summaryrefslogtreecommitdiffhomepage
path: root/libtomcrypt/src/pk
diff options
context:
space:
mode:
Diffstat (limited to 'libtomcrypt/src/pk')
-rw-r--r--libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c11
-rw-r--r--libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c20
-rw-r--r--libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c6
-rw-r--r--libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c47
-rw-r--r--libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c51
-rw-r--r--libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c35
-rw-r--r--libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c20
-rw-r--r--libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c7
-rw-r--r--libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c21
-rw-r--r--libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c6
-rw-r--r--libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c22
-rw-r--r--libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c54
-rw-r--r--libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c15
-rw-r--r--libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c24
-rw-r--r--libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c44
-rw-r--r--libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c27
-rw-r--r--libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c7
-rw-r--r--libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c21
-rw-r--r--libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c6
-rw-r--r--libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c7
-rw-r--r--libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c21
-rw-r--r--libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c6
-rw-r--r--libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c (renamed from libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c)121
-rw-r--r--libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c386
-rw-r--r--libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c21
-rw-r--r--libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c (renamed from libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence.c)84
-rw-r--r--libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c21
-rw-r--r--libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c31
-rw-r--r--libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c65
-rw-r--r--libtomcrypt/src/pk/asn1/der/set/der_encode_set.c103
-rw-r--r--libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c162
-rw-r--r--libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c8
-rw-r--r--libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c14
-rw-r--r--libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c9
-rw-r--r--libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c13
-rw-r--r--libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c15
-rw-r--r--libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c7
-rw-r--r--libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c111
-rw-r--r--libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c105
-rw-r--r--libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c83
-rw-r--r--libtomcrypt/src/pk/dh/dh.c524
-rw-r--r--libtomcrypt/src/pk/dh/dh_sys.c499
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_decrypt_key.c139
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_encrypt_key.c135
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_export.c24
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_free.c10
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_import.c33
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_make_key.c69
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_shared_secret.c72
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_sign_hash.c63
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_verify_hash.c52
-rw-r--r--libtomcrypt/src/pk/dsa/dsa_verify_key.c50
-rw-r--r--libtomcrypt/src/pk/ecc/ecc.c1055
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c72
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c104
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_decrypt_key.c150
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_encrypt_key.c136
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_export.c82
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_free.c40
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_get_size.c44
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_import.c172
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_make_key.c125
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_shared_secret.c95
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_sign_hash.c114
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_sizes.c48
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_sys.c462
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_test.c95
-rw-r--r--libtomcrypt/src/pk/ecc/ecc_verify_hash.c165
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c46
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_map.c76
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c207
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c222
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c167
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_points.c60
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c196
-rw-r--r--libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c147
-rw-r--r--libtomcrypt/src/pk/katja/katja_decrypt_key.c105
-rw-r--r--libtomcrypt/src/pk/katja/katja_encrypt_key.c87
-rw-r--r--libtomcrypt/src/pk/katja/katja_export.c75
-rw-r--r--libtomcrypt/src/pk/katja/katja_exptmod.c115
-rw-r--r--libtomcrypt/src/pk/katja/katja_free.c35
-rw-r--r--libtomcrypt/src/pk/katja/katja_import.c81
-rw-r--r--libtomcrypt/src/pk/katja/katja_make_key.c101
-rw-r--r--libtomcrypt/src/pk/packet_store_header.c33
-rw-r--r--libtomcrypt/src/pk/packet_valid_header.c41
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c14
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c10
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c19
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c11
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c15
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c18
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c9
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c110
-rw-r--r--libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c111
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_decrypt_key.c64
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_encrypt_key.c78
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_export.c37
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_exptmod.c48
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_free.c11
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_import.c107
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_make_key.c89
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_sign_hash.c129
-rw-r--r--libtomcrypt/src/pk/rsa/rsa_verify_hash.c141
103 files changed, 6040 insertions, 3241 deletions
diff --git a/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c b/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c
index da5b989..1d3569c 100644
--- a/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c
+++ b/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -51,7 +51,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
/* get the length of the data */
if (in[x] & 0x80) {
/* long format get number of length bytes */
- y = in[x++] & 127;
+ y = in[x++] & 0x7F;
/* invalid if 0 or > 2 */
if (y == 0 || y > 2) {
@@ -65,7 +65,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
}
} else {
/* short format */
- dlen = in[x++] & 127;
+ dlen = in[x++] & 0x7F;
}
/* is the data len too long or too short? */
@@ -78,6 +78,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
/* too many bits? */
if (blen > *outlen) {
+ *outlen = blen;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -97,5 +98,5 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c b/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c
index 569c15b..757963c 100644
--- a/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c
+++ b/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,7 +29,8 @@
int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{
- unsigned long len, x, y, buf;
+ unsigned long len, x, y;
+ unsigned char buf;
int err;
LTC_ARGCHK(in != NULL);
@@ -42,6 +43,7 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
}
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -51,18 +53,18 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
out[x++] = 0x03;
if (y < 128) {
- out[x++] = y;
+ out[x++] = (unsigned char)y;
} else if (y < 256) {
out[x++] = 0x81;
- out[x++] = y;
+ out[x++] = (unsigned char)y;
} else if (y < 65536) {
out[x++] = 0x82;
- out[x++] = (y>>8)&255;
- out[x++] = y&255;
+ out[x++] = (unsigned char)((y>>8)&255);
+ out[x++] = (unsigned char)(y&255);
}
/* store number of zero padding bits */
- out[x++] = (8 - inlen) & 7;
+ out[x++] = (unsigned char)((8 - inlen) & 7);
/* store the bits in big endian format */
for (y = buf = 0; y < inlen; y++) {
@@ -83,5 +85,5 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c b/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c
index dd6ea6d..3dc2abf 100644
--- a/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c
+++ b/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -50,5 +50,5 @@ int der_length_bit_string(unsigned long nbits, unsigned long *outlen)
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c b/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c
new file mode 100644
index 0000000..7259e51
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c
@@ -0,0 +1,47 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_decode_boolean.c
+ ASN.1 DER, decode a BOOLEAN, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Read a BOOLEAN
+ @param in The destination for the DER encoded BOOLEAN
+ @param inlen The size of the DER BOOLEAN
+ @param out [out] The boolean to decode
+ @return CRYPT_OK if successful
+*/
+int der_decode_boolean(const unsigned char *in, unsigned long inlen,
+ int *out)
+{
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ if (inlen != 3 || in[0] != 0x01 || in[1] != 0x01 || (in[2] != 0x00 && in[2] != 0xFF)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ *out = (in[2]==0xFF) ? 1 : 0;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c,v $ */
+/* $Revision: 1.1 $ */
+/* $Date: 2006/04/22 17:01:59 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c b/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c
new file mode 100644
index 0000000..9344a79
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c
@@ -0,0 +1,51 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_boolean.c
+ ASN.1 DER, encode a BOOLEAN, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Store a BOOLEAN
+ @param in The boolean to encode
+ @param out [out] The destination for the DER encoded BOOLEAN
+ @param outlen [in/out] The max size and resulting size of the DER BOOLEAN
+ @return CRYPT_OK if successful
+*/
+int der_encode_boolean(int in,
+ unsigned char *out, unsigned long *outlen)
+{
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ if (*outlen < 3) {
+ *outlen = 3;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ *outlen = 3;
+ out[0] = 0x01;
+ out[1] = 0x01;
+ out[2] = in ? 0xFF : 0x00;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c b/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c
new file mode 100644
index 0000000..cd5bf2d
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c
@@ -0,0 +1,35 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_length_boolean.c
+ ASN.1 DER, get length of a BOOLEAN, Tom St Denis
+*/
+
+#ifdef LTC_DER
+/**
+ Gets length of DER encoding of a BOOLEAN
+ @param outlen [out] The length of the DER encoding
+ @return CRYPT_OK if successful
+*/
+int der_length_boolean(unsigned long *outlen)
+{
+ LTC_ARGCHK(outlen != NULL);
+ *outlen = 3;
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/04/22 17:28:38 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c b/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c
index 61cba11..4ff6f17 100644
--- a/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c
+++ b/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -96,6 +96,7 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
case LTC_ASN1_NULL:
if (*inlen == 2 && in[x] == 0x05 && in[x+1] == 0x00) {
*inlen = 2;
+ list[x].used = 1;
return CRYPT_OK;
}
break;
@@ -134,6 +135,17 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
}
break;
+ case LTC_ASN1_UTF8_STRING:
+ if (der_decode_utf8_string(in, *inlen, data, &size) == CRYPT_OK) {
+ if (der_length_utf8_string(data, size, &z) == CRYPT_OK) {
+ list[x].used = 1;
+ list[x].size = size;
+ *inlen = z;
+ return CRYPT_OK;
+ }
+ }
+ break;
+
case LTC_ASN1_UTCTIME:
z = *inlen;
if (der_decode_utctime(in, &z, data) == CRYPT_OK) {
@@ -143,6 +155,8 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
}
break;
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
if (der_decode_sequence(in, *inlen, data, size) == CRYPT_OK) {
if (der_length_sequence(data, size, &z) == CRYPT_OK) {
@@ -164,5 +178,5 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 11:25:01 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/06 02:23:49 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c b/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c
index ac0a4af..2514b77 100644
--- a/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c
+++ b/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -67,6 +67,7 @@ int der_decode_ia5_string(const unsigned char *in, unsigned long inlen,
/* is it too long? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -91,5 +92,5 @@ int der_decode_ia5_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c b/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c
index a79b46e..aff3392 100644
--- a/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c
+++ b/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -42,6 +42,7 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen,
/* too big? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -49,19 +50,19 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen,
x = 0;
out[x++] = 0x16;
if (inlen < 128) {
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 256) {
out[x++] = 0x81;
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 65536UL) {
out[x++] = 0x82;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else if (inlen < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (inlen>>16)&255;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>16)&255);
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else {
return CRYPT_INVALID_ARG;
}
@@ -80,5 +81,5 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c b/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c
index d07d630..6278dd2 100644
--- a/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c
+++ b/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -190,5 +190,5 @@ int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, un
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c b/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c
index e68b2c9..aef87a3 100644
--- a/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c
+++ b/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -25,7 +25,7 @@
@param num The first mp_int to decode
@return CRYPT_OK if successful
*/
-int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num)
+int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num)
{
unsigned long x, y, z;
int err;
@@ -56,7 +56,7 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num
}
/* no so read it */
- if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, z))) != CRYPT_OK) {
+ if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, z)) != CRYPT_OK) {
return err;
}
} else {
@@ -80,23 +80,23 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num
}
/* no so read it */
- if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, y))) != CRYPT_OK) {
+ if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, y)) != CRYPT_OK) {
return err;
}
}
/* see if it's negative */
if (in[x] & 0x80) {
- mp_int tmp;
- if (mp_init(&tmp) != MP_OKAY) {
+ void *tmp;
+ if (mp_init(&tmp) != CRYPT_OK) {
return CRYPT_MEM;
}
- if (mp_2expt(&tmp, mp_count_bits(num)) != MP_OKAY || mp_sub(num, &tmp, num) != MP_OKAY) {
- mp_clear(&tmp);
+ if (mp_2expt(tmp, mp_count_bits(num)) != CRYPT_OK || mp_sub(num, tmp, num) != CRYPT_OK) {
+ mp_clear(tmp);
return CRYPT_MEM;
}
- mp_clear(&tmp);
+ mp_clear(tmp);
}
return CRYPT_OK;
@@ -106,5 +106,5 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/06/01 00:06:05 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c b/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c
index f0f41be..ff4fce6 100644
--- a/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c
+++ b/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -26,7 +26,7 @@
@param outlen [in/out] The max size and resulting size of the DER encoded integers
@return CRYPT_OK if successful
*/
-int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
+int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen)
{
unsigned long tmplen, y;
int err, leading_zero;
@@ -41,12 +41,13 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
}
if (*outlen < tmplen) {
+ *outlen = tmplen;
return CRYPT_BUFFER_OVERFLOW;
}
- if (mp_cmp_d(num, 0) != MP_LT) {
+ if (mp_cmp_d(num, 0) != LTC_MP_LT) {
/* we only need a leading zero if the msb of the first byte is one */
- if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == MP_YES) {
+ if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) {
leading_zero = 1;
} else {
leading_zero = 0;
@@ -59,7 +60,7 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
y = mp_count_bits(num);
y = y + (8 - (y & 7));
y = y >> 3;
-
+ if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --y;
}
/* now store initial data */
@@ -69,16 +70,16 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
*out++ = (unsigned char)y;
} else if (y < 256) {
*out++ = 0x81;
- *out++ = y;
+ *out++ = (unsigned char)y;
} else if (y < 65536UL) {
*out++ = 0x82;
- *out++ = (y>>8)&255;
- *out++ = y;
+ *out++ = (unsigned char)((y>>8)&255);
+ *out++ = (unsigned char)y;
} else if (y < 16777216UL) {
*out++ = 0x83;
- *out++ = (y>>16)&255;
- *out++ = (y>>8)&255;
- *out++ = y;
+ *out++ = (unsigned char)((y>>16)&255);
+ *out++ = (unsigned char)((y>>8)&255);
+ *out++ = (unsigned char)y;
} else {
return CRYPT_INVALID_ARG;
}
@@ -89,31 +90,32 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
}
/* if it's not zero store it as big endian */
- if (mp_cmp_d(num, 0) == MP_GT) {
+ if (mp_cmp_d(num, 0) == LTC_MP_GT) {
/* now store the mpint */
- if ((err = mp_to_unsigned_bin(num, out)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_to_unsigned_bin(num, out)) != CRYPT_OK) {
+ return err;
}
- } else if (mp_iszero(num) != MP_YES) {
- mp_int tmp;
+ } else if (mp_iszero(num) != LTC_MP_YES) {
+ void *tmp;
+
/* negative */
- if (mp_init(&tmp) != MP_OKAY) {
+ if (mp_init(&tmp) != CRYPT_OK) {
return CRYPT_MEM;
}
/* 2^roundup and subtract */
y = mp_count_bits(num);
y = y + (8 - (y & 7));
- if (mp_2expt(&tmp, y) != MP_OKAY || mp_add(&tmp, num, &tmp) != MP_OKAY) {
- mp_clear(&tmp);
+ if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) y -= 8;
+ if (mp_2expt(tmp, y) != CRYPT_OK || mp_add(tmp, num, tmp) != CRYPT_OK) {
+ mp_clear(tmp);
return CRYPT_MEM;
}
-
- if ((err = mp_to_unsigned_bin(&tmp, out)) != MP_OKAY) {
- mp_clear(&tmp);
- return mpi_to_ltc_error(err);
+ if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) {
+ mp_clear(tmp);
+ return err;
}
- mp_clear(&tmp);
+ mp_clear(tmp);
}
/* we good */
@@ -124,5 +126,5 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c b/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c
index 1bfee45..bcc331d 100644
--- a/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c
+++ b/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -19,11 +19,11 @@
#ifdef LTC_DER
/**
Gets length of DER encoding of num
- @param num The mp_int to get the size of
+ @param num The int to get the size of
@param outlen [out] The length of the DER encoding for the given integer
@return CRYPT_OK if successful
*/
-int der_length_integer(mp_int *num, unsigned long *outlen)
+int der_length_integer(void *num, unsigned long *outlen)
{
unsigned long z, len;
int leading_zero;
@@ -31,11 +31,11 @@ int der_length_integer(mp_int *num, unsigned long *outlen)
LTC_ARGCHK(num != NULL);
LTC_ARGCHK(outlen != NULL);
- if (mp_cmp_d(num, 0) != MP_LT) {
+ if (mp_cmp_d(num, 0) != LTC_MP_LT) {
/* positive */
/* we only need a leading zero if the msb of the first byte is one */
- if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == MP_YES) {
+ if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) {
leading_zero = 1;
} else {
leading_zero = 0;
@@ -49,6 +49,7 @@ int der_length_integer(mp_int *num, unsigned long *outlen)
leading_zero = 0;
z = mp_count_bits(num);
z = z + (8 - (z & 7));
+ if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --z;
len = z = z >> 3;
}
@@ -77,5 +78,5 @@ int der_length_integer(mp_int *num, unsigned long *outlen)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/04/22 01:22:55 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c b/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
index c69c9a3..1fa87d8 100644
--- a/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
+++ b/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -67,14 +67,8 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle
return CRYPT_INVALID_PACKET;
}
- /* decode word1 and word2 */
- --len;
- t = in[x++];
- words[0] = t/40;
- words[1] = t%40;
-
- /* decode rest */
- y = 2;
+ /* decode words */
+ y = 0;
t = 0;
while (len--) {
t = (t << 7) | (in[x] & 0x7F);
@@ -83,7 +77,13 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle
if (y >= *outlen) {
return CRYPT_BUFFER_OVERFLOW;
}
- words[y++] = t;
+ if (y == 0) {
+ words[0] = t / 40;
+ words[1] = t % 40;
+ y = 2;
+ } else {
+ words[y++] = t;
+ }
t = 0;
}
}
@@ -95,5 +95,5 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c b/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c
index 16eb112..b343aaa 100644
--- a/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c
+++ b/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -27,7 +27,7 @@
int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
unsigned char *out, unsigned long *outlen)
{
- unsigned long i, x, y, z, t, mask;
+ unsigned long i, x, y, z, t, mask, wordbuf;
int err;
LTC_ARGCHK(words != NULL);
@@ -39,50 +39,54 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
return err;
}
if (x > *outlen) {
+ *outlen = x;
return CRYPT_BUFFER_OVERFLOW;
}
/* compute length to store OID data */
- z = 1;
- for (y = 2; y < nwords; y++) {
- t = der_object_identifier_bits(words[y]);
- z += t/7 + ((t%7) ? 1 : 0);
+ z = 0;
+ wordbuf = words[0] * 40 + words[1];
+ for (y = 1; y < nwords; y++) {
+ t = der_object_identifier_bits(wordbuf);
+ z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0);
+ if (y < nwords - 1) {
+ wordbuf = words[y + 1];
+ }
}
/* store header + length */
x = 0;
out[x++] = 0x06;
if (z < 128) {
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 256) {
out[x++] = 0x81;
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 65536UL) {
out[x++] = 0x82;
- out[x++] = (z>>8)&255;
- out[x++] = z&255;
+ out[x++] = (unsigned char)((z>>8)&255);
+ out[x++] = (unsigned char)(z&255);
} else {
return CRYPT_INVALID_ARG;
}
/* store first byte */
- out[x++] = words[0] * 40 + words[1];
-
- for (i = 2; i < nwords; i++) {
+ wordbuf = words[0] * 40 + words[1];
+ for (i = 1; i < nwords; i++) {
/* store 7 bit words in little endian */
- t = words[i] & 0xFFFFFFFF;
+ t = wordbuf & 0xFFFFFFFF;
if (t) {
y = x;
mask = 0;
while (t) {
- out[x++] = (t & 0x7F) | mask;
+ out[x++] = (unsigned char)((t & 0x7F) | mask);
t >>= 7;
mask |= 0x80; /* upper bit is set on all but the last byte */
}
/* now swap bytes y...x-1 */
z = x - 1;
while (y < z) {
- t = out[y]; out[y] = out[z]; out[z] = t;
+ t = out[y]; out[y] = out[z]; out[z] = (unsigned char)t;
++y;
--z;
}
@@ -90,6 +94,10 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
/* zero word */
out[x++] = 0x00;
}
+
+ if (i < nwords - 1) {
+ wordbuf = words[i + 1];
+ }
}
*outlen = x;
@@ -99,5 +107,5 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c b/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
index d03d1a7..a4cf53f 100644
--- a/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
+++ b/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -39,7 +39,7 @@ unsigned long der_object_identifier_bits(unsigned long x)
*/
int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen)
{
- unsigned long y, z, t;
+ unsigned long y, z, t, wordbuf;
LTC_ARGCHK(words != NULL);
LTC_ARGCHK(outlen != NULL);
@@ -50,16 +50,21 @@ int der_length_object_identifier(unsigned long *words, unsigned long nwords, uns
return CRYPT_INVALID_ARG;
}
- /* word1 = 0,1,2 and word2 0..39 */
- if (words[0] > 2 || words[1] > 39) {
+ /* word1 = 0,1,2,3 and word2 0..39 */
+ if (words[0] > 3 || (words[0] < 2 && words[1] > 39)) {
return CRYPT_INVALID_ARG;
}
- /* leading byte of first two words */
- z = 1;
- for (y = 2; y < nwords; y++) {
- t = der_object_identifier_bits(words[y]);
- z += t/7 + ((t%7) ? 1 : 0);
+ /* leading word is the first two */
+ z = 0;
+ wordbuf = words[0] * 40 + words[1];
+ for (y = 1; y < nwords; y++) {
+ t = der_object_identifier_bits(wordbuf);
+ z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0);
+ if (y < nwords - 1) {
+ /* grab next word */
+ wordbuf = words[y+1];
+ }
}
/* now depending on the length our length encoding changes */
@@ -80,5 +85,5 @@ int der_length_object_identifier(unsigned long *words, unsigned long nwords, uns
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/04/16 20:17:42 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c b/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c
index 2d3800f..b937e63 100644
--- a/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c
+++ b/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -66,6 +66,7 @@ int der_decode_octet_string(const unsigned char *in, unsigned long inlen,
/* is it too long? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -86,5 +87,5 @@ int der_decode_octet_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c b/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c
index f34b708..fe0f163 100644
--- a/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c
+++ b/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -43,6 +43,7 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen,
/* too big? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -50,19 +51,19 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen,
x = 0;
out[x++] = 0x04;
if (inlen < 128) {
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 256) {
out[x++] = 0x81;
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 65536UL) {
out[x++] = 0x82;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else if (inlen < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (inlen>>16)&255;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>16)&255);
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else {
return CRYPT_INVALID_ARG;
}
@@ -81,5 +82,5 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c b/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c
index 9a0bed3..3caf352 100644
--- a/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c
+++ b/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -49,5 +49,5 @@ int der_length_octet_string(unsigned long noctets, unsigned long *outlen)
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c b/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c
index cbc9239..cae96d8 100644
--- a/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c
+++ b/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -67,6 +67,7 @@ int der_decode_printable_string(const unsigned char *in, unsigned long inlen,
/* is it too long? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -91,5 +92,5 @@ int der_decode_printable_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/21 02:29:54 $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c b/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c
index ab4e8bf..9061b1f 100644
--- a/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c
+++ b/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -42,6 +42,7 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen,
/* too big? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -49,19 +50,19 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen,
x = 0;
out[x++] = 0x13;
if (inlen < 128) {
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 256) {
out[x++] = 0x81;
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 65536UL) {
out[x++] = 0x82;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else if (inlen < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (inlen>>16)&255;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>16)&255);
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else {
return CRYPT_INVALID_ARG;
}
@@ -80,5 +81,5 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/21 02:29:54 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c b/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c
index 34065f2..799b6b6 100644
--- a/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c
+++ b/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -162,5 +162,5 @@ int der_length_printable_string(const unsigned char *octets, unsigned long nocte
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/21 02:29:54 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c
index 335a882..1f65602 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c
@@ -6,14 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
/**
- @file der_decode_sequence.c
+ @file der_decode_sequence_ex.c
ASN.1 DER, decode a SEQUENCE, Tom St Denis
*/
@@ -25,10 +25,11 @@
@param inlen The size of the input
@param list The list of items to decode
@param outlen The number of items in the list
+ @param ordered Search an unordeded or ordered list
@return CRYPT_OK on success
*/
-int der_decode_sequence(const unsigned char *in, unsigned long inlen,
- ltc_asn1_list *list, unsigned long outlen)
+int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen,
+ ltc_asn1_list *list, unsigned long outlen, int ordered)
{
int err, type;
unsigned long size, x, y, z, i, blksize;
@@ -36,17 +37,18 @@ int der_decode_sequence(const unsigned char *in, unsigned long inlen,
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(list != NULL);
-
+
/* get blk size */
if (inlen < 2) {
return CRYPT_INVALID_PACKET;
}
- /* sequence type? */
+ /* sequence type? We allow 0x30 SEQUENCE and 0x31 SET since fundamentally they're the same structure */
x = 0;
- if (in[x++] != 0x30) {
+ if (in[x] != 0x30 && in[x] != 0x31) {
return CRYPT_INVALID_PACKET;
}
+ ++x;
if (in[x] < 128) {
blksize = in[x++];
@@ -73,154 +75,205 @@ int der_decode_sequence(const unsigned char *in, unsigned long inlen,
return CRYPT_INVALID_PACKET;
}
+ /* mark all as unused */
+ for (i = 0; i < outlen; i++) {
+ list[i].used = 0;
+ }
+
/* ok read data */
inlen = blksize;
for (i = 0; i < outlen; i++) {
+ z = 0;
type = list[i].type;
size = list[i].size;
data = list[i].data;
+ if (!ordered && list[i].used == 1) { continue; }
if (type == LTC_ASN1_EOL) {
break;
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ z = inlen;
+ if ((err = der_decode_boolean(in + x, z, ((int *)data))) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ if ((err = der_length_boolean(&z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ break;
+
case LTC_ASN1_INTEGER:
z = inlen;
if ((err = der_decode_integer(in + x, z, data)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
if ((err = der_length_integer(data, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
-
case LTC_ASN1_SHORT_INTEGER:
z = inlen;
if ((err = der_decode_short_integer(in + x, z, data)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
- if ((err = der_length_short_integer(size, &z)) != CRYPT_OK) {
+ if ((err = der_length_short_integer(((unsigned long*)data)[0], &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
+
break;
case LTC_ASN1_BIT_STRING:
z = inlen;
if ((err = der_decode_bit_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_OCTET_STRING:
z = inlen;
if ((err = der_decode_octet_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_octet_string(size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_NULL:
if (inlen < 2 || in[x] != 0x05 || in[x+1] != 0x00) {
+ if (!ordered) { continue; }
err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
- x += 2;
- inlen -= 2;
+ z = 2;
break;
case LTC_ASN1_OBJECT_IDENTIFIER:
z = inlen;
if ((err = der_decode_object_identifier(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_object_identifier(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_IA5_STRING:
z = inlen;
if ((err = der_decode_ia5_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_ia5_string(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_PRINTABLE_STRING:
z = inlen;
if ((err = der_decode_printable_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_printable_string(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
+ break;
+
+ case LTC_ASN1_UTF8_STRING:
+ z = inlen;
+ if ((err = der_decode_utf8_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
+ goto LBL_ERR;
+ }
+ list[i].size = size;
+ if ((err = der_length_utf8_string(data, size, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
break;
case LTC_ASN1_UTCTIME:
z = inlen;
if ((err = der_decode_utctime(in + x, &z, data)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
+ case LTC_ASN1_SET:
+ z = inlen;
+ if ((err = der_decode_set(in + x, z, data, size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
+ goto LBL_ERR;
+ }
+ if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ break;
+
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
+ /* detect if we have the right type */
+ if ((type == LTC_ASN1_SETOF && (in[x] & 0x3F) != 0x31) || (type == LTC_ASN1_SEQUENCE && (in[x] & 0x3F) != 0x30)) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
z = inlen;
if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_CHOICE:
z = inlen;
if ((err = der_decode_choice(in + x, &z, data, size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
default:
err = CRYPT_INVALID_ARG;
goto LBL_ERR;
}
+ x += z;
+ inlen -= z;
+ list[i].used = 1;
+ if (!ordered) {
+ /* restart the decoder */
+ i = -1;
+ }
}
+
+ for (i = 0; i < outlen; i++) {
+ if (list[i].used == 0) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+ }
err = CRYPT_OK;
LBL_ERR:
@@ -229,6 +282,6 @@ LBL_ERR:
#endif
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/06/18 19:20:23 $ */
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c,v $ */
+/* $Revision: 1.15 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
new file mode 100644
index 0000000..19d8c86
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
@@ -0,0 +1,386 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_decode_sequence_flexi.c
+ ASN.1 DER, decode an array of ASN.1 types with a flexi parser, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+static unsigned long fetch_length(const unsigned char *in, unsigned long inlen)
+{
+ unsigned long x, y, z;
+
+ y = 0;
+
+ /* skip type and read len */
+ if (inlen < 2) {
+ return 0xFFFFFFFF;
+ }
+ ++in; ++y;
+
+ /* read len */
+ x = *in++; ++y;
+
+ /* <128 means literal */
+ if (x < 128) {
+ return x+y;
+ }
+ x &= 0x7F; /* the lower 7 bits are the length of the length */
+ inlen -= 2;
+
+ /* len means len of len! */
+ if (x == 0 || x > 4 || x > inlen) {
+ return 0xFFFFFFFF;
+ }
+
+ y += x;
+ z = 0;
+ while (x--) {
+ z = (z<<8) | ((unsigned long)*in);
+ ++in;
+ }
+ return z+y;
+}
+
+/**
+ ASN.1 DER Flexi(ble) decoder will decode arbitrary DER packets and create a linked list of the decoded elements.
+ @param in The input buffer
+ @param inlen [in/out] The length of the input buffer and on output the amount of decoded data
+ @param out [out] A pointer to the linked list
+ @return CRYPT_OK on success.
