void eb_curve_init(void) { ctx_t *ctx = core_get(); #ifdef EB_PRECO for (int i = 0; i < EB_TABLE; i++) { ctx->eb_ptr[i] = &(ctx->eb_pre[i]); } #endif #if ALLOC == STATIC fb_new(ctx->eb_g.x); fb_new(ctx->eb_g.y); fb_new(ctx->eb_g.z); for (int i = 0; i < EB_TABLE; i++) { fb_new(ctx->eb_pre[i].x); fb_new(ctx->eb_pre[i].y); fb_new(ctx->eb_pre[i].z); } #endif fb_zero(ctx->eb_g.x); fb_zero(ctx->eb_g.y); fb_zero(ctx->eb_g.z); bn_init(&(ctx->eb_r), FB_DIGS); bn_init(&(ctx->eb_h), FB_DIGS); #if defined(EB_KBLTZ) && (EB_MUL == LWNAF || !defined(STRIP)) bn_init(&(ctx->eb_vm), FB_DIGS); bn_init(&(ctx->eb_s0), FB_DIGS); bn_init(&(ctx->eb_s1), FB_DIGS); #endif }
void ep_curve_init(void) { ctx_t *ctx = core_get(); #ifdef EP_PRECO for (int i = 0; i < RELIC_EP_TABLE; i++) { ctx->ep_ptr[i] = &(ctx->ep_pre[i]); } #endif #if ALLOC == STATIC fp_new(ctx->ep_g.x); fp_new(ctx->ep_g.y); fp_new(ctx->ep_g.z); #ifdef EP_PRECO for (int i = 0; i < RELIC_EP_TABLE; i++) { fp_new(ctx->ep_pre[i].x); fp_new(ctx->ep_pre[i].y); fp_new(ctx->ep_pre[i].z); } #endif #endif ep_set_infty(&ctx->ep_g); bn_init(&ctx->ep_r, FP_DIGS); bn_init(&ctx->ep_h, FP_DIGS); #if defined(EP_ENDOM) && (EP_MUL == LWNAF || EP_FIX == COMBS || EP_FIX == LWNAF || !defined(STRIP)) for (int i = 0; i < 3; i++) { bn_init(&(ctx->ep_v1[i]), FP_DIGS); bn_init(&(ctx->ep_v2[i]), FP_DIGS); } #endif }
void BN_RECP_CTX_init(BN_RECP_CTX *recp) { bn_init(&(recp->N)); bn_init(&(recp->Nr)); recp->num_bits = 0; recp->flags = 0; }
void eb_curve_init(void) { int i; #ifdef EB_PRECO for (i = 0; i < EB_TABLE; i++) { pointer[i] = &(table[i]); } #endif #if ALLOC == STATIC fb_new(curve_g.x); fb_new(curve_g.y); fb_new(curve_g.z); for (i = 0; i < EB_TABLE; i++) { fb_new(table[i].x); fb_new(table[i].y); fb_new(table[i].z); } #endif fb_zero(curve_g.x); fb_zero(curve_g.y); fb_zero(curve_g.z); bn_init(&curve_r, FB_DIGS); #if defined(EB_KBLTZ) && (EB_MUL == LWNAF || !defined(STRIP)) bn_init(&curve_vm, FB_DIGS); bn_init(&curve_s0, FB_DIGS); bn_init(&curve_s1, FB_DIGS); #endif }
void BN_MONT_CTX_init(BN_MONT_CTX *ctx) { ctx->ri = 0; bn_init(&(ctx->RR)); bn_init(&(ctx->N)); bn_init(&(ctx->Ni)); ctx->n0[0] = ctx->n0[1] = 0; ctx->flags = 0; }
void fp_prime_init() { ctx_t *ctx = core_get(); ctx->fp_id = ctx->sps_len = 0; memset(ctx->sps, 0, sizeof(ctx->sps)); bn_init(&(ctx->prime), FP_DIGS); #if FP_RDC == MONTY || !defined(STRIP) bn_init(&(ctx->conv), FP_DIGS); bn_init(&(ctx->one), FP_DIGS); #endif }
int kx_self_test() { const static unsigned char test_a[] = {0x2e, 0x4e, 0x3a, 0x05, 0xd8, 0xff, 0x06, 0x2b, 0x4e, 0x46, 0xda, 0x6e, 0x12, 0x9c, 0xf3, 0x40, 0xb3, 0x07, 0x66, 0x99, 0x8a, 0x0e, 0x09, 0xe3, 0x93, 0x65, 0xa5, 0x52, 0x2d, 0x84, 0x83, 0x04}, test_b[] = {0x6d, 0xd0, 0xae, 0x87, 0x4e, 0x86, 0xa8, 0x11, 0xf8, 0x1b, 0x2e, 0xf5, 0x25, 0x61, 0x50, 0x8d, 0x91, 0x4a, 0x43, 0x53, 0xb1, 0x24, 0x73, 0xe1, 0x18, 0xff, 0x35, 0xdb, 0x2c, 0x77, 0xbd, 0x4e, 0x24, 0x3f, 0xd8, 0x81, 0x82, 0xcd, 0x9e, 0x30, 0xf4, 0xd1, 0x62, 0xb1, 0xe5, 0x57, 0xd5, 0x09, 0x66, 0xfa, 0x9c, 0xdf, 0x97, 0xd4, 0xf6, 0x94, 0xc2, 0x68, 0xb8, 0x91, 0x7d, 0x40, 0xa5, 0x43, 0x96, 0xbe, 0xc4, 0xa9, 0x50, 0x93, 0xbf, 0x13, 0x44, 0x06, 0xaf, 0x3a, 0xb2, 0xf6, 0xf6, 0x22, 0x1f, 0x11, 0x38, 0xae, 0x7e, 0x6c, 0xa1, 0xb4, 0xb9, 0xd1, 0x07, 