/src/libgcrypt/mpi/mpiutil.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* mpiutil.ac - Utility functions for MPI |
2 | | * Copyright (C) 1998, 2000, 2001, 2002, 2003, |
3 | | * 2007 Free Software Foundation, Inc. |
4 | | * Copyright (C) 2013 g10 Code GmbH |
5 | | * |
6 | | * This file is part of Libgcrypt. |
7 | | * |
8 | | * Libgcrypt is free software; you can redistribute it and/or modify |
9 | | * it under the terms of the GNU Lesser General Public License as |
10 | | * published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * Libgcrypt is distributed in the hope that it will be useful, |
14 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | | * GNU Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public |
19 | | * License along with this program; if not, see <http://www.gnu.org/licenses/>. |
20 | | */ |
21 | | |
22 | | #include <config.h> |
23 | | #include <stdio.h> |
24 | | #include <stdlib.h> |
25 | | #include <string.h> |
26 | | |
27 | | #include "g10lib.h" |
28 | | #include "mpi-internal.h" |
29 | | #include "mod-source-info.h" |
30 | | |
31 | | |
32 | | #if SIZEOF_UNSIGNED_INT == 2 |
33 | | # define MY_UINT_MAX 0xffff |
34 | | /* (visual check: 0123 ) */ |
35 | | #elif SIZEOF_UNSIGNED_INT == 4 |
36 | 0 | # define MY_UINT_MAX 0xffffffff |
37 | | /* (visual check: 01234567 ) */ |
38 | | #elif SIZEOF_UNSIGNED_INT == 8 |
39 | | # define MY_UINT_MAX 0xffffffffffffffff |
40 | | /* (visual check: 0123456789abcdef ) */ |
41 | | #else |
42 | | # error Need MY_UINT_MAX for this limb size |
43 | | #endif |
44 | | |
45 | | |
46 | | /* Constants allocated right away at startup. */ |
47 | | static gcry_mpi_t constants[MPI_NUMBER_OF_CONSTANTS]; |
48 | | |
49 | | /* These variables are used to generate masks from conditional operation |
50 | | * flag parameters. Use of volatile prevents compiler optimizations from |
51 | | * converting AND-masking to conditional branches. */ |
52 | | static volatile mpi_limb_t vzero = 0; |
53 | | static volatile mpi_limb_t vone = 1; |
54 | | |
55 | | |
56 | | const char * |
57 | | _gcry_mpi_get_hw_config (void) |
58 | 0 | { |
59 | 0 | return mod_source_info + 1; |
60 | 0 | } |
61 | | |
62 | | |
63 | | /* Initialize the MPI subsystem. This is called early and allows to |
64 | | do some initialization without taking care of threading issues. */ |
65 | | gcry_err_code_t |
66 | | _gcry_mpi_init (void) |
67 | 1 | { |
68 | 1 | int idx; |
69 | 1 | unsigned long value; |
70 | | |
71 | 7 | for (idx=0; idx < MPI_NUMBER_OF_CONSTANTS; idx++) |
72 | 6 | { |
73 | 6 | switch (idx) |
74 | 6 | { |
75 | 1 | case MPI_C_ZERO: value = 0; break; |
76 | 1 | case MPI_C_ONE: value = 1; break; |
77 | 1 | case MPI_C_TWO: value = 2; break; |
78 | 1 | case MPI_C_THREE: value = 3; break; |
79 | 1 | case MPI_C_FOUR: value = 4; break; |
80 | 1 | case MPI_C_EIGHT: value = 8; break; |
81 | 0 | default: log_bug ("invalid mpi_const selector %d\n", idx); |
82 | 6 | } |
83 | 6 | constants[idx] = mpi_alloc_set_ui (value); |
84 | 6 | constants[idx]->flags = (16|32); |
85 | 6 | } |
86 | | |
87 | 1 | return 0; |
88 | 1 | } |
