## -*-m4-*-
##
-## $Id: Makefile.m4,v 1.79 2004/04/04 19:42:59 mdw Exp $
+## $Id: Makefile.m4,v 1.80 2004/04/08 01:36:15 mdw Exp $
##
## Makefile for Catacomb
##
## Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
## MA 02111-1307, USA.
-##----- Revision history ----------------------------------------------------
-##
-## $Log: Makefile.m4,v $
-## Revision 1.79 2004/04/04 19:42:59 mdw
-## Add set -e.
-##
-## Revision 1.78 2004/04/04 19:04:11 mdw
-## Raw I/O of elliptic curve points and group elements.
-##
-## Revision 1.77 2004/04/01 21:28:41 mdw
-## Normal basis support (translates to poly basis internally). Rewrite
-## EC and prime group table generators in awk, so that they can reuse data
-## for repeated constants.
-##
-## Revision 1.76 2004/04/01 12:59:40 mdw
-## Ooops! qdparse needs mp headers.
-##
-## Revision 1.75 2004/04/01 12:50:09 mdw
-## Add cyclic group abstraction, with test code. Separate off exponentation
-## functions for better static linking. Fix a buttload of bugs on the way.
-## Generally ensure that negative exponents do inversion correctly. Add
-## table of standard prime-field subgroups. (Binary field subgroups are
-## currently unimplemented but easy to add if anyone ever finds a good one.)
-##
-## Revision 1.74 2004/03/28 01:58:47 mdw
-## Generate, store and retreive elliptic curve keys.
-##
-## Revision 1.73 2004/03/27 18:38:00 mdw
-## Fix distribution.
-##
-## Revision 1.72 2004/03/27 17:55:11 mdw
-## Run ec-info test.
-##
-## Revision 1.71 2004/03/27 17:54:11 mdw
-## Standard curves and curve checking.
-##
-## Revision 1.70 2004/03/27 00:04:46 mdw
-## Implement efficient reduction for pleasant-looking primes.
-##
-## Revision 1.69 2004/03/23 15:19:32 mdw
-## Test elliptic curves more thoroughly.
-##
-## Revision 1.68 2004/03/21 23:03:30 mdw
-## Distribute headers properly.
-##
-## Revision 1.67 2004/03/21 22:52:06 mdw
-## Merge and close elliptic curve branch.
-##
-## Revision 1.60.2.2 2004/03/21 22:39:46 mdw
-## Elliptic curves on binary fields work.
-##
-## Revision 1.60.2.1 2003/06/10 13:43:53 mdw
-## Simple (non-projective) curves over prime fields now seem to work.
-##
-## Revision 1.66 2004/03/21 22:43:50 mdw
-## New hash variant SHA224.
-##
-## Revision 1.65 2003/11/29 23:39:36 mdw
-## Debianization.
-##
-## Revision 1.64 2003/11/10 22:18:30 mdw
-## Build fixes.
-##
-## Revision 1.63 2003/10/17 16:30:46 mdw
-## Report errors if key files don't exist!
-##
-## Revision 1.62 2003/10/12 15:02:09 mdw
-## Reliability fixes.
-##
-## Revision 1.61 2003/10/11 21:02:33 mdw
-## Import buf stuff from tripe.
-##
-## Revision 1.60 2003/05/16 01:12:37 mdw
-## Ship `rc2-tab.h' and `skipjack-tab.h'.
-##
-## Revision 1.59 2003/05/16 00:54:50 mdw
-## Install pixie to fake root if wanted. Ship `desx-tab.h'
-##
-## Revision 1.58 2002/10/19 17:56:50 mdw
-## Fix bit operations. Test them (a bit) better.
-##
-## Revision 1.57 2002/10/15 22:58:29 mdw
-## Fast estimation of number representation lengths.
-##
-## Revision 1.56 2001/06/16 13:01:10 mdw
-## New source files and tests.
-##
-## Revision 1.55 2001/05/08 22:17:41 mdw
-## New cipher Noekeon added.
-##
-## Revision 1.54 2001/05/07 17:32:52 mdw
-## New Rijndael block sizes.
-##
-## Revision 1.53 2001/04/29 18:11:19 mdw
-## New block cipher MARS.
-##
-## Revision 1.52 2001/04/29 17:37:35 mdw
-## Added SAFER block cipher.
-##
-## Revision 1.51 2001/04/19 18:26:32 mdw
-## Add CRC as another hash function.
-##
-## Revision 1.50 2001/04/06 22:05:10 mdw
-## Add support for SSL pseudo-random function.
-##
-## Revision 1.49 2001/04/04 20:10:52 mdw
-## Add support for the TLS pseudo-random function.
-##
-## Revision 1.48 2001/04/03 19:36:50 mdw
-## New block cipher DESX added.
-##
-## Revision 1.47 2001/03/03 13:14:13 mdw
-## Distribute md2-tab.h
-##
-## Revision 1.46 2001/02/21 20:03:22 mdw
-## Added support for MD2 hash function.
-##
-## Revision 1.45 2001/02/03 16:09:41 mdw
-## New files added.
-##
-## Revision 1.44 2000/10/15 17:49:00 mdw
-## New SHA variants with longer outputs.
-##
-## Revision 1.43 2000/10/08 16:01:26 mdw
-## Add binary poly arithmetic. Tidy table generation stuff. Distribute
-## calc prototypes.
-##
-## Revision 1.42 2000/10/08 12:16:06 mdw
-## Remove vestiges of @primorial@.
-##
-## Revision 1.41 2000/08/15 21:46:20 mdw
-## Set up the dependencies on primetab.[ch] and mptypes.h properly.
-## There's some m4 hacking, but it's worth it not to have to recompile all
-## the cipher modes.
-##
-## Revision 1.40 2000/08/06 10:50:55 mdw
-## (mkphrase): New program for generating random passphrases with measured
-## strength.
-##
-## Revision 1.39 2000/07/29 21:55:32 mdw
-## Make sure the pixie is installed setuid-root (workaround for an Automake
-## bug). Install new manpages.
-##
-## Revision 1.38 2000/07/29 10:54:55 mdw
-## Further fixing to support building using normal `make' again. ;-) I
-## think we're there now.
-##
-## Revision 1.37 2000/07/29 10:02:36 mdw
-## Lots of fixing to support `make -j' building.
-##
-## Revision 1.36 2000/07/20 20:13:38 mdw
-## Added Bellare and Rogaway's PSS encoding for RSA signatures.
-##
-## Revision 1.35 2000/07/16 20:00:46 mdw
-## Bug fixes to distribution.
-##
-## Revision 1.34 2000/07/15 20:55:32 mdw
-## More hashes and ciphers. An extra tool.
-##
-## Revision 1.33 2000/07/09 21:34:15 mdw
-## New hash functions and other stuff.
-##
-## Revision 1.32 2000/07/01 11:27:32 mdw
-## Name changes and new files.
-##
-## Revision 1.31 2000/06/25 13:02:07 mdw
-## Fix cleaning of generated files.
-##
-## Revision 1.30 2000/06/22 19:10:33 mdw
-## Fix Makefile to test mp-sqrt.c.
-##
-## Revision 1.29 2000/06/22 19:04:19 mdw
-## More new functions to be added.
-##
-## Revision 1.28 2000/06/18 23:31:18 mdw
-## Rearrange build order to ensure that `mptypes.h' exists by the time it's
-## needed.
-##
-## Revision 1.27 2000/06/17 13:28:50 mdw
-## Minor tidying and fixing.
-##
-## Revision 1.26 2000/06/17 10:33:43 mdw
-## Lots of new ciphers and other files.
-##
-## Revision 1.25 2000/02/12 18:55:40 mdw
-## Make it all compile properly.
-##
-## Revision 1.24 2000/02/12 18:22:26 mdw
-## Missed a file. Whoops.
-##
-## Revision 1.23 2000/02/12 18:21:01 mdw
-## Overhaul of key management (again).
-##
-## Revision 1.22 1999/12/22 16:04:06 mdw
-## Lots of new files.
-##
-## Revision 1.21 1999/12/13 15:47:58 mdw
-## Fix a couple of minor bugs in the distribution set.
-##
-## Revision 1.19 1999/12/11 10:58:24 mdw
-## Fix bug in test rig link flags. Add Karatsuba squaring.
-##
-## Revision 1.18 1999/12/10 23:30:01 mdw
-## Lots of new files.
-##
-## Revision 1.17 1999/11/25 11:38:31 mdw
-## Support for conversions between MPs and C integers.
-##
-## Revision 1.16 1999/11/22 20:51:33 mdw
-## Add yet more source files.
-##
-## Revision 1.15 1999/11/22 14:08:30 mdw
-## Improve dependencies for test programs.
-##
-## Revision 1.14 1999/11/22 00:17:09 mdw
-## Create object files for test programs so that rebuilding doesn't take so
-## long.
-##
-## Revision 1.12 1999/11/20 22:36:26 mdw
-## Improve dependencies. Move mpx testing into mpx.c.
-##
-## Revision 1.11 1999/11/20 22:24:53 mdw
-## Add Diffie-Hellman support.
-##
-## Revision 1.10 1999/11/19 19:28:24 mdw
-## Add DSA files and tests.
-##
-## Revision 1.9 1999/11/17 18:05:35 mdw
-## Many new files and test cases for multiprecision arithmetic.
-##
-## Revision 1.8 1999/11/13 01:56:07 mdw
-## Include multiprecision maths stuff.
-##
-## Revision 1.7 1999/11/11 19:01:02 mdw
-## Use `libtool' to generate a shared library.
-##
-## Revision 1.6 1999/11/11 17:47:34 mdw
-## Updates for new configuration system, and `mptypes' generator.
-##
-## Revision 1.5 1999/11/11 00:59:17 mdw
-## Minor reformatting.
-##
-## Revision 1.4 1999/10/24 10:20:36 mdw
-## Modify for standalone distribution. The library's getting far too large
-## to be sensibly embedded in other programs.
-##
-## Revision 1.3 1999/10/24 10:04:26 mdw
-## Install headers in the right directory.
-##
-## Revision 1.2 1999/10/23 12:55:35 mdw
-## The `CVS' directory can't be hardlinked. Don't worry about this
-## overmuch.
-##
-## Revision 1.1 1999/09/03 08:41:11 mdw
-## Initial import.
-##
-
AUTOMAKE_OPTIONS = foreign
SUBDIRS = tests
gciphertab.c: gengctab
$(srcdir)/gengctab gccipher gcipher >gciphertab.c.new \
"lit(join(`ciphers', `-', `cipher_modes')) \
+ lit(join(`hashes', `-', `_(mgf)')) \
rc4 seal"
mv gciphertab.c.new gciphertab.c
ghashtab.c: gengctab
$(srcdir)/gengctab gchash ghash >ghashtab.c.new \
- "lit(`hashes')"
+ "lit(`hashes') \
+ crc32=gcrc32"
mv ghashtab.c.new ghashtab.c
BUILT_SOURCES = \
primetab.h pfilt.h rabin.h \
pgen.h prim.h strongprime.h limlee.h keycheck.h \
bbs.h rsa.h dh.h dsarand.h dsa.h gdsa.h gkcdsa.h \
- oaep.h pkcs1.h pss.h tlsprf.h sslprf.h \
+ tlsprf.h sslprf.h \
gfshare.h share.h \
rho.h \
field.h ec.h ec-exp.h ec-test.h ectab.h ec-keys.h ec-raw.h \
## --- Other handy definitions ---
EXTRA_DIST = \
- Makefile.m4 genmodes gengctab $(man_MANS) xpixie group-test.c \
+ Makefile.m4 genmodes gengctab $(man_MANS) xpixie \
+ group-test.c rsa-test.c \
ectab.in ec-gentab.awk ptab.in p-gentab.awk \
README.cipher README.hash README.random README.mp \
debian/rules debian/copyright debian/control debian/changelog \
adorn(`nl`'CTESTRIG(', join(`ciphers', `-', `cipher_modes'), `)')
adorn(`nl`'CTESTRIG(', join(`hashes', `-', `hash_modes'), `)')
CTESTRIG(lcrand)
-CTESTRIG(oaep)
CTESTRIG(tlsprf)
CTESTRIG(sslprf)
CTESTRIG(mpx)
CTESTRIG(mpreduce)
CTESTRIG(mpcrt)
CTESTRIG(mpmul)
+CTESTRIG(rsa-test)
CTESTRIG(gfx)
CTESTRIG(gfx-sqr)
CTESTRIG(gfx-kmul)
/* -*-c-*-
*
- * $Id: acconfig.h,v 1.3 2000/06/17 12:57:46 mdw Exp $
+ * $Id: acconfig.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Configuration header for Catacomb
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: acconfig.h,v $
- * Revision 1.3 2000/06/17 12:57:46 mdw
- * New free counter noise generator, for use if /dev/random is
- * unavailable.
- *
- * Revision 1.2 1999/12/10 23:30:08 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_ACCONFIG_H
#define CATACOMB_ACCONFIG_H
/* -*-c-*-
*
- * $Id: arena.c,v 1.1 2000/06/17 10:40:10 mdw Exp $
+ * $Id: arena.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Abstraction for memory allocation arenas
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: arena.c,v $
- * Revision 1.1 2000/06/17 10:40:10 mdw
- * Support for secure memory arenas.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/arena.h>
/* -*-c-*-
*
- * $Id: arena.h,v 1.1 2000/06/17 10:40:10 mdw Exp $
+ * $Id: arena.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Abstraction for memory allocation arenas
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: arena.h,v $
- * Revision 1.1 2000/06/17 10:40:10 mdw
- * Support for secure memory arenas.
- *
- */
-
#ifndef CATACOMB_ARENA_H
#define CATACOMB_ARENA_H
/* -*-c-*-
*
- * $Id: bbs-fetch.c,v 1.2 2000/07/01 11:19:22 mdw Exp $
+ * $Id: bbs-fetch.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Key fetching for BBS public and private keys
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: bbs-fetch.c,v $
- * Revision 1.2 2000/07/01 11:19:22 mdw
- * New functions for freeing public and private keys.
- *
- * Revision 1.1 2000/06/17 10:41:45 mdw
- * Table for driving key data extraction.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "bbs.h"
/* -*-c-*-
*
- * $Id: bbs-gen.c,v 1.5 2000/07/01 11:20:36 mdw Exp $
+ * $Id: bbs-gen.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Generate Blum integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: bbs-gen.c,v $
- * Revision 1.5 2000/07/01 11:20:36 mdw
- * Remove bad type name `bbs_param'.
- *
- * Revision 1.4 2000/06/17 10:43:57 mdw
- * Move GCD filter to separate file. Handle failures from pgen_jump.
- *
- * Revision 1.3 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.2 1999/12/22 15:52:28 mdw
- * Reworking for new prime-search system.
- *
- * Revision 1.1 1999/12/10 23:14:59 mdw
- * Blum-Blum-Shub generator, and Blum-Goldwasser encryption.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: bbs-jump.c,v 1.4 2000/07/01 11:20:36 mdw Exp $
+ * $Id: bbs-jump.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Jumping around a BBS sequence
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: bbs-jump.c,v $
- * Revision 1.4 2000/07/01 11:20:36 mdw
- * Remove bad type name `bbs_param'.
- *
- * Revision 1.3 2000/06/17 10:44:17 mdw
- * Typesetting fix.
- *
- * Revision 1.2 1999/12/22 15:52:08 mdw
- * Rename `bbs_params' to `bbs_param' for consistency.
- *
- * Revision 1.1 1999/12/10 23:14:59 mdw
- * Blum-Blum-Shub generator, and Blum-Goldwasser encryption.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "bbs.h"
/* -*-c-*-
*
- * $Id: bbs-rand.c,v 1.4 2001/02/03 12:00:29 mdw Exp $
+ * $Id: bbs-rand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Blum-Blum-Shub secure random number generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: bbs-rand.c,v $
- * Revision 1.4 2001/02/03 12:00:29 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.3 2000/06/17 10:45:21 mdw
- * Typesetting fixes. Advertise random number generator strength. Use
- * secure arena for memory allocation.
- *
- * Revision 1.2 1999/12/13 15:34:01 mdw
- * Add support for seeding from a generic pseudorandom source.
- *
- * Revision 1.1 1999/12/10 23:14:59 mdw
- * Blum-Blum-Shub generator, and Blum-Goldwasser encryption.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: bbs.h,v 1.6 2001/02/03 16:07:33 mdw Exp $
+ * $Id: bbs.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* The Blum-Blum-Shub random bit generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: bbs.h,v $
- * Revision 1.6 2001/02/03 16:07:33 mdw
- * Give generic random objects separate namespaces for their supported misc
- * ops.
- *
- * Revision 1.5 2000/07/01 11:20:24 mdw
- * New functions for freeing public and private keys. Remove bad type name
- * `bbs_param'.
- *
- * Revision 1.4 2000/06/17 10:45:48 mdw
- * Minor changes for key fetching. Typesetting fixes.
- *
- * Revision 1.3 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.2 1999/12/22 15:52:08 mdw
- * Rename `bbs_params' to `bbs_param' for consistency.
- *
- * Revision 1.1 1999/12/10 23:14:59 mdw
- * Blum-Blum-Shub generator, and Blum-Goldwasser encryption.
- *
- */
-
/*----- Notes on the BBS generator ----------------------------------------*
*
* The Blum-Blum-Shub generator takes the least significant bits from the
/* -*-c-*-
*
- * $Id: bitops.h,v 1.1 2002/10/19 17:56:50 mdw Exp $
+ * $Id: bitops.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Bit operations by truth table
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: bitops.h,v $
- * Revision 1.1 2002/10/19 17:56:50 mdw
- * Fix bit operations. Test them (a bit) better.
- *
- */
-
#ifndef CATACOMB_BITOPS_H
#define CATACOMB_BITOPS_H
/* -*-c-*-
*
- * $Id: bittest.c,v 1.1 2002/10/19 17:56:50 mdw Exp $
+ * $Id: bittest.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Check the bit operations work
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: bittest.c,v $
- * Revision 1.1 2002/10/19 17:56:50 mdw
- * Fix bit operations. Test them (a bit) better.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: blkc.h,v 1.6 2004/04/02 01:03:49 mdw Exp $
+ * $Id: blkc.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Common definitions for block ciphers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: blkc.h,v $
- * Revision 1.6 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.5 2001/05/07 17:28:42 mdw
- * Support block ciphers with larger blocks.
- *
- * Revision 1.4 2001/04/29 17:39:15 mdw
- * Removed `-sched' tests. Reorganized so that we can theoretically have
- * multiple tests in the same file. (This isn't so useful in production,
- * but it's handy when doing test builds.)
- *
- * Revision 1.3 2000/06/17 10:47:06 mdw
- * Slight support for 96-bit ciphers. Support for counter-mode ciphers.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_BLKC_H
#define CATACOMB_BLKC_H
/* -*-c-*-
*
- * $Id: blowfish-mktab.c,v 1.2 2000/07/16 12:33:11 mdw Exp $
+ * $Id: blowfish-mktab.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Build Blowfish key table
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: blowfish-mktab.c,v $
- * Revision 1.2 2000/07/16 12:33:11 mdw
- * Shut stupid compiler up.
- *
- * Revision 1.1 2000/06/17 10:47:28 mdw
- * Emits Blowfish initial key data, derived from the digits of pi.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: blowfish.c,v 1.3 2004/04/02 01:03:49 mdw Exp $
+ * $Id: blowfish.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The Blowfish block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: blowfish.c,v $
- * Revision 1.3 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.2 2000/06/17 10:47:56 mdw
- * Tidy round function a little. Support new key size interface.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: blowfish.h,v 1.3 2000/06/17 10:48:13 mdw Exp $
+ * $Id: blowfish.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The Blowfish block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: blowfish.h,v $
- * Revision 1.3 2000/06/17 10:48:13 mdw
- * Support new key size interface.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the Blowfish block cipher --------------------------------*
*
* Blowfish was invented by Bruce Schneier. The algorithm is unpatented and
/* -*-c-*-
*
- * $Id: buf.c,v 1.3 2004/04/01 12:50:09 mdw Exp $
+ * $Id: buf.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Buffer handling
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: buf.c,v $
- * Revision 1.3 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.2 2003/11/10 22:18:30 mdw
- * Build fixes.
- *
- * Revision 1.1 2003/10/11 21:02:33 mdw
- * Import buf stuff from tripe.
- *
- * Revision 1.4 2001/06/19 22:09:54 mdw
- * Expose interface, for use in the proxy.
- *
- * Revision 1.3 2001/03/03 12:06:48 mdw
- * Use 16-bit lengths on MPs, since there's a packet limit of 64K anyway.
- *
- * Revision 1.2 2001/02/16 21:23:20 mdw
- * Various minor changes. Check that MPs are in canonical form when
- * loading.
- *
- * Revision 1.1 2001/02/03 20:26:37 mdw
- * Initial checkin.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <string.h>
/* -*-c-*-
*
- * $Id: buf.h,v 1.3 2004/04/01 12:50:09 mdw Exp $
+ * $Id: buf.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Reading and writing packet buffers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: buf.h,v $
- * Revision 1.3 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.2 2003/11/10 22:18:30 mdw
- * Build fixes.
- *
- * Revision 1.1 2003/10/11 21:02:33 mdw
- * Import buf stuff from tripe.
- *
- * Revision 1.1 2001/06/19 22:09:54 mdw
- * Expose interface, for use in the proxy.
- *
- */
-
#ifndef CATACOMB_BUF_H
#define CATACOMB_BUF_H
/* -*-apcalc-*-
*
- * $Id: ec2.cal,v 1.3 2004/04/01 12:50:27 mdw Exp $
+ * $Id: ec2.cal,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Testbed for elliptic curve arithmetic over binary fields
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec2.cal,v $
- * Revision 1.3 2004/04/01 12:50:27 mdw
- * Remove debugging code.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.1.4.2 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.1.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.1 2000/10/08 16:01:37 mdw
- * Prototypes of various bits of code.
- *
- */
-
/*----- Object types ------------------------------------------------------*/
obj ec2_curve { a, b, p };
/* -*-apcalc-*-
*
- * $Id: ecp.cal,v 1.4 2004/04/01 13:37:07 mdw Exp $
+ * $Id: ecp.cal,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Testbed for elliptic curve arithmetic over prime fields
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ecp.cal,v $
- * Revision 1.4 2004/04/01 13:37:07 mdw
- * Keep numbers positive.
- *
- * Revision 1.3 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.2 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.1.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.1 2000/10/08 16:01:37 mdw
- * Prototypes of various bits of code.
- *
- */
-
/*----- Object types ------------------------------------------------------*/
obj ecp_curve { a, b, p };
/* -*-apcalc-*-
*
- * $Id: gfx-test.cal,v 1.1 2000/10/08 16:01:37 mdw Exp $
+ * $Id: gfx-test.cal,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generate test cases for %$\gf{2}[x]$% arithmetic
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfx-test.cal,v $
- * Revision 1.1 2000/10/08 16:01:37 mdw
- * Prototypes of various bits of code.
- *
- */
-
/*----- External units ----------------------------------------------------*/
read gfx;
/* -*-apcalc-*-
*
- * $Id: gfx.cal,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: gfx.cal,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Testbed for %$\gf{2}$% poltnomial arithmetic
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfx.cal,v $
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.1 2000/10/08 16:01:37 mdw
- * Prototypes of various bits of code.
- *
- */
-
/*----- Object types ------------------------------------------------------*/
obj gf { x };
/* -*-c-*-
*
- * $Id: cast-base.h,v 1.2 2004/04/02 01:03:49 mdw Exp $
+ * $Id: cast-base.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Basic macros and definitions for CAST-128 and CAST-256
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast-base.h,v $
- * Revision 1.2 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.1 2000/06/17 10:48:29 mdw
- * CAST round function macros.
- *
- */
-
#ifndef CATACOMB_CAST_BASE_H
#define CATACOMB_CAST_BASE_H
/* -*-c-*-
*
- * $Id: cast-s.c,v 1.2 2004/04/02 01:03:49 mdw Exp $
+ * $Id: cast-s.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Basic S-boxes for CAST-128 and CAST-256
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast-s.c,v $
- * Revision 1.2 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.1 2000/06/17 10:48:52 mdw
- * CAST S-boxes.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: cast-sk.c,v 1.2 2004/04/02 01:03:49 mdw Exp $
+ * $Id: cast-sk.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Key-schedule S-boxes for CAST-128
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast-sk.c,v $
- * Revision 1.2 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.1 2000/06/17 10:48:52 mdw
- * CAST S-boxes.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: cast-tab.h,v 1.1 2000/06/17 10:49:05 mdw Exp $
+ * $Id: cast-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* S-boxes for CAST-128 and CAST-256
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast-tab.h,v $
- * Revision 1.1 2000/06/17 10:49:05 mdw
- * CAST S-box contents.
- *
- */
-
#ifndef CATACOMB_CAST_TAB_H
#define CATACOMB_CAST_TAB_H
/* -*-c-*-
*
- * $Id: cast128.c,v 1.1 2000/06/17 10:49:14 mdw Exp $
+ * $Id: cast128.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The CAST-128 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast128.c,v $
- * Revision 1.1 2000/06/17 10:49:14 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: cast128.h,v 1.1 2000/06/17 10:49:14 mdw Exp $
+ * $Id: cast128.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The CAST-128 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast128.h,v $
- * Revision 1.1 2000/06/17 10:49:14 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the CAST-128 block cipher --------------------------------*
*
* CAST, designed by Carlisle Adams and Stafford Tavares, is a method for
/* -*-c-*-
*
- * $Id: cast256.c,v 1.1 2000/06/17 10:49:14 mdw Exp $
+ * $Id: cast256.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The CAST-256 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast256.c,v $
- * Revision 1.1 2000/06/17 10:49:14 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: cast256.h,v 1.1 2000/06/17 10:49:14 mdw Exp $
+ * $Id: cast256.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The CAST-128 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cast256.h,v $
- * Revision 1.1 2000/06/17 10:49:14 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the CAST-256 block cipher --------------------------------*
*
* CAST, designed by Carlisle Adams and Stafford Tavares, is a method for
#! /bin/sh
#
-# $Id: catacomb-config.in,v 1.1 1999/11/11 17:38:31 mdw Exp $
+# $Id: catacomb-config.in,v 1.2 2004/04/08 01:36:15 mdw Exp $
#
# Provide configuration information for Catacomb clients
#
# Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
# MA 02111-1307, USA.
-#----- Revision history -----------------------------------------------------
-#
-# $Log: catacomb-config.in,v $
-# Revision 1.1 1999/11/11 17:38:31 mdw
-# New library configuration system.
-#
-
#----- Configuration --------------------------------------------------------
prefix=@prefix@
/* -*-c-*-
*
- * $Id: cbc-def.h,v 1.4 2004/04/02 01:03:49 mdw Exp $
+ * $Id: cbc-def.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for cipher block chaining mode
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cbc-def.h,v $
- * Revision 1.4 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.3 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.2 2000/06/17 10:49:52 mdw
- * Use secure arena for memory allocation.
- *
- * Revision 1.1 1999/12/10 23:16:39 mdw
- * Split mode macros into interface and implementation.
- *
- */
-
#ifndef CATACOMB_CBC_DEF_H
#define CATACOMB_CBC_DEF_H
/* -*-c-*-
*
- * $Id: cbc.h,v 1.3 2001/06/17 00:10:51 mdw Exp $
+ * $Id: cbc.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Ciphertext block chaining for block ciphers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cbc.h,v $
- * Revision 1.3 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.2 1999/12/10 23:16:39 mdw
- * Split mode macros into interface and implementation.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_CBC_H
#define CATACOMB_CBC_H
/* -*-c-*-
*
- * $Id: cfb-def.h,v 1.4 2004/04/02 01:03:49 mdw Exp $
+ * $Id: cfb-def.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for ciphertext feedback mode
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cfb-def.h,v $
- * Revision 1.4 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.3 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.2 2000/06/17 10:50:39 mdw
- * Use secure arena for memory allocation. Rearrange setiv slightly.
- *
- * Revision 1.1 1999/12/10 23:16:39 mdw
- * Split mode macros into interface and implementation.
- *
- */
-
#ifndef CATACOMB_CFB_DEF_H
#define CATACOMB_CFB_DEF_H
/* -*-c-*-
*
- * $Id: cfb.h,v 1.4 2001/06/17 00:10:51 mdw Exp $
+ * $Id: cfb.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Ciphertext feedback for block ciphers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: cfb.h,v $
- * Revision 1.4 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.3 2000/06/17 10:50:55 mdw
- * Change buffer offset to be unsigned.
- *
- * Revision 1.2 1999/12/10 23:16:39 mdw
- * Split mode macros into interface and implementation.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_CFB_H
#define CATACOMB_CFB_H
dnl -*-m4-*-
dnl
-dnl $Id: configure.in,v 1.27 2004/03/21 22:52:06 mdw Exp $
+dnl $Id: configure.in,v 1.28 2004/04/08 01:36:15 mdw Exp $
dnl
dnl Autoconfiguration for Catacomb
dnl
dnl Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
dnl MA 02111-1307, USA.
-dnl ----- Revision history --------------------------------------------------
-dnl
-dnl $Log: configure.in,v $
-dnl Revision 1.27 2004/03/21 22:52:06 mdw
-dnl Merge and close elliptic curve branch.
-dnl
-dnl Revision 1.24.2.1 2003/06/10 13:43:53 mdw
-dnl Simple (non-projective) curves over prime fields now seem to work.
-dnl
-dnl Revision 1.26 2003/11/29 23:39:36 mdw
-dnl Debianization.
-dnl
-dnl Revision 1.25 2003/10/11 21:02:33 mdw
-dnl Import buf stuff from tripe.
-dnl
-dnl Revision 1.24 2003/05/16 00:30:28 mdw
-dnl Version bump.
-dnl
-dnl Revision 1.23 2001/03/04 13:09:40 mdw
-dnl Mark dependency on mLib 2.0.0pre4 now.
-dnl
-dnl Revision 1.21 2000/10/08 12:01:28 mdw
-dnl Reinstate the `-pedantic' option.
-dnl
-dnl Revision 1.20 2000/08/15 21:45:25 mdw
-dnl New library configuration stuff from `common'.
-dnl
-dnl Revision 1.13 2000/06/17 13:51:03 mdw
-dnl Whoops. Too eager with the mLib version.
-dnl
-dnl Revision 1.12 2000/06/17 12:57:47 mdw
-dnl New free counter noise generator, for use if /dev/random is
-dnl unavailable.
-dnl
-dnl Revision 1.11 2000/06/17 10:51:23 mdw
-dnl Version number changes. Find maths library for Maurer's test.
-dnl
-dnl Revision 1.10 1999/12/22 16:03:31 mdw
-dnl New mLib version. Find socket functions for pixie.
-dnl
-dnl Revision 1.7 1999/11/13 01:55:48 mdw
-dnl Don't be pedantic, because using `long long' as a multiprecision type
-dnl gets complained about.
-dnl
-dnl Revision 1.6 1999/11/11 18:56:14 mdw
-dnl Use `libtool' to generate a shared library.
-dnl
-dnl Revision 1.5 1999/11/11 17:47:34 mdw
-dnl Updates for new configuration system, and `mptypes' generator.
-dnl
-dnl Revision 1.4 1999/11/11 00:58:19 mdw
-dnl Use canned check for `ssize_t'.
-dnl
-dnl Revision 1.3 1999/10/24 10:20:36 mdw
-dnl Modify for standalone distribution. The library's getting far too large
-dnl to be sensibly embedded in other programs.
-dnl
-dnl Revision 1.1 1999/09/03 08:41:11 mdw
-dnl Initial import.
-dnl
-
dnl --- Boring boilerplate ---
AC_INIT(blkc.h)
/* -*-c-*-
*
- * $Id: counter-def.h,v 1.3 2004/04/02 01:03:49 mdw Exp $
+ * $Id: counter-def.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Block cipher counter mode (or long cycle mode)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: counter-def.h,v $
- * Revision 1.3 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.2 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.1 2000/06/17 10:51:42 mdw
- * Counter mode ciphers and pseudo-random generator.
- *
- */
-
#ifndef CATACOMB_COUNTER_DEF_H
#define CATACOMB_COUNTER_DEF_H
/* -*-c-*-
*
- * $Id: counter.h,v 1.3 2002/01/13 13:43:35 mdw Exp $
+ * $Id: counter.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Block cipher counter mode (or long cycle mode)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: counter.h,v $
- * Revision 1.3 2002/01/13 13:43:35 mdw
- * Indentation fix.
- *
- * Revision 1.2 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.1 2000/06/17 10:51:42 mdw
- * Counter mode ciphers and pseudo-random generator.
- *
- */
-
#ifndef CATACOMB_COUNTER_H
#define CATACOMB_COUNTER_H
/* -*-c-*-
*
- * $Id: crc32.c,v 1.2 2004/03/21 23:52:58 mdw Exp $
+ * $Id: crc32.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Generic hash wrapper for CRC32
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: crc32.c,v $
- * Revision 1.2 2004/03/21 23:52:58 mdw
- * Ooops, how did that slip by? Fix return type of @ghcopy@.
- *
- * Revision 1.1 2001/04/19 18:26:32 mdw
- * Add CRC as another hash function.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/crc32.h>
/* -*-c-*-
*
- * $Id: crc32.h,v 1.1 2001/04/19 18:26:32 mdw Exp $
+ * $Id: crc32.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generic hash wrapper for CRC32
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: crc32.h,v $
- * Revision 1.1 2001/04/19 18:26:32 mdw
- * Add CRC as another hash function.
- *
- */
-
#ifndef CATACOMB_CRC32_H
#define CATACOMB_CRC32_H
/* -*-c-*-
*
- * $Id: daftstory.h,v 1.3 1999/12/10 23:29:48 mdw Exp $
+ * $Id: daftstory.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Daft story for use in test encryptions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: daftstory.h,v $
- * Revision 1.3 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.2 1999/11/11 00:58:38 mdw
- * Use fewer copies of the silly story to improve performance.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_DAFTSTORY_H
#define CATACOMB_DAFTSTORY_H
/* -*-c-*-
*
- * $Id: des-base.c,v 1.3 2004/04/02 01:03:49 mdw Exp $
+ * $Id: des-base.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Common features for DES implementation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: des-base.c,v $
- * Revision 1.3 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.2 2000/06/17 10:52:01 mdw
- * Change name for S-box header file.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: des-base.h,v 1.3 2004/04/02 01:03:49 mdw Exp $
+ * $Id: des-base.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Common features for DES implementation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: des-base.h,v $
- * Revision 1.3 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_DES_BASE_H
#define CATACOMB_DES_BASE_H
/* -*-c-*-
*
- * $Id: des-mktab.c,v 1.4 2000/10/08 12:12:23 mdw Exp $
+ * $Id: des-mktab.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Build combined S-P tables for DES
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: des-mktab.c,v $
- * Revision 1.4 2000/10/08 12:12:23 mdw
- * Improve @const@-correctness.
- *
- * Revision 1.3 2000/06/17 10:52:14 mdw
- * Change name for S-box header file.
- *
- * Revision 1.2 1999/12/22 16:02:30 mdw
- * Output the table with the correct new header guard names.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: des.c,v 1.2 2000/06/17 10:52:32 mdw Exp $
+ * $Id: des.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Data Encryption Standard
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: des.c,v $
- * Revision 1.2 2000/06/17 10:52:32 mdw
- * Support new key size interface.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: des.h,v 1.3 2000/06/17 10:52:32 mdw Exp $
+ * $Id: des.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The Data Encryption Standard
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: des.h,v $
- * Revision 1.3 2000/06/17 10:52:32 mdw
- * Support new key size interface.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the Data Encryption Standard -----------------------------*
*
* Almost twenty years after it was first accepted, DES is still the standard
/* -*-c-*-
*
- * $Id: des3.c,v 1.2 2000/06/17 10:52:32 mdw Exp $
+ * $Id: des3.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of double- and triple-DES
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: des3.c,v $
- * Revision 1.2 2000/06/17 10:52:32 mdw
- * Support new key size interface.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: des3.h,v 1.3 2000/06/17 10:52:32 mdw Exp $
+ * $Id: des3.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of double- and triple-DES
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: des3.h,v $
- * Revision 1.3 2000/06/17 10:52:32 mdw
- * Support new key size interface.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:11 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_DES3_H
#define CATACOMB_DES3_H
/* -*-c-*-
*
- * $Id: desx-tab.h,v 1.1 2001/04/03 19:36:50 mdw Exp $
+ * $Id: desx-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Tables for DESX
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: desx-tab.h,v $
- * Revision 1.1 2001/04/03 19:36:50 mdw
- * New block cipher DESX added.
- *
- */
-
#ifndef CATACOMB_DESX_TAB_H
#define CATACOMB_DESX_TAB_H
/* -*-c-*-
*
- * $Id: desx.c,v 1.2 2004/04/02 01:03:49 mdw Exp $
+ * $Id: desx.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of DESX
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: desx.c,v $
- * Revision 1.2 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.1 2001/04/03 19:36:50 mdw
- * New block cipher DESX added.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: desx.h,v 1.1 2001/04/03 19:36:50 mdw Exp $
+ * $Id: desx.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The DESX algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: desx.h,v $
- * Revision 1.1 2001/04/03 19:36:50 mdw
- * New block cipher DESX added.
- *
- */
-
/*----- Notes on DESX -----------------------------------------------------*
*
* DESX was designed by Ron Rivest in 1986 as a simple and cheap way to
/* -*-c-*-
*
- * $Id: dh-check.c,v 1.2 2001/06/16 12:56:38 mdw Exp $
+ * $Id: dh-check.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Checks Diffie-Hellman group parameters
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dh-check.c,v $
- * Revision 1.2 2001/06/16 12:56:38 mdw
- * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@.
- *
- * Revision 1.1 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* -*-c-*-
*
- * $Id: dh-fetch.c,v 1.2 2000/07/01 11:19:22 mdw Exp $
+ * $Id: dh-fetch.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Key fetching for Diffie-Hellman public and private keys
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dh-fetch.c,v $
- * Revision 1.2 2000/07/01 11:19:22 mdw
- * New functions for freeing public and private keys.
- *
- * Revision 1.1 2000/06/17 10:41:45 mdw
- * Table for driving key data extraction.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "dh.h"
/* -*-c-*-
*
- * $Id: dh-gen.c,v 1.2 2000/07/29 10:01:58 mdw Exp $
+ * $Id: dh-gen.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Generate Diffie-Hellman parameters
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dh-gen.c,v $
- * Revision 1.2 2000/07/29 10:01:58 mdw
- * Track change in primitive-element generation.
- *
- * Revision 1.1 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "dh.h"
/* -*-c-*-
*
- * $Id: dh-limlee.c,v 1.2 2000/07/29 17:02:00 mdw Exp $
+ * $Id: dh-limlee.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Generate Diffie-Hellman parameters from Lim-Lee primes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dh-limlee.c,v $
- * Revision 1.2 2000/07/29 17:02:00 mdw
- * (dh_limlee): Bug fix. Return @dp->q@ as the subgroup order, which isn't
- * necessarily the first factor.
- *
- * Revision 1.1 2000/07/29 10:01:31 mdw
- * Diffie-Hellman parameter generation based on Lim-Lee primes.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "dh.h"
/* -*-c-*-
*
- * $Id: dh-param.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: dh-param.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Reading Diffie-Hellman parameters
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dh-param.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "dh.h"
/* -*-c-*-
*
- * $Id: dh.h,v 1.8 2004/04/01 12:50:09 mdw Exp $
+ * $Id: dh.h,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Diffie-Hellman and related public-key systems
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dh.h,v $
- * Revision 1.8 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.7 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- * Revision 1.6 2000/07/29 10:01:16 mdw
- * Supply commentry for the Diffie-Hellman parameters. Add Lim-Lee
- * parameter generation.