0x4f, 0x06, 0xf7, 0x09, 0x8d, 0x85, 0x11, 0x38, 0xd4, 0xd4, 0xb8, 0x8f, 0x4d, 0xe1, 0xce, 0x9f, 0x11, 0xb0, 0x49, 0xac, 0x5b, 0x74, 0xef, 0x8b, 0x8e, 0xa4, 0x80, 0xb3, 0xdf, 0xea, 0x85, 0x18, 0x58, 0xc0, 0x3f, 0x79, 0x31, 0x99, 0x96, 0x9f, 0x8e, 0x12, 0x08, 0xb2, 0x32, 0x3f, 0x73, 0xdb, 0x31, 0x4b, 0x19, 0x41, 0x06, 0xb9, 0x98, 0x4b, 0xe5, 0x13, 0xd8, 0xb8, 0xab, 0x4e, 0x1d, 0x0e, 0xff, 0x5a, 0x1a, 0x13, 0xa0, 0x9c, 0xa1, 0x74, 0x59, 0xce, 0x9a, 0x6e, 0x5e, 0xf5, 0xec, 0x2e, 0x3a, 0xcb, 0x76, 0x61, 0x33, 0x36, 0x59, 0x70, 0xa8, 0xcb, 0x86, 0x88, 0x24, 0xff, 0x14, 0x61, 0x8e, 0x0d, 0x2d, 0x58, 0xe2, 0x45, 0xb9, 0x8b, 0x1c, 0xb6, 0x66, 0xa7, 0xa0, 0x7d, 0xb1, 0x45, 0x93, 0x1b, 0xe6, 0xb0, 0x4c, 0xb2, 0xd4, 0xe2, 0x62, 0x0b, 0x26, 0x30, 0x91, 0x40, 0xe9, 0x1e, 0x60, 0x8e, 0xcd, 0xba, 0x19, 0x92, 0x1b, 0xdd, 0xf3, 0xd7, 0xff, 0x7b, 0x12, 0x97, 0x5c, 0x9c, 0xe9, 0x5e, 0x28, 0x82, 0x6d, 0xbc, 0xc9, 0xd8, 0x77, 0x47, 0x94, 0x04, 0xd6, 0xa7, 0x74, 0xcb, 0xc8, 0xfa, 0x78, 0x08, 0xa0}, exp_A[] = {0x69, 0x72, 0x9a, 0x40, 0x98, 0xdc, 0x2c, 0x5c, 0xaa, 0xc5, 0xd8, 0x27, 0x9a, 0xc4, 0xa1, 0x2f, 0x24, 0x66, 0x8f, 0xd0, 0xe4, 0xf1, 0x17, 0xd3, 0x51, 0xa7, 0xb3, 0xcf, 0x00, 0x5c, 0x5e, 0x31, 0x74, 0x19, 0xca, 0xeb, 0xb1, 0x13, 0x1f, 0xd7, 0x58, 0x45, 0x29, 0x79, 0x21, 0x03, 0x88, 0x89, 0xcd, 0x31, 0x4d, 0xff, 0x9f, 0x56, 0xaf, 0xf2, 0x18, 0xcd, 0x81, 0x04, 0x0b, 0x17, 0x75, 0x63, 0x60, 0x1d, 0xfe, 0x58, 0xa0, 0xe0, 0x2b, 0x2f, 0xf3, 0x57, 0x46, 0xcb, 0xee, 0x51, 0x76, 0xcb, 0x4e, 0x69, 0x34, 0xcf, 0xa2, 0x7d, 0x59, 0xcc, 0x12, 0x08, 0x89, 0x76, 0x6b, 0x72, 0xcc, 0xe4, 0x6c, 0x09, 0x79, 0x57, 0xd0, 0x06, 0xe0, 0xf2, 0x21, 0xc3, 0xe2, 0x30, 0x3b, 0x63, 0x41, 0x6f, 0xe5, 0x84, 0xa3, 0x8a, 0x8b, 0x79, 0xb7, 0x92, 0xbc, 0xd5, 0xb6, 0xe7, 0xfe, 0xa2, 0x9a, 0x1d, 0x26, 0x00, 0x52, 0x92, 0x02, 0xb3, 0xdf, 0xf2, 0xf3, 0x41, 0x42, 0xa6, 0x82, 0xd9, 0xad, 0x0a, 0xf8, 0x32, 0x1c, 0x11, 0x14, 0x2c, 0x9d, 0xc3, 0x08, 0x6a, 0x92, 0x59, 0x3a, 0x61, 0x8a, 0xda, 0xc9, 0xbb, 0x46, 0x4f, 0xc8, 0x68, 0x3d, 0xee, 0x6a, 0xac, 0x15, 0xb0, 0x94, 0x64, 0x27, 0x74, 0xc9, 0xe4, 0xa8, 0xf6, 0xb6, 0x0e, 0x6c, 0x26, 0x0b, 0x31, 0x38, 0x9d, 0x40, 0xd7, 0x34, 0x3c, 0xd4, 0xe5, 0xf6, 0xea, 0xa0, 0xcb, 0xec, 0xfa, 0x92, 0x0a, 0x6a, 0x9d, 0x95, 0x52, 0x39, 0x22, 0x29, 0x54, 0x2d, 0x52, 0x43, 0x50, 0xab, 0x94, 0xf9, 0xda, 0x45, 0x6f, 0xa7, 0xd1, 0x64, 0x18, 0x25, 0x3e, 0xb4, 0x0a, 0xda, 0xf6, 0xb7, 0x49, 0x7d, 0xe2, 0x0c, 0x9c, 0x26, 0xed, 0xbb, 0xdc, 0x56, 0xc2, 0x7f, 0x43, 0x2e, 0xad, 0xac, 0x5e, 0x1f, 0xbc, 0x9f, 0xdf, 0x2c, 0xe8, 0x4b, 0xe6}, exp_k[] = {0x25, 0xe1, 0xd6, 0xba, 0x1f, 0x49, 0x90, 0x47, 0x87, 0x87, 0xc8, 0x54, 0xfb, 0xed, 0xe8, 0xff, 0xe9, 0x5e, 0x2d, 0xc5, 0xed, 0xf7, 0x88, 0x36, 0x5f, 0x27, 0x98, 0x32, 0x7e, 0x10, 0x77}; int result = FAILURE; kx_t kx; bn_t A, b, exp; unsigned char k[31]; bn_init(&A); bn_init(&b); bn_init(&exp); if (kx_init_std(&kx, KX_GROUP_2048_256) != SUCCESS) goto fail2; if (bn_from_bytes(&kx.a, test_a, sizeof(test_a)) != SUCCESS) goto fail; if (kx_get_A(&kx, &A) != SUCCESS) goto fail; if (bn_from_bytes(&exp, exp_A, sizeof(exp_A)) != SUCCESS) goto fail; if (bn_cmp(&A, &exp) != 0) goto fail; if (bn_from_bytes(&b, test_b, sizeof(test_b)) != SUCCESS) goto fail; if (kx_set_b(&kx, &b) != SUCCESS) goto fail; if (kx_get_sk(&kx, k, sizeof(k) * 8) != SUCCESS) goto fail; if (memcmp(k, exp_k, sizeof(k)) != 0) goto fail; result = SUCCESS; fail: kx_destroy(&kx); fail2: if (result == FAILURE) fdprintf(STDERR, "KX self-test FAILED!\n"); bn_destroy(&A); bn_destroy(&b); bn_destroy(&exp); return result; }