89 | | |
90 | | |
91 | | /**************** |
92 | | * Note: It was a bad idea to use the number of limbs to allocate |
93 | | * because on a alpha the limbs are large but we normally need |
94 | | * integers of n bits - So we should change this to bits (or bytes). |
95 | | * |
96 | | * But mpi_alloc is used in a lot of places :-(. New code |
97 | | * should use mpi_new. |
98 | | */ |
99 | | gcry_mpi_t |
100 | | _gcry_mpi_alloc( unsigned nlimbs ) |
101 | 162k | { |
102 | 162k | gcry_mpi_t a; |
103 | | |
104 | 162k | a = xmalloc( sizeof *a ); |
105 | 162k | a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 0 ) : NULL; |
106 | 162k | a->alloced = nlimbs; |
107 | 162k | a->nlimbs = 0; |
108 | 162k | a->sign = 0; |
109 | 162k | a->flags = 0; |
110 | 162k | return a; |
111 | 162k | } |
112 | | |
113 | | gcry_mpi_t |
114 | | _gcry_mpi_alloc_secure( unsigned nlimbs ) |
115 | 0 | { |
116 | 0 | gcry_mpi_t a; |
117 | |
|
118 | 0 | a = xmalloc( sizeof *a ); |
119 | 0 | a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 1 ) : NULL; |
120 | 0 | a->alloced = nlimbs; |
121 | 0 | a->flags = 1; |
122 | 0 | a->nlimbs = 0; |
123 | 0 | a->sign = 0; |
124 | 0 | return a; |
125 | 0 | } |
126 | | |
127 | | |
128 | | |
129 | | mpi_ptr_t |
130 | | _gcry_mpi_alloc_limb_space( unsigned int nlimbs, int secure ) |
131 | 9.05k | { |
132 | 9.05k | mpi_ptr_t p; |
133 | 9.05k | size_t len; |
134 | | |
135 | 9.05k | len = (nlimbs ? nlimbs : 1) * sizeof (mpi_limb_t); |
136 | 9.05k | p = secure ? xmalloc_secure (len) : xmalloc (len); |
137 | 9.05k | if (! nlimbs) |
138 | 0 | *p = 0; |
139 | | |
140 | 9.05k | return p; |
141 | 9.05k | } |
142 | | |
143 | | void |
144 | | _gcry_mpi_free_limb_space( mpi_ptr_t a, unsigned int nlimbs) |
145 | 162k | { |
146 | 162k | if (a) |
147 | 9.04k | { |
148 | 9.04k | size_t len = nlimbs * sizeof(mpi_limb_t); |
149 | | |
150 | | /* If we have information on the number of allocated limbs, we |
151 | | better wipe that space out. This is a failsafe feature if |
152 | | secure memory has been disabled or was not properly |
153 | | implemented in user provided allocation functions. */ |
154 | 9.04k | if (len) |
155 | 9.04k | wipememory (a, len); |
156 | 9.04k | xfree(a); |
157 | 9.04k | } |
158 | 162k | } |
159 | | |
160 | | |
161 | | void |
162 | | _gcry_mpi_assign_limb_space( gcry_mpi_t a, mpi_ptr_t ap, unsigned int nlimbs ) |
163 | 0 | { |
164 | 0 | _gcry_mpi_free_limb_space (a->d, a->alloced); |
165 | 0 | a->d = ap; |
166 | 0 | a->alloced = nlimbs; |
167 | 0 | } |
168 | | |
169 | | |
170 | | |
171 | | /**************** |
172 | | * Resize the array of A to NLIMBS. The additional space is cleared |
173 | | * (set to 0). |
174 | | */ |
175 | | void |
176 | | _gcry_mpi_resize (gcry_mpi_t a, unsigned nlimbs) |
177 | 0 | { |
178 | 0 | size_t i; |
179 | |
|
180 | 0 | if (nlimbs <= a->alloced) |
181 | 0 | { |
182 | | /* We only need to clear the new space (this is a nop if the |
183 | | limb space is already of the correct size. */ |
184 | 0 | for (i=a->nlimbs; i < a->alloced; i++) |
185 | 0 | a->d[i] = 0; |
186 | 0 | return; |
187 | 0 | } |