+*/
+int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out)
+{
+ ltc_asn1_list *l;
+ unsigned long err, type, len, totlen, x, y;
+ void *realloc_tmp;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(inlen != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ l = NULL;
+ totlen = 0;
+
+ /* scan the input and and get lengths and what not */
+ while (*inlen) {
+ /* read the type byte */
+ type = *in;
+
+ /* fetch length */
+ len = fetch_length(in, *inlen);
+ if (len > *inlen) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* alloc new link */
+ if (l == NULL) {
+ l = XCALLOC(1, sizeof(*l));
+ if (l == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+ } else {
+ l->next = XCALLOC(1, sizeof(*l));
+ if (l->next == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+ l->next->prev = l;
+ l = l->next;
+ }
+
+ /* now switch on type */
+ switch (type) {
+ case 0x01: /* BOOLEAN */
+ l->type = LTC_ASN1_BOOLEAN;
+ l->size = 1;
+ l->data = XCALLOC(1, sizeof(int));
+
+ if ((err = der_decode_boolean(in, *inlen, l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_boolean(&len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x02: /* INTEGER */
+ /* init field */
+ l->type = LTC_ASN1_INTEGER;
+ l->size = 1;
+ if ((err = mp_init(&l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* decode field */
+ if ((err = der_decode_integer(in, *inlen, l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* calc length of object */
+ if ((err = der_length_integer(l->data, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x03: /* BIT */
+ /* init field */
+ l->type = LTC_ASN1_BIT_STRING;
+ l->size = len * 8; /* *8 because we store decoded bits one per char and they are encoded 8 per char. */
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_bit_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_bit_string(l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x04: /* OCTET */
+
+ /* init field */
+ l->type = LTC_ASN1_OCTET_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_octet_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_octet_string(l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x05: /* NULL */
+
+ /* valid NULL is 0x05 0x00 */
+ if (in[0] != 0x05 || in[1] != 0x00) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* simple to store ;-) */
+ l->type = LTC_ASN1_NULL;
+ l->data = NULL;
+ l->size = 0;
+ len = 2;
+
+ break;
+
+ case 0x06: /* OID */
+
+ /* init field */
+ l->type = LTC_ASN1_OBJECT_IDENTIFIER;
+ l->size = len;
+
+ if ((l->data = XCALLOC(len, sizeof(unsigned long))) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_object_identifier(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_object_identifier(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* resize it to save a bunch of mem */
+ if ((realloc_tmp = XREALLOC(l->data, l->size * sizeof(unsigned long))) == NULL) {
+ /* out of heap but this is not an error */
+ break;
+ }
+ l->data = realloc_tmp;
+ break;
+
+ case 0x0C: /* UTF8 */
+
+ /* init field */
+ l->type = LTC_ASN1_UTF8_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(sizeof(wchar_t), l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_utf8_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_utf8_string(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x13: /* PRINTABLE */
+
+ /* init field */
+ l->type = LTC_ASN1_PRINTABLE_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_printable_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_printable_string(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x16: /* IA5 */
+
+ /* init field */
+ l->type = LTC_ASN1_IA5_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_ia5_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_ia5_string(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x17: /* UTC TIME */
+
+ /* init field */
+ l->type = LTC_ASN1_UTCTIME;
+ l->size = 1;
+
+ if ((l->data = XCALLOC(1, sizeof(ltc_utctime))) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ len = *inlen;
+ if ((err = der_decode_utctime(in, &len, l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_utctime(l->data, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x30: /* SEQUENCE */
+ case 0x31: /* SET */
+
+ /* init field */
+ l->type = (type == 0x30) ? LTC_ASN1_SEQUENCE : LTC_ASN1_SET;
+
+ /* we have to decode the SEQUENCE header and get it's length */
+
+ /* move past type */
+ ++in; --(*inlen);
+
+ /* read length byte */
+ x = *in++; --(*inlen);
+
+ /* smallest SEQUENCE/SET header */
+ y = 2;
+
+ /* now if it's > 127 the next bytes are the length of the length */
+ if (x > 128) {
+ x &= 0x7F;
+ in += x;
+ *inlen -= x;
+
+ /* update sequence header len */
+ y += x;
+ }
+
+ /* Sequence elements go as child */
+ len = len - y;
+ if ((err = der_decode_sequence_flexi(in, &len, &(l->child))) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* len update */
+ totlen += y;
+
+ /* link them up y0 */
+ l->child->parent = l;
+
+ break;
+ default:
+ /* invalid byte ... this is a soft error */
+ /* remove link */
+ l = l->prev;
+ XFREE(l->next);
+ l->next = NULL;
+ goto outside;
+ }
+
+ /* advance pointers */
+ totlen += len;
+ in += len;
+ *inlen -= len;
+ }
+
+outside:
+
+ /* rewind l please */
+ while (l->prev != NULL || l->parent != NULL) {
+ if (l->parent != NULL) {
+ l = l->parent;
+ } else {
+ l = l->prev;
+ }
+ }
+
+ /* return */
+ *out = l;
+ *inlen = totlen;
+ return CRYPT_OK;
+
+error:
+ /* free list */
+ der_sequence_free(l);
+
+ return err;
+}
+
+#endif
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c,v $ */
+/* $Revision: 1.25 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c
index a4a1038..a15c182 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -19,6 +19,13 @@
#ifdef LTC_DER
+/**
+ Decode a SEQUENCE type using a VA list
+ @param in Input buffer
+ @param inlen Length of input in octets
+ @remark <...> is of the form <type, size, data> (int, unsigned long, void*)
+ @return CRYPT_OK on success
+*/
int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
{
int err, type;
@@ -42,6 +49,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -50,7 +58,10 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
case LTC_ASN1_CHOICE:
++x;
@@ -86,6 +97,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -94,8 +106,11 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_CHOICE:
list[x].type = type;
list[x].size = size;
@@ -120,5 +135,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/06/18 19:20:23 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence.c b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c
index d53153c..cdb4f1e 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c
@@ -6,14 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
/**
- @file der_encode_sequence.c
+ @file der_encode_sequence_ex.c
ASN.1 DER, encode a SEQUENCE, Tom St Denis
*/
@@ -25,10 +25,11 @@
@param inlen The number of items in the list
@param out [out] The destination
@param outlen [in/out] The size of the output
+ @param type_of LTC_ASN1_SEQUENCE or LTC_ASN1_SET/LTC_ASN1_SETOF
@return CRYPT_OK on success
*/
-int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
- unsigned char *out, unsigned long *outlen)
+int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen, int type_of)
{
int err, type;
unsigned long size, x, y, z, i;
@@ -50,6 +51,13 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ if ((err = der_length_boolean(&x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
case LTC_ASN1_INTEGER:
if ((err = der_length_integer(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -103,6 +111,13 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
y += x;
break;
+ case LTC_ASN1_UTF8_STRING:
+ if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
case LTC_ASN1_UTCTIME:
if ((err = der_length_utctime(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -110,13 +125,14 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
y += x;
break;
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
if ((err = der_length_sequence(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
-
default:
err = CRYPT_INVALID_ARG;
@@ -144,27 +160,29 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
/* too big ? */
if (*outlen < y) {
+ *outlen = y;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
/* store header */
x = 0;
- out[x++] = 0x30;
+ out[x++] = (type_of == LTC_ASN1_SEQUENCE) ? 0x30 : 0x31;
+
if (z < 128) {
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 256) {
out[x++] = 0x81;
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 65536UL) {
out[x++] = 0x82;
- out[x++] = (z>>8UL)&255;
- out[x++] = z&255;
+ out[x++] = (unsigned char)((z>>8UL)&255);
+ out[x++] = (unsigned char)(z&255);
} else if (z < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (z>>16UL)&255;
- out[x++] = (z>>8UL)&255;
- out[x++] = z&255;
+ out[x++] = (unsigned char)((z>>16UL)&255);
+ out[x++] = (unsigned char)((z>>8UL)&255);
+ out[x++] = (unsigned char)(z&255);
}
/* store data */
@@ -179,6 +197,15 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ z = *outlen;
+ if ((err = der_encode_boolean(*((int *)data), out + x, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
case LTC_ASN1_INTEGER:
z = *outlen;
if ((err = der_encode_integer(data, out + x, &z)) != CRYPT_OK) {
@@ -248,6 +275,15 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
*outlen -= z;
break;
+ case LTC_ASN1_UTF8_STRING:
+ z = *outlen;
+ if ((err = der_encode_utf8_string(data, size, out + x, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
case LTC_ASN1_UTCTIME:
z = *outlen;
if ((err = der_encode_utctime(data, out + x, &z)) != CRYPT_OK) {
@@ -257,15 +293,33 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
*outlen -= z;
break;
- case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ z = *outlen;
+ if ((err = der_encode_set(data, size, out + x, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
+ case LTC_ASN1_SETOF:
z = *outlen;
- if ((err = der_encode_sequence(data, size, out + x, &z)) != CRYPT_OK) {
+ if ((err = der_encode_setof(data, size, out + x, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
x += z;
*outlen -= z;
break;
+ case LTC_ASN1_SEQUENCE:
+ z = *outlen;
+ if ((err = der_encode_sequence_ex(data, size, out + x, &z, type)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
default:
err = CRYPT_INVALID_ARG;
goto LBL_ERR;
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c
index 9ff48b9..da34c64 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -19,6 +19,13 @@
#ifdef LTC_DER
+/**
+ Encode a SEQUENCE type using a VA list
+ @param out [out] Destination for data
+ @param outlen [in/out] Length of buffer and resulting length of output
+ @remark <...> is of the form <type, size, data> (int, unsigned long, void*)
+ @return CRYPT_OK on success
+*/
int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
{
int err, type;
@@ -43,6 +50,7 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -51,8 +59,11 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
++x;
break;
@@ -86,6 +97,7 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -94,8 +106,11 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
list[x].type = type;
list[x].size = size;
list[x++].data = data;
@@ -119,5 +134,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/06/18 19:20:23 $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c b/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c
index 9120451..36f4a2a 100644
--- a/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c
@@ -6,11 +6,9 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
-#include <stdarg.h>
-
/**
@file der_length_sequence.c
@@ -48,6 +46,13 @@ int der_length_sequence(ltc_asn1_list *list, unsigned long inlen,
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ if ((err = der_length_boolean(&x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
case LTC_ASN1_INTEGER:
if ((err = der_length_integer(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -101,6 +106,22 @@ int der_length_sequence(ltc_asn1_list *list, unsigned long inlen,
y += x;
break;
+ case LTC_ASN1_UTCTIME:
+ if ((err = der_length_utctime(data, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
+ case LTC_ASN1_UTF8_STRING:
+ if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
if ((err = der_length_sequence(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -142,3 +163,7 @@ LBL_ERR:
}
#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c,v $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c b/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c
new file mode 100644
index 0000000..dc826e3
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c
@@ -0,0 +1,65 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_sequence_free.c
+ ASN.1 DER, free's a structure allocated by der_decode_sequence_flexi(), Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+/**
+ Free memory allocated by der_decode_sequence_flexi()
+ @param in The list to free
+*/
+void der_sequence_free(ltc_asn1_list *in)
+{
+ ltc_asn1_list *l;
+
+ /* walk to the start of the chain */
+ while (in->prev != NULL || in->parent != NULL) {
+ if (in->parent != NULL) {
+ in = in->parent;
+ } else {
+ in = in->prev;
+ }
+ }
+
+ /* now walk the list and free stuff */
+ while (in != NULL) {
+ /* is there a child? */
+ if (in->child) {
+ /* disconnect */
+ in->child->parent = NULL;
+ der_sequence_free(in->child);
+ }
+
+ switch (in->type) {
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
+ case LTC_ASN1_SEQUENCE: break;
+ case LTC_ASN1_INTEGER : if (in->data != NULL) { mp_clear(in->data); } break;
+ default : if (in->data != NULL) { XFREE(in->data); }
+ }
+
+ /* move to next and free current */
+ l = in->next;
+ free(in);
+ in = l;
+ }
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c b/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c
new file mode 100644
index 0000000..a08d2b0
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c
@@ -0,0 +1,103 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_set.c
+ ASN.1 DER, Encode a SET, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+/* LTC define to ASN.1 TAG */
+static int ltc_to_asn1(int v)
+{
+ switch (v) {
+ case LTC_ASN1_BOOLEAN: return 0x01;
+ case LTC_ASN1_INTEGER:
+ case LTC_ASN1_SHORT_INTEGER: return 0x02;
+ case LTC_ASN1_BIT_STRING: return 0x03;
+ case LTC_ASN1_OCTET_STRING: return 0x04;
+ case LTC_ASN1_NULL: return 0x05;
+ case LTC_ASN1_OBJECT_IDENTIFIER: return 0x06;
+ case LTC_ASN1_UTF8_STRING: return 0x0C;
+ case LTC_ASN1_PRINTABLE_STRING: return 0x13;
+ case LTC_ASN1_IA5_STRING: return 0x16;
+ case LTC_ASN1_UTCTIME: return 0x17;
+ case LTC_ASN1_SEQUENCE: return 0x30;
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF: return 0x31;
+ default: return -1;
+ }
+}
+
+
+static int qsort_helper(const void *a, const void *b)
+{
+ ltc_asn1_list *A = (ltc_asn1_list *)a, *B = (ltc_asn1_list *)b;
+ int r;
+
+ r = ltc_to_asn1(A->type) - ltc_to_asn1(B->type);
+
+ /* for QSORT the order is UNDEFINED if they are "equal" which means it is NOT DETERMINISTIC. So we force it to be :-) */
+ if (r == 0) {
+ /* their order in the original list now determines the position */
+ return A->used - B->used;
+ } else {
+ return r;
+ }
+}
+
+/*
+ Encode a SET type
+ @param list The list of items to encode
+ @param inlen The number of items in the list
+ @param out [out] The destination
+ @param outlen [in/out] The size of the output
+ @return CRYPT_OK on success
+*/
+int der_encode_set(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ ltc_asn1_list *copy;
+ unsigned long x;
+ int err;
+
+ /* make copy of list */
+ copy = XCALLOC(inlen, sizeof(*copy));
+ if (copy == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* fill in used member with index so we can fully sort it */
+ for (x = 0; x < inlen; x++) {
+ copy[x] = list[x];
+ copy[x].used = x;
+ }
+
+ /* sort it by the "type" field */
+ XQSORT(copy, inlen, sizeof(*copy), &qsort_helper);
+
+ /* call der_encode_sequence_ex() */
+ err = der_encode_sequence_ex(copy, inlen, out, outlen, LTC_ASN1_SET);
+
+ /* free list */
+ XFREE(copy);
+
+ return err;
+}
+
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/11/26 02:27:37 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c b/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c
new file mode 100644
index 0000000..6c12eb4
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c
@@ -0,0 +1,162 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_setof.c
+ ASN.1 DER, Encode SET OF, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+struct edge {
+ unsigned char *start;
+ unsigned long size;
+};
+
+static int qsort_helper(const void *a, const void *b)
+{
+ struct edge *A = (struct edge *)a, *B = (struct edge *)b;
+ int r;
+ unsigned long x;
+
+ /* compare min length */
+ r = XMEMCMP(A->start, B->start, MIN(A->size, B->size));
+
+ if (r == 0 && A->size != B->size) {
+ if (A->size > B->size) {
+ for (x = B->size; x < A->size; x++) {
+ if (A->start[x]) {
+ return 1;
+ }
+ }
+ } else {
+ for (x = A->size; x < B->size; x++) {
+ if (B->start[x]) {
+ return -1;
+ }
+ }
+ }
+ }
+
+ return r;
+}
+
+/**
+ Encode a SETOF stucture
+ @param list The list of items to encode
+ @param inlen The number of items in the list
+ @param out [out] The destination
+ @param outlen [in/out] The size of the output
+ @return CRYPT_OK on success
+*/
+int der_encode_setof(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x, y, z, hdrlen;
+ int err;
+ struct edge *edges;
+ unsigned char *ptr, *buf;
+
+ /* check that they're all the same type */
+ for (x = 1; x < inlen; x++) {
+ if (list[x].type != list[x-1].type) {
+ return CRYPT_INVALID_ARG;
+ }
+ }
+
+ /* alloc buffer to store copy of output */
+ buf = XCALLOC(1, *outlen);
+ if (buf == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* encode list */
+ if ((err = der_encode_sequence_ex(list, inlen, buf, outlen, LTC_ASN1_SETOF)) != CRYPT_OK) {
+ XFREE(buf);
+ return err;
+ }
+
+ /* allocate edges */
+ edges = XCALLOC(inlen, sizeof(*edges));
+ if (edges == NULL) {
+ XFREE(buf);
+ return CRYPT_MEM;
+ }
+
+ /* skip header */
+ ptr = buf + 1;
+
+ /* now skip length data */
+ x = *ptr++;
+ if (x >= 0x80) {
+ ptr += (x & 0x7F);
+ }
+
+ /* get the size of the static header */
+ hdrlen = ((unsigned long)ptr) - ((unsigned long)buf);
+
+
+ /* scan for edges */
+ x = 0;
+ while (ptr < (buf + *outlen)) {
+ /* store start */
+ edges[x].start = ptr;
+
+ /* skip type */
+ z = 1;
+
+ /* parse length */
+ y = ptr[z++];
+ if (y < 128) {
+ edges[x].size = y;
+ } else {
+ y &= 0x7F;
+ edges[x].size = 0;
+ while (y--) {
+ edges[x].size = (edges[x].size << 8) | ((unsigned long)ptr[z++]);
+ }
+ }
+
+ /* skip content */
+ edges[x].size += z;
+ ptr += edges[x].size;
+ ++x;
+ }
+
+ /* sort based on contents (using edges) */
+ XQSORT(edges, inlen, sizeof(*edges), &qsort_helper);
+
+ /* copy static header */
+ XMEMCPY(out, buf, hdrlen);
+
+ /* copy+sort using edges+indecies to output from buffer */
+ for (y = hdrlen, x = 0; x < inlen; x++) {
+ XMEMCPY(out+y, edges[x].start, edges[x].size);
+ y += edges[x].size;
+ }
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(buf, *outlen);
+#endif
+
+ /* free buffers */
+ XFREE(edges);
+ XFREE(buf);
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c b/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c
index 7d3d3b7..1407e9a 100644
--- a/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c
+++ b/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -19,7 +19,7 @@
#ifdef LTC_DER
/**
- Read a mp_int integer
+ Read a short integer
@param in The DER encoded data
@param inlen Size of data
@param num [out] The integer to decode
@@ -64,5 +64,5 @@ int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsig
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/23 01:04:13 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c b/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c
index eb94d38..95da2fa 100644
--- a/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c
+++ b/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -18,9 +18,8 @@
#ifdef LTC_DER
-/* Exports a positive integer as DER format (upto 32-bits in size) */
/**
- Store a mp_int integer
+ Store a short integer in the range (0,2^32-1)
@param num The integer to encode
@param out [out] The destination for the DER encoded integers
@param outlen [in/out] The max size and resulting size of the DER encoded integers
@@ -43,6 +42,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
}
if (*outlen < len) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -70,7 +70,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
/* store header */
x = 0;
out[x++] = 0x02;
- out[x++] = z;
+ out[x++] = (unsigned char)z;
/* if 31st bit is set output a leading zero and decrement count */
if (z == 5) {
@@ -80,7 +80,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
/* store values */
for (y = 0; y < z; y++) {
- out[x++] = (num >> 24) & 0xFF;
+ out[x++] = (unsigned char)((num >> 24) & 0xFF);
num <<= 8;
}
@@ -93,5 +93,5 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/23 01:27:03 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c b/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c
index 7324b4a..073e294 100644
--- a/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c
+++ b/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -39,7 +39,7 @@ int der_length_short_integer(unsigned long num, unsigned long *outlen)
++z;
y >>= 8;
}
-
+
/* handle zero */
if (z == 0) {
z = 1;
@@ -59,11 +59,12 @@ int der_length_short_integer(unsigned long num, unsigned long *outlen)
/* return length */
*outlen = len;
+
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/23 01:35:38 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c b/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c
index 43ba033..8a1f5fb 100644
--- a/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c
+++ b/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -39,6 +39,13 @@ static int char_to_int(unsigned char x)
if (y >= max) return CRYPT_INVALID_PACKET; \
x += 2;
+/**
+ Decodes a UTC time structure in DER format (reads all 6 valid encoding formats)
+ @param in Input buffer
+ @param inlen Length of input buffer in octets
+ @param out [out] Destination of UTC time structure
+ @return CRYPT_OK if successful
+*/
int der_decode_utctime(const unsigned char *in, unsigned long *inlen,
ltc_utctime *out)
{
@@ -116,5 +123,5 @@ YYMMDDhhmmss-hh'mm'
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/06/19 12:07:00 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c b/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c
index dad8c84..ae2ccbe 100644
--- a/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c
+++ b/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -24,8 +24,10 @@ static const char *baseten = "0123456789";
out[x++] = der_ia5_char_encode(baseten[y % 10]);
/**
- Gets length of DER encoding of UTCTIME
- @param outlen [out] The length of the DER encoding
+ Encodes a UTC time structure in DER format
+ @param utctime The UTC time structure to encode
+ @param out The destination of the DER encoding of the UTC time structure
+ @param outlen [in/out] The length of the DER encoding
@return CRYPT_OK if successful
*/
int der_encode_utctime(ltc_utctime *utctime,
@@ -42,6 +44,7 @@ int der_encode_utctime(ltc_utctime *utctime,
return err;
}
if (tmplen > *outlen) {
+ *outlen = tmplen;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -66,7 +69,7 @@ int der_encode_utctime(ltc_utctime *utctime,
}
/* store length */
- out[1] = x - 2;
+ out[1] = (unsigned char)(x - 2);
/* all good let's return */
*outlen = x;
@@ -76,5 +79,5 @@ int der_encode_utctime(ltc_utctime *utctime,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/19 12:07:00 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c b/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c
index 84e654a..60f09de 100644
--- a/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c
+++ b/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -19,6 +19,7 @@
/**
Gets length of DER encoding of UTCTIME
+ @param utctime The UTC time structure to get the size of
@param outlen [out] The length of the DER encoding
@return CRYPT_OK if successful
*/
@@ -41,5 +42,5 @@ int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/06/19 11:23:04 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c
new file mode 100644
index 0000000..28b5520
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c
@@ -0,0 +1,111 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_decode_utf8_string.c
+ ASN.1 DER, encode a UTF8 STRING, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Store a UTF8 STRING
+ @param in The DER encoded UTF8 STRING
+ @param inlen The size of the DER UTF8 STRING
+ @param out [out] The array of utf8s stored (one per char)
+ @param outlen [in/out] The number of utf8s stored
+ @return CRYPT_OK if successful
+*/
+int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
+ wchar_t *out, unsigned long *outlen)
+{
+ wchar_t tmp;
+ unsigned long x, y, z, len;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* must have header at least */
+ if (inlen < 2) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* check for 0x0C */
+ if ((in[0] & 0x1F) != 0x0C) {
+ return CRYPT_INVALID_PACKET;
+ }
+ x = 1;
+
+ /* decode the length */
+ if (in[x] & 0x80) {
+ /* valid # of bytes in length are 1,2,3 */
+ y = in[x] & 0x7F;
+ if ((y == 0) || (y > 3) || ((x + y) > inlen)) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* read the length in */
+ len = 0;
+ ++x;
+ while (y--) {
+ len = (len << 8) | in[x++];
+ }
+ } else {
+ len = in[x++] & 0x7F;
+ }
+
+ if (len + x > inlen) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* proceed to decode */
+ for (y = 0; x < inlen; ) {
+ /* get first byte */
+ tmp = in[x++];
+
+ /* count number of bytes */
+ for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
+
+ if (z > 4 || (x + (z - 1) > inlen)) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* decode, grab upper bits */
+ tmp >>= z;
+
+ /* grab remaining bytes */
+ if (z > 1) { --z; }
+ while (z-- != 0) {
+ if ((in[x] & 0xC0) != 0x80) {
+ return CRYPT_INVALID_PACKET;
+ }
+ tmp = (tmp << 6) | ((wchar_t)in[x++] & 0x3F);
+ }
+
+ if (y > *outlen) {
+ *outlen = y;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+ out[y++] = tmp;
+ }
+ *outlen = y;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/26 02:27:37 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c b/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c
new file mode 100644
index 0000000..2dd6081
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c
@@ -0,0 +1,105 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_utf8_string.c
+ ASN.1 DER, encode a UTF8 STRING, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Store an UTF8 STRING
+ @param in The array of UTF8 to store (one per wchar_t)
+ @param inlen The number of UTF8 to store
+ @param out [out] The destination for the DER encoded UTF8 STRING
+ @param outlen [in/out] The max size and resulting size of the DER UTF8 STRING
+ @return CRYPT_OK if successful
+*/
+int der_encode_utf8_string(const wchar_t *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x, y, len;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* get the size */
+ for (x = len = 0; x < inlen; x++) {
+ if (in[x] < 0 || in[x] > 0x1FFFF) {
+ return CRYPT_INVALID_ARG;
+ }
+ len += der_utf8_charsize(in[x]);
+ }
+
+ if (len < 128) {
+ y = 2 + len;
+ } else if (len < 256) {
+ y = 3 + len;
+ } else if (len < 65536UL) {
+ y = 4 + len;
+ } else if (len < 16777216UL) {
+ y = 5 + len;
+ } else {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* too big? */
+ if (y > *outlen) {
+ *outlen = len;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* encode the header+len */
+ x = 0;
+ out[x++] = 0x0C;
+ if (len < 128) {
+ out[x++] = len;
+ } else if (len < 256) {
+ out[x++] = 0x81;
+ out[x++] = len;
+ } else if (len < 65536UL) {
+ out[x++] = 0x82;
+ out[x++] = (len>>8)&255;
+ out[x++] = len&255;
+ } else if (len < 16777216UL) {
+ out[x++] = 0x83;
+ out[x++] = (len>>16)&255;
+ out[x++] = (len>>8)&255;
+ out[x++] = len&255;
+ } else {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* store UTF8 */
+ for (y = 0; y < inlen; y++) {
+ switch (der_utf8_charsize(in[y])) {
+ case 1: out[x++] = in[y]; break;
+ case 2: out[x++] = 0xC0 | ((in[y] >> 6) & 0x1F); out[x++] = 0x80 | (in[y] & 0x3F); break;
+ case 3: out[x++] = 0xE0 | ((in[y] >> 12) & 0x0F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break;
+ case 4: out[x++] = 0xF0 | ((in[y] >> 18) & 0x07); out[x++] = 0x80 | ((in[y] >> 12) & 0x3F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break;
+ }
+ }
+
+ /* retun length */
+ *outlen = x;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/16 17:41:21 $ */
diff --git a/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c b/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c
new file mode 100644
index 0000000..b5b2bc6
--- /dev/null
+++ b/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c
@@ -0,0 +1,83 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_length_utf8_string.c
+ ASN.1 DER, get length of UTF8 STRING, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+/** Return the size in bytes of a UTF-8 character
+ @param c The UTF-8 character to measure
+ @return The size in bytes
+*/
+unsigned long der_utf8_charsize(const wchar_t c)
+{
+ if (c <= 0x7F) {
+ return 1;
+ } else if (c <= 0x7FF) {
+ return 2;
+ } else if (c <= 0xFFFF) {
+ return 3;
+ } else {
+ return 4;
+ }
+}
+
+/**
+ Gets length of DER encoding of UTF8 STRING
+ @param in The characters to measure the length of
+ @param noctets The number of octets in the string to encode
+ @param outlen [out] The length of the DER encoding for the given string
+ @return CRYPT_OK if successful
+*/
+int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen)
+{
+ unsigned long x, len;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ len = 0;
+ for (x = 0; x < noctets; x++) {
+ if (in[x] < 0 || in[x] > 0x10FFFF) {
+ return CRYPT_INVALID_ARG;
+ }
+ len += der_utf8_charsize(in[x]);
+ }
+
+ if (len < 128) {
+ /* 0C LL DD DD DD ... */
+ *outlen = 2 + len;
+ } else if (len < 256) {
+ /* 0C 81 LL DD DD DD ... */
+ *outlen = 3 + len;
+ } else if (len < 65536UL) {
+ /* 0C 82 LL LL DD DD DD ... */
+ *outlen = 4 + len;
+ } else if (len < 16777216UL) {
+ /* 0C 83 LL LL LL DD DD DD ... */
+ *outlen = 5 + len;
+ } else {
+ return CRYPT_INVALID_ARG;
+ }
+
+ return CRYPT_OK;
+}
+
+#endif
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/16 17:41:21 $ */
diff --git a/libtomcrypt/src/pk/dh/dh.c b/libtomcrypt/src/pk/dh/dh.c
deleted file mode 100644
index a54f29b..0000000
--- a/libtomcrypt/src/pk/dh/dh.c
+++ /dev/null
@@ -1,524 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-/**
- @file dh.c
- DH crypto, Tom St Denis
-*/
-
-#ifdef MDH
-
-/* max export size we'll encounter (smaller than this but lets round up a bit) */
-#define DH_BUF_SIZE 1200
-
-/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */
-static const struct {
- int size;
- char *name, *base, *prime;
-} sets[] = {
-#ifdef DH768
-{
- 96,
- "DH-768",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "//////m3wvV"
-},
-#endif
-#ifdef DH1024
-{
- 128,
- "DH-1024",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////m3C47"
-},
-#endif
-#ifdef DH1280
-{
- 160,
- "DH-1280",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "//////////////////////////////m4kSN"
-},
-#endif
-#ifdef DH1536
-{
- 192,
- "DH-1536",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////m5uqd"
-},
-#endif
-#ifdef DH1792
-{
- 224,
- "DH-1792",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "//////////////////////////////////////////////////////mT/sd"
-},
-#endif
-#ifdef DH2048
-{
- 256,
- "DH-2048",
- "4",
- "3///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////////////////////////////////////////m8MPh"
-},
-#endif
-#ifdef DH2560
-{
- 320,
- "DH-2560",
- "4",
- "3///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////mKFpF"
-},
-#endif
-#ifdef DH3072
-{
- 384,
- "DH-3072",
- "4",
- "3///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////////////////////////////m32nN"
-},
-#endif
-#ifdef DH4096
-{
- 512,
- "DH-4096",
- "4",
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////////////////////m8pOF"
-},
-#endif
-{
- 0,
- NULL,
- NULL,
- NULL
-}
-};
-
-static int is_valid_idx(int n)
-{
- int x;
-
- for (x = 0; sets[x].size; x++);
- if ((n < 0) || (n >= x)) {
- return 0;
- }
- return 1;
-}
-
-/**
- Test the DH sub-system (can take a while)
- @return CRYPT_OK if successful
-*/
-int dh_test(void)
-{
- mp_int p, g, tmp;
- int x, err, primality;
-
- if ((err = mp_init_multi(&p, &g, &tmp, NULL)) != MP_OKAY) { goto error; }
-
- for (x = 0; sets[x].size != 0; x++) {
-#if 0
- printf("dh_test():testing size %d-bits\n", sets[x].size * 8);
-#endif
- if ((err = mp_read_radix(&g,(char *)sets[x].base, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&p,(char *)sets[x].prime, 64)) != MP_OKAY) { goto error; }
-
- /* ensure p is prime */
- if ((err = is_prime(&p, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- if ((err = mp_sub_d(&p, 1, &tmp)) != MP_OKAY) { goto error; }
- if ((err = mp_div_2(&tmp, &tmp)) != MP_OKAY) { goto error; }
-
- /* ensure (p-1)/2 is prime */
- if ((err = is_prime(&tmp, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- /* now see if g^((p-1)/2) mod p is in fact 1 */
- if ((err = mp_exptmod(&g, &tmp, &p, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&tmp, 1)) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
- }
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&tmp, &g, &p, NULL);
- return err;
-}
-
-/**
- Get the min and max DH key sizes (octets)
- @param low [out] The smallest key size supported
- @param high [out] The largest key size supported
-*/
-void dh_sizes(int *low, int *high)
-{
- int x;
- LTC_ARGCHK(low != NULL);
- LTC_ARGCHK(high != NULL);
- *low = INT_MAX;
- *high = 0;
- for (x = 0; sets[x].size != 0; x++) {
- if (*low > sets[x].size) *low = sets[x].size;
- if (*high < sets[x].size) *high = sets[x].size;
- }
-}
-
-/**
- Returns the key size of a given DH key (octets)
- @param key The DH key to get the size of
- @return The size if valid or INT_MAX if not
-*/
-int dh_get_size(dh_key *key)
-{
- LTC_ARGCHK(key != NULL);
- if (is_valid_idx(key->idx) == 1) {
- return sets[key->idx].size;
- } else {
- return INT_MAX; /* large value that would cause dh_make_key() to fail */
- }
-}
-
-/**
- Make a DH key [private key pair]
- @param prng An active PRNG state
- @param wprng The index for the PRNG you desire to use
- @param keysize The key size (octets) desired
- @param key [out] Where the newly created DH key will be stored
- @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
-*/
-int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
-{
- unsigned char *buf;
- unsigned long x;
- mp_int p, g;
- int err;
-
- LTC_ARGCHK(key != NULL);
-
- /* good prng? */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* find key size */
- for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++);
-#ifdef FAST_PK
- keysize = MIN(sets[x].size, 32);
-#else
- keysize = sets[x].size;
-#endif
-
- if (sets[x].size == 0) {
- return CRYPT_INVALID_KEYSIZE;
- }
- key->idx = x;
-
- /* allocate buffer */
- buf = XMALLOC(keysize);
- if (buf == NULL) {
- return CRYPT_MEM;
- }
-
- /* make up random string */
- if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) {
- err = CRYPT_ERROR_READPRNG;
- goto error2;
- }
-
- /* init parameters */
- if ((err = mp_init_multi(&g, &p, &key->x, &key->y, NULL)) != MP_OKAY) {
- goto error;
- }
- if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
-
- /* load the x value */
- if ((err = mp_read_unsigned_bin(&key->x, buf, keysize)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&g, &key->x, &p, &key->y)) != MP_OKAY) { goto error; }
- key->type = PK_PRIVATE;
-
- if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; }
-
- /* free up ram */
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-error2:
- mp_clear_multi(&key->x, &key->y, NULL);
-done:
-#ifdef LTC_CLEAN_STACK
- zeromem(buf, keysize);
-#endif
- mp_clear_multi(&p, &g, NULL);
- XFREE(buf);
- return err;
-}
-
-/**
- Free the allocated ram for a DH key
- @param key The key which you wish to free
-*/
-void dh_free(dh_key *key)
-{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->x, &key->y, NULL);
-}
-
-/**
- Export a DH key to a binary packet
- @param out [out] The destination for the key
- @param outlen [in/out] The max size and resulting size of the DH key
- @param type Which type of key (PK_PRIVATE or PK_PUBLIC)
- @param key The key you wish to export
- @return CRYPT_OK if successful
-*/
-int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key)
-{
- unsigned long y, z;
- int err;
-
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* can we store the static header? */
- if (*outlen < (PACKET_SIZE + 2)) {
- return CRYPT_BUFFER_OVERFLOW;
- }
-
- if (type == PK_PRIVATE && key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* header */
- y = PACKET_SIZE;
-
- /* header */
- out[y++] = type;
- out[y++] = (unsigned char)(sets[key->idx].size / 8);
-
- /* export y */
- OUTPUT_BIGNUM(&key->y, out, y, z);
-
- if (type == PK_PRIVATE) {
- /* export x */
- OUTPUT_BIGNUM(&key->x, out, y, z);
- }
-
- /* store header */
- packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_KEY);
-
- /* store len */
- *outlen = y;
- return CRYPT_OK;
-}
-
-/**
- Import a DH key from a binary packet
- @param in The packet to read
- @param inlen The length of the input packet
- @param key [out] Where to import the key to
- @return CRYPT_OK if successful, on error all allocated memory is freed automatically
-*/
-int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key)
-{
- unsigned long x, y, s;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* make sure valid length */
- if ((2+PACKET_SIZE) > inlen) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* check type byte */
- if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_KEY)) != CRYPT_OK) {
- return err;
- }
-
- /* init */
- if ((err = mp_init_multi(&key->x, &key->y, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- /* advance past packet header */
- y = PACKET_SIZE;
-
- /* key type, e.g. private, public */
- key->type = (int)in[y++];
-
- /* key size in bytes */
- s = (unsigned long)in[y++] * 8;
-
- for (x = 0; (s > (unsigned long)sets[x].size) && (sets[x].size != 0); x++);
- if (sets[x].size == 0) {
- err = CRYPT_INVALID_KEYSIZE;
- goto error;
- }
- key->idx = (int)x;
-
- /* type check both values */
- if ((key->type != PK_PUBLIC) && (key->type != PK_PRIVATE)) {
- err = CRYPT_PK_TYPE_MISMATCH;
- goto error;
- }
-
- /* is the key idx valid? */
- if (is_valid_idx(key->idx) != 1) {
- err = CRYPT_PK_TYPE_MISMATCH;
- goto error;
- }
-
- /* load public value g^x mod p*/
- INPUT_BIGNUM(&key->y, in, x, y, inlen);
-
- if (key->type == PK_PRIVATE) {
- INPUT_BIGNUM(&key->x, in, x, y, inlen);
- }
-
- /* eliminate private key if public */
- if (key->type == PK_PUBLIC) {
- mp_clear(&key->x);
- }
-
- return CRYPT_OK;
-error:
- mp_clear_multi(&key->y, &key->x, NULL);
- return err;
-}
-
-/**
- Create a DH shared secret.
