diff --git a/mpi/ec.c b/mpi/ec.c index 659bb5ca..0b6ae9a9 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1,2062 +1,2062 @@ /* ec.c - Elliptic Curve functions * Copyright (C) 2007 Free Software Foundation, Inc. * Copyright (C) 2013 g10 Code GmbH * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ #include #include #include #include #include "mpi-internal.h" #include "longlong.h" #include "g10lib.h" #include "context.h" #include "ec-context.h" #include "ec-internal.h" extern void reverse_buffer (unsigned char *buffer, unsigned int length); #define point_init(a) _gcry_mpi_point_init ((a)) #define point_free(a) _gcry_mpi_point_free_parts ((a)) /* Print a point using the log functions. If CTX is not NULL affine coordinates will be printed. */ void _gcry_mpi_point_log (const char *name, mpi_point_t point, mpi_ec_t ctx) { gcry_mpi_t x, y; char buf[100]; if (!point) { snprintf (buf, sizeof buf - 1, "%s.*", name); log_mpidump (buf, NULL); return; } snprintf (buf, sizeof buf - 1, "%s.X", name); if (ctx) { x = mpi_new (0); y = mpi_new (0); } if (!ctx || _gcry_mpi_ec_get_affine (x, y, point, ctx)) { log_mpidump (buf, point->x); buf[strlen(buf)-1] = 'Y'; log_mpidump (buf, point->y); buf[strlen(buf)-1] = 'Z'; log_mpidump (buf, point->z); } else { buf[strlen(buf)-1] = 'x'; log_mpidump (buf, x); buf[strlen(buf)-1] = 'y'; log_mpidump (buf, y); } if (ctx) { _gcry_mpi_release (x); _gcry_mpi_release (y); } } /* Create a new point option. NBITS gives the size in bits of one coordinate; it is only used to pre-allocate some resources and might also be passed as 0 to use a default value. */ mpi_point_t _gcry_mpi_point_new (unsigned int nbits) { mpi_point_t p; (void)nbits; /* Currently not used. */ p = xmalloc (sizeof *p); _gcry_mpi_point_init (p); return p; } /* Release the point object P. P may be NULL. */ void _gcry_mpi_point_release (mpi_point_t p) { if (p) { _gcry_mpi_point_free_parts (p); xfree (p); } } /* Initialize the fields of a point object. gcry_mpi_point_free_parts may be used to release the fields. */ void _gcry_mpi_point_init (mpi_point_t p) { p->x = mpi_new (0); p->y = mpi_new (0); p->z = mpi_new (0); } /* Release the parts of a point object. */ void _gcry_mpi_point_free_parts (mpi_point_t p) { mpi_free (p->x); p->x = NULL; mpi_free (p->y); p->y = NULL; mpi_free (p->z); p->z = NULL; } /* Set the value from S into D. */ static void point_set (mpi_point_t d, mpi_point_t s) { mpi_set (d->x, s->x); mpi_set (d->y, s->y); mpi_set (d->z, s->z); } /* Return a copy of POINT. */ gcry_mpi_point_t _gcry_mpi_point_copy (gcry_mpi_point_t point) { mpi_point_t newpoint; newpoint = _gcry_mpi_point_new (0); if (point) point_set (newpoint, point); return newpoint; } -static void -point_resize (mpi_point_t p, mpi_ec_t ctx) +void +_gcry_mpi_ec_point_resize (mpi_point_t p, mpi_ec_t ctx) { size_t nlimbs = ctx->p->nlimbs; mpi_resize (p->x, nlimbs); p->x->nlimbs = nlimbs; mpi_resize (p->z, nlimbs); p->z->nlimbs = nlimbs; if (ctx->model != MPI_EC_MONTGOMERY) { mpi_resize (p->y, nlimbs); p->y->nlimbs = nlimbs; } } static void point_swap_cond (mpi_point_t d, mpi_point_t s, unsigned long swap, mpi_ec_t ctx) { mpi_swap_cond (d->x, s->x, swap); if (ctx->model != MPI_EC_MONTGOMERY) mpi_swap_cond (d->y, s->y, swap); mpi_swap_cond (d->z, s->z, swap); } /* Set the projective coordinates from POINT into X, Y, and Z. If a coordinate is not required, X, Y, or Z may be passed as NULL. */ void _gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z, mpi_point_t point) { if (x) mpi_set (x, point->x); if (y) mpi_set (y, point->y); if (z) mpi_set (z, point->z); } /* Set the projective coordinates from POINT into X, Y, and Z and release POINT. If a coordinate is not required, X, Y, or Z may be passed as NULL. */ void _gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z, mpi_point_t point) { mpi_snatch (x, point->x); mpi_snatch (y, point->y); mpi_snatch (z, point->z); xfree (point); } /* Set the projective coordinates from X, Y, and Z into POINT. If a coordinate is given as NULL, the value 0 is stored into point. If POINT is given as NULL a new point object is allocated. Returns POINT or the newly allocated point object. */ mpi_point_t _gcry_mpi_point_set (mpi_point_t point, gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z) { if (!point) point = mpi_point_new (0); if (x) mpi_set (point->x, x); else mpi_clear (point->x); if (y) mpi_set (point->y, y); else mpi_clear (point->y); if (z) mpi_set (point->z, z); else mpi_clear (point->z); return point; } /* Set the projective coordinates from X, Y, and Z into POINT. If a coordinate is given as NULL, the value 0 is stored into point. If POINT is given as NULL a new point object is allocated. The coordinates X, Y, and Z are released. Returns POINT or the newly allocated point object. */ mpi_point_t _gcry_mpi_point_snatch_set (mpi_point_t point, gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z) { if (!point) point = mpi_point_new (0); if (x) mpi_snatch (point->x, x); else mpi_clear (point->x); if (y) mpi_snatch (point->y, y); else mpi_clear (point->y); if (z) mpi_snatch (point->z, z); else mpi_clear (point->z); return point; } /* W = W mod P. */ static void ec_mod (gcry_mpi_t w, mpi_ec_t ec) { if (0 && ec->dialect == ECC_DIALECT_ED25519) _gcry_mpi_ec_ed25519_mod (w); else if (ec->t.p_barrett) _gcry_mpi_mod_barrett (w, w, ec->t.p_barrett); else _gcry_mpi_mod (w, w, ec->p); } static void ec_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_add (w, u, v); ec_mod (w, ctx); } static void ec_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ec) { mpi_sub (w, u, v); while (w->sign) mpi_add (w, w, ec->p); /*ec_mod (w, ec);*/ } static void ec_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_mul (w, u, v); ec_mod (w, ctx); } /* W = 2 * U mod P. */ static void ec_mul2 (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx) { mpi_lshift (w, u, 1); ec_mod (w, ctx); } static void ec_powm (gcry_mpi_t w, const gcry_mpi_t b, const gcry_mpi_t e, mpi_ec_t ctx) { mpi_powm (w, b, e, ctx->p); /* _gcry_mpi_abs (w); */ } /* Shortcut for ec_powm (B, B, mpi_const (MPI_C_TWO), ctx); for easier optimization. */ static void ec_pow2 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx) { /* Using mpi_mul is slightly faster (at least on amd64). */ /* mpi_powm (w, b, mpi_const (MPI_C_TWO), ctx->p); */ ec_mulm (w, b, b, ctx); } /* Shortcut for ec_powm (B, B, mpi_const (MPI_C_THREE), ctx); for easier optimization. */ static void ec_pow3 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx) { mpi_powm (w, b, mpi_const (MPI_C_THREE), ctx->p); } static void ec_invm (gcry_mpi_t x, gcry_mpi_t a, mpi_ec_t ctx) { if (!mpi_invm (x, a, ctx->p)) { log_error ("ec_invm: inverse does not exist:\n"); log_mpidump (" a", a); log_mpidump (" p", ctx->p); } } /* Routines for 2^255 - 19. */ #define LIMB_SIZE_25519 ((256+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB) static void ec_addm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_ptr_t wp, up, vp; mpi_size_t wsize = LIMB_SIZE_25519; mpi_limb_t n[LIMB_SIZE_25519]; mpi_limb_t borrow; if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize) log_bug ("addm_25519: different sizes\n"); memset (n, 0, sizeof n); up = u->d; vp = v->d; wp = w->d; _gcry_mpih_add_n (wp, up, vp, wsize); borrow = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize); mpih_set_cond (n, ctx->p->d, wsize, (borrow != 0UL)); _gcry_mpih_add_n (wp, wp, n, wsize); wp[LIMB_SIZE_25519-1] &= ~((mpi_limb_t)1 << (255 % BITS_PER_MPI_LIMB)); } static void ec_subm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_ptr_t wp, up, vp; mpi_size_t wsize = LIMB_SIZE_25519; mpi_limb_t n[LIMB_SIZE_25519]; mpi_limb_t borrow; if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize) log_bug ("subm_25519: different sizes\n"); memset (n, 0, sizeof n); up = u->d; vp = v->d; wp = w->d; borrow = _gcry_mpih_sub_n (wp, up, vp, wsize); mpih_set_cond (n, ctx->p->d, wsize, (borrow != 0UL)); _gcry_mpih_add_n (wp, wp, n, wsize); wp[LIMB_SIZE_25519-1] &= ~((mpi_limb_t)1 << (255 % BITS_PER_MPI_LIMB)); } static void ec_mulm_25519 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_ptr_t wp, up, vp; mpi_size_t wsize = LIMB_SIZE_25519; mpi_limb_t n[LIMB_SIZE_25519*2]; mpi_limb_t m[LIMB_SIZE_25519+1]; mpi_limb_t cy; int msb; (void)ctx; if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize) log_bug ("mulm_25519: different sizes\n"); up = u->d; vp = v->d; wp = w->d; _gcry_mpih_mul_n (n, up, vp, wsize); memcpy (wp, n, wsize * BYTES_PER_MPI_LIMB); wp[LIMB_SIZE_25519-1] &= ~((mpi_limb_t)1 << (255 % BITS_PER_MPI_LIMB)); memcpy (m, n+LIMB_SIZE_25519-1, (wsize+1) * BYTES_PER_MPI_LIMB); _gcry_mpih_rshift (m, m, LIMB_SIZE_25519+1, (255 % BITS_PER_MPI_LIMB)); memcpy (n, m, wsize * BYTES_PER_MPI_LIMB); cy = _gcry_mpih_lshift (m, m, LIMB_SIZE_25519, 4); m[LIMB_SIZE_25519] = cy; cy = _gcry_mpih_add_n (m, m, n, wsize); m[LIMB_SIZE_25519] += cy; cy = _gcry_mpih_add_n (m, m, n, wsize); m[LIMB_SIZE_25519] += cy; cy = _gcry_mpih_add_n (m, m, n, wsize); m[LIMB_SIZE_25519] += cy; cy = _gcry_mpih_add_n (wp, wp, m, wsize); m[LIMB_SIZE_25519] += cy; memset (m, 0, wsize * BYTES_PER_MPI_LIMB); msb = (wp[LIMB_SIZE_25519-1] >> (255 % BITS_PER_MPI_LIMB)); m[0] = (m[LIMB_SIZE_25519] * 2 + msb) * 19; wp[LIMB_SIZE_25519-1] &= ~((mpi_limb_t)1 << (255 % BITS_PER_MPI_LIMB)); _gcry_mpih_add_n (wp, wp, m, wsize); m[0] = 0; cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize); mpih_set_cond (m, ctx->p->d, wsize, (cy != 0UL)); _gcry_mpih_add_n (wp, wp, m, wsize); } static void ec_mul2_25519 (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx) { ec_addm_25519 (w, u, u, ctx); } static void ec_pow2_25519 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx) { ec_mulm_25519 (w, b, b, ctx); } /* Routines for 2^448 - 2^224 - 1. */ #define LIMB_SIZE_448 ((448+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB) #define LIMB_SIZE_HALF_448 ((LIMB_SIZE_448+1)/2) static void ec_addm_448 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_ptr_t wp, up, vp; mpi_size_t wsize = LIMB_SIZE_448; mpi_limb_t n[LIMB_SIZE_448]; mpi_limb_t cy; if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize) log_bug ("addm_448: different sizes\n"); memset (n, 0, sizeof n); up = u->d; vp = v->d; wp = w->d; cy = _gcry_mpih_add_n (wp, up, vp, wsize); mpih_set_cond (n, ctx->p->d, wsize, (cy != 0UL)); _gcry_mpih_sub_n (wp, wp, n, wsize); } static void ec_subm_448 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_ptr_t wp, up, vp; mpi_size_t wsize = LIMB_SIZE_448; mpi_limb_t n[LIMB_SIZE_448]; mpi_limb_t borrow; if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize) log_bug ("subm_448: different sizes\n"); memset (n, 0, sizeof n); up = u->d; vp = v->d; wp = w->d; borrow = _gcry_mpih_sub_n (wp, up, vp, wsize); mpih_set_cond (n, ctx->p->d, wsize, (borrow != 0UL)); _gcry_mpih_add_n (wp, wp, n, wsize); } static void ec_mulm_448 (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx) { mpi_ptr_t wp, up, vp; mpi_size_t wsize = LIMB_SIZE_448; mpi_limb_t n[LIMB_SIZE_448*2]; mpi_limb_t a2[LIMB_SIZE_HALF_448]; mpi_limb_t a3[LIMB_SIZE_HALF_448]; mpi_limb_t b0[LIMB_SIZE_HALF_448]; mpi_limb_t b1[LIMB_SIZE_HALF_448]; mpi_limb_t cy; int i; #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2) mpi_limb_t b1_rest, a3_rest; #endif if (w->nlimbs != wsize || u->nlimbs != wsize || v->nlimbs != wsize) log_bug ("mulm_448: different sizes\n"); up = u->d; vp = v->d; wp = w->d; _gcry_mpih_mul_n (n, up, vp, wsize); for (i = 0; i < (wsize + 1)/ 2; i++) { b0[i] = n[i]; b1[i] = n[i+wsize/2]; a2[i] = n[i+wsize]; a3[i] = n[i+wsize+wsize/2]; } #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2) b0[LIMB_SIZE_HALF_448-1] &= ((mpi_limb_t)1UL<<32)-1; a2[LIMB_SIZE_HALF_448-1] &= ((mpi_limb_t)1UL<<32)-1; b1_rest = 0; a3_rest = 0; for (i = (wsize + 1)/ 2 -1; i >= 0; i--) { mpi_limb_t b1v, a3v; b1v = b1[i]; a3v = a3[i]; b1[i] = (b1_rest<<32) | (b1v >> 32); a3[i] = (a3_rest<<32) | (a3v >> 32); b1_rest = b1v & (((mpi_limb_t)1UL <<32)-1); a3_rest = a3v & (((mpi_limb_t)1UL <<32)-1); } #endif cy = _gcry_mpih_add_n (b0, b0, a2, LIMB_SIZE_HALF_448); cy += _gcry_mpih_add_n (b0, b0, a3, LIMB_SIZE_HALF_448); for (i = 0; i < (wsize + 1)/ 2; i++) wp[i] = b0[i]; #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2) wp[LIMB_SIZE_HALF_448-1] &= (((mpi_limb_t)1UL <<32)-1); #endif #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2) cy = b0[LIMB_SIZE_HALF_448-1] >> 32; #endif cy = _gcry_mpih_add_1 (b1, b1, LIMB_SIZE_HALF_448, cy); cy += _gcry_mpih_add_n (b1, b1, a2, LIMB_SIZE_HALF_448); cy += _gcry_mpih_add_n (b1, b1, a3, LIMB_SIZE_HALF_448); cy += _gcry_mpih_add_n (b1, b1, a3, LIMB_SIZE_HALF_448); #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2) b1_rest = 0; for (i = (wsize + 1)/ 2 -1; i >= 0; i--) { mpi_limb_t b1v = b1[i]; b1[i] = (b1_rest<<32) | (b1v >> 32); b1_rest = b1v & (((mpi_limb_t)1UL <<32)-1); } wp[LIMB_SIZE_HALF_448-1] |= (b1_rest << 32); #endif for (i = 0; i < wsize / 2; i++) wp[i+(wsize + 1) / 2] = b1[i]; #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2) cy = b1[LIMB_SIZE_HALF_448-1]; #endif memset (n, 0, wsize * BYTES_PER_MPI_LIMB); #if (LIMB_SIZE_HALF_448 > LIMB_SIZE_448/2) n[LIMB_SIZE_HALF_448-1] = cy << 32; #else n[LIMB_SIZE_HALF_448] = cy; #endif n[0] = cy; _gcry_mpih_add_n (wp, wp, n, wsize); memset (n, 0, wsize * BYTES_PER_MPI_LIMB); cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize); mpih_set_cond (n, ctx->p->d, wsize, (cy != 0UL)); _gcry_mpih_add_n (wp, wp, n, wsize); } static void ec_mul2_448 (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx) { ec_addm_448 (w, u, u, ctx); } static void ec_pow2_448 (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx) { ec_mulm_448 (w, b, b, ctx); } struct field_table { const char *p; /* computation routines for the field. */ void (* addm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx); void (* subm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx); void (* mulm) (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, mpi_ec_t ctx); void (* mul2) (gcry_mpi_t w, gcry_mpi_t u, mpi_ec_t ctx); void (* pow2) (gcry_mpi_t w, const gcry_mpi_t b, mpi_ec_t ctx); }; static const struct field_table field_table[] = { { "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED", ec_addm_25519, ec_subm_25519, ec_mulm_25519, ec_mul2_25519, ec_pow2_25519 }, { "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", ec_addm_448, ec_subm_448, ec_mulm_448, ec_mul2_448, ec_pow2_448 }, { NULL, NULL, NULL, NULL, NULL, NULL }, }; /* Force recomputation of all helper variables. */ void _gcry_mpi_ec_get_reset (mpi_ec_t ec) { ec->t.valid.a_is_pminus3 = 0; ec->t.valid.two_inv_p = 0; } /* Accessor for helper variable. */ static int ec_get_a_is_pminus3 (mpi_ec_t ec) { gcry_mpi_t tmp; if (!ec->t.valid.a_is_pminus3) { ec->t.valid.a_is_pminus3 = 1; tmp = mpi_alloc_like (ec->p); mpi_sub_ui (tmp, ec->p, 3); ec->t.a_is_pminus3 = !mpi_cmp (ec->a, tmp); mpi_free (tmp); } return ec->t.a_is_pminus3; } /* Accessor for helper variable. */ static gcry_mpi_t ec_get_two_inv_p (mpi_ec_t ec) { if (!ec->t.valid.two_inv_p) { ec->t.valid.two_inv_p = 1; if (!ec->t.two_inv_p) ec->t.two_inv_p = mpi_alloc (0); ec_invm (ec->t.two_inv_p, mpi_const (MPI_C_TWO), ec); } return ec->t.two_inv_p; } static const char *const curve25519_bad_points[] = { "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed", "0x0000000000000000000000000000000000000000000000000000000000000000", "0x0000000000000000000000000000000000000000000000000000000000000001", "0x00b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebe0", "0x57119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c5f", "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec", "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee", NULL }; static const char *const curve448_bad_points[] = { "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffe" "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "0x00000000000000000000000000000000000000000000000000000000" "00000000000000000000000000000000000000000000000000000000", "0x00000000000000000000000000000000000000000000000000000000" "00000000000000000000000000000000000000000000000000000001", "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffe" "fffffffffffffffffffffffffffffffffffffffffffffffffffffffe", "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffff" "00000000000000000000000000000000000000000000000000000000", NULL }; static const char *const *bad_points_table[] = { curve25519_bad_points, curve448_bad_points, }; static gcry_mpi_t scanval (const char *string) { gpg_err_code_t rc; gcry_mpi_t val; rc = _gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL); if (rc) log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc)); return val; } /* This function initialized a context for elliptic curve based on the field GF(p). P is the prime specifying this field, A is the first coefficient. CTX is expected to be zeroized. */ static void ec_p_init (mpi_ec_t ctx, enum gcry_mpi_ec_models model, enum ecc_dialects dialect, int flags, gcry_mpi_t p, gcry_mpi_t a, gcry_mpi_t b) { int i; static int use_barrett; if (!use_barrett) { if (getenv ("GCRYPT_BARRETT")) use_barrett = 1; else use_barrett = -1; } /* Fixme: Do we want to check some constraints? e.g. a < p */ ctx->model = model; ctx->dialect = dialect; ctx->flags = flags; ctx->nbits = mpi_get_nbits (p); ctx->p = mpi_copy (p); ctx->a = mpi_copy (a); ctx->b = mpi_copy (b); ctx->t.p_barrett = use_barrett > 0? _gcry_mpi_barrett_init (ctx->p, 0):NULL; _gcry_mpi_ec_get_reset (ctx); if (model == MPI_EC_MONTGOMERY) { for (i=0; i< DIM(bad_points_table); i++) { gcry_mpi_t p_candidate = scanval (bad_points_table[i][0]); int match_p = !mpi_cmp (ctx->p, p_candidate); int j; mpi_free (p_candidate); if (!match_p) continue; for (j=0; i< DIM(ctx->t.scratch) && bad_points_table[i][j]; j++) ctx->t.scratch[j] = scanval (bad_points_table[i][j]); } } else { /* Allocate scratch variables. */ for (i=0; i< DIM(ctx->t.scratch); i++) ctx->t.scratch[i] = mpi_alloc_like (ctx->p); } ctx->addm = ec_addm; ctx->subm = ec_subm; ctx->mulm = ec_mulm; ctx->mul2 = ec_mul2; ctx->pow2 = ec_pow2; for (i=0; field_table[i].p; i++) { gcry_mpi_t f_p; gpg_err_code_t rc; rc = _gcry_mpi_scan (&f_p, GCRYMPI_FMT_HEX, field_table[i].p, 0, NULL); if (rc) log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (rc)); if (!mpi_cmp (p, f_p)) { ctx->addm = field_table[i].addm; ctx->subm = field_table[i].subm; ctx->mulm = field_table[i].mulm; ctx->mul2 = field_table[i].mul2; ctx->pow2 = field_table[i].pow2; _gcry_mpi_release (f_p); mpi_resize (ctx->a, ctx->p->nlimbs); ctx->a->nlimbs = ctx->p->nlimbs; mpi_resize (ctx->b, ctx->p->nlimbs); ctx->b->nlimbs = ctx->p->nlimbs; for (i=0; i< DIM(ctx->t.scratch) && ctx->t.scratch[i]; i++) ctx->t.scratch[i]->nlimbs = ctx->p->nlimbs; break; } _gcry_mpi_release (f_p); } /* Prepare for fast reduction. */ /* FIXME: need a test for NIST values. However it does not gain us any real advantage, for 384 bits it is actually slower than using mpi_mulm. */ /* ctx->nist_nbits = mpi_get_nbits (ctx->p); */ /* if (ctx->nist_nbits == 192) */ /* { */ /* for (i=0; i < 4; i++) */ /* ctx->s[i] = mpi_new (192); */ /* ctx->c = mpi_new (192*2); */ /* } */ /* else if (ctx->nist_nbits == 384) */ /* { */ /* for (i=0; i < 10; i++) */ /* ctx->s[i] = mpi_new (384); */ /* ctx->c = mpi_new (384*2); */ /* } */ } static void ec_deinit (void *opaque) { mpi_ec_t ctx = opaque; int i; _gcry_mpi_barrett_free (ctx->t.p_barrett); /* Domain parameter. */ mpi_free (ctx->p); mpi_free (ctx->a); mpi_free (ctx->b); _gcry_mpi_point_release (ctx->G); mpi_free (ctx->n); /* The key. */ _gcry_mpi_point_release (ctx->Q); mpi_free (ctx->d); /* Private data of ec.c. */ mpi_free (ctx->t.two_inv_p); for (i=0; i< DIM(ctx->t.scratch); i++) mpi_free (ctx->t.scratch[i]); /* if (ctx->nist_nbits == 192) */ /* { */ /* for (i=0; i < 4; i++) */ /* mpi_free (ctx->s[i]); */ /* mpi_free (ctx->c); */ /* } */ /* else if (ctx->nist_nbits == 384) */ /* { */ /* for (i=0; i < 10; i++) */ /* mpi_free (ctx->s[i]); */ /* mpi_free (ctx->c); */ /* } */ } /* This function returns a new context for elliptic curve based on the field GF(p). P is the prime specifying this field, A is the first coefficient, B is the second coefficient, and MODEL is the model for the curve. This function is only used within Libgcrypt and not part of the public API. This context needs to be released using _gcry_mpi_ec_free. */ mpi_ec_t _gcry_mpi_ec_p_internal_new (enum gcry_mpi_ec_models model, enum ecc_dialects dialect, int flags, gcry_mpi_t p, gcry_mpi_t a, gcry_mpi_t b) { mpi_ec_t ctx; ctx = xcalloc (1, sizeof *ctx); ec_p_init (ctx, model, dialect, flags, p, a, b); return ctx; } /* This is a variant of _gcry_mpi_ec_p_internal_new which returns an public context and does some error checking on the supplied arguments. On success the new context is stored at R_CTX and 0 is returned; on error NULL is stored at R_CTX and an error code is returned. The context needs to be released using gcry_ctx_release. */ gpg_err_code_t _gcry_mpi_ec_p_new (gcry_ctx_t *r_ctx, enum gcry_mpi_ec_models model, enum ecc_dialects dialect, int flags, gcry_mpi_t p, gcry_mpi_t a, gcry_mpi_t b) { gcry_ctx_t ctx; mpi_ec_t ec; *r_ctx = NULL; if (!p || !a) return GPG_ERR_EINVAL; ctx = _gcry_ctx_alloc (CONTEXT_TYPE_EC, sizeof *ec, ec_deinit); if (!ctx) return gpg_err_code_from_syserror (); ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); ec_p_init (ec, model, dialect, flags, p, a, b); *r_ctx = ctx; return 0; } void _gcry_mpi_ec_free (mpi_ec_t ctx) { if (ctx) { ec_deinit (ctx); xfree (ctx); } } gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy) { mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); return _gcry_ecc_get_mpi (name, ec, copy); } gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name, gcry_ctx_t ctx, int copy) { mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); (void)copy; /* Not used. */ return _gcry_ecc_get_point (name, ec); } gpg_err_code_t _gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue, gcry_ctx_t ctx) { mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); return _gcry_ecc_set_mpi (name, newvalue, ec); } gpg_err_code_t _gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue, gcry_ctx_t ctx) { mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); return _gcry_ecc_set_point (name, newvalue, ec); } /* Given an encoded point in the MPI VALUE and a context EC, decode * the point according to the context and store it in RESULT. On * error an error code is return but RESULT might have been changed. * If no context is given the function tries to decode VALUE by * assuming a 0x04 prefixed uncompressed encoding. */ gpg_err_code_t _gcry_mpi_ec_decode_point (mpi_point_t result, gcry_mpi_t value, mpi_ec_t ec) { gpg_err_code_t rc; if (ec && (ec->dialect == ECC_DIALECT_ED25519 || (ec->model == MPI_EC_EDWARDS && ec->dialect == ECC_DIALECT_SAFECURVE))) rc = _gcry_ecc_eddsa_decodepoint (value, ec, result, NULL, NULL); else if (ec && ec->model == MPI_EC_MONTGOMERY) rc = _gcry_ecc_mont_decodepoint (value, ec, result); else rc = _gcry_ecc_sec_decodepoint (value, ec, result); return rc; } /* Compute the affine coordinates from the projective coordinates in POINT. Set them into X and Y. If one coordinate is not required, X or Y may be passed as NULL. CTX is the usual context. Returns: 0 on success or !0 if POINT is at infinity. */ int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, mpi_point_t