From b817bfc642225b8c3c0b6a7e42d1fb949b61a606 Mon Sep 17 00:00:00 2001 From: mdw Date: Thu, 8 Apr 2004 01:36:29 +0000 Subject: [PATCH] Expunge revision histories in files. --- Makefile.m4 | 270 +-------------------------- acconfig.h | 17 +- arena.c | 10 +- arena.h | 10 +- bbs-fetch.c | 13 +- bbs-gen.c | 22 +-- bbs-jump.c | 19 +- bbs-rand.c | 21 +-- bbs.h | 27 +-- bitops.h | 10 +- bittest.c | 10 +- blkc.h | 27 +-- blowfish-mktab.c | 13 +- blowfish.c | 16 +- blowfish.h | 16 +- buf.c | 33 +--- buf.h | 23 +-- calc/ec2.cal | 25 +-- calc/ecp.cal | 25 +-- calc/gfx-test.cal | 10 +- calc/gfx.cal | 16 +- cast-base.h | 13 +- cast-s.c | 13 +- cast-sk.c | 13 +- cast-tab.h | 10 +- cast128.c | 10 +- cast128.h | 10 +- cast256.c | 10 +- cast256.h | 10 +- catacomb-config.in | 9 +- cbc-def.h | 19 +- cbc.h | 16 +- cfb-def.h | 19 +- cfb.h | 19 +- configure.in | 63 +------ counter-def.h | 16 +- counter.h | 16 +- crc32.c | 13 +- crc32.h | 10 +- daftstory.h | 16 +- des-base.c | 16 +- des-base.h | 16 +- des-mktab.c | 19 +- des.c | 13 +- des.h | 16 +- des3.c | 13 +- des3.h | 16 +- desx-tab.h | 10 +- desx.c | 13 +- desx.h | 10 +- dh-check.c | 13 +- dh-fetch.c | 13 +- dh-gen.c | 13 +- dh-limlee.c | 14 +- dh-param.c | 14 +- dh.h | 30 +-- dsa-check.c | 10 +- dsa-gen.c | 36 +--- dsa-sign.c | 17 +- dsa-verify.c | 28 +-- dsa.h | 31 +--- dsarand.c | 17 +- dsarand.h | 17 +- dsig.c | 38 +--- ec-bin.c | 39 +--- ec-exp.c | 14 +- ec-exp.h | 27 +-- ec-fetch.c | 10 +- ec-info.c | 25 +-- ec-keys.h | 17 +- ec-prime.c | 52 +----- ec-raw.c | 10 +- ec-raw.h | 10 +- ec-test.c | 26 +-- ec-test.h | 10 +- ec.c | 47 +---- ec.h | 53 +----- ecb-def.h | 13 +- ecb.h | 13 +- ectab.h | 22 +-- exp.c | 11 +- exp.h | 22 +-- f-binpoly.c | 39 +--- f-niceprime.c | 30 +-- f-prime.c | 57 +----- factorial.c | 17 +- fibrand.c | 19 +- fibrand.h | 13 +- field-parse.c | 18 +- field.c | 23 +-- field.h | 49 +---- fipstest.c | 16 +- fipstest.h | 17 +- g-ec.c | 20 +- g-prime.c | 26 +-- gcipher.h | 16 +- gdsa.c | 16 +- gdsa.h | 10 +- gengctab | 5 +- genprimes.c | 29 +-- gf-arith.c | 16 +- gf-gcd.c | 41 +++-- gf.h | 31 ++-- gfn.c | 12 +- gfn.h | 12 +- gfreduce-exp.h | 13 +- gfreduce.c | 19 +- gfreduce.h | 13 +- gfshare-mktab.c | 16 +- gfshare.c | 34 +--- gfshare.h | 27 +-- gfx-kmul.c | 16 +- gfx-sqr-mktab.c | 10 +- gfx-sqr.c | 19 +- gfx.c | 10 +- gfx.h | 16 +- ghash-def.h | 29 +-- ghash.h | 30 +-- gkcdsa.c | 13 +- gkcdsa.h | 10 +- gmac.h | 16 +- grand.c | 13 +- grand.h | 26 +-- group-dstr.c | 14 +- group-exp.c | 14 +- group-exp.h | 14 +- group-file.c | 17 +- group-parse.c | 17 +- group-stdops.c | 14 +- group-string.c | 14 +- group-test.c | 17 +- group.h | 20 +- has160.c | 10 +- has160.h | 10 +- hash.h | 19 +- hashsum.c | 45 +---- hmac-def.h | 33 +--- hmac.h | 26 +-- idea.c | 20 +- idea.h | 16 +- karatsuba.h | 14 +- key-attr.c | 19 +- key-binary.c | 30 +-- key-data.c | 23 +-- key-data.h | 16 +- key-error.c | 16 +- key-fetch.c | 10 +- key-file.c | 13 +- key-flags.c | 22 +-- key-io.c | 22 +-- key-misc.c | 20 +- key-moan.c | 10 +- key-pack.c | 13 +- key-pass.c | 19 +- key-text.c | 23 +-- key.1 | 12 +- key.h | 38 +--- keycheck-mp.c | 10 +- keycheck-report.c | 10 +- keycheck.c | 13 +- keycheck.h | 10 +- keyring.5 | 20 +- keysz.c | 10 +- keyutil.c | 86 +-------- lcrand.c | 19 +- lcrand.h | 13 +- limlee.c | 36 +--- limlee.h | 21 +-- lmem.c | 22 +-- lmem.h | 20 +- manual/catacomb.tex | 12 +- mars-mktab.c | 10 +- mars.c | 10 +- mars.h | 10 +- maurer.c | 16 +- maurer.h | 13 +- md2-tab.h | 10 +- md2.c | 13 +- md2.h | 10 +- md4.c | 16 +- md4.h | 20 +- md5.c | 16 +- md5.h | 20 +- mgf-def.h | 10 +- mgf.h | 10 +- mkphrase.c | 19 +- mp-arith.c | 65 +------ mp-const.c | 15 +- mp-gcd.c | 50 +++-- mp-io.c | 27 +-- mp-jacobi.c | 19 +- mp-mem.c | 28 +-- mp-misc.c | 19 +- mp-modsqrt.c | 23 +-- mp-sqrt.c | 20 +- mp-test.c | 10 +- mp.h | 77 ++------ mparena.c | 25 +-- mparena.h | 16 +- mpbarrett-exp.c | 22 +-- mpbarrett-exp.h | 16 +- mpbarrett-mexp.c | 24 +-- mpbarrett.c | 42 +---- mpbarrett.h | 23 +-- mpcrt.c | 29 +-- mpcrt.h | 13 +- mpdump.c | 10 +- mpint.c | 16 +- mpint.h | 24 +-- mpmont-exp.c | 19 +- mpmont-exp.h | 16 +- mpmont-mexp.c | 43 +---- mpmont.c | 78 +------- mpmont.h | 35 +--- mpmul.c | 20 +- mpmul.h | 10 +- mprand.c | 23 +-- mprand.h | 13 +- mpreduce-exp.h | 16 +- mpreduce.c | 10 +- mpreduce.h | 10 +- mpscan.c | 17 +- mpscan.h | 20 +- mptext-dstr.c | 16 +- mptext-file.c | 13 +- mptext-len.c | 10 +- mptext-string.c | 23 +-- mptext.c | 62 +------ mptext.h | 26 +-- mptypes.c | 17 +- mpw.h | 16 +- mpx-kmul.c | 35 +--- mpx-ksqr.c | 30 +-- mpx.c | 70 +------ mpx.h | 58 +----- noekeon.c | 13 +- noekeon.h | 19 +- noise.c | 29 +-- noise.h | 23 +-- oaep.c | 211 ++++++--------------- oaep.h | 123 ------------- ofb-def.h | 25 +-- ofb.h | 19 +- papers/rand.tex | 15 +- paranoia.h | 13 +- passphrase.c | 24 +-- passphrase.h | 10 +- pfilt.c | 42 +---- pfilt.h | 30 +-- pgen-gcd.c | 15 +- pgen-safe.c | 20 +- pgen-stdev.c | 16 +- pgen.c | 32 +--- pgen.h | 27 +-- pixie-client.c | 14 +- pixie-common.c | 10 +- pixie.c | 70 +------ pixie.h | 14 +- pkcs1.c | 163 +++++++++-------- pkcs1.h | 138 -------------- prim.c | 18 +- prim.h | 15 +- pss.c | 268 +++++++++++---------------- pss.h | 167 ----------------- ptab.h | 14 +- qdparse.c | 10 +- qdparse.h | 10 +- rabin.c | 33 +--- rabin.h | 27 +-- rand.c | 23 +-- rand.h | 33 +--- rc2-tab.h | 10 +- rc2.c | 13 +- rc2.h | 10 +- rc4.c | 23 +-- rc4.h | 17 +- rc5.c | 13 +- rc5.h | 16 +- rho.c | 19 +- rho.h | 13 +- rijndael-base.c | 10 +- rijndael-base.h | 10 +- rijndael-mktab.c | 16 +- rijndael.c | 19 +- rijndael.h | 16 +- rijndael192.c | 10 +- rijndael192.h | 10 +- rijndael256.c | 10 +- rijndael256.h | 10 +- rmd128.c | 10 +- rmd128.h | 14 +- rmd160.c | 16 +- rmd160.h | 20 +- rmd256.c | 13 +- rmd256.h | 14 +- rmd320.c | 10 +- rmd320.h | 14 +- rsa-fetch.c | 13 +- rsa-gen.c | 36 +--- rsa-priv.c | 104 +++-------- rsa-pub.c | 123 ++++++------- rsa-recover.c | 27 +-- rsa-test.c | 514 ++++++++++++++++++++++++++++++++++++++++++++++++++++ rsa.h | 141 +++++++++----- rspit.c | 71 +------- safer-mktab.c | 10 +- safer.c | 10 +- safer.h | 13 +- seal.c | 10 +- seal.h | 10 +- serpent-check.c | 10 +- serpent-sbox.h | 10 +- serpent.c | 10 +- serpent.h | 13 +- sha.c | 16 +- sha.h | 23 +-- sha256.c | 13 +- sha256.h | 17 +- sha512.c | 10 +- sha512.h | 14 +- share.c | 31 +--- share.h | 18 +- skipjack-tab.h | 10 +- skipjack.c | 20 +- skipjack.h | 14 +- square-mktab.c | 13 +- square.c | 13 +- square.h | 13 +- sslprf.c | 34 ++-- sslprf.h | 10 +- strongprime.c | 19 +- strongprime.h | 13 +- tea.c | 14 +- tea.h | 14 +- tests/Makefile.m4 | 12 +- tests/gdsa | 32 +++- tests/oaep | 14 -- tests/rsa | 232 ++++++++++++++++++++++++ tiger-base.h | 10 +- tiger-mktab.c | 10 +- tiger.c | 10 +- tiger.h | 14 +- tlsprf.c | 54 +++--- tlsprf.h | 10 +- twofish-mktab.c | 21 +-- twofish.c | 19 +- twofish.h | 19 +- xtea.c | 14 +- xtea.h | 17 +- 349 files changed, 1729 insertions(+), 7420 deletions(-) delete mode 100644 oaep.h delete mode 100644 pkcs1.h delete mode 100644 pss.h create mode 100644 rsa-test.c delete mode 100644 tests/oaep create mode 100644 tests/rsa diff --git a/Makefile.m4 b/Makefile.m4 index 3f2672dd..890dc8fb 100644 --- a/Makefile.m4 +++ b/Makefile.m4 @@ -1,6 +1,6 @@ ## -*-m4-*- ## -## $Id: Makefile.m4,v 1.79 2004/04/04 19:42:59 mdw Exp $ +## $Id: Makefile.m4,v 1.80 2004/04/08 01:36:15 mdw Exp $ ## ## Makefile for Catacomb ## @@ -26,263 +26,6 @@ ## Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, ## MA 02111-1307, USA. -##----- Revision history ---------------------------------------------------- -## -## $Log: Makefile.m4,v $ -## Revision 1.79 2004/04/04 19:42:59 mdw -## Add set -e. -## -## Revision 1.78 2004/04/04 19:04:11 mdw -## Raw I/O of elliptic curve points and group elements. -## -## Revision 1.77 2004/04/01 21:28:41 mdw -## Normal basis support (translates to poly basis internally). Rewrite -## EC and prime group table generators in awk, so that they can reuse data -## for repeated constants. -## -## Revision 1.76 2004/04/01 12:59:40 mdw -## Ooops! qdparse needs mp headers. -## -## Revision 1.75 2004/04/01 12:50:09 mdw -## Add cyclic group abstraction, with test code. Separate off exponentation -## functions for better static linking. Fix a buttload of bugs on the way. -## Generally ensure that negative exponents do inversion correctly. Add -## table of standard prime-field subgroups. (Binary field subgroups are -## currently unimplemented but easy to add if anyone ever finds a good one.) -## -## Revision 1.74 2004/03/28 01:58:47 mdw -## Generate, store and retreive elliptic curve keys. -## -## Revision 1.73 2004/03/27 18:38:00 mdw -## Fix distribution. -## -## Revision 1.72 2004/03/27 17:55:11 mdw -## Run ec-info test. -## -## Revision 1.71 2004/03/27 17:54:11 mdw -## Standard curves and curve checking. -## -## Revision 1.70 2004/03/27 00:04:46 mdw -## Implement efficient reduction for pleasant-looking primes. -## -## Revision 1.69 2004/03/23 15:19:32 mdw -## Test elliptic curves more thoroughly. -## -## Revision 1.68 2004/03/21 23:03:30 mdw -## Distribute headers properly. -## -## Revision 1.67 2004/03/21 22:52:06 mdw -## Merge and close elliptic curve branch. -## -## Revision 1.60.2.2 2004/03/21 22:39:46 mdw -## Elliptic curves on binary fields work. -## -## Revision 1.60.2.1 2003/06/10 13:43:53 mdw -## Simple (non-projective) curves over prime fields now seem to work. -## -## Revision 1.66 2004/03/21 22:43:50 mdw -## New hash variant SHA224. -## -## Revision 1.65 2003/11/29 23:39:36 mdw -## Debianization. -## -## Revision 1.64 2003/11/10 22:18:30 mdw -## Build fixes. -## -## Revision 1.63 2003/10/17 16:30:46 mdw -## Report errors if key files don't exist! -## -## Revision 1.62 2003/10/12 15:02:09 mdw -## Reliability fixes. -## -## Revision 1.61 2003/10/11 21:02:33 mdw -## Import buf stuff from tripe. -## -## Revision 1.60 2003/05/16 01:12:37 mdw -## Ship `rc2-tab.h' and `skipjack-tab.h'. -## -## Revision 1.59 2003/05/16 00:54:50 mdw -## Install pixie to fake root if wanted. Ship `desx-tab.h' -## -## Revision 1.58 2002/10/19 17:56:50 mdw -## Fix bit operations. Test them (a bit) better. -## -## Revision 1.57 2002/10/15 22:58:29 mdw -## Fast estimation of number representation lengths. -## -## Revision 1.56 2001/06/16 13:01:10 mdw -## New source files and tests. -## -## Revision 1.55 2001/05/08 22:17:41 mdw -## New cipher Noekeon added. -## -## Revision 1.54 2001/05/07 17:32:52 mdw -## New Rijndael block sizes. -## -## Revision 1.53 2001/04/29 18:11:19 mdw -## New block cipher MARS. -## -## Revision 1.52 2001/04/29 17:37:35 mdw -## Added SAFER block cipher. -## -## Revision 1.51 2001/04/19 18:26:32 mdw -## Add CRC as another hash function. -## -## Revision 1.50 2001/04/06 22:05:10 mdw -## Add support for SSL pseudo-random function. -## -## Revision 1.49 2001/04/04 20:10:52 mdw -## Add support for the TLS pseudo-random function. -## -## Revision 1.48 2001/04/03 19:36:50 mdw -## New block cipher DESX added. -## -## Revision 1.47 2001/03/03 13:14:13 mdw -## Distribute md2-tab.h -## -## Revision 1.46 2001/02/21 20:03:22 mdw -## Added support for MD2 hash function. -## -## Revision 1.45 2001/02/03 16:09:41 mdw -## New files added. -## -## Revision 1.44 2000/10/15 17:49:00 mdw -## New SHA variants with longer outputs. -## -## Revision 1.43 2000/10/08 16:01:26 mdw -## Add binary poly arithmetic. Tidy table generation stuff. Distribute -## calc prototypes. -## -## Revision 1.42 2000/10/08 12:16:06 mdw -## Remove vestiges of @primorial@. -## -## Revision 1.41 2000/08/15 21:46:20 mdw -## Set up the dependencies on primetab.[ch] and mptypes.h properly. -## There's some m4 hacking, but it's worth it not to have to recompile all -## the cipher modes. -## -## Revision 1.40 2000/08/06 10:50:55 mdw -## (mkphrase): New program for generating random passphrases with measured -## strength. -## -## Revision 1.39 2000/07/29 21:55:32 mdw -## Make sure the pixie is installed setuid-root (workaround for an Automake -## bug). Install new manpages. -## -## Revision 1.38 2000/07/29 10:54:55 mdw -## Further fixing to support building using normal `make' again. ;-) I -## think we're there now. -## -## Revision 1.37 2000/07/29 10:02:36 mdw -## Lots of fixing to support `make -j' building. -## -## Revision 1.36 2000/07/20 20:13:38 mdw -## Added Bellare and Rogaway's PSS encoding for RSA signatures. -## -## Revision 1.35 2000/07/16 20:00:46 mdw -## Bug fixes to distribution. -## -## Revision 1.34 2000/07/15 20:55:32 mdw -## More hashes and ciphers. An extra tool. -## -## Revision 1.33 2000/07/09 21:34:15 mdw -## New hash functions and other stuff. -## -## Revision 1.32 2000/07/01 11:27:32 mdw -## Name changes and new files. -## -## Revision 1.31 2000/06/25 13:02:07 mdw -## Fix cleaning of generated files. -## -## Revision 1.30 2000/06/22 19:10:33 mdw -## Fix Makefile to test mp-sqrt.c. -## -## Revision 1.29 2000/06/22 19:04:19 mdw -## More new functions to be added. -## -## Revision 1.28 2000/06/18 23:31:18 mdw -## Rearrange build order to ensure that `mptypes.h' exists by the time it's -## needed. -## -## Revision 1.27 2000/06/17 13:28:50 mdw -## Minor tidying and fixing. -## -## Revision 1.26 2000/06/17 10:33:43 mdw -## Lots of new ciphers and other files. -## -## Revision 1.25 2000/02/12 18:55:40 mdw -## Make it all compile properly. -## -## Revision 1.24 2000/02/12 18:22:26 mdw -## Missed a file. Whoops. -## -## Revision 1.23 2000/02/12 18:21:01 mdw -## Overhaul of key management (again). -## -## Revision 1.22 1999/12/22 16:04:06 mdw -## Lots of new files. -## -## Revision 1.21 1999/12/13 15:47:58 mdw -## Fix a couple of minor bugs in the distribution set. -## -## Revision 1.19 1999/12/11 10:58:24 mdw -## Fix bug in test rig link flags. Add Karatsuba squaring. -## -## Revision 1.18 1999/12/10 23:30:01 mdw -## Lots of new files. -## -## Revision 1.17 1999/11/25 11:38:31 mdw -## Support for conversions between MPs and C integers. -## -## Revision 1.16 1999/11/22 20:51:33 mdw -## Add yet more source files. -## -## Revision 1.15 1999/11/22 14:08:30 mdw -## Improve dependencies for test programs. -## -## Revision 1.14 1999/11/22 00:17:09 mdw -## Create object files for test programs so that rebuilding doesn't take so -## long. -## -## Revision 1.12 1999/11/20 22:36:26 mdw -## Improve dependencies. Move mpx testing into mpx.c. -## -## Revision 1.11 1999/11/20 22:24:53 mdw -## Add Diffie-Hellman support. -## -## Revision 1.10 1999/11/19 19:28:24 mdw -## Add DSA files and tests. -## -## Revision 1.9 1999/11/17 18:05:35 mdw -## Many new files and test cases for multiprecision arithmetic. -## -## Revision 1.8 1999/11/13 01:56:07 mdw -## Include multiprecision maths stuff. -## -## Revision 1.7 1999/11/11 19:01:02 mdw -## Use `libtool' to generate a shared library. -## -## Revision 1.6 1999/11/11 17:47:34 mdw -## Updates for new configuration system, and `mptypes' generator. -## -## Revision 1.5 1999/11/11 00:59:17 mdw -## Minor reformatting. -## -## Revision 1.4 1999/10/24 10:20:36 mdw -## Modify for standalone distribution. The library's getting far too large -## to be sensibly embedded in other programs. -## -## Revision 1.3 1999/10/24 10:04:26 mdw -## Install headers in the right directory. -## -## Revision 1.2 1999/10/23 12:55:35 mdw -## The `CVS' directory can't be hardlinked. Don't worry about this -## overmuch. -## -## Revision 1.1 1999/09/03 08:41:11 mdw -## Initial import. -## - AUTOMAKE_OPTIONS = foreign SUBDIRS = tests @@ -373,6 +116,7 @@ ptab.c: ptab.in p-gentab.awk mpdump gciphertab.c: gengctab $(srcdir)/gengctab gccipher gcipher >gciphertab.c.new \ "lit(join(`ciphers', `-', `cipher_modes')) \ + lit(join(`hashes', `-', `_(mgf)')) \ rc4 seal" mv gciphertab.c.new gciphertab.c @@ -383,7 +127,8 @@ gmactab.c: gengctab ghashtab.c: gengctab $(srcdir)/gengctab gchash ghash >ghashtab.c.new \ - "lit(`hashes')" + "lit(`hashes') \ + crc32=gcrc32" mv ghashtab.c.new ghashtab.c BUILT_SOURCES = \ @@ -413,7 +158,7 @@ pkginclude_HEADERS = \ primetab.h pfilt.h rabin.h \ pgen.h prim.h strongprime.h limlee.h keycheck.h \ bbs.h rsa.h dh.h dsarand.h dsa.h gdsa.h gkcdsa.h \ - oaep.h pkcs1.h pss.h tlsprf.h sslprf.h \ + tlsprf.h sslprf.h \ gfshare.h share.h \ rho.h \ field.h ec.h ec-exp.h ec-test.h ectab.h ec-keys.h ec-raw.h \ @@ -564,7 +309,8 @@ man_MANS = key.1 hashsum.1 keyring.5 pixie.1 ## --- Other handy definitions --- EXTRA_DIST = \ - Makefile.m4 genmodes gengctab $(man_MANS) xpixie group-test.c \ + Makefile.m4 genmodes gengctab $(man_MANS) xpixie \ + group-test.c rsa-test.c \ ectab.in ec-gentab.awk ptab.in p-gentab.awk \ README.cipher README.hash README.random README.mp \ debian/rules debian/copyright debian/control debian/changelog \ @@ -606,7 +352,6 @@ adorn(`nl`'CTESTRIG(', `hashes', `)') adorn(`nl`'CTESTRIG(', join(`ciphers', `-', `cipher_modes'), `)') adorn(`nl`'CTESTRIG(', join(`hashes', `-', `hash_modes'), `)') CTESTRIG(lcrand) -CTESTRIG(oaep) CTESTRIG(tlsprf) CTESTRIG(sslprf) CTESTRIG(mpx) @@ -628,6 +373,7 @@ CTESTRIG(mpmont-mexp) CTESTRIG(mpreduce) CTESTRIG(mpcrt) CTESTRIG(mpmul) +CTESTRIG(rsa-test) CTESTRIG(gfx) CTESTRIG(gfx-sqr) CTESTRIG(gfx-kmul) diff --git a/acconfig.h b/acconfig.h index a9f37374..5ad9adcf 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: acconfig.h,v 1.3 2000/06/17 12:57:46 mdw Exp $ + * $Id: acconfig.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Configuration header for Catacomb * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: acconfig.h,v $ - * Revision 1.3 2000/06/17 12:57:46 mdw - * New free counter noise generator, for use if /dev/random is - * unavailable. - * - * Revision 1.2 1999/12/10 23:30:08 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - #ifndef CATACOMB_ACCONFIG_H #define CATACOMB_ACCONFIG_H diff --git a/arena.c b/arena.c index 947a8a2f..f4c94d82 100644 --- a/arena.c +++ b/arena.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: arena.c,v 1.1 2000/06/17 10:40:10 mdw Exp $ + * $Id: arena.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Abstraction for memory allocation arenas * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: arena.c,v $ - * Revision 1.1 2000/06/17 10:40:10 mdw - * Support for secure memory arenas. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/arena.h b/arena.h index ae1bf2a4..08d004e7 100644 --- a/arena.h +++ b/arena.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: arena.h,v 1.1 2000/06/17 10:40:10 mdw Exp $ + * $Id: arena.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Abstraction for memory allocation arenas * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: arena.h,v $ - * Revision 1.1 2000/06/17 10:40:10 mdw - * Support for secure memory arenas. - * - */ - #ifndef CATACOMB_ARENA_H #define CATACOMB_ARENA_H diff --git a/bbs-fetch.c b/bbs-fetch.c index e0597a0b..20eee081 100644 --- a/bbs-fetch.c +++ b/bbs-fetch.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: bbs-fetch.c,v 1.2 2000/07/01 11:19:22 mdw Exp $ + * $Id: bbs-fetch.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Key fetching for BBS public and private keys * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bbs-fetch.c,v $ - * Revision 1.2 2000/07/01 11:19:22 mdw - * New functions for freeing public and private keys. - * - * Revision 1.1 2000/06/17 10:41:45 mdw - * Table for driving key data extraction. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "bbs.h" diff --git a/bbs-gen.c b/bbs-gen.c index c90ee401..9afa245f 100644 --- a/bbs-gen.c +++ b/bbs-gen.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: bbs-gen.c,v 1.5 2000/07/01 11:20:36 mdw Exp $ + * $Id: bbs-gen.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Generate Blum integers * @@ -27,26 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bbs-gen.c,v $ - * Revision 1.5 2000/07/01 11:20:36 mdw - * Remove bad type name `bbs_param'. - * - * Revision 1.4 2000/06/17 10:43:57 mdw - * Move GCD filter to separate file. Handle failures from pgen_jump. - * - * Revision 1.3 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.2 1999/12/22 15:52:28 mdw - * Reworking for new prime-search system. - * - * Revision 1.1 1999/12/10 23:14:59 mdw - * Blum-Blum-Shub generator, and Blum-Goldwasser encryption. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/bbs-jump.c b/bbs-jump.c index 428915df..135d0488 100644 --- a/bbs-jump.c +++ b/bbs-jump.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: bbs-jump.c,v 1.4 2000/07/01 11:20:36 mdw Exp $ + * $Id: bbs-jump.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Jumping around a BBS sequence * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bbs-jump.c,v $ - * Revision 1.4 2000/07/01 11:20:36 mdw - * Remove bad type name `bbs_param'. - * - * Revision 1.3 2000/06/17 10:44:17 mdw - * Typesetting fix. - * - * Revision 1.2 1999/12/22 15:52:08 mdw - * Rename `bbs_params' to `bbs_param' for consistency. - * - * Revision 1.1 1999/12/10 23:14:59 mdw - * Blum-Blum-Shub generator, and Blum-Goldwasser encryption. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "bbs.h" diff --git a/bbs-rand.c b/bbs-rand.c index abe1e729..3d2563a6 100644 --- a/bbs-rand.c +++ b/bbs-rand.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: bbs-rand.c,v 1.4 2001/02/03 12:00:29 mdw Exp $ + * $Id: bbs-rand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Blum-Blum-Shub secure random number generator * @@ -27,25 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bbs-rand.c,v $ - * Revision 1.4 2001/02/03 12:00:29 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.3 2000/06/17 10:45:21 mdw - * Typesetting fixes. Advertise random number generator strength. Use - * secure arena for memory allocation. - * - * Revision 1.2 1999/12/13 15:34:01 mdw - * Add support for seeding from a generic pseudorandom source. - * - * Revision 1.1 1999/12/10 23:14:59 mdw - * Blum-Blum-Shub generator, and Blum-Goldwasser encryption. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/bbs.h b/bbs.h index b83b87f4..7c9cbda4 100644 --- a/bbs.h +++ b/bbs.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: bbs.h,v 1.6 2001/02/03 16:07:33 mdw Exp $ + * $Id: bbs.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * The Blum-Blum-Shub random bit generator * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bbs.h,v $ - * Revision 1.6 2001/02/03 16:07:33 mdw - * Give generic random objects separate namespaces for their supported misc - * ops. - * - * Revision 1.5 2000/07/01 11:20:24 mdw - * New functions for freeing public and private keys. Remove bad type name - * `bbs_param'. - * - * Revision 1.4 2000/06/17 10:45:48 mdw - * Minor changes for key fetching. Typesetting fixes. - * - * Revision 1.3 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.2 1999/12/22 15:52:08 mdw - * Rename `bbs_params' to `bbs_param' for consistency. - * - * Revision 1.1 1999/12/10 23:14:59 mdw - * Blum-Blum-Shub generator, and Blum-Goldwasser encryption. - * - */ - /*----- Notes on the BBS generator ----------------------------------------* * * The Blum-Blum-Shub generator takes the least significant bits from the diff --git a/bitops.h b/bitops.h index 5b91ce36..f6668bc8 100644 --- a/bitops.h +++ b/bitops.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: bitops.h,v 1.1 2002/10/19 17:56:50 mdw Exp $ + * $Id: bitops.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Bit operations by truth table * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bitops.h,v $ - * Revision 1.1 2002/10/19 17:56:50 mdw - * Fix bit operations. Test them (a bit) better. - * - */ - #ifndef CATACOMB_BITOPS_H #define CATACOMB_BITOPS_H diff --git a/bittest.c b/bittest.c index 54bc6d5b..b246d7a2 100644 --- a/bittest.c +++ b/bittest.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: bittest.c,v 1.1 2002/10/19 17:56:50 mdw Exp $ + * $Id: bittest.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Check the bit operations work * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: bittest.c,v $ - * Revision 1.1 2002/10/19 17:56:50 mdw - * Fix bit operations. Test them (a bit) better. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/blkc.h b/blkc.h index 5a7d3ecd..dfbd4f7c 100644 --- a/blkc.h +++ b/blkc.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: blkc.h,v 1.6 2004/04/02 01:03:49 mdw Exp $ + * $Id: blkc.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Common definitions for block ciphers * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: blkc.h,v $ - * Revision 1.6 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.5 2001/05/07 17:28:42 mdw - * Support block ciphers with larger blocks. - * - * Revision 1.4 2001/04/29 17:39:15 mdw - * Removed `-sched' tests. Reorganized so that we can theoretically have - * multiple tests in the same file. (This isn't so useful in production, - * but it's handy when doing test builds.) - * - * Revision 1.3 2000/06/17 10:47:06 mdw - * Slight support for 96-bit ciphers. Support for counter-mode ciphers. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - #ifndef CATACOMB_BLKC_H #define CATACOMB_BLKC_H diff --git a/blowfish-mktab.c b/blowfish-mktab.c index 763703ab..37a9b530 100644 --- a/blowfish-mktab.c +++ b/blowfish-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: blowfish-mktab.c,v 1.2 2000/07/16 12:33:11 mdw Exp $ + * $Id: blowfish-mktab.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Build Blowfish key table * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: blowfish-mktab.c,v $ - * Revision 1.2 2000/07/16 12:33:11 mdw - * Shut stupid compiler up. - * - * Revision 1.1 2000/06/17 10:47:28 mdw - * Emits Blowfish initial key data, derived from the digits of pi. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/blowfish.c b/blowfish.c index c57ebb20..56f25c76 100644 --- a/blowfish.c +++ b/blowfish.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: blowfish.c,v 1.3 2004/04/02 01:03:49 mdw Exp $ + * $Id: blowfish.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The Blowfish block cipher * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: blowfish.c,v $ - * Revision 1.3 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.2 2000/06/17 10:47:56 mdw - * Tidy round function a little. Support new key size interface. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/blowfish.h b/blowfish.h index c8c04443..3f44404b 100644 --- a/blowfish.h +++ b/blowfish.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: blowfish.h,v 1.3 2000/06/17 10:48:13 mdw Exp $ + * $Id: blowfish.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The Blowfish block cipher * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: blowfish.h,v $ - * Revision 1.3 2000/06/17 10:48:13 mdw - * Support new key size interface. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - /*----- Notes on the Blowfish block cipher --------------------------------* * * Blowfish was invented by Bruce Schneier. The algorithm is unpatented and diff --git a/buf.c b/buf.c index b4cbb719..3a093657 100644 --- a/buf.c +++ b/buf.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: buf.c,v 1.3 2004/04/01 12:50:09 mdw Exp $ + * $Id: buf.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Buffer handling * @@ -27,37 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: buf.c,v $ - * Revision 1.3 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.2 2003/11/10 22:18:30 mdw - * Build fixes. - * - * Revision 1.1 2003/10/11 21:02:33 mdw - * Import buf stuff from tripe. - * - * Revision 1.4 2001/06/19 22:09:54 mdw - * Expose interface, for use in the proxy. - * - * Revision 1.3 2001/03/03 12:06:48 mdw - * Use 16-bit lengths on MPs, since there's a packet limit of 64K anyway. - * - * Revision 1.2 2001/02/16 21:23:20 mdw - * Various minor changes. Check that MPs are in canonical form when - * loading. - * - * Revision 1.1 2001/02/03 20:26:37 mdw - * Initial checkin. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/buf.h b/buf.h index 6307c267..a83985ce 100644 --- a/buf.h +++ b/buf.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: buf.h,v 1.3 2004/04/01 12:50:09 mdw Exp $ + * $Id: buf.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Reading and writing packet buffers * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: buf.h,v $ - * Revision 1.3 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.2 2003/11/10 22:18:30 mdw - * Build fixes. - * - * Revision 1.1 2003/10/11 21:02:33 mdw - * Import buf stuff from tripe. - * - * Revision 1.1 2001/06/19 22:09:54 mdw - * Expose interface, for use in the proxy. - * - */ - #ifndef CATACOMB_BUF_H #define CATACOMB_BUF_H diff --git a/calc/ec2.cal b/calc/ec2.cal index 9159f54a..325914b9 100644 --- a/calc/ec2.cal +++ b/calc/ec2.cal @@ -1,6 +1,6 @@ /* -*-apcalc-*- * - * $Id: ec2.cal,v 1.3 2004/04/01 12:50:27 mdw Exp $ + * $Id: ec2.cal,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Testbed for elliptic curve arithmetic over binary fields * @@ -27,29 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec2.cal,v $ - * Revision 1.3 2004/04/01 12:50:27 mdw - * Remove debugging code. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.1.4.2 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.1.4.1 2003/06/10 13:43:53 mdw - * Simple (non-projective) curves over prime fields now seem to work. - * - * Revision 1.1 2000/10/08 16:01:37 mdw - * Prototypes of various bits of code. - * - */ - /*----- Object types ------------------------------------------------------*/ obj ec2_curve { a, b, p }; diff --git a/calc/ecp.cal b/calc/ecp.cal index 10ed9e47..0163d5e3 100644 --- a/calc/ecp.cal +++ b/calc/ecp.cal @@ -1,6 +1,6 @@ /* -*-apcalc-*- * - * $Id: ecp.cal,v 1.4 2004/04/01 13:37:07 mdw Exp $ + * $Id: ecp.cal,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Testbed for elliptic curve arithmetic over prime fields * @@ -27,29 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ecp.cal,v $ - * Revision 1.4 2004/04/01 13:37:07 mdw - * Keep numbers positive. - * - * Revision 1.3 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.2 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.1.4.1 2003/06/10 13:43:53 mdw - * Simple (non-projective) curves over prime fields now seem to work. - * - * Revision 1.1 2000/10/08 16:01:37 mdw - * Prototypes of various bits of code. - * - */ - /*----- Object types ------------------------------------------------------*/ obj ecp_curve { a, b, p }; diff --git a/calc/gfx-test.cal b/calc/gfx-test.cal index 4bdee421..25846ef7 100644 --- a/calc/gfx-test.cal +++ b/calc/gfx-test.cal @@ -1,6 +1,6 @@ /* -*-apcalc-*- * - * $Id: gfx-test.cal,v 1.1 2000/10/08 16:01:37 mdw Exp $ + * $Id: gfx-test.cal,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generate test cases for %$\gf{2}[x]$% arithmetic * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfx-test.cal,v $ - * Revision 1.1 2000/10/08 16:01:37 mdw - * Prototypes of various bits of code. - * - */ - /*----- External units ----------------------------------------------------*/ read gfx; diff --git a/calc/gfx.cal b/calc/gfx.cal index 446061ed..45f534be 100644 --- a/calc/gfx.cal +++ b/calc/gfx.cal @@ -1,6 +1,6 @@ /* -*-apcalc-*- * - * $Id: gfx.cal,v 1.2 2004/03/21 22:52:06 mdw Exp $ + * $Id: gfx.cal,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Testbed for %$\gf{2}$% poltnomial arithmetic * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfx.cal,v $ - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.1 2000/10/08 16:01:37 mdw - * Prototypes of various bits of code. - * - */ - /*----- Object types ------------------------------------------------------*/ obj gf { x }; diff --git a/cast-base.h b/cast-base.h index 387b95ab..02f93b60 100644 --- a/cast-base.h +++ b/cast-base.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast-base.h,v 1.2 2004/04/02 01:03:49 mdw Exp $ + * $Id: cast-base.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Basic macros and definitions for CAST-128 and CAST-256 * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast-base.h,v $ - * Revision 1.2 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.1 2000/06/17 10:48:29 mdw - * CAST round function macros. - * - */ - #ifndef CATACOMB_CAST_BASE_H #define CATACOMB_CAST_BASE_H diff --git a/cast-s.c b/cast-s.c index 2bd3e288..541bfebe 100644 --- a/cast-s.c +++ b/cast-s.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast-s.c,v 1.2 2004/04/02 01:03:49 mdw Exp $ + * $Id: cast-s.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Basic S-boxes for CAST-128 and CAST-256 * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast-s.c,v $ - * Revision 1.2 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.1 2000/06/17 10:48:52 mdw - * CAST S-boxes. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/cast-sk.c b/cast-sk.c index 98174a36..bdc74fe2 100644 --- a/cast-sk.c +++ b/cast-sk.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast-sk.c,v 1.2 2004/04/02 01:03:49 mdw Exp $ + * $Id: cast-sk.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Key-schedule S-boxes for CAST-128 * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast-sk.c,v $ - * Revision 1.2 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.1 2000/06/17 10:48:52 mdw - * CAST S-boxes. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/cast-tab.h b/cast-tab.h index e9f721bb..b6797bf6 100644 --- a/cast-tab.h +++ b/cast-tab.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast-tab.h,v 1.1 2000/06/17 10:49:05 mdw Exp $ + * $Id: cast-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * S-boxes for CAST-128 and CAST-256 * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast-tab.h,v $ - * Revision 1.1 2000/06/17 10:49:05 mdw - * CAST S-box contents. - * - */ - #ifndef CATACOMB_CAST_TAB_H #define CATACOMB_CAST_TAB_H diff --git a/cast128.c b/cast128.c index b985da2e..1032b275 100644 --- a/cast128.c +++ b/cast128.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast128.c,v 1.1 2000/06/17 10:49:14 mdw Exp $ + * $Id: cast128.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The CAST-128 block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast128.c,v $ - * Revision 1.1 2000/06/17 10:49:14 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/cast128.h b/cast128.h index 8d8aa33d..cf027b2e 100644 --- a/cast128.h +++ b/cast128.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast128.h,v 1.1 2000/06/17 10:49:14 mdw Exp $ + * $Id: cast128.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The CAST-128 block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast128.h,v $ - * Revision 1.1 2000/06/17 10:49:14 mdw - * New cipher. - * - */ - /*----- Notes on the CAST-128 block cipher --------------------------------* * * CAST, designed by Carlisle Adams and Stafford Tavares, is a method for diff --git a/cast256.c b/cast256.c index df8ac388..be06c9e3 100644 --- a/cast256.c +++ b/cast256.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast256.c,v 1.1 2000/06/17 10:49:14 mdw Exp $ + * $Id: cast256.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The CAST-256 block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast256.c,v $ - * Revision 1.1 2000/06/17 10:49:14 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/cast256.h b/cast256.h index d22e1ea3..018550c5 100644 --- a/cast256.h +++ b/cast256.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cast256.h,v 1.1 2000/06/17 10:49:14 mdw Exp $ + * $Id: cast256.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The CAST-128 block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cast256.h,v $ - * Revision 1.1 2000/06/17 10:49:14 mdw - * New cipher. - * - */ - /*----- Notes on the CAST-256 block cipher --------------------------------* * * CAST, designed by Carlisle Adams and Stafford Tavares, is a method for diff --git a/catacomb-config.in b/catacomb-config.in index dbcd6912..8b460e0c 100755 --- a/catacomb-config.in +++ b/catacomb-config.in @@ -1,6 +1,6 @@ #! /bin/sh # -# $Id: catacomb-config.in,v 1.1 1999/11/11 17:38:31 mdw Exp $ +# $Id: catacomb-config.in,v 1.2 2004/04/08 01:36:15 mdw Exp $ # # Provide configuration information for Catacomb clients # @@ -26,13 +26,6 @@ # Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, # MA 02111-1307, USA. -#----- Revision history ----------------------------------------------------- -# -# $Log: catacomb-config.in,v $ -# Revision 1.1 1999/11/11 17:38:31 mdw -# New library configuration system. -# - #----- Configuration -------------------------------------------------------- prefix=@prefix@ diff --git a/cbc-def.h b/cbc-def.h index 5b89ab19..c0fc6009 100644 --- a/cbc-def.h +++ b/cbc-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cbc-def.h,v 1.4 2004/04/02 01:03:49 mdw Exp $ + * $Id: cbc-def.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Definitions for cipher block chaining mode * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cbc-def.h,v $ - * Revision 1.4 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.3 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.2 2000/06/17 10:49:52 mdw - * Use secure arena for memory allocation. - * - * Revision 1.1 1999/12/10 23:16:39 mdw - * Split mode macros into interface and implementation. - * - */ - #ifndef CATACOMB_CBC_DEF_H #define CATACOMB_CBC_DEF_H diff --git a/cbc.h b/cbc.h index 2f0e9232..1b51009a 100644 --- a/cbc.h +++ b/cbc.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cbc.h,v 1.3 2001/06/17 00:10:51 mdw Exp $ + * $Id: cbc.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Ciphertext block chaining for block ciphers * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cbc.h,v $ - * Revision 1.3 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.2 1999/12/10 23:16:39 mdw - * Split mode macros into interface and implementation. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - #ifndef CATACOMB_CBC_H #define CATACOMB_CBC_H diff --git a/cfb-def.h b/cfb-def.h index 1d983f31..647aa261 100644 --- a/cfb-def.h +++ b/cfb-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cfb-def.h,v 1.4 2004/04/02 01:03:49 mdw Exp $ + * $Id: cfb-def.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Definitions for ciphertext feedback mode * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cfb-def.h,v $ - * Revision 1.4 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.3 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.2 2000/06/17 10:50:39 mdw - * Use secure arena for memory allocation. Rearrange setiv slightly. - * - * Revision 1.1 1999/12/10 23:16:39 mdw - * Split mode macros into interface and implementation. - * - */ - #ifndef CATACOMB_CFB_DEF_H #define CATACOMB_CFB_DEF_H diff --git a/cfb.h b/cfb.h index d6ce6a8e..16885b77 100644 --- a/cfb.h +++ b/cfb.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: cfb.h,v 1.4 2001/06/17 00:10:51 mdw Exp $ + * $Id: cfb.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Ciphertext feedback for block ciphers * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: cfb.h,v $ - * Revision 1.4 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.3 2000/06/17 10:50:55 mdw - * Change buffer offset to be unsigned. - * - * Revision 1.2 1999/12/10 23:16:39 mdw - * Split mode macros into interface and implementation. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - #ifndef CATACOMB_CFB_H #define CATACOMB_CFB_H diff --git a/configure.in b/configure.in index 7e2245d9..f7761b77 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl -*-m4-*- dnl -dnl $Id: configure.in,v 1.27 2004/03/21 22:52:06 mdw Exp $ +dnl $Id: configure.in,v 1.28 2004/04/08 01:36:15 mdw Exp $ dnl dnl Autoconfiguration for Catacomb dnl @@ -26,67 +26,6 @@ dnl License along with Catacomb; if not, write to the Free dnl Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, dnl MA 02111-1307, USA. -dnl ----- Revision history -------------------------------------------------- -dnl -dnl $Log: configure.in,v $ -dnl Revision 1.27 2004/03/21 22:52:06 mdw -dnl Merge and close elliptic curve branch. -dnl -dnl Revision 1.24.2.1 2003/06/10 13:43:53 mdw -dnl Simple (non-projective) curves over prime fields now seem to work. -dnl -dnl Revision 1.26 2003/11/29 23:39:36 mdw -dnl Debianization. -dnl -dnl Revision 1.25 2003/10/11 21:02:33 mdw -dnl Import buf stuff from tripe. -dnl -dnl Revision 1.24 2003/05/16 00:30:28 mdw -dnl Version bump. -dnl -dnl Revision 1.23 2001/03/04 13:09:40 mdw -dnl Mark dependency on mLib 2.0.0pre4 now. -dnl -dnl Revision 1.21 2000/10/08 12:01:28 mdw -dnl Reinstate the `-pedantic' option. -dnl -dnl Revision 1.20 2000/08/15 21:45:25 mdw -dnl New library configuration stuff from `common'. -dnl -dnl Revision 1.13 2000/06/17 13:51:03 mdw -dnl Whoops. Too eager with the mLib version. -dnl -dnl Revision 1.12 2000/06/17 12:57:47 mdw -dnl New free counter noise generator, for use if /dev/random is -dnl unavailable. -dnl -dnl Revision 1.11 2000/06/17 10:51:23 mdw -dnl Version number changes. Find maths library for Maurer's test. -dnl -dnl Revision 1.10 1999/12/22 16:03:31 mdw -dnl New mLib version. Find socket functions for pixie. -dnl -dnl Revision 1.7 1999/11/13 01:55:48 mdw -dnl Don't be pedantic, because using `long long' as a multiprecision type -dnl gets complained about. -dnl -dnl Revision 1.6 1999/11/11 18:56:14 mdw -dnl Use `libtool' to generate a shared library. -dnl -dnl Revision 1.5 1999/11/11 17:47:34 mdw -dnl Updates for new configuration system, and `mptypes' generator. -dnl -dnl Revision 1.4 1999/11/11 00:58:19 mdw -dnl Use canned check for `ssize_t'. -dnl -dnl Revision 1.3 1999/10/24 10:20:36 mdw -dnl Modify for standalone distribution. The library's getting far too large -dnl to be sensibly embedded in other programs. -dnl -dnl Revision 1.1 1999/09/03 08:41:11 mdw -dnl Initial import. -dnl - dnl --- Boring boilerplate --- AC_INIT(blkc.h) diff --git a/counter-def.h b/counter-def.h index e9ee952f..315e1c18 100644 --- a/counter-def.h +++ b/counter-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: counter-def.h,v 1.3 2004/04/02 01:03:49 mdw Exp $ + * $Id: counter-def.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Block cipher counter mode (or long cycle mode) * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: counter-def.h,v $ - * Revision 1.3 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.2 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.1 2000/06/17 10:51:42 mdw - * Counter mode ciphers and pseudo-random generator. - * - */ - #ifndef CATACOMB_COUNTER_DEF_H #define CATACOMB_COUNTER_DEF_H diff --git a/counter.h b/counter.h index d720c999..ac497960 100644 --- a/counter.h +++ b/counter.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: counter.h,v 1.3 2002/01/13 13:43:35 mdw Exp $ + * $Id: counter.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Block cipher counter mode (or long cycle mode) * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: counter.h,v $ - * Revision 1.3 2002/01/13 13:43:35 mdw - * Indentation fix. - * - * Revision 1.2 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.1 2000/06/17 10:51:42 mdw - * Counter mode ciphers and pseudo-random generator. - * - */ - #ifndef CATACOMB_COUNTER_H #define CATACOMB_COUNTER_H diff --git a/crc32.c b/crc32.c index 7077fa6f..f6590aae 100644 --- a/crc32.c +++ b/crc32.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: crc32.c,v 1.2 2004/03/21 23:52:58 mdw Exp $ + * $Id: crc32.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Generic hash wrapper for CRC32 * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: crc32.c,v $ - * Revision 1.2 2004/03/21 23:52:58 mdw - * Ooops, how did that slip by? Fix return type of @ghcopy@. - * - * Revision 1.1 2001/04/19 18:26:32 mdw - * Add CRC as another hash function. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/crc32.h b/crc32.h index cb079439..86eef42b 100644 --- a/crc32.h +++ b/crc32.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: crc32.h,v 1.1 2001/04/19 18:26:32 mdw Exp $ + * $Id: crc32.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generic hash wrapper for CRC32 * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: crc32.h,v $ - * Revision 1.1 2001/04/19 18:26:32 mdw - * Add CRC as another hash function. - * - */ - #ifndef CATACOMB_CRC32_H #define CATACOMB_CRC32_H diff --git a/daftstory.h b/daftstory.h index c4b1bad5..055eba24 100644 --- a/daftstory.h +++ b/daftstory.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: daftstory.h,v 1.3 1999/12/10 23:29:48 mdw Exp $ + * $Id: daftstory.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Daft story for use in test encryptions * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: daftstory.h,v $ - * Revision 1.3 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.2 1999/11/11 00:58:38 mdw - * Use fewer copies of the silly story to improve performance. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - #ifndef CATACOMB_DAFTSTORY_H #define CATACOMB_DAFTSTORY_H diff --git a/des-base.c b/des-base.c index c42d03c5..7619a344 100644 --- a/des-base.c +++ b/des-base.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: des-base.c,v 1.3 2004/04/02 01:03:49 mdw Exp $ + * $Id: des-base.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Common features for DES implementation * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: des-base.c,v $ - * Revision 1.3 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.2 2000/06/17 10:52:01 mdw - * Change name for S-box header file. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/des-base.h b/des-base.h index 2f067546..086c68e8 100644 --- a/des-base.h +++ b/des-base.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: des-base.h,v 1.3 2004/04/02 01:03:49 mdw Exp $ + * $Id: des-base.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Common features for DES implementation * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: des-base.h,v $ - * Revision 1.3 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - #ifndef CATACOMB_DES_BASE_H #define CATACOMB_DES_BASE_H diff --git a/des-mktab.c b/des-mktab.c index a4914b2a..e41e372f 100644 --- a/des-mktab.c +++ b/des-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: des-mktab.c,v 1.4 2000/10/08 12:12:23 mdw Exp $ + * $Id: des-mktab.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Build combined S-P tables for DES * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: des-mktab.c,v $ - * Revision 1.4 2000/10/08 12:12:23 mdw - * Improve @const@-correctness. - * - * Revision 1.3 2000/06/17 10:52:14 mdw - * Change name for S-box header file. - * - * Revision 1.2 1999/12/22 16:02:30 mdw - * Output the table with the correct new header guard names. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/des.c b/des.c index d48637b8..822a12f3 100644 --- a/des.c +++ b/des.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: des.c,v 1.2 2000/06/17 10:52:32 mdw Exp $ + * $Id: des.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Data Encryption Standard * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: des.c,v $ - * Revision 1.2 2000/06/17 10:52:32 mdw - * Support new key size interface. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/des.h b/des.h index d62d72ce..b24037b1 100644 --- a/des.h +++ b/des.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: des.h,v 1.3 2000/06/17 10:52:32 mdw Exp $ + * $Id: des.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The Data Encryption Standard * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: des.h,v $ - * Revision 1.3 2000/06/17 10:52:32 mdw - * Support new key size interface. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - /*----- Notes on the Data Encryption Standard -----------------------------* * * Almost twenty years after it was first accepted, DES is still the standard diff --git a/des3.c b/des3.c index 61d96c39..1b08d2e5 100644 --- a/des3.c +++ b/des3.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: des3.c,v 1.2 2000/06/17 10:52:32 mdw Exp $ + * $Id: des3.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Implementation of double- and triple-DES * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: des3.c,v $ - * Revision 1.2 2000/06/17 10:52:32 mdw - * Support new key size interface. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/des3.h b/des3.h index 0a276f30..0e08f26c 100644 --- a/des3.h +++ b/des3.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: des3.h,v 1.3 2000/06/17 10:52:32 mdw Exp $ + * $Id: des3.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Implementation of double- and triple-DES * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: des3.h,v $ - * Revision 1.3 2000/06/17 10:52:32 mdw - * Support new key size interface. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:11 mdw - * Initial import. - * - */ - #ifndef CATACOMB_DES3_H #define CATACOMB_DES3_H diff --git a/desx-tab.h b/desx-tab.h index 119928d4..20504430 100644 --- a/desx-tab.h +++ b/desx-tab.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: desx-tab.h,v 1.1 2001/04/03 19:36:50 mdw Exp $ + * $Id: desx-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Tables for DESX * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: desx-tab.h,v $ - * Revision 1.1 2001/04/03 19:36:50 mdw - * New block cipher DESX added. - * - */ - #ifndef CATACOMB_DESX_TAB_H #define CATACOMB_DESX_TAB_H diff --git a/desx.c b/desx.c index 060815da..6c513f34 100644 --- a/desx.c +++ b/desx.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: desx.c,v 1.2 2004/04/02 01:03:49 mdw Exp $ + * $Id: desx.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Implementation of DESX * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: desx.c,v $ - * Revision 1.2 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.1 2001/04/03 19:36:50 mdw - * New block cipher DESX added. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/desx.h b/desx.h index f6129d85..5b9ab96f 100644 --- a/desx.h +++ b/desx.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: desx.h,v 1.1 2001/04/03 19:36:50 mdw Exp $ + * $Id: desx.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The DESX algorithm * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: desx.h,v $ - * Revision 1.1 2001/04/03 19:36:50 mdw - * New block cipher DESX added. - * - */ - /*----- Notes on DESX -----------------------------------------------------* * * DESX was designed by Ron Rivest in 1986 as a simple and cheap way to diff --git a/dh-check.c b/dh-check.c index f9317f51..13320a6a 100644 --- a/dh-check.c +++ b/dh-check.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dh-check.c,v 1.2 2001/06/16 12:56:38 mdw Exp $ + * $Id: dh-check.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Checks Diffie-Hellman group parameters * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dh-check.c,v $ - * Revision 1.2 2001/06/16 12:56:38 mdw - * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@. - * - * Revision 1.1 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/dh-fetch.c b/dh-fetch.c index 2f251227..5f5c74d5 100644 --- a/dh-fetch.c +++ b/dh-fetch.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dh-fetch.c,v 1.2 2000/07/01 11:19:22 mdw Exp $ + * $Id: dh-fetch.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Key fetching for Diffie-Hellman public and private keys * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dh-fetch.c,v $ - * Revision 1.2 2000/07/01 11:19:22 mdw - * New functions for freeing public and private keys. - * - * Revision 1.1 2000/06/17 10:41:45 mdw - * Table for driving key data extraction. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "dh.h" diff --git a/dh-gen.c b/dh-gen.c index 1a7ebc6f..6e77ea73 100644 --- a/dh-gen.c +++ b/dh-gen.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dh-gen.c,v 1.2 2000/07/29 10:01:58 mdw Exp $ + * $Id: dh-gen.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Generate Diffie-Hellman parameters * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dh-gen.c,v $ - * Revision 1.2 2000/07/29 10:01:58 mdw - * Track change in primitive-element generation. - * - * Revision 1.1 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - */ - /*----- Header files ------------------------------------------------------*/ #include "dh.h" diff --git a/dh-limlee.c b/dh-limlee.c index 20276177..dd11d267 100644 --- a/dh-limlee.c +++ b/dh-limlee.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dh-limlee.c,v 1.2 2000/07/29 17:02:00 mdw Exp $ + * $Id: dh-limlee.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Generate Diffie-Hellman parameters from Lim-Lee primes * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dh-limlee.c,v $ - * Revision 1.2 2000/07/29 17:02:00 mdw - * (dh_limlee): Bug fix. Return @dp->q@ as the subgroup order, which isn't - * necessarily the first factor. - * - * Revision 1.1 2000/07/29 10:01:31 mdw - * Diffie-Hellman parameter generation based on Lim-Lee primes. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "dh.h" diff --git a/dh-param.c b/dh-param.c index 66bee09c..2e31c83b 100644 --- a/dh-param.c +++ b/dh-param.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dh-param.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: dh-param.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Reading Diffie-Hellman parameters * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dh-param.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "dh.h" diff --git a/dh.h b/dh.h index 56dbf0ab..5fcb611f 100644 --- a/dh.h +++ b/dh.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dh.h,v 1.8 2004/04/01 12:50:09 mdw Exp $ + * $Id: dh.h,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Diffie-Hellman and related public-key systems * @@ -27,34 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dh.h,v $ - * Revision 1.8 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.7 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - * Revision 1.6 2000/07/29 10:01:16 mdw - * Supply commentry for the Diffie-Hellman parameters. Add Lim-Lee - * parameter generation. - * - * Revision 1.5 2000/07/01 11:20:51 mdw - * New functions for freeing public and private keys. - * - * Revision 1.4 2000/06/17 10:52:47 mdw - * Minor changes for key fetching. - * - * Revision 1.3 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - */ - #ifndef CATACOMB_DH_H #define CATACOMB_DH_H diff --git a/dsa-check.c b/dsa-check.c index 88a5686e..5e04b253 100644 --- a/dsa-check.c +++ b/dsa-check.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsa-check.c,v 1.1 2001/02/03 16:08:24 mdw Exp $ + * $Id: dsa-check.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Consistency checking for DSA keys * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsa-check.c,v $ - * Revision 1.1 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "dh.h" diff --git a/dsa-gen.c b/dsa-gen.c index cd475bcf..482d2400 100644 --- a/dsa-gen.c +++ b/dsa-gen.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsa-gen.c,v 1.9 2001/02/03 16:09:29 mdw Exp $ + * $Id: dsa-gen.c,v 1.10 2004/04/08 01:36:15 mdw Exp $ * * Generate DSA shared parameters * @@ -27,40 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsa-gen.c,v $ - * Revision 1.9 2001/02/03 16:09:29 mdw - * Allow the caller to fetch the parameter generation seed and counter. - * - * Revision 1.8 2000/10/08 12:12:47 mdw - * Use @MP_EQ@ instead of @MP_CMP@. Remove vestages of @primorial@. - * - * Revision 1.7 2000/08/15 21:45:05 mdw - * Use the new trial division equipment in pfilt. This gives a 10% - * performance improvement in dsa-gen.t. - * - * Revision 1.6 2000/07/29 10:00:14 mdw - * Rename `dsa_seed' to `dsa_gen' for consistency with other parameter- - * generation interfaces. - * - * Revision 1.5 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.4 1999/12/22 15:52:44 mdw - * Reworking for new prime-search system. - * - * Revision 1.3 1999/12/10 23:18:38 mdw - * Change interface for suggested destinations. - * - * Revision 1.2 1999/11/20 22:23:48 mdw - * Allow event handler to abort the search process. - * - * Revision 1.1 1999/11/19 19:28:00 mdw - * Implementation of the Digital Signature Algorithm. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/dsa-sign.c b/dsa-sign.c index 613a07e4..9bb4a5b6 100644 --- a/dsa-sign.c +++ b/dsa-sign.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsa-sign.c,v 1.2 1999/12/10 23:18:38 mdw Exp $ + * $Id: dsa-sign.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * DSA signing operation * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsa-sign.c,v $ - * Revision 1.2 1999/12/10 23:18:38 mdw - * Change interface for suggested destinations. - * - * Revision 1.1 1999/11/19 19:28:00 mdw - * Implementation of the Digital Signature Algorithm. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "dsa.h" @@ -64,7 +53,7 @@ void dsa_mksig(const dsa_param *dp, mp *a, mp *m, mp *k, mp **rr, mp **ss) { mpmont pm; mpbarrett qb; - mp *k1 = MP_NEW, *r; + mp *k1, *r; mp *ar; /* --- Compute %$r = (g^k \bmod p) \bmod q$% --- */ @@ -76,7 +65,7 @@ void dsa_mksig(const dsa_param *dp, mp *a, mp *m, mp *k, mp **rr, mp **ss) /* --- Compute %$k^{-1} \bmod q$% --- */ - mp_gcd(0, 0, &k1, dp->q, k); + k1 = mp_modinv(MP_NEW, k, dp->q); /* --- Now for %$k^{-1}(m + ar)$% --- */ diff --git a/dsa-verify.c b/dsa-verify.c index a39c11b7..dbab2dfc 100644 --- a/dsa-verify.c +++ b/dsa-verify.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsa-verify.c,v 1.6 2001/06/16 12:56:38 mdw Exp $ + * $Id: dsa-verify.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * DSA signature verification * @@ -27,29 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsa-verify.c,v $ - * Revision 1.6 2001/06/16 12:56:38 mdw - * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@. - * - * Revision 1.5 2000/10/08 12:13:17 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.4 2000/06/17 10:53:35 mdw - * Typesetting fixes. - * - * Revision 1.3 1999/12/10 23:18:38 mdw - * Change interface for suggested destinations. - * - * Revision 1.2 1999/11/23 00:20:04 mdw - * Remove stray debugging code. - * - * Revision 1.1 1999/11/19 19:28:00 mdw - * Implementation of the Digital Signature Algorithm. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "dsa.h" @@ -92,8 +69,7 @@ int dsa_vrfy(const dsa_param *dp, mp *y, mp *m, mp *r, mp *s) /* --- Compute %$w = s^{-1} \bmod q$% --- */ { - mp *z = MP_NEW; - mp_gcd(0, 0, &z, dp->q, s); + mp *z = mp_modinv(MP_NEW, s, dp->q); w = mpmont_mul(&qm, MP_NEW, z, qm.r2); mp_drop(z); } diff --git a/dsa.h b/dsa.h index ce7e7628..95bd156f 100644 --- a/dsa.h +++ b/dsa.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsa.h,v 1.8 2001/02/03 16:08:24 mdw Exp $ + * $Id: dsa.h,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Digital Signature Algorithm * @@ -27,35 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsa.h,v $ - * Revision 1.8 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - * Revision 1.7 2000/07/29 09:59:44 mdw - * Share data structures with Diffie-Hellman stuff. - * - * Revision 1.6 2000/07/01 11:20:51 mdw - * New functions for freeing public and private keys. - * - * Revision 1.5 2000/06/17 10:53:42 mdw - * Minor changes for key fetching. Typesetting fixes. - * - * Revision 1.4 1999/12/22 15:52:44 mdw - * Reworking for new prime-search system. - * - * Revision 1.3 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.2 1999/11/20 22:23:48 mdw - * Allow event handler to abort the search process. - * - * Revision 1.1 1999/11/19 19:28:00 mdw - * Implementation of the Digital Signature Algorithm. - * - */ - #ifndef CATACOMB_DSA_H #define CATACOMB_DSA_H diff --git a/dsarand.c b/dsarand.c index 4f12b980..ccb2c464 100644 --- a/dsarand.c +++ b/dsarand.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsarand.c,v 1.3 2001/02/03 16:08:56 mdw Exp $ + * $Id: dsarand.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Random number generator for DSA * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsarand.c,v $ - * Revision 1.3 2001/02/03 16:08:56 mdw - * Give generic random objects separate namespaces for their supported misc - * ops. Add operations for reading the current seed value. - * - * Revision 1.2 2000/06/17 10:54:00 mdw - * Typesetting fixes. Arena support. - * - * Revision 1.1 1999/12/22 15:53:12 mdw - * Random number generator for finding DSA parameters. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/dsarand.h b/dsarand.h index 4d36d6df..2d4ea09d 100644 --- a/dsarand.h +++ b/dsarand.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsarand.h,v 1.3 2001/02/03 16:08:56 mdw Exp $ + * $Id: dsarand.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Random number generator for DSA * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsarand.h,v $ - * Revision 1.3 2001/02/03 16:08:56 mdw - * Give generic random objects separate namespaces for their supported misc - * ops. Add operations for reading the current seed value. - * - * Revision 1.2 2000/06/17 10:54:14 mdw - * Typesetting fixes. - * - * Revision 1.1 1999/12/22 15:53:12 mdw - * Random number generator for finding DSA parameters. - * - */ - #ifndef CATACOMB_DSARAND_H #define CATACOMB_DSARAND_H diff --git a/dsig.c b/dsig.c index 030ad0af..6e624c69 100644 --- a/dsig.c +++ b/dsig.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsig.c,v 1.9 2004/04/08 01:02:15 mdw Exp $ + * $Id: dsig.c,v 1.10 2004/04/08 01:36:15 mdw Exp $ * * Verify signatures on distribuitions of files * @@ -27,42 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: dsig.c,v $ - * Revision 1.9 2004/04/08 01:02:15 mdw - * Incompatible change! Add new signature schemes. Key now implies - * algorithms (integrity checked by new fingerprinting rules), so don't put - * that stuff in the manifest. - * - * Revision 1.8 2004/04/04 19:42:59 mdw - * Add set -e. - * - * Revision 1.7 2001/02/23 09:04:17 mdw - * Add new hash functions. Provide full help for subcommands. Run the - * hash function over parts of the header in a canonical order. - * - * Revision 1.6 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.5 2000/10/08 12:12:09 mdw - * Shut up some warnings. - * - * Revision 1.4 2000/08/04 23:23:44 mdw - * Various fixes. - * - * Revision 1.3 2000/07/15 20:53:23 mdw - * More hash functions. Bug fix in getstring. - * - * Revision 1.2 2000/07/01 11:27:22 mdw - * Use new PKCS#1 padding functions rather than rolling by hand. - * - * Revision 1.1 2000/06/17 10:54:29 mdw - * Program to generate and verify signatures on multiple files. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/ec-bin.c b/ec-bin.c index 209e43af..30e19a98 100644 --- a/ec-bin.c +++ b/ec-bin.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-bin.c,v 1.8 2004/04/03 03:32:05 mdw Exp $ + * $Id: ec-bin.c,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Arithmetic for elliptic curves over binary fields * @@ -27,43 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-bin.c,v $ - * Revision 1.8 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.7 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.6 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.5 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.4 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.3 2004/03/22 02:19:09 mdw - * Rationalise the sliding-window threshold. Drop guarantee that right - * arguments to EC @add@ are canonical, and fix up projective implementations - * to cope. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/ec-exp.c b/ec-exp.c index 26953e70..edcf620e 100644 --- a/ec-exp.c +++ b/ec-exp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: ec-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Point multiplication for elliptic curves * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-exp.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "ec.h" diff --git a/ec-exp.h b/ec-exp.h index 93a576f1..fc08fe41 100644 --- a/ec-exp.h +++ b/ec-exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-exp.h,v 1.5 2004/04/03 03:32:05 mdw Exp $ + * $Id: ec-exp.h,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Exponentiation operations for elliptic curves * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-exp.h,v $ - * Revision 1.5 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.4 2004/03/22 02:19:10 mdw - * Rationalise the sliding-window threshold. Drop guarantee that right - * arguments to EC @add@ are canonical, and fix up projective implementations - * to cope. - * - * Revision 1.3 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.2.4.1 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.2 2003/05/15 23:25:59 mdw - * Make elliptic curve stuff build. - * - * Revision 1.1 2002/01/13 13:48:44 mdw - * Further progress. - * - */ - #ifndef CATACOMB_EC_EXP_H #define CATACOMB_EC_EXP_H diff --git a/ec-fetch.c b/ec-fetch.c index ed7faa7d..cce9d005 100644 --- a/ec-fetch.c +++ b/ec-fetch.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-fetch.c,v 1.1 2004/03/28 01:58:47 mdw Exp $ + * $Id: ec-fetch.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Key fetching for elliptic curve public and private keys * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-fetch.c,v $ - * Revision 1.1 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "ec-keys.h" diff --git a/ec-info.c b/ec-info.c index 0805c267..1a95cd26 100644 --- a/ec-info.c +++ b/ec-info.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-info.c,v 1.4 2004/04/03 03:32:05 mdw Exp $ + * $Id: ec-info.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Elliptic curve information management * @@ -27,29 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-info.c,v $ - * Revision 1.4 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.3 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.2 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.1 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "ec.h" diff --git a/ec-keys.h b/ec-keys.h index c7561e7f..7e25319b 100644 --- a/ec-keys.h +++ b/ec-keys.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-keys.h,v 1.2 2004/04/01 12:50:09 mdw Exp $ + * $Id: ec-keys.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Elliptic curve key-fetching * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-keys.h,v $ - * Revision 1.2 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.1 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - */ - #ifndef CATACOMB_EC_KEYS_H #define CATACOMB_EC_KEYS_H diff --git a/ec-prime.c b/ec-prime.c index 41ba9c41..8f3c7316 100644 --- a/ec-prime.c +++ b/ec-prime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-prime.c,v 1.10 2004/04/03 03:32:05 mdw Exp $ + * $Id: ec-prime.c,v 1.11 2004/04/08 01:36:15 mdw Exp $ * * Elliptic curves over prime fields * @@ -27,56 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-prime.c,v $ - * Revision 1.10 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.9 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.8 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.7 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - * Revision 1.6 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.5 2004/03/22 02:19:10 mdw - * Rationalise the sliding-window threshold. Drop guarantee that right - * arguments to EC @add@ are canonical, and fix up projective implementations - * to cope. - * - * Revision 1.4 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.3.4.3 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.3.4.2 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.3.4.1 2003/06/10 13:43:53 mdw - * Simple (non-projective) curves over prime fields now seem to work. - * - * Revision 1.3 2003/05/15 23:25:59 mdw - * Make elliptic curve stuff build. - * - * Revision 1.2 2002/01/13 13:48:44 mdw - * Further progress. - * - * Revision 1.1 2001/04/29 18:12:33 mdw - * Prototype version. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/ec-raw.c b/ec-raw.c index ad9b5831..4ec9f282 100644 --- a/ec-raw.c +++ b/ec-raw.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-raw.c,v 1.1 2004/04/04 19:04:11 mdw Exp $ + * $Id: ec-raw.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Raw formatting of elliptic curve points * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-raw.c,v $ - * Revision 1.1 2004/04/04 19:04:11 mdw - * Raw I/O of elliptic curve points and group elements. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "ec.h" diff --git a/ec-raw.h b/ec-raw.h index e0fde75f..822ab538 100644 --- a/ec-raw.h +++ b/ec-raw.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-raw.h,v 1.1 2004/04/04 19:04:11 mdw Exp $ + * $Id: ec-raw.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Raw formatting of elliptic curve points * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-raw.h,v $ - * Revision 1.1 2004/04/04 19:04:11 mdw - * Raw I/O of elliptic curve points and group elements. - * - */ - #ifndef CATACOMB_EC_RAW_H #define CATACOMB_EC_RAW_H diff --git a/ec-test.c b/ec-test.c index de01ad86..e83e3ee8 100644 --- a/ec-test.c +++ b/ec-test.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-test.c,v 1.5 2004/04/02 01:03:49 mdw Exp $ + * $Id: ec-test.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Code for testing elliptic-curve stuff * @@ -27,30 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-test.c,v $ - * Revision 1.5 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.4 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.3 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.2 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - * Revision 1.1 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/ec-test.h b/ec-test.h index a4ca0d7b..875ffc67 100644 --- a/ec-test.h +++ b/ec-test.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-test.h,v 1.1 2004/03/23 15:19:32 mdw Exp $ + * $Id: ec-test.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Elliptic curve test functions * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec-test.h,v $ - * Revision 1.1 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - */ - #ifndef CATACOMB_EC_TEST_H #define CATACOMB_EC_TEST_H diff --git a/ec.c b/ec.c index 9a929ca2..a84dd7a5 100644 --- a/ec.c +++ b/ec.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec.c,v 1.9 2004/04/01 21:28:41 mdw Exp $ + * $Id: ec.c,v 1.10 2004/04/08 01:36:15 mdw Exp $ * * Elliptic curve definitions * @@ -27,51 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec.c,v $ - * Revision 1.9 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.8 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.7 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.6 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.5 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.4.4.2 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.4.4.1 2003/06/10 13:43:53 mdw - * Simple (non-projective) curves over prime fields now seem to work. - * - * Revision 1.4 2003/05/15 23:25:59 mdw - * Make elliptic curve stuff build. - * - * Revision 1.3 2002/01/13 13:48:44 mdw - * Further progress. - * - * Revision 1.2 2001/05/07 17:29:44 mdw - * Treat projective coordinates as an internal representation. Various - * minor interface changes. - * - * Revision 1.1 2001/04/29 18:12:33 mdw - * Prototype version. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "ec.h" diff --git a/ec.h b/ec.h index 24bd6b20..bd71810c 100644 --- a/ec.h +++ b/ec.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec.h,v 1.10 2004/04/03 03:32:05 mdw Exp $ + * $Id: ec.h,v 1.11 2004/04/08 01:36:15 mdw Exp $ * * Elliptic curve definitions * @@ -27,57 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ec.h,v $ - * Revision 1.10 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.9 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.8 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.7 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.6 2004/03/22 02:19:10 mdw - * Rationalise the sliding-window threshold. Drop guarantee that right - * arguments to EC @add@ are canonical, and fix up projective implementations - * to cope. - * - * Revision 1.5 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.4.4.3 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.4.4.2 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.4.4.1 2003/06/10 13:43:53 mdw - * Simple (non-projective) curves over prime fields now seem to work. - * - * Revision 1.4 2003/05/15 23:25:59 mdw - * Make elliptic curve stuff build. - * - * Revision 1.3 2002/01/13 13:48:44 mdw - * Further progress. - * - * Revision 1.2 2001/05/07 17:29:44 mdw - * Treat projective coordinates as an internal representation. Various - * minor interface changes. - * - * Revision 1.1 2001/04/29 18:12:33 mdw - * Prototype version. - * - */ - #ifndef CATACOMB_EC_H #define CATACOMB_EC_H diff --git a/ecb-def.h b/ecb-def.h index 473d35a2..49a232bf 100644 --- a/ecb-def.h +++ b/ecb-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ecb-def.h,v 1.2 2000/06/17 10:54:43 mdw Exp $ + * $Id: ecb-def.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Definitions electronic code book mode * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ecb-def.h,v $ - * Revision 1.2 2000/06/17 10:54:43 mdw - * Use secure arena for memory allocation. - * - * Revision 1.1 1999/12/10 23:16:39 mdw - * Split mode macros into interface and implementation. - * - */ - #ifndef CATACOMB_ECB_DEF_H #define CATACOMB_ECB_DEF_H diff --git a/ecb.h b/ecb.h index f5ce8802..a434f7dd 100644 --- a/ecb.h +++ b/ecb.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ecb.h,v 1.2 1999/12/10 23:16:40 mdw Exp $ + * $Id: ecb.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Electronic code book for block ciphers * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ecb.h,v $ - * Revision 1.2 1999/12/10 23:16:40 mdw - * Split mode macros into interface and implementation. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_ECB_H #define CATACOMB_ECB_H diff --git a/ectab.h b/ectab.h index d75e79c9..734bc071 100644 --- a/ectab.h +++ b/ectab.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ectab.h,v 1.3 2004/04/01 21:28:41 mdw Exp $ + * $Id: ectab.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Table of standard elliptic curves * @@ -27,26 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ectab.h,v $ - * Revision 1.3 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.2 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.1 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - */ - #ifndef CATACOMB_ECTAB_H #define CATACOMB_ECTAB_H diff --git a/exp.c b/exp.c index ed114858..64f0e9e1 100644 --- a/exp.c +++ b/exp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: exp.c,v 1.1 2001/06/16 13:00:59 mdw Exp $ + * $Id: exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generalized exponentiation * @@ -27,15 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: exp.c,v $ - * Revision 1.1 2001/06/16 13:00:59 mdw - * New generic exponentation code. Includes sliding-window simultaneous - * exponentiation. - * - */ - /*----- Header files ------------------------------------------------------*/ #define EXP_TYPE /* Hack */ diff --git a/exp.h b/exp.h index 59cb632a..a8b38124 100644 --- a/exp.h +++ b/exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: exp.h,v 1.3 2004/03/22 02:19:10 mdw Exp $ + * $Id: exp.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Generalized exponentiation * @@ -27,26 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: exp.h,v $ - * Revision 1.3 2004/03/22 02:19:10 mdw - * Rationalise the sliding-window threshold. Drop guarantee that right - * arguments to EC @add@ are canonical, and fix up projective implementations - * to cope. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.1 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.1 2001/06/16 13:00:59 mdw - * New generic exponentation code. Includes sliding-window simultaneous - * exponentiation. - * - */ - #ifdef CATACOMB_EXP_H # error "Multiple inclusion of " #endif diff --git a/f-binpoly.c b/f-binpoly.c index 9c093562..4282ad4a 100644 --- a/f-binpoly.c +++ b/f-binpoly.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: f-binpoly.c,v 1.8 2004/04/02 01:03:49 mdw Exp $ + * $Id: f-binpoly.c,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Binary fields with polynomial basis representation * @@ -27,41 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: f-binpoly.c,v $ - * Revision 1.8 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.7 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.6 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.5 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.4 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.3 2004/03/23 12:08:26 mdw - * Random field-element selection. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -102,7 +67,7 @@ static mp *fsqr(field *ff, mp *d, mp *x) { } static mp *finv(field *ff, mp *d, mp *x) - { fctx *f = (fctx *)ff; gf_gcd(0, 0, &d, f->r.p, x); return (d); } + { fctx *f = (fctx *)ff; d = gf_modinv(d, x, f->r.p); return (d); } static mp *freduce(field *ff, mp *d, mp *x) { fctx *f = (fctx *)ff; return (gfreduce_do(&f->r, d, x)); } diff --git a/f-niceprime.c b/f-niceprime.c index 8f0b43dc..8645cb65 100644 --- a/f-niceprime.c +++ b/f-niceprime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: f-niceprime.c,v 1.5 2004/04/02 01:03:49 mdw Exp $ + * $Id: f-niceprime.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Prime fields with efficient reduction for special-form primes * @@ -27,32 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: f-niceprime.c,v $ - * Revision 1.5 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.4 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.3 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.2 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.1 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -106,7 +80,7 @@ static mp *fsqr(field *ff, mp *d, mp *x) { } static mp *finv(field *ff, mp *d, mp *x) - { fctx *f = (fctx *)ff; mp_gcd(0, 0, &d, f->r.p, x); return (d); } + { fctx *f = (fctx *)ff; d = mp_modinv(d, x, f->r.p); return (d); } static mp *freduce(field *ff, mp *d, mp *x) { fctx *f = (fctx *)ff; return (mpreduce_do(&f->r, d, x)); } diff --git a/f-prime.c b/f-prime.c index 43d6da3c..f58bf635 100644 --- a/f-prime.c +++ b/f-prime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: f-prime.c,v 1.11 2004/04/03 03:32:05 mdw Exp $ + * $Id: f-prime.c,v 1.12 2004/04/08 01:36:15 mdw Exp $ * * Prime fields with Montgomery arithmetic * @@ -27,59 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: f-prime.c,v $ - * Revision 1.11 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.10 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.9 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.8 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.7 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.6 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.5 2004/03/23 12:08:26 mdw - * Random field-element selection. - * - * Revision 1.4 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.3.4.3 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.3.4.2 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.3.4.1 2003/06/10 13:43:53 mdw - * Simple (non-projective) curves over prime fields now seem to work. - * - * Revision 1.3 2003/05/15 23:25:59 mdw - * Make elliptic curve stuff build. - * - * Revision 1.2 2002/01/13 13:48:44 mdw - * Further progress. - * - * Revision 1.1 2001/04/29 18:12:33 mdw - * Prototype version. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -141,7 +88,7 @@ static mp *fsqr(field *ff, mp *d, mp *x) { static mp *finv(field *ff, mp *d, mp *x) { fctx *f = (fctx *)ff; d = mpmont_reduce(&f->mm, d, x); - mp_gcd(0, 0, &d, f->mm.m, d); return (mpmont_mul(&f->mm, d, d, f->mm.r2)); + d = mp_modinv(d, d, f->mm.m); return (mpmont_mul(&f->mm, d, d, f->mm.r2)); } static mp *freduce(field *ff, mp *d, mp *x) diff --git a/factorial.c b/factorial.c index 789de908..54b98456 100644 --- a/factorial.c +++ b/factorial.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: factorial.c,v 1.3 2002/01/13 19:51:59 mdw Exp $ + * $Id: factorial.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Example factorial computation * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: factorial.c,v $ - * Revision 1.3 2002/01/13 19:51:59 mdw - * Provide proper help and options parsing. Allow more bases. Use - * @mptext@ to read integers for the better base support. - * - * Revision 1.2 2001/06/16 13:22:59 mdw - * Added command-line option to select output radix. - * - * Revision 1.1 2000/07/09 21:30:49 mdw - * Demo program to compute factorials. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/fibrand.c b/fibrand.c index eb2e86d5..4196e98b 100644 --- a/fibrand.c +++ b/fibrand.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: fibrand.c,v 1.4 2002/10/09 00:35:18 mdw Exp $ + * $Id: fibrand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Fibonacci generator * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: fibrand.c,v $ - * Revision 1.4 2002/10/09 00:35:18 mdw - * Fix bogus type name. - * - * Revision 1.3 2000/12/06 20:31:06 mdw - * Simplify uniform range transformation. - * - * Revision 1.2 2000/06/17 10:55:24 mdw - * Typesetting fixes. Add flags word to generatic random generator. - * - * Revision 1.1 1999/12/10 23:15:27 mdw - * Noncryptographic random number generator. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/fibrand.h b/fibrand.h index 10b683f8..5a75542c 100644 --- a/fibrand.h +++ b/fibrand.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: fibrand.h,v 1.2 2000/06/17 10:54:59 mdw Exp $ + * $Id: fibrand.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Fibonacci generator * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: fibrand.h,v $ - * Revision 1.2 2000/06/17 10:54:59 mdw - * Typesetting fixes. - * - * Revision 1.1 1999/12/10 23:15:27 mdw - * Noncryptographic random number generator. - * - */ - /*----- Notes on the Fibonacci generator ----------------------------------* * * The generator was originally suggested by G. J. Mitchell and D. P. Moore diff --git a/field-parse.c b/field-parse.c index 7e83fc03..5f9092a9 100644 --- a/field-parse.c +++ b/field-parse.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: field-parse.c,v 1.3 2004/04/03 03:32:05 mdw Exp $ + * $Id: field-parse.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Parse field descriptions * @@ -27,22 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: field-parse.c,v $ - * Revision 1.3 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.2 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.1 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "field.h" diff --git a/field.c b/field.c index f0968dd1..c8e31d24 100644 --- a/field.c +++ b/field.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: field.c,v 1.3 2004/04/01 12:50:09 mdw Exp $ + * $Id: field.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Abstract field operations * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: field.c,v $ - * Revision 1.3 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.1 2003/06/10 13:43:53 mdw - * Simple (non-projective) curves over prime fields now seem to work. - * - * Revision 1.1 2001/05/07 17:30:13 mdw - * Add an internal-representation no-op function. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "field.h" diff --git a/field.h b/field.h index 3a46ac97..57902840 100644 --- a/field.h +++ b/field.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: field.h,v 1.10 2004/04/01 21:28:41 mdw Exp $ + * $Id: field.h,v 1.11 2004/04/08 01:36:15 mdw Exp $ * * Definitions for field arithmetic * @@ -27,53 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: field.h,v $ - * Revision 1.10 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - * Revision 1.9 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.8 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.7 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - * Revision 1.6 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.5 2004/03/23 12:08:26 mdw - * Random field-element selection. - * - * Revision 1.4 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.3.4.2 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.3.4.1 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.3 2002/01/13 13:48:44 mdw - * Further progress. - * - * Revision 1.2 2001/05/07 17:30:13 mdw - * Add an internal-representation no-op function. - * - * Revision 1.1 2001/04/29 18:12:33 mdw - * Prototype version. - * - */ - #ifndef CATACOMB_FIELD_H #define CATACOMB_FIELD_H diff --git a/fipstest.c b/fipstest.c index 30f270bc..c780a33c 100644 --- a/fipstest.c +++ b/fipstest.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: fipstest.c,v 1.3 2000/08/11 21:34:34 mdw Exp $ + * $Id: fipstest.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * FIPS140 randomness tests * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: fipstest.c,v $ - * Revision 1.3 2000/08/11 21:34:34 mdw - * Change to use the new thresholds given in the draft FIPS140-2. - * - * Revision 1.2 2000/06/17 12:21:39 mdw - * Add braces to shut compiler up. Reformat code slightly. - * - * Revision 1.1 2000/06/17 10:55:38 mdw - * FIPS 140-1 random generator test. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/fipstest.h b/fipstest.h index 9596d8a1..5bdd8dc0 100644 --- a/fipstest.h +++ b/fipstest.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: fipstest.h,v 1.3 2000/12/06 20:33:27 mdw Exp $ + * $Id: fipstest.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * FIPS140 randomness tests * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: fipstest.h,v $ - * Revision 1.3 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.2 2000/08/11 21:34:34 mdw - * Change to use the new thresholds given in the draft FIPS140-2. - * - * Revision 1.1 2000/06/17 10:55:38 mdw - * FIPS 140-1 random generator test. - * - */ - #ifndef CATACOMB_FIPSTEST_H #define CATACOMB_FIPSTEST_H diff --git a/g-ec.c b/g-ec.c index dcf8a101..1809e6c0 100644 --- a/g-ec.c +++ b/g-ec.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: g-ec.c,v 1.3 2004/04/04 19:04:11 mdw Exp $ + * $Id: g-ec.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Abstraction for elliptic curve groups * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: g-ec.c,v $ - * Revision 1.3 2004/04/04 19:04:11 mdw - * Raw I/O of elliptic curve points and group elements. - * - * Revision 1.2 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/g-prime.c b/g-prime.c index 97f455fa..aa176859 100644 --- a/g-prime.c +++ b/g-prime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: g-prime.c,v 1.3 2004/04/04 19:04:11 mdw Exp $ + * $Id: g-prime.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Abstraction for prime groups * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: g-prime.c,v $ - * Revision 1.3 2004/04/04 19:04:11 mdw - * Raw I/O of elliptic curve points and group elements. - * - * Revision 1.2 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -109,7 +91,7 @@ static void gsqr(group *gg, mp **d, mp **x) { static void ginv(group *gg, mp **d, mp **x) { gctx *g = (gctx *)gg; mp *r = mpmont_reduce(&g->mm, *d, *x); - mp_gcd(0, 0, &r, g->mm.m, r); *d = mpmont_mul(&g->mm, r, r, g->mm.r2); + r = mp_modinv(r, r, g->mm.m); *d = mpmont_mul(&g->mm, r, r, g->mm.r2); } static void gexp(group *gg, mp **d, mp **x, mp *n) @@ -137,8 +119,8 @@ static mp *gtoint(group *gg, mp *d, mp **x) { gctx *g = (gctx *)gg; return (mpmont_reduce(&g->mm, d, *x)); } static int gfromint(group *gg, mp **d, mp *x) { - gctx *g = (gctx *)gg; mp_div(0, &x, x, g->mm.m); mp_drop(*d); - *d = mpmont_mul(&g->mm, x, x, g->mm.r2); return (0); + gctx *g = (gctx *)gg; mp_div(0, d, x, g->mm.m); + *d = mpmont_mul(&g->mm, *d, *d, g->mm.r2); return (0); } static int gtobuf(group *gg, buf *b, mp **x) { diff --git a/gcipher.h b/gcipher.h index f25fb939..97c30479 100644 --- a/gcipher.h +++ b/gcipher.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gcipher.h,v 1.3 2004/04/04 19:42:30 mdw Exp $ + * $Id: gcipher.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Generic symmetric cipher interface * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gcipher.h,v $ - * Revision 1.3 2004/04/04 19:42:30 mdw - * Make tables of standard encryption schemes etc. - * - * Revision 1.2 2000/06/17 10:56:00 mdw - * New key size interface. - * - * Revision 1.1 1999/12/10 23:16:01 mdw - * Generic interface. - * - */ - #ifndef CATACOMB_GCIPHER_H #define CATACOMB_GCIPHER_H diff --git a/gdsa.c b/gdsa.c index 87238471..9b23f4fb 100644 --- a/gdsa.c +++ b/gdsa.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gdsa.c,v 1.1 2004/04/04 19:42:59 mdw Exp $ + * $Id: gdsa.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generalized version of DSA * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gdsa.c,v $ - * Revision 1.1 2004/04/04 19:42:59 mdw - * Add set -e. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "gdsa.h" @@ -105,7 +97,7 @@ have_k: mpbarrett_create(&b, g->r); ss = mp_mul(ss, sr, c->u); ss = mpbarrett_reduce(&b, ss, ss); ss = mp_add(ss, ss, mr); mp_div(0, &ss, ss, g->r); - mp_gcd(0, 0, &k, g->r, k); + k = mp_modinv(k, k, g->r); ss = mp_mul(ss, ss, k); ss = mpbarrett_reduce(&b, ss, ss); s->r = sr; s->s = ss; mp_drop(k); mp_drop(mr); mpbarrett_destroy(&b); G_DESTROY(g, z); @@ -127,14 +119,14 @@ int gdsa_verify(const gdsa *c, const gdsa_sig *s, const void *m) group *g = c->g; group_expfactor e[2]; mpbarrett b; - mp *h = MP_NEW, *t; + mp *h, *t; ge *w; int rc = -1; if (MP_CMP(s->r, <, MP_ONE) || MP_CMP(s->r, >=, g->r) || MP_CMP(s->s, <, MP_ONE) || MP_CMP(s->s, >=, g->r)) return (-1); - mpbarrett_create(&b, g->r); mp_gcd(0, 0, &h, g->r, s->s); + mpbarrett_create(&b, g->r); h = mp_modinv(MP_NEW, s->s, g->r); e[0].base = g->g; e[1].base = c->p; t = mp_loadb(MP_NEW, m, c->h->hashsz); mp_div(0, &t, t, g->r); t = mp_mul(t, t, h); e[0].exp = t = mpbarrett_reduce(&b, t, t); diff --git a/gdsa.h b/gdsa.h index 6d88a4da..479ef3cf 100644 --- a/gdsa.h +++ b/gdsa.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gdsa.h,v 1.1 2004/04/04 19:42:59 mdw Exp $ + * $Id: gdsa.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generalized version of DSA * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gdsa.h,v $ - * Revision 1.1 2004/04/04 19:42:59 mdw - * Add set -e. - * - */ - #ifndef CATACOMB_GDSA_H #define CATACOMB_GDSA_H diff --git a/gengctab b/gengctab index 3211b421..9c8c17b1 100755 --- a/gengctab +++ b/gengctab @@ -17,7 +17,8 @@ cat < diff --git a/gf-arith.c b/gf-arith.c index 209c3fc8..c23aa193 100644 --- a/gf-arith.c +++ b/gf-arith.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gf-arith.c,v 1.3 2004/03/27 17:54:11 mdw Exp $ + * $Id: gf-arith.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Basic arithmetic on binary polynomials * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gf-arith.c,v $ - * Revision 1.3 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "gf.h" diff --git a/gf-gcd.c b/gf-gcd.c index 7c09d3ab..8eb9bbf8 100644 --- a/gf-gcd.c +++ b/gf-gcd.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gf-gcd.c,v 1.2 2004/03/21 22:52:06 mdw Exp $ + * $Id: gf-gcd.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Euclidian algorithm on binary polynomials * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gf-gcd.c,v $ - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "gf.h" @@ -186,6 +175,28 @@ void gf_gcd(mp **gcd, mp **xx, mp **yy, mp *a, mp *b) MP_DROP(a); MP_DROP(b); } +/* -- @gf_modinv@ --- * + * + * Arguments: @mp *d@ = destination + * @mp *x@ = argument + * @mp *p@ = modulus + * + * Returns: The inverse %$x^{-1} \bmod p$%. + * + * Use: Computes a modular inverse, the catch being that the + * arguments and results are binary polynomials. An assertion + * fails if %$p$% has no inverse. + */ + +mp *gf_modinv(mp *d, mp *x, mp *p) +{ + mp *g = MP_NEW; + gf_gcd(&g, 0, &d, p, x); + assert(MP_EQ(g, MP_ONE)); + mp_drop(g); + return (d); +} + /*----- Test rig ----------------------------------------------------------*/ #ifdef TEST_RIG @@ -202,7 +213,7 @@ static int gcd(dstr *v) mp *gg = MP_NEW, *xx = MP_NEW, *yy = MP_NEW; gf_gcd(&gg, &xx, &yy, a, b); if (!MP_EQ(x, xx)) { - fputs("\n*** mp_gcd(x) failed", stderr); + fputs("\n*** gf_gcd(x) failed", stderr); fputs("\na = ", stderr); mp_writefile(a, stderr, 16); fputs("\nb = ", stderr); mp_writefile(b, stderr, 16); fputs("\nexpect = ", stderr); mp_writefile(x, stderr, 16); @@ -211,7 +222,7 @@ static int gcd(dstr *v) ok = 0; } if (!MP_EQ(y, yy)) { - fputs("\n*** mp_gcd(y) failed", stderr); + fputs("\n*** gf_gcd(y) failed", stderr); fputs("\na = ", stderr); mp_writefile(a, stderr, 16); fputs("\nb = ", stderr); mp_writefile(b, stderr, 16); fputs("\nexpect = ", stderr); mp_writefile(y, stderr, 16); @@ -231,7 +242,7 @@ static int gcd(dstr *v) } if (!MP_EQ(g, gg)) { - fputs("\n*** mp_gcd(gcd) failed", stderr); + fputs("\n*** gf_gcd(gcd) failed", stderr); fputs("\na = ", stderr); mp_writefile(a, stderr, 16); fputs("\nb = ", stderr); mp_writefile(b, stderr, 16); fputs("\nexpect = ", stderr); mp_writefile(g, stderr, 16); diff --git a/gf.h b/gf.h index fba801c8..2429e959 100644 --- a/gf.h +++ b/gf.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gf.h,v 1.3 2004/03/27 17:54:11 mdw Exp $ + * $Id: gf.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Arithmetic on binary polynomials * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gf.h,v $ - * Revision 1.3 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - #ifndef CATACOMB_GF_H #define CATACOMB_GF_H @@ -130,6 +116,21 @@ extern int gf_irreduciblep(mp */*f*/); extern void gf_gcd(mp **/*gcd*/, mp **/*xx*/, mp **/*yy*/, mp */*a*/, mp */*b*/); +/* -- @gf_modinv@ --- * + * + * Arguments: @mp *d@ = destination + * @mp *x@ = argument + * @mp *p@ = modulus + * + * Returns: The inverse %$x^{-1} \bmod p$%. + * + * Use: Computes a modular inverse, the catch being that the + * arguments and results are binary polynomials. An assertion + * fails if %$p$% has no inverse. + */ + +extern mp *gf_modinv(mp */*d*/, mp */*x*/, mp */*p*/); + /*----- That's all, folks -------------------------------------------------*/ #ifdef __cplusplus diff --git a/gfn.c b/gfn.c index 1b5a98cb..b03df25a 100644 --- a/gfn.c +++ b/gfn.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfn.c,v 1.1 2004/04/01 21:28:41 mdw Exp $ + * $Id: gfn.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Normal-basis translation for binary fields * @@ -27,16 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfn.c,v $ - * Revision 1.1 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "gfreduce.h" diff --git a/gfn.h b/gfn.h index 48531b9a..94a74c56 100644 --- a/gfn.h +++ b/gfn.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfn.h,v 1.1 2004/04/01 21:28:41 mdw Exp $ + * $Id: gfn.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Normal-basis translation for binary fields * @@ -27,16 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfn.h,v $ - * Revision 1.1 2004/04/01 21:28:41 mdw - * Normal basis support (translates to poly basis internally). Rewrite - * EC and prime group table generators in awk, so that they can reuse data - * for repeated constants. - * - */ - #ifndef CATACOMB_GFN_H #define CATACOMB_GFN_H diff --git a/gfreduce-exp.h b/gfreduce-exp.h index f826fc7a..ae13dcf3 100644 --- a/gfreduce-exp.h +++ b/gfreduce-exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfreduce-exp.h,v 1.2 2004/03/21 22:52:06 mdw Exp $ + * $Id: gfreduce-exp.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Exponentiation operations for binary field reduction * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfreduce-exp.h,v $ - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - #ifndef CATACOMB_GFREDUCE_EXP_H #define CATACOMB_GFREDUCE_EXP_H diff --git a/gfreduce.c b/gfreduce.c index 4f07ccfd..ae31d5c3 100644 --- a/gfreduce.c +++ b/gfreduce.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfreduce.c,v 1.4 2004/03/27 00:04:46 mdw Exp $ + * $Id: gfreduce.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Efficient reduction modulo sparse binary polynomials * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfreduce.c,v $ - * Revision 1.4 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - * Revision 1.3 2004/03/23 15:19:32 mdw - * Test elliptic curves more thoroughly. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/gfreduce.h b/gfreduce.h index 9840b5e1..ec343b45 100644 --- a/gfreduce.h +++ b/gfreduce.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfreduce.h,v 1.2 2004/03/21 22:52:06 mdw Exp $ + * $Id: gfreduce.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Reduction modulo sparse binary polynomials * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfreduce.h,v $ - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - #ifndef CATACOMB_GFREDUCE_H #define CATACOMB_GFREDUCE_H diff --git a/gfshare-mktab.c b/gfshare-mktab.c index 6e374206..7ce72442 100644 --- a/gfshare-mktab.c +++ b/gfshare-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfshare-mktab.c,v 1.3 2000/06/18 23:26:09 mdw Exp $ + * $Id: gfshare-mktab.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Generate tables for %$\gf{2^8}$% multiplication * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfshare-mktab.c,v $ - * Revision 1.3 2000/06/18 23:26:09 mdw - * Whoops. Fix a typo. - * - * Revision 1.2 2000/06/18 23:12:15 mdw - * Change typesetting of Galois Field names. - * - * Revision 1.1 2000/06/17 10:56:30 mdw - * Fast but nonstandard secret sharing system. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/gfshare.c b/gfshare.c index 841e5563..a46f9487 100644 --- a/gfshare.c +++ b/gfshare.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfshare.c,v 1.8 2004/04/02 01:03:49 mdw Exp $ + * $Id: gfshare.c,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Secret sharing over %$\gf{2^8}$% * @@ -27,38 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfshare.c,v $ - * Revision 1.8 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.7 2001/06/16 23:42:17 mdw - * Typesetting fixes. - * - * Revision 1.6 2000/12/06 20:30:10 mdw - * Change secret sharing interface: present the secret at share - * construction time. - * - * Revision 1.5 2000/06/24 19:11:47 mdw - * Fix daft error in the comment for @gfshare_get@. - * - * Revision 1.4 2000/06/24 18:29:05 mdw - * Interface change: allow shares to be extracted from a context on demand, - * rather than building them all up-front. - * - * Revision 1.3 2000/06/22 18:04:13 mdw - * Improve secret reconstruction -- compute coefficients as needed rather - * than making a big array of them. - * - * Revision 1.2 2000/06/18 23:12:15 mdw - * Change typesetting of Galois Field names. - * - * Revision 1.1 2000/06/17 10:56:30 mdw - * Fast but nonstandard secret sharing system. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/gfshare.h b/gfshare.h index fe09d8ae..a53d137e 100644 --- a/gfshare.h +++ b/gfshare.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfshare.h,v 1.6 2000/12/06 20:30:10 mdw Exp $ + * $Id: gfshare.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Secret sharing over %$\gf{2^8}$% * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfshare.h,v $ - * Revision 1.6 2000/12/06 20:30:10 mdw - * Change secret sharing interface: present the secret at share - * construction time. - * - * Revision 1.5 2000/06/24 19:11:47 mdw - * Fix daft error in the comment for @gfshare_get@. - * - * Revision 1.4 2000/06/24 18:29:05 mdw - * Interface change: allow shares to be extracted from a context on demand, - * rather than building them all up-front. - * - * Revision 1.3 2000/06/18 23:12:15 mdw - * Change typesetting of Galois Field names. - * - * Revision 1.2 2000/06/17 11:05:27 mdw - * Add a commentary on the system. - * - * Revision 1.1 2000/06/17 10:56:30 mdw - * Fast but nonstandard secret sharing system. - * - */ - /*----- Notes on the system -----------------------------------------------* * * This uses a variant of Shamir's secret sharing system. Shamir's original diff --git a/gfx-kmul.c b/gfx-kmul.c index c692f9cc..aaf11099 100644 --- a/gfx-kmul.c +++ b/gfx-kmul.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfx-kmul.c,v 1.3 2004/03/27 17:54:11 mdw Exp $ + * $Id: gfx-kmul.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Karatsuba's multiplication algorithm on binary polynomials * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfx-kmul.c,v $ - * Revision 1.3 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.2 2002/10/09 00:36:03 mdw - * Fix bounds on workspace for Karatsuba operations. - * - * Revision 1.1 2000/10/08 15:49:37 mdw - * First glimmerings of binary polynomial arithmetic. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/gfx-sqr-mktab.c b/gfx-sqr-mktab.c index 70801c19..64f7a870 100644 --- a/gfx-sqr-mktab.c +++ b/gfx-sqr-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfx-sqr-mktab.c,v 1.1 2000/10/08 15:49:37 mdw Exp $ + * $Id: gfx-sqr-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Build table for squaring of binary polynomials * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfx-sqr-mktab.c,v $ - * Revision 1.1 2000/10/08 15:49:37 mdw - * First glimmerings of binary polynomial arithmetic. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/gfx-sqr.c b/gfx-sqr.c index 60e1b3c6..6acc4a30 100644 --- a/gfx-sqr.c +++ b/gfx-sqr.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfx-sqr.c,v 1.3 2004/04/02 01:03:49 mdw Exp $ + * $Id: gfx-sqr.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Sqaring binary polynomials * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfx-sqr.c,v $ - * Revision 1.3 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.1 2000/10/08 15:49:37 mdw - * First glimmerings of binary polynomial arithmetic. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mpx.h" diff --git a/gfx.c b/gfx.c index 97320f9e..0fabd5c4 100644 --- a/gfx.c +++ b/gfx.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfx.c,v 1.1 2000/10/08 15:49:37 mdw Exp $ + * $Id: gfx.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Low-level arithmetic on binary polynomials * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfx.c,v $ - * Revision 1.1 2000/10/08 15:49:37 mdw - * First glimmerings of binary polynomial arithmetic. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/gfx.h b/gfx.h index 18ac9a55..2a325c11 100644 --- a/gfx.h +++ b/gfx.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gfx.h,v 1.2 2004/03/21 22:52:06 mdw Exp $ + * $Id: gfx.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Low-level arithmetic on binary polynomials * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gfx.h,v $ - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.1 2000/10/08 15:49:37 mdw - * First glimmerings of binary polynomial arithmetic. - * - */ - #ifndef CATACOMB_GFX_H #define CATACOMB_GFX_H diff --git a/ghash-def.h b/ghash-def.h index da4063df..3f0266cd 100644 --- a/ghash-def.h +++ b/ghash-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ghash-def.h,v 1.6 2004/04/04 19:42:59 mdw Exp $ + * $Id: ghash-def.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Definitions for generic hash interface * @@ -27,33 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ghash-def.h,v $ - * Revision 1.6 2004/04/04 19:42:59 mdw - * Add set -e. - * - * Revision 1.5 2001/01/25 21:39:58 mdw - * Burn the hash context when it's done with, for paranoia's sake. - * - * Revision 1.4 2000/07/15 10:00:58 mdw - * New generic hash operation for copying hash contexts. - * - * Revision 1.3 2000/07/02 18:27:42 mdw - * (ghash->ops->done): Interface change. Passing in a null buffer pointer - * uses a buffer internal to the ghash object. The operation returns the - * address of the buffer it used. Clients of generic hashes no longer need - * to use dynamically allocated memory for hash results. - * - * Revision 1.2 2000/06/17 11:22:03 mdw - * Use secure arena for memory allocation. Minor changes in the generic - * hash interface. - * - * Revision 1.1 1999/12/10 23:21:37 mdw - * Generic interface. - * - */ - #ifndef CATACOMB_GHASH_DEF_H #define CATACOMB_GHASH_DEF_H diff --git a/ghash.h b/ghash.h index 9d63419e..3b83a199 100644 --- a/ghash.h +++ b/ghash.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ghash.h,v 1.6 2004/04/04 19:42:30 mdw Exp $ + * $Id: ghash.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Generic hash function interface * @@ -27,32 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ghash.h,v $ - * Revision 1.6 2004/04/04 19:42:30 mdw - * Make tables of standard encryption schemes etc. - * - * Revision 1.5 2000/07/15 10:00:58 mdw - * New generic hash operation for copying hash contexts. - * - * Revision 1.4 2000/07/03 18:08:24 mdw - * Include `bits.h'. - * - * Revision 1.3 2000/07/02 18:27:42 mdw - * (ghash->ops->done): Interface change. Passing in a null buffer pointer - * uses a buffer internal to the ghash object. The operation returns the - * address of the buffer it used. Clients of generic hashes no longer need - * to use dynamically allocated memory for hash results. - * - * Revision 1.2 2000/06/17 11:22:17 mdw - * Minor changes in the generic hash interface. - * - * Revision 1.1 1999/12/10 23:16:01 mdw - * Generic interface. - * - */ - #ifndef CATACOMB_GHASH_H #define CATACOMB_GHASH_H @@ -81,7 +55,7 @@ typedef struct ghash_ops { } ghash_ops; #define GH_INIT(ch) (ch)->init() -#define GH_CLASS(H) (h)->ops->c +#define GH_CLASS(h) (h)->ops->c #define GH_HASH(h, p, sz) (h)->ops->hash((h), (p), (sz)) #define GH_DONE(h, buf) (h)->ops->done((h), (buf)) #define GH_DESTROY(h) (h)->ops->destroy((h)) diff --git a/gkcdsa.c b/gkcdsa.c index f7119f54..6d812ffb 100644 --- a/gkcdsa.c +++ b/gkcdsa.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gkcdsa.c,v 1.1 2004/04/04 19:42:59 mdw Exp $ + * $Id: gkcdsa.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generalized version of KCDSA * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gkcdsa.c,v $ - * Revision 1.1 2004/04/04 19:42:59 mdw - * Add set -e. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "gkcdsa.h" @@ -61,7 +53,6 @@ ghash *gkcdsa_beginhash(const gkcdsa *c) mp *v = G_TOINT(c->g, MP_NEW, c->p); size_t sz = c->h->bufsz; void *p = xmalloc(sz); - if (/*ouch*/ !v) memset(p, 0, sz); else mp_storeb(v, p, sz); GH_HASH(h, p, sz); @@ -238,7 +229,7 @@ static int tsign(dstr *v) DENSURE(&d, c.h->hashsz); d.len = c.h->hashsz; memset(d.buf, 0, d.len); ss.r = (octet *)d.buf; - x = MP_NEW; mp_gcd(0, 0, &x, c.g->r, c.u); + x = mp_modinv(MP_NEW, c.u, c.g->r); c.p = G_CREATE(c.g); G_EXP(c.g, c.p, c.g->g, x); h = gkcdsa_beginhash(&c); GH_HASH(h, v[3].buf, v[3].len); diff --git a/gkcdsa.h b/gkcdsa.h index 8901b873..ec27eabf 100644 --- a/gkcdsa.h +++ b/gkcdsa.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gkcdsa.h,v 1.1 2004/04/04 19:42:59 mdw Exp $ + * $Id: gkcdsa.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generalized version of KCDSA * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gkcdsa.h,v $ - * Revision 1.1 2004/04/04 19:42:59 mdw - * Add set -e. - * - */ - #ifndef CATACOMB_GKCDSA_H #define CATACOMB_GKCDSA_H diff --git a/gmac.h b/gmac.h index cf134acc..9419bbf4 100644 --- a/gmac.h +++ b/gmac.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: gmac.h,v 1.3 2004/04/04 19:42:30 mdw Exp $ + * $Id: gmac.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Generic MAC function interface * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: gmac.h,v $ - * Revision 1.3 2004/04/04 19:42:30 mdw - * Make tables of standard encryption schemes etc. - * - * Revision 1.2 2000/06/17 11:22:46 mdw - * Minor changes in the generic hash and MAC interfaces. - * - * Revision 1.1 1999/12/10 23:16:01 mdw - * Generic interface. - * - */ - #ifndef CATACOMB_GMAC_H #define CATACOMB_GMAC_H diff --git a/grand.c b/grand.c index b7118ab2..ca0492b6 100644 --- a/grand.c +++ b/grand.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: grand.c,v 1.2 2000/12/06 20:31:06 mdw Exp $ + * $Id: grand.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Generic interface to random number generators * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: grand.c,v $ - * Revision 1.2 2000/12/06 20:31:06 mdw - * Simplify uniform range transformation. - * - * Revision 1.1 1999/12/10 23:16:01 mdw - * Generic interface. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/grand.h b/grand.h index 160663e4..0446b2b7 100644 --- a/grand.h +++ b/grand.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: grand.h,v 1.4 2001/04/19 18:23:53 mdw Exp $ + * $Id: grand.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Generic interface to random number generators * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: grand.h,v $ - * Revision 1.4 2001/04/19 18:23:53 mdw - * Use unsigned integer rather than enum for flags. - * - * Revision 1.3 2001/02/03 16:07:33 mdw - * Give generic random objects separate namespaces for their supported misc - * ops. - * - * Revision 1.2 2000/06/17 11:23:11 mdw - * Typesetting fix. Add a flags word to the generic generator. - * - * Revision 1.1 1999/12/10 23:16:01 mdw - * Generic interface. - * - */ - #ifndef CATACOMB_GRAND_H #define CATACOMB_GRAND_H @@ -92,6 +74,12 @@ typedef struct grand_ops { void (*fill)(grand */*r*/, void */*p*/, size_t /*sz*/); /* Fill buffer */ } grand_ops; +#define GR_DESTROY(r) (r)->ops->destroy((r)) +#define GR_RAW(r) (r)->ops->raw((r)) +#define GR_WORD(r) (r)->ops->word((r)) +#define GR_RANGE(r, l) (r)->ops->range((r), (l)) +#define GR_FILL(r, p, sz) (r)->ops->fill((r), (p), (sz)) + /* --- Flag types --- */ #define GRAND_CRYPTO 1u /* Cryptographically strong */ diff --git a/group-dstr.c b/group-dstr.c index 7fe67a05..9b46b32d 100644 --- a/group-dstr.c +++ b/group-dstr.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-dstr.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: group-dstr.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Dynamic string I/O for group elements * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-dstr.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "group.h" diff --git a/group-exp.c b/group-exp.c index 72bd5a08..2ca684cf 100644 --- a/group-exp.c +++ b/group-exp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: group-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Exponentiation for abstract groups * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-exp.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "group.h" diff --git a/group-exp.h b/group-exp.h index a736d292..244bebf8 100644 --- a/group-exp.h +++ b/group-exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-exp.h,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: group-exp.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Exponentiation operations for abstract groups * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-exp.h,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - #ifndef CATACOMB_GROUP_EXP_H #define CATACOMB_GROUP_EXP_H diff --git a/group-file.c b/group-file.c index a819f921..e0ae8bb9 100644 --- a/group-file.c +++ b/group-file.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-file.c,v 1.2 2004/04/04 19:04:11 mdw Exp $ + * $Id: group-file.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * File I/O for group elements * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-file.c,v $ - * Revision 1.2 2004/04/04 19:04:11 mdw - * Raw I/O of elliptic curve points and group elements. - * - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "group.h" diff --git a/group-parse.c b/group-parse.c index 276e2d2a..1c0d614f 100644 --- a/group-parse.c +++ b/group-parse.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-parse.c,v 1.2 2004/04/03 03:32:05 mdw Exp $ + * $Id: group-parse.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Parse group description strings * @@ -26,21 +26,6 @@ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-parse.c,v $ - * Revision 1.2 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "group.h" diff --git a/group-stdops.c b/group-stdops.c index 2e3e6d40..faa34f2c 100644 --- a/group-stdops.c +++ b/group-stdops.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-stdops.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: group-stdops.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Standard group operations * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-stdops.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "group.h" diff --git a/group-string.c b/group-string.c index 598e973c..f1e58590 100644 --- a/group-string.c +++ b/group-string.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-string.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: group-string.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * String I/O for group elements * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-string.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "group.h" diff --git a/group-test.c b/group-test.c index 7c1936b5..851f9120 100644 --- a/group-test.c +++ b/group-test.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-test.c,v 1.2 2004/04/04 19:04:11 mdw Exp $ + * $Id: group-test.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Testing group operations * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group-test.c,v $ - * Revision 1.2 2004/04/04 19:04:11 mdw - * Raw I/O of elliptic curve points and group elements. - * - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/group.h b/group.h index 0e32de64..9211a58c 100644 --- a/group.h +++ b/group.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group.h,v 1.3 2004/04/04 19:04:11 mdw Exp $ + * $Id: group.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * General cyclic group abstraction * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: group.h,v $ - * Revision 1.3 2004/04/04 19:04:11 mdw - * Raw I/O of elliptic curve points and group elements. - * - * Revision 1.2 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - #ifndef CATACOMB_GROUP_H #define CATACOMB_GROUP_H diff --git a/has160.c b/has160.c index 7c7b7b99..727c01e1 100644 --- a/has160.c +++ b/has160.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: has160.c,v 1.1 2004/04/04 19:42:59 mdw Exp $ + * $Id: has160.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The HAS160 message digest function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: has160.c,v $ - * Revision 1.1 2004/04/04 19:42:59 mdw - * Add set -e. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/has160.h b/has160.h index f60fdc9b..4b263f93 100644 --- a/has160.h +++ b/has160.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: has160.h,v 1.1 2004/04/04 19:42:59 mdw Exp $ + * $Id: has160.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The HAS160 message digest function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: has160.h,v $ - * Revision 1.1 2004/04/04 19:42:59 mdw - * Add set -e. - * - */ - /*----- Notes on the HAS160 hash function ---------------------------------* * * HAS160 was designed by Chae Hoon Lim and the Korean Information Security diff --git a/hash.h b/hash.h index f5d21de2..9c81a446 100644 --- a/hash.h +++ b/hash.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: hash.h,v 1.4 2004/03/21 22:42:27 mdw Exp $ + * $Id: hash.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Generic handling for message digest functions * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: hash.h,v $ - * Revision 1.4 2004/03/21 22:42:27 mdw - * Test hashing on long strings. - * - * Revision 1.3 2000/06/17 11:23:27 mdw - * Portability fix for broken compilers. - * - * Revision 1.2 1999/12/10 23:16:40 mdw - * Split mode macros into interface and implementation. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_HASH_H #define CATACOMB_HASH_H diff --git a/hashsum.c b/hashsum.c index 11a5d378..a1753976 100644 --- a/hashsum.c +++ b/hashsum.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: hashsum.c,v 1.9 2004/04/04 19:42:59 mdw Exp $ + * $Id: hashsum.c,v 1.10 2004/04/08 01:36:15 mdw Exp $ * * Hash files using some secure hash function * @@ -27,41 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: hashsum.c,v $ - * Revision 1.9 2004/04/04 19:42:59 mdw - * Add set -e. - * - * Revision 1.8 2001/04/19 18:26:33 mdw - * Add CRC as another hash function. - * - * Revision 1.7 2001/02/21 20:03:22 mdw - * Added support for MD2 hash function. - * - * Revision 1.6 2001/01/25 21:40:14 mdw - * Support for new SHA variants added. - * - * Revision 1.5 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.4 2000/08/04 23:23:44 mdw - * Various fixes. - * - * Revision 1.3 2000/07/29 17:02:43 mdw - * (checkhash): Be pettier about spaces between the hash and filename, for - * compatiblity with `md5sum'. - * - * Revision 1.2 2000/07/15 21:14:05 mdw - * Missed `-e' out of the usage string. - * - * Revision 1.1 2000/07/15 20:52:34 mdw - * Useful replacement for `md5sum' with support for many different hash - * functions and for reading filename lists from `find'. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" @@ -120,11 +85,11 @@ static int fhash(const char *file, unsigned f, const gchash *gch, void *buf) else if ((fp = fopen(file, f & f_binary ? "rb" : "r")) == 0) return (-1); - h = gch->init(); + h = GH_INIT(gch); while ((sz = fread(fbuf, 1, sizeof(fbuf), fp)) > 0) - h->ops->hash(h, fbuf, sz); - h->ops->done(h, buf); - h->ops->destroy(h); + GH_HASH(h, fbuf, sz); + GH_DONE(h, buf); + GH_DESTROY(h); e = ferror(fp); if (file) fclose(fp); diff --git a/hmac-def.h b/hmac-def.h index ffd796c7..d9075a10 100644 --- a/hmac-def.h +++ b/hmac-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: hmac-def.h,v 1.7 2001/04/19 18:24:45 mdw Exp $ + * $Id: hmac-def.h,v 1.8 2004/04/08 01:36:15 mdw Exp $ * * Definitions for HMAC and NMAC * @@ -27,37 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: hmac-def.h,v $ - * Revision 1.7 2001/04/19 18:24:45 mdw - * Provide correct key sizes for NMAC, HMAC and SSLMAC. - * - * Revision 1.6 2001/04/03 19:35:45 mdw - * Support the SSL HMAC variant (untested). - * - * Revision 1.5 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.4 2000/07/15 10:00:58 mdw - * New generic hash operation for copying hash contexts. - * - * Revision 1.3 2000/07/02 18:27:42 mdw - * (ghash->ops->done): Interface change. Passing in a null buffer pointer - * uses a buffer internal to the ghash object. The operation returns the - * address of the buffer it used. Clients of generic hashes no longer need - * to use dynamically allocated memory for hash results. - * - * Revision 1.2 2000/06/17 11:23:44 mdw - * Use secure arena for memory allocation. Minor changes in the generic - * hash interface. - * - * Revision 1.1 1999/12/10 23:16:40 mdw - * Split mode macros into interface and implementation. - * - */ - #ifndef CATACOMB_HMAC_DEF_H #define CATACOMB_HMAC_DEF_H diff --git a/hmac.h b/hmac.h index e9c8d78a..e8742003 100644 --- a/hmac.h +++ b/hmac.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: hmac.h,v 1.6 2001/04/19 18:24:45 mdw Exp $ + * $Id: hmac.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Generic code for HMAC and NMAC * @@ -27,30 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: hmac.h,v $ - * Revision 1.6 2001/04/19 18:24:45 mdw - * Provide correct key sizes for NMAC, HMAC and SSLMAC. - * - * Revision 1.5 2001/04/03 19:35:45 mdw - * Support the SSL HMAC variant (untested). - * - * Revision 1.4 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.3 2000/06/17 11:23:57 mdw - * New key size interface. - * - * Revision 1.2 1999/12/10 23:17:39 mdw - * Split mode macros into interface and implementation. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the HMAC and NMAC constructions --------------------------* * * Designed by Mihir Bellare, Ran Canetti and Hugo Krawczyk, NMAC is a method diff --git a/idea.c b/idea.c index c0a1d074..ae4aa2d8 100644 --- a/idea.c +++ b/idea.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: idea.c,v 1.4 2000/07/15 17:47:58 mdw Exp $ + * $Id: idea.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the IDEA cipher * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: idea.c,v $ - * Revision 1.4 2000/07/15 17:47:58 mdw - * Fix bug in decryption key scheduling. - * - * Revision 1.3 2000/07/02 18:24:39 mdw - * Use a new multiplication function from an Ascom white paper to resist - * timing attacks. - * - * Revision 1.2 2000/06/17 11:24:08 mdw - * New key size interface. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/idea.h b/idea.h index 326925f9..771addae 100644 --- a/idea.h +++ b/idea.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: idea.h,v 1.3 2000/06/17 11:24:08 mdw Exp $ + * $Id: idea.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the IDEA cipher * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: idea.h,v $ - * Revision 1.3 2000/06/17 11:24:08 mdw - * New key size interface. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the IDEA block cipher ------------------------------------* * * IDEA was invented by James Massey and Xuejia Lai. The fundamental idea diff --git a/karatsuba.h b/karatsuba.h index 4add2c19..f1d1870b 100644 --- a/karatsuba.h +++ b/karatsuba.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: karatsuba.h,v 1.2 2000/10/08 15:47:47 mdw Exp $ + * $Id: karatsuba.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Macros for Karatsuba functions * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: karatsuba.h,v $ - * Revision 1.2 2000/10/08 15:47:47 mdw - * Rename from `mpx-kmac.h', and add macros for @gfx_kmul@. - * - * Revision 1.1 2000/06/17 11:42:11 mdw - * Moved the Karatsuba macros into a separate file for better sharing. - * Fixed some comments. - * - */ - #ifndef CATACOMB_KARATSUBA_H #define CATACOMB_KARATSUBA_H diff --git a/key-attr.c b/key-attr.c index 75b2f1ed..7057570f 100644 --- a/key-attr.c +++ b/key-attr.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-attr.c,v 1.4 2004/04/08 01:02:49 mdw Exp $ + * $Id: key-attr.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Key attribute manipulation * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-attr.c,v $ - * Revision 1.4 2004/04/08 01:02:49 mdw - * key-binary.c - * - * Revision 1.3 2001/06/22 19:39:43 mdw - * Allow tagging if the tag is owned by a deleted key. - * - * Revision 1.2 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-binary.c b/key-binary.c index 67261524..75cfbe71 100644 --- a/key-binary.c +++ b/key-binary.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-binary.c,v 1.6 2004/04/08 01:03:22 mdw Exp $ + * $Id: key-binary.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Key binary encoding * @@ -27,34 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-binary.c,v $ - * Revision 1.6 2004/04/08 01:03:22 mdw - * Force subkeys to be sorted in structured keys. - * - * Revision 1.5 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.4 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - * Revision 1.3 2001/02/03 11:57:00 mdw - * Track mLib change: symbols no longer need to include a terminating - * null. - * - * Revision 1.2 2000/06/17 11:25:20 mdw - * Use secure memory interface from MP library. - * - * Revision 1.1 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-data.c b/key-data.c index 494e9c88..7cbc6fd1 100644 --- a/key-data.c +++ b/key-data.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-data.c,v 1.5 2004/03/28 01:58:47 mdw Exp $ + * $Id: key-data.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Encoding and decoding of key data * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-data.c,v $ - * Revision 1.5 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - * Revision 1.4 2000/07/16 19:51:58 mdw - * Shut stupid compiler up. - * - * Revision 1.3 2000/06/17 11:26:03 mdw - * key_structfind: track minor data structure change, and cope if the - * subkey isn't available. - * - * Revision 1.2 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-data.h b/key-data.h index 4eb8845b..40b8b4b9 100644 --- a/key-data.h +++ b/key-data.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-data.h,v 1.3 2004/03/28 01:58:47 mdw Exp $ + * $Id: key-data.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Manipulating key data * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-data.h,v $ - * Revision 1.3 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - * Revision 1.2 2000/06/17 11:26:18 mdw - * Add the key packing interface. - * - * Revision 1.1 2000/02/12 18:21:23 mdw - * Overhaul of key management (again). - * - */ - #ifndef CATACOMB_KEY_DATA_H #define CATACOMB_KEY_DATA_H diff --git a/key-error.c b/key-error.c index 400e6bf8..75e42464 100644 --- a/key-error.c +++ b/key-error.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-error.c,v 1.3 2004/04/08 01:02:49 mdw Exp $ + * $Id: key-error.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Translating key error codes into strings * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-error.c,v $ - * Revision 1.3 2004/04/08 01:02:49 mdw - * key-binary.c - * - * Revision 1.2 2000/02/12 18:55:40 mdw - * Make it all compile properly. - * - * Revision 1.1 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-fetch.c b/key-fetch.c index 9f4863a4..8972603c 100644 --- a/key-fetch.c +++ b/key-fetch.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-fetch.c,v 1.1 2000/06/17 10:42:54 mdw Exp $ + * $Id: key-fetch.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Higher-level key unpacking * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-fetch.c,v $ - * Revision 1.1 2000/06/17 10:42:54 mdw - * Convenient table-driven extraction of structured keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-file.c b/key-file.c index 2e556e93..15b03049 100644 --- a/key-file.c +++ b/key-file.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-file.c,v 1.2 2001/02/03 11:57:38 mdw Exp $ + * $Id: key-file.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * System-dependent key filing operations * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-file.c,v $ - * Revision 1.2 2001/02/03 11:57:38 mdw - * Allow creating keyfiles with no file attached. - * - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-flags.c b/key-flags.c index d80da4f6..605eb065 100644 --- a/key-flags.c +++ b/key-flags.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-flags.c,v 1.4 2004/04/02 01:03:49 mdw Exp $ + * $Id: key-flags.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Reading and writing key flag strings * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-flags.c,v $ - * Revision 1.4 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.3 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - * Revision 1.2 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -123,6 +106,8 @@ int key_readflags(const char *p, char **pp, unsigned *ff, unsigned *mm) /* --- Look up the string in the flags table --- */ + if (sz == 4 && strncmp(p, "none", 4) == 0) + goto next; for (e = flagtab; e->name; e++) { if (strncmp(e->name, p, sz) == 0) { if (e->name[sz] == 0) { @@ -146,6 +131,7 @@ int key_readflags(const char *p, char **pp, unsigned *ff, unsigned *mm) return (KERR_BADFLAGS); m |= ee->m; f |= ee->f; + next: p += sz; if (*p == 0 || *p == ':') break; diff --git a/key-io.c b/key-io.c index a2d1c914..c78b967f 100644 --- a/key-io.c +++ b/key-io.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-io.c,v 1.5 2003/10/17 16:30:46 mdw Exp $ + * $Id: key-io.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Adding new keys to a key file * @@ -27,26 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-io.c,v $ - * Revision 1.5 2003/10/17 16:30:46 mdw - * Report errors if key files don't exist! - * - * Revision 1.4 2001/02/03 11:57:38 mdw - * Allow creating keyfiles with no file attached. - * - * Revision 1.3 2001/01/20 11:56:48 mdw - * Use mLib exported tuning parameters for hashtable. - * - * Revision 1.2 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-misc.c b/key-misc.c index a5022938..37027c01 100644 --- a/key-misc.c +++ b/key-misc.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-misc.c,v 1.4 2004/04/08 01:02:49 mdw Exp $ + * $Id: key-misc.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Simple key management * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-misc.c,v $ - * Revision 1.4 2004/04/08 01:02:49 mdw - * key-binary.c - * - * Revision 1.3 2001/06/22 19:39:12 mdw - * New interface to find out whether a key has expired. Also, a bug fix - * to @key_bytag@ so that it finds expired keys correctly. - * - * Revision 1.2 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-moan.c b/key-moan.c index 8111ccee..b2c88b7f 100644 --- a/key-moan.c +++ b/key-moan.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-moan.c,v 1.1 1999/12/22 15:47:48 mdw Exp $ + * $Id: key-moan.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Standard error handling function for key loading * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-moan.c,v $ - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-pack.c b/key-pack.c index 575fd937..cc0f20a4 100644 --- a/key-pack.c +++ b/key-pack.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-pack.c,v 1.2 2004/03/28 01:58:47 mdw Exp $ + * $Id: key-pack.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Packing and unpacking key data * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-pack.c,v $ - * Revision 1.2 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - * Revision 1.1 2000/06/17 10:42:41 mdw - * Packing and unpacking structured keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-pass.c b/key-pass.c index d31b31f5..7e02daf6 100644 --- a/key-pass.c +++ b/key-pass.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-pass.c,v 1.4 2004/03/28 01:58:26 mdw Exp $ + * $Id: key-pass.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Encrypting keys with passphrases * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-pass.c,v $ - * Revision 1.4 2004/03/28 01:58:26 mdw - * Ooops, fix all the bugs. - * - * Revision 1.3 2004/03/27 00:04:19 mdw - * INCOMPATIBLE CHANGE. Use proper authentication on encrypted keys. - * - * Revision 1.2 2000/06/17 11:26:35 mdw - * `rand_getgood' is deprecated. - * - * Revision 1.1 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key-text.c b/key-text.c index a0723682..dcfe3543 100644 --- a/key-text.c +++ b/key-text.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key-text.c,v 1.5 2004/04/01 13:42:48 mdw Exp $ + * $Id: key-text.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Key textual encoding * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key-text.c,v $ - * Revision 1.5 2004/04/01 13:42:48 mdw - * Missed off \! - * - * Revision 1.4 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - * Revision 1.3 2001/02/03 11:57:00 mdw - * Track mLib change: symbols no longer need to include a terminating - * null. - * - * Revision 1.2 2000/06/17 11:27:20 mdw - * Use secure memory interface from MP library. - * - * Revision 1.1 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/key.1 b/key.1 index cab0d416..1b6c7e5a 100644 --- a/key.1 +++ b/key.1 @@ -87,6 +87,8 @@ is one of: .B fingerprint .RB [ \-f .IR filter ] +.RB [ \-a +.IR hash ] .RI [ tag ...] .br .B tidy @@ -744,10 +746,18 @@ The following option is supported: Specifies a filter. Only keys and key components which match the filter are fingerprinted. The default is to only fingerprint nonsecret components. +.TP +.BI "\-a, \-\-algorithm " hash +Names the hashing algorithm. Run +.B hashsum -a list +for a list of hashing algorithms. The default is +.BR rmd160 . .PP The keys to be fingerprinted are named by their tags or keyids given as command line arguments. If no key tags are given, all keys which match -the filter are fingerprinted. +the filter are fingerprinted. See +.BR keyring (5) +for a description of how key fingerprints are computed. .SS "tidy" Simply reads the keyring from file and writes it back again. This has the effect of removing any deleted keys from the file. diff --git a/key.h b/key.h index 05ba9a34..ada62603 100644 --- a/key.h +++ b/key.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: key.h,v 1.10 2004/04/08 01:02:49 mdw Exp $ + * $Id: key.h,v 1.11 2004/04/08 01:36:15 mdw Exp $ * * Simple key management * @@ -27,42 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: key.h,v $ - * Revision 1.10 2004/04/08 01:02:49 mdw - * key-binary.c - * - * Revision 1.9 2001/06/22 19:37:59 mdw - * New interface to enquire whether a key has expired. - * - * Revision 1.8 2001/02/03 11:57:38 mdw - * Allow creating keyfiles with no file attached. - * - * Revision 1.7 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.6 2000/06/17 11:27:43 mdw - * Add key fetching interface. - * - * Revision 1.5 2000/02/12 18:55:40 mdw - * Make it all compile properly. - * - * Revision 1.4 2000/02/12 18:21:02 mdw - * Overhaul of key management (again). - * - * Revision 1.3 1999/12/22 15:47:48 mdw - * Major key-management revision. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_KEY_H #define CATACOMB_KEY_H diff --git a/keycheck-mp.c b/keycheck-mp.c index 8b71bf38..9f93c0ee 100644 --- a/keycheck-mp.c +++ b/keycheck-mp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keycheck-mp.c,v 1.1 2001/02/03 16:08:24 mdw Exp $ + * $Id: keycheck-mp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Key consistency checking tools for large integers * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: keycheck-mp.c,v $ - * Revision 1.1 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/keycheck-report.c b/keycheck-report.c index 8a7accdd..88dae63b 100644 --- a/keycheck-report.c +++ b/keycheck-report.