- @param private_key The private DH key in the pair
- @param public_key The public DH key in the pair
- @param out [out] The destination of the shared data
- @param outlen [in/out] The max size and resulting size of the shared data.
- @return CRYPT_OK if successful
-*/
-int dh_shared_secret(dh_key *private_key, dh_key *public_key,
- unsigned char *out, unsigned long *outlen)
-{
- mp_int tmp, p;
- unsigned long x;
- int err;
-
- LTC_ARGCHK(private_key != NULL);
- LTC_ARGCHK(public_key != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
-
- /* types valid? */
- if (private_key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* same idx? */
- if (private_key->idx != public_key->idx) {
- return CRYPT_PK_TYPE_MISMATCH;
- }
-
- /* compute y^x mod p */
- if ((err = mp_init_multi(&tmp, &p, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_read_radix(&p, (char *)sets[private_key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&public_key->y, &private_key->x, &p, &tmp)) != MP_OKAY) { goto error; }
-
- /* enough space for output? */
- x = (unsigned long)mp_unsigned_bin_size(&tmp);
- if (*outlen < x) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto done;
- }
- if ((err = mp_to_unsigned_bin(&tmp, out)) != MP_OKAY) { goto error; }
- *outlen = x;
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&p, &tmp, NULL);
- return err;
-}
-
-#include "dh_sys.c"
-
-#endif
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/dh/dh.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/libtomcrypt/src/pk/dh/dh_sys.c b/libtomcrypt/src/pk/dh/dh_sys.c
deleted file mode 100644
index 4f10556..0000000
--- a/libtomcrypt/src/pk/dh/dh_sys.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-
-/**
- @file dh_sys.c
- DH Crypto, Tom St Denis
-*/
-
-/**
- Encrypt a short symmetric key with a public DH key
- @param in The symmetric key to encrypt
- @param inlen The length of the key (octets)
- @param out [out] The ciphertext
- @param outlen [in/out] The max size and resulting size of the ciphertext
- @param prng An active PRNG state
- @param wprng The index of the PRNG desired
- @param hash The index of the hash desired (must produce a digest of size >= the size of the plaintext)
- @param key The public key you wish to encrypt with.
- @return CRYPT_OK if successful
-*/
-int dh_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, int hash,
- dh_key *key)
-{
- unsigned char *pub_expt, *dh_shared, *skey;
- dh_key pubkey;
- unsigned long x, y, z, hashsize, pubkeysize;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* check that wprng/hash are not invalid */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- if ((err = hash_is_valid(hash)) != CRYPT_OK) {
- return err;
- }
-
- if (inlen > hash_descriptor[hash].hashsize) {
- return CRYPT_INVALID_HASH;
- }
-
- /* allocate memory */
- pub_expt = XMALLOC(DH_BUF_SIZE);
- dh_shared = XMALLOC(DH_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (pub_expt == NULL || dh_shared == NULL || skey == NULL) {
- if (pub_expt != NULL) {
- XFREE(pub_expt);
- }
- if (dh_shared != NULL) {
- XFREE(dh_shared);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- return CRYPT_MEM;
- }
-
- /* make a random key and export the public copy */
- if ((err = dh_make_key(prng, wprng, dh_get_size(key), &pubkey)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- pubkeysize = DH_BUF_SIZE;
- if ((err = dh_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) {
- dh_free(&pubkey);
- goto LBL_ERR;
- }
-
- /* now check if the out buffer is big enough */
- if (*outlen < (1 + 4 + 4 + PACKET_SIZE + pubkeysize + inlen)) {
- dh_free(&pubkey);
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* make random key */
- hashsize = hash_descriptor[hash].hashsize;
-
- x = DH_BUF_SIZE;
- if ((err = dh_shared_secret(&pubkey, key, dh_shared, &x)) != CRYPT_OK) {
- dh_free(&pubkey);
- goto LBL_ERR;
- }
- dh_free(&pubkey);
-
- z = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, dh_shared, x, skey, &z)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* store header */
- packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_ENC_KEY);
-
- /* output header */
- y = PACKET_SIZE;
-
- /* size of hash name and the name itself */
- out[y++] = hash_descriptor[hash].ID;
-
- /* length of DH pubkey and the key itself */
- STORE32L(pubkeysize, out+y);
- y += 4;
- for (x = 0; x < pubkeysize; x++, y++) {
- out[y] = pub_expt[x];
- }
-
- /* Store the encrypted key */
- STORE32L(inlen, out+y);
- y += 4;
-
- for (x = 0; x < inlen; x++, y++) {
- out[y] = skey[x] ^ in[x];
- }
- *outlen = y;
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- /* clean up */
- zeromem(pub_expt, DH_BUF_SIZE);
- zeromem(dh_shared, DH_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
- XFREE(skey);
- XFREE(dh_shared);
- XFREE(pub_expt);
-
- return err;
-}
-
-/**
- Decrypt a DH encrypted symmetric key
- @param in The DH encrypted packet
- @param inlen The length of the DH encrypted packet
- @param out The plaintext
- @param outlen [in/out] The max size and resulting size of the plaintext
- @param key The private DH key corresponding to the public key that encrypted the plaintext
- @return CRYPT_OK if successful
-*/
-int dh_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- dh_key *key)
-{
- unsigned char *shared_secret, *skey;
- unsigned long x, y, z, hashsize, keysize;
- int hash, err;
- dh_key pubkey;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* right key type? */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* allocate ram */
- shared_secret = XMALLOC(DH_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (shared_secret == NULL || skey == NULL) {
- if (shared_secret != NULL) {
- XFREE(shared_secret);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- return CRYPT_MEM;
- }
-
- /* check if initial header should fit */
- if (inlen < PACKET_SIZE+1+4+4) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- } else {
- inlen -= PACKET_SIZE+1+4+4;
- }
-
- /* is header correct? */
- if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_ENC_KEY)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* now lets get the hash name */
- y = PACKET_SIZE;
- hash = find_hash_id(in[y++]);
- if (hash == -1) {
- err = CRYPT_INVALID_HASH;
- goto LBL_ERR;
- }
-
- /* common values */
- hashsize = hash_descriptor[hash].hashsize;
-
- /* get public key */
- LOAD32L(x, in+y);
-
- /* now check if the imported key will fit */
- if (inlen < x) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- } else {
- inlen -= x;
- }
-
- y += 4;
- if ((err = dh_import(in+y, x, &pubkey)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- y += x;
-
- /* make shared key */
- x = DH_BUF_SIZE;
- if ((err = dh_shared_secret(key, &pubkey, shared_secret, &x)) != CRYPT_OK) {
- dh_free(&pubkey);
- goto LBL_ERR;
- }
- dh_free(&pubkey);
-
- z = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, shared_secret, x, skey, &z)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* load in the encrypted key */
- LOAD32L(keysize, in+y);
-
- /* will the out fit as part of the input */
- if (inlen < keysize) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- } else {
- inlen -= keysize;
- }
-
- if (keysize > *outlen) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
- y += 4;
-
- *outlen = keysize;
-
- for (x = 0; x < keysize; x++, y++) {
- out[x] = skey[x] ^ in[y];
- }
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(shared_secret, DH_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
-
- XFREE(skey);
- XFREE(shared_secret);
-
- return err;
-}
-
-/* perform an ElGamal Signature of a hash
- *
- * The math works as follows. x is the private key, M is the message to sign
-
- 1. pick a random k
- 2. compute a = g^k mod p
- 3. compute b = (M - xa)/k mod p
- 4. Send (a,b)
-
- Now to verify with y=g^x mod p, a and b
-
- 1. compute y^a * a^b = g^(xa) * g^(k*(M-xa)/k)
- = g^(xa + (M - xa))
- = g^M [all mod p]
-
- 2. Compare against g^M mod p [based on input hash].
- 3. If result of #2 == result of #1 then signature valid
-*/
-
-/**
- Sign a message digest using a DH private key
- @param in The data to sign
- @param inlen The length of the input (octets)
- @param out [out] The destination of the signature
- @param outlen [in/out] The max size and resulting size of the output
- @param prng An active PRNG state
- @param wprng The index of the PRNG desired
- @param key A private DH key
- @return CRYPT_OK if successful
-*/
-int dh_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, dh_key *key)
-{
- mp_int a, b, k, m, g, p, p1, tmp;
- unsigned char *buf;
- unsigned long x, y;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* check parameters */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* is the IDX valid ? */
- if (is_valid_idx(key->idx) != 1) {
- return CRYPT_PK_INVALID_TYPE;
- }
-
- /* allocate ram for buf */
- buf = XMALLOC(520);
-
- /* make up a random value k,
- * since the order of the group is prime
- * we need not check if gcd(k, r) is 1
- */
- if (prng_descriptor[wprng].read(buf, sets[key->idx].size, prng) !=
- (unsigned long)(sets[key->idx].size)) {
- err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
- }
-
- /* init bignums */
- if ((err = mp_init_multi(&a, &b, &k, &m, &p, &g, &p1, &tmp, NULL)) != MP_OKAY) {
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
- }
-
- /* load k and m */
- if ((err = mp_read_unsigned_bin(&m, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; }
- if ((err = mp_read_unsigned_bin(&k, buf, sets[key->idx].size)) != MP_OKAY) { goto error; }
-
- /* load g, p and p1 */
- if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_sub_d(&p, 1, &p1)) != MP_OKAY) { goto error; }
- if ((err = mp_div_2(&p1, &p1)) != MP_OKAY) { goto error; } /* p1 = (p-1)/2 */
-
- /* now get a = g^k mod p */
- if ((err = mp_exptmod(&g, &k, &p, &a)) != MP_OKAY) { goto error; }
-
- /* now find M = xa + kb mod p1 or just b = (M - xa)/k mod p1 */
- if ((err = mp_invmod(&k, &p1, &k)) != MP_OKAY) { goto error; } /* k = 1/k mod p1 */
- if ((err = mp_mulmod(&a, &key->x, &p1, &tmp)) != MP_OKAY) { goto error; } /* tmp = xa */
- if ((err = mp_submod(&m, &tmp, &p1, &tmp)) != MP_OKAY) { goto error; } /* tmp = M - xa */
- if ((err = mp_mulmod(&k, &tmp, &p1, &b)) != MP_OKAY) { goto error; } /* b = (M - xa)/k */
-
- /* check for overflow */
- if ((unsigned long)(PACKET_SIZE + 4 + 4 + mp_unsigned_bin_size(&a) + mp_unsigned_bin_size(&b)) > *outlen) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* store header */
- y = PACKET_SIZE;
-
- /* now store them both (a,b) */
- x = (unsigned long)mp_unsigned_bin_size(&a);
- STORE32L(x, out+y); y += 4;
- if ((err = mp_to_unsigned_bin(&a, out+y)) != MP_OKAY) { goto error; }
- y += x;
-
- x = (unsigned long)mp_unsigned_bin_size(&b);
- STORE32L(x, out+y); y += 4;
- if ((err = mp_to_unsigned_bin(&b, out+y)) != MP_OKAY) { goto error; }
- y += x;
-
- /* check if size too big */
- if (*outlen < y) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* store header */
- packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_SIGNED);
- *outlen = y;
-
- err = CRYPT_OK;
- goto LBL_ERR;
-error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&tmp, &p1, &g, &p, &m, &k, &b, &a, NULL);
-
- XFREE(buf);
-
- return err;
-}
-
-
-/**
- Verify the signature given
- @param sig The signature
- @param siglen The length of the signature (octets)
- @param hash The hash that was signed
- @param hashlen The length of the hash (octets)
- @param stat [out] Result of signature comparison, 1==valid, 0==invalid
- @param key The public DH key that signed the hash
- @return CRYPT_OK if succsessful (even if signature is invalid)
-*/
-int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int *stat, dh_key *key)
-{
- mp_int a, b, p, g, m, tmp;
- unsigned long x, y;
- int err;
-
- LTC_ARGCHK(sig != NULL);
- LTC_ARGCHK(hash != NULL);
- LTC_ARGCHK(stat != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* default to invalid */
- *stat = 0;
-
- /* check initial input length */
- if (siglen < PACKET_SIZE+4+4) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* header ok? */
- if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) {
- return err;
- }
-
- /* get hash out of packet */
- y = PACKET_SIZE;
-
- /* init all bignums */
- if ((err = mp_init_multi(&a, &p, &b, &g, &m, &tmp, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- /* load a and b */
- INPUT_BIGNUM(&a, sig, x, y, siglen);
- INPUT_BIGNUM(&b, sig, x, y, siglen);
-
- /* load p and g */
- if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error1; }
- if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error1; }
-
- /* load m */
- if ((err = mp_read_unsigned_bin(&m, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error1; }
-
- /* find g^m mod p */
- if ((err = mp_exptmod(&g, &m, &p, &m)) != MP_OKAY) { goto error1; } /* m = g^m mod p */
-
- /* find y^a * a^b */
- if ((err = mp_exptmod(&key->y, &a, &p, &tmp)) != MP_OKAY) { goto error1; } /* tmp = y^a mod p */
- if ((err = mp_exptmod(&a, &b, &p, &a)) != MP_OKAY) { goto error1; } /* a = a^b mod p */
- if ((err = mp_mulmod(&a, &tmp, &p, &a)) != MP_OKAY) { goto error1; } /* a = y^a * a^b mod p */
-
- /* y^a * a^b == g^m ??? */
- if (mp_cmp(&a, &m) == 0) {
- *stat = 1;
- }
-
- /* clean up */
- err = CRYPT_OK;
- goto done;
-error1:
- err = mpi_to_ltc_error(err);
-error:
-done:
- mp_clear_multi(&tmp, &m, &g, &p, &b, &a, NULL);
- return err;
-}
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/dh/dh_sys.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c b/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c
new file mode 100644
index 0000000..5cbedc6
--- /dev/null
+++ b/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c
@@ -0,0 +1,139 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file dsa_decrypt_key.c
+ DSA Crypto, Tom St Denis
+*/
+
+#ifdef MDSA
+
+/**
+ Decrypt an DSA encrypted key
+ @param in The ciphertext
+ @param inlen The length of the ciphertext (octets)
+ @param out [out] The plaintext
+ @param outlen [in/out] The max size and resulting size of the plaintext
+ @param key The corresponding private DSA key
+ @return CRYPT_OK if successful
+*/
+int dsa_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ dsa_key *key)
+{
+ unsigned char *skey, *expt;
+ void *g_pub;
+ unsigned long x, y, hashOID[32];
+ int hash, err;
+ ltc_asn1_list decode[3];
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* right key type? */
+ if (key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* decode to find out hash */
+ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
+
+ if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
+ return err;
+ }
+
+ hash = find_hash_oid(hashOID, decode[0].size);
+ if (hash_is_valid(hash) != CRYPT_OK) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* we now have the hash! */
+
+ if ((err = mp_init(&g_pub)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* allocate memory */
+ expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (expt == NULL || skey == NULL) {
+ if (expt != NULL) {
+ XFREE(expt);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ mp_clear(g_pub);
+ return CRYPT_MEM;
+ }
+
+ LTC_SET_ASN1(decode, 1, LTC_ASN1_INTEGER, g_pub, 1UL);
+ LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE);
+
+ /* read the structure in now */
+ if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* make shared key */
+ x = mp_unsigned_bin_size(key->p) + 1;
+ if ((err = dsa_shared_secret(key->x, g_pub, key, expt, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ y = MIN(mp_unsigned_bin_size(key->p) + 1, MAXBLOCKSIZE);
+ if ((err = hash_memory(hash, expt, x, expt, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* ensure the hash of the shared secret is at least as big as the encrypt itself */
+ if (decode[2].size > y) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
+ /* avoid buffer overflow */
+ if (*outlen < decode[2].size) {
+ *outlen = decode[2].size;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto LBL_ERR;
+ }
+
+ /* Decrypt the key */
+ for (x = 0; x < decode[2].size; x++) {
+ out[x] = expt[x] ^ skey[x];
+ }
+ *outlen = x;
+
+ err = CRYPT_OK;
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ zeromem(expt, mp_unsigned_bin_size(key->p) + 1);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(expt);
+ XFREE(skey);
+
+ mp_clear(g_pub);
+
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
+
diff --git a/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c b/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c
new file mode 100644
index 0000000..cefa4de
--- /dev/null
+++ b/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c
@@ -0,0 +1,135 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file dsa_encrypt_key.c
+ DSA Crypto, Tom St Denis
+*/
+
+#ifdef MDSA
+
+/**
+ Encrypt a symmetric key with DSA
+ @param in The symmetric key you want to encrypt
+ @param inlen The length of the key to encrypt (octets)
+ @param out [out] The destination for the ciphertext
+ @param outlen [in/out] The max size and resulting size of the ciphertext
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param hash The index of the hash you want to use
+ @param key The DSA key you want to encrypt to
+ @return CRYPT_OK if successful
+*/
+int dsa_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, int hash,
+ dsa_key *key)
+{
+ unsigned char *expt, *skey;
+ void *g_pub, *g_priv;
+ unsigned long x, y;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* check that wprng/cipher/hash are not invalid */
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = hash_is_valid(hash)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (inlen > hash_descriptor[hash].hashsize) {
+ return CRYPT_INVALID_HASH;
+ }
+
+ /* make a random key and export the public copy */
+ if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (expt == NULL || skey == NULL) {
+ if (expt != NULL) {
+ XFREE(expt);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ mp_clear_multi(g_pub, g_priv, NULL);
+ return CRYPT_MEM;
+ }
+
+ /* make a random x, g^x pair */
+ x = mp_unsigned_bin_size(key->q);
+ if (prng_descriptor[wprng].read(expt, x, prng) != x) {
+ err = CRYPT_ERROR_READPRNG;
+ goto LBL_ERR;
+ }
+
+ /* load x */
+ if ((err = mp_read_unsigned_bin(g_priv, expt, x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* compute y */
+ if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* make random key */
+ x = mp_unsigned_bin_size(key->p) + 1;
+ if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ y = MAXBLOCKSIZE;
+ if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* Encrypt key */
+ for (x = 0; x < inlen; x++) {
+ skey[x] ^= in[x];
+ }
+
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID,
+ LTC_ASN1_INTEGER, 1UL, g_pub,
+ LTC_ASN1_OCTET_STRING, inlen, skey,
+ LTC_ASN1_EOL, 0UL, NULL);
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ /* clean up */
+ zeromem(expt, mp_unsigned_bin_size(key->p) + 1);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(skey);
+ XFREE(expt);
+
+ mp_clear_multi(g_pub, g_priv, NULL);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
+
diff --git a/libtomcrypt/src/pk/dsa/dsa_export.c b/libtomcrypt/src/pk/dsa/dsa_export.c
index 5a093d9..d882779 100644
--- a/libtomcrypt/src/pk/dsa/dsa_export.c
+++ b/libtomcrypt/src/pk/dsa/dsa_export.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -47,19 +47,19 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key
if (type == PK_PRIVATE) {
return der_encode_sequence_multi(out, outlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
- LTC_ASN1_INTEGER, 1UL, &key->x,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
+ LTC_ASN1_INTEGER, 1UL, key->x,
LTC_ASN1_EOL, 0UL, NULL);
} else {
return der_encode_sequence_multi(out, outlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
LTC_ASN1_EOL, 0UL, NULL);
}
}
@@ -68,5 +68,5 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_export.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/06/03 19:24:31 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/dsa/dsa_free.c b/libtomcrypt/src/pk/dsa/dsa_free.c
index 9157acb..92a1eb7 100644
--- a/libtomcrypt/src/pk/dsa/dsa_free.c
+++ b/libtomcrypt/src/pk/dsa/dsa_free.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -23,12 +23,12 @@
*/
void dsa_free(dsa_key *key)
{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
+ LTC_ARGCHKVD(key != NULL);
+ mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_free.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/09 01:38:13 $ */
diff --git a/libtomcrypt/src/pk/dsa/dsa_import.c b/libtomcrypt/src/pk/dsa/dsa_import.c
index e81bac8..bb2272a 100644
--- a/libtomcrypt/src/pk/dsa/dsa_import.c
+++ b/libtomcrypt/src/pk/dsa/dsa_import.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,9 +31,10 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
- if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != MP_OKAY) {
+ if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != CRYPT_OK) {
return CRYPT_MEM;
}
@@ -47,11 +48,11 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
if (flags[0] == 1) {
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
- LTC_ASN1_INTEGER, 1UL, &key->x,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
+ LTC_ASN1_INTEGER, 1UL, key->x,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto error;
}
@@ -59,31 +60,31 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
} else {
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto error;
}
key->type = PK_PUBLIC;
}
- key->qord = mp_unsigned_bin_size(&key->q);
+ key->qord = mp_unsigned_bin_size(key->q);
if (key->qord >= MDSA_MAX_GROUP || key->qord <= 15 ||
- key->qord >= mp_unsigned_bin_size(&key->p) || (mp_unsigned_bin_size(&key->p) - key->qord) >= MDSA_DELTA) {
+ (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= MDSA_DELTA) {
err = CRYPT_INVALID_PACKET;
goto error;
}
return CRYPT_OK;
error:
- mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL);
+ mp_clear_multi(key->p, key->g, key->q, key->x, key->y, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_import.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/06/08 23:31:17 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/dsa/dsa_make_key.c b/libtomcrypt/src/pk/dsa/dsa_make_key.c
index 02f69e0..293e814 100644
--- a/libtomcrypt/src/pk/dsa/dsa_make_key.c
+++ b/libtomcrypt/src/pk/dsa/dsa_make_key.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,11 +28,12 @@
*/
int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
{
- mp_int tmp, tmp2;
+ void *tmp, *tmp2;
int err, res;
unsigned char *buf;
LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
/* check prng */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
@@ -52,21 +53,21 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
}
/* init mp_ints */
- if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != MP_OKAY) {
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
+ if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) {
+ XFREE(buf);
+ return err;
}
/* make our prime q */
- if ((err = rand_prime(&key->q, group_size*8, prng, wprng)) != CRYPT_OK) { goto LBL_ERR; }
+ if ((err = rand_prime(key->q, group_size, prng, wprng)) != CRYPT_OK) { goto error; }
/* double q */
- if ((err = mp_mul_2(&key->q, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_add(key->q, key->q, tmp)) != CRYPT_OK) { goto error; }
/* now make a random string and multply it against q */
if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) {
err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
+ goto error;
}
/* force magnitude */
@@ -75,30 +76,30 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
/* force even */
buf[modulus_size - group_size - 1] &= ~1;
- if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&key->q, &tmp2, &key->p)) != MP_OKAY) { goto error; }
- if ((err = mp_add_d(&key->p, 1, &key->p)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mul(key->q, tmp2, key->p)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add_d(key->p, 1, key->p)) != CRYPT_OK) { goto error; }
/* now loop until p is prime */
for (;;) {
- if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { goto LBL_ERR; }
- if (res == MP_YES) break;
+ if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { goto error; }
+ if (res == LTC_MP_YES) break;
/* add 2q to p and 2 to tmp2 */
- if ((err = mp_add(&tmp, &key->p, &key->p)) != MP_OKAY) { goto error; }
- if ((err = mp_add_d(&tmp2, 2, &tmp2)) != MP_OKAY) { goto error; }
+ if ((err = mp_add(tmp, key->p, key->p)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add_d(tmp2, 2, tmp2)) != CRYPT_OK) { goto error; }
}
/* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */
- mp_set(&key->g, 1);
+ mp_set(key->g, 1);
do {
- if ((err = mp_add_d(&key->g, 1, &key->g)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != MP_OKAY) { goto error; }
- } while (mp_cmp_d(&tmp, 1) == MP_EQ);
+ if ((err = mp_add_d(key->g, 1, key->g)) != CRYPT_OK) { goto error; }
+ if ((err = mp_exptmod(key->g, tmp2, key->p, tmp)) != CRYPT_OK) { goto error; }
+ } while (mp_cmp_d(tmp, 1) == LTC_MP_EQ);
/* at this point tmp generates a group of order q mod p */
- mp_exch(&tmp, &key->g);
+ mp_exch(tmp, key->g);
/* so now we have our DH structure, generator g, order q, modulus p
Now we need a random exponent [mod q] and it's power g^x mod p
@@ -106,22 +107,15 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
do {
if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) {
err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
+ goto error;
}
- if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; }
- } while (mp_cmp_d(&key->x, 1) != MP_GT);
- if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; }
-
+ if ((err = mp_read_unsigned_bin(key->x, buf, group_size)) != CRYPT_OK) { goto error; }
+ } while (mp_cmp_d(key->x, 1) != LTC_MP_GT);
+ if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto error; }
+
key->type = PK_PRIVATE;
key->qord = group_size;
- /* shrink the ram required */
- if ((err = mp_shrink(&key->g)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; }
-
#ifdef LTC_CLEAN_STACK
zeromem(buf, MDSA_DELTA);
#endif
@@ -129,12 +123,9 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
err = CRYPT_OK;
goto done;
error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
+ mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL);
done:
- mp_clear_multi(&tmp, &tmp2, NULL);
-
+ mp_clear_multi(tmp, tmp2, NULL);
XFREE(buf);
return err;
}
@@ -142,5 +133,5 @@ done:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_make_key.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/11 05:45:35 $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
diff --git a/libtomcrypt/src/pk/dsa/dsa_shared_secret.c b/libtomcrypt/src/pk/dsa/dsa_shared_secret.c
new file mode 100644
index 0000000..570d637
--- /dev/null
+++ b/libtomcrypt/src/pk/dsa/dsa_shared_secret.c
@@ -0,0 +1,72 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file dsa_shared_secret.c
+ DSA Crypto, Tom St Denis
+*/
+
+#ifdef MDSA
+
+/**
+ Create a DSA shared secret between two keys
+ @param private_key The private DSA key (the exponent)
+ @param base The base of the exponentiation (allows this to be used for both encrypt and decrypt)
+ @param public_key The public key
+ @param out [out] Destination of the shared secret
+ @param outlen [in/out] The max size and resulting size of the shared secret
+ @return CRYPT_OK if successful
+*/
+int dsa_shared_secret(void *private_key, void *base,
+ dsa_key *public_key,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x;
+ void *res;
+ int err;
+
+ LTC_ARGCHK(private_key != NULL);
+ LTC_ARGCHK(public_key != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* make new point */
+ if ((err = mp_init(&res)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = mp_exptmod(base, private_key, public_key->p, res)) != CRYPT_OK) {
+ mp_clear(res);
+ return err;
+ }
+
+ x = (unsigned long)mp_unsigned_bin_size(res);
+ if (*outlen < x) {
+ *outlen = x;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto done;
+ }
+ zeromem(out, x);
+ if ((err = mp_to_unsigned_bin(res, out + (x - mp_unsigned_bin_size(res)))) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+ *outlen = x;
+done:
+ mp_clear(res);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_shared_secret.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
+
diff --git a/libtomcrypt/src/pk/dsa/dsa_sign_hash.c b/libtomcrypt/src/pk/dsa/dsa_sign_hash.c
index 48d29a2..f84dd28 100644
--- a/libtomcrypt/src/pk/dsa/dsa_sign_hash.c
+++ b/libtomcrypt/src/pk/dsa/dsa_sign_hash.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,10 +29,10 @@
@return CRYPT_OK if successful
*/
int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
- mp_int *r, mp_int *s,
+ void *r, void *s,
prng_state *prng, int wprng, dsa_key *key)
{
- mp_int k, kinv, tmp;
+ void *k, *kinv, *tmp;
unsigned char *buf;
int err;
@@ -59,7 +59,7 @@ int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
}
/* Init our temps */
- if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != MP_OKAY) { goto error; }
+ if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; }
retry:
@@ -67,43 +67,40 @@ retry:
/* gen random k */
if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
+ goto error;
}
/* read k */
- if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK) { goto error; }
/* k > 1 ? */
- if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; }
+ if (mp_cmp_d(k, 1) != LTC_MP_GT) { goto retry; }