point, mpi_ec_t ctx) { if (!mpi_cmp_ui (point->z, 0)) return -1; switch (ctx->model) { case MPI_EC_WEIERSTRASS: /* Using Jacobian coordinates. */ { gcry_mpi_t z1, z2, z3; z1 = mpi_new (0); z2 = mpi_new (0); ec_invm (z1, point->z, ctx); /* z1 = z^(-1) mod p */ ec_mulm (z2, z1, z1, ctx); /* z2 = z^(-2) mod p */ if (x) ec_mulm (x, point->x, z2, ctx); if (y) { z3 = mpi_new (0); ec_mulm (z3, z2, z1, ctx); /* z3 = z^(-3) mod p */ ec_mulm (y, point->y, z3, ctx); mpi_free (z3); } mpi_free (z2); mpi_free (z1); } return 0; case MPI_EC_MONTGOMERY: { if (x) mpi_set (x, point->x); if (y) { log_fatal ("%s: Getting Y-coordinate on %s is not supported\n", "_gcry_mpi_ec_get_affine", "Montgomery"); return -1; } } return 0; case MPI_EC_EDWARDS: { gcry_mpi_t z; z = mpi_new (0); ec_invm (z, point->z, ctx); mpi_resize (z, ctx->p->nlimbs); z->nlimbs = ctx->p->nlimbs; if (x) { mpi_resize (x, ctx->p->nlimbs); x->nlimbs = ctx->p->nlimbs; ctx->mulm (x, point->x, z, ctx); } if (y) { mpi_resize (y, ctx->p->nlimbs); y->nlimbs = ctx->p->nlimbs; ctx->mulm (y, point->y, z, ctx); } _gcry_mpi_release (z); } return 0; default: return -1; } } /* RESULT = 2 * POINT (Weierstrass version). */ static void dup_point_weierstrass (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx) { #define x3 (result->x) #define y3 (result->y) #define z3 (result->z) #define t1 (ctx->t.scratch[0]) #define t2 (ctx->t.scratch[1]) #define t3 (ctx->t.scratch[2]) #define l1 (ctx->t.scratch[3]) #define l2 (ctx->t.scratch[4]) #define l3 (ctx->t.scratch[5]) if (!mpi_cmp_ui (point->y, 0) || !mpi_cmp_ui (point->z, 0)) { /* P_y == 0 || P_z == 0 => [1:1:0] */ mpi_set_ui (x3, 1); mpi_set_ui (y3, 1); mpi_set_ui (z3, 0); } else { if (ec_get_a_is_pminus3 (ctx)) /* Use the faster case. */ { /* L1 = 3(X - Z^2)(X + Z^2) */ /* T1: used for Z^2. */ /* T2: used for the right term. */ ec_pow2 (t1, point->z, ctx); ec_subm (l1, point->x, t1, ctx); ec_mulm (l1, l1, mpi_const (MPI_C_THREE), ctx); ec_addm (t2, point->x, t1, ctx); ec_mulm (l1, l1, t2, ctx); } else /* Standard case. */ { /* L1 = 3X^2 + aZ^4 */ /* T1: used for aZ^4. */ ec_pow2 (l1, point->x, ctx); ec_mulm (l1, l1, mpi_const (MPI_C_THREE), ctx); ec_powm (t1, point->z, mpi_const (MPI_C_FOUR), ctx); ec_mulm (t1, t1, ctx->a, ctx); ec_addm (l1, l1, t1, ctx); } /* Z3 = 2YZ */ ec_mulm (z3, point->y, point->z, ctx); ec_mul2 (z3, z3, ctx); /* L2 = 4XY^2 */ /* T2: used for Y2; required later. */ ec_pow2 (t2, point->y, ctx); ec_mulm (l2, t2, point->x, ctx); ec_mulm (l2, l2, mpi_const (MPI_C_FOUR), ctx); /* X3 = L1^2 - 2L2 */ /* T1: used for L2^2. */ ec_pow2 (x3, l1, ctx); ec_mul2 (t1, l2, ctx); ec_subm (x3, x3, t1, ctx); /* L3 = 8Y^4 */ /* T2: taken from above. */ ec_pow2 (t2, t2, ctx); ec_mulm (l3, t2, mpi_const (MPI_C_EIGHT), ctx); /* Y3 = L1(L2 - X3) - L3 */ ec_subm (y3, l2, x3, ctx); ec_mulm (y3, y3, l1, ctx); ec_subm (y3, y3, l3, ctx); } #undef x3 #undef y3 #undef z3 #undef t1 #undef t2 #undef t3 #undef l1 #undef l2 #undef l3 } /* RESULT = 2 * POINT (Montgomery version). */ static void dup_point_montgomery (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx) { (void)result; (void)point; (void)ctx; log_fatal ("%s: %s not yet supported\n", "_gcry_mpi_ec_dup_point", "Montgomery"); } /* RESULT = 2 * POINT (Twisted Edwards version). */ static void dup_point_edwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx) { #define X1 (point->x) #define Y1 (point->y) #define Z1 (point->z) #define X3 (result->x) #define Y3 (result->y) #define Z3 (result->z) #define B (ctx->t.scratch[0]) #define C (ctx->t.scratch[1]) #define D (ctx->t.scratch[2]) #define E (ctx->t.scratch[3]) #define F (ctx->t.scratch[4]) #define H (ctx->t.scratch[5]) #define J (ctx->t.scratch[6]) /* Compute: (X_3 : Y_3 : Z_3) = 2( X_1 : Y_1 : Z_1 ) */ /* B = (X_1 + Y_1)^2 */ ctx->addm (B, X1, Y1, ctx); ctx->pow2 (B, B, ctx); /* C = X_1^2 */ /* D = Y_1^2 */ ctx->pow2 (C, X1, ctx); ctx->pow2 (D, Y1, ctx); /* E = aC */ if (ctx->dialect == ECC_DIALECT_ED25519) ctx->subm (E, ctx->p, C, ctx); else ctx->mulm (E, ctx->a, C, ctx); /* F = E + D */ ctx->addm (F, E, D, ctx); /* H = Z_1^2 */ ctx->pow2 (H, Z1, ctx); /* J = F - 2H */ ctx->mul2 (J, H, ctx); ctx->subm (J, F, J, ctx); /* X_3 = (B - C - D) · J */ ctx->subm (X3, B, C, ctx); ctx->subm (X3, X3, D, ctx); ctx->mulm (X3, X3, J, ctx); /* Y_3 = F · (E - D) */ ctx->subm (Y3, E, D, ctx); ctx->mulm (Y3, Y3, F, ctx); /* Z_3 = F · J */ ctx->mulm (Z3, F, J, ctx); #undef X1 #undef Y1 #undef Z1 #undef X3 #undef Y3 #undef Z3 #undef B #undef C #undef D #undef E #undef F #undef H #undef J } /* RESULT = 2 * POINT */ void _gcry_mpi_ec_dup_point (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx) { switch (ctx->model) { case MPI_EC_WEIERSTRASS: dup_point_weierstrass (result, point, ctx); break; case MPI_EC_MONTGOMERY: dup_point_montgomery (result, point, ctx); break; case MPI_EC_EDWARDS: dup_point_edwards (result, point, ctx); break; } } /* RESULT = P1 + P2 (Weierstrass version).*/ static void add_points_weierstrass (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { #define x1 (p1->x ) #define y1 (p1->y ) #define z1 (p1->z ) #define x2 (p2->x ) #define y2 (p2->y ) #define z2 (p2->z ) #define x3 (result->x) #define y3 (result->y) #define z3 (result->z) #define l1 (ctx->t.scratch[0]) #define l2 (ctx->t.scratch[1]) #define l3 (ctx->t.scratch[2]) #define l4 (ctx->t.scratch[3]) #define l5 (ctx->t.scratch[4]) #define l6 (ctx->t.scratch[5]) #define l7 (ctx->t.scratch[6]) #define l8 (ctx->t.scratch[7]) #define l9 (ctx->t.scratch[8]) #define t1 (ctx->t.scratch[9]) #define t2 (ctx->t.scratch[10]) if ( (!mpi_cmp (x1, x2)) && (!mpi_cmp (y1, y2)) && (!mpi_cmp (z1, z2)) ) { /* Same point; need to call the duplicate function. */ _gcry_mpi_ec_dup_point (result, p1, ctx); } else if (!mpi_cmp_ui (z1, 0)) { /* P1 is at infinity. */ mpi_set (x3, p2->x); mpi_set (y3, p2->y); mpi_set (z3, p2->z); } else if (!mpi_cmp_ui (z2, 0)) { /* P2 is at infinity. */ mpi_set (x3, p1->x); mpi_set (y3, p1->y); mpi_set (z3, p1->z); } else { int z1_is_one = !mpi_cmp_ui (z1, 1); int z2_is_one = !mpi_cmp_ui (z2, 1); /* l1 = x1 z2^2 */ /* l2 = x2 z1^2 */ if (z2_is_one) mpi_set (l1, x1); else { ec_pow2 (l1, z2, ctx); ec_mulm (l1, l1, x1, ctx); } if (z1_is_one) mpi_set (l2, x2); else { ec_pow2 (l2, z1, ctx); ec_mulm (l2, l2, x2, ctx); } /* l3 = l1 - l2 */ ec_subm (l3, l1, l2, ctx); /* l4 = y1 z2^3 */ ec_powm (l4, z2, mpi_const (MPI_C_THREE), ctx); ec_mulm (l4, l4, y1, ctx); /* l5 = y2 z1^3 */ ec_powm (l5, z1, mpi_const (MPI_C_THREE), ctx); ec_mulm (l5, l5, y2, ctx); /* l6 = l4 - l5 */ ec_subm (l6, l4, l5, ctx); if (!mpi_cmp_ui (l3, 0)) { if (!mpi_cmp_ui (l6, 0)) { /* P1 and P2 are the same - use duplicate function. */ _gcry_mpi_ec_dup_point (result, p1, ctx); } else { /* P1 is the inverse of P2. */ mpi_set_ui (x3, 1); mpi_set_ui (y3, 1); mpi_set_ui (z3, 0); } } else { /* l7 = l1 + l2 */ ec_addm (l7, l1, l2, ctx); /* l8 = l4 + l5 */ ec_addm (l8, l4, l5, ctx); /* z3 = z1 z2 l3 */ ec_mulm (z3, z1, z2, ctx); ec_mulm (z3, z3, l3, ctx); /* x3 = l6^2 - l7 l3^2 */ ec_pow2 (t1, l6, ctx); ec_pow2 (t2, l3, ctx); ec_mulm (t2, t2, l7, ctx); ec_subm (x3, t1, t2, ctx); /* l9 = l7 l3^2 - 2 x3 */ ec_mul2 (t1, x3, ctx); ec_subm (l9, t2, t1, ctx); /* y3 = (l9 l6 - l8 l3^3)/2 */ ec_mulm (l9, l9, l6, ctx); ec_powm (t1, l3, mpi_const (MPI_C_THREE), ctx); /* fixme: Use saved value*/ ec_mulm (t1, t1, l8, ctx); ec_subm (y3, l9, t1, ctx); ec_mulm (y3, y3, ec_get_two_inv_p (ctx), ctx); } } #undef x1 #undef y1 #undef z1 #undef x2 #undef y2 #undef z2 #undef x3 #undef y3 #undef z3 #undef l1 #undef l2 #undef l3 #undef l4 #undef l5 #undef l6 #undef l7 #undef l8 #undef l9 #undef t1 #undef t2 } /* RESULT = P1 + P2 (Montgomery version).*/ static void add_points_montgomery (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { (void)result; (void)p1; (void)p2; (void)ctx; log_fatal ("%s: %s not yet supported\n", "_gcry_mpi_ec_add_points", "Montgomery"); } /* RESULT = P1 + P2 (Twisted Edwards version).*/ static void add_points_edwards (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { #define X1 (p1->x) #define Y1 (p1->y) #define Z1 (p1->z) #define X2 (p2->x) #define Y2 (p2->y) #define Z2 (p2->z) #define X3 (result->x) #define Y3 (result->y) #define Z3 (result->z) #define A (ctx->t.scratch[0]) #define B (ctx->t.scratch[1]) #define C (ctx->t.scratch[2]) #define D (ctx->t.scratch[3]) #define E (ctx->t.scratch[4]) #define F (ctx->t.scratch[5]) #define G (ctx->t.scratch[6]) #define tmp (ctx->t.scratch[7]) - point_resize (result, ctx); + mpi_point_resize (result, ctx); /* Compute: (X_3 : Y_3 : Z_3) = (X_1 : Y_1 : Z_1) + (X_2 : Y_2 : Z_3) */ /* A = Z1 · Z2 */ ctx->mulm (A, Z1, Z2, ctx); /* B = A^2 */ ctx->pow2 (B, A, ctx); /* C = X1 · X2 */ ctx->mulm (C, X1, X2, ctx); /* D = Y1 · Y2 */ ctx->mulm (D, Y1, Y2, ctx); /* E = d · C · D */ ctx->mulm (E, ctx->b, C, ctx); ctx->mulm (E, E, D, ctx); /* F = B - E */ ctx->subm (F, B, E, ctx); /* G = B + E */ ctx->addm (G, B, E, ctx); /* X_3 = A · F · ((X_1 + Y_1) · (X_2 + Y_2) - C - D) */ ctx->addm (tmp, X1, Y1, ctx); ctx->addm (X3, X2, Y2, ctx); ctx->mulm (X3, X3, tmp, ctx); ctx->subm (X3, X3, C, ctx); ctx->subm (X3, X3, D, ctx); ctx->mulm (X3, X3, F, ctx); ctx->mulm (X3, X3, A, ctx); /* Y_3 = A · G · (D - aC) */ if (ctx->dialect == ECC_DIALECT_ED25519) { ctx->addm (Y3, D, C, ctx); } else { ctx->mulm (Y3, ctx->a, C, ctx); ctx->subm (Y3, D, Y3, ctx); } ctx->mulm (Y3, Y3, G, ctx); ctx->mulm (Y3, Y3, A, ctx); /* Z_3 = F · G */ ctx->mulm (Z3, F, G, ctx); #undef X1 #undef Y1 #undef Z1 #undef X2 #undef Y2 #undef Z2 #undef X3 #undef Y3 #undef Z3 #undef A #undef B #undef C #undef D #undef E #undef F #undef G #undef tmp } /* Compute a step of Montgomery Ladder (only use X and Z in the point). Inputs: P1, P2, and x-coordinate of DIF = P1 - P1. Outputs: PRD = 2 * P1 and SUM = P1 + P2. */ static void montgomery_ladder (mpi_point_t prd, mpi_point_t sum, mpi_point_t p1, mpi_point_t p2, gcry_mpi_t dif_x, mpi_ec_t ctx) { ctx->addm (sum->x, p2->x, p2->z, ctx); ctx->subm (p2->z, p2->x, p2->z, ctx); ctx->addm (prd->x, p1->x, p1->z, ctx); ctx->subm (p1->z, p1->x, p1->z, ctx); ctx->mulm (p2->x, p1->z, sum->x, ctx); ctx->mulm (p2->z, prd->x, p2->z, ctx); ctx->pow2 (p1->x, prd->x, ctx); ctx->pow2 (p1->z, p1->z, ctx); ctx->addm (sum->x, p2->x, p2->z, ctx); ctx->subm (p2->z, p2->x, p2->z, ctx); ctx->mulm (prd->x, p1->x, p1->z, ctx); ctx->subm (p1->z, p1->x, p1->z, ctx); ctx->pow2 (sum->x, sum->x, ctx); ctx->pow2 (sum->z, p2->z, ctx); ctx->mulm (prd->z, p1->z, ctx->a, ctx); /* CTX->A: (a-2)/4 */ ctx->mulm (sum->z, sum->z, dif_x, ctx); ctx->addm (prd->z, p1->x, prd->z, ctx); ctx->mulm (prd->z, prd->z, p1->z, ctx); } /* RESULT = P1 + P2 */ void _gcry_mpi_ec_add_points (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { switch (ctx->model) { case MPI_EC_WEIERSTRASS: add_points_weierstrass (result, p1, p2, ctx); break; case MPI_EC_MONTGOMERY: add_points_montgomery (result, p1, p2, ctx); break; case MPI_EC_EDWARDS: add_points_edwards (result, p1, p2, ctx); break; } } /* RESULT = P1 - P2 (Weierstrass version).*/ static void sub_points_weierstrass (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { (void)result; (void)p1; (void)p2; (void)ctx; log_fatal ("%s: %s not yet supported\n", "_gcry_mpi_ec_sub_points", "Weierstrass"); } /* RESULT = P1 - P2 (Montgomery version).*/ static void sub_points_montgomery (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { (void)result; (void)p1; (void)p2; (void)ctx; log_fatal ("%s: %s not yet supported\n", "_gcry_mpi_ec_sub_points", "Montgomery"); } /* RESULT = P1 - P2 (Twisted Edwards version).