summaryrefslogtreecommitdiff
path: root/chip
diff options
context:
space:
mode:
authornagendra modadugu <ngm@google.com>2016-07-14 02:59:05 -0700
committerchrome-bot <chrome-bot@chromium.org>2016-07-21 17:32:14 -0700
commit5de5f2fded79fa22aebc106866ed43c1d1a01ac9 (patch)
treeede8b990a1ff6af5372f9a380754248a8995b321 /chip
parent3e98dec612af459ef0c457c206e55dbe11b5ecbe (diff)
downloadchrome-ec-5de5f2fded79fa22aebc106866ed43c1d1a01ac9.tar.gz
CR50: rename struct BIGNUM -> struct LITE_BIGNUM
The name BIGNUM collides with a namesake struct in openssl. It would be convenient to write test code that compares results between openssl and dcrypto, hence this rename. Also rename some #defines that conflict with openssl names. CQ-DEPEND=CL:*270476 BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524,chrome-os-partner:50115 TEST=build succeeds Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/360346 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit a15b495497728a6b212bd87e92f6ba5ba463f985) Change-Id: Ic53ce805cfcc591c68fbc1ef90ff2f92cec973a6 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/362112 Reviewed-by: Nagendra Modadugu <ngm@google.com>
Diffstat (limited to 'chip')
-rw-r--r--chip/g/dcrypto/bn.c122
-rw-r--r--chip/g/dcrypto/dcrypto.h19
-rw-r--r--chip/g/dcrypto/internal.h37
-rw-r--r--chip/g/dcrypto/rsa.c47
4 files changed, 115 insertions, 110 deletions
diff --git a/chip/g/dcrypto/bn.c b/chip/g/dcrypto/bn.c
index ae76cb0858..26a8533839 100644
--- a/chip/g/dcrypto/bn.c
+++ b/chip/g/dcrypto/bn.c
@@ -16,21 +16,21 @@ extern void watchdog_reload(void);
static inline void watchdog_reload(void) { }
#endif
-void bn_init(struct BIGNUM *b, void *buf, size_t len)
+void bn_init(struct LITE_BIGNUM *b, void *buf, size_t len)
{
DCRYPTO_bn_wrap(b, buf, len);
dcrypto_memset(buf, 0x00, len);
}
-void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len)
+void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len)
{
/* Only word-multiple sized buffers accepted. */
assert((len & 0x3) == 0);
- b->dmax = len / BN_BYTES;
+ b->dmax = len / LITE_BN_BYTES;
b->d = (struct access_helper *) buf;
}
-static int bn_eq(const struct BIGNUM *a, const struct BIGNUM *b)
+static int bn_eq(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b)
{
int i;
uint32_t top = 0;
@@ -52,42 +52,42 @@ static int bn_eq(const struct BIGNUM *a, const struct BIGNUM *b)
return 1;
}
-static void bn_copy(struct BIGNUM *dst, const struct BIGNUM *src)
+static void bn_copy(struct LITE_BIGNUM *dst, const struct LITE_BIGNUM *src)
{
dst->dmax = src->dmax;
memcpy(dst->d, src->d, bn_size(dst));
}
-int bn_check_topbit(const struct BIGNUM *N)
+int bn_check_topbit(const struct LITE_BIGNUM *N)
{
return BN_DIGIT(N, N->dmax - 1) >> 31;
}
/* a[n]. */
-int bn_is_bit_set(const struct BIGNUM *a, int n)
+int bn_is_bit_set(const struct LITE_BIGNUM *a, int n)
{
