accum2, power2, oddPowers[MAX_ODD_INTS];
-
- /* power2 = base ** 2; oddPowers[i] = base ** (2*i + 1); */
- /* oddPowers[i] = base ** (2*i + 1); */
-
- MP_DIGITS(&accum1) = 0;
- MP_DIGITS(&accum2) = 0;
- MP_DIGITS(&power2) = 0;
- for (i = 0; i < MAX_ODD_INTS; ++i) {
- MP_DIGITS(oddPowers + i) = 0;
- }
-
- MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
- MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) );
-
- MP_CHECKOK( mp_init_copy(&oddPowers[0], montBase) );
-
- MP_CHECKOK( mp_init_size(&power2, nLen + 2 * MP_USED(montBase) + 2) );
- MP_CHECKOK( mp_sqr(montBase, &power2) ); /* power2 = montBase ** 2 */
- MP_CHECKOK( s_mp_redc(&power2, mmm) );
-
- for (i = 1; i < odd_ints; ++i) {
- MP_CHECKOK( mp_init_size(oddPowers + i, nLen + 2 * MP_USED(&power2) + 2) );
- MP_CHECKOK( mp_mul(oddPowers + (i - 1), &power2, oddPowers + i) );
- MP_CHECKOK( s_mp_redc(oddPowers + i, mmm) );
- }
-
- /* set accumulator to montgomery residue of 1 */
- mp_set(&accum1, 1);
- MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
- pa1 = &accum1;
- pa2 = &accum2;
-
- for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
- mp_size smallExp;
- MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
- smallExp = (mp_size)res;
-
- if (window_bits == 1) {
- if (!smallExp) {
- SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 1) {
- SQR(pa1,pa2); MUL(0,pa2,pa1);
- } else {
- abort();
- }
- } else if (window_bits == 4) {
- if (!smallExp) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- } else if (smallExp & 1) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- MUL(smallExp/2, pa1,pa2); SWAPPA;
- } else if (smallExp & 2) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2);
- MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 4) {
- SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/8,pa1,pa2);
- SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 8) {
- SQR(pa1,pa2); MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2);
- SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
- } else {
- abort();
- }
- } else if (window_bits == 5) {
- if (!smallExp) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 1) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- SQR(pa1,pa2); MUL(smallExp/2,pa2,pa1);
- } else if (smallExp & 2) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- MUL(smallExp/4,pa1,pa2); SQR(pa2,pa1);
- } else if (smallExp & 4) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2);
- MUL(smallExp/8,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- } else if (smallExp & 8) {
- SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/16,pa1,pa2);
- SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- } else if (smallExp & 0x10) {
- SQR(pa1,pa2); MUL(smallExp/32,pa2,pa1); SQR(pa1,pa2);
- SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- } else {
- abort();
- }
- } else if (window_bits == 6) {
- if (!smallExp) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- SQR(pa1,pa2); SQR(pa2,pa1);
- } else if (smallExp & 1) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/2,pa1,pa2); SWAPPA;
- } else if (smallExp & 2) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- SQR(pa1,pa2); MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 4) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- MUL(smallExp/8,pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 8) {
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2);
- MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 0x10) {
- SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/32,pa1,pa2);
- SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 0x20) {
- SQR(pa1,pa2); MUL(smallExp/64,pa2,pa1); SQR(pa1,pa2);
- SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
- } else {
- abort();
- }
- } else {
- abort();
+ mp_int *pa1, *pa2, *ptmp;
+ mp_size i;
+ mp_err res;
+ int expOff;
+ mp_int accum1, accum2, power2, oddPowers[MAX_ODD_INTS];
+
+ /* power2 = base ** 2; oddPowers[i] = base ** (2*i + 1); */
+ /* oddPowers[i] = base ** (2*i + 1); */
+
+ MP_DIGITS(&accum1) = 0;
+ MP_DIGITS(&accum2) = 0;
+ MP_DIGITS(&power2) = 0;
+ for (i = 0; i < MAX_ODD_INTS; ++i) {
+ MP_DIGITS(oddPowers + i) = 0;
+ }
+
+ MP_CHECKOK(mp_init_size(&accum1, 3 * nLen + 2));
+ MP_CHECKOK(mp_init_size(&accum2, 3 * nLen + 2));
+
+ MP_CHECKOK(mp_init_copy(&oddPowers[0], montBase));
+
+ MP_CHECKOK(mp_init_size(&power2, nLen + 2 * MP_USED(montBase) + 2));
+ MP_CHECKOK(mp_sqr(montBase, &power2)); /* power2 = montBase ** 2 */
+ MP_CHECKOK(s_mp_redc(&power2, mmm));
+
+ for (i = 1; i < odd_ints; ++i) {
+ MP_CHECKOK(mp_init_size(oddPowers + i, nLen + 2 * MP_USED(&power2) + 2));
+ MP_CHECKOK(mp_mul(oddPowers + (i - 1), &power2, oddPowers + i));
+ MP_CHECKOK(s_mp_redc(oddPowers + i, mmm));
}
- }
- res = s_mp_redc(pa1, mmm);
- mp_exch(pa1, result);
+ /* set accumulator to montgomery residue of 1 */
+ mp_set(&accum1, 1);
+ MP_CHECKOK(s_mp_to_mont(&accum1, mmm, &accum1));
+ pa1 = &accum1;
+ pa2 = &accum2;
+
+ for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
+ mp_size smallExp;
+ MP_CHECKOK(mpl_get_bits(exponent, expOff, window_bits));
+ smallExp = (mp_size)res;
+
+ if (window_bits == 1) {
+ if (!smallExp) {
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 1) {
+ SQR(pa1, pa2);
+ MUL(0, pa2, pa1);
+ } else {
+ abort();
+ }
+ } else if (window_bits == 4) {
+ if (!smallExp) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ } else if (smallExp & 1) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp / 2, pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 2) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ MUL(smallExp / 4, pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 4) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp / 8, pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 8) {
+ SQR(pa1, pa2);
+ MUL(smallExp / 16, pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else {
+ abort();
+ }
+ } else if (window_bits == 5) {
+ if (!smallExp) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 1) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ MUL(smallExp / 2, pa2, pa1);
+ } else if (smallExp & 2) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp / 4, pa1, pa2);
+ SQR(pa2, pa1);
+ } else if (smallExp & 4) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ MUL(smallExp / 8, pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ } else if (smallExp & 8) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp / 16, pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ } else if (smallExp & 0x10) {
+ SQR(pa1, pa2);
+ MUL(smallExp / 32, pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ } else {
+ abort();
+ }
+ } else if (window_bits == 6) {
+ if (!smallExp) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ } else if (smallExp & 1) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp / 2, pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 2) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ MUL(smallExp / 4, pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 4) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp / 8, pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 8) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ MUL(smallExp / 16, pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 0x10) {
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp / 32, pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 0x20) {
+ SQR(pa1, pa2);
+ MUL(smallExp / 64, pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else {
+ abort();
+ }
+ } else {
+ abort();
+ }
+ }
+
+ res = s_mp_redc(pa1, mmm);
+ mp_exch(pa1, result);
CLEANUP:
- mp_clear(&accum1);
- mp_clear(&accum2);
- mp_clear(&power2);
- for (i = 0; i < odd_ints; ++i) {
- mp_clear(oddPowers + i);
- }
- return res;
+ mp_clear(&accum1);
+ mp_clear(&accum2);
+ mp_clear(&power2);
+ for (i = 0; i < odd_ints; ++i) {
+ mp_clear(oddPowers + i);
+ }
+ return res;
}
#undef SQR
#undef MUL
@@ -482,16 +665,17 @@ CLEANUP:
unsigned int mp_using_cache_safe_exp = 1;
#endif
-mp_err mp_set_safe_modexp(int value)
+mp_err
+mp_set_safe_modexp(int value)
{
#ifdef MP_USING_CACHE_SAFE_MOD_EXP
- mp_using_cache_safe_exp = value;
- return MP_OKAY;
+ mp_using_cache_safe_exp = value;
+ return MP_OKAY;
#else
- if (value == 0) {
- return MP_OKAY;
- }
- return MP_BADARG;
+ if (value == 0) {
+ return MP_OKAY;
+ }
+ return MP_BADARG;
#endif
}
@@ -535,40 +719,40 @@ mp_err mp_set_safe_modexp(int value)
* mp_ints that use less than nDigits digits are logically padded with zeros
* while being stored in the weaved array.
*/
-mp_err mpi_to_weave(const mp_int *bignums,
+mp_err mpi_to_weave(const mp_int *bignums,
mp_digit *weaved,
mp_size nDigits, /* in each mp_int of input */
mp_size nBignums) /* in the entire source array */
{
- mp_size i;
- mp_digit *endDest = weaved + (nDigits * nBignums);
+ mp_size i;
+ mp_digit *endDest = weaved + (nDigits * nBignums);
- for (i=0; i < WEAVE_WORD_SIZE; i++) {
- mp_size used = MP_USED(&bignums[i]);
- mp_digit *pSrc = MP_DIGITS(&bignums[i]);
- mp_digit *endSrc = pSrc + used;
- mp_digit *pDest = weaved + i;
+ for (i = 0; i < WEAVE_WORD_SIZE; i++) {
+ mp_size used = MP_USED(&bignums[i]);
+ mp_digit *pSrc = MP_DIGITS(&bignums[i]);
+ mp_digit *endSrc = pSrc + used;
+ mp_digit *pDest = weaved + i;
- ARGCHK(MP_SIGN(&bignums[i]) == MP_ZPOS, MP_BADARG);
- ARGCHK(used <= nDigits, MP_BADARG);
+ ARGCHK(MP_SIGN(&bignums[i]) == MP_ZPOS, MP_BADARG);
+ ARGCHK(used <= nDigits, MP_BADARG);
- for (; pSrc < endSrc; pSrc++) {
- *pDest = *pSrc;
- pDest += nBignums;
- }
- while (pDest < endDest) {
- *pDest = 0;
- pDest += nBignums;
+ for (; pSrc < endSrc; pSrc++) {
+ *pDest = *pSrc;
+ pDest += nBignums;
+ }
+ while (pDest < endDest) {
+ *pDest = 0;
+ pDest += nBignums;
+ }
}
- }
- return MP_OKAY;
+ return MP_OKAY;
}
/*
* These functions return 0xffffffff if the output is true, and 0 otherwise.
*/
-#define CONST_TIME_MSB(x) (0L - ((x) >> (8*sizeof(x) - 1)))
+#define CONST_TIME_MSB(x) (0L - ((x) >> (8 * sizeof(x) - 1)))
#define CONST_TIME_EQ_Z(x) CONST_TIME_MSB(~(x) & ((x)-1))
#define CONST_TIME_EQ(a, b) CONST_TIME_EQ_Z((a) ^ (b))
@@ -577,364 +761,381 @@ mp_err mpi_to_weave(const mp_int *bignums,
* Every read accesses every element of the weaved array, in order to
* avoid timing attacks based on patterns of memory accesses.
*/
-mp_err weave_to_mpi(mp_int *a, /* out, result */
+mp_err weave_to_mpi(mp_int *a, /* out, result */
const mp_digit *weaved, /* in, byte matrix */
- mp_size index, /* which column to read */
- mp_size nDigits, /* number of mp_digits in each bignum */
- mp_size nBignums) /* width of the matrix */
+ mp_size index, /* which column to read */
+ mp_size nDigits, /* number of mp_digits in each bignum */
+ mp_size nBignums) /* width of the matrix */
{
- /* these are indices, but need to be the same size as mp_digit
- * because of the CONST_TIME operations */
- mp_digit i, j;
- mp_digit d;
- mp_digit *pDest = MP_DIGITS(a);
-
- MP_SIGN(a) = MP_ZPOS;
- MP_USED(a) = nDigits;
-
- assert(weaved != NULL);
-
- /* Fetch the proper column in constant time, indexing over the whole array */
- for (i=0; i<nDigits; ++i) {
- d = 0;
- for (j=0; j<nBignums; ++j) {
- d |= weaved[i*nBignums + j] & CONST_TIME_EQ(j, index);
+ /* these are indices, but need to be the same size as mp_digit
+ * because of the CONST_TIME operations */
+ mp_digit i, j;
+ mp_digit d;
+ mp_digit *pDest = MP_DIGITS(a);
+
+ MP_SIGN(a) = MP_ZPOS;
+ MP_USED(a) = nDigits;
+
+ assert(weaved != NULL);
+
+ /* Fetch the proper column in constant time, indexing over the whole array */
+ for (i = 0; i < nDigits; ++i) {
+ d = 0;
+ for (j = 0; j < nBignums; ++j) {
+ d |= weaved[i * nBignums + j] & CONST_TIME_EQ(j, index);
+ }
+ pDest[i] = d;
}
- pDest[i] = d;
- }
- s_mp_clamp(a);
- return MP_OKAY;
+ s_mp_clamp(a);
+ return MP_OKAY;
}
-#define SQR(a,b) \
- MP_CHECKOK( mp_sqr(a, b) );\
- MP_CHECKOK( s_mp_redc(b, mmm) )
+#define SQR(a, b) \
+ MP_CHECKOK(mp_sqr(a, b)); \
+ MP_CHECKOK(s_mp_redc(b, mmm))
#if defined(MP_MONT_USE_MP_MUL)
-#define MUL_NOWEAVE(x,a,b) \
- MP_CHECKOK( mp_mul(a, x, b) ); \
- MP_CHECKOK( s_mp_redc(b, mmm) )
+#define MUL_NOWEAVE(x, a, b) \
+ MP_CHECKOK(mp_mul(a, x, b)); \
+ MP_CHECKOK(s_mp_redc(b, mmm))
#else
-#define MUL_NOWEAVE(x,a,b) \
- MP_CHECKOK( s_mp_mul_mont(a, x, b, mmm) )
+#define MUL_NOWEAVE(x, a, b) \
+ MP_CHECKOK(s_mp_mul_mont(a, x, b, mmm))
#endif
-#define MUL(x,a,b) \
- MP_CHECKOK( weave_to_mpi(&tmp, powers, (x), nLen, num_powers) ); \
- MUL_NOWEAVE(&tmp,a,b)
+#define MUL(x, a, b) \
+ MP_CHECKOK(weave_to_mpi(&tmp, powers, (x), nLen, num_powers)); \
+ MUL_NOWEAVE(&tmp, a, b)
-#define SWAPPA ptmp = pa1; pa1 = pa2; pa2 = ptmp
-#define MP_ALIGN(x,y) ((((ptrdiff_t)(x))+((y)-1))&(((ptrdiff_t)0)-(y)))
+#define SWAPPA \
+ ptmp = pa1; \
+ pa1 = pa2; \
+ pa2 = ptmp
+#define MP_ALIGN(x, y) ((((ptrdiff_t)(x)) + ((y)-1)) & (((ptrdiff_t)0) - (y)))
/* Do modular exponentiation using integer multiply code. */
-mp_err mp_exptmod_safe_i(const mp_int * montBase,
- const mp_int * exponent,
- const mp_int * modulus,
- mp_int * result,
- mp_mont_modulus *mmm,
- int nLen,
- mp_size bits_in_exponent,
- mp_size window_bits,
- mp_size num_powers)
+mp_err
+mp_exptmod_safe_i(const mp_int *montBase,
+ const mp_int *exponent,
+ const mp_int *modulus,
+ mp_int *result,
+ mp_mont_modulus *mmm,
+ int nLen,
+ mp_size bits_in_exponent,
+ mp_size window_bits,
+ mp_size num_powers)
{
- mp_int *pa1, *pa2, *ptmp;
- mp_size i;
- mp_size first_window;
- mp_err res;
- int expOff;
- mp_int accum1, accum2, accum[WEAVE_WORD_SIZE];
- mp_int tmp;
- mp_digit *powersArray = NULL;
- mp_digit *powers = NULL;
-
- MP_DIGITS(&accum1) = 0;
- MP_DIGITS(&accum2) = 0;
- MP_DIGITS(&accum[0]) = 0;
- MP_DIGITS(&accum[1]) = 0;
- MP_DIGITS(&accum[2]) = 0;
- MP_DIGITS(&accum[3]) = 0;
- MP_DIGITS(&tmp) = 0;
-
- /* grab the first window value. This allows us to preload accumulator1
+ mp_int *pa1, *pa2, *ptmp;
+ mp_size i;
+ mp_size first_window;
+ mp_err res;
+ int expOff;
+ mp_int accum1, accum2, accum[WEAVE_WORD_SIZE];
+ mp_int tmp;
+ mp_digit *powersArray = NULL;
+ mp_digit *powers = NULL;
+
+ MP_DIGITS(&accum1) = 0;
+ MP_DIGITS(&accum2) = 0;
+ MP_DIGITS(&accum[0]) = 0;
+ MP_DIGITS(&accum[1]) = 0;
+ MP_DIGITS(&accum[2]) = 0;
+ MP_DIGITS(&accum[3]) = 0;
+ MP_DIGITS(&tmp) = 0;
+
+ /* grab the first window value. This allows us to preload accumulator1
* and save a conversion, some squares and a multiple*/
- MP_CHECKOK( mpl_get_bits(exponent,
- bits_in_exponent-window_bits, window_bits) );
- first_window = (mp_size)res;
-
- MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
- MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) );
-
- /* build the first WEAVE_WORD powers inline */
- /* if WEAVE_WORD_SIZE is not 4, this code will have to change */
- if (num_powers > 2) {
- MP_CHECKOK( mp_init_size(&accum[0], 3 * nLen + 2) );
- MP_CHECKOK( mp_init_size(&accum[1], 3 * nLen + 2) );
- MP_CHECKOK( mp_init_size(&accum[2], 3 * nLen + 2) );
- MP_CHECKOK( mp_init_size(&accum[3], 3 * nLen + 2) );
- mp_set(&accum[0], 1);
- MP_CHECKOK( s_mp_to_mont(&accum[0], mmm, &accum[0]) );
- MP_CHECKOK( mp_copy(montBase, &accum[1]) );
- SQR(montBase, &accum[2]);
- MUL_NOWEAVE(montBase, &accum[2], &accum[3]);
- powersArray = (mp_digit *)malloc(num_powers*(nLen*sizeof(mp_digit)+1));
- if (!powersArray) {
- res = MP_MEM;
- goto CLEANUP;
- }
- /* powers[i] = base ** (i); */ \
- powers = (mp_digit *)MP_ALIGN(powersArray,num_powers); \
- MP_CHECKOK( mpi_to_weave(accum, powers, nLen, num_powers) );
- if (first_window < 4) {
- MP_CHECKOK( mp_copy(&accum[first_window], &accum1) );
- first_window = num_powers;
- }
- } else {
- if (first_window == 0) {
- mp_set(&accum1, 1);
- MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
- } else {
- /* assert first_window == 1? */
- MP_CHECKOK( mp_copy(montBase, &accum1) );
- }
- }
-
- /*
- * calculate all the powers in the powers array.
- * this adds 2**(k-1)-2 square operations over just calculating the
- * odd powers where k is the window size in the two other mp_modexpt
- * implementations in this file. We will get some of that
- * back by not needing the first 'k' squares and one multiply for the
- * first window.
- * Given the value of 4 for WEAVE_WORD_SIZE, this loop will only execute if
- * num_powers > 2, in which case powers will have been allocated.
- */
- for (i = WEAVE_WORD_SIZE; i < num_powers; i++) {
- int acc_index = i & (WEAVE_WORD_SIZE-1); /* i % WEAVE_WORD_SIZE */
- if ( i & 1 ) {
- MUL_NOWEAVE(montBase, &accum[acc_index-1] , &accum[acc_index]);
- /* we've filled the array do our 'per array' processing */
- if (acc_index == (WEAVE_WORD_SIZE-1)) {
- MP_CHECKOK( mpi_to_weave(accum, powers + i - (WEAVE_WORD_SIZE-1),
- nLen, num_powers) );
-
- if (first_window <= i) {
- MP_CHECKOK( mp_copy(&accum[first_window & (WEAVE_WORD_SIZE-1)],
- &accum1) );
- first_window = num_powers;
+ MP_CHECKOK(mpl_get_bits(exponent,
+ bits_in_exponent - window_bits, window_bits));
+ first_window = (mp_size)res;
+
+ MP_CHECKOK(mp_init_size(&accum1, 3 * nLen + 2));
+ MP_CHECKOK(mp_init_size(&accum2, 3 * nLen + 2));
+
+ /* build the first WEAVE_WORD powers inline */
+ /* if WEAVE_WORD_SIZE is not 4, this code will have to change */
+ if (num_powers > 2) {
+ MP_CHECKOK(mp_init_size(&accum[0], 3 * nLen + 2));
+ MP_CHECKOK(mp_init_size(&accum[1], 3 * nLen + 2));
+ MP_CHECKOK(mp_init_size(&accum[2], 3 * nLen + 2));
+ MP_CHECKOK(mp_init_size(&accum[3], 3 * nLen + 2));
+ mp_set(&accum[0], 1);
+ MP_CHECKOK(s_mp_to_mont(&accum[0], mmm, &accum[0]));
+ MP_CHECKOK(mp_copy(montBase, &accum[1]));
+ SQR(montBase, &accum[2]);
+ MUL_NOWEAVE(montBase, &accum[2], &accum[3]);
+ powersArray = (mp_digit *)malloc(num_powers * (nLen * sizeof(mp_digit) + 1));
+ if (!powersArray) {
+ res = MP_MEM;
+ goto CLEANUP;
+ }
+ /* powers[i] = base ** (i); */
+ powers = (mp_digit *)MP_ALIGN(powersArray, num_powers);
+ MP_CHECKOK(mpi_to_weave(accum, powers, nLen, num_powers));
+ if (first_window < 4) {
+ MP_CHECKOK(mp_copy(&accum[first_window], &accum1));
+ first_window = num_powers;
}
- }
} else {
- /* up to 8 we can find 2^i-1 in the accum array, but at 8 we our source
- * and target are the same so we need to copy.. After that, the
- * value is overwritten, so we need to fetch it from the stored
- * weave array */
- if (i > 2* WEAVE_WORD_SIZE) {
- MP_CHECKOK(weave_to_mpi(&accum2, powers, i/2, nLen, num_powers));
- SQR(&accum2, &accum[acc_index]);
- } else {
- int half_power_index = (i/2) & (WEAVE_WORD_SIZE-1);
- if (half_power_index == acc_index) {
- /* copy is cheaper than weave_to_mpi */
- MP_CHECKOK(mp_copy(&accum[half_power_index], &accum2));
- SQR(&accum2,&accum[acc_index]);
- } else {
- SQR(&accum[half_power_index],&accum[acc_index]);
- }
- }
+ if (first_window == 0) {
+ mp_set(&accum1, 1);
+ MP_CHECKOK(s_mp_to_mont(&accum1, mmm, &accum1));
+ } else {
+ /* assert first_window == 1? */
+ MP_CHECKOK(mp_copy(montBase, &accum1));
+ }
}
- }
- /* if the accum1 isn't set, Then there is something wrong with our logic
- * above and is an internal programming error.
+
+ /*
+ * calculate all the powers in the powers array.
+ * this adds 2**(k-1)-2 square operations over just calculating the
+ * odd powers where k is the window size in the two other mp_modexpt
+ * implementations in this file. We will get some of that
+ * back by not needing the first 'k' squares and one multiply for the
+ * first window.
+ * Given the value of 4 for WEAVE_WORD_SIZE, this loop will only execute if
+ * num_powers > 2, in which case powers will have been allocated.
+ */
+ for (i = WEAVE_WORD_SIZE; i < num_powers; i++) {
+ int acc_index = i & (WEAVE_WORD_SIZE - 1); /* i % WEAVE_WORD_SIZE */
+ if (i & 1) {
+ MUL_NOWEAVE(montBase, &accum[acc_index - 1], &accum[acc_index]);
+ /* we've filled the array do our 'per array' processing */
+ if (acc_index == (WEAVE_WORD_SIZE - 1)) {
+ MP_CHECKOK(mpi_to_weave(accum, powers + i - (WEAVE_WORD_SIZE - 1),
+ nLen, num_powers));
+
+ if (first_window <= i) {
+ MP_CHECKOK(mp_copy(&accum[first_window & (WEAVE_WORD_SIZE - 1)],
+ &accum1));
+ first_window = num_powers;
+ }
+ }
+ } else {
+ /* up to 8 we can find 2^i-1 in the accum array, but at 8 we our source
+ * and target are the same so we need to copy.. After that, the
+ * value is overwritten, so we need to fetch it from the stored
+ * weave array */
+ if (i > 2 * WEAVE_WORD_SIZE) {
+ MP_CHECKOK(weave_to_mpi(&accum2, powers, i / 2, nLen, num_powers));
+ SQR(&accum2, &accum[acc_index]);
+ } else {
+ int half_power_index = (i / 2) & (WEAVE_WORD_SIZE - 1);
+ if (half_power_index == acc_index) {
+ /* copy is cheaper than weave_to_mpi */
+ MP_CHECKOK(mp_copy(&accum[half_power_index], &accum2));
+ SQR(&accum2, &accum[acc_index]);
+ } else {
+ SQR(&accum[half_power_index], &accum[acc_index]);
+ }
+ }
+ }
+ }
+/* if the accum1 isn't set, Then there is something wrong with our logic
+ * above and is an internal programming error.
*/
#if MP_ARGCHK == 2
- assert(MP_USED(&accum1) != 0);
+ assert(MP_USED(&accum1) != 0);
#endif
- /* set accumulator to montgomery residue of 1 */
- pa1 = &accum1;
- pa2 = &accum2;
-
- /* tmp is not used if window_bits == 1. */
- if (window_bits != 1) {
- MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) );
- }
-
- for (expOff = bits_in_exponent - window_bits*2; expOff >= 0; expOff -= window_bits) {
- mp_size smallExp;
- MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
- smallExp = (mp_size)res;
-
- /* handle unroll the loops */
- switch (window_bits) {
- case 1:
- if (!smallExp) {
- SQR(pa1,pa2); SWAPPA;
- } else if (smallExp & 1) {
- SQR(pa1,pa2); MUL_NOWEAVE(montBase,pa2,pa1);
- } else {
- abort();
- }
- break;
- case 6:
- SQR(pa1,pa2); SQR(pa2,pa1);
- /* fall through */
- case 4:
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- MUL(smallExp, pa1,pa2); SWAPPA;
- break;
- case 5:
- SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
- SQR(pa1,pa2); MUL(smallExp,pa2,pa1);
- break;
- default:
- abort(); /* could do a loop? */
+ /* set accumulator to montgomery residue of 1 */
+ pa1 = &accum1;
+ pa2 = &accum2;
+
+ /* tmp is not used if window_bits == 1. */
+ if (window_bits != 1) {
+ MP_CHECKOK(mp_init_size(&tmp, 3 * nLen + 2));
}
- }
- res = s_mp_redc(pa1, mmm);
- mp_exch(pa1, result);
+ for (expOff = bits_in_exponent - window_bits * 2; expOff >= 0; expOff -= window_bits) {
+ mp_size smallExp;
+ MP_CHECKOK(mpl_get_bits(exponent, expOff, window_bits));
+ smallExp = (mp_size)res;
+
+ /* handle unroll the loops */
+ switch (window_bits) {
+ case 1:
+ if (!smallExp) {
+ SQR(pa1, pa2);
+ SWAPPA;
+ } else if (smallExp & 1) {
+ SQR(pa1, pa2);
+ MUL_NOWEAVE(montBase, pa2, pa1);
+ } else {
+ abort();
+ }
+ break;
+ case 6:
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ /* fall through */
+ case 4:
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ MUL(smallExp, pa1, pa2);
+ SWAPPA;
+ break;
+ case 5:
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ SQR(pa2, pa1);
+ SQR(pa1, pa2);
+ MUL(smallExp, pa2, pa1);
+ break;
+ default:
+ abort(); /* could do a loop? */
+ }
+ }
+
+ res = s_mp_redc(pa1, mmm);
+ mp_exch(pa1, result);
CLEANUP:
- mp_clear(&accum1);
- mp_clear(&accum2);
- mp_clear(&accum[0]);
- mp_clear(&accum[1]);
- mp_clear(&accum[2]);
- mp_clear(&accum[3]);
- mp_clear(&tmp);
- /* PORT_Memset(powers,0,num_powers*nLen*sizeof(mp_digit)); */
- free(powersArray);
- return res;
+ mp_clear(&accum1);
+ mp_clear(&accum2);
+ mp_clear(&accum[0]);
+ mp_clear(&accum[1]);
+ mp_clear(&accum[2]);
+ mp_clear(&accum[3]);
+ mp_clear(&tmp);
+ /* PORT_Memset(powers,0,num_powers*nLen*sizeof(mp_digit)); */
+ free(powersArray);
+ return res;
}
#undef SQR
#undef MUL
#endif
-mp_err mp_exptmod(const mp_int *inBase, const mp_int *exponent,
- const mp_int *modulus, mp_int *result)
+mp_err
+mp_exptmod(const mp_int *inBase, const mp_int *exponent,
+ const mp_int *modulus, mp_int *result)
{
- const mp_int *base;
- mp_size bits_in_exponent, i, window_bits, odd_ints;
- mp_err res;
- int nLen;
- mp_int montBase, goodBase;
- mp_mont_modulus mmm;
+ const mp_int *base;
+ mp_size bits_in_exponent, i, window_bits, odd_ints;
+ mp_err res;
+ int nLen;
+ mp_int montBase, goodBase;
+ mp_mont_modulus mmm;
#ifdef MP_USING_CACHE_SAFE_MOD_EXP
- static unsigned int max_window_bits;
+ static unsigned int max_window_bits;
#endif
- /* function for computing n0prime only works if n0 is odd */
- if (!mp_isodd(modulus))
- return s_mp_exptmod(inBase, exponent, modulus, result);
+ /* function for computing n0prime only works if n0 is odd */
+ if (!mp_isodd(modulus))
+ return s_mp_exptmod(inBase, exponent, modulus, result);
- MP_DIGITS(&montBase) = 0;
- MP_DIGITS(&goodBase) = 0;
+ MP_DIGITS(&montBase) = 0;
+ MP_DIGITS(&goodBase) = 0;
- if (mp_cmp(inBase, modulus) < 0) {
- base = inBase;
- } else {
- MP_CHECKOK( mp_init(&goodBase) );
- base = &goodBase;
- MP_CHECKOK( mp_mod(inBase, modulus, &goodBase) );
- }
+ if (mp_cmp(inBase, modulus) < 0) {
+ base = inBase;
+ } else {
+ MP_CHECKOK(mp_init(&goodBase));
+ base = &goodBase;
+ MP_CHECKOK(mp_mod(inBase, modulus, &goodBase));
+ }
- nLen = MP_USED(modulus);
- MP_CHECKOK( mp_init_size(&montBase, 2 * nLen + 2) );
+ nLen = MP_USED(modulus);
+ MP_CHECKOK(mp_init_size(&montBase, 2 * nLen + 2));
- mmm.N = *modulus; /* a copy of the mp_int struct */
+ mmm.N = *modulus; /* a copy of the mp_int struct */
- /* compute n0', given n0, n0' = -(n0 ** -1) mod MP_RADIX
- ** where n0 = least significant mp_digit of N, the modulus.
- */
- mmm.n0prime = 0 - s_mp_invmod_radix( MP_DIGIT(modulus, 0) );
+ /* compute n0', given n0, n0' = -(n0 ** -1) mod MP_RADIX
+ ** where n0 = least significant mp_digit of N, the modulus.
+ */
+ mmm.n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(modulus, 0));
- MP_CHECKOK( s_mp_to_mont(base, &mmm, &montBase) );
+ MP_CHECKOK(s_mp_to_mont(base, &mmm, &montBase));
- bits_in_exponent = mpl_significant_bits(exponent);
+ bits_in_exponent = mpl_significant_bits(exponent);
#ifdef MP_USING_CACHE_SAFE_MOD_EXP
- if (mp_using_cache_safe_exp) {
- if (bits_in_exponent > 780)
- window_bits = 6;
- else if (bits_in_exponent > 256)
- window_bits = 5;
- else if (bits_in_exponent > 20)
- window_bits = 4;
- /* RSA public key exponents are typically under 20 bits (common values
- * are: 3, 17, 65537) and a 4-bit window is inefficient
- */
- else
- window_bits = 1;
- } else
+ if (mp_using_cache_safe_exp) {
+ if (bits_in_exponent > 780)
+ window_bits = 6;
+ else if (bits_in_exponent > 256)
+ window_bits = 5;
+ else if (bits_in_exponent > 20)
+ window_bits = 4;
+ /* RSA public key exponents are typically under 20 bits (common values
+ * are: 3, 17, 65537) and a 4-bit window is inefficient
+ */
+ else
+ window_bits = 1;
+ } else
#endif
- if (bits_in_exponent > 480)
- window_bits = 6;
- else if (bits_in_exponent > 160)
- window_bits = 5;
- else if (bits_in_exponent > 20)
- window_bits = 4;
- /* RSA public key exponents are typically under 20 bits (common values
- * are: 3, 17, 65537) and a 4-bit window is inefficient
- */
- else
- window_bits = 1;
+ if (bits_in_exponent > 480)
+ window_bits = 6;
+ else if (bits_in_exponent > 160)
+ window_bits = 5;
+ else if (bits_in_exponent > 20)
+ window_bits = 4;
+ /* RSA public key exponents are typically under 20 bits (common values
+ * are: 3, 17, 65537) and a 4-bit window is inefficient
+ */
+ else
+ window_bits = 1;
#ifdef MP_USING_CACHE_SAFE_MOD_EXP
- /*
- * clamp the window size based on
- * the cache line size.
- */
- if (!max_window_bits) {
- unsigned long cache_size = s_mpi_getProcessorLineSize();
- /* processor has no cache, use 'fast' code always */
- if (cache_size == 0) {
- mp_using_cache_safe_exp = 0;
- }
- if ((cache_size == 0) || (cache_size >= 64)) {
- max_window_bits = 6;
- } else if (cache_size >= 32) {
- max_window_bits = 5;
- } else if (cache_size >= 16) {
- max_window_bits = 4;
- } else max_window_bits = 1; /* should this be an assert? */
- }
-
- /* clamp the window size down before we caclulate bits_in_exponent */
- if (mp_using_cache_safe_exp) {
- if (window_bits > max_window_bits) {
- window_bits = max_window_bits;
+ /*
+ * clamp the window size based on
+ * the cache line size.
+ */
+ if (!max_window_bits) {
+ unsigned long cache_size = s_mpi_getProcessorLineSize();
+ /* processor has no cache, use 'fast' code always */
+ if (cache_size == 0) {
+ mp_using_cache_safe_exp = 0;
+ }
+ if ((cache_size == 0) || (cache_size >= 64)) {
+ max_window_bits = 6;
+ } else if (cache_size >= 32) {
+ max_window_bits = 5;
+ } else if (cache_size >= 16) {
+ max_window_bits = 4;
+ } else
+ max_window_bits = 1; /* should this be an assert? */
+ }
+
+ /* clamp the window size down before we caclulate bits_in_exponent */
+ if (mp_using_cache_safe_exp) {
+ if (window_bits > max_window_bits) {
+ window_bits = max_window_bits;
+ }
}
- }
#endif
- odd_ints = 1 << (window_bits - 1);
- i = bits_in_exponent % window_bits;
- if (i != 0) {
- bits_in_exponent += window_bits - i;
- }
+ odd_ints = 1 << (window_bits - 1);
+ i = bits_in_exponent % window_bits;
+ if (i != 0) {
+ bits_in_exponent += window_bits - i;
+ }
#ifdef MP_USING_MONT_MULF
- if (mp_using_mont_mulf) {
- MP_CHECKOK( s_mp_pad(&montBase, nLen) );
- res = mp_exptmod_f(&montBase, exponent, modulus, result, &mmm, nLen,
- bits_in_exponent, window_bits, odd_ints);
- } else
+ if (mp_using_mont_mulf) {
+ MP_CHECKOK(s_mp_pad(&montBase, nLen));
+ res = mp_exptmod_f(&montBase, exponent, modulus, result, &mmm, nLen,
+ bits_in_exponent, window_bits, odd_ints);
+ } else
#endif
#ifdef MP_USING_CACHE_SAFE_MOD_EXP
- if (mp_using_cache_safe_exp) {
- res = mp_exptmod_safe_i(&montBase, exponent, modulus, result, &mmm, nLen,
- bits_in_exponent, window_bits, 1 << window_bits);
- } else
+ if (mp_using_cache_safe_exp) {
+ res = mp_exptmod_safe_i(&montBase, exponent, modulus, result, &mmm, nLen,
+ bits_in_exponent, window_bits, 1 << window_bits);
+ } else
#endif
- res = mp_exptmod_i(&montBase, exponent, modulus, result, &mmm, nLen,
- bits_in_exponent, window_bits, odd_ints);
+ res = mp_exptmod_i(&montBase, exponent, modulus, result, &mmm, nLen,
+ bits_in_exponent, window_bits, odd_ints);
CLEANUP:
- mp_clear(&montBase);
- mp_clear(&goodBase);
- /* Don't mp_clear mmm.N because it is merely a copy of modulus.
- ** Just zap it.
- */
- memset(&mmm, 0, sizeof mmm);
- return res;
+ mp_clear(&montBase);
+ mp_clear(&goodBase);
+ /* Don't mp_clear mmm.N because it is merely a copy of modulus.
+ ** Just zap it.
+ */
+ memset(&mmm, 0, sizeof mmm);
+ return res;
}
diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c
index 905c15fc5..58287192e 100644
--- a/lib/freebl/mpi/mpprime.c
+++ b/lib/freebl/mpi/mpprime.c
@@ -18,14 +18,14 @@
#define RANDOM() rand()
-#include "primes.c" /* pull in the prime digit table */
+#include "primes.c" /* pull in the prime digit table */
-/*
+/*
Test if any of a given vector of digits divides a. If not, MP_NO
is returned; otherwise, MP_YES is returned and 'which' is set to
the index of the integer in the vector which divided a.
*/
-mp_err s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which);
+mp_err s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which);
/* {{{ mpp_divis(a, b) */
@@ -35,25 +35,26 @@ mp_err s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which);
Returns MP_YES if a is divisible by b, or MP_NO if it is not.
*/
-mp_err mpp_divis(mp_int *a, mp_int *b)
+mp_err
+mpp_divis(mp_int *a, mp_int *b)
{
- mp_err res;
- mp_int rem;
+ mp_err res;
+ mp_int rem;
- if((res = mp_init(&rem)) != MP_OKAY)
- return res;
+ if ((res = mp_init(&rem)) != MP_OKAY)
+ return res;
- if((res = mp_mod(a, b, &rem)) != MP_OKAY)
- goto CLEANUP;
+ if ((res = mp_mod(a, b, &rem)) != MP_OKAY)
+ goto CLEANUP;
- if(mp_cmp_z(&rem) == 0)
- res = MP_YES;
- else
- res = MP_NO;
+ if (mp_cmp_z(&rem) == 0)
+ res = MP_YES;
+ else
+ res = MP_NO;
CLEANUP:
- mp_clear(&rem);
- return res;
+ mp_clear(&rem);
+ return res;
} /* end mpp_divis() */
@@ -67,23 +68,24 @@ CLEANUP:
Return MP_YES if a is divisible by d, or MP_NO if it is not.
*/
-mp_err mpp_divis_d(mp_int *a, mp_digit d)
+mp_err
+mpp_divis_d(mp_int *a, mp_digit d)
{
- mp_err res;
- mp_digit rem;
+ mp_err res;
+ mp_digit rem;
- ARGCHK(a != NULL, MP_BADARG);
+ ARGCHK(a != NULL, MP_BADARG);
- if(d == 0)
- return MP_NO;
+ if (d == 0)
+ return MP_NO;
- if((res = mp_mod_d(a, d, &rem)) != MP_OKAY)
- return res;
+ if ((res = mp_mod_d(a, d, &rem)) != MP_OKAY)
+ return res;
- if(rem == 0)
- return MP_YES;
- else
- return MP_NO;
+ if (rem == 0)
+ return MP_YES;
+ else
+ return MP_NO;
} /* end mpp_divis_d() */
@@ -102,22 +104,23 @@ mp_err mpp_divis_d(mp_int *a, mp_digit d)
As many digits as a currently has are filled with random digits.
*/
-mp_err mpp_random(mp_int *a)
+mp_err
+mpp_random(mp_int *a)
{
- mp_digit next = 0;
- unsigned int ix, jx;
+ mp_digit next = 0;
+ unsigned int ix, jx;
- ARGCHK(a != NULL, MP_BADARG);
+ ARGCHK(a != NULL, MP_BADARG);
- for(ix = 0; ix < USED(a); ix++) {
- for(jx = 0; jx < sizeof(mp_digit); jx++) {
- next = (next << CHAR_BIT) | (RANDOM() & UCHAR_MAX);
+ for (ix = 0; ix < USED(a); ix++) {
+ for (jx = 0; jx < sizeof(mp_digit); jx++) {
+ next = (next << CHAR_BIT) | (RANDOM() & UCHAR_MAX);
+ }
+ DIGIT(a, ix) = next;
}
- DIGIT(a, ix) = next;
- }
- return MP_OKAY;
+ return MP_OKAY;
} /* end mpp_random() */
@@ -125,16 +128,17 @@ mp_err mpp_random(mp_int *a)
/* {{{ mpp_random_size(a, prec) */
-mp_err mpp_random_size(mp_int *a, mp_size prec)
+mp_err
+mpp_random_size(mp_int *a, mp_size prec)
{
- mp_err res;
+ mp_err res;
- ARGCHK(a != NULL && prec > 0, MP_BADARG);
-
- if((res = s_mp_pad(a, prec)) != MP_OKAY)
- return res;
+ ARGCHK(a != NULL && prec > 0, MP_BADARG);
- return mpp_random(a);
+ if ((res = s_mp_pad(a, prec)) != MP_OKAY)
+ return res;
+
+ return mpp_random(a);
} /* end mpp_random_size() */
@@ -150,11 +154,12 @@ mp_err mpp_random_size(mp_int *a, mp_size prec)
if it is; returns MP_NO if it is not.
*/
-mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which)
+mp_err
+mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which)
{
- ARGCHK(a != NULL && vec != NULL && size > 0, MP_BADARG);
-
- return s_mpp_divp(a, vec, size, which);
+ ARGCHK(a != NULL && vec != NULL && size > 0, MP_BADARG);
+
+ return s_mpp_divp(a, vec, size, which);
} /* end mpp_divis_vector() */
@@ -169,22 +174,23 @@ mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which)
is, returns MP_YES and sets *np to the value of the digit that did
it. If not, returns MP_NO.
*/
-mp_err mpp_divis_primes(mp_int *a, mp_digit *np)
+mp_err
+mpp_divis_primes(mp_int *a, mp_digit *np)
{
- int size, which;
- mp_err res;
+ int size, which;
+ mp_err res;
- ARGCHK(a != NULL && np != NULL, MP_BADARG);
+ ARGCHK(a != NULL && np != NULL, MP_BADARG);
- size = (int)*np;
- if(size > prime_tab_size)
- size = prime_tab_size;
+ size = (int)*np;
+ if (size > prime_tab_size)
+ size = prime_tab_size;
- res = mpp_divis_vector(a, prime_tab, size, &which);
- if(res == MP_YES)
- *np = prime_tab[which];
+ res = mpp_divis_vector(a, prime_tab, size, &which);
+ if (res == MP_YES)
+ *np = prime_tab[which];
- return res;
+ return res;
} /* end mpp_divis_primes() */
@@ -199,35 +205,35 @@ mp_err mpp_divis_primes(mp_int *a, mp_digit *np)
equal, the test passes and we return MP_YES. Otherwise, we return
MP_NO.
*/
-mp_err mpp_fermat(mp_int *a, mp_digit w)
+mp_err
+mpp_fermat(mp_int *a, mp_digit w)
{
- mp_int base, test;
- mp_err res;
-
- if((res = mp_init(&base)) != MP_OKAY)
- return res;
+ mp_int base, test;
+ mp_err res;
- mp_set(&base, w);
+ if ((res = mp_init(&base)) != MP_OKAY)
+ return res;
- if((res = mp_init(&test)) != MP_OKAY)
- goto TEST;
+ mp_set(&base, w);
- /* Compute test = base^a (mod a) */
- if((res = mp_exptmod(&base, a, a, &test)) != MP_OKAY)
- goto CLEANUP;
+ if ((res = mp_init(&test)) != MP_OKAY)
+ goto TEST;
-
- if(mp_cmp(&base, &test) == 0)
- res = MP_YES;
- else
- res = MP_NO;
+ /* Compute test = base^a (mod a) */
+ if ((res = mp_exptmod(&base, a, a, &test)) != MP_OKAY)
+ goto CLEANUP;
- CLEANUP:
- mp_clear(&test);
- TEST:
- mp_clear(&base);
+ if (mp_cmp(&base, &test) == 0)
+ res = MP_YES;
+ else
+ res = MP_NO;
+
+CLEANUP:
+ mp_clear(&test);
+TEST:
+ mp_clear(&base);
- return res;
+ return res;
} /* end mpp_fermat() */
@@ -235,20 +241,21 @@ mp_err mpp_fermat(mp_int *a, mp_digit w)
/*
Perform the fermat test on each of the primes in a list until
- a) one of them shows a is not prime, or
+ a) one of them shows a is not prime, or
b) the list is exhausted.
Returns: MP_YES if it passes tests.
- MP_NO if fermat test reveals it is composite
- Some MP error code if some other error occurs.
+ MP_NO if fermat test reveals it is composite
+ Some MP error code if some other error occurs.
*/
-mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes)
+mp_err
+mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes)
{
- mp_err rv = MP_YES;
+ mp_err rv = MP_YES;
- while (nPrimes-- > 0 && rv == MP_YES) {
- rv = mpp_fermat(a, *primes++);
- }
- return rv;
+ while (nPrimes-- > 0 && rv == MP_YES) {
+ rv = mpp_fermat(a, *primes++);
+ }
+ return rv;
}
/* {{{ mpp_pprime(a, nt) */
@@ -262,289 +269,292 @@ mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes)
is returned, it is probably prime (but that is not guaranteed).
*/
-mp_err mpp_pprime(mp_int *a, int nt)
+mp_err
+mpp_pprime(mp_int *a, int nt)
{
- mp_err res;
- mp_int x, amo, m, z; /* "amo" = "a minus one" */
- int iter;
- unsigned int jx;
- mp_size b;
-
- ARGCHK(a != NULL, MP_BADARG);
-
- MP_DIGITS(&x) = 0;
- MP_DIGITS(&amo) = 0;
- MP_DIGITS(&m) = 0;
- MP_DIGITS(&z) = 0;
-
- /* Initialize temporaries... */
- MP_CHECKOK( mp_init(&amo));
- /* Compute amo = a - 1 for what follows... */
- MP_CHECKOK( mp_sub_d(a, 1, &amo) );
-
- b = mp_trailing_zeros(&amo);
- if (!b) { /* a was even ? */
- res = MP_NO;
- goto CLEANUP;
- }
-
- MP_CHECKOK( mp_init_size(&x, MP_USED(a)) );
- MP_CHECKOK( mp_init(&z) );
- MP_CHECKOK( mp_init(&m) );
- MP_CHECKOK( mp_div_2d(&amo, b, &m, 0) );
-
- /* Do the test nt times... */
- for(iter = 0; iter < nt; iter++) {
-
- /* Choose a random value for 1 < x < a */
- MP_CHECKOK( s_mp_pad(&x, USED(a)) );
- mpp_random(&x);
- MP_CHECKOK( mp_mod(&x, a, &x) );
- if(mp_cmp_d(&x, 1) <= 0) {
- iter--; /* don't count this iteration */
- continue; /* choose a new x */
+ mp_err res;
+ mp_int x, amo, m, z; /* "amo" = "a minus one" */
+ int iter;
+ unsigned int jx;
+ mp_size b;
+
+ ARGCHK(a != NULL, MP_BADARG);
+
+ MP_DIGITS(&x) = 0;
+ MP_DIGITS(&amo) = 0;
+ MP_DIGITS(&m) = 0;
+ MP_DIGITS(&z) = 0;
+
+ /* Initialize temporaries... */
+ MP_CHECKOK(mp_init(&amo));
+ /* Compute amo = a - 1 for what follows... */
+ MP_CHECKOK(mp_sub_d(a, 1, &amo));
+
+ b = mp_trailing_zeros(&amo);
+ if (!b) { /* a was even ? */
+ res = MP_NO;
+ goto CLEANUP;
}
- /* Compute z = (x ** m) mod a */
- MP_CHECKOK( mp_exptmod(&x, &m, a, &z) );
-
- if(mp_cmp_d(&z, 1) == 0 || mp_cmp(&z, &amo) == 0) {
- res = MP_YES;
- continue;
- }
-
- res = MP_NO; /* just in case the following for loop never executes. */
- for (jx = 1; jx < b; jx++) {
- /* z = z^2 (mod a) */
- MP_CHECKOK( mp_sqrmod(&z, a, &z) );
- res = MP_NO; /* previous line set res to MP_YES */
-
- if(mp_cmp_d(&z, 1) == 0) {
- break;
- }
- if(mp_cmp(&z, &amo) == 0) {
- res = MP_YES;
- break;
- }
- } /* end testing loop */
-
- /* If the test passes, we will continue iterating, but a failed
- test means the candidate is definitely NOT prime, so we will
- immediately break out of this loop
- */
- if(res == MP_NO)
- break;
-
- } /* end iterations loop */
-
+ MP_CHECKOK(mp_init_size(&x, MP_USED(a)));
+ MP_CHECKOK(mp_init(&z));
+ MP_CHECKOK(mp_init(&m));
+ MP_CHECKOK(mp_div_2d(&amo, b, &m, 0));
+
+ /* Do the test nt times... */
+ for (iter = 0; iter < nt; iter++) {
+
+ /* Choose a random value for 1 < x < a */
+ MP_CHECKOK(s_mp_pad(&x, USED(a)));
+ mpp_random(&x);
+ MP_CHECKOK(mp_mod(&x, a, &x));
+ if (mp_cmp_d(&x, 1) <= 0) {
+ iter--; /* don't count this iteration */
+ continue; /* choose a new x */
+ }
+
+ /* Compute z = (x ** m) mod a */
+ MP_CHECKOK(mp_exptmod(&x, &m, a, &z));
+
+ if (mp_cmp_d(&z, 1) == 0 || mp_cmp(&z, &amo) == 0) {
+ res = MP_YES;
+ continue;
+ }
+
+ res = MP_NO; /* just in case the following for loop never executes. */
+ for (jx = 1; jx < b; jx++) {
+ /* z = z^2 (mod a) */
+ MP_CHECKOK(mp_sqrmod(&z, a, &z));
+ res = MP_NO; /* previous line set res to MP_YES */
+
+ if (mp_cmp_d(&z, 1) == 0) {
+ break;
+ }
+ if (mp_cmp(&z, &amo) == 0) {
+ res = MP_YES;
+ break;
+ }
+ } /* end testing loop */
+
+ /* If the test passes, we will continue iterating, but a failed
+ test means the candidate is definitely NOT prime, so we will
+ immediately break out of this loop
+ */
+ if (res == MP_NO)
+ break;
+
+ } /* end iterations loop */
+
CLEANUP:
- mp_clear(&m);
- mp_clear(&z);
- mp_clear(&x);
- mp_clear(&amo);
- return res;
+ mp_clear(&m);
+ mp_clear(&z);
+ mp_clear(&x);
+ mp_clear(&amo);
+ return res;
} /* end mpp_pprime() */
/* }}} */
-/* Produce table of composites from list of primes and trial value.
+/* Produce table of composites from list of primes and trial value.
** trial must be odd. List of primes must not include 2.
-** sieve should have dimension >= MAXPRIME/2, where MAXPRIME is largest
+** sieve should have dimension >= MAXPRIME/2, where MAXPRIME is largest
** prime in list of primes. After this function is finished,
** if sieve[i] is non-zero, then (trial + 2*i) is composite.
** Each prime used in the sieve costs one division of trial, and eliminates
** one or more values from the search space. (3 eliminates 1/3 of the values
-** alone!) Each value left in the search space costs 1 or more modular
+** alone!) Each value left in the search space costs 1 or more modular
** exponentations. So, these divisions are a bargain!
*/
-mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes,
- unsigned char *sieve, mp_size nSieve)
+mp_err
+mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes,
+ unsigned char *sieve, mp_size nSieve)
{
- mp_err res;
- mp_digit rem;
- mp_size ix;
- unsigned long offset;
-
- memset(sieve, 0, nSieve);
-
- for(ix = 0; ix < nPrimes; ix++) {
- mp_digit prime = primes[ix];
- mp_size i;
- if((res = mp_mod_d(trial, prime, &rem)) != MP_OKAY)
- return res;
-
- if (rem == 0) {
- offset = 0;
- } else {
- offset = prime - rem;
- }
-
- for (i = offset; i < nSieve * 2; i += prime) {
- if (i % 2 == 0) {
- sieve[i / 2] = 1;
- }
+ mp_err res;
+ mp_digit rem;
+ mp_size ix;
+ unsigned long offset;
+
+ memset(sieve, 0, nSieve);
+
+ for (ix = 0; ix < nPrimes; ix++) {
+ mp_digit prime = primes[ix];
+ mp_size i;
+ if ((res = mp_mod_d(trial, prime, &rem)) != MP_OKAY)
+ return res;
+
+ if (rem == 0) {
+ offset = 0;
+ } else {
+ offset = prime - rem;
+ }
+
+ for (i = offset; i < nSieve * 2; i += prime) {
+ if (i % 2 == 0) {
+ sieve[i / 2] = 1;
+ }
+ }
}
- }
- return MP_OKAY;
+ return MP_OKAY;
}
-#define SIEVE_SIZE 32*1024
+#define SIEVE_SIZE 32 * 1024
-mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
- unsigned long * nTries)
+mp_err
+mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
+ unsigned long *nTries)
{
- mp_digit np;
- mp_err res;
- unsigned int i = 0;
- mp_int trial;
- mp_int q;
- mp_size num_tests;
- unsigned char *sieve;
-
- ARGCHK(start != 0, MP_BADARG);
- ARGCHK(nBits > 16, MP_RANGE);
-
- sieve = malloc(SIEVE_SIZE);
- ARGCHK(sieve != NULL, MP_MEM);
-
- MP_DIGITS(&trial) = 0;
- MP_DIGITS(&q) = 0;
- MP_CHECKOK( mp_init(&trial) );
- MP_CHECKOK( mp_init(&q) );
- /* values originally taken from table 4.4,
+ mp_digit np;
+ mp_err res;
+ unsigned int i = 0;
+ mp_int trial;
+ mp_int q;
+ mp_size num_tests;
+ unsigned char *sieve;
+
+ ARGCHK(start != 0, MP_BADARG);
+ ARGCHK(nBits > 16, MP_RANGE);
+
+ sieve = malloc(SIEVE_SIZE);
+ ARGCHK(sieve != NULL, MP_MEM);
+
+ MP_DIGITS(&trial) = 0;
+ MP_DIGITS(&q) = 0;
+ MP_CHECKOK(mp_init(&trial));
+ MP_CHECKOK(mp_init(&q));
+ /* values originally taken from table 4.4,
* HandBook of Applied Cryptography, augmented by FIPS-186
* requirements, Table C.2 and C.3 */
- if (nBits >= 2000) {
- num_tests = 3;
- } else if (nBits >= 1536) {
- num_tests = 4;
- } else if (nBits >= 1024) {
- num_tests = 5;
- } else if (nBits >= 550) {
- num_tests = 6;
- } else if (nBits >= 450) {
- num_tests = 7;
- } else if (nBits >= 400) {
- num_tests = 8;
- } else if (nBits >= 350) {
- num_tests = 9;
- } else if (nBits >= 300) {
- num_tests = 10;
- } else if (nBits >= 250) {
- num_tests = 20;
- } else if (nBits >= 200) {
- num_tests = 41;
- } else if (nBits >= 100) {
- num_tests = 38; /* funny anomaly in the FIPS tables, for aux primes, the
- * required more iterations for larger aux primes */
- } else
- num_tests = 50;
-
- if (strong)
- --nBits;
- MP_CHECKOK( mpl_set_bit(start, nBits - 1, 1) );
- MP_CHECKOK( mpl_set_bit(start, 0, 1) );
- for (i = mpl_significant_bits(start) - 1; i >= nBits; --i) {
- MP_CHECKOK( mpl_set_bit(start, i, 0) );
- }
- /* start sieveing with prime value of 3. */
- MP_CHECKOK(mpp_sieve(start, prime_tab + 1, prime_tab_size - 1,
- sieve, SIEVE_SIZE) );
+ if (nBits >= 2000) {
+ num_tests = 3;
+ } else if (nBits >= 1536) {
+ num_tests = 4;
+ } else if (nBits >= 1024) {
+ num_tests = 5;
+ } else if (nBits >= 550) {
+ num_tests = 6;
+ } else if (nBits >= 450) {
+ num_tests = 7;
+ } else if (nBits >= 400) {
+ num_tests = 8;
+ } else if (nBits >= 350) {
+ num_tests = 9;
+ } else if (nBits >= 300) {
+ num_tests = 10;
+ } else if (nBits >= 250) {
+ num_tests = 20;
+ } else if (nBits >= 200) {
+ num_tests = 41;
+ } else if (nBits >= 100) {
+ num_tests = 38; /* funny anomaly in the FIPS tables, for aux primes, the
+ * required more iterations for larger aux primes */
+ } else
+ num_tests = 50;
+
+ if (strong)
+ --nBits;
+ MP_CHECKOK(mpl_set_bit(start, nBits - 1, 1));
+ MP_CHECKOK(mpl_set_bit(start, 0, 1));
+ for (i = mpl_significant_bits(start) - 1; i >= nBits; --i) {
+ MP_CHECKOK(mpl_set_bit(start, i, 0));
+ }
+ /* start sieveing with prime value of 3. */
+ MP_CHECKOK(mpp_sieve(start, prime_tab + 1, prime_tab_size - 1,
+ sieve, SIEVE_SIZE));
#ifdef DEBUG_SIEVE
- res = 0;
- for (i = 0; i < SIEVE_SIZE; ++i) {
- if (!sieve[i])
- ++res;
- }
- fprintf(stderr,"sieve found %d potential primes.\n", res);
-#define FPUTC(x,y) fputc(x,y)
+ res = 0;
+ for (i = 0; i < SIEVE_SIZE; ++i) {
+ if (!sieve[i])
+ ++res;
+ }
+ fprintf(stderr, "sieve found %d potential primes.\n", res);
+#define FPUTC(x, y) fputc(x, y)
#else
-#define FPUTC(x,y)
+#define FPUTC(x, y)
#endif
- res = MP_NO;
- for(i = 0; i < SIEVE_SIZE; ++i) {
- if (sieve[i]) /* this number is composite */
- continue;
- MP_CHECKOK( mp_add_d(start, 2 * i, &trial) );
- FPUTC('.', stderr);
- /* run a Fermat test */
- res = mpp_fermat(&trial, 2);
- if (res != MP_OKAY) {
- if (res == MP_NO)
- continue; /* was composite */
- goto CLEANUP;
- }
-
- FPUTC('+', stderr);
- /* If that passed, run some Miller-Rabin tests */
- res = mpp_pprime(&trial, num_tests);
- if (res != MP_OKAY) {
- if (res == MP_NO)
- continue; /* was composite */
- goto CLEANUP;
- }
- FPUTC('!', stderr);
-
- if (!strong)
- break; /* success !! */
-
- /* At this point, we have strong evidence that our candidate
- is itself prime. If we want a strong prime, we need now
- to test q = 2p + 1 for primality...
- */
- MP_CHECKOK( mp_mul_2(&trial, &q) );
- MP_CHECKOK( mp_add_d(&q, 1, &q) );
-
- /* Test q for small prime divisors ... */
- np = prime_tab_size;
- res = mpp_divis_primes(&q, &np);
- if (res == MP_YES) { /* is composite */
- mp_clear(&q);
- continue;
- }
- if (res != MP_NO)
- goto CLEANUP;
-
- /* And test with Fermat, as with its parent ... */
- res = mpp_fermat(&q, 2);
- if (res != MP_YES) {
- mp_clear(&q);
- if (res == MP_NO)
- continue; /* was composite */
- goto CLEANUP;
- }
-
- /* And test with Miller-Rabin, as with its parent ... */
- res = mpp_pprime(&q, num_tests);
- if (res != MP_YES) {
- mp_clear(&q);
- if (res == MP_NO)
- continue; /* was composite */
- goto CLEANUP;
- }
-
- /* If it passed, we've got a winner */
- mp_exch(&q, &trial);
- mp_clear(&q);
- break;
-
- } /* end of loop through sieved values */
- if (res == MP_YES)
- mp_exch(&trial, start);
+ res = MP_NO;
+ for (i = 0; i < SIEVE_SIZE; ++i) {
+ if (sieve[i]) /* this number is composite */
+ continue;
+ MP_CHECKOK(mp_add_d(start, 2 * i, &trial));
+ FPUTC('.', stderr);
+ /* run a Fermat test */
+ res = mpp_fermat(&trial, 2);
+ if (res != MP_OKAY) {
+ if (res == MP_NO)
+ continue; /* was composite */
+ goto CLEANUP;
+ }
+
+ FPUTC('+', stderr);
+ /* If that passed, run some Miller-Rabin tests */
+ res = mpp_pprime(&trial, num_tests);
+ if (res != MP_OKAY) {
+ if (res == MP_NO)
+ continue; /* was composite */
+ goto CLEANUP;
+ }
+ FPUTC('!', stderr);
+
+ if (!strong)
+ break; /* success !! */
+
+ /* At this point, we have strong evidence that our candidate
+ is itself prime. If we want a strong prime, we need now
+ to test q = 2p + 1 for primality...
+ */
+ MP_CHECKOK(mp_mul_2(&trial, &q));
+ MP_CHECKOK(mp_add_d(&q, 1, &q));
+
+ /* Test q for small prime divisors ... */
+ np = prime_tab_size;
+ res = mpp_divis_primes(&q, &np);
+ if (res == MP_YES) { /* is composite */
+ mp_clear(&q);
+ continue;
+ }
+ if (res != MP_NO)
+ goto CLEANUP;
+
+ /* And test with Fermat, as with its parent ... */
+ res = mpp_fermat(&q, 2);
+ if (res != MP_YES) {
+ mp_clear(&q);
+ if (res == MP_NO)
+ continue; /* was composite */
+ goto CLEANUP;
+ }
+
+ /* And test with Miller-Rabin, as with its parent ... */
+ res = mpp_pprime(&q, num_tests);
+ if (res != MP_YES) {
+ mp_clear(&q);
+ if (res == MP_NO)
+ continue; /* was composite */
+ goto CLEANUP;
+ }
+
+ /* If it passed, we've got a winner */
+ mp_exch(&q, &trial);
+ mp_clear(&q);
+ break;
+
+ } /* end of loop through sieved values */
+ if (res == MP_YES)
+ mp_exch(&trial, start);
CLEANUP:
- mp_clear(&trial);
- mp_clear(&q);
- if (nTries)
- *nTries += i;
- if (sieve != NULL) {
- memset(sieve, 0, SIEVE_SIZE);
- free (sieve);
- }
- return res;
+ mp_clear(&trial);
+ mp_clear(&q);
+ if (nTries)
+ *nTries += i;
+ if (sieve != NULL) {
+ memset(sieve, 0, SIEVE_SIZE);
+ free(sieve);
+ }
+ return res;
}
/*========================================================================*/
@@ -553,32 +563,33 @@ CLEANUP:
/* {{{ s_mpp_divp(a, vec, size, which) */
-/*
+/*
Test for divisibility by members of a vector of digits. Returns
MP_NO if a is not divisible by any of them; returns MP_YES and sets
'which' to the index of the offender, if it is. Will stop on the
first digit against which a is divisible.
*/
-mp_err s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which)
+mp_err
+s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which)
{
- mp_err res;
- mp_digit rem;
+ mp_err res;
+ mp_digit rem;
- int ix;
+ int ix;
- for(ix = 0; ix < size; ix++) {
- if((res = mp_mod_d(a, vec[ix], &rem)) != MP_OKAY)
- return res;
+ for (ix = 0; ix < size; ix++) {
+ if ((res = mp_mod_d(a, vec[ix], &rem)) != MP_OKAY)
+ return res;
- if(rem == 0) {
- if(which)
- *which = ix;
- return MP_YES;
+ if (rem == 0) {
+ if (which)
+ *which = ix;
+ return MP_YES;
+ }
}
- }
- return MP_NO;
+ return MP_NO;
} /* end s_mpp_divp() */
diff --git a/lib/freebl/mpi/mpprime.h b/lib/freebl/mpi/mpprime.h
index 805e0db16..c47c61836 100644
--- a/lib/freebl/mpi/mpprime.h
+++ b/lib/freebl/mpi/mpprime.h
@@ -13,26 +13,26 @@
#include "mpi.h"
-extern const int prime_tab_size; /* number of primes available */
+extern const int prime_tab_size; /* number of primes available */
extern const mp_digit prime_tab[];
/* Tests for divisibility */
-mp_err mpp_divis(mp_int *a, mp_int *b);
-mp_err mpp_divis_d(mp_int *a, mp_digit d);
+mp_err mpp_divis(mp_int *a, mp_int *b);
+mp_err mpp_divis_d(mp_int *a, mp_digit d);
/* Random selection */
-mp_err mpp_random(mp_int *a);
-mp_err mpp_random_size(mp_int *a, mp_size prec);
+mp_err mpp_random(mp_int *a);
+mp_err mpp_random_size(mp_int *a, mp_size prec);
/* Pseudo-primality testing */
-mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which);
-mp_err mpp_divis_primes(mp_int *a, mp_digit *np);
-mp_err mpp_fermat(mp_int *a, mp_digit w);
+mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which);
+mp_err mpp_divis_primes(mp_int *a, mp_digit *np);
+mp_err mpp_fermat(mp_int *a, mp_digit w);
mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes);
-mp_err mpp_pprime(mp_int *a, int nt);
-mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes,
- unsigned char *sieve, mp_size nSieve);
+mp_err mpp_pprime(mp_int *a, int nt);
+mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes,
+ unsigned char *sieve, mp_size nSieve);
mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
- unsigned long * nTries);
+ unsigned long *nTries);
#endif /* end _H_MP_PRIME_ */
diff --git a/lib/freebl/mpi/mpv_sparc.c b/lib/freebl/mpi/mpv_sparc.c
index 07319b690..423311b65 100644
--- a/lib/freebl/mpi/mpv_sparc.c
+++ b/lib/freebl/mpi/mpv_sparc.c
@@ -6,215 +6,216 @@
/***************************************************************/
-typedef int t_s32;
-typedef unsigned int t_u32;
+typedef int t_s32;
+typedef unsigned int t_u32;
#if defined(__sparcv9)
-typedef long t_s64;
-typedef unsigned long t_u64;
+typedef long t_s64;
+typedef unsigned long t_u64;
#else
-typedef long long t_s64;
-typedef unsigned long long t_u64;
+typedef long long t_s64;
+typedef unsigned long long t_u64;
#endif
-typedef double t_d64;
+typedef double t_d64;
/***************************************************************/
typedef union {
- t_d64 d64;
- struct {
- t_s32 i0;
- t_s32 i1;
- } i32s;
+ t_d64 d64;
+ struct {
+ t_s32 i0;
+ t_s32 i1;
+ } i32s;
} d64_2_i32;
/***************************************************************/
-#define BUFF_SIZE 256
+#define BUFF_SIZE 256
-#define A_BITS 19
-#define A_MASK ((1 << A_BITS) - 1)
+#define A_BITS 19
+#define A_MASK ((1 << A_BITS) - 1)
/***************************************************************/
static t_u64 mask_cnst[] = {
- 0x8000000080000000ull
+ 0x8000000080000000ull
};
/***************************************************************/
#define DEF_VARS(N) \
- t_d64 *py = (t_d64*)y; \
- t_d64 mask = *((t_d64*)mask_cnst); \
- t_d64 ca = (1u << 31) - 1; \
- t_d64 da = (t_d64)a; \
- t_s64 buff[N], s; \
- d64_2_i32 dy
+ t_d64 *py = (t_d64 *)y; \
+ t_d64 mask = *((t_d64 *)mask_cnst); \
+ t_d64 ca = (1u << 31) - 1; \
+ t_d64 da = (t_d64)a; \
+ t_s64 buff[N], s; \
+ d64_2_i32 dy
/***************************************************************/
-#define MUL_U32_S64_2(i) \
- dy.d64 = vis_fxnor(mask, py[i]); \
- buff[2*(i) ] = (ca - (t_d64)dy.i32s.i0) * da; \
- buff[2*(i)+1] = (ca - (t_d64)dy.i32s.i1) * da
+#define MUL_U32_S64_2(i) \
+ dy.d64 = vis_fxnor(mask, py[i]); \
+ buff[2 * (i)] = (ca - (t_d64)dy.i32s.i0) * da; \
+ buff[2 * (i) + 1] = (ca - (t_d64)dy.i32s.i1) * da
-#define MUL_U32_S64_2_D(i) \
- dy.d64 = vis_fxnor(mask, py[i]); \
- d0 = ca - (t_d64)dy.i32s.i0; \
- d1 = ca - (t_d64)dy.i32s.i1; \
- buff[4*(i) ] = (t_s64)(d0 * da); \
- buff[4*(i)+1] = (t_s64)(d0 * db); \
- buff[4*(i)+2] = (t_s64)(d1 * da); \
- buff[4*(i)+3] = (t_s64)(d1 * db)
+#define MUL_U32_S64_2_D(i) \
+ dy.d64 = vis_fxnor(mask, py[i]); \
+ d0 = ca - (t_d64)dy.i32s.i0; \
+ d1 = ca - (t_d64)dy.i32s.i1; \
+ buff[4 * (i)] = (t_s64)(d0 * da); \
+ buff[4 * (i) + 1] = (t_s64)(d0 * db); \
+ buff[4 * (i) + 2] = (t_s64)(d1 * da); \
+ buff[4 * (i) + 3] = (t_s64)(d1 * db)
/***************************************************************/
-#define ADD_S64_U32(i) \
- s = buff[i] + x[i] + c; \
- z[i] = s; \
- c = (s >> 32)
+#define ADD_S64_U32(i) \
+ s = buff[i] + x[i] + c; \
+ z[i] = s; \
+ c = (s >> 32)
-#define ADD_S64_U32_D(i) \
- s = buff[2*(i)] +(((t_s64)(buff[2*(i)+1]))<<A_BITS) + x[i] + uc; \
- z[i] = s; \
- uc = ((t_u64)s >> 32)
+#define ADD_S64_U32_D(i) \
+ s = buff[2 * (i)] + (((t_s64)(buff[2 * (i) + 1])) << A_BITS) + x[i] + uc; \
+ z[i] = s; \
+ uc = ((t_u64)s >> 32)
/***************************************************************/
-#define MUL_U32_S64_8(i) \
- MUL_U32_S64_2(i); \
- MUL_U32_S64_2(i+1); \
- MUL_U32_S64_2(i+2); \
- MUL_U32_S64_2(i+3)
+#define MUL_U32_S64_8(i) \
+ MUL_U32_S64_2(i); \
+ MUL_U32_S64_2(i + 1); \
+ MUL_U32_S64_2(i + 2); \
+ MUL_U32_S64_2(i + 3)
-#define MUL_U32_S64_D_8(i) \
- MUL_U32_S64_2_D(i); \
- MUL_U32_S64_2_D(i+1); \
- MUL_U32_S64_2_D(i+2); \
- MUL_U32_S64_2_D(i+3)
+#define MUL_U32_S64_D_8(i) \
+ MUL_U32_S64_2_D(i); \
+ MUL_U32_S64_2_D(i + 1); \
+ MUL_U32_S64_2_D(i + 2); \
+ MUL_U32_S64_2_D(i + 3)
/***************************************************************/
-#define ADD_S64_U32_8(i) \
- ADD_S64_U32(i); \
- ADD_S64_U32(i+1); \
- ADD_S64_U32(i+2); \
- ADD_S64_U32(i+3); \
- ADD_S64_U32(i+4); \
- ADD_S64_U32(i+5); \
- ADD_S64_U32(i+6); \
- ADD_S64_U32(i+7)
-
-#define ADD_S64_U32_D_8(i) \
- ADD_S64_U32_D(i); \
- ADD_S64_U32_D(i+1); \
- ADD_S64_U32_D(i+2); \
- ADD_S64_U32_D(i+3); \
- ADD_S64_U32_D(i+4); \
- ADD_S64_U32_D(i+5); \
- ADD_S64_U32_D(i+6); \
- ADD_S64_U32_D(i+7)
+#define ADD_S64_U32_8(i) \
+ ADD_S64_U32(i); \
+ ADD_S64_U32(i + 1); \
+ ADD_S64_U32(i + 2); \
+ ADD_S64_U32(i + 3); \
+ ADD_S64_U32(i + 4); \
+ ADD_S64_U32(i + 5); \
+ ADD_S64_U32(i + 6); \
+ ADD_S64_U32(i + 7)
+
+#define ADD_S64_U32_D_8(i) \
+ ADD_S64_U32_D(i); \
+ ADD_S64_U32_D(i + 1); \
+ ADD_S64_U32_D(i + 2); \
+ ADD_S64_U32_D(i + 3); \
+ ADD_S64_U32_D(i + 4); \
+ ADD_S64_U32_D(i + 5); \
+ ADD_S64_U32_D(i + 6); \
+ ADD_S64_U32_D(i + 7)
/***************************************************************/
-t_u32 mul_add(t_u32 *z, t_u32 *x, t_u32 *y, int n, t_u32 a)
+t_u32
+mul_add(t_u32 *z, t_u32 *x, t_u32 *y, int n, t_u32 a)
{
- if (a < (1 << A_BITS)) {
+ if (a < (1 << A_BITS)) {
- if (n == 8) {
- DEF_VARS(8);
- t_s32 c = 0;
+ if (n == 8) {
+ DEF_VARS(8);
+ t_s32 c = 0;
- MUL_U32_S64_8(0);
- ADD_S64_U32_8(0);
+ MUL_U32_S64_8(0);
+ ADD_S64_U32_8(0);
- return c;
+ return c;
- } else if (n == 16) {
- DEF_VARS(16);
- t_s32 c = 0;
+ } else if (n == 16) {
+ DEF_VARS(16);
+ t_s32 c = 0;
- MUL_U32_S64_8(0);
- MUL_U32_S64_8(4);
- ADD_S64_U32_8(0);
- ADD_S64_U32_8(8);
+ MUL_U32_S64_8(0);
+ MUL_U32_S64_8(4);
+ ADD_S64_U32_8(0);
+ ADD_S64_U32_8(8);
- return c;
+ return c;
- } else {
- DEF_VARS(BUFF_SIZE);
- t_s32 i, c = 0;
+ } else {
+ DEF_VARS(BUFF_SIZE);
+ t_s32 i, c = 0;
#pragma pipeloop(0)
- for (i = 0; i < (n+1)/2; i ++) {
- MUL_U32_S64_2(i);
- }
+ for (i = 0; i < (n + 1) / 2; i++) {
+ MUL_U32_S64_2(i);
+ }
#pragma pipeloop(0)
- for (i = 0; i < n; i ++) {
- ADD_S64_U32(i);
- }
-
- return c;
+ for (i = 0; i < n; i++) {
+ ADD_S64_U32(i);
+ }
- }
- } else {
+ return c;
+ }
+ } else {
- if (n == 8) {
- DEF_VARS(2*8);
- t_d64 d0, d1, db;
- t_u32 uc = 0;
+ if (n == 8) {
+ DEF_VARS(2 * 8);
+ t_d64 d0, d1, db;
+ t_u32 uc = 0;
- da = (t_d64)(a & A_MASK);
- db = (t_d64)(a >> A_BITS);
+ da = (t_d64)(a & A_MASK);
+ db = (t_d64)(a >> A_BITS);
- MUL_U32_S64_D_8(0);
- ADD_S64_U32_D_8(0);
+ MUL_U32_S64_D_8(0);
+ ADD_S64_U32_D_8(0);
- return uc;
+ return uc;
- } else if (n == 16) {
- DEF_VARS(2*16);
- t_d64 d0, d1, db;
- t_u32 uc = 0;
+ } else if (n == 16) {
+ DEF_VARS(2 * 16);
+ t_d64 d0, d1, db;
+ t_u32 uc = 0;
- da = (t_d64)(a & A_MASK);
- db = (t_d64)(a >> A_BITS);
+ da = (t_d64)(a & A_MASK);
+ db = (t_d64)(a >> A_BITS);
- MUL_U32_S64_D_8(0);
- MUL_U32_S64_D_8(4);
- ADD_S64_U32_D_8(0);
- ADD_S64_U32_D_8(8);
+ MUL_U32_S64_D_8(0);
+ MUL_U32_S64_D_8(4);
+ ADD_S64_U32_D_8(0);
+ ADD_S64_U32_D_8(8);
- return uc;
+ return uc;
- } else {
- DEF_VARS(2*BUFF_SIZE);
- t_d64 d0, d1, db;
- t_u32 i, uc = 0;
+ } else {
+ DEF_VARS(2 * BUFF_SIZE);
+ t_d64 d0, d1, db;
+ t_u32 i, uc = 0;
- da = (t_d64)(a & A_MASK);
- db = (t_d64)(a >> A_BITS);
+ da = (t_d64)(a & A_MASK);
+ db = (t_d64)(a >> A_BITS);
#pragma pipeloop(0)
- for (i = 0; i < (n+1)/2; i ++) {
- MUL_U32_S64_2_D(i);
- }
+ for (i = 0; i < (n + 1) / 2; i++) {
+ MUL_U32_S64_2_D(i);
+ }
#pragma pipeloop(0)
- for (i = 0; i < n; i ++) {
- ADD_S64_U32_D(i);
- }
+ for (i = 0; i < n; i++) {
+ ADD_S64_U32_D(i);
+ }
- return uc;
+ return uc;
+ }
}
- }
}
/***************************************************************/
-t_u32 mul_add_inp(t_u32 *x, t_u32 *y, int n, t_u32 a)
+t_u32
+mul_add_inp(t_u32 *x, t_u32 *y, int n, t_u32 a)
{
- return mul_add(x, x, y, n, a);
+ return mul_add(x, x, y, n, a);
}
/***************************************************************/
diff --git a/lib/freebl/mpi/mpvalpha.c b/lib/freebl/mpi/mpvalpha.c
index 943064dc5..94e86eedb 100644
--- a/lib/freebl/mpi/mpvalpha.c
+++ b/lib/freebl/mpi/mpvalpha.c
@@ -5,104 +5,104 @@
#include "mpi-priv.h"
#include <c_asm.h>
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+ { \
+ Plo = asm("mulq %a0, %a1, %v0", a, b); \
+ Phi = asm("umulh %a0, %a1, %v0", a, b); \
+ }
-#define MP_MUL_DxD(a, b, Phi, Plo) \
- { Plo = asm ("mulq %a0, %a1, %v0", a, b); \
- Phi = asm ("umulh %a0, %a1, %v0", a, b); } \
-
-/* This is empty for the loop in s_mpv_mul_d */
+/* This is empty for the loop in s_mpv_mul_d */
#define CARRY_ADD
-#define ONE_MUL \
- a_i = *a++; \
- MP_MUL_DxD(a_i, b, a1b1, a0b0); \
- a0b0 += carry; \
- if (a0b0 < carry) \
- ++a1b1; \
- CARRY_ADD \
- *c++ = a0b0; \
- carry = a1b1; \
-
-#define FOUR_MUL \
- ONE_MUL \
- ONE_MUL \
- ONE_MUL \
- ONE_MUL \
-
-#define SIXTEEN_MUL \
- FOUR_MUL \
- FOUR_MUL \
- FOUR_MUL \
- FOUR_MUL \
-
-#define THIRTYTWO_MUL \
- SIXTEEN_MUL \
- SIXTEEN_MUL \
-
-#define ONETWENTYEIGHT_MUL \
- THIRTYTWO_MUL \
- THIRTYTWO_MUL \
- THIRTYTWO_MUL \
- THIRTYTWO_MUL \
-
-
-#define EXPAND_256(CALL) \
- mp_digit carry = 0; \
- mp_digit a_i; \
- mp_digit a0b0, a1b1; \
- if (a_len &255) { \
- if (a_len &1) { \
- ONE_MUL \
- } \
- if (a_len &2) { \
- ONE_MUL \
- ONE_MUL \
- } \
- if (a_len &4) { \
- FOUR_MUL \
- } \
- if (a_len &8) { \
- FOUR_MUL \
- FOUR_MUL \
- } \
- if (a_len & 16 ) { \
- SIXTEEN_MUL \
- } \
- if (a_len & 32 ) { \
- THIRTYTWO_MUL \
- } \
- if (a_len & 64 ) { \
- THIRTYTWO_MUL \
- THIRTYTWO_MUL \
- } \
- if (a_len & 128) { \
- ONETWENTYEIGHT_MUL \
- } \
- a_len = a_len & (-256); \
- } \
- if (a_len>=256 ) { \
- carry = CALL(a, a_len, b, c, carry); \
- c += a_len; \
- } \
-
-#define FUNC_NAME(NAME) \
-mp_digit NAME(const mp_digit *a, \
- mp_size a_len, \
- mp_digit b, mp_digit *c, \
- mp_digit carry) \
-
-#define DECLARE_MUL_256(FNAME) \
-FUNC_NAME(FNAME) \
-{ \
- mp_digit a_i; \
- mp_digit a0b0, a1b1; \
- while (a_len) { \
- ONETWENTYEIGHT_MUL \
- ONETWENTYEIGHT_MUL \
- a_len-= 256; \
- } \
- return carry; \
-} \
+#define ONE_MUL \
+ a_i = *a++; \
+ MP_MUL_DxD(a_i, b, a1b1, a0b0); \
+ a0b0 += carry; \
+ if (a0b0 < carry) \
+ ++a1b1; \
+ CARRY_ADD \
+ *c++ = a0b0; \
+ carry = a1b1;
+
+#define FOUR_MUL \
+ ONE_MUL \
+ ONE_MUL \
+ ONE_MUL \
+ ONE_MUL
+
+#define SIXTEEN_MUL \
+ FOUR_MUL \
+ FOUR_MUL \
+ FOUR_MUL \
+ FOUR_MUL
+
+#define THIRTYTWO_MUL \
+ SIXTEEN_MUL \
+ SIXTEEN_MUL
+
+#define ONETWENTYEIGHT_MUL \
+ THIRTYTWO_MUL \
+ THIRTYTWO_MUL \
+ THIRTYTWO_MUL \
+ THIRTYTWO_MUL
+
+#define EXPAND_256(CALL) \
+ mp_digit carry = 0; \
+ mp_digit a_i; \
+ mp_digit a0b0, a1b1; \
+ if (a_len & 255) { \
+ if (a_len & 1) { \
+ ONE_MUL \
+ } \
+ if (a_len & 2) { \
+ ONE_MUL \
+ ONE_MUL \
+ } \
+ if (a_len & 4) { \
+ FOUR_MUL \
+ } \
+ if (a_len & 8) { \
+ FOUR_MUL \
+ FOUR_MUL \
+ } \
+ if (a_len & 16) { \
+ SIXTEEN_MUL \
+ } \
+ if (a_len & 32) { \
+ THIRTYTWO_MUL \
+ } \
+ if (a_len & 64) { \
+ THIRTYTWO_MUL \
+ THIRTYTWO_MUL \
+ } \
+ if (a_len & 128) { \
+ ONETWENTYEIGHT_MUL \
+ } \
+ a_len = a_len & (-256); \
+ } \
+ if (a_len >= 256) { \
+ carry = CALL(a, a_len, b, c, carry); \
+ c += a_len; \
+ }
+
+#define FUNC_NAME(NAME) \
+ mp_digit NAME(const mp_digit *a, \
+ mp_size a_len, \
+ mp_digit b, mp_digit *c, \
+ mp_digit carry)
+
+#define DECLARE_MUL_256(FNAME) \
+ FUNC_NAME(FNAME) \
+ { \
+ mp_digit a_i; \
+ mp_digit a0b0, a1b1; \
+ while (a_len) { \
+ ONETWENTYEIGHT_MUL \
+ ONETWENTYEIGHT_MUL \
+ a_len -= 256; \
+ } \
+ return carry; \
+ }
/* Expanding the loop in s_mpv_mul_d appeared to slow down the
(admittedly) small number of tests (i.e., timetest) used to
@@ -110,33 +110,34 @@ FUNC_NAME(FNAME) \
#define DO_NOT_EXPAND 1
/* Need forward declaration so it can be instantiated after
- the routine that uses it; this helps locality somewhat */
+ the routine that uses it; this helps locality somewhat */
#if !defined(DO_NOT_EXPAND)
FUNC_NAME(s_mpv_mul_d_MUL256);
#endif
/* c = a * b */
-void s_mpv_mul_d(const mp_digit *a, mp_size a_len,
- mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len,
+ mp_digit b, mp_digit *c)
{
#if defined(DO_NOT_EXPAND)
- mp_digit carry = 0;
- while (a_len--) {
- mp_digit a_i = *a++;
- mp_digit a0b0, a1b1;
-
- MP_MUL_DxD(a_i, b, a1b1, a0b0);
-
- a0b0 += carry;
- if (a0b0 < carry)
- ++a1b1;
- *c++ = a0b0;
- carry = a1b1;
- }
+ mp_digit carry = 0;
+ while (a_len--) {
+ mp_digit a_i = *a++;
+ mp_digit a0b0, a1b1;
+
+ MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+ a0b0 += carry;
+ if (a0b0 < carry)
+ ++a1b1;
+ *c++ = a0b0;
+ carry = a1b1;
+ }
#else
- EXPAND_256(s_mpv_mul_d_MUL256)
+ EXPAND_256(s_mpv_mul_d_MUL256)
#endif
- *c = carry;
+ *c = carry;
}
#if !defined(DO_NOT_EXPAND)
@@ -145,21 +146,22 @@ DECLARE_MUL_256(s_mpv_mul_d_MUL256)
#undef CARRY_ADD
/* This is redefined for the loop in s_mpv_mul_d_add */
-#define CARRY_ADD \
- a0b0 += a_i = *c; \
- if (a0b0 < a_i) \
- ++a1b1; \
+#define CARRY_ADD \
+ a0b0 += a_i = *c; \
+ if (a0b0 < a_i) \
+ ++a1b1;
/* Need forward declaration so it can be instantiated between the
- two routines that use it; this helps locality somewhat */
+ two routines that use it; this helps locality somewhat */
FUNC_NAME(s_mpv_mul_d_add_MUL256);
/* c += a * b */
-void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len,
- mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len,
+ mp_digit b, mp_digit *c)
{
- EXPAND_256(s_mpv_mul_d_add_MUL256)
- *c = carry;
+ EXPAND_256(s_mpv_mul_d_add_MUL256)
+ *c = carry;
}
/* Instantiate multiply 256 routine here */
@@ -167,15 +169,15 @@ DECLARE_MUL_256(s_mpv_mul_d_add_MUL256)
/* Presently, this is only used by the Montgomery arithmetic code. */
/* c += a * b */
-void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len,
- mp_digit b, mp_digit *c)
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len,
+ mp_digit b, mp_digit *c)
{
- EXPAND_256(s_mpv_mul_d_add_MUL256)
- while (carry) {
- mp_digit c_i = *c;
- carry += c_i;
- *c++ = carry;
- carry = carry < c_i;
- }
+ EXPAND_256(s_mpv_mul_d_add_MUL256)
+ while (carry) {
+ mp_digit c_i = *c;
+ carry += c_i;
+ *c++ = carry;
+ carry = carry < c_i;
+ }
}
-
diff --git a/lib/freebl/mpi/mulsqr.c b/lib/freebl/mpi/mulsqr.c
index 702ad2466..461d40ab3 100644
--- a/lib/freebl/mpi/mulsqr.c
+++ b/lib/freebl/mpi/mulsqr.c
@@ -10,74 +10,75 @@
#include <limits.h>
#include <time.h>
-#define MP_SQUARE 1 /* make sure squaring code is included */
+#define MP_SQUARE 1 /* make sure squaring code is included */
#include "mpi.h"
#include "mpprime.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ntests, prec, ix;
- unsigned int seed;
- clock_t start, stop;
- double multime, sqrtime;
- mp_int a, c;
-
- seed = (unsigned int)time(NULL);
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <ntests> <nbits>\n", argv[0]);
- return 1;
- }
-
- if((ntests = abs(atoi(argv[1]))) == 0) {
- fprintf(stderr, "%s: must request at least 1 test.\n", argv[0]);
- return 1;
- }
- if((prec = abs(atoi(argv[2]))) < CHAR_BIT) {
- fprintf(stderr, "%s: must request at least %d bits.\n", argv[0],
- CHAR_BIT);
- return 1;
- }
-
- prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
-
- mp_init_size(&a, prec);
- mp_init_size(&c, 2 * prec);
-
- /* Test multiplication by self */
- srand(seed);
- start = clock();
- for(ix = 0; ix < ntests; ix++) {
- mpp_random_size(&a, prec);
- mp_mul(&a, &a, &c);
- }
- stop = clock();
-
- multime = (double)(stop - start) / CLOCKS_PER_SEC;
-
- /* Test squaring */
- srand(seed);
- start = clock();
- for(ix = 0; ix < ntests; ix++) {
- mpp_random_size(&a, prec);
- mp_sqr(&a, &c);
- }
- stop = clock();
-
- sqrtime = (double)(stop - start) / CLOCKS_PER_SEC;
-
- printf("Multiply: %.4f\n", multime);
- printf("Square: %.4f\n", sqrtime);
- if(multime < sqrtime) {
- printf("Speedup: %.1f%%\n", 100.0 * (1.0 - multime / sqrtime));
- printf("Prefer: multiply\n");
- } else {
- printf("Speedup: %.1f%%\n", 100.0 * (1.0 - sqrtime / multime));
- printf("Prefer: square\n");
- }
-
- mp_clear(&a); mp_clear(&c);
- return 0;
-
+ int ntests, prec, ix;
+ unsigned int seed;
+ clock_t start, stop;
+ double multime, sqrtime;
+ mp_int a, c;
+
+ seed = (unsigned int)time(NULL);
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <ntests> <nbits>\n", argv[0]);
+ return 1;
+ }
+
+ if ((ntests = abs(atoi(argv[1]))) == 0) {
+ fprintf(stderr, "%s: must request at least 1 test.\n", argv[0]);
+ return 1;
+ }
+ if ((prec = abs(atoi(argv[2]))) < CHAR_BIT) {
+ fprintf(stderr, "%s: must request at least %d bits.\n", argv[0],
+ CHAR_BIT);
+ return 1;
+ }
+
+ prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+
+ mp_init_size(&a, prec);
+ mp_init_size(&c, 2 * prec);
+
+ /* Test multiplication by self */
+ srand(seed);
+ start = clock();
+ for (ix = 0; ix < ntests; ix++) {
+ mpp_random_size(&a, prec);
+ mp_mul(&a, &a, &c);
+ }
+ stop = clock();
+
+ multime = (double)(stop - start) / CLOCKS_PER_SEC;
+
+ /* Test squaring */
+ srand(seed);
+ start = clock();
+ for (ix = 0; ix < ntests; ix++) {
+ mpp_random_size(&a, prec);
+ mp_sqr(&a, &c);
+ }
+ stop = clock();
+
+ sqrtime = (double)(stop - start) / CLOCKS_PER_SEC;
+
+ printf("Multiply: %.4f\n", multime);
+ printf("Square: %.4f\n", sqrtime);
+ if (multime < sqrtime) {
+ printf("Speedup: %.1f%%\n", 100.0 * (1.0 - multime / sqrtime));
+ printf("Prefer: multiply\n");
+ } else {
+ printf("Speedup: %.1f%%\n", 100.0 * (1.0 - sqrtime / multime));
+ printf("Prefer: square\n");
+ }
+
+ mp_clear(&a);
+ mp_clear(&c);
+ return 0;
}
diff --git a/lib/freebl/mpi/primes.c b/lib/freebl/mpi/primes.c
index 58536ad5a..c8bd93ff9 100644
--- a/lib/freebl/mpi/primes.c
+++ b/lib/freebl/mpi/primes.c
@@ -1,6 +1,6 @@
/*
* These tables of primes wwere generated using the 'sieve' program
- * (sieve.c) and converted to this format with 'ptab.pl'.
+ * (sieve.c) and converted to this format with 'ptab.pl'.
*
* The 'small' table is just the first 128 primes. The 'large' table
* is a table of all the prime values that will fit into a single
@@ -17,826 +17,825 @@
#endif
const int prime_tab_size = MP_PRIME_TAB_SIZE;
-const mp_digit prime_tab[] = {
- 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
- 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
- 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
- 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083,
- 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
- 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
- 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
- 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
- 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
- 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
- 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
- 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
- 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
- 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
- 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
- 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
-#if ! SMALL_TABLE
- 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
- 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
- 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
- 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
- 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
- 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
- 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
- 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
- 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
- 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
- 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
- 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
- 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
- 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
- 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
- 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653,
- 0x0655, 0x065B, 0x0665, 0x0679, 0x067F, 0x0683, 0x0685, 0x069D,
- 0x06A1, 0x06A3, 0x06AD, 0x06B9, 0x06BB, 0x06C5, 0x06CD, 0x06D3,
- 0x06D9, 0x06DF, 0x06F1, 0x06F7, 0x06FB, 0x06FD, 0x0709, 0x0713,
- 0x071F, 0x0727, 0x0737, 0x0745, 0x074B, 0x074F, 0x0751, 0x0755,
- 0x0757, 0x0761, 0x076D, 0x0773, 0x0779, 0x078B, 0x078D, 0x079D,
- 0x079F, 0x07B5, 0x07BB, 0x07C3, 0x07C9, 0x07CD, 0x07CF, 0x07D3,
- 0x07DB, 0x07E1, 0x07EB, 0x07ED, 0x07F7, 0x0805, 0x080F, 0x0815,
- 0x0821, 0x0823, 0x0827, 0x0829, 0x0833, 0x083F, 0x0841, 0x0851,
- 0x0853, 0x0859, 0x085D, 0x085F, 0x0869, 0x0871, 0x0883, 0x089B,
- 0x089F, 0x08A5, 0x08AD, 0x08BD, 0x08BF, 0x08C3, 0x08CB, 0x08DB,
- 0x08DD, 0x08E1, 0x08E9, 0x08EF, 0x08F5, 0x08F9, 0x0905, 0x0907,
- 0x091D, 0x0923, 0x0925, 0x092B, 0x092F, 0x0935, 0x0943, 0x0949,
- 0x094D, 0x094F, 0x0955, 0x0959, 0x095F, 0x096B, 0x0971, 0x0977,
- 0x0985, 0x0989, 0x098F, 0x099B, 0x09A3, 0x09A9, 0x09AD, 0x09C7,
- 0x09D9, 0x09E3, 0x09EB, 0x09EF, 0x09F5, 0x09F7, 0x09FD, 0x0A13,
- 0x0A1F, 0x0A21, 0x0A31, 0x0A39, 0x0A3D, 0x0A49, 0x0A57, 0x0A61,
- 0x0A63, 0x0A67, 0x0A6F, 0x0A75, 0x0A7B, 0x0A7F, 0x0A81, 0x0A85,
- 0x0A8B, 0x0A93, 0x0A97, 0x0A99, 0x0A9F, 0x0AA9, 0x0AAB, 0x0AB5,
- 0x0ABD, 0x0AC1, 0x0ACF, 0x0AD9, 0x0AE5, 0x0AE7, 0x0AED, 0x0AF1,
- 0x0AF3, 0x0B03, 0x0B11, 0x0B15, 0x0B1B, 0x0B23, 0x0B29, 0x0B2D,
- 0x0B3F, 0x0B47, 0x0B51, 0x0B57, 0x0B5D, 0x0B65, 0x0B6F, 0x0B7B,
- 0x0B89, 0x0B8D, 0x0B93, 0x0B99, 0x0B9B, 0x0BB7, 0x0BB9, 0x0BC3,
- 0x0BCB, 0x0BCF, 0x0BDD, 0x0BE1, 0x0BE9, 0x0BF5, 0x0BFB, 0x0C07,
- 0x0C0B, 0x0C11, 0x0C25, 0x0C2F, 0x0C31, 0x0C41, 0x0C5B, 0x0C5F,
- 0x0C61, 0x0C6D, 0x0C73, 0x0C77, 0x0C83, 0x0C89, 0x0C91, 0x0C95,
- 0x0C9D, 0x0CB3, 0x0CB5, 0x0CB9, 0x0CBB, 0x0CC7, 0x0CE3, 0x0CE5,
- 0x0CEB, 0x0CF1, 0x0CF7, 0x0CFB, 0x0D01, 0x0D03, 0x0D0F, 0x0D13,
- 0x0D1F, 0x0D21, 0x0D2B, 0x0D2D, 0x0D3D, 0x0D3F, 0x0D4F, 0x0D55,
- 0x0D69, 0x0D79, 0x0D81, 0x0D85, 0x0D87, 0x0D8B, 0x0D8D, 0x0DA3,
- 0x0DAB, 0x0DB7, 0x0DBD, 0x0DC7, 0x0DC9, 0x0DCD, 0x0DD3, 0x0DD5,
- 0x0DDB, 0x0DE5, 0x0DE7, 0x0DF3, 0x0DFD, 0x0DFF, 0x0E09, 0x0E17,
- 0x0E1D, 0x0E21, 0x0E27, 0x0E2F, 0x0E35, 0x0E3B, 0x0E4B, 0x0E57,
- 0x0E59, 0x0E5D, 0x0E6B, 0x0E71, 0x0E75, 0x0E7D, 0x0E87, 0x0E8F,
- 0x0E95, 0x0E9B, 0x0EB1, 0x0EB7, 0x0EB9, 0x0EC3, 0x0ED1, 0x0ED5,
- 0x0EDB, 0x0EED, 0x0EEF, 0x0EF9, 0x0F07, 0x0F0B, 0x0F0D, 0x0F17,
- 0x0F25, 0x0F29, 0x0F31, 0x0F43, 0x0F47, 0x0F4D, 0x0F4F, 0x0F53,
- 0x0F59, 0x0F5B, 0x0F67, 0x0F6B, 0x0F7F, 0x0F95, 0x0FA1, 0x0FA3,
- 0x0FA7, 0x0FAD, 0x0FB3, 0x0FB5, 0x0FBB, 0x0FD1, 0x0FD3, 0x0FD9,
- 0x0FE9, 0x0FEF, 0x0FFB, 0x0FFD, 0x1003, 0x100F, 0x101F, 0x1021,
- 0x1025, 0x102B, 0x1039, 0x103D, 0x103F, 0x1051, 0x1069, 0x1073,
- 0x1079, 0x107B, 0x1085, 0x1087, 0x1091, 0x1093, 0x109D, 0x10A3,
- 0x10A5, 0x10AF, 0x10B1, 0x10BB, 0x10C1, 0x10C9, 0x10E7, 0x10F1,
- 0x10F3, 0x10FD, 0x1105, 0x110B, 0x1115, 0x1127, 0x112D, 0x1139,
- 0x1145, 0x1147, 0x1159, 0x115F, 0x1163, 0x1169, 0x116F, 0x1181,
- 0x1183, 0x118D, 0x119B, 0x11A1, 0x11A5, 0x11A7, 0x11AB, 0x11C3,
- 0x11C5, 0x11D1, 0x11D7, 0x11E7, 0x11EF, 0x11F5, 0x11FB, 0x120D,
- 0x121D, 0x121F, 0x1223, 0x1229, 0x122B, 0x1231, 0x1237, 0x1241,
- 0x1247, 0x1253, 0x125F, 0x1271, 0x1273, 0x1279, 0x127D, 0x128F,
- 0x1297, 0x12AF, 0x12B3, 0x12B5, 0x12B9, 0x12BF, 0x12C1, 0x12CD,
- 0x12D1, 0x12DF, 0x12FD, 0x1307, 0x130D, 0x1319, 0x1327, 0x132D,
- 0x1337, 0x1343, 0x1345, 0x1349, 0x134F, 0x1357, 0x135D, 0x1367,
- 0x1369, 0x136D, 0x137B, 0x1381, 0x1387, 0x138B, 0x1391, 0x1393,
- 0x139D, 0x139F, 0x13AF, 0x13BB, 0x13C3, 0x13D5, 0x13D9, 0x13DF,
- 0x13EB, 0x13ED, 0x13F3, 0x13F9, 0x13FF, 0x141B, 0x1421, 0x142F,
- 0x1433, 0x143B, 0x1445, 0x144D, 0x1459, 0x146B, 0x146F, 0x1471,
- 0x1475, 0x148D, 0x1499, 0x149F, 0x14A1, 0x14B1, 0x14B7, 0x14BD,
- 0x14CB, 0x14D5, 0x14E3, 0x14E7, 0x1505, 0x150B, 0x1511, 0x1517,
- 0x151F, 0x1525, 0x1529, 0x152B, 0x1537, 0x153D, 0x1541, 0x1543,
- 0x1549, 0x155F, 0x1565, 0x1567, 0x156B, 0x157D, 0x157F, 0x1583,
- 0x158F, 0x1591, 0x1597, 0x159B, 0x15B5, 0x15BB, 0x15C1, 0x15C5,
- 0x15CD, 0x15D7, 0x15F7, 0x1607, 0x1609, 0x160F, 0x1613, 0x1615,
- 0x1619, 0x161B, 0x1625, 0x1633, 0x1639, 0x163D, 0x1645, 0x164F,
- 0x1655, 0x1669, 0x166D, 0x166F, 0x1675, 0x1693, 0x1697, 0x169F,
- 0x16A9, 0x16AF, 0x16B5, 0x16BD, 0x16C3, 0x16CF, 0x16D3, 0x16D9,
- 0x16DB, 0x16E1, 0x16E5, 0x16EB, 0x16ED, 0x16F7, 0x16F9, 0x1709,
- 0x170F, 0x1723, 0x1727, 0x1733, 0x1741, 0x175D, 0x1763, 0x1777,
- 0x177B, 0x178D, 0x1795, 0x179B, 0x179F, 0x17A5, 0x17B3, 0x17B9,
- 0x17BF, 0x17C9, 0x17CB, 0x17D5, 0x17E1, 0x17E9, 0x17F3, 0x17F5,
- 0x17FF, 0x1807, 0x1813, 0x181D, 0x1835, 0x1837, 0x183B, 0x1843,
- 0x1849, 0x184D, 0x1855, 0x1867, 0x1871, 0x1877, 0x187D, 0x187F,
- 0x1885, 0x188F, 0x189B, 0x189D, 0x18A7, 0x18AD, 0x18B3, 0x18B9,
- 0x18C1, 0x18C7, 0x18D1, 0x18D7, 0x18D9, 0x18DF, 0x18E5, 0x18EB,
- 0x18F5, 0x18FD, 0x1915, 0x191B, 0x1931, 0x1933, 0x1945, 0x1949,
- 0x1951, 0x195B, 0x1979, 0x1981, 0x1993, 0x1997, 0x1999, 0x19A3,
- 0x19A9, 0x19AB, 0x19B1, 0x19B5, 0x19C7, 0x19CF, 0x19DB, 0x19ED,
- 0x19FD, 0x1A03, 0x1A05, 0x1A11, 0x1A17, 0x1A21, 0x1A23, 0x1A2D,
- 0x1A2F, 0x1A35, 0x1A3F, 0x1A4D, 0x1A51, 0x1A69, 0x1A6B, 0x1A7B,
- 0x1A7D, 0x1A87, 0x1A89, 0x1A93, 0x1AA7, 0x1AAB, 0x1AAD, 0x1AB1,
- 0x1AB9, 0x1AC9, 0x1ACF, 0x1AD5, 0x1AD7, 0x1AE3, 0x1AF3, 0x1AFB,
- 0x1AFF, 0x1B05, 0x1B23, 0x1B25, 0x1B2F, 0x1B31, 0x1B37, 0x1B3B,
- 0x1B41, 0x1B47, 0x1B4F, 0x1B55, 0x1B59, 0x1B65, 0x1B6B, 0x1B73,
- 0x1B7F, 0x1B83, 0x1B91, 0x1B9D, 0x1BA7, 0x1BBF, 0x1BC5, 0x1BD1,
- 0x1BD7, 0x1BD9, 0x1BEF, 0x1BF7, 0x1C09, 0x1C13, 0x1C19, 0x1C27,
- 0x1C2B, 0x1C2D, 0x1C33, 0x1C3D, 0x1C45, 0x1C4B, 0x1C4F, 0x1C55,
- 0x1C73, 0x1C81, 0x1C8B, 0x1C8D, 0x1C99, 0x1CA3, 0x1CA5, 0x1CB5,
- 0x1CB7, 0x1CC9, 0x1CE1, 0x1CF3, 0x1CF9, 0x1D09, 0x1D1B, 0x1D21,
- 0x1D23, 0x1D35, 0x1D39, 0x1D3F, 0x1D41, 0x1D4B, 0x1D53, 0x1D5D,
- 0x1D63, 0x1D69, 0x1D71, 0x1D75, 0x1D7B, 0x1D7D, 0x1D87, 0x1D89,
- 0x1D95, 0x1D99, 0x1D9F, 0x1DA5, 0x1DA7, 0x1DB3, 0x1DB7, 0x1DC5,
- 0x1DD7, 0x1DDB, 0x1DE1, 0x1DF5, 0x1DF9, 0x1E01, 0x1E07, 0x1E0B,
- 0x1E13, 0x1E17, 0x1E25, 0x1E2B, 0x1E2F, 0x1E3D, 0x1E49, 0x1E4D,
- 0x1E4F, 0x1E6D, 0x1E71, 0x1E89, 0x1E8F, 0x1E95, 0x1EA1, 0x1EAD,
- 0x1EBB, 0x1EC1, 0x1EC5, 0x1EC7, 0x1ECB, 0x1EDD, 0x1EE3, 0x1EEF,
- 0x1EF7, 0x1EFD, 0x1F01, 0x1F0D, 0x1F0F, 0x1F1B, 0x1F39, 0x1F49,
- 0x1F4B, 0x1F51, 0x1F67, 0x1F75, 0x1F7B, 0x1F85, 0x1F91, 0x1F97,
- 0x1F99, 0x1F9D, 0x1FA5, 0x1FAF, 0x1FB5, 0x1FBB, 0x1FD3, 0x1FE1,
- 0x1FE7, 0x1FEB, 0x1FF3, 0x1FFF, 0x2011, 0x201B, 0x201D, 0x2027,
- 0x2029, 0x202D, 0x2033, 0x2047, 0x204D, 0x2051, 0x205F, 0x2063,
- 0x2065, 0x2069, 0x2077, 0x207D, 0x2089, 0x20A1, 0x20AB, 0x20B1,
- 0x20B9, 0x20C3, 0x20C5, 0x20E3, 0x20E7, 0x20ED, 0x20EF, 0x20FB,
- 0x20FF, 0x210D, 0x2113, 0x2135, 0x2141, 0x2149, 0x214F, 0x2159,
- 0x215B, 0x215F, 0x2173, 0x217D, 0x2185, 0x2195, 0x2197, 0x21A1,
- 0x21AF, 0x21B3, 0x21B5, 0x21C1, 0x21C7, 0x21D7, 0x21DD, 0x21E5,
- 0x21E9, 0x21F1, 0x21F5, 0x21FB, 0x2203, 0x2209, 0x220F, 0x221B,
- 0x2221, 0x2225, 0x222B, 0x2231, 0x2239, 0x224B, 0x224F, 0x2263,
- 0x2267, 0x2273, 0x2275, 0x227F, 0x2285, 0x2287, 0x2291, 0x229D,
- 0x229F, 0x22A3, 0x22B7, 0x22BD, 0x22DB, 0x22E1, 0x22E5, 0x22ED,
- 0x22F7, 0x2303, 0x2309, 0x230B, 0x2327, 0x2329, 0x232F, 0x2333,
- 0x2335, 0x2345, 0x2351, 0x2353, 0x2359, 0x2363, 0x236B, 0x2383,
- 0x238F, 0x2395, 0x23A7, 0x23AD, 0x23B1, 0x23BF, 0x23C5, 0x23C9,
- 0x23D5, 0x23DD, 0x23E3, 0x23EF, 0x23F3, 0x23F9, 0x2405, 0x240B,
- 0x2417, 0x2419, 0x2429, 0x243D, 0x2441, 0x2443, 0x244D, 0x245F,
- 0x2467, 0x246B, 0x2479, 0x247D, 0x247F, 0x2485, 0x249B, 0x24A1,
- 0x24AF, 0x24B5, 0x24BB, 0x24C5, 0x24CB, 0x24CD, 0x24D7, 0x24D9,
- 0x24DD, 0x24DF, 0x24F5, 0x24F7, 0x24FB, 0x2501, 0x2507, 0x2513,
- 0x2519, 0x2527, 0x2531, 0x253D, 0x2543, 0x254B, 0x254F, 0x2573,
- 0x2581, 0x258D, 0x2593, 0x2597, 0x259D, 0x259F, 0x25AB, 0x25B1,
- 0x25BD, 0x25CD, 0x25CF, 0x25D9, 0x25E1, 0x25F7, 0x25F9, 0x2605,
- 0x260B, 0x260F, 0x2615, 0x2627, 0x2629, 0x2635, 0x263B, 0x263F,
- 0x264B, 0x2653, 0x2659, 0x2665, 0x2669, 0x266F, 0x267B, 0x2681,
- 0x2683, 0x268F, 0x269B, 0x269F, 0x26AD, 0x26B3, 0x26C3, 0x26C9,
- 0x26CB, 0x26D5, 0x26DD, 0x26EF, 0x26F5, 0x2717, 0x2719, 0x2735,
- 0x2737, 0x274D, 0x2753, 0x2755, 0x275F, 0x276B, 0x276D, 0x2773,
- 0x2777, 0x277F, 0x2795, 0x279B, 0x279D, 0x27A7, 0x27AF, 0x27B3,
- 0x27B9, 0x27C1, 0x27C5, 0x27D1, 0x27E3, 0x27EF, 0x2803, 0x2807,
- 0x280D, 0x2813, 0x281B, 0x281F, 0x2821, 0x2831, 0x283D, 0x283F,
- 0x2849, 0x2851, 0x285B, 0x285D, 0x2861, 0x2867, 0x2875, 0x2881,
- 0x2897, 0x289F, 0x28BB, 0x28BD, 0x28C1, 0x28D5, 0x28D9, 0x28DB,
- 0x28DF, 0x28ED, 0x28F7, 0x2903, 0x2905, 0x2911, 0x2921, 0x2923,
- 0x293F, 0x2947, 0x295D, 0x2965, 0x2969, 0x296F, 0x2975, 0x2983,
- 0x2987, 0x298F, 0x299B, 0x29A1, 0x29A7, 0x29AB, 0x29BF, 0x29C3,
- 0x29D5, 0x29D7, 0x29E3, 0x29E9, 0x29ED, 0x29F3, 0x2A01, 0x2A13,
- 0x2A1D, 0x2A25, 0x2A2F, 0x2A4F, 0x2A55, 0x2A5F, 0x2A65, 0x2A6B,
- 0x2A6D, 0x2A73, 0x2A83, 0x2A89, 0x2A8B, 0x2A97, 0x2A9D, 0x2AB9,
- 0x2ABB, 0x2AC5, 0x2ACD, 0x2ADD, 0x2AE3, 0x2AEB, 0x2AF1, 0x2AFB,
- 0x2B13, 0x2B27, 0x2B31, 0x2B33, 0x2B3D, 0x2B3F, 0x2B4B, 0x2B4F,
- 0x2B55, 0x2B69, 0x2B6D, 0x2B6F, 0x2B7B, 0x2B8D, 0x2B97, 0x2B99,
- 0x2BA3, 0x2BA5, 0x2BA9, 0x2BBD, 0x2BCD, 0x2BE7, 0x2BEB, 0x2BF3,
- 0x2BF9, 0x2BFD, 0x2C09, 0x2C0F, 0x2C17, 0x2C23, 0x2C2F, 0x2C35,
- 0x2C39, 0x2C41, 0x2C57, 0x2C59, 0x2C69, 0x2C77, 0x2C81, 0x2C87,
- 0x2C93, 0x2C9F, 0x2CAD, 0x2CB3, 0x2CB7, 0x2CCB, 0x2CCF, 0x2CDB,
- 0x2CE1, 0x2CE3, 0x2CE9, 0x2CEF, 0x2CFF, 0x2D07, 0x2D1D, 0x2D1F,
- 0x2D3B, 0x2D43, 0x2D49, 0x2D4D, 0x2D61, 0x2D65, 0x2D71, 0x2D89,
- 0x2D9D, 0x2DA1, 0x2DA9, 0x2DB3, 0x2DB5, 0x2DC5, 0x2DC7, 0x2DD3,
- 0x2DDF, 0x2E01, 0x2E03, 0x2E07, 0x2E0D, 0x2E19, 0x2E1F, 0x2E25,
- 0x2E2D, 0x2E33, 0x2E37, 0x2E39, 0x2E3F, 0x2E57, 0x2E5B, 0x2E6F,
- 0x2E79, 0x2E7F, 0x2E85, 0x2E93, 0x2E97, 0x2E9D, 0x2EA3, 0x2EA5,
- 0x2EB1, 0x2EB7, 0x2EC1, 0x2EC3, 0x2ECD, 0x2ED3, 0x2EE7, 0x2EEB,
- 0x2F05, 0x2F09, 0x2F0B, 0x2F11, 0x2F27, 0x2F29, 0x2F41, 0x2F45,
- 0x2F4B, 0x2F4D, 0x2F51, 0x2F57, 0x2F6F, 0x2F75, 0x2F7D, 0x2F81,
- 0x2F83, 0x2FA5, 0x2FAB, 0x2FB3, 0x2FC3, 0x2FCF, 0x2FD1, 0x2FDB,
- 0x2FDD, 0x2FE7, 0x2FED, 0x2FF5, 0x2FF9, 0x3001, 0x300D, 0x3023,
- 0x3029, 0x3037, 0x303B, 0x3055, 0x3059, 0x305B, 0x3067, 0x3071,
- 0x3079, 0x307D, 0x3085, 0x3091, 0x3095, 0x30A3, 0x30A9, 0x30B9,
- 0x30BF, 0x30C7, 0x30CB, 0x30D1, 0x30D7, 0x30DF, 0x30E5, 0x30EF,
- 0x30FB, 0x30FD, 0x3103, 0x3109, 0x3119, 0x3121, 0x3127, 0x312D,
- 0x3139, 0x3143, 0x3145, 0x314B, 0x315D, 0x3161, 0x3167, 0x316D,
- 0x3173, 0x317F, 0x3191, 0x3199, 0x319F, 0x31A9, 0x31B1, 0x31C3,
- 0x31C7, 0x31D5, 0x31DB, 0x31ED, 0x31F7, 0x31FF, 0x3209, 0x3215,
- 0x3217, 0x321D, 0x3229, 0x3235, 0x3259, 0x325D, 0x3263, 0x326B,
- 0x326F, 0x3275, 0x3277, 0x327B, 0x328D, 0x3299, 0x329F, 0x32A7,
- 0x32AD, 0x32B3, 0x32B7, 0x32C9, 0x32CB, 0x32CF, 0x32D1, 0x32E9,
- 0x32ED, 0x32F3, 0x32F9, 0x3307, 0x3325, 0x332B, 0x332F, 0x3335,
- 0x3341, 0x3347, 0x335B, 0x335F, 0x3367, 0x336B, 0x3373, 0x3379,
- 0x337F, 0x3383, 0x33A1, 0x33A3, 0x33AD, 0x33B9, 0x33C1, 0x33CB,
- 0x33D3, 0x33EB, 0x33F1, 0x33FD, 0x3401, 0x340F, 0x3413, 0x3419,
- 0x341B, 0x3437, 0x3445, 0x3455, 0x3457, 0x3463, 0x3469, 0x346D,
- 0x3481, 0x348B, 0x3491, 0x3497, 0x349D, 0x34A5, 0x34AF, 0x34BB,
- 0x34C9, 0x34D3, 0x34E1, 0x34F1, 0x34FF, 0x3509, 0x3517, 0x351D,
- 0x352D, 0x3533, 0x353B, 0x3541, 0x3551, 0x3565, 0x356F, 0x3571,
- 0x3577, 0x357B, 0x357D, 0x3581, 0x358D, 0x358F, 0x3599, 0x359B,
- 0x35A1, 0x35B7, 0x35BD, 0x35BF, 0x35C3, 0x35D5, 0x35DD, 0x35E7,
- 0x35EF, 0x3605, 0x3607, 0x3611, 0x3623, 0x3631, 0x3635, 0x3637,
- 0x363B, 0x364D, 0x364F, 0x3653, 0x3659, 0x3661, 0x366B, 0x366D,
- 0x368B, 0x368F, 0x36AD, 0x36AF, 0x36B9, 0x36BB, 0x36CD, 0x36D1,
- 0x36E3, 0x36E9, 0x36F7, 0x3701, 0x3703, 0x3707, 0x371B, 0x373F,
- 0x3745, 0x3749, 0x374F, 0x375D, 0x3761, 0x3775, 0x377F, 0x378D,
- 0x37A3, 0x37A9, 0x37AB, 0x37C9, 0x37D5, 0x37DF, 0x37F1, 0x37F3,
- 0x37F7, 0x3805, 0x380B, 0x3821, 0x3833, 0x3835, 0x3841, 0x3847,
- 0x384B, 0x3853, 0x3857, 0x385F, 0x3865, 0x386F, 0x3871, 0x387D,
- 0x388F, 0x3899, 0x38A7, 0x38B7, 0x38C5, 0x38C9, 0x38CF, 0x38D5,
- 0x38D7, 0x38DD, 0x38E1, 0x38E3, 0x38FF, 0x3901, 0x391D, 0x3923,
- 0x3925, 0x3929, 0x392F, 0x393D, 0x3941, 0x394D, 0x395B, 0x396B,
- 0x3979, 0x397D, 0x3983, 0x398B, 0x3991, 0x3995, 0x399B, 0x39A1,
- 0x39A7, 0x39AF, 0x39B3, 0x39BB, 0x39BF, 0x39CD, 0x39DD, 0x39E5,
- 0x39EB, 0x39EF, 0x39FB, 0x3A03, 0x3A13, 0x3A15, 0x3A1F, 0x3A27,
- 0x3A2B, 0x3A31, 0x3A4B, 0x3A51, 0x3A5B, 0x3A63, 0x3A67, 0x3A6D,
- 0x3A79, 0x3A87, 0x3AA5, 0x3AA9, 0x3AB7, 0x3ACD, 0x3AD5, 0x3AE1,
- 0x3AE5, 0x3AEB, 0x3AF3, 0x3AFD, 0x3B03, 0x3B11, 0x3B1B, 0x3B21,
- 0x3B23, 0x3B2D, 0x3B39, 0x3B45, 0x3B53, 0x3B59, 0x3B5F, 0x3B71,
- 0x3B7B, 0x3B81, 0x3B89, 0x3B9B, 0x3B9F, 0x3BA5, 0x3BA7, 0x3BAD,
- 0x3BB7, 0x3BB9, 0x3BC3, 0x3BCB, 0x3BD1, 0x3BD7, 0x3BE1, 0x3BE3,
- 0x3BF5, 0x3BFF, 0x3C01, 0x3C0D, 0x3C11, 0x3C17, 0x3C1F, 0x3C29,
- 0x3C35, 0x3C43, 0x3C4F, 0x3C53, 0x3C5B, 0x3C65, 0x3C6B, 0x3C71,
- 0x3C85, 0x3C89, 0x3C97, 0x3CA7, 0x3CB5, 0x3CBF, 0x3CC7, 0x3CD1,
- 0x3CDD, 0x3CDF, 0x3CF1, 0x3CF7, 0x3D03, 0x3D0D, 0x3D19, 0x3D1B,
- 0x3D1F, 0x3D21, 0x3D2D, 0x3D33, 0x3D37, 0x3D3F, 0x3D43, 0x3D6F,
- 0x3D73, 0x3D75, 0x3D79, 0x3D7B, 0x3D85, 0x3D91, 0x3D97, 0x3D9D,
- 0x3DAB, 0x3DAF, 0x3DB5, 0x3DBB, 0x3DC1, 0x3DC9, 0x3DCF, 0x3DF3,
- 0x3E05, 0x3E09, 0x3E0F, 0x3E11, 0x3E1D, 0x3E23, 0x3E29, 0x3E2F,
- 0x3E33, 0x3E41, 0x3E57, 0x3E63, 0x3E65, 0x3E77, 0x3E81, 0x3E87,
- 0x3EA1, 0x3EB9, 0x3EBD, 0x3EBF, 0x3EC3, 0x3EC5, 0x3EC9, 0x3ED7,
- 0x3EDB, 0x3EE1, 0x3EE7, 0x3EEF, 0x3EFF, 0x3F0B, 0x3F0D, 0x3F37,
- 0x3F3B, 0x3F3D, 0x3F41, 0x3F59, 0x3F5F, 0x3F65, 0x3F67, 0x3F79,
- 0x3F7D, 0x3F8B, 0x3F91, 0x3FAD, 0x3FBF, 0x3FCD, 0x3FD3, 0x3FDD,
- 0x3FE9, 0x3FEB, 0x3FF1, 0x3FFD, 0x401B, 0x4021, 0x4025, 0x402B,
- 0x4031, 0x403F, 0x4043, 0x4045, 0x405D, 0x4061, 0x4067, 0x406D,
- 0x4087, 0x4091, 0x40A3, 0x40A9, 0x40B1, 0x40B7, 0x40BD, 0x40DB,
- 0x40DF, 0x40EB, 0x40F7, 0x40F9, 0x4109, 0x410B, 0x4111, 0x4115,
- 0x4121, 0x4133, 0x4135, 0x413B, 0x413F, 0x4159, 0x4165, 0x416B,