188 | | |
189 | | /* Actually resize the limb space. */ |
190 | 0 | if (a->d) |
191 | 0 | { |
192 | 0 | a->d = xrealloc (a->d, nlimbs * sizeof (mpi_limb_t)); |
193 | 0 | for (i=a->nlimbs; i < nlimbs; i++) |
194 | 0 | a->d[i] = 0; |
195 | 0 | } |
196 | 0 | else |
197 | 0 | { |
198 | 0 | if (a->flags & 1) |
199 | | /* Secure memory is wanted. */ |
200 | 0 | a->d = xcalloc_secure (nlimbs , sizeof (mpi_limb_t)); |
201 | 0 | else |
202 | | /* Standard memory. */ |
203 | 0 | a->d = xcalloc (nlimbs , sizeof (mpi_limb_t)); |
204 | 0 | } |
205 | 0 | a->alloced = nlimbs; |
206 | 0 | } |
207 | | |
208 | | void |
209 | | _gcry_mpi_clear( gcry_mpi_t a ) |
210 | 0 | { |
211 | 0 | if (mpi_is_immutable (a)) |
212 | 0 | { |
213 | 0 | mpi_immutable_failed (); |
214 | 0 | return; |
215 | 0 | } |
216 | 0 | a->nlimbs = 0; |
217 | 0 | a->flags = 0; |
218 | 0 | } |
219 | | |
220 | | |
221 | | void |
222 | | _gcry_mpi_free( gcry_mpi_t a ) |
223 | 7.41M | { |
224 | 7.41M | if (!a ) |
225 | 7.25M | return; |
226 | 162k | if ((a->flags & 32)) |
227 | 0 | { |
228 | 0 | #if GPGRT_VERSION_NUMBER >= 0x011600 /* 1.22 */ |
229 | 0 | gpgrt_annotate_leaked_object(a); |
230 | 0 | #endif |
231 | 0 | return; /* Never release a constant. */ |
232 | 0 | } |
233 | 162k | if ((a->flags & 4)) |
234 | 81.9k | xfree( a->d ); |
235 | 80.5k | else |
236 | 80.5k | { |
237 | 80.5k | _gcry_mpi_free_limb_space(a->d, a->alloced); |
238 | 80.5k | } |
239 | | /* Check that the flags makes sense. We better allow for bit 1 |
240 | | (value 2) for backward ABI compatibility. */ |
241 | 162k | if ((a->flags & ~(1|2|4|16 |
242 | 162k | |GCRYMPI_FLAG_USER1 |
243 | 162k | |GCRYMPI_FLAG_USER2 |
244 | 162k | |GCRYMPI_FLAG_USER3 |
245 | 162k | |GCRYMPI_FLAG_USER4))) |
246 | 0 | log_bug("invalid flag value in mpi_free\n"); |
247 | 162k | xfree (a); |
248 | 162k | } |
249 | | |
250 | | |
251 | | void |
252 | | _gcry_mpi_immutable_failed (void) |
253 | 0 | { |
254 | 0 | log_info ("Warning: trying to change an immutable MPI\n"); |
255 | 0 | } |
256 | | |
257 | | |
258 | | static void |
259 | | mpi_set_secure( gcry_mpi_t a ) |
260 | 0 | { |
261 | 0 | mpi_ptr_t ap, bp; |
262 | |
|
263 | 0 | if ( (a->flags & 1) ) |
264 | 0 | return; |
265 | 0 | a->flags |= 1; |
266 | 0 | ap = a->d; |
267 | 0 | if (!a->nlimbs) |
268 | 0 | { |
269 | 0 | gcry_assert (!ap); |
270 | 0 | return; |
271 | 0 | } |
272 | 0 | bp = mpi_alloc_limb_space (a->alloced, 1); |
273 | 0 | MPN_COPY( bp, ap, a->nlimbs ); |
274 | 0 | a->d = bp; |
275 | 0 | _gcry_mpi_free_limb_space (ap, a->alloced); |
276 | 0 | } |
277 | | |
278 | | |
279 | | gcry_mpi_t |
280 | | _gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits) |
281 | 81.9k | { |
282 | 81.9k | if (!a) |
283 | 81.9k | a = mpi_alloc(0); |
284 | | |
285 | 81.9k | if (mpi_is_immutable (a)) |
286 | 0 | { |
287 | 0 | mpi_immutable_failed (); |
288 | 0 | return a; |
289 | 0 | } |
290 | | |
291 | 81.9k | if( a->flags & 4 ) |
292 | 0 | xfree (a->d); |
293 | 81.9k | else |
294 | 81.9k | _gcry_mpi_free_limb_space (a->d, a->alloced); |
295 | | |
296 | 81.9k | a->d = p; |
297 | 81.9k | a->alloced = 0; |
