void eb_curve_init(void) {
ctx_t *ctx = core_get();
#ifdef EB_PRECO
for (int i = 0; i < EB_TABLE; i++) {
ctx->eb_ptr[i] = &(ctx->eb_pre[i]);
}
#endif
#if ALLOC == STATIC
fb_new(ctx->eb_g.x);
fb_new(ctx->eb_g.y);
fb_new(ctx->eb_g.z);
for (int i = 0; i < EB_TABLE; i++) {
fb_new(ctx->eb_pre[i].x);
fb_new(ctx->eb_pre[i].y);
fb_new(ctx->eb_pre[i].z);
}
#endif
fb_zero(ctx->eb_g.x);
fb_zero(ctx->eb_g.y);
fb_zero(ctx->eb_g.z);
bn_init(&(ctx->eb_r), FB_DIGS);
bn_init(&(ctx->eb_h), FB_DIGS);
#if defined(EB_KBLTZ) && (EB_MUL == LWNAF || !defined(STRIP))
bn_init(&(ctx->eb_vm), FB_DIGS);
bn_init(&(ctx->eb_s0), FB_DIGS);
bn_init(&(ctx->eb_s1), FB_DIGS);
#endif
}
void ep_curve_init(void) {
ctx_t *ctx = core_get();
#ifdef EP_PRECO
for (int i = 0; i < RELIC_EP_TABLE; i++) {
ctx->ep_ptr[i] = &(ctx->ep_pre[i]);
}
#endif
#if ALLOC == STATIC
fp_new(ctx->ep_g.x);
fp_new(ctx->ep_g.y);
fp_new(ctx->ep_g.z);
#ifdef EP_PRECO
for (int i = 0; i < RELIC_EP_TABLE; i++) {
fp_new(ctx->ep_pre[i].x);
fp_new(ctx->ep_pre[i].y);
fp_new(ctx->ep_pre[i].z);
}
#endif
#endif
ep_set_infty(&ctx->ep_g);
bn_init(&ctx->ep_r, FP_DIGS);
bn_init(&ctx->ep_h, FP_DIGS);
#if defined(EP_ENDOM) && (EP_MUL == LWNAF || EP_FIX == COMBS || EP_FIX == LWNAF || !defined(STRIP))
for (int i = 0; i < 3; i++) {
bn_init(&(ctx->ep_v1[i]), FP_DIGS);
bn_init(&(ctx->ep_v2[i]), FP_DIGS);
}
#endif
}
void BN_RECP_CTX_init(BN_RECP_CTX *recp)
{
bn_init(&(recp->N));
bn_init(&(recp->Nr));
recp->num_bits = 0;
recp->flags = 0;
}
void eb_curve_init(void) {
int i;
#ifdef EB_PRECO
for (i = 0; i < EB_TABLE; i++) {
pointer[i] = &(table[i]);
}
#endif
#if ALLOC == STATIC
fb_new(curve_g.x);
fb_new(curve_g.y);
fb_new(curve_g.z);
for (i = 0; i < EB_TABLE; i++) {
fb_new(table[i].x);
fb_new(table[i].y);
fb_new(table[i].z);
}
#endif
fb_zero(curve_g.x);
fb_zero(curve_g.y);
fb_zero(curve_g.z);
bn_init(&curve_r, FB_DIGS);
#if defined(EB_KBLTZ) && (EB_MUL == LWNAF || !defined(STRIP))
bn_init(&curve_vm, FB_DIGS);
bn_init(&curve_s0, FB_DIGS);
bn_init(&curve_s1, FB_DIGS);
#endif
}
void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
{
ctx->ri = 0;
bn_init(&(ctx->RR));
bn_init(&(ctx->N));
bn_init(&(ctx->Ni));
ctx->n0[0] = ctx->n0[1] = 0;
ctx->flags = 0;
}
void fp_prime_init() {
ctx_t *ctx = core_get();
ctx->fp_id = ctx->sps_len = 0;
memset(ctx->sps, 0, sizeof(ctx->sps));
bn_init(&(ctx->prime), FP_DIGS);
#if FP_RDC == MONTY || !defined(STRIP)
bn_init(&(ctx->conv), FP_DIGS);
bn_init(&(ctx->one), FP_DIGS);
#endif
}
int kx_self_test()
{
const static unsigned char test_a[] = {0x2e, 0x4e, 0x3a, 0x05, 0xd8, 0xff, 0x06, 0x2b, 0x4e, 0x46, 0xda, 0x6e, 0x12, 0x9c, 0xf3, 0x40, 0xb3, 0x07, 0x66, 0x99, 0x8a, 0x0e, 0x09, 0xe3, 0x93, 0x65, 0xa5, 0x52, 0x2d, 0x84, 0x83, 0x04},