- 0x4177, 0x417B, 0x4193, 0x41AB, 0x41B7, 0x41BD, 0x41BF, 0x41CB,
- 0x41E7, 0x41EF, 0x41F3, 0x41F9, 0x4205, 0x4207, 0x4219, 0x421F,
- 0x4223, 0x4229, 0x422F, 0x4243, 0x4253, 0x4255, 0x425B, 0x4261,
- 0x4273, 0x427D, 0x4283, 0x4285, 0x4289, 0x4291, 0x4297, 0x429D,
- 0x42B5, 0x42C5, 0x42CB, 0x42D3, 0x42DD, 0x42E3, 0x42F1, 0x4307,
- 0x430F, 0x431F, 0x4325, 0x4327, 0x4333, 0x4337, 0x4339, 0x434F,
- 0x4357, 0x4369, 0x438B, 0x438D, 0x4393, 0x43A5, 0x43A9, 0x43AF,
- 0x43B5, 0x43BD, 0x43C7, 0x43CF, 0x43E1, 0x43E7, 0x43EB, 0x43ED,
- 0x43F1, 0x43F9, 0x4409, 0x440B, 0x4417, 0x4423, 0x4429, 0x443B,
- 0x443F, 0x4445, 0x444B, 0x4451, 0x4453, 0x4459, 0x4465, 0x446F,
- 0x4483, 0x448F, 0x44A1, 0x44A5, 0x44AB, 0x44AD, 0x44BD, 0x44BF,
- 0x44C9, 0x44D7, 0x44DB, 0x44F9, 0x44FB, 0x4505, 0x4511, 0x4513,
- 0x452B, 0x4531, 0x4541, 0x4549, 0x4553, 0x4555, 0x4561, 0x4577,
- 0x457D, 0x457F, 0x458F, 0x45A3, 0x45AD, 0x45AF, 0x45BB, 0x45C7,
- 0x45D9, 0x45E3, 0x45EF, 0x45F5, 0x45F7, 0x4601, 0x4603, 0x4609,
- 0x4613, 0x4625, 0x4627, 0x4633, 0x4639, 0x463D, 0x4643, 0x4645,
- 0x465D, 0x4679, 0x467B, 0x467F, 0x4681, 0x468B, 0x468D, 0x469D,
- 0x46A9, 0x46B1, 0x46C7, 0x46C9, 0x46CF, 0x46D3, 0x46D5, 0x46DF,
- 0x46E5, 0x46F9, 0x4705, 0x470F, 0x4717, 0x4723, 0x4729, 0x472F,
- 0x4735, 0x4739, 0x474B, 0x474D, 0x4751, 0x475D, 0x476F, 0x4771,
- 0x477D, 0x4783, 0x4787, 0x4789, 0x4799, 0x47A5, 0x47B1, 0x47BF,
- 0x47C3, 0x47CB, 0x47DD, 0x47E1, 0x47ED, 0x47FB, 0x4801, 0x4807,
- 0x480B, 0x4813, 0x4819, 0x481D, 0x4831, 0x483D, 0x4847, 0x4855,
- 0x4859, 0x485B, 0x486B, 0x486D, 0x4879, 0x4897, 0x489B, 0x48A1,
- 0x48B9, 0x48CD, 0x48E5, 0x48EF, 0x48F7, 0x4903, 0x490D, 0x4919,
- 0x491F, 0x492B, 0x4937, 0x493D, 0x4945, 0x4955, 0x4963, 0x4969,
- 0x496D, 0x4973, 0x4997, 0x49AB, 0x49B5, 0x49D3, 0x49DF, 0x49E1,
- 0x49E5, 0x49E7, 0x4A03, 0x4A0F, 0x4A1D, 0x4A23, 0x4A39, 0x4A41,
- 0x4A45, 0x4A57, 0x4A5D, 0x4A6B, 0x4A7D, 0x4A81, 0x4A87, 0x4A89,
- 0x4A8F, 0x4AB1, 0x4AC3, 0x4AC5, 0x4AD5, 0x4ADB, 0x4AED, 0x4AEF,
- 0x4B07, 0x4B0B, 0x4B0D, 0x4B13, 0x4B1F, 0x4B25, 0x4B31, 0x4B3B,
- 0x4B43, 0x4B49, 0x4B59, 0x4B65, 0x4B6D, 0x4B77, 0x4B85, 0x4BAD,
- 0x4BB3, 0x4BB5, 0x4BBB, 0x4BBF, 0x4BCB, 0x4BD9, 0x4BDD, 0x4BDF,
- 0x4BE3, 0x4BE5, 0x4BE9, 0x4BF1, 0x4BF7, 0x4C01, 0x4C07, 0x4C0D,
- 0x4C0F, 0x4C15, 0x4C1B, 0x4C21, 0x4C2D, 0x4C33, 0x4C4B, 0x4C55,
- 0x4C57, 0x4C61, 0x4C67, 0x4C73, 0x4C79, 0x4C7F, 0x4C8D, 0x4C93,
- 0x4C99, 0x4CCD, 0x4CE1, 0x4CE7, 0x4CF1, 0x4CF3, 0x4CFD, 0x4D05,
- 0x4D0F, 0x4D1B, 0x4D27, 0x4D29, 0x4D2F, 0x4D33, 0x4D41, 0x4D51,
- 0x4D59, 0x4D65, 0x4D6B, 0x4D81, 0x4D83, 0x4D8D, 0x4D95, 0x4D9B,
- 0x4DB1, 0x4DB3, 0x4DC9, 0x4DCF, 0x4DD7, 0x4DE1, 0x4DED, 0x4DF9,
- 0x4DFB, 0x4E05, 0x4E0B, 0x4E17, 0x4E19, 0x4E1D, 0x4E2B, 0x4E35,
- 0x4E37, 0x4E3D, 0x4E4F, 0x4E53, 0x4E5F, 0x4E67, 0x4E79, 0x4E85,
- 0x4E8B, 0x4E91, 0x4E95, 0x4E9B, 0x4EA1, 0x4EAF, 0x4EB3, 0x4EB5,
- 0x4EC1, 0x4ECD, 0x4ED1, 0x4ED7, 0x4EE9, 0x4EFB, 0x4F07, 0x4F09,
- 0x4F19, 0x4F25, 0x4F2D, 0x4F3F, 0x4F49, 0x4F63, 0x4F67, 0x4F6D,
- 0x4F75, 0x4F7B, 0x4F81, 0x4F85, 0x4F87, 0x4F91, 0x4FA5, 0x4FA9,
- 0x4FAF, 0x4FB7, 0x4FBB, 0x4FCF, 0x4FD9, 0x4FDB, 0x4FFD, 0x4FFF,
- 0x5003, 0x501B, 0x501D, 0x5029, 0x5035, 0x503F, 0x5045, 0x5047,
- 0x5053, 0x5071, 0x5077, 0x5083, 0x5093, 0x509F, 0x50A1, 0x50B7,
- 0x50C9, 0x50D5, 0x50E3, 0x50ED, 0x50EF, 0x50FB, 0x5107, 0x510B,
- 0x510D, 0x5111, 0x5117, 0x5123, 0x5125, 0x5135, 0x5147, 0x5149,
- 0x5171, 0x5179, 0x5189, 0x518F, 0x5197, 0x51A1, 0x51A3, 0x51A7,
- 0x51B9, 0x51C1, 0x51CB, 0x51D3, 0x51DF, 0x51E3, 0x51F5, 0x51F7,
- 0x5209, 0x5213, 0x5215, 0x5219, 0x521B, 0x521F, 0x5227, 0x5243,
- 0x5245, 0x524B, 0x5261, 0x526D, 0x5273, 0x5281, 0x5293, 0x5297,
- 0x529D, 0x52A5, 0x52AB, 0x52B1, 0x52BB, 0x52C3, 0x52C7, 0x52C9,
- 0x52DB, 0x52E5, 0x52EB, 0x52FF, 0x5315, 0x531D, 0x5323, 0x5341,
- 0x5345, 0x5347, 0x534B, 0x535D, 0x5363, 0x5381, 0x5383, 0x5387,
- 0x538F, 0x5395, 0x5399, 0x539F, 0x53AB, 0x53B9, 0x53DB, 0x53E9,
- 0x53EF, 0x53F3, 0x53F5, 0x53FB, 0x53FF, 0x540D, 0x5411, 0x5413,
- 0x5419, 0x5435, 0x5437, 0x543B, 0x5441, 0x5449, 0x5453, 0x5455,
- 0x545F, 0x5461, 0x546B, 0x546D, 0x5471, 0x548F, 0x5491, 0x549D,
- 0x54A9, 0x54B3, 0x54C5, 0x54D1, 0x54DF, 0x54E9, 0x54EB, 0x54F7,
- 0x54FD, 0x5507, 0x550D, 0x551B, 0x5527, 0x552B, 0x5539, 0x553D,
- 0x554F, 0x5551, 0x555B, 0x5563, 0x5567, 0x556F, 0x5579, 0x5585,
- 0x5597, 0x55A9, 0x55B1, 0x55B7, 0x55C9, 0x55D9, 0x55E7, 0x55ED,
- 0x55F3, 0x55FD, 0x560B, 0x560F, 0x5615, 0x5617, 0x5623, 0x562F,
- 0x5633, 0x5639, 0x563F, 0x564B, 0x564D, 0x565D, 0x565F, 0x566B,
- 0x5671, 0x5675, 0x5683, 0x5689, 0x568D, 0x568F, 0x569B, 0x56AD,
- 0x56B1, 0x56D5, 0x56E7, 0x56F3, 0x56FF, 0x5701, 0x5705, 0x5707,
- 0x570B, 0x5713, 0x571F, 0x5723, 0x5747, 0x574D, 0x575F, 0x5761,
- 0x576D, 0x5777, 0x577D, 0x5789, 0x57A1, 0x57A9, 0x57AF, 0x57B5,
- 0x57C5, 0x57D1, 0x57D3, 0x57E5, 0x57EF, 0x5803, 0x580D, 0x580F,
- 0x5815, 0x5827, 0x582B, 0x582D, 0x5855, 0x585B, 0x585D, 0x586D,
- 0x586F, 0x5873, 0x587B, 0x588D, 0x5897, 0x58A3, 0x58A9, 0x58AB,
- 0x58B5, 0x58BD, 0x58C1, 0x58C7, 0x58D3, 0x58D5, 0x58DF, 0x58F1,
- 0x58F9, 0x58FF, 0x5903, 0x5917, 0x591B, 0x5921, 0x5945, 0x594B,
- 0x594D, 0x5957, 0x595D, 0x5975, 0x597B, 0x5989, 0x5999, 0x599F,
- 0x59B1, 0x59B3, 0x59BD, 0x59D1, 0x59DB, 0x59E3, 0x59E9, 0x59ED,
- 0x59F3, 0x59F5, 0x59FF, 0x5A01, 0x5A0D, 0x5A11, 0x5A13, 0x5A17,
- 0x5A1F, 0x5A29, 0x5A2F, 0x5A3B, 0x5A4D, 0x5A5B, 0x5A67, 0x5A77,
- 0x5A7F, 0x5A85, 0x5A95, 0x5A9D, 0x5AA1, 0x5AA3, 0x5AA9, 0x5ABB,
- 0x5AD3, 0x5AE5, 0x5AEF, 0x5AFB, 0x5AFD, 0x5B01, 0x5B0F, 0x5B19,
- 0x5B1F, 0x5B25, 0x5B2B, 0x5B3D, 0x5B49, 0x5B4B, 0x5B67, 0x5B79,
- 0x5B87, 0x5B97, 0x5BA3, 0x5BB1, 0x5BC9, 0x5BD5, 0x5BEB, 0x5BF1,
- 0x5BF3, 0x5BFD, 0x5C05, 0x5C09, 0x5C0B, 0x5C0F, 0x5C1D, 0x5C29,
- 0x5C2F, 0x5C33, 0x5C39, 0x5C47, 0x5C4B, 0x5C4D, 0x5C51, 0x5C6F,
- 0x5C75, 0x5C77, 0x5C7D, 0x5C87, 0x5C89, 0x5CA7, 0x5CBD, 0x5CBF,
- 0x5CC3, 0x5CC9, 0x5CD1, 0x5CD7, 0x5CDD, 0x5CED, 0x5CF9, 0x5D05,
- 0x5D0B, 0x5D13, 0x5D17, 0x5D19, 0x5D31, 0x5D3D, 0x5D41, 0x5D47,
- 0x5D4F, 0x5D55, 0x5D5B, 0x5D65, 0x5D67, 0x5D6D, 0x5D79, 0x5D95,
- 0x5DA3, 0x5DA9, 0x5DAD, 0x5DB9, 0x5DC1, 0x5DC7, 0x5DD3, 0x5DD7,
- 0x5DDD, 0x5DEB, 0x5DF1, 0x5DFD, 0x5E07, 0x5E0D, 0x5E13, 0x5E1B,
- 0x5E21, 0x5E27, 0x5E2B, 0x5E2D, 0x5E31, 0x5E39, 0x5E45, 0x5E49,
- 0x5E57, 0x5E69, 0x5E73, 0x5E75, 0x5E85, 0x5E8B, 0x5E9F, 0x5EA5,
- 0x5EAF, 0x5EB7, 0x5EBB, 0x5ED9, 0x5EFD, 0x5F09, 0x5F11, 0x5F27,
- 0x5F33, 0x5F35, 0x5F3B, 0x5F47, 0x5F57, 0x5F5D, 0x5F63, 0x5F65,
- 0x5F77, 0x5F7B, 0x5F95, 0x5F99, 0x5FA1, 0x5FB3, 0x5FBD, 0x5FC5,
- 0x5FCF, 0x5FD5, 0x5FE3, 0x5FE7, 0x5FFB, 0x6011, 0x6023, 0x602F,
- 0x6037, 0x6053, 0x605F, 0x6065, 0x606B, 0x6073, 0x6079, 0x6085,
- 0x609D, 0x60AD, 0x60BB, 0x60BF, 0x60CD, 0x60D9, 0x60DF, 0x60E9,
- 0x60F5, 0x6109, 0x610F, 0x6113, 0x611B, 0x612D, 0x6139, 0x614B,
- 0x6155, 0x6157, 0x615B, 0x616F, 0x6179, 0x6187, 0x618B, 0x6191,
- 0x6193, 0x619D, 0x61B5, 0x61C7, 0x61C9, 0x61CD, 0x61E1, 0x61F1,
- 0x61FF, 0x6209, 0x6217, 0x621D, 0x6221, 0x6227, 0x623B, 0x6241,
- 0x624B, 0x6251, 0x6253, 0x625F, 0x6265, 0x6283, 0x628D, 0x6295,
- 0x629B, 0x629F, 0x62A5, 0x62AD, 0x62D5, 0x62D7, 0x62DB, 0x62DD,
- 0x62E9, 0x62FB, 0x62FF, 0x6305, 0x630D, 0x6317, 0x631D, 0x632F,
- 0x6341, 0x6343, 0x634F, 0x635F, 0x6367, 0x636D, 0x6371, 0x6377,
- 0x637D, 0x637F, 0x63B3, 0x63C1, 0x63C5, 0x63D9, 0x63E9, 0x63EB,
- 0x63EF, 0x63F5, 0x6401, 0x6403, 0x6409, 0x6415, 0x6421, 0x6427,
- 0x642B, 0x6439, 0x6443, 0x6449, 0x644F, 0x645D, 0x6467, 0x6475,
- 0x6485, 0x648D, 0x6493, 0x649F, 0x64A3, 0x64AB, 0x64C1, 0x64C7,
- 0x64C9, 0x64DB, 0x64F1, 0x64F7, 0x64F9, 0x650B, 0x6511, 0x6521,
- 0x652F, 0x6539, 0x653F, 0x654B, 0x654D, 0x6553, 0x6557, 0x655F,
- 0x6571, 0x657D, 0x658D, 0x658F, 0x6593, 0x65A1, 0x65A5, 0x65AD,
- 0x65B9, 0x65C5, 0x65E3, 0x65F3, 0x65FB, 0x65FF, 0x6601, 0x6607,
- 0x661D, 0x6629, 0x6631, 0x663B, 0x6641, 0x6647, 0x664D, 0x665B,
- 0x6661, 0x6673, 0x667D, 0x6689, 0x668B, 0x6695, 0x6697, 0x669B,
- 0x66B5, 0x66B9, 0x66C5, 0x66CD, 0x66D1, 0x66E3, 0x66EB, 0x66F5,
- 0x6703, 0x6713, 0x6719, 0x671F, 0x6727, 0x6731, 0x6737, 0x673F,
- 0x6745, 0x6751, 0x675B, 0x676F, 0x6779, 0x6781, 0x6785, 0x6791,
- 0x67AB, 0x67BD, 0x67C1, 0x67CD, 0x67DF, 0x67E5, 0x6803, 0x6809,
- 0x6811, 0x6817, 0x682D, 0x6839, 0x683B, 0x683F, 0x6845, 0x684B,
- 0x684D, 0x6857, 0x6859, 0x685D, 0x6863, 0x6869, 0x686B, 0x6871,
- 0x6887, 0x6899, 0x689F, 0x68B1, 0x68BD, 0x68C5, 0x68D1, 0x68D7,
- 0x68E1, 0x68ED, 0x68EF, 0x68FF, 0x6901, 0x690B, 0x690D, 0x6917,
- 0x6929, 0x692F, 0x6943, 0x6947, 0x6949, 0x694F, 0x6965, 0x696B,
- 0x6971, 0x6983, 0x6989, 0x6997, 0x69A3, 0x69B3, 0x69B5, 0x69BB,
- 0x69C1, 0x69C5, 0x69D3, 0x69DF, 0x69E3, 0x69E5, 0x69F7, 0x6A07,
- 0x6A2B, 0x6A37, 0x6A3D, 0x6A4B, 0x6A67, 0x6A69, 0x6A75, 0x6A7B,
- 0x6A87, 0x6A8D, 0x6A91, 0x6A93, 0x6AA3, 0x6AC1, 0x6AC9, 0x6AE1,
- 0x6AE7, 0x6B05, 0x6B0F, 0x6B11, 0x6B23, 0x6B27, 0x6B2D, 0x6B39,
- 0x6B41, 0x6B57, 0x6B59, 0x6B5F, 0x6B75, 0x6B87, 0x6B89, 0x6B93,
- 0x6B95, 0x6B9F, 0x6BBD, 0x6BBF, 0x6BDB, 0x6BE1, 0x6BEF, 0x6BFF,
- 0x6C05, 0x6C19, 0x6C29, 0x6C2B, 0x6C31, 0x6C35, 0x6C55, 0x6C59,
- 0x6C5B, 0x6C5F, 0x6C65, 0x6C67, 0x6C73, 0x6C77, 0x6C7D, 0x6C83,
- 0x6C8F, 0x6C91, 0x6C97, 0x6C9B, 0x6CA1, 0x6CA9, 0x6CAF, 0x6CB3,
- 0x6CC7, 0x6CCB, 0x6CEB, 0x6CF5, 0x6CFD, 0x6D0D, 0x6D0F, 0x6D25,
- 0x6D27, 0x6D2B, 0x6D31, 0x6D39, 0x6D3F, 0x6D4F, 0x6D5D, 0x6D61,
- 0x6D73, 0x6D7B, 0x6D7F, 0x6D93, 0x6D99, 0x6DA5, 0x6DB1, 0x6DB7,
- 0x6DC1, 0x6DC3, 0x6DCD, 0x6DCF, 0x6DDB, 0x6DF7, 0x6E03, 0x6E15,
- 0x6E17, 0x6E29, 0x6E33, 0x6E3B, 0x6E45, 0x6E75, 0x6E77, 0x6E7B,
- 0x6E81, 0x6E89, 0x6E93, 0x6E95, 0x6E9F, 0x6EBD, 0x6EBF, 0x6EE3,
- 0x6EE9, 0x6EF3, 0x6EF9, 0x6EFB, 0x6F0D, 0x6F11, 0x6F17, 0x6F1F,
- 0x6F2F, 0x6F3D, 0x6F4D, 0x6F53, 0x6F61, 0x6F65, 0x6F79, 0x6F7D,
- 0x6F83, 0x6F85, 0x6F8F, 0x6F9B, 0x6F9D, 0x6FA3, 0x6FAF, 0x6FB5,
- 0x6FBB, 0x6FBF, 0x6FCB, 0x6FCD, 0x6FD3, 0x6FD7, 0x6FE3, 0x6FE9,
- 0x6FF1, 0x6FF5, 0x6FF7, 0x6FFD, 0x700F, 0x7019, 0x701F, 0x7027,
- 0x7033, 0x7039, 0x704F, 0x7051, 0x7057, 0x7063, 0x7075, 0x7079,
- 0x7087, 0x708D, 0x7091, 0x70A5, 0x70AB, 0x70BB, 0x70C3, 0x70C7,
- 0x70CF, 0x70E5, 0x70ED, 0x70F9, 0x70FF, 0x7105, 0x7115, 0x7121,
- 0x7133, 0x7151, 0x7159, 0x715D, 0x715F, 0x7163, 0x7169, 0x7183,
- 0x7187, 0x7195, 0x71AD, 0x71C3, 0x71C9, 0x71CB, 0x71D1, 0x71DB,
- 0x71E1, 0x71EF, 0x71F5, 0x71FB, 0x7207, 0x7211, 0x7217, 0x7219,
- 0x7225, 0x722F, 0x723B, 0x7243, 0x7255, 0x7267, 0x7271, 0x7277,
- 0x727F, 0x728F, 0x7295, 0x729B, 0x72A3, 0x72B3, 0x72C7, 0x72CB,
- 0x72CD, 0x72D7, 0x72D9, 0x72E3, 0x72EF, 0x72F5, 0x72FD, 0x7303,
- 0x730D, 0x7321, 0x732B, 0x733D, 0x7357, 0x735B, 0x7361, 0x737F,
- 0x7381, 0x7385, 0x738D, 0x7393, 0x739F, 0x73AB, 0x73BD, 0x73C1,
- 0x73C9, 0x73DF, 0x73E5, 0x73E7, 0x73F3, 0x7415, 0x741B, 0x742D,
- 0x7439, 0x743F, 0x7441, 0x745D, 0x746B, 0x747B, 0x7489, 0x748D,
- 0x749B, 0x74A7, 0x74AB, 0x74B1, 0x74B7, 0x74B9, 0x74DD, 0x74E1,
- 0x74E7, 0x74FB, 0x7507, 0x751F, 0x7525, 0x753B, 0x753D, 0x754D,
- 0x755F, 0x756B, 0x7577, 0x7589, 0x758B, 0x7591, 0x7597, 0x759D,
- 0x75A1, 0x75A7, 0x75B5, 0x75B9, 0x75BB, 0x75D1, 0x75D9, 0x75E5,
- 0x75EB, 0x75F5, 0x75FB, 0x7603, 0x760F, 0x7621, 0x762D, 0x7633,
- 0x763D, 0x763F, 0x7655, 0x7663, 0x7669, 0x766F, 0x7673, 0x7685,
- 0x768B, 0x769F, 0x76B5, 0x76B7, 0x76C3, 0x76DB, 0x76DF, 0x76F1,
- 0x7703, 0x7705, 0x771B, 0x771D, 0x7721, 0x772D, 0x7735, 0x7741,
- 0x774B, 0x7759, 0x775D, 0x775F, 0x7771, 0x7781, 0x77A7, 0x77AD,
- 0x77B3, 0x77B9, 0x77C5, 0x77CF, 0x77D5, 0x77E1, 0x77E9, 0x77EF,
- 0x77F3, 0x77F9, 0x7807, 0x7825, 0x782B, 0x7835, 0x783D, 0x7853,
- 0x7859, 0x7861, 0x786D, 0x7877, 0x7879, 0x7883, 0x7885, 0x788B,
- 0x7895, 0x7897, 0x78A1, 0x78AD, 0x78BF, 0x78D3, 0x78D9, 0x78DD,
- 0x78E5, 0x78FB, 0x7901, 0x7907, 0x7925, 0x792B, 0x7939, 0x793F,
- 0x794B, 0x7957, 0x795D, 0x7967, 0x7969, 0x7973, 0x7991, 0x7993,
- 0x79A3, 0x79AB, 0x79AF, 0x79B1, 0x79B7, 0x79C9, 0x79CD, 0x79CF,
- 0x79D5, 0x79D9, 0x79F3, 0x79F7, 0x79FF, 0x7A05, 0x7A0F, 0x7A11,
- 0x7A15, 0x7A1B, 0x7A23, 0x7A27, 0x7A2D, 0x7A4B, 0x7A57, 0x7A59,
- 0x7A5F, 0x7A65, 0x7A69, 0x7A7D, 0x7A93, 0x7A9B, 0x7A9F, 0x7AA1,
- 0x7AA5, 0x7AED, 0x7AF5, 0x7AF9, 0x7B01, 0x7B17, 0x7B19, 0x7B1D,
- 0x7B2B, 0x7B35, 0x7B37, 0x7B3B, 0x7B4F, 0x7B55, 0x7B5F, 0x7B71,
- 0x7B77, 0x7B8B, 0x7B9B, 0x7BA1, 0x7BA9, 0x7BAF, 0x7BB3, 0x7BC7,
- 0x7BD3, 0x7BE9, 0x7BEB, 0x7BEF, 0x7BF1, 0x7BFD, 0x7C07, 0x7C19,
- 0x7C1B, 0x7C31, 0x7C37, 0x7C49, 0x7C67, 0x7C69, 0x7C73, 0x7C81,
- 0x7C8B, 0x7C93, 0x7CA3, 0x7CD5, 0x7CDB, 0x7CE5, 0x7CED, 0x7CF7,
- 0x7D03, 0x7D09, 0x7D1B, 0x7D1D, 0x7D33, 0x7D39, 0x7D3B, 0x7D3F,
- 0x7D45, 0x7D4D, 0x7D53, 0x7D59, 0x7D63, 0x7D75, 0x7D77, 0x7D8D,
- 0x7D8F, 0x7D9F, 0x7DAD, 0x7DB7, 0x7DBD, 0x7DBF, 0x7DCB, 0x7DD5,
- 0x7DE9, 0x7DED, 0x7DFB, 0x7E01, 0x7E05, 0x7E29, 0x7E2B, 0x7E2F,
- 0x7E35, 0x7E41, 0x7E43, 0x7E47, 0x7E55, 0x7E61, 0x7E67, 0x7E6B,
- 0x7E71, 0x7E73, 0x7E79, 0x7E7D, 0x7E91, 0x7E9B, 0x7E9D, 0x7EA7,
- 0x7EAD, 0x7EB9, 0x7EBB, 0x7ED3, 0x7EDF, 0x7EEB, 0x7EF1, 0x7EF7,
- 0x7EFB, 0x7F13, 0x7F15, 0x7F19, 0x7F31, 0x7F33, 0x7F39, 0x7F3D,
- 0x7F43, 0x7F4B, 0x7F5B, 0x7F61, 0x7F63, 0x7F6D, 0x7F79, 0x7F87,
- 0x7F8D, 0x7FAF, 0x7FB5, 0x7FC3, 0x7FC9, 0x7FCD, 0x7FCF, 0x7FED,
- 0x8003, 0x800B, 0x800F, 0x8015, 0x801D, 0x8021, 0x8023, 0x803F,
- 0x8041, 0x8047, 0x804B, 0x8065, 0x8077, 0x808D, 0x808F, 0x8095,
- 0x80A5, 0x80AB, 0x80AD, 0x80BD, 0x80C9, 0x80CB, 0x80D7, 0x80DB,
- 0x80E1, 0x80E7, 0x80F5, 0x80FF, 0x8105, 0x810D, 0x8119, 0x811D,
- 0x812F, 0x8131, 0x813B, 0x8143, 0x8153, 0x8159, 0x815F, 0x817D,
- 0x817F, 0x8189, 0x819B, 0x819D, 0x81A7, 0x81AF, 0x81B3, 0x81BB,
- 0x81C7, 0x81DF, 0x8207, 0x8209, 0x8215, 0x821F, 0x8225, 0x8231,
- 0x8233, 0x823F, 0x8243, 0x8245, 0x8249, 0x824F, 0x8261, 0x826F,
- 0x827B, 0x8281, 0x8285, 0x8293, 0x82B1, 0x82B5, 0x82BD, 0x82C7,
- 0x82CF, 0x82D5, 0x82DF, 0x82F1, 0x82F9, 0x82FD, 0x830B, 0x831B,
- 0x8321, 0x8329, 0x832D, 0x8333, 0x8335, 0x833F, 0x8341, 0x834D,
- 0x8351, 0x8353, 0x8357, 0x835D, 0x8365, 0x8369, 0x836F, 0x838F,
- 0x83A7, 0x83B1, 0x83B9, 0x83CB, 0x83D5, 0x83D7, 0x83DD, 0x83E7,
- 0x83E9, 0x83ED, 0x83FF, 0x8405, 0x8411, 0x8413, 0x8423, 0x8425,
- 0x843B, 0x8441, 0x8447, 0x844F, 0x8461, 0x8465, 0x8477, 0x8483,
- 0x848B, 0x8491, 0x8495, 0x84A9, 0x84AF, 0x84CD, 0x84E3, 0x84EF,
- 0x84F1, 0x84F7, 0x8509, 0x850D, 0x854B, 0x854F, 0x8551, 0x855D,
- 0x8563, 0x856D, 0x856F, 0x857B, 0x8587, 0x85A3, 0x85A5, 0x85A9,
- 0x85B7, 0x85CD, 0x85D3, 0x85D5, 0x85DB, 0x85E1, 0x85EB, 0x85F9,
- 0x85FD, 0x85FF, 0x8609, 0x860F, 0x8617, 0x8621, 0x862F, 0x8639,
- 0x863F, 0x8641, 0x864D, 0x8663, 0x8675, 0x867D, 0x8687, 0x8699,
- 0x86A5, 0x86A7, 0x86B3, 0x86B7, 0x86C3, 0x86C5, 0x86CF, 0x86D1,
- 0x86D7, 0x86E9, 0x86EF, 0x86F5, 0x8717, 0x871D, 0x871F, 0x872B,
- 0x872F, 0x8735, 0x8747, 0x8759, 0x875B, 0x876B, 0x8771, 0x8777,
- 0x877F, 0x8785, 0x878F, 0x87A1, 0x87A9, 0x87B3, 0x87BB, 0x87C5,
- 0x87C7, 0x87CB, 0x87DD, 0x87F7, 0x8803, 0x8819, 0x881B, 0x881F,
- 0x8821, 0x8837, 0x883D, 0x8843, 0x8851, 0x8861, 0x8867, 0x887B,
- 0x8885, 0x8891, 0x8893, 0x88A5, 0x88CF, 0x88D3, 0x88EB, 0x88ED,
- 0x88F3, 0x88FD, 0x8909, 0x890B, 0x8911, 0x891B, 0x8923, 0x8927,
- 0x892D, 0x8939, 0x8945, 0x894D, 0x8951, 0x8957, 0x8963, 0x8981,
- 0x8995, 0x899B, 0x89B3, 0x89B9, 0x89C3, 0x89CF, 0x89D1, 0x89DB,
- 0x89EF, 0x89F5, 0x89FB, 0x89FF, 0x8A0B, 0x8A19, 0x8A23, 0x8A35,
- 0x8A41, 0x8A49, 0x8A4F, 0x8A5B, 0x8A5F, 0x8A6D, 0x8A77, 0x8A79,
- 0x8A85, 0x8AA3, 0x8AB3, 0x8AB5, 0x8AC1, 0x8AC7, 0x8ACB, 0x8ACD,
- 0x8AD1, 0x8AD7, 0x8AF1, 0x8AF5, 0x8B07, 0x8B09, 0x8B0D, 0x8B13,
- 0x8B21, 0x8B57, 0x8B5D, 0x8B91, 0x8B93, 0x8BA3, 0x8BA9, 0x8BAF,
- 0x8BBB, 0x8BD5, 0x8BD9, 0x8BDB, 0x8BE1, 0x8BF7, 0x8BFD, 0x8BFF,
- 0x8C0B, 0x8C17, 0x8C1D, 0x8C27, 0x8C39, 0x8C3B, 0x8C47, 0x8C53,
- 0x8C5D, 0x8C6F, 0x8C7B, 0x8C81, 0x8C89, 0x8C8F, 0x8C99, 0x8C9F,
- 0x8CA7, 0x8CAB, 0x8CAD, 0x8CB1, 0x8CC5, 0x8CDD, 0x8CE3, 0x8CE9,
- 0x8CF3, 0x8D01, 0x8D0B, 0x8D0D, 0x8D23, 0x8D29, 0x8D37, 0x8D41,
- 0x8D5B, 0x8D5F, 0x8D71, 0x8D79, 0x8D85, 0x8D91, 0x8D9B, 0x8DA7,
- 0x8DAD, 0x8DB5, 0x8DC5, 0x8DCB, 0x8DD3, 0x8DD9, 0x8DDF, 0x8DF5,
- 0x8DF7, 0x8E01, 0x8E15, 0x8E1F, 0x8E25, 0x8E51, 0x8E63, 0x8E69,
- 0x8E73, 0x8E75, 0x8E79, 0x8E7F, 0x8E8D, 0x8E91, 0x8EAB, 0x8EAF,
- 0x8EB1, 0x8EBD, 0x8EC7, 0x8ECF, 0x8ED3, 0x8EDB, 0x8EE7, 0x8EEB,
- 0x8EF7, 0x8EFF, 0x8F15, 0x8F1D, 0x8F23, 0x8F2D, 0x8F3F, 0x8F45,
- 0x8F4B, 0x8F53, 0x8F59, 0x8F65, 0x8F69, 0x8F71, 0x8F83, 0x8F8D,
- 0x8F99, 0x8F9F, 0x8FAB, 0x8FAD, 0x8FB3, 0x8FB7, 0x8FB9, 0x8FC9,
- 0x8FD5, 0x8FE1, 0x8FEF, 0x8FF9, 0x9007, 0x900D, 0x9017, 0x9023,
- 0x9025, 0x9031, 0x9037, 0x903B, 0x9041, 0x9043, 0x904F, 0x9053,
- 0x906D, 0x9073, 0x9085, 0x908B, 0x9095, 0x909B, 0x909D, 0x90AF,
- 0x90B9, 0x90C1, 0x90C5, 0x90DF, 0x90E9, 0x90FD, 0x9103, 0x9113,
- 0x9127, 0x9133, 0x913D, 0x9145, 0x914F, 0x9151, 0x9161, 0x9167,
- 0x917B, 0x9185, 0x9199, 0x919D, 0x91BB, 0x91BD, 0x91C1, 0x91C9,
- 0x91D9, 0x91DB, 0x91ED, 0x91F1, 0x91F3, 0x91F9, 0x9203, 0x9215,
- 0x9221, 0x922F, 0x9241, 0x9247, 0x9257, 0x926B, 0x9271, 0x9275,
- 0x927D, 0x9283, 0x9287, 0x928D, 0x9299, 0x92A1, 0x92AB, 0x92AD,
- 0x92B9, 0x92BF, 0x92C3, 0x92C5, 0x92CB, 0x92D5, 0x92D7, 0x92E7,
- 0x92F3, 0x9301, 0x930B, 0x9311, 0x9319, 0x931F, 0x933B, 0x933D,
- 0x9343, 0x9355, 0x9373, 0x9395, 0x9397, 0x93A7, 0x93B3, 0x93B5,
- 0x93C7, 0x93D7, 0x93DD, 0x93E5, 0x93EF, 0x93F7, 0x9401, 0x9409,
- 0x9413, 0x943F, 0x9445, 0x944B, 0x944F, 0x9463, 0x9467, 0x9469,
- 0x946D, 0x947B, 0x9497, 0x949F, 0x94A5, 0x94B5, 0x94C3, 0x94E1,
- 0x94E7, 0x9505, 0x9509, 0x9517, 0x9521, 0x9527, 0x952D, 0x9535,
- 0x9539, 0x954B, 0x9557, 0x955D, 0x955F, 0x9575, 0x9581, 0x9589,
- 0x958F, 0x959B, 0x959F, 0x95AD, 0x95B1, 0x95B7, 0x95B9, 0x95BD,
- 0x95CF, 0x95E3, 0x95E9, 0x95F9, 0x961F, 0x962F, 0x9631, 0x9635,
- 0x963B, 0x963D, 0x9665, 0x968F, 0x969D, 0x96A1, 0x96A7, 0x96A9,
- 0x96C1, 0x96CB, 0x96D1, 0x96D3, 0x96E5, 0x96EF, 0x96FB, 0x96FD,
- 0x970D, 0x970F, 0x9715, 0x9725, 0x972B, 0x9733, 0x9737, 0x9739,
- 0x9743, 0x9749, 0x9751, 0x975B, 0x975D, 0x976F, 0x977F, 0x9787,
- 0x9793, 0x97A5, 0x97B1, 0x97B7, 0x97C3, 0x97CD, 0x97D3, 0x97D9,
- 0x97EB, 0x97F7, 0x9805, 0x9809, 0x980B, 0x9815, 0x9829, 0x982F,
- 0x983B, 0x9841, 0x9851, 0x986B, 0x986F, 0x9881, 0x9883, 0x9887,
- 0x98A7, 0x98B1, 0x98B9, 0x98BF, 0x98C3, 0x98C9, 0x98CF, 0x98DD,
- 0x98E3, 0x98F5, 0x98F9, 0x98FB, 0x990D, 0x9917, 0x991F, 0x9929,
- 0x9931, 0x993B, 0x993D, 0x9941, 0x9947, 0x9949, 0x9953, 0x997D,
- 0x9985, 0x9991, 0x9995, 0x999B, 0x99AD, 0x99AF, 0x99BF, 0x99C7,
- 0x99CB, 0x99CD, 0x99D7, 0x99E5, 0x99F1, 0x99FB, 0x9A0F, 0x9A13,
- 0x9A1B, 0x9A25, 0x9A4B, 0x9A4F, 0x9A55, 0x9A57, 0x9A61, 0x9A75,
- 0x9A7F, 0x9A8B, 0x9A91, 0x9A9D, 0x9AB7, 0x9AC3, 0x9AC7, 0x9ACF,
- 0x9AEB, 0x9AF3, 0x9AF7, 0x9AFF, 0x9B17, 0x9B1D, 0x9B27, 0x9B2F,
- 0x9B35, 0x9B45, 0x9B51, 0x9B59, 0x9B63, 0x9B6F, 0x9B77, 0x9B8D,
- 0x9B93, 0x9B95, 0x9B9F, 0x9BA1, 0x9BA7, 0x9BB1, 0x9BB7, 0x9BBD,
- 0x9BC5, 0x9BCB, 0x9BCF, 0x9BDD, 0x9BF9, 0x9C01, 0x9C11, 0x9C23,
- 0x9C2B, 0x9C2F, 0x9C35, 0x9C49, 0x9C4D, 0x9C5F, 0x9C65, 0x9C67,
- 0x9C7F, 0x9C97, 0x9C9D, 0x9CA3, 0x9CAF, 0x9CBB, 0x9CBF, 0x9CC1,
- 0x9CD7, 0x9CD9, 0x9CE3, 0x9CE9, 0x9CF1, 0x9CFD, 0x9D01, 0x9D15,
- 0x9D27, 0x9D2D, 0x9D31, 0x9D3D, 0x9D55, 0x9D5B, 0x9D61, 0x9D97,
- 0x9D9F, 0x9DA5, 0x9DA9, 0x9DC3, 0x9DE7, 0x9DEB, 0x9DED, 0x9DF1,
- 0x9E0B, 0x9E17, 0x9E23, 0x9E27, 0x9E2D, 0x9E33, 0x9E3B, 0x9E47,
- 0x9E51, 0x9E53, 0x9E5F, 0x9E6F, 0x9E81, 0x9E87, 0x9E8F, 0x9E95,
- 0x9EA1, 0x9EB3, 0x9EBD, 0x9EBF, 0x9EF5, 0x9EF9, 0x9EFB, 0x9F05,
- 0x9F23, 0x9F2F, 0x9F37, 0x9F3B, 0x9F43, 0x9F53, 0x9F61, 0x9F6D,
- 0x9F73, 0x9F77, 0x9F7D, 0x9F89, 0x9F8F, 0x9F91, 0x9F95, 0x9FA3,
- 0x9FAF, 0x9FB3, 0x9FC1, 0x9FC7, 0x9FDF, 0x9FE5, 0x9FEB, 0x9FF5,
- 0xA001, 0xA00D, 0xA021, 0xA033, 0xA039, 0xA03F, 0xA04F, 0xA057,
- 0xA05B, 0xA061, 0xA075, 0xA079, 0xA099, 0xA09D, 0xA0AB, 0xA0B5,
- 0xA0B7, 0xA0BD, 0xA0C9, 0xA0D9, 0xA0DB, 0xA0DF, 0xA0E5, 0xA0F1,
- 0xA0F3, 0xA0FD, 0xA105, 0xA10B, 0xA10F, 0xA111, 0xA11B, 0xA129,
- 0xA12F, 0xA135, 0xA141, 0xA153, 0xA175, 0xA17D, 0xA187, 0xA18D,
- 0xA1A5, 0xA1AB, 0xA1AD, 0xA1B7, 0xA1C3, 0xA1C5, 0xA1E3, 0xA1ED,
- 0xA1FB, 0xA207, 0xA213, 0xA223, 0xA229, 0xA22F, 0xA231, 0xA243,
- 0xA247, 0xA24D, 0xA26B, 0xA279, 0xA27D, 0xA283, 0xA289, 0xA28B,
- 0xA291, 0xA295, 0xA29B, 0xA2A9, 0xA2AF, 0xA2B3, 0xA2BB, 0xA2C5,
- 0xA2D1, 0xA2D7, 0xA2F7, 0xA301, 0xA309, 0xA31F, 0xA321, 0xA32B,
- 0xA331, 0xA349, 0xA351, 0xA355, 0xA373, 0xA379, 0xA37B, 0xA387,
- 0xA397, 0xA39F, 0xA3A5, 0xA3A9, 0xA3AF, 0xA3B7, 0xA3C7, 0xA3D5,
- 0xA3DB, 0xA3E1, 0xA3E5, 0xA3E7, 0xA3F1, 0xA3FD, 0xA3FF, 0xA40F,
- 0xA41D, 0xA421, 0xA423, 0xA427, 0xA43B, 0xA44D, 0xA457, 0xA459,
- 0xA463, 0xA469, 0xA475, 0xA493, 0xA49B, 0xA4AD, 0xA4B9, 0xA4C3,
- 0xA4C5, 0xA4CB, 0xA4D1, 0xA4D5, 0xA4E1, 0xA4ED, 0xA4EF, 0xA4F3,
- 0xA4FF, 0xA511, 0xA529, 0xA52B, 0xA535, 0xA53B, 0xA543, 0xA553,
- 0xA55B, 0xA561, 0xA56D, 0xA577, 0xA585, 0xA58B, 0xA597, 0xA59D,
- 0xA5A3, 0xA5A7, 0xA5A9, 0xA5C1, 0xA5C5, 0xA5CB, 0xA5D3, 0xA5D9,
- 0xA5DD, 0xA5DF, 0xA5E3, 0xA5E9, 0xA5F7, 0xA5FB, 0xA603, 0xA60D,
- 0xA625, 0xA63D, 0xA649, 0xA64B, 0xA651, 0xA65D, 0xA673, 0xA691,
- 0xA693, 0xA699, 0xA6AB, 0xA6B5, 0xA6BB, 0xA6C1, 0xA6C9, 0xA6CD,
- 0xA6CF, 0xA6D5, 0xA6DF, 0xA6E7, 0xA6F1, 0xA6F7, 0xA6FF, 0xA70F,
- 0xA715, 0xA723, 0xA729, 0xA72D, 0xA745, 0xA74D, 0xA757, 0xA759,
- 0xA765, 0xA76B, 0xA76F, 0xA793, 0xA795, 0xA7AB, 0xA7B1, 0xA7B9,
- 0xA7BF, 0xA7C9, 0xA7D1, 0xA7D7, 0xA7E3, 0xA7ED, 0xA7FB, 0xA805,
- 0xA80B, 0xA81D, 0xA829, 0xA82B, 0xA837, 0xA83B, 0xA855, 0xA85F,
- 0xA86D, 0xA87D, 0xA88F, 0xA897, 0xA8A9, 0xA8B5, 0xA8C1, 0xA8C7,
- 0xA8D7, 0xA8E5, 0xA8FD, 0xA907, 0xA913, 0xA91B, 0xA931, 0xA937,
- 0xA939, 0xA943, 0xA97F, 0xA985, 0xA987, 0xA98B, 0xA993, 0xA9A3,
- 0xA9B1, 0xA9BB, 0xA9C1, 0xA9D9, 0xA9DF, 0xA9EB, 0xA9FD, 0xAA15,
- 0xAA17, 0xAA35, 0xAA39, 0xAA3B, 0xAA47, 0xAA4D, 0xAA57, 0xAA59,
- 0xAA5D, 0xAA6B, 0xAA71, 0xAA81, 0xAA83, 0xAA8D, 0xAA95, 0xAAAB,
- 0xAABF, 0xAAC5, 0xAAC9, 0xAAE9, 0xAAEF, 0xAB01, 0xAB05, 0xAB07,
- 0xAB0B, 0xAB0D, 0xAB11, 0xAB19, 0xAB4D, 0xAB5B, 0xAB71, 0xAB73,
- 0xAB89, 0xAB9D, 0xABA7, 0xABAF, 0xABB9, 0xABBB, 0xABC1, 0xABC5,
- 0xABD3, 0xABD7, 0xABDD, 0xABF1, 0xABF5, 0xABFB, 0xABFD, 0xAC09,
- 0xAC15, 0xAC1B, 0xAC27, 0xAC37, 0xAC39, 0xAC45, 0xAC4F, 0xAC57,
- 0xAC5B, 0xAC61, 0xAC63, 0xAC7F, 0xAC8B, 0xAC93, 0xAC9D, 0xACA9,
- 0xACAB, 0xACAF, 0xACBD, 0xACD9, 0xACE1, 0xACE7, 0xACEB, 0xACED,
- 0xACF1, 0xACF7, 0xACF9, 0xAD05, 0xAD3F, 0xAD45, 0xAD53, 0xAD5D,
- 0xAD5F, 0xAD65, 0xAD81, 0xADA1, 0xADA5, 0xADC3, 0xADCB, 0xADD1,
- 0xADD5, 0xADDB, 0xADE7, 0xADF3, 0xADF5, 0xADF9, 0xADFF, 0xAE05,
- 0xAE13, 0xAE23, 0xAE2B, 0xAE49, 0xAE4D, 0xAE4F, 0xAE59, 0xAE61,
- 0xAE67, 0xAE6B, 0xAE71, 0xAE8B, 0xAE8F, 0xAE9B, 0xAE9D, 0xAEA7,
- 0xAEB9, 0xAEC5, 0xAED1, 0xAEE3, 0xAEE5, 0xAEE9, 0xAEF5, 0xAEFD,
- 0xAF09, 0xAF13, 0xAF27, 0xAF2B, 0xAF33, 0xAF43, 0xAF4F, 0xAF57,
- 0xAF5D, 0xAF6D, 0xAF75, 0xAF7F, 0xAF8B, 0xAF99, 0xAF9F, 0xAFA3,
- 0xAFAB, 0xAFB7, 0xAFBB, 0xAFCF, 0xAFD5, 0xAFFD, 0xB005, 0xB015,
- 0xB01B, 0xB03F, 0xB041, 0xB047, 0xB04B, 0xB051, 0xB053, 0xB069,
- 0xB07B, 0xB07D, 0xB087, 0xB08D, 0xB0B1, 0xB0BF, 0xB0CB, 0xB0CF,
- 0xB0E1, 0xB0E9, 0xB0ED, 0xB0FB, 0xB105, 0xB107, 0xB111, 0xB119,
- 0xB11D, 0xB11F, 0xB131, 0xB141, 0xB14D, 0xB15B, 0xB165, 0xB173,
- 0xB179, 0xB17F, 0xB1A9, 0xB1B3, 0xB1B9, 0xB1BF, 0xB1D3, 0xB1DD,
- 0xB1E5, 0xB1F1, 0xB1F5, 0xB201, 0xB213, 0xB215, 0xB21F, 0xB22D,
- 0xB23F, 0xB249, 0xB25B, 0xB263, 0xB269, 0xB26D, 0xB27B, 0xB281,
- 0xB28B, 0xB2A9, 0xB2B7, 0xB2BD, 0xB2C3, 0xB2C7, 0xB2D3, 0xB2F9,
- 0xB2FD, 0xB2FF, 0xB303, 0xB309, 0xB311, 0xB31D, 0xB327, 0xB32D,
- 0xB33F, 0xB345, 0xB377, 0xB37D, 0xB381, 0xB387, 0xB393, 0xB39B,
- 0xB3A5, 0xB3C5, 0xB3CB, 0xB3E1, 0xB3E3, 0xB3ED, 0xB3F9, 0xB40B,
- 0xB40D, 0xB413, 0xB417, 0xB435, 0xB43D, 0xB443, 0xB449, 0xB45B,
- 0xB465, 0xB467, 0xB46B, 0xB477, 0xB48B, 0xB495, 0xB49D, 0xB4B5,
- 0xB4BF, 0xB4C1, 0xB4C7, 0xB4DD, 0xB4E3, 0xB4E5, 0xB4F7, 0xB501,
- 0xB50D, 0xB50F, 0xB52D, 0xB53F, 0xB54B, 0xB567, 0xB569, 0xB56F,
- 0xB573, 0xB579, 0xB587, 0xB58D, 0xB599, 0xB5A3, 0xB5AB, 0xB5AF,
- 0xB5BB, 0xB5D5, 0xB5DF, 0xB5E7, 0xB5ED, 0xB5FD, 0xB5FF, 0xB609,
- 0xB61B, 0xB629, 0xB62F, 0xB633, 0xB639, 0xB647, 0xB657, 0xB659,
- 0xB65F, 0xB663, 0xB66F, 0xB683, 0xB687, 0xB69B, 0xB69F, 0xB6A5,
- 0xB6B1, 0xB6B3, 0xB6D7, 0xB6DB, 0xB6E1, 0xB6E3, 0xB6ED, 0xB6EF,
- 0xB705, 0xB70D, 0xB713, 0xB71D, 0xB729, 0xB735, 0xB747, 0xB755,
- 0xB76D, 0xB791, 0xB795, 0xB7A9, 0xB7C1, 0xB7CB, 0xB7D1, 0xB7D3,
- 0xB7EF, 0xB7F5, 0xB807, 0xB80F, 0xB813, 0xB819, 0xB821, 0xB827,
- 0xB82B, 0xB82D, 0xB839, 0xB855, 0xB867, 0xB875, 0xB885, 0xB893,
- 0xB8A5, 0xB8AF, 0xB8B7, 0xB8BD, 0xB8C1, 0xB8C7, 0xB8CD, 0xB8D5,
- 0xB8EB, 0xB8F7, 0xB8F9, 0xB903, 0xB915, 0xB91B, 0xB91D, 0xB92F,
- 0xB939, 0xB93B, 0xB947, 0xB951, 0xB963, 0xB983, 0xB989, 0xB98D,
- 0xB993, 0xB999, 0xB9A1, 0xB9A7, 0xB9AD, 0xB9B7, 0xB9CB, 0xB9D1,
- 0xB9DD, 0xB9E7, 0xB9EF, 0xB9F9, 0xBA07, 0xBA0D, 0xBA17, 0xBA25,
- 0xBA29, 0xBA2B, 0xBA41, 0xBA53, 0xBA55, 0xBA5F, 0xBA61, 0xBA65,
- 0xBA79, 0xBA7D, 0xBA7F, 0xBAA1, 0xBAA3, 0xBAAF, 0xBAB5, 0xBABF,
- 0xBAC1, 0xBACB, 0xBADD, 0xBAE3, 0xBAF1, 0xBAFD, 0xBB09, 0xBB1F,
- 0xBB27, 0xBB2D, 0xBB3D, 0xBB43, 0xBB4B, 0xBB4F, 0xBB5B, 0xBB61,
- 0xBB69, 0xBB6D, 0xBB91, 0xBB97, 0xBB9D, 0xBBB1, 0xBBC9, 0xBBCF,
- 0xBBDB, 0xBBED, 0xBBF7, 0xBBF9, 0xBC03, 0xBC1D, 0xBC23, 0xBC33,
- 0xBC3B, 0xBC41, 0xBC45, 0xBC5D, 0xBC6F, 0xBC77, 0xBC83, 0xBC8F,
- 0xBC99, 0xBCAB, 0xBCB7, 0xBCB9, 0xBCD1, 0xBCD5, 0xBCE1, 0xBCF3,
- 0xBCFF, 0xBD0D, 0xBD17, 0xBD19, 0xBD1D, 0xBD35, 0xBD41, 0xBD4F,
- 0xBD59, 0xBD5F, 0xBD61, 0xBD67, 0xBD6B, 0xBD71, 0xBD8B, 0xBD8F,
- 0xBD95, 0xBD9B, 0xBD9D, 0xBDB3, 0xBDBB, 0xBDCD, 0xBDD1, 0xBDE3,
- 0xBDEB, 0xBDEF, 0xBE07, 0xBE09, 0xBE15, 0xBE21, 0xBE25, 0xBE27,
- 0xBE5B, 0xBE5D, 0xBE6F, 0xBE75, 0xBE79, 0xBE7F, 0xBE8B, 0xBE8D,
- 0xBE93, 0xBE9F, 0xBEA9, 0xBEB1, 0xBEB5, 0xBEB7, 0xBECF, 0xBED9,
- 0xBEDB, 0xBEE5, 0xBEE7, 0xBEF3, 0xBEF9, 0xBF0B, 0xBF33, 0xBF39,
- 0xBF4D, 0xBF5D, 0xBF5F, 0xBF6B, 0xBF71, 0xBF7B, 0xBF87, 0xBF89,
- 0xBF8D, 0xBF93, 0xBFA1, 0xBFAD, 0xBFB9, 0xBFCF, 0xBFD5, 0xBFDD,
- 0xBFE1, 0xBFE3, 0xBFF3, 0xC005, 0xC011, 0xC013, 0xC019, 0xC029,
- 0xC02F, 0xC031, 0xC037, 0xC03B, 0xC047, 0xC065, 0xC06D, 0xC07D,
- 0xC07F, 0xC091, 0xC09B, 0xC0B3, 0xC0B5, 0xC0BB, 0xC0D3, 0xC0D7,
- 0xC0D9, 0xC0EF, 0xC0F1, 0xC101, 0xC103, 0xC109, 0xC115, 0xC119,
- 0xC12B, 0xC133, 0xC137, 0xC145, 0xC149, 0xC15B, 0xC173, 0xC179,
- 0xC17B, 0xC181, 0xC18B, 0xC18D, 0xC197, 0xC1BD, 0xC1C3, 0xC1CD,
- 0xC1DB, 0xC1E1, 0xC1E7, 0xC1FF, 0xC203, 0xC205, 0xC211, 0xC221,
- 0xC22F, 0xC23F, 0xC24B, 0xC24D, 0xC253, 0xC25D, 0xC277, 0xC27B,
- 0xC27D, 0xC289, 0xC28F, 0xC293, 0xC29F, 0xC2A7, 0xC2B3, 0xC2BD,
- 0xC2CF, 0xC2D5, 0xC2E3, 0xC2FF, 0xC301, 0xC307, 0xC311, 0xC313,
- 0xC317, 0xC325, 0xC347, 0xC349, 0xC34F, 0xC365, 0xC367, 0xC371,
- 0xC37F, 0xC383, 0xC385, 0xC395, 0xC39D, 0xC3A7, 0xC3AD, 0xC3B5,
- 0xC3BF, 0xC3C7, 0xC3CB, 0xC3D1, 0xC3D3, 0xC3E3, 0xC3E9, 0xC3EF,
- 0xC401, 0xC41F, 0xC42D, 0xC433, 0xC437, 0xC455, 0xC457, 0xC461,
- 0xC46F, 0xC473, 0xC487, 0xC491, 0xC499, 0xC49D, 0xC4A5, 0xC4B7,
- 0xC4BB, 0xC4C9, 0xC4CF, 0xC4D3, 0xC4EB, 0xC4F1, 0xC4F7, 0xC509,
- 0xC51B, 0xC51D, 0xC541, 0xC547, 0xC551, 0xC55F, 0xC56B, 0xC56F,
- 0xC575, 0xC577, 0xC595, 0xC59B, 0xC59F, 0xC5A1, 0xC5A7, 0xC5C3,
- 0xC5D7, 0xC5DB, 0xC5EF, 0xC5FB, 0xC613, 0xC623, 0xC635, 0xC641,
- 0xC64F, 0xC655, 0xC659, 0xC665, 0xC685, 0xC691, 0xC697, 0xC6A1,
- 0xC6A9, 0xC6B3, 0xC6B9, 0xC6CB, 0xC6CD, 0xC6DD, 0xC6EB, 0xC6F1,
- 0xC707, 0xC70D, 0xC719, 0xC71B, 0xC72D, 0xC731, 0xC739, 0xC757,
- 0xC763, 0xC767, 0xC773, 0xC775, 0xC77F, 0xC7A5, 0xC7BB, 0xC7BD,
- 0xC7C1, 0xC7CF, 0xC7D5, 0xC7E1, 0xC7F9, 0xC7FD, 0xC7FF, 0xC803,
- 0xC811, 0xC81D, 0xC827, 0xC829, 0xC839, 0xC83F, 0xC853, 0xC857,
- 0xC86B, 0xC881, 0xC88D, 0xC88F, 0xC893, 0xC895, 0xC8A1, 0xC8B7,
- 0xC8CF, 0xC8D5, 0xC8DB, 0xC8DD, 0xC8E3, 0xC8E7, 0xC8ED, 0xC8EF,
- 0xC8F9, 0xC905, 0xC911, 0xC917, 0xC919, 0xC91F, 0xC92F, 0xC937,
- 0xC93D, 0xC941, 0xC953, 0xC95F, 0xC96B, 0xC979, 0xC97D, 0xC989,
- 0xC98F, 0xC997, 0xC99D, 0xC9AF, 0xC9B5, 0xC9BF, 0xC9CB, 0xC9D9,
- 0xC9DF, 0xC9E3, 0xC9EB, 0xCA01, 0xCA07, 0xCA09, 0xCA25, 0xCA37,
- 0xCA39, 0xCA4B, 0xCA55, 0xCA5B, 0xCA69, 0xCA73, 0xCA75, 0xCA7F,
- 0xCA8D, 0xCA93, 0xCA9D, 0xCA9F, 0xCAB5, 0xCABB, 0xCAC3, 0xCAC9,
- 0xCAD9, 0xCAE5, 0xCAED, 0xCB03, 0xCB05, 0xCB09, 0xCB17, 0xCB29,
- 0xCB35, 0xCB3B, 0xCB53, 0xCB59, 0xCB63, 0xCB65, 0xCB71, 0xCB87,
- 0xCB99, 0xCB9F, 0xCBB3, 0xCBB9, 0xCBC3, 0xCBD1, 0xCBD5, 0xCBD7,
- 0xCBDD, 0xCBE9, 0xCBFF, 0xCC0D, 0xCC19, 0xCC1D, 0xCC23, 0xCC2B,
- 0xCC41, 0xCC43, 0xCC4D, 0xCC59, 0xCC61, 0xCC89, 0xCC8B, 0xCC91,
- 0xCC9B, 0xCCA3, 0xCCA7, 0xCCD1, 0xCCE5, 0xCCE9, 0xCD09, 0xCD15,
- 0xCD1F, 0xCD25, 0xCD31, 0xCD3D, 0xCD3F, 0xCD49, 0xCD51, 0xCD57,
- 0xCD5B, 0xCD63, 0xCD67, 0xCD81, 0xCD93, 0xCD97, 0xCD9F, 0xCDBB,
- 0xCDC1, 0xCDD3, 0xCDD9, 0xCDE5, 0xCDE7, 0xCDF1, 0xCDF7, 0xCDFD,
- 0xCE0B, 0xCE15, 0xCE21, 0xCE2F, 0xCE47, 0xCE4D, 0xCE51, 0xCE65,
- 0xCE7B, 0xCE7D, 0xCE8F, 0xCE93, 0xCE99, 0xCEA5, 0xCEA7, 0xCEB7,
- 0xCEC9, 0xCED7, 0xCEDD, 0xCEE3, 0xCEE7, 0xCEED, 0xCEF5, 0xCF07,
- 0xCF0B, 0xCF19, 0xCF37, 0xCF3B, 0xCF4D, 0xCF55, 0xCF5F, 0xCF61,
- 0xCF65, 0xCF6D, 0xCF79, 0xCF7D, 0xCF89, 0xCF9B, 0xCF9D, 0xCFA9,
- 0xCFB3, 0xCFB5, 0xCFC5, 0xCFCD, 0xCFD1, 0xCFEF, 0xCFF1, 0xCFF7,
- 0xD013, 0xD015, 0xD01F, 0xD021, 0xD033, 0xD03D, 0xD04B, 0xD04F,
- 0xD069, 0xD06F, 0xD081, 0xD085, 0xD099, 0xD09F, 0xD0A3, 0xD0AB,
- 0xD0BD, 0xD0C1, 0xD0CD, 0xD0E7, 0xD0FF, 0xD103, 0xD117, 0xD12D,
- 0xD12F, 0xD141, 0xD157, 0xD159, 0xD15D, 0xD169, 0xD16B, 0xD171,
- 0xD177, 0xD17D, 0xD181, 0xD187, 0xD195, 0xD199, 0xD1B1, 0xD1BD,
- 0xD1C3, 0xD1D5, 0xD1D7, 0xD1E3, 0xD1FF, 0xD20D, 0xD211, 0xD217,
- 0xD21F, 0xD235, 0xD23B, 0xD247, 0xD259, 0xD261, 0xD265, 0xD279,
- 0xD27F, 0xD283, 0xD289, 0xD28B, 0xD29D, 0xD2A3, 0xD2A7, 0xD2B3,
- 0xD2BF, 0xD2C7, 0xD2E3, 0xD2E9, 0xD2F1, 0xD2FB, 0xD2FD, 0xD315,
- 0xD321, 0xD32B, 0xD343, 0xD34B, 0xD355, 0xD369, 0xD375, 0xD37B,
- 0xD387, 0xD393, 0xD397, 0xD3A5, 0xD3B1, 0xD3C9, 0xD3EB, 0xD3FD,
- 0xD405, 0xD40F, 0xD415, 0xD427, 0xD42F, 0xD433, 0xD43B, 0xD44B,
- 0xD459, 0xD45F, 0xD463, 0xD469, 0xD481, 0xD483, 0xD489, 0xD48D,
- 0xD493, 0xD495, 0xD4A5, 0xD4AB, 0xD4B1, 0xD4C5, 0xD4DD, 0xD4E1,
- 0xD4E3, 0xD4E7, 0xD4F5, 0xD4F9, 0xD50B, 0xD50D, 0xD513, 0xD51F,
- 0xD523, 0xD531, 0xD535, 0xD537, 0xD549, 0xD559, 0xD55F, 0xD565,
- 0xD567, 0xD577, 0xD58B, 0xD591, 0xD597, 0xD5B5, 0xD5B9, 0xD5C1,
- 0xD5C7, 0xD5DF, 0xD5EF, 0xD5F5, 0xD5FB, 0xD603, 0xD60F, 0xD62D,
- 0xD631, 0xD643, 0xD655, 0xD65D, 0xD661, 0xD67B, 0xD685, 0xD687,
- 0xD69D, 0xD6A5, 0xD6AF, 0xD6BD, 0xD6C3, 0xD6C7, 0xD6D9, 0xD6E1,
- 0xD6ED, 0xD709, 0xD70B, 0xD711, 0xD715, 0xD721, 0xD727, 0xD73F,
- 0xD745, 0xD74D, 0xD757, 0xD76B, 0xD77B, 0xD783, 0xD7A1, 0xD7A7,
- 0xD7AD, 0xD7B1, 0xD7B3, 0xD7BD, 0xD7CB, 0xD7D1, 0xD7DB, 0xD7FB,
- 0xD811, 0xD823, 0xD825, 0xD829, 0xD82B, 0xD82F, 0xD837, 0xD84D,
- 0xD855, 0xD867, 0xD873, 0xD88F, 0xD891, 0xD8A1, 0xD8AD, 0xD8BF,
- 0xD8CD, 0xD8D7, 0xD8E9, 0xD8F5, 0xD8FB, 0xD91B, 0xD925, 0xD933,
- 0xD939, 0xD943, 0xD945, 0xD94F, 0xD951, 0xD957, 0xD96D, 0xD96F,
- 0xD973, 0xD979, 0xD981, 0xD98B, 0xD991, 0xD99F, 0xD9A5, 0xD9A9,
- 0xD9B5, 0xD9D3, 0xD9EB, 0xD9F1, 0xD9F7, 0xD9FF, 0xDA05, 0xDA09,
- 0xDA0B, 0xDA0F, 0xDA15, 0xDA1D, 0xDA23, 0xDA29, 0xDA3F, 0xDA51,
- 0xDA59, 0xDA5D, 0xDA5F, 0xDA71, 0xDA77, 0xDA7B, 0xDA7D, 0xDA8D,
- 0xDA9F, 0xDAB3, 0xDABD, 0xDAC3, 0xDAC9, 0xDAE7, 0xDAE9, 0xDAF5,
- 0xDB11, 0xDB17, 0xDB1D, 0xDB23, 0xDB25, 0xDB31, 0xDB3B, 0xDB43,
- 0xDB55, 0xDB67, 0xDB6B, 0xDB73, 0xDB85, 0xDB8F, 0xDB91, 0xDBAD,
- 0xDBAF, 0xDBB9, 0xDBC7, 0xDBCB, 0xDBCD, 0xDBEB, 0xDBF7, 0xDC0D,
- 0xDC27, 0xDC31, 0xDC39, 0xDC3F, 0xDC49, 0xDC51, 0xDC61, 0xDC6F,
- 0xDC75, 0xDC7B, 0xDC85, 0xDC93, 0xDC99, 0xDC9D, 0xDC9F, 0xDCA9,
- 0xDCB5, 0xDCB7, 0xDCBD, 0xDCC7, 0xDCCF, 0xDCD3, 0xDCD5, 0xDCDF,
- 0xDCF9, 0xDD0F, 0xDD15, 0xDD17, 0xDD23, 0xDD35, 0xDD39, 0xDD53,
- 0xDD57, 0xDD5F, 0xDD69, 0xDD6F, 0xDD7D, 0xDD87, 0xDD89, 0xDD9B,
- 0xDDA1, 0xDDAB, 0xDDBF, 0xDDC5, 0xDDCB, 0xDDCF, 0xDDE7, 0xDDE9,
- 0xDDED, 0xDDF5, 0xDDFB, 0xDE0B, 0xDE19, 0xDE29, 0xDE3B, 0xDE3D,
- 0xDE41, 0xDE4D, 0xDE4F, 0xDE59, 0xDE5B, 0xDE61, 0xDE6D, 0xDE77,
- 0xDE7D, 0xDE83, 0xDE97, 0xDE9D, 0xDEA1, 0xDEA7, 0xDECD, 0xDED1,
- 0xDED7, 0xDEE3, 0xDEF1, 0xDEF5, 0xDF01, 0xDF09, 0xDF13, 0xDF1F,
- 0xDF2B, 0xDF33, 0xDF37, 0xDF3D, 0xDF4B, 0xDF55, 0xDF5B, 0xDF67,
- 0xDF69, 0xDF73, 0xDF85, 0xDF87, 0xDF99, 0xDFA3, 0xDFAB, 0xDFB5,
- 0xDFB7, 0xDFC3, 0xDFC7, 0xDFD5, 0xDFF1, 0xDFF3, 0xE003, 0xE005,
- 0xE017, 0xE01D, 0xE027, 0xE02D, 0xE035, 0xE045, 0xE053, 0xE071,
- 0xE07B, 0xE08F, 0xE095, 0xE09F, 0xE0B7, 0xE0B9, 0xE0D5, 0xE0D7,
- 0xE0E3, 0xE0F3, 0xE0F9, 0xE101, 0xE125, 0xE129, 0xE131, 0xE135,
- 0xE143, 0xE14F, 0xE159, 0xE161, 0xE16D, 0xE171, 0xE177, 0xE17F,
- 0xE183, 0xE189, 0xE197, 0xE1AD, 0xE1B5, 0xE1BB, 0xE1BF, 0xE1C1,
- 0xE1CB, 0xE1D1, 0xE1E5, 0xE1EF, 0xE1F7, 0xE1FD, 0xE203, 0xE219,
- 0xE22B, 0xE22D, 0xE23D, 0xE243, 0xE257, 0xE25B, 0xE275, 0xE279,
- 0xE287, 0xE29D, 0xE2AB, 0xE2AF, 0xE2BB, 0xE2C1, 0xE2C9, 0xE2CD,
- 0xE2D3, 0xE2D9, 0xE2F3, 0xE2FD, 0xE2FF, 0xE311, 0xE323, 0xE327,
- 0xE329, 0xE339, 0xE33B, 0xE34D, 0xE351, 0xE357, 0xE35F, 0xE363,
- 0xE369, 0xE375, 0xE377, 0xE37D, 0xE383, 0xE39F, 0xE3C5, 0xE3C9,
- 0xE3D1, 0xE3E1, 0xE3FB, 0xE3FF, 0xE401, 0xE40B, 0xE417, 0xE419,
- 0xE423, 0xE42B, 0xE431, 0xE43B, 0xE447, 0xE449, 0xE453, 0xE455,
- 0xE46D, 0xE471, 0xE48F, 0xE4A9, 0xE4AF, 0xE4B5, 0xE4C7, 0xE4CD,
- 0xE4D3, 0xE4E9, 0xE4EB, 0xE4F5, 0xE507, 0xE521, 0xE525, 0xE537,
- 0xE53F, 0xE545, 0xE54B, 0xE557, 0xE567, 0xE56D, 0xE575, 0xE585,
- 0xE58B, 0xE593, 0xE5A3, 0xE5A5, 0xE5CF, 0xE609, 0xE611, 0xE615,
- 0xE61B, 0xE61D, 0xE621, 0xE629, 0xE639, 0xE63F, 0xE653, 0xE657,
- 0xE663, 0xE66F, 0xE675, 0xE681, 0xE683, 0xE68D, 0xE68F, 0xE695,
- 0xE6AB, 0xE6AD, 0xE6B7, 0xE6BD, 0xE6C5, 0xE6CB, 0xE6D5, 0xE6E3,
- 0xE6E9, 0xE6EF, 0xE6F3, 0xE705, 0xE70D, 0xE717, 0xE71F, 0xE72F,
- 0xE73D, 0xE747, 0xE749, 0xE753, 0xE755, 0xE761, 0xE767, 0xE76B,
- 0xE77F, 0xE789, 0xE791, 0xE7C5, 0xE7CD, 0xE7D7, 0xE7DD, 0xE7DF,
- 0xE7E9, 0xE7F1, 0xE7FB, 0xE801, 0xE807, 0xE80F, 0xE819, 0xE81B,
- 0xE831, 0xE833, 0xE837, 0xE83D, 0xE84B, 0xE84F, 0xE851, 0xE869,
- 0xE875, 0xE879, 0xE893, 0xE8A5, 0xE8A9, 0xE8AF, 0xE8BD, 0xE8DB,
- 0xE8E1, 0xE8E5, 0xE8EB, 0xE8ED, 0xE903, 0xE90B, 0xE90F, 0xE915,
- 0xE917, 0xE92D, 0xE933, 0xE93B, 0xE94B, 0xE951, 0xE95F, 0xE963,
- 0xE969, 0xE97B, 0xE983, 0xE98F, 0xE995, 0xE9A1, 0xE9B9, 0xE9D7,
- 0xE9E7, 0xE9EF, 0xEA11, 0xEA19, 0xEA2F, 0xEA35, 0xEA43, 0xEA4D,
- 0xEA5F, 0xEA6D, 0xEA71, 0xEA7D, 0xEA85, 0xEA89, 0xEAAD, 0xEAB3,
- 0xEAB9, 0xEABB, 0xEAC5, 0xEAC7, 0xEACB, 0xEADF, 0xEAE5, 0xEAEB,
- 0xEAF5, 0xEB01, 0xEB07, 0xEB09, 0xEB31, 0xEB39, 0xEB3F, 0xEB5B,
- 0xEB61, 0xEB63, 0xEB6F, 0xEB81, 0xEB85, 0xEB9D, 0xEBAB, 0xEBB1,
- 0xEBB7, 0xEBC1, 0xEBD5, 0xEBDF, 0xEBED, 0xEBFD, 0xEC0B, 0xEC1B,
- 0xEC21, 0xEC29, 0xEC4D, 0xEC51, 0xEC5D, 0xEC69, 0xEC6F, 0xEC7B,
- 0xECAD, 0xECB9, 0xECBF, 0xECC3, 0xECC9, 0xECCF, 0xECD7, 0xECDD,
- 0xECE7, 0xECE9, 0xECF3, 0xECF5, 0xED07, 0xED11, 0xED1F, 0xED2F,
- 0xED37, 0xED3D, 0xED41, 0xED55, 0xED59, 0xED5B, 0xED65, 0xED6B,
- 0xED79, 0xED8B, 0xED95, 0xEDBB, 0xEDC5, 0xEDD7, 0xEDD9, 0xEDE3,
- 0xEDE5, 0xEDF1, 0xEDF5, 0xEDF7, 0xEDFB, 0xEE09, 0xEE0F, 0xEE19,
- 0xEE21, 0xEE49, 0xEE4F, 0xEE63, 0xEE67, 0xEE73, 0xEE7B, 0xEE81,
- 0xEEA3, 0xEEAB, 0xEEC1, 0xEEC9, 0xEED5, 0xEEDF, 0xEEE1, 0xEEF1,
- 0xEF1B, 0xEF27, 0xEF2F, 0xEF45, 0xEF4D, 0xEF63, 0xEF6B, 0xEF71,
- 0xEF93, 0xEF95, 0xEF9B, 0xEF9F, 0xEFAD, 0xEFB3, 0xEFC3, 0xEFC5,
- 0xEFDB, 0xEFE1, 0xEFE9, 0xF001, 0xF017, 0xF01D, 0xF01F, 0xF02B,
- 0xF02F, 0xF035, 0xF043, 0xF047, 0xF04F, 0xF067, 0xF06B, 0xF071,
- 0xF077, 0xF079, 0xF08F, 0xF0A3, 0xF0A9, 0xF0AD, 0xF0BB, 0xF0BF,
- 0xF0C5, 0xF0CB, 0xF0D3, 0xF0D9, 0xF0E3, 0xF0E9, 0xF0F1, 0xF0F7,
- 0xF107, 0xF115, 0xF11B, 0xF121, 0xF137, 0xF13D, 0xF155, 0xF175,
- 0xF17B, 0xF18D, 0xF193, 0xF1A5, 0xF1AF, 0xF1B7, 0xF1D5, 0xF1E7,
- 0xF1ED, 0xF1FD, 0xF209, 0xF20F, 0xF21B, 0xF21D, 0xF223, 0xF227,
- 0xF233, 0xF23B, 0xF241, 0xF257, 0xF25F, 0xF265, 0xF269, 0xF277,
- 0xF281, 0xF293, 0xF2A7, 0xF2B1, 0xF2B3, 0xF2B9, 0xF2BD, 0xF2BF,
- 0xF2DB, 0xF2ED, 0xF2EF, 0xF2F9, 0xF2FF, 0xF305, 0xF30B, 0xF319,
- 0xF341, 0xF359, 0xF35B, 0xF35F, 0xF367, 0xF373, 0xF377, 0xF38B,
- 0xF38F, 0xF3AF, 0xF3C1, 0xF3D1, 0xF3D7, 0xF3FB, 0xF403, 0xF409,
- 0xF40D, 0xF413, 0xF421, 0xF425, 0xF42B, 0xF445, 0xF44B, 0xF455,
- 0xF463, 0xF475, 0xF47F, 0xF485, 0xF48B, 0xF499, 0xF4A3, 0xF4A9,
- 0xF4AF, 0xF4BD, 0xF4C3, 0xF4DB, 0xF4DF, 0xF4ED, 0xF503, 0xF50B,
- 0xF517, 0xF521, 0xF529, 0xF535, 0xF547, 0xF551, 0xF563, 0xF56B,
- 0xF583, 0xF58D, 0xF595, 0xF599, 0xF5B1, 0xF5B7, 0xF5C9, 0xF5CF,
- 0xF5D1, 0xF5DB, 0xF5F9, 0xF5FB, 0xF605, 0xF607, 0xF60B, 0xF60D,
- 0xF635, 0xF637, 0xF653, 0xF65B, 0xF661, 0xF667, 0xF679, 0xF67F,
- 0xF689, 0xF697, 0xF69B, 0xF6AD, 0xF6CB, 0xF6DD, 0xF6DF, 0xF6EB,
- 0xF709, 0xF70F, 0xF72D, 0xF731, 0xF743, 0xF74F, 0xF751, 0xF755,
- 0xF763, 0xF769, 0xF773, 0xF779, 0xF781, 0xF787, 0xF791, 0xF79D,
- 0xF79F, 0xF7A5, 0xF7B1, 0xF7BB, 0xF7BD, 0xF7CF, 0xF7D3, 0xF7E7,
- 0xF7EB, 0xF7F1, 0xF7FF, 0xF805, 0xF80B, 0xF821, 0xF827, 0xF82D,
- 0xF835, 0xF847, 0xF859, 0xF863, 0xF865, 0xF86F, 0xF871, 0xF877,
- 0xF87B, 0xF881, 0xF88D, 0xF89F, 0xF8A1, 0xF8AB, 0xF8B3, 0xF8B7,
- 0xF8C9, 0xF8CB, 0xF8D1, 0xF8D7, 0xF8DD, 0xF8E7, 0xF8EF, 0xF8F9,
- 0xF8FF, 0xF911, 0xF91D, 0xF925, 0xF931, 0xF937, 0xF93B, 0xF941,
- 0xF94F, 0xF95F, 0xF961, 0xF96D, 0xF971, 0xF977, 0xF99D, 0xF9A3,
- 0xF9A9, 0xF9B9, 0xF9CD, 0xF9E9, 0xF9FD, 0xFA07, 0xFA0D, 0xFA13,
- 0xFA21, 0xFA25, 0xFA3F, 0xFA43, 0xFA51, 0xFA5B, 0xFA6D, 0xFA7B,
- 0xFA97, 0xFA99, 0xFA9D, 0xFAAB, 0xFABB, 0xFABD, 0xFAD9, 0xFADF,
- 0xFAE7, 0xFAED, 0xFB0F, 0xFB17, 0xFB1B, 0xFB2D, 0xFB2F, 0xFB3F,
- 0xFB47, 0xFB4D, 0xFB75, 0xFB7D, 0xFB8F, 0xFB93, 0xFBB1, 0xFBB7,
- 0xFBC3, 0xFBC5, 0xFBE3, 0xFBE9, 0xFBF3, 0xFC01, 0xFC29, 0xFC37,
- 0xFC41, 0xFC43, 0xFC4F, 0xFC59, 0xFC61, 0xFC65, 0xFC6D, 0xFC73,
- 0xFC79, 0xFC95, 0xFC97, 0xFC9B, 0xFCA7, 0xFCB5, 0xFCC5, 0xFCCD,
- 0xFCEB, 0xFCFB, 0xFD0D, 0xFD0F, 0xFD19, 0xFD2B, 0xFD31, 0xFD51,
- 0xFD55, 0xFD67, 0xFD6D, 0xFD6F, 0xFD7B, 0xFD85, 0xFD97, 0xFD99,
- 0xFD9F, 0xFDA9, 0xFDB7, 0xFDC9, 0xFDE5, 0xFDEB, 0xFDF3, 0xFE03,
- 0xFE05, 0xFE09, 0xFE1D, 0xFE27, 0xFE2F, 0xFE41, 0xFE4B, 0xFE4D,
- 0xFE57, 0xFE5F, 0xFE63, 0xFE69, 0xFE75, 0xFE7B, 0xFE8F, 0xFE93,
- 0xFE95, 0xFE9B, 0xFE9F, 0xFEB3, 0xFEBD, 0xFED7, 0xFEE9, 0xFEF3,
- 0xFEF5, 0xFF07, 0xFF0D, 0xFF1D, 0xFF2B, 0xFF2F, 0xFF49, 0xFF4D,
- 0xFF5B, 0xFF65, 0xFF71, 0xFF7F, 0xFF85, 0xFF8B, 0xFF8F, 0xFF9D,
- 0xFFA7, 0xFFA9, 0xFFC7, 0xFFD9, 0xFFEF, 0xFFF1,
+const mp_digit prime_tab[] = {
+ 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
+ 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
+ 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
+ 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083,
+ 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
+ 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
+ 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
+ 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
+ 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
+ 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
+ 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
+ 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
+ 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
+ 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
+ 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
+ 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
+#if !SMALL_TABLE
+ 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
+ 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
+ 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
+ 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
+ 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
+ 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
+ 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
+ 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
+ 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
+ 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
+ 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
+ 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
+ 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
+ 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
+ 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
+ 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653,
+ 0x0655, 0x065B, 0x0665, 0x0679, 0x067F, 0x0683, 0x0685, 0x069D,
+ 0x06A1, 0x06A3, 0x06AD, 0x06B9, 0x06BB, 0x06C5, 0x06CD, 0x06D3,
+ 0x06D9, 0x06DF, 0x06F1, 0x06F7, 0x06FB, 0x06FD, 0x0709, 0x0713,
+ 0x071F, 0x0727, 0x0737, 0x0745, 0x074B, 0x074F, 0x0751, 0x0755,
+ 0x0757, 0x0761, 0x076D, 0x0773, 0x0779, 0x078B, 0x078D, 0x079D,
+ 0x079F, 0x07B5, 0x07BB, 0x07C3, 0x07C9, 0x07CD, 0x07CF, 0x07D3,
+ 0x07DB, 0x07E1, 0x07EB, 0x07ED, 0x07F7, 0x0805, 0x080F, 0x0815,
+ 0x0821, 0x0823, 0x0827, 0x0829, 0x0833, 0x083F, 0x0841, 0x0851,
+ 0x0853, 0x0859, 0x085D, 0x085F, 0x0869, 0x0871, 0x0883, 0x089B,
+ 0x089F, 0x08A5, 0x08AD, 0x08BD, 0x08BF, 0x08C3, 0x08CB, 0x08DB,
+ 0x08DD, 0x08E1, 0x08E9, 0x08EF, 0x08F5, 0x08F9, 0x0905, 0x0907,
+ 0x091D, 0x0923, 0x0925, 0x092B, 0x092F, 0x0935, 0x0943, 0x0949,
+ 0x094D, 0x094F, 0x0955, 0x0959, 0x095F, 0x096B, 0x0971, 0x0977,
+ 0x0985, 0x0989, 0x098F, 0x099B, 0x09A3, 0x09A9, 0x09AD, 0x09C7,
+ 0x09D9, 0x09E3, 0x09EB, 0x09EF, 0x09F5, 0x09F7, 0x09FD, 0x0A13,
+ 0x0A1F, 0x0A21, 0x0A31, 0x0A39, 0x0A3D, 0x0A49, 0x0A57, 0x0A61,
+ 0x0A63, 0x0A67, 0x0A6F, 0x0A75, 0x0A7B, 0x0A7F, 0x0A81, 0x0A85,
+ 0x0A8B, 0x0A93, 0x0A97, 0x0A99, 0x0A9F, 0x0AA9, 0x0AAB, 0x0AB5,
+ 0x0ABD, 0x0AC1, 0x0ACF, 0x0AD9, 0x0AE5, 0x0AE7, 0x0AED, 0x0AF1,
+ 0x0AF3, 0x0B03, 0x0B11, 0x0B15, 0x0B1B, 0x0B23, 0x0B29, 0x0B2D,
+ 0x0B3F, 0x0B47, 0x0B51, 0x0B57, 0x0B5D, 0x0B65, 0x0B6F, 0x0B7B,
+ 0x0B89, 0x0B8D, 0x0B93, 0x0B99, 0x0B9B, 0x0BB7, 0x0BB9, 0x0BC3,
+ 0x0BCB, 0x0BCF, 0x0BDD, 0x0BE1, 0x0BE9, 0x0BF5, 0x0BFB, 0x0C07,
+ 0x0C0B, 0x0C11, 0x0C25, 0x0C2F, 0x0C31, 0x0C41, 0x0C5B, 0x0C5F,
+ 0x0C61, 0x0C6D, 0x0C73, 0x0C77, 0x0C83, 0x0C89, 0x0C91, 0x0C95,
+ 0x0C9D, 0x0CB3, 0x0CB5, 0x0CB9, 0x0CBB, 0x0CC7, 0x0CE3, 0x0CE5,
+ 0x0CEB, 0x0CF1, 0x0CF7, 0x0CFB, 0x0D01, 0x0D03, 0x0D0F, 0x0D13,
+ 0x0D1F, 0x0D21, 0x0D2B, 0x0D2D, 0x0D3D, 0x0D3F, 0x0D4F, 0x0D55,
+ 0x0D69, 0x0D79, 0x0D81, 0x0D85, 0x0D87, 0x0D8B, 0x0D8D, 0x0DA3,
+ 0x0DAB, 0x0DB7, 0x0DBD, 0x0DC7, 0x0DC9, 0x0DCD, 0x0DD3, 0x0DD5,
+ 0x0DDB, 0x0DE5, 0x0DE7, 0x0DF3, 0x0DFD, 0x0DFF, 0x0E09, 0x0E17,
+ 0x0E1D, 0x0E21, 0x0E27, 0x0E2F, 0x0E35, 0x0E3B, 0x0E4B, 0x0E57,
+ 0x0E59, 0x0E5D, 0x0E6B, 0x0E71, 0x0E75, 0x0E7D, 0x0E87, 0x0E8F,
+ 0x0E95, 0x0E9B, 0x0EB1, 0x0EB7, 0x0EB9, 0x0EC3, 0x0ED1, 0x0ED5,
+ 0x0EDB, 0x0EED, 0x0EEF, 0x0EF9, 0x0F07, 0x0F0B, 0x0F0D, 0x0F17,
+ 0x0F25, 0x0F29, 0x0F31, 0x0F43, 0x0F47, 0x0F4D, 0x0F4F, 0x0F53,
+ 0x0F59, 0x0F5B, 0x0F67, 0x0F6B, 0x0F7F, 0x0F95, 0x0FA1, 0x0FA3,
+ 0x0FA7, 0x0FAD, 0x0FB3, 0x0FB5, 0x0FBB, 0x0FD1, 0x0FD3, 0x0FD9,
+ 0x0FE9, 0x0FEF, 0x0FFB, 0x0FFD, 0x1003, 0x100F, 0x101F, 0x1021,
+ 0x1025, 0x102B, 0x1039, 0x103D, 0x103F, 0x1051, 0x1069, 0x1073,
+ 0x1079, 0x107B, 0x1085, 0x1087, 0x1091, 0x1093, 0x109D, 0x10A3,
+ 0x10A5, 0x10AF, 0x10B1, 0x10BB, 0x10C1, 0x10C9, 0x10E7, 0x10F1,
+ 0x10F3, 0x10FD, 0x1105, 0x110B, 0x1115, 0x1127, 0x112D, 0x1139,
+ 0x1145, 0x1147, 0x1159, 0x115F, 0x1163, 0x1169, 0x116F, 0x1181,
+ 0x1183, 0x118D, 0x119B, 0x11A1, 0x11A5, 0x11A7, 0x11AB, 0x11C3,
+ 0x11C5, 0x11D1, 0x11D7, 0x11E7, 0x11EF, 0x11F5, 0x11FB, 0x120D,
+ 0x121D, 0x121F, 0x1223, 0x1229, 0x122B, 0x1231, 0x1237, 0x1241,
+ 0x1247, 0x1253, 0x125F, 0x1271, 0x1273, 0x1279, 0x127D, 0x128F,
+ 0x1297, 0x12AF, 0x12B3, 0x12B5, 0x12B9, 0x12BF, 0x12C1, 0x12CD,
+ 0x12D1, 0x12DF, 0x12FD, 0x1307, 0x130D, 0x1319, 0x1327, 0x132D,
+ 0x1337, 0x1343, 0x1345, 0x1349, 0x134F, 0x1357, 0x135D, 0x1367,
+ 0x1369, 0x136D, 0x137B, 0x1381, 0x1387, 0x138B, 0x1391, 0x1393,
+ 0x139D, 0x139F, 0x13AF, 0x13BB, 0x13C3, 0x13D5, 0x13D9, 0x13DF,
+ 0x13EB, 0x13ED, 0x13F3, 0x13F9, 0x13FF, 0x141B, 0x1421, 0x142F,
+ 0x1433, 0x143B, 0x1445, 0x144D, 0x1459, 0x146B, 0x146F, 0x1471,
+ 0x1475, 0x148D, 0x1499, 0x149F, 0x14A1, 0x14B1, 0x14B7, 0x14BD,
+ 0x14CB, 0x14D5, 0x14E3, 0x14E7, 0x1505, 0x150B, 0x1511, 0x1517,
+ 0x151F, 0x1525, 0x1529, 0x152B, 0x1537, 0x153D, 0x1541, 0x1543,
+ 0x1549, 0x155F, 0x1565, 0x1567, 0x156B, 0x157D, 0x157F, 0x1583,
+ 0x158F, 0x1591, 0x1597, 0x159B, 0x15B5, 0x15BB, 0x15C1, 0x15C5,
+ 0x15CD, 0x15D7, 0x15F7, 0x1607, 0x1609, 0x160F, 0x1613, 0x1615,
+ 0x1619, 0x161B, 0x1625, 0x1633, 0x1639, 0x163D, 0x1645, 0x164F,
+ 0x1655, 0x1669, 0x166D, 0x166F, 0x1675, 0x1693, 0x1697, 0x169F,
+ 0x16A9, 0x16AF, 0x16B5, 0x16BD, 0x16C3, 0x16CF, 0x16D3, 0x16D9,
+ 0x16DB, 0x16E1, 0x16E5, 0x16EB, 0x16ED, 0x16F7, 0x16F9, 0x1709,
+ 0x170F, 0x1723, 0x1727, 0x1733, 0x1741, 0x175D, 0x1763, 0x1777,
+ 0x177B, 0x178D, 0x1795, 0x179B, 0x179F, 0x17A5, 0x17B3, 0x17B9,
+ 0x17BF, 0x17C9, 0x17CB, 0x17D5, 0x17E1, 0x17E9, 0x17F3, 0x17F5,
+ 0x17FF, 0x1807, 0x1813, 0x181D, 0x1835, 0x1837, 0x183B, 0x1843,
+ 0x1849, 0x184D, 0x1855, 0x1867, 0x1871, 0x1877, 0x187D, 0x187F,
+ 0x1885, 0x188F, 0x189B, 0x189D, 0x18A7, 0x18AD, 0x18B3, 0x18B9,
+ 0x18C1, 0x18C7, 0x18D1, 0x18D7, 0x18D9, 0x18DF, 0x18E5, 0x18EB,
+ 0x18F5, 0x18FD, 0x1915, 0x191B, 0x1931, 0x1933, 0x1945, 0x1949,
+ 0x1951, 0x195B, 0x1979, 0x1981, 0x1993, 0x1997, 0x1999, 0x19A3,
+ 0x19A9, 0x19AB, 0x19B1, 0x19B5, 0x19C7, 0x19CF, 0x19DB, 0x19ED,
+ 0x19FD, 0x1A03, 0x1A05, 0x1A11, 0x1A17, 0x1A21, 0x1A23, 0x1A2D,
+ 0x1A2F, 0x1A35, 0x1A3F, 0x1A4D, 0x1A51, 0x1A69, 0x1A6B, 0x1A7B,
+ 0x1A7D, 0x1A87, 0x1A89, 0x1A93, 0x1AA7, 0x1AAB, 0x1AAD, 0x1AB1,
+ 0x1AB9, 0x1AC9, 0x1ACF, 0x1AD5, 0x1AD7, 0x1AE3, 0x1AF3, 0x1AFB,
+ 0x1AFF, 0x1B05, 0x1B23, 0x1B25, 0x1B2F, 0x1B31, 0x1B37, 0x1B3B,
+ 0x1B41, 0x1B47, 0x1B4F, 0x1B55, 0x1B59, 0x1B65, 0x1B6B, 0x1B73,
+ 0x1B7F, 0x1B83, 0x1B91, 0x1B9D, 0x1BA7, 0x1BBF, 0x1BC5, 0x1BD1,
+ 0x1BD7, 0x1BD9, 0x1BEF, 0x1BF7, 0x1C09, 0x1C13, 0x1C19, 0x1C27,
+ 0x1C2B, 0x1C2D, 0x1C33, 0x1C3D, 0x1C45, 0x1C4B, 0x1C4F, 0x1C55,
+ 0x1C73, 0x1C81, 0x1C8B, 0x1C8D, 0x1C99, 0x1CA3, 0x1CA5, 0x1CB5,
+ 0x1CB7, 0x1CC9, 0x1CE1, 0x1CF3, 0x1CF9, 0x1D09, 0x1D1B, 0x1D21,
+ 0x1D23, 0x1D35, 0x1D39, 0x1D3F, 0x1D41, 0x1D4B, 0x1D53, 0x1D5D,
+ 0x1D63, 0x1D69, 0x1D71, 0x1D75, 0x1D7B, 0x1D7D, 0x1D87, 0x1D89,
+ 0x1D95, 0x1D99, 0x1D9F, 0x1DA5, 0x1DA7, 0x1DB3, 0x1DB7, 0x1DC5,
+ 0x1DD7, 0x1DDB, 0x1DE1, 0x1DF5, 0x1DF9, 0x1E01, 0x1E07, 0x1E0B,
+ 0x1E13, 0x1E17, 0x1E25, 0x1E2B, 0x1E2F, 0x1E3D, 0x1E49, 0x1E4D,
+ 0x1E4F, 0x1E6D, 0x1E71, 0x1E89, 0x1E8F, 0x1E95, 0x1EA1, 0x1EAD,
+ 0x1EBB, 0x1EC1, 0x1EC5, 0x1EC7, 0x1ECB, 0x1EDD, 0x1EE3, 0x1EEF,
+ 0x1EF7, 0x1EFD, 0x1F01, 0x1F0D, 0x1F0F, 0x1F1B, 0x1F39, 0x1F49,
+ 0x1F4B, 0x1F51, 0x1F67, 0x1F75, 0x1F7B, 0x1F85, 0x1F91, 0x1F97,
+ 0x1F99, 0x1F9D, 0x1FA5, 0x1FAF, 0x1FB5, 0x1FBB, 0x1FD3, 0x1FE1,
+ 0x1FE7, 0x1FEB, 0x1FF3, 0x1FFF, 0x2011, 0x201B, 0x201D, 0x2027,
+ 0x2029, 0x202D, 0x2033, 0x2047, 0x204D, 0x2051, 0x205F, 0x2063,
+ 0x2065, 0x2069, 0x2077, 0x207D, 0x2089, 0x20A1, 0x20AB, 0x20B1,
+ 0x20B9, 0x20C3, 0x20C5, 0x20E3, 0x20E7, 0x20ED, 0x20EF, 0x20FB,
+ 0x20FF, 0x210D, 0x2113, 0x2135, 0x2141, 0x2149, 0x214F, 0x2159,
+ 0x215B, 0x215F, 0x2173, 0x217D, 0x2185, 0x2195, 0x2197, 0x21A1,
+ 0x21AF, 0x21B3, 0x21B5, 0x21C1, 0x21C7, 0x21D7, 0x21DD, 0x21E5,
+ 0x21E9, 0x21F1, 0x21F5, 0x21FB, 0x2203, 0x2209, 0x220F, 0x221B,
+ 0x2221, 0x2225, 0x222B, 0x2231, 0x2239, 0x224B, 0x224F, 0x2263,
+ 0x2267, 0x2273, 0x2275, 0x227F, 0x2285, 0x2287, 0x2291, 0x229D,
+ 0x229F, 0x22A3, 0x22B7, 0x22BD, 0x22DB, 0x22E1, 0x22E5, 0x22ED,
+ 0x22F7, 0x2303, 0x2309, 0x230B, 0x2327, 0x2329, 0x232F, 0x2333,
+ 0x2335, 0x2345, 0x2351, 0x2353, 0x2359, 0x2363, 0x236B, 0x2383,
+ 0x238F, 0x2395, 0x23A7, 0x23AD, 0x23B1, 0x23BF, 0x23C5, 0x23C9,
+ 0x23D5, 0x23DD, 0x23E3, 0x23EF, 0x23F3, 0x23F9, 0x2405, 0x240B,
+ 0x2417, 0x2419, 0x2429, 0x243D, 0x2441, 0x2443, 0x244D, 0x245F,
+ 0x2467, 0x246B, 0x2479, 0x247D, 0x247F, 0x2485, 0x249B, 0x24A1,
+ 0x24AF, 0x24B5, 0x24BB, 0x24C5, 0x24CB, 0x24CD, 0x24D7, 0x24D9,
+ 0x24DD, 0x24DF, 0x24F5, 0x24F7, 0x24FB, 0x2501, 0x2507, 0x2513,
+ 0x2519, 0x2527, 0x2531, 0x253D, 0x2543, 0x254B, 0x254F, 0x2573,
+ 0x2581, 0x258D, 0x2593, 0x2597, 0x259D, 0x259F, 0x25AB, 0x25B1,
+ 0x25BD, 0x25CD, 0x25CF, 0x25D9, 0x25E1, 0x25F7, 0x25F9, 0x2605,
+ 0x260B, 0x260F, 0x2615, 0x2627, 0x2629, 0x2635, 0x263B, 0x263F,
+ 0x264B, 0x2653, 0x2659, 0x2665, 0x2669, 0x266F, 0x267B, 0x2681,
+ 0x2683, 0x268F, 0x269B, 0x269F, 0x26AD, 0x26B3, 0x26C3, 0x26C9,
+ 0x26CB, 0x26D5, 0x26DD, 0x26EF, 0x26F5, 0x2717, 0x2719, 0x2735,
+ 0x2737, 0x274D, 0x2753, 0x2755, 0x275F, 0x276B, 0x276D, 0x2773,
+ 0x2777, 0x277F, 0x2795, 0x279B, 0x279D, 0x27A7, 0x27AF, 0x27B3,
+ 0x27B9, 0x27C1, 0x27C5, 0x27D1, 0x27E3, 0x27EF, 0x2803, 0x2807,
+ 0x280D, 0x2813, 0x281B, 0x281F, 0x2821, 0x2831, 0x283D, 0x283F,
+ 0x2849, 0x2851, 0x285B, 0x285D, 0x2861, 0x2867, 0x2875, 0x2881,
+ 0x2897, 0x289F, 0x28BB, 0x28BD, 0x28C1, 0x28D5, 0x28D9, 0x28DB,
+ 0x28DF, 0x28ED, 0x28F7, 0x2903, 0x2905, 0x2911, 0x2921, 0x2923,
+ 0x293F, 0x2947, 0x295D, 0x2965, 0x2969, 0x296F, 0x2975, 0x2983,
+ 0x2987, 0x298F, 0x299B, 0x29A1, 0x29A7, 0x29AB, 0x29BF, 0x29C3,
+ 0x29D5, 0x29D7, 0x29E3, 0x29E9, 0x29ED, 0x29F3, 0x2A01, 0x2A13,
+ 0x2A1D, 0x2A25, 0x2A2F, 0x2A4F, 0x2A55, 0x2A5F, 0x2A65, 0x2A6B,
+ 0x2A6D, 0x2A73, 0x2A83, 0x2A89, 0x2A8B, 0x2A97, 0x2A9D, 0x2AB9,
+ 0x2ABB, 0x2AC5, 0x2ACD, 0x2ADD, 0x2AE3, 0x2AEB, 0x2AF1, 0x2AFB,
+ 0x2B13, 0x2B27, 0x2B31, 0x2B33, 0x2B3D, 0x2B3F, 0x2B4B, 0x2B4F,
+ 0x2B55, 0x2B69, 0x2B6D, 0x2B6F, 0x2B7B, 0x2B8D, 0x2B97, 0x2B99,
+ 0x2BA3, 0x2BA5, 0x2BA9, 0x2BBD, 0x2BCD, 0x2BE7, 0x2BEB, 0x2BF3,
+ 0x2BF9, 0x2BFD, 0x2C09, 0x2C0F, 0x2C17, 0x2C23, 0x2C2F, 0x2C35,
+ 0x2C39, 0x2C41, 0x2C57, 0x2C59, 0x2C69, 0x2C77, 0x2C81, 0x2C87,
+ 0x2C93, 0x2C9F, 0x2CAD, 0x2CB3, 0x2CB7, 0x2CCB, 0x2CCF, 0x2CDB,
+ 0x2CE1, 0x2CE3, 0x2CE9, 0x2CEF, 0x2CFF, 0x2D07, 0x2D1D, 0x2D1F,
+ 0x2D3B, 0x2D43, 0x2D49, 0x2D4D, 0x2D61, 0x2D65, 0x2D71, 0x2D89,
+ 0x2D9D, 0x2DA1, 0x2DA9, 0x2DB3, 0x2DB5, 0x2DC5, 0x2DC7, 0x2DD3,
+ 0x2DDF, 0x2E01, 0x2E03, 0x2E07, 0x2E0D, 0x2E19, 0x2E1F, 0x2E25,
+ 0x2E2D, 0x2E33, 0x2E37, 0x2E39, 0x2E3F, 0x2E57, 0x2E5B, 0x2E6F,
+ 0x2E79, 0x2E7F, 0x2E85, 0x2E93, 0x2E97, 0x2E9D, 0x2EA3, 0x2EA5,
+ 0x2EB1, 0x2EB7, 0x2EC1, 0x2EC3, 0x2ECD, 0x2ED3, 0x2EE7, 0x2EEB,
+ 0x2F05, 0x2F09, 0x2F0B, 0x2F11, 0x2F27, 0x2F29, 0x2F41, 0x2F45,
+ 0x2F4B, 0x2F4D, 0x2F51, 0x2F57, 0x2F6F, 0x2F75, 0x2F7D, 0x2F81,
+ 0x2F83, 0x2FA5, 0x2FAB, 0x2FB3, 0x2FC3, 0x2FCF, 0x2FD1, 0x2FDB,
+ 0x2FDD, 0x2FE7, 0x2FED, 0x2FF5, 0x2FF9, 0x3001, 0x300D, 0x3023,
+ 0x3029, 0x3037, 0x303B, 0x3055, 0x3059, 0x305B, 0x3067, 0x3071,
+ 0x3079, 0x307D, 0x3085, 0x3091, 0x3095, 0x30A3, 0x30A9, 0x30B9,
+ 0x30BF, 0x30C7, 0x30CB, 0x30D1, 0x30D7, 0x30DF, 0x30E5, 0x30EF,
+ 0x30FB, 0x30FD, 0x3103, 0x3109, 0x3119, 0x3121, 0x3127, 0x312D,
+ 0x3139, 0x3143, 0x3145, 0x314B, 0x315D, 0x3161, 0x3167, 0x316D,
+ 0x3173, 0x317F, 0x3191, 0x3199, 0x319F, 0x31A9, 0x31B1, 0x31C3,
+ 0x31C7, 0x31D5, 0x31DB, 0x31ED, 0x31F7, 0x31FF, 0x3209, 0x3215,
+ 0x3217, 0x321D, 0x3229, 0x3235, 0x3259, 0x325D, 0x3263, 0x326B,
+ 0x326F, 0x3275, 0x3277, 0x327B, 0x328D, 0x3299, 0x329F, 0x32A7,
+ 0x32AD, 0x32B3, 0x32B7, 0x32C9, 0x32CB, 0x32CF, 0x32D1, 0x32E9,
+ 0x32ED, 0x32F3, 0x32F9, 0x3307, 0x3325, 0x332B, 0x332F, 0x3335,
+ 0x3341, 0x3347, 0x335B, 0x335F, 0x3367, 0x336B, 0x3373, 0x3379,
+ 0x337F, 0x3383, 0x33A1, 0x33A3, 0x33AD, 0x33B9, 0x33C1, 0x33CB,
+ 0x33D3, 0x33EB, 0x33F1, 0x33FD, 0x3401, 0x340F, 0x3413, 0x3419,
+ 0x341B, 0x3437, 0x3445, 0x3455, 0x3457, 0x3463, 0x3469, 0x346D,
+ 0x3481, 0x348B, 0x3491, 0x3497, 0x349D, 0x34A5, 0x34AF, 0x34BB,
+ 0x34C9, 0x34D3, 0x34E1, 0x34F1, 0x34FF, 0x3509, 0x3517, 0x351D,
+ 0x352D, 0x3533, 0x353B, 0x3541, 0x3551, 0x3565, 0x356F, 0x3571,
+ 0x3577, 0x357B, 0x357D, 0x3581, 0x358D, 0x358F, 0x3599, 0x359B,
+ 0x35A1, 0x35B7, 0x35BD, 0x35BF, 0x35C3, 0x35D5, 0x35DD, 0x35E7,
+ 0x35EF, 0x3605, 0x3607, 0x3611, 0x3623, 0x3631, 0x3635, 0x3637,
+ 0x363B, 0x364D, 0x364F, 0x3653, 0x3659, 0x3661, 0x366B, 0x366D,
+ 0x368B, 0x368F, 0x36AD, 0x36AF, 0x36B9, 0x36BB, 0x36CD, 0x36D1,
+ 0x36E3, 0x36E9, 0x36F7, 0x3701, 0x3703, 0x3707, 0x371B, 0x373F,
+ 0x3745, 0x3749, 0x374F, 0x375D, 0x3761, 0x3775, 0x377F, 0x378D,
+ 0x37A3, 0x37A9, 0x37AB, 0x37C9, 0x37D5, 0x37DF, 0x37F1, 0x37F3,
+ 0x37F7, 0x3805, 0x380B, 0x3821, 0x3833, 0x3835, 0x3841, 0x3847,
+ 0x384B, 0x3853, 0x3857, 0x385F, 0x3865, 0x386F, 0x3871, 0x387D,
+ 0x388F, 0x3899, 0x38A7, 0x38B7, 0x38C5, 0x38C9, 0x38CF, 0x38D5,
+ 0x38D7, 0x38DD, 0x38E1, 0x38E3, 0x38FF, 0x3901, 0x391D, 0x3923,
+ 0x3925, 0x3929, 0x392F, 0x393D, 0x3941, 0x394D, 0x395B, 0x396B,
+ 0x3979, 0x397D, 0x3983, 0x398B, 0x3991, 0x3995, 0x399B, 0x39A1,
+ 0x39A7, 0x39AF, 0x39B3, 0x39BB, 0x39BF, 0x39CD, 0x39DD, 0x39E5,
+ 0x39EB, 0x39EF, 0x39FB, 0x3A03, 0x3A13, 0x3A15, 0x3A1F, 0x3A27,
+ 0x3A2B, 0x3A31, 0x3A4B, 0x3A51, 0x3A5B, 0x3A63, 0x3A67, 0x3A6D,
+ 0x3A79, 0x3A87, 0x3AA5, 0x3AA9, 0x3AB7, 0x3ACD, 0x3AD5, 0x3AE1,
+ 0x3AE5, 0x3AEB, 0x3AF3, 0x3AFD, 0x3B03, 0x3B11, 0x3B1B, 0x3B21,
+ 0x3B23, 0x3B2D, 0x3B39, 0x3B45, 0x3B53, 0x3B59, 0x3B5F, 0x3B71,
+ 0x3B7B, 0x3B81, 0x3B89, 0x3B9B, 0x3B9F, 0x3BA5, 0x3BA7, 0x3BAD,
+ 0x3BB7, 0x3BB9, 0x3BC3, 0x3BCB, 0x3BD1, 0x3BD7, 0x3BE1, 0x3BE3,
+ 0x3BF5, 0x3BFF, 0x3C01, 0x3C0D, 0x3C11, 0x3C17, 0x3C1F, 0x3C29,
+ 0x3C35, 0x3C43, 0x3C4F, 0x3C53, 0x3C5B, 0x3C65, 0x3C6B, 0x3C71,
+ 0x3C85, 0x3C89, 0x3C97, 0x3CA7, 0x3CB5, 0x3CBF, 0x3CC7, 0x3CD1,
+ 0x3CDD, 0x3CDF, 0x3CF1, 0x3CF7, 0x3D03, 0x3D0D, 0x3D19, 0x3D1B,
+ 0x3D1F, 0x3D21, 0x3D2D, 0x3D33, 0x3D37, 0x3D3F, 0x3D43, 0x3D6F,
+ 0x3D73, 0x3D75, 0x3D79, 0x3D7B, 0x3D85, 0x3D91, 0x3D97, 0x3D9D,
+ 0x3DAB, 0x3DAF, 0x3DB5, 0x3DBB, 0x3DC1, 0x3DC9, 0x3DCF, 0x3DF3,
+ 0x3E05, 0x3E09, 0x3E0F, 0x3E11, 0x3E1D, 0x3E23, 0x3E29, 0x3E2F,
+ 0x3E33, 0x3E41, 0x3E57, 0x3E63, 0x3E65, 0x3E77, 0x3E81, 0x3E87,
+ 0x3EA1, 0x3EB9, 0x3EBD, 0x3EBF, 0x3EC3, 0x3EC5, 0x3EC9, 0x3ED7,
+ 0x3EDB, 0x3EE1, 0x3EE7, 0x3EEF, 0x3EFF, 0x3F0B, 0x3F0D, 0x3F37,
+ 0x3F3B, 0x3F3D, 0x3F41, 0x3F59, 0x3F5F, 0x3F65, 0x3F67, 0x3F79,
+ 0x3F7D, 0x3F8B, 0x3F91, 0x3FAD, 0x3FBF, 0x3FCD, 0x3FD3, 0x3FDD,
+ 0x3FE9, 0x3FEB, 0x3FF1, 0x3FFD, 0x401B, 0x4021, 0x4025, 0x402B,
+ 0x4031, 0x403F, 0x4043, 0x4045, 0x405D, 0x4061, 0x4067, 0x406D,
+ 0x4087, 0x4091, 0x40A3, 0x40A9, 0x40B1, 0x40B7, 0x40BD, 0x40DB,
+ 0x40DF, 0x40EB, 0x40F7, 0x40F9, 0x4109, 0x410B, 0x4111, 0x4115,
+ 0x4121, 0x4133, 0x4135, 0x413B, 0x413F, 0x4159, 0x4165, 0x416B,
+ 0x4177, 0x417B, 0x4193, 0x41AB, 0x41B7, 0x41BD, 0x41BF, 0x41CB,
+ 0x41E7, 0x41EF, 0x41F3, 0x41F9, 0x4205, 0x4207, 0x4219, 0x421F,
+ 0x4223, 0x4229, 0x422F, 0x4243, 0x4253, 0x4255, 0x425B, 0x4261,
+ 0x4273, 0x427D, 0x4283, 0x4285, 0x4289, 0x4291, 0x4297, 0x429D,
+ 0x42B5, 0x42C5, 0x42CB, 0x42D3, 0x42DD, 0x42E3, 0x42F1, 0x4307,
+ 0x430F, 0x431F, 0x4325, 0x4327, 0x4333, 0x4337, 0x4339, 0x434F,
+ 0x4357, 0x4369, 0x438B, 0x438D, 0x4393, 0x43A5, 0x43A9, 0x43AF,
+ 0x43B5, 0x43BD, 0x43C7, 0x43CF, 0x43E1, 0x43E7, 0x43EB, 0x43ED,
+ 0x43F1, 0x43F9, 0x4409, 0x440B, 0x4417, 0x4423, 0x4429, 0x443B,
+ 0x443F, 0x4445, 0x444B, 0x4451, 0x4453, 0x4459, 0x4465, 0x446F,
+ 0x4483, 0x448F, 0x44A1, 0x44A5, 0x44AB, 0x44AD, 0x44BD, 0x44BF,
+ 0x44C9, 0x44D7, 0x44DB, 0x44F9, 0x44FB, 0x4505, 0x4511, 0x4513,
+ 0x452B, 0x4531, 0x4541, 0x4549, 0x4553, 0x4555, 0x4561, 0x4577,
+ 0x457D, 0x457F, 0x458F, 0x45A3, 0x45AD, 0x45AF, 0x45BB, 0x45C7,
+ 0x45D9, 0x45E3, 0x45EF, 0x45F5, 0x45F7, 0x4601, 0x4603, 0x4609,
+ 0x4613, 0x4625, 0x4627, 0x4633, 0x4639, 0x463D, 0x4643, 0x4645,
+ 0x465D, 0x4679, 0x467B, 0x467F, 0x4681, 0x468B, 0x468D, 0x469D,
+ 0x46A9, 0x46B1, 0x46C7, 0x46C9, 0x46CF, 0x46D3, 0x46D5, 0x46DF,
+ 0x46E5, 0x46F9, 0x4705, 0x470F, 0x4717, 0x4723, 0x4729, 0x472F,
+ 0x4735, 0x4739, 0x474B, 0x474D, 0x4751, 0x475D, 0x476F, 0x4771,
+ 0x477D, 0x4783, 0x4787, 0x4789, 0x4799, 0x47A5, 0x47B1, 0x47BF,
+ 0x47C3, 0x47CB, 0x47DD, 0x47E1, 0x47ED, 0x47FB, 0x4801, 0x4807,
+ 0x480B, 0x4813, 0x4819, 0x481D, 0x4831, 0x483D, 0x4847, 0x4855,
+ 0x4859, 0x485B, 0x486B, 0x486D, 0x4879, 0x4897, 0x489B, 0x48A1,
+ 0x48B9, 0x48CD, 0x48E5, 0x48EF, 0x48F7, 0x4903, 0x490D, 0x4919,
+ 0x491F, 0x492B, 0x4937, 0x493D, 0x4945, 0x4955, 0x4963, 0x4969,
+ 0x496D, 0x4973, 0x4997, 0x49AB, 0x49B5, 0x49D3, 0x49DF, 0x49E1,
+ 0x49E5, 0x49E7, 0x4A03, 0x4A0F, 0x4A1D, 0x4A23, 0x4A39, 0x4A41,
+ 0x4A45, 0x4A57, 0x4A5D, 0x4A6B, 0x4A7D, 0x4A81, 0x4A87, 0x4A89,
+ 0x4A8F, 0x4AB1, 0x4AC3, 0x4AC5, 0x4AD5, 0x4ADB, 0x4AED, 0x4AEF,
+ 0x4B07, 0x4B0B, 0x4B0D, 0x4B13, 0x4B1F, 0x4B25, 0x4B31, 0x4B3B,
+ 0x4B43, 0x4B49, 0x4B59, 0x4B65, 0x4B6D, 0x4B77, 0x4B85, 0x4BAD,
+ 0x4BB3, 0x4BB5, 0x4BBB, 0x4BBF, 0x4BCB, 0x4BD9, 0x4BDD, 0x4BDF,
+ 0x4BE3, 0x4BE5, 0x4BE9, 0x4BF1, 0x4BF7, 0x4C01, 0x4C07, 0x4C0D,
+ 0x4C0F, 0x4C15, 0x4C1B, 0x4C21, 0x4C2D, 0x4C33, 0x4C4B, 0x4C55,
+ 0x4C57, 0x4C61, 0x4C67, 0x4C73, 0x4C79, 0x4C7F, 0x4C8D, 0x4C93,
+ 0x4C99, 0x4CCD, 0x4CE1, 0x4CE7, 0x4CF1, 0x4CF3, 0x4CFD, 0x4D05,
+ 0x4D0F, 0x4D1B, 0x4D27, 0x4D29, 0x4D2F, 0x4D33, 0x4D41, 0x4D51,
+ 0x4D59, 0x4D65, 0x4D6B, 0x4D81, 0x4D83, 0x4D8D, 0x4D95, 0x4D9B,
+ 0x4DB1, 0x4DB3, 0x4DC9, 0x4DCF, 0x4DD7, 0x4DE1, 0x4DED, 0x4DF9,
+ 0x4DFB, 0x4E05, 0x4E0B, 0x4E17, 0x4E19, 0x4E1D, 0x4E2B, 0x4E35,
+ 0x4E37, 0x4E3D, 0x4E4F, 0x4E53, 0x4E5F, 0x4E67, 0x4E79, 0x4E85,
+ 0x4E8B, 0x4E91, 0x4E95, 0x4E9B, 0x4EA1, 0x4EAF, 0x4EB3, 0x4EB5,
+ 0x4EC1, 0x4ECD, 0x4ED1, 0x4ED7, 0x4EE9, 0x4EFB, 0x4F07, 0x4F09,
+ 0x4F19, 0x4F25, 0x4F2D, 0x4F3F, 0x4F49, 0x4F63, 0x4F67, 0x4F6D,
+ 0x4F75, 0x4F7B, 0x4F81, 0x4F85, 0x4F87, 0x4F91, 0x4FA5, 0x4FA9,
+ 0x4FAF, 0x4FB7, 0x4FBB, 0x4FCF, 0x4FD9, 0x4FDB, 0x4FFD, 0x4FFF,
+ 0x5003, 0x501B, 0x501D, 0x5029, 0x5035, 0x503F, 0x5045, 0x5047,
+ 0x5053, 0x5071, 0x5077, 0x5083, 0x5093, 0x509F, 0x50A1, 0x50B7,
+ 0x50C9, 0x50D5, 0x50E3, 0x50ED, 0x50EF, 0x50FB, 0x5107, 0x510B,
+ 0x510D, 0x5111, 0x5117, 0x5123, 0x5125, 0x5135, 0x5147, 0x5149,
+ 0x5171, 0x5179, 0x5189, 0x518F, 0x5197, 0x51A1, 0x51A3, 0x51A7,
+ 0x51B9, 0x51C1, 0x51CB, 0x51D3, 0x51DF, 0x51E3, 0x51F5, 0x51F7,
+ 0x5209, 0x5213, 0x5215, 0x5219, 0x521B, 0x521F, 0x5227, 0x5243,
+ 0x5245, 0x524B, 0x5261, 0x526D, 0x5273, 0x5281, 0x5293, 0x5297,
+ 0x529D, 0x52A5, 0x52AB, 0x52B1, 0x52BB, 0x52C3, 0x52C7, 0x52C9,
+ 0x52DB, 0x52E5, 0x52EB, 0x52FF, 0x5315, 0x531D, 0x5323, 0x5341,
+ 0x5345, 0x5347, 0x534B, 0x535D, 0x5363, 0x5381, 0x5383, 0x5387,
+ 0x538F, 0x5395, 0x5399, 0x539F, 0x53AB, 0x53B9, 0x53DB, 0x53E9,
+ 0x53EF, 0x53F3, 0x53F5, 0x53FB, 0x53FF, 0x540D, 0x5411, 0x5413,
+ 0x5419, 0x5435, 0x5437, 0x543B, 0x5441, 0x5449, 0x5453, 0x5455,
+ 0x545F, 0x5461, 0x546B, 0x546D, 0x5471, 0x548F, 0x5491, 0x549D,
+ 0x54A9, 0x54B3, 0x54C5, 0x54D1, 0x54DF, 0x54E9, 0x54EB, 0x54F7,
+ 0x54FD, 0x5507, 0x550D, 0x551B, 0x5527, 0x552B, 0x5539, 0x553D,
+ 0x554F, 0x5551, 0x555B, 0x5563, 0x5567, 0x556F, 0x5579, 0x5585,
+ 0x5597, 0x55A9, 0x55B1, 0x55B7, 0x55C9, 0x55D9, 0x55E7, 0x55ED,
+ 0x55F3, 0x55FD, 0x560B, 0x560F, 0x5615, 0x5617, 0x5623, 0x562F,
+ 0x5633, 0x5639, 0x563F, 0x564B, 0x564D, 0x565D, 0x565F, 0x566B,
+ 0x5671, 0x5675, 0x5683, 0x5689, 0x568D, 0x568F, 0x569B, 0x56AD,
+ 0x56B1, 0x56D5, 0x56E7, 0x56F3, 0x56FF, 0x5701, 0x5705, 0x5707,
+ 0x570B, 0x5713, 0x571F, 0x5723, 0x5747, 0x574D, 0x575F, 0x5761,
+ 0x576D, 0x5777, 0x577D, 0x5789, 0x57A1, 0x57A9, 0x57AF, 0x57B5,
+ 0x57C5, 0x57D1, 0x57D3, 0x57E5, 0x57EF, 0x5803, 0x580D, 0x580F,
+ 0x5815, 0x5827, 0x582B, 0x582D, 0x5855, 0x585B, 0x585D, 0x586D,
+ 0x586F, 0x5873, 0x587B, 0x588D, 0x5897, 0x58A3, 0x58A9, 0x58AB,
+ 0x58B5, 0x58BD, 0x58C1, 0x58C7, 0x58D3, 0x58D5, 0x58DF, 0x58F1,
+ 0x58F9, 0x58FF, 0x5903, 0x5917, 0x591B, 0x5921, 0x5945, 0x594B,
+ 0x594D, 0x5957, 0x595D, 0x5975, 0x597B, 0x5989, 0x5999, 0x599F,
+ 0x59B1, 0x59B3, 0x59BD, 0x59D1, 0x59DB, 0x59E3, 0x59E9, 0x59ED,
+ 0x59F3, 0x59F5, 0x59FF, 0x5A01, 0x5A0D, 0x5A11, 0x5A13, 0x5A17,
+ 0x5A1F, 0x5A29, 0x5A2F, 0x5A3B, 0x5A4D, 0x5A5B, 0x5A67, 0x5A77,
+ 0x5A7F, 0x5A85, 0x5A95, 0x5A9D, 0x5AA1, 0x5AA3, 0x5AA9, 0x5ABB,
+ 0x5AD3, 0x5AE5, 0x5AEF, 0x5AFB, 0x5AFD, 0x5B01, 0x5B0F, 0x5B19,
+ 0x5B1F, 0x5B25, 0x5B2B, 0x5B3D, 0x5B49, 0x5B4B, 0x5B67, 0x5B79,
+ 0x5B87, 0x5B97, 0x5BA3, 0x5BB1, 0x5BC9, 0x5BD5, 0x5BEB, 0x5BF1,
+ 0x5BF3, 0x5BFD, 0x5C05, 0x5C09, 0x5C0B, 0x5C0F, 0x5C1D, 0x5C29,
+ 0x5C2F, 0x5C33, 0x5C39, 0x5C47, 0x5C4B, 0x5C4D, 0x5C51, 0x5C6F,
+ 0x5C75, 0x5C77, 0x5C7D, 0x5C87, 0x5C89, 0x5CA7, 0x5CBD, 0x5CBF,
+ 0x5CC3, 0x5CC9, 0x5CD1, 0x5CD7, 0x5CDD, 0x5CED, 0x5CF9, 0x5D05,
+ 0x5D0B, 0x5D13, 0x5D17, 0x5D19, 0x5D31, 0x5D3D, 0x5D41, 0x5D47,
+ 0x5D4F, 0x5D55, 0x5D5B, 0x5D65, 0x5D67, 0x5D6D, 0x5D79, 0x5D95,
+ 0x5DA3, 0x5DA9, 0x5DAD, 0x5DB9, 0x5DC1, 0x5DC7, 0x5DD3, 0x5DD7,
+ 0x5DDD, 0x5DEB, 0x5DF1, 0x5DFD, 0x5E07, 0x5E0D, 0x5E13, 0x5E1B,
+ 0x5E21, 0x5E27, 0x5E2B, 0x5E2D, 0x5E31, 0x5E39, 0x5E45, 0x5E49,
+ 0x5E57, 0x5E69, 0x5E73, 0x5E75, 0x5E85, 0x5E8B, 0x5E9F, 0x5EA5,
+ 0x5EAF, 0x5EB7, 0x5EBB, 0x5ED9, 0x5EFD, 0x5F09, 0x5F11, 0x5F27,
+ 0x5F33, 0x5F35, 0x5F3B, 0x5F47, 0x5F57, 0x5F5D, 0x5F63, 0x5F65,
+ 0x5F77, 0x5F7B, 0x5F95, 0x5F99, 0x5FA1, 0x5FB3, 0x5FBD, 0x5FC5,
+ 0x5FCF, 0x5FD5, 0x5FE3, 0x5FE7, 0x5FFB, 0x6011, 0x6023, 0x602F,
+ 0x6037, 0x6053, 0x605F, 0x6065, 0x606B, 0x6073, 0x6079, 0x6085,
+ 0x609D, 0x60AD, 0x60BB, 0x60BF, 0x60CD, 0x60D9, 0x60DF, 0x60E9,
+ 0x60F5, 0x6109, 0x610F, 0x6113, 0x611B, 0x612D, 0x6139, 0x614B,
+ 0x6155, 0x6157, 0x615B, 0x616F, 0x6179, 0x6187, 0x618B, 0x6191,
+ 0x6193, 0x619D, 0x61B5, 0x61C7, 0x61C9, 0x61CD, 0x61E1, 0x61F1,
+ 0x61FF, 0x6209, 0x6217, 0x621D, 0x6221, 0x6227, 0x623B, 0x6241,
+ 0x624B, 0x6251, 0x6253, 0x625F, 0x6265, 0x6283, 0x628D, 0x6295,
+ 0x629B, 0x629F, 0x62A5, 0x62AD, 0x62D5, 0x62D7, 0x62DB, 0x62DD,
+ 0x62E9, 0x62FB, 0x62FF, 0x6305, 0x630D, 0x6317, 0x631D, 0x632F,
+ 0x6341, 0x6343, 0x634F, 0x635F, 0x6367, 0x636D, 0x6371, 0x6377,
+ 0x637D, 0x637F, 0x63B3, 0x63C1, 0x63C5, 0x63D9, 0x63E9, 0x63EB,
+ 0x63EF, 0x63F5, 0x6401, 0x6403, 0x6409, 0x6415, 0x6421, 0x6427,
+ 0x642B, 0x6439, 0x6443, 0x6449, 0x644F, 0x645D, 0x6467, 0x6475,
+ 0x6485, 0x648D, 0x6493, 0x649F, 0x64A3, 0x64AB, 0x64C1, 0x64C7,
+ 0x64C9, 0x64DB, 0x64F1, 0x64F7, 0x64F9, 0x650B, 0x6511, 0x6521,
+ 0x652F, 0x6539, 0x653F, 0x654B, 0x654D, 0x6553, 0x6557, 0x655F,
+ 0x6571, 0x657D, 0x658D, 0x658F, 0x6593, 0x65A1, 0x65A5, 0x65AD,
+ 0x65B9, 0x65C5, 0x65E3, 0x65F3, 0x65FB, 0x65FF, 0x6601, 0x6607,
+ 0x661D, 0x6629, 0x6631, 0x663B, 0x6641, 0x6647, 0x664D, 0x665B,
+ 0x6661, 0x6673, 0x667D, 0x6689, 0x668B, 0x6695, 0x6697, 0x669B,
+ 0x66B5, 0x66B9, 0x66C5, 0x66CD, 0x66D1, 0x66E3, 0x66EB, 0x66F5,
+ 0x6703, 0x6713, 0x6719, 0x671F, 0x6727, 0x6731, 0x6737, 0x673F,
+ 0x6745, 0x6751, 0x675B, 0x676F, 0x6779, 0x6781, 0x6785, 0x6791,
+ 0x67AB, 0x67BD, 0x67C1, 0x67CD, 0x67DF, 0x67E5, 0x6803, 0x6809,
+ 0x6811, 0x6817, 0x682D, 0x6839, 0x683B, 0x683F, 0x6845, 0x684B,
+ 0x684D, 0x6857, 0x6859, 0x685D, 0x6863, 0x6869, 0x686B, 0x6871,
+ 0x6887, 0x6899, 0x689F, 0x68B1, 0x68BD, 0x68C5, 0x68D1, 0x68D7,
+ 0x68E1, 0x68ED, 0x68EF, 0x68FF, 0x6901, 0x690B, 0x690D, 0x6917,
+ 0x6929, 0x692F, 0x6943, 0x6947, 0x6949, 0x694F, 0x6965, 0x696B,
+ 0x6971, 0x6983, 0x6989, 0x6997, 0x69A3, 0x69B3, 0x69B5, 0x69BB,
+ 0x69C1, 0x69C5, 0x69D3, 0x69DF, 0x69E3, 0x69E5, 0x69F7, 0x6A07,
+ 0x6A2B, 0x6A37, 0x6A3D, 0x6A4B, 0x6A67, 0x6A69, 0x6A75, 0x6A7B,
+ 0x6A87, 0x6A8D, 0x6A91, 0x6A93, 0x6AA3, 0x6AC1, 0x6AC9, 0x6AE1,
+ 0x6AE7, 0x6B05, 0x6B0F, 0x6B11, 0x6B23, 0x6B27, 0x6B2D, 0x6B39,
+ 0x6B41, 0x6B57, 0x6B59, 0x6B5F, 0x6B75, 0x6B87, 0x6B89, 0x6B93,
+ 0x6B95, 0x6B9F, 0x6BBD, 0x6BBF, 0x6BDB, 0x6BE1, 0x6BEF, 0x6BFF,
+ 0x6C05, 0x6C19, 0x6C29, 0x6C2B, 0x6C31, 0x6C35, 0x6C55, 0x6C59,
+ 0x6C5B, 0x6C5F, 0x6C65, 0x6C67, 0x6C73, 0x6C77, 0x6C7D, 0x6C83,
+ 0x6C8F, 0x6C91, 0x6C97, 0x6C9B, 0x6CA1, 0x6CA9, 0x6CAF, 0x6CB3,
+ 0x6CC7, 0x6CCB, 0x6CEB, 0x6CF5, 0x6CFD, 0x6D0D, 0x6D0F, 0x6D25,
+ 0x6D27, 0x6D2B, 0x6D31, 0x6D39, 0x6D3F, 0x6D4F, 0x6D5D, 0x6D61,
+ 0x6D73, 0x6D7B, 0x6D7F, 0x6D93, 0x6D99, 0x6DA5, 0x6DB1, 0x6DB7,
+ 0x6DC1, 0x6DC3, 0x6DCD, 0x6DCF, 0x6DDB, 0x6DF7, 0x6E03, 0x6E15,
+ 0x6E17, 0x6E29, 0x6E33, 0x6E3B, 0x6E45, 0x6E75, 0x6E77, 0x6E7B,
+ 0x6E81, 0x6E89, 0x6E93, 0x6E95, 0x6E9F, 0x6EBD, 0x6EBF, 0x6EE3,
+ 0x6EE9, 0x6EF3, 0x6EF9, 0x6EFB, 0x6F0D, 0x6F11, 0x6F17, 0x6F1F,
+ 0x6F2F, 0x6F3D, 0x6F4D, 0x6F53, 0x6F61, 0x6F65, 0x6F79, 0x6F7D,
+ 0x6F83, 0x6F85, 0x6F8F, 0x6F9B, 0x6F9D, 0x6FA3, 0x6FAF, 0x6FB5,
+ 0x6FBB, 0x6FBF, 0x6FCB, 0x6FCD, 0x6FD3, 0x6FD7, 0x6FE3, 0x6FE9,
+ 0x6FF1, 0x6FF5, 0x6FF7, 0x6FFD, 0x700F, 0x7019, 0x701F, 0x7027,
+ 0x7033, 0x7039, 0x704F, 0x7051, 0x7057, 0x7063, 0x7075, 0x7079,
+ 0x7087, 0x708D, 0x7091, 0x70A5, 0x70AB, 0x70BB, 0x70C3, 0x70C7,
+ 0x70CF, 0x70E5, 0x70ED, 0x70F9, 0x70FF, 0x7105, 0x7115, 0x7121,
+ 0x7133, 0x7151, 0x7159, 0x715D, 0x715F, 0x7163, 0x7169, 0x7183,
+ 0x7187, 0x7195, 0x71AD, 0x71C3, 0x71C9, 0x71CB, 0x71D1, 0x71DB,
+ 0x71E1, 0x71EF, 0x71F5, 0x71FB, 0x7207, 0x7211, 0x7217, 0x7219,
+ 0x7225, 0x722F, 0x723B, 0x7243, 0x7255, 0x7267, 0x7271, 0x7277,
+ 0x727F, 0x728F, 0x7295, 0x729B, 0x72A3, 0x72B3, 0x72C7, 0x72CB,
+ 0x72CD, 0x72D7, 0x72D9, 0x72E3, 0x72EF, 0x72F5, 0x72FD, 0x7303,
+ 0x730D, 0x7321, 0x732B, 0x733D, 0x7357, 0x735B, 0x7361, 0x737F,
+ 0x7381, 0x7385, 0x738D, 0x7393, 0x739F, 0x73AB, 0x73BD, 0x73C1,
+ 0x73C9, 0x73DF, 0x73E5, 0x73E7, 0x73F3, 0x7415, 0x741B, 0x742D,
+ 0x7439, 0x743F, 0x7441, 0x745D, 0x746B, 0x747B, 0x7489, 0x748D,
+ 0x749B, 0x74A7, 0x74AB, 0x74B1, 0x74B7, 0x74B9, 0x74DD, 0x74E1,
+ 0x74E7, 0x74FB, 0x7507, 0x751F, 0x7525, 0x753B, 0x753D, 0x754D,
+ 0x755F, 0x756B, 0x7577, 0x7589, 0x758B, 0x7591, 0x7597, 0x759D,
+ 0x75A1, 0x75A7, 0x75B5, 0x75B9, 0x75BB, 0x75D1, 0x75D9, 0x75E5,
+ 0x75EB, 0x75F5, 0x75FB, 0x7603, 0x760F, 0x7621, 0x762D, 0x7633,
+ 0x763D, 0x763F, 0x7655, 0x7663, 0x7669, 0x766F, 0x7673, 0x7685,
+ 0x768B, 0x769F, 0x76B5, 0x76B7, 0x76C3, 0x76DB, 0x76DF, 0x76F1,
+ 0x7703, 0x7705, 0x771B, 0x771D, 0x7721, 0x772D, 0x7735, 0x7741,
+ 0x774B, 0x7759, 0x775D, 0x775F, 0x7771, 0x7781, 0x77A7, 0x77AD,
+ 0x77B3, 0x77B9, 0x77C5, 0x77CF, 0x77D5, 0x77E1, 0x77E9, 0x77EF,
+ 0x77F3, 0x77F9, 0x7807, 0x7825, 0x782B, 0x7835, 0x783D, 0x7853,
+ 0x7859, 0x7861, 0x786D, 0x7877, 0x7879, 0x7883, 0x7885, 0x788B,
+ 0x7895, 0x7897, 0x78A1, 0x78AD, 0x78BF, 0x78D3, 0x78D9, 0x78DD,
+ 0x78E5, 0x78FB, 0x7901, 0x7907, 0x7925, 0x792B, 0x7939, 0x793F,
+ 0x794B, 0x7957, 0x795D, 0x7967, 0x7969, 0x7973, 0x7991, 0x7993,
+ 0x79A3, 0x79AB, 0x79AF, 0x79B1, 0x79B7, 0x79C9, 0x79CD, 0x79CF,
+ 0x79D5, 0x79D9, 0x79F3, 0x79F7, 0x79FF, 0x7A05, 0x7A0F, 0x7A11,
+ 0x7A15, 0x7A1B, 0x7A23, 0x7A27, 0x7A2D, 0x7A4B, 0x7A57, 0x7A59,
+ 0x7A5F, 0x7A65, 0x7A69, 0x7A7D, 0x7A93, 0x7A9B, 0x7A9F, 0x7AA1,
+ 0x7AA5, 0x7AED, 0x7AF5, 0x7AF9, 0x7B01, 0x7B17, 0x7B19, 0x7B1D,
+ 0x7B2B, 0x7B35, 0x7B37, 0x7B3B, 0x7B4F, 0x7B55, 0x7B5F, 0x7B71,
+ 0x7B77, 0x7B8B, 0x7B9B, 0x7BA1, 0x7BA9, 0x7BAF, 0x7BB3, 0x7BC7,
+ 0x7BD3, 0x7BE9, 0x7BEB, 0x7BEF, 0x7BF1, 0x7BFD, 0x7C07, 0x7C19,
+ 0x7C1B, 0x7C31, 0x7C37, 0x7C49, 0x7C67, 0x7C69, 0x7C73, 0x7C81,
+ 0x7C8B, 0x7C93, 0x7CA3, 0x7CD5, 0x7CDB, 0x7CE5, 0x7CED, 0x7CF7,
+ 0x7D03, 0x7D09, 0x7D1B, 0x7D1D, 0x7D33, 0x7D39, 0x7D3B, 0x7D3F,
+ 0x7D45, 0x7D4D, 0x7D53, 0x7D59, 0x7D63, 0x7D75, 0x7D77, 0x7D8D,
+ 0x7D8F, 0x7D9F, 0x7DAD, 0x7DB7, 0x7DBD, 0x7DBF, 0x7DCB, 0x7DD5,
+ 0x7DE9, 0x7DED, 0x7DFB, 0x7E01, 0x7E05, 0x7E29, 0x7E2B, 0x7E2F,
+ 0x7E35, 0x7E41, 0x7E43, 0x7E47, 0x7E55, 0x7E61, 0x7E67, 0x7E6B,
+ 0x7E71, 0x7E73, 0x7E79, 0x7E7D, 0x7E91, 0x7E9B, 0x7E9D, 0x7EA7,
+ 0x7EAD, 0x7EB9, 0x7EBB, 0x7ED3, 0x7EDF, 0x7EEB, 0x7EF1, 0x7EF7,
+ 0x7EFB, 0x7F13, 0x7F15, 0x7F19, 0x7F31, 0x7F33, 0x7F39, 0x7F3D,
+ 0x7F43, 0x7F4B, 0x7F5B, 0x7F61, 0x7F63, 0x7F6D, 0x7F79, 0x7F87,
+ 0x7F8D, 0x7FAF, 0x7FB5, 0x7FC3, 0x7FC9, 0x7FCD, 0x7FCF, 0x7FED,
+ 0x8003, 0x800B, 0x800F, 0x8015, 0x801D, 0x8021, 0x8023, 0x803F,
+ 0x8041, 0x8047, 0x804B, 0x8065, 0x8077, 0x808D, 0x808F, 0x8095,
+ 0x80A5, 0x80AB, 0x80AD, 0x80BD, 0x80C9, 0x80CB, 0x80D7, 0x80DB,
+ 0x80E1, 0x80E7, 0x80F5, 0x80FF, 0x8105, 0x810D, 0x8119, 0x811D,
+ 0x812F, 0x8131, 0x813B, 0x8143, 0x8153, 0x8159, 0x815F, 0x817D,
+ 0x817F, 0x8189, 0x819B, 0x819D, 0x81A7, 0x81AF, 0x81B3, 0x81BB,
+ 0x81C7, 0x81DF, 0x8207, 0x8209, 0x8215, 0x821F, 0x8225, 0x8231,
+ 0x8233, 0x823F, 0x8243, 0x8245, 0x8249, 0x824F, 0x8261, 0x826F,
+ 0x827B, 0x8281, 0x8285, 0x8293, 0x82B1, 0x82B5, 0x82BD, 0x82C7,
+ 0x82CF, 0x82D5, 0x82DF, 0x82F1, 0x82F9, 0x82FD, 0x830B, 0x831B,
+ 0x8321, 0x8329, 0x832D, 0x8333, 0x8335, 0x833F, 0x8341, 0x834D,
+ 0x8351, 0x8353, 0x8357, 0x835D, 0x8365, 0x8369, 0x836F, 0x838F,
+ 0x83A7, 0x83B1, 0x83B9, 0x83CB, 0x83D5, 0x83D7, 0x83DD, 0x83E7,
+ 0x83E9, 0x83ED, 0x83FF, 0x8405, 0x8411, 0x8413, 0x8423, 0x8425,
+ 0x843B, 0x8441, 0x8447, 0x844F, 0x8461, 0x8465, 0x8477, 0x8483,
+ 0x848B, 0x8491, 0x8495, 0x84A9, 0x84AF, 0x84CD, 0x84E3, 0x84EF,
+ 0x84F1, 0x84F7, 0x8509, 0x850D, 0x854B, 0x854F, 0x8551, 0x855D,
+ 0x8563, 0x856D, 0x856F, 0x857B, 0x8587, 0x85A3, 0x85A5, 0x85A9,
+ 0x85B7, 0x85CD, 0x85D3, 0x85D5, 0x85DB, 0x85E1, 0x85EB, 0x85F9,
+ 0x85FD, 0x85FF, 0x8609, 0x860F, 0x8617, 0x8621, 0x862F, 0x8639,
+ 0x863F, 0x8641, 0x864D, 0x8663, 0x8675, 0x867D, 0x8687, 0x8699,
+ 0x86A5, 0x86A7, 0x86B3, 0x86B7, 0x86C3, 0x86C5, 0x86CF, 0x86D1,
+ 0x86D7, 0x86E9, 0x86EF, 0x86F5, 0x8717, 0x871D, 0x871F, 0x872B,
+ 0x872F, 0x8735, 0x8747, 0x8759, 0x875B, 0x876B, 0x8771, 0x8777,
+ 0x877F, 0x8785, 0x878F, 0x87A1, 0x87A9, 0x87B3, 0x87BB, 0x87C5,
+ 0x87C7, 0x87CB, 0x87DD, 0x87F7, 0x8803, 0x8819, 0x881B, 0x881F,
+ 0x8821, 0x8837, 0x883D, 0x8843, 0x8851, 0x8861, 0x8867, 0x887B,
+ 0x8885, 0x8891, 0x8893, 0x88A5, 0x88CF, 0x88D3, 0x88EB, 0x88ED,
+ 0x88F3, 0x88FD, 0x8909, 0x890B, 0x8911, 0x891B, 0x8923, 0x8927,
+ 0x892D, 0x8939, 0x8945, 0x894D, 0x8951, 0x8957, 0x8963, 0x8981,
+ 0x8995, 0x899B, 0x89B3, 0x89B9, 0x89C3, 0x89CF, 0x89D1, 0x89DB,
+ 0x89EF, 0x89F5, 0x89FB, 0x89FF, 0x8A0B, 0x8A19, 0x8A23, 0x8A35,
+ 0x8A41, 0x8A49, 0x8A4F, 0x8A5B, 0x8A5F, 0x8A6D, 0x8A77, 0x8A79,
+ 0x8A85, 0x8AA3, 0x8AB3, 0x8AB5, 0x8AC1, 0x8AC7, 0x8ACB, 0x8ACD,
+ 0x8AD1, 0x8AD7, 0x8AF1, 0x8AF5, 0x8B07, 0x8B09, 0x8B0D, 0x8B13,
+ 0x8B21, 0x8B57, 0x8B5D, 0x8B91, 0x8B93, 0x8BA3, 0x8BA9, 0x8BAF,
+ 0x8BBB, 0x8BD5, 0x8BD9, 0x8BDB, 0x8BE1, 0x8BF7, 0x8BFD, 0x8BFF,
+ 0x8C0B, 0x8C17, 0x8C1D, 0x8C27, 0x8C39, 0x8C3B, 0x8C47, 0x8C53,
+ 0x8C5D, 0x8C6F, 0x8C7B, 0x8C81, 0x8C89, 0x8C8F, 0x8C99, 0x8C9F,
+ 0x8CA7, 0x8CAB, 0x8CAD, 0x8CB1, 0x8CC5, 0x8CDD, 0x8CE3, 0x8CE9,
+ 0x8CF3, 0x8D01, 0x8D0B, 0x8D0D, 0x8D23, 0x8D29, 0x8D37, 0x8D41,
+ 0x8D5B, 0x8D5F, 0x8D71, 0x8D79, 0x8D85, 0x8D91, 0x8D9B, 0x8DA7,
+ 0x8DAD, 0x8DB5, 0x8DC5, 0x8DCB, 0x8DD3, 0x8DD9, 0x8DDF, 0x8DF5,
+ 0x8DF7, 0x8E01, 0x8E15, 0x8E1F, 0x8E25, 0x8E51, 0x8E63, 0x8E69,
+ 0x8E73, 0x8E75, 0x8E79, 0x8E7F, 0x8E8D, 0x8E91, 0x8EAB, 0x8EAF,
+ 0x8EB1, 0x8EBD, 0x8EC7, 0x8ECF, 0x8ED3, 0x8EDB, 0x8EE7, 0x8EEB,
+ 0x8EF7, 0x8EFF, 0x8F15, 0x8F1D, 0x8F23, 0x8F2D, 0x8F3F, 0x8F45,
+ 0x8F4B, 0x8F53, 0x8F59, 0x8F65, 0x8F69, 0x8F71, 0x8F83, 0x8F8D,
+ 0x8F99, 0x8F9F, 0x8FAB, 0x8FAD, 0x8FB3, 0x8FB7, 0x8FB9, 0x8FC9,
+ 0x8FD5, 0x8FE1, 0x8FEF, 0x8FF9, 0x9007, 0x900D, 0x9017, 0x9023,
+ 0x9025, 0x9031, 0x9037, 0x903B, 0x9041, 0x9043, 0x904F, 0x9053,
+ 0x906D, 0x9073, 0x9085, 0x908B, 0x9095, 0x909B, 0x909D, 0x90AF,
+ 0x90B9, 0x90C1, 0x90C5, 0x90DF, 0x90E9, 0x90FD, 0x9103, 0x9113,
+ 0x9127, 0x9133, 0x913D, 0x9145, 0x914F, 0x9151, 0x9161, 0x9167,
+ 0x917B, 0x9185, 0x9199, 0x919D, 0x91BB, 0x91BD, 0x91C1, 0x91C9,
+ 0x91D9, 0x91DB, 0x91ED, 0x91F1, 0x91F3, 0x91F9, 0x9203, 0x9215,
+ 0x9221, 0x922F, 0x9241, 0x9247, 0x9257, 0x926B, 0x9271, 0x9275,
+ 0x927D, 0x9283, 0x9287, 0x928D, 0x9299, 0x92A1, 0x92AB, 0x92AD,
+ 0x92B9, 0x92BF, 0x92C3, 0x92C5, 0x92CB, 0x92D5, 0x92D7, 0x92E7,
+ 0x92F3, 0x9301, 0x930B, 0x9311, 0x9319, 0x931F, 0x933B, 0x933D,
+ 0x9343, 0x9355, 0x9373, 0x9395, 0x9397, 0x93A7, 0x93B3, 0x93B5,
+ 0x93C7, 0x93D7, 0x93DD, 0x93E5, 0x93EF, 0x93F7, 0x9401, 0x9409,
+ 0x9413, 0x943F, 0x9445, 0x944B, 0x944F, 0x9463, 0x9467, 0x9469,
+ 0x946D, 0x947B, 0x9497, 0x949F, 0x94A5, 0x94B5, 0x94C3, 0x94E1,
+ 0x94E7, 0x9505, 0x9509, 0x9517, 0x9521, 0x9527, 0x952D, 0x9535,
+ 0x9539, 0x954B, 0x9557, 0x955D, 0x955F, 0x9575, 0x9581, 0x9589,
+ 0x958F, 0x959B, 0x959F, 0x95AD, 0x95B1, 0x95B7, 0x95B9, 0x95BD,
+ 0x95CF, 0x95E3, 0x95E9, 0x95F9, 0x961F, 0x962F, 0x9631, 0x9635,
+ 0x963B, 0x963D, 0x9665, 0x968F, 0x969D, 0x96A1, 0x96A7, 0x96A9,
+ 0x96C1, 0x96CB, 0x96D1, 0x96D3, 0x96E5, 0x96EF, 0x96FB, 0x96FD,
+ 0x970D, 0x970F, 0x9715, 0x9725, 0x972B, 0x9733, 0x9737, 0x9739,
+ 0x9743, 0x9749, 0x9751, 0x975B, 0x975D, 0x976F, 0x977F, 0x9787,
+ 0x9793, 0x97A5, 0x97B1, 0x97B7, 0x97C3, 0x97CD, 0x97D3, 0x97D9,
+ 0x97EB, 0x97F7, 0x9805, 0x9809, 0x980B, 0x9815, 0x9829, 0x982F,
+ 0x983B, 0x9841, 0x9851, 0x986B, 0x986F, 0x9881, 0x9883, 0x9887,
+ 0x98A7, 0x98B1, 0x98B9, 0x98BF, 0x98C3, 0x98C9, 0x98CF, 0x98DD,
+ 0x98E3, 0x98F5, 0x98F9, 0x98FB, 0x990D, 0x9917, 0x991F, 0x9929,
+ 0x9931, 0x993B, 0x993D, 0x9941, 0x9947, 0x9949, 0x9953, 0x997D,
+ 0x9985, 0x9991, 0x9995, 0x999B, 0x99AD, 0x99AF, 0x99BF, 0x99C7,
+ 0x99CB, 0x99CD, 0x99D7, 0x99E5, 0x99F1, 0x99FB, 0x9A0F, 0x9A13,
+ 0x9A1B, 0x9A25, 0x9A4B, 0x9A4F, 0x9A55, 0x9A57, 0x9A61, 0x9A75,
+ 0x9A7F, 0x9A8B, 0x9A91, 0x9A9D, 0x9AB7, 0x9AC3, 0x9AC7, 0x9ACF,
+ 0x9AEB, 0x9AF3, 0x9AF7, 0x9AFF, 0x9B17, 0x9B1D, 0x9B27, 0x9B2F,
+ 0x9B35, 0x9B45, 0x9B51, 0x9B59, 0x9B63, 0x9B6F, 0x9B77, 0x9B8D,
+ 0x9B93, 0x9B95, 0x9B9F, 0x9BA1, 0x9BA7, 0x9BB1, 0x9BB7, 0x9BBD,
+ 0x9BC5, 0x9BCB, 0x9BCF, 0x9BDD, 0x9BF9, 0x9C01, 0x9C11, 0x9C23,
+ 0x9C2B, 0x9C2F, 0x9C35, 0x9C49, 0x9C4D, 0x9C5F, 0x9C65, 0x9C67,
+ 0x9C7F, 0x9C97, 0x9C9D, 0x9CA3, 0x9CAF, 0x9CBB, 0x9CBF, 0x9CC1,
+ 0x9CD7, 0x9CD9, 0x9CE3, 0x9CE9, 0x9CF1, 0x9CFD, 0x9D01, 0x9D15,
+ 0x9D27, 0x9D2D, 0x9D31, 0x9D3D, 0x9D55, 0x9D5B, 0x9D61, 0x9D97,
+ 0x9D9F, 0x9DA5, 0x9DA9, 0x9DC3, 0x9DE7, 0x9DEB, 0x9DED, 0x9DF1,
+ 0x9E0B, 0x9E17, 0x9E23, 0x9E27, 0x9E2D, 0x9E33, 0x9E3B, 0x9E47,
+ 0x9E51, 0x9E53, 0x9E5F, 0x9E6F, 0x9E81, 0x9E87, 0x9E8F, 0x9E95,
+ 0x9EA1, 0x9EB3, 0x9EBD, 0x9EBF, 0x9EF5, 0x9EF9, 0x9EFB, 0x9F05,
+ 0x9F23, 0x9F2F, 0x9F37, 0x9F3B, 0x9F43, 0x9F53, 0x9F61, 0x9F6D,
+ 0x9F73, 0x9F77, 0x9F7D, 0x9F89, 0x9F8F, 0x9F91, 0x9F95, 0x9FA3,
+ 0x9FAF, 0x9FB3, 0x9FC1, 0x9FC7, 0x9FDF, 0x9FE5, 0x9FEB, 0x9FF5,
+ 0xA001, 0xA00D, 0xA021, 0xA033, 0xA039, 0xA03F, 0xA04F, 0xA057,
+ 0xA05B, 0xA061, 0xA075, 0xA079, 0xA099, 0xA09D, 0xA0AB, 0xA0B5,
+ 0xA0B7, 0xA0BD, 0xA0C9, 0xA0D9, 0xA0DB, 0xA0DF, 0xA0E5, 0xA0F1,
+ 0xA0F3, 0xA0FD, 0xA105, 0xA10B, 0xA10F, 0xA111, 0xA11B, 0xA129,
+ 0xA12F, 0xA135, 0xA141, 0xA153, 0xA175, 0xA17D, 0xA187, 0xA18D,
+ 0xA1A5, 0xA1AB, 0xA1AD, 0xA1B7, 0xA1C3, 0xA1C5, 0xA1E3, 0xA1ED,
+ 0xA1FB, 0xA207, 0xA213, 0xA223, 0xA229, 0xA22F, 0xA231, 0xA243,
+ 0xA247, 0xA24D, 0xA26B, 0xA279, 0xA27D, 0xA283, 0xA289, 0xA28B,
+ 0xA291, 0xA295, 0xA29B, 0xA2A9, 0xA2AF, 0xA2B3, 0xA2BB, 0xA2C5,
+ 0xA2D1, 0xA2D7, 0xA2F7, 0xA301, 0xA309, 0xA31F, 0xA321, 0xA32B,
+ 0xA331, 0xA349, 0xA351, 0xA355, 0xA373, 0xA379, 0xA37B, 0xA387,
+ 0xA397, 0xA39F, 0xA3A5, 0xA3A9, 0xA3AF, 0xA3B7, 0xA3C7, 0xA3D5,
+ 0xA3DB, 0xA3E1, 0xA3E5, 0xA3E7, 0xA3F1, 0xA3FD, 0xA3FF, 0xA40F,
+ 0xA41D, 0xA421, 0xA423, 0xA427, 0xA43B, 0xA44D, 0xA457, 0xA459,
+ 0xA463, 0xA469, 0xA475, 0xA493, 0xA49B, 0xA4AD, 0xA4B9, 0xA4C3,
+ 0xA4C5, 0xA4CB, 0xA4D1, 0xA4D5, 0xA4E1, 0xA4ED, 0xA4EF, 0xA4F3,
+ 0xA4FF, 0xA511, 0xA529, 0xA52B, 0xA535, 0xA53B, 0xA543, 0xA553,
+ 0xA55B, 0xA561, 0xA56D, 0xA577, 0xA585, 0xA58B, 0xA597, 0xA59D,
+ 0xA5A3, 0xA5A7, 0xA5A9, 0xA5C1, 0xA5C5, 0xA5CB, 0xA5D3, 0xA5D9,
+ 0xA5DD, 0xA5DF, 0xA5E3, 0xA5E9, 0xA5F7, 0xA5FB, 0xA603, 0xA60D,
+ 0xA625, 0xA63D, 0xA649, 0xA64B, 0xA651, 0xA65D, 0xA673, 0xA691,
+ 0xA693, 0xA699, 0xA6AB, 0xA6B5, 0xA6BB, 0xA6C1, 0xA6C9, 0xA6CD,
+ 0xA6CF, 0xA6D5, 0xA6DF, 0xA6E7, 0xA6F1, 0xA6F7, 0xA6FF, 0xA70F,
+ 0xA715, 0xA723, 0xA729, 0xA72D, 0xA745, 0xA74D, 0xA757, 0xA759,
+ 0xA765, 0xA76B, 0xA76F, 0xA793, 0xA795, 0xA7AB, 0xA7B1, 0xA7B9,
+ 0xA7BF, 0xA7C9, 0xA7D1, 0xA7D7, 0xA7E3, 0xA7ED, 0xA7FB, 0xA805,
+ 0xA80B, 0xA81D, 0xA829, 0xA82B, 0xA837, 0xA83B, 0xA855, 0xA85F,
+ 0xA86D, 0xA87D, 0xA88F, 0xA897, 0xA8A9, 0xA8B5, 0xA8C1, 0xA8C7,
+ 0xA8D7, 0xA8E5, 0xA8FD, 0xA907, 0xA913, 0xA91B, 0xA931, 0xA937,
+ 0xA939, 0xA943, 0xA97F, 0xA985, 0xA987, 0xA98B, 0xA993, 0xA9A3,
+ 0xA9B1, 0xA9BB, 0xA9C1, 0xA9D9, 0xA9DF, 0xA9EB, 0xA9FD, 0xAA15,
+ 0xAA17, 0xAA35, 0xAA39, 0xAA3B, 0xAA47, 0xAA4D, 0xAA57, 0xAA59,
+ 0xAA5D, 0xAA6B, 0xAA71, 0xAA81, 0xAA83, 0xAA8D, 0xAA95, 0xAAAB,
+ 0xAABF, 0xAAC5, 0xAAC9, 0xAAE9, 0xAAEF, 0xAB01, 0xAB05, 0xAB07,
+ 0xAB0B, 0xAB0D, 0xAB11, 0xAB19, 0xAB4D, 0xAB5B, 0xAB71, 0xAB73,
+ 0xAB89, 0xAB9D, 0xABA7, 0xABAF, 0xABB9, 0xABBB, 0xABC1, 0xABC5,
+ 0xABD3, 0xABD7, 0xABDD, 0xABF1, 0xABF5, 0xABFB, 0xABFD, 0xAC09,
+ 0xAC15, 0xAC1B, 0xAC27, 0xAC37, 0xAC39, 0xAC45, 0xAC4F, 0xAC57,
+ 0xAC5B, 0xAC61, 0xAC63, 0xAC7F, 0xAC8B, 0xAC93, 0xAC9D, 0xACA9,
+ 0xACAB, 0xACAF, 0xACBD, 0xACD9, 0xACE1, 0xACE7, 0xACEB, 0xACED,
+ 0xACF1, 0xACF7, 0xACF9, 0xAD05, 0xAD3F, 0xAD45, 0xAD53, 0xAD5D,
+ 0xAD5F, 0xAD65, 0xAD81, 0xADA1, 0xADA5, 0xADC3, 0xADCB, 0xADD1,
+ 0xADD5, 0xADDB, 0xADE7, 0xADF3, 0xADF5, 0xADF9, 0xADFF, 0xAE05,
+ 0xAE13, 0xAE23, 0xAE2B, 0xAE49, 0xAE4D, 0xAE4F, 0xAE59, 0xAE61,
+ 0xAE67, 0xAE6B, 0xAE71, 0xAE8B, 0xAE8F, 0xAE9B, 0xAE9D, 0xAEA7,
+ 0xAEB9, 0xAEC5, 0xAED1, 0xAEE3, 0xAEE5, 0xAEE9, 0xAEF5, 0xAEFD,
+ 0xAF09, 0xAF13, 0xAF27, 0xAF2B, 0xAF33, 0xAF43, 0xAF4F, 0xAF57,
+ 0xAF5D, 0xAF6D, 0xAF75, 0xAF7F, 0xAF8B, 0xAF99, 0xAF9F, 0xAFA3,
+ 0xAFAB, 0xAFB7, 0xAFBB, 0xAFCF, 0xAFD5, 0xAFFD, 0xB005, 0xB015,
+ 0xB01B, 0xB03F, 0xB041, 0xB047, 0xB04B, 0xB051, 0xB053, 0xB069,
+ 0xB07B, 0xB07D, 0xB087, 0xB08D, 0xB0B1, 0xB0BF, 0xB0CB, 0xB0CF,
+ 0xB0E1, 0xB0E9, 0xB0ED, 0xB0FB, 0xB105, 0xB107, 0xB111, 0xB119,
+ 0xB11D, 0xB11F, 0xB131, 0xB141, 0xB14D, 0xB15B, 0xB165, 0xB173,
+ 0xB179, 0xB17F, 0xB1A9, 0xB1B3, 0xB1B9, 0xB1BF, 0xB1D3, 0xB1DD,
+ 0xB1E5, 0xB1F1, 0xB1F5, 0xB201, 0xB213, 0xB215, 0xB21F, 0xB22D,
+ 0xB23F, 0xB249, 0xB25B, 0xB263, 0xB269, 0xB26D, 0xB27B, 0xB281,
+ 0xB28B, 0xB2A9, 0xB2B7, 0xB2BD, 0xB2C3, 0xB2C7, 0xB2D3, 0xB2F9,
+ 0xB2FD, 0xB2FF, 0xB303, 0xB309, 0xB311, 0xB31D, 0xB327, 0xB32D,
+ 0xB33F, 0xB345, 0xB377, 0xB37D, 0xB381, 0xB387, 0xB393, 0xB39B,
+ 0xB3A5, 0xB3C5, 0xB3CB, 0xB3E1, 0xB3E3, 0xB3ED, 0xB3F9, 0xB40B,
+ 0xB40D, 0xB413, 0xB417, 0xB435, 0xB43D, 0xB443, 0xB449, 0xB45B,
+ 0xB465, 0xB467, 0xB46B, 0xB477, 0xB48B, 0xB495, 0xB49D, 0xB4B5,
+ 0xB4BF, 0xB4C1, 0xB4C7, 0xB4DD, 0xB4E3, 0xB4E5, 0xB4F7, 0xB501,
+ 0xB50D, 0xB50F, 0xB52D, 0xB53F, 0xB54B, 0xB567, 0xB569, 0xB56F,
+ 0xB573, 0xB579, 0xB587, 0xB58D, 0xB599, 0xB5A3, 0xB5AB, 0xB5AF,
+ 0xB5BB, 0xB5D5, 0xB5DF, 0xB5E7, 0xB5ED, 0xB5FD, 0xB5FF, 0xB609,
+ 0xB61B, 0xB629, 0xB62F, 0xB633, 0xB639, 0xB647, 0xB657, 0xB659,
+ 0xB65F, 0xB663, 0xB66F, 0xB683, 0xB687, 0xB69B, 0xB69F, 0xB6A5,
+ 0xB6B1, 0xB6B3, 0xB6D7, 0xB6DB, 0xB6E1, 0xB6E3, 0xB6ED, 0xB6EF,
+ 0xB705, 0xB70D, 0xB713, 0xB71D, 0xB729, 0xB735, 0xB747, 0xB755,
+ 0xB76D, 0xB791, 0xB795, 0xB7A9, 0xB7C1, 0xB7CB, 0xB7D1, 0xB7D3,
+ 0xB7EF, 0xB7F5, 0xB807, 0xB80F, 0xB813, 0xB819, 0xB821, 0xB827,
+ 0xB82B, 0xB82D, 0xB839, 0xB855, 0xB867, 0xB875, 0xB885, 0xB893,
+ 0xB8A5, 0xB8AF, 0xB8B7, 0xB8BD, 0xB8C1, 0xB8C7, 0xB8CD, 0xB8D5,
+ 0xB8EB, 0xB8F7, 0xB8F9, 0xB903, 0xB915, 0xB91B, 0xB91D, 0xB92F,
+ 0xB939, 0xB93B, 0xB947, 0xB951, 0xB963, 0xB983, 0xB989, 0xB98D,
+ 0xB993, 0xB999, 0xB9A1, 0xB9A7, 0xB9AD, 0xB9B7, 0xB9CB, 0xB9D1,
+ 0xB9DD, 0xB9E7, 0xB9EF, 0xB9F9, 0xBA07, 0xBA0D, 0xBA17, 0xBA25,
+ 0xBA29, 0xBA2B, 0xBA41, 0xBA53, 0xBA55, 0xBA5F, 0xBA61, 0xBA65,
+ 0xBA79, 0xBA7D, 0xBA7F, 0xBAA1, 0xBAA3, 0xBAAF, 0xBAB5, 0xBABF,
+ 0xBAC1, 0xBACB, 0xBADD, 0xBAE3, 0xBAF1, 0xBAFD, 0xBB09, 0xBB1F,
+ 0xBB27, 0xBB2D, 0xBB3D, 0xBB43, 0xBB4B, 0xBB4F, 0xBB5B, 0xBB61,
+ 0xBB69, 0xBB6D, 0xBB91, 0xBB97, 0xBB9D, 0xBBB1, 0xBBC9, 0xBBCF,
+ 0xBBDB, 0xBBED, 0xBBF7, 0xBBF9, 0xBC03, 0xBC1D, 0xBC23, 0xBC33,
+ 0xBC3B, 0xBC41, 0xBC45, 0xBC5D, 0xBC6F, 0xBC77, 0xBC83, 0xBC8F,
+ 0xBC99, 0xBCAB, 0xBCB7, 0xBCB9, 0xBCD1, 0xBCD5, 0xBCE1, 0xBCF3,
+ 0xBCFF, 0xBD0D, 0xBD17, 0xBD19, 0xBD1D, 0xBD35, 0xBD41, 0xBD4F,
+ 0xBD59, 0xBD5F, 0xBD61, 0xBD67, 0xBD6B, 0xBD71, 0xBD8B, 0xBD8F,
+ 0xBD95, 0xBD9B, 0xBD9D, 0xBDB3, 0xBDBB, 0xBDCD, 0xBDD1, 0xBDE3,
+ 0xBDEB, 0xBDEF, 0xBE07, 0xBE09, 0xBE15, 0xBE21, 0xBE25, 0xBE27,
+ 0xBE5B, 0xBE5D, 0xBE6F, 0xBE75, 0xBE79, 0xBE7F, 0xBE8B, 0xBE8D,
+ 0xBE93, 0xBE9F, 0xBEA9, 0xBEB1, 0xBEB5, 0xBEB7, 0xBECF, 0xBED9,
+ 0xBEDB, 0xBEE5, 0xBEE7, 0xBEF3, 0xBEF9, 0xBF0B, 0xBF33, 0xBF39,
+ 0xBF4D, 0xBF5D, 0xBF5F, 0xBF6B, 0xBF71, 0xBF7B, 0xBF87, 0xBF89,
+ 0xBF8D, 0xBF93, 0xBFA1, 0xBFAD, 0xBFB9, 0xBFCF, 0xBFD5, 0xBFDD,
+ 0xBFE1, 0xBFE3, 0xBFF3, 0xC005, 0xC011, 0xC013, 0xC019, 0xC029,
+ 0xC02F, 0xC031, 0xC037, 0xC03B, 0xC047, 0xC065, 0xC06D, 0xC07D,
+ 0xC07F, 0xC091, 0xC09B, 0xC0B3, 0xC0B5, 0xC0BB, 0xC0D3, 0xC0D7,
+ 0xC0D9, 0xC0EF, 0xC0F1, 0xC101, 0xC103, 0xC109, 0xC115, 0xC119,
+ 0xC12B, 0xC133, 0xC137, 0xC145, 0xC149, 0xC15B, 0xC173, 0xC179,
+ 0xC17B, 0xC181, 0xC18B, 0xC18D, 0xC197, 0xC1BD, 0xC1C3, 0xC1CD,
+ 0xC1DB, 0xC1E1, 0xC1E7, 0xC1FF, 0xC203, 0xC205, 0xC211, 0xC221,
+ 0xC22F, 0xC23F, 0xC24B, 0xC24D, 0xC253, 0xC25D, 0xC277, 0xC27B,
+ 0xC27D, 0xC289, 0xC28F, 0xC293, 0xC29F, 0xC2A7, 0xC2B3, 0xC2BD,
+ 0xC2CF, 0xC2D5, 0xC2E3, 0xC2FF, 0xC301, 0xC307, 0xC311, 0xC313,
+ 0xC317, 0xC325, 0xC347, 0xC349, 0xC34F, 0xC365, 0xC367, 0xC371,
+ 0xC37F, 0xC383, 0xC385, 0xC395, 0xC39D, 0xC3A7, 0xC3AD, 0xC3B5,
+ 0xC3BF, 0xC3C7, 0xC3CB, 0xC3D1, 0xC3D3, 0xC3E3, 0xC3E9, 0xC3EF,
+ 0xC401, 0xC41F, 0xC42D, 0xC433, 0xC437, 0xC455, 0xC457, 0xC461,
+ 0xC46F, 0xC473, 0xC487, 0xC491, 0xC499, 0xC49D, 0xC4A5, 0xC4B7,
+ 0xC4BB, 0xC4C9, 0xC4CF, 0xC4D3, 0xC4EB, 0xC4F1, 0xC4F7, 0xC509,
+ 0xC51B, 0xC51D, 0xC541, 0xC547, 0xC551, 0xC55F, 0xC56B, 0xC56F,
+ 0xC575, 0xC577, 0xC595, 0xC59B, 0xC59F, 0xC5A1, 0xC5A7, 0xC5C3,
+ 0xC5D7, 0xC5DB, 0xC5EF, 0xC5FB, 0xC613, 0xC623, 0xC635, 0xC641,
+ 0xC64F, 0xC655, 0xC659, 0xC665, 0xC685, 0xC691, 0xC697, 0xC6A1,
+ 0xC6A9, 0xC6B3, 0xC6B9, 0xC6CB, 0xC6CD, 0xC6DD, 0xC6EB, 0xC6F1,
+ 0xC707, 0xC70D, 0xC719, 0xC71B, 0xC72D, 0xC731, 0xC739, 0xC757,
+ 0xC763, 0xC767, 0xC773, 0xC775, 0xC77F, 0xC7A5, 0xC7BB, 0xC7BD,
+ 0xC7C1, 0xC7CF, 0xC7D5, 0xC7E1, 0xC7F9, 0xC7FD, 0xC7FF, 0xC803,
+ 0xC811, 0xC81D, 0xC827, 0xC829, 0xC839, 0xC83F, 0xC853, 0xC857,
+ 0xC86B, 0xC881, 0xC88D, 0xC88F, 0xC893, 0xC895, 0xC8A1, 0xC8B7,
+ 0xC8CF, 0xC8D5, 0xC8DB, 0xC8DD, 0xC8E3, 0xC8E7, 0xC8ED, 0xC8EF,
+ 0xC8F9, 0xC905, 0xC911, 0xC917, 0xC919, 0xC91F, 0xC92F, 0xC937,
+ 0xC93D, 0xC941, 0xC953, 0xC95F, 0xC96B, 0xC979, 0xC97D, 0xC989,
+ 0xC98F, 0xC997, 0xC99D, 0xC9AF, 0xC9B5, 0xC9BF, 0xC9CB, 0xC9D9,
+ 0xC9DF, 0xC9E3, 0xC9EB, 0xCA01, 0xCA07, 0xCA09, 0xCA25, 0xCA37,
+ 0xCA39, 0xCA4B, 0xCA55, 0xCA5B, 0xCA69, 0xCA73, 0xCA75, 0xCA7F,
+ 0xCA8D, 0xCA93, 0xCA9D, 0xCA9F, 0xCAB5, 0xCABB, 0xCAC3, 0xCAC9,
+ 0xCAD9, 0xCAE5, 0xCAED, 0xCB03, 0xCB05, 0xCB09, 0xCB17, 0xCB29,
+ 0xCB35, 0xCB3B, 0xCB53, 0xCB59, 0xCB63, 0xCB65, 0xCB71, 0xCB87,
+ 0xCB99, 0xCB9F, 0xCBB3, 0xCBB9, 0xCBC3, 0xCBD1, 0xCBD5, 0xCBD7,
+ 0xCBDD, 0xCBE9, 0xCBFF, 0xCC0D, 0xCC19, 0xCC1D, 0xCC23, 0xCC2B,
+ 0xCC41, 0xCC43, 0xCC4D, 0xCC59, 0xCC61, 0xCC89, 0xCC8B, 0xCC91,
+ 0xCC9B, 0xCCA3, 0xCCA7, 0xCCD1, 0xCCE5, 0xCCE9, 0xCD09, 0xCD15,
+ 0xCD1F, 0xCD25, 0xCD31, 0xCD3D, 0xCD3F, 0xCD49, 0xCD51, 0xCD57,
+ 0xCD5B, 0xCD63, 0xCD67, 0xCD81, 0xCD93, 0xCD97, 0xCD9F, 0xCDBB,
+ 0xCDC1, 0xCDD3, 0xCDD9, 0xCDE5, 0xCDE7, 0xCDF1, 0xCDF7, 0xCDFD,
+ 0xCE0B, 0xCE15, 0xCE21, 0xCE2F, 0xCE47, 0xCE4D, 0xCE51, 0xCE65,
+ 0xCE7B, 0xCE7D, 0xCE8F, 0xCE93, 0xCE99, 0xCEA5, 0xCEA7, 0xCEB7,
+ 0xCEC9, 0xCED7, 0xCEDD, 0xCEE3, 0xCEE7, 0xCEED, 0xCEF5, 0xCF07,
+ 0xCF0B, 0xCF19, 0xCF37, 0xCF3B, 0xCF4D, 0xCF55, 0xCF5F, 0xCF61,
+ 0xCF65, 0xCF6D, 0xCF79, 0xCF7D, 0xCF89, 0xCF9B, 0xCF9D, 0xCFA9,
+ 0xCFB3, 0xCFB5, 0xCFC5, 0xCFCD, 0xCFD1, 0xCFEF, 0xCFF1, 0xCFF7,
+ 0xD013, 0xD015, 0xD01F, 0xD021, 0xD033, 0xD03D, 0xD04B, 0xD04F,
+ 0xD069, 0xD06F, 0xD081, 0xD085, 0xD099, 0xD09F, 0xD0A3, 0xD0AB,
+ 0xD0BD, 0xD0C1, 0xD0CD, 0xD0E7, 0xD0FF, 0xD103, 0xD117, 0xD12D,
+ 0xD12F, 0xD141, 0xD157, 0xD159, 0xD15D, 0xD169, 0xD16B, 0xD171,
+ 0xD177, 0xD17D, 0xD181, 0xD187, 0xD195, 0xD199, 0xD1B1, 0xD1BD,
+ 0xD1C3, 0xD1D5, 0xD1D7, 0xD1E3, 0xD1FF, 0xD20D, 0xD211, 0xD217,
+ 0xD21F, 0xD235, 0xD23B, 0xD247, 0xD259, 0xD261, 0xD265, 0xD279,
+ 0xD27F, 0xD283, 0xD289, 0xD28B, 0xD29D, 0xD2A3, 0xD2A7, 0xD2B3,
+ 0xD2BF, 0xD2C7, 0xD2E3, 0xD2E9, 0xD2F1, 0xD2FB, 0xD2FD, 0xD315,
+ 0xD321, 0xD32B, 0xD343, 0xD34B, 0xD355, 0xD369, 0xD375, 0xD37B,
+ 0xD387, 0xD393, 0xD397, 0xD3A5, 0xD3B1, 0xD3C9, 0xD3EB, 0xD3FD,
+ 0xD405, 0xD40F, 0xD415, 0xD427, 0xD42F, 0xD433, 0xD43B, 0xD44B,
+ 0xD459, 0xD45F, 0xD463, 0xD469, 0xD481, 0xD483, 0xD489, 0xD48D,
+ 0xD493, 0xD495, 0xD4A5, 0xD4AB, 0xD4B1, 0xD4C5, 0xD4DD, 0xD4E1,
+ 0xD4E3, 0xD4E7, 0xD4F5, 0xD4F9, 0xD50B, 0xD50D, 0xD513, 0xD51F,
+ 0xD523, 0xD531, 0xD535, 0xD537, 0xD549, 0xD559, 0xD55F, 0xD565,
+ 0xD567, 0xD577, 0xD58B, 0xD591, 0xD597, 0xD5B5, 0xD5B9, 0xD5C1,
+ 0xD5C7, 0xD5DF, 0xD5EF, 0xD5F5, 0xD5FB, 0xD603, 0xD60F, 0xD62D,
+ 0xD631, 0xD643, 0xD655, 0xD65D, 0xD661, 0xD67B, 0xD685, 0xD687,
+ 0xD69D, 0xD6A5, 0xD6AF, 0xD6BD, 0xD6C3, 0xD6C7, 0xD6D9, 0xD6E1,
+ 0xD6ED, 0xD709, 0xD70B, 0xD711, 0xD715, 0xD721, 0xD727, 0xD73F,
+ 0xD745, 0xD74D, 0xD757, 0xD76B, 0xD77B, 0xD783, 0xD7A1, 0xD7A7,
+ 0xD7AD, 0xD7B1, 0xD7B3, 0xD7BD, 0xD7CB, 0xD7D1, 0xD7DB, 0xD7FB,
+ 0xD811, 0xD823, 0xD825, 0xD829, 0xD82B, 0xD82F, 0xD837, 0xD84D,
+ 0xD855, 0xD867, 0xD873, 0xD88F, 0xD891, 0xD8A1, 0xD8AD, 0xD8BF,
+ 0xD8CD, 0xD8D7, 0xD8E9, 0xD8F5, 0xD8FB, 0xD91B, 0xD925, 0xD933,
+ 0xD939, 0xD943, 0xD945, 0xD94F, 0xD951, 0xD957, 0xD96D, 0xD96F,
+ 0xD973, 0xD979, 0xD981, 0xD98B, 0xD991, 0xD99F, 0xD9A5, 0xD9A9,
+ 0xD9B5, 0xD9D3, 0xD9EB, 0xD9F1, 0xD9F7, 0xD9FF, 0xDA05, 0xDA09,
+ 0xDA0B, 0xDA0F, 0xDA15, 0xDA1D, 0xDA23, 0xDA29, 0xDA3F, 0xDA51,
+ 0xDA59, 0xDA5D, 0xDA5F, 0xDA71, 0xDA77, 0xDA7B, 0xDA7D, 0xDA8D,
+ 0xDA9F, 0xDAB3, 0xDABD, 0xDAC3, 0xDAC9, 0xDAE7, 0xDAE9, 0xDAF5,
+ 0xDB11, 0xDB17, 0xDB1D, 0xDB23, 0xDB25, 0xDB31, 0xDB3B, 0xDB43,
+ 0xDB55, 0xDB67, 0xDB6B, 0xDB73, 0xDB85, 0xDB8F, 0xDB91, 0xDBAD,
+ 0xDBAF, 0xDBB9, 0xDBC7, 0xDBCB, 0xDBCD, 0xDBEB, 0xDBF7, 0xDC0D,
+ 0xDC27, 0xDC31, 0xDC39, 0xDC3F, 0xDC49, 0xDC51, 0xDC61, 0xDC6F,
+ 0xDC75, 0xDC7B, 0xDC85, 0xDC93, 0xDC99, 0xDC9D, 0xDC9F, 0xDCA9,
+ 0xDCB5, 0xDCB7, 0xDCBD, 0xDCC7, 0xDCCF, 0xDCD3, 0xDCD5, 0xDCDF,
+ 0xDCF9, 0xDD0F, 0xDD15, 0xDD17, 0xDD23, 0xDD35, 0xDD39, 0xDD53,
+ 0xDD57, 0xDD5F, 0xDD69, 0xDD6F, 0xDD7D, 0xDD87, 0xDD89, 0xDD9B,
+ 0xDDA1, 0xDDAB, 0xDDBF, 0xDDC5, 0xDDCB, 0xDDCF, 0xDDE7, 0xDDE9,
+ 0xDDED, 0xDDF5, 0xDDFB, 0xDE0B, 0xDE19, 0xDE29, 0xDE3B, 0xDE3D,
+ 0xDE41, 0xDE4D, 0xDE4F, 0xDE59, 0xDE5B, 0xDE61, 0xDE6D, 0xDE77,
+ 0xDE7D, 0xDE83, 0xDE97, 0xDE9D, 0xDEA1, 0xDEA7, 0xDECD, 0xDED1,
+ 0xDED7, 0xDEE3, 0xDEF1, 0xDEF5, 0xDF01, 0xDF09, 0xDF13, 0xDF1F,
+ 0xDF2B, 0xDF33, 0xDF37, 0xDF3D, 0xDF4B, 0xDF55, 0xDF5B, 0xDF67,