298 | 81.9k | a->nlimbs = 0; |
299 | 81.9k | a->sign = nbits; |
300 | 81.9k | a->flags = 4 | (a->flags & (GCRYMPI_FLAG_USER1|GCRYMPI_FLAG_USER2 |
301 | 81.9k | |GCRYMPI_FLAG_USER3|GCRYMPI_FLAG_USER4)); |
302 | 81.9k | if (_gcry_is_secure (a->d)) |
303 | 0 | a->flags |= 1; |
304 | 81.9k | return a; |
305 | 81.9k | } |
306 | | |
307 | | |
308 | | gcry_mpi_t |
309 | | _gcry_mpi_set_opaque_copy (gcry_mpi_t a, const void *p, unsigned int nbits) |
310 | 0 | { |
311 | 0 | void *d; |
312 | 0 | unsigned int n; |
313 | |
|
314 | 0 | n = (nbits+7)/8; |
315 | 0 | d = _gcry_is_secure (p)? xtrymalloc_secure (n) : xtrymalloc (n); |
316 | 0 | if (!d) |
317 | 0 | return NULL; |
318 | 0 | memcpy (d, p, n); |
319 | 0 | return mpi_set_opaque (a, d, nbits); |
320 | 0 | } |
321 | | |
322 | | |
323 | | void * |
324 | | _gcry_mpi_get_opaque (gcry_mpi_t a, unsigned int *nbits) |
325 | 42.6k | { |
326 | 42.6k | if( !(a->flags & 4) ) |
327 | 0 | log_bug("mpi_get_opaque on normal mpi\n"); |
328 | 42.6k | if( nbits ) |
329 | 42.6k | *nbits = a->sign; |
330 | 42.6k | return a->d; |
331 | 42.6k | } |
332 | | |
333 | | |
334 | | void * |
335 | | _gcry_mpi_get_opaque_copy (gcry_mpi_t a, unsigned int *nbits) |
336 | 0 | { |
337 | 0 | const void *s; |
338 | 0 | void *d; |
339 | 0 | unsigned int n; |
340 | |
|
341 | 0 | s = mpi_get_opaque (a, nbits); |
342 | 0 | if (!s && nbits) |
343 | 0 | return NULL; |
344 | 0 | n = (*nbits+7)/8; |
345 | 0 | d = _gcry_is_secure (s)? xtrymalloc_secure (n) : xtrymalloc (n); |
346 | 0 | if (d) |
347 | 0 | memcpy (d, s, n); |
348 | 0 | return d; |
349 | 0 | } |
350 | | |
351 | | /**************** |
352 | | * Note: This copy function should not interpret the MPI |
353 | | * but copy it transparently. |
354 | | */ |
355 | | gcry_mpi_t |
356 | | _gcry_mpi_copy (gcry_mpi_t a) |
357 | 1.94k | { |
358 | 1.94k | int i; |
359 | 1.94k | gcry_mpi_t b; |
360 | | |
361 | 1.94k | if( a && (a->flags & 4) ) { |
362 | 800 | void *p = NULL; |
363 | 800 | if (a->sign) { |
364 | 800 | p = _gcry_is_secure(a->d)? xmalloc_secure ((a->sign+7)/8) |
365 | 800 | : xmalloc ((a->sign+7)/8); |
366 | 800 | if (a->d) |
367 | 800 | memcpy( p, a->d, (a->sign+7)/8 ); |
368 | 800 | } |
369 | 800 | b = mpi_set_opaque( NULL, p, a->sign ); |
370 | 800 | b->flags = a->flags; |
371 | 800 | b->flags &= ~(16|32); /* Reset the immutable and constant flags. */ |
372 | 800 | } |
373 | 1.14k | else if( a ) { |
374 | 713 | b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs ) |
375 | 713 | : mpi_alloc( a->nlimbs ); |
376 | 713 | b->nlimbs = a->nlimbs; |
377 | 713 | b->sign = a->sign; |
378 | 713 | b->flags = a->flags; |
379 | 713 | b->flags &= ~(16|32); /* Reset the immutable and constant flags. */ |
380 | 1.48k | for(i=0; i < b->nlimbs; i++ ) |
381 | 772 | b->d[i] = a->d[i]; |
382 | 713 | } |
383 | 427 | else |
384 | 427 | b = NULL; |
385 | 1.94k | return b; |
386 | 1.94k | } |
387 | | |
388 | | |
389 | | /* Return true if A is negative. */ |
390 | | int |
391 | | _gcry_mpi_is_neg (gcry_mpi_t a) |
392 | 0 | { |
393 | 0 | if (a->sign && _gcry_mpi_cmp_ui (a, 0)) |