/* test gcd */
- if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; }
- } while (mp_cmp_d(&tmp, 1) != MP_EQ);
+ if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK) { goto error; }
+ } while (mp_cmp_d(tmp, 1) != LTC_MP_EQ);
/* now find 1/k mod q */
- if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; }
+ if ((err = mp_invmod(k, key->q, kinv)) != CRYPT_OK) { goto error; }
/* now find r = g^k mod p mod q */
- if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(r, &key->q, r)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(key->g, k, key->p, r)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(r, key->q, r)) != CRYPT_OK) { goto error; }
- if (mp_iszero(r) == MP_YES) { goto retry; }
+ if (mp_iszero(r) == LTC_MP_YES) { goto retry; }
/* now find s = (in + xr)/k mod q */
- if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&key->x, r, s)) != MP_OKAY) { goto error; }
- if ((err = mp_add(s, &tmp, s)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(s, &kinv, &key->q, s)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mul(key->x, r, s)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(s, tmp, s)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(s, kinv, key->q, s)) != CRYPT_OK) { goto error; }
- if (mp_iszero(s) == MP_YES) { goto retry; }
+ if (mp_iszero(s) == LTC_MP_YES) { goto retry; }
err = CRYPT_OK;
- goto LBL_ERR;
-
error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&k, &kinv, &tmp, NULL);
+ mp_clear_multi(k, kinv, tmp, NULL);
+ERRBUF:
#ifdef LTC_CLEAN_STACK
zeromem(buf, MDSA_MAX_GROUP);
#endif
@@ -126,7 +123,7 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int wprng, dsa_key *key)
{
- mp_int r, s;
+ void *r, *s;
int err;
LTC_ARGCHK(in != NULL);
@@ -134,26 +131,26 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
- if (mp_init_multi(&r, &s, NULL) != MP_OKAY) {
+ if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) {
return CRYPT_MEM;
}
- if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, prng, wprng, key)) != CRYPT_OK) {
- goto LBL_ERR;
+ if ((err = dsa_sign_hash_raw(in, inlen, r, s, prng, wprng, key)) != CRYPT_OK) {
+ goto error;
}
err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
LTC_ASN1_EOL, 0UL, NULL);
-LBL_ERR:
- mp_clear_multi(&r, &s, NULL);
+error:
+ mp_clear_multi(r, s, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_sign_hash.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/05/15 21:48:59 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/12/04 22:27:56 $ */
diff --git a/libtomcrypt/src/pk/dsa/dsa_verify_hash.c b/libtomcrypt/src/pk/dsa/dsa_verify_hash.c
index 11e5c33..0e8ff22 100644
--- a/libtomcrypt/src/pk/dsa/dsa_verify_hash.c
+++ b/libtomcrypt/src/pk/dsa/dsa_verify_hash.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,11 +28,11 @@
@param key The corresponding public DH key
@return CRYPT_OK if successful (even if the signature is invalid)
*/
-int dsa_verify_hash_raw( mp_int *r, mp_int *s,
+int dsa_verify_hash_raw( void *r, void *s,
const unsigned char *hash, unsigned long hashlen,
int *stat, dsa_key *key)
{
- mp_int w, v, u1, u2;
+ void *w, *v, *u1, *u2;
int err;
LTC_ARGCHK(r != NULL);
@@ -44,42 +44,40 @@ int dsa_verify_hash_raw( mp_int *r, mp_int *s,
*stat = 0;
/* init our variables */
- if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) {
+ return err;
}
/* neither r or s can be null or >q*/
- if (mp_iszero(r) == MP_YES || mp_iszero(s) == MP_YES || mp_cmp(r, &key->q) != MP_LT || mp_cmp(s, &key->q) != MP_LT) {
+ if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {
err = CRYPT_INVALID_PACKET;
- goto done;
+ goto error;
}
/* w = 1/s mod q */
- if ((err = mp_invmod(s, &key->q, &w)) != MP_OKAY) { goto error; }
+ if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }
/* u1 = m * w mod q */
- if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }
/* u2 = r*w mod q */
- if ((err = mp_mulmod(r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
+ if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
/* v = g^u1 * y^u2 mod p mod q */
- if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; }
/* if r = v then we're set */
- if (mp_cmp(r, &v) == MP_EQ) {
+ if (mp_cmp(r, v) == LTC_MP_EQ) {
*stat = 1;
}
err = CRYPT_OK;
- goto done;
-
-error : err = mpi_to_ltc_error(err);
-done : mp_clear_multi(&w, &v, &u1, &u2, NULL);
+error:
+ mp_clear_multi(w, v, u1, u2, NULL);
return err;
}
@@ -98,7 +96,7 @@ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
int *stat, dsa_key *key)
{
int err;
- mp_int r, s;
+ void *r, *s;
if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) {
return CRYPT_MEM;
@@ -106,17 +104,17 @@ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
/* decode the sequence */
if ((err = der_decode_sequence_multi(sig, siglen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
/* do the op */
- err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key);
+ err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key);
LBL_ERR:
- mp_clear_multi(&r, &s, NULL);
+ mp_clear_multi(r, s, NULL);
return err;
}
@@ -124,5 +122,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/05/15 21:48:59 $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
diff --git a/libtomcrypt/src/pk/dsa/dsa_verify_key.c b/libtomcrypt/src/pk/dsa/dsa_verify_key.c
index b7be103..27054d6 100644
--- a/libtomcrypt/src/pk/dsa/dsa_verify_key.c
+++ b/libtomcrypt/src/pk/dsa/dsa_verify_key.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -25,7 +25,7 @@
*/
int dsa_verify_key(dsa_key *key, int *stat)
{
- mp_int tmp, tmp2;
+ void *tmp, *tmp2;
int res, err;
LTC_ARGCHK(key != NULL);
@@ -35,15 +35,14 @@ int dsa_verify_key(dsa_key *key, int *stat)
*stat = 0;
/* first make sure key->q and key->p are prime */
- if ((err = is_prime(&key->q, &res)) != CRYPT_OK) {
+ if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
-
- if ((err = is_prime(&key->p, &res)) != CRYPT_OK) {
+ if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
@@ -51,52 +50,51 @@ int dsa_verify_key(dsa_key *key, int *stat)
}
/* now make sure that g is not -1, 0 or 1 and <p */
- if (mp_cmp_d(&key->g, 0) == MP_EQ || mp_cmp_d(&key->g, 1) == MP_EQ) {
+ if (mp_cmp_d(key->g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) {
return CRYPT_OK;
}
- if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != MP_OKAY) { goto error; }
- if ((err = mp_sub_d(&key->p, 1, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp(&tmp, &key->g) == MP_EQ || mp_cmp(&key->g, &key->p) != MP_LT) {
+ if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; }
+ if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; }
+ if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* 1 < y < p-1 */
- if (!(mp_cmp_d(&key->y, 1) == MP_GT && mp_cmp(&key->y, &tmp) == MP_LT)) {
+ if (!(mp_cmp_d(key->y, 1) == LTC_MP_GT && mp_cmp(key->y, tmp) == LTC_MP_LT)) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */
- if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != MP_OKAY) { goto error; }
- if (mp_iszero(&tmp2) != MP_YES) {
+ if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; }
+ if (mp_iszero(tmp2) != LTC_MP_YES) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
- if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&tmp, 1) != MP_EQ) {
+ if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
+ if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */
- if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&tmp, 1) != MP_EQ) {
+ if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
+ if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* at this point we are out of tests ;-( */
err = CRYPT_OK;
*stat = 1;
- goto done;
-error: err = mpi_to_ltc_error(err);
-done : mp_clear_multi(&tmp, &tmp2, NULL);
+error:
+ mp_clear_multi(tmp, tmp2, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
diff --git a/libtomcrypt/src/pk/ecc/ecc.c b/libtomcrypt/src/pk/ecc/ecc.c
index 469d56d..90bbed4 100644
--- a/libtomcrypt/src/pk/ecc/ecc.c
+++ b/libtomcrypt/src/pk/ecc/ecc.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
@@ -23,125 +23,94 @@
#ifdef MECC
-/* size of our temp buffers for exported keys */
-#define ECC_BUF_SIZE 256
-
-/* max private key size */
-#define ECC_MAXSIZE 66
-
/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */
-static const struct {
- int size;
- char *name, *prime, *B, *order, *Gx, *Gy;
-} sets[] = {
+const ltc_ecc_set_type ltc_ecc_sets[] = {
+#ifdef ECC112
+{
+ 14,
+ "SECP112R1",
+ "DB7C2ABF62E35E668076BEAD208B",
+ "659EF8BA043916EEDE8911702B22",
+ "DB7C2ABF62E35E7628DFAC6561C5",
+ "09487239995A5EE76B55F9C2F098",
+ "A89CE5AF8724C0A23E0E0FF77500"
+},
+#endif
+#ifdef ECC128
+{
+ 16,
+ "SECP128R1",
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+ "E87579C11079F43DD824993C2CEE5ED3",
+ "FFFFFFFE0000000075A30D1B9038A115",
+ "161FF7528B899B2D0C28607CA52C5B86",
+ "CF5AC8395BAFEB13C02DA292DDED7A83",
+},
+#endif
+#ifdef ECC160
+{
+ 20,
+ "SECP160R1",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+ "0100000000000000000001F4C8F927AED3CA752257",
+ "4A96B5688EF573284664698968C38BB913CBFC82",
+ "23A628553168947D59DCC912042351377AC5FB32",
+},
+#endif
#ifdef ECC192
{
- 24,
- "ECC-192",
- /* prime */
- "/////////////////////l//////////",
-
- /* B */
- "P2456UMSWESFf+chSYGmIVwutkp1Hhcn",
-
- /* order */
- "////////////////cTxuDXHhoR6qqYWn",
-
- /* Gx */
- "68se3h0maFPylo3hGw680FJ/2ls2/n0I",
-
- /* Gy */
- "1nahbV/8sdXZ417jQoJDrNFvTw4UUKWH"
+ 24,
+ "ECC-192",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+ "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
},
#endif
#ifdef ECC224
{
- 28,
- "ECC-224",
-
- /* prime */
- "3/////////////////////0000000000000001",
-
- /* B */
- "2q1Gg530Ipg/L1CbPGHB2trx/OkYSBEKCZLV+q",
-
- /* order */
- "3//////////////////nQYuBZmFXFTAKLSN2ez",
-
- /* Gx */
- "2t3WozQxI/Vp8JaBbA0y7JLi8H8ZGoWDOHN1qX",
-
-
- /* Gy */
- "2zDsE8jVSZ+qmYt+RDGtMWMWT7P4JLWPc507uq",
+ 28,
+ "ECC-224",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
},
#endif
#ifdef ECC256
{
- 32,
- "ECC-256",
- /* Prime */
- "F////y000010000000000000000////////////////",
-
- /* B */
- "5h6DTYgEfFdi+kzLNQOXhnb7GQmp5EmzZlEF3udqc1B",
-
- /* Order */
- "F////y00000//////////+yvlgjfnUUXFEvoiByOoLH",
-
- /* Gx */
- "6iNqVBXB497+BpcvMEaGF9t0ts1BUipeFIXEKNOcCAM",
-
- /* Gy */
- "4/ZGkB+6d+RZkVhIdmFdXOhpZDNQp5UpiksG6Wtlr7r"
+ 32,
+ "ECC-256",
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
},
#endif
#ifdef ECC384
{
- 48,
- "ECC-384",
- /* prime */
- "//////////////////////////////////////////x/////00000000003/"
- "////",
-
- /* B */
- "ip4lf+8+v+IOZWLhu/Wj6HWTd6x+WK4I0nG8Zr0JXrh6LZcDYYxHdIg5oEtJ"
- "x2hl",
-
- /* Order */
- "////////////////////////////////nsDDWVGtBTzO6WsoIB2dUkpi6MhC"
- "nIbp",
-
- /* Gx and Gy */
- "geVA8hwB1JUEiSSUyo2jT6uTEsABfvkOMVT1u89KAZXL0l9TlrKfR3fKNZXo"
- "TWgt",
-
- "DXVUIfOcB6zTdfY/afBSAVZq7RqecXHywTen4xNmkC0AOB7E7Nw1dNf37NoG"
- "wWvV"
+ 48,
+ "ECC-384",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
},
#endif
#ifdef ECC521
{
- 65,
- "ECC-521",
- /* prime */
- "V///////////////////////////////////////////////////////////"
- "///////////////////////////",
-
- /* B */
- "56LFhbXZXoQ7vAQ8Q2sXK3kejfoMvcp5VEuj8cHZl49uLOPEL7iVfDx5bB0l"
- "JknlmSrSz+8FImqyUz57zHhK3y0",
-
- /* Order */
- "V//////////////////////////////////////////+b66XuE/BvPhVym1I"
- "FS9fT0xjScuYPn7hhjljnwHE6G9",
-
- /* Gx and Gy */
- "CQ5ZWQt10JfpPu+osOZbRH2d6I1EGK/jI7uAAzWQqqzkg5BNdVlvrae/Xt19"
- "wB/gDupIBF1XMf2c/b+VZ72vRrc",
-
- "HWvAMfucZl015oANxGiVHlPcFL4ILURH6WNhxqN9pvcB9VkSfbUz2P0nL2v0"
- "J+j1s4rF726edB2G8Y+b7QVqMPG",
+ 66,
+ "ECC-521",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+ "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+ "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
},
#endif
{
@@ -150,887 +119,9 @@ static const struct {
}
};
-static int is_valid_idx(int n)
-{
- int x;
-
- for (x = 0; sets[x].size != 0; x++);
- if ((n < 0) || (n >= x)) {
- return 0;
- }
- return 1;
-}
-
-static ecc_point *new_point(void)
-{
- ecc_point *p;
- p = XMALLOC(sizeof(ecc_point));
- if (p == NULL) {
- return NULL;
- }
- if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != MP_OKAY) {
- XFREE(p);
- return NULL;
- }
- return p;
-}
-
-static void del_point(ecc_point *p)
-{
- /* prevents free'ing null arguments */
- if (p != NULL) {
- mp_clear_multi(&p->x, &p->y, &p->z, NULL);
- XFREE(p);
- }
-}
-
-static int ecc_map(ecc_point *P, mp_int *modulus, mp_digit mp)
-{
- mp_int t1, t2;
- int err;
-
- if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
- return CRYPT_MEM;
- }
-
- /* first map z back to normal */
- if ((err = mp_montgomery_reduce(&P->z, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* get 1/z */
- if ((err = mp_invmod(&P->z, modulus, &t1)) != MP_OKAY) { goto error; }
-
- /* get 1/z^2 and 1/z^3 */
- if ((err = mp_sqr(&t1, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&t1, &t2, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
-
- /* multiply against x/y */
- if ((err = mp_mul(&P->x, &t2, &P->x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&P->x, modulus, mp)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&P->y, &t1, &P->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&P->y, modulus, mp)) != MP_OKAY) { goto error; }
- mp_set(&P->z, 1);
-
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&t1, &t2, NULL);
- return err;
-
-}
-
-/* double a point R = 2P, R can be P*/
-static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_digit mp)
-{
- mp_int t1, t2;
- int err;
-
- if ((err = mp_init_multi(&t1, &t2, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_copy(&P->x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->z, &R->z)) != MP_OKAY) { goto error; }
-
- /* t1 = Z * Z */
- if ((err = mp_sqr(&R->z, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* Z = Y * Z */
- if ((err = mp_mul(&R->z, &R->y, &R->z)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->z, modulus, mp)) != MP_OKAY) { goto error; }
- /* Z = 2Z */
- if ((err = mp_mul_2(&R->z, &R->z)) != MP_OKAY) { goto error; }
- if (mp_cmp(&R->z, modulus) != MP_LT) {
- if ((err = mp_sub(&R->z, modulus, &R->z)) != MP_OKAY) { goto error; }
- }
-
- /* T2 = X - T1 */
- if ((err = mp_sub(&R->x, &t1, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&t2, 0) == MP_LT) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T1 = X + T1 */
- if ((err = mp_add(&t1, &R->x, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* T2 = T1 * T2 */
- if ((err = mp_mul(&t1, &t2, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = 2T2 */
- if ((err = mp_mul_2(&t2, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* T1 = T1 + T2 */
- if ((err = mp_add(&t1, &t2, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
-
- /* Y = 2Y */
- if ((err = mp_mul_2(&R->y, &R->y)) != MP_OKAY) { goto error; }
- if (mp_cmp(&R->y, modulus) != MP_LT) {
- if ((err = mp_sub(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; }
- }
- /* Y = Y * Y */
- if ((err = mp_sqr(&R->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = Y * Y */
- if ((err = mp_sqr(&R->y, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = T2/2 */
- if (mp_isodd(&t2)) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- if ((err = mp_div_2(&t2, &t2)) != MP_OKAY) { goto error; }
- /* Y = Y * X */
- if ((err = mp_mul(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* X = T1 * T1 */
- if ((err = mp_sqr(&t1, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->x, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X - Y */
- if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->x, 0) == MP_LT) {
- if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; }
- }
- /* X = X - Y */
- if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->x, 0) == MP_LT) {
- if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; }
- }
-
- /* Y = Y - X */
- if ((err = mp_sub(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->y, 0) == MP_LT) {
- if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; }
- }
- /* Y = Y * T1 */
- if ((err = mp_mul(&R->y, &t1, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; }
- /* Y = Y - T2 */
- if ((err = mp_sub(&R->y, &t2, &R->y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->y, 0) == MP_LT) {
- if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; }
- }
-
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&t1, &t2, NULL);
- return err;
-}
-
-/* add two different points over Z/pZ, R = P + Q, note R can equal either P or Q */
-static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus, mp_digit mp)
-{
- mp_int t1, t2, x, y, z;
- int err;
-
- if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_copy(&P->x, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->y, &y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->z, &z)) != MP_OKAY) { goto error; }
-
- /* T1 = Z' * Z' */
- if ((err = mp_sqr(&Q->z, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X * T1 */
- if ((err = mp_mul(&t1, &x, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = Z' * T1 */
- if ((err = mp_mul(&Q->z, &t1, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* Y = Y * T1 */
- if ((err = mp_mul(&t1, &y, &y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&y, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* T1 = Z*Z */
- if ((err = mp_sqr(&z, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = X' * T1 */
- if ((err = mp_mul(&Q->x, &t1, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = Z * T1 */
- if ((err = mp_mul(&z, &t1, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = Y' * T1 */
- if ((err = mp_mul(&Q->y, &t1, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* Y = Y - T1 */
- if ((err = mp_sub(&y, &t1, &y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&y, 0) == MP_LT) {
- if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; }
- }
- /* T1 = 2T1 */
- if ((err = mp_mul_2(&t1, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* T1 = Y + T1 */
- if ((err = mp_add(&t1, &y, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* X = X - T2 */
- if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&x, 0) == MP_LT) {
- if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; }
- }
- /* T2 = 2T2 */
- if ((err = mp_mul_2(&t2, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t2, modulus) != MP_LT) {
- if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T2 = X + T2 */
- if ((err = mp_add(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t2, modulus) != MP_LT) {
- if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
-
- /* if Z' != 1 */
- if (mp_cmp_d(&Q->z, 1) != MP_EQ) {
- /* Z = Z * Z' */
- if ((err = mp_mul(&z, &Q->z, &z)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; }
- }
- /* Z = Z * X */
- if ((err = mp_mul(&z, &x, &z)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* T1 = T1 * X */
- if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X * X */
- if ((err = mp_sqr(&x, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = T2 * x */
- if ((err = mp_mul(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = T1 * X */
- if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* X = Y*Y */
- if ((err = mp_sqr(&y, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X - T2 */
- if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&x, 0) == MP_LT) {
- if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; }
- }
-
- /* T2 = T2 - X */
- if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&t2, 0) == MP_LT) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T2 = T2 - X */
- if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&t2, 0) == MP_LT) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T2 = T2 * Y */
- if ((err = mp_mul(&t2, &y, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* Y = T2 - T1 */
- if ((err = mp_sub(&t2, &t1, &y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&y, 0) == MP_LT) {
- if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; }
- }
- /* Y = Y/2 */
- if (mp_isodd(&y)) {
- if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; }
- }
- if ((err = mp_div_2(&y, &y)) != MP_OKAY) { goto error; }
-
- if ((err = mp_copy(&x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&z, &R->z)) != MP_OKAY) { goto error; }
-
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&t1, &t2, &x, &y, &z, NULL);
- return err;
-}
-
-/* size of sliding window, don't change this! */
-#define WINSIZE 4
-
-/* perform R = kG where k == integer and G == ecc_point */
-static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, int map)
-{
- ecc_point *tG, *M[8];
- int i, j, err;
- mp_int mu;
- mp_digit buf, mp;
- int first, bitbuf, bitcpy, bitcnt, mode, digidx;
-
- /* init montgomery reduction */
- if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) {
- return CRYPT_INVALID_ARG;
- }
- if ((err = mp_init(&mu)) != MP_OKAY) {
- return CRYPT_MEM;
- }
- if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) {
- mp_clear(&mu);
- return CRYPT_INVALID_ARG;
- }
-
- /* alloc ram for window temps */
- for (i = 0; i < 8; i++) {
- M[i] = new_point();
- if (M[i] == NULL) {
- for (j = 0; j < i; j++) {
- del_point(M[j]);
- }
- mp_clear(&mu);
- return CRYPT_MEM;
- }
- }
-
- /* make a copy of G incase R==G */
- tG = new_point();
- if (tG == NULL) { err = CRYPT_MEM; goto done; }
-
- /* tG = G and convert to montgomery */
- if ((err = mp_mulmod(&G->x, &mu, modulus, &tG->x)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&G->y, &mu, modulus, &tG->y)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&G->z, &mu, modulus, &tG->z)) != MP_OKAY) { goto error; }
- mp_clear(&mu);
-
- /* calc the M tab, which holds kG for k==8..15 */
- /* M[0] == 8G */
- if ((err = dbl_point(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; }
- if ((err = dbl_point(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
- if ((err = dbl_point(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
-
- /* now find (8+k)G for k=1..7 */
- for (j = 9; j < 16; j++) {
- if ((err = add_point(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; }
- }
-
- /* setup sliding window */
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = k->used - 1;
- bitcpy = bitbuf = 0;
- first = 1;
-
- /* perform ops */
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- if (digidx == -1) {
- break;
- }
- buf = k->dp[digidx--];
- bitcnt = (int) DIGIT_BIT;
- }
-
- /* grab the next msb from the ltiplicand */
- i = (buf >> (DIGIT_BIT - 1)) & 1;
- buf <<= 1;
-
- /* skip leading zero bits */
- if (mode == 0 && i == 0) {
- continue;
- }
-
- /* if the bit is zero and mode == 1 then we double */
- if (mode == 1 && i == 0) {
- if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
- continue;
- }
-
- /* else we add it to the window */
- bitbuf |= (i << (WINSIZE - ++bitcpy));
- mode = 2;
-
- if (bitcpy == WINSIZE) {
- /* if this is the first window we do a simple copy */
- if (first == 1) {
- /* R = kG [k = first window] */
- if ((err = mp_copy(&M[bitbuf-8]->x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&M[bitbuf-8]->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&M[bitbuf-8]->z, &R->z)) != MP_OKAY) { goto error; }
- first = 0;
- } else {
- /* normal window */
- /* ok window is filled so double as required and add */
- /* double first */
- for (j = 0; j < WINSIZE; j++) {
- if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
-
- /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */
- if ((err = add_point(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
- /* empty window and reset */
- bitcpy = bitbuf = 0;
- mode = 1;
- }
- }
-
- /* if bits remain then double/add */
- if (mode == 2 && bitcpy > 0) {
- /* double then add */
- for (j = 0; j < bitcpy; j++) {
- /* only double if we have had at least one add first */
- if (first == 0) {
- if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
-
- bitbuf <<= 1;
- if ((bitbuf & (1 << WINSIZE)) != 0) {
- if (first == 1){
- /* first add, so copy */
- if ((err = mp_copy(&tG->x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&tG->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&tG->z, &R->z)) != MP_OKAY) { goto error; }
- first = 0;
- } else {
- /* then add */
- if ((err = add_point(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
- }
- }
- }
-
- /* map R back from projective space */
- if (map) {
- err = ecc_map(R, modulus, mp);
- } else {
- err = CRYPT_OK;
- }
-
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- del_point(tG);
- for (i = 0; i < 8; i++) {
- del_point(M[i]);
- }
- return err;
-}
-
-#undef WINSIZE
-
-/**
- Perform on the ECC system
- @return CRYPT_OK if successful
-*/
-int ecc_test(void)
-{
- mp_int modulus, order;
- ecc_point *G, *GG;
- int i, err, primality;
-
- if ((err = mp_init_multi(&modulus, &order, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- G = new_point();
- GG = new_point();
- if (G == NULL || GG == NULL) {
- mp_clear_multi(&modulus, &order, NULL);
- del_point(G);
- del_point(GG);
- return CRYPT_MEM;
- }
-
- for (i = 0; sets[i].size; i++) {
- #if 0
- printf("Testing %d\n", sets[i].size);
- #endif
- if ((err = mp_read_radix(&modulus, (char *)sets[i].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&order, (char *)sets[i].order, 64)) != MP_OKAY) { goto error; }
-
- /* is prime actually prime? */
- if ((err = is_prime(&modulus, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- /* is order prime ? */
- if ((err = is_prime(&order, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- if ((err = mp_read_radix(&G->x, (char *)sets[i].Gx, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&G->y, (char *)sets[i].Gy, 64)) != MP_OKAY) { goto error; }
- mp_set(&G->z, 1);
-
- /* then we should have G == (order + 1)G */
- if ((err = mp_add_d(&order, 1, &order)) != MP_OKAY) { goto error; }
- if ((err = ecc_mulmod(&order, G, GG, &modulus, 1)) != CRYPT_OK) { goto done; }
- if (mp_cmp(&G->x, &GG->x) != 0 || mp_cmp(&G->y, &GG->y) != 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
- }
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- del_point(GG);
- del_point(G);
- mp_clear_multi(&order, &modulus, NULL);
- return err;
-}
-
-void ecc_sizes(int *low, int *high)
-{
- int i;
- LTC_ARGCHK(low != NULL);
- LTC_ARGCHK(high != NULL);
-
- *low = INT_MAX;
- *high = 0;
- for (i = 0; sets[i].size != 0; i++) {
- if (sets[i].size < *low) {
- *low = sets[i].size;
- }
- if (sets[i].size > *high) {
- *high = sets[i].size;
- }
- }
-}
-
-/**
- Make a new ECC key
- @param prng An active PRNG state
- @param wprng The index of the PRNG you wish to use
- @param keysize The keysize for the new key (in octets from 20 to 65 bytes)
- @param key [out] Destination of the newly created key
- @return CRYPT_OK if successful, upon error all allocated memory will be freed
-*/
-int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key)
-{
- int x, err;
- ecc_point *base;
- mp_int prime;
- unsigned char *buf;
-
- LTC_ARGCHK(key != NULL);
-
- /* good prng? */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* find key size */
- for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++);
- keysize = sets[x].size;
-
- if (keysize > ECC_MAXSIZE || sets[x].size == 0) {
- return CRYPT_INVALID_KEYSIZE;
- }
- key->idx = x;
-
- /* allocate ram */
- base = NULL;
- buf = XMALLOC(ECC_MAXSIZE);
- if (buf == NULL) {
- return CRYPT_MEM;
- }
-
- /* make up random string */
- if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) {
- err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR2;
- }
-
- /* setup the key variables */
- if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL)) != MP_OKAY) {
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
- }
- base = new_point();
- if (base == NULL) {
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL);
- err = CRYPT_MEM;
- goto LBL_ERR;
- }
-
- /* read in the specs for this key */
- if ((err = mp_read_radix(&prime, (char *)sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&base->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&base->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; }
- mp_set(&base->z, 1);
- if ((err = mp_read_unsigned_bin(&key->k, (unsigned char *)buf, keysize)) != MP_OKAY) { goto error; }
-
- /* make the public key */
- if ((err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1)) != CRYPT_OK) { goto LBL_ERR; }
- key->type = PK_PRIVATE;
-
- /* shrink key */
- if ((err = mp_shrink(&key->k)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->pubkey.x)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->pubkey.y)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->pubkey.z)) != MP_OKAY) { goto error; }
-
- /* free up ram */
- err = CRYPT_OK;
- goto LBL_ERR;
-error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- del_point(base);
- mp_clear(&prime);
-LBL_ERR2:
-#ifdef LTC_CLEAN_STACK
- zeromem(buf, ECC_MAXSIZE);
-#endif
-
- XFREE(buf);
-
- return err;
-}
-
-/**
- Free an ECC key from memory
- @param key The key you wish to free
-*/
-void ecc_free(ecc_key *key)
-{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL);
-}
-
-/**
- Export an ECC key as a binary packet
- @param out [out] Destination for the key
- @param outlen [in/out] Max size and resulting size of the exported key
- @param type The type of key you want to export (PK_PRIVATE or PK_PUBLIC)
- @param key The key to export
- @return CRYPT_OK if successful
-*/
-int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key)
-{
- int err;
- unsigned char flags[1];
- unsigned long key_size;
-
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* type valid? */
- if (key->type != PK_PRIVATE && type == PK_PRIVATE) {