BN_RECP_CTX *BN_RECP_CTX_new(void) { BN_RECP_CTX *ret; if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) return NULL; bn_init(&(ret->N)); bn_init(&(ret->Nr)); ret->flags = BN_FLG_MALLOCED; return ret; }
int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, const uint8_t *in, const uint32_t in_len, enum padding_mode padding, enum hashing_mode hashing, const char *label) { uint32_t encrypted_buf[RSA_MAX_WORDS]; uint32_t padded_buf[RSA_MAX_WORDS]; struct BIGNUM encrypted; struct BIGNUM padded; int ret = 1; if (!check_modulus_params(&rsa->N, out_len)) return 0; if (in_len != bn_size(&rsa->N)) return 0; /* Invalid input length. */ /* TODO(ngm): this copy can be eliminated if input may be modified. */ bn_init(&encrypted, encrypted_buf, in_len); memcpy(encrypted_buf, in, in_len); bn_init(&padded, padded_buf, in_len); /* Reverse from big-endian to little-endian notation. */ reverse((uint8_t *) encrypted.d, encrypted.dmax * BN_BYTES); bn_mont_modexp(&padded, &encrypted, &rsa->d, &rsa->N); /* Back to big-endian notation. */ reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES); switch (padding) { case PADDING_MODE_OAEP: if (!check_oaep_pad(out, out_len, (uint8_t *) padded.d, bn_size(&padded), hashing, label)) ret = 0; break; case PADDING_MODE_PKCS1: if (!check_pkcs1_type2_pad( out, out_len, (const uint8_t *) padded.d, bn_size(&padded))) ret = 0; break; default: /* Unsupported padding mode. */ ret = 0; break; } dcrypto_memset(encrypted_buf, 0, sizeof(encrypted_buf)); dcrypto_memset(padded_buf, 0, sizeof(padded_buf)); return ret; }
int DCRYPTO_rsa_verify(struct RSA *rsa, const uint8_t *digest, uint32_t digest_len, const uint8_t *sig, const uint32_t sig_len, enum padding_mode padding, enum hashing_mode hashing) { uint32_t padded_buf[RSA_MAX_WORDS]; uint32_t signature_buf[RSA_MAX_WORDS]; uint32_t e_buf[BN_BYTES / sizeof(uint32_t)]; struct BIGNUM padded; struct BIGNUM signature; struct BIGNUM e; int ret = 1; if (!check_modulus_params(&rsa->N, NULL)) return 0; if (sig_len != bn_size(&rsa->N)) return 0; /* Invalid input length. */ bn_init(&signature, signature_buf, bn_size(&rsa->N)); memcpy(signature_buf, sig, bn_size(&rsa->N)); bn_init(&padded, padded_buf, bn_size(&rsa->N)); bn_init(&e, e_buf, sizeof(e_buf)); *e.d = rsa->e; /* Reverse from big-endian to little-endian notation. */ reverse((uint8_t *) signature.d, signature.dmax * BN_BYTES); bn_mont_modexp(&padded, &signature, &e, &rsa->N); /* Back to big-endian notation. */ reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES); switch (padding) { case PADDING_MODE_PKCS1: if (!check_pkcs1_type1_pad( digest, digest_len, (uint8_t *) padded.d, bn_size(&padded), hashing)) ret = 0; break; default: /* Unsupported padding mode. */ ret = 0; break; } dcrypto_memset(padded_buf, 0, sizeof(padded_buf)); dcrypto_memset(signature_buf, 0, sizeof(signature_buf)); return ret; }