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keycheck-report.c,v 1.1 2001/02/03 16:08:24 mdw Exp $ + * $Id: keycheck-report.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * A standard reporter function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: keycheck-report.c,v $ - * Revision 1.1 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/keycheck.c b/keycheck.c index 164303f8..11f1171d 100644 --- a/keycheck.c +++ b/keycheck.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keycheck.c,v 1.2 2002/01/13 13:49:01 mdw Exp $ + * $Id: keycheck.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Framework for checking consistency of keys * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: keycheck.c,v $ - * Revision 1.2 2002/01/13 13:49:01 mdw - * Track @dstr_vputf@ change. - * - * Revision 1.1 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/keycheck.h b/keycheck.h index 7fe159f8..8c60ffb6 100644 --- a/keycheck.h +++ b/keycheck.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keycheck.h,v 1.1 2001/02/03 16:08:24 mdw Exp $ + * $Id: keycheck.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Framework for checking consistency of keys * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: keycheck.h,v $ - * Revision 1.1 2001/02/03 16:08:24 mdw - * Add consistency checking for public keys. - * - */ - #ifndef CATACOMB_KEYCHECK_H #define CATACOMB_KEYCHECK_H diff --git a/keyring.5 b/keyring.5 index 10b2f5b7..b1551129 100644 --- a/keyring.5 +++ b/keyring.5 @@ -183,11 +183,13 @@ The integer is stored, base-256, one digit per octet, in big-endian order, using as few octets as possible. The value 0 has length zero. .TP .B "struct" -A sequence of subkeys is stored. Each subkey consists of a single -octet giving the length of the subkey's label; the label itself in -ASCII, zero-octet padding to make the subkey start at a multiple of four -octets, and then the encoding of the subkey. There is no terminator: -the outer length field indicates when to stop reading subkeys. +A sequence of subkeys is stored; the sequence is sorted by +lexicographical order of the subkeys' labels. Each subkey consists of a +single octet giving the length of the subkey's label; the label itself +in ASCII, zero-octet padding to make the subkey start at a multiple of +four octets, and then the encoding of the subkey. There is no +terminator: the outer length field indicates when to stop reading +subkeys. .TP .B "string" The string is stored as-is, with no terminator. @@ -206,5 +208,13 @@ the two coordinates. .B "encrypt" The key data is encoded as binary and encrypted as described above. The resulting ciphertext is stored as is. +.SS "Fingerprints" +The fingerprint is computed by hashing the binary representation of (the +selected parts of) a key's data followed by the key type preceded by a +single length octet, and the key's attributes, in lexicographic order of +the attribute name. Each attribute consists of the attribute's name +preceded by a single length octet, followed by the value preceded by a +two-octet length. The lengths do not include themselves; neither string +has a terminator character; there is no padding. .SH AUTHOR Mark Wooding, diff --git a/keysz.c b/keysz.c index 7a2a7948..e8da6917 100644 --- a/keysz.c +++ b/keysz.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keysz.c,v 1.1 2000/06/17 11:27:52 mdw Exp $ + * $Id: keysz.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * General block cipher utilities * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: keysz.c,v $ - * Revision 1.1 2000/06/17 11:27:52 mdw - * Key size table interpretation. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/keyutil.c b/keyutil.c index 2df43688..0251b43d 100644 --- a/keyutil.c +++ b/keyutil.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: keyutil.c,v 1.23 2004/04/08 01:02:49 mdw Exp $ + * $Id: keyutil.c,v 1.24 2004/04/08 01:36:15 mdw Exp $ * * Simple key manager program * @@ -27,90 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: keyutil.c,v $ - * Revision 1.23 2004/04/08 01:02:49 mdw - * key-binary.c - * - * Revision 1.22 2004/04/03 15:45:06 mdw - * Oops. Fix formatting. :-S - * - * Revision 1.21 2004/04/03 15:15:19 mdw - * Fix stupid error in previous rashly-committed version. - * - * Revision 1.20 2004/04/03 15:14:28 mdw - * Handle points at infinity properly in listings. - * - * Revision 1.19 2004/04/03 03:31:01 mdw - * Allow explicit group parameters for DH groups. - * - * Revision 1.18 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.17 2004/03/28 01:58:47 mdw - * Generate, store and retreive elliptic curve keys. - * - * Revision 1.16 2003/10/15 09:31:45 mdw - * Fix help message. - * - * Revision 1.15 2003/05/15 23:23:24 mdw - * Fix behaviour with bogus trailing attributes. - * - * Revision 1.14 2001/02/23 09:03:27 mdw - * Simplify usage message by removing nonexistant options. - * - * Revision 1.13 2001/02/21 20:04:27 mdw - * Provide help on individual commands (some need it desparately). Allow - * atomic retagging of keys. - * - * Revision 1.12 2001/02/03 11:58:22 mdw - * Store the correct seed information and count for DSA keys now that it's - * available. - * - * Revision 1.11 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.10 2000/10/08 12:02:21 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.9 2000/08/15 21:40:49 mdw - * Minor formatting change in listing attributes. - * - * Revision 1.8 2000/07/29 09:59:13 mdw - * Support Lim-Lee primes in Diffie-Hellman parameter generation. - * - * Revision 1.7 2000/07/01 11:18:51 mdw - * Use new interfaces for key manipulation. - * - * Revision 1.6 2000/06/17 11:28:22 mdw - * Use secure memory interface from MP library. `rand_getgood' is - * deprecated. - * - * Revision 1.5 2000/02/12 18:21:03 mdw - * Overhaul of key management (again). - * - * Revision 1.4 1999/12/22 15:48:10 mdw - * Track new key-management changes. Support new key generation - * algorithms. - * - * Revision 1.3 1999/11/02 15:23:24 mdw - * Fix newlines in keyring list. - * - * Revision 1.2 1999/10/15 21:05:28 mdw - * In `key list', show timezone for local times, and support `-u' option - * for UTC output. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/lcrand.c b/lcrand.c index f53a3f2b..15e94a88 100644 --- a/lcrand.c +++ b/lcrand.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: lcrand.c,v 1.4 2000/12/06 20:31:06 mdw Exp $ + * $Id: lcrand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Simple linear congruential generator * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: lcrand.c,v $ - * Revision 1.4 2000/12/06 20:31:06 mdw - * Simplify uniform range transformation. - * - * Revision 1.3 2000/06/17 11:29:03 mdw - * Add the flags word to the generic generator. - * - * Revision 1.2 1999/12/13 15:34:01 mdw - * Add support for seeding from a generic pseudorandom source. - * - * Revision 1.1 1999/12/10 23:15:27 mdw - * Noncryptographic random number generator. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/lcrand.h b/lcrand.h index a8128dd8..20e254ff 100644 --- a/lcrand.h +++ b/lcrand.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: lcrand.h,v 1.2 2000/06/17 11:28:51 mdw Exp $ + * $Id: lcrand.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Simple linear congruential generator * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: lcrand.h,v $ - * Revision 1.2 2000/06/17 11:28:51 mdw - * Amend the notes slightly. - * - * Revision 1.1 1999/12/10 23:15:27 mdw - * Noncryptographic random number generator. - * - */ - /*----- Notes on the linear congruential generator ------------------------* * * This pseudorandom number generator is simple, but has absolutely no diff --git a/limlee.c b/limlee.c index 3f8435ba..57081567 100644 --- a/limlee.c +++ b/limlee.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: limlee.c,v 1.8 2001/02/03 11:59:07 mdw Exp $ + * $Id: limlee.c,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Generate Lim-Lee primes * @@ -27,38 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: limlee.c,v $ - * Revision 1.8 2001/02/03 11:59:07 mdw - * Don't use the @pgen@ random number generator for generating primes: it's - * only for testing them. Use a caller-supplied one instead. - * - * Revision 1.7 2001/01/25 21:40:44 mdw - * Remove dead code now that the new stepper structure is trustworthy. - * - * Revision 1.6 2001/01/25 21:16:20 mdw - * Boring cosmetic stuff. - * - * Revision 1.5 2000/08/18 19:16:51 mdw - * New stepper interface for constructing Lim-Lee primes. - * - * Revision 1.4 2000/08/15 21:45:05 mdw - * Use the new trial division equipment in pfilt. This gives a 10% - * performance improvement in dsa-gen.t. - * - * Revision 1.3 2000/07/29 09:58:32 mdw - * (limlee): Bug fix. Old versions didn't set the filter step if @ql@ was - * an exact divisor of @pl@. - * - * Revision 1.2 2000/07/26 18:00:00 mdw - * No footer line! - * - * Revision 1.1 2000/07/09 21:30:58 mdw - * Lim-Lee prime generation. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -413,7 +381,7 @@ mp *limlee(const char *name, mp *d, mp *newp, d = pgen(name, d, 0, oev, oec, on, limlee_step, &l, rabin_iters(pl), pgen_test, &rr); - if (f) { + if (d && f) { mp **v; size_t i; v = xmalloc(l.nf * sizeof(mp *)); diff --git a/limlee.h b/limlee.h index 0131cb06..9c7b357c 100644 --- a/limlee.h +++ b/limlee.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: limlee.h,v 1.4 2001/02/03 11:59:07 mdw Exp $ + * $Id: limlee.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Generate Lim-Lee primes * @@ -27,25 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: limlee.h,v $ - * Revision 1.4 2001/02/03 11:59:07 mdw - * Don't use the @pgen@ random number generator for generating primes: it's - * only for testing them. Use a caller-supplied one instead. - * - * Revision 1.3 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.2 2000/08/18 19:16:51 mdw - * New stepper interface for constructing Lim-Lee primes. - * - * Revision 1.1 2000/07/09 21:30:58 mdw - * Lim-Lee prime generation. - * - */ - #ifndef CATACOMB_LIMLEE_H #define CATACOMB_LIMLEE_H diff --git a/lmem.c b/lmem.c index e534d4a6..1d4ae87a 100644 --- a/lmem.c +++ b/lmem.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: lmem.c,v 1.5 2004/04/02 01:03:49 mdw Exp $ + * $Id: lmem.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Locked memory allocation (Unix-specific) * @@ -27,26 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: lmem.c,v $ - * Revision 1.5 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.4 2002/01/24 22:26:11 mdw - * Fix build failure when @mlock@ not available. - * - * Revision 1.3 2000/07/29 21:58:15 mdw - * (l_destroy): New function for destroying locked memory blocks. - * - * Revision 1.2 2000/06/17 11:29:20 mdw - * Add arena support. - * - * Revision 1.1 1999/12/22 16:02:52 mdw - * Interface to allocating `locked' memory (which isn't paged out). - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/lmem.h b/lmem.h index 3f84c6e0..f7cb6ed4 100644 --- a/lmem.h +++ b/lmem.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: lmem.h,v 1.4 2000/12/06 20:33:27 mdw Exp $ + * $Id: lmem.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Locked memory allocation * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: lmem.h,v $ - * Revision 1.4 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.3 2000/07/29 21:58:15 mdw - * (l_destroy): New function for destroying locked memory blocks. - * - * Revision 1.2 2000/06/17 11:29:38 mdw - * Add arena support. - * - * Revision 1.1 1999/12/22 16:02:52 mdw - * Interface to allocating `locked' memory (which isn't paged out). - * - */ - #ifndef CATACOMB_LMEM_H #define CATACOMB_LMEM_H diff --git a/manual/catacomb.tex b/manual/catacomb.tex index 7cd84231..5aaa73fb 100644 --- a/manual/catacomb.tex +++ b/manual/catacomb.tex @@ -1,6 +1,6 @@ %%% -*-latex-*- %%% -%%% $Id: catacomb.tex,v 1.2 1999/12/13 15:35:27 mdw Exp $ +%%% $Id: catacomb.tex,v 1.3 2004/04/08 01:36:15 mdw Exp $ %%% %%% Catacomb manual %%% @@ -26,16 +26,6 @@ %%% Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, %%% MA 02111-1307, USA. -%%%----- Revision history --------------------------------------------------- -%%% -%%% $Log: catacomb.tex,v $ -%%% Revision 1.2 1999/12/13 15:35:27 mdw -%%% More changes. Still embryonic. -%%% -%%% Revision 1.1 1999/12/10 23:27:11 mdw -%%% Embryonic library reference manual. -%%% - \documentclass[numbering]{strayman} \usepackage[T1]{fontenc} \usepackage[palatino, helvetica, courier, maths=cmr]{mdwfonts} diff --git a/mars-mktab.c b/mars-mktab.c index 12bbfc57..ad1a3ef4 100644 --- a/mars-mktab.c +++ b/mars-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mars-mktab.c,v 1.1 2001/04/29 18:11:19 mdw Exp $ + * $Id: mars-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generate the MARS S-box table * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mars-mktab.c,v $ - * Revision 1.1 2001/04/29 18:11:19 mdw - * New block cipher MARS. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mars.c b/mars.c index b427dcdd..2c0fcd08 100644 --- a/mars.c +++ b/mars.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mars.c,v 1.1 2001/04/29 18:11:19 mdw Exp $ + * $Id: mars.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The MARS block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mars.c,v $ - * Revision 1.1 2001/04/29 18:11:19 mdw - * New block cipher MARS. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mars.h b/mars.h index 91d79e1f..e1244728 100644 --- a/mars.h +++ b/mars.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mars.h,v 1.1 2001/04/29 18:11:19 mdw Exp $ + * $Id: mars.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The MARS block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mars.h,v $ - * Revision 1.1 2001/04/29 18:11:19 mdw - * New block cipher MARS. - * - */ - /*----- Notes on the MARS block cipher ------------------------------------* * * MARS was IBM's submission to the AES contest. It was designed by a number diff --git a/maurer.c b/maurer.c index e474175a..e6579696 100644 --- a/maurer.c +++ b/maurer.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: maurer.c,v 1.3 2000/08/16 17:56:59 mdw Exp $ + * $Id: maurer.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Maurer's universal statistical test * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: maurer.c,v $ - * Revision 1.3 2000/08/16 17:56:59 mdw - * (more): Remove spurious function. - * - * Revision 1.2 2000/08/11 21:34:59 mdw - * New restartable interface to Maurer testing. - * - * Revision 1.1 2000/06/17 11:29:49 mdw - * Maurer's universal statistical test. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/maurer.h b/maurer.h index 904e4a2d..6dbaa671 100644 --- a/maurer.h +++ b/maurer.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: maurer.h,v 1.2 2000/08/11 21:34:59 mdw Exp $ + * $Id: maurer.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Maurer's universal statistical test * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: maurer.h,v $ - * Revision 1.2 2000/08/11 21:34:59 mdw - * New restartable interface to Maurer testing. - * - * Revision 1.1 2000/06/17 11:29:49 mdw - * Maurer's universal statistical test. - * - */ - #ifndef CATACOMB_MAURER_H #define CATACOMB_MAURER_H diff --git a/md2-tab.h b/md2-tab.h index 5bdc4a96..7cf0d957 100644 --- a/md2-tab.h +++ b/md2-tab.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: md2-tab.h,v 1.1 2001/02/21 20:03:22 mdw Exp $ + * $Id: md2-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Tables for MD2 * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: md2-tab.h,v $ - * Revision 1.1 2001/02/21 20:03:22 mdw - * Added support for MD2 hash function. - * - */ - #ifndef CATACOMB_MD2_TAB_H #define CATACOMB_MD2_TAB_H diff --git a/md2.c b/md2.c index d374d87e..08e033f4 100644 --- a/md2.c +++ b/md2.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: md2.c,v 1.2 2004/04/02 01:03:49 mdw Exp $ + * $Id: md2.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The MD2 message digest function * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: md2.c,v $ - * Revision 1.2 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.1 2001/02/21 20:03:22 mdw - * Added support for MD2 hash function. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/md2.h b/md2.h index 02c4a755..135c95a7 100644 --- a/md2.h +++ b/md2.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: md2.h,v 1.1 2001/02/21 20:03:22 mdw Exp $ + * $Id: md2.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The MD2 message digest function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: md2.h,v $ - * Revision 1.1 2001/02/21 20:03:22 mdw - * Added support for MD2 hash function. - * - */ - /*----- Notes on the MD2 hash function ------------------------------------* * * MD2 was designed by Ron Rivest. It's not recommended for new applications diff --git a/md4.c b/md4.c index fe0c7885..5c162030 100644 --- a/md4.c +++ b/md4.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: md4.c,v 1.3 2000/06/17 11:31:43 mdw Exp $ + * $Id: md4.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The MD4 message digest function * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: md4.c,v $ - * Revision 1.3 2000/06/17 11:31:43 mdw - * Portability fix for broken compilers. - * - * Revision 1.2 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/md4.h b/md4.h index 32202ae8..411bb595 100644 --- a/md4.h +++ b/md4.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: md4.h,v 1.4 2000/10/15 19:09:20 mdw Exp $ + * $Id: md4.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * The MD4 message digest function * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: md4.h,v $ - * Revision 1.4 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.3 2000/06/17 11:32:52 mdw - * Change buffer offset to be unsigned. - * - * Revision 1.2 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the MD4 hash function ------------------------------------* * * MD4 was designed by Ron Rivest. It's now well and truly broken: not only diff --git a/md5.c b/md5.c index fa078e98..b3eb3c64 100644 --- a/md5.c +++ b/md5.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: md5.c,v 1.3 2000/06/17 11:31:43 mdw Exp $ + * $Id: md5.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The MD5 message digest function * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: md5.c,v $ - * Revision 1.3 2000/06/17 11:31:43 mdw - * Portability fix for broken compilers. - * - * Revision 1.2 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/md5.h b/md5.h index 5dc6c3b3..e09dfa33 100644 --- a/md5.h +++ b/md5.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: md5.h,v 1.4 2000/10/15 19:09:20 mdw Exp $ + * $Id: md5.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * The MD5 message digest function * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: md5.h,v $ - * Revision 1.4 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.3 2000/06/17 11:32:52 mdw - * Change buffer offset to be unsigned. - * - * Revision 1.2 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the MD5 hash function ------------------------------------* * * MD5 was designed by Ron Rivest. It was intended to be a more conservative diff --git a/mgf-def.h b/mgf-def.h index 9565093b..6d7048ef 100644 --- a/mgf-def.h +++ b/mgf-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mgf-def.h,v 1.1 2000/06/17 11:33:11 mdw Exp $ + * $Id: mgf-def.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Definitions for the MGF-1 mask generator * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mgf-def.h,v $ - * Revision 1.1 2000/06/17 11:33:11 mdw - * MGF-1 support, as defined in PKCS#1. - * - */ - #ifndef CATACOMB_MGF_DEF_H #define CATACOMB_MGF_DEF_H diff --git a/mgf.h b/mgf.h index 14d2c829..617ede1a 100644 --- a/mgf.h +++ b/mgf.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mgf.h,v 1.1 2000/06/17 11:33:11 mdw Exp $ + * $Id: mgf.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The MGF mask generation function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mgf.h,v $ - * Revision 1.1 2000/06/17 11:33:11 mdw - * MGF-1 support, as defined in PKCS#1. - * - */ - /*----- Notes on the MGF-1 mask generating function -----------------------* * * The idea of a mask-generating function is that given an input of arbitrary diff --git a/mkphrase.c b/mkphrase.c index cf325bbe..39544182 100644 --- a/mkphrase.c +++ b/mkphrase.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mkphrase.c,v 1.3 2003/01/24 20:16:04 mdw Exp $ + * $Id: mkphrase.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Generate passphrases from word lists * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mkphrase.c,v $ - * Revision 1.3 2003/01/24 20:16:04 mdw - * Fix stupidity in reading wordlists from stdin. (Thanks to James - * Harvey.) - * - * Revision 1.2 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.1 2000/08/06 10:50:55 mdw - * (mkphrase): New program for generating random passphrases with measured - * strength. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/mp-arith.c b/mp-arith.c index 53584e7b..736be2fd 100644 --- a/mp-arith.c +++ b/mp-arith.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-arith.c,v 1.17 2003/10/12 15:03:35 mdw Exp $ + * $Id: mp-arith.c,v 1.18 2004/04/08 01:36:15 mdw Exp $ * * Basic arithmetic on multiprecision integers * @@ -27,69 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-arith.c,v $ - * Revision 1.17 2003/10/12 15:03:35 mdw - * Merge fix from other branch. - * - * Revision 1.16.2.1 2003/06/10 13:21:10 mdw - * Fix bug dividing small things by large ones. - * - * Revision 1.16 2003/05/16 09:09:24 mdw - * Fix @mp_lsl2c@. Turns out to be surprisingly tricky. - * - * Revision 1.15 2002/10/19 17:56:50 mdw - * Fix bit operations. Test them (a bit) better. - * - * Revision 1.14 2002/10/15 19:18:31 mdw - * New operation to negate numbers. - * - * Revision 1.13 2002/10/15 00:19:40 mdw - * Bit setting and clearing functions. - * - * Revision 1.12 2002/10/09 00:36:03 mdw - * Fix bounds on workspace for Karatsuba operations. - * - * Revision 1.11 2002/10/06 22:52:50 mdw - * Pile of changes for supporting two's complement properly. - * - * Revision 1.10 2001/04/03 19:36:05 mdw - * Add some simple bitwise operations so that Perl can use them. - * - * Revision 1.9 2000/10/08 15:48:35 mdw - * Rename Karatsuba constants now that we have @gfx_kmul@ too. - * - * Revision 1.8 2000/10/08 12:02:21 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.7 2000/06/22 19:02:53 mdw - * New function @mp_odd@ to extract powers of two from an integer. This is - * common code from the Rabin-Miller test, RSA key recovery and modular - * square-root extraction. - * - * Revision 1.6 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.5 1999/12/22 15:54:41 mdw - * Adjust Karatsuba parameters. Calculate destination size better. - * - * Revision 1.4 1999/12/13 15:35:16 mdw - * Slightly different rules on memory allocation. - * - * Revision 1.3 1999/12/11 10:57:43 mdw - * Karatsuba squaring algorithm. - * - * Revision 1.2 1999/12/10 23:18:39 mdw - * Change interface for suggested destinations. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mp-const.c b/mp-const.c index f98da7c0..3416e7ab 100644 --- a/mp-const.c +++ b/mp-const.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-const.c,v 1.2 2000/06/17 11:45:09 mdw Exp $ + * $Id: mp-const.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Useful multiprecision constants * @@ -27,19 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-const.c,v $ - * Revision 1.2 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mp-gcd.c b/mp-gcd.c index 6135e545..5e663a10 100644 --- a/mp-gcd.c +++ b/mp-gcd.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-gcd.c,v 1.6 2004/03/21 22:52:06 mdw Exp $ + * $Id: mp-gcd.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Extended GCD calculation * @@ -27,33 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-gcd.c,v $ - * Revision 1.6 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.5.4.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - * Revision 1.5 2000/10/08 12:02:41 mdw - * Use Euclid's algorithm rather than the binary one. - * - * Revision 1.4 2000/06/17 11:34:46 mdw - * More hacking for the signs of the outputs. - * - * Revision 1.3 1999/12/10 23:18:39 mdw - * Change interface for suggested destinations. - * - * Revision 1.2 1999/11/22 20:49:56 mdw - * Fix bug which failed to favour `x' when `y' wasn't wanted and the two - * arguments needed swapping. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" @@ -256,6 +229,27 @@ void mp_gcd(mp **gcd, mp **xx, mp **yy, mp *a, mp *b) MP_DROP(a); MP_DROP(b); } +/* -- @mp_modinv@ --- * + * + * Arguments: @mp *d@ = destination + * @mp *x@ = argument + * @mp *p@ = modulus + * + * Returns: The inverse %$x^{-1} \bmod p$%. + * + * Use: Computes a modular inverse. An assertion fails if %$p$% + * has no inverse. + */ + +mp *mp_modinv(mp *d, mp *x, mp *p) +{ + mp *g = MP_NEW; + mp_gcd(&g, 0, &d, p, x); + assert(MP_EQ(g, MP_ONE)); + mp_drop(g); + return (d); +} + /*----- Test rig ----------------------------------------------------------*/ #ifdef TEST_RIG diff --git a/mp-io.c b/mp-io.c index 0a102e96..4ef8ee0e 100644 --- a/mp-io.c +++ b/mp-io.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-io.c,v 1.6 2002/10/20 01:12:31 mdw Exp $ + * $Id: mp-io.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Loading and storing of multiprecision integers * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-io.c,v $ - * Revision 1.6 2002/10/20 01:12:31 mdw - * Two's complement I/O fixes. - * - * Revision 1.5 2002/10/06 22:52:50 mdw - * Pile of changes for supporting two's complement properly. - * - * Revision 1.4 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.3 1999/11/21 22:13:02 mdw - * Add mp version of MPX_BITS. - * - * Revision 1.2 1999/11/19 13:19:06 mdw - * Set flags on results correctly. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mp-jacobi.c b/mp-jacobi.c index 0e187cfd..2562342c 100644 --- a/mp-jacobi.c +++ b/mp-jacobi.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-jacobi.c,v 1.4 2000/12/06 20:31:33 mdw Exp $ + * $Id: mp-jacobi.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Compute Jacobi symbol * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-jacobi.c,v $ - * Revision 1.4 2000/12/06 20:31:33 mdw - * Add assertion to prevent crapness. - * - * Revision 1.3 2000/07/20 17:14:34 mdw - * Simplify by using @mp_odd@. - * - * Revision 1.2 1999/12/10 23:19:02 mdw - * Improve error-checking. - * - * Revision 1.1 1999/11/22 20:50:37 mdw - * Add support for computing Jacobi symbols. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mp-mem.c b/mp-mem.c index 78a72ff1..4d9ee487 100644 --- a/mp-mem.c +++ b/mp-mem.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-mem.c,v 1.6 2004/04/03 03:30:22 mdw Exp $ + * $Id: mp-mem.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Memory management for multiprecision numbers * @@ -27,32 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-mem.c,v $ - * Revision 1.6 2004/04/03 03:30:22 mdw - * Fix long-standing stupidity in @mp_dest@. - * - * Revision 1.5 2001/06/16 12:57:00 mdw - * Implement some missing functions. - * - * Revision 1.4 2001/02/03 12:00:29 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.3 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.2 1999/12/10 23:19:02 mdw - * Improve error-checking. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mp-misc.c b/mp-misc.c index 15c582da..e615b3f3 100644 --- a/mp-misc.c +++ b/mp-misc.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-misc.c,v 1.3 2000/07/29 17:03:31 mdw Exp $ + * $Id: mp-misc.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Miscellaneous multiprecision support functions * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-misc.c,v $ - * Revision 1.3 2000/07/29 17:03:31 mdw - * Add support for left-to-right bitscanning, for use in modular - * exponentiation. - * - * Revision 1.2 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mp-modsqrt.c b/mp-modsqrt.c index df60aba2..f9e4b0f5 100644 --- a/mp-modsqrt.c +++ b/mp-modsqrt.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-modsqrt.c,v 1.4 2001/06/16 12:56:38 mdw Exp $ + * $Id: mp-modsqrt.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Compute square roots modulo a prime * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-modsqrt.c,v $ - * Revision 1.4 2001/06/16 12:56:38 mdw - * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@. - * - * Revision 1.3 2001/02/03 12:00:29 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.2 2000/10/08 12:02:21 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.1 2000/06/22 19:01:31 mdw - * Compute square roots in a prime field. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "fibrand.h" @@ -103,8 +85,7 @@ mp *mp_modsqrt(mp *d, mp *a, mp *p) /* --- Find the inverse of %$a$% --- */ - ainv = MP_NEW; - mp_gcd(0, &ainv, 0, a, p); + ainv = mp_modinv(MP_NEW, a, p); /* --- Split %$p - 1$% into a power of two and an odd number --- */ diff --git a/mp-sqrt.c b/mp-sqrt.c index 83880f9a..01fe0002 100644 --- a/mp-sqrt.c +++ b/mp-sqrt.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-sqrt.c,v 1.4 2004/03/27 17:54:11 mdw Exp $ + * $Id: mp-sqrt.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Compute integer square roots * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-sqrt.c,v $ - * Revision 1.4 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - * Revision 1.3 2001/02/03 12:00:29 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.2 2000/10/08 12:02:21 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.1 2000/06/22 19:01:44 mdw - * Compute (approximations to) integer square roots. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mp-test.c b/mp-test.c index 018b5372..0e9bc332 100644 --- a/mp-test.c +++ b/mp-test.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp-test.c,v 1.1 1999/11/17 18:02:16 mdw Exp $ + * $Id: mp-test.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Testing functionality for multiprecision integers * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp-test.c,v $ - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mp.h b/mp.h index bfed14a8..83191738 100644 --- a/mp.h +++ b/mp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp.h,v 1.18 2004/04/03 03:32:05 mdw Exp $ + * $Id: mp.h,v 1.19 2004/04/08 01:36:15 mdw Exp $ * * Simple multiprecision arithmetic * @@ -27,67 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mp.h,v $ - * Revision 1.18 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.17 2003/05/16 09:09:24 mdw - * Fix @mp_lsl2c@. Turns out to be surprisingly tricky. - * - * Revision 1.16 2002/10/15 22:57:22 mdw - * Handy new comparison macros. - * - * Revision 1.15 2002/10/15 19:18:31 mdw - * New operation to negate numbers. - * - * Revision 1.14 2002/10/15 00:19:40 mdw - * Bit setting and clearing functions. - * - * Revision 1.13 2002/10/06 22:52:50 mdw - * Pile of changes for supporting two's complement properly. - * - * Revision 1.12 2001/06/16 12:57:43 mdw - * Move the @mpmont_factor@ structure and rename it now that it's used for - * Barrett simultaneous exponentiation too. - * - * Revision 1.11 2001/04/03 19:36:05 mdw - * Add some simple bitwise operations so that Perl can use them. - * - * Revision 1.10 2000/10/08 12:03:16 mdw - * Provide @mp_eq@ and @MP_EQ@ for rapidly testing equality of two - * integers. - * - * Revision 1.9 2000/07/29 17:03:31 mdw - * Add support for left-to-right bitscanning, for use in modular - * exponentiation. - * - * Revision 1.8 2000/06/22 19:02:01 mdw - * Add new functions. - * - * Revision 1.7 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.6 1999/12/10 23:19:46 mdw - * Minor bugfixes. New interface for suggested destinations. - * - * Revision 1.5 1999/11/22 20:50:37 mdw - * Add support for computing Jacobi symbols. - * - * Revision 1.4 1999/11/21 22:13:02 mdw - * Add mp version of MPX_BITS. - * - * Revision 1.3 1999/11/19 13:19:14 mdw - * Fix const annotation. - * - * Revision 1.2 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - #ifndef CATACOMB_MP_H #define CATACOMB_MP_H @@ -975,6 +914,20 @@ extern mp *mp_sqrt(mp */*d*/, mp */*a*/); extern void mp_gcd(mp **/*gcd*/, mp **/*xx*/, mp **/*yy*/, mp */*a*/, mp */*b*/); +/* -- @mp_modinv@ --- * + * + * Arguments: @mp *d@ = destination + * @mp *x@ = argument + * @mp *p@ = modulus + * + * Returns: The inverse %$x^{-1} \bmod p$%. + * + * Use: Computes a modular inverse. An assertion fails if %$p$% + * has no inverse. + */ + +extern mp *mp_modinv(mp */*d*/, mp */*x*/, mp */*p*/); + /* --- @mp_jacobi@ --- * * * Arguments: @mp *a@ = an integer less than @n@ diff --git a/mparena.c b/mparena.c index b9b1f84e..49315f5f 100644 --- a/mparena.c +++ b/mparena.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mparena.c,v 1.6 2004/04/03 03:32:05 mdw Exp $ + * $Id: mparena.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Allocation and freeing of MP buffers * @@ -27,29 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mparena.c,v $ - * Revision 1.6 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.5 2000/06/17 11:35:48 mdw - * Overhaul to use mLib's arena system underneath. - * - * Revision 1.4 1999/12/10 23:28:52 mdw - * Memory allocation counting. - * - * Revision 1.3 1999/11/22 13:58:00 mdw - * Document the tweakables. - * - * Revision 1.2 1999/11/21 22:14:19 mdw - * Fix bug. Improve diagnostic capabilities. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mparena.h b/mparena.h index 92bf4b6e..08722b31 100644 --- a/mparena.h +++ b/mparena.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mparena.h,v 1.3 2000/06/17 11:35:48 mdw Exp $ + * $Id: mparena.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Allocation and freeing of MP buffers * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mparena.h,v $ - * Revision 1.3 2000/06/17 11:35:48 mdw - * Overhaul to use mLib's arena system underneath. - * - * Revision 1.2 1999/12/10 23:28:59 mdw - * Memory allocation counting. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - #ifndef CATACOMB_MPARENA_H #define CATACOMB_MPARENA_H diff --git a/mpbarrett-exp.c b/mpbarrett-exp.c index 87d8af26..56e7c76b 100644 --- a/mpbarrett-exp.c +++ b/mpbarrett-exp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpbarrett-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpbarrett-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Modular exponentiation using Barrett reduction * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpbarrett-exp.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" @@ -64,12 +52,8 @@ mp *mpbarrett_exp(mpbarrett *mb, mp *d, mp *a, mp *e) MP_COPY(a); MP_SHRINK(e); - if (e->f & MP_NEG) { - mp *g = MP_NEW; - mp_gcd(&g, 0, &a, mb->m, a); - assert(MP_EQ(g, MP_ONE)); - mp_drop(g); - } + if (e->f & MP_NEG) + a = mp_modinv(a, a, mb->m); if (!MP_LEN(e)) ; else if (MP_LEN(e) < EXP_THRESH) diff --git a/mpbarrett-exp.h b/mpbarrett-exp.h index dd02637a..46ffa12b 100644 --- a/mpbarrett-exp.h +++ b/mpbarrett-exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpbarrett-exp.h,v 1.2 2004/03/21 22:52:06 mdw Exp $ + * $Id: mpbarrett-exp.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Exponentiation operations for Barrett reduction * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpbarrett-exp.h,v $ - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.1 2004/03/20 00:20:05 mdw - * Projective coordinates for prime curves - * - * Revision 1.1 2001/06/16 12:58:12 mdw - * Parameters for generic exponentiation. - * - */ - #ifndef CATACOMB_MPBARRETT_EXP_H #define CATACOMB_MPBARRETT_EXP_H diff --git a/mpbarrett-mexp.c b/mpbarrett-mexp.c index 68917aac..4be854de 100644 --- a/mpbarrett-mexp.c +++ b/mpbarrett-mexp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpbarrett-mexp.c,v 1.2 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpbarrett-mexp.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Multiple simultaneous exponentiations * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpbarrett-mexp.c,v $ - * Revision 1.2 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.1 2001/06/16 12:58:34 mdw - * Added simultaneous exponentiation with Barrett reduction. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" @@ -80,11 +65,8 @@ mp *mpbarrett_mexp(mpbarrett *mb, mp *d, const mp_expfactor *f, size_t n) spare = MP_NEWSEC; if (!(f[i].exp->f & MP_NEG)) ff[i].base = MP_COPY(f[i].base); - else { - ff[i].base = MP_NEW; - mp_gcd(&g, 0, &ff[i].base, mb->m, f[i].base); - assert(MP_EQ(g, MP_ONE)); - } + else + ff[i].base = mp_modinv(MP_NEW, f[i].base, mb->m); ff[i].exp = f[i].exp; } mp_drop(g); diff --git a/mpbarrett.c b/mpbarrett.c index 934097dd..ffd26496 100644 --- a/mpbarrett.c +++ b/mpbarrett.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpbarrett.c,v 1.9 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpbarrett.c,v 1.10 2004/04/08 01:36:15 mdw Exp $ * * Barrett modular reduction * @@ -27,46 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpbarrett.c,v $ - * Revision 1.9 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.8 2001/06/16 13:00:20 mdw - * Use the generic exponentiation functions. - * - * Revision 1.7 2001/04/19 18:25:26 mdw - * Use sliding-window exponentiation. - * - * Revision 1.6 2000/10/08 12:03:44 mdw - * (mpbarrett_reduce): Cope with negative numbers. - * - * Revision 1.5 2000/07/29 17:04:33 mdw - * Change to use left-to-right bitwise exponentiation. This will improve - * performance when the base is small. - * - * Revision 1.4 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.3 1999/12/12 15:08:52 mdw - * Don't bother shifting %$q$% in @mpbarrett_reduce@, just skip the least - * significant digits. - * - * Revision 1.2 1999/12/11 01:50:56 mdw - * Improve initialization slightly. - * - * Revision 1.1 1999/12/10 23:21:59 mdw - * Barrett reduction support: works with even moduli. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mpbarrett.h b/mpbarrett.h index 31682053..85c4a143 100644 --- a/mpbarrett.h +++ b/mpbarrett.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpbarrett.h,v 1.4 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpbarrett.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Barrett modular reduction * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpbarrett.h,v $ - * Revision 1.4 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.3 2001/06/16 12:58:47 mdw - * Added simultaneous exponentiation with Barrett reduction. - * - * Revision 1.2 2000/10/08 12:03:44 mdw - * (mpbarrett_reduce): Cope with negative numbers. - * - * Revision 1.1 1999/12/10 23:22:00 mdw - * Barrett reduction support: works with even moduli. - * - */ - /*----- Notes on Barrett reduction ----------------------------------------* * * Barrett reduction is a technique for computing modular residues. Unlike diff --git a/mpcrt.c b/mpcrt.c index 17bc6ad6..c79b00b2 100644 --- a/mpcrt.c +++ b/mpcrt.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpcrt.c,v 1.5 2001/04/29 17:39:33 mdw Exp $ + * $Id: mpcrt.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Chinese Remainder Theorem computations (Gauss's algorithm) * @@ -27,26 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpcrt.c,v $ - * Revision 1.5 2001/04/29 17:39:33 mdw - * Fix memory leak. - * - * Revision 1.4 2001/04/19 18:25:38 mdw - * Use mpmul for the multiplication. - * - * Revision 1.3 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.2 1999/12/10 23:22:32 mdw - * Interface changes for suggested destinations. Use Barrett reduction. - * - * Revision 1.1 1999/11/22 20:50:57 mdw - * Add support for solving Chinese Remainder Theorem problems. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" @@ -113,7 +93,10 @@ void mpcrt_create(mpcrt *c, mpcrt_mod *v, size_t k, mp *n) */ if (!v[0].ni && !v[1].ni) { - mp_gcd(0, &v[0].ni, &v[1].ni, v[0].n, v[1].n); + mp *g = MP_NEW; + mp_gcd(&g, &v[0].ni, &v[1].ni, v[0].n, v[1].n); + assert(MP_EQ(g, MP_ONE)); + mp_drop(g); v[0].ni = mp_add(v[0].ni, v[0].ni, v[1].n); } else { int i, j; @@ -141,7 +124,7 @@ void mpcrt_create(mpcrt *c, mpcrt_mod *v, size_t k, mp *n) if (!v[i].n) mp_div(&v[i].n, 0, n, v[i].m); if (!v[i].ni) - mp_gcd(0, &v[i].ni, 0, v[i].n, v[i].m); + v[i].ni = mp_modinv(MP_NEW, v[i].n, v[i].m); if (!v[i].nni) v[i].nni = mp_mul(MP_NEW, v[i].n, v[i].ni); } diff --git a/mpcrt.h b/mpcrt.h index a5dd71c8..d2e43a82 100644 --- a/mpcrt.h +++ b/mpcrt.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpcrt.h,v 1.2 1999/12/10 23:22:32 mdw Exp $ + * $Id: mpcrt.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Chinese Remainder Theorem computations (Gauss's algorithm) * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpcrt.h,v $ - * Revision 1.2 1999/12/10 23:22:32 mdw - * Interface changes for suggested destinations. Use Barrett reduction. - * - * Revision 1.1 1999/11/22 20:50:57 mdw - * Add support for solving Chinese Remainder Theorem problems. - * - */ - #ifndef CATACOMB_MPCRT_H #define CATACOMB_MPCRT_H diff --git a/mpdump.c b/mpdump.c index 5a8030f6..3396f0cf 100644 --- a/mpdump.c +++ b/mpdump.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpdump.c,v 1.1 2004/03/27 17:54:11 mdw Exp $ + * $Id: mpdump.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Dump a multiprecision integer as C data * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpdump.c,v $ - * Revision 1.1 2004/03/27 17:54:11 mdw - * Standard curves and curve checking. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mpint.c b/mpint.c index 8988ac97..627c1fc0 100644 --- a/mpint.c +++ b/mpint.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpint.c,v 1.3 2000/10/08 12:11:22 mdw Exp $ + * $Id: mpint.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Conversion between MPs and standard C integers * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpint.c,v $ - * Revision 1.3 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.2 1999/12/10 23:22:53 mdw - * Support for uint32. - * - * Revision 1.1 1999/11/25 11:38:31 mdw - * Support for conversions between MPs and C integers. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mpint.h" diff --git a/mpint.h b/mpint.h index ed614a81..13df8909 100644 --- a/mpint.h +++ b/mpint.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpint.h,v 1.5 2002/01/13 19:23:16 mdw Exp $ + * $Id: mpint.h,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Conversion between MPs and standard C integers * @@ -27,28 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpint.h,v $ - * Revision 1.5 2002/01/13 19:23:16 mdw - * Fix division-by-zero bug translating @MPW_MAX@ to an @mp@. - * - * Revision 1.4 2000/10/08 12:04:01 mdw - * Remove spurious semicolon. - * - * Revision 1.3 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.2 1999/12/10 23:22:53 mdw - * Support for uint32. - * - * Revision 1.1 1999/11/25 11:38:31 mdw - * Support for conversions between MPs and C integers. - * - */ - #ifndef CATACOMB_MPINT_H #define CATACOMB_MPINT_H diff --git a/mpmont-exp.c b/mpmont-exp.c index f67a8ec9..c43d02f3 100644 --- a/mpmont-exp.c +++ b/mpmont-exp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmont-exp.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpmont-exp.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Modular exponentiation with Montgomery reduction * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpmont-exp.c,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" @@ -65,12 +53,9 @@ mp *mpmont_expr(mpmont *mm, mp *d, mp *a, mp *e) MP_COPY(a); MP_SHRINK(e); if (e->f & MP_NEG) { - mp *g = MP_NEW; a = mpmont_reduce(mm, a, a); - mp_gcd(&g, 0, &a, mm->m, a); - assert(MP_EQ(g, MP_ONE)); + a = mp_modinv(a, a, mm->m); a = mpmont_mul(mm, a, a, mm->r2); - mp_drop(g); } if (MP_LEN(e) == 0) ; diff --git a/mpmont-exp.h b/mpmont-exp.h index 5f2b31d2..335bde0b 100644 --- a/mpmont-exp.h +++ b/mpmont-exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmont-exp.h,v 1.2 2004/03/21 22:52:06 mdw Exp $ + * $Id: mpmont-exp.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Exponentiation operations for Montgomery reduction * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpmont-exp.h,v $ - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.4.1 2004/03/20 00:13:31 mdw - * Projective coordinates for prime curves - * - * Revision 1.1 2001/06/16 12:58:12 mdw - * Parameters for generic exponentiation. - * - */ - #ifndef CATACOMB_MPMONT_EXP_H #define CATACOMB_MPMONT_EXP_H diff --git a/mpmont-mexp.c b/mpmont-mexp.c index 75899902..884d6607 100644 --- a/mpmont-mexp.c +++ b/mpmont-mexp.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmont-mexp.c,v 1.8 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpmont-mexp.c,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Multiple simultaneous exponentiations * @@ -27,42 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpmont-mexp.c,v $ - * Revision 1.8 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.7 2002/01/13 13:49:14 mdw - * Make @const@-correct. - * - * Revision 1.6 2001/06/16 13:00:20 mdw - * Use the generic exponentiation functions. - * - * Revision 1.5 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.4 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.3 1999/12/10 23:18:39 mdw - * Change interface for suggested destinations. - * - * Revision 1.2 1999/11/21 11:35:10 mdw - * Performance improvement: use @mp_sqr@ and @mpmont_reduce@ instead of - * @mpmont_mul@ for squaring in exponentiation. - * - * Revision 1.1 1999/11/19 13:19:29 mdw - * Simultaneous exponentiation support. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" @@ -93,7 +57,6 @@ static mp *mexpr(mpmont *mm, mp *d, mp_expfactor *f, size_t n) { mp *a = MP_COPY(mm->r); mp *spare = MP_NEW; - mp *g = MP_NEW; size_t i; for (i = 0; i < n; i++) { @@ -102,12 +65,10 @@ static mp *mexpr(mpmont *mm, mp *d, mp_expfactor *f, size_t n) spare = MP_NEWSEC; if (f[i].exp->f & MP_NEG) { t = mpmont_reduce(mm, f[i].base, f[i].base); - mp_gcd(&g, 0, &t, mm->m, t); - assert(MP_EQ(g, MP_ONE)); + t = mp_modinv(t, t, mm->m); f[i].base = mpmont_mul(mm, t, t, mm->r2); } } - mp_drop(g); EXP_SIMUL(a, f, n); mp_drop(d); mp_drop(spare); diff --git a/mpmont.c b/mpmont.c index bfede634..39f51edb 100644 --- a/mpmont.c +++ b/mpmont.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmont.c,v 1.18 2004/04/03 03:32:05 mdw Exp $ + * $Id: mpmont.c,v 1.19 2004/04/08 01:36:15 mdw Exp $ * * Montgomery reduction * @@ -27,79 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpmont.c,v $ - * Revision 1.18 2004/04/03 03:32:05 mdw - * General robustification. - * - * Revision 1.17 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.16 2002/01/13 13:40:31 mdw - * Avoid trashing arguments before we've used them. - * - * Revision 1.15 2001/06/16 13:00:20 mdw - * Use the generic exponentiation functions. - * - * Revision 1.14 2001/02/22 09:04:26 mdw - * Cosmetic fix. - * - * Revision 1.13 2001/02/03 12:00:29 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.12 2000/10/08 15:48:35 mdw - * Rename Karatsuba constants now that we have @gfx_kmul@ too. - * - * Revision 1.11 2000/10/08 12:04:27 mdw - * (mpmont_reduce, mpmont_mul): Cope with negative numbers. - * - * Revision 1.10 2000/07/29 17:05:43 mdw - * (mpmont_expr): Use sliding window exponentiation, with a drop-through - * for small exponents to use a simple left-to-right bitwise routine. This - * can reduce modexp times by up to a quarter. - * - * Revision 1.9 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.8 1999/12/22 15:55:00 mdw - * Adjust Karatsuba parameters. - * - * Revision 1.7 1999/12/11 01:51:14 mdw - * Use a Karatsuba-based reduction for large moduli. - * - * Revision 1.6 1999/12/10 23:18:39 mdw - * Change interface for suggested destinations. - * - * Revision 1.5 1999/11/22 13:58:40 mdw - * Add an option to disable Montgomery reduction, so that performance - * comparisons can be done. - * - * Revision 1.4 1999/11/21 12:27:06 mdw - * Remove a division from the Montgomery setup by calculating - * %$R^2 \bmod m$% first and then %$R \bmod m$% by Montgomery reduction of - * %$R^2$%. - * - * Revision 1.3 1999/11/21 11:35:10 mdw - * Performance improvement: use @mp_sqr@ and @mpmont_reduce@ instead of - * @mpmont_mul@ for squaring in exponentiation. - * - * Revision 1.2 1999/11/19 13:17:26 mdw - * Add extra interface to exponentiation which returns a Montgomerized - * result. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" @@ -161,8 +88,7 @@ void mpmont_create(mpmont *mm, mp *m) /* --- Find the magic value @mi@ --- */ mp_build(&r, r2->v + n, r2->vl); - mm->mi = MP_NEW; - mp_gcd(0, 0, &mm->mi, &r, m); + mm->mi = mp_modinv(MP_NEW, m, &r); mm->mi = mp_sub(mm->mi, &r, mm->mi); /* --- Discover the values %$R \bmod m$% and %$R^2 \bmod m$% --- */ diff --git a/mpmont.h b/mpmont.h index 913f6f5e..b9311622 100644 --- a/mpmont.h +++ b/mpmont.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmont.h,v 1.7 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpmont.h,v 1.8 2004/04/08 01:36:15 mdw Exp $ * * Montgomery reduction * @@ -27,39 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpmont.h,v $ - * Revision 1.7 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.6 2002/01/13 13:49:25 mdw - * Make @const@-correct. - * - * Revision 1.5 2001/06/16 13:00:04 mdw - * Moved @mpmont_factor@ to . Documented interface change to - * @mpmont_expr@ and @mpmont_mexpr@ -- the arguments are now in Montgomery - * form. - * - * Revision 1.4 1999/12/11 01:51:14 mdw - * Use a Karatsuba-based reduction for large moduli. - * - * Revision 1.3 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.2 1999/11/19 13:17:43 mdw - * Add extra interface to exponentiation which returns a Montgomerized - * result. Add simultaneous exponentiation interface. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - #ifndef CATACOMB_MPMONT_H #define CATACOMB_MPMONT_H diff --git a/mpmul.c b/mpmul.c index 4dd6a68c..29f499ac 100644 --- a/mpmul.c +++ b/mpmul.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmul.c,v 1.4 2001/02/03 12:00:29 mdw Exp $ + * $Id: mpmul.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Multiply many small numbers together * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpmul.c,v $ - * Revision 1.4 2001/02/03 12:00:29 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.3 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.2 2000/07/09 21:31:10 mdw - * Fix bug, and add a test rig. - * - * Revision 1.1 2000/07/01 11:21:39 mdw - * New interface for computing products of many (small) integers. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mpmul.h b/mpmul.h index 76c9559b..8b6fd031 100644 --- a/mpmul.h +++ b/mpmul.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmul.h,v 1.1 2000/07/01 11:21:39 mdw Exp $ + * $Id: mpmul.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Multiply many small numbers together * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpmul.h,v $ - * Revision 1.1 2000/07/01 11:21:39 mdw - * New interface for computing products of many (small) integers. - * - */ - #ifndef CATACOMB_MPMUL_H #define CATACOMB_MPMUL_H diff --git a/mprand.c b/mprand.c index 46e603c0..0baae4fe 100644 --- a/mprand.c +++ b/mprand.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mprand.c,v 1.4 2001/05/07 17:31:19 mdw Exp $ + * $Id: mprand.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Generate a random multiprecision integer * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mprand.c,v $ - * Revision 1.4 2001/05/07 17:31:19 mdw - * Fix off-by one bug in mprand_range. Probably security critical: the old - * code generated numbers between zero and the highest power of 2 less than - * the given range. - * - * Revision 1.3 2000/06/17 11:45:09 mdw - * Major memory management overhaul. Added arena support. Use the secure - * arena for secret integers. Replace and improve the MP management macros - * (e.g., replace MP_MODIFY by MP_DEST). - * - * Revision 1.2 1999/12/22 15:55:33 mdw - * Modify `mprand' slightly. Add `mprand_range'. - * - * Revision 1.1 1999/12/10 23:23:05 mdw - * Support for generating random large integers. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mprand.h b/mprand.h index ea1bc21e..ea5d5211 100644 --- a/mprand.h +++ b/mprand.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mprand.h,v 1.2 1999/12/22 15:55:43 mdw Exp $ + * $Id: mprand.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Generate a random multiprecision integer * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mprand.h,v $ - * Revision 1.2 1999/12/22 15:55:43 mdw - * Add `mprand_range'. - * - * Revision 1.1 1999/12/10 23:23:05 mdw - * Support for generating random large integers. - * - */ - #ifndef CATACOMB_MPRAND_H #define CATACOMB_MPRAND_H diff --git a/mpreduce-exp.h b/mpreduce-exp.h index 781cfabe..67ec50d8 100644 --- a/mpreduce-exp.h +++ b/mpreduce-exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpreduce-exp.h,v 1.1 2004/03/27 00:04:46 mdw Exp $ + * $Id: mpreduce-exp.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Exponentiation operations for binary field reduction * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpreduce-exp.h,v $ - * Revision 1.1 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - * Revision 1.2 2004/03/21 22:52:06 mdw - * Merge and close elliptic curve branch. - * - * Revision 1.1.2.1 2004/03/21 22:39:46 mdw - * Elliptic curves on binary fields work. - * - */ - #ifndef CATACOMB_MPREDUCE_EXP_H #define CATACOMB_MPREDUCE_EXP_H diff --git a/mpreduce.c b/mpreduce.c index 857549a4..7d31334f 100644 --- a/mpreduce.c +++ b/mpreduce.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpreduce.c,v 1.1 2004/03/27 00:04:46 mdw Exp $ + * $Id: mpreduce.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Efficient reduction modulo nice primes * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpreduce.c,v $ - * Revision 1.1 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mpreduce.h b/mpreduce.h index 72f27fa2..c885ccb9 100644 --- a/mpreduce.h +++ b/mpreduce.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpreduce.h,v 1.1 2004/03/27 00:04:46 mdw Exp $ + * $Id: mpreduce.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Efficient reduction modulo nice primes * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpreduce.h,v $ - * Revision 1.1 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - */ - #ifndef CATACOMB_MPREDUCE_H #define CATACOMB_MPREDUCE_H diff --git a/mpscan.c b/mpscan.c index 0a5b4f0e..480f5aa5 100644 --- a/mpscan.c +++ b/mpscan.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpscan.c,v 1.3 2000/07/29 17:03:31 mdw Exp $ + * $Id: mpscan.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Sequential bit scan of multiprecision integers * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpscan.c,v $ - * Revision 1.3 2000/07/29 17:03:31 mdw - * Add support for left-to-right bitscanning, for use in modular - * exponentiation. - * - * Revision 1.2 1999/11/13 01:55:10 mdw - * Fixed so that they compile. Minor interface changes. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mpscan.h" diff --git a/mpscan.h b/mpscan.h index 619681d0..aaee0490 100644 --- a/mpscan.h +++ b/mpscan.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpscan.h,v 1.4 2000/07/29 17:03:31 mdw Exp $ + * $Id: mpscan.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Sequential bit scan of multiprecision integers * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpscan.h,v $ - * Revision 1.4 2000/07/29 17:03:31 mdw - * Add support for left-to-right bitscanning, for use in modular - * exponentiation. - * - * Revision 1.3 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.2 1999/11/13 01:55:10 mdw - * Fixed so that they compile. Minor interface changes. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_MPSCAN_H #define CATACOMB_MPSCAN_H diff --git a/mptext-dstr.c b/mptext-dstr.c index 729c27ea..2928eb63 100644 --- a/mptext-dstr.c +++ b/mptext-dstr.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mptext-dstr.c,v 1.3 2000/08/04 23:23:44 mdw Exp $ + * $Id: mptext-dstr.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Reading and writing large integers on strings * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mptext-dstr.c,v $ - * Revision 1.3 2000/08/04 23:23:44 mdw - * Various fixes. - * - * Revision 1.2 1999/12/22 15:56:21 mdw - * Make the buffer passed to `put' op constant. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mptext-file.c b/mptext-file.c index 6e7aa352..fbb1ef20 100644 --- a/mptext-file.c +++ b/mptext-file.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mptext-file.c,v 1.2 1999/12/22 15:56:21 mdw Exp $ + * $Id: mptext-file.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Reading and writing large integers on files * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mptext-file.c,v $ - * Revision 1.2 1999/12/22 15:56:21 mdw - * Make the buffer passed to `put' op constant. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mptext-len.c b/mptext-len.c index e9aee49f..5baa389d 100644 --- a/mptext-len.c +++ b/mptext-len.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mptext-len.c,v 1.1 2002/10/15 22:58:29 mdw Exp $ + * $Id: mptext-len.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Work out length of a number's string representation * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mptext-len.c,v $ - * Revision 1.1 2002/10/15 22:58:29 mdw - * Fast estimation of number representation lengths. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/mptext-string.c b/mptext-string.c index bdd62301..ac6e94aa 100644 --- a/mptext-string.c +++ b/mptext-string.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mptext-string.c,v 1.4 2004/04/01 12:50:09 mdw Exp $ + * $Id: mptext-string.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Reading and writing large integers on strings * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mptext-string.c,v $ - * Revision 1.4 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.3 2000/08/04 23:23:44 mdw - * Various fixes. - * - * Revision 1.2 1999/12/22 15:56:21 mdw - * Make the buffer passed to `put' op constant. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mptext.c b/mptext.c index 3eb58cf6..8130679c 100644 --- a/mptext.c +++ b/mptext.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mptext.c,v 1.17 2002/10/19 11:59:04 mdw Exp $ + * $Id: mptext.c,v 1.18 2004/04/08 01:36:15 mdw Exp $ * * Textual representation of multiprecision numbers * @@ -27,66 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mptext.c,v $ - * Revision 1.17 2002/10/19 11:59:04 mdw - * Fix leftovers bug in reading. - * - * Revision 1.16 2002/10/15 22:57:43 mdw - * Bug fix: prevent negative zero. - * - * Revision 1.15 2002/10/15 19:18:15 mdw - * Fix fencepost bugs in binary radix writing. - * - * Revision 1.14 2002/10/09 00:33:44 mdw - * Allow `0o' and `0b' prefixes for octal and binary (from Haskell) - * - * Revision 1.13 2002/10/09 00:21:06 mdw - * Allow user-specified `r_xx' bases to be up to 62. - * - * Revision 1.12 2002/01/13 19:51:18 mdw - * Extend the textual format to bases up to 62 by distinguishing case. - * - * Revision 1.11 2001/06/16 23:42:17 mdw - * Typesetting fixes. - * - * Revision 1.10 2001/06/16 13:22:39 mdw - * Added fast-track code for binary output bases, and tests. - * - * Revision 1.9 2001/02/03 16:05:17 mdw - * Make flags be unsigned. Improve the write algorithm: recurse until the - * parts are one word long and use single-precision arithmetic from there. - * Fix off-by-one bug when breaking the number apart. - * - * Revision 1.8 2000/12/06 20:32:42 mdw - * Reduce binary bytes (to allow marker bits to be ignored). Fix error - * message string a bit. Allow leading `+' signs. - * - * Revision 1.7 2000/07/15 10:01:08 mdw - * Bug fix in binary input. - * - * Revision 1.6 2000/06/25 12:58:23 mdw - * Fix the derivation of `depth' commentary. - * - * Revision 1.5 2000/06/17 11:46:19 mdw - * New and much faster stack-based algorithm for reading integers. Support - * reading and writing binary integers in bases between 2 and 256. - * - * Revision 1.4 1999/12/22 15:56:56 mdw - * Use clever recursive algorithm for writing numbers out. - * - * Revision 1.3 1999/12/10 23:23:26 mdw - * Allocate slightly less memory. - * - * Revision 1.2 1999/11/20 22:24:15 mdw - * Use function versions of MPX_UMULN and MPX_UADDN. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mptext.h b/mptext.h index 57c4dc20..ddd63288 100644 --- a/mptext.h +++ b/mptext.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mptext.h,v 1.6 2002/10/15 22:58:29 mdw Exp $ + * $Id: mptext.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Textual representation of multiprecision numbers * @@ -27,30 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mptext.h,v $ - * Revision 1.6 2002/10/15 22:58:29 mdw - * Fast estimation of number representation lengths. - * - * Revision 1.5 2000/10/08 12:04:58 mdw - * (MP_DOFPRINTFR): cope with null pointers. - * - * Revision 1.4 2000/06/17 11:46:58 mdw - * Convenience macros for producing debugging output containing MP - * integers. - * - * Revision 1.3 1999/12/22 15:56:30 mdw - * Make the buffer passed to `put' op constant. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/11/17 18:02:16 mdw - * New multiprecision integer arithmetic suite. - * - */ - #ifndef CATACOMB_MPTEXT_H #define CATACOMB_MPTEXT_H diff --git a/mptypes.c b/mptypes.c index f10ed7ec..3502ba3b 100644 --- a/mptypes.c +++ b/mptypes.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mptypes.c,v 1.4 2000/10/08 12:05:24 mdw Exp $ + * $Id: mptypes.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Generate `mptypes.h' header file for current architecture * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mptypes.c,v $ - * Revision 1.4 2000/10/08 12:05:24 mdw - * Make later versions of GCC shut up about @long long@. - * - * Revision 1.3 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.2 1999/11/13 01:54:32 mdw - * Format source code properly ;-). Attach suffixes to the `max' - * constants. - * - */ - /*----- Header files ------------------------------------------------------*/ #define _GNU_SOURCE diff --git a/mpw.h b/mpw.h index 3a9763c3..b5269dca 100644 --- a/mpw.h +++ b/mpw.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpw.h,v 1.2 1999/12/10 23:29:48 mdw Exp $ + * $Id: mpw.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Very low-level multiprecision definitions * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpw.h,v $ - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/11/13 01:52:34 mdw - * Very low-level definitions for MP types. - * - * Revision 1.1 1999/11/13 01:50:17 mdw - * Veyr low level definitions for MP types. - * - */ - #ifndef CATACOMB_MPW_H #define CATACOMB_MPW_H diff --git a/mpx-kmul.c b/mpx-kmul.c index 228cabdc..fbc1b028 100644 --- a/mpx-kmul.c +++ b/mpx-kmul.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpx-kmul.c,v 1.9 2004/03/27 17:54:12 mdw Exp $ + * $Id: mpx-kmul.c,v 1.10 2004/04/08 01:36:15 mdw Exp $ * * Karatsuba's multiplication algorithm * @@ -27,39 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpx-kmul.c,v $ - * Revision 1.9 2004/03/27 17:54:12 mdw - * Standard curves and curve checking. - * - * Revision 1.8 2002/10/09 00:36:03 mdw - * Fix bounds on workspace for Karatsuba operations. - * - * Revision 1.7 2000/10/08 15:48:35 mdw - * Rename Karatsuba constants now that we have @gfx_kmul@ too. - * - * Revision 1.6 2000/10/08 12:11:01 mdw - * Use @mpx_ueq@ instead of @MPX_UCMP@. - * - * Revision 1.5 2000/07/29 17:04:02 mdw - * Remove useless header `mpscan.h'. - * - * Revision 1.4 2000/06/17 11:42:11 mdw - * Moved the Karatsuba macros into a separate file for better sharing. - * Fixed some comments. - * - * Revision 1.3 1999/12/13 15:35:01 mdw - * Simplify and improve. - * - * Revision 1.2 1999/12/11 10:58:02 mdw - * Remove tweakable comments. - * - * Revision 1.1 1999/12/10 23:23:51 mdw - * Karatsuba-Ofman multiplication algorithm. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mpx-ksqr.c b/mpx-ksqr.c index 8a0ad644..fb59d0d8 100644 --- a/mpx-ksqr.c +++ b/mpx-ksqr.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpx-ksqr.c,v 1.7 2002/10/09 00:36:03 mdw Exp $ + * $Id: mpx-ksqr.c,v 1.8 2004/04/08 01:36:15 mdw Exp $ * * Karatsuba-based squaring algorithm * @@ -27,34 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpx-ksqr.c,v $ - * Revision 1.7 2002/10/09 00:36:03 mdw - * Fix bounds on workspace for Karatsuba operations. - * - * Revision 1.6 2000/10/08 15:48:35 mdw - * Rename Karatsuba constants now that we have @gfx_kmul@ too. - * - * Revision 1.5 2000/10/08 12:11:01 mdw - * Use @mpx_ueq@ instead of @MPX_UCMP@. - * - * Revision 1.4 2000/07/29 17:04:02 mdw - * Remove useless header `mpscan.h'. - * - * Revision 1.3 2000/06/17 11:42:54 mdw - * Moved the Karatsuba macros into a separate file for better sharing. - * Fixed some comments. Use an improved technique so that all the - * operations are squarings. - * - * Revision 1.2 1999/12/13 15:35:01 mdw - * Simplify and improve. - * - * Revision 1.1 1999/12/11 10:57:43 mdw - * Karatsuba squaring algorithm. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mpx.c b/mpx.c index ef93e3e6..e1227607 100644 --- a/mpx.c +++ b/mpx.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpx.c,v 1.19 2004/04/03 03:29:40 mdw Exp $ + * $Id: mpx.c,v 1.20 2004/04/08 01:36:15 mdw Exp $ * * Low-level multiprecision arithmetic * @@ -27,74 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpx.c,v $ - * Revision 1.19 2004/04/03 03:29:40 mdw - * Fix overrun in @mpx_lsr@. - * - * Revision 1.18 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.17 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - * Revision 1.16 2003/05/16 09:09:24 mdw - * Fix @mp_lsl2c@. Turns out to be surprisingly tricky. - * - * Revision 1.15 2002/10/20 01:12:31 mdw - * Two's complement I/O fixes. - * - * Revision 1.14 2002/10/19 18:55:08 mdw - * Fix overflows in shift primitives. - * - * Revision 1.13 2002/10/19 17:56:50 mdw - * Fix bit operations. Test them (a bit) better. - * - * Revision 1.12 2002/10/06 22:52:50 mdw - * Pile of changes for supporting two's complement properly. - * - * Revision 1.11 2001/04/03 19:36:05 mdw - * Add some simple bitwise operations so that Perl can use them. - * - * Revision 1.10 2000/10/08 12:06:12 mdw - * Provide @mpx_ueq@ for rapidly testing equality of two integers. - * - * Revision 1.9 2000/06/26 07:52:50 mdw - * Portability fix for the bug fix. - * - * Revision 1.8 2000/06/25 12:59:02 mdw - * (mpx_udiv): Fix bug in quotient digit estimation. - * - * Revision 1.7 1999/12/22 15:49:07 mdw - * New function for division by a small integer. - * - * Revision 1.6 1999/11/20 22:43:44 mdw - * Integrate testing for MPX routines. - * - * Revision 1.5 1999/11/20 22:23:27 mdw - * Add function versions of some low-level macros with wider use. - * - * Revision 1.4 1999/11/17 18:04:09 mdw - * Add two's-complement functionality. Improve mpx_udiv a little by - * performing the multiplication of the divisor by q with the subtraction - * from r. - * - * Revision 1.3 1999/11/13 01:57:31 mdw - * Remove stray debugging code. - * - * Revision 1.2 1999/11/13 01:50:59 mdw - * Multiprecision routines finished and tested. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/mpx.h b/mpx.h index 13b63ccc..f79cffd2 100644 --- a/mpx.h +++ b/mpx.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpx.h,v 1.17 2004/03/27 00:04:46 mdw Exp $ + * $Id: mpx.h,v 1.18 2004/04/08 01:36:15 mdw Exp $ * * Low level multiprecision arithmetic * @@ -27,62 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: mpx.h,v $ - * Revision 1.17 2004/03/27 00:04:46 mdw - * Implement efficient reduction for pleasant-looking primes. - * - * Revision 1.16 2003/05/16 09:09:24 mdw - * Fix @mp_lsl2c@. Turns out to be surprisingly tricky. - * - * Revision 1.15 2002/10/19 17:56:50 mdw - * Fix bit operations. Test them (a bit) better. - * - * Revision 1.14 2002/10/09 00:36:03 mdw - * Fix bounds on workspace for Karatsuba operations. - * - * Revision 1.13 2002/10/06 22:52:50 mdw - * Pile of changes for supporting two's complement properly. - * - * Revision 1.12 2001/04/03 19:36:05 mdw - * Add some simple bitwise operations so that Perl can use them. - * - * Revision 1.11 2000/10/08 15:48:35 mdw - * Rename Karatsuba constants now that we have @gfx_kmul@ too. - * - * Revision 1.10 2000/10/08 12:06:12 mdw - * Provide @mpx_ueq@ for rapidly testing equality of two integers. - * - * Revision 1.9 1999/12/22 15:49:07 mdw - * New function for division by a small integer. - * - * Revision 1.8 1999/12/11 10:57:43 mdw - * Karatsuba squaring algorithm. - * - * Revision 1.7 1999/12/11 01:51:28 mdw - * Change Karatsuba parameters slightly. - * - * Revision 1.6 1999/12/10 23:23:51 mdw - * Karatsuba-Ofman multiplication algorithm. - * - * Revision 1.5 1999/11/20 22:23:27 mdw - * Add function versions of some low-level macros with wider use. - * - * Revision 1.4 1999/11/17 18:04:43 mdw - * Add two's complement support. Fix a bug in MPX_UMLAN. - * - * Revision 1.3 1999/11/13 01:51:29 mdw - * Minor interface changes. Should be stable now. - * - * Revision 1.2 1999/11/11 17:47:55 mdw - * Minor changes for different `mptypes.h' format. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_MPX_H #define CATACOMB_MPX_H diff --git a/noekeon.c b/noekeon.c index a773eb05..6020e0c5 100644 --- a/noekeon.c +++ b/noekeon.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: noekeon.c,v 1.2 2001/06/16 23:42:17 mdw Exp $ + * $Id: noekeon.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Noekeon block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: noekeon.c,v $ - * Revision 1.2 2001/06/16 23:42:17 mdw - * Typesetting fixes. - * - * Revision 1.1 2001/05/08 22:17:41 mdw - * New cipher Noekeon added. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/noekeon.h b/noekeon.h index 9a5a43c4..16ec01a2 100644 --- a/noekeon.h +++ b/noekeon.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: noekeon.h,v 1.1 2001/05/08 22:17:41 mdw Exp $ + * $Id: noekeon.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Noekeon block cipher * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: noekeon.h,v $ - * Revision 1.1 2001/05/08 22:17:41 mdw - * New cipher Noekeon added. - * - * Revision 1.3 2001/05/07 17:31:53 mdw - * Separate out key scheduling. - * - * Revision 1.2 2000/10/08 15:48:58 mdw - * Update comments now that AES has been chosen. - * - * Revision 1.1 2000/06/17 11:56:07 mdw - * New cipher. - * - */ - /*----- Notes on the Noekeon block cipher --------------------------------* * * A Nessie entry, by Joan Daemen, Michael Peeters, Gilles Van Assche and diff --git a/noise.c b/noise.c index 8e5129b8..0244869f 100644 --- a/noise.c +++ b/noise.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: noise.c,v 1.7 2004/04/02 01:03:49 mdw Exp $ + * $Id: noise.c,v 1.8 2004/04/08 01:36:15 mdw Exp $ * * Acquisition of environmental noise (Unix-specific) * @@ -27,33 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: noise.c,v $ - * Revision 1.7 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.6 2000/06/17 12:57:47 mdw - * New free counter noise generator, for use if /dev/random is - * unavailable. - * - * Revision 1.5 1999/12/22 15:57:55 mdw - * Label system-specific parts more clearly. - * - * Revision 1.4 1999/12/10 23:25:15 mdw - * Bug fix: remove old spurious fflush. - * - * Revision 1.3 1999/12/10 23:24:11 mdw - * Bug fix: flush buffers before forking. - * - * Revision 1.2 1999/11/11 00:59:08 mdw - * A bit of reformatting. Initialize the uid and gid correctly. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/noise.h b/noise.h index 92528099..0147c95e 100644 --- a/noise.h +++ b/noise.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: noise.h,v 1.5 2004/04/02 01:03:49 mdw Exp $ + * $Id: noise.h,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Acquisition of environmental noise (Unix-specific) * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: noise.h,v $ - * Revision 1.5 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.4 2000/06/17 12:57:47 mdw - * New free counter noise generator, for use if /dev/random is - * unavailable. - * - * Revision 1.3 1999/12/22 15:57:55 mdw - * Label system-specific parts more clearly. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_NOISE_H #define CATACOMB_NOISE_H diff --git a/oaep.c b/oaep.c index f69c8649..2b9d7790 100644 --- a/oaep.c +++ b/oaep.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: oaep.c,v 1.5 2002/01/13 20:20:39 mdw Exp $ + * $Id: oaep.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Optimal asymmetric encryption packing * @@ -27,26 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: oaep.c,v $ - * Revision 1.5 2002/01/13 20:20:39 mdw - * Hack the @oaep_decode@ code some more, to make it work again. - * - * Revision 1.4 2002/01/13 13:50:21 mdw - * Allow only one error return, to frustrate Manger's attack against OAEP. - * - * Revision 1.3 2001/02/22 09:04:39 mdw - * Fix memory leaks. - * - * Revision 1.2 2000/07/15 10:01:48 mdw - * Test rig added, based on RIPEMD160-MGF1 test vectors. - * - * Revision 1.1 2000/07/01 11:18:30 mdw - * Support for Optimal Asymmetric Encryption Padding. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -58,25 +38,28 @@ #include "gcipher.h" #include "ghash.h" #include "grand.h" -#include "oaep.h" +#include "rsa.h" /*----- Main code ---------------------------------------------------------*/ /* --- @oaep_encode@ --- * * - * Arguments: @const void *msg@ = pointer to message data + * Arguments: @mp *d@ = where to put the answer + * @const void *m@ = pointer to message data * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer + * @octet *b@ = spare buffer + * @size_t sz@ = size of the buffer (big enough) + * @unsigned long nbits@ = length of bits of @n@ * @void *p@ = pointer to OAEP parameter block * - * Returns: Zero if all went well, negative on failure. + * Returns: The encoded plaintext, or null on failure. * * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in * PKCS#1 v. 2.0 (RFC2437). */ -int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p) +mp *oaep_encode(mp *d, const void *m, size_t msz, octet *b, size_t sz, + unsigned long nbits, void *p) { oaep *o = p; size_t hsz = o->ch->hashsz; @@ -89,50 +72,51 @@ int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p) /* --- Ensure that everything is sensibly sized --- */ if (2 * hsz + 2 + msz > sz) - return (-1); + return (0); /* --- Make the `seed' value --- */ - q = buf; + q = b; *q++ = 0; sz--; mq = q + hsz; qq = q + sz; - o->r->ops->fill(o->r, q, hsz); + GR_FILL(o->r, q, hsz); /* --- Fill in the rest of the buffer --- */ - h = o->ch->init(); - h->ops->hash(h, o->ep, o->epsz); - h->ops->done(h, mq); - h->ops->destroy(h); + h = GH_INIT(o->ch); + GH_HASH(h, o->ep, o->epsz); + GH_DONE(h, mq); + GH_DESTROY(h); pp = mq + hsz; n = sz - 2 * hsz - msz - 1; memset(pp, 0, n); pp += n; *pp++ = 1; - memcpy(pp, msg, msz); + memcpy(pp, m, msz); /* --- Do the packing --- */ n = sz - hsz; - c = o->cc->init(q, hsz); - c->ops->encrypt(c, mq, mq, n); - c->ops->destroy(c); + c = GC_INIT(o->cc, q, hsz); + GC_ENCRYPT(c, mq, mq, n); + GC_DESTROY(c); - c = o->cc->init(mq, n); - c->ops->encrypt(c, q, q, hsz); - c->ops->destroy(c); + c = GC_INIT(o->cc, mq, n); + GC_ENCRYPT(c, q, q, hsz); + GC_DESTROY(c); /* --- Done --- */ - return (0); + return (mp_loadb(d, b, sz + 1)); } /* --- @oaep_decode@ --- * * - * Arguments: @const void *buf@ = pointer to encoded buffer - * @size_t sz@ = size of the encoded buffer - * @dstr *d@ = pointer to destination string + * Arguments: @mp *m@ = the decrypted message + * @octet *b@ = pointer to a buffer to work in + * @size_t sz@ = the size of the buffer (big enough) + * @unsigned long nbits@ = the number of bits in @n@ * @void *p@ = pointer to OAEP parameter block * * Returns: The length of the output string if successful, negative on @@ -142,7 +126,18 @@ int oaep_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p) * PKCS#1 v. 2.0 (RFC2437). */ -int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) +static int memeq(const void *xx, const void *yy, size_t sz) +{ + int eq = 1; + const octet *x = xx, *y = yy; + while (sz) { /* Always check every byte */ + if (*x++ != *y++) eq = 0; + sz--; + } + return (eq); +} + +int oaep_decode(mp *m, octet *b, size_t sz, unsigned long nbits, void *p) { oaep *o = p; gcipher *c; @@ -152,39 +147,37 @@ int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) unsigned bad = 0; size_t n; size_t hsz = o->ch->hashsz; - int rc = -1; /* --- Ensure that the block is large enough --- */ - if (sz < 2 * hsz) + if (sz < 2 * hsz) /* Doesn't depend on ciphertext */ return (-1); - q = x_alloc(d->a, sz); - memcpy(q, buf, sz); - /* --- Decrypt the message --- */ + mp_storeb(m, b, sz); + q = b; bad = *q; q++; sz--; mq = q + hsz; qq = q + sz; n = sz - hsz; - c = o->cc->init(mq, n); - c->ops->decrypt(c, q, q, hsz); - c->ops->destroy(c); + c = GC_INIT(o->cc, mq, n); + GC_DECRYPT(c, q, q, hsz); + GC_DESTROY(c); - c = o->cc->init(q, hsz); - c->ops->decrypt(c, mq, mq, n); - c->ops->destroy(c); + c = GC_INIT(o->cc, q, hsz); + GC_DECRYPT(c, mq, mq, n); + GC_DESTROY(c); q--; /* --- Check the hash on the encoding parameters --- */ - h = o->ch->init(); - h->ops->hash(h, o->ep, o->epsz); - h->ops->done(h, q); - h->ops->destroy(h); - bad |= memcmp(q, mq, hsz); + h = GH_INIT(o->ch); + GH_HASH(h, o->ep, o->epsz); + GH_DONE(h, q); + GH_DESTROY(h); + bad |= !memeq(q, mq, hsz); /* --- Now find the start of the actual message --- */ @@ -193,98 +186,8 @@ int oaep_decode(const void *buf, size_t sz, dstr *d, void *p) pp++; bad |= (pp >= qq) | (*pp++ != 1); n = qq - pp; - dstr_putm(d, pp, n); - if (!bad) - rc = n; - - x_free(d->a, q); - return (rc); -} - -/*----- Test rig ----------------------------------------------------------*/ - -#ifdef TEST_RIG - -#include - -#include "rmd160.h" -#include "rmd160-mgf.h" - -typedef struct gctx { - grand r; - octet *buf; -} gctx; - -static void rfill(grand *r, void *buf, size_t sz) -{ - gctx *g = (gctx *)r; - memcpy(buf, g->buf, sz); -} - -static const grand_ops gops = { - "const", 0, 0, - 0, 0, - 0, 0, 0, 0, rfill -}; - -static int verify(dstr *v) -{ - gctx gr; - dstr d = DSTR_INIT; - oaep o; - int ok = 1; - - dstr_ensure(&d, v[3].len); - d.len = v[3].len; - gr.r.ops = &gops; - gr.buf = (octet *)v[2].buf; - - o.cc = &rmd160_mgf; - o.ch = &rmd160; - o.r = &gr.r; - o.ep = v[1].buf; - o.epsz = v[1].len; - - if (oaep_encode(v[0].buf, v[0].len, d.buf, d.len, &o) || - memcmp(d.buf, v[3].buf, d.len) != 0) { - ok = 0; - fputs("\nfailure in oaep_encode", stderr); - fputs("\n message = ", stderr); type_hex.dump(&v[0], stderr); - fputs("\n params = ", stderr); type_hex.dump(&v[1], stderr); - fputs("\n salt = ", stderr); type_hex.dump(&v[2], stderr); - fputs("\nexpected = ", stderr); type_hex.dump(&v[3], stderr); - fputs("\n output = ", stderr); type_hex.dump(&d, stderr); - fputc('\n', stderr); - } - - DRESET(&d); - if (oaep_decode(v[3].buf, v[3].len, &d, &o) < 0 || - d.len != v[0].len || memcmp(d.buf, v[0].buf, d.len) != 0) { - ok = 0; - fputs("\nfailure in oaep_decode", stderr); - fputs("\n goop = ", stderr); type_hex.dump(&v[3], stderr); - fputs("\n params = ", stderr); type_hex.dump(&v[1], stderr); - fputs("\n salt = ", stderr); type_hex.dump(&v[2], stderr); - fputs("\nexpected = ", stderr); type_hex.dump(&v[0], stderr); - fputs("\n output = ", stderr); type_hex.dump(&d, stderr); - fputc('\n', stderr); - } - - dstr_destroy(&d); - return (ok); + memmove(q, pp, n); + return (bad ? -1 : n); } -static test_chunk tests[] = { - { "oaep", verify, { &type_hex, &type_hex, &type_hex, &type_hex, 0 } }, - { 0, 0, { 0 } } -}; - -int main(int argc, char *argv[]) -{ - test_run(argc, argv, tests, SRCDIR "/tests/oaep"); - return (0); -} - -#endif - /*----- That's all, folks -------------------------------------------------*/ diff --git a/oaep.h b/oaep.h deleted file mode 100644 index 3f956b69..00000000 --- a/oaep.h +++ /dev/null @@ -1,123 +0,0 @@ -/* -*-c-*- - * - * $Id: oaep.h,v 1.1 2000/07/01 11:18:30 mdw Exp $ - * - * Optimal asymmetric encryption packing - * - * (c) 2000 Straylight/Edgeware - */ - -/*----- Licensing notice --------------------------------------------------* - * - * This file is part of Catacomb. - * - * Catacomb is free software; you can redistribute it and/or modify - * it under the terms of the GNU Library General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * Catacomb is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with Catacomb; if not, write to the Free - * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - * MA 02111-1307, USA. - */ - -/*----- Revision history --------------------------------------------------* - * - * $Log: oaep.h,v $ - * Revision 1.1 2000/07/01 11:18:30 mdw - * Support for Optimal Asymmetric Encryption Padding. - * - */ - -/*----- Notes on OAEP -----------------------------------------------------* - * - * Applying OAEP before RSA encryption renders the construction plaintext- - * aware under the random oracle model. This is probably a good thing. OAEP - * was designed by Bellare and Rogaway. This particular variant is the one - * specified in PKCS#1 version 2.0. It's apparently not compatible with the - * OAEP used in the SET protocols. - */ - -#ifndef CATACOMB_OAEP_H -#define CATACOMB_OAEP_H - -#ifdef __cplusplus - extern "C" { -#endif - -/*----- Header files ------------------------------------------------------*/ - -#include -#include - -#ifndef CATACOMB_GCIPHER_H -# include "gcipher.h" -#endif - -#ifndef CATACOMB_GHASH_H -# include "ghash.h" -#endif - -#ifndef CATACOMB_GRAND_H -# include "grand.h" -#endif - -/*----- Data structures ---------------------------------------------------*/ - -typedef struct oaep { - const gccipher *cc; /* Cipher class for masking */ - const gchash *ch; /* Hash class for parameter block */ - grand *r; /* Random number source */ - const void *ep; /* Encoding parameters block */ - size_t epsz; /* Size of the parameter block */ -} oaep; - -/*----- Functions provided ------------------------------------------------*/ - -/* --- @oaep_encode@ --- * - * - * Arguments: @const void *msg@ = pointer to message data - * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer - * @void *p@ = pointer to OAEP parameter block - * - * Returns: Zero if all went well, negative on failure. - * - * Use: Implements the operation @EME-OAEP-ENCODE@, as defined in - * PKCS#1 v. 2.0 (RFC2437). - */ - -extern int oaep_encode(const void */*msg*/, size_t /*msz*/, - void */*buf*/, size_t /*sz*/, void */*p*/); - -/* --- @oaep_decode@ --- * - * - * Arguments: @const void *buf@ = pointer to encoded buffer - * @size_t sz@ = size of the encoded buffer - * @dstr *d@ = pointer to destination string - * @void *p@ = pointer to OAEP parameter block - * - * Returns: The length of the output string if successful, negative on - * failure. - * - * Use: Implements the operation @EME-OAEP-DECODE@, as defined in - * PKCS#1 v. 2.0 (RFC2437). - */ - -extern int oaep_decode(const void */*buf*/, size_t /*sz*/, - dstr */*d*/, void */*p*/); - -/*----- That's all, folks -------------------------------------------------*/ - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/ofb-def.h b/ofb-def.h index 67d3a6a3..8f21a872 100644 --- a/ofb-def.h +++ b/ofb-def.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ofb-def.h,v 1.6 2004/04/02 01:03:49 mdw Exp $ + * $Id: ofb-def.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Definitions for output feedback mode * @@ -27,29 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ofb-def.h,v $ - * Revision 1.6 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.5 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.4 2001/04/03 19:36:36 mdw - * Don't use @va_arg@ as an argument to @STORE32@! - * - * Revision 1.3 2000/06/17 11:48:02 mdw - * Use secure arena for memory allocation. Rearrange setiv slightly. - * - * Revision 1.2 1999/12/13 15:34:01 mdw - * Add support for seeding from a generic pseudorandom source. - * - * Revision 1.1 1999/12/10 23:16:40 mdw - * Split mode macros into interface and implementation. - * - */ - #ifndef CATACOMB_OFB_DEF_H #define CATACOMB_OFB_DEF_H diff --git a/ofb.h b/ofb.h index 33afdb98..e38dae2a 100644 --- a/ofb.h +++ b/ofb.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ofb.h,v 1.4 2001/06/17 00:10:51 mdw Exp $ + * $Id: ofb.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Output feedback for block ciphers * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ofb.h,v $ - * Revision 1.4 2001/06/17 00:10:51 mdw - * Typesetting fixes - * - * Revision 1.3 2000/06/17 11:48:24 mdw - * Change buffer offset to be unsigned. - * - * Revision 1.2 1999/12/10 23:16:40 mdw - * Split mode macros into interface and implementation. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_OFB_H #define CATACOMB_OFB_H diff --git a/papers/rand.tex b/papers/rand.tex index 1c489cce..d4ae0c16 100644 --- a/papers/rand.tex +++ b/papers/rand.tex @@ -1,6 +1,6 @@ %%% -*-latex-*- %%% -%%% $Id: rand.tex,v 1.3 1999/10/15 21:05:56 mdw Exp $ +%%% $Id: rand.tex,v 1.4 2004/04/08 01:36:15 mdw Exp $ %%% %%% Description of Catacomb's random number generator %%% @@ -26,19 +26,6 @@ %%% Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, %%% MA 02111-1307, USA. -%%%----- Revision history --------------------------------------------------- -%%% -%%% $Log: rand.tex,v $ -%%% Revision 1.3 1999/10/15 21:05:56 mdw -%%% Add a little more explanatory text for the pool and buffer sizes. -%%% -%%% Revision 1.2 1999/10/12 21:00:34 mdw -%%% Updated. Almost finished, in fact. ;-) -%%% -%%% Revision 1.1 1999/09/03 08:41:13 mdw -%%% Initial import. -%%% - %%%----- Header ------------------------------------------------------------- \documentclass[a4paper, article, 10pt, notitlepage, numbering]{strayman} diff --git a/paranoia.h b/paranoia.h index 58873bc5..5a65ed58 100644 --- a/paranoia.h +++ b/paranoia.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: paranoia.h,v 1.2 1999/12/10 23:29:48 mdw Exp $ + * $Id: paranoia.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Macros and functions for cryptographic paranoia * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: paranoia.h,v $ - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - #ifndef CATACOMB_PARANOIA_H #define CATACOMB_PARANOIA_H diff --git a/passphrase.c b/passphrase.c index d27b9a4a..0b8ddcf8 100644 --- a/passphrase.c +++ b/passphrase.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: passphrase.c,v 1.5 2002/01/13 13:41:37 mdw Exp $ + * $Id: passphrase.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Reading of passphrases (Unix-specific) * @@ -27,28 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: passphrase.c,v $ - * Revision 1.5 2002/01/13 13:41:37 mdw - * Fix stupidity in passphrase verification. - * - * Revision 1.4 2001/04/19 18:26:01 mdw - * Re-request broken passphrases. - * - * Revision 1.3 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.2 2000/06/17 11:49:37 mdw - * New pixie protocol allowing application to request passphrases and send - * them to the pixie. - * - * Revision 1.1 1999/12/22 15:58:20 mdw - * Portable interface to reading passphrases. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/passphrase.h b/passphrase.h index 146251f6..85ec58e4 100644 --- a/passphrase.h +++ b/passphrase.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: passphrase.h,v 1.1 1999/12/22 15:58:20 mdw Exp $ + * $Id: passphrase.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Reading passphrases * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: passphrase.h,v $ - * Revision 1.1 1999/12/22 15:58:20 mdw - * Portable interface to reading passphrases. - * - */ - #ifndef CATACOMB_PASSPHRASE_H #define CATACOMB_PASSPHRASE_H diff --git a/pfilt.c b/pfilt.c index e3d1d3dd..7f44569f 100644 --- a/pfilt.c +++ b/pfilt.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pfilt.c,v 1.5 2004/04/01 12:50:09 mdw Exp $ + * $Id: pfilt.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Finding and testing prime numbers * @@ -27,46 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pfilt.c,v $ - * Revision 1.5 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.4 2000/10/08 12:14:57 mdw - * Remove vestiges of @primorial@. - * - * Revision 1.3 2000/08/15 21:44:27 mdw - * (pfilt_smallfactor): New function for doing trial division the hard - * way. - * - * (pfilt_create): Use @mpx_udivn@ for computing residues, for improved - * performance. - * - * Pull the `small prime' test into a separate function, and do it - * properly. - * - * Revision 1.2 2000/06/17 11:54:27 mdw - * Use new MP memory management functions. - * - * Revision 1.1 1999/12/22 15:49:39 mdw - * Renamed from `pgen'. Reworking for new prime-search system. - * - * Revision 1.3 1999/12/10 23:28:35 mdw - * Track suggested destination changes. - * - * Revision 1.2 1999/11/20 22:23:05 mdw - * Add multiply-and-add function for Diffie-Hellman safe prime generation. - * - * Revision 1.1 1999/11/19 13:17:57 mdw - * Prime number generator and tester. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/pfilt.h b/pfilt.h index 963b7650..652d2eb3 100644 --- a/pfilt.h +++ b/pfilt.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pfilt.h,v 1.3 2004/04/01 12:50:09 mdw Exp $ + * $Id: pfilt.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Finding and testing prime numbers * @@ -27,34 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pfilt.h,v $ - * Revision 1.3 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.2 2000/08/15 21:42:56 mdw - * Use the small primes type from `genprimes' output. New function for - * doing trial division the hard way. - * - * Revision 1.1 1999/12/22 15:49:39 mdw - * Renamed from `pgen'. Reworking for new prime-search system. - * - * Revision 1.3 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.2 1999/11/20 22:23:05 mdw - * Add multiply-and-add function for Diffie-Hellman safe prime generation. - * - * Revision 1.1 1999/11/19 13:17:57 mdw - * Prime number generator and tester. - * - */ - #ifndef CATACOMB_PFILT_H #define CATACOMB_PFILT_H diff --git a/pgen-gcd.c b/pgen-gcd.c index 35b770ab..71a1c49d 100644 --- a/pgen-gcd.c +++ b/pgen-gcd.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pgen-gcd.c,v 1.2 2000/07/01 11:09:20 mdw Exp $ + * $Id: pgen-gcd.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Prime search stepper ensuring a low GCD for %$(p - 1)/2$% * @@ -27,19 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pgen-gcd.c,v $ - * Revision 1.2 2000/07/01 11:09:20 mdw - * (pgen_gcd): Bug fix -- check the GCDs of the right things when deciding - * whether to abort. - * - * Revision 1.1 2000/06/17 11:51:53 mdw - * Filter which imposes additional restrictions on GCD of %$(p - 1)/2$% - * with a given integer. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/pgen-safe.c b/pgen-safe.c index 03ba35a4..115f7b49 100644 --- a/pgen-safe.c +++ b/pgen-safe.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pgen-safe.c,v 1.4 2000/07/03 18:09:27 mdw Exp $ + * $Id: pgen-safe.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Safe prime generation * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pgen-safe.c,v $ - * Revision 1.4 2000/07/03 18:09:27 mdw - * Bug fix to the GCD check. With any luck, this is the last of these to - * need nailing to the wall. - * - * Revision 1.3 2000/06/17 11:52:36 mdw - * Signal a pgen abort if the jump and base share a common factor. - * - * Revision 1.2 2000/02/12 18:21:03 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 16:01:34 mdw - * Find `safe' primes (i.e., %$p = 2q + 1$%). - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/pgen-stdev.c b/pgen-stdev.c index bc867bbd..9ecb3b4a 100644 --- a/pgen-stdev.c +++ b/pgen-stdev.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pgen-stdev.c,v 1.3 2000/08/18 19:16:12 mdw Exp $ + * $Id: pgen-stdev.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Standard event handlers * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pgen-stdev.c,v $ - * Revision 1.3 2000/08/18 19:16:12 mdw - * New event handler for showing in detail sub-prime generation. - * - * Revision 1.2 2000/07/09 21:31:34 mdw - * Delete the spinner when the search finishes. - * - * Revision 1.1 1999/12/22 16:01:57 mdw - * Standard progress-reporting functions. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/pgen.c b/pgen.c index 9cc43342..ac8db381 100644 --- a/pgen.c +++ b/pgen.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pgen.c,v 1.9 2004/04/01 12:50:09 mdw Exp $ + * $Id: pgen.c,v 1.10 2004/04/08 01:36:15 mdw Exp $ * * Prime generation glue * @@ -27,36 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pgen.c,v $ - * Revision 1.9 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.8 2002/01/13 13:42:53 mdw - * More efficient Rabin-Miller test: with random witnesses, skip redundant - * Montgomerization. (Being bijective, it can't affect the distribution.) - * - * Revision 1.7 2001/02/03 16:05:32 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.6 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.5 2000/06/17 11:52:36 mdw - * Signal a pgen abort if the jump and base share a common factor. - * - * Revision 1.4 1999/12/22 16:01:11 mdw - * Same file, completely different code. Main interface for new prime- - * search system. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/pgen.h b/pgen.h index 1834f03b..421819a7 100644 --- a/pgen.h +++ b/pgen.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pgen.h,v 1.8 2004/04/01 12:50:09 mdw Exp $ + * $Id: pgen.h,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Prime generation glue * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pgen.h,v $ - * Revision 1.8 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - * Revision 1.7 2000/08/18 19:16:12 mdw - * New event handler for showing in detail sub-prime generation. - * - * Revision 1.6 2000/06/17 11:52:12 mdw - * Add the GCD filter. - * - * Revision 1.5 2000/02/12 18:21:03 mdw - * Overhaul of key management (again). - * - * Revision 1.4 1999/12/22 16:01:11 mdw - * Same file, completely different code. Main interface for new prime- - * search system. - * - */ - #ifndef CATACOMB_PGEN_H #define CATACOMB_PGEN_H diff --git a/pixie-client.c b/pixie-client.c index f1b86788..1597426a 100644 --- a/pixie-client.c +++ b/pixie-client.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pixie-client.c,v 1.2 2000/06/17 11:49:37 mdw Exp $ + * $Id: pixie-client.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Simple passphrase pixie client (Unix-specific) * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pixie-client.c,v $ - * Revision 1.2 2000/06/17 11:49:37 mdw - * New pixie protocol allowing application to request passphrases and send - * them to the pixie. - * - * Revision 1.1 1999/12/22 15:58:41 mdw - * Passphrase pixie support. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/pixie-common.c b/pixie-common.c index 59b7c5cc..6efd7633 100644 --- a/pixie-common.c +++ b/pixie-common.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pixie-common.c,v 1.1 1999/12/22 15:58:41 mdw Exp $ + * $Id: pixie-common.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Common code for Pixie client and server (Unix-specific) * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pixie-common.c,v $ - * Revision 1.1 1999/12/22 15:58:41 mdw - * Passphrase pixie support. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/pixie.c b/pixie.c index ba1285ae..2ce007de 100644 --- a/pixie.c +++ b/pixie.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pixie.c,v 1.13 2004/03/21 22:43:05 mdw Exp $ + * $Id: pixie.c,v 1.14 2004/04/08 01:36:15 mdw Exp $ * * Passphrase pixie for Catacomb * @@ -27,74 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pixie.c,v $ - * Revision 1.13 2004/03/21 22:43:05 mdw - * Keep quiet about expected errors on incoming connections. - * - * Revision 1.12 2002/01/13 13:50:42 mdw - * Various fixes tracking mLib changes. - * - * Revision 1.11 2002/01/13 13:43:05 mdw - * Fix bug in daemon mode. - * - * Revision 1.10 2001/02/21 20:03:54 mdw - * Handle select errors (by bombing out). Cosmetic tweak. - * - * Revision 1.9 2001/02/03 16:06:44 mdw - * Don't set a handler for @SIGINT@ if it's ignored at startup. Add some - * error handling for the @select@ loop. - * - * Revision 1.8 2001/01/25 22:19:31 mdw - * Make flags be unsigned. - * - * Revision 1.7 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.6 2000/10/08 12:06:46 mdw - * Change size passed to socket function to be a @size_t@. Insert missing - * type name for flag declaration. - * - * Revision 1.5 2000/07/29 22:05:22 mdw - * Miscellaneous tidyings: - * - * * Change the timeout to something more appropriate for real use. - * - * * Check assumptions about object types when binding the socket. In - * particular, don't zap the socket if it's really something else. - * - * * In @p_request@, return a failure if the shell command returned - * nonzero. Fix a bug in @p_get@ which incorrectly passes on a success - * code when this happens. - * - * * Dispose of the locked memory in client mode to avoid being - * antisocial. - * - * * Also in client mode, don't report closure from the server if we're - * running noninteractively. - * - * * Insert a missing option letter into the usage string. - * - * * Change to the root directory after forking in daemon mode. - * - * Revision 1.4 2000/06/17 11:50:53 mdw - * New pixie protocol allowing application to request passphrases and send - * them to the pixie. Use the secure arena interface for the input - * buffer. Extend the input buffer. Other minor fixes. - * - * Revision 1.3 1999/12/22 22:14:40 mdw - * Only produce initialization message if verbose. - * - * Revision 1.2 1999/12/22 22:13:42 mdw - * Fix bug in passphrase flushing loop. - * - * Revision 1.1 1999/12/22 15:58:41 mdw - * Passphrase pixie support. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/pixie.h b/pixie.h index e66a8bad..25cd86fb 100644 --- a/pixie.h +++ b/pixie.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pixie.h,v 1.2 2000/06/17 11:49:49 mdw Exp $ + * $Id: pixie.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Passphrase pixie definitions (Unix-specific) * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pixie.h,v $ - * Revision 1.2 2000/06/17 11:49:49 mdw - * New pixie protocol allowing application to request passphrases and send - * them to the pixie. - * - * Revision 1.1 1999/12/22 15:58:41 mdw - * Passphrase pixie support. - * - */ - #ifndef CATACOMB_PIXIE_H #define CATACOMB_PIXIE_H diff --git a/pkcs1.c b/pkcs1.c index dd195695..34604676 100644 --- a/pkcs1.c +++ b/pkcs1.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pkcs1.c,v 1.3 2000/10/08 12:07:04 mdw Exp $ + * $Id: pkcs1.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * PKCS#1 1.5 packing * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pkcs1.c,v $ - * Revision 1.3 2000/10/08 12:07:04 mdw - * Don't do arithmetic on @void *@ pointers. - * - * Revision 1.2 2000/07/05 17:49:48 mdw - * Fix decoding functions, so that they don't run off the end of the - * buffer. - * - * Revision 1.1 2000/07/01 11:17:38 mdw - * New support for PKCS#1 message encoding. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -50,62 +35,71 @@ #include #include "grand.h" -#include "pkcs1.h" +#include "rsa.h" /*----- Main code ---------------------------------------------------------*/ /* --- @pkcs1_cryptencode@ --- * * - * Arguments: @const void *msg@ = pointer to message data + * Arguments: @mp *d@ = where to put the answer + * @const void *m@ = pointer to message data * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer + * @octet *b@ = spare buffer + * @size_t sz@ = size of the buffer (big enough) + * @unsigned long nbits@ = length of bits of @n@ * @void *p@ = pointer to PKCS1 parameter block * - * Returns: Zero if all went well, negative on failure. + * Returns: The encoded result, or null. * * Use: Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined * in PKCS#1 v. 2.0 (RFC2437). */ -int pkcs1_cryptencode(const void *msg, size_t msz, void *buf, size_t sz, - void *p) +mp *pkcs1_cryptencode(mp *d, const void *m, size_t msz, octet *b, size_t sz, + unsigned long nbits, void *p) { pkcs1 *pp = p; grand *r = pp->r; - octet *q, *qq; + octet *q; size_t i, n; /* --- Ensure that the buffer is sensibly sized --- */ if (pp->epsz + msz + 11 > sz) - return (-1); + return (0); - /* --- Fill in the buffer --- */ + /* --- Allocate the buffer and fill it in --- */ - q = buf; - qq = q + sz; - *q++ = 0; - *q++ = 2; + q = b; + *q++ = 0x00; + *q++ = 0x02; n = sz - msz - pp->epsz - 3; - r->ops->fill(r, q, n); + GR_FILL(r, q, n); for (i = 0; i < n; i++) { if (*q == 0) *q = r->ops->range(r, 255) + 1; q++; } *q++ = 0; - memcpy(q, pp->ep, pp->epsz); - q += pp->epsz; - memcpy(q, msg, msz); - return (0); + if (pp->ep) { + memcpy(q, pp->ep, pp->epsz); + q += pp->epsz; + } + memcpy(q, m, msz); + q += msz; + assert(q == b + sz); + + /* --- Collect the result --- */ + + return (mp_loadb(d, b, sz)); } /* --- @pkcs1_cryptdecode@ --- * * - * Arguments: @const void *buf@ = pointer to encoded buffer - * @size_t sz@ = size of the encoded buffer - * @dstr *d@ = pointer to destination string + * Arguments: @mp *m@ = the decrypted message + * @octet *b@ = pointer to a buffer to work in + * @size_t sz@ = the size of the buffer (big enough) + * @unsigned long nbits@ = the number of bits in @n@ * @void *p@ = pointer to PKCS1 parameter block * * Returns: The length of the output string if successful, negative on @@ -115,94 +109,113 @@ int pkcs1_cryptencode(const void *msg, size_t msz, void *buf, size_t sz, * in PKCS#1 v. 2.0 (RFC2437). */ -int pkcs1_cryptdecode(const void *buf, size_t sz, dstr *d, void *p) +static int memeq(const void *xx, const void *yy, size_t sz) +{ + int eq = 1; + const octet *x = xx, *y = yy; + while (sz) { /* Always check every byte */ + if (*x++ != *y++) eq = 0; + sz--; + } + return (eq); +} + +int pkcs1_cryptdecode(mp *m, octet *b, size_t sz, + unsigned long nbits, void *p) { pkcs1 *pp = p; const octet *q, *qq; size_t n, i; + int bad = 0; /* --- Check the size of the block looks sane --- */ - if (pp->epsz + 11 > sz) + if (pp->epsz + 11 > sz) /* OK: independent of ciphertext */ return (-1); - q = buf; + mp_storeb(m, b, sz); + q = b; qq = q + sz; /* --- Ensure that the block looks OK --- */ - if (*q++ != 0 || *q++ != 2) - return (-1); + bad |= (*q++ != 0x00 || *q++ != 0x02); /* --- Check the nonzero padding --- */ i = 0; while (*q != 0 && q < qq) i++, q++; - if (i < 8 || qq - q < pp->epsz + 1) - return (-1); + bad |= (i < 8 || qq - q < pp->epsz + 1); q++; /* --- Check the encoding parameters --- */ - if (memcmp(q, pp->ep, pp->epsz) != 0) - return (-1); + bad |= (pp->ep && !memeq(bad ? b : q, pp->ep, pp->epsz)); q += pp->epsz; /* --- Done --- */ n = qq - q; - dstr_putm(d, q, n); - return (n); + memmove(b, bad ? b + 1 : q, n); + return (bad ? -1 : n); } /* --- @pkcs1_sigencode@ --- * * - * Arguments: @const void *msg@ = pointer to message data + * Arguments: @mp *d@ = where to put the answer + * @const void *m@ = pointer to message data * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer + * @octet *b@ = spare buffer + * @size_t sz@ = size of the buffer (big enough) + * @unsigned long nbits@ = length of bits of @n@ * @void *p@ = pointer to PKCS1 parameter block * - * Returns: Zero if all went well, negative on failure. + * Returns: The encoded message representative, or null. * * Use: Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined * in PKCS#1 v. 2.0 (RFC2437). */ -int pkcs1_sigencode(const void *msg, size_t msz, void *buf, size_t sz, - void *p) +mp *pkcs1_sigencode(mp *d, const void *m, size_t msz, octet *b, size_t sz, + unsigned long nbits, void *p) { pkcs1 *pp = p; - octet *q, *qq; + octet *q; size_t n; /* --- Ensure that the buffer is sensibly sized --- */ if (pp->epsz + msz + 11 > sz) - return (-1); + return (0); /* --- Fill in the buffer --- */ - q = buf; - qq = q + sz; - *q++ = 0; - *q++ = 1; + q = b; + *q++ = 0x00; + *q++ = 0x01; n = sz - msz - pp->epsz - 3; memset(q, 0xff, n); q += n; *q++ = 0; - memcpy(q, pp->ep, pp->epsz); - q += pp->epsz; - memcpy(q, msg, msz); - return (0); + if (pp->ep) { + memcpy(q, pp->ep, pp->epsz); + q += pp->epsz; + } + memcpy(q, m, msz); + q += msz; + assert(q == b + sz); + return (mp_loadb(d, b, sz)); } /* --- @pkcs1_sigdecode@ --- * * - * Arguments: @const void *buf@ = pointer to encoded buffer - * @size_t sz@ = size of the encoded buffer - * @dstr *d@ = pointer to destination string - * @void *p@ = pointer to PKCS1 parameter block + * Arguments: @mp *s@ = the message representative + * @const void *m@ = the original message, or null (ignored) + * @size_t msz@ = the message size (ignored) + * @octet *b@ = a scratch buffer + * @size_t sz@ = size of the buffer (large enough) + * @unsigned long nbits@ = number of bits in @n@ + * @void *p@ = pointer to PKCS1 parameters * * Returns: The length of the output string if successful, negative on * failure. @@ -211,7 +224,8 @@ int pkcs1_sigencode(const void *msg, size_t msz, void *buf, size_t sz, * in PKCS#1 v. 2.0 (RFC2437). */ -int pkcs1_sigdecode(const void *buf, size_t sz, dstr *d, void *p) +int pkcs1_sigdecode(mp *s, const void *m, size_t msz, octet *b, size_t sz, + unsigned long nbits, void *p) { pkcs1 *pp = p; const octet *q, *qq; @@ -221,12 +235,13 @@ int pkcs1_sigdecode(const void *buf, size_t sz, dstr *d, void *p) if (pp->epsz + 10 > sz) return (-1); - q = buf; + mp_storeb(s, b, sz); + q = b; qq = q + sz; /* --- Ensure that the block looks OK --- */ - if (*q++ != 0 || *q++ != 1) + if (*q++ != 0x00 || *q++ != 0x01) return (-1); /* --- Check the padding --- */ @@ -239,14 +254,14 @@ int pkcs1_sigdecode(const void *buf, size_t sz, dstr *d, void *p) /* --- Check the encoding parameters --- */ - if (memcmp(q, pp->ep, pp->epsz) != 0) + if (pp->ep && memcmp(q, pp->ep, pp->epsz) != 0) return (-1); q += pp->epsz; /* --- Done --- */ n = qq - q; - dstr_putm(d, q, n); + memmove(b, q, n); return (n); } diff --git a/pkcs1.h b/pkcs1.h deleted file mode 100644 index ff5123fc..00000000 --- a/pkcs1.h +++ /dev/null @@ -1,138 +0,0 @@ -/* -*-c-*- - * - * $Id: pkcs1.h,v 1.1 2000/07/01 11:17:38 mdw Exp $ - * - * PKCS#1 1.5 packing - * - * (c) 2000 Straylight/Edgeware - */ - -/*----- Licensing notice --------------------------------------------------* - * - * This file is part of Catacomb. - * - * Catacomb is free software; you can redistribute it and/or modify - * it under the terms of the GNU Library General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * Catacomb is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with Catacomb; if not, write to the Free - * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - * MA 02111-1307, USA. - */ - -/*----- Revision history --------------------------------------------------* - * - * $Log: pkcs1.h,v $ - * Revision 1.1 2000/07/01 11:17:38 mdw - * New support for PKCS#1 message encoding. - * - */ - -#ifndef CATACOMB_PKCS1_H -#define CATACOMB_PKCS1_H - -#ifdef __cplusplus - extern "C" { -#endif - -/*----- Header files ------------------------------------------------------*/ - -#include -#include - -#ifndef CATACOMB_GRAND_H -# include "grand.h" -#endif - -/*----- Data structures ---------------------------------------------------*/ - -typedef struct pkcs1 { - grand *r; /* Random number source */ - const void *ep; /* Encoding parameters block */ - size_t epsz; /* Size of the parameter block */ -} pkcs1; - -/*----- Functions provided ------------------------------------------------*/ - -/* --- @pkcs1_cryptencode@ --- * - * - * Arguments: @const void *msg@ = pointer to message data - * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer - * @void *p@ = pointer to PKCS1 parameter block - * - * Returns: Zero if all went well, negative on failure. - * - * Use: Implements the operation @EME-PKCS1-V1_5-ENCODE@, as defined - * in PKCS#1 v. 2.0 (RFC2437). - */ - -extern int pkcs1_cryptencode(const void */*msg*/, size_t /*msz*/, - void */*buf*/, size_t /*sz*/, void */*p*/); - -/* --- @pkcs1_cryptdecode@ --- * - * - * Arguments: @const void *buf@ = pointer to encoded buffer) - * @size_t sz@ = size of the encoded buffer - * @dstr *d@ = pointer to destination string - * @void *p@ = pointer to PKCS1 parameter block - * - * Returns: The length of the output string if successful, negative on - * failure. - * - * Use: Implements the operation @EME-PKCS1-V1_5-DECODE@, as defined - * in PKCS#1 v. 2.0 (RFC2437). - */ - -extern int pkcs1_cryptdecode(const void */*buf*/, size_t /*sz*/, - dstr */*d*/, void */*p*/); - -/* --- @pkcs1_sigencode@ --- * - * - * Arguments: @const void *msg@ = pointer to message data - * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer - * @void *p@ = pointer to PKCS1 parameter block - * - * Returns: Zero if all went well, negative on failure. - * - * Use: Implements the operation @EMSA-PKCS1-V1_5-ENCODE@, as defined - * in PKCS#1 v. 2.0 (RFC2437). - */ - -extern int pkcs1_sigencode(const void */*msg*/, size_t /*msz*/, - void */*buf*/, size_t /*sz*/, void */*p*/); - -/* --- @pkcs1_sigdecode@ --- * - * - * Arguments: @const void *buf@ = pointer to encoded buffer - * @size_t sz@ = size of the encoded buffer - * @dstr *d@ = pointer to destination string - * @void *p@ = pointer to PKCS1 parameter block - * - * Returns: The length of the output string if successful, negative on - * failure. - * - * Use: Implements the operation @EMSA-PKCS1-V1_5-DECODE@, as defined - * in PKCS#1 v. 2.0 (RFC2437). - */ - -extern int pkcs1_sigdecode(const void */*buf*/, size_t /*sz*/, - dstr */*d*/, void */*p*/); - -/*----- That's all, folks -------------------------------------------------*/ - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/prim.c b/prim.c index 752da9f3..79ab7313 100644 --- a/prim.c +++ b/prim.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: prim.c,v 1.3 2000/10/08 12:11:22 mdw Exp $ + * $Id: prim.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Finding primitive elements * @@ -27,22 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: prim.c,v $ - * Revision 1.3 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.2 2000/07/29 09:57:42 mdw - * Improve primitive-element testing a lot. Now much more sensible and - * orthogonal: you can find a generator for any given subgroup order by - * putting in the appropriate parameters. - * - * Revision 1.1 1999/12/22 15:58:59 mdw - * Search for primitive elements using prime-search equipment. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/prim.h b/prim.h index 90b11568..193d0582 100644 --- a/prim.h +++ b/prim.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: prim.h,v 1.2 2000/07/29 09:57:42 mdw Exp $ + * $Id: prim.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Finding primitive elements * @@ -27,19 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: prim.h,v $ - * Revision 1.2 2000/07/29 09:57:42 mdw - * Improve primitive-element testing a lot. Now much more sensible and - * orthogonal: you can find a generator for any given subgroup order by - * putting in the appropriate parameters. - * - * Revision 1.1 1999/12/22 15:58:59 mdw - * Search for primitive elements using prime-search equipment. - * - */ - #ifndef CATACOMB_PRIM_H #define CATACOMB_PRIM_H diff --git a/pss.c b/pss.c index 8bbcccac..7379b117 100644 --- a/pss.c +++ b/pss.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: pss.c,v 1.1 2000/07/20 20:13:38 mdw Exp $ + * $Id: pss.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Probabistic signature scheme * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: pss.c,v $ - * Revision 1.1 2000/07/20 20:13:38 mdw - * Added Bellare and Rogaway's PSS encoding for RSA signatures. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -46,191 +38,151 @@ #include "gcipher.h" #include "ghash.h" #include "grand.h" -#include "pss.h" +#include "rsa.h" -/*----- Main code ---------------------------------------------------------*/ +/*----- Magic statics -----------------------------------------------------*/ -/* --- @pss_presign@ --- * - * - * Arguments: @pss *pp@ = pointer to PSS parameter block - * - * Returns: An initialized generic hash context. - * - * Use: Initializes a hash function for signing with PSS. A salt is - * chosen and written into the parameter block. - */ - -ghash *pss_presign(pss *pp) -{ - size_t hsz = pp->ch->hashsz; - octet *salt = xmalloc(hsz); - ghash *h; +static const octet z8[8] = { 0 }; - pp->r->ops->fill(pp->r, salt, hsz); - pp->salt = salt; - h = pp->ch->init(); - h->ops->hash(h, salt, hsz); - return (h); -} +/*----- Main code ---------------------------------------------------------*/ /* --- @pss_encode@ --- * * - * Arguments: @const void *msg@ = pointer to message (hash) data - * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer - * @void *p@ = pointer to PSS parameter block + * Arguments: @mp *d@ = where to put the answer + * @const void *m@ = pointer to the message hash + * @size_t msz@ = the size of the message hash + * @octet *b@ = scratch buffer + * @size_t sz@ = sizeo of the buffer (large enough) + * @unsigned long nbits@ = size in bits of @n@ + * @void *p@ = pointer to the PSS parameters * - * Returns: Zero of all went well, negative on failure. + * Returns: Encoded message representative, or null on error. * * Use: Implements the operation @EMSA-PSS-ENCODE@, as defined in - * PKCS#1 v. 2.1 draft 1. + * PKCS#1 v. 2.1 (RFC3447). */ -int pss_encode(const void *msg, size_t msz, void *buf, size_t sz, void *p) +mp *pss_encode(mp *d, const void *m, size_t msz, octet *b, size_t sz, + unsigned long nbits, void *p) { pss *pp = p; - octet *q, *mq, *qq; + octet *s, *r; + ghash *h; gcipher *c; - size_t hsz = pp->ch->hashsz; - size_t n; - - /* --- Ensure that everything is sensibly sized --- */ - - if (hsz + msz + 1 > sz) - return (-1); - - /* --- Fill in the initial buffer --- */ - - q = buf; - *q++ = 0; sz--; - mq = q + msz; - qq = q + sz; - n = sz - msz; - memcpy(q, msg, msz); - if (pp->salt) - memcpy(mq, pp->salt, hsz); - else - memset(mq, 0, hsz); - memset(mq + hsz, 0, n - hsz); - - /* --- Do the encryption --- */ - - c = pp->cc->init(msg, msz); - c->ops->encrypt(c, mq, mq, n); - c->ops->destroy(c); - - /* --- Done --- */ - - return (0); + unsigned mask; + size_t pssz, hsz = pp->ch->hashsz; + + /* --- Check the message length --- */ + + nbits--; + sz = (nbits + 7)/8; + mask = (1 << nbits%8) - 1; + if (!mask) mask = 0xff; + if (hsz + pp->ssz + 2 > sz) + return (0); + + /* --- Generate a random salt --- */ + + pssz = sz - pp->ssz - hsz - 2; + memset(b, 0, pssz); + b[pssz] = 0x01; + s = b + pssz + 1; + r = s + pp->ssz; + GR_FILL(pp->r, s, pp->ssz); + + /* --- Compute the salted hash --- */ + + h = GH_INIT(pp->ch); + GH_HASH(h, z8, 8); + GH_HASH(h, m, msz); + GH_HASH(h, s, pp->ssz); + GH_DONE(h, r); + r[hsz] = 0xbc; + + /* --- Do the masking --- */ + + c = GC_INIT(pp->cc, r, hsz); + GC_ENCRYPT(c, b, b, pssz + pp->ssz + 1); + GC_DESTROY(c); + b[0] &= mask; + return (mp_loadb(d, b, sz)); } /* --- @pss_decode@ --- * * - * Arguments: @const void *buf@ = pointer to encoded buffer - * @size_t sz@ = size of the encoded byffer - * @dstr *d@ = pointer to destination string - * @void *p@ = pointer to PSS parameter block + * Arguments: @mp *s@ = the message representative + * @const void *m@ = the original message + * @size_t msz@ = the message size + * @octet *b@ = a scratch buffer + * @size_t sz@ = size of the buffer (large enough) + * @unsigned long nbits@ = number of bits in @n@ + * @void *p@ = pointer to PKCS1 parameters * - * Returns: The length of the output string (hash) if successful, - * negative on failure. + * Returns: The length of the output string if successful, negative on + * failure. * - * Use: Implements most of the operation @EMSA_PSS_VERIFY@, as - * defined in PCSK#1 v. 2.1 draft 1. The salt value is filled - * in ready for hashing of the data to start. + * Use: Implements the operation @EMSA_PSS_VERIFY@, as defined in + * PCSK#1 v. 2.1 (RFC3447). */ -int pss_decode(const void *buf, size_t sz, dstr *d, void *p) +int pss_decode(mp *mi, const void *m, size_t msz, octet *b, size_t sz, + unsigned long nbits, void *p) { pss *pp = p; + octet *s, *r; + ghash *h; gcipher *c; - octet *q, *mq, *qq; - octet *ppp; - size_t n; - size_t hsz = pp->ch->hashsz; - int rc = -1; + unsigned mask; + size_t pssz, hsz = pp->ch->hashsz, i; + int rc; - /* --- Ensure that the block is large enough --- */ + /* --- Check the message length --- */ - if (sz < 2 * hsz + 1) + nbits--; + sz = (nbits + 7)/8; + if (mp_octets(mi) > sz) return (-1); + mask = (1 << nbits%8) - 1; + if (!mask) mask = 0xff; + if (hsz + pp->ssz + 2 > sz) + return (-1); + mp_storeb(mi, b, sz); - q = x_alloc(d->a, sz); - memcpy(q, buf, sz); - - /* --- Recover the salt --- */ - - if (*q++ != 0) - goto fail; - sz--; - mq = q + hsz; - qq = q + sz; - n = sz - hsz; - c = pp->cc->init(q, hsz); - c->ops->decrypt(c, mq, mq, n); - c->ops->destroy(c); - - /* --- Now check the recovery --- */ + /* --- Split up the buffer --- */ - ppp = mq + hsz; - while (ppp < qq) { - if (*ppp) - goto fail; - ppp++; - } + pssz = sz - hsz - pp->ssz - 2; + s = b + pssz + 1; + r = s + pp->ssz; + if (r[hsz] != 0xbc) + return (-1); - /* --- Done --- */ + /* --- Decode the seed --- */ - if (pp->salt) { - if (memcmp(pp->salt, mq, hsz) != 0) - goto fail; - } else { - qq = xmalloc(hsz); - memcpy(qq, mq, hsz); - pp->salt = qq; - } - dstr_putm(d, q, hsz); - rc = hsz; - -fail: - x_free(d->a, q - 1); - return (rc); -} + if (b[0] & ~mask) + return (-1); + c = GC_INIT(pp->cc, r, hsz); + GC_DECRYPT(c, b, b, pssz + pp->ssz + 1); + GC_DESTROY(c); + b[0] &= mask; + for (i = 0; i < pssz; i++) + if (b[i]) return (-1); + if (b[pssz] != 0x01) + return (-1); -/* --- @pss_preverify@ --- * - * - * Arguments: @pss *pp@ = pointer to PSS parameter block - * - * Returns: An initialized generic hash context. - * - * Use: Initializes a hash function for use with PSS. A salt is - * read from the parameter block, where @pss_decode@ should have - * left it. - */ + /* --- Hash the message --- */ -ghash *pss_preverify(pss *pp) -{ - size_t hsz = pp->ch->hashsz; - ghash *h = pp->ch->init(); - h->ops->hash(h, pp->salt, hsz); - return (h); -} + h = GH_INIT(pp->ch); + GH_HASH(h, z8, 8); + GH_HASH(h, m, msz); + GH_HASH(h, s, pp->ssz); + s = GH_DONE(h, 0); + rc = !memcmp(s, r, hsz); + GH_DESTROY(h); + if (!rc) return (-1); -/* --- @pss_done@ --- * - * - * Arguments: @pss *pp@ = pointer to PSS parameter block - * - * Returns: --- - * - * Use: Disposes of a PSS parameter block once it's finished with. - */ + /* --- Done --- */ -void pss_done(pss *pp) -{ - if (pp->salt) { - xfree(pp->salt); - pp->salt = 0; - } + return (0); } /*----- That's all, folks -------------------------------------------------*/ diff --git a/pss.h b/pss.h deleted file mode 100644 index 32928e41..00000000 --- a/pss.h +++ /dev/null @@ -1,167 +0,0 @@ -/* -*-c-*- - * - * $Id: pss.h,v 1.2 2003/05/16 09:42:03 mdw Exp $ - * - * Probabistic signature scheme - * - * (c) 2000 Straylight/Edgeware - */ - -/*----- Licensing notice --------------------------------------------------* - * - * This file is part of Catacomb. - * - * Catacomb is free software; you can redistribute it and/or modify - * it under the terms of the GNU Library General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * Catacomb is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with Catacomb; if not, write to the Free - * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - * MA 02111-1307, USA. - */ - -/*----- Revision history --------------------------------------------------* - * - * $Log: pss.h,v $ - * Revision 1.2 2003/05/16 09:42:03 mdw - * Declare @pss_preverify@ instead of repeating @pss_resign@. - * - * Revision 1.1 2000/07/20 20:13:38 mdw - * Added Bellare and Rogaway's PSS encoding for RSA signatures. - * - */ - -/*----- Notes on PSS ------------------------------------------------------* - * - * Applying PSS before RSA signing renders the construction provably secure, - * in that the difficulty of forging a signature is directly related to the - * difficulty of inverting the RSA function, in the random oracle model. - * This is a good thing. PSS was designed by Bellare and Rogaway. This - * particular variant is the one specified in draft 1 of PKCS#1 version 2.1. - * - * Stanford University have a patent claim on PSS, although if (as seems - * likely) PSS is included in IEEE P1363, they'll grant a free world-wide - * licence to use the scheme for signatures with appendix (rather than - * signatures with message recovery). - */ - -#ifndef CATACOMB_PSS_H -#define CATACOMB_PSS_H - -#ifdef __cplusplus - extern "C" { -#endif - -/*----- Header files ------------------------------------------------------*/ - -#include -#include - -#ifndef CATACOMB_GCIPHER_H -# include "gcipher.h" -#endif - -#ifndef CATACOMB_GHASH_H -# include "ghash.h" -#endif - -#ifndef CATACOMB_GRAND_H -# include "grand.h" -#endif - -/*----- Data structures ---------------------------------------------------*/ - -typedef struct pss { - const gccipher *cc; /* Cipher class for masking */ - const gchash *ch; /* Hash class for choosing a seed */ - grand *r; /* Random number source */ - void *salt; /* Pointer to the salt */ -} pss; - -/*----- Functions provided ------------------------------------------------*/ - -/* --- @pss_presign@ --- * - * - * Arguments: @pss *pp@ = pointer to PSS parameter block - * - * Returns: An initialized generic hash context. - * - * Use: Initializes a hash function for signing with PSS. A salt is - * chosen and written into the parameter block. - */ - -extern ghash *pss_presign(pss */*pp*/); - -/* --- @pss_encode@ --- * - * - * Arguments: @const void *msg@ = pointer to message (hash) data - * @size_t msz@ = size of message data - * @void *buf@ = pointer to output buffer - * @size_t sz@ = size of the output buffer - * @void *p@ = pointer to PSS parameter block - * - * Returns: Zero of all went well, negative on failure. - * - * Use: Implements the operation @EMSA-PSS-ENCODE@, as defined in - * PKCS#1 v. 2.1 draft 1. - */ - -extern int pss_encode(const void */*msg*/, size_t /*msz*/, - void */*buf*/, size_t /*sz*/, void */*p*/); - -/* --- @pss_decode@ --- * - * - * Arguments: @const void *buf@ = pointer to encoded buffer - * @size_t sz@ = size of the encoded byffer - * @dstr *d@ = pointer to destination string - * @void *p@ = pointer to PSS parameter block - * - * Returns: The length of the output string (hash) if successful, - * negative on failure. - * - * Use: Implements most of the operation @EMSA_PSS_VERIFY@, as - * defined in PCSK#1 v. 2.1 draft 1. The salt value is filled - * in ready for hashing of the data to start. - */ - -extern int pss_decode(const void */*buf*/, size_t /*sz*/, - dstr */*d*/, void */*p*/); - -/* --- @pss_preverify@ --- * - * - * Arguments: @pss *pp@ = pointer to PSS parameter block - * - * Returns: An initialized generic hash context. - * - * Use: Initializes a hash function for use with PSS. A salt is - * read from the parameter block, where @pss_decode@ should have - * left it. - */ - -extern ghash *pss_preverify(pss */*pp*/); - -/* --- @pss_done@ --- * - * - * Arguments: @pss *pp@ = pointer to PSS parameter block - * - * Returns: --- - * - * Use: Disposes of a PSS parameter block once it's finished with. - */ - -extern void pss_done(pss */*pp*/); - -/*----- That's all, folks -------------------------------------------------*/ - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/ptab.h b/ptab.h index 271eb576..05e1a5b1 100644 --- a/ptab.h +++ b/ptab.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ptab.h,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: ptab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Table of standard prime groups * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: ptab.h,v $ - * Revision 1.1 2004/04/01 12:50:09 mdw - * Add cyclic group abstraction, with test code. Separate off exponentation - * functions for better static linking. Fix a buttload of bugs on the way. - * Generally ensure that negative exponents do inversion correctly. Add - * table of standard prime-field subgroups. (Binary field subgroups are - * currently unimplemented but easy to add if anyone ever finds a good one.) - * - */ - #ifndef CATACOMB_PTAB_H #define CATACOMB_PTAB_H diff --git a/qdparse.c b/qdparse.c index 2fe69983..4b38b02d 100644 --- a/qdparse.c +++ b/qdparse.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: qdparse.c,v 1.1 2004/03/27 17:54:12 mdw Exp $ + * $Id: qdparse.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Quick-and-dirty parser * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: qdparse.c,v $ - * Revision 1.1 2004/03/27 17:54:12 mdw - * Standard curves and curve checking. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/qdparse.h b/qdparse.h index 078b3442..bbc900a1 100644 --- a/qdparse.h +++ b/qdparse.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: qdparse.h,v 1.1 2004/03/27 17:54:12 mdw Exp $ + * $Id: qdparse.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Quick-and-dirty parser * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: qdparse.h,v $ - * Revision 1.1 2004/03/27 17:54:12 mdw - * Standard curves and curve checking. - * - */ - #ifndef CATACOMB_QDPARSE_H #define CATACOMB_QDPARSE_H diff --git a/rabin.c b/rabin.c index 200ab0d6..729ecce6 100644 --- a/rabin.c +++ b/rabin.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rabin.c,v 1.8 2004/04/02 01:03:49 mdw Exp $ + * $Id: rabin.c,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Miller-Rabin primality test * @@ -27,37 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rabin.c,v $ - * Revision 1.8 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.7 2002/01/13 13:42:53 mdw - * More efficient Rabin-Miller test: with random witnesses, skip redundant - * Montgomerization. (Being bijective, it can't affect the distribution.) - * - * Revision 1.6 2001/06/16 12:56:38 mdw - * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@. - * - * Revision 1.5 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.4 2000/06/22 19:03:02 mdw - * Use the new @mp_odd@ function. - * - * Revision 1.3 1999/12/22 15:50:29 mdw - * Reworking for new prime-search system. Add function for working out how - * many iterations to use for a particular number. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/11/19 13:17:57 mdw - * Prime number generator and tester. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/rabin.h b/rabin.h index d5ee9d37..7fe49654 100644 --- a/rabin.h +++ b/rabin.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rabin.h,v 1.6 2002/01/13 13:42:53 mdw Exp $ + * $Id: rabin.h,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Miller-Rabin primality test * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rabin.h,v $ - * Revision 1.6 2002/01/13 13:42:53 mdw - * More efficient Rabin-Miller test: with random witnesses, skip redundant - * Montgomerization. (Being bijective, it can't affect the distribution.) - * - * Revision 1.5 2000/07/09 21:32:16 mdw - * rabin_test: Correct error in comment. - * - * Revision 1.4 2000/06/17 11:52:48 mdw - * Typesetting fix. - * - * Revision 1.3 1999/12/22 15:50:29 mdw - * Reworking for new prime-search system. Add function for working out how - * many iterations to use for a particular number. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/11/19 13:17:57 mdw - * Prime number generator and tester. - * - */ - #ifndef CATACOMB_RABIN_H #define CATACOMB_RABIN_H diff --git a/rand.c b/rand.c index c3b777df..827474b7 100644 --- a/rand.c +++ b/rand.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rand.c,v 1.5 2000/06/17 11:53:55 mdw Exp $ + * $Id: rand.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Secure random number generator * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rand.c,v $ - * Revision 1.5 2000/06/17 11:53:55 mdw - * Deprecate `rand_getgood'. Provide a new interface to ensure that a pool - * is well seeded. Use secure arena for memory allocation. - * - * Revision 1.4 1999/12/13 15:34:28 mdw - * Increase the entropy threshhold in rand_getgood. - * - * Revision 1.3 1999/12/10 23:28:07 mdw - * Bug fix: rand_getgood didn't update buffer pointer. - * - * Revision 1.2 1999/10/12 21:00:15 mdw - * Make pool and buffer sizes more sensible. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rand.h b/rand.h index 05721fc5..fc6247b9 100644 --- a/rand.h +++ b/rand.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rand.h,v 1.8 2001/02/03 16:07:33 mdw Exp $ + * $Id: rand.h,v 1.9 2004/04/08 01:36:15 mdw Exp $ * * Secure random number generator * @@ -27,37 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rand.h,v $ - * Revision 1.8 2001/02/03 16:07:33 mdw - * Give generic random objects separate namespaces for their supported misc - * ops. - * - * Revision 1.7 2000/10/08 12:07:18 mdw - * Remove spurious comma in enum. - * - * Revision 1.6 2000/06/17 11:53:38 mdw - * Deprecate `rand_getgood'. Provide a new interface to ensure that a pool - * is well seeded. - * - * Revision 1.5 1999/12/13 15:34:15 mdw - * Fix a typo. - * - * Revision 1.4 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.3 1999/10/15 21:04:30 mdw - * Increase output buffer a bit for performance. - * - * Revision 1.2 1999/10/12 21:00:15 mdw - * Make pool and buffer sizes more sensible. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the random number generator ------------------------------* * * The algorithm is one of the author's own devising. It may therefore be diff --git a/rc2-tab.h b/rc2-tab.h index f08adba6..795afb65 100644 --- a/rc2-tab.h +++ b/rc2-tab.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rc2-tab.h,v 1.1 2001/04/29 17:39:52 mdw Exp $ + * $Id: rc2-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Substitution table for RC2 * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rc2-tab.h,v $ - * Revision 1.1 2001/04/29 17:39:52 mdw - * Moved big horrible table to a separate header. - * - */ - #ifndef CATACOMB_RC2_TAB_H #define CATACOMB_RC2_TAB_H diff --git a/rc2.c b/rc2.c index be158f82..3fbeadc8 100644 --- a/rc2.c +++ b/rc2.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rc2.c,v 1.2 2001/04/29 17:39:52 mdw Exp $ + * $Id: rc2.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The RC2 block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rc2.c,v $ - * Revision 1.2 2001/04/29 17:39:52 mdw - * Moved big horrible table to a separate header. - * - * Revision 1.1 2000/06/17 11:54:34 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rc2.h b/rc2.h index 5217a331..99965fbc 100644 --- a/rc2.h +++ b/rc2.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rc2.h,v 1.1 2000/06/17 11:54:34 mdw Exp $ + * $Id: rc2.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The RC2 block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rc2.h,v $ - * Revision 1.1 2000/06/17 11:54:34 mdw - * New cipher. - * - */ - /*----- Notes on the RC2 block cipher -------------------------------------* * * RC2 was designed by Ron Rivest, and for a long time was a trade secret of diff --git a/rc4.c b/rc4.c index bf978d36..ac011b10 100644 --- a/rc4.c +++ b/rc4.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rc4.c,v 1.5 2001/04/03 19:36:36 mdw Exp $ + * $Id: rc4.c,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * The alleged RC4 stream cipher * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rc4.c,v $ - * Revision 1.5 2001/04/03 19:36:36 mdw - * Don't use @va_arg@ as an argument to @STORE32@! - * - * Revision 1.4 2000/06/17 11:55:22 mdw - * New key size interface. Allow key material to be combined with an - * existing initialized context. Use secure arena for memory allocation. - * - * Revision 1.3 1999/12/13 15:34:01 mdw - * Add support for seeding from a generic pseudorandom source. - * - * Revision 1.2 1999/12/10 23:27:35 mdw - * Generic cipher and RNG interfaces. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rc4.h b/rc4.h index 856846ee..ae22b4ad 100644 --- a/rc4.h +++ b/rc4.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rc4.h,v 1.3 2000/06/17 11:55:13 mdw Exp $ + * $Id: rc4.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The alleged RC4 stream cipher * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rc4.h,v $ - * Revision 1.3 2000/06/17 11:55:13 mdw - * New key size interface. Allow key material to be combined with an - * existing initialized context. - * - * Revision 1.2 1999/12/10 23:27:46 mdw - * Generic cipher and RNG interfaces. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on RC4 ------------------------------------------------------* * * RC4 is a stream cipher desgigned by Ron Rivest. For a while RC4 was a diff --git a/rc5.c b/rc5.c index a1cae70c..1636532e 100644 --- a/rc5.c +++ b/rc5.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rc5.c,v 1.2 2000/06/17 11:56:00 mdw Exp $ + * $Id: rc5.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The RC5-32/12 block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rc5.c,v $ - * Revision 1.2 2000/06/17 11:56:00 mdw - * New key size interface. Use secure arena for memory allocation. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rc5.h b/rc5.h index 04bcf327..93a0a9e5 100644 --- a/rc5.h +++ b/rc5.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rc5.h,v 1.3 2000/06/17 11:55:50 mdw Exp $ + * $Id: rc5.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The RC5-32/12 block cipher * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rc5.h,v $ - * Revision 1.3 2000/06/17 11:55:50 mdw - * New key size interface. Add notes about the cipher. - * - * Revision 1.2 1999/12/10 23:29:48 mdw - * Change header file guard names. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the RC5 block cipher -------------------------------------* * * RC5 was designed by Ron Rivest as a test vehicle for the use of data- diff --git a/rho.c b/rho.c index 57754d3f..d7624602 100644 --- a/rho.c +++ b/rho.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rho.c,v 1.4 2004/04/02 01:03:49 mdw Exp $ + * $Id: rho.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Pollard's rho algorithm for discrete logs * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rho.c,v $ - * Revision 1.4 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.3 2001/06/16 12:56:38 mdw - * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@. - * - * Revision 1.2 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.1 2000/07/09 21:32:30 mdw - * Pollard's rho algorithm for computing discrete logs. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "fibrand.h" diff --git a/rho.h b/rho.h index 27600966..c4eb12a5 100644 --- a/rho.h +++ b/rho.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rho.h,v 1.2 2004/04/02 01:03:49 mdw Exp $ + * $Id: rho.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Pollard's rho algorithm for discrete logs * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rho.h,v $ - * Revision 1.2 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.1 2000/07/09 21:32:30 mdw - * Pollard's rho algorithm for computing discrete logs. - * - */ - #ifndef CATACOMB_RHO_H #define CATACOMB_RHO_H diff --git a/rijndael-base.c b/rijndael-base.c index 0fe7213e..b2480c87 100644 --- a/rijndael-base.c +++ b/rijndael-base.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael-base.c,v 1.1 2001/05/07 17:31:37 mdw Exp $ + * $Id: rijndael-base.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Low-level stuff for all Rijndael block sizes * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael-base.c,v $ - * Revision 1.1 2001/05/07 17:31:37 mdw - * Centralize Rijndael tables and key scheduling. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rijndael-base.h b/rijndael-base.h index 1c17fdfb..684dadb9 100644 --- a/rijndael-base.h +++ b/rijndael-base.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael-base.h,v 1.1 2001/05/07 17:31:37 mdw Exp $ + * $Id: rijndael-base.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Internal header for Rijndael implementation * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael-base.h,v $ - * Revision 1.1 2001/05/07 17:31:37 mdw - * Centralize Rijndael tables and key scheduling. - * - */ - #ifndef CATACOMB_RIJNDAEL_BASE_H #define CATACOMB_RIJNDAEL_BASE_H diff --git a/rijndael-mktab.c b/rijndael-mktab.c index f5a73b8d..4360f20c 100644 --- a/rijndael-mktab.c +++ b/rijndael-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael-mktab.c,v 1.3 2000/10/14 17:13:19 mdw Exp $ + * $Id: rijndael-mktab.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Build precomputed tables for the Rijndael block cipher * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael-mktab.c,v $ - * Revision 1.3 2000/10/14 17:13:19 mdw - * Fix some compile errors. - * - * Revision 1.2 2000/06/18 23:12:15 mdw - * Change typesetting of Galois Field names. - * - * Revision 1.1 2000/06/17 11:56:07 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rijndael.c b/rijndael.c index 981e79c9..dc86274a 100644 --- a/rijndael.c +++ b/rijndael.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael.c,v 1.4 2001/05/07 17:31:53 mdw Exp $ + * $Id: rijndael.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * The Rijndael block cipher * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael.c,v $ - * Revision 1.4 2001/05/07 17:31:53 mdw - * Separate out key scheduling. - * - * Revision 1.3 2001/05/07 15:44:46 mdw - * Fix unusual numbers of rounds. Simplify implementation. - * - * Revision 1.2 2000/12/06 20:32:59 mdw - * Fix round count for weird key sizes. - * - * Revision 1.1 2000/06/17 11:56:07 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rijndael.h b/rijndael.h index 282cef8c..6b772e27 100644 --- a/rijndael.h +++ b/rijndael.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael.h,v 1.3 2001/05/07 17:31:53 mdw Exp $ + * $Id: rijndael.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The Rijndael block cipher * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael.h,v $ - * Revision 1.3 2001/05/07 17:31:53 mdw - * Separate out key scheduling. - * - * Revision 1.2 2000/10/08 15:48:58 mdw - * Update comments now that AES has been chosen. - * - * Revision 1.1 2000/06/17 11:56:07 mdw - * New cipher. - * - */ - /*----- Notes on the Rijndael block cipher --------------------------------* * * Invented by Joan Daemen and Vincent Rijmen, Rijndael is a fast, elegant diff --git a/rijndael192.c b/rijndael192.c index 1ed3b23d..d6af09b2 100644 --- a/rijndael192.c +++ b/rijndael192.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael192.c,v 1.1 2001/05/07 17:32:03 mdw Exp $ + * $Id: rijndael192.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Rijndael block cipher, 192-bit version * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael192.c,v $ - * Revision 1.1 2001/05/07 17:32:03 mdw - * New Rijndael block sizes. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rijndael192.h b/rijndael192.h index 39e21864..39f74c93 100644 --- a/rijndael192.h +++ b/rijndael192.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael192.h,v 1.1 2001/05/07 17:32:03 mdw Exp $ + * $Id: rijndael192.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Rijndael block cipher, 192-bit version * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael192.h,v $ - * Revision 1.1 2001/05/07 17:32:03 mdw - * New Rijndael block sizes. - * - */ - #ifndef CATACOMB_RIJNDAEL192_H #define CATACOMB_RIJNDAEL192_H diff --git a/rijndael256.c b/rijndael256.c index 7fc96339..957e5446 100644 --- a/rijndael256.c +++ b/rijndael256.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael256.c,v 1.1 2001/05/07 17:32:03 mdw Exp $ + * $Id: rijndael256.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Rijndael block cipher, 256-bit version * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael256.c,v $ - * Revision 1.1 2001/05/07 17:32:03 mdw - * New Rijndael block sizes. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rijndael256.h b/rijndael256.h index 69ad8cba..add26be4 100644 --- a/rijndael256.h +++ b/rijndael256.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rijndael256.h,v 1.1 2001/05/07 17:32:03 mdw Exp $ + * $Id: rijndael256.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Rijndael block cipher, 256-bit version * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rijndael256.h,v $ - * Revision 1.1 2001/05/07 17:32:03 mdw - * New Rijndael block sizes. - * - */ - #ifndef CATACOMB_RIJNDAEL256_H #define CATACOMB_RIJNDAEL256_H diff --git a/rmd128.c b/rmd128.c index c3a30127..781258f4 100644 --- a/rmd128.c +++ b/rmd128.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd128.c,v 1.1 2000/07/09 21:30:31 mdw Exp $ + * $Id: rmd128.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-128 message digest function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd128.c,v $ - * Revision 1.1 2000/07/09 21:30:31 mdw - * New RIPEMD variants. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rmd128.h b/rmd128.h index d5dc313d..85496971 100644 --- a/rmd128.h +++ b/rmd128.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd128.h,v 1.2 2000/10/15 19:09:20 mdw Exp $ + * $Id: rmd128.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-128 message digest function * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd128.h,v $ - * Revision 1.2 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.1 2000/07/09 21:30:31 mdw - * New RIPEMD variants. - * - */ - /*----- Notes on the RIPEMD-128 hash function -----------------------------* * * RIPEMD-128 was invented by Hans Dobbertin, Antoon Bosselaers and Bart diff --git a/rmd160.c b/rmd160.c index 3d56e0d8..05a2c5df 100644 --- a/rmd160.c +++ b/rmd160.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd160.c,v 1.3 2000/06/17 11:31:43 mdw Exp $ + * $Id: rmd160.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-160 message digest function * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd160.c,v $ - * Revision 1.3 2000/06/17 11:31:43 mdw - * Portability fix for broken compilers. - * - * Revision 1.2 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rmd160.h b/rmd160.h index 47454e97..13c77017 100644 --- a/rmd160.h +++ b/rmd160.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd160.h,v 1.4 2000/10/15 19:09:20 mdw Exp $ + * $Id: rmd160.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-160 message digest function * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd160.h,v $ - * Revision 1.4 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.3 2000/06/17 11:32:52 mdw - * Change buffer offset to be unsigned. - * - * Revision 1.2 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the RIPEMD-160 hash function -----------------------------* * * RIPEMD-160 was invented by Hans Dobbertin, Antoon Bosselaers and Bart diff --git a/rmd256.c b/rmd256.c index e4068e49..e545436e 100644 --- a/rmd256.c +++ b/rmd256.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd256.c,v 1.2 2001/02/23 09:02:52 mdw Exp $ + * $Id: rmd256.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-256 message digest function * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd256.c,v $ - * Revision 1.2 2001/02/23 09:02:52 mdw - * Fix poorly copied comment. - * - * Revision 1.1 2000/07/09 21:30:31 mdw - * New RIPEMD variants. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rmd256.h b/rmd256.h index 28a9dfd9..d9d6d40e 100644 --- a/rmd256.h +++ b/rmd256.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd256.h,v 1.2 2000/10/15 19:09:20 mdw Exp $ + * $Id: rmd256.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-256 message digest function * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd256.h,v $ - * Revision 1.2 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.1 2000/07/09 21:30:31 mdw - * New RIPEMD variants. - * - */ - /*----- Notes on the RIPEMD-256 hash function -----------------------------* * * RIPEMD-256 was invented by Hans Dobbertin, Antoon Bosselaers and Bart diff --git a/rmd320.c b/rmd320.c index 8e948c21..ed38f159 100644 --- a/rmd320.c +++ b/rmd320.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd320.c,v 1.1 2000/07/09 21:30:31 mdw Exp $ + * $Id: rmd320.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-320 message digest function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd320.c,v $ - * Revision 1.1 2000/07/09 21:30:31 mdw - * New RIPEMD variants. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/rmd320.h b/rmd320.h index 5afa688e..ae774d9d 100644 --- a/rmd320.h +++ b/rmd320.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rmd320.h,v 1.2 2000/10/15 19:09:20 mdw Exp $ + * $Id: rmd320.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The RIPEMD-320 message digest function * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rmd320.h,v $ - * Revision 1.2 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.1 2000/07/09 21:30:31 mdw - * New RIPEMD variants. - * - */ - /*----- Notes on the RIPEMD-320 hash function -----------------------------* * * RIPEMD-320 was invented by Hans Dobbertin, Antoon Bosselaers and Bart diff --git a/rsa-fetch.c b/rsa-fetch.c index feb8e97c..44369463 100644 --- a/rsa-fetch.c +++ b/rsa-fetch.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rsa-fetch.c,v 1.2 2000/07/01 11:19:22 mdw Exp $ + * $Id: rsa-fetch.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Key fetching for RSA public and private keys * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rsa-fetch.c,v $ - * Revision 1.2 2000/07/01 11:19:22 mdw - * New functions for freeing public and private keys. - * - * Revision 1.1 2000/06/17 10:41:45 mdw - * Table for driving key data extraction. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "key.h" diff --git a/rsa-gen.c b/rsa-gen.c index e3f5fdaf..951ab9f4 100644 --- a/rsa-gen.c +++ b/rsa-gen.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rsa-gen.c,v 1.4 2000/10/08 12:11:22 mdw Exp $ + * $Id: rsa-gen.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * RSA parameter generation * @@ -27,38 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rsa-gen.c,v $ - * Revision 1.4 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.3 2000/07/01 11:22:22 mdw - * Remove bad type name `rsa_param'. - * - * Revision 1.2 2000/06/17 12:05:15 mdw - * Lots of changes: - * - * * Apply limits on %$\gcd(p - 1, q - 1)$% to reduce the space of - * equivalent decryption exponents. - * - * * Force %$e = F_4 = 2^{16} + 1$% to avoid small-encryption-exponent - * attacks. - * - * * Ensure that %$p > q$% and that %$p - q$% is large to deter - * square-root-based factoring methods. - * - * * Use %$e d \equiv 1 \pmod{\lambda(n)}$%, where %$\lambda(n)$% is - * %$\lcm(p - 1, q - 1)$%, as recommended in PKCS#1, rather than the - * more usual %$\varphi(n) = (p - 1)(q - 1)$%. - * - * * Handle aborts from pgen_jump. - * - * Revision 1.1 1999/12/22 15:50:45 mdw - * Initial RSA support. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -163,7 +131,7 @@ again: /* --- Work out the modulus and the CRT coefficient --- */ rp->n = mp_mul(MP_NEW, rp->p, rp->q); - rp->q_inv = MP_NEW; mp_gcd(0, 0, &rp->q_inv, rp->p, rp->q); + rp->q_inv = mp_modinv(MP_NEW, rp->q, rp->p); /* --- Work out %$\varphi(n) = (p - 1)(q - 1)$% --- * * diff --git a/rsa-priv.c b/rsa-priv.c index a529f0bc..8869ca45 100644 --- a/rsa-priv.c +++ b/rsa-priv.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rsa-priv.c,v 1.3 2001/06/16 12:56:38 mdw Exp $ + * $Id: rsa-priv.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * RSA private-key operations * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rsa-priv.c,v $ - * Revision 1.3 2001/06/16 12:56:38 mdw - * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@. - * - * Revision 1.2 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.1 2000/07/01 11:23:20 mdw - * Renamed from `rsa-decrypt', since the name was no longer appropriate. - * Add functions for doing padded RSA decryption and signing. - * - * --- Previous lives as rsa-decrypt.c --- - * - * Revision 1.2 2000/06/17 11:57:56 mdw - * Improve bulk performance by making better use of Montgomery - * multiplication and separating out initialization and finalization from - * the main code. - * - * Revision 1.1 1999/12/22 15:50:45 mdw - * Initial RSA support. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -228,82 +203,59 @@ mp *rsa_qprivop(rsa_priv *rp, mp *d, mp *c, grand *r) /* --- @rsa_sign@ --- * * * Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context + * @mp *d@ = where to put the result * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_encodeproc e@ = encoding procedure + * @size_t msz@ = size of input message + * @rsa_pad *e@ = encoding procedure * @void *earg@ = argument pointer for encoding procedure * - * Returns: The length of the output string if successful, negative on + * Returns: The signature, as a multiprecision integer, or null on * failure. * * Use: Computes an RSA digital signature. */ -int rsa_sign(rsa_privctx *rp, const void *m, size_t sz, - dstr *d, rsa_encodeproc e, void *earg) +mp *rsa_sign(rsa_privctx *rp, mp *d, const void *m, size_t msz, + rsa_pad *e, void *earg) { - mp *x; - size_t n = mp_octets(rp->rp->n); octet *p; - int rc; - - /* --- Sort out some space --- */ - - dstr_ensure(d, n); - p = (octet *)d->buf + d->len; - p[0] = 0; - - /* --- Do the packing --- */ - - if ((rc = e(m, sz, p, n, earg)) < 0) - return (rc); - - /* --- Do the encryption --- */ - - x = mp_loadb(MP_NEWSEC, p, n); - x = rsa_privop(rp, x, x); - mp_storeb(x, p, n); - d->len += n; - mp_drop(x); - return (n); + unsigned long nb = mp_bits(rp->rp->n); + size_t n = (nb + 7)/8; + arena *a = d && d->a ? d->a->a : arena_global; + + p = x_alloc(a, n); + d = e(d, m, msz, p, n, nb, earg); + x_free(a, p); + return (d ? rsa_privop(rp, d, d) : 0); } /* --- @rsa_decrypt@ --- * * * Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context - * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message + * @mp *m@ = encrypted message, as a multiprecision integer * @dstr *d@ = pointer to output string - * @rsa_decodeproc e@ = decoding procedure + * @rsa_decunpad *e@ = decoding procedure * @void *earg@ = argument pointer for decoding procedure * * Returns: The length of the output string if successful, negative on * failure. * - * Use: Does RSA signature verification. + * Use: Does RSA decryption. */ -int rsa_decrypt(rsa_privctx *rp, const void *m, size_t sz, - dstr *d, rsa_decodeproc e, void *earg) +int rsa_decrypt(rsa_privctx *rp, mp *m, dstr *d, + rsa_decunpad *e, void *earg) { - mp *x; - size_t n = mp_octets(rp->rp->n); - octet *p; + mp *p = rsa_privop(rp, MP_NEW, m); + unsigned long nb = mp_bits(rp->rp->n); + size_t n = (nb + 7)/8; int rc; - /* --- Do the exponentiation --- */ - - p = x_alloc(d->a, n); - x = mp_loadb(MP_NEW, m, sz); - x = rsa_privop(rp, x, x); - mp_storeb(x, p, n); - mp_drop(x); - - /* --- Do the decoding --- */ - - rc = e(p, n, d, earg); - x_free(d->a, p); + dstr_ensure(d, n); + rc = e(p, (octet *)d->buf + d->len, n, nb, earg); + if (rc >= 0) + d->len += rc; + mp_drop(p); return (rc); } diff --git a/rsa-pub.c b/rsa-pub.c index e5ec16c0..df3fed18 100644 --- a/rsa-pub.c +++ b/rsa-pub.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rsa-pub.c,v 1.2 2000/10/08 16:00:32 mdw Exp $ + * $Id: rsa-pub.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * [RSA encryption with padding * * (c) 2000 Straylight/Edgeware @@ -26,18 +26,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rsa-pub.c,v $ - * Revision 1.2 2000/10/08 16:00:32 mdw - * Fix compiler warning. - * - * Revision 1.1 2000/07/01 11:23:52 mdw - * Public-key operations, for symmetry with `rsa-priv.c'. Functions for - * doing padded RSA encryption and signature verification. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -121,82 +109,83 @@ mp *rsa_qpubop(rsa_pub *rp, mp *d, mp *c) /* --- @rsa_encrypt@ --- * * * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context + * @mp *d@ = proposed destination integer * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_encodeproc e@ = encoding procedure + * @size_t msz@ = size of input message + * @rsa_pad *e@ = encoding procedure * @void *earg@ = argument pointer for encoding procedure * - * Returns: The length of the output string if successful, negative on - * failure. + * Returns: The encrypted message, as a multiprecision integer, or null + * on failure. * * Use: Does RSA encryption. */ -int rsa_encrypt(rsa_pubctx *rp, const void *m, size_t sz, - dstr *d, rsa_encodeproc e, void *earg) +mp *rsa_encrypt(rsa_pubctx *rp, mp *d, const void *m, size_t msz, + rsa_pad *e, void *earg) { - mp *x; - size_t n = mp_octets(rp->rp->n); octet *p; - int rc; - - /* --- Sort out some space --- */ - - dstr_ensure(d, n); - p = (octet *)d->buf + d->len; - p[0] = 0; - - /* --- Do the packing --- */ - - if ((rc = e(m, sz, p, n, earg)) < 0) - return (rc); - - /* --- Do the encryption --- */ - - x = mp_loadb(MP_NEWSEC, p, n); - x = rsa_pubop(rp, x, x); - mp_storeb(x, p, n); - d->len += n; - mp_drop(x); - return (n); + unsigned long nb = mp_bits(rp->rp->n); + size_t n = (nb + 7)/8; + arena *a = d && d->a ? d->a->a : arena_global; + + p = x_alloc(a, n); + d = e(d, m, msz, p, n, nb, earg); + x_free(a, p); + return (d ? rsa_pubop(rp, d, d) : 0); } /* --- @rsa_verify@ --- * * - * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context - * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_decodeproc e@ = decoding procedure + * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt + * @mp *s@ = the signature, as a multiprecision integer + * @const void *m@ = pointer to message to verify, or null + * @size_t msz@ = size of input message + * @dstr *d@ = pointer to output string, or null + * @rsa_vfrunpad *e@ = decoding procedure * @void *earg@ = argument pointer for decoding procedure * - * Returns: The length of the output string if successful, negative on - * failure. + * Returns: The length of the output string if successful (0 if no output + * was wanted); negative on failure. * - * Use: Does RSA signature verification. + * Use: Does RSA signature verification. To use a signature scheme + * with recovery, pass in @m == 0@ and @d != 0@: the recovered + * message should appear in @d@. To use a signature scheme with + * appendix, provide @m != 0@ and @d == 0@; the result should be + * zero for success. */ -int rsa_verify(rsa_pubctx *rp, const void *m, size_t sz, - dstr *d, rsa_decodeproc e, void *earg) +int rsa_verify(rsa_pubctx *rp, mp *s, const void *m, size_t msz, + dstr *d, rsa_vrfunpad *e, void *earg) { - mp *x; - size_t n = mp_octets(rp->rp->n); - octet *p; + mp *p = rsa_pubop(rp, MP_NEW, s); + unsigned long nb = mp_bits(rp->rp->n); + size_t n = (nb + 7)/8; + dstr dd = DSTR_INIT; int rc; - /* --- Do the exponentiation --- */ - - p = x_alloc(d->a, n); - x = mp_loadb(MP_NEW, m, sz); - x = rsa_pubop(rp, x, x); - mp_storeb(x, p, n); - mp_drop(x); + /* --- Decoder protocol --- * + * + * We deal with two kinds of decoders: ones with message recovery and ones + * with appendix. A decoder with recovery will leave a message in the + * buffer and exit nonzero: we'll check that against @m@ if provided and + * just leave it otherwise. A decoder with appendix will inspect @m@ and + * return zero or @-1@ itself. + */ - /* --- Do the decoding --- */ - - rc = e(p, n, d, earg); - x_free(d->a, p); + if (!d) d = ⅆ + dstr_ensure(d, n); + rc = e(p, m, msz, (octet *)d->buf + d->len, n, nb, earg); + if (rc > 0 && m) { + if (rc != msz || memcmp(d->buf + d->len, m, msz) != 0) + rc = -1; + else + rc = 0; + } + if (rc > 0) + d->len += rc; + mp_drop(p); + dstr_destroy(&dd); return (rc); } diff --git a/rsa-recover.c b/rsa-recover.c index 8052ddcf..5cf1f065 100644 --- a/rsa-recover.c +++ b/rsa-recover.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rsa-recover.c,v 1.6 2001/06/16 12:56:38 mdw Exp $ + * $Id: rsa-recover.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Recover RSA parameters * @@ -27,31 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rsa-recover.c,v $ - * Revision 1.6 2001/06/16 12:56:38 mdw - * Fixes for interface change to @mpmont_expr@ and @mpmont_mexpr@. - * - * Revision 1.5 2000/10/08 12:11:22 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.4 2000/07/01 11:22:22 mdw - * Remove bad type name `rsa_param'. - * - * Revision 1.3 2000/06/22 19:03:14 mdw - * Use the new @mp_odd@ function. - * - * Revision 1.2 2000/06/17 12:07:19 mdw - * Fix a bug in argument validation. Force %$p > q$% in output. Use - * %$\lambda(n) = \lcm(p - 1, q - 1)$% rather than the more traditional - * %$\phi(n) = (p - 1)(q - 1)$% when computing the decryption exponent. - * - * Revision 1.1 1999/12/22 15:50:45 mdw - * Initial RSA support. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "mp.h" diff --git a/rsa-test.c b/rsa-test.c new file mode 100644 index 00000000..16f44e56 --- /dev/null +++ b/rsa-test.c @@ -0,0 +1,514 @@ +/* -*-c-*- + * + * $Id: rsa-test.c,v 1.1 2004/04/08 01:36:15 mdw Exp $ + * + * Testing RSA padding operations + * + * (c) 2004 Straylight/Edgeware + */ + +/*----- Licensing notice --------------------------------------------------* + * + * This file is part of Catacomb. + * + * Catacomb is free software; you can redistribute it and/or modify + * it under the terms of the GNU Library General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * Catacomb is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with Catacomb; if not, write to the Free + * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +/*----- Header files ------------------------------------------------------*/ + +#include "fibrand.h" +#include "rsa.h" + +/*----- Main code ---------------------------------------------------------*/ + +static int tencpad(int nbits, + dstr *p, int rc, mp *c, + const char *ename, dstr *eparam, rsa_pad *e, void *earg) +{ + size_t n = (nbits + 7)/8; + void *q = xmalloc(n); + mp *d; + int ok = 1; + + d = e(MP_NEW, p->buf, p->len, q, n, nbits, earg); + if (!d == !rc || (!rc && !MP_EQ(d, c))) { + ok = 0; + fprintf(stderr, "*** %s padding failed!\n", ename); + fprintf(stderr, "*** padding bits = %d\n", nbits); + if (eparam) { + fprintf(stderr, "*** encoding parameters = "); + type_hex.dump(eparam, stderr); + fputc('\n', stderr); + } + fprintf(stderr, "*** input message = "); type_hex.dump(p, stderr); + if (rc) + fprintf(stderr, "\n*** expected failure\n"); + else { + MP_EPRINTX("\n*** expected", c); + MP_EPRINTX("*** computed", d); + } + } + mp_drop(d); + mp_drop(c); + xfree(q); + assert(mparena_count(MPARENA_GLOBAL) == 0); + return (ok); +} + +#define tsigpad tencpad + +#define DSTR_EQ(x, y) \ + ((x)->len == (y)->len && !memcmp((x)->buf, (y)->buf, (x)->len)) + +static int tdecpad(int nbits, + mp *c, int rc, dstr *p, + const char *ename, dstr *eparam, + rsa_decunpad *e, void *earg) +{ + dstr d = DSTR_INIT; + int n = (nbits + 7)/8; + int ok = 1; + + dstr_ensure(&d, n); + n = e(c, (octet *)d.buf, n, nbits, earg); + if (n >= 0) + d.len += n; + if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) { + ok = 0; + fprintf(stderr, "*** %s encryption unpadding failed!\n", ename); + fprintf(stderr, "*** padding bits = %d\n", nbits); + if (eparam) { + fprintf(stderr, "*** encoding parameters = "); + type_hex.dump(eparam, stderr); + fputc('\n', stderr); + } + MP_EPRINTX("*** input", c); + if (rc < 0) + fprintf(stderr, "*** expected failure\n"); + else { + fprintf(stderr, "*** expected: %d = ", rc); type_hex.dump(p, stderr); + fprintf(stderr, "\n*** computed: %d = ", n); type_hex.dump(&d, stderr); + fprintf(stderr, "\n"); + } + } + mp_drop(c); + dstr_destroy(&d); + assert(mparena_count(MPARENA_GLOBAL) == 0); + return (ok); +} + +static int tvrfpad(int nbits, + mp *c, dstr *m, int rc, dstr *p, + const char *ename, dstr *eparam, + rsa_vrfunpad *e, void *earg) +{ + dstr d = DSTR_INIT; + int n = (nbits + 7)/8; + int ok = 1; + + dstr_ensure(&d, n); + n = e(c, m->len ? (octet *)m->buf : 0, m->len, + (octet *)d.buf, n, nbits, earg); + if (n >= 0) + d.len += n; + if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) { + ok = 0; + fprintf(stderr, "*** %s signature unpadding failed!\n", ename); + fprintf(stderr, "*** padding bits = %d\n", nbits); + MP_EPRINTX("*** input", c); + if (eparam) { + fprintf(stderr, "*** encoding parameters = "); + type_hex.dump(eparam, stderr); + fputc('\n', stderr); + } + fprintf(stderr, "*** message = "); type_hex.dump(m, stderr); + if (rc < 0) + fprintf(stderr, "\n*** expected failure\n"); + else { + fprintf(stderr, "\n*** expected = %d: ", rc); type_hex.dump(p, stderr); + fprintf(stderr, "\n*** computed = %d: ", n); type_hex.dump(&d, stderr); + fprintf(stderr, "\n"); + } + } + mp_drop(c); + dstr_destroy(&d); + assert(mparena_count(MPARENA_GLOBAL) == 0); + return (ok); +} + +static int tencpub(rsa_pub *rp, + dstr *p, int rc, mp *c, + const char *ename, dstr *eparam, rsa_pad *e, void *earg) +{ + mp *d; + rsa_pubctx rpc; + int ok = 1; + + rsa_pubcreate(&rpc, rp); + d = rsa_encrypt(&rpc, MP_NEW, p->buf, p->len, e, earg); + if (!d == !rc || (!rc && !MP_EQ(d, c))) { + ok = 0; + fprintf(stderr, "*** encrypt with %s padding failed!\n", ename); + MP_EPRINTX("*** key.n", rp->n); + MP_EPRINTX("*** key.e", rp->e); + if (eparam) { + fprintf(stderr, "*** encoding parameters = "); + type_hex.dump(eparam, stderr); + fputc('\n', stderr); + } + fprintf(stderr, "*** input message = "); type_hex.dump(p, stderr); + if (rc) + fprintf(stderr, "\n*** expected failure\n"); + else { + MP_EPRINTX("\n*** expected", c); + MP_EPRINTX("*** computed", d); + } + } + rsa_pubdestroy(&rpc); + rsa_pubfree(rp); + mp_drop(d); + mp_drop(c); + assert(mparena_count(MPARENA_GLOBAL) == 0); + return (ok); +} + +static int tsigpriv(rsa_priv *rp, + dstr *p, int rc, mp *c, + const char *ename, dstr *eparam, rsa_pad *e, void *earg) +{ + mp *d; + grand *r = fibrand_create(0); + rsa_privctx rpc; + int ok = 1; + + rsa_privcreate(&rpc, rp, r); + d = rsa_sign(&rpc, MP_NEW, p->buf, p->len, e, earg); + if (!d == !rc || (!rc && !MP_EQ(d, c))) { + ok = 0; + fprintf(stderr, "*** sign with %s padding failed!\n", ename); + MP_EPRINTX("*** key.n", rp->n); + MP_EPRINTX("*** key.d", rp->d); + MP_EPRINTX("*** key.e", rp->e); + if (eparam) { + fprintf(stderr, "*** encoding parameters = "); + type_hex.dump(eparam, stderr); + fputc('\n', stderr); + } + fprintf(stderr, "*** input message = "); type_hex.dump(p, stderr); + if (rc) + fprintf(stderr, "\n*** expected failure\n"); + else { + MP_EPRINTX("\n*** expected", c); + MP_EPRINTX("\n*** computed", d); + } + } + rsa_privdestroy(&rpc); + rsa_privfree(rp); + mp_drop(d); + mp_drop(c); + GR_DESTROY(r); + assert(mparena_count(MPARENA_GLOBAL) == 0); + return (ok); +} + +static int tdecpriv(rsa_priv *rp, + mp *c, int rc, dstr *p, + const char *ename, dstr *eparam, + rsa_decunpad *e, void *earg) +{ + rsa_privctx rpc; + dstr d = DSTR_INIT; + grand *r = fibrand_create(0); + int n; + int ok = 1; + + rsa_privcreate(&rpc, rp, r); + n = rsa_decrypt(&rpc, c, &d, e, earg); + if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) { + ok = 0; + fprintf(stderr, "*** decryption with %s padding failed!\n", ename); + MP_EPRINTX("*** key.n", rp->n); + MP_EPRINTX("*** key.d", rp->d); + MP_EPRINTX("*** key.e", rp->e); + if (eparam) { + fprintf(stderr, "*** encoding parameters = "); + type_hex.dump(eparam, stderr); + fputc('\n', stderr); + } + MP_EPRINTX("*** input", c); + if (rc < 0) + fprintf(stderr, "*** expected failure\n"); + else { + fprintf(stderr, "*** expected = %d: ", rc); type_hex.dump(p, stderr); + fprintf(stderr, "\n*** computed = %d: ", n); type_hex.dump(&d, stderr); + fprintf(stderr, "\n"); + } + } + rsa_privdestroy(&rpc); + rsa_privfree(rp); + mp_drop(c); + dstr_destroy(&d); + GR_DESTROY(r); + assert(mparena_count(MPARENA_GLOBAL) == 0); + return (ok); +} + +static int tvrfpub(rsa_pub *rp, + mp *c, dstr *m, int rc, dstr *p, + const char *ename, dstr *eparam, + rsa_vrfunpad *e, void *earg) +{ + rsa_pubctx rpc; + dstr d = DSTR_INIT; + int n; + int ok = 1; + + rsa_pubcreate(&rpc, rp); + n = rsa_verify(&rpc, c, m->len ? m->buf : 0, m->len, &d, e, earg); + if (n != rc || (rc >= 0 && !DSTR_EQ(&d, p))) { + ok = 0; + fprintf(stderr, "*** verification with %s padding failed!\n", ename); + MP_EPRINTX("*** key.n", rp->n); + MP_EPRINTX("*** key.e", rp->e); + if (eparam) { + fprintf(stderr, "*** encoding parameters = "); + type_hex.dump(eparam, stderr); + fputc('\n', stderr); + } + MP_EPRINTX("*** input", c); + fprintf(stderr, "*** message = "); type_hex.dump(m, stderr); + if (rc < 0) + fprintf(stderr, "*** expected failure\n"); + else { + fprintf(stderr, "*** expected = %d: ", rc); type_hex.dump(p, stderr); + fprintf(stderr, "\n*** computed = %d: ", n); type_hex.dump(&d, stderr); + fprintf(stderr, "\n"); + } + } + rsa_pubdestroy(&rpc); + rsa_pubfree(rp); + mp_drop(c); + dstr_destroy(&d); + assert(mparena_count(MPARENA_GLOBAL) == 0); + return (ok); +} + +/*----- Deep magic --------------------------------------------------------* + * + * Wahey! Whacko macro programming on curry and lager. There's nothing like + * it. + */ + +#define DECL_priv \ + rsa_priv rp = { 0 }; +#define FUNC_priv \ + rp.n = *(mp **)v++->buf; \ + rp.e = *(mp **)v++->buf; \ + rp.d = *(mp **)v++->buf; \ + rsa_recover(&rp); +#define ARG_priv \ + &rp, +#define TAB_priv \ + &type_mp, &type_mp, &type_mp, + +#define DECL_pub \ + rsa_pub rp; +#define FUNC_pub \ + rp.n = *(mp **)v++->buf; \ + rp.e = *(mp **)v++->buf; +#define ARG_pub \ + &rp, +#define TAB_pub \ + &type_mp, &type_mp, + +#define DECL_pad \ + int nbits; +#define FUNC_pad \ + nbits = *(int *)v++->buf; +#define ARG_pad \ + nbits, +#define TAB_pad \ + &type_int, + +#define DECL_enc \ + dstr *p; \ + int rc; \ + mp *c; +#define FUNC_enc \ + p = v++; \ + rc = *(int *)v++->buf; \ + c = *(mp **)v++->buf; +#define ARG_enc \ + p, rc, c, +#define TAB_enc \ + &type_hex, &type_int, &type_mp, + +#define DECL_sig DECL_enc +#define FUNC_sig FUNC_enc +#define ARG_sig ARG_enc +#define TAB_sig TAB_enc + +#define DECL_dec \ + mp *c; \ + int rc; \ + dstr *p; +#define FUNC_dec \ + c = *(mp **)v++->buf; \ + rc = *(int *)v++->buf; \ + p = v++; +#define ARG_dec \ + c, rc, p, +#define TAB_dec \ + &type_mp, &type_int, &type_hex, + +#define DECL_vrf \ + mp *c; \ + dstr *m; \ + int rc; \ + dstr *p; +#define FUNC_vrf \ + c = *(mp **)v++->buf; \ + m = v++; \ + rc = *(int *)v++->buf; \ + p = v++; +#define ARG_vrf \ + c, m, rc, p, +#define TAB_vrf \ + &type_mp, &type_hex, &type_int, &type_hex, + +#define DECL_p1enc \ + pkcs1 p1; \ + dstr *ep; +#define FUNC_p1enc \ + p1.r = fib; \ + ep = v++; \ + p1.ep = ep->buf; \ + p1.epsz = ep->len; +#define ARG_p1enc \ + "pkcs1", ep, pkcs1_cryptencode, &p1 +#define TAB_p1enc \ + &type_hex + +#define DECL_p1sig DECL_p1enc +#define FUNC_p1sig FUNC_p1enc +#define ARG_p1sig \ + "pkcs1", ep, pkcs1_sigencode, &p1 +#define TAB_p1sig TAB_p1enc + +#define DECL_p1dec DECL_p1enc +#define FUNC_p1dec FUNC_p1enc +#define ARG_p1dec \ + "pkcs1", ep, pkcs1_cryptdecode, &p1 +#define TAB_p1dec TAB_p1enc + +#define DECL_p1vrf DECL_p1enc +#define FUNC_p1vrf FUNC_p1enc +#define ARG_p1vrf \ + "pkcs1", ep, pkcs1_sigdecode, &p1 +#define TAB_p1vrf TAB_p1enc + +#define DECL_oaepenc \ + oaep o; \ + dstr *ep; +#define FUNC_oaepenc \ + o.r = fib; \ + o.cc = gcipher_byname(v++->buf); \ + o.ch = ghash_byname(v++->buf); \ + ep = v++; \ + o.ep = ep->buf; \ + o.epsz = ep->len; +#define ARG_oaepenc \ + "oaep", ep, oaep_encode, &o +#define TAB_oaepenc \ + &type_string, &type_string, &type_hex + +#define DECL_oaepdec DECL_oaepenc +#define FUNC_oaepdec FUNC_oaepenc +#define ARG_oaepdec \ + "oaep", ep, oaep_decode, &o +#define TAB_oaepdec TAB_oaepenc + +#define DECL_psssig \ + pss pp; +#define FUNC_psssig \ + pp.r = fib; \ + pp.cc = gcipher_byname(v++->buf); \ + pp.ch = ghash_byname(v++->buf); \ + pp.ssz = *(int *)v++->buf; +#define ARG_psssig \ + "pss", 0, pss_encode, &pp +#define TAB_psssig \ + &type_string, &type_string, &type_int + +#define DECL_pssvrf DECL_psssig +#define FUNC_pssvrf FUNC_psssig +#define ARG_pssvrf \ + "pss", 0, pss_decode, &pp +#define TAB_pssvrf TAB_psssig + +#define TESTS(DO) \ + DO(pad, enc, p1enc) \ + DO(pad, dec, p1dec) \ + DO(pad, sig, p1sig) \ + DO(pad, vrf, p1vrf) \ + DO(pub, enc, p1enc) \ + DO(priv, dec, p1dec) \ + DO(priv, sig, p1sig) \ + DO(pub, vrf, p1vrf) \ + DO(pad, enc, oaepenc) \ + DO(pad, dec, oaepdec) \ + DO(pub, enc, oaepenc) \ + DO(priv, dec, oaepdec) \ + DO(pad, sig, psssig) \ + DO(pad, vrf, pssvrf) \ + DO(priv, sig, psssig) \ + DO(pub, vrf, pssvrf) + +#define FUNCS(key, op, enc) \ + int t_##key##_##enc(dstr *v) \ + { \ + DECL_##key \ + DECL_##op \ + DECL_##enc \ + fib->ops->misc(fib, GRAND_SEEDINT, 14); \ + FUNC_##key \ + FUNC_##op \ + FUNC_##enc \ + return (t##op##key(ARG_##key ARG_##op ARG_##enc)); \ + } + +#define TAB(key, op, enc) \ + { #enc "-" #key, t_##key##_##enc, { TAB_##key TAB_##op TAB_##enc } }, + +static grand *fib; + +TESTS(FUNCS) + +static const test_chunk tests[] = { + TESTS(TAB) + { 0 } +}; + +int main(int argc, char *argv[]) +{ + sub_init(); + fib = fibrand_create(0); + test_run(argc, argv, tests, SRCDIR "/tests/rsa"); + GR_DESTROY(fib); + return (0); +} + +/*----- That's all, folks -------------------------------------------------*/ diff --git a/rsa.h b/rsa.h index e40f5e44..cf8848c1 100644 --- a/rsa.h +++ b/rsa.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rsa.h,v 1.3 2000/07/01 11:24:37 mdw Exp $ + * $Id: rsa.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The RSA public-key cryptosystem * @@ -27,22 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rsa.h,v $ - * Revision 1.3 2000/07/01 11:24:37 mdw - * Remove bad type name `rsa_param'. New functions for freeing public and - * private keys. Add types and functions for doing pubic key operations, - * and padded RSA operations. - * - * Revision 1.2 2000/06/17 12:07:36 mdw - * Add key fetching interface. Add new rsa_decrypt interface. - * - * Revision 1.1 1999/12/22 15:50:45 mdw - * Initial RSA support. - * - */ - #ifndef CATACOMB_RSA_H #define CATACOMB_RSA_H @@ -56,6 +40,14 @@ # include "grand.h" #endif +#ifndef CATACOMB_GCIPHER_H +# include "gcipher.h" +#endif + +#ifndef CATACOMB_GHASH_H +# include "ghash.h" +#endif + #ifndef CATACOMB_KEY_H # include "key.h" #endif @@ -104,10 +96,16 @@ typedef struct rsa_pubctx { * See `oaep.h' and `pkcs1.h' for appropriate encoding functions. */ -typedef int (*rsa_encodeproc)(const void */*m*/, size_t /*msz*/, - void */*buf*/, size_t /*sz*/, void */*p*/); -typedef int (*rsa_decodeproc)(const void */*m*/, size_t /*msz*/, - dstr */*d*/, void */*p*/); +typedef mp *rsa_pad(mp */*d*/, const void */*m*/, size_t /*msz*/, + octet */*b*/, size_t /*sz*/, + unsigned long /*nbits*/, void */*p*/); + +typedef int rsa_decunpad(mp */*m*/, octet */*b*/, size_t /*sz*/, + unsigned long /*nbits*/, void */*p*/); + +typedef int rsa_vrfunpad(mp */*s*/, const void */*m*/, size_t /*msz*/, + octet */*b*/, size_t /*sz*/, + unsigned long /*nbits*/, void */*p*/); /*----- Key fetching ------------------------------------------------------*/ @@ -196,38 +194,38 @@ extern mp *rsa_qprivop(rsa_priv */*rp*/, mp */*d*/, mp */*c*/, grand */*r*/); /* --- @rsa_sign@ --- * * * Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context + * @mp *d@ = where to put the result * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_encodeproc e@ = encoding procedure + * @size_t msz@ = size of input message + * @rsa_pad *e@ = encoding procedure * @void *earg@ = argument pointer for encoding procedure * - * Returns: The length of the output string if successful, negative on + * Returns: The signature, as a multiprecision integer, or null on * failure. * * Use: Computes an RSA digital signature. */ -extern int rsa_sign(rsa_privctx */*rp*/, const void */*m*/, size_t /*sz*/, - dstr */*d*/, rsa_encodeproc /*e*/, void */*earg*/); +extern mp *rsa_sign(rsa_privctx */*rp*/, mp */*d*/, + const void */*m*/, size_t /*msz*/, + rsa_pad */*e*/, void */*earg*/); /* --- @rsa_decrypt@ --- * * * Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context - * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message + * @mp *m@ = encrypted message, as a multiprecision integer * @dstr *d@ = pointer to output string - * @rsa_decodeproc e@ = decoding procedure + * @rsa_decunpad *e@ = decoding procedure * @void *earg@ = argument pointer for decoding procedure * * Returns: The length of the output string if successful, negative on * failure. * - * Use: Does RSA signature verification. + * Use: Does RSA decryption. */ -extern int rsa_decrypt(rsa_privctx */*rp*/, const void */*m*/, size_t /*sz*/, - dstr */*d*/, rsa_decodeproc /*e*/, void */*earg*/); +extern int rsa_decrypt(rsa_privctx */*rp*/, mp */*m*/, + dstr */*d*/, rsa_decunpad */*e*/, void */*earg*/); /*----- RSA public key operations -----------------------------------------*/ @@ -283,38 +281,45 @@ extern mp *rsa_qpubop(rsa_pub */*rp*/, mp */*d*/, mp */*c*/); /* --- @rsa_encrypt@ --- * * * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context + * @mp *d@ = proposed destination integer * @const void *m@ = pointer to input message - * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_encodeproc e@ = encoding procedure + * @size_t msz@ = size of input message + * @rsa_pad *e@ = encoding procedure * @void *earg@ = argument pointer for encoding procedure * - * Returns: The length of the output string if successful, negative on - * failure. + * Returns: The encrypted message, as a multiprecision integer, or null + * on failure. * * Use: Does RSA encryption. */ -extern int rsa_encrypt(rsa_pubctx */*rp*/, const void */*m*/, size_t /*sz*/, - dstr */*d*/, rsa_encodeproc /*e*/, void */*earg*/); +extern mp *rsa_encrypt(rsa_pubctx */*rp*/, mp */*d*/, + const void */*m*/, size_t /*msz*/, + rsa_pad */*e*/, void */*earg*/); /* --- @rsa_verify@ --- * * * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt - * @const void *m@ = pointer to input message + * @mp *s@ = the signature, as a multiprecision integer + * @const void *m@ = pointer to message to verify, or null * @size_t sz@ = size of input message - * @dstr *d@ = pointer to output string - * @rsa_decodeproc e@ = decoding procedure + * @dstr *d@ = pointer to output string, or null + * @rsa_vfrunpad *e@ = decoding procedure * @void *earg@ = argument pointer for decoding procedure * - * Returns: The length of the output string if successful, negative on - * failure. + * Returns: The length of the output string if successful (0 if no output + * was wanted); negative on failure. * - * Use: Does RSA signature verification. + * Use: Does RSA signature verification. To use a signature scheme + * with recovery, pass in @m == 0@ and @d != 0@: the recovered + * message should appear in @d@. To use a signature scheme with + * appendix, provide @m != 0@ and @d == 0@; the result should be + * zero for success. */ -extern int rsa_verify(rsa_pubctx */*rp*/, const void */*m*/, size_t /*sz*/, - dstr */*d*/, rsa_decodeproc /*e*/, void */*earg*/); +extern int rsa_verify(rsa_pubctx */*rp*/, mp */*s*/, + const void */*m*/, size_t /*sz*/, dstr */*d*/, + rsa_vrfunpad */*e*/, void */*earg*/); /*----- Miscellaneous operations ------------------------------------------*/ @@ -350,6 +355,46 @@ extern int rsa_gen(rsa_priv */*rp*/, unsigned /*nbits*/, extern int rsa_recover(rsa_priv */*rp*/); +/*----- Padding schemes ---------------------------------------------------*/ + +/* --- PKCS1 padding --- */ + +typedef struct pkcs1 { + grand *r; /* Random number source */ + const void *ep; /* Encoding parameters block */ + size_t epsz; /* Size of the parameter block */ +} pkcs1; + +extern rsa_pad pkcs1_cryptencode; +extern rsa_decunpad pkcs1_cryptdecode; +extern rsa_pad pkcs1_sigencode; +extern rsa_vrfunpad pkcs1_sigdecode; + +/* --- OAEP --- */ + +typedef struct oaep { + const gccipher *cc; /* Cipher class for masking */ + const gchash *ch; /* Hash class for parameter block */ + grand *r; /* Random number source */ + const void *ep; /* Encoding parameters block */ + size_t epsz; /* Size of the parameter block */ +} oaep; + +extern rsa_pad oaep_encode; +extern rsa_decunpad oaep_decode; + +/* --- PSS --- */ + +typedef struct pss { + const gccipher *cc; /* Cipher class for masking */ + const gchash *ch; /* Hash class for choosing a seed */ + grand *r; /* Random number source */ + size_t ssz; /* Requested salt size */ +} pss; + +extern rsa_pad pss_encode; +extern rsa_vrfunpad pss_decode; + /*----- That's all, folks -------------------------------------------------*/ #ifdef __cplusplus diff --git a/rspit.c b/rspit.c index 831dde79..e9d5c297 100644 --- a/rspit.c +++ b/rspit.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: rspit.c,v 1.19 2001/06/16 23:42:17 mdw Exp $ + * $Id: rspit.c,v 1.20 2004/04/08 01:36:15 mdw Exp $ * * Spit out random numbers * @@ -27,75 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: rspit.c,v $ - * Revision 1.19 2001/06/16 23:42:17 mdw - * Typesetting fixes. - * - * Revision 1.18 2001/05/08 22:17:41 mdw - * New cipher Noekeon added. - * - * Revision 1.17 2001/05/07 17:33:19 mdw - * New Rijndael block sizes. - * - * Revision 1.16 2001/04/29 18:11:32 mdw - * New block ciphers. - * - * Revision 1.15 2001/04/19 18:26:13 mdw - * Use the new MAC keysize names. - * - * Revision 1.14 2001/02/21 20:03:22 mdw - * Added support for MD2 hash function. - * - * Revision 1.13 2000/12/06 20:33:27 mdw - * Make flags be macros rather than enumerations, to ensure that they're - * unsigned. - * - * Revision 1.12 2000/10/08 15:49:18 mdw - * Remove failed kludge for shutting up a warning. - * - * Revision 1.11 2000/10/08 12:10:32 mdw - * Make table have external linkage to bodge around deficiency in C. The - * problem is that @static gen generators[];@ is considered to be a - * `tentative definition', and therefore mustn't have incomplete type, - * which it obviously has. - * - * Revision 1.10 2000/08/11 21:34:59 mdw - * New restartable interface to Maurer testing. - * - * Revision 1.9 2000/08/04 23:24:15 mdw - * Add a timer and a discard option. - * - * Revision 1.8 2000/07/29 22:05:47 mdw - * Fix error in help message about Maurer test syntax. - * - * Revision 1.7 2000/07/18 23:01:26 mdw - * Improve progress indications, and allow user to choose chunk sizes for - * Maurer's test. - * - * Revision 1.6 2000/07/15 20:53:35 mdw - * Add a load of new ciphers and hashes. - * - * Revision 1.5 2000/07/01 11:27:03 mdw - * Portability fix: don't assume that `stdout' is a constant expression. - * Remove old type name `bbs_param'. - * - * Revision 1.4 2000/06/17 12:08:28 mdw - * Restructure handling of cipher-based generators. Add counter-mode - * ciphers and MGF-1 hash functions. Add FIPS 140-1 and Maurer's tests. - * - * Revision 1.3 2000/02/12 18:21:03 mdw - * Overhaul of key management (again). - * - * Revision 1.2 1999/12/22 15:59:51 mdw - * New prime-search system. Read BBS keys from key files. - * - * Revision 1.1 1999/12/10 23:29:13 mdw - * Emit random numbers for statistical tests. - * - */ - /*----- Header files ------------------------------------------------------*/ #include "config.h" diff --git a/safer-mktab.c b/safer-mktab.c index 783ef140..bfcaed62 100644 --- a/safer-mktab.c +++ b/safer-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: safer-mktab.c,v 1.1 2001/04/29 17:49:54 mdw Exp $ + * $Id: safer-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generate tables for SAFER * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: safer-mktab.c,v $ - * Revision 1.1 2001/04/29 17:49:54 mdw - * Added SAFER block cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/safer.c b/safer.c index 1c97eab7..4eaf34be 100644 --- a/safer.c +++ b/safer.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: safer.c,v 1.1 2001/04/29 17:37:35 mdw Exp $ + * $Id: safer.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The SAFER block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: safer.c,v $ - * Revision 1.1 2001/04/29 17:37:35 mdw - * Added SAFER block cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/safer.h b/safer.h index 8432befe..95b5b9ec 100644 --- a/safer.h +++ b/safer.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: safer.h,v 1.2 2001/04/29 18:11:38 mdw Exp $ + * $Id: safer.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The SAFER block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: safer.h,v $ - * Revision 1.2 2001/04/29 18:11:38 mdw - * Add some notes. - * - * Revision 1.1 2001/04/29 17:37:35 mdw - * Added SAFER block cipher. - * - */ - /*----- Notes on the SAFER block cipher -----------------------------------* * * SAFER was designed by James Massey (who also worked on IDEA) for Cylink. diff --git a/seal.c b/seal.c index 92901b12..b3e96a11 100644 --- a/seal.c +++ b/seal.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: seal.c,v 1.1 2000/06/17 12:08:34 mdw Exp $ + * $Id: seal.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The SEAL pseudo-random function family * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: seal.c,v $ - * Revision 1.1 2000/06/17 12:08:34 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/seal.h b/seal.h index 62f6db94..ed5d9f31 100644 --- a/seal.h +++ b/seal.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: seal.h,v 1.1 2000/06/17 12:08:34 mdw Exp $ + * $Id: seal.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The SEAL pseudo-random function family * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: seal.h,v $ - * Revision 1.1 2000/06/17 12:08:34 mdw - * New cipher. - * - */ - /*----- Notes on the SEAL pseudo-random function family -------------------* * * SEAL is a slightly odd cryptographic primitive. It was designed by Phil diff --git a/serpent-check.c b/serpent-check.c index 647beea2..9aac0f21 100644 --- a/serpent-check.c +++ b/serpent-check.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: serpent-check.c,v 1.1 2000/06/17 12:08:43 mdw Exp $ + * $Id: serpent-check.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Check the Serpent S-boxes * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: serpent-check.c,v $ - * Revision 1.1 2000/06/17 12:08:43 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/serpent-sbox.h b/serpent-sbox.h index 7285bb2a..27b6f934 100644 --- a/serpent-sbox.h +++ b/serpent-sbox.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: serpent-sbox.h,v 1.1 2000/06/17 12:08:43 mdw Exp $ + * $Id: serpent-sbox.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Bitslice S-box implementations * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: serpent-sbox.h,v $ - * Revision 1.1 2000/06/17 12:08:43 mdw - * New cipher. - * - */ - /*----- Credit where it's due ---------------------------------------------* * * These S-box expressions are taken from the paper `Speeding up Serpent', by diff --git a/serpent.c b/serpent.c index d04d65b9..75ceec8b 100644 --- a/serpent.c +++ b/serpent.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: serpent.c,v 1.1 2000/06/17 12:08:43 mdw Exp $ + * $Id: serpent.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Serpent block cipher * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: serpent.c,v $ - * Revision 1.1 2000/06/17 12:08:43 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/serpent.h b/serpent.h index 0e6ce1ca..02ea4de5 100644 --- a/serpent.h +++ b/serpent.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: serpent.h,v 1.2 2000/10/08 15:48:58 mdw Exp $ + * $Id: serpent.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Serpent block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: serpent.h,v $ - * Revision 1.2 2000/10/08 15:48:58 mdw - * Update comments now that AES has been chosen. - * - * Revision 1.1 2000/06/17 12:08:43 mdw - * New cipher. - * - */ - /*----- Notes on the Serpent block cipher ---------------------------------* * * Serpent was designed and proposed for the AES contest by Ross Anderson, diff --git a/sha.c b/sha.c index 918e6d37..02f51bcf 100644 --- a/sha.c +++ b/sha.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sha.c,v 1.3 2000/06/17 11:31:43 mdw Exp $ + * $Id: sha.c,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the SHA-1 hash function * @@ -27,20 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sha.c,v $ - * Revision 1.3 2000/06/17 11:31:43 mdw - * Portability fix for broken compilers. - * - * Revision 1.2 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/sha.h b/sha.h index 97003efe..fe924c74 100644 --- a/sha.h +++ b/sha.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sha.h,v 1.5 2000/10/15 19:09:20 mdw Exp $ + * $Id: sha.h,v 1.6 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the SHA-1 hash function * @@ -27,27 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sha.h,v $ - * Revision 1.5 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.4 2000/06/17 11:32:52 mdw - * Change buffer offset to be unsigned. - * - * Revision 1.3 1999/12/10 23:20:03 mdw - * New hash interface requirements. - * - * Revision 1.2 1999/11/19 13:20:08 mdw - * Modify notes section slightly. - * - * Revision 1.1 1999/09/03 08:41:12 mdw - * Initial import. - * - */ - /*----- Notes on the SHA-1 hash function ----------------------------------* * * SHA (Secure Hash Algorithm) was designed by the NSA, for use with the diff --git a/sha256.c b/sha256.c index 8ffc6891..74148b17 100644 --- a/sha256.c +++ b/sha256.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sha256.c,v 1.2 2004/03/21 22:43:34 mdw Exp $ + * $Id: sha256.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the SHA-256 hash function * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sha256.c,v $ - * Revision 1.2 2004/03/21 22:43:34 mdw - * New hash variant SHA224. - * - * Revision 1.1 2000/10/15 17:48:14 mdw - * New SHA variants with longer outputs. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/sha256.h b/sha256.h index ca6e18cb..c418118e 100644 --- a/sha256.h +++ b/sha256.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sha256.h,v 1.3 2004/03/21 22:43:34 mdw Exp $ + * $Id: sha256.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the SHA-256 hash function * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sha256.h,v $ - * Revision 1.3 2004/03/21 22:43:34 mdw - * New hash variant SHA224. - * - * Revision 1.2 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.1 2000/10/15 17:48:15 mdw - * New SHA variants with longer outputs. - * - */ - /*----- Notes on the SHA-256 hash function ----------------------------------* * * SHA-1 (Secure Hash Algorithm) was designed by the NSA, for use with the diff --git a/sha512.c b/sha512.c index e9b7254b..e913d67a 100644 --- a/sha512.c +++ b/sha512.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sha512.c,v 1.1 2000/10/15 17:48:15 mdw Exp $ + * $Id: sha512.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the SHA-512 hash function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sha512.c,v $ - * Revision 1.1 2000/10/15 17:48:15 mdw - * New SHA variants with longer outputs. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/sha512.h b/sha512.h index 0a695f9e..d2e35404 100644 --- a/sha512.h +++ b/sha512.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sha512.h,v 1.2 2000/10/15 19:09:20 mdw Exp $ + * $Id: sha512.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the SHA-512 hash function * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sha512.h,v $ - * Revision 1.2 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.1 2000/10/15 17:48:15 mdw - * New SHA variants with longer outputs. - * - */ - /*----- Notes on the SHA-512 hash function ----------------------------------* * * SHA-1 (Secure Hash Algorithm) was designed by the NSA, for use with the diff --git a/share.c b/share.c index d0fd0f5d..23d730c3 100644 --- a/share.c +++ b/share.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: share.c,v 1.6 2001/02/03 16:05:41 mdw Exp $ + * $Id: share.c,v 1.7 2004/04/08 01:36:15 mdw Exp $ * * Shamir's secret sharing * @@ -27,33 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: share.c,v $ - * Revision 1.6 2001/02/03 16:05:41 mdw - * Now @mp_drop@ checks its argument is non-NULL before attempting to free - * it. Note that the macro version @MP_DROP@ doesn't do this. - * - * Revision 1.5 2000/12/06 20:30:10 mdw - * Change secret sharing interface: present the secret at share - * construction time. - * - * Revision 1.4 2000/10/08 12:16:17 mdw - * Use @MP_EQ@ instead of @MP_CMP@. - * - * Revision 1.3 2000/06/24 18:29:05 mdw - * Interface change: allow shares to be extracted from a context on demand, - * rather than building them all up-front. - * - * Revision 1.2 2000/06/18 23:05:19 mdw - * Minor performance tweak: use Barrett reduction rather than Montgomery. - * Fast secret sharing isn't done here, though: see `gfshare' instead. - * - * Revision 1.1 2000/06/17 12:09:38 mdw - * Shamir's secret sharing system. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -280,7 +253,7 @@ mp *share_combine(share *s) m = mp_sub(m, &ii, &jj); m = mp_sub(m, s->p, m); } - mp_gcd(0, 0, &m, s->p, m); + m = mp_modinv(m, m, s->p); c = mp_mul(c, c, &jj); c = mpbarrett_reduce(&mb, c, c); c = mp_mul(c, c, m); diff --git a/share.h b/share.h index a875e067..9683c07c 100644 --- a/share.h +++ b/share.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: share.h,v 1.3 2000/12/06 20:30:10 mdw Exp $ + * $Id: share.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * Shamir's secret sharing * @@ -27,22 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: share.h,v $ - * Revision 1.3 2000/12/06 20:30:10 mdw - * Change secret sharing interface: present the secret at share - * construction time. - * - * Revision 1.2 2000/06/24 18:29:05 mdw - * Interface change: allow shares to be extracted from a context on demand, - * rather than building them all up-front. - * - * Revision 1.1 2000/06/17 12:09:38 mdw - * Shamir's secret sharing system. - * - */ - /*----- Notes on the sharing system ---------------------------------------* * * Shamir's secret-sharing system is based on polynomial interpolation modulo diff --git a/skipjack-tab.h b/skipjack-tab.h index ff357ac1..344b6f3e 100644 --- a/skipjack-tab.h +++ b/skipjack-tab.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: skipjack-tab.h,v 1.1 2000/07/27 18:08:34 mdw Exp $ + * $Id: skipjack-tab.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Skipjack S-box * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: skipjack-tab.h,v $ - * Revision 1.1 2000/07/27 18:08:34 mdw - * Skipjack S-box table - * - */ - #ifndef CATACOMB_SKIPJACK_TAB_H #define CATACOMB_SKIPJACK_TAB_H diff --git a/skipjack.c b/skipjack.c index f0a3f234..a4c65b55 100644 --- a/skipjack.c +++ b/skipjack.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: skipjack.c,v 1.4 2004/04/02 01:03:49 mdw Exp $ + * $Id: skipjack.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * The Skipjack block cipher * @@ -27,24 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: skipjack.c,v $ - * Revision 1.4 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.3 2000/08/01 00:28:34 mdw - * Performance improvement: read keys in as 32-bit words and deal them out - * byte-by-byte. - * - * Revision 1.2 2000/07/15 20:48:45 mdw - * Remove some useless tests in the G function. - * - * Revision 1.1 2000/07/15 15:39:33 mdw - * The NSA's Skipjack block cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/skipjack.h b/skipjack.h index 0740a698..25f8a284 100644 --- a/skipjack.h +++ b/skipjack.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: skipjack.h,v 1.2 2000/08/01 00:28:34 mdw Exp $ + * $Id: skipjack.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Skipjack block cipher * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: skipjack.h,v $ - * Revision 1.2 2000/08/01 00:28:34 mdw - * Performance improvement: read keys in as 32-bit words and deal them out - * byte-by-byte. - * - * Revision 1.1 2000/07/15 15:39:33 mdw - * The NSA's Skipjack block cipher. - * - */ - /*----- Notes on the Skipjack block cipher --------------------------------* * * Skipjack was designed by the NSA, as a type II algorithm to be used in the diff --git a/square-mktab.c b/square-mktab.c index a80acebf..ba2c539c 100644 --- a/square-mktab.c +++ b/square-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: square-mktab.c,v 1.2 2000/08/04 18:03:19 mdw Exp $ + * $Id: square-mktab.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Build precomputed tables for the Square block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: square-mktab.c,v $ - * Revision 1.2 2000/08/04 18:03:19 mdw - * Fix comment describing the field in which inversion is done. - * - * Revision 1.1 2000/07/27 18:10:27 mdw - * Build precomuted tables for Square. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/square.c b/square.c index c0b2d766..7bdcfd89 100644 --- a/square.c +++ b/square.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: square.c,v 1.2 2001/05/07 15:44:02 mdw Exp $ + * $Id: square.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Square block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: square.c,v $ - * Revision 1.2 2001/05/07 15:44:02 mdw - * Simplify implementation. - * - * Revision 1.1 2000/07/15 20:51:58 mdw - * New block cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/square.h b/square.h index 69565365..1ea86b72 100644 --- a/square.h +++ b/square.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: square.h,v 1.1 2000/07/15 20:51:58 mdw Exp $ + * $Id: square.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Square block cipher * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: square.h,v $ - * Revision 1.1 2000/07/15 20:51:58 mdw - * New block cipher. - * - * Revision 1.1 2000/06/17 11:56:07 mdw - * New cipher. - * - */ - /*----- Notes on the Square block cipher ----------------------------------* * * Invented by Joan Daemen and Vincent Rijmen, Square is a fast and diff --git a/sslprf.c b/sslprf.c index e9682e52..05f64d13 100644 --- a/sslprf.c +++ b/sslprf.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sslprf.c,v 1.1 2001/04/06 22:05:10 mdw Exp $ + * $Id: sslprf.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The SSL pseudo-random function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sslprf.c,v $ - * Revision 1.1 2001/04/06 22:05:10 mdw - * Add support for SSL pseudo-random function. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -66,24 +58,24 @@ static void step(sslprf_ctx *c) ghash *h, *hh; octet *p; - h = c->ci->init(); + h = GH_INIT(c->ci); x = 'A' + c->i - 1; for (sz = c->i++; sz > 0; sz -= n) { n = sz; if (n > sizeof(buf)) n = sizeof(buf); memset(buf, x, n); - h->ops->hash(h, buf, n); + GH_HASH(h, buf, n); } - h->ops->hash(h, c->k, c->ksz); - h->ops->hash(h, c->sd, c->sdsz); - p = h->ops->done(h, 0); + GH_HASH(h, c->k, c->ksz); + GH_HASH(h, c->sd, c->sdsz); + p = GH_DONE(h, 0); - hh = c->co->init(); - hh->ops->hash(hh, c->k, c->ksz); - hh->ops->hash(hh, p, c->ihashsz); - c->p = hh->ops->done(hh, 0); - h->ops->destroy(h); + hh = GH_INIT(c->co); + GH_HASH(hh, c->k, c->ksz); + GH_HASH(hh, p, c->ihashsz); + c->p = GH_DONE(hh, 0); + GH_DESTROY(h); c->h = hh; c->sz = c->ohashsz; @@ -138,7 +130,7 @@ void sslprf_encrypt(sslprf_ctx *c, const void *src, void *dest, size_t sz) while (sz) { if (!c->sz) { - c->h->ops->destroy(c->h); + GH_DESTROY(c->h); step(c); } n = c->sz; @@ -170,7 +162,7 @@ void sslprf_encrypt(sslprf_ctx *c, const void *src, void *dest, size_t sz) void sslprf_free(sslprf_ctx *c) { - c->h->ops->destroy(c->h); + GH_DESTROY(c->h); } /* --- Generic random number generator --- */ diff --git a/sslprf.h b/sslprf.h index a46bc0f6..ef7dcab4 100644 --- a/sslprf.h +++ b/sslprf.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: sslprf.h,v 1.1 2001/04/06 22:05:10 mdw Exp $ + * $Id: sslprf.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The SSL pseudo-random function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: sslprf.h,v $ - * Revision 1.1 2001/04/06 22:05:10 mdw - * Add support for SSL pseudo-random function. - * - */ - #ifndef CATACOMB_SSLPRF_H #define CATACOMB_SSLPRF_H diff --git a/strongprime.c b/strongprime.c index 019691fe..c1b43f48 100644 --- a/strongprime.c +++ b/strongprime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: strongprime.c,v 1.4 2000/07/01 11:24:52 mdw Exp $ + * $Id: strongprime.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Generate `strong' prime numbers * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: strongprime.c,v $ - * Revision 1.4 2000/07/01 11:24:52 mdw - * Remove old debugging code. - * - * Revision 1.3 2000/06/17 12:10:09 mdw - * Add some argument checking. Use MP secure memory interface. - * - * Revision 1.2 2000/02/12 18:21:03 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 15:51:22 mdw - * Find `strong' RSA primes using Gordon's algorithm. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/strongprime.h b/strongprime.h index 0b53a797..ba5a9a5b 100644 --- a/strongprime.h +++ b/strongprime.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: strongprime.h,v 1.2 2000/02/12 18:21:03 mdw Exp $ + * $Id: strongprime.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * Generate `strong' prime numbers * @@ -27,17 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: strongprime.h,v $ - * Revision 1.2 2000/02/12 18:21:03 mdw - * Overhaul of key management (again). - * - * Revision 1.1 1999/12/22 15:51:22 mdw - * Find `strong' RSA primes using Gordon's algorithm. - * - */ - #ifndef CATACOMB_STRONGPRIME_H #define CATACOMB_STRONGPRIME_H diff --git a/tea.c b/tea.c index 20433373..97e92c4c 100644 --- a/tea.c +++ b/tea.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tea.c,v 1.2 2000/07/29 09:56:47 mdw Exp $ + * $Id: tea.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Tiny Encryption Algorithm * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tea.c,v $ - * Revision 1.2 2000/07/29 09:56:47 mdw - * Allow the number of rounds to be configured. This isn't exported - * through the gcipher interface, but it may be useful anyway. - * - * Revision 1.1 2000/07/15 13:44:31 mdw - * New ciphers. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/tea.h b/tea.h index 38a8da14..a7da6787 100644 --- a/tea.h +++ b/tea.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tea.h,v 1.2 2000/07/29 09:56:47 mdw Exp $ + * $Id: tea.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Tiny Encryption Algorithm * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tea.h,v $ - * Revision 1.2 2000/07/29 09:56:47 mdw - * Allow the number of rounds to be configured. This isn't exported - * through the gcipher interface, but it may be useful anyway. - * - * Revision 1.1 2000/07/15 13:44:31 mdw - * New ciphers. - * - */ - /*----- Notes on the Tiny Encryption Algorithm ----------------------------* * * TEA is an amazingly simple 64-round Feistel network. It's tiny, fairly diff --git a/tests/Makefile.m4 b/tests/Makefile.m4 index f0ce9ea3..583e446d 100644 --- a/tests/Makefile.m4 +++ b/tests/Makefile.m4 @@ -1,6 +1,6 @@ ## -*-fundamental-*- ## -## $Id: Makefile.m4,v 1.2 2001/04/29 18:11:20 mdw Exp $ +## $Id: Makefile.m4,v 1.3 2004/04/08 01:36:15 mdw Exp $ ## ## Build test vector files ## @@ -26,16 +26,6 @@ ## Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, ## MA 02111-1307, USA. -##----- Revision history ---------------------------------------------------- -## -## $Log: Makefile.m4,v $ -## Revision 1.2 2001/04/29 18:11:20 mdw -## New block cipher MARS. -## -## Revision 1.1 2000/06/17 12:12:20 mdw -## Build mLib test vector files from the AES files. -## - AUTOMAKE_OPTIONS = foreign ## --- Building test rigs --- diff --git a/tests/gdsa b/tests/gdsa index 60a9f6fd..91e4f52b 100644 --- a/tests/gdsa +++ b/tests/gdsa @@ -1,4 +1,4 @@ -# $Id: gdsa,v 1.1 2004/04/04 19:42:59 mdw Exp $ +# $Id: gdsa,v 1.2 2004/04/08 01:36:16 mdw Exp $ # # Tests for abstract-group implementation of DSA @@ -53,6 +53,20 @@ sign { 0x12e2f4e865bf6e034712b4f2ba6f3c825452d6419 0x30e0d918fde3a33781f984b877f8501356b6fbae9; + "ec { secp160r1 }" sha + 0xaa374ffc3ce144e6b073307972cb6d57b2a4e982 + "abc" + 0x7b012db7681a3f28b9185c8b2ac5d528decd52da + 0xce2873e5be449563391feb47ddcba2dc16379191 + 0x3480ec1371a091a464b31ce47df0cb8aa2d98b54; + + "ec { sect163k1 }" sha + 0x3a41434aa99c2ef40c8495b2ed9739cb2155a1e0d + "abc" + 0xa40b301cc315c257d51d442234f5aff8189d2b6c + 0x994d2c41aa30e52952aea8462370471b2b0a34ac + 0x152f95ca15da1997a8c449e00cd2aa2accb988d7f; + "ec { nist-p256 }" sha256 0x7fb838a8a0a95046b9d9d9fb4440f7bbc1a7bd3b4e853fc92d4e1588719986aa "An example message" @@ -150,6 +164,22 @@ verify { 0x30e0d918fde3a33781f984b877f8501356b6fbae9 0; + "ec { secp160r1 }" sha + "0x51b4496fecc406ed0e75a24a3c03206251419dc0, + 0xc28dcb4b73a514b468d793894f381ccc1756aa6c" + "abc" + 0xce2873e5be449563391feb47ddcba2dc16379191 + 0x3480ec1371a091a464b31ce47df0cb8aa2d98b54 + 0; + + "ec { sect163k1 }" sha + "0x037d529fa37e42195f10111127ffb2bb38644806bc, + 0x0447026eee8b34157f3eb51be5185d2be0249ed776" + "abc" + 0x994d2c41aa30e52952aea8462370471b2b0a34ac + 0x152f95ca15da1997a8c449e00cd2aa2accb988d7f + 0; + "ec { nist-p256 }" sha256 "0xcc2aecbc5c5f6d72cd7b937279d72a732abcf880ea47e012ebec77ddbca6ed40, 0x90f99cd799abc0ea571d0e02bad80f8323050b1adbdbff50060b6e1e6ebd8611" diff --git a/tests/oaep b/tests/oaep deleted file mode 100644 index de1e3132..00000000 --- a/tests/oaep +++ /dev/null @@ -1,14 +0,0 @@ -# $Id: oaep,v 1.1 2000/07/15 10:03:30 mdw Exp $ -# -# Test vectors for OAEP encoding - -# --- From http://wwww.esat.kuleuven.ac.be/~bosselae/ripemd160.html --- - -oaep { - 54859b342c49ea2a "" aafd12f659cae63489b479e5076ddec2f06cb58f - 007dcfd33b1ca1107625a3fbd99075e7c8adc134bf3f5c201b7ad3e8b3ede0b48136002dd2ec034f04cda492db86973642dd59f018b0908a6504b4f845be3236; - 54859b342c49ea2a 3bf4c66f209e05f2a86eae213322fbf9252d6408 aafd12f659cae63489b479e5076ddec2f06cb58f - 0062732b7784ac93f3ed97ed1d89c7aedf1e98a21f171240b14fa63ee789e54e78fc34dc63650b0395cda492db86973642dd59f018b0908a6504b4f845be3236; - 54859b342c49ea2a 2771857832caf8f054940134a736233269f00d42 aafd12f659cae63489b479e5076ddec2f06cb58f - 00071c2309ec131348e4faeeb5a409135a9c728b72e42e655755cdca7764183c4872204bb51c9bbb2ecda492db86973642dd59f018b0908a6504b4f845be3236; -} diff --git a/tests/rsa b/tests/rsa new file mode 100644 index 00000000..314358ac --- /dev/null +++ b/tests/rsa @@ -0,0 +1,232 @@ +# $Id: rsa,v 1.1 2004/04/08 01:36:16 mdw Exp $ +# +# Test vectors for the completely mad RSA infrastructure tests + +p1sig-pad { + # nbits msg rc result eparam + 256 "616263" 0 + 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263 + "cc22cc"; + 129 "616263" 0 0x0001ffffffffffffffff00cc22cc616263 "cc22cc"; + 128 "616263" -1 0 "cc22cc"; +} + +p1sig-priv { + # n e d msg rc result eparam + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9 + "616263" 0 + 0xc484642d0e4dc4a4424d22410456dbdd9275b5c157d6974a66bee9aa02501c26 + "cc22cc"; + + 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff + 0x10001 + 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81 + "a9993e364706816aba3e25717850c26c9cd0d89d" 0 + 0x0f642606b7aaf99ff4bb5853c51e31a02c58d8c1c33f3c584d4edc58b08a16d5dc8064b6e198edcc4dc06666171a113619d7da16dfd96cebfdb5cc5050af6fab3d9f2ca8b8d6ece1d513fabc98a11fe37892fcf0827ea2e792427a69b3523504f46c55ed8af9a1c59687ca73c4baad7235a1a3faedec14f95ddfa8d0554739a8 + "3021300906052b0e03021a05000414"; +} + +p1vrf-pad { + # nbits sig msg rc result eparam + 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263 + "" 3 "616263" "cc22cc"; + 256 0x0101ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263 + "" -1 "" "cc22cc"; + 256 0x0002ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616263 + "" -1 "" "cc22cc"; + 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff01cc22cc616263 + "" -1 "" "cc22cc"; + 256 0x0001ffffffffffffffff00cc22ccffffffffffffffffffffff00cc22cc616263 + "" 18 "ffffffffffffffffffffff00cc22cc616263" "cc22cc"; + 256 0x0001ffffffffffffff00cc22ccffffffffffffffffffffffff00cc22cc616263 + "" -1 "" "cc22cc"; + 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc21cc616263 + "" -1 "" "cc22cc"; + 256 0x0001ffffffffffffffffffffffffffffffffffffffffffffff00cc22cc616262 + "" 3 "616262" "cc22cc"; + 129 0x0001ffffffffffffffff00cc22cc616263 "" 3 "616263" "cc22cc"; + 128 0x0001ffffffffffffff00cc22cc616263 "" -1 "" "cc22cc"; +} + +p1vrf-pub { + # n e sig msg rc result eparam + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0xc484642d0e4dc4a4424d22410456dbdd9275b5c157d6974a66bee9aa02501c26 + "" 3 "616263" "cc22cc"; + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0xc484642d0e4dc4a4424d22410456dbdd9275b5c157d6974a66bee9aa02501c26 + "616263" 0 "" "cc22cc"; + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0x27654c24f4ffefffc3bef7be8ae469db3069407702391eeb551ce9544621b63a + "" 18 "ffffffffffffffffffffff00cc22cc616263" "cc22cc"; + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0xd980f3047ab74bc4e7bb99eeb17fcc657f50ee26146b7f2a9f982ef2f44cba + "" -1 "" "cc22cc"; + + 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff + 0x10001 + 0x0f642606b7aaf99ff4bb5853c51e31a02c58d8c1c33f3c584d4edc58b08a16d5dc8064b6e198edcc4dc06666171a113619d7da16dfd96cebfdb5cc5050af6fab3d9f2ca8b8d6ece1d513fabc98a11fe37892fcf0827ea2e792427a69b3523504f46c55ed8af9a1c59687ca73c4baad7235a1a3faedec14f95ddfa8d0554739a8 + "" 20 "a9993e364706816aba3e25717850c26c9cd0d89d" + "3021300906052b0e03021a05000414"; +} + +p1enc-pad { + # nbits msg rc ct eparam + 256 "616263" 0 + 0x0002efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263 ""; + 105 "616263" 0 + 0x0002efbd98524ad6419b00616263 ""; + 104 "616263" -1 0 ""; +} + +p1enc-pub { + # n e msg rc ct eparam + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 "616263" 0 + 0x8f20a0fc778b7c55567f41c344d39bfcdaca04fd475f2290dc05c236585a68ca ""; + + 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff + 0x10001 + "616263" + 0 + 0xaf91f5abf4766348eaaff1e8e5561b10bc1e3b15b6dff221869389a70d371d649b6cf78c5444f5d03a9feac12d5741cbc340e09d112063b1486568fca7c59b4c90604f0b6243eccc18901afa9001fc5f669108ebc75d6713e28d4a081723184332d4fb2ca391e3247a76c85323e66352d60c0a6ce8240af6f0583058820b1e32 + ""; +} + +p1dec-pad { + # nbits msg rc pt eparam + 256 0x0002efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263 + 3 "616263" ""; + 105 0x0002efbd98524ad6419b00616263 + 3 "616263" ""; + 104 0x0002efbd98524ad64100616263 + -1 "" ""; + 256 0x0002efbdfc524ad6419b00537a59b42a4662918436d6e0e4804b6b1000616263 + 21 "537a59b42a4662918436d6e0e4804b6b1000616263" ""; + 256 0x0002efbdfc524ad6419b00537a59b42a4662918436d6e0e4804b6b1000616263 + 3 "616263" "537a59b42a4662918436d6e0e4804b6b1000"; + 256 0x0102efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263 + -1 "" ""; + 256 0x0001efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263 + -1 "" ""; + 256 0x0002efbdfc524ad6419b65537a59b42a4662918436d6e0e4804b6b1000616263 + 3 "616263" ""; + 256 0x0002efbdfc524ad6410065537a59b42a4662918436d6e0e4804b6b1000616263 + -1 "" ""; +} + +p1dec-priv { + # p e d msg rc pt eparam + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9 + 0x8f20a0fc778b7c55567f41c344d39bfcdaca04fd475f2290dc05c236585a68ca + 3 "616263" ""; + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9 + 0x19d6408010f0c2722b44cd4d5e006b6ffaa634aa225d727fa37c7c6ec29c5155 + 21 "537a59b42a4662918436d6e0e4804b6b1000616263" ""; + 0xccbd3b508e1ac2ed16f0f85adfec8d17ad525018307e613e0ee3aa4652b7ceb3 + 0x10001 + 0x1fd9da85ec2d8ea09abe8f2c7804916853ac1f05189b657af9b294f73c515bf9~ + 0x952aa4893cd2620e4942f449529ea2f7105b9d67e041a676259fb986bc507b7d + -1 "" ""; + + 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff + 0x10001 + 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81 + 0xaf91f5abf4766348eaaff1e8e5561b10bc1e3b15b6dff221869389a70d371d649b6cf78c5444f5d03a9feac12d5741cbc340e09d112063b1486568fca7c59b4c90604f0b6243eccc18901afa9001fc5f669108ebc75d6713e28d4a081723184332d4fb2ca391e3247a76c85323e66352d60c0a6ce8240af6f0583058820b1e32 + 3 "616263" ""; +} + +oaepenc-pad { + # nbits msg rc ct mgf hash eparam + 1024 "616263" 0 + 0x151709bd895ba510b5b3de3293c6de93adbb20cb065dcfbe3b2ca60aa39e458b30d14406eba05f0e479ddff40f554aba11da533c6d98df0321164c986807e8019c6918896817f37700a46c7fd71741a7692fcbd443952b67c32b838a576332b3bc1bab002fe3c941e9150d08b539908ef7f1901ac1246065c8520ac1beffed + sha-mgf sha ""; +} + +oaepdec-pad { + # nbits msg rc pt mgf hash eparam + 1024 + 0x151709bd895ba510b5b3de3293c6de93adbb20cb065dcfbe3b2ca60aa39e458b30d14406eba05f0e479ddff40f554aba11da533c6d98df0321164c986807e8019c6918896817f37700a46c7fd71741a7692fcbd443952b67c32b838a576332b3bc1bab002fe3c941e9150d08b539908ef7f1901ac1246065c8520ac1beffed + 3 "616263" sha-mgf sha ""; + 1024 + 0x151709bd895ba510b5b3de3293c6de93adbb20cb065dcfbe3b2ca60aa39e458b30d14406eba05f0e479ddff40f554aba11da533c6d98df0321164c986807e8019c6918896817f37700a46c7fd71741a7692fcbd443952b67c32b838a576332b3bc1bab002fe3c941e9150d08b539908ef7f1901ac1246065c8520ac1beffec + -1 "" sha-mgf sha ""; +} + +oaepenc-pub { + # n e msg rc ct mgf hash eparam + 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff + 0x10001 + "616263" + 0 + 0xa5c94083e56aeff3490a4abd63251b332a26cca0e521815af5d2915b2422fbc7e672c8e67c3dea8c355e0b999a1f8acc905cc4437a6ddc5a7d6f54489436bd24922f83d75629d2cb92a7963d010727ef8981c3c01971962f454e42d54996e74617022d7513505fef7b1f7d5dbdeccc4673594d01f943236e4439b3175c3f801b + sha-mgf sha ""; +} + +oaepdec-priv { + # n e d msg rc pt mgf hash eparam + 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff + 0x10001 + 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81 + 0x6ae9901c7c40104b38e10097bd42212afd437867ee4c72e7e81d7486b8721aeab493be40e3bd4335bef05c76bba1a2e30795e76fe04517d5f8fa87d16756002b061674594cb85c32b96c3a690e135d64923bd7551c45b6b89ebb89941377ce02d5c801feb33c20ebacf8dd6d6bd44d4f29bc2ff4dca35db52da545ef97733955 + 3 "616263" sha-mgf sha ""; + 0xb6dd0145ada7547bba5db3a35d34e612a8d73e93c33c720f4e4506428cacc6861b2143ed3a0683394fd94cfab8ab66a024161e9c9c1848d50627b3ac46de6d1b1d73ae7b5540b3df65c53aed9d4bdf1f86c8ddacfaf608823bb3d307d89d4c8bb11b5198f9851a519538787cd054ced98734daa2f7f2dc5b51c8c02ea8c362ff + 0x10001 + 0xbee578ae84da6a17c0369191b97bbfb33b0f7904488c9185e8efa5d953820abd7515051461beeabea9dcefbfcd8921598c528b2272d1e7367b7676db222091443944672d439fe4cc75f4f9f0594a0b19a8c634fc7f88d0f16e08ec9a95f1f0c3c03ad467a2d7db37428c145cd26b8796264de2f2209a3c09f54fa51de689b81 + 0x6ae9901c7c40104b38e10097bd42212afd437867ee4c72e7e81d7486b8721aeab493be40e3bd4335bef05c76bba1a2e30795e76fe04517d5f8fa87d16756002b061674594cb85c32b96c3a690e135d64923bd7551c45b6b89ebb89941377ce02d5c801feb33c20ebacf8dd6d6bd44d4f29bc2ff4dca35db52da545ef97733954 + -1 "" sha-mgf sha ""; +} + +psssig-pad { + # nbits msg rc result mgf hash saltsz + 256 "a9993e364706816aba3e25717850c26c9cd0d89d" 0 + 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc + sha-mgf sha 10; + 256 "a9993e364706816aba3e25717850c26c9cd0d89d" -1 + 0 sha-mgf sha 20; + 273 "a9993e364706816aba3e25717850c26c9cd0d89d" 0 + 0xb5c91e4c0c00aaaffba7d581011366f0477cf42d9b98fddf692f3d14f9b8a168e4bc + sha-mgf sha 10; +} + +pssvrf-pad { + # nbits sig msg rc result mgf hash saltsz + 256 + 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc + "a9993e364706816aba3e25717850c26c9cd0d89d" 0 "" sha-mgf sha 10; + 256 + 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc + "a9993e364706816aba3e25717850c26c9cd0d89e" -1 "" sha-mgf sha 10; + 256 + 0x3426a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bd + "a9993e364706816aba3e25717850c26c9cd0d89d" -1 "" sha-mgf sha 10; + 256 + 0x3526a2a3e34a2ea4b6831d1366f0477cf42d9b98fddf692f3d14f9b8a168e4bc + "a9993e364706816aba3e25717850c26c9cd0d89d" -1 "" sha-mgf sha 10; +} + +psssig-priv { + 0x6af87c8c97ae0c7668bc361ff1c358198309c80cd8a74a6d9d9cc846ea63ede9 + 0x10001 + 0x30ec4a0a5854d733a5ddc3e3584469f0a7d4b1f0cb38b8cfb04483c68b77a01 + "a9993e364706816aba3e25717850c26c9cd0d89d" 0 + 0x2b484543397da31ca7aaf774c4b19acd69eb8bc230b6d98a2ae10798793bd53f + sha-mgf sha 10; +} + +pssvrf-pub { + 0x6af87c8c97ae0c7668bc361ff1c358198309c80cd8a74a6d9d9cc846ea63ede9 + 0x10001 + 0x2b484543397da31ca7aaf774c4b19acd69eb8bc230b6d98a2ae10798793bd53f + "a9993e364706816aba3e25717850c26c9cd0d89d" 0 "" sha-mgf sha 10; +} diff --git a/tiger-base.h b/tiger-base.h index affd4dcf..117affbc 100644 --- a/tiger-base.h +++ b/tiger-base.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tiger-base.h,v 1.1 2000/07/15 10:02:43 mdw Exp $ + * $Id: tiger-base.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Common definitions for the Tiger hash function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tiger-base.h,v $ - * Revision 1.1 2000/07/15 10:02:43 mdw - * Anderson and Biham's Tiger hash function added. - * - */ - #ifndef CATACOMB_TIGER_BASE_H #define CATACOMB_TIGER_BASE_H diff --git a/tiger-mktab.c b/tiger-mktab.c index c7b27e5d..2281b146 100644 --- a/tiger-mktab.c +++ b/tiger-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tiger-mktab.c,v 1.1 2000/07/15 10:02:43 mdw Exp $ + * $Id: tiger-mktab.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * Generate S-boxes for the Tiger hash function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tiger-mktab.c,v $ - * Revision 1.1 2000/07/15 10:02:43 mdw - * Anderson and Biham's Tiger hash function added. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/tiger.c b/tiger.c index fb75937e..66d6dd1d 100644 --- a/tiger.c +++ b/tiger.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tiger.c,v 1.1 2000/07/15 10:02:43 mdw Exp $ + * $Id: tiger.c,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The Tiger hash function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tiger.c,v $ - * Revision 1.1 2000/07/15 10:02:43 mdw - * Anderson and Biham's Tiger hash function added. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/tiger.h b/tiger.h index ece7c86d..e5f7389d 100644 --- a/tiger.h +++ b/tiger.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tiger.h,v 1.2 2000/10/15 19:09:20 mdw Exp $ + * $Id: tiger.h,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Tiger hash function * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tiger.h,v $ - * Revision 1.2 2000/10/15 19:09:20 mdw - * Support HMAC mode for hash functions which need to store more state than - * the hash output size. - * - * Revision 1.1 2000/07/15 10:02:43 mdw - * Anderson and Biham's Tiger hash function added. - * - */ - /*----- Notes on the Tiger hash function ----------------------------------* * * Tiger was designed by Eli Biham and Ross Anderson to be an efficient and diff --git a/tlsprf.c b/tlsprf.c index d45eb43f..dafc2475 100644 --- a/tlsprf.c +++ b/tlsprf.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tlsprf.c,v 1.2 2001/04/06 22:05:53 mdw Exp $ + * $Id: tlsprf.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The TLS pseudo-random function * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tlsprf.c,v $ - * Revision 1.2 2001/04/06 22:05:53 mdw - * Change dummy names in grand objects so that they say what sort of thing - * they are. - * - * Revision 1.1 2001/04/04 20:10:52 mdw - * Add support for the TLS pseudo-random function. - * - */ - /*----- Header files ------------------------------------------------------*/ #include @@ -70,16 +58,16 @@ void tlsdx_init(tlsdx_ctx *c, gmac *m, const void *sd, size_t sdsz) { c->k = m; - c->hashsz = c->k->ops->c->hashsz; + c->hashsz = GM_CLASS(c->k)->hashsz; c->sd = sd; c->sdsz = sdsz; - c->i = c->k->ops->init(c->k); - c->i->ops->hash(c->i, sd, sdsz); - c->ai = c->i->ops->done(c->i, 0); - c->o = c->k->ops->init(c->k); - c->o->ops->hash(c->o, c->ai, c->hashsz); - c->o->ops->hash(c->o, sd, sdsz); - c->p = c->o->ops->done(c->o, 0); + c->i = GM_INIT(c->k); + GH_HASH(c->i, sd, sdsz); + c->ai = GH_DONE(c->i, 0); + c->o = GM_INIT(c->k); + GH_HASH(c->o, c->ai, c->hashsz); + GH_HASH(c->o, sd, sdsz); + c->p = GH_DONE(c->o, 0); c->sz = c->hashsz; } @@ -111,16 +99,16 @@ void tlsdx_encrypt(tlsdx_ctx *c, const void *src, void *dest, size_t sz) if (c->sz) n = c->sz; else { - h = c->k->ops->init(c->k); - h->ops->hash(h, c->ai, c->hashsz); - c->ai = h->ops->done(h, 0); - c->i->ops->destroy(c->i); + h = GM_INIT(c->k); + GH_HASH(h, c->ai, c->hashsz); + c->ai = GH_DONE(h, 0); + GH_DESTROY(c->i); c->i = h; - c->o->ops->destroy(c->o); - h = c->o = c->k->ops->init(c->k); - h->ops->hash(h, c->ai, c->hashsz); - h->ops->hash(h, c->sd, c->sdsz); - c->p = h->ops->done(h, 0); + GH_DESTROY(c->o); + h = c->o = GM_INIT(c->k); + GH_HASH(h, c->ai, c->hashsz); + GH_HASH(h, c->sd, c->sdsz); + c->p = GH_DONE(h, 0); c->sz = n = c->hashsz; } if (n > sz) @@ -151,8 +139,8 @@ void tlsdx_encrypt(tlsdx_ctx *c, const void *src, void *dest, size_t sz) void tlsdx_free(tlsdx_ctx *c) { - c->i->ops->destroy(c->i); - c->o->ops->destroy(c->o); + GH_DESTROY(c->i); + GH_DESTROY(c->o); } /* --- Generic random number generator --- */ @@ -284,7 +272,7 @@ grand *tlsdx_rand(const gcmac *mc, const void *k, size_t ksz, { dx_grctx *g = S_CREATE(dx_grctx); dstr d = DSTR_INIT; - gmac *m = mc->key(k, ksz); + gmac *m = GM_KEY(mc, k, ksz); octet *q = xmalloc(sdsz); memcpy(q, sd, sdsz); dstr_putf(&d, "tlsdx(%s)", mc->name); diff --git a/tlsprf.h b/tlsprf.h index 1868fbdf..f625cdb4 100644 --- a/tlsprf.h +++ b/tlsprf.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: tlsprf.h,v 1.1 2001/04/04 20:10:52 mdw Exp $ + * $Id: tlsprf.h,v 1.2 2004/04/08 01:36:15 mdw Exp $ * * The TLS pseudo-random function * @@ -27,14 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: tlsprf.h,v $ - * Revision 1.1 2001/04/04 20:10:52 mdw - * Add support for the TLS pseudo-random function. - * - */ - #ifndef CATACOMB_TLSPRF_H #define CATACOMB_TLSPRF_H diff --git a/twofish-mktab.c b/twofish-mktab.c index 35f60494..4acbf730 100644 --- a/twofish-mktab.c +++ b/twofish-mktab.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: twofish-mktab.c,v 1.4 2000/10/08 12:08:10 mdw Exp $ + * $Id: twofish-mktab.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Build constant tables for Twofish * @@ -27,25 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: twofish-mktab.c,v $ - * Revision 1.4 2000/10/08 12:08:10 mdw - * Escape literal newlines in output string. - * - * Revision 1.3 2000/06/26 17:14:42 mdw - * (rslog): Ensure that log(1) = 0 (not 255, as previously). While the two - * are strictly equivalent, it means that the exp table is larger than it - * otherwise needs to be. - * - * Revision 1.2 2000/06/18 23:12:15 mdw - * Change typesetting of Galois Field names. - * - * Revision 1.1 2000/06/17 12:10:17 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/twofish.c b/twofish.c index 6f79963c..e70ad127 100644 --- a/twofish.c +++ b/twofish.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: twofish.c,v 1.4 2004/04/02 01:03:49 mdw Exp $ + * $Id: twofish.c,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * Implementation of the Twofish cipher * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: twofish.c,v $ - * Revision 1.4 2004/04/02 01:03:49 mdw - * Miscellaneous constification. - * - * Revision 1.3 2002/01/13 13:37:59 mdw - * Add support for Twofish family keys. - * - * Revision 1.2 2000/06/22 18:58:00 mdw - * Twofish can handle keys with any byte-aligned size. - * - * Revision 1.1 2000/06/17 12:10:17 mdw - * New cipher. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/twofish.h b/twofish.h index 79c697b6..0f475699 100644 --- a/twofish.h +++ b/twofish.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: twofish.h,v 1.4 2002/01/13 13:37:59 mdw Exp $ + * $Id: twofish.h,v 1.5 2004/04/08 01:36:15 mdw Exp $ * * The Twofish block cipher * @@ -27,23 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: twofish.h,v $ - * Revision 1.4 2002/01/13 13:37:59 mdw - * Add support for Twofish family keys. - * - * Revision 1.3 2001/04/29 18:12:43 mdw - * Fix formatting. - * - * Revision 1.2 2000/10/08 15:48:58 mdw - * Update comments now that AES has been chosen. - * - * Revision 1.1 2000/06/17 12:10:17 mdw - * New cipher. - * - */ - /*----- Notes on the Twofish block cipher ---------------------------------* * * Twofish was designed by Bruce Schneier, John Kelsey, Doug Whiting, David diff --git a/xtea.c b/xtea.c index 32702fee..4f0ac578 100644 --- a/xtea.c +++ b/xtea.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: xtea.c,v 1.2 2000/07/29 09:56:47 mdw Exp $ + * $Id: xtea.c,v 1.3 2004/04/08 01:36:15 mdw Exp $ * * The Extended Tiny Encryption Algorithm * @@ -27,18 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: xtea.c,v $ - * Revision 1.2 2000/07/29 09:56:47 mdw - * Allow the number of rounds to be configured. This isn't exported - * through the gcipher interface, but it may be useful anyway. - * - * Revision 1.1 2000/07/15 13:44:31 mdw - * New ciphers. - * - */ - /*----- Header files ------------------------------------------------------*/ #include diff --git a/xtea.h b/xtea.h index af6c3a0b..fa2bffb1 100644 --- a/xtea.h +++ b/xtea.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: xtea.h,v 1.3 2000/07/29 09:56:47 mdw Exp $ + * $Id: xtea.h,v 1.4 2004/04/08 01:36:15 mdw Exp $ * * The Extended Tiny Encryption Algorithm * @@ -27,21 +27,6 @@ * MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: xtea.h,v $ - * Revision 1.3 2000/07/29 09:56:47 mdw - * Allow the number of rounds to be configured. This isn't exported - * through the gcipher interface, but it may be useful anyway. - * - * Revision 1.2 2000/07/15 13:47:14 mdw - * Whoops. Fix the purpose comment. - * - * Revision 1.1 2000/07/15 13:44:31 mdw - * New ciphers. - * - */ - /*----- Notes on the Tiny Encryption Algorithm ----------------------------* * * XTEA is an amazingly simple 64-round Feistel network. It's tiny, fairly -- 2.11.0