+ 0xDF69, 0xDF73, 0xDF85, 0xDF87, 0xDF99, 0xDFA3, 0xDFAB, 0xDFB5,
+ 0xDFB7, 0xDFC3, 0xDFC7, 0xDFD5, 0xDFF1, 0xDFF3, 0xE003, 0xE005,
+ 0xE017, 0xE01D, 0xE027, 0xE02D, 0xE035, 0xE045, 0xE053, 0xE071,
+ 0xE07B, 0xE08F, 0xE095, 0xE09F, 0xE0B7, 0xE0B9, 0xE0D5, 0xE0D7,
+ 0xE0E3, 0xE0F3, 0xE0F9, 0xE101, 0xE125, 0xE129, 0xE131, 0xE135,
+ 0xE143, 0xE14F, 0xE159, 0xE161, 0xE16D, 0xE171, 0xE177, 0xE17F,
+ 0xE183, 0xE189, 0xE197, 0xE1AD, 0xE1B5, 0xE1BB, 0xE1BF, 0xE1C1,
+ 0xE1CB, 0xE1D1, 0xE1E5, 0xE1EF, 0xE1F7, 0xE1FD, 0xE203, 0xE219,
+ 0xE22B, 0xE22D, 0xE23D, 0xE243, 0xE257, 0xE25B, 0xE275, 0xE279,
+ 0xE287, 0xE29D, 0xE2AB, 0xE2AF, 0xE2BB, 0xE2C1, 0xE2C9, 0xE2CD,
+ 0xE2D3, 0xE2D9, 0xE2F3, 0xE2FD, 0xE2FF, 0xE311, 0xE323, 0xE327,
+ 0xE329, 0xE339, 0xE33B, 0xE34D, 0xE351, 0xE357, 0xE35F, 0xE363,
+ 0xE369, 0xE375, 0xE377, 0xE37D, 0xE383, 0xE39F, 0xE3C5, 0xE3C9,
+ 0xE3D1, 0xE3E1, 0xE3FB, 0xE3FF, 0xE401, 0xE40B, 0xE417, 0xE419,
+ 0xE423, 0xE42B, 0xE431, 0xE43B, 0xE447, 0xE449, 0xE453, 0xE455,
+ 0xE46D, 0xE471, 0xE48F, 0xE4A9, 0xE4AF, 0xE4B5, 0xE4C7, 0xE4CD,
+ 0xE4D3, 0xE4E9, 0xE4EB, 0xE4F5, 0xE507, 0xE521, 0xE525, 0xE537,
+ 0xE53F, 0xE545, 0xE54B, 0xE557, 0xE567, 0xE56D, 0xE575, 0xE585,
+ 0xE58B, 0xE593, 0xE5A3, 0xE5A5, 0xE5CF, 0xE609, 0xE611, 0xE615,
+ 0xE61B, 0xE61D, 0xE621, 0xE629, 0xE639, 0xE63F, 0xE653, 0xE657,
+ 0xE663, 0xE66F, 0xE675, 0xE681, 0xE683, 0xE68D, 0xE68F, 0xE695,
+ 0xE6AB, 0xE6AD, 0xE6B7, 0xE6BD, 0xE6C5, 0xE6CB, 0xE6D5, 0xE6E3,
+ 0xE6E9, 0xE6EF, 0xE6F3, 0xE705, 0xE70D, 0xE717, 0xE71F, 0xE72F,
+ 0xE73D, 0xE747, 0xE749, 0xE753, 0xE755, 0xE761, 0xE767, 0xE76B,
+ 0xE77F, 0xE789, 0xE791, 0xE7C5, 0xE7CD, 0xE7D7, 0xE7DD, 0xE7DF,
+ 0xE7E9, 0xE7F1, 0xE7FB, 0xE801, 0xE807, 0xE80F, 0xE819, 0xE81B,
+ 0xE831, 0xE833, 0xE837, 0xE83D, 0xE84B, 0xE84F, 0xE851, 0xE869,
+ 0xE875, 0xE879, 0xE893, 0xE8A5, 0xE8A9, 0xE8AF, 0xE8BD, 0xE8DB,
+ 0xE8E1, 0xE8E5, 0xE8EB, 0xE8ED, 0xE903, 0xE90B, 0xE90F, 0xE915,
+ 0xE917, 0xE92D, 0xE933, 0xE93B, 0xE94B, 0xE951, 0xE95F, 0xE963,
+ 0xE969, 0xE97B, 0xE983, 0xE98F, 0xE995, 0xE9A1, 0xE9B9, 0xE9D7,
+ 0xE9E7, 0xE9EF, 0xEA11, 0xEA19, 0xEA2F, 0xEA35, 0xEA43, 0xEA4D,
+ 0xEA5F, 0xEA6D, 0xEA71, 0xEA7D, 0xEA85, 0xEA89, 0xEAAD, 0xEAB3,
+ 0xEAB9, 0xEABB, 0xEAC5, 0xEAC7, 0xEACB, 0xEADF, 0xEAE5, 0xEAEB,
+ 0xEAF5, 0xEB01, 0xEB07, 0xEB09, 0xEB31, 0xEB39, 0xEB3F, 0xEB5B,
+ 0xEB61, 0xEB63, 0xEB6F, 0xEB81, 0xEB85, 0xEB9D, 0xEBAB, 0xEBB1,
+ 0xEBB7, 0xEBC1, 0xEBD5, 0xEBDF, 0xEBED, 0xEBFD, 0xEC0B, 0xEC1B,
+ 0xEC21, 0xEC29, 0xEC4D, 0xEC51, 0xEC5D, 0xEC69, 0xEC6F, 0xEC7B,
+ 0xECAD, 0xECB9, 0xECBF, 0xECC3, 0xECC9, 0xECCF, 0xECD7, 0xECDD,
+ 0xECE7, 0xECE9, 0xECF3, 0xECF5, 0xED07, 0xED11, 0xED1F, 0xED2F,
+ 0xED37, 0xED3D, 0xED41, 0xED55, 0xED59, 0xED5B, 0xED65, 0xED6B,
+ 0xED79, 0xED8B, 0xED95, 0xEDBB, 0xEDC5, 0xEDD7, 0xEDD9, 0xEDE3,
+ 0xEDE5, 0xEDF1, 0xEDF5, 0xEDF7, 0xEDFB, 0xEE09, 0xEE0F, 0xEE19,
+ 0xEE21, 0xEE49, 0xEE4F, 0xEE63, 0xEE67, 0xEE73, 0xEE7B, 0xEE81,
+ 0xEEA3, 0xEEAB, 0xEEC1, 0xEEC9, 0xEED5, 0xEEDF, 0xEEE1, 0xEEF1,
+ 0xEF1B, 0xEF27, 0xEF2F, 0xEF45, 0xEF4D, 0xEF63, 0xEF6B, 0xEF71,
+ 0xEF93, 0xEF95, 0xEF9B, 0xEF9F, 0xEFAD, 0xEFB3, 0xEFC3, 0xEFC5,
+ 0xEFDB, 0xEFE1, 0xEFE9, 0xF001, 0xF017, 0xF01D, 0xF01F, 0xF02B,
+ 0xF02F, 0xF035, 0xF043, 0xF047, 0xF04F, 0xF067, 0xF06B, 0xF071,
+ 0xF077, 0xF079, 0xF08F, 0xF0A3, 0xF0A9, 0xF0AD, 0xF0BB, 0xF0BF,
+ 0xF0C5, 0xF0CB, 0xF0D3, 0xF0D9, 0xF0E3, 0xF0E9, 0xF0F1, 0xF0F7,
+ 0xF107, 0xF115, 0xF11B, 0xF121, 0xF137, 0xF13D, 0xF155, 0xF175,
+ 0xF17B, 0xF18D, 0xF193, 0xF1A5, 0xF1AF, 0xF1B7, 0xF1D5, 0xF1E7,
+ 0xF1ED, 0xF1FD, 0xF209, 0xF20F, 0xF21B, 0xF21D, 0xF223, 0xF227,
+ 0xF233, 0xF23B, 0xF241, 0xF257, 0xF25F, 0xF265, 0xF269, 0xF277,
+ 0xF281, 0xF293, 0xF2A7, 0xF2B1, 0xF2B3, 0xF2B9, 0xF2BD, 0xF2BF,
+ 0xF2DB, 0xF2ED, 0xF2EF, 0xF2F9, 0xF2FF, 0xF305, 0xF30B, 0xF319,
+ 0xF341, 0xF359, 0xF35B, 0xF35F, 0xF367, 0xF373, 0xF377, 0xF38B,
+ 0xF38F, 0xF3AF, 0xF3C1, 0xF3D1, 0xF3D7, 0xF3FB, 0xF403, 0xF409,
+ 0xF40D, 0xF413, 0xF421, 0xF425, 0xF42B, 0xF445, 0xF44B, 0xF455,
+ 0xF463, 0xF475, 0xF47F, 0xF485, 0xF48B, 0xF499, 0xF4A3, 0xF4A9,
+ 0xF4AF, 0xF4BD, 0xF4C3, 0xF4DB, 0xF4DF, 0xF4ED, 0xF503, 0xF50B,
+ 0xF517, 0xF521, 0xF529, 0xF535, 0xF547, 0xF551, 0xF563, 0xF56B,
+ 0xF583, 0xF58D, 0xF595, 0xF599, 0xF5B1, 0xF5B7, 0xF5C9, 0xF5CF,
+ 0xF5D1, 0xF5DB, 0xF5F9, 0xF5FB, 0xF605, 0xF607, 0xF60B, 0xF60D,
+ 0xF635, 0xF637, 0xF653, 0xF65B, 0xF661, 0xF667, 0xF679, 0xF67F,
+ 0xF689, 0xF697, 0xF69B, 0xF6AD, 0xF6CB, 0xF6DD, 0xF6DF, 0xF6EB,
+ 0xF709, 0xF70F, 0xF72D, 0xF731, 0xF743, 0xF74F, 0xF751, 0xF755,
+ 0xF763, 0xF769, 0xF773, 0xF779, 0xF781, 0xF787, 0xF791, 0xF79D,
+ 0xF79F, 0xF7A5, 0xF7B1, 0xF7BB, 0xF7BD, 0xF7CF, 0xF7D3, 0xF7E7,
+ 0xF7EB, 0xF7F1, 0xF7FF, 0xF805, 0xF80B, 0xF821, 0xF827, 0xF82D,
+ 0xF835, 0xF847, 0xF859, 0xF863, 0xF865, 0xF86F, 0xF871, 0xF877,
+ 0xF87B, 0xF881, 0xF88D, 0xF89F, 0xF8A1, 0xF8AB, 0xF8B3, 0xF8B7,
+ 0xF8C9, 0xF8CB, 0xF8D1, 0xF8D7, 0xF8DD, 0xF8E7, 0xF8EF, 0xF8F9,
+ 0xF8FF, 0xF911, 0xF91D, 0xF925, 0xF931, 0xF937, 0xF93B, 0xF941,
+ 0xF94F, 0xF95F, 0xF961, 0xF96D, 0xF971, 0xF977, 0xF99D, 0xF9A3,
+ 0xF9A9, 0xF9B9, 0xF9CD, 0xF9E9, 0xF9FD, 0xFA07, 0xFA0D, 0xFA13,
+ 0xFA21, 0xFA25, 0xFA3F, 0xFA43, 0xFA51, 0xFA5B, 0xFA6D, 0xFA7B,
+ 0xFA97, 0xFA99, 0xFA9D, 0xFAAB, 0xFABB, 0xFABD, 0xFAD9, 0xFADF,
+ 0xFAE7, 0xFAED, 0xFB0F, 0xFB17, 0xFB1B, 0xFB2D, 0xFB2F, 0xFB3F,
+ 0xFB47, 0xFB4D, 0xFB75, 0xFB7D, 0xFB8F, 0xFB93, 0xFBB1, 0xFBB7,
+ 0xFBC3, 0xFBC5, 0xFBE3, 0xFBE9, 0xFBF3, 0xFC01, 0xFC29, 0xFC37,
+ 0xFC41, 0xFC43, 0xFC4F, 0xFC59, 0xFC61, 0xFC65, 0xFC6D, 0xFC73,
+ 0xFC79, 0xFC95, 0xFC97, 0xFC9B, 0xFCA7, 0xFCB5, 0xFCC5, 0xFCCD,
+ 0xFCEB, 0xFCFB, 0xFD0D, 0xFD0F, 0xFD19, 0xFD2B, 0xFD31, 0xFD51,
+ 0xFD55, 0xFD67, 0xFD6D, 0xFD6F, 0xFD7B, 0xFD85, 0xFD97, 0xFD99,
+ 0xFD9F, 0xFDA9, 0xFDB7, 0xFDC9, 0xFDE5, 0xFDEB, 0xFDF3, 0xFE03,
+ 0xFE05, 0xFE09, 0xFE1D, 0xFE27, 0xFE2F, 0xFE41, 0xFE4B, 0xFE4D,
+ 0xFE57, 0xFE5F, 0xFE63, 0xFE69, 0xFE75, 0xFE7B, 0xFE8F, 0xFE93,
+ 0xFE95, 0xFE9B, 0xFE9F, 0xFEB3, 0xFEBD, 0xFED7, 0xFEE9, 0xFEF3,
+ 0xFEF5, 0xFF07, 0xFF0D, 0xFF1D, 0xFF2B, 0xFF2F, 0xFF49, 0xFF4D,
+ 0xFF5B, 0xFF65, 0xFF71, 0xFF7F, 0xFF85, 0xFF8B, 0xFF8F, 0xFF9D,
+ 0xFFA7, 0xFFA9, 0xFFC7, 0xFFD9, 0xFFEF, 0xFFF1,
#endif
};
-
diff --git a/lib/freebl/mpi/test-info.c b/lib/freebl/mpi/test-info.c
index bf6fecf08..6c6c4cea2 100644
--- a/lib/freebl/mpi/test-info.c
+++ b/lib/freebl/mpi/test-info.c
@@ -8,154 +8,153 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Table mapping test suite names to index numbers */
-const int g_count = 42;
+const int g_count = 42;
const char *g_names[] = {
- "list", /* print out a list of the available test suites */
- "copy", /* test assignment of mp-int structures */
- "exchange", /* test exchange of mp-int structures */
- "zero", /* test zeroing of an mp-int */
- "set", /* test setting an mp-int to a small constant */
- "absolute-value", /* test the absolute value function */
- "negate", /* test the arithmetic negation function */
- "add-digit", /* test digit addition */
- "add", /* test full addition */
- "subtract-digit", /* test digit subtraction */
- "subtract", /* test full subtraction */
- "multiply-digit", /* test digit multiplication */
- "multiply", /* test full multiplication */
- "square", /* test full squaring function */
- "divide-digit", /* test digit division */
- "divide-2", /* test division by two */
- "divide-2d", /* test division & remainder by 2^d */
- "divide", /* test full division */
- "expt-digit", /* test digit exponentiation */
- "expt", /* test full exponentiation */
- "expt-2", /* test power-of-two exponentiation */
- "square-root", /* test integer square root function */
- "modulo-digit", /* test digit modular reduction */
- "modulo", /* test full modular reduction */
- "mod-add", /* test modular addition */
- "mod-subtract", /* test modular subtraction */
- "mod-multiply", /* test modular multiplication */
- "mod-square", /* test modular squaring function */
- "mod-expt", /* test full modular exponentiation */
- "mod-expt-digit", /* test digit modular exponentiation */
- "mod-inverse", /* test modular inverse function */
- "compare-digit", /* test digit comparison function */
- "compare-zero", /* test zero comparison function */
- "compare", /* test general signed comparison */
- "compare-magnitude", /* test general magnitude comparison */
- "parity", /* test parity comparison functions */
- "gcd", /* test greatest common divisor functions */
- "lcm", /* test least common multiple function */
- "conversion", /* test general radix conversion facilities */
- "binary", /* test raw output format */
- "pprime", /* test probabilistic primality tester */
- "fermat" /* test Fermat pseudoprimality tester */
+ "list", /* print out a list of the available test suites */
+ "copy", /* test assignment of mp-int structures */
+ "exchange", /* test exchange of mp-int structures */
+ "zero", /* test zeroing of an mp-int */
+ "set", /* test setting an mp-int to a small constant */
+ "absolute-value", /* test the absolute value function */
+ "negate", /* test the arithmetic negation function */
+ "add-digit", /* test digit addition */
+ "add", /* test full addition */
+ "subtract-digit", /* test digit subtraction */
+ "subtract", /* test full subtraction */
+ "multiply-digit", /* test digit multiplication */
+ "multiply", /* test full multiplication */
+ "square", /* test full squaring function */
+ "divide-digit", /* test digit division */
+ "divide-2", /* test division by two */
+ "divide-2d", /* test division & remainder by 2^d */
+ "divide", /* test full division */
+ "expt-digit", /* test digit exponentiation */
+ "expt", /* test full exponentiation */
+ "expt-2", /* test power-of-two exponentiation */
+ "square-root", /* test integer square root function */
+ "modulo-digit", /* test digit modular reduction */
+ "modulo", /* test full modular reduction */
+ "mod-add", /* test modular addition */
+ "mod-subtract", /* test modular subtraction */
+ "mod-multiply", /* test modular multiplication */
+ "mod-square", /* test modular squaring function */
+ "mod-expt", /* test full modular exponentiation */
+ "mod-expt-digit", /* test digit modular exponentiation */
+ "mod-inverse", /* test modular inverse function */
+ "compare-digit", /* test digit comparison function */
+ "compare-zero", /* test zero comparison function */
+ "compare", /* test general signed comparison */
+ "compare-magnitude", /* test general magnitude comparison */
+ "parity", /* test parity comparison functions */
+ "gcd", /* test greatest common divisor functions */
+ "lcm", /* test least common multiple function */
+ "conversion", /* test general radix conversion facilities */
+ "binary", /* test raw output format */
+ "pprime", /* test probabilistic primality tester */
+ "fermat" /* test Fermat pseudoprimality tester */
};
/* Test function prototypes */
-int test_list(void);
-int test_copy(void);
-int test_exch(void);
-int test_zero(void);
-int test_set(void);
-int test_abs(void);
-int test_neg(void);
-int test_add_d(void);
-int test_add(void);
-int test_sub_d(void);
-int test_sub(void);
-int test_mul_d(void);
-int test_mul(void);
-int test_sqr(void);
-int test_div_d(void);
-int test_div_2(void);
-int test_div_2d(void);
-int test_div(void);
-int test_expt_d(void);
-int test_expt(void);
-int test_2expt(void);
-int test_sqrt(void);
-int test_mod_d(void);
-int test_mod(void);
-int test_addmod(void);
-int test_submod(void);
-int test_mulmod(void);
-int test_sqrmod(void);
-int test_exptmod(void);
-int test_exptmod_d(void);
-int test_invmod(void);
-int test_cmp_d(void);
-int test_cmp_z(void);
-int test_cmp(void);
-int test_cmp_mag(void);
-int test_parity(void);
-int test_gcd(void);
-int test_lcm(void);
-int test_convert(void);
-int test_raw(void);
-int test_pprime(void);
-int test_fermat(void);
+int test_list(void);
+int test_copy(void);
+int test_exch(void);
+int test_zero(void);
+int test_set(void);
+int test_abs(void);
+int test_neg(void);
+int test_add_d(void);
+int test_add(void);
+int test_sub_d(void);
+int test_sub(void);
+int test_mul_d(void);
+int test_mul(void);
+int test_sqr(void);
+int test_div_d(void);
+int test_div_2(void);
+int test_div_2d(void);
+int test_div(void);
+int test_expt_d(void);
+int test_expt(void);
+int test_2expt(void);
+int test_sqrt(void);
+int test_mod_d(void);
+int test_mod(void);
+int test_addmod(void);
+int test_submod(void);
+int test_mulmod(void);
+int test_sqrmod(void);
+int test_exptmod(void);
+int test_exptmod_d(void);
+int test_invmod(void);
+int test_cmp_d(void);
+int test_cmp_z(void);
+int test_cmp(void);
+int test_cmp_mag(void);
+int test_parity(void);
+int test_gcd(void);
+int test_lcm(void);
+int test_convert(void);
+int test_raw(void);
+int test_pprime(void);
+int test_fermat(void);
/* Table mapping index numbers to functions */
-int (*g_tests[])(void) = {
- test_list, test_copy, test_exch, test_zero,
- test_set, test_abs, test_neg, test_add_d,
- test_add, test_sub_d, test_sub, test_mul_d,
- test_mul, test_sqr, test_div_d, test_div_2,
- test_div_2d, test_div, test_expt_d, test_expt,
- test_2expt, test_sqrt, test_mod_d, test_mod,
- test_addmod, test_submod, test_mulmod, test_sqrmod,
- test_exptmod, test_exptmod_d, test_invmod, test_cmp_d,
- test_cmp_z, test_cmp, test_cmp_mag, test_parity,
- test_gcd, test_lcm, test_convert, test_raw,
- test_pprime, test_fermat
+int (*g_tests[])(void) = {
+ test_list, test_copy, test_exch, test_zero,
+ test_set, test_abs, test_neg, test_add_d,
+ test_add, test_sub_d, test_sub, test_mul_d,
+ test_mul, test_sqr, test_div_d, test_div_2,
+ test_div_2d, test_div, test_expt_d, test_expt,
+ test_2expt, test_sqrt, test_mod_d, test_mod,
+ test_addmod, test_submod, test_mulmod, test_sqrmod,
+ test_exptmod, test_exptmod_d, test_invmod, test_cmp_d,
+ test_cmp_z, test_cmp, test_cmp_mag, test_parity,
+ test_gcd, test_lcm, test_convert, test_raw,
+ test_pprime, test_fermat
};
/* Table mapping index numbers to descriptions */
const char *g_descs[] = {
- "print out a list of the available test suites",
- "test assignment of mp-int structures",
- "test exchange of mp-int structures",
- "test zeroing of an mp-int",
- "test setting an mp-int to a small constant",
- "test the absolute value function",
- "test the arithmetic negation function",
- "test digit addition",
- "test full addition",
- "test digit subtraction",
- "test full subtraction",
- "test digit multiplication",
- "test full multiplication",
- "test full squaring function",
- "test digit division",
- "test division by two",
- "test division & remainder by 2^d",
- "test full division",
- "test digit exponentiation",
- "test full exponentiation",
- "test power-of-two exponentiation",
- "test integer square root function",
- "test digit modular reduction",
- "test full modular reduction",
- "test modular addition",
- "test modular subtraction",
- "test modular multiplication",
- "test modular squaring function",
- "test full modular exponentiation",
- "test digit modular exponentiation",
- "test modular inverse function",
- "test digit comparison function",
- "test zero comparison function",
- "test general signed comparison",
- "test general magnitude comparison",
- "test parity comparison functions",
- "test greatest common divisor functions",
- "test least common multiple function",
- "test general radix conversion facilities",
- "test raw output format",
- "test probabilistic primality tester",
- "test Fermat pseudoprimality tester"
+ "print out a list of the available test suites",
+ "test assignment of mp-int structures",
+ "test exchange of mp-int structures",
+ "test zeroing of an mp-int",
+ "test setting an mp-int to a small constant",
+ "test the absolute value function",
+ "test the arithmetic negation function",
+ "test digit addition",
+ "test full addition",
+ "test digit subtraction",
+ "test full subtraction",
+ "test digit multiplication",
+ "test full multiplication",
+ "test full squaring function",
+ "test digit division",
+ "test division by two",
+ "test division & remainder by 2^d",
+ "test full division",
+ "test digit exponentiation",
+ "test full exponentiation",
+ "test power-of-two exponentiation",
+ "test integer square root function",
+ "test digit modular reduction",
+ "test full modular reduction",
+ "test modular addition",
+ "test modular subtraction",
+ "test modular multiplication",
+ "test modular squaring function",
+ "test full modular exponentiation",
+ "test digit modular exponentiation",
+ "test modular inverse function",
+ "test digit comparison function",
+ "test zero comparison function",
+ "test general signed comparison",
+ "test general magnitude comparison",
+ "test parity comparison functions",
+ "test greatest common divisor functions",
+ "test least common multiple function",
+ "test general radix conversion facilities",
+ "test raw output format",
+ "test probabilistic primality tester",
+ "test Fermat pseudoprimality tester"
};
-
diff --git a/lib/freebl/mpi/tests/mptest-1.c b/lib/freebl/mpi/tests/mptest-1.c
index 1c24fdf07..449134668 100644
--- a/lib/freebl/mpi/tests/mptest-1.c
+++ b/lib/freebl/mpi/tests/mptest-1.c
@@ -20,23 +20,24 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix;
- mp_int mp;
+ int ix;
+ mp_int mp;
#ifdef MAC_CW_SIOUX
- argc = ccommand(&argv);
+ argc = ccommand(&argv);
#endif
- mp_init(&mp);
-
- for(ix = 1; ix < argc; ix++) {
- mp_read_radix(&mp, argv[ix], 10);
- mp_print(&mp, stdout);
- fputc('\n', stdout);
- }
+ mp_init(&mp);
- mp_clear(&mp);
- return 0;
+ for (ix = 1; ix < argc; ix++) {
+ mp_read_radix(&mp, argv[ix], 10);
+ mp_print(&mp, stdout);
+ fputc('\n', stdout);
+ }
+
+ mp_clear(&mp);
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-2.c b/lib/freebl/mpi/tests/mptest-2.c
index ea1161e77..1505e6afd 100644
--- a/lib/freebl/mpi/tests/mptest-2.c
+++ b/lib/freebl/mpi/tests/mptest-2.c
@@ -15,39 +15,48 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a, b, c;
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
- return 1;
- }
-
- printf("Test 2: Basic addition and subtraction\n\n");
-
- mp_init(&a);
- mp_init(&b);
-
- mp_read_radix(&a, argv[1], 10);
- mp_read_radix(&b, argv[2], 10);
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
-
- mp_init(&c);
- printf("c = a + b\n");
-
- mp_add(&a, &b, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- printf("c = a - b\n");
-
- mp_sub(&a, &b, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mp_clear(&c);
- mp_clear(&b);
- mp_clear(&a);
-
- return 0;
+ mp_int a, b, c;
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+ return 1;
+ }
+
+ printf("Test 2: Basic addition and subtraction\n\n");
+
+ mp_init(&a);
+ mp_init(&b);
+
+ mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&b, argv[2], 10);
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+
+ mp_init(&c);
+ printf("c = a + b\n");
+
+ mp_add(&a, &b, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ printf("c = a - b\n");
+
+ mp_sub(&a, &b, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mp_clear(&c);
+ mp_clear(&b);
+ mp_clear(&a);
+
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-3.c b/lib/freebl/mpi/tests/mptest-3.c
index 4636a258f..2c1413b46 100644
--- a/lib/freebl/mpi/tests/mptest-3.c
+++ b/lib/freebl/mpi/tests/mptest-3.c
@@ -17,82 +17,105 @@
#include "mpi.h"
-#define SQRT 1 /* define nonzero to get square-root test */
-#define EXPT 0 /* define nonzero to get exponentiate test */
+#define SQRT 1 /* define nonzero to get square-root test */
+#define EXPT 0 /* define nonzero to get exponentiate test */
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix;
- mp_int a, b, c, d;
- mp_digit r;
- mp_err res;
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
- return 1;
- }
-
- printf("Test 3: Multiplication and division\n\n");
- srand(time(NULL));
-
- mp_init(&a);
- mp_init(&b);
-
- mp_read_variable_radix(&a, argv[1], 10);
- mp_read_variable_radix(&b, argv[2], 10);
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
-
- mp_init(&c);
- printf("\nc = a * b\n");
-
- mp_mul(&a, &b, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- printf("\nc = b * 32523\n");
-
- mp_mul_d(&b, 32523, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mp_init(&d);
- printf("\nc = a / b, d = a mod b\n");
-
- mp_div(&a, &b, &c, &d);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
-
- ix = rand() % 256;
- printf("\nc = a / %d, r = a mod %d\n", ix, ix);
- mp_div_d(&a, (mp_digit)ix, &c, &r);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- printf("r = %04X\n", r);
+ int ix;
+ mp_int a, b, c, d;
+ mp_digit r;
+ mp_err res;
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+ return 1;
+ }
+
+ printf("Test 3: Multiplication and division\n\n");
+ srand(time(NULL));
+
+ mp_init(&a);
+ mp_init(&b);
+
+ mp_read_variable_radix(&a, argv[1], 10);
+ mp_read_variable_radix(&b, argv[2], 10);
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+
+ mp_init(&c);
+ printf("\nc = a * b\n");
+
+ mp_mul(&a, &b, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ printf("\nc = b * 32523\n");
+
+ mp_mul_d(&b, 32523, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mp_init(&d);
+ printf("\nc = a / b, d = a mod b\n");
+
+ mp_div(&a, &b, &c, &d);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ printf("d = ");
+ mp_print(&d, stdout);
+ fputc('\n', stdout);
+
+ ix = rand() % 256;
+ printf("\nc = a / %d, r = a mod %d\n", ix, ix);
+ mp_div_d(&a, (mp_digit)ix, &c, &r);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ printf("r = %04X\n", r);
#if EXPT
- printf("\nc = a ** b\n");
- mp_expt(&a, &b, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("\nc = a ** b\n");
+ mp_expt(&a, &b, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
#endif
- ix = rand() % 256;
- printf("\nc = 2^%d\n", ix);
- mp_2expt(&c, ix);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ ix = rand() % 256;
+ printf("\nc = 2^%d\n", ix);
+ mp_2expt(&c, ix);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
#if SQRT
- printf("\nc = sqrt(a)\n");
- if((res = mp_sqrt(&a, &c)) != MP_OKAY) {
- printf("mp_sqrt: %s\n", mp_strerror(res));
- } else {
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- mp_sqr(&c, &c);
- printf("c^2 = "); mp_print(&c, stdout); fputc('\n', stdout);
- }
+ printf("\nc = sqrt(a)\n");
+ if ((res = mp_sqrt(&a, &c)) != MP_OKAY) {
+ printf("mp_sqrt: %s\n", mp_strerror(res));
+ } else {
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ mp_sqr(&c, &c);
+ printf("c^2 = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ }
#endif
- mp_clear(&d);
- mp_clear(&c);
- mp_clear(&b);
- mp_clear(&a);
+ mp_clear(&d);
+ mp_clear(&c);
+ mp_clear(&b);
+ mp_clear(&a);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-3a.c b/lib/freebl/mpi/tests/mptest-3a.c
index c496aa609..c6cea7046 100644
--- a/lib/freebl/mpi/tests/mptest-3a.c
+++ b/lib/freebl/mpi/tests/mptest-3a.c
@@ -18,94 +18,106 @@
#include "mpi.h"
#include "mpprime.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix, num, prec = 8;
- double d1, d2;
- clock_t start, finish;
- time_t seed;
- mp_int a, c, d;
-
- seed = time(NULL);
-
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
- return 1;
- }
-
- if((num = atoi(argv[1])) < 0)
- num = -num;
-
- if(!num) {
- fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
- return 1;
- }
-
- if(argc > 2) {
- if((prec = atoi(argv[2])) <= 0)
- prec = 8;
- else
- prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
- }
-
- printf("Test 3a: Multiplication vs squaring timing test\n"
- "Precision: %d digits (%u bits)\n"
- "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num);
-
- mp_init_size(&a, prec);
-
- mp_init(&c); mp_init(&d);
-
- printf("Verifying accuracy ... \n");
- srand((unsigned int)seed);
- for(ix = 0; ix < num; ix++) {
- mpp_random_size(&a, prec);
- mp_mul(&a, &a, &c);
- mp_sqr(&a, &d);
-
- if(mp_cmp(&c, &d) != 0) {
- printf("Error! Results not accurate:\n");
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
- mp_sub(&c, &d, &d);
- printf("dif "); mp_print(&d, stdout); fputc('\n', stdout);
- mp_clear(&c); mp_clear(&d);
- mp_clear(&a);
- return 1;
+ int ix, num, prec = 8;
+ double d1, d2;
+ clock_t start, finish;
+ time_t seed;
+ mp_int a, c, d;
+
+ seed = time(NULL);
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
+ return 1;
+ }
+
+ if ((num = atoi(argv[1])) < 0)
+ num = -num;
+
+ if (!num) {
+ fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+ return 1;
+ }
+
+ if (argc > 2) {
+ if ((prec = atoi(argv[2])) <= 0)
+ prec = 8;
+ else
+ prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+ }
+
+ printf("Test 3a: Multiplication vs squaring timing test\n"
+ "Precision: %d digits (%u bits)\n"
+ "# of tests: %d\n\n",
+ prec, prec * DIGIT_BIT, num);
+
+ mp_init_size(&a, prec);
+
+ mp_init(&c);
+ mp_init(&d);
+
+ printf("Verifying accuracy ... \n");
+ srand((unsigned int)seed);
+ for (ix = 0; ix < num; ix++) {
+ mpp_random_size(&a, prec);
+ mp_mul(&a, &a, &c);
+ mp_sqr(&a, &d);
+
+ if (mp_cmp(&c, &d) != 0) {
+ printf("Error! Results not accurate:\n");
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ printf("d = ");
+ mp_print(&d, stdout);
+ fputc('\n', stdout);
+ mp_sub(&c, &d, &d);
+ printf("dif ");
+ mp_print(&d, stdout);
+ fputc('\n', stdout);
+ mp_clear(&c);
+ mp_clear(&d);
+ mp_clear(&a);
+ return 1;
+ }
}
- }
- printf("Accuracy is confirmed for the %d test samples\n", num);
- mp_clear(&d);
-
- printf("Testing squaring ... \n");
- srand((unsigned int)seed);
- start = clock();
- for(ix = 0; ix < num; ix++) {
- mpp_random_size(&a, prec);
- mp_sqr(&a, &c);
- }
- finish = clock();
-
- d2 = (double)(finish - start) / CLOCKS_PER_SEC;
-
- printf("Testing multiplication ... \n");
- srand((unsigned int)seed);
- start = clock();
- for(ix = 0; ix < num; ix++) {
- mpp_random(&a);
- mp_mul(&a, &a, &c);
- }
- finish = clock();
-
- d1 = (double)(finish - start) / CLOCKS_PER_SEC;
-
- printf("Multiplication time: %.3f sec (%.3f each)\n", d1, d1 / num);
- printf("Squaring time: %.3f sec (%.3f each)\n", d2, d2 / num);
- printf("Improvement: %.2f%%\n", (1.0 - (d2 / d1)) * 100.0);
-
- mp_clear(&c);
- mp_clear(&a);
-
- return 0;
+ printf("Accuracy is confirmed for the %d test samples\n", num);
+ mp_clear(&d);
+
+ printf("Testing squaring ... \n");
+ srand((unsigned int)seed);
+ start = clock();
+ for (ix = 0; ix < num; ix++) {
+ mpp_random_size(&a, prec);
+ mp_sqr(&a, &c);
+ }
+ finish = clock();
+
+ d2 = (double)(finish - start) / CLOCKS_PER_SEC;
+
+ printf("Testing multiplication ... \n");
+ srand((unsigned int)seed);
+ start = clock();
+ for (ix = 0; ix < num; ix++) {
+ mpp_random(&a);
+ mp_mul(&a, &a, &c);
+ }
+ finish = clock();
+
+ d1 = (double)(finish - start) / CLOCKS_PER_SEC;
+
+ printf("Multiplication time: %.3f sec (%.3f each)\n", d1, d1 / num);
+ printf("Squaring time: %.3f sec (%.3f each)\n", d2, d2 / num);
+ printf("Improvement: %.2f%%\n", (1.0 - (d2 / d1)) * 100.0);
+
+ mp_clear(&c);
+ mp_clear(&a);
+
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-4.c b/lib/freebl/mpi/tests/mptest-4.c
index 300173977..0f326ac2c 100644
--- a/lib/freebl/mpi/tests/mptest-4.c
+++ b/lib/freebl/mpi/tests/mptest-4.c
@@ -15,79 +15,97 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix;
- mp_int a, b, c, m;
- mp_digit r;
+ int ix;
+ mp_int a, b, c, m;
+ mp_digit r;
- if(argc < 4) {
- fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
- return 1;
- }
+ if (argc < 4) {
+ fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
+ return 1;
+ }
- printf("Test 4: Modular arithmetic\n\n");
+ printf("Test 4: Modular arithmetic\n\n");
- mp_init(&a);
- mp_init(&b);
- mp_init(&m);
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&m);
- mp_read_radix(&a, argv[1], 10);
- mp_read_radix(&b, argv[2], 10);
- mp_read_radix(&m, argv[3], 10);
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- printf("m = "); mp_print(&m, stdout); fputc('\n', stdout);
-
- mp_init(&c);
- printf("\nc = a (mod m)\n");
+ mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&b, argv[2], 10);
+ mp_read_radix(&m, argv[3], 10);
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ printf("m = ");
+ mp_print(&m, stdout);
+ fputc('\n', stdout);
- mp_mod(&a, &m, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ mp_init(&c);
+ printf("\nc = a (mod m)\n");
- printf("\nc = b (mod m)\n");
+ mp_mod(&a, &m, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
- mp_mod(&b, &m, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("\nc = b (mod m)\n");
- printf("\nc = b (mod 1853)\n");
+ mp_mod(&b, &m, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
- mp_mod_d(&b, 1853, &r);
- printf("c = %04X\n", r);
+ printf("\nc = b (mod 1853)\n");
- printf("\nc = (a + b) mod m\n");
+ mp_mod_d(&b, 1853, &r);
+ printf("c = %04X\n", r);
- mp_addmod(&a, &b, &m, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("\nc = (a + b) mod m\n");
- printf("\nc = (a - b) mod m\n");
+ mp_addmod(&a, &b, &m, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
- mp_submod(&a, &b, &m, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("\nc = (a - b) mod m\n");
- printf("\nc = (a * b) mod m\n");
+ mp_submod(&a, &b, &m, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
- mp_mulmod(&a, &b, &m, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("\nc = (a * b) mod m\n");
- printf("\nc = (a ** b) mod m\n");
+ mp_mulmod(&a, &b, &m, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
- mp_exptmod(&a, &b, &m, &c);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("\nc = (a ** b) mod m\n");
- printf("\nIn-place modular squaring test:\n");
- for(ix = 0; ix < 5; ix++) {
- printf("a = (a * a) mod m a = ");
- mp_sqrmod(&a, &m, &a);
- mp_print(&a, stdout);
+ mp_exptmod(&a, &b, &m, &c);
+ printf("c = ");
+ mp_print(&c, stdout);
fputc('\n', stdout);
- }
-
- mp_clear(&c);
- mp_clear(&m);
- mp_clear(&b);
- mp_clear(&a);
+ printf("\nIn-place modular squaring test:\n");
+ for (ix = 0; ix < 5; ix++) {
+ printf("a = (a * a) mod m a = ");
+ mp_sqrmod(&a, &m, &a);
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ }
+
+ mp_clear(&c);
+ mp_clear(&m);
+ mp_clear(&b);
+ mp_clear(&a);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-4a.c b/lib/freebl/mpi/tests/mptest-4a.c
index 46d4a4d03..0c8e18872 100644
--- a/lib/freebl/mpi/tests/mptest-4a.c
+++ b/lib/freebl/mpi/tests/mptest-4a.c
@@ -1,5 +1,5 @@
-/*
- * mptest4a - modular exponentiation speed test
+/*
+ * mptest4a - modular exponentiation speed test
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -17,89 +17,93 @@
#include "mpprime.h"
typedef struct {
- unsigned int sec;
- unsigned int usec;
+ unsigned int sec;
+ unsigned int usec;
} instant_t;
-instant_t now(void)
+instant_t
+now(void)
{
- struct timeval clk;
- instant_t res;
+ struct timeval clk;
+ instant_t res;
- res.sec = res.usec = 0;
+ res.sec = res.usec = 0;
- if(gettimeofday(&clk, NULL) != 0)
- return res;
+ if (gettimeofday(&clk, NULL) != 0)
+ return res;
- res.sec = clk.tv_sec;
- res.usec = clk.tv_usec;
+ res.sec = clk.tv_sec;
+ res.usec = clk.tv_usec;
- return res;
+ return res;
}
extern mp_err s_mp_pad();
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix, num, prec = 8;
- unsigned int d;
- instant_t start, finish;
- time_t seed;
- mp_int a, m, c;
-
- seed = time(NULL);
-
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
- return 1;
- }
-
- if((num = atoi(argv[1])) < 0)
- num = -num;
-
- if(!num) {
- fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
- return 1;
- }
-
- if(argc > 2) {
- if((prec = atoi(argv[2])) <= 0)
- prec = 8;
- }
-
- printf("Test 3a: Modular exponentiation timing test\n"
- "Precision: %d digits (%d bits)\n"
- "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num);
-
- mp_init_size(&a, prec);
- mp_init_size(&m, prec);
- mp_init_size(&c, prec);
- s_mp_pad(&a, prec);
- s_mp_pad(&m, prec);
- s_mp_pad(&c, prec);
-
- printf("Testing modular exponentiation ... \n");
- srand((unsigned int)seed);
-
- start = now();
- for(ix = 0; ix < num; ix++) {
- mpp_random(&a);
- mpp_random(&c);
- mpp_random(&m);
- mp_exptmod(&a, &c, &m, &c);
- }
- finish = now();
-
- d = (finish.sec - start.sec) * 1000000;
- d -= start.usec; d += finish.usec;
-
- printf("Total time elapsed: %u usec\n", d);
- printf("Time per exponentiation: %u usec (%.3f sec)\n",
- (d / num), (double)(d / num) / 1000000);
-
- mp_clear(&c);
- mp_clear(&a);
- mp_clear(&m);
-
- return 0;
+ int ix, num, prec = 8;
+ unsigned int d;
+ instant_t start, finish;
+ time_t seed;
+ mp_int a, m, c;
+
+ seed = time(NULL);
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
+ return 1;
+ }
+
+ if ((num = atoi(argv[1])) < 0)
+ num = -num;
+
+ if (!num) {
+ fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+ return 1;
+ }
+
+ if (argc > 2) {
+ if ((prec = atoi(argv[2])) <= 0)
+ prec = 8;
+ }
+
+ printf("Test 3a: Modular exponentiation timing test\n"
+ "Precision: %d digits (%d bits)\n"
+ "# of tests: %d\n\n",
+ prec, prec * DIGIT_BIT, num);
+
+ mp_init_size(&a, prec);
+ mp_init_size(&m, prec);
+ mp_init_size(&c, prec);
+ s_mp_pad(&a, prec);
+ s_mp_pad(&m, prec);
+ s_mp_pad(&c, prec);
+
+ printf("Testing modular exponentiation ... \n");
+ srand((unsigned int)seed);
+
+ start = now();
+ for (ix = 0; ix < num; ix++) {
+ mpp_random(&a);
+ mpp_random(&c);
+ mpp_random(&m);
+ mp_exptmod(&a, &c, &m, &c);
+ }
+ finish = now();
+
+ d = (finish.sec - start.sec) * 1000000;
+ d -= start.usec;
+ d += finish.usec;
+
+ printf("Total time elapsed: %u usec\n", d);
+ printf("Time per exponentiation: %u usec (%.3f sec)\n",
+ (d / num), (double)(d / num) / 1000000);
+
+ mp_clear(&c);
+ mp_clear(&a);
+ mp_clear(&m);
+
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-4b.c b/lib/freebl/mpi/tests/mptest-4b.c
index b8e15bab0..1bb2f911f 100644
--- a/lib/freebl/mpi/tests/mptest-4b.c
+++ b/lib/freebl/mpi/tests/mptest-4b.c
@@ -19,84 +19,89 @@
#include "mpi.h"
#include "mpprime.h"
-char *g_prime =
- "34BD53C07350E817CCD49721020F1754527959C421C1533244769D4CF060A8B1C3DA"
- "25094BE723FB1E2369B55FEEBBE0FAC16425161BF82684062B5EC5D7D47D1B23C117"
- "0FA19745E44A55E148314E582EB813AC9EE5126295E2E380CACC2F6D206B293E5ED9"
- "23B54EE961A8C69CD625CE4EC38B70C649D7F014432AEF3A1C93";
+char *g_prime =
+ "34BD53C07350E817CCD49721020F1754527959C421C1533244769D4CF060A8B1C3DA"
+ "25094BE723FB1E2369B55FEEBBE0FAC16425161BF82684062B5EC5D7D47D1B23C117"
+ "0FA19745E44A55E148314E582EB813AC9EE5126295E2E380CACC2F6D206B293E5ED9"
+ "23B54EE961A8C69CD625CE4EC38B70C649D7F014432AEF3A1C93";
char *g_gen = "5";
typedef struct {
- unsigned int sec;
- unsigned int usec;
+ unsigned int sec;
+ unsigned int usec;
} instant_t;
-instant_t now(void)
+instant_t
+now(void)
{
- struct timeval clk;
- instant_t res;
+ struct timeval clk;
+ instant_t res;
- res.sec = res.usec = 0;
+ res.sec = res.usec = 0;
- if(gettimeofday(&clk, NULL) != 0)
- return res;
+ if (gettimeofday(&clk, NULL) != 0)
+ return res;
- res.sec = clk.tv_sec;
- res.usec = clk.tv_usec;
+ res.sec = clk.tv_sec;
+ res.usec = clk.tv_usec;
- return res;
+ return res;
}
extern mp_err s_mp_pad();
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- instant_t start, finish;
- mp_int prime, gen, expt, res;
- unsigned int ix, diff;
- int num;
+ instant_t start, finish;
+ mp_int prime, gen, expt, res;
+ unsigned int ix, diff;
+ int num;
- srand(time(NULL));
+ srand(time(NULL));
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
+ return 1;
+ }
- if((num = atoi(argv[1])) < 0)
- num = -num;
+ if ((num = atoi(argv[1])) < 0)
+ num = -num;
- if(num == 0)
- ++num;
+ if (num == 0)
+ ++num;
- mp_init(&prime); mp_init(&gen); mp_init(&res);
- mp_read_radix(&prime, g_prime, 16);
- mp_read_radix(&gen, g_gen, 16);
+ mp_init(&prime);
+ mp_init(&gen);
+ mp_init(&res);
+ mp_read_radix(&prime, g_prime, 16);
+ mp_read_radix(&gen, g_gen, 16);
- mp_init_size(&expt, USED(&prime) - 1);
- s_mp_pad(&expt, USED(&prime) - 1);
+ mp_init_size(&expt, USED(&prime) - 1);
+ s_mp_pad(&expt, USED(&prime) - 1);
- printf("Testing %d modular exponentations ... \n", num);
+ printf("Testing %d modular exponentations ... \n", num);
- start = now();
- for(ix = 0; ix < num; ix++) {
- mpp_random(&expt);
- mp_exptmod(&gen, &expt, &prime, &res);
- }
- finish = now();
+ start = now();
+ for (ix = 0; ix < num; ix++) {
+ mpp_random(&expt);
+ mp_exptmod(&gen, &expt, &prime, &res);
+ }
+ finish = now();
- diff = (finish.sec - start.sec) * 1000000;
- diff += finish.usec; diff -= start.usec;
+ diff = (finish.sec - start.sec) * 1000000;
+ diff += finish.usec;
+ diff -= start.usec;
- printf("%d operations took %u usec (%.3f sec)\n",
- num, diff, (double)diff / 1000000.0);
- printf("That is %.3f sec per operation.\n",
- ((double)diff / 1000000.0) / num);
+ printf("%d operations took %u usec (%.3f sec)\n",
+ num, diff, (double)diff / 1000000.0);
+ printf("That is %.3f sec per operation.\n",
+ ((double)diff / 1000000.0) / num);
- mp_clear(&expt);
- mp_clear(&res);
- mp_clear(&gen);
- mp_clear(&prime);
+ mp_clear(&expt);
+ mp_clear(&res);
+ mp_clear(&gen);
+ mp_clear(&prime);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-5.c b/lib/freebl/mpi/tests/mptest-5.c
index 73e89018f..dff3ed470 100644
--- a/lib/freebl/mpi/tests/mptest-5.c
+++ b/lib/freebl/mpi/tests/mptest-5.c
@@ -15,56 +15,71 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a, b, c, x, y;
+ mp_int a, b, c, x, y;
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
- return 1;
- }
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+ return 1;
+ }
- printf("Test 5: Number theoretic functions\n\n");
+ printf("Test 5: Number theoretic functions\n\n");
- mp_init(&a);
- mp_init(&b);
+ mp_init(&a);
+ mp_init(&b);
- mp_read_radix(&a, argv[1], 10);
- mp_read_radix(&b, argv[2], 10);
+ mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&b, argv[2], 10);
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
-
- mp_init(&c);
- printf("\nc = (a, b)\n");
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
- mp_gcd(&a, &b, &c);
- printf("Euclid: c = "); mp_print(&c, stdout); fputc('\n', stdout);
-/*
- mp_bgcd(&a, &b, &c);
- printf("Binary: c = "); mp_print(&c, stdout); fputc('\n', stdout);
-*/
- mp_init(&x);
- mp_init(&y);
- printf("\nc = (a, b) = ax + by\n");
+ mp_init(&c);
+ printf("\nc = (a, b)\n");
+
+ mp_gcd(&a, &b, &c);
+ printf("Euclid: c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ /*
+ mp_bgcd(&a, &b, &c);
+ printf("Binary: c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ */
+ mp_init(&x);
+ mp_init(&y);
+ printf("\nc = (a, b) = ax + by\n");
- mp_xgcd(&a, &b, &c, &x, &y);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- printf("x = "); mp_print(&x, stdout); fputc('\n', stdout);
- printf("y = "); mp_print(&y, stdout); fputc('\n', stdout);
+ mp_xgcd(&a, &b, &c, &x, &y);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ printf("x = ");
+ mp_print(&x, stdout);
+ fputc('\n', stdout);
+ printf("y = ");
+ mp_print(&y, stdout);
+ fputc('\n', stdout);
- printf("\nc = a^-1 (mod b)\n");
- if(mp_invmod(&a, &b, &c) == MP_UNDEF) {
- printf("a has no inverse mod b\n");
- } else {
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- }
+ printf("\nc = a^-1 (mod b)\n");
+ if (mp_invmod(&a, &b, &c) == MP_UNDEF) {
+ printf("a has no inverse mod b\n");
+ } else {
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ }
- mp_clear(&y);
- mp_clear(&x);
- mp_clear(&c);
- mp_clear(&b);
- mp_clear(&a);
+ mp_clear(&y);
+ mp_clear(&x);
+ mp_clear(&c);
+ mp_clear(&b);
+ mp_clear(&a);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-5a.c b/lib/freebl/mpi/tests/mptest-5a.c
index c7b29f71b..c410a6a84 100644
--- a/lib/freebl/mpi/tests/mptest-5a.c
+++ b/lib/freebl/mpi/tests/mptest-5a.c
@@ -20,113 +20,128 @@
#include "mpprime.h"
typedef struct {
- unsigned int sec;
- unsigned int usec;
+ unsigned int sec;
+ unsigned int usec;
} instant_t;
-instant_t now(void)
+instant_t
+now(void)
{
- struct timeval clk;
- instant_t res;
+ struct timeval clk;
+ instant_t res;
- res.sec = res.usec = 0;
+ res.sec = res.usec = 0;
- if(gettimeofday(&clk, NULL) != 0)
- return res;
+ if (gettimeofday(&clk, NULL) != 0)
+ return res;
- res.sec = clk.tv_sec;
- res.usec = clk.tv_usec;
+ res.sec = clk.tv_sec;
+ res.usec = clk.tv_usec;
- return res;
+ return res;
}
#define PRECISION 16
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix, num, prec = PRECISION;
- mp_int a, b, c, d;
- instant_t start, finish;
- time_t seed;
- unsigned int d1, d2;
-
- seed = time(NULL);
-
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
- return 1;
- }
-
- if((num = atoi(argv[1])) < 0)
- num = -num;
-
- printf("Test 5a: Euclid vs. Binary, a GCD speed test\n\n"
- "Number of tests: %d\n"
- "Precision: %d digits\n\n", num, prec);
-
- mp_init_size(&a, prec);
- mp_init_size(&b, prec);
- mp_init(&c);
- mp_init(&d);
-
- printf("Verifying accuracy ... \n");
- srand((unsigned int)seed);
- for(ix = 0; ix < num; ix++) {
- mpp_random_size(&a, prec);
- mpp_random_size(&b, prec);
-
- mp_gcd(&a, &b, &c);
- mp_bgcd(&a, &b, &d);
-
- if(mp_cmp(&c, &d) != 0) {
- printf("Error! Results not accurate:\n");
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
-
- mp_clear(&a); mp_clear(&b); mp_clear(&c); mp_clear(&d);
- return 1;
+ int ix, num, prec = PRECISION;
+ mp_int a, b, c, d;
+ instant_t start, finish;
+ time_t seed;
+ unsigned int d1, d2;
+
+ seed = time(NULL);
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
+ return 1;
+ }
+
+ if ((num = atoi(argv[1])) < 0)
+ num = -num;
+
+ printf("Test 5a: Euclid vs. Binary, a GCD speed test\n\n"
+ "Number of tests: %d\n"
+ "Precision: %d digits\n\n",
+ num, prec);
+
+ mp_init_size(&a, prec);
+ mp_init_size(&b, prec);
+ mp_init(&c);
+ mp_init(&d);
+
+ printf("Verifying accuracy ... \n");
+ srand((unsigned int)seed);
+ for (ix = 0; ix < num; ix++) {
+ mpp_random_size(&a, prec);
+ mpp_random_size(&b, prec);
+
+ mp_gcd(&a, &b, &c);
+ mp_bgcd(&a, &b, &d);
+
+ if (mp_cmp(&c, &d) != 0) {
+ printf("Error! Results not accurate:\n");
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ printf("d = ");
+ mp_print(&d, stdout);
+ fputc('\n', stdout);
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&c);
+ mp_clear(&d);
+ return 1;
+ }
}
- }
- mp_clear(&d);
- printf("Accuracy confirmed for the %d test samples\n", num);
-
- printf("Testing Euclid ... \n");
- srand((unsigned int)seed);
- start = now();
- for(ix = 0; ix < num; ix++) {
- mpp_random_size(&a, prec);
- mpp_random_size(&b, prec);
- mp_gcd(&a, &b, &c);
-
- }
- finish = now();
-
- d1 = (finish.sec - start.sec) * 1000000;
- d1 -= start.usec; d1 += finish.usec;
-
- printf("Testing binary ... \n");
- srand((unsigned int)seed);
- start = now();
- for(ix = 0; ix < num; ix++) {
- mpp_random_size(&a, prec);
- mpp_random_size(&b, prec);
- mp_bgcd(&a, &b, &c);
- }
- finish = now();
-
- d2 = (finish.sec - start.sec) * 1000000;
- d2 -= start.usec; d2 += finish.usec;
-
- printf("Euclidean algorithm time: %u usec\n", d1);
- printf("Binary algorithm time: %u usec\n", d2);
- printf("Improvement: %.2f%%\n",
- (1.0 - ((double)d2 / (double)d1)) * 100.0);
-
- mp_clear(&c);
- mp_clear(&b);
- mp_clear(&a);
-
- return 0;
+ mp_clear(&d);
+ printf("Accuracy confirmed for the %d test samples\n", num);
+
+ printf("Testing Euclid ... \n");
+ srand((unsigned int)seed);
+ start = now();
+ for (ix = 0; ix < num; ix++) {
+ mpp_random_size(&a, prec);
+ mpp_random_size(&b, prec);
+ mp_gcd(&a, &b, &c);
+ }
+ finish = now();
+
+ d1 = (finish.sec - start.sec) * 1000000;
+ d1 -= start.usec;
+ d1 += finish.usec;
+
+ printf("Testing binary ... \n");
+ srand((unsigned int)seed);
+ start = now();
+ for (ix = 0; ix < num; ix++) {
+ mpp_random_size(&a, prec);
+ mpp_random_size(&b, prec);
+ mp_bgcd(&a, &b, &c);
+ }
+ finish = now();
+
+ d2 = (finish.sec - start.sec) * 1000000;
+ d2 -= start.usec;
+ d2 += finish.usec;
+
+ printf("Euclidean algorithm time: %u usec\n", d1);
+ printf("Binary algorithm time: %u usec\n", d2);
+ printf("Improvement: %.2f%%\n",
+ (1.0 - ((double)d2 / (double)d1)) * 100.0);
+
+ mp_clear(&c);
+ mp_clear(&b);
+ mp_clear(&a);
+
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-6.c b/lib/freebl/mpi/tests/mptest-6.c
index d39b3d4f4..4febf39c5 100644
--- a/lib/freebl/mpi/tests/mptest-6.c
+++ b/lib/freebl/mpi/tests/mptest-6.c
@@ -15,64 +15,64 @@
#include "mpi.h"
-void print_buf(FILE *ofp, char *buf, int len)
+void
+print_buf(FILE *ofp, char *buf, int len)
{
- int ix, brk = 0;
+ int ix, brk = 0;
- for(ix = 0; ix < len; ix++) {
- fprintf(ofp, "%02X ", buf[ix]);
+ for (ix = 0; ix < len; ix++) {
+ fprintf(ofp, "%02X ", buf[ix]);
- brk = (brk + 1) & 0xF;
- if(!brk)
- fputc('\n', ofp);
- }
-
- if(brk)
- fputc('\n', ofp);
+ brk = (brk + 1) & 0xF;
+ if (!brk)
+ fputc('\n', ofp);
+ }
+ if (brk)
+ fputc('\n', ofp);
}
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix, size;
- mp_int a;
- char *buf;
+ int ix, size;
+ mp_int a;
+ char *buf;
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <a>\n", argv[0]);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+ return 1;
+ }
- printf("Test 6: Output functions\n\n");
+ printf("Test 6: Output functions\n\n");
- mp_init(&a);
+ mp_init(&a);
- mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&a, argv[1], 10);
- printf("\nConverting to a string:\n");
+ printf("\nConverting to a string:\n");
- printf("Rx Size Representation\n");
- for(ix = 2; ix <= MAX_RADIX; ix++) {
- size = mp_radix_size(&a, ix);
+ printf("Rx Size Representation\n");
+ for (ix = 2; ix <= MAX_RADIX; ix++) {
+ size = mp_radix_size(&a, ix);
- buf = calloc(size, sizeof(char));
- mp_toradix(&a, buf, ix);
- printf("%2d: %3d: %s\n", ix, size, buf);
- free(buf);
+ buf = calloc(size, sizeof(char));
+ mp_toradix(&a, buf, ix);
+ printf("%2d: %3d: %s\n", ix, size, buf);
+ free(buf);
+ }
- }
+ printf("\nRaw output:\n");
+ size = mp_raw_size(&a);
+ buf = calloc(size, sizeof(char));
- printf("\nRaw output:\n");
- size = mp_raw_size(&a);
- buf = calloc(size, sizeof(char));
+ printf("Size: %d bytes\n", size);
- printf("Size: %d bytes\n", size);
+ mp_toraw(&a, buf);
+ print_buf(stdout, buf, size);
+ free(buf);
- mp_toraw(&a, buf);
- print_buf(stdout, buf, size);
- free(buf);
-
- mp_clear(&a);
+ mp_clear(&a);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-7.c b/lib/freebl/mpi/tests/mptest-7.c
index bc86029eb..1e83fbf96 100644
--- a/lib/freebl/mpi/tests/mptest-7.c
+++ b/lib/freebl/mpi/tests/mptest-7.c
@@ -19,56 +19,67 @@
#include "mpprime.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_digit num;
- mp_int a, b;
-
- srand(time(NULL));
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
- return 1;
- }
-
- printf("Test 7: Random & divisibility tests\n\n");
-
- mp_init(&a);
- mp_init(&b);
-
- mp_read_radix(&a, argv[1], 10);
- mp_read_radix(&b, argv[2], 10);
-
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
-
- if(mpp_divis(&a, &b) == MP_YES)
- printf("a is divisible by b\n");
- else
- printf("a is not divisible by b\n");
-
- if(mpp_divis(&b, &a) == MP_YES)
- printf("b is divisible by a\n");
- else
- printf("b is not divisible by a\n");
-
- printf("\nb = mpp_random()\n");
- mpp_random(&b);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- mpp_random(&b);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- mpp_random(&b);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
-
- printf("\nTesting a for divisibility by first 170 primes\n");
- num = 170;
- if(mpp_divis_primes(&a, &num) == MP_YES)
- printf("It is divisible by at least one of them\n");
- else
- printf("It is not divisible by any of them\n");
-
- mp_clear(&b);
- mp_clear(&a);
-
- return 0;
+ mp_digit num;
+ mp_int a, b;
+
+ srand(time(NULL));
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+ return 1;
+ }
+
+ printf("Test 7: Random & divisibility tests\n\n");
+
+ mp_init(&a);
+ mp_init(&b);
+
+ mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&b, argv[2], 10);
+
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+
+ if (mpp_divis(&a, &b) == MP_YES)
+ printf("a is divisible by b\n");
+ else
+ printf("a is not divisible by b\n");
+
+ if (mpp_divis(&b, &a) == MP_YES)
+ printf("b is divisible by a\n");
+ else
+ printf("b is not divisible by a\n");
+
+ printf("\nb = mpp_random()\n");
+ mpp_random(&b);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ mpp_random(&b);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ mpp_random(&b);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+
+ printf("\nTesting a for divisibility by first 170 primes\n");
+ num = 170;
+ if (mpp_divis_primes(&a, &num) == MP_YES)
+ printf("It is divisible by at least one of them\n");
+ else
+ printf("It is not divisible by any of them\n");
+
+ mp_clear(&b);
+ mp_clear(&a);
+
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-8.c b/lib/freebl/mpi/tests/mptest-8.c
index 8be438c2e..a9d3afff9 100644
--- a/lib/freebl/mpi/tests/mptest-8.c
+++ b/lib/freebl/mpi/tests/mptest-8.c
@@ -19,47 +19,50 @@
#include "mpprime.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix;
- mp_digit num;
- mp_int a;
+ int ix;
+ mp_digit num;
+ mp_int a;
- srand(time(NULL));
+ srand(time(NULL));
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <a>\n", argv[0]);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+ return 1;
+ }
- printf("Test 8: Probabilistic primality testing\n\n");
+ printf("Test 8: Probabilistic primality testing\n\n");
- mp_init(&a);
+ mp_init(&a);
- mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&a, argv[1], 10);
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
- printf("\nChecking for divisibility by small primes ... \n");
- num = 170;
- if(mpp_divis_primes(&a, &num) == MP_YES) {
- printf("it is not prime\n");
- goto CLEANUP;
- }
- printf("Passed that test (not divisible by any small primes).\n");
+ printf("\nChecking for divisibility by small primes ... \n");
+ num = 170;
+ if (mpp_divis_primes(&a, &num) == MP_YES) {
+ printf("it is not prime\n");
+ goto CLEANUP;
+ }
+ printf("Passed that test (not divisible by any small primes).\n");
- for(ix = 0; ix < 10; ix++) {
- printf("\nPerforming Rabin-Miller test, iteration %d\n", ix + 1);
+ for (ix = 0; ix < 10; ix++) {
+ printf("\nPerforming Rabin-Miller test, iteration %d\n", ix + 1);
- if(mpp_pprime(&a, 5) == MP_NO) {
- printf("it is not prime\n");
- goto CLEANUP;
+ if (mpp_pprime(&a, 5) == MP_NO) {
+ printf("it is not prime\n");
+ goto CLEANUP;
+ }
}
- }
- printf("All tests passed; a is probably prime\n");
+ printf("All tests passed; a is probably prime\n");
CLEANUP:
- mp_clear(&a);
+ mp_clear(&a);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/tests/mptest-9.c b/lib/freebl/mpi/tests/mptest-9.c
index 210adca59..133264e89 100644
--- a/lib/freebl/mpi/tests/mptest-9.c
+++ b/lib/freebl/mpi/tests/mptest-9.c
@@ -17,67 +17,93 @@
#include "mpi.h"
#include "mplogic.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a, b, c;
- int pco;
- mp_err res;
-
- printf("Test 9: Logical functions\n\n");
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
- return 1;
- }
-
- mp_init(&a); mp_init(&b); mp_init(&c);
- mp_read_radix(&a, argv[1], 16);
- mp_read_radix(&b, argv[2], 16);
-
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
-
- mpl_not(&a, &c);
- printf("~a = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mpl_and(&a, &b, &c);
- printf("a & b = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mpl_or(&a, &b, &c);
- printf("a | b = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mpl_xor(&a, &b, &c);
- printf("a ^ b = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mpl_rsh(&a, &c, 1);
- printf("a >> 1 = "); mp_print(&c, stdout); fputc('\n', stdout);
- mpl_rsh(&a, &c, 5);
- printf("a >> 5 = "); mp_print(&c, stdout); fputc('\n', stdout);
- mpl_rsh(&a, &c, 16);
- printf("a >> 16 = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mpl_lsh(&a, &c, 1);
- printf("a << 1 = "); mp_print(&c, stdout); fputc('\n', stdout);
- mpl_lsh(&a, &c, 5);
- printf("a << 5 = "); mp_print(&c, stdout); fputc('\n', stdout);
- mpl_lsh(&a, &c, 16);
- printf("a << 16 = "); mp_print(&c, stdout); fputc('\n', stdout);
-
- mpl_num_set(&a, &pco);
- printf("population(a) = %d\n", pco);
- mpl_num_set(&b, &pco);
- printf("population(b) = %d\n", pco);
-
- res = mpl_parity(&a);
- if(res == MP_EVEN)
- printf("a has even parity\n");
- else
- printf("a has odd parity\n");
-
- mp_clear(&c);
- mp_clear(&b);
- mp_clear(&a);
-
- return 0;
+ mp_int a, b, c;
+ int pco;
+ mp_err res;
+
+ printf("Test 9: Logical functions\n\n");
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+ return 1;
+ }
+
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&c);
+ mp_read_radix(&a, argv[1], 16);
+ mp_read_radix(&b, argv[2], 16);
+
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+
+ mpl_not(&a, &c);
+ printf("~a = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mpl_and(&a, &b, &c);
+ printf("a & b = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mpl_or(&a, &b, &c);
+ printf("a | b = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mpl_xor(&a, &b, &c);
+ printf("a ^ b = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mpl_rsh(&a, &c, 1);
+ printf("a >> 1 = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ mpl_rsh(&a, &c, 5);
+ printf("a >> 5 = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ mpl_rsh(&a, &c, 16);
+ printf("a >> 16 = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mpl_lsh(&a, &c, 1);
+ printf("a << 1 = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ mpl_lsh(&a, &c, 5);
+ printf("a << 5 = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ mpl_lsh(&a, &c, 16);
+ printf("a << 16 = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+
+ mpl_num_set(&a, &pco);
+ printf("population(a) = %d\n", pco);
+ mpl_num_set(&b, &pco);
+ printf("population(b) = %d\n", pco);
+
+ res = mpl_parity(&a);
+ if (res == MP_EVEN)
+ printf("a has even parity\n");
+ else
+ printf("a has odd parity\n");
+
+ mp_clear(&c);
+ mp_clear(&b);
+ mp_clear(&a);
+
+ return 0;
}
-
diff --git a/lib/freebl/mpi/tests/mptest-b.c b/lib/freebl/mpi/tests/mptest-b.c
index 51ffc202c..07f30eaf8 100644
--- a/lib/freebl/mpi/tests/mptest-b.c
+++ b/lib/freebl/mpi/tests/mptest-b.c
@@ -15,14 +15,15 @@
#include "mp_gf2m.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix;
- mp_int pp, a, b, x, y, order;
- mp_int c, d, e;
+ int ix;
+ mp_int pp, a, b, x, y, order;
+ mp_int c, d, e;
mp_digit r;
- mp_err res;
- unsigned int p[] = {163,7,6,3,0};
+ mp_err res;
+ unsigned int p[] = { 163, 7, 6, 3, 0 };
unsigned int ptemp[10];
printf("Test b: Binary Polynomial Arithmetic\n\n");
@@ -40,12 +41,24 @@ int main(int argc, char *argv[])
mp_read_radix(&x, "03F0EBA16286A2D57EA0991168D4994637E8343E36", 16);
mp_read_radix(&y, "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 16);
mp_read_radix(&order, "040000000000000000000292FE77E70C12A4234C33", 16);
- printf("pp = "); mp_print(&pp, stdout); fputc('\n', stdout);
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- printf("x = "); mp_print(&x, stdout); fputc('\n', stdout);
- printf("y = "); mp_print(&y, stdout); fputc('\n', stdout);
- printf("order = "); mp_print(&order, stdout); fputc('\n', stdout);
+ printf("pp = ");
+ mp_print(&pp, stdout);
+ fputc('\n', stdout);
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ printf("x = ");
+ mp_print(&x, stdout);
+ fputc('\n', stdout);
+ printf("y = ");
+ mp_print(&y, stdout);
+ fputc('\n', stdout);
+ printf("order = ");
+ mp_print(&order, stdout);
+ fputc('\n', stdout);
mp_init(&c);
mp_init(&d);
@@ -54,121 +67,152 @@ int main(int argc, char *argv[])
/* Test polynomial conversion */
ix = mp_bpoly2arr(&pp, ptemp, 10);
if (
- (ix != 5) ||
- (ptemp[0] != p[0]) ||
- (ptemp[1] != p[1]) ||
- (ptemp[2] != p[2]) ||
- (ptemp[3] != p[3]) ||
- (ptemp[4] != p[4])
- ) {
- printf("Polynomial to array conversion not correct\n");
- return -1;
+ (ix != 5) ||
+ (ptemp[0] != p[0]) ||
+ (ptemp[1] != p[1]) ||
+ (ptemp[2] != p[2]) ||
+ (ptemp[3] != p[3]) ||
+ (ptemp[4] != p[4])) {
+ printf("Polynomial to array conversion not correct\n");
+ return -1;
}
printf("Polynomial conversion test #1 successful.\n");
- MP_CHECKOK( mp_barr2poly(p, &c) );
+ MP_CHECKOK(mp_barr2poly(p, &c));
if (mp_cmp(&pp, &c) != 0) {
- printf("Array to polynomial conversion not correct\n");
+ printf("Array to polynomial conversion not correct\n");
return -1;
}
printf("Polynomial conversion test #2 successful.\n");
/* Test addition */
- MP_CHECKOK( mp_badd(&a, &a, &c) );
+ MP_CHECKOK(mp_badd(&a, &a, &c));
if (mp_cmp_z(&c) != 0) {
- printf("a+a should equal zero\n");
+ printf("a+a should equal zero\n");
return -1;
}
printf("Addition test #1 successful.\n");
- MP_CHECKOK( mp_badd(&a, &b, &c) );
- MP_CHECKOK( mp_badd(&b, &c, &c) );
+ MP_CHECKOK(mp_badd(&a, &b, &c));
+ MP_CHECKOK(mp_badd(&b, &c, &c));
if (mp_cmp(&c, &a) != 0) {
- printf("c = (a + b) + b should equal a\n");
- printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("c = (a + b) + b should equal a\n");
+ printf("a = ");
+ mp_print(&a, stdout);
+ fputc('\n', stdout);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Addition test #2 successful.\n");
-
+
/* Test multiplication */
mp_set(&c, 2);
- MP_CHECKOK( mp_bmul(&b, &c, &c) );
- MP_CHECKOK( mp_badd(&b, &c, &c) );
+ MP_CHECKOK(mp_bmul(&b, &c, &c));
+ MP_CHECKOK(mp_badd(&b, &c, &c));
mp_set(&d, 3);
- MP_CHECKOK( mp_bmul(&b, &d, &d) );
+ MP_CHECKOK(mp_bmul(&b, &d, &d));
if (mp_cmp(&c, &d) != 0) {
- printf("c = (2 * b) + b should equal c = 3 * b\n");
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
+ printf("c = (2 * b) + b should equal c = 3 * b\n");
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ printf("d = ");
+ mp_print(&d, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Multiplication test #1 successful.\n");
/* Test modular reduction */
- MP_CHECKOK( mp_bmod(&b, p, &c) );
+ MP_CHECKOK(mp_bmod(&b, p, &c));
if (mp_cmp(&b, &c) != 0) {
- printf("c = b mod p should equal b\n");
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("c = b mod p should equal b\n");
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Modular reduction test #1 successful.\n");
- MP_CHECKOK( mp_badd(&b, &pp, &c) );
- MP_CHECKOK( mp_bmod(&c, p, &c) );
+ MP_CHECKOK(mp_badd(&b, &pp, &c));
+ MP_CHECKOK(mp_bmod(&c, p, &c));
if (mp_cmp(&b, &c) != 0) {
- printf("c = (b + p) mod p should equal b\n");
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("c = (b + p) mod p should equal b\n");
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Modular reduction test #2 successful.\n");
- MP_CHECKOK( mp_bmul(&b, &pp, &c) );
- MP_CHECKOK( mp_bmod(&c, p, &c) );
+ MP_CHECKOK(mp_bmul(&b, &pp, &c));
+ MP_CHECKOK(mp_bmod(&c, p, &c));
if (mp_cmp_z(&c) != 0) {
- printf("c = (b * p) mod p should equal 0\n");
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("c = (b * p) mod p should equal 0\n");
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Modular reduction test #3 successful.\n");
/* Test modular multiplication */
- MP_CHECKOK( mp_bmulmod(&b, &pp, p, &c) );
+ MP_CHECKOK(mp_bmulmod(&b, &pp, p, &c));
if (mp_cmp_z(&c) != 0) {
- printf("c = (b * p) mod p should equal 0\n");
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("c = (b * p) mod p should equal 0\n");
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Modular multiplication test #1 successful.\n");
mp_set(&c, 1);
- MP_CHECKOK( mp_badd(&pp, &c, &c) );
- MP_CHECKOK( mp_bmulmod(&b, &c, p, &c) );
+ MP_CHECKOK(mp_badd(&pp, &c, &c));
+ MP_CHECKOK(mp_bmulmod(&b, &c, p, &c));
if (mp_cmp(&b, &c) != 0) {
- printf("c = (b * (p + 1)) mod p should equal b\n");
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("c = (b * (p + 1)) mod p should equal b\n");
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Modular multiplication test #2 successful.\n");
/* Test modular squaring */
- MP_CHECKOK( mp_copy(&b, &c) );
- MP_CHECKOK( mp_bmulmod(&b, &c, p, &c) );
- MP_CHECKOK( mp_bsqrmod(&b, p, &d) );
+ MP_CHECKOK(mp_copy(&b, &c));
+ MP_CHECKOK(mp_bmulmod(&b, &c, p, &c));
+ MP_CHECKOK(mp_bsqrmod(&b, p, &d));
if (mp_cmp(&c, &d) != 0) {
- printf("c = (b * b) mod p should equal d = b^2 mod p\n");
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
- printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
+ printf("c = (b * b) mod p should equal d = b^2 mod p\n");
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
+ printf("d = ");
+ mp_print(&d, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Modular squaring test #1 successful.\n");
-
+
/* Test modular division */
- MP_CHECKOK( mp_bdivmod(&b, &x, &pp, p, &c) );
- MP_CHECKOK( mp_bmulmod(&c, &x, p, &c) );
+ MP_CHECKOK(mp_bdivmod(&b, &x, &pp, p, &c));
+ MP_CHECKOK(mp_bmulmod(&c, &x, p, &c));
if (mp_cmp(&b, &c) != 0) {
- printf("c = (b / x) * x mod p should equal b\n");
- printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
- printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+ printf("c = (b / x) * x mod p should equal b\n");
+ printf("b = ");
+ mp_print(&b, stdout);
+ fputc('\n', stdout);
+ printf("c = ");
+ mp_print(&c, stdout);
+ fputc('\n', stdout);
return -1;
}
printf("Modular division test #1 successful.\n");
diff --git a/lib/freebl/mpi/utils/basecvt.c b/lib/freebl/mpi/utils/basecvt.c
index 6cfda55fa..0e9915406 100644
--- a/lib/freebl/mpi/utils/basecvt.c
+++ b/lib/freebl/mpi/utils/basecvt.c
@@ -15,53 +15,54 @@
#include "mpi.h"
-#define IBASE 10
-#define OBASE 16
-#define USAGE "Usage: %s ibase obase [value]\n"
-#define MAXBASE 64
-#define MINBASE 2
+#define IBASE 10
+#define OBASE 16
+#define USAGE "Usage: %s ibase obase [value]\n"
+#define MAXBASE 64
+#define MINBASE 2
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix, ibase = IBASE, obase = OBASE;
- mp_int val;
+ int ix, ibase = IBASE, obase = OBASE;
+ mp_int val;
- ix = 1;
- if(ix < argc) {
- ibase = atoi(argv[ix++]);
-
- if(ibase < MINBASE || ibase > MAXBASE) {
- fprintf(stderr, "%s: input radix must be between %d and %d inclusive\n",
- argv[0], MINBASE, MAXBASE);
- return 1;
+ ix = 1;
+ if (ix < argc) {
+ ibase = atoi(argv[ix++]);
+
+ if (ibase < MINBASE || ibase > MAXBASE) {
+ fprintf(stderr, "%s: input radix must be between %d and %d inclusive\n",
+ argv[0], MINBASE, MAXBASE);
+ return 1;
+ }
}
- }
- if(ix < argc) {
- obase = atoi(argv[ix++]);
+ if (ix < argc) {
+ obase = atoi(argv[ix++]);
- if(obase < MINBASE || obase > MAXBASE) {
- fprintf(stderr, "%s: output radix must be between %d and %d inclusive\n",
- argv[0], MINBASE, MAXBASE);
- return 1;
+ if (obase < MINBASE || obase > MAXBASE) {
+ fprintf(stderr, "%s: output radix must be between %d and %d inclusive\n",
+ argv[0], MINBASE, MAXBASE);
+ return 1;
+ }
}
- }
- mp_init(&val);
- while(ix < argc) {
- char *out;
- int outlen;
+ mp_init(&val);
+ while (ix < argc) {
+ char *out;
+ int outlen;
- mp_read_radix(&val, argv[ix++], ibase);
+ mp_read_radix(&val, argv[ix++], ibase);
- outlen = mp_radix_size(&val, obase);
- out = calloc(outlen, sizeof(char));
- mp_toradix(&val, out, obase);
+ outlen = mp_radix_size(&val, obase);
+ out = calloc(outlen, sizeof(char));
+ mp_toradix(&val, out, obase);
- printf("%s\n", out);
- free(out);
- }
+ printf("%s\n", out);
+ free(out);
+ }
- mp_clear(&val);
+ mp_clear(&val);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/utils/bbs_rand.c b/lib/freebl/mpi/utils/bbs_rand.c
index c905b0f69..fed2fe2e6 100644
--- a/lib/freebl/mpi/utils/bbs_rand.c
+++ b/lib/freebl/mpi/utils/bbs_rand.c
@@ -7,55 +7,57 @@
#include "bbs_rand.h"
-#define SEED 1
-#define MODULUS 2
+#define SEED 1
+#define MODULUS 2
/* This modulus is the product of two randomly generated 512-bit
prime integers, each of which is congruent to 3 (mod 4). */
-static char *bbs_modulus =
-"75A2A6E1D27393B86562B9CE7279A8403CB4258A637DAB5233465373E37837383EDC"
-"332282B8575927BC4172CE8C147B4894050EE9D2BDEED355C121037270CA2570D127"
-"7D2390CD1002263326635CC6B259148DE3A1A03201980A925E395E646A5E9164B0EC"
-"28559EBA58C87447245ADD0651EDA507056A1129E3A3E16E903D64B437";
+static char *bbs_modulus =
+ "75A2A6E1D27393B86562B9CE7279A8403CB4258A637DAB5233465373E37837383EDC"
+ "332282B8575927BC4172CE8C147B4894050EE9D2BDEED355C121037270CA2570D127"
+ "7D2390CD1002263326635CC6B259148DE3A1A03201980A925E395E646A5E9164B0EC"
+ "28559EBA58C87447245ADD0651EDA507056A1129E3A3E16E903D64B437";
-static int bbs_init = 0; /* flag set when library is initialized */
-static mp_int bbs_state; /* the current state of the generator */
+static int bbs_init = 0; /* flag set when library is initialized */
+static mp_int bbs_state; /* the current state of the generator */
/* Suggested size of random seed data */
-int bbs_seed_size = (sizeof(bbs_modulus) / 2);
+int bbs_seed_size = (sizeof(bbs_modulus) / 2);
-void bbs_srand(unsigned char *data, int len)
+void
+bbs_srand(unsigned char *data, int len)
{
- if((bbs_init & SEED) == 0) {
- mp_init(&bbs_state);
- bbs_init |= SEED;
- }
+ if ((bbs_init & SEED) == 0) {
+ mp_init(&bbs_state);
+ bbs_init |= SEED;
+ }
- mp_read_raw(&bbs_state, (char *)data, len);
+ mp_read_raw(&bbs_state, (char *)data, len);
} /* end bbs_srand() */
-unsigned int bbs_rand(void)
+unsigned int
+bbs_rand(void)
{
- static mp_int modulus;
- unsigned int result = 0, ix;
+ static mp_int modulus;
+ unsigned int result = 0, ix;
- if((bbs_init & MODULUS) == 0) {
- mp_init(&modulus);
- mp_read_radix(&modulus, bbs_modulus, 16);
- bbs_init |= MODULUS;
- }
+ if ((bbs_init & MODULUS) == 0) {
+ mp_init(&modulus);
+ mp_read_radix(&modulus, bbs_modulus, 16);
+ bbs_init |= MODULUS;
+ }
- for(ix = 0; ix < sizeof(unsigned int); ix++) {
- mp_digit d;
+ for (ix = 0; ix < sizeof(unsigned int); ix++) {
+ mp_digit d;
- mp_sqrmod(&bbs_state, &modulus, &bbs_state);
- d = DIGIT(&bbs_state, 0);
+ mp_sqrmod(&bbs_state, &modulus, &bbs_state);
+ d = DIGIT(&bbs_state, 0);
- result = (result << CHAR_BIT) | (d & UCHAR_MAX);
- }
+ result = (result << CHAR_BIT) | (d & UCHAR_MAX);
+ }
- return result;
+ return result;
} /* end bbs_rand() */
diff --git a/lib/freebl/mpi/utils/bbs_rand.h b/lib/freebl/mpi/utils/bbs_rand.h
index faf0f3d03..d12269bf9 100644
--- a/lib/freebl/mpi/utils/bbs_rand.h
+++ b/lib/freebl/mpi/utils/bbs_rand.h
@@ -13,12 +13,12 @@
#include <limits.h>
#include "mpi.h"
-#define BBS_RAND_MAX UINT_MAX
+#define BBS_RAND_MAX UINT_MAX
/* Suggested length of seed data */
extern int bbs_seed_size;
-void bbs_srand(unsigned char *data, int len);
+void bbs_srand(unsigned char *data, int len);
unsigned int bbs_rand(void);
#endif /* end _H_BBSRAND_ */
diff --git a/lib/freebl/mpi/utils/bbsrand.c b/lib/freebl/mpi/utils/bbsrand.c
index 6ef20bb3a..d9151e005 100644
--- a/lib/freebl/mpi/utils/bbsrand.c
+++ b/lib/freebl/mpi/utils/bbsrand.c
@@ -15,20 +15,21 @@
#include "bbs_rand.h"
-#define NUM_TESTS 100
+#define NUM_TESTS 100
-int main(void)
+int
+main(void)
{
- unsigned int seed, result, ix;
+ unsigned int seed, result, ix;
- seed = time(NULL);
- bbs_srand((unsigned char *)&seed, sizeof(seed));
+ seed = time(NULL);
+ bbs_srand((unsigned char *)&seed, sizeof(seed));
- for(ix = 0; ix < NUM_TESTS; ix++) {
- result = bbs_rand();
-
- printf("Test %3u: %08X\n", ix + 1, result);
- }
+ for (ix = 0; ix < NUM_TESTS; ix++) {
+ result = bbs_rand();
- return 0;
+ printf("Test %3u: %08X\n", ix + 1, result);
+ }
+
+ return 0;
}
diff --git a/lib/freebl/mpi/utils/dec2hex.c b/lib/freebl/mpi/utils/dec2hex.c
index 13550e420..ef3a52095 100644
--- a/lib/freebl/mpi/utils/dec2hex.c
+++ b/lib/freebl/mpi/utils/dec2hex.c
@@ -13,26 +13,28 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a;
- char *buf;
- int len;
+ mp_int a;
+ char *buf;
+ int len;
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <a>\n", argv[0]);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+ return 1;
+ }
- mp_init(&a); mp_read_radix(&a, argv[1], 10);
- len = mp_radix_size(&a, 16);
- buf = malloc(len);
- mp_toradix(&a, buf, 16);
+ mp_init(&a);
+ mp_read_radix(&a, argv[1], 10);
+ len = mp_radix_size(&a, 16);
+ buf = malloc(len);
+ mp_toradix(&a, buf, 16);
- printf("%s\n", buf);
+ printf("%s\n", buf);
- free(buf);
- mp_clear(&a);
+ free(buf);
+ mp_clear(&a);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/utils/exptmod.c b/lib/freebl/mpi/utils/exptmod.c
index 4aa5b2336..3ac9078f4 100644
--- a/lib/freebl/mpi/utils/exptmod.c
+++ b/lib/freebl/mpi/utils/exptmod.c
@@ -14,37 +14,42 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a, b, m;
- mp_err res;
- char *str;
- int len, rval = 0;
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
- return 1;
- }
-
- mp_init(&a); mp_init(&b); mp_init(&m);
- mp_read_radix(&a, argv[1], 10);
- mp_read_radix(&b, argv[2], 10);
- mp_read_radix(&m, argv[3], 10);
-
- if((res = mp_exptmod(&a, &b, &m, &a)) != MP_OKAY) {
- fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
- rval = 1;
- } else {
- len = mp_radix_size(&a, 10);
- str = calloc(len, sizeof(char));
- mp_toradix(&a, str, 10);
-
- printf("%s\n", str);
-
- free(str);
- }
-
- mp_clear(&a); mp_clear(&b); mp_clear(&m);
-
- return rval;
+ mp_int a, b, m;
+ mp_err res;
+ char *str;
+ int len, rval = 0;
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
+ return 1;
+ }
+
+ mp_init(&a);
+ mp_init(&b);
+ mp_init(&m);
+ mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&b, argv[2], 10);
+ mp_read_radix(&m, argv[3], 10);
+
+ if ((res = mp_exptmod(&a, &b, &m, &a)) != MP_OKAY) {
+ fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+ rval = 1;
+ } else {
+ len = mp_radix_size(&a, 10);
+ str = calloc(len, sizeof(char));
+ mp_toradix(&a, str, 10);
+
+ printf("%s\n", str);
+
+ free(str);
+ }
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&m);
+
+ return rval;
}
diff --git a/lib/freebl/mpi/utils/fact.c b/lib/freebl/mpi/utils/fact.c
index a8735ad6b..da8e61a32 100644
--- a/lib/freebl/mpi/utils/fact.c
+++ b/lib/freebl/mpi/utils/fact.c
@@ -15,68 +15,70 @@
mp_err mp_fact(mp_int *a, mp_int *b);
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a;
- mp_err res;
+ mp_int a;
+ mp_err res;
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <number>\n", argv[0]);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <number>\n", argv[0]);
+ return 1;
+ }
- mp_init(&a);
- mp_read_radix(&a, argv[1], 10);
+ mp_init(&a);
+ mp_read_radix(&a, argv[1], 10);
- if((res = mp_fact(&a, &a)) != MP_OKAY) {
- fprintf(stderr, "%s: error: %s\n", argv[0],
- mp_strerror(res));
- mp_clear(&a);
- return 1;
- }
+ if ((res = mp_fact(&a, &a)) != MP_OKAY) {
+ fprintf(stderr, "%s: error: %s\n", argv[0],
+ mp_strerror(res));
+ mp_clear(&a);
+ return 1;
+ }
- {
- char *buf;
- int len;
+ {
+ char *buf;
+ int len;
- len = mp_radix_size(&a, 10);
- buf = malloc(len);
- mp_todecimal(&a, buf);
+ len = mp_radix_size(&a, 10);
+ buf = malloc(len);
+ mp_todecimal(&a, buf);
- puts(buf);
+ puts(buf);
- free(buf);
- }
+ free(buf);
+ }
- mp_clear(&a);
- return 0;
+ mp_clear(&a);
+ return 0;
}
-mp_err mp_fact(mp_int *a, mp_int *b)
+mp_err
+mp_fact(mp_int *a, mp_int *b)
{
- mp_int ix, s;
- mp_err res = MP_OKAY;
+ mp_int ix, s;
+ mp_err res = MP_OKAY;
- if(mp_cmp_z(a) < 0)
- return MP_UNDEF;
+ if (mp_cmp_z(a) < 0)
+ return MP_UNDEF;
- mp_init(&s);
- mp_add_d(&s, 1, &s); /* s = 1 */
- mp_init(&ix);
- mp_add_d(&ix, 1, &ix); /* ix = 1 */
+ mp_init(&s);
+ mp_add_d(&s, 1, &s); /* s = 1 */
+ mp_init(&ix);
+ mp_add_d(&ix, 1, &ix); /* ix = 1 */
- for(/* */; mp_cmp(&ix, a) <= 0; mp_add_d(&ix, 1, &ix)) {
- if((res = mp_mul(&s, &ix, &s)) != MP_OKAY)
- break;
- }
+ for (/* */; mp_cmp(&ix, a) <= 0; mp_add_d(&ix, 1, &ix)) {
+ if ((res = mp_mul(&s, &ix, &s)) != MP_OKAY)
+ break;
+ }
- mp_clear(&ix);
+ mp_clear(&ix);
- /* Copy out results if we got them */
- if(res == MP_OKAY)
- mp_copy(&s, b);
+ /* Copy out results if we got them */
+ if (res == MP_OKAY)
+ mp_copy(&s, b);
- mp_clear(&s);
+ mp_clear(&s);
- return res;
+ return res;
}
diff --git a/lib/freebl/mpi/utils/gcd.c b/lib/freebl/mpi/utils/gcd.c
index d5f3a4e34..9f11a250b 100644
--- a/lib/freebl/mpi/utils/gcd.c
+++ b/lib/freebl/mpi/utils/gcd.c
@@ -13,74 +13,83 @@
#include "mpi.h"
-char *g_prog = NULL;
+char *g_prog = NULL;
void print_mp_int(mp_int *mp, FILE *ofp);
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a, b, x, y;
- mp_err res;
- int ext = 0;
-
- g_prog = argv[0];
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <b>\n", g_prog);
- return 1;
- }
-
- mp_init(&a); mp_read_radix(&a, argv[1], 10);
- mp_init(&b); mp_read_radix(&b, argv[2], 10);
-
- /* If we were called 'xgcd', compute x, y so that g = ax + by */
- if(strcmp(g_prog, "xgcd") == 0) {
- ext = 1;
- mp_init(&x); mp_init(&y);
- }
-
- if(ext) {
- if((res = mp_xgcd(&a, &b, &a, &x, &y)) != MP_OKAY) {
- fprintf(stderr, "%s: error: %s\n", g_prog, mp_strerror(res));
- mp_clear(&a); mp_clear(&b);
- mp_clear(&x); mp_clear(&y);
- return 1;
+ mp_int a, b, x, y;
+ mp_err res;
+ int ext = 0;
+
+ g_prog = argv[0];
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <b>\n", g_prog);
+ return 1;
}
- } else {
- if((res = mp_gcd(&a, &b, &a)) != MP_OKAY) {
- fprintf(stderr, "%s: error: %s\n", g_prog,
- mp_strerror(res));
- mp_clear(&a); mp_clear(&b);
- return 1;
+
+ mp_init(&a);
+ mp_read_radix(&a, argv[1], 10);
+ mp_init(&b);
+ mp_read_radix(&b, argv[2], 10);
+
+ /* If we were called 'xgcd', compute x, y so that g = ax + by */
+ if (strcmp(g_prog, "xgcd") == 0) {
+ ext = 1;
+ mp_init(&x);
+ mp_init(&y);
}
- }
- print_mp_int(&a, stdout);
- if(ext) {
- fputs("x = ", stdout); print_mp_int(&x, stdout);
- fputs("y = ", stdout); print_mp_int(&y, stdout);
- }
+ if (ext) {
+ if ((res = mp_xgcd(&a, &b, &a, &x, &y)) != MP_OKAY) {
+ fprintf(stderr, "%s: error: %s\n", g_prog, mp_strerror(res));
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&x);
+ mp_clear(&y);
+ return 1;
+ }
+ } else {
+ if ((res = mp_gcd(&a, &b, &a)) != MP_OKAY) {
+ fprintf(stderr, "%s: error: %s\n", g_prog,
+ mp_strerror(res));
+ mp_clear(&a);
+ mp_clear(&b);
+ return 1;
+ }
+ }
- mp_clear(&a); mp_clear(&b);
+ print_mp_int(&a, stdout);
+ if (ext) {
+ fputs("x = ", stdout);
+ print_mp_int(&x, stdout);
+ fputs("y = ", stdout);
+ print_mp_int(&y, stdout);
+ }
- if(ext) {
- mp_clear(&x);
- mp_clear(&y);
- }
+ mp_clear(&a);
+ mp_clear(&b);
- return 0;
+ if (ext) {
+ mp_clear(&x);
+ mp_clear(&y);
+ }
+ return 0;
}
-void print_mp_int(mp_int *mp, FILE *ofp)
+void
+print_mp_int(mp_int *mp, FILE *ofp)
{
- char *buf;
- int len;
-
- len = mp_radix_size(mp, 10);
- buf = calloc(len, sizeof(char));
- mp_todecimal(mp, buf);
- fprintf(ofp, "%s\n", buf);
- free(buf);
-
+ char *buf;
+ int len;
+
+ len = mp_radix_size(mp, 10);
+ buf = calloc(len, sizeof(char));
+ mp_todecimal(mp, buf);
+ fprintf(ofp, "%s\n", buf);
+ free(buf);
}
diff --git a/lib/freebl/mpi/utils/hex2dec.c b/lib/freebl/mpi/utils/hex2dec.c
index 5bcb0f363..9b21d22e0 100644
--- a/lib/freebl/mpi/utils/hex2dec.c
+++ b/lib/freebl/mpi/utils/hex2dec.c
@@ -13,26 +13,28 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a;
- char *buf;
- int len;
+ mp_int a;
+ char *buf;
+ int len;
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <a>\n", argv[0]);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+ return 1;
+ }
- mp_init(&a); mp_read_radix(&a, argv[1], 16);
- len = mp_radix_size(&a, 10);
- buf = malloc(len);
- mp_toradix(&a, buf, 10);
+ mp_init(&a);
+ mp_read_radix(&a, argv[1], 16);
+ len = mp_radix_size(&a, 10);
+ buf = malloc(len);
+ mp_toradix(&a, buf, 10);
- printf("%s\n", buf);
+ printf("%s\n", buf);
- free(buf);
- mp_clear(&a);
+ free(buf);
+ mp_clear(&a);
- return 0;
+ return 0;
}
diff --git a/lib/freebl/mpi/utils/identest.c b/lib/freebl/mpi/utils/identest.c
index 8172d7708..321d2c2b0 100644
--- a/lib/freebl/mpi/utils/identest.c
+++ b/lib/freebl/mpi/utils/identest.c
@@ -11,73 +11,74 @@
#define MAX_PREC (4096 / MP_DIGIT_BIT)
-mp_err identity_test(void)
+mp_err
+identity_test(void)
{
- mp_size preca, precb;
- mp_err res;
- mp_int a, b;
- mp_int t1, t2, t3, t4, t5;
+ mp_size preca, precb;
+ mp_err res;
+ mp_int a, b;
+ mp_int t1, t2, t3, t4, t5;
- preca = (rand() % MAX_PREC) + 1;
- precb = (rand() % MAX_PREC) + 1;
+ preca = (rand() % MAX_PREC) + 1;
+ precb = (rand() % MAX_PREC) + 1;
- MP_DIGITS(&a) = 0;
- MP_DIGITS(&b) = 0;
- MP_DIGITS(&t1) = 0;
- MP_DIGITS(&t2) = 0;
- MP_DIGITS(&t3) = 0;
- MP_DIGITS(&t4) = 0;
- MP_DIGITS(&t5) = 0;
+ MP_DIGITS(&a) = 0;
+ MP_DIGITS(&b) = 0;
+ MP_DIGITS(&t1) = 0;
+ MP_DIGITS(&t2) = 0;
+ MP_DIGITS(&t3) = 0;
+ MP_DIGITS(&t4) = 0;
+ MP_DIGITS(&t5) = 0;
- MP_CHECKOK( mp_init(&a) );
- MP_CHECKOK( mp_init(&b) );
- MP_CHECKOK( mp_init(&t1) );
- MP_CHECKOK( mp_init(&t2) );
- MP_CHECKOK( mp_init(&t3) );
- MP_CHECKOK( mp_init(&t4) );
- MP_CHECKOK( mp_init(&t5) );
+ MP_CHECKOK(mp_init(&a));
+ MP_CHECKOK(mp_init(&b));
+ MP_CHECKOK(mp_init(&t1));
+ MP_CHECKOK(mp_init(&t2));
+ MP_CHECKOK(mp_init(&t3));
+ MP_CHECKOK(mp_init(&t4));
+ MP_CHECKOK(mp_init(&t5));
- MP_CHECKOK( mpp_random_size(&a, preca) );
- MP_CHECKOK( mpp_random_size(&b, precb) );
+ MP_CHECKOK(mpp_random_size(&a, preca));
+ MP_CHECKOK(mpp_random_size(&b, precb));
- if (mp_cmp(&a, &b) < 0)
- mp_exch(&a, &b);
+ if (mp_cmp(&a, &b) < 0)
+ mp_exch(&a, &b);
- MP_CHECKOK( mp_mod(&a, &b, &t1) ); /* t1 = a%b */
- MP_CHECKOK( mp_div(&a, &b, &t2, NULL) ); /* t2 = a/b */
- MP_CHECKOK( mp_mul(&b, &t2, &t3) ); /* t3 = (a/b)*b */
- MP_CHECKOK( mp_add(&t1, &t3, &t4) ); /* t4 = a%b + (a/b)*b */
- MP_CHECKOK( mp_sub(&t4, &a, &t5) ); /* t5 = a%b + (a/b)*b - a */
- if (mp_cmp_z(&t5) != 0) {
- res = MP_UNDEF;
- goto CLEANUP;
- }
+ MP_CHECKOK(mp_mod(&a, &b, &t1)); /* t1 = a%b */
+ MP_CHECKOK(mp_div(&a, &b, &t2, NULL)); /* t2 = a/b */
+ MP_CHECKOK(mp_mul(&b, &t2, &t3)); /* t3 = (a/b)*b */
+ MP_CHECKOK(mp_add(&t1, &t3, &t4)); /* t4 = a%b + (a/b)*b */
+ MP_CHECKOK(mp_sub(&t4, &a, &t5)); /* t5 = a%b + (a/b)*b - a */
+ if (mp_cmp_z(&t5) != 0) {
+ res = MP_UNDEF;
+ goto CLEANUP;
+ }
CLEANUP:
- mp_clear(&t5);
- mp_clear(&t4);
- mp_clear(&t3);
- mp_clear(&t2);
- mp_clear(&t1);
- mp_clear(&b);
- mp_clear(&a);
- return res;
+ mp_clear(&t5);
+ mp_clear(&t4);
+ mp_clear(&t3);
+ mp_clear(&t2);
+ mp_clear(&t1);
+ mp_clear(&b);
+ mp_clear(&a);
+ return res;
}
int
main(void)
{
- unsigned int seed = (unsigned int)time(NULL);
- unsigned long count = 0;
- mp_err res;
+ unsigned int seed = (unsigned int)time(NULL);
+ unsigned long count = 0;
+ mp_err res;
- srand(seed);
+ srand(seed);
- while (MP_OKAY == (res = identity_test())) {
- if ((++count % 100) == 0)
- fputc('.', stderr);
- }
+ while (MP_OKAY == (res = identity_test())) {
+ if ((++count % 100) == 0)
+ fputc('.', stderr);
+ }
- fprintf(stderr, "\ntest failed, err %d\n", res);
- return res;
+ fprintf(stderr, "\ntest failed, err %d\n", res);
+ return res;
}
diff --git a/lib/freebl/mpi/utils/invmod.c b/lib/freebl/mpi/utils/invmod.c
index c71cc029e..9b4b04d3f 100644
--- a/lib/freebl/mpi/utils/invmod.c
+++ b/lib/freebl/mpi/utils/invmod.c
@@ -12,48 +12,50 @@
#include "mpi.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a, m;
- mp_err res;
- char *buf;
- int len, out = 0;
-
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
- return 1;
- }
-
- mp_init(&a); mp_init(&m);
- mp_read_radix(&a, argv[1], 10);
- mp_read_radix(&m, argv[2], 10);
-
- if(mp_cmp(&a, &m) > 0)
- mp_mod(&a, &m, &a);
-
- switch((res = mp_invmod(&a, &m, &a))) {
- case MP_OKAY:
- len = mp_radix_size(&a, 10);
- buf = malloc(len);
-
- mp_toradix(&a, buf, 10);
- printf("%s\n", buf);
- free(buf);
- break;
-
- case MP_UNDEF:
- printf("No inverse\n");
- out = 1;
- break;
-
- default:
- printf("error: %s (%d)\n", mp_strerror(res), res);
- out = 2;
- break;
- }
-
- mp_clear(&a);
- mp_clear(&m);
-
- return out;
+ mp_int a, m;
+ mp_err res;
+ char *buf;
+ int len, out = 0;
+
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
+ return 1;
+ }
+
+ mp_init(&a);
+ mp_init(&m);
+ mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&m, argv[2], 10);
+
+ if (mp_cmp(&a, &m) > 0)
+ mp_mod(&a, &m, &a);
+
+ switch ((res = mp_invmod(&a, &m, &a))) {
+ case MP_OKAY:
+ len = mp_radix_size(&a, 10);
+ buf = malloc(len);
+
+ mp_toradix(&a, buf, 10);
+ printf("%s\n", buf);
+ free(buf);
+ break;
+
+ case MP_UNDEF:
+ printf("No inverse\n");
+ out = 1;
+ break;
+
+ default:
+ printf("error: %s (%d)\n", mp_strerror(res), res);
+ out = 2;
+ break;
+ }
+
+ mp_clear(&a);
+ mp_clear(&m);
+
+ return out;
}
diff --git a/lib/freebl/mpi/utils/isprime.c b/lib/freebl/mpi/utils/isprime.c
index b43b8eb82..d2d86957e 100644
--- a/lib/freebl/mpi/utils/isprime.c
+++ b/lib/freebl/mpi/utils/isprime.c
@@ -14,75 +14,76 @@
#include "mpi.h"
#include "mpprime.h"
-#define RM_TESTS 15 /* how many iterations of Rabin-Miller? */
-#define MINIMUM 1024 /* don't bother us with a < this */
+#define RM_TESTS 15 /* how many iterations of Rabin-Miller? */
+#define MINIMUM 1024 /* don't bother us with a < this */
-int g_tests = RM_TESTS;
-char *g_prog = NULL;
+int g_tests = RM_TESTS;
+char *g_prog = NULL;
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a;
- mp_digit np = prime_tab_size; /* from mpprime.h */
- int res = 0;
+ mp_int a;
+ mp_digit np = prime_tab_size; /* from mpprime.h */
+ int res = 0;
- g_prog = argv[0];
+ g_prog = argv[0];
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <a>, where <a> is a decimal integer\n"
- "Use '0x' prefix for a hexadecimal value\n", g_prog);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <a>, where <a> is a decimal integer\n"
+ "Use '0x' prefix for a hexadecimal value\n",
+ g_prog);
+ return 1;
+ }
- /* Read number of tests from environment, if present */
- {
- char *tmp;
+ /* Read number of tests from environment, if present */
+ {
+ char *tmp;
- if((tmp = PR_GetEnvSecure("RM_TESTS")) != NULL) {
- if((g_tests = atoi(tmp)) <= 0)
- g_tests = RM_TESTS;
+ if ((tmp = PR_GetEnvSecure("RM_TESTS")) != NULL) {
+ if ((g_tests = atoi(tmp)) <= 0)
+ g_tests = RM_TESTS;
+ }
}
- }
- mp_init(&a);
- if(argv[1][0] == '0' && argv[1][1] == 'x')
- mp_read_radix(&a, argv[1] + 2, 16);
- else
- mp_read_radix(&a, argv[1], 10);
+ mp_init(&a);
+ if (argv[1][0] == '0' && argv[1][1] == 'x')
+ mp_read_radix(&a, argv[1] + 2, 16);
+ else
+ mp_read_radix(&a, argv[1], 10);
+
+ if (mp_cmp_d(&a, MINIMUM) <= 0) {
+ fprintf(stderr, "%s: please use a value greater than %d\n",
+ g_prog, MINIMUM);
+ mp_clear(&a);
+ return 1;
+ }
- if(mp_cmp_d(&a, MINIMUM) <= 0) {
- fprintf(stderr, "%s: please use a value greater than %d\n",
- g_prog, MINIMUM);
- mp_clear(&a);
- return 1;
- }
-
- /* Test for divisibility by small primes */
- if(mpp_divis_primes(&a, &np) != MP_NO) {
- printf("Not prime (divisible by small prime %d)\n", np);
- res = 2;
- goto CLEANUP;
- }
-
- /* Test with Fermat's test, using 2 as a witness */
- if(mpp_fermat(&a, 2) != MP_YES) {
- printf("Not prime (failed Fermat test)\n");
- res = 2;
- goto CLEANUP;
- }
-
- /* Test with Rabin-Miller probabilistic test */
- if(mpp_pprime(&a, g_tests) == MP_NO) {
- printf("Not prime (failed pseudoprime test)\n");
- res = 2;
- goto CLEANUP;
- }
-
- printf("Probably prime, 1 in 4^%d chance of false positive\n", g_tests);
+ /* Test for divisibility by small primes */
+ if (mpp_divis_primes(&a, &np) != MP_NO) {
+ printf("Not prime (divisible by small prime %d)\n", np);
+ res = 2;
+ goto CLEANUP;
+ }
+
+ /* Test with Fermat's test, using 2 as a witness */
+ if (mpp_fermat(&a, 2) != MP_YES) {
+ printf("Not prime (failed Fermat test)\n");
+ res = 2;
+ goto CLEANUP;
+ }
+
+ /* Test with Rabin-Miller probabilistic test */
+ if (mpp_pprime(&a, g_tests) == MP_NO) {
+ printf("Not prime (failed pseudoprime test)\n");
+ res = 2;
+ goto CLEANUP;
+ }
+
+ printf("Probably prime, 1 in 4^%d chance of false positive\n", g_tests);
CLEANUP:
- mp_clear(&a);
-
- return res;
+ mp_clear(&a);
+ return res;
}
diff --git a/lib/freebl/mpi/utils/lap.c b/lib/freebl/mpi/utils/lap.c
index b6ab884cc..501e4531d 100644
--- a/lib/freebl/mpi/utils/lap.c
+++ b/lib/freebl/mpi/utils/lap.c
@@ -17,72 +17,74 @@ void sig_catch(int ign);
int g_quit = 0;
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int a, m, p, k;
+ mp_int a, m, p, k;
- if(argc < 3) {
- fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
- return 1;
- }
+ if (argc < 3) {
+ fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
+ return 1;
+ }
- mp_init(&a);
- mp_init(&m);
- mp_init(&p);
- mp_add_d(&p, 1, &p);
+ mp_init(&a);
+ mp_init(&m);
+ mp_init(&p);
+ mp_add_d(&p, 1, &p);
- mp_read_radix(&a, argv[1], 10);
- mp_read_radix(&m, argv[2], 10);
+ mp_read_radix(&a, argv[1], 10);
+ mp_read_radix(&m, argv[2], 10);
- mp_init_copy(&k, &a);
+ mp_init_copy(&k, &a);
- signal(SIGINT, sig_catch);
+ signal(SIGINT, sig_catch);
#ifndef __OS2__
- signal(SIGHUP, sig_catch);
+ signal(SIGHUP, sig_catch);
#endif
- signal(SIGTERM, sig_catch);
-
- while(mp_cmp(&p, &m) < 0) {
- if(g_quit) {
- int len;
- char *buf;
-
- len = mp_radix_size(&p, 10);
- buf = malloc(len);
- mp_toradix(&p, buf, 10);
-
- fprintf(stderr, "Terminated at: %s\n", buf);
- free(buf);
- return 1;
- }
- if(mp_cmp_d(&k, 1) == 0) {
- int len;
- char *buf;
+ signal(SIGTERM, sig_catch);
- len = mp_radix_size(&p, 10);
- buf = malloc(len);
- mp_toradix(&p, buf, 10);
+ while (mp_cmp(&p, &m) < 0) {
+ if (g_quit) {
+ int len;
+ char *buf;
- printf("%s\n", buf);
+ len = mp_radix_size(&p, 10);
+ buf = malloc(len);
+ mp_toradix(&p, buf, 10);
- free(buf);
- break;
- }
+ fprintf(stderr, "Terminated at: %s\n", buf);
+ free(buf);
+ return 1;
+ }
+ if (mp_cmp_d(&k, 1) == 0) {
+ int len;
+ char *buf;
- mp_mulmod(&k, &a, &m, &k);
- mp_add_d(&p, 1, &p);
- }
+ len = mp_radix_size(&p, 10);
+ buf = malloc(len);
+ mp_toradix(&p, buf, 10);
+
+ printf("%s\n", buf);
+
+ free(buf);
+ break;
+ }
+
+ mp_mulmod(&k, &a, &m, &k);
+ mp_add_d(&p, 1, &p);
+ }
- if(mp_cmp(&p, &m) >= 0)
- printf("No annihilating power.\n");
+ if (mp_cmp(&p, &m) >= 0)
+ printf("No annihilating power.\n");
- mp_clear(&p);
- mp_clear(&m);
- mp_clear(&a);
- return 0;
+ mp_clear(&p);
+ mp_clear(&m);
+ mp_clear(&a);
+ return 0;
}
-void sig_catch(int ign)
+void
+sig_catch(int ign)
{
- g_quit = 1;
+ g_quit = 1;
}
diff --git a/lib/freebl/mpi/utils/makeprime.c b/lib/freebl/mpi/utils/makeprime.c
index 22808c643..401b7532b 100644
--- a/lib/freebl/mpi/utils/makeprime.c
+++ b/lib/freebl/mpi/utils/makeprime.c
@@ -29,84 +29,86 @@
Returns MP_OKAY if a prime has been generated, otherwise the error
code indicates some other problem. The value of p is clobbered; the
- caller should keep a copy if the value is needed.