- return CRYPT_PK_TYPE_MISMATCH;
- }
-
- if (is_valid_idx(key->idx) == 0) {
- return CRYPT_INVALID_ARG;
- }
-
- /* we store the NIST byte size */
- key_size = sets[key->idx].size;
-
- if (type == PK_PRIVATE) {
- flags[0] = 1;
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_INTEGER, 1UL, &key->k,
- LTC_ASN1_EOL, 0UL, NULL);
- } else {
- flags[0] = 0;
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_EOL, 0UL, NULL);
- }
-
- return err;
-}
-
-/**
- Import an ECC key from a binary packet
- @param in The packet to import
- @param inlen The length of the packet
- @param key [out] The destination of the import
- @return CRYPT_OK if successful, upon error all allocated memory will be freed
-*/
-int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
-{
- unsigned long key_size;
- unsigned char flags[1];
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* init key */
- if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != MP_OKAY) {
- return CRYPT_MEM;
- }
-
- /* find out what type of key it is */
- if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_BIT_STRING, 1UL, &flags,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto error;
- }
-
-
- if (flags[0] == 1) {
- /* private key */
- key->type = PK_PRIVATE;
- if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_INTEGER, 1UL, &key->k,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto error;
- }
- } else {
- /* public key */
- /* private key */
- key->type = PK_PUBLIC;
- if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto error;
- }
- }
-
- /* find the idx */
- for (key->idx = 0; sets[key->idx].size && (unsigned long)sets[key->idx].size != key_size; ++key->idx);
- if (sets[key->idx].size == 0) {
- err = CRYPT_INVALID_PACKET;
- goto error;
- }
-
- /* set z */
- mp_set(&key->pubkey.z, 1);
-
- /* we're good */
- return CRYPT_OK;
-error:
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL);
- return err;
-}
-
-/**
- Create an ECC shared secret between two keys
- @param private_key The private ECC key
- @param public_key The public key
- @param out [out] Destination of the shared secret (Conforms to EC-DH from ANSI X9.63)
- @param outlen [in/out] The max size and resulting size of the shared secret
- @return CRYPT_OK if successful
-*/
-int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
- unsigned char *out, unsigned long *outlen)
-{
- unsigned long x;
- ecc_point *result;
- mp_int prime;
- int err;
-
- LTC_ARGCHK(private_key != NULL);
- LTC_ARGCHK(public_key != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
-
- /* type valid? */
- if (private_key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- if (is_valid_idx(private_key->idx) == 0) {
- return CRYPT_INVALID_ARG;
- }
-
- if (private_key->idx != public_key->idx) {
- return CRYPT_PK_TYPE_MISMATCH;
- }
-
- /* make new point */
- result = new_point();
- if (result == NULL) {
- return CRYPT_MEM;
- }
-
- if ((err = mp_init(&prime)) != MP_OKAY) {
- del_point(result);
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_read_radix(&prime, (char *)sets[private_key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime, 1)) != CRYPT_OK) { goto done1; }
-
- x = (unsigned long)mp_unsigned_bin_size(&prime);
- if (*outlen < x) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto done1;
- }
- zeromem(out, x);
- if ((err = mp_to_unsigned_bin(&result->x, out + (x - mp_unsigned_bin_size(&result->x)))) != MP_OKAY) { goto error; }
-
- err = CRYPT_OK;
- *outlen = x;
- goto done1;
-error:
- err = mpi_to_ltc_error(err);
-done1:
- mp_clear(&prime);
- del_point(result);
- return err;
-}
-
-/**
- Get the size of an ECC key
- @param key The key to get the size of
- @return The size (octets) of the key or INT_MAX on error
-*/
-int ecc_get_size(ecc_key *key)
-{
- LTC_ARGCHK(key != NULL);
- if (is_valid_idx(key->idx))
- return sets[key->idx].size;
- else
- return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */
-}
-
-#include "ecc_sys.c"
-
#endif
-
-
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc.c,v $ */
-/* $Revision: 1.20 $ */
-/* $Date: 2005/06/14 20:42:28 $ */
+/* $Revision: 1.38 $ */
+/* $Date: 2006/11/07 23:14:28 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c
new file mode 100644
index 0000000..2a32912
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c
@@ -0,0 +1,72 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_ansi_x963_export.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/** ECC X9.63 (Sec. 4.3.6) uncompressed export
+ @param key Key to export
+ @param out [out] destination of export
+ @param outlen [in/out] Length of destination and final output size
+ Return CRYPT_OK on success
+*/
+int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen)
+{
+ unsigned char buf[ECC_BUF_SIZE];
+ unsigned long numlen;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ if (ltc_ecc_is_valid_idx(key->idx) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+ numlen = key->dp->size;
+
+ if (*outlen < (1 + 2*numlen)) {
+ *outlen = 1 + 2*numlen;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* store byte 0x04 */
+ out[0] = 0x04;
+
+ /* pad and store x */
+ zeromem(buf, sizeof(buf));
+ mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
+ XMEMCPY(out+1, buf, numlen);
+
+ /* pad and store y */
+ zeromem(buf, sizeof(buf));
+ mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - mp_unsigned_bin_size(key->pubkey.y)));
+ XMEMCPY(out+1+numlen, buf, numlen);
+
+ *outlen = 1 + 2*numlen;
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
diff --git a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c
new file mode 100644
index 0000000..e92f5f4
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c
@@ -0,0 +1,104 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_ansi_x963_import.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/** Import an ANSI X9.63 format public key
+ @param in The input data to read
+ @param inlen The length of the input data
+ @param key [out] destination to store imported key \
+*/
+int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
+{
+ return ecc_ansi_x963_import_ex(in, inlen, key, NULL);
+}
+
+int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp)
+{
+ int x, err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* must be odd */
+ if ((inlen & 1) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* init key */
+ if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* check for 4, 6 or 7 */
+ if (in[0] != 4 && in[0] != 6 && in[0] != 7) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* read data */
+ if ((err = mp_read_unsigned_bin(key->pubkey.x, (unsigned char *)in+1, (inlen-1)>>1)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = mp_read_unsigned_bin(key->pubkey.y, (unsigned char *)in+1+((inlen-1)>>1), (inlen-1)>>1)) != CRYPT_OK) {
+ goto error;
+ }
+ if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto error; }
+
+ if (dp == NULL) {
+ /* determine the idx */
+ for (x = 0; ltc_ecc_sets[x].size != 0; x++) {
+ if ((unsigned)ltc_ecc_sets[x].size >= ((inlen-1)>>1)) {
+ break;
+ }
+ }
+ if (ltc_ecc_sets[x].size == 0) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+ /* set the idx */
+ key->idx = x;
+ key->dp = &ltc_ecc_sets[x];
+ } else {
+ if (((inlen-1)>>1) != (unsigned long) dp->size) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+ key->idx = -1;
+ key->dp = dp;
+ }
+ key->type = PK_PUBLIC;
+
+ /* we're done */
+ return CRYPT_OK;
+error:
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 22:17:46 $ */
diff --git a/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c b/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c
new file mode 100644
index 0000000..bb56208
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c
@@ -0,0 +1,150 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_decrypt_key.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Decrypt an ECC encrypted key
+ @param in The ciphertext
+ @param inlen The length of the ciphertext (octets)
+ @param out [out] The plaintext
+ @param outlen [in/out] The max size and resulting size of the plaintext
+ @param key The corresponding private ECC key
+ @return CRYPT_OK if successful
+*/
+int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ ecc_key *key)
+{
+ unsigned char *ecc_shared, *skey, *pub_expt;
+ unsigned long x, y, hashOID[32];
+ int hash, err;
+ ecc_key pubkey;
+ ltc_asn1_list decode[3];
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* right key type? */
+ if (key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* decode to find out hash */
+ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
+
+ if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
+ return err;
+ }
+
+ hash = find_hash_oid(hashOID, decode[0].size);
+ if (hash_is_valid(hash) != CRYPT_OK) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* we now have the hash! */
+
+ /* allocate memory */
+ pub_expt = XMALLOC(ECC_BUF_SIZE);
+ ecc_shared = XMALLOC(ECC_BUF_SIZE);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
+ if (pub_expt != NULL) {
+ XFREE(pub_expt);
+ }
+ if (ecc_shared != NULL) {
+ XFREE(ecc_shared);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ return CRYPT_MEM;
+ }
+ LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE);
+ LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE);
+
+ /* read the structure in now */
+ if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* import ECC key from packet */
+ if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* make shared key */
+ x = ECC_BUF_SIZE;
+ if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) {
+ ecc_free(&pubkey);
+ goto LBL_ERR;
+ }
+ ecc_free(&pubkey);
+
+ y = MIN(ECC_BUF_SIZE, MAXBLOCKSIZE);
+ if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* ensure the hash of the shared secret is at least as big as the encrypt itself */
+ if (decode[2].size > y) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
+ /* avoid buffer overflow */
+ if (*outlen < decode[2].size) {
+ *outlen = decode[2].size;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto LBL_ERR;
+ }
+
+ /* Decrypt the key */
+ for (x = 0; x < decode[2].size; x++) {
+ out[x] = skey[x] ^ ecc_shared[x];
+ }
+ *outlen = x;
+
+ err = CRYPT_OK;
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ zeromem(pub_expt, ECC_BUF_SIZE);
+ zeromem(ecc_shared, ECC_BUF_SIZE);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(pub_expt);
+ XFREE(ecc_shared);
+ XFREE(skey);
+
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c b/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c
new file mode 100644
index 0000000..dd9bab0
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c
@@ -0,0 +1,136 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_encrypt_key.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Encrypt a symmetric key with ECC
+ @param in The symmetric key you want to encrypt
+ @param inlen The length of the key to encrypt (octets)
+ @param out [out] The destination for the ciphertext
+ @param outlen [in/out] The max size and resulting size of the ciphertext
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param hash The index of the hash you want to use
+ @param key The ECC key you want to encrypt to
+ @return CRYPT_OK if successful
+*/
+int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, int hash,
+ ecc_key *key)
+{
+ unsigned char *pub_expt, *ecc_shared, *skey;
+ ecc_key pubkey;
+ unsigned long x, y, pubkeysize;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* check that wprng/cipher/hash are not invalid */
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = hash_is_valid(hash)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (inlen > hash_descriptor[hash].hashsize) {
+ return CRYPT_INVALID_HASH;
+ }
+
+ /* make a random key and export the public copy */
+ if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) {
+ return err;
+ }
+
+ pub_expt = XMALLOC(ECC_BUF_SIZE);
+ ecc_shared = XMALLOC(ECC_BUF_SIZE);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
+ if (pub_expt != NULL) {
+ XFREE(pub_expt);
+ }
+ if (ecc_shared != NULL) {
+ XFREE(ecc_shared);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ ecc_free(&pubkey);
+ return CRYPT_MEM;
+ }
+
+ pubkeysize = ECC_BUF_SIZE;
+ if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) {
+ ecc_free(&pubkey);
+ goto LBL_ERR;
+ }
+
+ /* make random key */
+ x = ECC_BUF_SIZE;
+ if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) {
+ ecc_free(&pubkey);
+ goto LBL_ERR;
+ }
+ ecc_free(&pubkey);
+ y = MAXBLOCKSIZE;
+ if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* Encrypt key */
+ for (x = 0; x < inlen; x++) {
+ skey[x] ^= in[x];
+ }
+
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID,
+ LTC_ASN1_OCTET_STRING, pubkeysize, pub_expt,
+ LTC_ASN1_OCTET_STRING, inlen, skey,
+ LTC_ASN1_EOL, 0UL, NULL);
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ /* clean up */
+ zeromem(pub_expt, ECC_BUF_SIZE);
+ zeromem(ecc_shared, ECC_BUF_SIZE);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(skey);
+ XFREE(ecc_shared);
+ XFREE(pub_expt);
+
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_export.c b/libtomcrypt/src/pk/ecc/ecc_export.c
new file mode 100644
index 0000000..1919849
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_export.c
@@ -0,0 +1,82 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_export.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Export an ECC key as a binary packet
+ @param out [out] Destination for the key
+ @param outlen [in/out] Max size and resulting size of the exported key
+ @param type The type of key you want to export (PK_PRIVATE or PK_PUBLIC)
+ @param key The key to export
+ @return CRYPT_OK if successful
+*/
+int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key)
+{
+ int err;
+ unsigned char flags[1];
+ unsigned long key_size;
+
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* type valid? */
+ if (key->type != PK_PRIVATE && type == PK_PRIVATE) {
+ return CRYPT_PK_TYPE_MISMATCH;
+ }
+
+ if (ltc_ecc_is_valid_idx(key->idx) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* we store the NIST byte size */
+ key_size = key->dp->size;
+
+ if (type == PK_PRIVATE) {
+ flags[0] = 1;
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_INTEGER, 1UL, key->k,
+ LTC_ASN1_EOL, 0UL, NULL);
+ } else {
+ flags[0] = 0;
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_EOL, 0UL, NULL);
+ }
+
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_export.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_free.c b/libtomcrypt/src/pk/ecc/ecc_free.c
new file mode 100644
index 0000000..039178d
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_free.c
@@ -0,0 +1,40 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_free.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Free an ECC key from memory
+ @param key The key you wish to free
+*/
+void ecc_free(ecc_key *key)
+{
+ LTC_ARGCHKVD(key != NULL);
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_free.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/06/09 01:38:14 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_get_size.c b/libtomcrypt/src/pk/ecc/ecc_get_size.c
new file mode 100644
index 0000000..9eafdeb
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_get_size.c
@@ -0,0 +1,44 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_get_size.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Get the size of an ECC key
+ @param key The key to get the size of
+ @return The size (octets) of the key or INT_MAX on error
+*/
+int ecc_get_size(ecc_key *key)
+{
+ LTC_ARGCHK(key != NULL);
+ if (ltc_ecc_is_valid_idx(key->idx))
+ return key->dp->size;
+ else
+ return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_get_size.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_import.c b/libtomcrypt/src/pk/ecc/ecc_import.c
new file mode 100644
index 0000000..4adb28e
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_import.c
@@ -0,0 +1,172 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_import.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+static int is_point(ecc_key *key)
+{
+ void *prime, *b, *t1, *t2;
+ int err;
+
+ if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* load prime and b */
+ if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; }
+ if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; }
+
+ /* compute y^2 */
+ if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; }
+
+ /* compute x^3 */
+ if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; }
+
+ /* compute y^2 - x^3 */
+ if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; }
+
+ /* compute y^2 - x^3 + 3x */
+ if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; }
+ while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; }
+ }
+ while (mp_cmp(t1, prime) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; }
+ }
+
+ /* compare to b */
+ if (mp_cmp(t1, b) != LTC_MP_EQ) {
+ err = CRYPT_INVALID_PACKET;
+ } else {
+ err = CRYPT_OK;
+ }
+
+error:
+ mp_clear_multi(prime, b, t1, t2, NULL);
+ return err;
+}
+
+/**
+ Import an ECC key from a binary packet
+ @param in The packet to import
+ @param inlen The length of the packet
+ @param key [out] The destination of the import
+ @return CRYPT_OK if successful, upon error all allocated memory will be freed
+*/
+int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
+{
+ return ecc_import_ex(in, inlen, key, NULL);
+}
+
+/**
+ Import an ECC key from a binary packet, using user supplied domain params rather than one of the NIST ones
+ @param in The packet to import
+ @param inlen The length of the packet
+ @param key [out] The destination of the import
+ @param dp pointer to user supplied params; must be the same as the params used when exporting
+ @return CRYPT_OK if successful, upon error all allocated memory will be freed
+*/
+int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp)
+{
+ unsigned long key_size;
+ unsigned char flags[1];
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+
+ /* init key */
+ if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* find out what type of key it is */
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_BIT_STRING, 1UL, &flags,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto done;
+ }
+
+
+ if (flags[0] == 1) {
+ /* private key */
+ key->type = PK_PRIVATE;
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_INTEGER, 1UL, key->k,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto done;
+ }
+ } else {
+ /* public key */
+ key->type = PK_PUBLIC;
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto done;
+ }
+ }
+
+ if (dp == NULL) {
+ /* find the idx */
+ for (key->idx = 0; ltc_ecc_sets[key->idx].size && (unsigned long)ltc_ecc_sets[key->idx].size != key_size; ++key->idx);
+ if (ltc_ecc_sets[key->idx].size == 0) {
+ err = CRYPT_INVALID_PACKET;
+ goto done;
+ }
+ key->dp = &ltc_ecc_sets[key->idx];
+ } else {
+ key->idx = -1;
+ key->dp = dp;
+ }
+ /* set z */
+ if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto done; }
+
+ /* is it a point on the curve? */
+ if ((err = is_point(key)) != CRYPT_OK) {
+ goto done;
+ }
+
+ /* we're good */
+ return CRYPT_OK;
+done:
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+ return err;
+}
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_import.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_make_key.c b/libtomcrypt/src/pk/ecc/ecc_make_key.c
new file mode 100644
index 0000000..796b674
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_make_key.c
@@ -0,0 +1,125 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_make_key.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Make a new ECC key
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param keysize The keysize for the new key (in octets from 20 to 65 bytes)
+ @param key [out] Destination of the newly created key
+ @return CRYPT_OK if successful, upon error all allocated memory will be freed
+*/
+int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key)
+{
+ int x, err;
+
+ /* find key size */
+ for (x = 0; (keysize > ltc_ecc_sets[x].size) && (ltc_ecc_sets[x].size != 0); x++);
+ keysize = ltc_ecc_sets[x].size;
+
+ if (keysize > ECC_MAXSIZE || ltc_ecc_sets[x].size == 0) {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+ err = ecc_make_key_ex(prng, wprng, key, &ltc_ecc_sets[x]);
+ key->idx = x;
+ return err;
+}
+
+int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp)
+{
+ int err;
+ ecc_point *base;
+ void *prime;
+ unsigned char *buf;
+ int keysize;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+ LTC_ARGCHK(dp != NULL);
+
+ /* good prng? */
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ key->idx = -1;
+ key->dp = dp;
+ keysize = dp->size;
+
+ /* allocate ram */
+ base = NULL;
+ buf = XMALLOC(ECC_MAXSIZE);
+ if (buf == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* make up random string */
+ if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) {
+ err = CRYPT_ERROR_READPRNG;
+ goto ERR_BUF;
+ }
+
+ /* setup the key variables */
+ if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL)) != CRYPT_OK) {
+ goto ERR_BUF;
+ }
+ base = ltc_ecc_new_point();
+ if (base == NULL) {
+ err = CRYPT_MEM;
+ goto errkey;
+ }
+
+ /* read in the specs for this key */
+ if ((err = mp_read_radix(prime, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_read_radix(base->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_read_radix(base->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_set(base->z, 1)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) != CRYPT_OK) { goto errkey; }
+
+ /* make the public key */
+ if ((err = ltc_mp.ecc_ptmul(key->k, base, &key->pubkey, prime, 1)) != CRYPT_OK) { goto errkey; }
+ key->type = PK_PRIVATE;
+
+ /* free up ram */
+ err = CRYPT_OK;
+ goto cleanup;
+errkey:
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+cleanup:
+ ltc_ecc_del_point(base);
+ mp_clear(prime);
+ERR_BUF:
+#ifdef LTC_CLEAN_STACK
+ zeromem(buf, ECC_MAXSIZE);
+#endif
+ XFREE(buf);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_make_key.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_shared_secret.c b/libtomcrypt/src/pk/ecc/ecc_shared_secret.c
new file mode 100644
index 0000000..ddef847
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_shared_secret.c
@@ -0,0 +1,95 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_shared_secret.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Create an ECC shared secret between two keys
+ @param private_key The private ECC key
+ @param public_key The public key
+ @param out [out] Destination of the shared secret (Conforms to EC-DH from ANSI X9.63)
+ @param outlen [in/out] The max size and resulting size of the shared secret
+ @return CRYPT_OK if successful
+*/
+int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x;
+ ecc_point *result;
+ void *prime;
+ int err;
+
+ LTC_ARGCHK(private_key != NULL);
+ LTC_ARGCHK(public_key != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* type valid? */
+ if (private_key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ if (ltc_ecc_is_valid_idx(private_key->idx) == 0 || ltc_ecc_is_valid_idx(public_key->idx) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ if (XSTRCMP(private_key->dp->name, public_key->dp->name) != 0) {
+ return CRYPT_PK_TYPE_MISMATCH;
+ }
+
+ /* make new point */
+ result = ltc_ecc_new_point();
+ if (result == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = mp_init(&prime)) != CRYPT_OK) {
+ ltc_ecc_del_point(result);
+ return err;
+ }
+
+ if ((err = mp_read_radix(prime, (char *)private_key->dp->prime, 16)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1)) != CRYPT_OK) { goto done; }
+
+ x = (unsigned long)mp_unsigned_bin_size(prime);
+ if (*outlen < x) {
+ *outlen = x;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto done;
+ }
+ zeromem(out, x);
+ if ((err = mp_to_unsigned_bin(result->x, out + (x - mp_unsigned_bin_size(result->x)))) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+ *outlen = x;
+done:
+ mp_clear(prime);
+ ltc_ecc_del_point(result);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_shared_secret.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c
new file mode 100644
index 0000000..44f949e
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c
@@ -0,0 +1,114 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_sign_hash.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Sign a message digest
+ @param in The message digest to sign
+ @param inlen The length of the digest
+ @param out [out] The destination for the signature
+ @param outlen [in/out] The max size and resulting size of the signature
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param key A private ECC key
+ @return CRYPT_OK if successful
+*/
+int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, ecc_key *key)
+{
+ ecc_key pubkey;
+ void *r, *s, *e, *p;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* is this a private key? */
+ if (key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* is the IDX valid ? */
+ if (ltc_ecc_is_valid_idx(key->idx) != 1) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* get the hash and load it as a bignum into 'e' */
+ /* init the bignums */
+ if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; }
+ if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto errnokey; }
+
+ /* make up a key and export the public copy */
+ for (;;) {
+ if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) {
+ goto errnokey;
+ }
+
+ /* find r = x1 mod n */
+ if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; }
+
+ if (mp_iszero(r) == LTC_MP_YES) {
+ ecc_free(&pubkey);
+ } else {
+ /* find s = (e + xr)/k */
+ if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */
+ if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */
+ if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
+ if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
+ if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */
+ ecc_free(&pubkey);
+ if (mp_iszero(s) == LTC_MP_NO) {
+ break;
+ }
+ }
+ }
+
+ /* store as SEQUENCE { r, s -- integer } */
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
+ LTC_ASN1_EOL, 0UL, NULL);
+ goto errnokey;
+error:
+ ecc_free(&pubkey);
+errnokey:
+ mp_clear_multi(r, s, p, e, NULL);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sign_hash.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_sizes.c b/libtomcrypt/src/pk/ecc/ecc_sizes.c
new file mode 100644
index 0000000..f4b2d82
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_sizes.c
@@ -0,0 +1,48 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_sizes.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+void ecc_sizes(int *low, int *high)
+{
+ int i;
+ LTC_ARGCHKVD(low != NULL);
+ LTC_ARGCHKVD(high != NULL);
+
+ *low = INT_MAX;
+ *high = 0;
+ for (i = 0; ltc_ecc_sets[i].size != 0; i++) {
+ if (ltc_ecc_sets[i].size < *low) {
+ *low = ltc_ecc_sets[i].size;
+ }
+ if (ltc_ecc_sets[i].size > *high) {
+ *high = ltc_ecc_sets[i].size;
+ }
+ }
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sizes.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/06/09 01:38:14 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_sys.c b/libtomcrypt/src/pk/ecc/ecc_sys.c
deleted file mode 100644
index 65ead31..0000000
--- a/libtomcrypt/src/pk/ecc/ecc_sys.c
+++ /dev/null
@@ -1,462 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-
-/**
- @file ecc_sys.c
- ECC Crypto, Tom St Denis
-*/
-
-/**
- Encrypt a symmetric key with ECC
- @param in The symmetric key you want to encrypt
- @param inlen The length of the key to encrypt (octets)
- @param out [out] The destination for the ciphertext
- @param outlen [in/out] The max size and resulting size of the ciphertext
- @param prng An active PRNG state
- @param wprng The index of the PRNG you wish to use
- @param hash The index of the hash you want to use
- @param key The ECC key you want to encrypt to
- @return CRYPT_OK if successful
-*/
-int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, int hash,
- ecc_key *key)
-{
- unsigned char *pub_expt, *ecc_shared, *skey;
- ecc_key pubkey;
- unsigned long x, y, pubkeysize;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* check that wprng/cipher/hash are not invalid */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- if ((err = hash_is_valid(hash)) != CRYPT_OK) {
- return err;
- }
-
- if (inlen > hash_descriptor[hash].hashsize) {
- return CRYPT_INVALID_HASH;
- }
-
- /* make a random key and export the public copy */
- if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) {
- return err;
- }
-
- pub_expt = XMALLOC(ECC_BUF_SIZE);
- ecc_shared = XMALLOC(ECC_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
- if (pub_expt != NULL) {
- XFREE(pub_expt);
- }
- if (ecc_shared != NULL) {
- XFREE(ecc_shared);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- ecc_free(&pubkey);
- return CRYPT_MEM;
- }
-
- pubkeysize = ECC_BUF_SIZE;
- if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) {
- ecc_free(&pubkey);
- goto LBL_ERR;
- }
-
- /* make random key */
- x = ECC_BUF_SIZE;
- if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) {
- ecc_free(&pubkey);
- goto LBL_ERR;
- }
- ecc_free(&pubkey);
- y = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* Encrypt key */
- for (x = 0; x < inlen; x++) {
- skey[x] ^= in[x];
- }
-
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID,
- LTC_ASN1_OCTET_STRING, pubkeysize, pub_expt,
- LTC_ASN1_OCTET_STRING, inlen, skey,
- LTC_ASN1_EOL, 0UL, NULL);