test_b[] = {0x6d, 0xd0, 0xae, 0x87, 0x4e, 0x86, 0xa8, 0x11, 0xf8, 0x1b, 0x2e, 0xf5, 0x25, 0x61, 0x50, 0x8d, 0x91, 0x4a, 0x43, 0x53, 0xb1, 0x24, 0x73, 0xe1, 0x18, 0xff, 0x35, 0xdb, 0x2c, 0x77, 0xbd, 0x4e, 0x24, 0x3f, 0xd8, 0x81, 0x82, 0xcd, 0x9e, 0x30, 0xf4, 0xd1, 0x62, 0xb1, 0xe5, 0x57, 0xd5, 0x09, 0x66, 0xfa, 0x9c, 0xdf, 0x97, 0xd4, 0xf6, 0x94, 0xc2, 0x68, 0xb8, 0x91, 0x7d, 0x40, 0xa5, 0x43, 0x96, 0xbe, 0xc4, 0xa9, 0x50, 0x93, 0xbf, 0x13, 0x44, 0x06, 0xaf, 0x3a, 0xb2, 0xf6, 0xf6, 0x22, 0x1f, 0x11, 0x38, 0xae, 0x7e, 0x6c, 0xa1, 0xb4, 0xb9, 0xd1, 0x07, 0x4f, 0x06, 0xf7, 0x09, 0x8d, 0x85, 0x11, 0x38, 0xd4, 0xd4, 0xb8, 0x8f, 0x4d, 0xe1, 0xce, 0x9f, 0x11, 0xb0, 0x49, 0xac, 0x5b, 0x74, 0xef, 0x8b, 0x8e, 0xa4, 0x80, 0xb3, 0xdf, 0xea, 0x85, 0x18, 0x58, 0xc0, 0x3f, 0x79, 0x31, 0x99, 0x96, 0x9f, 0x8e, 0x12, 0x08, 0xb2, 0x32, 0x3f, 0x73, 0xdb, 0x31, 0x4b, 0x19, 0x41, 0x06, 0xb9, 0x98, 0x4b, 0xe5, 0x13, 0xd8, 0xb8, 0xab, 0x4e, 0x1d, 0x0e, 0xff, 0x5a, 0x1a, 0x13, 0xa0, 0x9c, 0xa1, 0x74, 0x59, 0xce, 0x9a, 0x6e, 0x5e, 0xf5, 0xec, 0x2e, 0x3a, 0xcb, 0x76, 0x61, 0x33, 0x36, 0x59, 0x70, 0xa8, 0xcb, 0x86, 0x88, 0x24, 0xff, 0x14, 0x61, 0x8e, 0x0d, 0x2d, 0x58, 0xe2, 0x45, 0xb9, 0x8b, 0x1c, 0xb6, 0x66, 0xa7, 0xa0, 0x7d, 0xb1, 0x45, 0x93, 0x1b, 0xe6, 0xb0, 0x4c, 0xb2, 0xd4, 0xe2, 0x62, 0x0b, 0x26, 0x30, 0x91, 0x40, 0xe9, 0x1e, 0x60, 0x8e, 0xcd, 0xba, 0x19, 0x92, 0x1b, 0xdd, 0xf3, 0xd7, 0xff, 0x7b, 0x12, 0x97, 0x5c, 0x9c, 0xe9, 0x5e, 0x28, 0x82, 0x6d, 0xbc, 0xc9, 0xd8, 0x77, 0x47, 0x94, 0x04, 0xd6, 0xa7, 0x74, 0xcb, 0xc8, 0xfa, 0x78, 0x08, 0xa0},
exp_A[] = {0x69, 0x72, 0x9a, 0x40, 0x98, 0xdc, 0x2c, 0x5c, 0xaa, 0xc5, 0xd8, 0x27, 0x9a, 0xc4, 0xa1, 0x2f, 0x24, 0x66, 0x8f, 0xd0, 0xe4, 0xf1, 0x17, 0xd3, 0x51, 0xa7, 0xb3, 0xcf, 0x00, 0x5c, 0x5e, 0x31, 0x74, 0x19, 0xca, 0xeb, 0xb1, 0x13, 0x1f, 0xd7, 0x58, 0x45, 0x29, 0x79, 0x21, 0x03, 0x88, 0x89, 0xcd, 0x31, 0x4d, 0xff, 0x9f, 0x56, 0xaf, 0xf2, 0x18, 0xcd, 0x81, 0x04, 0x0b, 0x17, 0x75, 0x63, 0x60, 0x1d, 0xfe, 0x58, 0xa0, 0xe0, 0x2b, 0x2f, 0xf3, 0x57, 0x46, 0xcb, 0xee, 0x51, 0x76, 0xcb, 0x4e, 0x69, 0x34, 0xcf, 0xa2, 0x7d, 0x59, 0xcc, 0x12, 0x08, 0x89, 0x76, 0x6b, 0x72, 0xcc, 0xe4, 0x6c, 0x09, 0x79, 0x57, 0xd0, 0x06, 0xe0, 0xf2, 0x21, 0xc3, 0xe2, 0x30, 0x3b, 0x63, 0x41, 0x6f, 0xe5, 0x84, 0xa3, 0x8a, 0x8b, 0x79, 0xb7, 0x92, 0xbc, 0xd5, 0xb6, 0xe7, 0xfe, 0xa2, 0x9a, 0x1d, 0x26, 0x00, 0x52, 0x92, 0x02, 0xb3, 0xdf, 0xf2, 0xf3, 0x41, 0x42, 0xa6, 0x82, 0xd9, 0xad, 0x0a, 0xf8, 0x32, 0x1c, 0x11, 0x14, 0x2c, 0x9d, 0xc3, 0x08, 0x6a, 0x92, 0x59, 0x3a, 0x61, 0x8a, 0xda, 0xc9, 0xbb, 0x46, 0x4f, 0xc8, 0x68, 0x3d, 0xee, 0x6a, 0xac, 0x15, 0xb0, 0x94, 0x64, 0x27, 0x74, 0xc9, 0xe4, 0xa8, 0xf6, 0xb6, 0x0e, 0x6c, 0x26, 0x0b, 0x31, 0x38, 0x9d, 0x40, 0xd7, 0x34, 0x3c, 0xd4, 0xe5, 0xf6, 0xea, 0xa0, 0xcb, 0xec, 0xfa, 0x92, 0x0a, 0x6a, 0x9d, 0x95, 0x52, 0x39, 0x22, 0x29, 0x54, 0x2d, 0x52, 0x43, 0x50, 0xab, 0x94, 0xf9, 0xda, 0x45, 0x6f, 0xa7, 0xd1, 0x64, 0x18, 0x25, 0x3e, 0xb4, 0x0a, 0xda, 0xf6, 0xb7, 0x49, 0x7d, 0xe2, 0x0c, 0x9c, 0x26, 0xed, 0xbb, 0xdc, 0x56, 0xc2, 0x7f, 0x43, 0x2e, 0xad, 0xac, 0x5e, 0x1f, 0xbc, 0x9f, 0xdf, 0x2c, 0xe8, 0x4b, 0xe6},
exp_k[] = {0x25, 0xe1, 0xd6, 0xba, 0x1f, 0x49, 0x90, 0x47, 0x87, 0x87, 0xc8, 0x54, 0xfb, 0xed, 0xe8, 0xff, 0xe9, 0x5e, 0x2d, 0xc5, 0xed, 0xf7, 0x88, 0x36, 0x5f, 0x27, 0x98, 0x32, 0x7e, 0x10, 0x77};
int result = FAILURE;
kx_t kx;
bn_t A, b, exp;
unsigned char k[31];
bn_init(&A);
bn_init(&b);
bn_init(&exp);
if (kx_init_std(&kx, KX_GROUP_2048_256) != SUCCESS)
goto fail2;
if (bn_from_bytes(&kx.a, test_a, sizeof(test_a)) != SUCCESS)
