1 /* Bignum routines adapted from PUTTY sources. PuTTY copyright notice follows.
3 * PuTTY is copyright 1997-2007 Simon Tatham.
5 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
6 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
7 * Justin Bradford, Ben Harris, Malcolm Smith, Ahmad Khalifa, Markus
8 * Kuhn, and CORE SDI S.A.
10 * Permission is hereby granted, free of charge, to any person
11 * obtaining a copy of this software and associated documentation files
12 * (the "Software"), to deal in the Software without restriction,
13 * including without limitation the rights to use, copy, modify, merge,
14 * publish, distribute, sublicense, and/or sell copies of the Software,
15 * and to permit persons to whom the Software is furnished to do so,
16 * subject to the following conditions:
18 * The above copyright notice and this permission notice shall be
19 * included in all copies or substantial portions of the Software.
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
25 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
26 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 #ifndef CONFIG_MACH_IPMATE
34 #include "dwc_modpow.h"
36 #define BIGNUM_INT_MASK 0xFFFFFFFFUL
37 #define BIGNUM_TOP_BIT 0x80000000UL
38 #define BIGNUM_INT_BITS 32
41 static void *snmalloc(void *mem_ctx, size_t n, size_t size)
45 if (size == 0) size = 1;
46 p = dwc_alloc(mem_ctx, size);
50 #define snewn(ctx, n, type) ((type *)snmalloc((ctx), (n), sizeof(type)))
51 #define sfree dwc_free
55 * * Do not call the DIVMOD_WORD macro with expressions such as array
56 * subscripts, as some implementations object to this (see below).
57 * * Note that none of the division methods below will cope if the
58 * quotient won't fit into BIGNUM_INT_BITS. Callers should be careful
60 * If this condition occurs, in the case of the x86 DIV instruction,
61 * an overflow exception will occur, which (according to a correspondent)
62 * will manifest on Windows as something like
63 * 0xC0000095: Integer overflow
64 * The C variant won't give the right answer, either.
67 #define MUL_WORD(w1, w2) ((BignumDblInt)w1 * w2)
69 #if defined __GNUC__ && defined __i386__
70 #define DIVMOD_WORD(q, r, hi, lo, w) \
72 "=d" (r), "=a" (q) : \
73 "r" (w), "d" (hi), "a" (lo))
75 #define DIVMOD_WORD(q, r, hi, lo, w) do { \
76 BignumDblInt n = (((BignumDblInt)hi) << BIGNUM_INT_BITS) | lo; \
82 #define BIGNUM_INT_BYTES (BIGNUM_INT_BITS / 8)
84 #define BIGNUM_INTERNAL
86 static Bignum newbn(void *mem_ctx, int length)
88 Bignum b = snewn(mem_ctx, length + 1, BignumInt);
90 //abort(); /* FIXME */
91 DWC_MEMSET(b, 0, (length + 1) * sizeof(*b));
96 void freebn(void *mem_ctx, Bignum b)
99 * Burn the evidence, just in case.
101 DWC_MEMSET(b, 0, sizeof(b[0]) * (b[0] + 1));
107 * Input is in the first len words of a and b.
108 * Result is returned in the first 2*len words of c.
110 static void internal_mul(BignumInt *a, BignumInt *b,
111 BignumInt *c, int len)
116 for (j = 0; j < 2 * len; j++)
119 for (i = len - 1; i >= 0; i--) {
121 for (j = len - 1; j >= 0; j--) {
122 t += MUL_WORD(a[i], (BignumDblInt) b[j]);
123 t += (BignumDblInt) c[i + j + 1];
124 c[i + j + 1] = (BignumInt) t;
125 t = t >> BIGNUM_INT_BITS;
127 c[i] = (BignumInt) t;
131 static void internal_add_shifted(BignumInt *number,
132 unsigned n, int shift)
134 int word = 1 + (shift / BIGNUM_INT_BITS);
135 int bshift = shift % BIGNUM_INT_BITS;
138 addend = (BignumDblInt)n << bshift;
141 addend += number[word];
142 number[word] = (BignumInt) addend & BIGNUM_INT_MASK;
143 addend >>= BIGNUM_INT_BITS;
150 * Input in first alen words of a and first mlen words of m.
151 * Output in first alen words of a
152 * (of which first alen-mlen words will be zero).
153 * The MSW of m MUST have its high bit set.
154 * Quotient is accumulated in the `quotient' array, which is a Bignum
155 * rather than the internal bigendian format. Quotient parts are shifted
156 * left by `qshift' before adding into quot.