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- /* clean up */
- zeromem(pub_expt, ECC_BUF_SIZE);
- zeromem(ecc_shared, ECC_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
-
- XFREE(skey);
- XFREE(ecc_shared);
- XFREE(pub_expt);
-
- return err;
-}
-
-/**
- Decrypt an ECC encrypted key
- @param in The ciphertext
- @param inlen The length of the ciphertext (octets)
- @param out [out] The plaintext
- @param outlen [in/out] The max size and resulting size of the plaintext
- @param key The corresponding private ECC key
- @return CRYPT_OK if successful
-*/
-int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- ecc_key *key)
-{
- unsigned char *ecc_shared, *skey, *pub_expt;
- unsigned long x, y, hashOID[32];
- int hash, err;
- ecc_key pubkey;
- ltc_asn1_list decode[3];
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* right key type? */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* decode to find out hash */
- LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
-
- if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
- return err;
- }
- for (hash = 0; hash_descriptor[hash].name != NULL &&
- (hash_descriptor[hash].OIDlen != decode[0].size ||
- memcmp(hash_descriptor[hash].OID, hashOID, sizeof(unsigned long)*decode[0].size)); hash++);
-
- if (hash_descriptor[hash].name == NULL) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* we now have the hash! */
-
- /* allocate memory */
- pub_expt = XMALLOC(ECC_BUF_SIZE);
- ecc_shared = XMALLOC(ECC_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
- if (pub_expt != NULL) {
- XFREE(pub_expt);
- }
- if (ecc_shared != NULL) {
- XFREE(ecc_shared);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- return CRYPT_MEM;
- }
- LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE);
- LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE);
-
- /* read the structure in now */
- if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* import ECC key from packet */
- if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* make shared key */
- x = ECC_BUF_SIZE;
- if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) {
- ecc_free(&pubkey);
- goto LBL_ERR;
- }
- ecc_free(&pubkey);
-
- y = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* ensure the hash of the shared secret is at least as big as the encrypt itself */
- if (decode[2].size > y) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- }
-
- /* avoid buffer overflow */
- if (*outlen < decode[2].size) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* Decrypt the key */
- for (x = 0; x < decode[2].size; x++) {
- out[x] = skey[x] ^ ecc_shared[x];
- }
- *outlen = x;
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(pub_expt, ECC_BUF_SIZE);
- zeromem(ecc_shared, ECC_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
-
- XFREE(pub_expt);
- XFREE(ecc_shared);
- XFREE(skey);
-
- return err;
-}
-
-/**
- Sign a message digest
- @param in The message digest to sign
- @param inlen The length of the digest
- @param out [out] The destination for the signature
- @param outlen [in/out] The max size and resulting size of the signature
- @param prng An active PRNG state
- @param wprng The index of the PRNG you wish to use
- @param key A private ECC key
- @return CRYPT_OK if successful
-*/
-int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, ecc_key *key)
-{
- ecc_key pubkey;
- mp_int r, s, e, p;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* is this a private key? */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* is the IDX valid ? */
- if (is_valid_idx(key->idx) != 1) {
- return CRYPT_PK_INVALID_TYPE;
- }
-
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* get the hash and load it as a bignum into 'e' */
- /* init the bignums */
- if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != MP_OKAY) {
- ecc_free(&pubkey);
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
- }
- if ((err = mp_read_radix(&p, (char *)sets[key->idx].order, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_unsigned_bin(&e, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; }
-
- /* make up a key and export the public copy */
- for (;;) {
- if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) {
- return err;
- }
-
- /* find r = x1 mod n */
- if ((err = mp_mod(&pubkey.pubkey.x, &p, &r)) != MP_OKAY) { goto error; }
-
- if (mp_iszero(&r)) {
- ecc_free(&pubkey);
- } else {
- /* find s = (e + xr)/k */
- if ((err = mp_invmod(&pubkey.k, &p, &pubkey.k)) != MP_OKAY) { goto error; } /* k = 1/k */
- if ((err = mp_mulmod(&key->k, &r, &p, &s)) != MP_OKAY) { goto error; } /* s = xr */
- if ((err = mp_addmod(&e, &s, &p, &s)) != MP_OKAY) { goto error; } /* s = e + xr */
- if ((err = mp_mulmod(&s, &pubkey.k, &p, &s)) != MP_OKAY) { goto error; } /* s = (e + xr)/k */
-
- if (mp_iszero(&s)) {
- ecc_free(&pubkey);
- } else {
- break;
- }
- }
- }
-
- /* store as SEQUENCE { r, s -- integer } */
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
- LTC_ASN1_EOL, 0UL, NULL);
- goto LBL_ERR;
-error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&r, &s, &p, &e, NULL);
- ecc_free(&pubkey);
-
- return err;
-}
-
-/* verify
- *
- * w = s^-1 mod n
- * u1 = xw
- * u2 = rw
- * X = u1*G + u2*Q
- * v = X_x1 mod n
- * accept if v == r
- */
-
-/**
- Verify an ECC signature
- @param sig The signature to verify
- @param siglen The length of the signature (octets)
- @param hash The hash (message digest) that was signed
- @param hashlen The length of the hash (octets)
- @param stat Result of signature, 1==valid, 0==invalid
- @param key The corresponding public ECC key
- @return CRYPT_OK if successful (even if the signature is not valid)
-*/
-int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int *stat, ecc_key *key)
-{
- ecc_point *mG, *mQ;
- mp_int r, s, v, w, u1, u2, e, p, m;
- mp_digit mp;
- int err;
-
- LTC_ARGCHK(sig != NULL);
- LTC_ARGCHK(hash != NULL);
- LTC_ARGCHK(stat != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* default to invalid signature */
- *stat = 0;
-
- /* is the IDX valid ? */
- if (is_valid_idx(key->idx) != 1) {
- return CRYPT_PK_INVALID_TYPE;
- }
-
- /* allocate ints */
- if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != MP_OKAY) {
- return CRYPT_MEM;
- }
-
- /* allocate points */
- mG = new_point();
- mQ = new_point();
- if (mQ == NULL || mG == NULL) {
- err = CRYPT_MEM;
- goto done;
- }
-
- /* parse header */
- if ((err = der_decode_sequence_multi(sig, siglen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto done;
- }
-
- /* get the order */
- if ((err = mp_read_radix(&p, (char *)sets[key->idx].order, 64)) != MP_OKAY) { goto error; }
-
- /* get the modulus */
- if ((err = mp_read_radix(&m, (char *)sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
-
- /* check for zero */
- if (mp_iszero(&r) || mp_iszero(&s) || mp_cmp(&r, &p) != MP_LT || mp_cmp(&s, &p) != MP_LT) {
- err = CRYPT_INVALID_PACKET;
- goto done;
- }
-
- /* read hash */
- if ((err = mp_read_unsigned_bin(&e, (unsigned char *)hash, (int)hashlen)) != MP_OKAY) { goto error; }
-
- /* w = s^-1 mod n */
- if ((err = mp_invmod(&s, &p, &w)) != MP_OKAY) { goto error; }
-
- /* u1 = ew */
- if ((err = mp_mulmod(&e, &w, &p, &u1)) != MP_OKAY) { goto error; }
-
- /* u2 = rw */
- if ((err = mp_mulmod(&r, &w, &p, &u2)) != MP_OKAY) { goto error; }
-
- /* find mG = u1*G */
- if ((err = mp_read_radix(&mG->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&mG->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; }
- mp_set(&mG->z, 1);
- if ((err = ecc_mulmod(&u1, mG, mG, &m, 0)) != CRYPT_OK) { goto done; }
-
- /* find mQ = u2*Q */
- if ((err = mp_copy(&key->pubkey.x, &mQ->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&key->pubkey.y, &mQ->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&key->pubkey.z, &mQ->z)) != MP_OKAY) { goto error; }
- if ((err = ecc_mulmod(&u2, mQ, mQ, &m, 0)) != CRYPT_OK) { goto done; }
-
- /* find the montgomery mp */
- if ((err = mp_montgomery_setup(&m, &mp)) != MP_OKAY) { goto error; }
- /* add them */
- if ((err = add_point(mQ, mG, mG, &m, mp)) != CRYPT_OK) { goto done; }
-
- /* reduce */
- if ((err = ecc_map(mG, &m, mp)) != CRYPT_OK) { goto done; }
-
- /* v = X_x1 mod n */
- if ((err = mp_mod(&mG->x, &p, &v)) != CRYPT_OK) { goto done; }
-
- /* does v == r */
- if (mp_cmp(&v, &r) == MP_EQ) {
- *stat = 1;
- }
-
- /* clear up and return */
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- del_point(mG);
- del_point(mQ);
- mp_clear_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL);
- return err;
-}
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sys.c,v $ */
-/* $Revision: 1.18 $ */
-/* $Date: 2005/06/14 20:47:55 $ */
diff --git a/libtomcrypt/src/pk/ecc/ecc_test.c b/libtomcrypt/src/pk/ecc/ecc_test.c
new file mode 100644
index 0000000..faa167c
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_test.c
@@ -0,0 +1,95 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_test.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Perform on the ECC system
+ @return CRYPT_OK if successful
+*/
+int ecc_test(void)
+{
+ void *modulus, *order;
+ ecc_point *G, *GG;
+ int i, err, primality;
+
+ if ((err = mp_init_multi(&modulus, &order, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ G = ltc_ecc_new_point();
+ GG = ltc_ecc_new_point();
+ if (G == NULL || GG == NULL) {
+ mp_clear_multi(modulus, order, NULL);
+ ltc_ecc_del_point(G);
+ ltc_ecc_del_point(GG);
+ return CRYPT_MEM;
+ }
+
+ for (i = 0; ltc_ecc_sets[i].size; i++) {
+ #if 0
+ printf("Testing %d\n", ltc_ecc_sets[i].size);
+ #endif
+ if ((err = mp_read_radix(modulus, (char *)ltc_ecc_sets[i].prime, 16)) != CRYPT_OK) { goto done; }
+ if ((err = mp_read_radix(order, (char *)ltc_ecc_sets[i].order, 16)) != CRYPT_OK) { goto done; }
+
+ /* is prime actually prime? */
+ if ((err = mp_prime_is_prime(modulus, 8, &primality)) != CRYPT_OK) { goto done; }
+ if (primality == 0) {
+ err = CRYPT_FAIL_TESTVECTOR;
+ goto done;
+ }
+
+ /* is order prime ? */
+ if ((err = mp_prime_is_prime(order, 8, &primality)) != CRYPT_OK) { goto done; }
+ if (primality == 0) {
+ err = CRYPT_FAIL_TESTVECTOR;
+ goto done;
+ }
+
+ if ((err = mp_read_radix(G->x, (char *)ltc_ecc_sets[i].Gx, 16)) != CRYPT_OK) { goto done; }
+ if ((err = mp_read_radix(G->y, (char *)ltc_ecc_sets[i].Gy, 16)) != CRYPT_OK) { goto done; }
+ mp_set(G->z, 1);
+
+ /* then we should have G == (order + 1)G */
+ if ((err = mp_add_d(order, 1, order)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptmul(order, G, GG, modulus, 1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(G->x, GG->x) != LTC_MP_EQ || mp_cmp(G->y, GG->y) != LTC_MP_EQ) {
+ err = CRYPT_FAIL_TESTVECTOR;
+ goto done;
+ }
+ }
+ err = CRYPT_OK;
+done:
+ ltc_ecc_del_point(GG);
+ ltc_ecc_del_point(G);
+ mp_clear_multi(order, modulus, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_test.c,v $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ecc_verify_hash.c b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c
new file mode 100644
index 0000000..bd8a840
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c
@@ -0,0 +1,165 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_verify_hash.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/* verify
+ *
+ * w = s^-1 mod n
+ * u1 = xw
+ * u2 = rw
+ * X = u1*G + u2*Q
+ * v = X_x1 mod n
+ * accept if v == r
+ */
+
+/**
+ Verify an ECC signature
+ @param sig The signature to verify
+ @param siglen The length of the signature (octets)
+ @param hash The hash (message digest) that was signed
+ @param hashlen The length of the hash (octets)
+ @param stat Result of signature, 1==valid, 0==invalid
+ @param key The corresponding public ECC key
+ @return CRYPT_OK if successful (even if the signature is not valid)
+*/
+int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
+ const unsigned char *hash, unsigned long hashlen,
+ int *stat, ecc_key *key)
+{
+ ecc_point *mG, *mQ;
+ void *r, *s, *v, *w, *u1, *u2, *e, *p, *m;
+ void *mp;
+ int err;
+
+ LTC_ARGCHK(sig != NULL);
+ LTC_ARGCHK(hash != NULL);
+ LTC_ARGCHK(stat != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* default to invalid signature */
+ *stat = 0;
+ mp = NULL;
+
+ /* is the IDX valid ? */
+ if (ltc_ecc_is_valid_idx(key->idx) != 1) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ /* allocate ints */
+ if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* allocate points */
+ mG = ltc_ecc_new_point();
+ mQ = ltc_ecc_new_point();
+ if (mQ == NULL || mG == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ /* parse header */
+ if ((err = der_decode_sequence_multi(sig, siglen,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* get the order */
+ if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto error; }
+
+ /* get the modulus */
+ if ((err = mp_read_radix(m, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto error; }
+
+ /* check for zero */
+ if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* read hash */
+ if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, (int)hashlen)) != CRYPT_OK) { goto error; }
+
+ /* w = s^-1 mod n */
+ if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; }
+
+ /* u1 = ew */
+ if ((err = mp_mulmod(e, w, p, u1)) != CRYPT_OK) { goto error; }
+
+ /* u2 = rw */
+ if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; }
+
+ /* find mG and mQ */
+ if ((err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto error; }
+ if ((err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto error; }
+ if ((err = mp_set(mG->z, 1)) != CRYPT_OK) { goto error; }
+
+ if ((err = mp_copy(key->pubkey.x, mQ->x)) != CRYPT_OK) { goto error; }
+ if ((err = mp_copy(key->pubkey.y, mQ->y)) != CRYPT_OK) { goto error; }
+ if ((err = mp_copy(key->pubkey.z, mQ->z)) != CRYPT_OK) { goto error; }
+
+ /* compute u1*mG + u2*mQ = mG */
+ if (ltc_mp.ecc_mul2add == NULL) {
+ if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; }
+ if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; }
+
+ /* find the montgomery mp */
+ if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; }
+
+ /* add them */
+ if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; }
+
+ /* reduce */
+ if ((err = ltc_mp.ecc_map(mG, m, mp)) != CRYPT_OK) { goto error; }
+ } else {
+ /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */
+ if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m)) != CRYPT_OK) { goto error; }
+ }
+
+ /* v = X_x1 mod n */
+ if ((err = mp_mod(mG->x, p, v)) != CRYPT_OK) { goto error; }
+
+ /* does v == r */
+ if (mp_cmp(v, r) == LTC_MP_EQ) {
+ *stat = 1;
+ }
+
+ /* clear up and return */
+ err = CRYPT_OK;
+error:
+ ltc_ecc_del_point(mG);
+ ltc_ecc_del_point(mQ);
+ mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL);
+ if (mp != NULL) {
+ mp_montgomery_free(mp);
+ }
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_verify_hash.c,v $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c b/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c
new file mode 100644
index 0000000..cf81f24
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c
@@ -0,0 +1,46 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_is_valid_idx.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/** Returns whether an ECC idx is valid or not
+ @param n The idx number to check
+ @return 1 if valid, 0 if not
+*/
+int ltc_ecc_is_valid_idx(int n)
+{
+ int x;
+
+ for (x = 0; ltc_ecc_sets[x].size != 0; x++);
+ /* -1 is a valid index --- indicating that the domain params were supplied by the user */
+ if ((n >= -1) || (n < x)) {
+ return 1;
+ }
+ return 0;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_map.c b/libtomcrypt/src/pk/ecc/ltc_ecc_map.c
new file mode 100644
index 0000000..eec28b3
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_map.c
@@ -0,0 +1,76 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_map.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Map a projective jacbobian point back to affine space
+ @param P [in/out] The point to map
+ @param modulus The modulus of the field the ECC curve is in
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_map(ecc_point *P, void *modulus, void *mp)
+{
+ void *t1, *t2;
+ int err;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(mp != NULL);
+
+ if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* first map z back to normal */
+ if ((err = mp_montgomery_reduce(P->z, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* get 1/z */
+ if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; }
+
+ /* get 1/z^2 and 1/z^3 */
+ if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mul(t1, t2, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mod(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+
+ /* multiply against x/y */
+ if ((err = mp_mul(P->x, t2, P->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(P->x, modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mul(P->y, t1, P->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(P->y, modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = mp_set(P->z, 1)) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+done:
+ mp_clear_multi(t1, t2, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_map.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c
new file mode 100644
index 0000000..ac1c24f
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c
@@ -0,0 +1,207 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_mul2add.c
+ ECC Crypto, Shamir's Trick, Tom St Denis
+*/
+
+#ifdef MECC
+
+#ifdef LTC_ECC_SHAMIR
+
+/** Computes kA*A + kB*B = C using Shamir's Trick
+ @param A First point to multiply
+ @param kA What to multiple A by
+ @param B Second point to multiply
+ @param kB What to multiple B by
+ @param C [out] Destination point (can overlap with A or B
+ @param modulus Modulus for curve
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_mul2add(ecc_point *A, void *kA,
+ ecc_point *B, void *kB,
+ ecc_point *C,
+ void *modulus)
+{
+ ecc_point *precomp[16];
+ unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble;
+ unsigned char *tA, *tB;
+ int err, first;
+ void *mp, *mu;
+
+ /* argchks */
+ LTC_ARGCHK(A != NULL);
+ LTC_ARGCHK(B != NULL);
+ LTC_ARGCHK(C != NULL);
+ LTC_ARGCHK(kA != NULL);
+ LTC_ARGCHK(kB != NULL);
+ LTC_ARGCHK(modulus != NULL);
+
+ /* allocate memory */
+ tA = XCALLOC(1, ECC_BUF_SIZE);
+ if (tA == NULL) {
+ return CRYPT_MEM;
+ }
+ tB = XCALLOC(1, ECC_BUF_SIZE);
+ if (tB == NULL) {
+ XFREE(tA);
+ return CRYPT_MEM;
+ }
+
+ /* get sizes */
+ lenA = mp_unsigned_bin_size(kA);
+ lenB = mp_unsigned_bin_size(kB);
+ len = MAX(lenA, lenB);
+
+ /* sanity check */
+ if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) {
+ err = CRYPT_INVALID_ARG;
+ goto ERR_T;
+ }
+
+ /* extract and justify kA */
+ mp_to_unsigned_bin(kA, (len - lenA) + tA);
+
+ /* extract and justify kB */
+ mp_to_unsigned_bin(kB, (len - lenB) + tB);
+
+ /* allocate the table */
+ for (x = 0; x < 16; x++) {
+ precomp[x] = ltc_ecc_new_point();
+ if (precomp[x] == NULL) {
+ for (y = 0; y < x; ++y) {
+ ltc_ecc_del_point(precomp[y]);
+ }
+ err = CRYPT_MEM;
+ goto ERR_T;
+ }
+ }
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
+ goto ERR_P;
+ }
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ goto ERR_MP;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ goto ERR_MU;
+ }
+
+ /* copy ones ... */
+ if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; }
+
+ if ((err = mp_mulmod(B->x, mu, modulus, precomp[1<<2]->x)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(B->y, mu, modulus, precomp[1<<2]->y)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z)) != CRYPT_OK) { goto ERR_MU; }
+
+ /* precomp [i,0](A + B) table */
+ if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+
+ /* precomp [0,i](A + B) table */
+ if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+
+ /* precomp [i,j](A + B) table (i != 0, j != 0) */
+ for (x = 1; x < 4; x++) {
+ for (y = 1; y < 4; y++) {
+ if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ }
+ }
+
+ nibble = 3;
+ first = 1;
+ bitbufA = tA[0];
+ bitbufB = tB[0];
+
+ /* for every byte of the multiplicands */
+ for (x = -1;; ) {
+ /* grab a nibble */
+ if (++nibble == 4) {
+ ++x; if (x == len) break;
+ bitbufA = tA[x];
+ bitbufB = tB[x];
+ nibble = 0;
+ }
+
+ /* extract two bits from both, shift/update */
+ nA = (bitbufA >> 6) & 0x03;
+ nB = (bitbufB >> 6) & 0x03;
+ bitbufA = (bitbufA << 2) & 0xFF;
+ bitbufB = (bitbufB << 2) & 0xFF;
+
+ /* if both zero, if first, continue */
+ if ((nA == 0) && (nB == 0) && (first == 1)) {
+ continue;
+ }
+
+ /* double twice, only if this isn't the first */
+ if (first == 0) {
+ /* double twice */
+ if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ }
+
+ /* if not both zero */
+ if ((nA != 0) || (nB != 0)) {
+ if (first == 1) {
+ /* if first, copy from table */
+ first = 0;
+ if ((err = mp_copy(precomp[nA + (nB<<2)]->x, C->x)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_copy(precomp[nA + (nB<<2)]->y, C->y)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_copy(precomp[nA + (nB<<2)]->z, C->z)) != CRYPT_OK) { goto ERR_MU; }
+ } else {
+ /* if not first, add from table */
+ if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ }
+ }
+ }
+
+ /* reduce to affine */
+ err = ltc_ecc_map(C, modulus, mp);
+
+ /* clean up */
+ERR_MU:
+ mp_clear(mu);
+ERR_MP:
+ mp_montgomery_free(mp);
+ERR_P:
+ for (x = 0; x < 16; x++) {
+ ltc_ecc_del_point(precomp[x]);
+ }
+ERR_T:
+#ifdef LTC_CLEAN_STACK
+ zeromem(tA, ECC_BUF_SIZE);
+ zeromem(tB, ECC_BUF_SIZE);
+#endif
+ XFREE(tA);
+ XFREE(tB);
+
+ return err;
+}
+
+#endif
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c,v $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c
new file mode 100644
index 0000000..0e4c92b
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c
@@ -0,0 +1,222 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_mulmod.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+#ifndef LTC_ECC_TIMING_RESISTANT
+
+/* size of sliding window, don't change this! */
+#define WINSIZE 4
+
+/**
+ Perform a point multiplication
+ @param k The scalar to multiply by
+ @param G The base point
+ @param R [out] Destination for kG
+ @param modulus The modulus of the field the ECC curve is in
+ @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective)
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
+{
+ ecc_point *tG, *M[8];
+ int i, j, err;
+ void *mu, *mp;
+ unsigned long buf;
+ int first, bitbuf, bitcpy, bitcnt, mode, digidx;
+
+ LTC_ARGCHK(k != NULL);
+ LTC_ARGCHK(G != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ mp_montgomery_free(mp);
+ return err;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ mp_montgomery_free(mp);
+ mp_clear(mu);
+ return err;
+ }
+
+ /* alloc ram for window temps */
+ for (i = 0; i < 8; i++) {
+ M[i] = ltc_ecc_new_point();
+ if (M[i] == NULL) {
+ for (j = 0; j < i; j++) {
+ ltc_ecc_del_point(M[j]);
+ }
+ mp_montgomery_free(mp);
+ mp_clear(mu);
+ return CRYPT_MEM;
+ }
+ }
+
+ /* make a copy of G incase R==G */
+ tG = ltc_ecc_new_point();
+ if (tG == NULL) { err = CRYPT_MEM; goto done; }
+
+ /* tG = G and convert to montgomery */
+ if (mp_cmp_d(mu, 1) == LTC_MP_EQ) {
+ if ((err = mp_copy(G->x, tG->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(G->y, tG->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(G->z, tG->z)) != CRYPT_OK) { goto done; }
+ } else {
+ if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; }
+ }
+ mp_clear(mu);
+ mu = NULL;
+
+ /* calc the M tab, which holds kG for k==8..15 */
+ /* M[0] == 8G */
+ if ((err = ltc_mp.ecc_ptdbl(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* now find (8+k)G for k=1..7 */
+ for (j = 9; j < 16; j++) {
+ if ((err = ltc_mp.ecc_ptadd(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* setup sliding window */
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = mp_get_digit_count(k) - 1;
+ bitcpy = bitbuf = 0;
+ first = 1;
+
+ /* perform ops */
+ for (;;) {
+ /* grab next digit as required */
+ if (--bitcnt == 0) {
+ if (digidx == -1) {
+ break;
+ }
+ buf = mp_get_digit(k, digidx);
+ bitcnt = (int) ltc_mp.bits_per_digit;
+ --digidx;
+ }
+
+ /* grab the next msb from the ltiplicand */
+ i = (buf >> (ltc_mp.bits_per_digit - 1)) & 1;
+ buf <<= 1;
+
+ /* skip leading zero bits */
+ if (mode == 0 && i == 0) {
+ continue;
+ }
+
+ /* if the bit is zero and mode == 1 then we double */
+ if (mode == 1 && i == 0) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ continue;
+ }
+
+ /* else we add it to the window */
+ bitbuf |= (i << (WINSIZE - ++bitcpy));
+ mode = 2;
+
+ if (bitcpy == WINSIZE) {
+ /* if this is the first window we do a simple copy */
+ if (first == 1) {
+ /* R = kG [k = first window] */
+ if ((err = mp_copy(M[bitbuf-8]->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[bitbuf-8]->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[bitbuf-8]->z, R->z)) != CRYPT_OK) { goto done; }
+ first = 0;
+ } else {
+ /* normal window */
+ /* ok window is filled so double as required and add */
+ /* double first */
+ for (j = 0; j < WINSIZE; j++) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */
+ if ((err = ltc_mp.ecc_ptadd(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+ /* empty window and reset */
+ bitcpy = bitbuf = 0;
+ mode = 1;
+ }
+ }
+
+ /* if bits remain then double/add */
+ if (mode == 2 && bitcpy > 0) {
+ /* double then add */
+ for (j = 0; j < bitcpy; j++) {
+ /* only double if we have had at least one add first */
+ if (first == 0) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ bitbuf <<= 1;
+ if ((bitbuf & (1 << WINSIZE)) != 0) {
+ if (first == 1){
+ /* first add, so copy */
+ if ((err = mp_copy(tG->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->z, R->z)) != CRYPT_OK) { goto done; }
+ first = 0;
+ } else {
+ /* then add */
+ if ((err = ltc_mp.ecc_ptadd(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+ }
+ }
+ }
+
+ /* map R back from projective space */
+ if (map) {
+ err = ltc_ecc_map(R, modulus, mp);
+ } else {
+ err = CRYPT_OK;
+ }
+done:
+ if (mu != NULL) {
+ mp_clear(mu);
+ }
+ mp_montgomery_free(mp);
+ ltc_ecc_del_point(tG);
+ for (i = 0; i < 8; i++) {
+ ltc_ecc_del_point(M[i]);
+ }
+ return err;
+}
+
+#endif
+
+#undef WINSIZE
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c,v $ */
+/* $Revision: 1.24 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c
new file mode 100644
index 0000000..b94a50c
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c
@@ -0,0 +1,167 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_mulmod_timing.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+#ifdef LTC_ECC_TIMING_RESISTANT
+
+/**
+ Perform a point multiplication (timing resistant)
+ @param k The scalar to multiply by
+ @param G The base point
+ @param R [out] Destination for kG
+ @param modulus The modulus of the field the ECC curve is in
+ @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective)
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
+{
+ ecc_point *tG, *M[3];
+ int i, j, err;
+ void *mu, *mp;
+ unsigned long buf;
+ int first, bitbuf, bitcpy, bitcnt, mode, digidx;
+
+ LTC_ARGCHK(k != NULL);
+ LTC_ARGCHK(G != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ mp_montgomery_free(mp);
+ return err;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ mp_clear(mu);
+ mp_montgomery_free(mp);
+ return err;
+ }
+
+ /* alloc ram for window temps */
+ for (i = 0; i < 3; i++) {
+ M[i] = ltc_ecc_new_point();
+ if (M[i] == NULL) {
+ for (j = 0; j < i; j++) {
+ ltc_ecc_del_point(M[j]);
+ }
+ mp_clear(mu);
+ mp_montgomery_free(mp);
+ return CRYPT_MEM;
+ }
+ }
+
+ /* make a copy of G incase R==G */
+ tG = ltc_ecc_new_point();
+ if (tG == NULL) { err = CRYPT_MEM; goto done; }
+
+ /* tG = G and convert to montgomery */
+ if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; }
+ mp_clear(mu);
+ mu = NULL;
+
+ /* calc the M tab */
+ /* M[0] == G */
+ if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->y, M[0]->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->z, M[0]->z)) != CRYPT_OK) { goto done; }
+ /* M[1] == 2G */
+ if ((err = ltc_mp.ecc_ptdbl(tG, M[1], modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* setup sliding window */
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = mp_get_digit_count(k) - 1;
+ bitcpy = bitbuf = 0;
+ first = 1;
+
+ /* perform ops */
+ for (;;) {
+ /* grab next digit as required */
+ if (--bitcnt == 0) {
+ if (digidx == -1) {
+ break;
+ }
+ buf = mp_get_digit(k, digidx);
+ bitcnt = (int) MP_DIGIT_BIT;
+ --digidx;
+ }
+
+ /* grab the next msb from the ltiplicand */
+ i = (buf >> (MP_DIGIT_BIT - 1)) & 1;
+ buf <<= 1;
+
+ if (mode == 0 && i == 0) {
+ /* dummy operations */
+ if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ continue;
+ }
+
+ if (mode == 0 && i == 1) {
+ mode = 1;
+ /* dummy operations */
+ if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ continue;
+ }
+
+ if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* copy result out */
+ if ((err = mp_copy(M[0]->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[0]->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[0]->z, R->z)) != CRYPT_OK) { goto done; }
+
+ /* map R back from projective space */
+ if (map) {
+ err = ltc_ecc_map(R, modulus, mp);
+ } else {
+ err = CRYPT_OK;
+ }
+done:
+ if (mu != NULL) {
+ mp_clear(mu);
+ }
+ mp_montgomery_free(mp);
+ ltc_ecc_del_point(tG);
+ for (i = 0; i < 3; i++) {
+ ltc_ecc_del_point(M[i]);
+ }
+ return err;
+}
+
+#endif
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/12/04 22:17:46 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_points.c b/libtomcrypt/src/pk/ecc/ltc_ecc_points.c