goto fail;
if (kx_get_A(&kx, &A) != SUCCESS)
goto fail;
if (bn_from_bytes(&exp, exp_A, sizeof(exp_A)) != SUCCESS)
goto fail;
if (bn_cmp(&A, &exp) != 0)
goto fail;
if (bn_from_bytes(&b, test_b, sizeof(test_b)) != SUCCESS)
goto fail;
if (kx_set_b(&kx, &b) != SUCCESS)
goto fail;
if (kx_get_sk(&kx, k, sizeof(k) * 8) != SUCCESS)
goto fail;
if (memcmp(k, exp_k, sizeof(k)) != 0)
goto fail;
result = SUCCESS;
fail:
kx_destroy(&kx);
fail2:
if (result == FAILURE)
fdprintf(STDERR, "KX self-test FAILED!\n");
bn_destroy(&A);
bn_destroy(&b);
bn_destroy(&exp);
return result;
}
BN_RECP_CTX *BN_RECP_CTX_new(void)
{
BN_RECP_CTX *ret;
if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
return NULL;
bn_init(&(ret->N));
bn_init(&(ret->Nr));
ret->flags = BN_FLG_MALLOCED;
return ret;
}
int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
const uint8_t *in, const uint32_t in_len,
enum padding_mode padding, enum hashing_mode hashing,
const char *label)
{
uint32_t encrypted_buf[RSA_MAX_WORDS];
uint32_t padded_buf[RSA_MAX_WORDS];
struct BIGNUM encrypted;
struct BIGNUM padded;
int ret = 1;
if (!check_modulus_params(&rsa->N, out_len))
return 0;
if (in_len != bn_size(&rsa->N))
return 0; /* Invalid input length. */
/* TODO(ngm): this copy can be eliminated if input may be modified. */
bn_init(&encrypted, encrypted_buf, in_len);
memcpy(encrypted_buf, in, in_len);
bn_init(&padded, padded_buf, in_len);
/* Reverse from big-endian to little-endian notation. */
reverse((uint8_t *) encrypted.d, encrypted.dmax * BN_BYTES);
bn_mont_modexp(&padded, &encrypted, &rsa->d, &rsa->N);
/* Back to big-endian notation. */
reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES);
switch (padding) {
case PADDING_MODE_OAEP:
if (!check_oaep_pad(out, out_len, (uint8_t *) padded.d,
bn_size(&padded), hashing, label))
ret = 0;
break;
case PADDING_MODE_PKCS1:
if (!check_pkcs1_type2_pad(
out, out_len, (const uint8_t *) padded.d,
bn_size(&padded)))
ret = 0;
break;
default:
/* Unsupported padding mode. */
ret = 0;
break;
}
dcrypto_memset(encrypted_buf, 0, sizeof(encrypted_buf));
dcrypto_memset(padded_buf, 0, sizeof(padded_buf));
return ret;
}
int DCRYPTO_rsa_verify(struct RSA *rsa, const uint8_t *digest,
uint32_t digest_len, const uint8_t *sig,
const uint32_t sig_len, enum padding_mode padding,
enum hashing_mode hashing)
{
uint32_t padded_buf[RSA_MAX_WORDS];
uint32_t signature_buf[RSA_MAX_WORDS];
uint32_t e_buf[BN_BYTES / sizeof(uint32_t)];
struct BIGNUM padded;
struct BIGNUM signature;
struct BIGNUM e;
int ret = 1;
if (!check_modulus_params(&rsa->N, NULL))
return 0;
if (sig_len != bn_size(&rsa->N))
return 0; /* Invalid input length. */
bn_init(&signature, signature_buf, bn_size(&rsa->N));
memcpy(signature_buf, sig, bn_size(&rsa->N));
bn_init(&padded, padded_buf, bn_size(&rsa->N));
bn_init(&e, e_buf, sizeof(e_buf));
*e.d = rsa->e;
/* Reverse from big-endian to little-endian notation. */
reverse((uint8_t *) signature.d, signature.dmax * BN_BYTES);
bn_mont_modexp(&padded, &signature, &e, &rsa->N);
/* Back to big-endian notation. */
reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES);
switch (padding) {
