tree checksum vpatch file split hunks
all signers: diana_coman
antecedents: eucrypt_genesis
press order:
eucrypt_genesis | diana_coman |
ch1_mpi | diana_coman |
patch:
(0 . 0)(1 . 676)
5
6 GNU GENERAL PUBLIC LICENSE
7 Version 3, 29 June 2007
8
9 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
10 Everyone is permitted to copy and distribute verbatim copies
11 of this license document, but changing it is not allowed.
12
13 Preamble
14
15 The GNU General Public License is a free, copyleft license for
16 software and other kinds of works.
17
18 The licenses for most software and other practical works are designed
19 to take away your freedom to share and change the works. By contrast,
20 the GNU General Public License is intended to guarantee your freedom to
21 share and change all versions of a program--to make sure it remains free
22 software for all its users. We, the Free Software Foundation, use the
23 GNU General Public License for most of our software; it applies also to
24 any other work released this way by its authors. You can apply it to
25 your programs, too.
26
27 When we speak of free software, we are referring to freedom, not
28 price. Our General Public Licenses are designed to make sure that you
29 have the freedom to distribute copies of free software (and charge for
30 them if you wish), that you receive source code or can get it if you
31 want it, that you can change the software or use pieces of it in new
32 free programs, and that you know you can do these things.
33
34 To protect your rights, we need to prevent others from denying you
35 these rights or asking you to surrender the rights. Therefore, you have
36 certain responsibilities if you distribute copies of the software, or if
37 you modify it: responsibilities to respect the freedom of others.
38
39 For example, if you distribute copies of such a program, whether
40 gratis or for a fee, you must pass on to the recipients the same
41 freedoms that you received. You must make sure that they, too, receive
42 or can get the source code. And you must show them these terms so they
43 know their rights.
44
45 Developers that use the GNU GPL protect your rights with two steps:
46 (1) assert copyright on the software, and (2) offer you this License
47 giving you legal permission to copy, distribute and/or modify it.
48
49 For the developers' and authors' protection, the GPL clearly explains
50 that there is no warranty for this free software. For both users' and
51 authors' sake, the GPL requires that modified versions be marked as
52 changed, so that their problems will not be attributed erroneously to
53 authors of previous versions.
54
55 Some devices are designed to deny users access to install or run
56 modified versions of the software inside them, although the manufacturer
57 can do so. This is fundamentally incompatible with the aim of
58 protecting users' freedom to change the software. The systematic
59 pattern of such abuse occurs in the area of products for individuals to
60 use, which is precisely where it is most unacceptable. Therefore, we
61 have designed this version of the GPL to prohibit the practice for those
62 products. If such problems arise substantially in other domains, we
63 stand ready to extend this provision to those domains in future versions
64 of the GPL, as needed to protect the freedom of users.
65
66 Finally, every program is threatened constantly by software patents.
67 States should not allow patents to restrict development and use of
68 software on general-purpose computers, but in those that do, we wish to
69 avoid the special danger that patents applied to a free program could
70 make it effectively proprietary. To prevent this, the GPL assures that
71 patents cannot be used to render the program non-free.
72
73 The precise terms and conditions for copying, distribution and
74 modification follow.
75
76 TERMS AND CONDITIONS
77
78 0. Definitions.
79
80 "This License" refers to version 3 of the GNU General Public License.
81
82 "Copyright" also means copyright-like laws that apply to other kinds of
83 works, such as semiconductor masks.
84
85 "The Program" refers to any copyrightable work licensed under this
86 License. Each licensee is addressed as "you". "Licensees" and
87 "recipients" may be individuals or organizations.
88
89 To "modify" a work means to copy from or adapt all or part of the work
90 in a fashion requiring copyright permission, other than the making of an
91 exact copy. The resulting work is called a "modified version" of the
92 earlier work or a work "based on" the earlier work.
93
94 A "covered work" means either the unmodified Program or a work based
95 on the Program.
96
97 To "propagate" a work means to do anything with it that, without
98 permission, would make you directly or secondarily liable for
99 infringement under applicable copyright law, except executing it on a
100 computer or modifying a private copy. Propagation includes copying,
101 distribution (with or without modification), making available to the
102 public, and in some countries other activities as well.
103
104 To "convey" a work means any kind of propagation that enables other
105 parties to make or receive copies. Mere interaction with a user through
106 a computer network, with no transfer of a copy, is not conveying.
107
108 An interactive user interface displays "Appropriate Legal Notices"
109 to the extent that it includes a convenient and prominently visible
110 feature that (1) displays an appropriate copyright notice, and (2)
111 tells the user that there is no warranty for the work (except to the
112 extent that warranties are provided), that licensees may convey the
113 work under this License, and how to view a copy of this License. If
114 the interface presents a list of user commands or options, such as a
115 menu, a prominent item in the list meets this criterion.
116
117 1. Source Code.
118
119 The "source code" for a work means the preferred form of the work
120 for making modifications to it. "Object code" means any non-source
121 form of a work.
122
123 A "Standard Interface" means an interface that either is an official
124 standard defined by a recognized standards body, or, in the case of
125 interfaces specified for a particular programming language, one that
126 is widely used among developers working in that language.
127
128 The "System Libraries" of an executable work include anything, other
129 than the work as a whole, that (a) is included in the normal form of
130 packaging a Major Component, but which is not part of that Major
131 Component, and (b) serves only to enable use of the work with that
132 Major Component, or to implement a Standard Interface for which an
133 implementation is available to the public in source code form. A
134 "Major Component", in this context, means a major essential component
135 (kernel, window system, and so on) of the specific operating system
136 (if any) on which the executable work runs, or a compiler used to
137 produce the work, or an object code interpreter used to run it.
138
139 The "Corresponding Source" for a work in object code form means all
140 the source code needed to generate, install, and (for an executable
141 work) run the object code and to modify the work, including scripts to
142 control those activities. However, it does not include the work's
143 System Libraries, or general-purpose tools or generally available free
144 programs which are used unmodified in performing those activities but
145 which are not part of the work. For example, Corresponding Source
146 includes interface definition files associated with source files for
147 the work, and the source code for shared libraries and dynamically
148 linked subprograms that the work is specifically designed to require,
149 such as by intimate data communication or control flow between those
150 subprograms and other parts of the work.
151
152 The Corresponding Source need not include anything that users
153 can regenerate automatically from other parts of the Corresponding
154 Source.
155
156 The Corresponding Source for a work in source code form is that
157 same work.
158
159 2. Basic Permissions.
160
161 All rights granted under this License are granted for the term of
162 copyright on the Program, and are irrevocable provided the stated
163 conditions are met. This License explicitly affirms your unlimited
164 permission to run the unmodified Program. The output from running a
165 covered work is covered by this License only if the output, given its
166 content, constitutes a covered work. This License acknowledges your
167 rights of fair use or other equivalent, as provided by copyright law.
168
169 You may make, run and propagate covered works that you do not
170 convey, without conditions so long as your license otherwise remains
171 in force. You may convey covered works to others for the sole purpose
172 of having them make modifications exclusively for you, or provide you
173 with facilities for running those works, provided that you comply with
174 the terms of this License in conveying all material for which you do
175 not control copyright. Those thus making or running the covered works
176 for you must do so exclusively on your behalf, under your direction
177 and control, on terms that prohibit them from making any copies of
178 your copyrighted material outside their relationship with you.
179
180 Conveying under any other circumstances is permitted solely under
181 the conditions stated below. Sublicensing is not allowed; section 10
182 makes it unnecessary.
183
184 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
185
186 No covered work shall be deemed part of an effective technological
187 measure under any applicable law fulfilling obligations under article
188 11 of the WIPO copyright treaty adopted on 20 December 1996, or
189 similar laws prohibiting or restricting circumvention of such
190 measures.
191
192 When you convey a covered work, you waive any legal power to forbid
193 circumvention of technological measures to the extent such circumvention
194 is effected by exercising rights under this License with respect to
195 the covered work, and you disclaim any intention to limit operation or
196 modification of the work as a means of enforcing, against the work's
197 users, your or third parties' legal rights to forbid circumvention of
198 technological measures.
199
200 4. Conveying Verbatim Copies.
201
202 You may convey verbatim copies of the Program's source code as you
203 receive it, in any medium, provided that you conspicuously and
204 appropriately publish on each copy an appropriate copyright notice;
205 keep intact all notices stating that this License and any
206 non-permissive terms added in accord with section 7 apply to the code;
207 keep intact all notices of the absence of any warranty; and give all
208 recipients a copy of this License along with the Program.
209
210 You may charge any price or no price for each copy that you convey,
211 and you may offer support or warranty protection for a fee.
212
213 5. Conveying Modified Source Versions.
214
215 You may convey a work based on the Program, or the modifications to
216 produce it from the Program, in the form of source code under the
217 terms of section 4, provided that you also meet all of these conditions:
218
219 a) The work must carry prominent notices stating that you modified
220 it, and giving a relevant date.
221
222 b) The work must carry prominent notices stating that it is
223 released under this License and any conditions added under section
224 7. This requirement modifies the requirement in section 4 to
225 "keep intact all notices".
226
227 c) You must license the entire work, as a whole, under this
228 License to anyone who comes into possession of a copy. This
229 License will therefore apply, along with any applicable section 7
230 additional terms, to the whole of the work, and all its parts,
231 regardless of how they are packaged. This License gives no
232 permission to license the work in any other way, but it does not
233 invalidate such permission if you have separately received it.
234
235 d) If the work has interactive user interfaces, each must display
236 Appropriate Legal Notices; however, if the Program has interactive
237 interfaces that do not display Appropriate Legal Notices, your
238 work need not make them do so.
239
240 A compilation of a covered work with other separate and independent
241 works, which are not by their nature extensions of the covered work,
242 and which are not combined with it such as to form a larger program,
243 in or on a volume of a storage or distribution medium, is called an
244 "aggregate" if the compilation and its resulting copyright are not
245 used to limit the access or legal rights of the compilation's users
246 beyond what the individual works permit. Inclusion of a covered work
247 in an aggregate does not cause this License to apply to the other
248 parts of the aggregate.
249
250 6. Conveying Non-Source Forms.
251
252 You may convey a covered work in object code form under the terms
253 of sections 4 and 5, provided that you also convey the
254 machine-readable Corresponding Source under the terms of this License,
255 in one of these ways:
256
257 a) Convey the object code in, or embodied in, a physical product
258 (including a physical distribution medium), accompanied by the
259 Corresponding Source fixed on a durable physical medium
260 customarily used for software interchange.
261
262 b) Convey the object code in, or embodied in, a physical product
263 (including a physical distribution medium), accompanied by a
264 written offer, valid for at least three years and valid for as
265 long as you offer spare parts or customer support for that product
266 model, to give anyone who possesses the object code either (1) a
267 copy of the Corresponding Source for all the software in the
268 product that is covered by this License, on a durable physical
269 medium customarily used for software interchange, for a price no
270 more than your reasonable cost of physically performing this
271 conveying of source, or (2) access to copy the
272 Corresponding Source from a network server at no charge.
273
274 c) Convey individual copies of the object code with a copy of the
275 written offer to provide the Corresponding Source. This
276 alternative is allowed only occasionally and noncommercially, and
277 only if you received the object code with such an offer, in accord
278 with subsection 6b.
279
280 d) Convey the object code by offering access from a designated
281 place (gratis or for a charge), and offer equivalent access to the
282 Corresponding Source in the same way through the same place at no
283 further charge. You need not require recipients to copy the
284 Corresponding Source along with the object code. If the place to
285 copy the object code is a network server, the Corresponding Source
286 may be on a different server (operated by you or a third party)
287 that supports equivalent copying facilities, provided you maintain
288 clear directions next to the object code saying where to find the
289 Corresponding Source. Regardless of what server hosts the
290 Corresponding Source, you remain obligated to ensure that it is
291 available for as long as needed to satisfy these requirements.
292
293 e) Convey the object code using peer-to-peer transmission, provided
294 you inform other peers where the object code and Corresponding
295 Source of the work are being offered to the general public at no
296 charge under subsection 6d.
297
298 A separable portion of the object code, whose source code is excluded
299 from the Corresponding Source as a System Library, need not be
300 included in conveying the object code work.
301
302 A "User Product" is either (1) a "consumer product", which means any
303 tangible personal property which is normally used for personal, family,
304 or household purposes, or (2) anything designed or sold for incorporation
305 into a dwelling. In determining whether a product is a consumer product,
306 doubtful cases shall be resolved in favor of coverage. For a particular
307 product received by a particular user, "normally used" refers to a
308 typical or common use of that class of product, regardless of the status
309 of the particular user or of the way in which the particular user
310 actually uses, or expects or is expected to use, the product. A product
311 is a consumer product regardless of whether the product has substantial
312 commercial, industrial or non-consumer uses, unless such uses represent
313 the only significant mode of use of the product.
314
315 "Installation Information" for a User Product means any methods,
316 procedures, authorization keys, or other information required to install
317 and execute modified versions of a covered work in that User Product from
318 a modified version of its Corresponding Source. The information must
319 suffice to ensure that the continued functioning of the modified object
320 code is in no case prevented or interfered with solely because
321 modification has been made.
322
323 If you convey an object code work under this section in, or with, or
324 specifically for use in, a User Product, and the conveying occurs as
325 part of a transaction in which the right of possession and use of the
326 User Product is transferred to the recipient in perpetuity or for a
327 fixed term (regardless of how the transaction is characterized), the
328 Corresponding Source conveyed under this section must be accompanied
329 by the Installation Information. But this requirement does not apply
330 if neither you nor any third party retains the ability to install
331 modified object code on the User Product (for example, the work has
332 been installed in ROM).
333
334 The requirement to provide Installation Information does not include a
335 requirement to continue to provide support service, warranty, or updates
336 for a work that has been modified or installed by the recipient, or for
337 the User Product in which it has been modified or installed. Access to a
338 network may be denied when the modification itself materially and
339 adversely affects the operation of the network or violates the rules and
340 protocols for communication across the network.
341
342 Corresponding Source conveyed, and Installation Information provided,
343 in accord with this section must be in a format that is publicly
344 documented (and with an implementation available to the public in
345 source code form), and must require no special password or key for
346 unpacking, reading or copying.
347
348 7. Additional Terms.
349
350 "Additional permissions" are terms that supplement the terms of this
351 License by making exceptions from one or more of its conditions.
352 Additional permissions that are applicable to the entire Program shall
353 be treated as though they were included in this License, to the extent
354 that they are valid under applicable law. If additional permissions
355 apply only to part of the Program, that part may be used separately
356 under those permissions, but the entire Program remains governed by
357 this License without regard to the additional permissions.
358
359 When you convey a copy of a covered work, you may at your option
360 remove any additional permissions from that copy, or from any part of
361 it. (Additional permissions may be written to require their own
362 removal in certain cases when you modify the work.) You may place
363 additional permissions on material, added by you to a covered work,
364 for which you have or can give appropriate copyright permission.
365
366 Notwithstanding any other provision of this License, for material you
367 add to a covered work, you may (if authorized by the copyright holders of
368 that material) supplement the terms of this License with terms:
369
370 a) Disclaiming warranty or limiting liability differently from the
371 terms of sections 15 and 16 of this License; or
372
373 b) Requiring preservation of specified reasonable legal notices or
374 author attributions in that material or in the Appropriate Legal
375 Notices displayed by works containing it; or
376
377 c) Prohibiting misrepresentation of the origin of that material, or
378 requiring that modified versions of such material be marked in
379 reasonable ways as different from the original version; or
380
381 d) Limiting the use for publicity purposes of names of licensors or
382 authors of the material; or
383
384 e) Declining to grant rights under trademark law for use of some
385 trade names, trademarks, or service marks; or
386
387 f) Requiring indemnification of licensors and authors of that
388 material by anyone who conveys the material (or modified versions of
389 it) with contractual assumptions of liability to the recipient, for
390 any liability that these contractual assumptions directly impose on
391 those licensors and authors.
392
393 All other non-permissive additional terms are considered "further
394 restrictions" within the meaning of section 10. If the Program as you
395 received it, or any part of it, contains a notice stating that it is
396 governed by this License along with a term that is a further
397 restriction, you may remove that term. If a license document contains
398 a further restriction but permits relicensing or conveying under this
399 License, you may add to a covered work material governed by the terms
400 of that license document, provided that the further restriction does
401 not survive such relicensing or conveying.
402
403 If you add terms to a covered work in accord with this section, you
404 must place, in the relevant source files, a statement of the
405 additional terms that apply to those files, or a notice indicating
406 where to find the applicable terms.
407
408 Additional terms, permissive or non-permissive, may be stated in the
409 form of a separately written license, or stated as exceptions;
410 the above requirements apply either way.
411
412 8. Termination.
413
414 You may not propagate or modify a covered work except as expressly
415 provided under this License. Any attempt otherwise to propagate or
416 modify it is void, and will automatically terminate your rights under
417 this License (including any patent licenses granted under the third
418 paragraph of section 11).
419
420 However, if you cease all violation of this License, then your
421 license from a particular copyright holder is reinstated (a)
422 provisionally, unless and until the copyright holder explicitly and
423 finally terminates your license, and (b) permanently, if the copyright
424 holder fails to notify you of the violation by some reasonable means
425 prior to 60 days after the cessation.
426
427 Moreover, your license from a particular copyright holder is
428 reinstated permanently if the copyright holder notifies you of the
429 violation by some reasonable means, this is the first time you have
430 received notice of violation of this License (for any work) from that
431 copyright holder, and you cure the violation prior to 30 days after
432 your receipt of the notice.
433
434 Termination of your rights under this section does not terminate the
435 licenses of parties who have received copies or rights from you under
436 this License. If your rights have been terminated and not permanently
437 reinstated, you do not qualify to receive new licenses for the same
438 material under section 10.
439
440 9. Acceptance Not Required for Having Copies.
441
442 You are not required to accept this License in order to receive or
443 run a copy of the Program. Ancillary propagation of a covered work
444 occurring solely as a consequence of using peer-to-peer transmission
445 to receive a copy likewise does not require acceptance. However,
446 nothing other than this License grants you permission to propagate or
447 modify any covered work. These actions infringe copyright if you do
448 not accept this License. Therefore, by modifying or propagating a
449 covered work, you indicate your acceptance of this License to do so.
450
451 10. Automatic Licensing of Downstream Recipients.
452
453 Each time you convey a covered work, the recipient automatically
454 receives a license from the original licensors, to run, modify and
455 propagate that work, subject to this License. You are not responsible
456 for enforcing compliance by third parties with this License.
457
458 An "entity transaction" is a transaction transferring control of an
459 organization, or substantially all assets of one, or subdividing an
460 organization, or merging organizations. If propagation of a covered
461 work results from an entity transaction, each party to that
462 transaction who receives a copy of the work also receives whatever
463 licenses to the work the party's predecessor in interest had or could
464 give under the previous paragraph, plus a right to possession of the
465 Corresponding Source of the work from the predecessor in interest, if
466 the predecessor has it or can get it with reasonable efforts.
467
468 You may not impose any further restrictions on the exercise of the
469 rights granted or affirmed under this License. For example, you may
470 not impose a license fee, royalty, or other charge for exercise of
471 rights granted under this License, and you may not initiate litigation
472 (including a cross-claim or counterclaim in a lawsuit) alleging that
473 any patent claim is infringed by making, using, selling, offering for
474 sale, or importing the Program or any portion of it.
475
476 11. Patents.
477
478 A "contributor" is a copyright holder who authorizes use under this
479 License of the Program or a work on which the Program is based. The
480 work thus licensed is called the contributor's "contributor version".
481
482 A contributor's "essential patent claims" are all patent claims
483 owned or controlled by the contributor, whether already acquired or
484 hereafter acquired, that would be infringed by some manner, permitted
485 by this License, of making, using, or selling its contributor version,
486 but do not include claims that would be infringed only as a
487 consequence of further modification of the contributor version. For
488 purposes of this definition, "control" includes the right to grant
489 patent sublicenses in a manner consistent with the requirements of
490 this License.
491
492 Each contributor grants you a non-exclusive, worldwide, royalty-free
493 patent license under the contributor's essential patent claims, to
494 make, use, sell, offer for sale, import and otherwise run, modify and
495 propagate the contents of its contributor version.
496
497 In the following three paragraphs, a "patent license" is any express
498 agreement or commitment, however denominated, not to enforce a patent
499 (such as an express permission to practice a patent or covenant not to
500 sue for patent infringement). To "grant" such a patent license to a
501 party means to make such an agreement or commitment not to enforce a
502 patent against the party.
503
504 If you convey a covered work, knowingly relying on a patent license,
505 and the Corresponding Source of the work is not available for anyone
506 to copy, free of charge and under the terms of this License, through a
507 publicly available network server or other readily accessible means,
508 then you must either (1) cause the Corresponding Source to be so
509 available, or (2) arrange to deprive yourself of the benefit of the
510 patent license for this particular work, or (3) arrange, in a manner
511 consistent with the requirements of this License, to extend the patent
512 license to downstream recipients. "Knowingly relying" means you have
513 actual knowledge that, but for the patent license, your conveying the
514 covered work in a country, or your recipient's use of the covered work
515 in a country, would infringe one or more identifiable patents in that
516 country that you have reason to believe are valid.
517
518 If, pursuant to or in connection with a single transaction or
519 arrangement, you convey, or propagate by procuring conveyance of, a
520 covered work, and grant a patent license to some of the parties
521 receiving the covered work authorizing them to use, propagate, modify
522 or convey a specific copy of the covered work, then the patent license
523 you grant is automatically extended to all recipients of the covered
524 work and works based on it.
525
526 A patent license is "discriminatory" if it does not include within
527 the scope of its coverage, prohibits the exercise of, or is
528 conditioned on the non-exercise of one or more of the rights that are
529 specifically granted under this License. You may not convey a covered
530 work if you are a party to an arrangement with a third party that is
531 in the business of distributing software, under which you make payment
532 to the third party based on the extent of your activity of conveying
533 the work, and under which the third party grants, to any of the
534 parties who would receive the covered work from you, a discriminatory
535 patent license (a) in connection with copies of the covered work
536 conveyed by you (or copies made from those copies), or (b) primarily
537 for and in connection with specific products or compilations that
538 contain the covered work, unless you entered into that arrangement,
539 or that patent license was granted, prior to 28 March 2007.
540
541 Nothing in this License shall be construed as excluding or limiting
542 any implied license or other defenses to infringement that may
543 otherwise be available to you under applicable patent law.
544
545 12. No Surrender of Others' Freedom.
546
547 If conditions are imposed on you (whether by court order, agreement or
548 otherwise) that contradict the conditions of this License, they do not
549 excuse you from the conditions of this License. If you cannot convey a
550 covered work so as to satisfy simultaneously your obligations under this
551 License and any other pertinent obligations, then as a consequence you may
552 not convey it at all. For example, if you agree to terms that obligate you
553 to collect a royalty for further conveying from those to whom you convey
554 the Program, the only way you could satisfy both those terms and this
555 License would be to refrain entirely from conveying the Program.
556
557 13. Use with the GNU Affero General Public License.
558
559 Notwithstanding any other provision of this License, you have
560 permission to link or combine any covered work with a work licensed
561 under version 3 of the GNU Affero General Public License into a single
562 combined work, and to convey the resulting work. The terms of this
563 License will continue to apply to the part which is the covered work,
564 but the special requirements of the GNU Affero General Public License,
565 section 13, concerning interaction through a network will apply to the
566 combination as such.
567
568 14. Revised Versions of this License.
569
570 The Free Software Foundation may publish revised and/or new versions of
571 the GNU General Public License from time to time. Such new versions will
572 be similar in spirit to the present version, but may differ in detail to
573 address new problems or concerns.
574
575 Each version is given a distinguishing version number. If the
576 Program specifies that a certain numbered version of the GNU General
577 Public License "or any later version" applies to it, you have the
578 option of following the terms and conditions either of that numbered
579 version or of any later version published by the Free Software
580 Foundation. If the Program does not specify a version number of the
581 GNU General Public License, you may choose any version ever published
582 by the Free Software Foundation.
583
584 If the Program specifies that a proxy can decide which future
585 versions of the GNU General Public License can be used, that proxy's
586 public statement of acceptance of a version permanently authorizes you
587 to choose that version for the Program.
588
589 Later license versions may give you additional or different
590 permissions. However, no additional obligations are imposed on any
591 author or copyright holder as a result of your choosing to follow a
592 later version.
593
594 15. Disclaimer of Warranty.
595
596 THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
597 APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
598 HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
599 OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
600 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
601 PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
602 IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
603 ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
604
605 16. Limitation of Liability.
606
607 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
608 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
609 THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
610 GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
611 USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
612 DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
613 PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
614 EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
615 SUCH DAMAGES.
616
617 17. Interpretation of Sections 15 and 16.
618
619 If the disclaimer of warranty and limitation of liability provided
620 above cannot be given local legal effect according to their terms,
621 reviewing courts shall apply local law that most closely approximates
622 an absolute waiver of all civil liability in connection with the
623 Program, unless a warranty or assumption of liability accompanies a
624 copy of the Program in return for a fee.
625
626 END OF TERMS AND CONDITIONS
627
628 How to Apply These Terms to Your New Programs
629
630 If you develop a new program, and you want it to be of the greatest
631 possible use to the public, the best way to achieve this is to make it
632 free software which everyone can redistribute and change under these terms.
633
634 To do so, attach the following notices to the program. It is safest
635 to attach them to the start of each source file to most effectively
636 state the exclusion of warranty; and each file should have at least
637 the "copyright" line and a pointer to where the full notice is found.
638
639 <one line to give the program's name and a brief idea of what it does.>
640 Copyright (C) <year> <name of author>
641
642 This program is free software: you can redistribute it and/or modify
643 it under the terms of the GNU General Public License as published by
644 the Free Software Foundation, either version 3 of the License, or
645 (at your option) any later version.
646
647 This program is distributed in the hope that it will be useful,
648 but WITHOUT ANY WARRANTY; without even the implied warranty of
649 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
650 GNU General Public License for more details.
651
652 You should have received a copy of the GNU General Public License
653 along with this program. If not, see <http://www.gnu.org/licenses/>.
654
655 Also add information on how to contact you by electronic and paper mail.
656
657 If the program does terminal interaction, make it output a short
658 notice like this when it starts in an interactive mode:
659
660 <program> Copyright (C) <year> <name of author>
661 This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
662 This is free software, and you are welcome to redistribute it
663 under certain conditions; type `show c' for details.
664
665 The hypothetical commands `show w' and `show c' should show the appropriate
666 parts of the General Public License. Of course, your program's commands
667 might be different; for a GUI interface, you would use an "about box".
668
669 You should also get your employer (if you work as a programmer) or school,
670 if any, to sign a "copyright disclaimer" for the program, if necessary.
671 For more information on this, and how to apply and follow the GNU GPL, see
672 <http://www.gnu.org/licenses/>.
673
674 The GNU General Public License does not permit incorporating your program
675 into proprietary programs. If your program is a subroutine library, you
676 may consider it more useful to permit linking proprietary applications with
677 the library. If this is what you want to do, use the GNU Lesser General
678 Public License instead of this License. But first, please read
679 <http://www.gnu.org/philosophy/why-not-lgpl.html>.
680
-(0 . 0)(1 . 26)
685 PROGRAM = mpi.a
686
687 BUILD=obj
688 DIST=bin
689
690 CXX = gcc
691 OBJECTS = $(addprefix $(BUILD)/, $(patsubst %.c,%.o,$(wildcard *.c)))
692 FLAGS = -g -Wall
693 INCLUDE = -I include
694
695 .SUFFIXES: .o .c
696
697 $(BUILD)/%.o:
698 $(CXX) $(FLAGS) $(INCLUDE) -c $*.c -o $@
699
700 all: $(PROGRAM)
701
702 $(PROGRAM): $(OBJECTS)
703 ar rcs $(DIST)/$(PROGRAM) $(OBJECTS)
704 #ld -o $(DIST)/$(PROGRAM).o $(OBJECTS) -lc
705
706 clean :
707 rm -rf nul core *flymake* $(BUILD)/*.o $(DIST)/$(PROGRAM) *~ bin/*
708
709 check-syntax:
710 $(CXX) -c $(FLAGS) $(INCLUDE) -o nul -Wall -S $(CHK_SOURCES)
- FE2917EF90A8E9DEB4D9F7450CBBC20FDF3CA9F76630B6956137B4648916E143C89F857E0BF0FDE968FD241F3049050EF7F146254A9E8DAEAD54FC0B720C7620(1 . 2)(1 . 86)
715 S.MG, 2017
716 What you see here is a very classic version of the GNU MPI (bignum) library.
717 It has been surgically removed from GnuPG 1.4.10, specifically as found at:
718
719 http://trilema.com/wp-content/uploads/2015/10/gnupg-1.4.10.tar.gz.asc
720
721 SHA512(gnupg-1.4.10.tar.gz) :
722 d037041d2e6882fd3b999500b5a7b42be2c224836afc358e1f8a2465c1b74473d518f185b7c324b2c8dec4ffb70e9e34a03c94d1a54cc55d297f40c9745f6e1b
723
724 DEMO:
725
726 1) make
727 2) cd tests
728 3) make
729 4) ./test_mpi
730 5) output is:
731 37A063D056817668C7AA3418F29
732 6) q: 'Waaaaaa, it barfed!'
733 a: You are probably using GCC 5 or LLVM. Stop.
734
735
736 CHANGES FROM ORIGINAL:
737
738 1) Everything pertaining to Automake was nuked, and the earth where it stood -
739 salted.
740
741 Instead, we now have a conventional Makefile. It builds precisely
742 ONE THING - a single 'mpi.a' library suitable for static linking into
743 another project. This will turn up in 'bin'.
744
745 Among other things, this now means that all KNOBS now reside in a
746 MANUALLY-controlled 'knobs.h' found in 'include'. If you are building
747 on some very peculiar unix, please read it and adjust as appropriate.
748 It contains ONLY those knobs which actually pertain to the code.
749
750 The Makefile contains a 'check-syntax' - users of Emacs and Flymake
751 will see proper error-highlighting.
752
753 2) ALL chip-specific ASM optimizations (including those found in longlong.h)
754 have been nuked.
755
756 3) GPG-specific cruft has been amputated to the extent practical.
757
758 The logging system has been retained, but it can be easily torn out,
759 which I may choose to do in the near future.
760
761 The I/O buffering system has been retained. I may choose to remove it
762 in the near future.
763
764 The 'secure memory' (unpageable alloc) system has been retained.
765
766 'Localization' and all related idiocies have been nuked.
767 Write hieroglyphs at home, leave them there, civilized folk
768 don't need'em in their source code.
769
770 4) Other code has been altered solely to the extent required by items
771 (1), (2), and (3).
772
773 Cruft which appears in dead #ifdefs may be removed in the future.
774 Don't get comfortable with it being there.
775
776 5) Readers who wish to know EXACTLY what I changed, should get a copy of the
777 original tarball and write a simple script involving 'find' and 'vdiff',
778 which sadly did not fit in the margins of this page.
779
780 6) To use the library, include 'include/mpi.h' in your project,
781 and statically link with 'bin/mpi.a'.
782
783 7) The original code was distributed under GPL 3, which may apply on
784 your planet and is therefore included. (See COPYING.)
785
786 ----------
787 UPDATE #1:
788 ----------
789
790 1) Abolished the logging subsystem inherited from GPG.
791
792 2) Abolished the I/O buffering subsystem, from same.
793
794 3) Eliminated all #ifdef blocks pertaining to RiscOS.
795
796 4) config.h is now knobs.h and is considerably shorter
797 on account of there now being a great many fewer knobs.
798
799 5) Eliminated certain blocks of dead code.
800
801 6) Inserted notice of modifications as specified in GPL-3
-(0 . 0)(1 . 1)
806 bin folder for mpi lib
-(0 . 0)(1 . 75)
811 /* knobs.h -- Originally generated from config.h.in by autoconf.
812 * But there is no more autoconf in this project.
813 *
814 * No Such Labs. (C) 2015. See README.
815 *
816 * This program is free software: you can redistribute it and/or modify
817 * it under the terms of the GNU General Public License as published by
818 * the Free Software Foundation, either version 3 of the License, or
819 * (at your option) any later version.
820 *
821 * This program is distributed in the hope that it will be useful,
822 * but WITHOUT ANY WARRANTY; without even the implied warranty of
823 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
824 * GNU General Public License for more details.
825 *
826 * You should have received a copy of the GNU General Public License
827 * along with this program. If not, see <http://www.gnu.org/licenses/>.
828 */
829
830 #ifndef GNUPG_CONFIG_H_INCLUDED
831 #define GNUPG_CONFIG_H_INCLUDED
832
833 /* Report memory usage. */
834 //#define M_DEBUG 1
835
836 /* Define to 1 if you have the `atexit' function. */
837 #define HAVE_ATEXIT 1
838
839 /* Defined if the mlock() call does not work */
840 /* #undef HAVE_BROKEN_MLOCK */
841
842 /* Defined if a `byte' is typedef'd */
843 /* #undef HAVE_BYTE_TYPEDEF */
844
845 /* defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2)
846 with special properties like no file modes */
847 /* #undef HAVE_DOSISH_SYSTEM */
848
849 /* Define to 1 if you have the `getpagesize' function. */
850 #define HAVE_GETPAGESIZE 1
851
852 /* Define to 1 if you have the <inttypes.h> header file. */
853 #define HAVE_INTTYPES_H 1
854
855 /* Define to 1 if you have the `memmove' function. */
856 #define HAVE_MEMMOVE 1
857
858 /* Defined if the system supports an mlock() call */
859 #define HAVE_MLOCK 1
860
861 /* Define to 1 if you have the `mmap' function. */
862 #define HAVE_MMAP 1
863
864 /* Define to 1 if you have the `plock' function. */
865 /* #undef HAVE_PLOCK */
866
867 /* Define to 1 if you have the `raise' function. */
868 #define HAVE_RAISE 1
869
870 /* Define to 1 if you have the `sysconf' function. */
871 #define HAVE_SYSCONF 1
872
873 /* Defined if a `u16' is typedef'd */
874 /* #undef HAVE_U16_TYPEDEF */
875
876 /* Defined if a `u32' is typedef'd */
877 /* #undef HAVE_U32_TYPEDEF */
878
879 /* Defined if a `ulong' is typedef'd */
880 #define HAVE_ULONG_TYPEDEF 1
881
882 /* Defined if a `ushort' is typedef'd */
883 #define HAVE_USHORT_TYPEDEF 1
884
885 #endif /*GNUPG_CONFIG_H_INCLUDED*/
-(0 . 0)(1 . 226)
890 /* longlong.h -- definitions for mixed size 32/64 bit arithmetic.