int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, const uint8_t *in, const uint32_t in_len, enum padding_mode padding, enum hashing_mode hashing, const char *label) { uint32_t padded_buf[RSA_MAX_WORDS]; uint32_t e_buf[BN_BYTES / sizeof(uint32_t)]; struct BIGNUM padded; struct BIGNUM e; struct BIGNUM encrypted; if (!check_modulus_params(&rsa->N, out_len)) return 0; bn_init(&padded, padded_buf, bn_size(&rsa->N)); bn_init(&encrypted, out, bn_size(&rsa->N)); bn_init(&e, e_buf, sizeof(e_buf)); *e.d = rsa->e; switch (padding) { case PADDING_MODE_OAEP: if (!oaep_pad((uint8_t *) padded.d, bn_size(&padded), (const uint8_t *) in, in_len, hashing, label)) return 0; break; case PADDING_MODE_PKCS1: if (!pkcs1_type2_pad((uint8_t *) padded.d, bn_size(&padded), (const uint8_t *) in, in_len)) return 0; break; default: return 0; /* Unsupported padding mode. */ } /* Reverse from big-endian to little-endian notation. */ reverse((uint8_t *) padded.d, bn_size(&padded)); bn_mont_modexp(&encrypted, &padded, &e, &rsa->N); /* Back to big-endian notation. */ reverse((uint8_t *) encrypted.d, bn_size(&encrypted)); *out_len = bn_size(&encrypted); dcrypto_memset(padded_buf, 0, sizeof(padded_buf)); dcrypto_memset(e_buf, 0, sizeof(e_buf)); return 1; }
void ep2_curve_init(void) { ctx_t *ctx = core_get(); #ifdef EP_PRECO for (int i = 0; i < EP_TABLE; i++) { ctx->ep2_ptr[i] = &(ctx->ep2_pre[i]); } #endif #if ALLOC == STATIC || ALLOC == DYNAMIC || ALLOC == STACK ctx->ep2_g.x[0] = ctx->ep2_gx[0]; ctx->ep2_g.x[1] = ctx->ep2_gx[1]; ctx->ep2_g.y[0] = ctx->ep2_gy[0]; ctx->ep2_g.y[1] = ctx->ep2_gy[1]; ctx->ep2_g.z[0] = ctx->ep2_gz[0]; ctx->ep2_g.z[1] = ctx->ep2_gz[1]; #endif #ifdef EP_PRECO #if ALLOC == STATIC || ALLOC == DYNAMIC for (int i = 0; i < EP_TABLE; i++) { fp2_new(ctx->ep2_pre[i].x); fp2_new(ctx->ep2_pre[i].y); fp2_new(ctx->ep2_pre[i].z); } #elif ALLOC == STACK for (int i = 0; i < EP_TABLE; i++) { ctx->ep2_pre[i].x[0] = ctx->_ep2_pre[3 * i][0]; ctx->ep2_pre[i].x[1] = ctx->_ep2_pre[3 * i][1]; ctx->ep2_pre[i].y[0] = ctx->_ep2_pre[3 * i + 1][0]; ctx->ep2_pre[i].y[1] = ctx->_ep2_pre[3 * i + 1][1]; ctx->ep2_pre[i].z[0] = ctx->_ep2_pre[3 * i + 2][0]; ctx->ep2_pre[i].z[1] = ctx->_ep2_pre[3 * i + 2][1]; } #endif #endif ep2_set_infty(&(ctx->ep2_g)); bn_init(&(ctx->ep2_r), FP_DIGS); bn_init(&(ctx->ep2_h), FP_DIGS); }
void kx_init_common(kx_t *kx) { bn_init(&kx->P); bn_init(&kx->Q); bn_init(&kx->G); bn_init(&kx->a); bn_init(&kx->b); bn_init(&kx->S); }
int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len, const uint8_t *in, const uint32_t in_len, enum padding_mode padding, enum hashing_mode hashing) { uint32_t padded_buf[RSA_MAX_WORDS]; struct BIGNUM padded; struct BIGNUM signature; if (!check_modulus_params(&rsa->N, out_len)) return 0; bn_init(&padded, padded_buf, bn_size(&rsa->N)); bn_init(&signature, out, bn_size(&rsa->N)); /* TODO(ngm): add support for PSS. */ switch (padding) { case PADDING_MODE_PKCS1: if (!pkcs1_type1_pad((uint8_t *) padded.d, bn_size(&padded), (const uint8_t *) in, in_len, hashing)) return 0; break; default: return 0; } /* Reverse from big-endian to little-endian notation. */ reverse((uint8_t *) padded.d, bn_size(&padded)); bn_mont_modexp(&signature, &padded, &rsa->d, &rsa->N); /* Back to big-endian notation. */ reverse((uint8_t *) signature.d, bn_size(&signature)); *out_len = bn_size(&rsa->N); dcrypto_memset(padded_buf, 0, sizeof(padded_buf)); return 1; }
