diff --git a/crypto/sm2/miracl/mralloc.c b/crypto/sm2/miracl/mralloc.c deleted file mode 100644 index f3855ad5..00000000 --- a/crypto/sm2/miracl/mralloc.c +++ /dev/null @@ -1,85 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL memory allocation routines - * mralloc.c - * - * MIRACL C Memory allocation/deallocation - * Can be replaced with special user-defined routines - * Default is to standard system routines - * - * NOTE: uses calloc() which initialises memory to Zero, so make sure - * any substituted routine does the same! - */ - -#include -#include - -#ifndef MR_STATIC - -miracl *mr_first_alloc() -{ - return (miracl *)calloc(1,sizeof(miracl)); -} - -void *mr_alloc(_MIPD_ int num,int size) -{ - char *p; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (mr_mip==NULL) - { - p=(char *)calloc(num,size); - return (void *)p; - } - - if (mr_mip->ERNUM) return NULL; - - p=(char *)calloc(num,size); - if (p==NULL) mr_berror(_MIPP_ MR_ERR_OUT_OF_MEMORY); - return (void *)p; - -} - -void mr_free(void *addr) -{ - if (addr==NULL) return; - free(addr); - return; -} - -#endif diff --git a/crypto/sm2/miracl/mrarth0.c b/crypto/sm2/miracl/mrarth0.c deleted file mode 100644 index 2016a1d4..00000000 --- a/crypto/sm2/miracl/mrarth0.c +++ /dev/null @@ -1,320 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL arithmetic routines 0 - Add and subtract routines - * mrarth0.c - * - */ -#include - -void mr_padd(_MIPD_ big x,big y,big z) -{ /* add two big numbers, z=x+y where * - * x and y are positive */ - int i,lx,ly,lz,la; - mr_small carry,psum; - mr_small *gx,*gy,*gz; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - lx = (int)x->len; - ly = (int)y->len; - - if (ly>lx) - { - lz=ly; - la=lx; - if (x!=z) copy(y,z); - else la=ly; - } - else - { - lz=lx; - la=ly; - if (y!=z) copy(x,z); - else la=lx; - } - carry=0; - z->len=lz; - gx=x->w; gy=y->w; gz=z->w; - if (lznib || !mr_mip->check) z->len++; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif - for (i=0;igx[i]) carry=0; - else if (psum0;i++ ) - { /* add by columns to the length of larger number (if there is a carry) */ - psum=gx[i]+gy[i]+carry; - if (psum>gx[i]) carry=0; - else if (psumcheck && i>=mr_mip->nib) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - return; - } - gz[i]=carry; - } -#ifndef MR_SIMPLE_BASE - } - else - { - for (i=0;i=mr_mip->base) - { /* set carry */ - carry=1; - psum-=mr_mip->base; - } - gz[i]=psum; - } - for (;i0;i++) - { - psum=gx[i]+gy[i]+carry; - carry=0; - if (psum>=mr_mip->base) - { /* set carry */ - carry=1; - psum-=mr_mip->base; - } - gz[i]=psum; - } - if (carry) - { /* carry left over - possible overflow */ - if (mr_mip->check && i>=mr_mip->nib) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - return; - } - gz[i]=carry; - } - } -#endif - if (gz[z->len-1]==0) z->len--; - -} - -void mr_psub(_MIPD_ big x,big y,big z) -{ /* subtract two big numbers z=x-y * - * where x and y are positive and x>y */ - int i,lx,ly; - mr_small borrow,pdiff; - mr_small *gx,*gy,*gz; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - lx = (int)x->len; - ly = (int)y->len; - if (ly>lx) - { - mr_berror(_MIPP_ MR_ERR_NEG_RESULT); - return; - } - if (y!=z) copy(x,z); - else ly=lx; - z->len=lx; - gx=x->w; gy=y->w; gz=z->w; - borrow=0; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif - for (i=0;i0;i++) - { /* subtract by columns */ - if (i>lx) - { - mr_berror(_MIPP_ MR_ERR_NEG_RESULT); - return; - } - pdiff=gx[i]-gy[i]-borrow; - if (pdiffgx[i]) borrow=1; - gz[i]=pdiff; - } -#ifndef MR_SIMPLE_BASE - } - else for (i=0;i0;i++) - { /* subtract by columns */ - if (i>lx) - { - mr_berror(_MIPP_ MR_ERR_NEG_RESULT); - return; - } - pdiff=gy[i]+borrow; - borrow=0; - if (gx[i]>=pdiff) pdiff=gx[i]-pdiff; - else - { /* set borrow */ - pdiff=mr_mip->base+gx[i]-pdiff; - borrow=1; - } - gz[i]=pdiff; - } -#endif - mr_lzero(z); -} - -static void mr_select(_MIPD_ big x,int d,big y,big z) -{ /* perform required add or subtract operation */ - int sx,sy,sz,jf,xgty; -#ifdef MR_FLASH - if (mr_notint(x) || mr_notint(y)) - { - mr_berror(_MIPP_ MR_ERR_INT_OP); - return; - } -#endif - sx=exsign(x); - sy=exsign(y); - sz=0; - x->len&=MR_OBITS; /* force operands to be positive */ - y->len&=MR_OBITS; - xgty=mr_compare(x,y); - jf=(1+sx)+(1+d*sy)/2; - switch (jf) - { /* branch according to signs of operands */ - case 0: - if (xgty>=0) - mr_padd(_MIPP_ x,y,z); - else - mr_padd(_MIPP_ y,x,z); - sz=MINUS; - break; - case 1: - if (xgty<=0) - { - mr_psub(_MIPP_ y,x,z); - sz=PLUS; - } - else - { - mr_psub(_MIPP_ x,y,z); - sz=MINUS; - } - break; - case 2: - if (xgty>=0) - { - mr_psub(_MIPP_ x,y,z); - sz=PLUS; - } - else - { - mr_psub(_MIPP_ y,x,z); - sz=MINUS; - } - break; - case 3: - if (xgty>=0) - mr_padd(_MIPP_ x,y,z); - else - mr_padd(_MIPP_ y,x,z); - sz=PLUS; - break; - } - if (sz<0) z->len^=MR_MSBIT; /* set sign of result */ - if (x!=z && sx<0) x->len^=MR_MSBIT; /* restore signs to operands */ - if (y!=z && y!=x && sy<0) y->len^=MR_MSBIT; -} - -void add(_MIPD_ big x,big y,big z) -{ /* add two signed big numbers together z=x+y */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(27) - - mr_select(_MIPP_ x,PLUS,y,z); - - MR_OUT -} - -void subtract(_MIPD_ big x,big y,big z) -{ /* subtract two big signed numbers z=x-y */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(28) - - mr_select(_MIPP_ x,MINUS,y,z); - - MR_OUT -} - -void incr(_MIPD_ big x,int n,big z) -{ /* add int to big number: z=x+n */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(7) - - convert(_MIPP_ n,mr_mip->w0); - mr_select(_MIPP_ x,PLUS,mr_mip->w0,z); - - MR_OUT -} - -void decr(_MIPD_ big x,int n,big z) -{ /* subtract int from big number: z=x-n */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(8) - - convert(_MIPP_ n,mr_mip->w0); - mr_select(_MIPP_ x,MINUS,mr_mip->w0,z); - - MR_OUT -} - diff --git a/crypto/sm2/miracl/mrarth1.c b/crypto/sm2/miracl/mrarth1.c deleted file mode 100644 index f43b798a..00000000 --- a/crypto/sm2/miracl/mrarth1.c +++ /dev/null @@ -1,1068 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ - -/* - * - * MIRACL arithmetic routines 1 - multiplying and dividing BIG NUMBERS by - * integer numbers. - * mrarth1.c - * - */ - -#include - -#ifdef MR_FP -#include -#endif - -#ifdef MR_WIN64 -#include -#endif - -#ifdef MR_FP_ROUNDING -#ifdef __GNUC__ -#include -#endif - -/* Invert n and set FP rounding. - * Set to round up - * Calculate 1/n - * set to round down (towards zero) - * If rounding cannot be controlled, this function returns 0.0 */ - -mr_large mr_invert(mr_small n) -{ - mr_large inn; - int up= 0x1BFF; - -#ifdef _MSC_VER - #ifdef MR_NOASM -#define NO_EXTENDED - #endif -#endif - -#ifdef NO_EXTENDED - int down=0x1EFF; -#else - int down=0x1FFF; -#endif - -#ifdef __TURBOC__ - asm - { - fldcw WORD PTR up - fld1 - fld QWORD PTR n; - fdiv - fstp TBYTE PTR inn; - fldcw WORD PTR down; - } - return inn; -#endif -#ifdef _MSC_VER - _asm - { - fldcw WORD PTR up - fld1 - fld QWORD PTR n; - fdiv - fstp QWORD PTR inn; - fldcw WORD PTR down; - } - return inn; -#endif -#ifdef __GNUC__ -#ifdef i386 - __asm__ __volatile__ ( - "fldcw %2\n" - "fld1\n" - "fldl %1\n" - "fdivrp\n" - "fstpt %0\n" - "fldcw %3\n" - : "=m"(inn) - : "m"(n),"m"(up),"m"(down) - : "memory" - ); - return inn; -#else - fpsetround(FP_RP); - inn=(mr_large)1.0/n; - fpsetround(FP_RZ); - return inn; -#endif -#endif - return 0.0L; -} - -#endif - -void mr_pmul(_MIPD_ big x,mr_small sn,big z) -{ - int m,xl; - mr_lentype sx; - mr_small carry,*xg,*zg; - -#ifdef MR_ITANIUM - mr_small tm; -#endif -#ifdef MR_WIN64 - mr_small tm; -#endif -#ifdef MR_NOASM - union doubleword dble; - mr_large dbled; - mr_large ldres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (x!=z) - { - zero(z); - if (sn==0) return; - } - else if (sn==0) - { - zero(z); - return; - } - m=0; - carry=0; - sx=x->len&MR_MSBIT; - xl=(int)(x->len&MR_OBITS); - -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH - xg=x->w; zg=z->w; -/* inline 8086 assembly - substitutes for loop below */ -#ifdef INLINE_ASM -#if INLINE_ASM == 1 - ASM cld - ASM mov cx,xl - ASM or cx,cx - ASM je out1 -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les di,DWORD PTR zg - ASM lds si,DWORD PTR xg -#else - ASM mov ax,ds - ASM mov es,ax - ASM mov di,zg - ASM mov si,xg -#endif - ASM mov bx,sn - ASM push bp - ASM xor bp,bp - tcl1: - ASM lodsw - ASM mul bx - ASM add ax,bp - ASM adc dx,0 - ASM stosw - ASM mov bp,dx - ASM loop tcl1 - - ASM mov ax,bp - ASM pop bp -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif - ASM mov carry,ax - out1: -#endif -#if INLINE_ASM == 2 - ASM cld - ASM mov cx,xl - ASM or cx,cx - ASM je out1 -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les di,DWORD PTR zg - ASM lds si,DWORD PTR xg -#else - ASM mov ax,ds - ASM mov es,ax - ASM mov di,zg - ASM mov si,xg -#endif - ASM mov ebx,sn - ASM push ebp - ASM xor ebp,ebp - tcl1: - ASM lodsd - ASM mul ebx - ASM add eax,ebp - ASM adc edx,0 - ASM stosd - ASM mov ebp,edx - ASM loop tcl1 - - ASM mov eax,ebp - ASM pop ebp -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif - ASM mov carry,eax - out1: -#endif -#if INLINE_ASM == 3 - ASM mov ecx,xl - ASM or ecx,ecx - ASM je out1 - ASM mov ebx,sn - ASM mov edi,zg - ASM mov esi,xg - ASM push ebp - ASM xor ebp,ebp - tcl1: - ASM mov eax,[esi] - ASM add esi,4 - ASM mul ebx - ASM add eax,ebp - ASM adc edx,0 - ASM mov [edi],eax - ASM add edi,4 - ASM mov ebp,edx - ASM dec ecx - ASM jnz tcl1 - - ASM mov eax,ebp - ASM pop ebp - ASM mov carry,eax - out1: -#endif -#if INLINE_ASM == 4 - - ASM ( - "movl %4,%%ecx\n" - "orl %%ecx,%%ecx\n" - "je 1f\n" - "movl %3,%%ebx\n" - "movl %1,%%edi\n" - "movl %2,%%esi\n" - "pushl %%ebp\n" - "xorl %%ebp,%%ebp\n" - "0:\n" - "movl (%%esi),%%eax\n" - "addl $4,%%esi\n" - "mull %%ebx\n" - "addl %%ebp,%%eax\n" - "adcl $0,%%edx\n" - "movl %%eax,(%%edi)\n" - "addl $4,%%edi\n" - "movl %%edx,%%ebp\n" - "decl %%ecx\n" - "jnz 0b\n" - - "movl %%ebp,%%eax\n" - "popl %%ebp\n" - "movl %%eax,%0\n" - "1:" - :"=m"(carry) - :"m"(zg),"m"(xg),"m"(sn),"m"(xl) - :"eax","edi","esi","ebx","ecx","edx","memory" - ); - -#endif -#endif -#ifndef INLINE_ASM - for (m=0;mw[m]*sn+carry; - carry=dble.h[MR_TOP]; - z->w[m]=dble.h[MR_BOT]; - } -#else - carry=muldvd(x->w[m],sn,carry,&z->w[m]); -#endif -#endif - if (carry>0) - { - m=xl; - if (m>=mr_mip->nib && mr_mip->check) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - return; - } - z->w[m]=carry; - z->len=m+1; - } - else z->len=xl; -#endif -#ifndef MR_SIMPLE_BASE - } - else while (m0) - { /* multiply each digit of x by n */ - - if (m>mr_mip->nib && mr_mip->check) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - return; - } -#ifdef MR_NOASM - dbled=(mr_large)x->w[m]*sn+carry; - #ifdef MR_FP_ROUNDING - carry=(mr_small)MR_LROUND(dbled*mr_mip->inverse_base); - #else - #ifndef MR_FP - if (mr_mip->base==mr_mip->base2) - carry=(mr_small)(dbled>>mr_mip->lg2b); - else - #endif - carry=(mr_small)MR_LROUND(dbled/mr_mip->base); - #endif - z->w[m]=(mr_small)(dbled-(mr_large)carry*mr_mip->base); -#else - #ifdef MR_FP_ROUNDING - carry=imuldiv(x->w[m],sn,carry,mr_mip->base,mr_mip->inverse_base,&z->w[m]); - #else - carry=muldiv(x->w[m],sn,carry,mr_mip->base,&z->w[m]); - #endif -#endif - - m++; - z->len=m; - } -#endif - if (z->len!=0) z->len|=sx; -} - -void premult(_MIPD_ big x,int n,big z) -{ /* premultiply a big number by an int z=x.n */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(9) - - -#ifdef MR_FLASH - if (mr_notint(x)) - { - mr_berror(_MIPP_ MR_ERR_INT_OP); - MR_OUT - return; - } -#endif - if (n==0) /* test for some special cases */ - { - zero(z); - MR_OUT - return; - } - if (n==1) - { - copy(x,z); - MR_OUT - return; - } - if (n<0) - { - n=(-n); - mr_pmul(_MIPP_ x,(mr_small)n,z); - if (z->len!=0) z->len^=MR_MSBIT; - } - else mr_pmul(_MIPP_ x,(mr_small)n,z); - MR_OUT -} - -#ifdef MR_FP_ROUNDING -mr_small mr_sdiv(_MIPD_ big x,mr_small sn,mr_large isn,big z) -#else -mr_small mr_sdiv(_MIPD_ big x,mr_small sn,big z) -#endif -{ - int i,xl; - mr_small sr,*xg,*zg; -#ifdef MR_NOASM - union doubleword dble; - mr_large dbled; - mr_large ldres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - sr=0; - xl=(int)(x->len&MR_OBITS); - if (x!=z) zero(z); -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH - xg=x->w; zg=z->w; -/* inline - substitutes for loop below */ -#ifdef INLINE_ASM -#if INLINE_ASM == 1 - ASM std - ASM mov cx,xl - ASM or cx,cx - ASM je out2 - ASM mov bx,cx - ASM shl bx,1 - ASM sub bx,2 -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les di,DWORD PTR zg - ASM lds si,DWORD PTR xg -#else - ASM mov ax,ds - ASM mov es,ax - ASM mov di,zg - ASM mov si,xg -#endif - ASM add si,bx - ASM add di,bx - ASM mov bx,sn - ASM push bp - ASM xor bp,bp - tcl2: - ASM mov dx,bp - ASM lodsw - ASM div bx - ASM mov bp,dx - ASM stosw - ASM loop tcl2 - - ASM mov ax,bp - ASM pop bp -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif - ASM mov sr,ax - out2: - ASM cld -#endif -#if INLINE_ASM == 2 - ASM std - ASM mov cx,xl - ASM or cx,cx - ASM je out2 - ASM mov bx,cx - ASM shl bx,2 - ASM sub bx,4 -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les di,DWORD PTR zg - ASM lds si,DWORD PTR xg -#else - ASM mov ax,ds - ASM mov es,ax - ASM mov di, zg - ASM mov si, xg -#endif - ASM add si,bx - ASM add di,bx - ASM mov ebx,sn - ASM push ebp - ASM xor ebp,ebp - tcl2: - ASM mov edx,ebp - ASM lodsd - ASM div ebx - ASM mov ebp,edx - ASM stosd - ASM loop tcl2 - - ASM mov eax,ebp - ASM pop ebp -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif - ASM mov sr,eax - out2: - ASM cld -#endif -#if INLINE_ASM == 3 - ASM mov ecx,xl - ASM or ecx,ecx - ASM je out2 - ASM mov ebx,ecx - ASM shl ebx,2 - ASM mov esi, xg - ASM add esi,ebx - ASM mov edi, zg - ASM add edi,ebx - ASM mov ebx,sn - ASM push ebp - ASM xor ebp,ebp - tcl2: - ASM sub esi,4 - ASM mov edx,ebp - ASM mov eax,[esi] - ASM div ebx - ASM sub edi,4 - ASM mov ebp,edx - ASM mov [edi],eax - ASM dec ecx - ASM jnz tcl2 - - ASM mov eax,ebp - ASM pop ebp - ASM mov sr,eax - out2: - ASM nop -#endif -#if INLINE_ASM == 4 - - ASM ( - "movl %4,%%ecx\n" - "orl %%ecx,%%ecx\n" - "je 3f\n" - "movl %%ecx,%%ebx\n" - "shll $2,%%ebx\n" - "movl %2,%%esi\n" - "addl %%ebx,%%esi\n" - "movl %1,%%edi\n" - "addl %%ebx,%%edi\n" - "movl %3,%%ebx\n" - "pushl %%ebp\n" - "xorl %%ebp,%%ebp\n" - "2:\n" - "subl $4,%%esi\n" - "movl %%ebp,%%edx\n" - "movl (%%esi),%%eax\n" - "divl %%ebx\n" - "subl $4,%%edi\n" - "movl %%edx,%%ebp\n" - "movl %%eax,(%%edi)\n" - "decl %%ecx\n" - "jnz 2b\n" - - "movl %%ebp,%%eax\n" - "popl %%ebp\n" - "movl %%eax,%0\n" - "3:" - "nop" - :"=m"(sr) - :"m"(zg),"m"(xg),"m"(sn),"m"(xl) - :"eax","edi","esi","ebx","ecx","edx","memory" - ); -#endif -#endif -#ifndef INLINE_ASM - for (i=xl-1;i>=0;i--) - { -#ifdef MR_NOASM - dble.h[MR_BOT]=x->w[i]; - dble.h[MR_TOP]=sr; - z->w[i]=(mr_small)(dble.d/sn); - sr=(mr_small)(dble.d-(mr_large)z->w[i]*sn); -#else - z->w[i]=muldvm(sr,x->w[i],sn,&sr); -#endif - } -#endif -#endif -#ifndef MR_SIMPLE_BASE - } - else for (i=xl-1;i>=0;i--) - { /* divide each digit of x by n */ -#ifdef MR_NOASM - dbled=(mr_large)sr*mr_mip->base+x->w[i]; -#ifdef MR_FP_ROUNDING - z->w[i]=(mr_small)MR_LROUND(dbled*isn); -#else - z->w[i]=(mr_small)MR_LROUND(dbled/sn); -#endif - sr=(mr_small)(dbled-(mr_large)z->w[i]*sn); -#else -#ifdef MR_FP_ROUNDING - z->w[i]=imuldiv(sr,mr_mip->base,x->w[i],sn,isn,&sr); -#else - z->w[i]=muldiv(sr,mr_mip->base,x->w[i],sn,&sr); -#endif -#endif - } -#endif - z->len=x->len; - mr_lzero(z); - return sr; -} - -int subdiv(_MIPD_ big x,int n,big z) -{ /* subdivide a big number by an int z=x/n * - * returns int remainder */ - mr_lentype sx; -#ifdef MR_FP_ROUNDING - mr_large in; -#endif - int r,i,msb; - mr_small lsb; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return 0; - - MR_IN(10) -#ifdef MR_FLASH - if (mr_notint(x)) mr_berror(_MIPP_ MR_ERR_INT_OP); -#endif - if (n==0) mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO); - if (mr_mip->ERNUM) - { - MR_OUT - return 0; - } - - if (x->len==0) - { - zero(z); - MR_OUT - return 0; - } - if (n==1) /* special case */ - { - copy(x,z); - MR_OUT - return 0; - } - sx=(x->len&MR_MSBIT); - if (n==2 && mr_mip->base==0) - { /* fast division by 2 using shifting */ -#ifndef MR_NOFULLWIDTH - -/* I don't want this code upsetting the compiler ... */ -/* mr_mip->base==0 can't happen with MR_NOFULLWIDTH */ - - copy(x,z); - msb=(int)(z->len&MR_OBITS)-1; - r=(int)z->w[0]&1; - for (i=0;;i++) - { - z->w[i]>>=1; - if (i==msb) - { - if (z->w[i]==0) mr_lzero(z); - break; - } - lsb=z->w[i+1]&1; - z->w[i]|=(lsb<<(MIRACL-1)); - } - - MR_OUT - if (sx==0) return r; - else return (-r); -#endif - } - -#ifdef MR_FP_ROUNDING - in=mr_invert(n); -#endif - if (n<0) - { - n=(-n); -#ifdef MR_FP_ROUNDING - r=(int)mr_sdiv(_MIPP_ x,(mr_small)n,in,z); -#else - r=(int)mr_sdiv(_MIPP_ x,(mr_small)n,z); -#endif - if (z->len!=0) z->len^=MR_MSBIT; - } -#ifdef MR_FP_ROUNDING - else r=(int)mr_sdiv(_MIPP_ x,(mr_small)n,in,z); -#else - else r=(int)mr_sdiv(_MIPP_ x,(mr_small)n,z); -#endif - MR_OUT - if (sx==0) return r; - else return (-r); -} - -int remain(_MIPD_ big x,int n) -{ /* return integer remainder when x divided by n */ - int r; - mr_lentype sx; -#ifdef MR_FP - mr_small dres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - MR_IN(88); - - sx=(x->len&MR_MSBIT); - - if (n==2 && MR_REMAIN(mr_mip->base,2)==0) - { /* fast odd/even check if base is even */ - MR_OUT - if ((int)MR_REMAIN(x->w[0],2)==0) return 0; - else - { - if (sx==0) return 1; - else return (-1); - } - } - if (n==8 && MR_REMAIN(mr_mip->base,8)==0) - { /* fast check */ - MR_OUT - r=(int)MR_REMAIN(x->w[0],8); - if (sx!=0) r=-r; - return r; - } - - copy(x,mr_mip->w0); - r=subdiv(_MIPP_ mr_mip->w0,n,mr_mip->w0); - MR_OUT - return r; -} - -BOOL subdivisible(_MIPD_ big x,int n) -{ - if (remain(_MIPP_ x,n)==0) return TRUE; - else return FALSE; -} - -int hamming(_MIPD_ big x) -{ - int h; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return 0; - MR_IN(148); - h=0; - copy(x,mr_mip->w1); - absol(mr_mip->w1,mr_mip->w1); - while (size(mr_mip->w1)!=0) - h+=subdiv(_MIPP_ mr_mip->w1,2,mr_mip->w1); - - MR_OUT - return h; -} - -void bytes_to_big(_MIPD_ int len,const char *ptr,big x) -{ /* convert len bytes into a big * - * The first byte is the Most significant */ - int i,j,m,n,r; - unsigned int dig; - unsigned char ch; - mr_small wrd; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - MR_IN(140); - - zero(x); - - if (len<=0) - { - MR_OUT - return; - } -/* remove leading zeros.. */ - - while (*ptr==0) - { - ptr++; len--; - if (len==0) - { - MR_OUT - return; - } - } - -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { /* pack bytes directly into big */ -#endif -#ifndef MR_NOFULLWIDTH - m=MIRACL/8; - n=len/m; - - r=len%m; - wrd=(mr_small)0; - if (r!=0) - { - n++; - for (j=0;jlen=n; - if (n>mr_mip->nib && mr_mip->check) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - MR_OUT - return; - } - if (r!=0) - { - n--; - x->w[n]=wrd; - } - - for (i=n-1;i>=0;i--) - { - for (j=0;jw[i]=wrd; - } - mr_lzero(x); /* needed */ -#endif -#ifndef MR_SIMPLE_BASE - } - else - { - for (i=0;iERNUM) break; -#if MIRACL==8 - mr_shift(_MIPP_ x,1,x); -#else - premult(_MIPP_ x,256,x); -#endif - ch=MR_TOBYTE(ptr[i]); - dig=ch; - incr(_MIPP_ x,(int)dig,x); - } - } -#endif - MR_OUT -} - -int big_to_bytes(_MIPD_ int max,big x,char *ptr,BOOL justify) -{ /* convert positive big into octet string */ - int i,j,r,m,n,len,start; - unsigned int dig; - unsigned char ch; - mr_small wrd; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM || max<0) return 0; - - if (max==0 && justify) return 0; - if (size(x)==0) - { - if (justify) - { - for (i=0;ibase==0) - { -#endif -#ifndef MR_NOFULLWIDTH - m=MIRACL/8; - n=(int)(x->len&MR_OBITS); - n--; - len=n*m; - wrd=x->w[n]; /* most significant */ - r=0; - while (wrd!=(mr_small)0) { r++; wrd>>=8; len++;} - r%=m; - - if (max>0 && len>max) - { - mr_berror(_MIPP_ MR_ERR_TOO_BIG); - MR_OUT - return 0; - } - - if (justify) - { - start=max-len; - for (i=0;iw[n--]; - for (i=r-1;i>=0;i--) - { - ptr[start+i]=(char)(wrd&0xFF); - wrd>>=8; - } - } - - for (i=r;iw[n--]; - for (j=m-1;j>=0;j--) - { - ptr[start+i+j]=(char)(wrd&0xFF); - wrd>>=8; - } - } -#endif -#ifndef MR_SIMPLE_BASE - } - else - { - copy(x,mr_mip->w1); - for (len=0;;len++) - { - if (mr_mip->ERNUM) break; - - if (size(mr_mip->w1)==0) - { - if (justify) - { - if (len==max) break; - } - else break; - } - - if (max>0 && len>=max) - { - mr_berror(_MIPP_ MR_ERR_TOO_BIG); - MR_OUT - return 0; - } -#if MIRACL==8 - ch=mr_mip->w1->w[0]; - mr_shift(_MIPP_ mr_mip->w1,-1,mr_mip->w1); -#else - dig=(unsigned int)subdiv(_MIPP_ mr_mip->w1,256,mr_mip->w1); - ch=MR_TOBYTE(dig); -#endif - for (i=len;i>0;i--) ptr[i]=ptr[i-1]; - ptr[0]=MR_TOBYTE(ch); - } - } -#endif - MR_OUT - if (justify) return max; - else return len; -} - -#ifndef MR_NO_ECC_MULTIADD - -/* Solinas's Joint Sparse Form */ - -void mr_jsf(_MIPD_ big k0,big k1,big u0p,big u0m,big u1p,big u1m) -{ - int j,u0,u1,d0,d1,l0,l1; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(191) - - d0=d1=0; - - convert(_MIPP_ 1,mr_mip->w1); - copy(k0,mr_mip->w2); - copy(k1,mr_mip->w3); - zero(u0p); zero(u0m); zero(u1p); zero(u1m); - - j=0; - while (!mr_mip->ERNUM) - { - if (size(mr_mip->w2)==0 && d0==0 && size(mr_mip->w3)==0 && d1==0) break; - l0=remain(_MIPP_ mr_mip->w2,8); - l0=(l0+d0)&0x7; - l1=remain(_MIPP_ mr_mip->w3,8); - l1=(l1+d1)&0x7; - - if (l0%2==0) u0=0; - else - { - u0=2-(l0%4); - if ((l0==3 || l0==5) && l1%4==2) u0=-u0; - } - if (l1%2==0) u1=0; - else - { - u1=2-(l1%4); - if ((l1==3 || l1==5) && l0%4==2) u1=-u1; - } -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - if (u0>0) mr_addbit(_MIPP_ u0p,j); - if (u0<0) mr_addbit(_MIPP_ u0m,j); - if (u1>0) mr_addbit(_MIPP_ u1p,j); - if (u1<0) mr_addbit(_MIPP_ u1m,j); - -#ifndef MR_ALWAYS_BINARY - } - else - { - if (u0>0) add(_MIPP_ u0p,mr_mip->w1,u0p); - if (u0<0) add(_MIPP_ u0m,mr_mip->w1,u0m); - if (u1>0) add(_MIPP_ u1p,mr_mip->w1,u1p); - if (u1<0) add(_MIPP_ u1m,mr_mip->w1,u1m); - } -#endif - - if (d0+d0==1+u0) d0=1-d0; - if (d1+d1==1+u1) d1=1-d1; - - subdiv(_MIPP_ mr_mip->w2,2,mr_mip->w2); - subdiv(_MIPP_ mr_mip->w3,2,mr_mip->w3); - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) -#endif - j++; -#ifndef MR_ALWAYS_BINARY - else - premult(_MIPP_ mr_mip->w1,2,mr_mip->w1); -#endif - } - MR_OUT - return; -} - -#endif diff --git a/crypto/sm2/miracl/mrarth2.c b/crypto/sm2/miracl/mrarth2.c deleted file mode 100644 index 6daed161..00000000 --- a/crypto/sm2/miracl/mrarth2.c +++ /dev/null @@ -1,1584 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL arithmetic routines 2 - multiplying and dividing BIG NUMBERS. - * mrarth2.c - * - */ - -#include - -#ifdef MR_FP -#include -#endif - -#ifdef MR_WIN64 -#include -#endif - - -/* If a number has more than this number of digits, then squaring is faster */ - -#define SQR_FASTER_THRESHOLD 5 - -mr_small normalise(_MIPD_ big x,big y) -{ /* normalise divisor */ - mr_small norm,r; -#ifdef MR_FP - mr_small dres; -#endif - int len; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - MR_IN(4) - - if (x!=y) copy(x,y); - len=(int)(y->len&MR_OBITS); -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH - if ((r=y->w[len-1]+1)==0) norm=1; -#ifdef MR_NOASM - else norm=(mr_small)(((mr_large)1 << MIRACL)/r); -#else - else norm=muldvm((mr_small)1,(mr_small)0,r,&r); -#endif - if (norm!=1) mr_pmul(_MIPP_ y,norm,y); -#endif -#ifndef MR_SIMPLE_BASE - } - else - { - norm=MR_DIV(mr_mip->base,(mr_small)(y->w[len-1]+1)); - if (norm!=1) mr_pmul(_MIPP_ y,norm,y); - } -#endif - MR_OUT - return norm; -} - -void multiply(_MIPD_ big x,big y,big z) -{ /* multiply two big numbers: z=x.y */ - int i,xl,yl,j,ti; - mr_small carry,*xg,*yg,*w0g; - -#ifdef MR_ITANIUM - mr_small tm; -#endif -#ifdef MR_WIN64 - mr_small tm,tr; -#endif - mr_lentype sz; - big w0; -#ifdef MR_NOASM - union doubleword dble; - mr_large dbled; - mr_large ldres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - if (y->len==0 || x->len==0) - { - zero(z); - return; - } - if (x!=mr_mip->w5 && y!=mr_mip->w5 && z==mr_mip->w5) w0=mr_mip->w5; - else w0=mr_mip->w0; /* local pointer */ - - MR_IN(5) - -#ifdef MR_FLASH - if (mr_notint(x) || mr_notint(y)) - { - mr_berror(_MIPP_ MR_ERR_INT_OP); - MR_OUT - return; - } -#endif - sz=((x->len&MR_MSBIT)^(y->len&MR_MSBIT)); - xl=(int)(x->len&MR_OBITS); - yl=(int)(y->len&MR_OBITS); - zero(w0); - if (mr_mip->check && xl+yl>mr_mip->nib) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - MR_OUT - return; - } -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH - xg=x->w; yg=y->w; w0g=w0->w; - if (x==y && xl>SQR_FASTER_THRESHOLD) - /* extra hassle make it not */ - /* worth it for small numbers */ - { /* fast squaring */ - for (i=0;iw[i]*x->w[j]+carry+w0->w[i+j]; - w0->w[i+j]=dble.h[MR_BOT]; - carry=dble.h[MR_TOP]; -#else - muldvd2(x->w[i],x->w[j],&carry,&w0->w[i+j]); -#endif - } - w0->w[xl+i]=carry; -#endif - } -#ifdef INLINE_ASM -#if INLINE_ASM == 1 - ASM mov cx,xl - ASM shl cx,1 -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les bx,DWORD PTR w0g -#else - ASM mov bx,w0g -#endif - tcl5: -#ifdef MR_LMM - ASM rcl WORD PTR es:[bx],1 -#else - ASM rcl WORD PTR [bx],1 -#endif - ASM inc bx - ASM inc bx - ASM loop tcl5 - - ASM cld - ASM mov cx,xl -#ifdef MR_LMM - ASM les di,DWORD PTR w0g - ASM lds si,DWORD PTR xg -#else - ASM mov di,w0g - ASM mov si,xg -#endif - - ASM xor bx,bx - tcl7: - ASM lodsw - ASM mul ax - ASM add ax,bx - ASM adc dx,0 -#ifdef MR_LMM - ASM add es:[di],ax -#else - ASM add [di],ax -#endif - ASM adc dx,0 - ASM xor bx,bx - ASM inc di - ASM inc di -#ifdef MR_LMM - ASM add es:[di],dx -#else - ASM add [di],dx -#endif - ASM adc bx,0 - ASM inc di - ASM inc di - ASM loop tcl7 -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif -#endif -#if INLINE_ASM == 2 - ASM mov cx,xl - ASM shl cx,1 -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les bx,DWORD PTR w0g -#else - ASM mov bx,w0g -#endif - tcl5: -#ifdef MR_LMM - ASM rcl DWORD PTR es:[bx],1 -#else - ASM rcl DWORD PTR [bx],1 -#endif - ASM inc bx - ASM inc bx - ASM inc bx - ASM inc bx - ASM loop tcl5 - - ASM cld - ASM mov cx,xl -#ifdef MR_LMM - ASM les di,DWORD PTR w0g - ASM lds si,DWORD PTR xg -#else - ASM mov di,w0g - ASM mov si,xg -#endif - ASM xor ebx,ebx - tcl7: - ASM lodsd - ASM mul eax - ASM add eax,ebx - ASM adc edx,0 -#ifdef MR_LMM - ASM add es:[di],eax -#else - ASM add [di],eax -#endif - ASM adc edx,0 - ASM xor ebx,ebx - ASM add di,4 -#ifdef MR_LMM - ASM add es:[di],edx -#else - ASM add [di],edx -#endif - ASM adc ebx,0 - ASM add di,4 - ASM loop tcl7 -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif -#endif -#if INLINE_ASM == 3 - ASM mov ecx,xl - ASM shl ecx,1 - ASM mov edi,w0g - tcl5: - ASM rcl DWORD PTR [edi],1 - ASM inc edi - ASM inc edi - ASM inc edi - ASM inc edi - ASM loop tcl5 - - ASM mov ecx,xl - ASM mov esi,xg - ASM mov edi,w0g - ASM xor ebx,ebx - tcl7: - ASM mov eax,[esi] - ASM add esi,4 - ASM mul eax - ASM add eax,ebx - ASM adc edx,0 - ASM add [edi],eax - ASM adc edx,0 - ASM xor ebx,ebx - ASM add edi,4 - ASM add [edi],edx - ASM adc ebx,0 - ASM add edi,4 - ASM dec ecx - ASM jnz tcl7 -#endif -#if INLINE_ASM == 4 - ASM ( - "movl %0,%%ecx\n" - "shll $1,%%ecx\n" - "movl %1,%%edi\n" - "tcl5:\n" - "rcll $1,(%%edi)\n" - "incl %%edi\n" - "incl %%edi\n" - "incl %%edi\n" - "incl %%edi\n" - "loop tcl5\n" - - "movl %0,%%ecx\n" - "movl %2,%%esi\n" - "movl %1,%%edi\n" - "xorl %%ebx,%%ebx\n" - "tcl7:\n" - "movl (%%esi),%%eax\n" - "addl $4,%%esi\n" - "mull %%eax\n" - "addl %%ebx,%%eax\n" - "adcl $0,%%edx\n" - "addl %%eax,(%%edi)\n" - "adcl $0,%%edx\n" - "xorl %%ebx,%%ebx\n" - "addl $4,%%edi\n" - "addl %%edx,(%%edi)\n" - "adcl $0,%%ebx\n" - "addl $4,%%edi\n" - "decl %%ecx\n" - "jnz tcl7\n" - : - :"m"(xl),"m"(w0g),"m"(xg) - :"eax","edi","esi","ebx","ecx","edx","memory" - ); -#endif -#endif -#ifndef INLINE_ASM - w0->len=xl+xl-1; - mr_padd(_MIPP_ w0,w0,w0); /* double it */ - carry=0; - for (i=0;iw[i]*x->w[i]+carry+w0->w[ti]; - w0->w[ti]=dble.h[MR_BOT]; - carry=dble.h[MR_TOP]; -#else - muldvd2(x->w[i],x->w[i],&carry,&w0->w[ti]); -#endif - w0->w[ti+1]+=carry; - if (w0->w[ti+1]w[i]*y->w[j]+carry+w0->w[i+j]; - w0->w[i+j]=dble.h[MR_BOT]; - carry=dble.h[MR_TOP]; -#else - muldvd2(x->w[i],y->w[j],&carry,&w0->w[i+j]); -#endif - } - w0->w[yl+i]=carry; -#endif - } -#endif -#ifndef MR_SIMPLE_BASE - } - else - { - if (x==y && xl>SQR_FASTER_THRESHOLD) - { /* squaring can be done nearly twice as fast */ - for (i=0;iw[i]*x->w[j]+w0->w[i+j]+carry; - #ifdef MR_FP_ROUNDING - carry=(mr_small)MR_LROUND(dbled*mr_mip->inverse_base); - #else - #ifndef MR_FP - if (mr_mip->base==mr_mip->base2) - carry=(mr_small)(dbled>>mr_mip->lg2b); - else - #endif - carry=(mr_small)MR_LROUND(dbled/mr_mip->base); - #endif - w0->w[i+j]=(mr_small)(dbled-(mr_large)carry*mr_mip->base); -#else - - #ifdef MR_FP_ROUNDING - carry=imuldiv(x->w[i],x->w[j],w0->w[i+j]+carry,mr_mip->base,mr_mip->inverse_base,&w0->w[i+j]); - #else - carry=muldiv(x->w[i],x->w[j],w0->w[i+j]+carry,mr_mip->base,&w0->w[i+j]); - #endif -#endif - } - w0->w[xl+i]=carry; - } - w0->len=xl+xl-1; - mr_padd(_MIPP_ w0,w0,w0); /* double it */ - carry=0; - for (i=0;iw[i]*x->w[i]+w0->w[ti]+carry; -#ifdef MR_FP_ROUNDING - carry=(mr_small)MR_LROUND(dbled*mr_mip->inverse_base); -#else -#ifndef MR_FP - if (mr_mip->base==mr_mip->base2) - carry=(mr_small)(dbled>>mr_mip->lg2b); - else -#endif - carry=(mr_small)MR_LROUND(dbled/mr_mip->base); -#endif - w0->w[ti]=(mr_small)(dbled-(mr_large)carry*mr_mip->base); -#else - -#ifdef MR_FP_ROUNDING - carry=imuldiv(x->w[i],x->w[i],w0->w[ti]+carry,mr_mip->base,mr_mip->inverse_base,&w0->w[ti]); -#else - carry=muldiv(x->w[i],x->w[i],w0->w[ti]+carry,mr_mip->base,&w0->w[ti]); -#endif - -#endif - w0->w[ti+1]+=carry; - carry=0; - if (w0->w[ti+1]>=mr_mip->base) - { - carry=1; - w0->w[ti+1]-=mr_mip->base; - } - } - } - else for (i=0;iw[i]*y->w[j]+w0->w[i+j]+carry; - -#ifdef MR_FP_ROUNDING - carry=(mr_small)MR_LROUND(dbled*mr_mip->inverse_base); -#else -#ifndef MR_FP - if (mr_mip->base==mr_mip->base2) - carry=(mr_small)(dbled>>mr_mip->lg2b); - else -#endif - carry=(mr_small)MR_LROUND(dbled/mr_mip->base); -#endif - w0->w[i+j]=(mr_small)(dbled-(mr_large)carry*mr_mip->base); -#else - -#ifdef MR_FP_ROUNDING - carry=imuldiv(x->w[i],y->w[j],w0->w[i+j]+carry,mr_mip->base,mr_mip->inverse_base,&w0->w[i+j]); -#else - carry=muldiv(x->w[i],y->w[j],w0->w[i+j]+carry,mr_mip->base,&w0->w[i+j]); -#endif - -#endif - } - w0->w[yl+i]=carry; - } - } -#endif - w0->len=(sz|(xl+yl)); /* set length and sign of result */ - - mr_lzero(w0); - copy(w0,z); - MR_OUT -} - -void divide(_MIPD_ big x,big y,big z) -{ /* divide two big numbers z=x/y : x=x mod y * - * returns quotient only if divide(x,y,x) * - * returns remainder only if divide(x,y,y) */ - mr_small carry,attemp,ldy,sdy,ra,r,d,tst,psum; -#ifdef MR_FP - mr_small dres; -#endif - mr_lentype sx,sy,sz; - mr_small borrow,dig,*w0g,*yg; - int i,k,m,x0,y0,w00; - big w0; - -#ifdef MR_ITANIUM - mr_small tm; -#endif -#ifdef MR_WIN64 - mr_small tm; -#endif -#ifdef MR_NOASM - union doubleword dble; - mr_large dbled; - mr_large ldres; -#endif - BOOL check; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - w0=mr_mip->w0; - - MR_IN(6) - - if (x==y) mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS); -#ifdef MR_FLASH - if (mr_notint(x) || mr_notint(y)) mr_berror(_MIPP_ MR_ERR_INT_OP); -#endif - if (y->len==0) mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO); - if (mr_mip->ERNUM) - { - MR_OUT - return; - } - sx=(x->len&MR_MSBIT); /* extract signs ... */ - sy=(y->len&MR_MSBIT); - sz=(sx^sy); - x->len&=MR_OBITS; /* ... and force operands to positive */ - y->len&=MR_OBITS; - x0=(int)x->len; - y0=(int)y->len; - copy(x,w0); - w00=(int)w0->len; - if (mr_mip->check && (w00-y0+1>mr_mip->nib)) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - MR_OUT - return; - } - d=0; - if (x0==y0) - { - if (x0==1) /* special case - x and y are both mr_smalls */ - { - d=MR_DIV(w0->w[0],y->w[0]); - w0->w[0]=MR_REMAIN(w0->w[0],y->w[0]); - mr_lzero(w0); - } - else if (MR_DIV(w0->w[x0-1],4)w[x0-1]) - while (mr_compare(w0,y)>=0) - { /* mr_small quotient - so do up to four subtracts instead */ - mr_psub(_MIPP_ w0,y,w0); - d++; - } - } - if (mr_compare(w0,y)<0) - { /* x less than y - so x becomes remainder */ - if (x!=z) /* testing parameters */ - { - copy(w0,x); - if (x->len!=0) x->len|=sx; - } - if (y!=z) - { - zero(z); - z->w[0]=d; - if (d>0) z->len=(sz|1); - } - y->len|=sy; - MR_OUT - return; - } - - if (y0==1) - { /* y is int - so use subdiv instead */ -#ifdef MR_FP_ROUNDING - r=mr_sdiv(_MIPP_ w0,y->w[0],mr_invert(y->w[0]),w0); -#else - r=mr_sdiv(_MIPP_ w0,y->w[0],w0); -#endif - if (y!=z) - { - copy(w0,z); - z->len|=sz; - } - if (x!=z) - { - zero(x); - x->w[0]=r; - if (r>0) x->len=(sx|1); - } - y->len|=sy; - MR_OUT - return; - } - if (y!=z) zero(z); - d=normalise(_MIPP_ y,y); - check=mr_mip->check; - mr_mip->check=OFF; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH - if (d!=1) mr_pmul(_MIPP_ w0,d,w0); - ldy=y->w[y0-1]; - sdy=y->w[y0-2]; - w0g=w0->w; yg=y->w; - for (k=w00-1;k>=y0-1;k--) - { /* long division */ -#ifdef INLINE_ASM -#if INLINE_ASM == 1 -#ifdef MR_LMM - ASM push ds - ASM lds bx,DWORD PTR w0g -#else - ASM mov bx,w0g -#endif - ASM mov si,k - ASM shl si,1 - ASM add bx,si - ASM mov dx,[bx+2] - ASM mov ax,[bx] - ASM cmp dx,ldy - ASM jne tcl8 - ASM mov di,0xffff - ASM mov si,ax - ASM add si,ldy - ASM jc tcl12 - ASM jmp tcl10 - tcl8: - ASM div WORD PTR ldy - ASM mov di,ax - ASM mov si,dx - tcl10: - ASM mov ax,sdy - ASM mul di - ASM cmp dx,si - ASM jb tcl12 - ASM jne tcl11 - ASM cmp ax,[bx-2] - ASM jbe tcl12 - tcl11: - ASM dec di - ASM add si,ldy - ASM jnc tcl10 - tcl12: - ASM mov attemp,di -#ifdef MR_LMM - ASM pop ds -#endif -#endif -/* NOTE push and pop of esi/edi should not be necessary - Borland C bug * - * These pushes are needed here even if register variables are disabled */ -#if INLINE_ASM == 2 - ASM push esi - ASM push edi -#ifdef MR_LMM - ASM push ds - ASM lds bx,DWORD PTR w0g -#else - ASM mov bx,w0g -#endif - ASM mov si,k - ASM shl si,2 - ASM add bx,si - ASM mov edx,[bx+4] - ASM mov eax,[bx] - ASM cmp edx,ldy - ASM jne tcl8 - ASM mov edi,0xffffffff - ASM mov esi,eax - ASM add esi,ldy - ASM jc tcl12 - ASM jmp tcl10 - tcl8: - ASM div DWORD PTR ldy - ASM mov edi,eax - ASM mov esi,edx - tcl10: - ASM mov eax,sdy - ASM mul edi - ASM cmp edx,esi - ASM jb tcl12 - ASM jne tcl11 - ASM cmp eax,[bx-4] - ASM jbe tcl12 - tcl11: - ASM dec edi - ASM add esi,ldy - ASM jnc tcl10 - tcl12: - ASM mov attemp,edi -#ifdef MR_LMM - ASM pop ds -#endif - ASM pop edi - ASM pop esi -#endif -#if INLINE_ASM == 3 - ASM push esi - ASM push edi - ASM mov ebx,w0g - ASM mov esi,k - ASM shl esi,2 - ASM add ebx,esi - ASM mov edx,[ebx+4] - ASM mov eax,[ebx] - ASM cmp edx,ldy - ASM jne tcl8 - ASM mov edi,0xffffffff - ASM mov esi,eax - ASM add esi,ldy - ASM jc tcl12 - ASM jmp tcl10 - tcl8: - ASM div DWORD PTR ldy - ASM mov edi,eax - ASM mov esi,edx - tcl10: - ASM mov eax,sdy - ASM mul edi - ASM cmp edx,esi - ASM jb tcl12 - ASM jne tcl11 - ASM cmp eax,[ebx-4] - ASM jbe tcl12 - tcl11: - ASM dec edi - ASM add esi,ldy - ASM jnc tcl10 - tcl12: - ASM mov attemp,edi - ASM pop edi - ASM pop esi -#endif -#if INLINE_ASM == 4 - ASM ( - "movl %1,%%ebx\n" - "movl %2,%%esi\n" - "shll $2,%%esi\n" - "addl %%esi,%%ebx\n" - "movl 4(%%ebx),%%edx\n" - "movl (%%ebx),%%eax\n" - "cmpl %3,%%edx\n" - "jne tcl8\n" - "movl $0xffffffff,%%edi\n" - "movl %%eax,%%esi\n" - "addl %3,%%esi\n" - "jc tcl12\n" - "jmp tcl10\n" - "tcl8:\n" - "divl %3\n" - "movl %%eax,%%edi\n" - "movl %%edx,%%esi\n" - "tcl10:\n" - "movl %4,%%eax\n" - "mull %%edi\n" - "cmpl %%esi,%%edx\n" - "jb tcl12\n" - "jne tcl11\n" - "cmpl -4(%%ebx),%%eax\n" - "jbe tcl12\n" - "tcl11:\n" - "decl %%edi\n" - "addl %3,%%esi\n" - "jnc tcl10\n" - "tcl12:\n" - "movl %%edi,%0\n" - :"=m"(attemp) - :"m"(w0g),"m"(k),"m"(ldy),"m"(sdy) - :"eax","edi","esi","ebx","ecx","edx","memory" - ); -#endif -#endif -#ifndef INLINE_ASM - carry=0; - if (w0->w[k+1]==ldy) /* guess next quotient digit */ - { - attemp=(mr_small)(-1); - ra=ldy+w0->w[k]; - if (raw[k]; - dble.h[MR_TOP]=w0->w[k+1]; - attemp=(mr_small)(dble.d/ldy); - ra=(mr_small)(dble.d-(mr_large)attemp*ldy); - } -#else - else attemp=muldvm(w0->w[k+1],w0->w[k],ldy,&ra); -#endif - while (carry==0) - { -#ifdef MR_NOASM - dble.d=(mr_large)attemp*sdy; - r=dble.h[MR_BOT]; - tst=dble.h[MR_TOP]; -#else - tst=muldvd(sdy,attemp,(mr_small)0,&r); -#endif - if (tst< ra || (tst==ra && r<=w0->w[k-1])) break; - attemp--; /* refine guess */ - ra+=ldy; - if (ra0) - { /* do partial subtraction */ - borrow=0; - /* inline - substitutes for loop below */ -#ifdef INLINE_ASM -#if INLINE_ASM == 1 - ASM cld - ASM mov cx,y0 - ASM mov si,m - ASM shl si,1 - ASM mov di,attemp -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les bx,DWORD PTR w0g - ASM add bx,si - ASM sub bx,2 - ASM lds si,DWORD PTR yg -#else - ASM mov bx,w0g - ASM add bx,si - ASM sub bx,2 - ASM mov si,yg -#endif - ASM push bp - ASM xor bp,bp - - tcl3: - ASM lodsw - ASM mul di - ASM add ax,bp - ASM adc dx,0 - ASM inc bx - ASM inc bx -#ifdef MR_LMM - ASM sub es:[bx],ax -#else - ASM sub [bx],ax -#endif - ASM adc dx,0 - ASM mov bp,dx - ASM loop tcl3 - - ASM mov ax,bp - ASM pop bp -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif - ASM mov borrow,ax -#endif -/* NOTE push and pop of esi/edi should not be necessary - Borland C bug * - * These pushes are needed here even if register variables are disabled */ -#if INLINE_ASM == 2 - ASM push esi - ASM push edi - ASM cld - ASM mov cx,y0 - ASM mov si,m - ASM shl si,2 - ASM mov edi,attemp -#ifdef MR_LMM - ASM push ds - ASM push es - ASM les bx,DWORD PTR w0g - ASM add bx,si - ASM sub bx,4 - ASM lds si,DWORD PTR yg -#else - ASM mov bx,w0g - ASM add bx,si - ASM sub bx,4 - ASM mov si,yg -#endif - ASM push ebp - ASM xor ebp,ebp - - tcl3: - ASM lodsd - ASM mul edi - ASM add eax,ebp - ASM adc edx,0 - ASM add bx,4 -#ifdef MR_LMM - ASM sub es:[bx],eax -#else - ASM sub [bx],eax -#endif - ASM adc edx,0 - ASM mov ebp,edx - ASM loop tcl3 - - ASM mov eax,ebp - ASM pop ebp -#ifdef MR_LMM - ASM pop es - ASM pop ds -#endif - ASM mov borrow,eax - ASM pop edi - ASM pop esi -#endif -#if INLINE_ASM == 3 - ASM push esi - ASM push edi - ASM mov ecx,y0 - ASM mov esi,m - ASM shl esi,2 - ASM mov edi,attemp - ASM mov ebx,w0g - ASM add ebx,esi - ASM mov esi,yg - ASM sub ebx,esi - ASM sub ebx,4 - ASM push ebp - ASM xor ebp,ebp - - tcl3: - ASM mov eax,[esi] - ASM add esi,4 - ASM mul edi - ASM add eax,ebp - ASM mov ebp,[esi+ebx] - ASM adc edx,0 - ASM sub ebp,eax - ASM adc edx,0 - ASM mov [esi+ebx],ebp - ASM dec ecx - ASM mov ebp,edx - ASM jnz tcl3 - - ASM mov eax,ebp - ASM pop ebp - ASM mov borrow,eax - ASM pop edi - ASM pop esi -#endif -#if INLINE_ASM == 4 - ASM ( - "movl %1,%%ecx\n" - "movl %2,%%esi\n" - "shll $2,%%esi\n" - "movl %3,%%edi\n" - "movl %4,%%ebx\n" - "addl %%esi,%%ebx\n" - "movl %5,%%esi\n" - "subl %%esi,%%ebx\n" - "subl $4,%%ebx\n" - "pushl %%ebp\n" - "xorl %%ebp,%%ebp\n" - "tcl3:\n" - "movl (%%esi),%%eax\n" - "addl $4,%%esi\n" - "mull %%edi\n" - "addl %%ebp,%%eax\n" - "movl (%%esi,%%ebx),%%ebp\n" - "adcl $0,%%edx\n" - "subl %%eax,%%ebp\n" - "adcl $0,%%edx\n" - "movl %%ebp,(%%esi,%%ebx)\n" - "decl %%ecx\n" - "movl %%edx,%%ebp\n" - "jnz tcl3\n" - - "movl %%ebp,%%eax\n" - "popl %%ebp\n" - "movl %%eax,%0\n" - - :"=m"(borrow) - :"m"(y0),"m"(m),"m"(attemp),"m"(w0g),"m"(yg) - :"eax","edi","esi","ebx","ecx","edx","memory" - ); -#endif -#endif -#ifndef INLINE_ASM - for (i=0;iw[i]+borrow; - dig=dble.h[MR_BOT]; - borrow=dble.h[MR_TOP]; -#else - borrow=muldvd(attemp,y->w[i],borrow,&dig); -#endif - if (w0->w[m+i]w[m+i]-=dig; - } -#endif - - if (w0->w[k+1]w[k+1]=0; - carry=0; - for (i=0;iw[m+i]+y->w[i]+carry; - if (psum>y->w[i]) carry=0; - if (psumw[i]) carry=1; - w0->w[m+i]=psum; - } - attemp--; /* ... and adjust guess */ - } - else w0->w[k+1]-=borrow; - } - if (k==w00-1 && attemp==0) w00--; - else if (y!