891 * Modified by No Such Labs. (C) 2015. See README.
892 *
893 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
894 * SHA256(gnupg-1.4.10.tar.gz):
895 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
896 * (C) 1994-2005 Free Software Foundation, Inc.
897 *
898 * This program is free software: you can redistribute it and/or modify
899 * it under the terms of the GNU General Public License as published by
900 * the Free Software Foundation, either version 3 of the License, or
901 * (at your option) any later version.
902 *
903 * This program is distributed in the hope that it will be useful,
904 * but WITHOUT ANY WARRANTY; without even the implied warranty of
905 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
906 * GNU General Public License for more details.
907 *
908 * You should have received a copy of the GNU General Public License
909 * along with this program. If not, see <http://www.gnu.org/licenses/>.
910 */
911
912 /* You have to define the following before including this file:
913
914 UWtype -- An unsigned type, default type for operations (typically a "word")
915 UHWtype -- An unsigned type, at least half the size of UWtype.
916 UDWtype -- An unsigned type, at least twice as large a UWtype
917 W_TYPE_SIZE -- size in bits of UWtype
918
919 SItype, USItype -- Signed and unsigned 32 bit types.
920 DItype, UDItype -- Signed and unsigned 64 bit types.
921
922 On a 32 bit machine UWtype should typically be USItype;
923 on a 64 bit machine, UWtype should typically be UDItype.
924 */
925
926 #define __BITS4 (W_TYPE_SIZE / 4)
927 #define __ll_B ((UWtype) 1 << (W_TYPE_SIZE / 2))
928 #define __ll_lowpart(t) ((UWtype) (t) & (__ll_B - 1))
929 #define __ll_highpart(t) ((UWtype) (t) >> (W_TYPE_SIZE / 2))
930
931 /* This is used to make sure no undesirable sharing between different libraries
932 that use this file takes place. */
933 #ifndef __MPN
934 #define __MPN(x) __##x
935 #endif
936
937 /***************************************
938 *********** Generic Versions ********
939 ***************************************/
940 #if !defined (umul_ppmm) && defined (__umulsidi3)
941 #define umul_ppmm(ph, pl, m0, m1) \
942 { \
943 UDWtype __ll = __umulsidi3 (m0, m1); \
944 ph = (UWtype) (__ll >> W_TYPE_SIZE); \
945 pl = (UWtype) __ll; \
946 }
947 #endif
948
949 #if !defined (__umulsidi3)
950 #define __umulsidi3(u, v) \
951 ({UWtype __hi, __lo; \
952 umul_ppmm (__hi, __lo, u, v); \
953 ((UDWtype) __hi << W_TYPE_SIZE) | __lo; })
954 #endif
955
956 /* If this machine has no inline assembler, use C macros. */
957
958 #if !defined (add_ssaaaa)
959 #define add_ssaaaa(sh, sl, ah, al, bh, bl) \
960 do { \
961 UWtype __x; \
962 __x = (al) + (bl); \
963 (sh) = (ah) + (bh) + (__x < (al)); \
964 (sl) = __x; \
965 } while (0)
966 #endif
967
968 #if !defined (sub_ddmmss)
969 #define sub_ddmmss(sh, sl, ah, al, bh, bl) \
970 do { \
971 UWtype __x; \
972 __x = (al) - (bl); \
973 (sh) = (ah) - (bh) - (__x > (al)); \
974 (sl) = __x; \
975 } while (0)
976 #endif
977
978 #if !defined (umul_ppmm)
979 #define umul_ppmm(w1, w0, u, v) \
980 do { \
981 UWtype __x0, __x1, __x2, __x3; \
982 UHWtype __ul, __vl, __uh, __vh; \
983 UWtype __u = (u), __v = (v); \
984 \
985 __ul = __ll_lowpart (__u); \
986 __uh = __ll_highpart (__u); \
987 __vl = __ll_lowpart (__v); \
988 __vh = __ll_highpart (__v); \
989 \
990 __x0 = (UWtype) __ul * __vl; \
991 __x1 = (UWtype) __ul * __vh; \
992 __x2 = (UWtype) __uh * __vl; \
993 __x3 = (UWtype) __uh * __vh; \
994 \
995 __x1 += __ll_highpart (__x0);/* this can't give carry */ \
996 __x1 += __x2; /* but this indeed can */ \
997 if (__x1 < __x2) /* did we get it? */ \
998 __x3 += __ll_B; /* yes, add it in the proper pos. */ \
999 \
1000 (w1) = __x3 + __ll_highpart (__x1); \
1001 (w0) = (__ll_lowpart (__x1) << W_TYPE_SIZE/2) + __ll_lowpart (__x0);\
1002 } while (0)
1003 #endif
1004
1005 #if !defined (umul_ppmm)
1006 #define smul_ppmm(w1, w0, u, v) \
1007 do { \
1008 UWtype __w1; \
1009 UWtype __m0 = (u), __m1 = (v); \
1010 umul_ppmm (__w1, w0, __m0, __m1); \
1011 (w1) = __w1 - (-(__m0 >> (W_TYPE_SIZE - 1)) & __m1) \
1012 - (-(__m1 >> (W_TYPE_SIZE - 1)) & __m0); \
1013 } while (0)
1014 #endif
1015
1016 /* Define this unconditionally, so it can be used for debugging. */
1017 #define __udiv_qrnnd_c(q, r, n1, n0, d) \
1018 do { \
1019 UWtype __d1, __d0, __q1, __q0, __r1, __r0, __m; \
1020 __d1 = __ll_highpart (d); \
1021 __d0 = __ll_lowpart (d); \
1022 \
1023 __r1 = (n1) % __d1; \
1024 __q1 = (n1) / __d1; \
1025 __m = (UWtype) __q1 * __d0; \
1026 __r1 = __r1 * __ll_B | __ll_highpart (n0); \
1027 if (__r1 < __m) \
1028 { \
1029 __q1--, __r1 += (d); \
1030 if (__r1 >= (d)) /* i.e. we didn't get carry when adding to __r1 */\
1031 if (__r1 < __m) \
1032 __q1--, __r1 += (d); \
1033 } \
1034 __r1 -= __m; \
1035 \
1036 __r0 = __r1 % __d1; \
1037 __q0 = __r1 / __d1; \
1038 __m = (UWtype) __q0 * __d0; \
1039 __r0 = __r0 * __ll_B | __ll_lowpart (n0); \
1040 if (__r0 < __m) \
1041 { \
1042 __q0--, __r0 += (d); \
1043 if (__r0 >= (d)) \
1044 if (__r0 < __m) \
1045 __q0--, __r0 += (d); \
1046 } \
1047 __r0 -= __m; \
1048 \
1049 (q) = (UWtype) __q1 * __ll_B | __q0; \
1050 (r) = __r0; \
1051 } while (0)
1052
1053 /* If the processor has no udiv_qrnnd but sdiv_qrnnd, go through
1054 __udiv_w_sdiv (defined in libgcc or elsewhere). */
1055 #if !defined (udiv_qrnnd) && defined (sdiv_qrnnd)
1056 #define udiv_qrnnd(q, r, nh, nl, d) \
1057 do { \
1058 UWtype __r; \
1059 (q) = __MPN(udiv_w_sdiv) (&__r, nh, nl, d); \
1060 (r) = __r; \
1061 } while (0)
1062 #endif
1063
1064 /* If udiv_qrnnd was not defined for this processor, use __udiv_qrnnd_c. */
1065 #if !defined (udiv_qrnnd)
1066 #define UDIV_NEEDS_NORMALIZATION 1
1067 #define udiv_qrnnd __udiv_qrnnd_c
1068 #endif
1069
1070 #if !defined (count_leading_zeros)
1071 extern
1072 #ifdef __STDC__
1073 const
1074 #endif
1075 unsigned char __clz_tab[];
1076 #define MPI_INTERNAL_NEED_CLZ_TAB 1
1077 #define count_leading_zeros(count, x) \
1078 do { \
1079 UWtype __xr = (x); \
1080 UWtype __a; \
1081 \
1082 if (W_TYPE_SIZE <= 32) \
1083 { \
1084 __a = __xr < ((UWtype) 1 << 2*__BITS4) \
1085 ? (__xr < ((UWtype) 1 << __BITS4) ? 0 : __BITS4) \
1086 : (__xr < ((UWtype) 1 << 3*__BITS4) ? 2*__BITS4 : 3*__BITS4);\
1087 } \
1088 else \
1089 { \
1090 for (__a = W_TYPE_SIZE - 8; __a > 0; __a -= 8) \
1091 if (((__xr >> __a) & 0xff) != 0) \
1092 break; \
1093 } \
1094 \
1095 (count) = W_TYPE_SIZE - (__clz_tab[__xr >> __a] + __a); \
1096 } while (0)
1097 /* This version gives a well-defined value for zero. */
1098 #define COUNT_LEADING_ZEROS_0 W_TYPE_SIZE
1099 #endif
1100
1101 #if !defined (count_trailing_zeros)
1102 /* Define count_trailing_zeros using count_leading_zeros. The latter might be
1103 defined in asm, but if it is not, the C version above is good enough. */
1104 #define count_trailing_zeros(count, x) \
1105 do { \
1106 UWtype __ctz_x = (x); \
1107 UWtype __ctz_c; \
1108 count_leading_zeros (__ctz_c, __ctz_x & -__ctz_x); \
1109 (count) = W_TYPE_SIZE - 1 - __ctz_c; \
1110 } while (0)
1111 #endif
1112
1113 #ifndef UDIV_NEEDS_NORMALIZATION
1114 #define UDIV_NEEDS_NORMALIZATION 0
1115 #endif
-(0 . 0)(1 . 103)
1120 /* memory.h - memory allocation
1121 * Modified by No Such Labs. (C) 2015. See README.
1122 *
1123 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
1124 * SHA256(gnupg-1.4.10.tar.gz):
1125 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
1126 * (C) 1994-2005 Free Software Foundation, Inc.
1127 *
1128 * This program is free software: you can redistribute it and/or modify
1129 * it under the terms of the GNU General Public License as published by
1130 * the Free Software Foundation, either version 3 of the License, or
1131 * (at your option) any later version.
1132 *
1133 * This program is distributed in the hope that it will be useful,
1134 * but WITHOUT ANY WARRANTY; without even the implied warranty of
1135 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1136 * GNU General Public License for more details.
1137 *
1138 * You should have received a copy of the GNU General Public License
1139 * along with this program. If not, see <http://www.gnu.org/licenses/>.
1140 */
1141
1142 #ifndef G10_MEMORY_H
1143 #define G10_MEMORY_H
1144
1145 #ifdef M_DEBUG
1146
1147 #ifndef STR
1148 #define STR(v) #v
1149 #endif
1150
1151 #define M_DBGINFO(a) __FUNCTION__ "["__FILE__ ":" STR(a) "]"
1152
1153 #define xmalloc(n) m_debug_alloc((n), M_DBGINFO( __LINE__ ) )
1154 #define xtrymalloc(n) m_debug_trymalloc ((n), M_DBGINFO( __LINE__ ))
1155 #define xmalloc_clear(n) m_debug_alloc_clear((n), M_DBGINFO(__LINE__) )
1156 #define xmalloc_secure(n) m_debug_alloc_secure(n), M_DBGINFO(__LINE__) )
1157 #define xmalloc_secure_clear(n) m_debug_alloc_secure_clear((n), M_DBGINFO(__LINE__) )
1158 #define xrealloc(n,m) m_debug_realloc((n),(m), M_DBGINFO(__LINE__) )
1159 #define xfree(n) m_debug_free((n), M_DBGINFO(__LINE__) )
1160 #define m_check(n) m_debug_check((n), M_DBGINFO(__LINE__) )
1161 /*#define m_copy(a) m_debug_copy((a), M_DBGINFO(__LINE__) )*/
1162 #define xstrdup(a) m_debug_strdup((a), M_DBGINFO(__LINE__) )
1163 #define xtrystrdup(a) m_debug_trystrdup((a), M_DBGINFO(__LINE__) )
1164
1165 void *m_debug_alloc( size_t n, const char *info );
1166 void *m_debug_trymalloc (size_t n, const char *info);
1167 void *m_debug_alloc_clear( size_t n, const char *info );
1168 void *m_debug_alloc_secure( size_t n, const char *info );
1169 void *m_debug_alloc_secure_clear( size_t n, const char *info );
1170 void *m_debug_realloc( void *a, size_t n, const char *info );
1171 void m_debug_free( void *p, const char *info );
1172 void m_debug_check( const void *a, const char *info );
1173 /*void *m_debug_copy( const void *a, const char *info );*/
1174 char *m_debug_strdup( const char *a, const char *info );
1175 char *m_debug_trystrdup (const char *a, const char *info);
1176
1177 #else
1178 void *xmalloc( size_t n );
1179 void *xtrymalloc (size_t n);
1180 void *xmalloc_clear( size_t n );
1181 void *xmalloc_secure( size_t n );
1182 void *xmalloc_secure_clear( size_t n );
1183 void *xrealloc( void *a, size_t n );
1184 void xfree( void *p );
1185 void m_check( const void *a );
1186 /*void *m_copy( const void *a );*/
1187 char *xstrdup( const char * a);
1188 char *xtrystrdup (const char *a);
1189 #endif
1190
1191 size_t m_size( const void *a );
1192 void m_print_stats(const char *prefix);
1193
1194 /* The follwing functions should be preferred over xmalloc_clear. */
1195 void *xcalloc (size_t n, size_t m);
1196 void *xcalloc_secure (size_t n, size_t m);
1197
1198
1199 /*-- secmem.c --*/
1200 int secmem_init( size_t npool );
1201 void secmem_term( void );
1202 void *secmem_malloc( size_t size );
1203 void *secmexrealloc( void *a, size_t newsize );
1204 void secmem_free( void *a );
1205 int m_is_secure( const void *p );
1206 void secmem_dump_stats(void);
1207 void secmem_set_flags( unsigned flags );
1208 unsigned secmem_get_flags(void);
1209
1210
1211 #define DBG_MEMORY memory_debug_mode
1212 #define DBG_MEMSTAT memory_stat_debug_mode
1213
1214 #ifndef EXTERN_UNLESS_MAIN_MODULE
1215 #define EXTERN_UNLESS_MAIN_MODULE
1216 #endif
1217 EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
1218 EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
1219
1220
1221
1222 #endif /*G10_MEMORY_H*/
-(0 . 0)(1 . 121)
1227 /* mpi-inline.h - Internal to the Multi Precision Integers
1228 * Modified by No Such Labs. (C) 2015. See README.
1229 *
1230 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
1231 * SHA256(gnupg-1.4.10.tar.gz):
1232 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
1233 * (C) 1994-2005 Free Software Foundation, Inc.
1234 *
1235 * This program is free software: you can redistribute it and/or modify
1236 * it under the terms of the GNU General Public License as published by
1237 * the Free Software Foundation, either version 3 of the License, or
1238 * (at your option) any later version.
1239 *
1240 * This program is distributed in the hope that it will be useful,
1241 * but WITHOUT ANY WARRANTY; without even the implied warranty of
1242 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1243 * GNU General Public License for more details.
1244 *
1245 * You should have received a copy of the GNU General Public License
1246 * along with this program. If not, see <http://www.gnu.org/licenses/>.
1247 */
1248
1249 #ifndef G10_MPI_INLINE_H
1250 #define G10_MPI_INLINE_H
1251
1252 #ifndef G10_MPI_INLINE_DECL
1253 #define G10_MPI_INLINE_DECL extern __inline__
1254 #endif
1255
1256 G10_MPI_INLINE_DECL mpi_limb_t
1257 mpihelp_add_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1258 mpi_size_t s1_size, mpi_limb_t s2_limb)
1259 {
1260 mpi_limb_t x;
1261
1262 x = *s1_ptr++;
1263 s2_limb += x;
1264 *res_ptr++ = s2_limb;
1265 if( s2_limb < x ) { /* sum is less than the left operand: handle carry */
1266 while( --s1_size ) {
1267 x = *s1_ptr++ + 1; /* add carry */
1268 *res_ptr++ = x; /* and store */
1269 if( x ) /* not 0 (no overflow): we can stop */
1270 goto leave;
1271 }
1272 return 1; /* return carry (size of s1 to small) */
1273 }
1274
1275 leave:
1276 if( res_ptr != s1_ptr ) { /* not the same variable */
1277 mpi_size_t i; /* copy the rest */
1278 for( i=0; i < s1_size-1; i++ )
1279 res_ptr[i] = s1_ptr[i];
1280 }
1281 return 0; /* no carry */
1282 }
1283
1284
1285
1286 G10_MPI_INLINE_DECL mpi_limb_t
1287 mpihelp_add(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
1288 mpi_ptr_t s2_ptr, mpi_size_t s2_size)
1289 {
1290 mpi_limb_t cy = 0;
1291
1292 if( s2_size )
1293 cy = mpihelp_add_n( res_ptr, s1_ptr, s2_ptr, s2_size );
1294
1295 if( s1_size - s2_size )
1296 cy = mpihelp_add_1( res_ptr + s2_size, s1_ptr + s2_size,
1297 s1_size - s2_size, cy);
1298 return cy;
1299 }
1300
1301
1302 G10_MPI_INLINE_DECL mpi_limb_t
1303 mpihelp_sub_1(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1304 mpi_size_t s1_size, mpi_limb_t s2_limb )
1305 {
1306 mpi_limb_t x;
1307
1308 x = *s1_ptr++;
1309 s2_limb = x - s2_limb;
1310 *res_ptr++ = s2_limb;
1311 if( s2_limb > x ) {
1312 while( --s1_size ) {
1313 x = *s1_ptr++;
1314 *res_ptr++ = x - 1;
1315 if( x )
1316 goto leave;
1317 }
1318 return 1;
1319 }
1320
1321 leave:
1322 if( res_ptr != s1_ptr ) {
1323 mpi_size_t i;
1324 for( i=0; i < s1_size-1; i++ )
1325 res_ptr[i] = s1_ptr[i];
1326 }
1327 return 0;
1328 }
1329
1330
1331
1332 G10_MPI_INLINE_DECL mpi_limb_t
1333 mpihelp_sub( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
1334 mpi_ptr_t s2_ptr, mpi_size_t s2_size)
1335 {
1336 mpi_limb_t cy = 0;
1337
1338 if( s2_size )
1339 cy = mpihelp_sub_n(res_ptr, s1_ptr, s2_ptr, s2_size);
1340
1341 if( s1_size - s2_size )
1342 cy = mpihelp_sub_1(res_ptr + s2_size, s1_ptr + s2_size,
1343 s1_size - s2_size, cy);
1344 return cy;
1345 }
1346
1347 #endif /*G10_MPI_INLINE_H*/
-(0 . 0)(1 . 286)
1352 /* mpi-internal.h - Internal to the Multi Precision Integers
1353 * Modified by No Such Labs. (C) 2015. See README.
1354 *
1355 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
1356 * SHA256(gnupg-1.4.10.tar.gz):
1357 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
1358 * (C) 1994-2005 Free Software Foundation, Inc.
1359 *
1360 * This program is free software: you can redistribute it and/or modify
1361 * it under the terms of the GNU General Public License as published by
1362 * the Free Software Foundation, either version 3 of the License, or
1363 * (at your option) any later version.
1364 *
1365 * This program is distributed in the hope that it will be useful,
1366 * but WITHOUT ANY WARRANTY; without even the implied warranty of
1367 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1368 * GNU General Public License for more details.
1369 *
1370 * You should have received a copy of the GNU General Public License
1371 * along with this program. If not, see <http://www.gnu.org/licenses/>.
1372 */
1373
1374 #ifndef G10_MPI_INTERNAL_H
1375 #define G10_MPI_INTERNAL_H
1376
1377 #include "mpi.h"
1378
1379 /* from the old mpi-asm-defs.h */
1380 #define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG)
1381
1382 #if BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_INT
1383 typedef unsigned int mpi_limb_t;
1384 typedef signed int mpi_limb_signed_t;
1385 #elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG
1386 typedef unsigned long int mpi_limb_t;
1387 typedef signed long int mpi_limb_signed_t;
1388 #elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG_LONG
1389 typedef unsigned long long int mpi_limb_t;
1390 typedef signed long long int mpi_limb_signed_t;
1391 #elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_SHORT
1392 typedef unsigned short int mpi_limb_t;
1393 typedef signed short int mpi_limb_signed_t;
1394 #else
1395 #error BYTES_PER_MPI_LIMB does not match any C type
1396 #endif
1397 #define BITS_PER_MPI_LIMB (8*BYTES_PER_MPI_LIMB)
1398
1399
1400 struct gcry_mpi {
1401 int alloced; /* array size (# of allocated limbs) */
1402 int nlimbs; /* number of valid limbs */
1403 unsigned int nbits; /* the real number of valid bits (info only) */
1404 int sign; /* indicates a negative number */
1405 unsigned flags; /* bit 0: array must be allocated in secure memory space */
1406 /* bit 1: not used */
1407 /* bit 2: the limb is a pointer to some xmalloced data */
1408 mpi_limb_t *d; /* array with the limbs */
1409 };
1410
1411
1412
1413 /* If KARATSUBA_THRESHOLD is not already defined, define it to a
1414 * value which is good on most machines. */
1415
1416 /* tested 4, 16, 32 and 64, where 16 gave the best performance when
1417 * checking a 768 and a 1024 bit ElGamal signature.
1418 * (wk 22.12.97) */
1419 #ifndef KARATSUBA_THRESHOLD
1420 #define KARATSUBA_THRESHOLD 16
1421 #endif
1422
1423 /* The code can't handle KARATSUBA_THRESHOLD smaller than 2. */
1424 #if KARATSUBA_THRESHOLD < 2
1425 #undef KARATSUBA_THRESHOLD
1426 #define KARATSUBA_THRESHOLD 2
1427 #endif
1428
1429
1430 typedef mpi_limb_t *mpi_ptr_t; /* pointer to a limb */
1431 typedef int mpi_size_t; /* (must be a signed type) */
1432
1433 #define ABS(x) (x >= 0 ? x : -x)
1434 #define MIN(l,o) ((l) < (o) ? (l) : (o))
1435 #define MAX(h,i) ((h) > (i) ? (h) : (i))
1436 #define RESIZE_IF_NEEDED(a,b) \
1437 do { \
1438 if( (a)->alloced < (b) ) \
1439 mpi_resize((a), (b)); \
1440 } while(0)
1441
1442 /* Copy N limbs from S to D. */
1443 #define MPN_COPY( d, s, n) \
1444 do { \
1445 mpi_size_t _i; \
1446 for( _i = 0; _i < (n); _i++ ) \
1447 (d)[_i] = (s)[_i]; \
1448 } while(0)
1449
1450 #define MPN_COPY_INCR( d, s, n) \
1451 do { \
1452 mpi_size_t _i; \
1453 for( _i = 0; _i < (n); _i++ ) \
1454 (d)[_i] = (d)[_i]; \
1455 } while (0)
1456
1457 #define MPN_COPY_DECR( d, s, n ) \
1458 do { \
1459 mpi_size_t _i; \
1460 for( _i = (n)-1; _i >= 0; _i--) \
1461 (d)[_i] = (s)[_i]; \
1462 } while(0)
1463
1464 /* Zero N limbs at D */
1465 #define MPN_ZERO(d, n) \
1466 do { \
1467 int _i; \
1468 for( _i = 0; _i < (n); _i++ ) \
1469 (d)[_i] = 0; \
1470 } while (0)
1471
1472 #define MPN_NORMALIZE(d, n) \
1473 do { \
1474 while( (n) > 0 ) { \
1475 if( (d)[(n)-1] ) \
1476 break; \
1477 (n)--; \
1478 } \
1479 } while(0)
1480
1481 #define MPN_NORMALIZE_NOT_ZERO(d, n) \
1482 do { \
1483 for(;;) { \
1484 if( (d)[(n)-1] ) \
1485 break; \
1486 (n)--; \
1487 } \
1488 } while(0)
1489
1490 #define MPN_MUL_N_RECURSE(prodp, up, vp, size, tspace) \
1491 do { \
1492 if( (size) < KARATSUBA_THRESHOLD ) \
1493 mul_n_basecase (prodp, up, vp, size); \
1494 else \
1495 mul_n (prodp, up, vp, size, tspace); \
1496 } while (0);
1497
1498
1499 /* Divide the two-limb number in (NH,,NL) by D, with DI being the largest
1500 * limb not larger than (2**(2*BITS_PER_MP_LIMB))/D - (2**BITS_PER_MP_LIMB).
1501 * If this would yield overflow, DI should be the largest possible number
1502 * (i.e., only ones). For correct operation, the most significant bit of D
1503 * has to be set. Put the quotient in Q and the remainder in R.
1504 */
1505 #define UDIV_QRNND_PREINV(q, r, nh, nl, d, di) \
1506 do { \
1507 mpi_limb_t _q, _ql, _r; \
1508 mpi_limb_t _xh, _xl; \
1509 umul_ppmm (_q, _ql, (nh), (di)); \
1510 _q += (nh); /* DI is 2**BITS_PER_MPI_LIMB too small */ \
1511 umul_ppmm (_xh, _xl, _q, (d)); \
1512 sub_ddmmss (_xh, _r, (nh), (nl), _xh, _xl); \
1513 if( _xh ) { \
1514 sub_ddmmss (_xh, _r, _xh, _r, 0, (d)); \
1515 _q++; \
1516 if( _xh) { \
1517 sub_ddmmss (_xh, _r, _xh, _r, 0, (d)); \
1518 _q++; \
1519 } \
1520 } \
1521 if( _r >= (d) ) { \
1522 _r -= (d); \
1523 _q++; \
1524 } \
1525 (r) = _r; \
1526 (q) = _q; \
1527 } while (0)
1528
1529
1530 /*-- mpiutil.c --*/
1531 #ifdef M_DEBUG
1532 #define mpi_alloc_limb_space(n,f) mpi_debug_alloc_limb_space((n),(f), M_DBGINFO( __LINE__ ) )
1533 #define mpi_free_limb_space(n) mpi_debug_free_limb_space((n), M_DBGINFO( __LINE__ ) )
1534 mpi_ptr_t mpi_debug_alloc_limb_space( unsigned nlimbs, int sec, const char *info );
1535 void mpi_debug_free_limb_space( mpi_ptr_t a, const char *info );
1536 #else
1537 mpi_ptr_t mpi_alloc_limb_space( unsigned nlimbs, int sec );
1538 void mpi_free_limb_space( mpi_ptr_t a );
1539 #endif
1540 void mpi_assign_limb_space( MPI a, mpi_ptr_t ap, unsigned nlimbs );
1541
1542 /*-- mpi-bit.c --*/
1543 void mpi_rshift_limbs( MPI a, unsigned int count );
1544 void mpi_lshift_limbs( MPI a, unsigned int count );
1545
1546
1547 /*-- mpihelp-add.c --*/
1548 mpi_limb_t mpihelp_add_1(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1549 mpi_size_t s1_size, mpi_limb_t s2_limb );
1550 mpi_limb_t mpihelp_add_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1551 mpi_ptr_t s2_ptr, mpi_size_t size);
1552 mpi_limb_t mpihelp_add(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
1553 mpi_ptr_t s2_ptr, mpi_size_t s2_size);
1554
1555 /*-- mpihelp-sub.c --*/
1556 mpi_limb_t mpihelp_sub_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1557 mpi_size_t s1_size, mpi_limb_t s2_limb );
1558 mpi_limb_t mpihelp_sub_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1559 mpi_ptr_t s2_ptr, mpi_size_t size);
1560 mpi_limb_t mpihelp_sub(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
1561 mpi_ptr_t s2_ptr, mpi_size_t s2_size);
1562
1563 /*-- mpihelp-cmp.c --*/
1564 int mpihelp_cmp( mpi_ptr_t op1_ptr, mpi_ptr_t op2_ptr, mpi_size_t size );
1565
1566 /*-- mpihelp-mul.c --*/
1567
1568 struct karatsuba_ctx {
1569 struct karatsuba_ctx *next;
1570 mpi_ptr_t tspace;
1571 mpi_size_t tspace_size;
1572 mpi_ptr_t tp;
1573 mpi_size_t tp_size;
1574 };
1575
1576 void mpihelp_release_karatsuba_ctx( struct karatsuba_ctx *ctx );
1577
1578 mpi_limb_t mpihelp_addmul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1579 mpi_size_t s1_size, mpi_limb_t s2_limb);
1580 mpi_limb_t mpihelp_submul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1581 mpi_size_t s1_size, mpi_limb_t s2_limb);
1582 void mpihelp_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp,
1583 mpi_size_t size);
1584 mpi_limb_t mpihelp_mul( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t usize,
1585 mpi_ptr_t vp, mpi_size_t vsize);
1586 void mpih_sqr_n_basecase( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size );
1587 void mpih_sqr_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size,
1588 mpi_ptr_t tspace);
1589
1590 void mpihelp_mul_karatsuba_case( mpi_ptr_t prodp,
1591 mpi_ptr_t up, mpi_size_t usize,
1592 mpi_ptr_t vp, mpi_size_t vsize,
1593 struct karatsuba_ctx *ctx );
1594
1595
1596 /*-- mpihelp-mul_1.c (or xxx/cpu/ *.S) --*/
1597 mpi_limb_t mpihelp_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
1598 mpi_size_t s1_size, mpi_limb_t s2_limb);
1599
1600 /*-- mpihelp-div.c --*/
1601 mpi_limb_t mpihelp_mod_1(mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
1602 mpi_limb_t divisor_limb);
1603 mpi_limb_t mpihelp_divrem( mpi_ptr_t qp, mpi_size_t qextra_limbs,
1604 mpi_ptr_t np, mpi_size_t nsize,
1605 mpi_ptr_t dp, mpi_size_t dsize);
1606 mpi_limb_t mpihelp_divmod_1( mpi_ptr_t quot_ptr,
1607 mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
1608 mpi_limb_t divisor_limb);
1609
1610 /*-- mpihelp-shift.c --*/
1611 mpi_limb_t mpihelp_lshift( mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize,
1612 unsigned cnt);
1613 mpi_limb_t mpihelp_rshift( mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize,
1614 unsigned cnt);
1615
1616
1617 /* Define stuff for longlong.h. */
1618 #define W_TYPE_SIZE BITS_PER_MPI_LIMB
1619 typedef mpi_limb_t UWtype;
1620 typedef unsigned int UHWtype;
1621 #if defined (__GNUC__)
1622 typedef unsigned int UQItype __attribute__ ((mode (QI)));
1623 typedef int SItype __attribute__ ((mode (SI)));
1624 typedef unsigned int USItype __attribute__ ((mode (SI)));
1625 typedef int DItype __attribute__ ((mode (DI)));
1626 typedef unsigned int UDItype __attribute__ ((mode (DI)));
1627 #else
1628 typedef unsigned char UQItype;
1629 typedef long SItype;
1630 typedef unsigned long USItype;
1631 #endif
1632
1633 #ifdef __GNUC__
1634 #include "mpi-inline.h"
1635 #endif
1636
1637 #endif /*G10_MPI_INTERNAL_H*/
-(0 . 0)(1 . 150)
1642 /* mpi.h - Multi Precision Integers
1643 * Modified by No Such Labs. (C) 2015. See README.
1644 *
1645 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
1646 * SHA256(gnupg-1.4.10.tar.gz):
1647 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
1648 * (C) 1994-2005 Free Software Foundation, Inc.
1649 *
1650 * This program is free software: you can redistribute it and/or modify
1651 * it under the terms of the GNU General Public License as published by
1652 * the Free Software Foundation, either version 3 of the License, or
1653 * (at your option) any later version.
1654 *
1655 * This program is distributed in the hope that it will be useful,
1656 * but WITHOUT ANY WARRANTY; without even the implied warranty of
1657 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1658 * GNU General Public License for more details.
1659 *
1660 * You should have received a copy of the GNU General Public License
1661 * along with this program. If not, see <http://www.gnu.org/licenses/>.