- *
- * Revision 1.5 2000/07/01 11:20:51 mdw
- * New functions for freeing public and private keys.
- *
- * Revision 1.4 2000/06/17 10:52:47 mdw
- * Minor changes for key fetching.
- *
- * Revision 1.3 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- */
-
#ifndef CATACOMB_DH_H
#define CATACOMB_DH_H
/* -*-c-*-
*
- * $Id: dsa-check.c,v 1.1 2001/02/03 16:08:24 mdw Exp $
+ * $Id: dsa-check.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Consistency checking for DSA keys
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsa-check.c,v $
- * Revision 1.1 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "dh.h"
/* -*-c-*-
*
- * $Id: dsa-gen.c,v 1.9 2001/02/03 16:09:29 mdw Exp $
+ * $Id: dsa-gen.c,v 1.10 2004/04/08 01:36:15 mdw Exp $
*
* Generate DSA shared parameters
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsa-gen.c,v $
- * Revision 1.9 2001/02/03 16:09:29 mdw
- * Allow the caller to fetch the parameter generation seed and counter.
- *
- * Revision 1.8 2000/10/08 12:12:47 mdw
- * Use @MP_EQ@ instead of @MP_CMP@. Remove vestages of @primorial@.
- *
- * Revision 1.7 2000/08/15 21:45:05 mdw
- * Use the new trial division equipment in pfilt. This gives a 10%
- * performance improvement in dsa-gen.t.
- *
- * Revision 1.6 2000/07/29 10:00:14 mdw
- * Rename `dsa_seed' to `dsa_gen' for consistency with other parameter-
- * generation interfaces.
- *
- * Revision 1.5 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.4 1999/12/22 15:52:44 mdw
- * Reworking for new prime-search system.
- *
- * Revision 1.3 1999/12/10 23:18:38 mdw
- * Change interface for suggested destinations.
- *
- * Revision 1.2 1999/11/20 22:23:48 mdw
- * Allow event handler to abort the search process.
- *
- * Revision 1.1 1999/11/19 19:28:00 mdw
- * Implementation of the Digital Signature Algorithm.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: dsa-sign.c,v 1.2 1999/12/10 23:18:38 mdw Exp $
+ * $Id: dsa-sign.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* DSA signing operation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsa-sign.c,v $
- * Revision 1.2 1999/12/10 23:18:38 mdw
- * Change interface for suggested destinations.
- *
- * Revision 1.1 1999/11/19 19:28:00 mdw
- * Implementation of the Digital Signature Algorithm.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "dsa.h"
{
mpmont pm;
mpbarrett qb;
- mp *k1 = MP_NEW, *r;
+ mp *k1, *r;
mp *ar;
/* --- Compute %$r = (g^k \bmod p) \bmod q$% --- */
/* --- Compute %$k^{-1} \bmod q$% --- */
- mp_gcd(0, 0, &k1, dp->q, k);
+ k1 = mp_modinv(MP_NEW, k, dp->q);
/* --- Now for %$k^{-1}(m + ar)$% --- */
/* -*-c-*-
*
- * $Id: dsa-verify.c,v 1.6 2001/06/16 12:56:38 mdw Exp $
+ * $Id: dsa-verify.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* DSA signature verification
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsa-verify.c,v $
- * Revision 1.6 2001/06/16 12:56:38 mdw
- * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@.
- *
- * Revision 1.5 2000/10/08 12:13:17 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.4 2000/06/17 10:53:35 mdw
- * Typesetting fixes.
- *
- * Revision 1.3 1999/12/10 23:18:38 mdw
- * Change interface for suggested destinations.
- *
- * Revision 1.2 1999/11/23 00:20:04 mdw
- * Remove stray debugging code.
- *
- * Revision 1.1 1999/11/19 19:28:00 mdw
- * Implementation of the Digital Signature Algorithm.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "dsa.h"
/* --- Compute %$w = s^{-1} \bmod q$% --- */
{
- mp *z = MP_NEW;
- mp_gcd(0, 0, &z, dp->q, s);
+ mp *z = mp_modinv(MP_NEW, s, dp->q);
w = mpmont_mul(&qm, MP_NEW, z, qm.r2);
mp_drop(z);
}
/* -*-c-*-
*
- * $Id: dsa.h,v 1.8 2001/02/03 16:08:24 mdw Exp $
+ * $Id: dsa.h,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Digital Signature Algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsa.h,v $
- * Revision 1.8 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- * Revision 1.7 2000/07/29 09:59:44 mdw
- * Share data structures with Diffie-Hellman stuff.
- *
- * Revision 1.6 2000/07/01 11:20:51 mdw
- * New functions for freeing public and private keys.
- *
- * Revision 1.5 2000/06/17 10:53:42 mdw
- * Minor changes for key fetching. Typesetting fixes.
- *
- * Revision 1.4 1999/12/22 15:52:44 mdw
- * Reworking for new prime-search system.
- *
- * Revision 1.3 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.2 1999/11/20 22:23:48 mdw
- * Allow event handler to abort the search process.
- *
- * Revision 1.1 1999/11/19 19:28:00 mdw
- * Implementation of the Digital Signature Algorithm.
- *
- */
-
#ifndef CATACOMB_DSA_H
#define CATACOMB_DSA_H
/* -*-c-*-
*
- * $Id: dsarand.c,v 1.3 2001/02/03 16:08:56 mdw Exp $
+ * $Id: dsarand.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Random number generator for DSA
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsarand.c,v $
- * Revision 1.3 2001/02/03 16:08:56 mdw
- * Give generic random objects separate namespaces for their supported misc
- * ops. Add operations for reading the current seed value.
- *
- * Revision 1.2 2000/06/17 10:54:00 mdw
- * Typesetting fixes. Arena support.
- *
- * Revision 1.1 1999/12/22 15:53:12 mdw
- * Random number generator for finding DSA parameters.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: dsarand.h,v 1.3 2001/02/03 16:08:56 mdw Exp $
+ * $Id: dsarand.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Random number generator for DSA
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsarand.h,v $
- * Revision 1.3 2001/02/03 16:08:56 mdw
- * Give generic random objects separate namespaces for their supported misc
- * ops. Add operations for reading the current seed value.
- *
- * Revision 1.2 2000/06/17 10:54:14 mdw
- * Typesetting fixes.
- *
- * Revision 1.1 1999/12/22 15:53:12 mdw
- * Random number generator for finding DSA parameters.
- *
- */
-
#ifndef CATACOMB_DSARAND_H
#define CATACOMB_DSARAND_H
/* -*-c-*-
*
- * $Id: dsig.c,v 1.9 2004/04/08 01:02:15 mdw Exp $
+ * $Id: dsig.c,v 1.10 2004/04/08 01:36:15 mdw Exp $
*
* Verify signatures on distribuitions of files
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: dsig.c,v $
- * Revision 1.9 2004/04/08 01:02:15 mdw
- * Incompatible change! Add new signature schemes. Key now implies
- * algorithms (integrity checked by new fingerprinting rules), so don't put
- * that stuff in the manifest.
- *
- * Revision 1.8 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- * Revision 1.7 2001/02/23 09:04:17 mdw
- * Add new hash functions. Provide full help for subcommands. Run the
- * hash function over parts of the header in a canonical order.
- *
- * Revision 1.6 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.5 2000/10/08 12:12:09 mdw
- * Shut up some warnings.
- *
- * Revision 1.4 2000/08/04 23:23:44 mdw
- * Various <ctype.h> fixes.
- *
- * Revision 1.3 2000/07/15 20:53:23 mdw
- * More hash functions. Bug fix in getstring.
- *
- * Revision 1.2 2000/07/01 11:27:22 mdw
- * Use new PKCS#1 padding functions rather than rolling by hand.
- *
- * Revision 1.1 2000/06/17 10:54:29 mdw
- * Program to generate and verify signatures on multiple files.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: ec-bin.c,v 1.8 2004/04/03 03:32:05 mdw Exp $
+ * $Id: ec-bin.c,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Arithmetic for elliptic curves over binary fields
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-bin.c,v $
- * Revision 1.8 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.7 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.6 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.5 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.4 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.3 2004/03/22 02:19:09 mdw
- * Rationalise the sliding-window threshold. Drop guarantee that right
- * arguments to EC @add@ are canonical, and fix up projective implementations
- * to cope.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
/* -*-c-*-
*
- * $Id: ec-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: ec-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Point multiplication for elliptic curves
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-exp.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "ec.h"
/* -*-c-*-
*
- * $Id: ec-exp.h,v 1.5 2004/04/03 03:32:05 mdw Exp $
+ * $Id: ec-exp.h,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Exponentiation operations for elliptic curves
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-exp.h,v $
- * Revision 1.5 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.4 2004/03/22 02:19:10 mdw
- * Rationalise the sliding-window threshold. Drop guarantee that right
- * arguments to EC @add@ are canonical, and fix up projective implementations
- * to cope.
- *
- * Revision 1.3 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.2.4.1 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.2 2003/05/15 23:25:59 mdw
- * Make elliptic curve stuff build.
- *
- * Revision 1.1 2002/01/13 13:48:44 mdw
- * Further progress.
- *
- */
-
#ifndef CATACOMB_EC_EXP_H
#define CATACOMB_EC_EXP_H
/* -*-c-*-
*
- * $Id: ec-fetch.c,v 1.1 2004/03/28 01:58:47 mdw Exp $
+ * $Id: ec-fetch.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Key fetching for elliptic curve public and private keys
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-fetch.c,v $
- * Revision 1.1 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "ec-keys.h"
/* -*-c-*-
*
- * $Id: ec-info.c,v 1.4 2004/04/03 03:32:05 mdw Exp $
+ * $Id: ec-info.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Elliptic curve information management
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-info.c,v $
- * Revision 1.4 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.3 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.2 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.1 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "ec.h"
/* -*-c-*-
*
- * $Id: ec-keys.h,v 1.2 2004/04/01 12:50:09 mdw Exp $
+ * $Id: ec-keys.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Elliptic curve key-fetching
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-keys.h,v $
- * Revision 1.2 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.1 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- */
-
#ifndef CATACOMB_EC_KEYS_H
#define CATACOMB_EC_KEYS_H
/* -*-c-*-
*
- * $Id: ec-prime.c,v 1.10 2004/04/03 03:32:05 mdw Exp $
+ * $Id: ec-prime.c,v 1.11 2004/04/08 01:36:15 mdw Exp $
*
* Elliptic curves over prime fields
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-prime.c,v $
- * Revision 1.10 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.9 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.8 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.7 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.6 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.5 2004/03/22 02:19:10 mdw
- * Rationalise the sliding-window threshold. Drop guarantee that right
- * arguments to EC @add@ are canonical, and fix up projective implementations
- * to cope.
- *
- * Revision 1.4 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.3.4.3 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.3.4.2 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.3.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.3 2003/05/15 23:25:59 mdw
- * Make elliptic curve stuff build.
- *
- * Revision 1.2 2002/01/13 13:48:44 mdw
- * Further progress.
- *
- * Revision 1.1 2001/04/29 18:12:33 mdw
- * Prototype version.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
/* -*-c-*-
*
- * $Id: ec-raw.c,v 1.1 2004/04/04 19:04:11 mdw Exp $
+ * $Id: ec-raw.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Raw formatting of elliptic curve points
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-raw.c,v $
- * Revision 1.1 2004/04/04 19:04:11 mdw
- * Raw I/O of elliptic curve points and group elements.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "ec.h"
/* -*-c-*-
*
- * $Id: ec-raw.h,v 1.1 2004/04/04 19:04:11 mdw Exp $
+ * $Id: ec-raw.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Raw formatting of elliptic curve points
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-raw.h,v $
- * Revision 1.1 2004/04/04 19:04:11 mdw
- * Raw I/O of elliptic curve points and group elements.
- *
- */
-
#ifndef CATACOMB_EC_RAW_H
#define CATACOMB_EC_RAW_H
/* -*-c-*-
*
- * $Id: ec-test.c,v 1.5 2004/04/02 01:03:49 mdw Exp $
+ * $Id: ec-test.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Code for testing elliptic-curve stuff
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-test.c,v $
- * Revision 1.5 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.4 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.3 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.2 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.1 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: ec-test.h,v 1.1 2004/03/23 15:19:32 mdw Exp $
+ * $Id: ec-test.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Elliptic curve test functions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec-test.h,v $
- * Revision 1.1 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- */
-
#ifndef CATACOMB_EC_TEST_H
#define CATACOMB_EC_TEST_H
/* -*-c-*-
*
- * $Id: ec.c,v 1.9 2004/04/01 21:28:41 mdw Exp $
+ * $Id: ec.c,v 1.10 2004/04/08 01:36:15 mdw Exp $
*
* Elliptic curve definitions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec.c,v $
- * Revision 1.9 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.8 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.7 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.6 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.5 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.4.4.2 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.4.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.4 2003/05/15 23:25:59 mdw
- * Make elliptic curve stuff build.
- *
- * Revision 1.3 2002/01/13 13:48:44 mdw
- * Further progress.
- *
- * Revision 1.2 2001/05/07 17:29:44 mdw
- * Treat projective coordinates as an internal representation. Various
- * minor interface changes.
- *
- * Revision 1.1 2001/04/29 18:12:33 mdw
- * Prototype version.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "ec.h"
/* -*-c-*-
*
- * $Id: ec.h,v 1.10 2004/04/03 03:32:05 mdw Exp $
+ * $Id: ec.h,v 1.11 2004/04/08 01:36:15 mdw Exp $
*
* Elliptic curve definitions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ec.h,v $
- * Revision 1.10 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.9 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.8 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.7 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.6 2004/03/22 02:19:10 mdw
- * Rationalise the sliding-window threshold. Drop guarantee that right
- * arguments to EC @add@ are canonical, and fix up projective implementations
- * to cope.
- *
- * Revision 1.5 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.4.4.3 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.4.4.2 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.4.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.4 2003/05/15 23:25:59 mdw
- * Make elliptic curve stuff build.
- *
- * Revision 1.3 2002/01/13 13:48:44 mdw
- * Further progress.
- *
- * Revision 1.2 2001/05/07 17:29:44 mdw
- * Treat projective coordinates as an internal representation. Various
- * minor interface changes.
- *
- * Revision 1.1 2001/04/29 18:12:33 mdw
- * Prototype version.
- *
- */
-
#ifndef CATACOMB_EC_H
#define CATACOMB_EC_H
/* -*-c-*-
*
- * $Id: ecb-def.h,v 1.2 2000/06/17 10:54:43 mdw Exp $
+ * $Id: ecb-def.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Definitions electronic code book mode
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ecb-def.h,v $
- * Revision 1.2 2000/06/17 10:54:43 mdw
- * Use secure arena for memory allocation.
- *
- * Revision 1.1 1999/12/10 23:16:39 mdw
- * Split mode macros into interface and implementation.
- *
- */
-
#ifndef CATACOMB_ECB_DEF_H
#define CATACOMB_ECB_DEF_H
/* -*-c-*-
*
- * $Id: ecb.h,v 1.2 1999/12/10 23:16:40 mdw Exp $
+ * $Id: ecb.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Electronic code book for block ciphers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ecb.h,v $
- * Revision 1.2 1999/12/10 23:16:40 mdw
- * Split mode macros into interface and implementation.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_ECB_H
#define CATACOMB_ECB_H
/* -*-c-*-
*
- * $Id: ectab.h,v 1.3 2004/04/01 21:28:41 mdw Exp $
+ * $Id: ectab.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Table of standard elliptic curves
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ectab.h,v $
- * Revision 1.3 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.2 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.1 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- */
-
#ifndef CATACOMB_ECTAB_H
#define CATACOMB_ECTAB_H
/* -*-c-*-
*
- * $Id: exp.c,v 1.1 2001/06/16 13:00:59 mdw Exp $
+ * $Id: exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generalized exponentiation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: exp.c,v $
- * Revision 1.1 2001/06/16 13:00:59 mdw
- * New generic exponentation code. Includes sliding-window simultaneous
- * exponentiation.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#define EXP_TYPE /* Hack */
/* -*-c-*-
*
- * $Id: exp.h,v 1.3 2004/03/22 02:19:10 mdw Exp $
+ * $Id: exp.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Generalized exponentiation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: exp.h,v $
- * Revision 1.3 2004/03/22 02:19:10 mdw
- * Rationalise the sliding-window threshold. Drop guarantee that right
- * arguments to EC @add@ are canonical, and fix up projective implementations
- * to cope.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.1 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.1 2001/06/16 13:00:59 mdw
- * New generic exponentation code. Includes sliding-window simultaneous
- * exponentiation.
- *
- */
-
#ifdef CATACOMB_EXP_H
# error "Multiple inclusion of <catacomb/exp.h>"
#endif
/* -*-c-*-
*
- * $Id: f-binpoly.c,v 1.8 2004/04/02 01:03:49 mdw Exp $
+ * $Id: f-binpoly.c,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Binary fields with polynomial basis representation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: f-binpoly.c,v $
- * Revision 1.8 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.7 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.6 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.5 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.4 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.3 2004/03/23 12:08:26 mdw
- * Random field-element selection.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
}
static mp *finv(field *ff, mp *d, mp *x)
- { fctx *f = (fctx *)ff; gf_gcd(0, 0, &d, f->r.p, x); return (d); }
+ { fctx *f = (fctx *)ff; d = gf_modinv(d, x, f->r.p); return (d); }
static mp *freduce(field *ff, mp *d, mp *x)
{ fctx *f = (fctx *)ff; return (gfreduce_do(&f->r, d, x)); }
/* -*-c-*-
*
- * $Id: f-niceprime.c,v 1.5 2004/04/02 01:03:49 mdw Exp $
+ * $Id: f-niceprime.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Prime fields with efficient reduction for special-form primes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: f-niceprime.c,v $
- * Revision 1.5 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.4 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.3 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.2 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.1 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
}
static mp *finv(field *ff, mp *d, mp *x)
- { fctx *f = (fctx *)ff; mp_gcd(0, 0, &d, f->r.p, x); return (d); }
+ { fctx *f = (fctx *)ff; d = mp_modinv(d, x, f->r.p); return (d); }
static mp *freduce(field *ff, mp *d, mp *x)
{ fctx *f = (fctx *)ff; return (mpreduce_do(&f->r, d, x)); }
/* -*-c-*-
*
- * $Id: f-prime.c,v 1.11 2004/04/03 03:32:05 mdw Exp $
+ * $Id: f-prime.c,v 1.12 2004/04/08 01:36:15 mdw Exp $
*
* Prime fields with Montgomery arithmetic
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: f-prime.c,v $
- * Revision 1.11 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.10 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.9 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.8 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.7 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.6 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.5 2004/03/23 12:08:26 mdw
- * Random field-element selection.
- *
- * Revision 1.4 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.3.4.3 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.3.4.2 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.3.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.3 2003/05/15 23:25:59 mdw
- * Make elliptic curve stuff build.
- *
- * Revision 1.2 2002/01/13 13:48:44 mdw
- * Further progress.
- *
- * Revision 1.1 2001/04/29 18:12:33 mdw
- * Prototype version.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
static mp *finv(field *ff, mp *d, mp *x) {
fctx *f = (fctx *)ff; d = mpmont_reduce(&f->mm, d, x);
- mp_gcd(0, 0, &d, f->mm.m, d); return (mpmont_mul(&f->mm, d, d, f->mm.r2));
+ d = mp_modinv(d, d, f->mm.m); return (mpmont_mul(&f->mm, d, d, f->mm.r2));
}
static mp *freduce(field *ff, mp *d, mp *x)
/* -*-c-*-
*
- * $Id: factorial.c,v 1.3 2002/01/13 19:51:59 mdw Exp $
+ * $Id: factorial.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Example factorial computation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: factorial.c,v $
- * Revision 1.3 2002/01/13 19:51:59 mdw
- * Provide proper help and options parsing. Allow more bases. Use
- * @mptext@ to read integers for the better base support.
- *
- * Revision 1.2 2001/06/16 13:22:59 mdw
- * Added command-line option to select output radix.
- *
- * Revision 1.1 2000/07/09 21:30:49 mdw
- * Demo program to compute factorials.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: fibrand.c,v 1.4 2002/10/09 00:35:18 mdw Exp $
+ * $Id: fibrand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Fibonacci generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: fibrand.c,v $
- * Revision 1.4 2002/10/09 00:35:18 mdw
- * Fix bogus type name.
- *
- * Revision 1.3 2000/12/06 20:31:06 mdw
- * Simplify uniform range transformation.
- *
- * Revision 1.2 2000/06/17 10:55:24 mdw
- * Typesetting fixes. Add flags word to generatic random generator.
- *
- * Revision 1.1 1999/12/10 23:15:27 mdw
- * Noncryptographic random number generator.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: fibrand.h,v 1.2 2000/06/17 10:54:59 mdw Exp $
+ * $Id: fibrand.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Fibonacci generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: fibrand.h,v $
- * Revision 1.2 2000/06/17 10:54:59 mdw
- * Typesetting fixes.
- *
- * Revision 1.1 1999/12/10 23:15:27 mdw
- * Noncryptographic random number generator.
- *
- */
-
/*----- Notes on the Fibonacci generator ----------------------------------*
*
* The generator was originally suggested by G. J. Mitchell and D. P. Moore
/* -*-c-*-
*
- * $Id: field-parse.c,v 1.3 2004/04/03 03:32:05 mdw Exp $
+ * $Id: field-parse.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Parse field descriptions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: field-parse.c,v $
- * Revision 1.3 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.2 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.1 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "field.h"
/* -*-c-*-
*
- * $Id: field.c,v 1.3 2004/04/01 12:50:09 mdw Exp $
+ * $Id: field.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Abstract field operations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: field.c,v $
- * Revision 1.3 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.1 2003/06/10 13:43:53 mdw
- * Simple (non-projective) curves over prime fields now seem to work.
- *
- * Revision 1.1 2001/05/07 17:30:13 mdw
- * Add an internal-representation no-op function.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "field.h"
/* -*-c-*-
*
- * $Id: field.h,v 1.10 2004/04/01 21:28:41 mdw Exp $
+ * $Id: field.h,v 1.11 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for field arithmetic
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: field.h,v $
- * Revision 1.10 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- * Revision 1.9 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.8 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.7 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.6 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.5 2004/03/23 12:08:26 mdw
- * Random field-element selection.
- *
- * Revision 1.4 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.3.4.2 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.3.4.1 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.3 2002/01/13 13:48:44 mdw
- * Further progress.
- *
- * Revision 1.2 2001/05/07 17:30:13 mdw
- * Add an internal-representation no-op function.
- *
- * Revision 1.1 2001/04/29 18:12:33 mdw
- * Prototype version.
- *
- */
-
#ifndef CATACOMB_FIELD_H
#define CATACOMB_FIELD_H
/* -*-c-*-
*
- * $Id: fipstest.c,v 1.3 2000/08/11 21:34:34 mdw Exp $
+ * $Id: fipstest.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* FIPS140 randomness tests
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: fipstest.c,v $
- * Revision 1.3 2000/08/11 21:34:34 mdw
- * Change to use the new thresholds given in the draft FIPS140-2.
- *
- * Revision 1.2 2000/06/17 12:21:39 mdw
- * Add braces to shut compiler up. Reformat code slightly.
- *
- * Revision 1.1 2000/06/17 10:55:38 mdw
- * FIPS 140-1 random generator test.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: fipstest.h,v 1.3 2000/12/06 20:33:27 mdw Exp $
+ * $Id: fipstest.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* FIPS140 randomness tests
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: fipstest.h,v $
- * Revision 1.3 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.2 2000/08/11 21:34:34 mdw
- * Change to use the new thresholds given in the draft FIPS140-2.
- *
- * Revision 1.1 2000/06/17 10:55:38 mdw
- * FIPS 140-1 random generator test.
- *
- */
-
#ifndef CATACOMB_FIPSTEST_H
#define CATACOMB_FIPSTEST_H
/* -*-c-*-
*
- * $Id: g-ec.c,v 1.3 2004/04/04 19:04:11 mdw Exp $
+ * $Id: g-ec.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Abstraction for elliptic curve groups
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: g-ec.c,v $
- * Revision 1.3 2004/04/04 19:04:11 mdw
- * Raw I/O of elliptic curve points and group elements.
- *
- * Revision 1.2 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <ctype.h>
/* -*-c-*-
*
- * $Id: g-prime.c,v 1.3 2004/04/04 19:04:11 mdw Exp $
+ * $Id: g-prime.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Abstraction for prime groups
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: g-prime.c,v $
- * Revision 1.3 2004/04/04 19:04:11 mdw
- * Raw I/O of elliptic curve points and group elements.
- *
- * Revision 1.2 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
static void ginv(group *gg, mp **d, mp **x) {
gctx *g = (gctx *)gg; mp *r = mpmont_reduce(&g->mm, *d, *x);
- mp_gcd(0, 0, &r, g->mm.m, r); *d = mpmont_mul(&g->mm, r, r, g->mm.r2);
+ r = mp_modinv(r, r, g->mm.m); *d = mpmont_mul(&g->mm, r, r, g->mm.r2);
}
static void gexp(group *gg, mp **d, mp **x, mp *n)
{ gctx *g = (gctx *)gg; return (mpmont_reduce(&g->mm, d, *x)); }
static int gfromint(group *gg, mp **d, mp *x) {
- gctx *g = (gctx *)gg; mp_div(0, &x, x, g->mm.m); mp_drop(*d);
- *d = mpmont_mul(&g->mm, x, x, g->mm.r2); return (0);
+ gctx *g = (gctx *)gg; mp_div(0, d, x, g->mm.m);
+ *d = mpmont_mul(&g->mm, *d, *d, g->mm.r2); return (0);
}
static int gtobuf(group *gg, buf *b, mp **x) {
/* -*-c-*-
*
- * $Id: gcipher.h,v 1.3 2004/04/04 19:42:30 mdw Exp $
+ * $Id: gcipher.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Generic symmetric cipher interface
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gcipher.h,v $
- * Revision 1.3 2004/04/04 19:42:30 mdw
- * Make tables of standard encryption schemes etc.
- *
- * Revision 1.2 2000/06/17 10:56:00 mdw
- * New key size interface.
- *
- * Revision 1.1 1999/12/10 23:16:01 mdw
- * Generic interface.
- *
- */
-
#ifndef CATACOMB_GCIPHER_H
#define CATACOMB_GCIPHER_H
/* -*-c-*-
*
- * $Id: gdsa.c,v 1.1 2004/04/04 19:42:59 mdw Exp $
+ * $Id: gdsa.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generalized version of DSA
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gdsa.c,v $
- * Revision 1.1 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "gdsa.h"
mpbarrett_create(&b, g->r);
ss = mp_mul(ss, sr, c->u); ss = mpbarrett_reduce(&b, ss, ss);
ss = mp_add(ss, ss, mr); mp_div(0, &ss, ss, g->r);
- mp_gcd(0, 0, &k, g->r, k);
+ k = mp_modinv(k, k, g->r);
ss = mp_mul(ss, ss, k); ss = mpbarrett_reduce(&b, ss, ss);
s->r = sr; s->s = ss;
mp_drop(k); mp_drop(mr); mpbarrett_destroy(&b); G_DESTROY(g, z);
group *g = c->g;
group_expfactor e[2];
mpbarrett b;
- mp *h = MP_NEW, *t;
+ mp *h, *t;
ge *w;
int rc = -1;
if (MP_CMP(s->r, <, MP_ONE) || MP_CMP(s->r, >=, g->r) ||
MP_CMP(s->s, <, MP_ONE) || MP_CMP(s->s, >=, g->r))
return (-1);
- mpbarrett_create(&b, g->r); mp_gcd(0, 0, &h, g->r, s->s);
+ mpbarrett_create(&b, g->r); h = mp_modinv(MP_NEW, s->s, g->r);
e[0].base = g->g; e[1].base = c->p;
t = mp_loadb(MP_NEW, m, c->h->hashsz); mp_div(0, &t, t, g->r);
t = mp_mul(t, t, h); e[0].exp = t = mpbarrett_reduce(&b, t, t);
/* -*-c-*-
*
- * $Id: gdsa.h,v 1.1 2004/04/04 19:42:59 mdw Exp $
+ * $Id: gdsa.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generalized version of DSA
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gdsa.h,v $
- * Revision 1.1 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- */
-
#ifndef CATACOMB_GDSA_H
#define CATACOMB_GDSA_H
EOF
for i in $list; do
- echo "#include \"$i.h\""
+ name=`echo $i | sed 's/=.*$//'`
+ echo "#include \"$name.h\""
done
cat <<EOF
const $type *const ${include}tab[] = {
EOF
for i in $list; do
- c=`echo $i | sed 's/[^A-Za-z0-9_][^A-Za-z0-9_]*/_/g'`
+ c=`echo $i | sed 's/^.*=//; s/[^A-Za-z0-9_][^A-Za-z0-9_]*/_/g'`
echo " &$c,"
done
cat <<EOF
/* -*-c-*-
*
- * $Id: genprimes.c,v 1.6 2004/04/02 01:03:49 mdw Exp $
+ * $Id: genprimes.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Generate prime number table
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: genprimes.c,v $
- * Revision 1.6 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.5 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.4 2001/03/04 13:08:10 mdw
- * Use @DA_LAST@ to determine @MAXPRIME@, now that it exists.
- *
- * Revision 1.3 2000/08/15 21:41:58 mdw
- * Create a new type for the small primes table elements.
- *
- * Revision 1.2 1999/12/22 15:48:39 mdw
- * Rename output file. Make output constants unsigned.
- *
- * Revision 1.1 1999/11/19 13:19:37 mdw
- * Generate small primes table.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <ctype.h>
/* -*-c-*-
*
- * $Id: gf-arith.c,v 1.3 2004/03/27 17:54:11 mdw Exp $
+ * $Id: gf-arith.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Basic arithmetic on binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gf-arith.c,v $
- * Revision 1.3 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "gf.h"
/* -*-c-*-
*
- * $Id: gf-gcd.c,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: gf-gcd.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Euclidian algorithm on binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gf-gcd.c,v $
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "gf.h"
MP_DROP(a); MP_DROP(b);
}
+/* -- @gf_modinv@ --- *
+ *
+ * Arguments: @mp *d@ = destination
+ * @mp *x@ = argument
+ * @mp *p@ = modulus
+ *
+ * Returns: The inverse %$x^{-1} \bmod p$%.
+ *
+ * Use: Computes a modular inverse, the catch being that the
+ * arguments and results are binary polynomials. An assertion
+ * fails if %$p$% has no inverse.
+ */
+
+mp *gf_modinv(mp *d, mp *x, mp *p)
+{
+ mp *g = MP_NEW;
+ gf_gcd(&g, 0, &d, p, x);
+ assert(MP_EQ(g, MP_ONE));
+ mp_drop(g);
+ return (d);
+}
+
/*----- Test rig ----------------------------------------------------------*/
#ifdef TEST_RIG
mp *gg = MP_NEW, *xx = MP_NEW, *yy = MP_NEW;
gf_gcd(&gg, &xx, &yy, a, b);
if (!MP_EQ(x, xx)) {
- fputs("\n*** mp_gcd(x) failed", stderr);
+ fputs("\n*** gf_gcd(x) failed", stderr);
fputs("\na = ", stderr); mp_writefile(a, stderr, 16);
fputs("\nb = ", stderr); mp_writefile(b, stderr, 16);
fputs("\nexpect = ", stderr); mp_writefile(x, stderr, 16);
ok = 0;
}
if (!MP_EQ(y, yy)) {
- fputs("\n*** mp_gcd(y) failed", stderr);
+ fputs("\n*** gf_gcd(y) failed", stderr);
fputs("\na = ", stderr); mp_writefile(a, stderr, 16);
fputs("\nb = ", stderr); mp_writefile(b, stderr, 16);
fputs("\nexpect = ", stderr); mp_writefile(y, stderr, 16);
}
if (!MP_EQ(g, gg)) {
- fputs("\n*** mp_gcd(gcd) failed", stderr);
+ fputs("\n*** gf_gcd(gcd) failed", stderr);
fputs("\na = ", stderr); mp_writefile(a, stderr, 16);
fputs("\nb = ", stderr); mp_writefile(b, stderr, 16);
fputs("\nexpect = ", stderr); mp_writefile(g, stderr, 16);
/* -*-c-*-
*
- * $Id: gf.h,v 1.3 2004/03/27 17:54:11 mdw Exp $
+ * $Id: gf.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Arithmetic on binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gf.h,v $
- * Revision 1.3 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
#ifndef CATACOMB_GF_H
#define CATACOMB_GF_H
extern void gf_gcd(mp **/*gcd*/, mp **/*xx*/, mp **/*yy*/,
mp */*a*/, mp */*b*/);
+/* -- @gf_modinv@ --- *
+ *
+ * Arguments: @mp *d@ = destination
+ * @mp *x@ = argument
+ * @mp *p@ = modulus
+ *
+ * Returns: The inverse %$x^{-1} \bmod p$%.
+ *
+ * Use: Computes a modular inverse, the catch being that the
+ * arguments and results are binary polynomials. An assertion
+ * fails if %$p$% has no inverse.
+ */
+
+extern mp *gf_modinv(mp */*d*/, mp */*x*/, mp */*p*/);
+
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus
/* -*-c-*-
*
- * $Id: gfn.c,v 1.1 2004/04/01 21:28:41 mdw Exp $
+ * $Id: gfn.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Normal-basis translation for binary fields
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfn.c,v $
- * Revision 1.1 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "gfreduce.h"
/* -*-c-*-
*
- * $Id: gfn.h,v 1.1 2004/04/01 21:28:41 mdw Exp $
+ * $Id: gfn.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Normal-basis translation for binary fields
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfn.h,v $
- * Revision 1.1 2004/04/01 21:28:41 mdw
- * Normal basis support (translates to poly basis internally). Rewrite
- * EC and prime group table generators in awk, so that they can reuse data
- * for repeated constants.
- *
- */
-
#ifndef CATACOMB_GFN_H
#define CATACOMB_GFN_H
/* -*-c-*-
*
- * $Id: gfreduce-exp.h,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: gfreduce-exp.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Exponentiation operations for binary field reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfreduce-exp.h,v $
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
#ifndef CATACOMB_GFREDUCE_EXP_H
#define CATACOMB_GFREDUCE_EXP_H
/* -*-c-*-
*
- * $Id: gfreduce.c,v 1.4 2004/03/27 00:04:46 mdw Exp $
+ * $Id: gfreduce.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Efficient reduction modulo sparse binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfreduce.c,v $
- * Revision 1.4 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.3 2004/03/23 15:19:32 mdw
- * Test elliptic curves more thoroughly.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
/* -*-c-*-
*
- * $Id: gfreduce.h,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: gfreduce.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Reduction modulo sparse binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfreduce.h,v $
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
#ifndef CATACOMB_GFREDUCE_H
#define CATACOMB_GFREDUCE_H
/* -*-c-*-
*
- * $Id: gfshare-mktab.c,v 1.3 2000/06/18 23:26:09 mdw Exp $
+ * $Id: gfshare-mktab.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Generate tables for %$\gf{2^8}$% multiplication
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfshare-mktab.c,v $
- * Revision 1.3 2000/06/18 23:26:09 mdw
- * Whoops. Fix a typo.
- *
- * Revision 1.2 2000/06/18 23:12:15 mdw
- * Change typesetting of Galois Field names.
- *
- * Revision 1.1 2000/06/17 10:56:30 mdw
- * Fast but nonstandard secret sharing system.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: gfshare.c,v 1.8 2004/04/02 01:03:49 mdw Exp $
+ * $Id: gfshare.c,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Secret sharing over %$\gf{2^8}$%
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfshare.c,v $
- * Revision 1.8 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.7 2001/06/16 23:42:17 mdw
- * Typesetting fixes.
- *
- * Revision 1.6 2000/12/06 20:30:10 mdw
- * Change secret sharing interface: present the secret at share
- * construction time.
- *
- * Revision 1.5 2000/06/24 19:11:47 mdw
- * Fix daft error in the comment for @gfshare_get@.
- *
- * Revision 1.4 2000/06/24 18:29:05 mdw
- * Interface change: allow shares to be extracted from a context on demand,
- * rather than building them all up-front.
- *
- * Revision 1.3 2000/06/22 18:04:13 mdw
- * Improve secret reconstruction -- compute coefficients as needed rather
- * than making a big array of them.
- *
- * Revision 1.2 2000/06/18 23:12:15 mdw
- * Change typesetting of Galois Field names.
- *
- * Revision 1.1 2000/06/17 10:56:30 mdw
- * Fast but nonstandard secret sharing system.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: gfshare.h,v 1.6 2000/12/06 20:30:10 mdw Exp $
+ * $Id: gfshare.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Secret sharing over %$\gf{2^8}$%
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfshare.h,v $
- * Revision 1.6 2000/12/06 20:30:10 mdw
- * Change secret sharing interface: present the secret at share
- * construction time.
- *
- * Revision 1.5 2000/06/24 19:11:47 mdw
- * Fix daft error in the comment for @gfshare_get@.
- *
- * Revision 1.4 2000/06/24 18:29:05 mdw
- * Interface change: allow shares to be extracted from a context on demand,
- * rather than building them all up-front.
- *
- * Revision 1.3 2000/06/18 23:12:15 mdw
- * Change typesetting of Galois Field names.
- *
- * Revision 1.2 2000/06/17 11:05:27 mdw
- * Add a commentary on the system.
- *
- * Revision 1.1 2000/06/17 10:56:30 mdw
- * Fast but nonstandard secret sharing system.
- *
- */
-
/*----- Notes on the system -----------------------------------------------*
*
* This uses a variant of Shamir's secret sharing system. Shamir's original
/* -*-c-*-
*
- * $Id: gfx-kmul.c,v 1.3 2004/03/27 17:54:11 mdw Exp $
+ * $Id: gfx-kmul.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Karatsuba's multiplication algorithm on binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfx-kmul.c,v $
- * Revision 1.3 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.2 2002/10/09 00:36:03 mdw
- * Fix bounds on workspace for Karatsuba operations.
- *
- * Revision 1.1 2000/10/08 15:49:37 mdw
- * First glimmerings of binary polynomial arithmetic.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: gfx-sqr-mktab.c,v 1.1 2000/10/08 15:49:37 mdw Exp $
+ * $Id: gfx-sqr-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Build table for squaring of binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfx-sqr-mktab.c,v $
- * Revision 1.1 2000/10/08 15:49:37 mdw
- * First glimmerings of binary polynomial arithmetic.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: gfx-sqr.c,v 1.3 2004/04/02 01:03:49 mdw Exp $
+ * $Id: gfx-sqr.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Sqaring binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfx-sqr.c,v $
- * Revision 1.3 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.1 2000/10/08 15:49:37 mdw
- * First glimmerings of binary polynomial arithmetic.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mpx.h"
/* -*-c-*-
*
- * $Id: gfx.c,v 1.1 2000/10/08 15:49:37 mdw Exp $
+ * $Id: gfx.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Low-level arithmetic on binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfx.c,v $
- * Revision 1.1 2000/10/08 15:49:37 mdw
- * First glimmerings of binary polynomial arithmetic.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: gfx.h,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: gfx.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Low-level arithmetic on binary polynomials
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gfx.h,v $
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.1 2000/10/08 15:49:37 mdw
- * First glimmerings of binary polynomial arithmetic.
