306 lines
5.0 KiB
C
306 lines
5.0 KiB
C
// Copyright 2007,2008,2010 Segher Boessenkool <segher@kernel.crashing.org>
|
|
// Licensed under the terms of the GNU GPL, version 2
|
|
// http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
|
|
|
#include <string.h>
|
|
#include <stdio.h>
|
|
|
|
#include "kirk_engine.h"
|
|
#include "ecdsa.h"
|
|
|
|
|
|
void bn_dump(char *str, u8 *buf, u32 size)
|
|
{
|
|
u32 i;
|
|
|
|
printf("%16s: ", str);
|
|
for(i=0; i<size; i++){
|
|
printf("%02x", buf[i]);
|
|
}
|
|
printf("\n");
|
|
}
|
|
static void bn_zero(u8* d, u32 n)
|
|
{
|
|
memset(d, 0, n);
|
|
}
|
|
|
|
void bn_copy(u8* d, u8* a, u32 n)
|
|
{
|
|
memcpy(d, a, n);
|
|
}
|
|
|
|
int bn_is_zero(u8 *d, u32 n)
|
|
{
|
|
int i;
|
|
|
|
for(i=0; i<n; i++){
|
|
if(d[i])
|
|
return 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
int bn_compare(u8* a, u8* b, u32 n)
|
|
{
|
|
u32 i;
|
|
|
|
for (i = 0; i < n; i++) {
|
|
if (a[i] < b[i])
|
|
return -1;
|
|
if (a[i] > b[i])
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
static u8 bn_add_1(u8* d, u8* a, u8* b, u32 n)
|
|
{
|
|
u32 i;
|
|
u32 dig;
|
|
u8 c;
|
|
|
|
c = 0;
|
|
for (i = n - 1; i < n; i--) {
|
|
dig = a[i] + b[i] + c;
|
|
c = dig >> 8;
|
|
d[i] = dig;
|
|
}
|
|
|
|
return c;
|
|
}
|
|
|
|
static u8 bn_sub_1(u8* d, u8* a, u8* b, u32 n)
|
|
{
|
|
u32 i;
|
|
u32 dig;
|
|
u8 c;
|
|
|
|
c = 1;
|
|
for (i = n - 1; i < n; i--) {
|
|
dig = a[i] + 255 - b[i] + c;
|
|
c = dig >> 8;
|
|
d[i] = dig;
|
|
}
|
|
|
|
return 1 - c;
|
|
}
|
|
|
|
void bn_reduce(u8* d, u8* N, u32 n)
|
|
{
|
|
if (bn_compare(d, N, n) >= 0)
|
|
bn_sub_1(d, d, N, n);
|
|
}
|
|
|
|
void bn_add(u8* d, u8* a, u8* b, u8* N, u32 n)
|
|
{
|
|
if (bn_add_1(d, a, b, n))
|
|
bn_sub_1(d, d, N, n);
|
|
|
|
bn_reduce(d, N, n);
|
|
}
|
|
|
|
void bn_sub(u8* d, u8* a, u8* b, u8* N, u32 n)
|
|
{
|
|
if (bn_sub_1(d, a, b, n))
|
|
bn_add_1(d, d, N, n);
|
|
}
|
|
static const u8 inv256[0x80] = {
|
|
0x01, 0xab, 0xcd, 0xb7, 0x39, 0xa3, 0xc5, 0xef,
|
|
0xf1, 0x1b, 0x3d, 0xa7, 0x29, 0x13, 0x35, 0xdf,
|
|
0xe1, 0x8b, 0xad, 0x97, 0x19, 0x83, 0xa5, 0xcf,
|
|
0xd1, 0xfb, 0x1d, 0x87, 0x09, 0xf3, 0x15, 0xbf,
|
|
0xc1, 0x6b, 0x8d, 0x77, 0xf9, 0x63, 0x85, 0xaf,
|
|
0xb1, 0xdb, 0xfd, 0x67, 0xe9, 0xd3, 0xf5, 0x9f,
|
|
0xa1, 0x4b, 0x6d, 0x57, 0xd9, 0x43, 0x65, 0x8f,
|
|
0x91, 0xbb, 0xdd, 0x47, 0xc9, 0xb3, 0xd5, 0x7f,
|
|
0x81, 0x2b, 0x4d, 0x37, 0xb9, 0x23, 0x45, 0x6f,
|
|
0x71, 0x9b, 0xbd, 0x27, 0xa9, 0x93, 0xb5, 0x5f,
|
|
0x61, 0x0b, 0x2d, 0x17, 0x99, 0x03, 0x25, 0x4f,
|
|
0x51, 0x7b, 0x9d, 0x07, 0x89, 0x73, 0x95, 0x3f,
|
|
0x41, 0xeb, 0x0d, 0xf7, 0x79, 0xe3, 0x05, 0x2f,
|
|
0x31, 0x5b, 0x7d, 0xe7, 0x69, 0x53, 0x75, 0x1f,
|
|
0x21, 0xcb, 0xed, 0xd7, 0x59, 0xc3, 0xe5, 0x0f,
|
|
0x11, 0x3b, 0x5d, 0xc7, 0x49, 0x33, 0x55, 0xff,
|
|
};
|
|
|
|
static void bn_mon_muladd_dig(u8* d, u8* a, u8 b, u8* N, u32 n)
|
|
{
|
|
u32 dig;
|
|
u32 i;
|
|
|
|
u8 z = -(d[n - 1] + a[n - 1] * b) * inv256[N[n - 1] / 2];
|
|
|
|
dig = d[n - 1] + a[n - 1] * b + N[n - 1] * z;
|
|
dig >>= 8;
|
|
|
|
for (i = n - 2; i < n; i--) {