case PADDING_MODE_PKCS1:
if (!check_pkcs1_type1_pad(
digest, digest_len, (uint8_t *) padded.d,
bn_size(&padded), hashing))
ret = 0;
break;
default:
/* Unsupported padding mode. */
ret = 0;
break;
}
dcrypto_memset(padded_buf, 0, sizeof(padded_buf));
dcrypto_memset(signature_buf, 0, sizeof(signature_buf));
return ret;
}
int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
const uint8_t *in, const uint32_t in_len,
enum padding_mode padding, enum hashing_mode hashing,
const char *label)
{
uint32_t padded_buf[RSA_MAX_WORDS];
uint32_t e_buf[BN_BYTES / sizeof(uint32_t)];
struct BIGNUM padded;
struct BIGNUM e;
struct BIGNUM encrypted;
if (!check_modulus_params(&rsa->N, out_len))
return 0;
bn_init(&padded, padded_buf, bn_size(&rsa->N));
bn_init(&encrypted, out, bn_size(&rsa->N));
bn_init(&e, e_buf, sizeof(e_buf));
*e.d = rsa->e;
switch (padding) {
case PADDING_MODE_OAEP:
if (!oaep_pad((uint8_t *) padded.d, bn_size(&padded),
(const uint8_t *) in, in_len, hashing, label))
return 0;
break;
case PADDING_MODE_PKCS1:
if (!pkcs1_type2_pad((uint8_t *) padded.d, bn_size(&padded),
(const uint8_t *) in, in_len))
return 0;
break;
default:
return 0; /* Unsupported padding mode. */
}
/* Reverse from big-endian to little-endian notation. */
reverse((uint8_t *) padded.d, bn_size(&padded));
bn_mont_modexp(&encrypted, &padded, &e, &rsa->N);
/* Back to big-endian notation. */
reverse((uint8_t *) encrypted.d, bn_size(&encrypted));
*out_len = bn_size(&encrypted);
dcrypto_memset(padded_buf, 0, sizeof(padded_buf));
dcrypto_memset(e_buf, 0, sizeof(e_buf));
return 1;
}
void ep2_curve_init(void) {
ctx_t *ctx = core_get();
#ifdef EP_PRECO
for (int i = 0; i < EP_TABLE; i++) {
ctx->ep2_ptr[i] = &(ctx->ep2_pre[i]);
}
#endif
#if ALLOC == STATIC || ALLOC == DYNAMIC || ALLOC == STACK
ctx->ep2_g.x[0] = ctx->ep2_gx[0];
ctx->ep2_g.x[1] = ctx->ep2_gx[1];
ctx->ep2_g.y[0] = ctx->ep2_gy[0];
ctx->ep2_g.y[1] = ctx->ep2_gy[1];
ctx->ep2_g.z[0] = ctx->ep2_gz[0];
ctx->ep2_g.z[1] = ctx->ep2_gz[1];
#endif
#ifdef EP_PRECO
#if ALLOC == STATIC || ALLOC == DYNAMIC
for (int i = 0; i < EP_TABLE; i++) {
fp2_new(ctx->ep2_pre[i].x);
fp2_new(ctx->ep2_pre[i].y);
fp2_new(ctx->ep2_pre[i].z);
}
#elif ALLOC == STACK
for (int i = 0; i < EP_TABLE; i++) {
ctx->ep2_pre[i].x[0] = ctx->_ep2_pre[3 * i][0];
ctx->ep2_pre[i].x[1] = ctx->_ep2_pre[3 * i][1];
ctx->ep2_pre[i].y[0] = ctx->_ep2_pre[3 * i + 1][0];
ctx->ep2_pre[i].y[1] = ctx->_ep2_pre[3 * i + 1][1];
ctx->ep2_pre[i].z[0] = ctx->_ep2_pre[3 * i + 2][0];
ctx->ep2_pre[i].z[1] = ctx->_ep2_pre[3 * i + 2][1];
}
#endif
#endif
ep2_set_infty(&(ctx->ep2_g));
bn_init(&(ctx->ep2_r), FP_DIGS);
bn_init(&(ctx->ep2_h), FP_DIGS);
}
void kx_init_common(kx_t *kx)
{
bn_init(&kx->P);
bn_init(&kx->Q);
bn_init(&kx->G);
bn_init(&kx->a);
bn_init(&kx->b);
bn_init(&kx->S);
}
int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
const uint8_t *in, const uint32_t in_len,
enum padding_mode padding, enum hashing_mode hashing)
{
uint32_t padded_buf[RSA_MAX_WORDS];
struct BIGNUM padded;
struct BIGNUM signature;
if (!check_modulus_params(&rsa->N, out_len))
return 0;
bn_init(&padded, padded_buf, bn_size(&rsa->N));