int i, j;
if (n < 0)
return 0;
- i = n / BN_BITS2;
- j = n % BN_BITS2;
+ i = n / LITE_BN_BITS2;
+ j = n % LITE_BN_BITS2;
if (a->dmax <= i)
return 0;
return (BN_DIGIT(a, i) >> j) & 1;
}
-static int bn_set_bit(const struct BIGNUM *a, int n)
+static int bn_set_bit(const struct LITE_BIGNUM *a, int n)
{
int i, j;
if (n < 0)
return 0;
- i = n / BN_BITS2;
- j = n % BN_BITS2;
+ i = n / LITE_BN_BITS2;
+ j = n % LITE_BN_BITS2;
if (a->dmax <= i)
return 0;
@@ -97,7 +97,7 @@ static int bn_set_bit(const struct BIGNUM *a, int n)
/* a[] >= b[]. */
/* TODO(ngm): constant time. */
-static int bn_gte(const struct BIGNUM *a, const struct BIGNUM *b)
+static int bn_gte(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b)
{
int i;
uint32_t top = 0;
@@ -119,7 +119,7 @@ static int bn_gte(const struct BIGNUM *a, const struct BIGNUM *b)
}
/* c[] = c[] - a[], assumes c > a. */
-uint32_t bn_sub(struct BIGNUM *c, const struct BIGNUM *a)
+uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
{
int64_t A = 0;
int i;
@@ -141,8 +141,8 @@ uint32_t bn_sub(struct BIGNUM *c, const struct BIGNUM *a)
/* c[] = c[] - a[], negative numbers in 2's complement representation. */
/* Returns borrow bit. */
-static uint32_t bn_signed_sub(struct BIGNUM *c, int *c_neg,
- const struct BIGNUM *a, int a_neg)
+static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg,
+ const struct LITE_BIGNUM *a, int a_neg)
{
uint32_t carry = 0;
uint64_t A = 1;
@@ -167,7 +167,7 @@ static uint32_t bn_signed_sub(struct BIGNUM *c, int *c_neg,
}
/* c[] = c[] + a[]. */
-uint32_t bn_add(struct BIGNUM *c, const struct BIGNUM *a)
+uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a)
{
uint64_t A = 0;
int i;
@@ -189,8 +189,8 @@ uint32_t bn_add(struct BIGNUM *c, const struct BIGNUM *a)
/* c[] = c[] + a[], negative numbers in 2's complement representation. */
/* Returns carry bit. */
-static uint32_t bn_signed_add(struct BIGNUM *c, int *c_neg,
- const struct BIGNUM *a, int a_neg)
+static uint32_t bn_signed_add(struct LITE_BIGNUM *c, int *c_neg,
+ const struct LITE_BIGNUM *a, int a_neg)
{
uint32_t A = bn_add(c, a);
uint32_t carry;
@@ -201,7 +201,7 @@ static uint32_t bn_signed_add(struct BIGNUM *c, int *c_neg,
}
/* r[] <<= 1. */
-static uint32_t bn_lshift(struct BIGNUM *r)
+static uint32_t bn_lshift(struct LITE_BIGNUM *r)
{
int i;
uint32_t w;
@@ -216,7 +216,7 @@ static uint32_t bn_lshift(struct BIGNUM *r)
}
/* r[] >>= 1. Handles 2's complement negative numbers. */
-static void bn_rshift(struct BIGNUM *r, uint32_t carry, uint32_t neg)
+static void bn_rshift(struct LITE_BIGNUM *r, uint32_t carry, uint32_t neg)
{
int i;
uint32_t ones = ~0;
@@ -227,12 +227,12 @@ static void bn_rshift(struct BIGNUM *r, uint32_t carry, uint32_t neg)
ones &= BN_DIGIT(r, i);
accu = (BN_DIGIT(r, i) >> 1);
- accu |= (BN_DIGIT(r, i + 1) << (BN_BITS2 - 1));
+ accu |= (BN_DIGIT(r, i + 1) << (LITE_BN_BITS2 - 1));