int start(int nodeID) { snprintf(thisID, 10, "%d", nodeID); core_init(); if (pc_param_set_any() != STS_OK) { return 1; } /* Simulate PKG. The private key should be loaded statically in real deployments. */ bn_init(&masterKey, BN_DIGS); bn_read_str(&masterKey, "123456789ABCDEF123456789ABCDEF123456789ABCDEF123456789ABCDEF", 64, 16); cp_sokaka_gen_prv(privateKey, thisID, strlen(thisID), &masterKey); printf("TinyPBC \t Private key received.\n"); return 0; }
void fp_invn_low(dig_t *c, const dig_t *a) { bn_st e; bn_init(&e, RLC_FP_DIGS); e.used = RLC_FP_DIGS; dv_copy(e.dp, fp_prime_get(), RLC_FP_DIGS); bn_sub1_low(e.dp, e.dp, 2, RLC_FP_DIGS); #if AUTO == ALLOC fp_exp(c, a, &e); #else fp_exp(c, (const fp_t)a, &e); #endif bn_clean(&e); }
static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) { BIGNUM *bn; unsigned int loop; /* Full; allocate a new pool item and link it in. */ if (p->used == p->size) { BN_POOL_ITEM *item; if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE); return NULL; } for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { bn_init(bn); if ((flag & BN_FLG_SECURE) != 0) BN_set_flags(bn, BN_FLG_SECURE); } item->prev = p->tail; item->next = NULL; if (p->head == NULL) p->head = p->current = p->tail = item; else { p->tail->next = item; p->tail = item; p->current = item; } p->size += BN_CTX_POOL_SIZE; p->used++; /* Return the first bignum from the new pool */ return item->vals; } if (!p->used) p->current = p->head; else if ((p->used % BN_CTX_POOL_SIZE) == 0) p->current = p->current->next; return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); }
void BN_RECP_CTX_init(BN_RECP_CTX *recp) { memset(recp, 0, sizeof(*recp)); bn_init(&(recp->N)); bn_init(&(recp->Nr)); }
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { int i, ret = 0; BIGNUM *Ri, *R; if (BN_is_zero(mod)) return 0; BN_CTX_start(ctx); if ((Ri = BN_CTX_get(ctx)) == NULL) goto err; R = &(mont->RR); /* grab RR as a temp */ if (!BN_copy(&(mont->N), mod)) goto err; /* Set N */ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(&(mont->N), BN_FLG_CONSTTIME); mont->N.neg = 0; #ifdef MONT_WORD { BIGNUM tmod; BN_ULONG buf[2]; bn_init(&tmod); tmod.d = buf; tmod.dmax = 2; tmod.neg = 0; if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(&tmod, BN_FLG_CONSTTIME); mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) /* * Only certain BN_BITS2<=32 platforms actually make use of n0[1], * and we could use the #else case (with a shorter R value) for the * others. However, currently only the assembler files do know which * is which. */ BN_zero(R); if (!(BN_set_bit(R, 2 * BN_BITS2))) goto err; tmod.top = 0; if ((buf[0] = mod->d[0])) tmod.top = 1; if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) tmod.top = 2; if (BN_is_one(&tmod)) BN_zero(Ri); else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) goto err; /* R*Ri */ if (!BN_is_zero(Ri)) { if (!BN_sub_word(Ri, 1)) goto err; } else { /* if N mod word size == 1 */ if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL) goto err; /* Ri-- (mod double word size) */ Ri->neg = 0; Ri->d[0] = BN_MASK2; Ri->d[1] = BN_MASK2; Ri->top = 2; } if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) goto err; /* * Ni = (R*Ri-1)/N, keep only couple of least significant words: */ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; # else BN_zero(R); if (!