1662 */
1663
1664 #ifndef G10_MPI_H
1665 #define G10_MPI_H
1666
1667 #include <stdio.h>
1668 #include "knobs.h"
1669 #include "types.h"
1670 #include "memory.h"
1671
1672 #ifndef EXTERN_UNLESS_MAIN_MODULE
1673 #define EXTERN_UNLESS_MAIN_MODULE
1674 #endif
1675
1676 #define DBG_MPI mpi_debug_mode
1677 EXTERN_UNLESS_MAIN_MODULE int mpi_debug_mode;
1678
1679
1680 struct gcry_mpi;
1681 typedef struct gcry_mpi *MPI;
1682
1683
1684 /*-- mpiutil.c --*/
1685
1686 #ifdef M_DEBUG
1687 #define mpi_alloc(n) mpi_debug_alloc((n), M_DBGINFO( __LINE__ ) )
1688 #define mpi_alloc_secure(n) mpi_debug_alloc_secure((n), M_DBGINFO( __LINE__ ) )
1689 #define mpi_alloc_like(n) mpi_debug_alloc_like((n), M_DBGINFO( __LINE__ ) )
1690 #define mpi_free(a) mpi_debug_free((a), M_DBGINFO(__LINE__) )
1691 #define mpi_resize(a,b) mpi_debug_resize((a),(b), M_DBGINFO(__LINE__) )
1692 #define mpi_copy(a) mpi_debug_copy((a), M_DBGINFO(__LINE__) )
1693 MPI mpi_debug_alloc( unsigned nlimbs, const char *info );
1694 MPI mpi_debug_alloc_secure( unsigned nlimbs, const char *info );
1695 MPI mpi_debug_alloc_like( MPI a, const char *info );
1696 void mpi_debug_free( MPI a, const char *info );
1697 void mpi_debug_resize( MPI a, unsigned nlimbs, const char *info );
1698 MPI mpi_debug_copy( MPI a, const char *info );
1699 #else
1700 MPI mpi_alloc( unsigned nlimbs );
1701 MPI mpi_alloc_secure( unsigned nlimbs );
1702 MPI mpi_alloc_like( MPI a );
1703 void mpi_free( MPI a );
1704 void mpi_resize( MPI a, unsigned nlimbs );
1705 MPI mpi_copy( MPI a );
1706 #endif
1707 #define mpi_is_opaque(a) ((a) && (mpi_get_flags (a)&4))
1708 MPI mpi_set_opaque( MPI a, void *p, unsigned int len );
1709 void *mpi_get_opaque( MPI a, unsigned int *len );
1710 #define mpi_is_secure(a) ((a) && (mpi_get_flags (a)&1))
1711 void mpi_set_secure( MPI a );
1712 void mpi_clear( MPI a );
1713 void mpi_set( MPI w, MPI u);
1714 void mpi_set_ui( MPI w, ulong u);
1715 MPI mpi_alloc_set_ui( unsigned long u);
1716 void mpi_m_check( MPI a );
1717 void mpi_swap( MPI a, MPI b);
1718 int mpi_get_nlimbs (MPI a);
1719 int mpi_is_neg (MPI a);
1720 unsigned int mpi_nlimb_hint_from_nbytes (unsigned int nbytes);
1721 unsigned int mpi_nlimb_hint_from_nbits (unsigned int nbits);
1722 unsigned int mpi_get_flags (MPI a);
1723
1724 /*-- mpicoder.c --*/
1725 MPI mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure);
1726 int mpi_fromstr(MPI val, const char *str);
1727 int mpi_print( FILE *fp, MPI a, int mode );
1728 //void g10_log_mpidump( const char *text, MPI a );
1729 byte *mpi_get_buffer( MPI a, unsigned *nbytes, int *sign );
1730 byte *mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign );
1731 void mpi_set_buffer( MPI a, const byte *buffer, unsigned nbytes, int sign );
1732
1733 #define log_mpidump g10_log_mpidump
1734
1735 /*-- mpi-add.c --*/
1736 void mpi_add_ui(MPI w, MPI u, ulong v );
1737 void mpi_add(MPI w, MPI u, MPI v);
1738 void mpi_addm(MPI w, MPI u, MPI v, MPI m);
1739 void mpi_sub_ui(MPI w, MPI u, ulong v );
1740 void mpi_sub( MPI w, MPI u, MPI v);
1741 void mpi_subm( MPI w, MPI u, MPI v, MPI m);
1742
1743 /*-- mpi-mul.c --*/
1744 void mpi_mul_ui(MPI w, MPI u, ulong v );
1745 void mpi_mul_2exp( MPI w, MPI u, ulong cnt);
1746 void mpi_mul( MPI w, MPI u, MPI v);
1747 void mpi_mulm( MPI w, MPI u, MPI v, MPI m);
1748
1749 /*-- mpi-div.c --*/
1750 ulong mpi_fdiv_r_ui( MPI rem, MPI dividend, ulong divisor );
1751 void mpi_fdiv_r( MPI rem, MPI dividend, MPI divisor );
1752 void mpi_fdiv_q( MPI quot, MPI dividend, MPI divisor );
1753 void mpi_fdiv_qr( MPI quot, MPI rem, MPI dividend, MPI divisor );
1754 void mpi_tdiv_r( MPI rem, MPI num, MPI den);
1755 void mpi_tdiv_qr( MPI quot, MPI rem, MPI num, MPI den);
1756 void mpi_tdiv_q_2exp( MPI w, MPI u, unsigned count );
1757 int mpi_divisible_ui(MPI dividend, ulong divisor );
1758
1759 /*-- mpi-gcd.c --*/
1760 int mpi_gcd( MPI g, MPI a, MPI b );
1761
1762 /*-- mpi-pow.c --*/
1763 void mpi_pow( MPI w, MPI u, MPI v);
1764 void mpi_powm( MPI res, MPI base, MPI exponent, MPI mod);
1765
1766 /*-- mpi-mpow.c --*/
1767 void mpi_mulpowm( MPI res, MPI *basearray, MPI *exparray, MPI mod);
1768
1769 /*-- mpi-cmp.c --*/
1770 int mpi_cmp_ui( MPI u, ulong v );
1771 int mpi_cmp( MPI u, MPI v );
1772
1773 /*-- mpi-scan.c --*/
1774 int mpi_getbyte( MPI a, unsigned idx );
1775 void mpi_putbyte( MPI a, unsigned idx, int value );
1776 unsigned mpi_trailing_zeros( MPI a );
1777
1778 /*-- mpi-bit.c --*/
1779 void mpi_normalize( MPI a );
1780 unsigned mpi_get_nbits( MPI a );
1781 int mpi_test_bit( MPI a, unsigned n );
1782 void mpi_set_bit( MPI a, unsigned n );
1783 void mpi_set_highbit( MPI a, unsigned n );
1784 void mpi_clear_highbit( MPI a, unsigned n );
1785 void mpi_clear_bit( MPI a, unsigned n );
1786 void mpi_rshift( MPI x, MPI a, unsigned n );
1787
1788 /*-- mpi-inv.c --*/
1789 void mpi_invm( MPI x, MPI u, MPI v );
1790
1791 #endif /*G10_MPI_H*/
-(0 . 0)(1 . 138)
1796 /* types.h - some common typedefs
1797 * Modified by No Such Labs. (C) 2015. See README.
1798 *
1799 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
1800 * SHA256(gnupg-1.4.10.tar.gz):
1801 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
1802 * (C) 1994-2005 Free Software Foundation, Inc.
1803 *
1804 * This program is free software: you can redistribute it and/or modify
1805 * it under the terms of the GNU General Public License as published by
1806 * the Free Software Foundation, either version 3 of the License, or
1807 * (at your option) any later version.
1808 *
1809 * This program is distributed in the hope that it will be useful,
1810 * but WITHOUT ANY WARRANTY; without even the implied warranty of
1811 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1812 * GNU General Public License for more details.
1813 *
1814 * You should have received a copy of the GNU General Public License
1815 * along with this program. If not, see <http://www.gnu.org/licenses/>.
1816 */
1817
1818 #ifndef G10_TYPES_H
1819 #define G10_TYPES_H
1820
1821 #ifdef HAVE_INTTYPES_H
1822 /* For uint64_t */
1823 #include <inttypes.h>
1824 #endif
1825
1826 /* The AC_CHECK_SIZEOF() in configure fails for some machines.
1827 * we provide some fallback values here */
1828 #if !SIZEOF_UNSIGNED_SHORT
1829 #undef SIZEOF_UNSIGNED_SHORT
1830 #define SIZEOF_UNSIGNED_SHORT 2
1831 #endif
1832 #if !SIZEOF_UNSIGNED_INT
1833 #undef SIZEOF_UNSIGNED_INT
1834 #define SIZEOF_UNSIGNED_INT 4
1835 #endif
1836 #if !SIZEOF_UNSIGNED_LONG
1837 #undef SIZEOF_UNSIGNED_LONG
1838 #define SIZEOF_UNSIGNED_LONG 4
1839 #endif
1840
1841
1842 #include <sys/types.h>
1843
1844
1845 #ifndef HAVE_BYTE_TYPEDEF
1846 #undef byte /* maybe there is a macro with this name */
1847 typedef unsigned char byte;
1848 #define HAVE_BYTE_TYPEDEF
1849 #endif
1850
1851 #ifndef HAVE_USHORT_TYPEDEF
1852 #undef ushort /* maybe there is a macro with this name */
1853 typedef unsigned short ushort;
1854 #define HAVE_USHORT_TYPEDEF
1855 #endif
1856
1857 #ifndef HAVE_ULONG_TYPEDEF
1858 #undef ulong /* maybe there is a macro with this name */
1859 typedef unsigned long ulong;
1860 #define HAVE_ULONG_TYPEDEF
1861 #endif
1862
1863 #ifndef HAVE_U16_TYPEDEF
1864 #undef u16 /* maybe there is a macro with this name */
1865 #if SIZEOF_UNSIGNED_INT == 2
1866 typedef unsigned int u16;
1867 #elif SIZEOF_UNSIGNED_SHORT == 2
1868 typedef unsigned short u16;
1869 #else
1870 #error no typedef for u16
1871 #endif
1872 #define HAVE_U16_TYPEDEF
1873 #endif
1874
1875 #ifndef HAVE_U32_TYPEDEF
1876 #undef u32 /* maybe there is a macro with this name */
1877 #if SIZEOF_UNSIGNED_INT == 4
1878 typedef unsigned int u32;
1879 #elif SIZEOF_UNSIGNED_LONG == 4
1880 typedef unsigned long u32;
1881 #else
1882 #error no typedef for u32
1883 #endif
1884 #define HAVE_U32_TYPEDEF
1885 #endif
1886
1887 /****************
1888 * Warning: Some systems segfault when this u64 typedef and
1889 * the dummy code in cipher/md.c is not available. Examples are
1890 * Solaris and IRIX.
1891 */
1892 #ifndef HAVE_U64_TYPEDEF
1893 #undef u64 /* maybe there is a macro with this name */
1894 #if SIZEOF_UINT64_T == 8
1895 typedef uint64_t u64;
1896 #define U64_C(c) (UINT64_C(c))
1897 #define HAVE_U64_TYPEDEF
1898 #elif SIZEOF_UNSIGNED_INT == 8
1899 typedef unsigned int u64;
1900 #define U64_C(c) (c ## U)
1901 #define HAVE_U64_TYPEDEF
1902 #elif SIZEOF_UNSIGNED_LONG == 8
1903 typedef unsigned long u64;
1904 #define U64_C(c) (c ## UL)
1905 #define HAVE_U64_TYPEDEF
1906 #elif SIZEOF_UNSIGNED_LONG_LONG == 8
1907 typedef unsigned long long u64;
1908 #define U64_C(c) (c ## ULL)
1909 #define HAVE_U64_TYPEDEF
1910 #endif
1911 #endif
1912
1913 typedef union {
1914 int a;
1915 short b;
1916 char c[1];
1917 long d;
1918 #ifdef HAVE_U64_TYPEDEF
1919 u64 e;
1920 #endif
1921 float f;
1922 double g;
1923 } PROPERLY_ALIGNED_TYPE;
1924
1925 struct string_list {
1926 struct string_list *next;
1927 unsigned int flags;
1928 char d[1];
1929 };
1930 typedef struct string_list *STRLIST;
1931 typedef struct string_list *strlist_t;
1932
1933 #endif /*G10_TYPES_H*/
-(0 . 0)(1 . 86)
1938 /* util.h
1939 * Modified by No Such Labs. (C) 2015. See README.
1940 *
1941 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
1942 * SHA256(gnupg-1.4.10.tar.gz):
1943 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
1944 * (C) 1994-2005 Free Software Foundation, Inc.
1945 *
1946 * This program is free software: you can redistribute it and/or modify
1947 * it under the terms of the GNU General Public License as published by
1948 * the Free Software Foundation, either version 3 of the License, or
1949 * (at your option) any later version.
1950 *
1951 * This program is distributed in the hope that it will be useful,
1952 * but WITHOUT ANY WARRANTY; without even the implied warranty of
1953 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1954 * GNU General Public License for more details.
1955 *
1956 * You should have received a copy of the GNU General Public License
1957 * along with this program. If not, see <http://www.gnu.org/licenses/>.
1958 */
1959
1960 #ifndef G10_UTIL_H
1961 #define G10_UTIL_H
1962
1963 #if defined (_WIN32) || defined (__CYGWIN32__)
1964 #include <stdarg.h>
1965 #endif
1966
1967 #include "types.h"
1968 #include "types.h"
1969 #include "mpi.h"
1970
1971 #define log_hexdump printf
1972 #define log_bug printf
1973 #define log_bug0 printf
1974 #define log_fatal printf
1975 #define log_error printf
1976 #define log_info printf
1977 #define log_warning printf
1978 #define log_debug printf
1979
1980 #define g10_log_print_prefix printf
1981
1982
1983 #ifndef HAVE_MEMMOVE
1984 #define memmove(d, s, n) bcopy((s), (d), (n))
1985 #endif
1986
1987
1988 /**** other missing stuff ****/
1989 #ifndef HAVE_ATEXIT /* For SunOS */
1990 #define atexit(a) (on_exit((a),0))
1991 #endif
1992
1993 #ifndef HAVE_RAISE
1994 #define raise(a) kill(getpid(), (a))
1995 #endif
1996
1997 /******** some macros ************/
1998 #ifndef STR
1999 #define STR(v) #v
2000 #endif
2001 #define STR2(v) STR(v)
2002 #define DIM(v) (sizeof(v)/sizeof((v)[0]))
2003 #define DIMof(type,member) DIM(((type *)0)->member)
2004
2005 #define wipememory2(_ptr,_set,_len) do { volatile char *_vptr=(volatile char *)(_ptr); size_t _vlen=(_len); while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } } while(0)
2006 #define wipememory(_ptr,_len) wipememory2(_ptr,0,_len)
2007
2008 /*-- macros to replace ctype ones and avoid locale problems --*/
2009 #define spacep(p) (*(p) == ' ' || *(p) == '\t')
2010 #define digitp(p) (*(p) >= '0' && *(p) <= '9')
2011 #define hexdigitp(a) (digitp (a) \
2012 || (*(a) >= 'A' && *(a) <= 'F') \
2013 || (*(a) >= 'a' && *(a) <= 'f'))
2014 /* the atoi macros assume that the buffer has only valid digits */
2015 #define atoi_1(p) (*(p) - '0' )
2016 #define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))
2017 #define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2))
2018 #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
2019 *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
2020 #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
2021
2022
2023 #endif /*G10_UTIL_H*/
-(0 . 0)(1 . 671)
2028 /* memory.c - memory allocation
2029 * Modified by No Such Labs. (C) 2015. See README.
2030 *
2031 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
2032 * SHA256(gnupg-1.4.10.tar.gz):
2033 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
2034 * (C) 1994-2005 Free Software Foundation, Inc.
2035 *
2036 * This program is free software: you can redistribute it and/or modify
2037 * it under the terms of the GNU General Public License as published by
2038 * the Free Software Foundation, either version 3 of the License, or
2039 * (at your option) any later version.
2040 *
2041 * This program is distributed in the hope that it will be useful,
2042 * but WITHOUT ANY WARRANTY; without even the implied warranty of
2043 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2044 * GNU General Public License for more details.
2045 *
2046 * You should have received a copy of the GNU General Public License
2047 * along with this program. If not, see <http://www.gnu.org/licenses/>.
2048 */
2049
2050 /* We use our own memory allocation functions instead of plain malloc(),
2051 * so that we can provide some special enhancements:
2052 * a) functions to provide memory from a secure memory.
2053 * b) by looking at the requested allocation size we
2054 * can reuse memory very quickly (e.g. MPI storage)
2055 * (really needed?)
2056 * c) memory usage reporting if compiled with M_DEBUG
2057 * d) memory checking if compiled with M_GUARD
2058 */
2059
2060 #include <stdio.h>
2061 #include <stdlib.h>
2062 #include <stdarg.h>
2063 #include <string.h>
2064
2065 #include "knobs.h"
2066 #include "types.h"
2067 #include "memory.h"
2068 #include "util.h"
2069
2070 #define MAGIC_NOR_BYTE 0x55
2071 #define MAGIC_SEC_BYTE 0xcc
2072 #define MAGIC_END_BYTE 0xaa
2073
2074 /* This is a very crude alignment check which does not work on all CPUs
2075 * IIRC, I once introduced it for testing on an Alpha. We should better
2076 * replace this guard stuff with one provided by a modern malloc library
2077 */
2078 #if SIZEOF_UNSIGNED_LONG == 8
2079 #define EXTRA_ALIGN 4
2080 #else
2081 #define EXTRA_ALIGN 0
2082 #endif
2083
2084 #if defined(M_DEBUG) || defined(M_GUARD)
2085 static void membug( const char *fmt, ... );
2086 #endif
2087
2088 #ifdef M_DEBUG
2089
2090 #ifndef M_GUARD
2091 #define M_GUARD 1
2092 #endif
2093 #undef xmalloc
2094 #undef xtrymalloc
2095 #undef xmalloc_clear
2096 #undef xmalloc_secure
2097 #undef xmalloc_secure_clear
2098 #undef xrealloc
2099 #undef xfree
2100 #undef m_check
2101 #undef xstrdup
2102 #undef xtrystrdup
2103 #define FNAME(a) m_debug_ ##a
2104 #define FNAMEX(a) m_debug_ ##a
2105 #define FNAMEXM(a) m_debug_ ##a
2106 #define FNAMEPRT , const char *info
2107 #define FNAMEARG , info
2108
2109 #define store_len(p,n,m) do { add_entry(p,n,m, \
2110 info, __FUNCTION__); } while(0)
2111 #else
2112 #define FNAME(a) m_ ##a
2113 #define FNAMEX(a) x ##a
2114 #define FNAMEXM(a) xm ##a
2115 #define FNAMEPRT
2116 #define FNAMEARG
2117 #define store_len(p,n,m) do { ((byte*)p)[EXTRA_ALIGN+0] = n; \
2118 ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ; \
2119 ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ; \
2120 ((byte*)p)[EXTRA_ALIGN+3] = m? MAGIC_SEC_BYTE \
2121 : MAGIC_NOR_BYTE; \
2122 } while(0)
2123 #endif
2124
2125
2126 #ifdef M_GUARD
2127 static long used_memory;
2128 #endif
2129
2130 #ifdef M_DEBUG /* stuff used for memory debuging */
2131
2132 struct info_entry {
2133 struct info_entry *next;
2134 unsigned count; /* call count */
2135 const char *info; /* the reference to the info string */
2136 };
2137
2138 struct memtbl_entry {
2139 const void *user_p; /* for reference: the pointer given to the user */
2140 size_t user_n; /* length requested by the user */
2141 struct memtbl_entry *next; /* to build a list of unused entries */
2142 const struct info_entry *info; /* points into the table with */
2143 /* the info strings */
2144 unsigned inuse:1; /* this entry is in use */
2145 unsigned count:31;
2146 };
2147
2148
2149 #define INFO_BUCKETS 53
2150 #define info_hash(p) ( *(u32*)((p)) % INFO_BUCKETS )
2151 static struct info_entry *info_strings[INFO_BUCKETS]; /* hash table */
2152
2153 static struct memtbl_entry *memtbl; /* the table with the memory info */
2154 static unsigned memtbl_size; /* number of allocated entries */
2155 static unsigned memtbl_len; /* number of used entries */
2156 static struct memtbl_entry *memtbl_unused;/* to keep track of unused entries */
2157
2158 static void dump_table_at_exit(void);
2159 static void dump_table(void);
2160 static void check_allmem( const char *info );
2161
2162 /****************
2163 * Put the new P into the debug table and return a pointer to the table entry.
2164 * mode is true for security. BY is the name of the function which called us.
2165 */
2166 static void
2167 add_entry( byte *p, unsigned n, int mode, const char *info, const char *by )
2168 {
2169 unsigned index;
2170 struct memtbl_entry *e;
2171 struct info_entry *ie;
2172
2173 if( memtbl_len < memtbl_size )
2174 index = memtbl_len++;
2175 else {
2176 struct memtbl_entry *e;
2177 /* look for a used entry in the table. We take the first one,
2178 * so that freed entries remain as long as possible in the table
2179 * (free appends a new one)
2180 */
2181 if( (e = memtbl_unused) ) {
2182 index = e - memtbl;
2183 memtbl_unused = e->next;
2184 e->next = NULL;
2185 }
2186 else { /* no free entries in the table: extend the table */
2187 if( !memtbl_size ) { /* first time */
2188 memtbl_size = 100;
2189 if( !(memtbl = calloc( memtbl_size, sizeof *memtbl )) )
2190 membug("memory debug table malloc failed\n");
2191 index = 0;
2192 memtbl_len = 1;
2193 atexit( dump_table_at_exit );
2194 }
2195 else { /* realloc */
2196 unsigned n = memtbl_size / 4; /* enlarge by 25% */
2197 if(!(memtbl = realloc(memtbl, (memtbl_size+n)*sizeof *memtbl)))
2198 membug("memory debug table realloc failed\n");
2199 memset(memtbl+memtbl_size, 0, n*sizeof *memtbl );
2200 memtbl_size += n;
2201 index = memtbl_len++;
2202 }
2203 }
2204 }
2205 e = memtbl+index;
2206 if( e->inuse )
2207 membug("Ooops: entry %u is flagged as in use\n", index);
2208 e->user_p = p + EXTRA_ALIGN + 4;
2209 e->user_n = n;
2210 e->count++;
2211 if( e->next )
2212 membug("Ooops: entry is in free entry list\n");
2213 /* do we already have this info string */
2214 for( ie = info_strings[info_hash(info)]; ie; ie = ie->next )
2215 if( ie->info == info )
2216 break;
2217 if( !ie ) { /* no: make a new entry */
2218 if( !(ie = malloc( sizeof *ie )) )
2219 membug("can't allocate info entry\n");
2220 ie->next = info_strings[info_hash(info)];
2221 info_strings[info_hash(info)] = ie;
2222 ie->info = info;
2223 ie->count = 0;
2224 }
2225 ie->count++;
2226 e->info = ie;
2227 e->inuse = 1;
2228
2229 /* put the index at the start of the memory */
2230 p[EXTRA_ALIGN+0] = index;
2231 p[EXTRA_ALIGN+1] = index >> 8 ;
2232 p[EXTRA_ALIGN+2] = index >> 16 ;
2233 p[EXTRA_ALIGN+3] = mode? MAGIC_SEC_BYTE : MAGIC_NOR_BYTE ;
2234 if( DBG_MEMORY )
2235 log_debug( "%s allocates %u bytes using %s\n", info, e->user_n, by );
2236 }
2237
2238
2239
2240 /****************
2241 * Check that the memory block is correct. The magic byte has already been
2242 * checked. Checks which are done here:
2243 * - see whether the index points into our memory table
2244 * - see whether P is the same as the one stored in the table
2245 * - see whether we have already freed this block.
2246 */
2247 struct memtbl_entry *
2248 check_mem( const byte *p, const char *info )
2249 {
2250 unsigned n;
2251 struct memtbl_entry *e;
2252
2253 n = p[EXTRA_ALIGN+0];
2254 n |= p[EXTRA_ALIGN+1] << 8;
2255 n |= p[EXTRA_ALIGN+2] << 16;
2256
2257 if( n >= memtbl_len )
2258 membug("memory at %p corrupted: index=%u table_len=%u (%s)\n",
2259 p+EXTRA_ALIGN+4, n, memtbl_len, info );
2260 e = memtbl+n;
2261
2262 if( e->user_p != p+EXTRA_ALIGN+4 )
2263 membug("memory at %p corrupted: reference mismatch (%s)\n",
2264 p+EXTRA_ALIGN+4, info );
2265 if( !e->inuse )
2266 membug("memory at %p corrupted: marked as free (%s)\n",
2267 p+EXTRA_ALIGN+4, info );
2268
2269 if( !(p[EXTRA_ALIGN+3] == MAGIC_NOR_BYTE
2270 || p[EXTRA_ALIGN+3] == MAGIC_SEC_BYTE) )
2271 membug("memory at %p corrupted: underflow=%02x (%s)\n",
2272 p+EXTRA_ALIGN+4, p[EXTRA_ALIGN+3], info );
2273 if( p[EXTRA_ALIGN+4+e->user_n] != MAGIC_END_BYTE )
2274 membug("memory at %p corrupted: overflow=%02x (%s)\n",
2275 p+EXTRA_ALIGN+4, p[EXTRA_ALIGN+4+e->user_n], info );
2276 return e;
2277 }
2278
2279
2280 /****************
2281 * free the entry and the memory (replaces free)
2282 */
2283 static void
2284 free_entry( byte *p, const char *info )
2285 {
2286 struct memtbl_entry *e, *e2;
2287
2288 check_allmem("add_entry");
2289
2290 e = check_mem(p, info);
2291 if( DBG_MEMORY )
2292 log_debug( "%s frees %u bytes alloced by %s\n",
2293 info, e->user_n, e->info->info );
2294 if( !e->inuse ) {
2295 if( e->user_p == p + EXTRA_ALIGN+ 4 )
2296 membug("freeing an already freed pointer at %p\n", p+EXTRA_ALIGN+4 );
2297 else
2298 membug("freeing pointer %p which is flagged as freed\n", p+EXTRA_ALIGN+4 );
2299 }
2300
2301 e->inuse = 0;
2302 e->next = NULL;
2303 if( !memtbl_unused )
2304 memtbl_unused = e;
2305 else {
2306 for(e2=memtbl_unused; e2->next; e2 = e2->next )
2307 ;
2308 e2->next = e;
2309 }
2310 if( m_is_secure(p+EXTRA_ALIGN+4) )
2311 secmem_free(p);
2312 else {
2313 memset(p,'f', e->user_n+5);
2314 free(p);
2315 }
2316 }
2317
2318 static void
2319 dump_entry(struct memtbl_entry *e )
2320 {
2321 unsigned n = e - memtbl;
2322
2323 fprintf(stderr, "mem %4u%c %5u %p %5u %s (%u)\n",
2324 n, e->inuse?'a':'u', e->count, e->user_p, e->user_n,
2325 e->info->info, e->info->count );
2326
2327
2328 }
2329
2330
2331 static void
2332 dump_table_at_exit( void)
2333 {
2334 if( DBG_MEMSTAT )
2335 dump_table();
2336 }
2337
2338 static void
2339 dump_table( void)
2340 {
2341 unsigned n;
2342 struct memtbl_entry *e;
2343 ulong sum = 0, chunks =0;
2344
2345 for( e = memtbl, n = 0; n < memtbl_len; n++, e++ ) {
2346 if(e->inuse) {
2347 dump_entry(e);
2348 sum += e->user_n;
2349 chunks++;
2350 }
2351 }
2352 fprintf(stderr, " memory used: %8lu bytes in %ld chunks\n",
2353 sum, chunks );
2354 }
2355
2356
2357 static void
2358 check_allmem( const char *info )
2359 {
2360 unsigned n;
2361 struct memtbl_entry *e;
2362
2363 for( e = memtbl, n = 0; n < memtbl_len; n++, e++ ) {
2364 if( e->inuse ) {
2365 check_mem(e->user_p-4-EXTRA_ALIGN, info);
2366 }
2367 }
2368 }
2369
2370 #endif /* M_DEBUG */
2371
2372 #if defined(M_DEBUG) || defined(M_GUARD)
2373 static void
2374 membug( const char *fmt, ... )
2375 {
2376 va_list arg_ptr ;
2377
2378 fprintf(stderr, "\nMemory Error: " ) ;
2379 va_start( arg_ptr, fmt ) ;
2380 vfprintf(stderr,fmt,arg_ptr) ;
2381 va_end(arg_ptr);
2382 fflush(stderr);
2383 #ifdef M_DEBUG
2384 if( DBG_MEMSTAT )
2385 dump_table();
2386 #endif
2387 abort();
2388 }
2389 #endif
2390
2391 void
2392 m_print_stats( const char *prefix )
2393 {
2394 #ifdef M_DEBUG
2395 unsigned n;
2396 struct memtbl_entry *e;
2397 ulong sum = 0, chunks =0;
2398
2399 for( e = memtbl, n = 0; n < memtbl_len; n++, e++ ) {
2400 if(e->inuse) {
2401 sum += e->user_n;
2402 chunks++;
2403 }
2404 }
2405
2406 log_debug( "%s%smemstat: %8lu bytes in %ld chunks used\n",
2407 prefix? prefix:"", prefix? ": ":"", sum, chunks );
2408 #elif defined(M_GUARD)
2409 log_debug( "%s%smemstat: %8ld bytes\n",
2410 prefix? prefix:"", prefix? ": ":"", used_memory );
2411 #endif
2412 }
2413
2414 void
2415 m_dump_table( const char *prefix )
2416 {
2417 #ifdef M_DEBUG
2418 fprintf(stderr,"Memory-Table-Dump: %s\n", prefix);
2419 dump_table();
2420 #endif
2421 m_print_stats( prefix );
2422 }
2423
2424
2425 static void
2426 out_of_core(size_t n, int secure)
2427 {
2428 log_error ("out of %s memory while allocating %u bytes\n",
2429 secure? "secure":"" ,(unsigned)n );
2430 if (secure) {
2431 /*secmem_dump_stats ();*/
2432 log_info ("(this may be caused by too many secret keys used "
2433 "simultaneously or due to excessive large key sizes)\n");
2434 }
2435 exit(2);
2436 }
2437
2438 /****************
2439 * Allocate memory of size n.
2440 * This function gives up if we do not have enough memory
2441 */
2442 void *
2443 FNAMEXM(alloc)( size_t n FNAMEPRT )
2444 {
2445 char *p;
2446
2447 #ifdef M_GUARD
2448 if(!n)
2449 out_of_core(n,0); /* should never happen */
2450 if( !(p = malloc( n + EXTRA_ALIGN+5 )) )
2451 out_of_core(n,0);
2452 store_len(p,n,0);
2453 used_memory += n;
2454 p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
2455 return p+EXTRA_ALIGN+4;
2456 #else
2457 /* mallocing zero bytes is undefined by ISO-C, so we better make
2458 sure that it won't happen */
2459 if (!n)
2460 n = 1;
2461 if( !(p = malloc( n )) )
2462 out_of_core(n,0);
2463 return p;
2464 #endif
2465 }
2466
2467 /* Allocate memory of size n. This function returns NULL if we do not
2468 have enough memory. */
2469 void *
2470 FNAMEX(trymalloc)(size_t n FNAMEPRT)
2471 {
2472 #ifdef M_GUARD
2473 char *p;
2474
2475 if (!n)
2476 n = 1;
2477 p = malloc (n + EXTRA_ALIGN+5);
2478 if (!p)
2479 return NULL;
2480 store_len(p,n,0);
2481 used_memory += n;
2482 p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
2483 return p+EXTRA_ALIGN+4;
2484 #else
2485 /* Mallocing zero bytes is undefined by ISO-C, so we better make
2486 sure that it won't happen. */
2487 return malloc (n? n: 1);
2488 #endif
2489 }
2490
2491 /****************
2492 * Allocate memory of size n from the secure memory pool.
2493 * This function gives up if we do not have enough memory
2494 */
2495 void *
2496 FNAMEXM(alloc_secure)( size_t n FNAMEPRT )
2497 {
2498 char *p;
2499
2500 #ifdef M_GUARD
2501 if(!n)
2502 out_of_core(n,1); /* should never happen */
2503 if( !(p = secmem_malloc( n +EXTRA_ALIGN+ 5 )) )
2504 out_of_core(n,1);
2505 store_len(p,n,1);
2506 p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
2507 return p+EXTRA_ALIGN+4;
2508 #else
2509 /* mallocing zero bytes is undefined by ISO-C, so we better make
2510 sure that it won't happen */
2511 if (!n)
2512 n = 1;
2513 if( !(p = secmem_malloc( n )) )
2514 out_of_core(n,1);
2515 return p;
2516 #endif
2517 }
2518
2519 void *
2520 FNAMEXM(alloc_clear)( size_t n FNAMEPRT )
2521 {
2522 void *p;
2523 p = FNAMEXM(alloc)( n FNAMEARG );
2524 memset(p, 0, n );
2525 return p;
2526 }
2527
2528 void *
2529 FNAMEXM(alloc_secure_clear)( size_t n FNAMEPRT)
2530 {
2531 void *p;
2532 p = FNAMEXM(alloc_secure)( n FNAMEARG );
2533 memset(p, 0, n );
2534 return p;
2535 }
2536
2537
2538 /****************
2539 * realloc and clear the old space
2540 */
2541 void *
2542 FNAMEX(realloc)( void *a, size_t n FNAMEPRT )
2543 {
2544 void *b;
2545
2546 #ifdef M_GUARD
2547 if( a ) {
2548 #error "--enable-m-guard does not currently work"
2549 unsigned char *p = a;
2550 size_t len = m_size(a);
2551
2552 if( len >= n ) /* we don't shrink for now */
2553 return a;
2554 if( p[-1] == MAGIC_SEC_BYTE )
2555 b = FNAME(alloc_secure_clear)(n FNAMEARG);
2556 else
2557 b = FNAME(alloc_clear)(n FNAMEARG);
2558 FNAME(check)(NULL FNAMEARG);
2559 memcpy(b, a, len );
2560 FNAME(free)(p FNAMEARG);
2561 }
2562 else
2563 b = FNAME(alloc)(n FNAMEARG);
2564 #else
2565 if( m_is_secure(a) ) {
2566 if( !(b = secmexrealloc( a, n )) )
2567 out_of_core(n,1);
2568 }
2569 else {
2570 if( !(b = realloc( a, n )) )
2571 out_of_core(n,0);
2572 }
2573 #endif
2574
2575 return b;
2576 }
2577
2578
2579
2580 /****************
2581 * Free a pointer
2582 */
2583 void
2584 FNAMEX(free)( void *a FNAMEPRT )
2585 {
2586 byte *p = a;
2587
2588 if( !p )
2589 return;
2590 #ifdef M_DEBUG
2591 free_entry(p-EXTRA_ALIGN-4, info);
2592 #elif defined M_GUARD
2593 m_check(p);
2594 if( m_is_secure(a) )
2595 secmem_free(p-EXTRA_ALIGN-4);
2596 else {
2597 used_memory -= m_size(a);
2598 free(p-EXTRA_ALIGN-4);
2599 }
2600 #else
2601 if( m_is_secure(a) )
2602 secmem_free(p);
2603 else
2604 free(p);
2605 #endif
2606 }
2607
2608
2609 void
2610 FNAME(check)( const void *a FNAMEPRT )
2611 {
2612 #ifdef M_GUARD
2613 const byte *p = a;
2614
2615 #ifdef M_DEBUG
2616 if( p )
2617 check_mem(p-EXTRA_ALIGN-4, info);
2618 else
2619 check_allmem(info);
2620 #else
2621 if( !p )
2622 return;
2623 if( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) )
2624 membug("memory at %p corrupted (underflow=%02x)\n", p, p[-1] );
2625 else if( p[m_size(p)] != MAGIC_END_BYTE )
2626 membug("memory at %p corrupted (overflow=%02x)\n", p, p[-1] );
2627 #endif
2628 #endif
2629 }
2630
2631
2632 size_t
2633 m_size( const void *a )
2634 {
2635 #ifndef M_GUARD
2636 log_debug("dummy m_size called\n");
2637 return 0;
2638 #else
2639 const byte *p = a;
2640 size_t n;
2641
2642 #ifdef M_DEBUG
2643 n = check_mem(p-EXTRA_ALIGN-4, "m_size")->user_n;
2644 #else
2645 n = ((byte*)p)[-4];
2646 n |= ((byte*)p)[-3] << 8;
2647 n |= ((byte*)p)[-2] << 16;
2648 #endif
2649 return n;
2650 #endif
2651 }
2652
2653
2654 char *
2655 FNAMEX(strdup)( const char *a FNAMEPRT )
2656 {
2657 size_t n = strlen(a);
2658 char *p = FNAMEXM(alloc)(n+1 FNAMEARG);
2659 strcpy(p, a);
2660 return p;
2661 }
2662
2663 char *
2664 FNAMEX(trystrdup)(const char *a FNAMEPRT)
2665 {
2666 size_t n = strlen (a);
2667 char *p = FNAMEX(trymalloc)(n+1 FNAMEARG);
2668 if (p)
2669 strcpy (p, a);
2670 return p;
2671 }
2672
2673
2674 /* Wrapper around xmalloc_clear to take the usual 2 arguments of a
2675 calloc style function. */
2676 void *
2677 xcalloc (size_t n, size_t m)
2678 {
2679 size_t nbytes;
2680
2681 nbytes = n * m;
2682 if (m && nbytes / m != n)
2683 out_of_core (nbytes, 0);
2684 return xmalloc_clear (nbytes);
2685 }
2686
2687 /* Wrapper around xmalloc_csecure_lear to take the usual 2 arguments
2688 of a calloc style function. */
2689 void *
2690 xcalloc_secure (size_t n, size_t m)
2691 {
2692 size_t nbytes;
2693
2694 nbytes = n * m;
2695 if (m && nbytes / m != n)
2696 out_of_core (nbytes, 1);
2697 return xmalloc_secure_clear (nbytes);
2698 }
-(0 . 0)(1 . 240)
2703 /* mpi-add.c - MPI functions
2704 * Modified by No Such Labs. (C) 2015. See README.