BN_DIGIT(r, i) = accu;
}
ones &= BN_DIGIT(r, i);
BN_DIGIT(r, i) = (BN_DIGIT(r, i) >> 1) |
- (highbit << (BN_BITS2 - 1));
+ (highbit << (LITE_BN_BITS2 - 1));
if (ones == ~0 && highbit && neg)
memset(r->d, 0x00, bn_size(r)); /* -1 >> 1 = 0. */
@@ -240,9 +240,9 @@ static void bn_rshift(struct BIGNUM *r, uint32_t carry, uint32_t neg)
/* Montgomery c[] += a * b[] / R % N. */
/* TODO(ngm): constant time. */
-static void bn_mont_mul_add(struct BIGNUM *c, const uint32_t a,
- const struct BIGNUM *b, const uint32_t nprime,
- const struct BIGNUM *N)
+static void bn_mont_mul_add(struct LITE_BIGNUM *c, const uint32_t a,
+ const struct LITE_BIGNUM *b, const uint32_t nprime,
+ const struct LITE_BIGNUM *N)
{
uint32_t A, B, d0;
int i;
@@ -280,9 +280,9 @@ static void bn_mont_mul_add(struct BIGNUM *c, const uint32_t a,
}
/* Montgomery c[] = a[] * b[] / R % N. */
-static void bn_mont_mul(struct BIGNUM *c, const struct BIGNUM *a,
- const struct BIGNUM *b, const uint32_t nprime,
- const struct BIGNUM *N)
+static void bn_mont_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+ const struct LITE_BIGNUM *b, const uint32_t nprime,
+ const struct LITE_BIGNUM *N)
{
int i;
@@ -296,14 +296,14 @@ static void bn_mont_mul(struct BIGNUM *c, const struct BIGNUM *a,
/* Mongomery R * R % N, R = 1 << (1 + log2N). */
/* TODO(ngm): constant time. */
-static void bn_compute_RR(struct BIGNUM *RR, const struct BIGNUM *N)
+static void bn_compute_RR(struct LITE_BIGNUM *RR, const struct LITE_BIGNUM *N)
{
int i;
bn_sub(RR, N); /* R - N = R % N since R < 2N */
/* Repeat 2 * R % N, log2(R) times. */
- for (i = 0; i < N->dmax * BN_BITS2; i++) {
+ for (i = 0; i < N->dmax * LITE_BN_BITS2; i++) {
if (bn_lshift(RR))
assert(bn_sub(RR, N) == -1);
if (bn_gte(RR, N))
@@ -327,8 +327,8 @@ static uint32_t bn_compute_nprime(const uint32_t n0)
/* Montgomery output = input ^ exp % N. */
/* TODO(ngm): this implementation not timing or side-channel safe by
* any measure. */
-void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
- const struct BIGNUM *exp, const struct BIGNUM *N)
+void bn_mont_modexp(struct LITE_BIGNUM *output, const struct LITE_BIGNUM *input,
+ const struct LITE_BIGNUM *exp, const struct LITE_BIGNUM *N)
{
int i;
uint32_t nprime;
@@ -336,9 +336,9 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
uint32_t acc_buf[RSA_MAX_WORDS];
uint32_t aR_buf[RSA_MAX_WORDS];
- struct BIGNUM RR;
- struct BIGNUM acc;
- struct BIGNUM aR;
+ struct LITE_BIGNUM RR;
+ struct LITE_BIGNUM acc;
+ struct LITE_BIGNUM aR;
#ifndef CR50_NO_BN_ASM
if (bn_bits(N) == 2048 || bn_bits(N) == 1024) {
@@ -362,12 +362,12 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
bn_mont_mul(&aR, input, &RR, nprime, N); /* aR = a * RR / R % N */
/* TODO(ngm): burn stack space and use windowing. */
- for (i = exp->dmax * BN_BITS2 - 1; i >= 0; i--) {
+ for (i = exp->dmax * LITE_BN_BITS2 - 1; i >= 0; i--) {