158 static void internal_mod(BignumInt *a, int alen,
159 BignumInt *m, int mlen,
160 BignumInt *quot, int qshift)
172 for (i = 0; i <= alen - mlen; i++) {
174 unsigned int q, r, c, ai1;
188 /* Find q = h:a[i] / m0 */
193 * To illustrate it, suppose a BignumInt is 8 bits, and
194 * we are dividing (say) A1:23:45:67 by A1:B2:C3. Then
195 * our initial division will be 0xA123 / 0xA1, which
196 * will give a quotient of 0x100 and a divide overflow.
197 * However, the invariants in this division algorithm
198 * are not violated, since the full number A1:23:... is
199 * _less_ than the quotient prefix A1:B2:... and so the
200 * following correction loop would have sorted it out.
202 * In this situation we set q to be the largest
203 * quotient we _can_ stomach (0xFF, of course).
207 /* Macro doesn't want an array subscript expression passed
208 * into it (see definition), so use a temporary. */
209 BignumInt tmplo = a[i];
210 DIVMOD_WORD(q, r, h, tmplo, m0);
212 /* Refine our estimate of q by looking at
213 h:a[i]:a[i+1] / m0:m1 */
215 if (t > ((BignumDblInt) r << BIGNUM_INT_BITS) + ai1) {
218 r = (r + m0) & BIGNUM_INT_MASK; /* overflow? */
219 if (r >= (BignumDblInt) m0 &&
220 t > ((BignumDblInt) r << BIGNUM_INT_BITS) + ai1) q--;
224 /* Subtract q * m from a[i...] */
226 for (k = mlen - 1; k >= 0; k--) {
227 t = MUL_WORD(q, m[k]);
229 c = (unsigned)(t >> BIGNUM_INT_BITS);
230 if ((BignumInt) t > a[i + k])
232 a[i + k] -= (BignumInt) t;
235 /* Add back m in case of borrow */
238 for (k = mlen - 1; k >= 0; k--) {
241 a[i + k] = (BignumInt) t;
242 t = t >> BIGNUM_INT_BITS;
247 internal_add_shifted(quot, q, qshift + BIGNUM_INT_BITS * (alen - mlen - i));
253 * The most significant word of mod MUST be non-zero.
254 * We assume that the result array is the same size as the mod array.
255 * We optionally write out a quotient if `quotient' is non-NULL.
256 * We can avoid writing out the result if `result' is NULL.
258 void bigdivmod(void *mem_ctx, Bignum p, Bignum mod, Bignum result, Bignum quotient)
262 int plen, mlen, i, j;
264 /* Allocate m of size mlen, copy mod to m */
265 /* We use big endian internally */
267 m = snewn(mem_ctx, mlen, BignumInt);
269 //abort(); /* FIXME */
270 for (j = 0; j < mlen; j++)
271 m[j] = mod[mod[0] - j];
273 /* Shift m left to make msb bit set */
274 for (mshift = 0; mshift < BIGNUM_INT_BITS-1; mshift++)
275 if ((m[0] << mshift) & BIGNUM_TOP_BIT)
278 for (i = 0; i < mlen - 1; i++)
279 m[i] = (m[i] << mshift) | (m[i + 1] >> (BIGNUM_INT_BITS - mshift));
280 m[mlen - 1] = m[mlen - 1] << mshift;
284 /* Ensure plen > mlen */
288 /* Allocate n of size plen, copy p to n */
289 n = snewn(mem_ctx, plen, BignumInt);
291 //abort(); /* FIXME */
292 for (j = 0; j < plen; j++)
294 for (j = 1; j <= (int)p[0]; j++)
297 /* Main computation */
298 internal_mod(n, plen, m, mlen, quotient, mshift);
300 /* Fixup result in case the modulus was shifted */
302 for (i = plen - mlen - 1; i < plen - 1; i++)
303 n[i] = (n[i] << mshift) | (n[i + 1] >> (BIGNUM_INT_BITS - mshift));
304 n[plen - 1] = n[plen - 1] << mshift;
305 internal_mod(n, plen, m, mlen, quotient, 0);
306 for (i = plen - 1; i >= plen - mlen; i--)
307 n[i] = (n[i] >> mshift) | (n[i - 1] << (BIGNUM_INT_BITS - mshift));
310 /* Copy result to buffer */
312 for (i = 1; i <= (int)result[0]; i++) {
314 result[i] = j >= 0 ? n[j] : 0;
318 /* Free temporary arrays */
319 for (i = 0; i < mlen; i++)
322 for (i = 0; i < plen; i++)
330 Bignum bigmod(void *mem_ctx, Bignum a, Bignum b)
332 Bignum r = newbn(mem_ctx, b[0]);
333 bigdivmod(mem_ctx, a, b, r, NULL);
338 * Compute (base ^ exp) % mod.