bn_init(&signature, out, bn_size(&rsa->N));
/* TODO(ngm): add support for PSS. */
switch (padding) {
case PADDING_MODE_PKCS1:
if (!pkcs1_type1_pad((uint8_t *) padded.d, bn_size(&padded),
(const uint8_t *) in, in_len, hashing))
return 0;
break;
default:
return 0;
}
/* Reverse from big-endian to little-endian notation. */
reverse((uint8_t *) padded.d, bn_size(&padded));
bn_mont_modexp(&signature, &padded, &rsa->d, &rsa->N);
/* Back to big-endian notation. */
reverse((uint8_t *) signature.d, bn_size(&signature));
*out_len = bn_size(&rsa->N);
dcrypto_memset(padded_buf, 0, sizeof(padded_buf));
return 1;
}
int start(int nodeID) {
snprintf(thisID, 10, "%d", nodeID);
core_init();
if (pc_param_set_any() != STS_OK) {
return 1;
}
/* Simulate PKG. The private key should be loaded statically in real deployments. */
bn_init(&masterKey, BN_DIGS);
bn_read_str(&masterKey, "123456789ABCDEF123456789ABCDEF123456789ABCDEF123456789ABCDEF", 64, 16);
cp_sokaka_gen_prv(privateKey, thisID, strlen(thisID), &masterKey);
printf("TinyPBC \t Private key received.\n");
return 0;
}
void fp_invn_low(dig_t *c, const dig_t *a) {
bn_st e;
bn_init(&e, RLC_FP_DIGS);
e.used = RLC_FP_DIGS;
dv_copy(e.dp, fp_prime_get(), RLC_FP_DIGS);
bn_sub1_low(e.dp, e.dp, 2, RLC_FP_DIGS);
#if AUTO == ALLOC
fp_exp(c, a, &e);
#else
fp_exp(c, (const fp_t)a, &e);
#endif
bn_clean(&e);
}
static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
{
BIGNUM *bn;
unsigned int loop;
/* Full; allocate a new pool item and link it in. */
if (p->used == p->size) {
BN_POOL_ITEM *item;
if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
return NULL;
}
for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
bn_init(bn);
if ((flag & BN_FLG_SECURE) != 0)
BN_set_flags(bn, BN_FLG_SECURE);
}
item->prev = p->tail;
item->next = NULL;
if (p->head == NULL)
p->head = p->current = p->tail = item;
else {
p->tail->next = item;
p->tail = item;
p->current = item;
}
p->size += BN_CTX_POOL_SIZE;
p->used++;
/* Return the first bignum from the new pool */
return item->vals;
}
if (!p->used)
p->current = p->head;
else if ((p->used % BN_CTX_POOL_SIZE) == 0)
p->current = p->current->next;
return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
}
void BN_RECP_CTX_init(BN_RECP_CTX *recp)
{
memset(recp, 0, sizeof(*recp));
bn_init(&(recp->N));
bn_init(&(recp->Nr));
}
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
{
int i, ret = 0;
BIGNUM *Ri, *R;
if (BN_is_zero(mod))
return 0;
BN_CTX_start(ctx);
if ((Ri = BN_CTX_get(ctx)) == NULL)
goto err;
R = &(mont->RR); /* grab RR as a temp */
if (!BN_copy(&(mont->N), mod))
goto err; /* Set N */
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
mont->N.neg = 0;
#ifdef MONT_WORD
{
BIGNUM tmod;
BN_ULONG buf[2];
bn_init(&tmod);
tmod.d = buf;
tmod.dmax = 2;
tmod.neg = 0;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(&tmod, BN_FLG_CONSTTIME);
mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
/*
* Only certain BN_BITS2<=32 platforms actually make use of n0[1],
* and we could use the #else case (with a shorter R value) for the
* others. However, currently only the assembler files do know which
* is which.