bn_mont_mul(output, &acc, &acc, nprime, N);
if (bn_is_bit_set(exp, i)) {
bn_mont_mul(&acc, output, &aR, nprime, N);
} else {
- struct BIGNUM tmp = *output;
+ struct LITE_BIGNUM tmp = *output;
*output = acc;
acc = tmp;
@@ -397,8 +397,8 @@ void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
}
/* c[] += a * b[] */
-static uint32_t bn_mul_add(struct BIGNUM *c, uint32_t a,
- const struct BIGNUM *b, uint32_t offset)
+static uint32_t bn_mul_add(struct LITE_BIGNUM *c, uint32_t a,
+ const struct LITE_BIGNUM *b, uint32_t offset)
{
int i;
uint64_t carry = 0;
@@ -414,8 +414,8 @@ static uint32_t bn_mul_add(struct BIGNUM *c, uint32_t a,
}
/* c[] = a[] * b[] */
-void DCRYPTO_bn_mul(struct BIGNUM *c, const struct BIGNUM *a,
- const struct BIGNUM *b)
+void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+ const struct LITE_BIGNUM *b)
{
int i;
uint32_t carry = 0;
@@ -432,7 +432,7 @@ void DCRYPTO_bn_mul(struct BIGNUM *c, const struct BIGNUM *a,
#define bn_is_even(b) !bn_is_bit_set((b), 0)
#define bn_is_odd(b) bn_is_bit_set((b), 0)
-static int bn_is_zero(const struct BIGNUM *a)
+static int bn_is_zero(const struct LITE_BIGNUM *a)
{
int i, result = 0;
@@ -445,8 +445,8 @@ static int bn_is_zero(const struct BIGNUM *a)
/* TODO(ngm): this method is used in place of division to calculate
* q = N/p, i.e. q = p^-1 mod (N-1). The buffer e may be
* resized to uint32_t once division is implemented. */
-int bn_modinv_vartime(struct BIGNUM *d, const struct BIGNUM *e,
- const struct BIGNUM *MOD)
+int bn_modinv_vartime(struct LITE_BIGNUM *d, const struct LITE_BIGNUM *e,
+ const struct LITE_BIGNUM *MOD)
{
/* Buffers for B, D, and U must be as large as e. */
uint32_t A_buf[RSA_MAX_WORDS];
@@ -463,12 +463,12 @@ int bn_modinv_vartime(struct BIGNUM *d, const struct BIGNUM *e,
int carry2;
int i = 0;
- struct BIGNUM A;
- struct BIGNUM B;
- struct BIGNUM C;
- struct BIGNUM D;
- struct BIGNUM U;
- struct BIGNUM V;
+ struct LITE_BIGNUM A;
+ struct LITE_BIGNUM B;
+ struct LITE_BIGNUM C;
+ struct LITE_BIGNUM D;
+ struct LITE_BIGNUM U;
+ struct LITE_BIGNUM V;
if (bn_size(e) > sizeof(U_buf))
return 0;
@@ -813,7 +813,7 @@ const uint8_t PRIME_DELTAS[NUM_PRIMES] = {
5, 3, 4, 5, 1, 9, 8, 4, 6, 9, 6, 3, 6, 5, 3, 3
};
-static uint32_t bn_mod_word16(const struct BIGNUM *p, uint16_t word)
+static uint32_t bn_mod_word16(const struct LITE_BIGNUM *p, uint16_t word)
{
int i;
uint32_t rem = 0;
@@ -836,7 +836,7 @@ static uint32_t bn_mod_word16(const struct BIGNUM *p, uint16_t word)
#define ROUNDS_384 22
/* Miller-Rabin from HAC, algorithm 4.24. */
-static int bn_probable_prime(const struct BIGNUM *p)
+static int bn_probable_prime(const struct LITE_BIGNUM *p)
{
int j;
int s = 0;
@@ -847,11 +847,11 @@ static int bn_probable_prime(const struct BIGNUM *p)
uint8_t A_buf[RSA_MAX_BYTES / 2];
uint8_t y_buf[RSA_MAX_BYTES / 2];