new file mode 100644
index 0000000..39f1321
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_points.c
@@ -0,0 +1,60 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_points.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Allocate a new ECC point
+ @return A newly allocated point or NULL on error
+*/
+ecc_point *ltc_ecc_new_point(void)
+{
+ ecc_point *p;
+ p = XCALLOC(1, sizeof(*p));
+ if (p == NULL) {
+ return NULL;
+ }
+ if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != CRYPT_OK) {
+ XFREE(p);
+ return NULL;
+ }
+ return p;
+}
+
+/** Free an ECC point from memory
+ @param p The point to free
+*/
+void ltc_ecc_del_point(ecc_point *p)
+{
+ /* prevents free'ing null arguments */
+ if (p != NULL) {
+ mp_clear_multi(p->x, p->y, p->z, NULL); /* note: p->z may be NULL but that's ok with this function anyways */
+ XFREE(p);
+ }
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_points.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c
new file mode 100644
index 0000000..c8e359f
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c
@@ -0,0 +1,196 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_projective_add_point.c
+ ECC Crypto, Tom St Denis
+*/
+
+#if defined(MECC) && (!defined(MECC_ACCEL) || defined(LTM_DESC))
+
+/**
+ Add two ECC points
+ @param P The point to add
+ @param Q The point to add
+ @param R [out] The destination of the double
+ @param modulus The modulus of the field the ECC curve is in
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp)
+{
+ void *t1, *t2, *x, *y, *z;
+ int err;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(Q != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(mp != NULL);
+
+ if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* should we dbl instead? */
+ if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; }
+
+ if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) &&
+ (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) &&
+ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) {
+ mp_clear_multi(t1, t2, x, y, z, NULL);
+ return ltc_ecc_projective_dbl_point(P, R, modulus, mp);
+ }
+
+ if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; }
+
+ /* if Z is one then these are no-operations */
+ if (Q->z != NULL) {
+ /* T1 = Z' * Z' */
+ if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X * T1 */
+ if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = Z' * T1 */
+ if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Y = Y * T1 */
+ if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* T1 = Z*Z */
+ if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = X' * T1 */
+ if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = Z * T1 */
+ if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = Y' * T1 */
+ if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* Y = Y - T1 */
+ if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = 2T1 */
+ if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = Y + T1 */
+ if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* X = X - T2 */
+ if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = 2T2 */
+ if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t2, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = X + T2 */
+ if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t2, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+
+ /* if Z' != 1 */
+ if (Q->z != NULL) {
+ /* Z = Z * Z' */
+ if ((err = mp_mul(z, Q->z, z)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* Z = Z * X */
+ if ((err = mp_mul(z, x, z)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* T1 = T1 * X */
+ if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X * X */
+ if ((err = mp_sqr(x, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = T2 * x */
+ if ((err = mp_mul(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = T1 * X */
+ if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* X = Y*Y */
+ if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X - T2 */
+ if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; }
+ }
+
+ /* T2 = T2 - X */
+ if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = T2 - X */
+ if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = T2 * Y */
+ if ((err = mp_mul(t2, y, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Y = T2 - T1 */
+ if ((err = mp_sub(t2, t1, y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
+ }
+ /* Y = Y/2 */
+ if (mp_isodd(y)) {
+ if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
+ }
+ if ((err = mp_div_2(y, y)) != CRYPT_OK) { goto done; }
+
+ if ((err = mp_copy(x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(z, R->z)) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+done:
+ mp_clear_multi(t1, t2, x, y, z, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c,v $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
+
diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c
new file mode 100644
index 0000000..f0b3e1d
--- /dev/null
+++ b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c
@@ -0,0 +1,147 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_projective_dbl_point.c
+ ECC Crypto, Tom St Denis
+*/
+
+#if defined(MECC) && (!defined(MECC_ACCEL) || defined(LTM_DESC))
+
+/**
+ Double an ECC point
+ @param P The point to double
+ @param R [out] The destination of the double
+ @param modulus The modulus of the field the ECC curve is in
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp)
+{
+ void *t1, *t2;
+ int err;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(mp != NULL);
+
+ if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (P != R) {
+ if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; }
+ }
+
+ /* t1 = Z * Z */
+ if ((err = mp_sqr(R->z, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Z = Y * Z */
+ if ((err = mp_mul(R->z, R->y, R->z)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->z, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Z = 2Z */
+ if ((err = mp_add(R->z, R->z, R->z)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(R->z, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; }
+ }
+
+ /* T2 = X - T1 */
+ if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = X + T1 */
+ if ((err = mp_add(t1, R->x, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = T1 * T2 */
+ if ((err = mp_mul(t1, t2, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = 2T2 */
+ if ((err = mp_add(t2, t2, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = T1 + T2 */
+ if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+
+ /* Y = 2Y */
+ if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(R->y, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
+ }
+ /* Y = Y * Y */
+ if ((err = mp_sqr(R->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = Y * Y */
+ if ((err = mp_sqr(R->y, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = T2/2 */
+ if (mp_isodd(t2)) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ if ((err = mp_div_2(t2, t2)) != CRYPT_OK) { goto done; }
+ /* Y = Y * X */
+ if ((err = mp_mul(R->y, R->x, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* X = T1 * T1 */
+ if ((err = mp_sqr(t1, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X - Y */
+ if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; }
+ }
+ /* X = X - Y */
+ if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; }
+ }
+
+ /* Y = Y - X */
+ if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
+ }
+ /* Y = Y * T1 */
+ if ((err = mp_mul(R->y, t1, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Y = Y - T2 */
+ if ((err = mp_sub(R->y, t2, R->y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
+ }
+
+ err = CRYPT_OK;
+done:
+ mp_clear_multi(t1, t2, NULL);
+ return err;
+}
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
+
diff --git a/libtomcrypt/src/pk/katja/katja_decrypt_key.c b/libtomcrypt/src/pk/katja/katja_decrypt_key.c
new file mode 100644
index 0000000..1e10d6c
--- /dev/null
+++ b/libtomcrypt/src/pk/katja/katja_decrypt_key.c
@@ -0,0 +1,105 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_decrypt_key.c
+ Katja PKCS #1 OAEP Decryption, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ (PKCS #1 v2.0) decrypt then OAEP depad
+ @param in The ciphertext
+ @param inlen The length of the ciphertext (octets)
+ @param out [out] The plaintext
+ @param outlen [in/out] The max size and resulting size of the plaintext (octets)
+ @param lparam The system "lparam" value
+ @param lparamlen The length of the lparam value (octets)
+ @param hash_idx The index of the hash desired
+ @param stat [out] Result of the decryption, 1==valid, 0==invalid
+ @param key The corresponding private Katja key
+ @return CRYPT_OK if succcessul (even if invalid)
+*/
+int katja_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ int hash_idx, int *stat,
+ katja_key *key)
+{
+ unsigned long modulus_bitlen, modulus_bytelen, x;
+ int err;
+ unsigned char *tmp;
+
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(stat != NULL);
+
+ /* default to invalid */
+ *stat = 0;
+
+ /* valid hash ? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* get modulus len in bits */
+ modulus_bitlen = mp_count_bits( (key->N));
+
+ /* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */
+ modulus_bitlen = ((modulus_bitlen << 1) / 3);
+
+ /* round down to next byte */
+ modulus_bitlen -= (modulus_bitlen & 7) + 8;
+
+ /* outlen must be at least the size of the modulus */
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
+ if (modulus_bytelen != inlen) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* allocate ram */
+ tmp = XMALLOC(inlen);
+ if (tmp == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* rsa decode the packet */
+ x = inlen;
+ if ((err = katja_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
+ XFREE(tmp);
+ return err;
+ }
+
+ /* shift right by modulus_bytelen - modulus_bitlen/8 bytes */
+ for (x = 0; x < (modulus_bitlen >> 3); x++) {
+ tmp[x] = tmp[x+(modulus_bytelen-(modulus_bitlen>>3))];
+ }
+
+ /* now OAEP decode the packet */
+ err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
+ out, outlen, stat);
+
+ XFREE(tmp);
+ return err;
+}
+
+#endif /* MRSA */
+
+
+
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_decrypt_key.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/katja/katja_encrypt_key.c b/libtomcrypt/src/pk/katja/katja_encrypt_key.c
new file mode 100644
index 0000000..ce93356
--- /dev/null
+++ b/libtomcrypt/src/pk/katja/katja_encrypt_key.c
@@ -0,0 +1,87 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_encrypt_key.c
+ Katja PKCS-style OAEP encryption, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ (PKCS #1 v2.0) OAEP pad then encrypt
+ @param in The plaintext
+ @param inlen The length of the plaintext (octets)
+ @param out [out] The ciphertext
+ @param outlen [in/out] The max size and resulting size of the ciphertext
+ @param lparam The system "lparam" for the encryption
+ @param lparamlen The length of lparam (octets)
+ @param prng An active PRNG
+ @param prng_idx The index of the desired prng
+ @param hash_idx The index of the desired hash
+ @param key The Katja key to encrypt to
+ @return CRYPT_OK if successful
+*/
+int katja_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ prng_state *prng, int prng_idx, int hash_idx, katja_key *key)
+{
+ unsigned long modulus_bitlen, modulus_bytelen, x;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* valid prng and hash ? */
+ if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* get modulus len in bits */
+ modulus_bitlen = mp_count_bits((key->N));
+
+ /* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */
+ modulus_bitlen = ((modulus_bitlen << 1) / 3);
+
+ /* round down to next byte */
+ modulus_bitlen -= (modulus_bitlen & 7) + 8;
+
+ /* outlen must be at least the size of the modulus */
+ modulus_bytelen = mp_unsigned_bin_size((key->N));
+ if (modulus_bytelen > *outlen) {
+ *outlen = modulus_bytelen;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* OAEP pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
+ lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
+ out, &x)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* Katja exptmod the OAEP pad */
+ return katja_exptmod(out, x, out, outlen, PK_PUBLIC, key);
+}
+
+#endif /* MRSA */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_encrypt_key.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/katja/katja_export.c b/libtomcrypt/src/pk/katja/katja_export.c
new file mode 100644
index 0000000..9e55654
--- /dev/null
+++ b/libtomcrypt/src/pk/katja/katja_export.c
@@ -0,0 +1,75 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_export.c
+ Export Katja PKCS-style keys, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ This will export either an KatjaPublicKey or KatjaPrivateKey
+ @param out [out] Destination of the packet
+ @param outlen [in/out] The max size and resulting size of the packet
+ @param type The type of exported key (PK_PRIVATE or PK_PUBLIC)
+ @param key The Katja key to export
+ @return CRYPT_OK if successful
+*/
+int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key)
+{
+ int err;
+ unsigned long zero=0;
+
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* type valid? */
+ if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ if (type == PK_PRIVATE) {
+ /* private key */
+ /* output is
+ Version, n, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p, pq
+ */
+ if ((err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
+ LTC_ASN1_INTEGER, 1UL, key->pq,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* clear zero and return */
+ return CRYPT_OK;
+ } else {
+ /* public key */
+ return der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_EOL, 0UL, NULL);
+ }
+}
+
+#endif /* MRSA */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_export.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/katja/katja_exptmod.c b/libtomcrypt/src/pk/katja/katja_exptmod.c
new file mode 100644
index 0000000..8cc47d8
--- /dev/null
+++ b/libtomcrypt/src/pk/katja/katja_exptmod.c
@@ -0,0 +1,115 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_exptmod.c
+ Katja PKCS-style exptmod, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Compute an RSA modular exponentiation
+ @param in The input data to send into RSA
+ @param inlen The length of the input (octets)
+ @param out [out] The destination
+ @param outlen [in/out] The max size and resulting size of the output
+ @param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC
+ @param key The RSA key to use
+ @return CRYPT_OK if successful
+*/
+int katja_exptmod(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen, int which,
+ katja_key *key)
+{
+ void *tmp, *tmpa, *tmpb;
+ unsigned long x;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* is the key of the right type for the operation? */
+ if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* must be a private or public operation */
+ if (which != PK_PRIVATE && which != PK_PUBLIC) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ /* init and copy into tmp */
+ if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; }
+ if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; }
+
+ /* sanity check on the input */
+ if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
+ err = CRYPT_PK_INVALID_SIZE;
+ goto done;
+ }
+
+ /* are we using the private exponent and is the key optimized? */
+ if (which == PK_PRIVATE) {
+ /* tmpa = tmp^dP mod p */
+ if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
+
+ /* tmpb = tmp^dQ mod q */
+ if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
+
+ /* tmp = (tmpa - tmpb) * qInv (mod p) */
+ if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
+
+ /* tmp = tmpb + q * tmp */
+ if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
+ } else {
+ /* exptmod it */
+ if ((err = mp_exptmod(tmp, key->N, key->N, tmp)) != CRYPT_OK) { goto error; }
+ }
+
+ /* read it back */
+ x = (unsigned long)mp_unsigned_bin_size(key->N);
+ if (x > *outlen) {
+ *outlen = x;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto done;
+ }
+
+ /* this should never happen ... */
+ if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) {
+ err = CRYPT_ERROR;
+ goto done;
+ }
+ *outlen = x;
+
+ /* convert it */
+ zeromem(out, x);
+ if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; }
+
+ /* clean up and return */
+ err = CRYPT_OK;
+ goto done;
+error:
+done:
+ mp_clear_multi(tmp, tmpa, tmpb, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_exptmod.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/katja/katja_free.c b/libtomcrypt/src/pk/katja/katja_free.c
new file mode 100644
index 0000000..8aed3fb
--- /dev/null
+++ b/libtomcrypt/src/pk/katja/katja_free.c
@@ -0,0 +1,35 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_free.c
+ Free an Katja key, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Free an Katja key from memory
+ @param key The RSA key to free
+*/
+void katja_free(katja_key *key)
+{
+ LTC_ARGCHK(key != NULL);
+ mp_clear_multi( key->d, key->N, key->dQ, key->dP,
+ key->qP, key->p, key->q, key->pq, NULL);
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_free.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/katja/katja_import.c b/libtomcrypt/src/pk/katja/katja_import.c
new file mode 100644
index 0000000..efdbe07
--- /dev/null
+++ b/libtomcrypt/src/pk/katja/katja_import.c
@@ -0,0 +1,81 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_import.c
+ Import a PKCS-style Katja key, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Import an KatjaPublicKey or KatjaPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1]
+ @param in The packet to import from
+ @param inlen It's length (octets)
+ @param key [out] Destination for newly imported key
+ @return CRYPT_OK if successful, upon error allocated memory is freed
+*/
+int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key)
+{
+ int err;
+ void *zero;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+
+ /* init key */
+ if ((err = mp_init_multi(&zero, &key->d, &key->N, &key->dQ,
+ &key->dP, &key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
+ /* it's a private key */
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_INTEGER, 1UL, zero,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
+ LTC_ASN1_INTEGER, 1UL, key->pq,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ key->type = PK_PRIVATE;
+ } else {
+ /* public we have N */
+ key->type = PK_PUBLIC;
+ }
+ mp_clear(zero);
+ return CRYPT_OK;
+LBL_ERR:
+ mp_clear_multi(zero, key->d, key->N, key->dQ, key->dP,
+ key->qP, key->p, key->q, key->pq, NULL);
+ return err;
+}
+
+#endif /* MRSA */
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_import.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/katja/katja_make_key.c b/libtomcrypt/src/pk/katja/katja_make_key.c
new file mode 100644
index 0000000..08016c8
--- /dev/null
+++ b/libtomcrypt/src/pk/katja/katja_make_key.c
@@ -0,0 +1,101 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_make_key.c
+ Katja key generation, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Create a Katja key
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG desired
+ @param size The size of the modulus (key size) desired (octets)
+ @param key [out] Destination of a newly created private key pair
+ @return CRYPT_OK if successful, upon error all allocated ram is freed
+*/
+int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key)
+{
+ void *p, *q, *tmp1, *tmp2;
+ int err;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+
+ if ((size < (MIN_KAT_SIZE/8)) || (size > (MAX_KAT_SIZE/8))) {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* divide size by three */
+ size = (((size << 3) / 3) + 7) >> 3;
+
+ /* make prime "q" (we negate size to make q == 3 mod 4) */
+ if ((err = rand_prime(q, -size, prng, wprng)) != CRYPT_OK) { goto done; }
+ if ((err = mp_sub_d(q, 1, tmp1)) != CRYPT_OK) { goto done; }
+
+ /* make prime "p" */
+ do {
+ if ((err = rand_prime(p, size+1, prng, wprng)) != CRYPT_OK) { goto done; }
+ if ((err = mp_gcd(p, tmp1, tmp2)) != CRYPT_OK) { goto done; }
+ } while (mp_cmp_d(tmp2, 1) != LTC_MP_EQ);
+
+ /* make key */
+ if ((err = mp_init_multi(&key->d, &key->N, &key->dQ, &key->dP,
+ &key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* n=p^2q and 1/n mod pq */
+ if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto error2; }
+ if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto error2; }
+ if ((err = mp_mul(key->p, key->q, key->pq)) != CRYPT_OK) { goto error2; } /* tmp1 = pq */
+ if ((err = mp_mul(key->pq, key->p, key->N)) != CRYPT_OK) { goto error2; } /* N = p^2q */
+ if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto error2; } /* tmp1 = q-1 */
+ if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto error2; } /* tmp2 = p-1 */
+ if ((err = mp_lcm(tmp1, tmp2, key->d)) != CRYPT_OK) { goto error2; } /* tmp1 = lcd(p-1,q-1) */
+ if ((err = mp_invmod( key->N, key->d, key->d)) != CRYPT_OK) { goto error2; } /* key->d = 1/N mod pq */
+
+ /* optimize for CRT now */
+ /* find d mod q-1 and d mod p-1 */
+ if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto error2; } /* dP = d mod p-1 */
+ if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto error2; } /* dQ = d mod q-1 */
+ if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto error2; } /* qP = 1/q mod p */
+
+ /* set key type (in this case it's CRT optimized) */
+ key->type = PK_PRIVATE;
+
+ /* return ok and free temps */
+ err = CRYPT_OK;
+ goto done;
+error2:
+ mp_clear_multi( key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, key->pq, NULL);
+error:
+done:
+ mp_clear_multi( tmp2, tmp1, p, q, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_make_key.c,v $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/packet_store_header.c b/libtomcrypt/src/pk/packet_store_header.c
deleted file mode 100644
index 855ca70..0000000
--- a/libtomcrypt/src/pk/packet_store_header.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-#ifdef PACKET
-
-void packet_store_header(unsigned char *dst, int section, int subsection)
-{
- LTC_ARGCHK(dst != NULL);
-
- /* store version number */
- dst[0] = (unsigned char)(CRYPT&255);
- dst[1] = (unsigned char)((CRYPT>>8)&255);
-
- /* store section and subsection */
- dst[2] = (unsigned char)(section & 255);
- dst[3] = (unsigned char)(subsection & 255);
-
-}
-
-#endif
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/packet_store_header.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/libtomcrypt/src/pk/packet_valid_header.c b/libtomcrypt/src/pk/packet_valid_header.c
deleted file mode 100644
index 59db0f7..0000000
--- a/libtomcrypt/src/pk/packet_valid_header.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-#ifdef PACKET
-
-int packet_valid_header(unsigned char *src, int section, int subsection)
-{
- unsigned long ver;
-
- LTC_ARGCHK(src != NULL);
-
- /* check version */
- ver = ((unsigned long)src[0]) | ((unsigned long)src[1] << 8U);
- if (CRYPT < ver) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* check section and subsection */
- if (section != (int)src[2] || subsection != (int)src[3]) {
- return CRYPT_INVALID_PACKET;
- }
-
- return CRYPT_OK;
-}
-
-#endif
-
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/packet_valid_header.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c
index 3e68eb8..4a39bd5 100644
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,9 +28,8 @@
@param out [out] The destination for the integer
@return CRYPT_OK if successful
*/
-int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out)
+int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out)
{
- int err;
unsigned long size;
size = mp_unsigned_bin_size(n);
@@ -41,15 +40,12 @@ int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out)
/* store it */
zeromem(out, modulus_len);
- if ((err = mp_to_unsigned_bin(n, out+(modulus_len-size))) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
- return CRYPT_OK;
+ return mp_to_unsigned_bin(n, out+(modulus_len-size));
}
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c
index aac7494..bfc80bd 100644
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -26,8 +26,8 @@
@param masklen The length of the mask desired
@return CRYPT_OK if successful
*/
-int pkcs_1_mgf1(const unsigned char *seed, unsigned long seedlen,
- int hash_idx,
+int pkcs_1_mgf1(int hash_idx,
+ const unsigned char *seed, unsigned long seedlen,
unsigned char *mask, unsigned long masklen)
{
unsigned long hLen, x;
@@ -104,5 +104,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c
index cd4931b..e70a016 100644
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -101,7 +101,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
x += modulus_len - hLen - 1;
/* compute MGF1 of maskedDB (hLen) */
- if ((err = pkcs_1_mgf1(DB, modulus_len - hLen - 1, hash_idx, mask, hLen)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -111,7 +111,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
}
/* compute MGF1 of seed (k - hlen - 1) */
- if ((err = pkcs_1_mgf1(seed, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -136,7 +136,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
}
/* compare the lhash'es */
- if (memcmp(seed, DB, hLen) != 0) {
+ if (XMEMCMP(seed, DB, hLen) != 0) {
err = CRYPT_OK;
goto LBL_ERR;
}
@@ -148,18 +148,19 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
/* error out if wasn't 0x01 */
if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
/* rest is the message (and skip 0x01) */
- if ((modulus_len - hLen - 1) - ++x > *outlen) {
+ if ((modulus_len - hLen - 1 - ++x) > *outlen) {
+ *outlen = modulus_len - hLen - 1 - x;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
/* copy message */
- *outlen = (modulus_len - hLen - 1) - x;
+ *outlen = modulus_len - hLen - 1 - x;
XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x);
x += modulus_len - hLen - 1;
@@ -184,5 +185,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/18 02:37:06 $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c
index 12670b5..99e1ac6 100644
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -114,7 +114,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
}
/* compute MGF1 of seed (k - hlen - 1) */
- if ((err = pkcs_1_mgf1(seed, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -124,7 +124,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
}
/* compute MGF1 of maskedDB (hLen) */
- if ((err = pkcs_1_mgf1(DB, modulus_len - hLen - 1, hash_idx, mask, hLen)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -135,6 +135,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
/* create string of length modulus_len */
if (*outlen < modulus_len) {
+ *outlen = modulus_len;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
@@ -168,5 +169,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c
index a9a1858..563ae8d 100644
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -23,19 +23,14 @@
@param inlen The length of the binary string
@return CRYPT_OK if successful
*/
-int pkcs_1_os2ip(mp_int *n, unsigned char *in, unsigned long inlen)
+int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen)
{
- int err;
- /* read it */
- if ((err = mp_read_unsigned_bin(n, in, inlen)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
- return CRYPT_OK;
+ return mp_read_unsigned_bin(n, in, inlen);
}
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c
index e61c33f..2c16d50 100644
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -82,7 +82,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
/* ensure the 0xBC byte */
if (sig[siglen-1] != 0xBC) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
@@ -97,12 +97,12 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
/* check the MSB */
if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
/* generate mask of length modulus_len - hLen - 1 from hash */
- if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -119,14 +119,14 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
/* check for zeroes and 0x01 */
for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) {
if (DB[x] != 0x00) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
}
/* check for the 0x01 */
if (DB[x++] != 0x01) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
@@ -149,7 +149,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
}
/* mask == hash means valid signature */
- if (memcmp(mask, hash, hLen) == 0) {
+ if (XMEMCMP(mask, hash, hLen) == 0) {
*res = 1;
}
@@ -173,5 +173,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/30 02:37:21 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c
index 899605c..64bd312 100644
--- a/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -118,7 +118,7 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
x += saltlen;
/* generate mask of length modulus_len - hLen - 1 from hash */
- if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -129,6 +129,7 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
/* output is DB || hash || 0xBC */
if (*outlen < modulus_len) {
+ *outlen = modulus_len;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
@@ -170,5 +171,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c
new file mode 100644
index 0000000..b0a7c2d
--- /dev/null
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c
@@ -0,0 +1,110 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/** @file pkcs_1_v1_5_decode.c
+ *
+ * PKCS #1 v1.5 Padding. (Andreas Lange)
+ */
+
+#ifdef PKCS_1
+
+/** @brief PKCS #1 v1.5 decode.