- *
- */
-
#ifndef CATACOMB_GFX_H
#define CATACOMB_GFX_H
/* -*-c-*-
*
- * $Id: ghash-def.h,v 1.6 2004/04/04 19:42:59 mdw Exp $
+ * $Id: ghash-def.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for generic hash interface
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ghash-def.h,v $
- * Revision 1.6 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- * Revision 1.5 2001/01/25 21:39:58 mdw
- * Burn the hash context when it's done with, for paranoia's sake.
- *
- * Revision 1.4 2000/07/15 10:00:58 mdw
- * New generic hash operation for copying hash contexts.
- *
- * Revision 1.3 2000/07/02 18:27:42 mdw
- * (ghash->ops->done): Interface change. Passing in a null buffer pointer
- * uses a buffer internal to the ghash object. The operation returns the
- * address of the buffer it used. Clients of generic hashes no longer need
- * to use dynamically allocated memory for hash results.
- *
- * Revision 1.2 2000/06/17 11:22:03 mdw
- * Use secure arena for memory allocation. Minor changes in the generic
- * hash interface.
- *
- * Revision 1.1 1999/12/10 23:21:37 mdw
- * Generic interface.
- *
- */
-
#ifndef CATACOMB_GHASH_DEF_H
#define CATACOMB_GHASH_DEF_H
/* -*-c-*-
*
- * $Id: ghash.h,v 1.6 2004/04/04 19:42:30 mdw Exp $
+ * $Id: ghash.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Generic hash function interface
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ghash.h,v $
- * Revision 1.6 2004/04/04 19:42:30 mdw
- * Make tables of standard encryption schemes etc.
- *
- * Revision 1.5 2000/07/15 10:00:58 mdw
- * New generic hash operation for copying hash contexts.
- *
- * Revision 1.4 2000/07/03 18:08:24 mdw
- * Include `bits.h'.
- *
- * Revision 1.3 2000/07/02 18:27:42 mdw
- * (ghash->ops->done): Interface change. Passing in a null buffer pointer
- * uses a buffer internal to the ghash object. The operation returns the
- * address of the buffer it used. Clients of generic hashes no longer need
- * to use dynamically allocated memory for hash results.
- *
- * Revision 1.2 2000/06/17 11:22:17 mdw
- * Minor changes in the generic hash interface.
- *
- * Revision 1.1 1999/12/10 23:16:01 mdw
- * Generic interface.
- *
- */
-
#ifndef CATACOMB_GHASH_H
#define CATACOMB_GHASH_H
} ghash_ops;
#define GH_INIT(ch) (ch)->init()
-#define GH_CLASS(H) (h)->ops->c
+#define GH_CLASS(h) (h)->ops->c
#define GH_HASH(h, p, sz) (h)->ops->hash((h), (p), (sz))
#define GH_DONE(h, buf) (h)->ops->done((h), (buf))
#define GH_DESTROY(h) (h)->ops->destroy((h))
/* -*-c-*-
*
- * $Id: gkcdsa.c,v 1.1 2004/04/04 19:42:59 mdw Exp $
+ * $Id: gkcdsa.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generalized version of KCDSA
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gkcdsa.c,v $
- * Revision 1.1 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "gkcdsa.h"
mp *v = G_TOINT(c->g, MP_NEW, c->p);
size_t sz = c->h->bufsz;
void *p = xmalloc(sz);
-
if (/*ouch*/ !v) memset(p, 0, sz);
else mp_storeb(v, p, sz);
GH_HASH(h, p, sz);
DENSURE(&d, c.h->hashsz); d.len = c.h->hashsz; memset(d.buf, 0, d.len);
ss.r = (octet *)d.buf;
- x = MP_NEW; mp_gcd(0, 0, &x, c.g->r, c.u);
+ x = mp_modinv(MP_NEW, c.u, c.g->r);
c.p = G_CREATE(c.g); G_EXP(c.g, c.p, c.g->g, x);
h = gkcdsa_beginhash(&c);
GH_HASH(h, v[3].buf, v[3].len);
/* -*-c-*-
*
- * $Id: gkcdsa.h,v 1.1 2004/04/04 19:42:59 mdw Exp $
+ * $Id: gkcdsa.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generalized version of KCDSA
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gkcdsa.h,v $
- * Revision 1.1 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- */
-
#ifndef CATACOMB_GKCDSA_H
#define CATACOMB_GKCDSA_H
/* -*-c-*-
*
- * $Id: gmac.h,v 1.3 2004/04/04 19:42:30 mdw Exp $
+ * $Id: gmac.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Generic MAC function interface
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: gmac.h,v $
- * Revision 1.3 2004/04/04 19:42:30 mdw
- * Make tables of standard encryption schemes etc.
- *
- * Revision 1.2 2000/06/17 11:22:46 mdw
- * Minor changes in the generic hash and MAC interfaces.
- *
- * Revision 1.1 1999/12/10 23:16:01 mdw
- * Generic interface.
- *
- */
-
#ifndef CATACOMB_GMAC_H
#define CATACOMB_GMAC_H
/* -*-c-*-
*
- * $Id: grand.c,v 1.2 2000/12/06 20:31:06 mdw Exp $
+ * $Id: grand.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Generic interface to random number generators
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: grand.c,v $
- * Revision 1.2 2000/12/06 20:31:06 mdw
- * Simplify uniform range transformation.
- *
- * Revision 1.1 1999/12/10 23:16:01 mdw
- * Generic interface.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stddef.h>
/* -*-c-*-
*
- * $Id: grand.h,v 1.4 2001/04/19 18:23:53 mdw Exp $
+ * $Id: grand.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Generic interface to random number generators
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: grand.h,v $
- * Revision 1.4 2001/04/19 18:23:53 mdw
- * Use unsigned integer rather than enum for flags.
- *
- * Revision 1.3 2001/02/03 16:07:33 mdw
- * Give generic random objects separate namespaces for their supported misc
- * ops.
- *
- * Revision 1.2 2000/06/17 11:23:11 mdw
- * Typesetting fix. Add a flags word to the generic generator.
- *
- * Revision 1.1 1999/12/10 23:16:01 mdw
- * Generic interface.
- *
- */
-
#ifndef CATACOMB_GRAND_H
#define CATACOMB_GRAND_H
void (*fill)(grand */*r*/, void */*p*/, size_t /*sz*/); /* Fill buffer */
} grand_ops;
+#define GR_DESTROY(r) (r)->ops->destroy((r))
+#define GR_RAW(r) (r)->ops->raw((r))
+#define GR_WORD(r) (r)->ops->word((r))
+#define GR_RANGE(r, l) (r)->ops->range((r), (l))
+#define GR_FILL(r, p, sz) (r)->ops->fill((r), (p), (sz))
+
/* --- Flag types --- */
#define GRAND_CRYPTO 1u /* Cryptographically strong */
/* -*-c-*-
*
- * $Id: group-dstr.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: group-dstr.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Dynamic string I/O for group elements
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-dstr.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "group.h"
/* -*-c-*-
*
- * $Id: group-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: group-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Exponentiation for abstract groups
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-exp.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "group.h"
/* -*-c-*-
*
- * $Id: group-exp.h,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: group-exp.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Exponentiation operations for abstract groups
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-exp.h,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
#ifndef CATACOMB_GROUP_EXP_H
#define CATACOMB_GROUP_EXP_H
/* -*-c-*-
*
- * $Id: group-file.c,v 1.2 2004/04/04 19:04:11 mdw Exp $
+ * $Id: group-file.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* File I/O for group elements
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-file.c,v $
- * Revision 1.2 2004/04/04 19:04:11 mdw
- * Raw I/O of elliptic curve points and group elements.
- *
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "group.h"
/* -*-c-*-
*
- * $Id: group-parse.c,v 1.2 2004/04/03 03:32:05 mdw Exp $
+ * $Id: group-parse.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Parse group description strings
*
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-parse.c,v $
- * Revision 1.2 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "group.h"
/* -*-c-*-
*
- * $Id: group-stdops.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: group-stdops.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Standard group operations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-stdops.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "group.h"
/* -*-c-*-
*
- * $Id: group-string.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: group-string.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* String I/O for group elements
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-string.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "group.h"
/* -*-c-*-
*
- * $Id: group-test.c,v 1.2 2004/04/04 19:04:11 mdw Exp $
+ * $Id: group-test.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Testing group operations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group-test.c,v $
- * Revision 1.2 2004/04/04 19:04:11 mdw
- * Raw I/O of elliptic curve points and group elements.
- *
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: group.h,v 1.3 2004/04/04 19:04:11 mdw Exp $
+ * $Id: group.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* General cyclic group abstraction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: group.h,v $
- * Revision 1.3 2004/04/04 19:04:11 mdw
- * Raw I/O of elliptic curve points and group elements.
- *
- * Revision 1.2 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
#ifndef CATACOMB_GROUP_H
#define CATACOMB_GROUP_H
/* -*-c-*-
*
- * $Id: has160.c,v 1.1 2004/04/04 19:42:59 mdw Exp $
+ * $Id: has160.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The HAS160 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: has160.c,v $
- * Revision 1.1 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: has160.h,v 1.1 2004/04/04 19:42:59 mdw Exp $
+ * $Id: has160.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The HAS160 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: has160.h,v $
- * Revision 1.1 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- */
-
/*----- Notes on the HAS160 hash function ---------------------------------*
*
* HAS160 was designed by Chae Hoon Lim and the Korean Information Security
/* -*-c-*-
*
- * $Id: hash.h,v 1.4 2004/03/21 22:42:27 mdw Exp $
+ * $Id: hash.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Generic handling for message digest functions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: hash.h,v $
- * Revision 1.4 2004/03/21 22:42:27 mdw
- * Test hashing on long strings.
- *
- * Revision 1.3 2000/06/17 11:23:27 mdw
- * Portability fix for broken compilers.
- *
- * Revision 1.2 1999/12/10 23:16:40 mdw
- * Split mode macros into interface and implementation.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_HASH_H
#define CATACOMB_HASH_H
/* -*-c-*-
*
- * $Id: hashsum.c,v 1.9 2004/04/04 19:42:59 mdw Exp $
+ * $Id: hashsum.c,v 1.10 2004/04/08 01:36:15 mdw Exp $
*
* Hash files using some secure hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: hashsum.c,v $
- * Revision 1.9 2004/04/04 19:42:59 mdw
- * Add set -e.
- *
- * Revision 1.8 2001/04/19 18:26:33 mdw
- * Add CRC as another hash function.
- *
- * Revision 1.7 2001/02/21 20:03:22 mdw
- * Added support for MD2 hash function.
- *
- * Revision 1.6 2001/01/25 21:40:14 mdw
- * Support for new SHA variants added.
- *
- * Revision 1.5 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.4 2000/08/04 23:23:44 mdw
- * Various <ctype.h> fixes.
- *
- * Revision 1.3 2000/07/29 17:02:43 mdw
- * (checkhash): Be pettier about spaces between the hash and filename, for
- * compatiblity with `md5sum'.
- *
- * Revision 1.2 2000/07/15 21:14:05 mdw
- * Missed `-e' out of the usage string.
- *
- * Revision 1.1 2000/07/15 20:52:34 mdw
- * Useful replacement for `md5sum' with support for many different hash
- * functions and for reading filename lists from `find'.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
else if ((fp = fopen(file, f & f_binary ? "rb" : "r")) == 0)
return (-1);
- h = gch->init();
+ h = GH_INIT(gch);
while ((sz = fread(fbuf, 1, sizeof(fbuf), fp)) > 0)
- h->ops->hash(h, fbuf, sz);
- h->ops->done(h, buf);
- h->ops->destroy(h);
+ GH_HASH(h, fbuf, sz);
+ GH_DONE(h, buf);
+ GH_DESTROY(h);
e = ferror(fp);
if (file)
fclose(fp);
/* -*-c-*-
*
- * $Id: hmac-def.h,v 1.7 2001/04/19 18:24:45 mdw Exp $
+ * $Id: hmac-def.h,v 1.8 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for HMAC and NMAC
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: hmac-def.h,v $
- * Revision 1.7 2001/04/19 18:24:45 mdw
- * Provide correct key sizes for NMAC, HMAC and SSLMAC.
- *
- * Revision 1.6 2001/04/03 19:35:45 mdw
- * Support the SSL HMAC variant (untested).
- *
- * Revision 1.5 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.4 2000/07/15 10:00:58 mdw
- * New generic hash operation for copying hash contexts.
- *
- * Revision 1.3 2000/07/02 18:27:42 mdw
- * (ghash->ops->done): Interface change. Passing in a null buffer pointer
- * uses a buffer internal to the ghash object. The operation returns the
- * address of the buffer it used. Clients of generic hashes no longer need
- * to use dynamically allocated memory for hash results.
- *
- * Revision 1.2 2000/06/17 11:23:44 mdw
- * Use secure arena for memory allocation. Minor changes in the generic
- * hash interface.
- *
- * Revision 1.1 1999/12/10 23:16:40 mdw
- * Split mode macros into interface and implementation.
- *
- */
-
#ifndef CATACOMB_HMAC_DEF_H
#define CATACOMB_HMAC_DEF_H
/* -*-c-*-
*
- * $Id: hmac.h,v 1.6 2001/04/19 18:24:45 mdw Exp $
+ * $Id: hmac.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Generic code for HMAC and NMAC
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: hmac.h,v $
- * Revision 1.6 2001/04/19 18:24:45 mdw
- * Provide correct key sizes for NMAC, HMAC and SSLMAC.
- *
- * Revision 1.5 2001/04/03 19:35:45 mdw
- * Support the SSL HMAC variant (untested).
- *
- * Revision 1.4 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.3 2000/06/17 11:23:57 mdw
- * New key size interface.
- *
- * Revision 1.2 1999/12/10 23:17:39 mdw
- * Split mode macros into interface and implementation.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the HMAC and NMAC constructions --------------------------*
*
* Designed by Mihir Bellare, Ran Canetti and Hugo Krawczyk, NMAC is a method
/* -*-c-*-
*
- * $Id: idea.c,v 1.4 2000/07/15 17:47:58 mdw Exp $
+ * $Id: idea.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the IDEA cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: idea.c,v $
- * Revision 1.4 2000/07/15 17:47:58 mdw
- * Fix bug in decryption key scheduling.
- *
- * Revision 1.3 2000/07/02 18:24:39 mdw
- * Use a new multiplication function from an Ascom white paper to resist
- * timing attacks.
- *
- * Revision 1.2 2000/06/17 11:24:08 mdw
- * New key size interface.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: idea.h,v 1.3 2000/06/17 11:24:08 mdw Exp $
+ * $Id: idea.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the IDEA cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: idea.h,v $
- * Revision 1.3 2000/06/17 11:24:08 mdw
- * New key size interface.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the IDEA block cipher ------------------------------------*
*
* IDEA was invented by James Massey and Xuejia Lai. The fundamental idea
/* -*-c-*-
*
- * $Id: karatsuba.h,v 1.2 2000/10/08 15:47:47 mdw Exp $
+ * $Id: karatsuba.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Macros for Karatsuba functions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: karatsuba.h,v $
- * Revision 1.2 2000/10/08 15:47:47 mdw
- * Rename from `mpx-kmac.h', and add macros for @gfx_kmul@.
- *
- * Revision 1.1 2000/06/17 11:42:11 mdw
- * Moved the Karatsuba macros into a separate file for better sharing.
- * Fixed some comments.
- *
- */
-
#ifndef CATACOMB_KARATSUBA_H
#define CATACOMB_KARATSUBA_H
/* -*-c-*-
*
- * $Id: key-attr.c,v 1.4 2004/04/08 01:02:49 mdw Exp $
+ * $Id: key-attr.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Key attribute manipulation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-attr.c,v $
- * Revision 1.4 2004/04/08 01:02:49 mdw
- * key-binary.c
- *
- * Revision 1.3 2001/06/22 19:39:43 mdw
- * Allow tagging if the tag is owned by a deleted key.
- *
- * Revision 1.2 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <ctype.h>
/* -*-c-*-
*
- * $Id: key-binary.c,v 1.6 2004/04/08 01:03:22 mdw Exp $
+ * $Id: key-binary.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Key binary encoding
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-binary.c,v $
- * Revision 1.6 2004/04/08 01:03:22 mdw
- * Force subkeys to be sorted in structured keys.
- *
- * Revision 1.5 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.4 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.3 2001/02/03 11:57:00 mdw
- * Track mLib change: symbols no longer need to include a terminating
- * null.
- *
- * Revision 1.2 2000/06/17 11:25:20 mdw
- * Use secure memory interface from MP library.
- *
- * Revision 1.1 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdlib.h>
/* -*-c-*-
*
- * $Id: key-data.c,v 1.5 2004/03/28 01:58:47 mdw Exp $
+ * $Id: key-data.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Encoding and decoding of key data
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-data.c,v $
- * Revision 1.5 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.4 2000/07/16 19:51:58 mdw
- * Shut stupid compiler up.
- *
- * Revision 1.3 2000/06/17 11:26:03 mdw
- * key_structfind: track minor data structure change, and cope if the
- * subkey isn't available.
- *
- * Revision 1.2 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: key-data.h,v 1.3 2004/03/28 01:58:47 mdw Exp $
+ * $Id: key-data.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Manipulating key data
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-data.h,v $
- * Revision 1.3 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.2 2000/06/17 11:26:18 mdw
- * Add the key packing interface.
- *
- * Revision 1.1 2000/02/12 18:21:23 mdw
- * Overhaul of key management (again).
- *
- */
-
#ifndef CATACOMB_KEY_DATA_H
#define CATACOMB_KEY_DATA_H
/* -*-c-*-
*
- * $Id: key-error.c,v 1.3 2004/04/08 01:02:49 mdw Exp $
+ * $Id: key-error.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Translating key error codes into strings
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-error.c,v $
- * Revision 1.3 2004/04/08 01:02:49 mdw
- * key-binary.c
- *
- * Revision 1.2 2000/02/12 18:55:40 mdw
- * Make it all compile properly.
- *
- * Revision 1.1 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/macros.h>
/* -*-c-*-
*
- * $Id: key-fetch.c,v 1.1 2000/06/17 10:42:54 mdw Exp $
+ * $Id: key-fetch.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Higher-level key unpacking
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-fetch.c,v $
- * Revision 1.1 2000/06/17 10:42:54 mdw
- * Convenient table-driven extraction of structured keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* -*-c-*-
*
- * $Id: key-file.c,v 1.2 2001/02/03 11:57:38 mdw Exp $
+ * $Id: key-file.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* System-dependent key filing operations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-file.c,v $
- * Revision 1.2 2001/02/03 11:57:38 mdw
- * Allow creating keyfiles with no file attached.
- *
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <errno.h>
/* -*-c-*-
*
- * $Id: key-flags.c,v 1.4 2004/04/02 01:03:49 mdw Exp $
+ * $Id: key-flags.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Reading and writing key flag strings
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-flags.c,v $
- * Revision 1.4 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.3 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.2 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdlib.h>
/* --- Look up the string in the flags table --- */
+ if (sz == 4 && strncmp(p, "none", 4) == 0)
+ goto next;
for (e = flagtab; e->name; e++) {
if (strncmp(e->name, p, sz) == 0) {
if (e->name[sz] == 0) {
return (KERR_BADFLAGS);
m |= ee->m;
f |= ee->f;
+ next:
p += sz;
if (*p == 0 || *p == ':')
break;
/* -*-c-*-
*
- * $Id: key-io.c,v 1.5 2003/10/17 16:30:46 mdw Exp $
+ * $Id: key-io.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Adding new keys to a key file
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-io.c,v $
- * Revision 1.5 2003/10/17 16:30:46 mdw
- * Report errors if key files don't exist!
- *
- * Revision 1.4 2001/02/03 11:57:38 mdw
- * Allow creating keyfiles with no file attached.
- *
- * Revision 1.3 2001/01/20 11:56:48 mdw
- * Use mLib exported tuning parameters for hashtable.
- *
- * Revision 1.2 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <ctype.h>
/* -*-c-*-
*
- * $Id: key-misc.c,v 1.4 2004/04/08 01:02:49 mdw Exp $
+ * $Id: key-misc.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Simple key management
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-misc.c,v $
- * Revision 1.4 2004/04/08 01:02:49 mdw
- * key-binary.c
- *
- * Revision 1.3 2001/06/22 19:39:12 mdw
- * New interface to find out whether a key has expired. Also, a bug fix
- * to @key_bytag@ so that it finds expired keys correctly.
- *
- * Revision 1.2 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: key-moan.c,v 1.1 1999/12/22 15:47:48 mdw Exp $
+ * $Id: key-moan.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Standard error handling function for key loading
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-moan.c,v $
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/report.h>
/* -*-c-*-
*
- * $Id: key-pack.c,v 1.2 2004/03/28 01:58:47 mdw Exp $
+ * $Id: key-pack.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Packing and unpacking key data
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-pack.c,v $
- * Revision 1.2 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.1 2000/06/17 10:42:41 mdw
- * Packing and unpacking structured keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* -*-c-*-
*
- * $Id: key-pass.c,v 1.4 2004/03/28 01:58:26 mdw Exp $
+ * $Id: key-pass.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Encrypting keys with passphrases
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-pass.c,v $
- * Revision 1.4 2004/03/28 01:58:26 mdw
- * Ooops, fix all the bugs.
- *
- * Revision 1.3 2004/03/27 00:04:19 mdw
- * INCOMPATIBLE CHANGE. Use proper authentication on encrypted keys.
- *
- * Revision 1.2 2000/06/17 11:26:35 mdw
- * `rand_getgood' is deprecated.
- *
- * Revision 1.1 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* -*-c-*-
*
- * $Id: key-text.c,v 1.5 2004/04/01 13:42:48 mdw Exp $
+ * $Id: key-text.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Key textual encoding
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key-text.c,v $
- * Revision 1.5 2004/04/01 13:42:48 mdw
- * Missed off <ctype.h>\!
- *
- * Revision 1.4 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.3 2001/02/03 11:57:00 mdw
- * Track mLib change: symbols no longer need to include a terminating
- * null.
- *
- * Revision 1.2 2000/06/17 11:27:20 mdw
- * Use secure memory interface from MP library.
- *
- * Revision 1.1 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <ctype.h>
.B fingerprint
.RB [ \-f
.IR filter ]
+.RB [ \-a
+.IR hash ]
.RI [ tag ...]
.br
.B tidy
Specifies a filter. Only keys and key components which match the filter
are fingerprinted. The default is to only fingerprint nonsecret
components.
+.TP
+.BI "\-a, \-\-algorithm " hash
+Names the hashing algorithm. Run
+.B hashsum -a list
+for a list of hashing algorithms. The default is
+.BR rmd160 .
.PP
The keys to be fingerprinted are named by their tags or keyids given as
command line arguments. If no key tags are given, all keys which match
-the filter are fingerprinted.
+the filter are fingerprinted. See
+.BR keyring (5)
+for a description of how key fingerprints are computed.
.SS "tidy"
Simply reads the keyring from file and writes it back again. This has
the effect of removing any deleted keys from the file.
/* -*-c-*-
*
- * $Id: key.h,v 1.10 2004/04/08 01:02:49 mdw Exp $
+ * $Id: key.h,v 1.11 2004/04/08 01:36:15 mdw Exp $
*
* Simple key management
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: key.h,v $
- * Revision 1.10 2004/04/08 01:02:49 mdw
- * key-binary.c
- *
- * Revision 1.9 2001/06/22 19:37:59 mdw
- * New interface to enquire whether a key has expired.
- *
- * Revision 1.8 2001/02/03 11:57:38 mdw
- * Allow creating keyfiles with no file attached.
- *
- * Revision 1.7 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.6 2000/06/17 11:27:43 mdw
- * Add key fetching interface.
- *
- * Revision 1.5 2000/02/12 18:55:40 mdw
- * Make it all compile properly.
- *
- * Revision 1.4 2000/02/12 18:21:02 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.3 1999/12/22 15:47:48 mdw
- * Major key-management revision.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_KEY_H
#define CATACOMB_KEY_H
/* -*-c-*-
*
- * $Id: keycheck-mp.c,v 1.1 2001/02/03 16:08:24 mdw Exp $
+ * $Id: keycheck-mp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Key consistency checking tools for large integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: keycheck-mp.c,v $
- * Revision 1.1 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* -*-c-*-
*
- * $Id: keycheck-report.c,v 1.1 2001/02/03 16:08:24 mdw Exp $
+ * $Id: keycheck-report.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* A standard reporter function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: keycheck-report.c,v $
- * Revision 1.1 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: keycheck.c,v 1.2 2002/01/13 13:49:01 mdw Exp $
+ * $Id: keycheck.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Framework for checking consistency of keys
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: keycheck.c,v $
- * Revision 1.2 2002/01/13 13:49:01 mdw
- * Track @dstr_vputf@ change.
- *
- * Revision 1.1 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: keycheck.h,v 1.1 2001/02/03 16:08:24 mdw Exp $
+ * $Id: keycheck.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Framework for checking consistency of keys
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: keycheck.h,v $
- * Revision 1.1 2001/02/03 16:08:24 mdw
- * Add consistency checking for public keys.
- *
- */
-
#ifndef CATACOMB_KEYCHECK_H
#define CATACOMB_KEYCHECK_H
order, using as few octets as possible. The value 0 has length zero.
.TP
.B "struct"
-A sequence of subkeys is stored. Each subkey consists of a single
-octet giving the length of the subkey's label; the label itself in
-ASCII, zero-octet padding to make the subkey start at a multiple of four
-octets, and then the encoding of the subkey. There is no terminator:
-the outer length field indicates when to stop reading subkeys.
+A sequence of subkeys is stored; the sequence is sorted by
+lexicographical order of the subkeys' labels. Each subkey consists of a
+single octet giving the length of the subkey's label; the label itself
+in ASCII, zero-octet padding to make the subkey start at a multiple of
+four octets, and then the encoding of the subkey. There is no
+terminator: the outer length field indicates when to stop reading
+subkeys.
.TP
.B "string"
The string is stored as-is, with no terminator.
.B "encrypt"
The key data is encoded as binary and encrypted as described above. The
resulting ciphertext is stored as is.
+.SS "Fingerprints"
+The fingerprint is computed by hashing the binary representation of (the
+selected parts of) a key's data followed by the key type preceded by a
+single length octet, and the key's attributes, in lexicographic order of
+the attribute name. Each attribute consists of the attribute's name
+preceded by a single length octet, followed by the value preceded by a
+two-octet length. The lengths do not include themselves; neither string
+has a terminator character; there is no padding.
.SH AUTHOR
Mark Wooding, <mdw@nsict.org>
/* -*-c-*-
*
- * $Id: keysz.c,v 1.1 2000/06/17 11:27:52 mdw Exp $
+ * $Id: keysz.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* General block cipher utilities
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: keysz.c,v $
- * Revision 1.1 2000/06/17 11:27:52 mdw
- * Key size table interpretation.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: keyutil.c,v 1.23 2004/04/08 01:02:49 mdw Exp $
+ * $Id: keyutil.c,v 1.24 2004/04/08 01:36:15 mdw Exp $
*
* Simple key manager program
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: keyutil.c,v $
- * Revision 1.23 2004/04/08 01:02:49 mdw
- * key-binary.c
- *
- * Revision 1.22 2004/04/03 15:45:06 mdw
- * Oops. Fix formatting. :-S
- *
- * Revision 1.21 2004/04/03 15:15:19 mdw
- * Fix stupid error in previous rashly-committed version.
- *
- * Revision 1.20 2004/04/03 15:14:28 mdw
- * Handle points at infinity properly in listings.
- *
- * Revision 1.19 2004/04/03 03:31:01 mdw
- * Allow explicit group parameters for DH groups.
- *
- * Revision 1.18 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.17 2004/03/28 01:58:47 mdw
- * Generate, store and retreive elliptic curve keys.
- *
- * Revision 1.16 2003/10/15 09:31:45 mdw
- * Fix help message.
- *
- * Revision 1.15 2003/05/15 23:23:24 mdw
- * Fix behaviour with bogus trailing attributes.
- *
- * Revision 1.14 2001/02/23 09:03:27 mdw
- * Simplify usage message by removing nonexistant options.
- *
- * Revision 1.13 2001/02/21 20:04:27 mdw
- * Provide help on individual commands (some need it desparately). Allow
- * atomic retagging of keys.
- *
- * Revision 1.12 2001/02/03 11:58:22 mdw
- * Store the correct seed information and count for DSA keys now that it's
- * available.
- *
- * Revision 1.11 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.10 2000/10/08 12:02:21 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.9 2000/08/15 21:40:49 mdw
- * Minor formatting change in listing attributes.
- *
- * Revision 1.8 2000/07/29 09:59:13 mdw
- * Support Lim-Lee primes in Diffie-Hellman parameter generation.
- *
- * Revision 1.7 2000/07/01 11:18:51 mdw
- * Use new interfaces for key manipulation.
- *
- * Revision 1.6 2000/06/17 11:28:22 mdw
- * Use secure memory interface from MP library. `rand_getgood' is
- * deprecated.
- *
- * Revision 1.5 2000/02/12 18:21:03 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.4 1999/12/22 15:48:10 mdw
- * Track new key-management changes. Support new key generation
- * algorithms.
- *
- * Revision 1.3 1999/11/02 15:23:24 mdw
- * Fix newlines in keyring list.
- *
- * Revision 1.2 1999/10/15 21:05:28 mdw
- * In `key list', show timezone for local times, and support `-u' option
- * for UTC output.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: lcrand.c,v 1.4 2000/12/06 20:31:06 mdw Exp $
+ * $Id: lcrand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Simple linear congruential generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: lcrand.c,v $
- * Revision 1.4 2000/12/06 20:31:06 mdw
- * Simplify uniform range transformation.
- *
- * Revision 1.3 2000/06/17 11:29:03 mdw
- * Add the flags word to the generic generator.
- *
- * Revision 1.2 1999/12/13 15:34:01 mdw
- * Add support for seeding from a generic pseudorandom source.
- *
- * Revision 1.1 1999/12/10 23:15:27 mdw
- * Noncryptographic random number generator.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: lcrand.h,v 1.2 2000/06/17 11:28:51 mdw Exp $
+ * $Id: lcrand.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Simple linear congruential generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: lcrand.h,v $
- * Revision 1.2 2000/06/17 11:28:51 mdw
- * Amend the notes slightly.
- *
- * Revision 1.1 1999/12/10 23:15:27 mdw
- * Noncryptographic random number generator.
- *
- */
-
/*----- Notes on the linear congruential generator ------------------------*
*
* This pseudorandom number generator is simple, but has absolutely no
/* -*-c-*-
*
- * $Id: limlee.c,v 1.8 2001/02/03 11:59:07 mdw Exp $
+ * $Id: limlee.c,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Generate Lim-Lee primes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: limlee.c,v $
- * Revision 1.8 2001/02/03 11:59:07 mdw
- * Don't use the @pgen@ random number generator for generating primes: it's
- * only for testing them. Use a caller-supplied one instead.
- *
- * Revision 1.7 2001/01/25 21:40:44 mdw
- * Remove dead code now that the new stepper structure is trustworthy.
- *
- * Revision 1.6 2001/01/25 21:16:20 mdw
- * Boring cosmetic stuff.
- *
- * Revision 1.5 2000/08/18 19:16:51 mdw
- * New stepper interface for constructing Lim-Lee primes.
- *
- * Revision 1.4 2000/08/15 21:45:05 mdw
- * Use the new trial division equipment in pfilt. This gives a 10%
- * performance improvement in dsa-gen.t.
- *
- * Revision 1.3 2000/07/29 09:58:32 mdw
- * (limlee): Bug fix. Old versions didn't set the filter step if @ql@ was
- * an exact divisor of @pl@.
- *
- * Revision 1.2 2000/07/26 18:00:00 mdw
- * No footer line!
- *
- * Revision 1.1 2000/07/09 21:30:58 mdw
- * Lim-Lee prime generation.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
d = pgen(name, d, 0, oev, oec, on, limlee_step, &l,
rabin_iters(pl), pgen_test, &rr);
- if (f) {
+ if (d && f) {
mp **v;
size_t i;
v = xmalloc(l.nf * sizeof(mp *));
/* -*-c-*-
*
- * $Id: limlee.h,v 1.4 2001/02/03 11:59:07 mdw Exp $
+ * $Id: limlee.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Generate Lim-Lee primes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: limlee.h,v $
- * Revision 1.4 2001/02/03 11:59:07 mdw
- * Don't use the @pgen@ random number generator for generating primes: it's
- * only for testing them. Use a caller-supplied one instead.
- *
- * Revision 1.3 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.2 2000/08/18 19:16:51 mdw
- * New stepper interface for constructing Lim-Lee primes.
- *
- * Revision 1.1 2000/07/09 21:30:58 mdw
- * Lim-Lee prime generation.
- *
- */
-
#ifndef CATACOMB_LIMLEE_H
#define CATACOMB_LIMLEE_H
/* -*-c-*-
*
- * $Id: lmem.c,v 1.5 2004/04/02 01:03:49 mdw Exp $
+ * $Id: lmem.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Locked memory allocation (Unix-specific)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: lmem.c,v $
- * Revision 1.5 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.4 2002/01/24 22:26:11 mdw
- * Fix build failure when @mlock@ not available.
- *
- * Revision 1.3 2000/07/29 21:58:15 mdw
- * (l_destroy): New function for destroying locked memory blocks.
- *
- * Revision 1.2 2000/06/17 11:29:20 mdw
- * Add arena support.
- *
- * Revision 1.1 1999/12/22 16:02:52 mdw
- * Interface to allocating `locked' memory (which isn't paged out).
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: lmem.h,v 1.4 2000/12/06 20:33:27 mdw Exp $
+ * $Id: lmem.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Locked memory allocation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: lmem.h,v $
- * Revision 1.4 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.3 2000/07/29 21:58:15 mdw
- * (l_destroy): New function for destroying locked memory blocks.
- *
- * Revision 1.2 2000/06/17 11:29:38 mdw
- * Add arena support.
- *
- * Revision 1.1 1999/12/22 16:02:52 mdw
- * Interface to allocating `locked' memory (which isn't paged out).
- *
- */
-
#ifndef CATACOMB_LMEM_H
#define CATACOMB_LMEM_H
%%% -*-latex-*-
%%%
-%%% $Id: catacomb.tex,v 1.2 1999/12/13 15:35:27 mdw Exp $
+%%% $Id: catacomb.tex,v 1.3 2004/04/08 01:36:15 mdw Exp $
%%%
%%% Catacomb manual
%%%
%%% Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
%%% MA 02111-1307, USA.
-%%%----- Revision history ---------------------------------------------------
-%%%
-%%% $Log: catacomb.tex,v $
-%%% Revision 1.2 1999/12/13 15:35:27 mdw
-%%% More changes. Still embryonic.
-%%%
-%%% Revision 1.1 1999/12/10 23:27:11 mdw
-%%% Embryonic library reference manual.
-%%%
-
\documentclass[numbering]{strayman}
\usepackage[T1]{fontenc}
\usepackage[palatino, helvetica, courier, maths=cmr]{mdwfonts}
/* -*-c-*-
*
- * $Id: mars-mktab.c,v 1.1 2001/04/29 18:11:19 mdw Exp $
+ * $Id: mars-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generate the MARS S-box table
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mars-mktab.c,v $
- * Revision 1.1 2001/04/29 18:11:19 mdw
- * New block cipher MARS.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: mars.c,v 1.1 2001/04/29 18:11:19 mdw Exp $
+ * $Id: mars.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The MARS block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mars.c,v $
- * Revision 1.1 2001/04/29 18:11:19 mdw
- * New block cipher MARS.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: mars.h,v 1.1 2001/04/29 18:11:19 mdw Exp $
+ * $Id: mars.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The MARS block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mars.h,v $
- * Revision 1.1 2001/04/29 18:11:19 mdw
- * New block cipher MARS.
- *
- */
-
/*----- Notes on the MARS block cipher ------------------------------------*
*
* MARS was IBM's submission to the AES contest. It was designed by a number
/* -*-c-*-
*
- * $Id: maurer.c,v 1.3 2000/08/16 17:56:59 mdw Exp $
+ * $Id: maurer.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Maurer's universal statistical test
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: maurer.c,v $
- * Revision 1.3 2000/08/16 17:56:59 mdw
- * (more): Remove spurious function.
- *
- * Revision 1.2 2000/08/11 21:34:59 mdw
- * New restartable interface to Maurer testing.
- *
- * Revision 1.1 2000/06/17 11:29:49 mdw
- * Maurer's universal statistical test.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: maurer.h,v 1.2 2000/08/11 21:34:59 mdw Exp $
+ * $Id: maurer.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Maurer's universal statistical test
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: maurer.h,v $
- * Revision 1.2 2000/08/11 21:34:59 mdw
- * New restartable interface to Maurer testing.
- *
- * Revision 1.1 2000/06/17 11:29:49 mdw
- * Maurer's universal statistical test.
- *
- */
-
#ifndef CATACOMB_MAURER_H
#define CATACOMB_MAURER_H
/* -*-c-*-
*
- * $Id: md2-tab.h,v 1.1 2001/02/21 20:03:22 mdw Exp $
+ * $Id: md2-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Tables for MD2
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: md2-tab.h,v $
- * Revision 1.1 2001/02/21 20:03:22 mdw
- * Added support for MD2 hash function.
- *
- */
-
#ifndef CATACOMB_MD2_TAB_H
#define CATACOMB_MD2_TAB_H
/* -*-c-*-
*
- * $Id: md2.c,v 1.2 2004/04/02 01:03:49 mdw Exp $
+ * $Id: md2.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The MD2 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: md2.c,v $
- * Revision 1.2 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.1 2001/02/21 20:03:22 mdw
- * Added support for MD2 hash function.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: md2.h,v 1.1 2001/02/21 20:03:22 mdw Exp $
+ * $Id: md2.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The MD2 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: md2.h,v $
- * Revision 1.1 2001/02/21 20:03:22 mdw
- * Added support for MD2 hash function.
- *
- */
-
/*----- Notes on the MD2 hash function ------------------------------------*
*
* MD2 was designed by Ron Rivest. It's not recommended for new applications
/* -*-c-*-
*
- * $Id: md4.c,v 1.3 2000/06/17 11:31:43 mdw Exp $
+ * $Id: md4.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The MD4 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: md4.c,v $
- * Revision 1.3 2000/06/17 11:31:43 mdw
- * Portability fix for broken compilers.
- *
- * Revision 1.2 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: md4.h,v 1.4 2000/10/15 19:09:20 mdw Exp $
+ * $Id: md4.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* The MD4 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: md4.h,v $
- * Revision 1.4 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.3 2000/06/17 11:32:52 mdw
- * Change buffer offset to be unsigned.
- *
- * Revision 1.2 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the MD4 hash function ------------------------------------*
*
* MD4 was designed by Ron Rivest. It's now well and truly broken: not only
/* -*-c-*-
*
- * $Id: md5.c,v 1.3 2000/06/17 11:31:43 mdw Exp $
+ * $Id: md5.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The MD5 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: md5.c,v $
- * Revision 1.3 2000/06/17 11:31:43 mdw
- * Portability fix for broken compilers.
- *
- * Revision 1.2 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: md5.h,v 1.4 2000/10/15 19:09:20 mdw Exp $
+ * $Id: md5.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* The MD5 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: md5.h,v $
- * Revision 1.4 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.3 2000/06/17 11:32:52 mdw
- * Change buffer offset to be unsigned.
- *
- * Revision 1.2 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the MD5 hash function ------------------------------------*
*
* MD5 was designed by Ron Rivest. It was intended to be a more conservative
/* -*-c-*-
*
- * $Id: mgf-def.h,v 1.1 2000/06/17 11:33:11 mdw Exp $
+ * $Id: mgf-def.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for the MGF-1 mask generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mgf-def.h,v $
- * Revision 1.1 2000/06/17 11:33:11 mdw
- * MGF-1 support, as defined in PKCS#1.
- *
- */
-
#ifndef CATACOMB_MGF_DEF_H
#define CATACOMB_MGF_DEF_H
/* -*-c-*-
*
- * $Id: mgf.h,v 1.1 2000/06/17 11:33:11 mdw Exp $
+ * $Id: mgf.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The MGF mask generation function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mgf.h,v $
- * Revision 1.1 2000/06/17 11:33:11 mdw
- * MGF-1 support, as defined in PKCS#1.
- *
- */
-
/*----- Notes on the MGF-1 mask generating function -----------------------*
*
* The idea of a mask-generating function is that given an input of arbitrary
/* -*-c-*-
*
- * $Id: mkphrase.c,v 1.3 2003/01/24 20:16:04 mdw Exp $
+ * $Id: mkphrase.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Generate passphrases from word lists
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mkphrase.c,v $
- * Revision 1.3 2003/01/24 20:16:04 mdw
- * Fix stupidity in reading wordlists from stdin. (Thanks to James
- * Harvey.)
- *
- * Revision 1.2 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.1 2000/08/06 10:50:55 mdw
- * (mkphrase): New program for generating random passphrases with measured
- * strength.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: mp-arith.c,v 1.17 2003/10/12 15:03:35 mdw Exp $
+ * $Id: mp-arith.c,v 1.18 2004/04/08 01:36:15 mdw Exp $
*
* Basic arithmetic on multiprecision integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-arith.c,v $
- * Revision 1.17 2003/10/12 15:03:35 mdw
- * Merge fix from other branch.
- *
- * Revision 1.16.2.1 2003/06/10 13:21:10 mdw
- * Fix bug dividing small things by large ones.
- *
- * Revision 1.16 2003/05/16 09:09:24 mdw
- * Fix @mp_lsl2c@. Turns out to be surprisingly tricky.
- *
- * Revision 1.15 2002/10/19 17:56:50 mdw
- * Fix bit operations. Test them (a bit) better.
- *
- * Revision 1.14 2002/10/15 19:18:31 mdw
- * New operation to negate numbers.
- *
- * Revision 1.13 2002/10/15 00:19:40 mdw
- * Bit setting and clearing functions.
- *
- * Revision 1.12 2002/10/09 00:36:03 mdw
- * Fix bounds on workspace for Karatsuba operations.
- *
- * Revision 1.11 2002/10/06 22:52:50 mdw
- * Pile of changes for supporting two's complement properly.
- *
- * Revision 1.10 2001/04/03 19:36:05 mdw
- * Add some simple bitwise operations so that Perl can use them.
- *
- * Revision 1.9 2000/10/08 15:48:35 mdw
- * Rename Karatsuba constants now that we have @gfx_kmul@ too.
- *
- * Revision 1.8 2000/10/08 12:02:21 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.7 2000/06/22 19:02:53 mdw
- * New function @mp_odd@ to extract powers of two from an integer. This is
- * common code from the Rabin-Miller test, RSA key recovery and modular
- * square-root extraction.
- *
- * Revision 1.6 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.5 1999/12/22 15:54:41 mdw
- * Adjust Karatsuba parameters. Calculate destination size better.
- *
- * Revision 1.4 1999/12/13 15:35:16 mdw
- * Slightly different rules on memory allocation.
- *
- * Revision 1.3 1999/12/11 10:57:43 mdw
- * Karatsuba squaring algorithm.
- *
- * Revision 1.2 1999/12/10 23:18:39 mdw
- * Change interface for suggested destinations.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mp-const.c,v 1.2 2000/06/17 11:45:09 mdw Exp $
+ * $Id: mp-const.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Useful multiprecision constants
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-const.c,v $
- * Revision 1.2 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mp-gcd.c,v 1.6 2004/03/21 22:52:06 mdw Exp $
+ * $Id: mp-gcd.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Extended GCD calculation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-gcd.c,v $
- * Revision 1.6 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.5.4.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- * Revision 1.5 2000/10/08 12:02:41 mdw
- * Use Euclid's algorithm rather than the binary one.
- *
- * Revision 1.4 2000/06/17 11:34:46 mdw
- * More hacking for the signs of the outputs.
- *
- * Revision 1.3 1999/12/10 23:18:39 mdw
- * Change interface for suggested destinations.
- *
- * Revision 1.2 1999/11/22 20:49:56 mdw
- * Fix bug which failed to favour `x' when `y' wasn't wanted and the two
- * arguments needed swapping.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
MP_DROP(a); MP_DROP(b);
}
+/* -- @mp_modinv@ --- *
+ *
+ * Arguments: @mp *d@ = destination
+ * @mp *x@ = argument
+ * @mp *p@ = modulus
+ *
+ * Returns: The inverse %$x^{-1} \bmod p$%.
+ *
+ * Use: Computes a modular inverse. An assertion fails if %$p$%
+ * has no inverse.
+ */
+
+mp *mp_modinv(mp *d, mp *x, mp *p)
+{
+ mp *g = MP_NEW;
+ mp_gcd(&g, 0, &d, p, x);
+ assert(MP_EQ(g, MP_ONE));
+ mp_drop(g);
+ return (d);
+}
+
/*----- Test rig ----------------------------------------------------------*/
#ifdef TEST_RIG
/* -*-c-*-
*
- * $Id: mp-io.c,v 1.6 2002/10/20 01:12:31 mdw Exp $
+ * $Id: mp-io.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Loading and storing of multiprecision integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-io.c,v $
- * Revision 1.6 2002/10/20 01:12:31 mdw
- * Two's complement I/O fixes.
- *
- * Revision 1.5 2002/10/06 22:52:50 mdw
- * Pile of changes for supporting two's complement properly.
- *
- * Revision 1.4 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.3 1999/11/21 22:13:02 mdw
- * Add mp version of MPX_BITS.
- *
- * Revision 1.2 1999/11/19 13:19:06 mdw
- * Set flags on results correctly.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mp-jacobi.c,v 1.4 2000/12/06 20:31:33 mdw Exp $
+ * $Id: mp-jacobi.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Compute Jacobi symbol
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-jacobi.c,v $
- * Revision 1.4 2000/12/06 20:31:33 mdw
- * Add assertion to prevent crapness.
- *
- * Revision 1.3 2000/07/20 17:14:34 mdw
- * Simplify by using @mp_odd@.
- *
- * Revision 1.2 1999/12/10 23:19:02 mdw
- * Improve error-checking.
- *
- * Revision 1.1 1999/11/22 20:50:37 mdw
- * Add support for computing Jacobi symbols.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mp-mem.c,v 1.6 2004/04/03 03:30:22 mdw Exp $
+ * $Id: mp-mem.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Memory management for multiprecision numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-mem.c,v $
- * Revision 1.6 2004/04/03 03:30:22 mdw
- * Fix long-standing stupidity in @mp_dest@.
- *
- * Revision 1.5 2001/06/16 12:57:00 mdw
- * Implement some missing functions.
- *
- * Revision 1.4 2001/02/03 12:00:29 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.3 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.2 1999/12/10 23:19:02 mdw
- * Improve error-checking.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/sub.h>
/* -*-c-*-
*
- * $Id: mp-misc.c,v 1.3 2000/07/29 17:03:31 mdw Exp $
+ * $Id: mp-misc.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Miscellaneous multiprecision support functions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-misc.c,v $
- * Revision 1.3 2000/07/29 17:03:31 mdw
- * Add support for left-to-right bitscanning, for use in modular
- * exponentiation.
- *
- * Revision 1.2 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mp-modsqrt.c,v 1.4 2001/06/16 12:56:38 mdw Exp $
+ * $Id: mp-modsqrt.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Compute square roots modulo a prime
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-modsqrt.c,v $
- * Revision 1.4 2001/06/16 12:56:38 mdw
- * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@.
- *
- * Revision 1.3 2001/02/03 12:00:29 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.2 2000/10/08 12:02:21 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.1 2000/06/22 19:01:31 mdw
- * Compute square roots in a prime field.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "fibrand.h"
/* --- Find the inverse of %$a$% --- */
- ainv = MP_NEW;
- mp_gcd(0, &ainv, 0, a, p);
+ ainv = mp_modinv(MP_NEW, a, p);
/* --- Split %$p - 1$% into a power of two and an odd number --- */
/* -*-c-*-
*
- * $Id: mp-sqrt.c,v 1.4 2004/03/27 17:54:11 mdw Exp $
+ * $Id: mp-sqrt.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Compute integer square roots
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-sqrt.c,v $
- * Revision 1.4 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.3 2001/02/03 12:00:29 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.2 2000/10/08 12:02:21 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.1 2000/06/22 19:01:44 mdw
- * Compute (approximations to) integer square roots.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mp-test.c,v 1.1 1999/11/17 18:02:16 mdw Exp $
+ * $Id: mp-test.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Testing functionality for multiprecision integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp-test.c,v $
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: mp.h,v 1.18 2004/04/03 03:32:05 mdw Exp $
+ * $Id: mp.h,v 1.19 2004/04/08 01:36:15 mdw Exp $
*
* Simple multiprecision arithmetic
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mp.h,v $
- * Revision 1.18 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.17 2003/05/16 09:09:24 mdw
- * Fix @mp_lsl2c@. Turns out to be surprisingly tricky.
- *
- * Revision 1.16 2002/10/15 22:57:22 mdw
- * Handy new comparison macros.
- *
- * Revision 1.15 2002/10/15 19:18:31 mdw
- * New operation to negate numbers.
- *
- * Revision 1.14 2002/10/15 00:19:40 mdw
- * Bit setting and clearing functions.
- *
- * Revision 1.13 2002/10/06 22:52:50 mdw
- * Pile of changes for supporting two's complement properly.
- *
- * Revision 1.12 2001/06/16 12:57:43 mdw
- * Move the @mpmont_factor@ structure and rename it now that it's used for
- * Barrett simultaneous exponentiation too.
- *
- * Revision 1.11 2001/04/03 19:36:05 mdw
- * Add some simple bitwise operations so that Perl can use them.
- *
- * Revision 1.10 2000/10/08 12:03:16 mdw
- * Provide @mp_eq@ and @MP_EQ@ for rapidly testing equality of two
- * integers.
- *
- * Revision 1.9 2000/07/29 17:03:31 mdw
- * Add support for left-to-right bitscanning, for use in modular
- * exponentiation.
- *
- * Revision 1.8 2000/06/22 19:02:01 mdw
- * Add new functions.
- *
- * Revision 1.7 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.6 1999/12/10 23:19:46 mdw
- * Minor bugfixes. New interface for suggested destinations.
- *
- * Revision 1.5 1999/11/22 20:50:37 mdw
- * Add support for computing Jacobi symbols.
- *
- * Revision 1.4 1999/11/21 22:13:02 mdw
- * Add mp version of MPX_BITS.
- *
- * Revision 1.3 1999/11/19 13:19:14 mdw
- * Fix const annotation.
- *
- * Revision 1.2 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
#ifndef CATACOMB_MP_H
#define CATACOMB_MP_H
extern void mp_gcd(mp **/*gcd*/, mp **/*xx*/, mp **/*yy*/,
mp */*a*/, mp */*b*/);
+/* -- @mp_modinv@ --- *
+ *
+ * Arguments: @mp *d@ = destination
+ * @mp *x@ = argument
+ * @mp *p@ = modulus
+ *
+ * Returns: The inverse %$x^{-1} \bmod p$%.
+ *
+ * Use: Computes a modular inverse. An assertion fails if %$p$%
+ * has no inverse.
+ */
+
+extern mp *mp_modinv(mp */*d*/, mp */*x*/, mp */*p*/);
+
/* --- @mp_jacobi@ --- *
*
* Arguments: @mp *a@ = an integer less than @n@
/* -*-c-*-
*
- * $Id: mparena.c,v 1.6 2004/04/03 03:32:05 mdw Exp $
+ * $Id: mparena.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Allocation and freeing of MP buffers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mparena.c,v $
- * Revision 1.6 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.5 2000/06/17 11:35:48 mdw
- * Overhaul to use mLib's arena system underneath.
- *
- * Revision 1.4 1999/12/10 23:28:52 mdw
- * Memory allocation counting.
- *
- * Revision 1.3 1999/11/22 13:58:00 mdw
- * Document the tweakables.
- *
- * Revision 1.2 1999/11/21 22:14:19 mdw
- * Fix bug. Improve diagnostic capabilities.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: mparena.h,v 1.3 2000/06/17 11:35:48 mdw Exp $
+ * $Id: mparena.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Allocation and freeing of MP buffers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mparena.h,v $
- * Revision 1.3 2000/06/17 11:35:48 mdw
- * Overhaul to use mLib's arena system underneath.
- *
- * Revision 1.2 1999/12/10 23:28:59 mdw
- * Memory allocation counting.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
#ifndef CATACOMB_MPARENA_H
#define CATACOMB_MPARENA_H
/* -*-c-*-
*
- * $Id: mpbarrett-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpbarrett-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Modular exponentiation using Barrett reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpbarrett-exp.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
MP_COPY(a);
MP_SHRINK(e);
- if (e->f & MP_NEG) {
- mp *g = MP_NEW;
- mp_gcd(&g, 0, &a, mb->m, a);
- assert(MP_EQ(g, MP_ONE));
- mp_drop(g);
- }
+ if (e->f & MP_NEG)
+ a = mp_modinv(a, a, mb->m);
if (!MP_LEN(e))
;
else if (MP_LEN(e) < EXP_THRESH)
/* -*-c-*-
*
- * $Id: mpbarrett-exp.h,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: mpbarrett-exp.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Exponentiation operations for Barrett reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpbarrett-exp.h,v $
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.1 2004/03/20 00:20:05 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.1 2001/06/16 12:58:12 mdw
- * Parameters for generic exponentiation.
- *
- */
-
#ifndef CATACOMB_MPBARRETT_EXP_H
#define CATACOMB_MPBARRETT_EXP_H
/* -*-c-*-
*
- * $Id: mpbarrett-mexp.c,v 1.2 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpbarrett-mexp.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Multiple simultaneous exponentiations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpbarrett-mexp.c,v $
- * Revision 1.2 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.1 2001/06/16 12:58:34 mdw
- * Added simultaneous exponentiation with Barrett reduction.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
spare = MP_NEWSEC;
if (!(f[i].exp->f & MP_NEG))
ff[i].base = MP_COPY(f[i].base);
- else {
- ff[i].base = MP_NEW;
- mp_gcd(&g, 0, &ff[i].base, mb->m, f[i].base);
- assert(MP_EQ(g, MP_ONE));
- }
+ else
+ ff[i].base = mp_modinv(MP_NEW, f[i].base, mb->m);
ff[i].exp = f[i].exp;
}
mp_drop(g);
/* -*-c-*-
*
- * $Id: mpbarrett.c,v 1.9 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpbarrett.c,v 1.10 2004/04/08 01:36:15 mdw Exp $
*
* Barrett modular reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpbarrett.c,v $
- * Revision 1.9 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.8 2001/06/16 13:00:20 mdw
- * Use the generic exponentiation functions.
- *
- * Revision 1.7 2001/04/19 18:25:26 mdw
- * Use sliding-window exponentiation.
- *
- * Revision 1.6 2000/10/08 12:03:44 mdw
- * (mpbarrett_reduce): Cope with negative numbers.
- *
- * Revision 1.5 2000/07/29 17:04:33 mdw
- * Change to use left-to-right bitwise exponentiation. This will improve
- * performance when the base is small.
- *
- * Revision 1.4 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.3 1999/12/12 15:08:52 mdw
- * Don't bother shifting %$q$% in @mpbarrett_reduce@, just skip the least
- * significant digits.
- *
- * Revision 1.2 1999/12/11 01:50:56 mdw
- * Improve initialization slightly.
- *
- * Revision 1.1 1999/12/10 23:21:59 mdw
- * Barrett reduction support: works with even moduli.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mpbarrett.h,v 1.4 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpbarrett.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Barrett modular reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpbarrett.h,v $
- * Revision 1.4 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.3 2001/06/16 12:58:47 mdw
- * Added simultaneous exponentiation with Barrett reduction.
- *
- * Revision 1.2 2000/10/08 12:03:44 mdw
- * (mpbarrett_reduce): Cope with negative numbers.
- *
- * Revision 1.1 1999/12/10 23:22:00 mdw
- * Barrett reduction support: works with even moduli.
- *
- */
-
/*----- Notes on Barrett reduction ----------------------------------------*
*
* Barrett reduction is a technique for computing modular residues. Unlike
/* -*-c-*-
*
- * $Id: mpcrt.c,v 1.5 2001/04/29 17:39:33 mdw Exp $
+ * $Id: mpcrt.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Chinese Remainder Theorem computations (Gauss's algorithm)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpcrt.c,v $
- * Revision 1.5 2001/04/29 17:39:33 mdw
- * Fix memory leak.
- *
- * Revision 1.4 2001/04/19 18:25:38 mdw
- * Use mpmul for the multiplication.
- *
- * Revision 1.3 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.2 1999/12/10 23:22:32 mdw
- * Interface changes for suggested destinations. Use Barrett reduction.
- *
- * Revision 1.1 1999/11/22 20:50:57 mdw
- * Add support for solving Chinese Remainder Theorem problems.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
*/
if (!v[0].ni && !v[1].ni) {
- mp_gcd(0, &v[0].ni, &v[1].ni, v[0].n, v[1].n);
+ mp *g = MP_NEW;
+ mp_gcd(&g, &v[0].ni, &v[1].ni, v[0].n, v[1].n);
+ assert(MP_EQ(g, MP_ONE));
+ mp_drop(g);
v[0].ni = mp_add(v[0].ni, v[0].ni, v[1].n);
} else {
int i, j;
if (!v[i].n)
mp_div(&v[i].n, 0, n, v[i].m);
if (!v[i].ni)
- mp_gcd(0, &v[i].ni, 0, v[i].n, v[i].m);
+ v[i].ni = mp_modinv(MP_NEW, v[i].n, v[i].m);
if (!v[i].nni)
v[i].nni = mp_mul(MP_NEW, v[i].n, v[i].ni);
}
/* -*-c-*-
*
- * $Id: mpcrt.h,v 1.2 1999/12/10 23:22:32 mdw Exp $
+ * $Id: mpcrt.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Chinese Remainder Theorem computations (Gauss's algorithm)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpcrt.h,v $
- * Revision 1.2 1999/12/10 23:22:32 mdw
- * Interface changes for suggested destinations. Use Barrett reduction.
- *
- * Revision 1.1 1999/11/22 20:50:57 mdw
- * Add support for solving Chinese Remainder Theorem problems.
- *
- */
-
#ifndef CATACOMB_MPCRT_H
#define CATACOMB_MPCRT_H
/* -*-c-*-
*
- * $Id: mpdump.c,v 1.1 2004/03/27 17:54:11 mdw Exp $
+ * $Id: mpdump.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Dump a multiprecision integer as C data
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpdump.c,v $
- * Revision 1.1 2004/03/27 17:54:11 mdw
- * Standard curves and curve checking.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <errno.h>
/* -*-c-*-
*
- * $Id: mpint.c,v 1.3 2000/10/08 12:11:22 mdw Exp $
+ * $Id: mpint.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Conversion between MPs and standard C integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpint.c,v $
- * Revision 1.3 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.2 1999/12/10 23:22:53 mdw
- * Support for uint32.
- *
- * Revision 1.1 1999/11/25 11:38:31 mdw
- * Support for conversions between MPs and C integers.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mpint.h"
/* -*-c-*-
*
- * $Id: mpint.h,v 1.5 2002/01/13 19:23:16 mdw Exp $
+ * $Id: mpint.h,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Conversion between MPs and standard C integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpint.h,v $
- * Revision 1.5 2002/01/13 19:23:16 mdw
- * Fix division-by-zero bug translating @MPW_MAX@ to an @mp@.
- *
- * Revision 1.4 2000/10/08 12:04:01 mdw
- * Remove spurious semicolon.
- *
- * Revision 1.3 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.2 1999/12/10 23:22:53 mdw
- * Support for uint32.
- *
- * Revision 1.1 1999/11/25 11:38:31 mdw
- * Support for conversions between MPs and C integers.
- *
- */
-
#ifndef CATACOMB_MPINT_H
#define CATACOMB_MPINT_H
/* -*-c-*-
*
- * $Id: mpmont-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpmont-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Modular exponentiation with Montgomery reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpmont-exp.c,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
MP_COPY(a);
MP_SHRINK(e);
if (e->f & MP_NEG) {
- mp *g = MP_NEW;
a = mpmont_reduce(mm, a, a);
- mp_gcd(&g, 0, &a, mm->m, a);
- assert(MP_EQ(g, MP_ONE));
+ a = mp_modinv(a, a, mm->m);
a = mpmont_mul(mm, a, a, mm->r2);
- mp_drop(g);
}
if (MP_LEN(e) == 0)
;
/* -*-c-*-
*
- * $Id: mpmont-exp.h,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: mpmont-exp.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Exponentiation operations for Montgomery reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpmont-exp.h,v $
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.4.1 2004/03/20 00:13:31 mdw
- * Projective coordinates for prime curves
- *
- * Revision 1.1 2001/06/16 12:58:12 mdw
- * Parameters for generic exponentiation.
- *
- */
-
#ifndef CATACOMB_MPMONT_EXP_H
#define CATACOMB_MPMONT_EXP_H
/* -*-c-*-
*
- * $Id: mpmont-mexp.c,v 1.8 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpmont-mexp.c,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Multiple simultaneous exponentiations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpmont-mexp.c,v $
- * Revision 1.8 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.7 2002/01/13 13:49:14 mdw
- * Make @const@-correct.
- *
- * Revision 1.6 2001/06/16 13:00:20 mdw
- * Use the generic exponentiation functions.
- *
- * Revision 1.5 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.4 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.3 1999/12/10 23:18:39 mdw
- * Change interface for suggested destinations.
- *
- * Revision 1.2 1999/11/21 11:35:10 mdw
- * Performance improvement: use @mp_sqr@ and @mpmont_reduce@ instead of
- * @mpmont_mul@ for squaring in exponentiation.
- *
- * Revision 1.1 1999/11/19 13:19:29 mdw
- * Simultaneous exponentiation support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
{
mp *a = MP_COPY(mm->r);
mp *spare = MP_NEW;
- mp *g = MP_NEW;
size_t i;
for (i = 0; i < n; i++) {
spare = MP_NEWSEC;
if (f[i].exp->f & MP_NEG) {
t = mpmont_reduce(mm, f[i].base, f[i].base);
- mp_gcd(&g, 0, &t, mm->m, t);
- assert(MP_EQ(g, MP_ONE));
+ t = mp_modinv(t, t, mm->m);
f[i].base = mpmont_mul(mm, t, t, mm->r2);
}
}
- mp_drop(g);
EXP_SIMUL(a, f, n);
mp_drop(d);
mp_drop(spare);
/* -*-c-*-
*
- * $Id: mpmont.c,v 1.18 2004/04/03 03:32:05 mdw Exp $
+ * $Id: mpmont.c,v 1.19 2004/04/08 01:36:15 mdw Exp $
*
* Montgomery reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpmont.c,v $
- * Revision 1.18 2004/04/03 03:32:05 mdw
- * General robustification.
- *
- * Revision 1.17 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.16 2002/01/13 13:40:31 mdw
- * Avoid trashing arguments before we've used them.
- *
- * Revision 1.15 2001/06/16 13:00:20 mdw
- * Use the generic exponentiation functions.
- *
- * Revision 1.14 2001/02/22 09:04:26 mdw
- * Cosmetic fix.
- *
- * Revision 1.13 2001/02/03 12:00:29 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.12 2000/10/08 15:48:35 mdw
- * Rename Karatsuba constants now that we have @gfx_kmul@ too.
- *
- * Revision 1.11 2000/10/08 12:04:27 mdw
- * (mpmont_reduce, mpmont_mul): Cope with negative numbers.
- *
- * Revision 1.10 2000/07/29 17:05:43 mdw
- * (mpmont_expr): Use sliding window exponentiation, with a drop-through
- * for small exponents to use a simple left-to-right bitwise routine. This
- * can reduce modexp times by up to a quarter.
- *
- * Revision 1.9 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.8 1999/12/22 15:55:00 mdw
- * Adjust Karatsuba parameters.
- *
- * Revision 1.7 1999/12/11 01:51:14 mdw
- * Use a Karatsuba-based reduction for large moduli.
- *
- * Revision 1.6 1999/12/10 23:18:39 mdw
- * Change interface for suggested destinations.
- *
- * Revision 1.5 1999/11/22 13:58:40 mdw
- * Add an option to disable Montgomery reduction, so that performance
- * comparisons can be done.
- *
- * Revision 1.4 1999/11/21 12:27:06 mdw
- * Remove a division from the Montgomery setup by calculating
- * %$R^2 \bmod m$% first and then %$R \bmod m$% by Montgomery reduction of
- * %$R^2$%.
- *
- * Revision 1.3 1999/11/21 11:35:10 mdw
- * Performance improvement: use @mp_sqr@ and @mpmont_reduce@ instead of
- * @mpmont_mul@ for squaring in exponentiation.
- *
- * Revision 1.2 1999/11/19 13:17:26 mdw
- * Add extra interface to exponentiation which returns a Montgomerized
- * result.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* --- Find the magic value @mi@ --- */
mp_build(&r, r2->v + n, r2->vl);
- mm->mi = MP_NEW;
- mp_gcd(0, 0, &mm->mi, &r, m);
+ mm->mi = mp_modinv(MP_NEW, m, &r);
mm->mi = mp_sub(mm->mi, &r, mm->mi);
/* --- Discover the values %$R \bmod m$% and %$R^2 \bmod m$% --- */
/* -*-c-*-
*
- * $Id: mpmont.h,v 1.7 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpmont.h,v 1.8 2004/04/08 01:36:15 mdw Exp $
*
* Montgomery reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpmont.h,v $
- * Revision 1.7 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.6 2002/01/13 13:49:25 mdw
- * Make @const@-correct.
- *
- * Revision 1.5 2001/06/16 13:00:04 mdw
- * Moved @mpmont_factor@ to <mp.h>. Documented interface change to
- * @mpmont_expr@ and @mpmont_mexpr@ -- the arguments are now in Montgomery
- * form.
- *
- * Revision 1.4 1999/12/11 01:51:14 mdw
- * Use a Karatsuba-based reduction for large moduli.
- *
- * Revision 1.3 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.2 1999/11/19 13:17:43 mdw
- * Add extra interface to exponentiation which returns a Montgomerized
- * result. Add simultaneous exponentiation interface.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
#ifndef CATACOMB_MPMONT_H
#define CATACOMB_MPMONT_H
/* -*-c-*-
*
- * $Id: mpmul.c,v 1.4 2001/02/03 12:00:29 mdw Exp $
+ * $Id: mpmul.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Multiply many small numbers together
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpmul.c,v $
- * Revision 1.4 2001/02/03 12:00:29 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.3 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.2 2000/07/09 21:31:10 mdw
- * Fix bug, and add a test rig.
- *
- * Revision 1.1 2000/07/01 11:21:39 mdw
- * New interface for computing products of many (small) integers.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mpmul.h,v 1.1 2000/07/01 11:21:39 mdw Exp $
+ * $Id: mpmul.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Multiply many small numbers together
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpmul.h,v $
- * Revision 1.1 2000/07/01 11:21:39 mdw
- * New interface for computing products of many (small) integers.
- *
- */
-
#ifndef CATACOMB_MPMUL_H
#define CATACOMB_MPMUL_H
/* -*-c-*-
*
- * $Id: mprand.c,v 1.4 2001/05/07 17:31:19 mdw Exp $
+ * $Id: mprand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Generate a random multiprecision integer
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mprand.c,v $
- * Revision 1.4 2001/05/07 17:31:19 mdw
- * Fix off-by one bug in mprand_range. Probably security critical: the old
- * code generated numbers between zero and the highest power of 2 less than
- * the given range.
- *
- * Revision 1.3 2000/06/17 11:45:09 mdw
- * Major memory management overhaul. Added arena support. Use the secure
- * arena for secret integers. Replace and improve the MP management macros
- * (e.g., replace MP_MODIFY by MP_DEST).
- *
- * Revision 1.2 1999/12/22 15:55:33 mdw
- * Modify `mprand' slightly. Add `mprand_range'.
- *
- * Revision 1.1 1999/12/10 23:23:05 mdw
- * Support for generating random large integers.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
/* -*-c-*-
*
- * $Id: mprand.h,v 1.2 1999/12/22 15:55:43 mdw Exp $
+ * $Id: mprand.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Generate a random multiprecision integer
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mprand.h,v $
- * Revision 1.2 1999/12/22 15:55:43 mdw
- * Add `mprand_range'.
- *
- * Revision 1.1 1999/12/10 23:23:05 mdw
- * Support for generating random large integers.
- *
- */
-
#ifndef CATACOMB_MPRAND_H
#define CATACOMB_MPRAND_H
/* -*-c-*-
*
- * $Id: mpreduce-exp.h,v 1.1 2004/03/27 00:04:46 mdw Exp $
+ * $Id: mpreduce-exp.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Exponentiation operations for binary field reduction
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpreduce-exp.h,v $
- * Revision 1.1 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.2 2004/03/21 22:52:06 mdw
- * Merge and close elliptic curve branch.
- *
- * Revision 1.1.2.1 2004/03/21 22:39:46 mdw
- * Elliptic curves on binary fields work.
- *
- */
-
#ifndef CATACOMB_MPREDUCE_EXP_H
#define CATACOMB_MPREDUCE_EXP_H
/* -*-c-*-
*
- * $Id: mpreduce.c,v 1.1 2004/03/27 00:04:46 mdw Exp $
+ * $Id: mpreduce.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Efficient reduction modulo nice primes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpreduce.c,v $
- * Revision 1.1 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/darray.h>
/* -*-c-*-
*
- * $Id: mpreduce.h,v 1.1 2004/03/27 00:04:46 mdw Exp $
+ * $Id: mpreduce.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Efficient reduction modulo nice primes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpreduce.h,v $
- * Revision 1.1 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- */
-
#ifndef CATACOMB_MPREDUCE_H
#define CATACOMB_MPREDUCE_H
/* -*-c-*-
*
- * $Id: mpscan.c,v 1.3 2000/07/29 17:03:31 mdw Exp $
+ * $Id: mpscan.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Sequential bit scan of multiprecision integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpscan.c,v $
- * Revision 1.3 2000/07/29 17:03:31 mdw
- * Add support for left-to-right bitscanning, for use in modular
- * exponentiation.
- *
- * Revision 1.2 1999/11/13 01:55:10 mdw
- * Fixed so that they compile. Minor interface changes.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mpscan.h"
/* -*-c-*-
*
- * $Id: mpscan.h,v 1.4 2000/07/29 17:03:31 mdw Exp $
+ * $Id: mpscan.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Sequential bit scan of multiprecision integers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpscan.h,v $
- * Revision 1.4 2000/07/29 17:03:31 mdw
- * Add support for left-to-right bitscanning, for use in modular
- * exponentiation.
- *
- * Revision 1.3 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.2 1999/11/13 01:55:10 mdw
- * Fixed so that they compile. Minor interface changes.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_MPSCAN_H
#define CATACOMB_MPSCAN_H
/* -*-c-*-
*
- * $Id: mptext-dstr.c,v 1.3 2000/08/04 23:23:44 mdw Exp $
+ * $Id: mptext-dstr.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Reading and writing large integers on strings
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mptext-dstr.c,v $
- * Revision 1.3 2000/08/04 23:23:44 mdw
- * Various <ctype.h> fixes.
- *
- * Revision 1.2 1999/12/22 15:56:21 mdw
- * Make the buffer passed to `put' op constant.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* -*-c-*-
*
- * $Id: mptext-file.c,v 1.2 1999/12/22 15:56:21 mdw Exp $
+ * $Id: mptext-file.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Reading and writing large integers on files
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mptext-file.c,v $
- * Revision 1.2 1999/12/22 15:56:21 mdw
- * Make the buffer passed to `put' op constant.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: mptext-len.c,v 1.1 2002/10/15 22:58:29 mdw Exp $
+ * $Id: mptext-len.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Work out length of a number's string representation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mptext-len.c,v $
- * Revision 1.1 2002/10/15 22:58:29 mdw
- * Fast estimation of number representation lengths.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: mptext-string.c,v 1.4 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mptext-string.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Reading and writing large integers on strings
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mptext-string.c,v $
- * Revision 1.4 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.3 2000/08/04 23:23:44 mdw
- * Various <ctype.h> fixes.
- *
- * Revision 1.2 1999/12/22 15:56:21 mdw
- * Make the buffer passed to `put' op constant.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <string.h>
/* -*-c-*-
*
- * $Id: mptext.c,v 1.17 2002/10/19 11:59:04 mdw Exp $
+ * $Id: mptext.c,v 1.18 2004/04/08 01:36:15 mdw Exp $
*
* Textual representation of multiprecision numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mptext.c,v $
- * Revision 1.17 2002/10/19 11:59:04 mdw
- * Fix leftovers bug in reading.
- *
- * Revision 1.16 2002/10/15 22:57:43 mdw
- * Bug fix: prevent negative zero.
- *
- * Revision 1.15 2002/10/15 19:18:15 mdw
- * Fix fencepost bugs in binary radix writing.
- *
- * Revision 1.14 2002/10/09 00:33:44 mdw
- * Allow `0o' and `0b' prefixes for octal and binary (from Haskell)
- *
- * Revision 1.13 2002/10/09 00:21:06 mdw
- * Allow user-specified `r_xx' bases to be up to 62.
- *
- * Revision 1.12 2002/01/13 19:51:18 mdw
- * Extend the textual format to bases up to 62 by distinguishing case.
- *
- * Revision 1.11 2001/06/16 23:42:17 mdw
- * Typesetting fixes.
- *
- * Revision 1.10 2001/06/16 13:22:39 mdw
- * Added fast-track code for binary output bases, and tests.
- *
- * Revision 1.9 2001/02/03 16:05:17 mdw
- * Make flags be unsigned. Improve the write algorithm: recurse until the
- * parts are one word long and use single-precision arithmetic from there.
- * Fix off-by-one bug when breaking the number apart.
- *
- * Revision 1.8 2000/12/06 20:32:42 mdw
- * Reduce binary bytes (to allow marker bits to be ignored). Fix error
- * message string a bit. Allow leading `+' signs.
- *
- * Revision 1.7 2000/07/15 10:01:08 mdw
- * Bug fix in binary input.
- *
- * Revision 1.6 2000/06/25 12:58:23 mdw
- * Fix the derivation of `depth' commentary.
- *
- * Revision 1.5 2000/06/17 11:46:19 mdw
- * New and much faster stack-based algorithm for reading integers. Support
- * reading and writing binary integers in bases between 2 and 256.
- *
- * Revision 1.4 1999/12/22 15:56:56 mdw
- * Use clever recursive algorithm for writing numbers out.
- *
- * Revision 1.3 1999/12/10 23:23:26 mdw
- * Allocate slightly less memory.
- *
- * Revision 1.2 1999/11/20 22:24:15 mdw
- * Use function versions of MPX_UMULN and MPX_UADDN.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <ctype.h>
/* -*-c-*-
*
- * $Id: mptext.h,v 1.6 2002/10/15 22:58:29 mdw Exp $
+ * $Id: mptext.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Textual representation of multiprecision numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mptext.h,v $
- * Revision 1.6 2002/10/15 22:58:29 mdw
- * Fast estimation of number representation lengths.
- *
- * Revision 1.5 2000/10/08 12:04:58 mdw
- * (MP_DOFPRINTFR): cope with null pointers.
- *
- * Revision 1.4 2000/06/17 11:46:58 mdw
- * Convenience macros for producing debugging output containing MP
- * integers.
- *
- * Revision 1.3 1999/12/22 15:56:30 mdw
- * Make the buffer passed to `put' op constant.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/11/17 18:02:16 mdw
- * New multiprecision integer arithmetic suite.
- *
- */
-
#ifndef CATACOMB_MPTEXT_H
#define CATACOMB_MPTEXT_H
/* -*-c-*-
*
- * $Id: mptypes.c,v 1.4 2000/10/08 12:05:24 mdw Exp $
+ * $Id: mptypes.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Generate `mptypes.h' header file for current architecture
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mptypes.c,v $
- * Revision 1.4 2000/10/08 12:05:24 mdw
- * Make later versions of GCC shut up about @long long@.
- *
- * Revision 1.3 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.2 1999/11/13 01:54:32 mdw
- * Format source code properly ;-). Attach suffixes to the `max'
- * constants.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#define _GNU_SOURCE
/* -*-c-*-
*
- * $Id: mpw.h,v 1.2 1999/12/10 23:29:48 mdw Exp $
+ * $Id: mpw.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Very low-level multiprecision definitions
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpw.h,v $
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/11/13 01:52:34 mdw
- * Very low-level definitions for MP types.
- *
- * Revision 1.1 1999/11/13 01:50:17 mdw
- * Veyr low level definitions for MP types.
- *
- */
-
#ifndef CATACOMB_MPW_H
#define CATACOMB_MPW_H
/* -*-c-*-
*
- * $Id: mpx-kmul.c,v 1.9 2004/03/27 17:54:12 mdw Exp $
+ * $Id: mpx-kmul.c,v 1.10 2004/04/08 01:36:15 mdw Exp $
*
* Karatsuba's multiplication algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpx-kmul.c,v $
- * Revision 1.9 2004/03/27 17:54:12 mdw
- * Standard curves and curve checking.
- *
- * Revision 1.8 2002/10/09 00:36:03 mdw
- * Fix bounds on workspace for Karatsuba operations.
- *
- * Revision 1.7 2000/10/08 15:48:35 mdw
- * Rename Karatsuba constants now that we have @gfx_kmul@ too.
- *
- * Revision 1.6 2000/10/08 12:11:01 mdw
- * Use @mpx_ueq@ instead of @MPX_UCMP@.
- *
- * Revision 1.5 2000/07/29 17:04:02 mdw
- * Remove useless header `mpscan.h'.
- *
- * Revision 1.4 2000/06/17 11:42:11 mdw
- * Moved the Karatsuba macros into a separate file for better sharing.
- * Fixed some comments.
- *
- * Revision 1.3 1999/12/13 15:35:01 mdw
- * Simplify and improve.
- *
- * Revision 1.2 1999/12/11 10:58:02 mdw
- * Remove tweakable comments.
- *
- * Revision 1.1 1999/12/10 23:23:51 mdw
- * Karatsuba-Ofman multiplication algorithm.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: mpx-ksqr.c,v 1.7 2002/10/09 00:36:03 mdw Exp $
+ * $Id: mpx-ksqr.c,v 1.8 2004/04/08 01:36:15 mdw Exp $
*
* Karatsuba-based squaring algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpx-ksqr.c,v $
- * Revision 1.7 2002/10/09 00:36:03 mdw
- * Fix bounds on workspace for Karatsuba operations.
- *
- * Revision 1.6 2000/10/08 15:48:35 mdw
- * Rename Karatsuba constants now that we have @gfx_kmul@ too.
- *
- * Revision 1.5 2000/10/08 12:11:01 mdw
- * Use @mpx_ueq@ instead of @MPX_UCMP@.
- *
- * Revision 1.4 2000/07/29 17:04:02 mdw
- * Remove useless header `mpscan.h'.
- *
- * Revision 1.3 2000/06/17 11:42:54 mdw
- * Moved the Karatsuba macros into a separate file for better sharing.
- * Fixed some comments. Use an improved technique so that all the
- * operations are squarings.
- *
- * Revision 1.2 1999/12/13 15:35:01 mdw
- * Simplify and improve.
- *
- * Revision 1.1 1999/12/11 10:57:43 mdw
- * Karatsuba squaring algorithm.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: mpx.c,v 1.19 2004/04/03 03:29:40 mdw Exp $
+ * $Id: mpx.c,v 1.20 2004/04/08 01:36:15 mdw Exp $
*
* Low-level multiprecision arithmetic
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpx.c,v $
- * Revision 1.19 2004/04/03 03:29:40 mdw
- * Fix overrun in @mpx_lsr@.
- *
- * Revision 1.18 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.17 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.16 2003/05/16 09:09:24 mdw
- * Fix @mp_lsl2c@. Turns out to be surprisingly tricky.
- *
- * Revision 1.15 2002/10/20 01:12:31 mdw
- * Two's complement I/O fixes.
- *
- * Revision 1.14 2002/10/19 18:55:08 mdw
- * Fix overflows in shift primitives.
- *
- * Revision 1.13 2002/10/19 17:56:50 mdw
- * Fix bit operations. Test them (a bit) better.
- *
- * Revision 1.12 2002/10/06 22:52:50 mdw
- * Pile of changes for supporting two's complement properly.
- *
- * Revision 1.11 2001/04/03 19:36:05 mdw
- * Add some simple bitwise operations so that Perl can use them.
- *
- * Revision 1.10 2000/10/08 12:06:12 mdw
- * Provide @mpx_ueq@ for rapidly testing equality of two integers.
- *
- * Revision 1.9 2000/06/26 07:52:50 mdw
- * Portability fix for the bug fix.
- *
- * Revision 1.8 2000/06/25 12:59:02 mdw
- * (mpx_udiv): Fix bug in quotient digit estimation.
- *
- * Revision 1.7 1999/12/22 15:49:07 mdw
- * New function for division by a small integer.
- *
- * Revision 1.6 1999/11/20 22:43:44 mdw
- * Integrate testing for MPX routines.
- *
- * Revision 1.5 1999/11/20 22:23:27 mdw
- * Add function versions of some low-level macros with wider use.
- *
- * Revision 1.4 1999/11/17 18:04:09 mdw
- * Add two's-complement functionality. Improve mpx_udiv a little by
- * performing the multiplication of the divisor by q with the subtraction
- * from r.
- *
- * Revision 1.3 1999/11/13 01:57:31 mdw
- * Remove stray debugging code.
- *
- * Revision 1.2 1999/11/13 01:50:59 mdw
- * Multiprecision routines finished and tested.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: mpx.h,v 1.17 2004/03/27 00:04:46 mdw Exp $
+ * $Id: mpx.h,v 1.18 2004/04/08 01:36:15 mdw Exp $
*
* Low level multiprecision arithmetic
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: mpx.h,v $
- * Revision 1.17 2004/03/27 00:04:46 mdw
- * Implement efficient reduction for pleasant-looking primes.
- *
- * Revision 1.16 2003/05/16 09:09:24 mdw
- * Fix @mp_lsl2c@. Turns out to be surprisingly tricky.
- *
- * Revision 1.15 2002/10/19 17:56:50 mdw
- * Fix bit operations. Test them (a bit) better.
- *
- * Revision 1.14 2002/10/09 00:36:03 mdw
- * Fix bounds on workspace for Karatsuba operations.
- *
- * Revision 1.13 2002/10/06 22:52:50 mdw
- * Pile of changes for supporting two's complement properly.
- *
- * Revision 1.12 2001/04/03 19:36:05 mdw
- * Add some simple bitwise operations so that Perl can use them.
- *
- * Revision 1.11 2000/10/08 15:48:35 mdw
- * Rename Karatsuba constants now that we have @gfx_kmul@ too.
- *
- * Revision 1.10 2000/10/08 12:06:12 mdw
- * Provide @mpx_ueq@ for rapidly testing equality of two integers.
- *
- * Revision 1.9 1999/12/22 15:49:07 mdw
- * New function for division by a small integer.
- *
- * Revision 1.8 1999/12/11 10:57:43 mdw
- * Karatsuba squaring algorithm.
- *
- * Revision 1.7 1999/12/11 01:51:28 mdw
- * Change Karatsuba parameters slightly.
- *
- * Revision 1.6 1999/12/10 23:23:51 mdw
- * Karatsuba-Ofman multiplication algorithm.
- *
- * Revision 1.5 1999/11/20 22:23:27 mdw
- * Add function versions of some low-level macros with wider use.
- *
- * Revision 1.4 1999/11/17 18:04:43 mdw
- * Add two's complement support. Fix a bug in MPX_UMLAN.
- *
- * Revision 1.3 1999/11/13 01:51:29 mdw
- * Minor interface changes. Should be stable now.
- *
- * Revision 1.2 1999/11/11 17:47:55 mdw
- * Minor changes for different `mptypes.h' format.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_MPX_H
#define CATACOMB_MPX_H
/* -*-c-*-
*
- * $Id: noekeon.c,v 1.2 2001/06/16 23:42:17 mdw Exp $
+ * $Id: noekeon.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Noekeon block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: noekeon.c,v $
- * Revision 1.2 2001/06/16 23:42:17 mdw
- * Typesetting fixes.
- *
- * Revision 1.1 2001/05/08 22:17:41 mdw
- * New cipher Noekeon added.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: noekeon.h,v 1.1 2001/05/08 22:17:41 mdw Exp $
+ * $Id: noekeon.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Noekeon block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: noekeon.h,v $
- * Revision 1.1 2001/05/08 22:17:41 mdw
- * New cipher Noekeon added.
- *
- * Revision 1.3 2001/05/07 17:31:53 mdw
- * Separate out key scheduling.
- *
- * Revision 1.2 2000/10/08 15:48:58 mdw
- * Update comments now that AES has been chosen.
- *
- * Revision 1.1 2000/06/17 11:56:07 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the Noekeon block cipher --------------------------------*
*
* A Nessie entry, by Joan Daemen, Michael Peeters, Gilles Van Assche and
/* -*-c-*-
*
- * $Id: noise.c,v 1.7 2004/04/02 01:03:49 mdw Exp $
+ * $Id: noise.c,v 1.8 2004/04/08 01:36:15 mdw Exp $
*
* Acquisition of environmental noise (Unix-specific)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: noise.c,v $
- * Revision 1.7 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.6 2000/06/17 12:57:47 mdw
- * New free counter noise generator, for use if /dev/random is
- * unavailable.
- *
- * Revision 1.5 1999/12/22 15:57:55 mdw
- * Label system-specific parts more clearly.
- *
- * Revision 1.4 1999/12/10 23:25:15 mdw
- * Bug fix: remove old spurious fflush.
- *
- * Revision 1.3 1999/12/10 23:24:11 mdw
- * Bug fix: flush buffers before forking.
- *
- * Revision 1.2 1999/11/11 00:59:08 mdw
- * A bit of reformatting. Initialize the uid and gid correctly.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: noise.h,v 1.5 2004/04/02 01:03:49 mdw Exp $
+ * $Id: noise.h,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Acquisition of environmental noise (Unix-specific)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: noise.h,v $
- * Revision 1.5 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.4 2000/06/17 12:57:47 mdw
- * New free counter noise generator, for use if /dev/random is
- * unavailable.
- *
- * Revision 1.3 1999/12/22 15:57:55 mdw
- * Label system-specific parts more clearly.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_NOISE_H
#define CATACOMB_NOISE_H
/* -*-c-*-
*
- * $Id: oaep.c,v 1.5 2002/01/13 20:20:39 mdw Exp $
+ * $Id: oaep.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Optimal asymmetric encryption packing
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: oaep.c,v $
- * Revision 1.5 2002/01/13 20:20:39 mdw
- * Hack the @oaep_decode@ code some more, to make it work again.
- *
- * Revision 1.4 2002/01/13 13:50:21 mdw
- * Allow only one error return, to frustrate Manger's attack against OAEP.
- *
- * Revision 1.3 2001/02/22 09:04:39 mdw
- * Fix memory leaks.
- *
- * Revision 1.2 2000/07/15 10:01:48 mdw
- * Test rig added, based on RIPEMD160-MGF1 test vectors.
- *
- * Revision 1.1 2000/07/01 11:18:30 mdw
- * Support for Optimal Asymmetric Encryption Padding.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <string.h>
#include "gcipher.h"
#include "ghash.h"
#include "grand.h"
-#include "oaep.h"
+#include "rsa.h"
/*----- Main code ---------------------------------------------------------*/
/* --- @oaep_encode@ --- *
*
- * Arguments: @const void *msg@ = pointer to message data
+ * Arguments: @mp *d@ = where to put the answer
+ * @const void *m@ = pointer to message data
* @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
+ * @octet *b@ = spare buffer
+ * @size_t sz@ = size of the buffer (big enough)
+ * @unsigned long nbits@ = length of bits of @n@
* @void *p@ = pointer to OAEP parameter block
*
- * Returns: Zero if all went well, negative on failure.
+ * Returns: The encoded plaintext, or null on failure.
*
* Use: Implements the operation @EME-OAEP-ENCODE@, as defined in
* PKCS#1 v. 2.0 (RFC2437).
*/
-int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p)
+mp *oaep_encode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
+ unsigned long nbits, void *p)
{
oaep *o = p;
size_t hsz = o->ch->hashsz;
/* --- Ensure that everything is sensibly sized --- */
if (2 * hsz + 2 + msz > sz)
- return (-1);
+ return (0);
/* --- Make the `seed' value --- */
- q = buf;
+ q = b;
*q++ = 0; sz--;
mq = q + hsz;
qq = q + sz;
- o->r->ops->fill(o->r, q, hsz);
+ GR_FILL(o->r, q, hsz);
/* --- Fill in the rest of the buffer --- */
- h = o->ch->init();
- h->ops->hash(h, o->ep, o->epsz);
- h->ops->done(h, mq);
- h->ops->destroy(h);
+ h = GH_INIT(o->ch);
+ GH_HASH(h, o->ep, o->epsz);
+ GH_DONE(h, mq);
+ GH_DESTROY(h);
pp = mq + hsz;
n = sz - 2 * hsz - msz - 1;
memset(pp, 0, n);
pp += n;
*pp++ = 1;
- memcpy(pp, msg, msz);
+ memcpy(pp, m, msz);
/* --- Do the packing --- */
n = sz - hsz;
- c = o->cc->init(q, hsz);
- c->ops->encrypt(c, mq, mq, n);
- c->ops->destroy(c);
+ c = GC_INIT(o->cc, q, hsz);
+ GC_ENCRYPT(c, mq, mq, n);
+ GC_DESTROY(c);
- c = o->cc->init(mq, n);
- c->ops->encrypt(c, q, q, hsz);
- c->ops->destroy(c);
+ c = GC_INIT(o->cc, mq, n);
+ GC_ENCRYPT(c, q, q, hsz);
+ GC_DESTROY(c);
/* --- Done --- */
- return (0);
+ return (mp_loadb(d, b, sz + 1));
}
/* --- @oaep_decode@ --- *
*
- * Arguments: @const void *buf@ = pointer to encoded buffer
- * @size_t sz@ = size of the encoded buffer
- * @dstr *d@ = pointer to destination string
+ * Arguments: @mp *m@ = the decrypted message
+ * @octet *b@ = pointer to a buffer to work in
+ * @size_t sz@ = the size of the buffer (big enough)
+ * @unsigned long nbits@ = the number of bits in @n@
* @void *p@ = pointer to OAEP parameter block
*
* Returns: The length of the output string if successful, negative on
* PKCS#1 v. 2.0 (RFC2437).
*/
-int oaep_decode(const void *buf, size_t sz, dstr *d, void *p)
+static int memeq(const void *xx, const void *yy, size_t sz)
+{
+ int eq = 1;
+ const octet *x = xx, *y = yy;
+ while (sz) { /* Always check every byte */
+ if (*x++ != *y++) eq = 0;
+ sz--;
+ }
+ return (eq);
+}
+
+int oaep_decode(mp *m, octet *b, size_t sz, unsigned long nbits, void *p)
{
oaep *o = p;
gcipher *c;
unsigned bad = 0;
size_t n;
size_t hsz = o->ch->hashsz;
- int rc = -1;
/* --- Ensure that the block is large enough --- */
- if (sz < 2 * hsz)
+ if (sz < 2 * hsz) /* Doesn't depend on ciphertext */
return (-1);
- q = x_alloc(d->a, sz);
- memcpy(q, buf, sz);
-
/* --- Decrypt the message --- */
+ mp_storeb(m, b, sz);
+ q = b;
bad = *q;
q++; sz--;
mq = q + hsz;
qq = q + sz;
n = sz - hsz;
- c = o->cc->init(mq, n);
- c->ops->decrypt(c, q, q, hsz);
- c->ops->destroy(c);
+ c = GC_INIT(o->cc, mq, n);
+ GC_DECRYPT(c, q, q, hsz);
+ GC_DESTROY(c);
- c = o->cc->init(q, hsz);
- c->ops->decrypt(c, mq, mq, n);
- c->ops->destroy(c);
+ c = GC_INIT(o->cc, q, hsz);
+ GC_DECRYPT(c, mq, mq, n);
+ GC_DESTROY(c);
q--;
/* --- Check the hash on the encoding parameters --- */
- h = o->ch->init();
- h->ops->hash(h, o->ep, o->epsz);
- h->ops->done(h, q);
- h->ops->destroy(h);
- bad |= memcmp(q, mq, hsz);
+ h = GH_INIT(o->ch);
+ GH_HASH(h, o->ep, o->epsz);
+ GH_DONE(h, q);
+ GH_DESTROY(h);
+ bad |= !memeq(q, mq, hsz);
/* --- Now find the start of the actual message --- */
pp++;
bad |= (pp >= qq) | (*pp++ != 1);
n = qq - pp;
- dstr_putm(d, pp, n);
- if (!bad)
- rc = n;
-
- x_free(d->a, q);
- return (rc);
-}
-
-/*----- Test rig ----------------------------------------------------------*/
-
-#ifdef TEST_RIG
-
-#include <mLib/testrig.h>
-
-#include "rmd160.h"
-#include "rmd160-mgf.h"
-
-typedef struct gctx {
- grand r;
- octet *buf;
-} gctx;
-
-static void rfill(grand *r, void *buf, size_t sz)
-{
- gctx *g = (gctx *)r;
- memcpy(buf, g->buf, sz);
-}
-
-static const grand_ops gops = {
- "const", 0, 0,
- 0, 0,
- 0, 0, 0, 0, rfill
-};
-
-static int verify(dstr *v)
-{
- gctx gr;
- dstr d = DSTR_INIT;
- oaep o;
- int ok = 1;
-
- dstr_ensure(&d, v[3].len);
- d.len = v[3].len;
- gr.r.ops = &gops;
- gr.buf = (octet *)v[2].buf;
-
- o.cc = &rmd160_mgf;
- o.ch = &rmd160;
- o.r = &gr.r;
- o.ep = v[1].buf;
- o.epsz = v[1].len;
-
- if (oaep_encode(v[0].buf, v[0].len, d.buf, d.len, &o) ||
- memcmp(d.buf, v[3].buf, d.len) != 0) {
- ok = 0;
- fputs("\nfailure in oaep_encode", stderr);
- fputs("\n message = ", stderr); type_hex.dump(&v[0], stderr);
- fputs("\n params = ", stderr); type_hex.dump(&v[1], stderr);
- fputs("\n salt = ", stderr); type_hex.dump(&v[2], stderr);
- fputs("\nexpected = ", stderr); type_hex.dump(&v[3], stderr);
- fputs("\n output = ", stderr); type_hex.dump(&d, stderr);
- fputc('\n', stderr);
- }
-
- DRESET(&d);
- if (oaep_decode(v[3].buf, v[3].len, &d, &o) < 0 ||
- d.len != v[0].len || memcmp(d.buf, v[0].buf, d.len) != 0) {
- ok = 0;
- fputs("\nfailure in oaep_decode", stderr);
- fputs("\n goop = ", stderr); type_hex.dump(&v[3], stderr);
- fputs("\n params = ", stderr); type_hex.dump(&v[1], stderr);
- fputs("\n salt = ", stderr); type_hex.dump(&v[2], stderr);
- fputs("\nexpected = ", stderr); type_hex.dump(&v[0], stderr);
- fputs("\n output = ", stderr); type_hex.dump(&d, stderr);
- fputc('\n', stderr);
- }
-
- dstr_destroy(&d);
- return (ok);
+ memmove(q, pp, n);
+ return (bad ? -1 : n);
}
-static test_chunk tests[] = {
- { "oaep", verify, { &type_hex, &type_hex, &type_hex, &type_hex, 0 } },
- { 0, 0, { 0 } }
-};
-
-int main(int argc, char *argv[])
-{
- test_run(argc, argv, tests, SRCDIR "/tests/oaep");
- return (0);
-}
-
-#endif
-
/*----- That's all, folks -------------------------------------------------*/
+++ /dev/null
-/* -*-c-*-
- *
- * $Id: oaep.h,v 1.1 2000/07/01 11:18:30 mdw Exp $
- *
- * Optimal asymmetric encryption packing
- *
- * (c) 2000 Straylight/Edgeware
- */
-
-/*----- Licensing notice --------------------------------------------------*
- *
- * This file is part of Catacomb.
- *
- * Catacomb is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Library General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * Catacomb is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public
- * License along with Catacomb; if not, write to the Free
- * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: oaep.h,v $
- * Revision 1.1 2000/07/01 11:18:30 mdw
- * Support for Optimal Asymmetric Encryption Padding.
- *
- */
-
-/*----- Notes on OAEP -----------------------------------------------------*
- *
- * Applying OAEP before RSA encryption renders the construction plaintext-
- * aware under the random oracle model. This is probably a good thing. OAEP
- * was designed by Bellare and Rogaway. This particular variant is the one
- * specified in PKCS#1 version 2.0. It's apparently not compatible with the
- * OAEP used in the SET protocols.
- */
-
-#ifndef CATACOMB_OAEP_H
-#define CATACOMB_OAEP_H
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/*----- Header files ------------------------------------------------------*/
-
-#include <mLib/bits.h>
-#include <mLib/dstr.h>
-
-#ifndef CATACOMB_GCIPHER_H
-# include "gcipher.h"
-#endif
-
-#ifndef CATACOMB_GHASH_H
-# include "ghash.h"
-#endif
-
-#ifndef CATACOMB_GRAND_H
-# include "grand.h"
-#endif
-
-/*----- Data structures ---------------------------------------------------*/
-
-typedef struct oaep {
- const gccipher *cc; /* Cipher class for masking */
- const gchash *ch; /* Hash class for parameter block */
- grand *r; /* Random number source */
- const void *ep; /* Encoding parameters block */
- size_t epsz; /* Size of the parameter block */
-} oaep;
-
-/*----- Functions provided ------------------------------------------------*/
-
-/* --- @oaep_encode@ --- *
- *
- * Arguments: @const void *msg@ = pointer to message data
- * @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
- * @void *p@ = pointer to OAEP parameter block
- *
- * Returns: Zero if all went well, negative on failure.
- *
- * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in
- * PKCS#1 v. 2.0 (RFC2437).
- */
-
-extern int oaep_encode(const void */*msg*/, size_t /*msz*/,
- void */*buf*/, size_t /*sz*/, void */*p*/);
-
-/* --- @oaep_decode@ --- *
- *
- * Arguments: @const void *buf@ = pointer to encoded buffer
- * @size_t sz@ = size of the encoded buffer
- * @dstr *d@ = pointer to destination string
- * @void *p@ = pointer to OAEP parameter block
- *
- * Returns: The length of the output string if successful, negative on
- * failure.
- *
- * Use: Implements the operation @EME-OAEP-DECODE@, as defined in
- * PKCS#1 v. 2.0 (RFC2437).
- */
-
-extern int oaep_decode(const void */*buf*/, size_t /*sz*/,
- dstr */*d*/, void */*p*/);
-
-/*----- That's all, folks -------------------------------------------------*/
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif
/* -*-c-*-
*
- * $Id: ofb-def.h,v 1.6 2004/04/02 01:03:49 mdw Exp $
+ * $Id: ofb-def.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Definitions for output feedback mode
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ofb-def.h,v $
- * Revision 1.6 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.5 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.4 2001/04/03 19:36:36 mdw
- * Don't use @va_arg@ as an argument to @STORE32@!
- *
- * Revision 1.3 2000/06/17 11:48:02 mdw
- * Use secure arena for memory allocation. Rearrange setiv slightly.
- *
- * Revision 1.2 1999/12/13 15:34:01 mdw
- * Add support for seeding from a generic pseudorandom source.
- *
- * Revision 1.1 1999/12/10 23:16:40 mdw
- * Split mode macros into interface and implementation.
- *
- */
-
#ifndef CATACOMB_OFB_DEF_H
#define CATACOMB_OFB_DEF_H
/* -*-c-*-
*
- * $Id: ofb.h,v 1.4 2001/06/17 00:10:51 mdw Exp $
+ * $Id: ofb.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Output feedback for block ciphers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ofb.h,v $
- * Revision 1.4 2001/06/17 00:10:51 mdw
- * Typesetting fixes
- *
- * Revision 1.3 2000/06/17 11:48:24 mdw
- * Change buffer offset to be unsigned.
- *
- * Revision 1.2 1999/12/10 23:16:40 mdw
- * Split mode macros into interface and implementation.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_OFB_H
#define CATACOMB_OFB_H
%%% -*-latex-*-
%%%
-%%% $Id: rand.tex,v 1.3 1999/10/15 21:05:56 mdw Exp $
+%%% $Id: rand.tex,v 1.4 2004/04/08 01:36:15 mdw Exp $
%%%
%%% Description of Catacomb's random number generator
%%%
%%% Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
%%% MA 02111-1307, USA.
-%%%----- Revision history ---------------------------------------------------
-%%%
-%%% $Log: rand.tex,v $
-%%% Revision 1.3 1999/10/15 21:05:56 mdw
-%%% Add a little more explanatory text for the pool and buffer sizes.
-%%%
-%%% Revision 1.2 1999/10/12 21:00:34 mdw
-%%% Updated. Almost finished, in fact. ;-)
-%%%
-%%% Revision 1.1 1999/09/03 08:41:13 mdw
-%%% Initial import.
-%%%
-
%%%----- Header -------------------------------------------------------------
\documentclass[a4paper, article, 10pt, notitlepage, numbering]{strayman}
/* -*-c-*-
*
- * $Id: paranoia.h,v 1.2 1999/12/10 23:29:48 mdw Exp $
+ * $Id: paranoia.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Macros and functions for cryptographic paranoia
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: paranoia.h,v $
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
#ifndef CATACOMB_PARANOIA_H
#define CATACOMB_PARANOIA_H
/* -*-c-*-
*
- * $Id: passphrase.c,v 1.5 2002/01/13 13:41:37 mdw Exp $
+ * $Id: passphrase.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Reading of passphrases (Unix-specific)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: passphrase.c,v $
- * Revision 1.5 2002/01/13 13:41:37 mdw
- * Fix stupidity in passphrase verification.
- *
- * Revision 1.4 2001/04/19 18:26:01 mdw
- * Re-request broken passphrases.
- *
- * Revision 1.3 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.2 2000/06/17 11:49:37 mdw
- * New pixie protocol allowing application to request passphrases and send
- * them to the pixie.
- *
- * Revision 1.1 1999/12/22 15:58:20 mdw
- * Portable interface to reading passphrases.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <errno.h>
/* -*-c-*-
*
- * $Id: passphrase.h,v 1.1 1999/12/22 15:58:20 mdw Exp $
+ * $Id: passphrase.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Reading passphrases
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: passphrase.h,v $
- * Revision 1.1 1999/12/22 15:58:20 mdw
- * Portable interface to reading passphrases.
- *
- */
-
#ifndef CATACOMB_PASSPHRASE_H
#define CATACOMB_PASSPHRASE_H
/* -*-c-*-
*
- * $Id: pfilt.c,v 1.5 2004/04/01 12:50:09 mdw Exp $
+ * $Id: pfilt.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Finding and testing prime numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pfilt.c,v $
- * Revision 1.5 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.4 2000/10/08 12:14:57 mdw
- * Remove vestiges of @primorial@.
- *
- * Revision 1.3 2000/08/15 21:44:27 mdw
- * (pfilt_smallfactor): New function for doing trial division the hard
- * way.
- *
- * (pfilt_create): Use @mpx_udivn@ for computing residues, for improved
- * performance.
- *
- * Pull the `small prime' test into a separate function, and do it
- * properly.
- *
- * Revision 1.2 2000/06/17 11:54:27 mdw
- * Use new MP memory management functions.
- *
- * Revision 1.1 1999/12/22 15:49:39 mdw
- * Renamed from `pgen'. Reworking for new prime-search system.
- *
- * Revision 1.3 1999/12/10 23:28:35 mdw
- * Track suggested destination changes.
- *
- * Revision 1.2 1999/11/20 22:23:05 mdw
- * Add multiply-and-add function for Diffie-Hellman safe prime generation.
- *
- * Revision 1.1 1999/11/19 13:17:57 mdw
- * Prime number generator and tester.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: pfilt.h,v 1.3 2004/04/01 12:50:09 mdw Exp $
+ * $Id: pfilt.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Finding and testing prime numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pfilt.h,v $
- * Revision 1.3 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.2 2000/08/15 21:42:56 mdw
- * Use the small primes type from `genprimes' output. New function for
- * doing trial division the hard way.
- *
- * Revision 1.1 1999/12/22 15:49:39 mdw
- * Renamed from `pgen'. Reworking for new prime-search system.
- *
- * Revision 1.3 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.2 1999/11/20 22:23:05 mdw
- * Add multiply-and-add function for Diffie-Hellman safe prime generation.
- *
- * Revision 1.1 1999/11/19 13:17:57 mdw
- * Prime number generator and tester.
- *
- */
-
#ifndef CATACOMB_PFILT_H
#define CATACOMB_PFILT_H
/* -*-c-*-
*
- * $Id: pgen-gcd.c,v 1.2 2000/07/01 11:09:20 mdw Exp $
+ * $Id: pgen-gcd.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Prime search stepper ensuring a low GCD for %$(p - 1)/2$%
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pgen-gcd.c,v $
- * Revision 1.2 2000/07/01 11:09:20 mdw
- * (pgen_gcd): Bug fix -- check the GCDs of the right things when deciding
- * whether to abort.
- *
- * Revision 1.1 2000/06/17 11:51:53 mdw
- * Filter which imposes additional restrictions on GCD of %$(p - 1)/2$%
- * with a given integer.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: pgen-safe.c,v 1.4 2000/07/03 18:09:27 mdw Exp $
+ * $Id: pgen-safe.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Safe prime generation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pgen-safe.c,v $
- * Revision 1.4 2000/07/03 18:09:27 mdw
- * Bug fix to the GCD check. With any luck, this is the last of these to
- * need nailing to the wall.
- *
- * Revision 1.3 2000/06/17 11:52:36 mdw
- * Signal a pgen abort if the jump and base share a common factor.
- *
- * Revision 1.2 2000/02/12 18:21:03 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 16:01:34 mdw
- * Find `safe' primes (i.e., %$p = 2q + 1$%).
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: pgen-stdev.c,v 1.3 2000/08/18 19:16:12 mdw Exp $
+ * $Id: pgen-stdev.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Standard event handlers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pgen-stdev.c,v $
- * Revision 1.3 2000/08/18 19:16:12 mdw
- * New event handler for showing in detail sub-prime generation.
- *
- * Revision 1.2 2000/07/09 21:31:34 mdw
- * Delete the spinner when the search finishes.
- *
- * Revision 1.1 1999/12/22 16:01:57 mdw
- * Standard progress-reporting functions.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: pgen.c,v 1.9 2004/04/01 12:50:09 mdw Exp $
+ * $Id: pgen.c,v 1.10 2004/04/08 01:36:15 mdw Exp $
*
* Prime generation glue
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pgen.c,v $
- * Revision 1.9 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.8 2002/01/13 13:42:53 mdw
- * More efficient Rabin-Miller test: with random witnesses, skip redundant
- * Montgomerization. (Being bijective, it can't affect the distribution.)
- *
- * Revision 1.7 2001/02/03 16:05:32 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.6 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.5 2000/06/17 11:52:36 mdw
- * Signal a pgen abort if the jump and base share a common factor.
- *
- * Revision 1.4 1999/12/22 16:01:11 mdw
- * Same file, completely different code. Main interface for new prime-
- * search system.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: pgen.h,v 1.8 2004/04/01 12:50:09 mdw Exp $
+ * $Id: pgen.h,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Prime generation glue
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pgen.h,v $
- * Revision 1.8 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- * Revision 1.7 2000/08/18 19:16:12 mdw
- * New event handler for showing in detail sub-prime generation.
- *
- * Revision 1.6 2000/06/17 11:52:12 mdw
- * Add the GCD filter.
- *
- * Revision 1.5 2000/02/12 18:21:03 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.4 1999/12/22 16:01:11 mdw
- * Same file, completely different code. Main interface for new prime-
- * search system.
- *
- */
-
#ifndef CATACOMB_PGEN_H
#define CATACOMB_PGEN_H
/* -*-c-*-
*
- * $Id: pixie-client.c,v 1.2 2000/06/17 11:49:37 mdw Exp $
+ * $Id: pixie-client.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Simple passphrase pixie client (Unix-specific)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pixie-client.c,v $
- * Revision 1.2 2000/06/17 11:49:37 mdw
- * New pixie protocol allowing application to request passphrases and send
- * them to the pixie.
- *
- * Revision 1.1 1999/12/22 15:58:41 mdw
- * Passphrase pixie support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <errno.h>
/* -*-c-*-
*
- * $Id: pixie-common.c,v 1.1 1999/12/22 15:58:41 mdw Exp $
+ * $Id: pixie-common.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Common code for Pixie client and server (Unix-specific)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pixie-common.c,v $
- * Revision 1.1 1999/12/22 15:58:41 mdw
- * Passphrase pixie support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <errno.h>
/* -*-c-*-
*
- * $Id: pixie.c,v 1.13 2004/03/21 22:43:05 mdw Exp $
+ * $Id: pixie.c,v 1.14 2004/04/08 01:36:15 mdw Exp $
*
* Passphrase pixie for Catacomb
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pixie.c,v $
- * Revision 1.13 2004/03/21 22:43:05 mdw
- * Keep quiet about expected errors on incoming connections.
- *
- * Revision 1.12 2002/01/13 13:50:42 mdw
- * Various fixes tracking mLib changes.
- *
- * Revision 1.11 2002/01/13 13:43:05 mdw
- * Fix bug in daemon mode.
- *
- * Revision 1.10 2001/02/21 20:03:54 mdw
- * Handle select errors (by bombing out). Cosmetic tweak.
- *
- * Revision 1.9 2001/02/03 16:06:44 mdw
- * Don't set a handler for @SIGINT@ if it's ignored at startup. Add some
- * error handling for the @select@ loop.
- *
- * Revision 1.8 2001/01/25 22:19:31 mdw
- * Make flags be unsigned.
- *
- * Revision 1.7 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.6 2000/10/08 12:06:46 mdw
- * Change size passed to socket function to be a @size_t@. Insert missing
- * type name for flag declaration.
- *
- * Revision 1.5 2000/07/29 22:05:22 mdw
- * Miscellaneous tidyings:
- *
- * * Change the timeout to something more appropriate for real use.
- *
- * * Check assumptions about object types when binding the socket. In
- * particular, don't zap the socket if it's really something else.
- *
- * * In @p_request@, return a failure if the shell command returned
- * nonzero. Fix a bug in @p_get@ which incorrectly passes on a success
- * code when this happens.
- *
- * * Dispose of the locked memory in client mode to avoid being
- * antisocial.
- *
- * * Also in client mode, don't report closure from the server if we're
- * running noninteractively.
- *
- * * Insert a missing option letter into the usage string.
- *
- * * Change to the root directory after forking in daemon mode.
- *
- * Revision 1.4 2000/06/17 11:50:53 mdw
- * New pixie protocol allowing application to request passphrases and send
- * them to the pixie. Use the secure arena interface for the input
- * buffer. Extend the input buffer. Other minor fixes.
- *
- * Revision 1.3 1999/12/22 22:14:40 mdw
- * Only produce initialization message if verbose.
- *
- * Revision 1.2 1999/12/22 22:13:42 mdw
- * Fix bug in passphrase flushing loop.
- *
- * Revision 1.1 1999/12/22 15:58:41 mdw
- * Passphrase pixie support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: pixie.h,v 1.2 2000/06/17 11:49:49 mdw Exp $
+ * $Id: pixie.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Passphrase pixie definitions (Unix-specific)
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pixie.h,v $
- * Revision 1.2 2000/06/17 11:49:49 mdw
- * New pixie protocol allowing application to request passphrases and send
- * them to the pixie.
- *
- * Revision 1.1 1999/12/22 15:58:41 mdw
- * Passphrase pixie support.
- *
- */
-
#ifndef CATACOMB_PIXIE_H
#define CATACOMB_PIXIE_H
/* -*-c-*-
*
- * $Id: pkcs1.c,v 1.3 2000/10/08 12:07:04 mdw Exp $
+ * $Id: pkcs1.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* PKCS#1 1.5 packing
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pkcs1.c,v $
- * Revision 1.3 2000/10/08 12:07:04 mdw
- * Don't do arithmetic on @void *@ pointers.
- *
- * Revision 1.2 2000/07/05 17:49:48 mdw
- * Fix decoding functions, so that they don't run off the end of the
- * buffer.
- *
- * Revision 1.1 2000/07/01 11:17:38 mdw
- * New support for PKCS#1 message encoding.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <string.h>
#include <mLib/dstr.h>
#include "grand.h"
-#include "pkcs1.h"
+#include "rsa.h"
/*----- Main code ---------------------------------------------------------*/
/* --- @pkcs1_cryptencode@ --- *
*
- * Arguments: @const void *msg@ = pointer to message data
+ * Arguments: @mp *d@ = where to put the answer
+ * @const void *m@ = pointer to message data
* @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
+ * @octet *b@ = spare buffer
+ * @size_t sz@ = size of the buffer (big enough)
+ * @unsigned long nbits@ = length of bits of @n@
* @void *p@ = pointer to PKCS1 parameter block
*
- * Returns: Zero if all went well, negative on failure.
+ * Returns: The encoded result, or null.
*
* Use: Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined
* in PKCS#1 v. 2.0 (RFC2437).
*/
-int pkcs1_cryptencode(const void *msg, size_t msz, void *buf, size_t sz,
- void *p)
+mp *pkcs1_cryptencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
+ unsigned long nbits, void *p)
{
pkcs1 *pp = p;
grand *r = pp->r;
- octet *q, *qq;
+ octet *q;
size_t i, n;
/* --- Ensure that the buffer is sensibly sized --- */
if (pp->epsz + msz + 11 > sz)
- return (-1);
+ return (0);
- /* --- Fill in the buffer --- */
+ /* --- Allocate the buffer and fill it in --- */
- q = buf;
- qq = q + sz;
- *q++ = 0;
- *q++ = 2;
+ q = b;
+ *q++ = 0x00;
+ *q++ = 0x02;
n = sz - msz - pp->epsz - 3;
- r->ops->fill(r, q, n);
+ GR_FILL(r, q, n);
for (i = 0; i < n; i++) {
if (*q == 0)
*q = r->ops->range(r, 255) + 1;
q++;
}
*q++ = 0;
- memcpy(q, pp->ep, pp->epsz);
- q += pp->epsz;
- memcpy(q, msg, msz);
- return (0);
+ if (pp->ep) {
+ memcpy(q, pp->ep, pp->epsz);
+ q += pp->epsz;
+ }
+ memcpy(q, m, msz);
+ q += msz;
+ assert(q == b + sz);
+
+ /* --- Collect the result --- */
+
+ return (mp_loadb(d, b, sz));
}
/* --- @pkcs1_cryptdecode@ --- *
*
- * Arguments: @const void *buf@ = pointer to encoded buffer
- * @size_t sz@ = size of the encoded buffer
- * @dstr *d@ = pointer to destination string
+ * Arguments: @mp *m@ = the decrypted message
+ * @octet *b@ = pointer to a buffer to work in
+ * @size_t sz@ = the size of the buffer (big enough)
+ * @unsigned long nbits@ = the number of bits in @n@
* @void *p@ = pointer to PKCS1 parameter block
*
* Returns: The length of the output string if successful, negative on
* in PKCS#1 v. 2.0 (RFC2437).
*/
-int pkcs1_cryptdecode(const void *buf, size_t sz, dstr *d, void *p)
+static int memeq(const void *xx, const void *yy, size_t sz)
+{
+ int eq = 1;
+ const octet *x = xx, *y = yy;
+ while (sz) { /* Always check every byte */
+ if (*x++ != *y++) eq = 0;
+ sz--;
+ }
+ return (eq);
+}
+
+int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
+ unsigned long nbits, void *p)
{
pkcs1 *pp = p;
const octet *q, *qq;
size_t n, i;
+ int bad = 0;
/* --- Check the size of the block looks sane --- */
- if (pp->epsz + 11 > sz)
+ if (pp->epsz + 11 > sz) /* OK: independent of ciphertext */
return (-1);
- q = buf;
+ mp_storeb(m, b, sz);
+ q = b;
qq = q + sz;
/* --- Ensure that the block looks OK --- */
- if (*q++ != 0 || *q++ != 2)
- return (-1);
+ bad |= (*q++ != 0x00 || *q++ != 0x02);
/* --- Check the nonzero padding --- */
i = 0;
while (*q != 0 && q < qq)
i++, q++;
- if (i < 8 || qq - q < pp->epsz + 1)
- return (-1);
+ bad |= (i < 8 || qq - q < pp->epsz + 1);
q++;
/* --- Check the encoding parameters --- */
- if (memcmp(q, pp->ep, pp->epsz) != 0)
- return (-1);
+ bad |= (pp->ep && !memeq(bad ? b : q, pp->ep, pp->epsz));
q += pp->epsz;
/* --- Done --- */
n = qq - q;
- dstr_putm(d, q, n);
- return (n);
+ memmove(b, bad ? b + 1 : q, n);
+ return (bad ? -1 : n);
}
/* --- @pkcs1_sigencode@ --- *
*
- * Arguments: @const void *msg@ = pointer to message data
+ * Arguments: @mp *d@ = where to put the answer
+ * @const void *m@ = pointer to message data
* @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
+ * @octet *b@ = spare buffer
+ * @size_t sz@ = size of the buffer (big enough)
+ * @unsigned long nbits@ = length of bits of @n@
* @void *p@ = pointer to PKCS1 parameter block
*
- * Returns: Zero if all went well, negative on failure.
+ * Returns: The encoded message representative, or null.
*
* Use: Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined
* in PKCS#1 v. 2.0 (RFC2437).
*/
-int pkcs1_sigencode(const void *msg, size_t msz, void *buf, size_t sz,
- void *p)
+mp *pkcs1_sigencode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
+ unsigned long nbits, void *p)
{
pkcs1 *pp = p;
- octet *q, *qq;
+ octet *q;
size_t n;
/* --- Ensure that the buffer is sensibly sized --- */
if (pp->epsz + msz + 11 > sz)
- return (-1);
+ return (0);
/* --- Fill in the buffer --- */
- q = buf;
- qq = q + sz;
- *q++ = 0;
- *q++ = 1;
+ q = b;
+ *q++ = 0x00;
+ *q++ = 0x01;
n = sz - msz - pp->epsz - 3;
memset(q, 0xff, n);
q += n;
*q++ = 0;
- memcpy(q, pp->ep, pp->epsz);
- q += pp->epsz;
- memcpy(q, msg, msz);
- return (0);
+ if (pp->ep) {
+ memcpy(q, pp->ep, pp->epsz);
+ q += pp->epsz;
+ }
+ memcpy(q, m, msz);
+ q += msz;
+ assert(q == b + sz);
+ return (mp_loadb(d, b, sz));
}
/* --- @pkcs1_sigdecode@ --- *
*
- * Arguments: @const void *buf@ = pointer to encoded buffer
- * @size_t sz@ = size of the encoded buffer
- * @dstr *d@ = pointer to destination string
- * @void *p@ = pointer to PKCS1 parameter block
+ * Arguments: @mp *s@ = the message representative
+ * @const void *m@ = the original message, or null (ignored)
+ * @size_t msz@ = the message size (ignored)
+ * @octet *b@ = a scratch buffer
+ * @size_t sz@ = size of the buffer (large enough)
+ * @unsigned long nbits@ = number of bits in @n@
+ * @void *p@ = pointer to PKCS1 parameters
*
* Returns: The length of the output string if successful, negative on
* failure.
* in PKCS#1 v. 2.0 (RFC2437).
*/
-int pkcs1_sigdecode(const void *buf, size_t sz, dstr *d, void *p)
+int pkcs1_sigdecode(mp *s, const void *m, size_t msz, octet *b, size_t sz,
+ unsigned long nbits, void *p)
{
pkcs1 *pp = p;
const octet *q, *qq;
if (pp->epsz + 10 > sz)
return (-1);
- q = buf;
+ mp_storeb(s, b, sz);
+ q = b;
qq = q + sz;
/* --- Ensure that the block looks OK --- */
- if (*q++ != 0 || *q++ != 1)
+ if (*q++ != 0x00 || *q++ != 0x01)
return (-1);
/* --- Check the padding --- */
/* --- Check the encoding parameters --- */
- if (memcmp(q, pp->ep, pp->epsz) != 0)
+ if (pp->ep && memcmp(q, pp->ep, pp->epsz) != 0)
return (-1);
q += pp->epsz;
/* --- Done --- */
n = qq - q;
- dstr_putm(d, q, n);
+ memmove(b, q, n);
return (n);
}
+++ /dev/null
-/* -*-c-*-
- *
- * $Id: pkcs1.h,v 1.1 2000/07/01 11:17:38 mdw Exp $
- *
- * PKCS#1 1.5 packing
- *
- * (c) 2000 Straylight/Edgeware
- */
-
-/*----- Licensing notice --------------------------------------------------*
- *
- * This file is part of Catacomb.
- *
- * Catacomb is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Library General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * Catacomb is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public
- * License along with Catacomb; if not, write to the Free
- * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pkcs1.h,v $
- * Revision 1.1 2000/07/01 11:17:38 mdw
- * New support for PKCS#1 message encoding.
- *
- */
-
-#ifndef CATACOMB_PKCS1_H
-#define CATACOMB_PKCS1_H
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/*----- Header files ------------------------------------------------------*/
-
-#include <mLib/bits.h>
-#include <mLib/dstr.h>
-
-#ifndef CATACOMB_GRAND_H
-# include "grand.h"
-#endif
-
-/*----- Data structures ---------------------------------------------------*/
-
-typedef struct pkcs1 {
- grand *r; /* Random number source */
- const void *ep; /* Encoding parameters block */
- size_t epsz; /* Size of the parameter block */
-} pkcs1;
-
-/*----- Functions provided ------------------------------------------------*/
-
-/* --- @pkcs1_cryptencode@ --- *
- *
- * Arguments: @const void *msg@ = pointer to message data
- * @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
- * @void *p@ = pointer to PKCS1 parameter block
- *
- * Returns: Zero if all went well, negative on failure.
- *
- * Use: Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined
- * in PKCS#1 v. 2.0 (RFC2437).
- */
-
-extern int pkcs1_cryptencode(const void */*msg*/, size_t /*msz*/,
- void */*buf*/, size_t /*sz*/, void */*p*/);
-
-/* --- @pkcs1_cryptdecode@ --- *
- *
- * Arguments: @const void *buf@ = pointer to encoded buffer)
- * @size_t sz@ = size of the encoded buffer
- * @dstr *d@ = pointer to destination string
- * @void *p@ = pointer to PKCS1 parameter block
- *
- * Returns: The length of the output string if successful, negative on
- * failure.
- *
- * Use: Implements the operation @EME-PKCS1-V1_5-DECODE@, as defined
- * in PKCS#1 v. 2.0 (RFC2437).
- */
-
-extern int pkcs1_cryptdecode(const void */*buf*/, size_t /*sz*/,
- dstr */*d*/, void */*p*/);
-
-/* --- @pkcs1_sigencode@ --- *
- *
- * Arguments: @const void *msg@ = pointer to message data
- * @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
- * @void *p@ = pointer to PKCS1 parameter block
- *
- * Returns: Zero if all went well, negative on failure.
- *
- * Use: Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined
- * in PKCS#1 v. 2.0 (RFC2437).
- */
-
-extern int pkcs1_sigencode(const void */*msg*/, size_t /*msz*/,
- void */*buf*/, size_t /*sz*/, void */*p*/);
-
-/* --- @pkcs1_sigdecode@ --- *
- *
- * Arguments: @const void *buf@ = pointer to encoded buffer
- * @size_t sz@ = size of the encoded buffer
- * @dstr *d@ = pointer to destination string
- * @void *p@ = pointer to PKCS1 parameter block
- *
- * Returns: The length of the output string if successful, negative on
- * failure.
- *
- * Use: Implements the operation @EMSA-PKCS1-V1_5-DECODE@, as defined
- * in PKCS#1 v. 2.0 (RFC2437).
- */
-
-extern int pkcs1_sigdecode(const void */*buf*/, size_t /*sz*/,
- dstr */*d*/, void */*p*/);
-
-/*----- That's all, folks -------------------------------------------------*/
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif
/* -*-c-*-
*
- * $Id: prim.c,v 1.3 2000/10/08 12:11:22 mdw Exp $
+ * $Id: prim.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Finding primitive elements
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: prim.c,v $
- * Revision 1.3 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.2 2000/07/29 09:57:42 mdw
- * Improve primitive-element testing a lot. Now much more sensible and
- * orthogonal: you can find a generator for any given subgroup order by
- * putting in the appropriate parameters.
- *
- * Revision 1.1 1999/12/22 15:58:59 mdw
- * Search for primitive elements using prime-search equipment.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: prim.h,v 1.2 2000/07/29 09:57:42 mdw Exp $
+ * $Id: prim.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Finding primitive elements
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: prim.h,v $
- * Revision 1.2 2000/07/29 09:57:42 mdw
- * Improve primitive-element testing a lot. Now much more sensible and
- * orthogonal: you can find a generator for any given subgroup order by
- * putting in the appropriate parameters.
- *
- * Revision 1.1 1999/12/22 15:58:59 mdw
- * Search for primitive elements using prime-search equipment.
- *
- */
-
#ifndef CATACOMB_PRIM_H
#define CATACOMB_PRIM_H
/* -*-c-*-
*
- * $Id: pss.c,v 1.1 2000/07/20 20:13:38 mdw Exp $
+ * $Id: pss.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Probabistic signature scheme
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pss.c,v $
- * Revision 1.1 2000/07/20 20:13:38 mdw
- * Added Bellare and Rogaway's PSS encoding for RSA signatures.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <string.h>
#include "gcipher.h"
#include "ghash.h"
#include "grand.h"
-#include "pss.h"
+#include "rsa.h"
-/*----- Main code ---------------------------------------------------------*/
+/*----- Magic statics -----------------------------------------------------*/
-/* --- @pss_presign@ --- *
- *
- * Arguments: @pss *pp@ = pointer to PSS parameter block
- *
- * Returns: An initialized generic hash context.
- *
- * Use: Initializes a hash function for signing with PSS. A salt is
- * chosen and written into the parameter block.
- */
-
-ghash *pss_presign(pss *pp)
-{
- size_t hsz = pp->ch->hashsz;
- octet *salt = xmalloc(hsz);
- ghash *h;
+static const octet z8[8] = { 0 };
- pp->r->ops->fill(pp->r, salt, hsz);
- pp->salt = salt;
- h = pp->ch->init();
- h->ops->hash(h, salt, hsz);
- return (h);
-}
+/*----- Main code ---------------------------------------------------------*/
/* --- @pss_encode@ --- *
*
- * Arguments: @const void *msg@ = pointer to message (hash) data
- * @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
- * @void *p@ = pointer to PSS parameter block
+ * Arguments: @mp *d@ = where to put the answer
+ * @const void *m@ = pointer to the message hash
+ * @size_t msz@ = the size of the message hash
+ * @octet *b@ = scratch buffer
+ * @size_t sz@ = sizeo of the buffer (large enough)
+ * @unsigned long nbits@ = size in bits of @n@
+ * @void *p@ = pointer to the PSS parameters
*
- * Returns: Zero of all went well, negative on failure.
+ * Returns: Encoded message representative, or null on error.
*
* Use: Implements the operation @EMSA-PSS-ENCODE@, as defined in
- * PKCS#1 v. 2.1 draft 1.
+ * PKCS#1 v. 2.1 (RFC3447).
*/
-int pss_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p)
+mp *pss_encode(mp *d, const void *m, size_t msz, octet *b, size_t sz,
+ unsigned long nbits, void *p)
{
pss *pp = p;
- octet *q, *mq, *qq;
+ octet *s, *r;
+ ghash *h;
gcipher *c;
- size_t hsz = pp->ch->hashsz;
- size_t n;
-
- /* --- Ensure that everything is sensibly sized --- */
-
- if (hsz + msz + 1 > sz)
- return (-1);
-
- /* --- Fill in the initial buffer --- */
-
- q = buf;
- *q++ = 0; sz--;
- mq = q + msz;
- qq = q + sz;
- n = sz - msz;
- memcpy(q, msg, msz);
- if (pp->salt)
- memcpy(mq, pp->salt, hsz);
- else
- memset(mq, 0, hsz);
- memset(mq + hsz, 0, n - hsz);
-
- /* --- Do the encryption --- */
-
- c = pp->cc->init(msg, msz);
- c->ops->encrypt(c, mq, mq, n);
- c->ops->destroy(c);
-
- /* --- Done --- */
-
- return (0);
+ unsigned mask;
+ size_t pssz, hsz = pp->ch->hashsz;
+
+ /* --- Check the message length --- */
+
+ nbits--;
+ sz = (nbits + 7)/8;
+ mask = (1 << nbits%8) - 1;
+ if (!mask) mask = 0xff;
+ if (hsz + pp->ssz + 2 > sz)
+ return (0);
+
+ /* --- Generate a random salt --- */
+
+ pssz = sz - pp->ssz - hsz - 2;
+ memset(b, 0, pssz);
+ b[pssz] = 0x01;
+ s = b + pssz + 1;
+ r = s + pp->ssz;
+ GR_FILL(pp->r, s, pp->ssz);
+
+ /* --- Compute the salted hash --- */
+
+ h = GH_INIT(pp->ch);
+ GH_HASH(h, z8, 8);
+ GH_HASH(h, m, msz);
+ GH_HASH(h, s, pp->ssz);
+ GH_DONE(h, r);
+ r[hsz] = 0xbc;
+
+ /* --- Do the masking --- */
+
+ c = GC_INIT(pp->cc, r, hsz);
+ GC_ENCRYPT(c, b, b, pssz + pp->ssz + 1);
+ GC_DESTROY(c);
+ b[0] &= mask;
+ return (mp_loadb(d, b, sz));
}
/* --- @pss_decode@ --- *
*
- * Arguments: @const void *buf@ = pointer to encoded buffer
- * @size_t sz@ = size of the encoded byffer
- * @dstr *d@ = pointer to destination string
- * @void *p@ = pointer to PSS parameter block
+ * Arguments: @mp *s@ = the message representative
+ * @const void *m@ = the original message
+ * @size_t msz@ = the message size
+ * @octet *b@ = a scratch buffer
+ * @size_t sz@ = size of the buffer (large enough)
+ * @unsigned long nbits@ = number of bits in @n@
+ * @void *p@ = pointer to PKCS1 parameters
*
- * Returns: The length of the output string (hash) if successful,
- * negative on failure.
+ * Returns: The length of the output string if successful, negative on
+ * failure.
*
- * Use: Implements most of the operation @EMSA_PSS_VERIFY@, as
- * defined in PCSK#1 v. 2.1 draft 1. The salt value is filled
- * in ready for hashing of the data to start.
+ * Use: Implements the operation @EMSA_PSS_VERIFY@, as defined in
+ * PCSK#1 v. 2.1 (RFC3447).
*/
-int pss_decode(const void *buf, size_t sz, dstr *d, void *p)
+int pss_decode(mp *mi, const void *m, size_t msz, octet *b, size_t sz,
+ unsigned long nbits, void *p)
{
pss *pp = p;
+ octet *s, *r;
+ ghash *h;
gcipher *c;
- octet *q, *mq, *qq;
- octet *ppp;
- size_t n;
- size_t hsz = pp->ch->hashsz;
- int rc = -1;
+ unsigned mask;
+ size_t pssz, hsz = pp->ch->hashsz, i;
+ int rc;
- /* --- Ensure that the block is large enough --- */
+ /* --- Check the message length --- */
- if (sz < 2 * hsz + 1)
+ nbits--;
+ sz = (nbits + 7)/8;
+ if (mp_octets(mi) > sz)
return (-1);
+ mask = (1 << nbits%8) - 1;
+ if (!mask) mask = 0xff;
+ if (hsz + pp->ssz + 2 > sz)
+ return (-1);
+ mp_storeb(mi, b, sz);
- q = x_alloc(d->a, sz);
- memcpy(q, buf, sz);
-
- /* --- Recover the salt --- */
-
- if (*q++ != 0)
- goto fail;
- sz--;
- mq = q + hsz;
- qq = q + sz;
- n = sz - hsz;
- c = pp->cc->init(q, hsz);
- c->ops->decrypt(c, mq, mq, n);
- c->ops->destroy(c);
-
- /* --- Now check the recovery --- */
+ /* --- Split up the buffer --- */
- ppp = mq + hsz;
- while (ppp < qq) {
- if (*ppp)
- goto fail;
- ppp++;
- }
+ pssz = sz - hsz - pp->ssz - 2;
+ s = b + pssz + 1;
+ r = s + pp->ssz;
+ if (r[hsz] != 0xbc)
+ return (-1);
- /* --- Done --- */
+ /* --- Decode the seed --- */
- if (pp->salt) {
- if (memcmp(pp->salt, mq, hsz) != 0)
- goto fail;
- } else {
- qq = xmalloc(hsz);
- memcpy(qq, mq, hsz);
- pp->salt = qq;
- }
- dstr_putm(d, q, hsz);
- rc = hsz;
-
-fail:
- x_free(d->a, q - 1);
- return (rc);
-}
+ if (b[0] & ~mask)
+ return (-1);
+ c = GC_INIT(pp->cc, r, hsz);
+ GC_DECRYPT(c, b, b, pssz + pp->ssz + 1);
+ GC_DESTROY(c);
+ b[0] &= mask;
+ for (i = 0; i < pssz; i++)
+ if (b[i]) return (-1);
+ if (b[pssz] != 0x01)
+ return (-1);
-/* --- @pss_preverify@ --- *
- *
- * Arguments: @pss *pp@ = pointer to PSS parameter block
- *
- * Returns: An initialized generic hash context.
- *
- * Use: Initializes a hash function for use with PSS. A salt is
- * read from the parameter block, where @pss_decode@ should have
- * left it.
- */
+ /* --- Hash the message --- */
-ghash *pss_preverify(pss *pp)
-{
- size_t hsz = pp->ch->hashsz;
- ghash *h = pp->ch->init();
- h->ops->hash(h, pp->salt, hsz);
- return (h);
-}
+ h = GH_INIT(pp->ch);
+ GH_HASH(h, z8, 8);
+ GH_HASH(h, m, msz);
+ GH_HASH(h, s, pp->ssz);
+ s = GH_DONE(h, 0);
+ rc = !memcmp(s, r, hsz);
+ GH_DESTROY(h);
+ if (!rc) return (-1);
-/* --- @pss_done@ --- *
- *
- * Arguments: @pss *pp@ = pointer to PSS parameter block
- *
- * Returns: ---
- *
- * Use: Disposes of a PSS parameter block once it's finished with.
- */
+ /* --- Done --- */
-void pss_done(pss *pp)
-{
- if (pp->salt) {
- xfree(pp->salt);
- pp->salt = 0;
- }
+ return (0);
}
/*----- That's all, folks -------------------------------------------------*/
+++ /dev/null
-/* -*-c-*-
- *
- * $Id: pss.h,v 1.2 2003/05/16 09:42:03 mdw Exp $
- *
- * Probabistic signature scheme
- *
- * (c) 2000 Straylight/Edgeware
- */
-
-/*----- Licensing notice --------------------------------------------------*
- *
- * This file is part of Catacomb.
- *
- * Catacomb is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Library General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * Catacomb is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public
- * License along with Catacomb; if not, write to the Free
- * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pss.h,v $
- * Revision 1.2 2003/05/16 09:42:03 mdw
- * Declare @pss_preverify@ instead of repeating @pss_resign@.
- *
- * Revision 1.1 2000/07/20 20:13:38 mdw
- * Added Bellare and Rogaway's PSS encoding for RSA signatures.
- *
- */
-
-/*----- Notes on PSS ------------------------------------------------------*
- *
- * Applying PSS before RSA signing renders the construction provably secure,
- * in that the difficulty of forging a signature is directly related to the
- * difficulty of inverting the RSA function, in the random oracle model.
- * This is a good thing. PSS was designed by Bellare and Rogaway. This
- * particular variant is the one specified in draft 1 of PKCS#1 version 2.1.
- *
- * Stanford University have a patent claim on PSS, although if (as seems
- * likely) PSS is included in IEEE P1363, they'll grant a free world-wide
- * licence to use the scheme for signatures with appendix (rather than
- * signatures with message recovery).
- */
-
-#ifndef CATACOMB_PSS_H
-#define CATACOMB_PSS_H
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/*----- Header files ------------------------------------------------------*/
-
-#include <mLib/bits.h>
-#include <mLib/dstr.h>
-
-#ifndef CATACOMB_GCIPHER_H
-# include "gcipher.h"
-#endif
-
-#ifndef CATACOMB_GHASH_H
-# include "ghash.h"
-#endif
-
-#ifndef CATACOMB_GRAND_H
-# include "grand.h"
-#endif
-
-/*----- Data structures ---------------------------------------------------*/
-
-typedef struct pss {
- const gccipher *cc; /* Cipher class for masking */
- const gchash *ch; /* Hash class for choosing a seed */
- grand *r; /* Random number source */
- void *salt; /* Pointer to the salt */
-} pss;
-
-/*----- Functions provided ------------------------------------------------*/
-
-/* --- @pss_presign@ --- *
- *
- * Arguments: @pss *pp@ = pointer to PSS parameter block
- *
- * Returns: An initialized generic hash context.
- *
- * Use: Initializes a hash function for signing with PSS. A salt is
- * chosen and written into the parameter block.
- */
-
-extern ghash *pss_presign(pss */*pp*/);
-
-/* --- @pss_encode@ --- *
- *
- * Arguments: @const void *msg@ = pointer to message (hash) data
- * @size_t msz@ = size of message data
- * @void *buf@ = pointer to output buffer
- * @size_t sz@ = size of the output buffer
- * @void *p@ = pointer to PSS parameter block
- *
- * Returns: Zero of all went well, negative on failure.
- *
- * Use: Implements the operation @EMSA-PSS-ENCODE@, as defined in
- * PKCS#1 v. 2.1 draft 1.
- */
-
-extern int pss_encode(const void */*msg*/, size_t /*msz*/,
- void */*buf*/, size_t /*sz*/, void */*p*/);
-
-/* --- @pss_decode@ --- *
- *
- * Arguments: @const void *buf@ = pointer to encoded buffer
- * @size_t sz@ = size of the encoded byffer
- * @dstr *d@ = pointer to destination string
- * @void *p@ = pointer to PSS parameter block
- *
- * Returns: The length of the output string (hash) if successful,
- * negative on failure.
- *
- * Use: Implements most of the operation @EMSA_PSS_VERIFY@, as
- * defined in PCSK#1 v. 2.1 draft 1. The salt value is filled
- * in ready for hashing of the data to start.
- */
-
-extern int pss_decode(const void */*buf*/, size_t /*sz*/,
- dstr */*d*/, void */*p*/);
-
-/* --- @pss_preverify@ --- *
- *
- * Arguments: @pss *pp@ = pointer to PSS parameter block
- *
- * Returns: An initialized generic hash context.
- *
- * Use: Initializes a hash function for use with PSS. A salt is
- * read from the parameter block, where @pss_decode@ should have
- * left it.
- */
-
-extern ghash *pss_preverify(pss */*pp*/);
-
-/* --- @pss_done@ --- *
- *
- * Arguments: @pss *pp@ = pointer to PSS parameter block
- *
- * Returns: ---
- *
- * Use: Disposes of a PSS parameter block once it's finished with.
- */
-
-extern void pss_done(pss */*pp*/);
-
-/*----- That's all, folks -------------------------------------------------*/
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif
/* -*-c-*-
*
- * $Id: ptab.h,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: ptab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Table of standard prime groups
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: ptab.h,v $
- * Revision 1.1 2004/04/01 12:50:09 mdw
- * Add cyclic group abstraction, with test code. Separate off exponentation
- * functions for better static linking. Fix a buttload of bugs on the way.
- * Generally ensure that negative exponents do inversion correctly. Add
- * table of standard prime-field subgroups. (Binary field subgroups are
- * currently unimplemented but easy to add if anyone ever finds a good one.)
- *
- */
-
#ifndef CATACOMB_PTAB_H
#define CATACOMB_PTAB_H
/* -*-c-*-
*
- * $Id: qdparse.c,v 1.1 2004/03/27 17:54:12 mdw Exp $
+ * $Id: qdparse.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Quick-and-dirty parser
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: qdparse.c,v $
- * Revision 1.1 2004/03/27 17:54:12 mdw
- * Standard curves and curve checking.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <ctype.h>
/* -*-c-*-
*
- * $Id: qdparse.h,v 1.1 2004/03/27 17:54:12 mdw Exp $
+ * $Id: qdparse.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Quick-and-dirty parser
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: qdparse.h,v $
- * Revision 1.1 2004/03/27 17:54:12 mdw
- * Standard curves and curve checking.
- *
- */
-
#ifndef CATACOMB_QDPARSE_H
#define CATACOMB_QDPARSE_H
/* -*-c-*-
*
- * $Id: rabin.c,v 1.8 2004/04/02 01:03:49 mdw Exp $
+ * $Id: rabin.c,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Miller-Rabin primality test
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rabin.c,v $
- * Revision 1.8 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.7 2002/01/13 13:42:53 mdw
- * More efficient Rabin-Miller test: with random witnesses, skip redundant
- * Montgomerization. (Being bijective, it can't affect the distribution.)
- *
- * Revision 1.6 2001/06/16 12:56:38 mdw
- * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@.
- *
- * Revision 1.5 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.4 2000/06/22 19:03:02 mdw
- * Use the new @mp_odd@ function.
- *
- * Revision 1.3 1999/12/22 15:50:29 mdw
- * Reworking for new prime-search system. Add function for working out how
- * many iterations to use for a particular number.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/11/19 13:17:57 mdw
- * Prime number generator and tester.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
/* -*-c-*-
*
- * $Id: rabin.h,v 1.6 2002/01/13 13:42:53 mdw Exp $
+ * $Id: rabin.h,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Miller-Rabin primality test
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rabin.h,v $
- * Revision 1.6 2002/01/13 13:42:53 mdw
- * More efficient Rabin-Miller test: with random witnesses, skip redundant
- * Montgomerization. (Being bijective, it can't affect the distribution.)
- *
- * Revision 1.5 2000/07/09 21:32:16 mdw
- * rabin_test: Correct error in comment.
- *
- * Revision 1.4 2000/06/17 11:52:48 mdw
- * Typesetting fix.
- *
- * Revision 1.3 1999/12/22 15:50:29 mdw
- * Reworking for new prime-search system. Add function for working out how
- * many iterations to use for a particular number.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/11/19 13:17:57 mdw
- * Prime number generator and tester.
- *
- */
-
#ifndef CATACOMB_RABIN_H
#define CATACOMB_RABIN_H
/* -*-c-*-
*
- * $Id: rand.c,v 1.5 2000/06/17 11:53:55 mdw Exp $
+ * $Id: rand.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Secure random number generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rand.c,v $
- * Revision 1.5 2000/06/17 11:53:55 mdw
- * Deprecate `rand_getgood'. Provide a new interface to ensure that a pool
- * is well seeded. Use secure arena for memory allocation.
- *
- * Revision 1.4 1999/12/13 15:34:28 mdw
- * Increase the entropy threshhold in rand_getgood.
- *
- * Revision 1.3 1999/12/10 23:28:07 mdw
- * Bug fix: rand_getgood didn't update buffer pointer.
- *
- * Revision 1.2 1999/10/12 21:00:15 mdw
- * Make pool and buffer sizes more sensible.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdarg.h>
/* -*-c-*-
*
- * $Id: rand.h,v 1.8 2001/02/03 16:07:33 mdw Exp $
+ * $Id: rand.h,v 1.9 2004/04/08 01:36:15 mdw Exp $
*
* Secure random number generator
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rand.h,v $
- * Revision 1.8 2001/02/03 16:07:33 mdw
- * Give generic random objects separate namespaces for their supported misc
- * ops.
- *
- * Revision 1.7 2000/10/08 12:07:18 mdw
- * Remove spurious comma in enum.
- *
- * Revision 1.6 2000/06/17 11:53:38 mdw
- * Deprecate `rand_getgood'. Provide a new interface to ensure that a pool
- * is well seeded.
- *
- * Revision 1.5 1999/12/13 15:34:15 mdw
- * Fix a typo.
- *
- * Revision 1.4 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.3 1999/10/15 21:04:30 mdw
- * Increase output buffer a bit for performance.
- *
- * Revision 1.2 1999/10/12 21:00:15 mdw
- * Make pool and buffer sizes more sensible.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the random number generator ------------------------------*
*
* The algorithm is one of the author's own devising. It may therefore be
/* -*-c-*-
*
- * $Id: rc2-tab.h,v 1.1 2001/04/29 17:39:52 mdw Exp $
+ * $Id: rc2-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Substitution table for RC2
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rc2-tab.h,v $
- * Revision 1.1 2001/04/29 17:39:52 mdw
- * Moved big horrible table to a separate header.
- *
- */
-
#ifndef CATACOMB_RC2_TAB_H
#define CATACOMB_RC2_TAB_H
/* -*-c-*-
*
- * $Id: rc2.c,v 1.2 2001/04/29 17:39:52 mdw Exp $
+ * $Id: rc2.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The RC2 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rc2.c,v $
- * Revision 1.2 2001/04/29 17:39:52 mdw
- * Moved big horrible table to a separate header.
- *
- * Revision 1.1 2000/06/17 11:54:34 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rc2.h,v 1.1 2000/06/17 11:54:34 mdw Exp $
+ * $Id: rc2.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The RC2 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rc2.h,v $
- * Revision 1.1 2000/06/17 11:54:34 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the RC2 block cipher -------------------------------------*
*
* RC2 was designed by Ron Rivest, and for a long time was a trade secret of
/* -*-c-*-
*
- * $Id: rc4.c,v 1.5 2001/04/03 19:36:36 mdw Exp $
+ * $Id: rc4.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* The alleged RC4 stream cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rc4.c,v $
- * Revision 1.5 2001/04/03 19:36:36 mdw
- * Don't use @va_arg@ as an argument to @STORE32@!
- *
- * Revision 1.4 2000/06/17 11:55:22 mdw
- * New key size interface. Allow key material to be combined with an
- * existing initialized context. Use secure arena for memory allocation.
- *
- * Revision 1.3 1999/12/13 15:34:01 mdw
- * Add support for seeding from a generic pseudorandom source.
- *
- * Revision 1.2 1999/12/10 23:27:35 mdw
- * Generic cipher and RNG interfaces.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rc4.h,v 1.3 2000/06/17 11:55:13 mdw Exp $
+ * $Id: rc4.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The alleged RC4 stream cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rc4.h,v $
- * Revision 1.3 2000/06/17 11:55:13 mdw
- * New key size interface. Allow key material to be combined with an
- * existing initialized context.
- *
- * Revision 1.2 1999/12/10 23:27:46 mdw
- * Generic cipher and RNG interfaces.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on RC4 ------------------------------------------------------*
*
* RC4 is a stream cipher desgigned by Ron Rivest. For a while RC4 was a
/* -*-c-*-
*
- * $Id: rc5.c,v 1.2 2000/06/17 11:56:00 mdw Exp $
+ * $Id: rc5.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The RC5-32/12 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rc5.c,v $
- * Revision 1.2 2000/06/17 11:56:00 mdw
- * New key size interface. Use secure arena for memory allocation.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rc5.h,v 1.3 2000/06/17 11:55:50 mdw Exp $
+ * $Id: rc5.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The RC5-32/12 block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rc5.h,v $
- * Revision 1.3 2000/06/17 11:55:50 mdw
- * New key size interface. Add notes about the cipher.
- *
- * Revision 1.2 1999/12/10 23:29:48 mdw
- * Change header file guard names.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the RC5 block cipher -------------------------------------*
*
* RC5 was designed by Ron Rivest as a test vehicle for the use of data-
/* -*-c-*-
*
- * $Id: rho.c,v 1.4 2004/04/02 01:03:49 mdw Exp $
+ * $Id: rho.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Pollard's rho algorithm for discrete logs
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rho.c,v $
- * Revision 1.4 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.3 2001/06/16 12:56:38 mdw
- * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@.
- *
- * Revision 1.2 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.1 2000/07/09 21:32:30 mdw
- * Pollard's rho algorithm for computing discrete logs.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "fibrand.h"
/* -*-c-*-
*
- * $Id: rho.h,v 1.2 2004/04/02 01:03:49 mdw Exp $
+ * $Id: rho.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Pollard's rho algorithm for discrete logs
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rho.h,v $
- * Revision 1.2 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.1 2000/07/09 21:32:30 mdw
- * Pollard's rho algorithm for computing discrete logs.
- *
- */
-
#ifndef CATACOMB_RHO_H
#define CATACOMB_RHO_H
/* -*-c-*-
*
- * $Id: rijndael-base.c,v 1.1 2001/05/07 17:31:37 mdw Exp $
+ * $Id: rijndael-base.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Low-level stuff for all Rijndael block sizes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael-base.c,v $
- * Revision 1.1 2001/05/07 17:31:37 mdw
- * Centralize Rijndael tables and key scheduling.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rijndael-base.h,v 1.1 2001/05/07 17:31:37 mdw Exp $
+ * $Id: rijndael-base.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Internal header for Rijndael implementation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael-base.h,v $
- * Revision 1.1 2001/05/07 17:31:37 mdw
- * Centralize Rijndael tables and key scheduling.
- *
- */
-
#ifndef CATACOMB_RIJNDAEL_BASE_H
#define CATACOMB_RIJNDAEL_BASE_H
/* -*-c-*-
*
- * $Id: rijndael-mktab.c,v 1.3 2000/10/14 17:13:19 mdw Exp $
+ * $Id: rijndael-mktab.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Build precomputed tables for the Rijndael block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael-mktab.c,v $
- * Revision 1.3 2000/10/14 17:13:19 mdw
- * Fix some compile errors.
- *
- * Revision 1.2 2000/06/18 23:12:15 mdw
- * Change typesetting of Galois Field names.
- *
- * Revision 1.1 2000/06/17 11:56:07 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rijndael.c,v 1.4 2001/05/07 17:31:53 mdw Exp $
+ * $Id: rijndael.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* The Rijndael block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael.c,v $
- * Revision 1.4 2001/05/07 17:31:53 mdw
- * Separate out key scheduling.
- *
- * Revision 1.3 2001/05/07 15:44:46 mdw
- * Fix unusual numbers of rounds. Simplify implementation.
- *
- * Revision 1.2 2000/12/06 20:32:59 mdw
- * Fix round count for weird key sizes.
- *
- * Revision 1.1 2000/06/17 11:56:07 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rijndael.h,v 1.3 2001/05/07 17:31:53 mdw Exp $
+ * $Id: rijndael.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The Rijndael block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael.h,v $
- * Revision 1.3 2001/05/07 17:31:53 mdw
- * Separate out key scheduling.
- *
- * Revision 1.2 2000/10/08 15:48:58 mdw
- * Update comments now that AES has been chosen.
- *
- * Revision 1.1 2000/06/17 11:56:07 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the Rijndael block cipher --------------------------------*
*
* Invented by Joan Daemen and Vincent Rijmen, Rijndael is a fast, elegant
/* -*-c-*-
*
- * $Id: rijndael192.c,v 1.1 2001/05/07 17:32:03 mdw Exp $
+ * $Id: rijndael192.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Rijndael block cipher, 192-bit version
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael192.c,v $
- * Revision 1.1 2001/05/07 17:32:03 mdw
- * New Rijndael block sizes.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rijndael192.h,v 1.1 2001/05/07 17:32:03 mdw Exp $
+ * $Id: rijndael192.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Rijndael block cipher, 192-bit version
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael192.h,v $
- * Revision 1.1 2001/05/07 17:32:03 mdw
- * New Rijndael block sizes.
- *
- */
-
#ifndef CATACOMB_RIJNDAEL192_H
#define CATACOMB_RIJNDAEL192_H
/* -*-c-*-
*
- * $Id: rijndael256.c,v 1.1 2001/05/07 17:32:03 mdw Exp $
+ * $Id: rijndael256.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Rijndael block cipher, 256-bit version
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael256.c,v $
- * Revision 1.1 2001/05/07 17:32:03 mdw
- * New Rijndael block sizes.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: rijndael256.h,v 1.1 2001/05/07 17:32:03 mdw Exp $
+ * $Id: rijndael256.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Rijndael block cipher, 256-bit version
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rijndael256.h,v $
- * Revision 1.1 2001/05/07 17:32:03 mdw
- * New Rijndael block sizes.
- *
- */
-
#ifndef CATACOMB_RIJNDAEL256_H
#define CATACOMB_RIJNDAEL256_H
/* -*-c-*-
*
- * $Id: rmd128.c,v 1.1 2000/07/09 21:30:31 mdw Exp $
+ * $Id: rmd128.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-128 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd128.c,v $
- * Revision 1.1 2000/07/09 21:30:31 mdw
- * New RIPEMD variants.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: rmd128.h,v 1.2 2000/10/15 19:09:20 mdw Exp $
+ * $Id: rmd128.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-128 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd128.h,v $
- * Revision 1.2 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.1 2000/07/09 21:30:31 mdw
- * New RIPEMD variants.
- *
- */
-
/*----- Notes on the RIPEMD-128 hash function -----------------------------*
*
* RIPEMD-128 was invented by Hans Dobbertin, Antoon Bosselaers and Bart
/* -*-c-*-
*
- * $Id: rmd160.c,v 1.3 2000/06/17 11:31:43 mdw Exp $
+ * $Id: rmd160.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-160 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd160.c,v $
- * Revision 1.3 2000/06/17 11:31:43 mdw
- * Portability fix for broken compilers.
- *
- * Revision 1.2 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: rmd160.h,v 1.4 2000/10/15 19:09:20 mdw Exp $
+ * $Id: rmd160.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-160 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd160.h,v $
- * Revision 1.4 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.3 2000/06/17 11:32:52 mdw
- * Change buffer offset to be unsigned.
- *
- * Revision 1.2 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the RIPEMD-160 hash function -----------------------------*
*
* RIPEMD-160 was invented by Hans Dobbertin, Antoon Bosselaers and Bart
/* -*-c-*-
*
- * $Id: rmd256.c,v 1.2 2001/02/23 09:02:52 mdw Exp $
+ * $Id: rmd256.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-256 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd256.c,v $
- * Revision 1.2 2001/02/23 09:02:52 mdw
- * Fix poorly copied comment.
- *
- * Revision 1.1 2000/07/09 21:30:31 mdw
- * New RIPEMD variants.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: rmd256.h,v 1.2 2000/10/15 19:09:20 mdw Exp $
+ * $Id: rmd256.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-256 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd256.h,v $
- * Revision 1.2 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.1 2000/07/09 21:30:31 mdw
- * New RIPEMD variants.
- *
- */
-
/*----- Notes on the RIPEMD-256 hash function -----------------------------*
*
* RIPEMD-256 was invented by Hans Dobbertin, Antoon Bosselaers and Bart
/* -*-c-*-
*
- * $Id: rmd320.c,v 1.1 2000/07/09 21:30:31 mdw Exp $
+ * $Id: rmd320.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-320 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd320.c,v $
- * Revision 1.1 2000/07/09 21:30:31 mdw
- * New RIPEMD variants.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: rmd320.h,v 1.2 2000/10/15 19:09:20 mdw Exp $
+ * $Id: rmd320.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The RIPEMD-320 message digest function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rmd320.h,v $
- * Revision 1.2 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.1 2000/07/09 21:30:31 mdw
- * New RIPEMD variants.
- *
- */
-
/*----- Notes on the RIPEMD-320 hash function -----------------------------*
*
* RIPEMD-320 was invented by Hans Dobbertin, Antoon Bosselaers and Bart
/* -*-c-*-
*
- * $Id: rsa-fetch.c,v 1.2 2000/07/01 11:19:22 mdw Exp $
+ * $Id: rsa-fetch.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Key fetching for RSA public and private keys
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa-fetch.c,v $
- * Revision 1.2 2000/07/01 11:19:22 mdw
- * New functions for freeing public and private keys.
- *
- * Revision 1.1 2000/06/17 10:41:45 mdw
- * Table for driving key data extraction.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "key.h"
/* -*-c-*-
*
- * $Id: rsa-gen.c,v 1.4 2000/10/08 12:11:22 mdw Exp $
+ * $Id: rsa-gen.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* RSA parameter generation
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa-gen.c,v $
- * Revision 1.4 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.3 2000/07/01 11:22:22 mdw
- * Remove bad type name `rsa_param'.
- *
- * Revision 1.2 2000/06/17 12:05:15 mdw
- * Lots of changes:
- *
- * * Apply limits on %$\gcd(p - 1, q - 1)$% to reduce the space of
- * equivalent decryption exponents.
- *
- * * Force %$e = F_4 = 2^{16} + 1$% to avoid small-encryption-exponent
- * attacks.
- *
- * * Ensure that %$p > q$% and that %$p - q$% is large to deter
- * square-root-based factoring methods.
- *
- * * Use %$e d \equiv 1 \pmod{\lambda(n)}$%, where %$\lambda(n)$% is
- * %$\lcm(p - 1, q - 1)$%, as recommended in PKCS#1, rather than the
- * more usual %$\varphi(n) = (p - 1)(q - 1)$%.
- *
- * * Handle aborts from pgen_jump.
- *
- * Revision 1.1 1999/12/22 15:50:45 mdw
- * Initial RSA support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* --- Work out the modulus and the CRT coefficient --- */
rp->n = mp_mul(MP_NEW, rp->p, rp->q);
- rp->q_inv = MP_NEW; mp_gcd(0, 0, &rp->q_inv, rp->p, rp->q);
+ rp->q_inv = mp_modinv(MP_NEW, rp->q, rp->p);
/* --- Work out %$\varphi(n) = (p - 1)(q - 1)$% --- *
*
/* -*-c-*-
*
- * $Id: rsa-priv.c,v 1.3 2001/06/16 12:56:38 mdw Exp $
+ * $Id: rsa-priv.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* RSA private-key operations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa-priv.c,v $
- * Revision 1.3 2001/06/16 12:56:38 mdw
- * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@.
- *
- * Revision 1.2 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.1 2000/07/01 11:23:20 mdw
- * Renamed from `rsa-decrypt', since the name was no longer appropriate.
- * Add functions for doing padded RSA decryption and signing.
- *
- * --- Previous lives as rsa-decrypt.c ---
- *
- * Revision 1.2 2000/06/17 11:57:56 mdw
- * Improve bulk performance by making better use of Montgomery
- * multiplication and separating out initialization and finalization from
- * the main code.
- *
- * Revision 1.1 1999/12/22 15:50:45 mdw
- * Initial RSA support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
/* --- @rsa_sign@ --- *
*
* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
+ * @mp *d@ = where to put the result
* @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_encodeproc e@ = encoding procedure
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
* @void *earg@ = argument pointer for encoding procedure
*
- * Returns: The length of the output string if successful, negative on
+ * Returns: The signature, as a multiprecision integer, or null on
* failure.
*
* Use: Computes an RSA digital signature.
*/
-int rsa_sign(rsa_privctx *rp, const void *m, size_t sz,
- dstr *d, rsa_encodeproc e, void *earg)
+mp *rsa_sign(rsa_privctx *rp, mp *d, const void *m, size_t msz,
+ rsa_pad *e, void *earg)
{
- mp *x;
- size_t n = mp_octets(rp->rp->n);
octet *p;
- int rc;
-
- /* --- Sort out some space --- */
-
- dstr_ensure(d, n);
- p = (octet *)d->buf + d->len;
- p[0] = 0;
-
- /* --- Do the packing --- */
-
- if ((rc = e(m, sz, p, n, earg)) < 0)
- return (rc);
-
- /* --- Do the encryption --- */
-
- x = mp_loadb(MP_NEWSEC, p, n);
- x = rsa_privop(rp, x, x);
- mp_storeb(x, p, n);
- d->len += n;
- mp_drop(x);
- return (n);
+ unsigned long nb = mp_bits(rp->rp->n);
+ size_t n = (nb + 7)/8;
+ arena *a = d && d->a ? d->a->a : arena_global;
+
+ p = x_alloc(a, n);
+ d = e(d, m, msz, p, n, nb, earg);
+ x_free(a, p);
+ return (d ? rsa_privop(rp, d, d) : 0);
}
/* --- @rsa_decrypt@ --- *
*
* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
- * @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
+ * @mp *m@ = encrypted message, as a multiprecision integer
* @dstr *d@ = pointer to output string
- * @rsa_decodeproc e@ = decoding procedure
+ * @rsa_decunpad *e@ = decoding procedure
* @void *earg@ = argument pointer for decoding procedure
*
* Returns: The length of the output string if successful, negative on
* failure.
*
- * Use: Does RSA signature verification.
+ * Use: Does RSA decryption.
*/
-int rsa_decrypt(rsa_privctx *rp, const void *m, size_t sz,
- dstr *d, rsa_decodeproc e, void *earg)
+int rsa_decrypt(rsa_privctx *rp, mp *m, dstr *d,
+ rsa_decunpad *e, void *earg)
{
- mp *x;
- size_t n = mp_octets(rp->rp->n);
- octet *p;
+ mp *p = rsa_privop(rp, MP_NEW, m);
+ unsigned long nb = mp_bits(rp->rp->n);
+ size_t n = (nb + 7)/8;
int rc;
- /* --- Do the exponentiation --- */
-
- p = x_alloc(d->a, n);
- x = mp_loadb(MP_NEW, m, sz);
- x = rsa_privop(rp, x, x);
- mp_storeb(x, p, n);
- mp_drop(x);
-
- /* --- Do the decoding --- */
-
- rc = e(p, n, d, earg);
- x_free(d->a, p);
+ dstr_ensure(d, n);
+ rc = e(p, (octet *)d->buf + d->len, n, nb, earg);
+ if (rc >= 0)
+ d->len += rc;
+ mp_drop(p);
return (rc);
}
/* -*-c-*-
*
- * $Id: rsa-pub.c,v 1.2 2000/10/08 16:00:32 mdw Exp $
+ * $Id: rsa-pub.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* [RSA encryption with padding *
* (c) 2000 Straylight/Edgeware
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa-pub.c,v $
- * Revision 1.2 2000/10/08 16:00:32 mdw
- * Fix compiler warning.
- *
- * Revision 1.1 2000/07/01 11:23:52 mdw
- * Public-key operations, for symmetry with `rsa-priv.c'. Functions for
- * doing padded RSA encryption and signature verification.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
/* --- @rsa_encrypt@ --- *
*
* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
+ * @mp *d@ = proposed destination integer
* @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_encodeproc e@ = encoding procedure
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
* @void *earg@ = argument pointer for encoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The encrypted message, as a multiprecision integer, or null
+ * on failure.
*
* Use: Does RSA encryption.
*/
-int rsa_encrypt(rsa_pubctx *rp, const void *m, size_t sz,
- dstr *d, rsa_encodeproc e, void *earg)
+mp *rsa_encrypt(rsa_pubctx *rp, mp *d, const void *m, size_t msz,
+ rsa_pad *e, void *earg)
{
- mp *x;
- size_t n = mp_octets(rp->rp->n);
octet *p;
- int rc;
-
- /* --- Sort out some space --- */
-
- dstr_ensure(d, n);
- p = (octet *)d->buf + d->len;
- p[0] = 0;
-
- /* --- Do the packing --- */
-
- if ((rc = e(m, sz, p, n, earg)) < 0)
- return (rc);
-
- /* --- Do the encryption --- */
-
- x = mp_loadb(MP_NEWSEC, p, n);
- x = rsa_pubop(rp, x, x);
- mp_storeb(x, p, n);
- d->len += n;
- mp_drop(x);
- return (n);
+ unsigned long nb = mp_bits(rp->rp->n);
+ size_t n = (nb + 7)/8;
+ arena *a = d && d->a ? d->a->a : arena_global;
+
+ p = x_alloc(a, n);
+ d = e(d, m, msz, p, n, nb, earg);
+ x_free(a, p);
+ return (d ? rsa_pubop(rp, d, d) : 0);
}
/* --- @rsa_verify@ --- *
*
- * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
- * @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_decodeproc e@ = decoding procedure
+ * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt
+ * @mp *s@ = the signature, as a multiprecision integer
+ * @const void *m@ = pointer to message to verify, or null
+ * @size_t msz@ = size of input message
+ * @dstr *d@ = pointer to output string, or null
+ * @rsa_vfrunpad *e@ = decoding procedure
* @void *earg@ = argument pointer for decoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The length of the output string if successful (0 if no output
+ * was wanted); negative on failure.
*
- * Use: Does RSA signature verification.
+ * Use: Does RSA signature verification. To use a signature scheme
+ * with recovery, pass in @m == 0@ and @d != 0@: the recovered
+ * message should appear in @d@. To use a signature scheme with
+ * appendix, provide @m != 0@ and @d == 0@; the result should be
+ * zero for success.
*/
-int rsa_verify(rsa_pubctx *rp, const void *m, size_t sz,
- dstr *d, rsa_decodeproc e, void *earg)
+int rsa_verify(rsa_pubctx *rp, mp *s, const void *m, size_t msz,
+ dstr *d, rsa_vrfunpad *e, void *earg)
{
- mp *x;
- size_t n = mp_octets(rp->rp->n);
- octet *p;
+ mp *p = rsa_pubop(rp, MP_NEW, s);
+ unsigned long nb = mp_bits(rp->rp->n);
+ size_t n = (nb + 7)/8;
+ dstr dd = DSTR_INIT;
int rc;
- /* --- Do the exponentiation --- */
-
- p = x_alloc(d->a, n);
- x = mp_loadb(MP_NEW, m, sz);
- x = rsa_pubop(rp, x, x);
- mp_storeb(x, p, n);
- mp_drop(x);
+ /* --- Decoder protocol --- *
+ *
+ * We deal with two kinds of decoders: ones with message recovery and ones
+ * with appendix. A decoder with recovery will leave a message in the
+ * buffer and exit nonzero: we'll check that against @m@ if provided and
+ * just leave it otherwise. A decoder with appendix will inspect @m@ and
+ * return zero or @-1@ itself.
+ */
- /* --- Do the decoding --- */
-
- rc = e(p, n, d, earg);
- x_free(d->a, p);
+ if (!d) d = ⅆ
+ dstr_ensure(d, n);
+ rc = e(p, m, msz, (octet *)d->buf + d->len, n, nb, earg);
+ if (rc > 0 && m) {
+ if (rc != msz || memcmp(d->buf + d->len, m, msz) != 0)
+ rc = -1;
+ else
+ rc = 0;
+ }
+ if (rc > 0)
+ d->len += rc;
+ mp_drop(p);
+ dstr_destroy(&dd);
return (rc);
}
/* -*-c-*-
*
- * $Id: rsa-recover.c,v 1.6 2001/06/16 12:56:38 mdw Exp $
+ * $Id: rsa-recover.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Recover RSA parameters
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa-recover.c,v $
- * Revision 1.6 2001/06/16 12:56:38 mdw
- * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@.
- *
- * Revision 1.5 2000/10/08 12:11:22 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.4 2000/07/01 11:22:22 mdw
- * Remove bad type name `rsa_param'.
- *
- * Revision 1.3 2000/06/22 19:03:14 mdw
- * Use the new @mp_odd@ function.
- *
- * Revision 1.2 2000/06/17 12:07:19 mdw
- * Fix a bug in argument validation. Force %$p > q$% in output. Use
- * %$\lambda(n) = \lcm(p - 1, q - 1)$% rather than the more traditional
- * %$\phi(n) = (p - 1)(q - 1)$% when computing the decryption exponent.
- *
- * Revision 1.1 1999/12/22 15:50:45 mdw
- * Initial RSA support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "mp.h"
--- /dev/null
+/* -*-c-*-
+ *
+ * $Id: rsa-test.c,v 1.1 2004/04/08 01:36:15 mdw Exp $
+ *
+ * Testing RSA padding operations
+ *
+ * (c) 2004 Straylight/Edgeware
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Catacomb.
+ *
+ * Catacomb is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Library General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * Catacomb is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with Catacomb; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include "fibrand.h"
+#include "rsa.h"
+
+/*----- Main code ---------------------------------------------------------*/
+
+static int tencpad(int nbits,
+ dstr *p, int rc, mp *c,
+ const char *ename, dstr *eparam, rsa_pad *e, void *earg)
+{
+ size_t n = (nbits + 7)/8;
+ void *q = xmalloc(n);
+ mp *d;
+ int ok = 1;
+
+ d = e(MP_NEW, p->buf, p->len, q, n, nbits, earg);
+ if (!d == !rc || (!rc && !MP_EQ(d, c))) {
+ ok = 0;
+ fprintf(stderr, "*** %s padding failed!\n", ename);
+ fprintf(stderr, "*** padding bits = %d\n", nbits);
+ if (eparam) {
+ fprintf(stderr, "*** encoding parameters = ");
+ type_hex.dump(eparam, stderr);
+ fputc('\n', stderr);
+ }
+ fprintf(stderr, "*** input message = "); type_hex.dump(p, stderr);
+ if (rc)
+ fprintf(stderr, "\n*** expected failure\n");
+ else {
+ MP_EPRINTX("\n*** expected", c);
+ MP_EPRINTX("*** computed", d);
+ }
+ }
+ mp_drop(d);
+ mp_drop(c);
+ xfree(q);
+ assert(mparena_count(MPARENA_GLOBAL) == 0);
+ return (ok);
+}
+
+#define tsigpad tencpad
+
+#define DSTR_EQ(x, y) \
+ ((x)->len == (y)->len && !memcmp((x)->buf, (y)->buf, (x)->len))
+
+static int tdecpad(int nbits,
+ mp *c, int rc, dstr *p,
+ const char *ename, dstr *eparam,
+ rsa_decunpad *e, void *earg)
+{
+ dstr d = DSTR_INIT;
+ int n = (nbits + 7)/8;
+ int ok = 1;
+
+ dstr_ensure(&d, n);
+ n = e(c, (octet *)d.buf, n, nbits, earg);
+ if (n >= 0)
+ d.len += n;
+ if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) {
+ ok = 0;
+ fprintf(stderr, "*** %s encryption unpadding failed!\n", ename);
+ fprintf(stderr, "*** padding bits = %d\n", nbits);
+ if (eparam) {
+ fprintf(stderr, "*** encoding parameters = ");
+ type_hex.dump(eparam, stderr);
+ fputc('\n', stderr);
+ }
+ MP_EPRINTX("*** input", c);
+ if (rc < 0)
+ fprintf(stderr, "*** expected failure\n");
+ else {
+ fprintf(stderr, "*** expected: %d = ", rc); type_hex.dump(p, stderr);
+ fprintf(stderr, "\n*** computed: %d = ", n); type_hex.dump(&d, stderr);
+ fprintf(stderr, "\n");
+ }
+ }
+ mp_drop(c);
+ dstr_destroy(&d);
+ assert(mparena_count(MPARENA_GLOBAL) == 0);
+ return (ok);
+}
+
+static int tvrfpad(int nbits,
+ mp *c, dstr *m, int rc, dstr *p,
+ const char *ename, dstr *eparam,
+ rsa_vrfunpad *e, void *earg)
+{
+ dstr d = DSTR_INIT;
+ int n = (nbits + 7)/8;
+ int ok = 1;
+
+ dstr_ensure(&d, n);
+ n = e(c, m->len ? (octet *)m->buf : 0, m->len,
+ (octet *)d.buf, n, nbits, earg);
+ if (n >= 0)
+ d.len += n;
+ if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) {
+ ok = 0;
+ fprintf(stderr, "*** %s signature unpadding failed!\n", ename);
+ fprintf(stderr, "*** padding bits = %d\n", nbits);
+ MP_EPRINTX("*** input", c);
+ if (eparam) {
+ fprintf(stderr, "*** encoding parameters = ");
+ type_hex.dump(eparam, stderr);
+ fputc('\n', stderr);
+ }
+ fprintf(stderr, "*** message = "); type_hex.dump(m, stderr);
+ if (rc < 0)
+ fprintf(stderr, "\n*** expected failure\n");
+ else {
+ fprintf(stderr, "\n*** expected = %d: ", rc); type_hex.dump(p, stderr);
+ fprintf(stderr, "\n*** computed = %d: ", n); type_hex.dump(&d, stderr);
+ fprintf(stderr, "\n");
+ }
+ }
+ mp_drop(c);
+ dstr_destroy(&d);
+ assert(mparena_count(MPARENA_GLOBAL) == 0);
+ return (ok);
+}
+
+static int tencpub(rsa_pub *rp,
+ dstr *p, int rc, mp *c,
+ const char *ename, dstr *eparam, rsa_pad *e, void *earg)
+{
+ mp *d;
+ rsa_pubctx rpc;
+ int ok = 1;
+
+ rsa_pubcreate(&rpc, rp);
+ d = rsa_encrypt(&rpc, MP_NEW, p->buf, p->len, e, earg);
+ if (!d == !rc || (!rc && !MP_EQ(d, c))) {
+ ok = 0;
+ fprintf(stderr, "*** encrypt with %s padding failed!\n", ename);
+ MP_EPRINTX("*** key.n", rp->n);
+ MP_EPRINTX("*** key.e", rp->e);
+ if (eparam) {
+ fprintf(stderr, "*** encoding parameters = ");
+ type_hex.dump(eparam, stderr);
+ fputc('\n', stderr);
+ }
+ fprintf(stderr, "*** input message = "); type_hex.dump(p, stderr);
+ if (rc)
+ fprintf(stderr, "\n*** expected failure\n");
+ else {
+ MP_EPRINTX("\n*** expected", c);
+ MP_EPRINTX("*** computed", d);
+ }
+ }
+ rsa_pubdestroy(&rpc);
+ rsa_pubfree(rp);
+ mp_drop(d);
+ mp_drop(c);
+ assert(mparena_count(MPARENA_GLOBAL) == 0);
+ return (ok);
+}
+
+static int tsigpriv(rsa_priv *rp,
+ dstr *p, int rc, mp *c,
+ const char *ename, dstr *eparam, rsa_pad *e, void *earg)
+{
+ mp *d;
+ grand *r = fibrand_create(0);
+ rsa_privctx rpc;
+ int ok = 1;
+
+ rsa_privcreate(&rpc, rp, r);
+ d = rsa_sign(&rpc, MP_NEW, p->buf, p->len, e, earg);
+ if (!d == !rc || (!rc && !MP_EQ(d, c))) {
+ ok = 0;
+ fprintf(stderr, "*** sign with %s padding failed!\n", ename);
+ MP_EPRINTX("*** key.n", rp->n);
+ MP_EPRINTX("*** key.d", rp->d);
+ MP_EPRINTX("*** key.e", rp->e);
+ if (eparam) {
+ fprintf(stderr, "*** encoding parameters = ");
+ type_hex.dump(eparam, stderr);
+ fputc('\n', stderr);
+ }
+ fprintf(stderr, "*** input message = "); type_hex.dump(p, stderr);
+ if (rc)
+ fprintf(stderr, "\n*** expected failure\n");
+ else {
+ MP_EPRINTX("\n*** expected", c);
+ MP_EPRINTX("\n*** computed", d);
+ }
+ }
+ rsa_privdestroy(&rpc);
+ rsa_privfree(rp);
+ mp_drop(d);
+ mp_drop(c);
+ GR_DESTROY(r);
+ assert(mparena_count(MPARENA_GLOBAL) == 0);
+ return (ok);
+}
+
+static int tdecpriv(rsa_priv *rp,
+ mp *c, int rc, dstr *p,
+ const char *ename, dstr *eparam,
+ rsa_decunpad *e, void *earg)
+{
+ rsa_privctx rpc;
+ dstr d = DSTR_INIT;
+ grand *r = fibrand_create(0);
+ int n;
+ int ok = 1;
+
+ rsa_privcreate(&rpc, rp, r);
+ n = rsa_decrypt(&rpc, c, &d, e, earg);
+ if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) {
+ ok = 0;
+ fprintf(stderr, "*** decryption with %s padding failed!\n", ename);
+ MP_EPRINTX("*** key.n", rp->n);
+ MP_EPRINTX("*** key.d", rp->d);
+ MP_EPRINTX("*** key.e", rp->e);
+ if (eparam) {
+ fprintf(stderr, "*** encoding parameters = ");
+ type_hex.dump(eparam, stderr);
+ fputc('\n', stderr);
+ }
+ MP_EPRINTX("*** input", c);
+ if (rc < 0)
+ fprintf(stderr, "*** expected failure\n");
+ else {
+ fprintf(stderr, "*** expected = %d: ", rc); type_hex.dump(p, stderr);
+ fprintf(stderr, "\n*** computed = %d: ", n); type_hex.dump(&d, stderr);
+ fprintf(stderr, "\n");
+ }
+ }
+ rsa_privdestroy(&rpc);
+ rsa_privfree(rp);
+ mp_drop(c);
+ dstr_destroy(&d);
+ GR_DESTROY(r);
+ assert(mparena_count(MPARENA_GLOBAL) == 0);
+ return (ok);
+}
+
+static int tvrfpub(rsa_pub *rp,
+ mp *c, dstr *m, int rc, dstr *p,
+ const char *ename, dstr *eparam,
+ rsa_vrfunpad *e, void *earg)
+{
+ rsa_pubctx rpc;
+ dstr d = DSTR_INIT;
+ int n;
+ int ok = 1;
+
+ rsa_pubcreate(&rpc, rp);
+ n = rsa_verify(&rpc, c, m->len ? m->buf : 0, m->len, &d, e, earg);
+ if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) {
+ ok = 0;
+ fprintf(stderr, "*** verification with %s padding failed!\n", ename);
+ MP_EPRINTX("*** key.n", rp->n);
+ MP_EPRINTX("*** key.e", rp->e);
+ if (eparam) {
+ fprintf(stderr, "*** encoding parameters = ");
+ type_hex.dump(eparam, stderr);
+ fputc('\n', stderr);
+ }
+ MP_EPRINTX("*** input", c);
+ fprintf(stderr, "*** message = "); type_hex.dump(m, stderr);
+ if (rc < 0)
+ fprintf(stderr, "*** expected failure\n");
+ else {
+ fprintf(stderr, "*** expected = %d: ", rc); type_hex.dump(p, stderr);
+ fprintf(stderr, "\n*** computed = %d: ", n); type_hex.dump(&d, stderr);
+ fprintf(stderr, "\n");
+ }
+ }
+ rsa_pubdestroy(&rpc);
+ rsa_pubfree(rp);
+ mp_drop(c);
+ dstr_destroy(&d);
+ assert(mparena_count(MPARENA_GLOBAL) == 0);
+ return (ok);
+}
+
+/*----- Deep magic --------------------------------------------------------*
+ *
+ * Wahey! Whacko macro programming on curry and lager. There's nothing like
+ * it.
+ */
+
+#define DECL_priv \
+ rsa_priv rp = { 0 };
+#define FUNC_priv \
+ rp.n = *(mp **)v++->buf; \
+ rp.e = *(mp **)v++->buf; \
+ rp.d = *(mp **)v++->buf; \
+ rsa_recover(&rp);
+#define ARG_priv \
+ &rp,
+#define TAB_priv \
+ &type_mp, &type_mp, &type_mp,
+
+#define DECL_pub \
+ rsa_pub rp;
+#define FUNC_pub \
+ rp.n = *(mp **)v++->buf; \
+ rp.e = *(mp **)v++->buf;
+#define ARG_pub \
+ &rp,
+#define TAB_pub \
+ &type_mp, &type_mp,
+
+#define DECL_pad \
+ int nbits;
+#define FUNC_pad \
+ nbits = *(int *)v++->buf;
+#define ARG_pad \
+ nbits,
+#define TAB_pad \
+ &type_int,
+
+#define DECL_enc \
+ dstr *p; \
+ int rc; \
+ mp *c;
+#define FUNC_enc \
+ p = v++; \
+ rc = *(int *)v++->buf; \
+ c = *(mp **)v++->buf;
+#define ARG_enc \
+ p, rc, c,
+#define TAB_enc \
+ &type_hex, &type_int, &type_mp,
+
+#define DECL_sig DECL_enc
+#define FUNC_sig FUNC_enc
+#define ARG_sig ARG_enc
+#define TAB_sig TAB_enc
+
+#define DECL_dec \
+ mp *c; \
+ int rc; \
+ dstr *p;
+#define FUNC_dec \
+ c = *(mp **)v++->buf; \
+ rc = *(int *)v++->buf; \
+ p = v++;
+#define ARG_dec \
+ c, rc, p,
+#define TAB_dec \
+ &type_mp, &type_int, &type_hex,
+
+#define DECL_vrf \
+ mp *c; \
+ dstr *m; \
+ int rc; \
+ dstr *p;
+#define FUNC_vrf \
+ c = *(mp **)v++->buf; \
+ m = v++; \
+ rc = *(int *)v++->buf; \
+ p = v++;
+#define ARG_vrf \
+ c, m, rc, p,
+#define TAB_vrf \
+ &type_mp, &type_hex, &type_int, &type_hex,
+
+#define DECL_p1enc \
+ pkcs1 p1; \
+ dstr *ep;
+#define FUNC_p1enc \
+ p1.r = fib; \
+ ep = v++; \
+ p1.ep = ep->buf; \
+ p1.epsz = ep->len;
+#define ARG_p1enc \
+ "pkcs1", ep, pkcs1_cryptencode, &p1
+#define TAB_p1enc \
+ &type_hex
+
+#define DECL_p1sig DECL_p1enc
+#define FUNC_p1sig FUNC_p1enc
+#define ARG_p1sig \
+ "pkcs1", ep, pkcs1_sigencode, &p1
+#define TAB_p1sig TAB_p1enc
+
+#define DECL_p1dec DECL_p1enc
+#define FUNC_p1dec FUNC_p1enc
+#define ARG_p1dec \
+ "pkcs1", ep, pkcs1_cryptdecode, &p1
+#define TAB_p1dec TAB_p1enc
+
+#define DECL_p1vrf DECL_p1enc
+#define FUNC_p1vrf FUNC_p1enc
+#define ARG_p1vrf \
+ "pkcs1", ep, pkcs1_sigdecode, &p1
+#define TAB_p1vrf TAB_p1enc
+
+#define DECL_oaepenc \
+ oaep o; \
+ dstr *ep;
+#define FUNC_oaepenc \
+ o.r = fib; \
+ o.cc = gcipher_byname(v++->buf); \
+ o.ch = ghash_byname(v++->buf); \
+ ep = v++; \
+ o.ep = ep->buf; \
+ o.epsz = ep->len;
+#define ARG_oaepenc \
+ "oaep", ep, oaep_encode, &o
+#define TAB_oaepenc \
+ &type_string, &type_string, &type_hex
+
+#define DECL_oaepdec DECL_oaepenc
+#define FUNC_oaepdec FUNC_oaepenc
+#define ARG_oaepdec \
+ "oaep", ep, oaep_decode, &o
+#define TAB_oaepdec TAB_oaepenc
+
+#define DECL_psssig \
+ pss pp;
+#define FUNC_psssig \
+ pp.r = fib; \
+ pp.cc = gcipher_byname(v++->buf); \
+ pp.ch = ghash_byname(v++->buf); \
+ pp.ssz = *(int *)v++->buf;
+#define ARG_psssig \
+ "pss", 0, pss_encode, &pp
+#define TAB_psssig \
+ &type_string, &type_string, &type_int
+
+#define DECL_pssvrf DECL_psssig
+#define FUNC_pssvrf FUNC_psssig
+#define ARG_pssvrf \
+ "pss", 0, pss_decode, &pp
+#define TAB_pssvrf TAB_psssig
+
+#define TESTS(DO) \
+ DO(pad, enc, p1enc) \
+ DO(pad, dec, p1dec) \
+ DO(pad, sig, p1sig) \
+ DO(pad, vrf, p1vrf) \
+ DO(pub, enc, p1enc) \
+ DO(priv, dec, p1dec) \
+ DO(priv, sig, p1sig) \
+ DO(pub, vrf, p1vrf) \
+ DO(pad, enc, oaepenc) \
+ DO(pad, dec, oaepdec) \
+ DO(pub, enc, oaepenc) \
+ DO(priv, dec, oaepdec) \
+ DO(pad, sig, psssig) \
+ DO(pad, vrf, pssvrf) \
+ DO(priv, sig, psssig) \
+ DO(pub, vrf, pssvrf)
+
+#define FUNCS(key, op, enc) \
+ int t_##key##_##enc(dstr *v) \
+ { \
+ DECL_##key \
+ DECL_##op \
+ DECL_##enc \
+ fib->ops->misc(fib, GRAND_SEEDINT, 14); \
+ FUNC_##key \
+ FUNC_##op \
+ FUNC_##enc \
+ return (t##op##key(ARG_##key ARG_##op ARG_##enc)); \
+ }
+
+#define TAB(key, op, enc) \
+ { #enc "-" #key, t_##key##_##enc, { TAB_##key TAB_##op TAB_##enc } },
+
+static grand *fib;
+
+TESTS(FUNCS)
+
+static const test_chunk tests[] = {
+ TESTS(TAB)
+ { 0 }
+};
+
+int main(int argc, char *argv[])
+{
+ sub_init();
+ fib = fibrand_create(0);
+ test_run(argc, argv, tests, SRCDIR "/tests/rsa");
+ GR_DESTROY(fib);
+ return (0);
+}
+
+/*----- That's all, folks -------------------------------------------------*/
/* -*-c-*-
*
- * $Id: rsa.h,v 1.3 2000/07/01 11:24:37 mdw Exp $
+ * $Id: rsa.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The RSA public-key cryptosystem
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa.h,v $
- * Revision 1.3 2000/07/01 11:24:37 mdw
- * Remove bad type name `rsa_param'. New functions for freeing public and
- * private keys. Add types and functions for doing pubic key operations,
- * and padded RSA operations.
- *
- * Revision 1.2 2000/06/17 12:07:36 mdw
- * Add key fetching interface. Add new rsa_decrypt interface.
- *
- * Revision 1.1 1999/12/22 15:50:45 mdw
- * Initial RSA support.
- *
- */
-
#ifndef CATACOMB_RSA_H
#define CATACOMB_RSA_H
# include "grand.h"
#endif
+#ifndef CATACOMB_GCIPHER_H
+# include "gcipher.h"
+#endif
+
+#ifndef CATACOMB_GHASH_H
+# include "ghash.h"
+#endif
+
#ifndef CATACOMB_KEY_H
# include "key.h"
#endif
* See `oaep.h' and `pkcs1.h' for appropriate encoding functions.
*/
-typedef int (*rsa_encodeproc)(const void */*m*/, size_t /*msz*/,
- void */*buf*/, size_t /*sz*/, void */*p*/);
-typedef int (*rsa_decodeproc)(const void */*m*/, size_t /*msz*/,
- dstr */*d*/, void */*p*/);
+typedef mp *rsa_pad(mp */*d*/, const void */*m*/, size_t /*msz*/,
+ octet */*b*/, size_t /*sz*/,
+ unsigned long /*nbits*/, void */*p*/);
+
+typedef int rsa_decunpad(mp */*m*/, octet */*b*/, size_t /*sz*/,
+ unsigned long /*nbits*/, void */*p*/);
+
+typedef int rsa_vrfunpad(mp */*s*/, const void */*m*/, size_t /*msz*/,
+ octet */*b*/, size_t /*sz*/,
+ unsigned long /*nbits*/, void */*p*/);
/*----- Key fetching ------------------------------------------------------*/
/* --- @rsa_sign@ --- *
*
* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
+ * @mp *d@ = where to put the result
* @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_encodeproc e@ = encoding procedure
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
* @void *earg@ = argument pointer for encoding procedure
*
- * Returns: The length of the output string if successful, negative on
+ * Returns: The signature, as a multiprecision integer, or null on
* failure.
*
* Use: Computes an RSA digital signature.
*/
-extern int rsa_sign(rsa_privctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_encodeproc /*e*/, void */*earg*/);
+extern mp *rsa_sign(rsa_privctx */*rp*/, mp */*d*/,
+ const void */*m*/, size_t /*msz*/,
+ rsa_pad */*e*/, void */*earg*/);
/* --- @rsa_decrypt@ --- *
*
* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
- * @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
+ * @mp *m@ = encrypted message, as a multiprecision integer
* @dstr *d@ = pointer to output string
- * @rsa_decodeproc e@ = decoding procedure
+ * @rsa_decunpad *e@ = decoding procedure
* @void *earg@ = argument pointer for decoding procedure
*
* Returns: The length of the output string if successful, negative on
* failure.
*
- * Use: Does RSA signature verification.
+ * Use: Does RSA decryption.
*/
-extern int rsa_decrypt(rsa_privctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_decodeproc /*e*/, void */*earg*/);
+extern int rsa_decrypt(rsa_privctx */*rp*/, mp */*m*/,
+ dstr */*d*/, rsa_decunpad */*e*/, void */*earg*/);
/*----- RSA public key operations -----------------------------------------*/
/* --- @rsa_encrypt@ --- *
*
* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
+ * @mp *d@ = proposed destination integer
* @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_encodeproc e@ = encoding procedure
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
* @void *earg@ = argument pointer for encoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The encrypted message, as a multiprecision integer, or null
+ * on failure.
*
* Use: Does RSA encryption.
*/
-extern int rsa_encrypt(rsa_pubctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_encodeproc /*e*/, void */*earg*/);
+extern mp *rsa_encrypt(rsa_pubctx */*rp*/, mp */*d*/,
+ const void */*m*/, size_t /*msz*/,
+ rsa_pad */*e*/, void */*earg*/);
/* --- @rsa_verify@ --- *
*
* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt
- * @const void *m@ = pointer to input message
+ * @mp *s@ = the signature, as a multiprecision integer
+ * @const void *m@ = pointer to message to verify, or null
* @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_decodeproc e@ = decoding procedure
+ * @dstr *d@ = pointer to output string, or null
+ * @rsa_vfrunpad *e@ = decoding procedure
* @void *earg@ = argument pointer for decoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The length of the output string if successful (0 if no output
+ * was wanted); negative on failure.
*
- * Use: Does RSA signature verification.
+ * Use: Does RSA signature verification. To use a signature scheme
+ * with recovery, pass in @m == 0@ and @d != 0@: the recovered
+ * message should appear in @d@. To use a signature scheme with
+ * appendix, provide @m != 0@ and @d == 0@; the result should be
+ * zero for success.
*/
-extern int rsa_verify(rsa_pubctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_decodeproc /*e*/, void */*earg*/);
+extern int rsa_verify(rsa_pubctx */*rp*/, mp */*s*/,
+ const void */*m*/, size_t /*sz*/, dstr */*d*/,
+ rsa_vrfunpad */*e*/, void */*earg*/);
/*----- Miscellaneous operations ------------------------------------------*/
extern int rsa_recover(rsa_priv */*rp*/);
+/*----- Padding schemes ---------------------------------------------------*/
+
+/* --- PKCS1 padding --- */
+
+typedef struct pkcs1 {
+ grand *r; /* Random number source */
+ const void *ep; /* Encoding parameters block */
+ size_t epsz; /* Size of the parameter block */
+} pkcs1;
+
+extern rsa_pad pkcs1_cryptencode;
+extern rsa_decunpad pkcs1_cryptdecode;
+extern rsa_pad pkcs1_sigencode;
+extern rsa_vrfunpad pkcs1_sigdecode;
+
+/* --- OAEP --- */
+
+typedef struct oaep {
+ const gccipher *cc; /* Cipher class for masking */
+ const gchash *ch; /* Hash class for parameter block */
+ grand *r; /* Random number source */
+ const void *ep; /* Encoding parameters block */
+ size_t epsz; /* Size of the parameter block */
+} oaep;
+
+extern rsa_pad oaep_encode;
+extern rsa_decunpad oaep_decode;
+
+/* --- PSS --- */
+
+typedef struct pss {
+ const gccipher *cc; /* Cipher class for masking */
+ const gchash *ch; /* Hash class for choosing a seed */
+ grand *r; /* Random number source */
+ size_t ssz; /* Requested salt size */
+} pss;
+
+extern rsa_pad pss_encode;
+extern rsa_vrfunpad pss_decode;
+
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus
/* -*-c-*-
*
- * $Id: rspit.c,v 1.19 2001/06/16 23:42:17 mdw Exp $
+ * $Id: rspit.c,v 1.20 2004/04/08 01:36:15 mdw Exp $
*
* Spit out random numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rspit.c,v $
- * Revision 1.19 2001/06/16 23:42:17 mdw
- * Typesetting fixes.
- *
- * Revision 1.18 2001/05/08 22:17:41 mdw
- * New cipher Noekeon added.
- *
- * Revision 1.17 2001/05/07 17:33:19 mdw
- * New Rijndael block sizes.
- *
- * Revision 1.16 2001/04/29 18:11:32 mdw
- * New block ciphers.
- *
- * Revision 1.15 2001/04/19 18:26:13 mdw
- * Use the new MAC keysize names.
- *
- * Revision 1.14 2001/02/21 20:03:22 mdw
- * Added support for MD2 hash function.
- *
- * Revision 1.13 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.12 2000/10/08 15:49:18 mdw
- * Remove failed kludge for shutting up a warning.
- *
- * Revision 1.11 2000/10/08 12:10:32 mdw
- * Make table have external linkage to bodge around deficiency in C. The
- * problem is that @static gen generators[];@ is considered to be a
- * `tentative definition', and therefore mustn't have incomplete type,
- * which it obviously has.
- *
- * Revision 1.10 2000/08/11 21:34:59 mdw
- * New restartable interface to Maurer testing.
- *
- * Revision 1.9 2000/08/04 23:24:15 mdw
- * Add a timer and a discard option.
- *
- * Revision 1.8 2000/07/29 22:05:47 mdw
- * Fix error in help message about Maurer test syntax.
- *
- * Revision 1.7 2000/07/18 23:01:26 mdw
- * Improve progress indications, and allow user to choose chunk sizes for
- * Maurer's test.
- *
- * Revision 1.6 2000/07/15 20:53:35 mdw
- * Add a load of new ciphers and hashes.
- *
- * Revision 1.5 2000/07/01 11:27:03 mdw
- * Portability fix: don't assume that `stdout' is a constant expression.
- * Remove old type name `bbs_param'.
- *
- * Revision 1.4 2000/06/17 12:08:28 mdw
- * Restructure handling of cipher-based generators. Add counter-mode
- * ciphers and MGF-1 hash functions. Add FIPS 140-1 and Maurer's tests.
- *
- * Revision 1.3 2000/02/12 18:21:03 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.2 1999/12/22 15:59:51 mdw
- * New prime-search system. Read BBS keys from key files.
- *
- * Revision 1.1 1999/12/10 23:29:13 mdw
- * Emit random numbers for statistical tests.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
/* -*-c-*-
*
- * $Id: safer-mktab.c,v 1.1 2001/04/29 17:49:54 mdw Exp $
+ * $Id: safer-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generate tables for SAFER
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: safer-mktab.c,v $
- * Revision 1.1 2001/04/29 17:49:54 mdw
- * Added SAFER block cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: safer.c,v 1.1 2001/04/29 17:37:35 mdw Exp $
+ * $Id: safer.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The SAFER block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: safer.c,v $
- * Revision 1.1 2001/04/29 17:37:35 mdw
- * Added SAFER block cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: safer.h,v 1.2 2001/04/29 18:11:38 mdw Exp $
+ * $Id: safer.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The SAFER block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: safer.h,v $
- * Revision 1.2 2001/04/29 18:11:38 mdw
- * Add some notes.
- *
- * Revision 1.1 2001/04/29 17:37:35 mdw
- * Added SAFER block cipher.
- *
- */
-
/*----- Notes on the SAFER block cipher -----------------------------------*
*
* SAFER was designed by James Massey (who also worked on IDEA) for Cylink.