=z) z->w[m]=attemp; - } -#endif -#ifndef MR_SIMPLE_BASE - } - else - { /* have to do it the hard way */ - if (d!=1) mr_pmul(_MIPP_ w0,d,w0); - ldy=y->w[y0-1]; - sdy=y->w[y0-2]; - - for (k=w00-1;k>=y0-1;k--) - { /* long division */ - - - if (w0->w[k+1]==ldy) /* guess next quotient digit */ - { - attemp=mr_mip->base-1; - ra=ldy+w0->w[k]; - } -#ifdef MR_NOASM - else - { - dbled=(mr_large)w0->w[k+1]*mr_mip->base+w0->w[k]; - attemp=(mr_small)MR_LROUND(dbled/ldy); - ra=(mr_small)(dbled-(mr_large)attemp*ldy); - } -#else - else attemp=muldiv(w0->w[k+1],mr_mip->base,w0->w[k],ldy,&ra); -#endif - while (rabase) - { -#ifdef MR_NOASM - dbled=(mr_large)sdy*attemp; -#ifdef MR_FP_ROUNDING - tst=(mr_small)MR_LROUND(dbled*mr_mip->inverse_base); -#else -#ifndef MR_FP - if (mr_mip->base==mr_mip->base2) - tst=(mr_small)(dbled>>mr_mip->lg2b); - else -#endif - tst=(mr_small)MR_LROUND(dbled/mr_mip->base); -#endif - r=(mr_small)(dbled-(mr_large)tst*mr_mip->base); -#else -#ifdef MR_FP_ROUNDING - tst=imuldiv(sdy,attemp,(mr_small)0,mr_mip->base,mr_mip->inverse_base,&r); -#else - tst=muldiv(sdy,attemp,(mr_small)0,mr_mip->base,&r); -#endif -#endif - if (tst< ra || (tst==ra && r<=w0->w[k-1])) break; - attemp--; /* refine guess */ - ra+=ldy; - } - m=k-y0+1; - if (attemp>0) - { /* do partial subtraction */ - borrow=0; - for (i=0;iw[i]+borrow; -#ifdef MR_FP_ROUNDING - borrow=(mr_small)MR_LROUND(dbled*mr_mip->inverse_base); -#else -#ifndef MR_FP - if (mr_mip->base==mr_mip->base2) - borrow=(mr_small)(dbled>>mr_mip->lg2b); - else -#endif - borrow=(mr_small)MR_LROUND(dbled/mr_mip->base); -#endif - dig=(mr_small)(dbled-(mr_large)borrow*mr_mip->base); -#else -#ifdef MR_FP_ROUNDING - borrow=imuldiv(attemp,y->w[i],borrow,mr_mip->base,mr_mip->inverse_base,&dig); -#else - borrow=muldiv(attemp,y->w[i],borrow,mr_mip->base,&dig); -#endif -#endif - if (w0->w[m+i]w[m+i]+=(mr_mip->base-dig); - } - else w0->w[m+i]-=dig; - } - if (w0->w[k+1]w[k+1]=0; - carry=0; - for (i=0;iw[m+i]+y->w[i]+carry; - carry=0; - if (psum>=mr_mip->base) - { - carry=1; - psum-=mr_mip->base; - } - w0->w[m+i]=psum; - } - attemp--; /* ... and adjust guess */ - } - else - w0->w[k+1]-=borrow; - } - if (k==w00-1 && attemp==0) w00--; - else if (y!=z) z->w[m]=attemp; - } - } -#endif - if (y!=z) z->len=((w00-y0+1)|sz); /* set sign and length of result */ - - w0->len=y0; - - mr_lzero(y); - mr_lzero(z); - - if (x!=z) - { - mr_lzero(w0); -#ifdef MR_FP_ROUNDING - if (d!=1) mr_sdiv(_MIPP_ w0,d,mr_invert(d),x); -#else - if (d!=1) mr_sdiv(_MIPP_ w0,d,x); -#endif - else copy(w0,x); - if (x->len!=0) x->len|=sx; - } -#ifdef MR_FP_ROUNDING - if (d!=1) mr_sdiv(_MIPP_ y,d,mr_invert(d),y); -#else - if (d!=1) mr_sdiv(_MIPP_ y,d,y); -#endif - y->len|=sy; - mr_mip->check=check; - - MR_OUT -} - -BOOL divisible(_MIPD_ big x,big y) -{ /* returns y|x, that is TRUE if y divides x exactly */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - MR_IN(87) - - copy (x,mr_mip->w0); - divide(_MIPP_ mr_mip->w0,y,y); - - MR_OUT - if (size(mr_mip->w0)==0) return TRUE; - else return FALSE; -} - -void mad(_MIPD_ big x,big y,big z,big w,big q,big r) -{ /* Multiply, Add and Divide; q=(x*y+z)/w remainder r * - * returns remainder only if w=q, quotient only if q=r * - * add done only if x, y and z are distinct. */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - BOOL check; - if (mr_mip->ERNUM) return; - - MR_IN(24) - if (w==r) - { - mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS); - MR_OUT - return; - } - check=mr_mip->check; - mr_mip->check=OFF; /* turn off some error checks */ - - multiply(_MIPP_ x,y,mr_mip->w0); - if (x!=z && y!=z) add(_MIPP_ mr_mip->w0,z,mr_mip->w0); - - divide(_MIPP_ mr_mip->w0,w,q); - if (q!=r) copy(mr_mip->w0,r); - mr_mip->check=check; - MR_OUT -} - diff --git a/crypto/sm2/miracl/mrarth3.c b/crypto/sm2/miracl/mrarth3.c deleted file mode 100644 index 5f4deb74..00000000 --- a/crypto/sm2/miracl/mrarth3.c +++ /dev/null @@ -1,231 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL arithmetic routines 3 - simple powers and roots - * mrarth3.c - */ - -#include -#include - -void expint(_MIPD_ int b,int n,big x) -{ /* sets x=b^n */ - unsigned int bit,un; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - convert(_MIPP_ 1,x); - if (n==0) return; - - MR_IN(50) - - if (n<0) - { - mr_berror(_MIPP_ MR_ERR_NEG_POWER); - MR_OUT - return; - } - if (b==2) expb2(_MIPP_ n,x); - else - { - bit=1; - un=(unsigned int)n; - while (un>=bit) bit<<=1; - bit>>=1; - while (bit>0) - { /* ltr method */ - multiply(_MIPP_ x,x,x); - if ((bit&un)!=0) premult(_MIPP_ x,b,x); - bit>>=1; - } - } - MR_OUT -} - -void power(_MIPD_ big x,long n,big z,big w) -{ /* raise big number to int power w=x^n * - * (mod z if z and w distinct) */ - mr_small norm; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - copy(x,mr_mip->w5); - zero(w); - if(mr_mip->ERNUM || size(mr_mip->w5)==0) return; - convert(_MIPP_ 1,w); - if (n==0L) return; - - MR_IN(17) - - if (n<0L) - { - mr_berror(_MIPP_ MR_ERR_NEG_POWER); - MR_OUT - return; - } - - if (w==z) forever - { /* "Russian peasant" exponentiation */ - if (n%2!=0L) - multiply(_MIPP_ w,mr_mip->w5,w); - n/=2L; - if (mr_mip->ERNUM || n==0L) break; - multiply(_MIPP_ mr_mip->w5,mr_mip->w5,mr_mip->w5); - } - else - { - norm=normalise(_MIPP_ z,z); - divide(_MIPP_ mr_mip->w5,z,z); - forever - { - if (mr_mip->user!=NULL) (*mr_mip->user)(); - - if (n%2!=0L) mad(_MIPP_ w,mr_mip->w5,mr_mip->w5,z,z,w); - n/=2L; - if (mr_mip->ERNUM || n==0L) break; - mad(_MIPP_ mr_mip->w5,mr_mip->w5,mr_mip->w5,z,z,mr_mip->w5); - } - if (norm!=1) - { -#ifdef MR_FP_ROUNDING - mr_sdiv(_MIPP_ z,norm,mr_invert(norm),z); -#else - mr_sdiv(_MIPP_ z,norm,z); -#endif - divide(_MIPP_ w,z,z); - } - } - - MR_OUT -} - -BOOL nroot(_MIPD_ big x,int n,big w) -{ /* extract lower approximation to nth root * - * w=x^(1/n) returns TRUE for exact root * - * uses Newtons method */ - int sx,dif,s,p,d,lg2,lgx,rem; - BOOL full; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - if (size(x)==0 || n==1) - { - copy(x,w); - return TRUE; - } - - MR_IN(16) - - if (n<1) mr_berror(_MIPP_ MR_ERR_BAD_ROOT); - sx=exsign(x); - if (n%2==0 && sx==MINUS) mr_berror(_MIPP_ MR_ERR_NEG_ROOT); - if (mr_mip->ERNUM) - { - MR_OUT - return FALSE; - } - insign(PLUS,x); - lgx=logb2(_MIPP_ x); - if (n>=lgx) - { /* root must be 1 */ - insign(sx,x); - convert(_MIPP_ sx,w); - MR_OUT - if (lgx==1) return TRUE; - else return FALSE; - } - expb2(_MIPP_ 1+(lgx-1)/n,mr_mip->w2); /* guess root as 2^(log2(x)/n) */ - s=(-(((int)x->len-1)/n)*n); - mr_shift(_MIPP_ mr_mip->w2,s/n,mr_mip->w2); - lg2=logb2(_MIPP_ mr_mip->w2)-1; - full=FALSE; - if (s==0) full=TRUE; - d=0; - p=1; - while (!mr_mip->ERNUM) - { /* Newtons method */ - copy(mr_mip->w2,mr_mip->w3); - mr_shift(_MIPP_ x,s,mr_mip->w4); - mr_mip->check=OFF; - power(_MIPP_ mr_mip->w2,n-1,mr_mip->w6,mr_mip->w6); - mr_mip->check=ON; - divide(_MIPP_ mr_mip->w4,mr_mip->w6,mr_mip->w2); - rem=size(mr_mip->w4); - subtract(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w2); - dif=size(mr_mip->w2); - subdiv(_MIPP_ mr_mip->w2,n,mr_mip->w2); - add(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w2); - p*=2; - if(plg2b) continue; - if (full && mr_abs(dif)w2,1,mr_mip->w2); - mr_mip->check=OFF; - power(_MIPP_ mr_mip->w2,n,mr_mip->w6,mr_mip->w6); - mr_mip->check=ON; - dif=mr_compare(x,mr_mip->w6); - } - copy(mr_mip->w2,w); - insign(sx,w); - insign(sx,x); - MR_OUT - if (rem==0 && dif==0) return TRUE; - else return FALSE; - } - else - { /* adjust precision */ - d*=2; - if (d==0) d=1; - s+=d*n; - if (s>=0) - { - d-=s/n; - s=0; - full=TRUE; - } - mr_shift(_MIPP_ mr_mip->w2,d,mr_mip->w2); - } - p/=2; - } - MR_OUT - return FALSE; -} - diff --git a/crypto/sm2/miracl/mrbits.c b/crypto/sm2/miracl/mrbits.c deleted file mode 100644 index b14021f8..00000000 --- a/crypto/sm2/miracl/mrbits.c +++ /dev/null @@ -1,245 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL bit manipulation routines - * mrbits.c - */ - -#include -#include - -#ifdef MR_FP -#include -#endif - -int logb2(_MIPD_ big x) -{ /* returns number of bits in x */ - int xl,lg2; - mr_small top; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM || size(x)==0) return 0; - - MR_IN(49) - - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - xl=(int)(x->len&MR_OBITS); - lg2=mr_mip->lg2b*(xl-1); - top=x->w[xl-1]; - while (top>=1) - { - lg2++; - top/=2; - } - -#ifndef MR_ALWAYS_BINARY - } - else - { - copy(x,mr_mip->w0); - insign(PLUS,mr_mip->w0); - lg2=0; - while (mr_mip->w0->len>1) - { -#ifdef MR_FP_ROUNDING - mr_sdiv(_MIPP_ mr_mip->w0,mr_mip->base2,mr_invert(mr_mip->base2),mr_mip->w0); -#else - mr_sdiv(_MIPP_ mr_mip->w0,mr_mip->base2,mr_mip->w0); -#endif - lg2+=mr_mip->lg2b; - } - - while (mr_mip->w0->w[0]>=1) - { - lg2++; - mr_mip->w0->w[0]/=2; - } - } -#endif - MR_OUT - return lg2; -} - -void sftbit(_MIPD_ big x,int n,big z) -{ /* shift x by n bits */ - int m; - mr_small sm; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - copy(x,z); - if (n==0) return; - - MR_IN(47) - - m=mr_abs(n); - sm=mr_shiftbits((mr_small)1,m%mr_mip->lg2b); - if (n>0) - { /* shift left */ - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - mr_shift(_MIPP_ z,n/mr_mip->lg2b,z); - mr_pmul(_MIPP_ z,sm,z); -#ifndef MR_ALWAYS_BINARY - } - else - { - expb2(_MIPP_ m,mr_mip->w1); - multiply(_MIPP_ z,mr_mip->w1,z); - } -#endif - } - else - { /* shift right */ - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - mr_shift(_MIPP_ z,n/mr_mip->lg2b,z); -#ifdef MR_FP_ROUNDING - mr_sdiv(_MIPP_ z,sm,mr_invert(sm),z); -#else - mr_sdiv(_MIPP_ z,sm,z); -#endif - -#ifndef MR_ALWAYS_BINARY - } - else - { - expb2(_MIPP_ m,mr_mip->w1); - divide(_MIPP_ z,mr_mip->w1,z); - } -#endif - } - MR_OUT -} - -void expb2(_MIPD_ int n,big x) -{ /* sets x=2^n */ - int r,p; -#ifndef MR_ALWAYS_BINARY - int i; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - convert(_MIPP_ 1,x); - if (n==0) return; - - MR_IN(149) - - if (n<0) - { - mr_berror(_MIPP_ MR_ERR_NEG_POWER); - MR_OUT - return; - } - r=n/mr_mip->lg2b; - p=n%mr_mip->lg2b; - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - mr_shift(_MIPP_ x,r,x); - x->w[x->len-1]=mr_shiftbits(x->w[x->len-1],p); -#ifndef MR_ALWAYS_BINARY - } - else - { - for (i=1;i<=r;i++) - mr_pmul(_MIPP_ x,mr_mip->base2,x); - mr_pmul(_MIPP_ x,mr_shiftbits((mr_small)1,p),x); - } -#endif - MR_OUT -} - -#ifndef MR_NO_RAND - -void bigbits(_MIPD_ int n,big x) -{ /* sets x as random < 2^n */ - mr_small r; - mr_lentype wlen; -#ifdef MR_FP - mr_small dres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - zero(x); - if (mr_mip->ERNUM || n<=0) return; - - MR_IN(150) - - expb2(_MIPP_ n,mr_mip->w1); - wlen=mr_mip->w1->len; - do - { - r=brand(_MIPPO_ ); - if (mr_mip->base==0) x->w[x->len++]=r; - else x->w[x->len++]=MR_REMAIN(r,mr_mip->base); - } while (x->lenbase==mr_mip->base2) - { -#endif - - x->w[wlen-1]=MR_REMAIN(x->w[wlen-1],mr_mip->w1->w[wlen-1]); - mr_lzero(x); - -#ifndef MR_ALWAYS_BINARY - } - else - { - divide(_MIPP_ x,mr_mip->w1,mr_mip->w1); - } -#endif - - MR_OUT -} - -#endif diff --git a/crypto/sm2/miracl/mrcore.c b/crypto/sm2/miracl/mrcore.c deleted file mode 100644 index 855b063f..00000000 --- a/crypto/sm2/miracl/mrcore.c +++ /dev/null @@ -1,2290 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * - * MIRACL Core module - contains initialisation code and general purpose - * utilities - * mrcore.c - * - * Space can be saved by removing unneeded functions (mr_and ?) - * - */ - -#include -#include -#include - - -#ifdef MR_FP -#include -#endif - - -/*** Multi-Threaded Support ***/ - -#ifndef MR_GENERIC_MT - - #ifdef MR_OPENMP_MT - #include - -#define MR_MIP_EXISTS - - miracl *mr_mip; - #pragma omp threadprivate(mr_mip) - - miracl *get_mip() - { - return mr_mip; - } - - void mr_init_threading() - { - } - - void mr_end_threading() - { - } - - #endif - - #ifdef MR_WINDOWS_MT - #include - DWORD mr_key; - - miracl *get_mip() - { - return (miracl *)TlsGetValue(mr_key); - } - - void mr_init_threading() - { - mr_key=TlsAlloc(); - } - - void mr_end_threading() - { - TlsFree(mr_key); - } - - #endif - - #ifdef MR_UNIX_MT - #include - pthread_key_t mr_key; - - miracl *get_mip() - { - return (miracl *)pthread_getspecific(mr_key); - } - - void mr_init_threading() - { - pthread_key_create(&mr_key,(void(*)(void *))NULL); - } - - void mr_end_threading() - { - pthread_key_delete(mr_key); - } - #endif - - #ifndef MR_WINDOWS_MT - #ifndef MR_UNIX_MT - #ifndef MR_OPENMP_MT - #ifdef MR_STATIC - miracl mip; - miracl *mr_mip=&mip; - #else - miracl *mr_mip=NULL; /* MIRACL's one and only global variable */ - #endif -#define MR_MIP_EXISTS - miracl *get_mip() - { - return (miracl *)mr_mip; - } - #endif - #endif - #endif - -#ifdef MR_MIP_EXISTS - void set_mip(miracl *mip) - { - mr_mip=mip; - } -#endif - -#endif - -/* See Advanced Windows by Jeffrey Richter, Chapter 12 for methods for - creating different instances of this global for each executing thread - when using Windows '95/NT -*/ - -#ifdef MR_STATIC - -#if MIRACL==8 - -static const int mr_small_primes[]= -{2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103, -107,109,113,127,0}; - -#else - -static const int mr_small_primes[]= -{2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103, -107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211, -223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331, -337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449, -457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587, -593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709, -719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853, -857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991, -997,0}; - -#endif - -#endif - -#ifndef MR_STRIPPED_DOWN -#ifndef MR_NO_STANDARD_IO - -static char *names[] = -{(char *)"your program",(char *)"innum",(char *)"otnum",(char *)"jack",(char *)"normalise", -(char *)"multiply",(char *)"divide",(char *)"incr",(char *)"decr",(char *)"premult", -(char *)"subdiv",(char *)"fdsize",(char *)"egcd",(char *)"cbase", -(char *)"cinnum",(char *)"cotnum",(char *)"nroot",(char *)"power", -(char *)"powmod",(char *)"bigdig",(char *)"bigrand",(char *)"nxprime",(char *)"isprime", -(char *)"mirvar",(char *)"mad",(char *)"multi_inverse",(char *)"putdig", -(char *)"add",(char *)"subtract",(char *)"mirsys",(char *)"xgcd", -(char *)"fpack",(char *)"dconv",(char *)"mr_shift",(char *)"mround",(char *)"fmul", -(char *)"fdiv",(char *)"fadd",(char *)"fsub",(char *)"fcomp",(char *)"fconv", -(char *)"frecip",(char *)"fpmul",(char *)"fincr",(char *)"",(char *)"ftrunc", -(char *)"frand",(char *)"sftbit",(char *)"build",(char *)"logb2",(char *)"expint", -(char *)"fpower",(char *)"froot",(char *)"fpi",(char *)"fexp",(char *)"flog",(char *)"fpowf", -(char *)"ftan",(char *)"fatan",(char *)"fsin",(char *)"fasin",(char *)"fcos",(char *)"facos", -(char *)"ftanh",(char *)"fatanh",(char *)"fsinh",(char *)"fasinh",(char *)"fcosh", -(char *)"facosh",(char *)"flop",(char *)"gprime",(char *)"powltr",(char *)"fft_mult", -(char *)"crt_init",(char *)"crt",(char *)"otstr",(char *)"instr",(char *)"cotstr",(char *)"cinstr",(char *)"powmod2", -(char *)"prepare_monty",(char *)"nres",(char *)"redc",(char *)"nres_modmult",(char *)"nres_powmod", -(char *)"nres_moddiv",(char *)"nres_powltr",(char *)"divisible",(char *)"remain", -(char *)"fmodulo",(char *)"nres_modadd",(char *)"nres_modsub",(char *)"nres_negate", -(char *)"ecurve_init",(char *)"ecurve_add",(char *)"ecurve_mult", -(char *)"epoint_init",(char *)"epoint_set",(char *)"epoint_get",(char *)"nres_powmod2", -(char *)"nres_sqroot",(char *)"sqroot",(char *)"nres_premult",(char *)"ecurve_mult2", -(char *)"ecurve_sub",(char *)"trial_division",(char *)"nxsafeprime",(char *)"nres_lucas",(char *)"lucas", -(char *)"brick_init",(char *)"pow_brick",(char *)"set_user_function", -(char *)"nres_powmodn",(char *)"powmodn",(char *)"ecurve_multn", -(char *)"ebrick_init",(char *)"mul_brick",(char *)"epoint_norm",(char *)"nres_multi_inverse",(char *)"", -(char *)"nres_dotprod",(char *)"epoint_negate",(char *)"ecurve_multi_add", -(char *)"ecurve2_init",(char *)"",(char *)"epoint2_set",(char *)"epoint2_norm",(char *)"epoint2_get", -(char *)"epoint2_comp",(char *)"ecurve2_add",(char *)"epoint2_negate",(char *)"ecurve2_sub", -(char *)"ecurve2_multi_add",(char *)"ecurve2_mult",(char *)"ecurve2_multn",(char *)"ecurve2_mult2", -(char *)"ebrick2_init",(char *)"mul2_brick",(char *)"prepare_basis",(char *)"strong_bigrand", -(char *)"bytes_to_big",(char *)"big_to_bytes",(char *)"set_io_buffer_size", -(char *)"epoint_getxyz",(char *)"epoint_double_add",(char *)"nres_double_inverse", -(char *)"double_inverse",(char *)"epoint_x",(char *)"hamming",(char *)"expb2",(char *)"bigbits", -(char *)"nres_lazy",(char *)"zzn2_imul",(char *)"nres_double_modadd",(char *)"nres_double_modsub", -/*155*/(char *)"",(char *)"zzn2_from_int",(char *)"zzn2_negate",(char *)"zzn2_conj",(char *)"zzn2_add", -(char *)"zzn2_sub",(char *)"zzn2_smul",(char *)"zzn2_mul",(char *)"zzn2_inv",(char *)"zzn2_timesi",(char *)"zzn2_powl", -(char *)"zzn2_from_bigs",(char *)"zzn2_from_big",(char *)"zzn2_from_ints", -(char *)"zzn2_sadd",(char *)"zzn2_ssub",(char *)"zzn2_times_irp",(char *)"zzn2_div2", -(char *)"zzn3_from_int",(char *)"zzn3_from_ints",(char *)"zzn3_from_bigs", -(char *)"zzn3_from_big",(char *)"zzn3_negate",(char *)"zzn3_powq",(char *)"zzn3_init", -(char *)"zzn3_add",(char *)"zzn3_sadd",(char *)"zzn3_sub",(char *)"zzn3_ssub",(char *)"zzn3_smul", -(char *)"zzn3_imul",(char *)"zzn3_mul",(char *)"zzn3_inv",(char *)"zzn3_div2",(char *)"zzn3_timesi", -(char *)"epoint_multi_norm",(char *)"mr_jsf",(char *)"epoint2_multi_norm", -(char *)"ecn2_compare",(char *)"ecn2_norm",(char *)"ecn2_set",(char *)"zzn2_txx", -(char *)"zzn2_txd",(char *)"nres_div2",(char *)"nres_div3",(char *)"zzn2_div3", -(char *)"ecn2_setx",(char *)"ecn2_rhs",(char *)"zzn2_qr",(char *)"zzn2_sqrt",(char *)"ecn2_add",(char *)"ecn2_mul2_jsf",(char *)"ecn2_mul", -(char *)"nres_div5",(char *)"zzn2_div5",(char *)"zzn2_sqr",(char *)"ecn2_add_sub",(char *)"ecn2_psi",(char *)"invmodp", -(char *)"zzn2_multi_inverse",(char *)"ecn2_multi_norm",(char *)"ecn2_precomp",(char *)"ecn2_mul4_gls_v", -(char *)"ecn2_mul2",(char *)"ecn2_precomp_gls",(char *)"ecn2_mul2_gls", -(char *)"ecn2_brick_init",(char *)"ecn2_mul_brick_gls",(char *)"ecn2_multn",(char *)"zzn3_timesi2", -(char *)"nres_complex",(char *)"zzn4_from_int",(char *)"zzn4_negate",(char *)"zzn4_conj",(char *)"zzn4_add",(char *)"zzn4_sadd",(char *)"zzn4_sub",(char *)"zzn4_ssub",(char *)"zzn4_smul",(char *)"zzn4_sqr", -(char *)"zzn4_mul",(char *)"zzn4_inv",(char *)"zzn4_div2",(char *)"zzn4_powq",(char *)"zzn4_tx",(char *)"zzn4_imul",(char *)"zzn4_lmul",(char *)"zzn4_from_big", -(char *)"ecn2_mult4"}; - -/* 0 - 243 (244 in all) */ - -#endif -#endif - -#ifdef MR_NOASM - -/* C only versions of muldiv/muldvd/muldvd2/muldvm */ -/* Note that mr_large should be twice the size of mr_small */ - -mr_small muldiv(mr_small a,mr_small b,mr_small c,mr_small m,mr_small *rp) -{ - mr_small q; - mr_large ldres,p=(mr_large)a*b+c; - q=(mr_small)(MR_LROUND(p/m)); - *rp=(mr_small)(p-(mr_large)q*m); - return q; -} - -#ifdef MR_FP_ROUNDING - -mr_small imuldiv(mr_small a,mr_small b,mr_small c,mr_small m,mr_large im,mr_small *rp) -{ - mr_small q; - mr_large ldres,p=(mr_large)a*b+c; - q=(mr_small)MR_LROUND(p*im); - *rp=(mr_small)(p-(mr_large)q*m); - return q; -} - -#endif - -#ifndef MR_NOFULLWIDTH - -mr_small muldvm(mr_small a,mr_small c,mr_small m,mr_small *rp) -{ - mr_small q; - union doubleword dble; - dble.h[MR_BOT]=c; - dble.h[MR_TOP]=a; - - q=(mr_small)(dble.d/m); - *rp=(mr_small)(dble.d-(mr_large)q*m); - return q; -} - -mr_small muldvd(mr_small a,mr_small b,mr_small c,mr_small *rp) -{ - union doubleword dble; - dble.d=(mr_large)a*b+c; - - *rp=dble.h[MR_BOT]; - return dble.h[MR_TOP]; -} - -void muldvd2(mr_small a,mr_small b,mr_small *c,mr_small *rp) -{ - union doubleword dble; - dble.d=(mr_large)a*b+*c+*rp; - *rp=dble.h[MR_BOT]; - *c=dble.h[MR_TOP]; -} - -#endif -#endif - -#ifdef MR_NOFULLWIDTH - -/* no FULLWIDTH working, so supply dummies */ - -/* - -mr_small muldvd(mr_small a,mr_small b,mr_small c,mr_small *rp) -{ - return (mr_small)0; -} - -mr_small muldvm(mr_small a,mr_small c,mr_small m,mr_small *rp) -{ - return (mr_small)0; -} - -void muldvd2(mr_small a,mr_small b,mr_small *c,mr_small *rp) -{ -} - -*/ - -#endif - -#ifndef MR_NO_STANDARD_IO - -static void mputs(char *s) -{ /* output a string */ - int i=0; - while (s[i]!=0) fputc((int)s[i++],stdout); -} -#endif - -void mr_berror(_MIPD_ int nerr) -{ /* Big number error routine */ -#ifndef MR_STRIPPED_DOWN -int i; -#endif - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - -if (mr_mip->ERCON) -{ - mr_mip->ERNUM=nerr; - return; -} -#ifndef MR_NO_STANDARD_IO - -#ifndef MR_STRIPPED_DOWN -mputs((char *)"\nMIRACL error from routine "); -if (mr_mip->depthtrace[mr_mip->depth]]); -else mputs((char *)"???"); -fputc('\n',stdout); - -for (i=mr_mip->depth-1;i>=0;i--) -{ - mputs((char *)" called from "); - if (itrace[i]]); - else mputs((char *)"???"); - fputc('\n',stdout); -} - -switch (nerr) -{ -case 1 : -mputs((char *)"Number base too big for representation\n"); -break; -case 2 : -mputs((char *)"Division by zero attempted\n"); -break; -case 3 : -mputs((char *)"Overflow - Number too big\n"); -break; -case 4 : -mputs((char *)"Internal result is negative\n"); -break; -case 5 : -mputs((char *)"Input format error\n"); -break; -case 6 : -mputs((char *)"Illegal number base\n"); -break; -case 7 : -mputs((char *)"Illegal parameter usage\n"); -break; -case 8 : -mputs((char *)"Out of space\n"); -break; -case 9 : -mputs((char *)"Even root of a negative number\n"); -break; -case 10: -mputs((char *)"Raising integer to negative power\n"); -break; -case 11: -mputs((char *)"Attempt to take illegal root\n"); -break; -case 12: -mputs((char *)"Integer operation attempted on Flash number\n"); -break; -case 13: -mputs((char *)"Flash overflow\n"); -break; -case 14: -mputs((char *)"Numbers too big\n"); -break; -case 15: -mputs((char *)"Log of a non-positive number\n"); -break; -case 16: -mputs((char *)"Flash to double conversion failure\n"); -break; -case 17: -mputs((char *)"I/O buffer overflow\n"); -break; -case 18: -mputs((char *)"MIRACL not initialised - no call to mirsys()\n"); -break; -case 19: -mputs((char *)"Illegal modulus \n"); -break; -case 20: -mputs((char *)"No modulus defined\n"); -break; -case 21: -mputs((char *)"Exponent too big\n"); -break; -case 22: -mputs((char *)"Unsupported Feature - check mirdef.h\n"); -break; -case 23: -mputs((char *)"Specified double length type isn't double length\n"); -break; -case 24: -mputs((char *)"Specified basis is NOT irreducible\n"); -break; -case 25: -mputs((char *)"Unable to control Floating-point rounding\n"); -break; -case 26: -mputs((char *)"Base must be binary (MR_ALWAYS_BINARY defined in mirdef.h ?)\n"); -break; -case 27: -mputs((char *)"No irreducible basis defined\n"); -break; -case 28: -mputs((char *)"Composite modulus\n"); -break; -case 29: -mputs((char *)"Input/output error when reading from RNG device node\n"); -break; -default: -mputs((char *)"Undefined error\n"); -break; -} -exit(0); -#else -mputs((char *)"MIRACL error\n"); -exit(0); -#endif - -#endif -} - -#ifndef MR_STRIPPED_DOWN - -void mr_track(_MIPDO_ ) -{ /* track course of program execution * - * through the MIRACL routines */ - -#ifndef MR_NO_STANDARD_IO - - int i; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - for (i=0;idepth;i++) fputc('-',stdout); - fputc('>',stdout); - mputs(names[mr_mip->trace[mr_mip->depth]]); - fputc('\n',stdout); -#endif -} - -#endif - -#ifndef MR_NO_RAND - -mr_small brand(_MIPDO_ ) -{ /* Marsaglia & Zaman random number generator */ - int i,k; - mr_unsign32 pdiff,t; - mr_small r; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->lg2b>32) - { /* underlying type is > 32 bits. Assume <= 64 bits */ - mr_mip->rndptr+=2; - if (mr_mip->rndptrira[mr_mip->rndptr]; - r=mr_shiftbits(r,mr_mip->lg2b-32); - r+=(mr_small)mr_mip->ira[mr_mip->rndptr+1]; - return r; - } - } - else - { - mr_mip->rndptr++; - if (mr_mip->rndptrira[mr_mip->rndptr]; - } - mr_mip->rndptr=0; - for (i=0,k=NK-NJ;iira[k]; - pdiff=t - mr_mip->ira[i] - mr_mip->borrow; - if (pdiffborrow=0; - if (pdiff>t) mr_mip->borrow=1; - mr_mip->ira[i]=pdiff; - } - if (mr_mip->lg2b>32) - { /* double up */ - r=(mr_small)mr_mip->ira[0]; - r=mr_shiftbits(r,mr_mip->lg2b-32); - r+=(mr_small)mr_mip->ira[1]; - return r; - } - else return (mr_small)(mr_mip->ira[0]); -} - -void irand(_MIPD_ mr_unsign32 seed) -{ /* initialise random number system */ - int i,in; - mr_unsign32 t,m=1L; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - mr_mip->borrow=0L; - mr_mip->rndptr=0; - mr_mip->ira[0]=seed; - for (i=1;iira[in]=m; - t=m; - m=seed-m; - seed=t; - } - for (i=0;i<1000;i++) brand(_MIPPO_ ); /* "warm-up" & stir the generator */ -} - -#endif - -mr_small mr_shiftbits(mr_small x,int n) -{ -#ifdef MR_FP - int i; - mr_small dres; - if (n==0) return x; - if (n>0) - { - for (i=0;i0) x<<=n; - else x>>=(-n); - return x; -#endif - -} - -mr_small mr_setbase(_MIPD_ mr_small nb) -{ /* set base. Pack as many digits as * - * possible into each computer word */ - mr_small temp; -#ifdef MR_FP - mr_small dres; -#endif -#ifndef MR_NOFULLWIDTH - BOOL fits; - int bits; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - fits=FALSE; - bits=MIRACL; - while (bits>1) - { - bits/=2; - temp=((mr_small)1<apbase=nb; - mr_mip->pack=MIRACL/bits; - mr_mip->base=0; - return 0; - } -#endif - mr_mip->apbase=nb; - mr_mip->pack=1; - mr_mip->base=nb; -#ifdef MR_SIMPLE_BASE - return 0; -#else - if (mr_mip->base==0) return 0; - temp=MR_DIV(MAXBASE,nb); - while (temp>=nb) - { - temp=MR_DIV(temp,nb); - mr_mip->base*=nb; - mr_mip->pack++; - } -#ifdef MR_FP_ROUNDING - mr_mip->inverse_base=mr_invert(mr_mip->base); - return mr_mip->inverse_base; -#else - return 0; -#endif -#endif -} - -#ifdef MR_FLASH - -BOOL fit(big x,big y,int f) -{ /* returns TRUE if x/y would fit flash format of length f */ - int n,d; - n=(int)(x->len&(MR_OBITS)); - d=(int)(y->len&(MR_OBITS)); - if (n==1 && x->w[0]==1) n=0; - if (d==1 && y->w[0]==1) d=0; - if (n+d<=f) return TRUE; - return FALSE; -} - -#endif - -int mr_lent(flash x) -{ /* return length of big or flash in words */ - mr_lentype lx; - lx=(x->len&(MR_OBITS)); -#ifdef MR_FLASH - return (int)((lx&(MR_MSK))+((lx>>(MR_BTS))&(MR_MSK))); -#else - return (int)lx; -#endif -} - -void zero(flash x) -{ /* set big/flash number to zero */ - int i,n; - mr_small *g; - if (x==NULL) return; -#ifdef MR_FLASH - n=mr_lent(x); -#else - n=(x->len&MR_OBITS); -#endif - g=x->w; - - for (i=0;ilen=0; -} - -void uconvert(_MIPD_ unsigned int n ,big x) -{ /* convert unsigned integer n to big number format */ - int m; -#ifdef MR_FP - mr_small dres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - zero(x); - if (n==0) return; - - m=0; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH -#if MR_IBITS > MIRACL - while (n>0) - { - x->w[m++]=(mr_small)(n%((mr_small)1<<(MIRACL))); - n/=((mr_small)1<<(MIRACL)); - } -#else - x->w[m++]=(mr_small)n; -#endif -#endif -#ifndef MR_SIMPLE_BASE - } - else while (n>0) - { - x->w[m++]=MR_REMAIN((mr_small)n,mr_mip->base); - n=(unsigned int)((mr_small)n/mr_mip->base); - } -#endif - x->len=m; -} - -void tconvert(_MIPD_ mr_utype n,big x) -{ - mr_lentype s; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (n==0) {zero(x); return;} - s=0; - if (n<0) - { - s=MR_MSBIT; - n=(-n); - } - x->w[0]=n; - x->len=1; - x->len|=s; -} - -void convert(_MIPD_ int n ,big x) -{ /* convert signed integer n to big number format */ - mr_lentype s; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (n==0) {zero(x); return;} - s=0; - if (n<0) - { - s=MR_MSBIT; - n=(-n); - } - uconvert(_MIPP_ (unsigned int)n,x); - x->len|=s; -} - -#ifndef MR_STATIC -#ifdef mr_dltype - -void dlconv(_MIPD_ mr_dltype n,big x) -{ /* convert double length integer to big number format - rarely needed */ - int m; - mr_lentype s; -#ifdef MR_FP - mr_small dres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - zero(x); - if (n==0) return; - s=0; - if (n<0) - { - s=MR_MSBIT; - n=(-n); - } - m=0; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH - while (n>0) - { - x->w[m++]=(mr_small)(n%((mr_dltype)1<<(MIRACL))); - n/=((mr_dltype)1<<(MIRACL)); - } -#endif -#ifndef MR_SIMPLE_BASE - } - else while (n>0) - { - x->w[m++]=(mr_small)MR_REMAIN(n,mr_mip->base); - n/=mr_mip->base; - } -#endif - x->len=(m|s); -} - -#endif - -void ulgconv(_MIPD_ unsigned long n,big x) -{ /* convert unsigned long integer to big number format - rarely needed */ - int m; -#ifdef MR_FP - mr_small dres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - zero(x); - if (n==0) return; - - m=0; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH -#if MR_LBITS > MIRACL - while (n>0) - { - x->w[m++]=(mr_small)(n%(1L<<(MIRACL))); - n/=(1L<<(MIRACL)); - } -#else - x->w[m++]=(mr_small)n; -#endif -#endif -#ifndef MR_SIMPLE_BASE - } - else while (n>0) - { - x->w[m++]=MR_REMAIN(n,mr_mip->base); - n=(unsigned long)((mr_small)n/mr_mip->base); - } -#endif - x->len=m; -} - -void lgconv(_MIPD_ long n,big x) -{ /* convert signed long integer to big number format - rarely needed */ - mr_lentype s; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (n==0) {zero(x); return;} - s=0; - if (n<0) - { - s=MR_MSBIT; - n=(-n); - } - ulgconv(_MIPP_ (unsigned long)n,x); - - x->len|=s; -} - -flash mirvar(_MIPD_ int iv) -{ /* initialize big/flash number */ - flash x; - int align; - char *ptr; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (mr_mip->ERNUM) return NULL; - MR_IN(23); - - if (!(mr_mip->active)) - { - mr_berror(_MIPP_ MR_ERR_NO_MIRSYS); - MR_OUT - return NULL; - } - -/* OK, now I control alignment.... */ - -/* Allocate space for big, the length, the pointer, and the array */ -/* Do it all in one memory allocation - this is quicker */ -/* Ensure that the array has correct alignment */ - - x=(big)mr_alloc(_MIPP_ mr_size(mr_mip->nib-1),1); - if (x==NULL) - { - MR_OUT - return x; - } - - ptr=(char *)&x->w; - align=(unsigned long)(ptr+sizeof(mr_small *))%sizeof(mr_small); - - x->w=(mr_small *)(ptr+sizeof(mr_small *)+sizeof(mr_small)-align); - - if (iv!=0) convert(_MIPP_ iv,x); - MR_OUT - return x; -} - -#endif - -flash mirvar_mem_variable(char *mem,int index,int sz) -{ - flash x; - int align; - char *ptr; - int offset,r; - -/* alignment */ - offset=0; - r=(unsigned long)mem%MR_SL; - if (r>0) offset=MR_SL-r; - - x=(big)&mem[offset+mr_size(sz)*index]; - ptr=(char *)&x->w; - align=(unsigned long)(ptr+sizeof(mr_small *))%sizeof(mr_small); - x->w=(mr_small *)(ptr+sizeof(mr_small *)+sizeof(mr_small)-align); - - return x; -} - -flash mirvar_mem(_MIPD_ char *mem,int index) -{ /* initialize big/flash number from pre-allocated memory */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (mr_mip->ERNUM) return NULL; - - return mirvar_mem_variable(mem,index,mr_mip->nib-1); - -} - -void set_user_function(_MIPD_ BOOL (*user)(void)) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(111) - - if (!(mr_mip->active)) - { - mr_berror(_MIPP_ MR_ERR_NO_MIRSYS); - MR_OUT - return; - } - - mr_mip->user=user; - - MR_OUT -} - -#ifndef MR_STATIC - -#ifndef MR_SIMPLE_IO - -void set_io_buffer_size(_MIPD_ int len) -{ - int i; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (len<0) return; - MR_IN(142) - for (i=0;iIOBSIZ;i++) mr_mip->IOBUFF[i]=0; - mr_free(mr_mip->IOBUFF); - if (len==0) - { - MR_OUT - return; - } - mr_mip->IOBSIZ=len; - mr_mip->IOBUFF=(char *)mr_alloc(_MIPP_ len+1,1); - mr_mip->IOBUFF[0]='\0'; - MR_OUT -} -#endif - -#endif - -/* Initialise a big from ROM given its fixed length */ - -BOOL init_big_from_rom(big x,int len,const mr_small *rom,int romsize,int *romptr) -{ - int i; - zero(x); - x->len=len; - for (i=0;i=romsize) return FALSE; -#ifdef MR_AVR - x->w[i]=pgm_read_byte_near(&rom[*romptr]); -#else - x->w[i]=rom[*romptr]; -#endif - (*romptr)++; - } - - mr_lzero(x); - return TRUE; -} - -/* Initialise an elliptic curve point from ROM */ - -BOOL init_point_from_rom(epoint *P,int len,const mr_small *rom,int romsize,int *romptr) -{ - if (!init_big_from_rom(P->X,len,rom,romsize,romptr)) return FALSE; - if (!init_big_from_rom(P->Y,len,rom,romsize,romptr)) return FALSE; - P->marker=MR_EPOINT_NORMALIZED; - return TRUE; -} - -#ifdef MR_GENERIC_AND_STATIC -miracl *mirsys(miracl *mr_mip,int nd,mr_small nb) -#else -miracl *mirsys(int nd,mr_small nb) -#endif -{ /* Initialize MIRACL system to * - * use numbers to base nb, and * - * nd digits or (-nd) bytes long */ - -/* In these cases mr_mip is passed as the first parameter */ - -#ifdef MR_GENERIC_AND_STATIC - return mirsys_basic(mr_mip,nd,nb); -#endif - -#ifdef MR_GENERIC_MT -#ifndef MR_STATIC - miracl *mr_mip=mr_first_alloc(); - return mirsys_basic(mr_mip,nd,nb); -#endif -#endif -/* In these cases mr_mip is a "global" pointer and the mip itself is allocated from the heap. - In fact mr_mip (and mip) may be thread specific if some multi-threading scheme is implemented */ -#ifndef MR_STATIC - #ifdef MR_WINDOWS_MT - miracl *mr_mip=mr_first_alloc(); - TlsSetValue(mr_key,mr_mip); - #endif - - #ifdef MR_UNIX_MT - miracl *mr_mip=mr_first_alloc(); - pthread_setspecific(mr_key,mr_mip); - #endif - - #ifdef MR_OPENMP_MT - mr_mip=mr_first_alloc(); - #endif - - #ifndef MR_WINDOWS_MT - #ifndef MR_UNIX_MT - #ifndef MR_OPENMP_MT - mr_mip=mr_first_alloc(); - #endif - #endif - #endif -#endif - -#ifndef MR_GENERIC_MT - mr_mip=get_mip(); -#endif - return mirsys_basic(mr_mip,nd,nb); -} - -miracl *mirsys_basic(miracl *mr_mip,int nd,mr_small nb) -{ -#ifndef MR_NO_RAND - int i; -#endif - - mr_small b,nw; -#ifdef MR_FP - mr_small dres; -#endif - - if (mr_mip==NULL) return NULL; - -#ifndef MR_STRIPPED_DOWN - mr_mip->depth=0; - mr_mip->trace[0]=0; - mr_mip->depth++; - mr_mip->trace[mr_mip->depth]=29; -#endif - /* digest hardware configuration */ - -#ifdef MR_NO_STANDARD_IO - mr_mip->ERCON=TRUE; -#else - mr_mip->ERCON=FALSE; -#endif -#ifndef MR_STATIC - mr_mip->logN=0; - mr_mip->degree=0; - mr_mip->chin.NP=0; -#endif - - - mr_mip->user=NULL; - mr_mip->same=FALSE; - mr_mip->first_one=FALSE; - mr_mip->debug=FALSE; - mr_mip->AA=0; -#ifndef MR_AFFINE_ONLY - mr_mip->coord=MR_NOTSET; -#endif - -#ifdef MR_NOFULLWIDTH - if (nb==0) - { - mr_berror(_MIPP_ MR_ERR_BAD_BASE); - MR_OUT - return mr_mip; - } -#endif - -#ifndef MR_FP -#ifdef mr_dltype -#ifndef MR_NOFULLWIDTH - if (sizeof(mr_dltype)<2*sizeof(mr_utype)) - { /* double length type, isn't */ - mr_berror(_MIPP_ MR_ERR_NOT_DOUBLE_LEN); - MR_OUT - return mr_mip; - } -#endif -#endif -#endif - - if (nb==1 || nb>MAXBASE) - { - mr_berror(_MIPP_ MR_ERR_BAD_BASE); - MR_OUT - return mr_mip; - } - -#ifdef MR_FP_ROUNDING - if (mr_setbase(_MIPP_ nb)==0) - { /* unable in fact to control FP rounding */ - mr_berror(_MIPP_ MR_ERR_NO_ROUNDING); - MR_OUT - return mr_mip; - } -#else - mr_setbase(_MIPP_ nb); -#endif - - b=mr_mip->base; - -#ifdef MR_SIMPLE_BASE - if (b!