2705 *
2706 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
2707 * SHA256(gnupg-1.4.10.tar.gz):
2708 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
2709 * (C) 1994-2005 Free Software Foundation, Inc.
2710 *
2711 * This program is free software: you can redistribute it and/or modify
2712 * it under the terms of the GNU General Public License as published by
2713 * the Free Software Foundation, either version 3 of the License, or
2714 * (at your option) any later version.
2715 *
2716 * This program is distributed in the hope that it will be useful,
2717 * but WITHOUT ANY WARRANTY; without even the implied warranty of
2718 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2719 * GNU General Public License for more details.
2720 *
2721 * You should have received a copy of the GNU General Public License
2722 * along with this program. If not, see <http://www.gnu.org/licenses/>.
2723 */
2724
2725 #include <stdio.h>
2726 #include <stdlib.h>
2727
2728 #include "knobs.h"
2729 #include "mpi-internal.h"
2730
2731
2732 /****************
2733 * Add the unsigned integer V to the mpi-integer U and store the
2734 * result in W. U and V may be the same.
2735 */
2736 void
2737 mpi_add_ui(MPI w, MPI u, unsigned long v )
2738 {
2739 mpi_ptr_t wp, up;
2740 mpi_size_t usize, wsize;
2741 int usign, wsign;
2742
2743 usize = u->nlimbs;
2744 usign = u->sign;
2745 wsign = 0;
2746
2747 /* If not space for W (and possible carry), increase space. */
2748 wsize = usize + 1;
2749 if( w->alloced < wsize )
2750 mpi_resize(w, wsize);
2751
2752 /* These must be after realloc (U may be the same as W). */
2753 up = u->d;
2754 wp = w->d;
2755
2756 if( !usize ) { /* simple */
2757 wp[0] = v;
2758 wsize = v? 1:0;
2759 }
2760 else if( !usign ) { /* mpi is not negative */
2761 mpi_limb_t cy;
2762 cy = mpihelp_add_1(wp, up, usize, v);
2763 wp[usize] = cy;
2764 wsize = usize + cy;
2765 }
2766 else { /* The signs are different. Need exact comparison to determine
2767 * which operand to subtract from which. */
2768 if( usize == 1 && up[0] < v ) {
2769 wp[0] = v - up[0];
2770 wsize = 1;
2771 }
2772 else {
2773 mpihelp_sub_1(wp, up, usize, v);
2774 /* Size can decrease with at most one limb. */
2775 wsize = usize - (wp[usize-1]==0);
2776 wsign = 1;
2777 }
2778 }
2779
2780 w->nlimbs = wsize;
2781 w->sign = wsign;
2782 }
2783
2784
2785 void
2786 mpi_add(MPI w, MPI u, MPI v)
2787 {
2788 mpi_ptr_t wp, up, vp;
2789 mpi_size_t usize, vsize, wsize;
2790 int usign, vsign, wsign;
2791
2792 if( u->nlimbs < v->nlimbs ) { /* Swap U and V. */
2793 usize = v->nlimbs;
2794 usign = v->sign;
2795 vsize = u->nlimbs;
2796 vsign = u->sign;
2797 wsize = usize + 1;
2798 RESIZE_IF_NEEDED(w, wsize);
2799 /* These must be after realloc (u or v may be the same as w). */
2800 up = v->d;
2801 vp = u->d;
2802 }
2803 else {
2804 usize = u->nlimbs;
2805 usign = u->sign;
2806 vsize = v->nlimbs;
2807 vsign = v->sign;
2808 wsize = usize + 1;
2809 RESIZE_IF_NEEDED(w, wsize);
2810 /* These must be after realloc (u or v may be the same as w). */
2811 up = u->d;
2812 vp = v->d;
2813 }
2814 wp = w->d;
2815 wsign = 0;
2816
2817 if( !vsize ) { /* simple */
2818 MPN_COPY(wp, up, usize );
2819 wsize = usize;
2820 wsign = usign;
2821 }
2822 else if( usign != vsign ) { /* different sign */
2823 /* This test is right since USIZE >= VSIZE */
2824 if( usize != vsize ) {
2825 mpihelp_sub(wp, up, usize, vp, vsize);
2826 wsize = usize;
2827 MPN_NORMALIZE(wp, wsize);
2828 wsign = usign;
2829 }
2830 else if( mpihelp_cmp(up, vp, usize) < 0 ) {
2831 mpihelp_sub_n(wp, vp, up, usize);
2832 wsize = usize;
2833 MPN_NORMALIZE(wp, wsize);
2834 if( !usign )
2835 wsign = 1;
2836 }
2837 else {
2838 mpihelp_sub_n(wp, up, vp, usize);
2839 wsize = usize;
2840 MPN_NORMALIZE(wp, wsize);
2841 if( usign )
2842 wsign = 1;
2843 }
2844 }
2845 else { /* U and V have same sign. Add them. */
2846 mpi_limb_t cy = mpihelp_add(wp, up, usize, vp, vsize);
2847 wp[usize] = cy;
2848 wsize = usize + cy;
2849 if( usign )
2850 wsign = 1;
2851 }
2852
2853 w->nlimbs = wsize;
2854 w->sign = wsign;
2855 }
2856
2857
2858 /****************
2859 * Subtract the unsigned integer V from the mpi-integer U and store the
2860 * result in W.
2861 */
2862 void
2863 mpi_sub_ui(MPI w, MPI u, unsigned long v )
2864 {
2865 mpi_ptr_t wp, up;
2866 mpi_size_t usize, wsize;
2867 int usign, wsign;
2868
2869 usize = u->nlimbs;
2870 usign = u->sign;
2871 wsign = 0;
2872
2873 /* If not space for W (and possible carry), increase space. */
2874 wsize = usize + 1;
2875 if( w->alloced < wsize )
2876 mpi_resize(w, wsize);
2877
2878 /* These must be after realloc (U may be the same as W). */
2879 up = u->d;
2880 wp = w->d;
2881
2882 if( !usize ) { /* simple */
2883 wp[0] = v;
2884 wsize = v? 1:0;
2885 wsign = 1;
2886 }
2887 else if( usign ) { /* mpi and v are negative */
2888 mpi_limb_t cy;
2889 cy = mpihelp_add_1(wp, up, usize, v);
2890 wp[usize] = cy;
2891 wsize = usize + cy;
2892 }
2893 else { /* The signs are different. Need exact comparison to determine
2894 * which operand to subtract from which. */
2895 if( usize == 1 && up[0] < v ) {
2896 wp[0] = v - up[0];
2897 wsize = 1;
2898 wsign = 1;
2899 }
2900 else {
2901 mpihelp_sub_1(wp, up, usize, v);
2902 /* Size can decrease with at most one limb. */
2903 wsize = usize - (wp[usize-1]==0);
2904 }
2905 }
2906
2907 w->nlimbs = wsize;
2908 w->sign = wsign;
2909 }
2910
2911 void
2912 mpi_sub(MPI w, MPI u, MPI v)
2913 {
2914 if( w == v ) {
2915 MPI vv = mpi_copy(v);
2916 vv->sign = !vv->sign;
2917 mpi_add( w, u, vv );
2918 mpi_free(vv);
2919 }
2920 else {
2921 /* fixme: this is not thread-save (we temp. modify v) */
2922 v->sign = !v->sign;
2923 mpi_add( w, u, v );
2924 v->sign = !v->sign;
2925 }
2926 }
2927
2928
2929 void
2930 mpi_addm( MPI w, MPI u, MPI v, MPI m)
2931 {
2932 mpi_add(w, u, v);
2933 mpi_fdiv_r( w, w, m );
2934 }
2935
2936 void
2937 mpi_subm( MPI w, MPI u, MPI v, MPI m)
2938 {
2939 mpi_sub(w, u, v);
2940 mpi_fdiv_r( w, w, m );
2941 }
2942
-(0 . 0)(1 . 258)
2947 /* mpi-bit.c - MPI bit level fucntions
2948 * Modified by No Such Labs. (C) 2015. See README.
2949 *
2950 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
2951 * SHA256(gnupg-1.4.10.tar.gz):
2952 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
2953 * (C) 1994-2005 Free Software Foundation, Inc.
2954 *
2955 * This program is free software: you can redistribute it and/or modify
2956 * it under the terms of the GNU General Public License as published by
2957 * the Free Software Foundation, either version 3 of the License, or
2958 * (at your option) any later version.
2959 *
2960 * This program is distributed in the hope that it will be useful,
2961 * but WITHOUT ANY WARRANTY; without even the implied warranty of
2962 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2963 * GNU General Public License for more details.
2964 *
2965 * You should have received a copy of the GNU General Public License
2966 * along with this program. If not, see <http://www.gnu.org/licenses/>.
2967 */
2968
2969 #include <stdio.h>
2970 #include <stdlib.h>
2971 #include <assert.h>
2972
2973 #include "knobs.h"
2974 #include "mpi-internal.h"
2975 #include "longlong.h"
2976
2977
2978 #ifdef MPI_INTERNAL_NEED_CLZ_TAB
2979 #ifdef __STDC__
2980 const
2981 #endif
2982 unsigned char
2983 __clz_tab[] =
2984 {
2985 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
2986 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
2987 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
2988 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
2989 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
2990 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
2991 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
2992 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
2993 };
2994 #endif
2995
2996
2997 #define A_LIMB_1 ((mpi_limb_t)1)
2998
2999
3000 /****************
3001 * Sometimes we have MSL (most significant limbs) which are 0;
3002 * this is for some reasons not good, so this function removes them.
3003 */
3004 void
3005 mpi_normalize( MPI a )
3006 {
3007 if( mpi_is_opaque (a) )
3008 return;
3009
3010 for( ; a->nlimbs && !a->d[a->nlimbs-1]; a->nlimbs-- )
3011 ;
3012 }
3013
3014
3015
3016 /****************
3017 * Return the number of bits in A.
3018 */
3019 unsigned
3020 mpi_get_nbits( MPI a )
3021 {
3022 unsigned n;
3023
3024 mpi_normalize( a );
3025 if( a->nlimbs ) {
3026 mpi_limb_t alimb = a->d[a->nlimbs-1];
3027 if( alimb )
3028 count_leading_zeros( n, alimb );
3029 else
3030 n = BITS_PER_MPI_LIMB;
3031 n = BITS_PER_MPI_LIMB - n + (a->nlimbs-1) * BITS_PER_MPI_LIMB;
3032 }
3033 else
3034 n = 0;
3035 return n;
3036 }
3037
3038
3039 /****************
3040 * Test whether bit N is set.
3041 */
3042 int
3043 mpi_test_bit( MPI a, unsigned n )
3044 {
3045 unsigned limbno, bitno;
3046 mpi_limb_t limb;
3047
3048 limbno = n / BITS_PER_MPI_LIMB;
3049 bitno = n % BITS_PER_MPI_LIMB;
3050
3051 if( limbno >= a->nlimbs )
3052 return 0; /* too far left: this is a 0 */
3053 limb = a->d[limbno];
3054 return (limb & (A_LIMB_1 << bitno))? 1: 0;
3055 }
3056
3057
3058 /****************
3059 * Set bit N of A.
3060 */
3061 void
3062 mpi_set_bit( MPI a, unsigned n )
3063 {
3064 unsigned limbno, bitno;
3065
3066 limbno = n / BITS_PER_MPI_LIMB;
3067 bitno = n % BITS_PER_MPI_LIMB;
3068
3069 if( limbno >= a->nlimbs ) { /* resize */
3070 if( a->alloced >= limbno )
3071 mpi_resize(a, limbno+1 );
3072 a->nlimbs = limbno+1;
3073 }
3074 a->d[limbno] |= (A_LIMB_1<<bitno);
3075 }
3076
3077 /****************
3078 * Set bit N of A. and clear all bits above
3079 */
3080 void
3081 mpi_set_highbit( MPI a, unsigned n )
3082 {
3083 unsigned limbno, bitno;
3084
3085 limbno = n / BITS_PER_MPI_LIMB;
3086 bitno = n % BITS_PER_MPI_LIMB;
3087
3088 if( limbno >= a->nlimbs ) { /* resize */
3089 if( a->alloced >= limbno )
3090 mpi_resize(a, limbno+1 );
3091 a->nlimbs = limbno+1;
3092 }
3093 a->d[limbno] |= (A_LIMB_1<<bitno);
3094 for( bitno++; bitno < BITS_PER_MPI_LIMB; bitno++ )
3095 a->d[limbno] &= ~(A_LIMB_1 << bitno);
3096 a->nlimbs = limbno+1;
3097 }
3098
3099 /****************
3100 * clear bit N of A and all bits above
3101 */
3102 void
3103 mpi_clear_highbit( MPI a, unsigned n )
3104 {
3105 unsigned limbno, bitno;
3106
3107 limbno = n / BITS_PER_MPI_LIMB;
3108 bitno = n % BITS_PER_MPI_LIMB;
3109
3110 if( limbno >= a->nlimbs )
3111 return; /* not allocated, so need to clear bits :-) */
3112
3113 for( ; bitno < BITS_PER_MPI_LIMB; bitno++ )
3114 a->d[limbno] &= ~(A_LIMB_1 << bitno);
3115 a->nlimbs = limbno+1;
3116 }
3117
3118 /****************
3119 * Clear bit N of A.
3120 */
3121 void
3122 mpi_clear_bit( MPI a, unsigned n )
3123 {
3124 unsigned limbno, bitno;
3125
3126 limbno = n / BITS_PER_MPI_LIMB;
3127 bitno = n % BITS_PER_MPI_LIMB;
3128
3129 if( limbno >= a->nlimbs )
3130 return; /* don't need to clear this bit, it's to far to left */
3131 a->d[limbno] &= ~(A_LIMB_1 << bitno);
3132 }
3133
3134
3135 /****************
3136 * Shift A by N bits to the right
3137 * FIXME: should use alloc_limb if X and A are same.
3138 */
3139 void
3140 mpi_rshift( MPI x, MPI a, unsigned n )
3141 {
3142 mpi_ptr_t xp;
3143 mpi_size_t xsize;
3144
3145 xsize = a->nlimbs;
3146 x->sign = a->sign;
3147 RESIZE_IF_NEEDED(x, xsize);
3148 xp = x->d;
3149
3150 if( xsize ) {
3151 mpihelp_rshift( xp, a->d, xsize, n);
3152 MPN_NORMALIZE( xp, xsize);
3153 }
3154 x->nlimbs = xsize;
3155 }
3156
3157
3158 /****************
3159 * Shift A by COUNT limbs to the left
3160 * This is used only within the MPI library
3161 */
3162 void
3163 mpi_lshift_limbs( MPI a, unsigned int count )
3164 {
3165 mpi_ptr_t ap = a->d;
3166 int n = a->nlimbs;
3167 int i;
3168
3169 if( !count || !n )
3170 return;
3171
3172 RESIZE_IF_NEEDED( a, n+count );
3173
3174 for( i = n-1; i >= 0; i-- )
3175 ap[i+count] = ap[i];
3176 for(i=0; i < count; i++ )
3177 ap[i] = 0;
3178 a->nlimbs += count;
3179 }
3180
3181
3182 /****************
3183 * Shift A by COUNT limbs to the right
3184 * This is used only within the MPI library
3185 */
3186 void
3187 mpi_rshift_limbs( MPI a, unsigned int count )
3188 {
3189 mpi_ptr_t ap = a->d;
3190 mpi_size_t n = a->nlimbs;
3191 unsigned int i;
3192
3193 if( count >= n ) {
3194 a->nlimbs = 0;
3195 return;
3196 }
3197
3198 for( i = 0; i < n - count; i++ )
3199 ap[i] = ap[i+count];
3200 ap[i] = 0;
3201 a->nlimbs -= count;
3202 }
3203
3204
-(0 . 0)(1 . 77)
3209 /* mpi-cmp.c - MPI functions
3210 * Modified by No Such Labs. (C) 2015. See README.
3211 *
3212 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
3213 * SHA256(gnupg-1.4.10.tar.gz):
3214 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
3215 * (C) 1994-2005 Free Software Foundation, Inc.
3216 *
3217 * This program is free software: you can redistribute it and/or modify
3218 * it under the terms of the GNU General Public License as published by
3219 * the Free Software Foundation, either version 3 of the License, or
3220 * (at your option) any later version.
3221 *
3222 * This program is distributed in the hope that it will be useful,
3223 * but WITHOUT ANY WARRANTY; without even the implied warranty of
3224 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3225 * GNU General Public License for more details.
3226 *
3227 * You should have received a copy of the GNU General Public License
3228 * along with this program. If not, see <http://www.gnu.org/licenses/>.
3229 */
3230
3231 #include <stdio.h>
3232 #include <stdlib.h>
3233
3234 #include "knobs.h"
3235 #include "mpi-internal.h"
3236
3237 int
3238 mpi_cmp_ui( MPI u, unsigned long v )
3239 {
3240 mpi_limb_t limb = v;
3241
3242 mpi_normalize( u );
3243 if( !u->nlimbs && !limb )
3244 return 0;
3245 if( u->sign )
3246 return -1;
3247 if( u->nlimbs > 1 )
3248 return 1;
3249
3250 if( u->d[0] == limb )
3251 return 0;
3252 else if( u->d[0] > limb )
3253 return 1;
3254 else
3255 return -1;
3256 }
3257
3258 int
3259 mpi_cmp( MPI u, MPI v )
3260 {
3261 mpi_size_t usize, vsize;
3262 int cmp;
3263
3264 mpi_normalize( u );
3265 mpi_normalize( v );
3266 usize = u->nlimbs;
3267 vsize = v->nlimbs;
3268 if( !u->sign && v->sign )
3269 return 1;
3270 if( u->sign && !v->sign )
3271 return -1;
3272 if( usize != vsize && !u->sign && !v->sign )
3273 return usize - vsize;
3274 if( usize != vsize && u->sign && v->sign )
3275 return vsize + usize;
3276 if( !usize )
3277 return 0;
3278 if( !(cmp=mpihelp_cmp( u->d, v->d, usize )) )
3279 return 0;
3280 if( (cmp < 0?1:0) == (u->sign?1:0))
3281 return 1;
3282 return -1;
3283 }
3284
3285
-(0 . 0)(1 . 316)
3290 /* mpi-div.c - MPI functions
3291 * Modified by No Such Labs. (C) 2015. See README.
3292 *
3293 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
3294 * SHA256(gnupg-1.4.10.tar.gz):
3295 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
3296 * (C) 1994-2005 Free Software Foundation, Inc.
3297 *
3298 * This program is free software: you can redistribute it and/or modify
3299 * it under the terms of the GNU General Public License as published by
3300 * the Free Software Foundation, either version 3 of the License, or
3301 * (at your option) any later version.
3302 *
3303 * This program is distributed in the hope that it will be useful,
3304 * but WITHOUT ANY WARRANTY; without even the implied warranty of
3305 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3306 * GNU General Public License for more details.
3307 *
3308 * You should have received a copy of the GNU General Public License
3309 * along with this program. If not, see <http://www.gnu.org/licenses/>.
3310 */
3311
3312 #include <stdio.h>
3313 #include <stdlib.h>
3314
3315 #include "knobs.h"
3316 #include "mpi-internal.h"
3317 #include "longlong.h"
3318
3319
3320
3321 void
3322 mpi_fdiv_r( MPI rem, MPI dividend, MPI divisor )
3323 {
3324 int divisor_sign = divisor->sign;
3325 MPI temp_divisor = NULL;
3326
3327 /* We need the original value of the divisor after the remainder has been
3328 * preliminary calculated. We have to copy it to temporary space if it's
3329 * the same variable as REM. */
3330 if( rem == divisor ) {
3331 temp_divisor = mpi_copy( divisor );
3332 divisor = temp_divisor;
3333 }
3334
3335 mpi_tdiv_r( rem, dividend, divisor );
3336
3337 if( ((divisor_sign?1:0) ^ (dividend->sign?1:0)) && rem->nlimbs )
3338 mpi_add( rem, rem, divisor);
3339
3340 if( temp_divisor )
3341 mpi_free(temp_divisor);
3342 }
3343
3344
3345
3346 /****************
3347 * Division rounding the quotient towards -infinity.
3348 * The remainder gets the same sign as the denominator.
3349 * rem is optional
3350 */
3351
3352 ulong
3353 mpi_fdiv_r_ui( MPI rem, MPI dividend, ulong divisor )
3354 {
3355 mpi_limb_t rlimb;
3356
3357 rlimb = mpihelp_mod_1( dividend->d, dividend->nlimbs, divisor );
3358 if( rlimb && dividend->sign )
3359 rlimb = divisor - rlimb;
3360
3361 if( rem ) {
3362 rem->d[0] = rlimb;
3363 rem->nlimbs = rlimb? 1:0;
3364 }
3365 return rlimb;
3366 }
3367
3368
3369 void
3370 mpi_fdiv_q( MPI quot, MPI dividend, MPI divisor )
3371 {
3372 MPI tmp = mpi_alloc( mpi_get_nlimbs(quot) );
3373 mpi_fdiv_qr( quot, tmp, dividend, divisor);
3374 mpi_free(tmp);
3375 }
3376
3377 void
3378 mpi_fdiv_qr( MPI quot, MPI rem, MPI dividend, MPI divisor )
3379 {
3380 int divisor_sign = divisor->sign;
3381 MPI temp_divisor = NULL;
3382
3383 if( quot == divisor || rem == divisor ) {
3384 temp_divisor = mpi_copy( divisor );
3385 divisor = temp_divisor;
3386 }
3387
3388 mpi_tdiv_qr( quot, rem, dividend, divisor );
3389
3390 if( (divisor_sign ^ dividend->sign) && rem->nlimbs ) {
3391 mpi_sub_ui( quot, quot, 1 );
3392 mpi_add( rem, rem, divisor);
3393 }
3394
3395 if( temp_divisor )
3396 mpi_free(temp_divisor);
3397 }
3398
3399
3400 /* If den == quot, den needs temporary storage.
3401 * If den == rem, den needs temporary storage.
3402 * If num == quot, num needs temporary storage.
3403 * If den has temporary storage, it can be normalized while being copied,
3404 * i.e no extra storage should be allocated.
3405 */
3406
3407 void
3408 mpi_tdiv_r( MPI rem, MPI num, MPI den)
3409 {
3410 mpi_tdiv_qr(NULL, rem, num, den );
3411 }
3412
3413 void
3414 mpi_tdiv_qr( MPI quot, MPI rem, MPI num, MPI den)
3415 {
3416 mpi_ptr_t np, dp;
3417 mpi_ptr_t qp, rp;
3418 mpi_size_t nsize = num->nlimbs;
3419 mpi_size_t dsize = den->nlimbs;
3420 mpi_size_t qsize, rsize;
3421 mpi_size_t sign_remainder = num->sign;
3422 mpi_size_t sign_quotient = num->sign ^ den->sign;
3423 unsigned normalization_steps;
3424 mpi_limb_t q_limb;
3425 mpi_ptr_t marker[5];
3426 int markidx=0;
3427
3428 /* Ensure space is enough for quotient and remainder.
3429 * We need space for an extra limb in the remainder, because it's
3430 * up-shifted (normalized) below. */
3431 rsize = nsize + 1;
3432 mpi_resize( rem, rsize);
3433
3434 qsize = rsize - dsize; /* qsize cannot be bigger than this. */
3435 if( qsize <= 0 ) {
3436 if( num != rem ) {
3437 rem->nlimbs = num->nlimbs;
3438 rem->sign = num->sign;
3439 MPN_COPY(rem->d, num->d, nsize);
3440 }
3441 if( quot ) {
3442 /* This needs to follow the assignment to rem, in case the
3443 * numerator and quotient are the same. */
3444 quot->nlimbs = 0;
3445 quot->sign = 0;
3446 }
3447 return;
3448 }
3449
3450 if( quot )
3451 mpi_resize( quot, qsize);
3452
3453 /* Read pointers here, when reallocation is finished. */
3454 np = num->d;
3455 dp = den->d;
3456 rp = rem->d;
3457
3458 /* Optimize division by a single-limb divisor. */
3459 if( dsize == 1 ) {
3460 mpi_limb_t rlimb;
3461 if( quot ) {
3462 qp = quot->d;
3463 rlimb = mpihelp_divmod_1( qp, np, nsize, dp[0] );
3464 qsize -= qp[qsize - 1] == 0;
3465 quot->nlimbs = qsize;
3466 quot->sign = sign_quotient;
3467 }
3468 else
3469 rlimb = mpihelp_mod_1( np, nsize, dp[0] );
3470 rp[0] = rlimb;
3471 rsize = rlimb != 0?1:0;
3472 rem->nlimbs = rsize;
3473 rem->sign = sign_remainder;
3474 return;
3475 }
3476
3477
3478 if( quot ) {
3479 qp = quot->d;
3480 /* Make sure QP and NP point to different objects. Otherwise the
3481 * numerator would be gradually overwritten by the quotient limbs. */
3482 if(qp == np) { /* Copy NP object to temporary space. */
3483 np = marker[markidx++] = mpi_alloc_limb_space(nsize,
3484 mpi_is_secure(quot));
3485 MPN_COPY(np, qp, nsize);
3486 }
3487 }
3488 else /* Put quotient at top of remainder. */
3489 qp = rp + dsize;
3490
3491 count_leading_zeros( normalization_steps, dp[dsize - 1] );
3492
3493 /* Normalize the denominator, i.e. make its most significant bit set by
3494 * shifting it NORMALIZATION_STEPS bits to the left. Also shift the
3495 * numerator the same number of steps (to keep the quotient the same!).
3496 */
3497 if( normalization_steps ) {
3498 mpi_ptr_t tp;
3499 mpi_limb_t nlimb;
3500
3501 /* Shift up the denominator setting the most significant bit of
3502 * the most significant word. Use temporary storage not to clobber
3503 * the original contents of the denominator. */
3504 tp = marker[markidx++] = mpi_alloc_limb_space(dsize,mpi_is_secure(den));
3505 mpihelp_lshift( tp, dp, dsize, normalization_steps );
3506 dp = tp;
3507
3508 /* Shift up the numerator, possibly introducing a new most
3509 * significant word. Move the shifted numerator in the remainder
3510 * meanwhile. */
3511 nlimb = mpihelp_lshift(rp, np, nsize, normalization_steps);
3512 if( nlimb ) {
3513 rp[nsize] = nlimb;
3514 rsize = nsize + 1;
3515 }
3516 else
3517 rsize = nsize;
3518 }
3519 else {
3520 /* The denominator is already normalized, as required. Copy it to
3521 * temporary space if it overlaps with the quotient or remainder. */
3522 if( dp == rp || (quot && (dp == qp))) {
3523 mpi_ptr_t tp;
3524
3525 tp = marker[markidx++] = mpi_alloc_limb_space(dsize, mpi_is_secure(den));
3526 MPN_COPY( tp, dp, dsize );
3527 dp = tp;
3528 }
3529
3530 /* Move the numerator to the remainder. */
3531 if( rp != np )
3532 MPN_COPY(rp, np, nsize);
3533
3534 rsize = nsize;
3535 }
3536
3537 q_limb = mpihelp_divrem( qp, 0, rp, rsize, dp, dsize );
3538
3539 if( quot ) {
3540 qsize = rsize - dsize;
3541 if(q_limb) {
3542 qp[qsize] = q_limb;
3543 qsize += 1;
3544 }
3545
3546 quot->nlimbs = qsize;
3547 quot->sign = sign_quotient;
3548 }
3549
3550 rsize = dsize;
3551 MPN_NORMALIZE (rp, rsize);
3552
3553 if( normalization_steps && rsize ) {
3554 mpihelp_rshift(rp, rp, rsize, normalization_steps);
3555 rsize -= rp[rsize - 1] == 0?1:0;
3556 }
3557
3558 rem->nlimbs = rsize;
3559 rem->sign = sign_remainder;
3560 while( markidx )
3561 mpi_free_limb_space(marker[--markidx]);
3562 }
3563
3564 void
3565 mpi_tdiv_q_2exp( MPI w, MPI u, unsigned count )
3566 {
3567 mpi_size_t usize, wsize;
3568 mpi_size_t limb_cnt;
3569
3570 usize = u->nlimbs;
3571 limb_cnt = count / BITS_PER_MPI_LIMB;
3572 wsize = usize - limb_cnt;
3573 if( limb_cnt >= usize )
3574 w->nlimbs = 0;
3575 else {
3576 mpi_ptr_t wp;
3577 mpi_ptr_t up;
3578
3579 RESIZE_IF_NEEDED( w, wsize );
3580 wp = w->d;
3581 up = u->d;
3582
3583 count %= BITS_PER_MPI_LIMB;
3584 if( count ) {
3585 mpihelp_rshift( wp, up + limb_cnt, wsize, count );
3586 wsize -= !wp[wsize - 1];
3587 }
3588 else {
3589 MPN_COPY_INCR( wp, up + limb_cnt, wsize);
3590 }
3591
3592 w->nlimbs = wsize;
3593 }
3594 }
3595
3596 /****************
3597 * Check whether dividend is divisible by divisor
3598 * (note: divisor must fit into a limb)
3599 */
3600 int
3601 mpi_divisible_ui(MPI dividend, ulong divisor )
3602 {
3603 return !mpihelp_mod_1( dividend->d, dividend->nlimbs, divisor );
3604 }
3605
-(0 . 0)(1 . 57)
3610 /* mpi-gcd.c - MPI functions
3611 * Modified by No Such Labs. (C) 2015. See README.
3612 *
3613 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
3614 * SHA256(gnupg-1.4.10.tar.gz):
3615 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
3616 * (C) 1994-2005 Free Software Foundation, Inc.
3617 *
3618 * This program is free software: you can redistribute it and/or modify
3619 * it under the terms of the GNU General Public License as published by
3620 * the Free Software Foundation, either version 3 of the License, or
3621 * (at your option) any later version.
3622 *
3623 * This program is distributed in the hope that it will be useful,
3624 * but WITHOUT ANY WARRANTY; without even the implied warranty of
3625 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3626 * GNU General Public License for more details.
3627 *
3628 * You should have received a copy of the GNU General Public License
3629 * along with this program. If not, see <http://www.gnu.org/licenses/>.
3630 */
3631
3632 #include <stdio.h>
3633 #include <stdlib.h>
3634
3635 #include "knobs.h"
3636 #include "mpi-internal.h"
3637
3638 /****************
3639 * Find the greatest common divisor G of A and B.
3640 * Return: true if this 1, false in all other cases
3641 */
3642 int
3643 mpi_gcd( MPI g, MPI xa, MPI xb )
3644 {
3645 MPI a, b;
3646
3647 a = mpi_copy(xa);
3648 b = mpi_copy(xb);
3649
3650 /* TAOCP Vol II, 4.5.2, Algorithm A */
3651 a->sign = 0;
3652 b->sign = 0;
3653 while( mpi_cmp_ui( b, 0 ) ) {
3654 mpi_fdiv_r( g, a, b ); /* g used as temorary variable */
3655 mpi_set(a,b);
3656 mpi_set(b,g);
3657 }
3658 mpi_set(g, a);
3659
3660 mpi_free(a);
3661 mpi_free(b);
3662 return !mpi_cmp_ui( g, 1);
3663 }
3664
3665
3666
-(0 . 0)(1 . 39)
3671 /* mpi-inline.c
3672 * Modified by No Such Labs. (C) 2015. See README.
3673 *
3674 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
3675 * SHA256(gnupg-1.4.10.tar.gz):
3676 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
3677 * (C) 1994-2005 Free Software Foundation, Inc.
3678 *
3679 * This program is free software: you can redistribute it and/or modify
3680 * it under the terms of the GNU General Public License as published by
3681 * the Free Software Foundation, either version 3 of the License, or
3682 * (at your option) any later version.
3683 *
3684 * This program is distributed in the hope that it will be useful,
3685 * but WITHOUT ANY WARRANTY; without even the implied warranty of
3686 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3687 * GNU General Public License for more details.
3688 *
3689 * You should have received a copy of the GNU General Public License
3690 * along with this program. If not, see <http://www.gnu.org/licenses/>.
3691 */
3692
3693 #include <stdio.h>
3694 #include <stdlib.h>
3695
3696 #include "knobs.h"
3697
3698 /* put the inline functions as real functions into the lib */
3699 #define G10_MPI_INLINE_DECL
3700
3701 #include "mpi-internal.h"
3702
3703 /* always include the header becuase it is only
3704 * included by mpi-internal if __GCC__ is defined but we
3705 * need it here in all cases and the above definition of
3706 * of the macro allows us to do so
3707 */
3708 #include "mpi-inline.h"
3709
-(0 . 0)(1 . 270)
3714 /* mpi-inv.c - MPI functions
3715 * Modified by No Such Labs. (C) 2015. See README.