394 | 0 | return 1; |
395 | 0 | else |
396 | 0 | return 0; |
397 | 0 | } |
398 | | |
399 | | |
400 | | /* W = - U */ |
401 | | void |
402 | | _gcry_mpi_neg (gcry_mpi_t w, gcry_mpi_t u) |
403 | 0 | { |
404 | 0 | if (w != u) |
405 | 0 | mpi_set (w, u); |
406 | 0 | else if (mpi_is_immutable (w)) |
407 | 0 | { |
408 | 0 | mpi_immutable_failed (); |
409 | 0 | return; |
410 | 0 | } |
411 | | |
412 | 0 | w->sign = !u->sign; |
413 | 0 | } |
414 | | |
415 | | |
416 | | /* W = [W] */ |
417 | | void |
418 | | _gcry_mpi_abs (gcry_mpi_t w) |
419 | 0 | { |
420 | 0 | if (mpi_is_immutable (w)) |
421 | 0 | { |
422 | 0 | mpi_immutable_failed (); |
423 | 0 | return; |
424 | 0 | } |
425 | | |
426 | 0 | w->sign = 0; |
427 | 0 | } |
428 | | |
429 | | |
430 | | /**************** |
431 | | * This function allocates an MPI which is optimized to hold |
432 | | * a value as large as the one given in the argument and allocates it |
433 | | * with the same flags as A. |
434 | | */ |
435 | | gcry_mpi_t |
436 | | _gcry_mpi_alloc_like( gcry_mpi_t a ) |
437 | 0 | { |
438 | 0 | gcry_mpi_t b; |
439 | |
|
440 | 0 | if( a && (a->flags & 4) ) { |
441 | 0 | int n = (a->sign+7)/8; |
442 | 0 | void *p = _gcry_is_secure(a->d)? xtrymalloc_secure (n) |
443 | 0 | : xtrymalloc (n); |
444 | 0 | memcpy( p, a->d, n ); |
445 | 0 | b = mpi_set_opaque( NULL, p, a->sign ); |
446 | 0 | } |
447 | 0 | else if( a ) { |
448 | 0 | b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs ) |
449 | 0 | : mpi_alloc( a->nlimbs ); |
450 | 0 | b->nlimbs = 0; |
451 | 0 | b->sign = 0; |
452 | 0 | b->flags = a->flags; |
453 | 0 | } |
454 | 0 | else |
455 | 0 | b = NULL; |
456 | 0 | return b; |
457 | 0 | } |
458 | | |
459 | | |
460 | | /* Set U into W and release U. If W is NULL only U will be released. */ |
461 | | void |
462 | | _gcry_mpi_snatch (gcry_mpi_t w, gcry_mpi_t u) |
463 | 0 | { |
464 | 0 | if (w) |
465 | 0 | { |
466 | 0 | if (mpi_is_immutable (w)) |
467 | 0 | { |
468 | 0 | mpi_immutable_failed (); |
469 | 0 | return; |
470 | 0 | } |
471 | 0 | _gcry_mpi_assign_limb_space (w, u->d, u->alloced); |
472 | 0 | w->nlimbs = u->nlimbs; |
473 | 0 | w->sign = u->sign; |
474 | 0 | w->flags = u->flags; |
475 | 0 | u->alloced = 0; |
476 | 0 | u->nlimbs = 0; |
477 | 0 | u->d = NULL; |
478 | 0 | } |
479 | 0 | _gcry_mpi_free (u); |
480 | 0 | } |
481 | | |
482 | | |
483 | | gcry_mpi_t |
484 | | _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u) |
485 | 0 | { |
486 | 0 | mpi_ptr_t wp, up; |
487 | 0 | mpi_size_t usize = u->nlimbs; |
488 | 0 | int usign = u->sign; |
489 | |
|
490 | 0 | if (!w) |
491 | 0 | w = _gcry_mpi_alloc( mpi_get_nlimbs(u) ); |
492 | 0 | if (mpi_is_immutable (w)) |
493 | 0 | { |
494 | 0 | mpi_immutable_failed (); |
495 | 0 | return w; |
496 | 0 | } |
497 | 0 | RESIZE_IF_NEEDED(w, usize); |
498 | 0 | wp = w->d; |
499 | 0 | up = u->d; |
500 | 0 | MPN_COPY( wp, up, usize ); |
501 | 0 | w->nlimbs = usize; |
502 | 0 | w->flags = u->flags; |
503 | 0 | w->flags &= ~(16|32); /* Reset the immutable and constant flags. */ |
504 | 0 | w->sign = usign; |
505 | 0 | return w; |
506 | 0 | } |
507 | | |