+ caller should keep a copy if the value is needed.
*/
-mp_err make_prime(mp_int *p, int nr);
+mp_err make_prime(mp_int *p, int nr);
/* The main() is not required -- it's just a test driver */
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_int start;
- mp_err res;
-
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <start-value>\n", argv[0]);
- return 1;
- }
-
- mp_init(&start);
- if(argv[1][0] == '0' && tolower(argv[1][1]) == 'x') {
- mp_read_radix(&start, argv[1] + 2, 16);
- } else {
- mp_read_radix(&start, argv[1], 10);
- }
- mp_abs(&start, &start);
-
- if((res = make_prime(&start, 5)) != MP_OKAY) {
- fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
- mp_clear(&start);
-
- return 1;
-
- } else {
- char *buf = malloc(mp_radix_size(&start, 10));
-
- mp_todecimal(&start, buf);
- printf("%s\n", buf);
- free(buf);
-
- mp_clear(&start);
-
- return 0;
- }
-
+ mp_int start;
+ mp_err res;
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <start-value>\n", argv[0]);
+ return 1;
+ }
+
+ mp_init(&start);
+ if (argv[1][0] == '0' && tolower(argv[1][1]) == 'x') {
+ mp_read_radix(&start, argv[1] + 2, 16);
+ } else {
+ mp_read_radix(&start, argv[1], 10);
+ }
+ mp_abs(&start, &start);
+
+ if ((res = make_prime(&start, 5)) != MP_OKAY) {
+ fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+ mp_clear(&start);
+
+ return 1;
+
+ } else {
+ char *buf = malloc(mp_radix_size(&start, 10));
+
+ mp_todecimal(&start, buf);
+ printf("%s\n", buf);
+ free(buf);
+
+ mp_clear(&start);
+
+ return 0;
+ }
+
} /* end main() */
/*------------------------------------------------------------------------*/
-mp_err make_prime(mp_int *p, int nr)
+mp_err
+make_prime(mp_int *p, int nr)
{
- mp_err res;
-
- if(mp_iseven(p)) {
- mp_add_d(p, 1, p);
- }
-
- do {
- mp_digit which = prime_tab_size;
-
- /* First test for divisibility by a few small primes */
- if((res = mpp_divis_primes(p, &which)) == MP_YES)
- continue;
- else if(res != MP_NO)
- goto CLEANUP;
-
- /* If that passes, try one iteration of Fermat's test */
- if((res = mpp_fermat(p, 2)) == MP_NO)
- continue;
- else if(res != MP_YES)
- goto CLEANUP;
-
- /* If that passes, run Rabin-Miller as often as requested */
- if((res = mpp_pprime(p, nr)) == MP_YES)
- break;
- else if(res != MP_NO)
- goto CLEANUP;
-
- } while((res = mp_add_d(p, 2, p)) == MP_OKAY);
-
- CLEANUP:
- return res;
+ mp_err res;
+
+ if (mp_iseven(p)) {
+ mp_add_d(p, 1, p);
+ }
+
+ do {
+ mp_digit which = prime_tab_size;
+
+ /* First test for divisibility by a few small primes */
+ if ((res = mpp_divis_primes(p, &which)) == MP_YES)
+ continue;
+ else if (res != MP_NO)
+ goto CLEANUP;
+
+ /* If that passes, try one iteration of Fermat's test */
+ if ((res = mpp_fermat(p, 2)) == MP_NO)
+ continue;
+ else if (res != MP_YES)
+ goto CLEANUP;
+
+ /* If that passes, run Rabin-Miller as often as requested */
+ if ((res = mpp_pprime(p, nr)) == MP_YES)
+ break;
+ else if (res != MP_NO)
+ goto CLEANUP;
+
+ } while ((res = mp_add_d(p, 2, p)) == MP_OKAY);
+
+CLEANUP:
+ return res;
} /* end make_prime() */
diff --git a/lib/freebl/mpi/utils/metime.c b/lib/freebl/mpi/utils/metime.c
index c2264b756..122875ee0 100644
--- a/lib/freebl/mpi/utils/metime.c
+++ b/lib/freebl/mpi/utils/metime.c
@@ -1,4 +1,4 @@
-/*
+/*
* metime.c
*
* Modular exponentiation timing test
@@ -18,82 +18,84 @@
double clk_to_sec(clock_t start, clock_t stop);
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- int ix, num, prec = 8;
- unsigned int seed;
- clock_t start, stop;
- double sec;
-
- mp_int a, m, c;
-
- if(PR_GetEnvSecure("SEED") != NULL)
- seed = abs(atoi(PR_GetEnvSecure("SEED")));
- else
- seed = (unsigned int)time(NULL);
-
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <num-tests> [<nbits>]\n", argv[0]);
- return 1;
- }
-
- if((num = atoi(argv[1])) < 0)
- num = -num;
-
- if(!num) {
- fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
- return 1;
- }
-
- if(argc > 2) {
- if((prec = atoi(argv[2])) <= 0)
- prec = 8;
- else
- prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
-
- }
-
- printf("Modular exponentiation timing test\n"
- "Precision: %d digits (%d bits)\n"
- "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num);
-
- mp_init_size(&a, prec);
- mp_init_size(&m, prec);
- mp_init_size(&c, prec);
-
- srand(seed);
-
- start = clock();
- for(ix = 0; ix < num; ix++) {
-
- mpp_random_size(&a, prec);
- mpp_random_size(&c, prec);
- mpp_random_size(&m, prec);
- /* set msb and lsb of m */
- DIGIT(&m,0) |= 1;
- DIGIT(&m, USED(&m)-1) |= (mp_digit)1 << (DIGIT_BIT - 1);
- if (mp_cmp(&a, &m) > 0)
- mp_sub(&a, &m, &a);
-
- mp_exptmod(&a, &c, &m, &c);
- }
- stop = clock();
-
- sec = clk_to_sec(start, stop);
-
- printf("Total: %.3f seconds\n", sec);
- printf("Individual: %.3f seconds\n", sec / num);
-
- mp_clear(&c);
- mp_clear(&a);
- mp_clear(&m);
-
- return 0;
+ int ix, num, prec = 8;
+ unsigned int seed;
+ clock_t start, stop;
+ double sec;
+
+ mp_int a, m, c;
+
+ if (PR_GetEnvSecure("SEED") != NULL)
+ seed = abs(atoi(PR_GetEnvSecure("SEED")));
+ else
+ seed = (unsigned int)time(NULL);
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <num-tests> [<nbits>]\n", argv[0]);
+ return 1;
+ }
+
+ if ((num = atoi(argv[1])) < 0)
+ num = -num;
+
+ if (!num) {
+ fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+ return 1;
+ }
+
+ if (argc > 2) {
+ if ((prec = atoi(argv[2])) <= 0)
+ prec = 8;
+ else
+ prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+ }
+
+ printf("Modular exponentiation timing test\n"
+ "Precision: %d digits (%d bits)\n"
+ "# of tests: %d\n\n",
+ prec, prec * DIGIT_BIT, num);
+
+ mp_init_size(&a, prec);
+ mp_init_size(&m, prec);
+ mp_init_size(&c, prec);
+
+ srand(seed);
+
+ start = clock();
+ for (ix = 0; ix < num; ix++) {
+
+ mpp_random_size(&a, prec);
+ mpp_random_size(&c, prec);
+ mpp_random_size(&m, prec);
+ /* set msb and lsb of m */
+ DIGIT(&m, 0) |= 1;
+ DIGIT(&m, USED(&m) - 1) |= (mp_digit)1 << (DIGIT_BIT - 1);
+ if (mp_cmp(&a, &m) > 0)
+ mp_sub(&a, &m, &a);
+
+ mp_exptmod(&a, &c, &m, &c);
+ }
+ stop = clock();
+
+ sec = clk_to_sec(start, stop);
+
+ printf("Total: %.3f seconds\n", sec);
+ printf("Individual: %.3f seconds\n", sec / num);
+
+ mp_clear(&c);
+ mp_clear(&a);
+ mp_clear(&m);
+
+ return 0;
}
-double clk_to_sec(clock_t start, clock_t stop)
+double
+clk_to_sec(clock_t start, clock_t stop)
{
- return (double)(stop - start) / CLOCKS_PER_SEC;
+ return (double)(stop - start) / CLOCKS_PER_SEC;
}
/*------------------------------------------------------------------------*/
diff --git a/lib/freebl/mpi/utils/pi.c b/lib/freebl/mpi/utils/pi.c
index 78f57369b..7e3109786 100644
--- a/lib/freebl/mpi/utils/pi.c
+++ b/lib/freebl/mpi/utils/pi.c
@@ -3,7 +3,7 @@
*
* Compute pi to an arbitrary number of digits. Uses Machin's formula,
* like everyone else on the planet:
- *
+ *
* pi = 16 * arctan(1/5) - 4 * arctan(1/239)
*
* This is pretty effective for up to a few thousand digits, but it
@@ -23,89 +23,96 @@
mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum);
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- mp_err res;
- mp_digit ndigits;
- mp_int sum1, sum2;
- clock_t start, stop;
- int out = 0;
-
- /* Make the user specify precision on the command line */
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <num-digits>\n", argv[0]);
- return 1;
- }
-
- if((ndigits = abs(atoi(argv[1]))) == 0) {
- fprintf(stderr, "%s: you must request at least 1 digit\n", argv[0]);
- return 1;
- }
-
- start = clock();
- mp_init(&sum1); mp_init(&sum2);
-
- /* sum1 = 16 * arctan(1/5) */
- if((res = arctan(16, 5, ndigits, &sum1)) != MP_OKAY) {
- fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
- out = 1; goto CLEANUP;
- }
-
- /* sum2 = 4 * arctan(1/239) */
- if((res = arctan(4, 239, ndigits, &sum2)) != MP_OKAY) {
- fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
- out = 1; goto CLEANUP;
- }
-
- /* pi = sum1 - sum2 */
- if((res = mp_sub(&sum1, &sum2, &sum1)) != MP_OKAY) {
- fprintf(stderr, "%s: mp_sub: %s\n", argv[0], mp_strerror(res));
- out = 1; goto CLEANUP;
- }
- stop = clock();
-
- /* Write the output in decimal */
- {
- char *buf = malloc(mp_radix_size(&sum1, 10));
-
- if(buf == NULL) {
- fprintf(stderr, "%s: out of memory\n", argv[0]);
- out = 1; goto CLEANUP;
+ mp_err res;
+ mp_digit ndigits;
+ mp_int sum1, sum2;
+ clock_t start, stop;
+ int out = 0;
+
+ /* Make the user specify precision on the command line */
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <num-digits>\n", argv[0]);
+ return 1;
}
- mp_todecimal(&sum1, buf);
- printf("%s\n", buf);
- free(buf);
- }
- fprintf(stderr, "Computation took %.2f sec.\n",
- (double)(stop - start) / CLOCKS_PER_SEC);
+ if ((ndigits = abs(atoi(argv[1]))) == 0) {
+ fprintf(stderr, "%s: you must request at least 1 digit\n", argv[0]);
+ return 1;
+ }
- CLEANUP:
- mp_clear(&sum1);
- mp_clear(&sum2);
+ start = clock();
+ mp_init(&sum1);
+ mp_init(&sum2);
- return out;
+ /* sum1 = 16 * arctan(1/5) */
+ if ((res = arctan(16, 5, ndigits, &sum1)) != MP_OKAY) {
+ fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
+ out = 1;
+ goto CLEANUP;
+ }
-}
+ /* sum2 = 4 * arctan(1/239) */
+ if ((res = arctan(4, 239, ndigits, &sum2)) != MP_OKAY) {
+ fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
+ out = 1;
+ goto CLEANUP;
+ }
-/* Compute sum := mul * arctan(1/x), to 'prec' digits of precision */
-mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum)
-{
- mp_int t, v;
- mp_digit q = 1, rd;
- mp_err res;
- int sign = 1;
+ /* pi = sum1 - sum2 */
+ if ((res = mp_sub(&sum1, &sum2, &sum1)) != MP_OKAY) {
+ fprintf(stderr, "%s: mp_sub: %s\n", argv[0], mp_strerror(res));
+ out = 1;
+ goto CLEANUP;
+ }
+ stop = clock();
+
+ /* Write the output in decimal */
+ {
+ char *buf = malloc(mp_radix_size(&sum1, 10));
+
+ if (buf == NULL) {
+ fprintf(stderr, "%s: out of memory\n", argv[0]);
+ out = 1;
+ goto CLEANUP;
+ }
+ mp_todecimal(&sum1, buf);
+ printf("%s\n", buf);
+ free(buf);
+ }
+
+ fprintf(stderr, "Computation took %.2f sec.\n",
+ (double)(stop - start) / CLOCKS_PER_SEC);
- prec += 3; /* push inaccuracies off the end */
+CLEANUP:
+ mp_clear(&sum1);
+ mp_clear(&sum2);
- mp_init(&t); mp_set(&t, 10);
- mp_init(&v);
- if((res = mp_expt_d(&t, prec, &t)) != MP_OKAY || /* get 10^prec */
- (res = mp_mul_d(&t, mul, &t)) != MP_OKAY || /* ... times mul */
- (res = mp_mul_d(&t, x, &t)) != MP_OKAY) /* ... times x */
- goto CLEANUP;
+ return out;
+}
- /*
+/* Compute sum := mul * arctan(1/x), to 'prec' digits of precision */
+mp_err
+arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum)
+{
+ mp_int t, v;
+ mp_digit q = 1, rd;
+ mp_err res;
+ int sign = 1;
+
+ prec += 3; /* push inaccuracies off the end */
+
+ mp_init(&t);
+ mp_set(&t, 10);
+ mp_init(&v);
+ if ((res = mp_expt_d(&t, prec, &t)) != MP_OKAY || /* get 10^prec */
+ (res = mp_mul_d(&t, mul, &t)) != MP_OKAY || /* ... times mul */
+ (res = mp_mul_d(&t, x, &t)) != MP_OKAY) /* ... times x */
+ goto CLEANUP;
+
+ /*
The extra multiplication by x in the above takes care of what
would otherwise have to be a special case for 1 / x^1 during the
first loop iteration. A little sneaky, but effective.
@@ -113,51 +120,51 @@ mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum)
We compute arctan(1/x) by the formula:
1 1 1 1
- - - ----- + ----- - ----- + ...
- x 3 x^3 5 x^5 7 x^7
+ - - ----- + ----- - ----- + ...
+ x 3 x^3 5 x^5 7 x^7
We multiply through by 'mul' beforehand, which gives us a couple
more iterations and more precision
*/
- x *= x; /* works as long as x < sqrt(RADIX), which it is here */
+ x *= x; /* works as long as x < sqrt(RADIX), which it is here */
- mp_zero(sum);
+ mp_zero(sum);
- do {
- if((res = mp_div_d(&t, x, &t, &rd)) != MP_OKAY)
- goto CLEANUP;
+ do {
+ if ((res = mp_div_d(&t, x, &t, &rd)) != MP_OKAY)
+ goto CLEANUP;
- if(sign < 0 && rd != 0)
- mp_add_d(&t, 1, &t);
+ if (sign < 0 && rd != 0)
+ mp_add_d(&t, 1, &t);
- if((res = mp_div_d(&t, q, &v, &rd)) != MP_OKAY)
- goto CLEANUP;
+ if ((res = mp_div_d(&t, q, &v, &rd)) != MP_OKAY)
+ goto CLEANUP;
- if(sign < 0 && rd != 0)
- mp_add_d(&v, 1, &v);
+ if (sign < 0 && rd != 0)
+ mp_add_d(&v, 1, &v);
- if(sign > 0)
- res = mp_add(sum, &v, sum);
- else
- res = mp_sub(sum, &v, sum);
+ if (sign > 0)
+ res = mp_add(sum, &v, sum);
+ else
+ res = mp_sub(sum, &v, sum);
- if(res != MP_OKAY)
- goto CLEANUP;
+ if (res != MP_OKAY)
+ goto CLEANUP;
- sign *= -1;
- q += 2;
+ sign *= -1;
+ q += 2;
- } while(mp_cmp_z(&t) != 0);
+ } while (mp_cmp_z(&t) != 0);
- /* Chop off inaccurate low-order digits */
- mp_div_d(sum, 1000, sum, NULL);
+ /* Chop off inaccurate low-order digits */
+ mp_div_d(sum, 1000, sum, NULL);
- CLEANUP:
- mp_clear(&v);
- mp_clear(&t);
+CLEANUP:
+ mp_clear(&v);
+ mp_clear(&t);
- return res;
+ return res;
}
/*------------------------------------------------------------------------*/
diff --git a/lib/freebl/mpi/utils/primegen.c b/lib/freebl/mpi/utils/primegen.c
index b922a746f..f62a56a4e 100644
--- a/lib/freebl/mpi/utils/primegen.c
+++ b/lib/freebl/mpi/utils/primegen.c
@@ -25,134 +25,135 @@
#include "mplogic.h"
#include "mpprime.h"
-#define NUM_TESTS 5 /* Number of Rabin-Miller iterations to test with */
+#define NUM_TESTS 5 /* Number of Rabin-Miller iterations to test with */
#ifdef DEBUG
-#define FPUTC(x,y) fputc(x,y)
+#define FPUTC(x, y) fputc(x, y)
#else
-#define FPUTC(x,y)
+#define FPUTC(x, y)
#endif
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- unsigned char *raw;
- char *out;
- unsigned long nTries;
- int rawlen, bits, outlen, ngen, ix, jx;
- int g_strong = 0;
- mp_int testval;
- mp_err res;
- clock_t start, end;
-
- /* We'll just use the C library's rand() for now, although this
+ unsigned char *raw;
+ char *out;
+ unsigned long nTries;
+ int rawlen, bits, outlen, ngen, ix, jx;
+ int g_strong = 0;
+ mp_int testval;
+ mp_err res;
+ clock_t start, end;
+
+ /* We'll just use the C library's rand() for now, although this
won't be good enough for cryptographic purposes */
- if((out = PR_GetEnvSecure("SEED")) == NULL) {
- srand((unsigned int)time(NULL));
- } else {
- srand((unsigned int)atoi(out));
- }
-
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <bits> [<count> [strong]]\n", argv[0]);
- return 1;
- }
-
- if((bits = abs(atoi(argv[1]))) < CHAR_BIT) {
- fprintf(stderr, "%s: please request at least %d bits.\n",
- argv[0], CHAR_BIT);
- return 1;
- }
-
- /* If optional third argument is given, use that as the number of
+ if ((out = PR_GetEnvSecure("SEED")) == NULL) {
+ srand((unsigned int)time(NULL));
+ } else {
+ srand((unsigned int)atoi(out));
+ }
+
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <bits> [<count> [strong]]\n", argv[0]);
+ return 1;
+ }
+
+ if ((bits = abs(atoi(argv[1]))) < CHAR_BIT) {
+ fprintf(stderr, "%s: please request at least %d bits.\n",
+ argv[0], CHAR_BIT);
+ return 1;
+ }
+
+ /* If optional third argument is given, use that as the number of
primes to generate; otherwise generate one prime only.
*/
- if(argc < 3) {
- ngen = 1;
- } else {
- ngen = abs(atoi(argv[2]));
- }
+ if (argc < 3) {
+ ngen = 1;
+ } else {
+ ngen = abs(atoi(argv[2]));
+ }
- /* If fourth argument is given, and is the word "strong", we'll
+ /* If fourth argument is given, and is the word "strong", we'll
generate strong (Sophie Germain) primes.
*/
- if(argc > 3 && strcmp(argv[3], "strong") == 0)
- g_strong = 1;
-
- /* testval - candidate being tested; nTries - number tried so far */
- if ((res = mp_init(&testval)) != MP_OKAY) {
- fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
- return 1;
- }
-
- if(g_strong) {
- printf("Requested %d strong prime value(s) of %d bits.\n",
- ngen, bits);
- } else {
- printf("Requested %d prime value(s) of %d bits.\n", ngen, bits);
- }
-
- rawlen = (bits / CHAR_BIT) + ((bits % CHAR_BIT) ? 1 : 0) + 1;
-
- if((raw = calloc(rawlen, sizeof(unsigned char))) == NULL) {
- fprintf(stderr, "%s: out of memory, sorry.\n", argv[0]);
- return 1;
- }
-
- /* This loop is one for each prime we need to generate */
- for(jx = 0; jx < ngen; jx++) {
-
- raw[0] = 0; /* sign is positive */
-
- /* Pack the initializer with random bytes */
- for(ix = 1; ix < rawlen; ix++)
- raw[ix] = (rand() * rand()) & UCHAR_MAX;
-
- raw[1] |= 0x80; /* set high-order bit of test value */
- raw[rawlen - 1] |= 1; /* set low-order bit of test value */
-
- /* Make an mp_int out of the initializer */
- mp_read_raw(&testval, (char *)raw, rawlen);
-
- /* Initialize candidate counter */
- nTries = 0;
-
- start = clock(); /* time generation for this prime */
- do {
- res = mpp_make_prime(&testval, bits, g_strong, &nTries);
- if (res != MP_NO)
- break;
- /* This code works whether digits are 16 or 32 bits */
- res = mp_add_d(&testval, 32 * 1024, &testval);
- res = mp_add_d(&testval, 32 * 1024, &testval);
- FPUTC(',', stderr);
- } while (1);
- end = clock();
-
- if (res != MP_YES) {
- break;
+ if (argc > 3 && strcmp(argv[3], "strong") == 0)
+ g_strong = 1;
+
+ /* testval - candidate being tested; nTries - number tried so far */
+ if ((res = mp_init(&testval)) != MP_OKAY) {
+ fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+ return 1;
+ }
+
+ if (g_strong) {
+ printf("Requested %d strong prime value(s) of %d bits.\n",
+ ngen, bits);
+ } else {
+ printf("Requested %d prime value(s) of %d bits.\n", ngen, bits);
}
- FPUTC('\n', stderr);
- puts("The following value is probably prime:");
- outlen = mp_radix_size(&testval, 10);
- out = calloc(outlen, sizeof(unsigned char));
- mp_toradix(&testval, (char *)out, 10);
- printf("10: %s\n", out);
- mp_toradix(&testval, (char *)out, 16);
- printf("16: %s\n\n", out);
- free(out);
-
- printf("Number of candidates tried: %lu\n", nTries);
- printf("This computation took %ld clock ticks (%.2f seconds)\n",
- (end - start), ((double)(end - start) / CLOCKS_PER_SEC));
-
- FPUTC('\n', stderr);
- } /* end of loop to generate all requested primes */
-
- if(res != MP_OKAY)
- fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
-
- free(raw);
- mp_clear(&testval);
-
- return 0;
+
+ rawlen = (bits / CHAR_BIT) + ((bits % CHAR_BIT) ? 1 : 0) + 1;
+
+ if ((raw = calloc(rawlen, sizeof(unsigned char))) == NULL) {
+ fprintf(stderr, "%s: out of memory, sorry.\n", argv[0]);
+ return 1;
+ }
+
+ /* This loop is one for each prime we need to generate */
+ for (jx = 0; jx < ngen; jx++) {
+
+ raw[0] = 0; /* sign is positive */
+
+ /* Pack the initializer with random bytes */
+ for (ix = 1; ix < rawlen; ix++)
+ raw[ix] = (rand() * rand()) & UCHAR_MAX;
+
+ raw[1] |= 0x80; /* set high-order bit of test value */
+ raw[rawlen - 1] |= 1; /* set low-order bit of test value */
+
+ /* Make an mp_int out of the initializer */
+ mp_read_raw(&testval, (char *)raw, rawlen);
+
+ /* Initialize candidate counter */
+ nTries = 0;
+
+ start = clock(); /* time generation for this prime */
+ do {
+ res = mpp_make_prime(&testval, bits, g_strong, &nTries);
+ if (res != MP_NO)
+ break;
+ /* This code works whether digits are 16 or 32 bits */
+ res = mp_add_d(&testval, 32 * 1024, &testval);
+ res = mp_add_d(&testval, 32 * 1024, &testval);
+ FPUTC(',', stderr);
+ } while (1);
+ end = clock();
+
+ if (res != MP_YES) {
+ break;
+ }
+ FPUTC('\n', stderr);
+ puts("The following value is probably prime:");
+ outlen = mp_radix_size(&testval, 10);
+ out = calloc(outlen, sizeof(unsigned char));
+ mp_toradix(&testval, (char *)out, 10);
+ printf("10: %s\n", out);
+ mp_toradix(&testval, (char *)out, 16);
+ printf("16: %s\n\n", out);
+ free(out);
+
+ printf("Number of candidates tried: %lu\n", nTries);
+ printf("This computation took %ld clock ticks (%.2f seconds)\n",
+ (end - start), ((double)(end - start) / CLOCKS_PER_SEC));
+
+ FPUTC('\n', stderr);
+ } /* end of loop to generate all requested primes */
+
+ if (res != MP_OKAY)
+ fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+
+ free(raw);
+ mp_clear(&testval);
+
+ return 0;
}
diff --git a/lib/freebl/mpi/utils/prng.c b/lib/freebl/mpi/utils/prng.c
index 59ccae068..38748d18e 100644
--- a/lib/freebl/mpi/utils/prng.c
+++ b/lib/freebl/mpi/utils/prng.c
@@ -21,37 +21,37 @@
#include "bbs_rand.h"
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- unsigned char *seed;
- unsigned int ix, num = 1;
- pid_t pid;
-
- if(argc > 1) {
- num = atoi(argv[1]);
- if(num <= 0)
- num = 1;
- }
+ unsigned char *seed;
+ unsigned int ix, num = 1;
+ pid_t pid;
- pid = getpid();
- srand(time(NULL) * (unsigned int)pid);
+ if (argc > 1) {
+ num = atoi(argv[1]);
+ if (num <= 0)
+ num = 1;
+ }
- /* Not a perfect seed, but not bad */
- seed = malloc(bbs_seed_size);
- for(ix = 0; ix < bbs_seed_size; ix++) {
- seed[ix] = rand() % UCHAR_MAX;
- }
+ pid = getpid();
+ srand(time(NULL) * (unsigned int)pid);
- bbs_srand(seed, bbs_seed_size);
- memset(seed, 0, bbs_seed_size);
- free(seed);
+ /* Not a perfect seed, but not bad */
+ seed = malloc(bbs_seed_size);
+ for (ix = 0; ix < bbs_seed_size; ix++) {
+ seed[ix] = rand() % UCHAR_MAX;
+ }
- while(num-- > 0) {
- ix = bbs_rand();
+ bbs_srand(seed, bbs_seed_size);
+ memset(seed, 0, bbs_seed_size);
+ free(seed);
- printf("%u\n", ix);
- }
+ while (num-- > 0) {
+ ix = bbs_rand();
- return 0;
+ printf("%u\n", ix);
+ }
+ return 0;
}
diff --git a/lib/freebl/mpi/utils/sieve.c b/lib/freebl/mpi/utils/sieve.c
index 71a17c8f1..57768af9e 100644
--- a/lib/freebl/mpi/utils/sieve.c
+++ b/lib/freebl/mpi/utils/sieve.c
@@ -28,14 +28,14 @@
#include <stdlib.h>
#include <limits.h>
-typedef unsigned char byte;
+typedef unsigned char byte;
typedef struct {
- int size;
- byte *bits;
- long base;
- int next;
- int nbits;
+ int size;
+ byte *bits;
+ long base;
+ int next;
+ int nbits;
} sieve;
void sieve_init(sieve *sp, long base, int nbits);
@@ -45,191 +45,199 @@ void sieve_reset(sieve *sp, long base);
void sieve_cross(sieve *sp, long val);
void sieve_clear(sieve *sp);
-#define S_ISSET(S, B) (((S)->bits[(B)/CHAR_BIT]>>((B)%CHAR_BIT))&1)
-#define S_SET(S, B) ((S)->bits[(B)/CHAR_BIT]|=(1<<((B)%CHAR_BIT)))
-#define S_CLR(S, B) ((S)->bits[(B)/CHAR_BIT]&=~(1<<((B)%CHAR_BIT)))
-#define S_VAL(S, B) ((S)->base+(2*(B)))
-#define S_BIT(S, V) (((V)-((S)->base))/2)
+#define S_ISSET(S, B) (((S)->bits[(B) / CHAR_BIT] >> ((B) % CHAR_BIT)) & 1)
+#define S_SET(S, B) ((S)->bits[(B) / CHAR_BIT] |= (1 << ((B) % CHAR_BIT)))
+#define S_CLR(S, B) ((S)->bits[(B) / CHAR_BIT] &= ~(1 << ((B) % CHAR_BIT)))
+#define S_VAL(S, B) ((S)->base + (2 * (B)))
+#define S_BIT(S, V) (((V) - ((S)->base)) / 2)
-int main(int argc, char *argv[])
+int
+main(int argc, char *argv[])
{
- sieve s;
- long pr, *p;
- int c, ix, cur = 0;
+ sieve s;
+ long pr, *p;
+ int c, ix, cur = 0;
- if(argc < 2) {
- fprintf(stderr, "Usage: %s <width>\n", argv[0]);
- return 1;
- }
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s <width>\n", argv[0]);
+ return 1;
+ }
- c = atoi(argv[1]);
- if(c < 0) c = -c;
+ c = atoi(argv[1]);
+ if (c < 0)
+ c = -c;
- fprintf(stderr, "%s: sieving to %d positions\n", argv[0], c);
+ fprintf(stderr, "%s: sieving to %d positions\n", argv[0], c);
- sieve_init(&s, 3, c);
+ sieve_init(&s, 3, c);
- c = 0;
- while((pr = sieve_next(&s)) > 0) {
- ++c;
- }
+ c = 0;
+ while ((pr = sieve_next(&s)) > 0) {
+ ++c;
+ }
- p = calloc(c, sizeof(long));
- if(!p) {
- fprintf(stderr, "%s: out of memory after first half\n", argv[0]);
- sieve_clear(&s);
- exit(1);
- }
+ p = calloc(c, sizeof(long));
+ if (!p) {
+ fprintf(stderr, "%s: out of memory after first half\n", argv[0]);
+ sieve_clear(&s);
+ exit(1);
+ }
+
+ fprintf(stderr, "%s: half done ... \n", argv[0]);
- fprintf(stderr, "%s: half done ... \n", argv[0]);
+ for (ix = 0; ix < s.nbits; ix++) {
+ if (S_ISSET(&s, ix)) {
+ p[cur] = S_VAL(&s, ix);
+ printf("%ld\n", p[cur]);
+ ++cur;
+ }
+ }
- for(ix = 0; ix < s.nbits; ix++) {
- if(S_ISSET(&s, ix)) {
- p[cur] = S_VAL(&s, ix);
- printf("%ld\n", p[cur]);
- ++cur;
+ sieve_reset(&s, p[cur - 1]);
+ fprintf(stderr, "%s: crossing off %d found primes ... \n", argv[0], cur);
+ for (ix = 0; ix < cur; ix++) {
+ sieve_cross(&s, p[ix]);
+ if (!(ix % 1000))
+ fputc('.', stderr);
}
- }
-
- sieve_reset(&s, p[cur - 1]);
- fprintf(stderr, "%s: crossing off %d found primes ... \n", argv[0], cur);
- for(ix = 0; ix < cur; ix++) {
- sieve_cross(&s, p[ix]);
- if(!(ix % 1000))
- fputc('.', stderr);
- }
- fputc('\n', stderr);
-
- free(p);
-
- fprintf(stderr, "%s: sieving again from %ld ... \n", argv[0], p[cur - 1]);
- c = 0;
- while((pr = sieve_next(&s)) > 0) {
- ++c;
- }
-
- fprintf(stderr, "%s: done!\n", argv[0]);
- for(ix = 0; ix < s.nbits; ix++) {
- if(S_ISSET(&s, ix)) {
- printf("%ld\n", S_VAL(&s, ix));
+ fputc('\n', stderr);
+
+ free(p);
+
+ fprintf(stderr, "%s: sieving again from %ld ... \n", argv[0], p[cur - 1]);
+ c = 0;
+ while ((pr = sieve_next(&s)) > 0) {
+ ++c;
+ }
+
+ fprintf(stderr, "%s: done!\n", argv[0]);
+ for (ix = 0; ix < s.nbits; ix++) {
+ if (S_ISSET(&s, ix)) {
+ printf("%ld\n", S_VAL(&s, ix));
+ }
}
- }
- sieve_clear(&s);
+ sieve_clear(&s);
- return 0;
+ return 0;
}
-void sieve_init(sieve *sp, long base, int nbits)
+void
+sieve_init(sieve *sp, long base, int nbits)
{
- sp->size = (nbits / CHAR_BIT);
-
- if(nbits % CHAR_BIT)
- ++sp->size;
-
- sp->bits = calloc(sp->size, sizeof(byte));
- memset(sp->bits, UCHAR_MAX, sp->size);
- if(!(base & 1))
- ++base;
- sp->base = base;
-
- sp->next = 0;
- sp->nbits = sp->size * CHAR_BIT;
+ sp->size = (nbits / CHAR_BIT);
+
+ if (nbits % CHAR_BIT)
+ ++sp->size;
+
+ sp->bits = calloc(sp->size, sizeof(byte));
+ memset(sp->bits, UCHAR_MAX, sp->size);
+ if (!(base & 1))
+ ++base;
+ sp->base = base;
+
+ sp->next = 0;
+ sp->nbits = sp->size * CHAR_BIT;
}
-void sieve_grow(sieve *sp, int nbits)
+void
+sieve_grow(sieve *sp, int nbits)
{
- int ns = (nbits / CHAR_BIT);
+ int ns = (nbits / CHAR_BIT);
- if(nbits % CHAR_BIT)
- ++ns;
+ if (nbits % CHAR_BIT)
+ ++ns;
- if(ns > sp->size) {
- byte *tmp;
- int ix;
+ if (ns > sp->size) {
+ byte *tmp;
+ int ix;
- tmp = calloc(ns, sizeof(byte));
- if(tmp == NULL) {
- fprintf(stderr, "Error: out of memory in sieve_grow\n");
- return;
- }
+ tmp = calloc(ns, sizeof(byte));
+ if (tmp == NULL) {
+ fprintf(stderr, "Error: out of memory in sieve_grow\n");
+ return;
+ }
- memcpy(tmp, sp->bits, sp->size);
- for(ix = sp->size; ix < ns; ix++) {
- tmp[ix] = UCHAR_MAX;
- }
+ memcpy(tmp, sp->bits, sp->size);
+ for (ix = sp->size; ix < ns; ix++) {
+ tmp[ix] = UCHAR_MAX;
+ }
- free(sp->bits);
- sp->bits = tmp;
- sp->size = ns;
+ free(sp->bits);
+ sp->bits = tmp;
+ sp->size = ns;
- sp->nbits = sp->size * CHAR_BIT;
- }
+ sp->nbits = sp->size * CHAR_BIT;
+ }
}
-long sieve_next(sieve *sp)
+long
+sieve_next(sieve *sp)
{
- long out;
- int ix = 0;
- long val;
+ long out;
+ int ix = 0;
+ long val;
- if(sp->next > sp->nbits)
- return -1;
+ if (sp->next > sp->nbits)
+ return -1;
- out = S_VAL(sp, sp->next);
+ out = S_VAL(sp, sp->next);
#ifdef DEBUG
- fprintf(stderr, "Sieving %ld\n", out);
+ fprintf(stderr, "Sieving %ld\n", out);
#endif
- /* Sieve out all multiples of the current prime */
- val = out;
- while(ix < sp->nbits) {
- val += out;
- ix = S_BIT(sp, val);
- if((val & 1) && ix < sp->nbits) { /* && S_ISSET(sp, ix)) { */
- S_CLR(sp, ix);
+ /* Sieve out all multiples of the current prime */
+ val = out;
+ while (ix < sp->nbits) {
+ val += out;
+ ix = S_BIT(sp, val);
+ if ((val & 1) && ix < sp->nbits) { /* && S_ISSET(sp, ix)) { */
+ S_CLR(sp, ix);
#ifdef DEBUG
- fprintf(stderr, "Crossing out %ld (bit %d)\n", val, ix);
+ fprintf(stderr, "Crossing out %ld (bit %d)\n", val, ix);
#endif
+ }
}
- }
- /* Scan ahead to the next prime */
- ++sp->next;
- while(sp->next < sp->nbits && !S_ISSET(sp, sp->next))
+ /* Scan ahead to the next prime */
++sp->next;
+ while (sp->next < sp->nbits && !S_ISSET(sp, sp->next))
+ ++sp->next;
- return out;
+ return out;
}
-void sieve_cross(sieve *sp, long val)
+void
+sieve_cross(sieve *sp, long val)
{
- int ix = 0;
- long cur = val;
+ int ix = 0;
+ long cur = val;
- while(cur < sp->base)
- cur += val;
+ while (cur < sp->base)
+ cur += val;
- ix = S_BIT(sp, cur);
- while(ix < sp->nbits) {
- if(cur & 1)
- S_CLR(sp, ix);
- cur += val;
ix = S_BIT(sp, cur);
- }
+ while (ix < sp->nbits) {
+ if (cur & 1)
+ S_CLR(sp, ix);
+ cur += val;
+ ix = S_BIT(sp, cur);
+ }
}
-void sieve_reset(sieve *sp, long base)
+void
+sieve_reset(sieve *sp, long base)
{
- memset(sp->bits, UCHAR_MAX, sp->size);
- sp->base = base;
- sp->next = 0;
+ memset(sp->bits, UCHAR_MAX, sp->size);
+ sp->base = base;
+ sp->next = 0;
}
-void sieve_clear(sieve *sp)
+void
+sieve_clear(sieve *sp)
{
- if(sp->bits)
- free(sp->bits);
+ if (sp->bits)
+ free(sp->bits);
- sp->bits = NULL;
+ sp->bits = NULL;
}
diff --git a/lib/freebl/mpi/vis_proto.h b/lib/freebl/mpi/vis_proto.h
index 7e8ed29e7..275de59df 100644
--- a/lib/freebl/mpi/vis_proto.h
+++ b/lib/freebl/mpi/vis_proto.h
@@ -9,7 +9,7 @@
#ifndef VIS_PROTO_H
#define VIS_PROTO_H
-#pragma ident "@(#)vis_proto.h 1.3 97/03/30 SMI"
+#pragma ident "@(#)vis_proto.h 1.3 97/03/30 SMI"
#ifdef __cplusplus
extern "C" {
@@ -186,46 +186,46 @@ void vis_error(char * /*fmt*/, int /*a0*/);
void vis_sim_init(void);
/* For better performance */
-#define vis_fmul8x16(farg,darg) vis_fmul8x16_dummy((farg),0,(darg))
+#define vis_fmul8x16(farg, darg) vis_fmul8x16_dummy((farg), 0, (darg))
/* Nicknames for explicit ASI loads and stores. */
-#define vis_st_u8 vis_stdfa_ASI_FL8P
-#define vis_st_u8_i vis_stdfa_ASI_FL8P_index
-#define vis_st_u8_le vis_stdfa_ASI_FL8PL
-#define vis_st_u16 vis_stdfa_ASI_FL16P
-#define vis_st_u16_i vis_stdfa_ASI_FL16P_index
-#define vis_st_u16_le vis_stdfa_ASI_FL16PL
-
-#define vis_ld_u8 vis_lddfa_ASI_FL8P
-#define vis_ld_u8_i vis_lddfa_ASI_FL8P_index
-#define vis_ld_u8_le vis_lddfa_ASI_FL8PL
-#define vis_ld_u16 vis_lddfa_ASI_FL16P
-#define vis_ld_u16_i vis_lddfa_ASI_FL16P_index
-#define vis_ld_u16_le vis_lddfa_ASI_FL16PL
-
-#define vis_pst_8 vis_stdfa_ASI_PST8P
-#define vis_pst_16 vis_stdfa_ASI_PST16P
-#define vis_pst_32 vis_stdfa_ASI_PST32P
-
-#define vis_st_u8s vis_stdfa_ASI_FL8S
-#define vis_st_u8s_le vis_stdfa_ASI_FL8SL
-#define vis_st_u16s vis_stdfa_ASI_FL16S
+#define vis_st_u8 vis_stdfa_ASI_FL8P
+#define vis_st_u8_i vis_stdfa_ASI_FL8P_index
+#define vis_st_u8_le vis_stdfa_ASI_FL8PL
+#define vis_st_u16 vis_stdfa_ASI_FL16P
+#define vis_st_u16_i vis_stdfa_ASI_FL16P_index
+#define vis_st_u16_le vis_stdfa_ASI_FL16PL
+
+#define vis_ld_u8 vis_lddfa_ASI_FL8P
+#define vis_ld_u8_i vis_lddfa_ASI_FL8P_index
+#define vis_ld_u8_le vis_lddfa_ASI_FL8PL
+#define vis_ld_u16 vis_lddfa_ASI_FL16P
+#define vis_ld_u16_i vis_lddfa_ASI_FL16P_index
+#define vis_ld_u16_le vis_lddfa_ASI_FL16PL
+
+#define vis_pst_8 vis_stdfa_ASI_PST8P
+#define vis_pst_16 vis_stdfa_ASI_PST16P
+#define vis_pst_32 vis_stdfa_ASI_PST32P
+
+#define vis_st_u8s vis_stdfa_ASI_FL8S
+#define vis_st_u8s_le vis_stdfa_ASI_FL8SL
+#define vis_st_u16s vis_stdfa_ASI_FL16S
#define vis_st_u16s_le vis_stdfa_ASI_FL16SL
-#define vis_ld_u8s vis_lddfa_ASI_FL8S
-#define vis_ld_u8s_le vis_lddfa_ASI_FL8SL
-#define vis_ld_u16s vis_lddfa_ASI_FL16S
+#define vis_ld_u8s vis_lddfa_ASI_FL8S
+#define vis_ld_u8s_le vis_lddfa_ASI_FL8SL
+#define vis_ld_u16s vis_lddfa_ASI_FL16S
#define vis_ld_u16s_le vis_lddfa_ASI_FL16SL
-#define vis_pst_8s vis_stdfa_ASI_PST8S
-#define vis_pst_16s vis_stdfa_ASI_PST16S
-#define vis_pst_32s vis_stdfa_ASI_PST32S
+#define vis_pst_8s vis_stdfa_ASI_PST8S
+#define vis_pst_16s vis_stdfa_ASI_PST16S
+#define vis_pst_32s vis_stdfa_ASI_PST32S
/* "<" and ">=" may be implemented in terms of ">" and "<=". */
-#define vis_fcmplt16(a,b) vis_fcmpgt16((b),(a))
-#define vis_fcmplt32(a,b) vis_fcmpgt32((b),(a))
-#define vis_fcmpge16(a,b) vis_fcmple16((b),(a))
-#define vis_fcmpge32(a,b) vis_fcmple32((b),(a))
+#define vis_fcmplt16(a, b) vis_fcmpgt16((b), (a))
+#define vis_fcmplt32(a, b) vis_fcmpgt32((b), (a))
+#define vis_fcmpge16(a, b) vis_fcmple16((b), (a))
+#define vis_fcmpge32(a, b) vis_fcmple32((b), (a))
#ifdef __cplusplus
} // End of extern "C"
diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c
index 4da9aac8d..5ed039689 100644
--- a/lib/freebl/nsslowhash.c
+++ b/lib/freebl/nsslowhash.c
@@ -14,16 +14,17 @@
#include "blapii.h"
struct NSSLOWInitContextStr {
- int count;
+ int count;
};
struct NSSLOWHASHContextStr {
const SECHashObject *hashObj;
void *hashCtxt;
-
};
-static int nsslow_GetFIPSEnabled(void) {
+static int
+nsslow_GetFIPSEnabled(void)
+{
#ifdef LINUX
FILE *f;
char d;
@@ -50,100 +51,100 @@ NSSLOWInitContext *
NSSLOW_Init(void)
{
#ifdef FREEBL_NO_DEPEND
- (void) FREEBL_InitStubs();
+ (void)FREEBL_InitStubs();
#endif
- /* make sure the FIPS product is installed if we are trying to
- * go into FIPS mode */
- if (nsslow_GetFIPSEnabled()) {
- if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- post_failed = PR_TRUE;
- return NULL;
- }
- }
- post_failed = PR_FALSE;
-
- return &dummyContext;
+ /* make sure the FIPS product is installed if we are trying to
+ * go into FIPS mode */
+ if (nsslow_GetFIPSEnabled()) {
+ if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ post_failed = PR_TRUE;
+ return NULL;
+ }
+ }
+ post_failed = PR_FALSE;
+
+ return &dummyContext;
}
void
NSSLOW_Shutdown(NSSLOWInitContext *context)
{
- PORT_Assert(context == &dummyContext);
- return;
+ PORT_Assert(context == &dummyContext);
+ return;
}
void
NSSLOW_Reset(NSSLOWInitContext *context)
{
- PORT_Assert(context == &dummyContext);
- return;
+ PORT_Assert(context == &dummyContext);
+ return;
}
NSSLOWHASHContext *
-NSSLOWHASH_NewContext(NSSLOWInitContext *initContext,
- HASH_HashType hashType)
+NSSLOWHASH_NewContext(NSSLOWInitContext *initContext,
+ HASH_HashType hashType)
{
- NSSLOWHASHContext *context;
-
- if (post_failed) {
- PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
- return NULL;
- }
-
- if (initContext != &dummyContext) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return (NULL);
- }
-
- context = PORT_ZNew(NSSLOWHASHContext);
- if (!context) {
- return NULL;
- }
- context->hashObj = HASH_GetRawHashObject(hashType);
- if (!context->hashObj) {
- PORT_Free(context);
- return NULL;
- }
- context->hashCtxt = context->hashObj->create();
- if (!context->hashCtxt) {
- PORT_Free(context);
- return NULL;
- }
-
- return context;
+ NSSLOWHASHContext *context;
+
+ if (post_failed) {
+ PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
+ return NULL;
+ }
+
+ if (initContext != &dummyContext) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return (NULL);
+ }
+
+ context = PORT_ZNew(NSSLOWHASHContext);
+ if (!context) {
+ return NULL;
+ }
+ context->hashObj = HASH_GetRawHashObject(hashType);
+ if (!context->hashObj) {
+ PORT_Free(context);
+ return NULL;
+ }
+ context->hashCtxt = context->hashObj->create();
+ if (!context->hashCtxt) {
+ PORT_Free(context);
+ return NULL;
+ }
+
+ return context;
}
void
NSSLOWHASH_Begin(NSSLOWHASHContext *context)
{
- return context->hashObj->begin(context->hashCtxt);
+ return context->hashObj->begin(context->hashCtxt);
}
void
-NSSLOWHASH_Update(NSSLOWHASHContext *context, const unsigned char *buf,
- unsigned int len)
+NSSLOWHASH_Update(NSSLOWHASHContext *context, const unsigned char *buf,
+ unsigned int len)
{
- return context->hashObj->update(context->hashCtxt, buf, len);
+ return context->hashObj->update(context->hashCtxt, buf, len);
}
void
-NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned char *buf,
- unsigned int *ret, unsigned int len)
+NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned char *buf,
+ unsigned int *ret, unsigned int len)
{
- return context->hashObj->end(context->hashCtxt, buf, ret, len);
+ return context->hashObj->end(context->hashCtxt, buf, ret, len);
}
void
NSSLOWHASH_Destroy(NSSLOWHASHContext *context)
{
- context->hashObj->destroy(context->hashCtxt, PR_TRUE);
- PORT_Free(context);
+ context->hashObj->destroy(context->hashCtxt, PR_TRUE);
+ PORT_Free(context);
}
unsigned int
NSSLOWHASH_Length(NSSLOWHASHContext *context)
{
- return context->hashObj->length;
+ return context->hashObj->length;
}
diff --git a/lib/freebl/nsslowhash.h b/lib/freebl/nsslowhash.h
index bfce42be2..d8f058715 100644
--- a/lib/freebl/nsslowhash.h
+++ b/lib/freebl/nsslowhash.h
@@ -18,16 +18,16 @@ NSSLOWInitContext *NSSLOW_Init(void);
void NSSLOW_Shutdown(NSSLOWInitContext *context);
void NSSLOW_Reset(NSSLOWInitContext *context);
NSSLOWHASHContext *NSSLOWHASH_NewContext(
- NSSLOWInitContext *initContext,
- HASH_HashType hashType);
+ NSSLOWInitContext *initContext,
+ HASH_HashType hashType);
void NSSLOWHASH_Begin(NSSLOWHASHContext *context);
-void NSSLOWHASH_Update(NSSLOWHASHContext *context,
- const unsigned char *buf,
- unsigned int len);
-void NSSLOWHASH_End(NSSLOWHASHContext *context,
- unsigned char *buf,
- unsigned int *ret, unsigned int len);
+void NSSLOWHASH_Update(NSSLOWHASHContext *context,
+ const unsigned char *buf,
+ unsigned int len);
+void NSSLOWHASH_End(NSSLOWHASHContext *context,
+ unsigned char *buf,
+ unsigned int *ret, unsigned int len);
void NSSLOWHASH_Destroy(NSSLOWHASHContext *context);
-unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context);
+unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context);
#endif
diff --git a/lib/freebl/os2_rand.c b/lib/freebl/os2_rand.c
index bfe28cfc1..407b08014 100644
--- a/lib/freebl/os2_rand.c
+++ b/lib/freebl/os2_rand.c
@@ -12,32 +12,34 @@
#include <stdio.h>
#include <sys/stat.h>
-static BOOL clockTickTime(unsigned long *phigh, unsigned long *plow)
+static BOOL
+clockTickTime(unsigned long *phigh, unsigned long *plow)
{
APIRET rc = NO_ERROR;
- QWORD qword = {0,0};
+ QWORD qword = { 0, 0 };
rc = DosTmrQueryTime(&qword);
if (rc != NO_ERROR)
- return FALSE;
+ return FALSE;
*phigh = qword.ulHi;
- *plow = qword.ulLo;
+ *plow = qword.ulLo;
return TRUE;
}
-size_t RNG_GetNoise(void *buf, size_t maxbuf)
+size_t
+RNG_GetNoise(void *buf, size_t maxbuf)
{
unsigned long high = 0;
- unsigned long low = 0;
+ unsigned long low = 0;
clock_t val = 0;
int n = 0;
int nBytes = 0;
time_t sTime;
if (maxbuf <= 0)
- return 0;
+ return 0;
clockTickTime(&high, &low);
@@ -48,7 +50,7 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
maxbuf -= nBytes;
if (maxbuf <= 0)
- return n;
+ return n;
nBytes = sizeof(high) > maxbuf ? maxbuf : sizeof(high);
memcpy(((char *)buf) + n, &high, nBytes);
@@ -56,7 +58,7 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
maxbuf -= nBytes;
if (maxbuf <= 0)
- return n;
+ return n;
/* get the number of milliseconds that have elapsed since application started */
val = clock();
@@ -67,7 +69,7 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
maxbuf -= nBytes;
if (maxbuf <= 0)
- return n;
+ return n;
/* get the time in seconds since midnight Jan 1, 1970 */
time(&sTime);
@@ -81,54 +83,51 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
static BOOL
EnumSystemFiles(void (*func)(const char *))
{
- APIRET rc;
- ULONG sysInfo = 0;
- char bootLetter[2];
- char sysDir[_MAX_PATH] = "";
- char filename[_MAX_PATH];
- HDIR hdir = HDIR_CREATE;
- ULONG numFiles = 1;
- FILEFINDBUF3 fileBuf = {0};
- ULONG buflen = sizeof(FILEFINDBUF3);
+ APIRET rc;
+ ULONG sysInfo = 0;
+ char bootLetter[2];
+ char sysDir[_MAX_PATH] = "";
+ char filename[_MAX_PATH];
+ HDIR hdir = HDIR_CREATE;
+ ULONG numFiles = 1;
+ FILEFINDBUF3 fileBuf = { 0 };
+ ULONG buflen = sizeof(FILEFINDBUF3);
if (DosQuerySysInfo(QSV_BOOT_DRIVE, QSV_BOOT_DRIVE, (PVOID)&sysInfo,
- sizeof(ULONG)) == NO_ERROR)
- {
- bootLetter[0] = sysInfo + 'A' -1;
- bootLetter[1] = '\0';
- strcpy(sysDir, bootLetter);
- strcpy(sysDir+1, ":\\OS2\\");
-
- strcpy( filename, sysDir );
- strcat( filename, "*.*" );
+ sizeof(ULONG)) == NO_ERROR) {
+ bootLetter[0] = sysInfo + 'A' - 1;
+ bootLetter[1] = '\0';
+ strcpy(sysDir, bootLetter);
+ strcpy(sysDir + 1, ":\\OS2\\");
+
+ strcpy(filename, sysDir);
+ strcat(filename, "*.*");
}
- rc =DosFindFirst( filename, &hdir, FILE_NORMAL, &fileBuf, buflen,
- &numFiles, FIL_STANDARD );
- if( rc == NO_ERROR )
- {
- do {
- // pass the full pathname to the callback
- sprintf( filename, "%s%s", sysDir, fileBuf.achName );
- (*func)(filename);
-
- numFiles = 1;
- rc = DosFindNext( hdir, &fileBuf, buflen, &numFiles );
- if( rc != NO_ERROR && rc != ERROR_NO_MORE_FILES )
- printf( "DosFindNext errod code = %d\n", rc );
- } while ( rc == NO_ERROR );
-
- rc = DosFindClose(hdir);
- if( rc != NO_ERROR )
- printf( "DosFindClose error code = %d", rc );
- }
- else
- printf( "DosFindFirst error code = %d", rc );
+ rc = DosFindFirst(filename, &hdir, FILE_NORMAL, &fileBuf, buflen,
+ &numFiles, FIL_STANDARD);
+ if (rc == NO_ERROR) {
+ do {
+ // pass the full pathname to the callback
+ sprintf(filename, "%s%s", sysDir, fileBuf.achName);
+ (*func)(filename);
+
+ numFiles = 1;
+ rc = DosFindNext(hdir, &fileBuf, buflen, &numFiles);
+ if (rc != NO_ERROR && rc != ERROR_NO_MORE_FILES)
+ printf("DosFindNext errod code = %d\n", rc);
+ } while (rc == NO_ERROR);
+
+ rc = DosFindClose(hdir);
+ if (rc != NO_ERROR)
+ printf("DosFindClose error code = %d", rc);
+ } else
+ printf("DosFindFirst error code = %d", rc);
return TRUE;
}
-static int dwNumFiles, dwReadEvery, dwFileToRead=0;
+static int dwNumFiles, dwReadEvery, dwFileToRead = 0;
static void
CountFiles(const char *file)
@@ -145,17 +144,17 @@ ReadFiles(const char *file)
dwNumFiles++;
}
-static void
+static void
ReadSingleFile(const char *filename)
{
unsigned char buffer[1024];
- FILE *file;
-
+ FILE *file;
+
file = fopen((char *)filename, "rb");
if (file != NULL) {
- while (fread(buffer, 1, sizeof(buffer), file) > 0)
- ;
- fclose(file);
+ while (fread(buffer, 1, sizeof(buffer), file) > 0)
+ ;
+ fclose(file);
}
}
@@ -185,157 +184,151 @@ ReadSystemFiles(void)
dwReadEvery = dwNumFiles / 10;
if (dwReadEvery == 0)
- dwReadEvery = 1; // less than 10 files
+ dwReadEvery = 1; // less than 10 files
dwNumFiles = 0;
EnumSystemFiles(ReadFiles);
}
-void RNG_SystemInfoForRNG(void)
+void
+RNG_SystemInfoForRNG(void)
{
- unsigned long *plong = 0;
- PTIB ptib;
- PPIB ppib;
- APIRET rc = NO_ERROR;
- DATETIME dt;
- COUNTRYCODE cc = {0};
- COUNTRYINFO ci = {0};
- unsigned long actual = 0;
- char path[_MAX_PATH]="";
- char fullpath[_MAX_PATH]="";
- unsigned long pathlength = sizeof(path);
- FSALLOCATE fsallocate;
- FILESTATUS3 fstatus;
- unsigned long defaultdrive = 0;
- unsigned long logicaldrives = 0;
- unsigned long sysInfo[QSV_MAX] = {0};
- char buffer[20];
- int nBytes = 0;
-
- nBytes = RNG_GetNoise(buffer, sizeof(buffer));
- RNG_RandomUpdate(buffer, nBytes);
-
- /* allocate memory and use address and memory */
- plong = (unsigned long *)malloc(sizeof(*plong));
- RNG_RandomUpdate(&plong, sizeof(plong));
- RNG_RandomUpdate(plong, sizeof(*plong));
- free(plong);
-
- /* process info */
- rc = DosGetInfoBlocks(&ptib, &ppib);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(ptib, sizeof(*ptib));
- RNG_RandomUpdate(ppib, sizeof(*ppib));
- }
-
- /* time */
- rc = DosGetDateTime(&dt);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&dt, sizeof(dt));
- }
-
- /* country */
- rc = DosQueryCtryInfo(sizeof(ci), &cc, &ci, &actual);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&cc, sizeof(cc));
- RNG_RandomUpdate(&ci, sizeof(ci));
- RNG_RandomUpdate(&actual, sizeof(actual));
- }
-
- /* current directory */
- rc = DosQueryCurrentDir(0, path, &pathlength);
- strcat(fullpath, "\\");
- strcat(fullpath, path);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(fullpath, strlen(fullpath));
- // path info
- rc = DosQueryPathInfo(fullpath, FIL_STANDARD, &fstatus, sizeof(fstatus));
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&fstatus, sizeof(fstatus));
- }
- }
-
- /* file system info */
- rc = DosQueryFSInfo(0, FSIL_ALLOC, &fsallocate, sizeof(fsallocate));
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&fsallocate, sizeof(fsallocate));
- }
-
- /* drive info */
- rc = DosQueryCurrentDisk(&defaultdrive, &logicaldrives);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&defaultdrive, sizeof(defaultdrive));
- RNG_RandomUpdate(&logicaldrives, sizeof(logicaldrives));
- }
-
- /* system info */
- rc = DosQuerySysInfo(1L, QSV_MAX, (PVOID)&sysInfo, sizeof(ULONG)*QSV_MAX);
- if (rc == NO_ERROR)
- {
- RNG_RandomUpdate(&sysInfo, sizeof(sysInfo));
- }
-
- // now let's do some files
- ReadSystemFiles();
-
- /* more noise */
- nBytes = RNG_GetNoise(buffer, sizeof(buffer));
- RNG_RandomUpdate(buffer, nBytes);
+ unsigned long *plong = 0;
+ PTIB ptib;
+ PPIB ppib;
+ APIRET rc = NO_ERROR;
+ DATETIME dt;
+ COUNTRYCODE cc = { 0 };
+ COUNTRYINFO ci = { 0 };
+ unsigned long actual = 0;
+ char path[_MAX_PATH] = "";
+ char fullpath[_MAX_PATH] = "";
+ unsigned long pathlength = sizeof(path);
+ FSALLOCATE fsallocate;
+ FILESTATUS3 fstatus;
+ unsigned long defaultdrive = 0;
+ unsigned long logicaldrives = 0;
+ unsigned long sysInfo[QSV_MAX] = { 0 };
+ char buffer[20];
+ int nBytes = 0;
+
+ nBytes = RNG_GetNoise(buffer, sizeof(buffer));
+ RNG_RandomUpdate(buffer, nBytes);
+
+ /* allocate memory and use address and memory */
+ plong = (unsigned long *)malloc(sizeof(*plong));
+ RNG_RandomUpdate(&plong, sizeof(plong));
+ RNG_RandomUpdate(plong, sizeof(*plong));
+ free(plong);
+
+ /* process info */
+ rc = DosGetInfoBlocks(&ptib, &ppib);
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(ptib, sizeof(*ptib));
+ RNG_RandomUpdate(ppib, sizeof(*ppib));
+ }
+
+ /* time */
+ rc = DosGetDateTime(&dt);
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(&dt, sizeof(dt));
+ }
+
+ /* country */
+ rc = DosQueryCtryInfo(sizeof(ci), &cc, &ci, &actual);
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(&cc, sizeof(cc));
+ RNG_RandomUpdate(&ci, sizeof(ci));
+ RNG_RandomUpdate(&actual, sizeof(actual));
+ }
+
+ /* current directory */
+ rc = DosQueryCurrentDir(0, path, &pathlength);
+ strcat(fullpath, "\\");
+ strcat(fullpath, path);
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(fullpath, strlen(fullpath));
+ // path info
+ rc = DosQueryPathInfo(fullpath, FIL_STANDARD, &fstatus, sizeof(fstatus));
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(&fstatus, sizeof(fstatus));
+ }
+ }
+
+ /* file system info */
+ rc = DosQueryFSInfo(0, FSIL_ALLOC, &fsallocate, sizeof(fsallocate));
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(&fsallocate, sizeof(fsallocate));
+ }
+
+ /* drive info */
+ rc = DosQueryCurrentDisk(&defaultdrive, &logicaldrives);
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(&defaultdrive, sizeof(defaultdrive));
+ RNG_RandomUpdate(&logicaldrives, sizeof(logicaldrives));
+ }
+
+ /* system info */
+ rc = DosQuerySysInfo(1L, QSV_MAX, (PVOID)&sysInfo, sizeof(ULONG) * QSV_MAX);
+ if (rc == NO_ERROR) {
+ RNG_RandomUpdate(&sysInfo, sizeof(sysInfo));
+ }
+
+ // now let's do some files
+ ReadSystemFiles();
+
+ /* more noise */
+ nBytes = RNG_GetNoise(buffer, sizeof(buffer));
+ RNG_RandomUpdate(buffer, nBytes);
}
-void RNG_FileForRNG(const char *filename)
+void
+RNG_FileForRNG(const char *filename)
{
struct stat stat_buf;
unsigned char buffer[1024];
FILE *file = 0;
int nBytes = 0;
static int totalFileBytes = 0;
-
+
if (stat((char *)filename, &stat_buf) < 0)
- return;
+ return;
+
+ RNG_RandomUpdate((unsigned char *)&stat_buf, sizeof(stat_buf));
- RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf));
-
file = fopen((char *)filename, "r");
- if (file != NULL)
- {
- for (;;)
- {
- size_t bytes = fread(buffer, 1, sizeof(buffer), file);
-
- if (bytes == 0)
- break;
-
- RNG_RandomUpdate(buffer, bytes);
- totalFileBytes += bytes;
- if (totalFileBytes > 250000)
- break;
- }
- fclose(file);
+ if (file != NULL) {
+ for (;;) {
+ size_t bytes = fread(buffer, 1, sizeof(buffer), file);
+
+ if (bytes == 0)
+ break;
+
+ RNG_RandomUpdate(buffer, bytes);
+ totalFileBytes += bytes;
+ if (totalFileBytes > 250000)
+ break;
+ }
+ fclose(file);
}
- nBytes = RNG_GetNoise(buffer, 20);
+ nBytes = RNG_GetNoise(buffer, 20);
RNG_RandomUpdate(buffer, nBytes);
}
-static void rng_systemJitter(void)
+static void
+rng_systemJitter(void)
{
dwNumFiles = 0;
EnumSystemFiles(ReadOneFile);
dwFileToRead++;
if (dwFileToRead >= dwNumFiles) {
- dwFileToRead = 0;
+ dwFileToRead = 0;
}
}
-size_t RNG_SystemRNG(void *dest, size_t maxLen)
+size_t
+RNG_SystemRNG(void *dest, size_t maxLen)
{
- return rng_systemFromNoise(dest,maxLen);
+ return rng_systemFromNoise(dest, maxLen);
}
diff --git a/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c b/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
index 38cbf35fd..2a3301e4e 100644
--- a/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
+++ b/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
@@ -15,609 +15,866 @@
#define ALIGN(x) __attribute__((aligned(x)))
#define INLINE inline
-#define U8TO64_LE(m) (*(uint64_t*)(m))
-#define U8TO32_LE(m) (*(uint32_t*)(m))
-#define U64TO8_LE(m,v) (*(uint64_t*)(m)) = v
+#define U8TO64_LE(m) (*(uint64_t *)(m))
+#define U8TO32_LE(m) (*(uint32_t *)(m))
+#define U64TO8_LE(m, v) (*(uint64_t *)(m)) = v
typedef __m128i xmmi;
typedef unsigned __int128 uint128_t;
-static const uint32_t ALIGN(16) poly1305_x64_sse2_message_mask[4] = {(1 << 26) - 1, 0, (1 << 26) - 1, 0};
-static const uint32_t ALIGN(16) poly1305_x64_sse2_5[4] = {5, 0, 5, 0};
-static const uint32_t ALIGN(16) poly1305_x64_sse2_1shl128[4] = {(1 << 24), 0, (1 << 24), 0};
+static const uint32_t ALIGN(16) poly1305_x64_sse2_message_mask[4] = { (1 << 26) - 1, 0, (1 << 26) - 1, 0 };
+static const uint32_t ALIGN(16) poly1305_x64_sse2_5[4] = { 5, 0, 5, 0 };
+static const uint32_t ALIGN(16) poly1305_x64_sse2_1shl128[4] = { (1 << 24), 0, (1 << 24), 0 };
static uint128_t INLINE
-add128(uint128_t a, uint128_t b) {
- return a + b;
+add128(uint128_t a, uint128_t b)
+{
+ return a + b;
}
static uint128_t INLINE
-add128_64(uint128_t a, uint64_t b) {
- return a + b;
+add128_64(uint128_t a, uint64_t b)
+{
+ return a + b;
}
static uint128_t INLINE
-mul64x64_128(uint64_t a, uint64_t b) {
- return (uint128_t)a * b;
+mul64x64_128(uint64_t a, uint64_t b)
+{
+ return (uint128_t)a * b;
}
static uint64_t INLINE
-lo128(uint128_t a) {
- return (uint64_t)a;
+lo128(uint128_t a)
+{
+ return (uint64_t)a;
}
static uint64_t INLINE
-shr128(uint128_t v, const int shift) {
- return (uint64_t)(v >> shift);
+shr128(uint128_t v, const int shift)
+{
+ return (uint64_t)(v >> shift);
}
static uint64_t INLINE
-shr128_pair(uint64_t hi, uint64_t lo, const int shift) {
- return (uint64_t)((((uint128_t)hi << 64) | lo) >> shift);
+shr128_pair(uint64_t hi, uint64_t lo, const int shift)
+{
+ return (uint64_t)((((uint128_t)hi << 64) | lo) >> shift);
}
typedef struct poly1305_power_t {
- union {
- xmmi v;
- uint64_t u[2];
- uint32_t d[4];
- } R20,R21,R22,R23,R24,S21,S22,S23,S24;
+ union {
+ xmmi v;
+ uint64_t u[2];
+ uint32_t d[4];
+ } R20, R21, R22, R23, R24, S21, S22, S23, S24;
} poly1305_power;
typedef struct poly1305_state_internal_t {
- poly1305_power P[2]; /* 288 bytes, top 32 bit halves unused = 144 bytes of free storage */
- union {
- xmmi H[5]; /* 80 bytes */
- uint64_t HH[10];
- };
- /* uint64_t r0,r1,r2; [24 bytes] */
- /* uint64_t pad0,pad1; [16 bytes] */
- uint64_t started; /* 8 bytes */
- uint64_t leftover; /* 8 bytes */
- uint8_t buffer[64]; /* 64 bytes */
-} poly1305_state_internal; /* 448 bytes total + 63 bytes for alignment = 511 bytes raw */
+ poly1305_power P[2]; /* 288 bytes, top 32 bit halves unused = 144 bytes of free storage */
+ union {
+ xmmi H[5]; /* 80 bytes */
+ uint64_t HH[10];
+ };
+ /* uint64_t r0,r1,r2; [24 bytes] */
+ /* uint64_t pad0,pad1; [16 bytes] */
+ uint64_t started; /* 8 bytes */
+ uint64_t leftover; /* 8 bytes */
+ uint8_t buffer[64]; /* 64 bytes */
+} poly1305_state_internal; /* 448 bytes total + 63 bytes for alignment = 511 bytes raw */
static poly1305_state_internal INLINE
-*poly1305_aligned_state(poly1305_state *state) {
- return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63);
+ *
+ poly1305_aligned_state(poly1305_state *state)
+{
+ return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63);
}
/* copy 0-63 bytes */
static void INLINE
-poly1305_block_copy(uint8_t *dst, const uint8_t *src, size_t bytes) {
- size_t offset = src - dst;
- if (bytes & 32) {
- _mm_storeu_si128((xmmi *)(dst + 0), _mm_loadu_si128((xmmi *)(dst + offset + 0)));
- _mm_storeu_si128((xmmi *)(dst + 16), _mm_loadu_si128((xmmi *)(dst + offset + 16)));
- dst += 32;
- }
- if (bytes & 16) { _mm_storeu_si128((xmmi *)dst, _mm_loadu_si128((xmmi *)(dst + offset))); dst += 16; }
- if (bytes & 8) { *(uint64_t *)dst = *(uint64_t *)(dst + offset); dst += 8; }
- if (bytes & 4) { *(uint32_t *)dst = *(uint32_t *)(dst + offset); dst += 4; }
- if (bytes & 2) { *(uint16_t *)dst = *(uint16_t *)(dst + offset); dst += 2; }
- if (bytes & 1) { *( uint8_t *)dst = *( uint8_t *)(dst + offset); }
+poly1305_block_copy(uint8_t *dst, const uint8_t *src, size_t bytes)
+{
+ size_t offset = src - dst;
+ if (bytes & 32) {
+ _mm_storeu_si128((xmmi *)(dst + 0), _mm_loadu_si128((xmmi *)(dst + offset + 0)));
+ _mm_storeu_si128((xmmi *)(dst + 16), _mm_loadu_si128((xmmi *)(dst + offset + 16)));
+ dst += 32;
+ }
+ if (bytes & 16) {
+ _mm_storeu_si128((xmmi *)dst, _mm_loadu_si128((xmmi *)(dst + offset)));
+ dst += 16;
+ }
+ if (bytes & 8) {
+ *(uint64_t *)dst = *(uint64_t *)(dst + offset);
+ dst += 8;
+ }
+ if (bytes & 4) {
+ *(uint32_t *)dst = *(uint32_t *)(dst + offset);
+ dst += 4;
+ }
+ if (bytes & 2) {
+ *(uint16_t *)dst = *(uint16_t *)(dst + offset);
+ dst += 2;
+ }
+ if (bytes & 1) {
+ *(uint8_t *)dst = *(uint8_t *)(dst + offset);
+ }
}
/* zero 0-15 bytes */
static void INLINE
-poly1305_block_zero(uint8_t *dst, size_t bytes) {
- if (bytes & 8) { *(uint64_t *)dst = 0; dst += 8; }
- if (bytes & 4) { *(uint32_t *)dst = 0; dst += 4; }
- if (bytes & 2) { *(uint16_t *)dst = 0; dst += 2; }
- if (bytes & 1) { *( uint8_t *)dst = 0; }
+poly1305_block_zero(uint8_t *dst, size_t bytes)
+{
+ if (bytes & 8) {
+ *(uint64_t *)dst = 0;
+ dst += 8;
+ }
+ if (bytes & 4) {
+ *(uint32_t *)dst = 0;
+ dst += 4;
+ }
+ if (bytes & 2) {
+ *(uint16_t *)dst = 0;
+ dst += 2;
+ }
+ if (bytes & 1) {
+ *(uint8_t *)dst = 0;
+ }
}
static size_t INLINE
-poly1305_min(size_t a, size_t b) {
- return (a < b) ? a : b;
+poly1305_min(size_t a, size_t b)
+{
+ return (a < b) ? a : b;
}
void
-Poly1305Init(poly1305_state *state, const unsigned char key[32]) {
- poly1305_state_internal *st = poly1305_aligned_state(state);
- poly1305_power *p;
- uint64_t r0,r1,r2;
- uint64_t t0,t1;
-
- /* clamp key */
- t0 = U8TO64_LE(key + 0);
- t1 = U8TO64_LE(key + 8);
- r0 = t0 & 0xffc0fffffff; t0 >>= 44; t0 |= t1 << 20;
- r1 = t0 & 0xfffffc0ffff; t1 >>= 24;
- r2 = t1 & 0x00ffffffc0f;
-
- /* store r in un-used space of st->P[1] */
- p = &st->P[1];
- p->R20.d[1] = (uint32_t)(r0 );
- p->R20.d[3] = (uint32_t)(r0 >> 32);
- p->R21.d[1] = (uint32_t)(r1 );
- p->R21.d[3] = (uint32_t)(r1 >> 32);
- p->R22.d[1] = (uint32_t)(r2 );
- p->R22.d[3] = (uint32_t)(r2 >> 32);
-
- /* store pad */
- p->R23.d[1] = U8TO32_LE(key + 16);
- p->R23.d[3] = U8TO32_LE(key + 20);
- p->R24.d[1] = U8TO32_LE(key + 24);
- p->R24.d[3] = U8TO32_LE(key + 28);
-
- /* H = 0 */
- st->H[0] = _mm_setzero_si128();
- st->H[1] = _mm_setzero_si128();
- st->H[2] = _mm_setzero_si128();
- st->H[3] = _mm_setzero_si128();
- st->H[4] = _mm_setzero_si128();
-
- st->started = 0;
- st->leftover = 0;
+Poly1305Init(poly1305_state *state, const unsigned char key[32])
+{
+ poly1305_state_internal *st = poly1305_aligned_state(state);
+ poly1305_power *p;
+ uint64_t r0, r1, r2;
+ uint64_t t0, t1;
+
+ /* clamp key */
+ t0 = U8TO64_LE(key + 0);
+ t1 = U8TO64_LE(key + 8);
+ r0 = t0 & 0xffc0fffffff;
+ t0 >>= 44;
+ t0 |= t1 << 20;
+ r1 = t0 & 0xfffffc0ffff;
+ t1 >>= 24;
+ r2 = t1 & 0x00ffffffc0f;
+
+ /* store r in un-used space of st->P[1] */
+ p = &st->P[1];
+ p->R20.d[1] = (uint32_t)(r0);
+ p->R20.d[3] = (uint32_t)(r0 >> 32);
+ p->R21.d[1] = (uint32_t)(r1);
+ p->R21.d[3] = (uint32_t)(r1 >> 32);
+ p->R22.d[1] = (uint32_t)(r2);
+ p->R22.d[3] = (uint32_t)(r2 >> 32);
+
+ /* store pad */
+ p->R23.d[1] = U8TO32_LE(key + 16);
+ p->R23.d[3] = U8TO32_LE(key + 20);
+ p->R24.d[1] = U8TO32_LE(key + 24);
+ p->R24.d[3] = U8TO32_LE(key + 28);
+
+ /* H = 0 */
+ st->H[0] = _mm_setzero_si128();
+ st->H[1] = _mm_setzero_si128();
+ st->H[2] = _mm_setzero_si128();
+ st->H[3] = _mm_setzero_si128();
+ st->H[4] = _mm_setzero_si128();
+
+ st->started = 0;
+ st->leftover = 0;
}
static void
-poly1305_first_block(poly1305_state_internal *st, const uint8_t *m) {
- const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
- const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5);
- const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128);
- xmmi T5,T6;
- poly1305_power *p;
- uint128_t d[3];
- uint64_t r0,r1,r2;
- uint64_t r20,r21,r22,s22;
- uint64_t pad0,pad1;
- uint64_t c;
- uint64_t i;
-
- /* pull out stored info */
- p = &st->P[1];
-
- r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
- r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
- r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
- pad0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1];
- pad1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1];
-
- /* compute powers r^2,r^4 */
- r20 = r0;
- r21 = r1;
- r22 = r2;
- for (i = 0; i < 2; i++) {
- s22 = r22 * (5 << 2);
-
- d[0] = add128(mul64x64_128(r20, r20), mul64x64_128(r21 * 2, s22));
- d[1] = add128(mul64x64_128(r22, s22), mul64x64_128(r20 * 2, r21));
- d[2] = add128(mul64x64_128(r21, r21), mul64x64_128(r22 * 2, r20));
-
- r20 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44);
- d[1] = add128_64(d[1], c); r21 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44);
- d[2] = add128_64(d[2], c); r22 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42);
- r20 += c * 5; c = (r20 >> 44); r20 = r20 & 0xfffffffffff;
- r21 += c;
-
- p->R20.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)( r20 ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0));
- p->R21.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r20 >> 26) | (r21 << 18)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0));
- p->R22.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 8) ) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0));
- p->R23.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 34) | (r22 << 10)) & 0x3ffffff), _MM_SHUFFLE(1,0,1,0));
- p->R24.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r22 >> 16) ) ), _MM_SHUFFLE(1,0,1,0));
- p->S21.v = _mm_mul_epu32(p->R21.v, FIVE);
- p->S22.v = _mm_mul_epu32(p->R22.v, FIVE);
- p->S23.v = _mm_mul_epu32(p->R23.v, FIVE);
- p->S24.v = _mm_mul_epu32(p->R24.v, FIVE);
- p--;
- }
-
- /* put saved info back */
- p = &st->P[1];
- p->R20.d[1] = (uint32_t)(r0 );
- p->R20.d[3] = (uint32_t)(r0 >> 32);
- p->R21.d[1] = (uint32_t)(r1 );
- p->R21.d[3] = (uint32_t)(r1 >> 32);
- p->R22.d[1] = (uint32_t)(r2 );
- p->R22.d[3] = (uint32_t)(r2 >> 32);
- p->R23.d[1] = (uint32_t)(pad0 );
- p->R23.d[3] = (uint32_t)(pad0 >> 32);
- p->R24.d[1] = (uint32_t)(pad1 );
- p->R24.d[3] = (uint32_t)(pad1 >> 32);
-
- /* H = [Mx,My] */
- T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
- T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
- st->H[0] = _mm_and_si128(MMASK, T5);
- st->H[1] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
- st->H[2] = _mm_and_si128(MMASK, T5);
- st->H[3] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- st->H[4] = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+poly1305_first_block(poly1305_state_internal *st, const uint8_t *m)
+{
+ const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
+ const xmmi FIVE = _mm_load_si128((xmmi *)poly1305_x64_sse2_5);
+ const xmmi HIBIT = _mm_load_si128((xmmi *)poly1305_x64_sse2_1shl128);
+ xmmi T5, T6;
+ poly1305_power *p;
+ uint128_t d[3];
+ uint64_t r0, r1, r2;
+ uint64_t r20, r21, r22, s22;
+ uint64_t pad0, pad1;
+ uint64_t c;
+ uint64_t i;
+
+ /* pull out stored info */
+ p = &st->P[1];
+
+ r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
+ r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
+ r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
+ pad0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1];
+ pad1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1];
+
+ /* compute powers r^2,r^4 */
+ r20 = r0;
+ r21 = r1;
+ r22 = r2;
+ for (i = 0; i < 2; i++) {
+ s22 = r22 * (5 << 2);
+
+ d[0] = add128(mul64x64_128(r20, r20), mul64x64_128(r21 * 2, s22));
+ d[1] = add128(mul64x64_128(r22, s22), mul64x64_128(r20 * 2, r21));
+ d[2] = add128(mul64x64_128(r21, r21), mul64x64_128(r22 * 2, r20));
+
+ r20 = lo128(d[0]) & 0xfffffffffff;
+ c = shr128(d[0], 44);
+ d[1] = add128_64(d[1], c);
+ r21 = lo128(d[1]) & 0xfffffffffff;
+ c = shr128(d[1], 44);
+ d[2] = add128_64(d[2], c);
+ r22 = lo128(d[2]) & 0x3ffffffffff;
+ c = shr128(d[2], 42);
+ r20 += c * 5;
+ c = (r20 >> 44);
+ r20 = r20 & 0xfffffffffff;
+ r21 += c;
+
+ p->R20.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)(r20)&0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+ p->R21.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r20 >> 26) | (r21 << 18)) & 0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+ p->R22.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 8)) & 0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+ p->R23.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 34) | (r22 << 10)) & 0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+ p->R24.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r22 >> 16))), _MM_SHUFFLE(1, 0, 1, 0));
+ p->S21.v = _mm_mul_epu32(p->R21.v, FIVE);
+ p->S22.v = _mm_mul_epu32(p->R22.v, FIVE);
+ p->S23.v = _mm_mul_epu32(p->R23.v, FIVE);
+ p->S24.v = _mm_mul_epu32(p->R24.v, FIVE);
+ p--;
+ }
+
+ /* put saved info back */
+ p = &st->P[1];
+ p->R20.d[1] = (uint32_t)(r0);
+ p->R20.d[3] = (uint32_t)(r0 >> 32);
+ p->R21.d[1] = (uint32_t)(r1);
+ p->R21.d[3] = (uint32_t)(r1 >> 32);
+ p->R22.d[1] = (uint32_t)(r2);
+ p->R22.d[3] = (uint32_t)(r2 >> 32);
+ p->R23.d[1] = (uint32_t)(pad0);
+ p->R23.d[3] = (uint32_t)(pad0 >> 32);
+ p->R24.d[1] = (uint32_t)(pad1);
+ p->R24.d[3] = (uint32_t)(pad1 >> 32);
+
+ /* H = [Mx,My] */
+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
+ st->H[0] = _mm_and_si128(MMASK, T5);
+ st->H[1] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+ st->H[2] = _mm_and_si128(MMASK, T5);
+ st->H[3] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ st->H[4] = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
}
static void
-poly1305_blocks(poly1305_state_internal *st, const uint8_t *m, size_t bytes) {
- const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
- const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5);
- const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128);
-
- poly1305_power *p;
- xmmi H0,H1,H2,H3,H4;
- xmmi T0,T1,T2,T3,T4,T5,T6;
- xmmi M0,M1,M2,M3,M4;
- xmmi C1,C2;
-
- H0 = st->H[0];
- H1 = st->H[1];
- H2 = st->H[2];
- H3 = st->H[3];
- H4 = st->H[4];
-
- while (bytes >= 64) {
- /* H *= [r^4,r^4] */
- p = &st->P[0];
- T0 = _mm_mul_epu32(H0, p->R20.v);
- T1 = _mm_mul_epu32(H0, p->R21.v);
- T2 = _mm_mul_epu32(H0, p->R22.v);
- T3 = _mm_mul_epu32(H0, p->R23.v);
- T4 = _mm_mul_epu32(H0, p->R24.v);
- T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5);
-
- /* H += [Mx,My]*[r^2,r^2] */
- T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
- T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
- M0 = _mm_and_si128(MMASK, T5);
- M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
- M2 = _mm_and_si128(MMASK, T5);
- M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
-
- p = &st->P[1];
- T5 = _mm_mul_epu32(M0, p->R20.v); T6 = _mm_mul_epu32(M0, p->R21.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(M1, p->S24.v); T6 = _mm_mul_epu32(M1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(M2, p->S23.v); T6 = _mm_mul_epu32(M2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(M3, p->S22.v); T6 = _mm_mul_epu32(M3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(M4, p->S21.v); T6 = _mm_mul_epu32(M4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(M0, p->R22.v); T6 = _mm_mul_epu32(M0, p->R23.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(M1, p->R21.v); T6 = _mm_mul_epu32(M1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(M2, p->R20.v); T6 = _mm_mul_epu32(M2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(M3, p->S24.v); T6 = _mm_mul_epu32(M3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(M4, p->S23.v); T6 = _mm_mul_epu32(M4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(M0, p->R24.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(M1, p->R23.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(M2, p->R22.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(M3, p->R21.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(M4, p->R20.v); T4 = _mm_add_epi64(T4, T5);
-
- /* H += [Mx,My] */
- T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 32)), _mm_loadl_epi64((xmmi *)(m + 48)));
- T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 40)), _mm_loadl_epi64((xmmi *)(m + 56)));
- M0 = _mm_and_si128(MMASK, T5);
- M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
- M2 = _mm_and_si128(MMASK, T5);
- M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
-
- T0 = _mm_add_epi64(T0, M0);
- T1 = _mm_add_epi64(T1, M1);
- T2 = _mm_add_epi64(T2, M2);
- T3 = _mm_add_epi64(T3, M3);
- T4 = _mm_add_epi64(T4, M4);
-
- /* reduce */
- C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2);
- C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
- C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2);
- C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1);
-
- /* H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx,My]) */
- H0 = T0;
- H1 = T1;
- H2 = T2;
- H3 = T3;
- H4 = T4;
-
- m += 64;
- bytes -= 64;
- }
-
- st->H[0] = H0;
- st->H[1] = H1;
- st->H[2] = H2;
- st->H[3] = H3;
- st->H[4] = H4;
+poly1305_blocks(poly1305_state_internal *st, const uint8_t *m, size_t bytes)
+{
+ const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
+ const xmmi FIVE = _mm_load_si128((xmmi *)poly1305_x64_sse2_5);
+ const xmmi HIBIT = _mm_load_si128((xmmi *)poly1305_x64_sse2_1shl128);
+
+ poly1305_power *p;
+ xmmi H0, H1, H2, H3, H4;
+ xmmi T0, T1, T2, T3, T4, T5, T6;
+ xmmi M0, M1, M2, M3, M4;
+ xmmi C1, C2;
+
+ H0 = st->H[0];
+ H1 = st->H[1];
+ H2 = st->H[2];
+ H3 = st->H[3];
+ H4 = st->H[4];
+
+ while (bytes >= 64) {
+ /* H *= [r^4,r^4] */
+ p = &st->P[0];
+ T0 = _mm_mul_epu32(H0, p->R20.v);
+ T1 = _mm_mul_epu32(H0, p->R21.v);
+ T2 = _mm_mul_epu32(H0, p->R22.v);
+ T3 = _mm_mul_epu32(H0, p->R23.v);
+ T4 = _mm_mul_epu32(H0, p->R24.v);
+ T5 = _mm_mul_epu32(H1, p->S24.v);
+ T6 = _mm_mul_epu32(H1, p->R20.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H2, p->S23.v);
+ T6 = _mm_mul_epu32(H2, p->S24.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H3, p->S22.v);
+ T6 = _mm_mul_epu32(H3, p->S23.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H4, p->S21.v);
+ T6 = _mm_mul_epu32(H4, p->S22.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H1, p->R21.v);
+ T6 = _mm_mul_epu32(H1, p->R22.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H2, p->R20.v);
+ T6 = _mm_mul_epu32(H2, p->R21.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H3, p->S24.v);
+ T6 = _mm_mul_epu32(H3, p->R20.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H4, p->S23.v);
+ T6 = _mm_mul_epu32(H4, p->S24.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H1, p->R23.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H2, p->R22.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H3, p->R21.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H4, p->R20.v);
+ T4 = _mm_add_epi64(T4, T5);
+
+ /* H += [Mx,My]*[r^2,r^2] */
+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
+ M0 = _mm_and_si128(MMASK, T5);
+ M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+ M2 = _mm_and_si128(MMASK, T5);
+ M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+
+ p = &st->P[1];
+ T5 = _mm_mul_epu32(M0, p->R20.v);
+ T6 = _mm_mul_epu32(M0, p->R21.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(M1, p->S24.v);
+ T6 = _mm_mul_epu32(M1, p->R20.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(M2, p->S23.v);
+ T6 = _mm_mul_epu32(M2, p->S24.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(M3, p->S22.v);
+ T6 = _mm_mul_epu32(M3, p->S23.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(M4, p->S21.v);
+ T6 = _mm_mul_epu32(M4, p->S22.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(M0, p->R22.v);
+ T6 = _mm_mul_epu32(M0, p->R23.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(M1, p->R21.v);
+ T6 = _mm_mul_epu32(M1, p->R22.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(M2, p->R20.v);
+ T6 = _mm_mul_epu32(M2, p->R21.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(M3, p->S24.v);
+ T6 = _mm_mul_epu32(M3, p->R20.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(M4, p->S23.v);
+ T6 = _mm_mul_epu32(M4, p->S24.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(M0, p->R24.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(M1, p->R23.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(M2, p->R22.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(M3, p->R21.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(M4, p->R20.v);
+ T4 = _mm_add_epi64(T4, T5);
+
+ /* H += [Mx,My] */
+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 32)), _mm_loadl_epi64((xmmi *)(m + 48)));
+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 40)), _mm_loadl_epi64((xmmi *)(m + 56)));
+ M0 = _mm_and_si128(MMASK, T5);
+ M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+ M2 = _mm_and_si128(MMASK, T5);
+ M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+
+ T0 = _mm_add_epi64(T0, M0);
+ T1 = _mm_add_epi64(T1, M1);
+ T2 = _mm_add_epi64(T2, M2);
+ T3 = _mm_add_epi64(T3, M3);
+ T4 = _mm_add_epi64(T4, M4);
+
+ /* reduce */
+ C1 = _mm_srli_epi64(T0, 26);
+ C2 = _mm_srli_epi64(T3, 26);
+ T0 = _mm_and_si128(T0, MMASK);
+ T3 = _mm_and_si128(T3, MMASK);
+ T1 = _mm_add_epi64(T1, C1);
+ T4 = _mm_add_epi64(T4, C2);
+ C1 = _mm_srli_epi64(T1, 26);
+ C2 = _mm_srli_epi64(T4, 26);
+ T1 = _mm_and_si128(T1, MMASK);
+ T4 = _mm_and_si128(T4, MMASK);
+ T2 = _mm_add_epi64(T2, C1);
+ T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
+ C1 = _mm_srli_epi64(T2, 26);
+ C2 = _mm_srli_epi64(T0, 26);
+ T2 = _mm_and_si128(T2, MMASK);
+ T0 = _mm_and_si128(T0, MMASK);
+ T3 = _mm_add_epi64(T3, C1);
+ T1 = _mm_add_epi64(T1, C2);
+ C1 = _mm_srli_epi64(T3, 26);
+ T3 = _mm_and_si128(T3, MMASK);
+ T4 = _mm_add_epi64(T4, C1);
+
+ /* H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx,My]) */
+ H0 = T0;
+ H1 = T1;
+ H2 = T2;
+ H3 = T3;
+ H4 = T4;
+
+ m += 64;
+ bytes -= 64;
+ }
+
+ st->H[0] = H0;
+ st->H[1] = H1;
+ st->H[2] = H2;
+ st->H[3] = H3;
+ st->H[4] = H4;
}
static size_t
-poly1305_combine(poly1305_state_internal *st, const uint8_t *m, size_t bytes) {
- const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
- const xmmi HIBIT = _mm_load_si128((xmmi*)poly1305_x64_sse2_1shl128);
- const xmmi FIVE = _mm_load_si128((xmmi*)poly1305_x64_sse2_5);
-
- poly1305_power *p;
- xmmi H0,H1,H2,H3,H4;
- xmmi M0,M1,M2,M3,M4;
- xmmi T0,T1,T2,T3,T4,T5,T6;
- xmmi C1,C2;
-
- uint64_t r0,r1,r2;
- uint64_t t0,t1,t2,t3,t4;
- uint64_t c;
- size_t consumed = 0;
-
- H0 = st->H[0];
- H1 = st->H[1];
- H2 = st->H[2];
- H3 = st->H[3];
- H4 = st->H[4];
-
- /* p = [r^2,r^2] */
- p = &st->P[1];
-
- if (bytes >= 32) {
- /* H *= [r^2,r^2] */
- T0 = _mm_mul_epu32(H0, p->R20.v);
- T1 = _mm_mul_epu32(H0, p->R21.v);
- T2 = _mm_mul_epu32(H0, p->R22.v);
- T3 = _mm_mul_epu32(H0, p->R23.v);
- T4 = _mm_mul_epu32(H0, p->R24.v);
- T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5);
-
- /* H += [Mx,My] */
- T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
- T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
- M0 = _mm_and_si128(MMASK, T5);
- M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
- M2 = _mm_and_si128(MMASK, T5);
- M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
- M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
-
- T0 = _mm_add_epi64(T0, M0);
- T1 = _mm_add_epi64(T1, M1);
- T2 = _mm_add_epi64(T2, M2);
- T3 = _mm_add_epi64(T3, M3);
- T4 = _mm_add_epi64(T4, M4);
-
- /* reduce */
- C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2);
- C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
- C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2);
- C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1);
-
- /* H = (H*[r^2,r^2] + [Mx,My]) */
- H0 = T0;
- H1 = T1;
- H2 = T2;
- H3 = T3;
- H4 = T4;
-
- consumed = 32;
- }
-
- /* finalize, H *= [r^2,r] */
- r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
- r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
- r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
-
- p->R20.d[2] = (uint32_t)( r0 ) & 0x3ffffff;
- p->R21.d[2] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff;
- p->R22.d[2] = (uint32_t)((r1 >> 8) ) & 0x3ffffff;
- p->R23.d[2] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff;
- p->R24.d[2] = (uint32_t)((r2 >> 16) ) ;
- p->S21.d[2] = p->R21.d[2] * 5;
- p->S22.d[2] = p->R22.d[2] * 5;
- p->S23.d[2] = p->R23.d[2] * 5;
- p->S24.d[2] = p->R24.d[2] * 5;
-
- /* H *= [r^2,r] */
- T0 = _mm_mul_epu32(H0, p->R20.v);
- T1 = _mm_mul_epu32(H0, p->R21.v);
- T2 = _mm_mul_epu32(H0, p->R22.v);
- T3 = _mm_mul_epu32(H0, p->R23.v);
- T4 = _mm_mul_epu32(H0, p->R24.v);
- T5 = _mm_mul_epu32(H1, p->S24.v); T6 = _mm_mul_epu32(H1, p->R20.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H2, p->S23.v); T6 = _mm_mul_epu32(H2, p->S24.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H3, p->S22.v); T6 = _mm_mul_epu32(H3, p->S23.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H4, p->S21.v); T6 = _mm_mul_epu32(H4, p->S22.v); T0 = _mm_add_epi64(T0, T5); T1 = _mm_add_epi64(T1, T6);
- T5 = _mm_mul_epu32(H1, p->R21.v); T6 = _mm_mul_epu32(H1, p->R22.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H2, p->R20.v); T6 = _mm_mul_epu32(H2, p->R21.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H3, p->S24.v); T6 = _mm_mul_epu32(H3, p->R20.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H4, p->S23.v); T6 = _mm_mul_epu32(H4, p->S24.v); T2 = _mm_add_epi64(T2, T5); T3 = _mm_add_epi64(T3, T6);
- T5 = _mm_mul_epu32(H1, p->R23.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H2, p->R22.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H3, p->R21.v); T4 = _mm_add_epi64(T4, T5);
- T5 = _mm_mul_epu32(H4, p->R20.v); T4 = _mm_add_epi64(T4, T5);
-
- C1 = _mm_srli_epi64(T0, 26); C2 = _mm_srli_epi64(T3, 26); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_and_si128(T3, MMASK); T1 = _mm_add_epi64(T1, C1); T4 = _mm_add_epi64(T4, C2);
- C1 = _mm_srli_epi64(T1, 26); C2 = _mm_srli_epi64(T4, 26); T1 = _mm_and_si128(T1, MMASK); T4 = _mm_and_si128(T4, MMASK); T2 = _mm_add_epi64(T2, C1); T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
- C1 = _mm_srli_epi64(T2, 26); C2 = _mm_srli_epi64(T0, 26); T2 = _mm_and_si128(T2, MMASK); T0 = _mm_and_si128(T0, MMASK); T3 = _mm_add_epi64(T3, C1); T1 = _mm_add_epi64(T1, C2);
- C1 = _mm_srli_epi64(T3, 26); T3 = _mm_and_si128(T3, MMASK); T4 = _mm_add_epi64(T4, C1);
-
- /* H = H[0]+H[1] */
- H0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8));
- H1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8));
- H2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8));
- H3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8));
- H4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8));
-
- t0 = _mm_cvtsi128_si32(H0) ; c = (t0 >> 26); t0 &= 0x3ffffff;
- t1 = _mm_cvtsi128_si32(H1) + c; c = (t1 >> 26); t1 &= 0x3ffffff;
- t2 = _mm_cvtsi128_si32(H2) + c; c = (t2 >> 26); t2 &= 0x3ffffff;
- t3 = _mm_cvtsi128_si32(H3) + c; c = (t3 >> 26); t3 &= 0x3ffffff;
- t4 = _mm_cvtsi128_si32(H4) + c; c = (t4 >> 26); t4 &= 0x3ffffff;
- t0 = t0 + (c * 5); c = (t0 >> 26); t0 &= 0x3ffffff;
- t1 = t1 + c;
-
- st->HH[0] = ((t0 ) | (t1 << 26) ) & 0xfffffffffffull;
- st->HH[1] = ((t1 >> 18) | (t2 << 8) | (t3 << 34)) & 0xfffffffffffull;
- st->HH[2] = ((t3 >> 10) | (t4 << 16) ) & 0x3ffffffffffull;
-
- return consumed;
+poly1305_combine(poly1305_state_internal *st, const uint8_t *m, size_t bytes)
+{
+ const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
+ const xmmi HIBIT = _mm_load_si128((xmmi *)poly1305_x64_sse2_1shl128);
+ const xmmi FIVE = _mm_load_si128((xmmi *)poly1305_x64_sse2_5);
+
+ poly1305_power *p;
+ xmmi H0, H1, H2, H3, H4;
+ xmmi M0, M1, M2, M3, M4;
+ xmmi T0, T1, T2, T3, T4, T5, T6;
+ xmmi C1, C2;
+
+ uint64_t r0, r1, r2;
+ uint64_t t0, t1, t2, t3, t4;
+ uint64_t c;
+ size_t consumed = 0;
+
+ H0 = st->H[0];
+ H1 = st->H[1];
+ H2 = st->H[2];
+ H3 = st->H[3];
+ H4 = st->H[4];
+
+ /* p = [r^2,r^2] */
+ p = &st->P[1];
+
+ if (bytes >= 32) {
+ /* H *= [r^2,r^2] */
+ T0 = _mm_mul_epu32(H0, p->R20.v);
+ T1 = _mm_mul_epu32(H0, p->R21.v);
+ T2 = _mm_mul_epu32(H0, p->R22.v);
+ T3 = _mm_mul_epu32(H0, p->R23.v);
+ T4 = _mm_mul_epu32(H0, p->R24.v);
+ T5 = _mm_mul_epu32(H1, p->S24.v);
+ T6 = _mm_mul_epu32(H1, p->R20.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H2, p->S23.v);
+ T6 = _mm_mul_epu32(H2, p->S24.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H3, p->S22.v);
+ T6 = _mm_mul_epu32(H3, p->S23.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H4, p->S21.v);
+ T6 = _mm_mul_epu32(H4, p->S22.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H1, p->R21.v);
+ T6 = _mm_mul_epu32(H1, p->R22.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H2, p->R20.v);
+ T6 = _mm_mul_epu32(H2, p->R21.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H3, p->S24.v);
+ T6 = _mm_mul_epu32(H3, p->R20.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H4, p->S23.v);
+ T6 = _mm_mul_epu32(H4, p->S24.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H1, p->R23.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H2, p->R22.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H3, p->R21.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H4, p->R20.v);
+ T4 = _mm_add_epi64(T4, T5);
+
+ /* H += [Mx,My] */
+ T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
+ T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
+ M0 = _mm_and_si128(MMASK, T5);
+ M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+ M2 = _mm_and_si128(MMASK, T5);
+ M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+ M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+
+ T0 = _mm_add_epi64(T0, M0);
+ T1 = _mm_add_epi64(T1, M1);
+ T2 = _mm_add_epi64(T2, M2);
+ T3 = _mm_add_epi64(T3, M3);
+ T4 = _mm_add_epi64(T4, M4);
+
+ /* reduce */
+ C1 = _mm_srli_epi64(T0, 26);
+ C2 = _mm_srli_epi64(T3, 26);
+ T0 = _mm_and_si128(T0, MMASK);
+ T3 = _mm_and_si128(T3, MMASK);
+ T1 = _mm_add_epi64(T1, C1);
+ T4 = _mm_add_epi64(T4, C2);
+ C1 = _mm_srli_epi64(T1, 26);
+ C2 = _mm_srli_epi64(T4, 26);
+ T1 = _mm_and_si128(T1, MMASK);
+ T4 = _mm_and_si128(T4, MMASK);
+ T2 = _mm_add_epi64(T2, C1);
+ T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
+ C1 = _mm_srli_epi64(T2, 26);
+ C2 = _mm_srli_epi64(T0, 26);
+ T2 = _mm_and_si128(T2, MMASK);
+ T0 = _mm_and_si128(T0, MMASK);
+ T3 = _mm_add_epi64(T3, C1);
+ T1 = _mm_add_epi64(T1, C2);
+ C1 = _mm_srli_epi64(T3, 26);
+ T3 = _mm_and_si128(T3, MMASK);
+ T4 = _mm_add_epi64(T4, C1);
+
+ /* H = (H*[r^2,r^2] + [Mx,My]) */
+ H0 = T0;
+ H1 = T1;
+ H2 = T2;
+ H3 = T3;
+ H4 = T4;
+
+ consumed = 32;
+ }
+
+ /* finalize, H *= [r^2,r] */
+ r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
+ r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
+ r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
+
+ p->R20.d[2] = (uint32_t)(r0)&0x3ffffff;
+ p->R21.d[2] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff;
+ p->R22.d[2] = (uint32_t)((r1 >> 8)) & 0x3ffffff;
+ p->R23.d[2] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff;
+ p->R24.d[2] = (uint32_t)((r2 >> 16));
+ p->S21.d[2] = p->R21.d[2] * 5;
+ p->S22.d[2] = p->R22.d[2] * 5;
+ p->S23.d[2] = p->R23.d[2] * 5;
+ p->S24.d[2] = p->R24.d[2] * 5;
+
+ /* H *= [r^2,r] */
+ T0 = _mm_mul_epu32(H0, p->R20.v);
+ T1 = _mm_mul_epu32(H0, p->R21.v);
+ T2 = _mm_mul_epu32(H0, p->R22.v);
+ T3 = _mm_mul_epu32(H0, p->R23.v);
+ T4 = _mm_mul_epu32(H0, p->R24.v);
+ T5 = _mm_mul_epu32(H1, p->S24.v);
+ T6 = _mm_mul_epu32(H1, p->R20.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H2, p->S23.v);
+ T6 = _mm_mul_epu32(H2, p->S24.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H3, p->S22.v);
+ T6 = _mm_mul_epu32(H3, p->S23.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H4, p->S21.v);
+ T6 = _mm_mul_epu32(H4, p->S22.v);
+ T0 = _mm_add_epi64(T0, T5);
+ T1 = _mm_add_epi64(T1, T6);
+ T5 = _mm_mul_epu32(H1, p->R21.v);
+ T6 = _mm_mul_epu32(H1, p->R22.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H2, p->R20.v);
+ T6 = _mm_mul_epu32(H2, p->R21.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H3, p->S24.v);
+ T6 = _mm_mul_epu32(H3, p->R20.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H4, p->S23.v);
+ T6 = _mm_mul_epu32(H4, p->S24.v);
+ T2 = _mm_add_epi64(T2, T5);
+ T3 = _mm_add_epi64(T3, T6);
+ T5 = _mm_mul_epu32(H1, p->R23.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H2, p->R22.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H3, p->R21.v);
+ T4 = _mm_add_epi64(T4, T5);
+ T5 = _mm_mul_epu32(H4, p->R20.v);
+ T4 = _mm_add_epi64(T4, T5);
+
+ C1 = _mm_srli_epi64(T0, 26);
+ C2 = _mm_srli_epi64(T3, 26);
+ T0 = _mm_and_si128(T0, MMASK);
+ T3 = _mm_and_si128(T3, MMASK);
+ T1 = _mm_add_epi64(T1, C1);
+ T4 = _mm_add_epi64(T4, C2);
+ C1 = _mm_srli_epi64(T1, 26);
+ C2 = _mm_srli_epi64(T4, 26);
+ T1 = _mm_and_si128(T1, MMASK);
+ T4 = _mm_and_si128(T4, MMASK);
+ T2 = _mm_add_epi64(T2, C1);
+ T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
+ C1 = _mm_srli_epi64(T2, 26);
+ C2 = _mm_srli_epi64(T0, 26);
+ T2 = _mm_and_si128(T2, MMASK);
+ T0 = _mm_and_si128(T0, MMASK);
+ T3 = _mm_add_epi64(T3, C1);
+ T1 = _mm_add_epi64(T1, C2);
+ C1 = _mm_srli_epi64(T3, 26);
+ T3 = _mm_and_si128(T3, MMASK);
+ T4 = _mm_add_epi64(T4, C1);
+
+ /* H = H[0]+H[1] */
+ H0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8));
+ H1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8));
+ H2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8));
+ H3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8));
+ H4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8));
+
+ t0 = _mm_cvtsi128_si32(H0);
+ c = (t0 >> 26);
+ t0 &= 0x3ffffff;
+ t1 = _mm_cvtsi128_si32(H1) + c;
+ c = (t1 >> 26);
+ t1 &= 0x3ffffff;
+ t2 = _mm_cvtsi128_si32(H2) + c;
+ c = (t2 >> 26);
+ t2 &= 0x3ffffff;
+ t3 = _mm_cvtsi128_si32(H3) + c;
+ c = (t3 >> 26);
+ t3 &= 0x3ffffff;
+ t4 = _mm_cvtsi128_si32(H4) + c;
+ c = (t4 >> 26);
+ t4 &= 0x3ffffff;
+ t0 = t0 + (c * 5);
+ c = (t0 >> 26);
+ t0 &= 0x3ffffff;
+ t1 = t1 + c;
+
+ st->HH[0] = ((t0) | (t1 << 26)) & 0xfffffffffffull;
+ st->HH[1] = ((t1 >> 18) | (t2 << 8) | (t3 << 34)) & 0xfffffffffffull;
+ st->HH[2] = ((t3 >> 10) | (t4 << 16)) & 0x3ffffffffffull;
+
+ return consumed;
}
void
-Poly1305Update(poly1305_state *state, const unsigned char *m, size_t bytes) {
- poly1305_state_internal *st = poly1305_aligned_state(state);
- size_t want;
-
- /* need at least 32 initial bytes to start the accelerated branch */
- if (!st->started) {
- if ((st->leftover == 0) && (bytes > 32)) {
- poly1305_first_block(st, m);
- m += 32;
- bytes -= 32;
- } else {
- want = poly1305_min(32 - st->leftover, bytes);
- poly1305_block_copy(st->buffer + st->leftover, m, want);
- bytes -= want;
- m += want;
- st->leftover += want;
- if ((st->leftover < 32) || (bytes == 0))
- return;
- poly1305_first_block(st, st->buffer);
- st->leftover = 0;
- }
- st->started = 1;
- }
-
- /* handle leftover */
- if (st->leftover) {
- want = poly1305_min(64 - st->leftover, bytes);
- poly1305_block_copy(st->buffer + st->leftover, m, want);
- bytes -= want;
- m += want;
- st->leftover += want;
- if (st->leftover < 64)
- return;
- poly1305_blocks(st, st->buffer, 64);
- st->leftover = 0;
- }
-
- /* process 64 byte blocks */
- if (bytes >= 64) {
- want = (bytes & ~63);
- poly1305_blocks(st, m, want);
- m += want;
- bytes -= want;
- }
-
- if (bytes) {
- poly1305_block_copy(st->buffer + st->leftover, m, bytes);
- st->leftover += bytes;
- }
+Poly1305Update(poly1305_state *state, const unsigned char *m, size_t bytes)
+{
+ poly1305_state_internal *st = poly1305_aligned_state(state);
+ size_t want;
+
+ /* need at least 32 initial bytes to start the accelerated branch */
+ if (!st->started) {
+ if ((st->leftover == 0) && (bytes > 32)) {
+ poly1305_first_block(st, m);
+ m += 32;
+ bytes -= 32;
+ } else {
+ want = poly1305_min(32 - st->leftover, bytes);
+ poly1305_block_copy(st->buffer + st->leftover, m, want);
+ bytes -= want;
+ m += want;
+ st->leftover += want;
+ if ((st->leftover < 32) || (bytes == 0))
+ return;
+ poly1305_first_block(st, st->buffer);
+ st->leftover = 0;
+ }
+ st->started = 1;
+ }
+
+ /* handle leftover */
+ if (st->leftover) {
+ want = poly1305_min(64 - st->leftover, bytes);
+ poly1305_block_copy(st->buffer + st->leftover, m, want);
+ bytes -= want;
+ m += want;
+ st->leftover += want;
+ if (st->leftover < 64)
+ return;
+ poly1305_blocks(st, st->buffer, 64);
+ st->leftover = 0;
+ }
+
+ /* process 64 byte blocks */
+ if (bytes >= 64) {
+ want = (bytes & ~63);
+ poly1305_blocks(st, m, want);
+ m += want;
+ bytes -= want;
+ }
+
+ if (bytes) {
+ poly1305_block_copy(st->buffer + st->leftover, m, bytes);
+ st->leftover += bytes;
+ }
}
void
-Poly1305Finish(poly1305_state *state, unsigned char mac[16]) {
- poly1305_state_internal *st = poly1305_aligned_state(state);
- size_t leftover = st->leftover;
- uint8_t *m = st->buffer;
- uint128_t d[3];
- uint64_t h0,h1,h2;
- uint64_t t0,t1;
- uint64_t g0,g1,g2,c,nc;
- uint64_t r0,r1,r2,s1,s2;
- poly1305_power *p;
-
- if (st->started) {
- size_t consumed = poly1305_combine(st, m, leftover);
- leftover -= consumed;
- m += consumed;
- }
-
- /* st->HH will either be 0 or have the combined result */
- h0 = st->HH[0];
- h1 = st->HH[1];
- h2 = st->HH[2];
-
- p = &st->P[1];
- r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
- r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
- r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
- s1 = r1 * (5 << 2);
- s2 = r2 * (5 << 2);
-
- if (leftover < 16)
- goto poly1305_donna_atmost15bytes;
+Poly1305Finish(poly1305_state *state, unsigned char mac[16])
+{
+ poly1305_state_internal *st = poly1305_aligned_state(state);
+ size_t leftover = st->leftover;
+ uint8_t *m = st->buffer;
+ uint128_t d[3];
+ uint64_t h0, h1, h2;
+ uint64_t t0, t1;
+ uint64_t g0, g1, g2, c, nc;
+ uint64_t r0, r1, r2, s1, s2;
+ poly1305_power *p;
+
+ if (st->started) {
+ size_t consumed = poly1305_combine(st, m, leftover);
+ leftover -= consumed;
+ m += consumed;
+ }
+
+ /* st->HH will either be 0 or have the combined result */
+ h0 = st->HH[0];
+ h1 = st->HH[1];
+ h2 = st->HH[2];
+
+ p = &st->P[1];
+ r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
+ r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
+ r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
+ s1 = r1 * (5 << 2);
+ s2 = r2 * (5 << 2);
+
+ if (leftover < 16)
+ goto poly1305_donna_atmost15bytes;
poly1305_donna_atleast16bytes:
- t0 = U8TO64_LE(m + 0);
- t1 = U8TO64_LE(m + 8);
- h0 += t0 & 0xfffffffffff;
- t0 = shr128_pair(t1, t0, 44);
- h1 += t0 & 0xfffffffffff;
- h2 += (t1 >> 24) | ((uint64_t)1 << 40);
+ t0 = U8TO64_LE(m + 0);
+ t1 = U8TO64_LE(m + 8);
+ h0 += t0 & 0xfffffffffff;
+ t0 = shr128_pair(t1, t0, 44);
+ h1 += t0 & 0xfffffffffff;
+ h2 += (t1 >> 24) | ((uint64_t)1 << 40);
poly1305_donna_mul:
- d[0] = add128(add128(mul64x64_128(h0, r0), mul64x64_128(h1, s2)), mul64x64_128(h2, s1));
- d[1] = add128(add128(mul64x64_128(h0, r1), mul64x64_128(h1, r0)), mul64x64_128(h2, s2));
- d[2] = add128(add128(mul64x64_128(h0, r2), mul64x64_128(h1, r1)), mul64x64_128(h2, r0));
- h0 = lo128(d[0]) & 0xfffffffffff; c = shr128(d[0], 44);
- d[1] = add128_64(d[1], c); h1 = lo128(d[1]) & 0xfffffffffff; c = shr128(d[1], 44);
- d[2] = add128_64(d[2], c); h2 = lo128(d[2]) & 0x3ffffffffff; c = shr128(d[2], 42);
- h0 += c * 5;
-
- m += 16;
- leftover -= 16;
- if (leftover >= 16) goto poly1305_donna_atleast16bytes;
-
- /* final bytes */
+ d[0] = add128(add128(mul64x64_128(h0, r0), mul64x64_128(h1, s2)), mul64x64_128(h2, s1));
+ d[1] = add128(add128(mul64x64_128(h0, r1), mul64x64_128(h1, r0)), mul64x64_128(h2, s2));
+ d[2] = add128(add128(mul64x64_128(h0, r2), mul64x64_128(h1, r1)), mul64x64_128(h2, r0));
+ h0 = lo128(d[0]) & 0xfffffffffff;
+ c = shr128(d[0], 44);
+ d[1] = add128_64(d[1], c);
+ h1 = lo128(d[1]) & 0xfffffffffff;
+ c = shr128(d[1], 44);
+ d[2] = add128_64(d[2], c);
+ h2 = lo128(d[2]) & 0x3ffffffffff;
+ c = shr128(d[2], 42);
+ h0 += c * 5;
+
+ m += 16;
+ leftover -= 16;
+ if (leftover >= 16)
+ goto poly1305_donna_atleast16bytes;
+
+/* final bytes */
poly1305_donna_atmost15bytes:
- if (!leftover) goto poly1305_donna_finish;
+ if (!leftover)
+ goto poly1305_donna_finish;
- m[leftover++] = 1;
- poly1305_block_zero(m + leftover, 16 - leftover);
- leftover = 16;
+ m[leftover++] = 1;
+ poly1305_block_zero(m + leftover, 16 - leftover);
+ leftover = 16;
- t0 = U8TO64_LE(m+0);
- t1 = U8TO64_LE(m+8);
- h0 += t0 & 0xfffffffffff; t0 = shr128_pair(t1, t0, 44);
- h1 += t0 & 0xfffffffffff;
- h2 += (t1 >> 24);
+ t0 = U8TO64_LE(m + 0);
+ t1 = U8TO64_LE(m + 8);
+ h0 += t0 & 0xfffffffffff;
+ t0 = shr128_pair(t1, t0, 44);
+ h1 += t0 & 0xfffffffffff;
+ h2 += (t1 >> 24);
- goto poly1305_donna_mul;
+ goto poly1305_donna_mul;
poly1305_donna_finish:
- c = (h0 >> 44); h0 &= 0xfffffffffff;
- h1 += c; c = (h1 >> 44); h1 &= 0xfffffffffff;
- h2 += c; c = (h2 >> 42); h2 &= 0x3ffffffffff;
- h0 += c * 5;
-
- g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff;
- g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff;
- g2 = h2 + c - ((uint64_t)1 << 42);
-
- c = (g2 >> 63) - 1;
- nc = ~c;
- h0 = (h0 & nc) | (g0 & c);
- h1 = (h1 & nc) | (g1 & c);
- h2 = (h2 & nc) | (g2 & c);
-
- /* pad */
- t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1];
- t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1];
- h0 += (t0 & 0xfffffffffff) ; c = (h0 >> 44); h0 &= 0xfffffffffff; t0 = shr128_pair(t1, t0, 44);
- h1 += (t0 & 0xfffffffffff) + c; c = (h1 >> 44); h1 &= 0xfffffffffff; t1 = (t1 >> 24);
- h2 += (t1 ) + c;
-
- U64TO8_LE(mac + 0, ((h0 ) | (h1 << 44)));
- U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24)));
+ c = (h0 >> 44);
+ h0 &= 0xfffffffffff;
+ h1 += c;
+ c = (h1 >> 44);
+ h1 &= 0xfffffffffff;
+ h2 += c;
+ c = (h2 >> 42);
+ h2 &= 0x3ffffffffff;
+ h0 += c * 5;
+
+ g0 = h0 + 5;
+ c = (g0 >> 44);
+ g0 &= 0xfffffffffff;
+ g1 = h1 + c;
+ c = (g1 >> 44);
+ g1 &= 0xfffffffffff;
+ g2 = h2 + c - ((uint64_t)1 << 42);
+
+ c = (g2 >> 63) - 1;
+ nc = ~c;
+ h0 = (h0 & nc) | (g0 & c);
+ h1 = (h1 & nc) | (g1 & c);
+ h2 = (h2 & nc) | (g2 & c);
+
+ /* pad */
+ t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1];
+ t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1];
+ h0 += (t0 & 0xfffffffffff);
+ c = (h0 >> 44);
+ h0 &= 0xfffffffffff;
+ t0 = shr128_pair(t1, t0, 44);
+ h1 += (t0 & 0xfffffffffff) + c;
+ c = (h1 >> 44);
+ h1 &= 0xfffffffffff;
+ t1 = (t1 >> 24);
+ h2 += (t1) + c;
+
+ U64TO8_LE(mac + 0, ((h0) | (h1 << 44)));
+ U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24)));
}
diff --git a/lib/freebl/poly1305.c b/lib/freebl/poly1305.c
index da0ab6d78..eb3e3cd55 100644
--- a/lib/freebl/poly1305.c
+++ b/lib/freebl/poly1305.c
@@ -20,242 +20,295 @@ typedef PRUint64 uint64_t;
#if defined(NSS_X86) || defined(NSS_X64)
/* We can assume little-endian. */
-static uint32_t U8TO32_LE(const unsigned char *m) {
- uint32_t r;
- memcpy(&r, m, sizeof(r));
- return r;
+static uint32_t
+U8TO32_LE(const unsigned char *m)
+{
+ uint32_t r;
+ memcpy(&r, m, sizeof(r));
+ return r;
}
-static void U32TO8_LE(unsigned char *m, uint32_t v) {
- memcpy(m, &v, sizeof(v));
+static void
+U32TO8_LE(unsigned char *m, uint32_t v)
+{
+ memcpy(m, &v, sizeof(v));
}
#else
-static uint32_t U8TO32_LE(const unsigned char *m) {
- return (uint32_t)m[0] |
- (uint32_t)m[1] << 8 |
- (uint32_t)m[2] << 16 |
- (uint32_t)m[3] << 24;
+static uint32_t
+U8TO32_LE(const unsigned char *m)
+{
+ return (uint32_t)m[0] |
+ (uint32_t)m[1] << 8 |
+ (uint32_t)m[2] << 16 |
+ (uint32_t)m[3] << 24;
}
-static void U32TO8_LE(unsigned char *m, uint32_t v) {
- m[0] = v;
- m[1] = v >> 8;
- m[2] = v >> 16;
- m[3] = v >> 24;
+static void
+U32TO8_LE(unsigned char *m, uint32_t v)
+{
+ m[0] = v;
+ m[1] = v >> 8;
+ m[2] = v >> 16;
+ m[3] = v >> 24;
}
#endif
static uint64_t
-mul32x32_64(uint32_t a, uint32_t b) {
- return (uint64_t)a * b;
+mul32x32_64(uint32_t a, uint32_t b)
+{
+ return (uint64_t)a * b;
}
struct poly1305_state_st {
- uint32_t r0,r1,r2,r3,r4;
- uint32_t s1,s2,s3,s4;
- uint32_t h0,h1,h2,h3,h4;
- unsigned char buf[16];
- unsigned int buf_used;
- unsigned char key[16];
+ uint32_t r0, r1, r2, r3, r4;
+ uint32_t s1, s2, s3, s4;
+ uint32_t h0, h1, h2, h3, h4;
+ unsigned char buf[16];
+ unsigned int buf_used;
+ unsigned char key[16];
};
/* update updates |state| given some amount of input data. This function may
* only be called with a |len| that is not a multiple of 16 at the end of the
* data. Otherwise the input must be buffered into 16 byte blocks. */
-static void update(struct poly1305_state_st *state, const unsigned char *in,
- size_t len) {
- uint32_t t0,t1,t2,t3;
- uint64_t t[5];
- uint32_t b;
- uint64_t c;
- size_t j;
- unsigned char mp[16];
-
- if (len < 16)
- goto poly1305_donna_atmost15bytes;
+static void
+update(struct poly1305_state_st *state, const unsigned char *in,
+ size_t len)
+{
+ uint32_t t0, t1, t2, t3;
+ uint64_t t[5];
+ uint32_t b;
+ uint64_t c;
+ size_t j;
+ unsigned char mp[16];
+
+ if (len < 16)
+ goto poly1305_donna_atmost15bytes;
poly1305_donna_16bytes:
- t0 = U8TO32_LE(in);
- t1 = U8TO32_LE(in+4);
- t2 = U8TO32_LE(in+8);
- t3 = U8TO32_LE(in+12);
+ t0 = U8TO32_LE(in);
+ t1 = U8TO32_LE(in + 4);
+ t2 = U8TO32_LE(in + 8);
+ t3 = U8TO32_LE(in + 12);
- in += 16;
- len -= 16;
+ in += 16;
+ len -= 16;
- state->h0 += t0 & 0x3ffffff;
- state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
- state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
- state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
- state->h4 += (t3 >> 8) | (1 << 24);
+ state->h0 += t0 & 0x3ffffff;
+ state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
+ state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
+ state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
+ state->h4 += (t3 >> 8) | (1 << 24);
poly1305_donna_mul:
- t[0] = mul32x32_64(state->h0,state->r0) +
- mul32x32_64(state->h1,state->s4) +
- mul32x32_64(state->h2,state->s3) +
- mul32x32_64(state->h3,state->s2) +
- mul32x32_64(state->h4,state->s1);
- t[1] = mul32x32_64(state->h0,state->r1) +
- mul32x32_64(state->h1,state->r0) +
- mul32x32_64(state->h2,state->s4) +
- mul32x32_64(state->h3,state->s3) +
- mul32x32_64(state->h4,state->s2);
- t[2] = mul32x32_64(state->h0,state->r2) +
- mul32x32_64(state->h1,state->r1) +
- mul32x32_64(state->h2,state->r0) +
- mul32x32_64(state->h3,state->s4) +
- mul32x32_64(state->h4,state->s3);
- t[3] = mul32x32_64(state->h0,state->r3) +
- mul32x32_64(state->h1,state->r2) +
- mul32x32_64(state->h2,state->r1) +
- mul32x32_64(state->h3,state->r0) +
- mul32x32_64(state->h4,state->s4);
- t[4] = mul32x32_64(state->h0,state->r4) +
- mul32x32_64(state->h1,state->r3) +
- mul32x32_64(state->h2,state->r2) +
- mul32x32_64(state->h3,state->r1) +
- mul32x32_64(state->h4,state->r0);
-
- state->h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26);
- t[1] += c; state->h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26);
- t[2] += b; state->h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26);
- t[3] += b; state->h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26);
- t[4] += b; state->h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26);
- state->h0 += b * 5;
-
- if (len >= 16)
- goto poly1305_donna_16bytes;
-
- /* final bytes */
+ t[0] = mul32x32_64(state->h0, state->r0) +
+ mul32x32_64(state->h1, state->s4) +
+ mul32x32_64(state->h2, state->s3) +
+ mul32x32_64(state->h3, state->s2) +
+ mul32x32_64(state->h4, state->s1);
+ t[1] = mul32x32_64(state->h0, state->r1) +
+ mul32x32_64(state->h1, state->r0) +
+ mul32x32_64(state->h2, state->s4) +
+ mul32x32_64(state->h3, state->s3) +
+ mul32x32_64(state->h4, state->s2);
+ t[2] = mul32x32_64(state->h0, state->r2) +
+ mul32x32_64(state->h1, state->r1) +
+ mul32x32_64(state->h2, state->r0) +
+ mul32x32_64(state->h3, state->s4) +
+ mul32x32_64(state->h4, state->s3);
+ t[3] = mul32x32_64(state->h0, state->r3) +
+ mul32x32_64(state->h1, state->r2) +
+ mul32x32_64(state->h2, state->r1) +
+ mul32x32_64(state->h3, state->r0) +
+ mul32x32_64(state->h4, state->s4);
+ t[4] = mul32x32_64(state->h0, state->r4) +
+ mul32x32_64(state->h1, state->r3) +
+ mul32x32_64(state->h2, state->r2) +
+ mul32x32_64(state->h3, state->r1) +
+ mul32x32_64(state->h4, state->r0);
+
+ state->h0 = (uint32_t)t[0] & 0x3ffffff;
+ c = (t[0] >> 26);
+ t[1] += c;
+ state->h1 = (uint32_t)t[1] & 0x3ffffff;
+ b = (uint32_t)(t[1] >> 26);
+ t[2] += b;
+ state->h2 = (uint32_t)t[2] & 0x3ffffff;
+ b = (uint32_t)(t[2] >> 26);
+ t[3] += b;
+ state->h3 = (uint32_t)t[3] & 0x3ffffff;
+ b = (uint32_t)(t[3] >> 26);
+ t[4] += b;
+ state->h4 = (uint32_t)t[4] & 0x3ffffff;
+ b = (uint32_t)(t[4] >> 26);
+ state->h0 += b * 5;
+
+ if (len >= 16)
+ goto poly1305_donna_16bytes;
+
+/* final bytes */
poly1305_donna_atmost15bytes:
- if (!len)
- return;
-
- for (j = 0; j < len; j++)
- mp[j] = in[j];
- mp[j++] = 1;
- for (; j < 16; j++)
- mp[j] = 0;
- len = 0;
-
- t0 = U8TO32_LE(mp+0);
- t1 = U8TO32_LE(mp+4);
- t2 = U8TO32_LE(mp+8);
- t3 = U8TO32_LE(mp+12);
-
- state->h0 += t0 & 0x3ffffff;
- state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
- state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
- state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
- state->h4 += (t3 >> 8);
-
- goto poly1305_donna_mul;
+ if (!len)
+ return;
+
+ for (j = 0; j < len; j++)
+ mp[j] = in[j];
+ mp[j++] = 1;
+ for (; j < 16; j++)
+ mp[j] = 0;
+ len = 0;
+
+ t0 = U8TO32_LE(mp + 0);
+ t1 = U8TO32_LE(mp + 4);
+ t2 = U8TO32_LE(mp + 8);
+ t3 = U8TO32_LE(mp + 12);
+
+ state->h0 += t0 & 0x3ffffff;
+ state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
+ state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
+ state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
+ state->h4 += (t3 >> 8);
+
+ goto poly1305_donna_mul;
}
-void Poly1305Init(poly1305_state *statep, const unsigned char key[32]) {
- struct poly1305_state_st *state = (struct poly1305_state_st*) statep;
- uint32_t t0,t1,t2,t3;
-
- t0 = U8TO32_LE(key+0);
- t1 = U8TO32_LE(key+4);
- t2 = U8TO32_LE(key+8);
- t3 = U8TO32_LE(key+12);
-
- /* precompute multipliers */
- state->r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6;
- state->r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12;
- state->r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18;
- state->r3 = t2 & 0x3f03fff; t3 >>= 8;
- state->r4 = t3 & 0x00fffff;
-
- state->s1 = state->r1 * 5;
- state->s2 = state->r2 * 5;
- state->s3 = state->r3 * 5;
- state->s4 = state->r4 * 5;
-
- /* init state */
- state->h0 = 0;
- state->h1 = 0;
- state->h2 = 0;
- state->h3 = 0;
- state->h4 = 0;
-
- state->buf_used = 0;
- memcpy(state->key, key + 16, sizeof(state->key));
+void
+Poly1305Init(poly1305_state *statep, const unsigned char key[32])
+{
+ struct poly1305_state_st *state = (struct poly1305_state_st *)statep;
+ uint32_t t0, t1, t2, t3;
+
+ t0 = U8TO32_LE(key + 0);
+ t1 = U8TO32_LE(key + 4);
+ t2 = U8TO32_LE(key + 8);
+ t3 = U8TO32_LE(key + 12);
+
+ /* precompute multipliers */
+ state->r0 = t0 & 0x3ffffff;
+ t0 >>= 26;
+ t0 |= t1 << 6;
+ state->r1 = t0 & 0x3ffff03;
+ t1 >>= 20;
+ t1 |= t2 << 12;
+ state->r2 = t1 & 0x3ffc0ff;
+ t2 >>= 14;
+ t2 |= t3 << 18;
+ state->r3 = t2 & 0x3f03fff;
+ t3 >>= 8;
+ state->r4 = t3 & 0x00fffff;
+
+ state->s1 = state->r1 * 5;
+ state->s2 = state->r2 * 5;
+ state->s3 = state->r3 * 5;
+ state->s4 = state->r4 * 5;
+
+ /* init state */
+ state->h0 = 0;
+ state->h1 = 0;
+ state->h2 = 0;
+ state->h3 = 0;
+ state->h4 = 0;
+
+ state->buf_used = 0;
+ memcpy(state->key, key + 16, sizeof(state->key));
}
-void Poly1305Update(poly1305_state *statep, const unsigned char *in,
- size_t in_len) {
- unsigned int i;
- struct poly1305_state_st *state = (struct poly1305_state_st*) statep;
-
- if (state->buf_used) {
- unsigned int todo = 16 - state->buf_used;
- if (todo > in_len)
- todo = in_len;
- for (i = 0; i < todo; i++)
- state->buf[state->buf_used + i] = in[i];
- state->buf_used += todo;
- in_len -= todo;
- in += todo;
-
- if (state->buf_used == 16) {
- update(state, state->buf, 16);
- state->buf_used = 0;
- }
- }
-
- if (in_len >= 16) {
- size_t todo = in_len & ~0xf;
- update(state, in, todo);
- in += todo;
- in_len &= 0xf;
- }
-
- if (in_len) {
- for (i = 0; i < in_len; i++)
- state->buf[i] = in[i];
- state->buf_used = in_len;
- }
+void
+Poly1305Update(poly1305_state *statep, const unsigned char *in,
+ size_t in_len)
+{
+ unsigned int i;
+ struct poly1305_state_st *state = (struct poly1305_state_st *)statep;
+
+ if (state->buf_used) {
+ unsigned int todo = 16 - state->buf_used;
+ if (todo > in_len)
+ todo = in_len;
+ for (i = 0; i < todo; i++)
+ state->buf[state->buf_used + i] = in[i];
+ state->buf_used += todo;
+ in_len -= todo;
+ in += todo;
+
+ if (state->buf_used == 16) {
+ update(state, state->buf, 16);
+ state->buf_used = 0;
+ }
+ }
+
+ if (in_len >= 16) {
+ size_t todo = in_len & ~0xf;
+ update(state, in, todo);
+ in += todo;
+ in_len &= 0xf;
+ }
+
+ if (in_len) {
+ for (i = 0; i < in_len; i++)
+ state->buf[i] = in[i];
+ state->buf_used = in_len;
+ }
}
-void Poly1305Finish(poly1305_state *statep, unsigned char mac[16]) {
- struct poly1305_state_st *state = (struct poly1305_state_st*) statep;
- uint64_t f0,f1,f2,f3;
- uint32_t g0,g1,g2,g3,g4;
- uint32_t b, nb;
-
- if (state->buf_used)
- update(state, state->buf, state->buf_used);
-
- b = state->h0 >> 26; state->h0 = state->h0 & 0x3ffffff;
- state->h1 += b; b = state->h1 >> 26; state->h1 = state->h1 & 0x3ffffff;
- state->h2 += b; b = state->h2 >> 26; state->h2 = state->h2 & 0x3ffffff;
- state->h3 += b; b = state->h3 >> 26; state->h3 = state->h3 & 0x3ffffff;
- state->h4 += b; b = state->h4 >> 26; state->h4 = state->h4 & 0x3ffffff;
- state->h0 += b * 5;
-
- g0 = state->h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff;
- g1 = state->h1 + b; b = g1 >> 26; g1 &= 0x3ffffff;
- g2 = state->h2 + b; b = g2 >> 26; g2 &= 0x3ffffff;
- g3 = state->h3 + b; b = g3 >> 26; g3 &= 0x3ffffff;
- g4 = state->h4 + b - (1 << 26);
-
- b = (g4 >> 31) - 1;
- nb = ~b;
- state->h0 = (state->h0 & nb) | (g0 & b);
- state->h1 = (state->h1 & nb) | (g1 & b);
- state->h2 = (state->h2 & nb) | (g2 & b);
- state->h3 = (state->h3 & nb) | (g3 & b);
- state->h4 = (state->h4 & nb) | (g4 & b);
-
- f0 = ((state->h0 ) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]);
- f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&state->key[4]);
- f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&state->key[8]);
- f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&state->key[12]);
-
- U32TO8_LE(&mac[ 0], (uint32_t)f0); f1 += (f0 >> 32);
- U32TO8_LE(&mac[ 4], (uint32_t)f1); f2 += (f1 >> 32);
- U32TO8_LE(&mac[ 8], (uint32_t)f2); f3 += (f2 >> 32);
- U32TO8_LE(&mac[12], (uint32_t)f3);
+void
+Poly1305Finish(poly1305_state *statep, unsigned char mac[16])
+{
+ struct poly1305_state_st *state = (struct poly1305_state_st *)statep;
+ uint64_t f0, f1, f2, f3;
+ uint32_t g0, g1, g2, g3, g4;
+ uint32_t b, nb;
+
+ if (state->buf_used)
+ update(state, state->buf, state->buf_used);
+
+ b = state->h0 >> 26;
+ state->h0 = state->h0 & 0x3ffffff;
+ state->h1 += b;
+ b = state->h1 >> 26;
+ state->h1 = state->h1 & 0x3ffffff;
+ state->h2 += b;
+ b = state->h2 >> 26;
+ state->h2 = state->h2 & 0x3ffffff;
+ state->h3 += b;
+ b = state->h3 >> 26;
+ state->h3 = state->h3 & 0x3ffffff;
+ state->h4 += b;
+ b = state->h4 >> 26;
+ state->h4 = state->h4 & 0x3ffffff;
+ state->h0 += b * 5;
+
+ g0 = state->h0 + 5;
+ b = g0 >> 26;
+ g0 &= 0x3ffffff;
+ g1 = state->h1 + b;
+ b = g1 >> 26;
+ g1 &= 0x3ffffff;
+ g2 = state->h2 + b;
+ b = g2 >> 26;
+ g2 &= 0x3ffffff;
+ g3 = state->h3 + b;
+ b = g3 >> 26;
+ g3 &= 0x3ffffff;
+ g4 = state->h4 + b - (1 << 26);
+
+ b = (g4 >> 31) - 1;
+ nb = ~b;
+ state->h0 = (state->h0 & nb) | (g0 & b);
+ state->h1 = (state->h1 & nb) | (g1 & b);
+ state->h2 = (state->h2 & nb) | (g2 & b);
+ state->h3 = (state->h3 & nb) | (g3 & b);
+ state->h4 = (state->h4 & nb) | (g4 & b);
+
+ f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]);
+ f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&state->key[4]);
+ f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&state->key[8]);
+ f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&state->key[12]);
+
+ U32TO8_LE(&mac[0], (uint32_t)f0);
+ f1 += (f0 >> 32);
+ U32TO8_LE(&mac[4], (uint32_t)f1);
+ f2 += (f1 >> 32);
+ U32TO8_LE(&mac[8], (uint32_t)f2);
+ f3 += (f2 >> 32);
+ U32TO8_LE(&mac[12], (uint32_t)f3);
}
diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
index 3380adf33..2f24afd24 100644
--- a/lib/freebl/pqg.c
+++ b/lib/freebl/pqg.c
@@ -20,20 +20,20 @@
#include "mplogic.h"
#include "secmpi.h"
-#define MAX_ITERATIONS 1000 /* Maximum number of iterations of primegen */
+#define MAX_ITERATIONS 1000 /* Maximum number of iterations of primegen */
typedef enum {
- FIPS186_1_TYPE, /* Probablistic */
- FIPS186_3_TYPE, /* Probablistic */
- FIPS186_3_ST_TYPE /* Shawe-Taylor provable */
+ FIPS186_1_TYPE, /* Probablistic */
+ FIPS186_3_TYPE, /* Probablistic */
+ FIPS186_3_ST_TYPE /* Shawe-Taylor provable */
} pqgGenType;
/*
* These test iterations are quite a bit larger than we previously had.
* This is because FIPS 186-3 is worried about the primes in PQG generation.
- * It may be possible to purposefully construct composites which more
- * iterations of Miller-Rabin than the for your normal randomly selected
- * numbers.There are 3 ways to counter this: 1) use one of the cool provably
+ * It may be possible to purposefully construct composites which more
+ * iterations of Miller-Rabin than the for your normal randomly selected
+ * numbers.There are 3 ways to counter this: 1) use one of the cool provably
* prime algorithms (which would require a lot more work than DSA-2 deservers.
* 2) add a Lucas primality test (which requires coding a Lucas primality test,
* or 3) use a larger M-R test count. I chose the latter. It increases the time
@@ -47,14 +47,14 @@ static int
prime_testcount_p(int L, int N)
{
switch (L) {
- case 1024:
- return 40;
- case 2048:
- return 56;
- case 3072:
- return 64;
- default:
- break;
+ case 1024:
+ return 40;
+ case 2048:
+ return 56;
+ case 3072:
+ return 64;
+ default:
+ break;
}
return 50; /* L = 512-960 */
}
@@ -65,11 +65,11 @@ prime_testcount_p(int L, int N)
static int
prime_testcount_q(int L, int N)
{
- return prime_testcount_p(L,N);
+ return prime_testcount_p(L, N);
}
/*
- * generic function to make sure our input matches DSA2 requirements
+ * generic function to make sure our input matches DSA2 requirements
* this gives us one place to go if we need to bump the requirements in the
* future.
*/
@@ -78,27 +78,27 @@ pqg_validate_dsa2(unsigned int L, unsigned int N)
{
switch (L) {
- case 1024:
- if (N != DSA1_Q_BITS) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- break;
- case 2048:
- if ((N != 224) && (N != 256)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- break;
- case 3072:
- if (N != 256) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ case 1024:
+ if (N != DSA1_Q_BITS) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ break;
+ case 2048:
+ if ((N != 224) && (N != 256)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ break;
+ case 3072:
+ if (N != 256) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
}
@@ -108,18 +108,18 @@ pqg_get_default_N(unsigned int L)
{
unsigned int N = 0;
switch (L) {
- case 1024:
- N = DSA1_Q_BITS;
- break;
- case 2048:
- N = 224;
- break;
- case 3072:
- N = 256;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- break; /* N already set to zero */
+ case 1024:
+ N = DSA1_Q_BITS;
+ break;
+ case 2048:
+ N = 224;
+ break;
+ case 3072:
+ N = 256;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ break; /* N already set to zero */
}
return N;
}
@@ -131,16 +131,16 @@ static HASH_HashType
getFirstHash(unsigned int L, unsigned int N)
{
if (N < 224) {
- return HASH_AlgSHA1;
+ return HASH_AlgSHA1;
}
if (N < 256) {
- return HASH_AlgSHA224;
+ return HASH_AlgSHA224;
}
if (N < 384) {
- return HASH_AlgSHA256;
+ return HASH_AlgSHA256;
}
if (N < 512) {
- return HASH_AlgSHA384;
+ return HASH_AlgSHA384;
}
return HASH_AlgSHA512;
}
@@ -152,22 +152,22 @@ static HASH_HashType
getNextHash(HASH_HashType hashtype)
{
switch (hashtype) {
- case HASH_AlgSHA1:
- hashtype = HASH_AlgSHA224;
- break;
- case HASH_AlgSHA224:
- hashtype = HASH_AlgSHA256;
- break;
- case HASH_AlgSHA256:
- hashtype = HASH_AlgSHA384;
- break;
- case HASH_AlgSHA384:
- hashtype = HASH_AlgSHA512;
- break;
- case HASH_AlgSHA512:
- default:
- hashtype = HASH_AlgTOTAL;
- break;
+ case HASH_AlgSHA1:
+ hashtype = HASH_AlgSHA224;
+ break;
+ case HASH_AlgSHA224:
+ hashtype = HASH_AlgSHA256;
+ break;
+ case HASH_AlgSHA256:
+ hashtype = HASH_AlgSHA384;
+ break;
+ case HASH_AlgSHA384:
+ hashtype = HASH_AlgSHA512;
+ break;
+ case HASH_AlgSHA512:
+ default:
+ hashtype = HASH_AlgTOTAL;
+ break;
}
return hashtype;
}
@@ -188,23 +188,23 @@ HASH_ResultLen(HASH_HashType type)
static SECStatus
HASH_HashBuf(HASH_HashType type, unsigned char *dest,
- const unsigned char *src, PRUint32 src_len)
+ const unsigned char *src, PRUint32 src_len)
{
const SECHashObject *hash_obj = HASH_GetRawHashObject(type);
void *hashcx = NULL;
unsigned int dummy;
if (hash_obj == NULL) {
- return SECFailure;
+ return SECFailure;
}
hashcx = hash_obj->create();
if (hashcx == NULL) {
- return SECFailure;
+ return SECFailure;
}
hash_obj->begin(hashcx);
- hash_obj->update(hashcx,src,src_len);
- hash_obj->end(hashcx,dest, &dummy, hash_obj->length);
+ hash_obj->update(hashcx, src, src_len);
+ hash_obj->end(hashcx, dest, &dummy, hash_obj->length);
hash_obj->destroy(hashcx, PR_TRUE);
return SECSuccess;
}
@@ -215,10 +215,10 @@ PQG_GetLength(const SECItem *obj)
unsigned int len = obj->len;
if (obj->data == NULL) {
- return 0;
+ return 0;
}
if (len > 1 && obj->data[0] == 0) {
- len--;
+ len--;
}
return len;
}
@@ -226,33 +226,33 @@ PQG_GetLength(const SECItem *obj)
SECStatus
PQG_Check(const PQGParams *params)
{
- unsigned int L,N;
+ unsigned int L, N;
SECStatus rv = SECSuccess;
if (params == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
- L = PQG_GetLength(&params->prime)*PR_BITS_PER_BYTE;
- N = PQG_GetLength(&params->subPrime)*PR_BITS_PER_BYTE;
+ L = PQG_GetLength(&params->prime) * PR_BITS_PER_BYTE;
+ N = PQG_GetLength(&params->subPrime) * PR_BITS_PER_BYTE;
if (L < 1024) {
- int j;
-
- /* handle DSA1 pqg parameters with less thatn 1024 bits*/
- if ( N != DSA1_Q_BITS ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- j = PQG_PBITS_TO_INDEX(L);
- if ( j < 0 ) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- rv = SECFailure;
- }
+ int j;
+
+ /* handle DSA1 pqg parameters with less thatn 1024 bits*/
+ if (N != DSA1_Q_BITS) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ j = PQG_PBITS_TO_INDEX(L);
+ if (j < 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ }
} else {
- /* handle DSA2 parameters (includes DSA1, 1024 bits) */
- rv = pqg_validate_dsa2(L, N);
+ /* handle DSA2 parameters (includes DSA1, 1024 bits) */
+ rv = pqg_validate_dsa2(L, N);
}
return rv;
}
@@ -260,15 +260,15 @@ PQG_Check(const PQGParams *params)
HASH_HashType
PQG_GetHashType(const PQGParams *params)
{
- unsigned int L,N;
+ unsigned int L, N;
if (params == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return HASH_AlgNULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return HASH_AlgNULL;
}
- L = PQG_GetLength(&params->prime)*PR_BITS_PER_BYTE;
- N = PQG_GetLength(&params->subPrime)*PR_BITS_PER_BYTE;
+ L = PQG_GetLength(&params->prime) * PR_BITS_PER_BYTE;
+ N = PQG_GetLength(&params->subPrime) * PR_BITS_PER_BYTE;
return getFirstHash(L, N);
}
@@ -277,16 +277,16 @@ PQG_GetHashType(const PQGParams *params)
** global random number generator.
*/
static SECStatus
-getPQseed(SECItem *seed, PLArenaPool* arena)
+getPQseed(SECItem *seed, PLArenaPool *arena)
{
SECStatus rv;
if (!seed->data) {
- seed->data = (unsigned char*)PORT_ArenaZAlloc(arena, seed->len);
+ seed->data = (unsigned char *)PORT_ArenaZAlloc(arena, seed->len);
}
if (!seed->data) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
}
rv = RNG_GenerateGlobalRandomBytes(seed->data, seed->len);
/*
@@ -307,52 +307,52 @@ static SECStatus
generate_h_candidate(SECItem *hit, mp_int *H)
{
SECStatus rv = SECSuccess;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
#ifdef FIPS_186_1_A5_TEST
memset(hit->data, 0, hit->len);
- hit->data[hit->len-1] = 0x02;
+ hit->data[hit->len - 1] = 0x02;
#else
rv = RNG_GenerateGlobalRandomBytes(hit->data, hit->len);
#endif
if (rv)
- return SECFailure;
+ return SECFailure;
err = mp_read_unsigned_octets(H, hit->data, hit->len);
if (err) {
- MP_TO_SEC_ERROR(err);
- return SECFailure;
+ MP_TO_SEC_ERROR(err);
+ return SECFailure;
}
return SECSuccess;
}
static SECStatus
-addToSeed(const SECItem * seed,
- unsigned long addend,
- int seedlen, /* g in 186-1 */
- SECItem * seedout)
+addToSeed(const SECItem *seed,
+ unsigned long addend,
+ int seedlen, /* g in 186-1 */
+ SECItem *seedout)
{
mp_int s, sum, modulus, tmp;
- mp_err err = MP_OKAY;
- SECStatus rv = SECSuccess;
- MP_DIGITS(&s) = 0;
- MP_DIGITS(&sum) = 0;
+ mp_err err = MP_OKAY;
+ SECStatus rv = SECSuccess;
+ MP_DIGITS(&s) = 0;
+ MP_DIGITS(&sum) = 0;
MP_DIGITS(&modulus) = 0;
- MP_DIGITS(&tmp) = 0;
- CHECK_MPI_OK( mp_init(&s) );
- CHECK_MPI_OK( mp_init(&sum) );
- CHECK_MPI_OK( mp_init(&modulus) );
+ MP_DIGITS(&tmp) = 0;
+ CHECK_MPI_OK(mp_init(&s));
+ CHECK_MPI_OK(mp_init(&sum));
+ CHECK_MPI_OK(mp_init(&modulus));
SECITEM_TO_MPINT(*seed, &s); /* s = seed */
/* seed += addend */
if (addend < MP_DIGIT_MAX) {
- CHECK_MPI_OK( mp_add_d(&s, (mp_digit)addend, &s) );
+ CHECK_MPI_OK(mp_add_d(&s, (mp_digit)addend, &s));
} else {
- CHECK_MPI_OK( mp_init(&tmp) );
- CHECK_MPI_OK( mp_set_ulong(&tmp, addend) );
- CHECK_MPI_OK( mp_add(&s, &tmp, &s) );
+ CHECK_MPI_OK(mp_init(&tmp));
+ CHECK_MPI_OK(mp_set_ulong(&tmp, addend));
+ CHECK_MPI_OK(mp_add(&s, &tmp, &s));
}
/*sum = s mod 2**seedlen */
- CHECK_MPI_OK( mp_div_2d(&s, (mp_digit)seedlen, NULL, &sum) );
+ CHECK_MPI_OK(mp_div_2d(&s, (mp_digit)seedlen, NULL, &sum));
if (seedout->data != NULL) {
- SECITEM_ZfreeItem(seedout, PR_FALSE);
+ SECITEM_ZfreeItem(seedout, PR_FALSE);
}
MPINT_TO_SECITEM(&sum, seedout, NULL);
cleanup:
@@ -361,8 +361,8 @@ cleanup:
mp_clear(&modulus);
mp_clear(&tmp);
if (err) {
- MP_TO_SEC_ERROR(err);
- return SECFailure;
+ MP_TO_SEC_ERROR(err);
+ return SECFailure;
}
return rv;
}
@@ -373,21 +373,21 @@ cleanup:
** step 11.2 of FIPS 186-3 Appendix A.1.1.2 .
*/
static SECStatus
-addToSeedThenHash(HASH_HashType hashtype,
- const SECItem * seed,
- unsigned long addend,
- int seedlen, /* g in 186-1 */
- unsigned char * hashOutBuf)
+addToSeedThenHash(HASH_HashType hashtype,
+ const SECItem *seed,
+ unsigned long addend,
+ int seedlen, /* g in 186-1 */
+ unsigned char *hashOutBuf)
{
SECItem str = { 0, 0, 0 };
SECStatus rv;
rv = addToSeed(seed, addend, seedlen, &str);
if (rv != SECSuccess) {
- return rv;
+ return rv;
}
- rv = HASH_HashBuf(hashtype, hashOutBuf, str.data, str.len);/* hash result */
+ rv = HASH_HashBuf(hashtype, hashOutBuf, str.data, str.len); /* hash result */
if (str.data)
- SECITEM_ZfreeItem(&str, PR_FALSE);
+ SECITEM_ZfreeItem(&str, PR_FALSE);
return rv;
}
@@ -397,42 +397,42 @@ addToSeedThenHash(HASH_HashType hashtype,
*/
static SECStatus
makeQfromSeed(
- unsigned int g, /* input. Length of seed in bits. */
-const SECItem * seed, /* input. */
- mp_int * Q) /* output. */
+ unsigned int g, /* input. Length of seed in bits. */
+ const SECItem *seed, /* input. */
+ mp_int *Q) /* output. */
{
unsigned char sha1[SHA1_LENGTH];
unsigned char sha2[SHA1_LENGTH];
unsigned char U[SHA1_LENGTH];
- SECStatus rv = SECSuccess;
- mp_err err = MP_OKAY;
+ SECStatus rv = SECSuccess;
+ mp_err err = MP_OKAY;
int i;
/* ******************************************************************
** Step 2.
** "Compute U = SHA[SEED] XOR SHA[(SEED+1) mod 2**g]."
**/
- CHECK_SEC_OK( SHA1_HashBuf(sha1, seed->data, seed->len) );
- CHECK_SEC_OK( addToSeedThenHash(HASH_AlgSHA1, seed, 1, g, sha2) );
- for (i=0; i<SHA1_LENGTH; ++i)
- U[i] = sha1[i] ^ sha2[i];
+ CHECK_SEC_OK(SHA1_HashBuf(sha1, seed->data, seed->len));
+ CHECK_SEC_OK(addToSeedThenHash(HASH_AlgSHA1, seed, 1, g, sha2));
+ for (i = 0; i < SHA1_LENGTH; ++i)
+ U[i] = sha1[i] ^ sha2[i];
/* ******************************************************************
** Step 3.
** "Form Q from U by setting the most signficant bit (the 2**159 bit)
** and the least signficant bit to 1. In terms of boolean operations,
** Q = U OR 2**159 OR 1. Note that 2**159 < Q < 2**160."
*/
- U[0] |= 0x80; /* U is MSB first */
- U[SHA1_LENGTH-1] |= 0x01;
+ U[0] |= 0x80; /* U is MSB first */
+ U[SHA1_LENGTH - 1] |= 0x01;
err = mp_read_unsigned_octets(Q, U, SHA1_LENGTH);
cleanup:
- memset(U, 0, SHA1_LENGTH);
- memset(sha1, 0, SHA1_LENGTH);
- memset(sha2, 0, SHA1_LENGTH);
- if (err) {
- MP_TO_SEC_ERROR(err);
- return SECFailure;
- }
- return rv;
+ memset(U, 0, SHA1_LENGTH);
+ memset(sha1, 0, SHA1_LENGTH);
+ memset(sha2, 0, SHA1_LENGTH);
+ if (err) {
+ MP_TO_SEC_ERROR(err);
+ return SECFailure;
+ }
+ return rv;
}
/*
@@ -441,15 +441,15 @@ cleanup:
*/
static SECStatus
makeQ2fromSeed(
- HASH_HashType hashtype, /* selected Hashing algorithm */
- unsigned int N, /* input. Length of q in bits. */
-const SECItem * seed, /* input. */
- mp_int * Q) /* output. */
+ HASH_HashType hashtype, /* selected Hashing algorithm */
+ unsigned int N, /* input. Length of q in bits. */
+ const SECItem *seed, /* input. */
+ mp_int *Q) /* output. */
{
unsigned char U[HASH_LENGTH_MAX];
- SECStatus rv = SECSuccess;
- mp_err err = MP_OKAY;
- int N_bytes = N/PR_BITS_PER_BYTE; /* length of N in bytes rather than bits */
+ SECStatus rv = SECSuccess;
+ mp_err err = MP_OKAY;
+ int N_bytes = N / PR_BITS_PER_BYTE; /* length of N in bytes rather than bits */
int hashLen = HASH_ResultLen(hashtype);
int offset = 0;
@@ -457,29 +457,29 @@ const SECItem * seed, /* input. */
** Step 6.
** "Compute U = hash[SEED] mod 2**N-1]."
**/
- CHECK_SEC_OK( HASH_HashBuf(hashtype, U, seed->data, seed->len) );
+ CHECK_SEC_OK(HASH_HashBuf(hashtype, U, seed->data, seed->len));
/* mod 2**N . Step 7 will explicitly set the top bit to 1, so no need
* to handle mod 2**N-1 */
- if (hashLen > N_bytes) {
- offset = hashLen - N_bytes;
+ if (hashLen > N_bytes) {
+ offset = hashLen - N_bytes;
}
/* ******************************************************************
** Step 7.
** computed_q = 2**(N-1) + U + 1 - (U mod 2)
- **
+ **
** This is the same as:
** computed_q = 2**(N-1) | U | 1;
*/
- U[offset] |= 0x80; /* U is MSB first */
- U[hashLen-1] |= 0x01;
+ U[offset] |= 0x80; /* U is MSB first */
+ U[hashLen - 1] |= 0x01;
err = mp_read_unsigned_octets(Q, &U[offset], N_bytes);
cleanup:
- memset(U, 0, HASH_LENGTH_MAX);
- if (err) {
- MP_TO_SEC_ERROR(err);
- return SECFailure;
- }
- return rv;
+ memset(U, 0, HASH_LENGTH_MAX);
+ if (err) {
+ MP_TO_SEC_ERROR(err);
+ return SECFailure;
+ }
+ return rv;
}
/*
@@ -491,16 +491,16 @@ cleanup:
** This implments steps 4 thorough 22 of FIPS 186-3 A.1.2.1 and
** steps 16 through 34 of FIPS 186-2 C.6
*/
-#define MAX_ST_SEED_BITS (HASH_LENGTH_MAX*PR_BITS_PER_BYTE)
+#define MAX_ST_SEED_BITS (HASH_LENGTH_MAX * PR_BITS_PER_BYTE)
static SECStatus
makePrimefromPrimesShaweTaylor(
- HASH_HashType hashtype, /* selected Hashing algorithm */
- unsigned int length, /* input. Length of prime in bits. */
- mp_int * c0, /* seed prime */
- mp_int * q, /* sub prime, can be 1 */
- mp_int * prime, /* output. */
- SECItem * prime_seed, /* input/output. */
- unsigned int *prime_gen_counter) /* input/output. */
+ HASH_HashType hashtype, /* selected Hashing algorithm */
+ unsigned int length, /* input. Length of prime in bits. */
+ mp_int *c0, /* seed prime */
+ mp_int *q, /* sub prime, can be 1 */
+ mp_int *prime, /* output. */
+ SECItem *prime_seed, /* input/output. */
+ unsigned int *prime_gen_counter) /* input/output. */
{
mp_int c;
mp_int c0_2;
@@ -510,13 +510,13 @@ makePrimefromPrimesShaweTaylor(
mp_int two_length_minus_1;
SECStatus rv = SECFailure;
int hashlen = HASH_ResultLen(hashtype);
- int outlen = hashlen*PR_BITS_PER_BYTE;
+ int outlen = hashlen * PR_BITS_PER_BYTE;
int offset;
unsigned char bit, mask;
/* x needs to hold roundup(L/outlen)*outlen.
* This can be no larger than L+outlen-1, So we set it's size to
* our max L + max outlen and know we are safe */
- unsigned char x[DSA_MAX_P_BITS/8+HASH_LENGTH_MAX];
+ unsigned char x[DSA_MAX_P_BITS / 8 + HASH_LENGTH_MAX];
mp_err err = MP_OKAY;
int i;
int iterations;
@@ -528,13 +528,12 @@ makePrimefromPrimesShaweTaylor(
MP_DIGITS(&a) = 0;
MP_DIGITS(&z) = 0;
MP_DIGITS(&two_length_minus_1) = 0;
- CHECK_MPI_OK( mp_init(&c) );
- CHECK_MPI_OK( mp_init(&c0_2) );
- CHECK_MPI_OK( mp_init(&t) );
- CHECK_MPI_OK( mp_init(&a) );
- CHECK_MPI_OK( mp_init(&z) );
- CHECK_MPI_OK( mp_init(&two_length_minus_1) );
-
+ CHECK_MPI_OK(mp_init(&c));
+ CHECK_MPI_OK(mp_init(&c0_2));
+ CHECK_MPI_OK(mp_init(&t));
+ CHECK_MPI_OK(mp_init(&a));
+ CHECK_MPI_OK(mp_init(&z));
+ CHECK_MPI_OK(mp_init(&two_length_minus_1));
/*
** There is a slight mapping of variable names depending on which
@@ -553,10 +552,10 @@ makePrimefromPrimesShaweTaylor(
*/
/* Step 4/16 iterations = ceiling(length/outlen)-1 */
- iterations = (length+outlen-1)/outlen; /* NOTE: iterations +1 */
+ iterations = (length + outlen - 1) / outlen; /* NOTE: iterations +1 */
/* Step 5/17 old_counter = prime_gen_counter */
old_counter = *prime_gen_counter;
- /*
+ /*
** Comment: Generate a pseudorandom integer x in the interval
** [2**(lenght-1), 2**length].
**
@@ -567,31 +566,31 @@ makePrimefromPrimesShaweTaylor(
** Step 7/19 for i = 0 to iterations do
** x = x + (HASH(prime_seed + i) * 2^(i*outlen))
*/
- for (i=0; i < iterations; i++) {
- /* is bigger than prime_seed should get to */
- CHECK_SEC_OK( addToSeedThenHash(hashtype, prime_seed, i,
- MAX_ST_SEED_BITS,&x[(iterations - i - 1)*hashlen]));
+ for (i = 0; i < iterations; i++) {
+ /* is bigger than prime_seed should get to */
+ CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, i,
+ MAX_ST_SEED_BITS, &x[(iterations - i - 1) * hashlen]));
}
/* Step 8/20 prime_seed = prime_seed + iterations + 1 */
- CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS,
- prime_seed));
+ CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS,
+ prime_seed));
/*
- ** Step 9/21 x = 2 ** (length-1) + x mod 2 ** (length-1)
+ ** Step 9/21 x = 2 ** (length-1) + x mod 2 ** (length-1)
**
** This step mathematically sets the high bit and clears out
** all the other bits higher than length. 'x' is stored
- ** in the x array, MSB first. The above formula gives us an 'x'
- ** which is length bytes long and has the high bit set. We also know
- ** that length <= iterations*outlen since
- ** iterations=ceiling(length/outlen). First we find the offset in
+ ** in the x array, MSB first. The above formula gives us an 'x'
+ ** which is length bytes long and has the high bit set. We also know
+ ** that length <= iterations*outlen since
+ ** iterations=ceiling(length/outlen). First we find the offset in
** bytes into the array where the high bit is.
*/
- offset = (outlen*iterations - length)/PR_BITS_PER_BYTE;
- /* now we want to set the 'high bit', since length may not be a
+ offset = (outlen * iterations - length) / PR_BITS_PER_BYTE;
+ /* now we want to set the 'high bit', since length may not be a
* multiple of 8,*/
- bit = 1 << ((length-1) & 0x7); /* select the proper bit in the byte */
+ bit = 1 << ((length - 1) & 0x7); /* select the proper bit in the byte */
/* we need to zero out the rest of the bits in the byte above */
- mask = (bit-1);
+ mask = (bit - 1);
/* now we set it */
x[offset] = (mask & x[offset]) | bit;
/*
@@ -601,34 +600,34 @@ makePrimefromPrimesShaweTaylor(
** Step 10 t = ceiling(x/(2q(p0)))
** Step 22 t = ceiling(x/(2(c0)))
*/
- CHECK_MPI_OK( mp_read_unsigned_octets(&t, &x[offset],
- hashlen*iterations - offset ) ); /* t = x */
- CHECK_MPI_OK( mp_mul(c0, q, &c0_2) ); /* c0_2 is now c0*q */
- CHECK_MPI_OK( mp_add(&c0_2, &c0_2, &c0_2) ); /* c0_2 is now 2*q*c0 */
- CHECK_MPI_OK( mp_add(&t, &c0_2, &t) ); /* t = x+2*q*c0 */
- CHECK_MPI_OK( mp_sub_d(&t, (mp_digit) 1, &t) ); /* t = x+2*q*c0 -1 */
+ CHECK_MPI_OK(mp_read_unsigned_octets(&t, &x[offset],
+ hashlen * iterations - offset)); /* t = x */
+ CHECK_MPI_OK(mp_mul(c0, q, &c0_2)); /* c0_2 is now c0*q */
+ CHECK_MPI_OK(mp_add(&c0_2, &c0_2, &c0_2)); /* c0_2 is now 2*q*c0 */
+ CHECK_MPI_OK(mp_add(&t, &c0_2, &t)); /* t = x+2*q*c0 */
+ CHECK_MPI_OK(mp_sub_d(&t, (mp_digit)1, &t)); /* t = x+2*q*c0 -1 */
/* t = floor((x+2qc0-1)/2qc0) = ceil(x/2qc0) */
- CHECK_MPI_OK( mp_div(&t, &c0_2, &t, NULL) );
- /*
+ CHECK_MPI_OK(mp_div(&t, &c0_2, &t, NULL));
+ /*
** step 11: if (2tqp0 +1 > 2**length), then t = ceiling(2**(length-1)/2qp0)
** step 12: t = 2tqp0 +1.
**
** step 23: if (2tc0 +1 > 2**length), then t = ceiling(2**(length-1)/2c0)
** step 24: t = 2tc0 +1.
*/
- CHECK_MPI_OK( mp_2expt(&two_length_minus_1, length-1) );
+ CHECK_MPI_OK(mp_2expt(&two_length_minus_1, length - 1));
step_23:
- CHECK_MPI_OK( mp_mul(&t, &c0_2, &c) ); /* c = t*2qc0 */
- CHECK_MPI_OK( mp_add_d(&c, (mp_digit)1, &c) ); /* c= 2tqc0 + 1*/
- if (mpl_significant_bits(&c) > length) { /* if c > 2**length */
- CHECK_MPI_OK( mp_sub_d(&c0_2, (mp_digit) 1, &t) ); /* t = 2qc0-1 */
- /* t = 2**(length-1) + 2qc0 -1 */
- CHECK_MPI_OK( mp_add(&two_length_minus_1,&t, &t) );
- /* t = floor((2**(length-1)+2qc0 -1)/2qco)
- * = ceil(2**(lenght-2)/2qc0) */
- CHECK_MPI_OK( mp_div(&t, &c0_2, &t, NULL) );
- CHECK_MPI_OK( mp_mul(&t, &c0_2, &c) );
- CHECK_MPI_OK( mp_add_d(&c, (mp_digit)1, &c) ); /* c= 2tqc0 + 1*/
+ CHECK_MPI_OK(mp_mul(&t, &c0_2, &c)); /* c = t*2qc0 */
+ CHECK_MPI_OK(mp_add_d(&c, (mp_digit)1, &c)); /* c= 2tqc0 + 1*/
+ if (mpl_significant_bits(&c) > length) { /* if c > 2**length */
+ CHECK_MPI_OK(mp_sub_d(&c0_2, (mp_digit)1, &t)); /* t = 2qc0-1 */
+ /* t = 2**(length-1) + 2qc0 -1 */
+ CHECK_MPI_OK(mp_add(&two_length_minus_1, &t, &t));
+ /* t = floor((2**(length-1)+2qc0 -1)/2qco)
+ * = ceil(2**(lenght-2)/2qc0) */
+ CHECK_MPI_OK(mp_div(&t, &c0_2, &t, NULL));
+ CHECK_MPI_OK(mp_mul(&t, &c0_2, &c));
+ CHECK_MPI_OK(mp_add_d(&c, (mp_digit)1, &c)); /* c= 2tqc0 + 1*/
}
/* Step 13/25 prime_gen_counter = prime_gen_counter + 1*/
(*prime_gen_counter)++;
@@ -638,51 +637,51 @@ step_23:
**
** Step 14/26 a=0
*/
- PORT_Memset(x, 0, sizeof(x)); /* use x for a */
+ PORT_Memset(x, 0, sizeof(x)); /* use x for a */
/*
** Step 15/27 for i = 0 to iterations do
** a = a + (HASH(prime_seed + i) * 2^(i*outlen))
**
** NOTE: we reuse the x array for 'a' initially.
*/
- for (i=0; i < iterations; i++) {
- /* MAX_ST_SEED_BITS is bigger than prime_seed should get to */
- CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, i,
- MAX_ST_SEED_BITS,&x[(iterations - i - 1)*hashlen]));
+ for (i = 0; i < iterations; i++) {
+ /* MAX_ST_SEED_BITS is bigger than prime_seed should get to */
+ CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, i,
+ MAX_ST_SEED_BITS, &x[(iterations - i - 1) * hashlen]));
}
/* Step 16/28 prime_seed = prime_seed + iterations + 1 */
- CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS,
- prime_seed));
+ CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS,
+ prime_seed));
/* Step 17/29 a = 2 + (a mod (c-3)). */
- CHECK_MPI_OK( mp_read_unsigned_octets(&a, x, iterations*hashlen) );
- CHECK_MPI_OK( mp_sub_d(&c, (mp_digit) 3, &z) ); /* z = c -3 */
- CHECK_MPI_OK( mp_mod(&a, &z, &a) ); /* a = a mod c -3 */
- CHECK_MPI_OK( mp_add_d(&a, (mp_digit) 2, &a) ); /* a = 2 + a mod c -3 */
+ CHECK_MPI_OK(mp_read_unsigned_octets(&a, x, iterations * hashlen));
+ CHECK_MPI_OK(mp_sub_d(&c, (mp_digit)3, &z)); /* z = c -3 */
+ CHECK_MPI_OK(mp_mod(&a, &z, &a)); /* a = a mod c -3 */
+ CHECK_MPI_OK(mp_add_d(&a, (mp_digit)2, &a)); /* a = 2 + a mod c -3 */
/*
** Step 18 z = a**(2tq) mod p.
** Step 30 z = a**(2t) mod c.
*/
- CHECK_MPI_OK( mp_mul(&t, q, &z) ); /* z = tq */
- CHECK_MPI_OK( mp_add(&z, &z, &z) ); /* z = 2tq */
- CHECK_MPI_OK( mp_exptmod(&a, &z, &c, &z) ); /* z = a**(2tq) mod c */
+ CHECK_MPI_OK(mp_mul(&t, q, &z)); /* z = tq */
+ CHECK_MPI_OK(mp_add(&z, &z, &z)); /* z = 2tq */
+ CHECK_MPI_OK(mp_exptmod(&a, &z, &c, &z)); /* z = a**(2tq) mod c */
/*
- ** Step 19 if (( 1 == GCD(z-1,p)) and ( 1 == z**p0 mod p )), then
+ ** Step 19 if (( 1 == GCD(z-1,p)) and ( 1 == z**p0 mod p )), then
** Step 31 if (( 1 == GCD(z-1,c)) and ( 1 == z**c0 mod c )), then
*/
- CHECK_MPI_OK( mp_sub_d(&z, (mp_digit) 1, &a) );
- CHECK_MPI_OK( mp_gcd(&a,&c,&a ));
+ CHECK_MPI_OK(mp_sub_d(&z, (mp_digit)1, &a));
+ CHECK_MPI_OK(mp_gcd(&a, &c, &a));
if (mp_cmp_d(&a, (mp_digit)1) == 0) {
- CHECK_MPI_OK( mp_exptmod(&z, c0, &c, &a) );
- if (mp_cmp_d(&a, (mp_digit)1) == 0) {
- /* Step 31.1 prime = c */
- CHECK_MPI_OK( mp_copy(&c, prime) );
- /*
- ** Step 31.2 return Success, prime, prime_seed,
- ** prime_gen_counter
- */
- rv = SECSuccess;
- goto cleanup;
- }
+ CHECK_MPI_OK(mp_exptmod(&z, c0, &c, &a));
+ if (mp_cmp_d(&a, (mp_digit)1) == 0) {
+ /* Step 31.1 prime = c */
+ CHECK_MPI_OK(mp_copy(&c, prime));
+ /*
+ ** Step 31.2 return Success, prime, prime_seed,
+ ** prime_gen_counter
+ */
+ rv = SECSuccess;
+ goto cleanup;
+ }
}
/*
** Step 20/32 If (prime_gen_counter > 4 * length + old_counter then
@@ -690,16 +689,16 @@ step_23:
** NOTE: the test is reversed, so we fall through on failure to the
** cleanup routine
*/
- if (*prime_gen_counter < (4*length + old_counter)) {
- /* Step 21/33 t = t + 1 */
- CHECK_MPI_OK( mp_add_d(&t, (mp_digit) 1, &t) );
- /* Step 22/34 Go to step 23/11 */
- goto step_23;
+ if (*prime_gen_counter < (4 * length + old_counter)) {
+ /* Step 21/33 t = t + 1 */
+ CHECK_MPI_OK(mp_add_d(&t, (mp_digit)1, &t));
+ /* Step 22/34 Go to step 23/11 */
+ goto step_23;
}
/* if (prime_gencont > (4*length + old_counter), fall through to failure */
rv = SECFailure; /* really is already set, but paranoia is good */
-
+
cleanup:
mp_clear(&c);
mp_clear(&c0_2);
@@ -709,15 +708,15 @@ cleanup:
mp_clear(&two_length_minus_1);
PORT_Memset(x, 0, sizeof(x));
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv == SECFailure) {
- mp_zero(prime);
- if (prime_seed->data) {
- SECITEM_FreeItem(prime_seed, PR_FALSE);
- }
- *prime_gen_counter = 0;
+ mp_zero(prime);
+ if (prime_seed->data) {
+ SECITEM_FreeItem(prime_seed, PR_FALSE);
+ }
+ *prime_gen_counter = 0;
}
return rv;
}
@@ -729,22 +728,22 @@ cleanup:
*/
static SECStatus
makePrimefromSeedShaweTaylor(
- HASH_HashType hashtype, /* selected Hashing algorithm */
- unsigned int length, /* input. Length of prime in bits. */
-const SECItem * input_seed, /* input. */
- mp_int * prime, /* output. */
- SECItem * prime_seed, /* output. */
- unsigned int *prime_gen_counter) /* output. */
+ HASH_HashType hashtype, /* selected Hashing algorithm */
+ unsigned int length, /* input. Length of prime in bits. */
+ const SECItem *input_seed, /* input. */
+ mp_int *prime, /* output. */
+ SECItem *prime_seed, /* output. */
+ unsigned int *prime_gen_counter) /* output. */
{
mp_int c;
mp_int c0;
mp_int one;
SECStatus rv = SECFailure;
int hashlen = HASH_ResultLen(hashtype);
- int outlen = hashlen*PR_BITS_PER_BYTE;
+ int outlen = hashlen * PR_BITS_PER_BYTE;
int offset;
unsigned char bit, mask;
- unsigned char x[HASH_LENGTH_MAX*2];
+ unsigned char x[HASH_LENGTH_MAX * 2];
mp_digit dummy;
mp_err err = MP_OKAY;
int i;
@@ -752,33 +751,33 @@ const SECItem * input_seed, /* input. */
MP_DIGITS(&c) = 0;
MP_DIGITS(&c0) = 0;
MP_DIGITS(&one) = 0;
- CHECK_MPI_OK( mp_init(&c) );
- CHECK_MPI_OK( mp_init(&c0) );
- CHECK_MPI_OK( mp_init(&one) );
+ CHECK_MPI_OK(mp_init(&c));
+ CHECK_MPI_OK(mp_init(&c0));
+ CHECK_MPI_OK(mp_init(&one));
/* Step 1. if length < 2 then return (FAILURE, 0, 0, 0) */
if (length < 2) {
- rv = SECFailure;
- goto cleanup;
+ rv = SECFailure;
+ goto cleanup;
}
/* Step 2. if length >= 33 then goto step 14 */
if (length >= 33) {
- mp_zero(&one);
- CHECK_MPI_OK( mp_add_d(&one, (mp_digit) 1, &one) );
-
- /* Step 14 (status, c0, prime_seed, prime_gen_counter) =
- ** (ST_Random_Prime((ceil(length/2)+1, input_seed)
- */
- rv = makePrimefromSeedShaweTaylor(hashtype, (length+1)/2+1,
- input_seed, &c0, prime_seed, prime_gen_counter);
- /* Step 15 if FAILURE is returned, return (FAILURE, 0, 0, 0). */
- if (rv != SECSuccess) {
- goto cleanup;
- }
- /* Steps 16-34 */
- rv = makePrimefromPrimesShaweTaylor(hashtype,length, &c0, &one,
- prime, prime_seed, prime_gen_counter);
- goto cleanup; /* we're done, one way or the other */
+ mp_zero(&one);
+ CHECK_MPI_OK(mp_add_d(&one, (mp_digit)1, &one));
+
+ /* Step 14 (status, c0, prime_seed, prime_gen_counter) =
+ ** (ST_Random_Prime((ceil(length/2)+1, input_seed)
+ */
+ rv = makePrimefromSeedShaweTaylor(hashtype, (length + 1) / 2 + 1,
+ input_seed, &c0, prime_seed, prime_gen_counter);
+ /* Step 15 if FAILURE is returned, return (FAILURE, 0, 0, 0). */
+ if (rv != SECSuccess) {
+ goto cleanup;
+ }
+ /* Steps 16-34 */
+ rv = makePrimefromPrimesShaweTaylor(hashtype, length, &c0, &one,
+ prime, prime_seed, prime_gen_counter);
+ goto cleanup; /* we're done, one way or the other */
}
/* Step 3 prime_seed = input_seed */
CHECK_SEC_OK(SECITEM_CopyItem(NULL, prime_seed, input_seed));
@@ -787,11 +786,11 @@ const SECItem * input_seed, /* input. */
step_5:
/* Step 5 c = Hash(prime_seed) xor Hash(prime_seed+1). */
- CHECK_SEC_OK(HASH_HashBuf(hashtype, x, prime_seed->data, prime_seed->len) );
- CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, 1,
- MAX_ST_SEED_BITS, &x[hashlen]) );
- for (i=0; i < hashlen; i++) {
- x[i] = x[i] ^ x[i+hashlen];
+ CHECK_SEC_OK(HASH_HashBuf(hashtype, x, prime_seed->data, prime_seed->len));
+ CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, 1,
+ MAX_ST_SEED_BITS, &x[hashlen]));
+ for (i = 0; i < hashlen; i++) {
+ x[i] = x[i] ^ x[i + hashlen];
}
/* Step 6 c = 2**length-1 + c mod 2**length-1 */
/* This step mathematically sets the high bit and clears out
@@ -802,19 +801,19 @@ step_5:
** length at this point is 32 bits. So first we find the offset in bytes
** into the array where the high bit is.
*/
- offset = (outlen - length)/PR_BITS_PER_BYTE;
- /* now we want to set the 'high bit'. We have to calculate this since
+ offset = (outlen - length) / PR_BITS_PER_BYTE;
+ /* now we want to set the 'high bit'. We have to calculate this since
* length may not be a multiple of 8.*/
- bit = 1 << ((length-1) & 0x7); /* select the proper bit in the byte */
+ bit = 1 << ((length - 1) & 0x7); /* select the proper bit in the byte */
/* we need to zero out the rest of the bits in the byte above */
- mask = (bit-1);
+ mask = (bit - 1);
/* now we set it */
x[offset] = (mask & x[offset]) | bit;
/* Step 7 c = c*floor(c/2) + 1 */
/* set the low bit. much easier to find (the end of the array) */
- x[hashlen-1] |= 1;
+ x[hashlen - 1] |= 1;
/* now that we've set our bits, we can create our candidate "c" */
- CHECK_MPI_OK( mp_read_unsigned_octets(&c, &x[offset], hashlen-offset) );
+ CHECK_MPI_OK(mp_read_unsigned_octets(&c, &x[offset], hashlen - offset));
/* Step 8 prime_gen_counter = prime_gen_counter + 1 */
(*prime_gen_counter)++;
/* Step 9 prime_seed = prime_seed + 2 */
@@ -826,156 +825,153 @@ step_5:
** We in fact test with trial division. mpi has a built int trial divider
** that divides all divisors up to 2^16.
*/
- if (prime_tab[prime_tab_size-1] < 0xFFF1) {
- /* we aren't testing all the primes between 0 and 2^16, we really
- * can't use this construction. Just fail. */
- rv = SECFailure;
- goto cleanup;
+ if (prime_tab[prime_tab_size - 1] < 0xFFF1) {
+ /* we aren't testing all the primes between 0 and 2^16, we really
+ * can't use this construction. Just fail. */
+ rv = SECFailure;
+ goto cleanup;
}
dummy = prime_tab_size;
err = mpp_divis_primes(&c, &dummy);
/* Step 11 if c is prime then */
if (err == MP_NO) {
- /* Step 11.1 prime = c */
- CHECK_MPI_OK( mp_copy(&c, prime) );
- /* Step 11.2 return SUCCESS prime, prime_seed, prime_gen_counter */
- err = MP_OKAY;
- rv = SECSuccess;
- goto cleanup;
+ /* Step 11.1 prime = c */
+ CHECK_MPI_OK(mp_copy(&c, prime));
+ /* Step 11.2 return SUCCESS prime, prime_seed, prime_gen_counter */
+ err = MP_OKAY;
+ rv = SECSuccess;
+ goto cleanup;
} else if (err != MP_YES) {
- goto cleanup; /* function failed, bail out */
+ goto cleanup; /* function failed, bail out */
} else {
- /* reset mp_err */
- err = MP_OKAY;
+ /* reset mp_err */
+ err = MP_OKAY;
}
/*
- ** Step 12 if (prime_gen_counter > (4*len))
- ** then return (FAILURE, 0, 0, 0))
+ ** Step 12 if (prime_gen_counter > (4*len))
+ ** then return (FAILURE, 0, 0, 0))
** Step 13 goto step 5
*/
- if (*prime_gen_counter <= (4*length)) {
- goto step_5;
+ if (*prime_gen_counter <= (4 * length)) {
+ goto step_5;
}
/* if (prime_gencont > 4*length), fall through to failure */
rv = SECFailure; /* really is already set, but paranoia is good */
-
+
cleanup:
mp_clear(&c);
mp_clear(&c0);
mp_clear(&one);
PORT_Memset(x, 0, sizeof(x));
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv == SECFailure) {
- mp_zero(prime);
- if (prime_seed->data) {
- SECITEM_FreeItem(prime_seed, PR_FALSE);
- }
- *prime_gen_counter = 0;
+ mp_zero(prime);
+ if (prime_seed->data) {
+ SECITEM_FreeItem(prime_seed, PR_FALSE);
+ }
+ *prime_gen_counter = 0;
}
return rv;
}
-
/*
* Find a Q and algorithm from Seed.
*/
static SECStatus
findQfromSeed(
- unsigned int L, /* input. Length of p in bits. */
- unsigned int N, /* input. Length of q in bits. */
- unsigned int g, /* input. Length of seed in bits. */
-const SECItem * seed, /* input. */
- mp_int * Q, /* input. */
- mp_int * Q_, /* output. */
- unsigned int *qseed_len, /* output */
- HASH_HashType *hashtypePtr, /* output. Hash uses */
- pqgGenType *typePtr) /* output. Generation Type used */
+ unsigned int L, /* input. Length of p in bits. */
+ unsigned int N, /* input. Length of q in bits. */
+ unsigned int g, /* input. Length of seed in bits. */
+ const SECItem *seed, /* input. */
+ mp_int *Q, /* input. */
+ mp_int *Q_, /* output. */
+ unsigned int *qseed_len, /* output */
+ HASH_HashType *hashtypePtr, /* output. Hash uses */
+ pqgGenType *typePtr) /* output. Generation Type used */
{
HASH_HashType hashtype;
- SECItem firstseed = { 0, 0, 0 };
- SECItem qseed = { 0, 0, 0 };
+ SECItem firstseed = { 0, 0, 0 };
+ SECItem qseed = { 0, 0, 0 };
SECStatus rv;
*qseed_len = 0; /* only set if FIPS186_3_ST_TYPE */
/* handle legacy small DSA first can only be FIPS186_1_TYPE */
if (L < 1024) {
- rv =makeQfromSeed(g,seed,Q_);
- if ((rv == SECSuccess) && (mp_cmp(Q,Q_) == 0)) {
- *hashtypePtr = HASH_AlgSHA1;
- *typePtr = FIPS186_1_TYPE;
- return SECSuccess;
- }
- return SECFailure;
- }
- /* 1024 could use FIPS186_1 or FIPS186_3 algorithms, we need to try
+ rv = makeQfromSeed(g, seed, Q_);
+ if ((rv == SECSuccess) && (mp_cmp(Q, Q_) == 0)) {
+ *hashtypePtr = HASH_AlgSHA1;
+ *typePtr = FIPS186_1_TYPE;
+ return SECSuccess;
+ }
+ return SECFailure;
+ }
+ /* 1024 could use FIPS186_1 or FIPS186_3 algorithms, we need to try
* them both */
if (L == 1024) {
- rv = makeQfromSeed(g,seed,Q_);
- if (rv == SECSuccess) {
- if (mp_cmp(Q,Q_) == 0) {
- *hashtypePtr = HASH_AlgSHA1;
- *typePtr = FIPS186_1_TYPE;
- return SECSuccess;
- }
- }
- /* fall through for FIPS186_3 types */
+ rv = makeQfromSeed(g, seed, Q_);
+ if (rv == SECSuccess) {
+ if (mp_cmp(Q, Q_) == 0) {
+ *hashtypePtr = HASH_AlgSHA1;
+ *typePtr = FIPS186_1_TYPE;
+ return SECSuccess;
+ }
+ }
+ /* fall through for FIPS186_3 types */
}
/* at this point we know we aren't using FIPS186_1, start trying FIPS186_3
* with appropriate hash types */
- for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL;
- hashtype=getNextHash(hashtype)) {
- rv = makeQ2fromSeed(hashtype, N, seed, Q_);
- if (rv != SECSuccess) {
- continue;
- }
- if (mp_cmp(Q,Q_) == 0) {
- *hashtypePtr = hashtype;
- *typePtr = FIPS186_3_TYPE;
- return SECSuccess;
- }
+ for (hashtype = getFirstHash(L, N); hashtype != HASH_AlgTOTAL;
+ hashtype = getNextHash(hashtype)) {
+ rv = makeQ2fromSeed(hashtype, N, seed, Q_);
+ if (rv != SECSuccess) {
+ continue;
+ }
+ if (mp_cmp(Q, Q_) == 0) {
+ *hashtypePtr = hashtype;
+ *typePtr = FIPS186_3_TYPE;
+ return SECSuccess;
+ }
}
/*
- * OK finally try FIPS186_3 Shawe-Taylor
+ * OK finally try FIPS186_3 Shawe-Taylor
*/
firstseed = *seed;
- firstseed.len = seed->len/3;
- for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL;
- hashtype=getNextHash(hashtype)) {
- unsigned int count;
-
- rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_,
- &qseed, &count);
- if (rv != SECSuccess) {
- continue;
- }
- if (mp_cmp(Q,Q_) == 0) {
- /* check qseed as well... */
- int offset = seed->len - qseed.len;
- if ((offset < 0) ||
- (PORT_Memcmp(&seed->data[offset],qseed.data,qseed.len) != 0)) {
- /* we found q, but the seeds don't match. This isn't an
- * accident, someone has been tweeking with the seeds, just
- * fail a this point. */
- SECITEM_FreeItem(&qseed,PR_FALSE);
- return SECFailure;
- }
- *qseed_len = qseed.len;
- *hashtypePtr = hashtype;
- *typePtr = FIPS186_3_ST_TYPE;
- SECITEM_FreeItem(&qseed, PR_FALSE);
- return SECSuccess;
- }
- SECITEM_FreeItem(&qseed, PR_FALSE);
+ firstseed.len = seed->len / 3;
+ for (hashtype = getFirstHash(L, N); hashtype != HASH_AlgTOTAL;
+ hashtype = getNextHash(hashtype)) {
+ unsigned int count;
+
+ rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_,
+ &qseed, &count);
+ if (rv != SECSuccess) {
+ continue;
+ }
+ if (mp_cmp(Q, Q_) == 0) {
+ /* check qseed as well... */
+ int offset = seed->len - qseed.len;
+ if ((offset < 0) ||
+ (PORT_Memcmp(&seed->data[offset], qseed.data, qseed.len) != 0)) {
+ /* we found q, but the seeds don't match. This isn't an
+ * accident, someone has been tweeking with the seeds, just
+ * fail a this point. */
+ SECITEM_FreeItem(&qseed, PR_FALSE);
+ return SECFailure;
+ }
+ *qseed_len = qseed.len;
+ *hashtypePtr = hashtype;
+ *typePtr = FIPS186_3_ST_TYPE;
+ SECITEM_FreeItem(&qseed, PR_FALSE);
+ return SECSuccess;
+ }
+ SECITEM_FreeItem(&qseed, PR_FALSE);
}
/* no hash algorithms found which match seed to Q, fail */
return SECFailure;
}
-
-
/*
** Perform steps 7, 8 and 9 of FIPS 186, appendix 2.2.
@@ -984,40 +980,40 @@ const SECItem * seed, /* input. */
*/
static SECStatus
makePfromQandSeed(
- HASH_HashType hashtype, /* selected Hashing algorithm */
- unsigned int L, /* Length of P in bits. Per FIPS 186. */
- unsigned int N, /* Length of Q in bits. Per FIPS 186. */
- unsigned int offset, /* Per FIPS 186, App 2.2. & 186-3 App A.1.1.2 */
- unsigned int seedlen, /* input. Length of seed in bits. (g in 186-1)*/
-const SECItem * seed, /* input. */
-const mp_int * Q, /* input. */
- mp_int * P) /* output. */
+ HASH_HashType hashtype, /* selected Hashing algorithm */
+ unsigned int L, /* Length of P in bits. Per FIPS 186. */
+ unsigned int N, /* Length of Q in bits. Per FIPS 186. */
+ unsigned int offset, /* Per FIPS 186, App 2.2. & 186-3 App A.1.1.2 */
+ unsigned int seedlen, /* input. Length of seed in bits. (g in 186-1)*/
+ const SECItem *seed, /* input. */
+ const mp_int *Q, /* input. */
+ mp_int *P) /* output. */
{
- unsigned int j; /* Per FIPS 186-3 App. A.1.1.2 (k in 186-1)*/
- unsigned int n; /* Per FIPS 186, appendix 2.2. */
- mp_digit b; /* Per FIPS 186, appendix 2.2. */
- unsigned int outlen; /* Per FIPS 186-3 App. A.1.1.2 */
- unsigned int hashlen; /* outlen in bytes */
+ unsigned int j; /* Per FIPS 186-3 App. A.1.1.2 (k in 186-1)*/
+ unsigned int n; /* Per FIPS 186, appendix 2.2. */
+ mp_digit b; /* Per FIPS 186, appendix 2.2. */
+ unsigned int outlen; /* Per FIPS 186-3 App. A.1.1.2 */
+ unsigned int hashlen; /* outlen in bytes */
unsigned char V_j[HASH_LENGTH_MAX];
- mp_int W, X, c, twoQ, V_n, tmp;
- mp_err err = MP_OKAY;
- SECStatus rv = SECSuccess;
+ mp_int W, X, c, twoQ, V_n, tmp;
+ mp_err err = MP_OKAY;
+ SECStatus rv = SECSuccess;
/* Initialize bignums */
- MP_DIGITS(&W) = 0;
- MP_DIGITS(&X) = 0;
- MP_DIGITS(&c) = 0;
- MP_DIGITS(&twoQ) = 0;
- MP_DIGITS(&V_n) = 0;
- MP_DIGITS(&tmp) = 0;
- CHECK_MPI_OK( mp_init(&W) );
- CHECK_MPI_OK( mp_init(&X) );
- CHECK_MPI_OK( mp_init(&c) );
- CHECK_MPI_OK( mp_init(&twoQ) );
- CHECK_MPI_OK( mp_init(&tmp) );
- CHECK_MPI_OK( mp_init(&V_n) );
+ MP_DIGITS(&W) = 0;
+ MP_DIGITS(&X) = 0;
+ MP_DIGITS(&c) = 0;
+ MP_DIGITS(&twoQ) = 0;
+ MP_DIGITS(&V_n) = 0;
+ MP_DIGITS(&tmp) = 0;
+ CHECK_MPI_OK(mp_init(&W));
+ CHECK_MPI_OK(mp_init(&X));
+ CHECK_MPI_OK(mp_init(&c));
+ CHECK_MPI_OK(mp_init(&twoQ));
+ CHECK_MPI_OK(mp_init(&tmp));
+ CHECK_MPI_OK(mp_init(&V_n));
hashlen = HASH_ResultLen(hashtype);
- outlen = hashlen*PR_BITS_PER_BYTE;
+ outlen = hashlen * PR_BITS_PER_BYTE;
/* L - 1 = n*outlen + b */
n = (L - 1) / outlen;
@@ -1029,48 +1025,48 @@ const mp_int * Q, /* input. */
** V_j = SHA[(SEED + offset + j) mod 2**seedlen]."
**
** Step 11.2 (Step 8 in 186-1)
- ** "W = V_0 + (V_1 * 2**outlen) + ... + (V_n-1 * 2**((n-1)*outlen))
+ ** "W = V_0 + (V_1 * 2**outlen) + ... + (V_n-1 * 2**((n-1)*outlen))
** + ((V_n mod 2**b) * 2**(n*outlen))
*/
- for (j=0; j<n; ++j) { /* Do the first n terms of V_j */
- /* Do step 11.1 for iteration j.
- ** V_j = HASH[(seed + offset + j) mod 2**g]
- */
- CHECK_SEC_OK( addToSeedThenHash(hashtype,seed,offset+j, seedlen, V_j) );
- /* Do step 11.2 for iteration j.
- ** W += V_j * 2**(j*outlen)
- */
- OCTETS_TO_MPINT(V_j, &tmp, hashlen); /* get bignum V_j */
- CHECK_MPI_OK( mpl_lsh(&tmp, &tmp, j*outlen) );/* tmp=V_j << j*outlen */
- CHECK_MPI_OK( mp_add(&W, &tmp, &W) ); /* W += tmp */
+ for (j = 0; j < n; ++j) { /* Do the first n terms of V_j */
+ /* Do step 11.1 for iteration j.
+ ** V_j = HASH[(seed + offset + j) mod 2**g]
+ */
+ CHECK_SEC_OK(addToSeedThenHash(hashtype, seed, offset + j, seedlen, V_j));
+ /* Do step 11.2 for iteration j.
+ ** W += V_j * 2**(j*outlen)
+ */
+ OCTETS_TO_MPINT(V_j, &tmp, hashlen); /* get bignum V_j */
+ CHECK_MPI_OK(mpl_lsh(&tmp, &tmp, j * outlen)); /* tmp=V_j << j*outlen */
+ CHECK_MPI_OK(mp_add(&W, &tmp, &W)); /* W += tmp */
}
/* Step 11.2, continued.
- ** [W += ((V_n mod 2**b) * 2**(n*outlen))]
+ ** [W += ((V_n mod 2**b) * 2**(n*outlen))]
*/
- CHECK_SEC_OK( addToSeedThenHash(hashtype, seed, offset + n, seedlen, V_j) );
- OCTETS_TO_MPINT(V_j, &V_n, hashlen); /* get bignum V_n */
- CHECK_MPI_OK( mp_div_2d(&V_n, b, NULL, &tmp) ); /* tmp = V_n mod 2**b */
- CHECK_MPI_OK( mpl_lsh(&tmp, &tmp, n*outlen) ); /* tmp = tmp << n*outlen */
- CHECK_MPI_OK( mp_add(&W, &tmp, &W) ); /* W += tmp */
- /* Step 11.3, (Step 8 in 186-1)
+ CHECK_SEC_OK(addToSeedThenHash(hashtype, seed, offset + n, seedlen, V_j));
+ OCTETS_TO_MPINT(V_j, &V_n, hashlen); /* get bignum V_n */
+ CHECK_MPI_OK(mp_div_2d(&V_n, b, NULL, &tmp)); /* tmp = V_n mod 2**b */
+ CHECK_MPI_OK(mpl_lsh(&tmp, &tmp, n * outlen)); /* tmp = tmp << n*outlen */
+ CHECK_MPI_OK(mp_add(&W, &tmp, &W)); /* W += tmp */
+ /* Step 11.3, (Step 8 in 186-1)
** "X = W + 2**(L-1).
** Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L."
*/
- CHECK_MPI_OK( mpl_set_bit(&X, (mp_size)(L-1), 1) ); /* X = 2**(L-1) */
- CHECK_MPI_OK( mp_add(&X, &W, &X) ); /* X += W */
+ CHECK_MPI_OK(mpl_set_bit(&X, (mp_size)(L - 1), 1)); /* X = 2**(L-1) */
+ CHECK_MPI_OK(mp_add(&X, &W, &X)); /* X += W */
/*************************************************************
** Step 11.4. (Step 9 in 186-1)
** "c = X mod 2q"
*/
- CHECK_MPI_OK( mp_mul_2(Q, &twoQ) ); /* 2q */
- CHECK_MPI_OK( mp_mod(&X, &twoQ, &c) ); /* c = X mod 2q */
+ CHECK_MPI_OK(mp_mul_2(Q, &twoQ)); /* 2q */
+ CHECK_MPI_OK(mp_mod(&X, &twoQ, &c)); /* c = X mod 2q */
/*************************************************************
** Step 11.5. (Step 9 in 186-1)
** "p = X - (c - 1).
** Note that p is congruent to 1 mod 2q."
*/
- CHECK_MPI_OK( mp_sub_d(&c, 1, &c) ); /* c -= 1 */
- CHECK_MPI_OK( mp_sub(&X, &c, P) ); /* P = X - c */
+ CHECK_MPI_OK(mp_sub_d(&c, 1, &c)); /* c -= 1 */
+ CHECK_MPI_OK(mp_sub(&X, &c, P)); /* P = X - c */
cleanup:
mp_clear(&W);
mp_clear(&X);
@@ -1079,8 +1075,8 @@ cleanup:
mp_clear(&V_n);
mp_clear(&tmp);
if (err) {
- MP_TO_SEC_ERROR(err);
- return SECFailure;
+ MP_TO_SEC_ERROR(err);
+ return SECFailure;
}
return rv;
}
@@ -1089,11 +1085,11 @@ cleanup:
** Generate G from h, P, and Q.
*/
static SECStatus
-makeGfromH(const mp_int *P, /* input. */
- const mp_int *Q, /* input. */
- mp_int *H, /* input and output. */
- mp_int *G, /* output. */
- PRBool *passed)
+makeGfromH(const mp_int *P, /* input. */
+ const mp_int *Q, /* input. */
+ mp_int *H, /* input and output. */
+ mp_int *G, /* output. */
+ PRBool *passed)
{
mp_int exp, pm1;
mp_err err = MP_OKAY;
@@ -1101,35 +1097,35 @@ makeGfromH(const mp_int *P, /* input. */
*passed = PR_FALSE;
MP_DIGITS(&exp) = 0;
MP_DIGITS(&pm1) = 0;
- CHECK_MPI_OK( mp_init(&exp) );
- CHECK_MPI_OK( mp_init(&pm1) );
- CHECK_MPI_OK( mp_sub_d(P, 1, &pm1) ); /* P - 1 */
- if ( mp_cmp(H, &pm1) >= 0) /* H >= P-1 */
- CHECK_MPI_OK( mp_sub(H, &pm1, H) ); /* H = H mod (P-1) */
+ CHECK_MPI_OK(mp_init(&exp));
+ CHECK_MPI_OK(mp_init(&pm1));
+ CHECK_MPI_OK(mp_sub_d(P, 1, &pm1)); /* P - 1 */
+ if (mp_cmp(H, &pm1) >= 0) /* H >= P-1 */
+ CHECK_MPI_OK(mp_sub(H, &pm1, H)); /* H = H mod (P-1) */
/* Let b = 2**n (smallest power of 2 greater than P).
** Since P-1 >= b/2, and H < b, quotient(H/(P-1)) = 0 or 1
** so the above operation safely computes H mod (P-1)
*/
/* Check for H = to 0 or 1. Regen H if so. (Regen means return error). */
if (mp_cmp_d(H, 1) <= 0) {
- rv = SECFailure;
- goto cleanup;
+ rv = SECFailure;
+ goto cleanup;
}
/* Compute G, according to the equation G = (H ** ((P-1)/Q)) mod P */
- CHECK_MPI_OK( mp_div(&pm1, Q, &exp, NULL) ); /* exp = (P-1)/Q */
- CHECK_MPI_OK( mp_exptmod(H, &exp, P, G) ); /* G = H ** exp mod P */
+ CHECK_MPI_OK(mp_div(&pm1, Q, &exp, NULL)); /* exp = (P-1)/Q */
+ CHECK_MPI_OK(mp_exptmod(H, &exp, P, G)); /* G = H ** exp mod P */
/* Check for G == 0 or G == 1, return error if so. */
if (mp_cmp_d(G, 1) <= 0) {
- rv = SECFailure;
- goto cleanup;
+ rv = SECFailure;
+ goto cleanup;
}
*passed = PR_TRUE;
cleanup:
mp_clear(&exp);
mp_clear(&pm1);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -1139,11 +1135,11 @@ cleanup:
*/
static SECStatus
makeGfromIndex(HASH_HashType hashtype,
- const mp_int *P, /* input. */
- const mp_int *Q, /* input. */
- const SECItem *seed, /* input. */
- unsigned char index, /* input. */
- mp_int *G) /* input/output */
+ const mp_int *P, /* input. */
+ const mp_int *Q, /* input. */
+ const SECItem *seed, /* input. */
+ unsigned char index, /* input. */
+ mp_int *G) /* input/output */
{
mp_int e, pm1, W;
unsigned int count;
@@ -1157,72 +1153,72 @@ makeGfromIndex(HASH_HashType hashtype,
MP_DIGITS(&e) = 0;
MP_DIGITS(&pm1) = 0;
MP_DIGITS(&W) = 0;
- CHECK_MPI_OK( mp_init(&e) );
- CHECK_MPI_OK( mp_init(&pm1) );
- CHECK_MPI_OK( mp_init(&W) );
+ CHECK_MPI_OK(mp_init(&e));
+ CHECK_MPI_OK(mp_init(&pm1));
+ CHECK_MPI_OK(mp_init(&W));
/* initialize our hash stuff */
hashobj = HASH_GetRawHashObject(hashtype);
if (hashobj == NULL) {
- /* shouldn't happen */
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- rv = SECFailure;
- goto cleanup;
+ /* shouldn't happen */
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ rv = SECFailure;
+ goto cleanup;
}
hashcx = hashobj->create();
if (hashcx == NULL) {
- rv = SECFailure;
- goto cleanup;
+ rv = SECFailure;
+ goto cleanup;
}
- CHECK_MPI_OK( mp_sub_d(P, 1, &pm1) ); /* P - 1 */
+ CHECK_MPI_OK(mp_sub_d(P, 1, &pm1)); /* P - 1 */
/* Step 3 e = (p-1)/q */
- CHECK_MPI_OK( mp_div(&pm1, Q, &e, NULL) ); /* e = (P-1)/Q */
- /* Steps 4, 5, and 6 */
- /* count is a 16 bit value in the spec. We actually represent count
+ CHECK_MPI_OK(mp_div(&pm1, Q, &e, NULL)); /* e = (P-1)/Q */
+/* Steps 4, 5, and 6 */
+/* count is a 16 bit value in the spec. We actually represent count
* as more than 16 bits so we can easily detect the 16 bit overflow */
#define MAX_COUNT 0x10000
for (count = 1; count < MAX_COUNT; count++) {
- /* step 7
- * U = domain_param_seed || "ggen" || index || count
- * step 8
- * W = HASH(U)
- */
- hashobj->begin(hashcx);
- hashobj->update(hashcx,seed->data,seed->len);
- hashobj->update(hashcx, (unsigned char *)"ggen", 4);
- hashobj->update(hashcx,&index, 1);
- data[0] = (count >> 8) & 0xff;
- data[1] = count & 0xff;
- hashobj->update(hashcx, data, 2);
- hashobj->end(hashcx, data, &len, sizeof(data));
- OCTETS_TO_MPINT(data, &W, len);
- /* step 9. g = W**e mod p */
- CHECK_MPI_OK( mp_exptmod(&W, &e, P, G) );
- /* step 10. if (g < 2) then goto step 5 */
- /* NOTE: this weird construct is to keep the flow according to the spec.
- * the continue puts us back to step 5 of the for loop */
- if (mp_cmp_d(G, 2) < 0) {
- continue;
- }
- break; /* step 11 follows step 10 if the test condition is false */
- }
- if (count >= MAX_COUNT) {
- rv = SECFailure; /* last part of step 6 */
- }
- /* step 11.
+ /* step 7
+ * U = domain_param_seed || "ggen" || index || count
+ * step 8
+ * W = HASH(U)
+ */
+ hashobj->begin(hashcx);
+ hashobj->update(hashcx, seed->data, seed->len);
+ hashobj->update(hashcx, (unsigned char *)"ggen", 4);
+ hashobj->update(hashcx, &index, 1);
+ data[0] = (count >> 8) & 0xff;
+ data[1] = count & 0xff;
+ hashobj->update(hashcx, data, 2);
+ hashobj->end(hashcx, data, &len, sizeof(data));
+ OCTETS_TO_MPINT(data, &W, len);
+ /* step 9. g = W**e mod p */
+ CHECK_MPI_OK(mp_exptmod(&W, &e, P, G));
+ /* step 10. if (g < 2) then goto step 5 */
+ /* NOTE: this weird construct is to keep the flow according to the spec.
+ * the continue puts us back to step 5 of the for loop */
+ if (mp_cmp_d(G, 2) < 0) {
+ continue;
+ }
+ break; /* step 11 follows step 10 if the test condition is false */
+ }
+ if (count >= MAX_COUNT) {
+ rv = SECFailure; /* last part of step 6 */
+ }
+/* step 11.
* return valid G */
cleanup:
PORT_Memset(data, 0, sizeof(data));
if (hashcx) {
- hashobj->destroy(hashcx, PR_TRUE);
+ hashobj->destroy(hashcx, PR_TRUE);
}
mp_clear(&e);
mp_clear(&pm1);
mp_clear(&W);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -1234,35 +1230,34 @@ cleanup:
**/
static SECStatus
pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
- unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
+ unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
{
- unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
- unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/
- unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
- unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
- unsigned int outlen; /* Per FIPS 186-3, appendix A.1.1.2. */
- unsigned int maxCount;
+ unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+ unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/
+ unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+ unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+ unsigned int outlen; /* Per FIPS 186-3, appendix A.1.1.2. */
+ unsigned int maxCount;
HASH_HashType hashtype;
- SECItem *seed; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
- PLArenaPool *arena = NULL;
- PQGParams *params = NULL;
- PQGVerify *verify = NULL;
+ SECItem *seed; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+ PLArenaPool *arena = NULL;
+ PQGParams *params = NULL;
+ PQGVerify *verify = NULL;
PRBool passed;
SECItem hit = { 0, 0, 0 };
SECItem firstseed = { 0, 0, 0 };
SECItem qseed = { 0, 0, 0 };
SECItem pseed = { 0, 0, 0 };
mp_int P, Q, G, H, l, p0;
- mp_err err = MP_OKAY;
- SECStatus rv = SECFailure;
+ mp_err err = MP_OKAY;
+ SECStatus rv = SECFailure;
int iterations = 0;
-
/* Step 1. L and N already checked by caller*/
/* Step 2. if (seedlen < N) return INVALID; */
- if (seedBytes < N/PR_BITS_PER_BYTE || !pParams || !pVfy) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ if (seedBytes < N / PR_BITS_PER_BYTE || !pParams || !pVfy) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* Initialize bignums */
@@ -1272,60 +1267,60 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
MP_DIGITS(&H) = 0;
MP_DIGITS(&l) = 0;
MP_DIGITS(&p0) = 0;
- CHECK_MPI_OK( mp_init(&P) );
- CHECK_MPI_OK( mp_init(&Q) );
- CHECK_MPI_OK( mp_init(&G) );
- CHECK_MPI_OK( mp_init(&H) );
- CHECK_MPI_OK( mp_init(&l) );
- CHECK_MPI_OK( mp_init(&p0) );
+ CHECK_MPI_OK(mp_init(&P));
+ CHECK_MPI_OK(mp_init(&Q));
+ CHECK_MPI_OK(mp_init(&G));
+ CHECK_MPI_OK(mp_init(&H));
+ CHECK_MPI_OK(mp_init(&l));
+ CHECK_MPI_OK(mp_init(&p0));
/* parameters have been passed in, only generate G */
if (*pParams != NULL) {
- /* we only support G index generation if generating separate from PQ */
- if ((*pVfy == NULL) || (type == FIPS186_1_TYPE) ||
- ((*pVfy)->h.len != 1) || ((*pVfy)->h.data == NULL) ||
- ((*pVfy)->seed.data == NULL) || ((*pVfy)->seed.len == 0)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- params = *pParams;
- verify = *pVfy;
-
- /* fill in P Q, */
- SECITEM_TO_MPINT((*pParams)->prime, &P);
- SECITEM_TO_MPINT((*pParams)->subPrime, &Q);
- hashtype = getFirstHash(L,N);
- CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &(*pVfy)->seed,
- (*pVfy)->h.data[0], &G) );
- MPINT_TO_SECITEM(&G, &(*pParams)->base, (*pParams)->arena);
- goto cleanup;
+ /* we only support G index generation if generating separate from PQ */
+ if ((*pVfy == NULL) || (type == FIPS186_1_TYPE) ||
+ ((*pVfy)->h.len != 1) || ((*pVfy)->h.data == NULL) ||
+ ((*pVfy)->seed.data == NULL) || ((*pVfy)->seed.len == 0)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ params = *pParams;
+ verify = *pVfy;
+
+ /* fill in P Q, */
+ SECITEM_TO_MPINT((*pParams)->prime, &P);
+ SECITEM_TO_MPINT((*pParams)->subPrime, &Q);
+ hashtype = getFirstHash(L, N);
+ CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &(*pVfy)->seed,
+ (*pVfy)->h.data[0], &G));
+ MPINT_TO_SECITEM(&G, &(*pParams)->base, (*pParams)->arena);
+ goto cleanup;
}
/* Initialize an arena for the params. */
arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
if (!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return SECFailure;
}
params = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
if (!params) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_FreeArena(arena, PR_TRUE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(arena, PR_TRUE);
+ return SECFailure;
}
params->arena = arena;
/* Initialize an arena for the verify. */
arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
if (!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_FreeArena(params->arena, PR_TRUE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(params->arena, PR_TRUE);
+ return SECFailure;
}
verify = (PQGVerify *)PORT_ArenaZAlloc(arena, sizeof(PQGVerify));
if (!verify) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_FreeArena(arena, PR_TRUE);
- PORT_FreeArena(params->arena, PR_TRUE);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(arena, PR_TRUE);
+ PORT_FreeArena(params->arena, PR_TRUE);
+ return SECFailure;
}
verify->arena = arena;
seed = &verify->seed;
@@ -1334,25 +1329,25 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
/* Select Hash and Compute lengths. */
/* getFirstHash gives us the smallest acceptable hash for this key
* strength */
- hashtype = getFirstHash(L,N);
- outlen = HASH_ResultLen(hashtype)*PR_BITS_PER_BYTE;
+ hashtype = getFirstHash(L, N);
+ outlen = HASH_ResultLen(hashtype) * PR_BITS_PER_BYTE;
/* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
- n = (L - 1) / outlen;
+ n = (L - 1) / outlen;
/* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */
- seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */
+ seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */
step_5:
/* ******************************************************************
** Step 5. (Step 1 in 186-1)
** "Choose an abitrary sequence of at least N bits and call it SEED.
** Let g be the length of SEED in bits."
*/
- if (++iterations > MAX_ITERATIONS) { /* give up after a while */
+ if (++iterations > MAX_ITERATIONS) { /* give up after a while */
PORT_SetError(SEC_ERROR_NEED_RANDOM);
goto cleanup;
}
seed->len = seedBytes;
- CHECK_SEC_OK( getPQseed(seed, verify->arena) );
+ CHECK_SEC_OK(getPQseed(seed, verify->arena));
/* ******************************************************************
** Step 6. (Step 2 in 186-1)
**
@@ -1360,7 +1355,7 @@ step_5:
** "Compute U = HASH[SEED] 2**(N-1). (186-3)"
**
** Step 7. (Step 3 in 186-1)
- ** "Form Q from U by setting the most signficant bit (the 2**159 bit)
+ ** "Form Q from U by setting the most signficant bit (the 2**159 bit)
** and the least signficant bit to 1. In terms of boolean operations,
** Q = U OR 2**159 OR 1. Note that 2**159 < Q < 2**160. (186-1)"
**
@@ -1369,46 +1364,46 @@ step_5:
** Note: Both formulations are the same for U < 2**(N-1) and N=160
**
** If using Shawe-Taylor, We do the entire A.1.2.1.2 setps in the block
- ** FIPS186_3_ST_TYPE.
+ ** FIPS186_3_ST_TYPE.
*/
if (type == FIPS186_1_TYPE) {
- CHECK_SEC_OK( makeQfromSeed(seedlen, seed, &Q) );
+ CHECK_SEC_OK(makeQfromSeed(seedlen, seed, &Q));
} else if (type == FIPS186_3_TYPE) {
- CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
+ CHECK_SEC_OK(makeQ2fromSeed(hashtype, N, seed, &Q));
} else {
- /* FIPS186_3_ST_TYPE */
- unsigned int qgen_counter, pgen_counter;
+ /* FIPS186_3_ST_TYPE */
+ unsigned int qgen_counter, pgen_counter;
/* Step 1 (L,N) already checked for acceptability */
- firstseed = *seed;
- qgen_counter = 0;
- /* Step 2. Use N and firstseed to generate random prime q
- * using Apendix C.6 */
- CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q,
- &qseed, &qgen_counter) );
- /* Step 3. Use floor(L/2+1) and qseed to generate random prime p0
- * using Appendix C.6 */
- pgen_counter = 0;
- CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, (L+1)/2+1,
- &qseed, &p0, &pseed, &pgen_counter) );
- /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
- CHECK_SEC_OK( makePrimefromPrimesShaweTaylor(hashtype, L,
- &p0, &Q, &P, &pseed, &pgen_counter) );
-
- /* combine all the seeds */
- seed->len = firstseed.len +qseed.len + pseed.len;
- seed->data = PORT_ArenaZAlloc(verify->arena, seed->len);
- if (seed->data == NULL) {
- goto cleanup;
- }
- PORT_Memcpy(seed->data, firstseed.data, firstseed.len);
- PORT_Memcpy(seed->data+firstseed.len, pseed.data, pseed.len);
- PORT_Memcpy(seed->data+firstseed.len+pseed.len, qseed.data, qseed.len);
- counter = 0 ; /* (qgen_counter << 16) | pgen_counter; */
-
- /* we've generated both P and Q now, skip to generating G */
- goto generate_G;
+ firstseed = *seed;
+ qgen_counter = 0;
+ /* Step 2. Use N and firstseed to generate random prime q
+ * using Apendix C.6 */
+ CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q,
+ &qseed, &qgen_counter));
+ /* Step 3. Use floor(L/2+1) and qseed to generate random prime p0
+ * using Appendix C.6 */
+ pgen_counter = 0;
+ CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, (L + 1) / 2 + 1,
+ &qseed, &p0, &pseed, &pgen_counter));
+ /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
+ CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L,
+ &p0, &Q, &P, &pseed, &pgen_counter));
+
+ /* combine all the seeds */
+ seed->len = firstseed.len + qseed.len + pseed.len;
+ seed->data = PORT_ArenaZAlloc(verify->arena, seed->len);
+ if (seed->data == NULL) {
+ goto cleanup;
+ }
+ PORT_Memcpy(seed->data, firstseed.data, firstseed.len);
+ PORT_Memcpy(seed->data + firstseed.len, pseed.data, pseed.len);
+ PORT_Memcpy(seed->data + firstseed.len + pseed.len, qseed.data, qseed.len);
+ counter = 0; /* (qgen_counter << 16) | pgen_counter; */
+
+ /* we've generated both P and Q now, skip to generating G */
+ goto generate_G;
}
/* ******************************************************************
** Step 8. (Step 4 in 186-1)
@@ -1418,7 +1413,7 @@ step_5:
** "will give an acceptable probability of error."
*/
/*CHECK_SEC_OK( prm_RabinTest(&Q, &passed) );*/
- err = mpp_pprime(&Q, prime_testcount_q(L,N));
+ err = mpp_pprime(&Q, prime_testcount_q(L, N));
passed = (err == MP_YES) ? SECSuccess : SECFailure;
/* ******************************************************************
** Step 9. (Step 5 in 186-1) "If q is not prime, goto step 5 (1 in 186-1)."
@@ -1426,7 +1421,7 @@ step_5:
if (passed != SECSuccess)
goto step_5;
/* ******************************************************************
- ** Step 10.
+ ** Step 10.
** offset = 1;
**( Step 6b 186-1)"Let counter = 0 and offset = 2."
*/
@@ -1436,54 +1431,54 @@ step_5:
** For counter - 0 to (4L-1) do
**
*/
- maxCount = L >= 1024 ? (4*L - 1) : 4095;
+ maxCount = L >= 1024 ? (4 * L - 1) : 4095;
for (counter = 0; counter <= maxCount; counter++) {
- /* ******************************************************************
- ** Step 11.1 (Step 7 in 186-1)
- ** "for j = 0 ... n let
- ** V_j = HASH[(SEED + offset + j) mod 2**seedlen]."
- **
- ** Step 11.2 (Step 8 in 186-1)
- ** "W = V_0 + V_1*2**outlen+...+ V_n-1 * 2**((n-1)*outlen) +
- ** ((Vn* mod 2**b)*2**(n*outlen))"
- ** Step 11.3 (Step 8 in 186-1)
- ** "X = W + 2**(L-1)
- ** Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L."
- **
- ** Step 11.4 (Step 9 in 186-1).
- ** "c = X mod 2q"
- **
- ** Step 11.5 (Step 9 in 186-1).
- ** " p = X - (c - 1).
- ** Note that p is congruent to 1 mod 2q."
- */
- CHECK_SEC_OK( makePfromQandSeed(hashtype, L, N, offset, seedlen,
- seed, &Q, &P) );
- /*************************************************************
- ** Step 11.6. (Step 10 in 186-1)
- ** "if p < 2**(L-1), then goto step 11.9. (step 13 in 186-1)"
- */
- CHECK_MPI_OK( mpl_set_bit(&l, (mp_size)(L-1), 1) ); /* l = 2**(L-1) */
- if (mp_cmp(&P, &l) < 0)
+ /* ******************************************************************
+ ** Step 11.1 (Step 7 in 186-1)
+ ** "for j = 0 ... n let
+ ** V_j = HASH[(SEED + offset + j) mod 2**seedlen]."
+ **
+ ** Step 11.2 (Step 8 in 186-1)
+ ** "W = V_0 + V_1*2**outlen+...+ V_n-1 * 2**((n-1)*outlen) +
+ ** ((Vn* mod 2**b)*2**(n*outlen))"
+ ** Step 11.3 (Step 8 in 186-1)
+ ** "X = W + 2**(L-1)
+ ** Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L."
+ **
+ ** Step 11.4 (Step 9 in 186-1).
+ ** "c = X mod 2q"
+ **
+ ** Step 11.5 (Step 9 in 186-1).
+ ** " p = X - (c - 1).
+ ** Note that p is congruent to 1 mod 2q."
+ */
+ CHECK_SEC_OK(makePfromQandSeed(hashtype, L, N, offset, seedlen,
+ seed, &Q, &P));
+ /*************************************************************
+ ** Step 11.6. (Step 10 in 186-1)
+ ** "if p < 2**(L-1), then goto step 11.9. (step 13 in 186-1)"
+ */
+ CHECK_MPI_OK(mpl_set_bit(&l, (mp_size)(L - 1), 1)); /* l = 2**(L-1) */
+ if (mp_cmp(&P, &l) < 0)
goto step_11_9;
- /************************************************************
- ** Step 11.7 (step 11 in 186-1)
- ** "Perform a robust primality test on p."
- */
- /*CHECK_SEC_OK( prm_RabinTest(&P, &passed) );*/
- err = mpp_pprime(&P, prime_testcount_p(L, N));
- passed = (err == MP_YES) ? SECSuccess : SECFailure;
- /* ******************************************************************
- ** Step 11.8. "If p is determined to be primed return VALID
+ /************************************************************
+ ** Step 11.7 (step 11 in 186-1)
+ ** "Perform a robust primality test on p."
+ */
+ /*CHECK_SEC_OK( prm_RabinTest(&P, &passed) );*/
+ err = mpp_pprime(&P, prime_testcount_p(L, N));
+ passed = (err == MP_YES) ? SECSuccess : SECFailure;
+ /* ******************************************************************
+ ** Step 11.8. "If p is determined to be primed return VALID
** values of p, q, seed and counter."
- */
- if (passed == SECSuccess)
- break;
-step_11_9:
- /* ******************************************************************
- ** Step 11.9. "offset = offset + n + 1."
- */
- offset += n + 1;
+ */
+ if (passed == SECSuccess)
+ break;
+ step_11_9:
+ /* ******************************************************************
+ ** Step 11.9. "offset = offset + n + 1."
+ */
+ offset += n + 1;
}
/* ******************************************************************
** Step 12. "goto step 5."
@@ -1491,47 +1486,50 @@ step_11_9:
** NOTE: if counter <= maxCount, then we exited the loop at Step 11.8
** and now need to return p,q, seed, and counter.
*/
- if (counter > maxCount)
- goto step_5;
+ if (counter > maxCount)
+ goto step_5;
generate_G:
/* ******************************************************************
** returning p, q, seed and counter
*/
if (type == FIPS186_1_TYPE) {
- /* Generate g, This is called the "Unverifiable Generation of g
- * in FIPA186-3 Appedix A.2.1. For compatibility we maintain
- * this version of the code */
- SECITEM_AllocItem(NULL, &hit, L/8); /* h is no longer than p */
- if (!hit.data) goto cleanup;
- do {
- /* loop generate h until 1<h<p-1 and (h**[(p-1)/q])mod p > 1 */
- CHECK_SEC_OK( generate_h_candidate(&hit, &H) );
- CHECK_SEC_OK( makeGfromH(&P, &Q, &H, &G, &passed) );
- } while (passed != PR_TRUE);
- MPINT_TO_SECITEM(&H, &verify->h, verify->arena);
+ /* Generate g, This is called the "Unverifiable Generation of g
+ * in FIPA186-3 Appedix A.2.1. For compatibility we maintain
+ * this version of the code */
+ SECITEM_AllocItem(NULL, &hit, L / 8); /* h is no longer than p */
+ if (!hit.data)
+ goto cleanup;
+ do {
+ /* loop generate h until 1<h<p-1 and (h**[(p-1)/q])mod p > 1 */
+ CHECK_SEC_OK(generate_h_candidate(&hit, &H));
+ CHECK_SEC_OK(makeGfromH(&P, &Q, &H, &G, &passed));
+ } while (passed != PR_TRUE);
+ MPINT_TO_SECITEM(&H, &verify->h, verify->arena);
} else {
- unsigned char index = 1; /* default to 1 */
- verify->h.data = (unsigned char *)PORT_ArenaZAlloc(verify->arena, 1);
- if (verify->h.data == NULL) { goto cleanup; }
- verify->h.len = 1;
- verify->h.data[0] = index;
- /* Generate g, using the FIPS 186-3 Appendix A.23 */
- CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, seed, index, &G) );
+ unsigned char index = 1; /* default to 1 */
+ verify->h.data = (unsigned char *)PORT_ArenaZAlloc(verify->arena, 1);
+ if (verify->h.data == NULL) {
+ goto cleanup;
+ }
+ verify->h.len = 1;
+ verify->h.data[0] = index;
+ /* Generate g, using the FIPS 186-3 Appendix A.23 */
+ CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, seed, index, &G));
}
/* All generation is done. Now, save the PQG params. */
- MPINT_TO_SECITEM(&P, &params->prime, params->arena);
+ MPINT_TO_SECITEM(&P, &params->prime, params->arena);
MPINT_TO_SECITEM(&Q, &params->subPrime, params->arena);
- MPINT_TO_SECITEM(&G, &params->base, params->arena);
+ MPINT_TO_SECITEM(&G, &params->base, params->arena);
verify->counter = counter;
*pParams = params;
*pVfy = verify;
cleanup:
if (pseed.data) {
- PORT_Free(pseed.data);
+ PORT_Free(pseed.data);
}
if (qseed.data) {
- PORT_Free(qseed.data);
+ PORT_Free(qseed.data);
}
mp_clear(&P);
mp_clear(&Q);
@@ -1540,16 +1538,16 @@ cleanup:
mp_clear(&l);
mp_clear(&p0);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv) {
- if (params) {
- PORT_FreeArena(params->arena, PR_TRUE);
- }
- if (verify) {
- PORT_FreeArena(verify->arena, PR_TRUE);
- }
+ if (params) {
+ PORT_FreeArena(params->arena, PR_TRUE);
+ }
+ if (verify) {
+ PORT_FreeArena(verify->arena, PR_TRUE);
+ }
}
if (hit.data) {
SECITEM_FreeItem(&hit, PR_FALSE);
@@ -1560,16 +1558,16 @@ cleanup:
SECStatus
PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
{
- unsigned int L; /* Length of P in bits. Per FIPS 186. */
+ unsigned int L; /* Length of P in bits. Per FIPS 186. */
unsigned int seedBytes;
if (j > 8 || !pParams || !pVfy) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- L = 512 + (j * 64); /* bits in P */
- seedBytes = L/8;
- return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
+ L = 512 + (j * 64); /* bits in P */
+ seedBytes = L / 8;
+ return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
pParams, pVfy);
}
@@ -1577,43 +1575,42 @@ SECStatus
PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes,
PQGParams **pParams, PQGVerify **pVfy)
{
- unsigned int L; /* Length of P in bits. Per FIPS 186. */
+ unsigned int L; /* Length of P in bits. Per FIPS 186. */
if (j > 8 || !pParams || !pVfy) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- L = 512 + (j * 64); /* bits in P */
+ L = 512 + (j * 64); /* bits in P */
return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
pParams, pVfy);
}
SECStatus
PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
- PQGParams **pParams, PQGVerify **pVfy)
+ PQGParams **pParams, PQGVerify **pVfy)
{
if (N == 0) {
- N = pqg_get_default_N(L);
+ N = pqg_get_default_N(L);
}
if (seedBytes == 0) {
- /* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
- seedBytes = N/8;
+ /* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
+ seedBytes = N / 8;
}
- if (pqg_validate_dsa2(L,N) != SECSuccess) {
- /* error code already set */
- return SECFailure;
+ if (pqg_validate_dsa2(L, N) != SECSuccess) {
+ /* error code already set */
+ return SECFailure;
}
return pqg_ParamGen(L, N, FIPS186_3_ST_TYPE, seedBytes, pParams, pVfy);
}
-
/*
* verify can use vfy structures returned from either FIPS186-1 or
* FIPS186-2, and can handle differences in selected Hash functions to
* generate the parameters.
*/
-SECStatus
-PQG_VerifyParams(const PQGParams *params,
+SECStatus
+PQG_VerifyParams(const PQGParams *params,
const PQGVerify *vfy, SECStatus *result)
{
SECStatus rv = SECSuccess;
@@ -1623,30 +1620,30 @@ PQG_VerifyParams(const PQGParams *params,
int j;
unsigned int counter_max = 0; /* handle legacy L < 1024 */
unsigned int qseed_len;
- SECItem pseed_ = {0, 0, 0};
+ SECItem pseed_ = { 0, 0, 0 };
HASH_HashType hashtype;
pqgGenType type;
#define CHECKPARAM(cond) \
if (!(cond)) { \
- *result = SECFailure; \
- goto cleanup; \
+ *result = SECFailure; \
+ goto cleanup; \
}
if (!params || !vfy || !result) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* always need at least p, q, and seed for any meaningful check */
if ((params->prime.len == 0) || (params->subPrime.len == 0) ||
(vfy->seed.len == 0)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* we want to either check PQ or G or both. If we don't have G, make
* sure we have count so we can check P. */
if ((params->base.len == 0) && (vfy->counter == -1)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
MP_DIGITS(&p0) = 0;
@@ -1658,145 +1655,146 @@ PQG_VerifyParams(const PQGParams *params,
MP_DIGITS(&G_) = 0;
MP_DIGITS(&r) = 0;
MP_DIGITS(&h) = 0;
- CHECK_MPI_OK( mp_init(&p0) );
- CHECK_MPI_OK( mp_init(&P) );
- CHECK_MPI_OK( mp_init(&Q) );
- CHECK_MPI_OK( mp_init(&G) );
- CHECK_MPI_OK( mp_init(&P_) );
- CHECK_MPI_OK( mp_init(&Q_) );
- CHECK_MPI_OK( mp_init(&G_) );
- CHECK_MPI_OK( mp_init(&r) );
- CHECK_MPI_OK( mp_init(&h) );
+ CHECK_MPI_OK(mp_init(&p0));
+ CHECK_MPI_OK(mp_init(&P));
+ CHECK_MPI_OK(mp_init(&Q));
+ CHECK_MPI_OK(mp_init(&G));
+ CHECK_MPI_OK(mp_init(&P_));
+ CHECK_MPI_OK(mp_init(&Q_));
+ CHECK_MPI_OK(mp_init(&G_));
+ CHECK_MPI_OK(mp_init(&r));
+ CHECK_MPI_OK(mp_init(&h));
*result = SECSuccess;
- SECITEM_TO_MPINT(params->prime, &P);
+ SECITEM_TO_MPINT(params->prime, &P);
SECITEM_TO_MPINT(params->subPrime, &Q);
/* if G isn't specified, just check P and Q */
if (params->base.len != 0) {
- SECITEM_TO_MPINT(params->base, &G);
+ SECITEM_TO_MPINT(params->base, &G);
}
/* 1. Check (L,N) pair */
N = mpl_significant_bits(&Q);
L = mpl_significant_bits(&P);
if (L < 1024) {
- /* handle DSA1 pqg parameters with less thatn 1024 bits*/
- CHECKPARAM( N == DSA1_Q_BITS );
- j = PQG_PBITS_TO_INDEX(L);
- CHECKPARAM( j >= 0 && j <= 8 );
- counter_max = 4096;
+ /* handle DSA1 pqg parameters with less thatn 1024 bits*/
+ CHECKPARAM(N == DSA1_Q_BITS);
+ j = PQG_PBITS_TO_INDEX(L);
+ CHECKPARAM(j >= 0 && j <= 8);
+ counter_max = 4096;
} else {
- /* handle DSA2 parameters (includes DSA1, 1024 bits) */
- CHECKPARAM(pqg_validate_dsa2(L, N) == SECSuccess);
- counter_max = 4*L;
+ /* handle DSA2 parameters (includes DSA1, 1024 bits) */
+ CHECKPARAM(pqg_validate_dsa2(L, N) == SECSuccess);
+ counter_max = 4 * L;
}
/* 3. G < P */
if (params->base.len != 0) {
- CHECKPARAM( mp_cmp(&G, &P) < 0 );
+ CHECKPARAM(mp_cmp(&G, &P) < 0);
}
/* 4. P % Q == 1 */
- CHECK_MPI_OK( mp_mod(&P, &Q, &r) );
- CHECKPARAM( mp_cmp_d(&r, 1) == 0 );
+ CHECK_MPI_OK(mp_mod(&P, &Q, &r));
+ CHECKPARAM(mp_cmp_d(&r, 1) == 0);
/* 5. Q is prime */
- CHECKPARAM( mpp_pprime(&Q, prime_testcount_q(L,N)) == MP_YES );
+ CHECKPARAM(mpp_pprime(&Q, prime_testcount_q(L, N)) == MP_YES);
/* 6. P is prime */
- CHECKPARAM( mpp_pprime(&P, prime_testcount_p(L,N)) == MP_YES );
+ CHECKPARAM(mpp_pprime(&P, prime_testcount_p(L, N)) == MP_YES);
/* Steps 7-12 are done only if the optional PQGVerify is supplied. */
/* continue processing P */
/* 7. counter < 4*L */
- CHECKPARAM( (vfy->counter == -1) || (vfy->counter < counter_max) );
+ CHECKPARAM((vfy->counter == -1) || (vfy->counter < counter_max));
/* 8. g >= N and g < 2*L (g is length of seed in bits) */
g = vfy->seed.len * 8;
- CHECKPARAM( g >= N && g < counter_max/2 );
+ CHECKPARAM(g >= N && g < counter_max / 2);
/* 9. Q generated from SEED matches Q in PQGParams. */
/* This function checks all possible hash and generation types to
* find a Q_ which matches Q. */
- CHECKPARAM( findQfromSeed(L, N, g, &vfy->seed, &Q, &Q_, &qseed_len,
- &hashtype, &type) == SECSuccess );
- CHECKPARAM( mp_cmp(&Q, &Q_) == 0 );
+ CHECKPARAM(findQfromSeed(L, N, g, &vfy->seed, &Q, &Q_, &qseed_len,
+ &hashtype, &type) == SECSuccess);
+ CHECKPARAM(mp_cmp(&Q, &Q_) == 0);
if (type == FIPS186_3_ST_TYPE) {
- SECItem qseed = { 0, 0, 0 };
- SECItem pseed = { 0, 0, 0 };
- unsigned int first_seed_len;
- unsigned int pgen_counter = 0;
-
- /* extract pseed and qseed from domain_parameter_seed, which is
- * first_seed || pseed || qseed. qseed is first_seed + small_integer
- * pseed is qseed + small_integer. This means most of the time
- * first_seed.len == qseed.len == pseed.len. Rarely qseed.len and/or
- * pseed.len will be one greater than first_seed.len, so we can
- * depend on the fact that
- * first_seed.len = floor(domain_parameter_seed.len/3).
- * findQfromSeed returned qseed.len, so we can calculate pseed.len as
- * pseed.len = domain_parameter_seed.len - first_seed.len - qseed.len
- * this is probably over kill, since 99.999% of the time they will all
- * be equal.
- *
- * With the lengths, we can now find the offsets;
- * first_seed.data = domain_parameter_seed.data + 0
- * pseed.data = domain_parameter_seed.data + first_seed.len
- * qseed.data = domain_parameter_seed.data
- * + domain_paramter_seed.len - qseed.len
- *
- */
- first_seed_len = vfy->seed.len/3;
- CHECKPARAM(qseed_len < vfy->seed.len);
- CHECKPARAM(first_seed_len*8 > N-1);
- CHECKPARAM(first_seed_len+qseed_len < vfy->seed.len);
- qseed.len = qseed_len;
- qseed.data = vfy->seed.data + vfy->seed.len - qseed.len;
- pseed.len = vfy->seed.len - (first_seed_len+qseed_len);
- pseed.data = vfy->seed.data + first_seed_len;
-
- /*
- * now complete FIPS 186-3 A.1.2.1.2. Step 1 was completed
- * above in our initial checks, Step 2 was completed by
- * findQfromSeed */
-
- /* Step 3 (status, c0, prime_seed, prime_gen_counter) =
- ** (ST_Random_Prime((ceil(length/2)+1, input_seed)
- */
- CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, (L+1)/2+1,
- &qseed, &p0, &pseed_, &pgen_counter) );
- /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
- CHECK_SEC_OK( makePrimefromPrimesShaweTaylor(hashtype, L,
- &p0, &Q_, &P_, &pseed_, &pgen_counter) );
- CHECKPARAM( mp_cmp(&P, &P_) == 0 );
- /* make sure pseed wasn't tampered with (since it is part of
- * calculating G) */
- CHECKPARAM( SECITEM_CompareItem(&pseed, &pseed_) == SECEqual );
+ SECItem qseed = { 0, 0, 0 };
+ SECItem pseed = { 0, 0, 0 };
+ unsigned int first_seed_len;
+ unsigned int pgen_counter = 0;
+
+ /* extract pseed and qseed from domain_parameter_seed, which is
+ * first_seed || pseed || qseed. qseed is first_seed + small_integer
+ * pseed is qseed + small_integer. This means most of the time
+ * first_seed.len == qseed.len == pseed.len. Rarely qseed.len and/or
+ * pseed.len will be one greater than first_seed.len, so we can
+ * depend on the fact that
+ * first_seed.len = floor(domain_parameter_seed.len/3).
+ * findQfromSeed returned qseed.len, so we can calculate pseed.len as
+ * pseed.len = domain_parameter_seed.len - first_seed.len - qseed.len
+ * this is probably over kill, since 99.999% of the time they will all
+ * be equal.
+ *
+ * With the lengths, we can now find the offsets;
+ * first_seed.data = domain_parameter_seed.data + 0
+ * pseed.data = domain_parameter_seed.data + first_seed.len
+ * qseed.data = domain_parameter_seed.data
+ * + domain_paramter_seed.len - qseed.len
+ *
+ */
+ first_seed_len = vfy->seed.len / 3;
+ CHECKPARAM(qseed_len < vfy->seed.len);
+ CHECKPARAM(first_seed_len * 8 > N - 1);
+ CHECKPARAM(first_seed_len + qseed_len < vfy->seed.len);
+ qseed.len = qseed_len;
+ qseed.data = vfy->seed.data + vfy->seed.len - qseed.len;
+ pseed.len = vfy->seed.len - (first_seed_len + qseed_len);
+ pseed.data = vfy->seed.data + first_seed_len;
+
+ /*
+ * now complete FIPS 186-3 A.1.2.1.2. Step 1 was completed
+ * above in our initial checks, Step 2 was completed by
+ * findQfromSeed */
+
+ /* Step 3 (status, c0, prime_seed, prime_gen_counter) =
+ ** (ST_Random_Prime((ceil(length/2)+1, input_seed)
+ */
+ CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, (L + 1) / 2 + 1,
+ &qseed, &p0, &pseed_, &pgen_counter));
+ /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
+ CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L,
+ &p0, &Q_, &P_, &pseed_, &pgen_counter));
+ CHECKPARAM(mp_cmp(&P, &P_) == 0);
+ /* make sure pseed wasn't tampered with (since it is part of
+ * calculating G) */
+ CHECKPARAM(SECITEM_CompareItem(&pseed, &pseed_) == SECEqual);
} else if (vfy->counter == -1) {
- /* If counter is set to -1, we are really only verifying G, skip
- * the remainder of the checks for P */
- CHECKPARAM(type != FIPS186_1_TYPE); /* we only do this for DSA2 */
+ /* If counter is set to -1, we are really only verifying G, skip
+ * the remainder of the checks for P */
+ CHECKPARAM(type != FIPS186_1_TYPE); /* we only do this for DSA2 */
} else {
- /* 10. P generated from (L, counter, g, SEED, Q) matches P
- * in PQGParams. */
- outlen = HASH_ResultLen(hashtype)*PR_BITS_PER_BYTE;
- n = (L - 1) / outlen;
- offset = vfy->counter * (n + 1) + ((type == FIPS186_1_TYPE) ? 2 : 1);
- CHECK_SEC_OK( makePfromQandSeed(hashtype, L, N, offset, g, &vfy->seed,
- &Q, &P_) );
- CHECKPARAM( mp_cmp(&P, &P_) == 0 );
+ /* 10. P generated from (L, counter, g, SEED, Q) matches P
+ * in PQGParams. */
+ outlen = HASH_ResultLen(hashtype) * PR_BITS_PER_BYTE;
+ n = (L - 1) / outlen;
+ offset = vfy->counter * (n + 1) + ((type == FIPS186_1_TYPE) ? 2 : 1);
+ CHECK_SEC_OK(makePfromQandSeed(hashtype, L, N, offset, g, &vfy->seed,
+ &Q, &P_));
+ CHECKPARAM(mp_cmp(&P, &P_) == 0);
}
/* now check G, skip if don't have a g */
- if (params->base.len == 0) goto cleanup;
+ if (params->base.len == 0)
+ goto cleanup;
/* first Always check that G is OK FIPS186-3 A.2.2 & A.2.4*/
/* 1. 2 < G < P-1 */
/* P is prime, p-1 == zero 1st bit */
- CHECK_MPI_OK( mpl_set_bit(&P, 0, 0) );
- CHECKPARAM( mp_cmp_d(&G, 2) > 0 && mp_cmp(&G, &P) < 0 );
- CHECK_MPI_OK( mpl_set_bit(&P, 0, 1) ); /* set it back */
+ CHECK_MPI_OK(mpl_set_bit(&P, 0, 0));
+ CHECKPARAM(mp_cmp_d(&G, 2) > 0 && mp_cmp(&G, &P) < 0);
+ CHECK_MPI_OK(mpl_set_bit(&P, 0, 1)); /* set it back */
/* 2. verify g**q mod p == 1 */
- CHECK_MPI_OK( mp_exptmod(&G, &Q, &P, &h) ); /* h = G ** Q mod P */
+ CHECK_MPI_OK(mp_exptmod(&G, &Q, &P, &h)); /* h = G ** Q mod P */
CHECKPARAM(mp_cmp_d(&h, 1) == 0);
/* no h, the above is the best we can do */
if (vfy->h.len == 0) {
- if (type != FIPS186_1_TYPE) {
- *result = SECWouldBlock;
- }
- goto cleanup;
+ if (type != FIPS186_1_TYPE) {
+ *result = SECWouldBlock;
+ }
+ goto cleanup;
}
/*
@@ -1806,22 +1804,22 @@ PQG_VerifyParams(const PQGParams *params,
* used to generate G.
*/
if ((vfy->h.len == 1) && (type != FIPS186_1_TYPE)) {
- /* A.2.3 */
- CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &vfy->seed,
- vfy->h.data[0], &G_) );
- CHECKPARAM( mp_cmp(&G, &G_) == 0 );
+ /* A.2.3 */
+ CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &vfy->seed,
+ vfy->h.data[0], &G_));
+ CHECKPARAM(mp_cmp(&G, &G_) == 0);
} else {
- int passed;
- /* A.2.1 */
- SECITEM_TO_MPINT(vfy->h, &h);
- /* 11. 1 < h < P-1 */
- /* P is prime, p-1 == zero 1st bit */
- CHECK_MPI_OK( mpl_set_bit(&P, 0, 0) );
- CHECKPARAM( mp_cmp_d(&G, 2) > 0 && mp_cmp(&G, &P) );
- CHECK_MPI_OK( mpl_set_bit(&P, 0, 1) ); /* set it back */
- /* 12. G generated from h matches G in PQGParams. */
- CHECK_SEC_OK( makeGfromH(&P, &Q, &h, &G_, &passed) );
- CHECKPARAM( passed && mp_cmp(&G, &G_) == 0 );
+ int passed;
+ /* A.2.1 */
+ SECITEM_TO_MPINT(vfy->h, &h);
+ /* 11. 1 < h < P-1 */
+ /* P is prime, p-1 == zero 1st bit */
+ CHECK_MPI_OK(mpl_set_bit(&P, 0, 0));
+ CHECKPARAM(mp_cmp_d(&G, 2) > 0 && mp_cmp(&G, &P));
+ CHECK_MPI_OK(mpl_set_bit(&P, 0, 1)); /* set it back */
+ /* 12. G generated from h matches G in PQGParams. */
+ CHECK_SEC_OK(makeGfromH(&P, &Q, &h, &G_, &passed));
+ CHECKPARAM(passed && mp_cmp(&G, &G_) == 0);
}
cleanup:
mp_clear(&p0);
@@ -1834,11 +1832,11 @@ cleanup:
mp_clear(&r);
mp_clear(&h);
if (pseed_.data) {
- SECITEM_FreeItem(&pseed_,PR_FALSE);
+ SECITEM_FreeItem(&pseed_, PR_FALSE);
}
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -1849,15 +1847,15 @@ cleanup:
void
PQG_DestroyParams(PQGParams *params)
{
- if (params == NULL)
- return;
+ if (params == NULL)
+ return;
if (params->arena != NULL) {
- PORT_FreeArena(params->arena, PR_FALSE); /* don't zero it */
+ PORT_FreeArena(params->arena, PR_FALSE); /* don't zero it */
} else {
- SECITEM_FreeItem(&params->prime, PR_FALSE); /* don't free prime */
- SECITEM_FreeItem(&params->subPrime, PR_FALSE); /* don't free subPrime */
- SECITEM_FreeItem(&params->base, PR_FALSE); /* don't free base */
- PORT_Free(params);
+ SECITEM_FreeItem(&params->prime, PR_FALSE); /* don't free prime */
+ SECITEM_FreeItem(&params->subPrime, PR_FALSE); /* don't free subPrime */
+ SECITEM_FreeItem(&params->base, PR_FALSE); /* don't free base */
+ PORT_Free(params);
}
}
@@ -1868,13 +1866,13 @@ PQG_DestroyParams(PQGParams *params)
void
PQG_DestroyVerify(PQGVerify *vfy)
{
- if (vfy == NULL)
- return;
+ if (vfy == NULL)
+ return;
if (vfy->arena != NULL) {
- PORT_FreeArena(vfy->arena, PR_FALSE); /* don't zero it */
+ PORT_FreeArena(vfy->arena, PR_FALSE); /* don't zero it */
} else {
- SECITEM_FreeItem(&vfy->seed, PR_FALSE); /* don't free seed */
- SECITEM_FreeItem(&vfy->h, PR_FALSE); /* don't free h */
- PORT_Free(vfy);
+ SECITEM_FreeItem(&vfy->seed, PR_FALSE); /* don't free seed */
+ SECITEM_FreeItem(&vfy->h, PR_FALSE); /* don't free h */
+ PORT_Free(vfy);
}
}
diff --git a/lib/freebl/pqg.h b/lib/freebl/pqg.h
index 097f360c1..c4eecd590 100644
--- a/lib/freebl/pqg.h
+++ b/lib/freebl/pqg.h
@@ -11,7 +11,7 @@
#ifndef _PQG_H_
#define _PQG_H_ 1
-/* PQG_GetLength returns the significant bytes in the SECItem object (that is
+/* PQG_GetLength returns the significant bytes in the SECItem object (that is
* the length of the object minus any leading zeros. Any SECItem may be used,
* though this function is usually used for P, Q, or G values */
unsigned int PQG_GetLength(const SECItem *obj);
diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c
index 0c417cc63..551727b89 100644
--- a/lib/freebl/rawhash.c
+++ b/lib/freebl/rawhash.c
@@ -8,7 +8,7 @@
#include "nspr.h"
#include "hasht.h"
-#include "blapi.h" /* below the line */
+#include "blapi.h" /* below the line */
#include "secerr.h"
static void *
@@ -36,7 +36,7 @@ null_hash_update(void *v, const unsigned char *input, unsigned int length)
static void
null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
- unsigned int maxOut)
+ unsigned int maxOut)
{
*outLen = 0;
}
@@ -47,115 +47,108 @@ null_hash_destroy_context(void *v, PRBool b)
PORT_Assert(v == NULL);
}
-
const SECHashObject SECRawHashObjects[] = {
- { 0,
- (void * (*)(void)) null_hash_new_context,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) null_hash_destroy_context,
- (void (*)(void *)) null_hash_begin,
- (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) null_hash_end,
- 0,
- HASH_AlgNULL,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) null_hash_end
- },
- { MD2_LENGTH,
- (void * (*)(void)) MD2_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) MD2_DestroyContext,
- (void (*)(void *)) MD2_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) MD2_Update,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD2_End,
- MD2_BLOCK_LENGTH,
- HASH_AlgMD2,
- NULL /* end_raw */
- },
- { MD5_LENGTH,
- (void * (*)(void)) MD5_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) MD5_DestroyContext,
- (void (*)(void *)) MD5_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) MD5_Update,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_End,
- MD5_BLOCK_LENGTH,
- HASH_AlgMD5,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_EndRaw
- },
- { SHA1_LENGTH,
- (void * (*)(void)) SHA1_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) SHA1_DestroyContext,
- (void (*)(void *)) SHA1_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End,
- SHA1_BLOCK_LENGTH,
- HASH_AlgSHA1,
- (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
- SHA1_EndRaw
- },
- { SHA256_LENGTH,
- (void * (*)(void)) SHA256_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) SHA256_DestroyContext,
- (void (*)(void *)) SHA256_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) SHA256_Update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA256_End,
- SHA256_BLOCK_LENGTH,
- HASH_AlgSHA256,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA256_EndRaw
- },
- { SHA384_LENGTH,
- (void * (*)(void)) SHA384_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) SHA384_DestroyContext,
- (void (*)(void *)) SHA384_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) SHA384_Update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA384_End,
- SHA384_BLOCK_LENGTH,
- HASH_AlgSHA384,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA384_EndRaw
- },
- { SHA512_LENGTH,
- (void * (*)(void)) SHA512_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) SHA512_DestroyContext,
- (void (*)(void *)) SHA512_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) SHA512_Update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA512_End,
- SHA512_BLOCK_LENGTH,
- HASH_AlgSHA512,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA512_EndRaw
- },
- { SHA224_LENGTH,
- (void * (*)(void)) SHA224_NewContext,
- (void * (*)(void *)) null_hash_clone_context,
- (void (*)(void *, PRBool)) SHA224_DestroyContext,
- (void (*)(void *)) SHA224_Begin,
- (void (*)(void *, const unsigned char *, unsigned int)) SHA224_Update,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA224_End,
- SHA224_BLOCK_LENGTH,
- HASH_AlgSHA224,
- (void (*)(void *, unsigned char *, unsigned int *,
- unsigned int)) SHA224_EndRaw
- },
+ { 0,
+ (void *(*)(void))null_hash_new_context,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))null_hash_destroy_context,
+ (void (*)(void *))null_hash_begin,
+ (void (*)(void *, const unsigned char *, unsigned int))null_hash_update,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))null_hash_end,
+ 0,
+ HASH_AlgNULL,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))null_hash_end },
+ {
+ MD2_LENGTH,
+ (void *(*)(void))MD2_NewContext,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))MD2_DestroyContext,
+ (void (*)(void *))MD2_Begin,
+ (void (*)(void *, const unsigned char *, unsigned int))MD2_Update,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD2_End,
+ MD2_BLOCK_LENGTH,
+ HASH_AlgMD2,
+ NULL /* end_raw */
+ },
+ { MD5_LENGTH,
+ (void *(*)(void))MD5_NewContext,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))MD5_DestroyContext,
+ (void (*)(void *))MD5_Begin,
+ (void (*)(void *, const unsigned char *, unsigned int))MD5_Update,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_End,
+ MD5_BLOCK_LENGTH,
+ HASH_AlgMD5,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_EndRaw },
+ { SHA1_LENGTH,
+ (void *(*)(void))SHA1_NewContext,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))SHA1_DestroyContext,
+ (void (*)(void *))SHA1_Begin,
+ (void (*)(void *, const unsigned char *, unsigned int))SHA1_Update,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))SHA1_End,
+ SHA1_BLOCK_LENGTH,
+ HASH_AlgSHA1,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+ SHA1_EndRaw },
+ { SHA256_LENGTH,
+ (void *(*)(void))SHA256_NewContext,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))SHA256_DestroyContext,
+ (void (*)(void *))SHA256_Begin,
+ (void (*)(void *, const unsigned char *, unsigned int))SHA256_Update,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA256_End,
+ SHA256_BLOCK_LENGTH,
+ HASH_AlgSHA256,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA256_EndRaw },
+ { SHA384_LENGTH,
+ (void *(*)(void))SHA384_NewContext,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))SHA384_DestroyContext,
+ (void (*)(void *))SHA384_Begin,
+ (void (*)(void *, const unsigned char *, unsigned int))SHA384_Update,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA384_End,
+ SHA384_BLOCK_LENGTH,
+ HASH_AlgSHA384,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA384_EndRaw },
+ { SHA512_LENGTH,
+ (void *(*)(void))SHA512_NewContext,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))SHA512_DestroyContext,
+ (void (*)(void *))SHA512_Begin,
+ (void (*)(void *, const unsigned char *, unsigned int))SHA512_Update,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA512_End,
+ SHA512_BLOCK_LENGTH,
+ HASH_AlgSHA512,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA512_EndRaw },
+ { SHA224_LENGTH,
+ (void *(*)(void))SHA224_NewContext,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))SHA224_DestroyContext,
+ (void (*)(void *))SHA224_Begin,
+ (void (*)(void *, const unsigned char *, unsigned int))SHA224_Update,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA224_End,
+ SHA224_BLOCK_LENGTH,
+ HASH_AlgSHA224,
+ (void (*)(void *, unsigned char *, unsigned int *,
+ unsigned int))SHA224_EndRaw },
};
const SECHashObject *
HASH_GetRawHashObject(HASH_HashType hashType)
{
if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
return &SECRawHashObjects[hashType];
}
diff --git a/lib/freebl/rijndael.c b/lib/freebl/rijndael.c
index 1ec17f811..045183376 100644
--- a/lib/freebl/rijndael.c
+++ b/lib/freebl/rijndael.c
@@ -35,17 +35,17 @@ static int has_intel_avx = 0;
static int has_intel_clmul = 0;
static PRBool use_hw_gcm = PR_FALSE;
#if defined(_MSC_VER) && !defined(_M_IX86)
-#include <intrin.h> /* for _xgetbv() */
+#include <intrin.h> /* for _xgetbv() */
#endif
#endif
-#endif /* USE_HW_AES */
+#endif /* USE_HW_AES */
/*
* There are currently five ways to build this code, varying in performance
* and code size.
*
* RIJNDAEL_INCLUDE_TABLES Include all tables from rijndael32.tab
- * RIJNDAEL_GENERATE_TABLES Generate tables on first
+ * RIJNDAEL_GENERATE_TABLES Generate tables on first
* encryption/decryption, then store them;
* use the function gfm
* RIJNDAEL_GENERATE_TABLES_MACRO Same as above, but use macros to do
@@ -58,7 +58,7 @@ static PRBool use_hw_gcm = PR_FALSE;
*/
/*
- * When building RIJNDAEL_INCLUDE_TABLES, includes S**-1, Rcon, T[0..4],
+ * When building RIJNDAEL_INCLUDE_TABLES, includes S**-1, Rcon, T[0..4],
* T**-1[0..4], IMXC[0..4]
* When building anything else, includes S, S**-1, Rcon
*/
@@ -68,10 +68,10 @@ static PRBool use_hw_gcm = PR_FALSE;
/*
* RIJNDAEL_INCLUDE_TABLES
*/
-#define T0(i) _T0[i]
-#define T1(i) _T1[i]
-#define T2(i) _T2[i]
-#define T3(i) _T3[i]
+#define T0(i) _T0[i]
+#define T1(i) _T1[i]
+#define T2(i) _T2[i]
+#define T3(i) _T3[i]
#define TInv0(i) _TInv0[i]
#define TInv1(i) _TInv1[i]
#define TInv2(i) _TInv2[i]
@@ -82,9 +82,9 @@ static PRBool use_hw_gcm = PR_FALSE;
#define IMXC3(b) _IMXC3[b]
/* The S-box can be recovered from the T-tables */
#ifdef IS_LITTLE_ENDIAN
-#define SBOX(b) ((PRUint8)_T3[b])
+#define SBOX(b) ((PRUint8)_T3[b])
#else
-#define SBOX(b) ((PRUint8)_T1[b])
+#define SBOX(b) ((PRUint8)_T1[b])
#endif
#define SINV(b) (_SInv[b])
@@ -105,7 +105,7 @@ static PRBool use_hw_gcm = PR_FALSE;
/*
* Define the S and S**-1 tables (both have been stored)
*/
-#define SBOX(b) (_S[b])
+#define SBOX(b) (_S[b])
#define SINV(b) (_SInv[b])
/*
@@ -115,62 +115,63 @@ static PRBool use_hw_gcm = PR_FALSE;
((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1))
/* Choose GFM method (macros or function) */
-#if defined(RIJNDAEL_GENERATE_TABLES_MACRO) || \
+#if defined(RIJNDAEL_GENERATE_TABLES_MACRO) || \
defined(RIJNDAEL_GENERATE_VALUES_MACRO)
/*
* Galois field GF(2**8) multipliers, in macro form
*/
#define GFM01(a) \
- (a) /* a * 01 = a, the identity */
+ (a) /* a * 01 = a, the identity */
#define GFM02(a) \
- (XTIME(a) & 0xff) /* a * 02 = xtime(a) */
+ (XTIME(a) & 0xff) /* a * 02 = xtime(a) */
#define GFM04(a) \
- (GFM02(GFM02(a))) /* a * 04 = xtime**2(a) */
+ (GFM02(GFM02(a))) /* a * 04 = xtime**2(a) */
#define GFM08(a) \
- (GFM02(GFM04(a))) /* a * 08 = xtime**3(a) */
+ (GFM02(GFM04(a))) /* a * 08 = xtime**3(a) */
#define GFM03(a) \
- (GFM01(a) ^ GFM02(a)) /* a * 03 = a * (01 + 02) */
+ (GFM01(a) ^ GFM02(a)) /* a * 03 = a * (01 + 02) */
#define GFM09(a) \
- (GFM01(a) ^ GFM08(a)) /* a * 09 = a * (01 + 08) */
+ (GFM01(a) ^ GFM08(a)) /* a * 09 = a * (01 + 08) */
#define GFM0B(a) \
- (GFM01(a) ^ GFM02(a) ^ GFM08(a)) /* a * 0B = a * (01 + 02 + 08) */
+ (GFM01(a) ^ GFM02(a) ^ GFM08(a)) /* a * 0B = a * (01 + 02 + 08) */
#define GFM0D(a) \
- (GFM01(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0D = a * (01 + 04 + 08) */
+ (GFM01(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0D = a * (01 + 04 + 08) */
#define GFM0E(a) \
- (GFM02(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0E = a * (02 + 04 + 08) */
+ (GFM02(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0E = a * (02 + 04 + 08) */
-#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_VALUES */
+#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_VALUES */
/* GF_MULTIPLY
*
* multiply two bytes represented in GF(2**8), mod (x**4 + 1)
*/
-PRUint8 gfm(PRUint8 a, PRUint8 b)
+PRUint8
+gfm(PRUint8 a, PRUint8 b)
{
PRUint8 res = 0;
while (b > 0) {
- res = (b & 0x01) ? res ^ a : res;
- a = XTIME(a);
- b >>= 1;
+ res = (b & 0x01) ? res ^ a : res;
+ a = XTIME(a);
+ b >>= 1;
}
return res;
}
#define GFM01(a) \
- (a) /* a * 01 = a, the identity */
+ (a) /* a * 01 = a, the identity */
#define GFM02(a) \
- (XTIME(a) & 0xff) /* a * 02 = xtime(a) */
+ (XTIME(a) & 0xff) /* a * 02 = xtime(a) */
#define GFM03(a) \
- (gfm(a, 0x03)) /* a * 03 */
+ (gfm(a, 0x03)) /* a * 03 */
#define GFM09(a) \
- (gfm(a, 0x09)) /* a * 09 */
+ (gfm(a, 0x09)) /* a * 09 */
#define GFM0B(a) \
- (gfm(a, 0x0B)) /* a * 0B */
+ (gfm(a, 0x0B)) /* a * 0B */
#define GFM0D(a) \
- (gfm(a, 0x0D)) /* a * 0D */
+ (gfm(a, 0x0D)) /* a * 0D */
#define GFM0E(a) \
- (gfm(a, 0x0E)) /* a * 0E */
+ (gfm(a, 0x0E)) /* a * 0E */
#endif /* choosing GFM function */
@@ -178,42 +179,43 @@ PRUint8 gfm(PRUint8 a, PRUint8 b)
* The T-tables
*/
#define G_T0(i) \
- ( WORD4( GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)) ) )
+ (WORD4(GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i))))
#define G_T1(i) \
- ( WORD4( GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)) ) )
+ (WORD4(GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i))))
#define G_T2(i) \
- ( WORD4( GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)) ) )
+ (WORD4(GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i))))
#define G_T3(i) \
- ( WORD4( GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)) ) )
+ (WORD4(GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i))))
/*
* The inverse T-tables
*/
#define G_TInv0(i) \
- ( WORD4( GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)) ) )
+ (WORD4(GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i))))
#define G_TInv1(i) \
- ( WORD4( GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)) ) )
+ (WORD4(GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i))))
#define G_TInv2(i) \
- ( WORD4( GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)) ) )
+ (WORD4(GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i))))
#define G_TInv3(i) \
- ( WORD4( GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)) ) )
+ (WORD4(GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i))))
/*
* The inverse mix column tables
*/
#define G_IMXC0(i) \
- ( WORD4( GFM0E(i), GFM09(i), GFM0D(i), GFM0B(i) ) )
+ (WORD4(GFM0E(i), GFM09(i), GFM0D(i), GFM0B(i)))
#define G_IMXC1(i) \
- ( WORD4( GFM0B(i), GFM0E(i), GFM09(i), GFM0D(i) ) )
+ (WORD4(GFM0B(i), GFM0E(i), GFM09(i), GFM0D(i)))
#define G_IMXC2(i) \
- ( WORD4( GFM0D(i), GFM0B(i), GFM0E(i), GFM09(i) ) )
+ (WORD4(GFM0D(i), GFM0B(i), GFM0E(i), GFM09(i)))
#define G_IMXC3(i) \
- ( WORD4( GFM09(i), GFM0D(i), GFM0B(i), GFM0E(i) ) )
+ (WORD4(GFM09(i), GFM0D(i), GFM0B(i), GFM0E(i)))
/* Now choose the T-table indexing method */
#if defined(RIJNDAEL_GENERATE_VALUES)
/* generate values for the tables with a function*/
-static PRUint32 gen_TInvXi(PRUint8 tx, PRUint8 i)
+static PRUint32
+gen_TInvXi(PRUint8 tx, PRUint8 i)
{
PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E;
si01 = SINV(i);
@@ -226,21 +228,21 @@ static PRUint32 gen_TInvXi(PRUint8 tx, PRUint8 i)
si0D = si09 ^ si04;
si0E = si08 ^ si04 ^ si02;
switch (tx) {
- case 0:
- return WORD4(si0E, si09, si0D, si0B);
- case 1:
- return WORD4(si0B, si0E, si09, si0D);
- case 2:
- return WORD4(si0D, si0B, si0E, si09);
- case 3:
- return WORD4(si09, si0D, si0B, si0E);
+ case 0:
+ return WORD4(si0E, si09, si0D, si0B);
+ case 1:
+ return WORD4(si0B, si0E, si09, si0D);
+ case 2:
+ return WORD4(si0D, si0B, si0E, si09);
+ case 3:
+ return WORD4(si09, si0D, si0B, si0E);
}
return -1;
}
-#define T0(i) G_T0(i)
-#define T1(i) G_T1(i)
-#define T2(i) G_T2(i)
-#define T3(i) G_T3(i)
+#define T0(i) G_T0(i)
+#define T1(i) G_T1(i)
+#define T2(i) G_T2(i)
+#define T3(i) G_T3(i)
#define TInv0(i) gen_TInvXi(0, i)
#define TInv1(i) gen_TInvXi(1, i)
#define TInv2(i) gen_TInvXi(2, i)
@@ -251,10 +253,10 @@ static PRUint32 gen_TInvXi(PRUint8 tx, PRUint8 i)
#define IMXC3(b) G_IMXC3(b)
#elif defined(RIJNDAEL_GENERATE_VALUES_MACRO)
/* generate values for the tables with macros */
-#define T0(i) G_T0(i)
-#define T1(i) G_T1(i)
-#define T2(i) G_T2(i)
-#define T3(i) G_T3(i)
+#define T0(i) G_T0(i)
+#define T1(i) G_T1(i)
+#define T2(i) G_T2(i)
+#define T3(i) G_T3(i)
#define TInv0(i) G_TInv0(i)
#define TInv1(i) G_TInv1(i)
#define TInv2(i) G_TInv2(i)
@@ -263,13 +265,13 @@ static PRUint32 gen_TInvXi(PRUint8 tx, PRUint8 i)
#define IMXC1(b) G_IMXC1(b)
#define IMXC2(b) G_IMXC2(b)
#define IMXC3(b) G_IMXC3(b)
-#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_TABLES_MACRO */
+#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_TABLES_MACRO */
/* Generate T and T**-1 table values and store, then index */
/* The inverse mix column tables are still generated */
-#define T0(i) rijndaelTables->T0[i]
-#define T1(i) rijndaelTables->T1[i]
-#define T2(i) rijndaelTables->T2[i]
-#define T3(i) rijndaelTables->T3[i]
+#define T0(i) rijndaelTables->T0[i]
+#define T1(i) rijndaelTables->T1[i]
+#define T2(i) rijndaelTables->T2[i]
+#define T3(i) rijndaelTables->T3[i]
#define TInv0(i) rijndaelTables->TInv0[i]
#define TInv1(i) rijndaelTables->TInv1[i]
#define TInv2(i) rijndaelTables->TInv2[i]
@@ -282,7 +284,7 @@ static PRUint32 gen_TInvXi(PRUint8 tx, PRUint8 i)
#endif /* not RIJNDAEL_INCLUDE_TABLES */
-#if defined(RIJNDAEL_GENERATE_TABLES) || \
+#if defined(RIJNDAEL_GENERATE_TABLES) || \
defined(RIJNDAEL_GENERATE_TABLES_MACRO)
/* Code to generate and store the tables */
@@ -300,38 +302,39 @@ struct rijndael_tables_str {
static struct rijndael_tables_str *rijndaelTables = NULL;
static PRCallOnceType coRTInit = { 0, 0, 0 };
-static PRStatus
+static PRStatus
init_rijndael_tables(void)
{
PRUint32 i;
PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E;
struct rijndael_tables_str *rts;
rts = (struct rijndael_tables_str *)
- PORT_Alloc(sizeof(struct rijndael_tables_str));
- if (!rts) return PR_FAILURE;
- for (i=0; i<256; i++) {
- /* The forward values */
- si01 = SBOX(i);
- si02 = XTIME(si01);
- si03 = si02 ^ si01;
- rts->T0[i] = WORD4(si02, si01, si01, si03);
- rts->T1[i] = WORD4(si03, si02, si01, si01);
- rts->T2[i] = WORD4(si01, si03, si02, si01);
- rts->T3[i] = WORD4(si01, si01, si03, si02);
- /* The inverse values */
- si01 = SINV(i);
- si02 = XTIME(si01);
- si04 = XTIME(si02);
- si08 = XTIME(si04);
- si03 = si02 ^ si01;
- si09 = si08 ^ si01;
- si0B = si08 ^ si03;
- si0D = si09 ^ si04;
- si0E = si08 ^ si04 ^ si02;
- rts->TInv0[i] = WORD4(si0E, si09, si0D, si0B);
- rts->TInv1[i] = WORD4(si0B, si0E, si09, si0D);
- rts->TInv2[i] = WORD4(si0D, si0B, si0E, si09);
- rts->TInv3[i] = WORD4(si09, si0D, si0B, si0E);
+ PORT_Alloc(sizeof(struct rijndael_tables_str));
+ if (!rts)
+ return PR_FAILURE;
+ for (i = 0; i < 256; i++) {
+ /* The forward values */
+ si01 = SBOX(i);
+ si02 = XTIME(si01);
+ si03 = si02 ^ si01;
+ rts->T0[i] = WORD4(si02, si01, si01, si03);
+ rts->T1[i] = WORD4(si03, si02, si01, si01);
+ rts->T2[i] = WORD4(si01, si03, si02, si01);
+ rts->T3[i] = WORD4(si01, si01, si03, si02);
+ /* The inverse values */
+ si01 = SINV(i);
+ si02 = XTIME(si01);
+ si04 = XTIME(si02);
+ si08 = XTIME(si04);
+ si03 = si02 ^ si01;
+ si09 = si08 ^ si01;
+ si0B = si08 ^ si03;
+ si0D = si09 ^ si04;
+ si0E = si08 ^ si04 ^ si02;
+ rts->TInv0[i] = WORD4(si0E, si09, si0D, si0B);
+ rts->TInv1[i] = WORD4(si0B, si0E, si09, si0D);
+ rts->TInv2[i] = WORD4(si0D, si0B, si0E, si09);
+ rts->TInv3[i] = WORD4(si09, si0D, si0B, si0E);
}
/* wait until all the values are in to set */
rijndaelTables = rts;
@@ -346,11 +349,11 @@ init_rijndael_tables(void)
*
*************************************************************************/
-#define SUBBYTE(w) \
+#define SUBBYTE(w) \
((SBOX((w >> 24) & 0xff) << 24) | \
(SBOX((w >> 16) & 0xff) << 16) | \
- (SBOX((w >> 8) & 0xff) << 8) | \
- (SBOX((w ) & 0xff) ))
+ (SBOX((w >> 8) & 0xff) << 8) | \
+ (SBOX((w)&0xff)))
#ifdef IS_LITTLE_ENDIAN
#define ROTBYTE(b) \
@@ -384,12 +387,12 @@ rijndael_key_expansion7(AESContext *cx, const unsigned char *key, unsigned int N
/* 2. loop until full expanded key is obtained */
pW = W + i - 1;
for (; i < cx->Nb * (cx->Nr + 1); ++i) {
- tmp = *pW++;
- if (i % Nk == 0)
- tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
- else if (i % Nk == 4)
- tmp = SUBBYTE(tmp);
- *pW = W[i - Nk] ^ tmp;
+ tmp = *pW++;
+ if (i % Nk == 0)
+ tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+ else if (i % Nk == 4)
+ tmp = SUBBYTE(tmp);
+ *pW = W[i - Nk] ^ tmp;
}
return SECSuccess;
}
@@ -407,7 +410,7 @@ rijndael_key_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk
PRUint32 tmp;
unsigned int round_key_words = cx->Nb * (cx->Nr + 1);
if (Nk == 7)
- return rijndael_key_expansion7(cx, key, Nk);
+ return rijndael_key_expansion7(cx, key, Nk);
W = cx->expandedKey;
/* The first Nk words contain the input cipher key */
memcpy(W, key, Nk * 4);
@@ -415,20 +418,32 @@ rijndael_key_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk
pW = W + i - 1;
/* Loop over all sets of Nk words, except the last */
while (i < round_key_words - Nk) {
- tmp = *pW++;
- tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
- *pW = W[i++ - Nk] ^ tmp;
- tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
- tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
- tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
- if (Nk == 4)
- continue;
- switch (Nk) {
- case 8: tmp = *pW++; tmp = SUBBYTE(tmp); *pW = W[i++ - Nk] ^ tmp;
- case 7: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
- case 6: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
- case 5: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
- }
+ tmp = *pW++;
+ tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+ *pW = W[i++ - Nk] ^ tmp;
+ tmp = *pW++;
+ *pW = W[i++ - Nk] ^ tmp;
+ tmp = *pW++;
+ *pW = W[i++ - Nk] ^ tmp;
+ tmp = *pW++;
+ *pW = W[i++ - Nk] ^ tmp;
+ if (Nk == 4)
+ continue;
+ switch (Nk) {
+ case 8:
+ tmp = *pW++;
+ tmp = SUBBYTE(tmp);
+ *pW = W[i++ - Nk] ^ tmp;
+ case 7:
+ tmp = *pW++;
+ *pW = W[i++ - Nk] ^ tmp;
+ case 6:
+ tmp = *pW++;
+ *pW = W[i++ - Nk] ^ tmp;
+ case 5:
+ tmp = *pW++;
+ *pW = W[i++ - Nk] ^ tmp;
+ }
}
/* Generate the last word */
tmp = *pW++;
@@ -439,27 +454,27 @@ rijndael_key_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk
* is no more need for the SubByte transformation.
*/
if (Nk < 8) {
- for (; i < round_key_words; ++i) {
- tmp = *pW++;
- *pW = W[i - Nk] ^ tmp;
- }
+ for (; i < round_key_words; ++i) {
+ tmp = *pW++;
+ *pW = W[i - Nk] ^ tmp;
+ }
} else {
- /* except in the case when Nk == 8. Then one more SubByte may have
- * to be performed, at i % Nk == 4.
- */
- for (; i < round_key_words; ++i) {
- tmp = *pW++;
- if (i % Nk == 4)
- tmp = SUBBYTE(tmp);
- *pW = W[i - Nk] ^ tmp;
- }
+ /* except in the case when Nk == 8. Then one more SubByte may have
+ * to be performed, at i % Nk == 4.
+ */
+ for (; i < round_key_words; ++i) {
+ tmp = *pW++;
+ if (i % Nk == 4)
+ tmp = SUBBYTE(tmp);
+ *pW = W[i - Nk] ^ tmp;
+ }
}
return SECSuccess;
}
/* rijndael_invkey_expansion
*
- * Generate the expanded key for the inverse cipher from the key input by
+ * Generate the expanded key for the inverse cipher from the key input by
* the user.
*/
static SECStatus
@@ -471,43 +486,47 @@ rijndael_invkey_expansion(AESContext *cx, const unsigned char *key, unsigned int
int Nb = cx->Nb;
/* begins like usual key expansion ... */
if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
- return SECFailure;
+ return SECFailure;
/* ... but has the additional step of InvMixColumn,
* excepting the first and last round keys.
*/
roundkeyw = cx->expandedKey + cx->Nb;
- for (r=1; r<cx->Nr; ++r) {
- /* each key word, roundkeyw, represents a column in the key
- * matrix. Each column is multiplied by the InvMixColumn matrix.
- * [ 0E 0B 0D 09 ] [ b0 ]
- * [ 09 0E 0B 0D ] * [ b1 ]
- * [ 0D 09 0E 0B ] [ b2 ]
- * [ 0B 0D 09 0E ] [ b3 ]
- */
- b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
- b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
- b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
- b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
- if (Nb <= 4)
- continue;
- switch (Nb) {
- case 8: b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
- IMXC2(b[2]) ^ IMXC3(b[3]);
- case 7: b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
- IMXC2(b[2]) ^ IMXC3(b[3]);
- case 6: b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
- IMXC2(b[2]) ^ IMXC3(b[3]);
- case 5: b = (PRUint8 *)roundkeyw;
- *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
- IMXC2(b[2]) ^ IMXC3(b[3]);
- }
+ for (r = 1; r < cx->Nr; ++r) {
+ /* each key word, roundkeyw, represents a column in the key
+ * matrix. Each column is multiplied by the InvMixColumn matrix.
+ * [ 0E 0B 0D 09 ] [ b0 ]
+ * [ 09 0E 0B 0D ] * [ b1 ]
+ * [ 0D 09 0E 0B ] [ b2 ]
+ * [ 0B 0D 09 0E ] [ b3 ]
+ */
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+ if (Nb <= 4)
+ continue;
+ switch (Nb) {
+ case 8:
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+ IMXC2(b[2]) ^ IMXC3(b[3]);
+ case 7:
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+ IMXC2(b[2]) ^ IMXC3(b[3]);
+ case 6:
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+ IMXC2(b[2]) ^ IMXC3(b[3]);
+ case 5:
+ b = (PRUint8 *)roundkeyw;
+ *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+ IMXC2(b[2]) ^ IMXC3(b[3]);
+ }
}
return SECSuccess;
}
@@ -519,20 +538,20 @@ rijndael_invkey_expansion(AESContext *cx, const unsigned char *key, unsigned int
*************************************************************************/
#ifdef IS_LITTLE_ENDIAN
-#define BYTE0WORD(w) ((w) & 0x000000ff)
-#define BYTE1WORD(w) ((w) & 0x0000ff00)
-#define BYTE2WORD(w) ((w) & 0x00ff0000)
-#define BYTE3WORD(w) ((w) & 0xff000000)
+#define BYTE0WORD(w) ((w)&0x000000ff)
+#define BYTE1WORD(w) ((w)&0x0000ff00)
+#define BYTE2WORD(w) ((w)&0x00ff0000)
+#define BYTE3WORD(w) ((w)&0xff000000)
#else
-#define BYTE0WORD(w) ((w) & 0xff000000)
-#define BYTE1WORD(w) ((w) & 0x00ff0000)
-#define BYTE2WORD(w) ((w) & 0x0000ff00)
-#define BYTE3WORD(w) ((w) & 0x000000ff)
+#define BYTE0WORD(w) ((w)&0xff000000)
+#define BYTE1WORD(w) ((w)&0x00ff0000)
+#define BYTE2WORD(w) ((w)&0x0000ff00)
+#define BYTE3WORD(w) ((w)&0x000000ff)
#endif
typedef union {
PRUint32 w[4];
- PRUint8 b[16];
+ PRUint8 b[16];
} rijndael_state;
#define COLUMN_0(state) state.w[0]
@@ -542,8 +561,8 @@ typedef union {
#define STATE_BYTE(i) state.b[i]
-static SECStatus
-rijndael_encryptBlock128(AESContext *cx,
+static SECStatus
+rijndael_encryptBlock128(AESContext *cx,
unsigned char *output,
const unsigned char *input)
{
@@ -559,87 +578,87 @@ rijndael_encryptBlock128(AESContext *cx,
PRUint32 inBuf[4], outBuf[4];
if ((ptrdiff_t)input & 0x3) {
- memcpy(inBuf, input, sizeof inBuf);
- pIn = (unsigned char *)inBuf;
+ memcpy(inBuf, input, sizeof inBuf);
+ pIn = (unsigned char *)inBuf;
} else {
- pIn = (unsigned char *)input;
+ pIn = (unsigned char *)input;
}
if ((ptrdiff_t)output & 0x3) {
- pOut = (unsigned char *)outBuf;
+ pOut = (unsigned char *)outBuf;
} else {
- pOut = (unsigned char *)output;
+ pOut = (unsigned char *)output;
}
#endif
roundkeyw = cx->expandedKey;
/* Step 1: Add Round Key 0 to initial state */
- COLUMN_0(state) = *((PRUint32 *)(pIn )) ^ *roundkeyw++;
- COLUMN_1(state) = *((PRUint32 *)(pIn + 4 )) ^ *roundkeyw++;
- COLUMN_2(state) = *((PRUint32 *)(pIn + 8 )) ^ *roundkeyw++;
+ COLUMN_0(state) = *((PRUint32 *)(pIn)) ^ *roundkeyw++;
+ COLUMN_1(state) = *((PRUint32 *)(pIn + 4)) ^ *roundkeyw++;
+ COLUMN_2(state) = *((PRUint32 *)(pIn + 8)) ^ *roundkeyw++;
COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw++;
/* Step 2: Loop over rounds [1..NR-1] */
- for (r=1; r<cx->Nr; ++r) {
+ for (r = 1; r < cx->Nr; ++r) {
/* Do ShiftRow, ByteSub, and MixColumn all at once */
- C0 = T0(STATE_BYTE(0)) ^
- T1(STATE_BYTE(5)) ^
- T2(STATE_BYTE(10)) ^
- T3(STATE_BYTE(15));
- C1 = T0(STATE_BYTE(4)) ^
- T1(STATE_BYTE(9)) ^
- T2(STATE_BYTE(14)) ^
- T3(STATE_BYTE(3));
- C2 = T0(STATE_BYTE(8)) ^
- T1(STATE_BYTE(13)) ^
- T2(STATE_BYTE(2)) ^
- T3(STATE_BYTE(7));
- C3 = T0(STATE_BYTE(12)) ^
- T1(STATE_BYTE(1)) ^
- T2(STATE_BYTE(6)) ^
- T3(STATE_BYTE(11));
- /* Round key addition */
- COLUMN_0(state) = C0 ^ *roundkeyw++;
- COLUMN_1(state) = C1 ^ *roundkeyw++;
- COLUMN_2(state) = C2 ^ *roundkeyw++;
- COLUMN_3(state) = C3 ^ *roundkeyw++;
+ C0 = T0(STATE_BYTE(0)) ^
+ T1(STATE_BYTE(5)) ^
+ T2(STATE_BYTE(10)) ^
+ T3(STATE_BYTE(15));
+ C1 = T0(STATE_BYTE(4)) ^
+ T1(STATE_BYTE(9)) ^
+ T2(STATE_BYTE(14)) ^
+ T3(STATE_BYTE(3));
+ C2 = T0(STATE_BYTE(8)) ^
+ T1(STATE_BYTE(13)) ^
+ T2(STATE_BYTE(2)) ^
+ T3(STATE_BYTE(7));
+ C3 = T0(STATE_BYTE(12)) ^
+ T1(STATE_BYTE(1)) ^
+ T2(STATE_BYTE(6)) ^
+ T3(STATE_BYTE(11));
+ /* Round key addition */
+ COLUMN_0(state) = C0 ^ *roundkeyw++;
+ COLUMN_1(state) = C1 ^ *roundkeyw++;
+ COLUMN_2(state) = C2 ^ *roundkeyw++;
+ COLUMN_3(state) = C3 ^ *roundkeyw++;
}
/* Step 3: Do the last round */
/* Final round does not employ MixColumn */
- C0 = ((BYTE0WORD(T2(STATE_BYTE(0)))) |
- (BYTE1WORD(T3(STATE_BYTE(5)))) |
- (BYTE2WORD(T0(STATE_BYTE(10)))) |
- (BYTE3WORD(T1(STATE_BYTE(15))))) ^
- *roundkeyw++;
- C1 = ((BYTE0WORD(T2(STATE_BYTE(4)))) |
- (BYTE1WORD(T3(STATE_BYTE(9)))) |
- (BYTE2WORD(T0(STATE_BYTE(14)))) |
- (BYTE3WORD(T1(STATE_BYTE(3))))) ^
- *roundkeyw++;
- C2 = ((BYTE0WORD(T2(STATE_BYTE(8)))) |
- (BYTE1WORD(T3(STATE_BYTE(13)))) |
- (BYTE2WORD(T0(STATE_BYTE(2)))) |
- (BYTE3WORD(T1(STATE_BYTE(7))))) ^
- *roundkeyw++;
- C3 = ((BYTE0WORD(T2(STATE_BYTE(12)))) |
- (BYTE1WORD(T3(STATE_BYTE(1)))) |
- (BYTE2WORD(T0(STATE_BYTE(6)))) |
- (BYTE3WORD(T1(STATE_BYTE(11))))) ^
- *roundkeyw++;
- *((PRUint32 *) pOut ) = C0;
- *((PRUint32 *)(pOut + 4)) = C1;
- *((PRUint32 *)(pOut + 8)) = C2;
+ C0 = ((BYTE0WORD(T2(STATE_BYTE(0)))) |
+ (BYTE1WORD(T3(STATE_BYTE(5)))) |
+ (BYTE2WORD(T0(STATE_BYTE(10)))) |
+ (BYTE3WORD(T1(STATE_BYTE(15))))) ^
+ *roundkeyw++;
+ C1 = ((BYTE0WORD(T2(STATE_BYTE(4)))) |
+ (BYTE1WORD(T3(STATE_BYTE(9)))) |
+ (BYTE2WORD(T0(STATE_BYTE(14)))) |
+ (BYTE3WORD(T1(STATE_BYTE(3))))) ^
+ *roundkeyw++;
+ C2 = ((BYTE0WORD(T2(STATE_BYTE(8)))) |
+ (BYTE1WORD(T3(STATE_BYTE(13)))) |
+ (BYTE2WORD(T0(STATE_BYTE(2)))) |
+ (BYTE3WORD(T1(STATE_BYTE(7))))) ^
+ *roundkeyw++;
+ C3 = ((BYTE0WORD(T2(STATE_BYTE(12)))) |
+ (BYTE1WORD(T3(STATE_BYTE(1)))) |
+ (BYTE2WORD(T0(STATE_BYTE(6)))) |
+ (BYTE3WORD(T1(STATE_BYTE(11))))) ^
+ *roundkeyw++;
+ *((PRUint32 *)pOut) = C0;
+ *((PRUint32 *)(pOut + 4)) = C1;
+ *((PRUint32 *)(pOut + 8)) = C2;
*((PRUint32 *)(pOut + 12)) = C3;
#if defined(NSS_X86_OR_X64)
#undef pIn
#undef pOut
#else
if ((ptrdiff_t)output & 0x3) {
- memcpy(output, outBuf, sizeof outBuf);
+ memcpy(output, outBuf, sizeof outBuf);
}
#endif
return SECSuccess;
}
-static SECStatus
-rijndael_decryptBlock128(AESContext *cx,
+static SECStatus
+rijndael_decryptBlock128(AESContext *cx,
unsigned char *output,
const unsigned char *input)
{
@@ -655,76 +674,76 @@ rijndael_decryptBlock128(AESContext *cx,
PRUint32 inBuf[4], outBuf[4];
if ((ptrdiff_t)input & 0x3) {
- memcpy(inBuf, input, sizeof inBuf);
- pIn = (unsigned char *)inBuf;
+ memcpy(inBuf, input, sizeof inBuf);
+ pIn = (unsigned char *)inBuf;
} else {
- pIn = (unsigned char *)input;
+ pIn = (unsigned char *)input;
}
if ((ptrdiff_t)output & 0x3) {
- pOut = (unsigned char *)outBuf;
+ pOut = (unsigned char *)outBuf;
} else {
- pOut = (unsigned char *)output;
+ pOut = (unsigned char *)output;
}
#endif
roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3;
/* reverse the final key addition */
COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw--;
- COLUMN_2(state) = *((PRUint32 *)(pIn + 8)) ^ *roundkeyw--;
- COLUMN_1(state) = *((PRUint32 *)(pIn + 4)) ^ *roundkeyw--;
- COLUMN_0(state) = *((PRUint32 *)(pIn )) ^ *roundkeyw--;
+ COLUMN_2(state) = *((PRUint32 *)(pIn + 8)) ^ *roundkeyw--;
+ COLUMN_1(state) = *((PRUint32 *)(pIn + 4)) ^ *roundkeyw--;
+ COLUMN_0(state) = *((PRUint32 *)(pIn)) ^ *roundkeyw--;
/* Loop over rounds in reverse [NR..1] */
- for (r=cx->Nr; r>1; --r) {
- /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
- C0 = TInv0(STATE_BYTE(0)) ^
- TInv1(STATE_BYTE(13)) ^
- TInv2(STATE_BYTE(10)) ^
- TInv3(STATE_BYTE(7));
- C1 = TInv0(STATE_BYTE(4)) ^
- TInv1(STATE_BYTE(1)) ^
- TInv2(STATE_BYTE(14)) ^
- TInv3(STATE_BYTE(11));
- C2 = TInv0(STATE_BYTE(8)) ^
- TInv1(STATE_BYTE(5)) ^
- TInv2(STATE_BYTE(2)) ^
- TInv3(STATE_BYTE(15));
- C3 = TInv0(STATE_BYTE(12)) ^
- TInv1(STATE_BYTE(9)) ^
- TInv2(STATE_BYTE(6)) ^
- TInv3(STATE_BYTE(3));
- /* Invert the key addition step */
- COLUMN_3(state) = C3 ^ *roundkeyw--;
- COLUMN_2(state) = C2 ^ *roundkeyw--;
- COLUMN_1(state) = C1 ^ *roundkeyw--;
- COLUMN_0(state) = C0 ^ *roundkeyw--;
+ for (r = cx->Nr; r > 1; --r) {
+ /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
+ C0 = TInv0(STATE_BYTE(0)) ^
+ TInv1(STATE_BYTE(13)) ^
+ TInv2(STATE_BYTE(10)) ^
+ TInv3(STATE_BYTE(7));
+ C1 = TInv0(STATE_BYTE(4)) ^
+ TInv1(STATE_BYTE(1)) ^
+ TInv2(STATE_BYTE(14)) ^
+ TInv3(STATE_BYTE(11));
+ C2 = TInv0(STATE_BYTE(8)) ^
+ TInv1(STATE_BYTE(5)) ^
+ TInv2(STATE_BYTE(2)) ^
+ TInv3(STATE_BYTE(15));
+ C3 = TInv0(STATE_BYTE(12)) ^
+ TInv1(STATE_BYTE(9)) ^
+ TInv2(STATE_BYTE(6)) ^
+ TInv3(STATE_BYTE(3));
+ /* Invert the key addition step */
+ COLUMN_3(state) = C3 ^ *roundkeyw--;
+ COLUMN_2(state) = C2 ^ *roundkeyw--;
+ COLUMN_1(state) = C1 ^ *roundkeyw--;
+ COLUMN_0(state) = C0 ^ *roundkeyw--;
}
/* inverse sub */
- pOut[ 0] = SINV(STATE_BYTE( 0));
- pOut[ 1] = SINV(STATE_BYTE(13));
- pOut[ 2] = SINV(STATE_BYTE(10));
- pOut[ 3] = SINV(STATE_BYTE( 7));
- pOut[ 4] = SINV(STATE_BYTE( 4));
- pOut[ 5] = SINV(STATE_BYTE( 1));
- pOut[ 6] = SINV(STATE_BYTE(14));
- pOut[ 7] = SINV(STATE_BYTE(11));
- pOut[ 8] = SINV(STATE_BYTE( 8));
- pOut[ 9] = SINV(STATE_BYTE( 5));
- pOut[10] = SINV(STATE_BYTE( 2));
+ pOut[0] = SINV(STATE_BYTE(0));
+ pOut[1] = SINV(STATE_BYTE(13));
+ pOut[2] = SINV(STATE_BYTE(10));
+ pOut[3] = SINV(STATE_BYTE(7));
+ pOut[4] = SINV(STATE_BYTE(4));
+ pOut[5] = SINV(STATE_BYTE(1));
+ pOut[6] = SINV(STATE_BYTE(14));
+ pOut[7] = SINV(STATE_BYTE(11));
+ pOut[8] = SINV(STATE_BYTE(8));
+ pOut[9] = SINV(STATE_BYTE(5));
+ pOut[10] = SINV(STATE_BYTE(2));
pOut[11] = SINV(STATE_BYTE(15));
pOut[12] = SINV(STATE_BYTE(12));
- pOut[13] = SINV(STATE_BYTE( 9));
- pOut[14] = SINV(STATE_BYTE( 6));
- pOut[15] = SINV(STATE_BYTE( 3));
+ pOut[13] = SINV(STATE_BYTE(9));
+ pOut[14] = SINV(STATE_BYTE(6));
+ pOut[15] = SINV(STATE_BYTE(3));
/* final key addition */
*((PRUint32 *)(pOut + 12)) ^= *roundkeyw--;
- *((PRUint32 *)(pOut + 8)) ^= *roundkeyw--;
- *((PRUint32 *)(pOut + 4)) ^= *roundkeyw--;
- *((PRUint32 *) pOut ) ^= *roundkeyw--;
+ *((PRUint32 *)(pOut + 8)) ^= *roundkeyw--;
+ *((PRUint32 *)(pOut + 4)) ^= *roundkeyw--;
+ *((PRUint32 *)pOut) ^= *roundkeyw--;
#if defined(NSS_X86_OR_X64)
#undef pIn
#undef pOut
#else
if ((ptrdiff_t)output & 0x3) {
- memcpy(output, outBuf, sizeof outBuf);
+ memcpy(output, outBuf, sizeof outBuf);
}
#endif
return SECSuccess;
@@ -743,86 +762,86 @@ rijndael_decryptBlock128(AESContext *cx,
#define COLUMN(array, j) *((PRUint32 *)(array + j))
-SECStatus
-rijndael_encryptBlock(AESContext *cx,
+SECStatus
+rijndael_encryptBlock(AESContext *cx,
unsigned char *output,
const unsigned char *input)
{
return SECFailure;
#ifdef rijndael_large_blocks_fixed
unsigned int j, r, Nb;
- unsigned int c2=0, c3=0;
+ unsigned int c2 = 0, c3 = 0;
PRUint32 *roundkeyw;
PRUint8 clone[RIJNDAEL_MAX_STATE_SIZE];
Nb = cx->Nb;
roundkeyw = cx->expandedKey;
/* Step 1: Add Round Key 0 to initial state */
- for (j=0; j<4*Nb; j+=4) {
- COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw++;
+ for (j = 0; j < 4 * Nb; j += 4) {
+ COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw++;
}
/* Step 2: Loop over rounds [1..NR-1] */
- for (r=1; r<cx->Nr; ++r) {
- for (j=0; j<Nb; ++j) {
- COLUMN(output, j) = T0(STATE_BYTE(4* j )) ^
- T1(STATE_BYTE(4*((j+ 1)%Nb)+1)) ^
- T2(STATE_BYTE(4*((j+c2)%Nb)+2)) ^
- T3(STATE_BYTE(4*((j+c3)%Nb)+3));
- }
- for (j=0; j<4*Nb; j+=4) {
- COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw++;
- }
+ for (r = 1; r < cx->Nr; ++r) {
+ for (j = 0; j < Nb; ++j) {
+ COLUMN(output, j) = T0(STATE_BYTE(4 * j)) ^
+ T1(STATE_BYTE(4 * ((j + 1) % Nb) + 1)) ^
+ T2(STATE_BYTE(4 * ((j + c2) % Nb) + 2)) ^
+ T3(STATE_BYTE(4 * ((j + c3) % Nb) + 3));
+ }
+ for (j = 0; j < 4 * Nb; j += 4) {
+ COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw++;
+ }
}
/* Step 3: Do the last round */
/* Final round does not employ MixColumn */
- for (j=0; j<Nb; ++j) {
- COLUMN(output, j) = ((BYTE0WORD(T2(STATE_BYTE(4* j )))) |
- (BYTE1WORD(T3(STATE_BYTE(4*(j+ 1)%Nb)+1))) |
- (BYTE2WORD(T0(STATE_BYTE(4*(j+c2)%Nb)+2))) |
- (BYTE3WORD(T1(STATE_BYTE(4*(j+c3)%Nb)+3)))) ^
- *roundkeyw++;
+ for (j = 0; j < Nb; ++j) {
+ COLUMN(output, j) = ((BYTE0WORD(T2(STATE_BYTE(4 * j)))) |
+ (BYTE1WORD(T3(STATE_BYTE(4 * (j + 1) % Nb) + 1))) |
+ (BYTE2WORD(T0(STATE_BYTE(4 * (j + c2) % Nb) + 2))) |
+ (BYTE3WORD(T1(STATE_BYTE(4 * (j + c3) % Nb) + 3)))) ^
+ *roundkeyw++;
}
return SECSuccess;
#endif
}
-SECStatus
-rijndael_decryptBlock(AESContext *cx,
+SECStatus
+rijndael_decryptBlock(AESContext *cx,
unsigned char *output,
const unsigned char *input)
{
return SECFailure;
#ifdef rijndael_large_blocks_fixed
int j, r, Nb;
- int c2=0, c3=0;
+ int c2 = 0, c3 = 0;
PRUint32 *roundkeyw;
PRUint8 clone[RIJNDAEL_MAX_STATE_SIZE];
Nb = cx->Nb;
roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3;
/* reverse key addition */
- for (j=4*Nb; j>=0; j-=4) {
- COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw--;
+ for (j = 4 * Nb; j >= 0; j -= 4) {
+ COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw--;
}
/* Loop over rounds in reverse [NR..1] */
- for (r=cx->Nr; r>1; --r) {
- /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
- for (j=0; j<Nb; ++j) {
- COLUMN(output, 4*j) = TInv0(STATE_BYTE(4* j )) ^
- TInv1(STATE_BYTE(4*(j+Nb- 1)%Nb)+1) ^
- TInv2(STATE_BYTE(4*(j+Nb-c2)%Nb)+2) ^
- TInv3(STATE_BYTE(4*(j+Nb-c3)%Nb)+3);
- }
- /* Invert the key addition step */
- for (j=4*Nb; j>=0; j-=4) {
- COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw--;
- }
+ for (r = cx->Nr; r > 1; --r) {
+ /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
+ for (j = 0; j < Nb; ++j) {
+ COLUMN(output, 4 * j) = TInv0(STATE_BYTE(4 * j)) ^
+ TInv1(STATE_BYTE(4 * (j + Nb - 1) % Nb) + 1) ^
+ TInv2(STATE_BYTE(4 * (j + Nb - c2) % Nb) + 2) ^
+ TInv3(STATE_BYTE(4 * (j + Nb - c3) % Nb) + 3);
+ }
+ /* Invert the key addition step */
+ for (j = 4 * Nb; j >= 0; j -= 4) {
+ COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw--;
+ }
}
/* inverse sub */
- for (j=0; j<4*Nb; ++j) {
- output[j] = SINV(clone[j]);
+ for (j = 0; j < 4 * Nb; ++j) {
+ output[j] = SINV(clone[j]);
}
/* final key addition */
- for (j=4*Nb; j>=0; j-=4) {
- COLUMN(output, j) ^= *roundkeyw--;
+ for (j = 4 * Nb; j >= 0; j -= 4) {
+ COLUMN(output, j) ^= *roundkeyw--;
}
return SECSuccess;
#endif
@@ -834,33 +853,33 @@ rijndael_decryptBlock(AESContext *cx,
*
*************************************************************************/
-static SECStatus
+static SECStatus
rijndael_encryptECB(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
+ const unsigned char *input, unsigned int inputLen,
unsigned int blocksize)
{
SECStatus rv;
AESBlockFunc *encryptor;
- encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
- ? &rijndael_encryptBlock128
- : &rijndael_encryptBlock;
+ encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+ ? &rijndael_encryptBlock128
+ : &rijndael_encryptBlock;
while (inputLen > 0) {
rv = (*encryptor)(cx, output, input);
- if (rv != SECSuccess)
- return rv;
- output += blocksize;
- input += blocksize;
- inputLen -= blocksize;
+ if (rv != SECSuccess)
+ return rv;
+ output += blocksize;
+ input += blocksize;
+ inputLen -= blocksize;
}
return SECSuccess;
}
-static SECStatus
+static SECStatus
rijndael_encryptCBC(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
+ const unsigned char *input, unsigned int inputLen,
unsigned int blocksize)
{
unsigned int j;
@@ -870,56 +889,56 @@ rijndael_encryptCBC(AESContext *cx, unsigned char *output,
unsigned char inblock[RIJNDAEL_MAX_STATE_SIZE * 8];
if (!inputLen)
- return SECSuccess;
+ return SECSuccess;
lastblock = cx->iv;
- encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
- ? &rijndael_encryptBlock128
- : &rijndael_encryptBlock;
+ encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+ ? &rijndael_encryptBlock128
+ : &rijndael_encryptBlock;
while (inputLen > 0) {
- /* XOR with the last block (IV if first block) */
- for (j=0; j<blocksize; ++j)
- inblock[j] = input[j] ^ lastblock[j];
- /* encrypt */
+ /* XOR with the last block (IV if first block) */
+ for (j = 0; j < blocksize; ++j)
+ inblock[j] = input[j] ^ lastblock[j];
+ /* encrypt */
rv = (*encryptor)(cx, output, inblock);
- if (rv != SECSuccess)
- return rv;
- /* move to the next block */
- lastblock = output;
- output += blocksize;
- input += blocksize;
- inputLen -= blocksize;
+ if (rv != SECSuccess)
+ return rv;
+ /* move to the next block */
+ lastblock = output;
+ output += blocksize;
+ input += blocksize;
+ inputLen -= blocksize;
}
memcpy(cx->iv, lastblock, blocksize);
return SECSuccess;
}
-static SECStatus
+static SECStatus
rijndael_decryptECB(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
+ const unsigned char *input, unsigned int inputLen,
unsigned int blocksize)
{
SECStatus rv;
AESBlockFunc *decryptor;
- decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
- ? &rijndael_decryptBlock128
- : &rijndael_decryptBlock;
+ decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+ ? &rijndael_decryptBlock128
+ : &rijndael_decryptBlock;
while (inputLen > 0) {
rv = (*decryptor)(cx, output, input);
- if (rv != SECSuccess)
- return rv;
- output += blocksize;
- input += blocksize;
- inputLen -= blocksize;
+ if (rv != SECSuccess)
+ return rv;
+ output += blocksize;
+ input += blocksize;
+ inputLen -= blocksize;
}
return SECSuccess;
}
-static SECStatus
+static SECStatus
rijndael_decryptCBC(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
- const unsigned char *input, unsigned int inputLen,
+ const unsigned char *input, unsigned int inputLen,
unsigned int blocksize)
{
SECStatus rv;
@@ -929,32 +948,31 @@ rijndael_decryptCBC(AESContext *cx, unsigned char *output,
unsigned int j;
unsigned char newIV[RIJNDAEL_MAX_BLOCKSIZE];
-
- if (!inputLen)
- return SECSuccess;
- PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
- decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
- ? &rijndael_decryptBlock128
- : &rijndael_decryptBlock;
- in = input + (inputLen - blocksize);
+ if (!inputLen)
+ return SECSuccess;
+ PORT_Assert(output - input >= 0 || input - output >= (int)inputLen);
+ decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+ ? &rijndael_decryptBlock128
+ : &rijndael_decryptBlock;
+ in = input + (inputLen - blocksize);
memcpy(newIV, in, blocksize);
out = output + (inputLen - blocksize);
while (inputLen > blocksize) {
rv = (*decryptor)(cx, out, in);
- if (rv != SECSuccess)
- return rv;
- for (j=0; j<blocksize; ++j)
- out[j] ^= in[(int)(j - blocksize)];
- out -= blocksize;
- in -= blocksize;
- inputLen -= blocksize;
+ if (rv != SECSuccess)
+ return rv;
+ for (j = 0; j < blocksize; ++j)
+ out[j] ^= in[(int)(j - blocksize)];
+ out -= blocksize;
+ in -= blocksize;
+ inputLen -= blocksize;
}
if (in == input) {
rv = (*decryptor)(cx, out, in);
- if (rv != SECSuccess)
- return rv;
- for (j=0; j<blocksize; ++j)
- out[j] ^= cx->iv[j];
+ if (rv != SECSuccess)
+ return rv;
+ for (j = 0; j < blocksize; ++j)
+ out[j] ^= cx->iv[j];
}
memcpy(cx->iv, newIV, blocksize);
return SECSuccess;
@@ -969,12 +987,12 @@ rijndael_decryptCBC(AESContext *cx, unsigned char *output,
*
***********************************************************************/
-AESContext * AES_AllocateContext(void)
+AESContext *
+AES_AllocateContext(void)
{
return PORT_ZNew(AESContext);
}
-
#ifdef INTEL_GCM
/*
* Adapted from the example code in "How to detect New Instruction support in
@@ -995,10 +1013,13 @@ check_xcr0_ymm()
mov xcr0, eax
}
#else
- xcr0 = (PRUint32)_xgetbv(0); /* Requires VS2010 SP1 or later. */
+ xcr0 = (PRUint32)_xgetbv(0); /* Requires VS2010 SP1 or later. */
#endif
#else
- __asm__ ("xgetbv" : "=a" (xcr0) : "c" (0) : "%edx");
+ __asm__("xgetbv"
+ : "=a"(xcr0)
+ : "c"(0)
+ : "%edx");
#endif
/* Check if xmm and ymm state are enabled in XCR0. */
return (xcr0 & 6) == 6;
@@ -1008,72 +1029,70 @@ check_xcr0_ymm()
/*
** Initialize a new AES context suitable for AES encryption/decryption in
** the ECB or CBC mode.
-** "mode" the mode of operation, which must be NSS_AES or NSS_AES_CBC
+** "mode" the mode of operation, which must be NSS_AES or NSS_AES_CBC
*/
-static SECStatus
-aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
- const unsigned char *iv, int mode, unsigned int encrypt,
- unsigned int blocksize)
+static SECStatus
+aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
+ const unsigned char *iv, int mode, unsigned int encrypt,
+ unsigned int blocksize)
{
unsigned int Nk;
/* According to Rijndael AES Proposal, section 12.1, block and key
* lengths between 128 and 256 bits are supported, as long as the
* length in bytes is divisible by 4.
*/
- if (key == NULL ||
- keysize < RIJNDAEL_MIN_BLOCKSIZE ||
- keysize > RIJNDAEL_MAX_BLOCKSIZE ||
- keysize % 4 != 0 ||
- blocksize < RIJNDAEL_MIN_BLOCKSIZE ||
- blocksize > RIJNDAEL_MAX_BLOCKSIZE ||
- blocksize % 4 != 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ if (key == NULL ||
+ keysize < RIJNDAEL_MIN_BLOCKSIZE ||
+ keysize > RIJNDAEL_MAX_BLOCKSIZE ||
+ keysize % 4 != 0 ||
+ blocksize < RIJNDAEL_MIN_BLOCKSIZE ||
+ blocksize > RIJNDAEL_MAX_BLOCKSIZE ||
+ blocksize % 4 != 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (mode != NSS_AES && mode != NSS_AES_CBC) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (mode == NSS_AES_CBC && iv == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
if (!cx) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
#ifdef USE_HW_AES
if (has_intel_aes == 0) {
- unsigned long eax, ebx, ecx, edx;
- char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
+ unsigned long eax, ebx, ecx, edx;
+ char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
- if (disable_hw_aes == NULL) {
- freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
- has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
+ if (disable_hw_aes == NULL) {
+ freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
+ has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
#ifdef INTEL_GCM
- has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1;
- if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 &&
- check_xcr0_ymm()) {
- has_intel_avx = 1;
- } else {
- has_intel_avx = -1;
- }
+ has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1;
+ if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 &&
+ check_xcr0_ymm()) {
+ has_intel_avx = 1;
+ } else {
+ has_intel_avx = -1;
+ }
#endif
- } else {
- has_intel_aes = -1;
+ } else {
+ has_intel_aes = -1;
#ifdef INTEL_GCM
- has_intel_avx = -1;
- has_intel_clmul = -1;
+ has_intel_avx = -1;
+ has_intel_clmul = -1;
#endif
- }
+ }
}
- use_hw_aes = (PRBool)
- (has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
+ use_hw_aes = (PRBool)(has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
#ifdef INTEL_GCM
- use_hw_gcm = (PRBool)
- (use_hw_aes && has_intel_avx>0 && has_intel_clmul>0);
+ use_hw_gcm = (PRBool)(use_hw_aes && has_intel_avx > 0 && has_intel_clmul > 0);
#endif
-#endif /* USE_HW_AES */
+#endif /* USE_HW_AES */
/* Nb = (block size in bits) / 32 */
cx->Nb = blocksize / 4;
/* Nk = (key size in bits) / 32 */
@@ -1082,58 +1101,59 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
cx->Nr = RIJNDAEL_NUM_ROUNDS(Nk, cx->Nb);
/* copy in the iv, if neccessary */
if (mode == NSS_AES_CBC) {
- memcpy(cx->iv, iv, blocksize);
+ memcpy(cx->iv, iv, blocksize);
#ifdef USE_HW_AES
- if (use_hw_aes) {
- cx->worker = (freeblCipherFunc)
- intel_aes_cbc_worker(encrypt, keysize);
- } else
+ if (use_hw_aes) {
+ cx->worker = (freeblCipherFunc)
+ intel_aes_cbc_worker(encrypt, keysize);
+ } else
#endif
- {
- cx->worker = (freeblCipherFunc) (encrypt
- ? &rijndael_encryptCBC : &rijndael_decryptCBC);
- }
+ {
+ cx->worker = (freeblCipherFunc)(encrypt
+ ? &rijndael_encryptCBC
+ : &rijndael_decryptCBC);
+ }
} else {
-#ifdef USE_HW_AES
- if (use_hw_aes) {
- cx->worker = (freeblCipherFunc)
- intel_aes_ecb_worker(encrypt, keysize);
- } else
+#ifdef USE_HW_AES
+ if (use_hw_aes) {
+ cx->worker = (freeblCipherFunc)
+ intel_aes_ecb_worker(encrypt, keysize);
+ } else
#endif
- {
- cx->worker = (freeblCipherFunc) (encrypt
- ? &rijndael_encryptECB : &rijndael_decryptECB);
- }
+ {
+ cx->worker = (freeblCipherFunc)(encrypt
+ ? &rijndael_encryptECB
+ : &rijndael_decryptECB);
+ }
}
PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ goto cleanup;
}
#ifdef USE_HW_AES
if (use_hw_aes) {
- intel_aes_init(encrypt, keysize);
+ intel_aes_init(encrypt, keysize);
} else
#endif
{
-#if defined(RIJNDAEL_GENERATE_TABLES) || \
- defined(RIJNDAEL_GENERATE_TABLES_MACRO)
- if (rijndaelTables == NULL) {
- if (PR_CallOnce(&coRTInit, init_rijndael_tables)
- != PR_SUCCESS) {
- return SecFailure;
- }
- }
+#if defined(RIJNDAEL_GENERATE_TABLES) || \
+ defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+ if (rijndaelTables == NULL) {
+ if (PR_CallOnce(&coRTInit, init_rijndael_tables) != PR_SUCCESS) {
+ return SecFailure;
+ }
+ }
#endif
- /* Generate expanded key */
- if (encrypt) {
- if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
- goto cleanup;
- } else {
- if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
- goto cleanup;
- }
+ /* Generate expanded key */
+ if (encrypt) {
+ if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
+ goto cleanup;
+ } else {
+ if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
+ goto cleanup;
+ }
}
cx->worker_cx = cx;
cx->destroy = NULL;
@@ -1143,88 +1163,85 @@ cleanup:
return SECFailure;
}
-SECStatus
-AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
- const unsigned char *iv, int mode, unsigned int encrypt,
- unsigned int blocksize)
+SECStatus
+AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
+ const unsigned char *iv, int mode, unsigned int encrypt,
+ unsigned int blocksize)
{
int basemode = mode;
PRBool baseencrypt = encrypt;
SECStatus rv;
switch (mode) {
- case NSS_AES_CTS:
- basemode = NSS_AES_CBC;
- break;
- case NSS_AES_GCM:
- case NSS_AES_CTR:
- basemode = NSS_AES;
- baseencrypt = PR_TRUE;
- break;
+ case NSS_AES_CTS:
+ basemode = NSS_AES_CBC;
+ break;
+ case NSS_AES_GCM:
+ case NSS_AES_CTR:
+ basemode = NSS_AES;
+ baseencrypt = PR_TRUE;
+ break;
}
/* make sure enough is initializes so we can safely call Destroy */
cx->worker_cx = NULL;
cx->destroy = NULL;
- rv = aes_InitContext(cx, key, keysize, iv, basemode,
- baseencrypt, blocksize);
+ rv = aes_InitContext(cx, key, keysize, iv, basemode,
+ baseencrypt, blocksize);
if (rv != SECSuccess) {
- AES_DestroyContext(cx, PR_FALSE);
- return rv;
+ AES_DestroyContext(cx, PR_FALSE);
+ return rv;
}
cx->mode = mode;
/* finally, set up any mode specific contexts */
switch (mode) {
- case NSS_AES_CTS:
- cx->worker_cx = CTS_CreateContext(cx, cx->worker, iv, blocksize);
- cx->worker = (freeblCipherFunc)
- (encrypt ? CTS_EncryptUpdate : CTS_DecryptUpdate);
- cx->destroy = (freeblDestroyFunc) CTS_DestroyContext;
- cx->isBlock = PR_FALSE;
- break;
- case NSS_AES_GCM:
+ case NSS_AES_CTS:
+ cx->worker_cx = CTS_CreateContext(cx, cx->worker, iv, blocksize);
+ cx->worker = (freeblCipherFunc)(encrypt ? CTS_EncryptUpdate : CTS_DecryptUpdate);
+ cx->destroy = (freeblDestroyFunc)CTS_DestroyContext;
+ cx->isBlock = PR_FALSE;
+ break;
+ case NSS_AES_GCM:
#ifdef INTEL_GCM
- if(use_hw_gcm) {
- cx->worker_cx = intel_AES_GCM_CreateContext(cx, cx->worker, iv, blocksize);
- cx->worker = (freeblCipherFunc)
- (encrypt ? intel_AES_GCM_EncryptUpdate : intel_AES_GCM_DecryptUpdate);
- cx->destroy = (freeblDestroyFunc) intel_AES_GCM_DestroyContext;
- cx->isBlock = PR_FALSE;
- } else
+ if (use_hw_gcm) {
+ cx->worker_cx = intel_AES_GCM_CreateContext(cx, cx->worker, iv, blocksize);
+ cx->worker = (freeblCipherFunc)(encrypt ? intel_AES_GCM_EncryptUpdate : intel_AES_GCM_DecryptUpdate);
+ cx->destroy = (freeblDestroyFunc)intel_AES_GCM_DestroyContext;
+ cx->isBlock = PR_FALSE;
+ } else
#endif
- {
- cx->worker_cx = GCM_CreateContext(cx, cx->worker, iv, blocksize);
- cx->worker = (freeblCipherFunc)
- (encrypt ? GCM_EncryptUpdate : GCM_DecryptUpdate);
- cx->destroy = (freeblDestroyFunc) GCM_DestroyContext;
- cx->isBlock = PR_FALSE;
- }
- break;
- case NSS_AES_CTR:
- cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize);
+ {
+ cx->worker_cx = GCM_CreateContext(cx, cx->worker, iv, blocksize);
+ cx->worker = (freeblCipherFunc)(encrypt ? GCM_EncryptUpdate : GCM_DecryptUpdate);
+ cx->destroy = (freeblDestroyFunc)GCM_DestroyContext;
+ cx->isBlock = PR_FALSE;
+ }
+ break;
+ case NSS_AES_CTR:
+ cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize);
#if defined(USE_HW_AES) && defined(_MSC_VER)
- if (use_hw_aes) {
- cx->worker = (freeblCipherFunc) CTR_Update_HW_AES;
- } else
+ if (use_hw_aes) {
+ cx->worker = (freeblCipherFunc)CTR_Update_HW_AES;
+ } else
#endif
- {
- cx->worker = (freeblCipherFunc) CTR_Update;
- }
- cx->destroy = (freeblDestroyFunc) CTR_DestroyContext;
- cx->isBlock = PR_FALSE;
- break;
- default:
- /* everything has already been set up by aes_InitContext, just
- * return */
- return SECSuccess;
+ {
+ cx->worker = (freeblCipherFunc)CTR_Update;
+ }
+ cx->destroy = (freeblDestroyFunc)CTR_DestroyContext;
+ cx->isBlock = PR_FALSE;
+ break;
+ default:
+ /* everything has already been set up by aes_InitContext, just
+ * return */
+ return SECSuccess;
}
/* check to see if we succeeded in getting the worker context */
if (cx->worker_cx == NULL) {
- /* no, just destroy the existing context */
- cx->destroy = NULL; /* paranoia, though you can see a dozen lines */
- /* below that this isn't necessary */
- AES_DestroyContext(cx, PR_FALSE);
- return SECFailure;
+ /* no, just destroy the existing context */
+ cx->destroy = NULL; /* paranoia, though you can see a dozen lines */
+ /* below that this isn't necessary */
+ AES_DestroyContext(cx, PR_FALSE);
+ return SECFailure;
}
return SECSuccess;
}
@@ -1234,38 +1251,38 @@ AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
* create a new context for Rijndael operations
*/
AESContext *
-AES_CreateContext(const unsigned char *key, const unsigned char *iv,
+AES_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, int encrypt,
unsigned int keysize, unsigned int blocksize)
{
AESContext *cx = AES_AllocateContext();
if (cx) {
- SECStatus rv = AES_InitContext(cx, key, keysize, iv, mode, encrypt,
- blocksize);
- if (rv != SECSuccess) {
- AES_DestroyContext(cx, PR_TRUE);
- cx = NULL;
- }
+ SECStatus rv = AES_InitContext(cx, key, keysize, iv, mode, encrypt,
+ blocksize);
+ if (rv != SECSuccess) {
+ AES_DestroyContext(cx, PR_TRUE);
+ cx = NULL;
+ }
}
return cx;
}
/*
* AES_DestroyContext
- *
+ *
* Zero an AES cipher context. If freeit is true, also free the pointer
* to the context.
*/
-void
+void
AES_DestroyContext(AESContext *cx, PRBool freeit)
{
if (cx->worker_cx && cx->destroy) {
- (*cx->destroy)(cx->worker_cx, PR_TRUE);
- cx->worker_cx = NULL;
- cx->destroy = NULL;
+ (*cx->destroy)(cx->worker_cx, PR_TRUE);
+ cx->worker_cx = NULL;
+ cx->destroy = NULL;
}
if (freeit)
- PORT_Free(cx);
+ PORT_Free(cx);
}
/*
@@ -1274,7 +1291,7 @@ AES_DestroyContext(AESContext *cx, PRBool freeit)
* Encrypt an arbitrary-length buffer. The output buffer must already be
* allocated to at least inputLen.
*/
-SECStatus
+SECStatus
AES_Encrypt(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
@@ -1282,38 +1299,42 @@ AES_Encrypt(AESContext *cx, unsigned char *output,
int blocksize;
/* Check args */
if (cx == NULL || output == NULL || (input == NULL && inputLen != 0)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
blocksize = 4 * cx->Nb;
if (cx->isBlock && (inputLen % blocksize != 0)) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
*outputLen = inputLen;
-#if UINT_MAX > MP_32BIT_MAX
+#if UINT_MAX > MP_32BIT_MAX
/*
* we can guarentee that GSM won't overlfow if we limit the input to
* 2^36 bytes. For simplicity, we are limiting it to 2^32 for now.
*
* We do it here to cover both hardware and software GCM operations.
*/
- {PR_STATIC_ASSERT(sizeof(unsigned int) > 4);}
+ {
+ PR_STATIC_ASSERT(sizeof(unsigned int) > 4);
+ }
if ((cx->mode == NSS_AES_GCM) && (inputLen > MP_32BIT_MAX)) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
#else
/* if we can't pass in a 32_bit number, then no such check needed */
- {PR_STATIC_ASSERT(sizeof(unsigned int) <= 4);}
+ {
+ PR_STATIC_ASSERT(sizeof(unsigned int) <= 4);
+ }
#endif
- return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,
- input, inputLen, blocksize);
+ return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,
+ input, inputLen, blocksize);
}
/*
@@ -1322,7 +1343,7 @@ AES_Encrypt(AESContext *cx, unsigned char *output,
* Decrypt and arbitrary-length buffer. The output buffer must already be
* allocated to at least inputLen.
*/
-SECStatus
+SECStatus
AES_Decrypt(AESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
@@ -1330,19 +1351,19 @@ AES_Decrypt(AESContext *cx, unsigned char *output,
int blocksize;
/* Check args */
if (cx == NULL || output == NULL || (input == NULL && inputLen != 0)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
blocksize = 4 * cx->Nb;
if (cx->isBlock && (inputLen % blocksize != 0)) {
- PORT_SetError(SEC_ERROR_INPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
}
if (maxOutputLen < inputLen) {
- PORT_SetError(SEC_ERROR_OUTPUT_LEN);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+ return SECFailure;
}
*outputLen = inputLen;
- return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,
- input, inputLen, blocksize);
+ return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,
+ input, inputLen, blocksize);
}
diff --git a/lib/freebl/rijndael.h b/lib/freebl/rijndael.h
index 5793dc4ef..0e14ec2fc 100644
--- a/lib/freebl/rijndael.h
+++ b/lib/freebl/rijndael.h
@@ -10,7 +10,7 @@
#define RIJNDAEL_MIN_BLOCKSIZE 16 /* bytes */
#define RIJNDAEL_MAX_BLOCKSIZE 32 /* bytes */
-typedef SECStatus AESBlockFunc(AESContext *cx,
+typedef SECStatus AESBlockFunc(AESContext *cx,
unsigned char *output,
const unsigned char *input);
@@ -23,7 +23,7 @@ typedef SECStatus AESBlockFunc(AESContext *cx,
#define RIJNDAEL_NUM_ROUNDS(Nk, Nb) \
(PR_MAX(Nk, Nb) + 6)
-/* RIJNDAEL_MAX_STATE_SIZE
+/* RIJNDAEL_MAX_STATE_SIZE
*
* Maximum number of bytes in the state (spec includes up to 256-bit block
* size)
@@ -50,19 +50,18 @@ typedef SECStatus AESBlockFunc(AESContext *cx,
* worker_cx - the context for worker and destroy
* isBlock - is the mode of operation a block cipher or a stream cipher?
*/
-struct AESContextStr
-{
- unsigned int Nb;
- unsigned int Nr;
+struct AESContextStr {
+ unsigned int Nb;
+ unsigned int Nr;
freeblCipherFunc worker;
/* NOTE: The offsets of iv and expandedKey are hardcoded in intel-aes.s.
* Don't add new members before them without updating intel-aes.s. */
unsigned char iv[RIJNDAEL_MAX_BLOCKSIZE];
- PRUint32 expandedKey[RIJNDAEL_MAX_EXP_KEY_SIZE];
+ PRUint32 expandedKey[RIJNDAEL_MAX_EXP_KEY_SIZE];
freeblDestroyFunc destroy;
- void *worker_cx;
- PRBool isBlock;
- int mode;
+ void *worker_cx;
+ PRBool isBlock;
+ int mode;
};
#endif /* _RIJNDAEL_H_ */
diff --git a/lib/freebl/rijndael_tables.c b/lib/freebl/rijndael_tables.c
index 97f645f2c..78dd85a96 100644
--- a/lib/freebl/rijndael_tables.c
+++ b/lib/freebl/rijndael_tables.c
@@ -11,136 +11,138 @@
* used by Rijndael, the AES cipher.
*/
-
#define WORD_LE(b0, b1, b2, b3) \
(((b3) << 24) | ((b2) << 16) | ((b1) << 8) | b0)
#define WORD_BE(b0, b1, b2, b3) \
(((b0) << 24) | ((b1) << 16) | ((b2) << 8) | b3)
-static const PRUint8 __S[256] =
-{
- 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
-202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
-183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
- 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
- 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
- 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
-208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
- 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
-205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
- 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
-224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
-231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
-186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
-112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
-225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
-140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22,
-};
+static const PRUint8 __S[256] =
+ {
+ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
+ 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
+ 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
+ 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
+ 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
+ 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
+ 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
+ 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
+ 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
+ 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
+ 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
+ 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
+ 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
+ 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
+ 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
+ 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22,
+ };
-static const PRUint8 __SInv[256] =
-{
- 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
-124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
- 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
- 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
-114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
-108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
-144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
-208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
- 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
-150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
- 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
-252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
- 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
- 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
-160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
- 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125
-};
+static const PRUint8 __SInv[256] =
+ {
+ 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
+ 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
+ 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
+ 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
+ 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
+ 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
+ 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
+ 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
+ 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
+ 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
+ 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
+ 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
+ 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
+ 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
+ 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
+ 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125
+ };
/* GF_MULTIPLY
*
* multiply two bytes represented in GF(2**8), mod (x**4 + 1)
*/
-PRUint8 gf_multiply(PRUint8 a, PRUint8 b)
+PRUint8
+gf_multiply(PRUint8 a, PRUint8 b)
{
PRUint8 res = 0;
while (b > 0) {
- res = (b & 0x01) ? res ^ a : res;
- a = (a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1);
- b >>= 1;
+ res = (b & 0x01) ? res ^ a : res;
+ a = (a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1);
+ b >>= 1;
}
return res;
}
void
make_T_Table(char *table, const PRUint8 Sx[256], FILE *file,
- unsigned char m0, unsigned char m1,
+ unsigned char m0, unsigned char m1,
unsigned char m2, unsigned char m3)
{
PRUint32 Ti;
int i;
fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
- for (i=0; i<256; i++) {
- Ti = WORD_LE( gf_multiply(Sx[i], m0),
- gf_multiply(Sx[i], m1),
- gf_multiply(Sx[i], m2),
- gf_multiply(Sx[i], m3) );
- if (Ti == 0)
- fprintf(file, "0x00000000%c%c", (i==255)?' ':',',
- (i%6==5)?'\n':' ');
- else
- fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',',
- (i%6==5)?'\n':' ');
+ for (i = 0; i < 256; i++) {
+ Ti = WORD_LE(gf_multiply(Sx[i], m0),
+ gf_multiply(Sx[i], m1),
+ gf_multiply(Sx[i], m2),
+ gf_multiply(Sx[i], m3));
+ if (Ti == 0)
+ fprintf(file, "0x00000000%c%c", (i == 255) ? ' ' : ',',
+ (i % 6 == 5) ? '\n' : ' ');
+ else
+ fprintf(file, "%#.8x%c%c", Ti, (i == 255) ? ' ' : ',',
+ (i % 6 == 5) ? '\n' : ' ');
}
fprintf(file, "\n};\n");
fprintf(file, "#else\n");
fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
- for (i=0; i<256; i++) {
- Ti = WORD_BE( gf_multiply(Sx[i], m0),
- gf_multiply(Sx[i], m1),
- gf_multiply(Sx[i], m2),
- gf_multiply(Sx[i], m3) );
- if (Ti == 0)
- fprintf(file, "0x00000000%c%c", (i==255)?' ':',',
- (i%6==5)?'\n':' ');
- else
- fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',',
- (i%6==5)?'\n':' ');
+ for (i = 0; i < 256; i++) {
+ Ti = WORD_BE(gf_multiply(Sx[i], m0),
+ gf_multiply(Sx[i], m1),
+ gf_multiply(Sx[i], m2),
+ gf_multiply(Sx[i], m3));
+ if (Ti == 0)
+ fprintf(file, "0x00000000%c%c", (i == 255) ? ' ' : ',',
+ (i % 6 == 5) ? '\n' : ' ');
+ else
+ fprintf(file, "%#.8x%c%c", Ti, (i == 255) ? ' ' : ',',
+ (i % 6 == 5) ? '\n' : ' ');
}
fprintf(file, "\n};\n");
fprintf(file, "#endif\n\n");
}
-void make_InvMixCol_Table(int num, FILE *file, PRUint8 m0, PRUint8 m1, PRUint8 m2, PRUint8 m3)
+void
+make_InvMixCol_Table(int num, FILE *file, PRUint8 m0, PRUint8 m1, PRUint8 m2, PRUint8 m3)
{
PRUint16 i;
PRUint8 b0, b1, b2, b3;
fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
- for (i=0; i<256; i++) {
- b0 = gf_multiply(i, m0);
- b1 = gf_multiply(i, m1);
- b2 = gf_multiply(i, m2);
- b3 = gf_multiply(i, m3);
- fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b3, b2, b1, b0, (i==255)?' ':',', (i%6==5)?'\n':' ');
+ for (i = 0; i < 256; i++) {
+ b0 = gf_multiply(i, m0);
+ b1 = gf_multiply(i, m1);
+ b2 = gf_multiply(i, m2);
+ b3 = gf_multiply(i, m3);
+ fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b3, b2, b1, b0, (i == 255) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
}
fprintf(file, "\n};\n");
fprintf(file, "#else\n");
fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
- for (i=0; i<256; i++) {
- b0 = gf_multiply(i, m0);
- b1 = gf_multiply(i, m1);
- b2 = gf_multiply(i, m2);
- b3 = gf_multiply(i, m3);
- fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b0, b1, b2, b3, (i==255)?' ':',', (i%6==5)?'\n':' ');
+ for (i = 0; i < 256; i++) {
+ b0 = gf_multiply(i, m0);
+ b1 = gf_multiply(i, m1);
+ b2 = gf_multiply(i, m2);
+ b3 = gf_multiply(i, m3);
+ fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b0, b1, b2, b3, (i == 255) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
}
fprintf(file, "\n};\n");
fprintf(file, "#endif\n\n");
}
-int main()
+int
+main()
{
int i, j;
PRUint8 cur, last;
@@ -150,16 +152,16 @@ int main()
/* output S, if there are no T tables */
fprintf(optfile, "#ifndef RIJNDAEL_INCLUDE_TABLES\n");
fprintf(optfile, "static const PRUint8 _S[256] = \n{\n");
- for (i=0; i<256; i++) {
- fprintf(optfile, "%3d%c%c", __S[i],(i==255)?' ':',',
- (i%16==15)?'\n':' ');
+ for (i = 0; i < 256; i++) {
+ fprintf(optfile, "%3d%c%c", __S[i], (i == 255) ? ' ' : ',',
+ (i % 16 == 15) ? '\n' : ' ');
}
fprintf(optfile, "};\n#endif /* not RIJNDAEL_INCLUDE_TABLES */\n\n");
/* output S**-1 */
fprintf(optfile, "static const PRUint8 _SInv[256] = \n{\n");
- for (i=0; i<256; i++) {
- fprintf(optfile, "%3d%c%c", __SInv[i],(i==255)?' ':',',
- (i%16==15)?'\n':' ');
+ for (i = 0; i < 256; i++) {
+ fprintf(optfile, "%3d%c%c", __SInv[i], (i == 255) ? ' ' : ',',
+ (i % 16 == 15) ? '\n' : ' ');
}
fprintf(optfile, "};\n\n");
fprintf(optfile, "#ifdef RIJNDAEL_INCLUDE_TABLES\n");
@@ -190,21 +192,21 @@ int main()
fprintf(optfile, "#ifdef IS_LITTLE_ENDIAN\n");
fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
cur = 0x01;
- for (i=0; i<30; i++) {
- fprintf(optfile, "%#.8x%c%c", WORD_LE(cur, 0, 0, 0),
- (i==29)?' ':',', (i%6==5)?'\n':' ');
- last = cur;
- cur = gf_multiply(last, 0x02);
+ for (i = 0; i < 30; i++) {
+ fprintf(optfile, "%#.8x%c%c", WORD_LE(cur, 0, 0, 0),
+ (i == 29) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
+ last = cur;
+ cur = gf_multiply(last, 0x02);
}
fprintf(optfile, "};\n");
fprintf(optfile, "#else\n");
fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
cur = 0x01;
- for (i=0; i<30; i++) {
- fprintf(optfile, "%#.8x%c%c", WORD_BE(cur, 0, 0, 0),
- (i==29)?' ':',', (i%6==5)?'\n':' ');
- last = cur;
- cur = gf_multiply(last, 0x02);
+ for (i = 0; i < 30; i++) {
+ fprintf(optfile, "%#.8x%c%c", WORD_BE(cur, 0, 0, 0),
+ (i == 29) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
+ last = cur;
+ cur = gf_multiply(last, 0x02);
}
fprintf(optfile, "};\n");
fprintf(optfile, "#endif\n\n");
diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
index 443ef25ec..5b9d32204 100644
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
@@ -37,33 +37,32 @@
#define RSA_BLINDING_PARAMS_MAX_CACHE_SIZE 20
/* exponent should not be greater than modulus */
-#define BAD_RSA_KEY_SIZE(modLen, expLen) \
- ((expLen) > (modLen) || (modLen) > RSA_MAX_MODULUS_BITS/8 || \
- (expLen) > RSA_MAX_EXPONENT_BITS/8)
+#define BAD_RSA_KEY_SIZE(modLen, expLen) \
+ ((expLen) > (modLen) || (modLen) > RSA_MAX_MODULUS_BITS / 8 || \
+ (expLen) > RSA_MAX_EXPONENT_BITS / 8)
struct blindingParamsStr;
typedef struct blindingParamsStr blindingParams;
struct blindingParamsStr {
blindingParams *next;
- mp_int f, g; /* blinding parameter */
- int counter; /* number of remaining uses of (f, g) */
+ mp_int f, g; /* blinding parameter */
+ int counter; /* number of remaining uses of (f, g) */
};
/*
** RSABlindingParamsStr
**
** For discussion of Paul Kocher's timing attack against an RSA private key
-** operation, see http://www.cryptography.com/timingattack/paper.html. The
-** countermeasure to this attack, known as blinding, is also discussed in
+** operation, see http://www.cryptography.com/timingattack/paper.html. The
+** countermeasure to this attack, known as blinding, is also discussed in
** the Handbook of Applied Cryptography, 11.118-11.119.
*/
-struct RSABlindingParamsStr
-{
+struct RSABlindingParamsStr {
/* Blinding-specific parameters */
- PRCList link; /* link to list of structs */
- SECItem modulus; /* list element "key" */
- blindingParams *free, *bp; /* Blinding parameters queue */
+ PRCList link; /* link to list of structs */
+ SECItem modulus; /* list element "key" */
+ blindingParams *free, *bp; /* Blinding parameters queue */
blindingParams array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE];
};
typedef struct RSABlindingParamsStr RSABlindingParams;
@@ -76,12 +75,11 @@ typedef struct RSABlindingParamsStr RSABlindingParams;
** operations, in this case insertions and iterations, as well as control
** of the counter for each set of blinding parameters.
*/
-struct RSABlindingParamsListStr
-{
- PZLock *lock; /* Lock for the list */
+struct RSABlindingParamsListStr {
+ PZLock *lock; /* Lock for the list */
PRCondVar *cVar; /* Condidtion Variable */
- int waitCount; /* Number of threads waiting on cVar */
- PRCList head; /* Pointer to the list */
+ int waitCount; /* Number of threads waiting on cVar */
+ PRCList head; /* Pointer to the list */
};
/*
@@ -98,75 +96,75 @@ static PRBool nssRSAUseBlinding = PR_TRUE;
static SECStatus
rsa_build_from_primes(const mp_int *p, const mp_int *q,
- mp_int *e, PRBool needPublicExponent,
- mp_int *d, PRBool needPrivateExponent,
- RSAPrivateKey *key, unsigned int keySizeInBits)
+ mp_int *e, PRBool needPublicExponent,
+ mp_int *d, PRBool needPrivateExponent,
+ RSAPrivateKey *key, unsigned int keySizeInBits)
{
mp_int n, phi;
mp_int psub1, qsub1, tmp;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
- MP_DIGITS(&n) = 0;
- MP_DIGITS(&phi) = 0;
+ MP_DIGITS(&n) = 0;
+ MP_DIGITS(&phi) = 0;
MP_DIGITS(&psub1) = 0;
MP_DIGITS(&qsub1) = 0;
- MP_DIGITS(&tmp) = 0;
- CHECK_MPI_OK( mp_init(&n) );
- CHECK_MPI_OK( mp_init(&phi) );
- CHECK_MPI_OK( mp_init(&psub1) );
- CHECK_MPI_OK( mp_init(&qsub1) );
- CHECK_MPI_OK( mp_init(&tmp) );
+ MP_DIGITS(&tmp) = 0;
+ CHECK_MPI_OK(mp_init(&n));
+ CHECK_MPI_OK(mp_init(&phi));
+ CHECK_MPI_OK(mp_init(&psub1));
+ CHECK_MPI_OK(mp_init(&qsub1));
+ CHECK_MPI_OK(mp_init(&tmp));
/* p and q must be distinct. */
if (mp_cmp(p, q) == 0) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- rv = SECFailure;
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ rv = SECFailure;
+ goto cleanup;
}
/* 1. Compute n = p*q */
- CHECK_MPI_OK( mp_mul(p, q, &n) );
+ CHECK_MPI_OK(mp_mul(p, q, &n));
/* verify that the modulus has the desired number of bits */
if ((unsigned)mpl_significant_bits(&n) != keySizeInBits) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- rv = SECFailure;
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ rv = SECFailure;
+ goto cleanup;
}
/* at least one exponent must be given */
PORT_Assert(!(needPublicExponent && needPrivateExponent));
/* 2. Compute phi = (p-1)*(q-1) */
- CHECK_MPI_OK( mp_sub_d(p, 1, &psub1) );
- CHECK_MPI_OK( mp_sub_d(q, 1, &qsub1) );
+ CHECK_MPI_OK(mp_sub_d(p, 1, &psub1));
+ CHECK_MPI_OK(mp_sub_d(q, 1, &qsub1));
if (needPublicExponent || needPrivateExponent) {
- CHECK_MPI_OK( mp_lcm(&psub1, &qsub1, &phi) );
- /* 3. Compute d = e**-1 mod(phi) */
- /* or e = d**-1 mod(phi) as necessary */
- if (needPublicExponent) {
- err = mp_invmod(d, &phi, e);
- } else {
- err = mp_invmod(e, &phi, d);
- }
+ CHECK_MPI_OK(mp_lcm(&psub1, &qsub1, &phi));
+ /* 3. Compute d = e**-1 mod(phi) */
+ /* or e = d**-1 mod(phi) as necessary */
+ if (needPublicExponent) {
+ err = mp_invmod(d, &phi, e);
+ } else {
+ err = mp_invmod(e, &phi, d);
+ }
} else {
- err = MP_OKAY;
+ err = MP_OKAY;
}
/* Verify that phi(n) and e have no common divisors */
if (err != MP_OKAY) {
- if (err == MP_UNDEF) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM);
- err = MP_OKAY; /* to keep PORT_SetError from being called again */
- rv = SECFailure;
- }
- goto cleanup;
+ if (err == MP_UNDEF) {
+ PORT_SetError(SEC_ERROR_NEED_RANDOM);
+ err = MP_OKAY; /* to keep PORT_SetError from being called again */
+ rv = SECFailure;
+ }
+ goto cleanup;
}
/* 4. Compute exponent1 = d mod (p-1) */
- CHECK_MPI_OK( mp_mod(d, &psub1, &tmp) );
+ CHECK_MPI_OK(mp_mod(d, &psub1, &tmp));
MPINT_TO_SECITEM(&tmp, &key->exponent1, key->arena);
/* 5. Compute exponent2 = d mod (q-1) */
- CHECK_MPI_OK( mp_mod(d, &qsub1, &tmp) );
+ CHECK_MPI_OK(mp_mod(d, &qsub1, &tmp));
MPINT_TO_SECITEM(&tmp, &key->exponent2, key->arena);
/* 6. Compute coefficient = q**-1 mod p */
- CHECK_MPI_OK( mp_invmod(q, p, &tmp) );
+ CHECK_MPI_OK(mp_invmod(q, p, &tmp));
MPINT_TO_SECITEM(&tmp, &key->coefficient, key->arena);
/* copy our calculated results, overwrite what is there */
@@ -187,40 +185,40 @@ cleanup:
mp_clear(&qsub1);
mp_clear(&tmp);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
static SECStatus
generate_prime(mp_int *prime, int primeLen)
{
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
unsigned long counter = 0;
int piter;
unsigned char *pb = NULL;
pb = PORT_Alloc(primeLen);
if (!pb) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ goto cleanup;
}
for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) {
- CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
- pb[0] |= 0xC0; /* set two high-order bits */
- pb[primeLen-1] |= 0x01; /* set low-order bit */
- CHECK_MPI_OK( mp_read_unsigned_octets(prime, pb, primeLen) );
- err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter);
- if (err != MP_NO)
- goto cleanup;
- /* keep going while err == MP_NO */
+ CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(pb, primeLen));
+ pb[0] |= 0xC0; /* set two high-order bits */
+ pb[primeLen - 1] |= 0x01; /* set low-order bit */
+ CHECK_MPI_OK(mp_read_unsigned_octets(prime, pb, primeLen));
+ err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter);
+ if (err != MP_NO)
+ goto cleanup;
+ /* keep going while err == MP_NO */
}
cleanup:
if (pb)
- PORT_ZFree(pb, primeLen);
+ PORT_ZFree(pb, primeLen);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -232,30 +230,30 @@ static PRBool
rsa_fips186_verify(mp_int *p, mp_int *q, mp_int *d, int keySizeInBits)
{
mp_int pq_diff;
- mp_err err = MP_OKAY;
- PRBool ret=PR_FALSE;
+ mp_err err = MP_OKAY;
+ PRBool ret = PR_FALSE;
if (keySizeInBits < 250) {
- /* not a valid FIPS length, no point in our other tests */
- /* if you are here, and in FIPS mode, you are outside the security
- * policy */
- return PR_TRUE;
+ /* not a valid FIPS length, no point in our other tests */
+ /* if you are here, and in FIPS mode, you are outside the security
+ * policy */
+ return PR_TRUE;
}
/* p & q are already known to be greater then sqrt(2)*2^(keySize/2-1) */
- /* we also know that gcd(p-1,e) = 1 and gcd(q-1,e) = 1 because the
+ /* we also know that gcd(p-1,e) = 1 and gcd(q-1,e) = 1 because the
* mp_invmod() function will fail. */
/* now check p-q > 2^(keysize/2-100) */
MP_DIGITS(&pq_diff) = 0;
- CHECK_MPI_OK( mp_init(&pq_diff) );
+ CHECK_MPI_OK(mp_init(&pq_diff));
/* NSS always has p > q, so we know pq_diff is positive */
- CHECK_MPI_OK( mp_sub(p,q,&pq_diff) );
- if ((unsigned)mpl_significant_bits(&pq_diff) < (keySizeInBits/2 - 100)) {
- goto cleanup;
+ CHECK_MPI_OK(mp_sub(p, q, &pq_diff));
+ if ((unsigned)mpl_significant_bits(&pq_diff) < (keySizeInBits / 2 - 100)) {
+ goto cleanup;
}
/* now verify d is large enough*/
- if ((unsigned)mpl_significant_bits(d) < (keySizeInBits/2)) {
- goto cleanup;
+ if ((unsigned)mpl_significant_bits(d) < (keySizeInBits / 2)) {
+ goto cleanup;
}
ret = PR_TRUE;
@@ -266,13 +264,13 @@ cleanup:
/*
** Generate and return a new RSA public and private key.
-** Both keys are encoded in a single RSAPrivateKey structure.
-** "cx" is the random number generator context
-** "keySizeInBits" is the size of the key to be generated, in bits.
-** 512, 1024, etc.
-** "publicExponent" when not NULL is a pointer to some data that
-** represents the public exponent to use. The data is a byte
-** encoded integer, in "big endian" order.
+** Both keys are encoded in a single RSAPrivateKey structure.
+** "cx" is the random number generator context
+** "keySizeInBits" is the size of the key to be generated, in bits.
+** 512, 1024, etc.
+** "publicExponent" when not NULL is a pointer to some data that
+** represents the public exponent to use. The data is a byte
+** encoded integer, in "big endian" order.
*/
RSAPrivateKey *
RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
@@ -281,28 +279,28 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
mp_int p, q, e, d;
int kiter;
int max_attempts;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
int prerr = 0;
RSAPrivateKey *key = NULL;
PLArenaPool *arena = NULL;
/* Require key size to be a multiple of 16 bits. */
if (!publicExponent || keySizeInBits % 16 != 0 ||
- BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return NULL;
+ BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits / 8, publicExponent->len)) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
}
/* 1. Allocate arena & key */
arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
if (!arena) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
}
key = PORT_ArenaZNew(arena, RSAPrivateKey);
if (!key) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- PORT_FreeArena(arena, PR_TRUE);
- return NULL;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ PORT_FreeArena(arena, PR_TRUE);
+ return NULL;
}
key->arena = arena;
/* length of primes p and q (in bytes) */
@@ -311,71 +309,72 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
MP_DIGITS(&q) = 0;
MP_DIGITS(&e) = 0;
MP_DIGITS(&d) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&e) );
- CHECK_MPI_OK( mp_init(&d) );
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&e));
+ CHECK_MPI_OK(mp_init(&d));
/* 2. Set the version number (PKCS1 v1.5 says it should be zero) */
SECITEM_AllocItem(arena, &key->version, 1);
key->version.data[0] = 0;
/* 3. Set the public exponent */
SECITEM_TO_MPINT(*publicExponent, &e);
kiter = 0;
- max_attempts = 5*(keySizeInBits/2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
+ max_attempts = 5 * (keySizeInBits / 2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
do {
- prerr = 0;
- PORT_SetError(0);
- CHECK_SEC_OK( generate_prime(&p, primeLen) );
- CHECK_SEC_OK( generate_prime(&q, primeLen) );
- /* Assure p > q */
- /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
- * implementation optimization that requires p > q. We can remove
- * this code in the future.
- */
- if (mp_cmp(&p, &q) < 0)
- mp_exch(&p, &q);
- /* Attempt to use these primes to generate a key */
- rv = rsa_build_from_primes(&p, &q,
- &e, PR_FALSE, /* needPublicExponent=false */
- &d, PR_TRUE, /* needPrivateExponent=true */
- key, keySizeInBits);
- if (rv == SECSuccess) {
- if (rsa_fips186_verify(&p, &q, &d, keySizeInBits) ){
- break;
- }
- prerr = SEC_ERROR_NEED_RANDOM; /* retry with different values */
- } else {
- prerr = PORT_GetError();
- }
- kiter++;
- /* loop until have primes */
+ prerr = 0;
+ PORT_SetError(0);
+ CHECK_SEC_OK(generate_prime(&p, primeLen));
+ CHECK_SEC_OK(generate_prime(&q, primeLen));
+ /* Assure p > q */
+ /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
+ * implementation optimization that requires p > q. We can remove
+ * this code in the future.
+ */
+ if (mp_cmp(&p, &q) < 0)
+ mp_exch(&p, &q);
+ /* Attempt to use these primes to generate a key */
+ rv = rsa_build_from_primes(&p, &q,
+ &e, PR_FALSE, /* needPublicExponent=false */
+ &d, PR_TRUE, /* needPrivateExponent=true */
+ key, keySizeInBits);
+ if (rv == SECSuccess) {
+ if (rsa_fips186_verify(&p, &q, &d, keySizeInBits)) {
+ break;
+ }
+ prerr = SEC_ERROR_NEED_RANDOM; /* retry with different values */
+ } else {
+ prerr = PORT_GetError();
+ }
+ kiter++;
+ /* loop until have primes */
} while (prerr == SEC_ERROR_NEED_RANDOM && kiter < max_attempts);
if (prerr)
- goto cleanup;
+ goto cleanup;
cleanup:
mp_clear(&p);
mp_clear(&q);
mp_clear(&e);
mp_clear(&d);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv && arena) {
- PORT_FreeArena(arena, PR_TRUE);
- key = NULL;
+ PORT_FreeArena(arena, PR_TRUE);
+ key = NULL;
}
return key;
}
mp_err
-rsa_is_prime(mp_int *p) {
+rsa_is_prime(mp_int *p)
+{
int res;
/* run a Fermat test */
res = mpp_fermat(p, 2);
if (res != MP_OKAY) {
- return res;
+ return res;
}
/* If that passed, run some Miller-Rabin tests */
@@ -389,58 +388,58 @@ rsa_is_prime(mp_int *p) {
*
* In: e, d and either p or n (depending on the setting of hasModulus).
* Out: p,q.
- *
+ *
* Step 1, Since d = e**-1 mod phi, we know that d*e == 1 mod phi, or
- * d*e = 1+k*phi, or d*e-1 = k*phi. since d is less than phi and e is
- * usually less than d, then k must be an integer between e-1 and 1
- * (probably on the order of e).
+ * d*e = 1+k*phi, or d*e-1 = k*phi. since d is less than phi and e is
+ * usually less than d, then k must be an integer between e-1 and 1
+ * (probably on the order of e).
* Step 1a, If we were passed just a prime, we can divide k*phi by that
* prime-1 and get k*(q-1). This will reduce the size of our division
* through the rest of the loop.
* Step 2, Loop through the values k=e-1 to 1 looking for k. k should be on
- * the order or e, and e is typically small. This may take a while for
- * a large random e. We are looking for a k that divides kphi
- * evenly. Once we find a k that divides kphi evenly, we assume it
- * is the true k. It's possible this k is not the 'true' k but has
- * swapped factors of p-1 and/or q-1. Because of this, we
- * tentatively continue Steps 3-6 inside this loop, and may return looking
- * for another k on failure.
+ * the order or e, and e is typically small. This may take a while for
+ * a large random e. We are looking for a k that divides kphi
+ * evenly. Once we find a k that divides kphi evenly, we assume it
+ * is the true k. It's possible this k is not the 'true' k but has
+ * swapped factors of p-1 and/or q-1. Because of this, we
+ * tentatively continue Steps 3-6 inside this loop, and may return looking
+ * for another k on failure.
* Step 3, Calculate are tentative phi=kphi/k. Note: real phi is (p-1)*(q-1).
* Step 4a, if we have a prime, kphi is already k*(q-1), so phi is or tenative
- * q-1. q = phi+1. If k is correct, q should be the right length and
+ * q-1. q = phi+1. If k is correct, q should be the right length and
* prime.
* Step 4b, It's possible q-1 and k could have swapped factors. We now have a
- * possible solution that meets our criteria. It may not be the only
- * solution, however, so we keep looking. If we find more than one,
+ * possible solution that meets our criteria. It may not be the only
+ * solution, however, so we keep looking. If we find more than one,
* we will fail since we cannot determine which is the correct
* solution, and returning the wrong modulus will compromise both
* moduli. If no other solution is found, we return the unique solution.
- * Step 5a, If we have the modulus (n=pq), then use the following formula to
- * calculate s=(p+q): , phi = (p-1)(q-1) = pq -p-q +1 = n-s+1. so
- * s=n-phi+1.
+ * Step 5a, If we have the modulus (n=pq), then use the following formula to
+ * calculate s=(p+q): , phi = (p-1)(q-1) = pq -p-q +1 = n-s+1. so
+ * s=n-phi+1.
* Step 5b, Use n=pq and s=p+q to solve for p and q as follows:
- * since q=s-p, then n=p*(s-p)= sp - p^2, rearranging p^2-s*p+n = 0.
- * from the quadratic equation we have p=1/2*(s+sqrt(s*s-4*n)) and
- * q=1/2*(s-sqrt(s*s-4*n)) if s*s-4*n is a perfect square, we are DONE.
- * If it is not, continue in our look looking for another k. NOTE: the
- * code actually distributes the 1/2 and results in the equations:
- * sqrt = sqrt(s/2*s/2-n), p=s/2+sqrt, q=s/2-sqrt. The algebra saves us
- * and extra divide by 2 and a multiply by 4.
- *
+ * since q=s-p, then n=p*(s-p)= sp - p^2, rearranging p^2-s*p+n = 0.
+ * from the quadratic equation we have p=1/2*(s+sqrt(s*s-4*n)) and
+ * q=1/2*(s-sqrt(s*s-4*n)) if s*s-4*n is a perfect square, we are DONE.
+ * If it is not, continue in our look looking for another k. NOTE: the
+ * code actually distributes the 1/2 and results in the equations:
+ * sqrt = sqrt(s/2*s/2-n), p=s/2+sqrt, q=s/2-sqrt. The algebra saves us
+ * and extra divide by 2 and a multiply by 4.
+ *
* This will return p & q. q may be larger than p in the case that p was given
* and it was the smaller prime.
*/
static mp_err
rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
- mp_int *n, PRBool hasModulus,
- unsigned int keySizeInBits)
+ mp_int *n, PRBool hasModulus,
+ unsigned int keySizeInBits)
{
mp_int kphi; /* k*phi */
mp_int k; /* current guess at 'k' */
mp_int phi; /* (p-1)(q-1) */
mp_int s; /* p+q/2 (s/2 in the algebra) */
mp_int r; /* remainder */
- mp_int tmp; /* p-1 if p is given, n+1 is modulus is given */
+ mp_int tmp; /* p-1 if p is given, n+1 is modulus is given */
mp_int sqrt; /* sqrt(s/2*s/2-n) */
mp_err err = MP_OKAY;
unsigned int order_k;
@@ -452,22 +451,22 @@ rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
MP_DIGITS(&r) = 0;
MP_DIGITS(&tmp) = 0;
MP_DIGITS(&sqrt) = 0;
- CHECK_MPI_OK( mp_init(&kphi) );
- CHECK_MPI_OK( mp_init(&phi) );
- CHECK_MPI_OK( mp_init(&s) );
- CHECK_MPI_OK( mp_init(&k) );
- CHECK_MPI_OK( mp_init(&r) );
- CHECK_MPI_OK( mp_init(&tmp) );
- CHECK_MPI_OK( mp_init(&sqrt) );
+ CHECK_MPI_OK(mp_init(&kphi));
+ CHECK_MPI_OK(mp_init(&phi));
+ CHECK_MPI_OK(mp_init(&s));
+ CHECK_MPI_OK(mp_init(&k));
+ CHECK_MPI_OK(mp_init(&r));
+ CHECK_MPI_OK(mp_init(&tmp));
+ CHECK_MPI_OK(mp_init(&sqrt));
/* our algorithm looks for a factor k whose maximum size is dependent
* on the size of our smallest exponent, which had better be the public
* exponent (if it's the private, the key is vulnerable to a brute force
* attack).
- *
+ *
* since our factor search is linear, we need to limit the maximum
- * size of the public key. this should not be a problem normally, since
- * public keys are usually small.
+ * size of the public key. this should not be a problem normally, since
+ * public keys are usually small.
*
* if we want to handle larger public key sizes, we should have
* a version which tries to 'completely' factor k*phi (where completely
@@ -475,34 +474,33 @@ rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
* large primes). Once we have all the factors, we can sort them out and
* try different combinations to form our phi. The risk is if (p-1)/2,
* (q-1)/2, and k are all large primes. In any case if the public key
- * is small (order of 20 some bits), then a linear search for k is
+ * is small (order of 20 some bits), then a linear search for k is
* manageable.
*/
if (mpl_significant_bits(e) > 23) {
- err=MP_RANGE;
- goto cleanup;
+ err = MP_RANGE;
+ goto cleanup;
}
/* calculate k*phi = e*d - 1 */
- CHECK_MPI_OK( mp_mul(e, d, &kphi) );
- CHECK_MPI_OK( mp_sub_d(&kphi, 1, &kphi) );
-
+ CHECK_MPI_OK(mp_mul(e, d, &kphi));
+ CHECK_MPI_OK(mp_sub_d(&kphi, 1, &kphi));
/* kphi is (e*d)-1, which is the same as k*(p-1)(q-1)
* d < (p-1)(q-1), therefor k must be less than e-1
- * We can narrow down k even more, though. Since p and q are odd and both
- * have their high bit set, then we know that phi must be on order of
+ * We can narrow down k even more, though. Since p and q are odd and both
+ * have their high bit set, then we know that phi must be on order of
* keySizeBits.
*/
order_k = (unsigned)mpl_significant_bits(&kphi) - keySizeInBits;
/* for (k=kinit; order(k) >= order_k; k--) { */
/* k=kinit: k can't be bigger than kphi/2^(keySizeInBits -1) */
- CHECK_MPI_OK( mp_2expt(&k,keySizeInBits-1) );
- CHECK_MPI_OK( mp_div(&kphi, &k, &k, NULL));
- if (mp_cmp(&k,e) >= 0) {
- /* also can't be bigger then e-1 */
- CHECK_MPI_OK( mp_sub_d(e, 1, &k) );
+ CHECK_MPI_OK(mp_2expt(&k, keySizeInBits - 1));
+ CHECK_MPI_OK(mp_div(&kphi, &k, &k, NULL));
+ if (mp_cmp(&k, e) >= 0) {
+ /* also can't be bigger then e-1 */
+ CHECK_MPI_OK(mp_sub_d(e, 1, &k));
}
/* calculate our temp value */
@@ -511,139 +509,139 @@ rsa_get_primes_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
/* for the modulus case, tmp = n+1 (used to calculate p+q = tmp - phi) */
/* for the prime case, tmp = p-1 (used to calculate q-1= phi/tmp) */
if (hasModulus) {
- CHECK_MPI_OK( mp_add_d(n, 1, &tmp) );
+ CHECK_MPI_OK(mp_add_d(n, 1, &tmp));
} else {
- CHECK_MPI_OK( mp_sub_d(p, 1, &tmp) );
- CHECK_MPI_OK(mp_div(&kphi,&tmp,&kphi,&r));
- if (mp_cmp_z(&r) != 0) {
- /* p-1 doesn't divide kphi, some parameter wasn't correct */
- err=MP_RANGE;
- goto cleanup;
- }
- mp_zero(q);
- /* kphi is now k*(q-1) */
+ CHECK_MPI_OK(mp_sub_d(p, 1, &tmp));
+ CHECK_MPI_OK(mp_div(&kphi, &tmp, &kphi, &r));
+ if (mp_cmp_z(&r) != 0) {
+ /* p-1 doesn't divide kphi, some parameter wasn't correct */
+ err = MP_RANGE;
+ goto cleanup;
+ }
+ mp_zero(q);
+ /* kphi is now k*(q-1) */
}
/* rest of the for loop */
- for (; (err == MP_OKAY) && (mpl_significant_bits(&k) >= order_k);
- err = mp_sub_d(&k, 1, &k)) {
- /* looking for k as a factor of kphi */
- CHECK_MPI_OK(mp_div(&kphi,&k,&phi,&r));
- if (mp_cmp_z(&r) != 0) {
- /* not a factor, try the next one */
- continue;
- }
- /* we have a possible phi, see if it works */
- if (!hasModulus) {
- if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits/2) {
- /* phi is not the right size */
- continue;
- }
- /* phi should be divisible by 2, since
- * q is odd and phi=(q-1). */
- if (mpp_divis_d(&phi,2) == MP_NO) {
- /* phi is not divisible by 4 */
- continue;
- }
- /* we now have a candidate for the second prime */
- CHECK_MPI_OK(mp_add_d(&phi, 1, &tmp));
-
- /* check to make sure it is prime */
- err = rsa_is_prime(&tmp);
- if (err != MP_OKAY) {
- if (err == MP_NO) {
- /* No, then we still have the wrong phi */
- continue;
- }
- goto cleanup;
- }
- /*
- * It is possible that we have the wrong phi if
- * k_guess*(q_guess-1) = k*(q-1) (k and q-1 have swapped factors).
- * since our q_quess is prime, however. We have found a valid
- * rsa key because:
- * q is the correct order of magnitude.
- * phi = (p-1)(q-1) where p and q are both primes.
- * e*d mod phi = 1.
- * There is no way to know from the info given if this is the
- * original key. We never want to return the wrong key because if
- * two moduli with the same factor is known, then euclid's gcd
- * algorithm can be used to find that factor. Even though the
- * caller didn't pass the original modulus, it doesn't mean the
- * modulus wasn't known or isn't available somewhere. So to be safe
- * if we can't be sure we have the right q, we don't return any.
- *
- * So to make sure we continue looking for other valid q's. If none
- * are found, then we can safely return this one, otherwise we just
- * fail */
- if (mp_cmp_z(q) != 0) {
- /* this is the second valid q, don't return either,
- * just fail */
- err = MP_RANGE;
- break;
- }
- /* we only have one q so far, save it and if no others are found,
- * it's safe to return it */
- CHECK_MPI_OK(mp_copy(&tmp, q));
- continue;
- }
- /* test our tentative phi */
- /* phi should be the correct order */
- if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits) {
- /* phi is not the right size */
- continue;
- }
- /* phi should be divisible by 4, since
- * p and q are odd and phi=(p-1)(q-1). */
- if (mpp_divis_d(&phi,4) == MP_NO) {
- /* phi is not divisible by 4 */
- continue;
- }
- /* n was given, calculate s/2=(p+q)/2 */
- CHECK_MPI_OK( mp_sub(&tmp, &phi, &s) );
- CHECK_MPI_OK( mp_div_2(&s, &s) );
-
- /* calculate sqrt(s/2*s/2-n) */
- CHECK_MPI_OK(mp_sqr(&s,&sqrt));
- CHECK_MPI_OK(mp_sub(&sqrt,n,&r)); /* r as a tmp */
- CHECK_MPI_OK(mp_sqrt(&r,&sqrt));
- /* make sure it's a perfect square */
- /* r is our original value we took the square root of */
- /* q is the square of our tentative square root. They should be equal*/
- CHECK_MPI_OK(mp_sqr(&sqrt,q)); /* q as a tmp */
- if (mp_cmp(&r,q) != 0) {
- /* sigh according to the doc, mp_sqrt could return sqrt-1 */
- CHECK_MPI_OK(mp_add_d(&sqrt,1,&sqrt));
- CHECK_MPI_OK(mp_sqr(&sqrt,q));
- if (mp_cmp(&r,q) != 0) {
- /* s*s-n not a perfect square, this phi isn't valid, find * another.*/
- continue;
- }
- }
-
- /* NOTE: In this case we know we have the one and only answer.
- * "Why?", you ask. Because:
- * 1) n is a composite of two large primes (or it wasn't a
- * valid RSA modulus).
- * 2) If we know any number such that x^2-n is a perfect square
- * and x is not (n+1)/2, then we can calculate 2 non-trivial
- * factors of n.
- * 3) Since we know that n has only 2 non-trivial prime factors,
- * we know the two factors we have are the only possible factors.
- */
-
- /* Now we are home free to calculate p and q */
- /* p = s/2 + sqrt, q= s/2 - sqrt */
- CHECK_MPI_OK(mp_add(&s,&sqrt,p));
- CHECK_MPI_OK(mp_sub(&s,&sqrt,q));
- break;
+ for (; (err == MP_OKAY) && (mpl_significant_bits(&k) >= order_k);
+ err = mp_sub_d(&k, 1, &k)) {
+ /* looking for k as a factor of kphi */
+ CHECK_MPI_OK(mp_div(&kphi, &k, &phi, &r));
+ if (mp_cmp_z(&r) != 0) {
+ /* not a factor, try the next one */
+ continue;
+ }
+ /* we have a possible phi, see if it works */
+ if (!hasModulus) {
+ if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits / 2) {
+ /* phi is not the right size */
+ continue;
+ }
+ /* phi should be divisible by 2, since
+ * q is odd and phi=(q-1). */
+ if (mpp_divis_d(&phi, 2) == MP_NO) {
+ /* phi is not divisible by 4 */
+ continue;
+ }
+ /* we now have a candidate for the second prime */
+ CHECK_MPI_OK(mp_add_d(&phi, 1, &tmp));
+
+ /* check to make sure it is prime */
+ err = rsa_is_prime(&tmp);
+ if (err != MP_OKAY) {
+ if (err == MP_NO) {
+ /* No, then we still have the wrong phi */
+ continue;
+ }
+ goto cleanup;
+ }
+ /*
+ * It is possible that we have the wrong phi if
+ * k_guess*(q_guess-1) = k*(q-1) (k and q-1 have swapped factors).
+ * since our q_quess is prime, however. We have found a valid
+ * rsa key because:
+ * q is the correct order of magnitude.
+ * phi = (p-1)(q-1) where p and q are both primes.
+ * e*d mod phi = 1.
+ * There is no way to know from the info given if this is the
+ * original key. We never want to return the wrong key because if
+ * two moduli with the same factor is known, then euclid's gcd
+ * algorithm can be used to find that factor. Even though the
+ * caller didn't pass the original modulus, it doesn't mean the
+ * modulus wasn't known or isn't available somewhere. So to be safe
+ * if we can't be sure we have the right q, we don't return any.
+ *
+ * So to make sure we continue looking for other valid q's. If none
+ * are found, then we can safely return this one, otherwise we just
+ * fail */
+ if (mp_cmp_z(q) != 0) {
+ /* this is the second valid q, don't return either,
+ * just fail */
+ err = MP_RANGE;
+ break;
+ }
+ /* we only have one q so far, save it and if no others are found,
+ * it's safe to return it */
+ CHECK_MPI_OK(mp_copy(&tmp, q));
+ continue;
+ }
+ /* test our tentative phi */
+ /* phi should be the correct order */
+ if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits) {
+ /* phi is not the right size */
+ continue;
+ }
+ /* phi should be divisible by 4, since
+ * p and q are odd and phi=(p-1)(q-1). */
+ if (mpp_divis_d(&phi, 4) == MP_NO) {
+ /* phi is not divisible by 4 */
+ continue;
+ }
+ /* n was given, calculate s/2=(p+q)/2 */
+ CHECK_MPI_OK(mp_sub(&tmp, &phi, &s));
+ CHECK_MPI_OK(mp_div_2(&s, &s));
+
+ /* calculate sqrt(s/2*s/2-n) */
+ CHECK_MPI_OK(mp_sqr(&s, &sqrt));
+ CHECK_MPI_OK(mp_sub(&sqrt, n, &r)); /* r as a tmp */
+ CHECK_MPI_OK(mp_sqrt(&r, &sqrt));
+ /* make sure it's a perfect square */
+ /* r is our original value we took the square root of */
+ /* q is the square of our tentative square root. They should be equal*/
+ CHECK_MPI_OK(mp_sqr(&sqrt, q)); /* q as a tmp */
+ if (mp_cmp(&r, q) != 0) {
+ /* sigh according to the doc, mp_sqrt could return sqrt-1 */
+ CHECK_MPI_OK(mp_add_d(&sqrt, 1, &sqrt));
+ CHECK_MPI_OK(mp_sqr(&sqrt, q));
+ if (mp_cmp(&r, q) != 0) {
+ /* s*s-n not a perfect square, this phi isn't valid, find another.*/
+ continue;
+ }
+ }
+
+ /* NOTE: In this case we know we have the one and only answer.
+ * "Why?", you ask. Because:
+ * 1) n is a composite of two large primes (or it wasn't a
+ * valid RSA modulus).
+ * 2) If we know any number such that x^2-n is a perfect square
+ * and x is not (n+1)/2, then we can calculate 2 non-trivial
+ * factors of n.
+ * 3) Since we know that n has only 2 non-trivial prime factors,
+ * we know the two factors we have are the only possible factors.
+ */
+
+ /* Now we are home free to calculate p and q */
+ /* p = s/2 + sqrt, q= s/2 - sqrt */
+ CHECK_MPI_OK(mp_add(&s, &sqrt, p));
+ CHECK_MPI_OK(mp_sub(&s, &sqrt, q));
+ break;
}
if ((unsigned)mpl_significant_bits(&k) < order_k) {
- if (hasModulus || (mp_cmp_z(q) == 0)) {
- /* If we get here, something was wrong with the parameters we
- * were given */
- err = MP_RANGE;
- }
+ if (hasModulus || (mp_cmp_z(q) == 0)) {
+ /* If we get here, something was wrong with the parameters we
+ * were given */
+ err = MP_RANGE;
+ }
}
cleanup:
mp_clear(&kphi);
@@ -655,7 +653,7 @@ cleanup:
mp_clear(&sqrt);
return err;
}
-
+
/*
* take a private key with only a few elements and fill out the missing pieces.
*
@@ -685,21 +683,21 @@ cleanup:
* We can generate all the parameters from:
* one of the exponents, plus the two primes. (rsa_build_key_from_primes) *
* If we are given one of the exponents and both primes, we are done.
- * If we are given one of the exponents, the modulus and one prime, we
- * caclulate the second prime by dividing the modulus by the given
+ * If we are given one of the exponents, the modulus and one prime, we
+ * caclulate the second prime by dividing the modulus by the given
* prime, giving us and exponent and 2 primes.
* If we are given 2 exponents and either the modulus or one of the primes
- * we calculate k*phi = d*e-1, where k is an integer less than d which
+ * we calculate k*phi = d*e-1, where k is an integer less than d which
* divides d*e-1. We find factor k so we can isolate phi.
* phi = (p-1)(q-1)
* If one of the primes are given, we can use phi to find the other prime
- * as follows: q = (phi/(p-1)) + 1. We now have 2 primes and an
+ * as follows: q = (phi/(p-1)) + 1. We now have 2 primes and an
* exponent. (NOTE: if more then one prime meets this condition, the
* operation will fail. See comments elsewhere in this file about this).
* If the modulus is given, then we can calculate the sum of the primes
* as follows: s := (p+q), phi = (p-1)(q-1) = pq -p - q +1, pq = n ->
* phi = n - s + 1, s = n - phi +1. Now that we have s = p+q and n=pq,
- * we can solve our 2 equations and 2 unknowns as follows: q=s-p ->
+ * we can solve our 2 equations and 2 unknowns as follows: q=s-p ->
* n=p*(s-p)= sp -p^2 -> p^2-sp+n = 0. Using the quadratic to solve for
* p, p=1/2*(s+ sqrt(s*s-4*n)) [q=1/2*(s-sqrt(s*s-4*n)]. We again have
* 2 primes and an exponent.
@@ -727,35 +725,35 @@ RSA_PopulatePrivateKey(RSAPrivateKey *key)
MP_DIGITS(&d) = 0;
MP_DIGITS(&n) = 0;
MP_DIGITS(&r) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&e) );
- CHECK_MPI_OK( mp_init(&d) );
- CHECK_MPI_OK( mp_init(&n) );
- CHECK_MPI_OK( mp_init(&r) );
-
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&e));
+ CHECK_MPI_OK(mp_init(&d));
+ CHECK_MPI_OK(mp_init(&n));
+ CHECK_MPI_OK(mp_init(&r));
+
/* if the key didn't already have an arena, create one. */
if (key->arena == NULL) {
- arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
- if (!arena) {
- goto cleanup;
- }
- key->arena = arena;
+ arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ goto cleanup;
+ }
+ key->arena = arena;
}
/* load up the known exponents */
if (key->publicExponent.data) {
SECITEM_TO_MPINT(key->publicExponent, &e);
- needPublicExponent = PR_FALSE;
- }
+ needPublicExponent = PR_FALSE;
+ }
if (key->privateExponent.data) {
SECITEM_TO_MPINT(key->privateExponent, &d);
- needPrivateExponent = PR_FALSE;
+ needPrivateExponent = PR_FALSE;
}
if (needPrivateExponent && needPublicExponent) {
- /* Not enough information, we need at least one exponent */
- err = MP_BADARG;
- goto cleanup;
+ /* Not enough information, we need at least one exponent */
+ err = MP_BADARG;
+ goto cleanup;
}
/* load up the known primes. If only one prime is given, it will be
@@ -763,73 +761,73 @@ RSA_PopulatePrivateKey(RSAPrivateKey *key)
* The value prime_count tells us howe many we have acquired.
*/
if (key->prime1.data) {
- int primeLen = key->prime1.len;
- if (key->prime1.data[0] == 0) {
- primeLen--;
- }
- keySizeInBits = primeLen * 2 * PR_BITS_PER_BYTE;
+ int primeLen = key->prime1.len;
+ if (key->prime1.data[0] == 0) {
+ primeLen--;
+ }
+ keySizeInBits = primeLen * 2 * PR_BITS_PER_BYTE;
SECITEM_TO_MPINT(key->prime1, &p);
- prime_count++;
+ prime_count++;
}
if (key->prime2.data) {
- int primeLen = key->prime2.len;
- if (key->prime2.data[0] == 0) {
- primeLen--;
- }
- keySizeInBits = primeLen * 2 * PR_BITS_PER_BYTE;
+ int primeLen = key->prime2.len;
+ if (key->prime2.data[0] == 0) {
+ primeLen--;
+ }
+ keySizeInBits = primeLen * 2 * PR_BITS_PER_BYTE;
SECITEM_TO_MPINT(key->prime2, prime_count ? &q : &p);
- prime_count++;
+ prime_count++;
}
/* load up the modulus */
if (key->modulus.data) {
- int modLen = key->modulus.len;
- if (key->modulus.data[0] == 0) {
- modLen--;
- }
- keySizeInBits = modLen * PR_BITS_PER_BYTE;
- SECITEM_TO_MPINT(key->modulus, &n);
- hasModulus = PR_TRUE;
+ int modLen = key->modulus.len;
+ if (key->modulus.data[0] == 0) {
+ modLen--;
+ }
+ keySizeInBits = modLen * PR_BITS_PER_BYTE;
+ SECITEM_TO_MPINT(key->modulus, &n);
+ hasModulus = PR_TRUE;
}
/* if we have the modulus and one prime, calculate the second. */
if ((prime_count == 1) && (hasModulus)) {
- if (mp_div(&n,&p,&q,&r) != MP_OKAY || mp_cmp_z(&r) != 0) {
- /* p is not a factor or n, fail */
- err = MP_BADARG;
- goto cleanup;
- }
- prime_count++;
+ if (mp_div(&n, &p, &q, &r) != MP_OKAY || mp_cmp_z(&r) != 0) {
+ /* p is not a factor or n, fail */
+ err = MP_BADARG;
+ goto cleanup;
+ }
+ prime_count++;
}
/* If we didn't have enough primes try to calculate the primes from
* the exponents */
if (prime_count < 2) {
- /* if we don't have at least 2 primes at this point, then we need both
- * exponents and one prime or a modulus*/
- if (!needPublicExponent && !needPrivateExponent &&
- ((prime_count > 0) || hasModulus)) {
- CHECK_MPI_OK(rsa_get_primes_from_exponents(&e,&d,&p,&q,
- &n,hasModulus,keySizeInBits));
- } else {
- /* not enough given parameters to get both primes */
- err = MP_BADARG;
- goto cleanup;
- }
- }
-
- /* Assure p > q */
- /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
+ /* if we don't have at least 2 primes at this point, then we need both
+ * exponents and one prime or a modulus*/
+ if (!needPublicExponent && !needPrivateExponent &&
+ ((prime_count > 0) || hasModulus)) {
+ CHECK_MPI_OK(rsa_get_primes_from_exponents(&e, &d, &p, &q,
+ &n, hasModulus, keySizeInBits));
+ } else {
+ /* not enough given parameters to get both primes */
+ err = MP_BADARG;
+ goto cleanup;
+ }
+ }
+
+ /* Assure p > q */
+ /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
* implementation optimization that requires p > q. We can remove
* this code in the future.
*/
- if (mp_cmp(&p, &q) < 0)
- mp_exch(&p, &q);
+ if (mp_cmp(&p, &q) < 0)
+ mp_exch(&p, &q);
- /* we now have our 2 primes and at least one exponent, we can fill
+ /* we now have our 2 primes and at least one exponent, we can fill
* in the key */
- rv = rsa_build_from_primes(&p, &q,
- &e, needPublicExponent,
- &d, needPrivateExponent,
- key, keySizeInBits);
+ rv = rsa_build_from_primes(&p, &q,
+ &e, needPublicExponent,
+ &d, needPrivateExponent,
+ key, keySizeInBits);
cleanup:
mp_clear(&p);
mp_clear(&q);
@@ -838,12 +836,12 @@ cleanup:
mp_clear(&n);
mp_clear(&r);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
if (rv && arena) {
- PORT_FreeArena(arena, PR_TRUE);
- key->arena = NULL;
+ PORT_FreeArena(arena, PR_TRUE);
+ key->arena = NULL;
}
return rv;
}
@@ -857,45 +855,45 @@ rsa_modulusLen(SECItem *modulus)
}
/*
-** Perform a raw public-key operation
-** Length of input and output buffers are equal to key's modulus len.
+** Perform a raw public-key operation
+** Length of input and output buffers are equal to key's modulus len.
*/
-SECStatus
-RSA_PublicKeyOp(RSAPublicKey *key,
- unsigned char *output,
+SECStatus
+RSA_PublicKeyOp(RSAPublicKey *key,
+ unsigned char *output,
const unsigned char *input)
{
unsigned int modLen, expLen, offset;
mp_int n, e, m, c;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
if (!key || !output || !input) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
MP_DIGITS(&n) = 0;
MP_DIGITS(&e) = 0;
MP_DIGITS(&m) = 0;
MP_DIGITS(&c) = 0;
- CHECK_MPI_OK( mp_init(&n) );
- CHECK_MPI_OK( mp_init(&e) );
- CHECK_MPI_OK( mp_init(&m) );
- CHECK_MPI_OK( mp_init(&c) );
+ CHECK_MPI_OK(mp_init(&n));
+ CHECK_MPI_OK(mp_init(&e));
+ CHECK_MPI_OK(mp_init(&m));
+ CHECK_MPI_OK(mp_init(&c));
modLen = rsa_modulusLen(&key->modulus);
expLen = rsa_modulusLen(&key->publicExponent);
/* 1. Obtain public key (n, e) */
if (BAD_RSA_KEY_SIZE(modLen, expLen)) {
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- rv = SECFailure;
- goto cleanup;
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto cleanup;
}
SECITEM_TO_MPINT(key->modulus, &n);
SECITEM_TO_MPINT(key->publicExponent, &e);
if (e.used > n.used) {
- /* exponent should not be greater than modulus */
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- rv = SECFailure;
- goto cleanup;
+ /* exponent should not be greater than modulus */
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto cleanup;
}
/* 2. check input out of range (needs to be in range [0..n-1]) */
offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */
@@ -905,26 +903,27 @@ RSA_PublicKeyOp(RSAPublicKey *key,
goto cleanup;
}
/* 2 bis. Represent message as integer in range [0..n-1] */
- CHECK_MPI_OK( mp_read_unsigned_octets(&m, input, modLen) );
- /* 3. Compute c = m**e mod n */
+ CHECK_MPI_OK(mp_read_unsigned_octets(&m, input, modLen));
+/* 3. Compute c = m**e mod n */
#ifdef USE_MPI_EXPT_D
/* XXX see which is faster */
if (MP_USED(&e) == 1) {
- CHECK_MPI_OK( mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c) );
+ CHECK_MPI_OK(mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c));
} else
#endif
- CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) );
+ CHECK_MPI_OK(mp_exptmod(&m, &e, &n, &c));
/* 4. result c is ciphertext */
err = mp_to_fixlen_octets(&c, output, modLen);
- if (err >= 0) err = MP_OKAY;
+ if (err >= 0)
+ err = MP_OKAY;
cleanup:
mp_clear(&n);
mp_clear(&e);
mp_clear(&m);
mp_clear(&c);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -932,23 +931,23 @@ cleanup:
/*
** RSA Private key operation (no CRT).
*/
-static SECStatus
+static SECStatus
rsa_PrivateKeyOpNoCRT(RSAPrivateKey *key, mp_int *m, mp_int *c, mp_int *n,
unsigned int modLen)
{
mp_int d;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
MP_DIGITS(&d) = 0;
- CHECK_MPI_OK( mp_init(&d) );
+ CHECK_MPI_OK(mp_init(&d));
SECITEM_TO_MPINT(key->privateExponent, &d);
/* 1. m = c**d mod n */
- CHECK_MPI_OK( mp_exptmod(c, &d, n, m) );
+ CHECK_MPI_OK(mp_exptmod(c, &d, n, m));
cleanup:
mp_clear(&d);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -956,49 +955,49 @@ cleanup:
/*
** RSA Private key operation using CRT.
*/
-static SECStatus
+static SECStatus
rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c)
{
mp_int p, q, d_p, d_q, qInv;
mp_int m1, m2, h, ctmp;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
- MP_DIGITS(&p) = 0;
- MP_DIGITS(&q) = 0;
- MP_DIGITS(&d_p) = 0;
- MP_DIGITS(&d_q) = 0;
+ MP_DIGITS(&p) = 0;
+ MP_DIGITS(&q) = 0;
+ MP_DIGITS(&d_p) = 0;
+ MP_DIGITS(&d_q) = 0;
MP_DIGITS(&qInv) = 0;
- MP_DIGITS(&m1) = 0;
- MP_DIGITS(&m2) = 0;
- MP_DIGITS(&h) = 0;
+ MP_DIGITS(&m1) = 0;
+ MP_DIGITS(&m2) = 0;
+ MP_DIGITS(&h) = 0;
MP_DIGITS(&ctmp) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&d_p) );
- CHECK_MPI_OK( mp_init(&d_q) );
- CHECK_MPI_OK( mp_init(&qInv) );
- CHECK_MPI_OK( mp_init(&m1) );
- CHECK_MPI_OK( mp_init(&m2) );
- CHECK_MPI_OK( mp_init(&h) );
- CHECK_MPI_OK( mp_init(&ctmp) );
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&d_p));
+ CHECK_MPI_OK(mp_init(&d_q));
+ CHECK_MPI_OK(mp_init(&qInv));
+ CHECK_MPI_OK(mp_init(&m1));
+ CHECK_MPI_OK(mp_init(&m2));
+ CHECK_MPI_OK(mp_init(&h));
+ CHECK_MPI_OK(mp_init(&ctmp));
/* copy private key parameters into mp integers */
- SECITEM_TO_MPINT(key->prime1, &p); /* p */
- SECITEM_TO_MPINT(key->prime2, &q); /* q */
- SECITEM_TO_MPINT(key->exponent1, &d_p); /* d_p = d mod (p-1) */
- SECITEM_TO_MPINT(key->exponent2, &d_q); /* d_q = d mod (q-1) */
+ SECITEM_TO_MPINT(key->prime1, &p); /* p */
+ SECITEM_TO_MPINT(key->prime2, &q); /* q */
+ SECITEM_TO_MPINT(key->exponent1, &d_p); /* d_p = d mod (p-1) */
+ SECITEM_TO_MPINT(key->exponent2, &d_q); /* d_q = d mod (q-1) */
SECITEM_TO_MPINT(key->coefficient, &qInv); /* qInv = q**-1 mod p */
/* 1. m1 = c**d_p mod p */
- CHECK_MPI_OK( mp_mod(c, &p, &ctmp) );
- CHECK_MPI_OK( mp_exptmod(&ctmp, &d_p, &p, &m1) );
+ CHECK_MPI_OK(mp_mod(c, &p, &ctmp));
+ CHECK_MPI_OK(mp_exptmod(&ctmp, &d_p, &p, &m1));
/* 2. m2 = c**d_q mod q */
- CHECK_MPI_OK( mp_mod(c, &q, &ctmp) );
- CHECK_MPI_OK( mp_exptmod(&ctmp, &d_q, &q, &m2) );
+ CHECK_MPI_OK(mp_mod(c, &q, &ctmp));
+ CHECK_MPI_OK(mp_exptmod(&ctmp, &d_q, &q, &m2));
/* 3. h = (m1 - m2) * qInv mod p */
- CHECK_MPI_OK( mp_submod(&m1, &m2, &p, &h) );
- CHECK_MPI_OK( mp_mulmod(&h, &qInv, &p, &h) );
+ CHECK_MPI_OK(mp_submod(&m1, &m2, &p, &h));
+ CHECK_MPI_OK(mp_mulmod(&h, &qInv, &p, &h));
/* 4. m = m2 + h * q */
- CHECK_MPI_OK( mp_mul(&h, &q, m) );
- CHECK_MPI_OK( mp_add(m, &m2, m) );
+ CHECK_MPI_OK(mp_mul(&h, &q, m));
+ CHECK_MPI_OK(mp_add(m, &m2, m));
cleanup:
mp_clear(&p);
mp_clear(&q);
@@ -1010,8 +1009,8 @@ cleanup:
mp_clear(&h);
mp_clear(&ctmp);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -1021,54 +1020,54 @@ cleanup:
** "On the Importance of Eliminating Errors in Cryptographic Computations",
** http://theory.stanford.edu/~dabo/papers/faults.ps.gz
**
-** As a defense against the attack, carry out the private key operation,
-** followed up with a public key operation to invert the result.
+** As a defense against the attack, carry out the private key operation,
+** followed up with a public key operation to invert the result.
** Verify that result against the input.
*/
-static SECStatus
+static SECStatus
rsa_PrivateKeyOpCRTCheckedPubKey(RSAPrivateKey *key, mp_int *m, mp_int *c)
{
mp_int n, e, v;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
MP_DIGITS(&n) = 0;
MP_DIGITS(&e) = 0;
MP_DIGITS(&v) = 0;
- CHECK_MPI_OK( mp_init(&n) );
- CHECK_MPI_OK( mp_init(&e) );
- CHECK_MPI_OK( mp_init(&v) );
- CHECK_SEC_OK( rsa_PrivateKeyOpCRTNoCheck(key, m, c) );
- SECITEM_TO_MPINT(key->modulus, &n);
+ CHECK_MPI_OK(mp_init(&n));
+ CHECK_MPI_OK(mp_init(&e));
+ CHECK_MPI_OK(mp_init(&v));
+ CHECK_SEC_OK(rsa_PrivateKeyOpCRTNoCheck(key, m, c));
+ SECITEM_TO_MPINT(key->modulus, &n);
SECITEM_TO_MPINT(key->publicExponent, &e);
/* Perform a public key operation v = m ** e mod n */
- CHECK_MPI_OK( mp_exptmod(m, &e, &n, &v) );
+ CHECK_MPI_OK(mp_exptmod(m, &e, &n, &v));
if (mp_cmp(&v, c) != 0) {
- rv = SECFailure;
+ rv = SECFailure;
}
cleanup:
mp_clear(&n);
mp_clear(&e);
mp_clear(&v);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
static PRCallOnceType coBPInit = { 0, 0, 0 };
-static PRStatus
+static PRStatus
init_blinding_params_list(void)
{
blindingParamsList.lock = PZ_NewLock(nssILockOther);
if (!blindingParamsList.lock) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return PR_FAILURE;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return PR_FAILURE;
}
- blindingParamsList.cVar = PR_NewCondVar( blindingParamsList.lock );
+ blindingParamsList.cVar = PR_NewCondVar(blindingParamsList.lock);
if (!blindingParamsList.cVar) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return PR_FAILURE;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return PR_FAILURE;
}
blindingParamsList.waitCount = 0;
PR_INIT_CLIST(&blindingParamsList.head);
@@ -1076,7 +1075,7 @@ init_blinding_params_list(void)
}
static SECStatus
-generate_blinding_params(RSAPrivateKey *key, mp_int* f, mp_int* g, mp_int *n,
+generate_blinding_params(RSAPrivateKey *key, mp_int *f, mp_int *g, mp_int *n,
unsigned int modLen)
{
SECStatus rv = SECSuccess;
@@ -1086,31 +1085,31 @@ generate_blinding_params(RSAPrivateKey *key, mp_int* f, mp_int* g, mp_int *n,
MP_DIGITS(&e) = 0;
MP_DIGITS(&k) = 0;
- CHECK_MPI_OK( mp_init(&e) );
- CHECK_MPI_OK( mp_init(&k) );
+ CHECK_MPI_OK(mp_init(&e));
+ CHECK_MPI_OK(mp_init(&k));
SECITEM_TO_MPINT(key->publicExponent, &e);
/* generate random k < n */
kb = PORT_Alloc(modLen);
if (!kb) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto cleanup;
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ goto cleanup;
}
- CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(kb, modLen) );
- CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, modLen) );
+ CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(kb, modLen));
+ CHECK_MPI_OK(mp_read_unsigned_octets(&k, kb, modLen));
/* k < n */
- CHECK_MPI_OK( mp_mod(&k, n, &k) );
+ CHECK_MPI_OK(mp_mod(&k, n, &k));
/* f = k**e mod n */
- CHECK_MPI_OK( mp_exptmod(&k, &e, n, f) );
+ CHECK_MPI_OK(mp_exptmod(&k, &e, n, f));
/* g = k**-1 mod n */
- CHECK_MPI_OK( mp_invmod(&k, n, g) );
+ CHECK_MPI_OK(mp_invmod(&k, n, g));
cleanup:
if (kb)
- PORT_ZFree(kb, modLen);
+ PORT_ZFree(kb, modLen);
mp_clear(&k);
mp_clear(&e);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
@@ -1119,24 +1118,24 @@ static SECStatus
init_blinding_params(RSABlindingParams *rsabp, RSAPrivateKey *key,
mp_int *n, unsigned int modLen)
{
- blindingParams * bp = rsabp->array;
+ blindingParams *bp = rsabp->array;
int i = 0;
/* Initialize the list pointer for the element */
PR_INIT_CLIST(&rsabp->link);
for (i = 0; i < RSA_BLINDING_PARAMS_MAX_CACHE_SIZE; ++i, ++bp) {
- bp->next = bp + 1;
- MP_DIGITS(&bp->f) = 0;
- MP_DIGITS(&bp->g) = 0;
- bp->counter = 0;
+ bp->next = bp + 1;
+ MP_DIGITS(&bp->f) = 0;
+ MP_DIGITS(&bp->g) = 0;
+ bp->counter = 0;
}
/* The last bp->next value was initialized with out
- * of rsabp->array pointer and must be set to NULL
- */
+ * of rsabp->array pointer and must be set to NULL
+ */
rsabp->array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE - 1].next = NULL;
-
- bp = rsabp->array;
- rsabp->bp = NULL;
+
+ bp = rsabp->array;
+ rsabp->bp = NULL;
rsabp->free = bp;
/* List elements are keyed using the modulus */
@@ -1147,178 +1146,178 @@ static SECStatus
get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
mp_int *f, mp_int *g)
{
- RSABlindingParams *rsabp = NULL;
- blindingParams *bpUnlinked = NULL;
- blindingParams *bp;
- PRCList *el;
- SECStatus rv = SECSuccess;
- mp_err err = MP_OKAY;
- int cmp = -1;
- PRBool holdingLock = PR_FALSE;
+ RSABlindingParams *rsabp = NULL;
+ blindingParams *bpUnlinked = NULL;
+ blindingParams *bp;
+ PRCList *el;
+ SECStatus rv = SECSuccess;
+ mp_err err = MP_OKAY;
+ int cmp = -1;
+ PRBool holdingLock = PR_FALSE;
do {
- if (blindingParamsList.lock == NULL) {
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
- }
- /* Acquire the list lock */
- PZ_Lock(blindingParamsList.lock);
- holdingLock = PR_TRUE;
-
- /* Walk the list looking for the private key */
- for (el = PR_NEXT_LINK(&blindingParamsList.head);
- el != &blindingParamsList.head;
- el = PR_NEXT_LINK(el)) {
- rsabp = (RSABlindingParams *)el;
- cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus);
- if (cmp >= 0) {
- /* The key is found or not in the list. */
- break;
- }
- }
-
- if (cmp) {
- /* At this point, the key is not in the list. el should point to
- ** the list element before which this key should be inserted.
- */
- rsabp = PORT_ZNew(RSABlindingParams);
- if (!rsabp) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto cleanup;
- }
-
- rv = init_blinding_params(rsabp, key, n, modLen);
- if (rv != SECSuccess) {
- PORT_ZFree(rsabp, sizeof(RSABlindingParams));
- goto cleanup;
- }
-
- /* Insert the new element into the list
- ** If inserting in the middle of the list, el points to the link
- ** to insert before. Otherwise, the link needs to be appended to
- ** the end of the list, which is the same as inserting before the
- ** head (since el would have looped back to the head).
- */
- PR_INSERT_BEFORE(&rsabp->link, el);
- }
-
- /* We've found (or created) the RSAblindingParams struct for this key.
- * Now, search its list of ready blinding params for a usable one.
- */
- while (0 != (bp = rsabp->bp)) {
- if (--(bp->counter) > 0) {
- /* Found a match and there are still remaining uses left */
- /* Return the parameters */
- CHECK_MPI_OK( mp_copy(&bp->f, f) );
- CHECK_MPI_OK( mp_copy(&bp->g, g) );
-
- PZ_Unlock(blindingParamsList.lock);
- return SECSuccess;
- }
- /* exhausted this one, give its values to caller, and
- * then retire it.
- */
- mp_exch(&bp->f, f);
- mp_exch(&bp->g, g);
- mp_clear( &bp->f );
- mp_clear( &bp->g );
- bp->counter = 0;
- /* Move to free list */
- rsabp->bp = bp->next;
- bp->next = rsabp->free;
- rsabp->free = bp;
- /* In case there're threads waiting for new blinding
- * value - notify 1 thread the value is ready
- */
- if (blindingParamsList.waitCount > 0) {
- PR_NotifyCondVar( blindingParamsList.cVar );
- blindingParamsList.waitCount--;
- }
- PZ_Unlock(blindingParamsList.lock);
- return SECSuccess;
- }
- /* We did not find a usable set of blinding params. Can we make one? */
- /* Find a free bp struct. */
- if ((bp = rsabp->free) != NULL) {
- /* unlink this bp */
- rsabp->free = bp->next;
- bp->next = NULL;
- bpUnlinked = bp; /* In case we fail */
-
- PZ_Unlock(blindingParamsList.lock);
- holdingLock = PR_FALSE;
- /* generate blinding parameter values for the current thread */
- CHECK_SEC_OK( generate_blinding_params(key, f, g, n, modLen ) );
-
- /* put the blinding parameter values into cache */
- CHECK_MPI_OK( mp_init( &bp->f) );
- CHECK_MPI_OK( mp_init( &bp->g) );
- CHECK_MPI_OK( mp_copy( f, &bp->f) );
- CHECK_MPI_OK( mp_copy( g, &bp->g) );
-
- /* Put this at head of queue of usable params. */
- PZ_Lock(blindingParamsList.lock);
+ if (blindingParamsList.lock == NULL) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+ /* Acquire the list lock */
+ PZ_Lock(blindingParamsList.lock);
+ holdingLock = PR_TRUE;
+
+ /* Walk the list looking for the private key */
+ for (el = PR_NEXT_LINK(&blindingParamsList.head);
+ el != &blindingParamsList.head;
+ el = PR_NEXT_LINK(el)) {
+ rsabp = (RSABlindingParams *)el;
+ cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus);
+ if (cmp >= 0) {
+ /* The key is found or not in the list. */
+ break;
+ }
+ }
+
+ if (cmp) {
+ /* At this point, the key is not in the list. el should point to
+ ** the list element before which this key should be inserted.
+ */
+ rsabp = PORT_ZNew(RSABlindingParams);
+ if (!rsabp) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ goto cleanup;
+ }
+
+ rv = init_blinding_params(rsabp, key, n, modLen);
+ if (rv != SECSuccess) {
+ PORT_ZFree(rsabp, sizeof(RSABlindingParams));
+ goto cleanup;
+ }
+
+ /* Insert the new element into the list
+ ** If inserting in the middle of the list, el points to the link
+ ** to insert before. Otherwise, the link needs to be appended to
+ ** the end of the list, which is the same as inserting before the
+ ** head (since el would have looped back to the head).
+ */
+ PR_INSERT_BEFORE(&rsabp->link, el);
+ }
+
+ /* We've found (or created) the RSAblindingParams struct for this key.
+ * Now, search its list of ready blinding params for a usable one.
+ */
+ while (0 != (bp = rsabp->bp)) {
+ if (--(bp->counter) > 0) {
+ /* Found a match and there are still remaining uses left */
+ /* Return the parameters */
+ CHECK_MPI_OK(mp_copy(&bp->f, f));
+ CHECK_MPI_OK(mp_copy(&bp->g, g));
+
+ PZ_Unlock(blindingParamsList.lock);
+ return SECSuccess;
+ }
+ /* exhausted this one, give its values to caller, and
+ * then retire it.
+ */
+ mp_exch(&bp->f, f);
+ mp_exch(&bp->g, g);
+ mp_clear(&bp->f);
+ mp_clear(&bp->g);
+ bp->counter = 0;
+ /* Move to free list */
+ rsabp->bp = bp->next;
+ bp->next = rsabp->free;
+ rsabp->free = bp;
+ /* In case there're threads waiting for new blinding
+ * value - notify 1 thread the value is ready
+ */
+ if (blindingParamsList.waitCount > 0) {
+ PR_NotifyCondVar(blindingParamsList.cVar);
+ blindingParamsList.waitCount--;
+ }
+ PZ_Unlock(blindingParamsList.lock);
+ return SECSuccess;
+ }
+ /* We did not find a usable set of blinding params. Can we make one? */
+ /* Find a free bp struct. */
+ if ((bp = rsabp->free) != NULL) {
+ /* unlink this bp */
+ rsabp->free = bp->next;
+ bp->next = NULL;
+ bpUnlinked = bp; /* In case we fail */
+
+ PZ_Unlock(blindingParamsList.lock);
+ holdingLock = PR_FALSE;
+ /* generate blinding parameter values for the current thread */
+ CHECK_SEC_OK(generate_blinding_params(key, f, g, n, modLen));
+
+ /* put the blinding parameter values into cache */
+ CHECK_MPI_OK(mp_init(&bp->f));
+ CHECK_MPI_OK(mp_init(&bp->g));
+ CHECK_MPI_OK(mp_copy(f, &bp->f));
+ CHECK_MPI_OK(mp_copy(g, &bp->g));
+
+ /* Put this at head of queue of usable params. */
+ PZ_Lock(blindingParamsList.lock);
holdingLock = PR_TRUE;
(void)holdingLock;
- /* initialize RSABlindingParamsStr */
- bp->counter = RSA_BLINDING_PARAMS_MAX_REUSE;
- bp->next = rsabp->bp;
- rsabp->bp = bp;
- bpUnlinked = NULL;
- /* In case there're threads waiting for new blinding value
- * just notify them the value is ready
- */
- if (blindingParamsList.waitCount > 0) {
- PR_NotifyAllCondVar( blindingParamsList.cVar );
- blindingParamsList.waitCount = 0;
- }
- PZ_Unlock(blindingParamsList.lock);
- return SECSuccess;
- }
- /* Here, there are no usable blinding parameters available,
- * and no free bp blocks, presumably because they're all
- * actively having parameters generated for them.
- * So, we need to wait here and not eat up CPU until some
- * change happens.
- */
- blindingParamsList.waitCount++;
- PR_WaitCondVar( blindingParamsList.cVar, PR_INTERVAL_NO_TIMEOUT );
- PZ_Unlock(blindingParamsList.lock);
- holdingLock = PR_FALSE;
+ /* initialize RSABlindingParamsStr */
+ bp->counter = RSA_BLINDING_PARAMS_MAX_REUSE;
+ bp->next = rsabp->bp;
+ rsabp->bp = bp;
+ bpUnlinked = NULL;
+ /* In case there're threads waiting for new blinding value
+ * just notify them the value is ready
+ */
+ if (blindingParamsList.waitCount > 0) {
+ PR_NotifyAllCondVar(blindingParamsList.cVar);
+ blindingParamsList.waitCount = 0;
+ }
+ PZ_Unlock(blindingParamsList.lock);
+ return SECSuccess;
+ }
+ /* Here, there are no usable blinding parameters available,
+ * and no free bp blocks, presumably because they're all
+ * actively having parameters generated for them.
+ * So, we need to wait here and not eat up CPU until some
+ * change happens.
+ */
+ blindingParamsList.waitCount++;
+ PR_WaitCondVar(blindingParamsList.cVar, PR_INTERVAL_NO_TIMEOUT);
+ PZ_Unlock(blindingParamsList.lock);
+ holdingLock = PR_FALSE;
(void)holdingLock;
} while (1);
cleanup:
/* It is possible to reach this after the lock is already released. */
if (bpUnlinked) {
- if (!holdingLock) {
- PZ_Lock(blindingParamsList.lock);
- holdingLock = PR_TRUE;
- }
- bp = bpUnlinked;
- mp_clear( &bp->f );
- mp_clear( &bp->g );
- bp->counter = 0;
- /* Must put the unlinked bp back on the free list */
- bp->next = rsabp->free;
- rsabp->free = bp;
+ if (!holdingLock) {
+ PZ_Lock(blindingParamsList.lock);
+ holdingLock = PR_TRUE;
+ }
+ bp = bpUnlinked;
+ mp_clear(&bp->f);
+ mp_clear(&bp->g);
+ bp->counter = 0;
+ /* Must put the unlinked bp back on the free list */
+ bp->next = rsabp->free;
+ rsabp->free = bp;
}
if (holdingLock) {
- PZ_Unlock(blindingParamsList.lock);
+ PZ_Unlock(blindingParamsList.lock);
}
if (err) {
- MP_TO_SEC_ERROR(err);
+ MP_TO_SEC_ERROR(err);
}
return SECFailure;
}
/*
-** Perform a raw private-key operation
-** Length of input and output buffers are equal to key's modulus len.
+** Perform a raw private-key operation
+** Length of input and output buffers are equal to key's modulus len.
*/
-static SECStatus
-rsa_PrivateKeyOp(RSAPrivateKey *key,
- unsigned char *output,
+static SECStatus
+rsa_PrivateKeyOp(RSAPrivateKey *key,
+ unsigned char *output,
const unsigned char *input,
PRBool check)
{
@@ -1329,57 +1328,58 @@ rsa_PrivateKeyOp(RSAPrivateKey *key,
mp_int n, c, m;
mp_int f, g;
if (!key || !output || !input) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
/* check input out of range (needs to be in range [0..n-1]) */
modLen = rsa_modulusLen(&key->modulus);
offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */
if (memcmp(input, key->modulus.data + offset, modLen) >= 0) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
MP_DIGITS(&n) = 0;
MP_DIGITS(&c) = 0;
MP_DIGITS(&m) = 0;
MP_DIGITS(&f) = 0;
MP_DIGITS(&g) = 0;
- CHECK_MPI_OK( mp_init(&n) );
- CHECK_MPI_OK( mp_init(&c) );
- CHECK_MPI_OK( mp_init(&m) );
- CHECK_MPI_OK( mp_init(&f) );
- CHECK_MPI_OK( mp_init(&g) );
+ CHECK_MPI_OK(mp_init(&n));
+ CHECK_MPI_OK(mp_init(&c));
+ CHECK_MPI_OK(mp_init(&m));
+ CHECK_MPI_OK(mp_init(&f));
+ CHECK_MPI_OK(mp_init(&g));
SECITEM_TO_MPINT(key->modulus, &n);
OCTETS_TO_MPINT(input, &c, modLen);
/* If blinding, compute pre-image of ciphertext by multiplying by
** blinding factor
*/
if (nssRSAUseBlinding) {
- CHECK_SEC_OK( get_blinding_params(key, &n, modLen, &f, &g) );
- /* c' = c*f mod n */
- CHECK_MPI_OK( mp_mulmod(&c, &f, &n, &c) );
+ CHECK_SEC_OK(get_blinding_params(key, &n, modLen, &f, &g));
+ /* c' = c*f mod n */
+ CHECK_MPI_OK(mp_mulmod(&c, &f, &n, &c));
}
/* Do the private key operation m = c**d mod n */
- if ( key->prime1.len == 0 ||
- key->prime2.len == 0 ||
- key->exponent1.len == 0 ||
- key->exponent2.len == 0 ||
- key->coefficient.len == 0) {
- CHECK_SEC_OK( rsa_PrivateKeyOpNoCRT(key, &m, &c, &n, modLen) );
+ if (key->prime1.len == 0 ||
+ key->prime2.len == 0 ||
+ key->exponent1.len == 0 ||
+ key->exponent2.len == 0 ||
+ key->coefficient.len == 0) {
+ CHECK_SEC_OK(rsa_PrivateKeyOpNoCRT(key, &m, &c, &n, modLen));
} else if (check) {
- CHECK_SEC_OK( rsa_PrivateKeyOpCRTCheckedPubKey(key, &m, &c) );
+ CHECK_SEC_OK(rsa_PrivateKeyOpCRTCheckedPubKey(key, &m, &c));
} else {
- CHECK_SEC_OK( rsa_PrivateKeyOpCRTNoCheck(key, &m, &c) );
+ CHECK_SEC_OK(rsa_PrivateKeyOpCRTNoCheck(key, &m, &c));
}
/* If blinding, compute post-image of plaintext by multiplying by
** blinding factor
*/
if (nssRSAUseBlinding) {
- /* m = m'*g mod n */
- CHECK_MPI_OK( mp_mulmod(&m, &g, &n, &m) );
+ /* m = m'*g mod n */
+ CHECK_MPI_OK(mp_mulmod(&m, &g, &n, &m));
}
err = mp_to_fixlen_octets(&m, output, modLen);
- if (err >= 0) err = MP_OKAY;
+ if (err >= 0)
+ err = MP_OKAY;
cleanup:
mp_clear(&n);
mp_clear(&c);
@@ -1387,23 +1387,23 @@ cleanup:
mp_clear(&f);
mp_clear(&g);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
-SECStatus
-RSA_PrivateKeyOp(RSAPrivateKey *key,
- unsigned char *output,
+SECStatus
+RSA_PrivateKeyOp(RSAPrivateKey *key,
+ unsigned char *output,
const unsigned char *input)
{
return rsa_PrivateKeyOp(key, output, input, PR_FALSE);
}
-SECStatus
-RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
- unsigned char *output,
+SECStatus
+RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+ unsigned char *output,
const unsigned char *input)
{
return rsa_PrivateKeyOp(key, output, input, PR_TRUE);
@@ -1413,30 +1413,30 @@ SECStatus
RSA_PrivateKeyCheck(const RSAPrivateKey *key)
{
mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res;
- mp_err err = MP_OKAY;
+ mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
- MP_DIGITS(&p) = 0;
- MP_DIGITS(&q) = 0;
- MP_DIGITS(&n) = 0;
- MP_DIGITS(&psub1)= 0;
- MP_DIGITS(&qsub1)= 0;
- MP_DIGITS(&e) = 0;
- MP_DIGITS(&d) = 0;
- MP_DIGITS(&d_p) = 0;
- MP_DIGITS(&d_q) = 0;
+ MP_DIGITS(&p) = 0;
+ MP_DIGITS(&q) = 0;
+ MP_DIGITS(&n) = 0;
+ MP_DIGITS(&psub1) = 0;
+ MP_DIGITS(&qsub1) = 0;
+ MP_DIGITS(&e) = 0;
+ MP_DIGITS(&d) = 0;
+ MP_DIGITS(&d_p) = 0;
+ MP_DIGITS(&d_q) = 0;
MP_DIGITS(&qInv) = 0;
- MP_DIGITS(&res) = 0;
- CHECK_MPI_OK( mp_init(&p) );
- CHECK_MPI_OK( mp_init(&q) );
- CHECK_MPI_OK( mp_init(&n) );
- CHECK_MPI_OK( mp_init(&psub1));
- CHECK_MPI_OK( mp_init(&qsub1));
- CHECK_MPI_OK( mp_init(&e) );
- CHECK_MPI_OK( mp_init(&d) );
- CHECK_MPI_OK( mp_init(&d_p) );
- CHECK_MPI_OK( mp_init(&d_q) );
- CHECK_MPI_OK( mp_init(&qInv) );
- CHECK_MPI_OK( mp_init(&res) );
+ MP_DIGITS(&res) = 0;
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&n));
+ CHECK_MPI_OK(mp_init(&psub1));
+ CHECK_MPI_OK(mp_init(&qsub1));
+ CHECK_MPI_OK(mp_init(&e));
+ CHECK_MPI_OK(mp_init(&d));
+ CHECK_MPI_OK(mp_init(&d_p));
+ CHECK_MPI_OK(mp_init(&d_q));
+ CHECK_MPI_OK(mp_init(&qInv));
+ CHECK_MPI_OK(mp_init(&res));
if (!key->modulus.data || !key->prime1.data || !key->prime2.data ||
!key->publicExponent.data || !key->privateExponent.data ||
@@ -1448,54 +1448,54 @@ RSA_PrivateKeyCheck(const RSAPrivateKey *key)
goto cleanup;
}
- SECITEM_TO_MPINT(key->modulus, &n);
- SECITEM_TO_MPINT(key->prime1, &p);
- SECITEM_TO_MPINT(key->prime2, &q);
- SECITEM_TO_MPINT(key->publicExponent, &e);
+ SECITEM_TO_MPINT(key->modulus, &n);
+ SECITEM_TO_MPINT(key->prime1, &p);
+ SECITEM_TO_MPINT(key->prime2, &q);
+ SECITEM_TO_MPINT(key->publicExponent, &e);
SECITEM_TO_MPINT(key->privateExponent, &d);
- SECITEM_TO_MPINT(key->exponent1, &d_p);
- SECITEM_TO_MPINT(key->exponent2, &d_q);
- SECITEM_TO_MPINT(key->coefficient, &qInv);
+ SECITEM_TO_MPINT(key->exponent1, &d_p);
+ SECITEM_TO_MPINT(key->exponent2, &d_q);
+ SECITEM_TO_MPINT(key->coefficient, &qInv);
/* p and q must be distinct. */
if (mp_cmp(&p, &q) == 0) {
- rv = SECFailure;
- goto cleanup;
+ rv = SECFailure;
+ goto cleanup;
}
#define VERIFY_MPI_EQUAL(m1, m2) \
if (mp_cmp(m1, m2) != 0) { \
- rv = SECFailure; \
- goto cleanup; \
+ rv = SECFailure; \
+ goto cleanup; \
}
-#define VERIFY_MPI_EQUAL_1(m) \
- if (mp_cmp_d(m, 1) != 0) { \
- rv = SECFailure; \
- goto cleanup; \
+#define VERIFY_MPI_EQUAL_1(m) \
+ if (mp_cmp_d(m, 1) != 0) { \
+ rv = SECFailure; \
+ goto cleanup; \
}
/* n == p * q */
- CHECK_MPI_OK( mp_mul(&p, &q, &res) );
+ CHECK_MPI_OK(mp_mul(&p, &q, &res));
VERIFY_MPI_EQUAL(&res, &n);
/* gcd(e, p-1) == 1 */
- CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
- CHECK_MPI_OK( mp_gcd(&e, &psub1, &res) );
+ CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
+ CHECK_MPI_OK(mp_gcd(&e, &psub1, &res));
VERIFY_MPI_EQUAL_1(&res);
/* gcd(e, q-1) == 1 */
- CHECK_MPI_OK( mp_sub_d(&q, 1, &qsub1) );
- CHECK_MPI_OK( mp_gcd(&e, &qsub1, &res) );
+ CHECK_MPI_OK(mp_sub_d(&q, 1, &qsub1));
+ CHECK_MPI_OK(mp_gcd(&e, &qsub1, &res));
VERIFY_MPI_EQUAL_1(&res);
/* d*e == 1 mod p-1 */
- CHECK_MPI_OK( mp_mulmod(&d, &e, &psub1, &res) );
+ CHECK_MPI_OK(mp_mulmod(&d, &e, &psub1, &res));
VERIFY_MPI_EQUAL_1(&res);
/* d*e == 1 mod q-1 */
- CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) );
+ CHECK_MPI_OK(mp_mulmod(&d, &e, &qsub1, &res));
VERIFY_MPI_EQUAL_1(&res);
/* d_p == d mod p-1 */
- CHECK_MPI_OK( mp_mod(&d, &psub1, &res) );
+ CHECK_MPI_OK(mp_mod(&d, &psub1, &res));
VERIFY_MPI_EQUAL(&res, &d_p);
/* d_q == d mod q-1 */
- CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) );
+ CHECK_MPI_OK(mp_mod(&d, &qsub1, &res));
VERIFY_MPI_EQUAL(&res, &d_q);
/* q * q**-1 == 1 mod p */
- CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) );
+ CHECK_MPI_OK(mp_mulmod(&q, &qInv, &p, &res));
VERIFY_MPI_EQUAL_1(&res);
cleanup:
@@ -1511,13 +1511,14 @@ cleanup:
mp_clear(&qInv);
mp_clear(&res);
if (err) {
- MP_TO_SEC_ERROR(err);
- rv = SECFailure;
+ MP_TO_SEC_ERROR(err);
+ rv = SECFailure;
}
return rv;
}
-static SECStatus RSA_Init(void)
+static SECStatus
+RSA_Init(void)
{
if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -1526,41 +1527,43 @@ static SECStatus RSA_Init(void)
return SECSuccess;
}
-SECStatus BL_Init(void)
+SECStatus
+BL_Init(void)
{
return RSA_Init();
}
/* cleanup at shutdown */
-void RSA_Cleanup(void)
+void
+RSA_Cleanup(void)
{
- blindingParams * bp = NULL;
+ blindingParams *bp = NULL;
if (!coBPInit.initialized)
- return;
+ return;
while (!PR_CLIST_IS_EMPTY(&blindingParamsList.head)) {
- RSABlindingParams *rsabp =
- (RSABlindingParams *)PR_LIST_HEAD(&blindingParamsList.head);
- PR_REMOVE_LINK(&rsabp->link);
- /* clear parameters cache */
- while (rsabp->bp != NULL) {
- bp = rsabp->bp;
- rsabp->bp = rsabp->bp->next;
- mp_clear( &bp->f );
- mp_clear( &bp->g );
- }
- SECITEM_FreeItem(&rsabp->modulus,PR_FALSE);
- PORT_Free(rsabp);
+ RSABlindingParams *rsabp =
+ (RSABlindingParams *)PR_LIST_HEAD(&blindingParamsList.head);
+ PR_REMOVE_LINK(&rsabp->link);
+ /* clear parameters cache */
+ while (rsabp->bp != NULL) {
+ bp = rsabp->bp;
+ rsabp->bp = rsabp->bp->next;
+ mp_clear(&bp->f);
+ mp_clear(&bp->g);
+ }
+ SECITEM_FreeItem(&rsabp->modulus, PR_FALSE);
+ PORT_Free(rsabp);
}
if (blindingParamsList.cVar) {
- PR_DestroyCondVar(blindingParamsList.cVar);
- blindingParamsList.cVar = NULL;
+ PR_DestroyCondVar(blindingParamsList.cVar);
+ blindingParamsList.cVar = NULL;
}
if (blindingParamsList.lock) {
- SKIP_AFTER_FORK(PZ_DestroyLock(blindingParamsList.lock));
- blindingParamsList.lock = NULL;
+ SKIP_AFTER_FORK(PZ_DestroyLock(blindingParamsList.lock));
+ blindingParamsList.lock = NULL;
}
coBPInit.initialized = 0;
@@ -1573,7 +1576,8 @@ void RSA_Cleanup(void)
* free_bl may have allocated along the way. Currently only RSA does this,
* so I've put it here for now.
*/
-void BL_Cleanup(void)
+void
+BL_Cleanup(void)
{
RSA_Cleanup();
}
@@ -1583,8 +1587,8 @@ PRBool bl_parentForkedAfterC_Initialize;
/*
* Set fork flag so it can be tested in SKIP_AFTER_FORK on relevant platforms.
*/
-void BL_SetForkState(PRBool forked)
+void
+BL_SetForkState(PRBool forked)
{
bl_parentForkedAfterC_Initialize = forked;
}
-
diff --git a/lib/freebl/rsapkcs.c b/lib/freebl/rsapkcs.c
index c1e3d54d3..577fe1f61 100644
--- a/lib/freebl/rsapkcs.c
+++ b/lib/freebl/rsapkcs.c
@@ -16,10 +16,10 @@
#include "secitem.h"
#include "blapii.h"
-#define RSA_BLOCK_MIN_PAD_LEN 8
-#define RSA_BLOCK_FIRST_OCTET 0x00
-#define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff
-#define RSA_BLOCK_AFTER_PAD_OCTET 0x00
+#define RSA_BLOCK_MIN_PAD_LEN 8
+#define RSA_BLOCK_FIRST_OCTET 0x00
+#define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff
+#define RSA_BLOCK_AFTER_PAD_OCTET 0x00
/*
* RSA block types
@@ -29,9 +29,9 @@
* the value that NSS has been using in the past.
*/
typedef enum {
- RSA_BlockPrivate = 1, /* pad for a private-key operation */
- RSA_BlockPublic = 2, /* pad for a public-key operation */
- RSA_BlockRaw = 4 /* simply justify the block appropriately */
+ RSA_BlockPrivate = 1, /* pad for a private-key operation */
+ RSA_BlockPublic = 2, /* pad for a public-key operation */
+ RSA_BlockRaw = 4 /* simply justify the block appropriately */
} RSA_BlockType;
/* Needed for RSA-PSS functions */
@@ -41,7 +41,9 @@ static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
* Returns 1 iff a == b, otherwise returns 0.
* Note: For ranges of bytes, use constantTimeCompare.
*/
-static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) {
+static unsigned char
+constantTimeEQ8(unsigned char a, unsigned char b)
+{
unsigned char c = ~((a - b) | (b - a));
c >>= 7;
return c;
@@ -51,9 +53,11 @@ static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) {
* Returns 1 iff len bytes of a are identical to len bytes of b, otherwise
* returns 0.
*/
-static unsigned char constantTimeCompare(const unsigned char *a,
- const unsigned char *b,
- unsigned int len) {
+static unsigned char
+constantTimeCompare(const unsigned char *a,
+ const unsigned char *b,
+ unsigned int len)
+{
unsigned char tmp = 0;
unsigned int i;
for (i = 0; i < len; ++i, ++a, ++b)
@@ -65,15 +69,16 @@ static unsigned char constantTimeCompare(const unsigned char *a,
* Returns a if c is 1, or b if c is 0. The result is undefined if c is
* not 0 or 1.
*/
-static unsigned int constantTimeCondition(unsigned int c,
- unsigned int a,
- unsigned int b)
+static unsigned int
+constantTimeCondition(unsigned int c,
+ unsigned int a,
+ unsigned int b)
{
return (~(c - 1) & a) | ((c - 1) & b);
}
static unsigned int
-rsa_modulusLen(SECItem * modulus)
+rsa_modulusLen(SECItem *modulus)
{
unsigned char byteZero = modulus->data[0];
unsigned int modLen = modulus->len - !byteZero;
@@ -87,7 +92,7 @@ rsa_modulusLen(SECItem * modulus)
static unsigned char *
rsa_FormatOneBlock(unsigned modulusLen,
RSA_BlockType blockType,
- SECItem * data)
+ SECItem *data)
{
unsigned char *block;
unsigned char *bp;
@@ -95,7 +100,7 @@ rsa_FormatOneBlock(unsigned modulusLen,
int i, j;
SECStatus rv;
- block = (unsigned char *) PORT_Alloc(modulusLen);
+ block = (unsigned char *)PORT_Alloc(modulusLen);
if (block == NULL)
return NULL;
@@ -103,146 +108,146 @@ rsa_FormatOneBlock(unsigned modulusLen,
/*
* All RSA blocks start with two octets:
- * 0x00 || BlockType
+ * 0x00 || BlockType
*/
*bp++ = RSA_BLOCK_FIRST_OCTET;
- *bp++ = (unsigned char) blockType;
+ *bp++ = (unsigned char)blockType;
switch (blockType) {
- /*
+ /*
* Blocks intended for private-key operation.
*/
- case RSA_BlockPrivate: /* preferred method */
- /*
+ case RSA_BlockPrivate: /* preferred method */
+ /*
* 0x00 || BT || Pad || 0x00 || ActualData
* 1 1 padLen 1 data->len
* Pad is either all 0x00 or all 0xff bytes, depending on blockType.
*/
- padLen = modulusLen - data->len - 3;
- PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
- if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
- PORT_Free(block);
- return NULL;
- }
- PORT_Memset(bp, RSA_BLOCK_PRIVATE_PAD_OCTET, padLen);
- bp += padLen;
- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
- PORT_Memcpy(bp, data->data, data->len);
- break;
-
- /*
- * Blocks intended for public-key operation.
- */
- case RSA_BlockPublic:
+ padLen = modulusLen - data->len - 3;
+ PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
+ if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
+ PORT_Free(block);
+ return NULL;
+ }
+ PORT_Memset(bp, RSA_BLOCK_PRIVATE_PAD_OCTET, padLen);
+ bp += padLen;
+ *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
+ PORT_Memcpy(bp, data->data, data->len);
+ break;
+
/*
- * 0x00 || BT || Pad || 0x00 || ActualData
- * 1 1 padLen 1 data->len
- * Pad is all non-zero random bytes.
- *
- * Build the block left to right.
- * Fill the entire block from Pad to the end with random bytes.
- * Use the bytes after Pad as a supply of extra random bytes from
- * which to find replacements for the zero bytes in Pad.
- * If we need more than that, refill the bytes after Pad with
- * new random bytes as necessary.
+ * Blocks intended for public-key operation.
*/
- padLen = modulusLen - (data->len + 3);
- PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
- if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
- PORT_Free(block);
- return NULL;
- }
- j = modulusLen - 2;
- rv = RNG_GenerateGlobalRandomBytes(bp, j);
- if (rv == SECSuccess) {
- for (i = 0; i < padLen; ) {
- unsigned char repl;
- /* Pad with non-zero random data. */
- if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) {
- ++i;
- continue;
- }
- if (j <= padLen) {
- rv = RNG_GenerateGlobalRandomBytes(bp + padLen,
- modulusLen - (2 + padLen));
- if (rv != SECSuccess)
- break;
- j = modulusLen - 2;
- }
- do {
- repl = bp[--j];
- } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen);
- if (repl != RSA_BLOCK_AFTER_PAD_OCTET) {
- bp[i++] = repl;
+ case RSA_BlockPublic:
+ /*
+ * 0x00 || BT || Pad || 0x00 || ActualData
+ * 1 1 padLen 1 data->len
+ * Pad is all non-zero random bytes.
+ *
+ * Build the block left to right.
+ * Fill the entire block from Pad to the end with random bytes.
+ * Use the bytes after Pad as a supply of extra random bytes from
+ * which to find replacements for the zero bytes in Pad.
+ * If we need more than that, refill the bytes after Pad with
+ * new random bytes as necessary.
+ */
+ padLen = modulusLen - (data->len + 3);
+ PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
+ if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
+ PORT_Free(block);
+ return NULL;
+ }
+ j = modulusLen - 2;
+ rv = RNG_GenerateGlobalRandomBytes(bp, j);
+ if (rv == SECSuccess) {
+ for (i = 0; i < padLen;) {
+ unsigned char repl;
+ /* Pad with non-zero random data. */
+ if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) {
+ ++i;
+ continue;
+ }
+ if (j <= padLen) {
+ rv = RNG_GenerateGlobalRandomBytes(bp + padLen,
+ modulusLen - (2 + padLen));
+ if (rv != SECSuccess)
+ break;
+ j = modulusLen - 2;
+ }
+ do {
+ repl = bp[--j];
+ } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen);
+ if (repl != RSA_BLOCK_AFTER_PAD_OCTET) {
+ bp[i++] = repl;
+ }
}
}
- }
- if (rv != SECSuccess) {
+ if (rv != SECSuccess) {
+ PORT_Free(block);
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
+ bp += padLen;
+ *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
+ PORT_Memcpy(bp, data->data, data->len);
+ break;
+
+ default:
+ PORT_Assert(0);
PORT_Free(block);
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return NULL;
- }
- bp += padLen;
- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
- PORT_Memcpy(bp, data->data, data->len);
- break;
-
- default:
- PORT_Assert(0);
- PORT_Free(block);
- return NULL;
}
return block;
}
static SECStatus
-rsa_FormatBlock(SECItem * result,
+rsa_FormatBlock(SECItem *result,
unsigned modulusLen,
RSA_BlockType blockType,
- SECItem * data)
+ SECItem *data)
{
switch (blockType) {
- case RSA_BlockPrivate:
- case RSA_BlockPublic:
- /*
- * 0x00 || BT || Pad || 0x00 || ActualData
- *
- * The "3" below is the first octet + the second octet + the 0x00
- * octet that always comes just before the ActualData.
- */
- PORT_Assert(data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
+ case RSA_BlockPrivate:
+ case RSA_BlockPublic:
+ /*
+ * 0x00 || BT || Pad || 0x00 || ActualData
+ *
+ * The "3" below is the first octet + the second octet + the 0x00
+ * octet that always comes just before the ActualData.
+ */
+ PORT_Assert(data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
+
+ result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
+ if (result->data == NULL) {
+ result->len = 0;
+ return SECFailure;
+ }
+ result->len = modulusLen;
- result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
- if (result->data == NULL) {
- result->len = 0;
- return SECFailure;
- }
- result->len = modulusLen;
+ break;
- break;
+ case RSA_BlockRaw:
+ /*
+ * Pad || ActualData
+ * Pad is zeros. The application is responsible for recovering
+ * the actual data.
+ */
+ if (data->len > modulusLen) {
+ return SECFailure;
+ }
+ result->data = (unsigned char *)PORT_ZAlloc(modulusLen);
+ result->len = modulusLen;
+ PORT_Memcpy(result->data + (modulusLen - data->len),
+ data->data, data->len);
+ break;
- case RSA_BlockRaw:
- /*
- * Pad || ActualData
- * Pad is zeros. The application is responsible for recovering
- * the actual data.
- */
- if (data->len > modulusLen ) {
+ default:
+ PORT_Assert(0);
+ result->data = NULL;
+ result->len = 0;
return SECFailure;
- }
- result->data = (unsigned char*)PORT_ZAlloc(modulusLen);
- result->len = modulusLen;
- PORT_Memcpy(result->data + (modulusLen - data->len),
- data->data, data->len);
- break;
-
- default:
- PORT_Assert(0);
- result->data = NULL;
- result->len = 0;
- return SECFailure;
}
return SECSuccess;
@@ -253,18 +258,18 @@ rsa_FormatBlock(SECItem * result,
*/
static SECStatus
MGF1(HASH_HashType hashAlg,
- unsigned char * mask,
+ unsigned char *mask,
unsigned int maskLen,
- const unsigned char * mgfSeed,
+ const unsigned char *mgfSeed,
unsigned int mgfSeedLen)
{
unsigned int digestLen;
PRUint32 counter;
PRUint32 rounds;
- unsigned char * tempHash;
- unsigned char * temp;
- const SECHashObject * hash;
- void * hashContext;
+ unsigned char *tempHash;
+ unsigned char *temp;
+ const SECHashObject *hash;
+ void *hashContext;
unsigned char C[4];
hash = HASH_GetRawHashObject(hashAlg);
@@ -302,11 +307,11 @@ MGF1(HASH_HashType hashAlg,
/* XXX Doesn't set error code */
SECStatus
-RSA_SignRaw(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
+RSA_SignRaw(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * data,
+ const unsigned char *data,
unsigned int dataLen)
{
SECStatus rv = SECSuccess;
@@ -317,9 +322,9 @@ RSA_SignRaw(RSAPrivateKey * key,
if (maxOutputLen < modulusLen)
return SECFailure;
- unformatted.len = dataLen;
- unformatted.data = (unsigned char*)data;
- formatted.data = NULL;
+ unformatted.len = dataLen;
+ unformatted.data = (unsigned char *)data;
+ formatted.data = NULL;
rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw, &unformatted);
if (rv != SECSuccess)
goto done;
@@ -335,15 +340,15 @@ done:
/* XXX Doesn't set error code */
SECStatus
-RSA_CheckSignRaw(RSAPublicKey * key,
- const unsigned char * sig,
+RSA_CheckSignRaw(RSAPublicKey *key,
+ const unsigned char *sig,
unsigned int sigLen,
- const unsigned char * hash,
+ const unsigned char *hash,
unsigned int hashLen)
{
SECStatus rv;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
- unsigned char * buffer;
+ unsigned char *buffer;
if (sigLen != modulusLen)
goto failure;
@@ -377,11 +382,11 @@ failure:
/* XXX Doesn't set error code */
SECStatus
-RSA_CheckSignRecoverRaw(RSAPublicKey * key,
- unsigned char * data,
- unsigned int * dataLen,
+RSA_CheckSignRecoverRaw(RSAPublicKey *key,
+ unsigned char *data,
+ unsigned int *dataLen,
unsigned int maxDataLen,
- const unsigned char * sig,
+ const unsigned char *sig,
unsigned int sigLen)
{
SECStatus rv;
@@ -405,11 +410,11 @@ failure:
/* XXX Doesn't set error code */
SECStatus
-RSA_EncryptRaw(RSAPublicKey * key,
- unsigned char * output,
- unsigned int * outputLen,
+RSA_EncryptRaw(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv;
@@ -421,9 +426,9 @@ RSA_EncryptRaw(RSAPublicKey * key,
if (maxOutputLen < modulusLen)
goto failure;
- unformatted.len = inputLen;
- unformatted.data = (unsigned char*)input;
- formatted.data = NULL;
+ unformatted.len = inputLen;
+ unformatted.data = (unsigned char *)input;
+ formatted.data = NULL;
rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw, &unformatted);
if (rv != SECSuccess)
goto failure;
@@ -444,11 +449,11 @@ failure:
/* XXX Doesn't set error code */
SECStatus
-RSA_DecryptRaw(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
+RSA_DecryptRaw(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv;
@@ -480,25 +485,25 @@ failure:
* output and outputLen.
*/
static SECStatus
-eme_oaep_decode(unsigned char * output,
- unsigned int * outputLen,
+eme_oaep_decode(unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
- const unsigned char * label,
+ const unsigned char *label,
unsigned int labelLen)
{
- const SECHashObject * hash;
- void * hashContext;
+ const SECHashObject *hash;
+ void *hashContext;
SECStatus rv = SECFailure;
unsigned char labelHash[HASH_LENGTH_MAX];
unsigned int i;
unsigned int maskLen;
unsigned int paddingOffset;
- unsigned char * mask = NULL;
- unsigned char * tmpOutput = NULL;
+ unsigned char *mask = NULL;
+ unsigned char *tmpOutput = NULL;
unsigned char isGood;
unsigned char foundPaddingEnd;
@@ -522,14 +527,14 @@ eme_oaep_decode(unsigned char * output,
(*hash->end)(hashContext, labelHash, &i, sizeof(labelHash));
(*hash->destroy)(hashContext, PR_TRUE);
- tmpOutput = (unsigned char*)PORT_Alloc(inputLen);
+ tmpOutput = (unsigned char *)PORT_Alloc(inputLen);
if (tmpOutput == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto done;
}
maskLen = inputLen - hash->length - 1;
- mask = (unsigned char*)PORT_Alloc(maskLen);
+ mask = (unsigned char *)PORT_Alloc(maskLen);
if (mask == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto done;
@@ -639,21 +644,21 @@ done:
* label is the optional value L to be associated with the message.
*/
static SECStatus
-eme_oaep_encode(unsigned char * em,
+eme_oaep_encode(unsigned char *em,
unsigned int emLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
- const unsigned char * label,
+ const unsigned char *label,
unsigned int labelLen,
- const unsigned char * seed,
+ const unsigned char *seed,
unsigned int seedLen)
{
- const SECHashObject * hash;
- void * hashContext;
+ const SECHashObject *hash;
+ void *hashContext;
SECStatus rv;
- unsigned char * mask;
+ unsigned char *mask;
unsigned int reservedLen;
unsigned int dbMaskLen;
unsigned int i;
@@ -732,7 +737,7 @@ eme_oaep_encode(unsigned char * em,
/* Step 2.e - Generate dbMask*/
dbMaskLen = emLen - hash->length - 1;
- mask = (unsigned char*)PORT_Alloc(dbMaskLen);
+ mask = (unsigned char *)PORT_Alloc(dbMaskLen);
if (mask == NULL) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return SECFailure;
@@ -753,22 +758,22 @@ eme_oaep_encode(unsigned char * em,
}
SECStatus
-RSA_EncryptOAEP(RSAPublicKey * key,
+RSA_EncryptOAEP(RSAPublicKey *key,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
- const unsigned char * label,
+ const unsigned char *label,
unsigned int labelLen,
- const unsigned char * seed,
+ const unsigned char *seed,
unsigned int seedLen,
- unsigned char * output,
- unsigned int * outputLen,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv = SECFailure;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
- unsigned char * oaepEncoded = NULL;
+ unsigned char *oaepEncoded = NULL;
if (maxOutputLen < modulusLen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -807,20 +812,20 @@ done:
}
SECStatus
-RSA_DecryptOAEP(RSAPrivateKey * key,
+RSA_DecryptOAEP(RSAPrivateKey *key,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
- const unsigned char * label,
+ const unsigned char *label,
unsigned int labelLen,
- unsigned char * output,
- unsigned int * outputLen,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv = SECFailure;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
- unsigned char * oaepEncoded = NULL;
+ unsigned char *oaepEncoded = NULL;
if ((hashAlg == HASH_AlgNULL) || (maskHashAlg == HASH_AlgNULL)) {
PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
@@ -860,11 +865,11 @@ done:
/* XXX Doesn't set error code */
SECStatus
-RSA_EncryptBlock(RSAPublicKey * key,
- unsigned char * output,
- unsigned int * outputLen,
+RSA_EncryptBlock(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv;
@@ -876,9 +881,9 @@ RSA_EncryptBlock(RSAPublicKey * key,
if (maxOutputLen < modulusLen)
goto failure;
- unformatted.len = inputLen;
- unformatted.data = (unsigned char*)input;
- formatted.data = NULL;
+ unformatted.len = inputLen;
+ unformatted.data = (unsigned char *)input;
+ formatted.data = NULL;
rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPublic,
&unformatted);
if (rv != SECSuccess)
@@ -900,17 +905,17 @@ failure:
/* XXX Doesn't set error code */
SECStatus
-RSA_DecryptBlock(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
+RSA_DecryptBlock(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
unsigned int i;
- unsigned char * buffer;
+ unsigned char *buffer;
if (inputLen != modulusLen)
goto failure;
@@ -961,17 +966,17 @@ failure:
* NOTE: this code assumes modBits is a multiple of 8.
*/
static SECStatus
-emsa_pss_encode(unsigned char * em,
+emsa_pss_encode(unsigned char *em,
unsigned int emLen,
- const unsigned char * mHash,
+ const unsigned char *mHash,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
- const unsigned char * salt,
+ const unsigned char *salt,
unsigned int saltLen)
{
- const SECHashObject * hash;
- void * hash_context;
- unsigned char * dbMask;
+ const SECHashObject *hash;
+ void *hash_context;
+ unsigned char *dbMask;
unsigned int dbMaskLen;
unsigned int i;
SECStatus rv;
@@ -1045,17 +1050,17 @@ emsa_pss_encode(unsigned char * em,
* NOTE: this code assumes modBits is a multiple of 8.
*/
static SECStatus
-emsa_pss_verify(const unsigned char * mHash,
- const unsigned char * em,
+emsa_pss_verify(const unsigned char *mHash,
+ const unsigned char *em,
unsigned int emLen,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
unsigned int saltLen)
{
- const SECHashObject * hash;
- void * hash_context;
- unsigned char * db;
- unsigned char * H_; /* H' from the RFC */
+ const SECHashObject *hash;
+ void *hash_context;
+ unsigned char *db;
+ unsigned char *H_; /* H' from the RFC */
unsigned int i;
unsigned int dbMaskLen;
SECStatus rv;
@@ -1138,15 +1143,15 @@ emsa_pss_verify(const unsigned char * mHash,
}
SECStatus
-RSA_SignPSS(RSAPrivateKey * key,
+RSA_SignPSS(RSAPrivateKey *key,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
- const unsigned char * salt,
+ const unsigned char *salt,
unsigned int saltLength,
- unsigned char * output,
- unsigned int * outputLen,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv = SECSuccess;
@@ -1182,18 +1187,18 @@ done:
}
SECStatus
-RSA_CheckSignPSS(RSAPublicKey * key,
+RSA_CheckSignPSS(RSAPublicKey *key,
HASH_HashType hashAlg,
HASH_HashType maskHashAlg,
unsigned int saltLength,
- const unsigned char * sig,
+ const unsigned char *sig,
unsigned int sigLen,
- const unsigned char * hash,
+ const unsigned char *hash,
unsigned int hashLen)
{
SECStatus rv;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
- unsigned char * buffer;
+ unsigned char *buffer;
if (sigLen != modulusLen) {
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
@@ -1227,11 +1232,11 @@ RSA_CheckSignPSS(RSAPublicKey * key,
/* XXX Doesn't set error code */
SECStatus
-RSA_Sign(RSAPrivateKey * key,
- unsigned char * output,
- unsigned int * outputLen,
+RSA_Sign(RSAPrivateKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
SECStatus rv = SECSuccess;
@@ -1242,9 +1247,9 @@ RSA_Sign(RSAPrivateKey * key,
if (maxOutputLen < modulusLen)
return SECFailure;
- unformatted.len = inputLen;
- unformatted.data = (unsigned char*)input;
- formatted.data = NULL;
+ unformatted.len = inputLen;
+ unformatted.data = (unsigned char *)input;
+ formatted.data = NULL;
rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPrivate,
&unformatted);
if (rv != SECSuccess)
@@ -1263,16 +1268,16 @@ done:
/* XXX Doesn't set error code */
SECStatus
-RSA_CheckSign(RSAPublicKey * key,
- const unsigned char * sig,
+RSA_CheckSign(RSAPublicKey *key,
+ const unsigned char *sig,
unsigned int sigLen,
- const unsigned char * data,
+ const unsigned char *data,
unsigned int dataLen)
{
SECStatus rv;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
unsigned int i;
- unsigned char * buffer;
+ unsigned char *buffer;
if (sigLen != modulusLen)
goto failure;
@@ -1324,17 +1329,17 @@ failure:
/* XXX Doesn't set error code */
SECStatus
-RSA_CheckSignRecover(RSAPublicKey * key,
- unsigned char * output,
- unsigned int * outputLen,
+RSA_CheckSignRecover(RSAPublicKey *key,
+ unsigned char *output,
+ unsigned int *outputLen,
unsigned int maxOutputLen,
- const unsigned char * sig,
+ const unsigned char *sig,
unsigned int sigLen)
{
SECStatus rv;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
unsigned int i;
- unsigned char * buffer;
+ unsigned char *buffer;
if (sigLen != modulusLen)
goto failure;
diff --git a/lib/freebl/secmpi.h b/lib/freebl/secmpi.h
index 92ab612e8..5e8fd1105 100644
--- a/lib/freebl/secmpi.h
+++ b/lib/freebl/secmpi.h
@@ -4,9 +4,13 @@
#include "mpi.h"
-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+#define CHECK_SEC_OK(func) \
+ if (SECSuccess != (rv = func)) \
+ goto cleanup
-#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
+#define CHECK_MPI_OK(func) \
+ if (MP_OKAY > (err = func)) \
+ goto cleanup
#define OCTETS_TO_MPINT(oc, mp, len) \
CHECK_MPI_OK(mp_read_unsigned_octets((mp), oc, len))
@@ -15,18 +19,36 @@
CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
#define MPINT_TO_SECITEM(mp, it, arena) \
- do { int mpintLen = mp_unsigned_octet_size(mp); \
- if (mpintLen <= 0) {err = MP_RANGE; goto cleanup;} \
- SECITEM_AllocItem(arena, (it), mpintLen); \
- if ((it)->data == NULL) {err = MP_MEM; goto cleanup;} \
- err = mp_to_unsigned_octets(mp, (it)->data, (it)->len); \
- if (err < 0) goto cleanup; else err = MP_OKAY; \
- } while (0)
+ do { \
+ int mpintLen = mp_unsigned_octet_size(mp); \
+ if (mpintLen <= 0) { \
+ err = MP_RANGE; \
+ goto cleanup; \
+ } \
+ SECITEM_AllocItem(arena, (it), mpintLen); \
+ if ((it)->data == NULL) { \
+ err = MP_MEM; \
+ goto cleanup; \
+ } \
+ err = mp_to_unsigned_octets(mp, (it)->data, (it)->len); \
+ if (err < 0) \
+ goto cleanup; \
+ else \
+ err = MP_OKAY; \
+ } while (0)
-#define MP_TO_SEC_ERROR(err) \
- switch (err) { \
- case MP_MEM: PORT_SetError(SEC_ERROR_NO_MEMORY); break; \
- case MP_RANGE: PORT_SetError(SEC_ERROR_BAD_DATA); break; \
- case MP_BADARG: PORT_SetError(SEC_ERROR_INVALID_ARGS); break; \
- default: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); break; \
+#define MP_TO_SEC_ERROR(err) \
+ switch (err) { \
+ case MP_MEM: \
+ PORT_SetError(SEC_ERROR_NO_MEMORY); \
+ break; \
+ case MP_RANGE: \
+ PORT_SetError(SEC_ERROR_BAD_DATA); \
+ break; \
+ case MP_BADARG: \
+ PORT_SetError(SEC_ERROR_INVALID_ARGS); \
+ break; \
+ default: \
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); \
+ break; \
}
diff --git a/lib/freebl/secrng.h b/lib/freebl/secrng.h
index e9e6dd27c..19eae4833 100644
--- a/lib/freebl/secrng.h
+++ b/lib/freebl/secrng.h
@@ -43,7 +43,7 @@ extern size_t RNG_GetNoise(void *buf, size_t maxbytes);
*/
extern void RNG_SystemInfoForRNG(void);
-/*
+/*
** Use the contents (and stat) of a file to help seed the
** global random number generator.
*/
diff --git a/lib/freebl/seed.c b/lib/freebl/seed.c
index 1e1639e77..f198cce45 100644
--- a/lib/freebl/seed.c
+++ b/lib/freebl/seed.c
@@ -17,350 +17,343 @@
#include "seed.h"
#include "secerr.h"
-static const seed_word SS[4][256] = {
- {
- 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
- 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
- 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
- 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
- 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
- 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
- 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
- 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
- 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
- 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
- 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
- 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
- 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
- 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
- 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
- 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
- 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
- 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
- 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
- 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
- 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
- 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
- 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
- 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
- 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
- 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
- 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
- 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
- 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
- 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
- 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
- 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
- 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
- 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
- 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
- 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
- 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
- 0x36063234, 0x15051114, 0x22022220, 0x38083038,
- 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
- 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
- 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
- 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
- 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
- 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
- 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
- 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
- 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
- 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
- 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
- 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
- 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
- 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
- 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
- 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
- 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
- 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
- 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
- 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
- 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
- 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
- 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
- 0x22426260, 0x29092128, 0x07070304, 0x33033330,
- 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
- 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
- },
- {
- 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
- 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
- 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
- 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
- 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
- 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
- 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
- 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
- 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
- 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
- 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
- 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
- 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
- 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
- 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
- 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
- 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
- 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
- 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
- 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
- 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
- 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
- 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
- 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
- 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
- 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
- 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
- 0x20220222, 0x04040400, 0x68284860, 0x70314171,
- 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
- 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
- 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
- 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
- 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
- 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
- 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
- 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
- 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
- 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
- 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
- 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
- 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
- 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
- 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
- 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
- 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
- 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
- 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
- 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
- 0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
- 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
- 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
- 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
- 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
- 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
- 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
- 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
- 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
- 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
- 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
- 0x30320232, 0x84048480, 0x68294961, 0x90138393,
- 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
- 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
- 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
- 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
- },
- {
- 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
- 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
- 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
- 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
- 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
- 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
- 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
- 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
- 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
- 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
- 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
- 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
- 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
- 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
- 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
- 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
- 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
- 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
- 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
- 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
- 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
- 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
- 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
- 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
- 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
- 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
- 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
- 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
- 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
- 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
- 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
- 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
- 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
- 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
- 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
- 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
- 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
- 0x32343606, 0x11141505, 0x22202202, 0x30383808,
- 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
- 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
- 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
- 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
- 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
- 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
- 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
- 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
- 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
- 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
- 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
- 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
- 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
- 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
- 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
- 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
- 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
- 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
- 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
- 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
- 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
- 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
- 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
- 0x62602242, 0x21282909, 0x03040707, 0x33303303,
- 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
- 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
- },
- {
- 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
- 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
- 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
- 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
- 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
- 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
- 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
- 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
- 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
- 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
- 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
- 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
- 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
- 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
- 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
- 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
- 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
- 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
- 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
- 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
- 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
- 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
- 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
- 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
- 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
- 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
- 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
- 0x02222022, 0x04000404, 0x48606828, 0x41717031,
- 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
- 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
- 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
- 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
- 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
- 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
- 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
- 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
- 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
- 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
- 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
- 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
- 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
- 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
- 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
- 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
- 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
- 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
- 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
- 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
- 0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
- 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
- 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
- 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
- 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
- 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
- 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
- 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
- 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
- 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
- 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
- 0x02323032, 0x84808404, 0x49616829, 0x83939013,
- 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
- 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
- 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
- 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
- }
+static const seed_word SS[4][256] = {
+ { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
+ 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+ 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+ 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+ 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
+ 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+ 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
+ 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+ 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+ 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+ 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
+ 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+ 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
+ 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+ 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+ 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+ 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
+ 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+ 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
+ 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+ 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+ 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+ 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
+ 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+ 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
+ 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+ 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+ 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+ 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
+ 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+ 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
+ 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+ 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+ 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+ 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
+ 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+ 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
+ 0x36063234, 0x15051114, 0x22022220, 0x38083038,
+ 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+ 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+ 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
+ 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+ 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
+ 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+ 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+ 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+ 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
+ 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+ 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
+ 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+ 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+ 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+ 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
+ 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+ 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
+ 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+ 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+ 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+ 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
+ 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+ 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
+ 0x22426260, 0x29092128, 0x07070304, 0x33033330,
+ 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+ 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298 },
+ { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
+ 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+ 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+ 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+ 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
+ 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+ 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
+ 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+ 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+ 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+ 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
+ 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+ 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
+ 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+ 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+ 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+ 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
+ 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+ 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
+ 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+ 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+ 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+ 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
+ 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+ 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
+ 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+ 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+ 0x20220222, 0x04040400, 0x68284860, 0x70314171,
+ 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
+ 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+ 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
+ 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+ 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+ 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+ 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
+ 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+ 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
+ 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+ 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+ 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+ 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
+ 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+ 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
+ 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+ 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+ 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+ 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
+ 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+ 0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
+ 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+ 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+ 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+ 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
+ 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+ 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
+ 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+ 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+ 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+ 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
+ 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+ 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
+ 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+ 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+ 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3 },
+ { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
+ 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+ 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+ 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+ 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
+ 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+ 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
+ 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+ 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+ 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+ 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
+ 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+ 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
+ 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+ 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+ 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+ 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
+ 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+ 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
+ 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+ 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+ 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+ 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
+ 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+ 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
+ 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+ 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+ 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+ 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
+ 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+ 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
+ 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+ 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+ 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+ 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
+ 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+ 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
+ 0x32343606, 0x11141505, 0x22202202, 0x30383808,
+ 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+ 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+ 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
+ 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+ 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
+ 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+ 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+ 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+ 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
+ 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+ 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
+ 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+ 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+ 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+ 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
+ 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+ 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
+ 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+ 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+ 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+ 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
+ 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+ 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
+ 0x62602242, 0x21282909, 0x03040707, 0x33303303,
+ 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+ 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a },
+ { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
+ 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+ 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+ 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+ 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
+ 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+ 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
+ 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+ 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+ 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+ 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
+ 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+ 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
+ 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+ 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+ 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+ 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
+ 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+ 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
+ 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+ 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+ 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+ 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
+ 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+ 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
+ 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+ 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+ 0x02222022, 0x04000404, 0x48606828, 0x41717031,
+ 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
+ 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+ 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
+ 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+ 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+ 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+ 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
+ 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+ 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
+ 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+ 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+ 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+ 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
+ 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+ 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
+ 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+ 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+ 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+ 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
+ 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+ 0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
+ 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+ 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+ 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+ 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
+ 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+ 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
+ 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+ 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+ 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+ 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
+ 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+ 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
+ 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+ 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+ 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437 }
};
/* key schedule constants - golden ratio */
-#define KC0 0x9e3779b9
-#define KC1 0x3c6ef373
-#define KC2 0x78dde6e6
-#define KC3 0xf1bbcdcc
-#define KC4 0xe3779b99
-#define KC5 0xc6ef3733
-#define KC6 0x8dde6e67
-#define KC7 0x1bbcdccf
-#define KC8 0x3779b99e
-#define KC9 0x6ef3733c
-#define KC10 0xdde6e678
-#define KC11 0xbbcdccf1
-#define KC12 0x779b99e3
-#define KC13 0xef3733c6
-#define KC14 0xde6e678d
-#define KC15 0xbcdccf1b
-
-
-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
- SEED_KEY_SCHEDULE *ks)
+#define KC0 0x9e3779b9
+#define KC1 0x3c6ef373
+#define KC2 0x78dde6e6
+#define KC3 0xf1bbcdcc
+#define KC4 0xe3779b99
+#define KC5 0xc6ef3733
+#define KC6 0x8dde6e67
+#define KC7 0x1bbcdccf
+#define KC8 0x3779b99e
+#define KC9 0x6ef3733c
+#define KC10 0xdde6e678
+#define KC11 0xbbcdccf1
+#define KC12 0x779b99e3
+#define KC13 0xef3733c6
+#define KC14 0xde6e678d
+#define KC15 0xbcdccf1b
+
+void
+SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+ SEED_KEY_SCHEDULE *ks)
{
seed_word K0, K1, K2, K3;
seed_word t0, t1;
- char2word(rawkey , K0);
- char2word(rawkey+4 , K1);
- char2word(rawkey+8 , K2);
- char2word(rawkey+12, K3);
+ char2word(rawkey, K0);
+ char2word(rawkey + 4, K1);
+ char2word(rawkey + 8, K2);
+ char2word(rawkey + 12, K3);
t0 = (K0 + K2 - KC0);
- t1 = (K1 - K3 + KC0);
+ t1 = (K1 - K3 + KC0);
KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC1);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC1);
KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
- KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC2);
+ KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC2);
KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC3);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC3);
KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
- KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC4);
+ KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC4);
KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC5);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC5);
KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
- KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC6);
+ KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC6);
KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC7);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC7);
KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
- KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC8);
+ KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC8);
KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC9);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC9);
KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
- KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC10);
+ KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC10);
KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC11);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC11);
KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
- KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC12);
+ KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC12);
KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC13);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC13);
KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
- KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC14);
+ KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC14);
KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
- KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC15);
+ KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC15);
KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
}
-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
- unsigned char d[SEED_BLOCK_SIZE],
- const SEED_KEY_SCHEDULE *ks)
+void
+SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks)
{
seed_word L0, L1, R0, R1;
seed_word t0, t1;
- char2word(s, L0);
- char2word(s+4, L1);
- char2word(s+8, R0);
- char2word(s+12, R1);
-
+ char2word(s, L0);
+ char2word(s + 4, L1);
+ char2word(s + 8, R0);
+ char2word(s + 12, R1);
+
E_SEED(t0, t1, L0, L1, R0, R1, 0);
E_SEED(t0, t1, R0, R1, L0, L1, 2);
E_SEED(t0, t1, L0, L1, R0, R1, 4);
@@ -379,23 +372,24 @@ void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
E_SEED(t0, t1, R0, R1, L0, L1, 30);
word2char(R0, d);
- word2char(R1, d+4);
- word2char(L0, d+8);
- word2char(L1, d+12);
+ word2char(R1, d + 4);
+ word2char(L0, d + 8);
+ word2char(L1, d + 12);
}
-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
- unsigned char d[SEED_BLOCK_SIZE],
- const SEED_KEY_SCHEDULE *ks)
+void
+SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks)
{
seed_word L0, L1, R0, R1;
seed_word t0, t1;
- char2word(s, L0);
- char2word(s+4, L1);
- char2word(s+8, R0);
- char2word(s+12, R1);
-
+ char2word(s, L0);
+ char2word(s + 4, L1);
+ char2word(s + 8, R0);
+ char2word(s + 12, R1);
+
E_SEED(t0, t1, L0, L1, R0, R1, 30);
E_SEED(t0, t1, R0, R1, L0, L1, 28);
E_SEED(t0, t1, L0, L1, R0, R1, 26);
@@ -414,14 +408,15 @@ void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
E_SEED(t0, t1, R0, R1, L0, L1, 0);
word2char(R0, d);
- word2char(R1, d+4);
- word2char(L0, d+8);
- word2char(L1, d+12);
+ word2char(R1, d + 4);
+ word2char(L0, d + 8);
+ word2char(L1, d + 12);
}
-void SEED_ecb_encrypt(const unsigned char *in,
- unsigned char *out,
- const SEED_KEY_SCHEDULE *ks, int enc)
+void
+SEED_ecb_encrypt(const unsigned char *in,
+ unsigned char *out,
+ const SEED_KEY_SCHEDULE *ks, int enc)
{
if (enc) {
SEED_encrypt(in, out, ks);
@@ -430,10 +425,10 @@ void SEED_ecb_encrypt(const unsigned char *in,
}
}
-
-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks,
- unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+void
+SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE], int enc)
{
size_t n;
unsigned char tmp[SEED_BLOCK_SIZE];
@@ -447,7 +442,7 @@ void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
SEED_encrypt(out, out, ks);
iv = out;
len -= SEED_BLOCK_SIZE;
- in += SEED_BLOCK_SIZE;
+ in += SEED_BLOCK_SIZE;
out += SEED_BLOCK_SIZE;
}
@@ -461,7 +456,7 @@ void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
SEED_encrypt(out, out, ks);
iv = out;
}
-
+
memcpy(ivec, iv, SEED_BLOCK_SIZE);
} else if (in != out) {
while (len >= SEED_BLOCK_SIZE) {
@@ -472,10 +467,10 @@ void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
iv = in;
len -= SEED_BLOCK_SIZE;
- in += SEED_BLOCK_SIZE;
+ in += SEED_BLOCK_SIZE;
out += SEED_BLOCK_SIZE;
}
-
+
if (len) {
SEED_decrypt(in, tmp, ks);
@@ -484,7 +479,7 @@ void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
iv = in;
}
-
+
memcpy(ivec, iv, SEED_BLOCK_SIZE);
} else {
while (len >= SEED_BLOCK_SIZE) {
@@ -496,7 +491,7 @@ void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
memcpy(ivec, tmp, SEED_BLOCK_SIZE);
len -= SEED_BLOCK_SIZE;
- in += SEED_BLOCK_SIZE;
+ in += SEED_BLOCK_SIZE;
out += SEED_BLOCK_SIZE;
}
@@ -518,45 +513,45 @@ SEED_AllocateContext(void)
return PORT_ZNew(SEEDContext);
}
-SECStatus
-SEED_InitContext(SEEDContext *cx, const unsigned char *key,
- unsigned int keylen, const unsigned char *iv,
- int mode, unsigned int encrypt,unsigned int unused)
+SECStatus
+SEED_InitContext(SEEDContext *cx, const unsigned char *key,
+ unsigned int keylen, const unsigned char *iv,
+ int mode, unsigned int encrypt, unsigned int unused)
{
if (!cx) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
switch (mode) {
- case NSS_SEED:
- SEED_set_key(key, &cx->ks);
- cx->mode = NSS_SEED;
- cx->encrypt = encrypt;
- break;
-
- case NSS_SEED_CBC:
- memcpy(cx->iv, iv, 16);
- SEED_set_key(key, &cx->ks);
- cx->mode = NSS_SEED_CBC;
- cx->encrypt = encrypt;
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ case NSS_SEED:
+ SEED_set_key(key, &cx->ks);
+ cx->mode = NSS_SEED;
+ cx->encrypt = encrypt;
+ break;
+
+ case NSS_SEED_CBC:
+ memcpy(cx->iv, iv, 16);
+ SEED_set_key(key, &cx->ks);
+ cx->mode = NSS_SEED_CBC;
+ cx->encrypt = encrypt;
+ break;
+
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
}
SEEDContext *
-SEED_CreateContext(const unsigned char * key, const unsigned char *iv,
+SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, PRBool encrypt)
{
SEEDContext *cx = PORT_ZNew(SEEDContext);
- SECStatus rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode,
- encrypt, 0);
+ SECStatus rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode,
+ encrypt, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof *cx);
@@ -579,7 +574,7 @@ SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
SECStatus
SEED_Encrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
- unsigned int maxOutLen, const unsigned char *in,
+ unsigned int maxOutLen, const unsigned char *in,
unsigned int inLen)
{
if (!cx) {
@@ -593,19 +588,19 @@ SEED_Encrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
}
switch (cx->mode) {
- case NSS_SEED:
- SEED_ecb_encrypt(in, out, &cx->ks, 1);
- *outLen = inLen;
- break;
-
- case NSS_SEED_CBC:
- SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 1);
- *outLen = inLen;
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ case NSS_SEED:
+ SEED_ecb_encrypt(in, out, &cx->ks, 1);
+ *outLen = inLen;
+ break;
+
+ case NSS_SEED_CBC:
+ SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 1);
+ *outLen = inLen;
+ break;
+
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return SECSuccess;
@@ -613,7 +608,7 @@ SEED_Encrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
SECStatus
SEED_Decrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
- unsigned int maxOutLen, const unsigned char *in,
+ unsigned int maxOutLen, const unsigned char *in,
unsigned int inLen)
{
if (!cx) {
@@ -627,20 +622,20 @@ SEED_Decrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
}
switch (cx->mode) {
- case NSS_SEED:
- SEED_ecb_encrypt(in, out, &cx->ks, 0);
- *outLen = inLen;
- break;
-
- case NSS_SEED_CBC:
- SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 0);
- *outLen = inLen;
- break;
-
- default:
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ case NSS_SEED:
+ SEED_ecb_encrypt(in, out, &cx->ks, 0);
+ *outLen = inLen;
+ break;
+
+ case NSS_SEED_CBC:
+ SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 0);
+ *outLen = inLen;
+ break;
+
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
-
+
return SECSuccess;
}
diff --git a/lib/freebl/seed.h b/lib/freebl/seed.h
index 8e09dbf30..f527165b7 100644
--- a/lib/freebl/seed.h
+++ b/lib/freebl/seed.h
@@ -9,86 +9,85 @@
#include "blapi.h"
#if !defined(NO_SYS_TYPES_H)
-# include <sys/types.h>
+#include <sys/types.h>
#endif
typedef PRUint32 seed_word;
-#define G_FUNC(v) \
- SS[0][((v) & 0xff)] ^ \
- SS[1][((v)>> 8 & 0xff)] ^ \
- SS[2][((v)>>16 & 0xff)] ^ \
- SS[3][((v)>>24 & 0xff)]
+#define G_FUNC(v) \
+ SS[0][((v)&0xff)] ^ \
+ SS[1][((v) >> 8 & 0xff)] ^ \
+ SS[2][((v) >> 16 & 0xff)] ^ \
+ SS[3][((v) >> 24 & 0xff)]
-#define char2word(c, i) \
+#define char2word(c, i) \
(i) = ((((seed_word)((c)[0])) << 24) | \
(((seed_word)((c)[1])) << 16) | \
- (((seed_word)((c)[2])) << 8) | \
- ((seed_word)((c)[3])))
-
-#define word2char(l, c) \
- *((c)+0) = (unsigned char)((l)>>24); \
- *((c)+1) = (unsigned char)((l)>>16); \
- *((c)+2) = (unsigned char)((l)>> 8); \
- *((c)+3) = (unsigned char)((l) )
-
-#define KEYSCHEDULE_UPDATE0(T0, T1, K0, K1, K2, K3, KC) \
- (T0) = (K2); \
- (K2) = (((K2)<<8) ^ ((K3)>>24)); \
- (K3) = (((K3)<<8) ^ ((T0)>>24)); \
- (T0) = ((K0) + (K2) - (KC)); \
+ (((seed_word)((c)[2])) << 8) | \
+ ((seed_word)((c)[3])))
+
+#define word2char(l, c) \
+ *((c) + 0) = (unsigned char)((l) >> 24); \
+ *((c) + 1) = (unsigned char)((l) >> 16); \
+ *((c) + 2) = (unsigned char)((l) >> 8); \
+ *((c) + 3) = (unsigned char)((l))
+
+#define KEYSCHEDULE_UPDATE0(T0, T1, K0, K1, K2, K3, KC) \
+ (T0) = (K2); \
+ (K2) = (((K2) << 8) ^ ((K3) >> 24)); \
+ (K3) = (((K3) << 8) ^ ((T0) >> 24)); \
+ (T0) = ((K0) + (K2) - (KC)); \
(T1) = ((K1) + (KC) - (K3))
#define KEYSCHEDULE_UPDATE1(T0, T1, K0, K1, K2, K3, KC) \
- (T0) = (K0); \
- (K0) = (((K0)>>8) ^ ((K1)<<24)); \
- (K1) = (((K1)>>8) ^ ((T0)<<24)); \
- (T0) = ((K0) + (K2) - (KC)); \
+ (T0) = (K0); \
+ (K0) = (((K0) >> 8) ^ ((K1) << 24)); \
+ (K1) = (((K1) >> 8) ^ ((T0) << 24)); \
+ (T0) = ((K0) + (K2) - (KC)); \
(T1) = ((K1) + (KC) - (K3))
-#define KEYUPDATE_TEMP(T0, T1, K) \
- (K)[0] = G_FUNC((T0)); \
+#define KEYUPDATE_TEMP(T0, T1, K) \
+ (K)[0] = G_FUNC((T0)); \
(K)[1] = G_FUNC((T1))
-#define XOR_SEEDBLOCK(DST, SRC) \
- (DST)[0] ^= (SRC)[0]; \
- (DST)[1] ^= (SRC)[1]; \
- (DST)[2] ^= (SRC)[2]; \
+#define XOR_SEEDBLOCK(DST, SRC) \
+ (DST)[0] ^= (SRC)[0]; \
+ (DST)[1] ^= (SRC)[1]; \
+ (DST)[2] ^= (SRC)[2]; \
(DST)[3] ^= (SRC)[3]
-#define MOV_SEEDBLOCK(DST, SRC) \
- (DST)[0] = (SRC)[0]; \
- (DST)[1] = (SRC)[1]; \
- (DST)[2] = (SRC)[2]; \
+#define MOV_SEEDBLOCK(DST, SRC) \
+ (DST)[0] = (SRC)[0]; \
+ (DST)[1] = (SRC)[1]; \
+ (DST)[2] = (SRC)[2]; \
(DST)[3] = (SRC)[3]
-# define CHAR2WORD(C, I) \
- char2word((C), (I)[0]); \
- char2word((C)+4, (I)[1]); \
- char2word((C)+8, (I)[2]); \
- char2word((C)+12, (I)[3])
-
-# define WORD2CHAR(I, C) \
- word2char((I)[0], (C)); \
- word2char((I)[1], (C+4)); \
- word2char((I)[2], (C+8)); \
- word2char((I)[3], (C+12))
-
-# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \
- (T0) = (X3) ^ (ks->data)[(rbase)]; \
- (T1) = (X4) ^ (ks->data)[(rbase)+1]; \
- (T1) ^= (T0); \
- (T1) = G_FUNC(T1); \
- (T0) += (T1); \
- (T0) = G_FUNC(T0); \
- (T1) += (T0); \
- (T1) = G_FUNC(T1); \
- (T0) += (T1); \
- (X1) ^= (T0); \
+#define CHAR2WORD(C, I) \
+ char2word((C), (I)[0]); \
+ char2word((C) + 4, (I)[1]); \
+ char2word((C) + 8, (I)[2]); \
+ char2word((C) + 12, (I)[3])
+
+#define WORD2CHAR(I, C) \
+ word2char((I)[0], (C)); \
+ word2char((I)[1], (C + 4)); \
+ word2char((I)[2], (C + 8)); \
+ word2char((I)[3], (C + 12))
+
+#define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \
+ (T0) = (X3) ^ (ks->data)[(rbase)]; \
+ (T1) = (X4) ^ (ks->data)[(rbase) + 1]; \
+ (T1) ^= (T0); \
+ (T1) = G_FUNC(T1); \
+ (T0) += (T1); \
+ (T0) = G_FUNC(T0); \
+ (T1) += (T0); \
+ (T1) = G_FUNC(T1); \
+ (T0) += (T1); \
+ (X1) ^= (T0); \
(X2) ^= (T1)
-
-#ifdef __cplusplus
+#ifdef __cplusplus
extern "C" {
#endif
@@ -96,8 +95,6 @@ typedef struct seed_key_st {
PRUint32 data[32];
} SEED_KEY_SCHEDULE;
-
-
struct SEEDContextStr {
unsigned char iv[SEED_BLOCK_SIZE];
SEED_KEY_SCHEDULE ks;
@@ -105,23 +102,23 @@ struct SEEDContextStr {
unsigned int encrypt;
};
-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
SEED_KEY_SCHEDULE *ks);
-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
- unsigned char d[SEED_BLOCK_SIZE],
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
const SEED_KEY_SCHEDULE *ks);
-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
- unsigned char d[SEED_BLOCK_SIZE],
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
const SEED_KEY_SCHEDULE *ks);
-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
const SEED_KEY_SCHEDULE *ks, int enc);
-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks,
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SEED_KEY_SCHEDULE *ks,
unsigned char ivec[SEED_BLOCK_SIZE], int enc);
-#ifdef __cplusplus
+#ifdef __cplusplus
}
#endif
diff --git a/lib/freebl/sha256.h b/lib/freebl/sha256.h
index 86bec7ccb..c65ca152d 100644
--- a/lib/freebl/sha256.h
+++ b/lib/freebl/sha256.h
@@ -9,11 +9,11 @@
struct SHA256ContextStr {
union {
- PRUint32 w[64]; /* message schedule, input buffer, plus 48 words */
- PRUint8 b[256];
+ PRUint32 w[64]; /* message schedule, input buffer, plus 48 words */
+ PRUint8 b[256];
} u;
- PRUint32 h[8]; /* 8 state variables */
- PRUint32 sizeHi,sizeLo; /* 64-bit count of hashed bytes. */
+ PRUint32 h[8]; /* 8 state variables */
+ PRUint32 sizeHi, sizeLo; /* 64-bit count of hashed bytes. */
};
#endif /* _SHA_256_H_ */
diff --git a/lib/freebl/sha512.c b/lib/freebl/sha512.c
index 28e7c04b5..528f884b2 100644
--- a/lib/freebl/sha512.c
+++ b/lib/freebl/sha512.c
@@ -14,11 +14,11 @@
#define NOUNROLL512 1
#undef HAVE_LONG_LONG
#endif
-#include "prtypes.h" /* for PRUintXX */
+#include "prtypes.h" /* for PRUintXX */
#include "prlong.h"
-#include "secport.h" /* for PORT_XXX */
+#include "secport.h" /* for PORT_XXX */
#include "blapi.h"
-#include "sha256.h" /* for struct SHA256ContextStr */
+#include "sha256.h" /* for struct SHA256ContextStr */
/* ============= Common constants and defines ======================= */
@@ -26,44 +26,44 @@
#define B ctx->u.b
#define H ctx->h
-#define SHR(x,n) (x >> n)
-#define SHL(x,n) (x << n)
-#define Ch(x,y,z) ((x & y) ^ (~x & z))
-#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
-#define SHA_MIN(a,b) (a < b ? a : b)
+#define SHR(x, n) (x >> n)
+#define SHL(x, n) (x << n)
+#define Ch(x, y, z) ((x & y) ^ (~x & z))
+#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
+#define SHA_MIN(a, b) (a < b ? a : b)
/* Padding used with all flavors of SHA */
-static const PRUint8 pad[240] = {
-0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
- /* compiler will fill the rest in with zeros */
+static const PRUint8 pad[240] = {
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+ /* compiler will fill the rest in with zeros */
};
/* ============= SHA256 implementation ================================== */
/* SHA-256 constants, K256. */
static const PRUint32 K256[64] = {
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
/* SHA-256 initial hash values */
static const PRUint32 H256[8] = {
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
};
@@ -82,47 +82,53 @@ static const PRUint32 H256[8] = {
#endif
#define FASTCALL __fastcall
-static FORCEINLINE PRUint32 FASTCALL
-swap4b(PRUint32 dwd)
+static FORCEINLINE PRUint32 FASTCALL
+swap4b(PRUint32 dwd)
{
__asm {
- mov eax,dwd
- bswap eax
+ mov eax,dwd
+ bswap eax
}
}
#define SHA_HTONL(x) swap4b(x)
#elif defined(__GNUC__) && defined(NSS_X86_OR_X64)
-static __inline__ PRUint32 swap4b(PRUint32 value)
+static __inline__ PRUint32
+swap4b(PRUint32 value)
{
- __asm__("bswap %0" : "+r" (value));
+ __asm__("bswap %0"
+ : "+r"(value));
return (value);
}
#define SHA_HTONL(x) swap4b(x)
-#elif defined(__GNUC__) && (defined(__thumb2__) || \
- (!defined(__thumb__) && \
- (defined(__ARM_ARCH_6__) || \
- defined(__ARM_ARCH_6J__) || \
- defined(__ARM_ARCH_6K__) || \
- defined(__ARM_ARCH_6Z__) || \
- defined(__ARM_ARCH_6ZK__) || \
- defined(__ARM_ARCH_6T2__) || \
- defined(__ARM_ARCH_7__) || \
- defined(__ARM_ARCH_7A__) || \
- defined(__ARM_ARCH_7R__))))
-static __inline__ PRUint32 swap4b(PRUint32 value)
+#elif defined(__GNUC__) && (defined(__thumb2__) || \
+ (!defined(__thumb__) && \
+ (defined(__ARM_ARCH_6__) || \
+ defined(__ARM_ARCH_6J__) || \
+ defined(__ARM_ARCH_6K__) || \
+ defined(__ARM_ARCH_6Z__) || \
+ defined(__ARM_ARCH_6ZK__) || \
+ defined(__ARM_ARCH_6T2__) || \
+ defined(__ARM_ARCH_7__) || \
+ defined(__ARM_ARCH_7A__) || \
+ defined(__ARM_ARCH_7R__))))
+static __inline__ PRUint32
+swap4b(PRUint32 value)
{
PRUint32 ret;
- __asm__("rev %0, %1" : "=r" (ret) : "r"(value));
+ __asm__("rev %0, %1"
+ : "=r"(ret)
+ : "r"(value));
return ret;
}
#define SHA_HTONL(x) swap4b(x)
#else
-#define SWAP4MASK 0x00FF00FF
-static PRUint32 swap4b(PRUint32 value)
+#define SWAP4MASK 0x00FF00FF
+static PRUint32
+swap4b(PRUint32 value)
{
PRUint32 t1 = (value << 16) | (value >> 16);
return ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK);
@@ -133,19 +139,19 @@ static PRUint32 swap4b(PRUint32 value)
#endif /* defined(IS_LITTLE_ENDIAN) */
#if defined(_MSC_VER)
-#pragma intrinsic (_lrotr, _lrotl)
-#define ROTR32(x,n) _lrotr(x,n)
-#define ROTL32(x,n) _lrotl(x,n)
+#pragma intrinsic(_lrotr, _lrotl)
+#define ROTR32(x, n) _lrotr(x, n)
+#define ROTL32(x, n) _lrotl(x, n)
#else
-#define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n)))
-#define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n)))
+#define ROTR32(x, n) ((x >> n) | (x << ((8 * sizeof x) - n)))
+#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n)))
#endif
/* Capitol Sigma and lower case sigma functions */
-#define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))
-#define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))
-#define s0(x) (ROTR32(x, 7) ^ ROTR32(x,18) ^ SHR(x, 3))
-#define s1(x) (ROTR32(x,17) ^ ROTR32(x,19) ^ SHR(x,10))
+#define S0(x) (ROTR32(x, 2) ^ ROTR32(x, 13) ^ ROTR32(x, 22))
+#define S1(x) (ROTR32(x, 6) ^ ROTR32(x, 11) ^ ROTR32(x, 25))
+#define s0(x) (ROTR32(x, 7) ^ ROTR32(x, 18) ^ SHR(x, 3))
+#define s1(x) (ROTR32(x, 17) ^ ROTR32(x, 19) ^ SHR(x, 10))
SHA256Context *
SHA256_NewContext(void)
@@ -154,7 +160,7 @@ SHA256_NewContext(void)
return ctx;
}
-void
+void
SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
{
memset(ctx, 0, sizeof *ctx);
@@ -163,7 +169,7 @@ SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
}
}
-void
+void
SHA256_Begin(SHA256Context *ctx)
{
memset(ctx, 0, sizeof *ctx);
@@ -173,208 +179,208 @@ SHA256_Begin(SHA256Context *ctx)
static void
SHA256_Compress(SHA256Context *ctx)
{
- {
+ {
#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP4(W[0]);
- BYTESWAP4(W[1]);
- BYTESWAP4(W[2]);
- BYTESWAP4(W[3]);
- BYTESWAP4(W[4]);
- BYTESWAP4(W[5]);
- BYTESWAP4(W[6]);
- BYTESWAP4(W[7]);
- BYTESWAP4(W[8]);
- BYTESWAP4(W[9]);
- BYTESWAP4(W[10]);
- BYTESWAP4(W[11]);
- BYTESWAP4(W[12]);
- BYTESWAP4(W[13]);
- BYTESWAP4(W[14]);
- BYTESWAP4(W[15]);
+ BYTESWAP4(W[0]);
+ BYTESWAP4(W[1]);
+ BYTESWAP4(W[2]);
+ BYTESWAP4(W[3]);
+ BYTESWAP4(W[4]);
+ BYTESWAP4(W[5]);
+ BYTESWAP4(W[6]);
+ BYTESWAP4(W[7]);
+ BYTESWAP4(W[8]);
+ BYTESWAP4(W[9]);
+ BYTESWAP4(W[10]);
+ BYTESWAP4(W[11]);
+ BYTESWAP4(W[12]);
+ BYTESWAP4(W[13]);
+ BYTESWAP4(W[14]);
+ BYTESWAP4(W[15]);
#endif
-#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
+#define INITW(t) W[t] = (s1(W[t - 2]) + W[t - 7] + s0(W[t - 15]) + W[t - 16])
- /* prepare the "message schedule" */
+/* prepare the "message schedule" */
#ifdef NOUNROLL256
- {
- int t;
- for (t = 16; t < 64; ++t) {
- INITW(t);
- }
- }
+ {
+ int t;
+ for (t = 16; t < 64; ++t) {
+ INITW(t);
+ }
+ }
#else
- INITW(16);
- INITW(17);
- INITW(18);
- INITW(19);
-
- INITW(20);
- INITW(21);
- INITW(22);
- INITW(23);
- INITW(24);
- INITW(25);
- INITW(26);
- INITW(27);
- INITW(28);
- INITW(29);
-
- INITW(30);
- INITW(31);
- INITW(32);
- INITW(33);
- INITW(34);
- INITW(35);
- INITW(36);
- INITW(37);
- INITW(38);
- INITW(39);
-
- INITW(40);
- INITW(41);
- INITW(42);
- INITW(43);
- INITW(44);
- INITW(45);
- INITW(46);
- INITW(47);
- INITW(48);
- INITW(49);
-
- INITW(50);
- INITW(51);
- INITW(52);
- INITW(53);
- INITW(54);
- INITW(55);
- INITW(56);
- INITW(57);
- INITW(58);
- INITW(59);
-
- INITW(60);
- INITW(61);
- INITW(62);
- INITW(63);
+ INITW(16);
+ INITW(17);
+ INITW(18);
+ INITW(19);
+
+ INITW(20);
+ INITW(21);
+ INITW(22);
+ INITW(23);
+ INITW(24);
+ INITW(25);
+ INITW(26);
+ INITW(27);
+ INITW(28);
+ INITW(29);
+
+ INITW(30);
+ INITW(31);
+ INITW(32);
+ INITW(33);
+ INITW(34);
+ INITW(35);
+ INITW(36);
+ INITW(37);
+ INITW(38);
+ INITW(39);
+
+ INITW(40);
+ INITW(41);
+ INITW(42);
+ INITW(43);
+ INITW(44);
+ INITW(45);
+ INITW(46);
+ INITW(47);
+ INITW(48);
+ INITW(49);
+
+ INITW(50);
+ INITW(51);
+ INITW(52);
+ INITW(53);
+ INITW(54);
+ INITW(55);
+ INITW(56);
+ INITW(57);
+ INITW(58);
+ INITW(59);
+
+ INITW(60);
+ INITW(61);
+ INITW(62);
+ INITW(63);
#endif
#undef INITW
- }
- {
- PRUint32 a, b, c, d, e, f, g, h;
-
- a = H[0];
- b = H[1];
- c = H[2];
- d = H[3];
- e = H[4];
- f = H[5];
- g = H[6];
- h = H[7];
-
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \
- d += h; \
- h += S0(a) + Maj(a,b,c);
+ }
+ {
+ PRUint32 a, b, c, d, e, f, g, h;
+
+ a = H[0];
+ b = H[1];
+ c = H[2];
+ d = H[3];
+ e = H[4];
+ f = H[5];
+ g = H[6];
+ h = H[7];
+
+#define ROUND(n, a, b, c, d, e, f, g, h) \
+ h += S1(e) + Ch(e, f, g) + K256[n] + W[n]; \
+ d += h; \
+ h += S0(a) + Maj(a, b, c);
#ifdef NOUNROLL256
- {
- int t;
- for (t = 0; t < 64; t+= 8) {
- ROUND(t+0,a,b,c,d,e,f,g,h)
- ROUND(t+1,h,a,b,c,d,e,f,g)
- ROUND(t+2,g,h,a,b,c,d,e,f)
- ROUND(t+3,f,g,h,a,b,c,d,e)
- ROUND(t+4,e,f,g,h,a,b,c,d)
- ROUND(t+5,d,e,f,g,h,a,b,c)
- ROUND(t+6,c,d,e,f,g,h,a,b)
- ROUND(t+7,b,c,d,e,f,g,h,a)
- }
- }
+ {
+ int t;
+ for (t = 0; t < 64; t += 8) {
+ ROUND(t + 0, a, b, c, d, e, f, g, h)
+ ROUND(t + 1, h, a, b, c, d, e, f, g)
+ ROUND(t + 2, g, h, a, b, c, d, e, f)
+ ROUND(t + 3, f, g, h, a, b, c, d, e)
+ ROUND(t + 4, e, f, g, h, a, b, c, d)
+ ROUND(t + 5, d, e, f, g, h, a, b, c)
+ ROUND(t + 6, c, d, e, f, g, h, a, b)
+ ROUND(t + 7, b, c, d, e, f, g, h, a)
+ }
+ }
#else
- ROUND( 0,a,b,c,d,e,f,g,h)
- ROUND( 1,h,a,b,c,d,e,f,g)
- ROUND( 2,g,h,a,b,c,d,e,f)
- ROUND( 3,f,g,h,a,b,c,d,e)
- ROUND( 4,e,f,g,h,a,b,c,d)
- ROUND( 5,d,e,f,g,h,a,b,c)
- ROUND( 6,c,d,e,f,g,h,a,b)
- ROUND( 7,b,c,d,e,f,g,h,a)
-
- ROUND( 8,a,b,c,d,e,f,g,h)
- ROUND( 9,h,a,b,c,d,e,f,g)
- ROUND(10,g,h,a,b,c,d,e,f)
- ROUND(11,f,g,h,a,b,c,d,e)
- ROUND(12,e,f,g,h,a,b,c,d)
- ROUND(13,d,e,f,g,h,a,b,c)
- ROUND(14,c,d,e,f,g,h,a,b)
- ROUND(15,b,c,d,e,f,g,h,a)
-
- ROUND(16,a,b,c,d,e,f,g,h)
- ROUND(17,h,a,b,c,d,e,f,g)
- ROUND(18,g,h,a,b,c,d,e,f)
- ROUND(19,f,g,h,a,b,c,d,e)
- ROUND(20,e,f,g,h,a,b,c,d)
- ROUND(21,d,e,f,g,h,a,b,c)
- ROUND(22,c,d,e,f,g,h,a,b)
- ROUND(23,b,c,d,e,f,g,h,a)
-
- ROUND(24,a,b,c,d,e,f,g,h)
- ROUND(25,h,a,b,c,d,e,f,g)
- ROUND(26,g,h,a,b,c,d,e,f)
- ROUND(27,f,g,h,a,b,c,d,e)
- ROUND(28,e,f,g,h,a,b,c,d)
- ROUND(29,d,e,f,g,h,a,b,c)
- ROUND(30,c,d,e,f,g,h,a,b)
- ROUND(31,b,c,d,e,f,g,h,a)
-
- ROUND(32,a,b,c,d,e,f,g,h)
- ROUND(33,h,a,b,c,d,e,f,g)
- ROUND(34,g,h,a,b,c,d,e,f)
- ROUND(35,f,g,h,a,b,c,d,e)
- ROUND(36,e,f,g,h,a,b,c,d)
- ROUND(37,d,e,f,g,h,a,b,c)
- ROUND(38,c,d,e,f,g,h,a,b)
- ROUND(39,b,c,d,e,f,g,h,a)
-
- ROUND(40,a,b,c,d,e,f,g,h)
- ROUND(41,h,a,b,c,d,e,f,g)
- ROUND(42,g,h,a,b,c,d,e,f)
- ROUND(43,f,g,h,a,b,c,d,e)
- ROUND(44,e,f,g,h,a,b,c,d)
- ROUND(45,d,e,f,g,h,a,b,c)
- ROUND(46,c,d,e,f,g,h,a,b)
- ROUND(47,b,c,d,e,f,g,h,a)
-
- ROUND(48,a,b,c,d,e,f,g,h)
- ROUND(49,h,a,b,c,d,e,f,g)
- ROUND(50,g,h,a,b,c,d,e,f)
- ROUND(51,f,g,h,a,b,c,d,e)
- ROUND(52,e,f,g,h,a,b,c,d)
- ROUND(53,d,e,f,g,h,a,b,c)
- ROUND(54,c,d,e,f,g,h,a,b)
- ROUND(55,b,c,d,e,f,g,h,a)
-
- ROUND(56,a,b,c,d,e,f,g,h)
- ROUND(57,h,a,b,c,d,e,f,g)
- ROUND(58,g,h,a,b,c,d,e,f)
- ROUND(59,f,g,h,a,b,c,d,e)
- ROUND(60,e,f,g,h,a,b,c,d)
- ROUND(61,d,e,f,g,h,a,b,c)
- ROUND(62,c,d,e,f,g,h,a,b)
- ROUND(63,b,c,d,e,f,g,h,a)
+ ROUND(0, a, b, c, d, e, f, g, h)
+ ROUND(1, h, a, b, c, d, e, f, g)
+ ROUND(2, g, h, a, b, c, d, e, f)
+ ROUND(3, f, g, h, a, b, c, d, e)
+ ROUND(4, e, f, g, h, a, b, c, d)
+ ROUND(5, d, e, f, g, h, a, b, c)
+ ROUND(6, c, d, e, f, g, h, a, b)
+ ROUND(7, b, c, d, e, f, g, h, a)
+
+ ROUND(8, a, b, c, d, e, f, g, h)
+ ROUND(9, h, a, b, c, d, e, f, g)
+ ROUND(10, g, h, a, b, c, d, e, f)
+ ROUND(11, f, g, h, a, b, c, d, e)
+ ROUND(12, e, f, g, h, a, b, c, d)
+ ROUND(13, d, e, f, g, h, a, b, c)
+ ROUND(14, c, d, e, f, g, h, a, b)
+ ROUND(15, b, c, d, e, f, g, h, a)
+
+ ROUND(16, a, b, c, d, e, f, g, h)
+ ROUND(17, h, a, b, c, d, e, f, g)
+ ROUND(18, g, h, a, b, c, d, e, f)
+ ROUND(19, f, g, h, a, b, c, d, e)
+ ROUND(20, e, f, g, h, a, b, c, d)
+ ROUND(21, d, e, f, g, h, a, b, c)
+ ROUND(22, c, d, e, f, g, h, a, b)
+ ROUND(23, b, c, d, e, f, g, h, a)
+
+ ROUND(24, a, b, c, d, e, f, g, h)
+ ROUND(25, h, a, b, c, d, e, f, g)
+ ROUND(26, g, h, a, b, c, d, e, f)
+ ROUND(27, f, g, h, a, b, c, d, e)
+ ROUND(28, e, f, g, h, a, b, c, d)
+ ROUND(29, d, e, f, g, h, a, b, c)
+ ROUND(30, c, d, e, f, g, h, a, b)
+ ROUND(31, b, c, d, e, f, g, h, a)
+
+ ROUND(32, a, b, c, d, e, f, g, h)
+ ROUND(33, h, a, b, c, d, e, f, g)
+ ROUND(34, g, h, a, b, c, d, e, f)
+ ROUND(35, f, g, h, a, b, c, d, e)
+ ROUND(36, e, f, g, h, a, b, c, d)
+ ROUND(37, d, e, f, g, h, a, b, c)
+ ROUND(38, c, d, e, f, g, h, a, b)
+ ROUND(39, b, c, d, e, f, g, h, a)
+
+ ROUND(40, a, b, c, d, e, f, g, h)
+ ROUND(41, h, a, b, c, d, e, f, g)
+ ROUND(42, g, h, a, b, c, d, e, f)
+ ROUND(43, f, g, h, a, b, c, d, e)
+ ROUND(44, e, f, g, h, a, b, c, d)
+ ROUND(45, d, e, f, g, h, a, b, c)
+ ROUND(46, c, d, e, f, g, h, a, b)
+ ROUND(47, b, c, d, e, f, g, h, a)
+
+ ROUND(48, a, b, c, d, e, f, g, h)
+ ROUND(49, h, a, b, c, d, e, f, g)
+ ROUND(50, g, h, a, b, c, d, e, f)
+ ROUND(51, f, g, h, a, b, c, d, e)
+ ROUND(52, e, f, g, h, a, b, c, d)
+ ROUND(53, d, e, f, g, h, a, b, c)
+ ROUND(54, c, d, e, f, g, h, a, b)
+ ROUND(55, b, c, d, e, f, g, h, a)
+
+ ROUND(56, a, b, c, d, e, f, g, h)
+ ROUND(57, h, a, b, c, d, e, f, g)
+ ROUND(58, g, h, a, b, c, d, e, f)
+ ROUND(59, f, g, h, a, b, c, d, e)
+ ROUND(60, e, f, g, h, a, b, c, d)
+ ROUND(61, d, e, f, g, h, a, b, c)
+ ROUND(62, c, d, e, f, g, h, a, b)
+ ROUND(63, b, c, d, e, f, g, h, a)
#endif
- H[0] += a;
- H[1] += b;
- H[2] += c;
- H[3] += d;
- H[4] += e;
- H[5] += f;
- H[6] += g;
- H[7] += h;
- }
+ H[0] += a;
+ H[1] += b;
+ H[2] += c;
+ H[3] += d;
+ H[4] += e;
+ H[5] += f;
+ H[6] += g;
+ H[7] += h;
+ }
#undef ROUND
}
@@ -383,43 +389,43 @@ SHA256_Compress(SHA256Context *ctx)
#undef S0
#undef S1
-void
+void
SHA256_Update(SHA256Context *ctx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
unsigned int inBuf = ctx->sizeLo & 0x3f;
if (!inputLen)
- return;
+ return;
/* Add inputLen into the count of bytes processed, before processing */
if ((ctx->sizeLo += inputLen) < inputLen)
- ctx->sizeHi++;
+ ctx->sizeHi++;
/* if data already in buffer, attemp to fill rest of buffer */
if (inBuf) {
- unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
- if (inputLen < todo)
- todo = inputLen;
- memcpy(B + inBuf, input, todo);
- input += todo;
- inputLen -= todo;
- if (inBuf + todo == SHA256_BLOCK_LENGTH)
- SHA256_Compress(ctx);
+ unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
+ if (inputLen < todo)
+ todo = inputLen;
+ memcpy(B + inBuf, input, todo);
+ input += todo;
+ inputLen -= todo;
+ if (inBuf + todo == SHA256_BLOCK_LENGTH)
+ SHA256_Compress(ctx);
}
/* if enough data to fill one or more whole buffers, process them. */
while (inputLen >= SHA256_BLOCK_LENGTH) {
- memcpy(B, input, SHA256_BLOCK_LENGTH);
- input += SHA256_BLOCK_LENGTH;
- inputLen -= SHA256_BLOCK_LENGTH;
- SHA256_Compress(ctx);
+ memcpy(B, input, SHA256_BLOCK_LENGTH);
+ input += SHA256_BLOCK_LENGTH;
+ inputLen -= SHA256_BLOCK_LENGTH;
+ SHA256_Compress(ctx);
}
/* if data left over, fill it into buffer */
- if (inputLen)
- memcpy(B, input, inputLen);
+ if (inputLen)
+ memcpy(B, input, inputLen);
}
-void
+void
SHA256_End(SHA256Context *ctx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
@@ -441,7 +447,7 @@ SHA256_End(SHA256Context *ctx, unsigned char *digest,
#endif
SHA256_Compress(ctx);
- /* now output the answer */
+/* now output the answer */
#if defined(IS_LITTLE_ENDIAN)
BYTESWAP4(H[0]);
BYTESWAP4(H[1]);
@@ -455,12 +461,12 @@ SHA256_End(SHA256Context *ctx, unsigned char *digest,
padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
memcpy(digest, H, padLen);
if (digestLen)
- *digestLen = padLen;
+ *digestLen = padLen;
}
void
SHA256_EndRaw(SHA256Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
PRUint32 h[8];
unsigned int len;
@@ -481,11 +487,11 @@ SHA256_EndRaw(SHA256Context *ctx, unsigned char *digest,
len = PR_MIN(SHA256_LENGTH, maxDigestLen);
memcpy(digest, h, len);
if (digestLen)
- *digestLen = len;
+ *digestLen = len;
}
-SECStatus
-SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
+SECStatus
+SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
PRUint32 src_length)
{
SHA256Context ctx;
@@ -499,39 +505,41 @@ SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
return SECSuccess;
}
-
-SECStatus
+SECStatus
SHA256_Hash(unsigned char *dest, const char *src)
{
return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
+void
+SHA256_TraceState(SHA256Context *ctx)
+{
+}
-void SHA256_TraceState(SHA256Context *ctx) { }
-
-unsigned int
+unsigned int
SHA256_FlattenSize(SHA256Context *ctx)
{
return sizeof *ctx;
}
-SECStatus
-SHA256_Flatten(SHA256Context *ctx,unsigned char *space)
+SECStatus
+SHA256_Flatten(SHA256Context *ctx, unsigned char *space)
{
PORT_Memcpy(space, ctx, sizeof *ctx);
return SECSuccess;
}
-SHA256Context *
+SHA256Context *
SHA256_Resurrect(unsigned char *space, void *arg)
{
SHA256Context *ctx = SHA256_NewContext();
- if (ctx)
- PORT_Memcpy(ctx, space, sizeof *ctx);
+ if (ctx)
+ PORT_Memcpy(ctx, space, sizeof *ctx);
return ctx;
}
-void SHA256_Clone(SHA256Context *dest, SHA256Context *src)
+void
+SHA256_Clone(SHA256Context *dest, SHA256Context *src)
{
memcpy(dest, src, sizeof *dest);
}
@@ -540,7 +548,7 @@ void SHA256_Clone(SHA256Context *dest, SHA256Context *src)
/* SHA-224 initial hash values */
static const PRUint32 H224[8] = {
- 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
+ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
};
@@ -565,7 +573,7 @@ SHA224_Begin(SHA224Context *ctx)
void
SHA224_Update(SHA224Context *ctx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
SHA256_Update(ctx, input, inputLen);
}
@@ -580,13 +588,13 @@ SHA224_End(SHA256Context *ctx, unsigned char *digest,
void
SHA224_EndRaw(SHA256Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
SHA256_EndRaw(ctx, digest, digestLen, maxLen);
}
-SECStatus
+SECStatus
SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
PRUint32 src_length)
{
@@ -607,7 +615,10 @@ SHA224_Hash(unsigned char *dest, const char *src)
return SHA224_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
-void SHA224_TraceState(SHA224Context *ctx) { }
+void
+SHA224_TraceState(SHA224Context *ctx)
+{
+}
unsigned int
SHA224_FlattenSize(SHA224Context *ctx)
@@ -627,36 +638,36 @@ SHA224_Resurrect(unsigned char *space, void *arg)
return SHA256_Resurrect(space, arg);
}
-void SHA224_Clone(SHA224Context *dest, SHA224Context *src)
+void
+SHA224_Clone(SHA224Context *dest, SHA224Context *src)
{
SHA256_Clone(dest, src);
}
-
/* ======= SHA512 and SHA384 common constants and defines ================= */
/* common #defines for SHA512 and SHA384 */
#if defined(HAVE_LONG_LONG)
#if defined(_MSC_VER)
-#pragma intrinsic(_rotr64,_rotl64)
-#define ROTR64(x,n) _rotr64(x,n)
-#define ROTL64(x,n) _rotl64(x,n)
+#pragma intrinsic(_rotr64, _rotl64)
+#define ROTR64(x, n) _rotr64(x, n)
+#define ROTL64(x, n) _rotl64(x, n)
#else
-#define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
-#define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
+#define ROTR64(x, n) ((x >> n) | (x << (64 - n)))
+#define ROTL64(x, n) ((x << n) | (x >> (64 - n)))
#endif
-#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
-#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
-#define s0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SHR(x,7))
-#define s1(x) (ROTR64(x,19) ^ ROTR64(x,61) ^ SHR(x,6))
+#define S0(x) (ROTR64(x, 28) ^ ROTR64(x, 34) ^ ROTR64(x, 39))
+#define S1(x) (ROTR64(x, 14) ^ ROTR64(x, 18) ^ ROTR64(x, 41))
+#define s0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SHR(x, 7))
+#define s1(x) (ROTR64(x, 19) ^ ROTR64(x, 61) ^ SHR(x, 6))
#if PR_BYTES_PER_LONG == 8
-#define ULLC(hi,lo) 0x ## hi ## lo ## UL
+#define ULLC(hi, lo) 0x##hi##lo##UL
#elif defined(_MSC_VER)
-#define ULLC(hi,lo) 0x ## hi ## lo ## ui64
+#define ULLC(hi, lo) 0x##hi##lo##ui64
#else
-#define ULLC(hi,lo) 0x ## hi ## lo ## ULL
+#define ULLC(hi, lo) 0x##hi##lo##ULL
#endif
#if defined(IS_LITTLE_ENDIAN)
@@ -665,38 +676,54 @@ void SHA224_Clone(SHA224Context *dest, SHA224Context *src)
#define SHA_HTONLL(x) _byteswap_uint64(x)
#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
-static __inline__ PRUint64 swap8b(PRUint64 value)
+static __inline__ PRUint64
+swap8b(PRUint64 value)
{
- __asm__("bswapq %0" : "+r" (value));
+ __asm__("bswapq %0"
+ : "+r"(value));
return (value);
}
#define SHA_HTONLL(x) swap8b(x)
#else
-#define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
-#define SHA_MASK8 ULLC(00FF00FF,00FF00FF)
-static PRUint64 swap8b(PRUint64 x)
+#define SHA_MASK16 ULLC(0000FFFF, 0000FFFF)
+#define SHA_MASK8 ULLC(00FF00FF, 00FF00FF)
+static PRUint64
+swap8b(PRUint64 x)
{
PRUint64 t1 = x;
- t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 );
+ t1 = ((t1 & SHA_MASK8) << 8) | ((t1 >> 8) & SHA_MASK8);
t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16);
return (t1 >> 32) | (t1 << 32);
}
#define SHA_HTONLL(x) swap8b(x)
#endif
-#define BYTESWAP8(x) x = SHA_HTONLL(x)
+#define BYTESWAP8(x) x = SHA_HTONLL(x)
#endif /* defined(IS_LITTLE_ENDIAN) */
#else /* no long long */
#if defined(IS_LITTLE_ENDIAN)
-#define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }
-#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
- x.hi ^= x.lo ^= x.hi ^= x.lo, x)
-#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \
- tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)
+#define ULLC(hi, lo) \
+ { \
+ 0x##lo##U, 0x##hi##U \
+ }
+#define SHA_HTONLL(x) (BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
+ x.hi ^= x.lo ^= x.hi ^= x.lo, x)
+#define BYTESWAP8(x) \
+ do { \
+ PRUint32 tmp; \
+ BYTESWAP4(x.lo); \
+ BYTESWAP4(x.hi); \
+ tmp = x.lo; \
+ x.lo = x.hi; \
+ x.hi = tmp; \
+ } while (0)
#else
-#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }
+#define ULLC(hi, lo) \
+ { \
+ 0x##hi##U, 0x##lo##U \
+ }
#endif
#endif
@@ -704,98 +731,98 @@ static PRUint64 swap8b(PRUint64 x)
/* SHA-384 and SHA-512 constants, K512. */
static const PRUint64 K512[80] = {
#if PR_BYTES_PER_LONG == 8
- 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL ,
- 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL ,
- 0x3956c25bf348b538UL , 0x59f111f1b605d019UL ,
- 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL ,
- 0xd807aa98a3030242UL , 0x12835b0145706fbeUL ,
- 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL ,
- 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL ,
- 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL ,
- 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL ,
- 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL ,
- 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL ,
- 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL ,
- 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL ,
- 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL ,
- 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL ,
- 0x06ca6351e003826fUL , 0x142929670a0e6e70UL ,
- 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL ,
- 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL ,
- 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL ,
- 0x81c2c92e47edaee6UL , 0x92722c851482353bUL ,
- 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL ,
- 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL ,
- 0xd192e819d6ef5218UL , 0xd69906245565a910UL ,
- 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL ,
- 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL ,
- 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL ,
- 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL ,
- 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL ,
- 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL ,
- 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL ,
- 0x90befffa23631e28UL , 0xa4506cebde82bde9UL ,
- 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL ,
- 0xca273eceea26619cUL , 0xd186b8c721c0c207UL ,
- 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL ,
- 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL ,
- 0x113f9804bef90daeUL , 0x1b710b35131c471bUL ,
- 0x28db77f523047d84UL , 0x32caab7b40c72493UL ,
- 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL ,
- 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL ,
- 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL
+ 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
+ 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
+ 0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
+ 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
+ 0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
+ 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
+ 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
+ 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
+ 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
+ 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
+ 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
+ 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
+ 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
+ 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
+ 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
+ 0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
+ 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
+ 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
+ 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
+ 0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
+ 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
+ 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
+ 0xd192e819d6ef5218UL, 0xd69906245565a910UL,
+ 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
+ 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
+ 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
+ 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
+ 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
+ 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
+ 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
+ 0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
+ 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
+ 0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
+ 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
+ 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
+ 0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
+ 0x28db77f523047d84UL, 0x32caab7b40c72493UL,
+ 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
+ 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
+ 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
#else
- ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd),
- ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),
- ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019),
- ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),
- ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe),
- ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),
- ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1),
- ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),
- ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3),
- ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),
- ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483),
- ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),
- ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210),
- ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),
- ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725),
- ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),
- ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926),
- ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),
- ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8),
- ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),
- ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001),
- ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),
- ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910),
- ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),
- ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53),
- ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),
- ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb),
- ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),
- ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60),
- ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),
- ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9),
- ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),
- ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207),
- ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),
- ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6),
- ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),
- ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493),
- ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),
- ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a),
- ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)
+ ULLC(428a2f98, d728ae22), ULLC(71374491, 23ef65cd),
+ ULLC(b5c0fbcf, ec4d3b2f), ULLC(e9b5dba5, 8189dbbc),
+ ULLC(3956c25b, f348b538), ULLC(59f111f1, b605d019),
+ ULLC(923f82a4, af194f9b), ULLC(ab1c5ed5, da6d8118),
+ ULLC(d807aa98, a3030242), ULLC(12835b01, 45706fbe),
+ ULLC(243185be, 4ee4b28c), ULLC(550c7dc3, d5ffb4e2),
+ ULLC(72be5d74, f27b896f), ULLC(80deb1fe, 3b1696b1),
+ ULLC(9bdc06a7, 25c71235), ULLC(c19bf174, cf692694),
+ ULLC(e49b69c1, 9ef14ad2), ULLC(efbe4786, 384f25e3),
+ ULLC(0fc19dc6, 8b8cd5b5), ULLC(240ca1cc, 77ac9c65),
+ ULLC(2de92c6f, 592b0275), ULLC(4a7484aa, 6ea6e483),
+ ULLC(5cb0a9dc, bd41fbd4), ULLC(76f988da, 831153b5),
+ ULLC(983e5152, ee66dfab), ULLC(a831c66d, 2db43210),
+ ULLC(b00327c8, 98fb213f), ULLC(bf597fc7, beef0ee4),
+ ULLC(c6e00bf3, 3da88fc2), ULLC(d5a79147, 930aa725),
+ ULLC(06ca6351, e003826f), ULLC(14292967, 0a0e6e70),
+ ULLC(27b70a85, 46d22ffc), ULLC(2e1b2138, 5c26c926),
+ ULLC(4d2c6dfc, 5ac42aed), ULLC(53380d13, 9d95b3df),
+ ULLC(650a7354, 8baf63de), ULLC(766a0abb, 3c77b2a8),
+ ULLC(81c2c92e, 47edaee6), ULLC(92722c85, 1482353b),
+ ULLC(a2bfe8a1, 4cf10364), ULLC(a81a664b, bc423001),
+ ULLC(c24b8b70, d0f89791), ULLC(c76c51a3, 0654be30),
+ ULLC(d192e819, d6ef5218), ULLC(d6990624, 5565a910),
+ ULLC(f40e3585, 5771202a), ULLC(106aa070, 32bbd1b8),
+ ULLC(19a4c116, b8d2d0c8), ULLC(1e376c08, 5141ab53),
+ ULLC(2748774c, df8eeb99), ULLC(34b0bcb5, e19b48a8),
+ ULLC(391c0cb3, c5c95a63), ULLC(4ed8aa4a, e3418acb),
+ ULLC(5b9cca4f, 7763e373), ULLC(682e6ff3, d6b2b8a3),
+ ULLC(748f82ee, 5defb2fc), ULLC(78a5636f, 43172f60),
+ ULLC(84c87814, a1f0ab72), ULLC(8cc70208, 1a6439ec),
+ ULLC(90befffa, 23631e28), ULLC(a4506ceb, de82bde9),
+ ULLC(bef9a3f7, b2c67915), ULLC(c67178f2, e372532b),
+ ULLC(ca273ece, ea26619c), ULLC(d186b8c7, 21c0c207),
+ ULLC(eada7dd6, cde0eb1e), ULLC(f57d4f7f, ee6ed178),
+ ULLC(06f067aa, 72176fba), ULLC(0a637dc5, a2c898a6),
+ ULLC(113f9804, bef90dae), ULLC(1b710b35, 131c471b),
+ ULLC(28db77f5, 23047d84), ULLC(32caab7b, 40c72493),
+ ULLC(3c9ebe0a, 15c9bebc), ULLC(431d67c4, 9c100d4c),
+ ULLC(4cc5d4be, cb3e42b6), ULLC(597f299c, fc657e2a),
+ ULLC(5fcb6fab, 3ad6faec), ULLC(6c44198c, 4a475817)
#endif
};
struct SHA512ContextStr {
union {
- PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
- PRUint32 l[160];
- PRUint8 b[640];
+ PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
+ PRUint32 l[160];
+ PRUint8 b[640];
} u;
- PRUint64 h[8]; /* 8 state variables */
- PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
+ PRUint64 h[8]; /* 8 state variables */
+ PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
};
/* =========== SHA512 implementation ===================================== */
@@ -803,19 +830,18 @@ struct SHA512ContextStr {
/* SHA-512 initial hash values */
static const PRUint64 H512[8] = {
#if PR_BYTES_PER_LONG == 8
- 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL ,
- 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL ,
- 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL ,
- 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL
+ 0x6a09e667f3bcc908UL, 0xbb67ae8584caa73bUL,
+ 0x3c6ef372fe94f82bUL, 0xa54ff53a5f1d36f1UL,
+ 0x510e527fade682d1UL, 0x9b05688c2b3e6c1fUL,
+ 0x1f83d9abfb41bd6bUL, 0x5be0cd19137e2179UL
#else
- ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b),
- ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1),
- ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f),
- ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)
+ ULLC(6a09e667, f3bcc908), ULLC(bb67ae85, 84caa73b),
+ ULLC(3c6ef372, fe94f82b), ULLC(a54ff53a, 5f1d36f1),
+ ULLC(510e527f, ade682d1), ULLC(9b05688c, 2b3e6c1f),
+ ULLC(1f83d9ab, fb41bd6b), ULLC(5be0cd19, 137e2179)
#endif
};
-
SHA512Context *
SHA512_NewContext(void)
{
@@ -823,7 +849,7 @@ SHA512_NewContext(void)
return ctx;
}
-void
+void
SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
{
memset(ctx, 0, sizeof *ctx);
@@ -832,7 +858,7 @@ SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
}
}
-void
+void
SHA512_Begin(SHA512Context *ctx)
{
memset(ctx, 0, sizeof *ctx);
@@ -841,84 +867,102 @@ SHA512_Begin(SHA512Context *ctx)
#if defined(SHA512_TRACE)
#if defined(HAVE_LONG_LONG)
-#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
- n, #e, d, #a, h);
+#define DUMP(n, a, d, e, h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
+ n, #e, d, #a, h);
#else
-#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
- n, #e, d.hi, d.lo, #a, h.hi, h.lo);
+#define DUMP(n, a, d, e, h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
+ n, #e, d.hi, d.lo, #a, h.hi, h.lo);
#endif
#else
-#define DUMP(n,a,d,e,h)
+#define DUMP(n, a, d, e, h)
#endif
#if defined(HAVE_LONG_LONG)
-#define ADDTO(x,y) y += x
+#define ADDTO(x, y) y += x
-#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
+#define INITW(t) W[t] = (s1(W[t - 2]) + W[t - 7] + s0(W[t - 15]) + W[t - 16])
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \
- d += h; \
- h += S0(a) + Maj(a,b,c); \
- DUMP(n,a,d,e,h)
+#define ROUND(n, a, b, c, d, e, f, g, h) \
+ h += S1(e) + Ch(e, f, g) + K512[n] + W[n]; \
+ d += h; \
+ h += S0(a) + Maj(a, b, c); \
+ DUMP(n, a, d, e, h)
#else /* use only 32-bit variables, and don't unroll loops */
-#undef NOUNROLL512
+#undef NOUNROLL512
#define NOUNROLL512 1
-#define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)
+#define ADDTO(x, y) \
+ y.lo += x.lo; \
+ y.hi += x.hi + (x.lo > y.lo)
-#define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
-#define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32))
-#define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
+#define ROTR64a(x, n, lo, hi) (x.lo >> n | x.hi << (32 - n))
+#define ROTR64A(x, n, lo, hi) (x.lo << (64 - n) | x.hi >> (n - 32))
+#define SHR64a(x, n, lo, hi) (x.lo >> n | x.hi << (32 - n))
/* Capitol Sigma and lower case sigma functions */
-#define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))
-#define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))
+#define s0lo(x) (ROTR64a(x, 1, lo, hi) ^ ROTR64a(x, 8, lo, hi) ^ SHR64a(x, 7, lo, hi))
+#define s0hi(x) (ROTR64a(x, 1, hi, lo) ^ ROTR64a(x, 8, hi, lo) ^ (x.hi >> 7))
-#define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))
-#define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))
+#define s1lo(x) (ROTR64a(x, 19, lo, hi) ^ ROTR64A(x, 61, lo, hi) ^ SHR64a(x, 6, lo, hi))
+#define s1hi(x) (ROTR64a(x, 19, hi, lo) ^ ROTR64A(x, 61, hi, lo) ^ (x.hi >> 6))
-#define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))
-#define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))
+#define S0lo(x) (ROTR64a(x, 28, lo, hi) ^ ROTR64A(x, 34, lo, hi) ^ ROTR64A(x, 39, lo, hi))
+#define S0hi(x) (ROTR64a(x, 28, hi, lo) ^ ROTR64A(x, 34, hi, lo) ^ ROTR64A(x, 39, hi, lo))
-#define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))
-#define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))
+#define S1lo(x) (ROTR64a(x, 14, lo, hi) ^ ROTR64a(x, 18, lo, hi) ^ ROTR64A(x, 41, lo, hi))
+#define S1hi(x) (ROTR64a(x, 14, hi, lo) ^ ROTR64a(x, 18, hi, lo) ^ ROTR64A(x, 41, hi, lo))
/* 32-bit versions of Ch and Maj */
-#define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
-#define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
-
-#define INITW(t) \
- do { \
- PRUint32 lo, tm; \
- PRUint32 cy = 0; \
- lo = s1lo(W[t-2]); \
- lo += (tm = W[t-7].lo); if (lo < tm) cy++; \
- lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \
- lo += (tm = W[t-16].lo); if (lo < tm) cy++; \
- W[t].lo = lo; \
- W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \
+#define Chxx(x, y, z, lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
+#define Majx(x, y, z, lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
+
+#define INITW(t) \
+ do { \
+ PRUint32 lo, tm; \
+ PRUint32 cy = 0; \
+ lo = s1lo(W[t - 2]); \
+ lo += (tm = W[t - 7].lo); \
+ if (lo < tm) \
+ cy++; \
+ lo += (tm = s0lo(W[t - 15])); \
+ if (lo < tm) \
+ cy++; \
+ lo += (tm = W[t - 16].lo); \
+ if (lo < tm) \
+ cy++; \
+ W[t].lo = lo; \
+ W[t].hi = cy + s1hi(W[t - 2]) + W[t - 7].hi + s0hi(W[t - 15]) + W[t - 16].hi; \
} while (0)
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- { \
- PRUint32 lo, tm, cy; \
- lo = S1lo(e); \
- lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \
- lo += (tm = K512[n].lo); if (lo < tm) cy++; \
- lo += (tm = W[n].lo); if (lo < tm) cy++; \
- h.lo += lo; if (h.lo < lo) cy++; \
- h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \
- d.lo += h.lo; \
- d.hi += h.hi + (d.lo < h.lo); \
- lo = S0lo(a); \
- lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \
- h.lo += lo; if (h.lo < lo) cy++; \
- h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \
- DUMP(n,a,d,e,h) \
+#define ROUND(n, a, b, c, d, e, f, g, h) \
+ { \
+ PRUint32 lo, tm, cy; \
+ lo = S1lo(e); \
+ lo += (tm = Chxx(e, f, g, lo)); \
+ cy = (lo < tm); \
+ lo += (tm = K512[n].lo); \
+ if (lo < tm) \
+ cy++; \
+ lo += (tm = W[n].lo); \
+ if (lo < tm) \
+ cy++; \
+ h.lo += lo; \
+ if (h.lo < lo) \
+ cy++; \
+ h.hi += cy + S1hi(e) + Chxx(e, f, g, hi) + K512[n].hi + W[n].hi; \
+ d.lo += h.lo; \
+ d.hi += h.hi + (d.lo < h.lo); \
+ lo = S0lo(a); \
+ lo += (tm = Majx(a, b, c, lo)); \
+ cy = (lo < tm); \
+ h.lo += lo; \
+ if (h.lo < lo) \
+ cy++; \
+ h.hi += cy + S0hi(a) + Majx(a, b, c, hi); \
+ DUMP(n, a, d, e, h) \
}
#endif
@@ -926,256 +970,256 @@ static void
SHA512_Compress(SHA512Context *ctx)
{
#if defined(IS_LITTLE_ENDIAN)
- {
- BYTESWAP8(W[0]);
- BYTESWAP8(W[1]);
- BYTESWAP8(W[2]);
- BYTESWAP8(W[3]);
- BYTESWAP8(W[4]);
- BYTESWAP8(W[5]);
- BYTESWAP8(W[6]);
- BYTESWAP8(W[7]);
- BYTESWAP8(W[8]);
- BYTESWAP8(W[9]);
- BYTESWAP8(W[10]);
- BYTESWAP8(W[11]);
- BYTESWAP8(W[12]);
- BYTESWAP8(W[13]);
- BYTESWAP8(W[14]);
- BYTESWAP8(W[15]);
- }
+ {
+ BYTESWAP8(W[0]);
+ BYTESWAP8(W[1]);
+ BYTESWAP8(W[2]);
+ BYTESWAP8(W[3]);
+ BYTESWAP8(W[4]);
+ BYTESWAP8(W[5]);
+ BYTESWAP8(W[6]);
+ BYTESWAP8(W[7]);
+ BYTESWAP8(W[8]);
+ BYTESWAP8(W[9]);
+ BYTESWAP8(W[10]);
+ BYTESWAP8(W[11]);
+ BYTESWAP8(W[12]);
+ BYTESWAP8(W[13]);
+ BYTESWAP8(W[14]);
+ BYTESWAP8(W[15]);
+ }
#endif
- {
-#ifdef NOUNROLL512
{
- /* prepare the "message schedule" */
- int t;
- for (t = 16; t < 80; ++t) {
- INITW(t);
- }
- }
+#ifdef NOUNROLL512
+ {
+ /* prepare the "message schedule" */
+ int t;
+ for (t = 16; t < 80; ++t) {
+ INITW(t);
+ }
+ }
#else
- INITW(16);
- INITW(17);
- INITW(18);
- INITW(19);
-
- INITW(20);
- INITW(21);
- INITW(22);
- INITW(23);
- INITW(24);
- INITW(25);
- INITW(26);
- INITW(27);
- INITW(28);
- INITW(29);
-
- INITW(30);
- INITW(31);
- INITW(32);
- INITW(33);
- INITW(34);
- INITW(35);
- INITW(36);
- INITW(37);
- INITW(38);
- INITW(39);
-
- INITW(40);
- INITW(41);
- INITW(42);
- INITW(43);
- INITW(44);
- INITW(45);
- INITW(46);
- INITW(47);
- INITW(48);
- INITW(49);
-
- INITW(50);
- INITW(51);
- INITW(52);
- INITW(53);
- INITW(54);
- INITW(55);
- INITW(56);
- INITW(57);
- INITW(58);
- INITW(59);
-
- INITW(60);
- INITW(61);
- INITW(62);
- INITW(63);
- INITW(64);
- INITW(65);
- INITW(66);
- INITW(67);
- INITW(68);
- INITW(69);
-
- INITW(70);
- INITW(71);
- INITW(72);
- INITW(73);
- INITW(74);
- INITW(75);
- INITW(76);
- INITW(77);
- INITW(78);
- INITW(79);
+ INITW(16);
+ INITW(17);
+ INITW(18);
+ INITW(19);
+
+ INITW(20);
+ INITW(21);
+ INITW(22);
+ INITW(23);
+ INITW(24);
+ INITW(25);
+ INITW(26);
+ INITW(27);
+ INITW(28);
+ INITW(29);
+
+ INITW(30);
+ INITW(31);
+ INITW(32);
+ INITW(33);
+ INITW(34);
+ INITW(35);
+ INITW(36);
+ INITW(37);
+ INITW(38);
+ INITW(39);
+
+ INITW(40);
+ INITW(41);
+ INITW(42);
+ INITW(43);
+ INITW(44);
+ INITW(45);
+ INITW(46);
+ INITW(47);
+ INITW(48);
+ INITW(49);
+
+ INITW(50);
+ INITW(51);
+ INITW(52);
+ INITW(53);
+ INITW(54);
+ INITW(55);
+ INITW(56);
+ INITW(57);
+ INITW(58);
+ INITW(59);
+
+ INITW(60);
+ INITW(61);
+ INITW(62);
+ INITW(63);
+ INITW(64);
+ INITW(65);
+ INITW(66);
+ INITW(67);
+ INITW(68);
+ INITW(69);
+
+ INITW(70);
+ INITW(71);
+ INITW(72);
+ INITW(73);
+ INITW(74);
+ INITW(75);
+ INITW(76);
+ INITW(77);
+ INITW(78);
+ INITW(79);
#endif
- }
+ }
#ifdef SHA512_TRACE
- {
- int i;
- for (i = 0; i < 80; ++i) {
+ {
+ int i;
+ for (i = 0; i < 80; ++i) {
#ifdef HAVE_LONG_LONG
- printf("W[%2d] = %016lx\n", i, W[i]);
+ printf("W[%2d] = %016lx\n", i, W[i]);
#else
- printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
+ printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
#endif
+ }
}
- }
#endif
- {
- PRUint64 a, b, c, d, e, f, g, h;
-
- a = H[0];
- b = H[1];
- c = H[2];
- d = H[3];
- e = H[4];
- f = H[5];
- g = H[6];
- h = H[7];
+ {
+ PRUint64 a, b, c, d, e, f, g, h;
+
+ a = H[0];
+ b = H[1];
+ c = H[2];
+ d = H[3];
+ e = H[4];
+ f = H[5];
+ g = H[6];
+ h = H[7];
#ifdef NOUNROLL512
- {
- int t;
- for (t = 0; t < 80; t+= 8) {
- ROUND(t+0,a,b,c,d,e,f,g,h)
- ROUND(t+1,h,a,b,c,d,e,f,g)
- ROUND(t+2,g,h,a,b,c,d,e,f)
- ROUND(t+3,f,g,h,a,b,c,d,e)
- ROUND(t+4,e,f,g,h,a,b,c,d)
- ROUND(t+5,d,e,f,g,h,a,b,c)
- ROUND(t+6,c,d,e,f,g,h,a,b)
- ROUND(t+7,b,c,d,e,f,g,h,a)
- }
- }
+ {
+ int t;
+ for (t = 0; t < 80; t += 8) {
+ ROUND(t + 0, a, b, c, d, e, f, g, h)
+ ROUND(t + 1, h, a, b, c, d, e, f, g)
+ ROUND(t + 2, g, h, a, b, c, d, e, f)
+ ROUND(t + 3, f, g, h, a, b, c, d, e)
+ ROUND(t + 4, e, f, g, h, a, b, c, d)
+ ROUND(t + 5, d, e, f, g, h, a, b, c)
+ ROUND(t + 6, c, d, e, f, g, h, a, b)
+ ROUND(t + 7, b, c, d, e, f, g, h, a)
+ }
+ }
#else
- ROUND( 0,a,b,c,d,e,f,g,h)
- ROUND( 1,h,a,b,c,d,e,f,g)
- ROUND( 2,g,h,a,b,c,d,e,f)
- ROUND( 3,f,g,h,a,b,c,d,e)
- ROUND( 4,e,f,g,h,a,b,c,d)
- ROUND( 5,d,e,f,g,h,a,b,c)
- ROUND( 6,c,d,e,f,g,h,a,b)
- ROUND( 7,b,c,d,e,f,g,h,a)
-
- ROUND( 8,a,b,c,d,e,f,g,h)
- ROUND( 9,h,a,b,c,d,e,f,g)
- ROUND(10,g,h,a,b,c,d,e,f)
- ROUND(11,f,g,h,a,b,c,d,e)
- ROUND(12,e,f,g,h,a,b,c,d)
- ROUND(13,d,e,f,g,h,a,b,c)
- ROUND(14,c,d,e,f,g,h,a,b)
- ROUND(15,b,c,d,e,f,g,h,a)
-
- ROUND(16,a,b,c,d,e,f,g,h)
- ROUND(17,h,a,b,c,d,e,f,g)
- ROUND(18,g,h,a,b,c,d,e,f)
- ROUND(19,f,g,h,a,b,c,d,e)
- ROUND(20,e,f,g,h,a,b,c,d)
- ROUND(21,d,e,f,g,h,a,b,c)
- ROUND(22,c,d,e,f,g,h,a,b)
- ROUND(23,b,c,d,e,f,g,h,a)
-
- ROUND(24,a,b,c,d,e,f,g,h)
- ROUND(25,h,a,b,c,d,e,f,g)
- ROUND(26,g,h,a,b,c,d,e,f)
- ROUND(27,f,g,h,a,b,c,d,e)
- ROUND(28,e,f,g,h,a,b,c,d)
- ROUND(29,d,e,f,g,h,a,b,c)
- ROUND(30,c,d,e,f,g,h,a,b)
- ROUND(31,b,c,d,e,f,g,h,a)
-
- ROUND(32,a,b,c,d,e,f,g,h)
- ROUND(33,h,a,b,c,d,e,f,g)
- ROUND(34,g,h,a,b,c,d,e,f)
- ROUND(35,f,g,h,a,b,c,d,e)
- ROUND(36,e,f,g,h,a,b,c,d)
- ROUND(37,d,e,f,g,h,a,b,c)
- ROUND(38,c,d,e,f,g,h,a,b)
- ROUND(39,b,c,d,e,f,g,h,a)
-
- ROUND(40,a,b,c,d,e,f,g,h)
- ROUND(41,h,a,b,c,d,e,f,g)
- ROUND(42,g,h,a,b,c,d,e,f)
- ROUND(43,f,g,h,a,b,c,d,e)
- ROUND(44,e,f,g,h,a,b,c,d)
- ROUND(45,d,e,f,g,h,a,b,c)
- ROUND(46,c,d,e,f,g,h,a,b)
- ROUND(47,b,c,d,e,f,g,h,a)
-
- ROUND(48,a,b,c,d,e,f,g,h)
- ROUND(49,h,a,b,c,d,e,f,g)
- ROUND(50,g,h,a,b,c,d,e,f)
- ROUND(51,f,g,h,a,b,c,d,e)
- ROUND(52,e,f,g,h,a,b,c,d)
- ROUND(53,d,e,f,g,h,a,b,c)
- ROUND(54,c,d,e,f,g,h,a,b)
- ROUND(55,b,c,d,e,f,g,h,a)
-
- ROUND(56,a,b,c,d,e,f,g,h)
- ROUND(57,h,a,b,c,d,e,f,g)
- ROUND(58,g,h,a,b,c,d,e,f)
- ROUND(59,f,g,h,a,b,c,d,e)
- ROUND(60,e,f,g,h,a,b,c,d)
- ROUND(61,d,e,f,g,h,a,b,c)
- ROUND(62,c,d,e,f,g,h,a,b)
- ROUND(63,b,c,d,e,f,g,h,a)
-
- ROUND(64,a,b,c,d,e,f,g,h)
- ROUND(65,h,a,b,c,d,e,f,g)
- ROUND(66,g,h,a,b,c,d,e,f)
- ROUND(67,f,g,h,a,b,c,d,e)
- ROUND(68,e,f,g,h,a,b,c,d)
- ROUND(69,d,e,f,g,h,a,b,c)
- ROUND(70,c,d,e,f,g,h,a,b)
- ROUND(71,b,c,d,e,f,g,h,a)
-
- ROUND(72,a,b,c,d,e,f,g,h)
- ROUND(73,h,a,b,c,d,e,f,g)
- ROUND(74,g,h,a,b,c,d,e,f)
- ROUND(75,f,g,h,a,b,c,d,e)
- ROUND(76,e,f,g,h,a,b,c,d)
- ROUND(77,d,e,f,g,h,a,b,c)
- ROUND(78,c,d,e,f,g,h,a,b)
- ROUND(79,b,c,d,e,f,g,h,a)
+ ROUND(0, a, b, c, d, e, f, g, h)
+ ROUND(1, h, a, b, c, d, e, f, g)
+ ROUND(2, g, h, a, b, c, d, e, f)
+ ROUND(3, f, g, h, a, b, c, d, e)
+ ROUND(4, e, f, g, h, a, b, c, d)
+ ROUND(5, d, e, f, g, h, a, b, c)
+ ROUND(6, c, d, e, f, g, h, a, b)
+ ROUND(7, b, c, d, e, f, g, h, a)
+
+ ROUND(8, a, b, c, d, e, f, g, h)
+ ROUND(9, h, a, b, c, d, e, f, g)
+ ROUND(10, g, h, a, b, c, d, e, f)
+ ROUND(11, f, g, h, a, b, c, d, e)
+ ROUND(12, e, f, g, h, a, b, c, d)
+ ROUND(13, d, e, f, g, h, a, b, c)
+ ROUND(14, c, d, e, f, g, h, a, b)
+ ROUND(15, b, c, d, e, f, g, h, a)
+
+ ROUND(16, a, b, c, d, e, f, g, h)
+ ROUND(17, h, a, b, c, d, e, f, g)
+ ROUND(18, g, h, a, b, c, d, e, f)
+ ROUND(19, f, g, h, a, b, c, d, e)
+ ROUND(20, e, f, g, h, a, b, c, d)
+ ROUND(21, d, e, f, g, h, a, b, c)
+ ROUND(22, c, d, e, f, g, h, a, b)
+ ROUND(23, b, c, d, e, f, g, h, a)
+
+ ROUND(24, a, b, c, d, e, f, g, h)
+ ROUND(25, h, a, b, c, d, e, f, g)
+ ROUND(26, g, h, a, b, c, d, e, f)
+ ROUND(27, f, g, h, a, b, c, d, e)
+ ROUND(28, e, f, g, h, a, b, c, d)
+ ROUND(29, d, e, f, g, h, a, b, c)
+ ROUND(30, c, d, e, f, g, h, a, b)
+ ROUND(31, b, c, d, e, f, g, h, a)
+
+ ROUND(32, a, b, c, d, e, f, g, h)
+ ROUND(33, h, a, b, c, d, e, f, g)
+ ROUND(34, g, h, a, b, c, d, e, f)
+ ROUND(35, f, g, h, a, b, c, d, e)
+ ROUND(36, e, f, g, h, a, b, c, d)
+ ROUND(37, d, e, f, g, h, a, b, c)
+ ROUND(38, c, d, e, f, g, h, a, b)
+ ROUND(39, b, c, d, e, f, g, h, a)
+
+ ROUND(40, a, b, c, d, e, f, g, h)
+ ROUND(41, h, a, b, c, d, e, f, g)
+ ROUND(42, g, h, a, b, c, d, e, f)
+ ROUND(43, f, g, h, a, b, c, d, e)
+ ROUND(44, e, f, g, h, a, b, c, d)
+ ROUND(45, d, e, f, g, h, a, b, c)
+ ROUND(46, c, d, e, f, g, h, a, b)
+ ROUND(47, b, c, d, e, f, g, h, a)
+
+ ROUND(48, a, b, c, d, e, f, g, h)
+ ROUND(49, h, a, b, c, d, e, f, g)
+ ROUND(50, g, h, a, b, c, d, e, f)
+ ROUND(51, f, g, h, a, b, c, d, e)
+ ROUND(52, e, f, g, h, a, b, c, d)
+ ROUND(53, d, e, f, g, h, a, b, c)
+ ROUND(54, c, d, e, f, g, h, a, b)
+ ROUND(55, b, c, d, e, f, g, h, a)
+
+ ROUND(56, a, b, c, d, e, f, g, h)
+ ROUND(57, h, a, b, c, d, e, f, g)
+ ROUND(58, g, h, a, b, c, d, e, f)
+ ROUND(59, f, g, h, a, b, c, d, e)
+ ROUND(60, e, f, g, h, a, b, c, d)
+ ROUND(61, d, e, f, g, h, a, b, c)
+ ROUND(62, c, d, e, f, g, h, a, b)
+ ROUND(63, b, c, d, e, f, g, h, a)
+
+ ROUND(64, a, b, c, d, e, f, g, h)
+ ROUND(65, h, a, b, c, d, e, f, g)
+ ROUND(66, g, h, a, b, c, d, e, f)
+ ROUND(67, f, g, h, a, b, c, d, e)
+ ROUND(68, e, f, g, h, a, b, c, d)
+ ROUND(69, d, e, f, g, h, a, b, c)
+ ROUND(70, c, d, e, f, g, h, a, b)
+ ROUND(71, b, c, d, e, f, g, h, a)
+
+ ROUND(72, a, b, c, d, e, f, g, h)
+ ROUND(73, h, a, b, c, d, e, f, g)
+ ROUND(74, g, h, a, b, c, d, e, f)
+ ROUND(75, f, g, h, a, b, c, d, e)
+ ROUND(76, e, f, g, h, a, b, c, d)
+ ROUND(77, d, e, f, g, h, a, b, c)
+ ROUND(78, c, d, e, f, g, h, a, b)
+ ROUND(79, b, c, d, e, f, g, h, a)
#endif
- ADDTO(a,H[0]);
- ADDTO(b,H[1]);
- ADDTO(c,H[2]);
- ADDTO(d,H[3]);
- ADDTO(e,H[4]);
- ADDTO(f,H[5]);
- ADDTO(g,H[6]);
- ADDTO(h,H[7]);
- }
+ ADDTO(a, H[0]);
+ ADDTO(b, H[1]);
+ ADDTO(c, H[2]);
+ ADDTO(d, H[3]);
+ ADDTO(e, H[4]);
+ ADDTO(f, H[5]);
+ ADDTO(g, H[6]);
+ ADDTO(h, H[7]);
+ }
}
-void
+void
SHA512_Update(SHA512Context *ctx, const unsigned char *input,
unsigned int inputLen)
{
unsigned int inBuf;
if (!inputLen)
- return;
+ return;
#if defined(HAVE_LONG_LONG)
inBuf = (unsigned int)ctx->sizeLo & 0x7f;
@@ -1184,41 +1228,42 @@ SHA512_Update(SHA512Context *ctx, const unsigned char *input,
#else
inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
ctx->sizeLo.lo += inputLen;
- if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;
+ if (ctx->sizeLo.lo < inputLen)
+ ctx->sizeLo.hi++;
#endif
/* if data already in buffer, attemp to fill rest of buffer */
if (inBuf) {
- unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
- if (inputLen < todo)
- todo = inputLen;
- memcpy(B + inBuf, input, todo);
- input += todo;
- inputLen -= todo;
- if (inBuf + todo == SHA512_BLOCK_LENGTH)
- SHA512_Compress(ctx);
+ unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
+ if (inputLen < todo)
+ todo = inputLen;
+ memcpy(B + inBuf, input, todo);
+ input += todo;
+ inputLen -= todo;
+ if (inBuf + todo == SHA512_BLOCK_LENGTH)
+ SHA512_Compress(ctx);
}
/* if enough data to fill one or more whole buffers, process them. */
while (inputLen >= SHA512_BLOCK_LENGTH) {
- memcpy(B, input, SHA512_BLOCK_LENGTH);
- input += SHA512_BLOCK_LENGTH;
- inputLen -= SHA512_BLOCK_LENGTH;
- SHA512_Compress(ctx);
+ memcpy(B, input, SHA512_BLOCK_LENGTH);
+ input += SHA512_BLOCK_LENGTH;
+ inputLen -= SHA512_BLOCK_LENGTH;
+ SHA512_Compress(ctx);
}
/* if data left over, fill it into buffer */
- if (inputLen)
- memcpy(B, input, inputLen);
+ if (inputLen)
+ memcpy(B, input, inputLen);
}
-void
+void
SHA512_End(SHA512Context *ctx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
#if defined(HAVE_LONG_LONG)
- unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
+ unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
#else
- unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
+ unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
#endif
unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
PRUint64 lo;
@@ -1239,7 +1284,7 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest,
#endif
SHA512_Compress(ctx);
- /* now output the answer */
+/* now output the answer */
#if defined(IS_LITTLE_ENDIAN)
BYTESWAP8(H[0]);
BYTESWAP8(H[1]);
@@ -1253,7 +1298,7 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest,
padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
memcpy(digest, H, padLen);
if (digestLen)
- *digestLen = padLen;
+ *digestLen = padLen;
}
void
@@ -1278,11 +1323,11 @@ SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest,
len = PR_MIN(SHA512_LENGTH, maxDigestLen);
memcpy(digest, h, len);
if (digestLen)
- *digestLen = len;
+ *digestLen = len;
}
-SECStatus
-SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
+SECStatus
+SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
PRUint32 src_length)
{
SHA512Context ctx;
@@ -1296,45 +1341,47 @@ SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
return SECSuccess;
}
-
-SECStatus
+SECStatus
SHA512_Hash(unsigned char *dest, const char *src)
{
return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
+void
+SHA512_TraceState(SHA512Context *ctx)
+{
+}
-void SHA512_TraceState(SHA512Context *ctx) { }
-
-unsigned int
+unsigned int
SHA512_FlattenSize(SHA512Context *ctx)
{
return sizeof *ctx;
}
-SECStatus
-SHA512_Flatten(SHA512Context *ctx,unsigned char *space)
+SECStatus
+SHA512_Flatten(SHA512Context *ctx, unsigned char *space)
{
PORT_Memcpy(space, ctx, sizeof *ctx);
return SECSuccess;
}
-SHA512Context *
+SHA512Context *
SHA512_Resurrect(unsigned char *space, void *arg)
{
SHA512Context *ctx = SHA512_NewContext();
- if (ctx)
- PORT_Memcpy(ctx, space, sizeof *ctx);
+ if (ctx)
+ PORT_Memcpy(ctx, space, sizeof *ctx);
return ctx;
}
-void SHA512_Clone(SHA512Context *dest, SHA512Context *src)
+void
+SHA512_Clone(SHA512Context *dest, SHA512Context *src)
{
memcpy(dest, src, sizeof *dest);
}
/* ======================================================================= */
-/* SHA384 uses a SHA512Context as the real context.
+/* SHA384 uses a SHA512Context as the real context.