(BN_set_bit(R, BN_BITS2))) goto err; /* R */ buf[0] = mod->d[0]; /* tmod = N mod word size */ buf[1] = 0; tmod.top = buf[0] != 0 ? 1 : 0; /* Ri = R^-1 mod N */ if (BN_is_one(&tmod)) BN_zero(Ri); else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, BN_BITS2)) goto err; /* R*Ri */ if (!BN_is_zero(Ri)) { if (!BN_sub_word(Ri, 1)) goto err; } else { /* if N mod word size == 1 */ if (!BN_set_word(Ri, BN_MASK2)) goto err; /* Ri-- (mod word size) */ } if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) goto err; /* * Ni = (R*Ri-1)/N, keep only least significant word: */ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; mont->n0[1] = 0; # endif } #else /* !MONT_WORD */ { /* bignum version */ mont->ri = BN_num_bits(&mont->N); BN_zero(R); if (!BN_set_bit(R, mont->ri)) goto err; /* R = 2^ri */ /* Ri = R^-1 mod N */ if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, mont->ri)) goto err; /* R*Ri */ if (!BN_sub_word(Ri, 1)) goto err; /* * Ni = (R*Ri-1) / N */ if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx)) goto err; } #endif /* setup RR for conversions */ BN_zero(&(mont->RR)); if (!BN_set_bit(&(mont->RR), mont->ri * 2)) goto err; if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) goto err; for (i = mont->RR.top, ret = mont->N.top; i < ret; i++) mont->RR.d[i] = 0; mont->RR.top = ret; mont->RR.flags |= BN_FLG_FIXED_TOP; ret = 1; err: BN_CTX_end(ctx); return ret; }
static int test_bn_modinv_helper(const BIGNUM *E, BN_CTX *ctx) { int i; BIGNUM *MOD = BN_CTX_get(ctx); for (i = 0; i < 1000; i++) { uint32_t m_buf[64]; uint32_t d_buf[64]; uint32_t e_buf[32]; int has_inverse; int test_inverse; struct LITE_BIGNUM m; struct LITE_BIGNUM e; struct LITE_BIGNUM d; BIGNUM *r = BN_CTX_get(ctx); memset(e_buf, 0, sizeof(e_buf)); /* Top bit set, bottom bit clear. */ BN_rand(MOD, 2048, 1, 0); if (BN_mod_inverse(r, E, MOD, ctx)) has_inverse = 1; else has_inverse = 0; DCRYPTO_bn_wrap(&m, m_buf, sizeof(m_buf)); memcpy(m_buf, MOD->d, sizeof(m_buf)); assert(BN_num_bytes(E) <= sizeof(e_buf)); memcpy(e_buf, E->d, BN_num_bytes(E)); DCRYPTO_bn_wrap(&e, e_buf, sizeof(e_buf)); bn_init(&d, d_buf, sizeof(d_buf)); test_inverse = bn_modinv_vartime(&d, &e, &m); if (test_inverse != has_inverse) { fprintf(stderr, "ossl inverse: %d, dcrypto inverse: %d\n", has_inverse, test_inverse); fprintf(stderr, "d : "); BN_print_fp(stderr, r); fprintf(stderr, "\n"); fprintf(stderr, "e : "); BN_print_fp(stderr, E); fprintf(stderr, "\n"); fprintf(stderr, "M : "); BN_print_fp(stderr, MOD); fprintf(stderr, "\n"); return 1; } if (has_inverse) { if (memcmp(d.d, r->d, BN_num_bytes(r)) != 0) { fprintf(stderr, "memcmp fail\n"); return 1; } } BN_free(r); } return 0; }