3716 *
3717 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
3718 * SHA256(gnupg-1.4.10.tar.gz):
3719 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
3720 * (C) 1994-2005 Free Software Foundation, Inc.
3721 *
3722 * This program is free software: you can redistribute it and/or modify
3723 * it under the terms of the GNU General Public License as published by
3724 * the Free Software Foundation, either version 3 of the License, or
3725 * (at your option) any later version.
3726 *
3727 * This program is distributed in the hope that it will be useful,
3728 * but WITHOUT ANY WARRANTY; without even the implied warranty of
3729 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3730 * GNU General Public License for more details.
3731 *
3732 * You should have received a copy of the GNU General Public License
3733 * along with this program. If not, see <http://www.gnu.org/licenses/>.
3734 */
3735
3736 #include <stdio.h>
3737 #include <stdlib.h>
3738
3739 #include "knobs.h"
3740 #include "mpi-internal.h"
3741
3742
3743 /****************
3744 * Calculate the multiplicative inverse X of A mod N
3745 * That is: Find the solution x for
3746 * 1 = (a*x) mod n
3747 */
3748 void
3749 mpi_invm( MPI x, MPI a, MPI n )
3750 {
3751 #if 0
3752 MPI u, v, u1, u2, u3, v1, v2, v3, q, t1, t2, t3;
3753 MPI ta, tb, tc;
3754
3755 u = mpi_copy(a);
3756 v = mpi_copy(n);
3757 u1 = mpi_alloc_set_ui(1);
3758 u2 = mpi_alloc_set_ui(0);
3759 u3 = mpi_copy(u);
3760 v1 = mpi_alloc_set_ui(0);
3761 v2 = mpi_alloc_set_ui(1);
3762 v3 = mpi_copy(v);
3763 q = mpi_alloc( mpi_get_nlimbs(u)+1 );
3764 t1 = mpi_alloc( mpi_get_nlimbs(u)+1 );
3765 t2 = mpi_alloc( mpi_get_nlimbs(u)+1 );
3766 t3 = mpi_alloc( mpi_get_nlimbs(u)+1 );
3767 while( mpi_cmp_ui( v3, 0 ) ) {
3768 mpi_fdiv_q( q, u3, v3 );
3769 mpi_mul(t1, v1, q); mpi_mul(t2, v2, q); mpi_mul(t3, v3, q);
3770 mpi_sub(t1, u1, t1); mpi_sub(t2, u2, t2); mpi_sub(t3, u3, t3);
3771 mpi_set(u1, v1); mpi_set(u2, v2); mpi_set(u3, v3);
3772 mpi_set(v1, t1); mpi_set(v2, t2); mpi_set(v3, t3);
3773 }
3774 /* log_debug("result:\n");
3775 log_mpidump("q =", q );
3776 log_mpidump("u1=", u1);
3777 log_mpidump("u2=", u2);
3778 log_mpidump("u3=", u3);
3779 log_mpidump("v1=", v1);
3780 log_mpidump("v2=", v2); */
3781 mpi_set(x, u1);
3782
3783 mpi_free(u1);
3784 mpi_free(u2);
3785 mpi_free(u3);
3786 mpi_free(v1);
3787 mpi_free(v2);
3788 mpi_free(v3);
3789 mpi_free(q);
3790 mpi_free(t1);
3791 mpi_free(t2);
3792 mpi_free(t3);
3793 mpi_free(u);
3794 mpi_free(v);
3795 #elif 0
3796 /* Extended Euclid's algorithm (See TAOPC Vol II, 4.5.2, Alg X)
3797 * modified according to Michael Penk's solution for Exercice 35 */
3798
3799 /* FIXME: we can simplify this in most cases (see Knuth) */
3800 MPI u, v, u1, u2, u3, v1, v2, v3, t1, t2, t3;
3801 unsigned k;
3802 int sign;
3803
3804 u = mpi_copy(a);
3805 v = mpi_copy(n);
3806 for(k=0; !mpi_test_bit(u,0) && !mpi_test_bit(v,0); k++ ) {
3807 mpi_rshift(u, u, 1);
3808 mpi_rshift(v, v, 1);
3809 }
3810
3811
3812 u1 = mpi_alloc_set_ui(1);
3813 u2 = mpi_alloc_set_ui(0);
3814 u3 = mpi_copy(u);
3815 v1 = mpi_copy(v); /* !-- used as const 1 */
3816 v2 = mpi_alloc( mpi_get_nlimbs(u) ); mpi_sub( v2, u1, u );
3817 v3 = mpi_copy(v);
3818 if( mpi_test_bit(u, 0) ) { /* u is odd */
3819 t1 = mpi_alloc_set_ui(0);
3820 t2 = mpi_alloc_set_ui(1); t2->sign = 1;
3821 t3 = mpi_copy(v); t3->sign = !t3->sign;
3822 goto Y4;
3823 }
3824 else {
3825 t1 = mpi_alloc_set_ui(1);
3826 t2 = mpi_alloc_set_ui(0);
3827 t3 = mpi_copy(u);
3828 }
3829 do {
3830 do {
3831 if( mpi_test_bit(t1, 0) || mpi_test_bit(t2, 0) ) { /* one is odd */
3832 mpi_add(t1, t1, v);
3833 mpi_sub(t2, t2, u);
3834 }
3835 mpi_rshift(t1, t1, 1);
3836 mpi_rshift(t2, t2, 1);
3837 mpi_rshift(t3, t3, 1);
3838 Y4:
3839 ;
3840 } while( !mpi_test_bit( t3, 0 ) ); /* while t3 is even */
3841
3842 if( !t3->sign ) {
3843 mpi_set(u1, t1);
3844 mpi_set(u2, t2);
3845 mpi_set(u3, t3);
3846 }
3847 else {
3848 mpi_sub(v1, v, t1);
3849 sign = u->sign; u->sign = !u->sign;
3850 mpi_sub(v2, u, t2);
3851 u->sign = sign;
3852 sign = t3->sign; t3->sign = !t3->sign;
3853 mpi_set(v3, t3);
3854 t3->sign = sign;
3855 }
3856 mpi_sub(t1, u1, v1);
3857 mpi_sub(t2, u2, v2);
3858 mpi_sub(t3, u3, v3);
3859 if( t1->sign ) {
3860 mpi_add(t1, t1, v);
3861 mpi_sub(t2, t2, u);
3862 }
3863 } while( mpi_cmp_ui( t3, 0 ) ); /* while t3 != 0 */
3864 /* mpi_lshift( u3, k ); */
3865 mpi_set(x, u1);
3866
3867 mpi_free(u1);
3868 mpi_free(u2);
3869 mpi_free(u3);
3870 mpi_free(v1);
3871 mpi_free(v2);
3872 mpi_free(v3);
3873 mpi_free(t1);
3874 mpi_free(t2);
3875 mpi_free(t3);
3876 #else
3877 /* Extended Euclid's algorithm (See TAOPC Vol II, 4.5.2, Alg X)
3878 * modified according to Michael Penk's solution for Exercice 35
3879 * with further enhancement */
3880 MPI u, v, u1, u2=NULL, u3, v1, v2=NULL, v3, t1, t2=NULL, t3;
3881 unsigned k;
3882 int sign;
3883 int odd ;
3884
3885 u = mpi_copy(a);
3886 v = mpi_copy(n);
3887
3888 for(k=0; !mpi_test_bit(u,0) && !mpi_test_bit(v,0); k++ ) {
3889 mpi_rshift(u, u, 1);
3890 mpi_rshift(v, v, 1);
3891 }
3892 odd = mpi_test_bit(v,0);
3893
3894 u1 = mpi_alloc_set_ui(1);
3895 if( !odd )
3896 u2 = mpi_alloc_set_ui(0);
3897 u3 = mpi_copy(u);
3898 v1 = mpi_copy(v);
3899 if( !odd ) {
3900 v2 = mpi_alloc( mpi_get_nlimbs(u) );
3901 mpi_sub( v2, u1, u ); /* U is used as const 1 */
3902 }
3903 v3 = mpi_copy(v);
3904 if( mpi_test_bit(u, 0) ) { /* u is odd */
3905 t1 = mpi_alloc_set_ui(0);
3906 if( !odd ) {
3907 t2 = mpi_alloc_set_ui(1); t2->sign = 1;
3908 }
3909 t3 = mpi_copy(v); t3->sign = !t3->sign;
3910 goto Y4;
3911 }
3912 else {
3913 t1 = mpi_alloc_set_ui(1);
3914 if( !odd )
3915 t2 = mpi_alloc_set_ui(0);
3916 t3 = mpi_copy(u);
3917 }
3918 do {
3919 do {
3920 if( !odd ) {
3921 if( mpi_test_bit(t1, 0) || mpi_test_bit(t2, 0) ) { /* one is odd */
3922 mpi_add(t1, t1, v);
3923 mpi_sub(t2, t2, u);
3924 }
3925 mpi_rshift(t1, t1, 1);
3926 mpi_rshift(t2, t2, 1);
3927 mpi_rshift(t3, t3, 1);
3928 }
3929 else {
3930 if( mpi_test_bit(t1, 0) )
3931 mpi_add(t1, t1, v);
3932 mpi_rshift(t1, t1, 1);
3933 mpi_rshift(t3, t3, 1);
3934 }
3935 Y4:
3936 ;
3937 } while( !mpi_test_bit( t3, 0 ) ); /* while t3 is even */
3938
3939 if( !t3->sign ) {
3940 mpi_set(u1, t1);
3941 if( !odd )
3942 mpi_set(u2, t2);
3943 mpi_set(u3, t3);
3944 }
3945 else {
3946 mpi_sub(v1, v, t1);
3947 sign = u->sign; u->sign = !u->sign;
3948 if( !odd )
3949 mpi_sub(v2, u, t2);
3950 u->sign = sign;
3951 sign = t3->sign; t3->sign = !t3->sign;
3952 mpi_set(v3, t3);
3953 t3->sign = sign;
3954 }
3955 mpi_sub(t1, u1, v1);
3956 if( !odd )
3957 mpi_sub(t2, u2, v2);
3958 mpi_sub(t3, u3, v3);
3959 if( t1->sign ) {
3960 mpi_add(t1, t1, v);
3961 if( !odd )
3962 mpi_sub(t2, t2, u);
3963 }
3964 } while( mpi_cmp_ui( t3, 0 ) ); /* while t3 != 0 */
3965 /* mpi_lshift( u3, k ); */
3966 mpi_set(x, u1);
3967
3968 mpi_free(u1);
3969 mpi_free(v1);
3970 mpi_free(t1);
3971 if( !odd ) {
3972 mpi_free(u2);
3973 mpi_free(v2);
3974 mpi_free(t2);
3975 }
3976 mpi_free(u3);
3977 mpi_free(v3);
3978 mpi_free(t3);
3979
3980 mpi_free(u);
3981 mpi_free(v);
3982 #endif
3983 }
-(0 . 0)(1 . 103)
3988 /* mpi-mpow.c - MPI functions
3989 * Modified by No Such Labs. (C) 2015. See README.
3990 *
3991 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
3992 * SHA256(gnupg-1.4.10.tar.gz):
3993 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
3994 * (C) 1994-2005 Free Software Foundation, Inc.
3995 *
3996 * This program is free software: you can redistribute it and/or modify
3997 * it under the terms of the GNU General Public License as published by
3998 * the Free Software Foundation, either version 3 of the License, or
3999 * (at your option) any later version.
4000 *
4001 * This program is distributed in the hope that it will be useful,
4002 * but WITHOUT ANY WARRANTY; without even the implied warranty of
4003 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4004 * GNU General Public License for more details.
4005 *
4006 * You should have received a copy of the GNU General Public License
4007 * along with this program. If not, see <http://www.gnu.org/licenses/>.
4008 */
4009
4010 #include <stdio.h>
4011 #include <stdlib.h>
4012 #include <assert.h>
4013
4014 #include "knobs.h"
4015 #include "mpi-internal.h"
4016 #include "longlong.h"
4017
4018
4019 static int
4020 build_index( MPI *exparray, int k, int i, int t )
4021 {
4022 int j, bitno;
4023 int idx = 0;
4024
4025 bitno = t-i;
4026 for(j=k-1; j >= 0; j-- ) {
4027 idx <<= 1;
4028 if( mpi_test_bit( exparray[j], bitno ) )
4029 idx |= 1;
4030 }
4031 return idx;
4032 }
4033
4034 /****************
4035 * RES = (BASE[0] ^ EXP[0]) * (BASE[1] ^ EXP[1]) * ... * mod M
4036 */
4037 void
4038 mpi_mulpowm( MPI res, MPI *basearray, MPI *exparray, MPI m)
4039 {
4040 int k; /* number of elements */
4041 int t; /* bit size of largest exponent */
4042 int i, j, idx;
4043 MPI *G; /* table with precomputed values of size 2^k */
4044 MPI tmp;
4045
4046 for(k=0; basearray[k]; k++ )
4047 ;
4048 assert(k);
4049 for(t=0, i=0; (tmp=exparray[i]); i++ ) {
4050 j = mpi_get_nbits(tmp);
4051 if( j > t )
4052 t = j;
4053 }
4054 assert(i==k);
4055 assert(t);
4056 assert( k < 10 );
4057
4058 G = xmalloc_clear( (1<<k) * sizeof *G );
4059 /* and calculate */
4060 tmp = mpi_alloc( mpi_get_nlimbs(m)+1 );
4061 mpi_set_ui( res, 1 );
4062 for(i = 1; i <= t; i++ ) {
4063 mpi_mulm(tmp, res, res, m );
4064 idx = build_index( exparray, k, i, t );
4065 assert( idx >= 0 && idx < (1<<k) );
4066 if( !G[idx] ) {
4067 if( !idx )
4068 G[0] = mpi_alloc_set_ui( 1 );
4069 else {
4070 for(j=0; j < k; j++ ) {
4071 if( (idx & (1<<j) ) ) {
4072 if( !G[idx] )
4073 G[idx] = mpi_copy( basearray[j] );
4074 else
4075 mpi_mulm( G[idx], G[idx], basearray[j], m );
4076 }
4077 }
4078 if( !G[idx] )
4079 G[idx] = mpi_alloc(0);
4080 }
4081 }
4082 mpi_mulm(res, tmp, G[idx], m );
4083 }
4084
4085 /* cleanup */
4086 mpi_free(tmp);
4087 for(i=0; i < (1<<k); i++ )
4088 mpi_free(G[i]);
4089 xfree(G);
4090 }
-(0 . 0)(1 . 209)
4095 /* mpi-mul.c - MPI functions
4096 * Modified by No Such Labs. (C) 2015. See README.
4097 *
4098 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
4099 * SHA256(gnupg-1.4.10.tar.gz):
4100 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
4101 * (C) 1994-2005 Free Software Foundation, Inc.
4102 *
4103 * This program is free software: you can redistribute it and/or modify
4104 * it under the terms of the GNU General Public License as published by
4105 * the Free Software Foundation, either version 3 of the License, or
4106 * (at your option) any later version.
4107 *
4108 * This program is distributed in the hope that it will be useful,
4109 * but WITHOUT ANY WARRANTY; without even the implied warranty of
4110 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4111 * GNU General Public License for more details.
4112 *
4113 * You should have received a copy of the GNU General Public License
4114 * along with this program. If not, see <http://www.gnu.org/licenses/>.
4115 */
4116
4117 #include <stdio.h>
4118 #include <stdlib.h>
4119
4120 #include "knobs.h"
4121 #include "mpi-internal.h"
4122
4123
4124 void
4125 mpi_mul_ui( MPI prod, MPI mult, unsigned long small_mult )
4126 {
4127 mpi_size_t size, prod_size;
4128 mpi_ptr_t prod_ptr;
4129 mpi_limb_t cy;
4130 int sign;
4131
4132 size = mult->nlimbs;
4133 sign = mult->sign;
4134
4135 if( !size || !small_mult ) {
4136 prod->nlimbs = 0;
4137 prod->sign = 0;
4138 return;
4139 }
4140
4141 prod_size = size + 1;
4142 if( prod->alloced < prod_size )
4143 mpi_resize( prod, prod_size );
4144 prod_ptr = prod->d;
4145
4146 cy = mpihelp_mul_1( prod_ptr, mult->d, size, (mpi_limb_t)small_mult );
4147 if( cy )
4148 prod_ptr[size++] = cy;
4149 prod->nlimbs = size;
4150 prod->sign = sign;
4151 }
4152
4153
4154 void
4155 mpi_mul_2exp( MPI w, MPI u, unsigned long cnt)
4156 {
4157 mpi_size_t usize, wsize, limb_cnt;
4158 mpi_ptr_t wp;
4159 mpi_limb_t wlimb;
4160 int usign, wsign;
4161
4162 usize = u->nlimbs;
4163 usign = u->sign;
4164
4165 if( !usize ) {
4166 w->nlimbs = 0;
4167 w->sign = 0;
4168 return;
4169 }
4170
4171 limb_cnt = cnt / BITS_PER_MPI_LIMB;
4172 wsize = usize + limb_cnt + 1;
4173 if( w->alloced < wsize )
4174 mpi_resize(w, wsize );
4175 wp = w->d;
4176 wsize = usize + limb_cnt;
4177 wsign = usign;
4178
4179 cnt %= BITS_PER_MPI_LIMB;
4180 if( cnt ) {
4181 wlimb = mpihelp_lshift( wp + limb_cnt, u->d, usize, cnt );
4182 if( wlimb ) {
4183 wp[wsize] = wlimb;
4184 wsize++;
4185 }
4186 }
4187 else {
4188 MPN_COPY_DECR( wp + limb_cnt, u->d, usize );
4189 }
4190
4191 /* Zero all whole limbs at low end. Do it here and not before calling
4192 * mpn_lshift, not to lose for U == W. */
4193 MPN_ZERO( wp, limb_cnt );
4194
4195 w->nlimbs = wsize;
4196 w->sign = wsign;
4197 }
4198
4199
4200
4201 void
4202 mpi_mul( MPI w, MPI u, MPI v)
4203 {
4204 mpi_size_t usize, vsize, wsize;
4205 mpi_ptr_t up, vp, wp;
4206 mpi_limb_t cy;
4207 int usign, vsign, usecure, vsecure, sign_product;
4208 int assign_wp=0;
4209 mpi_ptr_t tmp_limb=NULL;
4210
4211
4212 if( u->nlimbs < v->nlimbs ) { /* Swap U and V. */
4213 usize = v->nlimbs;
4214 usign = v->sign;
4215 usecure = mpi_is_secure(v);
4216 up = v->d;
4217 vsize = u->nlimbs;
4218 vsign = u->sign;
4219 vsecure = mpi_is_secure(u);
4220 vp = u->d;
4221 }
4222 else {
4223 usize = u->nlimbs;
4224 usign = u->sign;
4225 usecure = mpi_is_secure(u);
4226 up = u->d;
4227 vsize = v->nlimbs;
4228 vsign = v->sign;
4229 vsecure = mpi_is_secure(v);
4230 vp = v->d;
4231 }
4232 sign_product = usign ^ vsign;
4233 wp = w->d;
4234
4235 /* Ensure W has space enough to store the result. */
4236 wsize = usize + vsize;
4237 if ( !mpi_is_secure (w) && (mpi_is_secure (u) || mpi_is_secure (v)) ) {
4238 /* w is not allocated in secure space but u or v is. To make sure
4239 * that no temporray results are stored in w, we temporary use
4240 * a newly allocated limb space for w */
4241 wp = mpi_alloc_limb_space( wsize, 1 );
4242 assign_wp = 2; /* mark it as 2 so that we can later copy it back to
4243 * mormal memory */
4244 }
4245 else if( w->alloced < wsize ) {
4246 if( wp == up || wp == vp ) {
4247 wp = mpi_alloc_limb_space( wsize, mpi_is_secure(w) );
4248 assign_wp = 1;
4249 }
4250 else {
4251 mpi_resize(w, wsize );
4252 wp = w->d;
4253 }
4254 }
4255 else { /* Make U and V not overlap with W. */
4256 if( wp == up ) {
4257 /* W and U are identical. Allocate temporary space for U. */
4258 up = tmp_limb = mpi_alloc_limb_space( usize, usecure );
4259 /* Is V identical too? Keep it identical with U. */
4260 if( wp == vp )
4261 vp = up;
4262 /* Copy to the temporary space. */
4263 MPN_COPY( up, wp, usize );
4264 }
4265 else if( wp == vp ) {
4266 /* W and V are identical. Allocate temporary space for V. */
4267 vp = tmp_limb = mpi_alloc_limb_space( vsize, vsecure );
4268 /* Copy to the temporary space. */
4269 MPN_COPY( vp, wp, vsize );
4270 }
4271 }
4272
4273 if( !vsize )
4274 wsize = 0;
4275 else {
4276 cy = mpihelp_mul( wp, up, usize, vp, vsize );
4277 wsize -= cy? 0:1;
4278 }
4279
4280 if( assign_wp ) {
4281 if (assign_wp == 2) {
4282 /* copy the temp wp from secure memory back to normal memory */
4283 mpi_ptr_t tmp_wp = mpi_alloc_limb_space (wsize, 0);
4284 MPN_COPY (tmp_wp, wp, wsize);
4285 mpi_free_limb_space (wp);
4286 wp = tmp_wp;
4287 }
4288 mpi_assign_limb_space( w, wp, wsize );
4289 }
4290 w->nlimbs = wsize;
4291 w->sign = sign_product;
4292 if( tmp_limb )
4293 mpi_free_limb_space( tmp_limb );
4294 }
4295
4296
4297 void
4298 mpi_mulm( MPI w, MPI u, MPI v, MPI m)
4299 {
4300 mpi_mul(w, u, v);
4301 mpi_fdiv_r( w, w, m );
4302 }
4303
-(0 . 0)(1 . 291)
4308 /* mpi-pow.c - MPI functions
4309 * Modified by No Such Labs. (C) 2015. See README.
4310 *
4311 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
4312 * SHA256(gnupg-1.4.10.tar.gz):
4313 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
4314 * (C) 1994-2005 Free Software Foundation, Inc.
4315 *
4316 * This program is free software: you can redistribute it and/or modify
4317 * it under the terms of the GNU General Public License as published by
4318 * the Free Software Foundation, either version 3 of the License, or
4319 * (at your option) any later version.
4320 *
4321 * This program is distributed in the hope that it will be useful,
4322 * but WITHOUT ANY WARRANTY; without even the implied warranty of
4323 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4324 * GNU General Public License for more details.
4325 *
4326 * You should have received a copy of the GNU General Public License
4327 * along with this program. If not, see <http://www.gnu.org/licenses/>.
4328 */
4329
4330 #include <stdio.h>
4331 #include <stdlib.h>
4332 #include <string.h>
4333 #include <assert.h>
4334
4335 #include "knobs.h"
4336 #include "mpi-internal.h"
4337 #include "longlong.h"
4338
4339
4340
4341 /****************
4342 * RES = BASE ^ EXP mod MOD
4343 */
4344 void
4345 mpi_powm( MPI res, MPI base, MPI exponent, MPI mod)
4346 {
4347 mpi_ptr_t rp, ep, mp, bp;
4348 mpi_size_t esize, msize, bsize, rsize;
4349 int esign, msign, bsign, rsign;
4350 int esec, msec, bsec, rsec;
4351 mpi_size_t size;
4352 int mod_shift_cnt;
4353 int negative_result;
4354 mpi_ptr_t mp_marker=NULL, bp_marker=NULL, ep_marker=NULL;
4355 mpi_ptr_t xp_marker=NULL;
4356 int assign_rp=0;
4357 mpi_ptr_t tspace = NULL;
4358 mpi_size_t tsize=0; /* to avoid compiler warning */
4359 /* fixme: we should check that the warning is void*/
4360
4361 esize = exponent->nlimbs;
4362 msize = mod->nlimbs;
4363 size = 2 * msize;
4364 esign = exponent->sign;
4365 msign = mod->sign;
4366
4367 esec = mpi_is_secure(exponent);
4368 msec = mpi_is_secure(mod);
4369 bsec = mpi_is_secure(base);
4370 rsec = mpi_is_secure(res);
4371
4372 rp = res->d;
4373 ep = exponent->d;
4374
4375 if( !msize )
4376 msize = 1 / msize; /* provoke a signal */
4377
4378 if( !esize ) {
4379 /* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0
4380 * depending on if MOD equals 1. */
4381 rp[0] = 1;
4382 res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1;
4383 res->sign = 0;
4384 goto leave;
4385 }
4386
4387 /* Normalize MOD (i.e. make its most significant bit set) as required by
4388 * mpn_divrem. This will make the intermediate values in the calculation
4389 * slightly larger, but the correct result is obtained after a final
4390 * reduction using the original MOD value. */
4391 mp = mp_marker = mpi_alloc_limb_space(msize, msec);
4392 count_leading_zeros( mod_shift_cnt, mod->d[msize-1] );
4393 if( mod_shift_cnt )
4394 mpihelp_lshift( mp, mod->d, msize, mod_shift_cnt );
4395 else
4396 MPN_COPY( mp, mod->d, msize );
4397
4398 bsize = base->nlimbs;
4399 bsign = base->sign;
4400 if( bsize > msize ) { /* The base is larger than the module. Reduce it. */
4401 /* Allocate (BSIZE + 1) with space for remainder and quotient.
4402 * (The quotient is (bsize - msize + 1) limbs.) */
4403 bp = bp_marker = mpi_alloc_limb_space( bsize + 1, bsec );
4404 MPN_COPY( bp, base->d, bsize );
4405 /* We don't care about the quotient, store it above the remainder,
4406 * at BP + MSIZE. */
4407 mpihelp_divrem( bp + msize, 0, bp, bsize, mp, msize );
4408 bsize = msize;
4409 /* Canonicalize the base, since we are going to multiply with it
4410 * quite a few times. */
4411 MPN_NORMALIZE( bp, bsize );
4412 }
4413 else
4414 bp = base->d;
4415
4416 if( !bsize ) {
4417 res->nlimbs = 0;
4418 res->sign = 0;
4419 goto leave;
4420 }
4421
4422 if( res->alloced < size ) {
4423 /* We have to allocate more space for RES. If any of the input
4424 * parameters are identical to RES, defer deallocation of the old
4425 * space. */
4426 if( rp == ep || rp == mp || rp == bp ) {
4427 rp = mpi_alloc_limb_space( size, rsec );
4428 assign_rp = 1;
4429 }
4430 else {
4431 mpi_resize( res, size );
4432 rp = res->d;
4433 }
4434 }
4435 else { /* Make BASE, EXPONENT and MOD not overlap with RES. */
4436 if( rp == bp ) {
4437 /* RES and BASE are identical. Allocate temp. space for BASE. */
4438 assert( !bp_marker );
4439 bp = bp_marker = mpi_alloc_limb_space( bsize, bsec );
4440 MPN_COPY(bp, rp, bsize);
4441 }
4442 if( rp == ep ) {
4443 /* RES and EXPONENT are identical.
4444 Allocate temp. space for EXPONENT. */
4445 ep = ep_marker = mpi_alloc_limb_space( esize, esec );
4446 MPN_COPY(ep, rp, esize);
4447 }
4448 if( rp == mp ) {
4449 /* RES and MOD are identical. Allocate temporary space for MOD.*/
4450 assert( !mp_marker );
4451 mp = mp_marker = mpi_alloc_limb_space( msize, msec );
4452 MPN_COPY(mp, rp, msize);
4453 }
4454 }
4455
4456 MPN_COPY( rp, bp, bsize );
4457 rsize = bsize;
4458 rsign = bsign;
4459
4460 {
4461 mpi_size_t i;
4462 mpi_ptr_t xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec );
4463 int c;
4464 mpi_limb_t e;
4465 mpi_limb_t carry_limb;
4466 struct karatsuba_ctx karactx;
4467
4468 memset( &karactx, 0, sizeof karactx );
4469 negative_result = (ep[0] & 1) && base->sign;
4470
4471 i = esize - 1;
4472 e = ep[i];
4473 count_leading_zeros (c, e);
4474 e = (e << c) << 1; /* shift the exp bits to the left, lose msb */
4475 c = BITS_PER_MPI_LIMB - 1 - c;
4476
4477 /* Main loop.
4478 *
4479 * Make the result be pointed to alternately by XP and RP. This
4480 * helps us avoid block copying, which would otherwise be necessary
4481 * with the overlap restrictions of mpihelp_divmod. With 50% probability
4482 * the result after this loop will be in the area originally pointed
4483 * by RP (==RES->d), and with 50% probability in the area originally
4484 * pointed to by XP.
4485 */
4486
4487 for(;;) {
4488 while( c ) {
4489 mpi_ptr_t tp;
4490 mpi_size_t xsize;
4491
4492 /*mpihelp_mul_n(xp, rp, rp, rsize);*/
4493 if( rsize < KARATSUBA_THRESHOLD )
4494 mpih_sqr_n_basecase( xp, rp, rsize );
4495 else {
4496 if( !tspace ) {
4497 tsize = 2 * rsize;
4498 tspace = mpi_alloc_limb_space( tsize, 0 );
4499 }
4500 else if( tsize < (2*rsize) ) {
4501 mpi_free_limb_space( tspace );
4502 tsize = 2 * rsize;
4503 tspace = mpi_alloc_limb_space( tsize, 0 );
4504 }
4505 mpih_sqr_n( xp, rp, rsize, tspace );
4506 }
4507
4508 xsize = 2 * rsize;
4509 if( xsize > msize ) {
4510 mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
4511 xsize = msize;
4512 }
4513
4514 tp = rp; rp = xp; xp = tp;
4515 rsize = xsize;
4516
4517 if( (mpi_limb_signed_t)e < 0 ) {
4518 /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
4519 if( bsize < KARATSUBA_THRESHOLD ) {
4520 mpihelp_mul( xp, rp, rsize, bp, bsize );
4521 }
4522 else {
4523 mpihelp_mul_karatsuba_case(
4524 xp, rp, rsize, bp, bsize, &karactx );
4525 }
4526
4527 xsize = rsize + bsize;
4528 if( xsize > msize ) {
4529 mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
4530 xsize = msize;
4531 }
4532
4533 tp = rp; rp = xp; xp = tp;
4534 rsize = xsize;
4535 }
4536 e <<= 1;
4537 c--;
4538 }
4539
4540 i--;
4541 if( i < 0 )
4542 break;
4543 e = ep[i];
4544 c = BITS_PER_MPI_LIMB;
4545 }
4546
4547 /* We shifted MOD, the modulo reduction argument, left MOD_SHIFT_CNT
4548 * steps. Adjust the result by reducing it with the original MOD.
4549 *
4550 * Also make sure the result is put in RES->d (where it already
4551 * might be, see above).
4552 */
4553 if( mod_shift_cnt ) {
4554 carry_limb = mpihelp_lshift( res->d, rp, rsize, mod_shift_cnt);
4555 rp = res->d;
4556 if( carry_limb ) {
4557 rp[rsize] = carry_limb;
4558 rsize++;
4559 }
4560 }
4561 else {
4562 MPN_COPY( res->d, rp, rsize);
4563 rp = res->d;
4564 }
4565
4566 if( rsize >= msize ) {
4567 mpihelp_divrem(rp + msize, 0, rp, rsize, mp, msize);
4568 rsize = msize;
4569 }
4570
4571 /* Remove any leading zero words from the result. */
4572 if( mod_shift_cnt )
4573 mpihelp_rshift( rp, rp, rsize, mod_shift_cnt);
4574 MPN_NORMALIZE (rp, rsize);
4575
4576 mpihelp_release_karatsuba_ctx( &karactx );
4577 }
4578
4579 if( negative_result && rsize ) {
4580 if( mod_shift_cnt )
4581 mpihelp_rshift( mp, mp, msize, mod_shift_cnt);
4582 mpihelp_sub( rp, mp, msize, rp, rsize);
4583 rsize = msize;
4584 rsign = msign;
4585 MPN_NORMALIZE(rp, rsize);
4586 }
4587 res->nlimbs = rsize;
4588 res->sign = rsign;
4589
4590 leave:
4591 if( assign_rp ) mpi_assign_limb_space( res, rp, size );
4592 if( mp_marker ) mpi_free_limb_space( mp_marker );
4593 if( bp_marker ) mpi_free_limb_space( bp_marker );
4594 if( ep_marker ) mpi_free_limb_space( ep_marker );
4595 if( xp_marker ) mpi_free_limb_space( xp_marker );
4596 if( tspace ) mpi_free_limb_space( tspace );
4597 }
4598
-(0 . 0)(1 . 56)
4603 /* mpi-scan.c - MPI functions
4604 * Modified by No Such Labs. (C) 2015. See README.
4605 * Modified by S.MG 2017 (removed code that is not used by eucrypt and at the same time so ugly it needs rewrite anyway)
4606 *
4607 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
4608 * SHA256(gnupg-1.4.10.tar.gz):
4609 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
4610 * (C) 1994-2005 Free Software Foundation, Inc.
4611 *
4612 * This program is free software: you can redistribute it and/or modify
4613 * it under the terms of the GNU General Public License as published by
4614 * the Free Software Foundation, either version 3 of the License, or
4615 * (at your option) any later version.
4616 *
4617 * This program is distributed in the hope that it will be useful,
4618 * but WITHOUT ANY WARRANTY; without even the implied warranty of
4619 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4620 * GNU General Public License for more details.
4621 *
4622 * You should have received a copy of the GNU General Public License
4623 * along with this program. If not, see <http://www.gnu.org/licenses/>.
4624 */
4625
4626 #include <stdio.h>
4627 #include <stdlib.h>
4628
4629 #include "knobs.h"
4630 #include "mpi-internal.h"
4631 #include "longlong.h"
4632
4633
4634 /****************
4635 * Count the number of zerobits at the low end of A
4636 * This is used currently by eucrypt's primality tests.