*/ static void sub_points_edwards (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { mpi_point_t p2i = _gcry_mpi_point_new (0); point_set (p2i, p2); ctx->subm (p2i->x, ctx->p, p2i->x, ctx); add_points_edwards (result, p1, p2i, ctx); _gcry_mpi_point_release (p2i); } /* RESULT = P1 - P2 */ void _gcry_mpi_ec_sub_points (mpi_point_t result, mpi_point_t p1, mpi_point_t p2, mpi_ec_t ctx) { switch (ctx->model) { case MPI_EC_WEIERSTRASS: sub_points_weierstrass (result, p1, p2, ctx); break; case MPI_EC_MONTGOMERY: sub_points_montgomery (result, p1, p2, ctx); break; case MPI_EC_EDWARDS: sub_points_edwards (result, p1, p2, ctx); break; } } /* Scalar point multiplication - the main function for ECC. If takes an integer SCALAR and a POINT as well as the usual context CTX. RESULT will be set to the resulting point. */ void _gcry_mpi_ec_mul_point (mpi_point_t result, gcry_mpi_t scalar, mpi_point_t point, mpi_ec_t ctx) { gcry_mpi_t x1, y1, z1, k, h, yy; unsigned int i, loops; mpi_point_struct p1, p2, p1inv; if (ctx->model == MPI_EC_EDWARDS || (ctx->model == MPI_EC_WEIERSTRASS && mpi_is_secure (scalar))) { /* Simple left to right binary method. Algorithm 3.27 from * {author={Hankerson, Darrel and Menezes, Alfred J. and Vanstone, Scott}, * title = {Guide to Elliptic Curve Cryptography}, * year = {2003}, isbn = {038795273X}, * url = {http://www.cacr.math.uwaterloo.ca/ecc/}, * publisher = {Springer-Verlag New York, Inc.}} */ unsigned int nbits; int j; if (mpi_cmp (scalar, ctx->p) >= 0) nbits = mpi_get_nbits (scalar); else nbits = mpi_get_nbits (ctx->p); if (ctx->model == MPI_EC_WEIERSTRASS) { mpi_set_ui (result->x, 1); mpi_set_ui (result->y, 1); mpi_set_ui (result->z, 0); } else { mpi_set_ui (result->x, 0); mpi_set_ui (result->y, 1); mpi_set_ui (result->z, 1); - point_resize (point, ctx); + mpi_point_resize (point, ctx); } if (mpi_is_secure (scalar)) { /* If SCALAR is in secure memory we assume that it is the secret key we use constant time operation. */ mpi_point_struct tmppnt; point_init (&tmppnt); - point_resize (result, ctx); - point_resize (&tmppnt, ctx); + mpi_point_resize (result, ctx); + mpi_point_resize (&tmppnt, ctx); for (j=nbits-1; j >= 0; j--) { _gcry_mpi_ec_dup_point (result, result, ctx); _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx); point_swap_cond (result, &tmppnt, mpi_test_bit (scalar, j), ctx); } point_free (&tmppnt); } else { if (ctx->model == MPI_EC_EDWARDS) { - point_resize (result, ctx); - point_resize (point, ctx); + mpi_point_resize (result, ctx); + mpi_point_resize (point, ctx); } for (j=nbits-1; j >= 0; j--) { _gcry_mpi_ec_dup_point (result, result, ctx); if (mpi_test_bit (scalar, j)) _gcry_mpi_ec_add_points (result, result, point, ctx); } } return; } else if (ctx->model == MPI_EC_MONTGOMERY) { unsigned int nbits; int j; mpi_point_struct p1_, p2_; mpi_point_t q1, q2, prd, sum; unsigned long sw; mpi_size_t rsize; int scalar_copied = 0; /* Compute scalar point multiplication with Montgomery Ladder. Note that we don't use Y-coordinate in the points at all. RESULT->Y will be filled by zero. */ nbits = mpi_get_nbits (scalar); point_init (&p1); point_init (&p2); point_init (&p1_); point_init (&p2_); mpi_set_ui (p1.x, 1); mpi_free (p2.x); p2.x = mpi_copy (point->x); mpi_set_ui (p2.z, 1); if (mpi_is_opaque (scalar)) { const unsigned int pbits = ctx->nbits; gcry_mpi_t a; unsigned int n; unsigned char *raw; scalar_copied = 1; raw = _gcry_mpi_get_opaque_copy (scalar, &n); if ((n+7)/8 != (pbits+7)/8) log_fatal ("scalar size (%d) != prime size (%d)\n", (n+7)/8, (pbits+7)/8); reverse_buffer (raw, (n+7)/8); if ((pbits % 8)) raw[0] &= (1 << (pbits % 8)) - 1; raw[0] |= (1 << ((pbits + 7) % 8)); raw[(pbits+7)/8 - 1] &= (256 - ctx->h); a = mpi_is_secure (scalar) ? mpi_snew (pbits): mpi_new (pbits); _gcry_mpi_set_buffer (a, raw, (n+7)/8, 0); xfree (raw); scalar = a; } - point_resize (&p1, ctx); - point_resize (&p2, ctx); - point_resize (&p1_, ctx); - point_resize (&p2_, ctx); + mpi_point_resize (&p1, ctx); + mpi_point_resize (&p2, ctx); + mpi_point_resize (&p1_, ctx); + mpi_point_resize (&p2_, ctx); mpi_resize (point->x, ctx->p->nlimbs); point->x->nlimbs = ctx->p->nlimbs; q1 = &p1; q2 = &p2; prd = &p1_; sum = &p2_; for (j=nbits-1; j >= 0; j--) { mpi_point_t t; sw = mpi_test_bit (scalar, j); point_swap_cond (q1, q2, sw, ctx); montgomery_ladder (prd, sum, q1, q2, point->x, ctx); point_swap_cond (prd, sum, sw, ctx); t = q1; q1 = prd; prd = t; t = q2; q2 = sum; sum = t; } mpi_clear (result->y); sw = (nbits & 1); point_swap_cond (&p1, &p1_, sw, ctx); rsize = p1.z->nlimbs; MPN_NORMALIZE (p1.z->d, rsize); if (rsize == 0) { mpi_set_ui (result->x, 1); mpi_set_ui (result->z, 0); } else { z1 = mpi_new (0); ec_invm (z1, p1.z, ctx); ec_mulm (result->x, p1.x, z1, ctx); mpi_set_ui (result->z, 1); mpi_free (z1); } point_free (&p1); point_free (&p2); point_free (&p1_); point_free (&p2_); if (scalar_copied) _gcry_mpi_release (scalar); return; } x1 = mpi_alloc_like (ctx->p); y1 = mpi_alloc_like (ctx->p); h = mpi_alloc_like (ctx->p); k = mpi_copy (scalar); yy = mpi_copy (point->y); if ( mpi_has_sign (k) ) { k->sign = 0; ec_invm (yy, yy, ctx); } if (!mpi_cmp_ui (point->z, 1)) { mpi_set (x1, point->x); mpi_set (y1, yy); } else { gcry_mpi_t z2, z3; z2 = mpi_alloc_like (ctx->p); z3 = mpi_alloc_like (ctx->p); ec_mulm (z2, point->z, point->z, ctx); ec_mulm (z3, point->z, z2, ctx); ec_invm (z2, z2, ctx); ec_mulm (x1, point->x, z2, ctx); ec_invm (z3, z3, ctx); ec_mulm (y1, yy, z3, ctx); mpi_free (z2); mpi_free (z3); } z1 = mpi_copy (mpi_const (MPI_C_ONE)); mpi_mul (h, k, mpi_const (MPI_C_THREE)); /* h = 3k */ loops = mpi_get_nbits (h); if (loops < 2) { /* If SCALAR is zero, the above mpi_mul sets H to zero and thus LOOPs will be zero. To avoid an underflow of I in the main loop we set LOOP to 2 and the result to (0,0,0). */ loops = 2; mpi_clear (result->x); mpi_clear (result->y); mpi_clear (result->z); } else { mpi_set (result->x, point->x); mpi_set (result->y, yy); mpi_set (result->z, point->z); } mpi_free (yy); yy = NULL; p1.x = x1; x1 = NULL; p1.y = y1; y1 = NULL; p1.z = z1; z1 = NULL; point_init (&p2); point_init (&p1inv); /* Invert point: y = p - y mod p */ point_set (&p1inv, &p1); ec_subm (p1inv.y, ctx->p, p1inv.y, ctx); for (i=loops-2; i > 0; i--) { _gcry_mpi_ec_dup_point (result, result, ctx); if (mpi_test_bit (h, i) == 1 && mpi_test_bit (k, i) == 0) { point_set (&p2, result); _gcry_mpi_ec_add_points (result, &p2, &p1, ctx); } if (mpi_test_bit (h, i) == 0 && mpi_test_bit (k, i) == 1) { point_set (&p2, result); _gcry_mpi_ec_add_points (result, &p2, &p1inv, ctx); } } point_free (&p1); point_free (&p2); point_free (&p1inv); mpi_free (h); mpi_free (k); } /* Return true if POINT is on the curve described by CTX. */ int _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx) { int res = 0; gcry_mpi_t x, y, w; x = mpi_new (0); y = mpi_new (0); w = mpi_new (0); /* Check that the point is in range. This needs to be done here and * not after conversion to affine coordinates. */ if (mpi_cmpabs (point->x, ctx->p) >= 0) goto leave; if (mpi_cmpabs (point->y, ctx->p) >= 0) goto leave; if (mpi_cmpabs (point->z, ctx->p) >= 0) goto leave; switch (ctx->model) { case MPI_EC_WEIERSTRASS: { gcry_mpi_t xxx; if (_gcry_mpi_ec_get_affine (x, y, point, ctx)) goto leave; xxx = mpi_new (0); /* y^2 == x^3 + a·x + b */ ec_pow2 (y, y, ctx); ec_pow3 (xxx, x, ctx); ec_mulm (w, ctx->a, x, ctx); ec_addm (w, w, ctx->b, ctx); ec_addm (w, w, xxx, ctx); if (!mpi_cmp (y, w)) res = 1; _gcry_mpi_release (xxx); } break; case MPI_EC_MONTGOMERY: { #define xx y /* With Montgomery curve, only X-coordinate is valid. */ if (_gcry_mpi_ec_get_affine (x, NULL, point, ctx)) goto leave; /* The equation is: b * y^2 == x^3 + a · x^2 + x */ /* We check if right hand is quadratic residue or not by Euler's criterion. */ /* CTX->A has (a-2)/4 and CTX->B has b^-1 */ ec_mulm (w, ctx->a, mpi_const (MPI_C_FOUR), ctx); ec_addm (w, w, mpi_const (MPI_C_TWO), ctx); ec_mulm (w, w, x, ctx); ec_pow2 (xx, x, ctx); ec_addm (w, w, xx, ctx); ec_addm (w, w, mpi_const (MPI_C_ONE), ctx); ec_mulm (w, w, x, ctx); ec_mulm (w, w, ctx->b, ctx); #undef xx /* Compute Euler's criterion: w^(p-1)/2 */ #define p_minus1 y ec_subm (p_minus1, ctx->p, mpi_const (MPI_C_ONE), ctx); mpi_rshift (p_minus1, p_minus1, 1); ec_powm (w, w, p_minus1, ctx); res = !mpi_cmp_ui (w, 1); #undef p_minus1 } break; case MPI_EC_EDWARDS: { if (_gcry_mpi_ec_get_affine (x, y, point, ctx)) goto leave; mpi_resize (w, ctx->p->nlimbs); w->nlimbs = ctx->p->nlimbs; /* a · x^2 + y^2 - 1 - b · x^2 · y^2 == 0 */ ctx->pow2 (x, x, ctx); ctx->pow2 (y, y, ctx); if (ctx->dialect == ECC_DIALECT_ED25519) ctx->subm (w, ctx->p, x, ctx); else ctx->mulm (w, ctx->a, x, ctx); ctx->addm (w, w, y, ctx); ctx->mulm (x, x, y, ctx); ctx->mulm (x, x, ctx->b, ctx); ctx->subm (w, w, x, ctx); if (!mpi_cmp_ui (w, 1)) res = 1; } break; } leave: _gcry_mpi_release (w); _gcry_mpi_release (x); _gcry_mpi_release (y); return res; } int _gcry_mpi_ec_bad_point (gcry_mpi_point_t point, mpi_ec_t ctx) { int i; gcry_mpi_t x_bad; for (i = 0; (x_bad = ctx->t.scratch[i]); i++) if (!mpi_cmp (point->x, x_bad)) return 1; return 0; } diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index 086953d7..858b92ce 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -1,534 +1,536 @@ /* gcrypt-int.h - Internal version of gcrypt.h * Copyright (C) 2013 g10 Code GmbH * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ #ifndef GCRY_GCRYPT_INT_H #define GCRY_GCRYPT_INT_H #ifdef _GCRYPT_H #error gcrypt.h already included #endif #include "gcrypt.h" #include "types.h" /* These error codes are used but not defined in the required * libgpg-error N.MM. Define them here. [None right now.] */ /* Context used with elliptic curve functions. */ struct mpi_ec_ctx_s; typedef struct mpi_ec_ctx_s *mpi_ec_t; /* Underscore prefixed internal versions of the public functions. They return gpg_err_code_t and not gpg_error_t. Some macros also need an underscore prefixed internal version. Note that the memory allocation functions and macros (xmalloc etc.) are not defined here but in g10lib.h because this file here is included by some test programs which define theie own xmalloc macros. */ gpg_err_code_t _gcry_cipher_open (gcry_cipher_hd_t *handle, int algo, int mode, unsigned int flags); void _gcry_cipher_close (gcry_cipher_hd_t h); gpg_err_code_t _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen); gpg_err_code_t _gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer, size_t *nbytes); gpg_err_code_t _gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes); const char *_gcry_cipher_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE; int _gcry_cipher_map_name (const char *name) _GCRY_GCC_ATTR_PURE; int _gcry_cipher_mode_from_oid (const char *string) _GCRY_GCC_ATTR_PURE; gpg_err_code_t _gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize, const void *in, size_t inlen); gpg_err_code_t _gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize, const void *in, size_t inlen); gcry_err_code_t _gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen); gcry_err_code_t _gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen); gpg_err_code_t _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen); gpg_err_code_t _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen); gpg_err_code_t _gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen); gpg_err_code_t _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen); gpg_err_code_t _gcry_cipher_getctr (gcry_cipher_hd_t hd, void *ctr, size_t ctrlen); size_t _gcry_cipher_get_algo_keylen (int algo); size_t _gcry_cipher_get_algo_blklen (int algo); #define _gcry_cipher_reset(h) _gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0) gpg_err_code_t _gcry_pk_encrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t pkey); gpg_err_code_t _gcry_pk_decrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey); gpg_err_code_t _gcry_pk_sign (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey); gpg_err_code_t _gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey); gpg_err_code_t _gcry_pk_testkey (gcry_sexp_t key); gpg_err_code_t _gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms); gpg_err_code_t _gcry_pk_ctl (int cmd, void *buffer, size_t buflen); gpg_err_code_t _gcry_pk_algo_info (int algo, int what, void *buffer, size_t *nbytes); const char *_gcry_pk_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE; int _gcry_pk_map_name (const char* name) _GCRY_GCC_ATTR_PURE; unsigned int _gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE; unsigned char *_gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array); const char *_gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits); gcry_sexp_t _gcry_pk_get_param (int algo, const char *name); gpg_err_code_t _gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx); unsigned int _gcry_ecc_get_algo_keylen (int algo); gpg_error_t _gcry_ecc_mul_point (int algo, unsigned char *result, const unsigned char *scalar, const unsigned char *point); gpg_err_code_t _gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags); void _gcry_md_close (gcry_md_hd_t hd); gpg_err_code_t _gcry_md_enable (gcry_md_hd_t hd, int algo); gpg_err_code_t _gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd); void _gcry_md_reset (gcry_md_hd_t hd); gpg_err_code_t _gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen); void _gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length); unsigned char *_gcry_md_read (gcry_md_hd_t hd, int algo); gpg_err_code_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length); void _gcry_md_hash_buffer (int algo, void *digest, const void *buffer, size_t length); gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, const gcry_buffer_t *iov, int iovcnt); int _gcry_md_get_algo (gcry_md_hd_t hd); unsigned int _gcry_md_get_algo_dlen (int algo); int _gcry_md_is_enabled (gcry_md_hd_t a, int algo); int _gcry_md_is_secure (gcry_md_hd_t a); gpg_err_code_t _gcry_md_info (gcry_md_hd_t h, int what, void *buffer, size_t *nbytes); gpg_err_code_t _gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes); const char *_gcry_md_algo_name (int algo) _GCRY_GCC_ATTR_PURE; int _gcry_md_map_name (const char* name) _GCRY_GCC_ATTR_PURE; gpg_err_code_t _gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen); void _gcry_md_debug (gcry_md_hd_t hd, const char *suffix); #define _gcry_md_test_algo(a) \ _gcry_md_algo_info ((a), GCRYCTL_TEST_ALGO, NULL, NULL) #define _gcry_md_final(a) \ _gcry_md_ctl ((a), GCRYCTL_FINALIZE, NULL, 0) #define _gcry_md_putc(h,c) \ do { \ gcry_md_hd_t h__ = (h); \ if( (h__)->bufpos == (h__)->bufsize ) \ _gcry_md_write( (h__), NULL, 0 ); \ (h__)->buf[(h__)->bufpos++] = (c) & 0xff; \ } while(0) gpg_err_code_t _gcry_mac_open (gcry_mac_hd_t *handle, int algo, unsigned int flags, gcry_ctx_t ctx); void _gcry_mac_close (gcry_mac_hd_t h); gpg_err_code_t _gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer, size_t buflen); gpg_err_code_t _gcry_mac_algo_info (int algo, int what, void *buffer, size_t *nbytes); gpg_err_code_t _gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen); gpg_err_code_t _gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen); gpg_err_code_t _gcry_mac_write (gcry_mac_hd_t hd, const void *buffer, size_t length); gpg_err_code_t _gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen); gpg_err_code_t _gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer, size_t buflen); int _gcry_mac_get_algo (gcry_mac_hd_t hd); unsigned int _gcry_mac_get_algo_maclen (int algo); unsigned int _gcry_mac_get_algo_keylen (int algo); const char *_gcry_mac_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE; int _gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE; #define _gcry_mac_reset(h) _gcry_mac_ctl ((h), GCRYCTL_RESET, NULL, 0) gpg_err_code_t _gcry_kdf_derive (const void *passphrase, size_t passphraselen, int algo, int subalgo, const void *salt, size_t saltlen, unsigned long iterations, size_t keysize, void *keybuffer); gpg_err_code_t _gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits, unsigned int factor_bits, gcry_mpi_t **factors, gcry_prime_check_func_t cb_func, void *cb_arg, gcry_random_level_t random_level, unsigned int flags); gpg_err_code_t _gcry_prime_group_generator (gcry_mpi_t *r_g, gcry_mpi_t prime, gcry_mpi_t *factors, gcry_mpi_t start_g); void _gcry_prime_release_factors (gcry_mpi_t *factors); gpg_err_code_t _gcry_prime_check (gcry_mpi_t x, unsigned int flags); void _gcry_randomize (void *buffer, size_t length, enum gcry_random_level level); gpg_err_code_t _gcry_random_add_bytes (const void *buffer, size_t length, int quality); void *_gcry_random_bytes (size_t nbytes, enum gcry_random_level level) _GCRY_GCC_ATTR_MALLOC; void *_gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level) _GCRY_GCC_ATTR_MALLOC; void _gcry_mpi_randomize (gcry_mpi_t w, unsigned int nbits, enum gcry_random_level level); void _gcry_create_nonce (void *buffer, size_t length); void _gcry_ctx_release (gcry_ctx_t ctx); const char *_gcry_check_version (const char *req_version); void _gcry_set_allocation_handler (gcry_handler_alloc_t func_alloc, gcry_handler_alloc_t func_alloc_secure, gcry_handler_secure_check_t func_secure_check, gcry_handler_realloc_t func_realloc, gcry_handler_free_t func_free); void _gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque); void _gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque); void _gcry_set_log_handler (gcry_handler_log_t f, void *opaque); void _gcry_set_gettext_handler (const char *(*f)(const char*)); void _gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data); /* Return a pointer to a string containing a description of the error code in the error value ERR. */ static inline const char * _gcry_strerror (gcry_error_t err) { return gpg_strerror (err); } /* Return a pointer to a string containing a description of the error source in the error value ERR. */ static inline const char * _gcry_strsource (gcry_error_t err) { return gpg_strsource (err); } /* Retrieve the error code for the system error ERR. This returns GPG_ERR_UNKNOWN_ERRNO if the system error is not mapped (report this). */ static inline gcry_err_code_t _gcry_err_code_from_errno (int err) { return gpg_err_code_from_errno (err); } /* Retrieve the system error for the error code CODE. This returns 0 if CODE is not a system error code. */ static inline int _gcry_err_code_to_errno (gcry_err_code_t code) { return gpg_err_code_from_errno (code); } /* Return an error value with the error source SOURCE and the system error ERR. */ static inline gcry_error_t _gcry_err_make_from_errno (gpg_err_source_t source, int err) { return gpg_err_make_from_errno (source, err); } /* Return an error value with the system error ERR. */ static inline gcry_error_t _gcry_error_from_errno (int err) { return gpg_error (gpg_err_code_from_errno (err)); } gpg_err_code_t _gcry_sexp_new (gcry_sexp_t *retsexp, const void *buffer, size_t length, int autodetect); gpg_err_code_t _gcry_sexp_create (gcry_sexp_t *retsexp, void *buffer, size_t length, int autodetect, void (*freefnc) (void *)); gpg_err_code_t _gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length); gpg_err_code_t _gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, const char *format, ...); gpg_err_code_t _gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff, const char *format, void **arg_list); void _gcry_sexp_release (gcry_sexp_t sexp); size_t _gcry_sexp_canon_len (const unsigned char *buffer, size_t length, size_t *erroff, gcry_err_code_t *errcode); size_t _gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer, size_t maxlength); void _gcry_sexp_dump (const gcry_sexp_t a); gcry_sexp_t _gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b); gcry_sexp_t _gcry_sexp_alist (const gcry_sexp_t *array); gcry_sexp_t _gcry_sexp_vlist (const gcry_sexp_t a, ...); gcry_sexp_t _gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n); gcry_sexp_t _gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n); gcry_sexp_t _gcry_sexp_find_token (gcry_sexp_t list, const char *tok, size_t toklen); int _gcry_sexp_length (const gcry_sexp_t list); gcry_sexp_t _gcry_sexp_nth (const gcry_sexp_t list, int number); gcry_sexp_t _gcry_sexp_car (const gcry_sexp_t list); gcry_sexp_t _gcry_sexp_cdr (const gcry_sexp_t list); gcry_sexp_t _gcry_sexp_cadr (const gcry_sexp_t list); const char *_gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen); void *_gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength); char *_gcry_sexp_nth_string (gcry_sexp_t list, int number); gcry_mpi_t _gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt); gpg_err_code_t _gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path, const char *list, ...) _GCRY_GCC_ATTR_SENTINEL(0); #define sexp_new(a, b, c, d) _gcry_sexp_new ((a), (b), (c), (d)) #define sexp_create(a, b, c, d, e) _gcry_sexp_create ((a), (b), (c), (d), (e)) #define sexp_sscan(a, b, c, d) _gcry_sexp_sscan ((a), (b), (c), (d)) #define sexp_build _gcry_sexp_build #define sexp_build_array(a, b, c, d) _gcry_sexp_build_array ((a), (b), (c), (d)) #define sexp_release(a) _gcry_sexp_release ((a)) #define sexp_canon_len(a, b, c, d) _gcry_sexp_canon_len ((a), (b), (c), (d)) #define sexp_sprint(a, b, c, d) _gcry_sexp_sprint ((a), (b), (c), (d)) #define sexp_dump(a) _gcry_sexp_dump ((a)) #define sexp_cons(a, b) _gcry_sexp_cons ((a), (b)) #define sexp_alist(a) _gcry_sexp_alist ((a)) #define sexp_vlist _gcry_sexp_vlist #define sexp_append(a, b) _gcry_sexp_append ((a), (b)) #define sexp_prepend(a, b) _gcry_sexp_prepend ((a), (b)) #define sexp_find_token(a, b, c) _gcry_sexp_find_token ((a), (b), (c)) #define sexp_length(a) _gcry_sexp_length ((a)) #define sexp_nth(a, b) _gcry_sexp_nth ((a), (b)) #define sexp_car(a) _gcry_sexp_car ((a)) #define sexp_cdr(a) _gcry_sexp_cdr ((a)) #define sexp_cadr(a) _gcry_sexp_cadr ((a)) #define sexp_nth_data(a, b, c) _gcry_sexp_nth_data ((a), (b), (c)) #define sexp_nth_buffer(a, b, c) _gcry_sexp_nth_buffer ((a), (b), (c)) #define sexp_nth_string(a, b) _gcry_sexp_nth_string ((a), (b)) #define sexp_nth_mpi(a, b, c) _gcry_sexp_nth_mpi ((a), (b), (c)) #define sexp_extract_param _gcry_sexp_extract_param gcry_mpi_t _gcry_mpi_new (unsigned int nbits); gcry_mpi_t _gcry_mpi_snew (unsigned int nbits); void _gcry_mpi_release (gcry_mpi_t a); gcry_mpi_t _gcry_mpi_copy (const gcry_mpi_t a); void _gcry_mpi_snatch (gcry_mpi_t w, gcry_mpi_t u); gcry_mpi_t _gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u); gcry_mpi_t _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u); gcry_err_code_t _gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u); void _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b); int _gcry_mpi_is_neg (gcry_mpi_t a); void _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u); void _gcry_mpi_abs (gcry_mpi_t w); int _gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v); int _gcry_mpi_cmpabs (const gcry_mpi_t u, const gcry_mpi_t v); int _gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v); gpg_err_code_t _gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format, const void *buffer, size_t buflen, size_t *nscanned); gpg_err_code_t _gcry_mpi_print (enum gcry_mpi_format format, unsigned char *buffer, size_t buflen, size_t *nwritten, const gcry_mpi_t a); gpg_err_code_t _gcry_mpi_aprint (enum gcry_mpi_format format, unsigned char **buffer, size_t *nwritten, const gcry_mpi_t a); void _gcry_mpi_dump (const gcry_mpi_t a); void _gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v); void _gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v); void _gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m); void _gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v); void _gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v ); void _gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m); void _gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v); void _gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v ); void _gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m); void _gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt); void _gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor, int round); void _gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor); void _gcry_mpi_powm (gcry_mpi_t w, const gcry_mpi_t b, const gcry_mpi_t e, const gcry_mpi_t m); int _gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b); int _gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m); gcry_mpi_point_t _gcry_mpi_point_new (unsigned int nbits); void _gcry_mpi_point_release (gcry_mpi_point_t point); gcry_mpi_point_t _gcry_mpi_point_copy (gcry_mpi_point_t point); void _gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z, gcry_mpi_point_t point); void _gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z, gcry_mpi_point_t point); gcry_mpi_point_t _gcry_mpi_point_set (gcry_mpi_point_t point, gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z); gcry_mpi_point_t _gcry_mpi_point_snatch_set (gcry_mpi_point_t point, gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z); gcry_mpi_t _gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy); gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name, gcry_ctx_t ctx, int copy); int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point, mpi_ec_t ctx); +void _gcry_mpi_ec_point_resize (gcry_mpi_point_t p, mpi_ec_t ctx); void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx); void _gcry_mpi_ec_add (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx); void _gcry_mpi_ec_sub (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx); void _gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u, mpi_ec_t ctx); int _gcry_mpi_ec_curve_point (gcry_mpi_point_t w, mpi_ec_t ctx); unsigned int _gcry_mpi_get_nbits (gcry_mpi_t a); int _gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n); void _gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n); void _gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n); void _gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n); void _gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n); void _gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n); void _gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n); gcry_mpi_t _gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits); gcry_mpi_t _gcry_mpi_set_opaque_copy (gcry_mpi_t a, const void *p, unsigned int nbits); void *_gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits); void _gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); void _gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); int _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag); /* Private function - do not use. */ /* gcry_mpi_t _gcry_mpi_get_const (int no); */ /* We need our internal versions of the macros. */ #ifndef GCRYPT_NO_MPI_MACROS # error GCRYPT_NO_MPI_MACROS is not defined #endif #define mpi_new(n) _gcry_mpi_new ((n)) #define mpi_secure_new( n ) _gcry_mpi_snew ((n)) #define mpi_snew(n) _gcry_mpi_snew ((n)) #define mpi_release(a) \ do \ { \ _gcry_mpi_release ((a));\ (a) = NULL; \ } \ while (0) #define mpi_snatch( w, u) _gcry_mpi_snatch( (w), (u) ) #define mpi_set( w, u) _gcry_mpi_set( (w), (u) ) #define mpi_set_ui( w, u) _gcry_mpi_set_ui( (w), (u) ) #define mpi_get_ui(w,u) _gcry_mpi_get_ui( (w), (u) ) #define mpi_swap(a,b) _gcry_mpi_swap ((a),(b)) #define mpi_abs( w ) _gcry_mpi_abs( (w) ) #define mpi_neg( w, u) _gcry_mpi_neg( (w), (u) ) #define mpi_cmp( u, v ) _gcry_mpi_cmp( (u), (v) ) #define mpi_cmpabs( u, v ) _gcry_mpi_cmpabs( (u), (v) ) #define mpi_cmp_ui( u, v ) _gcry_mpi_cmp_ui( (u), (v) ) #define mpi_is_neg( a ) _gcry_mpi_is_neg ((a)) #define mpi_add_ui(w,u,v) _gcry_mpi_add_ui((w),(u),(v)) #define mpi_add(w,u,v) _gcry_mpi_add ((w),(u),(v)) #define mpi_addm(w,u,v,m) _gcry_mpi_addm ((w),(u),(v),(m)) #define mpi_sub_ui(w,u,v) _gcry_mpi_sub_ui ((w),(u),(v)) #define mpi_sub(w,u,v) _gcry_mpi_sub ((w),(u),(v)) #define mpi_subm(w,u,v,m) _gcry_mpi_subm ((w),(u),(v),(m)) #define mpi_mul_ui(w,u,v) _gcry_mpi_mul_ui ((w),(u),(v)) #define mpi_mul_2exp(w,u,v) _gcry_mpi_mul_2exp ((w),(u),(v)) #define mpi_mul(w,u,v) _gcry_mpi_mul ((w),(u),(v)) #define mpi_mulm(w,u,v,m) _gcry_mpi_mulm ((w),(u),(v),(m)) #define mpi_powm(w,b,e,m) _gcry_mpi_powm ( (w), (b), (e), (m) ) #define mpi_tdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), 0) #define mpi_fdiv(q,r,a,m) _gcry_mpi_div ( (q), (r), (a), (m), -1) #define mpi_mod(r,a,m) _gcry_mpi_mod ((r), (a), (m)) #define mpi_gcd(g,a,b) _gcry_mpi_gcd ( (g), (a), (b) ) #define mpi_invm(g,a,b) _gcry_mpi_invm ( (g), (a), (b) ) #define mpi_point_new(n) _gcry_mpi_point_new((n)) #define mpi_point_release(p) \ do \ { \ _gcry_mpi_point_release ((p)); \ (p) = NULL; \ } \ while (0) #define mpi_point_copy(p) _gcry_mpi_point_copy((p)) #define mpi_point_get(x,y,z,p) _gcry_mpi_point_get((x),(y),(z),(p)) #define mpi_point_snatch_get(x,y,z,p) _gcry_mpi_point_snatch_get((x),(y), \ (z),(p)) #define mpi_point_set(p,x,y,z) _gcry_mpi_point_set((p),(x),(y),(z)) #define mpi_point_snatch_set(p,x,y,z) _gcry_mpi_point_snatch_set((p),(x), \ (y),(z)) +#define mpi_point_resize(p,ctx) _gcry_mpi_ec_point_resize (p, ctx) #define mpi_get_nbits(a) _gcry_mpi_get_nbits ((a)) #define mpi_test_bit(a,b) _gcry_mpi_test_bit ((a),(b)) #define mpi_set_bit(a,b) _gcry_mpi_set_bit ((a),(b)) #define mpi_set_highbit(a,b) _gcry_mpi_set_highbit ((a),(b)) #define mpi_clear_bit(a,b) _gcry_mpi_clear_bit ((a),(b)) #define mpi_clear_highbit(a,b) _gcry_mpi_clear_highbit ((a),(b)) #define mpi_rshift(a,b,c) _gcry_mpi_rshift ((a),(b),(c)) #define mpi_lshift(a,b,c) _gcry_mpi_lshift ((a),(b),(c)) #define mpi_set_opaque(a,b,c) _gcry_mpi_set_opaque ((a), (b), (c)) #define mpi_get_opaque(a,b) _gcry_mpi_get_opaque ((a), (b)) #define mpi_set_flag(a,f) _gcry_mpi_set_flag ((a), (f)) #define mpi_set_flag(a,f) _gcry_mpi_set_flag ((a), (f)) #define mpi_clear_flag(a,f) _gcry_mpi_clear_flag ((a), (f)) #define mpi_get_flag(a,f) _gcry_mpi_get_flag ((a), (f)) #endif /*GCRY_GCRYPT_INT_H*/ diff --git a/src/visibility.c b/src/visibility.c index 8cda962c..b94b1fe9 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1,1599 +1,1624 @@ /* visibility.c - Wrapper for all public functions. * Copyright (C) 2007, 2008, 2011 Free Software Foundation, Inc. * Copyright (C) 2013 g10 Code GmbH * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . */ #include #include #define _GCRY_INCLUDED_BY_VISIBILITY_C #include "g10lib.h" #include "cipher-proto.h" #include "context.h" #include "mpi.h" +#include "ec-context.h" const char * gcry_strerror (gcry_error_t err) { return _gcry_strerror (err); } const char * gcry_strsource (gcry_error_t err) { return _gcry_strsource (err); } gcry_err_code_t gcry_err_code_from_errno (int err) { return _gcry_err_code_from_errno (err); } int gcry_err_code_to_errno (gcry_err_code_t code) { return _gcry_err_code_to_errno (code); } gcry_error_t gcry_err_make_from_errno (gcry_err_source_t source, int err) { return _gcry_err_make_from_errno (source, err); } gcry_error_t gcry_error_from_errno (int err) { return _gcry_error_from_errno (err); } const char * gcry_check_version (const char *req_version) { return _gcry_check_version (req_version); } gcry_error_t gcry_control (enum gcry_ctl_cmds cmd, ...) { gcry_error_t err; va_list arg_ptr; va_start (arg_ptr, cmd); err = gpg_error (_gcry_vcontrol (cmd, arg_ptr)); va_end(arg_ptr); return err; } gcry_error_t gcry_sexp_new (gcry_sexp_t *retsexp, const void *buffer, size_t length, int autodetect) { return gpg_error (_gcry_sexp_new (retsexp, buffer, length, autodetect)); } gcry_error_t gcry_sexp_create (gcry_sexp_t *retsexp, void *buffer, size_t length, int autodetect, void (*freefnc) (void *)) { return gpg_error (_gcry_sexp_create (retsexp, buffer, length, autodetect, freefnc)); } gcry_error_t gcry_sexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, const char *buffer, size_t length) { return gpg_error (_gcry_sexp_sscan (retsexp, erroff, buffer, length)); } gcry_error_t gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff, const char *format, ...) { gcry_err_code_t rc; va_list arg_ptr; va_start (arg_ptr, format); rc = _gcry_sexp_vbuild (retsexp, erroff, format, arg_ptr); va_end (arg_ptr); return gpg_error (rc); } gcry_error_t gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff, const char *format, void **arg_list) { return gpg_error (_gcry_sexp_build_array (retsexp, erroff, format, arg_list)); } void gcry_sexp_release (gcry_sexp_t sexp) { _gcry_sexp_release (sexp); } size_t gcry_sexp_canon_len (const unsigned char *buffer, size_t length, size_t *erroff, gcry_error_t *errcode) { size_t n; gpg_err_code_t rc; n = _gcry_sexp_canon_len (buffer, length, erroff, &rc); if (errcode) *errcode = gpg_error (rc); return n; } size_t gcry_sexp_sprint (gcry_sexp_t sexp, int mode, void *buffer, size_t maxlength) { return _gcry_sexp_sprint (sexp, mode, buffer, maxlength); } void gcry_sexp_dump (const gcry_sexp_t a) { _gcry_sexp_dump (a); } gcry_sexp_t gcry_sexp_cons (const gcry_sexp_t a, const gcry_sexp_t b) { return _gcry_sexp_cons (a, b); } gcry_sexp_t gcry_sexp_alist (const gcry_sexp_t *array) { return _gcry_sexp_alist (array); } gcry_sexp_t gcry_sexp_vlist (const gcry_sexp_t a, ...) { /* This is not yet implemented in sexp.c. */ (void)a; BUG (); return NULL; } gcry_sexp_t gcry_sexp_append (const gcry_sexp_t a, const gcry_sexp_t n) { return _gcry_sexp_append (a, n); } gcry_sexp_t gcry_sexp_prepend (const gcry_sexp_t a, const gcry_sexp_t n) { return _gcry_sexp_prepend (a, n); } gcry_sexp_t gcry_sexp_find_token (gcry_sexp_t list, const char *tok, size_t toklen) { return _gcry_sexp_find_token (list, tok, toklen); } int gcry_sexp_length (const gcry_sexp_t list) { return _gcry_sexp_length (list); } gcry_sexp_t gcry_sexp_nth (const gcry_sexp_t list, int number) { return _gcry_sexp_nth (list, number); } gcry_sexp_t gcry_sexp_car (const gcry_sexp_t list) { return _gcry_sexp_car (list); } gcry_sexp_t gcry_sexp_cdr (const gcry_sexp_t list) { return _gcry_sexp_cdr (list); } gcry_sexp_t gcry_sexp_cadr (const gcry_sexp_t list) { return _gcry_sexp_cadr (list); } const char * gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen) { return _gcry_sexp_nth_data (list, number, datalen); } void * gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength) { return _gcry_sexp_nth_buffer (list, number, rlength); } char * gcry_sexp_nth_string (gcry_sexp_t list, int number) { return _gcry_sexp_nth_string (list, number); } gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt) { return _gcry_sexp_nth_mpi (list, number, mpifmt); } gpg_error_t gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path, const char *list, ...) { gcry_err_code_t rc; va_list arg_ptr; va_start (arg_ptr, list); rc = _gcry_sexp_vextract_param (sexp, path, list, arg_ptr); va_end (arg_ptr); return gpg_error (rc); } gcry_mpi_t gcry_mpi_new (unsigned int nbits) { return _gcry_mpi_new (nbits); } gcry_mpi_t gcry_mpi_snew (unsigned int nbits) { return _gcry_mpi_snew (nbits); } void gcry_mpi_release (gcry_mpi_t a) { _gcry_mpi_release (a); } gcry_mpi_t gcry_mpi_copy (const gcry_mpi_t a) { return _gcry_mpi_copy (a); } void gcry_mpi_snatch (gcry_mpi_t w, const gcry_mpi_t u) { _gcry_mpi_snatch (w, u); } gcry_mpi_t gcry_mpi_set (gcry_mpi_t w, const gcry_mpi_t u) { return _gcry_mpi_set (w, u); } gcry_mpi_t gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u) { return _gcry_mpi_set_ui (w, u); } gcry_error_t gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u) { return gpg_error (_gcry_mpi_get_ui (w, u)); } void gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b) { _gcry_mpi_swap (a, b); } int gcry_mpi_is_neg (gcry_mpi_t a) { return _gcry_mpi_is_neg (a); } void gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u) { _gcry_mpi_neg (w, u); } void gcry_mpi_abs (gcry_mpi_t w) { _gcry_mpi_abs (w); } int gcry_mpi_cmp (const gcry_mpi_t u, const gcry_mpi_t v) { return _gcry_mpi_cmp (u, v); } int gcry_mpi_cmp_ui (const gcry_mpi_t u, unsigned long v) { return _gcry_mpi_cmp_ui (u, v); } gcry_error_t gcry_mpi_scan (gcry_mpi_t *ret_mpi, enum gcry_mpi_format format, const void *buffer, size_t buflen, size_t *nscanned) { return gpg_error (_gcry_mpi_scan (ret_mpi, format, buffer, buflen, nscanned)); } gcry_error_t gcry_mpi_print (enum gcry_mpi_format format, unsigned char *buffer, size_t buflen, size_t *nwritten, const gcry_mpi_t a) { return gpg_error (_gcry_mpi_print (format, buffer, buflen, nwritten, a)); } gcry_error_t gcry_mpi_aprint (enum gcry_mpi_format format, unsigned char **buffer, size_t *nwritten, const gcry_mpi_t a) { return gpg_error (_gcry_mpi_aprint (format, buffer, nwritten, a)); } void gcry_mpi_dump (const gcry_mpi_t a) { _gcry_log_printmpi (NULL, a); } void gcry_mpi_add (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) { _gcry_mpi_add (w, u, v); } void gcry_mpi_add_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v) { _gcry_mpi_add_ui (w, u, v); } void gcry_mpi_addm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m) { _gcry_mpi_addm (w, u, v, m); } void gcry_mpi_sub (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) { _gcry_mpi_sub (w, u, v); } void gcry_mpi_sub_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v ) { _gcry_mpi_sub_ui (w, u, v); } void gcry_mpi_subm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m) { _gcry_mpi_subm (w, u, v, m); } void gcry_mpi_mul (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v) { _gcry_mpi_mul (w, u, v); } void gcry_mpi_mul_ui (gcry_mpi_t w, gcry_mpi_t u, unsigned long v ) { _gcry_mpi_mul_ui (w, u, v); } void gcry_mpi_mulm (gcry_mpi_t w, gcry_mpi_t u, gcry_mpi_t v, gcry_mpi_t m) { _gcry_mpi_mulm (w, u, v, m); } void gcry_mpi_mul_2exp (gcry_mpi_t w, gcry_mpi_t u, unsigned long cnt) { _gcry_mpi_mul_2exp (w, u, cnt); } void gcry_mpi_div (gcry_mpi_t q, gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor, int round) { _gcry_mpi_div (q, r, dividend, divisor, round); } void gcry_mpi_mod (gcry_mpi_t r, gcry_mpi_t dividend, gcry_mpi_t divisor) { _gcry_mpi_mod (r, dividend, divisor); } void gcry_mpi_powm (gcry_mpi_t w, const gcry_mpi_t b, const gcry_mpi_t e, const gcry_mpi_t m) { _gcry_mpi_powm (w, b, e, m); } int gcry_mpi_gcd (gcry_mpi_t g, gcry_mpi_t a, gcry_mpi_t b) { return _gcry_mpi_gcd (g, a, b); } int gcry_mpi_invm (gcry_mpi_t x, gcry_mpi_t a, gcry_mpi_t m) { return _gcry_mpi_invm (x, a, m); } gcry_mpi_point_t gcry_mpi_point_new (unsigned int nbits) { return _gcry_mpi_point_new (nbits); } void gcry_mpi_point_release (gcry_mpi_point_t point) { _gcry_mpi_point_release (point); } gcry_mpi_point_t gcry_mpi_point_copy (gcry_mpi_point_t point) { return _gcry_mpi_point_copy (point); } void gcry_mpi_point_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z, gcry_mpi_point_t point) { _gcry_mpi_point_get (x, y, z, point); } void gcry_mpi_point_snatch_get (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z, gcry_mpi_point_t point) { _gcry_mpi_point_snatch_get (x, y, z, point); } gcry_mpi_point_t gcry_mpi_point_set (gcry_mpi_point_t point, gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z) { return _gcry_mpi_point_set (point, x, y, z); } gcry_mpi_point_t gcry_mpi_point_snatch_set (gcry_mpi_point_t point, gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z) { return _gcry_mpi_point_snatch_set (point, x, y, z); } gpg_error_t gcry_mpi_ec_new (gcry_ctx_t *r_ctx, gcry_sexp_t keyparam, const char *curvename) { return gpg_error (_gcry_mpi_ec_new (r_ctx, keyparam, curvename)); } gcry_mpi_t gcry_mpi_ec_get_mpi (const char *name, gcry_ctx_t ctx, int copy) { return _gcry_mpi_ec_get_mpi (name, ctx, copy); } gcry_mpi_point_t gcry_mpi_ec_get_point (const char *name, gcry_ctx_t ctx, int copy) { return _gcry_mpi_ec_get_point (name, ctx, copy); } gpg_error_t gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue, gcry_ctx_t ctx) { return gpg_error (_gcry_mpi_ec_set_mpi (name, newvalue, ctx)); } gpg_error_t gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue, gcry_ctx_t ctx) { return gpg_error (_gcry_mpi_ec_set_point (name, newvalue, ctx)); } gpg_error_t gcry_mpi_ec_decode_point (gcry_mpi_point_t result, gcry_mpi_t value, gcry_ctx_t ctx) { return gpg_error (_gcry_mpi_ec_decode_point (result, value, ctx? _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC) : NULL)); } int gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point, gcry_ctx_t ctx) { return _gcry_mpi_ec_get_affine (x, y, point, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC)); } void gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx) { - _gcry_mpi_ec_dup_point (w, u, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC)); + mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); + + if (ec->model == MPI_EC_EDWARDS || ec->model == MPI_EC_MONTGOMERY) + { + mpi_point_resize (w, ec); + mpi_point_resize (u, ec); + } + + _gcry_mpi_ec_dup_point (w, u, ec); } void gcry_mpi_ec_add (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx) { - _gcry_mpi_ec_add_points (w, u, v, - _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC)); + mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); + + if (ec->model == MPI_EC_EDWARDS || ec->model == MPI_EC_MONTGOMERY) + { + mpi_point_resize (w, ec); + mpi_point_resize (u, ec); + mpi_point_resize (v, ec); + } + + _gcry_mpi_ec_add_points (w, u, v, ec); } void gcry_mpi_ec_sub (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx) { - _gcry_mpi_ec_sub_points (w, u, v, - _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC)); + mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC); + + if (ec->model == MPI_EC_EDWARDS || ec->model == MPI_EC_MONTGOMERY) + { + mpi_point_resize (w, ec); + mpi_point_resize (u, ec); + mpi_point_resize (v, ec); + } + + _gcry_mpi_ec_sub_points (w, u, v, ec); } void gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u, gcry_ctx_t ctx) { _gcry_mpi_ec_mul_point (w, n, u, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC)); } int gcry_mpi_ec_curve_point (gcry_mpi_point_t point, gcry_ctx_t ctx) { return _gcry_mpi_ec_curve_point (point, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC)); } unsigned int gcry_mpi_get_nbits (gcry_mpi_t a) { return _gcry_mpi_get_nbits (a); } int gcry_mpi_test_bit (gcry_mpi_t a, unsigned int n) { return _gcry_mpi_test_bit (a, n); } void gcry_mpi_set_bit (gcry_mpi_t a, unsigned int n) { _gcry_mpi_set_bit (a, n); } void gcry_mpi_clear_bit (gcry_mpi_t a, unsigned int n) { _gcry_mpi_clear_bit (a, n); } void gcry_mpi_set_highbit (gcry_mpi_t a, unsigned int n) { _gcry_mpi_set_highbit (a, n); } void gcry_mpi_clear_highbit (gcry_mpi_t a, unsigned int n) { _gcry_mpi_clear_highbit (a, n); } void gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n) { _gcry_mpi_rshift (x, a, n); } void gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n) { _gcry_mpi_lshift (x, a, n); } gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits) { return _gcry_mpi_set_opaque (a, p, nbits); } gcry_mpi_t gcry_mpi_set_opaque_copy (gcry_mpi_t a, const void *p, unsigned int nbits) { return _gcry_mpi_set_opaque_copy (a, p, nbits); } void * gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits) { return _gcry_mpi_get_opaque (a, nbits); } void gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) { _gcry_mpi_set_flag (a, flag); } void gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) { _gcry_mpi_clear_flag (a, flag); } int gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) { return _gcry_mpi_get_flag (a, flag); } gcry_mpi_t _gcry_mpi_get_const (int no) { switch (no) { case 1: return _gcry_mpi_const (MPI_C_ONE); case 2: return _gcry_mpi_const (MPI_C_TWO); case 3: return _gcry_mpi_const (MPI_C_THREE); case 4: return _gcry_mpi_const (MPI_C_FOUR); case 8: return _gcry_mpi_const (MPI_C_EIGHT); default: log_bug("unsupported GCRYMPI_CONST_ macro used\n"); } } gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle, int algo, int mode, unsigned int flags) { if (!fips_is_operational ()) { *handle = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_cipher_open (handle, algo, mode, flags)); } void gcry_cipher_close (gcry_cipher_hd_t h) { _gcry_cipher_close (h); } gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gcry_error (_gcry_cipher_setkey (hd, key, keylen)); } gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gcry_error (_gcry_cipher_setiv (hd, iv, ivlen)); } gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gcry_error (_gcry_cipher_setctr (hd, ctr, ctrlen)); } gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_cipher_authenticate (hd, abuf, abuflen)); } gcry_error_t gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_cipher_gettag (hd, outtag, taglen)); } gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_cipher_checktag (hd, intag, taglen)); } gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_cipher_ctl (h, cmd, buffer, buflen)); } gcry_error_t gcry_cipher_info (gcry_cipher_hd_t h, int what, void *buffer, size_t *nbytes) { return gpg_error (_gcry_cipher_info (h, what, buffer, nbytes)); } gcry_error_t gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_cipher_algo_info (algo, what, buffer, nbytes)); } const char * gcry_cipher_algo_name (int algorithm) { return _gcry_cipher_algo_name (algorithm); } int gcry_cipher_map_name (const char *name) { return _gcry_cipher_map_name (name); } int gcry_cipher_mode_from_oid (const char *string) { return _gcry_cipher_mode_from_oid (string); } gcry_error_t gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize, const void *in, size_t inlen) { if (!fips_is_operational ()) { /* Make sure that the plaintext will never make it to OUT. */ if (out) memset (out, 0x42, outsize); return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_cipher_encrypt (h, out, outsize, in, inlen)); } gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize, const void *in, size_t inlen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_cipher_decrypt (h, out, outsize, in, inlen)); } size_t gcry_cipher_get_algo_keylen (int algo) { return _gcry_cipher_get_algo_keylen (algo); } size_t gcry_cipher_get_algo_blklen (int algo) { return _gcry_cipher_get_algo_blklen (algo); } gcry_error_t gcry_mac_algo_info (int algo, int what, void *buffer, size_t *nbytes) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_mac_algo_info (algo, what, buffer, nbytes)); } const char * gcry_mac_algo_name (int algorithm) { return _gcry_mac_algo_name (algorithm); } int gcry_mac_map_name (const char *string) { return _gcry_mac_map_name (string); } int gcry_mac_get_algo (gcry_mac_hd_t hd) { return _gcry_mac_get_algo (hd); } unsigned int gcry_mac_get_algo_maclen (int algo) { return _gcry_mac_get_algo_maclen (algo); } unsigned int gcry_mac_get_algo_keylen (int algo) { return _gcry_mac_get_algo_keylen (algo); } gcry_error_t gcry_mac_open (gcry_mac_hd_t *handle, int algo, unsigned int flags, gcry_ctx_t ctx) { if (!fips_is_operational ()) { *handle = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_mac_open (handle, algo, flags, ctx)); } void gcry_mac_close (gcry_mac_hd_t hd) { _gcry_mac_close (hd); } gcry_error_t gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, size_t