int main(){ volatile int quit=0,quitMenu=0,err; int nbreceived=0; sMsg msgIn; char cmd; bn_Address destAd; int ret; float var=0; int i; int msg2send=10000,msgSend=0,msgNStatused=0,msgNOk=0,avgElem=0; float avgMes=0,avgVal=0; sMsg out; struct timeval currentClock, prevClock; bn_init(); bn_attach(E_ROLE_SETUP,role_setup); printf("listening, CTRL+C for menu\n"); signal(SIGINT, intHandler); gettimeofday(&prevClock,NULL); while (!quit){ usleep(500); memset(&msgIn,0,sizeof(sMsg)); // receive messages, and deal with it. if (bn_receive(&msgIn)>0){ printf("message received from %hx, type : %u\n",msgIn.header.srcAddr,msgIn.header.type); switch (msgIn.header.type){ case E_DEBUG : printf("%s\n",msgIn.payload.debug); break; case E_DATA : //plot raw payload for ( i=0 ; i<msgIn.header.size && i<54; i++){ printf(" %hx",msgIn.payload.raw[i]); } printf("\n"); break; case E_ACK_RESPONSE : printf("ack response : %d, ack addr %hx\n",msgIn.payload.ack.ans,msgIn.payload.ack.addr); break; case E_WELL_CTRL : case E_TEST_PKT : well_deamon(&msgIn); break; case E_CBR_CTRL : cbr_controller(&msgIn); break; default : break; } } cbr_deamon(); if (menu){ menu=0; quitMenu=0; while (!quitMenu){ cmd=0; printf("nb msg received : %d\n",nbreceived); nbreceived=0; printf("\ndebug reader menu\n"); printf("s : send debugger address\n"); printf("i : info about this node\n"); printf("b : send a burst of message to \n"); printf("p : ping\n"); printf("t : traceroute\n"); printf("r : return\n"); printf("q : quit\n"); while(isspace(cmd=getchar())); switch (toupper(cmd)){ case 'R' : quitMenu=1; printf("back to listening, CTRL+C for menu\n\n"); break; case 'Q' : quitMenu=1; quit=1; break; case 'S' : printf("enter destination address\n"); scanf("%hx",&destAd); if ( (err=bn_debugSendAddr(destAd)) > 0){ printf("signalling send\n"); quitMenu=1; } else { printf("error while sending : %d\n", err); } break; case 'I' : printf("my addr (total) : %4hx\n",MYADDRX); printf("my addr (local) : %4hx\n",MYADDRX&DEVICEX_MASK); printf("my subnet : %4hx\n\n",MYADDRX&SUBNET_MASK); break; case 'B' : avgMes=0; avgVal=0; avgElem=0; var=0; printf("enter destination address\n"); scanf("%hx",&out.header.destAddr); out.header.type=E_TEST_PKT; printf("enter number of message to send\n"); scanf("%d",&msg2send); gettimeofday(&prevClock,NULL); msgNOk=0; msgNStatused=0; msgSend=0; while ( msg2send>0 ){ out.header.size=1; switch (ret=bn_sendAck(&out)){ case 1 : msgSend++; break; case -ERR_BN_ACK_TIMEOUT : msgNStatused++; break; case -ERR_BN_NACK_BROKEN_LINK : msgNOk++; break; // default : printf("blah %d %d\n",ret,msg2send);break; } gettimeofday(¤tClock,NULL); if (ret>=0){ avgElem++; avgMes=(float)((currentClock.tv_sec*1000000 + currentClock.tv_usec)-(prevClock.tv_sec*1000000 + prevClock.tv_usec)); avgVal=avgMes/(float)avgElem +avgVal*((float)(avgElem-1))/((float)avgElem); if (avgElem>1) var=((avgElem-1)*var)/avgElem + (avgMes-avgVal)*(avgMes-avgVal)/(avgElem-1); fprintf(stderr,"%f,%f,%f\n", avgMes, avgVal, var); } prevClock=currentClock; if (msg2send==1) printf("send(acked) %d, timeout %d, Nack bkn link %d, interval %f , stdev %f \n",msgSend, msgNStatused,msgNOk,avgVal,sqrt(var)); msg2send--; } break; case 'P' : destAd=0; printf("enter destination adress\n"); scanf("%hx",&destAd); printf("ping %hx : %d ms\n",destAd,bn_ping(destAd)); break; case 'T' : { destAd=0; printf("enter destination adress\n"); scanf("%hx",&destAd); int depth; printf("enter depth\n"); scanf("%i",&depth); sTraceInfo trInfo[depth]; int nbTraces,f; nbTraces=bn_traceroute(destAd,trInfo,depth,1000); for (f=0;f<nbTraces;f++){ printf("%hx in %d ms\n",trInfo[f].addr,trInfo[f].ping); } } break; default : break; } } } } printf("bye\n"); bn_detach(E_DEBUG_SIGNALLING); return 0; }