*/
BN_zero(R);
if (!(BN_set_bit(R, 2 * BN_BITS2)))
goto err;
tmod.top = 0;
if ((buf[0] = mod->d[0]))
tmod.top = 1;
if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
tmod.top = 2;
if (BN_is_one(&tmod))
BN_zero(Ri);
else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
goto err; /* R*Ri */
if (!BN_is_zero(Ri)) {
if (!BN_sub_word(Ri, 1))
goto err;
} else { /* if N mod word size == 1 */
if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
goto err;
/* Ri-- (mod double word size) */
Ri->neg = 0;
Ri->d[0] = BN_MASK2;
Ri->d[1] = BN_MASK2;
Ri->top = 2;
}
if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
goto err;
/*
* Ni = (R*Ri-1)/N, keep only couple of least significant words:
*/
mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
# else
BN_zero(R);
if (!(BN_set_bit(R, BN_BITS2)))
goto err; /* R */
buf[0] = mod->d[0]; /* tmod = N mod word size */
buf[1] = 0;
tmod.top = buf[0] != 0 ? 1 : 0;
/* Ri = R^-1 mod N */
if (BN_is_one(&tmod))
BN_zero(Ri);
else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
goto err;
if (!BN_lshift(Ri, Ri, BN_BITS2))
goto err; /* R*Ri */
if (!BN_is_zero(Ri)) {
if (!BN_sub_word(Ri, 1))
goto err;
} else { /* if N mod word size == 1 */
if (!BN_set_word(Ri, BN_MASK2))
goto err; /* Ri-- (mod word size) */
}
if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
goto err;
/*
* Ni = (R*Ri-1)/N, keep only least significant word:
*/
mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
mont->n0[1] = 0;
# endif
}
#else /* !MONT_WORD */
{ /* bignum version */
mont->ri = BN_num_bits(&mont->N);
BN_zero(R);
if (!BN_set_bit(R, mont->ri))
goto err; /* R = 2^ri */
/* Ri = R^-1 mod N */
if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
goto err;
if (!BN_lshift(Ri, Ri, mont->ri))
goto err; /* R*Ri */
if (!BN_sub_word(Ri, 1))
goto err;
/*
* Ni = (R*Ri-1) / N
*/
if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
goto err;
}
#endif
/* setup RR for conversions */
BN_zero(&(mont->RR));
if (!BN_set_bit(&(mont->RR), mont->ri * 2))
goto err;
if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
goto err;
for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
mont->RR.d[i] = 0;
mont->RR.top = ret;
mont->RR.flags |= BN_FLG_FIXED_TOP;
ret = 1;
err:
BN_CTX_end(ctx);
return ret;
}
static int test_bn_modinv_helper(const BIGNUM *E, BN_CTX *ctx)
{
int i;
BIGNUM *MOD = BN_CTX_get(ctx);
for (i = 0; i < 1000; i++) {
uint32_t m_buf[64];
uint32_t d_buf[64];
uint32_t e_buf[32];
int has_inverse;
int test_inverse;
struct LITE_BIGNUM m;
struct LITE_BIGNUM e;
struct LITE_BIGNUM d;
BIGNUM *r = BN_CTX_get(ctx);
memset(e_buf, 0, sizeof(e_buf));
/* Top bit set, bottom bit clear. */
BN_rand(MOD, 2048, 1, 0);
if (BN_mod_inverse(r, E, MOD, ctx))
has_inverse = 1;
else
has_inverse = 0;
DCRYPTO_bn_wrap(&m, m_buf, sizeof(m_buf));
memcpy(m_buf, MOD->d, sizeof(m_buf));
assert(BN_num_bytes(E) <= sizeof(e_buf));
memcpy(e_buf, E->d, BN_num_bytes(E));
DCRYPTO_bn_wrap(&e, e_buf, sizeof(e_buf));
bn_init(&d, d_buf, sizeof(d_buf));
test_inverse = bn_modinv_vartime(&d, &e, &m);
if (test_inverse != has_inverse) {
fprintf(stderr,
"ossl inverse: %d, dcrypto inverse: %d\n",
has_inverse, test_inverse);
fprintf(stderr, "d : ");
BN_print_fp(stderr, r);
fprintf(stderr, "\n");
fprintf(stderr, "e : ");
BN_print_fp(stderr, E);
fprintf(stderr, "\n");
fprintf(stderr, "M : ");
BN_print_fp(stderr, MOD);
fprintf(stderr, "\n");
return 1;
}
if (has_inverse) {
if (memcmp(d.d, r->d, BN_num_bytes(r)) != 0) {
fprintf(stderr, "memcmp fail\n");