keylen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_mac_setkey (hd, key, keylen)); } gcry_error_t gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv, size_t ivlen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_mac_setiv (hd, iv, ivlen)); } gcry_error_t gcry_mac_write (gcry_mac_hd_t hd, const void *buf, size_t buflen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_mac_write (hd, buf, buflen)); } gcry_error_t gcry_mac_read (gcry_mac_hd_t hd, void *outbuf, size_t *outlen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_mac_read (hd, outbuf, outlen)); } gcry_error_t gcry_mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_mac_verify (hd, buf, buflen)); } gcry_error_t gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer, size_t buflen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_mac_ctl (h, cmd, buffer, buflen)); } gcry_error_t gcry_pk_encrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t pkey) { if (!fips_is_operational ()) { *result = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_pk_encrypt (result, data, pkey)); } gcry_error_t gcry_pk_decrypt (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey) { if (!fips_is_operational ()) { *result = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_pk_decrypt (result, data, skey)); } gcry_error_t gcry_pk_sign (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey) { if (!fips_is_operational ()) { *result = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_pk_sign (result, data, skey)); } gcry_error_t gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_pk_verify (sigval, data, pkey)); } gcry_error_t gcry_pk_testkey (gcry_sexp_t key) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_pk_testkey (key)); } gcry_error_t gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) { if (!fips_is_operational ()) { *r_key = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_pk_genkey (r_key, s_parms)); } gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen) { return gpg_error (_gcry_pk_ctl (cmd, buffer, buflen)); } gcry_error_t gcry_pk_algo_info (int algo, int what, void *buffer, size_t *nbytes) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_pk_algo_info (algo, what, buffer, nbytes)); } const char * gcry_pk_algo_name (int algorithm) { return _gcry_pk_algo_name (algorithm); } int gcry_pk_map_name (const char *name) { return _gcry_pk_map_name (name); } unsigned int gcry_pk_get_nbits (gcry_sexp_t key) { if (!fips_is_operational ()) { (void)fips_not_operational (); return 0; } return _gcry_pk_get_nbits (key); } unsigned char * gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) { if (!fips_is_operational ()) { (void)fips_not_operational (); return NULL; } return _gcry_pk_get_keygrip (key, array); } const char * gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) { if (!fips_is_operational ()) { (void)fips_not_operational (); return NULL; } return _gcry_pk_get_curve (key, iterator, r_nbits); } gcry_sexp_t gcry_pk_get_param (int algo, const char *name) { if (!fips_is_operational ()) { (void)fips_not_operational (); return NULL; } return _gcry_pk_get_param (algo, name); } gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, int mode, gcry_ctx_t ctx) { if (!fips_is_operational ()) { *r_sexp = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_pubkey_get_sexp (r_sexp, mode, ctx)); } unsigned int gcry_ecc_get_algo_keylen (int curveid) { return _gcry_ecc_get_algo_keylen (curveid); } gpg_error_t gcry_ecc_mul_point (int curveid, unsigned char *result, const unsigned char *scalar, const unsigned char *point) { return _gcry_ecc_mul_point (curveid, result, scalar, point); } gcry_error_t gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags) { if (!fips_is_operational ()) { *h = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_md_open (h, algo, flags)); } void gcry_md_close (gcry_md_hd_t hd) { _gcry_md_close (hd); } gcry_error_t gcry_md_enable (gcry_md_hd_t hd, int algo) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_md_enable (hd, algo)); } gcry_error_t gcry_md_copy (gcry_md_hd_t *bhd, gcry_md_hd_t ahd) { if (!fips_is_operational ()) { *bhd = NULL; return gpg_error (fips_not_operational ()); } return gpg_error (_gcry_md_copy (bhd, ahd)); } void gcry_md_reset (gcry_md_hd_t hd) { _gcry_md_reset (hd); } gcry_error_t gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_md_ctl (hd, cmd, buffer, buflen)); } void gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length) { if (!fips_is_operational ()) { (void)fips_not_operational (); return; } _gcry_md_write (hd, buffer, length); } unsigned char * gcry_md_read (gcry_md_hd_t hd, int algo) { return _gcry_md_read (hd, algo); } gcry_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length) { return gpg_error (_gcry_md_extract(hd, algo, buffer, length)); } void gcry_md_hash_buffer (int algo, void *digest, const void *buffer, size_t length) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_error ("called in non-operational state"); } _gcry_md_hash_buffer (algo, digest, buffer, length); } gpg_error_t gcry_md_hash_buffers (int algo, unsigned int flags, void *digest, const gcry_buffer_t *iov, int iovcnt) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_error ("called in non-operational state"); } return gpg_error (_gcry_md_hash_buffers (algo, flags, digest, iov, iovcnt)); } int gcry_md_get_algo (gcry_md_hd_t hd) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_error ("used in non-operational state"); return 0; } return _gcry_md_get_algo (hd); } unsigned int gcry_md_get_algo_dlen (int algo) { return _gcry_md_get_algo_dlen (algo); } int gcry_md_is_enabled (gcry_md_hd_t a, int algo) { if (!fips_is_operational ()) { (void)fips_not_operational (); return 0; } return _gcry_md_is_enabled (a, algo); } int gcry_md_is_secure (gcry_md_hd_t a) { return _gcry_md_is_secure (a); } gcry_error_t gcry_md_info (gcry_md_hd_t h, int what, void *buffer, size_t *nbytes) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_md_info (h, what, buffer, nbytes)); } gcry_error_t gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes) { return gpg_error (_gcry_md_algo_info (algo, what, buffer, nbytes)); } const char * gcry_md_algo_name (int algo) { return _gcry_md_algo_name (algo); } int gcry_md_map_name (const char* name) { return _gcry_md_map_name (name); } gcry_error_t gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_md_setkey (hd, key, keylen)); } void gcry_md_debug (gcry_md_hd_t hd, const char *suffix) { _gcry_md_debug (hd, suffix); } gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen, int algo, int hashalgo, const void *salt, size_t saltlen, unsigned long iterations, size_t keysize, void *keybuffer) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo, salt, saltlen, iterations, keysize, keybuffer)); } void gcry_randomize (void *buffer, size_t length, enum gcry_random_level level) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_fatal_error ("called in non-operational state"); fips_noreturn (); } _gcry_randomize (buffer, length, level); } gcry_error_t gcry_random_add_bytes (const void *buffer, size_t length, int quality) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_random_add_bytes (buffer, length, quality)); } void * gcry_random_bytes (size_t nbytes, enum gcry_random_level level) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_fatal_error ("called in non-operational state"); fips_noreturn (); } return _gcry_random_bytes (nbytes,level); } void * gcry_random_bytes_secure (size_t nbytes, enum gcry_random_level level) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_fatal_error ("called in non-operational state"); fips_noreturn (); } return _gcry_random_bytes_secure (nbytes, level); } void gcry_mpi_randomize (gcry_mpi_t w, unsigned int nbits, enum gcry_random_level level) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_fatal_error ("called in non-operational state"); fips_noreturn (); } _gcry_mpi_randomize (w, nbits, level); } void gcry_create_nonce (void *buffer, size_t length) { if (!fips_is_operational ()) { (void)fips_not_operational (); fips_signal_fatal_error ("called in non-operational state"); fips_noreturn (); } _gcry_create_nonce (buffer, length); } gcry_error_t gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits, unsigned int factor_bits, gcry_mpi_t **factors, gcry_prime_check_func_t cb_func, void *cb_arg, gcry_random_level_t random_level, unsigned int flags) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits, factors, cb_func, cb_arg, random_level, flags)); } gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g, gcry_mpi_t prime, gcry_mpi_t *factors, gcry_mpi_t start_g) { if (!fips_is_operational ()) return gpg_error (fips_not_operational ()); return gpg_error (_gcry_prime_group_generator (r_g, prime, factors, start_g)); } void gcry_prime_release_factors (gcry_mpi_t *factors) { _gcry_prime_release_factors (factors); } gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags) { return gpg_error (_gcry_prime_check (x, flags)); } void gcry_ctx_release (gcry_ctx_t ctx) { _gcry_ctx_release (ctx); } void gcry_log_debug (const char *fmt, ...) { va_list arg_ptr ; va_start( arg_ptr, fmt ) ; _gcry_logv (GCRY_LOG_DEBUG, fmt, arg_ptr); va_end (arg_ptr); } void gcry_log_debughex (const char *text, const void *buffer, size_t length) { _gcry_log_printhex (text, buffer, length); } void gcry_log_debugmpi (const char *text, gcry_mpi_t mpi) { _gcry_log_printmpi (text, mpi); } void gcry_log_debugpnt (const char *text, mpi_point_t point, gcry_ctx_t ctx) { mpi_ec_t ec = ctx? _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC) : NULL; _gcry_mpi_point_log (text, point, ec); } void gcry_log_debugsxp (const char *text, gcry_sexp_t sexp) { _gcry_log_printsxp (text, sexp); } char * gcry_get_config (int mode, const char *what) { return _gcry_get_config (mode, what); } void gcry_set_progress_handler (gcry_handler_progress_t cb, void *cb_data) { _gcry_set_progress_handler (cb, cb_data); } void gcry_set_allocation_handler (gcry_handler_alloc_t func_alloc, gcry_handler_alloc_t func_alloc_secure, gcry_handler_secure_check_t func_secure_check, gcry_handler_realloc_t func_realloc, gcry_handler_free_t func_free) { _gcry_set_allocation_handler (func_alloc, func_alloc_secure, func_secure_check, func_realloc, func_free); } void gcry_set_outofcore_handler (gcry_handler_no_mem_t h, void *opaque) { _gcry_set_outofcore_handler (h, opaque); } void gcry_set_fatalerror_handler (gcry_handler_error_t fnc, void *opaque) { _gcry_set_fatalerror_handler (fnc, opaque); } void gcry_set_log_handler (gcry_handler_log_t f, void *opaque) { _gcry_set_log_handler (f, opaque); } void gcry_set_gettext_handler (const char *(*f)(const char*)) { _gcry_set_gettext_handler (f); } void * gcry_malloc (size_t n) { return _gcry_malloc (n); } void * gcry_calloc (size_t n, size_t m) { return _gcry_calloc (n, m); } void * gcry_malloc_secure (size_t n) { return _gcry_malloc_secure (n); } void * gcry_calloc_secure (size_t n, size_t m) { return _gcry_calloc_secure (n,m); } void * gcry_realloc (void *a, size_t n) { return _gcry_realloc (a, n); } char * gcry_strdup (const char *string) { return _gcry_strdup (string); } void * gcry_xmalloc (size_t n) { return _gcry_xmalloc (n); } void * gcry_xcalloc (size_t n, size_t m) { return _gcry_xcalloc (n, m); } void * gcry_xmalloc_secure (size_t n) { return _gcry_xmalloc_secure (n); } void * gcry_xcalloc_secure (size_t n, size_t m) { return _gcry_xcalloc_secure (n, m); } void * gcry_xrealloc (void *a, size_t n) { return _gcry_xrealloc (a, n); } char * gcry_xstrdup (const char *a) { return _gcry_xstrdup (a); } void gcry_free (void *a) { _gcry_free (a); } int gcry_is_secure (const void *a) { return _gcry_is_secure (a); }