4637 */
4638 unsigned int
4639 mpi_trailing_zeros( MPI a )
4640 {
4641 unsigned n, count = 0;
4642
4643 for(n=0; n < a->nlimbs; n++ ) {
4644 if( a->d[n] ) {
4645 unsigned nn;
4646 mpi_limb_t alimb = a->d[n];
4647
4648 count_trailing_zeros( nn, alimb );
4649 count += nn;
4650 break;
4651 }
4652 count += BITS_PER_MPI_LIMB;
4653 }
4654 return count;
4655
4656 }
4657
4658
-(0 . 0)(1 . 347)
4663 /* mpicoder.c - Coder for the external representation of MPIs
4664 * Modified by No Such Labs. (C) 2015. See README.
4665 *
4666 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
4667 * SHA256(gnupg-1.4.10.tar.gz):
4668 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
4669 * (C) 1994-2005 Free Software Foundation, Inc.
4670 *
4671 * This program is free software: you can redistribute it and/or modify
4672 * it under the terms of the GNU General Public License as published by
4673 * the Free Software Foundation, either version 3 of the License, or
4674 * (at your option) any later version.
4675 *
4676 * This program is distributed in the hope that it will be useful,
4677 * but WITHOUT ANY WARRANTY; without even the implied warranty of
4678 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4679 * GNU General Public License for more details.
4680 *
4681 * You should have received a copy of the GNU General Public License
4682 * along with this program. If not, see <http://www.gnu.org/licenses/>.
4683 */
4684
4685 #include <stdio.h>
4686 #include <string.h>
4687 #include <stdlib.h>
4688 #include <assert.h>
4689
4690 #include "knobs.h"
4691 #include "mpi.h"
4692 #include "mpi-internal.h"
4693 #include "memory.h"
4694 #include "util.h"
4695
4696 #ifdef M_DEBUG
4697 #undef mpi_read
4698 #endif
4699
4700 #define MAX_EXTERN_MPI_BITS 16384
4701
4702
4703 MPI
4704 mpi_read_from_buffer(byte *buffer, unsigned int *ret_nread, int secure)
4705 {
4706 int i, j;
4707 unsigned nbits, nbytes, nlimbs, nread=0;
4708 mpi_limb_t a;
4709 MPI val = NULL;
4710
4711 if( *ret_nread < 2 )
4712 goto leave;
4713 nbits = buffer[0] << 8 | buffer[1];
4714 if( nbits > MAX_EXTERN_MPI_BITS ) {
4715 log_info ("mpi too large (%u bits)\n", nbits);
4716 goto leave;
4717 }
4718 buffer += 2;
4719 nread = 2;
4720
4721 nbytes = (nbits+7) / 8;
4722 nlimbs = (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB;
4723 val = secure? mpi_alloc_secure( nlimbs )
4724 : mpi_alloc( nlimbs );
4725 i = BYTES_PER_MPI_LIMB - nbytes % BYTES_PER_MPI_LIMB;
4726 i %= BYTES_PER_MPI_LIMB;
4727 val->nbits = nbits;
4728 j= val->nlimbs = nlimbs;
4729 val->sign = 0;
4730 for( ; j > 0; j-- ) {
4731 a = 0;
4732 for(; i < BYTES_PER_MPI_LIMB; i++ ) {
4733 if( ++nread > *ret_nread ) {
4734 /* This (as well as the above error condition) may
4735 happen if we use this function to parse a decrypted
4736 MPI which didn't turn out to be a real MPI - possible
4737 because the supplied key was wrong but the OpenPGP
4738 checksum didn't caught it. */
4739 log_info ("mpi larger than buffer\n");
4740 mpi_free (val);
4741 val = NULL;
4742 goto leave;
4743 }
4744 a <<= 8;
4745 a |= *buffer++;
4746 }
4747 i = 0;
4748 val->d[j-1] = a;
4749 }
4750
4751 leave:
4752 *ret_nread = nread;
4753 return val;
4754 }
4755
4756
4757 /****************
4758 * Make an mpi from a character string.
4759 */
4760 int
4761 mpi_fromstr(MPI val, const char *str)
4762 {
4763 int hexmode=0, sign=0, prepend_zero=0, i, j, c, c1, c2;
4764 unsigned nbits, nbytes, nlimbs;
4765 mpi_limb_t a;
4766
4767 if( *str == '-' ) {
4768 sign = 1;
4769 str++;
4770 }
4771 if( *str == '0' && str[1] == 'x' )
4772 hexmode = 1;
4773 else
4774 return 1; /* other bases are not yet supported */
4775 str += 2;
4776
4777 nbits = strlen(str)*4;
4778 if( nbits % 8 )
4779 prepend_zero = 1;
4780 nbytes = (nbits+7) / 8;
4781 nlimbs = (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB;
4782 if( val->alloced < nlimbs )
4783 mpi_resize(val, nlimbs );
4784 i = BYTES_PER_MPI_LIMB - nbytes % BYTES_PER_MPI_LIMB;
4785 i %= BYTES_PER_MPI_LIMB;
4786 j= val->nlimbs = nlimbs;
4787 val->sign = sign;
4788 for( ; j > 0; j-- ) {
4789 a = 0;
4790 for(; i < BYTES_PER_MPI_LIMB; i++ ) {
4791 if( prepend_zero ) {
4792 c1 = '0';
4793 prepend_zero = 0;
4794 }
4795 else
4796 c1 = *str++;
4797 assert(c1);
4798 c2 = *str++;
4799 assert(c2);
4800 if( c1 >= '0' && c1 <= '9' )
4801 c = c1 - '0';
4802 else if( c1 >= 'a' && c1 <= 'f' )
4803 c = c1 - 'a' + 10;
4804 else if( c1 >= 'A' && c1 <= 'F' )
4805 c = c1 - 'A' + 10;
4806 else {
4807 mpi_clear(val);
4808 return 1;
4809 }
4810 c <<= 4;
4811 if( c2 >= '0' && c2 <= '9' )
4812 c |= c2 - '0';
4813 else if( c2 >= 'a' && c2 <= 'f' )
4814 c |= c2 - 'a' + 10;
4815 else if( c2 >= 'A' && c2 <= 'F' )
4816 c |= c2 - 'A' + 10;
4817 else {
4818 mpi_clear(val);
4819 return 1;
4820 }
4821 a <<= 8;
4822 a |= c;
4823 }
4824 i = 0;
4825 val->d[j-1] = a;
4826 }
4827
4828 return 0;
4829 }
4830
4831
4832 /****************
4833 * print an MPI to the given stream and return the number of characters
4834 * printed.
4835 */
4836 int
4837 mpi_print( FILE *fp, MPI a, int mode )
4838 {
4839 int i, n=0;
4840
4841 if( a == NULL )
4842 return fprintf(fp, "[MPI_NULL]");
4843 if( !mode ) {
4844 unsigned int n1;
4845
4846 n1 = mpi_get_nbits(a);
4847 n += fprintf(fp, "[%u bits]", n1);
4848 }
4849 else {
4850 if( a->sign )
4851 putc('-', fp);
4852 #if BYTES_PER_MPI_LIMB == 2
4853 #define X "4"
4854 #elif BYTES_PER_MPI_LIMB == 4
4855 #define X "8"
4856 #elif BYTES_PER_MPI_LIMB == 8
4857 #define X "16"
4858 #else
4859 #error please define the format here
4860 #endif
4861 for(i=a->nlimbs; i > 0 ; i-- ) {
4862 n += fprintf(fp, i!=a->nlimbs? "%0" X "lX":"%lX", (ulong)a->d[i-1]);
4863 #undef X
4864 }
4865 if( !a->nlimbs )
4866 putc('0', fp );
4867 }
4868 return n;
4869 }
4870
4871
4872 /*
4873 void
4874 g10_log_mpidump( const char *text, MPI a )
4875 {
4876 FILE *fp = log_stream();
4877
4878 g10_log_print_prefix(text);
4879 mpi_print(fp, a, 1 );
4880 fputc('\n', fp);
4881 }
4882 */
4883
4884
4885 /****************
4886 * Return an xmalloced buffer with the MPI (msb first).
4887 * NBYTES receives the length of this buffer. Caller must free the
4888 * return string (This function does return a 0 byte buffer with NBYTES
4889 * set to zero if the value of A is zero. If sign is not NULL, it will
4890 * be set to the sign of the A.
4891 */
4892 static byte *
4893 do_get_buffer( MPI a, unsigned *nbytes, int *sign, int force_secure )
4894 {
4895 byte *p, *buffer;
4896 mpi_limb_t alimb;
4897 int i;
4898 unsigned int n;
4899
4900 if( sign )
4901 *sign = a->sign;
4902 *nbytes = n = a->nlimbs * BYTES_PER_MPI_LIMB;
4903 if (!n)
4904 n++; /* avoid zero length allocation */
4905 p = buffer = force_secure || mpi_is_secure(a) ? xmalloc_secure(n)
4906 : xmalloc(n);
4907
4908 for(i=a->nlimbs-1; i >= 0; i-- ) {
4909 alimb = a->d[i];
4910 #if BYTES_PER_MPI_LIMB == 4
4911 *p++ = alimb >> 24;
4912 *p++ = alimb >> 16;
4913 *p++ = alimb >> 8;
4914 *p++ = alimb ;
4915 #elif BYTES_PER_MPI_LIMB == 8
4916 *p++ = alimb >> 56;
4917 *p++ = alimb >> 48;
4918 *p++ = alimb >> 40;
4919 *p++ = alimb >> 32;
4920 *p++ = alimb >> 24;
4921 *p++ = alimb >> 16;
4922 *p++ = alimb >> 8;
4923 *p++ = alimb ;
4924 #else
4925 #error please implement for this limb size.
4926 #endif
4927 }
4928
4929 /* this is sub-optimal but we need to do the shift operation
4930 * because the caller has to free the returned buffer */
4931 for(p=buffer; !*p && *nbytes; p++, --*nbytes )
4932 ;
4933 if( p != buffer )
4934 memmove(buffer,p, *nbytes);
4935
4936 return buffer;
4937 }
4938
4939
4940 byte *
4941 mpi_get_buffer( MPI a, unsigned *nbytes, int *sign )
4942 {
4943 return do_get_buffer( a, nbytes, sign, 0 );
4944 }
4945
4946 byte *
4947 mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign )
4948 {
4949 return do_get_buffer( a, nbytes, sign, 1 );
4950 }
4951
4952 /****************
4953 * Use BUFFER to update MPI.
4954 */
4955 void
4956 mpi_set_buffer( MPI a, const byte *buffer, unsigned nbytes, int sign )
4957 {
4958 const byte *p;
4959 mpi_limb_t alimb;
4960 int nlimbs;
4961 int i;
4962
4963 nlimbs = (nbytes + BYTES_PER_MPI_LIMB - 1) / BYTES_PER_MPI_LIMB;
4964 RESIZE_IF_NEEDED(a, nlimbs);
4965 a->sign = sign;
4966
4967 for(i=0, p = buffer+nbytes-1; p >= buffer+BYTES_PER_MPI_LIMB; ) {
4968 #if BYTES_PER_MPI_LIMB == 4
4969 alimb = (mpi_limb_t)*p-- ;
4970 alimb |= (mpi_limb_t)*p-- << 8 ;
4971 alimb |= (mpi_limb_t)*p-- << 16 ;
4972 alimb |= (mpi_limb_t)*p-- << 24 ;
4973 #elif BYTES_PER_MPI_LIMB == 8
4974 alimb = (mpi_limb_t)*p-- ;
4975 alimb |= (mpi_limb_t)*p-- << 8 ;
4976 alimb |= (mpi_limb_t)*p-- << 16 ;
4977 alimb |= (mpi_limb_t)*p-- << 24 ;
4978 alimb |= (mpi_limb_t)*p-- << 32 ;
4979 alimb |= (mpi_limb_t)*p-- << 40 ;
4980 alimb |= (mpi_limb_t)*p-- << 48 ;
4981 alimb |= (mpi_limb_t)*p-- << 56 ;
4982 #else
4983 #error please implement for this limb size.
4984 #endif
4985 a->d[i++] = alimb;
4986 }
4987 if( p >= buffer ) {
4988 #if BYTES_PER_MPI_LIMB == 4
4989 alimb = *p-- ;
4990 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 8 ;
4991 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 16 ;
4992 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 24 ;
4993 #elif BYTES_PER_MPI_LIMB == 8
4994 alimb = (mpi_limb_t)*p-- ;
4995 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 8 ;
4996 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 16 ;
4997 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 24 ;
4998 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 32 ;
4999 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 40 ;
5000 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 48 ;
5001 if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 56 ;
5002 #else
5003 #error please implement for this limb size.
5004 #endif
5005 a->d[i++] = alimb;
5006 }
5007 a->nlimbs = i;
5008 assert( i == nlimbs );
5009 }
-(0 . 0)(1 . 59)
5014 /* mpihelp-add_1.c - MPI helper functions
5015 * Modified by No Such Labs. (C) 2015. See README.
5016 *
5017 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
5018 * SHA256(gnupg-1.4.10.tar.gz):
5019 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
5020 * (C) 1994-2005 Free Software Foundation, Inc.
5021 *
5022 * This program is free software: you can redistribute it and/or modify
5023 * it under the terms of the GNU General Public License as published by
5024 * the Free Software Foundation, either version 3 of the License, or
5025 * (at your option) any later version.
5026 *
5027 * This program is distributed in the hope that it will be useful,
5028 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5029 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5030 * GNU General Public License for more details.
5031 *
5032 * You should have received a copy of the GNU General Public License
5033 * along with this program. If not, see <http://www.gnu.org/licenses/>.
5034 */
5035
5036 #include <stdio.h>
5037 #include <stdlib.h>
5038
5039 #include "knobs.h"
5040 #include "mpi-internal.h"
5041 #include "longlong.h"
5042
5043 mpi_limb_t
5044 mpihelp_add_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
5045 mpi_ptr_t s2_ptr, mpi_size_t size)
5046 {
5047 mpi_limb_t x, y, cy;
5048 mpi_size_t j;
5049
5050 /* The loop counter and index J goes from -SIZE to -1. This way
5051 the loop becomes faster. */
5052 j = -size;
5053
5054 /* Offset the base pointers to compensate for the negative indices. */
5055 s1_ptr -= j;
5056 s2_ptr -= j;
5057 res_ptr -= j;
5058
5059 cy = 0;
5060 do {
5061 y = s2_ptr[j];
5062 x = s1_ptr[j];
5063 y += cy; /* add previous carry to one addend */
5064 cy = y < cy; /* get out carry from that addition */
5065 y += x; /* add other addend */
5066 cy += y < x; /* get out carry from that add, combine */
5067 res_ptr[j] = y;
5068 } while( ++j );
5069
5070 return cy;
5071 }
5072
-(0 . 0)(1 . 55)
5077 /* mpihelp-sub.c - MPI helper functions
5078 * Modified by No Such Labs. (C) 2015. See README.
5079 *
5080 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
5081 * SHA256(gnupg-1.4.10.tar.gz):
5082 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
5083 * (C) 1994-2005 Free Software Foundation, Inc.
5084 *
5085 * This program is free software: you can redistribute it and/or modify
5086 * it under the terms of the GNU General Public License as published by
5087 * the Free Software Foundation, either version 3 of the License, or
5088 * (at your option) any later version.
5089 *
5090 * This program is distributed in the hope that it will be useful,
5091 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5092 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5093 * GNU General Public License for more details.
5094 *
5095 * You should have received a copy of the GNU General Public License
5096 * along with this program. If not, see <http://www.gnu.org/licenses/>.
5097 */
5098
5099 #include <stdio.h>
5100 #include <stdlib.h>
5101
5102 #include "knobs.h"
5103 #include "mpi-internal.h"
5104
5105 /****************
5106 * Compare OP1_PTR/OP1_SIZE with OP2_PTR/OP2_SIZE.
5107 * There are no restrictions on the relative sizes of
5108 * the two arguments.
5109 * Return 1 if OP1 > OP2, 0 if they are equal, and -1 if OP1 < OP2.
5110 */
5111 int
5112 mpihelp_cmp( mpi_ptr_t op1_ptr, mpi_ptr_t op2_ptr, mpi_size_t size )
5113 {
5114 mpi_size_t i;
5115 mpi_limb_t op1_word, op2_word;
5116
5117 for( i = size - 1; i >= 0 ; i--) {
5118 op1_word = op1_ptr[i];
5119 op2_word = op2_ptr[i];
5120 if( op1_word != op2_word )
5121 goto diff;
5122 }
5123 return 0;
5124
5125 diff:
5126 /* This can *not* be simplified to
5127 * op2_word - op2_word
5128 * since that expression might give signed overflow. */
5129 return (op1_word > op2_word) ? 1 : -1;
5130 }
5131
-(0 . 0)(1 . 529)
5136 /* mpihelp-div.c - MPI helper functions
5137 * Modified by No Such Labs. (C) 2015. See README.
5138 *
5139 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
5140 * SHA256(gnupg-1.4.10.tar.gz):
5141 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
5142 * (C) 1994-2005 Free Software Foundation, Inc.
5143 *
5144 * This program is free software: you can redistribute it and/or modify
5145 * it under the terms of the GNU General Public License as published by
5146 * the Free Software Foundation, either version 3 of the License, or
5147 * (at your option) any later version.
5148 *
5149 * This program is distributed in the hope that it will be useful,
5150 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5151 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5152 * GNU General Public License for more details.
5153 *
5154 * You should have received a copy of the GNU General Public License
5155 * along with this program. If not, see <http://www.gnu.org/licenses/>.
5156 */
5157
5158 #include <stdio.h>
5159 #include <stdlib.h>
5160
5161 #include "knobs.h"
5162 #include "mpi-internal.h"
5163 #include "longlong.h"
5164
5165 #ifndef UMUL_TIME
5166 #define UMUL_TIME 1
5167 #endif
5168 #ifndef UDIV_TIME
5169 #define UDIV_TIME UMUL_TIME
5170 #endif
5171
5172 /* FIXME: We should be using invert_limb (or invert_normalized_limb)
5173 * here (not udiv_qrnnd).
5174 */
5175
5176 mpi_limb_t
5177 mpihelp_mod_1(mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
5178 mpi_limb_t divisor_limb)
5179 {
5180 mpi_size_t i;
5181 mpi_limb_t n1, n0, r;
5182 int dummy;
5183
5184 /* Botch: Should this be handled at all? Rely on callers? */
5185 if( !dividend_size )
5186 return 0;
5187
5188 /* If multiplication is much faster than division, and the
5189 * dividend is large, pre-invert the divisor, and use
5190 * only multiplications in the inner loop.
5191 *
5192 * This test should be read:
5193 * Does it ever help to use udiv_qrnnd_preinv?
5194 * && Does what we save compensate for the inversion overhead?
5195 */
5196 if( UDIV_TIME > (2 * UMUL_TIME + 6)
5197 && (UDIV_TIME - (2 * UMUL_TIME + 6)) * dividend_size > UDIV_TIME ) {
5198 int normalization_steps;
5199
5200 count_leading_zeros( normalization_steps, divisor_limb );
5201 if( normalization_steps ) {
5202 mpi_limb_t divisor_limb_inverted;
5203
5204 divisor_limb <<= normalization_steps;
5205
5206 /* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
5207 * result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
5208 * most significant bit (with weight 2**N) implicit.
5209 *
5210 * Special case for DIVISOR_LIMB == 100...000.
5211 */
5212 if( !(divisor_limb << 1) )
5213 divisor_limb_inverted = ~(mpi_limb_t)0;
5214 else
5215 udiv_qrnnd(divisor_limb_inverted, dummy,
5216 -divisor_limb, 0, divisor_limb);
5217
5218 n1 = dividend_ptr[dividend_size - 1];
5219 r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
5220
5221 /* Possible optimization:
5222 * if (r == 0
5223 * && divisor_limb > ((n1 << normalization_steps)
5224 * | (dividend_ptr[dividend_size - 2] >> ...)))
5225 * ...one division less...
5226 */
5227 for( i = dividend_size - 2; i >= 0; i--) {
5228 n0 = dividend_ptr[i];
5229 UDIV_QRNND_PREINV(dummy, r, r,
5230 ((n1 << normalization_steps)
5231 | (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
5232 divisor_limb, divisor_limb_inverted);
5233 n1 = n0;
5234 }
5235 UDIV_QRNND_PREINV(dummy, r, r,
5236 n1 << normalization_steps,
5237 divisor_limb, divisor_limb_inverted);
5238 return r >> normalization_steps;
5239 }
5240 else {
5241 mpi_limb_t divisor_limb_inverted;
5242
5243 /* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
5244 * result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
5245 * most significant bit (with weight 2**N) implicit.
5246 *
5247 * Special case for DIVISOR_LIMB == 100...000.
5248 */
5249 if( !(divisor_limb << 1) )
5250 divisor_limb_inverted = ~(mpi_limb_t)0;
5251 else
5252 udiv_qrnnd(divisor_limb_inverted, dummy,
5253 -divisor_limb, 0, divisor_limb);
5254
5255 i = dividend_size - 1;
5256 r = dividend_ptr[i];
5257
5258 if( r >= divisor_limb )
5259 r = 0;
5260 else
5261 i--;
5262
5263 for( ; i >= 0; i--) {
5264 n0 = dividend_ptr[i];
5265 UDIV_QRNND_PREINV(dummy, r, r,
5266 n0, divisor_limb, divisor_limb_inverted);
5267 }
5268 return r;
5269 }
5270 }
5271 else {
5272 if( UDIV_NEEDS_NORMALIZATION ) {
5273 int normalization_steps;
5274
5275 count_leading_zeros(normalization_steps, divisor_limb);
5276 if( normalization_steps ) {
5277 divisor_limb <<= normalization_steps;
5278
5279 n1 = dividend_ptr[dividend_size - 1];
5280 r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
5281
5282 /* Possible optimization:
5283 * if (r == 0
5284 * && divisor_limb > ((n1 << normalization_steps)
5285 * | (dividend_ptr[dividend_size - 2] >> ...)))
5286 * ...one division less...
5287 */
5288 for(i = dividend_size - 2; i >= 0; i--) {
5289 n0 = dividend_ptr[i];
5290 udiv_qrnnd (dummy, r, r,
5291 ((n1 << normalization_steps)
5292 | (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
5293 divisor_limb);
5294 n1 = n0;
5295 }
5296 udiv_qrnnd (dummy, r, r,
5297 n1 << normalization_steps,
5298 divisor_limb);
5299 return r >> normalization_steps;
5300 }
5301 }
5302 /* No normalization needed, either because udiv_qrnnd doesn't require
5303 * it, or because DIVISOR_LIMB is already normalized. */
5304 i = dividend_size - 1;
5305 r = dividend_ptr[i];
5306
5307 if(r >= divisor_limb)
5308 r = 0;
5309 else
5310 i--;
5311
5312 for(; i >= 0; i--) {
5313 n0 = dividend_ptr[i];
5314 udiv_qrnnd (dummy, r, r, n0, divisor_limb);
5315 }
5316 return r;
5317 }
5318 }
5319
5320 /* Divide num (NP/NSIZE) by den (DP/DSIZE) and write
5321 * the NSIZE-DSIZE least significant quotient limbs at QP
5322 * and the DSIZE long remainder at NP. If QEXTRA_LIMBS is
5323 * non-zero, generate that many fraction bits and append them after the
5324 * other quotient limbs.
5325 * Return the most significant limb of the quotient, this is always 0 or 1.
5326 *
5327 * Preconditions:
5328 * 0. NSIZE >= DSIZE.
5329 * 1. The most significant bit of the divisor must be set.
5330 * 2. QP must either not overlap with the input operands at all, or
5331 * QP + DSIZE >= NP must hold true. (This means that it's
5332 * possible to put the quotient in the high part of NUM, right after the
5333 * remainder in NUM.
5334 * 3. NSIZE >= DSIZE, even if QEXTRA_LIMBS is non-zero.
5335 */
5336
5337 mpi_limb_t
5338 mpihelp_divrem( mpi_ptr_t qp, mpi_size_t qextra_limbs,
5339 mpi_ptr_t np, mpi_size_t nsize,
5340 mpi_ptr_t dp, mpi_size_t dsize)
5341 {
5342 mpi_limb_t most_significant_q_limb = 0;
5343
5344 switch(dsize) {
5345 case 0:
5346 /* We are asked to divide by zero, so go ahead and do it! (To make
5347 the compiler not remove this statement, return the value.) */
5348 return 1 / dsize;
5349
5350 case 1:
5351 {
5352 mpi_size_t i;
5353 mpi_limb_t n1;
5354 mpi_limb_t d;
5355
5356 d = dp[0];
5357 n1 = np[nsize - 1];
5358
5359 if( n1 >= d ) {
5360 n1 -= d;
5361 most_significant_q_limb = 1;
5362 }
5363
5364 qp += qextra_limbs;
5365 for( i = nsize - 2; i >= 0; i--)
5366 udiv_qrnnd( qp[i], n1, n1, np[i], d );
5367 qp -= qextra_limbs;
5368
5369 for( i = qextra_limbs - 1; i >= 0; i-- )
5370 udiv_qrnnd (qp[i], n1, n1, 0, d);
5371
5372 np[0] = n1;
5373 }
5374 break;
5375
5376 case 2:
5377 {
5378 mpi_size_t i;
5379 mpi_limb_t n1, n0, n2;
5380 mpi_limb_t d1, d0;
5381
5382 np += nsize - 2;
5383 d1 = dp[1];
5384 d0 = dp[0];
5385 n1 = np[1];
5386 n0 = np[0];
5387
5388 if( n1 >= d1 && (n1 > d1 || n0 >= d0) ) {
5389 sub_ddmmss (n1, n0, n1, n0, d1, d0);
5390 most_significant_q_limb = 1;
5391 }
5392
5393 for( i = qextra_limbs + nsize - 2 - 1; i >= 0; i-- ) {
5394 mpi_limb_t q;
5395 mpi_limb_t r;
5396
5397 if( i >= qextra_limbs )
5398 np--;
5399 else
5400 np[0] = 0;
5401
5402 if( n1 == d1 ) {
5403 /* Q should be either 111..111 or 111..110. Need special
5404 * treatment of this rare case as normal division would
5405 * give overflow. */
5406 q = ~(mpi_limb_t)0;
5407
5408 r = n0 + d1;
5409 if( r < d1 ) { /* Carry in the addition? */
5410 add_ssaaaa( n1, n0, r - d0, np[0], 0, d0 );
5411 qp[i] = q;
5412 continue;
5413 }
5414 n1 = d0 - (d0 != 0?1:0);
5415 n0 = -d0;
5416 }
5417 else {
5418 udiv_qrnnd (q, r, n1, n0, d1);
5419 umul_ppmm (n1, n0, d0, q);
5420 }
5421
5422 n2 = np[0];
5423 q_test:
5424 if( n1 > r || (n1 == r && n0 > n2) ) {
5425 /* The estimated Q was too large. */
5426 q--;
5427 sub_ddmmss (n1, n0, n1, n0, 0, d0);
5428 r += d1;
5429 if( r >= d1 ) /* If not carry, test Q again. */
5430 goto q_test;
5431 }
5432
5433 qp[i] = q;
5434 sub_ddmmss (n1, n0, r, n2, n1, n0);
5435 }
5436 np[1] = n1;
5437 np[0] = n0;
5438 }
5439 break;
5440
5441 default:
5442 {
5443 mpi_size_t i;
5444 mpi_limb_t dX, d1, n0;
5445
5446 np += nsize - dsize;
5447 dX = dp[dsize - 1];
5448 d1 = dp[dsize - 2];
5449 n0 = np[dsize - 1];
5450
5451 if( n0 >= dX ) {
5452 if(n0 > dX || mpihelp_cmp(np, dp, dsize - 1) >= 0 ) {
5453 mpihelp_sub_n(np, np, dp, dsize);
5454 n0 = np[dsize - 1];
5455 most_significant_q_limb = 1;
5456 }
5457 }
5458
5459 for( i = qextra_limbs + nsize - dsize - 1; i >= 0; i--) {
5460 mpi_limb_t q;
5461 mpi_limb_t n1, n2;
5462 mpi_limb_t cy_limb;
5463
5464 if( i >= qextra_limbs ) {
5465 np--;
5466 n2 = np[dsize];
5467 }
5468 else {
5469 n2 = np[dsize - 1];
5470 MPN_COPY_DECR (np + 1, np, dsize - 1);
5471 np[0] = 0;
5472 }
5473
5474 if( n0 == dX ) {
5475 /* This might over-estimate q, but it's probably not worth
5476 * the extra code here to find out. */
5477 q = ~(mpi_limb_t)0;
5478 }
5479 else {
5480 mpi_limb_t r;
5481
5482 udiv_qrnnd(q, r, n0, np[dsize - 1], dX);
5483 umul_ppmm(n1, n0, d1, q);
5484
5485 while( n1 > r || (n1 == r && n0 > np[dsize - 2])) {
5486 q--;
5487 r += dX;
5488 if( r < dX ) /* I.e. "carry in previous addition?" */
5489 break;
5490 n1 -= n0 < d1;
5491 n0 -= d1;
5492 }
5493 }
5494
5495 /* Possible optimization: We already have (q * n0) and (1 * n1)
5496 * after the calculation of q. Taking advantage of that, we
5497 * could make this loop make two iterations less. */
5498 cy_limb = mpihelp_submul_1(np, dp, dsize, q);
5499
5500 if( n2 != cy_limb ) {
5501 mpihelp_add_n(np, np, dp, dsize);
5502 q--;
5503 }
5504
5505 qp[i] = q;
5506 n0 = np[dsize - 1];
5507 }
5508 }
5509 }
5510
5511 return most_significant_q_limb;
5512 }
5513
5514
5515 /****************
5516 * Divide (DIVIDEND_PTR,,DIVIDEND_SIZE) by DIVISOR_LIMB.
5517 * Write DIVIDEND_SIZE limbs of quotient at QUOT_PTR.
5518 * Return the single-limb remainder.
5519 * There are no constraints on the value of the divisor.
5520 *
5521 * QUOT_PTR and DIVIDEND_PTR might point to the same limb.
5522 */
5523
5524 mpi_limb_t
5525 mpihelp_divmod_1( mpi_ptr_t quot_ptr,
5526 mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
5527 mpi_limb_t divisor_limb)
5528 {
5529 mpi_size_t i;
5530 mpi_limb_t n1, n0, r;
5531 int dummy;
5532
5533 if( !dividend_size )
5534 return 0;
5535
5536 /* If multiplication is much faster than division, and the
5537 * dividend is large, pre-invert the divisor, and use
5538 * only multiplications in the inner loop.
5539 *
5540 * This test should be read:
5541 * Does it ever help to use udiv_qrnnd_preinv?
5542 * && Does what we save compensate for the inversion overhead?
5543 */
5544 if( UDIV_TIME > (2 * UMUL_TIME + 6)
5545 && (UDIV_TIME - (2 * UMUL_TIME + 6)) * dividend_size > UDIV_TIME ) {
5546 int normalization_steps;
5547
5548 count_leading_zeros( normalization_steps, divisor_limb );
5549 if( normalization_steps ) {
5550 mpi_limb_t divisor_limb_inverted;
5551
5552 divisor_limb <<= normalization_steps;
5553
5554 /* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
5555 * result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
5556 * most significant bit (with weight 2**N) implicit.
5557 */
5558 /* Special case for DIVISOR_LIMB == 100...000. */
5559 if( !(divisor_limb << 1) )
5560 divisor_limb_inverted = ~(mpi_limb_t)0;
5561 else
5562 udiv_qrnnd(divisor_limb_inverted, dummy,
5563 -divisor_limb, 0, divisor_limb);
5564
5565 n1 = dividend_ptr[dividend_size - 1];
5566 r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
5567
5568 /* Possible optimization:
5569 * if (r == 0
5570 * && divisor_limb > ((n1 << normalization_steps)
5571 * | (dividend_ptr[dividend_size - 2] >> ...)))
5572 * ...one division less...
5573 */
5574 for( i = dividend_size - 2; i >= 0; i--) {
5575 n0 = dividend_ptr[i];
5576 UDIV_QRNND_PREINV( quot_ptr[i + 1], r, r,
5577 ((n1 << normalization_steps)
5578 | (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
5579 divisor_limb, divisor_limb_inverted);
5580 n1 = n0;
5581 }
5582 UDIV_QRNND_PREINV( quot_ptr[0], r, r,
5583 n1 << normalization_steps,
5584 divisor_limb, divisor_limb_inverted);
5585 return r >> normalization_steps;
5586 }
5587 else {
5588 mpi_limb_t divisor_limb_inverted;
5589
5590 /* Compute (2**2N - 2**N * DIVISOR_LIMB) / DIVISOR_LIMB. The
5591 * result is a (N+1)-bit approximation to 1/DIVISOR_LIMB, with the
5592 * most significant bit (with weight 2**N) implicit.
5593 */
5594 /* Special case for DIVISOR_LIMB == 100...000. */
5595 if( !(divisor_limb << 1) )
5596 divisor_limb_inverted = ~(mpi_limb_t) 0;
5597 else
5598 udiv_qrnnd(divisor_limb_inverted, dummy,
5599 -divisor_limb, 0, divisor_limb);
5600
5601 i = dividend_size - 1;
5602 r = dividend_ptr[i];
5603
5604 if( r >= divisor_limb )
5605 r = 0;
5606 else
5607 quot_ptr[i--] = 0;
5608
5609 for( ; i >= 0; i-- ) {
5610 n0 = dividend_ptr[i];
5611 UDIV_QRNND_PREINV( quot_ptr[i], r, r,
5612 n0, divisor_limb, divisor_limb_inverted);
5613 }
5614 return r;
5615 }
5616 }
5617 else {
5618 if(UDIV_NEEDS_NORMALIZATION) {
5619 int normalization_steps;
5620
5621 count_leading_zeros (normalization_steps, divisor_limb);
5622 if( normalization_steps ) {
5623 divisor_limb <<= normalization_steps;
5624
5625 n1 = dividend_ptr[dividend_size - 1];
5626 r = n1 >> (BITS_PER_MPI_LIMB - normalization_steps);
5627
5628 /* Possible optimization:
5629 * if (r == 0
5630 * && divisor_limb > ((n1 << normalization_steps)
5631 * | (dividend_ptr[dividend_size - 2] >> ...)))
5632 * ...one division less...
5633 */
5634 for( i = dividend_size - 2; i >= 0; i--) {
5635 n0 = dividend_ptr[i];
5636 udiv_qrnnd (quot_ptr[i + 1], r, r,
5637 ((n1 << normalization_steps)
5638 | (n0 >> (BITS_PER_MPI_LIMB - normalization_steps))),
5639 divisor_limb);
5640 n1 = n0;
5641 }
5642 udiv_qrnnd (quot_ptr[0], r, r,
5643 n1 << normalization_steps,
5644 divisor_limb);
5645 return r >> normalization_steps;
5646 }
5647 }
5648 /* No normalization needed, either because udiv_qrnnd doesn't require
5649 * it, or because DIVISOR_LIMB is already normalized. */
5650 i = dividend_size - 1;
5651 r = dividend_ptr[i];
5652
5653 if(r >= divisor_limb)
5654 r = 0;
5655 else
5656 quot_ptr[i--] = 0;
5657
5658 for(; i >= 0; i--) {
5659 n0 = dividend_ptr[i];
5660 udiv_qrnnd( quot_ptr[i], r, r, n0, divisor_limb );
5661 }
5662 return r;
5663 }
5664 }
-(0 . 0)(1 . 64)
5669 /* mpihelp-lshift.c - MPI helper functions
5670 * Modified by No Such Labs. (C) 2015. See README.
5671 *
5672 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
5673 * SHA256(gnupg-1.4.10.tar.gz):
5674 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
5675 * (C) 1994-2005 Free Software Foundation, Inc.
5676 *
5677 * This program is free software: you can redistribute it and/or modify
5678 * it under the terms of the GNU General Public License as published by
5679 * the Free Software Foundation, either version 3 of the License, or
5680 * (at your option) any later version.
5681 *
5682 * This program is distributed in the hope that it will be useful,
5683 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5684 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5685 * GNU General Public License for more details.
5686 *
5687 * You should have received a copy of the GNU General Public License
5688 * along with this program. If not, see <http://www.gnu.org/licenses/>.
5689 */
5690
5691 #include <stdio.h>
5692 #include <stdlib.h>
5693
5694 #include "knobs.h"
5695 #include "mpi-internal.h"
5696
5697 /* Shift U (pointed to by UP and USIZE digits long) CNT bits to the left
5698 * and store the USIZE least significant digits of the result at WP.
5699 * Return the bits shifted out from the most significant digit.
5700 *
5701 * Argument constraints:
5702 * 1. 0 < CNT < BITS_PER_MP_LIMB
5703 * 2. If the result is to be written over the input, WP must be >= UP.
5704 */
5705
5706 mpi_limb_t
5707 mpihelp_lshift( mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize,
5708 unsigned int cnt)
5709 {
5710 mpi_limb_t high_limb, low_limb;
5711 unsigned sh_1, sh_2;
5712 mpi_size_t i;
5713 mpi_limb_t retval;
5714
5715 sh_1 = cnt;
5716 wp += 1;
5717 sh_2 = BITS_PER_MPI_LIMB - sh_1;
5718 i = usize - 1;
5719 low_limb = up[i];
5720 retval = low_limb >> sh_2;
5721 high_limb = low_limb;
5722 while( --i >= 0 ) {
5723 low_limb = up[i];
5724 wp[i] = (high_limb << sh_1) | (low_limb >> sh_2);
5725 high_limb = low_limb;
5726 }
5727 wp[i] = high_limb << sh_1;
5728
5729 return retval;
5730 }
5731
5732
-(0 . 0)(1 . 519)
5737 /* mpihelp-mul.c - MPI helper functions
5738 * Modified by No Such Labs. (C) 2015. See README.
5739 *
5740 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
5741 * SHA256(gnupg-1.4.10.tar.gz):
5742 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
5743 * (C) 1994-2005 Free Software Foundation, Inc.
5744 *
5745 * This program is free software: you can redistribute it and/or modify
5746 * it under the terms of the GNU General Public License as published by
5747 * the Free Software Foundation, either version 3 of the License, or
5748 * (at your option) any later version.
5749 *
5750 * This program is distributed in the hope that it will be useful,
5751 * but WITHOUT ANY WARRANTY; without even the implied warranty of
5752 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
5753 * GNU General Public License for more details.
5754 *
5755 * You should have received a copy of the GNU General Public License
5756 * along with this program. If not, see <http://www.gnu.org/licenses/>.
5757 */
5758
5759 #include <stdio.h>
5760 #include <stdlib.h>
5761 #include <string.h>
5762
5763 #include "knobs.h"
5764 #include "mpi-internal.h"
5765 #include "longlong.h"
5766
5767
5768 #define MPN_MUL_N_RECURSE(prodp, up, vp, size, tspace) \
5769 do { \
5770 if( (size) < KARATSUBA_THRESHOLD ) \
5771 mul_n_basecase (prodp, up, vp, size); \
5772 else \
5773 mul_n (prodp, up, vp, size, tspace); \
5774 } while (0);
5775
5776 #define MPN_SQR_N_RECURSE(prodp, up, size, tspace) \
5777 do { \
5778 if ((size) < KARATSUBA_THRESHOLD) \
5779 mpih_sqr_n_basecase (prodp, up, size); \
5780 else \
5781 mpih_sqr_n (prodp, up, size, tspace); \
5782 } while (0);
5783
5784
5785 /* Multiply the natural numbers u (pointed to by UP) and v (pointed to by VP),
5786 * both with SIZE limbs, and store the result at PRODP. 2 * SIZE limbs are
5787 * always stored. Return the most significant limb.
5788 *
5789 * Argument constraints:
5790 * 1. PRODP != UP and PRODP != VP, i.e. the destination
5791 * must be distinct from the multiplier and the multiplicand.
5792 *
5793 *
5794 * Handle simple cases with traditional multiplication.
5795 *
5796 * This is the most critical code of multiplication. All multiplies rely
5797 * on this, both small and huge. Small ones arrive here immediately. Huge
5798 * ones arrive here as this is the base case for Karatsuba's recursive
5799 * algorithm below.
5800 */
5801
5802 static mpi_limb_t
5803 mul_n_basecase( mpi_ptr_t prodp, mpi_ptr_t up,
5804 mpi_ptr_t vp, mpi_size_t size)
5805 {
5806 mpi_size_t i;
5807 mpi_limb_t cy;
5808 mpi_limb_t v_limb;
5809
5810 /* Multiply by the first limb in V separately, as the result can be
5811 * stored (not added) to PROD. We also avoid a loop for zeroing. */
5812 v_limb = vp[0];
5813 if( v_limb <= 1 ) {
5814 if( v_limb == 1 )
5815 MPN_COPY( prodp, up, size );
5816 else
5817 MPN_ZERO( prodp, size );
5818 cy = 0;
5819 }
5820 else
5821 cy = mpihelp_mul_1( prodp, up, size, v_limb );
5822
5823 prodp[size] = cy;
5824 prodp++;
5825
5826 /* For each iteration in the outer loop, multiply one limb from
5827 * U with one limb from V, and add it to PROD. */
5828 for( i = 1; i < size; i++ ) {
5829 v_limb = vp[i];
5830 if( v_limb <= 1 ) {
5831 cy = 0;
5832 if( v_limb == 1 )
5833 cy = mpihelp_add_n(prodp, prodp, up, size);
5834 }
5835 else
5836 cy = mpihelp_addmul_1(prodp, up, size, v_limb);
5837
5838 prodp[size] = cy;
5839 prodp++;
5840 }
5841
5842 return cy;
5843 }
5844
5845
5846 static void
5847 mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp,
5848 mpi_size_t size, mpi_ptr_t tspace )
5849 {
5850 if( size & 1 ) {
5851 /* The size is odd, and the code below doesn't handle that.
5852 * Multiply the least significant (size - 1) limbs with a recursive
5853 * call, and handle the most significant limb of S1 and S2
5854 * separately.
5855 * A slightly faster way to do this would be to make the Karatsuba
5856 * code below behave as if the size were even, and let it check for
5857 * odd size in the end. I.e., in essence move this code to the end.
5858 * Doing so would save us a recursive call, and potentially make the
5859 * stack grow a lot less.
5860 */
5861 mpi_size_t esize = size - 1; /* even size */
5862 mpi_limb_t cy_limb;
5863
5864 MPN_MUL_N_RECURSE( prodp, up, vp, esize, tspace );
5865 cy_limb = mpihelp_addmul_1( prodp + esize, up, esize, vp[esize] );
5866 prodp[esize + esize] = cy_limb;
5867 cy_limb = mpihelp_addmul_1( prodp + esize, vp, size, up[esize] );
5868 prodp[esize + size] = cy_limb;
5869 }
5870 else {
5871 /* Anatolij Alekseevich Karatsuba's divide-and-conquer algorithm.
5872 *
5873 * Split U in two pieces, U1 and U0, such that
5874 * U = U0 + U1*(B**n),
5875 * and V in V1 and V0, such that
5876 * V = V0 + V1*(B**n).
5877 *
5878 * UV is then computed recursively using the identity
5879 *
5880 * 2n n n n
5881 * UV = (B + B )U V + B (U -U )(V -V ) + (B + 1)U V
5882 * 1 1 1 0 0 1 0 0
5883 *
5884 * Where B = 2**BITS_PER_MP_LIMB.
5885 */
5886 mpi_size_t hsize = size >> 1;
5887 mpi_limb_t cy;
5888 int negflg;
5889
5890 /* Product H. ________________ ________________
5891 * |_____U1 x V1____||____U0 x V0_____|
5892 * Put result in upper part of PROD and pass low part of TSPACE
5893 * as new TSPACE.
5894 */
5895 MPN_MUL_N_RECURSE(prodp + size, up + hsize, vp + hsize, hsize, tspace);
5896
5897 /* Product M. ________________
5898 * |_(U1-U0)(V0-V1)_|
5899 */
5900 if( mpihelp_cmp(up + hsize, up, hsize) >= 0 ) {
5901 mpihelp_sub_n(prodp, up + hsize, up, hsize);
5902 negflg = 0;
5903 }
5904 else {
5905 mpihelp_sub_n(prodp, up, up + hsize, hsize);
5906 negflg = 1;
5907 }
5908 if( mpihelp_cmp(vp + hsize, vp, hsize) >= 0 ) {
5909 mpihelp_sub_n(prodp + hsize, vp + hsize, vp, hsize);
5910 negflg ^= 1;
5911 }
5912 else {
5913 mpihelp_sub_n(prodp + hsize, vp, vp + hsize, hsize);
5914 /* No change of NEGFLG. */
5915 }
5916 /* Read temporary operands from low part of PROD.
5917 * Put result in low part of TSPACE using upper part of TSPACE
5918 * as new TSPACE.
5919 */
5920 MPN_MUL_N_RECURSE(tspace, prodp, prodp + hsize, hsize, tspace + size);
5921
5922 /* Add/copy product H. */
5923 MPN_COPY (prodp + hsize, prodp + size, hsize);
5924 cy = mpihelp_add_n( prodp + size, prodp + size,
5925 prodp + size + hsize, hsize);
5926
5927 /* Add product M (if NEGFLG M is a negative number) */
5928 if(negflg)
5929 cy -= mpihelp_sub_n(prodp + hsize, prodp + hsize, tspace, size);
5930 else
5931 cy += mpihelp_add_n(prodp + hsize, prodp + hsize, tspace, size);
5932
5933 /* Product L. ________________ ________________
5934 * |________________||____U0 x V0_____|
5935 * Read temporary operands from low part of PROD.
5936 * Put result in low part of TSPACE using upper part of TSPACE
5937 * as new TSPACE.
5938 */
5939 MPN_MUL_N_RECURSE(tspace, up, vp, hsize, tspace + size);
5940
5941 /* Add/copy Product L (twice) */
5942
5943 cy += mpihelp_add_n(prodp + hsize, prodp + hsize, tspace, size);
5944 if( cy )
5945 mpihelp_add_1(prodp + hsize + size, prodp + hsize + size, hsize, cy);
5946
5947 MPN_COPY(prodp, tspace, hsize);
5948 cy = mpihelp_add_n(prodp + hsize, prodp + hsize, tspace + hsize, hsize);
5949 if( cy )
5950 mpihelp_add_1(prodp + size, prodp + size, size, 1);
5951 }
5952 }
5953
5954
5955 void
5956 mpih_sqr_n_basecase( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size )
5957 {
5958 mpi_size_t i;
5959 mpi_limb_t cy_limb;
5960 mpi_limb_t v_limb;
5961
5962 /* Multiply by the first limb in V separately, as the result can be
5963 * stored (not added) to PROD. We also avoid a loop for zeroing. */
5964 v_limb = up[0];
5965 if( v_limb <= 1 ) {
5966 if( v_limb == 1 )
5967 MPN_COPY( prodp, up, size );
5968 else
5969 MPN_ZERO(prodp, size);
5970 cy_limb = 0;
5971 }
5972 else
5973 cy_limb = mpihelp_mul_1( prodp, up, size, v_limb );
5974
5975 prodp[size] = cy_limb;
5976 prodp++;
5977
5978 /* For each iteration in the outer loop, multiply one limb from
5979 * U with one limb from V, and add it to PROD. */
5980 for( i=1; i < size; i++) {
5981 v_limb = up[i];
5982 if( v_limb <= 1 ) {
5983 cy_limb = 0;
5984 if( v_limb == 1 )
5985 cy_limb = mpihelp_add_n(prodp, prodp, up, size);
5986 }
5987 else
5988 cy_limb = mpihelp_addmul_1(prodp, up, size, v_limb);
5989
5990 prodp[size] = cy_limb;
5991 prodp++;
5992 }
5993 }
5994
5995
5996 void
5997 mpih_sqr_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size, mpi_ptr_t tspace)
5998 {
5999 if( size & 1 ) {
6000 /* The size is odd, and the code below doesn't handle that.
6001 * Multiply the least significant (size - 1) limbs with a recursive
6002 * call, and handle the most significant limb of S1 and S2
6003 * separately.
6004 * A slightly faster way to do this would be to make the Karatsuba
6005 * code below behave as if the size were even, and let it check for
6006 * odd size in the end. I.e., in essence move this code to the end.
6007 * Doing so would save us a recursive call, and potentially make the
6008 * stack grow a lot less.
6009 */
6010 mpi_size_t esize = size - 1; /* even size */
6011 mpi_limb_t cy_limb;
6012
6013 MPN_SQR_N_RECURSE( prodp, up, esize, tspace );
6014 cy_limb = mpihelp_addmul_1( prodp + esize, up, esize, up[esize] );
6015 prodp[esize + esize] = cy_limb;
6016 cy_limb = mpihelp_addmul_1( prodp + esize, up, size, up[esize] );
6017
6018 prodp[esize + size] = cy_limb;
6019 }
6020 else {
6021 mpi_size_t hsize = size >> 1;
6022 mpi_limb_t cy;
6023
6024 /* Product H. ________________ ________________
6025 * |_____U1 x U1____||____U0 x U0_____|
6026 * Put result in upper part of PROD and pass low part of TSPACE
6027 * as new TSPACE.
6028 */
6029 MPN_SQR_N_RECURSE(prodp + size, up + hsize, hsize, tspace);
6030
6031 /* Product M. ________________
6032 * |_(U1-U0)(U0-U1)_|
6033 */
6034 if( mpihelp_cmp( up + hsize, up, hsize) >= 0 )
6035 mpihelp_sub_n( prodp, up + hsize, up, hsize);
6036 else
6037 mpihelp_sub_n (prodp, up, up + hsize, hsize);
6038
6039 /* Read temporary operands from low part of PROD.
6040 * Put result in low part of TSPACE using upper part of TSPACE
6041 * as new TSPACE. */
6042 MPN_SQR_N_RECURSE(tspace, prodp, hsize, tspace + size);
6043
6044 /* Add/copy product H */
6045 MPN_COPY(prodp + hsize, prodp + size, hsize);
6046 cy = mpihelp_add_n(prodp + size, prodp + size,
6047 prodp + size + hsize, hsize);
6048
6049 /* Add product M (if NEGFLG M is a negative number). */
6050 cy -= mpihelp_sub_n (prodp + hsize, prodp + hsize, tspace, size);
6051
6052 /* Product L. ________________ ________________
6053 * |________________||____U0 x U0_____|
6054 * Read temporary operands from low part of PROD.
6055 * Put result in low part of TSPACE using upper part of TSPACE
6056 * as new TSPACE. */
6057 MPN_SQR_N_RECURSE (tspace, up, hsize, tspace + size);
6058
6059 /* Add/copy Product L (twice). */
6060 cy += mpihelp_add_n (prodp + hsize, prodp + hsize, tspace, size);
6061 if( cy )
6062 mpihelp_add_1(prodp + hsize + size, prodp + hsize + size,
6063 hsize, cy);
6064
6065 MPN_COPY(prodp, tspace, hsize);
6066 cy = mpihelp_add_n (prodp + hsize, prodp + hsize, tspace + hsize, hsize);
6067 if( cy )
6068 mpihelp_add_1 (prodp + size, prodp + size, size, 1);
6069 }
6070 }
6071
6072
6073 /* This should be made into an inline function in gmp.h. */
6074 void
6075 mpihelp_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size)
6076 {
6077 int secure;
6078
6079 if( up == vp ) {
6080 if( size < KARATSUBA_THRESHOLD )
6081 mpih_sqr_n_basecase( prodp, up, size );
6082 else {
6083 mpi_ptr_t tspace;
6084 secure = m_is_secure( up );
6085 tspace = mpi_alloc_limb_space( 2 * size, secure );
6086 mpih_sqr_n( prodp, up, size, tspace );
6087 mpi_free_limb_space( tspace );
6088 }
6089 }
6090 else {
6091 if( size < KARATSUBA_THRESHOLD )
6092 mul_n_basecase( prodp, up, vp, size );
6093 else {
6094 mpi_ptr_t tspace;
6095 secure = m_is_secure( up ) || m_is_secure( vp );
6096 tspace = mpi_alloc_limb_space( 2 * size, secure );
6097 mul_n (prodp, up, vp, size, tspace);
6098 mpi_free_limb_space( tspace );
6099 }
6100 }
6101 }
6102
6103
6104
6105 void
6106 mpihelp_mul_karatsuba_case( mpi_ptr_t prodp,
6107 mpi_ptr_t up, mpi_size_t usize,
6108 mpi_ptr_t vp, mpi_size_t vsize,
6109 struct karatsuba_ctx *ctx )
6110 {
6111 mpi_limb_t cy;
6112
6113 if( !ctx->tspace || ctx->tspace_size < vsize ) {
6114 if( ctx->tspace )
6115 mpi_free_limb_space( ctx->tspace );
6116 ctx->tspace = mpi_alloc_limb_space( 2 * vsize,
6117 m_is_secure( up ) || m_is_secure( vp ) );
6118 ctx->tspace_size = vsize;
6119 }
6120
6121 MPN_MUL_N_RECURSE( prodp, up, vp, vsize, ctx->tspace );
6122
6123 prodp += vsize;
6124 up += vsize;
6125 usize -= vsize;
6126 if( usize >= vsize ) {
6127 if( !ctx->tp || ctx->tp_size < vsize ) {
6128 if( ctx->tp )
6129 mpi_free_limb_space( ctx->tp );
6130 ctx->tp = mpi_alloc_limb_space( 2 * vsize, m_is_secure( up )
6131 || m_is_secure( vp ) );
6132 ctx->tp_size = vsize;
6133 }
6134
6135 do {
6136 MPN_MUL_N_RECURSE( ctx->tp, up, vp, vsize, ctx->tspace );
6137 cy = mpihelp_add_n( prodp, prodp, ctx->tp, vsize );
6138 mpihelp_add_1( prodp + vsize, ctx->tp + vsize, vsize, cy );
6139 prodp += vsize;
6140 up += vsize;
6141 usize -= vsize;
6142 } while( usize >= vsize );
6143 }
6144
6145 if( usize ) {
6146 if( usize < KARATSUBA_THRESHOLD ) {
6147 mpihelp_mul( ctx->tspace, vp, vsize, up, usize );
6148 }
6149 else {
6150 if( !ctx->next ) {
6151 ctx->next = xmalloc_clear( sizeof *ctx );
6152 }
6153 mpihelp_mul_karatsuba_case( ctx->tspace,
6154 vp, vsize,
6155 up, usize,
6156 ctx->next );
6157 }
6158
6159 cy = mpihelp_add_n( prodp, prodp, ctx->tspace, vsize);
6160 mpihelp_add_1( prodp + vsize, ctx->tspace + vsize, usize, cy );
6161 }
6162 }
6163
6164
6165 void
6166 mpihelp_release_karatsuba_ctx( struct karatsuba_ctx *ctx )
6167 {
6168 struct karatsuba_ctx *ctx2;
6169
6170 if( ctx->tp )
6171 mpi_free_limb_space( ctx->tp );
6172 if( ctx->tspace )
6173 mpi_free_limb_space( ctx->tspace );
6174 for( ctx=ctx->next; ctx; ctx = ctx2 ) {
6175 ctx2 = ctx->next;
6176 if( ctx->tp )
6177 mpi_free_limb_space( ctx->tp );
6178 if( ctx->tspace )
6179 mpi_free_limb_space( ctx->tspace );
6180 xfree( ctx );
6181 }
6182 }
6183
6184 /* Multiply the natural numbers u (pointed to by UP, with USIZE limbs)
6185 * and v (pointed to by VP, with VSIZE limbs), and store the result at
6186 * PRODP. USIZE + VSIZE limbs are always stored, but if the input
6187 * operands are normalized. Return the most significant limb of the
6188 * result.
6189 *
6190 * NOTE: The space pointed to by PRODP is overwritten before finished
6191 * with U and V, so overlap is an error.
6192 *
6193 * Argument constraints:
6194 * 1. USIZE >= VSIZE.
6195 * 2. PRODP != UP and PRODP != VP, i.e. the destination
6196 * must be distinct from the multiplier and the multiplicand.
6197 */
6198
6199 mpi_limb_t
6200 mpihelp_mul( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t usize,
6201 mpi_ptr_t vp, mpi_size_t vsize)
6202 {
6203 mpi_ptr_t prod_endp = prodp + usize + vsize - 1;
6204 mpi_limb_t cy;
6205 struct karatsuba_ctx ctx;
6206
6207 if( vsize < KARATSUBA_THRESHOLD ) {
6208 mpi_size_t i;
6209 mpi_limb_t v_limb;
6210
6211 if( !vsize )
6212 return 0;
6213
6214 /* Multiply by the first limb in V separately, as the result can be
6215 * stored (not added) to PROD. We also avoid a loop for zeroing. */
6216 v_limb = vp[0];
6217 if( v_limb <= 1 ) {
6218 if( v_limb == 1 )
6219 MPN_COPY( prodp, up, usize );
6220 else
6221 MPN_ZERO( prodp, usize );
6222 cy = 0;
6223 }
6224 else
6225 cy = mpihelp_mul_1( prodp, up, usize, v_limb );
6226
6227 prodp[usize] = cy;
6228 prodp++;
6229
6230 /* For each iteration in the outer loop, multiply one limb from
6231 * U with one limb from V, and add it to PROD. */
6232 for( i = 1; i < vsize; i++ ) {
6233 v_limb = vp[i];
6234 if( v_limb <= 1 ) {
6235 cy = 0;
6236 if( v_limb == 1 )
6237 cy = mpihelp_add_n(prodp, prodp, up, usize);
6238 }
6239 else
6240 cy = mpihelp_addmul_1(prodp, up, usize, v_limb);
6241
6242 prodp[usize] = cy;
6243 prodp++;
6244 }
6245
6246 return cy;
6247 }
6248
6249 memset( &ctx, 0, sizeof ctx );
6250 mpihelp_mul_karatsuba_case( prodp, up, usize, vp, vsize, &ctx );
6251 mpihelp_release_karatsuba_ctx( &ctx );
6252 return *prod_endp;
6253 }
6254
6255
-(0 . 0)(1 . 56)
6260 /* mpihelp-mul_1.c - MPI helper functions
6261 * Modified by No Such Labs. (C) 2015. See README.
6262 *
6263 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
6264 * SHA256(gnupg-1.4.10.tar.gz):
6265 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
6266 * (C) 1994-2005 Free Software Foundation, Inc.
6267 *
6268 * This program is free software: you can redistribute it and/or modify
6269 * it under the terms of the GNU General Public License as published by
6270 * the Free Software Foundation, either version 3 of the License, or
6271 * (at your option) any later version.
6272 *
6273 * This program is distributed in the hope that it will be useful,
6274 * but WITHOUT ANY WARRANTY; without even the implied warranty of
6275 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
6276 * GNU General Public License for more details.
6277 *
6278 * You should have received a copy of the GNU General Public License
6279 * along with this program. If not, see <http://www.gnu.org/licenses/>.
6280 */
6281
6282 #include <stdio.h>
6283 #include <stdlib.h>
6284
6285 #include "knobs.h"
6286 #include "mpi-internal.h"
6287 #include "longlong.h"
6288
6289 mpi_limb_t
6290 mpihelp_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
6291 mpi_limb_t s2_limb)
6292 {
6293 mpi_limb_t cy_limb;
6294 mpi_size_t j;
6295 mpi_limb_t prod_high, prod_low;
6296
6297 /* The loop counter and index J goes from -S1_SIZE to -1. This way
6298 * the loop becomes faster. */
6299 j = -s1_size;
6300
6301 /* Offset the base pointers to compensate for the negative indices. */
6302 s1_ptr -= j;
6303 res_ptr -= j;
6304
6305 cy_limb = 0;
6306 do {
6307 umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb );
6308 prod_low += cy_limb;
6309 cy_limb = (prod_low < cy_limb?1:0) + prod_high;
6310 res_ptr[j] = prod_low;
6311 } while( ++j );
6312
6313 return cy_limb;
6314 }
6315
-(0 . 0)(1 . 61)
6320 /* mpihelp-mul_2.c - MPI helper functions
6321 * Modified by No Such Labs. (C) 2015. See README.
6322 *
6323 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
6324 * SHA256(gnupg-1.4.10.tar.gz):
6325 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
6326 * (C) 1994-2005 Free Software Foundation, Inc.
6327 *
6328 * This program is free software: you can redistribute it and/or modify
6329 * it under the terms of the GNU General Public License as published by
6330 * the Free Software Foundation, either version 3 of the License, or
6331 * (at your option) any later version.
6332 *
6333 * This program is distributed in the hope that it will be useful,
6334 * but WITHOUT ANY WARRANTY; without even the implied warranty of
6335 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
6336 * GNU General Public License for more details.
6337 *
6338 * You should have received a copy of the GNU General Public License
6339 * along with this program. If not, see <http://www.gnu.org/licenses/>.
6340 */
6341
6342 #include <stdio.h>
6343 #include <stdlib.h>
6344
6345 #include "knobs.h"
6346 #include "mpi-internal.h"
6347 #include "longlong.h"
6348
6349
6350 mpi_limb_t
6351 mpihelp_addmul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
6352 mpi_size_t s1_size, mpi_limb_t s2_limb)
6353 {
6354 mpi_limb_t cy_limb;
6355 mpi_size_t j;
6356 mpi_limb_t prod_high, prod_low;
6357 mpi_limb_t x;
6358
6359 /* The loop counter and index J goes from -SIZE to -1. This way
6360 * the loop becomes faster. */
6361 j = -s1_size;
6362 res_ptr -= j;
6363 s1_ptr -= j;
6364
6365 cy_limb = 0;
6366 do {
6367 umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb );
6368
6369 prod_low += cy_limb;
6370 cy_limb = (prod_low < cy_limb?1:0) + prod_high;
6371
6372 x = res_ptr[j];
6373 prod_low = x + prod_low;
6374 cy_limb += prod_low < x?1:0;
6375 res_ptr[j] = prod_low;
6376 } while ( ++j );
6377 return cy_limb;
6378 }
6379
6380
-(0 . 0)(1 . 62)
6385 /* mpihelp-mul_3.c - MPI helper functions
6386 * Modified by No Such Labs. (C) 2015. See README.
6387 *
6388 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
6389 * SHA256(gnupg-1.4.10.tar.gz):
6390 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
6391 * (C) 1994-2005 Free Software Foundation, Inc.
6392 *
6393 * This program is free software: you can redistribute it and/or modify
6394 * it under the terms of the GNU General Public License as published by
6395 * the Free Software Foundation, either version 3 of the License, or
6396 * (at your option) any later version.
6397 *
6398 * This program is distributed in the hope that it will be useful,
6399 * but WITHOUT ANY WARRANTY; without even the implied warranty of
6400 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
6401 * GNU General Public License for more details.
6402 *
6403 * You should have received a copy of the GNU General Public License
6404 * along with this program. If not, see <http://www.gnu.org/licenses/>.
6405 */
6406
6407 #include <stdio.h>
6408 #include <stdlib.h>
6409
6410 #include "knobs.h"
6411 #include "mpi-internal.h"
6412 #include "longlong.h"
6413
6414
6415 mpi_limb_t
6416 mpihelp_submul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
6417 mpi_size_t s1_size, mpi_limb_t s2_limb)
6418 {
6419 mpi_limb_t cy_limb;
6420 mpi_size_t j;
6421 mpi_limb_t prod_high, prod_low;
6422 mpi_limb_t x;
6423
6424 /* The loop counter and index J goes from -SIZE to -1. This way
6425 * the loop becomes faster. */
6426 j = -s1_size;
6427 res_ptr -= j;
6428 s1_ptr -= j;
6429
6430 cy_limb = 0;
6431 do {
6432 umul_ppmm( prod_high, prod_low, s1_ptr[j], s2_limb);
6433
6434 prod_low += cy_limb;
6435 cy_limb = (prod_low < cy_limb?1:0) + prod_high;
6436
6437 x = res_ptr[j];
6438 prod_low = x - prod_low;
6439 cy_limb += prod_low > x?1:0;
6440 res_ptr[j] = prod_low;
6441 } while( ++j );
6442
6443 return cy_limb;
6444 }
6445
6446
-(0 . 0)(1 . 62)
6451 /* mpih-rshift.c - MPI helper functions
6452 * Modified by No Such Labs. (C) 2015. See README.
6453 *
6454 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
6455 * SHA256(gnupg-1.4.10.tar.gz):
6456 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
6457 * (C) 1994-2005 Free Software Foundation, Inc.
6458 *
6459 * This program is free software: you can redistribute it and/or modify
6460 * it under the terms of the GNU General Public License as published by
6461 * the Free Software Foundation, either version 3 of the License, or
6462 * (at your option) any later version.
6463 *
6464 * This program is distributed in the hope that it will be useful,
6465 * but WITHOUT ANY WARRANTY; without even the implied warranty of
6466 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
6467 * GNU General Public License for more details.
6468 *
6469 * You should have received a copy of the GNU General Public License
6470 * along with this program. If not, see <http://www.gnu.org/licenses/>.
6471 */
6472
6473 #include <stdio.h>
6474 #include <stdlib.h>
6475
6476 #include "knobs.h"
6477 #include "mpi-internal.h"
6478
6479
6480 /* Shift U (pointed to by UP and USIZE limbs long) CNT bits to the right
6481 * and store the USIZE least significant limbs of the result at WP.
6482 * The bits shifted out to the right are returned.
6483 *
6484 * Argument constraints:
6485 * 1. 0 < CNT < BITS_PER_MP_LIMB
6486 * 2. If the result is to be written over the input, WP must be <= UP.
6487 */
6488
6489 mpi_limb_t
6490 mpihelp_rshift( mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize, unsigned cnt)
6491 {
6492 mpi_limb_t high_limb, low_limb;
6493 unsigned sh_1, sh_2;
6494 mpi_size_t i;
6495 mpi_limb_t retval;
6496
6497 sh_1 = cnt;
6498 wp -= 1;
6499 sh_2 = BITS_PER_MPI_LIMB - sh_1;
6500 high_limb = up[0];
6501 retval = high_limb << sh_2;
6502 low_limb = high_limb;
6503 for( i=1; i < usize; i++) {
6504 high_limb = up[i];
6505 wp[i] = (low_limb >> sh_1) | (high_limb << sh_2);
6506 low_limb = high_limb;
6507 }
6508 wp[i] = low_limb >> sh_1;
6509
6510 return retval;
6511 }
6512
-(0 . 0)(1 . 60)
6517 /* mpihelp-add_2.c - MPI helper functions
6518 * Modified by No Such Labs. (C) 2015. See README.
6519 *
6520 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
6521 * SHA256(gnupg-1.4.10.tar.gz):
6522 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
6523 * (C) 1994-2005 Free Software Foundation, Inc.
6524 *
6525 * This program is free software: you can redistribute it and/or modify
6526 * it under the terms of the GNU General Public License as published by
6527 * the Free Software Foundation, either version 3 of the License, or
6528 * (at your option) any later version.
6529 *
6530 * This program is distributed in the hope that it will be useful,
6531 * but WITHOUT ANY WARRANTY; without even the implied warranty of
6532 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
6533 * GNU General Public License for more details.
6534 *
6535 * You should have received a copy of the GNU General Public License
6536 * along with this program. If not, see <http://www.gnu.org/licenses/>.
6537 */
6538
6539 #include <stdio.h>
6540 #include <stdlib.h>
6541
6542 #include "knobs.h"
6543 #include "mpi-internal.h"
6544 #include "longlong.h"
6545
6546 mpi_limb_t
6547 mpihelp_sub_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
6548 mpi_ptr_t s2_ptr, mpi_size_t size)
6549 {
6550 mpi_limb_t x, y, cy;
6551 mpi_size_t j;
6552
6553 /* The loop counter and index J goes from -SIZE to -1. This way
6554 the loop becomes faster. */
6555 j = -size;
6556
6557 /* Offset the base pointers to compensate for the negative indices. */
6558 s1_ptr -= j;
6559 s2_ptr -= j;
6560 res_ptr -= j;
6561
6562 cy = 0;
6563 do {
6564 y = s2_ptr[j];
6565 x = s1_ptr[j];
6566 y += cy; /* add previous carry to subtrahend */
6567 cy = y < cy; /* get out carry from that addition */
6568 y = x - y; /* main subtract */
6569 cy += y > x; /* get out carry from the subtract, combine */
6570 res_ptr[j] = y;
6571 } while( ++j );
6572
6573 return cy;
6574 }
6575
6576
-(0 . 0)(1 . 508)
6581 /* mpiutil.ac - Utility functions for MPI
6582 * Modified by No Such Labs. (C) 2015. See README.
6583 *
6584 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
6585 * SHA256(gnupg-1.4.10.tar.gz):
6586 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
6587 * (C) 1994-2005 Free Software Foundation, Inc.
6588 *
6589 * This program is free software: you can redistribute it and/or modify
6590 * it under the terms of the GNU General Public License as published by
6591 * the Free Software Foundation, either version 3 of the License, or
6592 * (at your option) any later version.
6593 *
6594 * This program is distributed in the hope that it will be useful,
6595 * but WITHOUT ANY WARRANTY; without even the implied warranty of
6596 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
6597 * GNU General Public License for more details.
6598 *
6599 * You should have received a copy of the GNU General Public License
6600 * along with this program. If not, see <http://www.gnu.org/licenses/>.
6601 */
6602
6603 #include <stdio.h>
6604 #include <stdlib.h>
6605 #include <string.h>
6606 #include <assert.h>
6607
6608 #include "knobs.h"
6609 #include "mpi.h"
6610 #include "mpi-internal.h"
6611 #include "memory.h"
6612 #include "util.h"
6613
6614
6615 #ifdef M_DEBUG
6616 #undef mpi_alloc
6617 #undef mpi_alloc_secure
6618 #undef mpi_free
6619 #endif
6620
6621 /****************
6622 * Note: It was a bad idea to use the number of limbs to allocate
6623 * because on a alpha the limbs are large but we normally need
6624 * integers of n bits - So we should chnage this to bits (or bytes).
6625 *
6626 * But mpi_alloc is used in a lot of places :-)
6627 */
6628 MPI
6629 #ifdef M_DEBUG
6630 mpi_debug_alloc( unsigned nlimbs, const char *info )
6631 #else
6632 mpi_alloc( unsigned nlimbs )
6633 #endif
6634 {
6635 MPI a;
6636
6637 if( DBG_MEMORY )
6638 log_debug("mpi_alloc(%u)\n", nlimbs*BITS_PER_MPI_LIMB );
6639 #ifdef M_DEBUG
6640 a = m_debug_alloc( sizeof *a, info );
6641 a->d = nlimbs? mpi_debug_alloc_limb_space( nlimbs, 0, info ) : NULL;
6642 #else
6643 a = xmalloc( sizeof *a );
6644 a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 0 ) : NULL;
6645 #endif
6646 a->alloced = nlimbs;
6647 a->nlimbs = 0;
6648 a->sign = 0;
6649 a->flags = 0;
6650 a->nbits = 0;
6651 return a;
6652 }
6653
6654 void
6655 mpi_m_check( MPI a )
6656 {
6657 m_check(a);
6658 m_check(a->d);
6659 }
6660
6661 MPI
6662 #ifdef M_DEBUG
6663 mpi_debug_alloc_secure( unsigned nlimbs, const char *info )
6664 #else
6665 mpi_alloc_secure( unsigned nlimbs )
6666 #endif
6667 {
6668 MPI a;
6669
6670 if( DBG_MEMORY )
6671 log_debug("mpi_alloc_secure(%u)\n", nlimbs*BITS_PER_MPI_LIMB );
6672 #ifdef M_DEBUG
6673 a = m_debug_alloc( sizeof *a, info );
6674 a->d = nlimbs? mpi_debug_alloc_limb_space( nlimbs, 1, info ) : NULL;
6675 #else
6676 a = xmalloc( sizeof *a );
6677 a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 1 ) : NULL;
6678 #endif
6679 a->alloced = nlimbs;
6680 a->flags = 1;
6681 a->nlimbs = 0;
6682 a->sign = 0;
6683 a->nbits = 0;
6684 return a;
6685 }
6686
6687
6688 #if 0
6689 static void *unused_limbs_5;
6690 static void *unused_limbs_32;
6691 static void *unused_limbs_64;
6692 #endif
6693
6694 mpi_ptr_t
6695 #ifdef M_DEBUG
6696 mpi_debug_alloc_limb_space( unsigned nlimbs, int secure, const char *info )
6697 #else
6698 mpi_alloc_limb_space( unsigned nlimbs, int secure )
6699 #endif
6700 {
6701 size_t len = nlimbs * sizeof(mpi_limb_t);
6702 mpi_ptr_t p;
6703
6704 if( DBG_MEMORY )
6705 log_debug("mpi_alloc_limb_space(%u)\n", (unsigned)len*8 );
6706 #if 0
6707 if( !secure ) {
6708 if( nlimbs == 5 && unused_limbs_5 ) { /* DSA 160 bits */
6709 p = unused_limbs_5;
6710 unused_limbs_5 = *p;
6711 return p;
6712 }
6713 else if( nlimbs == 32 && unused_limbs_32 ) { /* DSA 1024 bits */
6714 p = unused_limbs_32;
6715 unused_limbs_32 = *p;
6716 return p;
6717 }
6718 else if( nlimbs == 64 && unused_limbs_64 ) { /* DSA 2*1024 bits */
6719 p = unused_limbs_64;
6720 unused_limbs_64 = *p;
6721 return p;
6722 }
6723 }
6724 #endif
6725
6726 #ifdef M_DEBUG
6727 p = secure? m_debug_alloc_secure(len, info):m_debug_alloc( len, info );
6728 #else
6729 p = secure? xmalloc_secure( len ):xmalloc( len );
6730 #endif
6731
6732 return p;
6733 }
6734
6735 void
6736 #ifdef M_DEBUG
6737 mpi_debug_free_limb_space( mpi_ptr_t a, const char *info )
6738 #else
6739 mpi_free_limb_space( mpi_ptr_t a )
6740 #endif
6741 {
6742 if( !a )
6743 return;
6744 if( DBG_MEMORY )
6745 log_debug("mpi_free_limb_space of size %lu\n", (ulong)m_size(a)*8 );
6746
6747 #if 0
6748 if( !m_is_secure(a) ) {
6749 size_t nlimbs = m_size(a) / 4 ;
6750 void *p = a;
6751
6752 if( nlimbs == 5 ) { /* DSA 160 bits */
6753 *a = unused_limbs_5;
6754 unused_limbs_5 = a;
6755 return;
6756 }
6757 else if( nlimbs == 32 ) { /* DSA 1024 bits */
6758 *a = unused_limbs_32;
6759 unused_limbs_32 = a;
6760 return;
6761 }
6762 else if( nlimbs == 64 ) { /* DSA 2*1024 bits */
6763 *a = unused_limbs_64;
6764 unused_limbs_64 = a;
6765 return;
6766 }
6767 }
6768 #endif
6769
6770 xfree(a);
6771 }
6772
6773
6774 void
6775 mpi_assign_limb_space( MPI a, mpi_ptr_t ap, unsigned nlimbs )
6776 {
6777 mpi_free_limb_space(a->d);
6778 a->d = ap;
6779 a->alloced = nlimbs;
6780 }
6781
6782
6783
6784 /****************
6785 * Resize the array of A to NLIMBS. the additional space is cleared
6786 * (set to 0) [done by xrealloc()]
6787 */
6788 void
6789 #ifdef M_DEBUG
6790 mpi_debug_resize( MPI a, unsigned nlimbs, const char *info )
6791 #else
6792 mpi_resize( MPI a, unsigned nlimbs )
6793 #endif
6794 {
6795 if( nlimbs <= a->alloced )
6796 return; /* no need to do it */
6797 /* Note: a->secure is not used - instead the realloc functions
6798 * take care of it. Maybe we should drop a->secure completely
6799 * and rely on a mpi_is_secure function, which would be
6800 * a wrapper around m_is_secure
6801 */
6802 #ifdef M_DEBUG
6803 if( a->d )
6804 a->d = m_debug_realloc(a->d, nlimbs * sizeof(mpi_limb_t), info );
6805 else
6806 a->d = m_debug_alloc_clear( nlimbs * sizeof(mpi_limb_t), info );
6807 #else
6808 if( a->d )
6809 a->d = xrealloc(a->d, nlimbs * sizeof(mpi_limb_t) );
6810 else
6811 a->d = xmalloc_clear( nlimbs * sizeof(mpi_limb_t) );
6812 #endif
6813 a->alloced = nlimbs;
6814 }
6815
6816 void
6817 mpi_clear( MPI a )
6818 {
6819 a->nlimbs = 0;
6820 a->nbits = 0;
6821 a->flags = 0;
6822 }
6823
6824
6825 void
6826 #ifdef M_DEBUG
6827 mpi_debug_free( MPI a, const char *info )
6828 #else
6829 mpi_free( MPI a )
6830 #endif
6831 {
6832 if( !a )
6833 return;
6834 if( DBG_MEMORY )
6835 log_debug("mpi_free\n" );
6836 if( a->flags & 4 )
6837 xfree( a->d );
6838 else {
6839 #ifdef M_DEBUG
6840 mpi_debug_free_limb_space(a->d, info);
6841 #else
6842 mpi_free_limb_space(a->d);
6843 #endif
6844 }
6845 if( a->flags & ~7 )
6846 log_bug("invalid flag value in mpi\n");
6847 xfree(a);
6848 }
6849
6850
6851 void
6852 mpi_set_secure( MPI a )
6853 {
6854 mpi_ptr_t ap, bp;
6855
6856 if( (a->flags & 1) )
6857 return;
6858 a->flags |= 1;
6859 ap = a->d;
6860 if( !a->nlimbs ) {
6861 assert(!ap);
6862 return;
6863 }
6864 #ifdef M_DEBUG
6865 bp = mpi_debug_alloc_limb_space( a->nlimbs, 1, "set_secure" );
6866 #else
6867 bp = mpi_alloc_limb_space( a->nlimbs, 1 );
6868 #endif
6869 MPN_COPY( bp, ap, a->nlimbs );
6870 a->d = bp;
6871 #ifdef M_DEBUG
6872 mpi_debug_free_limb_space(ap, "set_secure");
6873 #else
6874 mpi_free_limb_space(ap);
6875 #endif
6876 }
6877
6878
6879 MPI
6880 mpi_set_opaque( MPI a, void *p, unsigned int len )
6881 {
6882 if( !a ) {
6883 #ifdef M_DEBUG
6884 a = mpi_debug_alloc(0,"alloc_opaque");
6885 #else
6886 a = mpi_alloc(0);
6887 #endif
6888 }
6889
6890 if( a->flags & 4 )
6891 xfree( a->d );
6892 else {
6893 #ifdef M_DEBUG
6894 mpi_debug_free_limb_space(a->d, "alloc_opaque");
6895 #else
6896 mpi_free_limb_space(a->d);
6897 #endif
6898 }
6899
6900 a->d = p;
6901 a->alloced = 0;
6902 a->nlimbs = 0;
6903 a->nbits = len;
6904 a->flags = 4;
6905 return a;
6906 }
6907
6908
6909 void *
6910 mpi_get_opaque( MPI a, unsigned int *len )
6911 {
6912 if( !(a->flags & 4) )
6913 log_bug("mpi_get_opaque on normal mpi\n");
6914 if( len )
6915 *len = a->nbits;
6916 return a->d;
6917 }
6918
6919
6920 /****************
6921 * Note: This copy function should not interpret the MPI
6922 * but copy it transparently.
6923 */
6924 MPI
6925 #ifdef M_DEBUG
6926 mpi_debug_copy( MPI a, const char *info )
6927 #else
6928 mpi_copy( MPI a )
6929 #endif
6930 {
6931 int i;
6932 MPI b;
6933
6934 if( a && (a->flags & 4) ) {
6935 void *p = m_is_secure(a->d)? xmalloc_secure( a->nbits )
6936 : xmalloc( a->nbits );
6937 memcpy( p, a->d, a->nbits );
6938 b = mpi_set_opaque( NULL, p, a->nbits );
6939 }
6940 else if( a ) {
6941 #ifdef M_DEBUG
6942 b = mpi_is_secure(a)? mpi_debug_alloc_secure( a->nlimbs, info )
6943 : mpi_debug_alloc( a->nlimbs, info );
6944 #else
6945 b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs )
6946 : mpi_alloc( a->nlimbs );
6947 #endif
6948 b->nlimbs = a->nlimbs;
6949 b->sign = a->sign;
6950 b->flags = a->flags;
6951 b->nbits = a->nbits;
6952 for(i=0; i < b->nlimbs; i++ )
6953 b->d[i] = a->d[i];
6954 }
6955 else
6956 b = NULL;
6957 return b;
6958 }
6959
6960
6961 /****************
6962 * This function allocates an MPI which is optimized to hold
6963 * a value as large as the one given in the argument and allocates it
6964 * with the same flags as A.
6965 */
6966 MPI
6967 #ifdef M_DEBUG
6968 mpi_debug_alloc_like( MPI a, const char *info )
6969 #else
6970 mpi_alloc_like( MPI a )
6971 #endif
6972 {
6973 MPI b;
6974
6975 if( a && (a->flags & 4) ) {
6976 void *p = m_is_secure(a->d)? xmalloc_secure( a->nbits )
6977 : xmalloc( a->nbits );
6978 memcpy( p, a->d, a->nbits );
6979 b = mpi_set_opaque( NULL, p, a->nbits );
6980 }
6981 else if( a ) {
6982 #ifdef M_DEBUG
6983 b = mpi_is_secure(a)? mpi_debug_alloc_secure( a->nlimbs, info )
6984 : mpi_debug_alloc( a->nlimbs, info );
6985 #else
6986 b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs )
6987 : mpi_alloc( a->nlimbs );
6988 #endif
6989 b->nlimbs = 0;
6990 b->sign = 0;
6991 b->flags = a->flags;
6992 b->nbits = 0;
6993 }
6994 else
6995 b = NULL;
6996 return b;
6997 }
6998
6999
7000 void
7001 mpi_set( MPI w, MPI u)
7002 {
7003 mpi_ptr_t wp, up;
7004 mpi_size_t usize = u->nlimbs;
7005 int usign = u->sign;
7006
7007 RESIZE_IF_NEEDED(w, usize);
7008 wp = w->d;
7009 up = u->d;
7010 MPN_COPY( wp, up, usize );
7011 w->nlimbs = usize;
7012 w->nbits = u->nbits;
7013 w->flags = u->flags;
7014 w->sign = usign;
7015 }
7016
7017
7018 void
7019 mpi_set_ui( MPI w, unsigned long u)
7020 {
7021 RESIZE_IF_NEEDED(w, 1);
7022 w->d[0] = u;
7023 w->nlimbs = u? 1:0;
7024 w->sign = 0;
7025 w->nbits = 0;
7026 w->flags = 0;
7027 }
7028
7029
7030 MPI
7031 mpi_alloc_set_ui( unsigned long u)
7032 {
7033 #ifdef M_DEBUG
7034 MPI w = mpi_debug_alloc(1,"alloc_set_ui");
7035 #else
7036 MPI w = mpi_alloc(1);
7037 #endif
7038 w->d[0] = u;
7039 w->nlimbs = u? 1:0;
7040 w->sign = 0;
7041 return w;
7042 }
7043
7044
7045 void
7046 mpi_swap( MPI a, MPI b)
7047 {
7048 struct gcry_mpi tmp;
7049
7050 tmp = *a; *a = *b; *b = tmp;
7051 }
7052
7053
7054 int
7055 mpi_get_nlimbs (MPI a)
7056 {
7057 return a->nlimbs;
7058 }
7059
7060
7061 int
7062 mpi_is_neg (MPI a)
7063 {
7064 return a->sign;
7065 }
7066
7067
7068 /* Return the number of limbs to store an MPI which is specified by
7069 the number of bytes to represent it. */
7070 unsigned int
7071 mpi_nlimb_hint_from_nbytes (unsigned int nbytes)
7072 {
7073 return (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB;
7074 }
7075
7076 /* Return the number of limbs to store an MPI which is specified by
7077 the number of bytes to represent it. */
7078 unsigned int
7079 mpi_nlimb_hint_from_nbits (unsigned int nbits)
7080 {
7081 return (nbits+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB;
7082 }
7083
7084 unsigned int
7085 mpi_get_flags (MPI a)
7086 {
7087 return a->flags;
7088 }
-(0 . 0)(1 . 1)
7093 obj
-(0 . 0)(1 . 511)
7099 /* secmem.c - memory allocation from a secure heap
7100 * Modified by No Such Labs. (C) 2015. See README.
7101 *
7102 * This file was originally part of Gnu Privacy Guard (GPG), ver. 1.4.10,
7103 * SHA256(gnupg-1.4.10.tar.gz):
7104 * 0bfd74660a2f6cedcf7d8256db4a63c996ffebbcdc2cf54397bfb72878c5a85a
7105 * (C) 1994-2005 Free Software Foundation, Inc.
7106 *
7107 * This program is free software: you can redistribute it and/or modify
7108 * it under the terms of the GNU General Public License as published by
7109 * the Free Software Foundation, either version 3 of the License, or
7110 * (at your option) any later version.
7111 *
7112 * This program is distributed in the hope that it will be useful,
7113 * but WITHOUT ANY WARRANTY; without even the implied warranty of
7114 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
7115 * GNU General Public License for more details.
7116 *
7117 * You should have received a copy of the GNU General Public License
7118 * along with this program. If not, see <http://www.gnu.org/licenses/>.
7119 */
7120
7121 #include "knobs.h"
7122
7123 #include <stdio.h>
7124 #include <stdlib.h>
7125 #include <string.h>
7126 #include <errno.h>
7127 #include <stdarg.h>
7128 #include <unistd.h>
7129 #if defined(HAVE_MLOCK) || defined(HAVE_MMAP)
7130 #include <sys/mman.h>
7131 #include <sys/types.h>
7132 #include <fcntl.h>
7133 #ifdef USE_CAPABILITIES
7134 #include <sys/capability.h>
7135 #endif
7136 #ifdef HAVE_PLOCK
7137 #include <sys/lock.h>
7138 #endif
7139 #endif
7140
7141 #include "types.h"
7142 #include "memory.h"
7143 #include "util.h"
7144
7145 /* MinGW doesn't seem to prototype getpagesize, though it does have
7146 it. */
7147 #if !HAVE_DECL_GETPAGESIZE
7148 int getpagesize(void);
7149 #endif
7150
7151 #if defined(MAP_ANON) && !defined(MAP_ANONYMOUS)
7152 #define MAP_ANONYMOUS MAP_ANON
7153 #endif
7154 /* It seems that Slackware 7.1 does not know about EPERM */
7155 #if !defined(EPERM) && defined(ENOMEM)
7156 #define EPERM ENOMEM
7157 #endif
7158
7159
7160 #define DEFAULT_POOLSIZE 16384
7161
7162 typedef struct memblock_struct MEMBLOCK;
7163 struct memblock_struct {
7164 unsigned size;
7165 union {
7166 MEMBLOCK *next;
7167 PROPERLY_ALIGNED_TYPE aligned;
7168 } u;
7169 };
7170
7171
7172
7173 static void *pool;
7174 static volatile int pool_okay; /* may be checked in an atexit function */
7175 #ifdef HAVE_MMAP
7176 static volatile int pool_is_mmapped;
7177 #endif
7178 static size_t poolsize; /* allocated length */
7179 static size_t poollen; /* used length */
7180 static MEMBLOCK *unused_blocks;
7181 static unsigned max_alloced;
7182 static unsigned cur_alloced;
7183 static unsigned max_blocks;
7184 static unsigned cur_blocks;
7185 static int disable_secmem;
7186 static int show_warning;
7187 static int no_warning;
7188 static int suspend_warning;
7189
7190
7191 static void
7192 print_warn(void)
7193 {
7194 if (!no_warning)
7195 {
7196 log_info("WARNING: using insecure memory!\n");
7197 }
7198 }
7199
7200
7201 static void
7202 lock_pool( void *p, size_t n )
7203 {
7204 #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK)
7205 int err;
7206
7207 cap_set_proc( cap_from_text("cap_ipc_lock+ep") );
7208 err = mlock( p, n );
7209 if( err && errno )
7210 err = errno;
7211 cap_set_proc( cap_from_text("cap_ipc_lock+p") );
7212
7213 if( err ) {
7214 if( errno != EPERM
7215 #ifdef EAGAIN /* OpenBSD returns this */
7216 && errno != EAGAIN
7217 #endif
7218 #ifdef ENOSYS /* Some SCOs return this (function not implemented) */
7219 && errno != ENOSYS
7220 #endif
7221 #ifdef ENOMEM /* Linux can return this */
7222 && errno != ENOMEM
7223 #endif
7224 )
7225 log_error("can't lock memory: %s\n", strerror(err));
7226 show_warning = 1;
7227 }
7228
7229 #elif defined(HAVE_MLOCK)
7230 uid_t uid;
7231 int err;
7232
7233 uid = getuid();
7234
7235 #ifdef HAVE_BROKEN_MLOCK
7236 /* ick. but at least we get secured memory. about to lock
7237 entire data segment. */
7238 #ifdef HAVE_PLOCK
7239 # ifdef _AIX
7240 /* The configure for AIX returns broken mlock but the plock has
7241 the strange requirement to somehow set the stack limit first.
7242 The problem might turn out in indeterministic program behaviour
7243 and hanging processes which can somehow be solved when enough
7244 processes are clogging up the memory. To get this problem out
7245 of the way we simply don't try to lock the memory at all.
7246 */
7247 errno = EPERM;
7248 err = errno;
7249 # else /* !_AIX */
7250 err = plock( DATLOCK );
7251 if( err && errno )
7252 err = errno;
7253 # endif /*_AIX*/
7254 #else /*!HAVE_PLOCK*/
7255 if( uid ) {
7256 errno = EPERM;
7257 err = errno;
7258 }
7259 else {
7260 err = mlock( p, n );
7261 if( err && errno )
7262 err = errno;
7263 }
7264 #endif /*!HAVE_PLOCK*/
7265 #else
7266 err = mlock( p, n );
7267 if( err && errno )
7268 err = errno;
7269 #endif
7270
7271 if( uid && !geteuid() ) {
7272 /* check that we really dropped the privs.
7273 * Note: setuid(0) should always fail */
7274 if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
7275 log_fatal("failed to reset uid: %s\n", strerror(errno));
7276 }
7277
7278 if( err ) {
7279 if( errno != EPERM
7280 #ifdef EAGAIN /* OpenBSD returns this */
7281 && errno != EAGAIN
7282 #endif
7283 #ifdef ENOSYS /* Some SCOs return this (function not implemented) */
7284 && errno != ENOSYS
7285 #endif
7286 #ifdef ENOMEM /* Linux can return this */
7287 && errno != ENOMEM
7288 #endif
7289 )
7290 log_error("can't lock memory: %s\n", strerror(err));
7291 show_warning = 1;
7292 }
7293
7294 #elif defined ( __QNX__ )
7295 /* QNX does not page at all, so the whole secure memory stuff does
7296 * not make much sense. However it is still of use because it
7297 * wipes out the memory on a free().
7298 * Therefore it is sufficient to suppress the warning
7299 */
7300 #elif defined (HAVE_DOSISH_SYSTEM) || defined (__CYGWIN__)
7301 /* It does not make sense to print such a warning, given the fact that
7302 * this whole Windows !@#$% and their user base are inherently insecure
7303 */
7304 #else
7305 log_info("Please note that you don't have secure memory on this system\n");
7306 #endif
7307 }
7308
7309
7310 static void
7311 init_pool( size_t n)
7312 {
7313 long int pgsize_val;
7314 size_t pgsize;
7315
7316 poolsize = n;
7317
7318 if( disable_secmem )
7319 log_bug("secure memory is disabled");
7320
7321 #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
7322 pgsize_val = sysconf (_SC_PAGESIZE);
7323 #elif defined(HAVE_GETPAGESIZE)
7324 pgsize_val = getpagesize ();
7325 #else
7326 pgsize_val = -1;
7327 #endif
7328 pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val : 4096;
7329
7330
7331 #ifdef HAVE_MMAP
7332 poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1);
7333 #ifdef MAP_ANONYMOUS
7334 pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE,
7335 MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
7336 #else /* map /dev/zero instead */
7337 { int fd;
7338
7339 fd = open("/dev/zero", O_RDWR);
7340 if( fd == -1 ) {
7341 log_error("can't open /dev/zero: %s\n", strerror(errno) );
7342 pool = (void*)-1;
7343 }
7344 else {
7345 pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE,
7346 MAP_PRIVATE, fd, 0);
7347 close (fd);
7348 }
7349 }
7350 #endif
7351 if( pool == (void*)-1 )
7352 log_info("can't mmap pool of %u bytes: %s - using malloc\n",
7353 (unsigned)poolsize, strerror(errno));
7354 else {
7355 pool_is_mmapped = 1;
7356 pool_okay = 1;
7357 }
7358
7359 #endif
7360 if( !pool_okay ) {
7361 pool = malloc( poolsize );
7362 if( !pool )
7363 log_fatal("can't allocate memory pool of %u bytes\n",
7364 (unsigned)poolsize);
7365 else
7366 pool_okay = 1;
7367 }
7368 lock_pool( pool, poolsize );
7369 poollen = 0;
7370 }
7371
7372
7373 /* concatenate unused blocks */
7374 static void
7375 compress_pool(void)
7376 {
7377 /* fixme: we really should do this */
7378 }
7379
7380 void
7381 secmem_set_flags( unsigned flags )
7382 {
7383 int was_susp = suspend_warning;
7384
7385 no_warning = flags & 1;
7386 suspend_warning = flags & 2;
7387
7388 /* and now issue the warning if it is not longer suspended */
7389 if( was_susp && !suspend_warning && show_warning ) {
7390 show_warning = 0;
7391 print_warn();
7392 }
7393 }
7394
7395 unsigned
7396 secmem_get_flags(void)
7397 {
7398 unsigned flags;
7399
7400 flags = no_warning ? 1:0;
7401 flags |= suspend_warning ? 2:0;
7402 return flags;
7403 }
7404
7405 /* Returns 1 if memory was locked, 0 if not. */
7406 int
7407 secmem_init( size_t n )
7408 {
7409 if( !n ) {
7410 #ifdef USE_CAPABILITIES
7411 /* drop all capabilities */
7412 cap_set_proc( cap_from_text("all-eip") );
7413 #elif !defined(HAVE_DOSISH_SYSTEM)
7414 uid_t uid;
7415 disable_secmem=1;
7416 uid = getuid();
7417 if( uid != geteuid() ) {
7418 if( setuid( uid ) || getuid() != geteuid() || !setuid(0) )
7419 log_fatal("failed to drop setuid\n" );
7420 }
7421 #endif
7422 }
7423 else {
7424 if( n < DEFAULT_POOLSIZE )
7425 n = DEFAULT_POOLSIZE;
7426 if( !pool_okay )
7427 init_pool(n);
7428 else
7429 log_error("Oops, secure memory pool already initialized\n");
7430 }
7431
7432 return !show_warning;
7433 }
7434
7435
7436 void *
7437 secmem_malloc( size_t size )
7438 {
7439 MEMBLOCK *mb, *mb2;
7440 int compressed=0;
7441
7442 if( !pool_okay ) {
7443 log_info(
7444 "operation is not possible without initialized secure memory\n");
7445 log_info("(you may have used the wrong program for this task)\n");
7446 exit(2);
7447 }
7448 if( show_warning && !suspend_warning ) {
7449 show_warning = 0;
7450 print_warn();
7451 }
7452
7453 /* Blocks are always a multiple of 32. Note that we allocate an
7454 extra of the size of an entire MEMBLOCK. This is required
7455 becuase we do not only need the SIZE info but also extra space
7456 to chain up unused memory blocks. */
7457 size += sizeof(MEMBLOCK);
7458 size = ((size + 31) / 32) * 32;
7459
7460 retry:
7461 /* try to get it from the used blocks */
7462 for(mb = unused_blocks,mb2=NULL; mb; mb2=mb, mb = mb->u.next )
7463 if( mb->size >= size ) {
7464 if( mb2 )
7465 mb2->u.next = mb->u.next;
7466 else
7467 unused_blocks = mb->u.next;
7468 goto leave;
7469 }
7470 /* allocate a new block */
7471 if( (poollen + size <= poolsize) ) {
7472 mb = (void*)((char*)pool + poollen);
7473 poollen += size;
7474 mb->size = size;
7475 }
7476 else if( !compressed ) {
7477 compressed=1;
7478 compress_pool();
7479 goto retry;
7480 }
7481 else
7482 return NULL;
7483
7484 leave:
7485 cur_alloced += mb->size;
7486 cur_blocks++;
7487 if( cur_alloced > max_alloced )
7488 max_alloced = cur_alloced;
7489 if( cur_blocks > max_blocks )
7490 max_blocks = cur_blocks;
7491
7492 return &mb->u.aligned.c;
7493 }
7494
7495
7496 void *
7497 secmexrealloc( void *p, size_t newsize )
7498 {
7499 MEMBLOCK *mb;
7500 size_t size;
7501 void *a;
7502
7503 mb = (MEMBLOCK*)((char*)p - ((size_t) &((MEMBLOCK*)0)->u.aligned.c));
7504 size = mb->size;
7505 if (size < sizeof(MEMBLOCK))
7506 log_bug ("secure memory corrupted at block %p\n", (void *)mb);
7507 size -= ((size_t) &((MEMBLOCK*)0)->u.aligned.c);
7508
7509 if( newsize <= size )
7510 return p; /* It is easier not to shrink the memory. */
7511 a = secmem_malloc( newsize );
7512 if ( a ) {
7513 memcpy(a, p, size);
7514 memset((char*)a+size, 0, newsize-size);
7515 secmem_free(p);
7516 }
7517 return a;
7518 }
7519
7520
7521 void
7522 secmem_free( void *a )
7523 {
7524 MEMBLOCK *mb;
7525 size_t size;
7526
7527 if( !a )
7528 return;
7529
7530 mb = (MEMBLOCK*)((char*)a - ((size_t) &((MEMBLOCK*)0)->u.aligned.c));
7531 size = mb->size;
7532 /* This does not make much sense: probably this memory is held in the
7533 * cache. We do it anyway: */
7534 wipememory2(mb, 0xff, size );
7535 wipememory2(mb, 0xaa, size );
7536 wipememory2(mb, 0x55, size );
7537 wipememory2(mb, 0x00, size );
7538 mb->size = size;
7539 mb->u.next = unused_blocks;
7540 unused_blocks = mb;
7541 cur_blocks--;
7542 cur_alloced -= size;
7543 }
7544
7545
7546 /* Check whether P points into the pool. */
7547 static int
7548 ptr_into_pool_p (const void *p)
7549 {
7550 /* We need to convert pointers to addresses. This is required by
7551 C-99 6.5.8 to avoid undefined behaviour. Using size_t is at
7552 least only implementation defined. See also
7553 http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html
7554 */
7555 size_t p_addr = (size_t)p;
7556 size_t pool_addr = (size_t)pool;
7557
7558 return p_addr >= pool_addr && p_addr < pool_addr+poolsize;
7559 }
7560
7561
7562 int
7563 m_is_secure( const void *p )
7564 {
7565 return pool_okay && ptr_into_pool_p (p);
7566 }
7567
7568
7569
7570 /****************
7571 * Warning: This code might be called by an interrupt handler
7572 * and frankly, there should really be such a handler,
7573 * to make sure that the memory is wiped out.
7574 * We hope that the OS wipes out mlocked memory after
7575 * receiving a SIGKILL - it really should do so, otherwise
7576 * there is no chance to get the secure memory cleaned.
7577 */
7578 void
7579 secmem_term()
7580 {
7581 if( !pool_okay )
7582 return;
7583
7584 wipememory2( pool, 0xff, poolsize);
7585 wipememory2( pool, 0xaa, poolsize);
7586 wipememory2( pool, 0x55, poolsize);
7587 wipememory2( pool, 0x00, poolsize);
7588 #ifdef HAVE_MMAP
7589 if( pool_is_mmapped )
7590 munmap( pool, poolsize );
7591 #endif
7592 pool = NULL;
7593 pool_okay = 0;
7594 poolsize=0;
7595 poollen=0;
7596 unused_blocks=NULL;
7597 }
7598
7599
7600 void
7601 secmem_dump_stats()
7602 {
7603 if( disable_secmem )
7604 return;
7605 fprintf(stderr,
7606 "secmem usage: %u/%u bytes in %u/%u blocks of pool %lu/%lu\n",
7607 cur_alloced, max_alloced, cur_blocks, max_blocks,
7608 (ulong)poollen, (ulong)poolsize );
7609 }
-(0 . 0)(1 . 24)
7614 PROGRAM = test_mpi
7615
7616 CXX = gcc
7617 OBJECTS := $(patsubst %.c,%.o,$(wildcard *.c))
7618 FLAGS = -g -Wall
7619 INCLUDE = -I ../include
7620 MPI = ../bin/mpi.a
7621 LIBS := $(MPI)
7622
7623 .SUFFIXES: .o .c
7624
7625 .c.o:
7626 $(CXX) $(FLAGS) $(INCLUDE) -c $< -o $@
7627
7628 all: $(PROGRAM)
7629
7630 $(PROGRAM): $(OBJECTS)
7631 $(CXX) $(FLAGS) $(INCLUDE) -o $(PROGRAM) $(OBJECTS) $(LIBS)
7632
7633 clean :
7634 rm -rf nul core *flymake* *.o $(PROGRAM) *~ bin obj
7635
7636 check-syntax:
7637 $(CXX) -c $(FLAGS) $(INCLUDE) -o nul -Wall -S $(CHK_SOURCES)
-(0 . 0)(1 . 39)
7642 #include "mpi.h"
7643 #include <stdlib.h>
7644
7645 void err(char *msg)
7646 {
7647 fprintf(stderr, "%s\n", msg);
7648 exit(1);
7649 }
7650
7651 void terpri(FILE *fp)
7652 {
7653 fprintf(fp, "\n");
7654 }
7655
7656 int main(int ac, char **av)
7657 {
7658 MPI a, b, y;
7659 int r;
7660
7661 r = secmem_init(1000);
7662 if (r==0) err("secmem init");
7663
7664 a = mpi_alloc_secure(0);
7665 b = mpi_alloc_secure(0);
7666 y = mpi_alloc_secure(0);
7667 mpi_fromstr(a, "0x1B0B206C488601");
7668 mpi_fromstr(b, "0x20E92FE28E1929");
7669 mpi_mul(y, a, b);
7670 mpi_free(a);
7671 mpi_free(b);
7672
7673 mpi_print(stdout, y, 1);
7674 mpi_free(y);
7675
7676 terpri(stdout);
7677 secmem_term();
7678
7679 return 0;
7680 }