int choose_strategy_move(const parity_game* g, const recursive_result* strategy, const int player, const int* src, int* current_player, bool* strategy_play, bool* result, bool* deadlock, int* dst) { int group = -1; vset_t level = vset_create(g->domain, -1, NULL); vset_t tmp = vset_create(g->domain, -1, NULL); vset_t singleton = vset_create(g->domain, -1, NULL); vset_add(singleton, src); // Do a random run through the game, conforming to // the strategy in result. *current_player = (vset_member(g->v_player[player], src) ? player : 1-player); Print(hre_debug, "Using strategy of player %d. The position is owned by player %d.", player, *current_player); if (*current_player==player && vset_member(strategy->win[player], src)) { //printf("Player %d chooses according to his/her winning strategy.\n", player); // Choose a transition according to the strategy of player *strategy_play = true; vset_t strategy_level = vset_create(g->domain, -1, NULL); compute_strategy_level(strategy_level, src, player, strategy); vset_clear(level); for (int i=0; i < g->num_groups; i++) { vset_next(tmp, singleton, g->e[i]); vset_intersect(tmp, strategy_level); if (!vset_is_empty(tmp)) { vset_copy(level, tmp); // Choose a random element: //printf("Choosing a transition from transition group %d.\n", i); group = i; vset_random(level, dst); break; } } // Check for deadlocks if (vset_is_empty(level)) { *deadlock = true; *result = (*current_player != player); Print(infoLong, "Deadlock for player %d, player %s has won, result is %s.", *current_player, (*current_player==1) ? "0 (even / or)" : "1 (odd / and)", *result ? "true" : "false"); } } else { //Print(info, "Not player %d's turn or player %d has no winning strategy. Choosing an arbitrary move for player %d.", // player, player, *current_player); // this states belongs to (1-player) or player does not have a winning strategy *strategy_play = false; vset_t strategy_level = vset_create(g->domain, -1, NULL); /* if (vset_member(result.win[current_player], src)) { // winning move after all compute_strategy_level(strategy_level, src, current_player, result); if (vset_is_empty(strategy_level)) { Print(info, "Unexpected: src is in win[%d], but strategy_level is empty.", current_player); } else { strategy_play = true; } } */ // choose a random move vset_clear(level); for (int i=0; i < g->num_groups; i++) { vset_next(tmp, singleton, g->e[i]); if (*strategy_play && !vset_is_empty(tmp)) { vset_intersect(tmp, strategy_level); if (!vset_is_empty(tmp)) { vset_copy(level, tmp); // Choose a random element: //printf("Choosing a transition from transition group %d.\n", i); group = i; vset_random(level, dst); break; } } else { vset_union(level, tmp); } } // Check for deadlocks if (vset_is_empty(level)) { *deadlock = true; *result = (*current_player != player); Print(infoLong, "Deadlock for player %d, player %s has won, result is %s.", *current_player, (*current_player==1) ? "0 (even / or)" : "1 (odd / and)", *result ? "true" : "false"); } else if (!*strategy_play) { //Print(info, "choose randomly"); long int nodes; bn_int_t states; bn_init(&states); vset_count(level, &nodes, &states); vset_random(level, dst); } } return group; }