=0) - { - mr_berror(_MIPP_ MR_ERR_BAD_BASE); - MR_OUT - return mr_mip; - } -#endif - - mr_mip->lg2b=0; - mr_mip->base2=1; -#ifndef MR_SIMPLE_BASE - if (b==0) - { -#endif - mr_mip->lg2b=MIRACL; - mr_mip->base2=0; -#ifndef MR_SIMPLE_BASE - } - else while (b>1) - { - b=MR_DIV(b,2); - mr_mip->lg2b++; - mr_mip->base2*=2; - } -#endif - -#ifdef MR_ALWAYS_BINARY - if (mr_mip->base!=mr_mip->base2) - { - mr_berror(_MIPP_ MR_ERR_NOT_BINARY); - MR_OUT - return mr_mip; - } -#endif - -/* calculate total space for bigs */ -/* - - big -> |int len|small *ptr| alignment space | size in words +1| alignment up to multiple of 4 | - - -*/ - if (nd>0) nw=MR_ROUNDUP(nd,mr_mip->pack); - else nw=MR_ROUNDUP(8*(-nd),mr_mip->lg2b); - - if (nw<1) nw=1; - mr_mip->nib=(int)(nw+1); /* add one extra word for small overflows */ - -#ifdef MR_STATIC - if (nw>MR_STATIC) - { - mr_berror(_MIPP_ MR_ERR_TOO_BIG); - MR_OUT - return mr_mip; - } -#endif - - /* mr_mip->nib=(int)(nw+1); add one extra word for small overflows */ - -#ifdef MR_FLASH - mr_mip->workprec=mr_mip->nib; - mr_mip->stprec=mr_mip->nib; - while (mr_mip->stprec>2 && mr_mip->stprec>MR_FLASH/mr_mip->lg2b) - mr_mip->stprec=(mr_mip->stprec+1)/2; - if (mr_mip->stprec<2) mr_mip->stprec=2; - -#endif - -#ifndef MR_DOUBLE_BIG - mr_mip->check=ON; -#else - mr_mip->check=OFF; -#endif - -#ifndef MR_SIMPLE_BASE -#ifndef MR_SIMPLE_IO - mr_mip->IOBASE=10; /* defaults */ -#endif -#endif - mr_mip->ERNUM=0; - - mr_mip->NTRY=6; - mr_mip->MONTY=ON; -#ifdef MR_FLASH - mr_mip->EXACT=TRUE; - mr_mip->RPOINT=OFF; -#endif -#ifndef MR_STRIPPED_DOWN - mr_mip->TRACER=OFF; -#endif - -#ifndef MR_SIMPLE_IO - mr_mip->INPLEN=0; - mr_mip->IOBSIZ=MR_DEFAULT_BUFFER_SIZE; -#endif - -#ifdef MR_STATIC - mr_mip->PRIMES=mr_small_primes; -#else - mr_mip->PRIMES=NULL; -#ifndef MR_SIMPLE_IO - mr_mip->IOBUFF=(char *)mr_alloc(_MIPP_ MR_DEFAULT_BUFFER_SIZE+1,1); -#endif -#endif -#ifndef MR_SIMPLE_IO - mr_mip->IOBUFF[0]='\0'; -#endif - mr_mip->qnr=0; - mr_mip->cnr=0; - mr_mip->TWIST=0; - mr_mip->pmod8=0; - mr_mip->pmod9=0; - -/* quick start for rng. irand(.) should be called first before serious use.. */ - -#ifndef MR_NO_RAND - mr_mip->ira[0]=0x55555555; - mr_mip->ira[1]=0x12345678; - - for (i=2;iira[i]=mr_mip->ira[i-1]+mr_mip->ira[i-2]+0x1379BDF1; - mr_mip->rndptr=NK; - mr_mip->borrow=0; -#endif - - mr_mip->nib=2*mr_mip->nib+1; -#ifdef MR_FLASH - if (mr_mip->nib!=(mr_mip->nib&(MR_MSK))) -#else - if (mr_mip->nib!=(int)(mr_mip->nib&(MR_OBITS))) -#endif - { - mr_berror(_MIPP_ MR_ERR_TOO_BIG); - mr_mip->nib=(mr_mip->nib-1)/2; - MR_OUT - return mr_mip; - } -#ifndef MR_STATIC - mr_mip->workspace=(char *)memalloc(_MIPP_ MR_SPACES); /* grab workspace */ -#else - memset(mr_mip->workspace,0,MR_BIG_RESERVE(MR_SPACES)); -#endif - - mr_mip->M=0; - mr_mip->fin=FALSE; - mr_mip->fout=FALSE; - mr_mip->active=ON; - - mr_mip->nib=(mr_mip->nib-1)/2; - -/* allocate memory for workspace variables */ - -#ifndef MR_DOUBLE_BIG - - mr_mip->w0=mirvar_mem(_MIPP_ mr_mip->workspace,0); /* double length */ - mr_mip->w1=mirvar_mem(_MIPP_ mr_mip->workspace,2); - mr_mip->w2=mirvar_mem(_MIPP_ mr_mip->workspace,3); - mr_mip->w3=mirvar_mem(_MIPP_ mr_mip->workspace,4); - mr_mip->w4=mirvar_mem(_MIPP_ mr_mip->workspace,5); - mr_mip->w5=mirvar_mem(_MIPP_ mr_mip->workspace,6); /* double length */ - mr_mip->w6=mirvar_mem(_MIPP_ mr_mip->workspace,8); /* double length */ - mr_mip->w7=mirvar_mem(_MIPP_ mr_mip->workspace,10); /* double length */ - mr_mip->w8=mirvar_mem(_MIPP_ mr_mip->workspace,12); - mr_mip->w9=mirvar_mem(_MIPP_ mr_mip->workspace,13); - mr_mip->w10=mirvar_mem(_MIPP_ mr_mip->workspace,14); - mr_mip->w11=mirvar_mem(_MIPP_ mr_mip->workspace,15); - mr_mip->w12=mirvar_mem(_MIPP_ mr_mip->workspace,16); - mr_mip->w13=mirvar_mem(_MIPP_ mr_mip->workspace,17); - mr_mip->w14=mirvar_mem(_MIPP_ mr_mip->workspace,18); - mr_mip->w15=mirvar_mem(_MIPP_ mr_mip->workspace,19); - mr_mip->sru=mirvar_mem(_MIPP_ mr_mip->workspace,20); - mr_mip->modulus=mirvar_mem(_MIPP_ mr_mip->workspace,21); - mr_mip->pR=mirvar_mem(_MIPP_ mr_mip->workspace,22); /* double length */ - mr_mip->A=mirvar_mem(_MIPP_ mr_mip->workspace,24); - mr_mip->B=mirvar_mem(_MIPP_ mr_mip->workspace,25); - mr_mip->one=mirvar_mem(_MIPP_ mr_mip->workspace,26); -#ifdef MR_KCM - mr_mip->big_ndash=mirvar_mem(_MIPP_ mr_mip->workspace,27); - mr_mip->ws=mirvar_mem(_MIPP_ mr_mip->workspace,28); - mr_mip->wt=mirvar_mem(_MIPP_ mr_mip->workspace,29); /* double length */ -#endif -#ifdef MR_FLASH -#ifdef MR_KCM - mr_mip->pi=mirvar_mem(_MIPP_ mr_mip->workspace,31); -#else - mr_mip->pi=mirvar_mem(_MIPP_ mr_mip->workspace,27); -#endif -#endif - -#else -/* w0-w7 are double normal length */ - mr_mip->w0=mirvar_mem(_MIPP_ mr_mip->workspace,0); /* quad length */ - mr_mip->w1=mirvar_mem(_MIPP_ mr_mip->workspace,4); /* double length */ - mr_mip->w2=mirvar_mem(_MIPP_ mr_mip->workspace,6); - mr_mip->w3=mirvar_mem(_MIPP_ mr_mip->workspace,8); - mr_mip->w4=mirvar_mem(_MIPP_ mr_mip->workspace,10); - mr_mip->w5=mirvar_mem(_MIPP_ mr_mip->workspace,12); /* quad length */ - mr_mip->w6=mirvar_mem(_MIPP_ mr_mip->workspace,16); /* quad length */ - mr_mip->w7=mirvar_mem(_MIPP_ mr_mip->workspace,20); /* quad length */ - mr_mip->w8=mirvar_mem(_MIPP_ mr_mip->workspace,24); - - mr_mip->w9=mirvar_mem(_MIPP_ mr_mip->workspace,25); - mr_mip->w10=mirvar_mem(_MIPP_ mr_mip->workspace,26); - mr_mip->w11=mirvar_mem(_MIPP_ mr_mip->workspace,27); - mr_mip->w12=mirvar_mem(_MIPP_ mr_mip->workspace,28); - mr_mip->w13=mirvar_mem(_MIPP_ mr_mip->workspace,29); - mr_mip->w14=mirvar_mem(_MIPP_ mr_mip->workspace,30); - mr_mip->w15=mirvar_mem(_MIPP_ mr_mip->workspace,31); - mr_mip->sru=mirvar_mem(_MIPP_ mr_mip->workspace,32); - mr_mip->modulus=mirvar_mem(_MIPP_ mr_mip->workspace,33); - mr_mip->pR=mirvar_mem(_MIPP_ mr_mip->workspace,34); /* double length */ - mr_mip->A=mirvar_mem(_MIPP_ mr_mip->workspace,36); - mr_mip->B=mirvar_mem(_MIPP_ mr_mip->workspace,37); - mr_mip->one=mirvar_mem(_MIPP_ mr_mip->workspace,38); -#ifdef MR_KCM - mr_mip->big_ndash=mirvar_mem(_MIPP_ mr_mip->workspace,39); - mr_mip->ws=mirvar_mem(_MIPP_ mr_mip->workspace,40); - mr_mip->wt=mirvar_mem(_MIPP_ mr_mip->workspace,41); /* double length */ -#endif -#ifdef MR_FLASH -#ifdef MR_KCM - mr_mip->pi=mirvar_mem(_MIPP_ mr_mip->workspace,43); -#else - mr_mip->pi=mirvar_mem(_MIPP_ mr_mip->workspace,39); -#endif -#endif - -#endif - MR_OUT - return mr_mip; -} - -#ifndef MR_STATIC - -/* allocate space for a number of bigs from the heap */ - -void *memalloc(_MIPD_ int num) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - return mr_alloc(_MIPP_ mr_big_reserve(num,mr_mip->nib-1),1); -} - -#endif - -void memkill(_MIPD_ char *mem,int len) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mem==NULL) return; - memset(mem,0,mr_big_reserve(len,mr_mip->nib-1)); -#ifndef MR_STATIC - mr_free(mem); -#endif -} - -#ifndef MR_STATIC - -void mirkill(big x) -{ /* kill a big/flash variable, that is set it to zero - and free its memory */ - if (x==NULL) return; - zero(x); - mr_free(x); -} - -#endif - -void mirexit(_MIPDO_ ) -{ /* clean up after miracl */ - - int i; -#ifdef MR_WINDOWS_MT - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_UNIX_MT - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_OPENMP_MT - miracl *mr_mip=get_mip(); -#endif - mr_mip->ERCON=FALSE; - mr_mip->active=OFF; - memkill(_MIPP_ mr_mip->workspace,MR_SPACES); -#ifndef MR_NO_RAND - for (i=0;iira[i]=0L; -#endif -#ifndef MR_STATIC -#ifndef MR_SIMPLE_IO - set_io_buffer_size(_MIPP_ 0); -#endif - if (mr_mip->PRIMES!=NULL) mr_free(mr_mip->PRIMES); -#else -#ifndef MR_SIMPLE_IO - for (i=0;i<=MR_DEFAULT_BUFFER_SIZE;i++) - mr_mip->IOBUFF[i]=0; -#endif -#endif - -#ifndef MR_STATIC - mr_free(mr_mip); -#ifdef MR_WINDOWS_MT - TlsSetValue(mr_key, NULL); /* Thank you Thales */ -#endif -#endif - -#ifndef MR_GENERIC_MT -#ifndef MR_WINDOWS_MT -#ifndef MR_UNIX_MT -#ifndef MR_STATIC - mr_mip=NULL; -#endif -#endif -#endif -#endif - -#ifdef MR_OPENMP_MT - mr_mip=NULL; -#endif - -} - -int exsign(flash x) -{ /* extract sign of big/flash number */ - if ((x->len&(MR_MSBIT))==0) return PLUS; - else return MINUS; -} - -void insign(int s,flash x) -{ /* assert sign of big/flash number */ - if (x->len==0) return; - if (s<0) x->len|=MR_MSBIT; - else x->len&=MR_OBITS; -} - -void mr_lzero(big x) -{ /* strip leading zeros from big number */ - mr_lentype s; - int m; - s=(x->len&(MR_MSBIT)); - m=(int)(x->len&(MR_OBITS)); - while (m>0 && x->w[m-1]==0) - m--; - x->len=m; - if (m>0) x->len|=s; -} - -#ifndef MR_SIMPLE_IO - -int getdig(_MIPD_ big x,int i) -{ /* extract a packed digit */ - int k; - mr_small n; -#ifdef MR_FP - mr_small dres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - i--; - n=x->w[i/mr_mip->pack]; - - if (mr_mip->pack==1) return (int)n; - k=i%mr_mip->pack; - for (i=1;i<=k;i++) - n=MR_DIV(n,mr_mip->apbase); - return (int)MR_REMAIN(n,mr_mip->apbase); -} - -int numdig(_MIPD_ big x) -{ /* returns number of digits in x */ - int nd; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (x->len==0) return 0; - - nd=(int)(x->len&(MR_OBITS))*mr_mip->pack; - while (getdig(_MIPP_ x,nd)==0) - nd--; - return nd; -} - -void putdig(_MIPD_ int n,big x,int i) -{ /* insert a digit into a packed word */ - int j,k,lx; - mr_small m,p; - mr_lentype s; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(26) - - s=(x->len&(MR_MSBIT)); - lx=(int)(x->len&(MR_OBITS)); - m=getdig(_MIPP_ x,i); - p=n; - i--; - j=i/mr_mip->pack; - k=i%mr_mip->pack; - for (i=1;i<=k;i++) - { - m*=mr_mip->apbase; - p*=mr_mip->apbase; - } - if (j>=mr_mip->nib && (mr_mip->check || j>=2*mr_mip->nib)) - { - mr_berror(_MIPP_ MR_ERR_OVERFLOW); - MR_OUT - return; - } - - x->w[j]=(x->w[j]-m)+p; - if (j>=lx) x->len=((j+1)|s); - mr_lzero(x); - MR_OUT -} - -#endif - -#ifndef MR_FP - -void mr_and(big x,big y,big z) -{ /* z= bitwise logical AND of x and y */ - int i,nx,ny,nz,nr; - if (x==y) - { - copy(x,z); - return; - } - -#ifdef MR_FLASH - nx=mr_lent(x); - ny=mr_lent(y); - nz=mr_lent(z); -#else - ny=(y->len&(MR_OBITS)); - nx=(x->len&(MR_OBITS)); - nz=(z->len&(MR_OBITS)); -#endif - if (nyw[i]=x->w[i]&y->w[i]; - for (i=nr;iw[i]=0; - z->len=nr; -} - -void mr_xor(big x,big y,big z) -{ - int i,nx,ny,nz,nr; - if (x==y) - { - copy(x,z); - return; - } - -#ifdef MR_FLASH - nx=mr_lent(x); - ny=mr_lent(y); - nz=mr_lent(z); -#else - ny=(y->len&(MR_OBITS)); - nx=(x->len&(MR_OBITS)); - nz=(z->len&(MR_OBITS)); -#endif - if (nyw[i]=x->w[i]^y->w[i]; - for (i=nr;iw[i]=0; - z->len=nr; -} - -#endif - -void copy(flash x,flash y) -{ /* copy x to y: y=x */ - int i,nx,ny; - mr_small *gx,*gy; - if (x==y || y==NULL) return; - - if (x==NULL) - { - zero(y); - return; - } - -#ifdef MR_FLASH - ny=mr_lent(y); - nx=mr_lent(x); -#else - ny=(y->len&(MR_OBITS)); - nx=(x->len&(MR_OBITS)); -#endif - - gx=x->w; - gy=y->w; - - for (i=nx;ilen=x->len; - -} - -void negify(flash x,flash y) -{ /* negate a big/flash variable: y=-x */ - copy(x,y); - if (y->len!=0) y->len^=MR_MSBIT; -} - -void absol(flash x,flash y) -{ /* y=abs(x) */ - copy(x,y); - y->len&=MR_OBITS; -} - -BOOL mr_notint(flash x) -{ /* returns TRUE if x is Flash */ -#ifdef MR_FLASH - if ((((x->len&(MR_OBITS))>>(MR_BTS))&(MR_MSK))!=0) return TRUE; -#endif - return FALSE; -} - -void mr_shift(_MIPD_ big x,int n,big w) -{ /* set w=x.(mr_base^n) by shifting */ - mr_lentype s; - int i,bl; - mr_small *gw=w->w; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - copy(x,w); - if (w->len==0 || n==0) return; - MR_IN(33) - - if (mr_notint(w)) mr_berror(_MIPP_ MR_ERR_INT_OP); - s=(w->len&(MR_MSBIT)); - bl=(int)(w->len&(MR_OBITS))+n; - if (bl<=0) - { - zero(w); - MR_OUT - return; - } - if (bl>mr_mip->nib && mr_mip->check) mr_berror(_MIPP_ MR_ERR_OVERFLOW); - if (mr_mip->ERNUM) - { - MR_OUT - return; - } - if (n>0) - { - for (i=bl-1;i>=n;i--) - gw[i]=gw[i-n]; - for (i=0;ilen=(bl|s); - MR_OUT -} - -int size(big x) -{ /* get size of big number; convert to * - * integer - if possible */ - int n,m; - mr_lentype s; - if (x==NULL) return 0; - s=(x->len&MR_MSBIT); - m=(int)(x->len&MR_OBITS); - if (m==0) return 0; - if (m==1 && x->w[0]<(mr_small)MR_TOOBIG) n=(int)x->w[0]; - else n=MR_TOOBIG; - if (s==MR_MSBIT) return (-n); - return n; -} - -int mr_compare(big x,big y) -{ /* compare x and y: =1 if x>y =-1 if xlen&MR_MSBIT); - sy=(y->len&MR_MSBIT); - if (sx==0) sig=PLUS; - else sig=MINUS; - if (sx!=sy) return sig; - m=(int)(x->len&MR_OBITS); - n=(int)(y->len&MR_OBITS); - if (m>n) return sig; - if (m0) - { /* check digit by digit */ - m--; - if (x->w[m]>y->w[m]) return sig; - if (x->w[m]w[m]) return -sig; - } - return 0; -} - -#ifdef MR_FLASH - -void fpack(_MIPD_ big n,big d,flash x) -{ /* create floating-slash number x=n/d from * - * big integer numerator and denominator */ - mr_lentype s; - int i,ld,ln; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(31) - - ld=(int)(d->len&MR_OBITS); - if (ld==0) mr_berror(_MIPP_ MR_ERR_FLASH_OVERFLOW); - if (ld==1 && d->w[0]==1) ld=0; - if (x==d) mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS); - if (mr_notint(n) || mr_notint(d)) mr_berror(_MIPP_ MR_ERR_INT_OP); - s=(n->len&MR_MSBIT); - ln=(int)(n->len&MR_OBITS); - if (ln==1 && n->w[0]==1) ln=0; - if ((ld+ln>mr_mip->nib) && (mr_mip->check || ld+ln>2*mr_mip->nib)) - mr_berror(_MIPP_ MR_ERR_FLASH_OVERFLOW); - if (mr_mip->ERNUM) - { - MR_OUT - return; - } - copy(n,x); - if (n->len==0) - { - MR_OUT - return; - } - s^=(d->len&MR_MSBIT); - if (ld==0) - { - if (x->len!=0) x->len|=s; - MR_OUT - return; - } - for (i=0;iw[ln+i]=d->w[i]; - x->len=(s|(ln+((mr_lentype)ld<ERNUM) return; - if (mr_notint(x)) - { - s=(x->len&MR_MSBIT); - ly=(x->len&MR_OBITS); - ln=(int)(ly&MR_MSK); - if (ln==0) - { - if(s==MR_MSBIT) convert(_MIPP_ (-1),y); - else convert(_MIPP_ 1,y); - return; - } - ld=(int)((ly>>MR_BTS)&MR_MSK); - if (x!=y) - { - for (i=0;iw[i]=x->w[i]; - for (i=ln;iw[i]=0; - } - else for (i=0;iw[ln+i]=0; - y->len=(ln|s); - } - else copy(x,y); -} - -void denom(_MIPD_ flash x,big y) -{ /* extract denominator of x */ - int i,ln,ld; - mr_lentype ly; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - if (!mr_notint(x)) - { - convert(_MIPP_ 1,y); - return; - } - ly=(x->len&MR_OBITS); - ln=(int)(ly&MR_MSK); - ld=(int)((ly>>MR_BTS)&MR_MSK); - for (i=0;iw[i]=x->w[ln+i]; - if (x==y) for (i=0;iw[ld+i]=0; - else for (i=ld;iw[i]=0; - y->len=ld; -} - -#endif - -unsigned int igcd(unsigned int x,unsigned int y) -{ /* integer GCD, returns GCD of x and y */ - unsigned int r; - if (y==0) return x; - while ((r=x%y)!=0) - x=y,y=r; - return y; -} - -unsigned long lgcd(unsigned long x,unsigned long y) -{ /* long GCD, returns GCD of x and y */ - unsigned long r; - if (y==0) return x; - while ((r=x%y)!=0) - x=y,y=r; - return y; -} - -unsigned int isqrt(unsigned int num,unsigned int guess) -{ /* square root of an integer */ - unsigned int sqr; - unsigned int oldguess=guess; - if (num==0) return 0; - if (num<4) return 1; - - for (;;) - { /* Newtons iteration */ - /* sqr=guess+(((num/guess)-guess)/2); */ - sqr=((num/guess)+guess)/2; - if (sqr==guess || sqr==oldguess) - { - if (sqr*sqr>num) sqr--; - return sqr; - } - oldguess=guess; - guess=sqr; - } -} - -unsigned long mr_lsqrt(unsigned long num,unsigned long guess) -{ /* square root of a long */ - unsigned long sqr; - unsigned long oldguess=guess; - if (num==0) return 0; - if (num<4) return 1; - - for (;;) - { /* Newtons iteration */ - /* sqr=guess+(((num/guess)-guess)/2); */ - sqr=((num/guess)+guess)/2; - if (sqr==guess || sqr==oldguess) - { - if (sqr*sqr>num) sqr--; - return sqr; - } - oldguess=guess; - guess=sqr; - } -} - -mr_small sgcd(mr_small x,mr_small y) -{ /* integer GCD, returns GCD of x and y */ - mr_small r; -#ifdef MR_FP - mr_small dres; -#endif - if (y==(mr_small)0) return x; - while ((r=MR_REMAIN(x,y))!=(mr_small)0) - x=y,y=r; - return y; -} - -/* routines to support sliding-windows exponentiation * - * in various contexts */ - -int mr_testbit(_MIPD_ big x,int n) -{ /* return value of n-th bit of big */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_FP - mr_small m,a,dres; - m=mr_shiftbits((mr_small)1,n%mr_mip->lg2b); - - a=x->w[n/mr_mip->lg2b]; - - a=MR_DIV(a,m); - - if ((MR_DIV(a,2.0)*2.0) != a) return 1; -#else - if ((x->w[n/mr_mip->lg2b] & ((mr_small)1<<(n%mr_mip->lg2b))) >0) return 1; -#endif - return 0; -} - -void mr_addbit(_MIPD_ big x,int n) -{ /* add 2^n to positive x - where you know that bit is zero. Use with care! */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - mr_lentype m=n/mr_mip->lg2b; - x->w[m]+=mr_shiftbits((mr_small)1,n%mr_mip->lg2b); - if (x->lenlen=m+1; -} - -int recode(_MIPD_ big e,int t,int w,int i) -{ /* recode exponent for Comb method */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - int j,r; - r=0; - for (j=w-1;j>=0;j--) - { - r<<=1; - r|=mr_testbit(_MIPP_ e,i+j*t); - } - return r; -} - -int mr_window(_MIPD_ big x,int i,int *nbs,int * nzs,int window_size) -{ /* returns sliding window value, max. of 5 bits, * - * (Note from version 5.23 this can be changed by * - * setting parameter window_size. This can be * - * a useful space-saver) starting at i-th bit of big x. * - * nbs is number of bits processed, nzs is the number of * - * additional trailing zeros detected. Returns valid bit * - * pattern 1x..x1 with no two adjacent 0's. So 10101 * - * will return 21 with nbs=5, nzs=0. 11001 will return 3,* - * with nbs=2, nzs=2, having stopped after the first 11..*/ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - int j,r,w; - w=window_size; - -/* check for leading 0 bit */ - - *nbs=1; - *nzs=0; - if (!mr_testbit(_MIPP_ x,i)) return 0; - -/* adjust window size if not enough bits left */ - - if (i-w+1<0) w=i+1; - - r=1; - for (j=i-1;j>i-w;j--) - { /* accumulate bits. Abort if two 0's in a row */ - (*nbs)++; - r*=2; - if (mr_testbit(_MIPP_ x,j)) r+=1; - if (r%4==0) - { /* oops - too many zeros - shorten window */ - r/=4; - *nbs-=2; - *nzs=2; - break; - } - } - if (r%2==0) - { /* remove trailing 0 */ - r/=2; - *nzs=1; - (*nbs)--; - } - return r; -} - -int mr_window2(_MIPD_ big x,big y,int i,int *nbs,int *nzs) -{ /* two bit window for double exponentiation */ - int r,w; - BOOL a,b,c,d; - w=2; - *nbs=1; - *nzs=0; - -/* check for two leading 0's */ - a=mr_testbit(_MIPP_ x,i); b=mr_testbit(_MIPP_ y,i); - - if (!a && !b) return 0; - if (i<1) w=1; - - if (a) - { - if (b) r=3; - else r=2; - } - else r=1; - if (w==1) return r; - - c=mr_testbit(_MIPP_ x,i-1); d=mr_testbit(_MIPP_ y,i-1); - - if (!c && !d) - { - *nzs=1; - return r; - } - - *nbs=2; - r*=4; - if (c) - { - if (d) r+=3; - else r+=2; - } - else r+=1; - return r; -} - -int mr_naf_window(_MIPD_ big x,big x3,int i,int *nbs,int *nzs,int store) -{ /* returns sliding window value, using fractional windows * - * where "store" precomputed values are precalulated and * - * stored. Scanning starts at the i-th bit of x. nbs is * - * the number of bits processed. nzs is number of * - * additional trailing zeros detected. x and x3 (which is * - * 3*x) are combined to produce the NAF (non-adjacent * - * form). So if x=11011(27) and x3 is 1010001, the LSB is * - * ignored and the value 100T0T (32-4-1=27) processed, * - * where T is -1. Note x.P = (3x-x)/2.P. This value will * - * return +7, with nbs=4 and nzs=1, having stopped after * - * the first 4 bits. If it goes too far, it must backtrack * - * Note in an NAF non-zero elements are never side by side, * - * so 10T10T won't happen. NOTE: return value n zero or * - * odd, -21 <= n <= +21 */ - - int nb,j,r,biggest; - - /* get first bit */ - nb=mr_testbit(_MIPP_ x3,i)-mr_testbit(_MIPP_ x,i); - - *nbs=1; - *nzs=0; - if (nb==0) return 0; - if (i==0) return nb; - - biggest=2*store-1; - - if (nb>0) r=1; - else r=(-1); - - for (j=i-1;j>0;j--) - { - (*nbs)++; - r*=2; - nb=mr_testbit(_MIPP_ x3,j)-mr_testbit(_MIPP_ x,j); - if (nb>0) r+=1; - if (nb<0) r-=1; - if (abs(r)>biggest) break; - } - - if (r%2!=0 && j!=0) - { /* backtrack */ - if (nb>0) r=(r-1)/2; - if (nb<0) r=(r+1)/2; - (*nbs)--; - } - - while (r%2==0) - { /* remove trailing zeros */ - r/=2; - (*nzs)++; - (*nbs)--; - } - return r; -} - -/* Some general purpose elliptic curve stuff */ - -BOOL point_at_infinity(epoint *p) -{ - if (p==NULL) return FALSE; - if (p->marker==MR_EPOINT_INFINITY) return TRUE; - return FALSE; -} - -#ifndef MR_STATIC - -epoint* epoint_init(_MIPDO_ ) -{ /* initialise epoint to general point at infinity. */ - epoint *p; - char *ptr; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return NULL; - - MR_IN(96) - -/* Create space for whole structure in one heap access */ - - p=(epoint *)mr_alloc(_MIPP_ mr_esize(mr_mip->nib-1),1); - - ptr=(char *)p+sizeof(epoint); - p->X=mirvar_mem(_MIPP_ ptr,0); - p->Y=mirvar_mem(_MIPP_ ptr,1); -#ifndef MR_AFFINE_ONLY - p->Z=mirvar_mem(_MIPP_ ptr,2); -#endif - p->marker=MR_EPOINT_INFINITY; - - MR_OUT - - return p; -} - -#endif - -epoint* epoint_init_mem_variable(_MIPD_ char *mem,int index,int sz) -{ - epoint *p; - char *ptr; - int offset,r; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - offset=0; - r=(unsigned long)mem%MR_SL; - if (r>0) offset=MR_SL-r; - -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - p=(epoint *)&mem[offset+index*mr_esize_a(sz)]; - else -#endif - p=(epoint *)&mem[offset+index*mr_esize(sz)]; - - ptr=(char *)p+sizeof(epoint); - p->X=mirvar_mem_variable(ptr,0,sz); - p->Y=mirvar_mem_variable(ptr,1,sz); -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord!=MR_AFFINE) p->Z=mirvar_mem_variable(ptr,2,sz); -#endif - p->marker=MR_EPOINT_INFINITY; - return p; -} - -epoint* epoint_init_mem(_MIPD_ char *mem,int index) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return NULL; - - return epoint_init_mem_variable(_MIPP_ mem,index,mr_mip->nib-1); -} - -#ifndef MR_STATIC - -/* allocate space for a number of epoints from the heap */ - -void *ecp_memalloc(_MIPD_ int num) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - return mr_alloc(_MIPP_ mr_ecp_reserve_a(num,mr_mip->nib-1),1); - else -#endif - return mr_alloc(_MIPP_ mr_ecp_reserve(num,mr_mip->nib-1),1); -} - -#endif - -void ecp_memkill(_MIPD_ char *mem,int num) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (mem==NULL) return; - -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - memset(mem,0,mr_ecp_reserve_a(num,mr_mip->nib-1)); - else -#endif - memset(mem,0,mr_ecp_reserve(num,mr_mip->nib-1)); - - -#ifndef MR_STATIC - mr_free(mem); -#endif -} - -#ifndef MR_STATIC - -void epoint_free(epoint *p) -{ /* clean up point */ - - if (p==NULL) return; - zero(p->X); - zero(p->Y); -#ifndef MR_AFFINE_ONLY - if (p->marker==MR_EPOINT_GENERAL) zero(p->Z); -#endif - mr_free(p); -} - -#endif diff --git a/crypto/sm2/miracl/mrcurve.c b/crypto/sm2/miracl/mrcurve.c deleted file mode 100644 index 8cfdeb4f..00000000 --- a/crypto/sm2/miracl/mrcurve.c +++ /dev/null @@ -1,2507 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL elliptic curve routines - * mrcurve.c - * - * Assumes Weierstrass equation y^2 = x^3 + Ax + B - * See IEEE P1363 Draft Standard - * - * (See below for Edwards coordinates implementation) - * - * Uses Montgomery's representation internally - * - * Works particularly well with fixed length Comba multiplier - * e.g. #define MR_COMBA 5 for 5x32 = 160 bit modulus - * on 32-bit computer - * - */ - -#include -#include -#ifdef MR_STATIC -#include -#endif - -#ifndef MR_EDWARDS - -static void epoint_getrhs(_MIPD_ big x,big y) -{ /* x and y must be different */ - - /* find x^3+Ax+B */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - nres_modmult(_MIPP_ x,x,y); - - nres_modmult(_MIPP_ y,x,y); - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) - nres_modmult(_MIPP_ x,mr_mip->A,mr_mip->w1); - else - nres_premult(_MIPP_ x,mr_mip->Asize,mr_mip->w1); - nres_modadd(_MIPP_ y,mr_mip->w1,y); - if (mr_abs(mr_mip->Bsize)==MR_TOOBIG) - nres_modadd(_MIPP_ y,mr_mip->B,y); - else - { - convert(_MIPP_ mr_mip->Bsize,mr_mip->w1); - nres(_MIPP_ mr_mip->w1,mr_mip->w1); - nres_modadd(_MIPP_ y,mr_mip->w1,y); - } -} - -#ifndef MR_NOSUPPORT_COMPRESSION - -BOOL epoint_x(_MIPD_ big x) -{ /* test if x is associated with a point on the * - * currently active curve */ - int j; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - MR_IN(147) - - if (x==NULL) return FALSE; - - nres(_MIPP_ x,mr_mip->w2); - epoint_getrhs(_MIPP_ mr_mip->w2,mr_mip->w3); - - if (size(mr_mip->w3)==0) - { - MR_OUT - return TRUE; - } - - redc(_MIPP_ mr_mip->w3,mr_mip->w4); - j=jack(_MIPP_ mr_mip->w4,mr_mip->modulus); - - MR_OUT - if (j==1) return TRUE; - return FALSE; -} - -#endif - -BOOL epoint_set(_MIPD_ big x,big y,int cb,epoint *p) -{ /* initialise a point on active ecurve * - * if x or y == NULL, set to point at infinity * - * if x==y, a y co-ordinate is calculated - if * - * possible - and cb suggests LSB 0/1 of y * - * (which "decompresses" y). Otherwise, check * - * validity of given (x,y) point, ignoring cb. * - * Returns TRUE for valid point, otherwise FALSE. */ - - BOOL valid; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - MR_IN(97) - - if (x==NULL || y==NULL) - { - copy(mr_mip->one,p->X); - copy(mr_mip->one,p->Y); - p->marker=MR_EPOINT_INFINITY; - MR_OUT - return TRUE; - } - -/* find x^3+Ax+B */ - - nres(_MIPP_ x,p->X); - - epoint_getrhs(_MIPP_ p->X,mr_mip->w3); - - valid=FALSE; - - if (x!=y) - { /* compare with y^2 */ - nres(_MIPP_ y,p->Y); - nres_modmult(_MIPP_ p->Y,p->Y,mr_mip->w1); - - if (mr_compare(mr_mip->w1,mr_mip->w3)==0) valid=TRUE; - } - else - { /* no y supplied - calculate one. Find square root */ -#ifndef MR_NOSUPPORT_COMPRESSION - - valid=nres_sqroot(_MIPP_ mr_mip->w3,p->Y); - /* check LSB - have we got the right root? */ - redc(_MIPP_ p->Y,mr_mip->w1); - if (remain(_MIPP_ mr_mip->w1,2)!=cb) - mr_psub(_MIPP_ mr_mip->modulus,p->Y,p->Y); - -#else - mr_berror(_MIPP_ MR_ERR_NOT_SUPPORTED); - MR_OUT - return FALSE; -#endif - } - if (valid) - { - p->marker=MR_EPOINT_NORMALIZED; - MR_OUT - return TRUE; - } - - MR_OUT - return FALSE; -} - -#ifndef MR_STATIC - -void epoint_getxyz(_MIPD_ epoint *p,big x,big y,big z) -{ /* get (x,y,z) coordinates */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - MR_IN(143) - convert(_MIPP_ 1,mr_mip->w1); - if (p->marker==MR_EPOINT_INFINITY) - { -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - { /* (0,1) or (0,0) = O */ -#endif - if (x!=NULL) zero(x); - if (mr_mip->Bsize==0) - { - if (y!=NULL) copy(mr_mip->w1,y); - } - else - { - if (y!=NULL) zero(y); - } -#ifndef MR_AFFINE_ONLY - } - if (mr_mip->coord==MR_PROJECTIVE) - { /* (1,1,0) = O */ - if (x!=NULL) copy(mr_mip->w1,x); - if (y!=NULL) copy(mr_mip->w1,y); - } -#endif - if (z!=NULL) zero(z); - MR_OUT - return; - } - if (x!=NULL) redc(_MIPP_ p->X,x); - if (y!=NULL) redc(_MIPP_ p->Y,y); -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - { -#endif - if (z!=NULL) zero(z); -#ifndef MR_AFFINE_ONLY - } - - if (mr_mip->coord==MR_PROJECTIVE) - { - if (z!=NULL) - { - if (p->marker!=MR_EPOINT_GENERAL) copy(mr_mip->w1,z); - else redc(_MIPP_ p->Z,z); - } - } -#endif - MR_OUT - return; -} - -#endif - -int epoint_get(_MIPD_ epoint* p,big x,big y) -{ /* Get point co-ordinates in affine, normal form * - * (converted from projective, Montgomery form) * - * if x==y, supplies x only. Return value is Least * - * Significant Bit of y (useful for point compression) */ - - int lsb; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (p->marker==MR_EPOINT_INFINITY) - { - zero(x); - zero(y); - return 0; - } - if (mr_mip->ERNUM) return 0; - - MR_IN(98) - - if (!epoint_norm(_MIPP_ p)) - { /* not possible ! */ - MR_OUT - return (-1); - } - - redc(_MIPP_ p->X,x); - redc(_MIPP_ p->Y,mr_mip->w1); - - if (x!=y) copy(mr_mip->w1,y); - lsb=remain(_MIPP_ mr_mip->w1,2); - MR_OUT - return lsb; -} - -BOOL epoint_norm(_MIPD_ epoint *p) -{ /* normalise a point */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - -#ifndef MR_AFFINE_ONLY - - if (mr_mip->coord==MR_AFFINE) return TRUE; - if (p->marker!=MR_EPOINT_GENERAL) return TRUE; - - if (mr_mip->ERNUM) return FALSE; - - MR_IN(117) - - copy(mr_mip->one,mr_mip->w8); - - if (nres_moddiv(_MIPP_ mr_mip->w8,p->Z,mr_mip->w8)>1) /* 1/Z */ - { - epoint_set(_MIPP_ NULL,NULL,0,p); - mr_berror(_MIPP_ MR_ERR_COMPOSITE_MODULUS); - MR_OUT - return FALSE; - } - - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w1);/* 1/ZZ */ - nres_modmult(_MIPP_ p->X,mr_mip->w1,p->X); /* X/ZZ */ - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w8,mr_mip->w1);/* 1/ZZZ */ - nres_modmult(_MIPP_ p->Y,mr_mip->w1,p->Y); /* Y/ZZZ */ - - copy(mr_mip->one,p->Z); - - p->marker=MR_EPOINT_NORMALIZED; - MR_OUT - -#endif - - return TRUE; -} - -BOOL epoint_multi_norm(_MIPD_ int m,big *work,epoint **p) -{ /* Normalise an array of points of length mcoord==MR_AFFINE) return TRUE; - if (mr_mip->ERNUM) return FALSE; - if (m>MR_MAX_M_T_S) return FALSE; - - MR_IN(190) - - for (i=0;imarker==MR_EPOINT_NORMALIZED) w[i]=mr_mip->one; - else w[i]=p[i]->Z; - if (p[i]->marker==MR_EPOINT_INFINITY) {inf=TRUE; break;} /* whoops, one of them is point at infinity */ - } - - if (inf) - { - for (i=0;ione,p[i]->Z); - p[i]->marker=MR_EPOINT_NORMALIZED; - nres_modmult(_MIPP_ work[i],work[i],mr_mip->w1); - nres_modmult(_MIPP_ p[i]->X,mr_mip->w1,p[i]->X); /* X/ZZ */ - nres_modmult(_MIPP_ mr_mip->w1,work[i],mr_mip->w1); - nres_modmult(_MIPP_ p[i]->Y,mr_mip->w1,p[i]->Y); /* Y/ZZZ */ - } - MR_OUT -#endif - return TRUE; -} - -/* adds b+=a, d+=c, and slopes in s1 and s2 */ - -#ifndef MR_NO_ECC_MULTIADD -#ifndef MR_STATIC - -void ecurve_double_add(_MIPD_ epoint *a,epoint*b,epoint *c,epoint *d,big *s1,big *s2) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(144); - -#ifndef MR_AFFINE_ONLY - - if (mr_mip->coord==MR_AFFINE) - { -#endif - if (a->marker==MR_EPOINT_INFINITY || size(a->Y)==0) - { - *s1=NULL; - ecurve_add(_MIPP_ c,d); - *s2=mr_mip->w8; - MR_OUT - return; - } - if (b->marker==MR_EPOINT_INFINITY || size(b->Y)==0) - { - *s1=NULL; - epoint_copy(a,b); - ecurve_add(_MIPP_ c,d); - *s2=mr_mip->w8; - MR_OUT - return; - } - if (c->marker==MR_EPOINT_INFINITY || size(c->Y)==0) - { - ecurve_add(_MIPP_ a,b); - *s1=mr_mip->w8; - *s2=NULL; - MR_OUT - return; - } - if (d->marker==MR_EPOINT_INFINITY || size(d->Y)==0) - { - epoint_copy(c,d); - ecurve_add(_MIPP_ a,b); - *s1=mr_mip->w8; - *s2=NULL; - MR_OUT - return; - } - - if (a==b || (mr_compare(a->X,b->X)==0 && mr_compare(a->Y,b->Y)==0)) - { - nres_modmult(_MIPP_ a->X,a->X,mr_mip->w8); - nres_premult(_MIPP_ mr_mip->w8,3,mr_mip->w8); /* 3x^2 */ - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->A,mr_mip->w8); - else - { - convert(_MIPP_ mr_mip->Asize,mr_mip->w2); - nres(_MIPP_ mr_mip->w2,mr_mip->w2); - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w2,mr_mip->w8); - } - nres_premult(_MIPP_ a->Y,2,mr_mip->w10); - } - else - { - if (mr_compare(a->X,b->X)==0) - { - epoint_set(_MIPP_ NULL,NULL,0,b); - *s1=NULL; - ecurve_add(_MIPP_ c,d); - *s2=mr_mip->w8; - MR_OUT - return; - } - nres_modsub(_MIPP_ a->Y,b->Y,mr_mip->w8); - nres_modsub(_MIPP_ a->X,b->X,mr_mip->w10); - } - - if (c==d || (mr_compare(c->X,d->X)==0 && mr_compare(c->Y,d->Y)==0)) - { - nres_modmult(_MIPP_ c->X,c->X,mr_mip->w9); - nres_premult(_MIPP_ mr_mip->w9,3,mr_mip->w9); /* 3x^2 */ - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) - nres_modadd(_MIPP_ mr_mip->w9,mr_mip->A,mr_mip->w9); - else - { - convert(_MIPP_ mr_mip->Asize,mr_mip->w2); - nres(_MIPP_ mr_mip->w2,mr_mip->w2); - nres_modadd(_MIPP_ mr_mip->w9,mr_mip->w2,mr_mip->w9); - } - nres_premult(_MIPP_ c->Y,2,mr_mip->w11); - } - else - { - if (mr_compare(c->X,d->X)==0) - { - epoint_set(_MIPP_ NULL,NULL,0,d); - *s2=NULL; - ecurve_add(_MIPP_ a,b); - *s1=mr_mip->w8; - MR_OUT - return; - } - nres_modsub(_MIPP_ c->Y,d->Y,mr_mip->w9); - nres_modsub(_MIPP_ c->X,d->X,mr_mip->w11); - } - - nres_double_inverse(_MIPP_ mr_mip->w10,mr_mip->w10,mr_mip->w11,mr_mip->w11); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w10,mr_mip->w8); - nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w11,mr_mip->w9); - - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w2); /* m^2 */ - nres_modsub(_MIPP_ mr_mip->w2,a->X,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w1,b->X,mr_mip->w1); - - nres_modsub(_MIPP_ b->X,mr_mip->w1,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w8,mr_mip->w2); - nres_modsub(_MIPP_ mr_mip->w2,b->Y,b->Y); - copy(mr_mip->w1,b->X); - b->marker=MR_EPOINT_GENERAL; - - nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w9,mr_mip->w2); /* m^2 */ - nres_modsub(_MIPP_ mr_mip->w2,c->X,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w1,d->X,mr_mip->w1); - - nres_modsub(_MIPP_ d->X,mr_mip->w1,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w9,mr_mip->w2); - nres_modsub(_MIPP_ mr_mip->w2,d->Y,d->Y); - copy(mr_mip->w1,d->X); - d->marker=MR_EPOINT_GENERAL; - - *s1=mr_mip->w8; - *s2=mr_mip->w9; -#ifndef MR_AFFINE_ONLY - } - else - { /* no speed-up */ - ecurve_add(_MIPP_ a,b); - copy(mr_mip->w8,mr_mip->w9); - *s1=mr_mip->w9; - ecurve_add(_MIPP_ c,d); - *s2=mr_mip->w8; - } -#endif - MR_OUT -} - -void ecurve_multi_add(_MIPD_ int m,epoint **x,epoint**w) -{ /* adds m points together simultaneously, w[i]+=x[i] */ - int i,*flag; - big *A,*B,*C; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(122) -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - { /* this can be done faster */ -#endif - A=(big *)mr_alloc(_MIPP_ m,sizeof(big)); - B=(big *)mr_alloc(_MIPP_ m,sizeof(big)); - C=(big *)mr_alloc(_MIPP_ m,sizeof(big)); - flag=(int *)mr_alloc(_MIPP_ m,sizeof(int)); - - copy(mr_mip->one,mr_mip->w3); - - for (i=0;iX,w[i]->X)==0 && mr_compare(x[i]->Y,w[i]->Y)==0) - { /* doubling */ - if (x[i]->marker==MR_EPOINT_INFINITY || size(x[i]->Y)==0) - { - flag[i]=1; /* result is infinity */ - copy(mr_mip->w3,B[i]); - continue; - } - nres_modmult(_MIPP_ x[i]->X,x[i]->X,A[i]); - nres_premult(_MIPP_ A[i],3,A[i]); /* 3*x^2 */ - if (mr_abs(mr_mip->Asize) == MR_TOOBIG) - nres_modadd(_MIPP_ A[i],mr_mip->A,A[i]); - else - { - convert(_MIPP_ mr_mip->Asize,mr_mip->w2); - nres(_MIPP_ mr_mip->w2,mr_mip->w2); - nres_modadd(_MIPP_ A[i],mr_mip->w2,A[i]); - } /* 3*x^2+A */ - nres_premult(_MIPP_ x[i]->Y,2,B[i]); - } - else - { - if (x[i]->marker==MR_EPOINT_INFINITY) - { - flag[i]=2; /* w[i] unchanged */ - copy(mr_mip->w3,B[i]); - continue; - } - if (w[i]->marker==MR_EPOINT_INFINITY) - { - flag[i]=3; /* w[i] = x[i] */ - copy(mr_mip->w3,B[i]); - continue; - } - nres_modsub(_MIPP_ x[i]->X,w[i]->X,B[i]); - if (size(B[i])==0) - { /* point at infinity */ - flag[i]=1; /* result is infinity */ - copy(mr_mip->w3,B[i]); - continue; - } - nres_modsub(_MIPP_ x[i]->Y,w[i]->Y,A[i]); - } - } - nres_multi_inverse(_MIPP_ m,B,C); /* only one inversion needed */ - for (i=0;iw8); - - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w2); /* m^2 */ - nres_modsub(_MIPP_ mr_mip->w2,x[i]->X,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w1,w[i]->X,mr_mip->w1); - - nres_modsub(_MIPP_ w[i]->X,mr_mip->w1,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w8,mr_mip->w2); - nres_modsub(_MIPP_ mr_mip->w2,w[i]->Y,w[i]->Y); - copy(mr_mip->w1,w[i]->X); - w[i]->marker=MR_EPOINT_NORMALIZED; - - mr_free(C[i]); - mr_free(B[i]); - mr_free(A[i]); - } - mr_free(flag); - mr_free(C); mr_free(B); mr_free(A); -#ifndef MR_AFFINE_ONLY - } - else - { /* no speed-up */ - for (i=0;iERNUM) return; - - if (p->marker==MR_EPOINT_INFINITY) - { /* 2 times infinity == infinity ! */ - return; - } - -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - { /* 2 sqrs, 1 mul, 1 div */ -#endif - if (size(p->Y)==0) - { /* set to point at infinity */ - epoint_set(_MIPP_ NULL,NULL,0,p); - return; - } - - nres_modmult(_MIPP_ p->X,p->X,mr_mip->w8); /* w8=x^2 */ - nres_premult(_MIPP_ mr_mip->w8,3,mr_mip->w8); /* w8=3*x^2 */ - if (mr_abs(mr_mip->Asize) == MR_TOOBIG) - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->A,mr_mip->w8); - else - { - convert(_MIPP_ mr_mip->Asize,mr_mip->w2); - nres(_MIPP_ mr_mip->w2,mr_mip->w2); - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w2,mr_mip->w8); - } /* w8=3*x^2+A */ - nres_premult(_MIPP_ p->Y,2,mr_mip->w6); /* w6=2y */ - if (nres_moddiv(_MIPP_ mr_mip->w8,mr_mip->w6,mr_mip->w8)>1) - { - epoint_set(_MIPP_ NULL,NULL,0,p); - mr_berror(_MIPP_ MR_ERR_COMPOSITE_MODULUS); - return; - } - -/* w8 is slope m on exit */ - - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w2); /* w2=m^2 */ - nres_premult(_MIPP_ p->X,2,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w2,mr_mip->w1,mr_mip->w1); /* w1=m^2-2x */ - - nres_modsub(_MIPP_ p->X,mr_mip->w1,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w8,mr_mip->w2); - nres_modsub(_MIPP_ mr_mip->w2,p->Y,p->Y); - copy(mr_mip->w1,p->X); - - return; -#ifndef MR_AFFINE_ONLY - } - - if (size(p->Y)==0) - { /* set to point at infinity */ - epoint_set(_MIPP_ NULL,NULL,0,p); - return; - } - - convert(_MIPP_ 1,mr_mip->w1); - if (mr_abs(mr_mip->Asize) < MR_TOOBIG) - { - if (mr_mip->Asize!