+ *
+ * @param msg The encoded data to decode
+ * @param msglen The length of the encoded data (octets)
+ * @param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks)
+ * @param modulus_bitlen The bit length of the RSA modulus
+ * @param out [out] Destination of decoding
+ * @param outlen [in/out] The max size and resulting size of the decoding
+ * @param is_valid [out] Boolean whether the padding was valid
+ *
+ * @return CRYPT_OK if successful (even if invalid)
+ */
+int pkcs_1_v1_5_decode(const unsigned char *msg,
+ unsigned long msglen,
+ int block_type,
+ unsigned long modulus_bitlen,
+ unsigned char *out,
+ unsigned long *outlen,
+ int *is_valid)
+{
+ unsigned long modulus_len, ps_len, i;
+ int result;
+
+ /* default to invalid packet */
+ *is_valid = 0;
+
+ modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
+
+ /* test message size */
+
+ if ((msglen > modulus_len) || (modulus_len < 11)) {
+ return CRYPT_PK_INVALID_SIZE;
+ }
+
+ /* separate encoded message */
+
+ if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) {
+ result = CRYPT_INVALID_PACKET;
+ goto bail;
+ }
+
+ if (block_type == LTC_PKCS_1_EME) {
+ for (i = 2; i < modulus_len; i++) {
+ /* separator */
+ if (msg[i] == 0x00) { break; }
+ }
+ ps_len = i++ - 2;
+
+ if ((i >= modulus_len) || (ps_len < 8)) {
+ /* There was no octet with hexadecimal value 0x00 to separate ps from m,
+ * or the length of ps is less than 8 octets.
+ */
+ result = CRYPT_INVALID_PACKET;
+ goto bail;
+ }
+ } else {
+ for (i = 2; i < modulus_len - 1; i++) {
+ if (msg[i] != 0xFF) { break; }
+ }
+
+ /* separator check */
+ if (msg[i] != 0) {
+ /* There was no octet with hexadecimal value 0x00 to separate ps from m. */
+ result = CRYPT_INVALID_PACKET;
+ goto bail;
+ }
+
+ ps_len = i - 2;
+ }
+
+ if (*outlen < (msglen - (2 + ps_len + 1))) {
+ *outlen = msglen - (2 + ps_len + 1);
+ result = CRYPT_BUFFER_OVERFLOW;
+ goto bail;
+ }
+
+ *outlen = (msglen - (2 + ps_len + 1));
+ XMEMCPY(out, &msg[2 + ps_len + 1], *outlen);
+
+ /* valid packet */
+ *is_valid = 1;
+ result = CRYPT_OK;
+bail:
+ return result;
+} /* pkcs_1_v1_5_decode */
+
+#endif /* #ifdef PKCS_1 */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/16 17:41:21 $ */
diff --git a/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c
new file mode 100644
index 0000000..7edd1e6
--- /dev/null
+++ b/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c
@@ -0,0 +1,111 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/*! \file pkcs_1_v1_5_encode.c
+ *
+ * PKCS #1 v1.5 Padding (Andreas Lange)
+ */
+
+#ifdef PKCS_1
+
+/*! \brief PKCS #1 v1.5 encode.
+ *
+ * \param msg The data to encode
+ * \param msglen The length of the data to encode (octets)
+ * \param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks)
+ * \param modulus_bitlen The bit length of the RSA modulus
+ * \param prng An active PRNG state (only for LTC_PKCS_1_EME)
+ * \param prng_idx The index of the PRNG desired (only for LTC_PKCS_1_EME)
+ * \param out [out] The destination for the encoded data
+ * \param outlen [in/out] The max size and resulting size of the encoded data
+ *
+ * \return CRYPT_OK if successful
+ */
+int pkcs_1_v1_5_encode(const unsigned char *msg,
+ unsigned long msglen,
+ int block_type,
+ unsigned long modulus_bitlen,
+ prng_state *prng,
+ int prng_idx,
+ unsigned char *out,
+ unsigned long *outlen)
+{
+ unsigned long modulus_len, ps_len, i;
+ unsigned char *ps;
+ int result;
+
+ /* valid block_type? */
+ if ((block_type != LTC_PKCS_1_EMSA) &&
+ (block_type != LTC_PKCS_1_EME)) {
+ return CRYPT_PK_INVALID_PADDING;
+ }
+
+ if (block_type == LTC_PKCS_1_EME) { /* encryption padding, we need a valid PRNG */
+ if ((result = prng_is_valid(prng_idx)) != CRYPT_OK) {
+ return result;
+ }
+ }
+
+ modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
+
+ /* test message size */
+ if ((msglen + 11) > modulus_len) {
+ return CRYPT_PK_INVALID_SIZE;
+ }
+
+ if (*outlen < modulus_len) {
+ *outlen = modulus_len;
+ result = CRYPT_BUFFER_OVERFLOW;
+ goto bail;
+ }
+
+ /* generate an octets string PS */
+ ps = &out[2];
+ ps_len = modulus_len - msglen - 3;
+
+ if (block_type == LTC_PKCS_1_EME) {
+ /* now choose a random ps */
+ if (prng_descriptor[prng_idx].read(ps, ps_len, prng) != ps_len) {
+ result = CRYPT_ERROR_READPRNG;
+ goto bail;
+ }
+
+ /* transform zero bytes (if any) to non-zero random bytes */
+ for (i = 0; i < ps_len; i++) {
+ while (ps[i] == 0) {
+ if (prng_descriptor[prng_idx].read(&ps[i], 1, prng) != 1) {
+ result = CRYPT_ERROR_READPRNG;
+ goto bail;
+ }
+ }
+ }
+ } else {
+ XMEMSET(ps, 0xFF, ps_len);
+ }
+
+ /* create string of length modulus_len */
+ out[0] = 0x00;
+ out[1] = (unsigned char)block_type; /* block_type 1 or 2 */
+ out[2 + ps_len] = 0x00;
+ XMEMCPY(&out[2 + ps_len + 1], msg, msglen);
+ *outlen = modulus_len;
+
+ result = CRYPT_OK;
+bail:
+ return result;
+} /* pkcs_1_v1_5_encode */
+
+#endif /* #ifdef PKCS_1 */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/11/01 09:12:06 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c b/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c
index 7cea807..3dce20f 100644
--- a/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c
+++ b/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c
@@ -6,19 +6,19 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_decrypt_key.c
- RSA PKCS #1 OAEP Decryption, Tom St Denis
-*/
+ RSA PKCS #1 Decryption, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
/**
- (PKCS #1 v2.0) decrypt then OAEP depad
+ PKCS #1 decrypt then v1.5 or OAEP depad
@param in The ciphertext
@param inlen The length of the ciphertext (octets)
@param out [out] The plaintext
@@ -26,20 +26,21 @@
@param lparam The system "lparam" value
@param lparamlen The length of the lparam value (octets)
@param hash_idx The index of the hash desired
+ @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5)
@param stat [out] Result of the decryption, 1==valid, 0==invalid
@param key The corresponding private RSA key
@return CRYPT_OK if succcessul (even if invalid)
*/
-int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- const unsigned char *lparam, unsigned long lparamlen,
- int hash_idx, int *stat,
- rsa_key *key)
+int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ int hash_idx, int padding,
+ int *stat, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
-
+
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
@@ -48,16 +49,25 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
/* default to invalid */
*stat = 0;
- /* valid hash ? */
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
+ /* valid padding? */
+
+ if ((padding != LTC_PKCS_1_V1_5) &&
+ (padding != LTC_PKCS_1_OAEP)) {
+ return CRYPT_PK_INVALID_PADDING;
}
-
+
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* valid hash ? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
/* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+ modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
@@ -70,24 +80,26 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
/* rsa decode the packet */
x = inlen;
- if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
+ if ((err = ltc_mp.rsa_me(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
- /* now OAEP decode the packet */
- err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
- out, outlen, stat);
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* now OAEP decode the packet */
+ err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
+ out, outlen, stat);
+ } else {
+ /* now PKCS #1 v1.5 depad the packet */
+ err = pkcs_1_v1_5_decode(tmp, x, LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat);
+ }
+
XFREE(tmp);
return err;
}
#endif /* MRSA */
-
-
-
-
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:18:22 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c b/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c
index d29aa83..8d2c228 100644
--- a/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c
+++ b/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c
@@ -6,14 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_encrypt_key.c
- RSA PKCS OAEP encryption, Tom St Denis
-*/
+ RSA PKCS #1 encryption, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
@@ -28,53 +28,75 @@
@param prng An active PRNG
@param prng_idx The index of the desired prng
@param hash_idx The index of the desired hash
+ @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5)
@param key The RSA key to encrypt to
@return CRYPT_OK if successful
-*/
-int rsa_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- const unsigned char *lparam, unsigned long lparamlen,
- prng_state *prng, int prng_idx, int hash_idx, rsa_key *key)
+*/
+int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
-
+
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
-
- /* valid prng and hash ? */
+
+ /* valid padding? */
+ if ((padding != LTC_PKCS_1_V1_5) &&
+ (padding != LTC_PKCS_1_OAEP)) {
+ return CRYPT_PK_INVALID_PADDING;
+ }
+
+ /* valid prng? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
+
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* valid hash? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
}
-
+
/* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+ modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen > *outlen) {
+ *outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
-
- /* OAEP pad the key */
- x = *outlen;
- if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
- lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
- out, &x)) != CRYPT_OK) {
- return err;
- }
- /* rsa exptmod the OAEP pad */
- return rsa_exptmod(out, x, out, outlen, PK_PUBLIC, key);
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* OAEP pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
+ lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
+ out, &x)) != CRYPT_OK) {
+ return err;
+ }
+ } else {
+ /* PKCS #1 v1.5 pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_PKCS_1_EME,
+ modulus_bitlen, prng, prng_idx,
+ out, &x)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
+ /* rsa exptmod the OAEP or PKCS #1 v1.5 pad */
+ return ltc_mp.rsa_me(out, x, out, outlen, PK_PUBLIC, key);
}
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:18:22 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_export.c b/libtomcrypt/src/pk/rsa/rsa_export.c
index f2e324d..5b389ec 100644
--- a/libtomcrypt/src/pk/rsa/rsa_export.c
+++ b/libtomcrypt/src/pk/rsa/rsa_export.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -27,9 +27,7 @@
*/
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key)
{
- int err;
unsigned long zero=0;
-
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
@@ -44,27 +42,22 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key
/* output is
Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p
*/
- if ((err = der_encode_sequence_multi(out, outlen,
+ return der_encode_sequence_multi(out, outlen,
LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
- LTC_ASN1_INTEGER, 1UL, &key->d,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->dP,
- LTC_ASN1_INTEGER, 1UL, &key->dQ,
- LTC_ASN1_INTEGER, 1UL, &key->qP,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- return err;
- }
-
- /* clear zero and return */
- return CRYPT_OK;
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
+ LTC_ASN1_EOL, 0UL, NULL);
} else {
/* public key */
return der_encode_sequence_multi(out, outlen,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL);
}
}
@@ -72,5 +65,5 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_export.c,v $ */
-/* $Revision: 1.11 $ */
-/* $Date: 2005/06/04 01:42:48 $ */
+/* $Revision: 1.15 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_exptmod.c b/libtomcrypt/src/pk/rsa/rsa_exptmod.c
index 379404c..53dbf6b 100644
--- a/libtomcrypt/src/pk/rsa/rsa_exptmod.c
+++ b/libtomcrypt/src/pk/rsa/rsa_exptmod.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,7 +31,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
rsa_key *key)
{
- mp_int tmp, tmpa, tmpb;
+ void *tmp, *tmpa, *tmpb;
unsigned long x;
int err;
@@ -39,7 +39,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
-
+
/* is the key of the right type for the operation? */
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
return CRYPT_PK_NOT_PRIVATE;
@@ -51,65 +51,63 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
}
/* init and copy into tmp */
- if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); }
- if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; }
+ if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; }
+ if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; }
/* sanity check on the input */
- if (mp_cmp(&key->N, &tmp) == MP_LT) {
+ if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
err = CRYPT_PK_INVALID_SIZE;
- goto done;
+ goto error;
}
/* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) {
/* tmpa = tmp^dP mod p */
- if ((err = mp_exptmod(&tmp, &key->dP, &key->p, &tmpa)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
/* tmpb = tmp^dQ mod q */
- if ((err = mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
/* tmp = (tmpa - tmpb) * qInv (mod p) */
- if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
/* tmp = tmpb + q * tmp */
- if ((err = mp_mul(&tmp, &key->q, &tmp)) != MP_OKAY) { goto error; }
- if ((err = mp_add(&tmp, &tmpb, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
} else {
/* exptmod it */
- if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
}
/* read it back */
- x = (unsigned long)mp_unsigned_bin_size(&key->N);
+ x = (unsigned long)mp_unsigned_bin_size(key->N);
if (x > *outlen) {
+ *outlen = x;
err = CRYPT_BUFFER_OVERFLOW;
- goto done;
+ goto error;
}
/* this should never happen ... */
- if (mp_unsigned_bin_size(&tmp) > mp_unsigned_bin_size(&key->N)) {
+ if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) {
err = CRYPT_ERROR;
- goto done;
+ goto error;
}
*outlen = x;
/* convert it */
zeromem(out, x);
- if ((err = mp_to_unsigned_bin(&tmp, out+(x-mp_unsigned_bin_size(&tmp)))) != MP_OKAY) { goto error; }
+ if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; }
/* clean up and return */
err = CRYPT_OK;
- goto done;
error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&tmp, &tmpa, &tmpb, NULL);
+ mp_clear_multi(tmp, tmpa, tmpb, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_exptmod.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/23 02:10:22 $ */
+/* $Revision: 1.16 $ */
+/* $Date: 2006/12/04 03:09:28 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_free.c b/libtomcrypt/src/pk/rsa/rsa_free.c
index 69eeaec..f48976a 100644
--- a/libtomcrypt/src/pk/rsa/rsa_free.c
+++ b/libtomcrypt/src/pk/rsa/rsa_free.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -23,13 +23,12 @@
*/
void rsa_free(rsa_key *key)
{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL);
+ LTC_ARGCHKVD(key != NULL);
+ mp_clear_multi(key->e, key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_free.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 22:23:27 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_import.c b/libtomcrypt/src/pk/rsa/rsa_import.c
index 5706134..7b12fd9 100644
--- a/libtomcrypt/src/pk/rsa/rsa_import.c
+++ b/libtomcrypt/src/pk/rsa/rsa_import.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -27,60 +27,111 @@
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
int err;
- mp_int zero;
+ void *zero;
+ unsigned char *tmpbuf;
+ unsigned long t, x, y, z, tmpoid[16];
+ ltc_asn1_list ssl_pubkey_hashoid[2];
+ ltc_asn1_list ssl_pubkey[2];
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
- if ((err = mp_init_multi(&zero, &key->e, &key->d, &key->N, &key->dQ,
- &key->dP, &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
+ &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
+ return err;
}
+ /* see if the OpenSSL DER format RSA public key will work */
+ tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8);
+ if (tmpbuf == NULL) {
+ err = CRYPT_MEM;
+ goto LBL_ERR;
+ }
+
+ /* this includes the internal hash ID and optional params (NULL in this case) */
+ LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0]));
+ LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0);
+
+ /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it
+ then proceed to convert bit to octet
+ */
+ LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2);
+ LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8);
+
+ if (der_decode_sequence(in, inlen,
+ ssl_pubkey, 2UL) == CRYPT_OK) {
+
+ /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */
+ for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) {
+ y = (y << 1) | tmpbuf[x];
+ if (++z == 8) {
+ tmpbuf[t++] = (unsigned char)y;
+ y = 0;
+ z = 0;
+ }
+ }
+
+ /* now it should be SEQUENCE { INTEGER, INTEGER } */
+ if ((err = der_decode_sequence_multi(tmpbuf, t,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ XFREE(tmpbuf);
+ goto LBL_ERR;
+ }
+ XFREE(tmpbuf);
+ key->type = PK_PUBLIC;
+ return CRYPT_OK;
+ }
+ XFREE(tmpbuf);
+
+ /* not SSL public key, try to match against PKCS #1 standards */
if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_INTEGER, 1UL, &key->N,
+ LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
- if (mp_cmp_d(&key->N, 0) == MP_EQ) {
+ if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
+ if ((err = mp_init(&zero)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
/* it's a private key */
if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_INTEGER, 1UL, &zero,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
- LTC_ASN1_INTEGER, 1UL, &key->d,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->dP,
- LTC_ASN1_INTEGER, 1UL, &key->dQ,
- LTC_ASN1_INTEGER, 1UL, &key->qP,
+ LTC_ASN1_INTEGER, 1UL, zero,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ mp_clear(zero);
goto LBL_ERR;
}
+ mp_clear(zero);
key->type = PK_PRIVATE;
- } else if (mp_cmp_d(&key->N, 1) == MP_EQ) {
+ } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) {
/* we don't support multi-prime RSA */
err = CRYPT_PK_INVALID_TYPE;
goto LBL_ERR;
} else {
/* it's a public key and we lack e */
if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
-
- /* free up some ram */
- mp_clear_multi(&key->p, &key->q, &key->qP, &key->dP, &key->dQ, NULL);
key->type = PK_PUBLIC;
}
return CRYPT_OK;
LBL_ERR:
- mp_clear_multi(&zero, &key->d, &key->e, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL);
+ mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
return err;
}
@@ -88,5 +139,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_import.c,v $ */
-/* $Revision: 1.10 $ */
-/* $Date: 2005/06/03 18:48:28 $ */
+/* $Revision: 1.21 $ */
+/* $Date: 2006/12/04 22:23:27 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_make_key.c b/libtomcrypt/src/pk/rsa/rsa_make_key.c
index d874106..bd2a29b 100644
--- a/libtomcrypt/src/pk/rsa/rsa_make_key.c
+++ b/libtomcrypt/src/pk/rsa/rsa_make_key.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,10 +28,11 @@
*/
int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key)
{
- mp_int p, q, tmp1, tmp2, tmp3;
+ void *p, *q, *tmp1, *tmp2, *tmp3;
int err;
- LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+ LTC_ARGCHK(key != NULL);
if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) {
return CRYPT_INVALID_KEYSIZE;
@@ -45,81 +46,67 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key)
return err;
}
- if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) {
+ return err;
}
/* make primes p and q (optimization provided by Wayne Scott) */
- if ((err = mp_set_int(&tmp3, e)) != MP_OKAY) { goto error; } /* tmp3 = e */
+ if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) { goto errkey; } /* tmp3 = e */
/* make prime "p" */
do {
- if ((err = rand_prime(&p, size*4, prng, wprng)) != CRYPT_OK) { goto done; }
- if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = p-1 */
- if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(p-1, e) */
- } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */
+ if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = p-1 */
+ if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(p-1, e) */
+ } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides p-1 */
/* make prime "q" */
do {
- if ((err = rand_prime(&q, size*4, prng, wprng)) != CRYPT_OK) { goto done; }
- if ((err = mp_sub_d(&q, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = q-1 */
- if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(q-1, e) */
- } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */
+ if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */
+ if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(q-1, e) */
+ } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides q-1 */
/* tmp1 = lcm(p-1, q-1) */
- if ((err = mp_sub_d(&p, 1, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = p-1 */
- /* tmp1 = q-1 (previous do/while loop) */
- if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = lcm(p-1, q-1) */
+ if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */
+ /* tmp1 = q-1 (previous do/while loop) */
+ if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = lcm(p-1, q-1) */
/* make key */
- if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) {
- goto error;
+ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
+ goto errkey;
}
- if ((err = mp_set_int(&key->e, e)) != MP_OKAY) { goto error2; } /* key->e = e */
- if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */
- if ((err = mp_mul(&p, &q, &key->N)) != MP_OKAY) { goto error2; } /* key->N = pq */
+ if ((err = mp_set_int( key->e, e)) != CRYPT_OK) { goto errkey; } /* key->e = e */
+ if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { goto errkey; } /* key->d = 1/e mod lcm(p-1,q-1) */
+ if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { goto errkey; } /* key->N = pq */
/* optimize for CRT now */
/* find d mod q-1 and d mod p-1 */
- if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */
- if ((err = mp_sub_d(&q, 1, &tmp2)) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */
- if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */
- if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */
- if ((err = mp_invmod(&q, &p, &key->qP)) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */
-
- if ((err = mp_copy(&p, &key->p)) != MP_OKAY) { goto error2; }
- if ((err = mp_copy(&q, &key->q)) != MP_OKAY) { goto error2; }
-
- /* shrink ram required */
- if ((err = mp_shrink(&key->e)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->d)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->N)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->dQ)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->dP)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->qP)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error2; }
+ if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */
+ if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */
+ if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */
+ if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */
+ if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */
+
+ if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto errkey; }
/* set key type (in this case it's CRT optimized) */
key->type = PK_PRIVATE;
/* return ok and free temps */
err = CRYPT_OK;
- goto done;
-error2:
- mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL);
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL);
+ goto cleanup;
+errkey:
+ mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
+cleanup:
+ mp_clear_multi(tmp3, tmp2, tmp1, p, q, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_make_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.14 $ */
+/* $Date: 2006/12/04 22:23:27 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_sign_hash.c b/libtomcrypt/src/pk/rsa/rsa_sign_hash.c
index d31bda3..f10a97a 100644
--- a/libtomcrypt/src/pk/rsa/rsa_sign_hash.c
+++ b/libtomcrypt/src/pk/rsa/rsa_sign_hash.c
@@ -6,23 +6,24 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_sign_hash.c
- RSA PKCS v2 PSS sign hash, Tom St Denis
-*/
+ RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
/**
- (PKCS #1, v2.0) PSS pad then sign
+ PKCS #1 pad then sign
@param in The hash to sign
@param inlen The length of the hash to sign (octets)
@param out [out] The signature
- @param outlen [in/out] The max size and resulting size of the signature
+ @param outlen [in/out] The max size and resulting size of the signature
+ @param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
@param prng An active PRNG state
@param prng_idx The index of the PRNG desired
@param hash_idx The index of the hash desired
@@ -30,50 +31,104 @@
@param key The private RSA key to use
@return CRYPT_OK if successful
*/
-int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int prng_idx,
- int hash_idx, unsigned long saltlen,
- rsa_key *key)
+int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ int padding,
+ prng_state *prng, int prng_idx,
+ int hash_idx, unsigned long saltlen,
+ rsa_key *key)
{
- unsigned long modulus_bitlen, modulus_bytelen, x;
+ unsigned long modulus_bitlen, modulus_bytelen, x, y;
int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* valid prng and hash ? */
- if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
- return err;
- }
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
- }
-
- /* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* valid padding? */
+ if ((padding != LTC_PKCS_1_V1_5) && (padding != LTC_PKCS_1_PSS)) {
+ return CRYPT_PK_INVALID_PADDING;
+ }
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* valid prng and hash ? */
+ if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
+ /* get modulus len in bits */
+ modulus_bitlen = mp_count_bits((key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size((key->N));
if (modulus_bytelen > *outlen) {
+ *outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
-
- /* PSS pad the key */
- x = *outlen;
- if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx,
- hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) {
- return err;
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* PSS pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx,
+ hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) {
+ return err;
+ }
+ } else {
+ /* PKCS #1 v1.5 pad the hash */
+ unsigned char *tmpin;
+ ltc_asn1_list digestinfo[2], siginfo[2];
+
+ /* not all hashes have OIDs... so sad */
+ if (hash_descriptor[hash_idx].OIDlen == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* construct the SEQUENCE
+ SEQUENCE {
+ SEQUENCE {hashoid OID
+ blah NULL
+ }
+ hash OCTET STRING
+ }
+ */
+ LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen);
+ LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
+ LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
+ LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen);
+
+ /* allocate memory for the encoding */
+ y = mp_unsigned_bin_size(key->N);
+ tmpin = XMALLOC(y);
+ if (tmpin == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) {
+ XFREE(tmpin);
+ return err;
+ }
+
+ x = *outlen;
+ if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA,
+ modulus_bitlen, NULL, 0,
+ out, &x)) != CRYPT_OK) {
+ XFREE(tmpin);
+ return err;
+ }
+ XFREE(tmpin);
}
/* RSA encode it */
- return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key);
+ return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key);
}
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_sign_hash.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/09 23:15:39 $ */
diff --git a/libtomcrypt/src/pk/rsa/rsa_verify_hash.c b/libtomcrypt/src/pk/rsa/rsa_verify_hash.c
index 690364d..4b61029 100644
--- a/libtomcrypt/src/pk/rsa/rsa_verify_hash.c
+++ b/libtomcrypt/src/pk/rsa/rsa_verify_hash.c
@@ -6,75 +6,156 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_verify_hash.c
- RSA PKCS v2 PSS signature verification, Tom St Denis
-*/
+ RSA PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
/**
- (PKCS #1, v2.0) de-sign then PSS depad
+ PKCS #1 de-sign then v1.5 or PSS depad
@param sig The signature data
@param siglen The length of the signature data (octets)
@param hash The hash of the message that was signed
@param hashlen The length of the hash of the message that was signed (octets)
+ @param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
@param hash_idx The index of the desired hash
@param saltlen The length of the salt used during signature
@param stat [out] The result of the signature comparison, 1==valid, 0==invalid
@param key The public RSA key corresponding to the key that performed the signature
@return CRYPT_OK on success (even if the signature is invalid)
*/
-int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int hash_idx, unsigned long saltlen,
- int *stat, rsa_key *key)
+int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
+ const unsigned char *hash, unsigned long hashlen,
+ int padding,
+ int hash_idx, unsigned long saltlen,
+ int *stat, rsa_key *key)
{
- unsigned long modulus_bitlen, modulus_bytelen, x;
- int err;
- unsigned char *tmpbuf;
-
+ unsigned long modulus_bitlen, modulus_bytelen, x;
+ int err;
+ unsigned char *tmpbuf;
+
LTC_ARGCHK(hash != NULL);
- LTC_ARGCHK(sig != NULL);
- LTC_ARGCHK(stat != NULL);
- LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(sig != NULL);
+ LTC_ARGCHK(stat != NULL);
+ LTC_ARGCHK(key != NULL);
/* default to invalid */
*stat = 0;
-
- /* valid hash ? */
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
+
+ /* valid padding? */
+
+ if ((padding != LTC_PKCS_1_V1_5) &&
+ (padding != LTC_PKCS_1_PSS)) {
+ return CRYPT_PK_INVALID_PADDING;
}
-
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* valid hash ? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
/* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+ modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen != siglen) {
return CRYPT_INVALID_PACKET;
}
-
+
/* allocate temp buffer for decoded sig */
tmpbuf = XMALLOC(siglen);
if (tmpbuf == NULL) {
return CRYPT_MEM;
}
-
+
/* RSA decode it */
x = siglen;
- if ((err = rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) {
+ if ((err = ltc_mp.rsa_me(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) {
XFREE(tmpbuf);
return err;
}
-
- /* PSS decode it */
- err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat);
+
+ /* make sure the output is the right size */
+ if (x != siglen) {
+ XFREE(tmpbuf);
+ return CRYPT_INVALID_PACKET;
+ }
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* PSS decode and verify it */
+ err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat);
+ } else {
+ /* PKCS #1 v1.5 decode it */
+ unsigned char *out;
+ unsigned long outlen, loid[16];
+ int decoded;
+ ltc_asn1_list digestinfo[2], siginfo[2];
+
+ /* not all hashes have OIDs... so sad */
+ if (hash_descriptor[hash_idx].OIDlen == 0) {
+ err = CRYPT_INVALID_ARG;
+ goto bail_2;
+ }
+
+ /* allocate temp buffer for decoded hash */
+ outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3;
+ out = XMALLOC(outlen);
+ if (out == NULL) {
+ err = CRYPT_MEM;
+ goto bail_2;
+ }
+
+ if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) {
+ XFREE(out);
+ goto bail_2;
+ }
+
+ /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */
+ /* construct the SEQUENCE
+ SEQUENCE {
+ SEQUENCE {hashoid OID
+ blah NULL
+ }
+ hash OCTET STRING
+ }
+ */
+ LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0]));
+ LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
+ LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
+ LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen);
+
+ if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) {
+ XFREE(out);
+ goto bail_2;
+ }
+
+ /* test OID */
+ if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+ (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
+ (siginfo[1].size == hashlen) &&
+ (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
+ *stat = 1;
+ }
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(out, outlen);
+#endif
+ XFREE(out);
+ }
+
+bail_2:
+#ifdef LTC_CLEAN_STACK
+ zeromem(tmpbuf, siglen);
+#endif
XFREE(tmpbuf);
return err;
}
@@ -82,5 +163,5 @@ int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_verify_hash.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/12/04 03:09:28 $ */