return 1;
}
}
BN_free(r);
}
return 0;
}
int main(){
volatile int quit=0,quitMenu=0,err;
int nbreceived=0;
sMsg msgIn;
char cmd;
bn_Address destAd;
int ret;
float var=0;
int i;
int msg2send=10000,msgSend=0,msgNStatused=0,msgNOk=0,avgElem=0;
float avgMes=0,avgVal=0;
sMsg out;
struct timeval currentClock, prevClock;
bn_init();
bn_attach(E_ROLE_SETUP,role_setup);
printf("listening, CTRL+C for menu\n");
signal(SIGINT, intHandler);
gettimeofday(&prevClock,NULL);
while (!quit){
usleep(500);
memset(&msgIn,0,sizeof(sMsg));
// receive messages, and deal with it.
if (bn_receive(&msgIn)>0){
printf("message received from %hx, type : %u\n",msgIn.header.srcAddr,msgIn.header.type);
switch (msgIn.header.type){
case E_DEBUG : printf("%s\n",msgIn.payload.debug); break;
case E_DATA : //plot raw payload
for ( i=0 ; i<msgIn.header.size && i<54; i++){
printf(" %hx",msgIn.payload.raw[i]);
}
printf("\n");
break;
case E_ACK_RESPONSE : printf("ack response : %d, ack addr %hx\n",msgIn.payload.ack.ans,msgIn.payload.ack.addr); break;
case E_WELL_CTRL :
case E_TEST_PKT :
well_deamon(&msgIn);
break;
case E_CBR_CTRL :
cbr_controller(&msgIn);
break;
default :
break;
}
}
cbr_deamon();
if (menu){
menu=0;
quitMenu=0;
while (!quitMenu){
cmd=0;
printf("nb msg received : %d\n",nbreceived);
nbreceived=0;
printf("\ndebug reader menu\n");
printf("s : send debugger address\n");
printf("i : info about this node\n");
printf("b : send a burst of message to \n");
printf("p : ping\n");
printf("t : traceroute\n");
printf("r : return\n");
printf("q : quit\n");
while(isspace(cmd=getchar()));
switch (toupper(cmd)){
case 'R' : quitMenu=1; printf("back to listening, CTRL+C for menu\n\n"); break;
case 'Q' : quitMenu=1; quit=1; break;
case 'S' :
printf("enter destination address\n");
scanf("%hx",&destAd);
if ( (err=bn_debugSendAddr(destAd)) > 0){
printf("signalling send\n");
quitMenu=1;
}
else {
printf("error while sending : %d\n", err);
}
break;
case 'I' :
printf("my addr (total) : %4hx\n",MYADDRX);
printf("my addr (local) : %4hx\n",MYADDRX&DEVICEX_MASK);
printf("my subnet : %4hx\n\n",MYADDRX&SUBNET_MASK);
break;
case 'B' :
avgMes=0;
avgVal=0;
avgElem=0;
var=0;
printf("enter destination address\n");
scanf("%hx",&out.header.destAddr);
out.header.type=E_TEST_PKT;
printf("enter number of message to send\n");
scanf("%d",&msg2send);
gettimeofday(&prevClock,NULL);
msgNOk=0;
msgNStatused=0;
msgSend=0;
while ( msg2send>0 ){
out.header.size=1;
switch (ret=bn_sendAck(&out)){
case 1 : msgSend++; break;
case -ERR_BN_ACK_TIMEOUT : msgNStatused++; break;
case -ERR_BN_NACK_BROKEN_LINK : msgNOk++; break;
// default : printf("blah %d %d\n",ret,msg2send);break;
}
gettimeofday(¤tClock,NULL);
if (ret>=0){
avgElem++;
avgMes=(float)((currentClock.tv_sec*1000000 + currentClock.tv_usec)-(prevClock.tv_sec*1000000 + prevClock.tv_usec));
avgVal=avgMes/(float)avgElem +avgVal*((float)(avgElem-1))/((float)avgElem);
if (avgElem>1) var=((avgElem-1)*var)/avgElem + (avgMes-avgVal)*(avgMes-avgVal)/(avgElem-1);
fprintf(stderr,"%f,%f,%f\n", avgMes, avgVal, var);
}
prevClock=currentClock;
if (msg2send==1) printf("send(acked) %d, timeout %d, Nack bkn link %d, interval %f , stdev %f \n",msgSend, msgNStatused,msgNOk,avgVal,sqrt(var));
msg2send--;
}
break;
case 'P' :
destAd=0;
printf("enter destination adress\n");
scanf("%hx",&destAd);
printf("ping %hx : %d ms\n",destAd,bn_ping(destAd));
break;
case 'T' :
{
destAd=0;
printf("enter destination adress\n");
scanf("%hx",&destAd);
int depth;
printf("enter depth\n");