=0) - { - if (p->marker==MR_EPOINT_NORMALIZED) - nres(_MIPP_ mr_mip->w1,mr_mip->w6); - else nres_modmult(_MIPP_ p->Z,p->Z,mr_mip->w6); - } - - if (mr_mip->Asize==(-3)) - { /* a is -3. Goody. 4 sqrs, 4 muls */ - nres_modsub(_MIPP_ p->X,mr_mip->w6,mr_mip->w3); - nres_modadd(_MIPP_ p->X,mr_mip->w6,mr_mip->w8); - nres_modmult(_MIPP_ mr_mip->w3,mr_mip->w8,mr_mip->w3); - nres_modadd(_MIPP_ mr_mip->w3,mr_mip->w3,mr_mip->w8); - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w3,mr_mip->w8); - } - else - { /* a is small */ - if (mr_mip->Asize!=0) - { /* a is non zero! */ - nres_modmult(_MIPP_ mr_mip->w6,mr_mip->w6,mr_mip->w3); - nres_premult(_MIPP_ mr_mip->w3,mr_mip->Asize,mr_mip->w3); - } - nres_modmult(_MIPP_ p->X,p->X,mr_mip->w1); - nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w1,mr_mip->w8); - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w1,mr_mip->w8); - if (mr_mip->Asize!=0) nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w3,mr_mip->w8); - } - } - else - { /* a is not special */ - if (p->marker==MR_EPOINT_NORMALIZED) nres(_MIPP_ mr_mip->w1,mr_mip->w6); - else nres_modmult(_MIPP_ p->Z,p->Z,mr_mip->w6); - - nres_modmult(_MIPP_ mr_mip->w6,mr_mip->w6,mr_mip->w3); - nres_modmult(_MIPP_ mr_mip->w3,mr_mip->A,mr_mip->w3); - nres_modmult(_MIPP_ p->X,p->X,mr_mip->w1); - nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w1,mr_mip->w8); - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w1,mr_mip->w8); - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w3,mr_mip->w8); - } - -/* w8 contains numerator of slope 3x^2+A.z^4 * - * denominator is now placed in Z */ - - nres_modmult(_MIPP_ p->Y,p->Y,mr_mip->w2); - nres_modmult(_MIPP_ p->X,mr_mip->w2,mr_mip->w3); - nres_modadd(_MIPP_ mr_mip->w3,mr_mip->w3,mr_mip->w3); - nres_modadd(_MIPP_ mr_mip->w3,mr_mip->w3,mr_mip->w3); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,p->X); - nres_modsub(_MIPP_ p->X,mr_mip->w3,p->X); - nres_modsub(_MIPP_ p->X,mr_mip->w3,p->X); - - if (p->marker==MR_EPOINT_NORMALIZED) - copy(p->Y,p->Z); - else nres_modmult(_MIPP_ p->Z,p->Y,p->Z); - nres_modadd(_MIPP_ p->Z,p->Z,p->Z); - - nres_modadd(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w7); - nres_modmult(_MIPP_ mr_mip->w7,mr_mip->w7,mr_mip->w2); - nres_modadd(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w2); - nres_modsub(_MIPP_ mr_mip->w3,p->X,mr_mip->w3); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w3,p->Y); - nres_modsub(_MIPP_ p->Y,mr_mip->w2,p->Y); - -/* alternative method - nres_modadd(_MIPP_ p->Y,p->Y,mr_mip->w2); - - if (p->marker==MR_EPOINT_NORMALIZED) - copy(mr_mip->w2,p->Z); - - else nres_modmult(_MIPP_ mr_mip->w2,p->Z,p->Z); - - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w2); - nres_modmult(_MIPP_ p->X,mr_mip->w2,mr_mip->w3); - nres_modadd(_MIPP_ mr_mip->w3,mr_mip->w3,p->X); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w1,p->X,p->X); - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w2); - - if (remain(_MIPP_ mr_mip->w2,2)!=0) - mr_padd(_MIPP_ mr_mip->w2,mr_mip->modulus,mr_mip->w2); - subdiv(_MIPP_ mr_mip->w2,2,mr_mip->w2); - - nres_modsub(_MIPP_ mr_mip->w3,p->X,mr_mip->w3); - nres_modmult(_MIPP_ mr_mip->w3,mr_mip->w8,mr_mip->w3); - nres_modsub(_MIPP_ mr_mip->w3,mr_mip->w2,p->Y); -*/ - -/* - -Observe that when finished w8 contains the line slope, w7 has 2y^2 and w6 has z^2 -This is useful for calculating line functions in pairings - -*/ - - p->marker=MR_EPOINT_GENERAL; - return; -#endif -} - -static BOOL ecurve_padd(_MIPD_ epoint *p,epoint *pa) -{ /* primitive add two epoints on the active ecurve - pa+=p; * - * note that if p is normalized, its Z coordinate isn't used */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - { /* 1 sqr, 1 mul, 1 div */ -#endif - nres_modsub(_MIPP_ p->Y,pa->Y,mr_mip->w8); - nres_modsub(_MIPP_ p->X,pa->X,mr_mip->w6); - if (size(mr_mip->w6)==0) - { /* divide by 0 */ - if (size(mr_mip->w8)==0) - { /* should have doubled ! */ - return FALSE; - } - else - { /* point at infinity */ - epoint_set(_MIPP_ NULL,NULL,0,pa); - return TRUE; - } - } - if (nres_moddiv(_MIPP_ mr_mip->w8,mr_mip->w6,mr_mip->w8)>1) - { - epoint_set(_MIPP_ NULL,NULL,0,pa); - mr_berror(_MIPP_ MR_ERR_COMPOSITE_MODULUS); - return TRUE; - } - - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w2); /* w2=m^2 */ - nres_modsub(_MIPP_ mr_mip->w2,p->X,mr_mip->w1); /* w1=m^2-x1-x2 */ - nres_modsub(_MIPP_ mr_mip->w1,pa->X,mr_mip->w1); - - - nres_modsub(_MIPP_ pa->X,mr_mip->w1,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w8,mr_mip->w2); - nres_modsub(_MIPP_ mr_mip->w2,pa->Y,pa->Y); - copy(mr_mip->w1,pa->X); - - pa->marker=MR_EPOINT_NORMALIZED; - return TRUE; -#ifndef MR_AFFINE_ONLY - } - - if (p->marker!=MR_EPOINT_NORMALIZED) - { - nres_modmult(_MIPP_ p->Z,p->Z,mr_mip->w6); - nres_modmult(_MIPP_ pa->X,mr_mip->w6,mr_mip->w1); - nres_modmult(_MIPP_ mr_mip->w6,p->Z,mr_mip->w6); - nres_modmult(_MIPP_ pa->Y,mr_mip->w6,mr_mip->w8); - } - else - { - copy(pa->X,mr_mip->w1); - copy(pa->Y,mr_mip->w8); - } - if (pa->marker==MR_EPOINT_NORMALIZED) - copy(mr_mip->one,mr_mip->w6); - - else nres_modmult(_MIPP_ pa->Z,pa->Z,mr_mip->w6); - nres_modmult(_MIPP_ p->X,mr_mip->w6,mr_mip->w4); - if (pa->marker!=MR_EPOINT_NORMALIZED) - nres_modmult(_MIPP_ mr_mip->w6,pa->Z,mr_mip->w6); - nres_modmult(_MIPP_ p->Y,mr_mip->w6,mr_mip->w5); - nres_modsub(_MIPP_ mr_mip->w1,mr_mip->w4,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w5,mr_mip->w8); - -/* w8 contains the numerator of the slope */ - - if (size(mr_mip->w1)==0) - { - if (size(mr_mip->w8)==0) - { /* should have doubled ! */ - return FALSE; - } - else - { /* point at infinity */ - epoint_set(_MIPP_ NULL,NULL,0,pa); - return TRUE; - } - } - nres_modadd(_MIPP_ mr_mip->w4,mr_mip->w4,mr_mip->w6); - nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w6,mr_mip->w4); - nres_modadd(_MIPP_ mr_mip->w5,mr_mip->w5,mr_mip->w6); - nres_modadd(_MIPP_ mr_mip->w8,mr_mip->w6,mr_mip->w5); - - if (p->marker!=MR_EPOINT_NORMALIZED) - { - if (pa->marker!=MR_EPOINT_NORMALIZED) - nres_modmult(_MIPP_ pa->Z,p->Z,mr_mip->w3); - else - copy(p->Z,mr_mip->w3); - nres_modmult(_MIPP_ mr_mip->w3,mr_mip->w1,pa->Z); - } - else - { - if (pa->marker!=MR_EPOINT_NORMALIZED) - nres_modmult(_MIPP_ pa->Z,mr_mip->w1,pa->Z); - else - copy(mr_mip->w1,pa->Z); - } - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w1,mr_mip->w6); - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w6,mr_mip->w1); - nres_modmult(_MIPP_ mr_mip->w6,mr_mip->w4,mr_mip->w6); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w4); - - nres_modsub(_MIPP_ mr_mip->w4,mr_mip->w6,pa->X); - nres_modsub(_MIPP_ mr_mip->w6,pa->X,mr_mip->w6); - nres_modsub(_MIPP_ mr_mip->w6,pa->X,mr_mip->w6); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w6,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w5,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w2,mr_mip->w1,mr_mip->w5); - -/* divide by 2 */ - - nres_div2(_MIPP_ mr_mip->w5,pa->Y); - - pa->marker=MR_EPOINT_GENERAL; - return TRUE; -#endif -} - -void epoint_copy(epoint *a,epoint *b) -{ - if (a==b || b==NULL) return; - - copy(a->X,b->X); - copy(a->Y,b->Y); -#ifndef MR_AFFINE_ONLY - if (a->marker==MR_EPOINT_GENERAL) copy(a->Z,b->Z); -#endif - b->marker=a->marker; - return; -} - -BOOL epoint_comp(_MIPD_ epoint *a,epoint *b) -{ - BOOL result; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - if (a==b) return TRUE; - if (a->marker==MR_EPOINT_INFINITY) - { - if (b->marker==MR_EPOINT_INFINITY) return TRUE; - else return FALSE; - } - if (b->marker==MR_EPOINT_INFINITY) - return FALSE; - -#ifndef MR_AFFINE_ONLY - if (mr_mip->coord==MR_AFFINE) - { -#endif - if (mr_compare(a->X,b->X)==0 && mr_compare(a->Y,b->Y)==0) result=TRUE; - else result=FALSE; - return result; -#ifndef MR_AFFINE_ONLY - } - - if (mr_mip->coord==MR_PROJECTIVE) - { - MR_IN(105) - if (a->marker!=MR_EPOINT_GENERAL) - copy(mr_mip->one,mr_mip->w1); - else copy(a->Z,mr_mip->w1); - - if (b->marker!=MR_EPOINT_GENERAL) - copy(mr_mip->one,mr_mip->w2); - else copy(b->Z,mr_mip->w2); - - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w1,mr_mip->w3); /* Za*Za */ - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w4); /* Zb*Zb */ - - nres_modmult(_MIPP_ a->X,mr_mip->w4,mr_mip->w5); /* Xa*Zb*Zb */ - nres_modmult(_MIPP_ b->X,mr_mip->w3,mr_mip->w6); /* Xb*Za*Za */ - - if (mr_compare(mr_mip->w5,mr_mip->w6)!=0) result=FALSE; - else - { - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w3,mr_mip->w3); - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w4,mr_mip->w4); - - nres_modmult(_MIPP_ a->Y,mr_mip->w4,mr_mip->w5); - nres_modmult(_MIPP_ b->Y,mr_mip->w3,mr_mip->w6); - - if (mr_compare(mr_mip->w5,mr_mip->w6)!=0) result=FALSE; - else result=TRUE; - } - MR_OUT - return result; - } - return FALSE; -#endif -} - -int ecurve_add(_MIPD_ epoint *p,epoint *pa) -{ /* pa=pa+p; */ - /* An ephemeral pointer to the line slope is returned */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return MR_OVER; - - MR_IN(94) - - if (p==pa) - { - ecurve_double(_MIPP_ pa); - MR_OUT - if (pa->marker==MR_EPOINT_INFINITY) return MR_OVER; - return MR_DOUBLE; - } - if (pa->marker==MR_EPOINT_INFINITY) - { - epoint_copy(p,pa); - MR_OUT - return MR_ADD; - } - if (p->marker==MR_EPOINT_INFINITY) - { - MR_OUT - return MR_ADD; - } - - if (!ecurve_padd(_MIPP_ p,pa)) - { - ecurve_double(_MIPP_ pa); - MR_OUT - return MR_DOUBLE; - } - MR_OUT - if (pa->marker==MR_EPOINT_INFINITY) return MR_OVER; - return MR_ADD; -} - -void epoint_negate(_MIPD_ epoint *p) -{ /* negate a point */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - if (p->marker==MR_EPOINT_INFINITY) return; - - MR_IN(121) - if (size(p->Y)!=0) mr_psub(_MIPP_ mr_mip->modulus,p->Y,p->Y); - MR_OUT -} - -int ecurve_sub(_MIPD_ epoint *p,epoint *pa) -{ - int r; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return MR_OVER; - - MR_IN(104) - - if (p==pa) - { - epoint_set(_MIPP_ NULL,NULL,0,pa); - MR_OUT - return MR_OVER; - } - if (p->marker==MR_EPOINT_INFINITY) - { - MR_OUT - return MR_ADD; - } - - epoint_negate(_MIPP_ p); - r=ecurve_add(_MIPP_ p,pa); - epoint_negate(_MIPP_ p); - - MR_OUT - return r; -} - -int ecurve_mult(_MIPD_ big e,epoint *pa,epoint *pt) -{ /* pt=e*pa; */ - int i,j,n,nb,nbs,nzs,nadds; - epoint *table[MR_ECC_STORE_N]; -#ifndef MR_AFFINE_ONLY - big work[MR_ECC_STORE_N]; -#endif - -#ifdef MR_STATIC - char mem[MR_ECP_RESERVE(MR_ECC_STORE_N)]; -#ifndef MR_AFFINE_ONLY - char mem1[MR_BIG_RESERVE(MR_ECC_STORE_N)]; -#endif -#else - char *mem; -#ifndef MR_AFFINE_ONLY - char *mem1; -#endif -#endif - -#ifndef MR_ALWAYS_BINARY - epoint *p; - int ce,ch; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return 0; - - MR_IN(95) - if (size(e)==0) - { /* multiplied by 0 */ - epoint_set(_MIPP_ NULL,NULL,0,pt); - MR_OUT - return 0; - } - copy(e,mr_mip->w9); -/* epoint_norm(_MIPP_ pa); */ - epoint_copy(pa,pt); - - if (size(mr_mip->w9)<0) - { /* pt = -pt */ - negify(mr_mip->w9,mr_mip->w9); - epoint_negate(_MIPP_ pt); - } - - if (size(mr_mip->w9)==1) - { - MR_OUT - return 0; - } - - premult(_MIPP_ mr_mip->w9,3,mr_mip->w10); /* h=3*e */ - -#ifndef MR_STATIC -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif -#endif - -#ifdef MR_STATIC - memset(mem,0,MR_ECP_RESERVE(MR_ECC_STORE_N)); -#ifndef MR_AFFINE_ONLY - memset(mem1,0,MR_BIG_RESERVE(MR_ECC_STORE_N)); -#endif -#else - mem=(char *)ecp_memalloc(_MIPP_ MR_ECC_STORE_N); -#ifndef MR_AFFINE_ONLY - mem1=(char *)memalloc(_MIPP_ MR_ECC_STORE_N); -#endif -#endif - - for (i=0;i<=MR_ECC_STORE_N-1;i++) - { - table[i]=epoint_init_mem(_MIPP_ mem,i); -#ifndef MR_AFFINE_ONLY - work[i]=mirvar_mem(_MIPP_ mem1,i); -#endif - } - - epoint_copy(pt,table[0]); - epoint_copy(table[0],table[MR_ECC_STORE_N-1]); - ecurve_double(_MIPP_ table[MR_ECC_STORE_N-1]); - /* epoint_norm(_MIPP_ table[MR_ECC_STORE_N-1]); */ - - for (i=1;iw10); - nadds=0; - epoint_set(_MIPP_ NULL,NULL,0,pt); - for (i=nb-1;i>=1;) - { /* add/subtract */ - if (mr_mip->user!=NULL) (*mr_mip->user)(); - n=mr_naf_window(_MIPP_ mr_mip->w9,mr_mip->w10,i,&nbs,&nzs,MR_ECC_STORE_N); - for (j=0;j0) {ecurve_add(_MIPP_ table[n/2],pt); nadds++;} - if (n<0) {ecurve_sub(_MIPP_ table[(-n)/2],pt); nadds++;} - i-=nbs; - if (nzs) - { - for (j=0;jw10)-1,mr_mip->w11); - mr_psub(_MIPP_ mr_mip->w10,mr_mip->w11,mr_mip->w10); - subdiv(_MIPP_ mr_mip->w11,2,mr_mip->w11); - while (size(mr_mip->w11) > 1) - { /* add/subtract method */ - if (mr_mip->user!=NULL) (*mr_mip->user)(); - - ecurve_double(_MIPP_ pt); - ce=mr_compare(mr_mip->w9,mr_mip->w11); /* e(i)=1? */ - ch=mr_compare(mr_mip->w10,mr_mip->w11); /* h(i)=1? */ - if (ch>=0) - { /* h(i)=1 */ - if (ce<0) {ecurve_add(_MIPP_ p,pt); nadds++;} - mr_psub(_MIPP_ mr_mip->w10,mr_mip->w11,mr_mip->w10); - } - if (ce>=0) - { /* e(i)=1 */ - if (ch<0) {ecurve_sub(_MIPP_ p,pt); nadds++;} - mr_psub(_MIPP_ mr_mip->w9,mr_mip->w11,mr_mip->w9); - } - subdiv(_MIPP_ mr_mip->w11,2,mr_mip->w11); - } - ecp_memkill(_MIPP_ mem,1); - } -#endif -#endif - MR_OUT - return nadds; -} - -#ifndef MR_NO_ECC_MULTIADD -#ifndef MR_STATIC - -void ecurve_multn(_MIPD_ int n,big *y,epoint **x,epoint *w) -{ /* pt=e[o]*p[0]+e[1]*p[1]+ .... e[n-1]*p[n-1] */ - int i,j,k,m,nb,ea; - epoint **G; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(114) - - m=1< nb) nb=k; - - epoint_set(_MIPP_ NULL,NULL,0,w); /* w=0 */ - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - for (i=nb-1;i>=0;i--) - { - if (mr_mip->user!=NULL) (*mr_mip->user)(); - ea=0; - k=1; - for (j=0;jERNUM) return FALSE; - - if (P->marker==MR_EPOINT_GENERAL || Q->marker==MR_EPOINT_GENERAL) - { - mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS); - MR_OUT - return FALSE; - } - - if (mr_compare(P->X,Q->X)==0) - { /* P=Q or P=-Q - shouldn't happen */ - epoint_copy(P,PP); - ecurve_add(_MIPP_ Q,PP); - epoint_copy(P,PM); - ecurve_sub(_MIPP_ Q,PM); - - MR_OUT - return TRUE; - } - - t1= mr_mip->w10; - t2= mr_mip->w11; - lam = mr_mip->w13; - - copy(P->X,t2); - nres_modsub(_MIPP_ t2,Q->X,t2); - - redc(_MIPP_ t2,t2); - invmodp(_MIPP_ t2,mr_mip->modulus,t2); - nres(_MIPP_ t2,t2); - - nres_modadd(_MIPP_ P->X,Q->X,PP->X); - copy(PP->X,PM->X); - - copy(P->Y,t1); - nres_modsub(_MIPP_ t1,Q->Y,t1); - copy(t1,lam); - nres_modmult(_MIPP_ lam,t2,lam); - copy(lam,t1); - nres_modmult(_MIPP_ t1,t1,t1); - nres_modsub(_MIPP_ t1,PP->X,PP->X); - copy(Q->X,PP->Y); - nres_modsub(_MIPP_ PP->Y,PP->X,PP->Y); - nres_modmult(_MIPP_ PP->Y,lam,PP->Y); - nres_modsub(_MIPP_ PP->Y,Q->Y,PP->Y); - - copy(P->Y,t1); - nres_modadd(_MIPP_ t1,Q->Y,t1); - copy(t1,lam); - nres_modmult(_MIPP_ lam,t2,lam); - copy(lam,t1); - nres_modmult(_MIPP_ t1,t1,t1); - nres_modsub(_MIPP_ t1,PM->X,PM->X); - copy(Q->X,PM->Y); - nres_modsub(_MIPP_ PM->Y,PM->X,PM->Y); - nres_modmult(_MIPP_ PM->Y,lam,PM->Y); - nres_modadd(_MIPP_ PM->Y,Q->Y,PM->Y); - - PP->marker=MR_EPOINT_NORMALIZED; - PM->marker=MR_EPOINT_NORMALIZED; - - return TRUE; -} - -void ecurve_mult2(_MIPD_ big e,epoint *p,big ea,epoint *pa,epoint *pt) -{ /* pt=e*p+ea*pa; */ - int e1,h1,e2,h2,bb; - epoint *p1,*p2,*ps[2]; -#ifdef MR_STATIC - char mem[MR_ECP_RESERVE(4)]; -#else - char *mem; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (mr_mip->ERNUM) return; - - MR_IN(103) - - if (size(e)==0) - { - ecurve_mult(_MIPP_ ea,pa,pt); - MR_OUT - return; - } -#ifdef MR_STATIC - memset(mem,0,MR_ECP_RESERVE(4)); -#else - mem=(char *)ecp_memalloc(_MIPP_ 4); -#endif - p2=epoint_init_mem(_MIPP_ mem,0); - p1=epoint_init_mem(_MIPP_ mem,1); - ps[0]=epoint_init_mem(_MIPP_ mem,2); - ps[1]=epoint_init_mem(_MIPP_ mem,3); - - epoint_norm(_MIPP_ pa); - epoint_copy(pa,p2); - copy(ea,mr_mip->w9); - if (size(mr_mip->w9)<0) - { /* p2 = -p2 */ - negify(mr_mip->w9,mr_mip->w9); - epoint_negate(_MIPP_ p2); - } - - epoint_norm(_MIPP_ p); - epoint_copy(p,p1); - copy(e,mr_mip->w12); - if (size(mr_mip->w12)<0) - { /* p1= -p1 */ - negify(mr_mip->w12,mr_mip->w12); - epoint_negate(_MIPP_ p1); - } - - - epoint_set(_MIPP_ NULL,NULL,0,pt); /* pt=0 */ - ecurve_add_sub(_MIPP_ p1,p2,ps[0],ps[1]); /* only one inversion! ps[0]=p1+p2, ps[1]=p1-p2 */ - - mr_jsf(_MIPP_ mr_mip->w9,mr_mip->w12,mr_mip->w10,mr_mip->w9,mr_mip->w13,mr_mip->w12); - -/* To use a simple NAF instead, substitute this for the JSF - premult(_MIPP_ mr_mip->w9,3,mr_mip->w10); 3*ea - premult(_MIPP_ mr_mip->w12,3,mr_mip->w13); 3*e -*/ - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - if (mr_compare(mr_mip->w10,mr_mip->w13)>=0) bb=logb2(_MIPP_ mr_mip->w10)-1; - else bb=logb2(_MIPP_ mr_mip->w13)-1; - - while (bb>=0) /* for the simple NAF, this should be 1 */ - { - if (mr_mip->user!=NULL) (*mr_mip->user)(); - ecurve_double(_MIPP_ pt); - - e1=h1=e2=h2=0; - if (mr_testbit(_MIPP_ mr_mip->w9,bb)) e2=1; - if (mr_testbit(_MIPP_ mr_mip->w10,bb)) h2=1; - if (mr_testbit(_MIPP_ mr_mip->w12,bb)) e1=1; - if (mr_testbit(_MIPP_ mr_mip->w13,bb)) h1=1; - - if (e1!=h1) - { - if (e2==h2) - { - if (h1==1) ecurve_add(_MIPP_ p1,pt); - else ecurve_sub(_MIPP_ p1,pt); - } - else - { - if (h1==1) - { - if (h2==1) ecurve_add(_MIPP_ ps[0],pt); - else ecurve_add(_MIPP_ ps[1],pt); - } - else - { - if (h2==1) ecurve_sub(_MIPP_ ps[1],pt); - else ecurve_sub(_MIPP_ ps[0],pt); - } - } - } - else if (e2!=h2) - { - if (h2==1) ecurve_add(_MIPP_ p2,pt); - else ecurve_sub(_MIPP_ p2,pt); - } - bb-=1; - } -#ifndef MR_ALWAYS_BINARY - } - else - { - if (mr_compare(mr_mip->w10,mr_mip->w13)>=0) - expb2(_MIPP_ logb2(_MIPP_ mr_mip->w10)-1,mr_mip->w11); - else expb2(_MIPP_ logb2(_MIPP_ mr_mip->w13)-1,mr_mip->w11); - - while (size(mr_mip->w11) > 0) /* for the NAF, this should be 1 */ - { /* add/subtract method */ - if (mr_mip->user!=NULL) (*mr_mip->user)(); - - ecurve_double(_MIPP_ pt); - - e1=h1=e2=h2=0; - if (mr_compare(mr_mip->w9,mr_mip->w11)>=0) - { /* e1(i)=1? */ - e2=1; - mr_psub(_MIPP_ mr_mip->w9,mr_mip->w11,mr_mip->w9); - } - if (mr_compare(mr_mip->w10,mr_mip->w11)>=0) - { /* h1(i)=1? */ - h2=1; - mr_psub(_MIPP_ mr_mip->w10,mr_mip->w11,mr_mip->w10); - } - if (mr_compare(mr_mip->w12,mr_mip->w11)>=0) - { /* e2(i)=1? */ - e1=1; - mr_psub(_MIPP_ mr_mip->w12,mr_mip->w11,mr_mip->w12); - } - if (mr_compare(mr_mip->w13,mr_mip->w11)>=0) - { /* h2(i)=1? */ - h1=1; - mr_psub(_MIPP_ mr_mip->w13,mr_mip->w11,mr_mip->w13); - } - - if (e1!=h1) - { - if (e2==h2) - { - if (h1==1) ecurve_add(_MIPP_ p1,pt); - else ecurve_sub(_MIPP_ p1,pt); - } - else - { - if (h1==1) - { - if (h2==1) ecurve_add(_MIPP_ ps[0],pt); - else ecurve_add(_MIPP_ ps[1],pt); - } - else - { - if (h2==1) ecurve_sub(_MIPP_ ps[1],pt); - else ecurve_sub(_MIPP_ ps[0],pt); - } - } - } - else if (e2!=h2) - { - if (h2==1) ecurve_add(_MIPP_ p2,pt); - else ecurve_sub(_MIPP_ p2,pt); - } - - subdiv(_MIPP_ mr_mip->w11,2,mr_mip->w11); - } - } -#endif - ecp_memkill(_MIPP_ mem,4); - MR_OUT -} - -#endif - -#else - -/* Twisted Inverted Edwards curves - - * Assumes Twisted Inverted Edward's equation x^2+Ay^2 = x^2.y^2 + B - * Assumes points are not of order 2 or 4 -*/ - -static void epoint_getrhs(_MIPD_ big x,big y) -{ - /* find RHS=(x^2-B)/(x^2-A) */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - nres_modmult(_MIPP_ x,x,mr_mip->w6); - nres_modsub(_MIPP_ mr_mip->w6,mr_mip->B,y); - nres_modsub(_MIPP_ mr_mip->w6,mr_mip->A,mr_mip->w6); - - nres_moddiv(_MIPP_ y,mr_mip->w6,y); -} - -#ifndef MR_NOSUPPORT_COMPRESSION - -BOOL epoint_x(_MIPD_ big x) -{ /* test if x is associated with a point on the * - * currently active curve */ - int j; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - MR_IN(147) - - if (x==NULL) return FALSE; - - nres(_MIPP_ x,mr_mip->w2); - epoint_getrhs(_MIPP_ mr_mip->w2,mr_mip->w7); - - if (size(mr_mip->w7)==0) - { - MR_OUT - return TRUE; - } - - redc(_MIPP_ mr_mip->w7,mr_mip->w4); - j=jack(_MIPP_ mr_mip->w4,mr_mip->modulus); - - MR_OUT - if (j==1) return TRUE; - return FALSE; -} - -#endif - -BOOL epoint_set(_MIPD_ big x,big y,int cb,epoint *p) -{ /* initialise a point on active ecurve * - * if x or y == NULL, set to point at infinity * - * if x==y, a y co-ordinate is calculated - if * - * possible - and cb suggests LSB 0/1 of y * - * (which "decompresses" y). Otherwise, check * - * validity of given (x,y) point, ignoring cb. * - * Returns TRUE for valid point, otherwise FALSE. */ - - BOOL valid; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - MR_IN(97) - - if (x==NULL || y==NULL) - { - copy(mr_mip->one,p->X); - zero(p->Y); - p->marker=MR_EPOINT_INFINITY; - MR_OUT - return TRUE; - } - - valid=FALSE; - nres(_MIPP_ x,p->X); - if (x!=y) - { /* Check directly that x^2+Ay^2 == x^2.y^2+B */ - nres(_MIPP_ y,p->Y); - nres_modmult(_MIPP_ p->X,p->X,mr_mip->w1); - nres_modmult(_MIPP_ p->Y,p->Y,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w3); - nres_modadd(_MIPP_ mr_mip->w3,mr_mip->B,mr_mip->w3); - - - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->A,mr_mip->w2); - else - nres_premult(_MIPP_ mr_mip->w2,mr_mip->Asize,mr_mip->w2); - nres_modadd(_MIPP_ mr_mip->w2,mr_mip->w1,mr_mip->w2); - if (mr_compare(mr_mip->w2,mr_mip->w3)==0) valid=TRUE; - } - else - { /* find RHS */ - epoint_getrhs(_MIPP_ p->X,mr_mip->w7); - /* no y supplied - calculate one. Find square root */ -#ifndef MR_NOSUPPORT_COMPRESSION - valid=nres_sqroot(_MIPP_ mr_mip->w7,p->Y); - /* check LSB - have we got the right root? */ - redc(_MIPP_ p->Y,mr_mip->w1); - if (remain(_MIPP_ mr_mip->w1,2)!=cb) - mr_psub(_MIPP_ mr_mip->modulus,p->Y,p->Y); - -#else - mr_berror(_MIPP_ MR_ERR_NOT_SUPPORTED); - MR_OUT - return FALSE; -#endif - } - if (valid) - { - p->marker=MR_EPOINT_NORMALIZED; - MR_OUT - return TRUE; - } - - MR_OUT - return FALSE; -} - -#ifndef MR_STATIC - -void epoint_getxyz(_MIPD_ epoint *p,big x,big y,big z) -{ /* get (x,y,z) coordinates */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - MR_IN(143) - convert(_MIPP_ 1,mr_mip->w1); - if (p->marker==MR_EPOINT_INFINITY) - { - if (x!=NULL) copy(mr_mip->w1,x); - if (y!=NULL) zero(y); - if (z!=NULL) zero(z); - MR_OUT - return; - } - if (x!=NULL) redc(_MIPP_ p->X,x); - if (y!=NULL) redc(_MIPP_ p->Y,y); - if (z!=NULL) redc(_MIPP_ p->Z,z); - - MR_OUT - return; -} - -#endif - -int epoint_get(_MIPD_ epoint* p,big x,big y) -{ /* Get point co-ordinates in affine, normal form * - * (converted from projective, Montgomery form) * - * if x==y, supplies x only. Return value is Least * - * Significant Bit of y (useful for point compression) */ - - int lsb; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (p->marker==MR_EPOINT_INFINITY) - { - zero(y); - convert(_MIPP_ 1,x); - return 0; - } - if (mr_mip->ERNUM) return 0; - - MR_IN(98) - - if (!epoint_norm(_MIPP_ p)) - { /* not possible ! */ - MR_OUT - return (-1); - } - - redc(_MIPP_ p->X,x); - redc(_MIPP_ p->Y,mr_mip->w1); - - if (x!=y) copy(mr_mip->w1,y); - lsb=remain(_MIPP_ mr_mip->w1,2); - MR_OUT - return lsb; -} - -BOOL epoint_norm(_MIPD_ epoint *p) -{ /* normalise a point */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (p->marker!=MR_EPOINT_GENERAL) return TRUE; - - if (mr_mip->ERNUM) return FALSE; - - MR_IN(117) - - copy(mr_mip->one,mr_mip->w8); - - if (nres_moddiv(_MIPP_ mr_mip->w8,p->Z,mr_mip->w8)>1) /* 1/Z */ - { - epoint_set(_MIPP_ NULL,NULL,0,p); - mr_berror(_MIPP_ MR_ERR_COMPOSITE_MODULUS); - MR_OUT - return FALSE; - } - - nres_modmult(_MIPP_ p->X,mr_mip->w8,p->X); /* X/Z */ - nres_modmult(_MIPP_ p->Y,mr_mip->w8,p->Y); /* Y/Z */ - - copy(mr_mip->one,p->Z); - - p->marker=MR_EPOINT_NORMALIZED; - MR_OUT - - return TRUE; -} - -void ecurve_double(_MIPD_ epoint *p) -{ /* double epoint on active ecurve */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - if (p->marker==MR_EPOINT_INFINITY) - { /* 2 times infinity == infinity ! */ - return; - } - nres_modadd(_MIPP_ p->X,p->Y,mr_mip->w1); - - nres_modmult(_MIPP_ p->X,p->X,p->X); /* A=X1^2 */ - nres_modmult(_MIPP_ p->Y,p->Y,p->Y); /* B=Y1^2 */ - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w1,mr_mip->w1); /* (X+Y)^2 */ - nres_modsub(_MIPP_ mr_mip->w1,p->X,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w1,p->Y,mr_mip->w1); /* E=(X+Y)^2-A-B */ - - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) /* U = aB */ - nres_modmult(_MIPP_ p->Y,mr_mip->A,p->Y); - else - nres_premult(_MIPP_ p->Y,mr_mip->Asize,p->Y); - - if (p->marker!=MR_EPOINT_NORMALIZED) - nres_modmult(_MIPP_ p->Z,p->Z,p->Z); - else - copy(mr_mip->one,p->Z); - - nres_modadd(_MIPP_ p->Z,p->Z,p->Z); - if (mr_abs(mr_mip->Bsize)==MR_TOOBIG) /* 2dZ^2 */ - nres_modmult(_MIPP_ p->Z,mr_mip->B,p->Z); - else - nres_premult(_MIPP_ p->Z,mr_mip->Bsize,p->Z); - - nres_modadd(_MIPP_ p->X,p->Y,mr_mip->w2); /* C=A+U */ - nres_modsub(_MIPP_ p->X,p->Y,mr_mip->w3); /* D=A-U */ - - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w3,p->X); /* X=C.D */ - - nres_modsub(_MIPP_ mr_mip->w2,p->Z,mr_mip->w2); /* C-2dZ^2 */ - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w1,p->Y); /* Y=E.(C-2dZ^2) */ - nres_modmult(_MIPP_ mr_mip->w3,mr_mip->w1,p->Z); /* Z=D.E */ - - p->marker=MR_EPOINT_GENERAL; - return; -} - -static BOOL ecurve_padd(_MIPD_ epoint *p,epoint *pa) -{ /* primitive add two epoints on the active ecurve - pa+=p; * - * note that if p is normalized, its Z coordinate isn't used */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (p->marker==MR_EPOINT_INFINITY) return TRUE; - if (pa->marker==MR_EPOINT_INFINITY) - { - epoint_copy(p,pa); - return TRUE; - } - - nres_modadd(_MIPP_ p->X,p->Y,mr_mip->w1); - nres_modadd(_MIPP_ pa->X,pa->Y,mr_mip->w2); - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1); /* I=(X1+Y1)(X2+Y2) */ - if (p->marker!=MR_EPOINT_NORMALIZED) - { - if (pa->marker==MR_EPOINT_NORMALIZED) - copy(p->Z,pa->Z); - else nres_modmult(_MIPP_ p->Z,pa->Z,pa->Z); /* z = A = Z1*Z2 */ - } - else - { - if (pa->marker==MR_EPOINT_NORMALIZED) copy(mr_mip->one,pa->Z); - } - - nres_modmult(_MIPP_ pa->Z,pa->Z,mr_mip->w2); /* w2 = B = dA^2 */ - if (mr_abs(mr_mip->Bsize)==MR_TOOBIG) - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->B,mr_mip->w2); - else - nres_premult(_MIPP_ mr_mip->w2,mr_mip->Bsize,mr_mip->w2); - nres_modmult(_MIPP_ p->X,pa->X,pa->X); /* x = C = X1*X2 */ - nres_modmult(_MIPP_ p->Y,pa->Y,pa->Y); /* y = D = Y1*Y2 */ - nres_modmult(_MIPP_ pa->X,pa->Y,mr_mip->w3); /* w3 = E = C*D */ - - nres_modsub(_MIPP_ mr_mip->w1,pa->X,mr_mip->w1); - nres_modsub(_MIPP_ mr_mip->w1,pa->Y,mr_mip->w1); /* I=(X1+Y1)(X2+Y2)-C-D =X1*Y2+Y1*X2 */ - - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) /* */ - nres_modmult(_MIPP_ pa->Y,mr_mip->A,pa->Y); - else - nres_premult(_MIPP_ pa->Y,mr_mip->Asize,pa->Y); - nres_modsub(_MIPP_ pa->X,pa->Y,pa->X); /* X = H = C-aD */ - - nres_modmult(_MIPP_ pa->Z,pa->X,pa->Z); - nres_modmult(_MIPP_ pa->Z,mr_mip->w1,pa->Z); - - nres_modsub(_MIPP_ mr_mip->w3,mr_mip->w2,pa->Y); - nres_modmult(_MIPP_ pa->Y,mr_mip->w1,pa->Y); - - nres_modadd(_MIPP_ mr_mip->w3,mr_mip->w2,mr_mip->w3); - nres_modmult(_MIPP_ pa->X,mr_mip->w3,pa->X); - - if (size(pa->Z)==0) - { - copy(mr_mip->one,pa->X); - zero(pa->Y); - pa->marker=MR_EPOINT_INFINITY; - } - else pa->marker=MR_EPOINT_GENERAL; - - return TRUE; -} - -void epoint_copy(epoint *a,epoint *b) -{ - if (a==b || b==NULL) return; - - copy(a->X,b->X); - copy(a->Y,b->Y); - copy(a->Z,b->Z); - - b->marker=a->marker; - return; -} - -BOOL epoint_comp(_MIPD_ epoint *a,epoint *b) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - if (a==b) return TRUE; - if (a->marker==MR_EPOINT_INFINITY) - { - if (b->marker==MR_EPOINT_INFINITY) return TRUE; - else return FALSE; - } - if (b->marker==MR_EPOINT_INFINITY) - return FALSE; - - MR_IN(105) - copy(a->Z,mr_mip->w1); - copy(b->Z,mr_mip->w2); - - nres_modmult(_MIPP_ a->X,b->Z,mr_mip->w1); - nres_modmult(_MIPP_ b->X,a->Z,mr_mip->w2); - - if (mr_compare(mr_mip->w1,mr_mip->w2)!=0) - { - MR_OUT - return FALSE; - } - - nres_modmult(_MIPP_ a->Y,b->Z,mr_mip->w1); - nres_modmult(_MIPP_ b->Y,a->Z,mr_mip->w2); - - if (mr_compare(mr_mip->w1,mr_mip->w2)!=0) - { - MR_OUT - return FALSE; - } - MR_OUT - return TRUE; - -} - -int ecurve_add(_MIPD_ epoint *p,epoint *pa) -{ /* pa=pa+p; */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return MR_OVER; - - MR_IN(94) - - if (p==pa) - { - ecurve_double(_MIPP_ pa); - MR_OUT - if (pa->marker==MR_EPOINT_INFINITY) return MR_OVER; - return MR_DOUBLE; - } - if (pa->marker==MR_EPOINT_INFINITY) - { - epoint_copy(p,pa); - MR_OUT - return MR_ADD; - } - if (p->marker==MR_EPOINT_INFINITY) - { - MR_OUT - return MR_ADD; - } - - if (!ecurve_padd(_MIPP_ p,pa)) - { - ecurve_double(_MIPP_ pa); - MR_OUT - return MR_DOUBLE; - } - MR_OUT - if (pa->marker==MR_EPOINT_INFINITY) return MR_OVER; - return MR_ADD; -} - -void epoint_negate(_MIPD_ epoint *p) -{ /* negate a point */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - if (p->marker==MR_EPOINT_INFINITY) return; - - MR_IN(121) - if (size(p->X)!=0) mr_psub(_MIPP_ mr_mip->modulus,p->X,p->X); - MR_OUT -} - -int ecurve_sub(_MIPD_ epoint *p,epoint *pa) -{ - int r; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return MR_OVER; - - MR_IN(104) - - if (p==pa) - { - epoint_set(_MIPP_ NULL,NULL,0,pa); - MR_OUT - return MR_OVER; - } - if (p->marker==MR_EPOINT_INFINITY) - { - MR_OUT - return MR_ADD; - } - - epoint_negate(_MIPP_ p); - r=ecurve_add(_MIPP_ p,pa); - epoint_negate(_MIPP_ p); - - MR_OUT - return r; -} - -int ecurve_mult(_MIPD_ big e,epoint *pa,epoint *pt) -{ /* pt=e*pa; */ - int i,j,n,nb,nbs,nzs,nadds; - epoint *table[MR_ECC_STORE_N]; - -#ifdef MR_STATIC - char mem[MR_ECP_RESERVE(MR_ECC_STORE_N)]; -#else - char *mem; -#endif - -#ifndef MR_ALWAYS_BINARY - epoint *p; - int ce,ch; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return 0; - - MR_IN(95) - if (size(e)==0) - { /* multiplied by 0 */ - epoint_set(_MIPP_ NULL,NULL,0,pt); - MR_OUT - return 0; - } - copy(e,mr_mip->w9); - epoint_copy(pa,pt); - - if (size(mr_mip->w9)<0) - { /* pt = -pt */ - negify(mr_mip->w9,mr_mip->w9); - epoint_negate(_MIPP_ pt); - } - - if (size(mr_mip->w9)==1) - { - MR_OUT - return 0; - } - - premult(_MIPP_ mr_mip->w9,3,mr_mip->w10); /* h=3*e */ - -#ifndef MR_STATIC -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif -#endif - -#ifdef MR_STATIC - memset(mem,0,MR_ECP_RESERVE(MR_ECC_STORE_N)); -#else - mem=(char *)ecp_memalloc(_MIPP_ MR_ECC_STORE_N); -#endif - - for (i=0;i<=MR_ECC_STORE_N-1;i++) - table[i]=epoint_init_mem(_MIPP_ mem,i); - - epoint_copy(pt,table[0]); - epoint_copy(table[0],table[MR_ECC_STORE_N-1]); - ecurve_double(_MIPP_ table[MR_ECC_STORE_N-1]); - - for (i=1;iw10); - nadds=0; - epoint_set(_MIPP_ NULL,NULL,0,pt); - for (i=nb-1;i>=1;) - { /* add/subtract */ - if (mr_mip->user!=NULL) (*mr_mip->user)(); - n=mr_naf_window(_MIPP_ mr_mip->w9,mr_mip->w10,i,&nbs,&nzs,MR_ECC_STORE_N); - for (j=0;j0) {ecurve_add(_MIPP_ table[n/2],pt); nadds++;} - if (n<0) {ecurve_sub(_MIPP_ table[(-n)/2],pt); nadds++;} - i-=nbs; - if (nzs) - { - for (j=0;jw10)-1,mr_mip->w11); - mr_psub(_MIPP_ mr_mip->w10,mr_mip->w11,mr_mip->w10); - subdiv(_MIPP_ mr_mip->w11,2,mr_mip->w11); - while (size(mr_mip->w11) > 1) - { /* add/subtract method */ - if (mr_mip->user!=NULL) (*mr_mip->user)(); - - ecurve_double(_MIPP_ pt); - ce=mr_compare(mr_mip->w9,mr_mip->w11); /* e(i)=1? */ - ch=mr_compare(mr_mip->w10,mr_mip->w11); /* h(i)=1? */ - if (ch>=0) - { /* h(i)=1 */ - if (ce<0) {ecurve_add(_MIPP_ p,pt); nadds++;} - mr_psub(_MIPP_ mr_mip->w10,mr_mip->w11,mr_mip->w10); - } - if (ce>=0) - { /* e(i)=1 */ - if (ch<0) {ecurve_sub(_MIPP_ p,pt); nadds++;} - mr_psub(_MIPP_ mr_mip->w9,mr_mip->w11,mr_mip->w9); - } - subdiv(_MIPP_ mr_mip->w11,2,mr_mip->w11); - } - ecp_memkill(_MIPP_ mem,1); - } -#endif -#endif - MR_OUT - return nadds; -} - -#ifndef MR_NO_ECC_MULTIADD -#ifndef MR_STATIC - -void ecurve_multn(_MIPD_ int n,big *y,epoint **x,epoint *w) -{ /* pt=e[0]*p[0]+e[1]*p[1]+ .... e[n-1]*p[n-1] */ - int i,j,k,m,nb,ea; - epoint **G; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(114) - - m=1< nb) nb=k; - - epoint_set(_MIPP_ NULL,NULL,0,w); /* w=0 */ - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - for (i=nb-1;i>=0;i--) - { - if (mr_mip->user!=NULL) (*mr_mip->user)(); - ea=0; - k=1; - for (j=0;jmarker==MR_EPOINT_NORMALIZED) - { - if (Q->marker==MR_EPOINT_NORMALIZED) - copy(mr_mip->one,mr_mip->w1); - else copy(Q->Z,mr_mip->w1); - } - else - { - if (Q->marker==MR_EPOINT_NORMALIZED) - copy(P->Z,mr_mip->w1); - else nres_modmult(_MIPP_ P->Z,Q->Z,mr_mip->w1); /* w1 = A = Z1*Z2 */ - } - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w1,mr_mip->w2); /* w2 = B = dA^2 */ - if (mr_abs(mr_mip->Bsize)==MR_TOOBIG) - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->B,mr_mip->w2); - else - nres_premult(_MIPP_ mr_mip->w2,mr_mip->Bsize,mr_mip->w2); - nres_modmult(_MIPP_ P->X,Q->X,mr_mip->w3); /* w3 = C = X1*X2 */ - nres_modmult(_MIPP_ P->Y,Q->Y,mr_mip->w4); /* w4 = D = Y1*Y2 */ - nres_modmult(_MIPP_ mr_mip->w3,mr_mip->w4,mr_mip->w5); /* w5 = E = C*D */ - nres_modmult(_MIPP_ P->X,Q->Y,mr_mip->w7); /* w7 = F = X1.Y2 */ - nres_modmult(_MIPP_ Q->X,P->Y,mr_mip->w8); /* w8 = G = X2.Y1 */ - - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) /* w4 = aD */ - nres_modmult(_MIPP_ mr_mip->w4,mr_mip->A,mr_mip->w4); - else - nres_premult(_MIPP_ mr_mip->w4,mr_mip->Asize,mr_mip->w4); - -/* P+Q */ - - nres_modsub(_MIPP_ mr_mip->w3,mr_mip->w4,mr_mip->w6); /* w6 = H = C-aD */ - nres_modadd(_MIPP_ mr_mip->w7,mr_mip->w8,PP->Z); /* X1*Y2+X2*Y1 */ - nres_modadd(_MIPP_ mr_mip->w5,mr_mip->w2,PP->X); - nres_modmult(_MIPP_ PP->X,mr_mip->w6,PP->X); - nres_modsub(_MIPP_ mr_mip->w5,mr_mip->w2,PP->Y); - nres_modmult(_MIPP_ PP->Y,PP->Z,PP->Y); - nres_modmult(_MIPP_ PP->Z,mr_mip->w6,PP->Z); - nres_modmult(_MIPP_ PP->Z,mr_mip->w1,PP->Z); - - if (size(PP->Z)==0) - { - copy(mr_mip->one,PP->X); - zero(PP->Y); - PP->marker=MR_EPOINT_INFINITY; - } - else PP->marker=MR_EPOINT_GENERAL; - -/* P-Q */ - - nres_modadd(_MIPP_ mr_mip->w3,mr_mip->w4,mr_mip->w6); /* w6 = C+aD */ - nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w7,PM->Z); /* X2*Y1-X1*Y2 */ - nres_modsub(_MIPP_ mr_mip->w5,mr_mip->w2,PM->X); - nres_modmult(_MIPP_ PM->X,mr_mip->w6,PM->X); - nres_modadd(_MIPP_ mr_mip->w5,mr_mip->w2,PM->Y); - nres_modmult(_MIPP_ PM->Y,PM->Z,PM->Y); - nres_modmult(_MIPP_ PM->Z,mr_mip->w6,PM->Z); - nres_modmult(_MIPP_ PM->Z,mr_mip->w1,PM->Z); - - if (size(PM->Z)==0) - { - copy(mr_mip->one,PM->X); - zero(PM->Y); - PM->marker=MR_EPOINT_INFINITY; - } - else PM->marker=MR_EPOINT_GENERAL; - - return TRUE; -} - -void ecurve_mult2(_MIPD_ big e,epoint *p,big ea,epoint *pa,epoint *pt) -{ /* pt=e*p+ea*pa; */ - int e1,h1,e2,h2,bb; - epoint *p1,*p2,*ps[2]; -#ifdef MR_STATIC - char mem[MR_ECP_RESERVE(4)]; -#else - char *mem; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (mr_mip->ERNUM) return; - - MR_IN(103) - - if (size(e)==0) - { - ecurve_mult(_MIPP_ ea,pa,pt); - MR_OUT - return; - } -#ifdef MR_STATIC - memset(mem,0,MR_ECP_RESERVE(4)); -#else - mem=ecp_memalloc(_MIPP_ 4); -#endif - p2=epoint_init_mem(_MIPP_ mem,0); - p1=epoint_init_mem(_MIPP_ mem,1); - ps[0]=epoint_init_mem(_MIPP_ mem,2); - ps[1]=epoint_init_mem(_MIPP_ mem,3); - - epoint_copy(pa,p2); - copy(ea,mr_mip->w9); - if (size(mr_mip->w9)<0) - { /* p2 = -p2 */ - negify(mr_mip->w9,mr_mip->w9); - epoint_negate(_MIPP_ p2); - } - - epoint_copy(p,p1); - copy(e,mr_mip->w12); - if (size(mr_mip->w12)<0) - { /* p1= -p1 */ - negify(mr_mip->w12,mr_mip->w12); - epoint_negate(_MIPP_ p1); - } - - epoint_set(_MIPP_ NULL,NULL,0,pt); /* pt=0 */ - ecurve_add_sub(_MIPP_ p1,p2,ps[0],ps[1]); /* ps[0]=p1+p2, ps[1]=p1-p2 */ - - mr_jsf(_MIPP_ mr_mip->w9,mr_mip->w12,mr_mip->w10,mr_mip->w9,mr_mip->w13,mr_mip->w12); - -/* To use a simple NAF instead, substitute this for the JSF - premult(_MIPP_ mr_mip->w9,3,mr_mip->w10); 3*ea - premult(_MIPP_ mr_mip->w12,3,mr_mip->w13); 3*e -*/ - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - if (mr_compare(mr_mip->w10,mr_mip->w13)>=0) bb=logb2(_MIPP_ mr_mip->w10)-1; - else bb=logb2(_MIPP_ mr_mip->w13)-1; - - while (bb>=0) /* for the simple NAF, this should be 1 */ - { - if (mr_mip->user!