- struct BIGNUM ONE;
- struct BIGNUM TWO;
- struct BIGNUM r;
- struct BIGNUM A;
- struct BIGNUM y;
+ struct LITE_BIGNUM ONE;
+ struct LITE_BIGNUM TWO;
+ struct LITE_BIGNUM r;
+ struct LITE_BIGNUM A;
+ struct LITE_BIGNUM y;
const int rounds = bn_bits(p) >= 1024 ? ROUNDS_1024 :
bn_bits(p) >= 512 ? ROUNDS_512 :
@@ -922,7 +922,7 @@ static int bn_probable_prime(const struct BIGNUM *p)
return 1;
}
-int DCRYPTO_bn_generate_prime(struct BIGNUM *p)
+int DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p)
{
int i;
int j;
@@ -930,7 +930,7 @@ int DCRYPTO_bn_generate_prime(struct BIGNUM *p)
* of ~0.5% @ 1024-bit candidates. The failure rate rises to ~6%
* if the sieve size is halved. */
uint8_t composites_buf[256];
- struct BIGNUM composites;
+ struct LITE_BIGNUM composites;
uint16_t prime = PRIME1;
/* Set top two bits, as well as LSB. */
@@ -958,7 +958,7 @@ int DCRYPTO_bn_generate_prime(struct BIGNUM *p)
j = 0;
for (i = 0; i < bn_bits(&composites); i++) {
uint32_t diff_buf;
- struct BIGNUM diff;
+ struct LITE_BIGNUM diff;
if (bn_is_bit_set(&composites, i))
continue;
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h
index 3f6b752d85..aaa4b9d0cf 100644
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@@ -73,7 +73,7 @@ const uint8_t *DCRYPTO_HMAC_final(LITE_HMAC_CTX *ctx);
/*
* BIGNUM utility methods.
*/
-void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len);
+void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len);
/*
* RSA.
@@ -86,8 +86,8 @@ void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len);
struct RSA {
uint32_t e;
- struct BIGNUM N;
- struct BIGNUM d;
+ struct LITE_BIGNUM N;
+ struct LITE_BIGNUM d;
};
enum padding_mode {
@@ -123,8 +123,9 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
enum hashing_mode hashing);
/* Calculate n = p * q, d = e ^ -1 mod phi. */
-int DCRYPTO_rsa_key_compute(struct BIGNUM *N, struct BIGNUM *d,
- struct BIGNUM *p, struct BIGNUM *q, uint32_t e);
+int DCRYPTO_rsa_key_compute(struct LITE_BIGNUM *N, struct LITE_BIGNUM *d,
+ struct LITE_BIGNUM *p, struct LITE_BIGNUM *q,
+ uint32_t e);
/*
* EC.
@@ -164,10 +165,10 @@ int DCRYPTO_hkdf(uint8_t *OKM, size_t OKM_len,
/*
* BN.
*/
-int DCRYPTO_bn_generate_prime(struct BIGNUM *p);
-void DCRYPTO_bn_wrap(struct BIGNUM *b, void *buf, size_t len);
-void DCRYPTO_bn_mul(struct BIGNUM *c, const struct BIGNUM *a,
- const struct BIGNUM *b);
+int DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p);
+void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len);
+void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+ const struct LITE_BIGNUM *b);
/*
* X509.
diff --git a/chip/g/dcrypto/internal.h b/chip/g/dcrypto/internal.h
index 67712fc68d..74fbf2be6e 100644
--- a/chip/g/dcrypto/internal.h
+++ b/chip/g/dcrypto/internal.h
@@ -56,31 +56,34 @@ void dcrypto_sha_wait(enum sha_mode mode, uint32_t *digest);
/*
* BIGNUM.
*/
-#define BN_BITS2 32
-#define BN_BYTES 4
+#define LITE_BN_BITS2 32
+#define LITE_BN_BYTES 4
-struct BIGNUM {
+struct LITE_BIGNUM {
uint32_t dmax; /* Size of d, in 32-bit words. */
struct access_helper *d; /* Word array, little endian format ... */
};
#define BN_DIGIT(b, i) ((b)->d[(i)].udata)
-void bn_init(struct BIGNUM *bn, void *buf, size_t len);
-#define bn_size(b) ((b)->dmax * BN_BYTES)
+void bn_init(struct LITE_BIGNUM *bn, void *buf, size_t len);
+#define bn_size(b) ((b)->dmax * LITE_BN_BYTES)
#define bn_words(b) ((b)->dmax)
-#define bn_bits(b) ((b)->dmax * BN_BITS2)
-int bn_check_topbit(const struct BIGNUM *N);
-void bn_mont_modexp(struct BIGNUM *output, const struct BIGNUM *input,
- const struct BIGNUM *exp, const struct BIGNUM *N);
-void bn_mont_modexp_asm(struct BIGNUM *output, const struct BIGNUM *input,
- const struct BIGNUM *exp, const struct BIGNUM *N);
-uint32_t bn_add(struct BIGNUM *c, const struct BIGNUM *a);
-uint32_t bn_sub(struct BIGNUM *c, const struct BIGNUM *a);
-void bn_mul(struct BIGNUM *c, const struct BIGNUM *a, const struct BIGNUM *b);
-int bn_modinv_vartime(struct BIGNUM *r, const struct BIGNUM *e,
- const struct BIGNUM *MOD);
-int bn_is_bit_set(const struct BIGNUM *a, int n);
+#define bn_bits(b) ((b)->dmax * LITE_BN_BITS2)
+int bn_check_topbit(const struct LITE_BIGNUM *N);
+void bn_mont_modexp(struct LITE_BIGNUM *output, const struct LITE_BIGNUM *input,
+ const struct LITE_BIGNUM *exp, const struct LITE_BIGNUM *N);
+void bn_mont_modexp_asm(struct LITE_BIGNUM *output,
+ const struct LITE_BIGNUM *input,
+ const struct LITE_BIGNUM *exp,
+ const struct LITE_BIGNUM *N);
+uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a);
+uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a);
+void bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a,
+ const struct LITE_BIGNUM *b);
+int bn_modinv_vartime(struct LITE_BIGNUM *r, const struct LITE_BIGNUM *e,
+ const struct LITE_BIGNUM *MOD);
+int bn_is_bit_set(const struct LITE_BIGNUM *a, int n);
/*
* Runtime.
diff --git a/chip/g/dcrypto/rsa.c b/chip/g/dcrypto/rsa.c
index eee3eeef02..e9a02be9d2 100644
--- a/chip/g/dcrypto/rsa.c
+++ b/chip/g/dcrypto/rsa.c
@@ -402,7 +402,7 @@ static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len,
return !bad;
}
-static int check_modulus_params(const struct BIGNUM *N, uint32_t *out_len)
+static int check_modulus_params(const struct LITE_BIGNUM *N, uint32_t *out_len)
{
if (bn_size(N) > RSA_MAX_BYTES)
return 0; /* Unsupported key size. */
@@ -420,11 +420,11 @@ int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
{
uint8_t *p;
uint32_t padded_buf[RSA_MAX_WORDS];
- uint32_t e_buf[BN_BYTES / sizeof(uint32_t)];
+ uint32_t e_buf[LITE_BN_BYTES / sizeof(uint32_t)];
- struct BIGNUM padded;
- struct BIGNUM e;
- struct BIGNUM encrypted;
+ struct LITE_BIGNUM padded;
+ struct LITE_BIGNUM e;
+ struct LITE_BIGNUM encrypted;
if (!check_modulus_params(&rsa->N, out_len))