** The only differences between SHA384 an SHA512 are:
** a) the intialization values for the context, and
** b) the number of bytes of data produced as output.
@@ -1343,15 +1390,15 @@ void SHA512_Clone(SHA512Context *dest, SHA512Context *src)
/* SHA-384 initial hash values */
static const PRUint64 H384[8] = {
#if PR_BYTES_PER_LONG == 8
- 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL ,
- 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL ,
- 0x67332667ffc00b31UL , 0x8eb44a8768581511UL ,
- 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL
+ 0xcbbb9d5dc1059ed8UL, 0x629a292a367cd507UL,
+ 0x9159015a3070dd17UL, 0x152fecd8f70e5939UL,
+ 0x67332667ffc00b31UL, 0x8eb44a8768581511UL,
+ 0xdb0c2e0d64f98fa7UL, 0x47b5481dbefa4fa4UL
#else
- ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507),
- ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939),
- ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511),
- ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)
+ ULLC(cbbb9d5d, c1059ed8), ULLC(629a292a, 367cd507),
+ ULLC(9159015a, 3070dd17), ULLC(152fecd8, f70e5939),
+ ULLC(67332667, ffc00b31), ULLC(8eb44a87, 68581511),
+ ULLC(db0c2e0d, 64f98fa7), ULLC(47b5481d, befa4fa4)
#endif
};
@@ -1361,29 +1408,29 @@ SHA384_NewContext(void)
return SHA512_NewContext();
}
-void
+void
SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
{
SHA512_DestroyContext(ctx, freeit);
}
-void
+void
SHA384_Begin(SHA384Context *ctx)
{
memset(ctx, 0, sizeof *ctx);
memcpy(H, H384, sizeof H384);
}
-void
+void
SHA384_Update(SHA384Context *ctx, const unsigned char *input,
- unsigned int inputLen)
+ unsigned int inputLen)
{
SHA512_Update(ctx, input, inputLen);
}
-void
+void
SHA384_End(SHA384Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
SHA512_End(ctx, digest, digestLen, maxLen);
@@ -1391,15 +1438,15 @@ SHA384_End(SHA384Context *ctx, unsigned char *digest,
void
SHA384_EndRaw(SHA384Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
SHA512_EndRaw(ctx, digest, digestLen, maxLen);
}
-SECStatus
+SECStatus
SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
- PRUint32 src_length)
+ PRUint32 src_length)
{
SHA512Context ctx;
unsigned int outLen;
@@ -1412,33 +1459,37 @@ SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
return SECSuccess;
}
-SECStatus
+SECStatus
SHA384_Hash(unsigned char *dest, const char *src)
{
return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
-void SHA384_TraceState(SHA384Context *ctx) { }
+void
+SHA384_TraceState(SHA384Context *ctx)
+{
+}
-unsigned int
+unsigned int
SHA384_FlattenSize(SHA384Context *ctx)
{
return sizeof(SHA384Context);
}
-SECStatus
-SHA384_Flatten(SHA384Context *ctx,unsigned char *space)
+SECStatus
+SHA384_Flatten(SHA384Context *ctx, unsigned char *space)
{
return SHA512_Flatten(ctx, space);
}
-SHA384Context *
+SHA384Context *
SHA384_Resurrect(unsigned char *space, void *arg)
{
return SHA512_Resurrect(space, arg);
}
-void SHA384_Clone(SHA384Context *dest, SHA384Context *src)
+void
+SHA384_Clone(SHA384Context *dest, SHA384Context *src)
{
memcpy(dest, src, sizeof *dest);
}
@@ -1448,12 +1499,12 @@ void SHA384_Clone(SHA384Context *dest, SHA384Context *src)
#include <stdio.h>
static const char abc[] = { "abc" };
-static const char abcdbc[] = {
+static const char abcdbc[] = {
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
};
-static const char abcdef[] = {
+static const char abcdef[] = {
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
};
void
@@ -1461,12 +1512,13 @@ dumpHash32(const unsigned char *buf, unsigned int bufLen)
{
unsigned int i;
for (i = 0; i < bufLen; i += 4) {
- printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);
+ printf(" %02x%02x%02x%02x", buf[i], buf[i + 1], buf[i + 2], buf[i + 3]);
}
printf("\n");
}
-void test256(void)
+void
+test256(void)
{
unsigned char outBuf[SHA256_LENGTH];
@@ -1479,7 +1531,8 @@ void test256(void)
dumpHash32(outBuf, sizeof outBuf);
}
-void test224(void)
+void
+test224(void)
{
SHA224Context ctx;
unsigned char a1000times[1000];
@@ -1500,7 +1553,7 @@ void test224(void)
/* Test Vector 3 */
/* to hash one million 'a's perform 1000
- * sha224 updates on a buffer with 1000 'a's
+ * sha224 updates on a buffer with 1000 'a's
*/
memset(a1000times, 'a', 1000);
printf("SHA224, input = %s\n", "a one million times");
@@ -1516,16 +1569,17 @@ dumpHash64(const unsigned char *buf, unsigned int bufLen)
{
unsigned int i;
for (i = 0; i < bufLen; i += 8) {
- if (i % 32 == 0)
- printf("\n");
- printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
- buf[i ], buf[i+1], buf[i+2], buf[i+3],
- buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
+ if (i % 32 == 0)
+ printf("\n");
+ printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
+ buf[i], buf[i + 1], buf[i + 2], buf[i + 3],
+ buf[i + 4], buf[i + 5], buf[i + 6], buf[i + 7]);
}
printf("\n");
}
-void test512(void)
+void
+test512(void)
{
unsigned char outBuf[SHA512_LENGTH];
@@ -1538,7 +1592,8 @@ void test512(void)
dumpHash64(outBuf, sizeof outBuf);
}
-void time512(void)
+void
+time512(void)
{
unsigned char outBuf[SHA512_LENGTH];
@@ -1546,7 +1601,8 @@ void time512(void)
SHA512_Hash(outBuf, abcdef);
}
-void test384(void)
+void
+test384(void)
{
unsigned char outBuf[SHA384_LENGTH];
@@ -1559,27 +1615,41 @@ void test384(void)
dumpHash64(outBuf, sizeof outBuf);
}
-int main (int argc, char *argv[], char *envp[])
+int
+main(int argc, char *argv[], char *envp[])
{
int i = 1;
if (argc > 1) {
- i = atoi(argv[1]);
+ i = atoi(argv[1]);
}
if (i < 2) {
- test224();
- test256();
- test384();
- test512();
+ test224();
+ test256();
+ test384();
+ test512();
} else {
- while (i-- > 0) {
- time512();
- }
- printf("done\n");
+ while (i-- > 0) {
+ time512();
+ }
+ printf("done\n");
}
return 0;
}
-void *PORT_Alloc(size_t len) { return malloc(len); }
-void PORT_Free(void *ptr) { free(ptr); }
-void PORT_ZFree(void *ptr, size_t len) { memset(ptr, 0, len); free(ptr); }
+void *
+PORT_Alloc(size_t len)
+{
+ return malloc(len);
+}
+void
+PORT_Free(void *ptr)
+{
+ free(ptr);
+}
+void
+PORT_ZFree(void *ptr, size_t len)
+{
+ memset(ptr, 0, len);
+ free(ptr);
+}
#endif
diff --git a/lib/freebl/sha_fast.c b/lib/freebl/sha_fast.c
index 290194953..33eed43e2 100644
--- a/lib/freebl/sha_fast.c
+++ b/lib/freebl/sha_fast.c
@@ -16,38 +16,37 @@
#include "ssltrace.h"
#endif
-static void shaCompress(volatile SHA_HW_t *X, const PRUint32 * datain);
+static void shaCompress(volatile SHA_HW_t *X, const PRUint32 *datain);
#define W u.w
#define B u.b
+#define SHA_F1(X, Y, Z) ((((Y) ^ (Z)) & (X)) ^ (Z))
+#define SHA_F2(X, Y, Z) ((X) ^ (Y) ^ (Z))
+#define SHA_F3(X, Y, Z) (((X) & (Y)) | ((Z) & ((X) | (Y))))
+#define SHA_F4(X, Y, Z) ((X) ^ (Y) ^ (Z))
-#define SHA_F1(X,Y,Z) ((((Y)^(Z))&(X))^(Z))
-#define SHA_F2(X,Y,Z) ((X)^(Y)^(Z))
-#define SHA_F3(X,Y,Z) (((X)&(Y))|((Z)&((X)|(Y))))
-#define SHA_F4(X,Y,Z) ((X)^(Y)^(Z))
-
-#define SHA_MIX(n,a,b,c) XW(n) = SHA_ROTL(XW(a)^XW(b)^XW(c)^XW(n), 1)
+#define SHA_MIX(n, a, b, c) XW(n) = SHA_ROTL(XW(a) ^ XW(b) ^ XW(c) ^ XW(n), 1)
/*
* SHA: initialize context
*/
-void
+void
SHA1_Begin(SHA1Context *ctx)
{
- ctx->size = 0;
- /*
+ ctx->size = 0;
+ /*
* Initialize H with constants from FIPS180-1.
*/
- ctx->H[0] = 0x67452301L;
- ctx->H[1] = 0xefcdab89L;
- ctx->H[2] = 0x98badcfeL;
- ctx->H[3] = 0x10325476L;
- ctx->H[4] = 0xc3d2e1f0L;
+ ctx->H[0] = 0x67452301L;
+ ctx->H[1] = 0xefcdab89L;
+ ctx->H[2] = 0x98badcfeL;
+ ctx->H[3] = 0x10325476L;
+ ctx->H[4] = 0xc3d2e1f0L;
}
/* Explanation of H array and index values:
- * The context's H array is actually the concatenation of two arrays
+ * The context's H array is actually the concatenation of two arrays
* defined by SHA1, the H array of state variables (5 elements),
* and the W array of intermediate values, of which there are 16 elements.
* The W array starts at H[5], that is W[0] is H[5].
@@ -60,26 +59,26 @@ SHA1_Begin(SHA1Context *ctx)
* of the first element of this array, but rather pass the address of an
* element in the middle of the array, element X. Presently X[0] is H[11].
* So we pass the address of H[11] as the address of array X to shaCompress.
- * Then shaCompress accesses the members of the array using positive AND
- * negative indexes.
+ * Then shaCompress accesses the members of the array using positive AND
+ * negative indexes.
*
* Pictorially: (each element is 8 bytes)
* H | H0 H1 H2 H3 H4 W0 W1 W2 W3 W4 W5 W6 W7 W8 W9 Wa Wb Wc Wd We Wf |
* X |-11-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 |
- *
- * The byte offset from X[0] to any member of H and W is always
- * representable in a signed 8-bit value, which will be encoded
- * as a single byte offset in the X86-64 instruction set.
- * If we didn't pass the address of H[11], and instead passed the
+ *
+ * The byte offset from X[0] to any member of H and W is always
+ * representable in a signed 8-bit value, which will be encoded
+ * as a single byte offset in the X86-64 instruction set.
+ * If we didn't pass the address of H[11], and instead passed the
* address of H[0], the offsets to elements H[16] and above would be
- * greater than 127, not representable in a signed 8-bit value, and the
- * x86-64 instruction set would encode every such offset as a 32-bit
- * signed number in each instruction that accessed element H[16] or
- * higher. This results in much bigger and slower code.
+ * greater than 127, not representable in a signed 8-bit value, and the
+ * x86-64 instruction set would encode every such offset as a 32-bit
+ * signed number in each instruction that accessed element H[16] or
+ * higher. This results in much bigger and slower code.
*/
#if !defined(SHA_PUT_W_IN_STACK)
#define H2X 11 /* X[0] is H[11], and H[0] is X[-11] */
-#define W2X 6 /* X[0] is W[6], and W[0] is X[-6] */
+#define W2X 6 /* X[0] is W[6], and W[0] is X[-6] */
#else
#define H2X 0
#endif
@@ -87,96 +86,95 @@ SHA1_Begin(SHA1Context *ctx)
/*
* SHA: Add data to context.
*/
-void
-SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
+void
+SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
{
- register unsigned int lenB;
- register unsigned int togo;
+ register unsigned int lenB;
+ register unsigned int togo;
- if (!len)
- return;
+ if (!len)
+ return;
- /* accumulate the byte count. */
- lenB = (unsigned int)(ctx->size) & 63U;
+ /* accumulate the byte count. */
+ lenB = (unsigned int)(ctx->size) & 63U;
- ctx->size += len;
+ ctx->size += len;
- /*
+ /*
* Read the data into W and process blocks as they get full
*/
- if (lenB > 0) {
- togo = 64U - lenB;
- if (len < togo)
- togo = len;
- memcpy(ctx->B + lenB, dataIn, togo);
- len -= togo;
- dataIn += togo;
- lenB = (lenB + togo) & 63U;
- if (!lenB) {
- shaCompress(&ctx->H[H2X], ctx->W);
+ if (lenB > 0) {
+ togo = 64U - lenB;
+ if (len < togo)
+ togo = len;
+ memcpy(ctx->B + lenB, dataIn, togo);
+ len -= togo;
+ dataIn += togo;
+ lenB = (lenB + togo) & 63U;
+ if (!lenB) {
+ shaCompress(&ctx->H[H2X], ctx->W);
+ }
}
- }
#if !defined(SHA_ALLOW_UNALIGNED_ACCESS)
- if ((ptrdiff_t)dataIn % sizeof(PRUint32)) {
- while (len >= 64U) {
- memcpy(ctx->B, dataIn, 64);
- len -= 64U;
- shaCompress(&ctx->H[H2X], ctx->W);
- dataIn += 64U;
- }
- } else
+ if ((ptrdiff_t)dataIn % sizeof(PRUint32)) {
+ while (len >= 64U) {
+ memcpy(ctx->B, dataIn, 64);
+ len -= 64U;
+ shaCompress(&ctx->H[H2X], ctx->W);
+ dataIn += 64U;
+ }
+ } else
#endif
- {
- while (len >= 64U) {
- len -= 64U;
- shaCompress(&ctx->H[H2X], (PRUint32 *)dataIn);
- dataIn += 64U;
+ {
+ while (len >= 64U) {
+ len -= 64U;
+ shaCompress(&ctx->H[H2X], (PRUint32 *)dataIn);
+ dataIn += 64U;
+ }
+ }
+ if (len) {
+ memcpy(ctx->B, dataIn, len);
}
- }
- if (len) {
- memcpy(ctx->B, dataIn, len);
- }
}
-
/*
* SHA: Generate hash value from context
*/
-void
+void
SHA1_End(SHA1Context *ctx, unsigned char *hashout,
unsigned int *pDigestLen, unsigned int maxDigestLen)
{
- register PRUint64 size;
- register PRUint32 lenB;
+ register PRUint64 size;
+ register PRUint32 lenB;
- static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
+ static const unsigned char bulk_pad[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
#define tmp lenB
- PORT_Assert (maxDigestLen >= SHA1_LENGTH);
+ PORT_Assert(maxDigestLen >= SHA1_LENGTH);
- /*
+ /*
* Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits
*/
- size = ctx->size;
-
- lenB = (PRUint32)size & 63;
- SHA1_Update(ctx, bulk_pad, (((55+64) - lenB) & 63) + 1);
- PORT_Assert(((PRUint32)ctx->size & 63) == 56);
- /* Convert size from bytes to bits. */
- size <<= 3;
- ctx->W[14] = SHA_HTONL((PRUint32)(size >> 32));
- ctx->W[15] = SHA_HTONL((PRUint32)size);
- shaCompress(&ctx->H[H2X], ctx->W);
-
- /*
- * Output hash
- */
- SHA_STORE_RESULT;
- if (pDigestLen) {
- *pDigestLen = SHA1_LENGTH;
- }
+ size = ctx->size;
+
+ lenB = (PRUint32)size & 63;
+ SHA1_Update(ctx, bulk_pad, (((55 + 64) - lenB) & 63) + 1);
+ PORT_Assert(((PRUint32)ctx->size & 63) == 56);
+ /* Convert size from bytes to bits. */
+ size <<= 3;
+ ctx->W[14] = SHA_HTONL((PRUint32)(size >> 32));
+ ctx->W[15] = SHA_HTONL((PRUint32)size);
+ shaCompress(&ctx->H[H2X], ctx->W);
+
+ /*
+ * Output hash
+ */
+ SHA_STORE_RESULT;
+ if (pDigestLen) {
+ *pDigestLen = SHA1_LENGTH;
+ }
#undef tmp
}
@@ -185,13 +183,13 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout,
unsigned int *pDigestLen, unsigned int maxDigestLen)
{
#if defined(SHA_NEED_TMP_VARIABLE)
- register PRUint32 tmp;
+ register PRUint32 tmp;
#endif
- PORT_Assert (maxDigestLen >= SHA1_LENGTH);
+ PORT_Assert(maxDigestLen >= SHA1_LENGTH);
- SHA_STORE_RESULT;
- if (pDigestLen)
- *pDigestLen = SHA1_LENGTH;
+ SHA_STORE_RESULT;
+ if (pDigestLen)
+ *pDigestLen = SHA1_LENGTH;
}
#undef B
@@ -207,26 +205,26 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout,
* of them as being done in 16 groups of 5 operations). They are
* done by the SHA_RNDx macros below, in the right column.
*
- * The functions that set the 16 values of the W array are done in
- * 5 groups of 16 operations. The first group is done by the
+ * The functions that set the 16 values of the W array are done in
+ * 5 groups of 16 operations. The first group is done by the
* LOAD macros below, the latter 4 groups are done by SHA_MIX below,
* in the left column.
*
* gcc's optimizer observes that each member of the W array is assigned
- * a value 5 times in this code. It reduces the number of store
+ * a value 5 times in this code. It reduces the number of store
* operations done to the W array in the context (that is, in the X array)
- * by creating a W array on the stack, and storing the W values there for
- * the first 4 groups of operations on W, and storing the values in the
+ * by creating a W array on the stack, and storing the W values there for
+ * the first 4 groups of operations on W, and storing the values in the
* context's W array only in the fifth group. This is undesirable.
- * It is MUCH bigger code than simply using the context's W array, because
- * all the offsets to the W array in the stack are 32-bit signed offsets,
- * and it is no faster than storing the values in the context's W array.
+ * It is MUCH bigger code than simply using the context's W array, because
+ * all the offsets to the W array in the stack are 32-bit signed offsets,
+ * and it is no faster than storing the values in the context's W array.
*
- * The original code for sha_fast.c prevented this creation of a separate
+ * The original code for sha_fast.c prevented this creation of a separate
* W array in the stack by creating a W array of 80 members, each of
* whose elements is assigned only once. It also separated the computations
* of the W array values and the computations of the values for the 5
- * state variables into two separate passes, W's, then A-E's so that the
+ * state variables into two separate passes, W's, then A-E's so that the
* second pass could be done all in registers (except for accessing the W
* array) on machines with fewer registers. The method is suboptimal
* for machines with enough registers to do it all in one pass, and it
@@ -242,22 +240,22 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout,
* results in code that is 3 times faster than the previous NSS sha_fast
* code on AMD64.
*/
-static void
-shaCompress(volatile SHA_HW_t *X, const PRUint32 *inbuf)
+static void
+shaCompress(volatile SHA_HW_t *X, const PRUint32 *inbuf)
{
- register SHA_HW_t A, B, C, D, E;
+ register SHA_HW_t A, B, C, D, E;
#if defined(SHA_NEED_TMP_VARIABLE)
- register PRUint32 tmp;
+ register PRUint32 tmp;
#endif
#if !defined(SHA_PUT_W_IN_STACK)
-#define XH(n) X[n-H2X]
-#define XW(n) X[n-W2X]
+#define XH(n) X[n - H2X]
+#define XW(n) X[n - W2X]
#else
- SHA_HW_t w_0, w_1, w_2, w_3, w_4, w_5, w_6, w_7,
- w_8, w_9, w_10, w_11, w_12, w_13, w_14, w_15;
-#define XW(n) w_ ## n
+ SHA_HW_t w_0, w_1, w_2, w_3, w_4, w_5, w_6, w_7,
+ w_8, w_9, w_10, w_11, w_12, w_13, w_14, w_15;
+#define XW(n) w_##n
#define XH(n) X[n]
#endif
@@ -266,116 +264,200 @@ shaCompress(volatile SHA_HW_t *X, const PRUint32 *inbuf)
#define K2 0x8f1bbcdcL
#define K3 0xca62c1d6L
-#define SHA_RND1(a,b,c,d,e,n) \
- a = SHA_ROTL(b,5)+SHA_F1(c,d,e)+a+XW(n)+K0; c=SHA_ROTL(c,30)
-#define SHA_RND2(a,b,c,d,e,n) \
- a = SHA_ROTL(b,5)+SHA_F2(c,d,e)+a+XW(n)+K1; c=SHA_ROTL(c,30)
-#define SHA_RND3(a,b,c,d,e,n) \
- a = SHA_ROTL(b,5)+SHA_F3(c,d,e)+a+XW(n)+K2; c=SHA_ROTL(c,30)
-#define SHA_RND4(a,b,c,d,e,n) \
- a = SHA_ROTL(b,5)+SHA_F4(c,d,e)+a+XW(n)+K3; c=SHA_ROTL(c,30)
+#define SHA_RND1(a, b, c, d, e, n) \
+ a = SHA_ROTL(b, 5) + SHA_F1(c, d, e) + a + XW(n) + K0; \
+ c = SHA_ROTL(c, 30)
+#define SHA_RND2(a, b, c, d, e, n) \
+ a = SHA_ROTL(b, 5) + SHA_F2(c, d, e) + a + XW(n) + K1; \
+ c = SHA_ROTL(c, 30)
+#define SHA_RND3(a, b, c, d, e, n) \
+ a = SHA_ROTL(b, 5) + SHA_F3(c, d, e) + a + XW(n) + K2; \
+ c = SHA_ROTL(c, 30)
+#define SHA_RND4(a, b, c, d, e, n) \
+ a = SHA_ROTL(b, 5) + SHA_F4(c, d, e) + a + XW(n) + K3; \
+ c = SHA_ROTL(c, 30)
#define LOAD(n) XW(n) = SHA_HTONL(inbuf[n])
- A = XH(0);
- B = XH(1);
- C = XH(2);
- D = XH(3);
- E = XH(4);
-
- LOAD(0); SHA_RND1(E,A,B,C,D, 0);
- LOAD(1); SHA_RND1(D,E,A,B,C, 1);
- LOAD(2); SHA_RND1(C,D,E,A,B, 2);
- LOAD(3); SHA_RND1(B,C,D,E,A, 3);
- LOAD(4); SHA_RND1(A,B,C,D,E, 4);
- LOAD(5); SHA_RND1(E,A,B,C,D, 5);
- LOAD(6); SHA_RND1(D,E,A,B,C, 6);
- LOAD(7); SHA_RND1(C,D,E,A,B, 7);
- LOAD(8); SHA_RND1(B,C,D,E,A, 8);
- LOAD(9); SHA_RND1(A,B,C,D,E, 9);
- LOAD(10); SHA_RND1(E,A,B,C,D,10);
- LOAD(11); SHA_RND1(D,E,A,B,C,11);
- LOAD(12); SHA_RND1(C,D,E,A,B,12);
- LOAD(13); SHA_RND1(B,C,D,E,A,13);
- LOAD(14); SHA_RND1(A,B,C,D,E,14);
- LOAD(15); SHA_RND1(E,A,B,C,D,15);
-
- SHA_MIX( 0, 13, 8, 2); SHA_RND1(D,E,A,B,C, 0);
- SHA_MIX( 1, 14, 9, 3); SHA_RND1(C,D,E,A,B, 1);
- SHA_MIX( 2, 15, 10, 4); SHA_RND1(B,C,D,E,A, 2);
- SHA_MIX( 3, 0, 11, 5); SHA_RND1(A,B,C,D,E, 3);
-
- SHA_MIX( 4, 1, 12, 6); SHA_RND2(E,A,B,C,D, 4);
- SHA_MIX( 5, 2, 13, 7); SHA_RND2(D,E,A,B,C, 5);
- SHA_MIX( 6, 3, 14, 8); SHA_RND2(C,D,E,A,B, 6);
- SHA_MIX( 7, 4, 15, 9); SHA_RND2(B,C,D,E,A, 7);
- SHA_MIX( 8, 5, 0, 10); SHA_RND2(A,B,C,D,E, 8);
- SHA_MIX( 9, 6, 1, 11); SHA_RND2(E,A,B,C,D, 9);
- SHA_MIX(10, 7, 2, 12); SHA_RND2(D,E,A,B,C,10);
- SHA_MIX(11, 8, 3, 13); SHA_RND2(C,D,E,A,B,11);
- SHA_MIX(12, 9, 4, 14); SHA_RND2(B,C,D,E,A,12);
- SHA_MIX(13, 10, 5, 15); SHA_RND2(A,B,C,D,E,13);
- SHA_MIX(14, 11, 6, 0); SHA_RND2(E,A,B,C,D,14);
- SHA_MIX(15, 12, 7, 1); SHA_RND2(D,E,A,B,C,15);
-
- SHA_MIX( 0, 13, 8, 2); SHA_RND2(C,D,E,A,B, 0);
- SHA_MIX( 1, 14, 9, 3); SHA_RND2(B,C,D,E,A, 1);
- SHA_MIX( 2, 15, 10, 4); SHA_RND2(A,B,C,D,E, 2);
- SHA_MIX( 3, 0, 11, 5); SHA_RND2(E,A,B,C,D, 3);
- SHA_MIX( 4, 1, 12, 6); SHA_RND2(D,E,A,B,C, 4);
- SHA_MIX( 5, 2, 13, 7); SHA_RND2(C,D,E,A,B, 5);
- SHA_MIX( 6, 3, 14, 8); SHA_RND2(B,C,D,E,A, 6);
- SHA_MIX( 7, 4, 15, 9); SHA_RND2(A,B,C,D,E, 7);
-
- SHA_MIX( 8, 5, 0, 10); SHA_RND3(E,A,B,C,D, 8);
- SHA_MIX( 9, 6, 1, 11); SHA_RND3(D,E,A,B,C, 9);
- SHA_MIX(10, 7, 2, 12); SHA_RND3(C,D,E,A,B,10);
- SHA_MIX(11, 8, 3, 13); SHA_RND3(B,C,D,E,A,11);
- SHA_MIX(12, 9, 4, 14); SHA_RND3(A,B,C,D,E,12);
- SHA_MIX(13, 10, 5, 15); SHA_RND3(E,A,B,C,D,13);
- SHA_MIX(14, 11, 6, 0); SHA_RND3(D,E,A,B,C,14);
- SHA_MIX(15, 12, 7, 1); SHA_RND3(C,D,E,A,B,15);
-
- SHA_MIX( 0, 13, 8, 2); SHA_RND3(B,C,D,E,A, 0);
- SHA_MIX( 1, 14, 9, 3); SHA_RND3(A,B,C,D,E, 1);
- SHA_MIX( 2, 15, 10, 4); SHA_RND3(E,A,B,C,D, 2);
- SHA_MIX( 3, 0, 11, 5); SHA_RND3(D,E,A,B,C, 3);
- SHA_MIX( 4, 1, 12, 6); SHA_RND3(C,D,E,A,B, 4);
- SHA_MIX( 5, 2, 13, 7); SHA_RND3(B,C,D,E,A, 5);
- SHA_MIX( 6, 3, 14, 8); SHA_RND3(A,B,C,D,E, 6);
- SHA_MIX( 7, 4, 15, 9); SHA_RND3(E,A,B,C,D, 7);
- SHA_MIX( 8, 5, 0, 10); SHA_RND3(D,E,A,B,C, 8);
- SHA_MIX( 9, 6, 1, 11); SHA_RND3(C,D,E,A,B, 9);
- SHA_MIX(10, 7, 2, 12); SHA_RND3(B,C,D,E,A,10);
- SHA_MIX(11, 8, 3, 13); SHA_RND3(A,B,C,D,E,11);
-
- SHA_MIX(12, 9, 4, 14); SHA_RND4(E,A,B,C,D,12);
- SHA_MIX(13, 10, 5, 15); SHA_RND4(D,E,A,B,C,13);
- SHA_MIX(14, 11, 6, 0); SHA_RND4(C,D,E,A,B,14);
- SHA_MIX(15, 12, 7, 1); SHA_RND4(B,C,D,E,A,15);
-
- SHA_MIX( 0, 13, 8, 2); SHA_RND4(A,B,C,D,E, 0);
- SHA_MIX( 1, 14, 9, 3); SHA_RND4(E,A,B,C,D, 1);
- SHA_MIX( 2, 15, 10, 4); SHA_RND4(D,E,A,B,C, 2);
- SHA_MIX( 3, 0, 11, 5); SHA_RND4(C,D,E,A,B, 3);
- SHA_MIX( 4, 1, 12, 6); SHA_RND4(B,C,D,E,A, 4);
- SHA_MIX( 5, 2, 13, 7); SHA_RND4(A,B,C,D,E, 5);
- SHA_MIX( 6, 3, 14, 8); SHA_RND4(E,A,B,C,D, 6);
- SHA_MIX( 7, 4, 15, 9); SHA_RND4(D,E,A,B,C, 7);
- SHA_MIX( 8, 5, 0, 10); SHA_RND4(C,D,E,A,B, 8);
- SHA_MIX( 9, 6, 1, 11); SHA_RND4(B,C,D,E,A, 9);
- SHA_MIX(10, 7, 2, 12); SHA_RND4(A,B,C,D,E,10);
- SHA_MIX(11, 8, 3, 13); SHA_RND4(E,A,B,C,D,11);
- SHA_MIX(12, 9, 4, 14); SHA_RND4(D,E,A,B,C,12);
- SHA_MIX(13, 10, 5, 15); SHA_RND4(C,D,E,A,B,13);
- SHA_MIX(14, 11, 6, 0); SHA_RND4(B,C,D,E,A,14);
- SHA_MIX(15, 12, 7, 1); SHA_RND4(A,B,C,D,E,15);
-
- XH(0) += A;
- XH(1) += B;
- XH(2) += C;
- XH(3) += D;
- XH(4) += E;
+ A = XH(0);
+ B = XH(1);
+ C = XH(2);
+ D = XH(3);
+ E = XH(4);
+
+ LOAD(0);
+ SHA_RND1(E, A, B, C, D, 0);
+ LOAD(1);
+ SHA_RND1(D, E, A, B, C, 1);
+ LOAD(2);
+ SHA_RND1(C, D, E, A, B, 2);
+ LOAD(3);
+ SHA_RND1(B, C, D, E, A, 3);
+ LOAD(4);
+ SHA_RND1(A, B, C, D, E, 4);
+ LOAD(5);
+ SHA_RND1(E, A, B, C, D, 5);
+ LOAD(6);
+ SHA_RND1(D, E, A, B, C, 6);
+ LOAD(7);
+ SHA_RND1(C, D, E, A, B, 7);
+ LOAD(8);
+ SHA_RND1(B, C, D, E, A, 8);
+ LOAD(9);
+ SHA_RND1(A, B, C, D, E, 9);
+ LOAD(10);
+ SHA_RND1(E, A, B, C, D, 10);
+ LOAD(11);
+ SHA_RND1(D, E, A, B, C, 11);
+ LOAD(12);
+ SHA_RND1(C, D, E, A, B, 12);
+ LOAD(13);
+ SHA_RND1(B, C, D, E, A, 13);
+ LOAD(14);
+ SHA_RND1(A, B, C, D, E, 14);
+ LOAD(15);
+ SHA_RND1(E, A, B, C, D, 15);
+
+ SHA_MIX(0, 13, 8, 2);
+ SHA_RND1(D, E, A, B, C, 0);
+ SHA_MIX(1, 14, 9, 3);
+ SHA_RND1(C, D, E, A, B, 1);
+ SHA_MIX(2, 15, 10, 4);
+ SHA_RND1(B, C, D, E, A, 2);
+ SHA_MIX(3, 0, 11, 5);
+ SHA_RND1(A, B, C, D, E, 3);
+
+ SHA_MIX(4, 1, 12, 6);
+ SHA_RND2(E, A, B, C, D, 4);
+ SHA_MIX(5, 2, 13, 7);
+ SHA_RND2(D, E, A, B, C, 5);
+ SHA_MIX(6, 3, 14, 8);
+ SHA_RND2(C, D, E, A, B, 6);
+ SHA_MIX(7, 4, 15, 9);
+ SHA_RND2(B, C, D, E, A, 7);
+ SHA_MIX(8, 5, 0, 10);
+ SHA_RND2(A, B, C, D, E, 8);
+ SHA_MIX(9, 6, 1, 11);
+ SHA_RND2(E, A, B, C, D, 9);
+ SHA_MIX(10, 7, 2, 12);
+ SHA_RND2(D, E, A, B, C, 10);
+ SHA_MIX(11, 8, 3, 13);
+ SHA_RND2(C, D, E, A, B, 11);
+ SHA_MIX(12, 9, 4, 14);
+ SHA_RND2(B, C, D, E, A, 12);
+ SHA_MIX(13, 10, 5, 15);
+ SHA_RND2(A, B, C, D, E, 13);
+ SHA_MIX(14, 11, 6, 0);
+ SHA_RND2(E, A, B, C, D, 14);
+ SHA_MIX(15, 12, 7, 1);
+ SHA_RND2(D, E, A, B, C, 15);
+
+ SHA_MIX(0, 13, 8, 2);
+ SHA_RND2(C, D, E, A, B, 0);
+ SHA_MIX(1, 14, 9, 3);
+ SHA_RND2(B, C, D, E, A, 1);
+ SHA_MIX(2, 15, 10, 4);
+ SHA_RND2(A, B, C, D, E, 2);
+ SHA_MIX(3, 0, 11, 5);
+ SHA_RND2(E, A, B, C, D, 3);
+ SHA_MIX(4, 1, 12, 6);
+ SHA_RND2(D, E, A, B, C, 4);
+ SHA_MIX(5, 2, 13, 7);
+ SHA_RND2(C, D, E, A, B, 5);
+ SHA_MIX(6, 3, 14, 8);
+ SHA_RND2(B, C, D, E, A, 6);
+ SHA_MIX(7, 4, 15, 9);
+ SHA_RND2(A, B, C, D, E, 7);
+
+ SHA_MIX(8, 5, 0, 10);
+ SHA_RND3(E, A, B, C, D, 8);
+ SHA_MIX(9, 6, 1, 11);
+ SHA_RND3(D, E, A, B, C, 9);
+ SHA_MIX(10, 7, 2, 12);
+ SHA_RND3(C, D, E, A, B, 10);
+ SHA_MIX(11, 8, 3, 13);
+ SHA_RND3(B, C, D, E, A, 11);
+ SHA_MIX(12, 9, 4, 14);
+ SHA_RND3(A, B, C, D, E, 12);
+ SHA_MIX(13, 10, 5, 15);
+ SHA_RND3(E, A, B, C, D, 13);
+ SHA_MIX(14, 11, 6, 0);
+ SHA_RND3(D, E, A, B, C, 14);
+ SHA_MIX(15, 12, 7, 1);
+ SHA_RND3(C, D, E, A, B, 15);
+
+ SHA_MIX(0, 13, 8, 2);
+ SHA_RND3(B, C, D, E, A, 0);
+ SHA_MIX(1, 14, 9, 3);
+ SHA_RND3(A, B, C, D, E, 1);
+ SHA_MIX(2, 15, 10, 4);
+ SHA_RND3(E, A, B, C, D, 2);
+ SHA_MIX(3, 0, 11, 5);
+ SHA_RND3(D, E, A, B, C, 3);
+ SHA_MIX(4, 1, 12, 6);
+ SHA_RND3(C, D, E, A, B, 4);
+ SHA_MIX(5, 2, 13, 7);
+ SHA_RND3(B, C, D, E, A, 5);
+ SHA_MIX(6, 3, 14, 8);
+ SHA_RND3(A, B, C, D, E, 6);
+ SHA_MIX(7, 4, 15, 9);
+ SHA_RND3(E, A, B, C, D, 7);
+ SHA_MIX(8, 5, 0, 10);
+ SHA_RND3(D, E, A, B, C, 8);
+ SHA_MIX(9, 6, 1, 11);
+ SHA_RND3(C, D, E, A, B, 9);
+ SHA_MIX(10, 7, 2, 12);
+ SHA_RND3(B, C, D, E, A, 10);
+ SHA_MIX(11, 8, 3, 13);
+ SHA_RND3(A, B, C, D, E, 11);
+
+ SHA_MIX(12, 9, 4, 14);
+ SHA_RND4(E, A, B, C, D, 12);
+ SHA_MIX(13, 10, 5, 15);
+ SHA_RND4(D, E, A, B, C, 13);
+ SHA_MIX(14, 11, 6, 0);
+ SHA_RND4(C, D, E, A, B, 14);
+ SHA_MIX(15, 12, 7, 1);
+ SHA_RND4(B, C, D, E, A, 15);
+
+ SHA_MIX(0, 13, 8, 2);
+ SHA_RND4(A, B, C, D, E, 0);
+ SHA_MIX(1, 14, 9, 3);
+ SHA_RND4(E, A, B, C, D, 1);
+ SHA_MIX(2, 15, 10, 4);
+ SHA_RND4(D, E, A, B, C, 2);
+ SHA_MIX(3, 0, 11, 5);
+ SHA_RND4(C, D, E, A, B, 3);
+ SHA_MIX(4, 1, 12, 6);
+ SHA_RND4(B, C, D, E, A, 4);
+ SHA_MIX(5, 2, 13, 7);
+ SHA_RND4(A, B, C, D, E, 5);
+ SHA_MIX(6, 3, 14, 8);
+ SHA_RND4(E, A, B, C, D, 6);
+ SHA_MIX(7, 4, 15, 9);
+ SHA_RND4(D, E, A, B, C, 7);
+ SHA_MIX(8, 5, 0, 10);
+ SHA_RND4(C, D, E, A, B, 8);
+ SHA_MIX(9, 6, 1, 11);
+ SHA_RND4(B, C, D, E, A, 9);
+ SHA_MIX(10, 7, 2, 12);
+ SHA_RND4(A, B, C, D, E, 10);
+ SHA_MIX(11, 8, 3, 13);
+ SHA_RND4(E, A, B, C, D, 11);
+ SHA_MIX(12, 9, 4, 14);
+ SHA_RND4(D, E, A, B, C, 12);
+ SHA_MIX(13, 10, 5, 15);
+ SHA_RND4(C, D, E, A, B, 13);
+ SHA_MIX(14, 11, 6, 0);
+ SHA_RND4(B, C, D, E, A, 14);
+ SHA_MIX(15, 12, 7, 1);
+ SHA_RND4(A, B, C, D, E, 15);
+
+ XH(0) += A;
+ XH(1) += B;
+ XH(2) += C;
+ XH(3) += D;
+ XH(4) += E;
}
/*************************************************************************
@@ -419,7 +501,7 @@ SHA1_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
SECStatus
SHA1_Hash(unsigned char *dest, const char *src)
{
- return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen (src));
+ return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
/*
@@ -433,23 +515,25 @@ SHA1_FlattenSize(SHA1Context *cx)
}
SECStatus
-SHA1_Flatten(SHA1Context *cx,unsigned char *space)
+SHA1_Flatten(SHA1Context *cx, unsigned char *space)
{
- PORT_Memcpy(space,cx, sizeof(SHA1Context));
+ PORT_Memcpy(space, cx, sizeof(SHA1Context));
return SECSuccess;
}
SHA1Context *
-SHA1_Resurrect(unsigned char *space,void *arg)
+SHA1_Resurrect(unsigned char *space, void *arg)
{
SHA1Context *cx = SHA1_NewContext();
- if (cx == NULL) return NULL;
+ if (cx == NULL)
+ return NULL;
- PORT_Memcpy(cx,space, sizeof(SHA1Context));
+ PORT_Memcpy(cx, space, sizeof(SHA1Context));
return cx;
}
-void SHA1_Clone(SHA1Context *dest, SHA1Context *src)
+void
+SHA1_Clone(SHA1Context *dest, SHA1Context *src)
{
memcpy(dest, src, sizeof *dest);
}
diff --git a/lib/freebl/sha_fast.h b/lib/freebl/sha_fast.h
index 256e1900d..9acb3cc37 100644
--- a/lib/freebl/sha_fast.h
+++ b/lib/freebl/sha_fast.h
@@ -9,7 +9,7 @@
#define SHA1_INPUT_LEN 64
-#if defined(IS_64) && !defined(__sparc)
+#if defined(IS_64) && !defined(__sparc)
typedef PRUint64 SHA_HW_t;
#define SHA1_USING_64_BIT 1
#else
@@ -17,17 +17,17 @@ typedef PRUint32 SHA_HW_t;
#endif
struct SHA1ContextStr {
- union {
- PRUint32 w[16]; /* input buffer */
- PRUint8 b[64];
- } u;
- PRUint64 size; /* count of hashed bytes. */
- SHA_HW_t H[22]; /* 5 state variables, 16 tmp values, 1 extra */
+ union {
+ PRUint32 w[16]; /* input buffer */
+ PRUint8 b[64];
+ } u;
+ PRUint64 size; /* count of hashed bytes. */
+ SHA_HW_t H[22]; /* 5 state variables, 16 tmp values, 1 extra */
};
#if defined(_MSC_VER)
#include <stdlib.h>
-#if defined(IS_LITTLE_ENDIAN)
+#if defined(IS_LITTLE_ENDIAN)
#if (_MSC_VER >= 1300)
#pragma intrinsic(_byteswap_ulong)
#define SHA_HTONL(x) _byteswap_ulong(x)
@@ -41,8 +41,8 @@ struct SHA1ContextStr {
#endif /* !defined FORCEINLINE */
#define FASTCALL __fastcall
-static FORCEINLINE PRUint32 FASTCALL
-swap4b(PRUint32 dwd)
+static FORCEINLINE PRUint32 FASTCALL
+swap4b(PRUint32 dwd)
{
__asm {
mov eax,dwd
@@ -54,21 +54,23 @@ swap4b(PRUint32 dwd)
#endif /* NSS_X86_OR_X64 */
#endif /* IS_LITTLE_ENDIAN */
-#pragma intrinsic (_lrotr, _lrotl)
-#define SHA_ROTL(x,n) _lrotl(x,n)
+#pragma intrinsic(_lrotr, _lrotl)
+#define SHA_ROTL(x, n) _lrotl(x, n)
#define SHA_ROTL_IS_DEFINED 1
#endif /* _MSC_VER */
-#if defined(__GNUC__)
+#if defined(__GNUC__)
/* __x86_64__ and __x86_64 are defined by GCC on x86_64 CPUs */
-#if defined( SHA1_USING_64_BIT )
-static __inline__ PRUint64 SHA_ROTL(PRUint64 x, PRUint32 n)
+#if defined(SHA1_USING_64_BIT)
+static __inline__ PRUint64
+SHA_ROTL(PRUint64 x, PRUint32 n)
{
PRUint32 t = (PRUint32)x;
return ((t << n) | (t >> (32 - n)));
}
-#else
-static __inline__ PRUint32 SHA_ROTL(PRUint32 t, PRUint32 n)
+#else
+static __inline__ PRUint32
+SHA_ROTL(PRUint32 t, PRUint32 n)
{
return ((t << n) | (t >> (32 - n)));
}
@@ -76,28 +78,33 @@ static __inline__ PRUint32 SHA_ROTL(PRUint32 t, PRUint32 n)
#define SHA_ROTL_IS_DEFINED 1
#if defined(NSS_X86_OR_X64)
-static __inline__ PRUint32 swap4b(PRUint32 value)
+static __inline__ PRUint32
+swap4b(PRUint32 value)
{
- __asm__("bswap %0" : "+r" (value));
+ __asm__("bswap %0"
+ : "+r"(value));
return (value);
}
#define SHA_HTONL(x) swap4b(x)
-#elif defined(__thumb2__) || \
- (!defined(__thumb__) && \
- (defined(__ARM_ARCH_6__) || \
- defined(__ARM_ARCH_6J__) || \
- defined(__ARM_ARCH_6K__) || \
- defined(__ARM_ARCH_6Z__) || \
- defined(__ARM_ARCH_6ZK__) || \
- defined(__ARM_ARCH_6T2__) || \
- defined(__ARM_ARCH_7__) || \
- defined(__ARM_ARCH_7A__) || \
- defined(__ARM_ARCH_7R__)))
-static __inline__ PRUint32 swap4b(PRUint32 value)
+#elif defined(__thumb2__) || \
+ (!defined(__thumb__) && \
+ (defined(__ARM_ARCH_6__) || \
+ defined(__ARM_ARCH_6J__) || \
+ defined(__ARM_ARCH_6K__) || \
+ defined(__ARM_ARCH_6Z__) || \
+ defined(__ARM_ARCH_6ZK__) || \
+ defined(__ARM_ARCH_6T2__) || \
+ defined(__ARM_ARCH_7__) || \
+ defined(__ARM_ARCH_7A__) || \
+ defined(__ARM_ARCH_7R__)))
+static __inline__ PRUint32
+swap4b(PRUint32 value)
{
PRUint32 ret;
- __asm__("rev %0, %1" : "=r" (ret) : "r"(value));
+ __asm__("rev %0, %1"
+ : "=r"(ret)
+ : "r"(value));
return ret;
}
#define SHA_HTONL(x) swap4b(x)
@@ -108,7 +115,7 @@ static __inline__ PRUint32 swap4b(PRUint32 value)
#if !defined(SHA_ROTL_IS_DEFINED)
#define SHA_NEED_TMP_VARIABLE 1
-#define SHA_ROTL(X,n) (tmp = (X), ((tmp) << (n)) | ((tmp) >> (32-(n))))
+#define SHA_ROTL(X, n) (tmp = (X), ((tmp) << (n)) | ((tmp) >> (32 - (n))))
#endif
#if defined(NSS_X86_OR_X64)
@@ -116,14 +123,14 @@ static __inline__ PRUint32 swap4b(PRUint32 value)
#endif
#if !defined(SHA_HTONL)
-#define SHA_MASK 0x00FF00FF
+#define SHA_MASK 0x00FF00FF
#if defined(IS_LITTLE_ENDIAN)
-#undef SHA_NEED_TMP_VARIABLE
+#undef SHA_NEED_TMP_VARIABLE
#define SHA_NEED_TMP_VARIABLE 1
-#define SHA_HTONL(x) (tmp = (x), tmp = (tmp << 16) | (tmp >> 16), \
- ((tmp & SHA_MASK) << 8) | ((tmp >> 8) & SHA_MASK))
+#define SHA_HTONL(x) (tmp = (x), tmp = (tmp << 16) | (tmp >> 16), \
+ ((tmp & SHA_MASK) << 8) | ((tmp >> 8) & SHA_MASK))
#else
-#define SHA_HTONL(x) (x)
+#define SHA_HTONL(x) (x)
#endif
#endif
@@ -132,41 +139,41 @@ static __inline__ PRUint32 swap4b(PRUint32 value)
#define SHA_STORE(n) ((PRUint32*)hashout)[n] = SHA_HTONL(ctx->H[n])
#if defined(SHA_ALLOW_UNALIGNED_ACCESS)
#define SHA_STORE_RESULT \
- SHA_STORE(0); \
- SHA_STORE(1); \
- SHA_STORE(2); \
- SHA_STORE(3); \
- SHA_STORE(4);
-
-#elif defined(IS_LITTLE_ENDIAN) || defined( SHA1_USING_64_BIT )
-#define SHA_STORE_RESULT \
- if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
- SHA_STORE(0); \
- SHA_STORE(1); \
- SHA_STORE(2); \
- SHA_STORE(3); \
- SHA_STORE(4); \
- } else { \
- PRUint32 tmpbuf[5]; \
- tmpbuf[0] = SHA_HTONL(ctx->H[0]); \
- tmpbuf[1] = SHA_HTONL(ctx->H[1]); \
- tmpbuf[2] = SHA_HTONL(ctx->H[2]); \
- tmpbuf[3] = SHA_HTONL(ctx->H[3]); \
- tmpbuf[4] = SHA_HTONL(ctx->H[4]); \
- memcpy(hashout, tmpbuf, SHA1_LENGTH); \
- }
+ SHA_STORE(0); \
+ SHA_STORE(1); \
+ SHA_STORE(2); \
+ SHA_STORE(3); \
+ SHA_STORE(4);
+
+#elif defined(IS_LITTLE_ENDIAN) || defined(SHA1_USING_64_BIT)
+#define SHA_STORE_RESULT \
+ if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
+ SHA_STORE(0); \
+ SHA_STORE(1); \
+ SHA_STORE(2); \
+ SHA_STORE(3); \
+ SHA_STORE(4); \
+ } else { \
+ PRUint32 tmpbuf[5]; \
+ tmpbuf[0] = SHA_HTONL(ctx->H[0]); \
+ tmpbuf[1] = SHA_HTONL(ctx->H[1]); \
+ tmpbuf[2] = SHA_HTONL(ctx->H[2]); \
+ tmpbuf[3] = SHA_HTONL(ctx->H[3]); \
+ tmpbuf[4] = SHA_HTONL(ctx->H[4]); \
+ memcpy(hashout, tmpbuf, SHA1_LENGTH); \
+ }
#else
-#define SHA_STORE_RESULT \
- if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
- SHA_STORE(0); \
- SHA_STORE(1); \
- SHA_STORE(2); \
- SHA_STORE(3); \
- SHA_STORE(4); \
- } else { \
- memcpy(hashout, ctx->H, SHA1_LENGTH); \
- }
-#endif
+#define SHA_STORE_RESULT \
+ if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
+ SHA_STORE(0); \
+ SHA_STORE(1); \
+ SHA_STORE(2); \
+ SHA_STORE(3); \
+ SHA_STORE(4); \
+ } else { \
+ memcpy(hashout, ctx->H, SHA1_LENGTH); \
+ }
+#endif
#endif /* _SHA_FAST_H_ */
diff --git a/lib/freebl/shsign.h b/lib/freebl/shsign.h
index 3a3d2f1c0..590c0e6b3 100644
--- a/lib/freebl/shsign.h
+++ b/lib/freebl/shsign.h
@@ -6,9 +6,9 @@
#define _SHSIGN_H_
#define SGN_SUFFIX ".chk"
-#define NSS_SIGN_CHK_MAGIC1 0xf1
-#define NSS_SIGN_CHK_MAGIC2 0xc5
-#define NSS_SIGN_CHK_MAJOR_VERSION 0x01
-#define NSS_SIGN_CHK_MINOR_VERSION 0x02
+#define NSS_SIGN_CHK_MAGIC1 0xf1
+#define NSS_SIGN_CHK_MAGIC2 0xc5
+#define NSS_SIGN_CHK_MAJOR_VERSION 0x01
+#define NSS_SIGN_CHK_MINOR_VERSION 0x02
#endif /* _SHSIGN_H_ */
diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
index 5a73a7ad7..af4a34fb0 100644
--- a/lib/freebl/shvfy.c
+++ b/lib/freebl/shvfy.c
@@ -29,7 +29,7 @@
* The modification of the shared library is correctly detected by the freebl
* FIPS checksum scheme where we check a signed hash of the library against the
* library itself.
- *
+ *
* The prelink command itself can reverse the process of modification and
* output the prestine shared library as it was before prelink made it's
* changes. If FREEBL_USE_PRELINK is set Freebl uses prelink to output the
@@ -50,10 +50,10 @@
/*
* This function returns an NSPR PRFileDesc * which the caller can read to
* obtain the prestine value of the shared library, before any OS related
- * changes to it (usually address fixups).
+ * changes to it (usually address fixups).
*
* If prelink is installed, this
- * file descriptor is a pipe connecting the output of
+ * file descriptor is a pipe connecting the output of
* /usr/sbin/prelink -u -o - {Library}
* and *pid returns the process id of the prelink child.
*
@@ -63,115 +63,121 @@
PRFileDesc *
bl_OpenUnPrelink(const char *shName, int *pid)
{
- char *command= strdup(FREEBL_PRELINK_COMMAND);
+ char *command = strdup(FREEBL_PRELINK_COMMAND);
char *argString = NULL;
- char **argv = NULL;
+ char **argv = NULL;
char *shNameArg = NULL;
char *cp;
pid_t child;
int argc = 0, argNext = 0;
struct stat statBuf;
- int pipefd[2] = {-1,-1};
+ int pipefd[2] = { -1, -1 };
int ret;
*pid = 0;
/* make sure the prelink command exists first. If not, fall back to
* just reading the file */
- for (cp = command; *cp ; cp++) {
- if (*cp == ' ') {
- *cp++ = 0;
- argString = cp;
- break;
+ for (cp = command; *cp; cp++) {
+ if (*cp == ' ') {
+ *cp++ = 0;
+ argString = cp;
+ break;
}
}
- memset (&statBuf, 0, sizeof(statBuf));
+ memset(&statBuf, 0, sizeof(statBuf));
/* stat the file, follow the link */
ret = stat(command, &statBuf);
if (ret < 0) {
- free(command);
- return PR_Open(shName, PR_RDONLY, 0);
+ free(command);
+ return PR_Open(shName, PR_RDONLY, 0);
}
/* file exits, make sure it's an executable */
- if (!S_ISREG(statBuf.st_mode) ||
- ((statBuf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) {
- free(command);
- return PR_Open(shName, PR_RDONLY, 0);
+ if (!S_ISREG(statBuf.st_mode) ||
+ ((statBuf.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)) {
+ free(command);
+ return PR_Open(shName, PR_RDONLY, 0);
}
/* OK, the prelink command exists and looks correct, use it */
/* build the arglist while we can still malloc */
/* count the args if any */
if (argString && *argString) {
- /* argString may have leading spaces, strip them off*/
- for (cp = argString; *cp && *cp == ' '; cp++);
- argString = cp;
- if (*cp) {
- /* there is at least one arg.. */
- argc = 1;
- }
+ /* argString may have leading spaces, strip them off*/
+ for (cp = argString; *cp && *cp == ' '; cp++)
+ ;
+ argString = cp;
+ if (*cp) {
+ /* there is at least one arg.. */
+ argc = 1;
+ }
/* count the rest: Note there is no provision for escaped
* spaces here */
- for (cp = argString; *cp ; cp++) {
- if (*cp == ' ') {
- while (*cp && *cp == ' ') cp++;
- if (*cp) argc++;
- }
- }
+ for (cp = argString; *cp; cp++) {
+ if (*cp == ' ') {
+ while (*cp && *cp == ' ')
+ cp++;
+ if (*cp)
+ argc++;
+ }
+ }
}
/* add the additional args: argv[0] (command), shName, NULL*/
argc += 3;
argv = PORT_NewArray(char *, argc);
if (argv == NULL) {
- goto loser;
+ goto loser;
}
/* fill in the arglist */
argv[argNext++] = command;
if (argString && *argString) {
- argv[argNext++] = argString;
- for (cp = argString; *cp; cp++) {
- if (*cp == ' ') {
- *cp++ = 0;
- while (*cp && *cp == ' ') cp++;
- if (*cp) argv[argNext++] = cp;
- }
- }
+ argv[argNext++] = argString;
+ for (cp = argString; *cp; cp++) {
+ if (*cp == ' ') {
+ *cp++ = 0;
+ while (*cp && *cp == ' ')
+ cp++;
+ if (*cp)
+ argv[argNext++] = cp;
+ }
+ }
}
/* exec doesn't advertise taking const char **argv, do the paranoid
* copy */
shNameArg = strdup(shName);
if (shNameArg == NULL) {
- goto loser;
+ goto loser;
}
argv[argNext++] = shNameArg;
argv[argNext++] = 0;
-
+
ret = pipe(pipefd);
if (ret < 0) {
- goto loser;
+ goto loser;
}
/* use vfork() so we don't trigger the pthread_at_fork() handlers */
child = vfork();
- if (child < 0) goto loser;
+ if (child < 0)
+ goto loser;
if (child == 0) {
- /* set up the file descriptors */
- /* if we need to support BSD, this will need to be an open of
- * /dev/null and dup2(nullFD, 0)*/
- close(0);
- /* associate pipefd[1] with stdout */
- if (pipefd[1] != 1) dup2(pipefd[1], 1);
- close(2);
- close(pipefd[0]);
- /* should probably close the other file descriptors? */
-
-
- execv(command, argv);
- /* avoid at_exit() handlers */
- _exit(1); /* shouldn't reach here except on an error */
+ /* set up the file descriptors */
+ /* if we need to support BSD, this will need to be an open of
+ * /dev/null and dup2(nullFD, 0)*/
+ close(0);
+ /* associate pipefd[1] with stdout */
+ if (pipefd[1] != 1)
+ dup2(pipefd[1], 1);
+ close(2);
+ close(pipefd[0]);
+ /* should probably close the other file descriptors? */
+
+ execv(command, argv);
+ /* avoid at_exit() handlers */
+ _exit(1); /* shouldn't reach here except on an error */
}
close(pipefd[1]);
pipefd[1] = -1;
@@ -189,10 +195,10 @@ bl_OpenUnPrelink(const char *shName, int *pid)
loser:
if (pipefd[0] != -1) {
- close(pipefd[0]);
+ close(pipefd[0]);
}
if (pipefd[1] != -1) {
- close(pipefd[1]);
+ close(pipefd[1]);
}
free(command);
free(shNameArg);
@@ -210,13 +216,13 @@ loser:
* from hanging around.
*/
void
-bl_CloseUnPrelink( PRFileDesc *file, int pid)
+bl_CloseUnPrelink(PRFileDesc *file, int pid)
{
/* close the file descriptor */
PR_Close(file);
/* reap the child */
if (pid) {
- waitpid(pid, NULL, 0);
+ waitpid(pid, NULL, 0);
}
}
#endif
@@ -227,16 +233,16 @@ static char *
mkCheckFileName(const char *libName)
{
int ln_len = PORT_Strlen(libName);
- char *output = PORT_Alloc(ln_len+sizeof(SGN_SUFFIX));
- int index = ln_len + 1 - sizeof("."SHLIB_SUFFIX);
+ char *output = PORT_Alloc(ln_len + sizeof(SGN_SUFFIX));
+ int index = ln_len + 1 - sizeof("." SHLIB_SUFFIX);
if ((index > 0) &&
(PORT_Strncmp(&libName[index],
- "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) {
+ "." SHLIB_SUFFIX, sizeof("." SHLIB_SUFFIX)) == 0)) {
ln_len = index;
}
- PORT_Memcpy(output,libName,ln_len);
- PORT_Memcpy(&output[ln_len],SGN_SUFFIX,sizeof(SGN_SUFFIX));
+ PORT_Memcpy(output, libName, ln_len);
+ PORT_Memcpy(&output[ln_len], SGN_SUFFIX, sizeof(SGN_SUFFIX));
return output;
}
@@ -252,24 +258,23 @@ readItem(PRFileDesc *fd, SECItem *item)
unsigned char buf[4];
int bytesRead;
-
bytesRead = PR_Read(fd, buf, 4);
if (bytesRead != 4) {
- return SECFailure;
+ return SECFailure;
}
item->len = decodeInt(buf);
item->data = PORT_Alloc(item->len);
if (item->data == NULL) {
- item->len = 0;
- return SECFailure;
+ item->len = 0;
+ return SECFailure;
}
bytesRead = PR_Read(fd, item->data, item->len);
if (bytesRead != item->len) {
- PORT_Free(item->data);
- item->data = NULL;
- item->len = 0;
- return SECFailure;
+ PORT_Free(item->data);
+ item->data = NULL;
+ item->len = 0;
+ return SECFailure;
}
return SECSuccess;
}
@@ -280,17 +285,17 @@ static PRBool
blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self)
{
PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
+ * the signature does not verify */
/* find our shared library name */
char *shName = PR_GetLibraryFilePathname(name, addr);
if (!shName) {
- goto loser;
+ goto loser;
}
result = blapi_SHVerifyFile(shName, self);
loser:
if (shName != NULL) {
- PR_Free(shName);
+ PR_Free(shName);
}
return result;
@@ -314,7 +319,7 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
char *checkName = NULL;
PRFileDesc *checkFD = NULL;
PRFileDesc *shFD = NULL;
- void *hashcx = NULL;
+ void *hashcx = NULL;
const SECHashObject *hashObj = NULL;
SECItem signature = { 0, NULL, 0 };
SECItem hash;
@@ -327,28 +332,28 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
#endif
PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
+ * the signature does not verify */
unsigned char buf[4096];
unsigned char hashBuf[HASH_LENGTH_MAX];
- PORT_Memset(&key,0,sizeof(key));
+ PORT_Memset(&key, 0, sizeof(key));
hash.data = hashBuf;
hash.len = sizeof(hashBuf);
- /* If our integrity check was never ran or failed, fail any other
+ /* If our integrity check was never ran or failed, fail any other
* integrity checks to prevent any token going into FIPS mode. */
if (!self && (BL_FIPSEntryOK(PR_FALSE) != SECSuccess)) {
- return PR_FALSE;
+ return PR_FALSE;
}
if (!shName) {
- goto loser;
+ goto loser;
}
/* figure out the name of our check file */
checkName = mkCheckFileName(shName);
if (!checkName) {
- goto loser;
+ goto loser;
}
/* open the check File */
@@ -358,54 +363,54 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
checkName, (int)PR_GetError(), (int)PR_GetOSError());
#endif /* DEBUG_SHVERIFY */
- goto loser;
+ goto loser;
}
/* read and Verify the headerthe header */
bytesRead = PR_Read(checkFD, buf, 12);
if (bytesRead != 12) {
- goto loser;
+ goto loser;
}
if ((buf[0] != NSS_SIGN_CHK_MAGIC1) || (buf[1] != NSS_SIGN_CHK_MAGIC2)) {
- goto loser;
+ goto loser;
}
- if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) ||
- (buf[3] < NSS_SIGN_CHK_MINOR_VERSION)) {
- goto loser;
+ if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) ||
+ (buf[3] < NSS_SIGN_CHK_MINOR_VERSION)) {
+ goto loser;
}
#ifdef notdef
if (decodeInt(&buf[8]) != CKK_DSA) {
- goto loser;
+ goto loser;
}
#endif
/* seek past any future header extensions */
offset = decodeInt(&buf[4]);
if (PR_Seek(checkFD, offset, PR_SEEK_SET) < 0) {
- goto loser;
+ goto loser;
}
/* read the key */
- rv = readItem(checkFD,&key.params.prime);
+ rv = readItem(checkFD, &key.params.prime);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
- rv = readItem(checkFD,&key.params.subPrime);
+ rv = readItem(checkFD, &key.params.subPrime);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
- rv = readItem(checkFD,&key.params.base);
+ rv = readItem(checkFD, &key.params.base);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
- rv = readItem(checkFD,&key.publicValue);
+ rv = readItem(checkFD, &key.publicValue);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
/* read the siganture */
- rv = readItem(checkFD,&signature);
+ rv = readItem(checkFD, &signature);
if (rv != SECSuccess) {
- goto loser;
+ goto loser;
}
/* done with the check file */
@@ -414,12 +419,12 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
hashObj = HASH_GetRawHashObject(PQG_GetHashType(&key.params));
if (hashObj == NULL) {
- goto loser;
+ goto loser;
}
- /* open our library file */
+/* open our library file */
#ifdef FREEBL_USE_PRELINK
- shFD = bl_OpenUnPrelink(shName,&pid);
+ shFD = bl_OpenUnPrelink(shName, &pid);
#else
shFD = PR_Open(shName, PR_RDONLY, 0);
#endif
@@ -428,20 +433,20 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
shName, (int)PR_GetError(), (int)PR_GetOSError());
#endif /* DEBUG_SHVERIFY */
- goto loser;
+ goto loser;
}
/* hash our library file with SHA1 */
hashcx = hashObj->create();
if (hashcx == NULL) {
- goto loser;
+ goto loser;
}
hashObj->begin(hashcx);
count = 0;
while ((bytesRead = PR_Read(shFD, buf, sizeof(buf))) > 0) {
- hashObj->update(hashcx, buf, bytesRead);
- count += bytesRead;
+ hashObj->update(hashcx, buf, bytesRead);
+ count += bytesRead;
}
#ifdef FREEBL_USE_PRELINK
bl_CloseUnPrelink(shFD, pid);
@@ -452,66 +457,64 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
hashObj->end(hashcx, hash.data, &hash.len, hash.len);
-
/* verify the hash against the check file */
if (DSA_VerifyDigest(&key, &signature, &hash) == SECSuccess) {
- result = PR_TRUE;
+ result = PR_TRUE;
}
#ifdef DEBUG_SHVERIFY
- {
- int i,j;
- fprintf(stderr,"File %s: %d bytes\n",shName, count);
- fprintf(stderr," hash: %d bytes\n", hash.len);
+ {
+ int i, j;
+ fprintf(stderr, "File %s: %d bytes\n", shName, count);
+ fprintf(stderr, " hash: %d bytes\n", hash.len);
#define STEP 10
- for (i=0; i < hash.len; i += STEP) {
- fprintf(stderr," ");
- for (j=0; j < STEP && (i+j) < hash.len; j++) {
- fprintf(stderr," %02x", hash.data[i+j]);
- }
- fprintf(stderr,"\n");
+ for (i = 0; i < hash.len; i += STEP) {
+ fprintf(stderr, " ");
+ for (j = 0; j < STEP && (i + j) < hash.len; j++) {
+ fprintf(stderr, " %02x", hash.data[i + j]);
+ }
+ fprintf(stderr, "\n");
}
- fprintf(stderr," signature: %d bytes\n", signature.len);
- for (i=0; i < signature.len; i += STEP) {
- fprintf(stderr," ");
- for (j=0; j < STEP && (i+j) < signature.len; j++) {
- fprintf(stderr," %02x", signature.data[i+j]);
- }
- fprintf(stderr,"\n");
+ fprintf(stderr, " signature: %d bytes\n", signature.len);
+ for (i = 0; i < signature.len; i += STEP) {
+ fprintf(stderr, " ");
+ for (j = 0; j < STEP && (i + j) < signature.len; j++) {
+ fprintf(stderr, " %02x", signature.data[i + j]);
+ }
+ fprintf(stderr, "\n");
}
- fprintf(stderr,"Verified : %s\n",result?"TRUE": "FALSE");
+ fprintf(stderr, "Verified : %s\n", result ? "TRUE" : "FALSE");
}
#endif /* DEBUG_SHVERIFY */
-
loser:
if (checkName != NULL) {
- PORT_Free(checkName);
+ PORT_Free(checkName);
}
if (checkFD != NULL) {
- PR_Close(checkFD);
+ PR_Close(checkFD);
}
if (shFD != NULL) {
- PR_Close(shFD);
+ PR_Close(shFD);
}
if (hashcx != NULL) {
- if (hashObj) {
- hashObj->destroy(hashcx,PR_TRUE);
- }
+ if (hashObj) {
+ hashObj->destroy(hashcx, PR_TRUE);
+ }
}
if (signature.data != NULL) {
- PORT_Free(signature.data);
+ PORT_Free(signature.data);
}
if (key.params.prime.data != NULL) {
- PORT_Free(key.params.prime.data);
+ PORT_Free(key.params.prime.data);
}
if (key.params.subPrime.data != NULL) {
- PORT_Free(key.params.subPrime.data);
+ PORT_Free(key.params.subPrime.data);
}
if (key.params.base.data != NULL) {
- PORT_Free(key.params.base.data);
+ PORT_Free(key.params.base.data);
}
if (key.publicValue.data != NULL) {
- PORT_Free(key.publicValue.data);
+ PORT_Free(key.publicValue.data);
}
return result;
@@ -521,11 +524,11 @@ PRBool
BLAPI_VerifySelf(const char *name)
{
if (name == NULL) {
- /*
- * If name is NULL, freebl is statically linked into softoken.
- * softoken will call BLAPI_SHVerify next to verify itself.
- */
- return PR_TRUE;
+ /*
+ * If name is NULL, freebl is statically linked into softoken.
+ * softoken will call BLAPI_SHVerify next to verify itself.
+ */
+ return PR_TRUE;
}
- return blapi_SHVerify(name, (PRFuncPtr) decodeInt, PR_TRUE);
+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE);
}
diff --git a/lib/freebl/stubs.c b/lib/freebl/stubs.c
index 4ff3aa898..8e0784935 100644
--- a/lib/freebl/stubs.c
+++ b/lib/freebl/stubs.c
@@ -46,7 +46,7 @@
/*
* This uses function pointers.
- *
+ *
* CONS: A separate function is needed to
* fill in the function pointers.
*
@@ -56,109 +56,129 @@
* we switch between the stubs and real NSPR on the fly. NSPR will
* do bad things if passed an _FakeArena to free or allocate from).
*/
-#define STUB_DECLARE(ret, fn, args) \
- typedef ret (*type_##fn) args; \
- static type_##fn ptr_##fn = NULL
+#define STUB_DECLARE(ret, fn, args) \
+ typedef ret(*type_##fn) args; \
+ static type_##fn ptr_##fn = NULL
#define STUB_SAFE_CALL0(fn) \
- if (ptr_##fn) { return ptr_##fn(); }
-#define STUB_SAFE_CALL1(fn,a1) \
- if (ptr_##fn) { return ptr_##fn(a1); }
-#define STUB_SAFE_CALL2(fn,a1,a2) \
- if (ptr_##fn) { return ptr_##fn(a1,a2); }
-#define STUB_SAFE_CALL3(fn,a1,a2,a3) \
- if (ptr_##fn) { return ptr_##fn(a1,a2,a3); }
-#define STUB_SAFE_CALL4(fn,a1,a2,a3,a4) \
- if (ptr_##fn) { return ptr_##fn(a1,a2,a3,a4); }
-#define STUB_SAFE_CALL6(fn,a1,a2,a3,a4,a5,a6) \
- if (ptr_##fn) { return ptr_##fn(a1,a2,a3,a4,a5,a6); }
-
-#define STUB_FETCH_FUNCTION(fn) \
- ptr_##fn = (type_##fn) dlsym(lib,#fn); \
- if (ptr_##fn == NULL) { \
- return SECFailure; \
+ if (ptr_##fn) { \
+ return ptr_##fn(); \
+ }
+#define STUB_SAFE_CALL1(fn, a1) \
+ if (ptr_##fn) { \
+ return ptr_##fn(a1); \
+ }
+#define STUB_SAFE_CALL2(fn, a1, a2) \
+ if (ptr_##fn) { \
+ return ptr_##fn(a1, a2); \
+ }
+#define STUB_SAFE_CALL3(fn, a1, a2, a3) \
+ if (ptr_##fn) { \
+ return ptr_##fn(a1, a2, a3); \
+ }
+#define STUB_SAFE_CALL4(fn, a1, a2, a3, a4) \
+ if (ptr_##fn) { \
+ return ptr_##fn(a1, a2, a3, a4); \
+ }
+#define STUB_SAFE_CALL6(fn, a1, a2, a3, a4, a5, a6) \
+ if (ptr_##fn) { \
+ return ptr_##fn(a1, a2, a3, a4, a5, a6); \
+ }
+
+#define STUB_FETCH_FUNCTION(fn) \
+ ptr_##fn = (type_##fn)dlsym(lib, #fn); \
+ if (ptr_##fn == NULL) { \
+ return SECFailure; \
}
#else
/*
* this uses the loader weak attribute. it works automatically, but once
- * freebl is loaded, the symbols are 'fixed' (later loading of NSPR or
+ * freebl is loaded, the symbols are 'fixed' (later loading of NSPR or
* libutil will not resolve these symbols).
*/
-#define STUB_DECLARE(ret, fn, args) \
- WEAK extern ret fn args
+#define STUB_DECLARE(ret, fn, args) \
+ WEAK extern ret fn args
#define STUB_SAFE_CALL0(fn) \
- if (fn) { return fn(); }
-#define STUB_SAFE_CALL1(fn,a1) \
- if (fn) { return fn(a1); }
-#define STUB_SAFE_CALL2(fn,a1,a2) \
- if (fn) { return fn(a1,a2); }
-#define STUB_SAFE_CALL3(fn,a1,a2,a3) \
- if (fn) { return fn(a1,a2,a3); }
-#define STUB_SAFE_CALL4(fn,a1,a2,a3,a4) \
- if (fn) { return fn(a1,a2,a3,a4); }
-#define STUB_SAFE_CALL6(fn,a1,a2,a3,a4,a5,a6) \
- if (fn) { return fn(a1,a2,a3,a4,a5,a6); }
+ if (fn) { \
+ return fn(); \
+ }
+#define STUB_SAFE_CALL1(fn, a1) \
+ if (fn) { \
+ return fn(a1); \
+ }
+#define STUB_SAFE_CALL2(fn, a1, a2) \
+ if (fn) { \
+ return fn(a1, a2); \
+ }
+#define STUB_SAFE_CALL3(fn, a1, a2, a3) \
+ if (fn) { \
+ return fn(a1, a2, a3); \
+ }
+#define STUB_SAFE_CALL4(fn, a1, a2, a3, a4) \
+ if (fn) { \
+ return fn(a1, a2, a3, a4); \
+ }
+#define STUB_SAFE_CALL6(fn, a1, a2, a3, a4, a5, a6) \
+ if (fn) { \
+ return fn(a1, a2, a3, a4, a5, a6); \
+ }
#endif
-
-STUB_DECLARE(void *,PORT_Alloc_Util,(size_t len));
-STUB_DECLARE(void *,PORT_ArenaAlloc_Util,(PLArenaPool *arena, size_t size));
-STUB_DECLARE(void *,PORT_ArenaZAlloc_Util,(PLArenaPool *arena, size_t size));
-STUB_DECLARE(void ,PORT_Free_Util,(void *ptr));
-STUB_DECLARE(void ,PORT_FreeArena_Util,(PLArenaPool *arena, PRBool zero));
-STUB_DECLARE(int,PORT_GetError_Util,(void));
-STUB_DECLARE(PLArenaPool *,PORT_NewArena_Util,(unsigned long chunksize));
-STUB_DECLARE(void,PORT_SetError_Util,(int value));
-STUB_DECLARE(void *,PORT_ZAlloc_Util,(size_t len));
-STUB_DECLARE(void,PORT_ZFree_Util,(void *ptr, size_t len));
-
-STUB_DECLARE(void,PR_Assert,(const char *s, const char *file, PRIntn ln));
-STUB_DECLARE(PRStatus,PR_Access,(const char *name, PRAccessHow how));
-STUB_DECLARE(PRStatus,PR_CallOnce,(PRCallOnceType *once, PRCallOnceFN func));
-STUB_DECLARE(PRStatus,PR_Close,(PRFileDesc *fd));
-STUB_DECLARE(void,PR_DestroyLock,(PRLock *lock));
-STUB_DECLARE(void,PR_DestroyCondVar,(PRCondVar *cvar));
-STUB_DECLARE(void,PR_Free,(void *ptr));
-STUB_DECLARE(char * ,PR_GetLibraryFilePathname,(const char *name,
- PRFuncPtr addr));
-STUB_DECLARE(PRFileDesc *,PR_ImportPipe,(PROsfd osfd));
-STUB_DECLARE(void,PR_Lock,(PRLock *lock));
-STUB_DECLARE(PRCondVar *,PR_NewCondVar,(PRLock *lock));
-STUB_DECLARE(PRLock *,PR_NewLock,(void));
-STUB_DECLARE(PRStatus,PR_NotifyCondVar,(PRCondVar *cvar));
-STUB_DECLARE(PRStatus,PR_NotifyAllCondVar,(PRCondVar *cvar));
-STUB_DECLARE(PRFileDesc *,PR_Open,(const char *name, PRIntn flags,
- PRIntn mode));
-STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount));
-STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset,
- PRSeekWhence whence));
-STUB_DECLARE(PRStatus,PR_Sleep,(PRIntervalTime ticks));
-STUB_DECLARE(PRStatus,PR_Unlock,(PRLock *lock));
-STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar,
- PRIntervalTime timeout));
-STUB_DECLARE(char*,PR_GetEnvSecure,(const char *));
-
-
-STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena,
- SECItem *item,unsigned int len));
-STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a,
- const SECItem *b));
-STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PLArenaPool *arena,
- SECItem *to,const SECItem *from));
-STUB_DECLARE(void,SECITEM_FreeItem_Util,(SECItem *zap, PRBool freeit));
-STUB_DECLARE(void,SECITEM_ZfreeItem_Util,(SECItem *zap, PRBool freeit));
-STUB_DECLARE(SECOidTag,SECOID_FindOIDTag_Util,(const SECItem *oid));
-STUB_DECLARE(int, NSS_SecureMemcmp,(const void *a, const void *b, size_t n));
-
-
-#define PORT_ZNew_stub(type) (type*)PORT_ZAlloc_stub(sizeof(type))
-#define PORT_New_stub(type) (type*)PORT_Alloc_stub(sizeof(type))
-#define PORT_ZNewArray_stub(type, num) \
- (type*) PORT_ZAlloc_stub (sizeof(type)*(num))
-
+STUB_DECLARE(void *, PORT_Alloc_Util, (size_t len));
+STUB_DECLARE(void *, PORT_ArenaAlloc_Util, (PLArenaPool * arena, size_t size));
+STUB_DECLARE(void *, PORT_ArenaZAlloc_Util, (PLArenaPool * arena, size_t size));
+STUB_DECLARE(void, PORT_Free_Util, (void *ptr));
+STUB_DECLARE(void, PORT_FreeArena_Util, (PLArenaPool * arena, PRBool zero));
+STUB_DECLARE(int, PORT_GetError_Util, (void));
+STUB_DECLARE(PLArenaPool *, PORT_NewArena_Util, (unsigned long chunksize));
+STUB_DECLARE(void, PORT_SetError_Util, (int value));
+STUB_DECLARE(void *, PORT_ZAlloc_Util, (size_t len));
+STUB_DECLARE(void, PORT_ZFree_Util, (void *ptr, size_t len));
+
+STUB_DECLARE(void, PR_Assert, (const char *s, const char *file, PRIntn ln));
+STUB_DECLARE(PRStatus, PR_Access, (const char *name, PRAccessHow how));
+STUB_DECLARE(PRStatus, PR_CallOnce, (PRCallOnceType * once, PRCallOnceFN func));
+STUB_DECLARE(PRStatus, PR_Close, (PRFileDesc * fd));
+STUB_DECLARE(void, PR_DestroyLock, (PRLock * lock));
+STUB_DECLARE(void, PR_DestroyCondVar, (PRCondVar * cvar));
+STUB_DECLARE(void, PR_Free, (void *ptr));
+STUB_DECLARE(char *, PR_GetLibraryFilePathname, (const char *name,
+ PRFuncPtr addr));
+STUB_DECLARE(PRFileDesc *, PR_ImportPipe, (PROsfd osfd));
+STUB_DECLARE(void, PR_Lock, (PRLock * lock));
+STUB_DECLARE(PRCondVar *, PR_NewCondVar, (PRLock * lock));
+STUB_DECLARE(PRLock *, PR_NewLock, (void));
+STUB_DECLARE(PRStatus, PR_NotifyCondVar, (PRCondVar * cvar));
+STUB_DECLARE(PRStatus, PR_NotifyAllCondVar, (PRCondVar * cvar));
+STUB_DECLARE(PRFileDesc *, PR_Open, (const char *name, PRIntn flags,
+ PRIntn mode));
+STUB_DECLARE(PRInt32, PR_Read, (PRFileDesc * fd, void *buf, PRInt32 amount));
+STUB_DECLARE(PROffset32, PR_Seek, (PRFileDesc * fd, PROffset32 offset,
+ PRSeekWhence whence));
+STUB_DECLARE(PRStatus, PR_Sleep, (PRIntervalTime ticks));
+STUB_DECLARE(PRStatus, PR_Unlock, (PRLock * lock));
+STUB_DECLARE(PRStatus, PR_WaitCondVar, (PRCondVar * cvar,
+ PRIntervalTime timeout));
+STUB_DECLARE(char *, PR_GetEnvSecure, (const char *));
+
+STUB_DECLARE(SECItem *, SECITEM_AllocItem_Util, (PLArenaPool * arena,
+ SECItem *item, unsigned int len));
+STUB_DECLARE(SECComparison, SECITEM_CompareItem_Util, (const SECItem *a,
+ const SECItem *b));
+STUB_DECLARE(SECStatus, SECITEM_CopyItem_Util, (PLArenaPool * arena,
+ SECItem *to, const SECItem *from));
+STUB_DECLARE(void, SECITEM_FreeItem_Util, (SECItem * zap, PRBool freeit));
+STUB_DECLARE(void, SECITEM_ZfreeItem_Util, (SECItem * zap, PRBool freeit));
+STUB_DECLARE(SECOidTag, SECOID_FindOIDTag_Util, (const SECItem *oid));
+STUB_DECLARE(int, NSS_SecureMemcmp, (const void *a, const void *b, size_t n));
+
+#define PORT_ZNew_stub(type) (type *)PORT_ZAlloc_stub(sizeof(type))
+#define PORT_New_stub(type) (type *)PORT_Alloc_stub(sizeof(type))
+#define PORT_ZNewArray_stub(type, num) \
+ (type *)PORT_ZAlloc_stub(sizeof(type) * (num))
/*
* NOTE: in order to support hashing only the memory allocation stubs,
@@ -168,7 +188,6 @@ STUB_DECLARE(int, NSS_SecureMemcmp,(const void *a, const void *b, size_t n));
* will most likely fail.
*/
-
/* memory */
extern void *
PORT_Alloc_stub(size_t len)
@@ -190,12 +209,11 @@ PORT_ZAlloc_stub(size_t len)
STUB_SAFE_CALL1(PORT_ZAlloc_Util, len);
void *ptr = malloc(len);
if (ptr) {
- memset(ptr, 0, len);
+ memset(ptr, 0, len);
}
return ptr;
}
-
extern void
PORT_ZFree_stub(void *ptr, size_t len)
{
@@ -241,7 +259,7 @@ PORT_ArenaZAlloc_stub(PLArenaPool *arena, size_t size)
return NULL;
}
-extern void
+extern void
PORT_FreeArena_stub(PLArenaPool *arena, PRBool zero)
{
@@ -249,7 +267,6 @@ PORT_FreeArena_stub(PLArenaPool *arena, PRBool zero)
abort();
}
-
/* io */
extern PRFileDesc *
PR_Open_stub(const char *name, PRIntn flags, PRIntn mode)
@@ -277,12 +294,12 @@ PR_Open_stub(const char *name, PRIntn flags, PRIntn mode)
fd = open(name, lflags, mode);
if (fd >= 0) {
- lfd = PORT_New_stub(int);
- if (lfd != NULL) {
- *lfd = fd;
- } else {
- close(fd);
- }
+ lfd = PORT_New_stub(int);
+ if (lfd != NULL) {
+ *lfd = fd;
+ } else {
+ close(fd);
+ }
}
return (PRFileDesc *)lfd;
}
@@ -296,7 +313,7 @@ PR_ImportPipe_stub(PROsfd fd)
lfd = PORT_New_stub(int);
if (lfd != NULL) {
- *lfd = fd;
+ *lfd = fd;
}
return (PRFileDesc *)lfd;
}
@@ -310,7 +327,7 @@ PR_Close_stub(PRFileDesc *fd)
lfd = (int *)fd;
close(*lfd);
PORT_Free_stub(lfd);
-
+
return PR_SUCCESS;
}
@@ -319,7 +336,7 @@ PR_Read_stub(PRFileDesc *fd, void *buf, PRInt32 amount)
{
int *lfd;
STUB_SAFE_CALL3(PR_Read, fd, buf, amount);
-
+
lfd = (int *)fd;
return read(*lfd, buf, amount);
}
@@ -345,31 +362,32 @@ PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence)
return lseek(*lfd, offset, lwhence);
}
-PRStatus PR_Access_stub(const char *name, PRAccessHow how)
+PRStatus
+PR_Access_stub(const char *name, PRAccessHow how)
{
int mode = F_OK;
int rv;
STUB_SAFE_CALL2(PR_Access, name, how);
switch (how) {
- case PR_ACCESS_WRITE_OK:
- mode = W_OK;
- break;
- case PR_ACCESS_READ_OK:
- mode = R_OK;
- break;
- /* assume F_OK for all others */
- default:
- break;
+ case PR_ACCESS_WRITE_OK:
+ mode = W_OK;
+ break;
+ case PR_ACCESS_READ_OK:
+ mode = R_OK;
+ break;
+ /* assume F_OK for all others */
+ default:
+ break;
}
rv = access(name, mode);
if (rv == 0) {
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
return PR_FAILURE;
}
/*
- * library
+ * library
*/
extern char *
PR_GetLibraryFilePathname_stub(const char *name, PRFuncPtr addr)
@@ -382,27 +400,26 @@ PR_GetLibraryFilePathname_stub(const char *name, PRFuncPtr addr)
if (dladdr((void *)addr, &dli) == 0) {
return NULL;
}
- result = PORT_Alloc_stub(strlen(dli.dli_fname)+1);
+ result = PORT_Alloc_stub(strlen(dli.dli_fname) + 1);
if (result != NULL) {
strcpy(result, dli.dli_fname);
}
return result;
}
-
#include <errno.h>
/* errors */
extern int
PORT_GetError_stub(void)
-{
+{
STUB_SAFE_CALL0(PORT_GetError_Util);
return errno;
}
-extern void
+extern void
PORT_SetError_stub(int value)
-{
+{
STUB_SAFE_CALL1(PORT_SetError_Util, value);
errno = value;
}
@@ -421,11 +438,10 @@ extern PRStatus
PR_Sleep_stub(PRIntervalTime ticks)
{
STUB_SAFE_CALL1(PR_Sleep, ticks);
- usleep(ticks*1000);
+ usleep(ticks * 1000);
return PR_SUCCESS;
}
-
/* locking */
extern PRLock *
PR_NewLock_stub(void)
@@ -491,7 +507,7 @@ PR_WaitCondVar_stub(PRCondVar *cvar, PRIntervalTime timeout)
return PR_FAILURE;
}
-extern char*
+extern char *
PR_GetEnvSecure_stub(const char *var)
{
STUB_SAFE_CALL1(PR_GetEnvSecure, var);
@@ -499,7 +515,6 @@ PR_GetEnvSecure_stub(const char *var)
return NULL;
}
-
extern void
PR_DestroyCondVar_stub(PRCondVar *cvar)
{
@@ -519,7 +534,6 @@ PR_CallOnce_stub(PRCallOnceType *once, PRCallOnceFN func)
return PR_FAILURE;
}
-
/*
* SECITEMS implement Item Utilities
*/
@@ -533,13 +547,13 @@ SECITEM_FreeItem_stub(SECItem *zap, PRBool freeit)
extern SECItem *
SECITEM_AllocItem_stub(PLArenaPool *arena, SECItem *item, unsigned int len)
{
- STUB_SAFE_CALL3(SECITEM_AllocItem_Util, arena, item, len);
+ STUB_SAFE_CALL3(SECITEM_AllocItem_Util, arena, item, len);
abort();
return NULL;
}
extern SECComparison
-SECITEM_CompareItem_stub(const SECItem *a, const SECItem *b)
+SECITEM_CompareItem_stub(const SECItem *a, const SECItem *b)
{
STUB_SAFE_CALL2(SECITEM_CompareItem_Util, a, b);
abort();
@@ -578,8 +592,8 @@ NSS_SecureMemcmp_stub(const void *a, const void *b, size_t n)
#ifdef FREEBL_NO_WEAK
-static const char *nsprLibName = SHLIB_PREFIX"nspr4."SHLIB_SUFFIX;
-static const char *nssutilLibName = SHLIB_PREFIX"nssutil3."SHLIB_SUFFIX;
+static const char *nsprLibName = SHLIB_PREFIX "nspr4." SHLIB_SUFFIX;
+static const char *nssutilLibName = SHLIB_PREFIX "nssutil3." SHLIB_SUFFIX;
static SECStatus
freebl_InitNSPR(void *lib)
@@ -634,16 +648,17 @@ freebl_InitNSSUtil(void *lib)
/*
* fetch the library if it's loaded. For NSS it should already be loaded
*/
-#define freebl_getLibrary(libName) \
- dlopen (libName, RTLD_LAZY|RTLD_NOLOAD)
+#define freebl_getLibrary(libName) \
+ dlopen(libName, RTLD_LAZY | RTLD_NOLOAD)
#define freebl_releaseLibrary(lib) \
- if (lib) dlclose(lib)
+ if (lib) \
+ dlclose(lib)
-static void * FREEBLnsprGlobalLib = NULL;
-static void * FREEBLnssutilGlobalLib = NULL;
+static void *FREEBLnsprGlobalLib = NULL;
+static void *FREEBLnssutilGlobalLib = NULL;
-void __attribute ((destructor)) FREEBL_unload()
+void __attribute((destructor)) FREEBL_unload()
{
freebl_releaseLibrary(FREEBLnsprGlobalLib);
freebl_releaseLibrary(FREEBLnssutilGlobalLib);
@@ -652,7 +667,7 @@ void __attribute ((destructor)) FREEBL_unload()
/*
* load the symbols from the real libraries if available.
- *
+ *
* if force is set, explicitly load the libraries if they are not already
* loaded. If we could not use the real libraries, return failure.
*/
@@ -661,34 +676,34 @@ FREEBL_InitStubs()
{
SECStatus rv = SECSuccess;
#ifdef FREEBL_NO_WEAK
- void *nspr = NULL;
- void *nssutil = NULL;
+ void *nspr = NULL;
+ void *nssutil = NULL;
/* NSPR should be first */
if (!FREEBLnsprGlobalLib) {
- nspr = freebl_getLibrary(nsprLibName);
- if (!nspr) {
- return SECFailure;
- }
- rv = freebl_InitNSPR(nspr);
- if (rv != SECSuccess) {
- freebl_releaseLibrary(nspr);
- return rv;
- }
- FREEBLnsprGlobalLib = nspr; /* adopt */
+ nspr = freebl_getLibrary(nsprLibName);
+ if (!nspr) {
+ return SECFailure;
+ }
+ rv = freebl_InitNSPR(nspr);
+ if (rv != SECSuccess) {
+ freebl_releaseLibrary(nspr);
+ return rv;
+ }
+ FREEBLnsprGlobalLib = nspr; /* adopt */
}
/* now load NSSUTIL */
if (!FREEBLnssutilGlobalLib) {
- nssutil= freebl_getLibrary(nssutilLibName);
- if (!nssutil) {
- return SECFailure;
- }
- rv = freebl_InitNSSUtil(nssutil);
- if (rv != SECSuccess) {
- freebl_releaseLibrary(nssutil);
- return rv;
- }
- FREEBLnssutilGlobalLib = nssutil; /* adopt */
+ nssutil = freebl_getLibrary(nssutilLibName);
+ if (!nssutil) {
+ return SECFailure;
+ }
+ rv = freebl_InitNSSUtil(nssutil);
+ if (rv != SECSuccess) {
+ freebl_releaseLibrary(nssutil);
+ return rv;
+ }
+ FREEBLnssutilGlobalLib = nssutil; /* adopt */
}
#endif
diff --git a/lib/freebl/stubs.h b/lib/freebl/stubs.h
index 4253f2682..25ec394ec 100644
--- a/lib/freebl/stubs.h
+++ b/lib/freebl/stubs.h
@@ -21,46 +21,46 @@
#define _LIBUTIL_H_ 1
#define PORT_Alloc PORT_Alloc_stub
-#define PORT_ArenaAlloc PORT_ArenaAlloc_stub
-#define PORT_ArenaZAlloc PORT_ArenaZAlloc_stub
+#define PORT_ArenaAlloc PORT_ArenaAlloc_stub
+#define PORT_ArenaZAlloc PORT_ArenaZAlloc_stub
#define PORT_Free PORT_Free_stub
-#define PORT_FreeArena PORT_FreeArena_stub
-#define PORT_GetError PORT_GetError_stub
-#define PORT_NewArena PORT_NewArena_stub
-#define PORT_SetError PORT_SetError_stub
+#define PORT_FreeArena PORT_FreeArena_stub
+#define PORT_GetError PORT_GetError_stub
+#define PORT_NewArena PORT_NewArena_stub
+#define PORT_SetError PORT_SetError_stub
#define PORT_ZAlloc PORT_ZAlloc_stub
-#define PORT_ZFree PORT_ZFree_stub
+#define PORT_ZFree PORT_ZFree_stub
-#define SECITEM_AllocItem SECITEM_AllocItem_stub
-#define SECITEM_CompareItem SECITEM_CompareItem_stub
-#define SECITEM_CopyItem SECITEM_CopyItem_stub
-#define SECITEM_FreeItem SECITEM_FreeItem_stub
-#define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub
-#define SECOID_FindOIDTag SECOID_FindOIDTag_stub
+#define SECITEM_AllocItem SECITEM_AllocItem_stub
+#define SECITEM_CompareItem SECITEM_CompareItem_stub
+#define SECITEM_CopyItem SECITEM_CopyItem_stub
+#define SECITEM_FreeItem SECITEM_FreeItem_stub
+#define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub
+#define SECOID_FindOIDTag SECOID_FindOIDTag_stub
#define NSS_SecureMemcmp NSS_SecureMemcmp_stub
-#define PR_Assert PR_Assert_stub
-#define PR_Access PR_Access_stub
-#define PR_CallOnce PR_CallOnce_stub
-#define PR_Close PR_Close_stub
+#define PR_Assert PR_Assert_stub
+#define PR_Access PR_Access_stub
+#define PR_CallOnce PR_CallOnce_stub
+#define PR_Close PR_Close_stub
#define PR_DestroyCondVar PR_DestroyCondVar_stub
-#define PR_DestroyLock PR_DestroyLock_stub
-#define PR_Free PR_Free_stub
-#define PR_GetLibraryFilePathname PR_GetLibraryFilePathname_stub
-#define PR_ImportPipe PR_ImportPipe_stub
-#define PR_Lock PR_Lock_stub
+#define PR_DestroyLock PR_DestroyLock_stub
+#define PR_Free PR_Free_stub
+#define PR_GetLibraryFilePathname PR_GetLibraryFilePathname_stub
+#define PR_ImportPipe PR_ImportPipe_stub
+#define PR_Lock PR_Lock_stub
#define PR_NewCondVar PR_NewCondVar_stub
-#define PR_NewLock PR_NewLock_stub
+#define PR_NewLock PR_NewLock_stub
#define PR_NotifyCondVar PR_NotifyCondVar_stub
#define PR_NotifyAllCondVar PR_NotifyAllCondVar_stub
-#define PR_Open PR_Open_stub
-#define PR_Read PR_Read_stub
-#define PR_Seek PR_Seek_stub
-#define PR_Sleep PR_Sleep_stub
-#define PR_Unlock PR_Unlock_stub
+#define PR_Open PR_Open_stub
+#define PR_Read PR_Read_stub
+#define PR_Seek PR_Seek_stub
+#define PR_Sleep PR_Sleep_stub
+#define PR_Unlock PR_Unlock_stub
#define PR_WaitCondVar PR_WaitCondVar_stub
#define PR_GetEnvSecure PR_GetEnvSecure_stub
-extern int FREEBL_InitStubs(void);
+extern int FREEBL_InitStubs(void);
#endif
diff --git a/lib/freebl/sysrand.c b/lib/freebl/sysrand.c
index e6dd56ade..0128fa0ee 100644
--- a/lib/freebl/sysrand.c
+++ b/lib/freebl/sysrand.c
@@ -27,23 +27,23 @@ static size_t rng_systemFromNoise(unsigned char *dest, size_t maxLen);
* Normal RNG_SystemRNG() isn't available, use the system noise to collect
* the required amount of entropy.
*/
-static size_t
-rng_systemFromNoise(unsigned char *dest, size_t maxLen)
+static size_t
+rng_systemFromNoise(unsigned char *dest, size_t maxLen)
{
- size_t retBytes = maxLen;
+ size_t retBytes = maxLen;
- while (maxLen) {
- size_t nbytes = RNG_GetNoise(dest, maxLen);
+ while (maxLen) {
+ size_t nbytes = RNG_GetNoise(dest, maxLen);
- PORT_Assert(nbytes != 0);
+ PORT_Assert(nbytes != 0);
- dest += nbytes;
- maxLen -= nbytes;
+ dest += nbytes;
+ maxLen -= nbytes;
- /* some hw op to try to introduce more entropy into the next
- * RNG_GetNoise call */
- rng_systemJitter();
- }
- return retBytes;
+ /* some hw op to try to introduce more entropy into the next
+ * RNG_GetNoise call */
+ rng_systemJitter();
+ }
+ return retBytes;
}
#endif
diff --git a/lib/freebl/tlsprfalg.c b/lib/freebl/tlsprfalg.c
index f2db80301..1e5e67886 100644
--- a/lib/freebl/tlsprfalg.c
+++ b/lib/freebl/tlsprfalg.c
@@ -12,13 +12,12 @@
#include "hasht.h"
#include "alghmac.h"
-
#define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX
/* TLS P_hash function */
SECStatus
-TLS_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label,
- SECItem *seed, SECItem *result, PRBool isFIPS)
+TLS_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label,
+ SECItem *seed, SECItem *result, PRBool isFIPS)
{
unsigned char state[PHASH_STATE_MAX_LEN];
unsigned char outbuf[PHASH_STATE_MAX_LEN];
@@ -38,11 +37,11 @@ TLS_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label,
res = result->data;
if (label != NULL)
- label_len = PORT_Strlen(label);
+ label_len = PORT_Strlen(label);
cx = HMAC_Create(hashObj, secret->data, secret->len, isFIPS);
if (cx == NULL)
- goto loser;
+ goto loser;
/* initialize the state = A(1) = HMAC_hash(secret, seed) */
HMAC_Begin(cx);
@@ -50,51 +49,51 @@ TLS_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label,
HMAC_Update(cx, seed->data, seed->len);
status = HMAC_Finish(cx, state, &state_len, sizeof(state));
if (status != SECSuccess)
- goto loser;
+ goto loser;
/* generate a block at a time until we're done */
while (remaining > 0) {
- HMAC_Begin(cx);
- HMAC_Update(cx, state, state_len);
- if (label_len)
- HMAC_Update(cx, (unsigned char *)label, label_len);
- HMAC_Update(cx, seed->data, seed->len);
- status = HMAC_Finish(cx, outbuf, &outbuf_len, sizeof(outbuf));
- if (status != SECSuccess)
- goto loser;
+ HMAC_Begin(cx);
+ HMAC_Update(cx, state, state_len);
+ if (label_len)
+ HMAC_Update(cx, (unsigned char *)label, label_len);
+ HMAC_Update(cx, seed->data, seed->len);
+ status = HMAC_Finish(cx, outbuf, &outbuf_len, sizeof(outbuf));
+ if (status != SECSuccess)
+ goto loser;
/* Update the state = A(i) = HMAC_hash(secret, A(i-1)) */
- HMAC_Begin(cx);
- HMAC_Update(cx, state, state_len);
- status = HMAC_Finish(cx, state, &state_len, sizeof(state));
- if (status != SECSuccess)
- goto loser;
-
- chunk_size = PR_MIN(outbuf_len, remaining);
- PORT_Memcpy(res, &outbuf, chunk_size);
- res += chunk_size;
- remaining -= chunk_size;
+ HMAC_Begin(cx);
+ HMAC_Update(cx, state, state_len);
+ status = HMAC_Finish(cx, state, &state_len, sizeof(state));
+ if (status != SECSuccess)
+ goto loser;
+
+ chunk_size = PR_MIN(outbuf_len, remaining);
+ PORT_Memcpy(res, &outbuf, chunk_size);
+ res += chunk_size;
+ remaining -= chunk_size;
}
rv = SECSuccess;
loser:
/* clear out state so it's not left on the stack */
- if (cx)
- HMAC_Destroy(cx, PR_TRUE);
+ if (cx)
+ HMAC_Destroy(cx, PR_TRUE);
PORT_Memset(state, 0, sizeof(state));
PORT_Memset(outbuf, 0, sizeof(outbuf));
return rv;
}
SECStatus
-TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
- SECItem *result, PRBool isFIPS)
+TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
+ SECItem *result, PRBool isFIPS)
{
SECStatus rv = SECFailure, status;
unsigned int i;
- SECItem tmp = { siBuffer, NULL, 0};
+ SECItem tmp = { siBuffer, NULL, 0 };
SECItem S1;
SECItem S2;
@@ -103,34 +102,33 @@ TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
PORT_Assert((result != NULL) && (result->data != NULL));
S1.type = siBuffer;
- S1.len = (secret->len / 2) + (secret->len & 1);
+ S1.len = (secret->len / 2) + (secret->len & 1);
S1.data = secret->data;
S2.type = siBuffer;
- S2.len = S1.len;
+ S2.len = S1.len;
S2.data = secret->data + (secret->len - S2.len);
- tmp.data = (unsigned char*)PORT_Alloc(result->len);
+ tmp.data = (unsigned char *)PORT_Alloc(result->len);
if (tmp.data == NULL)
- goto loser;
+ goto loser;
tmp.len = result->len;
status = TLS_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS);
if (status != SECSuccess)
- goto loser;
+ goto loser;
status = TLS_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS);
if (status != SECSuccess)
- goto loser;
+ goto loser;
for (i = 0; i < result->len; i++)
- result->data[i] ^= tmp.data[i];
+ result->data[i] ^= tmp.data[i];
rv = SECSuccess;
loser:
if (tmp.data != NULL)
- PORT_ZFree(tmp.data, tmp.len);
+ PORT_ZFree(tmp.data, tmp.len);
return rv;
}
-
diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
index e8754f0bc..ea3b6af3d 100644
--- a/lib/freebl/unix_rand.c
+++ b/lib/freebl/unix_rand.c
@@ -32,25 +32,26 @@ size_t RNG_FileUpdate(const char *fileName, size_t limit);
* Does this mean the least signicant bytes are the most significant
* to us? :-)
*/
-
-static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
+
+static size_t
+CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
{
union endianness {
- PRInt32 i;
- char c[4];
+ PRInt32 i;
+ char c[4];
} u;
if (srclen <= dstlen) {
- memcpy(dst, src, srclen);
- return srclen;
+ memcpy(dst, src, srclen);
+ return srclen;
}
u.i = 0x01020304;
if (u.c[0] == 0x01) {
- /* big-endian case */
- memcpy(dst, (char*)src + (srclen - dstlen), dstlen);
+ /* big-endian case */
+ memcpy(dst, (char *)src + (srclen - dstlen), dstlen);
} else {
- /* little-endian case */
- memcpy(dst, src, dstlen);
+ /* little-endian case */
+ memcpy(dst, src, dstlen);
}
return dstlen;
}
@@ -65,9 +66,10 @@ static const PRUint32 entropy_buf_len = 4096; /* buffer up to 4 KB */
* Returns error if RNG_RandomUpdate fails. Also increments *total_fed
* by the number of bytes successfully buffered.
*/
-static SECStatus BufferEntropy(char* inbuf, PRUint32 inlen,
- char* entropy_buf, PRUint32* entropy_buffered,
- PRUint32* total_fed)
+static SECStatus
+BufferEntropy(char *inbuf, PRUint32 inlen,
+ char *entropy_buf, PRUint32 *entropy_buffered,
+ PRUint32 *total_fed)
{
PRUint32 tocopy = 0;
PRUint32 avail = 0;
@@ -97,13 +99,14 @@ static SECStatus BufferEntropy(char* inbuf, PRUint32 inlen,
/* Feed kernel statistics structures and ks_data field to the RNG.
* Returns status as well as the number of bytes successfully fed to the RNG.
*/
-static SECStatus RNG_kstat(PRUint32* fed)
+static SECStatus
+RNG_kstat(PRUint32 *fed)
{
- kstat_ctl_t* kc = NULL;
- kstat_t* ksp = NULL;
- PRUint32 entropy_buffered = 0;
- char* entropy_buf = NULL;
- SECStatus rv = SECSuccess;
+ kstat_ctl_t *kc = NULL;
+ kstat_t *ksp = NULL;
+ PRUint32 entropy_buffered = 0;
+ char *entropy_buf = NULL;
+ SECStatus rv = SECSuccess;
PORT_Assert(fed);
if (!fed) {
@@ -116,7 +119,7 @@ static SECStatus RNG_kstat(PRUint32* fed)
if (!kc) {
return SECFailure;
}
- entropy_buf = (char*) PORT_Alloc(entropy_buf_len);
+ entropy_buf = (char *)PORT_Alloc(entropy_buf_len);
PORT_Assert(entropy_buf);
if (entropy_buf) {
for (ksp = kc->kc_chain; ksp != NULL; ksp = ksp->ks_next) {
@@ -124,17 +127,17 @@ static SECStatus RNG_kstat(PRUint32* fed)
/* missing data from a single kstat shouldn't be fatal */
continue;
}
- rv = BufferEntropy((char*)ksp, sizeof(kstat_t),
- entropy_buf, &entropy_buffered,
- fed);
+ rv = BufferEntropy((char *)ksp, sizeof(kstat_t),
+ entropy_buf, &entropy_buffered,
+ fed);
if (SECSuccess != rv) {
break;
}
- if (ksp->ks_data && ksp->ks_data_size>0 && ksp->ks_ndata>0) {
- rv = BufferEntropy((char*)ksp->ks_data, ksp->ks_data_size,
- entropy_buf, &entropy_buffered,
- fed);
+ if (ksp->ks_data && ksp->ks_data_size > 0 && ksp->ks_ndata > 0) {
+ rv = BufferEntropy((char *)ksp->ks_data, ksp->ks_data_size,
+ entropy_buf, &entropy_buffered,
+ fed);
if (SECSuccess != rv) {
break;
}
@@ -157,9 +160,7 @@ static SECStatus RNG_kstat(PRUint32* fed)
#endif
-#if defined(SCO) || defined(UNIXWARE) || defined(BSDI) || defined(FREEBSD) \
- || defined(NETBSD) || defined(DARWIN) || defined(OPENBSD) \
- || defined(NTO) || defined(__riscos__)
+#if defined(SCO) || defined(UNIXWARE) || defined(BSDI) || defined(FREEBSD) || defined(NETBSD) || defined(DARWIN) || defined(OPENBSD) || defined(NTO) || defined(__riscos__)
#include <sys/times.h>
#define getdtablesize() sysconf(_SC_OPEN_MAX)
@@ -170,7 +171,7 @@ GetHighResClock(void *buf, size_t maxbytes)
int ticks;
struct tms buffer;
- ticks=times(&buffer);
+ ticks = times(&buffer);
return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
}
@@ -179,7 +180,7 @@ GiveSystemInfo(void)
{
long si;
- /*
+ /*
* Is this really necessary? Why not use rand48 or something?
*/
si = sysconf(_SC_CHILD_MAX);
@@ -207,15 +208,15 @@ GiveSystemInfo(void)
rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
}
@@ -225,7 +226,7 @@ GetHighResClock(void *buf, size_t maxbytes)
hrtime_t t;
t = gethrtime();
if (t) {
- return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+ return CopyLowBits(buf, maxbytes, &t, sizeof(t));
}
return 0;
}
@@ -307,15 +308,15 @@ GiveSystemInfo(void)
rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
}
@@ -364,7 +365,7 @@ GiveSystemInfo(void)
#ifndef NO_SYSINFO
struct sysinfo si;
if (sysinfo(&si) == 0) {
- RNG_RandomUpdate(&si, sizeof(si));
+ RNG_RandomUpdate(&si, sizeof(si));
}
#endif
}
@@ -391,15 +392,15 @@ GiveSystemInfo(void)
rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
}
@@ -423,33 +424,34 @@ GiveSystemInfo(void)
rv = syssgi(SGI_SYSID, &buf[0]);
if (rv > 0) {
- RNG_RandomUpdate(buf, MAXSYSIDSIZE);
+ RNG_RandomUpdate(buf, MAXSYSIDSIZE);
}
#ifdef SGI_RDUBLK
rv = syssgi(SGI_RDUBLK, getpid(), &buf[0], sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, sizeof(buf));
+ RNG_RandomUpdate(buf, sizeof(buf));
}
#endif /* SGI_RDUBLK */
rv = syssgi(SGI_INVENT, SGI_INV_READ, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, sizeof(buf));
+ RNG_RandomUpdate(buf, sizeof(buf));
}
rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
}
-static size_t GetHighResClock(void *buf, size_t maxbuf)
+static size_t
+GetHighResClock(void *buf, size_t maxbuf)
{
unsigned phys_addr, raddr, cycleval;
static volatile unsigned *iotimer_addr = NULL;
@@ -460,66 +462,65 @@ static size_t GetHighResClock(void *buf, size_t maxbuf)
struct timeval tv;
#ifndef SGI_CYCLECNTR_SIZE
-#define SGI_CYCLECNTR_SIZE 165 /* Size user needs to use to read CC */
+#define SGI_CYCLECNTR_SIZE 165 /* Size user needs to use to read CC */
#endif
if (iotimer_addr == NULL) {
- if (tries++ > 1) {
- /* Don't keep trying if it didn't work */
- return 0;
- }
-
- /*
- ** For SGI machines we can use the cycle counter, if it has one,
- ** to generate some truly random numbers
- */
- phys_addr = syssgi(SGI_QUERY_CYCLECNTR, &cycleval);
- if (phys_addr) {
- int pgsz = getpagesize();
- int pgoffmask = pgsz - 1;
-
- raddr = phys_addr & ~pgoffmask;
- mfd = open("/dev/mmem", O_RDONLY);
- if (mfd < 0) {
- return 0;
- }
- iotimer_addr = (unsigned *)
- mmap(0, pgoffmask, PROT_READ, MAP_PRIVATE, mfd, (int)raddr);
- if (iotimer_addr == (void*)-1) {
- close(mfd);
- iotimer_addr = NULL;
- return 0;
- }
- iotimer_addr = (unsigned*)
- ((__psint_t)iotimer_addr | (phys_addr & pgoffmask));
- /*
- * The file 'mfd' is purposefully not closed.
- */
- cntr_size = syssgi(SGI_CYCLECNTR_SIZE);
- if (cntr_size < 0) {
- struct utsname utsinfo;
-
- /*
- * We must be executing on a 6.0 or earlier system, since the
- * SGI_CYCLECNTR_SIZE call is not supported.
- *
- * The only pre-6.1 platforms with 64-bit counters are
- * IP19 and IP21 (Challenge, PowerChallenge, Onyx).
- */
- uname(&utsinfo);
- if (!strncmp(utsinfo.machine, "IP19", 4) ||
- !strncmp(utsinfo.machine, "IP21", 4))
- cntr_size = 64;
- else
- cntr_size = 32;
- }
- cntr_size /= 8; /* Convert from bits to bytes */
- }
+ if (tries++ > 1) {
+ /* Don't keep trying if it didn't work */
+ return 0;
+ }
+
+ /*
+ ** For SGI machines we can use the cycle counter, if it has one,
+ ** to generate some truly random numbers
+ */
+ phys_addr = syssgi(SGI_QUERY_CYCLECNTR, &cycleval);
+ if (phys_addr) {
+ int pgsz = getpagesize();
+ int pgoffmask = pgsz - 1;
+
+ raddr = phys_addr & ~pgoffmask;
+ mfd = open("/dev/mmem", O_RDONLY);
+ if (mfd < 0) {
+ return 0;
+ }
+ iotimer_addr = (unsigned *)
+ mmap(0, pgoffmask, PROT_READ, MAP_PRIVATE, mfd, (int)raddr);
+ if (iotimer_addr == (void *)-1) {
+ close(mfd);
+ iotimer_addr = NULL;
+ return 0;
+ }
+ iotimer_addr = (unsigned *)((__psint_t)iotimer_addr | (phys_addr & pgoffmask));
+ /*
+ * The file 'mfd' is purposefully not closed.
+ */
+ cntr_size = syssgi(SGI_CYCLECNTR_SIZE);
+ if (cntr_size < 0) {
+ struct utsname utsinfo;
+
+ /*
+ * We must be executing on a 6.0 or earlier system, since the
+ * SGI_CYCLECNTR_SIZE call is not supported.
+ *
+ * The only pre-6.1 platforms with 64-bit counters are
+ * IP19 and IP21 (Challenge, PowerChallenge, Onyx).
+ */
+ uname(&utsinfo);
+ if (!strncmp(utsinfo.machine, "IP19", 4) ||
+ !strncmp(utsinfo.machine, "IP21", 4))
+ cntr_size = 64;
+ else
+ cntr_size = 32;
+ }
+ cntr_size /= 8; /* Convert from bits to bytes */
+ }
}
s0[0] = *iotimer_addr;
if (cntr_size > 4)
- s0[1] = *(iotimer_addr + 1);
+ s0[1] = *(iotimer_addr + 1);
memcpy(buf, (char *)&s0[0], cntr_size);
return CopyLowBits(buf, maxbuf, &s0, cntr_size);
}
@@ -544,15 +545,15 @@ GiveSystemInfo(void)
rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
}
#endif /* sony */
@@ -572,7 +573,7 @@ GetHighResClock(void *buf, size_t maxbytes)
int ticks;
struct tms buffer;
- ticks=times(&buffer);
+ ticks = times(&buffer);
return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
}
@@ -584,20 +585,19 @@ GiveSystemInfo(void)
rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
}
#endif /* sinix */
-
#ifdef BEOS
#include <be/kernel/OS.h>
@@ -650,20 +650,21 @@ GiveSystemInfo(void)
rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
if (rv > 0) {
- RNG_RandomUpdate(buf, rv);
+ RNG_RandomUpdate(buf, rv);
}
}
#endif /* nec_ews */
-size_t RNG_GetNoise(void *buf, size_t maxbytes)
+size_t
+RNG_GetNoise(void *buf, size_t maxbytes)
{
struct timeval tv;
int n = 0;
@@ -673,15 +674,15 @@ size_t RNG_GetNoise(void *buf, size_t maxbytes)
maxbytes -= n;
(void)gettimeofday(&tv, 0);
- c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec));
+ c = CopyLowBits((char *)buf + n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec));
n += c;
maxbytes -= c;
- c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_sec, sizeof(tv.tv_sec));
+ c = CopyLowBits((char *)buf + n, maxbytes, &tv.tv_sec, sizeof(tv.tv_sec));
n += c;
return n;
}
-#define SAFE_POPEN_MAXARGS 10 /* must be at least 2 */
+#define SAFE_POPEN_MAXARGS 10 /* must be at least 2 */
/*
* safe_popen is static to this module and we know what arguments it is
@@ -702,73 +703,76 @@ safe_popen(char *cmd)
static struct sigaction newact;
if (pipe(p) < 0)
- return 0;
+ return 0;
fp = fdopen(p[0], "r");
if (fp == 0) {
- close(p[0]);
- close(p[1]);
- return 0;
+ close(p[0]);
+ close(p[1]);
+ return 0;
}
/* Setup signals so that SIGCHLD is ignored as we want to do waitpid */
newact.sa_handler = SIG_DFL;
newact.sa_flags = 0;
sigfillset(&newact.sa_mask);
- sigaction (SIGCHLD, &newact, &oldact);
+ sigaction(SIGCHLD, &newact, &oldact);
pid = fork();
switch (pid) {
- int ndesc;
-
- case -1:
- fclose(fp); /* this closes p[0], the fd associated with fp */
- close(p[1]);
- sigaction (SIGCHLD, &oldact, NULL);
- return 0;
-
- case 0:
- /* dup write-side of pipe to stderr and stdout */
- if (p[1] != 1) dup2(p[1], 1);
- if (p[1] != 2) dup2(p[1], 2);
-
- /*
- * close the other file descriptors, except stdin which we
- * try reassociating with /dev/null, first (bug 174993)
- */
- if (!freopen("/dev/null", "r", stdin))
- close(0);
- ndesc = getdtablesize();
- for (fd = PR_MIN(65536, ndesc); --fd > 2; close(fd));
-
- /* clean up environment in the child process */
- putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc");
- putenv("SHELL=/bin/sh");
- putenv("IFS= \t");
-
- /*
- * The caller may have passed us a string that is in text
- * space. It may be illegal to modify the string
- */
- cmd = strdup(cmd);
- /* format argv */
- argv[0] = strtok(cmd, blank);
- argc = 1;
- while ((argv[argc] = strtok(0, blank)) != 0) {
- if (++argc == SAFE_POPEN_MAXARGS) {
- argv[argc] = 0;
- break;
- }
- }
-
- /* and away we go */
- execvp(argv[0], argv);
- exit(127);
- break;
-
- default:
- close(p[1]);
- break;
+ int ndesc;
+
+ case -1:
+ fclose(fp); /* this closes p[0], the fd associated with fp */
+ close(p[1]);
+ sigaction(SIGCHLD, &oldact, NULL);
+ return 0;
+
+ case 0:
+ /* dup write-side of pipe to stderr and stdout */
+ if (p[1] != 1)
+ dup2(p[1], 1);
+ if (p[1] != 2)
+ dup2(p[1], 2);
+
+ /*
+ * close the other file descriptors, except stdin which we
+ * try reassociating with /dev/null, first (bug 174993)
+ */
+ if (!freopen("/dev/null", "r", stdin))
+ close(0);
+ ndesc = getdtablesize();
+ for (fd = PR_MIN(65536, ndesc); --fd > 2; close(fd))
+ ;
+
+ /* clean up environment in the child process */
+ putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc");
+ putenv("SHELL=/bin/sh");
+ putenv("IFS= \t");
+
+ /*
+ * The caller may have passed us a string that is in text
+ * space. It may be illegal to modify the string
+ */
+ cmd = strdup(cmd);
+ /* format argv */
+ argv[0] = strtok(cmd, blank);
+ argc = 1;
+ while ((argv[argc] = strtok(0, blank)) != 0) {
+ if (++argc == SAFE_POPEN_MAXARGS) {
+ argv[argc] = 0;
+ break;
+ }
+ }
+
+ /* and away we go */
+ execvp(argv[0], argv);
+ exit(127);
+ break;
+
+ default:
+ close(p[1]);
+ break;
}
/* non-zero means there's a cmd running */
@@ -783,7 +787,7 @@ safe_pclose(FILE *fp)
int status = -1, rv;
if ((pid = safe_popen_pid) == 0)
- return -1;
+ return -1;
safe_popen_pid = 0;
fclose(fp);
@@ -793,11 +797,11 @@ safe_pclose(FILE *fp)
/* if the child hasn't exited, kill it -- we're done with its output */
while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
- ;
+ ;
if (rv == 0) {
- kill(pid, SIGKILL);
- while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
- ;
+ kill(pid, SIGKILL);
+ while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
+ ;
}
/* Reset SIGCHLD signal hander before returning */
@@ -818,12 +822,13 @@ safe_pclose(FILE *fp)
*/
#define DO_NETSTAT 1
-void RNG_SystemInfoForRNG(void)
+void
+RNG_SystemInfoForRNG(void)
{
FILE *fp;
char buf[BUFSIZ];
size_t bytes;
- const char * const *cp;
+ const char *const *cp;
char *randfile;
#ifdef DARWIN
#if TARGET_OS_IPHONE
@@ -836,22 +841,22 @@ void RNG_SystemInfoForRNG(void)
extern char **environ;
#endif
#ifdef BEOS
- static const char * const files[] = {
- "/boot/var/swap",
- "/boot/var/log/syslog",
- "/boot/var/tmp",
- "/boot/home/config/settings",
- "/boot/home",
- 0
+ static const char *const files[] = {
+ "/boot/var/swap",
+ "/boot/var/log/syslog",
+ "/boot/var/tmp",
+ "/boot/home/config/settings",
+ "/boot/home",
+ 0
};
#else
- static const char * const files[] = {
- "/etc/passwd",
- "/etc/utmp",
- "/tmp",
- "/var/tmp",
- "/usr/tmp",
- 0
+ static const char *const files[] = {
+ "/etc/passwd",
+ "/etc/utmp",
+ "/tmp",
+ "/var/tmp",
+ "/usr/tmp",
+ 0
};
#endif
@@ -873,17 +878,17 @@ void RNG_SystemInfoForRNG(void)
* is running on.
*/
if (environ != NULL) {
- cp = (const char * const *) environ;
+ cp = (const char *const *)environ;
while (*cp) {
- RNG_RandomUpdate(*cp, strlen(*cp));
- cp++;
+ RNG_RandomUpdate(*cp, strlen(*cp));
+ cp++;
}
- RNG_RandomUpdate(environ, (char*)cp - (char*)environ);
+ RNG_RandomUpdate(environ, (char *)cp - (char *)environ);
}
/* Give in system information */
if (gethostname(buf, sizeof(buf)) == 0) {
- RNG_RandomUpdate(buf, strlen(buf));
+ RNG_RandomUpdate(buf, strlen(buf));
}
GiveSystemInfo();
@@ -892,19 +897,19 @@ void RNG_SystemInfoForRNG(void)
/* If the user points us to a random file, pass it through the rng */
randfile = PR_GetEnvSecure("NSRANDFILE");
- if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) {
- char *randCountString = PR_GetEnvSecure("NSRANDCOUNT");
- int randCount = randCountString ? atoi(randCountString) : 0;
- if (randCount != 0) {
- RNG_FileUpdate(randfile, randCount);
- } else {
- RNG_FileForRNG(randfile);
- }
+ if ((randfile != NULL) && (randfile[0] != '\0')) {
+ char *randCountString = PR_GetEnvSecure("NSRANDCOUNT");
+ int randCount = randCountString ? atoi(randCountString) : 0;
+ if (randCount != 0) {
+ RNG_FileUpdate(randfile, randCount);
+ } else {
+ RNG_FileForRNG(randfile);
+ }
}
/* pass other files through */
for (cp = files; *cp; cp++)
- RNG_FileForRNG(*cp);
+ RNG_FileForRNG(*cp);
/*
* Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen
@@ -916,9 +921,7 @@ void RNG_SystemInfoForRNG(void)
* either, if data has been gathered successfully.
*/
-#if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) \
- || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) \
- || defined(HPUX)
+#if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) || defined(HPUX)
if (bytes)
return;
#endif
@@ -949,60 +952,60 @@ void RNG_SystemInfoForRNG(void)
#ifdef DO_NETSTAT
fp = safe_popen(netstat_ni_cmd);
if (fp != NULL) {
- while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
- RNG_RandomUpdate(buf, bytes);
- safe_pclose(fp);
+ while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
+ RNG_RandomUpdate(buf, bytes);
+ safe_pclose(fp);
}
#endif
-
}
-#define TOTAL_FILE_LIMIT 1000000 /* one million */
+#define TOTAL_FILE_LIMIT 1000000 /* one million */
-size_t RNG_FileUpdate(const char *fileName, size_t limit)
+size_t
+RNG_FileUpdate(const char *fileName, size_t limit)
{
- FILE * file;
- int fd;
- int bytes;
- size_t fileBytes = 0;
- struct stat stat_buf;
+ FILE *file;
+ int fd;
+ int bytes;
+ size_t fileBytes = 0;
+ struct stat stat_buf;
unsigned char buffer[BUFSIZ];
static size_t totalFileBytes = 0;
-
+
/* suppress valgrind warnings due to holes in struct stat */
memset(&stat_buf, 0, sizeof(stat_buf));
if (stat((char *)fileName, &stat_buf) < 0)
- return fileBytes;
+ return fileBytes;
RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));
-
+
file = fopen(fileName, "r");
if (file != NULL) {
- /* Read from the underlying file descriptor directly to bypass stdio
- * buffering and avoid reading more bytes than we need from
- * /dev/urandom. NOTE: we can't use fread with unbuffered I/O because
- * fread may return EOF in unbuffered I/O mode on Android.
- *
- * Moreover, we read into a buffer of size BUFSIZ, so buffered I/O
- * has no performance advantage. */
- fd = fileno(file);
- /* 'file' was just opened, so this should not fail. */
- PORT_Assert(fd != -1);
- while (limit > fileBytes && fd != -1) {
- bytes = PR_MIN(sizeof buffer, limit - fileBytes);
- bytes = read(fd, buffer, bytes);
- if (bytes <= 0)
- break;
- RNG_RandomUpdate(buffer, bytes);
- fileBytes += bytes;
- totalFileBytes += bytes;
- /* after TOTAL_FILE_LIMIT has been reached, only read in first
- ** buffer of data from each subsequent file.
- */
- if (totalFileBytes > TOTAL_FILE_LIMIT)
- break;
- }
- fclose(file);
+ /* Read from the underlying file descriptor directly to bypass stdio
+ * buffering and avoid reading more bytes than we need from
+ * /dev/urandom. NOTE: we can't use fread with unbuffered I/O because
+ * fread may return EOF in unbuffered I/O mode on Android.
+ *
+ * Moreover, we read into a buffer of size BUFSIZ, so buffered I/O
+ * has no performance advantage. */
+ fd = fileno(file);
+ /* 'file' was just opened, so this should not fail. */
+ PORT_Assert(fd != -1);
+ while (limit > fileBytes && fd != -1) {
+ bytes = PR_MIN(sizeof buffer, limit - fileBytes);
+ bytes = read(fd, buffer, bytes);
+ if (bytes <= 0)
+ break;
+ RNG_RandomUpdate(buffer, bytes);
+ fileBytes += bytes;
+ totalFileBytes += bytes;
+ /* after TOTAL_FILE_LIMIT has been reached, only read in first
+ ** buffer of data from each subsequent file.
+ */
+ if (totalFileBytes > TOTAL_FILE_LIMIT)
+ break;
+ }
+ fclose(file);
}
/*
* Pass yet another snapshot of our highest resolution clock into
@@ -1013,22 +1016,24 @@ size_t RNG_FileUpdate(const char *fileName, size_t limit)
return fileBytes;
}
-void RNG_FileForRNG(const char *fileName)
+void
+RNG_FileForRNG(const char *fileName)
{
RNG_FileUpdate(fileName, TOTAL_FILE_LIMIT);
}
-void ReadSingleFile(const char *fileName)
+void
+ReadSingleFile(const char *fileName)
{
- FILE * file;
+ FILE *file;
unsigned char buffer[BUFSIZ];
-
+
file = fopen(fileName, "rb");
if (file != NULL) {
- while (fread(buffer, 1, sizeof(buffer), file) > 0)
- ;
- fclose(file);
- }
+ while (fread(buffer, 1, sizeof(buffer), file) > 0)
+ ;
+ fclose(file);
+ }
}
#define _POSIX_PTHREAD_SEMANTICS
@@ -1037,16 +1042,16 @@ void ReadSingleFile(const char *fileName)
PRBool
ReadFileOK(char *dir, char *file)
{
- struct stat stat_buf;
+ struct stat stat_buf;
char filename[PATH_MAX];
- int count = snprintf(filename, sizeof filename, "%s/%s",dir, file);
+ int count = snprintf(filename, sizeof filename, "%s/%s", dir, file);
if (count <= 0) {
- return PR_FALSE; /* name too long, can't read it anyway */
+ return PR_FALSE; /* name too long, can't read it anyway */
}
-
+
if (stat(filename, &stat_buf) < 0)
- return PR_FALSE; /* can't stat, probably can't read it then as well */
+ return PR_FALSE; /* can't stat, probably can't read it then as well */
return S_ISREG(stat_buf.st_mode) ? PR_TRUE : PR_FALSE;
}
@@ -1072,47 +1077,47 @@ ReadOneFile(int fileToRead)
int i;
if (fd == NULL) {
- dir = PR_GetEnvSecure("HOME");
- if (dir) {
- fd = opendir(dir);
- }
+ dir = PR_GetEnvSecure("HOME");
+ if (dir) {
+ fd = opendir(dir);
+ }
}
if (fd == NULL) {
- return 1;
+ return 1;
}
firstName[0] = '\0';
- for (i=0; i <= fileToRead; i++) {
- do {
+ for (i = 0; i <= fileToRead; i++) {
+ do {
/* readdir() isn't guaranteed to be thread safe on every platform;
* this code assumes the same directory isn't read concurrently.
* This usage is confirmed safe on Linux, see bug 1254334. */
- entry = readdir(fd);
- } while (entry != NULL && !ReadFileOK(dir, &entry->d_name[0]));
- if (entry == NULL) {
- resetCount = 1; /* read to the end, start again at the beginning */
- if (firstName[0]) {
- /* ran out of entries in the directory, use the first one */
- name = firstName;
- }
- break;
- }
+ entry = readdir(fd);
+ } while (entry != NULL && !ReadFileOK(dir, &entry->d_name[0]));
+ if (entry == NULL) {
+ resetCount = 1; /* read to the end, start again at the beginning */
+ if (firstName[0]) {
+ /* ran out of entries in the directory, use the first one */
+ name = firstName;
+ }
+ break;
+ }
name = entry->d_name;
- if (i == 0) {
- /* copy the name of the first in case we run out of entries */
+ if (i == 0) {
+ /* copy the name of the first in case we run out of entries */
PORT_Assert(PORT_Strlen(name) < sizeof(firstName));
PORT_Strncpy(firstName, name, sizeof(firstName) - 1);
firstName[sizeof(firstName) - 1] = '\0';
- }
+ }
}
if (name) {
- char filename[PATH_MAX];
- int count = snprintf(filename, sizeof(filename), "%s/%s",dir, name);
- if (count >= 1) {
- ReadSingleFile(filename);
- }
- }
+ char filename[PATH_MAX];
+ int count = snprintf(filename, sizeof(filename), "%s/%s", dir, name);
+ if (count >= 1) {
+ ReadSingleFile(filename);
+ }
+ }
closedir(fd);
return resetCount;
@@ -1121,18 +1126,20 @@ ReadOneFile(int fileToRead)
/*
* do something to try to introduce more noise into the 'GetNoise' call
*/
-static void rng_systemJitter(void)
+static void
+rng_systemJitter(void)
{
- static int fileToRead = 1;
+ static int fileToRead = 1;
- if (ReadOneFile(fileToRead)) {
- fileToRead = 1;
- } else {
- fileToRead++;
- }
+ if (ReadOneFile(fileToRead)) {
+ fileToRead = 1;
+ } else {
+ fileToRead++;
+ }
}
-size_t RNG_SystemRNG(void *dest, size_t maxLen)
+size_t
+RNG_SystemRNG(void *dest, size_t maxLen)
{
FILE *file;
int fd;
@@ -1142,7 +1149,7 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
file = fopen("/dev/urandom", "r");
if (file == NULL) {
- return rng_systemFromNoise(dest, maxLen);
+ return rng_systemFromNoise(dest, maxLen);
}
/* Read from the underlying file descriptor directly to bypass stdio
* buffering and avoid reading more bytes than we need from /dev/urandom.
@@ -1153,17 +1160,17 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen)
/* 'file' was just opened, so this should not fail. */
PORT_Assert(fd != -1);
while (maxLen > fileBytes && fd != -1) {
- bytes = maxLen - fileBytes;
- bytes = read(fd, buffer, bytes);
- if (bytes <= 0)
- break;
- fileBytes += bytes;
- buffer += bytes;
+ bytes = maxLen - fileBytes;
+ bytes = read(fd, buffer, bytes);
+ if (bytes <= 0)
+ break;
+ fileBytes += bytes;
+ buffer += bytes;
}
fclose(file);
if (fileBytes != maxLen) {
- PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
- fileBytes = 0;
+ PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
+ fileBytes = 0;
}
return fileBytes;
}
diff --git a/lib/freebl/win_rand.c b/lib/freebl/win_rand.c
index 2918d58cd..b863776d2 100644
--- a/lib/freebl/win_rand.c
+++ b/lib/freebl/win_rand.c
@@ -11,7 +11,7 @@
static BOOL
CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
{
- LARGE_INTEGER liCount;
+ LARGE_INTEGER liCount;
if (!QueryPerformanceCounter(&liCount))
return FALSE;
@@ -21,12 +21,13 @@ CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
return TRUE;
}
-size_t RNG_GetNoise(void *buf, size_t maxbuf)
+size_t
+RNG_GetNoise(void *buf, size_t maxbuf)
{
- DWORD dwHigh, dwLow, dwVal;
- int n = 0;
- int nBytes;
- time_t sTime;
+ DWORD dwHigh, dwLow, dwVal;
+ int n = 0;
+ int nBytes;
+ time_t sTime;
if (maxbuf <= 0)
return 0;
@@ -70,41 +71,42 @@ size_t RNG_GetNoise(void *buf, size_t maxbuf)
return n;
}
-void RNG_SystemInfoForRNG(void)
+void
+RNG_SystemInfoForRNG(void)
{
- DWORD dwVal;
- char buffer[256];
- int nBytes;
- MEMORYSTATUS sMem;
- HANDLE hVal;
- DWORD dwSerialNum;
- DWORD dwComponentLen;
- DWORD dwSysFlags;
- char volName[128];
- DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
-
- nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
+ DWORD dwVal;
+ char buffer[256];
+ int nBytes;
+ MEMORYSTATUS sMem;
+ HANDLE hVal;
+ DWORD dwSerialNum;
+ DWORD dwComponentLen;
+ DWORD dwSysFlags;
+ char volName[128];
+ DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
+
+ nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
RNG_RandomUpdate(buffer, nBytes);
sMem.dwLength = sizeof(sMem);
- GlobalMemoryStatus(&sMem); // assorted memory stats
+ GlobalMemoryStatus(&sMem); // assorted memory stats
RNG_RandomUpdate(&sMem, sizeof(sMem));
dwVal = GetLogicalDrives();
- RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25
+ RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25
dwVal = sizeof(buffer);
if (GetComputerName(buffer, &dwVal))
RNG_RandomUpdate(buffer, dwVal);
- hVal = GetCurrentProcess(); // 4 or 8 byte pseudo handle (a
- // constant!) of current process
+ hVal = GetCurrentProcess(); // 4 or 8 byte pseudo handle (a
+ // constant!) of current process
RNG_RandomUpdate(&hVal, sizeof(hVal));
- dwVal = GetCurrentProcessId(); // process ID (4 bytes)
+ dwVal = GetCurrentProcessId(); // process ID (4 bytes)
RNG_RandomUpdate(&dwVal, sizeof(dwVal));
- dwVal = GetCurrentThreadId(); // thread ID (4 bytes)
+ dwVal = GetCurrentThreadId(); // thread ID (4 bytes)
RNG_RandomUpdate(&dwVal, sizeof(dwVal));
volName[0] = '\0';
@@ -118,25 +120,24 @@ void RNG_SystemInfoForRNG(void)
buffer,
sizeof(buffer));
- RNG_RandomUpdate(volName, strlen(volName));
- RNG_RandomUpdate(&dwSerialNum, sizeof(dwSerialNum));
+ RNG_RandomUpdate(volName, strlen(volName));
+ RNG_RandomUpdate(&dwSerialNum, sizeof(dwSerialNum));
RNG_RandomUpdate(&dwComponentLen, sizeof(dwComponentLen));
- RNG_RandomUpdate(&dwSysFlags, sizeof(dwSysFlags));
- RNG_RandomUpdate(buffer, strlen(buffer));
+ RNG_RandomUpdate(&dwSysFlags, sizeof(dwSysFlags));
+ RNG_RandomUpdate(buffer, strlen(buffer));
- if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters,
+ if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters,
&dwNumClusters)) {
- RNG_RandomUpdate(&dwSectors, sizeof(dwSectors));
- RNG_RandomUpdate(&dwBytes, sizeof(dwBytes));
+ RNG_RandomUpdate(&dwSectors, sizeof(dwSectors));
+ RNG_RandomUpdate(&dwBytes, sizeof(dwBytes));
RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters));
- RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters));
+ RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters));
}
- nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
+ nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
RNG_RandomUpdate(buffer, nBytes);
}
-
/*
* The RtlGenRandom function is declared in <ntsecapi.h>, but the
* declaration is missing a calling convention specifier. So we
@@ -147,13 +148,14 @@ DECLSPEC_IMPORT BOOLEAN WINAPI RtlGenRandom(
PVOID RandomBuffer,
ULONG RandomBufferLength);
-size_t RNG_SystemRNG(void *dest, size_t maxLen)
+size_t
+RNG_SystemRNG(void *dest, size_t maxLen)
{
size_t bytes = 0;
if (RtlGenRandom(dest, maxLen)) {
- bytes = maxLen;
+ bytes = maxLen;
}
return bytes;
}
-#endif /* is XP_WIN */
+#endif /* is XP_WIN */
View Lorry Controller Status