scanf("%i",&depth);
sTraceInfo trInfo[depth];
int nbTraces,f;
nbTraces=bn_traceroute(destAd,trInfo,depth,1000);
for (f=0;f<nbTraces;f++){
printf("%hx in %d ms\n",trInfo[f].addr,trInfo[f].ping);
}
}
break;
default : break;
}
}
}
}
printf("bye\n");
bn_detach(E_DEBUG_SIGNALLING);
return 0;
}
int choose_strategy_move(const parity_game* g, const recursive_result* strategy, const int player, const int* src,
int* current_player, bool* strategy_play, bool* result, bool* deadlock, int* dst)
{
int group = -1;
vset_t level = vset_create(g->domain, -1, NULL);
vset_t tmp = vset_create(g->domain, -1, NULL);
vset_t singleton = vset_create(g->domain, -1, NULL);
vset_add(singleton, src);
// Do a random run through the game, conforming to
// the strategy in result.
*current_player = (vset_member(g->v_player[player], src) ? player : 1-player);
Print(hre_debug, "Using strategy of player %d. The position is owned by player %d.", player, *current_player);
if (*current_player==player && vset_member(strategy->win[player], src))
{
//printf("Player %d chooses according to his/her winning strategy.\n", player);
// Choose a transition according to the strategy of player
*strategy_play = true;
vset_t strategy_level = vset_create(g->domain, -1, NULL);
compute_strategy_level(strategy_level, src, player, strategy);
vset_clear(level);
for (int i=0; i < g->num_groups; i++) {
vset_next(tmp, singleton, g->e[i]);
vset_intersect(tmp, strategy_level);
if (!vset_is_empty(tmp))
{
vset_copy(level, tmp);
// Choose a random element:
//printf("Choosing a transition from transition group %d.\n", i);
group = i;
vset_random(level, dst);
break;
}
}
// Check for deadlocks
if (vset_is_empty(level)) {
*deadlock = true;
*result = (*current_player != player);
Print(infoLong, "Deadlock for player %d, player %s has won, result is %s.",
*current_player,
(*current_player==1) ? "0 (even / or)" : "1 (odd / and)",
*result ? "true" : "false");
}
}
else
{
//Print(info, "Not player %d's turn or player %d has no winning strategy. Choosing an arbitrary move for player %d.",
// player, player, *current_player);
// this states belongs to (1-player) or player does not have a winning strategy
*strategy_play = false;
vset_t strategy_level = vset_create(g->domain, -1, NULL);
/*
if (vset_member(result.win[current_player], src))
{
// winning move after all
compute_strategy_level(strategy_level, src, current_player, result);
if (vset_is_empty(strategy_level)) {
Print(info, "Unexpected: src is in win[%d], but strategy_level is empty.", current_player);
} else {
strategy_play = true;
}
}
*/
// choose a random move
vset_clear(level);
for (int i=0; i < g->num_groups; i++) {
vset_next(tmp, singleton, g->e[i]);
if (*strategy_play && !vset_is_empty(tmp)) {
vset_intersect(tmp, strategy_level);
if (!vset_is_empty(tmp))
{
vset_copy(level, tmp);
// Choose a random element:
//printf("Choosing a transition from transition group %d.\n", i);
group = i;
vset_random(level, dst);
break;
}
} else {
vset_union(level, tmp);
}
}
// Check for deadlocks
if (vset_is_empty(level)) {
*deadlock = true;
*result = (*current_player != player);
Print(infoLong, "Deadlock for player %d, player %s has won, result is %s.",
*current_player,
(*current_player==1) ? "0 (even / or)" : "1 (odd / and)",
*result ? "true" : "false");
} else if (!*strategy_play) {
//Print(info, "choose randomly");
long int nodes;
bn_int_t states;
bn_init(&states);
vset_count(level, &nodes, &states);
vset_random(level, dst);
}
}
return group;
}