340 Bignum dwc_modpow(void *mem_ctx, Bignum base_in, Bignum exp, Bignum mod)
342 BignumInt *a, *b, *n, *m;
348 * The most significant word of mod needs to be non-zero. It
349 * should already be, but let's make sure.
351 //assert(mod[mod[0]] != 0);
354 * Make sure the base is smaller than the modulus, by reducing
355 * it modulo the modulus if not.
357 base = bigmod(mem_ctx, base_in, mod);
359 /* Allocate m of size mlen, copy mod to m */
360 /* We use big endian internally */
362 m = snewn(mem_ctx, mlen, BignumInt);
364 //abort(); /* FIXME */
365 for (j = 0; j < mlen; j++)
366 m[j] = mod[mod[0] - j];
368 /* Shift m left to make msb bit set */
369 for (mshift = 0; mshift < BIGNUM_INT_BITS - 1; mshift++)
370 if ((m[0] << mshift) & BIGNUM_TOP_BIT)
373 for (i = 0; i < mlen - 1; i++)
375 (m[i] << mshift) | (m[i + 1] >>
376 (BIGNUM_INT_BITS - mshift));
377 m[mlen - 1] = m[mlen - 1] << mshift;
380 /* Allocate n of size mlen, copy base to n */
381 n = snewn(mem_ctx, mlen, BignumInt);
383 //abort(); /* FIXME */
385 for (j = 0; j < i; j++)
387 for (j = 0; j < base[0]; j++)
388 n[i + j] = base[base[0] - j];
390 /* Allocate a and b of size 2*mlen. Set a = 1 */
391 a = snewn(mem_ctx, 2 * mlen, BignumInt);
393 //abort(); /* FIXME */
394 b = snewn(mem_ctx, 2 * mlen, BignumInt);
396 //abort(); /* FIXME */
397 for (i = 0; i < 2 * mlen; i++)
401 /* Skip leading zero bits of exp. */
403 j = BIGNUM_INT_BITS - 1;
404 while (i < exp[0] && (exp[exp[0] - i] & (1 << j)) == 0) {
408 j = BIGNUM_INT_BITS - 1;
412 /* Main computation */
415 internal_mul(a + mlen, a + mlen, b, mlen);
416 internal_mod(b, mlen * 2, m, mlen, NULL, 0);
417 if ((exp[exp[0] - i] & (1 << j)) != 0) {
418 internal_mul(b + mlen, n, a, mlen);
419 internal_mod(a, mlen * 2, m, mlen, NULL, 0);
429 j = BIGNUM_INT_BITS - 1;
432 /* Fixup result in case the modulus was shifted */
434 for (i = mlen - 1; i < 2 * mlen - 1; i++)
436 (a[i] << mshift) | (a[i + 1] >>
437 (BIGNUM_INT_BITS - mshift));
438 a[2 * mlen - 1] = a[2 * mlen - 1] << mshift;
439 internal_mod(a, mlen * 2, m, mlen, NULL, 0);
440 for (i = 2 * mlen - 1; i >= mlen; i--)
442 (a[i] >> mshift) | (a[i - 1] <<
443 (BIGNUM_INT_BITS - mshift));
446 /* Copy result to buffer */
447 result = newbn(mem_ctx, mod[0]);
448 for (i = 0; i < mlen; i++)
449 result[result[0] - i] = a[i + mlen];
450 while (result[0] > 1 && result[result[0]] == 0)
453 /* Free temporary arrays */
454 for (i = 0; i < 2 * mlen; i++)
457 for (i = 0; i < 2 * mlen; i++)
460 for (i = 0; i < mlen; i++)
463 for (i = 0; i < mlen; i++)
467 freebn(mem_ctx, base);
475 static __u32 dh_p[] = {
575 static __u32 dh_a[] = {
587 static __u32 dh_b[] = {
599 static __u32 dh_g[] = {
608 k = dwc_modpow(NULL, dh_g, dh_a, dh_p);
611 for (i=0; i<k[0]; i++) {
612 __u32 word32 = k[k[0] - i];
613 __u16 l = word32 & 0xffff;
614 __u16 m = (word32 & 0xffff0000) >> 16;
615 printf("%04x %04x ", m, l);
616 if (!((i + 1)%13)) printf("\n");
620 if ((k[0] == 0x60) && (k[1] == 0x28e490e5) && (k[0x60] == 0x5a0d3d4e)) {
629 #endif /* UNITTEST */
631 #endif /* CONFIG_MACH_IPMATE */
633 #endif /*DWC_CRYPTOLIB */
projects / firefly-linux-kernel-4.4.55.git / blob