|
|
dig += d[i] + a[i] * b + N[i] * z;
|
|
d[i + 1] = dig;
|
|
dig >>= 8;
|
|
}
|
|
|
|
d[0] = dig;
|
|
dig >>= 8;
|
|
|
|
if (dig)
|
|
bn_sub_1(d, d, N, n);
|
|
|
|
bn_reduce(d, N, n);
|
|
}
|
|
|
|
void bn_mon_mul(u8* d, u8* a, u8* b, u8* N, u32 n)
|
|
{
|
|
u8 t[512];
|
|
u32 i;
|
|
|
|
bn_zero(t, n);
|
|
|
|
for (i = n - 1; i < n; i--)
|
|
bn_mon_muladd_dig(t, a, b[i], N, n);
|
|
|
|
bn_copy(d, t, n);
|
|
}
|
|
|
|
void bn_to_mon(u8* d, u8* N, u32 n)
|
|
{
|
|
u32 i;
|
|
|
|
for (i = 0; i < 8 * n; i++)
|
|
bn_add(d, d, d, N, n);
|
|
}
|
|
|
|
void bn_from_mon(u8* d, u8* N, u32 n)
|
|
{
|
|
u8 t[512];
|
|
|
|
bn_zero(t, n);
|
|
t[n - 1] = 1;
|
|
bn_mon_mul(d, d, t, N, n);
|
|
}
|
|
|
|
static void bn_mon_exp(u8* d, u8* a, u8* N, u32 n, u8* e, u32 en)
|
|
{
|
|
u8 t[512];
|
|
u32 i;
|
|
u8 mask;
|
|
|
|
bn_zero(d, n);
|
|
d[n - 1] = 1;
|
|
bn_to_mon(d, N, n);
|
|
|
|
for (i = 0; i < en; i++)
|
|
for (mask = 0x80; mask != 0; mask >>= 1) {
|
|
bn_mon_mul(t, d, d, N, n);
|
|
if ((e[i] & mask) != 0)
|
|
bn_mon_mul(d, t, a, N, n);
|
|
else
|
|
bn_copy(d, t, n);
|
|
}
|
|
}
|
|
|
|
void bn_mon_inv(u8* d, u8* a, u8* N, u32 n)
|
|
{
|
|
u8 t[512], s[512];
|
|
|
|
bn_zero(s, n);
|
|
s[n - 1] = 2;
|
|
bn_sub_1(t, N, s, n);
|
|
bn_mon_exp(d, a, N, n, t, n);
|
|
}
|
|
|
|
/*************************************************************/
|
|
|
|
void bn_mul(u8 *d, u8 *a, u8 *b, u8 *N, u32 n)
|
|
{
|
|
u32 i;
|
|
u8 mask;
|
|
u8 td[512];
|
|
|
|
bn_zero(td, 512);
|
|
|
|
for (i = 0; i < n; i++){
|
|
for (mask = 0x80; mask != 0; mask >>= 1) {
|
|
bn_add(td, td, td, N, n);
|
|
if ((a[i] & mask) != 0)
|
|
bn_add(td, td, b, N, n);
|
|
}
|
|
}
|
|
|
|
bn_copy(d, td, n);
|
|
}
|
|
|
|
/*************************************************************/
|
|
|
|
static int bn_is_odd(u8 *d, u32 n)
|
|
{
|
|
return (d[n-1])&1;
|
|
}
|
|
|
|
static void bn_rshift1(u8 *d, u8 *a, u32 n)
|
|
{
|
|
u8 b, c;
|
|
int i;
|
|
|
|
c = 0;
|
|
for(i=0; i<n; i++){
|
|
b = a[i];
|
|
a[i] = (b>>1)|c;
|
|
c = (b<<7)&0x80;
|
|
}
|
|
}
|
|
|
|
void bn_gcd(u8 *out_d, u8 *in_a, u8 *in_b, u32 n)
|
|
{
|
|
u8 a[512], b[512], t[512], mn[512];
|
|
int shift;
|
|
|
|
shift = 0;
|
|
memset(mn, 0, 512);
|
|
mn[0] = 0x80;
|
|
|
|
memcpy(a, in_a, n);
|
|
memcpy(b, in_b, n);
|
|
|
|
if(bn_compare(a, b, n)<0){
|
|
memcpy(t, a, n);
|
|
memcpy(a, b, n);
|
|
memcpy(b, t, n);
|
|
}
|
|
|
|
while(!bn_is_zero(b, n)){
|
|
if(bn_is_odd(a, n)){
|
|
if(bn_is_odd(b, n)){
|
|
bn_sub(a, a, b, mn, n);
|
|
bn_rshift1(a, a, n);
|
|
if(bn_compare(a, b, n)<0){
|
|
memcpy(t, a, n);
|
|
memcpy(a, b, n);
|
|
memcpy(b, t, n);
|
|
}
|
|
}else{
|
|
bn_rshift1(b, b, n);
|
|
}
|
|
}else{
|
|
if(bn_is_odd(b, n)){
|
|
bn_rshift1(a, a, n);
|
|
if(bn_compare(a, b, n)<0){
|
|
memcpy(t, a, n);
|
|
memcpy(a, b, n);
|
|
memcpy(b, t, n);
|
|
}
|
|
}else{
|
|
bn_rshift1(a, a, n);
|
|
bn_rshift1(b, b, n);
|
|
shift += 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
// skip this step
|
|
//bn_lshift(a, a, shift, n);
|
|
|
|
memcpy(out_d, a, n);
|
|
}
|
|
|