508 | | /**************** |
509 | | * Set the value of W by the one of U, when SET is 1. |
510 | | * Leave the value when SET is 0. |
511 | | * This implementation should be constant-time regardless of SET. |
512 | | */ |
513 | | gcry_mpi_t |
514 | | _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set) |
515 | 0 | { |
516 | 0 | mpi_size_t i; |
517 | 0 | mpi_size_t nlimbs = u->alloced; |
518 | 0 | mpi_limb_t mask1 = vzero - set; |
519 | 0 | mpi_limb_t mask2 = set - vone; |
520 | 0 | mpi_limb_t xu; |
521 | 0 | mpi_limb_t xw; |
522 | 0 | mpi_limb_t *uu = u->d; |
523 | 0 | mpi_limb_t *uw = w->d; |
524 | |
|
525 | 0 | if (w->alloced != u->alloced) |
526 | 0 | log_bug ("mpi_set_cond: different sizes\n"); |
527 | | |
528 | 0 | for (i = 0; i < nlimbs; i++) |
529 | 0 | { |
530 | 0 | xu = uu[i]; |
531 | 0 | xw = uw[i]; |
532 | 0 | uw[i] = (xw & mask2) | (xu & mask1); |
533 | 0 | } |
534 | |
|
535 | 0 | xu = u->nlimbs; |
536 | 0 | xw = w->nlimbs; |
537 | 0 | w->nlimbs = (xw & mask2) | (xu & mask1); |
538 | |
|
539 | 0 | xu = u->sign; |
540 | 0 | xw = w->sign; |
541 | 0 | w->sign = (xw & mask2) | (xu & mask1); |
542 | 0 | return w; |
543 | 0 | } |
544 | | |
545 | | |
546 | | gcry_mpi_t |
547 | | _gcry_mpi_set_ui (gcry_mpi_t w, unsigned long u) |
548 | 0 | { |
549 | 0 | if (!w) |
550 | 0 | w = _gcry_mpi_alloc (1); |
551 | | /* FIXME: If U is 0 we have no need to resize and thus possible |
552 | | allocating the the limbs. */ |
553 | 0 | if (mpi_is_immutable (w)) |
554 | 0 | { |
555 | 0 | mpi_immutable_failed (); |
556 | 0 | return w; |
557 | 0 | } |
558 | 0 | RESIZE_IF_NEEDED(w, 1); |
559 | 0 | w->d[0] = u; |
560 | 0 | w->nlimbs = u? 1:0; |
561 | 0 | w->sign = 0; |
562 | 0 | w->flags = 0; |
563 | 0 | return w; |
564 | 0 | } |
565 | | |
566 | | /* If U is non-negative and small enough store it as an unsigned int |
567 | | * at W. If the value does not fit into an unsigned int or is |
568 | | * negative return GPG_ERR_ERANGE. Note that we return an unsigned |
569 | | * int so that the value can be used with the bit test functions; in |
570 | | * contrast the other _ui functions take an unsigned long so that on |
571 | | * some platforms they may accept a larger value. On error the value |
572 | | * at W is not changed. */ |
573 | | gcry_err_code_t |
574 | | _gcry_mpi_get_ui (unsigned int *w, gcry_mpi_t u) |
575 | 0 | { |
576 | 0 | mpi_limb_t x; |
577 | |
|
578 | 0 | if (u->nlimbs > 1 || u->sign) |
579 | 0 | return GPG_ERR_ERANGE; |
580 | | |
581 | 0 | x = (u->nlimbs == 1) ? u->d[0] : 0; |
582 | 0 | if (sizeof (x) > sizeof (unsigned int) && x > MY_UINT_MAX) |
583 | 0 | return GPG_ERR_ERANGE; |
584 | | |
585 | 0 | *w = x; |
586 | 0 | return 0; |
587 | 0 | } |
588 | | |
589 | | |
590 | | gcry_mpi_t |
591 | | _gcry_mpi_alloc_set_ui( unsigned long u) |
592 | 6 | { |
593 | 6 | gcry_mpi_t w = mpi_alloc(1); |
594 | 6 | w->d[0] = u; |
595 | 6 | w->nlimbs = u? 1:0; |
596 | 6 | w->sign = 0; |
597 | 6 | return w; |
598 | 6 | } |
599 | | |
600 | | void |
601 | | _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b) |
602 | 0 | { |
603 | 0 | struct gcry_mpi tmp; |
604 | |
|
605 | 0 | tmp = *a; *a = *b; *b = tmp; |
606 | 0 | } |
607 | | |
608 | | |
609 | | /**************** |
610 | | * Swap the value of A and B, when SWAP is 1. |
611 | | * Leave the value when SWAP is 0. |
612 | | * This implementation should be constant-time regardless of SWAP. |
613 | | */ |
614 | | void |
615 | | _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap) |
616 | 0 | { |
617 | 0 | mpi_size_t i; |
618 | 0 | mpi_size_t nlimbs; |
619 | 0 | mpi_limb_t mask1 = vzero - swap; |
620 | 0 | mpi_limb_t mask2 = swap - vone; |
621 | 0 | mpi_limb_t *ua = a->d; |
622 | 0 | mpi_limb_t *ub = b->d; |
623 | 0 | mpi_limb_t xa; |
624 | 0 | mpi_limb_t xb; |
625 | |
|
626 | 0 | if (a->alloced > b->alloced) |
627 | 0 | nlimbs = b->alloced; |
628 | 0 | else |
629 | 0 | nlimbs = a->alloced; |
630 | 0 | if (a->nlimbs > nlimbs || b->nlimbs > nlimbs) |
631 | 0 | log_bug ("mpi_swap_cond: different sizes\n"); |
632 | | |
633 | 0 | for (i = 0; i < nlimbs; i++) |
634 | 0 | { |
635 | 0 | xa = ua[i]; |
636 | 0 | xb = ub[i]; |
637 | 0 | ua[i] = (xa & mask2) | (xb & mask1); |
638 | 0 | ub[i] = (xa & mask1) | (xb & mask2); |
639 | 0 | } |
640 | |
|
641 | 0 | xa = a->nlimbs; |
642 | 0 | xb = b->nlimbs; |
643 | 0 | a->nlimbs = (xa & mask2) | (xb & mask1); |
644 | 0 | b->nlimbs = (xa & mask1) | (xb & mask2); |
645 | |
|
646 | 0 | xa = a->sign; |
647 | 0 | xb = b->sign; |
648 | 0 | a->sign = (xa & mask2) | (xb & mask1); |
649 | 0 | b->sign = (xa & mask1) | (xb & mask2); |
650 | 0 | } |
651 | | |
652 | | |
653 | | /**************** |
654 | | * Set bit N of A, when SET is 1. |
655 | | * This implementation should be constant-time regardless of SET. |
656 | | */ |
657 | | void |
658 | | _gcry_mpi_set_bit_cond (gcry_mpi_t a, unsigned int n, unsigned long set) |
659 | 0 | { |
660 | 0 | unsigned int limbno, bitno; |
661 | 0 | mpi_limb_t set_the_bit = !!set; |
662 | |
|
663 | 0 | limbno = n / BITS_PER_MPI_LIMB; |
664 | 0 | bitno = n % BITS_PER_MPI_LIMB; |
665 | |
|
666 | 0 | a->d[limbno] |= (set_the_bit<<bitno); |
667 | 0 | } |
668 | | |
669 | | |
670 | | gcry_mpi_t |
671 | | _gcry_mpi_new (unsigned int nbits) |
672 | 0 | { |
673 | 0 | return _gcry_mpi_alloc ( (nbits+BITS_PER_MPI_LIMB-1) |
674 | 0 | / BITS_PER_MPI_LIMB ); |
675 | 0 | } |
676 | | |
677 | | |
678 | | gcry_mpi_t |
679 | | _gcry_mpi_snew (unsigned int nbits) |
680 | 0 | { |
681 | 0 | return _gcry_mpi_alloc_secure ( (nbits+BITS_PER_MPI_LIMB-1) |
682 | 0 | / BITS_PER_MPI_LIMB ); |
683 | 0 | } |
684 | | |
685 | | void |
686 | | _gcry_mpi_release( gcry_mpi_t a ) |
687 | 7.41M | { |
688 | 7.41M | _gcry_mpi_free( a ); |
689 | 7.41M | } |
690 | | |
691 | | void |
692 | | _gcry_mpi_randomize (gcry_mpi_t w, |
693 | | unsigned int nbits, enum gcry_random_level level) |
694 | 0 | { |
695 | 0 | unsigned char *p; |
696 | 0 | size_t nbytes = (nbits+7)/8; |
697 | |
|
698 | 0 | if (mpi_is_immutable (w)) |
699 | 0 | { |
700 | 0 | mpi_immutable_failed (); |
701 | 0 | return; |
702 | 0 | } |
703 | 0 | if (level == GCRY_WEAK_RANDOM) |
704 | 0 | { |
705 | 0 | p = mpi_is_secure(w) ? xmalloc_secure (nbytes) |