return 0;
@@ -482,8 +482,8 @@ int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
uint32_t encrypted_buf[RSA_MAX_WORDS];
uint32_t padded_buf[RSA_MAX_WORDS];
- struct BIGNUM encrypted;
- struct BIGNUM padded;
+ struct LITE_BIGNUM encrypted;
+ struct LITE_BIGNUM padded;
int ret = 1;
if (!check_modulus_params(&rsa->N, NULL))
@@ -497,10 +497,10 @@ int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
bn_init(&padded, padded_buf, in_len);
/* Reverse from big-endian to little-endian notation. */
- reverse((uint8_t *) encrypted.d, encrypted.dmax * BN_BYTES);
+ reverse((uint8_t *) encrypted.d, encrypted.dmax * LITE_BN_BYTES);
bn_mont_modexp(&padded, &encrypted, &rsa->d, &rsa->N);
/* Back to big-endian notation. */
- reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES);
+ reverse((uint8_t *) padded.d, padded.dmax * LITE_BN_BYTES);
switch (padding) {
case PADDING_MODE_OAEP:
@@ -539,8 +539,8 @@ int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
{
uint32_t padded_buf[RSA_MAX_WORDS];
- struct BIGNUM padded;
- struct BIGNUM signature;
+ struct LITE_BIGNUM padded;
+ struct LITE_BIGNUM signature;
if (!check_modulus_params(&rsa->N, out_len))
return 0;
@@ -581,11 +581,11 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
{
uint32_t padded_buf[RSA_MAX_WORDS];
uint32_t signature_buf[RSA_MAX_WORDS];
- uint32_t e_buf[BN_BYTES / sizeof(uint32_t)];
+ uint32_t e_buf[LITE_BN_BYTES / sizeof(uint32_t)];
- struct BIGNUM padded;
- struct BIGNUM signature;
- struct BIGNUM e;
+ struct LITE_BIGNUM padded;
+ struct LITE_BIGNUM signature;
+ struct LITE_BIGNUM e;
int ret = 1;
if (!check_modulus_params(&rsa->N, NULL))
@@ -600,10 +600,10 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
BN_DIGIT(&e, 0) = rsa->e;
/* Reverse from big-endian to little-endian notation. */
- reverse((uint8_t *) signature.d, signature.dmax * BN_BYTES);
+ reverse((uint8_t *) signature.d, signature.dmax * LITE_BN_BYTES);
bn_mont_modexp(&padded, &signature, &e, &rsa->N);
/* Back to big-endian notation. */
- reverse((uint8_t *) padded.d, padded.dmax * BN_BYTES);
+ reverse((uint8_t *) padded.d, padded.dmax * LITE_BN_BYTES);
switch (padding) {
case PADDING_MODE_PKCS1:
@@ -629,17 +629,18 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
return ret;
}
-int DCRYPTO_rsa_key_compute(struct BIGNUM *N, struct BIGNUM *d,
- struct BIGNUM *p, struct BIGNUM *q, uint32_t e_buf)
+int DCRYPTO_rsa_key_compute(struct LITE_BIGNUM *N, struct LITE_BIGNUM *d,
+ struct LITE_BIGNUM *p, struct LITE_BIGNUM *q,
+ uint32_t e_buf)
{
uint32_t ONE_buf = 1;
uint32_t phi_buf[RSA_MAX_WORDS];
uint32_t q_buf[RSA_MAX_WORDS / 2];
- struct BIGNUM ONE;
- struct BIGNUM e;
- struct BIGNUM phi;
- struct BIGNUM q_local;
+ struct LITE_BIGNUM ONE;
+ struct LITE_BIGNUM e;
+ struct LITE_BIGNUM phi;
+ struct LITE_BIGNUM q_local;
DCRYPTO_bn_wrap(&ONE, &ONE_buf, sizeof(ONE_buf));
DCRYPTO_bn_wrap(&phi, phi_buf, bn_size(N));