=NULL) (*mr_mip->user)(); - ecurve_double(_MIPP_ pt); - - e1=h1=e2=h2=0; - if (mr_testbit(_MIPP_ mr_mip->w9,bb)) e2=1; - if (mr_testbit(_MIPP_ mr_mip->w10,bb)) h2=1; - if (mr_testbit(_MIPP_ mr_mip->w12,bb)) e1=1; - if (mr_testbit(_MIPP_ mr_mip->w13,bb)) h1=1; - - if (e1!=h1) - { - if (e2==h2) - { - if (h1==1) ecurve_add(_MIPP_ p1,pt); - else ecurve_sub(_MIPP_ p1,pt); - } - else - { - if (h1==1) - { - if (h2==1) ecurve_add(_MIPP_ ps[0],pt); - else ecurve_add(_MIPP_ ps[1],pt); - } - else - { - if (h2==1) ecurve_sub(_MIPP_ ps[1],pt); - else ecurve_sub(_MIPP_ ps[0],pt); - } - } - } - else if (e2!=h2) - { - if (h2==1) ecurve_add(_MIPP_ p2,pt); - else ecurve_sub(_MIPP_ p2,pt); - } - bb-=1; - } -#ifndef MR_ALWAYS_BINARY - } - else - { - if (mr_compare(mr_mip->w10,mr_mip->w13)>=0) - expb2(_MIPP_ logb2(_MIPP_ mr_mip->w10)-1,mr_mip->w11); - else expb2(_MIPP_ logb2(_MIPP_ mr_mip->w13)-1,mr_mip->w11); - - while (size(mr_mip->w11) > 0) /* for the NAF, this should be 1 */ - { /* add/subtract method */ - if (mr_mip->user!=NULL) (*mr_mip->user)(); - - ecurve_double(_MIPP_ pt); - - e1=h1=e2=h2=0; - if (mr_compare(mr_mip->w9,mr_mip->w11)>=0) - { /* e1(i)=1? */ - e2=1; - mr_psub(_MIPP_ mr_mip->w9,mr_mip->w11,mr_mip->w9); - } - if (mr_compare(mr_mip->w10,mr_mip->w11)>=0) - { /* h1(i)=1? */ - h2=1; - mr_psub(_MIPP_ mr_mip->w10,mr_mip->w11,mr_mip->w10); - } - if (mr_compare(mr_mip->w12,mr_mip->w11)>=0) - { /* e2(i)=1? */ - e1=1; - mr_psub(_MIPP_ mr_mip->w12,mr_mip->w11,mr_mip->w12); - } - if (mr_compare(mr_mip->w13,mr_mip->w11)>=0) - { /* h2(i)=1? */ - h1=1; - mr_psub(_MIPP_ mr_mip->w13,mr_mip->w11,mr_mip->w13); - } - - if (e1!=h1) - { - if (e2==h2) - { - if (h1==1) ecurve_add(_MIPP_ p1,pt); - else ecurve_sub(_MIPP_ p1,pt); - } - else - { - if (h1==1) - { - if (h2==1) ecurve_add(_MIPP_ ps[0],pt); - else ecurve_add(_MIPP_ ps[1],pt); - } - else - { - if (h2==1) ecurve_sub(_MIPP_ ps[1],pt); - else ecurve_sub(_MIPP_ ps[0],pt); - } - } - } - else if (e2!=h2) - { - if (h2==1) ecurve_add(_MIPP_ p2,pt); - else ecurve_sub(_MIPP_ p2,pt); - } - - subdiv(_MIPP_ mr_mip->w11,2,mr_mip->w11); - } - } -#endif - ecp_memkill(_MIPP_ mem,4); - MR_OUT -} - -#endif - -#endif diff --git a/crypto/sm2/miracl/mrjack.c b/crypto/sm2/miracl/mrjack.c deleted file mode 100644 index 1b77a984..00000000 --- a/crypto/sm2/miracl/mrjack.c +++ /dev/null @@ -1,342 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL Jacobi symbol routine - * mrjack.c - * - * See "A binary algorithm for the Jacobi symbol" - * Shallit and Sorenson - */ -#include -#include - -int jack(_MIPD_ big a,big n) -{ /* find jacobi symbol (a/n), for positive odd n */ - big w; - int nm8,onm8,t; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM || size(a)==0 || size(n) <1) return 0; - MR_IN(3) - - t=1; - copy(n,mr_mip->w2); - nm8=remain(_MIPP_ mr_mip->w2,8); - if (nm8%2==0) - { - MR_OUT - return 0; - } - - if (size(a)<0) - { - if (nm8%4==3) t=-1; - negify(a,mr_mip->w1); - } - else copy(a,mr_mip->w1); - - while (size(mr_mip->w1)!=0) - { - while (remain(_MIPP_ mr_mip->w1,2)==0) - { - subdiv(_MIPP_ mr_mip->w1,2,mr_mip->w1); - if (nm8==3 || nm8==5) t=-t; - } - if (mr_compare(mr_mip->w1,mr_mip->w2)<0) - { - onm8=nm8; - w=mr_mip->w1; mr_mip->w1=mr_mip->w2; mr_mip->w2=w; - nm8=remain(_MIPP_ mr_mip->w2,8); - if (onm8%4==3 && nm8%4==3) t=-t; - } - mr_psub(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1); - subdiv(_MIPP_ mr_mip->w1,2,mr_mip->w1); - - if (nm8==3 || nm8==5) t=-t; - } - - MR_OUT - if (size(mr_mip->w2)==1) return t; - return 0; -} - -/* - * See "Efficient Algorithms for Computing the Jacobi Symbol" - * Eikenberry & Sorenson - * - * Its turns out this is slower than the binary method above for reasonable sizes - * of parameters (and takes up a lot more space!) - - -#ifdef MR_FP -#include -#endif - - -static void rfind(mr_small u,mr_small v,mr_small k,mr_small sk,mr_utype *a,mr_utype *b) -{ - mr_utype x2,y2,r; - mr_small w,q,x1,y1,sr; -#ifdef MR_FP - mr_small dres; -#endif - - w=invers(v,k); - w=smul(u,w,k); - - x1=k; x2=0; - y1=w; y2=1; - -// NOTE: x1 and y1 are always +ve. x2 and y2 are always small - - while (y1>=sk) - { -#ifndef MR_NOFULLWIDTH - if (x1==0) q=muldvm((mr_small)1,(mr_small)0,y1,&sr); - else -#endif - q=MR_DIV(x1,y1); - r= x1-q*y1; x1=y1; y1=r; - sr=x2-q*y2; x2=y2; y2=sr; - } - if (y2>=0) { *a=y2; *b=0-y1; } - else { *a=-y2; *b=y1; } -} - -int jack(_MIPD_ big U,big V) -{ // find jacobi symbol for U wrt V. Only defined for - // positive V, V odd. Otherwise returns 0 - int i,e,r,m,t,v8,u4; - mr_utype a,b; - mr_small u,v,d,g,k,sk,s; -#ifdef MR_FP - mr_small dres; -#endif - big w; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_FP_ROUNDING - mr_large ik,id; -#endif - if (mr_mip->ERNUM || size(U)==0 || size(V) <1) return 0; - copy(U,mr_mip->w1); - copy(V,mr_mip->w2); - a=0; - MR_IN(3) - - if (remain(_MIPP_ mr_mip->w2,2)==0) - { // V is even - MR_OUT - return 0; - } - - if (mr_mip->base!=0) - { - k=1; - for (m=1;;m++) - { - k*=2; - if (k==MAXBASE) break; - } - if (m%2==1) {m--; k=MR_DIV(k,2);} -#ifdef MR_FP_ROUNDING - ik=mr_invert(k); -#endif - } - else - { - m=MIRACL; - k=0; - } - r=m/2; - sk=1; - for (i=0;iw2,8); - - while (!mr_mip->ERNUM && size(mr_mip->w1)!=0) - { - if (size(mr_mip->w1)<0) - { - negify(mr_mip->w1,mr_mip->w1); - if (v8%4==3) t=-t; - } - - do { // oddify - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - if (mr_mip->base==k) u=mr_mip->w1->w[0]; - else u=MR_REMAIN(mr_mip->w1->w[0],k); -#ifndef MR_ALWAYS_BINARY - } - -#ifdef MR_FP_ROUNDING - else u=mr_sdiv(_MIPP_ mr_mip->w1,k,ik,mr_mip->w3); -#else - else u=mr_sdiv(_MIPP_ mr_mip->w1,k,mr_mip->w3); -#endif - -#endif - if (u==0) {s=k; e=0;} - else - { - s=1; e=0; - while (MR_REMAIN(u,2)==0) {s*=2; e++; u=MR_DIV(u,2);} - } - if (s==mr_mip->base) mr_shift(_MIPP_ mr_mip->w1,-1,mr_mip->w1); -#ifdef MR_FP_ROUNDING - else if (s>1) - { - mr_sdiv(_MIPP_ mr_mip->w1,s,mr_invert(s),mr_mip->w1); - } -#else - else if (s>1) mr_sdiv(_MIPP_ mr_mip->w1,s,mr_mip->w1); -#endif - } while (u==0); - if (e%2!=0 && (v8==3 || v8==5)) t=-t; - if (mr_compare(mr_mip->w1,mr_mip->w2)<0) - { - if (mr_mip->base==mr_mip->base2) u4=(int)MR_REMAIN(mr_mip->w1->w[0],4); - else u4=remain(_MIPP_ mr_mip->w1,4); - if (v8%4==3 && u4==3) t=-t; - w=mr_mip->w1; mr_mip->w1=mr_mip->w2; mr_mip->w2=w; - } - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - if (k==mr_mip->base) - { - u=mr_mip->w1->w[0]; - v=mr_mip->w2->w[0]; - } - else - { - u=MR_REMAIN(mr_mip->w1->w[0],k); - v=MR_REMAIN(mr_mip->w2->w[0],k); - } -#ifndef MR_ALWAYS_BINARY - } - else - { -#ifdef MR_FP_ROUNDING - u=mr_sdiv(_MIPP_ mr_mip->w1,k,ik,mr_mip->w3); - v=mr_sdiv(_MIPP_ mr_mip->w2,k,ik,mr_mip->w3); -#else - u=mr_sdiv(_MIPP_ mr_mip->w1,k,mr_mip->w3); - v=mr_sdiv(_MIPP_ mr_mip->w2,k,mr_mip->w3); -#endif - } -#endif - rfind(u,v,k,sk,&a,&b); - if (a>1) - { -#ifdef MR_FP_ROUNDING - d=mr_sdiv(_MIPP_ mr_mip->w2,a,mr_invert(a),mr_mip->w3); -#else - d=mr_sdiv(_MIPP_ mr_mip->w2,a,mr_mip->w3); -#endif - d=sgcd(d,a); - a=MR_DIV(a,d); - } - else d=1; - - if (d>1) - { -#ifdef MR_FP_ROUNDING - id=mr_invert(d); - mr_sdiv(_MIPP_ mr_mip->w2,d,id,mr_mip->w2); - u=mr_sdiv(_MIPP_ mr_mip->w1,d,id,mr_mip->w3); -#else - mr_sdiv(_MIPP_ mr_mip->w2,d,mr_mip->w2); - u=mr_sdiv(_MIPP_ mr_mip->w1,d,mr_mip->w3); -#endif - } - else u=0; - - g=a; - if (mr_mip->base==mr_mip->base2) v8=(int)MR_REMAIN(mr_mip->w2->w[0],8); - else v8=remain(_MIPP_ mr_mip->w2,8); - while (MR_REMAIN(g,2)==0) - { - g=MR_DIV(g,2); - if (v8==3 || v8==5) t=-t; - } - if (MR_REMAIN(g,4)==3 && v8%4==3) t=-t; -#ifdef MR_FP_ROUNDING - v=mr_sdiv(_MIPP_ mr_mip->w2,g,mr_invert(g),mr_mip->w3); -#else - v=mr_sdiv(_MIPP_ mr_mip->w2,g,mr_mip->w3); -#endif - t*=jac(v,g)*jac(u,d); - if (t==0) - { - MR_OUT - return 0; - } - -// printf("a= %I64d b=%I64d %d\n",a,b,(int)b); - - if (a>1) mr_pmul(_MIPP_ mr_mip->w1,a,mr_mip->w1); - if (b>=0) - mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w3); - else - { - b=-b; - mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w3); - negify(mr_mip->w3,mr_mip->w3); - } - // premult(_MIPP_ mr_mip->w2,(int)b,mr_mip->w3); <- nasty bug - potential loss of precision in b - add(_MIPP_ mr_mip->w1,mr_mip->w3,mr_mip->w1); - if (k==mr_mip->base) mr_shift(_MIPP_ mr_mip->w1,-1,mr_mip->w1); -#ifdef MR_FP_ROUNDING - else mr_sdiv(_MIPP_ mr_mip->w1,k,ik,mr_mip->w1); -#else - else mr_sdiv(_MIPP_ mr_mip->w1,k,mr_mip->w1); -#endif - } - MR_OUT - if (size(mr_mip->w2)==1) return t; - return 0; -} - -*/ diff --git a/crypto/sm2/miracl/mrlucas.c b/crypto/sm2/miracl/mrlucas.c deleted file mode 100644 index 2a19b49f..00000000 --- a/crypto/sm2/miracl/mrlucas.c +++ /dev/null @@ -1,157 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL methods for evaluating lucas V function - * mrlucas.c (Postl's algorithm) - */ - -#include -#include - -void nres_lucas(_MIPD_ big p,big r,big vp,big v) -{ - int i,nb; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(107) - - if (size(r)==0) - { - zero(vp); - convert(_MIPP_ 2,v); - nres(_MIPP_ v,v); - MR_OUT - return; - } - if (size(r)==1 || size(r)==(-1)) - { /* note - sign of r doesn't matter */ - convert(_MIPP_ 2,vp); - nres(_MIPP_ vp,vp); - copy(p,v); - MR_OUT - return; - } - - copy(p,mr_mip->w3); - - convert(_MIPP_ 2,mr_mip->w4); - nres(_MIPP_ mr_mip->w4,mr_mip->w4); /* w4=2 */ - - copy(mr_mip->w4,mr_mip->w8); - copy(mr_mip->w3,mr_mip->w9); - - copy(r,mr_mip->w1); - insign(PLUS,mr_mip->w1); - decr(_MIPP_ mr_mip->w1,1,mr_mip->w1); - -#ifndef MR_ALWAYS_BINARY - if (mr_mip->base==mr_mip->base2) - { -#endif - nb=logb2(_MIPP_ mr_mip->w1); - for (i=nb-1;i>=0;i--) - { - if (mr_mip->user!=NULL) (*mr_mip->user)(); - - if (mr_testbit(_MIPP_ mr_mip->w1,i)) - { - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w9,mr_mip->w8); - nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w3,mr_mip->w8); - nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w9,mr_mip->w9); - nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w4,mr_mip->w9); - - } - else - { - nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w8,mr_mip->w9); - nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w3,mr_mip->w9); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w8); - nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w4,mr_mip->w8); - } - } - -#ifndef MR_ALWAYS_BINARY - } - else - { - expb2(_MIPP_ logb2(_MIPP_ mr_mip->w1)-1,mr_mip->w2); - - while (!mr_mip->ERNUM && size(mr_mip->w2)!=0) - { /* use binary method */ - if (mr_compare(mr_mip->w1,mr_mip->w2)>=0) - { /* vp=v*vp-p, v=v*v-2 */ - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w9,mr_mip->w8); - nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w3,mr_mip->w8); - nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w9,mr_mip->w9); - nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w4,mr_mip->w9); - subtract(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1); - } - else - { /* v=v*vp-p, vp=vp*vp-2 */ - nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w8,mr_mip->w9); - nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w3,mr_mip->w9); - nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w8); - nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w4,mr_mip->w8); - } - subdiv(_MIPP_ mr_mip->w2,2,mr_mip->w2); - } - } -#endif - - copy(mr_mip->w9,v); - if (v!=vp) copy(mr_mip->w8,vp); - MR_OUT - -} - -void lucas(_MIPD_ big p,big r,big n,big vp,big v) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(108) - prepare_monty(_MIPP_ n); - nres(_MIPP_ p,mr_mip->w3); - nres_lucas(_MIPP_ mr_mip->w3,r,mr_mip->w8,mr_mip->w9); - redc(_MIPP_ mr_mip->w9,v); - if (v!=vp) redc(_MIPP_ mr_mip->w8,vp); - MR_OUT -} - diff --git a/crypto/sm2/miracl/mrmonty.c b/crypto/sm2/miracl/mrmonty.c deleted file mode 100644 index 102b4d34..00000000 --- a/crypto/sm2/miracl/mrmonty.c +++ /dev/null @@ -1,1414 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL Montgomery's method for modular arithmetic without division. - * mrmonty.c - * - * Programs to implement Montgomery's method - * See "Modular Multiplication Without Trial Division", Math. Comp. - * Vol 44, Number 170, April 1985, Pages 519-521 - * NOTE - there is an important correction to this paper mentioned as a - * footnote in "Speeding the Pollard and Elliptic Curve Methods", - * Math. Comput., Vol. 48, January 1987, 243-264 - * - * The advantage of this approach is that no division required in order - * to compute a modular reduction - useful if division is slow - * e.g. on a SPARC processor, or a DSP. - * - * The disadvantage is that numbers must first be converted to an internal - * "n-residue" form. - * - */ - -#include -#include - -#ifdef MR_FP -#include -#endif - -#ifdef MR_WIN64 -#include -#endif - -#ifdef MR_COUNT_OPS -extern int fpc,fpa; -#endif - -#ifdef MR_CELL -extern void mod256(_MIPD_ big,big); -#endif - -void kill_monty(_MIPDO_ ) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - zero(mr_mip->modulus); -#ifdef MR_KCM - zero(mr_mip->big_ndash); -#endif -} - -mr_small prepare_monty(_MIPD_ big n) -{ /* prepare Montgomery modulus */ -#ifdef MR_KCM - int nl; -#endif -#ifdef MR_PENTIUM - mr_small ndash; - mr_small base; - mr_small magic=13835058055282163712.0; - int control=0x1FFF; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return (mr_small)0; -/* Is it set-up already? */ - if (size(mr_mip->modulus)!=0) - if (mr_compare(n,mr_mip->modulus)==0) return mr_mip->ndash; - - MR_IN(80) - - if (size(n)<=2) - { - mr_berror(_MIPP_ MR_ERR_BAD_MODULUS); - MR_OUT - return (mr_small)0; - } - - zero(mr_mip->w6); - zero(mr_mip->w15); - -/* set a small negative QNR (on the assumption that n is prime!) */ -/* These defaults can be over-ridden */ - -/* Did you know that for p=2 mod 3, -3 is a QNR? */ - - mr_mip->pmod8=remain(_MIPP_ n,8); - - switch (mr_mip->pmod8) - { - case 0: - case 1: - case 2: - case 4: - case 6: - mr_mip->qnr=0; /* none defined */ - break; - case 3: - mr_mip->qnr=-1; - break; - case 5: - mr_mip->qnr=-2; - break; - case 7: - mr_mip->qnr=-1; - break; - } - mr_mip->pmod9=remain(_MIPP_ n,9); - - mr_mip->NO_CARRY=FALSE; - if (n->w[n->len-1]>>M4 < 5) mr_mip->NO_CARRY=TRUE; - -#ifdef MR_PENTIUM - -mr_mip->ACTIVE=FALSE; -if (mr_mip->base!=0) - if (MR_PENTIUM==n->len) mr_mip->ACTIVE=TRUE; - if (MR_PENTIUM<0) - { - if (n->len<=(-MR_PENTIUM)) mr_mip->ACTIVE=TRUE; - if (logb2(_MIPP_ n)%mr_mip->lg2b==0) mr_mip->ACTIVE=FALSE; - } -#endif - -#ifdef MR_DISABLE_MONTGOMERY - mr_mip->MONTY=OFF; -#else - mr_mip->MONTY=ON; -#endif - -#ifdef MR_COMBA - mr_mip->ACTIVE=FALSE; - - if (MR_COMBA==n->len && mr_mip->base==mr_mip->base2) - { - mr_mip->ACTIVE=TRUE; -#ifdef MR_SPECIAL - mr_mip->MONTY=OFF; /* "special" modulus reduction */ - -#endif /* implemented in mrcomba.c */ - } - -#endif - convert(_MIPP_ 1,mr_mip->one); - if (!mr_mip->MONTY) - { /* Montgomery arithmetic is turned off */ - copy(n,mr_mip->modulus); - mr_mip->ndash=0; - MR_OUT - return (mr_small)0; - } - -#ifdef MR_KCM - -/* test for base==0 & n->len=MR_KCM.2^x */ - - mr_mip->ACTIVE=FALSE; - if (mr_mip->base==0) - { - nl=(int)n->len; - while (nl>=MR_KCM) - { - if (nl==MR_KCM) - { - mr_mip->ACTIVE=TRUE; - break; - } - if (nl%2!=0) break; - nl/=2; - } - } - if (mr_mip->ACTIVE) - { - mr_mip->w6->len=n->len+1; - mr_mip->w6->w[n->len]=1; - if (invmodp(_MIPP_ n,mr_mip->w6,mr_mip->w14)!=1) - { /* problems */ - mr_berror(_MIPP_ MR_ERR_BAD_MODULUS); - MR_OUT - return (mr_small)0; - } - } - else - { -#endif - mr_mip->w6->len=2; - mr_mip->w6->w[0]=0; - mr_mip->w6->w[1]=1; /* w6 = base */ - mr_mip->w15->len=1; - mr_mip->w15->w[0]=n->w[0]; /* w15 = n mod base */ - if (invmodp(_MIPP_ mr_mip->w15,mr_mip->w6,mr_mip->w14)!=1) - { /* problems */ - mr_berror(_MIPP_ MR_ERR_BAD_MODULUS); - MR_OUT - return (mr_small)0; - } -#ifdef MR_KCM - } - copy(mr_mip->w14,mr_mip->big_ndash); -#endif - - mr_mip->ndash=mr_mip->base-mr_mip->w14->w[0]; /* = N' mod b */ - copy(n,mr_mip->modulus); - mr_mip->check=OFF; - mr_shift(_MIPP_ mr_mip->modulus,(int)mr_mip->modulus->len,mr_mip->pR); - mr_mip->check=ON; -#ifdef MR_PENTIUM -/* prime the FP stack */ - if (mr_mip->ACTIVE) - { - ndash=mr_mip->ndash; - base=mr_mip->base; - magic *=base; - ASM - { - finit - fldcw WORD PTR control - fld QWORD PTR ndash - fld1 - fld QWORD PTR base - fdiv - fld QWORD PTR magic - } - } -#endif - nres(_MIPP_ mr_mip->one,mr_mip->one); - MR_OUT - - return mr_mip->ndash; -} - -void nres(_MIPD_ big x,big y) -{ /* convert x to n-residue format */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(81) - - if (size(mr_mip->modulus)==0) - { - mr_berror(_MIPP_ MR_ERR_NO_MODULUS); - MR_OUT - return; - } - copy(x,y); - divide(_MIPP_ y,mr_mip->modulus,mr_mip->modulus); - if (size(y)<0) add(_MIPP_ y,mr_mip->modulus,y); - if (!mr_mip->MONTY) - { - MR_OUT - return; - } - mr_mip->check=OFF; - - mr_shift(_MIPP_ y,(int)mr_mip->modulus->len,mr_mip->w0); - divide(_MIPP_ mr_mip->w0,mr_mip->modulus,mr_mip->modulus); - mr_mip->check=ON; - copy(mr_mip->w0,y); - - MR_OUT -} - -void redc(_MIPD_ big x,big y) -{ /* Montgomery's REDC function p. 520 */ - /* also used to convert n-residues back to normal form */ - mr_small carry,delay_carry,m,ndash,*w0g,*mg; - -#ifdef MR_ITANIUM - mr_small tm; -#endif -#ifdef MR_WIN64 - mr_small tm,tr; -#endif - int i,j,rn,rn2; - big w0,modulus; -#ifdef MR_NOASM - union doubleword dble; - mr_large dbled,ldres; -#endif -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(82) - - w0=mr_mip->w0; /* get these into local variables (for inline assembly) */ - modulus=mr_mip->modulus; - ndash=mr_mip->ndash; - - copy(x,w0); - if (!mr_mip->MONTY) - { -/*#ifdef MR_CELL - mod256(_MIPP_ w0,w0); -#else */ - divide(_MIPP_ w0,modulus,modulus); -/* #endif */ - copy(w0,y); - MR_OUT - return; - } - delay_carry=0; - rn=(int)modulus->len; - rn2=rn+rn; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH - mg=modulus->w; - w0g=w0->w; - for (i=0;iw[i],ndash,0,&m); Note that after this time */ - m=ndash*w0->w[i]; - carry=0; /* around the loop, w0[i]=0 */ - - for (j=0;jw[j]+carry+w0->w[i+j]; - w0->w[i+j]=dble.h[MR_BOT]; - carry=dble.h[MR_TOP]; -#else - muldvd2(m,modulus->w[j],&carry,&w0->w[i+j]); -#endif - } - w0->w[rn+i]+=delay_carry; - if (w0->w[rn+i]w[rn+i]+=carry; - if (w0->w[rn+i]w[i],ndash,0,mr_mip->base,mr_mip->inverse_base,&m); -#else - muldiv(w0->w[i],ndash,0,mr_mip->base,&m); -#endif - carry=0; - for (j=0;jw[j]+carry+w0->w[i+j]; -#ifdef MR_FP_ROUNDING - carry=(mr_small)MR_LROUND(dbled*mr_mip->inverse_base); -#else -#ifndef MR_FP - if (mr_mip->base==mr_mip->base2) - carry=(mr_small)(dbled>>mr_mip->lg2b); - else -#endif - carry=(mr_small)MR_LROUND(dbled/mr_mip->base); -#endif - w0->w[i+j]=(mr_small)(dbled-(mr_large)carry*mr_mip->base); -#else -#ifdef MR_FP_ROUNDING - carry=imuldiv(modulus->w[j],m,w0->w[i+j]+carry,mr_mip->base,mr_mip->inverse_base,&w0->w[i+j]); -#else - carry=muldiv(modulus->w[j],m,w0->w[i+j]+carry,mr_mip->base,&w0->w[i+j]); -#endif -#endif - } - w0->w[rn+i]+=(delay_carry+carry); - delay_carry=0; - if (w0->w[rn+i]>=mr_mip->base) - { - w0->w[rn+i]-=mr_mip->base; - delay_carry=1; - } - } -#endif - w0->w[rn2]=delay_carry; - w0->len=rn2+1; - mr_shift(_MIPP_ w0,(-rn),w0); - mr_lzero(w0); - - if (mr_compare(w0,modulus)>=0) mr_psub(_MIPP_ w0,modulus,w0); - copy(w0,y); - MR_OUT -} - -/* "Complex" method for ZZn2 squaring */ - -void nres_complex(_MIPD_ big a,big b,big r,big i) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - MR_IN(225) - - if (mr_mip->NO_CARRY && mr_mip->qnr==-1) - { /* if modulus is small enough we can ignore carries, and use simple addition and subtraction */ - /* recall that Montgomery reduction can cope as long as product is less than pR */ -#ifdef MR_COMBA -#ifdef MR_COUNT_OPS -fpa+=3; -#endif - if (mr_mip->ACTIVE) - { - comba_add(a,b,mr_mip->w1); - comba_add(a,mr_mip->modulus,mr_mip->w2); /* a-b is p+a-b */ - comba_sub(mr_mip->w2,b,mr_mip->w2); - comba_add(a,a,r); - } - else - { -#endif - mr_padd(_MIPP_ a,b,mr_mip->w1); - mr_padd(_MIPP_ a,mr_mip->modulus,mr_mip->w2); - mr_psub(_MIPP_ mr_mip->w2,b,mr_mip->w2); - mr_padd(_MIPP_ a,a,r); -#ifdef MR_COMBA - } -#endif - nres_modmult(_MIPP_ r,b,i); - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w2,r); - } - else - { - nres_modadd(_MIPP_ a,b,mr_mip->w1); - nres_modsub(_MIPP_ a,b,mr_mip->w2); - - if (mr_mip->qnr==-2) - nres_modsub(_MIPP_ mr_mip->w2,b,mr_mip->w2); - - nres_modmult(_MIPP_ a,b,i); - nres_modmult(_MIPP_ mr_mip->w1,mr_mip->w2,r); - - if (mr_mip->qnr==-2) - nres_modadd(_MIPP_ r,i,r); - - nres_modadd(_MIPP_ i,i,i); - } - MR_OUT -} - -#ifndef MR_NO_LAZY_REDUCTION - -/* - -Lazy reduction technique for zzn2 multiplication - competitive if Reduction is more -expensive that Multiplication. This is true for pairing-based crypto. Note that -Lazy reduction can also be used with Karatsuba! Uses w1, w2, w5, and w6. - -Reduction poly is X^2-D=0 - -(a0+a1.X).(b0+b1.X) = (a0.b0 + D.a1.b1) + (a1.b0+a0.b1).X - -Karatsuba - - (a0.b0+D.a1.b1) + ((a0+a1)(b0+b1) - a0.b0 - a1.b1).X -*/ - -void nres_lazy(_MIPD_ big a0,big a1,big b0,big b1,big r,big i) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - mr_mip->check=OFF; -#ifdef MR_COUNT_OPS -fpc+=3; -fpa+=5; -if (mr_mip->qnr==-2) fpa++; -#endif - -#ifdef MR_COMBA - if (mr_mip->ACTIVE) - { - comba_mult(a0,b0,mr_mip->w0); - comba_mult(a1,b1,mr_mip->w5); - } - else - { -#endif -#ifdef MR_KCM - if (mr_mip->ACTIVE) - { - kcm_mul(_MIPP_ a1,b1,mr_mip->w5); /* this destroys w0! */ - kcm_mul(_MIPP_ a0,b0,mr_mip->w0); - } - else - { -#endif - MR_IN(151) - multiply(_MIPP_ a0,b0,mr_mip->w0); - multiply(_MIPP_ a1,b1,mr_mip->w5); -#ifdef MR_COMBA - } -#endif -#ifdef MR_KCM - } -#endif - - if (mr_mip->NO_CARRY && mr_mip->qnr==-1) - { /* if modulus is small enough we can ignore carries, and use simple addition and subtraction */ -#ifdef MR_COMBA -#ifdef MR_COUNT_OPS -fpa+=2; -#endif - if (mr_mip->ACTIVE) - { - comba_double_add(mr_mip->w0,mr_mip->w5,mr_mip->w6); - comba_add(a0,a1,mr_mip->w1); - comba_add(b0,b1,mr_mip->w2); - } - else - { -#endif - mr_padd(_MIPP_ mr_mip->w0,mr_mip->w5,mr_mip->w6); - mr_padd(_MIPP_ a0,a1,mr_mip->w1); - mr_padd(_MIPP_ b0,b1,mr_mip->w2); -#ifdef MR_COMBA - } -#endif - } - else - { - nres_double_modadd(_MIPP_ mr_mip->w0,mr_mip->w5,mr_mip->w6); /* w6 = a0.b0+a1.b1 */ - if (mr_mip->qnr==-2) - nres_double_modadd(_MIPP_ mr_mip->w5,mr_mip->w5,mr_mip->w5); - nres_modadd(_MIPP_ a0,a1,mr_mip->w1); - nres_modadd(_MIPP_ b0,b1,mr_mip->w2); - } - nres_double_modsub(_MIPP_ mr_mip->w0,mr_mip->w5,mr_mip->w0); /* r = a0.b0+D.a1.b1 */ - -#ifdef MR_COMBA - if (mr_mip->ACTIVE) - { - comba_redc(_MIPP_ mr_mip->w0,r); - comba_mult(mr_mip->w1,mr_mip->w2,mr_mip->w0); - } - else - { -#endif -#ifdef MR_KCM - if (mr_mip->ACTIVE) - { - kcm_redc(_MIPP_ mr_mip->w0,r); - kcm_mul(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w0); - } - else - { -#endif - redc(_MIPP_ mr_mip->w0,r); - multiply(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w0); /* w0=(a0+a1)*(b0+b1) */ -#ifdef MR_COMBA - } -#endif -#ifdef MR_KCM - } -#endif - - if (mr_mip->NO_CARRY && mr_mip->qnr==-1) - { -#ifdef MR_COMBA - if (mr_mip->ACTIVE) - comba_double_sub(mr_mip->w0,mr_mip->w6,mr_mip->w0); - else -#endif - mr_psub(_MIPP_ mr_mip->w0,mr_mip->w6,mr_mip->w0); - } - else - nres_double_modsub(_MIPP_ mr_mip->w0,mr_mip->w6,mr_mip->w0); /* (a0+a1)*(b0+b1) - w6 */ - -#ifdef MR_COMBA - if (mr_mip->ACTIVE) - { - comba_redc(_MIPP_ mr_mip->w0,i); - } - else - { -#endif -#ifdef MR_KCM - if (mr_mip->ACTIVE) - { - kcm_redc(_MIPP_ mr_mip->w0,i); - } - else - { -#endif - redc(_MIPP_ mr_mip->w0,i); - MR_OUT -#ifdef MR_COMBA - } -#endif -#ifdef MR_KCM - } -#endif - - mr_mip->check=ON; - -} - -#endif - -#ifndef MR_STATIC - -void nres_dotprod(_MIPD_ int n,big *x,big *y,big w) -{ - int i; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - if (mr_mip->ERNUM) return; - MR_IN(120) - mr_mip->check=OFF; - zero(mr_mip->w7); - for (i=0;iw0); - mr_padd(_MIPP_ mr_mip->w7,mr_mip->w0,mr_mip->w7); - } - copy(mr_mip->pR,mr_mip->w6); - /* w6 = p.R */ - divide(_MIPP_ mr_mip->w7,mr_mip->w6,mr_mip->w6); - redc(_MIPP_ mr_mip->w7,w); - - mr_mip->check=ON; - MR_OUT -} - -#endif - -void nres_negate(_MIPD_ big x, big w) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (size(x)==0) - { - zero(w); - return; - } -#ifdef MR_COMBA - if (mr_mip->ACTIVE) - { - comba_negate(_MIPP_ x,w); - return; - } - else - { -#endif - if (mr_mip->ERNUM) return; - - MR_IN(92) - mr_psub(_MIPP_ mr_mip->modulus,x,w); - MR_OUT - -#ifdef MR_COMBA - } -#endif - -} - -void nres_div2(_MIPD_ big x,big w) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - MR_IN(198) - copy(x,mr_mip->w1); - if (remain(_MIPP_ mr_mip->w1,2)!=0) - add(_MIPP_ mr_mip->w1,mr_mip->modulus,mr_mip->w1); - subdiv(_MIPP_ mr_mip->w1,2,mr_mip->w1); - copy(mr_mip->w1,w); - - MR_OUT -} - -void nres_div3(_MIPD_ big x,big w) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - MR_IN(199) - copy(x,mr_mip->w1); - while (remain(_MIPP_ mr_mip->w1,3)!=0) - add(_MIPP_ mr_mip->w1,mr_mip->modulus,mr_mip->w1); - subdiv(_MIPP_ mr_mip->w1,3,mr_mip->w1); - copy(mr_mip->w1,w); - - MR_OUT -} - -void nres_div5(_MIPD_ big x,big w) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - MR_IN(208) - copy(x,mr_mip->w1); - while (remain(_MIPP_ mr_mip->w1,5)!=0) - add(_MIPP_ mr_mip->w1,mr_mip->modulus,mr_mip->w1); - subdiv(_MIPP_ mr_mip->w1,5,mr_mip->w1); - copy(mr_mip->w1,w); - - MR_OUT -} - -/* mod pR addition and subtraction */ -#ifndef MR_NO_LAZY_REDUCTION - -void nres_double_modadd(_MIPD_ big x,big y,big w) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_COMBA - - if (mr_mip->ACTIVE) - { - comba_double_modadd(_MIPP_ x,y,w); - return; - } - else - { -#endif - - if (mr_mip->ERNUM) return; - MR_IN(153) - - mr_padd(_MIPP_ x,y,w); - if (mr_compare(w,mr_mip->pR)>=0) - mr_psub(_MIPP_ w,mr_mip->pR,w); - - MR_OUT -#ifdef MR_COMBA - } -#endif -} - -void nres_double_modsub(_MIPD_ big x,big y,big w) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_COMBA - - if (mr_mip->ACTIVE) - { - comba_double_modsub(_MIPP_ x,y,w); - return; - } - else - { -#endif - - if (mr_mip->ERNUM) return; - MR_IN(154) - - if (mr_compare(x,y)>=0) - mr_psub(_MIPP_ x,y,w); - else - { - mr_psub(_MIPP_ y,x,w); - mr_psub(_MIPP_ mr_mip->pR,w,w); - } - - MR_OUT -#ifdef MR_COMBA - } -#endif -} - -#endif - -void nres_modadd(_MIPD_ big x,big y,big w) -{ /* modular addition */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_COUNT_OPS -fpa++; -#endif -#ifdef MR_COMBA - - if (mr_mip->ACTIVE) - { - comba_modadd(_MIPP_ x,y,w); - return; - } - else - { -#endif - if (mr_mip->ERNUM) return; - - MR_IN(90) - mr_padd(_MIPP_ x,y,w); - if (mr_compare(w,mr_mip->modulus)>=0) mr_psub(_MIPP_ w,mr_mip->modulus,w); - - MR_OUT -#ifdef MR_COMBA - } -#endif -} - -void nres_modsub(_MIPD_ big x,big y,big w) -{ /* modular subtraction */ - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif -#ifdef MR_COUNT_OPS -fpa++; -#endif -#ifdef MR_COMBA - if (mr_mip->ACTIVE) - { - comba_modsub(_MIPP_ x,y,w); - return; - } - else - { -#endif - if (mr_mip->ERNUM) return; - - MR_IN(91) - - if (mr_compare(x,y)>=0) - mr_psub(_MIPP_ x,y,w); - else - { - mr_psub(_MIPP_ y,x,w); - mr_psub(_MIPP_ mr_mip->modulus,w,w); - } - - MR_OUT -#ifdef MR_COMBA - } -#endif - -} - -int nres_moddiv(_MIPD_ big x,big y,big w) -{ /* Modular division using n-residues w=x/y mod n */ - int gcd; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return 0; - - MR_IN(85) - - if (x==y) - { /* Illegal parameter usage */ - mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS); - MR_OUT - - return 0; - } - redc(_MIPP_ y,mr_mip->w6); - gcd=invmodp(_MIPP_ mr_mip->w6,mr_mip->modulus,mr_mip->w6); - - if (gcd!=1) zero(w); /* fails silently and returns 0 */ - else - { - nres(_MIPP_ mr_mip->w6,mr_mip->w6); - nres_modmult(_MIPP_ x,mr_mip->w6,w); - /* mad(_MIPP_ x,mr_mip->w6,x,mr_mip->modulus,mr_mip->modulus,w); */ - } - MR_OUT - return gcd; -} - -void nres_premult(_MIPD_ big x,int k,big w) -{ /* multiply n-residue by small ordinary integer */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - int sign=0; - if (k==0) - { - zero(w); - return; - } - if (k<0) - { - k=-k; - sign=1; - } - if (mr_mip->ERNUM) return; - - MR_IN(102) - - if (k<=6) - { - switch (k) - { - case 1: copy(x,w); - break; - case 2: nres_modadd(_MIPP_ x,x,w); - break; - case 3: - nres_modadd(_MIPP_ x,x,mr_mip->w0); - nres_modadd(_MIPP_ x,mr_mip->w0,w); - break; - case 4: - nres_modadd(_MIPP_ x,x,w); - nres_modadd(_MIPP_ w,w,w); - break; - case 5: - nres_modadd(_MIPP_ x,x,mr_mip->w0); - nres_modadd(_MIPP_ mr_mip->w0,mr_mip->w0,mr_mip->w0); - nres_modadd(_MIPP_ x,mr_mip->w0,w); - break; - case 6: - nres_modadd(_MIPP_ x,x,w); - nres_modadd(_MIPP_ w,w,mr_mip->w0); - nres_modadd(_MIPP_ w,mr_mip->w0,w); - break; - } - if (sign==1) nres_negate(_MIPP_ w,w); - MR_OUT - return; - } - - mr_pmul(_MIPP_ x,(mr_small)k,mr_mip->w0); -#ifdef MR_COMBA -#ifdef MR_SPECIAL - comba_redc(_MIPP_ mr_mip->w0,w); -#else - divide(_MIPP_ mr_mip->w0,mr_mip->modulus,mr_mip->modulus); - copy(mr_mip->w0,w); -#endif -#else - divide(_MIPP_ mr_mip->w0,mr_mip->modulus,mr_mip->modulus); - copy(mr_mip->w0,w); -#endif - - if (sign==1) nres_negate(_MIPP_ w,w); - - MR_OUT -} - -void nres_modmult(_MIPD_ big x,big y,big w) -{ /* Modular multiplication using n-residues w=x*y mod n */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if ((x==NULL || x->len==0) && x==w) return; - if ((y==NULL || y->len==0) && y==w) return; - if (y==NULL || x==NULL || x->len==0 || y->len==0) - { - zero(w); - return; - } -#ifdef MR_COUNT_OPS -fpc++; -#endif -#ifdef MR_COMBA - if (mr_mip->ACTIVE) - { - if (x==y) comba_square(x,mr_mip->w0); - else comba_mult(x,y,mr_mip->w0); - comba_redc(_MIPP_ mr_mip->w0,w); - } - else - { -#endif -#ifdef MR_KCM - if (mr_mip->ACTIVE) - { - if (x==y) kcm_sqr(_MIPP_ x,mr_mip->w0); - else kcm_mul(_MIPP_ x,y,mr_mip->w0); - kcm_redc(_MIPP_ mr_mip->w0,w); - } - else - { -#endif -#ifdef MR_PENTIUM - if (mr_mip->ACTIVE) - { - if (x==y) fastmodsquare(_MIPP_ x,w); - else fastmodmult(_MIPP_ x,y,w); - } - else - { -#endif - if (mr_mip->ERNUM) return; - - MR_IN(83) - - mr_mip->check=OFF; - multiply(_MIPP_ x,y,mr_mip->w0); - redc(_MIPP_ mr_mip->w0,w); - mr_mip->check=ON; - MR_OUT -#ifdef MR_COMBA -} -#endif -#ifdef MR_KCM -} -#endif -#ifdef MR_PENTIUM -} -#endif - -} - -/* Montgomery's trick for finding multiple * - * simultaneous modular inverses * - * Based on the observation that * - * 1/x = yz*(1/xyz) * - * 1/y = xz*(1/xyz) * - * 1/z = xy*(1/xyz) * - * Why are all of Peter Montgomery's clever * - * algorithms always described as "tricks" ??*/ - -BOOL nres_double_inverse(_MIPD_ big x,big y,big w,big z) -{ /* find y=1/x mod n and z=1/w mod n */ - /* 1/x = w/xw, and 1/w = x/xw */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - MR_IN(145) - - nres_modmult(_MIPP_ x,w,mr_mip->w6); /* xw */ - - if (size(mr_mip->w6)==0) - { - mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO); - MR_OUT - return FALSE; - } - redc(_MIPP_ mr_mip->w6,mr_mip->w6); - redc(_MIPP_ mr_mip->w6,mr_mip->w6); - invmodp(_MIPP_ mr_mip->w6,mr_mip->modulus,mr_mip->w6); - - nres_modmult(_MIPP_ w,mr_mip->w6,mr_mip->w5); - nres_modmult(_MIPP_ x,mr_mip->w6,z); - copy(mr_mip->w5,y); - - MR_OUT - return TRUE; -} - -BOOL nres_multi_inverse(_MIPD_ int m,big *x,big *w) -{ /* find w[i]=1/x[i] mod n, for i=0 to m-1 * - * x and w MUST be distinct */ - int i; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (m==0) return TRUE; - if (m<0) return FALSE; - MR_IN(118) - - if (x==w) - { - mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS); - MR_OUT - return FALSE; - } - - if (m==1) - { - copy(mr_mip->one,w[0]); - nres_moddiv(_MIPP_ w[0],x[0],w[0]); - MR_OUT - return TRUE; - } - - convert(_MIPP_ 1,w[0]); - copy(x[0],w[1]); - for (i=2;iw6); /* y=x[0]*x[1]*x[2]....x[m-1] */ - if (size(mr_mip->w6)==0) - { - mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO); - MR_OUT - return FALSE; - } - - redc(_MIPP_ mr_mip->w6,mr_mip->w6); - redc(_MIPP_ mr_mip->w6,mr_mip->w6); - - invmodp(_MIPP_ mr_mip->w6,mr_mip->modulus,mr_mip->w6); - -/* Now y=1/y */ - - copy(x[m-1],mr_mip->w5); - nres_modmult(_MIPP_ w[m-1],mr_mip->w6,w[m-1]); - - for (i=m-2;;i--) - { - if (i==0) - { - nres_modmult(_MIPP_ mr_mip->w5,mr_mip->w6,w[0]); - break; - } - nres_modmult(_MIPP_ w[i],mr_mip->w5,w[i]); - nres_modmult(_MIPP_ w[i],mr_mip->w6,w[i]); - nres_modmult(_MIPP_ mr_mip->w5,x[i],mr_mip->w5); - } - - MR_OUT - return TRUE; -} - -/* initialise elliptic curve */ - -void ecurve_init(_MIPD_ big a,big b,big p,int type) -{ /* Initialize the active ecurve * - * Asize indicate size of A * - * Bsize indicate size of B */ - int as; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return; - - MR_IN(93) - -#ifndef MR_NO_SS - mr_mip->SS=FALSE; /* no special support for super-singular curves */ -#endif - - prepare_monty(_MIPP_ p); - - mr_mip->Asize=size(a); - if (mr_abs(mr_mip->Asize)==MR_TOOBIG) - { - if (mr_mip->Asize>=0) - { /* big positive number - check it isn't minus something small */ - copy(a,mr_mip->w1); - divide(_MIPP_ mr_mip->w1,p,p); - subtract(_MIPP_ p,mr_mip->w1,mr_mip->w1); - as=size(mr_mip->w1); - if (asAsize=-as; - } - } - nres(_MIPP_ a,mr_mip->A); - - mr_mip->Bsize=size(b); - if (mr_abs(mr_mip->Bsize)==MR_TOOBIG) - { - if (mr_mip->Bsize>=0) - { /* big positive number - check it isn't minus something small */ - copy(b,mr_mip->w1); - divide(_MIPP_ mr_mip->w1,p,p); - subtract(_MIPP_ p,mr_mip->w1,mr_mip->w1); - as=size(mr_mip->w1); - if (asBsize=-as; - } - } - - nres(_MIPP_ b,mr_mip->B); -#ifdef MR_EDWARDS - mr_mip->coord=MR_PROJECTIVE; /* only type supported for Edwards curves */ -#else -#ifndef MR_AFFINE_ONLY - if (type==MR_BEST) mr_mip->coord=MR_PROJECTIVE; - else mr_mip->coord=type; -#else - if (type==MR_PROJECTIVE) - mr_berror(_MIPP_ MR_ERR_NOT_SUPPORTED); -#endif -#endif - MR_OUT - return; -} diff --git a/crypto/sm2/miracl/mrmuldv.c b/crypto/sm2/miracl/mrmuldv.c deleted file mode 100644 index 0810017d..00000000 --- a/crypto/sm2/miracl/mrmuldv.c +++ /dev/null @@ -1,59 +0,0 @@ -/* Standard C version of mrmuldv.c */ - -#include -#include - -mr_small muldiv(mr_small a,mr_small b,mr_small c,mr_small m,mr_small *rp) -{ - mr_small q; - mr_large dble=(mr_large)a*b+c; - q=(mr_small)MR_LROUND(dble/m); - *rp=(mr_small)(dble-(mr_large)q*m); - return q; -} - -#ifdef MR_FP_ROUNDING - -mr_small imuldiv(mr_small a,mr_small b,mr_small c,mr_small m,mr_large im,mr_small *rp) -{ - mr_small q; - mr_large dble=(mr_large)a*b+c; - q=(mr_small)MR_LROUND(dble*im); - *rp=(mr_small)(dble-(mr_large)q*m); - return q; -} - -#endif - - -#ifndef MR_NOFULLWIDTH - -mr_small muldvm(mr_small a,mr_small c,mr_small m,mr_small *rp) -{ - mr_small q; - union doubleword dble; - dble.h[MR_BOT]=c; - dble.h[MR_TOP]=a; - q=(mr_small)(dble.d/m); - *rp=(mr_small)(dble.d-(mr_large)q*m); - return q; -} - -mr_small muldvd(mr_small a,mr_small b,mr_small c,mr_small *rp) -{ - union doubleword dble; - dble.d=(mr_large)a*b+c; - *rp=dble.h[MR_BOT]; - return dble.h[MR_TOP]; -} - -void muldvd2(mr_small a,mr_small b,mr_small *c,mr_small *rp) -{ - union doubleword dble; - dble.d=(mr_large)a*b+*c+*rp; - *rp=dble.h[MR_BOT]; - *c=dble.h[MR_TOP]; -} - -#endif - diff --git a/crypto/sm2/miracl/mrsroot.c b/crypto/sm2/miracl/mrsroot.c deleted file mode 100644 index ccf6d56b..00000000 --- a/crypto/sm2/miracl/mrsroot.c +++ /dev/null @@ -1,188 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL method for modular square root - * mrsroot.c - * - * Siguna Mueller's O(lg(p)^3) algorithm, Designs Codes and Cryptography, 2004 - * - * This is a little slower for p=1 mod 4 primes, but its not time critical, and - * more importantly it doesn't pull in the large powmod code into elliptic curve programs - * It does require code from mrjack.c and mrlucas.c - * - * If p=3 mod 4, then sqrt(a)=a^[(p+1)/4] mod p. Note that for many elliptic curves - * (p+1)/4 has very low hamming weight. - * - * (was sqrt(a) = V_{(p+1)/4}(a+1/a,1)/(1+1/a)) - * - * Mueller's method is also very simple, uses very little memory, and it works just fine for p=1 mod 8 primes - * (for example the "annoying" NIST modulus 2^224-2^96+1) - * Also doesn't waste time on non-squares, as a jacobi test is done first - * - * If you know that the prime is 3 mod 4, and you know that x is almost certainly a QR - * then the jacobi-dependent code can be deleted with some space savings. - * - * NOTE - IF p IS NOT PRIME, THIS CODE WILL FAIL SILENTLY! - * - */ - -#include -#include - -BOOL nres_sqroot(_MIPD_ big x,big w) -{ /* w=sqrt(x) mod p. This depends on p being prime! */ - int t,js; - -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - copy(x,w); - if (size(w)==0) return TRUE; - - MR_IN(100) - - redc(_MIPP_ w,w); /* get it back into normal form */ - - if (size(w)==1) /* square root of 1 is 1 */ - { - nres(_MIPP_ w,w); - MR_OUT - return TRUE; - } - - if (size(w)==4) /* square root of 4 is 2 */ - { - convert(_MIPP_ 2,w); - nres(_MIPP_ w,w); - MR_OUT - return TRUE; - } - - if (jack(_MIPP_ w,mr_mip->modulus)!