706 | 0 | : xmalloc (nbytes); |
707 | 0 | _gcry_create_nonce (p, nbytes); |
708 | 0 | } |
709 | 0 | else |
710 | 0 | { |
711 | 0 | p = mpi_is_secure(w) ? _gcry_random_bytes_secure (nbytes, level) |
712 | 0 | : _gcry_random_bytes (nbytes, level); |
713 | 0 | } |
714 | 0 | _gcry_mpi_set_buffer( w, p, nbytes, 0 ); |
715 | 0 | xfree (p); |
716 | 0 | } |
717 | | |
718 | | |
719 | | void |
720 | | _gcry_mpi_set_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) |
721 | 20.1k | { |
722 | 20.1k | switch (flag) |
723 | 20.1k | { |
724 | 0 | case GCRYMPI_FLAG_SECURE: mpi_set_secure(a); break; |
725 | 0 | case GCRYMPI_FLAG_CONST: a->flags |= (16|32); break; |
726 | 0 | case GCRYMPI_FLAG_IMMUTABLE: a->flags |= 16; break; |
727 | | |
728 | 6.89k | case GCRYMPI_FLAG_USER1: |
729 | 20.1k | case GCRYMPI_FLAG_USER2: |
730 | 20.1k | case GCRYMPI_FLAG_USER3: |
731 | 20.1k | case GCRYMPI_FLAG_USER4: a->flags |= flag; break; |
732 | | |
733 | 0 | case GCRYMPI_FLAG_OPAQUE: |
734 | 0 | default: log_bug("invalid flag value\n"); |
735 | 20.1k | } |
736 | 20.1k | } |
737 | | |
738 | | void |
739 | | _gcry_mpi_clear_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) |
740 | 0 | { |
741 | 0 | (void)a; /* Not yet used. */ |
742 | |
|
743 | 0 | switch (flag) |
744 | 0 | { |
745 | 0 | case GCRYMPI_FLAG_IMMUTABLE: |
746 | 0 | if (!(a->flags & 32)) |
747 | 0 | a->flags &= ~16; |
748 | 0 | break; |
749 | | |
750 | 0 | case GCRYMPI_FLAG_USER1: |
751 | 0 | case GCRYMPI_FLAG_USER2: |
752 | 0 | case GCRYMPI_FLAG_USER3: |
753 | 0 | case GCRYMPI_FLAG_USER4: |
754 | 0 | a->flags &= ~flag; |
755 | 0 | break; |
756 | | |
757 | 0 | case GCRYMPI_FLAG_CONST: |
758 | 0 | case GCRYMPI_FLAG_SECURE: |
759 | 0 | case GCRYMPI_FLAG_OPAQUE: |
760 | 0 | default: log_bug("invalid flag value\n"); |
761 | 0 | } |
762 | 0 | } |
763 | | |
764 | | int |
765 | | _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag) |
766 | 203k | { |
767 | 203k | switch (flag) |
768 | 203k | { |
769 | 0 | case GCRYMPI_FLAG_SECURE: return !!(a->flags & 1); |
770 | 178k | case GCRYMPI_FLAG_OPAQUE: return !!(a->flags & 4); |
771 | 0 | case GCRYMPI_FLAG_IMMUTABLE: return !!(a->flags & 16); |
772 | 0 | case GCRYMPI_FLAG_CONST: return !!(a->flags & 32); |
773 | 0 | case GCRYMPI_FLAG_USER1: |
774 | 24.5k | case GCRYMPI_FLAG_USER2: |
775 | 24.5k | case GCRYMPI_FLAG_USER3: |
776 | 24.5k | case GCRYMPI_FLAG_USER4: return !!(a->flags & flag); |
777 | 0 | default: log_bug("invalid flag value\n"); |
778 | 203k | } |
779 | | /*NOTREACHED*/ |
780 | 0 | return 0; |
781 | 203k | } |
782 | | |
783 | | |
784 | | /* Return a constant MPI descripbed by NO which is one of the |
785 | | MPI_C_xxx macros. There is no need to copy this returned value; it |
786 | | may be used directly. */ |
787 | | gcry_mpi_t |
788 | | _gcry_mpi_const (enum gcry_mpi_constants no) |
789 | 0 | { |
790 | 0 | if ((int)no < 0 || no > MPI_NUMBER_OF_CONSTANTS) |
791 | 0 | log_bug("invalid mpi_const selector %d\n", no); |
792 | 0 | if (!constants[no]) |
793 | 0 | log_bug("MPI subsystem not initialized\n"); |
794 | 0 | return constants[no]; |
795 | 0 | } |