/* -*-c-*-
*
- * $Id: seal.c,v 1.1 2000/06/17 12:08:34 mdw Exp $
+ * $Id: seal.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The SEAL pseudo-random function family
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: seal.c,v $
- * Revision 1.1 2000/06/17 12:08:34 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: seal.h,v 1.1 2000/06/17 12:08:34 mdw Exp $
+ * $Id: seal.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The SEAL pseudo-random function family
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: seal.h,v $
- * Revision 1.1 2000/06/17 12:08:34 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the SEAL pseudo-random function family -------------------*
*
* SEAL is a slightly odd cryptographic primitive. It was designed by Phil
/* -*-c-*-
*
- * $Id: serpent-check.c,v 1.1 2000/06/17 12:08:43 mdw Exp $
+ * $Id: serpent-check.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Check the Serpent S-boxes
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: serpent-check.c,v $
- * Revision 1.1 2000/06/17 12:08:43 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: serpent-sbox.h,v 1.1 2000/06/17 12:08:43 mdw Exp $
+ * $Id: serpent-sbox.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Bitslice S-box implementations
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: serpent-sbox.h,v $
- * Revision 1.1 2000/06/17 12:08:43 mdw
- * New cipher.
- *
- */
-
/*----- Credit where it's due ---------------------------------------------*
*
* These S-box expressions are taken from the paper `Speeding up Serpent', by
/* -*-c-*-
*
- * $Id: serpent.c,v 1.1 2000/06/17 12:08:43 mdw Exp $
+ * $Id: serpent.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Serpent block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: serpent.c,v $
- * Revision 1.1 2000/06/17 12:08:43 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: serpent.h,v 1.2 2000/10/08 15:48:58 mdw Exp $
+ * $Id: serpent.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Serpent block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: serpent.h,v $
- * Revision 1.2 2000/10/08 15:48:58 mdw
- * Update comments now that AES has been chosen.
- *
- * Revision 1.1 2000/06/17 12:08:43 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the Serpent block cipher ---------------------------------*
*
* Serpent was designed and proposed for the AES contest by Ross Anderson,
/* -*-c-*-
*
- * $Id: sha.c,v 1.3 2000/06/17 11:31:43 mdw Exp $
+ * $Id: sha.c,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the SHA-1 hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sha.c,v $
- * Revision 1.3 2000/06/17 11:31:43 mdw
- * Portability fix for broken compilers.
- *
- * Revision 1.2 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: sha.h,v 1.5 2000/10/15 19:09:20 mdw Exp $
+ * $Id: sha.h,v 1.6 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the SHA-1 hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sha.h,v $
- * Revision 1.5 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.4 2000/06/17 11:32:52 mdw
- * Change buffer offset to be unsigned.
- *
- * Revision 1.3 1999/12/10 23:20:03 mdw
- * New hash interface requirements.
- *
- * Revision 1.2 1999/11/19 13:20:08 mdw
- * Modify notes section slightly.
- *
- * Revision 1.1 1999/09/03 08:41:12 mdw
- * Initial import.
- *
- */
-
/*----- Notes on the SHA-1 hash function ----------------------------------*
*
* SHA (Secure Hash Algorithm) was designed by the NSA, for use with the
/* -*-c-*-
*
- * $Id: sha256.c,v 1.2 2004/03/21 22:43:34 mdw Exp $
+ * $Id: sha256.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the SHA-256 hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sha256.c,v $
- * Revision 1.2 2004/03/21 22:43:34 mdw
- * New hash variant SHA224.
- *
- * Revision 1.1 2000/10/15 17:48:14 mdw
- * New SHA variants with longer outputs.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: sha256.h,v 1.3 2004/03/21 22:43:34 mdw Exp $
+ * $Id: sha256.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the SHA-256 hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sha256.h,v $
- * Revision 1.3 2004/03/21 22:43:34 mdw
- * New hash variant SHA224.
- *
- * Revision 1.2 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.1 2000/10/15 17:48:15 mdw
- * New SHA variants with longer outputs.
- *
- */
-
/*----- Notes on the SHA-256 hash function ----------------------------------*
*
* SHA-1 (Secure Hash Algorithm) was designed by the NSA, for use with the
/* -*-c-*-
*
- * $Id: sha512.c,v 1.1 2000/10/15 17:48:15 mdw Exp $
+ * $Id: sha512.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the SHA-512 hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sha512.c,v $
- * Revision 1.1 2000/10/15 17:48:15 mdw
- * New SHA variants with longer outputs.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: sha512.h,v 1.2 2000/10/15 19:09:20 mdw Exp $
+ * $Id: sha512.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the SHA-512 hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sha512.h,v $
- * Revision 1.2 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.1 2000/10/15 17:48:15 mdw
- * New SHA variants with longer outputs.
- *
- */
-
/*----- Notes on the SHA-512 hash function ----------------------------------*
*
* SHA-1 (Secure Hash Algorithm) was designed by the NSA, for use with the
/* -*-c-*-
*
- * $Id: share.c,v 1.6 2001/02/03 16:05:41 mdw Exp $
+ * $Id: share.c,v 1.7 2004/04/08 01:36:15 mdw Exp $
*
* Shamir's secret sharing
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: share.c,v $
- * Revision 1.6 2001/02/03 16:05:41 mdw
- * Now @mp_drop@ checks its argument is non-NULL before attempting to free
- * it. Note that the macro version @MP_DROP@ doesn't do this.
- *
- * Revision 1.5 2000/12/06 20:30:10 mdw
- * Change secret sharing interface: present the secret at share
- * construction time.
- *
- * Revision 1.4 2000/10/08 12:16:17 mdw
- * Use @MP_EQ@ instead of @MP_CMP@.
- *
- * Revision 1.3 2000/06/24 18:29:05 mdw
- * Interface change: allow shares to be extracted from a context on demand,
- * rather than building them all up-front.
- *
- * Revision 1.2 2000/06/18 23:05:19 mdw
- * Minor performance tweak: use Barrett reduction rather than Montgomery.
- * Fast secret sharing isn't done here, though: see `gfshare' instead.
- *
- * Revision 1.1 2000/06/17 12:09:38 mdw
- * Shamir's secret sharing system.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
m = mp_sub(m, &ii, &jj);
m = mp_sub(m, s->p, m);
}
- mp_gcd(0, 0, &m, s->p, m);
+ m = mp_modinv(m, m, s->p);
c = mp_mul(c, c, &jj);
c = mpbarrett_reduce(&mb, c, c);
c = mp_mul(c, c, m);
/* -*-c-*-
*
- * $Id: share.h,v 1.3 2000/12/06 20:30:10 mdw Exp $
+ * $Id: share.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* Shamir's secret sharing
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: share.h,v $
- * Revision 1.3 2000/12/06 20:30:10 mdw
- * Change secret sharing interface: present the secret at share
- * construction time.
- *
- * Revision 1.2 2000/06/24 18:29:05 mdw
- * Interface change: allow shares to be extracted from a context on demand,
- * rather than building them all up-front.
- *
- * Revision 1.1 2000/06/17 12:09:38 mdw
- * Shamir's secret sharing system.
- *
- */
-
/*----- Notes on the sharing system ---------------------------------------*
*
* Shamir's secret-sharing system is based on polynomial interpolation modulo
/* -*-c-*-
*
- * $Id: skipjack-tab.h,v 1.1 2000/07/27 18:08:34 mdw Exp $
+ * $Id: skipjack-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Skipjack S-box
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: skipjack-tab.h,v $
- * Revision 1.1 2000/07/27 18:08:34 mdw
- * Skipjack S-box table
- *
- */
-
#ifndef CATACOMB_SKIPJACK_TAB_H
#define CATACOMB_SKIPJACK_TAB_H
/* -*-c-*-
*
- * $Id: skipjack.c,v 1.4 2004/04/02 01:03:49 mdw Exp $
+ * $Id: skipjack.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* The Skipjack block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: skipjack.c,v $
- * Revision 1.4 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.3 2000/08/01 00:28:34 mdw
- * Performance improvement: read keys in as 32-bit words and deal them out
- * byte-by-byte.
- *
- * Revision 1.2 2000/07/15 20:48:45 mdw
- * Remove some useless tests in the G function.
- *
- * Revision 1.1 2000/07/15 15:39:33 mdw
- * The NSA's Skipjack block cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: skipjack.h,v 1.2 2000/08/01 00:28:34 mdw Exp $
+ * $Id: skipjack.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Skipjack block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: skipjack.h,v $
- * Revision 1.2 2000/08/01 00:28:34 mdw
- * Performance improvement: read keys in as 32-bit words and deal them out
- * byte-by-byte.
- *
- * Revision 1.1 2000/07/15 15:39:33 mdw
- * The NSA's Skipjack block cipher.
- *
- */
-
/*----- Notes on the Skipjack block cipher --------------------------------*
*
* Skipjack was designed by the NSA, as a type II algorithm to be used in the
/* -*-c-*-
*
- * $Id: square-mktab.c,v 1.2 2000/08/04 18:03:19 mdw Exp $
+ * $Id: square-mktab.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Build precomputed tables for the Square block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: square-mktab.c,v $
- * Revision 1.2 2000/08/04 18:03:19 mdw
- * Fix comment describing the field in which inversion is done.
- *
- * Revision 1.1 2000/07/27 18:10:27 mdw
- * Build precomuted tables for Square.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: square.c,v 1.2 2001/05/07 15:44:02 mdw Exp $
+ * $Id: square.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Square block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: square.c,v $
- * Revision 1.2 2001/05/07 15:44:02 mdw
- * Simplify implementation.
- *
- * Revision 1.1 2000/07/15 20:51:58 mdw
- * New block cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: square.h,v 1.1 2000/07/15 20:51:58 mdw Exp $
+ * $Id: square.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Square block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: square.h,v $
- * Revision 1.1 2000/07/15 20:51:58 mdw
- * New block cipher.
- *
- * Revision 1.1 2000/06/17 11:56:07 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the Square block cipher ----------------------------------*
*
* Invented by Joan Daemen and Vincent Rijmen, Square is a fast and
/* -*-c-*-
*
- * $Id: sslprf.c,v 1.1 2001/04/06 22:05:10 mdw Exp $
+ * $Id: sslprf.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The SSL pseudo-random function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sslprf.c,v $
- * Revision 1.1 2001/04/06 22:05:10 mdw
- * Add support for SSL pseudo-random function.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
ghash *h, *hh;
octet *p;
- h = c->ci->init();
+ h = GH_INIT(c->ci);
x = 'A' + c->i - 1;
for (sz = c->i++; sz > 0; sz -= n) {
n = sz;
if (n > sizeof(buf))
n = sizeof(buf);
memset(buf, x, n);
- h->ops->hash(h, buf, n);
+ GH_HASH(h, buf, n);
}
- h->ops->hash(h, c->k, c->ksz);
- h->ops->hash(h, c->sd, c->sdsz);
- p = h->ops->done(h, 0);
+ GH_HASH(h, c->k, c->ksz);
+ GH_HASH(h, c->sd, c->sdsz);
+ p = GH_DONE(h, 0);
- hh = c->co->init();
- hh->ops->hash(hh, c->k, c->ksz);
- hh->ops->hash(hh, p, c->ihashsz);
- c->p = hh->ops->done(hh, 0);
- h->ops->destroy(h);
+ hh = GH_INIT(c->co);
+ GH_HASH(hh, c->k, c->ksz);
+ GH_HASH(hh, p, c->ihashsz);
+ c->p = GH_DONE(hh, 0);
+ GH_DESTROY(h);
c->h = hh;
c->sz = c->ohashsz;
while (sz) {
if (!c->sz) {
- c->h->ops->destroy(c->h);
+ GH_DESTROY(c->h);
step(c);
}
n = c->sz;
void sslprf_free(sslprf_ctx *c)
{
- c->h->ops->destroy(c->h);
+ GH_DESTROY(c->h);
}
/* --- Generic random number generator --- */
/* -*-c-*-
*
- * $Id: sslprf.h,v 1.1 2001/04/06 22:05:10 mdw Exp $
+ * $Id: sslprf.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The SSL pseudo-random function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: sslprf.h,v $
- * Revision 1.1 2001/04/06 22:05:10 mdw
- * Add support for SSL pseudo-random function.
- *
- */
-
#ifndef CATACOMB_SSLPRF_H
#define CATACOMB_SSLPRF_H
/* -*-c-*-
*
- * $Id: strongprime.c,v 1.4 2000/07/01 11:24:52 mdw Exp $
+ * $Id: strongprime.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Generate `strong' prime numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: strongprime.c,v $
- * Revision 1.4 2000/07/01 11:24:52 mdw
- * Remove old debugging code.
- *
- * Revision 1.3 2000/06/17 12:10:09 mdw
- * Add some argument checking. Use MP secure memory interface.
- *
- * Revision 1.2 2000/02/12 18:21:03 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 15:51:22 mdw
- * Find `strong' RSA primes using Gordon's algorithm.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/dstr.h>
/* -*-c-*-
*
- * $Id: strongprime.h,v 1.2 2000/02/12 18:21:03 mdw Exp $
+ * $Id: strongprime.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* Generate `strong' prime numbers
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: strongprime.h,v $
- * Revision 1.2 2000/02/12 18:21:03 mdw
- * Overhaul of key management (again).
- *
- * Revision 1.1 1999/12/22 15:51:22 mdw
- * Find `strong' RSA primes using Gordon's algorithm.
- *
- */
-
#ifndef CATACOMB_STRONGPRIME_H
#define CATACOMB_STRONGPRIME_H
/* -*-c-*-
*
- * $Id: tea.c,v 1.2 2000/07/29 09:56:47 mdw Exp $
+ * $Id: tea.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Tiny Encryption Algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tea.c,v $
- * Revision 1.2 2000/07/29 09:56:47 mdw
- * Allow the number of rounds to be configured. This isn't exported
- * through the gcipher interface, but it may be useful anyway.
- *
- * Revision 1.1 2000/07/15 13:44:31 mdw
- * New ciphers.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: tea.h,v 1.2 2000/07/29 09:56:47 mdw Exp $
+ * $Id: tea.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Tiny Encryption Algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tea.h,v $
- * Revision 1.2 2000/07/29 09:56:47 mdw
- * Allow the number of rounds to be configured. This isn't exported
- * through the gcipher interface, but it may be useful anyway.
- *
- * Revision 1.1 2000/07/15 13:44:31 mdw
- * New ciphers.
- *
- */
-
/*----- Notes on the Tiny Encryption Algorithm ----------------------------*
*
* TEA is an amazingly simple 64-round Feistel network. It's tiny, fairly
## -*-fundamental-*-
##
-## $Id: Makefile.m4,v 1.2 2001/04/29 18:11:20 mdw Exp $
+## $Id: Makefile.m4,v 1.3 2004/04/08 01:36:15 mdw Exp $
##
## Build test vector files
##
## Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
## MA 02111-1307, USA.
-##----- Revision history ----------------------------------------------------
-##
-## $Log: Makefile.m4,v $
-## Revision 1.2 2001/04/29 18:11:20 mdw
-## New block cipher MARS.
-##
-## Revision 1.1 2000/06/17 12:12:20 mdw
-## Build mLib test vector files from the AES files.
-##
-
AUTOMAKE_OPTIONS = foreign
## --- Building test rigs ---
-# $Id: gdsa,v 1.1 2004/04/04 19:42:59 mdw Exp $
+# $Id: gdsa,v 1.2 2004/04/08 01:36:16 mdw Exp $
#
# Tests for abstract-group implementation of DSA
0x12e2f4e865bf6e034712b4f2ba6f3c825452d6419
0x30e0d918fde3a33781f984b877f8501356b6fbae9;
+ "ec { secp160r1 }" sha
+ 0xaa374ffc3ce144e6b073307972cb6d57b2a4e982
+ "abc"
+ 0x7b012db7681a3f28b9185c8b2ac5d528decd52da
+ 0xce2873e5be449563391feb47ddcba2dc16379191
+ 0x3480ec1371a091a464b31ce47df0cb8aa2d98b54;
+
+ "ec { sect163k1 }" sha
+ 0x3a41434aa99c2ef40c8495b2ed9739cb2155a1e0d
+ "abc"
+ 0xa40b301cc315c257d51d442234f5aff8189d2b6c
+ 0x994d2c41aa30e52952aea8462370471b2b0a34ac
+ 0x152f95ca15da1997a8c449e00cd2aa2accb988d7f;
+
"ec { nist-p256 }" sha256
0x7fb838a8a0a95046b9d9d9fb4440f7bbc1a7bd3b4e853fc92d4e1588719986aa
"An example message"
0x30e0d918fde3a33781f984b877f8501356b6fbae9
0;
+ "ec { secp160r1 }" sha
+ "0x51b4496fecc406ed0e75a24a3c03206251419dc0,
+ 0xc28dcb4b73a514b468d793894f381ccc1756aa6c"
+ "abc"
+ 0xce2873e5be449563391feb47ddcba2dc16379191
+ 0x3480ec1371a091a464b31ce47df0cb8aa2d98b54
+ 0;
+
+ "ec { sect163k1 }" sha
+ "0x037d529fa37e42195f10111127ffb2bb38644806bc,
+ 0x0447026eee8b34157f3eb51be5185d2be0249ed776"
+ "abc"
+ 0x994d2c41aa30e52952aea8462370471b2b0a34ac
+ 0x152f95ca15da1997a8c449e00cd2aa2accb988d7f
+ 0;
+
"ec { nist-p256 }" sha256
"0xcc2aecbc5c5f6d72cd7b937279d72a732abcf880ea47e012ebec77ddbca6ed40,
0x90f99cd799abc0ea571d0e02bad80f8323050b1adbdbff50060b6e1e6ebd8611"
+++ /dev/null
-# $Id: oaep,v 1.1 2000/07/15 10:03:30 mdw Exp $
-#
-# Test vectors for OAEP encoding
-
-# --- From http://wwww.esat.kuleuven.ac.be/~bosselae/ripemd160.html ---
-
-oaep {
- 54859b342c49ea2a "" aafd12f659cae63489b479e5076ddec2f06cb58f
- 007dcfd33b1ca1107625a3fbd99075e7c8adc134bf3f5c201b7ad3e8b3ede0b48136002dd2ec034f04cda492db86973642dd59f018b0908a6504b4f845be3236;
- 54859b342c49ea2a 3bf4c66f209e05f2a86eae213322fbf9252d6408 aafd12f659cae63489b479e5076ddec2f06cb58f
- 0062732b7784ac93f3ed97ed1d89c7aedf1e98a21f171240b14fa63ee789e54e78fc34dc63650b0395cda492db86973642dd59f018b0908a6504b4f845be3236;
- 54859b342c49ea2a 2771857832caf8f054940134a736233269f00d42 aafd12f659cae63489b479e5076ddec2f06cb58f
- 00071c2309ec131348e4faeeb5a409135a9c728b72e42e655755cdca7764183c4872204bb51c9bbb2ecda492db86973642dd59f018b0908a6504b4f845be3236;
-}
--- /dev/null
+# $Id: rsa,v 1.1 2004/04/08 01:36:16 mdw Exp $
+#
+# Test vectors for the completely mad RSA infrastructure tests
+
+p1sig-pad {
+ # nbits msg rc result eparam
+ 256 "616263" 0
+ 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263
+ "cc22cc";
+ 129 "616263" 0 0x0001ffffffffffffffff00cc22cc616263 "cc22cc";
+ 128 "616263" -1 0 "cc22cc";
+}
+
+p1sig-priv {
+ # n e d msg rc result eparam
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9
+ "616263" 0
+ 0xc484642d0e4dc4a4424d22410456dbdd9275b5c157d6974a66bee9aa02501c26
+ "cc22cc";
+
+ 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff
+ 0x10001
+ 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81
+ "a9993e364706816aba3e25717850c26c9cd0d89d" 0
+ 0x0f642606b7aaf99ff4bb5853c51e31a02c58d8c1c33f3c584d4edc58b08a16d5dc8064b6e198edcc4dc06666171a113619d7da16dfd96cebfdb5cc5050af6fab3d9f2ca8b8d6ece1d513fabc98a11fe37892fcf0827ea2e792427a69b3523504f46c55ed8af9a1c59687ca73c4baad7235a1a3faedec14f95ddfa8d0554739a8
+ "3021300906052b0e03021a05000414";
+}
+
+p1vrf-pad {
+ # nbits sig msg rc result eparam
+ 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263
+ "" 3 "616263" "cc22cc";
+ 256 0x0101ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263
+ "" -1 "" "cc22cc";
+ 256 0x0002ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263
+ "" -1 "" "cc22cc";
+ 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff01cc22cc616263
+ "" -1 "" "cc22cc";
+ 256 0x0001ffffffffffffffff00cc22ccffffffffffffffffffffff00cc22cc616263
+ "" 18 "ffffffffffffffffffffff00cc22cc616263" "cc22cc";
+ 256 0x0001ffffffffffffff00cc22ccffffffffffffffffffffffff00cc22cc616263
+ "" -1 "" "cc22cc";
+ 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc21cc616263
+ "" -1 "" "cc22cc";
+ 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616262
+ "" 3 "616262" "cc22cc";
+ 129 0x0001ffffffffffffffff00cc22cc616263 "" 3 "616263" "cc22cc";
+ 128 0x0001ffffffffffffff00cc22cc616263 "" -1 "" "cc22cc";
+}
+
+p1vrf-pub {
+ # n e sig msg rc result eparam
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0xc484642d0e4dc4a4424d22410456dbdd9275b5c157d6974a66bee9aa02501c26
+ "" 3 "616263" "cc22cc";
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0xc484642d0e4dc4a4424d22410456dbdd9275b5c157d6974a66bee9aa02501c26
+ "616263" 0 "" "cc22cc";
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0x27654c24f4ffefffc3bef7be8ae469db3069407702391eeb551ce9544621b63a
+ "" 18 "ffffffffffffffffffffff00cc22cc616263" "cc22cc";
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0xd980f3047ab74bc4e7bb99eeb17fcc657f50ee26146b7f2a9f982ef2f44cba
+ "" -1 "" "cc22cc";
+
+ 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff
+ 0x10001
+ 0x0f642606b7aaf99ff4bb5853c51e31a02c58d8c1c33f3c584d4edc58b08a16d5dc8064b6e198edcc4dc06666171a113619d7da16dfd96cebfdb5cc5050af6fab3d9f2ca8b8d6ece1d513fabc98a11fe37892fcf0827ea2e792427a69b3523504f46c55ed8af9a1c59687ca73c4baad7235a1a3faedec14f95ddfa8d0554739a8
+ "" 20 "a9993e364706816aba3e25717850c26c9cd0d89d"
+ "3021300906052b0e03021a05000414";
+}
+
+p1enc-pad {
+ # nbits msg rc ct eparam
+ 256 "616263" 0
+ 0x0002efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263 "";
+ 105 "616263" 0
+ 0x0002efbd98524ad6419b00616263 "";
+ 104 "616263" -1 0 "";
+}
+
+p1enc-pub {
+ # n e msg rc ct eparam
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001 "616263" 0
+ 0x8f20a0fc778b7c55567f41c344d39bfcdaca04fd475f2290dc05c236585a68ca "";
+
+ 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff
+ 0x10001
+ "616263"
+ 0
+ 0xaf91f5abf4766348eaaff1e8e5561b10bc1e3b15b6dff221869389a70d371d649b6cf78c5444f5d03a9feac12d5741cbc340e09d112063b1486568fca7c59b4c90604f0b6243eccc18901afa9001fc5f669108ebc75d6713e28d4a081723184332d4fb2ca391e3247a76c85323e66352d60c0a6ce8240af6f0583058820b1e32
+ "";
+}
+
+p1dec-pad {
+ # nbits msg rc pt eparam
+ 256 0x0002efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263
+ 3 "616263" "";
+ 105 0x0002efbd98524ad6419b00616263
+ 3 "616263" "";
+ 104 0x0002efbd98524ad64100616263
+ -1 "" "";
+ 256 0x0002efbdfc524ad6419b00537a59b42a4662918436d6e0e4804b6b1000616263
+ 21 "537a59b42a4662918436d6e0e4804b6b1000616263" "";
+ 256 0x0002efbdfc524ad6419b00537a59b42a4662918436d6e0e4804b6b1000616263
+ 3 "616263" "537a59b42a4662918436d6e0e4804b6b1000";
+ 256 0x0102efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263
+ -1 "" "";
+ 256 0x0001efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263
+ -1 "" "";
+ 256 0x0002efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263
+ 3 "616263" "";
+ 256 0x0002efbdfc524ad6410065537a59b42a4662918436d6e0e4804b6b1000616263
+ -1 "" "";
+}
+
+p1dec-priv {
+ # p e d msg rc pt eparam
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9
+ 0x8f20a0fc778b7c55567f41c344d39bfcdaca04fd475f2290dc05c236585a68ca
+ 3 "616263" "";
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9
+ 0x19d6408010f0c2722b44cd4d5e006b6ffaa634aa225d727fa37c7c6ec29c5155
+ 21 "537a59b42a4662918436d6e0e4804b6b1000616263" "";
+ 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3
+ 0x10001
+ 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9~
+ 0x952aa4893cd2620e4942f449529ea2f7105b9d67e041a676259fb986bc507b7d
+ -1 "" "";
+
+ 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff
+ 0x10001
+ 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81
+ 0xaf91f5abf4766348eaaff1e8e5561b10bc1e3b15b6dff221869389a70d371d649b6cf78c5444f5d03a9feac12d5741cbc340e09d112063b1486568fca7c59b4c90604f0b6243eccc18901afa9001fc5f669108ebc75d6713e28d4a081723184332d4fb2ca391e3247a76c85323e66352d60c0a6ce8240af6f0583058820b1e32
+ 3 "616263" "";
+}
+
+oaepenc-pad {
+ # nbits msg rc ct mgf hash eparam
+ 1024 "616263" 0
+ 0x151709bd895ba510b5b3de3293c6de93adbb20cb065dcfbe3b2ca60aa39e458b30d14406eba05f0e479ddff40f554aba11da533c6d98df0321164c986807e8019c6918896817f37700a46c7fd71741a7692fcbd443952b67c32b838a576332b3bc1bab002fe3c941e9150d08b539908ef7f1901ac1246065c8520ac1beffed
+ sha-mgf sha "";
+}
+
+oaepdec-pad {
+ # nbits msg rc pt mgf hash eparam
+ 1024
+ 0x151709bd895ba510b5b3de3293c6de93adbb20cb065dcfbe3b2ca60aa39e458b30d14406eba05f0e479ddff40f554aba11da533c6d98df0321164c986807e8019c6918896817f37700a46c7fd71741a7692fcbd443952b67c32b838a576332b3bc1bab002fe3c941e9150d08b539908ef7f1901ac1246065c8520ac1beffed
+ 3 "616263" sha-mgf sha "";
+ 1024
+ 0x151709bd895ba510b5b3de3293c6de93adbb20cb065dcfbe3b2ca60aa39e458b30d14406eba05f0e479ddff40f554aba11da533c6d98df0321164c986807e8019c6918896817f37700a46c7fd71741a7692fcbd443952b67c32b838a576332b3bc1bab002fe3c941e9150d08b539908ef7f1901ac1246065c8520ac1beffec
+ -1 "" sha-mgf sha "";
+}
+
+oaepenc-pub {
+ # n e msg rc ct mgf hash eparam
+ 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff
+ 0x10001
+ "616263"
+ 0
+ 0xa5c94083e56aeff3490a4abd63251b332a26cca0e521815af5d2915b2422fbc7e672c8e67c3dea8c355e0b999a1f8acc905cc4437a6ddc5a7d6f54489436bd24922f83d75629d2cb92a7963d010727ef8981c3c01971962f454e42d54996e74617022d7513505fef7b1f7d5dbdeccc4673594d01f943236e4439b3175c3f801b
+ sha-mgf sha "";
+}
+
+oaepdec-priv {
+ # n e d msg rc pt mgf hash eparam
+ 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff
+ 0x10001
+ 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81
+ 0x6ae9901c7c40104b38e10097bd42212afd437867ee4c72e7e81d7486b8721aeab493be40e3bd4335bef05c76bba1a2e30795e76fe04517d5f8fa87d16756002b061674594cb85c32b96c3a690e135d64923bd7551c45b6b89ebb89941377ce02d5c801feb33c20ebacf8dd6d6bd44d4f29bc2ff4dca35db52da545ef97733955
+ 3 "616263" sha-mgf sha "";
+ 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff
+ 0x10001
+ 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81
+ 0x6ae9901c7c40104b38e10097bd42212afd437867ee4c72e7e81d7486b8721aeab493be40e3bd4335bef05c76bba1a2e30795e76fe04517d5f8fa87d16756002b061674594cb85c32b96c3a690e135d64923bd7551c45b6b89ebb89941377ce02d5c801feb33c20ebacf8dd6d6bd44d4f29bc2ff4dca35db52da545ef97733954
+ -1 "" sha-mgf sha "";
+}
+
+psssig-pad {
+ # nbits msg rc result mgf hash saltsz
+ 256 "a9993e364706816aba3e25717850c26c9cd0d89d" 0
+ 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc
+ sha-mgf sha 10;
+ 256 "a9993e364706816aba3e25717850c26c9cd0d89d" -1
+ 0 sha-mgf sha 20;
+ 273 "a9993e364706816aba3e25717850c26c9cd0d89d" 0
+ 0xb5c91e4c0c00aaaffba7d581011366f0477cf42d9b98fddf692f3d14f9b8a168e4bc
+ sha-mgf sha 10;
+}
+
+pssvrf-pad {
+ # nbits sig msg rc result mgf hash saltsz
+ 256
+ 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc
+ "a9993e364706816aba3e25717850c26c9cd0d89d" 0 "" sha-mgf sha 10;
+ 256
+ 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc
+ "a9993e364706816aba3e25717850c26c9cd0d89e" -1 "" sha-mgf sha 10;
+ 256
+ 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bd
+ "a9993e364706816aba3e25717850c26c9cd0d89d" -1 "" sha-mgf sha 10;
+ 256
+ 0x3526a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc
+ "a9993e364706816aba3e25717850c26c9cd0d89d" -1 "" sha-mgf sha 10;
+}
+
+psssig-priv {
+ 0x6af87c8c97ae0c7668bc361ff1c358198309c80cd8a74a6d9d9cc846ea63ede9
+ 0x10001
+ 0x30ec4a0a5854d733a5ddc3e3584469f0a7d4b1f0cb38b8cfb04483c68b77a01
+ "a9993e364706816aba3e25717850c26c9cd0d89d" 0
+ 0x2b484543397da31ca7aaf774c4b19acd69eb8bc230b6d98a2ae10798793bd53f
+ sha-mgf sha 10;
+}
+
+pssvrf-pub {
+ 0x6af87c8c97ae0c7668bc361ff1c358198309c80cd8a74a6d9d9cc846ea63ede9
+ 0x10001
+ 0x2b484543397da31ca7aaf774c4b19acd69eb8bc230b6d98a2ae10798793bd53f
+ "a9993e364706816aba3e25717850c26c9cd0d89d" 0 "" sha-mgf sha 10;
+}
/* -*-c-*-
*
- * $Id: tiger-base.h,v 1.1 2000/07/15 10:02:43 mdw Exp $
+ * $Id: tiger-base.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Common definitions for the Tiger hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tiger-base.h,v $
- * Revision 1.1 2000/07/15 10:02:43 mdw
- * Anderson and Biham's Tiger hash function added.
- *
- */
-
#ifndef CATACOMB_TIGER_BASE_H
#define CATACOMB_TIGER_BASE_H
/* -*-c-*-
*
- * $Id: tiger-mktab.c,v 1.1 2000/07/15 10:02:43 mdw Exp $
+ * $Id: tiger-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* Generate S-boxes for the Tiger hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tiger-mktab.c,v $
- * Revision 1.1 2000/07/15 10:02:43 mdw
- * Anderson and Biham's Tiger hash function added.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: tiger.c,v 1.1 2000/07/15 10:02:43 mdw Exp $
+ * $Id: tiger.c,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The Tiger hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tiger.c,v $
- * Revision 1.1 2000/07/15 10:02:43 mdw
- * Anderson and Biham's Tiger hash function added.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: tiger.h,v 1.2 2000/10/15 19:09:20 mdw Exp $
+ * $Id: tiger.h,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Tiger hash function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tiger.h,v $
- * Revision 1.2 2000/10/15 19:09:20 mdw
- * Support HMAC mode for hash functions which need to store more state than
- * the hash output size.
- *
- * Revision 1.1 2000/07/15 10:02:43 mdw
- * Anderson and Biham's Tiger hash function added.
- *
- */
-
/*----- Notes on the Tiger hash function ----------------------------------*
*
* Tiger was designed by Eli Biham and Ross Anderson to be an efficient and
/* -*-c-*-
*
- * $Id: tlsprf.c,v 1.2 2001/04/06 22:05:53 mdw Exp $
+ * $Id: tlsprf.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The TLS pseudo-random function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tlsprf.c,v $
- * Revision 1.2 2001/04/06 22:05:53 mdw
- * Change dummy names in grand objects so that they say what sort of thing
- * they are.
- *
- * Revision 1.1 2001/04/04 20:10:52 mdw
- * Add support for the TLS pseudo-random function.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/alloc.h>
void tlsdx_init(tlsdx_ctx *c, gmac *m, const void *sd, size_t sdsz)
{
c->k = m;
- c->hashsz = c->k->ops->c->hashsz;
+ c->hashsz = GM_CLASS(c->k)->hashsz;
c->sd = sd; c->sdsz = sdsz;
- c->i = c->k->ops->init(c->k);
- c->i->ops->hash(c->i, sd, sdsz);
- c->ai = c->i->ops->done(c->i, 0);
- c->o = c->k->ops->init(c->k);
- c->o->ops->hash(c->o, c->ai, c->hashsz);
- c->o->ops->hash(c->o, sd, sdsz);
- c->p = c->o->ops->done(c->o, 0);
+ c->i = GM_INIT(c->k);
+ GH_HASH(c->i, sd, sdsz);
+ c->ai = GH_DONE(c->i, 0);
+ c->o = GM_INIT(c->k);
+ GH_HASH(c->o, c->ai, c->hashsz);
+ GH_HASH(c->o, sd, sdsz);
+ c->p = GH_DONE(c->o, 0);
c->sz = c->hashsz;
}
if (c->sz)
n = c->sz;
else {
- h = c->k->ops->init(c->k);
- h->ops->hash(h, c->ai, c->hashsz);
- c->ai = h->ops->done(h, 0);
- c->i->ops->destroy(c->i);
+ h = GM_INIT(c->k);
+ GH_HASH(h, c->ai, c->hashsz);
+ c->ai = GH_DONE(h, 0);
+ GH_DESTROY(c->i);
c->i = h;
- c->o->ops->destroy(c->o);
- h = c->o = c->k->ops->init(c->k);
- h->ops->hash(h, c->ai, c->hashsz);
- h->ops->hash(h, c->sd, c->sdsz);
- c->p = h->ops->done(h, 0);
+ GH_DESTROY(c->o);
+ h = c->o = GM_INIT(c->k);
+ GH_HASH(h, c->ai, c->hashsz);
+ GH_HASH(h, c->sd, c->sdsz);
+ c->p = GH_DONE(h, 0);
c->sz = n = c->hashsz;
}
if (n > sz)
void tlsdx_free(tlsdx_ctx *c)
{
- c->i->ops->destroy(c->i);
- c->o->ops->destroy(c->o);
+ GH_DESTROY(c->i);
+ GH_DESTROY(c->o);
}
/* --- Generic random number generator --- */
{
dx_grctx *g = S_CREATE(dx_grctx);
dstr d = DSTR_INIT;
- gmac *m = mc->key(k, ksz);
+ gmac *m = GM_KEY(mc, k, ksz);
octet *q = xmalloc(sdsz);
memcpy(q, sd, sdsz);
dstr_putf(&d, "tlsdx(%s)", mc->name);
/* -*-c-*-
*
- * $Id: tlsprf.h,v 1.1 2001/04/04 20:10:52 mdw Exp $
+ * $Id: tlsprf.h,v 1.2 2004/04/08 01:36:15 mdw Exp $
*
* The TLS pseudo-random function
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: tlsprf.h,v $
- * Revision 1.1 2001/04/04 20:10:52 mdw
- * Add support for the TLS pseudo-random function.
- *
- */
-
#ifndef CATACOMB_TLSPRF_H
#define CATACOMB_TLSPRF_H
/* -*-c-*-
*
- * $Id: twofish-mktab.c,v 1.4 2000/10/08 12:08:10 mdw Exp $
+ * $Id: twofish-mktab.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Build constant tables for Twofish
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: twofish-mktab.c,v $
- * Revision 1.4 2000/10/08 12:08:10 mdw
- * Escape literal newlines in output string.
- *
- * Revision 1.3 2000/06/26 17:14:42 mdw
- * (rslog): Ensure that log(1) = 0 (not 255, as previously). While the two
- * are strictly equivalent, it means that the exp table is larger than it
- * otherwise needs to be.
- *
- * Revision 1.2 2000/06/18 23:12:15 mdw
- * Change typesetting of Galois Field names.
- *
- * Revision 1.1 2000/06/17 12:10:17 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <stdio.h>
/* -*-c-*-
*
- * $Id: twofish.c,v 1.4 2004/04/02 01:03:49 mdw Exp $
+ * $Id: twofish.c,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* Implementation of the Twofish cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: twofish.c,v $
- * Revision 1.4 2004/04/02 01:03:49 mdw
- * Miscellaneous constification.
- *
- * Revision 1.3 2002/01/13 13:37:59 mdw
- * Add support for Twofish family keys.
- *
- * Revision 1.2 2000/06/22 18:58:00 mdw
- * Twofish can handle keys with any byte-aligned size.
- *
- * Revision 1.1 2000/06/17 12:10:17 mdw
- * New cipher.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <assert.h>
/* -*-c-*-
*
- * $Id: twofish.h,v 1.4 2002/01/13 13:37:59 mdw Exp $
+ * $Id: twofish.h,v 1.5 2004/04/08 01:36:15 mdw Exp $
*
* The Twofish block cipher
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: twofish.h,v $
- * Revision 1.4 2002/01/13 13:37:59 mdw
- * Add support for Twofish family keys.
- *
- * Revision 1.3 2001/04/29 18:12:43 mdw
- * Fix formatting.
- *
- * Revision 1.2 2000/10/08 15:48:58 mdw
- * Update comments now that AES has been chosen.
- *
- * Revision 1.1 2000/06/17 12:10:17 mdw
- * New cipher.
- *
- */
-
/*----- Notes on the Twofish block cipher ---------------------------------*
*
* Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David
/* -*-c-*-
*
- * $Id: xtea.c,v 1.2 2000/07/29 09:56:47 mdw Exp $
+ * $Id: xtea.c,v 1.3 2004/04/08 01:36:15 mdw Exp $
*
* The Extended Tiny Encryption Algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: xtea.c,v $
- * Revision 1.2 2000/07/29 09:56:47 mdw
- * Allow the number of rounds to be configured. This isn't exported
- * through the gcipher interface, but it may be useful anyway.
- *
- * Revision 1.1 2000/07/15 13:44:31 mdw
- * New ciphers.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include <mLib/bits.h>
/* -*-c-*-
*
- * $Id: xtea.h,v 1.3 2000/07/29 09:56:47 mdw Exp $
+ * $Id: xtea.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The Extended Tiny Encryption Algorithm
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: xtea.h,v $
- * Revision 1.3 2000/07/29 09:56:47 mdw
- * Allow the number of rounds to be configured. This isn't exported
- * through the gcipher interface, but it may be useful anyway.
- *
- * Revision 1.2 2000/07/15 13:47:14 mdw
- * Whoops. Fix the purpose comment.
- *
- * Revision 1.1 2000/07/15 13:44:31 mdw
- * New ciphers.
- *
- */
-
/*----- Notes on the Tiny Encryption Algorithm ----------------------------*
*
* XTEA is an amazingly simple 64-round Feistel network. It's tiny, fairly