=1) - { /* Jacobi test */ - zero(w); - MR_OUT - return FALSE; - } - - js=mr_mip->pmod8%4-2; /* 1 mod 4 or 3 mod 4 prime? */ - - incr(_MIPP_ mr_mip->modulus,js,mr_mip->w10); - subdiv(_MIPP_ mr_mip->w10,4,mr_mip->w10); /* (p+/-1)/4 */ - - if (js==1) - { /* 3 mod 4 primes - do a quick and dirty sqrt(x)=x^(p+1)/4 mod p */ - nres(_MIPP_ w,mr_mip->w2); - copy(mr_mip->one,w); - forever - { /* Simple Right-to-Left exponentiation */ - - if (mr_mip->user!=NULL) (*mr_mip->user)(); - if (subdiv(_MIPP_ mr_mip->w10,2,mr_mip->w10)!=0) - nres_modmult(_MIPP_ w,mr_mip->w2,w); - if (mr_mip->ERNUM || size(mr_mip->w10)==0) break; - nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w2); - } - - /* nres_moddiv(_MIPP_ mr_mip->one,w,mr_mip->w11); - nres_modadd(_MIPP_ mr_mip->w11,w,mr_mip->w3); - nres_lucas(_MIPP_ mr_mip->w3,mr_mip->w10,w,w); - nres_modadd(_MIPP_ mr_mip->w11,mr_mip->one,mr_mip->w11); - nres_moddiv(_MIPP_ w,mr_mip->w11,w); */ - } - else - { /* 1 mod 4 primes */ - for (t=1; ;t++) - { /* t=1.5 on average */ - if (t==1) copy(w,mr_mip->w4); - else - { - premult(_MIPP_ w,t,mr_mip->w4); - divide(_MIPP_ mr_mip->w4,mr_mip->modulus,mr_mip->modulus); - premult(_MIPP_ mr_mip->w4,t,mr_mip->w4); - divide(_MIPP_ mr_mip->w4,mr_mip->modulus,mr_mip->modulus); - } - - decr(_MIPP_ mr_mip->w4,4,mr_mip->w1); - if (jack(_MIPP_ mr_mip->w1,mr_mip->modulus)==js) break; - if (mr_mip->ERNUM) break; - } - - decr(_MIPP_ mr_mip->w4,2,mr_mip->w3); - nres(_MIPP_ mr_mip->w3,mr_mip->w3); - nres_lucas(_MIPP_ mr_mip->w3,mr_mip->w10,w,w); /* heavy lifting done here */ - if (t!=1) - { - convert(_MIPP_ t,mr_mip->w11); - nres(_MIPP_ mr_mip->w11,mr_mip->w11); - nres_moddiv(_MIPP_ w,mr_mip->w11,w); - } - } - - MR_OUT - return TRUE; -} - -BOOL sqroot(_MIPD_ big x,big p,big w) -{ /* w = sqrt(x) mod p */ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (mr_mip->ERNUM) return FALSE; - - MR_IN(101) - - if (subdivisible(_MIPP_ p,2)) - { /* p must be odd */ - zero(w); - MR_OUT - return FALSE; - } - - prepare_monty(_MIPP_ p); - nres(_MIPP_ x,w); - if (nres_sqroot(_MIPP_ w,w)) - { - redc(_MIPP_ w,w); - MR_OUT - return TRUE; - } - - zero(w); - MR_OUT - return FALSE; -} diff --git a/crypto/sm2/miracl/mrxgcd.c b/crypto/sm2/miracl/mrxgcd.c deleted file mode 100644 index 437f6e97..00000000 --- a/crypto/sm2/miracl/mrxgcd.c +++ /dev/null @@ -1,495 +0,0 @@ - -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ -/* - * MIRACL Extended Greatest Common Divisor module. - * mrxgcd.c - */ - -#include - -#ifdef MR_FP -#include -#endif - -#ifdef MR_COUNT_OPS -extern int fpx; -#endif - -#ifndef MR_USE_BINARY_XGCD - -#ifdef mr_dltype - -static mr_small qdiv(mr_large u,mr_large v) -{ /* fast division - small quotient expected. */ - mr_large lq,x=u; -#ifdef MR_FP - mr_small dres; -#endif - x-=v; - if (x=MAXBASE) return 0; - return (mr_small)lq; -} - -#else - -static mr_small qdiv(mr_small u,mr_small v) -{ /* fast division - small quotient expected */ - mr_small x=u; - x-=v; - if (xERNUM) return 0; - - MR_IN(30) - -#ifdef MR_COUNT_OPS - fpx++; -#endif - - copy(x,mr_mip->w1); - copy(y,mr_mip->w2); - s=exsign(mr_mip->w1); - insign(PLUS,mr_mip->w1); - insign(PLUS,mr_mip->w2); - convert(_MIPP_ 1,mr_mip->w3); - zero(mr_mip->w4); - last=FALSE; - a=b=c=d=0; - iter=0; - - while (size(mr_mip->w2)!=0) - { - if (b==0) - { /* update mr_mip->w1 and mr_mip->w2 */ - - divide(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w5); - t=mr_mip->w1,mr_mip->w1=mr_mip->w2,mr_mip->w2=t; /* swap(mr_mip->w1,mr_mip->w2) */ - multiply(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w0); - add(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3); - t=mr_mip->w3,mr_mip->w3=mr_mip->w4,mr_mip->w4=t; /* swap(xd,yd) */ - iter++; - - } - else - { - - /* printf("a= %I64u b= %I64u c= %I64u d= %I64u \n",a,b,c,d); */ - - mr_pmul(_MIPP_ mr_mip->w1,c,mr_mip->w5); /* c*w1 */ - mr_pmul(_MIPP_ mr_mip->w1,a,mr_mip->w1); /* a*w1 */ - mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w0); /* b*w2 */ - mr_pmul(_MIPP_ mr_mip->w2,d,mr_mip->w2); /* d*w2 */ - - if (!dplus) - { - mr_psub(_MIPP_ mr_mip->w0,mr_mip->w1,mr_mip->w1); /* b*w2-a*w1 */ - mr_psub(_MIPP_ mr_mip->w5,mr_mip->w2,mr_mip->w2); /* c*w1-d*w2 */ - } - else - { - mr_psub(_MIPP_ mr_mip->w1,mr_mip->w0,mr_mip->w1); /* a*w1-b*w2 */ - mr_psub(_MIPP_ mr_mip->w2,mr_mip->w5,mr_mip->w2); /* d*w2-c*w1 */ - } - mr_pmul(_MIPP_ mr_mip->w3,c,mr_mip->w5); - mr_pmul(_MIPP_ mr_mip->w3,a,mr_mip->w3); - mr_pmul(_MIPP_ mr_mip->w4,b,mr_mip->w0); - mr_pmul(_MIPP_ mr_mip->w4,d,mr_mip->w4); - - if (a==0) copy(mr_mip->w0,mr_mip->w3); - else mr_padd(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3); - mr_padd(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w4); - } - if (mr_mip->ERNUM || size(mr_mip->w2)==0) break; - - - n=(int)mr_mip->w1->len; - if (n==1) - { - last=TRUE; - u=mr_mip->w1->w[0]; - v=mr_mip->w2->w[0]; - } - else - { - m=mr_mip->w1->w[n-1]+1; -#ifndef MR_SIMPLE_BASE - if (mr_mip->base==0) - { -#endif -#ifndef MR_NOFULLWIDTH -#ifdef mr_dltype - /* use double length type if available */ - if (n>2 && m!=0) - { /* squeeze out as much significance as possible */ - uu.h[MR_TOP]=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr); - uu.h[MR_BOT]=muldvm(sr,mr_mip->w1->w[n-3],m,&sr); - vv.h[MR_TOP]=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr); - vv.h[MR_BOT]=muldvm(sr,mr_mip->w2->w[n-3],m,&sr); - } - else - { - uu.h[MR_TOP]=mr_mip->w1->w[n-1]; - uu.h[MR_BOT]=mr_mip->w1->w[n-2]; - vv.h[MR_TOP]=mr_mip->w2->w[n-1]; - vv.h[MR_BOT]=mr_mip->w2->w[n-2]; - if (n==2) last=TRUE; - } - - u=uu.d; - v=vv.d; -#else - if (m==0) - { - u=mr_mip->w1->w[n-1]; - v=mr_mip->w2->w[n-1]; - } - else - { - u=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr); - v=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr); - } -#endif -#endif -#ifndef MR_SIMPLE_BASE - } - else - { -#ifdef mr_dltype - if (n>2) - { /* squeeze out as much significance as possible */ - u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr); - u=u*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w1->w[n-3],m,&sr); - v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr); - v=v*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w2->w[n-3],m,&sr); - } - else - { - u=(mr_large)mr_mip->base*mr_mip->w1->w[n-1]+mr_mip->w1->w[n-2]; - v=(mr_large)mr_mip->base*mr_mip->w2->w[n-1]+mr_mip->w2->w[n-2]; - last=TRUE; - } -#else - u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr); - v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr); -#endif - } -#endif - } - - dplus=TRUE; - a=1; b=0; c=0; d=1; - - forever - { /* work only with most significant piece */ - if (last) - { - if (v==0) break; - q=qdiv(u,v); - if (q==0) break; - } - else - { - if (dplus) - { - if ((mr_small)(v-c)==0 || (mr_small)(v+d)==0) break; - - q=qdiv(u+a,v-c); - - if (q==0) break; - - if (q!=qdiv(u-b,v+d)) break; - } - else - { - if ((mr_small)(v+c)==0 || (mr_small)(v-d)==0) break; - q=qdiv(u-a,v+c); - if (q==0) break; - if (q!=qdiv(u+b,v-d)) break; - } - } - - if (q==1) - { - if ((mr_small)(b+d) >= MAXBASE) break; - r=a+c; a=c; c=r; - r=b+d; b=d; d=r; - lr=u-v; u=v; v=lr; - } - else - { - if (q>=MR_DIV(MAXBASE-b,d)) break; - r=a+q*c; a=c; c=r; - r=b+q*d; b=d; d=r; - lr=u-q*v; u=v; v=lr; - } - iter++; - dplus=!dplus; - } - iter%=2; - - } - - if (s==MINUS) iter++; - if (iter%2==1) subtract(_MIPP_ y,mr_mip->w3,mr_mip->w3); - - if (xd!=yd) - { - negify(x,mr_mip->w2); - mad(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w1,y,mr_mip->w4,mr_mip->w4); - copy(mr_mip->w4,yd); - } - copy(mr_mip->w3,xd); - if (z!=xd && z!=yd) copy(mr_mip->w1,z); - - MR_OUT - return (size(mr_mip->w1)); -} - -int invmodp(_MIPD_ big x,big y,big z) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - int gcd; - - MR_IN(213); - gcd=xgcd(_MIPP_ x,y,z,z,z); - MR_OUT - return gcd; -} - -#else - -/* much smaller, much slower binary inversion algorithm */ -/* fails silently if a is not co-prime to p */ - -/* experimental! At least 3 times slower than standard method.. */ - -int invmodp(_MIPD_ big a,big p,big z) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - big u,v,x1,x2; - - MR_IN(213); - - u=mr_mip->w1; v=mr_mip->w2; x1=mr_mip->w3; x2=mr_mip->w4; - copy(a,u); - copy(p,v); - convert(_MIPP_ 1,x1); - zero(x2); - - while (size(u)!=1 && size(v)!=1) - { - while (remain(_MIPP_ u,2)==0) - { - subdiv(_MIPP_ u,2,u); - if (remain(_MIPP_ x1,2)!=0) add(_MIPP_ x1,p,x1); - subdiv(_MIPP_ x1,2,x1); - } - while (remain(_MIPP_ v,2)==0) - { - subdiv(_MIPP_ v,2,v); - if (remain(_MIPP_ x2,2)!=0) add(_MIPP_ x2,p,x2); - subdiv(_MIPP_ x2,2,x2); - } - if (compare(u,v)>=0) - { - mr_psub(_MIPP_ u,v,u); - subtract(_MIPP_ x1,x2,x1); - } - else - { - mr_psub(_MIPP_ v,u,v); - subtract(_MIPP_ x2,x1,x2); - } - } - if (size(u)==1) copy(x1,z); - else copy(x2,z); - - if (size(z)<0) add(_MIPP_ z,p,z); - - MR_OUT - return 1; /* note - no checking that gcd=1 */ -} - -#endif - -#ifndef MR_STATIC - -/* Montgomery's method for multiple - simultaneous modular inversions */ - -BOOL double_inverse(_MIPD_ big n,big x,big y,big w,big z) -{ -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - - MR_IN(146) - - mad(_MIPP_ x,w,w,n,n,mr_mip->w6); - if (size(mr_mip->w6)==0) - { - mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO); - MR_OUT - return FALSE; - } - invmodp(_MIPP_ mr_mip->w6,n,mr_mip->w6); - - mad(_MIPP_ w,mr_mip->w6,w,n,n,y); - mad(_MIPP_ x,mr_mip->w6,x,n,n,z); - - MR_OUT - return TRUE; -} - -BOOL multi_inverse(_MIPD_ int m,big *x,big n,big *w) -{ /* find w[i]=1/x[i] mod n, for i=0 to m-1 * - * x and w MUST be distinct */ - int i; -#ifdef MR_OS_THREADS - miracl *mr_mip=get_mip(); -#endif - if (m==0) return TRUE; - if (m<0) return FALSE; - - MR_IN(25) - - if (x==w) - { - mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS); - MR_OUT - return FALSE; - } - if (m==1) - { - invmodp(_MIPP_ x[0],n,w[0]); - MR_OUT - return TRUE; - } - - convert(_MIPP_ 1,w[0]); - copy(x[0],w[1]); - for (i=2;iw6); /* y=x[0]*x[1]*x[2]....x[m-1] */ - if (size(mr_mip->w6)==0) - { - mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO); - MR_OUT - return FALSE; - } - - invmodp(_MIPP_ mr_mip->w6,n,mr_mip->w6); - -/* Now y=1/y */ - - copy(x[m-1],mr_mip->w5); - mad(_MIPP_ w[m-1],mr_mip->w6,mr_mip->w6,n,n,w[m-1]); - - for (i=m-2;;i--) - { - if (i==0) - { - mad(_MIPP_ mr_mip->w5,mr_mip->w6,mr_mip->w6,n,n,w[0]); - break; - } - mad(_MIPP_ w[i],mr_mip->w5,w[i],n,n,w[i]); - mad(_MIPP_ w[i],mr_mip->w6,w[i],n,n,w[i]); - mad(_MIPP_ mr_mip->w5,x[i],x[i],n,n,mr_mip->w5); - } - - MR_OUT - return TRUE; -} - -#endif diff --git a/crypto/sm2/sm2_standard_enc.c b/crypto/sm2/sm2_standard_enc.c deleted file mode 100644 index 4cfa82a6..00000000 --- a/crypto/sm2/sm2_standard_enc.c +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - - -#include -#include -#include - - -/* test if the given array is all zero */ -int Test_Null(unsigned char array[], int len) -{ - int i; - i = 0; - for (i = 0; i < len; i++) - { - if (array[i] != 0x00) - return 0; - } - return 1; -} - - -/* sm2 encryption */ -int SM2_standard_encrypt(unsigned char* randK, epoint *pubKey, unsigned char M[], int klen, unsigned char C[]) -{ - big C1x, C1y, x2, y2, rand; - epoint *C1, *kP, *S; - int i; - i = 0; - unsigned char x2y2[SM2_NUMWORD * 2] = {0}; - SM3_STATE md; - C1x = mirvar(0); - C1y = mirvar(0); - x2 = mirvar(0); - y2 = mirvar(0); - rand = mirvar(0); - C1 = epoint_init(); - kP = epoint_init(); - S = epoint_init(); - - //step2. calculate C1 = [k]G = (rGx, rGy) - bytes_to_big(SM2_NUMWORD, randK, rand); - ecurve_mult(rand, G, C1); //C1 = [k]G - epoint_get(C1, C1x, C1y); - big_to_bytes(SM2_NUMWORD, C1x, C, 1); - big_to_bytes(SM2_NUMWORD, C1y, C + SM2_NUMWORD, 1); - - //step3. test if S = [h]pubKey if the point at infinity - ecurve_mult(para_h, pubKey, S); - if (point_at_infinity(S)) //if S is point at infinity, return error; - return ERR_INFINITY_POINT; - - //step4. calculate [k]PB = (x2, y2) - ecurve_mult(rand, pubKey, kP); //kP = [k]P - epoint_get(kP, x2, y2); - - //step5. KDF(x2 || y2, klen) - big_to_bytes(SM2_NUMWORD, x2, x2y2, 1); - big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1); - SM3_kdf(x2y2, SM2_NUMWORD * 2, klen, C + SM2_NUMWORD * 3); - if (Test_Null(C + SM2_NUMWORD * 3, klen) != 0) - return ERR_ARRAY_NULL; - - //step6. C2 = M^t - for (i = 0; i < klen; i++) - { - C[SM2_NUMWORD * 3 + i] = M[i] ^ C[SM2_NUMWORD * 3 + i]; - } - - //step7. C3 = hash(x2, M, y2) - SM3_init(&md); - SM3_process(&md, x2y2, SM2_NUMWORD); - SM3_process(&md, M, klen); - SM3_process(&md, x2y2 + SM2_NUMWORD, SM2_NUMWORD); - SM3_done(&md, C + SM2_NUMWORD * 2); - return 0; -} - - -/* sm2 decryption */ -int SM2_standard_decrypt(big dB, unsigned char C[], int Clen, unsigned char M[]) -{ - SM3_STATE md; - int i; - i = 0; - unsigned char x2y2[SM2_NUMWORD * 2] = {0}; - unsigned char hash[SM2_NUMWORD] = {0}; - big C1x, C1y, x2, y2; - epoint *C1, *S, *dBC1; - C1x = mirvar(0); - C1y = mirvar(0); - x2 = mirvar(0); - y2 = mirvar(0); - C1 = epoint_init(); - S = epoint_init(); - dBC1 = epoint_init(); - - //step1. test if C1 fits the curve - bytes_to_big(SM2_NUMWORD, C, C1x); - bytes_to_big(SM2_NUMWORD, C + SM2_NUMWORD, C1y); - epoint_set(C1x, C1y, 0, C1); - i = Test_Point(C1); - if (i != 0) - return i; - - //step2. S = [h]C1 and test if S is the point at infinity - ecurve_mult(para_h, C1, S); - if (point_at_infinity(S)) // if S is point at infinity, return error; - return ERR_INFINITY_POINT; - - //step3. [dB]C1 = (x2, y2) - ecurve_mult(dB, C1, dBC1); - epoint_get(dBC1, x2, y2); - big_to_bytes(SM2_NUMWORD, x2, x2y2, 1); - big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1); - - //step4. t = KDF(x2 || y2, klen) - SM3_kdf(x2y2, SM2_NUMWORD * 2, Clen - SM2_NUMWORD * 3, M); - if (Test_Null(M, Clen - SM2_NUMWORD * 3) != 0) - return ERR_ARRAY_NULL; - - //step5. M = C2^t - for (i = 0; i < Clen - SM2_NUMWORD * 3; i++) - M[i] = M[i] ^ C[SM2_NUMWORD * 3 + i]; - - //step6. hash(x2, m, y2) - SM3_init(&md); - SM3_process(&md, x2y2, SM2_NUMWORD); - SM3_process(&md, M, Clen - SM2_NUMWORD * 3); - SM3_process(&md, x2y2 + SM2_NUMWORD, SM2_NUMWORD); - SM3_done(&md, hash); - if (memcmp(hash, C + SM2_NUMWORD * 2, SM2_NUMWORD) != 0) - return ERR_C3_MATCH; - else - return 0; -} - - -/* test whether the SM2 calculation is correct by comparing the result with the standard data */ -int SM2_standard_enc_selftest() -{ - int tmp, i; - tmp = 0; - i = 0; - unsigned char Cipher[115] = {0}; - unsigned char M[19] = {0}; - unsigned char kGxy[SM2_NUMWORD * 2] = {0}; - big ks, x, y; - epoint *kG; - - - //standard data - unsigned char std_priKey[32] = {0x39, 0x45, 0x20, 0x8F, 0x7B, 0x21, 0x44, 0xB1, 0x3F, 0x36, 0xE3, 0x8A, 0xC6, 0xD3, 0x9F, 0x95, - 0x88, 0x93, 0x93, 0x69, 0x28, 0x60, 0xB5, 0x1A, 0x42, 0xFB, 0x81, 0xEF, 0x4D, 0xF7, 0xC5, 0xB8}; - unsigned char std_pubKey[64] = {0x09, 0xF9, 0xDF, 0x31, 0x1E, 0x54, 0x21, 0xA1, 0x50, 0xDD, 0x7D, 0x16, 0x1E, 0x4B, 0xC5, 0xC6, - 0x72, 0x17, 0x9F, 0xAD, 0x18, 0x33, 0xFC, 0x07, 0x6B, 0xB0, 0x8F, 0xF3, 0x56, 0xF3, 0x50, 0x20, - 0xCC, 0xEA, 0x49, 0x0C, 0xE2, 0x67, 0x75, 0xA5, 0x2D, 0xC6, 0xEA, 0x71, 0x8C, 0xC1, 0xAA, 0x60, - 0x0A, 0xED, 0x05, 0xFB, 0xF3, 0x5E, 0x08, 0x4A, 0x66, 0x32, 0xF6, 0x07, 0x2D, 0xA9, 0xAD, 0x13}; - unsigned char std_rand[32] = {0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16, 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D, 0xCC, - 0xEF, 0x3C, 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8, 0x0D, 0xEA, 0xC1, 0xBC, 0x21}; - unsigned char std_Message[19] = {0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x73, 0x74, 0x61, 0x6E, 0x64, - 0x61, 0x72, 0x64}; - unsigned char std_Cipher[115] = {0x04, 0xEB, 0xFC, 0x71, 0x8E, 0x8D, 0x17, 0x98, 0x62, 0x04, 0x32, 0x26, 0x8E, 0x77, 0xFE, 0xB6, - 0x41, 0x5E, 0x2E, 0xDE, 0x0E, 0x07, 0x3C, 0x0F, 0x4F, 0x64, 0x0E, 0xCD, 0x2E, 0x14, 0x9A, 0x73, - 0xE8, 0x58, 0xF9, 0xD8, 0x1E, 0x54, 0x30, 0xA5, 0x7B, 0x36, 0xDA, 0xAB, 0x8F, 0x95, 0x0A, 0x3C, - 0x64, 0xE6, 0xEE, 0x6A, 0x63, 0x09, 0x4D, 0x99, 0x28, 0x3A, 0xFF, 0x76, 0x7E, 0x12, 0x4D, 0xF0, - 0x59, 0x98, 0x3C, 0x18, 0xF8, 0x09, 0xE2, 0x62, 0x92, 0x3C, 0x53, 0xAE, 0xC2, 0x95, 0xD3, 0x03, - 0x83, 0xB5, 0x4E, 0x39, 0xD6, 0x09, 0xD1, 0x60, 0xAF, 0xCB, 0x19, 0x08, 0xD0, 0xBD, 0x87, 0x66, - 0x21, 0x88, 0x6C, 0xA9, 0x89, 0xCA, 0x9C, 0x7D, 0x58, 0x08, 0x73, 0x07, 0xCA, 0x93, 0x09, 0x2D, - 0x65, 0x1E, 0xFA}; - mip= mirsys(1000, 16); - mip->IOBASE = 16; - x = mirvar(0); - y = mirvar(0); - ks = mirvar(0); - kG = epoint_init(); - bytes_to_big(32, std_priKey, ks); //ks is the standard private key - - - //initiate SM2 curve - SM2_standard_init(); - - //generate key pair - tmp = SM2_standard_keygeneration(ks, kG); - if (tmp != 0) - return tmp; - epoint_get(kG, x, y); - big_to_bytes(SM2_NUMWORD, x, kGxy, 1); - big_to_bytes(SM2_NUMWORD, y, kGxy + SM2_NUMWORD, 1); - if (memcmp(kGxy, std_pubKey, SM2_NUMWORD * 2) != 0) - return ERR_SELFTEST_KG; - - //encrypt data and compare the result with the standard data - tmp = SM2_standard_encrypt(std_rand, kG, std_Message, 19, Cipher); - if (tmp != 0) - return tmp; - if (memcmp(Cipher, std_Cipher, 19 + SM2_NUMWORD * 3) != 0) - return ERR_SELFTEST_ENC; - - //decrypt cipher and compare the result with the standard data - tmp = SM2_standard_decrypt(ks, Cipher, 115, M); - if (tmp != 0) - return tmp; - if (memcmp(M, std_Message, 19) != 0) - return ERR_SELFTEST_DEC; - return 0; -} diff --git a/crypto/sm2/sm2_standard_exch.c b/crypto/sm2/sm2_standard_exch.c deleted file mode 100644 index f9065df7..00000000 --- a/crypto/sm2/sm2_standard_exch.c +++ /dev/null @@ -1,491 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - - -#include -#include -#include - - -/* calculation of w */ -int SM2_w(big n) -{ - big n1; - int w = 0; - n1 = mirvar(0); - w = logb2(para_n); //approximate integer log to the base 2 of para_n - expb2(w, n1); //n1 = 2^w - if (mr_compare(para_n, n1) == 1) - w++; - if ((w % 2) == 0) - w = w / 2 - 1; - else - w = (w + 1) / 2 - 1; - return w; -} - - -/* calculation of ZA or ZB */ -void SM3_z(unsigned char ID[], unsigned short int ELAN, epoint* pubKey, unsigned char hash[]) -{ - unsigned char Px[SM2_NUMWORD] = {0}, Py[SM2_NUMWORD] = {0}; - unsigned char IDlen[2] = {0}; - big x, y; - SM3_STATE md; - - x = mirvar(0); - y = mirvar(0); - - epoint_get(pubKey, x, y); - big_to_bytes(SM2_NUMWORD, x, Px, 1); - big_to_bytes(SM2_NUMWORD, y, Py, 1); - memcpy(IDlen, &ELAN + 1, 1); - memcpy(IDlen + 1, &ELAN, 1); - SM3_init(&md); - SM3_process(&md, IDlen, 2); - SM3_process(&md, ID, ELAN / 8); - SM3_process(&md, SM2_a, SM2_NUMWORD); - SM3_process(&md, SM2_b, SM2_NUMWORD); - SM3_process(&md, SM2_Gx, SM2_NUMWORD); - SM3_process(&md, SM2_Gy, SM2_NUMWORD); - SM3_process(&md, Px, SM2_NUMWORD); - SM3_process(&md, Py, SM2_NUMWORD); - SM3_done(&md, hash); - - return; -} - - -/* calculate RA */ -int SM2_standard_keyex_init_i(big ra, epoint* RA) -{ - return SM2_standard_keygeneration(ra, RA); -} - - -/* calculate RB and a secret key */ -int SM2_standard_keyex_re_i(big rb, big dB, epoint* RA, epoint* PA, unsigned char ZA[], unsigned char ZB[], unsigned char K[], int klen, epoint* RB, epoint* V, unsigned char hash[]) -{ - SM3_STATE md; - int i = 0, w = 0; - unsigned char Z[SM2_NUMWORD * 2 + SM3_len / 4] = {0}; - unsigned char x1y1[SM2_NUMWORD * 2] = {0}; - unsigned char x2y2[SM2_NUMWORD * 2] = {0}; - unsigned char temp = 0x02; - big x1, y1, x1_, x2, y2, x2_, tmp, Vx, Vy, temp_x, temp_y; - - //mip = mirsys(1000, 16); - //mip->IOBASE = 16; - x1 = mirvar(0); - y1 = mirvar(0); - x1_ = mirvar(0); - x2 = mirvar(0); - y2 = mirvar(0); - x2_ = mirvar(0); - tmp = mirvar(0); - Vx = mirvar(0); - Vy = mirvar(0); - temp_x = mirvar(0); - temp_y = mirvar(0); - - w = SM2_w(para_n); - - //--------B2: RB = [rb]G = (x2, y2)-------- - SM2_standard_keygeneration(rb, RB); - epoint_get(RB, x2, y2); - big_to_bytes(SM2_NUMWORD, x2, x2y2, 1); - big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1); - - //--------B3: x2_ = 2^w + x2 & (2^w - 1)-------- - expb2(w, x2_); //x2_ = 2^w - divide(x2, x2_, tmp); //x2 = x2 mod x2_ = x2 & (2^w - 1) - add(x2_, x2, x2_); - divide(x2_, para_n, tmp); //x2_ = n mod q - - //--------B4: tB = (dB + x2_ * rB) mod n-------- - multiply(x2_, rb, x2_); - add(dB, x2_, x2_); - divide(x2_, para_n, tmp); - - //--------B5: x1_ = 2^w + x1 & (2^w - 1)-------- - if (Test_Point(RA) != 0) - return ERR_KEYEX_RA; - epoint_get(RA, x1, y1); - big_to_bytes(SM2_NUMWORD, x1, x1y1, 1); - big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, 1); - expb2(w, x1_); //x1_ = 2^w - divide(x1, x1_, tmp); //x1 = x1 mod x1_ = x1 & (2^w - 1) - add(x1_,x1, x1_); - divide(x1_, para_n, tmp); //x1_ = n mod q - - //--------B6: V = [h * tB](PA + [x1_]RA)-------- - ecurve_mult(x1_, RA, V); //v = [x1_]RA - epoint_get(V, temp_x, temp_y); - - ecurve_add(PA, V); //V = PA + V - epoint_get(V, temp_x, temp_y); - - multiply(para_h, x2_, x2_); //tB = tB * h - - ecurve_mult(x2_, V, V); - if (point_at_infinity(V) == 1) - return ERR_INFINITY_POINT; - epoint_get(V, Vx, Vy); - big_to_bytes(SM2_NUMWORD, Vx, Z, 1); - big_to_bytes(SM2_NUMWORD, Vy, Z + SM2_NUMWORD, 1); - - //------------B7:KB = KDF(VX, VY, ZA, ZB, KLEN)---------- - memcpy(Z + SM2_NUMWORD * 2, ZA, SM3_len / 8); - memcpy(Z + SM2_NUMWORD * 2 + SM3_len / 8, ZB, SM3_len / 8); - SM3_kdf(Z, SM2_NUMWORD * 2 + SM3_len / 4, klen / 8, K); - - //---------------B8:(optional)SB = hash(0x02 || Vy || HASH(Vx || ZA || ZB || x1 || y1 || x2 || y2)------------- - SM3_init(&md); - SM3_process(&md, Z, SM2_NUMWORD); - SM3_process(&md, ZA, SM3_len / 8); - SM3_process(&md, ZB, SM3_len / 8); - SM3_process(&md, x1y1, SM2_NUMWORD * 2); - SM3_process(&md, x2y2, SM2_NUMWORD * 2); - SM3_done(&md, hash); - - SM3_init(&md); - SM3_process(&md, &temp, 1); - SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD); - SM3_process(&md, hash, SM3_len / 8); - SM3_done(&md, hash); - - return 0; -} - - -/* initiator A calculates the secret key out of RA and RB, and calculates a hash */ -int SM2_standard_keyex_init_ii(big ra, big dA, epoint* RA, epoint* RB, epoint* PB, unsigned char ZA[], unsigned char ZB[], unsigned char SB[], unsigned char K[], int klen, unsigned char SA[]) -{ - SM3_STATE md; - int i = 0, w = 0; - unsigned char Z[SM2_NUMWORD * 2 + SM3_len / 4] = {0}; - unsigned char x1y1[SM2_NUMWORD * 2] = {0}; - unsigned char x2y2[SM2_NUMWORD * 2] = {0}; - unsigned char hash[SM2_NUMWORD], S1[SM2_NUMWORD]; - unsigned char temp[2] = {0x02, 0x03}; - big x1, y1, x1_, x2, y2, x2_, tmp, Ux, Uy, temp_x, temp_y, tA; - epoint* U; - //mip = mirsys(1000, 16); - //mip->IOBASE = 16; - - U = epoint_init(); - x1 = mirvar(0); - y1 = mirvar(0); - x1_ = mirvar(0); - x2 = mirvar(0); - y2 = mirvar(0); - x2_ = mirvar(0); - tmp = mirvar(0); - Ux = mirvar(0); - Uy = mirvar(0); - temp_x = mirvar(0); - temp_y = mirvar(0); - tA=mirvar(0); - - w = SM2_w(para_n); - epoint_get(RA, x1, y1); - big_to_bytes(SM2_NUMWORD, x1, x1y1, TRUE); - big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, TRUE); - - //--------A4: x1_ = 2^w + x2 & (2^w - 1)-------- - expb2(w, x1_); //x1_ = 2^w - divide(x1, x1_, tmp); //x1 = x1 mod x1_ = x1 & (2^w - 1) - add(x1_, x1, x1_); - divide(x1_, para_n, tmp); - - //-------- A5:tA = (dA + x1_ * rA) mod n-------- - multiply(x1_, ra, tA); - divide(tA, para_n, tmp); - add(tA, dA, tA); - divide(tA, para_n, tmp); - - //-------- A6:x2_ = 2^w + x2 & (2^w - 1)----------------- - if (Test_Point(RB) != 0) - return ERR_KEYEX_RB;////////////////////////////////// - epoint_get(RB, x2, y2); - big_to_bytes(SM2_NUMWORD, x2, x2y2, TRUE); - big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, TRUE); - expb2(w, x2_); //x2_ = 2^w - divide(x2, x2_, tmp); //x2 = x2 mod x2_ = x2 & (2^w - 1) - add(x2_, x2, x2_); - divide(x2_, para_n, tmp); - - //--------A7:U = [h * tA](PB + [x2_]RB)----------------- - ecurve_mult(x2_, RB, U); //U = [x2_]RB - epoint_get(U, temp_x, temp_y); - - ecurve_add(PB, U); //U = PB + U - epoint_get(U, temp_x, temp_y); - - multiply(para_h, tA, tA); //tA = tA * h - divide(tA, para_n, tmp); - - ecurve_mult(tA, U, U); - if (point_at_infinity(U) == 1) - return ERR_INFINITY_POINT; - epoint_get(U, Ux, Uy); - big_to_bytes(SM2_NUMWORD, Ux, Z, 1); - big_to_bytes(SM2_NUMWORD, Uy, Z + SM2_NUMWORD, 1); - - //------------A8:KA = KDF(UX, UY, ZA, ZB, KLEN)---------- - memcpy(Z + SM2_NUMWORD * 2, ZA, SM3_len / 8); - memcpy(Z + SM2_NUMWORD * 2 + SM3_len / 8, ZB, SM3_len / 8); - SM3_kdf(Z, SM2_NUMWORD * 2 + SM3_len / 4, klen / 8, K); - - //---------------A9:(optional) S1 = Hash(0x02 || Uy || Hash(Ux || ZA || ZB || x1 || y1 || x2 || y2))----------- - SM3_init (&md); - SM3_process(&md, Z, SM2_NUMWORD); - SM3_process(&md, ZA, SM3_len / 8); - SM3_process(&md, ZB, SM3_len / 8); - SM3_process(&md, x1y1, SM2_NUMWORD * 2); - SM3_process(&md, x2y2, SM2_NUMWORD * 2); - SM3_done(&md, hash); - - SM3_init(&md); - SM3_process(&md, temp, 1); - SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD); - SM3_process(&md, hash, SM3_len / 8); - SM3_done(&md, S1); - - //test S1 = SB? - if (memcmp(S1, SB, SM2_NUMWORD) != 0) - return ERR_EQUAL_S1SB; - - //---------------A10 SA = Hash(0x03 || yU || Hash(xU || ZA || ZB || x1 || y1 || x2 || y2))------------- - SM3_init(&md); - SM3_process(&md, &temp[1], 1); - SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD); - SM3_process(&md, hash, SM3_len / 8); - SM3_done(&md, SA); - - return 0; -} - - -/* (optional)Step B10: verifies the hash value received from initiator A */ -int SM2_standard_keyex_re_ii(epoint *V, epoint *RA, epoint *RB, unsigned char ZA[], unsigned char ZB[], unsigned char SA[]) -{ - big x1, y1, x2, y2, Vx, Vy; - unsigned char hash[SM2_NUMWORD], S2[SM2_NUMWORD]; - unsigned char temp = 0x03; - unsigned char xV[SM2_NUMWORD], yV[SM2_NUMWORD]; - unsigned char x1y1[SM2_NUMWORD * 2] = {0}; - unsigned char x2y2[SM2_NUMWORD * 2] = {0}; - SM3_STATE md; - - x1 = mirvar(0); - y1 = mirvar(0); - x2 = mirvar(0); - y2 = mirvar(0); - Vx = mirvar(0); - Vy = mirvar(0); - - epoint_get(RA, x1, y1); - epoint_get(RB, x2, y2); - epoint_get(V, Vx, Vy); - - big_to_bytes(SM2_NUMWORD, Vx, xV, TRUE); - big_to_bytes(SM2_NUMWORD, Vy, yV, TRUE); - big_to_bytes(SM2_NUMWORD, x1, x1y1, TRUE); - big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, TRUE); - big_to_bytes(SM2_NUMWORD, x2, x2y2, TRUE); - big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, TRUE); - - //---------------B10:(optional) S2 = Hash(0x03 || Vy || Hash(Vx || ZA || ZB || x1 || y1 || x2 || y2)) - SM3_init(&md); - SM3_process(&md, xV, SM2_NUMWORD); - SM3_process(&md, ZA, SM3_len / 8); - SM3_process(&md, ZB, SM3_len / 8); - SM3_process(&md, x1y1, SM2_NUMWORD * 2); - SM3_process(&md, x2y2, SM2_NUMWORD * 2); - SM3_done(&md, hash); - - SM3_init(&md); - SM3_process(&md, &temp, 1); - SM3_process(&md, yV, SM2_NUMWORD); - SM3_process(&md, hash, SM3_len / 8); - SM3_done(&md, S2); - - if (memcmp(S2, SA, SM3_len / 8) != 0) - return ERR_EQUAL_S2SA; - - return 0; -} - - -/* self check of SM2 key exchange */ -int SM2_standard_keyex_selftest() -{ - //standard data - unsigned char std_priKeyA[SM2_NUMWORD] = {0x81, 0xEB, 0x26, 0xE9, 0x41, 0xBB, 0x5A, 0xF1, 0x6D, 0xF1, 0x16, 0x49, 0x5F, 0x90, 0x69, 0x52, - 0x72, 0xAE, 0x2C, 0xD6, 0x3D, 0x6C, 0x4A, 0xE1, 0x67, 0x84, 0x18, 0xBE, 0x48, 0x23, 0x00, 0x29}; - unsigned char std_pubKeyA[SM2_NUMWORD * 2] = {0x16, 0x0E, 0x12, 0x89, 0x7D, 0xF4, 0xED, 0xB6, 0x1D, 0xD8, 0x12, 0xFE, 0xB9, 0x67, 0x48, - 0xFB, 0xD3, 0xCC, 0xF4, 0xFF, 0xE2, 0x6A, 0xA6, 0xF6, 0xDB, 0x95, 0x40, 0xAF, 0x49, 0xC9, - 0x42, 0x32, 0x4A, 0x7D, 0xAD, 0x08, 0xBB, 0x9A, 0x45, 0x95, 0x31, 0x69, 0x4B, 0xEB, 0x20, - 0xAA, 0x48, 0x9D, 0x66, 0x49, 0x97, 0x5E, 0x1B, 0xFC, 0xF8, 0xC4, 0x74, 0x1B, 0x78, 0xB4, - 0xB2, 0x23, 0x00, 0x7F}; - unsigned char std_randA[SM2_NUMWORD] = {0xD4, 0xDE, 0x15, 0x47, 0x4D, 0xB7, 0x4D, 0x06, 0x49, 0x1C, 0x44, 0x0D, 0x30, 0x5E, 0x01, 0x24, - 0x00, 0x99, 0x0F, 0x3E, 0x39, 0x0C, 0x7E, 0x87, 0x15, 0x3C, 0x12, 0xDB, 0x2E, 0xA6, 0x0B, 0xB3}; - unsigned char std_priKeyB[SM2_NUMWORD] = {0x78, 0x51, 0x29, 0x91, 0x7D, 0x45, 0xA9, 0xEA, 0x54, 0x37, 0xA5, 0x93, 0x56, 0xB8, 0x23, 0x38, - 0xEA, 0xAD, 0xDA, 0x6C, 0xEB, 0x19, 0x90, 0x88, 0xF1, 0x4A, 0xE1, 0x0D, 0xEF, 0xA2, 0x29, 0xB5}; - unsigned char std_pubKeyB[SM2_NUMWORD * 2] = {0x6A, 0xE8, 0x48, 0xC5, 0x7C, 0x53, 0xC7, 0xB1, 0xB5, 0xFA, 0x99, 0xEB, 0x22, 0x86, 0xAF, - 0x07, 0x8B, 0xA6, 0x4C, 0x64, 0x59, 0x1B, 0x8B, 0x56, 0x6F, 0x73, 0x57, 0xD5, 0x76, 0xF1, - 0x6D, 0xFB, 0xEE, 0x48, 0x9D, 0x77, 0x16, 0x21, 0xA2, 0x7B, 0x36, 0xC5, 0xC7, 0x99, 0x20, - 0x62, 0xE9, 0xCD, 0x09, 0xA9, 0x26, 0x43, 0x86, 0xF3, 0xFB, 0xEA, 0x54, 0xDF, 0xF6, 0x93, - 0x05, 0x62, 0x1C, 0x4D}; - unsigned char std_randB[SM2_NUMWORD] = {0x7E, 0x07, 0x12, 0x48, 0x14, 0xB3, 0x09, 0x48, 0x91, 0x25, 0xEA, 0xED, 0x10, 0x11, 0x13, 0x16, - 0x4E, 0xBF, 0x0F, 0x34, 0x58, 0xC5, 0xBD, 0x88, 0x33, 0x5C, 0x1F, 0x9D, 0x59, 0x62, 0x43, 0xD6}; - unsigned char std_IDA[16] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38}; - unsigned char std_IDB[16] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38}; - unsigned short int std_ENTLA = 0x0080; - unsigned short int std_ENTLB = 0x0080; - unsigned char std_ZA[SM3_len] = {0x3B, 0x85, 0xA5, 0x71, 0x79, 0xE1, 0x1E, 0x7E, 0x51, 0x3A, 0xA6, 0x22, 0x99, 0x1F, 0x2C, - 0xA7, 0x4D, 0x18, 0x07, 0xA0, 0xBD, 0x4D, 0x4B, 0x38, 0xF9, 0x09, 0x87, 0xA1, 0x7A, 0xC2, - 0x45, 0xB1}; - unsigned char std_ZB[SM3_len] = {0x79, 0xC9, 0x88, 0xD6, 0x32, 0x29, 0xD9, 0x7E, 0xF1, 0x9F, 0xE0, 0x2C, 0xA1, 0x05, 0x6E, - 0x01, 0xE6, 0xA7, 0x41, 0x1E, 0xD2, 0x46, 0x94, 0xAA, 0x8F, 0x83, 0x4F, 0x4A, 0x4A, 0xB0, - 0x22, 0xF7}; - unsigned char std_RA[SM2_NUMWORD * 2] = {0x64, 0xCE, 0xD1, 0xBD, 0xBC, 0x99, 0xD5, 0x90, 0x04, 0x9B, 0x43, 0x4D, 0x0F, 0xD7, 0x34, 0x28, - 0xCF, 0x60, 0x8A, 0x5D, 0xB8, 0xFE, 0x5C, 0xE0, 0x7F, 0x15, 0x02, 0x69, 0x40, 0xBA, 0xE4, 0x0E, - 0x37, 0x66, 0x29, 0xC7, 0xAB, 0x21, 0xE7, 0xDB, 0x26, 0x09, 0x22, 0x49, 0x9D, 0xDB, 0x11, 0x8F, - 0x07, 0xCE, 0x8E, 0xAA, 0xE3, 0xE7, 0x72, 0x0A, 0xFE, 0xF6, 0xA5, 0xCC, 0x06, 0x20, 0x70, 0xC0}; - unsigned char std_K[16] = {0x6C, 0x89, 0x34, 0x73, 0x54, 0xDE, 0x24, 0x84, 0xC6, 0x0B, 0x4A, 0xB1, 0xFD, 0xE4, 0xC6, 0xE5}; - unsigned char std_RB[SM2_NUMWORD * 2] = {0xAC, 0xC2, 0x76, 0x88, 0xA6, 0xF7, 0xB7, 0x06, 0x09, 0x8B, 0xC9, 0x1F, 0xF3, 0xAD, 0x1B, 0xFF, - 0x7D, 0xC2, 0x80, 0x2C, 0xDB, 0x14, 0xCC, 0xCC, 0xDB, 0x0A, 0x90, 0x47, 0x1F, 0x9B, 0xD7, 0x07, - 0x2F, 0xED, 0xAC, 0x04, 0x94, 0xB2, 0xFF, 0xC4, 0xD6, 0x85, 0x38, 0x76, 0xC7, 0x9B, 0x8F, 0x30, - 0x1C, 0x65, 0x73, 0xAD, 0x0A, 0xA5, 0x0F, 0x39, 0xFC, 0x87, 0x18, 0x1E, 0x1A, 0x1B, 0x46, 0xFE}; - unsigned char std_SB[SM3_len] = {0xD3, 0xA0, 0xFE, 0x15, 0xDE, 0xE1, 0x85, 0xCE, 0xAE, 0x90, 0x7A, 0x6B, 0x59, 0x5C, 0xC3, - 0x2A, 0x26, 0x6E, 0xD7, 0xB3, 0x36, 0x7E, 0x99, 0x83, 0xA8, 0x96, 0xDC, 0x32, 0xFA, 0x20, - 0xF8, 0xEB}; - int std_Klen = 128; //bit len - int temp; - - big x, y, dA, dB, rA, rB; - epoint* pubKeyA, *pubKeyB, *RA, *RB, *V; - - unsigned char hash[SM3_len / 8] = {0}; - unsigned char ZA[SM3_len / 8] = {0}; - unsigned char ZB[SM3_len / 8] = {0}; - unsigned char xy[SM2_NUMWORD * 2] = {0}; - unsigned char *KA, *KB; - unsigned char SA[SM3_len / 8]; - - KA = malloc(std_Klen / 8); - KB = malloc(std_Klen / 8); - - mip = mirsys(1000, 16); - mip->IOBASE = 16; - - x = mirvar(0); - y = mirvar(0); - dA = mirvar(0); - dB = mirvar(0); - rA = mirvar(0); - rB = mirvar(0); - pubKeyA = epoint_init(); - pubKeyB = epoint_init(); - RA = epoint_init(); - RB = epoint_init(); - V = epoint_init(); - - SM2_standard_init(); - - bytes_to_big(SM2_NUMWORD, std_priKeyA, dA); - bytes_to_big(SM2_NUMWORD, std_priKeyB, dB); - bytes_to_big(SM2_NUMWORD, std_randA, rA); - bytes_to_big(SM2_NUMWORD, std_randB, rB); - bytes_to_big(SM2_NUMWORD, std_pubKeyA, x); - bytes_to_big(SM2_NUMWORD, std_pubKeyA + SM2_NUMWORD, y); - epoint_set(x, y, 0, pubKeyA); - bytes_to_big(SM2_NUMWORD, std_pubKeyB, x); - bytes_to_big(SM2_NUMWORD, std_pubKeyB + SM2_NUMWORD, y); - epoint_set(x, y, 0, pubKeyB); - - SM3_z(std_IDA, std_ENTLA, pubKeyA, ZA); - if (memcmp(ZA, std_ZA, SM3_len / 8) != 0) - return ERR_SELFTEST_Z; - SM3_z(std_IDB, std_ENTLB, pubKeyB, ZB); - if (memcmp(ZB, std_ZB, SM3_len / 8) != 0) - return ERR_SELFTEST_Z; - - temp = SM2_standard_keyex_init_i(rA, RA); - if (temp) - return temp; - - epoint_get(RA, x, y); - big_to_bytes(SM2_NUMWORD, x, xy, 1); - big_to_bytes(SM2_NUMWORD, y, xy + SM2_NUMWORD, 1); - if (memcmp(xy, std_RA, SM2_NUMWORD * 2) != 0) - return ERR_SELFTEST_INI_I; - - temp = SM2_standard_keyex_re_i(rB, dB, RA, pubKeyA, ZA, ZB, KA, std_Klen, RB, V, hash); - if (temp) - return temp; - if (memcmp(KA, std_K, std_Klen / 8) != 0) - return ERR_SELFTEST_RES_I; - - temp = SM2_standard_keyex_init_ii(rA, dA, RA, RB, pubKeyB, ZA, ZB, hash, KB, std_Klen, SA); - if (temp) - return temp; - if (memcmp(KB, std_K, std_Klen / 8) != 0) - return ERR_SELFTEST_INI_II; - - if (SM2_standard_keyex_re_ii(V, RA, RB, ZA, ZB, SA) != 0) - return ERR_EQUAL_S2SA; - - free(KA); - free(KB); - return 0; -} diff --git a/crypto/sm2/sm2_standard_sign.c b/crypto/sm2/sm2_standard_sign.c deleted file mode 100644 index 4b447613..00000000 --- a/crypto/sm2/sm2_standard_sign.c +++ /dev/null @@ -1,349 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - - -#include -#include -#include - - - -/* test if the big x is zero */ -int Test_Zero(big x) -{ - big zero; - zero = mirvar(0); - if (mr_compare(x, zero) == 0) - return 1; - else - return 0; -} - - -/* test if the big x is order n */ -int Test_n(big x) -{ - //bytes_to_big(32, SM2_n, n); - if (mr_compare(x, para_n) == 0) - return 1; - else - return 0; -} - - -/* test if the big x belong to the range[1, n-1] */ -int Test_Range(big x) -{ - big one, decr_n; - - one = mirvar(0); - decr_n = mirvar(0); - - convert(1, one); - decr(para_n, 1, decr_n); - - if ((mr_compare(x, one) < 0) | (mr_compare(x, decr_n) > 0)) - return 1; - return 0; -} - - -/* calculate a pubKey out of a given priKey */ -int SM2_standard_sign_keygeneration(unsigned char PriKey[], unsigned char Px[], unsigned char Py[]) -{ - int i = 0; - big d, PAx, PAy; - epoint *PA; - - SM2_standard_init(); - PA = epoint_init(); - - d = mirvar(0); - PAx = mirvar(0); - PAy = mirvar(0); - - bytes_to_big(SM2_NUMWORD, PriKey, d); - - ecurve_mult(d, G, PA); - epoint_get(PA, PAx, PAy); - - big_to_bytes(SM2_NUMWORD, PAx, Px, TRUE); - big_to_bytes(SM2_NUMWORD, PAy, Py, TRUE); - i = Test_PubKey(PA); - if (i) - return i; - else - return 0; -} - - -/* SM2 signature algorithm */ -int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[]) -{ - unsigned char hash[SM3_len / 8]; - int M_len = len + SM3_len / 8; - unsigned char *M = NULL; - int i; - - big dA, r, s, e, k, KGx, KGy; - big rem, rk, z1, z2; - epoint *KG; - - i = SM2_standard_init(); - if (i) - return i; - //initiate - dA = mirvar(0); - e = mirvar(0); - k = mirvar(0); - KGx = mirvar(0); - KGy = mirvar(0); - r = mirvar(0); - s = mirvar(0); - rem = mirvar(0); - rk = mirvar(0); - z1 = mirvar(0); - z2 = mirvar(0); - - bytes_to_big(SM2_NUMWORD, d, dA); //cinstr(dA, d); - - KG = epoint_init(); - - //step1, set M = ZA || M - M = (char *)malloc(sizeof(char)*(M_len + 1)); - memcpy(M, ZA, SM3_len / 8); - memcpy(M + SM3_len / 8, message, len); - - //step2, generate e = H(M) - SM3_256(M, M_len, hash); - bytes_to_big(SM3_len / 8, hash, e); - - //step3:generate k - bytes_to_big(SM3_len / 8, rand, k); - - //step4:calculate kG - ecurve_mult(k, G, KG); - - //step5:calculate r - epoint_get(KG, KGx, KGy); - add(e, KGx, r); - divide(r, para_n, rem); - - //judge r = 0 or n + k = n? - add(r, k, rk); - if (Test_Zero(r) | Test_n(rk)) - return ERR_GENERATE_R; - - //step6:generate s - incr(dA, 1, z1); - xgcd(z1, para_n, z1, z1, z1); - multiply(r, dA, z2); - divide(z2, para_n, rem); - subtract(k, z2, z2); - add(z2, para_n, z2); - multiply(z1, z2, s); - divide(s, para_n, rem); - - //judge s = 0? - if (Test_Zero(s)) - return ERR_GENERATE_S ; - - big_to_bytes(SM2_NUMWORD, r, R, TRUE); - big_to_bytes(SM2_NUMWORD, s, S, TRUE); - - free(M); - return 0; -} - - -/* SM2 verification algorithm */ -int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[]) -{ - unsigned char hash[SM3_len / 8]; - int M_len = len + SM3_len / 8; - unsigned char *M = NULL; - int i; - - big PAx, PAy, r, s, e, t, rem, x1, y1; - big RR; - epoint *PA, *sG, *tPA; - - i = SM2_standard_init(); - if (i) - return i; - - PAx = mirvar(0); - PAy = mirvar(0); - r = mirvar(0); - s = mirvar(0); - e = mirvar(0); - t = mirvar(0); - x1 = mirvar(0); - y1 = mirvar(0); - rem = mirvar(0); - RR = mirvar(0); - - PA = epoint_init(); - sG = epoint_init(); - tPA = epoint_init(); - - bytes_to_big(SM2_NUMWORD, Px, PAx); - bytes_to_big(SM2_NUMWORD, Py, PAy); - - bytes_to_big(SM2_NUMWORD, R, r); - bytes_to_big(SM2_NUMWORD, S, s); - - if (!epoint_set(PAx, PAy, 0, PA)) //initialise public key - { - return ERR_PUBKEY_INIT; - } - - //step1: test if r belong to [1, n-1] - if (Test_Range(r)) - return ERR_OUTRANGE_R; - - //step2: test if s belong to [1, n-1] - if (Test_Range(s)) - return ERR_OUTRANGE_S; - - //step3, generate M - M = (char *)malloc(sizeof(char)*(M_len + 1)); - memcpy(M, ZA, SM3_len / 8); - memcpy(M + SM3_len / 8, message, len); - - //step4, generate e = H(M) - SM3_256(M, M_len, hash); - bytes_to_big(SM3_len / 8, hash, e); - - //step5:generate t - add(r, s, t); - divide(t, para_n, rem); - - if (Test_Zero(t)) - return ERR_GENERATE_T; - - //step 6: generate(x1, y1) - ecurve_mult(s, G, sG); - ecurve_mult(t, PA, tPA); - ecurve_add(sG, tPA); - epoint_get(tPA, x1, y1); - - //step7:generate RR - add(e, x1, RR); - divide(RR, para_n, rem); - - free(M); - if (mr_compare(RR, r) == 0) - return 0; - else - return ERR_DATA_MEMCMP; -} - - -/* SM2 self check */ -int SM2_standard_selfcheck() -{ - //the private key - unsigned char dA[32] = {0x39, 0x45, 0x20, 0x8f, 0x7b, 0x21, 0x44, 0xb1, 0x3f, 0x36, 0xe3, 0x8a, 0xc6, 0xd3, 0x9f, - 0x95, 0x88, 0x93, 0x93, 0x69, 0x28, 0x60, 0xb5, 0x1a, 0x42, 0xfb, 0x81, 0xef, 0x4d, 0xf7, - 0xc5, 0xb8}; - unsigned char rand[32] = {0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16, 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D, - 0xCC, 0xEF, 0x3C, 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8, 0x0D, 0xEA, 0xC1, - 0xBC, 0x21}; - //the public key - /* unsigned char xA[32] = {0x09, 0xf9, 0xdf, 0x31, 0x1e, 0x54, 0x21, 0xa1, 0x50, 0xdd, 0x7d, 0x16, 0x1e, 0x4b, 0xc5, - 0xc6, 0x72, 0x17, 0x9f, 0xad, 0x18, 0x33, 0xfc, 0x07, 0x6b, 0xb0, 0x8f, 0xf3, 0x56, 0xf3, - 0x50, 0x20}; - unsigned char yA[32] = {0xcc, 0xea, 0x49, 0x0c, 0xe2, 0x67, 0x75, 0xa5, 0x2d, 0xc6, 0xea, 0x71, 0x8c, 0xc1, 0xaa, - 0x60, 0x0a, 0xed, 0x05, 0xfb, 0xf3, 0x5e, 0x08, 0x4a, 0x66, 0x32, 0xf6, 0x07, 0x2d, 0xa9, - 0xad, 0x13};*/ - - unsigned char xA[32], yA[32]; - unsigned char r[32], s[32]; // Signature - - unsigned char IDA[16] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, - 0x34, 0x35, 0x36, 0x37, 0x38}; //ASCII code of userA's identification - int IDA_len = 16; - unsigned char ENTLA[2] = {0x00, 0x80}; //the length of userA's identification, presentation in ASCII code - - unsigned char *message = "message digest"; //the message to be signed - int len = strlen(message); //the length of message - unsigned char ZA[SM3_len / 8]; //ZA = Hash(ENTLA || IDA || a || b || Gx || Gy || xA|| yA) - unsigned char Msg[210]; //210 = IDA_len + 2 + SM2_NUMWORD * 6 - - int temp; - - mip = mirsys(10000, 16); - mip->IOBASE = 16; - - temp = SM2_standard_sign_keygeneration(dA, xA, yA); - if (temp) - return temp; - - //ENTLA || IDA || a || b || Gx || Gy || xA || yA - memcpy(Msg, ENTLA, 2); - memcpy(Msg + 2, IDA, IDA_len); - memcpy(Msg + 2 + IDA_len, SM2_a, SM2_NUMWORD); - memcpy(Msg + 2 + IDA_len + SM2_NUMWORD, SM2_b, SM2_NUMWORD); - memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 2, SM2_Gx, SM2_NUMWORD); - memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 3, SM2_Gy, SM2_NUMWORD); - memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 4, xA, SM2_NUMWORD); - memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 5, yA, SM2_NUMWORD); - SM3_256(Msg, 210, ZA); - - temp = SM2_standard_sign(message, len, ZA, rand, dA, r, s); - if (temp) - return temp; - - temp = SM2_standard_verify(message, len, ZA, xA, yA, r, s); - if (temp) - return temp; - - return 0; -} diff --git a/crypto/sm3/sm3_standard.c b/crypto/sm3/sm3_standard.c deleted file mode 100644 index 0efcfdc0..00000000 --- a/crypto/sm3/sm3_standard.c +++ /dev/null @@ -1,368 +0,0 @@ -#include "openssl/sm3_standard.h" - - -/**************************************************************** -Function: BiToW -Description: calculate W from Bi -Calls: -Called By: SM3_compress -Input: Bi[16] //a block of a message -Output: W[64] -Return: null -Others: -****************************************************************/ -void BiToW(unsigned int Bi[], unsigned int W[]) -{ - int i; - unsigned int tmp; - - for (i = 0; i <= 15; i++) - { - W[i] = Bi[i]; - } - for (i = 16; i <= 67; i++) - { - tmp = W[i - 16] - ^ W[i - 9] - ^ SM3_rotl32(W[i - 3], 15); - W[i] = SM3_p1(tmp) - ^ (SM3_rotl32(W[i - 13], 7)) - ^ W[i - 6]; - } -} - - -/***************************************************************** -Function: WToW1 -Description: calculate W1 from W -Calls: -Called By: SM3_compress -Input: W[64] -Output: W1[64] -Return: null -Others: -*****************************************************************/ -void WToW1(unsigned int W[], unsigned int W1[]) -{ - int i; - for (i = 0; i <= 63; i++) - { - W1[i] = W[i] ^ W[i + 4]; - } -} - - -/****************************************************************** -Function: CF -Description: calculate the CF compress function and update V -Calls: -Called By: SM3_compress -Input: W[64] -W1[64] -V[8] -Output: V[8] -Return: null -Others: -********************************************************************/ -void CF(unsigned int W[], unsigned int W1[], unsigned int V[]) -{ - unsigned int SS1; - unsigned int SS2; - unsigned int TT1; - unsigned int TT2; - unsigned int A, B, C, D, E, F, G, H; - unsigned int T = SM3_T1; - unsigned int FF; - unsigned int GG; - int j; - - //reg init,set ABCDEFGH=V0 - A = V[0]; - B = V[1]; - C = V[2]; - D = V[3]; - E = V[4]; - F = V[5]; - G = V[6]; - H = V[7]; - - for (j = 0; j <= 63; j++) - { - //SS1 - if (j == 0) - { - T = SM3_T1; - } - else if (j == 16) - { - T = SM3_rotl32(SM3_T2, 16); - } - else - { - T = SM3_rotl32(T, 1); - } - SS1 = SM3_rotl32((SM3_rotl32(A, 12) + E + T), 7); - - //SS2 - SS2 = SS1^SM3_rotl32(A, 12); - - //TT1 - if (j <= 15) - { - FF = SM3_ff0(A, B, C); - } - - else - { - FF = SM3_ff1(A, B, C); - } - TT1 = FF + D + SS2 + *W1; - W1++; - - //TT2 - if (j <= 15) - { - GG = SM3_gg0(E, F, G); - } - else - { - GG = SM3_gg1(E, F, G); - } - TT2 = GG + H + SS1 + *W; - W++; - - //D - D = C; - - //C - C = SM3_rotl32(B, 9); - - //B - B = A; - - //A - A = TT1; - - //H - H = G; - - - //G - G = SM3_rotl32(F, 19); - - //F - F = E; - - //E - E = SM3_p0(TT2); - } - - //update V - V[0] = A^V[0]; - V[1] = B^V[1]; - V[2] = C^V[2]; - V[3] = D^V[3]; - V[4] = E^V[4]; - V[5] = F^V[5]; - V[6] = G^V[6]; - V[7] = H^V[7]; -} - - -/****************************************************************************** -Function: BigEndian -Description: U32 endian converse.GM/T 0004-2012 requires to use big-endian. -if CPU uses little-endian, BigEndian function is a necessary -call to change the little-endian format into big-endian format. -Calls: -Called By: SM3_compress, SM3_done -Input: src[bytelen] -bytelen -Output: des[bytelen] -Return: null -Others: src and des could implies the same address -*******************************************************************************/ -void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[]) -{ - unsigned char tmp = 0; - unsigned int i = 0; - - for (i = 0; icurlen = md->length = 0; - md->state[0] = SM3_IVA; - md->state[1] = SM3_IVB; - md->state[2] = SM3_IVC; - md->state[3] = SM3_IVD; - md->state[4] = SM3_IVE; - md->state[5] = SM3_IVF; - md->state[6] = SM3_IVG; - md->state[7] = SM3_IVH; -} - - -/****************************************************************************** -Function: SM3_compress -Description: compress a single block of message -Calls: BigEndian -BiToW -WToW1 -CF -Called By: SM3_256 -Input: SM3_STATE *md -Output: SM3_STATE *md -Return: null -Others: -*******************************************************************************/ -void SM3_compress(SM3_STATE * md) -{ - unsigned int W[68]; - unsigned int W1[64]; - - //if CPU uses little-endian, BigEndian function is a necessary call - BigEndian(md->buf, 64, md->buf); - - BiToW((unsigned int *)md->buf, W); - WToW1(W, W1); - CF(W, W1, md->state); -} - - -/****************************************************************************** -Function: SM3_process -Description: compress the first (len/64) blocks of message -Calls: SM3_compress -Called By: SM3_256 -Input: SM3_STATE *md -unsigned char buf[len] //the input message -int len //bytelen of message -Output: SM3_STATE *md -Return: null -Others: -*******************************************************************************/ -void SM3_process(SM3_STATE * md, unsigned char *buf, int len) -{ - while (len--) - { - /* copy byte */ - md->buf[md->curlen] = *buf++; - md->curlen++; - - /* is 64 bytes full? */ - if (md->curlen == 64) - { - SM3_compress(md); - md->length += 512; - md->curlen = 0; - } - } -} - - -/****************************************************************************** -Function: SM3_done -Description: compress the rest message that the SM3_process has left behind -Calls: SM3_compress -Called By: SM3_256 -Input: SM3_STATE *md -Output: unsigned char *hash -Return: null -Others: -*******************************************************************************/ -void SM3_done(SM3_STATE *md, unsigned char hash[]) -{ - int i; - unsigned char tmp = 0; - - /* increase the bit length of the message */ - md->length += md->curlen << 3; - - /* append the '1' bit */ - md->buf[md->curlen] = 0x80; - md->curlen++; - - /* if the length is currently above 56 bytes, appends zeros till - it reaches 64 bytes, compress the current block, creat a new - block by appending zeros and length,and then compress it - */ - if (md->curlen >56) - { - for (; md->curlen < 64;) - { - md->buf[md->curlen] = 0; - md->curlen++; - } - SM3_compress(md); - md->curlen = 0; - } - - /* if the length is less than 56 bytes, pad upto 56 bytes of zeroes */ - for (; md->curlen < 56;) - { - md->buf[md->curlen] = 0; - md->curlen++; - } - - /* since all messages are under 2^32 bits we mark the top bits zero */ - for (i = 56; i < 60; i++) - { - md->buf[i] = 0; - } - - /* append length */ - md->buf[63] = md->length & 0xff; - md->buf[62] = (md->length >> 8) & 0xff; - md->buf[61] = (md->length >> 16) & 0xff; - md->buf[60] = (md->length >> 24) & 0xff; - - SM3_compress(md); - - /* copy output */ - memcpy(hash, md->state, SM3_len / 8); - BigEndian(hash, SM3_len / 8, hash);//if CPU uses little-endian, BigEndian function is a necessary call -} - - -/****************************************************************************** -Function: SM3_256 -Description: calculate a hash value from a given message -Calls: SM3_init -SM3_process -SM3_done -Called By: -Input: unsigned char buf[len] //the input message -int len //bytelen of the message -Output: unsigned char hash[32] -Return: null -Others: -*******************************************************************************/ -void SM3_256(unsigned char buf[], int len, unsigned char hash[]) -{ - SM3_STATE md; - SM3_init(&md); - SM3_process(&md, buf, len); - SM3_done(&md, hash); -} diff --git a/include/openssl/kdf_standard.h b/include/openssl/kdf_standard.h deleted file mode 100644 index 508226fd..00000000 --- a/include/openssl/kdf_standard.h +++ /dev/null @@ -1,406 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - - -#ifndef HEADER_KDF_STANDARD_H -#define HEADER_KDF_STANDARD_H - -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SM3_len 256 -#define SM3_T1 0x79CC4519 -#define SM3_T2 0x7A879D8A -#define SM3_IVA 0x7380166f -#define SM3_IVB 0x4914b2b9 -#define SM3_IVC 0x172442d7 -#define SM3_IVD 0xda8a0600 -#define SM3_IVE 0xa96f30bc -#define SM3_IVF 0x163138aa -#define SM3_IVG 0xe38dee4d -#define SM3_IVH 0xb0fb0e4e - -#define SM2_WORDSIZE 8 -#define SM2_NUMBITS 256 -#define SM2_NUMWORD (SM2_NUMBITS / SM2_WORDSIZE) //32 - -/* Various logical functions */ -#define SM3_p1(x) (x ^ SM3_rotl32(x, 15) ^ SM3_rotl32(x, 23)) -#define SM3_p0(x) (x ^ SM3_rotl32(x, 9) ^ SM3_rotl32(x, 17)) -#define SM3_ff0(a, b, c) (a ^ b ^ c) -#define SM3_ff1(a, b, c) ((a & b) | (a & c) | (b & c)) -#define SM3_gg0(e, f, g) (e ^ f ^ g) -#define SM3_gg1(e, f, g) ((e & f) | ((~e) & g)) -#define SM3_rotl32(x, n) (((x) << n) | ((x) >> (32 - n))) -#define SM3_rotr32(x, n) (((x) >> n) | ((x) << (32 - n))) - - -typedef struct { - unsigned long state[8]; - unsigned long length; - unsigned long curlen; - unsigned char buf[64]; -} SM3_STATE; - - -static void BiToW(unsigned long Bi[], unsigned long W[]); -static void WToW1(unsigned long W[], unsigned long W1[]); -static void CF(unsigned long W[], unsigned long W1[], unsigned long V[]); -static void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[]); -static void SM3_init(SM3_STATE *md); -static void SM3_compress(SM3_STATE *md); -static void SM3_process(SM3_STATE *md, unsigned char *buf, int len); -static void SM3_done(SM3_STATE *md, unsigned char hash[]); -static void SM3_256(unsigned char buf[], int len, unsigned char hash[]); -static void SM3_kdf(unsigned char Z[], unsigned short zlen, unsigned short klen, unsigned char K[]); - - -/* calculate W from Bi */ -static void BiToW(unsigned long Bi[], unsigned long W[]) -{ - int i; - unsigned long tmp; - - for(i = 0; i <= 15; i++) - { - W[i] = Bi[i]; - } - for(i = 16;i <= 67; i++) - { - tmp = W[i - 16] ^ W[i - 9] ^ SM3_rotl32(W[i - 3], 15); - W[i] = SM3_p1(tmp) ^ (SM3_rotl32(W[i - 13], 7)) ^ W[i - 6]; - } -} - - -/* calculate W1 from W */ -static void WToW1(unsigned long W[], unsigned long W1[]) -{ - int i; - for(i = 0; i <= 63; i++) - { - W1[i] = W[i] ^ W[i + 4]; - } -} - - -/* calculate the CF compress function and update V */ -static void CF(unsigned long W[], unsigned long W1[], unsigned long V[]) -{ - unsigned long SS1; - unsigned long SS2; - unsigned long TT1; - unsigned long TT2; - unsigned long A, B, C, D, E, F, G, H; - unsigned long T = SM3_T1; - unsigned long FF; - unsigned long GG; - int j; - - //reg init, set ABCDEFGH = V0 - A = V[0]; - B = V[1]; - C = V[2]; - D = V[3]; - E = V[4]; - F = V[5]; - G = V[6]; - H = V[7]; - - for (j = 0; j <= 63; j++) - { - //SS1 - if (j == 0) - { - T = SM3_T1; - } - else if (j == 16) - { - T = SM3_rotl32(SM3_T2, 16); - } - else - { - T = SM3_rotl32(T, 1); - } - SS1 = SM3_rotl32((SM3_rotl32(A, 12) + E + T), 7); - - //SS2 - SS2 = SS1 ^ SM3_rotl32(A, 12); - - //TT1 - if (j <= 15) - { - FF = SM3_ff0(A, B, C); - } - else - { - FF = SM3_ff1(A, B, C); - } - TT1 = FF + D + SS2 + *W1; - W1++; - - //TT2 - if (j <= 15) - { - GG = SM3_gg0(E, F, G); - } - else - { - GG = SM3_gg1(E, F, G); - } - TT2 = GG + H + SS1 + *W; - W++; - - //D - D = C; - - //C - C = SM3_rotl32(B, 9); - - //B - B = A; - - //A - A = TT1; - - //H - H = G; - - //G - G = SM3_rotl32(F, 19); - - //F - F = E; - - //E - E = SM3_p0(TT2); - } - - //update V - V[0] = A ^ V[0]; - V[1] = B ^ V[1]; - V[2] = C ^ V[2]; - V[3] = D ^ V[3]; - V[4] = E ^ V[4]; - V[5] = F ^ V[5]; - V[6] = G ^ V[6]; - V[7] = H ^ V[7]; -} - - -/* unsigned int endian converse. GM/T 0004-2012 requires to use big-endian. - * if CPu uses little-endian, BigEndian function is a necessary - * call to change the little-endian format into big-endian format. - */ -static void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[]) -{ - unsigned char tmp = 0; - unsigned long i = 0; - for (i = 0; i < bytelen / 4; i++) - { - tmp = des[4 * i]; - des[4 * i] = src[4 * i + 3]; - src[4 * i + 3] = tmp; - - tmp = des[4 * i + 1]; - des[4 * i + 1] = src[4 * i + 2]; - des[4 * i + 2] = tmp; - } -} - - -/* initiate SM3 state */ -static void SM3_init(SM3_STATE *md) -{ - md->curlen = md->length = 0; - md->state[0] = SM3_IVA; - md->state[1] = SM3_IVB; - md->state[2] = SM3_IVC; - md->state[3] = SM3_IVD; - md->state[4] = SM3_IVE; - md->state[5] = SM3_IVF; - md->state[6] = SM3_IVG; - md->state[7] = SM3_IVH; -} - - -/* compress a single a block of message */ -static void SM3_compress(SM3_STATE *md) -{ - unsigned long W[68]; - unsigned long W1[64]; - - //if CPU uses little-endian, BigEndian function is a necessary call - BigEndian(md->buf, 64, md->buf); - BiToW((unsigned long *)md->buf, W); - WToW1(W, W1); - CF(W, W1, md->state); -} - - -/* compress the first(len/64) blocks of message */ -static void SM3_process(SM3_STATE *md, unsigned char *buf, int len) -{ - while (len--) - { - /* copy byte */ - md->buf[md->curlen] = *buf++; - md->curlen++; - - /* is 64 bytes full? */ - if (md->curlen == 64) - { - SM3_compress(md); - md->length += 512; - md->curlen = 0; - } - } -} - - -/* compress the rest message that the SM3_process has left behind */ -static void SM3_done(SM3_STATE *md, unsigned char hash[]) -{ - int i; - unsigned char tmp = 0; - - /* increase the bit length of the message */ - md->length += md->curlen << 3; - - /* append the '1' bit */ - md->buf[md->curlen] = 0x80; - md->curlen++; - - /* if the length is currently above 56 bytes, appends zeros till - it reaches 64 bytes, compress the current block, creat a new - block by appending zeros and length,and then compress it - */ - if (md->curlen > 56) - { - for (; md->curlen < 64;) - { - md->buf[md->curlen] = 0; - md->curlen++; - } - SM3_compress(md); - md->curlen = 0; - } - - /* if the length is less than 56 bytes, pad upto 56 bytes of zeroes */ - for (; md->curlen < 56;) - { - md->buf[md->curlen] = 0; - md->curlen++; - } - - /* since all messages are under 2^32 bits we mark the top bits zero */ - for (i = 56; i < 60; i++) - { - md->buf[i] = 0; - } - - /* append length */ - md->buf[63] = md->length & 0xff; - md->buf[62] = (md->length >> 8) & 0xff; - md->buf[61] = (md->length >> 16) & 0xff; - md->buf[60] = (md->length >> 24) & 0xff; - - SM3_compress(md); - - /* copy output */ - memcpy(hash, md->state, SM3_len / 8); - BigEndian(hash, SM3_len / 8, hash); //if CPU uses little-endian, BigEndian function is a necessary call -} - - -/* calculate a hash value from a given message */ -static void SM3_256(unsigned char buf[], int len, unsigned char hash[]) -{ - SM3_STATE md; - SM3_init(&md); - SM3_process(&md, buf, len); - SM3_done(&md, hash); -} - - -/* key derivation function */ -static void SM3_kdf(unsigned char Z[], unsigned short zlen, unsigned short klen, unsigned char K[]) -{ - unsigned short i, j, t; - unsigned int bitklen; - SM3_STATE md; - unsigned char Ha[SM2_NUMWORD]; - unsigned char ct[4] = {0, 0, 0, 1}; - - bitklen = klen * 8; - - if (bitklen % SM2_NUMBITS) - t = bitklen / SM2_NUMBITS + 1; - else - t = bitklen / SM2_NUMBITS; - - //s4: K = Ha1 || Ha2 || ... - for (i = 1; i < t; i++) - { - //s2: Hai = Hv(Z || ct) - SM3_init(&md); - SM3_process(&md, Z, zlen); - SM3_process(&md, ct, 4); - SM3_done(&md, Ha); - memcpy((K + SM2_NUMWORD * (i - 1)), Ha, SM2_NUMWORD); - - if (ct[3] == 0xff) - { - ct[3] = 0; - if (ct[2] == 0xff) - { - ct[2] = 0; - if (ct[1] == 0xff) - { - ct[1] = 0; - ct[0]++; - } - else - ct[1]++; - } - else - ct[2]++; - } - else - ct[3]++; - } - - //s3 - SM3_init(&md); - SM3_process(&md, Z, zlen); - SM3_process(&md, ct, 4); - SM3_done(&md, Ha); - - if(bitklen % SM2_NUMBITS) - { - i = (SM2_NUMBITS - bitklen + SM2_NUMBITS * (bitklen / SM2_NUMBITS)) / 8; - j = (bitklen - SM2_NUMBITS * (bitklen / SM2_NUMBITS)) / 8; - memcpy((K + SM2_NUMWORD * (t - 1)), Ha, j); - } - else - { - memcpy((K + SM2_NUMWORD * (t - 1)), Ha, SM2_NUMWORD); - } -} - - -#ifdef __cplusplus -} -# endif -#endif diff --git a/include/openssl/miracl.h b/include/openssl/miracl.h deleted file mode 100644 index 1b8a5b16..00000000 --- a/include/openssl/miracl.h +++ /dev/null @@ -1,1569 +0,0 @@ -/*************************************************************************** - * -Copyright 2013 CertiVox IOM Ltd. * - * -This file is part of CertiVox MIRACL Crypto SDK. * - * -The CertiVox MIRACL Crypto SDK provides developers with an * -extensive and efficient set of cryptographic functions. * -For further information about its features and functionalities please * -refer to http://www.certivox.com * - * -* The CertiVox MIRACL Crypto SDK is free software: you can * - redistribute it and/or modify it under the terms of the * - GNU Affero General Public License as published by the * - Free Software Foundation, either version 3 of the License, * - or (at your option) any later version. * - * -* The CertiVox MIRACL Crypto SDK is distributed in the hope * - that it will be useful, but WITHOUT ANY WARRANTY; without even the * - implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - See the GNU Affero General Public License for more details. * - * -* You should have received a copy of the GNU Affero General Public * - License along with CertiVox MIRACL Crypto SDK. * - If not, see . * - * -You can be released from the requirements of the license by purchasing * -a commercial license. Buying such a license is mandatory as soon as you * -develop commercial activities involving the CertiVox MIRACL Crypto SDK * -without disclosing the source code of your own applications, or shipping * -the CertiVox MIRACL Crypto SDK with a closed source product. * - * -***************************************************************************/ - -#ifndef HEADER_MIRACL_H -#define HEADER_MIRACL_H - -/* - * main MIRACL header - miracl.h. - */ - -#include "mirdef.h" - -/* Some modifiable defaults... */ - -/* Use a smaller buffer if space is limited, don't be so wasteful! */ - -#ifdef __cplusplus -extern "C"{ -#endif - -#ifdef MR_STATIC -#define MR_DEFAULT_BUFFER_SIZE 260 -#else -#define MR_DEFAULT_BUFFER_SIZE 1024 -#endif - -/* see mrgf2m.c */ - -#ifndef MR_KARATSUBA -#define MR_KARATSUBA 2 -#endif - -#ifndef MR_DOUBLE_BIG - -#ifdef MR_KCM - #ifdef MR_FLASH - #define MR_SPACES 32 - #else - #define MR_SPACES 31 - #endif -#else - #ifdef MR_FLASH - #define MR_SPACES 28 - #else - #define MR_SPACES 27 - #endif -#endif - -#else - -#ifdef MR_KCM - #ifdef MR_FLASH - #define MR_SPACES 44 - #else - #define MR_SPACES 43 - #endif -#else - #ifdef MR_FLASH - #define MR_SPACES 40 - #else - #define MR_SPACES 39 - #endif -#endif - -#endif - -/* To avoid name clashes - undefine this */ - -/* #define compare mr_compare */ - -#ifdef MR_AVR -#include -#endif - -/* size of bigs and elliptic curve points for memory allocation from stack or heap */ - -#define MR_ROUNDUP(a,b) ((a)-1)/(b)+1 - -#define MR_SL sizeof(long) - -#ifdef MR_STATIC - -#define MR_SIZE (((sizeof(struct bigtype)+(MR_STATIC+2)*sizeof(mr_utype))-1)/MR_SL+1)*MR_SL -#define MR_BIG_RESERVE(n) ((n)*MR_SIZE+MR_SL) - -#ifdef MR_AFFINE_ONLY -#define MR_ESIZE (((sizeof(epoint)+MR_BIG_RESERVE(2))-1)/MR_SL+1)*MR_SL -#else -#define MR_ESIZE (((sizeof(epoint)+MR_BIG_RESERVE(3))-1)/MR_SL+1)*MR_SL -#endif -#define MR_ECP_RESERVE(n) ((n)*MR_ESIZE+MR_SL) - -#define MR_ESIZE_A (((sizeof(epoint)+MR_BIG_RESERVE(2))-1)/MR_SL+1)*MR_SL -#define MR_ECP_RESERVE_A(n) ((n)*MR_ESIZE_A+MR_SL) - - -#endif - -/* useful macro to convert size of big in words, to size of required structure */ - -#define mr_size(n) (((sizeof(struct bigtype)+((n)+2)*sizeof(mr_utype))-1)/MR_SL+1)*MR_SL -#define mr_big_reserve(n,m) ((n)*mr_size(m)+MR_SL) - -#define mr_esize_a(n) (((sizeof(epoint)+mr_big_reserve(2,(n)))-1)/MR_SL+1)*MR_SL -#define mr_ecp_reserve_a(n,m) ((n)*mr_esize_a(m)+MR_SL) - -#ifdef MR_AFFINE_ONLY -#define mr_esize(n) (((sizeof(epoint)+mr_big_reserve(2,(n)))-1)/MR_SL+1)*MR_SL -#else -#define mr_esize(n) (((sizeof(epoint)+mr_big_reserve(3,(n)))-1)/MR_SL+1)*MR_SL -#endif -#define mr_ecp_reserve(n,m) ((n)*mr_esize(m)+MR_SL) - - -/* if basic library is static, make sure and use static C++ */ - -#ifdef MR_STATIC - #ifndef BIGS - #define BIGS MR_STATIC - #endif - #ifndef ZZNS - #define ZZNS MR_STATIC - #endif - #ifndef GF2MS - #define GF2MS MR_STATIC - #endif -#endif - -#ifdef __ia64__ -#if MIRACL==64 -#define MR_ITANIUM -#include -#endif -#endif - -#ifdef _M_X64 -#ifdef _WIN64 -#if MIRACL==64 -#define MR_WIN64 -#include -#endif -#endif -#endif - -#ifndef MR_NO_FILE_IO -#include -#endif - /* error returns */ - -#define MR_ERR_BASE_TOO_BIG 1 -#define MR_ERR_DIV_BY_ZERO 2 -#define MR_ERR_OVERFLOW 3 -#define MR_ERR_NEG_RESULT 4 -#define MR_ERR_BAD_FORMAT 5 -#define MR_ERR_BAD_BASE 6 -#define MR_ERR_BAD_PARAMETERS 7 -#define MR_ERR_OUT_OF_MEMORY 8 -#define MR_ERR_NEG_ROOT 9 -#define MR_ERR_NEG_POWER 10 -#define MR_ERR_BAD_ROOT 11 -#define MR_ERR_INT_OP 12 -#define MR_ERR_FLASH_OVERFLOW 13 -#define MR_ERR_TOO_BIG 14 -#define MR_ERR_NEG_LOG 15 -#define MR_ERR_DOUBLE_FAIL 16 -#define MR_ERR_IO_OVERFLOW 17 -#define MR_ERR_NO_MIRSYS 18 -#define MR_ERR_BAD_MODULUS 19 -#define MR_ERR_NO_MODULUS 20 -#define MR_ERR_EXP_TOO_BIG 21 -#define MR_ERR_NOT_SUPPORTED 22 -#define MR_ERR_NOT_DOUBLE_LEN 23 -#define MR_ERR_NOT_IRREDUC 24 -#define MR_ERR_NO_ROUNDING 25 -#define MR_ERR_NOT_BINARY 26 -#define MR_ERR_NO_BASIS 27 -#define MR_ERR_COMPOSITE_MODULUS 28 -#define MR_ERR_DEV_RANDOM 29 - - /* some useful definitions */ - -#define forever for(;;) - -#define mr_abs(x) ((x)<0? (-(x)) : (x)) - -#ifndef TRUE - #define TRUE 1 -#endif -#ifndef FALSE - #define FALSE 0 -#endif - -#define OFF 0 -#define ON 1 -#define PLUS 1 -#define MINUS (-1) - -#define M1 (MIRACL-1) -#define M2 (MIRACL-2) -#define M3 (MIRACL-3) -#define M4 (MIRACL-4) -#define TOPBIT ((mr_small)1<= MR_IBITS -#define MR_TOOBIG (1<<(MR_IBITS-2)) -#else -#define MR_TOOBIG (1<<(MIRACL-1)) -#endif - -#ifdef MR_FLASH -#define MR_EBITS (8*sizeof(double) - MR_FLASH) - /* no of Bits per double exponent */ -#define MR_BTS 16 -#define MR_MSK 0xFFFF - -#endif - -/* Default Hash function output size in bytes */ -#define MR_HASH_BYTES 32 - -/* Marsaglia & Zaman Random number generator */ -/* constants alternatives */ -#define NK 37 /* 21 */ -#define NJ 24 /* 6 */ -#define NV 14 /* 8 */ - -/* Use smaller values if memory is precious */ - -#ifdef mr_dltype - -#ifdef MR_LITTLE_ENDIAN -#define MR_BOT 0 -#define MR_TOP 1 -#endif -#ifdef MR_BIG_ENDIAN -#define MR_BOT 1 -#define MR_TOP 0 -#endif - -union doubleword -{ - mr_large d; - mr_small h[2]; -}; - -#endif - -/* chinese remainder theorem structures */ - -typedef struct { -big *C; -big *V; -big *M; -int NP; -} big_chinese; - -typedef struct { -mr_utype *C; -mr_utype *V; -mr_utype *M; -int NP; -} small_chinese; - -/* Cryptographically strong pseudo-random number generator */ - -typedef struct { -mr_unsign32 ira[NK]; /* random number... */ -int rndptr; /* ...array & pointer */ -mr_unsign32 borrow; -int pool_ptr; -char pool[MR_HASH_BYTES]; /* random pool */ -} csprng; - -/* secure hash Algorithm structure */ - -typedef struct { -mr_unsign32 length[2]; -mr_unsign32 h[8]; -mr_unsign32 w[80]; -} sha256; - -typedef sha256 sha; - -#ifdef mr_unsign64 - -typedef struct { -mr_unsign64 length[2]; -mr_unsign64 h[8]; -mr_unsign64 w[80]; -} sha512; - -typedef sha512 sha384; - -typedef struct { -mr_unsign64 length; -mr_unsign64 S[5][5]; -int rate,len; -} sha3; - -#endif - -/* Symmetric Encryption algorithm structure */ - -#define MR_ECB 0 -#define MR_CBC 1 -#define MR_CFB1 2 -#define MR_CFB2 3 -#define MR_CFB4 5 -#define MR_PCFB1 10 -#define MR_PCFB2 11 -#define MR_PCFB4 13 -#define MR_OFB1 14 -#define MR_OFB2 15 -#define MR_OFB4 17 -#define MR_OFB8 21 -#define MR_OFB16 29 - -typedef struct { -int Nk,Nr; -int mode; -mr_unsign32 fkey[60]; -mr_unsign32 rkey[60]; -char f[16]; -} aes; - -/* AES-GCM suppport. See mrgcm.c */ - -#define GCM_ACCEPTING_HEADER 0 -#define GCM_ACCEPTING_CIPHER 1 -#define GCM_NOT_ACCEPTING_MORE 2 -#define GCM_FINISHED 3 -#define GCM_ENCRYPTING 0 -#define GCM_DECRYPTING 1 - -typedef struct { -mr_unsign32 table[128][4]; /* 2k bytes */ -MR_BYTE stateX[16]; -MR_BYTE Y_0[16]; -mr_unsign32 counter; -mr_unsign32 lenA[2],lenC[2]; -int status; -aes a; -} gcm; - - /* Elliptic curve point status */ - -#define MR_EPOINT_GENERAL 0 -#define MR_EPOINT_NORMALIZED 1 -#define MR_EPOINT_INFINITY 2 - -#define MR_NOTSET 0 -#define MR_PROJECTIVE 0 -#define MR_AFFINE 1 -#define MR_BEST 2 -#define MR_TWIST 8 - -#define MR_OVER 0 -#define MR_ADD 1 -#define MR_DOUBLE 2 - -/* Twist type */ - -#define MR_QUADRATIC 2 -#define MR_CUBIC_M 0x3A -#define MR_CUBIC_D 0x3B -#define MR_QUARTIC_M 0x4A -#define MR_QUARTIC_D 0x4B -#define MR_SEXTIC_M 0x6A -#define MR_SEXTIC_D 0x6B - - -/* Fractional Sliding Windows for ECC - how much precomputation storage to use ? */ -/* Note that for variable point multiplication there is an optimal value - which can be reduced if space is short. For fixed points its a matter of - how much ROM is available to store precomputed points. - We are storing the k points (P,3P,5P,7P,...,[2k-1].P) */ - -/* These values can be manually tuned for optimal performance... */ - -#ifdef MR_SMALL_EWINDOW -#define MR_ECC_STORE_N 3 /* point store for ecn variable point multiplication */ -#define MR_ECC_STORE_2M 3 /* point store for ec2m variable point multiplication */ -#define MR_ECC_STORE_N2 3 /* point store for ecn2 variable point multiplication */ -#else -#define MR_ECC_STORE_N 8 /* 8/9 is close to optimal for 256 bit exponents */ -#define MR_ECC_STORE_2M 9 -#define MR_ECC_STORE_N2 8 -#endif - -/*#define MR_ECC_STORE_N2_PRECOMP MR_ECC_STORE_N2 */ - /* Might want to make this bigger.. */ - -/* If multi-addition is of m points, and s precomputed values are required, this is max of m*s (=4.10?) */ -#define MR_MAX_M_T_S 64 - -/* Elliptic Curve epoint structure. Uses projective (X,Y,Z) co-ordinates */ - -typedef struct { -int marker; -big X; -big Y; -#ifndef MR_AFFINE_ONLY -big Z; -#endif -} epoint; - - -/* Structure for Comb method for finite * - field exponentiation with precomputation */ - -typedef struct { -#ifdef MR_STATIC - const mr_small *table; -#else - mr_small *table; -#endif - big n; - int window; - int max; -} brick; - -/* Structure for Comb method for elliptic * - curve exponentiation with precomputation */ - -typedef struct { -#ifdef MR_STATIC - const mr_small *table; -#else - mr_small *table; -#endif - big a,b,n; - int window; - int max; -} ebrick; - -typedef struct { -#ifdef MR_STATIC - const mr_small *table; -#else - mr_small *table; -#endif - big a6,a2; - int m,a,b,c; - int window; - int max; -} ebrick2; - -typedef struct -{ - big a; - big b; -} zzn2; - -typedef struct -{ - zzn2 a; - zzn2 b; - BOOL unitary; -} zzn4; - -typedef struct -{ - int marker; - zzn2 x; - zzn2 y; -#ifndef MR_AFFINE_ONLY - zzn2 z; -#endif - -} ecn2; - -typedef struct -{ - big a; - big b; - big c; -} zzn3; - -typedef struct -{ - zzn2 a; - zzn2 b; - zzn2 c; -} zzn6_3x2; - -/* main MIRACL instance structure */ - -/* ------------------------------------------------------------------------*/ - -typedef struct { -mr_small base; /* number base */ -mr_small apbase; /* apparent base */ -int pack; /* packing density */ -int lg2b; /* bits in base */ -mr_small base2; /* 2^mr_lg2b */ -BOOL (*user)(void); /* pointer to user supplied function */ - -int nib; /* length of bigs */ -#ifndef MR_STRIPPED_DOWN -int depth; /* error tracing ..*/ -int trace[MR_MAXDEPTH]; /* .. mechanism */ -#endif -BOOL check; /* overflow check */ -BOOL fout; /* Output to file */ -BOOL fin; /* Input from file */ -BOOL active; - -#ifndef MR_NO_FILE_IO - -FILE *infile; /* Input file */ -FILE *otfile; /* Output file */ - -#endif - - -#ifndef MR_NO_RAND -mr_unsign32 ira[NK]; /* random number... */ -int rndptr; /* ...array & pointer */ -mr_unsign32 borrow; -#endif - - /* Montgomery constants */ -mr_small ndash; -big modulus; -big pR; -BOOL ACTIVE; -BOOL MONTY; - - /* Elliptic Curve details */ -#ifndef MR_NO_SS -BOOL SS; /* True for Super-Singular */ -#endif -#ifndef MR_NOKOBLITZ -BOOL KOBLITZ; /* True for a Koblitz curve */ -#endif -#ifndef MR_AFFINE_ONLY -int coord; -#endif -int Asize,Bsize; - -int M,AA,BB,CC; /* for GF(2^m) curves */ - -/* -mr_small pm,mask; -int e,k,Me,m; for GF(p^m) curves */ - - -#ifndef MR_STATIC - -int logN; /* constants for fast fourier fft multiplication */ -int nprimes,degree; -mr_utype *prime,*cr; -mr_utype *inverse,**roots; -small_chinese chin; -mr_utype const1,const2,const3; -mr_small msw,lsw; -mr_utype **s1,**s2; /* pre-computed tables for polynomial reduction */ -mr_utype **t; /* workspace */ -mr_utype *wa; -mr_utype *wb; -mr_utype *wc; - -#endif - -BOOL same; -BOOL first_one; -BOOL debug; - -big w0; /* workspace bigs */ -big w1,w2,w3,w4; -big w5,w6,w7; -big w8,w9,w10,w11; -big w12,w13,w14,w15; -big sru; -big one; - -#ifdef MR_KCM -big big_ndash; -big ws,wt; -#endif - -big A,B; - -/* User modifiables */ - -#ifndef MR_SIMPLE_IO -int IOBSIZ; /* size of i/o buffer */ -#endif -BOOL ERCON; /* error control */ -int ERNUM; /* last error code */ -int NTRY; /* no. of tries for probablistic primality testing */ -#ifndef MR_SIMPLE_IO -int INPLEN; /* input length */ -#ifndef MR_SIMPLE_BASE -int IOBASE; /* base for input and output */ - -#endif -#endif -#ifdef MR_FLASH -BOOL EXACT; /* exact flag */ -BOOL RPOINT; /* =ON for radix point, =OFF for fractions in output */ -#endif -#ifndef MR_STRIPPED_DOWN -BOOL TRACER; /* turns trace tracker on/off */ -#endif - -#ifdef MR_STATIC -const int *PRIMES; /* small primes array */ -#ifndef MR_SIMPLE_IO -char IOBUFF[MR_DEFAULT_BUFFER_SIZE]; /* i/o buffer */ -#endif -#else -int *PRIMES; /* small primes array */ -#ifndef MR_SIMPLE_IO -char *IOBUFF; /* i/o buffer */ -#endif -#endif - -#ifdef MR_FLASH -int workprec; -int stprec; /* start precision */ - -int RS,RD; -double D; - -double db,n,p; -int a,b,c,d,r,q,oldn,ndig; -mr_small u,v,ku,kv; - -BOOL last,carryon; -flash pi; - -#endif - -#ifdef MR_FP_ROUNDING -mr_large inverse_base; -#endif - -#ifndef MR_STATIC -char *workspace; -#else -char workspace[MR_BIG_RESERVE(MR_SPACES)]; -#endif - -int TWIST; /* set to twisted curve */ -int qnr; /* a QNR -1 for p=3 mod 4, -2 for p=5 mod 8, 0 otherwise */ -int cnr; /* a cubic non-residue */ -int pmod8; -int pmod9; -BOOL NO_CARRY; -} miracl; - -/* ------------------------------------------------------------------------*/ - - -#ifndef MR_GENERIC_MT - -#ifdef MR_WINDOWS_MT -#define MR_OS_THREADS -#endif - -#ifdef MR_UNIX_MT -#define MR_OS_THREADS -#endif - -#ifdef MR_OPENMP_MT -#define MR_OS_THREADS -#endif - - -#ifndef MR_OS_THREADS - -extern miracl *mr_mip; /* pointer to MIRACL's only global variable */ - -#endif - -#endif - -#ifdef MR_GENERIC_MT - -#ifdef MR_STATIC -#define MR_GENERIC_AND_STATIC -#endif - -#define _MIPT_ miracl *, -#define _MIPTO_ miracl * -#define _MIPD_ miracl *mr_mip, -#define _MIPDO_ miracl *mr_mip -#define _MIPP_ mr_mip, -#define _MIPPO_ mr_mip - -#else - -#define _MIPT_ -#define _MIPTO_ void -#define _MIPD_ -#define _MIPDO_ void -#define _MIPP_ -#define _MIPPO_ - -#endif - -/* Preamble and exit code for MIRACL routines. * - * Not used if MR_STRIPPED_DOWN is defined */ - -#ifdef MR_STRIPPED_DOWN -#define MR_OUT -#define MR_IN(N) -#else -#define MR_OUT mr_mip->depth--; -#define MR_IN(N) mr_mip->depth++; if (mr_mip->depthtrace[mr_mip->depth]=(N); if (mr_mip->TRACER) mr_track(_MIPPO_); } -#endif - -/* Function definitions */ - -/* Group 0 - Internal routines */ - -extern void mr_berror(_MIPT_ int); -extern mr_small mr_shiftbits(mr_small,int); -extern mr_small mr_setbase(_MIPT_ mr_small); -extern void mr_track(_MIPTO_ ); -extern void mr_lzero(big); -extern BOOL mr_notint(flash); -extern int mr_lent(flash); -extern void mr_padd(_MIPT_ big,big,big); -extern void mr_psub(_MIPT_ big,big,big); -extern void mr_pmul(_MIPT_ big,mr_small,big); -#ifdef MR_FP_ROUNDING -extern mr_large mr_invert(mr_small); -extern mr_small imuldiv(mr_small,mr_small,mr_small,mr_small,mr_large,mr_small *); -extern mr_small mr_sdiv(_MIPT_ big,mr_small,mr_large,big); -#else -extern mr_small mr_sdiv(_MIPT_ big,mr_small,big); -extern void mr_and(big,big,big); -extern void mr_xor(big,big,big); -#endif -extern void mr_shift(_MIPT_ big,int,big); -extern miracl *mr_first_alloc(void); -extern void *mr_alloc(_MIPT_ int,int); -extern void mr_free(void *); -extern void set_user_function(_MIPT_ BOOL (*)(void)); -extern void set_io_buffer_size(_MIPT_ int); -extern int mr_testbit(_MIPT_ big,int); -extern void mr_addbit(_MIPT_ big,int); -extern int recode(_MIPT_ big ,int ,int ,int ); -extern int mr_window(_MIPT_ big,int,int *,int *,int); -extern int mr_window2(_MIPT_ big,big,int,int *,int *); -extern int mr_naf_window(_MIPT_ big,big,int,int *,int *,int); - -extern int mr_fft_init(_MIPT_ int,big,big,BOOL); -extern void mr_dif_fft(_MIPT_ int,int,mr_utype *); -extern void mr_dit_fft(_MIPT_ int,int,mr_utype *); -extern void fft_reset(_MIPTO_); - -extern int mr_poly_mul(_MIPT_ int,big*,int,big*,big*); -extern int mr_poly_sqr(_MIPT_ int,big*,big*); -extern void mr_polymod_set(_MIPT_ int,big*,big*); -extern int mr_poly_rem(_MIPT_ int,big *,big *); - -extern int mr_ps_big_mul(_MIPT_ int,big *,big *,big *); -extern int mr_ps_zzn_mul(_MIPT_ int,big *,big *,big *); - -extern mr_small muldiv(mr_small,mr_small,mr_small,mr_small,mr_small *); -extern mr_small muldvm(mr_small,mr_small,mr_small,mr_small *); -extern mr_small muldvd(mr_small,mr_small,mr_small,mr_small *); -extern void muldvd2(mr_small,mr_small,mr_small *,mr_small *); - -extern flash mirvar_mem_variable(char *,int,int); -extern epoint* epoint_init_mem_variable(_MIPT_ char *,int,int); - -/* Group 1 - General purpose, I/O and basic arithmetic routines */ - -extern unsigned int igcd(unsigned int,unsigned int); -extern unsigned long lgcd(unsigned long,unsigned long); -extern mr_small sgcd(mr_small,mr_small); -extern unsigned int isqrt(unsigned int,unsigned int); -extern unsigned long mr_lsqrt(unsigned long,unsigned long); -extern void irand(_MIPT_ mr_unsign32); -extern mr_small brand(_MIPTO_ ); -extern void zero(flash); -extern void convert(_MIPT_ int,big); -extern void uconvert(_MIPT_ unsigned int,big); -extern void lgconv(_MIPT_ long,big); -extern void ulgconv(_MIPT_ unsigned long,big); -extern void tconvert(_MIPT_ mr_utype,big); - -#ifdef mr_dltype -extern void dlconv(_MIPT_ mr_dltype,big); -#endif - -extern flash mirvar(_MIPT_ int); -extern flash mirvar_mem(_MIPT_ char *,int); -extern void mirkill(big); -extern void *memalloc(_MIPT_ int); -extern void memkill(_MIPT_ char *,int); -extern void mr_init_threading(void); -extern void mr_end_threading(void); -extern miracl *get_mip(void ); -extern void set_mip(miracl *); -#ifdef MR_GENERIC_AND_STATIC -extern miracl *mirsys(miracl *,int,mr_small); -#else -extern miracl *mirsys(int,mr_small); -#endif -extern miracl *mirsys_basic(miracl *,int,mr_small); -extern void mirexit(_MIPTO_ ); -extern int exsign(flash); -extern void insign(int,flash); -extern int getdig(_MIPT_ big,int); -extern int numdig(_MIPT_ big); -extern void putdig(_MIPT_ int,big,int); -extern void copy(flash,flash); -extern void negify(flash,flash); -extern void absol(flash,flash); -extern int size(big); -extern int mr_compare(big,big); -extern void add(_MIPT_ big,big,big); -extern void subtract(_MIPT_ big,big,big); -extern void incr(_MIPT_ big,int,big); -extern void decr(_MIPT_ big,int,big); -extern void premult(_MIPT_ big,int,big); -extern int subdiv(_MIPT_ big,int,big); -extern BOOL subdivisible(_MIPT_ big,int); -extern int remain(_MIPT_ big,int); -extern void bytes_to_big(_MIPT_ int,const char *,big); -extern int big_to_bytes(_MIPT_ int,big,char *,BOOL); -extern mr_small normalise(_MIPT_ big,big); -extern void multiply(_MIPT_ big,big,big); -extern void fft_mult(_MIPT_ big,big,big); -extern BOOL fastmultop(_MIPT_ int,big,big,big); -extern void divide(_MIPT_ big,big,big); -extern BOOL divisible(_MIPT_ big,big); -extern void mad(_MIPT_ big,big,big,big,big,big); -extern int instr(_MIPT_ flash,char *); -extern int otstr(_MIPT_ flash,char *); -extern int cinstr(_MIPT_ flash,char *); -extern int cotstr(_MIPT_ flash,char *); -extern epoint* epoint_init(_MIPTO_ ); -extern epoint* epoint_init_mem(_MIPT_ char *,int); -extern void* ecp_memalloc(_MIPT_ int); -void ecp_memkill(_MIPT_ char *,int); -BOOL init_big_from_rom(big,int,const mr_small *,int ,int *); -BOOL init_point_from_rom(epoint *,int,const mr_small *,int,int *); - -#ifndef MR_NO_FILE_IO - -extern int innum(_MIPT_ flash,FILE *); -extern int otnum(_MIPT_ flash,FILE *); -extern int cinnum(_MIPT_ flash,FILE *); -extern int cotnum(_MIPT_ flash,FILE *); - -#endif - -/* Group 2 - Advanced arithmetic routines */ - -extern mr_small smul(mr_small,mr_small,mr_small); -extern mr_small spmd(mr_small,mr_small,mr_small); -extern mr_small invers(mr_small,mr_small); -extern mr_small sqrmp(mr_small,mr_small); -extern int jac(mr_small,mr_small); - -extern void gprime(_MIPT_ int); -extern int jack(_MIPT_ big,big); -extern int egcd(_MIPT_ big,big,big); -extern int xgcd(_MIPT_ big,big,big,big,big); -extern int invmodp(_MIPT_ big,big,big); -extern int logb2(_MIPT_ big); -extern int hamming(_MIPT_ big); -extern void expb2(_MIPT_ int,big); -extern void bigbits(_MIPT_ int,big); -extern void expint(_MIPT_ int,int,big); -extern void sftbit(_MIPT_ big,int,big); -extern void power(_MIPT_ big,long,big,big); -extern void powmod(_MIPT_ big,big,big,big); -extern void powmod2(_MIPT_ big,big,big,big,big,big); -extern void powmodn(_MIPT_ int,big *,big *,big,big); -extern int powltr(_MIPT_ int,big,big,big); -extern BOOL double_inverse(_MIPT_ big,big,big,big,big); -extern BOOL multi_inverse(_MIPT_ int,big*,big,big*); -extern void lucas(_MIPT_ big,big,big,big,big); -extern BOOL nroot(_MIPT_ big,int,big); -extern BOOL sqroot(_MIPT_ big,big,big); -extern void bigrand(_MIPT_ big,big); -extern void bigdig(_MIPT_ int,int,big); -extern int trial_division(_MIPT_ big,big); -extern BOOL isprime(_MIPT_ big); -extern BOOL nxprime(_MIPT_ big,big); -extern BOOL nxsafeprime(_MIPT_ int,int,big,big); -extern BOOL crt_init(_MIPT_ big_chinese *,int,big *); -extern void crt(_MIPT_ big_chinese *,big *,big); -extern void crt_end(big_chinese *); -extern BOOL scrt_init(_MIPT_ small_chinese *,int,mr_utype *); -extern void scrt(_MIPT_ small_chinese*,mr_utype *,big); -extern void scrt_end(small_chinese *); -#ifndef MR_STATIC -extern BOOL brick_init(_MIPT_ brick *,big,big,int,int); -extern void brick_end(brick *); -#else -extern void brick_init(brick *,const mr_small *,big,int,int); -#endif -extern void pow_brick(_MIPT_ brick *,big,big); -#ifndef MR_STATIC -extern BOOL ebrick_init(_MIPT_ ebrick *,big,big,big,big,big,int,int); -extern void ebrick_end(ebrick *); -#else -extern void ebrick_init(ebrick *,const mr_small *,big,big,big,int,int); -#endif -extern int mul_brick(_MIPT_ ebrick*,big,big,big); -#ifndef MR_STATIC -extern BOOL ebrick2_init(_MIPT_ ebrick2 *,big,big,big,big,int,int,int,int,int,int); -extern void ebrick2_end(ebrick2 *); -#else -extern void ebrick2_init(ebrick2 *,const mr_small *,big,big,int,int,int,int,int,int); -#endif -extern int mul2_brick(_MIPT_ ebrick2*,big,big,big); - -/* Montgomery stuff */ - -extern mr_small prepare_monty(_MIPT_ big); -extern void kill_monty(_MIPTO_ ); -extern void nres(_MIPT_ big,big); -extern void redc(_MIPT_ big,big); - -extern void nres_negate(_MIPT_ big,big); -extern void nres_modadd(_MIPT_ big,big,big); -extern void nres_modsub(_MIPT_ big,big,big); -extern void nres_lazy(_MIPT_ big,big,big,big,big,big); -extern void nres_complex(_MIPT_ big,big,big,big); -extern void nres_double_modadd(_MIPT_ big,big,big); -extern void nres_double_modsub(_MIPT_ big,big,big); -extern void nres_premult(_MIPT_ big,int,big); -extern void nres_modmult(_MIPT_ big,big,big); -extern int nres_moddiv(_MIPT_ big,big,big); -extern void nres_dotprod(_MIPT_ int,big *,big *,big); -extern void nres_powmod(_MIPT_ big,big,big); -extern void nres_powltr(_MIPT_ int,big,big); -extern void nres_powmod2(_MIPT_ big,big,big,big,big); -extern void nres_powmodn(_MIPT_ int,big *,big *,big); -extern BOOL nres_sqroot(_MIPT_ big,big); -extern void nres_lucas(_MIPT_ big,big,big,big); -extern BOOL nres_double_inverse(_MIPT_ big,big,big,big); -extern BOOL nres_multi_inverse(_MIPT_ int,big *,big *); -extern void nres_div2(_MIPT_ big,big); -extern void nres_div3(_MIPT_ big,big); -extern void nres_div5(_MIPT_ big,big); - -extern void shs_init(sha *); -extern void shs_process(sha *,int); -extern void shs_hash(sha *,char *); - -extern void shs256_init(sha256 *); -extern void shs256_process(sha256 *,int); -extern void shs256_hash(sha256 *,char *); - -#ifdef mr_unsign64 - -extern void shs512_init(sha512 *); -extern void shs512_process(sha512 *,int); -extern void shs512_hash(sha512 *,char *); - -extern void shs384_init(sha384 *); -extern void shs384_process(sha384 *,int); -extern void shs384_hash(sha384 *,char *); - -extern void sha3_init(sha3 *,int); -extern void sha3_process(sha3 *,int); -extern void sha3_hash(sha3 *,char *); - -#endif - -extern BOOL aes_init(aes *,int,int,char *,char *); -extern void aes_getreg(aes *,char *); -extern void aes_ecb_encrypt(aes *,MR_BYTE *); -extern void aes_ecb_decrypt(aes *,MR_BYTE *); -extern mr_unsign32 aes_encrypt(aes *,char *); -extern mr_unsign32 aes_decrypt(aes *,char *); -extern void aes_reset(aes *,int,char *); -extern void aes_end(aes *); - -extern void gcm_init(gcm *,int,char *,int,char *); -extern BOOL gcm_add_header(gcm *,char *,int); -extern BOOL gcm_add_cipher(gcm *,int,char *,int,char *); -extern void gcm_finish(gcm *,char *); - -extern void FPE_encrypt(int ,aes *,mr_unsign32 ,mr_unsign32 ,char *,int); -extern void FPE_decrypt(int ,aes *,mr_unsign32 ,mr_unsign32 ,char *,int); - -extern void strong_init(csprng *,int,char *,mr_unsign32); -extern int strong_rng(csprng *); -extern void strong_bigrand(_MIPT_ csprng *,big,big); -extern void strong_bigdig(_MIPT_ csprng *,int,int,big); -extern void strong_kill(csprng *); - -/* special modular multipliers */ - -extern void comba_mult(big,big,big); -extern void comba_square(big,big); -extern void comba_redc(_MIPT_ big,big); -extern void comba_modadd(_MIPT_ big,big,big); -extern void comba_modsub(_MIPT_ big,big,big); -extern void comba_double_modadd(_MIPT_ big,big,big); -extern void comba_double_modsub(_MIPT_ big,big,big); -extern void comba_negate(_MIPT_ big,big); -extern void comba_add(big,big,big); -extern void comba_sub(big,big,big); -extern void comba_double_add(big,big,big); -extern void comba_double_sub(big,big,big); - -extern void comba_mult2(_MIPT_ big,big,big); - -extern void fastmodmult(_MIPT_ big,big,big); -extern void fastmodsquare(_MIPT_ big,big); - -extern void kcm_mul(_MIPT_ big,big,big); -extern void kcm_sqr(_MIPT_ big,big); -extern void kcm_redc(_MIPT_ big,big); - -extern void kcm_multiply(_MIPT_ int,big,big,big); -extern void kcm_square(_MIPT_ int,big,big); -extern BOOL kcm_top(_MIPT_ int,big,big,big); - -/* elliptic curve stuff */ - -extern BOOL point_at_infinity(epoint *); - -extern void mr_jsf(_MIPT_ big,big,big,big,big,big); - -extern void ecurve_init(_MIPT_ big,big,big,int); -extern int ecurve_add(_MIPT_ epoint *,epoint *); -extern int ecurve_sub(_MIPT_ epoint *,epoint *); -extern void ecurve_double_add(_MIPT_ epoint *,epoint *,epoint *,epoint *,big *,big *); -extern void ecurve_multi_add(_MIPT_ int,epoint **,epoint **); -extern void ecurve_double(_MIPT_ epoint*); -extern int ecurve_mult(_MIPT_ big,epoint *,epoint *); -extern void ecurve_mult2(_MIPT_ big,epoint *,big,epoint *,epoint *); -extern void ecurve_multn(_MIPT_ int,big *,epoint**,epoint *); - -extern BOOL epoint_x(_MIPT_ big); -extern BOOL epoint_set(_MIPT_ big,big,int,epoint*); -extern int epoint_get(_MIPT_ epoint*,big,big); -extern void epoint_getxyz(_MIPT_ epoint *,big,big,big); -extern BOOL epoint_norm(_MIPT_ epoint *); -extern BOOL epoint_multi_norm(_MIPT_ int,big *,epoint **); -extern void epoint_free(epoint *); -extern void epoint_copy(epoint *,epoint *); -extern BOOL epoint_comp(_MIPT_ epoint *,epoint *); -extern void epoint_negate(_MIPT_ epoint *); - -extern BOOL ecurve2_init(_MIPT_ int,int,int,int,big,big,BOOL,int); -extern big ecurve2_add(_MIPT_ epoint *,epoint *); -extern big ecurve2_sub(_MIPT_ epoint *,epoint *); -extern void ecurve2_multi_add(_MIPT_ int,epoint **,epoint **); -extern void ecurve2_mult(_MIPT_ big,epoint *,epoint *); -extern void ecurve2_mult2(_MIPT_ big,epoint *,big,epoint *,epoint *); -extern void ecurve2_multn(_MIPT_ int,big *,epoint**,epoint *); - -extern epoint* epoint2_init(_MIPTO_ ); -extern BOOL epoint2_set(_MIPT_ big,big,int,epoint*); -extern int epoint2_get(_MIPT_ epoint*,big,big); -extern void epoint2_getxyz(_MIPT_ epoint *,big,big,big); -extern int epoint2_norm(_MIPT_ epoint *); -extern void epoint2_free(epoint *); -extern void epoint2_copy(epoint *,epoint *); -extern BOOL epoint2_comp(_MIPT_ epoint *,epoint *); -extern void epoint2_negate(_MIPT_ epoint *); - -/* GF(2) stuff */ - -extern BOOL prepare_basis(_MIPT_ int,int,int,int,BOOL); -extern int parity2(big); -extern BOOL multi_inverse2(_MIPT_ int,big *,big *); -extern void add2(big,big,big); -extern void incr2(big,int,big); -extern void reduce2(_MIPT_ big,big); -extern void multiply2(_MIPT_ big,big,big); -extern void modmult2(_MIPT_ big,big,big); -extern void modsquare2(_MIPT_ big,big); -extern void power2(_MIPT_ big,int,big); -extern void sqroot2(_MIPT_ big,big); -extern void halftrace2(_MIPT_ big,big); -extern BOOL quad2(_MIPT_ big,big); -extern BOOL inverse2(_MIPT_ big,big); -extern void karmul2(int,mr_small *,mr_small *,mr_small *,mr_small *); -extern void karmul2_poly(_MIPT_ int,big *,big *,big *,big *); -extern void karmul2_poly_upper(_MIPT_ int,big *,big *,big *,big *); -extern void gf2m_dotprod(_MIPT_ int,big *,big *,big); -extern int trace2(_MIPT_ big); -extern void rand2(_MIPT_ big); -extern void gcd2(_MIPT_ big,big,big); -extern int degree2(big); - -/* zzn2 stuff */ - -extern BOOL zzn2_iszero(zzn2 *); -extern BOOL zzn2_isunity(_MIPT_ zzn2 *); -extern void zzn2_from_int(_MIPT_ int,zzn2 *); -extern void zzn2_from_ints(_MIPT_ int,int,zzn2 *); -extern void zzn2_copy(zzn2 *,zzn2 *); -extern void zzn2_zero(zzn2 *); -extern void zzn2_negate(_MIPT_ zzn2 *,zzn2 *); -extern void zzn2_conj(_MIPT_ zzn2 *,zzn2 *); -extern void zzn2_add(_MIPT_ zzn2 *,zzn2 *,zzn2 *); -extern void zzn2_sub(_MIPT_ zzn2 *,zzn2 *,zzn2 *); -extern void zzn2_smul(_MIPT_ zzn2 *,big,zzn2 *); -extern void zzn2_mul(_MIPT_ zzn2 *,zzn2 *,zzn2 *); -extern void zzn2_sqr(_MIPT_ zzn2 *,zzn2 *); -extern void zzn2_inv(_MIPT_ zzn2 *); -extern void zzn2_timesi(_MIPT_ zzn2 *); -extern void zzn2_powl(_MIPT_ zzn2 *,big,zzn2 *); -extern void zzn2_from_zzns(big,big,zzn2 *); -extern void zzn2_from_bigs(_MIPT_ big,big,zzn2 *); -extern void zzn2_from_zzn(big,zzn2 *); -extern void zzn2_from_big(_MIPT_ big, zzn2 *); -extern void zzn2_sadd(_MIPT_ zzn2 *,big,zzn2 *); -extern void zzn2_ssub(_MIPT_ zzn2 *,big,zzn2 *); -extern void zzn2_div2(_MIPT_ zzn2 *); -extern void zzn2_div3(_MIPT_ zzn2 *); -extern void zzn2_div5(_MIPT_ zzn2 *); -extern void zzn2_imul(_MIPT_ zzn2 *,int,zzn2 *); -extern BOOL zzn2_compare(zzn2 *,zzn2 *); -extern void zzn2_txx(_MIPT_ zzn2 *); -extern void zzn2_txd(_MIPT_ zzn2 *); -extern BOOL zzn2_sqrt(_MIPT_ zzn2 *,zzn2 *); -extern BOOL zzn2_qr(_MIPT_ zzn2 *); -extern BOOL zzn2_multi_inverse(_MIPT_ int,zzn2 *,zzn2 *); - - -/* zzn3 stuff */ - -extern void zzn3_set(_MIPT_ int,big); -extern BOOL zzn3_iszero(zzn3 *); -extern BOOL zzn3_isunity(_MIPT_ zzn3 *); -extern void zzn3_from_int(_MIPT_ int,zzn3 *); -extern void zzn3_from_ints(_MIPT_ int,int,int,zzn3 *); -extern void zzn3_copy(zzn3 *,zzn3 *); -extern void zzn3_zero(zzn3 *); -extern void zzn3_negate(_MIPT_ zzn3 *,zzn3 *); -extern void zzn3_powq(_MIPT_ zzn3 *,zzn3 *); -extern void zzn3_add(_MIPT_ zzn3 *,zzn3 *,zzn3 *); -extern void zzn3_sub(_MIPT_ zzn3 *,zzn3 *,zzn3 *); -extern void zzn3_smul(_MIPT_ zzn3 *,big,zzn3 *); -extern void zzn3_mul(_MIPT_ zzn3 *,zzn3 *,zzn3 *); -extern void zzn3_inv(_MIPT_ zzn3 *); -extern void zzn3_timesi(_MIPT_ zzn3 *); -extern void zzn3_timesi2(_MIPT_ zzn3 *); -extern void zzn3_powl(_MIPT_ zzn3 *,big,zzn3 *); -extern void zzn3_from_zzns(big,big,big,zzn3 *); -extern void zzn3_from_bigs(_MIPT_ big,big,big,zzn3 *); -extern void zzn3_from_zzn(big,zzn3 *); -extern void zzn3_from_zzn_1(big,zzn3 *); -extern void zzn3_from_zzn_2(big,zzn3 *); -extern void zzn3_from_big(_MIPT_ big, zzn3 *); -extern void zzn3_sadd(_MIPT_ zzn3 *,big,zzn3 *); -extern void zzn3_ssub(_MIPT_ zzn3 *,big,zzn3 *); -extern void zzn3_div2(_MIPT_ zzn3 *); -extern void zzn3_imul(_MIPT_ zzn3 *,int,zzn3 *); -extern BOOL zzn3_compare(zzn3 *,zzn3 *); - -/* zzn4 stuff */ - -extern BOOL zzn4_iszero(zzn4 *); -extern BOOL zzn4_isunity(_MIPT_ zzn4 *); -extern void zzn4_from_int(_MIPT_ int,zzn4 *); -extern void zzn4_copy(zzn4 *,zzn4 *); -extern void zzn4_zero(zzn4 *); -extern void zzn4_negate(_MIPT_ zzn4 *,zzn4 *); -extern void zzn4_powq(_MIPT_ zzn2 *,zzn4 *); -extern void zzn4_add(_MIPT_ zzn4 *,zzn4 *,zzn4 *); -extern void zzn4_sub(_MIPT_ zzn4 *,zzn4 *,zzn4 *); -extern void zzn4_smul(_MIPT_ zzn4 *,zzn2 *,zzn4 *); -extern void zzn4_sqr(_MIPT_ zzn4 *,zzn4 *); -extern void zzn4_mul(_MIPT_ zzn4 *,zzn4 *,zzn4 *); -extern void zzn4_inv(_MIPT_ zzn4 *); -extern void zzn4_timesi(_MIPT_ zzn4 *); -extern void zzn4_tx(_MIPT_ zzn4 *); -extern void zzn4_from_zzn2s(zzn2 *,zzn2 *,zzn4 *); -extern void zzn4_from_zzn2(zzn2 *,zzn4 *); -extern void zzn4_from_zzn2h(zzn2 *,zzn4 *); -extern void zzn4_from_zzn(big,zzn4 *); -extern void zzn4_from_big(_MIPT_ big , zzn4 *); -extern void zzn4_sadd(_MIPT_ zzn4 *,zzn2 *,zzn4 *); -extern void zzn4_ssub(_MIPT_ zzn4 *,zzn2 *,zzn4 *); -extern void zzn4_div2(_MIPT_ zzn4 *); -extern void zzn4_conj(_MIPT_ zzn4 *,zzn4 *); -extern void zzn4_imul(_MIPT_ zzn4 *,int,zzn4 *); -extern void zzn4_lmul(_MIPT_ zzn4 *,big,zzn4 *); -extern BOOL zzn4_compare(zzn4 *,zzn4 *); - -/* ecn2 stuff */ - -extern BOOL ecn2_iszero(ecn2 *); -extern void ecn2_copy(ecn2 *,ecn2 *); -extern void ecn2_zero(ecn2 *); -extern BOOL ecn2_compare(_MIPT_ ecn2 *,ecn2 *); -extern void ecn2_norm(_MIPT_ ecn2 *); -extern void ecn2_get(_MIPT_ ecn2 *,zzn2 *,zzn2 *,zzn2 *); -extern void ecn2_getxy(ecn2 *,zzn2 *,zzn2 *); -extern void ecn2_getx(ecn2 *,zzn2 *); -extern void ecn2_getz(_MIPT_ ecn2 *,zzn2 *); -extern void ecn2_rhs(_MIPT_ zzn2 *,zzn2 *); -extern BOOL ecn2_set(_MIPT_ zzn2 *,zzn2 *,ecn2 *); -extern BOOL ecn2_setx(_MIPT_ zzn2 *,ecn2 *); -extern void ecn2_setxyz(_MIPT_ zzn2 *,zzn2 *,zzn2 *,ecn2 *); -extern void ecn2_negate(_MIPT_ ecn2 *,ecn2 *); -extern BOOL ecn2_add3(_MIPT_ ecn2 *,ecn2 *,zzn2 *,zzn2 *,zzn2 *); -extern BOOL ecn2_add2(_MIPT_ ecn2 *,ecn2 *,zzn2 *,zzn2 *); -extern BOOL ecn2_add1(_MIPT_ ecn2 *,ecn2 *,zzn2 *); -extern BOOL ecn2_add(_MIPT_ ecn2 *,ecn2 *); -extern BOOL ecn2_sub(_MIPT_ ecn2 *,ecn2 *); -extern BOOL ecn2_add_sub(_MIPT_ ecn2 *,ecn2 *,ecn2 *,ecn2 *); -extern int ecn2_mul2_jsf(_MIPT_ big,ecn2 *,big,ecn2 *,ecn2 *); -extern int ecn2_mul(_MIPT_ big,ecn2 *); -extern void ecn2_psi(_MIPT_ zzn2 *,ecn2 *); -extern BOOL ecn2_multi_norm(_MIPT_ int ,zzn2 *,ecn2 *); -extern int ecn2_mul4_gls_v(_MIPT_ big *,int,ecn2 *,big *,ecn2 *,zzn2 *,ecn2 *); -extern int ecn2_muln_engine(_MIPT_ int,int,int,int,big *,big *,big *,big *,ecn2 *,ecn2 *,ecn2 *); -extern void ecn2_precomp_gls(_MIPT_ int,BOOL,ecn2 *,zzn2 *,ecn2 *); -extern int ecn2_mul2_gls(_MIPT_ big *,ecn2 *,zzn2 *,ecn2 *); -extern void ecn2_precomp(_MIPT_ int,BOOL,ecn2 *,ecn2 *); -extern int ecn2_mul2(_MIPT_ big,int,ecn2 *,big,ecn2 *,ecn2 *); -#ifndef MR_STATIC -extern BOOL ecn2_brick_init(_MIPT_ ebrick *,zzn2 *,zzn2 *,big,big,big,int,int); -extern void ecn2_brick_end(ebrick *); -#else -extern void ebrick_init(ebrick *,const mr_small *,big,big,big,int,int); -#endif -extern void ecn2_mul_brick_gls(_MIPT_ ebrick *B,big *,zzn2 *,zzn2 *,zzn2 *); -extern void ecn2_multn(_MIPT_ int,big *,ecn2 *,ecn2 *); -extern void ecn2_mult4(_MIPT_ big *,ecn2 *,ecn2 *); -/* Group 3 - Floating-slash routines */ - -#ifdef MR_FLASH -extern void fpack(_MIPT_ big,big,flash); -extern void numer(_MIPT_ flash,big); -extern void denom(_MIPT_ flash,big); -extern BOOL fit(big,big,int); -extern void build(_MIPT_ flash,int (*)(_MIPT_ big,int)); -extern void mround(_MIPT_ big,big,flash); -extern void flop(_MIPT_ flash,flash,int *,flash); -extern void fmul(_MIPT_ flash,flash,flash); -extern void fdiv(_MIPT_ flash,flash,flash); -extern void fadd(_MIPT_ flash,flash,flash); -extern void fsub(_MIPT_ flash,flash,flash); -extern int fcomp(_MIPT_ flash,flash); -extern void fconv(_MIPT_ int,int,flash); -extern void frecip(_MIPT_ flash,flash); -extern void ftrunc(_MIPT_ flash,big,flash); -extern void fmodulo(_MIPT_ flash,flash,flash); -extern void fpmul(_MIPT_ flash,int,int,flash); -extern void fincr(_MIPT_ flash,int,int,flash); -extern void dconv(_MIPT_ double,flash); -extern double fdsize(_MIPT_ flash); -extern void frand(_MIPT_ flash); - -/* Group 4 - Advanced Flash routines */ - -extern void fpower(_MIPT_ flash,int,flash); -extern BOOL froot(_MIPT_ flash,int,flash); -extern void fpi(_MIPT_ flash); -extern void fexp(_MIPT_ flash,flash); -extern void flog(_MIPT_ flash,flash); -extern void fpowf(_MIPT_ flash,flash,flash); -extern void ftan(_MIPT_ flash,flash); -extern void fatan(_MIPT_ flash,flash); -extern void fsin(_MIPT_ flash,flash); -extern void fasin(_MIPT_ flash,flash); -extern void fcos(_MIPT_ flash,flash); -extern void facos(_MIPT_ flash,flash); -extern void ftanh(_MIPT_ flash,flash); -extern void fatanh(_MIPT_ flash,flash); -extern void fsinh(_MIPT_ flash,flash); -extern void fasinh(_MIPT_ flash,flash); -extern void fcosh(_MIPT_ flash,flash); -extern void facosh(_MIPT_ flash,flash); -#endif - - -/* Test predefined Macros to determine compiler type, and hopefully - selectively use fast in-line assembler (or other compiler specific - optimisations. Note I am unsure of Microsoft version numbers. So I - suspect are Microsoft. - - Note: It seems to be impossible to get the 16-bit Microsoft compiler - to allow inline 32-bit op-codes. So I suspect that INLINE_ASM == 2 will - never work with it. Pity. - -#define INLINE_ASM 1 -> generates 8086 inline assembly -#define INLINE_ASM 2 -> generates mixed 8086 & 80386 inline assembly, - so you can get some benefit while running in a - 16-bit environment on 32-bit hardware (DOS, Windows - 3.1...) -#define INLINE_ASM 3 -> generate true 80386 inline assembly - (Using DOS - extender, Windows '95/Windows NT) - Actually optimised for Pentium - -#define INLINE_ASM 4 -> 80386 code in the GNU style (for (DJGPP) - -Small, medium, compact and large memory models are supported for the -first two of the above. - -*/ - -/* To allow for inline assembly */ - -#ifdef __GNUC__ - #define ASM __asm__ __volatile__ -#endif - -#ifdef __TURBOC__ - #define ASM asm -#endif - -#ifdef _MSC_VER - #define ASM _asm -#endif - -#ifndef MR_NOASM - -/* Win64 - inline the time critical function */ -#ifndef MR_NO_INTRINSICS - #ifdef MR_WIN64 - #define muldvd(a,b,c,rp) (*(rp)=_umul128((a),(b),&(tm)),*(rp)+=(c),tm+=(*(rp)<(c)),tm) - #define muldvd2(a,b,c,rp) (tr=_umul128((a),(b),&(tm)),tr+=(*(c)),tm+=(tr<(*(c))),tr+=(*(rp)),tm+=(tr<(*(rp))),*(rp)=tr,*(c)=tm) - #endif - -/* Itanium - inline the time-critical functions */ - - #ifdef MR_ITANIUM - #define muldvd(a,b,c,rp) (tm=_m64_xmahu((a),(b),(c)),*(rp)=_m64_xmalu((a),(b),(c)),tm) - #define muldvd2(a,b,c,rp) (tm=_m64_xmalu((a),(b),(*(c))),*(c)=_m64_xmahu((a),(b),(*(c))),tm+=*(rp),*(c)+=(tm<*(rp)),*(rp)=tm) - #endif -#endif -/* - -SSE2 code. Works as for itanium - but in fact it is slower than the regular code so not recommended -Would require a call to emmintrin.h or xmmintrin.h, and an __m128i variable tm to be declared in effected -functions. But it works! - - #define muldvd(a,b,c,rp) (tm=_mm_add_epi64(_mm_mul_epu32(_mm_cvtsi32_si128((a)),_mm_cvtsi32_si128((b))),_mm_cvtsi32_si128((c))),*(rp)=_mm_cvtsi128_si32(tm),_mm_cvtsi128_si32(_mm_shuffle_epi32(tm,_MM_SHUFFLE(3,2,0,1))) ) - #define muldvd2(a,b,c,rp) (tm=_mm_add_epi64(_mm_add_epi64(_mm_mul_epu32(_mm_cvtsi32_si128((a)),_mm_cvtsi32_si128((b))),_mm_cvtsi32_si128(*(c))),_mm_cvtsi32_si128(*(rp))),*(rp)=_mm_cvtsi128_si32(tm),*(c)=_mm_cvtsi128_si32( _mm_shuffle_epi32(tm,_MM_SHUFFLE(3,2,0,1)) ) -*/ - -/* Borland C/Turbo C */ - - #ifdef __TURBOC__ - #ifndef __HUGE__ - #if defined(__COMPACT__) || defined(__LARGE__) - #define MR_LMM - #endif - - #if MIRACL==16 - #define INLINE_ASM 1 - #endif - - #if __TURBOC__>=0x410 - #if MIRACL==32 -#if defined(__SMALL__) || defined(__MEDIUM__) || defined(__LARGE__) || defined(__COMPACT__) - #define INLINE_ASM 2 - #else - #define INLINE_ASM 3 - #endif - #endif - #endif - #endif - #endif - -/* Microsoft C */ - - #ifdef _MSC_VER - #ifndef M_I86HM - #if defined(M_I86CM) || defined(M_I86LM) - #define MR_LMM - #endif - #if _MSC_VER>=600 - #if _MSC_VER<1200 - #if MIRACL==16 - #define INLINE_ASM 1 - #endif - #endif - #endif - #if _MSC_VER>=1000 - #if MIRACL==32 - #define INLINE_ASM 3 - #endif - #endif - #endif - #endif - -/* DJGPP GNU C */ - - #ifdef __GNUC__ - #ifdef i386 - #if MIRACL==32 - #define INLINE_ASM 4 - #endif - #endif - #endif - -#endif - -#ifdef __cplusplus -} -#endif - - - -/* - The following contribution is from Tielo Jongmans, Netherlands - These inline assembler routines are suitable for Watcom 10.0 and up - - Added into miracl.h. Notice the override of the original declarations - of these routines, which should be removed. - - The following pragma is optional, it is dangerous, but it saves a - calling sequence -*/ - -/* - -#pragma off (check_stack); - -extern unsigned int muldiv(unsigned int, unsigned int, unsigned int, unsigned int, unsigned int *); -#pragma aux muldiv= \ - "mul edx" \ - "add eax,ebx" \ - "adc edx,0" \ - "div ecx" \ - "mov [esi],edx" \ - parm [eax] [edx] [ebx] [ecx] [esi] \ - value [eax] \ - modify [eax edx]; - -extern unsigned int muldvm(unsigned int, unsigned int, unsigned int, unsigned int *); -#pragma aux muldvm= \ - "div ebx" \ - "mov [ecx],edx" \ - parm [edx] [eax] [ebx] [ecx] \ - value [eax] \ - modify [eax edx]; - -extern unsigned int muldvd(unsigned int, unsigned int, unsigned int, unsigned int *); -#pragma aux muldvd= \ - "mul edx" \ - "add eax,ebx" \ - "adc edx,0" \ - "mov [ecx],eax" \ - "mov eax,edx" \ - parm [eax] [edx] [ebx] [ecx] \ - value [eax] \ - modify [eax edx]; - -*/ - - -#endif - - diff --git a/include/openssl/mirdef.h b/include/openssl/mirdef.h deleted file mode 100644 index 210c314f..00000000 --- a/include/openssl/mirdef.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * MIRACL compiler/hardware definitions - mirdef.h - * For C++ build of library - */ - -#ifndef HEADER_MIRDEF_H -#define HEADER_MIRDEF_H - -#ifdef __cplusplus -extern "C"{ -#endif - -#define MR_LITTLE_ENDIAN -#define MIRACL 64 -#define mr_utype long -#define mr_dltype long long -#define mr_unsign64 unsigned long -#define MR_IBITS 32 -#define MR_LBITS 64 -#define mr_unsign32 unsigned int -#define MR_FLASH 52 -#define MAXBASE ((mr_small)1<<(MIRACL-1)) -#define MR_BITSINCHAR 8 -#define MR_CPP - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/openssl/sm2_standard.h b/include/openssl/sm2_standard.h deleted file mode 100644 index f74793db..00000000 --- a/include/openssl/sm2_standard.h +++ /dev/null @@ -1,261 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_SM2_STANDARD_H -#define HEADER_SM2_STANDARD_H - - -#include -#include -#include - - - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include -#include - -#define ERR_INFINITY_POINT 0x00000001 -#define ERR_NOT_VALID_ELEMENT 0x00000002 -#define ERR_NOT_VALID_POINT 0x00000003 -#define ERR_ORDER 0x00000004 -#define ERR_ECURVE_INIT 0x00000005 -#define ERR_KEYEX_RA 0x00000006 -#define ERR_KEYEX_RB 0x00000007 -#define ERR_EQUAL_S1SB 0x00000008 -#define ERR_EQUAL_S2SA 0x00000009 -#define ERR_SELFTEST_Z 0x0000000A -#define ERR_SELFTEST_INI_I 0x0000000B -#define ERR_SELFTEST_RES_I 0x0000000C -#define ERR_SELFTEST_INI_II 0x0000000D -#define ERR_GENERATE_R 0x0000000E -#define ERR_GENERATE_S 0x0000000F -#define ERR_OUTRANGE_R 0x00000010 -#define ERR_OUTRANGE_S 0x00000011 -#define ERR_GENERATE_T 0x00000012 -#define ERR_PUBKEY_INIT 0x00000013 -#define ERR_DATA_MEMCMP 0x00000014 -#define ERR_ARRAY_NULL 0x00000015 -#define ERR_C3_MATCH 0x00000016 -#define ERR_SELFTEST_KG 0x00000017 -#define ERR_SELFTEST_ENC 0x00000018 -#define ERR_SELFTEST_DEC 0x00000019 - - -static unsigned char SM2_p[32] = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -static unsigned char SM2_a[32] = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC}; -static unsigned char SM2_b[32] = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7, - 0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93}; -static unsigned char SM2_n[32] = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23}; -static unsigned char SM2_Gx[32] = {0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94, - 0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1, 0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7}; -static unsigned char SM2_Gy[32] = {0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53, - 0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40, 0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0}; -static unsigned char SM2_h[32] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; - -big para_p, para_a, para_b, para_n, para_Gx, para_Gy, para_h; -epoint *G; -miracl *mip; - - -int SM2_w(big n); -void SM3_z(unsigned char ID[], unsigned short int ELAN, epoint* pubKey, unsigned char hash[]); -static int Test_Point(epoint* point); -static int Test_PubKey(epoint *pubKey); -int Test_Null(unsigned char array[], int len); -int Test_Zero(big x); -int Test_n(big x); -int Test_Range(big x); -static int SM2_standard_init(); -static int SM2_standard_keygeneration(big priKey, epoint *pubKey); -int SM2_standard_sign_keygeneration(unsigned char PriKey[], unsigned char Px[], unsigned char Py[]); -int SM2_standard_keyex_init_i(big ra, epoint* RA); -int SM2_standard_keyex_re_i(big rb, big dB, epoint* RA, epoint* PA, unsigned char ZA[], unsigned char ZB[], unsigned char K[], int klen, epoint* RB, epoint* V, unsigned char hash[]); -int SM2_standard_keyex_init_ii(big ra, big dA, epoint* RA, epoint* RB, epoint* PB, unsigned char ZA[], unsigned char ZB[], unsigned char SB[], unsigned char K[], int klen, unsigned char SA[]); -int SM2_standard_keyex_re_ii(epoint *V, epoint *RA, epoint *RB, unsigned char ZA[], unsigned char ZB[], unsigned char SA[]); -int SM2_standard_keyex_selftest(); -int SM2_standard_encrypt(unsigned char* randK, epoint *pubKey, unsigned char M[], int klen, unsigned char C[]); -int SM2_standard_decrypt(big dB, unsigned char C[], int Clen, unsigned char M[]); -int SM2_standard_enc_selftest(); -int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[]); -int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[]); -int SM2_standard_selfcheck(); - - -/* Initiate SM2 curve */ -static int SM2_standard_init() -{ - epoint *nG; - para_p = mirvar(0); - para_a = mirvar(0); - para_b = mirvar(0); - para_n = mirvar(0); - para_Gx = mirvar(0); - para_Gy = mirvar(0); - para_h = mirvar(0); - - G = epoint_init(); - nG = epoint_init(); - - bytes_to_big(SM2_NUMWORD, SM2_p, para_p); - bytes_to_big(SM2_NUMWORD, SM2_a, para_a); - bytes_to_big(SM2_NUMWORD, SM2_b, para_b); - bytes_to_big(SM2_NUMWORD, SM2_n, para_n); - bytes_to_big(SM2_NUMWORD, SM2_Gx, para_Gx); - bytes_to_big(SM2_NUMWORD, SM2_Gy, para_Gy); - bytes_to_big(SM2_NUMWORD, SM2_h, para_h); - - ecurve_init(para_a, para_b, para_p, MR_PROJECTIVE); //Initialises GF(p) elliptic curve. - //MR_PROJECTIVE specifying projective coordinates - if (!epoint_set(para_Gx, para_Gy, 0, G)) //initialise point G - { - return ERR_ECURVE_INIT; - } - ecurve_mult(para_n, G, nG); - if (!point_at_infinity(nG)) //test if the order of the point is n - { - return ERR_ORDER; - } - return 0; -} - - -/* test if the given point is on SM2 curve */ -static int Test_Point(epoint* point) -{ - big x, y, x_3, tmp; - x = mirvar(0); - y = mirvar(0); - x_3 = mirvar(0); - tmp = mirvar(0); - - //test if y^2 = x^3 + ax + b - epoint_get(point, x, y); - power(x, 3, para_p, x_3); //x_3 = x^3 mod p - multiply(x, para_a, x); //x = a * x - divide(x, para_p, tmp); //x = a * x mod p, tmp = a * x / p - add(x_3, x, x); //x = x^3 + ax - add(x, para_b, x); //x = x^3 + ax + b - divide(x, para_p, tmp); //x = x^3 + ax + b mod p - power(y, 2, para_p, y); //y = y^2 mod p - if (mr_compare(x, y) != 0) - return ERR_NOT_VALID_POINT; - else - return 0; -} - - -/* test if the given public key is valid */ -static int Test_PubKey(epoint *pubKey) -{ - big x, y, x_3, tmp; - epoint *nP; - x = mirvar(0); - y = mirvar(0); - x_3 = mirvar(0); - tmp = mirvar(0); - - nP = epoint_init(); - - //test if the pubKey is the point at infinity - if (point_at_infinity(pubKey)) //if pubKey is point at infinity, return error; - return ERR_INFINITY_POINT; - - //test if x < p and y

IOBASE = 16; - - ecurve_mult(priKey, G, pubKey); - epoint_get(pubKey, x, y); - - i = Test_PubKey(pubKey); - if (i) - return i; - else - return 0; -} - -#ifdef __cplusplus -} -# endif -#endif - - diff --git a/include/openssl/sm3_standard.h b/include/openssl/sm3_standard.h deleted file mode 100644 index 737b028e..00000000 --- a/include/openssl/sm3_standard.h +++ /dev/null @@ -1,42 +0,0 @@ -#include - -#define SM3_len 256 -#define SM3_T1 0x79CC4519 -#define SM3_T2 0x7A879D8A -#define SM3_IVA 0x7380166f -#define SM3_IVB 0x4914b2b9 -#define SM3_IVC 0x172442d7 -#define SM3_IVD 0xda8a0600 -#define SM3_IVE 0xa96f30bc -#define SM3_IVF 0x163138aa -#define SM3_IVG 0xe38dee4d -#define SM3_IVH 0xb0fb0e4e - -/* Various logical functions */ -#define SM3_p1(x) (x^SM3_rotl32(x,15)^SM3_rotl32(x,23)) -#define SM3_p0(x) (x^SM3_rotl32(x,9)^SM3_rotl32(x,17)) -#define SM3_ff0(a,b,c) (a^b^c) -#define SM3_ff1(a,b,c) ((a&b)|(a&c)|(b&c)) -#define SM3_gg0(e,f,g) (e^f^g) -#define SM3_gg1(e,f,g) ((e&f)|((~e)&g)) -#define SM3_rotl32(x,n) ((((unsigned int) x) << n) | (((unsigned int) x) >> (32 - n))) -#define SM3_rotr32(x,n) ((((unsigned int) x) >> n) | (((unsigned int) x) << (32 - n))) - - -typedef struct { - unsigned int state[8]; - unsigned int length; - unsigned int curlen; - unsigned char buf[64]; -} SM3_STATE; - - -void BiToWj(unsigned int Bi[], unsigned int Wj[]); -void WjToWj1(unsigned int Wj[], unsigned int Wj1[]); -void CF(unsigned int Wj[], unsigned int Wj1[], unsigned int V[]); -void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[]); -void SM3_init(SM3_STATE *md); -void SM3_compress(SM3_STATE * md); -void SM3_process(SM3_STATE * md, unsigned char buf[], int len); -void SM3_done(SM3_STATE *md, unsigned char *hash); -void SM3_256(unsigned char buf[], int len, unsigned char hash[]); diff --git a/util/libcrypto.num b/util/libcrypto.num index a61d4310..7073abf7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -732,7 +732,7 @@ SHA384_Final 707 1_1_0d EXIST:!VMSVAX:FUNCTION: RIPEMD160_Final 708 1_1_0d EXIST::FUNCTION:RMD160 RSA_PSS_PARAMS_free 709 1_1_0d EXIST::FUNCTION:RSA ERR_load_SDF_strings 710 1_1_0d EXIST::FUNCTION: -speck_encrypt 711 1_1_0d EXIST::FUNCTION: +speck_encrypt 711 1_1_0d NOEXIST::FUNCTION: RSA_padding_check_PKCS1_OAEP_mgf1 712 1_1_0d EXIST::FUNCTION:RSA EVP_DigestSignInit 713 1_1_0d EXIST::FUNCTION: X509V3_EXT_add_nconf_sk 714 1_1_0d EXIST::FUNCTION: @@ -1034,7 +1034,7 @@ X509_REQ_dup 997 1_1_0d EXIST::FUNCTION: OPENSSL_gmtime_diff 998 1_1_0d EXIST::FUNCTION: AES_cfb128_encrypt 999 1_1_0d EXIST::FUNCTION: PEM_write_bio_PKCS8 1000 1_1_0d EXIST::FUNCTION: -speck_expand 1001 1_1_0d EXIST::FUNCTION: +speck_expand 1001 1_1_0d NOEXIST::FUNCTION: PKCS7_cert_from_signer_info 1002 1_1_0d EXIST::FUNCTION: a2i_GENERAL_NAME 1003 1_1_0d EXIST::FUNCTION: OCSP_ONEREQ_get_ext_by_critical 1004 1_1_0d EXIST::FUNCTION:OCSP @@ -1491,7 +1491,7 @@ BN_mod_exp_recp 1444 1_1_0d EXIST::FUNCTION: BN_GFP2_sub_bn 1445 1_1_0d EXIST::FUNCTION: EVP_CIPHER_meth_free 1446 1_1_0d EXIST::FUNCTION: PKCS8_set0_pbe 1447 1_1_0d EXIST::FUNCTION: -speck_decrypt 1448 1_1_0d EXIST::FUNCTION: +speck_decrypt 1448 1_1_0d NOEXIST::FUNCTION: X509_STORE_CTX_set_time 1449 1_1_0d EXIST::FUNCTION: OCSP_BASICRESP_add1_ext_i2d 1450 1_1_0d EXIST::FUNCTION:OCSP i2d_PKCS8_PRIV_KEY_INFO_bio 1451 1_1_0d EXIST::FUNCTION: @@ -4480,7 +4480,7 @@ EVP_PKEY_security_bits 4338 1_1_0d EXIST::FUNCTION: CMS_RecipientInfo_ktri_get0_signer_id 4339 1_1_0d EXIST::FUNCTION:CMS OCSP_REQ_CTX_free 4340 1_1_0d EXIST::FUNCTION:OCSP X509_PURPOSE_add 4341 1_1_0d EXIST::FUNCTION: -speck_set_encrypt_key 4342 1_1_0d EXIST::FUNCTION: +speck_set_encrypt_key 4342 1_1_0d NOEXIST::FUNCTION: s2i_ASN1_OCTET_STRING 4343 1_1_0d EXIST::FUNCTION: RSA_padding_add_PKCS1_PSS_mgf1 4344 1_1_0d EXIST::FUNCTION:RSA i2t_ASN1_OBJECT 4345 1_1_0d EXIST::FUNCTION: @@ -4843,5 +4843,20 @@ o2i_SM2CiphertextValue 4684 1_1_0d EXIST::FUNCTION: i2o_SM2CiphertextValue 4685 1_1_0d EXIST::FUNCTION: SM2_compute_message_digest 4686 1_1_0d EXIST::FUNCTION: serpent_set_decrypt_key 4687 1_1_0d EXIST::FUNCTION: -sms4_standard_encrypt 4688 1_1_0d EXIST::FUNCTION: -sms4_standard_decrypt 4689 1_1_0d EXIST::FUNCTION: +sms4_standard_encrypt 4688 1_1_0d NOEXIST::FUNCTION: +sms4_standard_decrypt 4689 1_1_0d NOEXIST::FUNCTION: +speck_decrypt16 4690 1_1_0d EXIST::FUNCTION: +speck_decrypt32 4691 1_1_0d EXIST::FUNCTION: +speck_expand32 4692 1_1_0d EXIST::FUNCTION: +speck_set_encrypt_key64 4693 1_1_0d EXIST::FUNCTION: +speck_decrypt64 4694 1_1_0d EXIST::FUNCTION: +speck_encrypt32 4695 1_1_0d EXIST::FUNCTION: +speck_expand64 4696 1_1_0d EXIST::FUNCTION: +speck_set_decrypt_key32 4697 1_1_0d EXIST::FUNCTION: +speck_encrypt16 4698 1_1_0d EXIST::FUNCTION: +speck_set_encrypt_key32 4699 1_1_0d EXIST::FUNCTION: +speck_encrypt64 4700 1_1_0d EXIST::FUNCTION: +speck_set_encrypt_key16 4701 1_1_0d EXIST::FUNCTION: +speck_expand16 4702 1_1_0d EXIST::FUNCTION: +speck_set_decrypt_key64 4703 1_1_0d EXIST::FUNCTION: +speck_set_decrypt_key16 4704 1_1_0d EXIST::FUNCTION: